Hello community,
here is the log from the commit of package squid for openSUSE:Factory checked in at 2019-01-03 18:08:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/squid (Old)
and /work/SRC/openSUSE:Factory/.squid.new.28833 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "squid"
Thu Jan 3 18:08:06 2019 rev:67 rq:662383 version:4.5
Changes:
--------
--- /work/SRC/openSUSE:Factory/squid/squid.changes 2018-12-04 20:57:49.032620863 +0100
+++ /work/SRC/openSUSE:Factory/.squid.new.28833/squid.changes 2019-01-03 18:08:11.476057035 +0100
@@ -1,0 +2,15 @@
+Wed Jan 02 05:45:03 UTC 2019 - sean@suspend.net
+
+- Update to squid 4.5:
+ + Squid crashes when ICAPS and a sslcrtvalidator used together (#328)
+ + ssl_bump prevents from accessing some web contents (#304)
+ + Docs: improved lexgrog compatibility (#340)
+ + Redesign forward_max_tries count TCP connection attempts
+ + Fix client_connection_mark ACL handling of clientless transactions
+ + Fix netdb exchange with a TLS cache peer
+ + Update netdb when tunneling requests
+ + Use pkg-config for detecting libxml2
+ + Misc doc updates
+ + Misc code compile fixes
+
+-------------------------------------------------------------------
Old:
----
squid-4.4.tar.xz
squid-4.4.tar.xz.asc
New:
----
squid-4.5.tar.xz
squid-4.5.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ squid.spec ++++++
--- /var/tmp/diff_new_pack.FyaNsr/_old 2019-01-03 18:08:12.040056534 +0100
+++ /var/tmp/diff_new_pack.FyaNsr/_new 2019-01-03 18:08:12.044056530 +0100
@@ -1,7 +1,7 @@
#
# spec file for package squid
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,14 +12,14 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define squidlibdir %{_libdir}/squid
%define squidconfdir %{_sysconfdir}/squid
Name: squid
-Version: 4.4
+Version: 4.5
Release: 0
Summary: Caching and forwarding HTTP web proxy
License: GPL-2.0-or-later
++++++ squid-4.4.tar.xz -> squid-4.5.tar.xz ++++++
++++ 3223 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/ChangeLog new/squid-4.5/ChangeLog
--- old/squid-4.4/ChangeLog 2018-10-27 22:44:55.000000000 +0200
+++ new/squid-4.5/ChangeLog 2019-01-01 01:02:15.000000000 +0100
@@ -1,12 +1,24 @@
-Changes to squid-4.3 (28 Oct 2018):
+Changes to squid-4.5 (01 Jan 2019):
- - Bug 4893: Malformed %>ru URIs for CONNECT requests
- - Fix %USER_CA_CERT_xx and %USER_CERT_xx crashes
- - SSL: support compilation with minimal OpenSSL
- - SSL: certificate fields injection via %D in ERR_SECURE_CONNECT_FAIL
- - Fix netdb not saving to disk
- - Fix memory leak when parsing SNMP packet
- - ... and some compile issues
+ - Bug 4253: ssl_bump prevents access to some web contents
+ - TLS: add %>handshake logformat code
+ - Redesign forward_max_tries to count TCP connection attempts
+ - Fix client_connection_mark ACL handling of clientless transactions
+ - Fix netdb exchange with a TLS cache_peer
+ - Update netdb when tunneling requests
+ - Use pkg-config for detecting libxml2
+ - ... and some documentation updates
+ - ... and some code compile fixes
+
+Changes to squid-4.4 (28 Oct 2018):
+
+ - Bug 4893: Malformed %>ru URIs for CONNECT requests
+ - Fix %USER_CA_CERT_xx and %USER_CERT_xx crashes
+ - SSL: support compilation with minimal OpenSSL
+ - SSL: certificate fields injection via %D in ERR_SECURE_CONNECT_FAIL
+ - Fix netdb not saving to disk
+ - Fix memory leak when parsing SNMP packet
+ - ... and some compile issues
Changes to squid-4.3 (01 Oct 2018):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/RELEASENOTES.html new/squid-4.5/RELEASENOTES.html
--- old/squid-4.4/RELEASENOTES.html 2018-10-27 22:56:40.000000000 +0200
+++ new/squid-4.5/RELEASENOTES.html 2019-01-01 01:42:00.000000000 +0100
@@ -2,10 +2,10 @@
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.73">
- <TITLE>Squid 4.4 release notes</TITLE>
+ <TITLE>Squid 4.5 release notes</TITLE>
</HEAD>
<BODY>
-<H1>Squid 4.4 release notes</H1>
+<H1>Squid 4.5 release notes</H1>
<H2>Squid Developers</H2>
<HR>
@@ -63,7 +63,7 @@
<HR>
<H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
-<P>The Squid Team are pleased to announce the release of Squid-4.4 for testing.</P>
+<P>The Squid Team are pleased to announce the release of Squid-4.5 for testing.</P>
<P>This new release is available for download from
<A HREF="http://www.squid-cache.org/Versions/v4/">http://www.squid-cache.org/Versions/v4/</A> or the
<A HREF="http://www.squid-cache.org/Download/http-mirrors.html">mirrors</A>.</P>
@@ -369,8 +369,8 @@
<DT><B>acl</B><DD>
<P>New <EM>-m</EM> flag for <EM>note</EM> ACL to match substrings.</P>
-<P>New <EM>clientside_mark</EM> type for matching Netfilter CONNMARK on
-the client TCP connection.</P>
+<P>New <EM>client_connection_mark</EM> type for matching Netfilter
+CONNMARK of the client TCP connection.</P>
<P>New <EM>connections_encrypted</EM> type for matching transactions
where all HTTP messages were received over TLS transport connections,
including messages received from ICAP servers.</P>
@@ -499,6 +499,8 @@
negotiated cipher of the client connection.</P>
<P>New code <EM>%ssl::<negotiated_cipher</EM> to display the
negotiated cipher of the last server or peer connection.</P>
+<P>New code <EM>%>handshake</EM> to display initial octets
+received on a client connection (Base64 encoded).</P>
<P>Fixed <EM>%<Hs</EM>, <EM>%<pt</EM> and <EM>%<tt</EM>
codes for received CONNECT errors.</P>
<P>Improved <EM>%<bs</EM> logging on forwarding retries.</P>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/configure.ac new/squid-4.5/configure.ac
--- old/squid-4.4/configure.ac 2018-10-27 22:45:15.000000000 +0200
+++ new/squid-4.5/configure.ac 2019-01-01 01:30:50.000000000 +0100
@@ -5,12 +5,12 @@
## Please see the COPYING and CONTRIBUTORS files for details.
##
-AC_INIT([Squid Web Proxy],[4.4],[http://bugs.squid-cache.org/],[squid])
+AC_INIT([Squid Web Proxy],[4.5],[http://bugs.squid-cache.org/],[squid])
AC_PREREQ(2.61)
AC_CONFIG_HEADERS([include/autoconf.h])
AC_CONFIG_AUX_DIR(cfgaux)
AC_CONFIG_SRCDIR([src/main.cc])
-AM_INIT_AUTOMAKE([tar-ustar nostdinc subdir-objects])
+AM_INIT_AUTOMAKE([tar-ustar nostdinc subdir-objects dist-xz])
AC_REVISION($Revision$)dnl
AC_PREFIX_DEFAULT(/usr/local/squid)
AM_MAINTAINER_MODE
@@ -922,41 +922,45 @@
AC_ARG_WITH(libxml2, AS_HELP_STRING([--without-libxml2],[Do not use libxml2 for ESI. Default: auto-detect]))
if test "x$squid_opt_use_esi" != "xno" -a "x$with_libxml2" != "xno" ; then
- AC_CHECK_LIB([xml2], [main], [XMLLIB="-lxml2"; HAVE_LIBXML2=1])
- dnl Find the main header and include path...
- AC_CACHE_CHECK([location of libxml2 include files], [ac_cv_libxml2_include], [
- AC_CHECK_HEADERS([libxml/parser.h], [], [
- AC_MSG_NOTICE([Testing in /usr/include/libxml2])
- SAVED_CPPFLAGS="$CPPFLAGS"
- CPPFLAGS="-I/usr/include/libxml2 $CPPFLAGS"
- unset ac_cv_header_libxml_parser_h
- AC_CHECK_HEADERS([libxml/parser.h], [ac_cv_libxml2_include="-I/usr/include/libxml2"], [
- AC_MSG_NOTICE([Testing in /usr/local/include/libxml2])
- CPPFLAGS="-I/usr/local/include/libxml2 $SAVED_CPPFLAGS"
+ SQUID_STATE_SAVE([squid_libxml2_save])
+ PKG_CHECK_MODULES([LIBXML2],[libxml-2.0],[],[
+ AC_CHECK_LIB([xml2], [main], [LIBXML2_LIBS="$LIBXML2_LIBS -lxml2"])
+ dnl Find the main header and include path...
+ AC_CACHE_CHECK([location of libxml2 include files], [ac_cv_libxml2_include], [
+ AC_CHECK_HEADERS([libxml/parser.h], [], [
+ AC_MSG_NOTICE([Testing in /usr/include/libxml2])
+ SAVED_CPPFLAGS="$CPPFLAGS"
+ CPPFLAGS="-I/usr/include/libxml2 $CPPFLAGS"
unset ac_cv_header_libxml_parser_h
- AC_CHECK_HEADERS([libxml/parser.h], [ac_cv_libxml2_include="-I/usr/local/include/libxml2"], [
- AC_MSG_NOTICE([Failed to find libxml2 header file libxml/parser.h])
+ AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I/usr/include/libxml2"], [
+ AC_MSG_NOTICE([Testing in /usr/local/include/libxml2])
+ CPPFLAGS="-I/usr/local/include/libxml2 $SAVED_CPPFLAGS"
+ unset ac_cv_header_libxml_parser_h
+ AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I/usr/local/include/libxml2"], [
+ AC_MSG_NOTICE([Failed to find libxml2 header file libxml/parser.h])
+ ])
])
+ CPPFLAGS="$SAVED_CPPFLAGS"
])
- CPPFLAGS="$SAVED_CPPFLAGS"
])
])
- if test "x$ac_cv_libxml2_include" != "x"; then
- SQUID_CXXFLAGS="$ac_cv_libxml2_include $SQUID_CXXFLAGS"
- CPPFLAGS="$ac_cv_libxml2_include $CPPFLAGS"
- fi
+ CPPFLAGS="$CPPFLAGS $LIBXML2_CFLAGS"
dnl Now that we know where to look find the headers...
AC_CHECK_HEADERS(libxml/parser.h libxml/HTMLparser.h libxml/HTMLtree.h)
- AC_DEFINE_UNQUOTED(HAVE_LIBXML2, $HAVE_LIBXML2, [Define to 1 if you have the libxml2 library])
- AS_IF(test "x$HAVE_LIBXML2" = "x1",[
+ SQUID_STATE_ROLLBACK([squid_libxml2_save])
+
+ if test "x$LIBXML2_LIBS" != "x"; then
+ HAVE_LIBXML2=1
squid_opt_use_esi=yes
- ],[
- AS_IF(test "x$with_libxml2" = "xyes",[
- AC_MSG_ERROR([Required library libxml2 not found.])
- ],[
- AC_MSG_NOTICE([Library libxml2 not found.])
- ])
- ])
+ SQUID_CXXFLAGS="$SQUID_CXXFLAGS $LIBXML2_CFLAGS"
+ CPPFLAGS="$CPPFLAGS $LIBXML2_CFLAGS"
+ XMLLIB="$LIBXML2_LIBS"
+ AC_DEFINE_UNQUOTED(HAVE_LIBXML2, $HAVE_LIBXML2, [Define to 1 if you have the libxml2 library])
+ elif test "x$with_libxml2" = "xyes"; then
+ AC_MSG_ERROR([Required library libxml2 not found])
+ else
+ AC_MSG_NOTICE([Library libxml2 not found.])
+ fi
fi
AS_IF([test "x$squid_opt_use_esi" = "xyes"],[
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/doc/release-notes/release-4.html new/squid-4.5/doc/release-notes/release-4.html
--- old/squid-4.4/doc/release-notes/release-4.html 2018-10-27 22:56:40.000000000 +0200
+++ new/squid-4.5/doc/release-notes/release-4.html 2019-01-01 01:42:00.000000000 +0100
@@ -2,10 +2,10 @@
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.73">
- <TITLE>Squid 4.4 release notes</TITLE>
+ <TITLE>Squid 4.5 release notes</TITLE>
</HEAD>
<BODY>
-<H1>Squid 4.4 release notes</H1>
+<H1>Squid 4.5 release notes</H1>
<H2>Squid Developers</H2>
<HR>
@@ -63,7 +63,7 @@
<HR>
<H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
-<P>The Squid Team are pleased to announce the release of Squid-4.4 for testing.</P>
+<P>The Squid Team are pleased to announce the release of Squid-4.5 for testing.</P>
<P>This new release is available for download from
<A HREF="http://www.squid-cache.org/Versions/v4/">http://www.squid-cache.org/Versions/v4/</A> or the
<A HREF="http://www.squid-cache.org/Download/http-mirrors.html">mirrors</A>.</P>
@@ -369,8 +369,8 @@
<DT><B>acl</B><DD>
<P>New <EM>-m</EM> flag for <EM>note</EM> ACL to match substrings.</P>
-<P>New <EM>clientside_mark</EM> type for matching Netfilter CONNMARK on
-the client TCP connection.</P>
+<P>New <EM>client_connection_mark</EM> type for matching Netfilter
+CONNMARK of the client TCP connection.</P>
<P>New <EM>connections_encrypted</EM> type for matching transactions
where all HTTP messages were received over TLS transport connections,
including messages received from ICAP servers.</P>
@@ -499,6 +499,8 @@
negotiated cipher of the client connection.</P>
<P>New code <EM>%ssl::<negotiated_cipher</EM> to display the
negotiated cipher of the last server or peer connection.</P>
+<P>New code <EM>%>handshake</EM> to display initial octets
+received on a client connection (Base64 encoded).</P>
<P>Fixed <EM>%<Hs</EM>, <EM>%<pt</EM> and <EM>%<tt</EM>
codes for received CONNECT errors.</P>
<P>Improved <EM>%<bs</EM> logging on forwarding retries.</P>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/include/version.h new/squid-4.5/include/version.h
--- old/squid-4.4/include/version.h 2018-10-27 22:45:15.000000000 +0200
+++ new/squid-4.5/include/version.h 2019-01-01 01:30:50.000000000 +0100
@@ -7,7 +7,7 @@
*/
#ifndef SQUID_RELEASE_TIME
-#define SQUID_RELEASE_TIME 1540673103
+#define SQUID_RELEASE_TIME 1546302637
#endif
/*
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/FwdState.cc new/squid-4.5/src/FwdState.cc
--- old/squid-4.4/src/FwdState.cc 2018-10-27 22:44:55.000000000 +0200
+++ new/squid-4.5/src/FwdState.cc 2019-01-01 01:02:15.000000000 +0100
@@ -587,7 +587,7 @@
if (!entry->isEmpty())
return false;
- if (n_tries > Config.forward_max_tries)
+ if (exhaustedTries())
return false;
if (!EnoughTimeToReForward(start_t))
@@ -921,6 +921,7 @@
Comm::ConnOpener *cs = new Comm::ConnOpener(serverDestinations[0], calls.connector, connTimeout);
if (host)
cs->setHost(host);
+ ++n_tries;
AsyncJob::Start(cs);
}
@@ -1072,7 +1073,7 @@
return 0;
}
- if (n_tries > Config.forward_max_tries)
+ if (exhaustedTries())
return 0;
if (request->bodyNibbled())
@@ -1222,6 +1223,12 @@
++ FwdReplyCodes[tries][status];
}
+bool
+FwdState::exhaustedTries() const
+{
+ return n_tries >= Config.forward_max_tries;
+}
+
/**** PRIVATE NON-MEMBER FUNCTIONS ********************************************/
/*
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/FwdState.h new/squid-4.5/src/FwdState.h
--- old/squid-4.4/src/FwdState.h 2018-10-27 22:44:55.000000000 +0200
+++ new/squid-4.5/src/FwdState.h 2019-01-01 01:02:15.000000000 +0100
@@ -127,6 +127,9 @@
void syncWithServerConn(const char *host);
void syncHierNote(const Comm::ConnectionPointer &server, const char *host);
+ /// whether we have used up all permitted forwarding attempts
+ bool exhaustedTries() const;
+
public:
StoreEntry *entry;
HttpRequest *request;
@@ -139,7 +142,7 @@
ErrorState *err;
Comm::ConnectionPointer clientConn; ///< a possibly open connection to the client.
time_t start_t;
- int n_tries;
+ int n_tries; ///< the number of forwarding attempts so far
// AsyncCalls which we set and may need cancelling.
struct {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/acl/ConnMark.cc new/squid-4.5/src/acl/ConnMark.cc
--- old/squid-4.4/src/acl/ConnMark.cc 2018-10-27 22:44:55.000000000 +0200
+++ new/squid-4.5/src/acl/ConnMark.cc 2019-01-01 01:02:15.000000000 +0100
@@ -74,15 +74,22 @@
Acl::ConnMark::match(ACLChecklist *cl)
{
const auto *checklist = Filled(cl);
- const auto connmark = checklist->conn()->clientConnection->nfmark;
+ const auto conn = checklist->conn();
- for (const auto &m : marks) {
- if ((connmark & m.second) == m.first) {
- debugs(28, 5, "found " << m << " matching " << asHex(connmark));
- return 1;
+ if (conn && conn->clientConnection) {
+ const auto connmark = conn->clientConnection->nfmark;
+
+ for (const auto &m : marks) {
+ if ((connmark & m.second) == m.first) {
+ debugs(28, 5, "found " << m << " matching " << asHex(connmark));
+ return 1;
+ }
+ debugs(28, 7, "skipped " << m << " mismatching " << asHex(connmark));
}
- debugs(28, 7, "skipped " << m << " mismatching " << asHex(connmark));
+ } else {
+ debugs(28, 7, "fails: no client connection");
}
+
return 0;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/acl/external/SQL_session/ext_sql_session_acl.8 new/squid-4.5/src/acl/external/SQL_session/ext_sql_session_acl.8
--- old/squid-4.4/src/acl/external/SQL_session/ext_sql_session_acl.8 2018-10-27 22:56:44.000000000 +0200
+++ new/squid-4.5/src/acl/external/SQL_session/ext_sql_session_acl.8 2019-01-01 01:42:04.000000000 +0100
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EXT_SQL_SESSION_ACL 8"
-.TH EXT_SQL_SESSION_ACL 8 "2018-10-27" "perl v5.26.2" "User Contributed Perl Documentation"
+.TH EXT_SQL_SESSION_ACL 8 "2019-01-01" "perl v5.28.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/acl/external/delayer/ext_delayer_acl.8 new/squid-4.5/src/acl/external/delayer/ext_delayer_acl.8
--- old/squid-4.4/src/acl/external/delayer/ext_delayer_acl.8 2018-10-27 22:56:43.000000000 +0200
+++ new/squid-4.5/src/acl/external/delayer/ext_delayer_acl.8 2019-01-01 01:42:04.000000000 +0100
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EXT_DELAYER_ACL 8"
-.TH EXT_DELAYER_ACL 8 "2018-10-27" "perl v5.26.2" "User Contributed Perl Documentation"
+.TH EXT_DELAYER_ACL 8 "2019-01-01" "perl v5.28.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 new/squid-4.5/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8
--- old/squid-4.4/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 2018-10-27 22:56:44.000000000 +0200
+++ new/squid-4.5/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 2019-01-01 01:42:04.000000000 +0100
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EXT_WBINFO_GROUP_ACL 8"
-.TH EXT_WBINFO_GROUP_ACL 8 "2018-10-27" "perl v5.26.2" "User Contributed Perl Documentation"
+.TH EXT_WBINFO_GROUP_ACL 8 "2019-01-01" "perl v5.28.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/adaptation/icap/Xaction.cc new/squid-4.5/src/adaptation/icap/Xaction.cc
--- old/squid-4.4/src/adaptation/icap/Xaction.cc 2018-10-27 22:44:55.000000000 +0200
+++ new/squid-4.5/src/adaptation/icap/Xaction.cc 2019-01-01 01:02:15.000000000 +0100
@@ -744,7 +744,7 @@
securer = NULL;
if (closer != NULL) {
- if (answer.conn != NULL)
+ if (Comm::IsConnOpen(answer.conn))
comm_remove_close_handler(answer.conn->fd, closer);
else
closer->cancel("securing completed");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/auth/basic/DB/basic_db_auth.8 new/squid-4.5/src/auth/basic/DB/basic_db_auth.8
--- old/squid-4.4/src/auth/basic/DB/basic_db_auth.8 2018-10-27 22:56:45.000000000 +0200
+++ new/squid-4.5/src/auth/basic/DB/basic_db_auth.8 2019-01-01 01:42:05.000000000 +0100
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BASIC_DB_AUTH 8"
-.TH BASIC_DB_AUTH 8 "2018-10-27" "perl v5.26.2" "User Contributed Perl Documentation"
+.TH BASIC_DB_AUTH 8 "2019-01-01" "perl v5.28.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/auth/basic/POP3/basic_pop3_auth.8 new/squid-4.5/src/auth/basic/POP3/basic_pop3_auth.8
--- old/squid-4.4/src/auth/basic/POP3/basic_pop3_auth.8 2018-10-27 22:56:45.000000000 +0200
+++ new/squid-4.5/src/auth/basic/POP3/basic_pop3_auth.8 2019-01-01 01:42:06.000000000 +0100
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BASIC_POP3_AUTH 8"
-.TH BASIC_POP3_AUTH 8 "2018-10-27" "perl v5.26.2" "User Contributed Perl Documentation"
+.TH BASIC_POP3_AUTH 8 "2019-01-01" "perl v5.28.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/base/File.cc new/squid-4.5/src/base/File.cc
--- old/squid-4.4/src/base/File.cc 2018-10-27 22:44:55.000000000 +0200
+++ new/squid-4.5/src/base/File.cc 2019-01-01 01:02:15.000000000 +0100
@@ -373,3 +373,4 @@
#if _SQUID_WINDOWS_
const HANDLE File::InvalidHandle = INVALID_HANDLE_VALUE;
#endif /* _SQUID_WINDOWS_ */
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/cf.data.pre new/squid-4.5/src/cf.data.pre
--- old/squid-4.4/src/cf.data.pre 2018-10-27 22:44:55.000000000 +0200
+++ new/squid-4.5/src/cf.data.pre 2019-01-01 01:02:15.000000000 +0100
@@ -3791,11 +3791,15 @@
TYPE: int
LOC: Config.forward_max_tries
DOC_START
- Controls how many different forward paths Squid will try
- before giving up. See also forward_timeout.
+ Limits the number of attempts to forward the request.
+
+ For the purpose of this limit, Squid counts all high-level request
+ forwarding attempts, including any same-destination retries after
+ certain persistent connection failures and any attempts to use a
+ different peer. However, low-level connection reopening attempts
+ (enabled using connect_retries) are not counted.
- NOTE: connect_retries (default: none) can make each of these
- possible forwarding paths be tried multiple times.
+ See also: forward_timeout and connect_retries.
DOC_END
COMMENT_START
@@ -4394,6 +4398,37 @@
handshake Raw client handshake
+ Initial client bytes received by Squid on a newly
+ accepted TCP connection or inside a just established
+ CONNECT tunnel. Squid stops accumulating handshake
+ bytes as soon as the handshake parser succeeds or
+ fails (determining whether the client is using the
+ expected protocol).
+
+ For HTTP clients, the handshake is the request line.
+ For TLS clients, the handshake consists of all TLS
+ records up to and including the TLS record that
+ contains the last byte of the first ClientHello
+ message. For clients using an unsupported protocol,
+ this field contains the bytes received by Squid at the
+ time of the handshake parsing failure.
+
+ See the on_unsupported_protocol directive for more
+ information on Squid handshake traffic expectations.
+
+ Current support is limited to these contexts:
+ - http_port connections, but only when the
+ on_unsupported_protocol directive is in use.
+ - https_port connections (and CONNECT tunnels) that
+ are subject to the ssl_bump peek or stare action.
+
+ To protect binary handshake data, this field is always
+ base64-encoded (RFC 4648 Section 4). If logformat
+ field encoding is configured, that encoding is applied
+ on top of base64. Otherwise, the computed base64 value
+ is recorded as is.
+
Time related format codes:
ts Seconds since epoch
@@ -9823,19 +9858,23 @@
DEFAULT: 0
DEFAULT_DOC: Do not retry failed connections.
DOC_START
- This sets the maximum number of connection attempts made for each
- TCP connection. The connect_retries attempts must all still
- complete within the connection timeout period.
-
- The default is not to re-try if the first connection attempt fails.
- The (not recommended) maximum is 10 tries.
-
- A warning message will be generated if it is set to a too-high
- value and the configured value will be over-ridden.
-
- Note: These re-tries are in addition to forward_max_tries
- which limit how many different addresses may be tried to find
- a useful server.
+ Limits the number of reopening attempts when establishing a single
+ TCP connection. All these attempts must still complete before the
+ applicable connection opening timeout expires.
+
+ By default and when connect_retries is set to zero, Squid does not
+ retry failed connection opening attempts.
+
+ The (not recommended) maximum is 10 tries. An attempt to configure a
+ higher value results in the value of 10 being used (with a warning).
+
+ Squid may open connections to retry various high-level forwarding
+ failures. For an outside observer, that activity may look like a
+ low-level connection reopening attempt, but those high-level retries
+ are governed by forward_max_tries instead.
+
+ See also: connect_timeout, forward_timeout, icap_connect_timeout,
+ ident_timeout, and forward_max_tries.
DOC_END
NAME: retry_on_error
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/client_side.cc new/squid-4.5/src/client_side.cc
--- old/squid-4.4/src/client_side.cc 2018-10-27 22:44:55.000000000 +0200
+++ new/squid-4.5/src/client_side.cc 2019-01-01 01:02:15.000000000 +0100
@@ -1081,20 +1081,18 @@
return NULL;
}
-static void
-prepareAcceleratedURL(ConnStateData * conn, ClientHttpRequest *http, const Http1::RequestParserPointer &hp)
+static char *
+prepareAcceleratedURL(ConnStateData * conn, const Http1::RequestParserPointer &hp)
{
int vhost = conn->port->vhost;
int vport = conn->port->vport;
static char ipbuf[MAX_IPSTRLEN];
- http->flags.accel = true;
-
/* BUG: Squid cannot deal with '*' URLs (RFC2616 5.1.2) */
static const SBuf cache_object("cache_object://");
if (hp->requestUri().startsWith(cache_object))
- return; /* already in good shape */
+ return nullptr; /* already in good shape */
// XXX: re-use proper URL parser for this
SBuf url = hp->requestUri(); // use full provided URI if we abort
@@ -1104,7 +1102,7 @@
break;
if (conn->port->vhost)
- return; /* already in good shape */
+ return nullptr; /* already in good shape */
// skip the URI scheme
static const CharacterSet uriScheme = CharacterSet("URI-scheme","+-.") + CharacterSet::ALPHA + CharacterSet::DIGIT;
@@ -1141,18 +1139,16 @@
#endif
if (vport < 0)
- vport = http->getConn()->clientConnection->local.port();
+ vport = conn->clientConnection->local.port();
- const bool switchedToHttps = conn->switchedToHttps();
- const bool tryHostHeader = vhost || switchedToHttps;
char *host = NULL;
- if (tryHostHeader && (host = hp->getHeaderField("Host"))) {
+ if (vhost && (host = hp->getHeaderField("Host"))) {
debugs(33, 5, "ACCEL VHOST REWRITE: vhost=" << host << " + vport=" << vport);
char thost[256];
if (vport > 0) {
thost[0] = '\0';
char *t = NULL;
- if (host[strlen(host)] != ']' && (t = strrchr(host,':')) != NULL) {
+ if (host[strlen(host) - 1] != ']' && (t = strrchr(host,':')) != nullptr) {
strncpy(thost, host, (t-host));
snprintf(thost+(t-host), sizeof(thost)-(t-host), ":%d", vport);
host = thost;
@@ -1161,67 +1157,116 @@
host = thost;
}
} // else nothing to alter port-wise.
- const int url_sz = hp->requestUri().length() + 32 + Config.appendDomainLen + strlen(host);
- http->uri = (char *)xcalloc(url_sz, 1);
const SBuf &scheme = AnyP::UriScheme(conn->transferProtocol.protocol).image();
- snprintf(http->uri, url_sz, SQUIDSBUFPH "://%s" SQUIDSBUFPH, SQUIDSBUFPRINT(scheme), host, SQUIDSBUFPRINT(url));
- debugs(33, 5, "ACCEL VHOST REWRITE: " << http->uri);
+ const int url_sz = scheme.length() + strlen(host) + url.length() + 32;
+ char *uri = static_cast(xcalloc(url_sz, 1));
+ snprintf(uri, url_sz, SQUIDSBUFPH "://%s" SQUIDSBUFPH, SQUIDSBUFPRINT(scheme), host, SQUIDSBUFPRINT(url));
+ debugs(33, 5, "ACCEL VHOST REWRITE: " << uri);
+ return uri;
} else if (conn->port->defaultsite /* && !vhost */) {
debugs(33, 5, "ACCEL DEFAULTSITE REWRITE: defaultsite=" << conn->port->defaultsite << " + vport=" << vport);
- const int url_sz = hp->requestUri().length() + 32 + Config.appendDomainLen +
- strlen(conn->port->defaultsite);
- http->uri = (char *)xcalloc(url_sz, 1);
char vportStr[32];
vportStr[0] = '\0';
if (vport > 0) {
snprintf(vportStr, sizeof(vportStr),":%d",vport);
}
const SBuf &scheme = AnyP::UriScheme(conn->transferProtocol.protocol).image();
- snprintf(http->uri, url_sz, SQUIDSBUFPH "://%s%s" SQUIDSBUFPH,
+ const int url_sz = scheme.length() + strlen(conn->port->defaultsite) + sizeof(vportStr) + url.length() + 32;
+ char *uri = static_cast(xcalloc(url_sz, 1));
+ snprintf(uri, url_sz, SQUIDSBUFPH "://%s%s" SQUIDSBUFPH,
SQUIDSBUFPRINT(scheme), conn->port->defaultsite, vportStr, SQUIDSBUFPRINT(url));
- debugs(33, 5, "ACCEL DEFAULTSITE REWRITE: " << http->uri);
+ debugs(33, 5, "ACCEL DEFAULTSITE REWRITE: " << uri);
+ return uri;
} else if (vport > 0 /* && (!vhost || no Host:) */) {
debugs(33, 5, "ACCEL VPORT REWRITE: *_port IP + vport=" << vport);
/* Put the local socket IP address as the hostname, with whatever vport we found */
- const int url_sz = hp->requestUri().length() + 32 + Config.appendDomainLen;
- http->uri = (char *)xcalloc(url_sz, 1);
- http->getConn()->clientConnection->local.toHostStr(ipbuf,MAX_IPSTRLEN);
+ conn->clientConnection->local.toHostStr(ipbuf,MAX_IPSTRLEN);
const SBuf &scheme = AnyP::UriScheme(conn->transferProtocol.protocol).image();
- snprintf(http->uri, url_sz, SQUIDSBUFPH "://%s:%d" SQUIDSBUFPH,
+ const int url_sz = scheme.length() + sizeof(ipbuf) + url.length() + 32;
+ char *uri = static_cast(xcalloc(url_sz, 1));
+ snprintf(uri, url_sz, SQUIDSBUFPH "://%s:%d" SQUIDSBUFPH,
SQUIDSBUFPRINT(scheme), ipbuf, vport, SQUIDSBUFPRINT(url));
- debugs(33, 5, "ACCEL VPORT REWRITE: " << http->uri);
+ debugs(33, 5, "ACCEL VPORT REWRITE: " << uri);
+ return uri;
}
+
+ return nullptr;
}
-static void
-prepareTransparentURL(ConnStateData * conn, ClientHttpRequest *http, const Http1::RequestParserPointer &hp)
+static char *
+buildUrlFromHost(ConnStateData * conn, const Http1::RequestParserPointer &hp)
{
- // TODO Must() on URI !empty when the parser supports throw. For now avoid assert().
- if (!hp->requestUri().isEmpty() && hp->requestUri()[0] != '/')
- return; /* already in good shape */
-
+ char *uri = nullptr;
/* BUG: Squid cannot deal with '*' URLs (RFC2616 5.1.2) */
-
if (const char *host = hp->getHeaderField("Host")) {
- const int url_sz = hp->requestUri().length() + 32 + Config.appendDomainLen +
- strlen(host);
- http->uri = (char *)xcalloc(url_sz, 1);
const SBuf &scheme = AnyP::UriScheme(conn->transferProtocol.protocol).image();
- snprintf(http->uri, url_sz, SQUIDSBUFPH "://%s" SQUIDSBUFPH,
- SQUIDSBUFPRINT(scheme), host, SQUIDSBUFPRINT(hp->requestUri()));
- debugs(33, 5, "TRANSPARENT HOST REWRITE: " << http->uri);
- } else {
+ const int url_sz = scheme.length() + strlen(host) + hp->requestUri().length() + 32;
+ uri = static_cast(xcalloc(url_sz, 1));
+ snprintf(uri, url_sz, SQUIDSBUFPH "://%s" SQUIDSBUFPH,
+ SQUIDSBUFPRINT(scheme),
+ host,
+ SQUIDSBUFPRINT(hp->requestUri()));
+ }
+ return uri;
+}
+
+char *
+ConnStateData::prepareTlsSwitchingURL(const Http1::RequestParserPointer &hp)
+{
+ Must(switchedToHttps());
+
+ if (!hp->requestUri().isEmpty() && hp->requestUri()[0] != '/')
+ return nullptr; /* already in good shape */
+
+ char *uri = buildUrlFromHost(this, hp);
+#if USE_OPENSSL
+ if (!uri) {
+ Must(tlsConnectPort);
+ Must(sslConnectHostOrIp.size());
+ SBuf useHost;
+ if (!tlsClientSni().isEmpty())
+ useHost = tlsClientSni();
+ else
+ useHost.assign(sslConnectHostOrIp.rawBuf(), sslConnectHostOrIp.size());
+
+ const SBuf &scheme = AnyP::UriScheme(transferProtocol.protocol).image();
+ const int url_sz = scheme.length() + useHost.length() + hp->requestUri().length() + 32;
+ uri = static_cast(xcalloc(url_sz, 1));
+ snprintf(uri, url_sz, SQUIDSBUFPH "://" SQUIDSBUFPH ":%d" SQUIDSBUFPH,
+ SQUIDSBUFPRINT(scheme),
+ SQUIDSBUFPRINT(useHost),
+ tlsConnectPort,
+ SQUIDSBUFPRINT(hp->requestUri()));
+ }
+#endif
+ if (uri)
+ debugs(33, 5, "TLS switching host rewrite: " << uri);
+ return uri;
+}
+
+static char *
+prepareTransparentURL(ConnStateData * conn, const Http1::RequestParserPointer &hp)
+{
+ // TODO Must() on URI !empty when the parser supports throw. For now avoid assert().
+ if (!hp->requestUri().isEmpty() && hp->requestUri()[0] != '/')
+ return nullptr; /* already in good shape */
+
+ char *uri = buildUrlFromHost(conn, hp);
+ if (!uri) {
/* Put the local socket IP address as the hostname. */
- const int url_sz = hp->requestUri().length() + 32 + Config.appendDomainLen;
- http->uri = (char *)xcalloc(url_sz, 1);
static char ipbuf[MAX_IPSTRLEN];
- http->getConn()->clientConnection->local.toHostStr(ipbuf,MAX_IPSTRLEN);
- const SBuf &scheme = AnyP::UriScheme(http->getConn()->transferProtocol.protocol).image();
- snprintf(http->uri, url_sz, SQUIDSBUFPH "://%s:%d" SQUIDSBUFPH,
+ conn->clientConnection->local.toHostStr(ipbuf,MAX_IPSTRLEN);
+ const SBuf &scheme = AnyP::UriScheme(conn->transferProtocol.protocol).image();
+ const int url_sz = sizeof(ipbuf) + hp->requestUri().length() + 32;
+ uri = static_cast(xcalloc(url_sz, 1));
+ snprintf(uri, url_sz, SQUIDSBUFPH "://%s:%d" SQUIDSBUFPH,
SQUIDSBUFPRINT(scheme),
- ipbuf, http->getConn()->clientConnection->local.port(), SQUIDSBUFPRINT(hp->requestUri()));
- debugs(33, 5, "TRANSPARENT REWRITE: " << http->uri);
+ ipbuf, conn->clientConnection->local.port(), SQUIDSBUFPRINT(hp->requestUri()));
}
+
+ if (uri)
+ debugs(33, 5, "TRANSPARENT REWRITE: " << uri);
+ return uri;
}
/** Parse an HTTP request
@@ -1341,9 +1386,11 @@
* - remote interception with PROXY protocol
* - remote reverse-proxy with PROXY protocol
*/
- if (csd->transparent()) {
+ if (csd->switchedToHttps()) {
+ http->uri = csd->prepareTlsSwitchingURL(hp);
+ } else if (csd->transparent()) {
/* intercept or transparent mode, properly working with no failures */
- prepareTransparentURL(csd, http, hp);
+ http->uri = prepareTransparentURL(csd, hp);
} else if (internalCheck(hp->requestUri())) { // NP: only matches relative-URI
/* internal URL mode */
@@ -1353,9 +1400,10 @@
// But have not parsed there yet!! flag for local-only handling.
http->flags.internal = true;
- } else if (csd->port->flags.accelSurrogate || csd->switchedToHttps()) {
+ } else if (csd->port->flags.accelSurrogate) {
/* accelerator mode */
- prepareAcceleratedURL(csd, http, hp);
+ http->uri = prepareAcceleratedURL(csd, hp);
+ http->flags.accel = true;
}
if (!http->uri) {
@@ -2315,6 +2363,7 @@
#if USE_OPENSSL
switchedToHttps_(false),
parsingTlsHandshake(false),
+ tlsConnectPort(0),
sslServerBump(NULL),
signAlgorithm(Ssl::algSignTrusted),
#endif
@@ -3050,6 +3099,7 @@
assert(!switchedToHttps_);
sslConnectHostOrIp = request->url.host();
+ tlsConnectPort = request->url.port();
resetSslCommonName(request->url.host());
// We are going to read new request
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/client_side.h new/squid-4.5/src/client_side.h
--- old/squid-4.4/src/client_side.h 2018-10-27 22:44:55.000000000 +0200
+++ new/squid-4.5/src/client_side.h 2019-01-01 01:02:15.000000000 +0100
@@ -274,6 +274,7 @@
#else
bool switchedToHttps() const { return false; }
#endif
+ char *prepareTlsSwitchingURL(const Http1::RequestParserPointer &hp);
/* clt_conn_tag=tag annotation access */
const SBuf &connectionTag() const { return connectionTag_; }
@@ -393,6 +394,7 @@
/// The SSL server host name appears in CONNECT request or the server ip address for the intercepted requests
String sslConnectHostOrIp; ///< The SSL server host name as passed in the CONNECT request
+ unsigned short tlsConnectPort; ///< The TLS server port number as passed in the CONNECT request
SBuf sslCommonName_; ///< CN name for SSL certificate generation
/// TLS client delivered SNI value. Empty string if none has been received.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/format/ByteCode.h new/squid-4.5/src/format/ByteCode.h
--- old/squid-4.4/src/format/ByteCode.h 2018-10-27 22:44:55.000000000 +0200
+++ new/squid-4.5/src/format/ByteCode.h 2019-01-01 01:02:15.000000000 +0100
@@ -46,6 +46,8 @@
LFT_CLIENT_LOCAL_TOS,
LFT_CLIENT_LOCAL_NFMARK,
+ LFT_CLIENT_HANDSHAKE,
+
/* client connection local squid.conf details */
LFT_LOCAL_LISTENING_IP,
LFT_LOCAL_LISTENING_PORT,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/format/Format.cc new/squid-4.5/src/format/Format.cc
--- old/squid-4.4/src/format/Format.cc 2018-10-27 22:44:55.000000000 +0200
+++ new/squid-4.5/src/format/Format.cc 2019-01-01 01:02:15.000000000 +0100
@@ -8,6 +8,7 @@
#include "squid.h"
#include "AccessLogEntry.h"
+#include "base64.h"
#include "client_side.h"
#include "comm/Connection.h"
#include "err_detail_type.h"
@@ -547,6 +548,24 @@
}
break;
+ case LFT_CLIENT_HANDSHAKE:
+ if (al->request && al->request->clientConnectionManager.valid()) {
+ const auto &handshake = al->request->clientConnectionManager->preservedClientData;
+ if (const auto rawLength = handshake.length()) {
+ // add 1 byte to optimize the c_str() conversion below
+ char *buf = sb.rawAppendStart(base64_encode_len(rawLength) + 1);
+
+ struct base64_encode_ctx ctx;
+ base64_encode_init(&ctx);
+ auto encLength = base64_encode_update(&ctx, buf, rawLength, reinterpret_cast(handshake.rawContent()));
+ encLength += base64_encode_final(&ctx, buf + encLength);
+
+ sb.rawAppendFinish(buf, encLength);
+ out = sb.c_str();
+ }
+ }
+ break;
+
case LFT_TIME_SECONDS_SINCE_EPOCH:
// some platforms store time in 32-bit, some 64-bit...
outoff = static_cast(current_time.tv_sec);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/format/Token.cc new/squid-4.5/src/format/Token.cc
--- old/squid-4.4/src/format/Token.cc 2018-10-27 22:44:55.000000000 +0200
+++ new/squid-4.5/src/format/Token.cc 2019-01-01 01:02:15.000000000 +0100
@@ -141,6 +141,7 @@
TokenTableEntry("nfmark", LFT_CLIENT_LOCAL_NFMARK),
TokenTableEntry("handshake", LFT_CLIENT_HANDSHAKE),
TokenTableEntry("err_code", LFT_SQUID_ERROR ),
TokenTableEntry("err_detail", LFT_SQUID_ERROR_DETAIL ),
TokenTableEntry("note", LFT_NOTE ),
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/http/url_rewriters/LFS/url_lfs_rewrite.8 new/squid-4.5/src/http/url_rewriters/LFS/url_lfs_rewrite.8
--- old/squid-4.4/src/http/url_rewriters/LFS/url_lfs_rewrite.8 2018-10-27 22:56:46.000000000 +0200
+++ new/squid-4.5/src/http/url_rewriters/LFS/url_lfs_rewrite.8 2019-01-01 01:42:07.000000000 +0100
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,13 +133,15 @@
.\" ========================================================================
.\"
.IX Title "URL_LFS_REWRITE 8"
-.TH URL_LFS_REWRITE 8 "2018-10-27" "perl v5.26.2" "User Contributed Perl Documentation"
+.TH URL_LFS_REWRITE 8 "2019-01-01" "perl v5.28.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
-url_lfs_rewrite
+.Vb 1
+\& url_lfs_rewrite \- a URL\-rewriter based on local file existence
+.Ve
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/http/url_rewriters/LFS/url_lfs_rewrite.pl.in new/squid-4.5/src/http/url_rewriters/LFS/url_lfs_rewrite.pl.in
--- old/squid-4.4/src/http/url_rewriters/LFS/url_lfs_rewrite.pl.in 2018-10-27 22:44:55.000000000 +0200
+++ new/squid-4.5/src/http/url_rewriters/LFS/url_lfs_rewrite.pl.in 2019-01-01 01:02:15.000000000 +0100
@@ -8,7 +8,7 @@
=head1 NAME
-B
+ url_lfs_rewrite - a URL-rewriter based on local file existence
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/icmp/net_db.cc new/squid-4.5/src/icmp/net_db.cc
--- old/squid-4.4/src/icmp/net_db.cc 2018-10-27 22:44:55.000000000 +0200
+++ new/squid-4.5/src/icmp/net_db.cc 2019-01-01 01:02:15.000000000 +0100
@@ -1282,7 +1282,7 @@
#if USE_ICMP
CachePeer *p = (CachePeer *)data;
static const SBuf netDB("netdb");
- char *uri = internalRemoteUri(p->host, p->http_port, "/squid-internal-dynamic/", netDB);
+ char *uri = internalRemoteUri(p->secure.encryptTransport, p->host, p->http_port, "/squid-internal-dynamic/", netDB);
debugs(38, 3, "Requesting '" << uri << "'");
const MasterXaction::Pointer mx = new MasterXaction(XactionInitiator::initIcmp);
HttpRequest *req = HttpRequest::FromUrl(uri, mx);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/internal.cc new/squid-4.5/src/internal.cc
--- old/squid-4.4/src/internal.cc 2018-10-27 22:44:55.000000000 +0200
+++ new/squid-4.5/src/internal.cc 2019-01-01 01:02:15.000000000 +0100
@@ -82,7 +82,7 @@
* makes internal url with a given host and port (remote internal url)
*/
char *
-internalRemoteUri(const char *host, unsigned short port, const char *dir, const SBuf &name)
+internalRemoteUri(bool encrypt, const char *host, unsigned short port, const char *dir, const SBuf &name)
{
static char lc_host[SQUIDHOSTNAMELEN];
assert(host && !name.isEmpty());
@@ -115,7 +115,7 @@
static MemBuf mb;
mb.reset();
- mb.appendf("http://" SQUIDSBUFPH, SQUIDSBUFPRINT(tmp.authority()));
+ mb.appendf("%s://" SQUIDSBUFPH, encrypt ? "https" : "http", SQUIDSBUFPRINT(tmp.authority()));
if (dir)
mb.append(dir, strlen(dir));
@@ -132,7 +132,10 @@
char *
internalLocalUri(const char *dir, const SBuf &name)
{
- return internalRemoteUri(getMyHostname(),
+ // XXX: getMy*() may return https_port info, but we force http URIs
+ // because we have not checked whether the callers can handle https.
+ const bool secure = false;
+ return internalRemoteUri(secure, getMyHostname(),
getMyPort(), dir, name);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/internal.h new/squid-4.5/src/internal.h
--- old/squid-4.4/src/internal.h 2018-10-27 22:44:55.000000000 +0200
+++ new/squid-4.5/src/internal.h 2019-01-01 01:02:15.000000000 +0100
@@ -24,7 +24,7 @@
bool internalCheck(const SBuf &urlPath);
bool internalStaticCheck(const SBuf &urlPath);
char *internalLocalUri(const char *dir, const SBuf &name);
-char *internalRemoteUri(const char *, unsigned short, const char *, const SBuf &);
+char *internalRemoteUri(bool, const char *, unsigned short, const char *, const SBuf &);
const char *internalHostname(void);
int internalHostnameIs(const char *);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/log/DB/log_db_daemon.8 new/squid-4.5/src/log/DB/log_db_daemon.8
--- old/squid-4.4/src/log/DB/log_db_daemon.8 2018-10-27 22:56:46.000000000 +0200
+++ new/squid-4.5/src/log/DB/log_db_daemon.8 2019-01-01 01:42:07.000000000 +0100
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "LOG_DB_DAEMON 8"
-.TH LOG_DB_DAEMON 8 "2018-10-27" "perl v5.26.2" "User Contributed Perl Documentation"
+.TH LOG_DB_DAEMON 8 "2019-01-01" "perl v5.28.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/peer_digest.cc new/squid-4.5/src/peer_digest.cc
--- old/squid-4.4/src/peer_digest.cc 2018-10-27 22:44:55.000000000 +0200
+++ new/squid-4.5/src/peer_digest.cc 2019-01-01 01:02:15.000000000 +0100
@@ -323,7 +323,7 @@
if (p->digest_url)
url = xstrdup(p->digest_url);
else
- url = xstrdup(internalRemoteUri(p->host, p->http_port, "/squid-internal-periodic/", SBuf(StoreDigestFileName)));
+ url = xstrdup(internalRemoteUri(p->secure.encryptTransport, p->host, p->http_port, "/squid-internal-periodic/", SBuf(StoreDigestFileName)));
debugs(72, 2, url);
const MasterXaction::Pointer mx = new MasterXaction(XactionInitiator::initCacheDigest);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/security/cert_validators/fake/security_fake_certverify.8 new/squid-4.5/src/security/cert_validators/fake/security_fake_certverify.8
--- old/squid-4.4/src/security/cert_validators/fake/security_fake_certverify.8 2018-10-27 22:56:46.000000000 +0200
+++ new/squid-4.5/src/security/cert_validators/fake/security_fake_certverify.8 2019-01-01 01:42:08.000000000 +0100
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SECURITY_FAKE_CERTVERIFY 8"
-.TH SECURITY_FAKE_CERTVERIFY 8 "2018-10-27" "perl v5.26.2" "User Contributed Perl Documentation"
+.TH SECURITY_FAKE_CERTVERIFY 8 "2019-01-01" "perl v5.28.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/store/id_rewriters/file/storeid_file_rewrite.8 new/squid-4.5/src/store/id_rewriters/file/storeid_file_rewrite.8
--- old/squid-4.4/src/store/id_rewriters/file/storeid_file_rewrite.8 2018-10-27 22:56:44.000000000 +0200
+++ new/squid-4.5/src/store/id_rewriters/file/storeid_file_rewrite.8 2019-01-01 01:42:05.000000000 +0100
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "STOREID_FILE_REWRITE 8"
-.TH STOREID_FILE_REWRITE 8 "2018-10-27" "perl v5.26.2" "User Contributed Perl Documentation"
+.TH STOREID_FILE_REWRITE 8 "2019-01-01" "perl v5.28.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/tunnel.cc new/squid-4.5/src/tunnel.cc
--- old/squid-4.4/src/tunnel.cc 2018-10-27 22:44:55.000000000 +0200
+++ new/squid-4.5/src/tunnel.cc 2019-01-01 01:02:15.000000000 +0100
@@ -28,6 +28,7 @@
#include "http.h"
#include "http/Stream.h"
#include "HttpRequest.h"
+#include "icmp/net_db.h"
#include "ip/QosConfig.h"
#include "LogTags.h"
#include "MemBuf.h"
@@ -1037,6 +1038,8 @@
tunnelState->server.setDelayId(DelayId());
#endif
+ netdbPingSite(tunnelState->request->url.host());
+
tunnelState->request->hier.resetPeerNotes(conn, tunnelState->getHost());
tunnelState->server.conn = conn;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/tools/helper-mux/helper-mux.8 new/squid-4.5/tools/helper-mux/helper-mux.8
--- old/squid-4.4/tools/helper-mux/helper-mux.8 2018-10-27 22:56:47.000000000 +0200
+++ new/squid-4.5/tools/helper-mux/helper-mux.8 2019-01-01 01:42:08.000000000 +0100
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "HELPER-MUX 8"
-.TH HELPER-MUX 8 "2018-10-27" "perl v5.26.2" "User Contributed Perl Documentation"
+.TH HELPER-MUX 8 "2019-01-01" "perl v5.28.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
++++++ squid-4.4.tar.xz.asc -> squid-4.5.tar.xz.asc ++++++
--- /work/SRC/openSUSE:Factory/squid/squid-4.4.tar.xz.asc 2018-10-31 13:15:40.687383154 +0100
+++ /work/SRC/openSUSE:Factory/.squid.new.28833/squid-4.5.tar.xz.asc 2019-01-03 18:08:11.204057276 +0100
@@ -1,25 +1,25 @@
-File: squid-4.4.tar.xz
-Date: Sat Oct 27 21:20:24 UTC 2018
-Size: 2436468
-MD5 : 892504ca9700e1f139a53f84098613bd
-SHA1: 0ab6b133f65866d825bf72cbbe8cef209768b2fa
+File: squid-4.5.tar.xz
+Date: Tue Jan 1 05:12:50 UTC 2019
+Size: 2437936
+MD5 : 8275da5846f9f2243ad2625e5aef2ee0
+SHA1: 1249cf60f1ea2a0cd145f66a790d1e9e48333c51
Key : CD6DBF8EF3B17D3E
B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E
keyring = http://www.squid-cache.org/pgp.asc
keyserver = pool.sks-keyservers.net
-----BEGIN PGP SIGNATURE-----
-iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAlvU1qAACgkQzW2/jvOx
-fT5Y3Q//R3/ZtDHal9H9c4VUB1fEzkk22JfgXTzRRUdzNkN+XxDkVGmM9R0E0Opo
-9E/lsE9PcLX1EBtBXbPfwLESzfMe4QJgqq1B4FocpJcdtfCQX6ADU4Qdfc+oo8Z1
-J/xCf8XrU3yUgXn3pMnQ9DT+IuPYe+Jte7Awm148mC15GMC49NBAYAd793XZ+L2t
-fVPCbVYA40AU3xVJkxlblh7O0E8UEQ7zQMxcXM2jJJ4jJOjqecOIoJt6lyPD59q3
-UjD0EmcjTj54BpaU8r++kAc2TkLyBvFV1vWQuQRNG5IAMEOF3H8OfujCXl3lX9fD
-Tvi9763f9LxdImLJttkzgTt20XAudlUmKOdpj6t1uF+7EmNJg/ChowyLsLzlLLST
-1mGNdcUdP9VhX2aoTXN/ctn8BTQ/cNIx2VY8kKWsXB+ymFcCJRBW1cBAr3R+UzuX
-KVlsDzlxP6Dp8EFvKN3sIbM/QtpstKgbTkxro7d9XBkeldsasd5uI2Yt5PSMIs+y
-VtscqCnwDjxAIW6FNqB96J4hcOYECdWHDL3s46wEDnQaiR0IdBAN5QHn1imzM5e1
-eHuwZimqBW6vE4rPnVpPIr1Gml5OlLl3te2jsbUVmBiOwDVlQLZJQGzI5UTazvnN
-eR3QeTW+ggSAdVc6GEApELARfKPRxywLQTOlAhEPn0xayy4ByME=
-=1eSQ
+iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAlwq9vIACgkQzW2/jvOx
+fT5u8hAAnXV/L+XDTZXjxIYimN/4zKPVwG0lEbAg6uXQ0z/7+tH3G8kQ+DAXtxlz
+my5MnJ0GvI98RhuIIR34wces/KLMYtcH8wTj5YzNRxLZu929eIm5IyV02Ve83FNd
+uuU4Tea0H2qCPUKZrsdQX7fn9ZlVeSvu7/pRNmM1/V+Txnn0Jut+Xk1KxkTHtwr5
+5UjGm+sP9/ISpttosY5FcYEdIrOB9PlqLI6umt9L+mdAOnnhIN2YgXX167PzSZqv
+O+3VRUKGEFXi31krvWE+gL46tnHpV75A9Ccy52yNKCkdfVbRelJijnk7WYj/32GC
+jWOzkjJh235CoIwiVt0xQshnrVs3EbiEWgu2XLBbGmWAyc4eJerPxwR8MQR6hnWf
+tGB+RyzQ+7rGBTCupKuk1k75tHOqPxcPN6N2Pw+l+A34yAyu721Bnt76AqQVYPQH
+wKwK5BGQF5t1llW8I5C7CAO5Kn/mtF5ZbkhjTsqy+BvqVPAeMVbCCgGro694vWKG
+YOX2MqXwVaA/LE+Y8cWRYIVfyl3ABpP98JZU9HAzC9D+AIwLFUI6EaVrwcKfDU1j
+GRSBJsG6N0Z/MvdQdlU3xqAWvyKI+HRLKxRP+9DK2DkRX8RVsODhZ2txsjpCxh3t
+mYICqcuahPuPSUvR6m+wfLDsniQ93Fdzzv6YC34f/9LPdnj4DrM=
+=aK8J
-----END PGP SIGNATURE-----