Hello community, here is the log from the commit of package squid for openSUSE:Factory checked in at 2013-05-13 15:37:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/squid (Old) and /work/SRC/openSUSE:Factory/.squid.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "squid" Changes: -------- --- /work/SRC/openSUSE:Factory/squid/squid.changes 2013-03-25 20:45:39.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.squid.new/squid.changes 2013-05-13 15:37:19.000000000 +0200 @@ -1,0 +2,17 @@ +Tue Apr 30 11:42:06 UTC 2013 - [email protected] + +- Changes for squid 3.2.11 release (29 April 2013) + - Fix enter_suid/leave_suid build errors in ip/Intercept.cc + - GNU Hurd: define MAP_NORESERVE as no-op when missing + - Bug #3833: Option '-k' is not present in squidclient man page + - Bug #3817: Memory leak in SSL cert validate for alt_name peer certs + - Bug #3822: Locate LDAP and SASL headers in /usr/local/include for BSD support + - Bug #3825: basic_ncsa_auth segfaulting with glibc-2.17 + - Bug #3774: -k reconfigure drops rock + - Bug #3565: Resuming postponed accept kills Squid + - HTTP/1.1: partial support for no-cache and private controls with parameters + - ssl_crtd: helpers dying during startup on ARM + - Updated copyright for icons/SN.png squid-3.2-11813.patch + - Revert r11810 - tools.h does not exist in 3.2 squid-3.2-11812.patch + +------------------------------------------------------------------- Old: ---- squid-3.2.9.tar.bz2 squid-3.2.9.tar.bz2.asc New: ---- squid-3.2.11.tar.bz2 squid-3.2.11.tar.bz2.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ squid.spec ++++++ --- /var/tmp/diff_new_pack.jcpf2d/_old 2013-05-13 15:37:21.000000000 +0200 +++ /var/tmp/diff_new_pack.jcpf2d/_new 2013-05-13 15:37:21.000000000 +0200 @@ -23,7 +23,7 @@ Summary: Squid Version 3.2 WWW Proxy Server License: GPL-2.0+ Group: Productivity/Networking/Web/Proxy -Version: 3.2.9 +Version: 3.2.11 Release: 0 Url: http://www.squid-cache.org/Versions/v3/3.2 Source0: http://www.squid-cache.org/Versions/v3/3.2/%{name}-%{version}.tar.bz2 @@ -43,9 +43,12 @@ # don't change the names for easier identification # # please read every file if there is interest about what the patch changes -# or just visit: http://www.squid-cache.org/Versions/v3/3.0/changesets/ +# or just visit: http://www.squid-cache.org/Versions/v3/3.2/changesets/ # # +# Upstream patch +# Patch0: + # do not show some rpmlint warnings Source99: rpmlintrc # some useful defaults for squid @@ -138,8 +141,7 @@ %setup -q -n %{name}-%{version} cp %{S:10} . # upstream patches after RELEASE -#patch0 -#patch1 +# ##### other patches %patch100 perl -p -i -e 's|/usr/local/bin/perl|/usr/bin/perl|' `find -name "*.pl"` ++++++ squid-3.2.9.tar.bz2 -> squid-3.2.11.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/CREDITS new/squid-3.2.11/CREDITS --- old/squid-3.2.9/CREDITS 2013-03-12 11:15:58.000000000 +0100 +++ new/squid-3.2.11/CREDITS 2013-04-30 06:47:06.000000000 +0200 @@ -531,9 +531,8 @@ Squid NOW icon - copyright Squid Project This work is licensed under the - Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported Liscence - (CC BY-NC-SA 3.0) - [ http://creativecommons.org/licenses/by-nc-sa/3.0/ ] + Creative Commons Attribution-ShareAlike 3.0 Unported Liscence (CC BY-SA 3.0) + [ http://creativecommons.org/licenses/by-sa/3.0/ ] ============================================================================== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/ChangeLog new/squid-3.2.11/ChangeLog --- old/squid-3.2.9/ChangeLog 2013-03-12 11:15:58.000000000 +0100 +++ new/squid-3.2.11/ChangeLog 2013-04-30 06:47:06.000000000 +0200 @@ -1,3 +1,22 @@ + +Changes to squid-3.2.11 (30 Apr 2013): + + - Regression Bug 3839: build error: src/tools.h: No such file or directory + - Update copyright on SN.png + +Changes to squid-3.2.10 (27 Apr 2013): + + - Bug 3833: squidclient: Option '-k' is not present in man(1) page + - Bug 3825: basic_ncsa_auth: segfaulting with glibc-2.17 + - Bug 3822: Locate LDAP and SASL headers for BSD support + - Bug 3817: Memory leak in SSL cert validate for alt_name peer certs + - Bug 3774: 'squid -k reconfigure' drops rock cache + - Bug 3565: Resuming postponed accept kills Squid + - HTTP/1.1: partial support for no-cache and private controls with parameters + - ssl_crtd: fix helpers dying during startup on ARM + - GNU Hurd: define MAP_NORESERVE as no-op when missing + - BSD: fix enter_suid/leave_suid build errors in ip/Intercept.cc + Changes to squid-3.2.9 (12 Mar 2013): - Regression fix: Accept-Language header parse diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/RELEASENOTES.html new/squid-3.2.11/RELEASENOTES.html --- old/squid-3.2.9/RELEASENOTES.html 2013-03-12 11:47:23.000000000 +0100 +++ new/squid-3.2.11/RELEASENOTES.html 2013-04-30 07:08:31.000000000 +0200 @@ -2,10 +2,10 @@ <HTML> <HEAD> <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.66"> - <TITLE>Squid 3.2.9 release notes</TITLE> + <TITLE>Squid 3.2.11 release notes</TITLE> </HEAD> <BODY> -<H1>Squid 3.2.9 release notes</H1> +<H1>Squid 3.2.11 release notes</H1> <H2>Squid Developers</H2> <HR> @@ -72,7 +72,7 @@ <HR> <H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2> -<P>The Squid Team are pleased to announce the release of Squid-3.2.9.</P> +<P>The Squid Team are pleased to announce the release of Squid-3.2.11.</P> <P>This new release is available for download from <A HREF="http://www.squid-cache.org/Versions/v3/3.2/";>http://www.squid-cache.org/Versions/v3/3.2/</A> or the <A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html";>mirrors</A>.</P> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/configure new/squid-3.2.11/configure --- old/squid-3.2.9/configure 2013-03-12 11:17:19.000000000 +0100 +++ new/squid-3.2.11/configure 2013-04-30 06:47:59.000000000 +0200 @@ -1,7 +1,7 @@ #! /bin/sh # From configure.ac Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.2.9. +# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.2.11. # # Report bugs to <http://bugs.squid-cache.org/>. # @@ -575,8 +575,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='3.2.9' -PACKAGE_STRING='Squid Web Proxy 3.2.9' +PACKAGE_VERSION='3.2.11' +PACKAGE_STRING='Squid Web Proxy 3.2.11' PACKAGE_BUGREPORT='http://bugs.squid-cache.org/' PACKAGE_URL='' @@ -1571,7 +1571,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 3.2.9 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 3.2.11 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1641,7 +1641,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 3.2.9:";; + short | recursive ) echo "Configuration of Squid Web Proxy 3.2.11:";; esac cat <<\_ACEOF @@ -2019,7 +2019,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 3.2.9 +Squid Web Proxy configure 3.2.11 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -3115,7 +3115,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 3.2.9, which was +It was created by Squid Web Proxy $as_me 3.2.11, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -3934,7 +3934,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='3.2.9' + VERSION='3.2.11' cat >>confdefs.h <<_ACEOF @@ -30894,7 +30894,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 3.2.9, which was +This file was extended by Squid Web Proxy $as_me 3.2.11, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -30960,7 +30960,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Squid Web Proxy config.status 3.2.9 +Squid Web Proxy config.status 3.2.11 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/configure.ac new/squid-3.2.11/configure.ac --- old/squid-3.2.9/configure.ac 2013-03-12 11:17:18.000000000 +0100 +++ new/squid-3.2.11/configure.ac 2013-04-30 06:47:59.000000000 +0200 @@ -1,4 +1,4 @@ -AC_INIT([Squid Web Proxy],[3.2.9],[http://bugs.squid-cache.org/],[squid]) +AC_INIT([Squid Web Proxy],[3.2.11],[http://bugs.squid-cache.org/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/helpers/basic_auth/DB/basic_db_auth.8 new/squid-3.2.11/helpers/basic_auth/DB/basic_db_auth.8 --- old/squid-3.2.9/helpers/basic_auth/DB/basic_db_auth.8 2013-03-12 11:46:22.000000000 +0100 +++ new/squid-3.2.11/helpers/basic_auth/DB/basic_db_auth.8 2013-04-30 07:08:15.000000000 +0200 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_DB_AUTH 1" -.TH BASIC_DB_AUTH 1 "2013-03-12" "perl v5.10.1" "User Contributed Perl Documentation" +.TH BASIC_DB_AUTH 1 "2013-04-29" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/helpers/basic_auth/LDAP/config.test new/squid-3.2.11/helpers/basic_auth/LDAP/config.test --- old/squid-3.2.9/helpers/basic_auth/LDAP/config.test 2013-03-12 11:15:58.000000000 +0100 +++ new/squid-3.2.11/helpers/basic_auth/LDAP/config.test 2013-04-30 06:47:06.000000000 +0200 @@ -1,5 +1,5 @@ #!/bin/sh -if [ -f /usr/include/ldap.h ]; then +if [ -f /usr/include/ldap.h -o -f /usr/local/include/ldap.h ]; then exit 0 fi if [ -f /usr/include/winldap.h ]; then diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/helpers/basic_auth/NCSA/basic_ncsa_auth.cc new/squid-3.2.11/helpers/basic_auth/NCSA/basic_ncsa_auth.cc --- old/squid-3.2.9/helpers/basic_auth/NCSA/basic_ncsa_auth.cc 2013-03-12 11:15:58.000000000 +0100 +++ new/squid-3.2.11/helpers/basic_auth/NCSA/basic_ncsa_auth.cc 2013-04-30 06:47:06.000000000 +0200 @@ -144,19 +144,20 @@ rfc1738_unescape(user); rfc1738_unescape(passwd); u = (user_data *) hash_lookup(hash, user); + char *crypted = NULL; if (u == NULL) { SEND_ERR("No such user"); #if HAVE_CRYPT - } else if (strlen(passwd) <= 8 && strcmp(u->passwd, (char *) crypt(passwd, u->passwd)) == 0) { + } else if (strlen(passwd) <= 8 && (crypted = crypt(passwd, u->passwd)) && (strcmp(u->passwd, crypted) == 0)) { // Bug 3107: crypt() DES functionality silently truncates long passwords. SEND_OK(""); - } else if (strlen(passwd) > 8 && strcmp(u->passwd, (char *) crypt(passwd, u->passwd)) == 0) { + } else if (strlen(passwd) > 8 && (crypted = crypt(passwd, u->passwd)) && (strcmp(u->passwd, crypted) == 0)) { // Bug 3107: crypt() DES functionality silently truncates long passwords. SEND_ERR("Password too long. Only 8 characters accepted."); #endif - } else if (strcmp(u->passwd, (char *) crypt_md5(passwd, u->passwd)) == 0) { + } else if ( (crypted = crypt_md5(passwd, u->passwd)) && strcmp(u->passwd, crypted) == 0) { SEND_OK(""); - } else if (strcmp(u->passwd, (char *) md5sum(passwd)) == 0) { + } else if ( (crypted = md5sum(passwd)) && strcmp(u->passwd, crypted) == 0) { SEND_OK(""); } else { SEND_ERR("Wrong password"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/helpers/basic_auth/SASL/config.test new/squid-3.2.11/helpers/basic_auth/SASL/config.test --- old/squid-3.2.9/helpers/basic_auth/SASL/config.test 2013-03-12 11:15:58.000000000 +0100 +++ new/squid-3.2.11/helpers/basic_auth/SASL/config.test 2013-04-30 06:47:06.000000000 +0200 @@ -1,8 +1,8 @@ #!/bin/sh -if [ -f /usr/include/sasl.h ]; then +if [ -f /usr/include/sasl.h -o -f /usr/local/include/sasl.h ]; then exit 0 fi -if [ -f /usr/include/sasl/sasl.h ]; then +if [ -f /usr/include/sasl/sasl.h -o -f /usr/local/include/sasl/sasl.h ]; then exit 0 fi exit 1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/helpers/digest_auth/LDAP/config.test new/squid-3.2.11/helpers/digest_auth/LDAP/config.test --- old/squid-3.2.9/helpers/digest_auth/LDAP/config.test 2013-03-12 11:15:58.000000000 +0100 +++ new/squid-3.2.11/helpers/digest_auth/LDAP/config.test 2013-04-30 06:47:06.000000000 +0200 @@ -1,5 +1,5 @@ #!/bin/sh -if [ -f /usr/include/ldap.h ]; then +if [ -f /usr/include/ldap.h -o -f /usr/local/include/ldap.h ]; then exit 0 fi if [ -f /usr/include/winldap.h ]; then diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/helpers/digest_auth/eDirectory/config.test new/squid-3.2.11/helpers/digest_auth/eDirectory/config.test --- old/squid-3.2.9/helpers/digest_auth/eDirectory/config.test 2013-03-12 11:15:58.000000000 +0100 +++ new/squid-3.2.11/helpers/digest_auth/eDirectory/config.test 2013-04-30 06:47:06.000000000 +0200 @@ -1,5 +1,5 @@ #!/bin/sh -if [ -f /usr/include/ldap.h ]; then +if [ -f /usr/include/ldap.h -o -f /usr/local/include/ldap.h ]; then exit 0 fi if [ -f /usr/include/winldap.h ]; then diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/helpers/external_acl/LDAP_group/config.test new/squid-3.2.11/helpers/external_acl/LDAP_group/config.test --- old/squid-3.2.9/helpers/external_acl/LDAP_group/config.test 2013-03-12 11:15:58.000000000 +0100 +++ new/squid-3.2.11/helpers/external_acl/LDAP_group/config.test 2013-04-30 06:47:06.000000000 +0200 @@ -1,5 +1,5 @@ #!/bin/sh -if [ -f /usr/include/ldap.h ]; then +if [ -f /usr/include/ldap.h -o -f /usr/local/include/ldap.h ]; then exit 0 fi if [ -f /usr/include/winldap.h ]; then diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/helpers/external_acl/eDirectory_userip/config.test new/squid-3.2.11/helpers/external_acl/eDirectory_userip/config.test --- old/squid-3.2.9/helpers/external_acl/eDirectory_userip/config.test 2013-03-12 11:15:58.000000000 +0100 +++ new/squid-3.2.11/helpers/external_acl/eDirectory_userip/config.test 2013-04-30 06:47:06.000000000 +0200 @@ -1,6 +1,6 @@ #!/bin/sh -if [ -f /usr/include/ldap.h ]; then +if [ -f /usr/include/ldap.h -o -f /usr/local/include/ldap.h ]; then exit 0 fi if [ -f /usr/include/winldap.h ]; then diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 new/squid-3.2.11/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 --- old/squid-3.2.9/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2013-03-12 11:46:35.000000000 +0100 +++ new/squid-3.2.11/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2013-04-30 07:08:19.000000000 +0200 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EXT_WBINFO_GROUP_ACL.PL.IN 1" -.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-03-12" "perl v5.10.1" "User Contributed Perl Documentation" +.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-04-29" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/include/version.h new/squid-3.2.11/include/version.h --- old/squid-3.2.9/include/version.h 2013-03-12 11:17:19.000000000 +0100 +++ new/squid-3.2.11/include/version.h 2013-04-30 06:47:59.000000000 +0200 @@ -9,7 +9,7 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1363083354 +#define SQUID_RELEASE_TIME 1367297224 #endif #ifndef APP_SHORTNAME diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/src/DiskIO/Mmapped/MmappedFile.cc new/squid-3.2.11/src/DiskIO/Mmapped/MmappedFile.cc --- old/squid-3.2.9/src/DiskIO/Mmapped/MmappedFile.cc 2013-03-12 11:15:58.000000000 +0100 +++ new/squid-3.2.11/src/DiskIO/Mmapped/MmappedFile.cc 2013-04-30 06:47:06.000000000 +0200 @@ -11,6 +11,11 @@ #include "DiskIO/WriteRequest.h" #include <sys/mman.h> +// Some systems such as Hurd provide mmap() API but do not support MAP_NORESERVE +#ifndef MAP_NORESERVE +#define MAP_NORESERVE 0 +#endif + CBDATA_CLASS_INIT(MmappedFile); // helper class to deal with mmap(2) offset alignment and other low-level specs diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/src/HttpHdrCc.cc new/squid-3.2.11/src/HttpHdrCc.cc --- old/squid-3.2.9/src/HttpHdrCc.cc 2013-03-12 11:15:58.000000000 +0100 +++ new/squid-3.2.11/src/HttpHdrCc.cc 2013-04-30 06:47:06.000000000 +0200 @@ -192,15 +192,42 @@ } break; + case CC_PRIVATE: { + String temp; + if (!p) { + // Value parameter is optional. + private_.clean(); + } else if (/* p &&*/ httpHeaderParseQuotedString(p, (ilen-nlen-1), &temp)) { + private_.append(temp); + } else { + debugs(65, 2, "cc: invalid private= specs near '" << item << "'"); + } + // to be safe we ignore broken parameters, but always remember the 'private' part. + setMask(type,true); + } + break; + + case CC_NO_CACHE: { + String temp; + if (!p) { + // On Requests, missing value parameter is expected syntax. + // On Responses, value parameter is optional. + setMask(type,true); + no_cache.clean(); + } else if (/* p &&*/ httpHeaderParseQuotedString(p, (ilen-nlen-1), &temp)) { + // On Requests, a value parameter is invalid syntax. + // XXX: identify when parsing request header and dump err message here. + setMask(type,true); + no_cache.append(temp); + } else { + debugs(65, 2, "cc: invalid no-cache= specs near '" << item << "'"); + } + } + break; + case CC_PUBLIC: Public(true); break; - case CC_PRIVATE: - Private(true); - break; - case CC_NO_CACHE: - noCache(true); - break; case CC_NO_STORE: noStore(true); break; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/src/HttpHdrCc.h new/squid-3.2.11/src/HttpHdrCc.h --- old/squid-3.2.9/src/HttpHdrCc.h 2013-03-12 11:15:58.000000000 +0100 +++ new/squid-3.2.11/src/HttpHdrCc.h 2013-04-30 06:47:06.000000000 +0200 @@ -71,15 +71,27 @@ //manipulation for Cache-Control: private header bool hasPrivate() const {return isSet(CC_PRIVATE);} - bool Private() const {return isSet(CC_PRIVATE);} - void Private(bool v) {setMask(CC_PRIVATE,v);} - void clearPrivate() {setMask(CC_PRIVATE,false);} + const String &Private() const {return private_;} + void Private(String &v) { + setMask(CC_PRIVATE,true); + // uses append for multi-line headers + if (private_.defined()) + private_.append(","); + private_.append(v); + } + void clearPrivate() {setMask(CC_PRIVATE,false); private_.clean();} //manipulation for Cache-Control: no-cache header bool hasNoCache() const {return isSet(CC_NO_CACHE);} - bool noCache() const {return isSet(CC_NO_CACHE);} - void noCache(bool v) {setMask(CC_NO_CACHE,v);} - void clearNoCache() {setMask(CC_NO_CACHE,false);} + const String &noCache() const {return no_cache;} + void noCache(String &v) { + setMask(CC_NO_CACHE,true); + // uses append for multi-line headers + if (no_cache.defined()) + no_cache.append(","); + no_cache.append(v); + } + void clearNoCache() {setMask(CC_NO_CACHE,false); no_cache.clean();} //manipulation for Cache-Control: no-store header bool hasNoStore() const {return isSet(CC_NO_STORE);} @@ -163,6 +175,9 @@ int32_t max_stale; int32_t stale_if_error; int32_t min_fresh; + String private_; ///< List of headers sent as value for CC:private="...". May be empty/undefined if the value is missing. + String no_cache; ///< List of headers sent as value for CC:no-cache="...". May be empty/undefined if the value is missing. + /// low-level part of the public set method, performs no checks _SQUID_INLINE_ void setMask(http_hdr_cc_type id, bool newval=true); _SQUID_INLINE_ void setValue(int32_t &value, int32_t new_value, http_hdr_cc_type hdr, bool setting=true); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/src/cache_cf.cc new/squid-3.2.11/src/cache_cf.cc --- old/squid-3.2.9/src/cache_cf.cc 2013-03-12 11:15:58.000000000 +0100 +++ new/squid-3.2.11/src/cache_cf.cc 2013-04-30 06:47:06.000000000 +0200 @@ -600,6 +600,7 @@ memConfigure(); /* Sanity checks */ + Config.cacheSwap.n_strands = 0; // no diskers by default if (Config.cacheSwap.swapDirs == NULL) { /* Memory-only cache probably in effect. */ /* turn off the cache rebuild delays... */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/src/client_side_request.cc new/squid-3.2.11/src/client_side_request.cc --- old/squid-3.2.9/src/client_side_request.cc 2013-03-12 11:15:58.000000000 +0100 +++ new/squid-3.2.11/src/client_side_request.cc 2013-04-30 06:47:06.000000000 +0200 @@ -1031,7 +1031,7 @@ if (!request->flags.ignore_cc) { if (request->cache_control) { - if (request->cache_control->noCache()) + if (request->cache_control->hasNoCache()) no_cache=true; // RFC 2616: treat Pragma:no-cache as if it was Cache-Control:no-cache when Cache-Control is missing diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/src/comm/AcceptLimiter.cc new/squid-3.2.11/src/comm/AcceptLimiter.cc --- old/squid-3.2.9/src/comm/AcceptLimiter.cc 2013-03-12 11:15:58.000000000 +0100 +++ new/squid-3.2.11/src/comm/AcceptLimiter.cc 2013-04-30 06:47:06.000000000 +0200 @@ -6,29 +6,33 @@ Comm::AcceptLimiter Comm::AcceptLimiter::Instance_; -Comm::AcceptLimiter &Comm::AcceptLimiter::Instance() +Comm::AcceptLimiter & +Comm::AcceptLimiter::Instance() { return Instance_; } void -Comm::AcceptLimiter::defer(Comm::TcpAcceptor *afd) +Comm::AcceptLimiter::defer(const Comm::TcpAcceptor::Pointer &afd) { - ++ afd->isLimited; + ++ (afd->isLimited); debugs(5, 5, HERE << afd->conn << " x" << afd->isLimited); - deferred.push_back(afd); + deferred_.push_back(afd); } void -Comm::AcceptLimiter::removeDead(const Comm::TcpAcceptor *afd) +Comm::AcceptLimiter::removeDead(const Comm::TcpAcceptor::Pointer &afd) { - for (unsigned int i = 0; i < deferred.size() && afd->isLimited > 0; i++) { - if (deferred[i] == afd) { - -- deferred[i]->isLimited; - deferred[i] = NULL; // fast. kick() will skip empty entries later. + uint64_t abandonedClients = 0; + for (unsigned int i = 0; i < deferred_.size() && afd->isLimited > 0; ++i) { + if (deferred_[i] == afd) { + -- deferred_[i]->isLimited; + deferred_[i] = NULL; // fast. kick() will skip empty entries later. debugs(5, 5, HERE << afd->conn << " x" << afd->isLimited); + ++abandonedClients; } } + debugs(5,4, HERE << "Abandoned " << abandonedClients << " client TCP SYN by closing socket: " << afd->conn); } void @@ -37,12 +41,13 @@ // TODO: this could be optimized further with an iterator to search // looking for first non-NULL, followed by dumping the first N // with only one shift()/pop_front operation + // OR, by reimplementing as a list instead of Vector. - debugs(5, 5, HERE << " size=" << deferred.size()); - while (deferred.size() > 0 && fdNFree() >= RESERVED_FD) { + debugs(5, 5, HERE << " size=" << deferred_.size()); + while (deferred_.size() > 0 && fdNFree() >= RESERVED_FD) { /* NP: shift() is equivalent to pop_front(). Giving us a FIFO queue. */ - TcpAcceptor *temp = deferred.shift(); - if (temp != NULL) { + TcpAcceptor::Pointer temp = deferred_.shift(); + if (temp.valid()) { debugs(5, 5, HERE << " doing one."); -- temp->isLimited; temp->acceptNext(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/src/comm/AcceptLimiter.h new/squid-3.2.11/src/comm/AcceptLimiter.h --- old/squid-3.2.9/src/comm/AcceptLimiter.h 2013-03-12 11:15:58.000000000 +0100 +++ new/squid-3.2.11/src/comm/AcceptLimiter.h 2013-04-30 06:47:06.000000000 +0200 @@ -2,12 +2,11 @@ #define _SQUID_SRC_COMM_ACCEPT_LIMITER_H #include "Array.h" +#include "comm/TcpAcceptor.h" namespace Comm { -class TcpAcceptor; - /** * FIFO Queue holding listener socket handlers which have been activated * ready to dupe their FD and accept() a new client connection. @@ -18,6 +17,16 @@ * removeDead - used only by Comm layer ConnAcceptor to remove themselves when dying. * kick - used by Comm layer when FD are closed. */ +/* TODO this algorithm can be optimized further: + * + * 1) reduce overheads by only pushing one entry per port to the list? + * use TcpAcceptor::isLimited as a flag whether to re-list when kick()'ing + * or to NULL an entry while scanning the list for empty spaces. + * Side effect: TcpAcceptor->kick() becomes allowed to pull off multiple accept()'s in bunches + * + * 2) re-implement as a list instead of vector? + * storing head/tail pointers for fast push/pop and avoiding the whole shift() overhead + */ class AcceptLimiter { @@ -26,10 +35,10 @@ static AcceptLimiter &Instance(); /** delay accepting a new client connection. */ - void defer(Comm::TcpAcceptor *afd); + void defer(const TcpAcceptor::Pointer &afd); /** remove all records of an acceptor. Only to be called by the ConnAcceptor::swanSong() */ - void removeDead(const Comm::TcpAcceptor *afd); + void removeDead(const TcpAcceptor::Pointer &afd); /** try to accept and begin processing any delayed client connections. */ void kick(); @@ -38,7 +47,7 @@ static AcceptLimiter Instance_; /** FIFO queue */ - Vector<Comm::TcpAcceptor*> deferred; + Vector<TcpAcceptor::Pointer> deferred_; }; }; // namepace Comm diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/src/comm/TcpAcceptor.h new/squid-3.2.11/src/comm/TcpAcceptor.h --- old/squid-3.2.9/src/comm/TcpAcceptor.h 2013-03-12 11:15:58.000000000 +0100 +++ new/squid-3.2.11/src/comm/TcpAcceptor.h 2013-04-30 06:47:06.000000000 +0200 @@ -1,17 +1,11 @@ #ifndef SQUID_COMM_TCPACCEPTOR_H #define SQUID_COMM_TCPACCEPTOR_H -#include "base/AsyncCall.h" +#include "base/AsyncJob.h" +#include "base/CbcPointer.h" #include "base/Subscription.h" -#include "CommCalls.h" #include "comm_err_t.h" #include "comm/forward.h" -#include "comm/TcpAcceptor.h" -#include "ip/Address.h" - -#if HAVE_MAP -#include <map> -#endif namespace Comm { @@ -32,6 +26,9 @@ */ class TcpAcceptor : public AsyncJob { +public: + typedef CbcPointer<Comm::TcpAcceptor> Pointer; + private: virtual void start(); virtual bool doneAll() const; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/src/http.cc new/squid-3.2.11/src/http.cc --- old/squid-3.2.9/src/http.cc 2013-03-12 11:15:58.000000000 +0100 +++ new/squid-3.2.11/src/http.cc 2013-04-30 06:47:06.000000000 +0200 @@ -361,6 +361,16 @@ } // NP: request CC:no-cache only means cache READ is forbidden. STORE is permitted. + if (rep->cache_control && rep->cache_control->hasNoCache() && rep->cache_control->noCache().defined()) { + /* TODO: we are allowed to cache when no-cache= has parameters. + * Provided we strip away any of the listed headers unless they are revalidated + * successfully (ie, must revalidate AND these headers are prohibited on stale replies). + * That is a bit tricky for squid right now so we avoid caching entirely. + */ + debugs(22, 3, HERE << "NO because server reply Cache-Control:no-cache has parameters"); + return 0; + } + // NP: request CC:private is undefined. We ignore. // NP: other request CC flags are limiters on HIT/MISS. We don't care about here. @@ -372,16 +382,21 @@ } // RFC 2616 section 14.9.1 - MUST NOT cache any response with CC:private in a shared cache like Squid. + // CC:private overrides CC:public when both are present in a response. // TODO: add a shared/private cache configuration possibility. if (rep->cache_control && - rep->cache_control->Private() && + rep->cache_control->hasPrivate() && !REFRESH_OVERRIDE(ignore_private)) { + /* TODO: we are allowed to cache when private= has parameters. + * Provided we strip away any of the listed headers unless they are revalidated + * successfully (ie, must revalidate AND these headers are prohibited on stale replies). + * That is a bit tricky for squid right now so we avoid caching entirely. + */ debugs(22, 3, HERE << "NO because server reply Cache-Control:private"); return 0; } - // NP: being conservative; CC:private overrides CC:public when both are present in a response. - } + // RFC 2068, sec 14.9.4 - MUST NOT cache any response with Authentication UNLESS certain CC controls are present // allow HTTP violations to IGNORE those controls (ie re-block caching Auth) if (request && (request->flags.auth || request->flags.auth_sent) && !REFRESH_OVERRIDE(ignore_auth)) { @@ -410,8 +425,8 @@ // NP: given the must-revalidate exception we should also be able to exempt no-cache. // HTTPbis WG verdict on this is that it is omitted from the spec due to being 'unexpected' by // some. The caching+revalidate is not exactly unsafe though with Squids interpretation of no-cache - // as equivalent to must-revalidate in the reply. - } else if (rep->cache_control->noCache() && !REFRESH_OVERRIDE(ignore_must_revalidate)) { + // (without parameters) as equivalent to must-revalidate in the reply. + } else if (rep->cache_control->hasNoCache() && !rep->cache_control->noCache().defined() && !REFRESH_OVERRIDE(ignore_must_revalidate)) { debugs(22, 3, HERE << "Authenticated but server reply Cache-Control:no-cache (equivalent to must-revalidate)"); mayStore = true; #endif @@ -967,10 +982,22 @@ if (!ignoreCacheControl) { if (rep->cache_control) { - if (rep->cache_control->proxyRevalidate() || - rep->cache_control->mustRevalidate() || - rep->cache_control->noCache() || - rep->cache_control->hasSMaxAge()) + // We are required to revalidate on many conditions. + // For security reasons we do so even if storage was caused by refresh_pattern ignore-* option + + // CC:must-revalidate or CC:proxy-revalidate + const bool ccMustRevalidate = (rep->cache_control->proxyRevalidate() || rep->cache_control->mustRevalidate()); + + // CC:no-cache (only if there are no parameters) + const bool ccNoCacheNoParams = (rep->cache_control->hasNoCache() && rep->cache_control->noCache().undefined()); + + // CC:s-maxage=N + const bool ccSMaxAge = rep->cache_control->hasSMaxAge(); + + // CC:private (yes, these can sometimes be stored) + const bool ccPrivate = rep->cache_control->hasPrivate(); + + if (ccMustRevalidate || ccNoCacheNoParams || ccSMaxAge || ccPrivate) EBIT_SET(entry->flags, ENTRY_REVALIDATE); } #if USE_HTTP_VIOLATIONS // response header Pragma::no-cache is undefined in HTTP @@ -1809,7 +1836,7 @@ #endif /* Add max-age only without no-cache */ - if (!cc->hasMaxAge() && !cc->noCache()) { + if (!cc->hasMaxAge() && !cc->hasNoCache()) { const char *url = entry ? entry->url() : urlCanonical(request); cc->maxAge(getMaxAge(url)); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/src/ssl/ssl_crtd.cc new/squid-3.2.11/src/ssl/ssl_crtd.cc --- old/squid-3.2.9/src/ssl/ssl_crtd.cc 2013-03-12 11:15:58.000000000 +0100 +++ new/squid-3.2.11/src/ssl/ssl_crtd.cc 2013-04-30 06:47:06.000000000 +0200 @@ -263,7 +263,7 @@ int serial = (getCurrentTime() - 1200000000); size_t max_db_size = 0; size_t fs_block_size = 2048; - char c; + int8_t c; bool create_new_db = false; bool show_sn = false; std::string db_path; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/src/ssl/support.cc new/squid-3.2.11/src/ssl/support.cc --- old/squid-3.2.9/src/ssl/support.cc 2013-03-12 11:15:58.000000000 +0100 +++ new/squid-3.2.11/src/ssl/support.cc 2013-04-30 06:47:06.000000000 +0200 @@ -177,8 +177,10 @@ } ASN1_STRING *cn_data = check->d.dNSName; - if ( (*check_func)(check_data, cn_data) == 0) + if ( (*check_func)(check_data, cn_data) == 0) { + sk_GENERAL_NAME_pop_free(altnames, GENERAL_NAME_free); return 1; + } } sk_GENERAL_NAME_pop_free(altnames, GENERAL_NAME_free); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/src/tests/stub_libcomm.cc new/squid-3.2.11/src/tests/stub_libcomm.cc --- old/squid-3.2.9/src/tests/stub_libcomm.cc 2013-03-12 11:15:58.000000000 +0100 +++ new/squid-3.2.11/src/tests/stub_libcomm.cc 2013-04-30 06:47:06.000000000 +0200 @@ -8,8 +8,8 @@ #include "comm/AcceptLimiter.h" Comm::AcceptLimiter dummy; Comm::AcceptLimiter & Comm::AcceptLimiter::Instance() STUB_RETVAL(dummy) -void Comm::AcceptLimiter::defer(Comm::TcpAcceptor *afd) STUB -void Comm::AcceptLimiter::removeDead(const Comm::TcpAcceptor *afd) STUB +void Comm::AcceptLimiter::defer(const Comm::TcpAcceptor::Pointer &afd) STUB +void Comm::AcceptLimiter::removeDead(const Comm::TcpAcceptor::Pointer &afd) STUB void Comm::AcceptLimiter::kick() STUB #include "comm/Connection.h" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.2.9/tools/squidclient.1 new/squid-3.2.11/tools/squidclient.1 --- old/squid-3.2.9/tools/squidclient.1 2013-03-12 11:15:58.000000000 +0100 +++ new/squid-3.2.11/tools/squidclient.1 2013-04-30 06:47:06.000000000 +0200 @@ -7,7 +7,7 @@ . .SH SYNOPSIS .if !'po4a'hide' .B squidclient -.if !'po4a'hide' .B "[ \-arsv ] [ \-A" +.if !'po4a'hide' .B "[ \-aknNrsv ] [ \-A" string .if !'po4a'hide' .B "] [ \-g" count @@ -25,8 +25,6 @@ local host .if !'po4a'hide' .B "] [ \-m" method -.if !'po4a'hide' .B "] [ \-n" -.if !'po4a'hide' .B "] [ \-N" .if !'po4a'hide' .B "] [ \-p" port .if !'po4a'hide' .B "] [ \-P" @@ -98,6 +96,10 @@ Host header content . .if !'po4a'hide' .TP +.if !'po4a'hide' .B "\-k" +Keep the connection active. Default is to do only one request then close. +. +.if !'po4a'hide' .TP .if !'po4a'hide' .B "\-l host" Specify a local IP address to bind to. Default is none. . ++++++ squid-3.2.9.tar.bz2.asc -> squid-3.2.11.tar.bz2.asc ++++++ --- /work/SRC/openSUSE:Factory/squid/squid-3.2.9.tar.bz2.asc 2013-03-25 20:45:39.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.squid.new/squid-3.2.11.tar.bz2.asc 2013-05-13 15:37:19.000000000 +0200 @@ -1,8 +1,8 @@ -File: squid-3.2.9.tar.bz2 -Date: Tue Mar 12 10:47:39 UTC 2013 -Size: 2897511 -MD5 : de02be3c1f72e0d818374438044261a6 -SHA1: a2cec791e333a492a1d243c2e6228cb93a9de39d +File: squid-3.2.11.tar.bz2 +Date: Tue Apr 30 05:08:44 UTC 2013 +Size: 2897354 +MD5 : cdd3612bed27e8d513b713004c78bf5b +SHA1: 124c0af704f88afb2feb5054b36f253544173a4b Key : 0xFF5CF463 <[email protected]> fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463 keyring = http://www.squid-cache.org/pgp.asc @@ -10,11 +10,11 @@ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) -iQEcBAABAgAGBQJRP76eAAoJELJo5wb/XPRjVeMH+wYmoYLcIwLMjnhCoQRLDEjP -YAbgpaspWisUNKwUsAeb4c58wIA/OXYalD+4B6evNKMz5EhLNAPCP+VdQj8FERU8 -7ibeOgXmNPizuDpwMVJAeAIcVVp8+QjswBGBoMDXgr/5wmJrF2238N3VuqwYwZ5R -vFcpIDK/2yUh09os6ncR3j7BTe9A7qUU4AVcYiBL670U/ASHhGhh8rihRVlbhCJY -BrwBb+nGQUwnjwCptzC4dONv/hZYJ55WZ/j29xQS5OfDeJM91l4VGdoGOCwMgjLi -ygx4dbMfKv86e+WxfHmuyXajgMe+IwarUmlDQxHQpaVS+kksM6avj3YbieIo8/0= -=jsS7 +iQEcBAABAgAGBQJRf1OIAAoJELJo5wb/XPRjwg4H/iNZaKfeqRLVtpFOXT0RKY+l +4+FVq1ptu6VLXRtkJWAj5RZfk6hmO9G+ZwZTnZWLf46c6kUvB/4Nlt0LD98FB9ng +ZtWfcTSked7idj3pInjMvNNa7j0qeOy4tvjUvxKtPAg2ZiRJXoPOKkS6TXnyyGvf +zlSWqmFUNvBsVULGALk9stq03jxqzf2CamNho8g2Tly//suJr8aHj38E8oMoCHWX +SCjo9yVTRdZjaGa6RKkyMGYpPpM9Wh4qIixAGT6Ih94YxzXg/mcWpcl6A6Pwc8CT +lrkKV2mDuGMoL1gGWYo8pUCEjvzKjRtoevu1wjzX/mqYbpilfLNnGg3vqZu7pfM= +=mQwq -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
