Hello community, here is the log from the commit of package squid for openSUSE:Factory checked in at 2015-08-07 00:24:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/squid (Old) and /work/SRC/openSUSE:Factory/.squid.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "squid" Changes: -------- --- /work/SRC/openSUSE:Factory/squid/squid.changes 2015-07-22 09:19:55.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.squid.new/squid.changes 2015-08-07 00:24:31.000000000 +0200 @@ -1,0 +2,22 @@ +Wed Aug 5 21:20:28 UTC 2015 - [email protected] + +- Changes to squid-3.5.7 (01 Aug 2015): + * Bug 4293: wrong SNI sent to server after URL-rewrite + * Bug 4251: incorrect instance name for memory segments in /dev/shm + * Bug 4227: invalid key in AuthUserHashPointer causing assertation failure + * Bug 3345: support %un (any available user name) format code for external ACLs. + * basic_smb_auth: Fix several old issues identified by Debian users + * Support ssl-bump splicing to origin cache_peer + * Fix SSL errors relayed using invalid certificates + * Fix crash in TcpAccepter with profiler enabled + * Fix some cases of ssl_crtd SSL certificate DB corruption + * Fix performance regression in SBuf::chop operations + * Improve handling of client connections on shutdown + * Handle exceptions during squid.conf parse + * Make pod2man an optional dependency + * ... and polishing for several cache.log notification messages + * Do not blindly forward cache peer CONNECT responses (CVE-2015-5400) +- rebase patch + * squid-config.patch + +------------------------------------------------------------------- Old: ---- squid-3.5.6.tar.xz squid-3.5.6.tar.xz.asc New: ---- squid-3.5.7.tar.xz squid-3.5.7.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ squid.spec ++++++ --- /var/tmp/diff_new_pack.QoOPls/_old 2015-08-07 00:24:33.000000000 +0200 +++ /var/tmp/diff_new_pack.QoOPls/_new 2015-08-07 00:24:33.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package squid # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ %define squidconfdir %{_sysconfdir}/squid Name: squid -Version: 3.5.6 +Version: 3.5.7 Release: 0 Summary: A fully featured HTTP/1.0 proxy License: GPL-2.0+ ++++++ squid-3.5.6.tar.xz -> squid-3.5.7.tar.xz ++++++ ++++ 12264 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/ChangeLog new/squid-3.5.7/ChangeLog --- old/squid-3.5.6/ChangeLog 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/ChangeLog 2015-08-01 08:08:17.000000000 +0200 @@ -1,3 +1,21 @@ +Changes to squid-3.5.7 (01 Aug 2015): + + - Bug 4293: wrong SNI sent to server after URL-rewrite + - Bug 4251: incorrect instance name for memory segments in /dev/shm + - Bug 4227: invalid key in AuthUserHashPointer causing assertation failure + - Bug 3345: support %un (any available user name) format code for external ACLs. + - basic_smb_auth: Fix several old issues identified by Debian users + - Support ssl-bump splicing to origin cache_peer + - Fix SSL errors relayed using invalid certificates + - Fix crash in TcpAccepter with profiler enabled + - Fix some cases of ssl_crtd SSL certificate DB corruption + - Fix performance regression in SBuf::chop operations + - Improve handling of client connections on shutdown + - Handle exceptions during squid.conf parse + - Make pod2man an optional dependency + - ... and polishing for several cache.log notification messages + - ... and all fixes from squid 3.4.14 + Changes to squid-3.5.6 (03 Jul 2015): - Bug 4274: ssl_crtd.8 not being installed @@ -182,6 +200,10 @@ - ... and many error page translation updates - ... and much code cleanup and polishing +Changes to squid-3.4.14 (01 Aug 2015): + + - Do not blindly forward cache peer CONNECT responses (CVE-2015-5400) + Changes to squid-3.4.13 (01 May 2015): - Bug 4212: ssl_crtd crashes with corrupt database diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/RELEASENOTES.html new/squid-3.5.7/RELEASENOTES.html --- old/squid-3.5.6/RELEASENOTES.html 2015-07-03 12:15:40.000000000 +0200 +++ new/squid-3.5.7/RELEASENOTES.html 2015-08-01 08:59:36.000000000 +0200 @@ -2,10 +2,10 @@ <HTML> <HEAD> <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.69"> - <TITLE>Squid 3.5.6 release notes</TITLE> + <TITLE>Squid 3.5.7 release notes</TITLE> </HEAD> <BODY> -<H1>Squid 3.5.6 release notes</H1> +<H1>Squid 3.5.7 release notes</H1> <H2>Squid Developers</H2> <HR> @@ -63,7 +63,7 @@ <HR> <H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2> -<P>The Squid Team are pleased to announce the release of Squid-3.5.6.</P> +<P>The Squid Team are pleased to announce the release of Squid-3.5.7.</P> <P>This new release is available for download from <A HREF="http://www.squid-cache.org/Versions/v3/3.5/";>http://www.squid-cache.org/Versions/v3/3.5/</A> or the <A HREF="http://www.squid-cache.org/Download/http-mirrors.html";>mirrors</A>.</P> @@ -531,6 +531,7 @@ <P>New format code <EM>%ssl::>sni</EM> to send SSL client SNI.</P> <P>New format code <EM>%ssl::<cert_subject</EM> to send SSL server certificate DN.</P> <P>New format code <EM>%ssl::<cert_issuer</EM> to send SSL server certificate issuer DN.</P> +<P>New format code <EM>%un</EM> to send any available user name (requires 3.5.7 or later).</P> <P>New response kv-pair <EM>clt_conn_tag=</EM> to associates a given tag with the client TCP connection.</P> <DT><B>forward_max_tries</B><DD> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/cfgaux/compile new/squid-3.5.7/cfgaux/compile --- old/squid-3.5.6/cfgaux/compile 2015-07-03 11:14:18.000000000 +0200 +++ new/squid-3.5.7/cfgaux/compile 2015-08-01 08:09:32.000000000 +0200 @@ -3,7 +3,7 @@ scriptversion=2012-10-14.11; # UTC -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # Written by Tom Tromey <[email protected]>. # # This program is free software; you can redistribute it and/or modify diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/cfgaux/missing new/squid-3.5.7/cfgaux/missing --- old/squid-3.5.6/cfgaux/missing 2015-07-03 11:14:19.000000000 +0200 +++ new/squid-3.5.7/cfgaux/missing 2015-08-01 08:09:32.000000000 +0200 @@ -3,7 +3,7 @@ scriptversion=2013-10-28.13; # UTC -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2014 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard <[email protected]>, 1996. # This program is free software; you can redistribute it and/or modify diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/cfgaux/test-driver new/squid-3.5.7/cfgaux/test-driver --- old/squid-3.5.6/cfgaux/test-driver 2015-07-03 11:15:14.000000000 +0200 +++ new/squid-3.5.7/cfgaux/test-driver 2015-08-01 08:10:15.000000000 +0200 @@ -3,7 +3,7 @@ scriptversion=2013-07-13.22; # UTC -# Copyright (C) 2011-2013 Free Software Foundation, Inc. +# Copyright (C) 2011-2014 Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -106,11 +106,14 @@ # Test script is run here. "$@" >$log_file 2>&1 estatus=$? + if test $enable_hard_errors = no && test $estatus -eq 99; then - estatus=1 + tweaked_estatus=1 +else + tweaked_estatus=$estatus fi -case $estatus:$expect_failure in +case $tweaked_estatus:$expect_failure in 0:yes) col=$red res=XPASS recheck=yes gcopy=yes;; 0:*) col=$grn res=PASS recheck=no gcopy=no;; 77:*) col=$blu res=SKIP recheck=no gcopy=yes;; @@ -119,6 +122,12 @@ *:*) col=$red res=FAIL recheck=yes gcopy=yes;; esac +# Report the test outcome and exit status in the logs, so that one can +# know whether the test passed or failed simply by looking at the '.log' +# file, without the need of also peaking into the corresponding '.trs' +# file (automake bug#11814). +echo "$res $test_name (exit status: $estatus)" >>$log_file + # Report outcome to console. echo "${col}${res}${std}: $test_name" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/configure.ac new/squid-3.5.7/configure.ac --- old/squid-3.5.6/configure.ac 2015-07-03 11:15:26.000000000 +0200 +++ new/squid-3.5.7/configure.ac 2015-08-01 08:10:24.000000000 +0200 @@ -5,7 +5,7 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -AC_INIT([Squid Web Proxy],[3.5.6],[http://bugs.squid-cache.org/],[squid]) +AC_INIT([Squid Web Proxy],[3.5.7],[http://bugs.squid-cache.org/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) @@ -55,7 +55,7 @@ SQUID_YESNO([$enableval], [Unrecognized argument to --disable-arch-native: $enableval]) ]) -AC_MSG_NOTICE([CPU -march=native optimization enabled: ${enable_arch_native:=auto}]) +AC_MSG_NOTICE([CPU arch native optimization enabled: ${enable_arch_native:=auto}]) if test "x${enable_arch_native}" != "xno"; then SQUID_CC_CHECK_ARGUMENT([squid_cv_check_marchnative],[-march=native]) fi @@ -132,6 +132,7 @@ AC_MSG_FAILURE([Perl is required to compile Squid. Please install Perl and then re-run configure ]) fi AC_PATH_PROG(POD2MAN, pod2man, $FALSE) +AM_CONDITIONAL(ENABLE_POD2MAN_DOC, test "x${ac_cv_path_POD2MAN}" != "x$FALSE") dnl set $(AR) if not provided by the build environment if test "x$AR" = "x"; then diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/helpers/basic_auth/DB/Makefile.am new/squid-3.5.7/helpers/basic_auth/DB/Makefile.am --- old/squid-3.5.6/helpers/basic_auth/DB/Makefile.am 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/helpers/basic_auth/DB/Makefile.am 2015-08-01 08:08:17.000000000 +0200 @@ -7,17 +7,21 @@ include $(top_srcdir)/src/Common.am libexec_SCRIPTS = basic_db_auth -man_MANS = basic_db_auth.8 +CLEANFILES += basic_db_auth EXTRA_DIST= \ - basic_db_auth.8 \ passwd.sql \ basic_db_auth.pl.in \ required.m4 -basic_db_auth.8: basic_db_auth - pod2man basic_db_auth basic_db_auth.8 - basic_db_auth: basic_db_auth.pl.in $(subst_perlshell) -CLEANFILES += basic_db_auth basic_db_auth.8 +if ENABLE_POD2MAN_DOC +man_MANS = basic_db_auth.8 +CLEANFILES += basic_db_auth.8 +EXTRA_DIST += basic_db_auth.8 + +basic_db_auth.8: basic_db_auth + pod2man --section=8 basic_db_auth basic_db_auth.8 + +endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/helpers/basic_auth/DB/basic_db_auth.8 new/squid-3.5.7/helpers/basic_auth/DB/basic_db_auth.8 --- old/squid-3.5.6/helpers/basic_auth/DB/basic_db_auth.8 2015-07-03 12:13:13.000000000 +0200 +++ new/squid-3.5.7/helpers/basic_auth/DB/basic_db_auth.8 2015-08-01 08:57:34.000000000 +0200 @@ -132,8 +132,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BASIC_DB_AUTH 1" -.TH BASIC_DB_AUTH 1 "2015-07-03" "perl v5.20.2" "User Contributed Perl Documentation" +.IX Title "BASIC_DB_AUTH 8" +.TH BASIC_DB_AUTH 8 "2015-08-01" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/helpers/basic_auth/DB/required.m4 new/squid-3.5.7/helpers/basic_auth/DB/required.m4 --- old/squid-3.5.6/helpers/basic_auth/DB/required.m4 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/helpers/basic_auth/DB/required.m4 2015-08-01 08:08:17.000000000 +0200 @@ -5,6 +5,10 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -if test "x$PERL" != "x" -a "x$POD2MAN" != "x"; then +if test "x$PERL" != "x"; then BUILD_HELPER="DB" fi +if test "x$POD2MAN" = "x"; then + AC_MSG_WARN([pod2man not found. basic_db_auth man(8) page will not be built]) +fi + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 new/squid-3.5.7/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 --- old/squid-3.5.6/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 2015-07-03 12:13:18.000000000 +0200 +++ new/squid-3.5.7/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 2015-08-01 08:57:39.000000000 +0200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_MSNT_MULTI_DOMAIN_AUTH 1" -.TH BASIC_MSNT_MULTI_DOMAIN_AUTH 1 "2015-07-03" "perl v5.20.2" "User Contributed Perl Documentation" +.TH BASIC_MSNT_MULTI_DOMAIN_AUTH 1 "2015-08-01" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/helpers/basic_auth/POP3/Makefile.am new/squid-3.5.7/helpers/basic_auth/POP3/Makefile.am --- old/squid-3.5.6/helpers/basic_auth/POP3/Makefile.am 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/helpers/basic_auth/POP3/Makefile.am 2015-08-01 08:08:17.000000000 +0200 @@ -8,16 +8,20 @@ include $(top_srcdir)/src/Common.am libexec_SCRIPTS = basic_pop3_auth -man_MANS= basic_pop3_auth.8 +CLEANFILES += basic_pop3_auth EXTRA_DIST= \ - basic_pop3_auth.8 \ basic_pop3_auth.pl.in \ required.m4 basic_pop3_auth: basic_pop3_auth.pl.in $(subst_perlshell) +if ENABLE_POD2MAN_DOC +man_MANS = basic_pop3_auth.8 +CLEANFILES += basic_pop3_auth.8 +EXTRA_DIST += basic_pop3_auth.8 + basic_pop3_auth.8: basic_pop3_auth - pod2man basic_pop3_auth basic_pop3_auth.8 + pod2man --section=8 basic_pop3_auth basic_pop3_auth.8 -CLEANFILES += basic_pop3_auth basic_pop3_auth.8 +endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/helpers/basic_auth/POP3/basic_pop3_auth.8 new/squid-3.5.7/helpers/basic_auth/POP3/basic_pop3_auth.8 --- old/squid-3.5.6/helpers/basic_auth/POP3/basic_pop3_auth.8 2015-07-03 12:13:24.000000000 +0200 +++ new/squid-3.5.7/helpers/basic_auth/POP3/basic_pop3_auth.8 2015-08-01 08:57:43.000000000 +0200 @@ -132,8 +132,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BASIC_POP3_AUTH 1" -.TH BASIC_POP3_AUTH 1 "2015-07-03" "perl v5.20.2" "User Contributed Perl Documentation" +.IX Title "BASIC_POP3_AUTH 8" +.TH BASIC_POP3_AUTH 8 "2015-08-01" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/helpers/basic_auth/POP3/required.m4 new/squid-3.5.7/helpers/basic_auth/POP3/required.m4 --- old/squid-3.5.6/helpers/basic_auth/POP3/required.m4 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/helpers/basic_auth/POP3/required.m4 2015-08-01 08:08:17.000000000 +0200 @@ -5,6 +5,10 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -if test "x$PERL" != "x" -a "x$POD2MAN" != "x"; then +if test "x$PERL" != "x"; then BUILD_HELPER="POP3" fi +if test "x$POD2MAN" = "x"; then + AC_MSG_WARN([pod2man not found. basic_pop3_auth man(8) page will not be built]) +fi + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/helpers/basic_auth/SMB/basic_smb_auth.sh new/squid-3.5.7/helpers/basic_auth/SMB/basic_smb_auth.sh --- old/squid-3.5.6/helpers/basic_auth/SMB/basic_smb_auth.sh 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/helpers/basic_auth/SMB/basic_smb_auth.sh 2015-08-01 08:08:17.000000000 +0200 @@ -30,7 +30,7 @@ read AUTHSHARE read AUTHFILE read SMBUSER -read SMBPASS +read -r SMBPASS # Find domain controller echo "Domain name: $DOMAINNAME" @@ -53,7 +53,7 @@ addropt="" fi echo "Query address options: $addropt" -dcip=`nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'` +dcip=`nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'` echo "Domain controller IP address: $dcip" [ -n "$dcip" ] || exit 1 @@ -64,8 +64,12 @@ [ -n "$dcname" ] || exit 1 # Pass password to smbclient through environment. Not really safe. -USER="$SMBUSER%$SMBPASS" +# NOTE: this differs from what the smbclient documentation says. +# But works when the smbclient documented way does not. +USER="$SMBUSER" +PASSWD="$SMBPASS" export USER +export PASSWD # Read the contents of the file $AUTHFILE on the $AUTHSHARE share authfilebs=`echo "$AUTHFILE" | tr / '\\\\'` diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/helpers/external_acl/SQL_session/Makefile.am new/squid-3.5.7/helpers/external_acl/SQL_session/Makefile.am --- old/squid-3.5.6/helpers/external_acl/SQL_session/Makefile.am 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/helpers/external_acl/SQL_session/Makefile.am 2015-08-01 08:08:17.000000000 +0200 @@ -8,15 +8,20 @@ include $(top_srcdir)/src/Common.am libexec_SCRIPTS = ext_sql_session_acl -CLEANFILES += ext_sql_session_acl ext_sql_session_acl.8 -man_MANS = ext_sql_session_acl.8 +CLEANFILES += ext_sql_session_acl EXTRA_DIST= \ - ext_sql_session_acl.8 \ ext_sql_session_acl.pl.in \ required.m4 -ext_sql_session_acl.8: ext_sql_session_acl - pod2man ext_sql_session_acl ext_sql_session_acl.8 - ext_sql_session_acl: ext_sql_session_acl.pl.in $(subst_perlshell) + +if ENABLE_POD2MAN_DOC +man_MANS = ext_sql_session_acl.8 +CLEANFILES += ext_sql_session_acl.8 +EXTRA_DIST += ext_sql_session_acl.8 + +ext_sql_session_acl.8: ext_sql_session_acl + pod2man --section=8 ext_sql_session_acl ext_sql_session_acl.8 + +endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/helpers/external_acl/SQL_session/ext_sql_session_acl.8 new/squid-3.5.7/helpers/external_acl/SQL_session/ext_sql_session_acl.8 --- old/squid-3.5.6/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2015-07-03 12:13:49.000000000 +0200 +++ new/squid-3.5.7/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2015-08-01 08:58:05.000000000 +0200 @@ -132,8 +132,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EXT_SQL_SESSION_ACL 1" -.TH EXT_SQL_SESSION_ACL 1 "2015-07-03" "perl v5.20.2" "User Contributed Perl Documentation" +.IX Title "EXT_SQL_SESSION_ACL 8" +.TH EXT_SQL_SESSION_ACL 8 "2015-08-01" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/helpers/external_acl/SQL_session/required.m4 new/squid-3.5.7/helpers/external_acl/SQL_session/required.m4 --- old/squid-3.5.6/helpers/external_acl/SQL_session/required.m4 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/helpers/external_acl/SQL_session/required.m4 2015-08-01 08:08:17.000000000 +0200 @@ -5,6 +5,10 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -if test "x$PERL" != "x" -a "x$POD2MAN" != "x"; then +if test "x$PERL" != "x"; then BUILD_HELPER="SQL_session" fi +if test "x$POD2MAN" = "x"; then + AC_MSG_WARN([pod2man not found. ext_sql_session_acl man(8) page will not be built]) +fi + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/helpers/external_acl/delayer/Makefile.am new/squid-3.5.7/helpers/external_acl/delayer/Makefile.am --- old/squid-3.5.6/helpers/external_acl/delayer/Makefile.am 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/helpers/external_acl/delayer/Makefile.am 2015-08-01 08:08:17.000000000 +0200 @@ -8,12 +8,20 @@ include $(top_srcdir)/src/Common.am libexec_SCRIPTS = ext_delayer_acl -CLEANFILES += ext_delayer_acl ext_delayer_acl.8 +CLEANFILES += ext_delayer_acl +EXTRA_DIST= \ + required.m4 \ + ext_delayer_acl.pl.in + +ext_delayer_acl: ext_delayer_acl.pl.in + $(subst_perlshell) + +if ENABLE_POD2MAN_DOC man_MANS = ext_delayer_acl.8 -EXTRA_DIST = ext_delayer_acl.pl.in ext_delayer_acl.8 required.m4 +CLEANFILES += ext_delayer_acl.8 +EXTRA_DIST += ext_delayer_acl.8 ext_delayer_acl.8: ext_delayer_acl - pod2man ext_delayer_acl ext_delayer_acl.8 + pod2man --section=8 ext_delayer_acl ext_delayer_acl.8 -ext_delayer_acl: ext_delayer_acl.pl.in - $(subst_perlshell) +endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/helpers/external_acl/delayer/ext_delayer_acl.8 new/squid-3.5.7/helpers/external_acl/delayer/ext_delayer_acl.8 --- old/squid-3.5.6/helpers/external_acl/delayer/ext_delayer_acl.8 2015-07-03 12:13:40.000000000 +0200 +++ new/squid-3.5.7/helpers/external_acl/delayer/ext_delayer_acl.8 2015-08-01 08:57:58.000000000 +0200 @@ -132,8 +132,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EXT_DELAYER_ACL 1" -.TH EXT_DELAYER_ACL 1 "2015-07-03" "perl v5.20.2" "User Contributed Perl Documentation" +.IX Title "EXT_DELAYER_ACL 8" +.TH EXT_DELAYER_ACL 8 "2015-08-01" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/helpers/external_acl/delayer/required.m4 new/squid-3.5.7/helpers/external_acl/delayer/required.m4 --- old/squid-3.5.6/helpers/external_acl/delayer/required.m4 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/helpers/external_acl/delayer/required.m4 2015-08-01 08:08:17.000000000 +0200 @@ -5,6 +5,10 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -if test "x$PERL" != "x" -a "x$POD2MAN" != "x"; then +if test "x$PERL" != "x"; then BUILD_HELPER="delayer" fi +if test "x$POD2MAN" = "x"; then + AC_MSG_WARN([pod2man not found. ext_delayer_acl man(8) page will not be built]) +fi + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/helpers/external_acl/wbinfo_group/Makefile.am new/squid-3.5.7/helpers/external_acl/wbinfo_group/Makefile.am --- old/squid-3.5.6/helpers/external_acl/wbinfo_group/Makefile.am 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/helpers/external_acl/wbinfo_group/Makefile.am 2015-08-01 08:08:17.000000000 +0200 @@ -8,16 +8,20 @@ include $(top_srcdir)/src/Common.am libexec_SCRIPTS= ext_wbinfo_group_acl -man_MANS= ext_wbinfo_group_acl.8 +CLEANFILES += ext_wbinfo_group_acl EXTRA_DIST= \ - ext_wbinfo_group_acl.8 \ ext_wbinfo_group_acl.pl.in \ required.m4 ext_wbinfo_group_acl: ext_wbinfo_group_acl.pl.in $(subst_perlshell) +if ENABLE_POD2MAN_DOC +man_MANS = ext_wbinfo_group_acl.8 +CLEANFILES += ext_wbinfo_group_acl.8 +EXTRA_DIST += ext_wbinfo_group_acl.8 + ext_wbinfo_group_acl.8: ext_wbinfo_group_acl - pod2man ext_wbinfo_group_acl ext_wbinfo_group_acl.8 + pod2man --section=8 ext_wbinfo_group_acl ext_wbinfo_group_acl.8 -CLEANFILES += ext_wbinfo_group_acl.8 ext_wbinfo_group_acl +endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 new/squid-3.5.7/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 --- old/squid-3.5.6/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2015-07-03 12:13:53.000000000 +0200 +++ new/squid-3.5.7/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2015-08-01 08:58:08.000000000 +0200 @@ -132,8 +132,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EXT_WBINFO_GROUP_ACL 1" -.TH EXT_WBINFO_GROUP_ACL 1 "2015-07-03" "perl v5.20.2" "User Contributed Perl Documentation" +.IX Title "EXT_WBINFO_GROUP_ACL 8" +.TH EXT_WBINFO_GROUP_ACL 8 "2015-08-01" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/helpers/external_acl/wbinfo_group/required.m4 new/squid-3.5.7/helpers/external_acl/wbinfo_group/required.m4 --- old/squid-3.5.6/helpers/external_acl/wbinfo_group/required.m4 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/helpers/external_acl/wbinfo_group/required.m4 2015-08-01 08:08:17.000000000 +0200 @@ -15,6 +15,10 @@ fi # allow script install anyway when perl is present -if test "x$PERL" != "x" -a "x$POD2MAN" != "x"; then +if test "x$PERL" != "x"; then BUILD_HELPER="wbinfo_group" fi +if test "x$POD2MAN" = "x"; then + AC_MSG_WARN([pod2man not found. ext_wbinfo_group_acl man(8) page will not be built]) +fi + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/helpers/log_daemon/DB/Makefile.am new/squid-3.5.7/helpers/log_daemon/DB/Makefile.am --- old/squid-3.5.6/helpers/log_daemon/DB/Makefile.am 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/helpers/log_daemon/DB/Makefile.am 2015-08-01 08:08:17.000000000 +0200 @@ -8,17 +8,22 @@ include $(top_srcdir)/src/Common.am libexec_SCRIPTS = log_db_daemon -CLEANFILES += log_db_daemon log_db_daemon.8 -man_MANS = log_db_daemon.8 +CLEANFILES += log_db_daemon EXTRA_DIST= \ required.m4 \ doc/views.sql \ doc/date_day_column.sql \ - log_db_daemon.8 \ log_db_daemon.pl.in -log_db_daemon.8: log_db_daemon - pod2man log_db_daemon log_db_daemon.8 - log_db_daemon: log_db_daemon.pl.in $(subst_perlshell) + +if ENABLE_POD2MAN_DOC +man_MANS = log_db_daemon.8 +CLEANFILES += log_db_daemon.8 +EXTRA_DIST += log_db_daemon.8 + +log_db_daemon.8: log_db_daemon + pod2man --section=8 log_db_daemon log_db_daemon.8 + +endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/helpers/log_daemon/DB/log_db_daemon.8 new/squid-3.5.7/helpers/log_daemon/DB/log_db_daemon.8 --- old/squid-3.5.6/helpers/log_daemon/DB/log_db_daemon.8 2015-07-03 12:13:56.000000000 +0200 +++ new/squid-3.5.7/helpers/log_daemon/DB/log_db_daemon.8 2015-08-01 08:58:10.000000000 +0200 @@ -132,8 +132,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "LOG_DB_DAEMON 1" -.TH LOG_DB_DAEMON 1 "2015-07-03" "perl v5.20.2" "User Contributed Perl Documentation" +.IX Title "LOG_DB_DAEMON 8" +.TH LOG_DB_DAEMON 8 "2015-08-01" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/helpers/log_daemon/DB/required.m4 new/squid-3.5.7/helpers/log_daemon/DB/required.m4 --- old/squid-3.5.6/helpers/log_daemon/DB/required.m4 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/helpers/log_daemon/DB/required.m4 2015-08-01 08:08:17.000000000 +0200 @@ -5,6 +5,10 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -if test "x$PERL" != "x" -a "x$POD2MAN" != "x"; then +if test "x$PERL" != "x"; then BUILD_HELPER="DB" fi +if test "x$POD2MAN" = "x"; then + AC_MSG_WARN([pod2man not found. log_db_daemon man(8) page will not be built]) +fi + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/helpers/storeid_rewrite/file/Makefile.am new/squid-3.5.7/helpers/storeid_rewrite/file/Makefile.am --- old/squid-3.5.6/helpers/storeid_rewrite/file/Makefile.am 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/helpers/storeid_rewrite/file/Makefile.am 2015-08-01 08:08:17.000000000 +0200 @@ -8,15 +8,20 @@ include $(top_srcdir)/src/Common.am libexec_SCRIPTS = storeid_file_rewrite -CLEANFILES += storeid_file_rewrite storeid_file_rewrite.8 -man_MANS = storeid_file_rewrite.8 +CLEANFILES += storeid_file_rewrite EXTRA_DIST= \ - storeid_file_rewrite.8 \ storeid_file_rewrite.pl.in \ required.m4 -storeid_file_rewrite.8: storeid_file_rewrite - pod2man storeid_file_rewrite storeid_file_rewrite.8 - storeid_file_rewrite: storeid_file_rewrite.pl.in $(subst_perlshell) + +if ENABLE_POD2MAN_DOC +man_MANS = storeid_file_rewrite.8 +CLEANFILES += storeid_file_rewrite.8 +EXTRA_DIST += storeid_file_rewrite.8 + +storeid_file_rewrite.8: storeid_file_rewrite + pod2man --section=8 storeid_file_rewrite storeid_file_rewrite.8 + +endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/helpers/storeid_rewrite/file/required.m4 new/squid-3.5.7/helpers/storeid_rewrite/file/required.m4 --- old/squid-3.5.6/helpers/storeid_rewrite/file/required.m4 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/helpers/storeid_rewrite/file/required.m4 2015-08-01 08:08:17.000000000 +0200 @@ -5,6 +5,10 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -if test "x$PERL" != "x" -a "x$POD2MAN" != "x"; then +if test "x$PERL" != "x"; then BUILD_HELPER="file" fi +if test "x$POD2MAN" = "x"; then + AC_MSG_WARN([pod2man not found. storeid_file_rewrite man(8) page will not be built]) +fi + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/helpers/storeid_rewrite/file/storeid_file_rewrite.8 new/squid-3.5.7/helpers/storeid_rewrite/file/storeid_file_rewrite.8 --- old/squid-3.5.6/helpers/storeid_rewrite/file/storeid_file_rewrite.8 2015-07-03 12:14:11.000000000 +0200 +++ new/squid-3.5.7/helpers/storeid_rewrite/file/storeid_file_rewrite.8 2015-08-01 08:58:23.000000000 +0200 @@ -132,8 +132,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "STOREID_FILE_REWRITE 1" -.TH STOREID_FILE_REWRITE 1 "2015-07-03" "perl v5.20.2" "User Contributed Perl Documentation" +.IX Title "STOREID_FILE_REWRITE 8" +.TH STOREID_FILE_REWRITE 8 "2015-08-01" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/include/version.h new/squid-3.5.7/include/version.h --- old/squid-3.5.6/include/version.h 2015-07-03 11:15:26.000000000 +0200 +++ new/squid-3.5.7/include/version.h 2015-08-01 08:10:24.000000000 +0200 @@ -7,7 +7,7 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1435914765 +#define SQUID_RELEASE_TIME 1438409280 #endif /* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/src/DiskIO/DiskThreads/aiops.cc new/squid-3.5.7/src/DiskIO/DiskThreads/aiops.cc --- old/squid-3.5.6/src/DiskIO/DiskThreads/aiops.cc 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/src/DiskIO/DiskThreads/aiops.cc 2015-08-01 08:08:17.000000000 +0200 @@ -500,13 +500,13 @@ } if (request_queue2.head) { - static int filter = 0; - static int filter_limit = 8; + static uint64_t filter = 0; + static uint64_t filter_limit = 8192; if (++filter >= filter_limit) { filter_limit += filter; filter = 0; - debugs(43, DBG_IMPORTANT, "squidaio_queue_request: WARNING - Queue congestion"); + debugs(43, DBG_IMPORTANT, "squidaio_queue_request: WARNING - Queue congestion (growing to " << filter_limit << ")"); } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/src/DiskIO/DiskThreads/aiops_win32.cc new/squid-3.5.7/src/DiskIO/DiskThreads/aiops_win32.cc --- old/squid-3.5.6/src/DiskIO/DiskThreads/aiops_win32.cc 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/src/DiskIO/DiskThreads/aiops_win32.cc 2015-08-01 08:08:17.000000000 +0200 @@ -581,13 +581,13 @@ } if (request_queue2.head) { - static int filter = 0; - static int filter_limit = 8; + static uint64_t filter = 0; + static uint64_t filter_limit = 8196; if (++filter >= filter_limit) { filter_limit += filter; filter = 0; - debugs(43, DBG_IMPORTANT, "squidaio_queue_request: WARNING - Queue congestion"); + debugs(43, DBG_IMPORTANT, "squidaio_queue_request: WARNING - Queue congestion (growing to " << filter_limit << ")"); } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/src/FwdState.cc new/squid-3.5.7/src/FwdState.cc --- old/squid-3.5.6/src/FwdState.cc 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/src/FwdState.cc 2015-08-01 08:08:17.000000000 +0200 @@ -683,10 +683,14 @@ #if USE_OPENSSL if (!request->flags.pinned) { - if ((serverConnection()->getPeer() && serverConnection()->getPeer()->use_ssl) || - (!serverConnection()->getPeer() && request->url.getScheme() == AnyP::PROTO_HTTPS) || - request->flags.sslPeek) { - + const CachePeer *p = serverConnection()->getPeer(); + const bool peerWantsTls = p && p->use_ssl; + // userWillSslToPeerForUs assumes CONNECT == HTTPS + const bool userWillTlsToPeerForUs = p && p->options.originserver && + request->method == Http::METHOD_CONNECT; + const bool needTlsToPeer = peerWantsTls && !userWillTlsToPeerForUs; + const bool needTlsToOrigin = !p && request->url.getScheme() == AnyP::PROTO_HTTPS; + if (needTlsToPeer || needTlsToOrigin || request->flags.sslPeek) { HttpRequest::Pointer requestPointer = request; AsyncCall::Pointer callback = asyncCall(17,4, "FwdState::ConnectedToPeer", @@ -782,7 +786,9 @@ request->hier.startPeerClock(); - if (serverDestinations[0]->getPeer() && request->flags.sslBumped) { + // Do not fowrward bumped connections to parent proxy unless it is an + // origin server + if (serverDestinations[0]->getPeer() && !serverDestinations[0]->getPeer()->options.originserver && request->flags.sslBumped) { debugs(50, 4, "fwdConnectStart: Ssl bumped connections through parent proxy are not allowed"); ErrorState *anErr = new ErrorState(ERR_CANNOT_FORWARD, Http::scServiceUnavailable, request); fail(anErr); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/src/SBuf.cc new/squid-3.5.7/src/SBuf.cc --- old/squid-3.5.6/src/SBuf.cc 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/src/SBuf.cc 2015-08-01 08:08:17.000000000 +0200 @@ -541,12 +541,18 @@ SBuf& SBuf::chop(size_type pos, size_type n) { - if (pos == npos || pos > length() || n == 0) { + if (pos == npos || pos > length()) + pos = length(); + + if (n == npos || (pos+n) > length()) + n = length() - pos; + + // if there will be nothing left, reset the buffer while we can + if (pos == length() || n == 0) { clear(); return *this; } - if (n == npos || (pos+n) > length()) - n = length()-pos; + ++stats.chop; off_ += pos; len_ = n; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/src/auth/User.cc new/squid-3.5.7/src/auth/User.cc --- old/squid-3.5.6/src/auth/User.cc 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/src/auth/User.cc 2015-08-01 08:08:17.000000000 +0200 @@ -31,8 +31,9 @@ notes(), credentials_state(Auth::Unchecked), username_(NULL), - requestRealm_(aRequestRealm) + userKey_(NULL) { + requestRealm_ = aRequestRealm ? xstrdup(aRequestRealm) : NULL; proxy_match_cache.head = proxy_match_cache.tail = NULL; ip_list.head = ip_list.tail = NULL; debugs(29, 5, HERE << "Initialised auth_user '" << this << "'."); @@ -134,6 +135,10 @@ if (username_) xfree((char*)username_); + if (requestRealm_) + xfree((char*)requestRealm_); + if (userKey_) + xfree((char*)userKey_); /* prevent accidental reuse */ auth_type = Auth::AUTH_UNKNOWN; @@ -365,14 +370,17 @@ void Auth::User::username(char const *aString) { + SBuf key; + if (aString) { assert(!username_); username_ = xstrdup(aString); - // NP: param #2 is working around a c_str() data-copy performance regression - userKey_ = BuildUserKey(username_, (!requestRealm_.isEmpty() ? requestRealm_.c_str() : NULL)); + key = BuildUserKey(username_, requestRealm_); + // XXX; performance regression. c_str() reallocates, then xstrdup() reallocates + userKey_ = xstrdup(key.c_str()); } else { safe_free(username_); - userKey_.clear(); + safe_free(userKey_) } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/src/auth/User.h new/squid-3.5.7/src/auth/User.h --- old/squid-3.5.6/src/auth/User.h 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/src/auth/User.h 2015-08-01 08:08:17.000000000 +0200 @@ -66,7 +66,7 @@ void username(char const *); ///< set stored username and userKey // NP: key is set at the same time as username_. Until then both are empty/NULL. - const char *userKey() {return !userKey_.isEmpty() ? userKey_.c_str() : NULL;} + const char *userKey() {return userKey_;} /** * How long these credentials are still valid for. @@ -116,13 +116,17 @@ /** * A realm for the user depending on request, designed to identify users, * with the same username and different authentication domains. + * The requestRealm_ memory will be allocated via xstrdup(). + * It is our responsibility. */ - SBuf requestRealm_; + const char *requestRealm_; /** - * A Unique key for the user, consist by username and requestRealm_ + * A Unique key for the user, consist by username and realm. + * The userKey_ memory will be allocated via xstrdup(). + * It is our responsibility. */ - SBuf userKey_; + const char *userKey_; /** what ip addresses has this user been seen at?, plus a list length cache */ dlink_list ip_list; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/src/base/RunnersRegistry.cc new/squid-3.5.7/src/base/RunnersRegistry.cc --- old/squid-3.5.6/src/base/RunnersRegistry.cc 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/src/base/RunnersRegistry.cc 2015-08-01 08:08:17.000000000 +0200 @@ -32,6 +32,14 @@ return runners.size(); } +int +DeregisterRunner(RegisteredRunner *rr) +{ + Runners &runners = GetRunners(); + runners.erase(rr); + return runners.size(); +} + void RunRegistered(const RegisteredRunner::Method &m) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/src/base/RunnersRegistry.h new/squid-3.5.7/src/base/RunnersRegistry.h --- old/squid-3.5.6/src/base/RunnersRegistry.h 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/src/base/RunnersRegistry.h 2015-08-01 08:08:17.000000000 +0200 @@ -68,6 +68,12 @@ /// Meant for cleanup and state saving that may require other modules. virtual void startShutdown() {} + /// Called after shutdown_lifetime grace period ends and before stopping + /// the main loop. At least one main loop iteration is guaranteed after + /// this call. + /// Meant for cleanup and state saving that may require other modules. + virtual void endingShutdown() {} + /// Called after stopping the main loop and before releasing memory. /// Meant for quick/basic cleanup that does not require any other modules. virtual ~RegisteredRunner() {} @@ -82,6 +88,9 @@ /// registers a given runner with the given registry and returns registry count int RegisterRunner(RegisteredRunner *rr); +/// de-registers a given runner with the given registry and returns registry count +int DeregisterRunner(RegisteredRunner *rr); + /// Calls a given method of all runners. /// All runners are destroyed after the finishShutdown() call. void RunRegistered(const RegisteredRunner::Method &m); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/src/cf.data.pre new/squid-3.5.7/src/cf.data.pre --- old/squid-3.5.6/src/cf.data.pre 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/src/cf.data.pre 2015-08-01 08:08:17.000000000 +0200 @@ -699,6 +699,12 @@ FORMAT specifications %LOGIN Authenticated user login name + %un A user name. Expands to the first available name + from the following list of information sources: + - authenticated user name, like %ul or %LOGIN + - user name sent by an external ACL, like %EXT_USER + - SSL client name, like %us in logformat + - ident user name, like %ui in logformat %EXT_USER Username from previous external acl %EXT_LOG Log details from previous external acl %EXT_TAG Tag from previous external acl @@ -4033,6 +4039,12 @@ ue User name from external acl helper ui User name from ident us User name from SSL + un A user name. Expands to the first available name + from the following list of information sources: + - authenticated user name, like %ul + - user name supplied by an external ACL, like %ue + - SSL client name, like %us + - ident user name, like %ui credentials Client credentials. The exact meaning depends on the authentication scheme: For Basic authentication, it is the password; for Digest, the realm sent by the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/src/client_side.cc new/squid-3.5.7/src/client_side.cc --- old/squid-3.5.6/src/client_side.cc 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/src/client_side.cc 2015-08-01 08:08:17.000000000 +0200 @@ -814,6 +814,7 @@ { debugs(33, 2, HERE << clientConnection); flags.readMore = false; + DeregisterRunner(this); clientdbEstablished(clientConnection->remote, -1); /* decrement */ assert(areAllContextsForThisConnection()); freeAllContexts(); @@ -1891,6 +1892,32 @@ return context; } +void +ConnStateData::startShutdown() +{ + // RegisteredRunner API callback - Squid has been shut down + + // if connection is idle terminate it now, + // otherwise wait for grace period to end + if (getConcurrentRequestCount() == 0) + endingShutdown(); +} + +void +ConnStateData::endingShutdown() +{ + // RegisteredRunner API callback - Squid shutdown grace period is over + + // force the client connection to close immediately + // swanSong() in the close handler will cleanup. + if (Comm::IsConnOpen(clientConnection)) + clientConnection->close(); + + // deregister now to ensure finalShutdown() does not kill us prematurely. + // fd_table purge will cleanup if close handler was not fast enough. + DeregisterRunner(this); +} + char * skipLeadingSpace(char *aString) { @@ -3519,6 +3546,10 @@ port = xact->squidPort; log_addr = xact->tcpClient->remote; log_addr.applyMask(Config.Addrs.client_netmask); + + // register to receive notice of Squid signal events + // which may affect long persisting client connections + RegisterRunner(this); } void diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/src/client_side.h new/squid-3.5.7/src/client_side.h --- old/squid-3.5.6/src/client_side.h 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/src/client_side.h 2015-08-01 08:08:17.000000000 +0200 @@ -11,6 +11,7 @@ #ifndef SQUID_CLIENTSIDE_H #define SQUID_CLIENTSIDE_H +#include "base/RunnersRegistry.h" #include "clientStreamForward.h" #include "comm.h" #include "helper/forward.h" @@ -169,7 +170,7 @@ * * If the above can be confirmed accurate we can call this object PipelineManager or similar */ -class ConnStateData : public BodyProducer, public HttpControlMsgSink +class ConnStateData : public BodyProducer, public HttpControlMsgSink, public RegisteredRunner { public: @@ -399,6 +400,10 @@ /// stop parsing the request and create context for relaying error info ClientSocketContext *abortRequestParsing(const char *const errUri); + /* Registered Runner API */ + virtual void startShutdown(); + virtual void endingShutdown(); + protected: void startDechunkingRequest(); void finishDechunkingRequest(bool withSuccess); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/src/comm/TcpAcceptor.cc new/squid-3.5.7/src/comm/TcpAcceptor.cc --- old/squid-3.5.6/src/comm/TcpAcceptor.cc 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/src/comm/TcpAcceptor.cc 2015-08-01 08:08:17.000000000 +0200 @@ -366,6 +366,7 @@ if (clientdbEstablished(details->remote, 0) > Config.client_ip_max_connections) { debugs(50, DBG_IMPORTANT, "WARNING: " << details->remote << " attempting more than " << Config.client_ip_max_connections << " connections."); Ip::Address::FreeAddr(gai); + PROF_stop(comm_accept); return Comm::COMM_ERROR; } } @@ -376,6 +377,7 @@ if (getsockname(sock, gai->ai_addr, &gai->ai_addrlen) != 0) { debugs(50, DBG_IMPORTANT, "ERROR: getsockname() failed to locate local-IP on " << details << ": " << xstrerror()); Ip::Address::FreeAddr(gai); + PROF_stop(comm_accept); return Comm::COMM_ERROR; } details->local = *gai; @@ -404,7 +406,9 @@ // Perform NAT or TPROXY operations to retrieve the real client/dest IP addresses if (conn->flags&(COMM_TRANSPARENT|COMM_INTERCEPTION) && !Ip::Interceptor.Lookup(details, conn)) { + debugs(50, DBG_IMPORTANT, "ERROR: NAT/TPROXY lookup failed to locate original IPs on " << details); // Failed. + PROF_stop(comm_accept); return Comm::COMM_ERROR; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/src/external_acl.cc new/squid-3.5.7/src/external_acl.cc --- old/squid-3.5.6/src/external_acl.cc 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/src/external_acl.cc 2015-08-01 08:08:17.000000000 +0200 @@ -403,6 +403,10 @@ else if (strcmp(token, "%EXT_USER") == 0 || strcmp(token, "%ue") == 0) format->type = Format::LFT_USER_EXTERNAL; #endif +#if USE_AUTH || defined(USE_OPENSSL) || defined(USE_IDENT) + else if (strcmp(token, "%un") == 0) + format->type = Format::LFT_USER_NAME; +#endif else if (strcmp(token, "%EXT_LOG") == 0 || strcmp(token, "%ea") == 0) format->type = Format::LFT_EXT_LOG; else if (strcmp(token, "%TAG") == 0 || strcmp(token, "%et") == 0) @@ -508,6 +512,7 @@ break #if USE_AUTH DUMP_EXT_ACL_TYPE_FMT(USER_LOGIN," %%ul"); + DUMP_EXT_ACL_TYPE_FMT(USER_NAME," %%un"); #endif #if USE_IDENT @@ -875,6 +880,18 @@ dlinkAdd(e, &entry->lru, &def->lru_list); } +#if USE_OPENSSL +static const char * +external_acl_ssl_get_user_attribute(const ACLFilledChecklist &ch, const char *attr) +{ + if (ch.conn() != NULL && Comm::IsConnOpen(ch.conn()->clientConnection)) { + if (SSL *ssl = fd_table[ch.conn()->clientConnection->fd].ssl) + return sslGetUserAttribute(ssl, attr); + } + return NULL; +} +#endif + static char * makeExternalAclKey(ACLFilledChecklist * ch, external_acl_data * acl_data) { @@ -1038,14 +1055,7 @@ break; case Format::LFT_EXT_ACL_USER_CERT: - - if (ch->conn() != NULL && Comm::IsConnOpen(ch->conn()->clientConnection)) { - SSL *ssl = fd_table[ch->conn()->clientConnection->fd].ssl; - - if (ssl) - str = sslGetUserAttribute(ssl, format->header); - } - + str = external_acl_ssl_get_user_attribute(*ch, format->header); break; case Format::LFT_EXT_ACL_USER_CA_CERT: @@ -1091,6 +1101,24 @@ str = request->extacl_user.termedBuf(); break; #endif + case Format::LFT_USER_NAME: + /* find the first available name from various sources */ +#if USE_AUTH + if (ch->auth_user_request != NULL) + str = ch->auth_user_request->username(); + if ((!str || !*str) && + (request->extacl_user.size() > 0 && request->extacl_user[0] != '-')) + str = request->extacl_user.termedBuf(); +#endif +#if USE_OPENSSL + if (!str || !*str) + str = external_acl_ssl_get_user_attribute(*ch, "CN"); +#endif +#if USE_IDENT + if (!str || !*str) + str = ch->rfc931; +#endif + break; case Format::LFT_EXT_LOG: str = request->extacl_log.termedBuf(); break; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/src/ip/tools.cc new/squid-3.5.7/src/ip/tools.cc --- old/squid-3.5.6/src/ip/tools.cc 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/src/ip/tools.cc 2015-08-01 08:08:17.000000000 +0200 @@ -30,7 +30,6 @@ void Ip::ProbeTransport() { -#if USE_IPV6 // check for usable IPv6 sockets int s = socket(PF_INET6, SOCK_STREAM, 0); if (s < 0) { @@ -56,12 +55,18 @@ debugs(3, 2, "Missing RFC 3493 compliance - attempting split IPv4 and IPv6 stacks ..."); EnableIpv6 |= IPV6_SPECIAL_SPLITSTACK; #endif + // TODO: attempt to use the socket to connect somewhere ? + // needs to be safe to contact and with guaranteed working IPv6 at the other end. close(s); +#if USE_IPV6 debugs(3, 2, "IPv6 transport " << (EnableIpv6?"Enabled":"Disabled")); #else - debugs(3, 2, "IPv6 transport forced OFF by build parameters."); - EnableIpv6 = IPV6_OFF; + debugs(3, 2, "IPv6 transport " << (EnableIpv6?"Available":"Disabled")); + if (EnableIpv6 != IPV6_OFF) { + debugs(3, DBG_CRITICAL, "WARNING: BCP 177 violation. IPv6 transport forced OFF by build parameters."); + EnableIpv6 = IPV6_OFF; + } #endif } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/src/ipc/mem/Segment.cc new/squid-3.5.7/src/ipc/mem/Segment.cc --- old/squid-3.5.6/src/ipc/mem/Segment.cc 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/src/ipc/mem/Segment.cc 2015-08-01 08:08:17.000000000 +0200 @@ -213,8 +213,11 @@ name.append(BasePath); if (name[name.size()-1] != '/') name.append('/'); - } else - name.append("/squid-"); + } else { + name.append('/'); + name.append(service_name.c_str()); + name.append('-'); + } // append id, replacing slashes with dots for (const char *slash = strchr(id, '/'); slash; slash = strchr(id, '/')) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/src/main.cc new/squid-3.5.7/src/main.cc --- old/squid-3.5.6/src/main.cc 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/src/main.cc 2015-08-01 08:08:17.000000000 +0200 @@ -203,6 +203,18 @@ EventLoop::Running->stop(); } + static void FinalShutdownRunners(void *) { + RunRegisteredHere(RegisteredRunner::endingShutdown); + + // XXX: this should be a Runner. +#if USE_AUTH + /* detach the auth components (only do this on full shutdown) */ + Auth::Scheme::FreeAll(); +#endif + + eventAdd("SquidTerminate", &StopEventLoop, NULL, 0, 1, false); + } + void doShutdown(time_t wait); }; @@ -244,13 +256,8 @@ /* run the closure code which can be shared with reconfigure */ serverConnectionsClose(); -#if USE_AUTH - /* detach the auth components (only do this on full shutdown) */ - Auth::Scheme::FreeAll(); -#endif - RunRegisteredHere(RegisteredRunner::startShutdown); - eventAdd("SquidShutdown", &StopEventLoop, this, (double) (wait + 1), 1, false); + eventAdd("SquidShutdown", &FinalShutdownRunners, this, (double) (wait + 1), 1, false); } static void @@ -774,10 +781,18 @@ // parse the config returns a count of errors encountered. const int oldWorkers = Config.workers; - if ( parseConfigFile(ConfigFile) != 0) { + try { + if (parseConfigFile(ConfigFile) != 0) { + // for now any errors are a fatal condition... + self_destruct(); + } + } catch (...) { // for now any errors are a fatal condition... + debugs(1, DBG_CRITICAL, "FATAL: Unhandled exception parsing config file. " << + " Run squid -k parse and check for errors."); self_destruct(); } + if (oldWorkers != Config.workers) { debugs(1, DBG_CRITICAL, "WARNING: Changing 'workers' (from " << oldWorkers << " to " << Config.workers << @@ -1386,7 +1401,14 @@ Format::Token::Init(); // XXX: temporary. Use a runners registry of pre-parse runners instead. - parse_err = parseConfigFile(ConfigFile); + try { + parse_err = parseConfigFile(ConfigFile); + } catch (...) { + // for now any errors are a fatal condition... + debugs(1, DBG_CRITICAL, "FATAL: Unhandled exception parsing config file." << + (opt_parse_cfg_only ? " Run squid -k parse and check for errors." : "")); + parse_err = 1; + } Mem::Report(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/src/neighbors.cc new/squid-3.5.7/src/neighbors.cc --- old/squid-3.5.6/src/neighbors.cc 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/src/neighbors.cc 2015-08-01 08:08:17.000000000 +0200 @@ -161,7 +161,7 @@ // CONNECT requests are proxy requests. Not to be forwarded to origin servers. // Unless the destination port matches, in which case we MAY perform a 'DIRECT' to this CachePeer. - if (p->options.originserver && request->method == Http::METHOD_CONNECT && request->port != p->in_addr.port()) + if (p->options.originserver && request->method == Http::METHOD_CONNECT && request->port != p->http_port) return false; if (p->peer_domain == NULL && p->access == NULL) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/src/squid.8.in new/squid-3.5.7/src/squid.8.in --- old/squid-3.5.6/src/squid.8.in 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/src/squid.8.in 2015-08-01 08:08:17.000000000 +0200 @@ -1,9 +1,7 @@ .if !'po4a'hide' .TH squid 8 . .SH NAME -.if !'po4a'hide' .B squid -.if !'po4a'hide' \- -HTTP web proxy caching server +squid \- HTTP web proxy caching server . .SH SYNOPSIS .if !'po4a'hide' .B squid diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/src/ssl/PeerConnector.cc new/squid-3.5.7/src/ssl/PeerConnector.cc --- old/squid-3.5.6/src/ssl/PeerConnector.cc 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/src/ssl/PeerConnector.cc 2015-08-01 08:08:17.000000000 +0200 @@ -189,8 +189,13 @@ // Use SNI TLS extension only when we connect directly // to the origin server and we know the server host name. - const char *sniServer = hostName ? hostName->c_str() : - (!request->GetHostIsNumeric() ? request->GetHost() : NULL); + const char *sniServer = NULL; + const bool redirected = request->flags.redirected && ::Config.onoff.redir_rewrites_host; + if (!hostName || redirected) + sniServer = !request->GetHostIsNumeric() ? request->GetHost() : NULL; + else + sniServer = hostName->c_str(); + if (sniServer) Ssl::setClientSNI(ssl, sniServer); } @@ -274,10 +279,6 @@ serverCertificateHandled = true; - csd->resetSslCommonName(Ssl::CommonHostName(serverCert.get())); - debugs(83, 5, "HTTPS server CN: " << csd->sslCommonName() << - " bumped: " << *serverConnection()); - // remember the server certificate for later use if (Ssl::ServerBump *serverBump = csd->serverBump()) { serverBump->serverCert.reset(serverCert.release()); @@ -285,6 +286,26 @@ } } +void +Ssl::PeerConnector::serverCertificateVerified() +{ + if (ConnStateData *csd = request->clientConnectionManager.valid()) { + Ssl::X509_Pointer serverCert; + if(Ssl::ServerBump *serverBump = csd->serverBump()) + serverCert.resetAndLock(serverBump->serverCert.get()); + else { + const int fd = serverConnection()->fd; + SSL *ssl = fd_table[fd].ssl; + serverCert.reset(SSL_get_peer_certificate(ssl)); + } + if (serverCert.get()) { + csd->resetSslCommonName(Ssl::CommonHostName(serverCert.get())); + debugs(83, 5, "HTTPS server CN: " << csd->sslCommonName() << + " bumped: " << *serverConnection()); + } + } +} + bool Ssl::PeerConnector::sslFinalized() { @@ -338,6 +359,8 @@ return true; } } + + serverCertificateVerified(); return true; } @@ -435,6 +458,7 @@ validatorFailed = true; if (!errDetails && !validatorFailed) { + serverCertificateVerified(); if (splice) switchToTunnel(request.getRaw(), clientConn, serverConn); else diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/src/ssl/PeerConnector.h new/squid-3.5.7/src/ssl/PeerConnector.h --- old/squid-3.5.6/src/ssl/PeerConnector.h 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/src/ssl/PeerConnector.h 2015-08-01 08:08:17.000000000 +0200 @@ -158,6 +158,10 @@ /// if the server certificate was received from the server. void handleServerCertificate(); + /// Runs after the server certificate verified to update client + /// connection manager members + void serverCertificateVerified(); + /// Callback function called when squid receive message from cert validator helper static void sslCrtvdHandleReplyWrapper(void *data, Ssl::CertValidationResponse const &); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/src/ssl/certificate_db.cc new/squid-3.5.7/src/ssl/certificate_db.cc --- old/squid-3.5.6/src/ssl/certificate_db.cc 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/src/ssl/certificate_db.cc 2015-08-01 08:08:17.000000000 +0200 @@ -320,18 +320,25 @@ } // check db size while trying to minimize calls to size() - while (size() > max_db_size) { - if (deleteInvalidCertificate()) - continue; // try to find another invalid certificate if needed - - // there are no more invalid ones, but there must be valid certificates - do { - if (!deleteOldestCertificate()) { - save(); // Some entries may have been removed. Update the index file. - return false; // errors prevented us from freeing enough space - } - } while (size() > max_db_size); - break; + size_t dbSize = size(); + if ((dbSize == 0 && hasRows()) || + (dbSize > 0 && !hasRows()) || + (dbSize > 10 * max_db_size)) { + // Invalid database size, rebuild + dbSize = rebuildSize(); + } + while (dbSize > max_db_size && deleteInvalidCertificate()) { + dbSize = size(); // get the current database size + // and try to find another invalid certificate if needed + } + // there are no more invalid ones, but there must be valid certificates + while (dbSize > max_db_size) { + if (!deleteOldestCertificate()) { + rebuildSize(); // No certificates in database.Update the size file. + save(); // Some entries may have been removed. Update the index file. + return false; // errors prevented us from freeing enough space + } + dbSize = size(); // get the current database size } row.setValue(cnlType, "V"); @@ -456,7 +463,8 @@ void Ssl::CertificateDb::subSize(std::string const & filename) { // readSize will rebuild 'size' file if missing or it is corrupted size_t dbSize = readSize(); - dbSize -= getFileSize(filename); + const size_t fileSize = getFileSize(filename); + dbSize = dbSize > fileSize ? dbSize - fileSize : 0; writeSize(dbSize); } @@ -480,8 +488,10 @@ if (!file) return 0; file.seekg(0, std::ios_base::end); - size_t file_size = file.tellg(); - return ((file_size + fs_block_size - 1) / fs_block_size) * fs_block_size; + const std::streampos file_size = file.tellg(); + if (file_size < 0) + return 0; + return ((static_cast<size_t>(file_size) + fs_block_size - 1) / fs_block_size) * fs_block_size; } void Ssl::CertificateDb::load() { @@ -561,15 +571,9 @@ return true; } -bool Ssl::CertificateDb::deleteOldestCertificate() { - if (!db) - return false; - -#if SQUID_SSLTXTDB_PSTRINGDATA - if (sk_OPENSSL_PSTRING_num(db.get()->data) == 0) -#else - if (sk_num(db.get()->data) == 0) -#endif +bool Ssl::CertificateDb::deleteOldestCertificate() +{ + if (!hasRows()) return false; #if SQUID_SSLTXTDB_PSTRINGDATA @@ -610,6 +614,20 @@ return false; } +bool Ssl::CertificateDb::hasRows() const +{ + if (!db) + return false; + +#if SQUID_SSLTXTDB_PSTRINGDATA + if (sk_OPENSSL_PSTRING_num(db.get()->data) == 0) +#else + if (sk_num(db.get()->data) == 0) +#endif + return false; + return true; +} + bool Ssl::CertificateDb::IsEnabledDiskStore() const { return enabled_disk_store; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/src/ssl/certificate_db.h new/squid-3.5.7/src/ssl/certificate_db.h --- old/squid-3.5.6/src/ssl/certificate_db.h 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/src/ssl/certificate_db.h 2015-08-01 08:08:17.000000000 +0200 @@ -127,6 +127,7 @@ bool deleteInvalidCertificate(); ///< Delete invalid certificate. bool deleteOldestCertificate(); ///< Delete oldest certificate. bool deleteByHostname(std::string const & host); ///< Delete using host name. + bool hasRows() const; ///< Whether the TXT_DB has stored items. /// Removes the first matching row from TXT_DB. Ignores failures. static void sq_TXT_DB_delete(TXT_DB *db, const char **row); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/src/ssl/ssl_crtd.cc new/squid-3.5.7/src/ssl/ssl_crtd.cc --- old/squid-3.5.6/src/ssl/ssl_crtd.cc 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/src/ssl/ssl_crtd.cc 2015-08-01 08:08:17.000000000 +0200 @@ -205,7 +205,13 @@ Ssl::EVP_PKEY_Pointer pkey; std::string &cert_subject = certProperties.dbKey(); - db.find(cert_subject, cert, pkey); + bool dbFailed = false; + try { + db.find(cert_subject, cert, pkey); + } catch (std::runtime_error &err) { + dbFailed = true; + error = err.what(); + } if (cert.get()) { if (!Ssl::certificateMatchesProperties(cert.get(), certProperties)) { @@ -221,10 +227,22 @@ if (!Ssl::generateSslCertificate(cert, pkey, certProperties)) throw std::runtime_error("Cannot create ssl certificate or private key."); - if (!db.addCertAndPrivateKey(cert, pkey, cert_subject) && db.IsEnabledDiskStore()) - throw std::runtime_error("Cannot add certificate to db."); + if (!dbFailed && db.IsEnabledDiskStore()) { + try { + if (!db.addCertAndPrivateKey(cert, pkey, cert_subject)) { + dbFailed = true; + error = "Cannot add certificate to db."; + } + } catch (const std::runtime_error &err) { + dbFailed = true; + error = err.what(); + } + } } + if (dbFailed) + std::cerr << "ssl_crtd helper database '" << db_path << "' failed: " << error << std::endl; + std::string bufferToWrite; if (!Ssl::writeCertAndPrivateKeyToMemory(cert, pkey, bufferToWrite)) throw std::runtime_error("Cannot write ssl certificate or/and private key to memory."); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/tools/cachemgr.cgi.8 new/squid-3.5.7/tools/cachemgr.cgi.8 --- old/squid-3.5.6/tools/cachemgr.cgi.8 2015-07-03 12:15:33.000000000 +0200 +++ new/squid-3.5.7/tools/cachemgr.cgi.8 2015-08-01 08:59:30.000000000 +0200 @@ -1,9 +1,7 @@ .if !'po4a'hide' .TH cachemgr.cgi 8 . .SH NAME -.if !'po4a'hide' .B cachemgr.cgi -.if !'po4a'hide' \- -Squid HTTP proxy manager CGI web interface +cachemgr.cgi \- Squid HTTP proxy manager CGI web interface . .SH SYNOPSIS .if !'po4a'hide' .B http://your.server/cgi-bin/cachemgr.cgi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.5.6/tools/cachemgr.cgi.8.in new/squid-3.5.7/tools/cachemgr.cgi.8.in --- old/squid-3.5.6/tools/cachemgr.cgi.8.in 2015-07-03 11:12:52.000000000 +0200 +++ new/squid-3.5.7/tools/cachemgr.cgi.8.in 2015-08-01 08:08:17.000000000 +0200 @@ -1,9 +1,7 @@ .if !'po4a'hide' .TH cachemgr.cgi 8 . .SH NAME -.if !'po4a'hide' .B cachemgr.cgi -.if !'po4a'hide' \- -Squid HTTP proxy manager CGI web interface +cachemgr.cgi \- Squid HTTP proxy manager CGI web interface . .SH SYNOPSIS .if !'po4a'hide' .B http://your.server/cgi-bin/cachemgr.cgi ++++++ squid-3.5.6.tar.xz.asc -> squid-3.5.7.tar.xz.asc ++++++ --- /work/SRC/openSUSE:Factory/squid/squid-3.5.6.tar.xz.asc 2015-07-22 09:19:55.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.squid.new/squid-3.5.7.tar.xz.asc 2015-08-07 00:24:31.000000000 +0200 @@ -1,8 +1,8 @@ -File: squid-3.5.6.tar.xz -Date: Fri Jul 3 10:16:07 UTC 2015 -Size: 2291152 -MD5 : 93e18bd257857e35bb634ddb8a348563 -SHA1: c5f3ab47e61a08fa6a8767d45befeffd7d26fd9f +File: squid-3.5.7.tar.xz +Date: Sat Aug 1 06:59:59 UTC 2015 +Size: 2294580 +MD5 : e24943386555ca922130a7e034badba7 +SHA1: e7dcc0cbcee6fd10a8c8bf3e9bff0dc6359ccc48 Key : 0xFF5CF463 <[email protected]> fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463 keyring = http://www.squid-cache.org/pgp.asc @@ -10,11 +10,11 @@ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 -iQEcBAABAgAGBQJVlmX5AAoJELJo5wb/XPRj2oMH/0iikz7b90VgI9W82+b20e8F -BcMqoSc0RvszVFgaZ1V7WOVDD86AeEMaqGlLsyL1Jvk1+dzHmTj4i5FmqrlSfj3i -CdbfLFeL2/dldKYf++FsklALtIySDdbHOHeb/ri8URrOwKcC73DXEkkVq0nr/PJc -4QwCNGU9z2xm8teqhHqtC58oRcvnktAFB3L03aiBO1VmMEpT9vhcKRfCIK6v4uYu -ZZtcRbVrg301VkWHuo+/Vi9DKTxonQ/Za5g5rXkQRDwcbVcI0e3adeUoXT7znmix -lCy9ddqFlLCCkQ/Bq/+qqKrExZ/hQRXIlQM8r/aSELq6X+bbXL6DnggkAdE/DTo= -=m7d2 +iQEcBAABAgAGBQJVvHHfAAoJELJo5wb/XPRjmUUH/3nlvdfeAHWXkbM8PnmJ+/BD +ZYKciqbxo3MzufJQST/uZBIgtwBBrpzS1WBkPT8Lm5iHXavYZSAp3v/cGF/F9z6e +/oMU891G/ve1Pp6QIVoGxUkeMYDqM985UilhhXptPP8ZpztRa7fEgsFy2E4rUkt9 +g5MHMY1heK3n+C8+1o1As5tc/5bYQ+Erd3g2TRlbJNJIc5Sz+K6B8AAg+VabR+d+ +dT3yNC5wP4Bmagrh+vdh0H8BXKyXv4OCTGI6k7qlBy7nY36YvLJC6Z0kZB1OMHef +rb1oTdT7F87UE+8cqu9Zu76HnSVu3PfQYbx1ETaRWE6vjSNIM2BAU9mnpdrS1fs= +=nB5m -----END PGP SIGNATURE----- ++++++ squid-config.patch ++++++ --- /var/tmp/diff_new_pack.QoOPls/_old 2015-08-07 00:24:34.000000000 +0200 +++ /var/tmp/diff_new_pack.QoOPls/_new 2015-08-07 00:24:34.000000000 +0200 @@ -2,7 +2,7 @@ =================================================================== --- src/cf.data.pre.orig +++ src/cf.data.pre -@@ -1452,6 +1452,8 @@ http_access deny manager +@@ -1458,6 +1458,8 @@ http_access deny manager # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow localnet @@ -11,7 +11,7 @@ http_access allow localhost # And finally deny all other access to this proxy -@@ -3680,6 +3682,10 @@ DOC_START +@@ -3686,6 +3688,10 @@ DOC_START Instead, if you want Squid to use the entire disk drive, subtract 20% and use that value. @@ -22,7 +22,7 @@ 'L1' is the number of first-level subdirectories which will be created under the 'Directory'. The default is 16. -@@ -3798,7 +3804,7 @@ DOC_START +@@ -3804,7 +3810,7 @@ DOC_START NOCOMMENT_START # Uncomment and adjust the following to add a disk cache directory. @@ -31,7 +31,7 @@ NOCOMMENT_END DOC_END -@@ -4474,7 +4480,7 @@ DOC_END +@@ -4486,7 +4492,7 @@ DOC_END NAME: logfile_rotate TYPE: int
