Hello community, here is the log from the commit of package squid for openSUSE:Factory checked in at 2017-06-21 13:54:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/squid (Old) and /work/SRC/openSUSE:Factory/.squid.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "squid" Wed Jun 21 13:54:33 2017 rev:46 rq:504589 version:3.5.26 Changes: -------- --- /work/SRC/openSUSE:Factory/squid/squid.changes 2017-04-14 13:40:46.409507215 +0200 +++ /work/SRC/openSUSE:Factory/.squid.new/squid.changes 2017-06-21 13:54:42.868335760 +0200 @@ -1,0 +2,26 @@ +Mon Jun 19 08:20:52 UTC 2017 - [email protected] + +- Packaging cleanup +- Dropped: + * squid-brokenad.patch + * squid-config.patch + * squid.init squid.init.rh + * squid-old-kerberos.patch + * squid-rpmlintrc +- Update description and url + +------------------------------------------------------------------- +Wed Jun 14 08:54:53 UTC 2017 - [email protected] + +- Update Squid to 3.5.26 + * SubjectAlternativeNames missing in some generated certificates + Previous releases of Squid were not able to generate valid + mimic certificates from AltName server certificate field only. + * Fix ignoring http_access deny with client-first bumping mode + * ssl_crtd: now returns non-zero on failure + * Fix FTP directory listings display issues + * OpenSSL support better compliance with license requirements + This release of Squid will now include the required OpenSSL + advertisement on builds -v output where features are displayed. + +------------------------------------------------------------------- Old: ---- squid-3.5.25.tar.xz squid-3.5.25.tar.xz.asc squid-brokenad.patch squid-config.patch squid-old-kerberos.patch squid-rpmlintrc squid.init squid.init.rh New: ---- squid-3.5.26.tar.xz squid-3.5.26.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ squid.spec ++++++ --- /var/tmp/diff_new_pack.p1Ea59/_old 2017-06-21 13:54:44.140156358 +0200 +++ /var/tmp/diff_new_pack.p1Ea59/_new 2017-06-21 13:54:44.144155794 +0200 @@ -18,17 +18,15 @@ %define squidlibdir %{_libdir}/squid %define squidconfdir %{_sysconfdir}/squid - Name: squid -Version: 3.5.25 +Version: 3.5.26 Release: 0 Summary: A fully featured HTTP/1.0 proxy License: GPL-2.0+ Group: Productivity/Networking/Web/Proxy -Url: http://www.squid-cache.org/Versions/v3/3.5 +Url: http://www.squid-cache.org Source0: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz Source1: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz.asc -Source3: squid.init Source4: squid.sysconfig Source5: pam.squid Source6: unsquid.pl @@ -37,115 +35,58 @@ Source10: README.kerberos Source11: %{name}.service Source13: %{name}.keyring -Source14: squid.init.rh Source15: cache_dir.sed Source16: initialize_cache_if_needed.sh - -# do not show some rpmlint warnings -Source99: squid-rpmlintrc -# some useful defaults for squid -Patch100: %{name}-config.patch -# patch fixes kerberos principalname handling (http://bugs.squid-cache.org/show_bug.cgi?id=4042) -Patch103: squid-brokenad.patch -#patch fix SLE 11 target... BAD PATCH -Patch104: squid-old-kerberos.patch - -BuildRoot: %{_tmppath}/%{name}-%{version}-build -# BuildRequires: autoconf -# BuildRequires: automake -# If you want to run unit tests, these also need mounted /dev/shm and /proc -# BuildRequires: cppunit-devel +BuildRequires: cppunit-devel BuildRequires: db-devel -# needed by bootstrap.sh -BuildRequires: cyrus-sasl-devel BuildRequires: ed BuildRequires: expat -# BuildRequires: fdupes BuildRequires: gcc-c++ -BuildRequires: krb5-devel BuildRequires: libcap-devel -BuildRequires: libexpat-devel -%if 0%{?suse_version} <= 1140 BuildRequires: libtool -%else -BuildRequires: libtool >= 2.4 -%endif -%if 0%{?suse_version} < 1220 -BuildRequires: libxml2-devel -BuildRequires: xz -%else -BuildRequires: pkgconfig(libxml-2.0) -%endif BuildRequires: openldap2-devel BuildRequires: opensp-devel BuildRequires: openssl-devel BuildRequires: pam-devel BuildRequires: pkgconfig +BuildRequires: samba-winbind BuildRequires: sharutils - -%if 0%{?suse_version} +BuildRequires: systemd-rpm-macros +BuildRequires: pkgconfig(expat) +BuildRequires: pkgconfig(gssrpc) +BuildRequires: pkgconfig(kdb) +BuildRequires: pkgconfig(krb5) +BuildRequires: pkgconfig(libsasl2) +BuildRequires: pkgconfig(libxml-2.0) +Requires: logrotate Requires(post): %fillup_prereq -Requires(pre): %{_bindir}/getent -%if 0%{?suse_version} < 1140 Requires(pre): permissions -%else -Requires(pre): permissions >= 2014.11 -%endif -Requires(pre): pwdutils -%else -Requires(pre): shadow-utils -Requires(post): /sbin/chkconfig -Requires(preun): /sbin/service /sbin/chkconfig -Requires(postun): /sbin/service -%endif - -%if 0%{?suse_version} > 1210 -BuildRequires: systemd -%{?systemd_requires} -%define has_systemd 1 -%else -Requires(pre): %insserv_prereq -%endif - -Requires: logrotate +Requires(pre): shadow Provides: http_proxy - # due to package rename # Wed Aug 15 17:40:30 UTC 2012 Provides: %{name}3 = %{version} Obsoletes: %{name}3 < %{version} +%{?systemd_requires} %description -Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite - we're getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. Squid offers a rich set of traffic optimization options, most of which are enabled by default for simpler installation and high performance. - -Squid 3.5 represents a new feature release above 3.4. - -The most important of these new features are: - - * Support libecap v1.0 - * Authentication helper query extensions - * Support named services - * Upgraded squidclient tool - * Helper support for concurrency channels - * Native FTP Relay - * Receive PROXY protocol, Versions 1 & 2 - * Basic authentication MSNT helper changes +Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite - +we're getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich +access control, authorization and logging environment to develop web proxy +and content serving applications. Squid offers a rich set of traffic +optimization options, most of which are enabled by default for simpler +installation and high performance. %prep %setup -q cp %{SOURCE10} . # upstream patches after RELEASE -##### other patches -%patch100 perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"` chmod a-x CREDITS -%patch103 -%patch104 %build -# autoreconf -fi export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF" export CXXFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF" export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro,-z,now -pie" @@ -156,15 +97,8 @@ --datadir=%{_datadir}/squid \ --sharedstatedir=%{_localstatedir}/squid \ --with-logdir=%{_localstatedir}/log/squid \ -%if 0%{?has_systemd} --with-pidfile=/run/squid.pid \ -%else - --with-pidfile=%{_localstatedir}/run/squid.pid \ -%endif --with-dl \ -%if 0%{?suse_version} <= 1140 - --with-included-ltdl \ -%endif --enable-disk-io \ --enable-storeio \ --enable-removal-policies=heap,lru \ @@ -195,51 +129,34 @@ --disable-ident-lookups \ --enable-follow-x-forwarded-for \ --disable-arch-native - -# overwrite the number of open filedescriptors of configure to 4096 -# to be backward compatible, but numbers above should not be overwritten -if [ `awk '/SQUID_MAXFD/{print $3}' include/autoconf.h` -lt 4096 ]; then - set +x - echo "adapting SQUID_MAXFD to 4096" - set -x - perl -pi -e 's;(\#define SQUID_MAXFD) [0-9]+;$1 4096;' include/autoconf.h -fi -make SAMBAPREFIX=/usr %{?_smp_mflags} +make SAMBAPREFIX=%{_prefix} %{?_smp_mflags} %install -%{_sbindir}/groupadd -g 31 -r %{name} 2>/dev/null || : -%{_sbindir}/useradd -c "WWW-proxy squid" -d %{_localstatedir}/cache/%{name} \ - -g %{name} -o -u 31 -r -s /bin/false 2> /dev/null || : - install -d -m 750 %{buildroot}%{_localstatedir}/{cache,log}/%{name} install -d %{buildroot}%{_prefix}/sbin # make_install -make install DESTDIR=%{buildroot} SAMBAPREFIX=/usr +%make_install SAMBAPREFIX=%{_prefix} mv %{buildroot}{%{_sysconfdir}/%{name}/,%{_datadir}/%{name}/}mime.conf.default ln -s %{_sysconfdir}/%{name}/mime.conf %{buildroot}%{_datadir}/%{name} # backward compatible -%if 0%{?suse_version} < 1140 -# permissions file -install -D -m 644 %{SOURCE9} %{buildroot}%{_sysconfdir}/permissions.d/%{name} -%endif - # install logrotate file -install -D -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} +install -Dpm 644 %{SOURCE7} \ + %{buildroot}%{_sysconfdir}/logrotate.d/%{name} install -d -m 755 doc/scripts install scripts/*.pl doc/scripts cat > doc/scripts/cachemgr.readme <<-EOT cachemgr.cgi will now be found in %{_libdir}/%{name} EOT -install -d -m 755 %{buildroot}/%{_libdir}/%{name} +install -dpm 755 %{buildroot}/%{_libdir}/%{name} mv %{buildroot}%{_sbindir}/cachemgr.cgi %{buildroot}/%{_libdir}/%{name} -install -d -m 755 doc/contrib +install -dpm 755 doc/contrib install %{SOURCE6} doc/contrib -install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/%{name} -install -D -m 644 ./helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 %{buildroot}%{_mandir}/man8/ext_kerberos_ldap_group_acl.8 +install -Dpm 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/%{name} +install -Dpm 644 ./helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 %{buildroot}%{_mandir}/man8/ext_kerberos_ldap_group_acl.8 rm -rf %{buildroot}%{squidconfdir}/errors for i in errors/*; do @@ -251,40 +168,20 @@ ln -sf %{_datadir}/%{name}/errors/de %{buildroot}%{squidconfdir}/errors # fix file duplicates -%if 0%{?suse_version} > 1030 %fdupes -s %{buildroot}%{_prefix} -%endif -%if 0%{?fedora_version} > 8 -fdupes -q -n -r %{buildroot}%{_prefix} -%endif - -# systemd vs SysVinit -%if 0%{?has_systemd} - install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service - install -D -m 755 %{SOURCE15} %{buildroot}%{squidlibdir}/cache_dir.sed - install -D -m 755 %{SOURCE16} %{buildroot}%{squidlibdir}/initialize_cache_if_needed.sh - sed -i -e 's!%%{_libdir}!%{_libdir}!' %{buildroot}%{_unitdir}/%{name}.service - ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} -%else # SysVinit - # fix postrotate script for SysVinit - sed -i -re 's@/usr/bin/systemctl.*@/etc/init.d/squid reload@g' %{buildroot}%{_sysconfdir}/logrotate.d/%{name} - %if 0%{?suse_version} - install -D %{SOURCE3} %{buildroot}%{_sysconfdir}/init.d/%{name} - ln -sf %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rc%{name} - %else # lets just assume other are rh based ones... - install -D %{SOURCE14} %{buildroot}%{_sysconfdir}/init.d/%{name} - %endif -%endif -%if 0%{?suse_version} - install -D -m644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name} -%else - install -D -m644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name} -%endif + +# systemd +install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service +install -D -m 755 %{SOURCE15} %{buildroot}%{squidlibdir}/cache_dir.sed +install -D -m 755 %{SOURCE16} %{buildroot}%{squidlibdir}/initialize_cache_if_needed.sh +sed -i -e 's!%%{_libdir}!%{_libdir}!' %{buildroot}%{_unitdir}/%{name}.service +ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} +install -Dpm 644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name} # Move the MIB definition to the proper place (and name) -mkdir -p $RPM_BUILD_ROOT/usr/share/snmp/mibs -mv $RPM_BUILD_ROOT/usr/share/squid/mib.txt \ - $RPM_BUILD_ROOT/usr/share/snmp/mibs/SQUID-MIB.txt +mkdir -p %{buildroot}%{_datadir}/snmp/mibs +mv %{buildroot}%{_datadir}/squid/mib.txt \ + %{buildroot}%{_datadir}/snmp/mibs/SQUID-MIB.txt %pre # we need this group for /usr/sbin/pinger @@ -309,10 +206,7 @@ if [[ $(%{_bindir}/id -nG %{name} 2>/dev/null | grep -q winbind >/dev/null; echo $?) -ne 0 ]]; then %{_sbindir}/usermod -G winbind %{name} 2>/dev/null fi - -%if 0%{?has_systemd} %service_add_pre %{name}.service -%endif # update mode? if [ "$1" -gt "1" ]; then @@ -321,11 +215,6 @@ mv %{_sysconfdir}/%{name}.conf %{_sysconfdir}/%{name}/%{name}.conf fi fi -# emulate_httpd_log is gone with 3.2 not 3.5 -### rpmlint is complaining about modifying squid.conf -#if [ -e etc/%{name}/%{name}.conf ]; then -# sed -i '/emulate_httpd_log/d' /etc/%{name}/%{name}.conf -#fi %pretrans -p <lua> -- Directory to symlink is not working in RPM so workaround it @@ -343,63 +232,24 @@ end %post -%if 0%{?suse_version} >= 1140 - %if 0%{?set_permissions:1} %set_permissions %{_sbindir}/basic_pam_auth %set_permissions %{_sbindir}/pinger %set_permissions %{_localstatedir}/cache/squid/ %set_permissions %{_localstatedir}/log/squid/ - %else -%run_permissions - %endif -%endif -%if 0%{?has_systemd} %service_add_post squid.service -%else - %if 0%{?suse_version} -%{fillup_and_insserv -n "squid"} - %else - /sbin/chkconfig --add squid - %endif -%endif %preun -%if 0%{?has_systemd} %service_del_preun squid.service -%else - %if 0%{?suse_version} -%stop_on_removal squid - %else - if [ $1 = 0 ] ; then - service squid stop >/dev/null 2>&1 - rm -f /var/log/squid/* - /sbin/chkconfig --del squid - fi - %endif -%endif -%if 0%{?suse_version} %verifyscript %verify_permissions -e %{_sbindir}/basic_pam_auth %verify_permissions -e %{_sbindir}/pinger %verify_permissions -e %{_localstatedir}/cache/squid/ %verify_permissions -e %{_localstatedir}/log/squid/ -%endif %postun -%if 0%{?has_systemd} %service_del_postun squid.service -%else - %if 0%{?suse_version} -%restart_on_update squid -%insserv_cleanup - %else - if [ "$1" -ge "1" ] ; then - service squid condrestart >/dev/null 2>&1 - fi - %endif -%endif %files %defattr(-,root,root) @@ -408,14 +258,10 @@ %doc README.kerberos %doc doc/contrib doc/scripts %doc doc/debug-sections.txt src/%{name}.conf.default -%doc %{_mandir}/man?/* -%if 0%{?has_systemd} +%{_mandir}/man?/* %{_unitdir}/%{name}.service %{squidlibdir}/initialize_cache_if_needed.sh %{squidlibdir}/cache_dir.sed -%else -%{_sysconfdir}/init.d/%{name} -%endif %verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/cache/%{name}/ %verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/log/%{name}/ %dir %{squidconfdir} @@ -430,9 +276,6 @@ %config %{squidconfdir}/%{name}.conf.default %config %{squidconfdir}/%{name}.conf.documented %config %{_sysconfdir}/pam.d/%{name} -%if 0%{?suse_version} < 1140 -%config %{_sysconfdir}/permissions.d/%{name} -%endif %dir %{_datadir}/%{name} %dir %{_datadir}/snmp %dir %{_datadir}/snmp/mibs @@ -448,26 +291,16 @@ %{_sbindir}/basic_getpwnam_auth %{_sbindir}/basic_ldap_auth %{_sbindir}/digest_edirectory_auth -## will get removed in 3.6 series -# http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html#toc2.8 %{_sbindir}/basic_msnt_multi_domain_auth -## %{_sbindir}/basic_ncsa_auth %{_sbindir}/basic_nis_auth -%if 0%{?suse_version} < 1140 -%{_sbindir}/basic_pam_auth -%else %verify(not mode) %attr(2750,root,shadow) %{_sbindir}/basic_pam_auth -%endif %{_sbindir}/basic_pop3_auth %{_sbindir}/basic_radius_auth %{_sbindir}/basic_sasl_auth %{_sbindir}/basic_smb_auth %{_sbindir}/basic_smb_auth.sh -## basic_msnt_auth has been deprecated and renamed to -# http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html#toc2.8 %{_sbindir}/basic_smb_lm_auth -## %{_sbindir}/cert_tool %{_sbindir}/cert_valid.pl %{_sbindir}/digest_file_auth @@ -488,24 +321,15 @@ %{_sbindir}/negotiate_wrapper_auth %{_sbindir}/ntlm_fake_auth %{_sbindir}/ntlm_smb_lm_auth -# not working %%caps(cap_net_raw=ep) -%if 0%{?suse_version} < 1140 -%attr(0750,root,squid) %{_sbindir}/pinger -%else %verify(not user group mode caps) %attr(0750,root,squid) %{_sbindir}/pinger -%endif %{_sbindir}/%{name} %{_sbindir}/ssl_crtd %{_sbindir}/storeid_file_rewrite %{_sbindir}/unlinkd %{_sbindir}/url_fake_rewrite %{_sbindir}/url_fake_rewrite.sh -%if 0%{?suse_version} %{_sbindir}/rc%{name} %{_localstatedir}/adm/fillup-templates/sysconfig.%{name} -%else -%{_sysconfdir}/sysconfig/%{name} -%endif %dir %{_libdir}/%{name} %{_libdir}/%{name}/cachemgr.cgi ++++++ squid-3.5.25.tar.xz -> squid-3.5.26.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/ChangeLog new/squid-3.5.26/ChangeLog --- old/squid-3.5.25/ChangeLog 2017-04-02 15:04:18.000000000 +0200 +++ new/squid-3.5.26/ChangeLog 2017-06-01 15:49:00.000000000 +0200 @@ -1,3 +1,16 @@ +Changes to squid-3.5.26 (01 Jun 2017): + + - Bug 4711: SubjectAlternativeNames is missing in some generated certificates + - Bug 4695: squidpurge: GCC 7 build errors + - Bug 4682: ignoring http_access deny when client-first bumping mode is used + - Bug 4682: Fix ssl_bump "bump" action documentation + - Bug 4653: %st lies about tunneled traffic volumes + - Bug 4589: ssl_crtd: returning zero on failure + - Bug 3772: message from FTP server gets mangled + - Bug 3102: FTP directory listing drops fist character of file names + - Add OpenSSL library details to -v output + - ... and some documentatino updates + Changes to squid-3.5.25 (02 Apr 2017): - Bug 4688: various typo error(s) in man page(s) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/RELEASENOTES.html new/squid-3.5.26/RELEASENOTES.html --- old/squid-3.5.25/RELEASENOTES.html 2017-04-02 19:10:43.000000000 +0200 +++ new/squid-3.5.26/RELEASENOTES.html 2017-06-02 00:41:39.000000000 +0200 @@ -2,10 +2,10 @@ <HTML> <HEAD> <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.72"> - <TITLE>Squid 3.5.25 release notes</TITLE> + <TITLE>Squid 3.5.26 release notes</TITLE> </HEAD> <BODY> -<H1>Squid 3.5.25 release notes</H1> +<H1>Squid 3.5.26 release notes</H1> <H2>Squid Developers</H2> <HR> @@ -64,7 +64,7 @@ <HR> <H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2> -<P>The Squid Team are pleased to announce the release of Squid-3.5.25.</P> +<P>The Squid Team are pleased to announce the release of Squid-3.5.26.</P> <P>This new release is available for download from <A HREF="http://www.squid-cache.org/Versions/v3/3.5/";>http://www.squid-cache.org/Versions/v3/3.5/</A> or the <A HREF="http://www.squid-cache.org/Download/http-mirrors.html";>mirrors</A>.</P> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/compat/xstring.h new/squid-3.5.26/compat/xstring.h --- old/squid-3.5.25/compat/xstring.h 2017-04-02 15:04:18.000000000 +0200 +++ new/squid-3.5.26/compat/xstring.h 2017-06-01 15:49:00.000000000 +0200 @@ -41,7 +41,10 @@ char *xstrncpy(char *dst, const char *src, size_t n); /** - * xstrndup() - same as strndup(3). Used for portability. + * xstrndup() - Somewhat similar(XXX) to strndup(3): Allocates up to n bytes, + * while strndup(3) copies up to n bytes and allocates up to n+1 bytes + * to fit the terminating character. Assumes s is 0-terminated (another XXX). + * * Never returns NULL; fatal on error. * * Sets errno to EINVAL if a NULL pointer or negative diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/configure new/squid-3.5.26/configure --- old/squid-3.5.25/configure 2017-04-02 15:07:29.000000000 +0200 +++ new/squid-3.5.26/configure 2017-06-01 15:55:26.000000000 +0200 @@ -1,7 +1,7 @@ #! /bin/sh # From configure.ac Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for Squid Web Proxy 3.5.25. +# Generated by GNU Autoconf 2.69 for Squid Web Proxy 3.5.26. # # Report bugs to <http://bugs.squid-cache.org/>. # @@ -595,8 +595,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='3.5.25' -PACKAGE_STRING='Squid Web Proxy 3.5.25' +PACKAGE_VERSION='3.5.26' +PACKAGE_STRING='Squid Web Proxy 3.5.26' PACKAGE_BUGREPORT='http://bugs.squid-cache.org/' PACKAGE_URL='' @@ -1636,7 +1636,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 3.5.25 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 3.5.26 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1707,7 +1707,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 3.5.25:";; + short | recursive ) echo "Configuration of Squid Web Proxy 3.5.26:";; esac cat <<\_ACEOF @@ -2119,7 +2119,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 3.5.25 +Squid Web Proxy configure 3.5.26 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -3223,7 +3223,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 3.5.25, which was +It was created by Squid Web Proxy $as_me 3.5.26, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4090,7 +4090,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='3.5.25' + VERSION='3.5.26' cat >>confdefs.h <<_ACEOF @@ -41876,7 +41876,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 3.5.25, which was +This file was extended by Squid Web Proxy $as_me 3.5.26, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -41942,7 +41942,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Squid Web Proxy config.status 3.5.25 +Squid Web Proxy config.status 3.5.26 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/configure.ac new/squid-3.5.26/configure.ac --- old/squid-3.5.25/configure.ac 2017-04-02 15:07:28.000000000 +0200 +++ new/squid-3.5.26/configure.ac 2017-06-01 15:55:25.000000000 +0200 @@ -5,7 +5,7 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -AC_INIT([Squid Web Proxy],[3.5.25],[http://bugs.squid-cache.org/],[squid]) +AC_INIT([Squid Web Proxy],[3.5.26],[http://bugs.squid-cache.org/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/doc/release-notes/release-3.5.html new/squid-3.5.26/doc/release-notes/release-3.5.html --- old/squid-3.5.25/doc/release-notes/release-3.5.html 2017-04-02 19:10:43.000000000 +0200 +++ new/squid-3.5.26/doc/release-notes/release-3.5.html 2017-06-02 00:41:39.000000000 +0200 @@ -2,10 +2,10 @@ <HTML> <HEAD> <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.72"> - <TITLE>Squid 3.5.25 release notes</TITLE> + <TITLE>Squid 3.5.26 release notes</TITLE> </HEAD> <BODY> -<H1>Squid 3.5.25 release notes</H1> +<H1>Squid 3.5.26 release notes</H1> <H2>Squid Developers</H2> <HR> @@ -64,7 +64,7 @@ <HR> <H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2> -<P>The Squid Team are pleased to announce the release of Squid-3.5.25.</P> +<P>The Squid Team are pleased to announce the release of Squid-3.5.26.</P> <P>This new release is available for download from <A HREF="http://www.squid-cache.org/Versions/v3/3.5/";>http://www.squid-cache.org/Versions/v3/3.5/</A> or the <A HREF="http://www.squid-cache.org/Download/http-mirrors.html";>mirrors</A>.</P> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/helpers/basic_auth/DB/basic_db_auth.8 new/squid-3.5.26/helpers/basic_auth/DB/basic_db_auth.8 --- old/squid-3.5.25/helpers/basic_auth/DB/basic_db_auth.8 2017-04-02 19:10:47.000000000 +0200 +++ new/squid-3.5.26/helpers/basic_auth/DB/basic_db_auth.8 2017-06-02 00:41:45.000000000 +0200 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_DB_AUTH 8" -.TH BASIC_DB_AUTH 8 "2017-04-02" "perl v5.24.1" "User Contributed Perl Documentation" +.TH BASIC_DB_AUTH 8 "2017-06-01" "perl v5.24.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/helpers/basic_auth/LDAP/basic_ldap_auth.8 new/squid-3.5.26/helpers/basic_auth/LDAP/basic_ldap_auth.8 --- old/squid-3.5.25/helpers/basic_auth/LDAP/basic_ldap_auth.8 2017-04-02 15:04:18.000000000 +0200 +++ new/squid-3.5.26/helpers/basic_auth/LDAP/basic_ldap_auth.8 2017-06-01 15:49:00.000000000 +0200 @@ -5,9 +5,9 @@ . .SH SYNOPSIS .if !'po4a'hide' .B basic_ldap_auth -.if !'po4a'hide' .B \-b\ \" +.if !'po4a'hide' .B \-b\ \(dq base DN -.if !'po4a'hide' .B \"\ [\-u +.if !'po4a'hide' .B \(dq\ [\-u attribute .if !'po4a'hide' .B ]\ [ options @@ -20,11 +20,11 @@ .if !'po4a'hide' .B ]... .br .if !'po4a'hide' .B basic_ldap_auth -.if !'po4a'hide' .B \-b\ \" +.if !'po4a'hide' .B \-b\ \(dq base DN -.if !'po4a'hide' .B \"\ \-f\ \" +.if !'po4a'hide' .B \(dq\ \-f\ \(dq LDAP search filter -.if !'po4a'hide' .B \"\ [ +.if !'po4a'hide' .B \(dq\ [ options .if !'po4a'hide' .B ]\ [ LDAP server name @@ -74,7 +74,7 @@ The search filter can contain up to 15 occurrences of .B %s which will be replaced by the username, as in -.B "\"uid\=%s\"" +.B "\(dquid\=%s\(dq" for RFC2037 directories. For a detailed description of LDAP search filter syntax see RFC2254. .br diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 new/squid-3.5.26/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 --- old/squid-3.5.25/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 2017-04-02 19:10:51.000000000 +0200 +++ new/squid-3.5.26/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 2017-06-02 00:41:53.000000000 +0200 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_MSNT_MULTI_DOMAIN_AUTH 1" -.TH BASIC_MSNT_MULTI_DOMAIN_AUTH 1 "2017-04-02" "perl v5.24.1" "User Contributed Perl Documentation" +.TH BASIC_MSNT_MULTI_DOMAIN_AUTH 1 "2017-06-01" "perl v5.24.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/helpers/basic_auth/POP3/basic_pop3_auth.8 new/squid-3.5.26/helpers/basic_auth/POP3/basic_pop3_auth.8 --- old/squid-3.5.25/helpers/basic_auth/POP3/basic_pop3_auth.8 2017-04-02 19:10:55.000000000 +0200 +++ new/squid-3.5.26/helpers/basic_auth/POP3/basic_pop3_auth.8 2017-06-02 00:42:03.000000000 +0200 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_POP3_AUTH 8" -.TH BASIC_POP3_AUTH 8 "2017-04-02" "perl v5.24.1" "User Contributed Perl Documentation" +.TH BASIC_POP3_AUTH 8 "2017-06-01" "perl v5.24.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/helpers/basic_auth/RADIUS/basic_radius_auth.8 new/squid-3.5.26/helpers/basic_auth/RADIUS/basic_radius_auth.8 --- old/squid-3.5.25/helpers/basic_auth/RADIUS/basic_radius_auth.8 2017-04-02 15:04:18.000000000 +0200 +++ new/squid-3.5.26/helpers/basic_auth/RADIUS/basic_radius_auth.8 2017-06-01 15:49:00.000000000 +0200 @@ -9,9 +9,9 @@ config file .br .if !'po4a'hide' .B basic_radius_auth -.if !'po4a'hide' .B "\-h \"" +.if !'po4a'hide' .B "\-h \(dq" server name -.if !'po4a'hide' .B "\" [\-p " +.if !'po4a'hide' .B "\(dq [\-p " port .if !'po4a'hide' .B "] [\-i " identifier diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/helpers/external_acl/SQL_session/ext_sql_session_acl.8 new/squid-3.5.26/helpers/external_acl/SQL_session/ext_sql_session_acl.8 --- old/squid-3.5.25/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2017-04-02 19:11:18.000000000 +0200 +++ new/squid-3.5.26/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2017-06-02 00:42:45.000000000 +0200 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EXT_SQL_SESSION_ACL 8" -.TH EXT_SQL_SESSION_ACL 8 "2017-04-02" "perl v5.24.1" "User Contributed Perl Documentation" +.TH EXT_SQL_SESSION_ACL 8 "2017-06-01" "perl v5.24.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/helpers/external_acl/delayer/ext_delayer_acl.8 new/squid-3.5.26/helpers/external_acl/delayer/ext_delayer_acl.8 --- old/squid-3.5.25/helpers/external_acl/delayer/ext_delayer_acl.8 2017-04-02 19:11:10.000000000 +0200 +++ new/squid-3.5.26/helpers/external_acl/delayer/ext_delayer_acl.8 2017-06-02 00:42:29.000000000 +0200 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EXT_DELAYER_ACL 8" -.TH EXT_DELAYER_ACL 8 "2017-04-02" "perl v5.24.1" "User Contributed Perl Documentation" +.TH EXT_DELAYER_ACL 8 "2017-06-01" "perl v5.24.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/helpers/external_acl/file_userip/ext_file_userip_acl.8 new/squid-3.5.26/helpers/external_acl/file_userip/ext_file_userip_acl.8 --- old/squid-3.5.25/helpers/external_acl/file_userip/ext_file_userip_acl.8 2017-04-02 15:04:18.000000000 +0200 +++ new/squid-3.5.26/helpers/external_acl/file_userip/ext_file_userip_acl.8 2017-06-01 15:49:00.000000000 +0200 @@ -68,7 +68,7 @@ .B ALL and .B NONE -, which mean \"any user on this IP address may authenticate\" or \"no user on this IP address may authenticate\". +, which mean \(dqany user on this IP address may authenticate\(dq or \(dqno user on this IP address may authenticate\(dq. . .SH AUTHOR This program was written by diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 new/squid-3.5.26/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 --- old/squid-3.5.25/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2017-04-02 19:11:21.000000000 +0200 +++ new/squid-3.5.26/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2017-06-02 00:42:51.000000000 +0200 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EXT_WBINFO_GROUP_ACL 8" -.TH EXT_WBINFO_GROUP_ACL 8 "2017-04-02" "perl v5.24.1" "User Contributed Perl Documentation" +.TH EXT_WBINFO_GROUP_ACL 8 "2017-06-01" "perl v5.24.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/helpers/log_daemon/DB/log_db_daemon.8 new/squid-3.5.26/helpers/log_daemon/DB/log_db_daemon.8 --- old/squid-3.5.25/helpers/log_daemon/DB/log_db_daemon.8 2017-04-02 19:11:24.000000000 +0200 +++ new/squid-3.5.26/helpers/log_daemon/DB/log_db_daemon.8 2017-06-02 00:42:55.000000000 +0200 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "LOG_DB_DAEMON 8" -.TH LOG_DB_DAEMON 8 "2017-04-02" "perl v5.24.1" "User Contributed Perl Documentation" +.TH LOG_DB_DAEMON 8 "2017-06-01" "perl v5.24.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/helpers/storeid_rewrite/file/storeid_file_rewrite.8 new/squid-3.5.26/helpers/storeid_rewrite/file/storeid_file_rewrite.8 --- old/squid-3.5.25/helpers/storeid_rewrite/file/storeid_file_rewrite.8 2017-04-02 19:11:38.000000000 +0200 +++ new/squid-3.5.26/helpers/storeid_rewrite/file/storeid_file_rewrite.8 2017-06-02 00:43:23.000000000 +0200 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "STOREID_FILE_REWRITE 8" -.TH STOREID_FILE_REWRITE 8 "2017-04-02" "perl v5.24.1" "User Contributed Perl Documentation" +.TH STOREID_FILE_REWRITE 8 "2017-06-01" "perl v5.24.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/include/version.h new/squid-3.5.26/include/version.h --- old/squid-3.5.25/include/version.h 2017-04-02 15:07:29.000000000 +0200 +++ new/squid-3.5.26/include/version.h 2017-06-01 15:55:26.000000000 +0200 @@ -7,7 +7,7 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1491138248 +#define SQUID_RELEASE_TIME 1496324930 #endif /* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/src/SBufExceptions.cc new/squid-3.5.26/src/SBufExceptions.cc --- old/squid-3.5.25/src/SBufExceptions.cc 2017-04-02 15:04:18.000000000 +0200 +++ new/squid-3.5.26/src/SBufExceptions.cc 2017-06-01 15:49:00.000000000 +0200 @@ -25,9 +25,7 @@ explanatoryText.appendf(" in file %s", aFileName); explanatoryText.appendf(" while accessing position %d in a SBuf long %d", pos, throwingBuf.length()); - // we can safely alias c_str as both are local to the object - // and will not further manipulated. - message = xstrndup(explanatoryText.c_str(),explanatoryText.length()); + message = xstrdup(explanatoryText.c_str()); } OutOfBoundsException::~OutOfBoundsException() throw() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/src/cf.data.pre new/squid-3.5.26/src/cf.data.pre --- old/squid-3.5.25/src/cf.data.pre 2017-04-02 15:04:18.000000000 +0200 +++ new/squid-3.5.26/src/cf.data.pre 2017-06-01 15:49:00.000000000 +0200 @@ -2669,8 +2669,11 @@ This is the default action. bump - Establish a secure connection with the server and, using a - mimicked server certificate, with the client. + When used on step SslBump1, establishes a secure connection + with the client first, then connect to the server. + When used on step SslBump2 or SslBump3, establishes a secure + connection with the server and, using a mimicked server + certificate, with the client. peek Receive client (step SslBump1) or server (step SslBump2) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/src/client_side.cc new/squid-3.5.26/src/client_side.cc --- old/squid-3.5.25/src/client_side.cc 2017-04-02 15:04:18.000000000 +0200 +++ new/squid-3.5.26/src/client_side.cc 2017-06-01 15:49:00.000000000 +0200 @@ -4391,7 +4391,7 @@ // in.buf still has the "CONNECT ..." request data, reset it to SSL hello message connState->in.buf.append(rbuf.content(), rbuf.contentSize()); ClientHttpRequest *http = context->http; - tunnelStart(http, &http->out.size, &http->al->http.code, http->al); + tunnelStart(http); } } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/src/client_side_reply.cc new/squid-3.5.26/src/client_side_reply.cc --- old/squid-3.5.25/src/client_side_reply.cc 2017-04-02 15:04:18.000000000 +0200 +++ new/squid-3.5.26/src/client_side_reply.cc 2017-06-01 15:49:00.000000000 +0200 @@ -1179,7 +1179,7 @@ if (curReply->content_length < 0) return 0; - int64_t expectedLength = curReply->content_length + http->out.headers_sz; + uint64_t expectedLength = curReply->content_length + http->out.headers_sz; if (http->out.size < expectedLength) return 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/src/client_side_request.cc new/squid-3.5.26/src/client_side_request.cc --- old/squid-3.5.25/src/client_side_request.cc 2017-04-02 15:04:18.000000000 +0200 +++ new/squid-3.5.26/src/client_side_request.cc 2017-06-01 15:49:00.000000000 +0200 @@ -1424,7 +1424,17 @@ if (bumpMode != Ssl::bumpEnd) { debugs(85, 5, HERE << "SslBump already decided (" << bumpMode << "), " << "ignoring ssl_bump for " << http->getConn()); - if (!http->getConn()->serverBump()) + + // We need the following "if" for transparently bumped TLS connection, + // because in this case we are running ssl_bump access list before + // the doCallouts runs. It can be removed after the bug #4340 fixed. + // We do not want to proceed to bumping steps: + // - if the TLS connection with the client is already established + // because we are accepting normal HTTP requests on TLS port, + // or because of the client-first bumping mode + // - When the bumping is already started + if (!http->getConn()->switchedToHttps() && + !http->getConn()->serverBump()) http->sslBumpNeed(bumpMode); // for processRequest() to bump if needed and not already bumped http->al->ssl.bumpMode = bumpMode; // inherited from bumped connection return false; @@ -1512,7 +1522,7 @@ } #endif getConn()->stopReading(); // tunnels read for themselves - tunnelStart(this, &out.size, &al->http.code, al); + tunnelStart(this); return; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/src/client_side_request.h new/squid-3.5.26/src/client_side_request.h --- old/squid-3.5.25/src/client_side_request.h 2017-04-02 15:04:18.000000000 +0200 +++ new/squid-3.5.26/src/client_side_request.h 2017-06-01 15:49:00.000000000 +0200 @@ -73,7 +73,7 @@ struct { int64_t offset; - int64_t size; + uint64_t size; size_t headers_sz; } out; @@ -182,7 +182,7 @@ void clientAccessCheck(ClientHttpRequest *); /* ones that should be elsewhere */ -void tunnelStart(ClientHttpRequest *, int64_t *, int *, const AccessLogEntry::Pointer &al); +void tunnelStart(ClientHttpRequest *); #if _USE_INLINE_ #include "client_side_request.cci" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/src/clients/FtpGateway.cc new/squid-3.5.26/src/clients/FtpGateway.cc --- old/squid-3.5.25/src/clients/FtpGateway.cc 2017-04-02 15:04:18.000000000 +0200 +++ new/squid-3.5.26/src/clients/FtpGateway.cc 2017-06-01 15:49:00.000000000 +0200 @@ -626,10 +626,17 @@ while (strchr(w_space, *copyFrom)) ++copyFrom; } else { - /* XXX assumes a single space between date and filename + /* Handle the following four formats: + * "MMM DD YYYY Name" + * "MMM DD YYYYName" + * "MMM DD YYYY Name" + * "MMM DD YYYY Name" + * Assuming a single space between date and filename * suggested by: [email protected] and * Mike Battersby <[email protected]> */ - copyFrom += strlen(tbuf) + 1; + copyFrom += strlen(tbuf); + if (strchr(w_space, *copyFrom)) + ++copyFrom; } p->name = xstrdup(copyFrom); @@ -1534,7 +1541,7 @@ /* Reset cwd_message to only include the last message */ ftpState->cwd_message.reset(""); for (wordlist *w = ftpState->ctrl.message; w; w = w->next) { - ftpState->cwd_message.append(' '); + ftpState->cwd_message.append('\n'); ftpState->cwd_message.append(w->key); } ftpState->ctrl.message = NULL; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/src/esi/Expression.cc new/squid-3.5.26/src/esi/Expression.cc --- old/squid-3.5.25/src/esi/Expression.cc 2017-04-02 15:04:18.000000000 +0200 +++ new/squid-3.5.26/src/esi/Expression.cc 2017-06-01 15:49:00.000000000 +0200 @@ -743,7 +743,7 @@ /* Special case for zero length strings */ if (t - s - 1) - rv.value.string = xstrndup(s + 1, t - s - 1); + rv.value.string = xstrndup(s + 1, t - (s + 1) + 1); else rv.value.string = static_cast<char *>(xcalloc(1,1)); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/src/main.cc new/squid-3.5.26/src/main.cc --- old/squid-3.5.25/src/main.cc 2017-04-02 15:04:18.000000000 +0200 +++ new/squid-3.5.26/src/main.cc 2017-06-01 15:49:00.000000000 +0200 @@ -563,6 +563,10 @@ printf("Service Name: " SQUIDSBUFPH "\n", SQUIDSBUFPRINT(service_name)); if (strlen(SQUID_BUILD_INFO)) printf("%s\n",SQUID_BUILD_INFO); +#if USE_OPENSSL + printf("\nThis binary uses %s. ", SSLeay_version(SSLEAY_VERSION)); + printf("For legal restrictions on distribution see https://www.openssl.org/source/license.html\n\n";); +#endif printf( "configure options: %s\n", SQUID_CONFIGURE_OPTIONS); #if USE_WIN32_SERVICE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/src/ssl/gadgets.cc new/squid-3.5.26/src/ssl/gadgets.cc --- old/squid-3.5.25/src/ssl/gadgets.cc 2017-04-02 15:04:18.000000000 +0200 +++ new/squid-3.5.26/src/ssl/gadgets.cc 2017-06-01 15:49:00.000000000 +0200 @@ -339,7 +339,40 @@ return added; } -static bool buildCertificate(Ssl::X509_Pointer & cert, Ssl::CertificateProperties const &properties) +/// Adds a new subjectAltName extension contining Subject CN or returns false +/// expects the caller to check for the existing subjectAltName extension +static bool +addAltNameWithSubjectCn(Ssl::X509_Pointer &cert) +{ + X509_NAME *name = X509_get_subject_name(cert.get()); + if (!name) + return false; + + const int loc = X509_NAME_get_index_by_NID(name, NID_commonName, -1); + if (loc < 0) + return false; + + ASN1_STRING *cn_data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, loc)); + if (!cn_data) + return false; + + char dnsName[1024]; // DNS names are limited to 256 characters + const int res = snprintf(dnsName, sizeof(dnsName), "DNS:%*s", cn_data->length, cn_data->data); + if (res <= 0 || res >= static_cast<int>(sizeof(dnsName))) + return false; + + X509_EXTENSION *ext = X509V3_EXT_conf_nid(NULL, NULL, NID_subject_alt_name, dnsName); + if (!ext) + return false; + + const bool result = X509_add_ext(cert.get(), ext, -1); + + X509_EXTENSION_free(ext); + return result; +} + +static bool +buildCertificate(Ssl::X509_Pointer & cert, Ssl::CertificateProperties const &properties) { // not an Ssl::X509_NAME_Pointer because X509_REQ_get_subject_name() // returns a pointer to the existing subject name. Nothing to clean here. @@ -387,6 +420,8 @@ } else if (!X509_gmtime_adj(X509_get_notAfter(cert.get()), 60*60*24*356*3)) return false; + int addedExtensions = 0; + bool useCommonNameAsAltName = true; // mimic the alias and possibly subjectAltName if (properties.mimicCert.get()) { unsigned char *alStr; @@ -396,26 +431,29 @@ X509_alias_set1(cert.get(), alStr, alLen); } - int addedExtensions = 0; - // Mimic subjectAltName unless we used a configured CN: browsers reject // certificates with CN unrelated to subjectAltNames. if (!properties.setCommonName) { - int pos=X509_get_ext_by_NID (properties.mimicCert.get(), OBJ_sn2nid("subjectAltName"), -1); + int pos = X509_get_ext_by_NID(properties.mimicCert.get(), NID_subject_alt_name, -1); X509_EXTENSION *ext=X509_get_ext(properties.mimicCert.get(), pos); if (ext) { if (X509_add_ext(cert.get(), ext, -1)) ++addedExtensions; } + // We want to mimic the server-sent subjectAltName, not enhance it. + useCommonNameAsAltName = false; } addedExtensions += mimicExtensions(cert, properties.mimicCert); - - // According to RFC 5280, using extensions requires v3 certificate. - if (addedExtensions) - X509_set_version(cert.get(), 2); // value 2 means v3 } + if (useCommonNameAsAltName && addAltNameWithSubjectCn(cert)) + ++addedExtensions; + + // According to RFC 5280, using extensions requires v3 certificate. + if (addedExtensions) + X509_set_version(cert.get(), 2); // value 2 means v3 + return true; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/src/ssl/ssl_crtd.cc new/squid-3.5.26/src/ssl/ssl_crtd.cc --- old/squid-3.5.25/src/ssl/ssl_crtd.cc 2017-04-02 15:04:18.000000000 +0200 +++ new/squid-3.5.26/src/ssl/ssl_crtd.cc 2017-06-01 15:49:00.000000000 +0200 @@ -350,7 +350,7 @@ } } catch (std::runtime_error & error) { std::cerr << argv[0] << ": " << error.what() << std::endl; - return 0; + return -1; } return 0; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/src/tests/stub_tunnel.cc new/squid-3.5.26/src/tests/stub_tunnel.cc --- old/squid-3.5.25/src/tests/stub_tunnel.cc 2017-04-02 15:04:18.000000000 +0200 +++ new/squid-3.5.26/src/tests/stub_tunnel.cc 2017-06-01 15:49:00.000000000 +0200 @@ -14,7 +14,7 @@ #include "FwdState.h" class ClientHttpRequest; -void tunnelStart(ClientHttpRequest *, int64_t *, int *, const AccessLogEntryPointer &al) STUB +void tunnelStart(ClientHttpRequest *) STUB void switchToTunnel(HttpRequest *request, Comm::ConnectionPointer &clientConn, Comm::ConnectionPointer &srvConn) STUB diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/src/tunnel.cc new/squid-3.5.26/src/tunnel.cc --- old/squid-3.5.25/src/tunnel.cc 2017-04-02 15:04:18.000000000 +0200 +++ new/squid-3.5.26/src/tunnel.cc 2017-06-01 15:49:00.000000000 +0200 @@ -139,7 +139,7 @@ int len; char *buf; AsyncCall::Pointer writer; ///< pending Comm::Write callback - int64_t *size_ptr; /* pointer to size in an ConnStateData for logging */ + uint64_t *size_ptr; /* pointer to size in an ConnStateData for logging */ Comm::ConnectionPointer conn; ///< The currently connected connection. uint8_t delayedLoops; ///< how many times a read on this connection has been postponed. @@ -848,6 +848,11 @@ return; } + if (ClientHttpRequest *http = tunnelState->http.get()) { + http->out.headers_sz += size; + http->out.size += size; + } + tunnelStartShoveling(tunnelState); } @@ -995,7 +1000,7 @@ } void -tunnelStart(ClientHttpRequest * http, int64_t * size_ptr, int *status_ptr, const AccessLogEntryPointer &al) +tunnelStart(ClientHttpRequest * http) { debugs(26, 3, HERE); /* Create state structure. */ @@ -1021,7 +1026,7 @@ if (ch.fastCheck() == ACCESS_DENIED) { debugs(26, 4, HERE << "MISS access forbidden."); err = new ErrorState(ERR_FORWARDING_DENIED, Http::scForbidden, request); - *status_ptr = Http::scForbidden; + http->al->http.code = Http::scForbidden; errorSend(http->getConn()->clientConnection, err); return; } @@ -1037,12 +1042,13 @@ #endif tunnelState->url = xstrdup(url); tunnelState->request = request; - tunnelState->server.size_ptr = size_ptr; - tunnelState->status_ptr = status_ptr; + tunnelState->server.size_ptr = &http->out.size; + tunnelState->client.size_ptr = &http->al->http.clientRequestSz.payloadData; + tunnelState->status_ptr = &http->al->http.code; tunnelState->logTag_ptr = &http->logType; tunnelState->client.conn = http->getConn()->clientConnection; tunnelState->http = http; - tunnelState->al = al; + tunnelState->al = http->al ; tunnelState->started = squid_curtime; comm_add_close_handler(tunnelState->client.conn->fd, @@ -1053,7 +1059,7 @@ CommTimeoutCbPtrFun(tunnelTimeout, tunnelState)); commSetConnTimeout(tunnelState->client.conn, Config.Timeout.lifetime, timeoutCall); - peerSelect(&(tunnelState->serverDestinations), request, al, + peerSelect(&(tunnelState->serverDestinations), request, tunnelState->al, NULL, tunnelPeerSelectComplete, tunnelState); @@ -1226,6 +1232,10 @@ if (context != NULL && context->http != NULL) { tunnelState->logTag_ptr = &context->http->logType; tunnelState->server.size_ptr = &context->http->out.size; + if (context->http->al != NULL) { + tunnelState->al = context->http->al; + tunnelState->client.size_ptr = &context->http->al->http.clientRequestSz.payloadData; + } #if USE_DELAY_POOLS /* no point using the delayIsNoDelay stuff since tunnel is nice and simple */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/tools/cachemgr.cc new/squid-3.5.26/tools/cachemgr.cc --- old/squid-3.5.25/tools/cachemgr.cc 2017-04-02 15:04:18.000000000 +0200 +++ new/squid-3.5.26/tools/cachemgr.cc 2017-06-01 15:49:00.000000000 +0200 @@ -440,7 +440,7 @@ return; } - buf_copy = x = xstrndup(buf, bufLen); + buf_copy = x = xstrndup(buf, bufLen+1); a = xstrtok(&x, '\t'); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/tools/purge/purge.cc new/squid-3.5.26/tools/purge/purge.cc --- old/squid-3.5.25/tools/purge/purge.cc 2017-04-02 15:04:18.000000000 +0200 +++ new/squid-3.5.26/tools/purge/purge.cc 2017-06-01 15:49:00.000000000 +0200 @@ -272,7 +272,7 @@ snprintf( md5, sizeof(md5), "%-32s", "(no_md5_data_available)" ); } - char timeb[64]; + char timeb[256]; if ( meta && (findings = meta->search( STORE_META_STD )) ) { StoreMetaStd temp; // make data aligned, avoid SIGBUS on RISC machines (ARGH!) @@ -283,7 +283,7 @@ } else if ( meta && (findings = meta->search( STORE_META_STD_LFS )) ) { StoreMetaStdLFS temp; // make data aligned, avoid SIGBUS on RISC machines (ARGH!) - memcpy( &temp, findings->data, sizeof(StoreMetaStd) ); + memcpy( &temp, findings->data, sizeof(StoreMetaStdLFS) ); snprintf( timeb, sizeof(timeb), "%08lx %08lx %08lx %08lx %04x %5hu ", (unsigned long)temp.timestamp, (unsigned long)temp.lastref, (unsigned long)temp.expires, (unsigned long)temp.lastmod, temp.flags, temp.refcount ); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.5.25/tools/squidclient/squidclient.1 new/squid-3.5.26/tools/squidclient/squidclient.1 --- old/squid-3.5.25/tools/squidclient/squidclient.1 2017-04-02 15:04:18.000000000 +0200 +++ new/squid-3.5.26/tools/squidclient/squidclient.1 2017-06-01 15:49:00.000000000 +0200 @@ -86,7 +86,7 @@ .if !'po4a'hide' .TP .if !'po4a'hide' .B "\-H 'string'" Extra headers to send. Use -.B '\\n' +.B '\en' for new lines. . .if !'po4a'hide' .TP ++++++ squid-3.5.25.tar.xz.asc -> squid-3.5.26.tar.xz.asc ++++++ --- /work/SRC/openSUSE:Factory/squid/squid-3.5.25.tar.xz.asc 2017-04-14 13:40:46.233532087 +0200 +++ /work/SRC/openSUSE:Factory/.squid.new/squid-3.5.26.tar.xz.asc 2017-06-21 13:54:42.360407409 +0200 @@ -1,20 +1,20 @@ -File: squid-3.5.25.tar.xz -Date: Sun Apr 2 20:29:16 UTC 2017 -Size: 2327316 -MD5 : 6b7dd7b42b1adacf08f3155640ea2782 -SHA1: 63ea00cb918e3106fd91b286ec907f1681e0f0e8 +File: squid-3.5.26.tar.xz +Date: Fri Jun 2 00:43:54 UTC 2017 +Size: 2328352 +MD5 : 510e2c84773879c00d0e7ced997864d9 +SHA1: 51a664217957b35de8b7fae180b9f93a759a4204 Key : 0xFF5CF463 <[email protected]> EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463 keyring = http://www.squid-cache.org/pgp.asc keyserver = subkeys.pgp.net -----BEGIN PGP SIGNATURE----- -iQEzBAABCAAdFiEE6jHMXpSI5RaNLcxesmjnBv9c9GMFAljhX8EACgkQsmjnBv9c -9GMjFgf9ED5brd68IQQ1YNx5ecX5ni5A8rggShgE2h2EtBnBicj4c8CRwX82VXwm -0yIGHe/reWzppkDGcBaflgyAWGdmUkQR5EixlkBAmwtLAAlJauxeUBxSunxbzn96 -ysFNmV0GEmzL7ZWJHjFQj4Bd2HnnDRFUbpdK37/lUVJVt2NZ7xtZm+Tcf7cm59Pn -OwKsjrGXui+/DoK3lktvn/U4JYsITjVRIc/OcuBW2CM2GlPYSfmTfswIAOVWfb6+ -btP4pyHSaDaxzw616CSm6HXebL0SHt2CUGrcuCENkSGWj8KiTYBzXpXYDdcblmVp -1VFdZQcBMPkD3LVVoKA/HahRSjQgxw== -=yE6f +iQEzBAABCAAdFiEE6jHMXpSI5RaNLcxesmjnBv9c9GMFAlkwtTYACgkQsmjnBv9c +9GPpRAf7B+2gZgh1GGwjDheRvX43odQhVg9KkXB+raufqDBSRs7cyj5E/cC9XBPC +bmhyF2sk03p0a8wgmSbIH7gBFZ01TbQ5np2dUGh0b9sZPI8DJcSDPS8g9I2IT99v +axAttf8IbSzeNTgOk4l/veNMA1RU5fgyY19FnD+G22rVhcmWZFMfD/GBTyw3oc1i +7Hs/ulyCmdOHmzzTinMBEaU787mxwng2K7j2SV0O4W6wnuakAMWLdSCGsrUNBwik +teu5nd/AuAo1Y1KhM8adjHcANwa12s02yPUgkxyIDkVKBgYmbJAGvfSwFpOqRK4q +2uvHSqEAJr47u+n+Y2QampwAXCOEDQ== +=XyzG -----END PGP SIGNATURE-----
