Hello community, here is the log from the commit of package squid for openSUSE:Factory checked in at 2019-01-03 18:08:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/squid (Old) and /work/SRC/openSUSE:Factory/.squid.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "squid" Thu Jan 3 18:08:06 2019 rev:67 rq:662383 version:4.5 Changes: -------- --- /work/SRC/openSUSE:Factory/squid/squid.changes 2018-12-04 20:57:49.032620863 +0100 +++ /work/SRC/openSUSE:Factory/.squid.new.28833/squid.changes 2019-01-03 18:08:11.476057035 +0100 @@ -1,0 +2,15 @@ +Wed Jan 02 05:45:03 UTC 2019 - s...@suspend.net + +- Update to squid 4.5: + + Squid crashes when ICAPS and a sslcrtvalidator used together (#328) + + ssl_bump prevents from accessing some web contents (#304) + + Docs: improved lexgrog compatibility (#340) + + Redesign forward_max_tries count TCP connection attempts + + Fix client_connection_mark ACL handling of clientless transactions + + Fix netdb exchange with a TLS cache peer + + Update netdb when tunneling requests + + Use pkg-config for detecting libxml2 + + Misc doc updates + + Misc code compile fixes + +------------------------------------------------------------------- Old: ---- squid-4.4.tar.xz squid-4.4.tar.xz.asc New: ---- squid-4.5.tar.xz squid-4.5.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ squid.spec ++++++ --- /var/tmp/diff_new_pack.FyaNsr/_old 2019-01-03 18:08:12.040056534 +0100 +++ /var/tmp/diff_new_pack.FyaNsr/_new 2019-01-03 18:08:12.044056530 +0100 @@ -1,7 +1,7 @@ # # spec file for package squid # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,14 +12,14 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define squidlibdir %{_libdir}/squid %define squidconfdir %{_sysconfdir}/squid Name: squid -Version: 4.4 +Version: 4.5 Release: 0 Summary: Caching and forwarding HTTP web proxy License: GPL-2.0-or-later ++++++ squid-4.4.tar.xz -> squid-4.5.tar.xz ++++++ ++++ 3223 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/ChangeLog new/squid-4.5/ChangeLog --- old/squid-4.4/ChangeLog 2018-10-27 22:44:55.000000000 +0200 +++ new/squid-4.5/ChangeLog 2019-01-01 01:02:15.000000000 +0100 @@ -1,12 +1,24 @@ -Changes to squid-4.3 (28 Oct 2018): +Changes to squid-4.5 (01 Jan 2019): - - Bug 4893: Malformed %>ru URIs for CONNECT requests - - Fix %USER_CA_CERT_xx and %USER_CERT_xx crashes - - SSL: support compilation with minimal OpenSSL - - SSL: certificate fields injection via %D in ERR_SECURE_CONNECT_FAIL - - Fix netdb not saving to disk - - Fix memory leak when parsing SNMP packet - - ... and some compile issues + - Bug 4253: ssl_bump prevents access to some web contents + - TLS: add %>handshake logformat code + - Redesign forward_max_tries to count TCP connection attempts + - Fix client_connection_mark ACL handling of clientless transactions + - Fix netdb exchange with a TLS cache_peer + - Update netdb when tunneling requests + - Use pkg-config for detecting libxml2 + - ... and some documentation updates + - ... and some code compile fixes + +Changes to squid-4.4 (28 Oct 2018): + + - Bug 4893: Malformed %>ru URIs for CONNECT requests + - Fix %USER_CA_CERT_xx and %USER_CERT_xx crashes + - SSL: support compilation with minimal OpenSSL + - SSL: certificate fields injection via %D in ERR_SECURE_CONNECT_FAIL + - Fix netdb not saving to disk + - Fix memory leak when parsing SNMP packet + - ... and some compile issues Changes to squid-4.3 (01 Oct 2018): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/RELEASENOTES.html new/squid-4.5/RELEASENOTES.html --- old/squid-4.4/RELEASENOTES.html 2018-10-27 22:56:40.000000000 +0200 +++ new/squid-4.5/RELEASENOTES.html 2019-01-01 01:42:00.000000000 +0100 @@ -2,10 +2,10 @@ <HTML> <HEAD> <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.73"> - <TITLE>Squid 4.4 release notes</TITLE> + <TITLE>Squid 4.5 release notes</TITLE> </HEAD> <BODY> -<H1>Squid 4.4 release notes</H1> +<H1>Squid 4.5 release notes</H1> <H2>Squid Developers</H2> <HR> @@ -63,7 +63,7 @@ <HR> <H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2> -<P>The Squid Team are pleased to announce the release of Squid-4.4 for testing.</P> +<P>The Squid Team are pleased to announce the release of Squid-4.5 for testing.</P> <P>This new release is available for download from <A HREF="http://www.squid-cache.org/Versions/v4/">http://www.squid-cache.org/Versions/v4/</A> or the <A HREF="http://www.squid-cache.org/Download/http-mirrors.html">mirrors</A>.</P> @@ -369,8 +369,8 @@ <DT><B>acl</B><DD> <P>New <EM>-m</EM> flag for <EM>note</EM> ACL to match substrings.</P> -<P>New <EM>clientside_mark</EM> type for matching Netfilter CONNMARK on -the client TCP connection.</P> +<P>New <EM>client_connection_mark</EM> type for matching Netfilter +CONNMARK of the client TCP connection.</P> <P>New <EM>connections_encrypted</EM> type for matching transactions where all HTTP messages were received over TLS transport connections, including messages received from ICAP servers.</P> @@ -499,6 +499,8 @@ negotiated cipher of the client connection.</P> <P>New code <EM>%ssl::<negotiated_cipher</EM> to display the negotiated cipher of the last server or peer connection.</P> +<P>New code <EM>%>handshake</EM> to display initial octets +received on a client connection (Base64 encoded).</P> <P>Fixed <EM>%<Hs</EM>, <EM>%<pt</EM> and <EM>%<tt</EM> codes for received CONNECT errors.</P> <P>Improved <EM>%<bs</EM> logging on forwarding retries.</P> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/configure.ac new/squid-4.5/configure.ac --- old/squid-4.4/configure.ac 2018-10-27 22:45:15.000000000 +0200 +++ new/squid-4.5/configure.ac 2019-01-01 01:30:50.000000000 +0100 @@ -5,12 +5,12 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -AC_INIT([Squid Web Proxy],[4.4],[http://bugs.squid-cache.org/],[squid]) +AC_INIT([Squid Web Proxy],[4.5],[http://bugs.squid-cache.org/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) AC_CONFIG_SRCDIR([src/main.cc]) -AM_INIT_AUTOMAKE([tar-ustar nostdinc subdir-objects]) +AM_INIT_AUTOMAKE([tar-ustar nostdinc subdir-objects dist-xz]) AC_REVISION($Revision$)dnl AC_PREFIX_DEFAULT(/usr/local/squid) AM_MAINTAINER_MODE @@ -922,41 +922,45 @@ AC_ARG_WITH(libxml2, AS_HELP_STRING([--without-libxml2],[Do not use libxml2 for ESI. Default: auto-detect])) if test "x$squid_opt_use_esi" != "xno" -a "x$with_libxml2" != "xno" ; then - AC_CHECK_LIB([xml2], [main], [XMLLIB="-lxml2"; HAVE_LIBXML2=1]) - dnl Find the main header and include path... - AC_CACHE_CHECK([location of libxml2 include files], [ac_cv_libxml2_include], [ - AC_CHECK_HEADERS([libxml/parser.h], [], [ - AC_MSG_NOTICE([Testing in /usr/include/libxml2]) - SAVED_CPPFLAGS="$CPPFLAGS" - CPPFLAGS="-I/usr/include/libxml2 $CPPFLAGS" - unset ac_cv_header_libxml_parser_h - AC_CHECK_HEADERS([libxml/parser.h], [ac_cv_libxml2_include="-I/usr/include/libxml2"], [ - AC_MSG_NOTICE([Testing in /usr/local/include/libxml2]) - CPPFLAGS="-I/usr/local/include/libxml2 $SAVED_CPPFLAGS" + SQUID_STATE_SAVE([squid_libxml2_save]) + PKG_CHECK_MODULES([LIBXML2],[libxml-2.0],[],[ + AC_CHECK_LIB([xml2], [main], [LIBXML2_LIBS="$LIBXML2_LIBS -lxml2"]) + dnl Find the main header and include path... + AC_CACHE_CHECK([location of libxml2 include files], [ac_cv_libxml2_include], [ + AC_CHECK_HEADERS([libxml/parser.h], [], [ + AC_MSG_NOTICE([Testing in /usr/include/libxml2]) + SAVED_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="-I/usr/include/libxml2 $CPPFLAGS" unset ac_cv_header_libxml_parser_h - AC_CHECK_HEADERS([libxml/parser.h], [ac_cv_libxml2_include="-I/usr/local/include/libxml2"], [ - AC_MSG_NOTICE([Failed to find libxml2 header file libxml/parser.h]) + AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I/usr/include/libxml2"], [ + AC_MSG_NOTICE([Testing in /usr/local/include/libxml2]) + CPPFLAGS="-I/usr/local/include/libxml2 $SAVED_CPPFLAGS" + unset ac_cv_header_libxml_parser_h + AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I/usr/local/include/libxml2"], [ + AC_MSG_NOTICE([Failed to find libxml2 header file libxml/parser.h]) + ]) ]) + CPPFLAGS="$SAVED_CPPFLAGS" ]) - CPPFLAGS="$SAVED_CPPFLAGS" ]) ]) - if test "x$ac_cv_libxml2_include" != "x"; then - SQUID_CXXFLAGS="$ac_cv_libxml2_include $SQUID_CXXFLAGS" - CPPFLAGS="$ac_cv_libxml2_include $CPPFLAGS" - fi + CPPFLAGS="$CPPFLAGS $LIBXML2_CFLAGS" dnl Now that we know where to look find the headers... AC_CHECK_HEADERS(libxml/parser.h libxml/HTMLparser.h libxml/HTMLtree.h) - AC_DEFINE_UNQUOTED(HAVE_LIBXML2, $HAVE_LIBXML2, [Define to 1 if you have the libxml2 library]) - AS_IF(test "x$HAVE_LIBXML2" = "x1",[ + SQUID_STATE_ROLLBACK([squid_libxml2_save]) + + if test "x$LIBXML2_LIBS" != "x"; then + HAVE_LIBXML2=1 squid_opt_use_esi=yes - ],[ - AS_IF(test "x$with_libxml2" = "xyes",[ - AC_MSG_ERROR([Required library libxml2 not found.]) - ],[ - AC_MSG_NOTICE([Library libxml2 not found.]) - ]) - ]) + SQUID_CXXFLAGS="$SQUID_CXXFLAGS $LIBXML2_CFLAGS" + CPPFLAGS="$CPPFLAGS $LIBXML2_CFLAGS" + XMLLIB="$LIBXML2_LIBS" + AC_DEFINE_UNQUOTED(HAVE_LIBXML2, $HAVE_LIBXML2, [Define to 1 if you have the libxml2 library]) + elif test "x$with_libxml2" = "xyes"; then + AC_MSG_ERROR([Required library libxml2 not found]) + else + AC_MSG_NOTICE([Library libxml2 not found.]) + fi fi AS_IF([test "x$squid_opt_use_esi" = "xyes"],[ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/doc/release-notes/release-4.html new/squid-4.5/doc/release-notes/release-4.html --- old/squid-4.4/doc/release-notes/release-4.html 2018-10-27 22:56:40.000000000 +0200 +++ new/squid-4.5/doc/release-notes/release-4.html 2019-01-01 01:42:00.000000000 +0100 @@ -2,10 +2,10 @@ <HTML> <HEAD> <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.73"> - <TITLE>Squid 4.4 release notes</TITLE> + <TITLE>Squid 4.5 release notes</TITLE> </HEAD> <BODY> -<H1>Squid 4.4 release notes</H1> +<H1>Squid 4.5 release notes</H1> <H2>Squid Developers</H2> <HR> @@ -63,7 +63,7 @@ <HR> <H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2> -<P>The Squid Team are pleased to announce the release of Squid-4.4 for testing.</P> +<P>The Squid Team are pleased to announce the release of Squid-4.5 for testing.</P> <P>This new release is available for download from <A HREF="http://www.squid-cache.org/Versions/v4/">http://www.squid-cache.org/Versions/v4/</A> or the <A HREF="http://www.squid-cache.org/Download/http-mirrors.html">mirrors</A>.</P> @@ -369,8 +369,8 @@ <DT><B>acl</B><DD> <P>New <EM>-m</EM> flag for <EM>note</EM> ACL to match substrings.</P> -<P>New <EM>clientside_mark</EM> type for matching Netfilter CONNMARK on -the client TCP connection.</P> +<P>New <EM>client_connection_mark</EM> type for matching Netfilter +CONNMARK of the client TCP connection.</P> <P>New <EM>connections_encrypted</EM> type for matching transactions where all HTTP messages were received over TLS transport connections, including messages received from ICAP servers.</P> @@ -499,6 +499,8 @@ negotiated cipher of the client connection.</P> <P>New code <EM>%ssl::<negotiated_cipher</EM> to display the negotiated cipher of the last server or peer connection.</P> +<P>New code <EM>%>handshake</EM> to display initial octets +received on a client connection (Base64 encoded).</P> <P>Fixed <EM>%<Hs</EM>, <EM>%<pt</EM> and <EM>%<tt</EM> codes for received CONNECT errors.</P> <P>Improved <EM>%<bs</EM> logging on forwarding retries.</P> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/include/version.h new/squid-4.5/include/version.h --- old/squid-4.4/include/version.h 2018-10-27 22:45:15.000000000 +0200 +++ new/squid-4.5/include/version.h 2019-01-01 01:30:50.000000000 +0100 @@ -7,7 +7,7 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1540673103 +#define SQUID_RELEASE_TIME 1546302637 #endif /* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/FwdState.cc new/squid-4.5/src/FwdState.cc --- old/squid-4.4/src/FwdState.cc 2018-10-27 22:44:55.000000000 +0200 +++ new/squid-4.5/src/FwdState.cc 2019-01-01 01:02:15.000000000 +0100 @@ -587,7 +587,7 @@ if (!entry->isEmpty()) return false; - if (n_tries > Config.forward_max_tries) + if (exhaustedTries()) return false; if (!EnoughTimeToReForward(start_t)) @@ -921,6 +921,7 @@ Comm::ConnOpener *cs = new Comm::ConnOpener(serverDestinations[0], calls.connector, connTimeout); if (host) cs->setHost(host); + ++n_tries; AsyncJob::Start(cs); } @@ -1072,7 +1073,7 @@ return 0; } - if (n_tries > Config.forward_max_tries) + if (exhaustedTries()) return 0; if (request->bodyNibbled()) @@ -1222,6 +1223,12 @@ ++ FwdReplyCodes[tries][status]; } +bool +FwdState::exhaustedTries() const +{ + return n_tries >= Config.forward_max_tries; +} + /**** PRIVATE NON-MEMBER FUNCTIONS ********************************************/ /* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/FwdState.h new/squid-4.5/src/FwdState.h --- old/squid-4.4/src/FwdState.h 2018-10-27 22:44:55.000000000 +0200 +++ new/squid-4.5/src/FwdState.h 2019-01-01 01:02:15.000000000 +0100 @@ -127,6 +127,9 @@ void syncWithServerConn(const char *host); void syncHierNote(const Comm::ConnectionPointer &server, const char *host); + /// whether we have used up all permitted forwarding attempts + bool exhaustedTries() const; + public: StoreEntry *entry; HttpRequest *request; @@ -139,7 +142,7 @@ ErrorState *err; Comm::ConnectionPointer clientConn; ///< a possibly open connection to the client. time_t start_t; - int n_tries; + int n_tries; ///< the number of forwarding attempts so far // AsyncCalls which we set and may need cancelling. struct { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/acl/ConnMark.cc new/squid-4.5/src/acl/ConnMark.cc --- old/squid-4.4/src/acl/ConnMark.cc 2018-10-27 22:44:55.000000000 +0200 +++ new/squid-4.5/src/acl/ConnMark.cc 2019-01-01 01:02:15.000000000 +0100 @@ -74,15 +74,22 @@ Acl::ConnMark::match(ACLChecklist *cl) { const auto *checklist = Filled(cl); - const auto connmark = checklist->conn()->clientConnection->nfmark; + const auto conn = checklist->conn(); - for (const auto &m : marks) { - if ((connmark & m.second) == m.first) { - debugs(28, 5, "found " << m << " matching " << asHex(connmark)); - return 1; + if (conn && conn->clientConnection) { + const auto connmark = conn->clientConnection->nfmark; + + for (const auto &m : marks) { + if ((connmark & m.second) == m.first) { + debugs(28, 5, "found " << m << " matching " << asHex(connmark)); + return 1; + } + debugs(28, 7, "skipped " << m << " mismatching " << asHex(connmark)); } - debugs(28, 7, "skipped " << m << " mismatching " << asHex(connmark)); + } else { + debugs(28, 7, "fails: no client connection"); } + return 0; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/acl/external/SQL_session/ext_sql_session_acl.8 new/squid-4.5/src/acl/external/SQL_session/ext_sql_session_acl.8 --- old/squid-4.4/src/acl/external/SQL_session/ext_sql_session_acl.8 2018-10-27 22:56:44.000000000 +0200 +++ new/squid-4.5/src/acl/external/SQL_session/ext_sql_session_acl.8 2019-01-01 01:42:04.000000000 +0100 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_SQL_SESSION_ACL 8" -.TH EXT_SQL_SESSION_ACL 8 "2018-10-27" "perl v5.26.2" "User Contributed Perl Documentation" +.TH EXT_SQL_SESSION_ACL 8 "2019-01-01" "perl v5.28.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/acl/external/delayer/ext_delayer_acl.8 new/squid-4.5/src/acl/external/delayer/ext_delayer_acl.8 --- old/squid-4.4/src/acl/external/delayer/ext_delayer_acl.8 2018-10-27 22:56:43.000000000 +0200 +++ new/squid-4.5/src/acl/external/delayer/ext_delayer_acl.8 2019-01-01 01:42:04.000000000 +0100 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_DELAYER_ACL 8" -.TH EXT_DELAYER_ACL 8 "2018-10-27" "perl v5.26.2" "User Contributed Perl Documentation" +.TH EXT_DELAYER_ACL 8 "2019-01-01" "perl v5.28.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 new/squid-4.5/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 --- old/squid-4.4/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 2018-10-27 22:56:44.000000000 +0200 +++ new/squid-4.5/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 2019-01-01 01:42:04.000000000 +0100 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_WBINFO_GROUP_ACL 8" -.TH EXT_WBINFO_GROUP_ACL 8 "2018-10-27" "perl v5.26.2" "User Contributed Perl Documentation" +.TH EXT_WBINFO_GROUP_ACL 8 "2019-01-01" "perl v5.28.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/adaptation/icap/Xaction.cc new/squid-4.5/src/adaptation/icap/Xaction.cc --- old/squid-4.4/src/adaptation/icap/Xaction.cc 2018-10-27 22:44:55.000000000 +0200 +++ new/squid-4.5/src/adaptation/icap/Xaction.cc 2019-01-01 01:02:15.000000000 +0100 @@ -744,7 +744,7 @@ securer = NULL; if (closer != NULL) { - if (answer.conn != NULL) + if (Comm::IsConnOpen(answer.conn)) comm_remove_close_handler(answer.conn->fd, closer); else closer->cancel("securing completed"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/auth/basic/DB/basic_db_auth.8 new/squid-4.5/src/auth/basic/DB/basic_db_auth.8 --- old/squid-4.4/src/auth/basic/DB/basic_db_auth.8 2018-10-27 22:56:45.000000000 +0200 +++ new/squid-4.5/src/auth/basic/DB/basic_db_auth.8 2019-01-01 01:42:05.000000000 +0100 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_DB_AUTH 8" -.TH BASIC_DB_AUTH 8 "2018-10-27" "perl v5.26.2" "User Contributed Perl Documentation" +.TH BASIC_DB_AUTH 8 "2019-01-01" "perl v5.28.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/auth/basic/POP3/basic_pop3_auth.8 new/squid-4.5/src/auth/basic/POP3/basic_pop3_auth.8 --- old/squid-4.4/src/auth/basic/POP3/basic_pop3_auth.8 2018-10-27 22:56:45.000000000 +0200 +++ new/squid-4.5/src/auth/basic/POP3/basic_pop3_auth.8 2019-01-01 01:42:06.000000000 +0100 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_POP3_AUTH 8" -.TH BASIC_POP3_AUTH 8 "2018-10-27" "perl v5.26.2" "User Contributed Perl Documentation" +.TH BASIC_POP3_AUTH 8 "2019-01-01" "perl v5.28.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/base/File.cc new/squid-4.5/src/base/File.cc --- old/squid-4.4/src/base/File.cc 2018-10-27 22:44:55.000000000 +0200 +++ new/squid-4.5/src/base/File.cc 2019-01-01 01:02:15.000000000 +0100 @@ -373,3 +373,4 @@ #if _SQUID_WINDOWS_ const HANDLE File::InvalidHandle = INVALID_HANDLE_VALUE; #endif /* _SQUID_WINDOWS_ */ + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/cf.data.pre new/squid-4.5/src/cf.data.pre --- old/squid-4.4/src/cf.data.pre 2018-10-27 22:44:55.000000000 +0200 +++ new/squid-4.5/src/cf.data.pre 2019-01-01 01:02:15.000000000 +0100 @@ -3791,11 +3791,15 @@ TYPE: int LOC: Config.forward_max_tries DOC_START - Controls how many different forward paths Squid will try - before giving up. See also forward_timeout. + Limits the number of attempts to forward the request. + + For the purpose of this limit, Squid counts all high-level request + forwarding attempts, including any same-destination retries after + certain persistent connection failures and any attempts to use a + different peer. However, low-level connection reopening attempts + (enabled using connect_retries) are not counted. - NOTE: connect_retries (default: none) can make each of these - possible forwarding paths be tried multiple times. + See also: forward_timeout and connect_retries. DOC_END COMMENT_START @@ -4394,6 +4398,37 @@ <qos Server connection TOS/DSCP value set by Squid <nfmark Server connection netfilter mark set by Squid + >handshake Raw client handshake + Initial client bytes received by Squid on a newly + accepted TCP connection or inside a just established + CONNECT tunnel. Squid stops accumulating handshake + bytes as soon as the handshake parser succeeds or + fails (determining whether the client is using the + expected protocol). + + For HTTP clients, the handshake is the request line. + For TLS clients, the handshake consists of all TLS + records up to and including the TLS record that + contains the last byte of the first ClientHello + message. For clients using an unsupported protocol, + this field contains the bytes received by Squid at the + time of the handshake parsing failure. + + See the on_unsupported_protocol directive for more + information on Squid handshake traffic expectations. + + Current support is limited to these contexts: + - http_port connections, but only when the + on_unsupported_protocol directive is in use. + - https_port connections (and CONNECT tunnels) that + are subject to the ssl_bump peek or stare action. + + To protect binary handshake data, this field is always + base64-encoded (RFC 4648 Section 4). If logformat + field encoding is configured, that encoding is applied + on top of base64. Otherwise, the computed base64 value + is recorded as is. + Time related format codes: ts Seconds since epoch @@ -9823,19 +9858,23 @@ DEFAULT: 0 DEFAULT_DOC: Do not retry failed connections. DOC_START - This sets the maximum number of connection attempts made for each - TCP connection. The connect_retries attempts must all still - complete within the connection timeout period. - - The default is not to re-try if the first connection attempt fails. - The (not recommended) maximum is 10 tries. - - A warning message will be generated if it is set to a too-high - value and the configured value will be over-ridden. - - Note: These re-tries are in addition to forward_max_tries - which limit how many different addresses may be tried to find - a useful server. + Limits the number of reopening attempts when establishing a single + TCP connection. All these attempts must still complete before the + applicable connection opening timeout expires. + + By default and when connect_retries is set to zero, Squid does not + retry failed connection opening attempts. + + The (not recommended) maximum is 10 tries. An attempt to configure a + higher value results in the value of 10 being used (with a warning). + + Squid may open connections to retry various high-level forwarding + failures. For an outside observer, that activity may look like a + low-level connection reopening attempt, but those high-level retries + are governed by forward_max_tries instead. + + See also: connect_timeout, forward_timeout, icap_connect_timeout, + ident_timeout, and forward_max_tries. DOC_END NAME: retry_on_error diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/client_side.cc new/squid-4.5/src/client_side.cc --- old/squid-4.4/src/client_side.cc 2018-10-27 22:44:55.000000000 +0200 +++ new/squid-4.5/src/client_side.cc 2019-01-01 01:02:15.000000000 +0100 @@ -1081,20 +1081,18 @@ return NULL; } -static void -prepareAcceleratedURL(ConnStateData * conn, ClientHttpRequest *http, const Http1::RequestParserPointer &hp) +static char * +prepareAcceleratedURL(ConnStateData * conn, const Http1::RequestParserPointer &hp) { int vhost = conn->port->vhost; int vport = conn->port->vport; static char ipbuf[MAX_IPSTRLEN]; - http->flags.accel = true; - /* BUG: Squid cannot deal with '*' URLs (RFC2616 5.1.2) */ static const SBuf cache_object("cache_object://"); if (hp->requestUri().startsWith(cache_object)) - return; /* already in good shape */ + return nullptr; /* already in good shape */ // XXX: re-use proper URL parser for this SBuf url = hp->requestUri(); // use full provided URI if we abort @@ -1104,7 +1102,7 @@ break; if (conn->port->vhost) - return; /* already in good shape */ + return nullptr; /* already in good shape */ // skip the URI scheme static const CharacterSet uriScheme = CharacterSet("URI-scheme","+-.") + CharacterSet::ALPHA + CharacterSet::DIGIT; @@ -1141,18 +1139,16 @@ #endif if (vport < 0) - vport = http->getConn()->clientConnection->local.port(); + vport = conn->clientConnection->local.port(); - const bool switchedToHttps = conn->switchedToHttps(); - const bool tryHostHeader = vhost || switchedToHttps; char *host = NULL; - if (tryHostHeader && (host = hp->getHeaderField("Host"))) { + if (vhost && (host = hp->getHeaderField("Host"))) { debugs(33, 5, "ACCEL VHOST REWRITE: vhost=" << host << " + vport=" << vport); char thost[256]; if (vport > 0) { thost[0] = '\0'; char *t = NULL; - if (host[strlen(host)] != ']' && (t = strrchr(host,':')) != NULL) { + if (host[strlen(host) - 1] != ']' && (t = strrchr(host,':')) != nullptr) { strncpy(thost, host, (t-host)); snprintf(thost+(t-host), sizeof(thost)-(t-host), ":%d", vport); host = thost; @@ -1161,67 +1157,116 @@ host = thost; } } // else nothing to alter port-wise. - const int url_sz = hp->requestUri().length() + 32 + Config.appendDomainLen + strlen(host); - http->uri = (char *)xcalloc(url_sz, 1); const SBuf &scheme = AnyP::UriScheme(conn->transferProtocol.protocol).image(); - snprintf(http->uri, url_sz, SQUIDSBUFPH "://%s" SQUIDSBUFPH, SQUIDSBUFPRINT(scheme), host, SQUIDSBUFPRINT(url)); - debugs(33, 5, "ACCEL VHOST REWRITE: " << http->uri); + const int url_sz = scheme.length() + strlen(host) + url.length() + 32; + char *uri = static_cast<char *>(xcalloc(url_sz, 1)); + snprintf(uri, url_sz, SQUIDSBUFPH "://%s" SQUIDSBUFPH, SQUIDSBUFPRINT(scheme), host, SQUIDSBUFPRINT(url)); + debugs(33, 5, "ACCEL VHOST REWRITE: " << uri); + return uri; } else if (conn->port->defaultsite /* && !vhost */) { debugs(33, 5, "ACCEL DEFAULTSITE REWRITE: defaultsite=" << conn->port->defaultsite << " + vport=" << vport); - const int url_sz = hp->requestUri().length() + 32 + Config.appendDomainLen + - strlen(conn->port->defaultsite); - http->uri = (char *)xcalloc(url_sz, 1); char vportStr[32]; vportStr[0] = '\0'; if (vport > 0) { snprintf(vportStr, sizeof(vportStr),":%d",vport); } const SBuf &scheme = AnyP::UriScheme(conn->transferProtocol.protocol).image(); - snprintf(http->uri, url_sz, SQUIDSBUFPH "://%s%s" SQUIDSBUFPH, + const int url_sz = scheme.length() + strlen(conn->port->defaultsite) + sizeof(vportStr) + url.length() + 32; + char *uri = static_cast<char *>(xcalloc(url_sz, 1)); + snprintf(uri, url_sz, SQUIDSBUFPH "://%s%s" SQUIDSBUFPH, SQUIDSBUFPRINT(scheme), conn->port->defaultsite, vportStr, SQUIDSBUFPRINT(url)); - debugs(33, 5, "ACCEL DEFAULTSITE REWRITE: " << http->uri); + debugs(33, 5, "ACCEL DEFAULTSITE REWRITE: " << uri); + return uri; } else if (vport > 0 /* && (!vhost || no Host:) */) { debugs(33, 5, "ACCEL VPORT REWRITE: *_port IP + vport=" << vport); /* Put the local socket IP address as the hostname, with whatever vport we found */ - const int url_sz = hp->requestUri().length() + 32 + Config.appendDomainLen; - http->uri = (char *)xcalloc(url_sz, 1); - http->getConn()->clientConnection->local.toHostStr(ipbuf,MAX_IPSTRLEN); + conn->clientConnection->local.toHostStr(ipbuf,MAX_IPSTRLEN); const SBuf &scheme = AnyP::UriScheme(conn->transferProtocol.protocol).image(); - snprintf(http->uri, url_sz, SQUIDSBUFPH "://%s:%d" SQUIDSBUFPH, + const int url_sz = scheme.length() + sizeof(ipbuf) + url.length() + 32; + char *uri = static_cast<char *>(xcalloc(url_sz, 1)); + snprintf(uri, url_sz, SQUIDSBUFPH "://%s:%d" SQUIDSBUFPH, SQUIDSBUFPRINT(scheme), ipbuf, vport, SQUIDSBUFPRINT(url)); - debugs(33, 5, "ACCEL VPORT REWRITE: " << http->uri); + debugs(33, 5, "ACCEL VPORT REWRITE: " << uri); + return uri; } + + return nullptr; } -static void -prepareTransparentURL(ConnStateData * conn, ClientHttpRequest *http, const Http1::RequestParserPointer &hp) +static char * +buildUrlFromHost(ConnStateData * conn, const Http1::RequestParserPointer &hp) { - // TODO Must() on URI !empty when the parser supports throw. For now avoid assert(). - if (!hp->requestUri().isEmpty() && hp->requestUri()[0] != '/') - return; /* already in good shape */ - + char *uri = nullptr; /* BUG: Squid cannot deal with '*' URLs (RFC2616 5.1.2) */ - if (const char *host = hp->getHeaderField("Host")) { - const int url_sz = hp->requestUri().length() + 32 + Config.appendDomainLen + - strlen(host); - http->uri = (char *)xcalloc(url_sz, 1); const SBuf &scheme = AnyP::UriScheme(conn->transferProtocol.protocol).image(); - snprintf(http->uri, url_sz, SQUIDSBUFPH "://%s" SQUIDSBUFPH, - SQUIDSBUFPRINT(scheme), host, SQUIDSBUFPRINT(hp->requestUri())); - debugs(33, 5, "TRANSPARENT HOST REWRITE: " << http->uri); - } else { + const int url_sz = scheme.length() + strlen(host) + hp->requestUri().length() + 32; + uri = static_cast<char *>(xcalloc(url_sz, 1)); + snprintf(uri, url_sz, SQUIDSBUFPH "://%s" SQUIDSBUFPH, + SQUIDSBUFPRINT(scheme), + host, + SQUIDSBUFPRINT(hp->requestUri())); + } + return uri; +} + +char * +ConnStateData::prepareTlsSwitchingURL(const Http1::RequestParserPointer &hp) +{ + Must(switchedToHttps()); + + if (!hp->requestUri().isEmpty() && hp->requestUri()[0] != '/') + return nullptr; /* already in good shape */ + + char *uri = buildUrlFromHost(this, hp); +#if USE_OPENSSL + if (!uri) { + Must(tlsConnectPort); + Must(sslConnectHostOrIp.size()); + SBuf useHost; + if (!tlsClientSni().isEmpty()) + useHost = tlsClientSni(); + else + useHost.assign(sslConnectHostOrIp.rawBuf(), sslConnectHostOrIp.size()); + + const SBuf &scheme = AnyP::UriScheme(transferProtocol.protocol).image(); + const int url_sz = scheme.length() + useHost.length() + hp->requestUri().length() + 32; + uri = static_cast<char *>(xcalloc(url_sz, 1)); + snprintf(uri, url_sz, SQUIDSBUFPH "://" SQUIDSBUFPH ":%d" SQUIDSBUFPH, + SQUIDSBUFPRINT(scheme), + SQUIDSBUFPRINT(useHost), + tlsConnectPort, + SQUIDSBUFPRINT(hp->requestUri())); + } +#endif + if (uri) + debugs(33, 5, "TLS switching host rewrite: " << uri); + return uri; +} + +static char * +prepareTransparentURL(ConnStateData * conn, const Http1::RequestParserPointer &hp) +{ + // TODO Must() on URI !empty when the parser supports throw. For now avoid assert(). + if (!hp->requestUri().isEmpty() && hp->requestUri()[0] != '/') + return nullptr; /* already in good shape */ + + char *uri = buildUrlFromHost(conn, hp); + if (!uri) { /* Put the local socket IP address as the hostname. */ - const int url_sz = hp->requestUri().length() + 32 + Config.appendDomainLen; - http->uri = (char *)xcalloc(url_sz, 1); static char ipbuf[MAX_IPSTRLEN]; - http->getConn()->clientConnection->local.toHostStr(ipbuf,MAX_IPSTRLEN); - const SBuf &scheme = AnyP::UriScheme(http->getConn()->transferProtocol.protocol).image(); - snprintf(http->uri, url_sz, SQUIDSBUFPH "://%s:%d" SQUIDSBUFPH, + conn->clientConnection->local.toHostStr(ipbuf,MAX_IPSTRLEN); + const SBuf &scheme = AnyP::UriScheme(conn->transferProtocol.protocol).image(); + const int url_sz = sizeof(ipbuf) + hp->requestUri().length() + 32; + uri = static_cast<char *>(xcalloc(url_sz, 1)); + snprintf(uri, url_sz, SQUIDSBUFPH "://%s:%d" SQUIDSBUFPH, SQUIDSBUFPRINT(scheme), - ipbuf, http->getConn()->clientConnection->local.port(), SQUIDSBUFPRINT(hp->requestUri())); - debugs(33, 5, "TRANSPARENT REWRITE: " << http->uri); + ipbuf, conn->clientConnection->local.port(), SQUIDSBUFPRINT(hp->requestUri())); } + + if (uri) + debugs(33, 5, "TRANSPARENT REWRITE: " << uri); + return uri; } /** Parse an HTTP request @@ -1341,9 +1386,11 @@ * - remote interception with PROXY protocol * - remote reverse-proxy with PROXY protocol */ - if (csd->transparent()) { + if (csd->switchedToHttps()) { + http->uri = csd->prepareTlsSwitchingURL(hp); + } else if (csd->transparent()) { /* intercept or transparent mode, properly working with no failures */ - prepareTransparentURL(csd, http, hp); + http->uri = prepareTransparentURL(csd, hp); } else if (internalCheck(hp->requestUri())) { // NP: only matches relative-URI /* internal URL mode */ @@ -1353,9 +1400,10 @@ // But have not parsed there yet!! flag for local-only handling. http->flags.internal = true; - } else if (csd->port->flags.accelSurrogate || csd->switchedToHttps()) { + } else if (csd->port->flags.accelSurrogate) { /* accelerator mode */ - prepareAcceleratedURL(csd, http, hp); + http->uri = prepareAcceleratedURL(csd, hp); + http->flags.accel = true; } if (!http->uri) { @@ -2315,6 +2363,7 @@ #if USE_OPENSSL switchedToHttps_(false), parsingTlsHandshake(false), + tlsConnectPort(0), sslServerBump(NULL), signAlgorithm(Ssl::algSignTrusted), #endif @@ -3050,6 +3099,7 @@ assert(!switchedToHttps_); sslConnectHostOrIp = request->url.host(); + tlsConnectPort = request->url.port(); resetSslCommonName(request->url.host()); // We are going to read new request diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/client_side.h new/squid-4.5/src/client_side.h --- old/squid-4.4/src/client_side.h 2018-10-27 22:44:55.000000000 +0200 +++ new/squid-4.5/src/client_side.h 2019-01-01 01:02:15.000000000 +0100 @@ -274,6 +274,7 @@ #else bool switchedToHttps() const { return false; } #endif + char *prepareTlsSwitchingURL(const Http1::RequestParserPointer &hp); /* clt_conn_tag=tag annotation access */ const SBuf &connectionTag() const { return connectionTag_; } @@ -393,6 +394,7 @@ /// The SSL server host name appears in CONNECT request or the server ip address for the intercepted requests String sslConnectHostOrIp; ///< The SSL server host name as passed in the CONNECT request + unsigned short tlsConnectPort; ///< The TLS server port number as passed in the CONNECT request SBuf sslCommonName_; ///< CN name for SSL certificate generation /// TLS client delivered SNI value. Empty string if none has been received. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/format/ByteCode.h new/squid-4.5/src/format/ByteCode.h --- old/squid-4.4/src/format/ByteCode.h 2018-10-27 22:44:55.000000000 +0200 +++ new/squid-4.5/src/format/ByteCode.h 2019-01-01 01:02:15.000000000 +0100 @@ -46,6 +46,8 @@ LFT_CLIENT_LOCAL_TOS, LFT_CLIENT_LOCAL_NFMARK, + LFT_CLIENT_HANDSHAKE, + /* client connection local squid.conf details */ LFT_LOCAL_LISTENING_IP, LFT_LOCAL_LISTENING_PORT, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/format/Format.cc new/squid-4.5/src/format/Format.cc --- old/squid-4.4/src/format/Format.cc 2018-10-27 22:44:55.000000000 +0200 +++ new/squid-4.5/src/format/Format.cc 2019-01-01 01:02:15.000000000 +0100 @@ -8,6 +8,7 @@ #include "squid.h" #include "AccessLogEntry.h" +#include "base64.h" #include "client_side.h" #include "comm/Connection.h" #include "err_detail_type.h" @@ -547,6 +548,24 @@ } break; + case LFT_CLIENT_HANDSHAKE: + if (al->request && al->request->clientConnectionManager.valid()) { + const auto &handshake = al->request->clientConnectionManager->preservedClientData; + if (const auto rawLength = handshake.length()) { + // add 1 byte to optimize the c_str() conversion below + char *buf = sb.rawAppendStart(base64_encode_len(rawLength) + 1); + + struct base64_encode_ctx ctx; + base64_encode_init(&ctx); + auto encLength = base64_encode_update(&ctx, buf, rawLength, reinterpret_cast<const uint8_t*>(handshake.rawContent())); + encLength += base64_encode_final(&ctx, buf + encLength); + + sb.rawAppendFinish(buf, encLength); + out = sb.c_str(); + } + } + break; + case LFT_TIME_SECONDS_SINCE_EPOCH: // some platforms store time in 32-bit, some 64-bit... outoff = static_cast<int64_t>(current_time.tv_sec); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/format/Token.cc new/squid-4.5/src/format/Token.cc --- old/squid-4.4/src/format/Token.cc 2018-10-27 22:44:55.000000000 +0200 +++ new/squid-4.5/src/format/Token.cc 2019-01-01 01:02:15.000000000 +0100 @@ -141,6 +141,7 @@ TokenTableEntry("<qos", LFT_SERVER_LOCAL_TOS), TokenTableEntry(">nfmark", LFT_CLIENT_LOCAL_NFMARK), TokenTableEntry("<nfmark", LFT_SERVER_LOCAL_NFMARK), + TokenTableEntry(">handshake", LFT_CLIENT_HANDSHAKE), TokenTableEntry("err_code", LFT_SQUID_ERROR ), TokenTableEntry("err_detail", LFT_SQUID_ERROR_DETAIL ), TokenTableEntry("note", LFT_NOTE ), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/http/url_rewriters/LFS/url_lfs_rewrite.8 new/squid-4.5/src/http/url_rewriters/LFS/url_lfs_rewrite.8 --- old/squid-4.4/src/http/url_rewriters/LFS/url_lfs_rewrite.8 2018-10-27 22:56:46.000000000 +0200 +++ new/squid-4.5/src/http/url_rewriters/LFS/url_lfs_rewrite.8 2019-01-01 01:42:07.000000000 +0100 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,13 +133,15 @@ .\" ======================================================================== .\" .IX Title "URL_LFS_REWRITE 8" -.TH URL_LFS_REWRITE 8 "2018-10-27" "perl v5.26.2" "User Contributed Perl Documentation" +.TH URL_LFS_REWRITE 8 "2019-01-01" "perl v5.28.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -url_lfs_rewrite +.Vb 1 +\& url_lfs_rewrite \- a URL\-rewriter based on local file existence +.Ve .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/http/url_rewriters/LFS/url_lfs_rewrite.pl.in new/squid-4.5/src/http/url_rewriters/LFS/url_lfs_rewrite.pl.in --- old/squid-4.4/src/http/url_rewriters/LFS/url_lfs_rewrite.pl.in 2018-10-27 22:44:55.000000000 +0200 +++ new/squid-4.5/src/http/url_rewriters/LFS/url_lfs_rewrite.pl.in 2019-01-01 01:02:15.000000000 +0100 @@ -8,7 +8,7 @@ =head1 NAME -B<url_lfs_rewrite> + url_lfs_rewrite - a URL-rewriter based on local file existence =head1 SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/icmp/net_db.cc new/squid-4.5/src/icmp/net_db.cc --- old/squid-4.4/src/icmp/net_db.cc 2018-10-27 22:44:55.000000000 +0200 +++ new/squid-4.5/src/icmp/net_db.cc 2019-01-01 01:02:15.000000000 +0100 @@ -1282,7 +1282,7 @@ #if USE_ICMP CachePeer *p = (CachePeer *)data; static const SBuf netDB("netdb"); - char *uri = internalRemoteUri(p->host, p->http_port, "/squid-internal-dynamic/", netDB); + char *uri = internalRemoteUri(p->secure.encryptTransport, p->host, p->http_port, "/squid-internal-dynamic/", netDB); debugs(38, 3, "Requesting '" << uri << "'"); const MasterXaction::Pointer mx = new MasterXaction(XactionInitiator::initIcmp); HttpRequest *req = HttpRequest::FromUrl(uri, mx); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/internal.cc new/squid-4.5/src/internal.cc --- old/squid-4.4/src/internal.cc 2018-10-27 22:44:55.000000000 +0200 +++ new/squid-4.5/src/internal.cc 2019-01-01 01:02:15.000000000 +0100 @@ -82,7 +82,7 @@ * makes internal url with a given host and port (remote internal url) */ char * -internalRemoteUri(const char *host, unsigned short port, const char *dir, const SBuf &name) +internalRemoteUri(bool encrypt, const char *host, unsigned short port, const char *dir, const SBuf &name) { static char lc_host[SQUIDHOSTNAMELEN]; assert(host && !name.isEmpty()); @@ -115,7 +115,7 @@ static MemBuf mb; mb.reset(); - mb.appendf("http://" SQUIDSBUFPH, SQUIDSBUFPRINT(tmp.authority())); + mb.appendf("%s://" SQUIDSBUFPH, encrypt ? "https" : "http", SQUIDSBUFPRINT(tmp.authority())); if (dir) mb.append(dir, strlen(dir)); @@ -132,7 +132,10 @@ char * internalLocalUri(const char *dir, const SBuf &name) { - return internalRemoteUri(getMyHostname(), + // XXX: getMy*() may return https_port info, but we force http URIs + // because we have not checked whether the callers can handle https. + const bool secure = false; + return internalRemoteUri(secure, getMyHostname(), getMyPort(), dir, name); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/internal.h new/squid-4.5/src/internal.h --- old/squid-4.4/src/internal.h 2018-10-27 22:44:55.000000000 +0200 +++ new/squid-4.5/src/internal.h 2019-01-01 01:02:15.000000000 +0100 @@ -24,7 +24,7 @@ bool internalCheck(const SBuf &urlPath); bool internalStaticCheck(const SBuf &urlPath); char *internalLocalUri(const char *dir, const SBuf &name); -char *internalRemoteUri(const char *, unsigned short, const char *, const SBuf &); +char *internalRemoteUri(bool, const char *, unsigned short, const char *, const SBuf &); const char *internalHostname(void); int internalHostnameIs(const char *); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/log/DB/log_db_daemon.8 new/squid-4.5/src/log/DB/log_db_daemon.8 --- old/squid-4.4/src/log/DB/log_db_daemon.8 2018-10-27 22:56:46.000000000 +0200 +++ new/squid-4.5/src/log/DB/log_db_daemon.8 2019-01-01 01:42:07.000000000 +0100 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "LOG_DB_DAEMON 8" -.TH LOG_DB_DAEMON 8 "2018-10-27" "perl v5.26.2" "User Contributed Perl Documentation" +.TH LOG_DB_DAEMON 8 "2019-01-01" "perl v5.28.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/peer_digest.cc new/squid-4.5/src/peer_digest.cc --- old/squid-4.4/src/peer_digest.cc 2018-10-27 22:44:55.000000000 +0200 +++ new/squid-4.5/src/peer_digest.cc 2019-01-01 01:02:15.000000000 +0100 @@ -323,7 +323,7 @@ if (p->digest_url) url = xstrdup(p->digest_url); else - url = xstrdup(internalRemoteUri(p->host, p->http_port, "/squid-internal-periodic/", SBuf(StoreDigestFileName))); + url = xstrdup(internalRemoteUri(p->secure.encryptTransport, p->host, p->http_port, "/squid-internal-periodic/", SBuf(StoreDigestFileName))); debugs(72, 2, url); const MasterXaction::Pointer mx = new MasterXaction(XactionInitiator::initCacheDigest); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/security/cert_validators/fake/security_fake_certverify.8 new/squid-4.5/src/security/cert_validators/fake/security_fake_certverify.8 --- old/squid-4.4/src/security/cert_validators/fake/security_fake_certverify.8 2018-10-27 22:56:46.000000000 +0200 +++ new/squid-4.5/src/security/cert_validators/fake/security_fake_certverify.8 2019-01-01 01:42:08.000000000 +0100 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SECURITY_FAKE_CERTVERIFY 8" -.TH SECURITY_FAKE_CERTVERIFY 8 "2018-10-27" "perl v5.26.2" "User Contributed Perl Documentation" +.TH SECURITY_FAKE_CERTVERIFY 8 "2019-01-01" "perl v5.28.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/store/id_rewriters/file/storeid_file_rewrite.8 new/squid-4.5/src/store/id_rewriters/file/storeid_file_rewrite.8 --- old/squid-4.4/src/store/id_rewriters/file/storeid_file_rewrite.8 2018-10-27 22:56:44.000000000 +0200 +++ new/squid-4.5/src/store/id_rewriters/file/storeid_file_rewrite.8 2019-01-01 01:42:05.000000000 +0100 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "STOREID_FILE_REWRITE 8" -.TH STOREID_FILE_REWRITE 8 "2018-10-27" "perl v5.26.2" "User Contributed Perl Documentation" +.TH STOREID_FILE_REWRITE 8 "2019-01-01" "perl v5.28.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/src/tunnel.cc new/squid-4.5/src/tunnel.cc --- old/squid-4.4/src/tunnel.cc 2018-10-27 22:44:55.000000000 +0200 +++ new/squid-4.5/src/tunnel.cc 2019-01-01 01:02:15.000000000 +0100 @@ -28,6 +28,7 @@ #include "http.h" #include "http/Stream.h" #include "HttpRequest.h" +#include "icmp/net_db.h" #include "ip/QosConfig.h" #include "LogTags.h" #include "MemBuf.h" @@ -1037,6 +1038,8 @@ tunnelState->server.setDelayId(DelayId()); #endif + netdbPingSite(tunnelState->request->url.host()); + tunnelState->request->hier.resetPeerNotes(conn, tunnelState->getHost()); tunnelState->server.conn = conn; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-4.4/tools/helper-mux/helper-mux.8 new/squid-4.5/tools/helper-mux/helper-mux.8 --- old/squid-4.4/tools/helper-mux/helper-mux.8 2018-10-27 22:56:47.000000000 +0200 +++ new/squid-4.5/tools/helper-mux/helper-mux.8 2019-01-01 01:42:08.000000000 +0100 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "HELPER-MUX 8" -.TH HELPER-MUX 8 "2018-10-27" "perl v5.26.2" "User Contributed Perl Documentation" +.TH HELPER-MUX 8 "2019-01-01" "perl v5.28.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l ++++++ squid-4.4.tar.xz.asc -> squid-4.5.tar.xz.asc ++++++ --- /work/SRC/openSUSE:Factory/squid/squid-4.4.tar.xz.asc 2018-10-31 13:15:40.687383154 +0100 +++ /work/SRC/openSUSE:Factory/.squid.new.28833/squid-4.5.tar.xz.asc 2019-01-03 18:08:11.204057276 +0100 @@ -1,25 +1,25 @@ -File: squid-4.4.tar.xz -Date: Sat Oct 27 21:20:24 UTC 2018 -Size: 2436468 -MD5 : 892504ca9700e1f139a53f84098613bd -SHA1: 0ab6b133f65866d825bf72cbbe8cef209768b2fa +File: squid-4.5.tar.xz +Date: Tue Jan 1 05:12:50 UTC 2019 +Size: 2437936 +MD5 : 8275da5846f9f2243ad2625e5aef2ee0 +SHA1: 1249cf60f1ea2a0cd145f66a790d1e9e48333c51 Key : CD6DBF8EF3B17D3E <squ...@treenet.co.nz> B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E keyring = http://www.squid-cache.org/pgp.asc keyserver = pool.sks-keyservers.net -----BEGIN PGP SIGNATURE----- -iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAlvU1qAACgkQzW2/jvOx -fT5Y3Q//R3/ZtDHal9H9c4VUB1fEzkk22JfgXTzRRUdzNkN+XxDkVGmM9R0E0Opo -9E/lsE9PcLX1EBtBXbPfwLESzfMe4QJgqq1B4FocpJcdtfCQX6ADU4Qdfc+oo8Z1 -J/xCf8XrU3yUgXn3pMnQ9DT+IuPYe+Jte7Awm148mC15GMC49NBAYAd793XZ+L2t -fVPCbVYA40AU3xVJkxlblh7O0E8UEQ7zQMxcXM2jJJ4jJOjqecOIoJt6lyPD59q3 -UjD0EmcjTj54BpaU8r++kAc2TkLyBvFV1vWQuQRNG5IAMEOF3H8OfujCXl3lX9fD -Tvi9763f9LxdImLJttkzgTt20XAudlUmKOdpj6t1uF+7EmNJg/ChowyLsLzlLLST -1mGNdcUdP9VhX2aoTXN/ctn8BTQ/cNIx2VY8kKWsXB+ymFcCJRBW1cBAr3R+UzuX -KVlsDzlxP6Dp8EFvKN3sIbM/QtpstKgbTkxro7d9XBkeldsasd5uI2Yt5PSMIs+y -VtscqCnwDjxAIW6FNqB96J4hcOYECdWHDL3s46wEDnQaiR0IdBAN5QHn1imzM5e1 -eHuwZimqBW6vE4rPnVpPIr1Gml5OlLl3te2jsbUVmBiOwDVlQLZJQGzI5UTazvnN -eR3QeTW+ggSAdVc6GEApELARfKPRxywLQTOlAhEPn0xayy4ByME= -=1eSQ +iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAlwq9vIACgkQzW2/jvOx +fT5u8hAAnXV/L+XDTZXjxIYimN/4zKPVwG0lEbAg6uXQ0z/7+tH3G8kQ+DAXtxlz +my5MnJ0GvI98RhuIIR34wces/KLMYtcH8wTj5YzNRxLZu929eIm5IyV02Ve83FNd +uuU4Tea0H2qCPUKZrsdQX7fn9ZlVeSvu7/pRNmM1/V+Txnn0Jut+Xk1KxkTHtwr5 +5UjGm+sP9/ISpttosY5FcYEdIrOB9PlqLI6umt9L+mdAOnnhIN2YgXX167PzSZqv +O+3VRUKGEFXi31krvWE+gL46tnHpV75A9Ccy52yNKCkdfVbRelJijnk7WYj/32GC +jWOzkjJh235CoIwiVt0xQshnrVs3EbiEWgu2XLBbGmWAyc4eJerPxwR8MQR6hnWf +tGB+RyzQ+7rGBTCupKuk1k75tHOqPxcPN6N2Pw+l+A34yAyu721Bnt76AqQVYPQH +wKwK5BGQF5t1llW8I5C7CAO5Kn/mtF5ZbkhjTsqy+BvqVPAeMVbCCgGro694vWKG +YOX2MqXwVaA/LE+Y8cWRYIVfyl3ABpP98JZU9HAzC9D+AIwLFUI6EaVrwcKfDU1j +GRSBJsG6N0Z/MvdQdlU3xqAWvyKI+HRLKxRP+9DK2DkRX8RVsODhZ2txsjpCxh3t +mYICqcuahPuPSUvR6m+wfLDsniQ93Fdzzv6YC34f/9LPdnj4DrM= +=aK8J -----END PGP SIGNATURE-----