Hello community,
here is the log from the commit of package squid for openSUSE:Leap:15.2 checked
in at 2020-05-03 14:28:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2/squid (Old)
and /work/SRC/openSUSE:Leap:15.2/.squid.new.2738 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "squid"
Sun May 3 14:28:46 2020 rev:46 rq:799613 version:4.11
Changes:
--------
--- /work/SRC/openSUSE:Leap:15.2/squid/squid.changes 2020-02-29
17:18:51.725341465 +0100
+++ /work/SRC/openSUSE:Leap:15.2/.squid.new.2738/squid.changes 2020-05-03
14:28:47.356443393 +0200
@@ -1,0 +2,31 @@
+Thu Apr 23 13:02:37 UTC 2020 - Adam Majer <adam.ma...@suse.de>
+
+- Update to squid 4.11:
+ * Fix incorrect buffer handling that can result in cache
+ poisoning, remote execution, and denial of service attacks when
+ processing ESI responses
+ (CVE-2019-12519, CVE-2019-12521, bsc#1169659)
+ * Fixes possible information disclosure when translating
+ FTP server listings into HTTP responses.
+ (CVE-2019-12528, bsc#1162689)
+ * Fixes possible denial of service caused by incorrect buffer
+ management ext_lm_group_acl when processing NTLM Authentication
+ credentials. (CVE-2020-8517, bsc#1162691)
+ * Fixes a potential remote execution vulnerability when using
+ HTTP Digest Authentication (CVE-2020-11945, bsc#1170313)
+ * Fixes problem when reconfigure killed Coordinator in
+ SMP+ufs configurations (#556)
+
+-------------------------------------------------------------------
+Mon Apr 20 10:24:46 UTC 2020 - Thorsten Kukuk <ku...@suse.com>
+
+- Make logrotate recommended, it's not strictly required and
+ doesn't make any sense in containers
+
+-------------------------------------------------------------------
+Tue Feb 18 15:46:02 CET 2020 - ku...@suse.de
+
+- Use sysusers instead of shadow to create squid user and groups
+- Don't hard require systemd
+
+-------------------------------------------------------------------
@@ -35,0 +67,2 @@
+ * fixes handling of invalid domain names in cachemgr.cgi
+ (CVE-2019-18860, bsc#1167373)
Old:
----
squid-4.10.tar.xz
squid-4.10.tar.xz.asc
New:
----
squid-4.11.tar.xz
squid-4.11.tar.xz.asc
squid-user.conf
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ squid.spec ++++++
--- /var/tmp/diff_new_pack.q5a39X/_old 2020-05-03 14:28:47.896444544 +0200
+++ /var/tmp/diff_new_pack.q5a39X/_new 2020-05-03 14:28:47.896444544 +0200
@@ -19,7 +19,7 @@
%define squidlibdir %{_libdir}/squid
%define squidconfdir %{_sysconfdir}/squid
Name: squid
-Version: 4.10
+Version: 4.11
Release: 0
Summary: Caching and forwarding HTTP web proxy
License: GPL-2.0-or-later
@@ -33,6 +33,7 @@
Source9: %{name}.permissions
Source10: README.kerberos
Source11: %{name}.service
+Source12: %{name}-user.conf
#
http://lists.squid-cache.org/pipermail/squid-announce/2016-October/000064.html
Source13: http://www.squid-cache.org/pgp.asc#/squid.keyring
Source15: cache_dir.sed
@@ -55,6 +56,8 @@
BuildRequires: pkgconfig
BuildRequires: samba-winbind
BuildRequires: sharutils
+BuildRequires: sysuser-shadow
+BuildRequires: sysuser-tools
BuildRequires: pkgconfig(expat)
BuildRequires: pkgconfig(gssrpc)
BuildRequires: pkgconfig(kdb)
@@ -62,18 +65,18 @@
BuildRequires: pkgconfig(libsasl2)
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(nettle)
-Requires: logrotate
+Recommends: logrotate
Requires(pre): permissions
-Requires(pre): shadow
Provides: http_proxy
# due to package rename
# Wed Aug 15 17:40:30 UTC 2012
Provides: %{name}3 = %{version}
Obsoletes: %{name}3 < %{version}
-%{?systemd_requires}
+%{?systemd_ordering}
%if 0%{?suse_version} >= 1330
BuildRequires: libnsl-devel
%endif
+%sysusers_requires
%description
Squid is a caching proxy for the Web supporting HTTP(S), FTP, and
@@ -142,6 +145,7 @@
--enable-security-cert-generators \
--enable-security-cert-validators
make SAMBAPREFIX=%{_prefix} %{?_smp_mflags}
+%sysusers_generate_pre %{SOURCE12} squid
%install
install -d -m 750 %{buildroot}%{_localstatedir}/{cache,log}/%{name}
@@ -197,28 +201,15 @@
mv %{buildroot}%{_datadir}/squid/mib.txt \
%{buildroot}%{_datadir}/snmp/mibs/SQUID-MIB.txt
+# Install sysusers file.
+mkdir -p %{buildroot}%{_sysusersdir}
+install -m 644 %{SOURCE12} %{buildroot}%{_sysusersdir}/
+
%check
# Fails in chroot environment
make %{?_smp_mflags} check
-%pre
-# we need this group for /usr/sbin/pinger
-getent group %{name} >/dev/null || %{_sbindir}/groupadd -g 31 -r %{name}
-# we need this group for squid (ntlmauth)
-# read access to /var/lib/samba/winbindd_privileged
-getent group winbind >/dev/null || %{_sbindir}/groupadd -r winbind
-getent passwd squid >/dev/null || \
- %{_sbindir}/useradd -c "WWW-proxy squid" -d %{_localstatedir}/cache/%{name} \
- -G winbind -g %{name} -o -u 31 -r -s /bin/false \
- %{name}
-# if default group is not squid, change it
-if [ "$(%{_bindir}/id -ng %{name} 2>/dev/null)" != "%{name}" ]; then
- %{_sbindir}/usermod -g %{name} %{name}
-fi
-# if squid is not member of winbind, add him
-if [ $(%{_bindir}/id -nG %{name} 2>/dev/null | grep -q winbind; echo $?) -ne 0
]; then
- %{_sbindir}/usermod -G winbind %{name}
-fi
+%pre -f squid.pre
%service_add_pre %{name}.service
# update mode?
@@ -265,6 +256,7 @@
%dir %{squidconfdir}
%dir %{_tmpfilesdir}
%{_tmpfilesdir}/squid.conf
+%{_sysusersdir}/squid-user.conf
%config(noreplace) %{squidconfdir}/cachemgr.conf
%config(noreplace) %{squidconfdir}/errorpage.css
%config(noreplace) %{squidconfdir}/errors
++++++ squid-4.10.tar.xz -> squid-4.11.tar.xz ++++++
++++ 4743 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/ChangeLog new/squid-4.11/ChangeLog
--- old/squid-4.10/ChangeLog 2020-01-20 03:51:40.000000000 +0100
+++ new/squid-4.11/ChangeLog 2020-04-19 14:38:51.000000000 +0200
@@ -1,3 +1,15 @@
+Changes to squid-4.11 (18 Apr 2020):
+
+ - Bug 5036: capital 'L's in logs when daemon queue overflows
+ - Bug 5022: Reconfigure kills Coordinator in SMP+ufs configurations
+ - Bug 5016: systemd thinks Squid is ready before Squid listens
+ - kerberos_ldap_group: fix encryption type for cross realm check
+ - HTTP: Ignore malformed Host header in intercept and reverse proxy mode
+ - Fix Digest authentication nonce handling
+ - Supply ALE to request_header_add/reply_header_add
+ - ... and some documentation updates
+ - ... and some compile fixes
+
Changes to squid-4.10 (14 Jan 2020):
- Bug 5009: Build failure with older clang libc++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/RELEASENOTES.html new/squid-4.11/RELEASENOTES.html
--- old/squid-4.10/RELEASENOTES.html 2020-01-20 04:07:14.000000000 +0100
+++ new/squid-4.11/RELEASENOTES.html 2020-04-19 14:50:33.000000000 +0200
@@ -1,11 +1,12 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
- <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.73">
- <TITLE>Squid 4.10 release notes</TITLE>
+ <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.76">
+ <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+ <TITLE>Squid 4.11 release notes</TITLE>
</HEAD>
<BODY>
-<H1>Squid 4.10 release notes</H1>
+<H1>Squid 4.11 release notes</H1>
<H2>Squid Developers</H2>
<HR>
@@ -63,7 +64,7 @@
<HR>
<H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
-<P>The Squid Team are pleased to announce the release of Squid-4.10.</P>
+<P>The Squid Team are pleased to announce the release of Squid-4.11.</P>
<P>This new release is available for download from
<A
HREF="http://www.squid-cache.org/Versions/v4/";>http://www.squid-cache.org/Versions/v4/</A>
or the
<A
HREF="http://www.squid-cache.org/Download/http-mirrors.html";>mirrors</A>.</P>
@@ -637,6 +638,10 @@
<P>The cppunit testing framework is auto-detected and used when available.
This option can be used to disable it explicitly.</P>
+<DT><B>--without-systemd</B><DD>
+<P>SystemD init environment features are auto-detected and used when available.
+This option can be used to disable systemd features explicitly.</P>
+
</DL>
</P>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/cfgaux/compile new/squid-4.11/cfgaux/compile
--- old/squid-4.10/cfgaux/compile 2020-01-20 03:51:49.000000000 +0100
+++ new/squid-4.11/cfgaux/compile 2020-04-19 14:39:01.000000000 +0200
@@ -3,7 +3,7 @@
scriptversion=2018-03-07.03; # UTC
-# Copyright (C) 1999-2018 Free Software Foundation, Inc.
+# Copyright (C) 1999-2020 Free Software Foundation, Inc.
# Written by Tom Tromey <tro...@cygnus.com>.
#
# This program is free software; you can redistribute it and/or modify
@@ -53,7 +53,7 @@
MINGW*)
file_conv=mingw
;;
- CYGWIN*)
+ CYGWIN* | MSYS*)
file_conv=cygwin
;;
*)
@@ -67,7 +67,7 @@
mingw/*)
file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
;;
- cygwin/*)
+ cygwin/* | msys/*)
file=`cygpath -m "$file" || echo "$file"`
;;
wine/*)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/cfgaux/missing new/squid-4.11/cfgaux/missing
--- old/squid-4.10/cfgaux/missing 2020-01-20 03:51:49.000000000 +0100
+++ new/squid-4.11/cfgaux/missing 2020-04-19 14:39:01.000000000 +0200
@@ -3,7 +3,7 @@
scriptversion=2018-03-07.03; # UTC
-# Copyright (C) 1996-2018 Free Software Foundation, Inc.
+# Copyright (C) 1996-2020 Free Software Foundation, Inc.
# Originally written by Fran,cois Pinard <pin...@iro.umontreal.ca>, 1996.
# This program is free software; you can redistribute it and/or modify
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/cfgaux/test-driver new/squid-4.11/cfgaux/test-driver
--- old/squid-4.10/cfgaux/test-driver 2020-01-20 03:51:57.000000000 +0100
+++ new/squid-4.11/cfgaux/test-driver 2020-04-19 14:39:05.000000000 +0200
@@ -3,7 +3,7 @@
scriptversion=2018-03-07.03; # UTC
-# Copyright (C) 2011-2018 Free Software Foundation, Inc.
+# Copyright (C) 2011-2020 Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/compat/getnameinfo.cc new/squid-4.11/compat/getnameinfo.cc
--- old/squid-4.10/compat/getnameinfo.cc 2020-01-20 03:51:40.000000000
+0100
+++ new/squid-4.11/compat/getnameinfo.cc 2020-04-19 14:38:51.000000000
+0200
@@ -203,12 +203,12 @@
if (sp) {
if (strlen(sp->s_name) + 1 > servlen)
return EAI_OVERFLOW;
- strncpy(serv, sp->s_name, servlen);
+ xstrncpy(serv, sp->s_name, servlen);
} else {
snprintf(numserv, sizeof(numserv), "%u", ntohs(port));
if (strlen(numserv) + 1 > servlen)
return EAI_OVERFLOW;
- strncpy(serv, numserv, servlen);
+ xstrncpy(serv, numserv, servlen);
}
}
@@ -301,7 +301,7 @@
#endif
return EAI_OVERFLOW;
}
- strncpy(host, hp->h_name, hostlen);
+ xstrncpy(host, hp->h_name, hostlen);
#if USE_GETIPNODEBY
freehostent(hp);
#endif
@@ -351,7 +351,7 @@
numaddrlen = strlen(numaddr);
if (numaddrlen + 1 > hostlen) /* don't forget terminator */
return EAI_OVERFLOW;
- strncpy(host, numaddr, hostlen);
+ xstrncpy(host, numaddr, hostlen);
if (((const struct sockaddr_in6 *)sa)->sin6_scope_id) {
char zonebuf[SQUIDHOSTNAMELEN];
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/configure.ac new/squid-4.11/configure.ac
--- old/squid-4.10/configure.ac 2020-01-20 03:51:59.000000000 +0100
+++ new/squid-4.11/configure.ac 2020-04-19 14:39:06.000000000 +0200
@@ -5,7 +5,7 @@
## Please see the COPYING and CONTRIBUTORS files for details.
##
-AC_INIT([Squid Web Proxy],[4.10],[http://bugs.squid-cache.org/],[squid])
+AC_INIT([Squid Web Proxy],[4.11],[http://bugs.squid-cache.org/],[squid])
AC_PREREQ(2.61)
AC_CONFIG_HEADERS([include/autoconf.h])
AC_CONFIG_AUX_DIR(cfgaux)
@@ -2124,6 +2124,51 @@
AC_SUBST(LDAPLIB)
AC_SUBST(LBERLIB)
+AC_ARG_WITH(systemd,
+ AS_HELP_STRING([--without-systemd],
+ [Do not use systemd API to send start-up completion
+ notification. Default: auto-detect]), [
+case "$with_systemd" in
+ yes|no)
+ : # Nothing special to do here
+ ;;
+ *)
+ if test ! -d "$withval" ; then
+ AC_MSG_ERROR([--with-systemd path does not point to a directory])
+ fi
+ SYSTEMD_PATH="-L$with_systemd/lib"
+ CPPFLAGS="-I$with_systemd/include $CPPFLAGS"
+ esac
+])
+AH_TEMPLATE(USE_SYSTEMD,[systemd support is available])
+if test "x$with_systemd" != "xno" -a "x$squid_host_os" = "xlinux"; then
+ SQUID_STATE_SAVE(squid_systemd_state)
+
+ # User may have provided a custom location for systemd. Otherwise...
+ LIBS="$LIBS $SYSTEMD_PATH"
+
+ # auto-detect using pkg-config
+ PKG_CHECK_MODULES(SYSTEMD,[libsystemd],,[
+ # systemd < 209
+ PKG_CHECK_MODULES(SYSTEMD,[libsystemd-daemon],,[:])
+ ])
+
+ AC_CHECK_HEADERS(systemd/sd-daemon.h)
+
+ SQUID_STATE_ROLLBACK(squid_systemd_state) #de-pollute LIBS
+
+ if test "x$with_systemd" = "xyes" -a "x$SYSTEMD_LIBS" = "x"; then
+ AC_MSG_ERROR([Required systemd library not found])
+ fi
+ if test "x$SYSTEMD_LIBS" != "x" ; then
+ CXXFLAGS="$SYSTEMD_CFLAGS $CXXFLAGS"
+ AC_DEFINE(USE_SYSTEMD,1,[systemd support is available])
+ else
+ with_systemd=no
+ fi
+fi
+AC_MSG_NOTICE([systemd library support: ${with_systemd:=auto} ${SYSTEMD_PATH}
${SYSTEMD_LIBS}])
+
AC_ARG_ENABLE(forw-via-db,
AS_HELP_STRING([--enable-forw-via-db],[Enable Forw/Via database]), [
SQUID_YESNO([$enableval],[unrecognized argument to --enable-forw-via-db:
$enableval])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/doc/release-notes/release-4.html
new/squid-4.11/doc/release-notes/release-4.html
--- old/squid-4.10/doc/release-notes/release-4.html 2020-01-20
04:07:14.000000000 +0100
+++ new/squid-4.11/doc/release-notes/release-4.html 2020-04-19
14:50:33.000000000 +0200
@@ -1,11 +1,12 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
- <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.73">
- <TITLE>Squid 4.10 release notes</TITLE>
+ <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.76">
+ <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+ <TITLE>Squid 4.11 release notes</TITLE>
</HEAD>
<BODY>
-<H1>Squid 4.10 release notes</H1>
+<H1>Squid 4.11 release notes</H1>
<H2>Squid Developers</H2>
<HR>
@@ -63,7 +64,7 @@
<HR>
<H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
-<P>The Squid Team are pleased to announce the release of Squid-4.10.</P>
+<P>The Squid Team are pleased to announce the release of Squid-4.11.</P>
<P>This new release is available for download from
<A
HREF="http://www.squid-cache.org/Versions/v4/";>http://www.squid-cache.org/Versions/v4/</A>
or the
<A
HREF="http://www.squid-cache.org/Download/http-mirrors.html";>mirrors</A>.</P>
@@ -637,6 +638,10 @@
<P>The cppunit testing framework is auto-detected and used when available.
This option can be used to disable it explicitly.</P>
+<DT><B>--without-systemd</B><DD>
+<P>SystemD init environment features are auto-detected and used when available.
+This option can be used to disable systemd features explicitly.</P>
+
</DL>
</P>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/include/autoconf.h.in new/squid-4.11/include/autoconf.h.in
--- old/squid-4.10/include/autoconf.h.in 2020-01-20 03:51:47.000000000
+0100
+++ new/squid-4.11/include/autoconf.h.in 2020-04-19 14:39:00.000000000
+0200
@@ -1068,6 +1068,9 @@
/* Define to 1 if you have the <syslog.h> header file. */
#undef HAVE_SYSLOG_H
+/* Define to 1 if you have the <systemd/sd-daemon.h> header file. */
+#undef HAVE_SYSTEMD_SD_DAEMON_H
+
/* Define to 1 if you have the <sys/bitypes.h> header file. */
#undef HAVE_SYS_BITYPES_H
@@ -1570,6 +1573,9 @@
/* Use ssl-crtd daemon */
#undef USE_SSL_CRTD
+/* systemd support is available */
+#undef USE_SYSTEMD
+
/* Enable extensions on AIX 3, Interix. */
#ifndef _ALL_SOURCE
# undef _ALL_SOURCE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/include/version.h new/squid-4.11/include/version.h
--- old/squid-4.10/include/version.h 2020-01-20 03:51:59.000000000 +0100
+++ new/squid-4.11/include/version.h 2020-04-19 14:39:06.000000000 +0200
@@ -7,7 +7,7 @@
*/
#ifndef SQUID_RELEASE_TIME
-#define SQUID_RELEASE_TIME 1579488704
+#define SQUID_RELEASE_TIME 1587299937
#endif
/*
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/libltdl/m4/libtool.m4 new/squid-4.11/libltdl/m4/libtool.m4
--- old/squid-4.10/libltdl/m4/libtool.m4 2020-01-20 03:51:48.000000000
+0100
+++ new/squid-4.11/libltdl/m4/libtool.m4 2020-04-19 14:39:00.000000000
+0200
@@ -1041,8 +1041,8 @@
_LT_EOF
echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
$LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
- echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
- $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
+ echo "$AR cr libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
+ $AR cr libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
$RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
cat > conftest.c << _LT_EOF
@@ -1492,7 +1492,7 @@
m4_defun([_LT_PROG_AR],
[AC_CHECK_TOOLS(AR, [ar], false)
: ${AR=ar}
-: ${AR_FLAGS=cru}
+: ${AR_FLAGS=cr}
_LT_DECL([], [AR], [1], [The archiver])
_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/src/FwdState.cc new/squid-4.11/src/FwdState.cc
--- old/squid-4.10/src/FwdState.cc 2020-01-20 03:51:40.000000000 +0100
+++ new/squid-4.11/src/FwdState.cc 2020-04-19 14:38:51.000000000 +0200
@@ -587,6 +587,9 @@
if (!entry->isEmpty())
return false;
+ if (request->flags.pinned && !pinnedCanRetry())
+ return false;
+
if (exhaustedTries())
return false;
@@ -1068,6 +1071,11 @@
debugs(17, 3, HERE << e->url() << "?" );
+ if (request->flags.pinned && !pinnedCanRetry()) {
+ debugs(17, 3, "pinned connection; cannot retry");
+ return 0;
+ }
+
if (!EBIT_TEST(e->flags, ENTRY_FWD_HDR_WAIT)) {
debugs(17, 3, HERE << "No, ENTRY_FWD_HDR_WAIT isn't set");
return 0;
@@ -1229,6 +1237,28 @@
return n_tries >= Config.forward_max_tries;
}
+bool
+FwdState::pinnedCanRetry() const
+{
+ assert(request->flags.pinned);
+
+ // pconn race on pinned connection: Currently we do not have any mechanism
+ // to retry current pinned connection path.
+ if (pconnRace == raceHappened)
+ return false;
+
+ // If a bumped connection was pinned, then the TLS client was given our
peer
+ // details. Do not retry because we do not ensure that those details stay
+ // constant. Step1-bumped connections do not get our TLS peer details, are
+ // never pinned, and, hence, never reach this method.
+ if (request->flags.sslBumped)
+ return false;
+
+ // The other pinned cases are FTP proxying and connection-based HTTP
+ // authentication. TODO: Do these cases have restrictions?
+ return true;
+}
+
/**** PRIVATE NON-MEMBER FUNCTIONS
********************************************/
/*
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/src/FwdState.h new/squid-4.11/src/FwdState.h
--- old/squid-4.10/src/FwdState.h 2020-01-20 03:51:40.000000000 +0100
+++ new/squid-4.11/src/FwdState.h 2020-04-19 14:38:51.000000000 +0200
@@ -117,6 +117,11 @@
void doneWithRetries();
void completed();
void retryOrBail();
+
+ /// whether a pinned to-peer connection can be replaced with another one
+ /// (in order to retry or reforward a failed request)
+ bool pinnedCanRetry() const;
+
ErrorState *makeConnectingError(const err_type type) const;
void connectedToPeer(Security::EncryptorAnswer &answer);
static void RegisterWithCacheManager(void);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/src/HttpHeaderTools.cc new/squid-4.11/src/HttpHeaderTools.cc
--- old/squid-4.10/src/HttpHeaderTools.cc 2020-01-20 03:51:40.000000000
+0100
+++ new/squid-4.11/src/HttpHeaderTools.cc 2020-04-19 14:38:51.000000000
+0200
@@ -477,6 +477,12 @@
{
ACLFilledChecklist checklist(NULL, request, NULL);
+ checklist.al = al;
+ if (al && al->reply) {
+ checklist.reply = al->reply;
+ HTTPMSGLOCK(checklist.reply);
+ }
+
for (HeaderWithAclList::const_iterator hwa = headersAdd.begin(); hwa !=
headersAdd.end(); ++hwa) {
if (!hwa->aclList || checklist.fastCheck(hwa->aclList).allowed()) {
const char *fieldValue = NULL;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/src/Makefile.am new/squid-4.11/src/Makefile.am
--- old/squid-4.10/src/Makefile.am 2020-01-20 03:51:40.000000000 +0100
+++ new/squid-4.11/src/Makefile.am 2020-04-19 14:38:51.000000000 +0200
@@ -576,6 +576,7 @@
$(EPOLL_LIBS) \
$(MINGW_LIBS) \
$(KRB5LIBS) \
+ $(SYSTEMD_LIBS) \
$(COMPAT_LIB) \
$(XTRA_LIBS)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/src/acl/external/SQL_session/ext_sql_session_acl.8
new/squid-4.11/src/acl/external/SQL_session/ext_sql_session_acl.8
--- old/squid-4.10/src/acl/external/SQL_session/ext_sql_session_acl.8
2020-01-20 04:07:17.000000000 +0100
+++ new/squid-4.11/src/acl/external/SQL_session/ext_sql_session_acl.8
2020-04-19 14:50:35.000000000 +0200
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EXT_SQL_SESSION_ACL 8"
-.TH EXT_SQL_SESSION_ACL 8 "2020-01-20" "perl v5.28.1" "User Contributed Perl
Documentation"
+.TH EXT_SQL_SESSION_ACL 8 "2020-04-19" "perl v5.28.1" "User Contributed Perl
Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/src/acl/external/delayer/ext_delayer_acl.8
new/squid-4.11/src/acl/external/delayer/ext_delayer_acl.8
--- old/squid-4.10/src/acl/external/delayer/ext_delayer_acl.8 2020-01-20
04:07:17.000000000 +0100
+++ new/squid-4.11/src/acl/external/delayer/ext_delayer_acl.8 2020-04-19
14:50:35.000000000 +0200
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EXT_DELAYER_ACL 8"
-.TH EXT_DELAYER_ACL 8 "2020-01-20" "perl v5.28.1" "User Contributed Perl
Documentation"
+.TH EXT_DELAYER_ACL 8 "2020-04-19" "perl v5.28.1" "User Contributed Perl
Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/src/acl/external/kerberos_ldap_group/support_krb5.cc
new/squid-4.11/src/acl/external/kerberos_ldap_group/support_krb5.cc
--- old/squid-4.10/src/acl/external/kerberos_ldap_group/support_krb5.cc
2020-01-20 03:51:40.000000000 +0100
+++ new/squid-4.11/src/acl/external/kerberos_ldap_group/support_krb5.cc
2020-04-19 14:38:51.000000000 +0200
@@ -465,6 +465,12 @@
k5_error("Error while initialising TGT credentials", code);
goto loop_end;
}
+
+ // overwrite limitation of enctypes
+ creds->keyblock.enctype = 0;
+ if (creds->keyblock.contents)
+ krb5_free_keyblock_contents(kparam.context,
&creds->keyblock);
+
code = krb5_get_credentials(kparam.context, 0,
kparam.cc[ccindex], creds, &tgt_creds);
if (code) {
k5_error("Error while getting tgt", code);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8
new/squid-4.11/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8
--- old/squid-4.10/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8
2020-01-20 04:07:17.000000000 +0100
+++ new/squid-4.11/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8
2020-04-19 14:50:36.000000000 +0200
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EXT_WBINFO_GROUP_ACL 8"
-.TH EXT_WBINFO_GROUP_ACL 8 "2020-01-20" "perl v5.28.1" "User Contributed Perl
Documentation"
+.TH EXT_WBINFO_GROUP_ACL 8 "2020-04-19" "perl v5.28.1" "User Contributed Perl
Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/src/auth/basic/DB/basic_db_auth.8
new/squid-4.11/src/auth/basic/DB/basic_db_auth.8
--- old/squid-4.10/src/auth/basic/DB/basic_db_auth.8 2020-01-20
04:07:18.000000000 +0100
+++ new/squid-4.11/src/auth/basic/DB/basic_db_auth.8 2020-04-19
14:50:36.000000000 +0200
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BASIC_DB_AUTH 8"
-.TH BASIC_DB_AUTH 8 "2020-01-20" "perl v5.28.1" "User Contributed Perl
Documentation"
+.TH BASIC_DB_AUTH 8 "2020-04-19" "perl v5.28.1" "User Contributed Perl
Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/src/auth/basic/POP3/basic_pop3_auth.8
new/squid-4.11/src/auth/basic/POP3/basic_pop3_auth.8
--- old/squid-4.10/src/auth/basic/POP3/basic_pop3_auth.8 2020-01-20
04:07:18.000000000 +0100
+++ new/squid-4.11/src/auth/basic/POP3/basic_pop3_auth.8 2020-04-19
14:50:37.000000000 +0200
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BASIC_POP3_AUTH 8"
-.TH BASIC_POP3_AUTH 8 "2020-01-20" "perl v5.28.1" "User Contributed Perl
Documentation"
+.TH BASIC_POP3_AUTH 8 "2020-04-19" "perl v5.28.1" "User Contributed Perl
Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/src/auth/digest/Config.cc
new/squid-4.11/src/auth/digest/Config.cc
--- old/squid-4.10/src/auth/digest/Config.cc 2020-01-20 03:51:40.000000000
+0100
+++ new/squid-4.11/src/auth/digest/Config.cc 2020-04-19 14:38:51.000000000
+0200
@@ -94,9 +94,6 @@
static void authenticateDigestNonceSetup(void);
static void authDigestNonceEncode(digest_nonce_h * nonce);
static void authDigestNonceLink(digest_nonce_h * nonce);
-#if NOT_USED
-static int authDigestNonceLinks(digest_nonce_h * nonce);
-#endif
static void authDigestNonceUserUnlink(digest_nonce_h * nonce);
static void
@@ -155,10 +152,10 @@
* really bad timing with expiry and creation). Using a random
* component in the nonce allows us to loop to find a unique nonce.
* We use H(nonce_data) so the nonce is meaningless to the reciever.
- * So our nonce looks like hex(H(timestamp,pointertohash,randomdata))
+ * So our nonce looks like hex(H(timestamp,randomdata))
* And even if our randomness is not very random we don't really care
- * - the timestamp and memory pointer also guarantee local uniqueness
- * in the input to the hash function.
+ * - the timestamp also guarantees local uniqueness in the input to
+ * the hash function.
*/
// NP: this will likely produce the same randomness sequences for each
worker
// since they should all start within the 1-second resolution of seed
value.
@@ -168,7 +165,6 @@
/* create a new nonce */
newnonce->nc = 0;
newnonce->flags.valid = true;
- newnonce->noncedata.self = newnonce;
newnonce->noncedata.creationtime = current_time.tv_sec;
newnonce->noncedata.randomdata = newRandomData(mt);
@@ -290,21 +286,10 @@
{
assert(nonce != NULL);
++nonce->references;
+ assert(nonce->references != 0); // no overflows
debugs(29, 9, "nonce '" << nonce << "' now at '" << nonce->references <<
"'.");
}
-#if NOT_USED
-static int
-authDigestNonceLinks(digest_nonce_h * nonce)
-{
- if (!nonce)
- return -1;
-
- return nonce->references;
-}
-
-#endif
-
void
authDigestNonceUnlink(digest_nonce_h * nonce)
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/src/auth/digest/Config.h new/squid-4.11/src/auth/digest/Config.h
--- old/squid-4.10/src/auth/digest/Config.h 2020-01-20 03:51:40.000000000
+0100
+++ new/squid-4.11/src/auth/digest/Config.h 2020-04-19 14:38:51.000000000
+0200
@@ -32,8 +32,6 @@
/* data to be encoded into the nonce's hex representation */
struct _digest_nonce_data {
time_t creationtime;
- /* in memory address of the nonce struct (similar purpose to an ETag) */
- digest_nonce_h *self;
uint32_t randomdata;
};
@@ -44,7 +42,7 @@
/* number of uses we've seen of this nonce */
unsigned long nc;
/* reference count */
- short references;
+ uint64_t references;
/* the auth_user this nonce has been tied to */
Auth::Digest::User *user;
/* has this nonce been invalidated ? */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/src/cf.data.pre new/squid-4.11/src/cf.data.pre
--- old/squid-4.10/src/cf.data.pre 2020-01-20 03:51:40.000000000 +0100
+++ new/squid-4.11/src/cf.data.pre 2020-04-19 14:38:51.000000000 +0200
@@ -7609,7 +7609,7 @@
DEFAULT_DOC: Address selected by the operating system.
IFDEF: USE_WCCP
DOC_START
- Use this option if you require WCCPv2 to use a specific
+ Use this option if you require WCCP(v1) to use a specific
interface address.
The default behavior is to not bind to any specific address.
@@ -7622,7 +7622,7 @@
DEFAULT_DOC: Address selected by the operating system.
IFDEF: USE_WCCPv2
DOC_START
- Use this option if you require WCCP to use a specific
+ Use this option if you require WCCPv2 to use a specific
interface address.
The default behavior is to not bind to any specific address.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/src/client_side.cc new/squid-4.11/src/client_side.cc
--- old/squid-4.10/src/client_side.cc 2020-01-20 03:51:40.000000000 +0100
+++ new/squid-4.11/src/client_side.cc 2020-04-19 14:38:51.000000000 +0200
@@ -136,6 +136,10 @@
#include <cmath>
#include <limits>
+#if HAVE_SYSTEMD_SD_DAEMON_H
+#include <systemd/sd-daemon.h>
+#endif
+
#if LINGERING_CLOSE
#define comm_close comm_lingering_close
#endif
@@ -3646,6 +3650,20 @@
<< s->listenConn);
Must(AddOpenedHttpSocket(s->listenConn)); // otherwise, we have received a
fd we did not ask for
+
+#if USE_SYSTEMD
+ // When the very first port opens, tell systemd we are able to serve
connections.
+ // Subsequent sd_notify() calls, including calls during reconfiguration,
+ // do nothing because the first call parameter is 1.
+ // XXX: Send the notification only after opening all configured ports.
+ if (opt_foreground || opt_no_daemon) {
+ const auto result = sd_notify(1, "READY=1");
+ if (result < 0) {
+ debugs(1, DBG_IMPORTANT, "WARNING: failed to send start-up
notification to systemd" <<
+ Debug::Extra << "sd_notify() error: " << xstrerr(-result));
+ }
+ }
+#endif
}
void
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/src/clients/FtpGateway.cc
new/squid-4.11/src/clients/FtpGateway.cc
--- old/squid-4.10/src/clients/FtpGateway.cc 2020-01-20 03:51:40.000000000
+0100
+++ new/squid-4.11/src/clients/FtpGateway.cc 2020-04-19 14:38:51.000000000
+0200
@@ -564,8 +564,6 @@
n_tokens = 0;
- memset(tokens, 0, sizeof(tokens));
-
xbuf = xstrdup(buf);
if (flags.tried_nlst) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/src/esi/Context.h new/squid-4.11/src/esi/Context.h
--- old/squid-4.10/src/esi/Context.h 2020-01-20 03:51:40.000000000 +0100
+++ new/squid-4.11/src/esi/Context.h 2020-04-19 14:38:51.000000000 +0200
@@ -12,6 +12,7 @@
#include "clientStream.h"
#include "err_type.h"
#include "esi/Element.h"
+#include "esi/Esi.h"
#include "esi/Parser.h"
#include "http/forward.h"
#include "http/StatusCode.h"
@@ -113,7 +114,7 @@
{
public:
- ESIElement::Pointer stack[10]; /* a stack of esi elements that are
open */
+ ESIElement::Pointer stack[ESI_STACK_DEPTH_LIMIT]; /* a stack of esi
elements that are open */
int stackdepth; /* self explanatory */
ESIParser::Pointer theParser;
ESIElement::Pointer top();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/src/esi/Esi.cc new/squid-4.11/src/esi/Esi.cc
--- old/squid-4.10/src/esi/Esi.cc 2020-01-20 03:51:40.000000000 +0100
+++ new/squid-4.11/src/esi/Esi.cc 2020-04-19 14:38:51.000000000 +0200
@@ -29,6 +29,7 @@
#include "esi/Expression.h"
#include "esi/Segment.h"
#include "esi/VarState.h"
+#include "FadingCounter.h"
#include "fatal.h"
#include "http/Stream.h"
#include "HttpHdrSc.h"
@@ -930,13 +931,18 @@
ESIContext::addStackElement (ESIElement::Pointer element)
{
/* Put on the stack to allow skipping of 'invalid' markup */
- assert (parserState.stackdepth <11);
+
+ // throw an error if the stack location would be invalid
+ if (parserState.stackdepth >= ESI_STACK_DEPTH_LIMIT)
+ throw Esi::Error("ESI Too many nested elements");
+ if (parserState.stackdepth < 0)
+ throw Esi::Error("ESI elements stack error, probable error in ESI
template");
+
assert (!failed());
debugs(86, 5, "ESIContext::addStackElement: About to add ESI Node " <<
element.getRaw());
if (!parserState.top()->addElement(element)) {
- debugs(86, DBG_IMPORTANT, "ESIContext::addStackElement: failed to add
esi node, probable error in ESI template");
- flags.error = 1;
+ throw Esi::Error("ESIContext::addStackElement failed, probable error
in ESI template");
} else {
/* added ok, push onto the stack */
parserState.stack[parserState.stackdepth] = element;
@@ -1188,13 +1194,10 @@
assert (len);
debugs(86, 5, "literal length is " << len);
/* give a literal to the current element */
- assert (parserState.stackdepth <11);
ESIElement::Pointer element (new esiLiteral (this, s, len));
- if (!parserState.top()->addElement(element)) {
- debugs(86, DBG_IMPORTANT, "ESIContext::addLiteral: failed to add esi
node, probable error in ESI template");
- flags.error = 1;
- }
+ if (!parserState.top()->addElement(element))
+ throw Esi::Error("ESIContext::addLiteral failed, probable error in ESI
template");
}
void
@@ -1256,8 +1259,24 @@
PROF_start(esiParsing);
- while (buffered.getRaw() && !flags.error)
- parseOneBuffer();
+ try {
+ while (buffered.getRaw() && !flags.error)
+ parseOneBuffer();
+
+ } catch (Esi::ErrorDetail &errMsg) { // FIXME: non-const for c_str()
+ // level-2: these are protocol/syntax errors from upstream
+ debugs(86, 2, "WARNING: ESI syntax error: " << errMsg);
+ setError();
+ setErrorMessage(errMsg.c_str());
+
+ } catch (...) {
+ // DBG_IMPORTANT because these are local issues the admin needs to
fix
+ static FadingCounter logEntries; // TODO: set horizon less than
infinity
+ if (logEntries.count(1) < 100)
+ debugs(86, DBG_IMPORTANT, "ERROR: ESI parser: " <<
CurrentException);
+ setError();
+ setErrorMessage("ESI parser error");
+ }
PROF_stop(esiParsing);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/src/esi/Esi.h new/squid-4.11/src/esi/Esi.h
--- old/squid-4.10/src/esi/Esi.h 2020-01-20 03:51:40.000000000 +0100
+++ new/squid-4.11/src/esi/Esi.h 2020-04-19 14:38:51.000000000 +0200
@@ -10,6 +10,11 @@
#define SQUID_ESI_H
#include "clientStream.h"
+#include "sbuf/SBuf.h"
+
+#if !defined(ESI_STACK_DEPTH_LIMIT)
+#define ESI_STACK_DEPTH_LIMIT 20
+#endif
/* ESI.c */
extern CSR esiStreamRead;
@@ -18,5 +23,14 @@
extern CSS esiStreamStatus;
int esiEnableProcessing (HttpReply *);
+namespace Esi
+{
+
+typedef SBuf ErrorDetail;
+/// prepare an Esi::ErrorDetail for throw on ESI parser internal errors
+inline Esi::ErrorDetail Error(const char *msg) { return ErrorDetail(msg); }
+
+} // namespace Esi
+
#endif /* SQUID_ESI_H */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/src/esi/Expression.cc new/squid-4.11/src/esi/Expression.cc
--- old/squid-4.10/src/esi/Expression.cc 2020-01-20 03:51:40.000000000
+0100
+++ new/squid-4.11/src/esi/Expression.cc 2020-04-19 14:38:51.000000000
+0200
@@ -10,6 +10,7 @@
#include "squid.h"
#include "Debug.h"
+#include "esi/Esi.h"
#include "esi/Expression.h"
#include "profiler/Profiler.h"
@@ -97,6 +98,17 @@
cleanmember(&s[*depth]);
}
+static void
+stackpush(stackmember *stack, stackmember &item, int *depth)
+{
+ if (*depth < 0)
+ throw Esi::Error("ESIExpression stack has negative size");
+ if (*depth >= ESI_STACK_DEPTH_LIMIT)
+ throw Esi::Error("ESIExpression stack is full, cannot push");
+
+ stack[(*depth)++] = item;
+}
+
static evaluate evalnegate;
static evaluate evalliteral;
static evaluate evalor;
@@ -208,6 +220,11 @@
/* invalid stack */
return 1;
+ if (whereAmI < 0)
+ throw Esi::Error("negate expression location too small");
+ if (*depth >= ESI_STACK_DEPTH_LIMIT)
+ throw Esi::Error("negate expression too complex");
+
if (stack[whereAmI + 1].valuetype != ESI_EXPR_EXPR)
/* invalid operand */
return 1;
@@ -280,7 +297,7 @@
srv.precedence = 1;
- stack[(*depth)++] = srv;
+ stackpush(stack, srv, depth);
/* we're out of way, try adding now */
if (!addmember(stack, depth, candidate))
@@ -327,7 +344,7 @@
srv.precedence = 1;
- stack[(*depth)++] = srv;
+ stackpush(stack, srv, depth);
/* we're out of way, try adding now */
if (!addmember(stack, depth, candidate))
@@ -373,7 +390,7 @@
srv.precedence = 1;
- stack[(*depth)++] = srv;
+ stackpush(stack, srv, depth);
/* we're out of way, try adding now */
if (!addmember(stack, depth, candidate))
@@ -421,7 +438,7 @@
srv.precedence = 1;
- stack[(*depth)++] = srv;
+ stackpush(stack, srv, depth);
/* we're out of way, try adding now */
if (!addmember(stack, depth, candidate))
@@ -469,7 +486,7 @@
srv.precedence = 1;
- stack[(*depth)++] = srv;
+ stackpush(stack, srv, depth);
/* we're out of way, try adding now */
if (!addmember(stack, depth, candidate))
@@ -517,7 +534,7 @@
srv.precedence = 1;
- stack[(*depth)++] = srv;
+ stackpush(stack, srv, depth);
/* we're out of way, try adding now */
if (!addmember(stack, depth, candidate))
@@ -566,7 +583,7 @@
srv.precedence = 1;
- stack[(*depth)++] = srv;
+ stackpush(stack, srv, depth);
/* we're out of way, try adding now */
if (!addmember(stack, depth, candidate))
@@ -613,7 +630,7 @@
srv.precedence = 1;
- stack[(*depth)++] = srv;
+ stackpush(stack, srv, depth);
/* we're out of way, try adding now */
if (!addmember(stack, depth, candidate))
@@ -953,6 +970,9 @@
/* !(!(a==b))) is why thats safe */
/* strictly less than until we unwind */
+ if (*stackdepth >= ESI_STACK_DEPTH_LIMIT)
+ throw Esi::Error("ESI expression too complex to add member");
+
if (candidate->precedence < stack[*stackdepth - 1].precedence ||
candidate->precedence < stack[*stackdepth - 2].precedence) {
/* must be an operator */
@@ -968,10 +988,10 @@
return 0;
}
} else {
- stack[(*stackdepth)++] = *candidate;
+ stackpush(stack, *candidate, stackdepth);
}
} else if (candidate->valuetype != ESI_EXPR_INVALID)
- stack[(*stackdepth)++] = *candidate;
+ stackpush(stack, *candidate, stackdepth);
return 1;
}
@@ -979,7 +999,7 @@
int
ESIExpression::Evaluate(char const *s)
{
- stackmember stack[20];
+ stackmember stack[ESI_STACK_DEPTH_LIMIT];
int stackdepth = 0;
char const *end;
PROF_start(esiExpressionEval);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/src/fs/ufs/UFSSwapDir.cc new/squid-4.11/src/fs/ufs/UFSSwapDir.cc
--- old/squid-4.10/src/fs/ufs/UFSSwapDir.cc 2020-01-20 03:51:40.000000000
+0100
+++ new/squid-4.11/src/fs/ufs/UFSSwapDir.cc 2020-04-19 14:38:51.000000000
+0200
@@ -724,6 +724,9 @@
void
Fs::Ufs::UFSSwapDir::openLog()
{
+ if (!IamWorkerProcess())
+ return;
+
assert(NumberOfUFSDirs || !UFSDirToGlobalDirMapping);
++NumberOfUFSDirs;
assert(NumberOfUFSDirs <= Config.cacheSwap.n_configured);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/src/http/url_rewriters/LFS/url_lfs_rewrite.8
new/squid-4.11/src/http/url_rewriters/LFS/url_lfs_rewrite.8
--- old/squid-4.10/src/http/url_rewriters/LFS/url_lfs_rewrite.8 2020-01-20
04:07:19.000000000 +0100
+++ new/squid-4.11/src/http/url_rewriters/LFS/url_lfs_rewrite.8 2020-04-19
14:50:37.000000000 +0200
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "URL_LFS_REWRITE 8"
-.TH URL_LFS_REWRITE 8 "2020-01-20" "perl v5.28.1" "User Contributed Perl
Documentation"
+.TH URL_LFS_REWRITE 8 "2020-04-19" "perl v5.28.1" "User Contributed Perl
Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/src/log/DB/log_db_daemon.8
new/squid-4.11/src/log/DB/log_db_daemon.8
--- old/squid-4.10/src/log/DB/log_db_daemon.8 2020-01-20 04:07:19.000000000
+0100
+++ new/squid-4.11/src/log/DB/log_db_daemon.8 2020-04-19 14:50:38.000000000
+0200
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "LOG_DB_DAEMON 8"
-.TH LOG_DB_DAEMON 8 "2020-01-20" "perl v5.28.1" "User Contributed Perl
Documentation"
+.TH LOG_DB_DAEMON 8 "2020-04-19" "perl v5.28.1" "User Contributed Perl
Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/src/log/ModDaemon.cc new/squid-4.11/src/log/ModDaemon.cc
--- old/squid-4.10/src/log/ModDaemon.cc 2020-01-20 03:51:40.000000000 +0100
+++ new/squid-4.11/src/log/ModDaemon.cc 2020-04-19 14:38:51.000000000 +0200
@@ -298,8 +298,14 @@
}
return;
}
- /* Append this data to the end buffer; create a new one if needed */
+
/* Are we eol? If so, prefix with our logfile command byte */
+ if (ll->eol == 1) {
+ logfile_mod_daemon_append(lf, "L", 1);
+ ll->eol = 0;
+ }
+
+ /* Append this data to the end buffer; create a new one if needed */
logfile_mod_daemon_append(lf, buf, len);
}
@@ -307,12 +313,8 @@
logfile_mod_daemon_linestart(Logfile * lf)
{
l_daemon_t *ll = static_cast<l_daemon_t *>(lf->data);
- char tb[2];
assert(ll->eol == 1);
- ll->eol = 0;
- tb[0] = 'L';
- tb[1] = '\0';
- logfile_mod_daemon_append(lf, tb, 1);
+ // logfile_mod_daemon_writeline() sends the starting command
}
static void
@@ -320,7 +322,8 @@
{
l_daemon_t *ll = static_cast<l_daemon_t *>(lf->data);
logfile_buffer_t *b;
- assert(ll->eol == 0);
+ if (ll->eol == 1) // logfile_mod_daemon_writeline() wrote nothing
+ return;
ll->eol = 1;
/* Kick a write off if the head buffer is -full- */
if (ll->bufs.head != NULL) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/src/peer_select.cc new/squid-4.11/src/peer_select.cc
--- old/squid-4.10/src/peer_select.cc 2020-01-20 03:51:40.000000000 +0100
+++ new/squid-4.11/src/peer_select.cc 2020-04-19 14:38:51.000000000 +0200
@@ -274,6 +274,20 @@
return;
}
+ if (fs && fs->code == PINNED) {
+ // Send an empty IP address marked as PINNED
+ const Comm::ConnectionPointer p = new Comm::Connection();
+ p->peerType = PINNED;
+ // Caller requires to check for pinned connections through
+ // CachePeer object:
+ p->setPeer(fs->_peer.get());
+ psstate->paths->push_back(p);
+ psstate->servers = fs->next;
+ delete fs;
+ peerSelectDnsPaths(psstate);
+ return;
+ }
+
// convert the list of FwdServer destinations into destinations IP
addresses
if (fs && psstate->paths->size() < (unsigned int)Config.forward_max_tries)
{
// send the next one off for DNS lookup.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/src/security/cert_validators/fake/security_fake_certverify.8
new/squid-4.11/src/security/cert_validators/fake/security_fake_certverify.8
--- old/squid-4.10/src/security/cert_validators/fake/security_fake_certverify.8
2020-01-20 04:07:19.000000000 +0100
+++ new/squid-4.11/src/security/cert_validators/fake/security_fake_certverify.8
2020-04-19 14:50:38.000000000 +0200
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SECURITY_FAKE_CERTVERIFY 8"
-.TH SECURITY_FAKE_CERTVERIFY 8 "2020-01-20" "perl v5.28.1" "User Contributed
Perl Documentation"
+.TH SECURITY_FAKE_CERTVERIFY 8 "2020-04-19" "perl v5.28.1" "User Contributed
Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/src/store/id_rewriters/file/storeid_file_rewrite.8
new/squid-4.11/src/store/id_rewriters/file/storeid_file_rewrite.8
--- old/squid-4.10/src/store/id_rewriters/file/storeid_file_rewrite.8
2020-01-20 04:07:17.000000000 +0100
+++ new/squid-4.11/src/store/id_rewriters/file/storeid_file_rewrite.8
2020-04-19 14:50:36.000000000 +0200
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "STOREID_FILE_REWRITE 8"
-.TH STOREID_FILE_REWRITE 8 "2020-01-20" "perl v5.28.1" "User Contributed Perl
Documentation"
+.TH STOREID_FILE_REWRITE 8 "2020-04-19" "perl v5.28.1" "User Contributed Perl
Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/tools/helper-mux/helper-mux.8
new/squid-4.11/tools/helper-mux/helper-mux.8
--- old/squid-4.10/tools/helper-mux/helper-mux.8 2020-01-20
04:07:20.000000000 +0100
+++ new/squid-4.11/tools/helper-mux/helper-mux.8 2020-04-19
14:50:38.000000000 +0200
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "HELPER-MUX 8"
-.TH HELPER-MUX 8 "2020-01-20" "perl v5.28.1" "User Contributed Perl
Documentation"
+.TH HELPER-MUX 8 "2020-04-19" "perl v5.28.1" "User Contributed Perl
Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/squid-4.10/tools/systemd/squid.service
new/squid-4.11/tools/systemd/squid.service
--- old/squid-4.10/tools/systemd/squid.service 2020-01-20 03:51:40.000000000
+0100
+++ new/squid-4.11/tools/systemd/squid.service 2020-04-19 14:38:51.000000000
+0200
@@ -11,12 +11,13 @@
After=network.target network-online.target nss-lookup.target
[Service]
-Type=forking
+Type=notify
PIDFile=/var/run/squid.pid
ExecStartPre=/usr/sbin/squid --foreground -z
-ExecStart=/usr/sbin/squid -sYC
+ExecStart=/usr/sbin/squid --foreground -sYC
ExecReload=/bin/kill -HUP $MAINPID
KillMode=mixed
+NotifyAccess=all
[Install]
WantedBy=multi-user.target
++++++ squid-4.10.tar.xz.asc -> squid-4.11.tar.xz.asc ++++++
--- /work/SRC/openSUSE:Leap:15.2/squid/squid-4.10.tar.xz.asc 2020-02-29
17:18:51.705341423 +0100
+++ /work/SRC/openSUSE:Leap:15.2/.squid.new.2738/squid-4.11.tar.xz.asc
2020-05-03 14:28:47.300443274 +0200
@@ -1,25 +1,25 @@
-File: squid-4.10.tar.xz
-Date: Mon Jan 20 04:10:45 UTC 2020
-Size: 2445848
-MD5 : af7ac6e70f9bd03ae4fcec0c9b99c38a
-SHA1: b8b267771550bb8c7f2b2968b305118090e7217a
+File: squid-4.11.tar.xz
+Date: Sun Apr 19 12:56:37 UTC 2020
+Size: 2447700
+MD5 : 10f34e852153a9996aa4614670e2bda1
+SHA1: 053277bf5497163ffc9261b9807abda5959bb6fc
Key : CD6DBF8EF3B17D3E <squ...@treenet.co.nz>
B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E
keyring = http://www.squid-cache.org/pgp.asc
keyserver = pool.sks-keyservers.net
-----BEGIN PGP SIGNATURE-----
-iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAl4lKFMACgkQzW2/jvOx
-fT4aUBAAhR5YcsaTdBaFMOTNM0WUp3USNxjhrQtq+rwkQLqwh3hl2idKZY6fmqAJ
-cv/m9915T7Nd2H7ROl3vxs0ToP1R5EsEbyvcz/tKPoBrXFDDH9JsgkvbF0A4oxW1
-S8PtRlwXPbllHp/yaEZk9NL0PZCrUeW79s4M2hXSPOsC0/RogUUMN/Saa8VX3ZVe
-ZuSZoy+Ew3ZeQ3Y/mqblTN6xRn9zLq+GfqXOjTQQBfAiGprjsPQE4rOame6P9meh
-aGOGDABx7YoRsSskiAZY8cfIsunZdHoORi1WXvcu3hAB0zCZjrO0vptSig7sVCFD
-pdjLCrxopj/jIpAcVLPhl7AHjirAeTxDraQhgie+PT3M+tVm950HJZRt/idzCiNX
-XJj4Tw2gZ+tCKPLUoPvILID8grQQ+HKUA1a8ASeUxUD+sOcwdolUhbzlIl9lMDwY
-hxle9J1QH/04MAhMEnfGZH+ekR5PV+XG4iLWQnPcMSKymtDxiYpgJ9GTDBww0phk
-P1Tg33kSkHLAecEvcFlkZwrsw57qULFQKo2ZUE7Udm9xwBruwPunc+1XJ/PCs6mc
-3RfT5b1rf/fgWhvuwm5vuBkbL1H74gX8u84G984st5zj33t9aagByUXIkxjsLQww
-pFHXYm1PbphFsRIAcAGfkEluSz1X9yOwXyy12uuE7Bc/Ox7zIXk=
-=vpEO
+iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAl6cSpEACgkQzW2/jvOx
+fT6YbA/6A+IbIbNBJUW45oj23Io9Tw/CzAcTeLHR+McKwV77qMbR+L+kQ+fUdM5F
+rHAmd8bVVlyHc4WanVfWItEmzBzHA/ifTNvVpefSGGEbDb80RF66k7ACiZUokg1b
+kkPwc/SjDhe2wvketIaBiVVd7pylrlCdVvazcF8gE9MWDOIlJND5mnHXidXvwkbJ
+T2//8JZVEmcmN9pdFGNAUVckFm+AnwWXcRM1SQPYDGSVUtjVlqido8snLTA1mZwl
+rIpjppujMV54OOWlj+Gqa3MZkpNzIaMCAfphzUFlsQY+/sRUYAOv1wmxw2WclxlK
+WlWM+fw8OsYNDMwkOScKZZWceoAkq6UsUHzCAdJIdLqV/R6mZ9nfuZ6BHIr0+2dP
+bDf9MU4KXbwEuXiRD/KPziUxxOZwSPivbm3wy9DqTTZfO9V+Iq6FVHX+ahxJ0XbM
+JWRYA3GW+DRLjorfsWxU5r4UJsrnBfhItPUAfGPjPjEGZ/pn8r9G6MGenNGPLMKy
+wP1rMlOhrZPwerzokzAvKx8G0WWkfN+IPv2JK3rDot6RiJIOuvnZZd4RIuVNTGbh
+liO7M24JlWX3WD2wHBzxQag46+plb3VvrrVChwIQnZ2Qzpf50w0Bife/wtNBGpK0
+k/Xi/nocO796YS8GZBnmhS1lEGEwp/YpJBFWmIjTWMUMEOcswVA=
+=PKl0
-----END PGP SIGNATURE-----
++++++ squid-user.conf ++++++
# Type Name ID GECOS [HOME]
u squid - "WWW-proxy squid" /var/cache/squid
g winbind - -
m squid winbind
