Hello community,
here is the log from the commit of package squid for openSUSE:Factory checked
in at 2013-07-30 16:48:24
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/squid (Old)
and /work/SRC/openSUSE:Factory/.squid.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "squid"
Changes:
--------
--- /work/SRC/openSUSE:Factory/squid/squid.changes 2013-07-25
14:46:50.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.squid.new/squid.changes 2013-07-30
16:48:26.000000000 +0200
@@ -1,0 +2,18 @@
+Sun Jul 28 12:44:37 UTC 2013 - br...@ioda-net.ch
+
+- Changes for squid 3.2.13 release (July 13th 2013)
+ Better handling of strange port values in Host:
+ Bug #3869: assertion failed: MemBuf.cc:272: size < capacity
+
+- Changes for squid 3.2.12 release (July 10th 2013)
+ Protect against buffer overrun in DNS query generation
+ Revert rev.11818 - not applicable to 3.2.
+ Allocate ClientInfo::hash.key using malloc() instead of new char[]
+ Remove origin_tries limiter on forwarding
+ Fixed leaking configurable SSL error details.
+ Fix memory error with Kerberos authentication
+ Avoid !closing assertions when helpers call comm_read [during
reconfigure].
+ Avoid Comm::Connection leaks when helpers are reconfigured or otherwise
closed.
+ Add missing piece omitted from rev.9677
+
+-------------------------------------------------------------------
Old:
----
squid-3.2.11.tar.bz2
squid-3.2.11.tar.bz2.asc
New:
----
squid-3.2.13.tar.bz2
squid-3.2.13.tar.bz2.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ squid.spec ++++++
--- /var/tmp/diff_new_pack.Hv9GR3/_old 2013-07-30 16:48:27.000000000 +0200
+++ /var/tmp/diff_new_pack.Hv9GR3/_new 2013-07-30 16:48:27.000000000 +0200
@@ -18,12 +18,13 @@
%define squidlibdir %{_libdir}/squid
%define squidconfdir /etc/squid
+%define version_published "2013-07-24"
Name: squid
Summary: Squid Version 3.2 WWW Proxy Server
License: GPL-2.0+
Group: Productivity/Networking/Web/Proxy
-Version: 3.2.11
+Version: 3.2.13
Release: 0
Url: http://www.squid-cache.org/Versions/v3/3.2
Source0:
http://www.squid-cache.org/Versions/v3/3.2/%{name}-%{version}.tar.bz2
@@ -135,8 +136,8 @@
* Cache Manager access changes
First STABLE release Date: 02 Aug 2010
- Latest Release: 3.2.9
- Latest Release Date: 12 Mar 2013
+ Latest Release: %{version}
+ Latest Release Date: %{version_published}
%prep
%gpg_verify %{S:1}
++++++ RELEASENOTES.html ++++++
--- /var/tmp/diff_new_pack.Hv9GR3/_old 2013-07-30 16:48:27.000000000 +0200
+++ /var/tmp/diff_new_pack.Hv9GR3/_new 2013-07-30 16:48:27.000000000 +0200
@@ -1,11 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
- <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.66">
- <TITLE>Squid 3.2.6 release notes</TITLE>
+ <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.69">
+ <TITLE>Squid 3.2.13 release notes</TITLE>
</HEAD>
<BODY>
-<H1>Squid 3.2.6 release notes</H1>
+<H1>Squid 3.2.13 release notes</H1>
<H2>Squid Developers</H2>
<HR>
@@ -72,12 +72,14 @@
<HR>
<H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
-<P>The Squid Team are pleased to announce the release of Squid-3.2.6 for
-testing.</P>
+<P>The Squid Team are pleased to announce the release of Squid-3.2.13.</P>
<P>This new release is available for download from
-<A
HREF="http://www.squid-cache.org/Versions/v3/3.2/";>http://www.squid-cache.org/Versions/v3/3.2/</A>
or the
+<A
HREF="http://www.squid-cache.org/Versions/v3/3.2/";>http://www.squid-cache.org/Versions/v3/3.2/</A>
or the
<A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html";>mirrors</A>.</P>
-<P>While this release is not deemed ready for production use, we believe it is
ready for wider testing by the community.</P>
+
+<P>A large number of the show-stopper bugs have been fixed along with general
improvements to the IPv6 support.
+While this release is not fully bug-free we believe it is ready for use in
production on many systems.</P>
+
<P>We welcome feedback and bug reports. If you find a bug, please see
<A
HREF="http://wiki.squid-cache.org/SquidFaq/BugReporting";>http://wiki.squid-cache.org/SquidFaq/BugReporting</A>
for how to submit a
report with a stack trace.</P>
@@ -86,7 +88,7 @@
</H2>
<P>Although this release is deemed good enough for use in many setups, please
note the existence of
-<A
HREF="http://bugs.squid-cache.org/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&target_milestone=3.2&long_desc_type=allwordssubstr&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&status_whiteboard_type=allwordssubstr&status_whiteboard=&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailtype1=substring&email1=&emailtype2=substring&email2=&bugidtype=include&bug_id=&votes=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=bugs.bug_severity&field0-0-0=noop&type0-0-0=noop&value0-0-0=";>open
bugs against Squid-3.2</A>.</P>
+<A
HREF="http://bugs.squid-cache.org/buglist.cgi?query_format=advanced&product=Squid&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&version=3.2";>open
bugs against Squid-3.2</A>.</P>
<P>Some issues to note as currently known in this release which are not able
to be fixed in the 3.2 series are:</P>
<P>
@@ -160,7 +162,7 @@
DNS lookups to locate alternative DIRECT destinations will not be done.</P>
<P>Known Issue: When non-strict validation fails Squid will relay the request,
but can only do
-so safely to the orginal destination IP the client was contacting. The client
original
+so safely to the original destination IP the client was contacting. The client
original
destination IP is lost when relaying to peers in a hierarchy. This means the
upstream peers
are still at risk of causing same-origin bypass CVE-2009-0801 vulnerability.
Developer time is required to implement safe transit of these requests.
@@ -253,7 +255,7 @@
path and parameters as its own command parameters. The <EM>concurrency</EM>
setting already
existing in Squid is used to configure how many child helpers it may run.</P>
-<P>For example, a traditional configration is
+<P>For example, a traditional configuration is
<PRE>
url_rewrite_program /your/redirector.sh
url_rewrite_children 5
@@ -289,10 +291,10 @@
<P>The on-demand helpers feature allows greater flexibility and resolves this
problem by allowing
maximum, initial and idle thresholds to be configured. Squid will start the
initial set during
start and reconfigure phases. However over the operational use new helpers up
to the maxium will
-be started as load demands. The idle threshold determins how many more helpers
to start if the
+be started as load demands. The idle threshold determines how many more
helpers to start if the
currently running set is not enough to handle current request loads.</P>
-<P>For example, a traditional configration is
+<P>For example, a traditional configuration is
<PRE>
auth_param ntlm /usr/libexec/squid/ntlm_auth
auth_param ntlm children 200
@@ -357,7 +359,7 @@
<P>
<UL>
<LI>mswin_check_ad_group - ext_ad_group_acl - Check logged in users Group
membership using Active Directory.</LI>
-<LI>ip_user_check - ext_file_userip_acl - Restrict users to cetain IP
addresses, using a text file backend.</LI>
+<LI>ip_user_check - ext_file_userip_acl - Restrict users to certain IP
addresses, using a text file backend.</LI>
<LI>squid_kerb_ldap - ext_kerberos_ldap_group_acl - Check logged in Kerberos
or NTLM users Group membership using LDAP.</LI>
<LI>squid_ldap_group - ext_ldap_group_acl - Check logged in users Group
membership using LDAP.</LI>
<LI>mswin_check_lm_group - ext_lm_group_acl - Check logged in users Group
membership using LanManager.</LI>
@@ -416,8 +418,8 @@
<P>Automatic detection and use of the pthreads library available from Solaris
10</P>
-<P>The result of this addition means that faster more efficient AUFS cache
storage mechanisims
-are now available in Solaris 10.</P>
+<P>The result of this addition means that faster more efficient AUFS cache
storage mechanism
+is now available in Solaris 10.</P>
<P>Support is experimental at this stage due to lack of feedback on the
results of enabling it.
We recommend giving AUFS a try for faster disk storage and encourage
feedback.</P>
@@ -431,14 +433,14 @@
feature support in Squid. This release opens Surrogate support to all reverse
proxies.</P>
<P>Reverse proxy requests sent on to the web server include the HTTP header
<EM>Surrogate-Capabilities:</EM>
-specifying the capabilities of the reverse proxy along with an ID which can be
used to target reponses with
+specifying the capabilities of the reverse proxy along with an ID which can be
used to target responses with
a <EM>Surrogate-Control:</EM> HTTP header used instead of the
<EM>Cache-Control:</EM> header.</P>
<P>The default surrogate ID is generated automatically from the Squid
site-unique hostname as found by the
automatic detection or manual configuration of <EM>visible_hostname</EM>
although can be configured
separately with the <EM>httpd_accel_surrogate_id</EM> option.</P>
-<P><EM>Security Considerations:</EM> Websites sould be careful of accepting
any surrogate ID.
+<P><EM>Security Considerations:</EM> Websites should be careful of accepting
any surrogate ID.
Older releases of Squid leak the Surrogate-Control headers to external servers.
This 3.2 series of Squid will now prevent this leakage of its own ID destined
responses, however it is possible
and for some uses desirable to receive external reverse-proxies
<EM>Surrogate-Capabilities:</EM> headers.</P>
@@ -553,7 +555,7 @@
<UL>
<LI>should contain a complete HTML page, with optional client-side
scripting.</LI>
<LI>must not contain server-side scripting. </LI>
-<LI>will have macro substitution performed on it using the same macros as used
by the error page tempates.</LI>
+<LI>will have macro substitution performed on it using the same macros as used
by the error page templates.</LI>
</UL>
</P>
@@ -588,32 +590,32 @@
headers or eCAP options to Squid ICAP requests or eCAP transactions.</P>
<DT><B>adaptation_send_client_ip</B><DD>
-<P>Same as depricated icap_send_client_ip
+<P>Same as deprecated icap_send_client_ip
but applies to both ICAP and eCAP.</P>
<DT><B>adaptation_send_username</B><DD>
-<P>Same as depricated icap_send_client_username
+<P>Same as deprecated icap_send_client_username
but applies to both ICAP and eCAP.</P>
<DT><B>adaptation_uses_indirect_client</B><DD>
-<P>Same as depricated icap_uses_indirect_client
+<P>Same as deprecated icap_uses_indirect_client
but applies to both ICAP and eCAP.</P>
<DT><B>client_delay_pools</B><DD>
-<P>New setting for client bandwith limits to specifies the number
+<P>New setting for client bandwidth limits to specifies the number
of client delay pools used.</P>
<DT><B>client_delay_initial_bucket_level</B><DD>
-<P>New setting for client bandwith limits to determine the initial
+<P>New setting for client bandwidth limits to determine the initial
bucket size as a percentage of max_bucket_size from
client_delay_parameters.</P>
<DT><B>client_delay_parameters</B><DD>
-<P>New setting for client bandwith limits to configures client-side
+<P>New setting for client bandwidth limits to configures client-side
bandwidth limits.</P>
<DT><B>client_delay_access</B><DD>
-<P>New setting for client bandwith limits to determines the
+<P>New setting for client bandwidth limits to determines the
client-side delay pool for the request.</P>
<DT><B>client_dst_passthru</B><DD>
@@ -727,17 +729,12 @@
New installs, or installs with no logs configured explicitly will use this
module by default.</P>
<P>New <EM>tcp</EM> module to send each log line as text data to a TCP
receiver.</P>
<P>New <EM>udp</EM> module to send each log line as text data to a UDP
receiver.</P>
-<P>New format <EM>referrer</EM> to log with the format prevously used by
referer_log directive.</P>
-<P>New format <EM>useragent</EM> to log with the format prevously used by
useragent_log directive.</P>
+<P>New format <EM>referrer</EM> to log with the format previously used by
referer_log directive.</P>
+<P>New format <EM>useragent</EM> to log with the format previously used by
useragent_log directive.</P>
-<DT><B>acl : random, localip, localport</B><DD>
+<DT><B>acl : random, urllogin</B><DD>
<P>New type <EM>random</EM>. Pseudo-randomly match requests based on a
configured probability.</P>
-<P>Renamed <EM>myip</EM> to <EM>localip</EM>. It matches the IP which the
client connected to.</P>
-<P>Renamed <EM>myport</EM> to <EM>localport</EM>. It matches the port which
the client connected to.</P>
<P>Ported <EM>urllogin</EM> option from Squid 2.7, to match a regex pattern on
the URL login field (if any).</P>
-<P>The <EM>localip</EM>/<EM>localport</EM> differ from earlier releases where
they matched a mix of
-of an invalid IP and port 0, the client destination IP/port or the Squid
listening IP/port.
-This definition is now consistent across all modes of traffic received by
Squid.</P>
<P>The <EM>manager</EM> ACL requires adjustment to cover new cache manager
access. So it has now been
built-in as a predefined ACL name matching URLs equivalent to the following
regular expression:
<PRE>
@@ -749,7 +746,7 @@
<DT><B>auth_param</B><DD>
<P>New options for Basic, Digest, NTLM, Negotiate <EM>children</EM> settings.
-<EM>startup=N</EM> determins minimum number of helper processes used.
+<EM>startup=N</EM> determines minimum number of helper processes used.
<EM>idle=N</EM> determines how many helper to retain as buffer against sudden
traffic loads.
<EM>concurrency=N</EM> previously called <EM>auth_param ... concurrency</EM>
as a separate option.</P>
<P>Removed Basic, Digest, NTLM, Negotiate <EM>auth_param ... concurrency</EM>
setting option.</P>
@@ -783,8 +780,8 @@
<P><EM>%SRCEUI64</EM> EUI-64 of clients with SLAAC address.</P>
<P><EM>%EXT_LOG</EM> log= message returned by previous external ACL calls. An
updated version may be returned.</P>
<P><EM>%EXT_TAG</EM> tag= value returned by previous external ACL calls. Tag
may not be altered once set.</P>
-<P><EM>children-max=N</EM> determins maximum number of helper processes
used.</P>
-<P><EM>children-startup=N</EM> determins minimum number of helper processes
used.</P>
+<P><EM>children-max=N</EM> determines maximum number of helper processes
used.</P>
+<P><EM>children-startup=N</EM> determines minimum number of helper processes
used.</P>
<P><EM>children-idle=N</EM> determines how many helper to retain as buffer
against sudden traffic loads.</P>
<P>Deprecated <EM>children=N</EM> in favor of <EM>children-max=N</EM>.</P>
@@ -1024,16 +1021,16 @@
<P>Replaced by --enable-eui</P>
<DT><B>--enable-auth-basic-helpers</B><DD>
-<P>replaced by <EM>--enable-auth-basic</EM>.</P>
+<P>Replaced by <EM>--enable-auth-basic</EM>.</P>
<DT><B>--enable-auth-digest-helpers</B><DD>
-<P>replaced by <EM>--enable-auth-digest</EM>.</P>
+<P>Replaced by <EM>--enable-auth-digest</EM>.</P>
<DT><B>--enable-auth-negotiate-helpers</B><DD>
-<P>replaced by <EM>--enable-auth-negotiate</EM>.</P>
+<P>Replaced by <EM>--enable-auth-negotiate</EM>.</P>
<DT><B>--enable-auth-ntlm-helpers</B><DD>
-<P>replaced by <EM>--enable-auth-ntlm</EM>.</P>
+<P>Replaced by <EM>--enable-auth-ntlm</EM>.</P>
<DT><B>--enable-referer-log</B><DD>
<P>Obsolete.</P>
@@ -1066,7 +1063,7 @@
An external_acl_type helper may be used to bypass authentication if that is
suitable.</P>
<DT><B>cache_peer</B><DD>
-<P><EM>http11</EM> Obsolete.</P>
+<P>Option <EM>http11</EM> obsolete.</P>
<DT><B>external_acl_type</B><DD>
<P>Format tag <EM>%{Header}</EM> replaced by <EM>%>{Header}</EM></P>
@@ -1076,9 +1073,9 @@
<P>Replaced by <EM>request_header_access</EM> and
<EM>reply_header_access</EM></P>
<DT><B>http_port</B><DD>
-<P><EM>no-connection-auth</EM> replaced by <EM>connection-auth=[on|off]</EM>.
Default is ON.</P>
-<P><EM>transparent</EM> option replaced by <EM>intercept</EM></P>
-<P><EM>http11</EM> obsolete.</P>
+<P>Option <EM>no-connection-auth</EM> replaced by
<EM>connection-auth=[on|off]</EM>. Default is ON.</P>
+<P>Option <EM>transparent</EM> option replaced by <EM>intercept</EM></P>
+<P>Option <EM>http11</EM> obsolete.</P>
<DT><B>http_access2</B><DD>
<P>Replaced by <EM>adapted_http_access</EM></P>
@@ -1095,6 +1092,12 @@
<DT><B>server_http11</B><DD>
<P>Obsolete.</P>
+<DT><B>update_headers</B><DD>
+<P>Obsolete. The experimental actions enabled in 2.7 by this option have been
integrated as default
+actions for the <EM>rock</EM> storage type and memory caches.
+The configuration option is no longer necessary and has been dropped.
+NOTE: It is not yet supported by <EM>ufs</EM>, <EM>aufs</EM>, or
<EM>diskd</EM> storage.</P>
+
<DT><B>upgrade_http0.9</B><DD>
<P>Obsolete.</P>
@@ -1275,9 +1278,6 @@
<DT><B>storeurl_rewrite_program</B><DD>
<P>Not yet ported from 2.7</P>
-<DT><B>update_headers</B><DD>
-<P>Not yet fully ported from 2.7. Memory and rock storage caches support this
natively. UFS caches do not support it.</P>
-
</DL>
</P>
</BODY>
++++++ squid-3.2.11.tar.bz2 -> squid-3.2.13.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/squid-3.2.11/ChangeLog new/squid-3.2.13/ChangeLog
--- old/squid-3.2.11/ChangeLog 2013-04-30 06:47:06.000000000 +0200
+++ new/squid-3.2.13/ChangeLog 2013-07-13 15:22:32.000000000 +0200
@@ -1,4 +1,16 @@
+Changes to squid-3.2.13 (13 Jul 2013):
+
+ - Bug 3869: assertion failed: MemBuf.cc:272: size < capacity
+ - Improved handling of port values in Host: header validation
+
+Changes to squid-3.2.12 (11 Jul 2013):
+
+ - Protect against buffer overrun in DNS query generation
+ - Avoid !closing assertions when helpers call comm_read during
reconfigure.
+ - Fix several minor memory leaks during reconfigure
+ - Remove origin_tries limiter on forwarding and permit large
max_forward_tries values
+
Changes to squid-3.2.11 (30 Apr 2013):
- Regression Bug 3839: build error: src/tools.h: No such file or
directory
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/squid-3.2.11/RELEASENOTES.html
new/squid-3.2.13/RELEASENOTES.html
--- old/squid-3.2.11/RELEASENOTES.html 2013-04-30 07:08:31.000000000 +0200
+++ new/squid-3.2.13/RELEASENOTES.html 2013-07-13 15:48:45.000000000 +0200
@@ -1,11 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
- <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.66">
- <TITLE>Squid 3.2.11 release notes</TITLE>
+ <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.69">
+ <TITLE>Squid 3.2.13 release notes</TITLE>
</HEAD>
<BODY>
-<H1>Squid 3.2.11 release notes</H1>
+<H1>Squid 3.2.13 release notes</H1>
<H2>Squid Developers</H2>
<HR>
@@ -72,7 +72,7 @@
<HR>
<H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
-<P>The Squid Team are pleased to announce the release of Squid-3.2.11.</P>
+<P>The Squid Team are pleased to announce the release of Squid-3.2.13.</P>
<P>This new release is available for download from
<A
HREF="http://www.squid-cache.org/Versions/v3/3.2/";>http://www.squid-cache.org/Versions/v3/3.2/</A>
or the
<A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html";>mirrors</A>.</P>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/squid-3.2.11/configure new/squid-3.2.13/configure
--- old/squid-3.2.11/configure 2013-04-30 06:47:59.000000000 +0200
+++ new/squid-3.2.13/configure 2013-07-13 15:23:28.000000000 +0200
@@ -1,7 +1,7 @@
#! /bin/sh
# From configure.ac Revision.
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.2.11.
+# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.2.13.
#
# Report bugs to <http://bugs.squid-cache.org/>.
#
@@ -575,8 +575,8 @@
# Identity of this package.
PACKAGE_NAME='Squid Web Proxy'
PACKAGE_TARNAME='squid'
-PACKAGE_VERSION='3.2.11'
-PACKAGE_STRING='Squid Web Proxy 3.2.11'
+PACKAGE_VERSION='3.2.13'
+PACKAGE_STRING='Squid Web Proxy 3.2.13'
PACKAGE_BUGREPORT='http://bugs.squid-cache.org/'
PACKAGE_URL=''
@@ -1571,7 +1571,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures Squid Web Proxy 3.2.11 to adapt to many kinds of
systems.
+\`configure' configures Squid Web Proxy 3.2.13 to adapt to many kinds of
systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1641,7 +1641,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of Squid Web Proxy 3.2.11:";;
+ short | recursive ) echo "Configuration of Squid Web Proxy 3.2.13:";;
esac
cat <<\_ACEOF
@@ -2019,7 +2019,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-Squid Web Proxy configure 3.2.11
+Squid Web Proxy configure 3.2.13
generated by GNU Autoconf 2.68
Copyright (C) 2010 Free Software Foundation, Inc.
@@ -3115,7 +3115,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by Squid Web Proxy $as_me 3.2.11, which was
+It was created by Squid Web Proxy $as_me 3.2.13, which was
generated by GNU Autoconf 2.68. Invocation command line was
$ $0 $@
@@ -3934,7 +3934,7 @@
# Define the identity of the package.
PACKAGE='squid'
- VERSION='3.2.11'
+ VERSION='3.2.13'
cat >>confdefs.h <<_ACEOF
@@ -30894,7 +30894,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by Squid Web Proxy $as_me 3.2.11, which was
+This file was extended by Squid Web Proxy $as_me 3.2.13, which was
generated by GNU Autoconf 2.68. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -30960,7 +30960,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-Squid Web Proxy config.status 3.2.11
+Squid Web Proxy config.status 3.2.13
configured by $0, generated by GNU Autoconf 2.68,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/squid-3.2.11/configure.ac
new/squid-3.2.13/configure.ac
--- old/squid-3.2.11/configure.ac 2013-04-30 06:47:59.000000000 +0200
+++ new/squid-3.2.13/configure.ac 2013-07-13 15:23:28.000000000 +0200
@@ -1,4 +1,4 @@
-AC_INIT([Squid Web Proxy],[3.2.11],[http://bugs.squid-cache.org/],[squid])
+AC_INIT([Squid Web Proxy],[3.2.13],[http://bugs.squid-cache.org/],[squid])
AC_PREREQ(2.61)
AC_CONFIG_HEADERS([include/autoconf.h])
AC_CONFIG_AUX_DIR(cfgaux)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/squid-3.2.11/helpers/basic_auth/DB/basic_db_auth.8
new/squid-3.2.13/helpers/basic_auth/DB/basic_db_auth.8
--- old/squid-3.2.11/helpers/basic_auth/DB/basic_db_auth.8 2013-04-30
07:08:15.000000000 +0200
+++ new/squid-3.2.13/helpers/basic_auth/DB/basic_db_auth.8 2013-07-13
15:48:34.000000000 +0200
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "BASIC_DB_AUTH 1"
-.TH BASIC_DB_AUTH 1 "2013-04-29" "perl v5.10.1" "User Contributed Perl
Documentation"
+.TH BASIC_DB_AUTH 1 "2013-07-13" "perl v5.10.1" "User Contributed Perl
Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/squid-3.2.11/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8
new/squid-3.2.13/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8
--- old/squid-3.2.11/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8
2013-04-30 07:08:19.000000000 +0200
+++ new/squid-3.2.13/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8
2013-07-13 15:48:36.000000000 +0200
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "EXT_WBINFO_GROUP_ACL.PL.IN 1"
-.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-04-29" "perl v5.10.1" "User Contributed
Perl Documentation"
+.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-07-13" "perl v5.10.1" "User Contributed
Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/squid-3.2.11/include/version.h
new/squid-3.2.13/include/version.h
--- old/squid-3.2.11/include/version.h 2013-04-30 06:47:59.000000000 +0200
+++ new/squid-3.2.13/include/version.h 2013-07-13 15:23:28.000000000 +0200
@@ -9,7 +9,7 @@
*/
#ifndef SQUID_RELEASE_TIME
-#define SQUID_RELEASE_TIME 1367297224
+#define SQUID_RELEASE_TIME 1373721750
#endif
#ifndef APP_SHORTNAME
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/squid-3.2.11/src/HttpHeader.cc
new/squid-3.2.13/src/HttpHeader.cc
--- old/squid-3.2.11/src/HttpHeader.cc 2013-04-30 06:47:06.000000000 +0200
+++ new/squid-3.2.13/src/HttpHeader.cc 2013-07-13 15:22:32.000000000 +0200
@@ -433,37 +433,37 @@
PROF_start(HttpHeaderClean);
- /*
- * An unfortunate bug. The entries array is initialized
- * such that count is set to zero. httpHeaderClean() seems to
- * be called both when 'hdr' is created, and destroyed. Thus,
- * we accumulate a large number of zero counts for 'hdr' before
- * it is ever used. Can't think of a good way to fix it, except
- * adding a state variable that indicates whether or not 'hdr'
- * has been used. As a hack, just never count zero-sized header
- * arrays.
- */
-
if (owner <= hoReply) {
+ /*
+ * An unfortunate bug. The entries array is initialized
+ * such that count is set to zero. httpHeaderClean() seems to
+ * be called both when 'hdr' is created, and destroyed. Thus,
+ * we accumulate a large number of zero counts for 'hdr' before
+ * it is ever used. Can't think of a good way to fix it, except
+ * adding a state variable that indicates whether or not 'hdr'
+ * has been used. As a hack, just never count zero-sized header
+ * arrays.
+ */
if (0 != entries.count)
HttpHeaderStats[owner].hdrUCountDistr.count(entries.count);
++ HttpHeaderStats[owner].destroyedCount;
HttpHeaderStats[owner].busyDestroyedCount += entries.count > 0;
+ } // if (owner <= hoReply)
- while ((e = getEntry(&pos))) {
- /* tmp hack to try to avoid coredumps */
+ while ((e = getEntry(&pos))) {
+ /* tmp hack to try to avoid coredumps */
- if (e->id < 0 || e->id >= HDR_ENUM_END) {
- debugs(55, 0, "HttpHeader::clean BUG: entry[" << pos << "] is
invalid (" << e->id << "). Ignored.");
- } else {
+ if (e->id < 0 || e->id >= HDR_ENUM_END) {
+ debugs(55, DBG_CRITICAL, "HttpHeader::clean BUG: entry[" << pos <<
"] is invalid (" << e->id << "). Ignored.");
+ } else {
+ if (owner <= hoReply)
HttpHeaderStats[owner].fieldTypeDistr.count(e->id);
- /* yes, this deletion leaves us in an inconsistent state */
- delete e;
- }
+ /* yes, this deletion leaves us in an inconsistent state */
+ delete e;
}
- } // if (owner <= hoReply)
+ }
entries.clean();
httpHeaderMaskInit(&mask, 0);
len = 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/squid-3.2.11/src/MemBuf.h
new/squid-3.2.13/src/MemBuf.h
--- old/squid-3.2.11/src/MemBuf.h 2013-04-30 06:47:06.000000000 +0200
+++ new/squid-3.2.13/src/MemBuf.h 2013-07-13 15:22:32.000000000 +0200
@@ -66,7 +66,7 @@
/// these space-related methods assume no growth and allow 0-termination
char *space() { return buf + size; } // space to add data
- char *space(mb_size_t required) { if (size + required > capacity)
grow(size + required); return buf + size; } // space to add data
+ char *space(mb_size_t required) { if (size + required >= capacity)
grow(size + required +1); return buf + size; } // space to add data
mb_size_t spaceSize() const;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/squid-3.2.11/src/client_db.cc
new/squid-3.2.13/src/client_db.cc
--- old/squid-3.2.11/src/client_db.cc 2013-04-30 06:47:06.000000000 +0200
+++ new/squid-3.2.13/src/client_db.cc 2013-07-13 15:22:32.000000000 +0200
@@ -72,8 +72,9 @@
clientdbAdd(const Ip::Address &addr)
{
ClientInfo *c;
- char *buf = new char[MAX_IPSTRLEN];
+ char *buf = static_cast<char*>(xmalloc(MAX_IPSTRLEN)); // becomes hash.key
c = (ClientInfo *)memAllocate(MEM_CLIENT_INFO);
+ debugs(77, 9, "ClientInfo constructed, this=" << c);
c->hash.key = addr.NtoA(buf,MAX_IPSTRLEN);
c->addr = addr;
#if USE_DELAY_POOLS
@@ -355,6 +356,7 @@
}
#endif
+ debugs(77, 9, "ClientInfo destructed, this=" << c);
memFree(c, MEM_CLIENT_INFO);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/squid-3.2.11/src/client_side_request.cc
new/squid-3.2.13/src/client_side_request.cc
--- old/squid-3.2.11/src/client_side_request.cc 2013-04-30 06:47:06.000000000
+0200
+++ new/squid-3.2.13/src/client_side_request.cc 2013-07-13 15:22:32.000000000
+0200
@@ -641,8 +641,16 @@
uint16_t port = 0;
if (portStr) {
*portStr = '\0'; // strip the ':'
- if (*(++portStr) != '\0')
- port = xatoi(portStr);
+ if (*(++portStr) != '\0') {
+ char *end = NULL;
+ int64_t ret = strtoll(portStr, &end, 10);
+ if (end == portStr || *end != '\0' || ret < 1 || ret > 0xFFFF) {
+ // invalid port details. Replace the ':'
+ *(--portStr) = ':';
+ portStr = NULL;
+ } else
+ port = (ret & 0xFFFF);
+ }
}
debugs(85, 3, HERE << "validate host=" << host << ", port=" << port << ",
portStr=" << (portStr?portStr:"NULL"));
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/squid-3.2.11/src/dns_internal.cc
new/squid-3.2.13/src/dns_internal.cc
--- old/squid-3.2.11/src/dns_internal.cc 2013-04-30 06:47:06.000000000
+0200
+++ new/squid-3.2.13/src/dns_internal.cc 2013-07-13 15:22:32.000000000
+0200
@@ -1660,23 +1660,29 @@
void
idnsALookup(const char *name, IDNSCB * callback, void *data)
{
- unsigned int i;
- int nd = 0;
- idns_query *q;
+ size_t nameLength = strlen(name);
+
+ // Prevent buffer overflow on q->name
+ if (nameLength > NS_MAXDNAME) {
+ debugs(23, DBG_IMPORTANT, "SECURITY ALERT: DNS name too long to
perform lookup: '" << name << "'. see access.log for details.");
+ callback(data, NULL, 0, "Internal error");
+ return;
+ }
if (idnsCachedLookup(name, callback, data))
return;
- q = cbdataAlloc(idns_query);
+ idns_query *q = cbdataAlloc(idns_query);
// idns_query is POD so no constructors are called after allocation
q->xact_id.change();
q->query_id = idnsQueryID();
- for (i = 0; i < strlen(name); ++i)
+ int nd = 0;
+ for (unsigned int i = 0; i < nameLength; ++i)
if (name[i] == '.')
++nd;
- if (Config.onoff.res_defnames && npc > 0 && name[strlen(name)-1] != '.') {
+ if (Config.onoff.res_defnames && npc > 0 && name[nameLength-1] != '.') {
q->do_searchpath = 1;
} else {
q->do_searchpath = 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/squid-3.2.11/src/forward.cc
new/squid-3.2.13/src/forward.cc
--- old/squid-3.2.11/src/forward.cc 2013-04-30 06:47:06.000000000 +0200
+++ new/squid-3.2.13/src/forward.cc 2013-07-13 15:22:32.000000000 +0200
@@ -515,10 +515,7 @@
if (!entry->isEmpty())
return false;
- if (n_tries > 10)
- return false;
-
- if (origin_tries > 2)
+ if (n_tries > Config.forward_max_tries)
return false;
if (squid_curtime - start_t > Config.Timeout.forward)
@@ -940,9 +937,6 @@
debugs(17, 3, HERE << "reusing pconn " << serverConnection());
++n_tries;
- if (!serverConnection()->getPeer())
- ++origin_tries;
-
comm_add_close_handler(serverConnection()->fd, fwdServerClosedWrapper,
this);
/* Update server side TOS and Netfilter mark on the connection. */
@@ -1131,9 +1125,6 @@
if (n_tries > Config.forward_max_tries)
return 0;
- if (origin_tries > 1)
- return 0;
-
if (request->bodyNibbled())
return 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/squid-3.2.11/src/forward.h
new/squid-3.2.13/src/forward.h
--- old/squid-3.2.11/src/forward.h 2013-04-30 06:47:06.000000000 +0200
+++ new/squid-3.2.13/src/forward.h 2013-07-13 15:22:32.000000000 +0200
@@ -97,7 +97,6 @@
Comm::ConnectionPointer clientConn; ///< a possibly open connection
to the client.
time_t start_t;
int n_tries;
- int origin_tries;
// AsyncCalls which we set and may need cancelling.
struct {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/squid-3.2.11/src/helper.cc
new/squid-3.2.13/src/helper.cc
--- old/squid-3.2.11/src/helper.cc 2013-04-30 06:47:06.000000000 +0200
+++ new/squid-3.2.13/src/helper.cc 2013-07-13 15:22:32.000000000 +0200
@@ -38,6 +38,7 @@
#include "comm/Connection.h"
#include "comm/Write.h"
#include "helper.h"
+#include "fde.h"
#include "format/Quoting.h"
#include "MemBuf.h"
#include "SquidMath.h"
@@ -750,7 +751,7 @@
safe_free(srv->requests);
cbdataReferenceDone(srv->parent);
- cbdataFree(srv);
+ delete srv;
}
static void
@@ -812,7 +813,7 @@
cbdataReferenceDone(srv->parent);
- cbdataFree(srv);
+ delete srv;
}
/// Calls back with a pointer to the buffer with the helper output
@@ -920,7 +921,7 @@
helperReturnBuffer(i, srv, hlp, msg, t);
}
- if (Comm::IsConnOpen(srv->readPipe)) {
+ if (Comm::IsConnOpen(srv->readPipe) &&
!fd_table[srv->readPipe->fd].closing()) {
int spaceSize = srv->rbuf_sz - srv->roffset - 1;
assert(spaceSize >= 0);
@@ -1021,7 +1022,7 @@
helperStatefulReleaseServer(srv);
}
- if (Comm::IsConnOpen(srv->readPipe)) {
+ if (Comm::IsConnOpen(srv->readPipe) &&
!fd_table[srv->readPipe->fd].closing()) {
int spaceSize = srv->rbuf_sz - srv->roffset - 1;
assert(spaceSize >= 0);
++++++ squid-3.2.11.tar.bz2.asc -> squid-3.2.13.tar.bz2.asc ++++++
--- /work/SRC/openSUSE:Factory/squid/squid-3.2.11.tar.bz2.asc 2013-05-13
15:37:19.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.squid.new/squid-3.2.13.tar.bz2.asc
2013-07-30 16:48:26.000000000 +0200
@@ -1,8 +1,8 @@
-File: squid-3.2.11.tar.bz2
-Date: Tue Apr 30 05:08:44 UTC 2013
-Size: 2897354
-MD5 : cdd3612bed27e8d513b713004c78bf5b
-SHA1: 124c0af704f88afb2feb5054b36f253544173a4b
+File: squid-3.2.13.tar.bz2
+Date: Sat Jul 13 13:49:04 UTC 2013
+Size: 2898293
+MD5 : 367e59c9c25da7ebbfbf7cbc36d2444e
+SHA1: f253df4981981c297cc7e719908e07b046506952
Key : 0xFF5CF463 <squ...@treenet.co.nz>
fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
keyring = http://www.squid-cache.org/pgp.asc
@@ -10,11 +10,11 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
-iQEcBAABAgAGBQJRf1OIAAoJELJo5wb/XPRjwg4H/iNZaKfeqRLVtpFOXT0RKY+l
-4+FVq1ptu6VLXRtkJWAj5RZfk6hmO9G+ZwZTnZWLf46c6kUvB/4Nlt0LD98FB9ng
-ZtWfcTSked7idj3pInjMvNNa7j0qeOy4tvjUvxKtPAg2ZiRJXoPOKkS6TXnyyGvf
-zlSWqmFUNvBsVULGALk9stq03jxqzf2CamNho8g2Tly//suJr8aHj38E8oMoCHWX
-SCjo9yVTRdZjaGa6RKkyMGYpPpM9Wh4qIixAGT6Ih94YxzXg/mcWpcl6A6Pwc8CT
-lrkKV2mDuGMoL1gGWYo8pUCEjvzKjRtoevu1wjzX/mqYbpilfLNnGg3vqZu7pfM=
-=mQwq
+iQEcBAABAgAGBQJR4VuSAAoJELJo5wb/XPRjDMsH+gN9MyL0RAegBfeJtScW7dOU
+E7ZPl8BjUqYTOoLPxXX95MTm6gJzzZ69S6ss8+db4fYd6kbGgkX/G05R0E5PBQJG
+2OnJU1LUUzBcqTedai1SCuL90gVgy7oqzke6qlT43SSzuKPzmvlrtnBOrXK1guy0
+xCFNFRtuZKIUVAyERlgE6tP0iPn5DZqSqGwGOx/lkNB20bgx83Amy7uav1F/d9Ps
+sillN9btek4azrPqyqDXoSv+Tqh0u3Ni+zSQJrbVJ59QGFA38OLdW3i3MphgNg5N
+/HkAGnfsCzJHQlxoM5kKz11U4caIv57gy9ZXIJ8peIIldOiLrfG1zcL/awyQVJc=
+=hNXf
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
