diff -u -r -N squid-3.1.5.1/ChangeLog squid-3.1.6/ChangeLog --- squid-3.1.5.1/ChangeLog 2010-07-28 20:10:04.000000000 +1200 +++ squid-3.1.6/ChangeLog 2010-08-02 02:01:37.000000000 +1200 @@ -1,3 +1,13 @@ +Changes to squid-3.1.6 (02 Aug 2010): + + - Bug 2994, 2995: IPv4-only regressions + - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec() + - Bug 2975: chunked requests not supported after regular ones + - Fix: 32-bit overflow in reported bytes received from next hop + - Fix Libtool build regressions + - Limited split-stack IPv6 support. + - squid_db_auth support MD5 encrypted passwords + Changes to squid-3.1.5.1 (28 Jul 2010): - Update Libtool to 2.2. diff -u -r -N squid-3.1.5.1/configure squid-3.1.6/configure --- squid-3.1.5.1/configure 2010-07-28 20:11:00.000000000 +1200 +++ squid-3.1.6/configure 2010-08-02 02:03:14.000000000 +1200 @@ -1,7 +1,7 @@ #! /bin/sh # From configure.in Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.62 for Squid Web Proxy 3.1.5.1. +# Generated by GNU Autoconf 2.62 for Squid Web Proxy 3.1.6. # # Report bugs to . # @@ -750,8 +750,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='3.1.5.1' -PACKAGE_STRING='Squid Web Proxy 3.1.5.1' +PACKAGE_VERSION='3.1.6' +PACKAGE_STRING='Squid Web Proxy 3.1.6' PACKAGE_BUGREPORT='http://www.squid-cache.org/bugs/' ac_unique_file="src/main.cc" @@ -909,6 +909,7 @@ OTOOL64 CPP CXXCPP +top_build_prefix LIBLTDL LTDLDEPS LTDLINCL @@ -1711,7 +1712,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 3.1.5.1 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 3.1.6 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1781,7 +1782,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 3.1.5.1:";; + short | recursive ) echo "Configuration of Squid Web Proxy 3.1.6:";; esac cat <<\_ACEOF @@ -2108,7 +2109,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 3.1.5.1 +Squid Web Proxy configure 3.1.6 generated by GNU Autoconf 2.62 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -2122,7 +2123,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 3.1.5.1, which was +It was created by Squid Web Proxy $as_me 3.1.6, which was generated by GNU Autoconf 2.62. Invocation command line was $ $0 $@ @@ -2840,7 +2841,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='3.1.5.1' + VERSION='3.1.6' cat >>confdefs.h <<_ACEOF @@ -5646,13 +5647,13 @@ else lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext - (eval echo "\"\$as_me:5649: $ac_compile\"" >&5) + (eval echo "\"\$as_me:5650: $ac_compile\"" >&5) (eval "$ac_compile" 2>conftest.err) cat conftest.err >&5 - (eval echo "\"\$as_me:5652: $NM \\\"conftest.$ac_objext\\\"\"" >&5) + (eval echo "\"\$as_me:5653: $NM \\\"conftest.$ac_objext\\\"\"" >&5) (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) cat conftest.err >&5 - (eval echo "\"\$as_me:5655: output\"" >&5) + (eval echo "\"\$as_me:5656: output\"" >&5) cat conftest.out >&5 if $GREP 'External.*some_variable' conftest.out > /dev/null; then lt_cv_nm_interface="MS dumpbin" @@ -6874,7 +6875,7 @@ ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 6877 "configure"' > conftest.$ac_ext + echo '#line 6878 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -9433,11 +9434,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9436: $lt_compile\"" >&5) + (eval echo "\"\$as_me:9437: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:9440: \$? = $ac_status" >&5 + echo "$as_me:9441: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -9772,11 +9773,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9775: $lt_compile\"" >&5) + (eval echo "\"\$as_me:9776: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:9779: \$? = $ac_status" >&5 + echo "$as_me:9780: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -9877,11 +9878,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9880: $lt_compile\"" >&5) + (eval echo "\"\$as_me:9881: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:9884: \$? = $ac_status" >&5 + echo "$as_me:9885: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -9932,11 +9933,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9935: $lt_compile\"" >&5) + (eval echo "\"\$as_me:9936: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:9939: \$? = $ac_status" >&5 + echo "$as_me:9940: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -12732,7 +12733,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 12735 "configure" +#line 12736 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -12828,7 +12829,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 12831 "configure" +#line 12832 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -14848,11 +14849,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:14851: $lt_compile\"" >&5) + (eval echo "\"\$as_me:14852: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:14855: \$? = $ac_status" >&5 + echo "$as_me:14856: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -14947,11 +14948,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:14950: $lt_compile\"" >&5) + (eval echo "\"\$as_me:14951: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:14954: \$? = $ac_status" >&5 + echo "$as_me:14955: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -14999,11 +15000,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15002: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15003: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:15006: \$? = $ac_status" >&5 + echo "$as_me:15007: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -15983,6 +15984,14 @@ # Only expand once: +if ! test "${ac_top_build_prefix}" = ""; +then + # LTDL v3-v7 macros assume the autoconf 2.62 variable top_build_prefix is defined + # But from autoconf 2.64 its called ac_top_build_prefix and not automatically added to the Makefile + # This fixes Linux LTDLv3-v7, and BSD LTDL v2.2 + top_build_prefix=${ac_top_build_prefix} + +fi { $as_echo "$as_me:$LINENO: checking which extension is used for runtime loadable modules" >&5 $as_echo_n "checking which extension is used for runtime loadable modules... " >&6; } if test "${libltdl_cv_shlibext+set}" = set; then @@ -16906,7 +16915,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 16909 "configure" +#line 16918 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -48869,7 +48878,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 3.1.5.1, which was +This file was extended by Squid Web Proxy $as_me 3.1.6, which was generated by GNU Autoconf 2.62. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -48922,7 +48931,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_version="\\ -Squid Web Proxy config.status 3.1.5.1 +Squid Web Proxy config.status 3.1.6 configured by $0, generated by GNU Autoconf 2.62, with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" diff -u -r -N squid-3.1.5.1/configure.in squid-3.1.6/configure.in --- squid-3.1.5.1/configure.in 2010-07-28 20:11:00.000000000 +1200 +++ squid-3.1.6/configure.in 2010-08-02 02:03:14.000000000 +1200 @@ -2,7 +2,7 @@ dnl dnl $Id$ dnl -AC_INIT([Squid Web Proxy],[3.1.5.1],[http://www.squid-cache.org/bugs/],[squid]) +AC_INIT([Squid Web Proxy],[3.1.6],[http://www.squid-cache.org/bugs/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) @@ -72,6 +72,14 @@ fi LT_INIT([dlopen]) +if ! test "${ac_top_build_prefix}" = ""; +then + # LTDL v3-v7 macros assume the autoconf 2.62 variable top_build_prefix is defined + # But from autoconf 2.64 its called ac_top_build_prefix and not automatically added to the Makefile + # This fixes Linux LTDLv3-v7, and BSD LTDL v2.2 + top_build_prefix=${ac_top_build_prefix} + AC_SUBST(top_build_prefix) +fi LTDL_INIT LT_LIB_DLLOAD diff -u -r -N squid-3.1.5.1/helpers/basic_auth/DB/squid_db_auth.in squid-3.1.6/helpers/basic_auth/DB/squid_db_auth.in --- squid-3.1.5.1/helpers/basic_auth/DB/squid_db_auth.in 2010-07-28 20:10:04.000000000 +1200 +++ squid-3.1.6/helpers/basic_auth/DB/squid_db_auth.in 2010-08-02 02:01:37.000000000 +1200 @@ -22,6 +22,7 @@ my $db_passwdcol = "password"; my $db_cond = "enabled = 1"; my $plaintext = 0; +my $md5 = 0; my $persist = 0; my $isjoomla = 0; my $debug = 0; @@ -72,6 +73,10 @@ Database contains plain-text passwords +=item B<--md5> + +Database contains unsalted md5 passwords + =item B<--salt> Selects the correct salt to evaluate passwords @@ -98,6 +103,7 @@ 'passwdcol=s' => \$db_passwdcol, 'cond=s' => \$db_cond, 'plaintext' => \$plaintext, + 'md5' => \$md5, 'persist' => \$persist, 'joomla' => \$isjoomla, 'debug' => \$debug, @@ -142,6 +148,7 @@ else{ return 1 if defined $hashsalt && crypt($password, $hashsalt) eq $key; return 1 if crypt($password, $key) eq $key; + return 1 if $md5 && md5_hex($password) eq $key; return 1 if $plaintext && $password eq $key; } diff -u -r -N squid-3.1.5.1/include/version.h squid-3.1.6/include/version.h --- squid-3.1.5.1/include/version.h 2010-07-28 20:11:00.000000000 +1200 +++ squid-3.1.6/include/version.h 2010-08-02 02:03:14.000000000 +1200 @@ -9,7 +9,7 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1280304590 +#define SQUID_RELEASE_TIME 1280671275 #endif #ifndef APP_SHORTNAME diff -u -r -N squid-3.1.5.1/RELEASENOTES.html squid-3.1.6/RELEASENOTES.html --- squid-3.1.5.1/RELEASENOTES.html 2010-07-28 20:26:15.000000000 +1200 +++ squid-3.1.6/RELEASENOTES.html 2010-08-02 02:28:51.000000000 +1200 @@ -2,10 +2,10 @@ - Squid 3.1.5.1 release notes + Squid 3.1.6 release notes -

Squid 3.1.5.1 release notes

+

Squid 3.1.6 release notes

Squid Developers


@@ -70,7 +70,7 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-3.1.5.1

+

The Squid Team are pleased to announce the release of Squid-3.1.6

This new release is available for download from http://www.squid-cache.org/Versions/v3/3.1/ or the mirrors.

@@ -85,11 +85,12 @@

Although this release is deemed good enough for use in many setups, please note the existence of open bugs against Squid-3.1.

-

Some issues to note as currently known in this release which are not able to be fixed in this 3.1 series are:

+

Some issues to note as currently known in this release which are not able to be fixed in the 3.1 series are:

@@ -154,7 +155,7 @@ To be frozen as stable the code must be compiling well and have passed a period of 14 days with no new bugs reported against the new code added in that release.

-

When one of these Squid-3.X.0.Z packages passes our bug-free standards a 3.X.Y numbered release will be made.

+

When one of these Squid-3.X.0.Z packages passes those criteria a 3.X.Y numbered release will be made.

We can only hope enough testing has been done to consider these ready for production use. As always we are fully dependent on people testing the previous packages and reporting all bugs.

@@ -182,7 +183,7 @@

squid.conf has undergone a facelift.

Don't worry, few operational changes have been made. -Older configs from Squdi 2.x and 3.0 are still expected to run in 3.1 with only the usual minor +Older configs from Squid 2.x and 3.0 are still expected to run in 3.1 with only the usual minor changes seen between major release. Details on those are listed below.

New users will be relieved to see a very short squid.conf on clean installs. @@ -231,8 +232,16 @@

Limitations of IPv6 Support

In this release there is incomplete split-stack support. This means that OS which do not provide -IP stacks based on the KAME stack with Hybrid extensions to do IPv4-mapping cannot use IPv6 -with Squid.

+IP stacks based on the KAME stack with Hybrid extensions to do IPv4-mapping cannot use full IPv6 +with Squid. From 3.1.6 the automatic capability detection will enable these abilities: + +

+

NOTE: SNMP, ICP and HTCP are not yet opening double ports so they will only run as IPv4-only or IPv6-only.

Specify a specific tcp_outgoing_address and the clients who match its ACL are limited to the IPv4 or IPv6 network that address belongs to. They are not permitted over the @@ -241,12 +250,12 @@ See the squid.conf documentation for further details.

WCCP is not available (neither version 1 or 2). -It remains built into squid for use with IPv4 traffic but IPv6 cannot use it.

+It remains built into Squid for use with IPv4 traffic but IPv6 cannot use it.

Pseudo-Transparent Interception is done via NAT at the OS level and is not available in IPv6. Squid will ensure that any port set with transparent or intercept options be an IPv4-only listening address. Wildcard can still be used but will not open as an IPv6. -To ensure that squid can accept IPv6 traffic on its default port, an alternative should +To ensure that Squid can accept IPv6 traffic on its default port, an alternative should be chosen to handle transparently intercepted traffic.

    http_port 3128
@@ -274,7 +283,7 @@
 
 

Localization

-

The error pages presented by squid may now be localized per-request to match the visitors local preferred language.

+

The error pages presented by Squid may now be localized per-request to match the visitors local preferred language.

The error_directory option in squid.conf needs to be removed.

@@ -282,7 +291,7 @@ Updates can be downloaded from www.squid-cache.org/Versions/langpack/

-

The squid developers are interested in making squid available in a wide variety of languages. +

The Squid developers are interested in making Squid available in a wide variety of languages. Contribution of new languages is encouraged.

CSS Stylesheet controls

@@ -457,8 +466,9 @@

Squid-2 contained a hack using the update_http0.9 squid.conf option to work around the unusual replies. This option is now obsolete.

-

The proto ACL type matches ICY once the reply has been received, before that the processing -is only aware on an HTTP request. So the ACL will match HTTP.

+

The proto ACL type only matches ICY once the reply has been received, before that the processing +is only aware on an HTTP request. So the ACL will match HTTP in http_access and ICY in +http_reply_access.

3. Changes to squid.conf since Squid-3.0

@@ -672,21 +682,21 @@

dns_v4_fallback
-

New option to prevent squid from always looking up IPv4 regardless of whether IPv6 addresses are found. +

New option to prevent Squid from always looking up IPv4 regardless of whether IPv6 addresses are found. Squid will follow a policy of prefering IPv6 links, keeping the IPv4 only as a safety net behind IPv6.

         Standard practice with DNS is to lookup either A or AAAA records
         and use the results if it succeeds. Only looking up the other if
         the first attempt fails or otherwise produces no results.
 
-        That policy however will cause squid to produce error pages for some
+        That policy however will cause Squid to produce error pages for some
         servers that advertise AAAA but are unreachable over IPv6.
 
-        If this is ON  squid will always lookup both AAAA and A, using both.
-        If this is OFF squid will lookup AAAA and only try A if none found.
+        If this is ON  Squid will always lookup both AAAA and A, using both.
+        If this is OFF Squid will lookup AAAA and only try A if none found.
 
         WARNING: There are some possibly unwanted side-effects with this on:
-                *) Doubles the load placed by squid on the DNS network.
+                *) Doubles the load placed by Squid on the DNS network.
                 *) May negatively impact connection delay times.
         
 
@@ -730,7 +740,7 @@

New option to replace the old configure option --enable-default-err-language New translations can be downloaded from http://www.squid-cache.org/Versions/langpack/

-        Set the default language which squid will send error pages in
+        Set the default language which Squid will send error pages in
         if no existing translation matches the clients language
         preferences.
 
@@ -828,7 +838,7 @@
         translation of the data portion of the segments will never be needed.
 
         When a client only expects to do two-way FTP transfers this may be useful.
-        If squid finds that it must do a three-way FTP transfer after issuing
+        If Squid finds that it must do a three-way FTP transfer after issuing
         an EPSV ALL command, the FTP session will fail.
 
         If you have any doubts about this option do not use it.
@@ -961,7 +971,7 @@
         options are order-specific within the config as a whole.
 
         A few layers of include are allowed, but too many are confusing and
-        squid will enforce an include depth of 16 files.
+        Squid will enforce an include depth of 16 files.
 
         Syntax:
                 include /path/to/file1 /path/to/file2
@@ -1145,14 +1155,14 @@
 SMB LanManager authentication through the NTLM interface without the need for a domain controller. Thus the 
 new name is ntlm_smb_lm_auth.

WARNING: due to the name clash with Samba helper, admin should be careful to only update their squid.conf if the -squid bundled binary is used and needed. If the Samba helper is in use, the squid.conf should not be altered.

+Squid bundled binary is used and needed. If the Samba helper is in use, the squid.conf should not be altered.

balance_on_multiple_ip

The previous default behavour (rotate per-request) of this setting causes failover clashes with IPv6 built-in mechanisms. It has thus been turned off by default. Making the 'best choice' IP continue in use for any hostname until it encounters a connection failure and failover drops to the next known IP.

-        Modern IP resolvers in squid sort lookup results by preferred access.
-        By default squid will use these IP in order and only rotates to
+        Modern IP resolvers in Squid sort lookup results by preferred access.
+        By default Squid will use these IP in order and only rotates to
         the next listed when the most preffered fails.
 
         Some load balancing servers based on round robin DNS have been
@@ -1235,7 +1245,7 @@
 
 
 
external_acl_type
-

New options 'ipv4' and 'ipv6' are added to set the IPv4/v6 protocol between squid and its helpers. +

New options 'ipv4' and 'ipv6' are added to set the IPv4/v6 protocol between Squid and its helpers. Please be aware of some limits to these options. These options only affet the transport protocol used to send data to and from the helpers. Squid in IPv6-mode may still send %SRC addresses in IPv4 or IPv6 format, so all helpers will need to be checked and converted to cope with such information cleanly. @@ -1581,7 +1591,7 @@ This only affects the building process, enabling it to complete despite some possibly serious issues. Please do not use lightly, and please report the build issues which make it needed -to the squid developers before doing so.

+to the Squid developers before doing so.

--disable-translation

Prevent Squid generating localized error page templates and manuals when built. @@ -1613,7 +1623,7 @@ Use --without-libxml2 to prevent it being auto-detected.

--with-logdir=PATH
-

Allow build-time configuration of Default location for squid logs.

+

Allow build-time configuration of Default location for Squid logs.

--with-pidfile=PATH

Allow build-time configuration of Default location and name of squid.pid file.

@@ -1640,7 +1650,7 @@
--enable-linux-netfilter

This option now enables support for all three netfilter interception targets.

-

Adding TPROXY version 4+ support to squid through the netfilter TPROXY target. +

Adding TPROXY version 4+ support to Squid through the netfilter TPROXY target. This options requires a linux kernel 2.6.25 or later for embeded netfilter TPROXY targets.

Older REDIRECT and DNAT targets work as before on HTTP ports marked 'intercept'.

diff -u -r -N squid-3.1.5.1/src/access_log.cc squid-3.1.6/src/access_log.cc --- squid-3.1.5.1/src/access_log.cc 2010-07-28 20:10:04.000000000 +1200 +++ squid-3.1.6/src/access_log.cc 2010-08-02 02:01:39.000000000 +1200 @@ -839,13 +839,13 @@ break; case LFT_ICAP_BYTES_SENT: - outint = al->icap.bytesSent; - doint = 1; + outoff = al->icap.bytesSent; + dooff = 1; break; case LFT_ICAP_BYTES_READ: - outint = al->icap.bytesRead; - doint = 1; + outoff = al->icap.bytesRead; + dooff = 1; break; case LFT_ICAP_REQ_HEADER: @@ -1133,6 +1133,7 @@ case LFT_REPLY_SIZE_HEADERS: outint = al->cache.replyHeadersSize; doint = 1; + break; /*case LFT_REPLY_SIZE_BODY: */ /*case LFT_REPLY_SIZE_BODY_NO_TE: */ diff -u -r -N squid-3.1.5.1/src/cf.data.pre squid-3.1.6/src/cf.data.pre --- squid-3.1.5.1/src/cf.data.pre 2010-07-28 20:10:04.000000000 +1200 +++ squid-3.1.6/src/cf.data.pre 2010-08-02 02:01:38.000000000 +1200 @@ -1177,9 +1177,9 @@ the port specification (port or addr:port) tcpkeepalive[=idle,interval,timeout] - Enable TCP keepalive probes of idle connections - idle is the initial time before TCP starts probing - the connection, interval how often to probe, and + Enable TCP keepalive probes of idle connections. + In seconds; idle is the initial time before TCP starts + probing the connection, interval how often to probe, and timeout the time before giving up. If you run Squid on a dual-homed machine with an internal @@ -6320,7 +6320,7 @@ NAME: memory_pools_limit COMMENT: (bytes) -TYPE: b_size_t +TYPE: b_int64_t DEFAULT: 5 MB LOC: Config.MemPools.limit DOC_START @@ -6339,7 +6339,7 @@ will be no limit on the total amount of memory used for safe-keeping. To disable memory allocation optimization, do not set - memory_pools_limit to 0. Set memory_pools to "off" instead. + memory_pools_limit to 0 or none. Set memory_pools to "off" instead. An overhead for maintaining memory pools is not taken into account when the limit is checked. This overhead is close to four bytes per diff -u -r -N squid-3.1.5.1/src/client_side.cc squid-3.1.6/src/client_side.cc --- squid-3.1.5.1/src/client_side.cc 2010-07-28 20:10:04.000000000 +1200 +++ squid-3.1.6/src/client_side.cc 2010-08-02 02:01:37.000000000 +1200 @@ -2425,7 +2425,8 @@ request->setContentLength(conn->in.dechunked.contentSize()); request->header.delById(HDR_TRANSFER_ENCODING); conn->finishDechunkingRequest(hp); - } + } else + conn->cleanDechunkingRequest(); unsupportedTe = tePresent && !deChunked; if (!urlCheckRequest(request) || unsupportedTe) { @@ -3655,9 +3656,6 @@ debugs(33, 5, HERE << "finish dechunking; content: " << in.dechunked.contentSize()); assert(in.dechunkingState == chunkReady); - assert(in.bodyParser); - delete in.bodyParser; - in.bodyParser = NULL; const mb_size_t headerSize = HttpParserRequestLen(hp); @@ -3679,8 +3677,19 @@ in.notYetUsed = end - in.buf; - in.chunked.clean(); - in.dechunked.clean(); + cleanDechunkingRequest(); +} + +/// cleanup dechunking state, get ready for the next request +void +ConnStateData::cleanDechunkingRequest() +{ + if (in.dechunkingState > chunkNone) { + delete in.bodyParser; + in.bodyParser = NULL; + in.chunked.clean(); + in.dechunked.clean(); + } in.dechunkingState = chunkUnknown; } diff -u -r -N squid-3.1.5.1/src/client_side.h squid-3.1.6/src/client_side.h --- squid-3.1.5.1/src/client_side.h 2010-07-28 20:10:04.000000000 +1200 +++ squid-3.1.6/src/client_side.h 2010-08-02 02:01:38.000000000 +1200 @@ -268,6 +268,7 @@ void startDechunkingRequest(HttpParser *hp); bool parseRequestChunks(HttpParser *hp); void finishDechunkingRequest(HttpParser *hp); + void cleanDechunkingRequest(); private: int connReadWasError(comm_err_t flag, int size, int xerrno); diff -u -r -N squid-3.1.5.1/src/comm.cc squid-3.1.6/src/comm.cc --- squid-3.1.5.1/src/comm.cc 2010-07-28 20:10:04.000000000 +1200 +++ squid-3.1.6/src/comm.cc 2010-08-02 02:01:37.000000000 +1200 @@ -1878,8 +1878,8 @@ int flags; int dummy = 0; - if ((flags = fcntl(fd, F_GETFL, dummy)) < 0) { - debugs(50, 0, "FD " << fd << ": fcntl F_GETFL: " << xstrerror()); + if ((flags = fcntl(fd, F_GETFD, dummy)) < 0) { + debugs(50, 0, "FD " << fd << ": fcntl F_GETFD: " << xstrerror()); return; } diff -u -r -N squid-3.1.5.1/src/forward.cc squid-3.1.6/src/forward.cc --- squid-3.1.5.1/src/forward.cc 2010-07-28 20:10:05.000000000 +1200 +++ squid-3.1.6/src/forward.cc 2010-08-02 02:01:37.000000000 +1200 @@ -47,6 +47,7 @@ #include "Store.h" #include "icmp/net_db.h" #include "ip/IpIntercept.h" +#include "ip/tools.h" static PSC fwdStartCompleteWrapper; static PF fwdServerClosedWrapper; @@ -867,6 +868,24 @@ outgoing = getOutgoingAddr(request, fs->_peer); + // if IPv6 is disabled try to force IPv4-only outgoing. + if (!Ip::EnableIpv6 && !outgoing.SetIPv4()) { + debugs(50, 4, "fwdConnectStart: " << xstrerror()); + ErrorState *anErr = errorCon(ERR_CONNECT_FAIL, HTTP_SERVICE_UNAVAILABLE, request); + anErr->xerrno = errno; + fail(anErr); + self = NULL; // refcounted + return; + } + + // if IPv6 is split-stack, prefer IPv4 + if (Ip::EnableIpv6&IPV6_SPECIAL_SPLITSTACK) { + // NP: This is not a great choice of default, + // but with the current Internet being IPv4-majority has a higher success rate. + // if setting to IPv4 fails we dont care, that just means to use IPv6 outgoing. + outgoing.SetIPv4(); + } + tos = getOutgoingTOS(request); debugs(17, 3, "fwdConnectStart: got outgoing addr " << outgoing << ", tos " << tos); diff -u -r -N squid-3.1.5.1/src/htcp.cc squid-3.1.6/src/htcp.cc --- squid-3.1.5.1/src/htcp.cc 2010-07-28 20:10:04.000000000 +1200 +++ squid-3.1.6/src/htcp.cc 2010-08-02 02:01:38.000000000 +1200 @@ -37,6 +37,7 @@ #include "htcp.h" #include "acl/FilledChecklist.h" #include "acl/Acl.h" +#include "ip/tools.h" #include "SquidTime.h" #include "Store.h" #include "StoreClient.h" @@ -1493,6 +1494,15 @@ IpAddress incomingAddr = Config.Addrs.udp_incoming; incomingAddr.SetPort(Config.Port.htcp); + if (!Ip::EnableIpv6 && !incomingAddr.SetIPv4()) { + debugs(31, DBG_CRITICAL, "ERROR: IPv6 is disabled. " << incomingAddr << " is not an IPv4 address."); + fatal("HTCP port cannot be opened."); + } + /* split-stack for now requires default IPv4-only HTCP */ + if (Ip::EnableIpv6&IPV6_SPECIAL_SPLITSTACK && incomingAddr.IsAnyAddr()) { + incomingAddr.SetIPv4(); + } + enter_suid(); htcpInSocket = comm_open_listener(SOCK_DGRAM, IPPROTO_UDP, @@ -1512,6 +1522,15 @@ IpAddress outgoingAddr = Config.Addrs.udp_outgoing; outgoingAddr.SetPort(Config.Port.htcp); + if (!Ip::EnableIpv6 && !outgoingAddr.SetIPv4()) { + debugs(31, DBG_CRITICAL, "ERROR: IPv6 is disabled. " << outgoingAddr << " is not an IPv4 address."); + fatal("HTCP port cannot be opened."); + } + /* split-stack for now requires default IPv4-only HTCP */ + if (Ip::EnableIpv6&IPV6_SPECIAL_SPLITSTACK && outgoingAddr.IsAnyAddr()) { + outgoingAddr.SetIPv4(); + } + enter_suid(); htcpOutSocket = comm_open_listener(SOCK_DGRAM, IPPROTO_UDP, diff -u -r -N squid-3.1.5.1/src/http.h squid-3.1.6/src/http.h --- squid-3.1.5.1/src/http.h 2010-07-28 20:10:04.000000000 +1200 +++ squid-3.1.6/src/http.h 2010-08-02 02:01:39.000000000 +1200 @@ -70,7 +70,7 @@ http_state_flags flags; size_t read_sz; int header_bytes_read; // to find end of response, - int reply_bytes_read; // without relying on StoreEntry + int64_t reply_bytes_read; // without relying on StoreEntry int body_bytes_truncated; // positive when we read more than we wanted MemBuf *readBuf; bool ignoreCacheControl; diff -u -r -N squid-3.1.5.1/src/icp_v2.cc squid-3.1.6/src/icp_v2.cc --- squid-3.1.5.1/src/icp_v2.cc 2010-07-28 20:10:04.000000000 +1200 +++ squid-3.1.6/src/icp_v2.cc 2010-08-02 02:01:37.000000000 +1200 @@ -48,6 +48,7 @@ #include "SwapDir.h" #include "icmp/net_db.h" #include "ip/IpAddress.h" +#include "ip/tools.h" #include "rfc1738.h" /// \ingroup ServerProtocolICPInternal2 @@ -665,6 +666,16 @@ addr = Config.Addrs.udp_incoming; addr.SetPort(port); + + if (!Ip::EnableIpv6 && !addr.SetIPv4()) { + debugs(12, DBG_CRITICAL, "ERROR: IPv6 is disabled. " << addr << " is not an IPv4 address."); + fatal("ICP port cannot be opened."); + } + /* split-stack for now requires default IPv4-only ICP */ + if (Ip::EnableIpv6&IPV6_SPECIAL_SPLITSTACK && addr.IsAnyAddr()) { + addr.SetIPv4(); + } + theInIcpConnection = comm_open_listener(SOCK_DGRAM, IPPROTO_UDP, addr, @@ -691,6 +702,16 @@ if ( !addr.IsNoAddr() ) { enter_suid(); addr.SetPort(port); + + if (!Ip::EnableIpv6 && !addr.SetIPv4()) { + debugs(49, DBG_CRITICAL, "ERROR: IPv6 is disabled. " << addr << " is not an IPv4 address."); + fatal("ICP port cannot be opened."); + } + /* split-stack for now requires default IPv4-only ICP */ + if (Ip::EnableIpv6&IPV6_SPECIAL_SPLITSTACK && addr.IsAnyAddr()) { + addr.SetIPv4(); + } + theOutIcpConnection = comm_open_listener(SOCK_DGRAM, IPPROTO_UDP, addr, diff -u -r -N squid-3.1.5.1/src/ip/tools.cc squid-3.1.6/src/ip/tools.cc --- squid-3.1.5.1/src/ip/tools.cc 2010-07-28 20:10:04.000000000 +1200 +++ squid-3.1.6/src/ip/tools.cc 2010-08-02 02:01:37.000000000 +1200 @@ -65,9 +65,7 @@ EnableIpv6 |= IPV6_SPECIAL_V4MAPPING; } else { debugs(3, 2, "Detected split IPv4 and IPv6 stacks ..."); - // EnableIpv6 |= IPV6_SPECIAL_SPLITSTACK; - // TODO: remove death when split-stack is supported. - EnableIpv6 = IPV6_OFF; + EnableIpv6 |= IPV6_SPECIAL_SPLITSTACK; } close(s); diff -u -r -N squid-3.1.5.1/src/mem.cc squid-3.1.6/src/mem.cc --- squid-3.1.5.1/src/mem.cc 2010-07-28 20:10:04.000000000 +1200 +++ squid-3.1.6/src/mem.cc 2010-08-02 02:01:39.000000000 +1200 @@ -346,7 +346,7 @@ void memConfigure(void) { - ssize_t new_pool_limit; + int64_t new_pool_limit; /** Set to configured value first */ if (!Config.onoff.mem_pools) diff -u -r -N squid-3.1.5.1/src/snmp_core.cc squid-3.1.6/src/snmp_core.cc --- squid-3.1.5.1/src/snmp_core.cc 2010-07-28 20:10:04.000000000 +1200 +++ squid-3.1.6/src/snmp_core.cc 2010-08-02 02:01:37.000000000 +1200 @@ -286,6 +286,17 @@ if (Config.Port.snmp > 0) { Config.Addrs.snmp_incoming.SetPort(Config.Port.snmp); + + if (!Ip::EnableIpv6 && !Config.Addrs.snmp_incoming.SetIPv4()) { + debugs(49, DBG_CRITICAL, "ERROR: IPv6 is disabled. " << Config.Addrs.snmp_incoming << " is not an IPv4 address."); + fatal("SNMP port cannot be opened."); + } + + /* split-stack for now requires IPv4-only SNMP */ + if (Ip::EnableIpv6&IPV6_SPECIAL_SPLITSTACK && Config.Addrs.snmp_incoming.IsAnyAddr()) { + Config.Addrs.snmp_incoming.SetIPv4(); + } + enter_suid(); theInSnmpConnection = comm_open_listener(SOCK_DGRAM, IPPROTO_UDP, @@ -303,6 +314,17 @@ if (!Config.Addrs.snmp_outgoing.IsNoAddr()) { Config.Addrs.snmp_outgoing.SetPort(Config.Port.snmp); + + if (!Ip::EnableIpv6 && !Config.Addrs.snmp_outgoing.SetIPv4()) { + debugs(49, DBG_CRITICAL, "ERROR: IPv6 is disabled. " << Config.Addrs.snmp_outgoing << " is not an IPv4 address."); + fatal("SNMP port cannot be opened."); + } + + /* split-stack for now requires IPv4-only SNMP */ + if (Ip::EnableIpv6&IPV6_SPECIAL_SPLITSTACK && Config.Addrs.snmp_outgoing.IsAnyAddr()) { + Config.Addrs.snmp_outgoing.SetIPv4(); + } + enter_suid(); theOutSnmpConnection = comm_open_listener(SOCK_DGRAM, IPPROTO_UDP, diff -u -r -N squid-3.1.5.1/src/structs.h squid-3.1.6/src/structs.h --- squid-3.1.5.1/src/structs.h 2010-07-28 20:10:04.000000000 +1200 +++ squid-3.1.6/src/structs.h 2010-08-02 02:01:37.000000000 +1200 @@ -530,7 +530,7 @@ } retry; struct { - size_t limit; + int64_t limit; } MemPools; #if DELAY_POOLS diff -u -r -N squid-3.1.5.1/src/stub_debug.cc squid-3.1.6/src/stub_debug.cc --- squid-3.1.5.1/src/stub_debug.cc 2010-07-28 20:10:04.000000000 +1200 +++ squid-3.1.6/src/stub_debug.cc 2010-08-02 02:01:37.000000000 +1200 @@ -5,6 +5,10 @@ #include "config.h" #include "Debug.h" +#if HAVE_STDIO_H +#include +#endif + FILE *debug_log = NULL; int Debug::Levels[MAX_DEBUG_SECTIONS]; int Debug::level;