diff -u -r -N squid-3.0.STABLE19/acinclude.m4 squid-3.0.STABLE20/acinclude.m4 --- squid-3.0.STABLE19/acinclude.m4 2009-09-06 23:29:24.000000000 +1200 +++ squid-3.0.STABLE20/acinclude.m4 2009-10-29 23:05:32.000000000 +1300 @@ -72,8 +72,8 @@ AC_DEFUN([AC_TEST_CHECKFORHUGEOBJECTS],[ AC_MSG_CHECKING([whether compiler accepts -fhuge-objects]) AC_CACHE_VAL([ac_cv_test_checkforhugeobjects],[ - ac_cv_test_checkforhugeobjects=`echo "int foo;" > conftest.cc -${CXX} -Werror -fhuge-objects -c conftest.cc 2>/dev/null + ac_cv_test_checkforhugeobjects=`echo "int main(int argc, char **argv) { int foo; }" > conftest.cc +${CXX} -Werror -fhuge-objects -o conftest.bin conftest.cc 2>/dev/null res=$? rm -f conftest.* echo yes diff -u -r -N squid-3.0.STABLE19/ChangeLog squid-3.0.STABLE20/ChangeLog --- squid-3.0.STABLE19/ChangeLog 2009-09-06 23:29:24.000000000 +1200 +++ squid-3.0.STABLE20/ChangeLog 2009-10-29 23:05:32.000000000 +1300 @@ -1,3 +1,17 @@ +Changes to squid-3.0.STABLE20 (29 Oct 2009): + + - Bug 2794: ESI parsing on FreeBSD + - Bug 2791: assertion failed: MemBuf.cc:400: new_cap > (size_t) capacity + - Bug 2779: Support GNU/kFreeBSD + - Bug 2773: Segfault in RFC2069 Digest authantication + - Bug 2768: squid_ldap_group argument parsing error + - Bug 2761: Gopher and double HTTP response header + - Bug 2735: Incomplete -fhuge-objects detection + - Bug 2722: prevent CONNECT via http_port with accel + - Bug 2624: Invalid response for IMS request + - Bug 2510: digest_ldap_auth TLS support + - Correct LINUX_CAPABILITY actions on non-Linux + Changes to squid-3.0.STABLE19 (06 Sep 2009): - Bug 2745: Invalid Response error on small reads diff -u -r -N squid-3.0.STABLE19/configure squid-3.0.STABLE20/configure --- squid-3.0.STABLE19/configure 2009-09-06 23:29:39.000000000 +1200 +++ squid-3.0.STABLE20/configure 2009-10-29 23:05:49.000000000 +1300 @@ -1,7 +1,7 @@ #! /bin/sh # From configure.in Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.62 for Squid Web Proxy 3.0.STABLE19. +# Generated by GNU Autoconf 2.62 for Squid Web Proxy 3.0.STABLE20. # # Report bugs to . # @@ -751,8 +751,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='3.0.STABLE19' -PACKAGE_STRING='Squid Web Proxy 3.0.STABLE19' +PACKAGE_VERSION='3.0.STABLE20' +PACKAGE_STRING='Squid Web Proxy 3.0.STABLE20' PACKAGE_BUGREPORT='http://www.squid-cache.org/bugs/' ac_unique_file="src/main.cc" @@ -1096,6 +1096,7 @@ enable_x_accelerator_vary with_filedescriptors with_cppunit_basedir +enable_caps ' ac_precious_vars='build_alias host_alias @@ -1664,7 +1665,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 3.0.STABLE19 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 3.0.STABLE20 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1734,7 +1735,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 3.0.STABLE19:";; + short | recursive ) echo "Configuration of Squid Web Proxy 3.0.STABLE20:";; esac cat <<\_ACEOF @@ -1923,6 +1924,8 @@ variance within an accelerator setup. Typically used together with other code that adds custom HTTP headers to the requests. + --disable-caps disable usage of Linux capabilities library to + control privileges Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -2046,7 +2049,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 3.0.STABLE19 +Squid Web Proxy configure 3.0.STABLE20 generated by GNU Autoconf 2.62 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -2060,7 +2063,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 3.0.STABLE19, which was +It was created by Squid Web Proxy $as_me 3.0.STABLE20, which was generated by GNU Autoconf 2.62. Invocation command line was $ $0 $@ @@ -2778,7 +2781,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='3.0.STABLE19' + VERSION='3.0.STABLE20' cat >>confdefs.h <<_ACEOF @@ -5539,7 +5542,7 @@ ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 5542 "configure"' > conftest.$ac_ext + echo '#line 5545 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -8162,11 +8165,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8165: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8168: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:8169: \$? = $ac_status" >&5 + echo "$as_me:8172: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -8452,11 +8455,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8455: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8458: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:8459: \$? = $ac_status" >&5 + echo "$as_me:8462: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -8556,11 +8559,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8559: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8562: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:8563: \$? = $ac_status" >&5 + echo "$as_me:8566: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -10956,7 +10959,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < conftest.$ac_ext <&5) + (eval echo "\"\$as_me:13471: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:13472: \$? = $ac_status" >&5 + echo "$as_me:13475: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -13569,11 +13572,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13572: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13575: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:13576: \$? = $ac_status" >&5 + echo "$as_me:13579: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -15152,11 +15155,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15155: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15158: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:15159: \$? = $ac_status" >&5 + echo "$as_me:15162: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -15256,11 +15259,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15259: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15262: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:15263: \$? = $ac_status" >&5 + echo "$as_me:15266: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -17471,11 +17474,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:17474: $lt_compile\"" >&5) + (eval echo "\"\$as_me:17477: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:17478: \$? = $ac_status" >&5 + echo "$as_me:17481: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -17761,11 +17764,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:17764: $lt_compile\"" >&5) + (eval echo "\"\$as_me:17767: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:17768: \$? = $ac_status" >&5 + echo "$as_me:17771: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -17865,11 +17868,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:17868: $lt_compile\"" >&5) + (eval echo "\"\$as_me:17871: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:17872: \$? = $ac_status" >&5 + echo "$as_me:17875: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -21561,8 +21564,8 @@ $as_echo_n "(cached) " >&6 else - ac_cv_test_checkforhugeobjects=`echo "int foo;" > conftest.cc -${CXX} -Werror -fhuge-objects -c conftest.cc 2>/dev/null + ac_cv_test_checkforhugeobjects=`echo "int main(int argc, char **argv) { int foo; }" > conftest.cc +${CXX} -Werror -fhuge-objects -o conftest.bin conftest.cc 2>/dev/null res=$? rm -f conftest.* echo yes @@ -25343,6 +25346,7 @@ ipl.h \ libc.h \ limits.h \ + linux/types.h \ machine/byte_swap.h \ malloc.h \ math.h \ @@ -25401,8 +25405,7 @@ inttypes.h \ grp.h \ db.h \ - db_185.h \ - sys/capability.h + db_185.h do as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` @@ -42781,6 +42784,243 @@ fi +use_caps=yes +# Check whether --enable-caps was given. +if test "${enable_caps+set}" = set; then + enableval=$enable_caps; if test "x$enableval" = "xyes" ; then + { $as_echo "$as_me:$LINENO: result: forced yes" >&5 +$as_echo "forced yes" >&6; } + else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } + use_caps=no + fi + +else + { $as_echo "$as_me:$LINENO: result: yes" >&5 +$as_echo "yes" >&6; } +fi + +if test "x$use_caps" = "xyes"; then + libcap_broken=1 + +for ac_header in sys/capability.h +do +as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then + { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 +$as_echo_n "checking for $ac_header... " >&6; } +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then + $as_echo_n "(cached) " >&6 +fi +ac_res=`eval 'as_val=${'$as_ac_Header'} + $as_echo "$as_val"'` + { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +else + # Is the header compilable? +{ $as_echo "$as_me:$LINENO: checking $ac_header usability" >&5 +$as_echo_n "checking $ac_header usability... " >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_header_compiler=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_compiler=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +$as_echo "$ac_header_compiler" >&6; } + +# Is the header present? +{ $as_echo "$as_me:$LINENO: checking $ac_header presence" >&5 +$as_echo_n "checking $ac_header presence... " >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then + ac_header_preproc=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi + +rm -f conftest.err conftest.$ac_ext +{ $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +$as_echo "$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { $as_echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +$as_echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { $as_echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +$as_echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +$as_echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +$as_echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +$as_echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +$as_echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +$as_echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + ( cat <<\_ASBOX +## ----------------------------------------------- ## +## Report this to http://www.squid-cache.org/bugs/ ## +## ----------------------------------------------- ## +_ASBOX + ) | sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +{ $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 +$as_echo_n "checking for $ac_header... " >&6; } +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then + $as_echo_n "(cached) " >&6 +else + eval "$as_ac_Header=\$ac_header_preproc" +fi +ac_res=`eval 'as_val=${'$as_ac_Header'} + $as_echo "$as_val"'` + { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + +fi +if test `eval 'as_val=${'$as_ac_Header'} + $as_echo "$as_val"'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + { $as_echo "$as_me:$LINENO: checking for operational libcap2" >&5 +$as_echo_n "checking for operational libcap2... " >&6; } +if { as_var=$libcap_broken; eval "test \"\${$as_var+set}\" = set"; }; then + $as_echo_n "(cached) " >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +int +main () +{ + + capget(NULL, NULL); + capset(NULL, NULL); + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + $as_test_x conftest$ac_exeext + }; then + libcap_broken=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -rf conftest.dSYM +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext + +fi +ac_res=`eval 'as_val=${'$libcap_broken'} + $as_echo "$as_val"'` + { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + +cat >>confdefs.h <<_ACEOF +#define LIBCAP_BROKEN $libcap_broken +_ACEOF + +fi + { $as_echo "$as_me:$LINENO: checking for mtyp_t" >&5 $as_echo_n "checking for mtyp_t... " >&6; } if test "${ac_cv_type_mtyp_t+set}" = set; then @@ -46204,6 +46444,7 @@ fi if test "$LINUX_TPROXY" ; then + if test "$use_caps" = "yes"; then { $as_echo "$as_me:$LINENO: checking if TPROXY header files are installed" >&5 $as_echo_n "checking if TPROXY header files are installed... " >&6; } # hold on to your hats... @@ -46224,11 +46465,19 @@ fi { $as_echo "$as_me:$LINENO: result: $LINUX_TPROXY" >&5 $as_echo "$LINUX_TPROXY" >&6; } + else + { $as_echo "$as_me:$LINENO: WARNING: Missing needed capabilities (libcap or libcap2) for TPROXY v2" >&5 +$as_echo "$as_me: WARNING: Missing needed capabilities (libcap or libcap2) for TPROXY v2" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: Linux Transparent Proxy support WILL NOT be enabled" >&5 +$as_echo "$as_me: WARNING: Linux Transparent Proxy support WILL NOT be enabled" >&2;} + LINUX_TPROXY="no" + fi fi if test "$LINUX_TPROXY" = "no" && test "$LINUX_NETFILTER" = "yes"; then echo "WARNING: Cannot find TPROXY headers, you need to install the" echo "tproxy package from:" echo " - lynx http://www.balabit.com/downloads/tproxy/" + echo "And libcap-dev or libcap2-dev" sleep 10 fi @@ -48084,7 +48333,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 3.0.STABLE19, which was +This file was extended by Squid Web Proxy $as_me 3.0.STABLE20, which was generated by GNU Autoconf 2.62. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -48137,7 +48386,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_version="\\ -Squid Web Proxy config.status 3.0.STABLE19 +Squid Web Proxy config.status 3.0.STABLE20 configured by $0, generated by GNU Autoconf 2.62, with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" diff -u -r -N squid-3.0.STABLE19/configure.in squid-3.0.STABLE20/configure.in --- squid-3.0.STABLE19/configure.in 2009-09-06 23:29:39.000000000 +1200 +++ squid-3.0.STABLE20/configure.in 2009-10-29 23:05:49.000000000 +1300 @@ -1,7 +1,7 @@ dnl Configuration input file for Squid dnl dnl -AC_INIT(Squid Web Proxy, 3.0.STABLE19, http://www.squid-cache.org/bugs/, squid) +AC_INIT(Squid Web Proxy, 3.0.STABLE20, http://www.squid-cache.org/bugs/, squid) AC_PREREQ(2.52) AM_CONFIG_HEADER(include/autoconf.h) AC_CONFIG_AUX_DIR(cfgaux) @@ -1961,6 +1961,7 @@ ipl.h \ libc.h \ limits.h \ + linux/types.h \ machine/byte_swap.h \ malloc.h \ math.h \ @@ -2019,8 +2020,7 @@ inttypes.h \ grp.h \ db.h \ - db_185.h \ - sys/capability.h + db_185.h ) AC_CHECK_HEADERS( @@ -2285,6 +2285,29 @@ #include #endif]) +dnl Check for libcap header (assume its not broken unless +use_caps=yes +AC_ARG_ENABLE(caps, AS_HELP_STRING([--disable-caps],[disable usage of Linux capabilities library to control privileges]), +[ if test "x$enableval" = "xyes" ; then + AC_MSG_RESULT(forced yes) + else + AC_MSG_RESULT(no) + use_caps=no + fi +],[AC_MSG_RESULT(yes)]) +if test "x$use_caps" = "xyes"; then + dnl Check for libcap1 breakage or libcap2 fixed (assume broken unless found working) + libcap_broken=1 + AC_CHECK_HEADERS(sys/capability.h) + AC_CACHE_CHECK([for operational libcap2], $libcap_broken, + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ + capget(NULL, NULL); + capset(NULL, NULL); + ]])],[libcap_broken=0],[]) + ) + AC_DEFINE_UNQUOTED([LIBCAP_BROKEN],$libcap_broken,[if libcap2 is available and not clashing with libc]) +fi + AC_CHECK_TYPE(mtyp_t,AC_DEFINE(HAVE_MTYP_T,1,[mtyp_t is defined by the system headers]),,[#include #include #include ]) @@ -2939,7 +2962,7 @@ AC_DEFINE(LINUX_NETFILTER, 0) fi AC_MSG_RESULT($LINUX_NETFILTER) -fi +fi if test "$LINUX_NETFILTER" = "no" ; then echo "WARNING: Cannot find necessary Linux kernel (Netfilter) header files" echo " Linux Transparent Proxy support WILL NOT be enabled" @@ -2949,6 +2972,7 @@ dnl Linux Netfilter/TPROXY support requires some specific header files dnl Shamelessly copied from shamelessly copied from above if test "$LINUX_TPROXY" ; then + if test "$use_caps" = "yes"; then AC_MSG_CHECKING(if TPROXY header files are installed) # hold on to your hats... if test "$ac_cv_header_linux_netfilter_ipv4_ip_tproxy_h" = "yes" && test "$LINUX_NETFILTER" = "yes"; then @@ -2959,11 +2983,17 @@ AC_DEFINE(LINUX_TPROXY, 0, [Enable real Transparent Proxy support for Netfilter TPROXY.]) fi AC_MSG_RESULT($LINUX_TPROXY) + else + AC_MSG_WARN([Missing needed capabilities (libcap or libcap2) for TPROXY v2]) + AC_MSG_WARN([Linux Transparent Proxy support WILL NOT be enabled]) + LINUX_TPROXY="no" + fi fi if test "$LINUX_TPROXY" = "no" && test "$LINUX_NETFILTER" = "yes"; then echo "WARNING: Cannot find TPROXY headers, you need to install the" echo "tproxy package from:" echo " - lynx http://www.balabit.com/downloads/tproxy/" + echo "And libcap-dev or libcap2-dev" sleep 10 fi diff -u -r -N squid-3.0.STABLE19/helpers/digest_auth/ldap/ldap_backend.c squid-3.0.STABLE20/helpers/digest_auth/ldap/ldap_backend.c --- squid-3.0.STABLE19/helpers/digest_auth/ldap/ldap_backend.c 2009-09-06 23:29:30.000000000 +1200 +++ squid-3.0.STABLE20/helpers/digest_auth/ldap/ldap_backend.c 2009-10-29 23:05:39.000000000 +1300 @@ -361,11 +361,12 @@ } if (use_tls) { #ifdef LDAP_OPT_X_TLS - if ((version == LDAP_VERSION3) && (ldap_start_tls_s(ld, NULL, NULL) == LDAP_SUCCESS)) { - fprintf(stderr, "Could not Activate TLS connection\n"); - ldap_unbind(ld); - ld = NULL; - } + if (version != LDAP_VERSION3) { + fprintf(stderr, "TLS requires LDAP version 3\n"); + exit(1); + } else if (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS) { + exit(1); + } #else fprintf(stderr, "TLS not supported with your LDAP library\n"); ldap_unbind(ld); diff -u -r -N squid-3.0.STABLE19/helpers/external_acl/ldap_group/squid_ldap_group.c squid-3.0.STABLE20/helpers/external_acl/ldap_group/squid_ldap_group.c --- squid-3.0.STABLE19/helpers/external_acl/ldap_group/squid_ldap_group.c 2009-09-06 23:29:30.000000000 +1200 +++ squid-3.0.STABLE20/helpers/external_acl/ldap_group/squid_ldap_group.c 2009-10-29 23:05:39.000000000 +1300 @@ -233,6 +233,7 @@ case 'd': case 'g': case 'S': + case 'K': break; default: if (strlen(argv[1]) > 2) { diff -u -r -N squid-3.0.STABLE19/include/autoconf.h.in squid-3.0.STABLE20/include/autoconf.h.in --- squid-3.0.STABLE19/include/autoconf.h.in 2009-09-06 23:29:34.000000000 +1200 +++ squid-3.0.STABLE20/include/autoconf.h.in 2009-10-29 23:05:43.000000000 +1300 @@ -312,6 +312,9 @@ */ #undef HAVE_LINUX_NETFILTER_IPV4_IP_TPROXY_H +/* Define to 1 if you have the header file. */ +#undef HAVE_LINUX_TYPES_H + /* long is defined in system headers */ #undef HAVE_LONG @@ -805,6 +808,9 @@ with caution. */ #undef KILL_PARENT_OPT +/* if libcap2 is available and not clashing with libc */ +#undef LIBCAP_BROKEN + /* If libresolv.a has been hacked to export _dns_ttl_ */ #undef LIBRESOLV_DNS_TTL_HACK diff -u -r -N squid-3.0.STABLE19/include/config.h squid-3.0.STABLE20/include/config.h --- squid-3.0.STABLE19/include/config.h 2009-09-06 23:29:34.000000000 +1200 +++ squid-3.0.STABLE20/include/config.h 2009-10-29 23:05:43.000000000 +1300 @@ -89,6 +89,9 @@ #if USE_ASYNC_IO && defined(LINUXTHREADS) #define _SQUID_LINUX_THREADS_ #endif + +#elif defined(__FreeBSD_kernel__) /* GNU/kFreeBSD */ +#define _SQUID_KFREEBSD_ #elif defined(__sgi__) || defined(sgi) || defined(__sgi) /* SGI */ #define _SQUID_SGI_ diff -u -r -N squid-3.0.STABLE19/include/squid_types.h squid-3.0.STABLE20/include/squid_types.h --- squid-3.0.STABLE19/include/squid_types.h 2009-09-06 23:29:34.000000000 +1200 +++ squid-3.0.STABLE20/include/squid_types.h 2009-10-29 23:05:43.000000000 +1300 @@ -60,6 +60,9 @@ #if HAVE_SYS_TYPES_H #include #endif +#if HAVE_LINUX_TYPES_H +#include +#endif #if STDC_HEADERS #include #include diff -u -r -N squid-3.0.STABLE19/include/version.h squid-3.0.STABLE20/include/version.h --- squid-3.0.STABLE19/include/version.h 2009-09-06 23:29:39.000000000 +1200 +++ squid-3.0.STABLE20/include/version.h 2009-10-29 23:05:49.000000000 +1300 @@ -9,5 +9,5 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1252236563 +#define SQUID_RELEASE_TIME 1256810731 #endif diff -u -r -N squid-3.0.STABLE19/lib/rfc2617.c squid-3.0.STABLE20/lib/rfc2617.c --- squid-3.0.STABLE19/lib/rfc2617.c 2009-09-06 23:29:35.000000000 +1200 +++ squid-3.0.STABLE20/lib/rfc2617.c 2009-10-29 23:05:44.000000000 +1300 @@ -168,7 +168,7 @@ SquidMD5Update(&Md5Ctx, pszMethod, strlen(pszMethod)); SquidMD5Update(&Md5Ctx, ":", 1); SquidMD5Update(&Md5Ctx, pszDigestUri, strlen(pszDigestUri)); - if (strcasecmp(pszQop, "auth-int") == 0) { + if (pszQop && strcasecmp(pszQop, "auth-int") == 0) { SquidMD5Update(&Md5Ctx, ":", 1); SquidMD5Update(&Md5Ctx, HEntity, HASHHEXLEN); } @@ -182,7 +182,7 @@ SquidMD5Update(&Md5Ctx, ":", 1); SquidMD5Update(&Md5Ctx, pszNonce, strlen(pszNonce)); SquidMD5Update(&Md5Ctx, ":", 1); - if (*pszQop) { + if (pszQop) { SquidMD5Update(&Md5Ctx, pszNonceCount, strlen(pszNonceCount)); SquidMD5Update(&Md5Ctx, ":", 1); SquidMD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce)); diff -u -r -N squid-3.0.STABLE19/RELEASENOTES.html squid-3.0.STABLE20/RELEASENOTES.html --- squid-3.0.STABLE19/RELEASENOTES.html 2009-09-06 23:30:21.000000000 +1200 +++ squid-3.0.STABLE20/RELEASENOTES.html 2009-10-29 23:06:44.000000000 +1300 @@ -1,11 +1,11 @@ - - Squid 3.0.STABLE19 release notes + + Squid 3.0.STABLE20 release notes -

Squid 3.0.STABLE19 release notes

+

Squid 3.0.STABLE20 release notes

Squid Developers

@@ -60,7 +60,7 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-3.0.STABLE19.

+

The Squid Team are pleased to announce the release of Squid-3.0.STABLE20.

This new release is available for download from http://www.squid-cache.org/Versions/v3/3.0/ or the mirrors.

diff -u -r -N squid-3.0.STABLE19/src/ACLARP.cc squid-3.0.STABLE20/src/ACLARP.cc --- squid-3.0.STABLE19/src/ACLARP.cc 2009-09-06 23:29:35.000000000 +1200 +++ squid-3.0.STABLE20/src/ACLARP.cc 2009-10-29 23:05:44.000000000 +1300 @@ -438,7 +438,7 @@ return (0 == splayLastResult); } -#elif defined(_SQUID_FREEBSD_) || defined(_SQUID_NETBSD_) || defined(_SQUID_OPENBSD_) || defined(_SQUID_DRAGONFLY_) +#elif defined(_SQUID_FREEBSD_) || defined(_SQUID_NETBSD_) || defined(_SQUID_OPENBSD_) || defined(_SQUID_DRAGONFLY_) || defined(_SQUID_KFREEBSD_) struct arpreq arpReq; diff -u -r -N squid-3.0.STABLE19/src/ACLProxyAuth.cc squid-3.0.STABLE20/src/ACLProxyAuth.cc --- squid-3.0.STABLE19/src/ACLProxyAuth.cc 2009-09-06 23:29:35.000000000 +1200 +++ squid-3.0.STABLE20/src/ACLProxyAuth.cc 2009-10-29 23:05:45.000000000 +1300 @@ -143,7 +143,8 @@ assert(checklist->auth_user_request != NULL); auth_user_request = checklist->auth_user_request; - assert(authenticateValidateUser(auth_user_request)); + int validated = authenticateValidateUser(auth_user_request); + assert(validated); auth_user_request->start(LookupDone, checklist); } diff -u -r -N squid-3.0.STABLE19/src/auth/digest/auth_digest.cc squid-3.0.STABLE20/src/auth/digest/auth_digest.cc --- squid-3.0.STABLE19/src/auth/digest/auth_digest.cc 2009-09-06 23:29:36.000000000 +1200 +++ squid-3.0.STABLE20/src/auth/digest/auth_digest.cc 2009-10-29 23:05:46.000000000 +1300 @@ -1035,7 +1035,7 @@ authDigestNonceLink(nonce); /* ping this nonce to this auth user */ - assert((nonce->user == NULL) || (nonce->user = user)); + assert((nonce->user == NULL) || (nonce->user == user)); /* we don't lock this reference because removing the user removes the * hash too. Of course if that changes we're stuffed so read the code huh? @@ -1105,6 +1105,7 @@ /* quote mark */ p++; + safe_free(username); username = xstrndup(p, strchr(p, '"') + 1 - p); debugs(29, 9, "authDigestDecodeAuth: Found Username '" << username << "'"); @@ -1117,6 +1118,7 @@ /* quote mark */ p++; + safe_free(digest_request->realm); digest_request->realm = xstrndup(p, strchr(p, '"') + 1 - p); debugs(29, 9, "authDigestDecodeAuth: Found realm '" << digest_request->realm << "'"); @@ -1130,6 +1132,7 @@ /* quote mark */ p++; + safe_free(digest_request->qop); digest_request->qop = xstrndup(p, strcspn(p, "\" \t\r\n()<>@,;:\\/[]?={}") + 1); debugs(29, 9, "authDigestDecodeAuth: Found qop '" << digest_request->qop << "'"); @@ -1143,6 +1146,7 @@ /* quote mark */ p++; + safe_free(digest_request->algorithm); digest_request->algorithm = xstrndup(p, strcspn(p, "\" \t\r\n()<>@,;:\\/[]?={}") + 1); debugs(29, 9, "authDigestDecodeAuth: Found algorithm '" << digest_request->algorithm << "'"); @@ -1155,6 +1159,7 @@ /* quote mark */ p++; + safe_free(digest_request->uri); digest_request->uri = xstrndup(p, strchr(p, '"') + 1 - p); debugs(29, 9, "authDigestDecodeAuth: Found uri '" << digest_request->uri << "'"); @@ -1167,6 +1172,7 @@ /* quote mark */ p++; + safe_free(digest_request->nonceb64); digest_request->nonceb64 = xstrndup(p, strchr(p, '"') + 1 - p); debugs(29, 9, "authDigestDecodeAuth: Found nonce '" << digest_request->nonceb64 << "'"); @@ -1188,6 +1194,7 @@ /* quote mark */ p++; + safe_free(digest_request->cnonce); digest_request->cnonce = xstrndup(p, strchr(p, '"') + 1 - p); debugs(29, 9, "authDigestDecodeAuth: Found cnonce '" << digest_request->cnonce << "'"); @@ -1200,6 +1207,7 @@ /* quote mark */ p++; + safe_free(digest_request->response); digest_request->response = xstrndup(p, strchr(p, '"') + 1 - p); debugs(29, 9, "authDigestDecodeAuth: Found response '" << digest_request->response << "'"); diff -u -r -N squid-3.0.STABLE19/src/cf.data.pre squid-3.0.STABLE20/src/cf.data.pre --- squid-3.0.STABLE19/src/cf.data.pre 2009-09-06 23:29:37.000000000 +1200 +++ squid-3.0.STABLE20/src/cf.data.pre 2009-10-29 23:05:47.000000000 +1300 @@ -676,8 +676,8 @@ opposite of the last line in the list. If the last line was deny, the default is allow. Conversely, if the last line is allow, the default will be deny. For these reasons, it is a - good idea to have an "deny all" or "allow all" entry at the end - of your access lists to avoid potential confusion. + good idea to have an "deny all" entry at the end of your access + lists to avoid potential confusion. NOCOMMENT_START #Recommended minimum configuration: @@ -5452,7 +5452,7 @@ LOC: Config.chroot_dir DEFAULT: none DOC_START - Specifies a directiry where Squid should do a chroot() while + Specifies a directory where Squid should do a chroot() while initializing. This also causes Squid to fully drop root privileges after initializing. This means, for example, if you use a HTTP port less than 1024 and try to reconfigure, you may diff -u -r -N squid-3.0.STABLE19/src/client_side.cc squid-3.0.STABLE20/src/client_side.cc --- squid-3.0.STABLE19/src/client_side.cc 2009-09-06 23:29:37.000000000 +1200 +++ squid-3.0.STABLE20/src/client_side.cc 2009-10-29 23:05:47.000000000 +1300 @@ -942,14 +942,14 @@ return; } - int64_t next = getNextRangeOffset(); + int64_t nextOffset = getNextRangeOffset(); - assert (next >= http->out.offset); + assert (nextOffset >= http->out.offset); - int64_t skip = next - http->out.offset; + int64_t skip = nextOffset - http->out.offset; /* adjust for not to be transmitted bytes */ - http->out.offset = next; + http->out.offset = nextOffset; if (available.size() <= skip) return; @@ -1913,6 +1913,15 @@ /* Set method_p */ *method_p = HttpRequestMethod(&hp->buf[hp->m_start], &hp->buf[hp->m_end]); + /* deny CONNECT via accelerated ports */ + if (*method_p == METHOD_CONNECT && conn != NULL && conn->port && conn->port->accel) { + debugs(33, DBG_IMPORTANT, "WARNING: CONNECT method received on " << conn->port->protocol << " Accelerator port " << ntohs(conn->port->s.sin_port) ); + /* XXX need a way to say "this many character length string" */ + debugs(33, DBG_IMPORTANT, "WARNING: for request: " << hp->buf); + /* XXX need some way to set 405 status on the error reply */ + return parseHttpRequestAbort(conn, "error:method-not-allowed"); + } + if (*method_p == METHOD_NONE) { /* AYJ: hp->buf is occasionally full of binary crap. Replace any non-printables with underscores. Also crop the output at 100 chars, we should not need a whole binary streaming video to identify the issue diff -u -r -N squid-3.0.STABLE19/src/client_side_reply.cc squid-3.0.STABLE20/src/client_side_reply.cc --- squid-3.0.STABLE19/src/client_side_reply.cc 2009-09-06 23:29:37.000000000 +1200 +++ squid-3.0.STABLE20/src/client_side_reply.cc 2009-10-29 23:05:47.000000000 +1300 @@ -366,7 +366,7 @@ // if client sent IMS - if (http->request->flags.ims) { + if (http->request->flags.ims && !old_entry->modifiedSince(http->request)) { // forward the 304 from origin debugs(88, 3, "handleIMSReply: origin replied 304, revalidating existing entry and forwarding 304 to client"); sendClientUpstreamResponse(); diff -u -r -N squid-3.0.STABLE19/src/client_side_request.cc squid-3.0.STABLE20/src/client_side_request.cc --- squid-3.0.STABLE19/src/client_side_request.cc 2009-09-06 23:29:37.000000000 +1200 +++ squid-3.0.STABLE20/src/client_side_request.cc 2009-10-29 23:05:47.000000000 +1300 @@ -1125,7 +1125,8 @@ // subscribe to receive reply body if (new_rep->body_pipe != NULL) { icapBodySource = new_rep->body_pipe; - assert(icapBodySource->setConsumerIfNotLate(this)); + int consumer_ok = icapBodySource->setConsumerIfNotLate(this); + assert(consumer_ok); } clientStreamNode *node = (clientStreamNode *)client_stream.tail->prev->data; diff -u -r -N squid-3.0.STABLE19/src/comm.h squid-3.0.STABLE20/src/comm.h --- squid-3.0.STABLE19/src/comm.h 2009-09-06 23:29:37.000000000 +1200 +++ squid-3.0.STABLE20/src/comm.h 2009-10-29 23:05:47.000000000 +1300 @@ -20,7 +20,7 @@ COMM_INPROGRESS = -7, COMM_ERR_CONNECT = -8, COMM_ERR_DNS = -9, - COMM_ERR_CLOSING = -10, + COMM_ERR_CLOSING = -10 } comm_err_t; typedef void IOFCB(int fd, StoreIOBuffer receivedData, comm_err_t flag, int xerrno, void *data); typedef void IOWCB(int fd, char *buffer, size_t len, comm_err_t flag, int xerrno, void *data); diff -u -r -N squid-3.0.STABLE19/src/ESIExpression.cc squid-3.0.STABLE20/src/ESIExpression.cc --- squid-3.0.STABLE19/src/ESIExpression.cc 2009-09-06 23:29:36.000000000 +1200 +++ squid-3.0.STABLE20/src/ESIExpression.cc 2009-10-29 23:05:45.000000000 +1300 @@ -721,6 +721,7 @@ if ((point = strchr (s, '.')) && point - s < (ssize_t)length) { /* floating point */ + errno=0; /* reset errno */ rv.value.floating = strtod (s, &end); if (s == end || errno) { @@ -737,6 +738,7 @@ } } else { /* INT */ + errno=0; /* reset errno */ rv.value.integral = strtol (s, &end, 0); if (s == end || errno) { diff -u -r -N squid-3.0.STABLE19/src/fs/ufs/store_dir_ufs.cc squid-3.0.STABLE20/src/fs/ufs/store_dir_ufs.cc --- squid-3.0.STABLE19/src/fs/ufs/store_dir_ufs.cc 2009-09-06 23:29:38.000000000 +1200 +++ squid-3.0.STABLE20/src/fs/ufs/store_dir_ufs.cc 2009-10-29 23:05:47.000000000 +1300 @@ -143,7 +143,7 @@ IO->io = anIO; /* Change the IO Options */ - if (currentIOOptions->options.size() > 2) + if (currentIOOptions && currentIOOptions->options.size() > 2) delete currentIOOptions->options.pop_back(); /* TODO: factor out these 4 lines */ diff -u -r -N squid-3.0.STABLE19/src/ftp.cc squid-3.0.STABLE20/src/ftp.cc --- squid-3.0.STABLE19/src/ftp.cc 2009-09-06 23:29:38.000000000 +1200 +++ squid-3.0.STABLE20/src/ftp.cc 2009-10-29 23:05:47.000000000 +1300 @@ -1204,7 +1204,7 @@ if (data.read_pending) return; - int read_sz = replyBodySpace(data.readBuf->spaceSize()); + const int read_sz = replyBodySpace(*data.readBuf, 0); debugs(11,9, HERE << "FTP may read up to " << read_sz << " bytes"); diff -u -r -N squid-3.0.STABLE19/src/gopher.cc squid-3.0.STABLE20/src/gopher.cc --- squid-3.0.STABLE19/src/gopher.cc 2009-09-06 23:29:38.000000000 +1200 +++ squid-3.0.STABLE20/src/gopher.cc 2009-10-29 23:05:48.000000000 +1300 @@ -37,6 +37,7 @@ #include "errorpage.h" #include "Store.h" #include "HttpRequest.h" +#include "HttpReply.h" #include "comm.h" #if DELAY_POOLS #include "DelayPools.h" @@ -104,7 +105,6 @@ GopherStateData; static PF gopherStateFree; -static void gopher_mime_content(MemBuf * mb, const char *name, const char *def); static void gopherMimeCreate(GopherStateData *); static void gopher_request_parse(const HttpRequest * req, char *type_id, @@ -140,35 +140,13 @@ cbdataFree(gopherState); } - -/* figure out content type from file extension */ -static void -gopher_mime_content(MemBuf * mb, const char *name, const char *def_ctype) -{ - char *ctype = mimeGetContentType(name); - char *cenc = mimeGetContentEncoding(name); - - if (cenc) - mb->Printf("Content-Encoding: %s\r\n", cenc); - - mb->Printf("Content-Type: %s\r\n", - ctype ? ctype : def_ctype); -} - - - -/* create MIME Header for Gopher Data */ +/* Create MIME Header for Gopher Data */ static void gopherMimeCreate(GopherStateData * gopherState) { - MemBuf mb; - - mb.init(); - - mb.Printf("HTTP/1.0 200 OK Gatewaying\r\n" - "Server: Squid/%s\r\n" - "Date: %s\r\n", - version_string, mkrfc1123(squid_curtime)); + StoreEntry *entry = gopherState->entry; + const char *mime_type = NULL; + const char *mime_enc = NULL; switch (gopherState->type_id) { @@ -181,7 +159,7 @@ case GOPHER_WWW: case GOPHER_CSO: - mb.Printf("Content-Type: text/html\r\n"); + mime_type = "text/html"; break; case GOPHER_GIF: @@ -189,17 +167,17 @@ case GOPHER_IMAGE: case GOPHER_PLUS_IMAGE: - mb.Printf("Content-Type: image/gif\r\n"); + mime_type = "image/gif"; break; case GOPHER_SOUND: case GOPHER_PLUS_SOUND: - mb.Printf("Content-Type: audio/basic\r\n"); + mime_type = "audio/basic"; break; case GOPHER_PLUS_MOVIE: - mb.Printf("Content-Type: video/mpeg\r\n"); + mime_type = "video/mpeg"; break; case GOPHER_MACBINHEX: @@ -210,20 +188,33 @@ case GOPHER_BIN: /* Rightnow We have no idea what it is. */ - gopher_mime_content(&mb, gopherState->request, def_gopher_bin); + mime_enc = mimeGetContentEncoding(gopherState->request); + mime_type = mimeGetContentType(gopherState->request); + if (!mime_type) + mime_type = def_gopher_bin; break; case GOPHER_FILE: default: - gopher_mime_content(&mb, gopherState->request, def_gopher_text); + mime_enc = mimeGetContentEncoding(gopherState->request); + mime_type = mimeGetContentType(gopherState->request); + if (!mime_type) + mime_type = def_gopher_text; break; } - mb.Printf("\r\n"); - EBIT_CLR(gopherState->entry->flags, ENTRY_FWD_HDR_WAIT); - gopherState->entry->append(mb.buf, mb.size); - mb.clean(); + assert(entry->isEmpty()); + EBIT_CLR(entry->flags, ENTRY_FWD_HDR_WAIT); + + HttpReply *reply = new HttpReply; + entry->buffer(); + HttpVersion version(1, 0); + reply->setHeaders(version, HTTP_OK, "Gatewaying", mime_type, -1, -1, -2); + if (mime_enc) + reply->header.putStr(HDR_CONTENT_ENCODING, mime_enc); + + entry->replaceHttpReply(reply); } /* Parse a gopher request into components. By Anawat. */ diff -u -r -N squid-3.0.STABLE19/src/http.cc squid-3.0.STABLE20/src/http.cc --- squid-3.0.STABLE19/src/http.cc 2009-09-06 23:29:38.000000000 +1200 +++ squid-3.0.STABLE20/src/http.cc 2009-10-29 23:05:48.000000000 +1300 @@ -1248,7 +1248,9 @@ void HttpStateData::maybeReadVirginBody() { - int read_sz = replyBodySpace(readBuf->spaceSize()); + // we may need to grow the buffer if headers do not fit + const int minRead = flags.headers_parsed ? 0 :1024; + const int read_sz = replyBodySpace(*readBuf, minRead); debugs(11,9, HERE << (flags.do_next_read ? "may" : "wont") << " read up to " << read_sz << " bytes from FD " << fd); @@ -1261,12 +1263,8 @@ * handler until we get a notification from someone that * its okay to read again. */ - if (read_sz < 2) { - if (flags.headers_parsed) - return; - else - read_sz = 1024; - } + if (read_sz < 2) + return; if (flags.do_next_read) { flags.do_next_read = 0; diff -u -r -N squid-3.0.STABLE19/src/Server.cc squid-3.0.STABLE20/src/Server.cc --- squid-3.0.STABLE19/src/Server.cc 2009-09-06 23:29:36.000000000 +1200 +++ squid-3.0.STABLE20/src/Server.cc 2009-10-29 23:05:46.000000000 +1300 @@ -717,8 +717,15 @@ currentOffset += len; } -size_t ServerStateData::replyBodySpace(size_t space) +size_t ServerStateData::replyBodySpace(const MemBuf &readBuf, + const size_t minSpace) const { + size_t space = readBuf.spaceSize(); // available space w/o heroic measures + if (space < minSpace) { + const size_t maxSpace = readBuf.potentialSpaceSize(); // absolute best + space = min(minSpace, maxSpace); // do not promise more than asked + } + #if ICAP_CLIENT if (responseBodyBuffer) { return 0; // Stop reading if already overflowed waiting for ICAP to catch up diff -u -r -N squid-3.0.STABLE19/src/Server.h squid-3.0.STABLE20/src/Server.h --- squid-3.0.STABLE19/src/Server.h 2009-09-06 23:29:36.000000000 +1200 +++ squid-3.0.STABLE20/src/Server.h 2009-10-29 23:05:46.000000000 +1300 @@ -160,7 +160,7 @@ void adaptOrFinalizeReply(); void addVirginReplyBody(const char *buf, ssize_t len); void storeReplyBody(const char *buf, ssize_t len); - size_t replyBodySpace(size_t space = 4096 * 10); + size_t replyBodySpace(const MemBuf &readBuf, const size_t minSpace) const; // These should be private int64_t currentOffset; // Our current offset in the StoreEntry diff -u -r -N squid-3.0.STABLE19/src/tools.cc squid-3.0.STABLE20/src/tools.cc --- squid-3.0.STABLE19/src/tools.cc 2009-09-06 23:29:39.000000000 +1200 +++ squid-3.0.STABLE20/src/tools.cc 2009-10-29 23:05:48.000000000 +1300 @@ -40,16 +40,16 @@ #include "wordlist.h" #include "SquidTime.h" -#ifdef _SQUID_LINUX_ -#if HAVE_SYS_CAPABILITY_H +#if defined(_SQUID_LINUX_) && HAVE_SYS_CAPABILITY_H +// HACK: LIBCAP_BROKEN Ugly glue to get around linux header madness colliding with glibc +#if LIBCAP_BROKEN #undef _POSIX_SOURCE -/* Ugly glue to get around linux header madness colliding with glibc */ #define _LINUX_TYPES_H #define _LINUX_FS_H typedef uint32_t __u32; -#include -#endif #endif +#include +#endif /* HAVE_SYS_CAPABILITY_H */ #if HAVE_SYS_PRCTL_H #include @@ -1356,7 +1356,10 @@ static void restoreCapabilities(int keep) { -#if defined(_SQUID_LINUX_) && HAVE_SYS_CAPABILITY_H +/* NP: keep these two if-endif separate. Non-Linux work perfectly well without Linux syscap support. */ +#if defined(_SQUID_LINUX_) + +#if HAVE_SYS_CAPABILITY_H #ifndef _LINUX_CAPABILITY_VERSION_1 #define _LINUX_CAPABILITY_VERSION_1 _LINUX_CAPABILITY_VERSION #endif @@ -1366,54 +1369,48 @@ head->version = _LINUX_CAPABILITY_VERSION_1; if (capget(head, cap) != 0) { - debugs(50, 1, "Can't get current capabilities"); - goto nocap; + debugs(50, DBG_IMPORTANT, "Can't get current capabilities"); } - - if (head->version != _LINUX_CAPABILITY_VERSION_1) { - debugs(50, 1, "Invalid capability version " << head->version << " (expected " << _LINUX_CAPABILITY_VERSION_1 << ")"); - goto nocap; + else if (head->version != _LINUX_CAPABILITY_VERSION_1) { + debugs(50, DBG_IMPORTANT, "Invalid capability version " << head->version << " (expected " << _LINUX_CAPABILITY_VERSION_1 << ")"); } + else { - head->pid = 0; - - cap->inheritable = 0; - cap->effective = (1 << CAP_NET_BIND_SERVICE); -#if LINUX_TPROXY - - if (need_linux_tproxy) - cap->effective |= (1 << CAP_NET_ADMIN) | (1 << CAP_NET_BROADCAST); + head->pid = 0; -#endif + cap->inheritable = 0; + cap->effective = (1 << CAP_NET_BIND_SERVICE); - if (!keep) - cap->permitted &= cap->effective; - - if (capset(head, cap) != 0) { - /* Silent failure unless TPROXY is required */ #if LINUX_TPROXY - if (need_linux_tproxy) - debugs(50, 1, "Error enabling needed capabilities. Will continue without tproxy support"); + cap->effective |= (1 << CAP_NET_ADMIN) | (1 << CAP_NET_BROADCAST); +#endif - need_linux_tproxy = 0; + if (!keep) + cap->permitted &= cap->effective; + if (capset(head, cap) != 0) { + /* Silent failure unless TPROXY is required */ +#if LINUX_TPROXY + if (need_linux_tproxy) + debugs(50, 1, "Error enabling needed capabilities. Will continue without tproxy support"); + need_linux_tproxy = 0; #endif - + } } -nocap: xfree(head); xfree(cap); -#else -#if LINUX_TPROXY +#else /* not HAVE_SYS_CAPABILITY_H */ + +#if LINUX_TPROXY if (need_linux_tproxy) debugs(50, 1, "Missing needed capability support. Will continue without tproxy support"); - need_linux_tproxy = 0; - #endif -#endif +#endif /* HAVE_SYS_CAPABILITY_H */ + +#endif /* !defined(_SQUID_LINUX_) */ }