diff -ruN squid-2.6.STABLE21/ChangeLog squid-2.6.STABLE22/ChangeLog --- squid-2.6.STABLE21/ChangeLog 2008-06-27 23:37:35.000000000 +0200 +++ squid-2.6.STABLE22/ChangeLog 2008-10-19 19:43:14.000000000 +0200 @@ -1,3 +1,17 @@ +Changes to squid-2.6.STABLE22 (19 October 2008) + - Bug #2396: Correct the opening of the PF device file. + - Make --with-large-files and --with-build-envirnment=default play + nice together + - Workaround for Linux-2.6.24 & 2.6.25 netfiler_ipv4.h include header + __u32 problem + - Make dns_nameserver work when using --disable-internal-dns on glibc + based systems + - Bug #2426: Increase negotiate auth token buffer size + - Bug #2427: squid_ldap_group -h reports the old % codes for -f + - Bug #2477: swap.state permission issues if crashing during "squid -k + reconfigure" + - Windows port: Fix build error using latest MinGW runtime. + Changes to squid-2.6.STABLE21 (27 June 2008) - Bug #2350: Bugs in Linux kernel capabilities code diff -ruN squid-2.6.STABLE21/configure squid-2.6.STABLE22/configure --- squid-2.6.STABLE21/configure 2008-06-27 23:55:39.000000000 +0200 +++ squid-2.6.STABLE22/configure 2008-10-19 19:45:40.000000000 +0200 @@ -1,7 +1,7 @@ #! /bin/sh -# From configure.in Revision: 1.416.2.27 . +# From configure.in Revision: 1.416.2.30 . # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.61 for Squid Web Proxy 2.6.STABLE21. +# Generated by GNU Autoconf 2.61 for Squid Web Proxy 2.6.STABLE22. # # Report bugs to . # @@ -575,8 +575,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='2.6.STABLE21' -PACKAGE_STRING='Squid Web Proxy 2.6.STABLE21' +PACKAGE_VERSION='2.6.STABLE22' +PACKAGE_STRING='Squid Web Proxy 2.6.STABLE22' PACKAGE_BUGREPORT='http://www.squid-cache.org/bugs/' ac_default_prefix=/usr/local/squid @@ -1314,7 +1314,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 2.6.STABLE21 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 2.6.STABLE22 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1384,7 +1384,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 2.6.STABLE21:";; + short | recursive ) echo "Configuration of Squid Web Proxy 2.6.STABLE22:";; esac cat <<\_ACEOF @@ -1662,7 +1662,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 2.6.STABLE21 +Squid Web Proxy configure 2.6.STABLE22 generated by GNU Autoconf 2.61 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1676,7 +1676,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 2.6.STABLE21, which was +It was created by Squid Web Proxy $as_me 2.6.STABLE22, which was generated by GNU Autoconf 2.61. Invocation command line was $ $0 $@ @@ -2349,7 +2349,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='2.6.STABLE21' + VERSION='2.6.STABLE22' cat >>confdefs.h <<_ACEOF @@ -5229,10 +5229,16 @@ if test -z "$buildmodel"; then echo "WARNING: No suitable build environment found for large files. Trying to use _FILE_OFFSET_BITS=64" sleep 1 - CFLAGS="-D_FILE_OFFSET_BITS=64 $CFLAGS" fi fi -if test -n "$buildmodel" && test "$buildmodel" != "default"; then +case "$buildmodel" in +"default"|"") + if test $needlargefiles; then + echo "Enabling -D_FILE_OFFSET_BITS=64 for large file support" + CFLAGS="-D_FILE_OFFSET_BITS=64 $CFLAGS" + fi + ;; +*) echo "Using $buildmodel build environment" if test "`getconf _$buildmodel 2>/dev/null || true`" = 1 || test "`getconf $buildmodel 2>/dev/null || true`" ; then : # All fine @@ -5263,7 +5269,8 @@ *) ;; esac -fi + ;; +esac # Check whether --enable-linux-tproxy was given. if test "${enable_linux_tproxy+set}" = set; then @@ -24458,6 +24465,7 @@ + for ac_func in \ bcopy \ backtrace_symbols_fd \ @@ -24491,6 +24499,7 @@ regexec \ regfree \ res_init \ + __res_init \ rint \ sbrk \ select \ @@ -27276,7 +27285,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 2.6.STABLE21, which was +This file was extended by Squid Web Proxy $as_me 2.6.STABLE22, which was generated by GNU Autoconf 2.61. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -27329,7 +27338,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -Squid Web Proxy config.status 2.6.STABLE21 +Squid Web Proxy config.status 2.6.STABLE22 configured by $0, generated by GNU Autoconf 2.61, with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" diff -ruN squid-2.6.STABLE21/configure.in squid-2.6.STABLE22/configure.in --- squid-2.6.STABLE21/configure.in 2008-06-27 23:55:39.000000000 +0200 +++ squid-2.6.STABLE22/configure.in 2008-10-19 19:45:40.000000000 +0200 @@ -1,16 +1,16 @@ dnl dnl Configuration input file for Squid dnl -dnl $Id: configure.in,v 1.416.2.27 2008/06/27 21:26:34 hno Exp $ +dnl $Id: configure.in,v 1.416.2.30 2008/10/19 17:43:14 hno Exp $ dnl dnl dnl -AC_INIT(Squid Web Proxy, 2.6.STABLE21, http://www.squid-cache.org/bugs/, squid) +AC_INIT(Squid Web Proxy, 2.6.STABLE22, http://www.squid-cache.org/bugs/, squid) AC_PREREQ(2.52) AM_CONFIG_HEADER(include/autoconf.h) AC_CONFIG_AUX_DIR(cfgaux) AM_INIT_AUTOMAKE -AC_REVISION($Revision: 1.416.2.27 $)dnl +AC_REVISION($Revision: 1.416.2.30 $)dnl AC_PREFIX_DEFAULT(/usr/local/squid) AM_MAINTAINER_MODE @@ -1063,10 +1063,16 @@ if test -z "$buildmodel"; then echo "WARNING: No suitable build environment found for large files. Trying to use _FILE_OFFSET_BITS=64" sleep 1 - CFLAGS="-D_FILE_OFFSET_BITS=64 $CFLAGS" fi fi -if test -n "$buildmodel" && test "$buildmodel" != "default"; then +case "$buildmodel" in +"default"|"") + if test $needlargefiles; then + echo "Enabling -D_FILE_OFFSET_BITS=64 for large file support" + CFLAGS="-D_FILE_OFFSET_BITS=64 $CFLAGS" + fi + ;; +*) echo "Using $buildmodel build environment" if test "`getconf _$buildmodel 2>/dev/null || true`" = 1 || test "`getconf $buildmodel 2>/dev/null || true`" ; then : # All fine @@ -1108,7 +1114,8 @@ *) ;; esac -fi + ;; +esac dnl Enable Linux transparent proxy support AC_ARG_ENABLE(linux-tproxy, @@ -2351,6 +2358,7 @@ regexec \ regfree \ res_init \ + __res_init \ rint \ sbrk \ select \ diff -ruN squid-2.6.STABLE21/helpers/external_acl/ldap_group/squid_ldap_group.c squid-2.6.STABLE22/helpers/external_acl/ldap_group/squid_ldap_group.c --- squid-2.6.STABLE21/helpers/external_acl/ldap_group/squid_ldap_group.c 2008-03-18 03:59:15.000000000 +0100 +++ squid-2.6.STABLE22/helpers/external_acl/ldap_group/squid_ldap_group.c 2008-09-29 01:05:24.000000000 +0200 @@ -400,7 +400,7 @@ fprintf(stderr, "\n" PROGRAM_NAME " version " PROGRAM_VERSION "\n\n"); fprintf(stderr, "Usage: " PROGRAM_NAME " -b basedn -f filter [options] ldap_server_name\n\n"); fprintf(stderr, "\t-b basedn (REQUIRED)\tbase dn under where to search for groups\n"); - fprintf(stderr, "\t-f filter (REQUIRED)\tgroup search filter pattern. %%v = user,\n\t\t\t\t%%a = group\n"); + fprintf(stderr, "\t-f filter (REQUIRED)\tgroup search filter pattern. %%u = user,\n\t\t\t\t%%g = group\n"); fprintf(stderr, "\t-B basedn (REQUIRED)\tbase dn under where to search for users\n"); fprintf(stderr, "\t-F filter (REQUIRED)\tuser search filter pattern. %%s = login\n"); fprintf(stderr, "\t-s base|one|sub\t\tsearch scope\n"); diff -ruN squid-2.6.STABLE21/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c squid-2.6.STABLE22/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c --- squid-2.6.STABLE21/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c 2008-03-18 00:33:00.000000000 +0100 +++ squid-2.6.STABLE22/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c 2008-09-29 01:04:50.000000000 +0200 @@ -43,6 +43,9 @@ #ifndef MAXHOSTNAMELEN #define MAXHOSTNAMELEN HOST_NAME_MAX #endif +#ifndef MAX_AUTHTOKEN_LEN +#define MAX_AUTHTOKEN_LEN 65535 +#endif #define PROGRAM "squid_kerb_auth" @@ -173,10 +176,9 @@ } - int main(int argc, char * const argv[]) { - char buf[6400]; + char buf[MAX_AUTHTOKEN_LEN]; char *c; int length=0; static int err=0; diff -ruN squid-2.6.STABLE21/include/autoconf.h.in squid-2.6.STABLE22/include/autoconf.h.in --- squid-2.6.STABLE21/include/autoconf.h.in 2007-09-02 02:14:59.000000000 +0200 +++ squid-2.6.STABLE22/include/autoconf.h.in 2008-07-21 22:53:57.000000000 +0200 @@ -597,6 +597,9 @@ /* Define if you have PSAPI.DLL on Windows systems */ #undef HAVE_WIN32_PSAPI +/* Define to 1 if you have the `__res_init' function. */ +#undef HAVE___RES_INIT + /* Some systems support __va_copy */ #undef HAVE___VA_COPY diff -ruN squid-2.6.STABLE21/include/sspwin32.h squid-2.6.STABLE22/include/sspwin32.h --- squid-2.6.STABLE21/include/sspwin32.h 2006-09-09 17:41:45.000000000 +0200 +++ squid-2.6.STABLE22/include/sspwin32.h 2008-10-17 20:37:21.000000000 +0200 @@ -1,6 +1,6 @@ /* - * $Id: sspwin32.h,v 1.2 2006/09/09 15:41:45 serassio Exp $ + * $Id: sspwin32.h,v 1.2.2.1 2008/10/17 18:37:21 hno Exp $ * * AUTHOR: Guido Serassio * Based on previous work of Francesco Chemolli, Robert Collins and Andrew Doran @@ -46,6 +46,7 @@ #include #endif #include +#include #include #include diff -ruN squid-2.6.STABLE21/include/version.h squid-2.6.STABLE22/include/version.h --- squid-2.6.STABLE21/include/version.h 2008-06-27 23:55:39.000000000 +0200 +++ squid-2.6.STABLE22/include/version.h 2008-10-19 19:45:40.000000000 +0200 @@ -9,5 +9,5 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1214603735 +#define SQUID_RELEASE_TIME 1224438335 #endif diff -ruN squid-2.6.STABLE21/RELEASENOTES.html squid-2.6.STABLE22/RELEASENOTES.html --- squid-2.6.STABLE21/RELEASENOTES.html 2008-06-27 23:56:08.000000000 +0200 +++ squid-2.6.STABLE22/RELEASENOTES.html 2008-10-19 19:46:11.000000000 +0200 @@ -2,12 +2,12 @@ - Squid 2.6.STABLE21 release notes + Squid 2.6.STABLE22 release notes -

Squid 2.6.STABLE21 release notes

+

Squid 2.6.STABLE22 release notes

-

Squid Developers

$Id: release-2.6.html,v 1.44.2.21 2008/06/27 21:26:34 hno Exp $ +

Squid Developers

$Id: release-2.6.html,v 1.44.2.22 2008/10/19 17:43:14 hno Exp $
This document contains the release notes for version 2.6 of Squid. Squid is a WWW Cache application developed by the Web Caching community. @@ -90,6 +90,9 @@

26. Key changes squid-2.6.STABLE20 to 2.6.STABLE21

+

+

27. Key changes squid-2.6.STABLE21 to 2.6.STABLE22

+

1. Key changes from squid 2.5

@@ -841,5 +844,23 @@

+

27. Key changes squid-2.6.STABLE21 to 2.6.STABLE22

+ +

+

    +
  • Bug #2396: Correct the opening of the PF device file.
    • +
  • Make --with-large-files and --with-build-envirnment=default play nice together
    • +
  • Workaround for Linux-2.6.24 & 2.6.25 netfiler_ipv4.h include header __u32 problem
    • +
  • Make dns_nameserver work when using --disable-internal-dns on glibc based systems
    • +
  • Bug #2426: Increase negotiate auth token buffer size
    • +
  • Bug #2427: squid_ldap_group -h reports the old % codes for -f
    • +
  • Bug #2477: swap.state permission issues if crashing during "squid -k reconfigure"
    • +
  • Windows port: Fix build error using latest MinGW runtime.
    • +
  • See also the list of +squid-2.6.STABLE22 changes and the +ChangeLog file for details.
    • +
+

+ diff -ruN squid-2.6.STABLE21/src/auth/negotiate/auth_negotiate.c squid-2.6.STABLE22/src/auth/negotiate/auth_negotiate.c --- squid-2.6.STABLE21/src/auth/negotiate/auth_negotiate.c 2007-08-31 16:08:53.000000000 +0200 +++ squid-2.6.STABLE22/src/auth/negotiate/auth_negotiate.c 2008-09-29 01:04:50.000000000 +0200 @@ -1,6 +1,6 @@ /* - * $Id: auth_negotiate.c,v 1.7.2.4 2007/08/31 14:08:53 hno Exp $ + * $Id: auth_negotiate.c,v 1.7.2.5 2008/09/28 23:04:50 hno Exp $ * * DEBUG: section 29 Negotiate Authenticator * AUTHOR: Robert Collins @@ -41,6 +41,9 @@ #include "squid.h" #include "auth_negotiate.h" +// Maximum length (buffer size) for token strings. +#define MAX_AUTHTOKEN_LEN 32768 + extern AUTHSSETUP authSchemeSetup_negotiate; static void @@ -573,7 +576,7 @@ authenticateNegotiateStart(auth_user_request_t * auth_user_request, RH * handler, void *data) { authenticateStateData *r = NULL; - char buf[8192]; + char buf[MAX_AUTHTOKEN_LEN]; char *sent_string = NULL; negotiate_user_t *negotiate_user; negotiate_request_t *negotiate_request; @@ -606,9 +609,9 @@ r->auth_user_request = auth_user_request; authenticateAuthUserRequestLock(r->auth_user_request); if (negotiate_request->auth_state == AUTHENTICATE_STATE_INITIAL) { - snprintf(buf, 8192, "YR %s\n", sent_string); + snprintf(buf, MAX_AUTHTOKEN_LEN, "YR %s\n", sent_string); } else { - snprintf(buf, 8192, "KK %s\n", sent_string); + snprintf(buf, MAX_AUTHTOKEN_LEN, "KK %s\n", sent_string); } negotiate_request->waiting = 1; safe_free(negotiate_request->client_blob); diff -ruN squid-2.6.STABLE21/src/client_side.c squid-2.6.STABLE22/src/client_side.c --- squid-2.6.STABLE21/src/client_side.c 2008-06-27 23:06:39.000000000 +0200 +++ squid-2.6.STABLE22/src/client_side.c 2008-07-21 22:48:45.000000000 +0200 @@ -1,6 +1,6 @@ /* - * $Id: client_side.c,v 1.693.2.22 2008/06/27 21:06:39 hno Exp $ + * $Id: client_side.c,v 1.693.2.24 2008/07/21 20:48:45 hno Exp $ * * DEBUG: section 33 Client-side Routines * AUTHOR: Duane Wessels @@ -92,6 +92,7 @@ #endif #if LINUX_NETFILTER +#include #include #endif @@ -4458,7 +4459,7 @@ static int pffd = -1; static time_t last_reported = 0; if (pffd < 0) { - pffd = open("/dev/pf", O_RDWR); + pffd = open("/dev/pf", O_RDONLY); if (pffd >= 0) commSetCloseOnExec(pffd); } diff -ruN squid-2.6.STABLE21/src/dnsserver.c squid-2.6.STABLE22/src/dnsserver.c --- squid-2.6.STABLE21/src/dnsserver.c 2006-05-22 23:19:48.000000000 +0200 +++ squid-2.6.STABLE22/src/dnsserver.c 2008-07-21 22:49:10.000000000 +0200 @@ -1,6 +1,6 @@ /* - * $Id: dnsserver.c,v 1.62 2006/05/22 21:19:48 serassio Exp $ + * $Id: dnsserver.c,v 1.62.2.1 2008/07/21 20:49:10 hno Exp $ * * DEBUG: section 0 DNS Resolver * AUTHOR: Harvest Derived @@ -142,7 +142,7 @@ #include "util.h" #include "snprintf.h" -#if !defined(_SQUID_AIX_) && !defined(_SQUID_MSWIN_) +#if !defined(_SQUID_AIX_) && !defined(_SQUID_MSWIN_) && !defined(h_errno) extern int h_errno; #endif @@ -150,6 +150,16 @@ extern int _dns_ttl_; /* this is a really *dirty* hack - bne */ #endif +/* + * res_init() is a macro re-definition of __res_init on: Debian + */ +#if !defined(HAVE_RES_INIT) && defined(HAVE___RES_INIT) +#ifndef res_init +#define res_init __res_init +#endif +#define HAVE_RES_INIT HAVE___RES_INIT +#endif + #ifdef _SQUID_NEXT_ /* This is a really bloody hack. frank@langen.bull.de * Workaround bug in gethostbyname which sets h_errno wrong @@ -167,7 +177,7 @@ #endif /* error messages from gethostbyname() */ -static char * +static const char * my_h_msgs(int x) { if (x == HOST_NOT_FOUND) diff -ruN squid-2.6.STABLE21/src/forward.c squid-2.6.STABLE22/src/forward.c --- squid-2.6.STABLE21/src/forward.c 2008-04-02 03:16:29.000000000 +0200 +++ squid-2.6.STABLE22/src/forward.c 2008-07-21 22:48:45.000000000 +0200 @@ -1,6 +1,6 @@ /* - * $Id: forward.c,v 1.120.2.5 2008/04/02 01:16:29 hno Exp $ + * $Id: forward.c,v 1.120.2.6 2008/07/21 20:48:45 hno Exp $ * * DEBUG: section 17 Request Forwarding * AUTHOR: Duane Wessels @@ -37,6 +37,7 @@ #include "squid.h" #if LINUX_NETFILTER +#include #include #endif #if LINUX_TPROXY diff -ruN squid-2.6.STABLE21/src/tools.c squid-2.6.STABLE22/src/tools.c --- squid-2.6.STABLE21/src/tools.c 2008-06-27 23:02:06.000000000 +0200 +++ squid-2.6.STABLE22/src/tools.c 2008-10-06 23:31:57.000000000 +0200 @@ -1,6 +1,6 @@ /* - * $Id: tools.c,v 1.250.2.5 2008/06/27 21:02:06 hno Exp $ + * $Id: tools.c,v 1.250.2.6 2008/10/06 21:31:57 hno Exp $ * * DEBUG: section 21 Misc Functions * AUTHOR: Harvest Derived @@ -396,6 +396,7 @@ void fatal(const char *message) { + leave_suid(); releaseServerSockets(); /* check for store_dirs_rebuilding because fatal() is often * used in early initialization phases, long before we ever @@ -444,6 +445,7 @@ void fatal_dump(const char *message) { + leave_suid(); failure_notify = NULL; releaseServerSockets(); if (message)