diff -u -r -N squid-3.5.11/acinclude/lib-checks.m4 squid-3.5.12/acinclude/lib-checks.m4 --- squid-3.5.11/acinclude/lib-checks.m4 2015-11-01 02:44:25.000000000 -0800 +++ squid-3.5.12/acinclude/lib-checks.m4 2015-11-28 06:29:10.000000000 -0800 @@ -93,7 +93,11 @@ ], [ SSLeay_add_ssl_algorithms(); - SSL_CTX *sslContext = SSL_CTX_new(SSLv3_method()); +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) + SSL_CTX *sslContext = SSL_CTX_new(TLS_method()); +#else + SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method()); +#endif SSL *ssl = SSL_new(sslContext); X509* cert = SSL_get_certificate(ssl); return 0; @@ -120,7 +124,11 @@ ], [ SSLeay_add_ssl_algorithms(); - SSL_CTX *sslContext = SSL_CTX_new(SSLv3_method()); +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) + SSL_CTX *sslContext = SSL_CTX_new(TLS_method()); +#else + SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method()); +#endif X509 ***pCert = (X509 ***)sslContext->cert; X509 *sslCtxCert = pCert && *pCert ? **pCert : (X509 *)0x1; if (sslCtxCert != NULL) diff -u -r -N squid-3.5.11/ChangeLog squid-3.5.12/ChangeLog --- squid-3.5.11/ChangeLog 2015-11-01 02:44:25.000000000 -0800 +++ squid-3.5.12/ChangeLog 2015-11-28 06:29:10.000000000 -0800 @@ -1,3 +1,15 @@ +Changes to squid-3.5.12 (28 Nov 2015): + + - Bug 4374: refresh_pattern config parser (%) + - Bug 4373: assertion 'calloutContext->redirect_state == REDIRECT_NONE' + - Bug 4228: links with krb5 libs despite --without options + - Fix SSL_get_certificate() problem detection + - Fix TLS handshake problem during Renegotiation + - Fix cache_peer forceddomain= in CONNECT + - Fix status code-based HTTP reason phrase for eCAP-generated messages + - Fix build errors in cpuafinity.cc + - ... and several documentation updates + Changes to squid-3.5.11 (01 Nov 2015): - Bug 3574: crashes on reconfigure and startup diff -u -r -N squid-3.5.11/compat/cpu.h squid-3.5.12/compat/cpu.h --- squid-3.5.11/compat/cpu.h 2015-11-01 02:44:25.000000000 -0800 +++ squid-3.5.12/compat/cpu.h 2015-11-28 06:29:10.000000000 -0800 @@ -9,12 +9,42 @@ #ifndef SQUID_COMPAT_CPU_H #define SQUID_COMPAT_CPU_H -#if HAVE_CPU_AFFINITY - +#if HAVE_ERRNO_H +#include /* for ENOTSUP */ +#endif #if HAVE_SCHED_H #include #endif +#if !HAVE_CPU_AFFINITY +/* failing replacements to minimize the number of if-HAVE_CPU_AFFINITYs */ +typedef struct { + int bits; +} cpu_set_t; +inline int sched_setaffinity(int, size_t, cpu_set_t *) { return ENOTSUP; } +inline int sched_getaffinity(int, size_t, cpu_set_t *) { return ENOTSUP; } +#endif /* HAVE_CPU_AFFINITY */ + +#if !defined(CPU_SETSIZE) +#define CPU_SETSIZE 0 +#endif + +#if !defined(CPU_ZERO) +#define CPU_ZERO(set) (void)0 +#endif + +#if !defined(CPU_SET) +#define CPU_SET(cpu, set) (void)0 +#endif + +#if !defined(CPU_CLR) +#define CPU_CLR(cpu, set) (void)0 +#endif + +#if !defined(CPU_ISSET) +#define CPU_ISSET(cpu, set) false +#endif + // glibc prior to 2.6 lacks CPU_COUNT #ifndef CPU_COUNT #define CPU_COUNT(set) CpuCount(set) @@ -47,26 +77,5 @@ } #endif /* CPU_AND */ -#else /* HAVE_CPU_AFFINITY */ - -#if HAVE_ERRNO_H -#include /* for ENOTSUP */ -#endif - -/* failing replacements to minimize the number of if-HAVE_CPU_AFFINITYs */ -typedef struct { - int bits; -} cpu_set_t; -#define CPU_SETSIZE 0 -#define CPU_COUNT(set) 0 -#define CPU_AND(destset, srcset1, srcset2) (void)0 -#define CPU_ZERO(set) (void)0 -#define CPU_SET(cpu, set) (void)0 -#define CPU_CLR(cpu, set) (void)0 -inline int sched_setaffinity(int, size_t, cpu_set_t *) { return ENOTSUP; } -inline int sched_getaffinity(int, size_t, cpu_set_t *) { return ENOTSUP; } - -#endif /* HAVE_CPU_AFFINITY */ - #endif /* SQUID_COMPAT_CPU_H */ diff -u -r -N squid-3.5.11/configure squid-3.5.12/configure --- squid-3.5.11/configure 2015-11-01 02:46:19.000000000 -0800 +++ squid-3.5.12/configure 2015-11-28 06:31:11.000000000 -0800 @@ -1,7 +1,7 @@ #! /bin/sh # From configure.ac Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for Squid Web Proxy 3.5.11. +# Generated by GNU Autoconf 2.69 for Squid Web Proxy 3.5.12. # # Report bugs to . # @@ -595,8 +595,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='3.5.11' -PACKAGE_STRING='Squid Web Proxy 3.5.11' +PACKAGE_VERSION='3.5.12' +PACKAGE_STRING='Squid Web Proxy 3.5.12' PACKAGE_BUGREPORT='http://bugs.squid-cache.org/' PACKAGE_URL='' @@ -1633,7 +1633,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 3.5.11 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 3.5.12 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1704,7 +1704,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 3.5.11:";; + short | recursive ) echo "Configuration of Squid Web Proxy 3.5.12:";; esac cat <<\_ACEOF @@ -2111,7 +2111,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 3.5.11 +Squid Web Proxy configure 3.5.12 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -3215,7 +3215,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 3.5.11, which was +It was created by Squid Web Proxy $as_me 3.5.12, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4082,7 +4082,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='3.5.11' + VERSION='3.5.12' cat >>confdefs.h <<_ACEOF @@ -23060,7 +23060,11 @@ { SSLeay_add_ssl_algorithms(); - SSL_CTX *sslContext = SSL_CTX_new(SSLv3_method()); +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) + SSL_CTX *sslContext = SSL_CTX_new(TLS_method()); +#else + SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method()); +#endif SSL *ssl = SSL_new(sslContext); X509* cert = SSL_get_certificate(ssl); return 0; @@ -23110,7 +23114,11 @@ { SSLeay_add_ssl_algorithms(); - SSL_CTX *sslContext = SSL_CTX_new(SSLv3_method()); +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) + SSL_CTX *sslContext = SSL_CTX_new(TLS_method()); +#else + SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method()); +#endif X509 ***pCert = (X509 ***)sslContext->cert; X509 *sslCtxCert = pCert && *pCert ? **pCert : (X509 *)0x1; if (sslCtxCert != NULL) @@ -23556,112 +23564,30 @@ - -# Check whether --with-heimdal-krb5 was given. -if test "${with_heimdal_krb5+set}" = set; then : - withval=$with_heimdal_krb5; -case "$with_heimdal_krb5" in - yes|no) - : # Nothing special to do here - ;; - *) - if test ! -d "$withval" ; then - as_fn_error $? "--with-heimdal-krb5 path does not point to a directory" "$LINENO" 5 - fi - if test -d "$with_heimdal_krb5/lib64" ; then - LIB_KRB5_PATH="-L$with_heimdal_krb5/lib64 -L$with_heimdal_krb5/lib" - else - LIB_KRB5_PATH="-L$with_heimdal_krb5/lib" - fi - CXXFLAGS="-I$with_heimdal_krb5/include $CXXFLAGS" - krb5confpath="$with_heimdal_krb5/bin" - with_heimdal_krb5=yes -esac - -fi - - - - - - -# Check whether --with-gnugss was given. -if test "${with_gnugss+set}" = set; then : - withval=$with_gnugss; -case "$with_gnugss" in - yes|no) - : # Nothing special to do here - ;; - *) - if test ! -d "$withval" ; then - as_fn_error $? "--with-gnugss path does not point to a directory" "$LINENO" 5 - fi - if test ! -d "$with_gnugss/lib64" ; then - LIB_KRB5_PATH="-L$with_gnugss/lib64 -L$with_gnugss/lib" - else - LIB_KRB5_PATH="-L$with_gnugss/lib" - fi - CXXFLAGS="-I$with_gnugss/include $CXXFLAGS" - krb5confpath= - with_gnugss=yes -esac - -fi - - - -# determine krb5 conflicts -ac_with_krb5_count=0 -if test "x$with_mit_krb5" = "xyes"; then - ac_with_krb5_count=`expr $ac_with_krb5_count + 1` -fi -if test "x$with_heimdal_krb5" = "xyes"; then - ac_with_krb5_count=`expr $ac_with_krb5_count + 1` -fi -if test "x$with_gnugss" = "xyes"; then - ac_with_krb5_count=`expr $ac_with_krb5_count + 1` -fi - -if test $ac_with_krb5_count -gt 1 ; then - as_fn_error $? "Please choose only one Kerberos library." "$LINENO" 5 -elif test $ac_with_krb5_count -eq 0 ; then +## find out if pkg-config or krb5-config will work +if test "x$with_mit_krb5" != "xno"; then # find installed libs via pkg-config or krb5-config + squid_pc_krb5_name= if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gssapi-krb5 krb5\""; } >&5 - ($PKG_CONFIG --exists --print-errors "gssapi-krb5 krb5") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"mit-krb5-gssapi mit-krb5\""; } >&5 + ($PKG_CONFIG --exists --print-errors "mit-krb5-gssapi mit-krb5") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - with_mit_krb5=yes -fi - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"heimdal-gssapi\""; } >&5 - ($PKG_CONFIG --exists --print-errors "heimdal-gssapi") 2>&5 + squid_pc_krb5_name="mit-krb5-gssapi mit-krb5" +else + + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gssapi-krb5 krb5\""; } >&5 + ($PKG_CONFIG --exists --print-errors "gssapi-krb5 krb5") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - with_heimdal_krb5=yes + squid_pc_krb5_name="gssapi-krb5 krb5" fi - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gss\""; } >&5 - ($PKG_CONFIG --exists --print-errors "gss") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - with_gnugss=yes + fi - if test "x$with_mit_krb5" = "xyes"; then - ac_with_krb5_count=`expr $ac_with_krb5_count + 1` - fi - if test "x$with_heimdal_krb5" = "xyes"; then - ac_with_krb5_count=`expr $ac_with_krb5_count + 1` - fi - if test "x$with_gnugss" = "xyes"; then - ac_with_krb5_count=`expr $ac_with_krb5_count + 1` - fi - if test $ac_with_krb5_count -gt 1 ; then - as_fn_error $? "pkg-config found multiple Kerberos library. Please select one with --with-" "$LINENO" 5 - elif test $ac_with_krb5_count -eq 0 -a "$cross_compiling" = "no"; then + if test "x$squid_pc_krb5_name" = "x" -a "$cross_compiling" = "no"; then # Look for krb5-config (unless cross-compiling) # Extract the first word of "krb5-config", so it can be a program name with args. set dummy krb5-config; ac_word=$2 @@ -23709,30 +23635,28 @@ ac_heimdal="`$ac_cv_path_krb5_config --version 2>/dev/null | grep -c -i heimdal`" ac_solaris="`$ac_cv_path_krb5_config --version 2>/dev/null | grep -c -i solaris`" ac_apple="`$ac_cv_path_krb5_config --vendor 2>/dev/null | grep -c -i apple`" - if test $ac_heimdal -gt 0 ; then - with_heimdal_krb5=yes - ac_with_krb5_count=1 - fi if test $ac_solaris -gt 0 ; then with_solaris_krb5=yes - ac_with_krb5_count=1 - fi - if test $ac_apple -gt 0 ; then + elif test $ac_apple -gt 0 ; then with_apple_krb5=yes - ac_with_krb5_count=1 - fi - if test $ac_heimdal -eq 0 && test $ac_solaris -eq 0 && test $ac_apple -eq 0; then - with_mit_krb5=yes - ac_with_krb5_count=1 + elif test $ac_heimdal -gt 0; then + with_mit_krb5=no + if test "x$with_mit_krb5" = "xyes"; then + as_fn_error $? "Could not find pkg-config or krb5-config for MIT Kerberos" "$LINENO" 5 + fi fi else - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Could not find krb5-config in path" >&5 -$as_echo "$as_me: WARNING: Could not find krb5-config in path" >&2;} + if test "x$with_mit_krb5" = "xyes"; then + as_fn_error $? "Could not find krb5-config in path" "$LINENO" 5 + else + with_mit_krb5=no + fi fi fi fi -if test "x$with_mit_krb5" = "xyes" || test "x$with_apple_krb5" = "xyes" ; then +# detect MIT Kerberos or Apple Kerberos dependencies +if test "x$with_mit_krb5" != "xno" || test "x$with_apple_krb5" = "xyes" ; then # save state, key is squid_krb5_save squid_krb5_save_CFLAGS="${CFLAGS}" @@ -23760,12 +23684,12 @@ pkg_cv_LIB_KRB5_CFLAGS="$LIB_KRB5_CFLAGS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gssapi-krb5 krb5\""; } >&5 - ($PKG_CONFIG --exists --print-errors "gssapi-krb5 krb5") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"\$squid_pc_krb5_name\""; } >&5 + ($PKG_CONFIG --exists --print-errors "$squid_pc_krb5_name") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_LIB_KRB5_CFLAGS=`$PKG_CONFIG --cflags "gssapi-krb5 krb5" 2>/dev/null` + pkg_cv_LIB_KRB5_CFLAGS=`$PKG_CONFIG --cflags "$squid_pc_krb5_name" 2>/dev/null` else pkg_failed=yes fi @@ -23776,12 +23700,12 @@ pkg_cv_LIB_KRB5_LIBS="$LIB_KRB5_LIBS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gssapi-krb5 krb5\""; } >&5 - ($PKG_CONFIG --exists --print-errors "gssapi-krb5 krb5") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"\$squid_pc_krb5_name\""; } >&5 + ($PKG_CONFIG --exists --print-errors "$squid_pc_krb5_name") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_LIB_KRB5_LIBS=`$PKG_CONFIG --libs "gssapi-krb5 krb5" 2>/dev/null` + pkg_cv_LIB_KRB5_LIBS=`$PKG_CONFIG --libs "$squid_pc_krb5_name" 2>/dev/null` else pkg_failed=yes fi @@ -23801,9 +23725,9 @@ _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - LIB_KRB5_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "gssapi-krb5 krb5" 2>&1` + LIB_KRB5_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "$squid_pc_krb5_name" 2>&1` else - LIB_KRB5_PKG_ERRORS=`$PKG_CONFIG --print-errors "gssapi-krb5 krb5" 2>&1` + LIB_KRB5_PKG_ERRORS=`$PKG_CONFIG --print-errors "$squid_pc_krb5_name" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$LIB_KRB5_PKG_ERRORS" >&5 @@ -23887,6 +23811,7 @@ eval "${squid_util_var_tosave2}=\"${squid_util_var_tosave}\"" done + missing_required= { $as_echo "$as_me:${as_lineno-$LINENO}: Try to find Kerberos libraries in given path" >&5 $as_echo "$as_me: Try to find Kerberos libraries in given path" >&6;} { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lcom_err" >&5 @@ -23923,7 +23848,9 @@ LIB_KRB5_LIBS="-lcom_err $LIB_KRB5_LIBS" else - as_fn_error $? "library 'com_err' is required for MIT Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'com_err' is required for MIT Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'com_err' is required for MIT Kerberos" >&2;} + missing_required=yes fi @@ -23962,7 +23889,9 @@ LIB_KRB5_LIBS="-lk5crypto $LIB_KRB5_LIBS" else - as_fn_error $? "library 'k5crypto' is required for MIT Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'k5crypto' is required for MIT Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'k5crypto' is required for MIT Kerberos" >&2;} + missing_required=yes fi @@ -24001,7 +23930,9 @@ LIB_KRB5_LIBS="-lkrb5 $LIB_KRB5_LIBS" else - as_fn_error $? "library 'krb5' is required for MIT Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'krb5' is required for MIT Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'krb5' is required for MIT Kerberos" >&2;} + missing_required=yes fi @@ -24040,7 +23971,9 @@ LIB_KRB5_LIBS="-lgssapi_krb5 $LIB_KRB5_LIBS" else - as_fn_error $? "library 'gssapi_krb5' is required for MIT Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'gssapi_krb5' is required for MIT Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'gssapi_krb5' is required for MIT Kerberos" >&2;} + missing_required=yes fi @@ -24071,9 +24004,11 @@ done + if test "x$missing_required" = "xyes"; then + LIB_KRB5_LIBS="" + fi fi - elif test $pkg_failed = untried; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -24156,6 +24091,7 @@ eval "${squid_util_var_tosave2}=\"${squid_util_var_tosave}\"" done + missing_required= { $as_echo "$as_me:${as_lineno-$LINENO}: Try to find Kerberos libraries in given path" >&5 $as_echo "$as_me: Try to find Kerberos libraries in given path" >&6;} { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lcom_err" >&5 @@ -24192,7 +24128,9 @@ LIB_KRB5_LIBS="-lcom_err $LIB_KRB5_LIBS" else - as_fn_error $? "library 'com_err' is required for MIT Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'com_err' is required for MIT Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'com_err' is required for MIT Kerberos" >&2;} + missing_required=yes fi @@ -24231,7 +24169,9 @@ LIB_KRB5_LIBS="-lk5crypto $LIB_KRB5_LIBS" else - as_fn_error $? "library 'k5crypto' is required for MIT Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'k5crypto' is required for MIT Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'k5crypto' is required for MIT Kerberos" >&2;} + missing_required=yes fi @@ -24270,7 +24210,9 @@ LIB_KRB5_LIBS="-lkrb5 $LIB_KRB5_LIBS" else - as_fn_error $? "library 'krb5' is required for MIT Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'krb5' is required for MIT Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'krb5' is required for MIT Kerberos" >&2;} + missing_required=yes fi @@ -24309,7 +24251,9 @@ LIB_KRB5_LIBS="-lgssapi_krb5 $LIB_KRB5_LIBS" else - as_fn_error $? "library 'gssapi_krb5' is required for MIT Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'gssapi_krb5' is required for MIT Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'gssapi_krb5' is required for MIT Kerberos" >&2;} + missing_required=yes fi @@ -24340,9 +24284,11 @@ done + if test "x$missing_required" = "xyes"; then + LIB_KRB5_LIBS="" + fi fi - else LIB_KRB5_CFLAGS=$pkg_cv_LIB_KRB5_CFLAGS LIB_KRB5_LIBS=$pkg_cv_LIB_KRB5_LIBS @@ -25544,14 +25490,14 @@ unset squid_tmp_define - fi - if test "x$KRB5LIBS" = "x"; then + if test "x$with_mit_krb5" = "xyes" -a "x$KRB5LIBS" = "x"; then as_fn_error $? "Required Kerberos library not found" "$LINENO" 5 - ac_with_krb5_count=0 + elif test "x$KRB5LIBS" = "x"; then + with_mit_krb5=no + with_apple_krb5=no fi - # rollback state, key is squid_krb5_save CFLAGS="${squid_krb5_save_CFLAGS}" CXXFLAGS="${squid_krb5_save_CXXFLAGS}" @@ -25580,7 +25526,8 @@ fi -if test "x$with_solaris_krb5" = "xyes"; then +# detect Solaris Kerberos dependencies +if test "x$with_solaris_krb5" = "xyes" -a "x$KRB5LIBS" = "x"; then # save state, key is squid_krb5_save squid_krb5_save_CFLAGS="${CFLAGS}" @@ -25683,6 +25630,7 @@ eval "${squid_util_var_tosave2}=\"${squid_util_var_tosave}\"" done + missing_required= { $as_echo "$as_me:${as_lineno-$LINENO}: Try to find Kerberos libraries in given path" >&5 $as_echo "$as_me: Try to find Kerberos libraries in given path" >&6;} { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lkrb5" >&5 @@ -25719,7 +25667,9 @@ LIB_KRB5_LIBS="-lkrb5 $LIB_KRB5_LIBS" else - as_fn_error $? "library 'krb5' is required for Solaris Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'krb5' is required for Solaris Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'krb5' is required for Solaris Kerberos" >&2;} + missing_required=yes fi @@ -25758,7 +25708,9 @@ LIB_KRB5_LIBS="-lgss $LIB_KRB5_LIBS" else - as_fn_error $? "library 'gss' is required for Solaris Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'gss' is required for Solaris Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'gss' is required for Solaris Kerberos" >&2;} + missing_required=yes fi @@ -25789,6 +25741,9 @@ done + if test "x$missing_required" = "xyes"; then + LIB_KRB5_LIBS="" + fi fi if test "x$LIB_KRB5_LIBS" != "x"; then @@ -25905,7 +25860,6 @@ fi - ac_com_error_message=no if test "x$ac_cv_header_com_err_h" = "xyes" ; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -27025,14 +26979,15 @@ unset squid_tmp_define - fi - if test "x$KRB5LIBS" = "x"; then + if test "x$with_mit_krb5" = "xyes" -a "x$KRB5LIBS" = "x"; then + # Error only if Solaris flavour was detected while looking for required MIT Kerberos as_fn_error $? "Required Kerberos library not found" "$LINENO" 5 - ac_with_krb5_count=0 + elif test "x$KRB5LIBS" = "x"; then + with_solaris_krb5=no + with_mit_krb5=no fi - # rollback state, key is squid_krb5_save CFLAGS="${squid_krb5_save_CFLAGS}" CXXFLAGS="${squid_krb5_save_CXXFLAGS}" @@ -27061,7 +27016,112 @@ fi -if test "x$with_heimdal_krb5" = "xyes"; then + +# Check whether --with-heimdal-krb5 was given. +if test "${with_heimdal_krb5+set}" = set; then : + withval=$with_heimdal_krb5; +case "$with_heimdal_krb5" in + yes|no) + : # Nothing special to do here + ;; + *) + if test ! -d "$withval" ; then + as_fn_error $? "--with-heimdal-krb5 path does not point to a directory" "$LINENO" 5 + fi + if test -d "$with_heimdal_krb5/lib64" ; then + LIB_KRB5_PATH="-L$with_heimdal_krb5/lib64 -L$with_heimdal_krb5/lib" + else + LIB_KRB5_PATH="-L$with_heimdal_krb5/lib" + fi + CXXFLAGS="-I$with_heimdal_krb5/include $CXXFLAGS" + krb5confpath="$with_heimdal_krb5/bin" + with_heimdal_krb5=yes +esac + +fi + + +if test "x$with_heimdal_krb5" != "xno" -a "x$KRB5LIBS" = "x"; then + # find installed libs via pkg-config or krb5-config + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"heimdal-krb5\""; } >&5 + ($PKG_CONFIG --exists --print-errors "heimdal-krb5") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + squid_pc_krb5_name="heimdal-krb5" +fi + if test "x$squid_pc_krb5_name" = "x"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"heimdal-gssapi\""; } >&5 + ($PKG_CONFIG --exists --print-errors "heimdal-gssapi") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + squid_pc_krb5_name="heimdal-gssapi" +fi + fi + if test "x$squid_pc_krb5_name" != "x" -a "$cross_compiling" = "no"; then + # Look for krb5-config (unless cross-compiling) + # Extract the first word of "krb5-config", so it can be a program name with args. +set dummy krb5-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_krb5_config+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $krb5_config in + [\\/]* | ?:[\\/]*) + ac_cv_path_krb5_config="$krb5_config" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_krb5_config="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + test -z "$ac_cv_path_krb5_config" && ac_cv_path_krb5_config="no" + ;; +esac +fi +krb5_config=$ac_cv_path_krb5_config +if test -n "$krb5_config"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_config" >&5 +$as_echo "$krb5_config" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + if test "x$ac_cv_path_krb5_config" != "xno" ; then + krb5confpath="`dirname $ac_cv_path_krb5_config`" + ac_heimdal="`$ac_cv_path_krb5_config --version 2>/dev/null | grep -c -i heimdal`" + if test "x$with_heimdal_krb5" = "xyes"; then + as_fn_error $? "Could not find pkg-config or krb5-config for Heimdal Kerberos" "$LINENO" 5 + fi + else + if test "x$with_heimdal_krb5" = "xyes"; then + as_fn_error $? "Could not find krb5-config in path" "$LINENO" 5 + else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Could not find krb5-config in path" >&5 +$as_echo "$as_me: WARNING: Could not find krb5-config in path" >&2;} + with_heimdal_krb5=no + fi + fi + fi +fi +if test "x$with_heimdal_krb5" != "xno" -a "x$KRB5LIBS" = "x"; then # save state, key is squid_krb5_save squid_krb5_save_CFLAGS="${CFLAGS}" @@ -27089,12 +27149,12 @@ pkg_cv_LIB_KRB5_CFLAGS="$LIB_KRB5_CFLAGS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"heimdal-gssapi\""; } >&5 - ($PKG_CONFIG --exists --print-errors "heimdal-gssapi") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"\$squid_pc_krb5_name\""; } >&5 + ($PKG_CONFIG --exists --print-errors "$squid_pc_krb5_name") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_LIB_KRB5_CFLAGS=`$PKG_CONFIG --cflags "heimdal-gssapi" 2>/dev/null` + pkg_cv_LIB_KRB5_CFLAGS=`$PKG_CONFIG --cflags "$squid_pc_krb5_name" 2>/dev/null` else pkg_failed=yes fi @@ -27105,12 +27165,12 @@ pkg_cv_LIB_KRB5_LIBS="$LIB_KRB5_LIBS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"heimdal-gssapi\""; } >&5 - ($PKG_CONFIG --exists --print-errors "heimdal-gssapi") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"\$squid_pc_krb5_name\""; } >&5 + ($PKG_CONFIG --exists --print-errors "$squid_pc_krb5_name") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_LIB_KRB5_LIBS=`$PKG_CONFIG --libs "heimdal-gssapi" 2>/dev/null` + pkg_cv_LIB_KRB5_LIBS=`$PKG_CONFIG --libs "$squid_pc_krb5_name" 2>/dev/null` else pkg_failed=yes fi @@ -27130,9 +27190,9 @@ _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - LIB_KRB5_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "heimdal-gssapi" 2>&1` + LIB_KRB5_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "$squid_pc_krb5_name" 2>&1` else - LIB_KRB5_PKG_ERRORS=`$PKG_CONFIG --print-errors "heimdal-gssapi" 2>&1` + LIB_KRB5_PKG_ERRORS=`$PKG_CONFIG --print-errors "$squid_pc_krb5_name" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$LIB_KRB5_PKG_ERRORS" >&5 @@ -27189,7 +27249,7 @@ ac_krb5_config="$krb5confpath/krb5-config" fi fi - if test "x$ac_krb5_config" != "x" && test -x "$ac_krb5_config"; then + if test "x$ac_krb5_config" != "x" -a -x "$ac_krb5_config"; then # Get libs, etc { $as_echo "$as_me:${as_lineno-$LINENO}: Use krb5-config to get CXXFLAGS and LIBS" >&5 $as_echo "$as_me: Use krb5-config to get CXXFLAGS and LIBS" >&6;} @@ -27215,7 +27275,7 @@ eval "${squid_util_var_tosave2}=\"${squid_util_var_tosave}\"" done - + missing_required= { $as_echo "$as_me:${as_lineno-$LINENO}: Try to find Kerberos libraries in given path" >&5 $as_echo "$as_me: Try to find Kerberos libraries in given path" >&6;} { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lresolv" >&5 @@ -27252,7 +27312,9 @@ LIB_KRB5_LIBS="-lresolv $LIB_KRB5_LIBS" else - as_fn_error $? "library 'resolv' is required for Heimdal Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'resolv' is required for Heimdal Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'resolv' is required for Heimdal Kerberos" >&2;} + missing_required=yes fi @@ -27291,7 +27353,9 @@ LIB_KRB5_LIBS="-lcrypt $LIB_KRB5_LIBS" else - as_fn_error $? "library 'crypt' is required for Heimdal Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'crypt' is required for Heimdal Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'crypt' is required for Heimdal Kerberos" >&2;} + missing_required=yes fi @@ -27330,7 +27394,9 @@ LIB_KRB5_LIBS="-lroken $LIB_KRB5_LIBS" else - as_fn_error $? "library 'roken' is required for Heimdal Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'roken' is required for Heimdal Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'roken' is required for Heimdal Kerberos" >&2;} + missing_required=yes fi @@ -27449,7 +27515,9 @@ LIB_KRB5_LIBS="-lcrypto $LIB_KRB5_LIBS" else - as_fn_error $? "library 'crypto' is required for Heimdal Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'crypto' is required for Heimdal Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'crypto' is required for Heimdal Kerberos" >&2;} + missing_required=yes fi @@ -27488,7 +27556,9 @@ LIB_KRB5_LIBS="-lcom_err $LIB_KRB5_LIBS" else - as_fn_error $? "library 'com_err' is required for Heimdal Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'com_err' is required for Heimdal Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'com_err' is required for Heimdal Kerberos" >&2;} + missing_required=yes fi @@ -27567,7 +27637,9 @@ LIB_KRB5_LIBS="-lasn1 $LIB_KRB5_LIBS" else - as_fn_error $? "library 'asn1' is required for Heimdal Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'asn1' is required for Heimdal Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'asn1' is required for Heimdal Kerberos" >&2;} + missing_required=yes fi @@ -27606,7 +27678,9 @@ LIB_KRB5_LIBS="-lkrb5 $LIB_KRB5_LIBS" else - as_fn_error $? "library 'krb5' is required for Heimdal Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'krb5' is required for Heimdal Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'krb5' is required for Heimdal Kerberos" >&2;} + missing_required=yes fi @@ -27685,7 +27759,9 @@ LIB_KRB5_LIBS="-lgssapi $LIB_KRB5_LIBS" else - as_fn_error $? "library 'gssapi' is required for Heimdal Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'gssapi' is required for Heimdal Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'gssapi' is required for Heimdal Kerberos" >&2;} + missing_required=yes fi @@ -27716,9 +27792,11 @@ done + if test "x$missing_required" = "xyes"; then + LIB_KRB5_LIBS="" + fi fi - elif test $pkg_failed = untried; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -27774,7 +27852,7 @@ ac_krb5_config="$krb5confpath/krb5-config" fi fi - if test "x$ac_krb5_config" != "x" && test -x "$ac_krb5_config"; then + if test "x$ac_krb5_config" != "x" -a -x "$ac_krb5_config"; then # Get libs, etc { $as_echo "$as_me:${as_lineno-$LINENO}: Use krb5-config to get CXXFLAGS and LIBS" >&5 $as_echo "$as_me: Use krb5-config to get CXXFLAGS and LIBS" >&6;} @@ -27800,7 +27878,7 @@ eval "${squid_util_var_tosave2}=\"${squid_util_var_tosave}\"" done - + missing_required= { $as_echo "$as_me:${as_lineno-$LINENO}: Try to find Kerberos libraries in given path" >&5 $as_echo "$as_me: Try to find Kerberos libraries in given path" >&6;} { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lresolv" >&5 @@ -27837,7 +27915,9 @@ LIB_KRB5_LIBS="-lresolv $LIB_KRB5_LIBS" else - as_fn_error $? "library 'resolv' is required for Heimdal Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'resolv' is required for Heimdal Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'resolv' is required for Heimdal Kerberos" >&2;} + missing_required=yes fi @@ -27876,7 +27956,9 @@ LIB_KRB5_LIBS="-lcrypt $LIB_KRB5_LIBS" else - as_fn_error $? "library 'crypt' is required for Heimdal Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'crypt' is required for Heimdal Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'crypt' is required for Heimdal Kerberos" >&2;} + missing_required=yes fi @@ -27915,7 +27997,9 @@ LIB_KRB5_LIBS="-lroken $LIB_KRB5_LIBS" else - as_fn_error $? "library 'roken' is required for Heimdal Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'roken' is required for Heimdal Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'roken' is required for Heimdal Kerberos" >&2;} + missing_required=yes fi @@ -28034,7 +28118,9 @@ LIB_KRB5_LIBS="-lcrypto $LIB_KRB5_LIBS" else - as_fn_error $? "library 'crypto' is required for Heimdal Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'crypto' is required for Heimdal Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'crypto' is required for Heimdal Kerberos" >&2;} + missing_required=yes fi @@ -28073,7 +28159,9 @@ LIB_KRB5_LIBS="-lcom_err $LIB_KRB5_LIBS" else - as_fn_error $? "library 'com_err' is required for Heimdal Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'com_err' is required for Heimdal Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'com_err' is required for Heimdal Kerberos" >&2;} + missing_required=yes fi @@ -28152,7 +28240,9 @@ LIB_KRB5_LIBS="-lasn1 $LIB_KRB5_LIBS" else - as_fn_error $? "library 'asn1' is required for Heimdal Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'asn1' is required for Heimdal Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'asn1' is required for Heimdal Kerberos" >&2;} + missing_required=yes fi @@ -28191,7 +28281,9 @@ LIB_KRB5_LIBS="-lkrb5 $LIB_KRB5_LIBS" else - as_fn_error $? "library 'krb5' is required for Heimdal Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'krb5' is required for Heimdal Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'krb5' is required for Heimdal Kerberos" >&2;} + missing_required=yes fi @@ -28270,7 +28362,9 @@ LIB_KRB5_LIBS="-lgssapi $LIB_KRB5_LIBS" else - as_fn_error $? "library 'gssapi' is required for Heimdal Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'gssapi' is required for Heimdal Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'gssapi' is required for Heimdal Kerberos" >&2;} + missing_required=yes fi @@ -28301,9 +28395,11 @@ done + if test "x$missing_required" = "xyes"; then + LIB_KRB5_LIBS="" + fi fi - else LIB_KRB5_CFLAGS=$pkg_cv_LIB_KRB5_CFLAGS LIB_KRB5_LIBS=$pkg_cv_LIB_KRB5_LIBS @@ -28438,7 +28534,6 @@ fi - ac_com_error_message=no if test "x$ac_cv_header_com_err_h" = "xyes" ; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -29558,14 +29653,16 @@ unset squid_tmp_define - fi if test "x$KRB5LIBS" = "x"; then - as_fn_error $? "Required Kerberos library not found" "$LINENO" 5 - ac_with_krb5_count=0 + if test test "x$with_heimdal_krb5" = "xyes"; then + as_fn_error $? "Required Heimdal Kerberos library not found" "$LINENO" 5 + else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Heimdal Kerberos library not found" >&5 +$as_echo "$as_me: WARNING: Heimdal Kerberos library not found" >&2;} + fi fi - # rollback state, key is squid_krb5_save CFLAGS="${squid_krb5_save_CFLAGS}" CXXFLAGS="${squid_krb5_save_CXXFLAGS}" @@ -29594,7 +29691,32 @@ fi -if test "x$with_gnugss" = "xyes"; then + +# Check whether --with-gnugss was given. +if test "${with_gnugss+set}" = set; then : + withval=$with_gnugss; +case "$with_gnugss" in + yes|no) + : # Nothing special to do here + ;; + *) + if test ! -d "$withval" ; then + as_fn_error $? "--with-gnugss path does not point to a directory" "$LINENO" 5 + fi + if test ! -d "$with_gnugss/lib64" ; then + LIB_KRB5_PATH="-L$with_gnugss/lib64 -L$with_gnugss/lib" + else + LIB_KRB5_PATH="-L$with_gnugss/lib" + fi + CXXFLAGS="-I$with_gnugss/include $CXXFLAGS" + krb5confpath= + with_gnugss=yes +esac + +fi + + +if test "x$with_gnugss" != "xno" -a "x$KRB5LIBS" = "x"; then # save state, key is squid_krb5_save squid_krb5_save_CFLAGS="${CFLAGS}" @@ -29710,12 +29832,12 @@ LIB_KRB5_LIBS="-lgss $LIB_KRB5_LIBS" else - as_fn_error $? "library 'com_err' is required for GNU Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'com_err' is required for GNU Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'com_err' is required for GNU Kerberos" >&2;} fi - elif test $pkg_failed = untried; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -29759,12 +29881,12 @@ LIB_KRB5_LIBS="-lgss $LIB_KRB5_LIBS" else - as_fn_error $? "library 'com_err' is required for GNU Kerberos" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: library 'com_err' is required for GNU Kerberos" >&5 +$as_echo "$as_me: WARNING: library 'com_err' is required for GNU Kerberos" >&2;} fi - else LIB_KRB5_CFLAGS=$pkg_cv_LIB_KRB5_CFLAGS LIB_KRB5_LIBS=$pkg_cv_LIB_KRB5_LIBS @@ -30046,14 +30168,16 @@ unset squid_tmp_define - fi if test "x$KRB5LIBS" = "x"; then - as_fn_error $? "Required Kerberos library not found" "$LINENO" 5 - ac_with_krb5_count=0 + if test test "x$with_gnugss" = "xyes"; then + as_fn_error $? "Required GNU GSS Kerberos library not found" "$LINENO" 5 + else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: GNU GSS Kerberos library not found" >&5 +$as_echo "$as_me: WARNING: GNU GSS Kerberos library not found" >&2;} + fi fi - # rollback state, key is squid_krb5_save CFLAGS="${squid_krb5_save_CFLAGS}" CXXFLAGS="${squid_krb5_save_CXXFLAGS}" @@ -30081,7 +30205,8 @@ fi -if test $ac_with_krb5_count -gt 0 ; then + +if test "x$KRB5LIBS" != "x"; then with_krb5=yes fi { $as_echo "$as_me:${as_lineno-$LINENO}: $KRB5_FLAVOUR Kerberos library support: ${with_krb5:=no} ${LIB_KRB5_PATH} ${LIB_KRB5_LIBS}" >&5 @@ -41041,7 +41166,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 3.5.11, which was +This file was extended by Squid Web Proxy $as_me 3.5.12, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -41107,7 +41232,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Squid Web Proxy config.status 3.5.11 +Squid Web Proxy config.status 3.5.12 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -u -r -N squid-3.5.11/configure.ac squid-3.5.12/configure.ac --- squid-3.5.11/configure.ac 2015-11-01 02:46:19.000000000 -0800 +++ squid-3.5.12/configure.ac 2015-11-28 06:31:10.000000000 -0800 @@ -5,7 +5,7 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -AC_INIT([Squid Web Proxy],[3.5.11],[http://bugs.squid-cache.org/],[squid]) +AC_INIT([Squid Web Proxy],[3.5.12],[http://bugs.squid-cache.org/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) @@ -1398,87 +1398,14 @@ AH_TEMPLATE(USE_MIT_KRB5,[MIT Kerberos support is available]) AH_TEMPLATE(USE_SOLARIS_KRB5,[Solaris Kerberos support is available]) -dnl User may specify Heimdal Kerberos is needed from a non-standard location -AC_ARG_WITH(heimdal-krb5, - AS_HELP_STRING([--without-heimdal-krb5], - [Compile without Heimdal Kerberos support.]), [ -case "$with_heimdal_krb5" in - yes|no) - : # Nothing special to do here - ;; - *) - if test ! -d "$withval" ; then - AC_MSG_ERROR([--with-heimdal-krb5 path does not point to a directory]) - fi - if test -d "$with_heimdal_krb5/lib64" ; then - LIB_KRB5_PATH="-L$with_heimdal_krb5/lib64 -L$with_heimdal_krb5/lib" - else - LIB_KRB5_PATH="-L$with_heimdal_krb5/lib" - fi - CXXFLAGS="-I$with_heimdal_krb5/include $CXXFLAGS" - krb5confpath="$with_heimdal_krb5/bin" - with_heimdal_krb5=yes -esac -]) -AH_TEMPLATE(USE_HEIMDAL_KRB5,[Heimdal Kerberos support is available]) - - - -dnl User may specify GNU gss is needed from a non-standard location -AC_ARG_WITH(gnugss, - AS_HELP_STRING([--without-gnugss], - [Compile without the GNU gss libraries.]), [ -case "$with_gnugss" in - yes|no) - : # Nothing special to do here - ;; - *) - if test ! -d "$withval" ; then - AC_MSG_ERROR([--with-gnugss path does not point to a directory]) - fi - if test ! -d "$with_gnugss/lib64" ; then - LIB_KRB5_PATH="-L$with_gnugss/lib64 -L$with_gnugss/lib" - else - LIB_KRB5_PATH="-L$with_gnugss/lib" - fi - CXXFLAGS="-I$with_gnugss/include $CXXFLAGS" - krb5confpath= - with_gnugss=yes -esac -]) -AH_TEMPLATE(USE_GNUGSS,[GNU gss support is available]) - -# determine krb5 conflicts -ac_with_krb5_count=0 -if test "x$with_mit_krb5" = "xyes"; then - ac_with_krb5_count=`expr $ac_with_krb5_count + 1` -fi -if test "x$with_heimdal_krb5" = "xyes"; then - ac_with_krb5_count=`expr $ac_with_krb5_count + 1` -fi -if test "x$with_gnugss" = "xyes"; then - ac_with_krb5_count=`expr $ac_with_krb5_count + 1` -fi - -if test $ac_with_krb5_count -gt 1 ; then - AC_MSG_ERROR([Please choose only one Kerberos library.]) -elif test $ac_with_krb5_count -eq 0 ; then +## find out if pkg-config or krb5-config will work +if test "x$with_mit_krb5" != "xno"; then # find installed libs via pkg-config or krb5-config - PKG_CHECK_EXISTS(gssapi-krb5 krb5, [with_mit_krb5=yes]) - PKG_CHECK_EXISTS(heimdal-gssapi, [with_heimdal_krb5=yes]) - PKG_CHECK_EXISTS(gss, [with_gnugss=yes]) - if test "x$with_mit_krb5" = "xyes"; then - ac_with_krb5_count=`expr $ac_with_krb5_count + 1` - fi - if test "x$with_heimdal_krb5" = "xyes"; then - ac_with_krb5_count=`expr $ac_with_krb5_count + 1` - fi - if test "x$with_gnugss" = "xyes"; then - ac_with_krb5_count=`expr $ac_with_krb5_count + 1` - fi - if test $ac_with_krb5_count -gt 1 ; then - AC_MSG_ERROR([pkg-config found multiple Kerberos library. Please select one with --with-]) - elif test $ac_with_krb5_count -eq 0 -a "$cross_compiling" = "no"; then + squid_pc_krb5_name= + PKG_CHECK_EXISTS(mit-krb5-gssapi mit-krb5, [squid_pc_krb5_name="mit-krb5-gssapi mit-krb5"],[ + PKG_CHECK_EXISTS(gssapi-krb5 krb5, [squid_pc_krb5_name="gssapi-krb5 krb5"]) + ]) + if test "x$squid_pc_krb5_name" = "x" -a "$cross_compiling" = "no"; then # Look for krb5-config (unless cross-compiling) AC_PATH_PROG(krb5_config,krb5-config,no) if test "x$ac_cv_path_krb5_config" != "xno" ; then @@ -1486,34 +1413,33 @@ ac_heimdal="`$ac_cv_path_krb5_config --version 2>/dev/null | grep -c -i heimdal`" ac_solaris="`$ac_cv_path_krb5_config --version 2>/dev/null | grep -c -i solaris`" ac_apple="`$ac_cv_path_krb5_config --vendor 2>/dev/null | grep -c -i apple`" - if test $ac_heimdal -gt 0 ; then - with_heimdal_krb5=yes - ac_with_krb5_count=1 - fi if test $ac_solaris -gt 0 ; then with_solaris_krb5=yes - ac_with_krb5_count=1 - fi - if test $ac_apple -gt 0 ; then + elif test $ac_apple -gt 0 ; then with_apple_krb5=yes - ac_with_krb5_count=1 - fi - if test $ac_heimdal -eq 0 && test $ac_solaris -eq 0 && test $ac_apple -eq 0; then - with_mit_krb5=yes - ac_with_krb5_count=1 + elif test $ac_heimdal -gt 0; then + with_mit_krb5=no + if test "x$with_mit_krb5" = "xyes"; then + AC_MSG_ERROR([Could not find pkg-config or krb5-config for MIT Kerberos]) + fi fi else - AC_MSG_WARN([Could not find krb5-config in path]) + if test "x$with_mit_krb5" = "xyes"; then + AC_MSG_ERROR([Could not find krb5-config in path]) + else + with_mit_krb5=no + fi fi fi fi -if test "x$with_mit_krb5" = "xyes" || test "x$with_apple_krb5" = "xyes" ; then +# detect MIT Kerberos or Apple Kerberos dependencies +if test "x$with_mit_krb5" != "xno" || test "x$with_apple_krb5" = "xyes" ; then SQUID_STATE_SAVE([squid_krb5_save]) LIBS="$LIBS $LIB_KRB5_PATH" # auto-detect using pkg-config - PKG_CHECK_MODULES([LIB_KRB5],[gssapi-krb5 krb5],,[ + PKG_CHECK_MODULES([LIB_KRB5], $squid_pc_krb5_name,,[ # look for krb5-config (unless cross-compiling) if test "$cross_compiling" = "no"; then if test "x$krb5confpath" = "x" ; then @@ -1537,25 +1463,32 @@ ## Detect libraries the hard way. SQUID_STATE_SAVE([squid_mit_save]) + missing_required= AC_MSG_NOTICE([Try to find Kerberos libraries in given path]) AC_CHECK_LIB(com_err, [main], [LIB_KRB5_LIBS="-lcom_err $LIB_KRB5_LIBS"],[ - AC_MSG_ERROR([library 'com_err' is required for MIT Kerberos]) + AC_MSG_WARN([library 'com_err' is required for MIT Kerberos]) + missing_required=yes ]) LIBS=$LIB_KRB5_LIBS AC_CHECK_LIB(k5crypto, [main], [LIB_KRB5_LIBS="-lk5crypto $LIB_KRB5_LIBS"],[ - AC_MSG_ERROR([library 'k5crypto' is required for MIT Kerberos]) + AC_MSG_WARN([library 'k5crypto' is required for MIT Kerberos]) + missing_required=yes ]) LIBS=$LIB_KRB5_LIBS AC_CHECK_LIB(krb5, [main], [LIB_KRB5_LIBS="-lkrb5 $LIB_KRB5_LIBS"],[ - AC_MSG_ERROR([library 'krb5' is required for MIT Kerberos]) + AC_MSG_WARN([library 'krb5' is required for MIT Kerberos]) + missing_required=yes ]) LIBS=$LIB_KRB5_LIBS AC_CHECK_LIB(gssapi_krb5, [main], [LIB_KRB5_LIBS="-lgssapi_krb5 $LIB_KRB5_LIBS"],[ - AC_MSG_ERROR([library 'gssapi_krb5' is required for MIT Kerberos]) + AC_MSG_WARN([library 'gssapi_krb5' is required for MIT Kerberos]) + missing_required=yes ]) SQUID_STATE_ROLLBACK([squid_mit_save]) + if test "x$missing_required" = "xyes"; then + LIB_KRB5_LIBS="" + fi fi - ]) if test "x$LIB_KRB5_LIBS" != "x"; then @@ -1580,17 +1513,18 @@ AC_CHECK_HEADERS(profile.h) SQUID_CHECK_KRB5_FUNCS - fi - if test "x$KRB5LIBS" = "x"; then + if test "x$with_mit_krb5" = "xyes" -a "x$KRB5LIBS" = "x"; then AC_MSG_ERROR([Required Kerberos library not found]) - ac_with_krb5_count=0 + elif test "x$KRB5LIBS" = "x"; then + with_mit_krb5=no + with_apple_krb5=no fi - SQUID_STATE_ROLLBACK([squid_krb5_save]) fi -if test "x$with_solaris_krb5" = "xyes"; then +# detect Solaris Kerberos dependencies +if test "x$with_solaris_krb5" = "xyes" -a "x$KRB5LIBS" = "x"; then SQUID_STATE_SAVE([squid_krb5_save]) LIBS="$LIBS $LIB_KRB5_PATH" @@ -1624,15 +1558,21 @@ CXXFLAGS="-I/usr/include/kerberosv5 $CXXFLAGS" SQUID_STATE_SAVE([squid_solaris_save]) + missing_required= AC_MSG_NOTICE([Try to find Kerberos libraries in given path]) AC_CHECK_LIB(krb5, [main], [LIB_KRB5_LIBS="-lkrb5 $LIB_KRB5_LIBS"],[ - AC_MSG_ERROR([library 'krb5' is required for Solaris Kerberos]) + AC_MSG_WARN([library 'krb5' is required for Solaris Kerberos]) + missing_required=yes ]) LIBS=$LIB_KRB5_LIBS AC_CHECK_LIB(gss, [main], [LIB_KRB5_LIBS="-lgss $LIB_KRB5_LIBS"],[ - AC_MSG_ERROR([library 'gss' is required for Solaris Kerberos]) + AC_MSG_WARN([library 'gss' is required for Solaris Kerberos]) + missing_required=yes ]) SQUID_STATE_ROLLBACK([squid_solaris_save]) + if test "x$missing_required" = "xyes"; then + LIB_KRB5_LIBS="" + fi fi if test "x$LIB_KRB5_LIBS" != "x"; then @@ -1657,24 +1597,72 @@ AC_MSG_WARN([If you need Kerberos support you will have to patch]) AC_MSG_WARN([your system. See contrib/solaris/solaris-krb5-include.patch]) fi - SQUID_CHECK_KRB5_FUNCS - fi - if test "x$KRB5LIBS" = "x"; then + if test "x$with_mit_krb5" = "xyes" -a "x$KRB5LIBS" = "x"; then + # Error only if Solaris flavour was detected while looking for required MIT Kerberos AC_MSG_ERROR([Required Kerberos library not found]) - ac_with_krb5_count=0 + elif test "x$KRB5LIBS" = "x"; then + with_solaris_krb5=no + with_mit_krb5=no fi - SQUID_STATE_ROLLBACK([squid_krb5_save]) fi -if test "x$with_heimdal_krb5" = "xyes"; then +dnl User may specify Heimdal Kerberos is needed from a non-standard location +AC_ARG_WITH(heimdal-krb5, + AS_HELP_STRING([--without-heimdal-krb5], + [Compile without Heimdal Kerberos support.]), [ +case "$with_heimdal_krb5" in + yes|no) + : # Nothing special to do here + ;; + *) + if test ! -d "$withval" ; then + AC_MSG_ERROR([--with-heimdal-krb5 path does not point to a directory]) + fi + if test -d "$with_heimdal_krb5/lib64" ; then + LIB_KRB5_PATH="-L$with_heimdal_krb5/lib64 -L$with_heimdal_krb5/lib" + else + LIB_KRB5_PATH="-L$with_heimdal_krb5/lib" + fi + CXXFLAGS="-I$with_heimdal_krb5/include $CXXFLAGS" + krb5confpath="$with_heimdal_krb5/bin" + with_heimdal_krb5=yes +esac +]) +AH_TEMPLATE(USE_HEIMDAL_KRB5,[Heimdal Kerberos support is available]) +if test "x$with_heimdal_krb5" != "xno" -a "x$KRB5LIBS" = "x"; then + # find installed libs via pkg-config or krb5-config + PKG_CHECK_EXISTS(heimdal-krb5, [squid_pc_krb5_name="heimdal-krb5"]) + if test "x$squid_pc_krb5_name" = "x"; then + PKG_CHECK_EXISTS(heimdal-gssapi, [squid_pc_krb5_name="heimdal-gssapi"]) + fi + if test "x$squid_pc_krb5_name" != "x" -a "$cross_compiling" = "no"; then + # Look for krb5-config (unless cross-compiling) + AC_PATH_PROG(krb5_config,krb5-config,no) + if test "x$ac_cv_path_krb5_config" != "xno" ; then + krb5confpath="`dirname $ac_cv_path_krb5_config`" + ac_heimdal="`$ac_cv_path_krb5_config --version 2>/dev/null | grep -c -i heimdal`" + if test "x$with_heimdal_krb5" = "xyes"; then + AC_MSG_ERROR([Could not find pkg-config or krb5-config for Heimdal Kerberos]) + fi + else + if test "x$with_heimdal_krb5" = "xyes"; then + AC_MSG_ERROR([Could not find krb5-config in path]) + else + AC_MSG_WARN([Could not find krb5-config in path]) + with_heimdal_krb5=no + fi + fi + fi +fi +if test "x$with_heimdal_krb5" != "xno" -a "x$KRB5LIBS" = "x"; then SQUID_STATE_SAVE([squid_krb5_save]) LIBS="$LIBS $LIB_KRB5_PATH" # auto-detect using pkg-config - PKG_CHECK_MODULES([LIB_KRB5],[heimdal-gssapi],,[ + PKG_CHECK_MODULES([LIB_KRB5], $squid_pc_krb5_name,,[ # look for krb5-config (unless cross-compiling) if test "$cross_compiling" = "no"; then if test "x$krb5confpath" = "x" ; then @@ -1686,7 +1674,7 @@ ac_krb5_config="$krb5confpath/krb5-config" fi fi - if test "x$ac_krb5_config" != "x" && test -x "$ac_krb5_config"; then + if test "x$ac_krb5_config" != "x" -a -x "$ac_krb5_config"; then # Get libs, etc AC_MSG_NOTICE([Use krb5-config to get CXXFLAGS and LIBS]) LIB_KRB5_CFLAGS="`$ac_krb5_config --cflags krb5 2>/dev/null`" @@ -1697,18 +1685,21 @@ ## For some OS pkg-config is broken or unavailable. ## Detect libraries the hard way. SQUID_STATE_SAVE([squid_heimdal_save]) - + missing_required= AC_MSG_NOTICE([Try to find Kerberos libraries in given path]) AC_CHECK_LIB(resolv, [main], [LIB_KRB5_LIBS="-lresolv $LIB_KRB5_LIBS"],[ - AC_MSG_ERROR([library 'resolv' is required for Heimdal Kerberos]) + AC_MSG_WARN([library 'resolv' is required for Heimdal Kerberos]) + missing_required=yes ]) LIBS=$LIB_KRB5_LIBS AC_CHECK_LIB(crypt, [main], [LIB_KRB5_LIBS="-lcrypt $LIB_KRB5_LIBS"],[ - AC_MSG_ERROR([library 'crypt' is required for Heimdal Kerberos]) + AC_MSG_WARN([library 'crypt' is required for Heimdal Kerberos]) + missing_required=yes ]) LIBS=$LIB_KRB5_LIBS AC_CHECK_LIB(roken, [main], [LIB_KRB5_LIBS="-lroken $LIB_KRB5_LIBS"],[ - AC_MSG_ERROR([library 'roken' is required for Heimdal Kerberos]) + AC_MSG_WARN([library 'roken' is required for Heimdal Kerberos]) + missing_required=yes ]) LIBS=$LIB_KRB5_LIBS AC_CHECK_LIB(heimbase, [main], [LIB_KRB5_LIBS="-lheimbase $LIB_KRB5_LIBS"],[ @@ -1720,11 +1711,13 @@ ]) LIBS=$LIB_KRB5_LIBS AC_CHECK_LIB(crypto, [main], [LIB_KRB5_LIBS="-lcrypto $LIB_KRB5_LIBS"],[ - AC_MSG_ERROR([library 'crypto' is required for Heimdal Kerberos]) + AC_MSG_WARN([library 'crypto' is required for Heimdal Kerberos]) + missing_required=yes ]) LIBS=$LIB_KRB5_LIBS AC_CHECK_LIB(com_err, [main], [LIB_KRB5_LIBS="-lcom_err $LIB_KRB5_LIBS"],[ - AC_MSG_ERROR([library 'com_err' is required for Heimdal Kerberos]) + AC_MSG_WARN([library 'com_err' is required for Heimdal Kerberos]) + missing_required=yes ]) LIBS=$LIB_KRB5_LIBS AC_CHECK_LIB(hx509, [main], [LIB_KRB5_LIBS="-lhx509 $LIB_KRB5_LIBS"],[ @@ -1732,11 +1725,13 @@ ]) LIBS=$LIB_KRB5_LIBS AC_CHECK_LIB(asn1, [main], [LIB_KRB5_LIBS="-lasn1 $LIB_KRB5_LIBS"],[ - AC_MSG_ERROR([library 'asn1' is required for Heimdal Kerberos]) + AC_MSG_WARN([library 'asn1' is required for Heimdal Kerberos]) + missing_required=yes ]) LIBS=$LIB_KRB5_LIBS AC_CHECK_LIB(krb5, [main], [LIB_KRB5_LIBS="-lkrb5 $LIB_KRB5_LIBS"],[ - AC_MSG_ERROR([library 'krb5' is required for Heimdal Kerberos]) + AC_MSG_WARN([library 'krb5' is required for Heimdal Kerberos]) + missing_required=yes ]) LIBS=$LIB_KRB5_LIBS AC_CHECK_LIB(heimntlm, [main], [LIB_KRB5_LIBS="-lheimntlm $LIB_KRB5_LIBS"],[ @@ -1744,11 +1739,14 @@ ]) LIBS=$LIB_KRB5_LIBS AC_CHECK_LIB(gssapi, [main], [LIB_KRB5_LIBS="-lgssapi $LIB_KRB5_LIBS"],[ - AC_MSG_ERROR([library 'gssapi' is required for Heimdal Kerberos]) + AC_MSG_WARN([library 'gssapi' is required for Heimdal Kerberos]) + missing_required=yes ]) SQUID_STATE_ROLLBACK([squid_heimdal_save]) + if test "x$missing_required" = "xyes"; then + LIB_KRB5_LIBS="" + fi fi - ]) if test "x$LIB_KRB5_LIBS" != "x"; then KRB5LIBS="$LIB_KRB5_PATH $LIB_KRB5_LIBS $KRB5LIBS" @@ -1768,19 +1766,42 @@ if test "x$squid_cv_broken_heimdal_krb5_h" = "xyes"; then AC_DEFINE(HAVE_BROKEN_HEIMDAL_KRB5_H, 1, [Define to 1 if Heimdal krb5.h is broken for C++]) fi - SQUID_CHECK_KRB5_FUNCS - fi if test "x$KRB5LIBS" = "x"; then - AC_MSG_ERROR([Required Kerberos library not found]) - ac_with_krb5_count=0 + if test test "x$with_heimdal_krb5" = "xyes"; then + AC_MSG_ERROR([Required Heimdal Kerberos library not found]) + else + AC_MSG_WARN([Heimdal Kerberos library not found]) + fi fi - SQUID_STATE_ROLLBACK([squid_krb5_save]) fi -if test "x$with_gnugss" = "xyes"; then +dnl User may specify GNU gss is needed from a non-standard location +AC_ARG_WITH(gnugss, + AS_HELP_STRING([--without-gnugss], + [Compile without the GNU gss libraries.]), [ +case "$with_gnugss" in + yes|no) + : # Nothing special to do here + ;; + *) + if test ! -d "$withval" ; then + AC_MSG_ERROR([--with-gnugss path does not point to a directory]) + fi + if test ! -d "$with_gnugss/lib64" ; then + LIB_KRB5_PATH="-L$with_gnugss/lib64 -L$with_gnugss/lib" + else + LIB_KRB5_PATH="-L$with_gnugss/lib" + fi + CXXFLAGS="-I$with_gnugss/include $CXXFLAGS" + krb5confpath= + with_gnugss=yes +esac +]) +AH_TEMPLATE(USE_GNUGSS,[GNU gss support is available]) +if test "x$with_gnugss" != "xno" -a "x$KRB5LIBS" = "x"; then SQUID_STATE_SAVE([squid_krb5_save]) LIBS="$LIBS $LIB_KRB5_PATH" @@ -1791,9 +1812,8 @@ AC_MSG_NOTICE([Try to find Kerberos libraries in given path]) AC_CHECK_LIB(gss, [main], [LIB_KRB5_LIBS="-lgss $LIB_KRB5_LIBS"],[ - AC_MSG_ERROR([library 'com_err' is required for GNU Kerberos]) + AC_MSG_WARN([library 'com_err' is required for GNU Kerberos]) ]) - ]) if test "x$LIB_KRB5_LIBS" != "x"; then @@ -1817,16 +1837,18 @@ SQUID_CHECK_WORKING_KRB5 SQUID_DEFINE_BOOL(HAVE_KRB5,$squid_cv_working_krb5,[KRB5 support]) - fi if test "x$KRB5LIBS" = "x"; then - AC_MSG_ERROR([Required Kerberos library not found]) - ac_with_krb5_count=0 + if test test "x$with_gnugss" = "xyes"; then + AC_MSG_ERROR([Required GNU GSS Kerberos library not found]) + else + AC_MSG_WARN([GNU GSS Kerberos library not found]) + fi fi - SQUID_STATE_ROLLBACK([squid_krb5_save]) fi -if test $ac_with_krb5_count -gt 0 ; then + +if test "x$KRB5LIBS" != "x"; then with_krb5=yes fi AC_MSG_NOTICE([$KRB5_FLAVOUR Kerberos library support: ${with_krb5:=no} ${LIB_KRB5_PATH} ${LIB_KRB5_LIBS}]) diff -u -r -N squid-3.5.11/doc/release-notes/release-3.5.html squid-3.5.12/doc/release-notes/release-3.5.html --- squid-3.5.11/doc/release-notes/release-3.5.html 2015-11-01 03:26:35.000000000 -0800 +++ squid-3.5.12/doc/release-notes/release-3.5.html 2015-11-28 07:11:24.000000000 -0800 @@ -2,10 +2,10 @@ - Squid 3.5.11 release notes + Squid 3.5.12 release notes -

Squid 3.5.11 release notes

+

Squid 3.5.12 release notes

Squid Developers

@@ -63,7 +63,7 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-3.5.11.

+

The Squid Team are pleased to announce the release of Squid-3.5.12.

This new release is available for download from http://www.squid-cache.org/Versions/v3/3.5/ or the mirrors.

diff -u -r -N squid-3.5.11/helpers/basic_auth/DB/basic_db_auth.8 squid-3.5.12/helpers/basic_auth/DB/basic_db_auth.8 --- squid-3.5.11/helpers/basic_auth/DB/basic_db_auth.8 2015-11-01 03:26:37.000000000 -0800 +++ squid-3.5.12/helpers/basic_auth/DB/basic_db_auth.8 2015-11-28 07:11:26.000000000 -0800 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_DB_AUTH 8" -.TH BASIC_DB_AUTH 8 "2015-11-01" "perl v5.20.2" "User Contributed Perl Documentation" +.TH BASIC_DB_AUTH 8 "2015-11-28" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.11/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 squid-3.5.12/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 --- squid-3.5.11/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 2015-11-01 03:26:41.000000000 -0800 +++ squid-3.5.12/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 2015-11-28 07:11:30.000000000 -0800 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_MSNT_MULTI_DOMAIN_AUTH 1" -.TH BASIC_MSNT_MULTI_DOMAIN_AUTH 1 "2015-11-01" "perl v5.20.2" "User Contributed Perl Documentation" +.TH BASIC_MSNT_MULTI_DOMAIN_AUTH 1 "2015-11-28" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.11/helpers/basic_auth/POP3/basic_pop3_auth.8 squid-3.5.12/helpers/basic_auth/POP3/basic_pop3_auth.8 --- squid-3.5.11/helpers/basic_auth/POP3/basic_pop3_auth.8 2015-11-01 03:26:44.000000000 -0800 +++ squid-3.5.12/helpers/basic_auth/POP3/basic_pop3_auth.8 2015-11-28 07:11:34.000000000 -0800 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_POP3_AUTH 8" -.TH BASIC_POP3_AUTH 8 "2015-11-01" "perl v5.20.2" "User Contributed Perl Documentation" +.TH BASIC_POP3_AUTH 8 "2015-11-28" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.11/helpers/external_acl/delayer/ext_delayer_acl.8 squid-3.5.12/helpers/external_acl/delayer/ext_delayer_acl.8 --- squid-3.5.11/helpers/external_acl/delayer/ext_delayer_acl.8 2015-11-01 03:26:54.000000000 -0800 +++ squid-3.5.12/helpers/external_acl/delayer/ext_delayer_acl.8 2015-11-28 07:11:46.000000000 -0800 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_DELAYER_ACL 8" -.TH EXT_DELAYER_ACL 8 "2015-11-01" "perl v5.20.2" "User Contributed Perl Documentation" +.TH EXT_DELAYER_ACL 8 "2015-11-28" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.11/helpers/external_acl/SQL_session/ext_sql_session_acl.8 squid-3.5.12/helpers/external_acl/SQL_session/ext_sql_session_acl.8 --- squid-3.5.11/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2015-11-01 03:27:01.000000000 -0800 +++ squid-3.5.12/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2015-11-28 07:11:53.000000000 -0800 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_SQL_SESSION_ACL 8" -.TH EXT_SQL_SESSION_ACL 8 "2015-11-01" "perl v5.20.2" "User Contributed Perl Documentation" +.TH EXT_SQL_SESSION_ACL 8 "2015-11-28" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.11/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 squid-3.5.12/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 --- squid-3.5.11/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2015-11-01 03:27:04.000000000 -0800 +++ squid-3.5.12/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2015-11-28 07:11:56.000000000 -0800 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_WBINFO_GROUP_ACL 8" -.TH EXT_WBINFO_GROUP_ACL 8 "2015-11-01" "perl v5.20.2" "User Contributed Perl Documentation" +.TH EXT_WBINFO_GROUP_ACL 8 "2015-11-28" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.11/helpers/log_daemon/DB/log_db_daemon.8 squid-3.5.12/helpers/log_daemon/DB/log_db_daemon.8 --- squid-3.5.11/helpers/log_daemon/DB/log_db_daemon.8 2015-11-01 03:27:06.000000000 -0800 +++ squid-3.5.12/helpers/log_daemon/DB/log_db_daemon.8 2015-11-28 07:11:57.000000000 -0800 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "LOG_DB_DAEMON 8" -.TH LOG_DB_DAEMON 8 "2015-11-01" "perl v5.20.2" "User Contributed Perl Documentation" +.TH LOG_DB_DAEMON 8 "2015-11-28" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.11/helpers/storeid_rewrite/file/storeid_file_rewrite.8 squid-3.5.12/helpers/storeid_rewrite/file/storeid_file_rewrite.8 --- squid-3.5.11/helpers/storeid_rewrite/file/storeid_file_rewrite.8 2015-11-01 03:27:17.000000000 -0800 +++ squid-3.5.12/helpers/storeid_rewrite/file/storeid_file_rewrite.8 2015-11-28 07:12:08.000000000 -0800 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "STOREID_FILE_REWRITE 8" -.TH STOREID_FILE_REWRITE 8 "2015-11-01" "perl v5.20.2" "User Contributed Perl Documentation" +.TH STOREID_FILE_REWRITE 8 "2015-11-28" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.11/include/version.h squid-3.5.12/include/version.h --- squid-3.5.11/include/version.h 2015-11-01 02:46:19.000000000 -0800 +++ squid-3.5.12/include/version.h 2015-11-28 06:31:11.000000000 -0800 @@ -7,7 +7,7 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1446374648 +#define SQUID_RELEASE_TIME 1448720933 #endif /* diff -u -r -N squid-3.5.11/RELEASENOTES.html squid-3.5.12/RELEASENOTES.html --- squid-3.5.11/RELEASENOTES.html 2015-11-01 03:26:35.000000000 -0800 +++ squid-3.5.12/RELEASENOTES.html 2015-11-28 07:11:24.000000000 -0800 @@ -2,10 +2,10 @@ - Squid 3.5.11 release notes + Squid 3.5.12 release notes -

Squid 3.5.11 release notes

+

Squid 3.5.12 release notes

Squid Developers

@@ -63,7 +63,7 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-3.5.11.

+

The Squid Team are pleased to announce the release of Squid-3.5.12.

This new release is available for download from http://www.squid-cache.org/Versions/v3/3.5/ or the mirrors.

diff -u -r -N squid-3.5.11/src/adaptation/ecap/MessageRep.cc squid-3.5.12/src/adaptation/ecap/MessageRep.cc --- squid-3.5.11/src/adaptation/ecap/MessageRep.cc 2015-11-01 02:44:25.000000000 -0800 +++ squid-3.5.12/src/adaptation/ecap/MessageRep.cc 2015-11-28 06:29:10.000000000 -0800 @@ -297,7 +297,7 @@ void Adaptation::Ecap::StatusLineRep::statusCode(int code) { - theMessage.sline.set(theMessage.sline.version, static_cast(code), theMessage.sline.reason()); + theMessage.sline.set(theMessage.sline.version, static_cast(code), NULL); } int @@ -308,9 +308,11 @@ } void -Adaptation::Ecap::StatusLineRep::reasonPhrase(const Area &str) +Adaptation::Ecap::StatusLineRep::reasonPhrase(const Area &) { - theMessage.sline.set(theMessage.sline.version, theMessage.sline.status(), str.toString().c_str()); + // Squid does not support external custom reason phrases so we have + // to just reset it (in case there was a custom internal reason set) + theMessage.sline.resetReason(); } Adaptation::Ecap::StatusLineRep::Area diff -u -r -N squid-3.5.11/src/cache_cf.cc squid-3.5.12/src/cache_cf.cc --- squid-3.5.11/src/cache_cf.cc 2015-11-01 02:44:25.000000000 -0800 +++ squid-3.5.12/src/cache_cf.cc 2015-11-28 06:29:10.000000000 -0800 @@ -2801,9 +2801,7 @@ min = (time_t) (i * 60); /* convert minutes to seconds */ - i = GetPercentage(); /* token: pct */ - - pct = (double) i / 100.0; + pct = GetPercentage(false); /* token: pct . with no limit on size */ i = GetInteger(); /* token: max */ @@ -4022,7 +4020,7 @@ } if (stat(path, &sb) < 0) { - debugs(0, DBG_CRITICAL, (opt_parse_cfg_only?"FATAL ":"") << "ERROR: " << name << " " << path << ": " << xstrerror()); + debugs(0, DBG_CRITICAL, (opt_parse_cfg_only?"FATAL: ":"ERROR: ") << name << " " << path << ": " << xstrerror()); // keep going to find more issues if we are only checking the config file with "-k parse" if (opt_parse_cfg_only) return; diff -u -r -N squid-3.5.11/src/cf.data.pre squid-3.5.12/src/cf.data.pre --- squid-3.5.11/src/cf.data.pre 2015-11-01 02:44:25.000000000 -0800 +++ squid-3.5.12/src/cf.data.pre 2015-11-28 06:29:10.000000000 -0800 @@ -3288,11 +3288,12 @@ allow-miss Disable Squid's use of only-if-cached when forwarding requests to siblings. This is primarily useful when - icp_hit_stale is used by the sibling. To extensive use - of this option may result in forwarding loops, and you - should avoid having two-way peerings with this option. - For example to deny peer usage on requests from peer - by denying cache_peer_access if the source is a peer. + icp_hit_stale is used by the sibling. Excessive use + of this option may result in forwarding loops. One way + to prevent peering loops when using this option, is to + deny cache peer usage on requests from a peer: + acl fromPeer ... + cache_peer_access peerName deny fromPeer max-conn=N Limit the number of concurrent connections the Squid may open to this peer, including already opened idle @@ -3343,7 +3344,7 @@ Required if you have multiple peers on the same host but different ports. This name can be used in cache_peer_access and similar - directives to dentify the peer. + directives to identify the peer. Can be used by outgoing access controls through the peername ACL type. @@ -3391,17 +3392,42 @@ NAME: cache_peer_access TYPE: peer_access DEFAULT: none +DEFAULT_DOC: No peer usage restrictions. LOC: none DOC_START - Similar to 'cache_peer_domain' but provides more flexibility by - using ACL elements. + Restricts usage of cache_peer proxies. Usage: - cache_peer_access cache-host allow|deny [!]aclname ... + cache_peer_access peer-name allow|deny [!]aclname ... - The syntax is identical to 'http_access' and the other lists of - ACL elements. See the comments for 'http_access' below, or - the Squid FAQ (http://wiki.squid-cache.org/SquidFaq/SquidAcl). + For the required peer-name parameter, use either the value of the + cache_peer name=value parameter or, if name=value is missing, the + cache_peer hostname parameter. + + This directive narrows down the selection of peering candidates, but + does not determine the order in which the selected candidates are + contacted. That order is determined by the peer selection algorithms + (see PEER SELECTION sections in the cache_peer documentation). + + If a deny rule matches, the corresponding peer will not be contacted + for the current transaction -- Squid will not send ICP queries and + will not forward HTTP requests to that peer. An allow match leaves + the corresponding peer in the selection. The first match for a given + peer wins for that peer. + + The relative order of cache_peer_access directives for the same peer + matters. The relative order of any two cache_peer_access directives + for different peers does not matter. To ease interpretation, it is a + good idea to group cache_peer_access directives for the same peer + together. + + A single cache_peer_access directive may be evaluated multiple times + for a given transaction because individual peer selection algorithms + may check it independently from each other. These redundant checks + may be optimized away in future Squid versions. + + This clause only supports fast acl types. + See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details. DOC_END NAME: neighbor_type_domain @@ -6600,7 +6626,7 @@ delay_parameters 1 none 8000/8000 - Note that 8 x 8000 KByte/sec -> 64Kbit/sec. + Note that 8 x 8K Byte/sec -> 64K bit/sec. Note that the word 'none' is used to represent no limit. @@ -6615,9 +6641,9 @@ delay_parameters 2 32000/32000 8000/8000 600/8000 - Note that 8 x 32000 KByte/sec -> 256Kbit/sec. - 8 x 8000 KByte/sec -> 64Kbit/sec. - 8 x 600 Byte/sec -> 4800bit/sec. + Note that 8 x 32K Byte/sec -> 256K bit/sec. + 8 x 8K Byte/sec -> 64K bit/sec. + 8 x 600 Byte/sec -> 4800 bit/sec. Finally, for a class 4 delay pool as in the example - each user will diff -u -r -N squid-3.5.11/src/client_side.cc squid-3.5.12/src/client_side.cc --- squid-3.5.11/src/client_side.cc 2015-11-01 02:44:25.000000000 -0800 +++ squid-3.5.12/src/client_side.cc 2015-11-28 06:29:10.000000000 -0800 @@ -4993,6 +4993,46 @@ } } +#if USE_OPENSSL +bool +ConnStateData::handleIdleClientPinnedTlsRead() +{ + // A ready-for-reading connection means that the TLS server either closed + // the connection, sent us some unexpected HTTP data, or started TLS + // renegotiations. We should close the connection except for the last case. + + Must(pinning.serverConnection != NULL); + SSL *ssl = fd_table[pinning.serverConnection->fd].ssl; + if (!ssl) + return false; + + char buf[1]; + const int readResult = SSL_read(ssl, buf, sizeof(buf)); + + if (readResult > 0 || SSL_pending(ssl) > 0) { + debugs(83, 2, pinning.serverConnection << " TLS application data read"); + return false; + } + + switch(const int error = SSL_get_error(ssl, readResult)) { + case SSL_ERROR_WANT_WRITE: + debugs(83, DBG_IMPORTANT, pinning.serverConnection << " TLS SSL_ERROR_WANT_WRITE request for idle pinned connection"); + // fall through to restart monitoring, for now + case SSL_ERROR_NONE: + case SSL_ERROR_WANT_READ: + startPinnedConnectionMonitoring(); + return true; + + default: + debugs(83, 2, pinning.serverConnection << " TLS error: " << error); + return false; + } + + // not reached + return true; +} +#endif + /// Our read handler called by Comm when the server either closes an idle pinned connection or /// perhaps unexpectedly sends something on that idle (from Squid p.o.v.) connection. void @@ -5003,13 +5043,19 @@ if (io.flag == Comm::ERR_CLOSING) return; // close handler will clean up + Must(pinning.serverConnection == io.conn); + +#if USE_OPENSSL + if (handleIdleClientPinnedTlsRead()) + return; +#endif + // We could use getConcurrentRequestCount(), but this may be faster. const bool clientIsIdle = !getCurrentContext(); debugs(33, 3, "idle pinned " << pinning.serverConnection << " read " << io.size << (clientIsIdle ? " with idle client" : "")); - assert(pinning.serverConnection == io.conn); pinning.serverConnection->close(); // If we are still sending data to the client, do not close now. When we are done sending, diff -u -r -N squid-3.5.11/src/client_side.h squid-3.5.12/src/client_side.h --- squid-3.5.11/src/client_side.h 2015-11-01 02:44:25.000000000 -0800 +++ squid-3.5.12/src/client_side.h 2015-11-28 06:29:10.000000000 -0800 @@ -416,6 +416,12 @@ void startPinnedConnectionMonitoring(); void clientPinnedConnectionRead(const CommIoCbParams &io); +#if USE_OPENSSL + /// Handles a ready-for-reading TLS squid-to-server connection that + /// we thought was idle. + /// \return false if and only if the connection should be closed. + bool handleIdleClientPinnedTlsRead(); +#endif /// parse input buffer prefix into a single transfer protocol request /// return NULL to request more header bytes (after checking any limits) diff -u -r -N squid-3.5.11/src/client_side_request.cc squid-3.5.12/src/client_side_request.cc --- squid-3.5.11/src/client_side_request.cc 2015-11-01 02:44:25.000000000 -0800 +++ squid-3.5.12/src/client_side_request.cc 2015-11-28 06:29:10.000000000 -0800 @@ -1706,7 +1706,6 @@ if (!calloutContext->redirect_done) { calloutContext->redirect_done = true; - assert(calloutContext->redirect_state == REDIRECT_NONE); if (Config.Program.redirect) { debugs(83, 3, HERE << "Doing calloutContext->clientRedirectStart()"); @@ -1725,7 +1724,6 @@ if (!calloutContext->store_id_done) { calloutContext->store_id_done = true; - assert(calloutContext->store_id_state == REDIRECT_NONE); if (Config.Program.store_id) { debugs(83, 3,"Doing calloutContext->clientStoreIdStart()"); diff -u -r -N squid-3.5.11/src/FwdState.cc squid-3.5.12/src/FwdState.cc --- squid-3.5.11/src/FwdState.cc 2015-11-01 02:44:25.000000000 -0800 +++ squid-3.5.12/src/FwdState.cc 2015-11-28 06:29:10.000000000 -0800 @@ -685,7 +685,7 @@ if (!request->flags.pinned) { const CachePeer *p = serverConnection()->getPeer(); const bool peerWantsTls = p && p->use_ssl; - // userWillSslToPeerForUs assumes CONNECT == HTTPS + // userWillTlsToPeerForUs assumes CONNECT == HTTPS const bool userWillTlsToPeerForUs = p && p->options.originserver && request->method == Http::METHOD_CONNECT; const bool needTlsToPeer = peerWantsTls && !userWillTlsToPeerForUs; diff -u -r -N squid-3.5.11/src/http/StatusLine.h squid-3.5.12/src/http/StatusLine.h --- squid-3.5.11/src/http/StatusLine.h 2015-11-01 02:44:25.000000000 -0800 +++ squid-3.5.12/src/http/StatusLine.h 2015-11-28 06:29:10.000000000 -0800 @@ -34,9 +34,12 @@ void clean(); /// set this status-line to the given values - /// when reason is NULL the default message text for this StatusCode will be used + /// when reason is not NULL, it must not point to a dynamically allocated value void set(const Http::ProtocolVersion &newVersion, Http::StatusCode newStatus, const char *newReason = NULL); + /// reset the reason phrase to its default status code-derived value + void resetReason() { reason_ = NULL; } + /// retrieve the status code for this status line Http::StatusCode status() const { return status_; } diff -u -r -N squid-3.5.11/src/Parsing.cc squid-3.5.12/src/Parsing.cc --- squid-3.5.11/src/Parsing.cc 2015-11-01 02:44:25.000000000 -0800 +++ squid-3.5.12/src/Parsing.cc 2015-11-28 06:29:10.000000000 -0800 @@ -163,14 +163,15 @@ * the percentage symbol (%) and we check whether the value is in the range * of [0, 100] * So, we accept two types of input: 1. XX% or 2. XX , 0<=XX<=100 + * unless the limit parameter is set to false. */ -int -GetPercentage(void) +double +GetPercentage(bool limit) { char *token = ConfigParser::NextToken(); if (!token) { - debugs(0, DBG_PARSE_NOTE(DBG_IMPORTANT), "ERROR: A percentage value is missing."); + debugs(3, DBG_CRITICAL, "FATAL: A percentage value is missing."); self_destruct(); } @@ -182,12 +183,12 @@ int p = xatoi(token); - if (p < 0 || p > 100) { - debugs(0, DBG_PARSE_NOTE(DBG_IMPORTANT), "ERROR: The value '" << token << "' is out of range. A percentage should be within [0, 100]."); + if (p < 0 || (limit && p > 100)) { + debugs(3, DBG_CRITICAL, "FATAL: The value '" << token << "' is out of range. A percentage should be within [0, 100]."); self_destruct(); } - return p; + return static_cast(p) / 100.0; } unsigned short diff -u -r -N squid-3.5.11/src/Parsing.h squid-3.5.12/src/Parsing.h --- squid-3.5.11/src/Parsing.h 2015-11-01 02:44:25.000000000 -0800 +++ squid-3.5.12/src/Parsing.h 2015-11-28 06:29:10.000000000 -0800 @@ -36,10 +36,14 @@ * Parse a percentage value, e.g., 20%. * The behavior of this function is similar as GetInteger(). * The difference is that the token might contain '%' as percentage symbol (%), - * and we further check whether the value is in the range of [0, 100] + * and we may further check whether the value is in the range of [0, 100]. * For example, 20% and 20 are both valid tokens, while 101%, 101, -1 are invalid. + * + * \param limit whether to check the value is within 0-100% limit + * + * \return the percentage as a decimal number. ie 100% = 1.00, 50% = 0.5 */ -int GetPercentage(void); +double GetPercentage(bool limit = true); unsigned short GetShort(void); diff -u -r -N squid-3.5.11/src/store.cc squid-3.5.12/src/store.cc --- squid-3.5.11/src/store.cc 2015-11-01 02:44:25.000000000 -0800 +++ squid-3.5.12/src/store.cc 2015-11-28 06:29:10.000000000 -0800 @@ -144,6 +144,24 @@ fatal("Store::unlink on invalid Store\n"); } +void * +StoreEntry::operator new (size_t bytecount) +{ + assert (bytecount == sizeof (StoreEntry)); + + if (!pool) { + pool = memPoolCreate ("StoreEntry", bytecount); + } + + return pool->alloc(); +} + +void +StoreEntry::operator delete (void *address) +{ + pool->freeOne(address); +} + void StoreEntry::makePublic() { diff -u -r -N squid-3.5.11/src/Store.h squid-3.5.12/src/Store.h --- squid-3.5.11/src/Store.h 2015-11-01 02:44:25.000000000 -0800 +++ squid-3.5.12/src/Store.h 2015-11-28 06:29:10.000000000 -0800 @@ -50,8 +50,6 @@ */ class StoreEntry : public hash_link { -public: - MEMPROXY_CLASS(StoreEntry); public: static DeferredRead::DeferrableRead DeferReader; @@ -186,6 +184,8 @@ return false; }; + void *operator new(size_t byteCount); + void operator delete(void *address); void setReleaseFlag(); #if USE_SQUID_ESI @@ -242,8 +242,6 @@ bool hasOneOfEtags(const String &reqETags, const bool allowWeakMatch) const; }; -MEMPROXY_CLASS_INLINE(StoreEntry); - std::ostream &operator <<(std::ostream &os, const StoreEntry &e); /// \ingroup StoreAPI diff -u -r -N squid-3.5.11/src/tests/stub_store.cc squid-3.5.12/src/tests/stub_store.cc --- squid-3.5.11/src/tests/stub_store.cc 2015-11-01 02:44:25.000000000 -0800 +++ squid-3.5.12/src/tests/stub_store.cc 2015-11-28 06:29:10.000000000 -0800 @@ -81,6 +81,12 @@ void StoreEntry::getPublicByRequestMethod(StoreClient * aClient, HttpRequest * request, const HttpRequestMethod& method) STUB void StoreEntry::getPublicByRequest(StoreClient * aClient, HttpRequest * request) STUB void StoreEntry::getPublic(StoreClient * aClient, const char *uri, const HttpRequestMethod& method) STUB +void *StoreEntry::operator new(size_t byteCount) +{ + STUB + return new StoreEntry(); +} +void StoreEntry::operator delete(void *address) STUB void StoreEntry::setReleaseFlag() STUB //#if USE_SQUID_ESI //ESIElement::Pointer StoreEntry::cachedESITree STUB_RETVAL(NULL) diff -u -r -N squid-3.5.11/src/tunnel.cc squid-3.5.12/src/tunnel.cc --- squid-3.5.11/src/tunnel.cc 2015-11-01 02:44:25.000000000 -0800 +++ squid-3.5.12/src/tunnel.cc 2015-11-28 06:29:10.000000000 -0800 @@ -974,9 +974,11 @@ debugs(26, 4, HERE << "determine post-connect handling pathway."); if (conn->getPeer()) { tunnelState->request->peer_login = conn->getPeer()->login; + tunnelState->request->peer_domain = conn->getPeer()->domain; tunnelState->request->flags.proxying = !(conn->getPeer()->options.originserver); } else { tunnelState->request->peer_login = NULL; + tunnelState->request->peer_domain = NULL; tunnelState->request->flags.proxying = false; } @@ -1251,9 +1253,11 @@ debugs(26, 4, "determine post-connect handling pathway."); if (srvConn->getPeer()) { tunnelState->request->peer_login = srvConn->getPeer()->login; + tunnelState->request->peer_domain = srvConn->getPeer()->domain; tunnelState->request->flags.proxying = !(srvConn->getPeer()->options.originserver); } else { tunnelState->request->peer_login = NULL; + tunnelState->request->peer_domain = NULL; tunnelState->request->flags.proxying = false; } diff -u -r -N squid-3.5.11/test-suite/squidconf/regressions-3.3 squid-3.5.12/test-suite/squidconf/regressions-3.3 --- squid-3.5.11/test-suite/squidconf/regressions-3.3 1969-12-31 16:00:00.000000000 -0800 +++ squid-3.5.12/test-suite/squidconf/regressions-3.3 2015-11-28 06:29:10.000000000 -0800 @@ -0,0 +1,15 @@ +## Copyright (C) 1996-2015 The Squid Software Foundation and contributors +## +## Squid software is distributed under GPLv2+ license and includes +## contributions from numerous individuals and organizations. +## Please see the COPYING and CONTRIBUTORS files for details. +## + +# +# This file contains the list of reported regression cases in 3.3.x config parser +# it covers: +# refresh_pattern + +# pct field parser +refresh_pattern . 1 1000% 60 +refresh_pattern . 1 0% 60