diff -Nru squid-2.7.STABLE9.orig/configure.in squid-2.7.STABLE9/configure.in --- squid-2.7.STABLE9.orig/configure.in 2010-03-17 01:10:12.000000000 +0100 +++ squid-2.7.STABLE9/configure.in 2010-08-07 06:48:37.000000000 +0200 @@ -18,9 +18,9 @@ PRESET_LDFLAGS="$LDFLAGS" dnl Set default LDFLAGS -if test -z "$LDFLAGS"; then - LDFLAGS="-g" -fi +dnl if test -z "$LDFLAGS"; then +dnl LDFLAGS="-g" +dnl fi dnl Check for GNU cc AC_PROG_CC diff -Nru squid-2.7.STABLE9.orig/helpers/basic_auth/MSNT/confload.c squid-2.7.STABLE9/helpers/basic_auth/MSNT/confload.c --- squid-2.7.STABLE9.orig/helpers/basic_auth/MSNT/confload.c 2002-06-26 21:09:48.000000000 +0200 +++ squid-2.7.STABLE9/helpers/basic_auth/MSNT/confload.c 2010-08-07 06:48:37.000000000 +0200 @@ -24,7 +24,7 @@ /* Path to configuration file */ #ifndef SYSCONFDIR -#define SYSCONFDIR "/usr/local/squid/etc" +#define SYSCONFDIR "/etc/squid" #endif #define CONFIGFILE SYSCONFDIR "/msntauth.conf" diff -Nru squid-2.7.STABLE9.orig/helpers/basic_auth/MSNT/msntauth.conf.default squid-2.7.STABLE9/helpers/basic_auth/MSNT/msntauth.conf.default --- squid-2.7.STABLE9.orig/helpers/basic_auth/MSNT/msntauth.conf.default 2002-06-26 20:44:28.000000000 +0200 +++ squid-2.7.STABLE9/helpers/basic_auth/MSNT/msntauth.conf.default 2010-08-07 06:48:37.000000000 +0200 @@ -8,6 +8,6 @@ server other_PDC other_BDC otherdomain # Denied and allowed users. Comment these if not needed. -#denyusers /usr/local/squid/etc/msntauth.denyusers -#allowusers /usr/local/squid/etc/msntauth.allowusers +#denyusers /etc/squid/msntauth.denyusers +#allowusers /etc/squid/msntauth.allowusers diff -Nru squid-2.7.STABLE9.orig/helpers/basic_auth/SMB/Makefile.am squid-2.7.STABLE9/helpers/basic_auth/SMB/Makefile.am --- squid-2.7.STABLE9.orig/helpers/basic_auth/SMB/Makefile.am 2005-05-17 18:56:26.000000000 +0200 +++ squid-2.7.STABLE9/helpers/basic_auth/SMB/Makefile.am 2010-08-07 06:48:37.000000000 +0200 @@ -14,7 +14,7 @@ ## FIXME: autoconf should test for the samba path. SMB_AUTH_HELPER = smb_auth.sh -SAMBAPREFIX=/usr/local/samba +SAMBAPREFIX=/usr SMB_AUTH_HELPER_PATH = $(libexecdir)/$(SMB_AUTH_HELPER) libexec_SCRIPTS = $(SMB_AUTH_HELPER) diff -Nru squid-2.7.STABLE9.orig/helpers/basic_auth/SMB/smb_auth.sh squid-2.7.STABLE9/helpers/basic_auth/SMB/smb_auth.sh --- squid-2.7.STABLE9.orig/helpers/basic_auth/SMB/smb_auth.sh 2001-01-08 00:36:46.000000000 +0100 +++ squid-2.7.STABLE9/helpers/basic_auth/SMB/smb_auth.sh 2010-08-07 06:48:37.000000000 +0200 @@ -24,7 +24,7 @@ read AUTHSHARE read AUTHFILE read SMBUSER -read SMBPASS +read -r SMBPASS # Find domain controller echo "Domain name: $DOMAINNAME" @@ -47,7 +47,7 @@ addropt="" fi echo "Query address options: $addropt" -dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'` +dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'` echo "Domain controller IP address: $dcip" [ -n "$dcip" ] || exit 1 diff -Nru squid-2.7.STABLE9.orig/helpers/external_acl/session/squid_session.8 squid-2.7.STABLE9/helpers/external_acl/session/squid_session.8 --- squid-2.7.STABLE9.orig/helpers/external_acl/session/squid_session.8 2007-01-06 18:28:35.000000000 +0100 +++ squid-2.7.STABLE9/helpers/external_acl/session/squid_session.8 2010-08-07 06:48:37.000000000 +0200 @@ -35,7 +35,7 @@ .P Configuration example using the default automatic mode .IP -external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/local/squid/libexec/squid_session +external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/libexec/squid/squid_session .IP acl session external session .IP diff -Nru squid-2.7.STABLE9.orig/helpers/external_acl/unix_group/squid_unix_group.8 squid-2.7.STABLE9/helpers/external_acl/unix_group/squid_unix_group.8 --- squid-2.7.STABLE9.orig/helpers/external_acl/unix_group/squid_unix_group.8 2006-05-14 17:07:24.000000000 +0200 +++ squid-2.7.STABLE9/helpers/external_acl/unix_group/squid_unix_group.8 2010-08-07 06:48:37.000000000 +0200 @@ -27,7 +27,7 @@ This squid.conf example defines two Squid acls. usergroup1 matches users in group1, and usergroup2 matches users in group2 or group3 .IP -external_acl_type unix_group %LOGIN /usr/local/squid/libexec/squid_unix_group -p +external_acl_type unix_group %LOGIN /usr/libexec/squid/squid_unix_group -p .IP acl usergroup1 external unix_group group1 .IP diff -Nru squid-2.7.STABLE9.orig/helpers/negotiate_auth/squid_kerb_auth/do.sh squid-2.7.STABLE9/helpers/negotiate_auth/squid_kerb_auth/do.sh --- squid-2.7.STABLE9.orig/helpers/negotiate_auth/squid_kerb_auth/do.sh 2007-06-25 00:23:18.000000000 +0200 +++ squid-2.7.STABLE9/helpers/negotiate_auth/squid_kerb_auth/do.sh 2010-08-07 06:48:37.000000000 +0200 @@ -7,7 +7,7 @@ # CC=gcc #CFLAGS="-Wall -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wshadow -O2" -CFLAGS="-Wall -Werror -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wshadow -O2" +CFLAGS="-Wall -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wshadow -O2" if [ "$1" = "HEIMDAL" ]; then DEFINE="-DHEIMDAL -D__LITTLE_ENDIAN__" INCLUDE="-I/usr/include/heimdal -Ispnegohelp" diff -Nru squid-2.7.STABLE9.orig/src/access_log.c squid-2.7.STABLE9/src/access_log.c --- squid-2.7.STABLE9.orig/src/access_log.c 2008-03-18 03:48:43.000000000 +0100 +++ squid-2.7.STABLE9/src/access_log.c 2010-08-07 06:48:37.000000000 +0200 @@ -1261,7 +1261,7 @@ LogfileStatus = LOG_ENABLE; } #if HEADERS_LOG - headerslog = logfileOpen("/usr/local/squid/logs/headers.log", MAX_URL << 1, 0); + headerslog = logfileOpen("/var/log/squid/headers.log", MAX_URL << 1, 0); assert(NULL != headerslog); #endif #if FORW_VIA_DB diff -Nru squid-2.7.STABLE9.orig/src/cf.data.pre squid-2.7.STABLE9/src/cf.data.pre --- squid-2.7.STABLE9.orig/src/cf.data.pre 2009-11-09 23:38:57.000000000 +0100 +++ squid-2.7.STABLE9/src/cf.data.pre 2010-08-07 06:48:37.000000000 +0200 @@ -678,6 +678,8 @@ acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http +acl Safe_ports port 901 # SWAT +acl purge method PURGE acl CONNECT method CONNECT NOCOMMENT_END DOC_END @@ -711,6 +713,9 @@ # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager +# Only allow purge requests from localhost +http_access allow purge localhost +http_access deny purge # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports @@ -728,6 +733,9 @@ # from where browsing should be allowed http_access allow localnet +# Allow the localhost to have access by default +http_access allow localhost + # And finally deny all other access to this proxy http_access deny all NOCOMMENT_END @@ -3754,11 +3762,11 @@ NAME: cache_mgr TYPE: string -DEFAULT: webmaster +DEFAULT: root LOC: Config.adminEmail DOC_START Email-address of local cache manager who will receive - mail if the cache dies. The default is "webmaster". + mail if the cache dies. The default is "root". DOC_END NAME: mail_from @@ -3787,12 +3795,12 @@ NAME: cache_effective_user TYPE: string -DEFAULT: nobody +DEFAULT: squid LOC: Config.effectiveUser DOC_START If you start Squid as root, it will change its effective/real UID/GID to the user specified below. The default is to change - to UID to nobody. If you define cache_effective_user, but not + to UID to squid. If you define cache_effective_user, but not cache_effective_group, Squid sets the GID to the effective user's default group ID (taken from the password file) and supplementary group list from the from groups membership of @@ -4429,12 +4437,12 @@ NAME: snmp_port TYPE: ushort LOC: Config.Port.snmp -DEFAULT: 3401 +DEFAULT: 0 IFDEF: SQUID_SNMP DOC_START Squid can now serve statistics and status information via SNMP. - By default it listens to port 3401 on the machine. If you don't - wish to use SNMP, set this to "0". + By default snmp_port is disabled. If you wish to use SNMP, + set this to "3401" (or any other number you like). DOC_END NAME: snmp_access @@ -4505,12 +4513,12 @@ NAME: htcp_port IFDEF: USE_HTCP TYPE: ushort -DEFAULT: 4827 +DEFAULT: 0 LOC: Config.Port.htcp DOC_START The port number where Squid sends and receives HTCP queries to - and from neighbor caches. Default is 4827. To disable use - "0". + and from neighbor caches. To turn it on you want to set it to + 4827. By default it is set to "0" (disabled). DOC_END NAME: log_icp_queries @@ -5407,6 +5415,9 @@ If you disable this, it will appear as X-Forwarded-For: unknown +NOCOMMENT_START +forwarded_for off +NOCOMMENT_END DOC_END NAME: cachemgr_passwd diff -Nru squid-2.7.STABLE9.orig/src/client_side.c squid-2.7.STABLE9/src/client_side.c --- squid-2.7.STABLE9.orig/src/client_side.c 2010-02-14 01:46:25.000000000 +0100 +++ squid-2.7.STABLE9/src/client_side.c 2010-08-07 06:48:37.000000000 +0200 @@ -4698,14 +4698,7 @@ debug(83, 2) ("clientNegotiateSSL: Session %p reused on FD %d (%s:%d)\n", SSL_get_session(ssl), fd, fd_table[fd].ipaddr, (int) fd_table[fd].remote_port); } else { if (do_debug(83, 4)) { - /* Write out the SSL session details.. actually the call below, but - * OpenSSL headers do strange typecasts confusing GCC.. */ - /* PEM_write_SSL_SESSION(debug_log, SSL_get_session(ssl)); */ -#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x00908000L - PEM_ASN1_write((i2d_of_void *) i2d_SSL_SESSION, PEM_STRING_SSL_SESSION, debug_log, (char *) SSL_get_session(ssl), NULL, NULL, 0, NULL, NULL); -#else PEM_ASN1_write(i2d_SSL_SESSION, PEM_STRING_SSL_SESSION, debug_log, (char *) SSL_get_session(ssl), NULL, NULL, 0, NULL, NULL); -#endif /* Note: This does not automatically fflush the log file.. */ } debug(83, 2) ("clientNegotiateSSL: New session %p on FD %d (%s:%d)\n", SSL_get_session(ssl), fd, fd_table[fd].ipaddr, (int) fd_table[fd].remote_port); diff -Nru squid-2.7.STABLE9.orig/src/defines.h squid-2.7.STABLE9/src/defines.h --- squid-2.7.STABLE9.orig/src/defines.h 2009-06-26 00:49:28.000000000 +0200 +++ squid-2.7.STABLE9/src/defines.h 2010-08-07 06:48:37.000000000 +0200 @@ -259,7 +259,7 @@ /* were to look for errors if config path fails */ #ifndef DEFAULT_SQUID_ERROR_DIR -#define DEFAULT_SQUID_ERROR_DIR "/usr/local/squid/etc/errors" +#define DEFAULT_SQUID_ERROR_DIR "/usr/share/squid/errors/English" #endif /* gb_type operations */ diff -Nru squid-2.7.STABLE9.orig/src/main.c squid-2.7.STABLE9/src/main.c --- squid-2.7.STABLE9.orig/src/main.c 2010-03-07 16:58:56.000000000 +0100 +++ squid-2.7.STABLE9/src/main.c 2010-08-07 06:48:37.000000000 +0200 @@ -376,6 +376,22 @@ asnFreeMemory(); } +#if USE_UNLINKD +static int +needUnlinkd(void) +{ + int i; + int r = 0; + for (i = 0; i < Config.cacheSwap.n_configured; i++) { + if (strcmp(Config.cacheSwap.swapDirs[i].type, "ufs") == 0 || + strcmp(Config.cacheSwap.swapDirs[i].type, "aufs") == 0 || + strcmp(Config.cacheSwap.swapDirs[i].type, "diskd") == 0) + r++; + } + return r; +} +#endif + static void mainReconfigure(void) { @@ -614,7 +630,7 @@ if (!configured_once) { #if USE_UNLINKD - unlinkdInit(); + if (needUnlinkd()) unlinkdInit(); #endif urlInitialize(); cachemgrInit(); @@ -637,6 +653,9 @@ #if USE_WCCPv2 wccp2Init(); #endif +#if USE_UNLINKD + if (needUnlinkd()) unlinkdInit(); +#endif serverConnectionsOpen(); neighbors_init(); if (Config.chroot_dir) diff -Nru squid-2.7.STABLE9.orig/src/Makefile.am squid-2.7.STABLE9/src/Makefile.am --- squid-2.7.STABLE9.orig/src/Makefile.am 2010-03-14 21:25:55.000000000 +0100 +++ squid-2.7.STABLE9/src/Makefile.am 2010-08-07 06:48:37.000000000 +0200 @@ -339,13 +339,13 @@ DEFAULT_CONFIG_FILE = $(sysconfdir)/squid.conf DEFAULT_MIME_TABLE = $(sysconfdir)/mime.conf DEFAULT_DNSSERVER = $(libexecdir)/`echo dnsserver | sed '$(transform);s/$$/$(EXEEXT)/'` -DEFAULT_LOG_PREFIX = $(localstatedir)/logs +DEFAULT_LOG_PREFIX = $(localstatedir)/log/squid DEFAULT_CACHE_LOG = $(DEFAULT_LOG_PREFIX)/cache.log DEFAULT_ACCESS_LOG = $(DEFAULT_LOG_PREFIX)/access.log DEFAULT_STORE_LOG = $(DEFAULT_LOG_PREFIX)/store.log -DEFAULT_PID_FILE = $(DEFAULT_LOG_PREFIX)/squid.pid +DEFAULT_PID_FILE = $(localstatedir)/run/squid.pid DEFAULT_NETDB_FILE = $(DEFAULT_LOG_PREFIX)/netdb.state -DEFAULT_SWAP_DIR = $(localstatedir)/cache +DEFAULT_SWAP_DIR = $(localstatedir)/cache/squid DEFAULT_PINGER = $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'` DEFAULT_UNLINKD = $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'` DEFAULT_DISKD = $(libexecdir)/`echo diskd-daemon | sed '$(transform);s/$$/$(EXEEXT)/'`