new version 7.3

- use upstream patch

sources

@@ -1,3 +1,3 @@
-SHA512 (squid-6.13.tar.xz) = a67276a7eb38d00271962b67bff7f08e760db73bc6b0f94ab71297d520405033df65ebb0b38ee5db02bd6c00d81cd600b60d918fe7fff64e06255deaf78f00c1
-SHA512 (squid-6.13.tar.xz.asc) = 66d8d657793ca3bd20e4a728dc0d3568fac078334d57f3105bb67f1c6fbc5e89e21b757f38048f2361b670938ff350d1afd956ba3dfa5d55dfb54d13e4620fc9
+SHA512 (squid-7.3.tar.xz) = ad6bbe518d79d079f7fe5d1ee9ae7a3f49b28ba75afdb1f0db16675e1e4127be2bc30dd246b00576f29e987c08c41dbff50c8227166ae3955c460ff837a89e2b
+SHA512 (squid-7.3.tar.xz.asc) = c6774627e0408d1feed5a00489ca95467f001261b201b82c3ab9c450856fe5ad27e50d43db7a2afe2aaff88930981f783315a1b764cac5619543852e93338273
 SHA512 (pgp.asc) = b1e1dd5ead34711f064a12a324b2f156ad4835330d861eae4032926b8a6cd07c0eacc76f52518d47ed5a8ead4695f5abd02f2b4190af8e7833bd3ea31453569d

squid-6.1-crash-half-closed.patch

@@ -1,158 +0,0 @@
-diff --git a/src/client_side.cc b/src/client_side.cc
-index f488fc4..69586df 100644
---- a/src/client_side.cc
-+++ b/src/client_side.cc
-@@ -932,7 +932,7 @@ ConnStateData::kick()
-      * We are done with the response, and we are either still receiving request
-      * body (early response!) or have already stopped receiving anything.
-      *
--     * If we are still receiving, then clientParseRequest() below will fail.
-+     * If we are still receiving, then parseRequests() below will fail.
-      * (XXX: but then we will call readNextRequest() which may succeed and
-      * execute a smuggled request as we are not done with the current request).
-      *
-@@ -952,28 +952,12 @@ ConnStateData::kick()
-      * Attempt to parse a request from the request buffer.
-      * If we've been fed a pipelined request it may already
-      * be in our read buffer.
--     *
--     \par
--     * This needs to fall through - if we're unlucky and parse the _last_ request
--     * from our read buffer we may never re-register for another client read.
-      */
- 
--    if (clientParseRequests()) {
--        debugs(33, 3, clientConnection << ": parsed next request from buffer");
--    }
-+    parseRequests();
- 
--    /** \par
--     * Either we need to kick-start another read or, if we have
--     * a half-closed connection, kill it after the last request.
--     * This saves waiting for half-closed connections to finished being
--     * half-closed _AND_ then, sometimes, spending "Timeout" time in
--     * the keepalive "Waiting for next request" state.
--     */
--    if (commIsHalfClosed(clientConnection->fd) && pipeline.empty()) {
--        debugs(33, 3, "half-closed client with no pending requests, closing");
--        clientConnection->close();
-+    if (!isOpen())
-         return;
--    }
- 
-     /** \par
-      * At this point we either have a parsed request (which we've
-@@ -1893,16 +1877,11 @@ ConnStateData::receivedFirstByte()
-     resetReadTimeout(Config.Timeout.request);
- }
- 
--/**
-- * Attempt to parse one or more requests from the input buffer.
-- * Returns true after completing parsing of at least one request [header]. That
-- * includes cases where parsing ended with an error (e.g., a huge request).
-- */
--bool
--ConnStateData::clientParseRequests()
-+/// Attempt to parse one or more requests from the input buffer.
-+/// May close the connection.
-+void
-+ConnStateData::parseRequests()
- {
--    bool parsed_req = false;
--
-     debugs(33, 5, clientConnection << ": attempting to parse");
- 
-     // Loop while we have read bytes that are not needed for producing the body
-@@ -1947,8 +1926,6 @@ ConnStateData::clientParseRequests()
- 
-             processParsedRequest(context);
- 
--            parsed_req = true; // XXX: do we really need to parse everything right NOW ?
--
-             if (context->mayUseConnection()) {
-                 debugs(33, 3, "Not parsing new requests, as this request may need the connection");
-                 break;
-@@ -1961,8 +1938,19 @@ ConnStateData::clientParseRequests()
-         }
-     }
- 
--    /* XXX where to 'finish' the parsing pass? */
--    return parsed_req;
-+    debugs(33, 7, "buffered leftovers: " << inBuf.length());
-+
-+    if (isOpen() && commIsHalfClosed(clientConnection->fd)) {
-+        if (pipeline.empty()) {
-+            // we processed what we could parse, and no more data is coming
-+            debugs(33, 5, "closing half-closed without parsed requests: " << clientConnection);
-+            clientConnection->close();
-+        } else {
-+            // we parsed what we could, and no more data is coming
-+            debugs(33, 5, "monitoring half-closed while processing parsed requests: " << clientConnection);
-+            flags.readMore = false; // may already be false
-+        }
-+    }
- }
- 
- void
-@@ -1979,18 +1967,7 @@ ConnStateData::afterClientRead()
-     if (pipeline.empty())
-         fd_note(clientConnection->fd, "Reading next request");
- 
--    if (!clientParseRequests()) {
--        if (!isOpen())
--            return;
--        // We may get here if the client half-closed after sending a partial
--        // request. See doClientRead() and shouldCloseOnEof().
--        // XXX: This partially duplicates ConnStateData::kick().
--        if (pipeline.empty() && commIsHalfClosed(clientConnection->fd)) {
--            debugs(33, 5, clientConnection << ": half-closed connection, no completed request parsed, connection closing.");
--            clientConnection->close();
--            return;
--        }
--    }
-+    parseRequests();
- 
-     if (!isOpen())
-         return;
-@@ -3775,7 +3752,7 @@ ConnStateData::notePinnedConnectionBecameIdle(PinnedIdleContext pic)
-     startPinnedConnectionMonitoring();
- 
-     if (pipeline.empty())
--        kick(); // in case clientParseRequests() was blocked by a busy pic.connection
-+        kick(); // in case parseRequests() was blocked by a busy pic.connection
- }
- 
- /// Forward future client requests using the given server connection.
-diff --git a/src/client_side.h b/src/client_side.h
-index 6027b31..60b99b1 100644
---- a/src/client_side.h
-+++ b/src/client_side.h
-@@ -98,7 +98,6 @@ public:
-     void doneWithControlMsg() override;
- 
-     /// Traffic parsing
--    bool clientParseRequests();
-     void readNextRequest();
- 
-     /// try to make progress on a transaction or read more I/O
-@@ -443,6 +442,7 @@ private:
- 
-     void checkLogging();
- 
-+    void parseRequests();
-     void clientAfterReadingRequests();
-     bool concurrentRequestQueueFilled() const;
- 
-diff --git a/src/tests/stub_client_side.cc b/src/tests/stub_client_side.cc
-index 8c160e5..f49d5dc 100644
---- a/src/tests/stub_client_side.cc
-+++ b/src/tests/stub_client_side.cc
-@@ -14,7 +14,7 @@
- #include "tests/STUB.h"
- 
- #include "client_side.h"
--bool ConnStateData::clientParseRequests() STUB_RETVAL(false)
-+void ConnStateData::parseRequests() STUB
- void ConnStateData::readNextRequest() STUB
- bool ConnStateData::isOpen() const STUB_RETVAL(false)
- void ConnStateData::kick() STUB

squid-6.1-perlpath.patch

@@ -6,5 +6,5 @@ index e965e9e..ed5ffcb 100755
 -#!/usr/local/bin/perl -Tw
 +#!/usr/bin/perl -Tw
  #
- # * Copyright (C) 1996-2024 The Squid Software Foundation and contributors
+ # * Copyright (C) 1996-2025 The Squid Software Foundation and contributors
  # *

squid-6.11-ignore-wsp-after-chunk-size.patch

@@ -1,367 +0,0 @@
-From 8d0ee420a4d91ac7fd97316338f1e28b4b060cbf Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
-Date: Thu, 10 Oct 2024 19:26:27 +0200
-Subject: [PATCH 1/6] Ignore whitespace chars after chunk-size
-
-Previously (before #1498 change), squid was accepting TE-chunked replies
-with whitespaces after chunk-size and missing chunk-ext data. After
-
-It turned out that replies with such whitespace chars are pretty
-common and other webservers which can act as forward proxies (e.g.
-nginx, httpd...) are accepting them.
-
-This change will allow to proxy chunked responses from origin server,
-which had whitespaces inbetween chunk-size and CRLF.
----
- src/http/one/TeChunkedParser.cc | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/http/one/TeChunkedParser.cc b/src/http/one/TeChunkedParser.cc
-index 9cce10fdc91..04753395e16 100644
---- a/src/http/one/TeChunkedParser.cc
-+++ b/src/http/one/TeChunkedParser.cc
-@@ -125,6 +125,7 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok)
-     // Code becomes much simpler when incremental parsing functions throw on
-     // bad or insufficient input, like in the code below. TODO: Expand up.
-     try {
-+        tok.skipAll(CharacterSet::WSP); // Some servers send SP/TAB after chunk-size
-         parseChunkExtensions(tok); // a possibly empty chunk-ext list
-         tok.skipRequired("CRLF after [chunk-ext]", Http1::CrLf());
-         buf_ = tok.remaining();
-
-From 9c8d35f899035fa06021ab3fe6919f892c2f0c6b Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
-Date: Fri, 11 Oct 2024 02:06:31 +0200
-Subject: [PATCH 2/6] Added new argument to Http::One::ParseBws()
-
-Depending on new wsp_only argument in ParseBws() it will be decided
-which set of whitespaces characters will be parsed. If wsp_only is set
-to true, only SP and HTAB chars will be parsed.
-
-Also optimized number of ParseBws calls.
----
- src/http/one/Parser.cc          |  4 ++--
- src/http/one/Parser.h           |  3 ++-
- src/http/one/TeChunkedParser.cc | 13 +++++++++----
- src/http/one/TeChunkedParser.h  |  2 +-
- 4 files changed, 14 insertions(+), 8 deletions(-)
-
-diff --git a/src/http/one/Parser.cc b/src/http/one/Parser.cc
-index b1908316a0b..01d7e3bc0e8 100644
---- a/src/http/one/Parser.cc
-+++ b/src/http/one/Parser.cc
-@@ -273,9 +273,9 @@ Http::One::ErrorLevel()
- 
- // BWS = *( SP / HTAB ) ; WhitespaceCharacters() may relax this RFC 7230 rule
- void
--Http::One::ParseBws(Parser::Tokenizer &tok)
-+Http::One::ParseBws(Parser::Tokenizer &tok, const bool wsp_only)
- {
--    const auto count = tok.skipAll(Parser::WhitespaceCharacters());
-+    const auto count = tok.skipAll(wsp_only ? CharacterSet::WSP : Parser::WhitespaceCharacters());
- 
-     if (tok.atEnd())
-         throw InsufficientInput(); // even if count is positive
-diff --git a/src/http/one/Parser.h b/src/http/one/Parser.h
-index d9a0ac8c273..08200371cd6 100644
---- a/src/http/one/Parser.h
-+++ b/src/http/one/Parser.h
-@@ -163,8 +163,9 @@ class Parser : public RefCountable
- };
- 
- /// skips and, if needed, warns about RFC 7230 BWS ("bad" whitespace)
-+/// \param wsp_only force skipping of whitespaces only, don't consider skipping relaxed delimeter chars
- /// \throws InsufficientInput when the end of BWS cannot be confirmed
--void ParseBws(Parser::Tokenizer &);
-+void ParseBws(Parser::Tokenizer &, const bool wsp_only = false);
- 
- /// the right debugs() level for logging HTTP violation messages
- int ErrorLevel();
-diff --git a/src/http/one/TeChunkedParser.cc b/src/http/one/TeChunkedParser.cc
-index 04753395e16..41e1e5ddaea 100644
---- a/src/http/one/TeChunkedParser.cc
-+++ b/src/http/one/TeChunkedParser.cc
-@@ -125,8 +125,11 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok)
-     // Code becomes much simpler when incremental parsing functions throw on
-     // bad or insufficient input, like in the code below. TODO: Expand up.
-     try {
--        tok.skipAll(CharacterSet::WSP); // Some servers send SP/TAB after chunk-size
--        parseChunkExtensions(tok); // a possibly empty chunk-ext list
-+        // A possibly empty chunk-ext list. If no chunk-ext has been found,
-+        // try to skip trailing BWS, because some servers send "chunk-size BWS CRLF".
-+        if (!parseChunkExtensions(tok))
-+            ParseBws(tok, true);
-+
-         tok.skipRequired("CRLF after [chunk-ext]", Http1::CrLf());
-         buf_ = tok.remaining();
-         parsingStage_ = theChunkSize ? Http1::HTTP_PARSE_CHUNK : Http1::HTTP_PARSE_MIME;
-@@ -140,20 +143,22 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok)
- 
- /// Parses the chunk-ext list (RFC 9112 section 7.1.1:
- /// chunk-ext = *( BWS ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] )
--void
-+bool
- Http::One::TeChunkedParser::parseChunkExtensions(Tokenizer &callerTok)
- {
-+    bool foundChunkExt = false;
-     do {
-         auto tok = callerTok;
- 
-         ParseBws(tok); // Bug 4492: IBM_HTTP_Server sends SP after chunk-size
- 
-         if (!tok.skip(';'))
--            return; // reached the end of extensions (if any)
-+            return foundChunkExt; // reached the end of extensions (if any)
- 
-         parseOneChunkExtension(tok);
-         buf_ = tok.remaining(); // got one extension
-         callerTok = tok;
-+        foundChunkExt = true;
-     } while (true);
- }
- 
-diff --git a/src/http/one/TeChunkedParser.h b/src/http/one/TeChunkedParser.h
-index 02eacd1bb89..8c5d4bb4cba 100644
---- a/src/http/one/TeChunkedParser.h
-+++ b/src/http/one/TeChunkedParser.h
-@@ -71,7 +71,7 @@ class TeChunkedParser : public Http1::Parser
- private:
-     bool parseChunkSize(Tokenizer &tok);
-     bool parseChunkMetadataSuffix(Tokenizer &);
--    void parseChunkExtensions(Tokenizer &);
-+    bool parseChunkExtensions(Tokenizer &);
-     void parseOneChunkExtension(Tokenizer &);
-     bool parseChunkBody(Tokenizer &tok);
-     bool parseChunkEnd(Tokenizer &tok);
-
-From 81e67f97f9c386bdd0bb4a5e182395c46adb70ad Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
-Date: Fri, 11 Oct 2024 02:44:33 +0200
-Subject: [PATCH 3/6] Fix typo in Parser.h
-
----
- src/http/one/Parser.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/http/one/Parser.h b/src/http/one/Parser.h
-index 08200371cd6..3ef4c5f7752 100644
---- a/src/http/one/Parser.h
-+++ b/src/http/one/Parser.h
-@@ -163,7 +163,7 @@ class Parser : public RefCountable
- };
- 
- /// skips and, if needed, warns about RFC 7230 BWS ("bad" whitespace)
--/// \param wsp_only force skipping of whitespaces only, don't consider skipping relaxed delimeter chars
-+/// \param wsp_only force skipping of whitespaces only, don't consider skipping relaxed delimiter chars
- /// \throws InsufficientInput when the end of BWS cannot be confirmed
- void ParseBws(Parser::Tokenizer &, const bool wsp_only = false);
- 
-
-From a0d4fe1794e605f8299a5c118c758a807453f016 Mon Sep 17 00:00:00 2001
-From: Alex Rousskov <rousskov@measurement-factory.com>
-Date: Thu, 10 Oct 2024 22:39:42 -0400
-Subject: [PATCH 4/6] Bug 5449 is a regression of Bug 4492!
-
-Both bugs deal with "chunk-size SP+ CRLF" use cases. Bug 4492 had _two_
-spaces after chunk-size, which answers one of the PR review questions:
-Should we skip just one space? No, we should not.
-
-The lines moved around in many commits, but I believe this regression
-was introduced in commit 951013d0 because that commit stopped consuming
-partially parsed chunk-ext sequences. That consumption was wrong, but it
-had a positive side effect -- fixing Bug 4492...
----
- src/http/one/TeChunkedParser.cc | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/src/http/one/TeChunkedParser.cc b/src/http/one/TeChunkedParser.cc
-index 41e1e5ddaea..aa4a840fdcf 100644
---- a/src/http/one/TeChunkedParser.cc
-+++ b/src/http/one/TeChunkedParser.cc
-@@ -125,10 +125,10 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok)
-     // Code becomes much simpler when incremental parsing functions throw on
-     // bad or insufficient input, like in the code below. TODO: Expand up.
-     try {
--        // A possibly empty chunk-ext list. If no chunk-ext has been found,
--        // try to skip trailing BWS, because some servers send "chunk-size BWS CRLF".
--        if (!parseChunkExtensions(tok))
--            ParseBws(tok, true);
-+        // Bug 4492: IBM_HTTP_Server sends SP after chunk-size
-+        ParseBws(tok, true);
-+
-+        parseChunkExtensions(tok);
- 
-         tok.skipRequired("CRLF after [chunk-ext]", Http1::CrLf());
-         buf_ = tok.remaining();
-@@ -150,7 +150,7 @@ Http::One::TeChunkedParser::parseChunkExtensions(Tokenizer &callerTok)
-     do {
-         auto tok = callerTok;
- 
--        ParseBws(tok); // Bug 4492: IBM_HTTP_Server sends SP after chunk-size
-+        ParseBws(tok);
- 
-         if (!tok.skip(';'))
-             return foundChunkExt; // reached the end of extensions (if any)
-
-From f837f5ff61301a17008f16ce1fb793c2abf19786 Mon Sep 17 00:00:00 2001
-From: Alex Rousskov <rousskov@measurement-factory.com>
-Date: Thu, 10 Oct 2024 23:06:42 -0400
-Subject: [PATCH 5/6] fixup: Fewer conditionals/ifs and more explicit spelling
-
-... to draw code reader attention when something unusual is going on.
----
- src/http/one/Parser.cc          | 22 ++++++++++++++++++----
- src/http/one/Parser.h           | 10 ++++++++--
- src/http/one/TeChunkedParser.cc | 14 ++++++--------
- src/http/one/TeChunkedParser.h  |  2 +-
- 4 files changed, 33 insertions(+), 15 deletions(-)
-
-diff --git a/src/http/one/Parser.cc b/src/http/one/Parser.cc
-index 01d7e3bc0e8..d3937e5e96b 100644
---- a/src/http/one/Parser.cc
-+++ b/src/http/one/Parser.cc
-@@ -271,11 +271,12 @@ Http::One::ErrorLevel()
-     return Config.onoff.relaxed_header_parser < 0 ? DBG_IMPORTANT : 5;
- }
- 
--// BWS = *( SP / HTAB ) ; WhitespaceCharacters() may relax this RFC 7230 rule
--void
--Http::One::ParseBws(Parser::Tokenizer &tok, const bool wsp_only)
-+/// common part of ParseBws() and ParseStrctBws()
-+namespace Http::One {
-+static void
-+ParseBws_(Parser::Tokenizer &tok, const CharacterSet &bwsChars)
- {
--    const auto count = tok.skipAll(wsp_only ? CharacterSet::WSP : Parser::WhitespaceCharacters());
-+    const auto count = tok.skipAll(bwsChars);
- 
-     if (tok.atEnd())
-         throw InsufficientInput(); // even if count is positive
-@@ -290,4 +291,17 @@ Http::One::ParseBws(Parser::Tokenizer &tok, const bool wsp_only)
- 
-     // success: no more BWS characters expected
- }
-+} // namespace Http::One
-+
-+void
-+Http::One::ParseBws(Parser::Tokenizer &tok)
-+{
-+    ParseBws_(tok, CharacterSet::WSP);
-+}
-+
-+void
-+Http::One::ParseStrictBws(Parser::Tokenizer &tok)
-+{
-+    ParseBws_(tok, Parser::WhitespaceCharacters());
-+}
- 
-diff --git a/src/http/one/Parser.h b/src/http/one/Parser.h
-index 3ef4c5f7752..49e399de546 100644
---- a/src/http/one/Parser.h
-+++ b/src/http/one/Parser.h
-@@ -163,9 +163,15 @@ class Parser : public RefCountable
- };
- 
- /// skips and, if needed, warns about RFC 7230 BWS ("bad" whitespace)
--/// \param wsp_only force skipping of whitespaces only, don't consider skipping relaxed delimiter chars
- /// \throws InsufficientInput when the end of BWS cannot be confirmed
--void ParseBws(Parser::Tokenizer &, const bool wsp_only = false);
-+/// \sa WhitespaceCharacters() for the definition of BWS characters
-+/// \sa ParseStrictBws() that avoids WhitespaceCharacters() uncertainties
-+void ParseBws(Parser::Tokenizer &);
-+
-+/// Like ParseBws() but only skips CharacterSet::WSP characters. This variation
-+/// must be used if the next element may start with CR or any other character
-+/// from RelaxedDelimiterCharacters().
-+void ParseStrictBws(Parser::Tokenizer &);
- 
- /// the right debugs() level for logging HTTP violation messages
- int ErrorLevel();
-diff --git a/src/http/one/TeChunkedParser.cc b/src/http/one/TeChunkedParser.cc
-index aa4a840fdcf..859471b8c77 100644
---- a/src/http/one/TeChunkedParser.cc
-+++ b/src/http/one/TeChunkedParser.cc
-@@ -125,11 +125,11 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok)
-     // Code becomes much simpler when incremental parsing functions throw on
-     // bad or insufficient input, like in the code below. TODO: Expand up.
-     try {
--        // Bug 4492: IBM_HTTP_Server sends SP after chunk-size
--        ParseBws(tok, true);
--
--        parseChunkExtensions(tok);
-+        // Bug 4492: IBM_HTTP_Server sends SP after chunk-size.
-+        // No ParseBws() here because it may consume CR required further below.
-+        ParseStrictBws(tok);
- 
-+        parseChunkExtensions(tok); // a possibly empty chunk-ext list
-         tok.skipRequired("CRLF after [chunk-ext]", Http1::CrLf());
-         buf_ = tok.remaining();
-         parsingStage_ = theChunkSize ? Http1::HTTP_PARSE_CHUNK : Http1::HTTP_PARSE_MIME;
-@@ -143,22 +143,20 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok)
- 
- /// Parses the chunk-ext list (RFC 9112 section 7.1.1:
- /// chunk-ext = *( BWS ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] )
--bool
-+void
- Http::One::TeChunkedParser::parseChunkExtensions(Tokenizer &callerTok)
- {
--    bool foundChunkExt = false;
-     do {
-         auto tok = callerTok;
- 
-         ParseBws(tok);
- 
-         if (!tok.skip(';'))
--            return foundChunkExt; // reached the end of extensions (if any)
-+            return; // reached the end of extensions (if any)
- 
-         parseOneChunkExtension(tok);
-         buf_ = tok.remaining(); // got one extension
-         callerTok = tok;
--        foundChunkExt = true;
-     } while (true);
- }
- 
-diff --git a/src/http/one/TeChunkedParser.h b/src/http/one/TeChunkedParser.h
-index 8c5d4bb4cba..02eacd1bb89 100644
---- a/src/http/one/TeChunkedParser.h
-+++ b/src/http/one/TeChunkedParser.h
-@@ -71,7 +71,7 @@ class TeChunkedParser : public Http1::Parser
- private:
-     bool parseChunkSize(Tokenizer &tok);
-     bool parseChunkMetadataSuffix(Tokenizer &);
--    bool parseChunkExtensions(Tokenizer &);
-+    void parseChunkExtensions(Tokenizer &);
-     void parseOneChunkExtension(Tokenizer &);
-     bool parseChunkBody(Tokenizer &tok);
-     bool parseChunkEnd(Tokenizer &tok);
-
-From f79936a234e722adb2dd08f31cf6019d81ee712c Mon Sep 17 00:00:00 2001
-From: Alex Rousskov <rousskov@measurement-factory.com>
-Date: Thu, 10 Oct 2024 23:31:08 -0400
-Subject: [PATCH 6/6] fixup: Deadly typo
-
----
- src/http/one/Parser.cc | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/http/one/Parser.cc b/src/http/one/Parser.cc
-index d3937e5e96b..7403a9163a2 100644
---- a/src/http/one/Parser.cc
-+++ b/src/http/one/Parser.cc
-@@ -296,12 +296,12 @@ ParseBws_(Parser::Tokenizer &tok, const CharacterSet &bwsChars)
- void
- Http::One::ParseBws(Parser::Tokenizer &tok)
- {
--    ParseBws_(tok, CharacterSet::WSP);
-+    ParseBws_(tok, Parser::WhitespaceCharacters());
- }
- 
- void
- Http::One::ParseStrictBws(Parser::Tokenizer &tok)
- {
--    ParseBws_(tok, Parser::WhitespaceCharacters());
-+    ParseBws_(tok, CharacterSet::WSP);
- }
- 
-

squid.spec

@@ -1,7 +1,8 @@
 %define __perl_requires %{SOURCE98}
+%define version_underscore %(echo %{version} | tr '.' '_')
 
 Name:     squid
-Version:  6.13
+Version:  7.3
 Release:  1%{?dist}
 Summary:  The Squid proxy caching server
 Epoch:    7
@@ -9,8 +10,8 @@ Epoch:    7
 License:  GPL-2.0-or-later AND (LGPL-2.0-or-later AND MIT AND BSD-2-Clause AND BSD-3-Clause AND BSD-4-Clause AND BSD-4-Clause-UC AND LicenseRef-Fedora-Public-Domain AND Beerware)
 URL:      http://www.squid-cache.org
 
-Source0:  http://www.squid-cache.org/Versions/v6/squid-%{version}.tar.xz
-Source1:  http://www.squid-cache.org/Versions/v6/squid-%{version}.tar.xz.asc
+Source0:  https://github.com/squid-cache/squid/releases/download/SQUID_%{version_underscore}/squid-%{version}.tar.xz
+Source1:  https://github.com/squid-cache/squid/releases/download/SQUID_%{version_underscore}/squid-%{version}.tar.xz.asc
 Source2:  http://www.squid-cache.org/pgp.asc
 Source3:  squid.logrotate
 Source4:  squid.sysconfig
@@ -25,7 +26,7 @@ Source98: perl-requires-squid.sh
 # Upstream patches
 
 # Backported patches
-# Patch101: patch
+# Patch101: squid-7.1-.....patch
 
 # Local patches
 # Applying upstream patches first makes it less likely that local patches
@@ -36,10 +37,6 @@ Patch203: squid-6.1-perlpath.patch
 # revert this upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=1936422
 # workaround for #1934919
 Patch204: squid-6.1-symlink-lang-err.patch
-# Upstream PR: https://github.com/squid-cache/squid/pull/1442
-Patch205: squid-6.1-crash-half-closed.patch
-# Upstream PR: https://github.com/squid-cache/squid/pull/1914
-Patch206: squid-6.11-ignore-wsp-after-chunk-size.patch
 
 # cache_swap.sh
 Requires: bash gawk
@@ -117,8 +114,8 @@ sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented
    --enable-eui \
    --enable-follow-x-forwarded-for \
    --enable-auth \
-   --enable-auth-basic="DB,fake,getpwnam,LDAP,NCSA,PAM,POP3,RADIUS,SASL,SMB,SMB_LM" \
-   --enable-auth-ntlm="SMB_LM,fake" \
+   --enable-auth-basic="DB,fake,getpwnam,LDAP,NCSA,PAM,POP3,RADIUS,SASL,SMB" \
+   --enable-auth-ntlm="fake" \
    --enable-auth-digest="file,LDAP" \
    --enable-auth-negotiate="kerberos" \
    --enable-external-acl-helpers="LDAP_group,time_quota,session,unix_group,wbinfo_group,kerberos_ldap_group" \
@@ -154,9 +151,9 @@ sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented
    --enable-translation
 
 # workaround to build squid v5
-mkdir -p src/icmp/tests
-mkdir -p tools/squidclient/tests
-mkdir -p tools/tests
+#mkdir -p src/icmp/tests
+#mkdir -p tools/squidclient/tests
+#mkdir -p tools/tests
 
 %make_build
 
@@ -227,7 +224,6 @@ install -p -D -m 0644 %{SOURCE9} %{buildroot}%{_sysusersdir}/squid.conf
 
 %config(noreplace) %attr(644,root,root) %{_sysconfdir}/httpd/conf.d/squid.conf
 %config(noreplace) %attr(640,root,squid) %{_sysconfdir}/squid/squid.conf
-%config(noreplace) %attr(644,root,squid) %{_sysconfdir}/squid/cachemgr.conf
 %config(noreplace) %{_sysconfdir}/squid/mime.conf
 %config(noreplace) %{_sysconfdir}/squid/errorpage.css
 %config(noreplace) %{_sysconfdir}/sysconfig/squid
@@ -235,7 +231,6 @@ install -p -D -m 0644 %{SOURCE9} %{buildroot}%{_sysusersdir}/squid.conf
 %config %{_sysconfdir}/squid/squid.conf.default
 %config %{_sysconfdir}/squid/mime.conf.default
 %config %{_sysconfdir}/squid/errorpage.css.default
-%config %{_sysconfdir}/squid/cachemgr.conf.default
 %config(noreplace) %{_sysconfdir}/pam.d/squid
 %config(noreplace) %{_sysconfdir}/logrotate.d/squid
 
@@ -244,10 +239,7 @@ install -p -D -m 0644 %{SOURCE9} %{buildroot}%{_sysusersdir}/squid.conf
 %{_prefix}/lib/NetworkManager
 %{_datadir}/squid/icons
 %{_sbindir}/squid
-%{_bindir}/squidclient
-%{_bindir}/purge
 %{_mandir}/man8/*
-%{_mandir}/man1/*
 %{_libdir}/squid/*
 %{_datadir}/snmp/mibs/SQUID-MIB.txt
 %{_sysusersdir}/squid.conf
@@ -314,6 +306,31 @@ fi
 
 
 %changelog
+* Wed Oct 29 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:7.3-1
+- new version 7.3
+
+* Fri Oct 17 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:7.2-1
+- new version 7.2
+
+* Thu Sep 11 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:7.1-3
+- Support provider keys that require NULL digest
+
+* Thu Aug 14 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:7.1-1
+- new version 7.1
+- removed squidclient
+- removed purge
+- removed cachemgr.cgi
+- removed basic_smb_lm_auth and ntlm_smb_lm_auth helpers
+
+* Fri Jul 25 2025 Fedora Release Engineering <releng@fedoraproject.org> - 7:6.14-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
+
+* Mon Jul 21 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:6.14-1
+- new version 6.14
+
+* Wed Mar 12 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:6.13-2
+- Do not blame cache_peer for 4xx CONNECT responses
+
 * Tue Feb 04 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:6.13-1
 - new version 6.13