Ubuntu
squid3 package

Merge ~ahasenack/ubuntu/+source/squid3:artful-squid3-merge-1712653 into ~usd-import-team/ubuntu/+source/squid3:debian/sid

Proposed by Andreas Hasenack on 2017-08-24

Status:

Merged

Merge reported by:

Nish Aravamudan

Merged at revision:

66a53e162dfc8c55739c145bd34a49b047dbdae1

Proposed branch:

~ahasenack/ubuntu/+source/squid3:artful-squid3-merge-1712653

Merge into:

~usd-import-team/ubuntu/+source/squid3:debian/sid

Diff against target:

2942 lines (+2640/-30)

21 files modified

debian/NEWS.debian (+11/-0)
debian/changelog (+711/-1)
debian/control (+5/-6)
debian/patches/90-cf.data.ubuntu.patch (+12/-0)
debian/patches/99-ubuntu-ssl-cert-snakeoil.patch (+22/-0)
debian/patches/gcc7-assert-wants-boolean.patch (+23/-0)
debian/patches/gcc7-squidpurge-4695.patch (+29/-0)
debian/patches/series (+4/-0)
debian/rules (+8/-1)
debian/squid.install (+3/-0)
debian/squid.preinst (+15/-0)
debian/squid.rc (+0/-2)
debian/squid3.postinst (+0/-11)
debian/squid3.preinst (+0/-8)
debian/tests/control (+4/-0)
debian/tests/squid (+11/-0)
debian/tests/test-squid.py (+221/-0)
debian/tests/testlib.py (+1133/-0)
debian/tests/testlib_httpd.py (+352/-0)
debian/tests/upstream-test-suite (+1/-1)
debian/usr.sbin.squid (+75/-0)

Related bugs:

Bug #1712653: squid3: Merge from Debian 3.5.23-5	Medium	Fix Released
Bug #1712668: squid3: ftbfs with gcc7: "dynamic exception specifications are deprecated" and other errors	High	Fix Released

Link a bug report

Reviewer	Date Requested	Status
Nish Aravamudan	2017-08-24	Approve on 2017-08-24
Canonical Server Team	2017-08-24	Pending
Review via email: mp+329541@code.launchpad.net

Description of the Change

Debian merge of 3.5.23-5

This merge only got complicated due to the gcc7 FTBFS errors (#1712668). Upstream has fixes for all but one of them in 3.5.27, and their v3.5 git branch. The remaining one is a failure on 32bits that they deemed too intrusive to fix in v3.5. Therefore, we decided to not include the upstream existing v3.5 fixes and just disable the respective gcc7 errors, i.e., make them a warning.

Here is a list of the gcc7 changes: https://gcc.gnu.org/gcc-7/changes.html

The two errors that we turned back into warnings are:
* "deprecated": happens like this during build:
../include/SquidNew.h:29:54: warning: dynamic exception specifications are deprecated in C++11 [-Wdeprecated]
_SQUID_EXTERNNEW_ void *operator new[] (size_t size) throw (std::bad_alloc)
^~~~
* "format-truncation": very common, and hard to fix in the case of the remaining build failure in 32 bits, happens when a snprintf() family function is used and whatever it is writing to the target buffer gets truncated because it did not fit. There is no overflow, but a truncation happens. It's a bit more complicated when the precision specifier is a variable ("*" in the format string), so its value is not known at compile time, in which case gcc assumes the worst possible case and outputs something like:
"""
Format.cc: In member function ‘void Format::Format::assemble(MemBuf&, const Pointer&, int) const’:
Format.cc:345:1: error: ‘%0*lld’ directive output may be truncated writing between 1 and 2147483646 bytes into a region of size 1024 [-Werror=format-truncation=]
"""

The above were the most common problems with gcc7. A couple of others happened but these were easy to fix with a patch which was deemed safe enough, and a better approach to disabling the error. Both patches are either direct copies from upstream, or a cherry pick of just the interesting hunk (the DEP3 header clarifies which is which):

- debian/patches/gcc7-squidpurge-4695.patch: this fixes a warning about an uninitialized variable being used, temp.refcount. The memcpy() was just using the incorrect variable in the sizeof(). Additionally, this was a case where a simple bump in the size of a buffer was enough to silence the format-truncation error.

- debian/patches/gcc7-assert-wants-boolean.patch: extracted from a bigger upstream change, this deals with the new "int-in-bool-context" warning from GCC7 which was hit in an assert() call.

DEP8 tests passed, upgrade from previous artful package worked, and I have this running as my local squid at home. What I did not test was an upgrade from zesty or xenial.

Test packages are available in this PPA for artful:

https://launchpad.net/~ahasenack/+archive/ubuntu/squid-merge-ftbfs-1712668-1712653/

IMPORTANT

Note for sponsorship: the #ubuntu-release team was asked for a FFe for this upload on IRC, but it's a busy day :)
<rbasak> Mini FFe request: ahasenack has been working on a squid3 merge but held up by a gcc7 related FTBFS. He's almost ready for sponsorship and upload. The merge would only include one very minor functional change: https://anonscm.debian.org/git/pkg-squid/pkg-squid3.git/commit/?id=710982a8fb26a4a949f48812847cc13b1c17a3ca
<rbasak> But we don't think we'll manage the upload today.
<rbasak> Could a release team member please ack this to upload if within the next week or so?
<rbasak> All other changes that would land are bugfixes.
<rbasak> So this is really a technicality IMHO, but one that requires ~ubuntu-release to ack.
<rbasak> All other changes coming from Debian are at: https://anonscm.debian.org/git/pkg-squid/pkg-squid3.git/log/
<rbasak> From 3.5.23-1 through 3.5.23-5.

If this MP is deemed correct and ready for upload, please ping me or Robie so we can ask the release team one more time and probably make it formal via the bug we have for this merge, and the FTBFS bug as well.

Andreas Hasenack (ahasenack) wrote on 2017-08-24:

I did a build on amd64 with artful-proposed enabled on diglett, it built fine:
# only call dh_scour for packages in main
if grep -q '^Component:[[:space:]]*main' /CurrentlyBuilding 2>/dev/null; then dh_scour -psquid-purge ; fi
dh_md5sums -psquid-purge
dh_builddeb -psquid-purge
dpkg-deb: building package 'squid-purge' in '../squid-purge_3.5.23-5ubuntu1_amd64.deb'.
dpkg-genbuildinfo
dpkg-genchanges >../squid3_3.5.23-5ubuntu1_amd64.changes
dpkg-genchanges: info: not including original source code in upload
dpkg-source --after-build squid3-3.5.23
dpkg-buildpackage: info: binary and diff upload (original source NOT included)

real 15m48.910s
user 13m47.816s
sys 1m20.360s
ubuntu@andreas-artful:~/squid3-3.5.23⟫ l ..
squid3-3.5.23/ squid3_3.5.23-5ubuntu1.debian.tar.xz squid-cgi_3.5.23-5ubuntu1_amd64.deb squid-purge_3.5.23-5ubuntu1_amd64.deb
squid3_3.5.23-5ubuntu1_all.deb squid3_3.5.23-5ubuntu1.dsc squidclient_3.5.23-5ubuntu1_amd64.deb
squid3_3.5.23-5ubuntu1_amd64.buildinfo squid3_3.5.23.orig.tar.gz squid-common_3.5.23-5ubuntu1_all.deb
squid3_3.5.23-5ubuntu1_amd64.changes squid_3.5.23-5ubuntu1_amd64.deb squid-dbg_3.5.23-5ubuntu1_amd64.deb

Andreas Hasenack (ahasenack) wrote on 2017-08-24:

ubuntu@andreas-artful:~/squid3-3.5.23⟫ apt-cache policy binutils
binutils:
  Installed: 2.29-6ubuntu3
  Candidate: 2.29-6ubuntu3
  Version table:
*** 2.29-6ubuntu3 500
        500 http://archive.ubuntu.com/ubuntu artful-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     2.29-5ubuntu1 500
        500 http://archive.ubuntu.com/ubuntu artful/main amd64 Packages

Nish Aravamudan (nacc) on 2017-08-24:

review: Approve

Nish Aravamudan (nacc) wrote on 2017-08-24:

Upload tagged and sponsored.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Andreas Hasenack

Ubuntu Server Dev import team

 diff --git a/debian/NEWS.debian b/debian/NEWS.debian
 index 3987e99..7a738d5 100644
 --- a/debian/NEWS.debian
 +++ b/debian/NEWS.debian
@@ -26,6 +26,17 @@ squid3 (3.5.6-1) unstable; urgency=medium
    that cache store format changed from squid 2.x and cannot be reused with
    squid 3.x
++  [ Robie Basak ]
++  In Ubuntu, data in /var/spool/squid3 *was* moved automatically on upgrade to
++  Xenial (3.5.12-1ubuntu7). Upgrades from before Xenial to after Xenial are not
++  supported; you must upgrade through Xenial. Details of the historic migration
++  path are in Steve's note below.
++
++  [ Steve Langasek ]
++  An attempt will be made to move the data in /var/spool/squid3 automatically.
++  If this is a mountpoint, the move will fail and you will need to migrate
++  your mount configuration by hand.
++
   -- Luigi Gangitano <luigi@debian.org> Wed, 22 Jul 2015 15:48:13 +0200
  squid3 (3.0.STABLE15-1) unstable; urgency=low
 diff --git a/debian/changelog b/debian/changelog
 index f38058d..c4d02eb 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,36 @@
++squid3 (3.5.23-5ubuntu1) artful; urgency=medium
++
++  * Merge with Debian unstable (LP: #1712653). Remaining changes:
++    - Add additional dep8 tests.
++    - Use snakeoil certificates.
++    - Add an example refresh pattern for debs.
++    - Add disabled by default AppArmor profile.
++    - Enable autoreconf. This is no longer required for the security updates,
++      but is needed for the seddery of test-suite/Makefile.am in
++      d/t/upstream-test-suite.
++    - Correct attribution and add explanatory note in d/NEWS.debian.
++    - Drop Conflicts/Replaces of squid against squid3. In Ubuntu, the migration
++      happened in Xenial, so no upgrade path still requires this code. This
++      reduces upgrade ordering difficulty.
++    - Adjust seddery for upstream test squid binary location.
++    - Revert "Set pidfile for systemd's sysv-generator" from Debian.
++    - Drop wrong short-circuiting of various invocations; we always want to
++      call the debhelper block.
++  * Drop:
++    - Add missing Pre-Depends on adduser.
++      [Fixed in Debian 3.5.23-2]
++  * GCC7 FTBFS fixes (LP: #1712668):
++    - d/rules: don't error when hitting the "deprecated" and
++      "format-truncation" gcc7 warnings. Upstream 3.5.27 has fixes for these,
++      but one in Format.cc that affects 32bit builds was deemed too intrusive
++      for the 3.5 stable series and is only in squid 4.x
++    - debian/patches/gcc7-squidpurge-4695.patch: GCC 7 build errors.
++      Thanks to Lubos Uhliarik <luhliari@redhat.com>.
++    - debian/patches/gcc7-assert-wants-boolean.patch: assert() takes a
++      boolean.  Thanks to Amos Jeffries <squid3@treenet.co.nz>
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 24 Aug 2017 16:04:35 -0300
++
  squid3 (3.5.23-5) unstable; urgency=medium
    * Reload squid so that it uses modified config, not default one.
@@ -52,6 +85,55 @@ squid3 (3.5.23-2) unstable; urgency=medium
   -- Santiago Garcia Mantinan <manty@debian.org>  Sun, 19 Mar 2017 23:23:57 +0100
++squid3 (3.5.23-1ubuntu1) zesty; urgency=medium
++
++  * Merge from Debian (LP: #1644538). Remaining changes:
++    - Add additional dep8 tests.
++    - Use snakeoil certificates.
++    - Add an example refresh pattern for debs.
++    - Add disabled by default AppArmor profile.
++    - Revert "Set pidfile for systemd's sysv-generator" from Debian.
++    - Drop wrong short-circuiting of various invocations; we always want to
++      call the debhelper block.
++    - Add missing Pre-Depends on adduser.
++    - Enable autoreconf. This is no longer required for the security updates,
++      but is needed for the seddery of test-suite/Makefile.am in
++      d/t/upstream-test-suite.
++  * Drop changes (adopted in Debian):
++    - Run sarg-reports if present before rotating logs.
++    - Add lsb-release build dep.
++  * Drop changes that no longer make a functional difference in Ubuntu, but may
++    still be relevant to send to Debian:
++    - d/squid3.postinst: don't try to stop squid3 again.
++    - d/squid3.postrm: don't rm -f conffiles in purge.
++    - Drop squid3 dependencies on ${shlib:Depends} and lsb-base.
++    - Drop creation of /etc/squid.
++  * Drop unnecessary changes:
++    - Add executable bits to d/squid.preinst.
++  * Drop changes relating to the upgrade path from prior to Xenial, so no
++    longer required:
++    - /var/spool/squid3 upgrade path handling.
++    - Conffile upgrade path handling.
++    - Remove redundant version-guarded restart code from squid postinst.
++    - Clean up apparmor links for usr.sbin.squid3 on upgrade.
++    - Attempt to migrate /var/log/squid3 -> /var/log/squid on upgrade.
++    - Add Breaks on older ufw to fix upgrade path.
++    - Use Breaks instead of Conflicts. Instead, drop the Conflicts/Replaces
++      entirely (see below).
++  * Drop security fixes: all included in 3.5.23 upstream.
++  * Drop Conflicts/Replaces of squid against squid3. In Ubuntu, the migration
++    happened in Xenial, so no upgrade path still requires this code. This
++    reduces upgrade ordering difficulty.
++  * Fix failing autopkgtests:
++    - Adjust Python module dependencies.
++    - Correctly handle the squid3 -> squid rename.
++    - Adjust seddery for upstream test squid binary location.
++  * Drop dependency on init-system-helpers. This was introduced in LP 1432683.
++    Since we no longer ship an upstart job, it is no longer required.
++  * Correct attribution and add explanatory note in d/NEWS.debian.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Tue, 24 Jan 2017 15:47:44 +0000
++
  squid3 (3.5.23-1) unstable; urgency=high
    [ Amos Jeffries <amosjeffries@squid-cache.org> ]
@@ -173,6 +255,186 @@ squid3 (3.5.14-1) unstable; urgency=medium
   -- Luigi Gangitano <luigi@debian.org>  Tue, 16 Feb 2016 23:14:00 +0100
++squid3 (3.5.12-1ubuntu9) zesty; urgency=medium
++
++  * SECURITY UPDATE: cookie data leak via If-Not-Modified HTTP conditional
++    - debian/patches/CVE-2016-10002.patch: properly handle combination of
++      If-Match and a Cache Hit in src/LogTags.h, src/client_side.cc,
++      src/client_side_reply.cc, src/client_side_reply.h.
++    - CVE-2016-10002
++  * SECURITY UPDATE: incorrect HTTP Request header comparison
++    - debian/patches/CVE-2016-10003.patch: don't share private responses
++      with collapsed client in src/client_side_reply.cc.
++    - CVE-2016-10003
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 03 Feb 2017 13:07:31 -0500
++
++squid3 (3.5.12-1ubuntu8) yakkety; urgency=medium
++
++  * SECURITY UPDATE: denial of service via pinger and ICMPv6 packet
++    - debian/patches/CVE-2016-3947.patch: fix sizes in src/icmp/Icmp6.cc.
++    - CVE-2016-3947
++  * SECURITY UPDATE: denial of service and possible code execution via
++    seeding manager reporter with crafted data
++    - debian/patches/CVE-2016-4051.patch: use dynamic MemBuf for internal
++      content generation in tools/cachemgr.cc, src/tests/stub_cbdata.cc,
++      src/tests/stub_mem.cc, tools/Makefile.am.
++    - CVE-2016-4051
++  * SECURITY UPDATE: denial of service or arbitrary code execution via
++    crafted ESI responses
++    - debian/patches/CVE-2016-4052.patch: perform bounds checking and
++      remove asserts in src/esi/Esi.cc.
++    - CVE-2016-4052
++    - CVE-2016-4053
++    - CVE-2016-4054
++  * SECURITY UPDATE: cache-poisoning attacks via an HTTP request with an
++    absolute-URI
++    - debian/patches/CVE-2016-4553.patch: properly handle condition in
++      src/client_side.cc
++    - CVE-2016-4553
++  * SECURITY UPDATE: same-origin bypass and cache-poisoning attack via
++    crafted HTTP host header
++    - debian/patches/CVE-2016-4554.patch: properly handle whitespace in
++      src/mime_header.cc.
++    - CVE-2016-4554
++  * SECURITY UPDATE: denial of service via ESI responses
++    - debian/patches/CVE-2016-4555.patch: fix segfaults in
++      src/client_side_request.cc, src/esi/Context.h, src/esi/Esi.cc.
++    - CVE-2016-4555
++    - CVE-2016-4556
++  * debian/rules: include autoreconf.mk.
++  * debian/control: add dh-autoreconf to BuildDepends.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 08 Jun 2016 08:05:32 -0400
++
++squid3 (3.5.12-1ubuntu7.1) xenial; urgency=medium
++
++  * Add Breaks on older ufw to fix upgrade path (LP: #1571174).
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Thu, 12 May 2016 11:03:06 +0000
++
++squid3 (3.5.12-1ubuntu7) xenial; urgency=medium
++
++  * Update apparmor profile to be correct for maas-proxy.
++
++ -- LaMont Jones <lamont@ubuntu.com>  Tue, 12 Apr 2016 13:05:00 -0600
++
++squid3 (3.5.12-1ubuntu6) xenial; urgency=medium
++
++  * Attempt to migrate /var/log/squid3 -> /var/log/squid on upgrade.
++  * Update apparmor profile for s/squid3/squid/ and /dev/shm access.
++
++ -- Adam Conrad <adconrad@ubuntu.com>  Sun, 03 Apr 2016 21:34:50 -0600
++
++squid3 (3.5.12-1ubuntu5) xenial; urgency=medium
++
++  * Use versioned Breaks/Replaces instead of an unversioned Conflicts, to
++    further clean up the upgrade ordering.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 01 Apr 2016 21:05:38 +0000
++
++squid3 (3.5.12-1ubuntu4) xenial; urgency=medium
++
++  * Remove redundant version-guarded restart code from squid postinst, which
++    doesn't do the right thing on Ubuntu upgrades.
++  * Remove duplicated conffile handling from the squid3 dummy package with
++    extreme prejudice.  The conffile moving absolutely *must* be done
++    exclusively in the squid package; trying to do it in the squid3 package
++    causes pristine conffiles to be silently overwritten with any
++    locally-modified version from the squid3 package, with hilarious effect.
++  * Adjust squid.{pre,post}inst to trick dpkg-maintscript-helper into
++    believing we had a previously installed version of this package even if
++    we did not, which appears to be a requirement for mv_conffile to DTRT.
++    This is certainly a dpkg bug that needs to be filed.
++  * Move all Ubuntu-specific dpkg-maintscript-helper delta into
++    debian/squid.maintscript for clarity/sanity.  Among other things,
++    this uncovers a bug where we're trying to call both mv_conffile and
++    rm_conffile for /etc/init.d/squid3.
++  * debian/squid3.{pre,post}inst: drop wrong short-circuiting of various
++    invocations; we always want to call the debhelper block.
++  * debian/squid3.postinst: don't try to stop squid3 again, this is
++    redundant.
++  * debian/squid3.postrm: don't rm -f conffiles in purge when dpkg already
++    handles these.
++  * Add missing pre-depends on adduser
++  * Anchor the Conflicts/Replaces to the version of the package that
++    introduced the name change in Ubuntu, to avoid upgrade ordering problems
++    later.
++  * Include upgrade migration handling for /var/spool/squid3 ->
++    /var/spool/squid.  This won't work if /var/spool/squid3 is a mount point,
++    so fail gracefully, but leaving two full squid cache directories around
++    after upgrade is a nuisance.
++  * Remove empty /etc/squid3 dir on upgrade.
++  * Clean up apparmor links for usr.sbin.squid3 on upgrade.  We don't migrate
++    these apparmor settings over, so at least don't leave stale links behind.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 31 Mar 2016 19:01:47 -0700
++
++squid3 (3.5.12-1ubuntu3) xenial; urgency=medium
++
++  * Revert last postinst change as it's buggy.
++  * Remove /etc/init.d/squid3 from preinst on upgrade.
++
++ -- Stéphane Graber <stgraber@ubuntu.com>  Tue, 29 Mar 2016 22:46:16 -0400
++
++squid3 (3.5.12-1ubuntu2) xenial; urgency=medium
++
++  * debian/squid.postinst: Fix dist-upgrade of squid by detecting service
++    name (/etc/init.d/squid vs. squid3).
++
++ -- Ryan Harper <ryan.harper@canonical.com>  Mon, 28 Mar 2016 11:20:35 -0500
++
++squid3 (3.5.12-1ubuntu1) xenial; urgency=medium
++
++  * Merge from Debian (LP: #1473691). Remaining changes:
++    - Add dep8 tests.
++    - Use snakeoil certificates.
++    - Run sarg-reports if present before rotating logs
++    - debian/patches/90-cf.data.ubuntu.dpatch: add an example refresh
++      pattern for debs.
++    - Add disabled by default AppArmor profile. Versioned dependency on
++      init-system-helpers (>> 1.22ubuntu5) to ensure we have the
++      apparmor-profile-load script at boot time.
++  * Drop changes:
++    - No longer needed:
++      + Upstart job.
++      + Dependency package for squid -> squid3: depcrecated; the transitional package now runs the other way.
++      + Fix perl & pod2man config.tests.
++      + fix-logical-not-parentheses-warning.patch.
++      + fix-pod2name-pipe-failure.patch.
++      + --disable-strict-error-checking to fix FTBFS.
++    - NEWS.Debian: no longer relevant.
++    - Hardening options: deprecated.
++    - Add patch to show distribution: fixed in Debian (but see
++      lsb-release B-D).
++    - Enable parallel build: makes no difference to build time.
++    - Force -O2 to work around build failure with -O3: presumed no
++      longer needed.
++    - Fixed upstream:
++      + CVE-2014-3609.patch: confirmed fixed since 3.4.7 from upstream
++        advisory.
++      + Fix various ICMP handling issues in Squid pinger: confirmed
++        fixed since 3.4.7 from upstream advisory.
++      + fix-caching-vary-header.patch.
++      + netfilter_fix.patch.
++  * Drop Testsuite: header from dep8 tests: no longer required since
++    dpkg-source >= 1.17.11 does it.
++  * Revert "Set pidfile for systemd's sysv-generator" from Debian.
++    systemd races the squid daemon for pidfile creation, causing systemd
++    to consider the service start to have failed. Work around for now by
++    not telling systemd to use the pidfile.
++  * Add lsb-release build dep. This is required for the
++    --enable-build-info line in debian/rules to work correctly.
++  * Correctly rename conffiles migrated by Debian from squid3 to squid.
++  * Remove conffile for old upstart job Ubuntu delta.
++  * Rename Apparmor profile conffile.
++  * Drop old transitional Apparmor code no longer required.
++  * Adjust AppArmor profile for squid3->squid rename.
++  * Drop versioned AppArmor dependency (transitional; no longer
++    required).
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Thu, 25 Feb 2016 11:42:03 +0000
++
  squid3 (3.5.12-1) unstable; urgency=medium
    [ Amos Jeffries <amosjeffries@squid-cache.org> ]
@@ -425,6 +687,180 @@ squid3 (3.3.8-1.1) unstable; urgency=low
   -- gregor herrmann <gregoa@debian.org>  Sat, 23 Nov 2013 21:05:10 +0100
++squid3 (3.3.8-1ubuntu17) xenial; urgency=medium
++
++  * --disable-strict-error-checking to fix FTBFS due to auto_ptr defined
++    in unique pointer headers. (LP: #1521234).
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Mon, 30 Nov 2015 15:32:14 +0000
++
++squid3 (3.3.8-1ubuntu16) wily; urgency=medium
++
++  [ Tiago Stürmer Daitx ]
++  * d/patches/fix-logical-not-parentheses-warning.patch: Fix warning for
++    logical-not-parentheses which caused squid to FTBFS. (LP: #1496924)
++  * d/patches/netfilter_fix.patch: Backported from Squid Bug #4323.
++    (LP: #1496223)
++  * d/patches/fix-pod2name-pipe-failure.patch: Add --name parameter to
++    pod2man (LP: #1501566)
++  * roll back build-dependency to libecap2-dev, this version of squid3 is not
++    compatible with libecap3 and libecap3 transition has been rolled back for
++    wily.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 09 Oct 2015 00:29:47 +0000
++
++squid3 (3.3.8-1ubuntu15) wily; urgency=medium
++
++  * Build-depend on libecap3-dev instead of libecap2-dev.
++
++ -- Matthias Klose <doko@ubuntu.com>  Wed, 02 Sep 2015 12:16:29 +0200
++
++squid3 (3.3.8-1ubuntu14) vivid; urgency=medium
++
++  * Add versioned dependency on init-system-helpers (>> 1.22ubuntu5) to ensure
++    we have the apparmor-profile-load script at boot time. (LP: #1432683)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 02 Apr 2015 11:12:27 -0500
++
++squid3 (3.3.8-1ubuntu13) vivid; urgency=medium
++
++  * d/squid3.prerm: Removed redundant upstart-only code. Equivalent
++    operations are carried out by debhelper-generated code in a more
++    generic manner. (LP: #1424508)
++
++ -- Oleg Strikov <oleg.strikov@canonical.com>  Thu, 05 Mar 2015 14:24:33 +0300
++
++squid3 (3.3.8-1ubuntu12) vivid; urgency=medium
++
++  * debian/tests/testlib_httpd.py: Use "service" command instead of upstart
++    specific ones, and simplify the logic.
++  * debian/tests/testlib.py, check_exe(): Check /proc/pid/exe symlink instead
++    of parsing cmdline; the latter has "(squid-1)" with the init.d script, and
++    it's not really what we are interested in.
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Fri, 06 Mar 2015 12:10:59 +0100
++
++squid3 (3.3.8-1ubuntu11) vivid; urgency=medium
++
++  * d/patches/fix-caching-vary-header.patch: Added upstream patch
++    for the bug which prevented squid from caching responses with
++    Vary header. (LP: #1336742)
++
++ -- Oleg Strikov <oleg.strikov@canonical.com>  Wed, 04 Mar 2015 15:08:54 +0300
++
++squid3 (3.3.8-1ubuntu10) vivid; urgency=medium
++
++  [Jacek Nykis]
++  * d/usr.sbin.squid3: Apparmor profile has been changed to allow child
++    processes to run execvp(argv[0], [kidname, ...]). (LP: #1416039)
++
++ -- Oleg Strikov <oleg.strikov@canonical.com>  Tue, 03 Mar 2015 18:18:20 +0300
++
++squid3 (3.3.8-1ubuntu9) vivid; urgency=medium
++
++  * Fix various ICMP handling issues in Squid pinger. (LP: #1384943)
++
++ -- Jorge Niedbalski <jorge.niedbalski@canonical.com>  Tue, 18 Nov 2014 14:47:33 -0300
++
++squid3 (3.3.8-1ubuntu8) utopic; urgency=medium
++
++  * SECURITY UPDATE: Ignore Range headers with unidentifiable byte-range
++    values
++    - debian/patches/CVE-2014-3609.patch: adjust src/HttpHdrRange.cc to
++      return an error if unable to determine the byte value for ranges
++    - CVE-2014-3609
++
++ -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 26 Aug 2014 13:51:07 -0500
++
++squid3 (3.3.8-1ubuntu7) utopic; urgency=medium
++
++  * Put back the init.d script, for compatibility with insserv. (LP: #1323274)
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Mon, 26 May 2014 23:27:57 +0200
++
++squid3 (3.3.8-1ubuntu6) trusty; urgency=medium
++
++  * debian/rules: Force -O2 to work around build failure with -O3.
++
++ -- Adam Conrad <adconrad@ubuntu.com>  Mon, 17 Feb 2014 20:13:30 -0700
++
++squid3 (3.3.8-1ubuntu5) trusty; urgency=low
++
++  [ Yolanda Robla ]
++  * debian/control: added lsb-release dependency
++  * debian/patches/fix-distribution.patch: added patch to show distribution
++
++  [ Dimitri John Ledkov ]
++  * Enable parallel build
++
++ -- Yolanda Robla <yolanda.robla@canonical.com>  Wed, 11 Dec 2013 10:51:45 +0000
++
++squid3 (3.3.8-1ubuntu4) trusty; urgency=low
++
++  * Fix perl & pod2man config.tests.
++
++ -- Dmitrijs Ledkovs <xnox@ubuntu.com>  Mon, 04 Nov 2013 02:17:30 +0000
++
++squid3 (3.3.8-1ubuntu3) saucy; urgency=low
++
++  * d/tests/squid: Disable seccomp sandboxing in vsftpd until it works
++    reliably (http://pad.lv/1219857), restart vsftpd using service
++    command.
++
++ -- James Page <james.page@ubuntu.com>  Mon, 02 Sep 2013 15:50:41 +0100
++
++squid3 (3.3.8-1ubuntu2) saucy; urgency=low
++
++  * d/usr.sbin.squid3: Update apparmor profile to allow pinger process to
++    create and use ICMP ports for ipv4/ipv6.
++
++ -- James Page <james.page@ubuntu.com>  Mon, 02 Sep 2013 11:06:54 +0100
++
++squid3 (3.3.8-1ubuntu1) saucy; urgency=low
++
++  * Merge from Debian unstable, remaining changes:
++    + debian/control:
++      - Update maintainer.
++      - Suggests apparmor (>= 2.3)
++      - Depends on ssl-cert ((>= 1.0-11ubuntu1), autopkgtests
++    + debian/squid3.upstart
++      - Move ulimit command to script section so that it applies
++        to the started squid daemon. Thanks to Timur Irmatov (LP: 986159)
++      - Work around squid not handling SIGHUP by adding respawn to
++        upstart job. (LP: 978356)
++    + debian/NEWS.Debian: Rename NEWS.debian, add note regarding squid3
++      transition in 12.04 (LP: 924739)
++    + debian/rules
++      - Re-enable all hardening options lost in the squid->squid3
++        transition (LP: 986314)
++    + squid3.resolvconf, debian/squid3.postinst, debian/squid3.postrm,
++      debian/squid3.preinst, debian/squid3.prerm:
++      - Convert init script to upstart
++    + debian/patches/99-ubuntu-ssl-cert-snakeoil:
++      - Use snakeoil certificates.
++    + debian/logrotate
++      - Use sar-reports rather than sarg-maint. (LP: 26616)
++    + debian/patches/90-cf.data.ubuntu.dpatch:
++      - Add an example refresh pattern for debs.
++        (foundations-lucid-local-report spec)
++    + Add disabled by default AppArmor profile (LP: 497790)
++      - debian/squid3.upstart: load profile in pre-start stanza
++      - add debian/usr.sbin.squid3 profile
++      - debian/rules:
++        + install debian/usr.sbin.squid3, etc/apparmor.d/force-complain and
++          etc/apparmor.d/disable into $(INSTALLDIR)
++        + use dh_apparmor
++      - debian/squid3.install: install etc/apparmor.d/disable, force-complain
++        and usr.sbin.squid3
++      - debian/squid3.preinst: disable profile on clean install or upgrades
++        from earlier than when we shipped the profile
++    + debian/tests:
++      - Add autopkgtests.
++  * d/control: Add dependency package for squid -> squid3 (LP: #1211942).
++  * d/control: Add dh-apparmor to BD's.
++
++ -- James Page <james.page@ubuntu.com>  Wed, 14 Aug 2013 09:03:55 +0100
++
  squid3 (3.3.8-1) unstable; urgency=high
    * Urgency high due to security fixes
@@ -445,6 +881,65 @@ squid3 (3.3.8-1) unstable; urgency=high
   -- Luigi Gangitano <luigi@debian.org>  Sun, 21 Jul 2013 18:28:36 +0200
++squid3 (3.3.4-1ubuntu1) saucy; urgency=low
++
++  * Merge from Debian unstable (LP: #1199883).  Remaining changes:
++    + debian/control:
++      - Update maintainer.
++      - Suggests apparmor (>= 2.3)
++      - Depends on ssl-cert ((>= 1.0-11ubuntu1), autopkgtests
++    + debian/squid3.upstart
++      - Move ulimit command to script section so that it applies
++        to the started squid daemon. Thanks to Timur Irmatov (LP: 986159)
++      - Work around squid not handling SIGHUP by adding respawn to
++        upstart job. (LP: 978356)
++    + debian/NEWS.Debian: Rename NEWS.debian, add note regarding squid3
++      transition in 12.04 (LP: 924739)
++    + debian/rules
++      - Re-enable all hardening options lost in the squid->squid3
++        transition (LP: 986314)
++    + squid3.resolvconf, debian/squid3.postinst, debian/squid3.postrm,
++      debian/squid3.preinst, debian/squid3.prerm:
++      - Convert init script to upstart
++    + debian/patches/99-ubuntu-ssl-cert-snakeoil:
++      - Use snakeoil certificates.
++    + debian/logrotate
++      - Use sar-reports rather than sarg-maint. (LP: 26616)
++    + debian/patches/90-cf.data.ubuntu.dpatch:
++      - Add an example refresh pattern for debs.
++        (foundations-lucid-local-report spec)
++    + Add disabled by default AppArmor profile (LP: 497790)
++      - debian/squid3.upstart: load profile in pre-start stanza
++      - add debian/usr.sbin.squid3 profile
++      - debian/rules:
++        + install debian/usr.sbin.squid3, etc/apparmor.d/force-complain and
++          etc/apparmor.d/disable into $(INSTALLDIR)
++        + use dh_apparmor
++      - debian/squid3.install: install etc/apparmor.d/disable, force-complain
++        and usr.sbin.squid3
++      - debian/squid3.preinst: disable profile on clean install or upgrades
++        from earlier than when we shipped the profile
++    + debian/tests:
++      - Add autopkgtests.
++
++  * Dropped:
++    - debian/patches: dropped patches, superseded by new release:
++      + 98-CVE-2012-5643.patch
++      + 99-lp1117517_r12473.patch
++    - debian/rules: fix FTBFS, removed --with-cppunit-basedir flag,
++      included in Debian.
++    - debian/control: Dropped transitional packages from squid, no
++      longer required.
++
++  * Refreshed patches:
++    - 01-cf.data.debian.patch
++    - 02-makefile-defaults.patch
++    - 15-cachemgr-default-config.patch
++
++  * debian/tests/test-squid.py: fixed case problem with ftp test
++
++ -- Yolanda Robla <yolanda.robla@canonical.com>  Wed, 10 Jul 2013 17:12:42 +0200
++
  squid3 (3.3.4-1) unstable; urgency=low
    * New upstream release
@@ -548,6 +1043,92 @@ squid3 (3.1.20-2) unstable; urgency=low
   -- Luigi Gangitano <luigi@debian.org>  Thu, 06 Dec 2012 20:02:56 +0100
++squid3 (3.1.20-1ubuntu7) saucy; urgency=low
++
++  * debian/tests: Run ftp tests against local vsftpd instead of ftp.ubuntu.com.
++
++ -- Yolanda Robla <yolanda.robla@canonical.com>  Mon, 17 Jun 2013 11:00:17 +0200
++
++squid3 (3.1.20-1ubuntu6) saucy; urgency=low
++
++  * debian/tests: Fix start/stop of squid3.
++
++ -- Yolanda Robla <yolanda.robla@canonical.com>  Mon, 10 Jun 2013 10:30:33 +0200
++
++squid3 (3.1.20-1ubuntu5) saucy; urgency=low
++
++  * debian/rules: fix FTBFS, removed --with-cppunit-basedir flag
++
++ -- Yolanda Robla <yolanda.robla@canonical.com>  Mon, 27 May 2013 14:50:11 +0200
++
++squid3 (3.1.20-1ubuntu4) saucy; urgency=low
++
++  * debian/tests: Add autopkgtest.
++
++ -- Yolanda <yolanda.robla@canonical.com>  Mon, 27 May 2013 11:24:35 +0200
++
++squid3 (3.1.20-1ubuntu3) raring-proposed; urgency=low
++
++  * fix FTBFS with newer glibc (LP: #1117517)
++
++ -- Jamie Strandboge <jamie@ubuntu.com>  Wed, 06 Feb 2013 11:37:29 -0600
++
++squid3 (3.1.20-1ubuntu2) raring-proposed; urgency=low
++
++  [ Seth Arnold ]
++  * SECURITY UPDATE: denial of service via cachemgr.cgi insufficient input
++    validation
++    - debian/patches/98-CVE-2012-5643.patch: modify cachemgr.cc to properly
++      free memory and handle input in chunks
++    - Based on
++      http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2012_1.patch
++    - CVE-2012-5643
++    - CVE-2013-0189
++
++ -- Jamie Strandboge <jamie@ubuntu.com>  Wed, 06 Feb 2013 09:56:53 -0600
++
++squid3 (3.1.20-1ubuntu1) quantal; urgency=low
++
++  * Merge from Debian testing (LP: #1016560).  Remaining changes:
++    + debian/control:
++      - Update maintainer.
++      - Suggests apparmor (>= 2.3)
++      - Depends on ssl-cert ((>= 1.0-11ubuntu1)
++      - Add transitional dummy packages
++    + debian/squid3.upstart
++      - Move ulimit command to script section so that it applies
++        to the started squid daemon. Thanks to Timur Irmatov (LP: 986159)
++      - Work around squid not handling SIGHUP by adding respawn to
++        upstart job. (LP: 978356)
++    + debian/NEWS.Debian: Rename NEWS.debian, add note regarding squid3
++      transition in 12.04 (LP: 924739)
++    + debian/rules
++      - Re-enable all hardening options lost in the squid->squid3
++        transition (LP: 986314)
++    + squid3.resolvconf, debian/squid3.postinst, debian/squid3.postrm,
++      debian/squid3.preinst, debian/squid3.prerm:
++      - Convert init script to upstart
++    + debian/patches/99-ubuntu-ssl-cert-snakeoil:
++      - Use snakeoil certificates.
++    + debian/logrotate
++      - Use sar-reports rather than sarg-maint. (LP: 26616)
++    + debian/patches/90-cf.data.ubuntu.dpatch:
++      - Add an example refresh pattern for debs.
++        (foundations-lucid-local-report spec)
++    + Add disabled by default AppArmor profile (LP: 497790)
++      - debian/squid3.upstart: load profile in pre-start stanza
++      - add debian/usr.sbin.squid3 profile
++      - debian/rules:
++        + install debian/usr.sbin.squid3, etc/apparmor.d/force-complain and
++          etc/apparmor.d/disable into $(INSTALLDIR)
++        + use dh_apparmor
++      - debian/squid3.install: install etc/apparmor.d/disable, force-complain
++        and usr.sbin.squid3
++      - debian/squid3.preinst: disable profile on clean install or upgrades
++        from earlier than when we shipped the profile
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Fri, 22 Jun 2012 14:18:00 +0200
++
  squid3 (3.1.20-1) unstable; urgency=low
    * New upstream release
@@ -564,6 +1145,66 @@ squid3 (3.1.20-1) unstable; urgency=low
   -- Luigi Gangitano <luigi@debian.org>  Mon, 18 Jun 2012 14:20:53 +0200
++squid3 (3.1.19-1ubuntu5) quantal; urgency=low
++
++  * d/squid3.upstart: Work around squid not handling SIGHUP by
++    adding respawn to upstart job. (LP: #978356)
++
++ -- Clint Byrum <clint@ubuntu.com>  Tue, 19 Jun 2012 15:35:19 -0700
++
++squid3 (3.1.19-1ubuntu4) quantal; urgency=low
++
++  * Add disabled by default AppArmor profile (LP: #497790)
++    - debian/squid3.upstart: load profile in pre-start stanza
++    - add debian/usr.sbin.squid3 profile
++    - debian/rules:
++      + install debian/usr.sbin.squid3, etc/apparmor.d/force-complain and
++        etc/apparmor.d/disable into $(INSTALLDIR)
++      + use dh_apparmor
++    - debian/control: suggests apparmor (>= 2.3)
++    - debian/squid3.install: install etc/apparmor.d/disable, force-complain
++      and usr.sbin.squid3
++    - debian/squid3.preinst: disable profile on clean install or upgrades
++      from earlier than when we shipped the profile
++
++ -- Jamie Strandboge <jamie@ubuntu.com>  Wed, 13 Jun 2012 11:32:14 -0500
++
++squid3 (3.1.19-1ubuntu3.1) quantal; urgency=low
++
++  * debian/rules: re-enable all hardening options lost in the
++    squid->squid3 transition (LP: #986314)
++  * debian/squid3.upstart: move ulimit command to script section
++    so that it applies to the started squid daemon. Thanks to Timur
++    Irmatov (LP: #986159)
++
++ -- Jamie Strandboge <jamie@ubuntu.com>  Wed, 13 Jun 2012 09:06:51 -0500
++
++squid3 (3.1.19-1ubuntu2) precise; urgency=low
++
++  * debian/NEWS.Debian: Rename NEWS.debian, add note regarding squid3
++    transition in 12.04 (LP: #924739)
++
++ -- Adam Gandelman <adamg@canonical.com>  Thu, 12 Apr 2012 13:46:10 -0700
++
++squid3 (3.1.19-1ubuntu1) precise; urgency=low
++
++  * Merge from Debian testing.  Remaining changes:
++    + debian/control:
++      - Update maintainer.
++    + debian/squid3.upstart, debian/rules, squid3.resolvconf,
++      debian/squid3.postinst, debian/squid3.postrm, debian/squid3.preinst,
++      debian/squid3.prerm: Convert init script to upstart
++    + debian/control, debian/patches/99-ubuntu-ssl-cert-snakeoil: Use
++     snakeoil certificates.
++    + debian/logrotate: Use sar-reports rather than sarg-maint. (LP: 26616)
++    + debian/patches/90-cf.data.ubuntu.dpatch: Add an example refresh pattern
++      for debs. (foundations-lucid-local-report spec)
++    + Add transitional dummy packages
++  * New upstream bugfix release fixes swap.state corruption, so squid will
++    now start after a reboot. (LP: #930252)
++
++ -- Christopher James Halse Rogers <raof@ubuntu.com>  Tue, 21 Feb 2012 18:51:26 +1100
++
  squid3 (3.1.19-1) unstable; urgency=low
    * New upstream release
@@ -575,6 +1216,24 @@ squid3 (3.1.19-1) unstable; urgency=low
   -- Luigi Gangitano <luigi@debian.org>  Tue, 07 Feb 2012 16:19:12 +0100
++squid3 (3.1.18-1ubuntu1) precise; urgency=low
++
++  [ Ubuntu Merge-o-Matic ]
++  * Merge from Debian testing.  Remaining changes:
++    + debian/control:
++      - Update maintainer.
++    + debian/squid3.upstart, debian/rules, squid3.resolvconf,
++      debian/squid3.postinst, debian/squid3.postrm, debian/squid3.preinst,
++      debian/squid3.prerm: Convert init script to upstart
++    + debian/control, debian/patches/99-ubuntu-ssl-cert-snakeoil: Use
++     snakeoil certificates.
++    + debian/logrotate: Use sar-reports rather than sarg-maint. (LP: #26616)
++    + debian/patches/90-cf.data.ubuntu.dpatch: Add an example refresh pattern
++      for debs. (foundations-lucid-local-report spec)
++    + Add transitional dummy packages
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 30 Jan 2012 10:24:33 -0500
++
  squid3 (3.1.18-1) unstable; urgency=low
    * New upstream release
@@ -584,6 +1243,23 @@ squid3 (3.1.18-1) unstable; urgency=low
   -- Luigi Gangitano <luigi@debian.org>  Mon, 26 Dec 2011 22:04:28 +0100
++squid3 (3.1.16-1ubuntu1) precise; urgency=low
++
++  * Merge from Debian testing.  Remaining changes:
++    + debian/control:
++      - Update maintainer.
++    + debian/squid3.upstart, debian/rules, squid3.resolvconf,
++      debian/squid3.postinst, debian/squid3.postrm, debian/squid3.preinst,
++      debian/squid3.prerm: Convert init script to upstart
++    + debian/control, debian/patches/99-ubuntu-ssl-cert-snakeoil: Use
++     snakeoil certificates.
++    + debian/logrotate: Use sar-reports rather than sarg-maint. (LP: #26616)
++    + debian/patches/90-cf.data.ubuntu.dpatch: Add an example refresh pattern
++      for debs. (foundations-lucid-local-report spec)
++    + Add transitional dummy packages
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 19 Dec 2011 21:35:43 +0000
++
  squid3 (3.1.16-1) unstable; urgency=low
    * New upstream release
@@ -596,6 +1272,40 @@ squid3 (3.1.16-1) unstable; urgency=low
   -- Luigi Gangitano <luigi@debian.org>  Thu,  3 Nov 2011 13:37:17 +0100
++squid3 (3.1.15-1ubuntu3) precise; urgency=low
++
++  * debian/squid3.upstart: Properly return 0 from maxfds() if $SQUID_MAXFD is
++    unset, else pre-start will fail as well. Also fix paths to config file.
++    (LP: #891445)
++  * debian/squid3.upstart: Modify to better reflect functionality of Debian's
++    squid3.rc
++  * debian/rules: Fix permissions on upstart job
++
++ -- Adam Gandelman <adamg@canonical.com>  Wed, 16 Nov 2011 18:26:25 -0800
++
++squid3 (3.1.15-1ubuntu2) precise; urgency=low
++
++  * Fix spelling of squid-common transitional package name.
++  * Remove meaningless self-conflicts.
++
++ -- Colin Watson <cjwatson@ubuntu.com>  Fri, 11 Nov 2011 10:33:44 +0000
++
++squid3 (3.1.15-1ubuntu1) precise; urgency=low
++
++  * debian/control:
++    + Update maintainer.
++  * debian/squid3.upstart, debian/rules, squid3.resolvconf,
++    debian/squid3.postinst, debian/squid3.postrm, debian/squid3.preinst,
++    debian/squid3.prerm: Convert init script to upstart
++  * debian/control, debian/patches/99-ubuntu-ssl-cert-snakeoil: Use
++    snakeoil certificates.
++  * debian/logrotate: Use sar-reports rather than sarg-maint. (LP: #26616)
++  * debian/patches/90-cf.data.ubuntu.dpatch: Add an example refresh pattern
++    for debs. (foundations-lucid-local-report spec)
++  * Add transitional dummy packages.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Thu, 10 Nov 2011 08:59:31 -0500
++
  squid3 (3.1.15-1) unstable; urgency=high
    * Urgency high due to security fixes
@@ -1341,7 +2051,6 @@ squid3 (3.0.PRE4-1) unstable; urgency=low
   -- Luigi Gangitano <luigi@debian.org>  Mon,  3 Jul 2006 16:47:43 +0200
--
  squid3 (3.0.PRE3.20060422-2) unstable; urgency=low
    * debian/control
@@ -1354,3 +2063,4 @@ squid3 (3.0.PRE3.20060422-1) unstable; urgency=low
    * First package attempt
   -- Luigi Gangitano <luigi@debian.org>  Sat, 22 Apr 2006 01:19:36 +0200
++
 diff --git a/debian/control b/debian/control
 index 4535682..169918d 100644
 --- a/debian/control
 +++ b/debian/control
@@ -1,13 +1,14 @@
  Source: squid3
  Section: web
  Priority: optional
--Maintainer: Luigi Gangitano <luigi@debian.org>
++Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
++XSBC-Original-Maintainer: Luigi Gangitano <luigi@debian.org>
  Uploaders: Santiago Garcia Mantinan <manty@debian.org>
  Homepage: http://www.squid-cache.org
  Standards-Version: 3.9.8
  Vcs-Git: git://anonscm.debian.org/pkg-squid/pkg-squid3.git/
  Vcs-Browser: https://anonscm.debian.org/git/pkg-squid/pkg-squid3.git/
--Build-Depends: libldap2-dev, libpam0g-dev, libdb-dev, cdbs, libsasl2-dev, debhelper (>=10), libcppunit-dev, libkrb5-dev, comerr-dev, libcap2-dev [linux-any], libecap3-dev (>= 1.0.1-2), libexpat1-dev, libxml2-dev, autotools-dev, libltdl-dev, dpkg-dev (>= 1.16.1~), pkg-config, libnetfilter-conntrack-dev [linux-any], nettle-dev, libgnutls28-dev, lsb-release
++Build-Depends: libldap2-dev, libpam0g-dev, libdb-dev, cdbs, libsasl2-dev, debhelper (>=10), libcppunit-dev, libkrb5-dev, comerr-dev, libcap2-dev [linux-any], libecap3-dev (>= 1.0.1-2), libexpat1-dev, libxml2-dev, autotools-dev, libltdl-dev, dpkg-dev (>= 1.16.1~), pkg-config, libnetfilter-conntrack-dev [linux-any], nettle-dev, libgnutls28-dev, lsb-release, dh-apparmor, dh-autoreconf
  XS-Testsuite: autopkgtest
  Package: squid3
@@ -25,11 +26,9 @@ Description: Transitional package
  Package: squid
  Architecture: any
  Pre-Depends: adduser
--Depends: ${shlibs:Depends}, ${misc:Depends}, netbase, logrotate (>= 3.5.4-1), squid-common (>= ${source:Version}), lsb-base, libdbi-perl
--Suggests: squidclient, squid-cgi, squid-purge, resolvconf (>= 0.40), smbclient, ufw, winbindd
++Depends: ${shlibs:Depends}, ${misc:Depends}, netbase, logrotate (>= 3.5.4-1), squid-common (>= ${source:Version}), lsb-base, libdbi-perl, ssl-cert
++Suggests: squidclient, squid-cgi, squid-purge, resolvconf (>= 0.40), smbclient, ufw, winbindd, apparmor
  Recommends: libcap2-bin [linux-any]
--Conflicts: squid3 (<< ${binary:Version})
--Replaces: squid3
  Description: Full featured Web Proxy cache (HTTP proxy)
   Squid is a high-performance proxy caching server for web clients, supporting
   FTP, gopher, ICY and HTTP data objects.
 diff --git a/debian/patches/90-cf.data.ubuntu.patch b/debian/patches/90-cf.data.ubuntu.patch
 new file mode 100644
 index 0000000..86e412c
 --- /dev/null
 +++ b/debian/patches/90-cf.data.ubuntu.patch
@@ -0,0 +1,12 @@
++--- a/src/cf.data.pre
+++++ b/src/cf.data.pre
++@@ -4545,6 +4545,9 @@ NOCOMMENT_START
++ refresh_pattern ^ftp:		1440	20%	10080
++ refresh_pattern ^gopher:	1440	0%	1440
++ refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
+++refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
+++# example lin deb packages
+++#refresh_pattern (\.deb|\.udeb)$   129600 100% 129600
++ refresh_pattern .		0	20%	4320
++ NOCOMMENT_END
++ DOC_END
 diff --git a/debian/patches/99-ubuntu-ssl-cert-snakeoil.patch b/debian/patches/99-ubuntu-ssl-cert-snakeoil.patch
 new file mode 100644
 index 0000000..d9aa380
 --- /dev/null
 +++ b/debian/patches/99-ubuntu-ssl-cert-snakeoil.patch
@@ -0,0 +1,22 @@
++--- a/src/cf.data.pre
+++++ b/src/cf.data.pre
++@@ -2728,6 +2728,19 @@ DOC_START
++ 			If 'sslkey' is not specified 'sslcert' is assumed to
++ 			reference a combined file containing both the
++ 			certificate and the key.
+++
+++	Notes:
+++
+++	On Debian/Ubuntu systems a default snakeoil certificate is
+++    available in /etc/ssl and users can set:
+++
+++		cert=/etc/ssl/certs/ssl-cert-snakeoil.pem
+++
+++	and
+++
+++		key=/etc/ssl/private/ssl-cert-snakeoil.key
+++
+++	for testing.
++
++ 	sslversion=1|2|3|4|5|6
++ 			The SSL version to use when connecting to this peer
 diff --git a/debian/patches/gcc7-assert-wants-boolean.patch b/debian/patches/gcc7-assert-wants-boolean.patch
 new file mode 100644
 index 0000000..507285d
 --- /dev/null
 +++ b/debian/patches/gcc7-assert-wants-boolean.patch
@@ -0,0 +1,23 @@
++Origin: https://github.com/squid-cache/squid/commit/286c132b8c067449eefc842c72cdbbcf0a1c54df
++Author: Amos Jeffries <squid3@treenet.co.nz>
++Description: assert() takes a boolean
++ This was extracted from upstream's commit to address the int-in-bool-context
++ warning.
++Bug-Ubuntu: https://launchpad.net/bugs/1712668
++Bug-Debian: https://bugs.debian.org/853668
++Bug: http://bugs.squid-cache.org/show_bug.cgi?id=4671
++Last-Update: 2017-08-23
++
++diff --git a/src/DiskIO/DiskThreads/aiops.cc b/src/DiskIO/DiskThreads/aiops.cc
++index b44adfa..e11f948 100644
++--- a/src/DiskIO/DiskThreads/aiops.cc
+++++ b/src/DiskIO/DiskThreads/aiops.cc
++@@ -290,7 +290,7 @@ squidaio_init(void)
++     /* Create threads and get them to sit in their wait loop */
++     squidaio_thread_pool = memPoolCreate("aio_thread", sizeof(squidaio_thread_t));
++
++-    assert(NUMTHREADS);
+++    assert(NUMTHREADS != 0);
++
++     for (i = 0; i < NUMTHREADS; ++i) {
++         threadp = (squidaio_thread_t *)squidaio_thread_pool->alloc();
 diff --git a/debian/patches/gcc7-squidpurge-4695.patch b/debian/patches/gcc7-squidpurge-4695.patch
 new file mode 100644
 index 0000000..f3ec0bb
 --- /dev/null
 +++ b/debian/patches/gcc7-squidpurge-4695.patch
@@ -0,0 +1,29 @@
++Description: Bug 4695: squidpurge: GCC 7 build errors
++Origin: https://github.com/squid-cache/squid/commit/6a41367f4985bf1b3fcd3aa32d1dc9d0108ba350
++Author: Lubos Uhliarik <luhliari@redhat.com>
++Bug-Ubuntu: https://launchpad.net/bugs/1712668
++Bug-Debian: https://bugs.debian.org/853668
++Bug: http://bugs.squid-cache.org/show_bug.cgi?id=4695
++
++diff --git a/tools/purge/purge.cc b/tools/purge/purge.cc
++index 3ef9147..c6d1f73 100644
++--- a/tools/purge/purge.cc
+++++ b/tools/purge/purge.cc
++@@ -272,7 +272,7 @@ log_extended( const char* fn, int code, long size, const SquidMetaList* meta )
++         snprintf( md5, sizeof(md5), "%-32s", "(no_md5_data_available)" );
++     }
++
++-    char timeb[64];
+++    char timeb[256];
++     if ( meta && (findings = meta->search( STORE_META_STD )) ) {
++         StoreMetaStd temp;
++         // make data aligned, avoid SIGBUS on RISC machines (ARGH!)
++@@ -283,7 +283,7 @@ log_extended( const char* fn, int code, long size, const SquidMetaList* meta )
++     } else if ( meta && (findings = meta->search( STORE_META_STD_LFS )) ) {
++         StoreMetaStdLFS temp;
++         // make data aligned, avoid SIGBUS on RISC machines (ARGH!)
++-        memcpy( &temp, findings->data, sizeof(StoreMetaStd) );
+++        memcpy( &temp, findings->data, sizeof(StoreMetaStdLFS) );
++         snprintf( timeb, sizeof(timeb), "%08lx %08lx %08lx %08lx %04x %5hu ",
++                   (unsigned long)temp.timestamp, (unsigned long)temp.lastref,
++                   (unsigned long)temp.expires, (unsigned long)temp.lastmod, temp.flags, temp.refcount );
 diff --git a/debian/patches/series b/debian/patches/series
 index 1c214dd..fd39da5 100644
 --- a/debian/patches/series
 +++ b/debian/patches/series
@@ -1,2 +1,6 @@
++gcc7-squidpurge-4695.patch
++gcc7-assert-wants-boolean.patch
 -Default-configuration-file-for-debian.patch
 -Change-default-file-locations-for-debian.patch
++90-cf.data.ubuntu.patch
++99-ubuntu-ssl-cert-snakeoil.patch
 diff --git a/debian/rules b/debian/rules
 index 7b2322c..e13b0a1 100755
 --- a/debian/rules
 +++ b/debian/rules
@@ -2,12 +2,15 @@
  export DEB_BUILD_MAINT_OPTIONS = hardening=+all
  export DEB_CFLAGS_MAINT_APPEND = -Wall
++# see https://launchpad.net/bugs/1712668
++export DEB_CXXFLAGS_MAINT_APPEND = -Wno-error=deprecated -Wno-error=format-truncation
  export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
  include /usr/share/dpkg/buildflags.mk
  include /usr/share/cdbs/1/rules/debhelper.mk
  include /usr/share/cdbs/1/class/autotools.mk
--
++include /usr/share/cdbs/1/rules/autoreconf.mk
++
  INSTALLDIR := $(CURDIR)/debian/tmp
  datadir=/usr/share/squid
@@ -84,6 +87,10 @@ install/squid::
  	install -m 755 -g root -d $(INSTALLDIR)/usr/share/man/man1
  	mv $(INSTALLDIR)/usr/bin/purge $(INSTALLDIR)/usr/bin/squid-purge
  	install -m 644 -g root debian/squid-purge.8  $(INSTALLDIR)/usr/share/man/man8
++	install -m 755 -g root -d $(INSTALLDIR)/etc/apparmor.d/force-complain
++	install -m 755 -g root -d $(INSTALLDIR)/etc/apparmor.d/disable
++	install -m 644 -g root debian/usr.sbin.squid $(INSTALLDIR)/etc/apparmor.d
++	dh_apparmor --profile-name=usr.sbin.squid -psquid
  clean::
  	# nothing to do
 diff --git a/debian/squid.install b/debian/squid.install
 index 0f21217..003ee23 100644
 --- a/debian/squid.install
 +++ b/debian/squid.install
@@ -26,3 +26,6 @@ usr/share/man/man8/log_db_daemon.8
  usr/share/man/man8/negotiate_kerberos_auth.8
  usr/share/man/man8/storeid_file_rewrite.8
  usr/share/man/man8/squid.8
++etc/apparmor.d/disable
++etc/apparmor.d/force-complain
++etc/apparmor.d/usr.sbin.squid
 diff --git a/debian/squid.preinst b/debian/squid.preinst
 index 6b490e0..593ffa9 100644
 --- a/debian/squid.preinst
 +++ b/debian/squid.preinst
@@ -63,6 +63,21 @@ then
  	chsh -s /bin/sh proxy
  fi
++disable_profile() {
++    APP_CONFFILE="/etc/apparmor.d/usr.sbin.squid"
++    APP_DISABLE="/etc/apparmor.d/disable/usr.sbin.squid"
++    # Create a symlink to the yet-to-be-unpacked profile
++    if [ ! -e "$APP_CONFFILE" ]; then
++        mkdir -p `dirname $APP_DISABLE` 2>/dev/null || true
++        ln -sf $APP_CONFFILE $APP_DISABLE
++    fi
++}
++
++if [ "$1" = "install" ]; then
++    # Disable AppArmor profile on install
++    disable_profile
++fi
++
  # dh_installdeb will replace this with shell code automatically
  # generated by other debhelper scripts.
 diff --git a/debian/squid.rc b/debian/squid.rc
 index 1f459d5..67e6844 100644
 --- a/debian/squid.rc
 +++ b/debian/squid.rc
@@ -4,8 +4,6 @@
+ #
  # Version:	@(#)squid.rc  1.0  07-Jul-2006  luigi@debian.org
+ #
--# pidfile: /var/run/squid.pid
--#
  ### BEGIN INIT INFO
  # Provides:          squid
  # Required-Start:    $network $remote_fs $syslog
 diff --git a/debian/squid3.postinst b/debian/squid3.postinst
 index d69744a..02f4ab8 100644
 --- a/debian/squid3.postinst
 +++ b/debian/squid3.postinst
@@ -32,17 +32,6 @@ if test -d /etc/squid3 && dpkg --compare-versions "$2" lt '3.5'; then
  	fi
  fi
--case "$1" in
--	abort-upgrade|abort-remove|abort-deconfigure)
--		;;
--	*)
--		#
--		#	Unknown action - do nothing.
--		#
--		exit 0
--		;;
--esac
--
  # dh_installdeb will replace this with shell code automatically
  # generated by other debhelper scripts.
 diff --git a/debian/squid3.preinst b/debian/squid3.preinst
 index 848f286..8ab65e1 100644
 --- a/debian/squid3.preinst
 +++ b/debian/squid3.preinst
@@ -26,14 +26,6 @@ if test -d /etc/squid3 ; then
  		/etc/squid3/errorpage.css /etc/squid/errorpage.css 3.5.4-1~ squid3 -- "$@"
  fi
--case "$1" in
--	upgrade|install-upgrade)
--		;;
--	abort-upgrade)
--		exit 0
--		;;
--esac
--
  # dh_installdeb will replace this with shell code automatically
  # generated by other debhelper scripts.
 diff --git a/debian/tests/control b/debian/tests/control
 index 0b1e313..4e5b715 100644
 --- a/debian/tests/control
 +++ b/debian/tests/control
@@ -1,3 +1,7 @@
  Tests: upstream-test-suite
  Depends: @builddeps@, fakeroot, squid
  Restrictions: allow-stderr
++
++Tests: squid
++Depends: squid, squidclient, elinks, netcat, pygopherd, apparmor-utils, vsftpd
++Restrictions: needs-root
 diff --git a/debian/tests/squid b/debian/tests/squid
 new file mode 100755
 index 0000000..f17feef
 --- /dev/null
 +++ b/debian/tests/squid
@@ -0,0 +1,11 @@
++#!/bin/bash
++#--------------
++# Testing squid
++#--------------
++set -e
++
++# configure vsftpd
++sed -i "s/anonymous_enable[[:blank:]]*=[[:blank:]]*.*/anonymous_enable=YES/g" /etc/vsftpd.conf
++echo "seccomp_sandbox=NO" >> /etc/vsftpd.conf
++service vsftpd restart 2>&1 > /dev/null
++python `dirname $0`/test-squid.py 2>&1
 diff --git a/debian/tests/test-squid.py b/debian/tests/test-squid.py
 new file mode 100644
 index 0000000..943dd9a
 --- /dev/null
 +++ b/debian/tests/test-squid.py
@@ -0,0 +1,221 @@
++#!/usr/bin/python
++#
++#    test-squid.py quality assurance test script
++#    Copyright (C) 2008-2013 Canonical Ltd.
++#    Author: Jamie Strandboge <jamie@canonical.com>
++#
++#    This program is free software: you can redistribute it and/or modify
++#    it under the terms of the GNU General Public License version 2,
++#    as published by the Free Software Foundation.
++#
++#    This program is distributed in the hope that it will be useful,
++#    but WITHOUT ANY WARRANTY; without even the implied warranty of
++#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++#    GNU General Public License for more details.
++#
++#    You should have received a copy of the GNU General Public License
++#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
++#
++
++'''
++  *** IMPORTANT ***
++  DO NOT RUN ON A PRODUCTION SERVER.
++  *** IMPORTANT ***
++
++  How to run:
++    $ sudo apt-get remove --purge squid
++    $ sudo apt-get -y install squid squidclient python-unit elinks netcat
++    $ sudo ./test-squid.py -v
++
++  NOTE:
++    The host running this script needs to have access to the internet
++
++  TODO:
++    acls
++    ident
++    purge (via squidclient)
++    ...
++    squidguard:
++      - test with:
++        $ echo "http://blocked.com 1.2.3.4/- - GET -" | squidGuard -c /etc/squid/squidGuard.conf -d
++        if using a 'redirect', then the redirect URL is displayed, otherwise
++        nothing
++      - test block with the following in default acl in squidGuard.conf:
++        pass     local none
++        redirect http://www.example.com/redirected.html
++      - test pass with the following in default acl in squidGuard.conf:
++        pass     local all
++        redirect http://www.example.com/redirected.html
++      - test domains and urls with something like the following acl:
++        dest bad {
++            domainlist      test/domains
++            urllist         test/urls
++        }
++        acl {
++            default {
++                pass !bad all
++                redirect http://www.example.com/redirected.html
++            }
++        }
++
++        then create /var/lib/squidguard/db/test/domains with:
++        blocked.com
++
++        Test with:
++        $ echo "http://ok.com 1.2.3.4/- - GET -" | squidGuard -c /etc/squid/squidGuard.conf -d
++        $ echo "http://blocked.com 1.2.3.4/- - GET -" | squidGuard -c /etc/squid/squidGuard.conf -d
++'''
++
++# QRT-Packages: squid squidclient python-unit elinks netcat pygopherd apparmor-utils
++# QRT-Depends: testlib_httpd.py private/qrt/squid.py
++
++import unittest, subprocess
++import os
++import sys
++import testlib
++import testlib_httpd
++import time
++import tempfile
++
++try:
++    from private.qrt.squid import PrivateSquidTest
++except ImportError:
++    class PrivateSquidTest(object):
++        '''Empty class'''
++    print >>sys.stdout, "Skipping private tests"
++
++class BasicTest(testlib_httpd.HttpdCommon, PrivateSquidTest):
++    '''Test basic functionality'''
++    def setUp(self):
++        '''Setup mechanisms'''
++
++        # for some reason, squid on maverick is missing the init.d
++        # upstart compatibility symlink
++        if self.lsb_release['Release'] == 10.10 and not os.path.exists("/etc/init.d/squid"):
++            os.symlink("/lib/init/upstart-job", "/etc/init.d/squid")
++
++        self._set_initscript("/etc/init.d/squid")
++        if self.lsb_release['Release'] >= 12.04:
++            self._set_initscript("squid")
++
++        testlib_httpd.HttpdCommon._setUp(self)
++
++        self.gophermap = "/var/gopher/gophermap"
++
++        self.aa_profile = "usr.sbin.squid"
++        self.aa_abs_profile = "/etc/apparmor.d/%s" % self.aa_profile
++        self.version_with_apparmor = 12.10
++        # This hack is only used until we have tests run both confined and
++        # unconfined
++        self.aa_unload_at_teardown = False
++
++    def tearDown(self):
++        '''Shutdown methods'''
++        testlib_httpd.HttpdCommon._tearDown(self)
++        testlib.config_restore(self.gophermap)
++
++    def test_daemons(self):
++        '''Test daemon'''
++        pidfile = "/run/squid.pid"
++        exe = "squid"
++
++        if self.lsb_release['Release'] < 12.04:
++            pidfile = "/var/run/squid.pid"
++            exe = "squid"
++
++        self.assertTrue(testlib.check_pidfile(exe, pidfile))
++
++    def test_http_proxy(self):
++        '''Test http'''
++        self._test_url_proxy("http://www.ubuntu.com/", "Canonical", "http://localhost:3128/")
++
++    def test_https_proxy(self):
++        '''Test https'''
++        self._test_url_proxy("https://wiki.ubuntu.com/", "Community", "http://localhost:3128/")
++
++    def test_ftp_proxy(self):
++        '''Test ftp'''
++        self._test_url_proxy("ftp://anonymous@localhost:21", "irectory", "http://localhost:3128/")
++
++    def test_squidclient(self):
++        '''Test squidclient'''
++        urls = ['http://www.ubuntu.com/', 'https://wiki.ubuntu.com/', \
++            'ftp://anonymous@localhost:21', 'gopher://127.0.0.1']
++
++        for url in urls:
++            rc, report = testlib.cmd(['squidclient', '-h', '127.0.0.1', '-p', '3128', '-r', url])
++            expected = 0
++            result = 'Got exit code %d, expected %d\n' % (rc, expected)
++            self.assertEquals(expected, rc, result + report)
++
++    def test_CVE_2011_3205(self):
++        '''Test parsing lines > 4096 in length (CVE-2011-3205)'''
++
++        longline = "ABCDEF" * 4096
++
++        testlib.config_replace(self.gophermap, """Welcome to Pygopherd!  You can place your documents
++in /var/gopher for future use.  You can remove the gophermap
++file there to get rid of this message, or you can edit it to
++use other things.  (You'll need to do at least one of these
++two things in order to get your own data to show up!)
++
++%s
++
++Some links to get you started:
++
++1Pygopherd Home /devel/gopher/pygopherd gopher.quux.org 70
++1Quux.Org Mega Server   /   gopher.quux.org 70
++1The Gopher Project /Software/Gopher    gopher.quux.org 70
++1Traditional UMN Home Gopher    /   gopher.tc.umn.edu   70
++
++Welcome to the world of Gopher and enjoy!
++""" %(longline), append=False)
++
++        rc, report = testlib.cmd(['squidclient', '-h', '127.0.0.1', '-p', '3128', '-r', "gopher://127.0.0.1"])
++        expected = 0
++        result = 'Got exit code %d, expected %d\n' % (rc, expected)
++        self.assertEquals(expected, rc, result + report)
++
++    # Run this last so if we enable the profile then we don't unload it
++    def test_zz_apparmor(self):
++        '''Test apparmor'''
++        if self.lsb_release['Release'] < 12.10:
++            self._skipped("No profile in 12.04 and under")
++
++        self.aa_unload_at_teardown = True
++
++        # Currently while we have a profile, it is shipped disabled by default.
++        # Verify that.
++        rc, report = testlib.check_apparmor(self.aa_abs_profile, 12.10, is_running=False)
++        expected = 1
++        result = 'Got exit code %d, expected %d\n' % (rc, expected)
++        self.assertEquals(rc, expected, result + report)
++
++        # Verify it is syntactically correct
++        rc, report = testlib.cmd(['apparmor_parser', '-p', self.aa_abs_profile])
++        expected = 0
++        result = 'Got exit code %d, expected %d\n' % (rc, expected)
++        self.assertEquals(rc, expected, result + report)
++
++        # Verify it loads ok
++        rc, report = testlib.cmd(['aa-enforce', self.aa_abs_profile])
++        expected = 0
++        result = 'Got exit code %d, expected %d\n' % (rc, expected)
++        self.assertEquals(rc, expected, result + report)
++
++        self._stop()
++        self._start()
++
++        rc, report = testlib.check_apparmor(self.aa_abs_profile, 12.10, is_running=True)
++        expected = 1
++        result = 'Got exit code %d, expected %d\n' % (rc, expected)
++        self.assertEquals(rc, expected, result + report)
++
++
++if __name__ == '__main__':
++    suite = unittest.TestSuite()
++    suite.addTest(unittest.TestLoader().loadTestsFromTestCase(BasicTest))
++
++    rc = unittest.TextTestRunner(verbosity=2).run(suite)
++    if not rc.wasSuccessful():
++        sys.exit(1)
 diff --git a/debian/tests/testlib.py b/debian/tests/testlib.py
 new file mode 100644
 index 0000000..4e51f3d
 --- /dev/null
 +++ b/debian/tests/testlib.py
@@ -0,0 +1,1133 @@
++#
++#    testlib.py quality assurance test script
++#    Copyright (C) 2008-2011 Canonical Ltd.
++#
++#    This library is free software; you can redistribute it and/or
++#    modify it under the terms of the GNU Library General Public
++#    License as published by the Free Software Foundation; either
++#    version 2 of the License.
++#
++#    This library is distributed in the hope that it will be useful,
++#    but WITHOUT ANY WARRANTY; without even the implied warranty of
++#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++#    Library General Public License for more details.
++#
++#    You should have received a copy of the GNU Library General Public
++#    License along with this program.  If not, see
++#    <http://www.gnu.org/licenses/>.
++#
++
++'''Common classes and functions for package tests.'''
++
++import string, random, crypt, subprocess, pwd, grp,  signal, time, unittest, tempfile, shutil, os, os.path, re, glob
++import sys, socket, gzip
++from stat import *
++from encodings import string_escape
++
++import warnings
++warnings.filterwarnings('ignore', message=r'.*apt_pkg\.TagFile.*', category=DeprecationWarning)
++try:
++    import apt_pkg
++    apt_pkg.InitSystem();
++except:
++    # On non-Debian system, fall back to simple comparison without debianisms
++    class apt_pkg(object):
++        def VersionCompare(one, two):
++            list_one = one.split('.')
++            list_two = two.split('.')
++            while len(list_one)>0 and len(list_two)>0:
++                if list_one[0] > list_two[0]:
++                    return 1
++                if list_one[0] < list_two[0]:
++                    return -1
++                list_one.pop(0)
++                list_two.pop(0)
++            return 0
++
++bogus_nxdomain = "208.69.32.132"
++
++# http://www.chiark.greenend.org.uk/ucgi/~cjwatson/blosxom/2009-07-02-python-sigpipe.html
++# This is needed so that the subprocesses that produce endless output
++# actually quit when the reader goes away.
++import signal
++def subprocess_setup():
++    # Python installs a SIGPIPE handler by default. This is usually not what
++    # non-Python subprocesses expect.
++    signal.signal(signal.SIGPIPE, signal.SIG_DFL)
++
++class TimedOutException(Exception):
++    def __init__(self, value = "Timed Out"):
++        self.value = value
++    def __str__(self):
++        return repr(self.value)
++
++def _restore_backup(path):
++    pathbackup = path + '.autotest'
++    if os.path.exists(pathbackup):
++        shutil.move(pathbackup, path)
++
++def _save_backup(path):
++    pathbackup = path + '.autotest'
++    if os.path.exists(path) and not os.path.exists(pathbackup):
++        shutil.copy2(path, pathbackup)
++        # copy2 does not copy ownership, so do it here.
++        # Reference: http://docs.python.org/library/shutil.html
++        a = os.stat(path)
++        os.chown(pathbackup, a[4], a[5])
++
++def config_copydir(path):
++    if os.path.exists(path) and not os.path.isdir(path):
++        raise OSError, "'%s' is not a directory" % (path)
++    _restore_backup(path)
++
++    pathbackup = path + '.autotest'
++    if os.path.exists(path):
++        shutil.copytree(path, pathbackup, symlinks=True)
++
++def config_replace(path,contents,append=False):
++    '''Replace (or append) to a config file'''
++    _restore_backup(path)
++    if os.path.exists(path):
++        _save_backup(path)
++        if append:
++            contents = file(path).read() + contents
++    open(path, 'w').write(contents)
++
++def config_comment(path, field):
++    _save_backup(path)
++    contents = ""
++    for line in file(path):
++        if re.search("^\s*%s\s*=" % (field), line):
++            line = "#" + line
++        contents += line
++
++    open(path+'.new', 'w').write(contents)
++    os.rename(path+'.new', path)
++
++def config_set(path, field, value, spaces=True):
++    _save_backup(path)
++    contents = ""
++    if spaces==True:
++        setting = '%s = %s\n' % (field, value)
++    else:
++        setting = '%s=%s\n' % (field, value)
++    found = False
++    for line in file(path):
++        if re.search("^\s*%s\s*=" % (field), line):
++            found = True
++            line = setting
++        contents += line
++    if not found:
++        contents += setting
++
++    open(path+'.new', 'w').write(contents)
++    os.rename(path+'.new', path)
++
++def config_patch(path, patch, depth=1):
++    '''Patch a config file'''
++    _restore_backup(path)
++    _save_backup(path)
++
++    handle, name = mkstemp_fill(patch)
++    rc = subprocess.call(['/usr/bin/patch', '-p%s' %(depth), path], stdin=handle, stdout=subprocess.PIPE)
++    os.unlink(name)
++    if rc != 0:
++        raise Exception("Patch failed")
++
++def config_restore(path):
++    '''Rename a replaced config file back to its initial state'''
++    _restore_backup(path)
++
++def timeout(secs, f, *args):
++    def handler(signum, frame):
++        raise TimedOutException()
++
++    old = signal.signal(signal.SIGALRM, handler)
++    result = None
++    signal.alarm(secs)
++    try:
++        result = f(*args)
++    finally:
++        signal.alarm(0)
++        signal.signal(signal.SIGALRM, old)
++
++    return result
++
++def require_nonroot():
++    if os.geteuid() == 0:
++        print >>sys.stderr, "This series of tests should be run as a regular user with sudo access, not as root."
++        sys.exit(1)
++
++def require_root():
++    if os.geteuid() != 0:
++        print >>sys.stderr, "This series of tests should be run with root privileges (e.g. via sudo)."
++        sys.exit(1)
++
++def require_sudo():
++    if os.geteuid() != 0 or os.environ.get('SUDO_USER', None) == None:
++        print >>sys.stderr, "This series of tests must be run under sudo."
++        sys.exit(1)
++    if os.environ['SUDO_USER'] == 'root':
++        print >>sys.stderr, 'Please run this test using sudo from a regular user. (You ran sudo from root.)'
++        sys.exit(1)
++
++def random_string(length,lower=False):
++    '''Return a random string, consisting of ASCII letters, with given
++    length.'''
++
++    s = ''
++    selection = string.letters
++    if lower:
++        selection = string.lowercase
++    maxind = len(selection)-1
++    for l in range(length):
++        s += selection[random.randint(0, maxind)]
++    return s
++
++def mkstemp_fill(contents,suffix='',prefix='testlib-',dir=None):
++    '''As tempfile.mkstemp does, return a (file, name) pair, but with
++    prefilled contents.'''
++
++    handle, name = tempfile.mkstemp(suffix=suffix,prefix=prefix,dir=dir)
++    os.close(handle)
++    handle = file(name,"w+")
++    handle.write(contents)
++    handle.flush()
++    handle.seek(0)
++
++    return handle, name
++
++def create_fill(path, contents, mode=0644):
++    '''Safely create a page'''
++    # make the temp file in the same dir as the destination file so we
++    # don't get invalid cross-device link errors when we rename
++    handle, name = mkstemp_fill(contents, dir=os.path.dirname(path))
++    handle.close()
++    os.rename(name, path)
++    os.chmod(path, mode)
++
++def login_exists(login):
++    '''Checks whether the given login exists on the system.'''
++
++    try:
++        pwd.getpwnam(login)
++        return True
++    except KeyError:
++        return False
++
++def group_exists(group):
++    '''Checks whether the given login exists on the system.'''
++
++    try:
++        grp.getgrnam(group)
++        return True
++    except KeyError:
++        return False
++
++def recursive_rm(dirPath, contents_only=False):
++    '''recursively remove directory'''
++    names = os.listdir(dirPath)
++    for name in names:
++        path = os.path.join(dirPath, name)
++        if os.path.islink(path) or not os.path.isdir(path):
++            os.unlink(path)
++        else:
++            recursive_rm(path)
++    if contents_only == False:
++        os.rmdir(dirPath)
++
++def check_pidfile(exe, pidfile):
++    '''Checks if pid in pidfile is running'''
++    if not os.path.exists(pidfile):
++        return False
++
++    # get the pid
++    try:
++        fd = open(pidfile, 'r')
++        pid = fd.readline().rstrip('\n')
++        fd.close()
++    except:
++        return False
++
++    return check_pid(exe, pid)
++
++def check_pid(exe, pid):
++    '''Checks if pid is running'''
++
++    exelink = "/proc/%s/exe" % (str(pid))
++    if not os.path.exists(exelink):
++        return False
++    pidexe = os.path.basename(os.readlink(exelink))
++    if pidexe == exe:
++        return True
++    sys.stderr.write('check_pid(%s): expected %s, got %s' % (pid, exe, pidexe))
++    return False
++
++def check_port(port, proto, ver=4):
++    '''Check if something is listening on the specified port.
++       WARNING: for some reason this does not work with a bind mounted /proc
++    '''
++    assert (port >= 1)
++    assert (port <= 65535)
++    assert (proto.lower() == "tcp" or proto.lower() == "udp")
++    assert (ver == 4 or ver == 6)
++
++    fn = "/proc/net/%s" % (proto)
++    if ver == 6:
++        fn += str(ver)
++
++    rc, report = cmd(['cat', fn])
++    assert (rc == 0)
++
++    hport = "%0.4x" % port
++
++    if re.search(': [0-9a-f]{8}:%s [0-9a-f]' % str(hport).lower(), report.lower()):
++        return True
++    return False
++
++def get_arch():
++    '''Get the current architecture'''
++    rc, report = cmd(['uname', '-m'])
++    assert (rc == 0)
++    return report.strip()
++
++def get_memory():
++    '''Gets total ram and swap'''
++    meminfo = "/proc/meminfo"
++    memtotal = 0
++    swaptotal = 0
++    if not os.path.exists(meminfo):
++        return (False, False)
++
++    try:
++        fd = open(meminfo, 'r')
++        for line in fd.readlines():
++            splitline = line.split()
++            if splitline[0] == 'MemTotal:':
++                memtotal = int(splitline[1])
++            elif splitline[0] == 'SwapTotal:':
++                swaptotal = int(splitline[1])
++        fd.close()
++    except:
++        return (False, False)
++
++    return (memtotal,swaptotal)
++
++def is_running_in_vm():
++    '''Check if running under a VM'''
++    # add other virtualization environments here
++    for search in ['QEMU Virtual CPU']:
++        rc, report = cmd_pipe(['dmesg'], ['grep', search])
++        if rc == 0:
++            return True
++    return False
++
++def ubuntu_release():
++    '''Get the Ubuntu release'''
++    f = "/etc/lsb-release"
++    try:
++        size = os.stat(f)[ST_SIZE]
++    except:
++        return "UNKNOWN"
++
++    if size > 1024*1024:
++        raise IOError, 'Could not open "%s" (too big)' % f
++
++    try:
++        fh = open("/etc/lsb-release", 'r')
++    except:
++        raise
++
++    lines = fh.readlines()
++    fh.close()
++
++    pat = re.compile(r'DISTRIB_CODENAME')
++    for line in lines:
++        if pat.search(line):
++            return line.split('=')[1].rstrip('\n').rstrip('\r')
++
++    return "UNKNOWN"
++
++def cmd(command, input = None, stderr = subprocess.STDOUT, stdout = subprocess.PIPE, stdin = None, timeout = None):
++    '''Try to execute given command (array) and return its stdout, or return
++    a textual error if it failed.'''
++
++    try:
++        sp = subprocess.Popen(command, stdin=stdin, stdout=stdout, stderr=stderr, close_fds=True, preexec_fn=subprocess_setup)
++    except OSError, e:
++        return [127, str(e)]
++
++    out, outerr = sp.communicate(input)
++    # Handle redirection of stdout
++    if out == None:
++        out = ''
++    # Handle redirection of stderr
++    if outerr == None:
++        outerr = ''
++    return [sp.returncode,out+outerr]
++
++def cmd_pipe(command1, command2, input = None, stderr = subprocess.STDOUT, stdin = None):
++    '''Try to pipe command1 into command2.'''
++    try:
++        sp1 = subprocess.Popen(command1, stdin=stdin, stdout=subprocess.PIPE, stderr=stderr, close_fds=True)
++        sp2 = subprocess.Popen(command2, stdin=sp1.stdout, stdout=subprocess.PIPE, stderr=stderr, close_fds=True)
++    except OSError, e:
++        return [127, str(e)]
++
++    out = sp2.communicate(input)[0]
++    return [sp2.returncode,out]
++
++def cwd_has_enough_space(cdir, total_bytes):
++    '''Determine if the partition of the current working directory has 'bytes'
++       free.'''
++    rc, df_output = cmd(['df'])
++    result = 'Got exit code %d, expected %d\n' % (rc, 0)
++    if rc != 0:
++        return False
++
++    kb = total_bytes / 1024
++
++    mounts = dict()
++    for line in df_output.splitlines():
++        if '/' not in line:
++            continue
++        tmp = line.split()
++        mounts[tmp[5]] = int(tmp[3])
++
++    cdir = os.getcwd()
++    while cdir != '/':
++        if not mounts.has_key(cdir):
++            cdir = os.path.dirname(cdir)
++            continue
++        if kb < mounts[cdir]:
++            return True
++        else:
++            return False
++
++    if kb < mounts['/']:
++        return True
++
++    return False
++
++def get_md5(filename):
++    '''Gets the md5sum of the file specified'''
++
++    (rc, report) = cmd(["/usr/bin/md5sum", "-b", filename])
++    expected = 0
++    assert (expected == rc)
++
++    return report.split(' ')[0]
++
++def dpkg_compare_installed_version(pkg, check, version):
++    '''Gets the version for the installed package, and compares it to the
++       specified version.
++    '''
++    (rc, report) = cmd(["/usr/bin/dpkg", "-s", pkg])
++    assert (rc == 0)
++    assert ("Status: install ok installed" in report)
++    installed_version = ""
++    for line in report.splitlines():
++        if line.startswith("Version: "):
++            installed_version = line.split()[1]
++
++    assert (installed_version != "")
++
++    (rc, report) = cmd(["/usr/bin/dpkg", "--compare-versions", installed_version, check, version])
++    assert (rc == 0 or rc == 1)
++    if rc == 0:
++        return True
++    return False
++
++def prepare_source(source, builder, cached_src, build_src, patch_system):
++    '''Download and unpack source package, installing necessary build depends,
++       adjusting the permissions for the 'builder' user, and returning the
++       directory of the unpacked source. Patch system can be one of:
++       - cdbs
++       - dpatch
++       - quilt
++       - quiltv3
++       - None (not the string)
++
++       This is normally used like this:
++
++       def setUp(self):
++           ...
++           self.topdir = os.getcwd()
++           self.cached_src = os.path.join(os.getcwd(), "source")
++           self.tmpdir = tempfile.mkdtemp(prefix='testlib', dir='/tmp')
++           self.builder = testlib.TestUser()
++           testlib.cmd(['chgrp', self.builder.login, self.tmpdir])
++           os.chmod(self.tmpdir, 0775)
++
++       def tearDown(self):
++           ...
++           self.builder = None
++           self.topdir = os.getcwd()
++           if os.path.exists(self.tmpdir):
++               testlib.recursive_rm(self.tmpdir)
++
++       def test_suite_build(self):
++           ...
++           build_dir = testlib.prepare_source('foo', \
++                                         self.builder, \
++                                         self.cached_src, \
++                                         os.path.join(self.tmpdir, \
++                                           os.path.basename(self.cached_src)),
++                                         "quilt")
++           os.chdir(build_dir)
++
++           # Example for typical build, adjust as necessary
++           print ""
++           print "  make clean"
++           rc, report = testlib.cmd(['sudo', '-u', self.builder.login, 'make', 'clean'])
++
++           print "  configure"
++           rc, report = testlib.cmd(['sudo', '-u', self.builder.login, './configure', '--prefix=%s' % self.tmpdir, '--enable-debug'])
++
++           print "  make (will take a while)"
++           rc, report = testlib.cmd(['sudo', '-u', self.builder.login, 'make'])
++
++           print "  make check (will take a while)",
++           rc, report = testlib.cmd(['sudo', '-u', self.builder.login, 'make', 'check'])
++           expected = 0
++           result = 'Got exit code %d, expected %d\n' % (rc, expected)
++           self.assertEquals(expected, rc, result + report)
++
++        def test_suite_cleanup(self):
++            ...
++            if os.path.exists(self.cached_src):
++                testlib.recursive_rm(self.cached_src)
++
++       It is up to the caller to clean up cached_src and build_src (as in the
++       above example, often the build_src is in a tmpdir that is cleaned in
++       tearDown() and the cached_src is cleaned in a one time clean-up
++       operation (eg 'test_suite_cleanup()) which must be run after the build
++       suite test (obviously).
++       '''
++
++    # Make sure we have a clean slate
++    assert (os.path.exists(os.path.dirname(build_src)))
++    assert (not os.path.exists(build_src))
++
++    cdir = os.getcwd()
++    if os.path.exists(cached_src):
++        shutil.copytree(cached_src, build_src)
++        os.chdir(build_src)
++    else:
++        # Only install the build dependencies on the initial setup
++        rc, report = cmd(['apt-get','-y','--force-yes','build-dep',source])
++        assert (rc == 0)
++
++        os.makedirs(build_src)
++        os.chdir(build_src)
++
++        # These are always needed
++        pkgs = ['build-essential', 'dpkg-dev', 'fakeroot']
++        rc, report = cmd(['apt-get','-y','--force-yes','install'] + pkgs)
++        assert (rc == 0)
++
++        rc, report = cmd(['apt-get','source',source])
++        assert (rc == 0)
++        shutil.copytree(build_src, cached_src)
++
++    unpacked_dir = os.path.join(build_src, glob.glob('%s-*' % source)[0])
++
++    # Now apply the patches. Do it here so that we don't mess up our cached
++    # sources.
++    os.chdir(unpacked_dir)
++    assert (patch_system in ['cdbs', 'dpatch', 'quilt', 'quiltv3', None])
++    if patch_system != None and patch_system != "quiltv3":
++        if patch_system == "quilt":
++            os.environ.setdefault('QUILT_PATCHES','debian/patches')
++            rc, report = cmd(['quilt', 'push', '-a'])
++            assert (rc == 0)
++        elif patch_system == "cdbs":
++            rc, report = cmd(['./debian/rules', 'apply-patches'])
++            assert (rc == 0)
++        elif patch_system == "dpatch":
++            rc, report = cmd(['dpatch', 'apply-all'])
++            assert (rc == 0)
++
++    cmd(['chown', '-R', '%s:%s' % (builder.uid, builder.gid), build_src])
++    os.chdir(cdir)
++
++    return unpacked_dir
++
++def _aa_status():
++    '''Get aa-status output'''
++    exe = "/usr/sbin/aa-status"
++    assert (os.path.exists(exe))
++    if os.geteuid() == 0:
++        return cmd([exe])
++    return cmd(['sudo', exe])
++
++def is_apparmor_loaded(path):
++    '''Check if profile is loaded'''
++    rc, report = _aa_status()
++    if rc != 0:
++        return False
++
++    for line in report.splitlines():
++        if line.endswith(path):
++            return True
++    return False
++
++def is_apparmor_confined(path):
++    '''Check if application is confined'''
++    rc, report = _aa_status()
++    if rc != 0:
++        return False
++
++    for line in report.splitlines():
++        if re.search('%s \(' % path, line):
++            return True
++    return False
++
++def check_apparmor(path, first_ubuntu_release, is_running=True):
++    '''Check if path is loaded and confined for everything higher than the
++       first Ubuntu release specified.
++
++       Usage:
++        rc, report = testlib.check_apparmor('/usr/sbin/foo', 8.04, is_running=True)
++        if rc < 0:
++            return self._skipped(report)
++
++        expected = 0
++        result = 'Got exit code %d, expected %d\n' % (rc, expected)
++        self.assertEquals(expected, rc, result + report)
++     '''
++    global manager
++    rc = -1
++
++    if manager.lsb_release["Release"] < first_ubuntu_release:
++        return (rc, "Skipped apparmor check")
++
++    if not os.path.exists('/sbin/apparmor_parser'):
++        return (rc, "Skipped (couldn't find apparmor_parser)")
++
++    rc = 0
++    msg = ""
++    if not is_apparmor_loaded(path):
++        rc = 1
++        msg = "Profile not loaded for '%s'" % path
++
++    # this check only makes sense it the 'path' is currently executing
++    if is_running and rc == 0 and not is_apparmor_confined(path):
++        rc = 1
++        msg = "'%s' is not running in enforce mode" % path
++
++    return (rc, msg)
++
++def get_gcc_version(gcc, full=True):
++    gcc_version = 'none'
++    if not gcc.startswith('/'):
++        gcc = '/usr/bin/%s' % (gcc)
++    if os.path.exists(gcc):
++        gcc_version = 'unknown'
++        lines = cmd([gcc,'-v'])[1].strip().splitlines()
++        version_lines = [x for x in lines if x.startswith('gcc version')]
++        if len(version_lines) == 1:
++            gcc_version = " ".join(version_lines[0].split()[2:])
++    if not full:
++        return gcc_version.split()[0]
++    return gcc_version
++
++def is_kdeinit_running():
++    '''Test if kdeinit is running'''
++    # applications that use kdeinit will spawn it if it isn't running in the
++    # test. This is a problem because it does not exit. This is a helper to
++    # check for it.
++    rc, report = cmd(['ps', 'x'])
++    if 'kdeinit4 Running' not in report:
++        print >>sys.stderr, ("kdeinit not running (you may start/stop any KDE application then run this script again)")
++        return False
++    return True
++
++def get_pkgconfig_flags(libs=[]):
++    '''Find pkg-config flags for libraries'''
++    assert (len(libs) > 0)
++    rc, pkg_config = cmd(['pkg-config', '--cflags', '--libs'] + libs)
++    expected = 0
++    if rc != expected:
++        print >>sys.stderr, 'Got exit code %d, expected %d\n' % (rc, expected)
++    assert(rc == expected)
++    return pkg_config.split()
++
++class TestDaemon:
++    '''Helper class to manage daemons consistently'''
++    def __init__(self, init):
++        '''Setup daemon attributes'''
++        self.initscript = init
++
++    def start(self):
++        '''Start daemon'''
++        rc, report = cmd([self.initscript, 'start'])
++        expected = 0
++        result = 'Got exit code %d, expected %d\n' % (rc, expected)
++        time.sleep(2)
++        if expected != rc:
++            return (False, result + report)
++
++        if "fail" in report:
++            return (False, "Found 'fail' in report\n" + report)
++
++        return (True, "")
++
++    def stop(self):
++        '''Stop daemon'''
++        rc, report = cmd([self.initscript, 'stop'])
++        expected = 0
++        result = 'Got exit code %d, expected %d\n' % (rc, expected)
++        if expected != rc:
++            return (False, result + report)
++
++        if "fail" in report:
++            return (False, "Found 'fail' in report\n" + report)
++
++        return (True, "")
++
++    def reload(self):
++        '''Reload daemon'''
++        rc, report = cmd([self.initscript, 'force-reload'])
++        expected = 0
++        result = 'Got exit code %d, expected %d\n' % (rc, expected)
++        if expected != rc:
++            return (False, result + report)
++
++        if "fail" in report:
++            return (False, "Found 'fail' in report\n" + report)
++
++        return (True, "")
++
++    def restart(self):
++        '''Restart daemon'''
++        (res, str) = self.stop()
++        if not res:
++            return (res, str)
++
++        (res, str) = self.start()
++        if not res:
++            return (res, str)
++
++        return (True, "")
++
++    def status(self):
++        '''Check daemon status'''
++        rc, report = cmd([self.initscript, 'status'])
++        expected = 0
++        result = 'Got exit code %d, expected %d\n' % (rc, expected)
++        if expected != rc:
++            return (False, result + report)
++
++        if "fail" in report:
++            return (False, "Found 'fail' in report\n" + report)
++
++        return (True, "")
++
++class TestlibManager(object):
++    '''Singleton class used to set up per-test-run information'''
++    def __init__(self):
++        # Set glibc aborts to dump to stderr instead of the tty so test output
++        # is more sane.
++        os.environ.setdefault('LIBC_FATAL_STDERR_','1')
++
++        # check verbosity
++        self.verbosity = False
++        if (len(sys.argv) > 1 and '-v' in sys.argv[1:]):
++            self.verbosity = True
++
++        # Load LSB release file
++        self.lsb_release = dict()
++        if not os.path.exists('/usr/bin/lsb_release') and not os.path.exists('/bin/lsb_release'):
++            raise OSError, "Please install 'lsb-release'"
++        for line in subprocess.Popen(['lsb_release','-a'],stdout=subprocess.PIPE,stderr=subprocess.PIPE).communicate()[0].splitlines():
++            field, value = line.split(':',1)
++            value=value.strip()
++            field=field.strip()
++            # Convert numerics
++            try:
++                value = float(value)
++            except:
++                pass
++            self.lsb_release.setdefault(field,value)
++
++        # FIXME: hack OEM releases into known-Ubuntu versions
++        if self.lsb_release['Distributor ID'] == "HP MIE (Mobile Internet Experience)":
++            if self.lsb_release['Release'] == 1.0:
++                self.lsb_release['Distributor ID'] = "Ubuntu"
++                self.lsb_release['Release'] = 8.04
++            else:
++                raise OSError, "Unknown version of HP MIE"
++
++        # FIXME: hack to assume a most-recent release if we're not
++        # running under Ubuntu.
++        if self.lsb_release['Distributor ID'] not in ["Ubuntu","Linaro"]:
++            self.lsb_release['Release'] = 10000
++        # Adjust Linaro release to pretend to be Ubuntu
++        if self.lsb_release['Distributor ID'] in ["Linaro"]:
++       	    self.lsb_release['Distributor ID'] = "Ubuntu"
++            self.lsb_release['Release'] -= 0.01
++
++        # Load arch
++        if not os.path.exists('/usr/bin/dpkg'):
++            machine = cmd(['uname','-m'])[1].strip()
++            if machine.endswith('86'):
++                self.dpkg_arch = 'i386'
++            elif machine.endswith('_64'):
++                self.dpkg_arch = 'amd64'
++            elif machine.startswith('arm'):
++                self.dpkg_arch = 'armel'
++            else:
++                raise ValueError, "Unknown machine type '%s'" % (machine)
++        else:
++            self.dpkg_arch = cmd(['dpkg','--print-architecture'])[1].strip()
++
++        # Find kernel version
++        self.kernel_is_ubuntu = False
++        self.kernel_version_signature = None
++        self.kernel_version = cmd(["uname","-r"])[1].strip()
++        versig = '/proc/version_signature'
++        if os.path.exists(versig):
++            self.kernel_is_ubuntu = True
++            self.kernel_version_signature = file(versig).read().strip()
++            self.kernel_version_ubuntu = self.kernel_version
++        elif os.path.exists('/usr/bin/dpkg'):
++            # this can easily be inaccurate but is only an issue for Dapper
++            rc, out = cmd(['dpkg','-l','linux-image-%s' % (self.kernel_version)])
++            if rc == 0:
++                self.kernel_version_signature = out.strip().split('\n').pop().split()[2]
++                self.kernel_version_ubuntu = self.kernel_version_signature
++        if self.kernel_version_signature == None:
++            # Attempt to fall back to something for non-Debian-based
++            self.kernel_version_signature = self.kernel_version
++            self.kernel_version_ubuntu = self.kernel_version
++        # Build ubuntu version without hardware suffix
++        try:
++            self.kernel_version_ubuntu = "-".join([x for x in self.kernel_version_signature.split(' ')[1].split('-') if re.search('^[0-9]', x)])
++        except:
++            pass
++
++        # Find gcc version
++        self.gcc_version = get_gcc_version('gcc')
++
++        # Find libc
++        self.path_libc = [x.split()[2] for x in cmd(['ldd','/bin/ls'])[1].splitlines() if x.startswith('\tlibc.so.')][0]
++
++        # Report self
++        if self.verbosity:
++            kernel = self.kernel_version_ubuntu
++            if kernel != self.kernel_version_signature:
++                kernel += " (%s)" % (self.kernel_version_signature)
++            print >>sys.stdout, "Running test: '%s' distro: '%s %.2f' kernel: '%s' arch: '%s' uid: %d/%d SUDO_USER: '%s')" % ( \
++                sys.argv[0],
++                self.lsb_release['Distributor ID'],
++                self.lsb_release['Release'],
++                kernel,
++                self.dpkg_arch,
++                os.geteuid(), os.getuid(),
++                os.environ.get('SUDO_USER', ''))
++            sys.stdout.flush()
++
++        # Additional heuristics
++        #if os.environ.get('SUDO_USER', os.environ.get('USER', '')) in ['mdeslaur']:
++        #    sys.stdout.write("Replying to Marc Deslauriers in http://launchpad.net/bugs/%d: " % random.randint(600000, 980000))
++        #    sys.stdout.flush()
++        #    time.sleep(0.5)
++        #    sys.stdout.write("destroyed\n")
++        #    time.sleep(0.5)
++
++    def hello(self, msg):
++        print >>sys.stderr, "Hello from %s" % (msg)
++# The central instance
++manager = TestlibManager()
++
++class TestlibCase(unittest.TestCase):
++    def __init__(self, *args):
++        '''This is called for each TestCase test instance, which isn't much better
++           than SetUp.'''
++
++        unittest.TestCase.__init__(self, *args)
++
++        # Attach to and duplicate dicts from manager singleton
++        self.manager = manager
++        #self.manager.hello(repr(self) + repr(*args))
++        self.my_verbosity = self.manager.verbosity
++        self.lsb_release = self.manager.lsb_release
++        self.dpkg_arch = self.manager.dpkg_arch
++        self.kernel_version = self.manager.kernel_version
++        self.kernel_version_signature = self.manager.kernel_version_signature
++        self.kernel_version_ubuntu = self.manager.kernel_version_ubuntu
++        self.kernel_is_ubuntu = self.manager.kernel_is_ubuntu
++        self.gcc_version = self.manager.gcc_version
++        self.path_libc = self.manager.path_libc
++
++    def version_compare(self, one, two):
++        return apt_pkg.VersionCompare(one,two)
++
++    def assertFileType(self, filename, filetype):
++        '''Checks the file type of the file specified'''
++
++        (rc, report, out) = self._testlib_shell_cmd(["/usr/bin/file", "-b", filename])
++        out = out.strip()
++        expected = 0
++        # Absolutely no idea why this happens on Hardy
++        if self.lsb_release['Release'] == 8.04 and rc == 255 and len(out) > 0:
++            rc = 0
++        result = 'Got exit code %d, expected %d:\n%s\n' % (rc, expected, report)
++        self.assertEquals(expected, rc, result)
++
++        filetype = '^%s$' % (filetype)
++        result = 'File type reported by file: [%s], expected regex: [%s]\n' % (out, filetype)
++        self.assertNotEquals(None, re.search(filetype, out), result)
++
++    def yank_commonname_from_cert(self, certfile):
++        '''Extract the commonName from a given PEM'''
++        rc, out = cmd(['openssl','asn1parse','-in',certfile])
++        if rc == 0:
++            ready = False
++            for line in out.splitlines():
++                if ready:
++                    return line.split(':')[-1]
++                if ':commonName' in line:
++                    ready = True
++        return socket.getfqdn()
++
++    def announce(self, text):
++        if self.my_verbosity:
++            print >>sys.stdout, "(%s) " % (text),
++            sys.stdout.flush()
++
++    def make_clean(self):
++        rc, output = self.shell_cmd(['make','clean'])
++        self.assertEquals(rc, 0, output)
++
++    def get_makefile_compiler(self):
++        # Find potential compiler name
++        compiler = 'gcc'
++        if os.path.exists('Makefile'):
++            for line in open('Makefile'):
++                if line.startswith('CC') and '=' in line:
++                    items = [x.strip() for x in line.split('=')]
++                    if items[0] == 'CC':
++                        compiler = items[1]
++                        break
++        return compiler
++
++    def make_target(self, target, expected=0):
++        '''Compile a target and report output'''
++
++        compiler = self.get_makefile_compiler()
++        rc, output = self.shell_cmd(['make',target])
++        self.assertEquals(rc, expected, 'rc(%d)!=%d:\n' % (rc, expected) + output)
++        self.assertTrue('%s ' % (compiler) in output, 'Expected "%s":' % (compiler) + output)
++        return output
++
++    # call as   return testlib.skipped()
++    def _skipped(self, reason=""):
++        '''Provide a visible way to indicate that a test was skipped'''
++        if reason != "":
++            reason = ': %s' % (reason)
++        self.announce("skipped%s" % (reason))
++        return False
++
++    def _testlib_shell_cmd(self,args,stdin=None, stdout=subprocess.PIPE, stderr=subprocess.STDOUT):
++        argstr = "'" + "', '".join(args).strip() + "'"
++        rc, out = cmd(args,stdin=stdin,stdout=stdout,stderr=stderr)
++        report = 'Command: ' + argstr + '\nOutput:\n' + out
++        return rc, report, out
++
++    def shell_cmd(self, args, stdin=None):
++        return cmd(args,stdin=stdin)
++
++    def assertShellExitEquals(self, expected, args, stdin=None, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, msg=""):
++        '''Test a shell command matches a specific exit code'''
++        rc, report, out = self._testlib_shell_cmd(args, stdin=stdin, stdout=stdout, stderr=stderr)
++        result = 'Got exit code %d, expected %d\n' % (rc, expected)
++        self.assertEquals(expected, rc, msg + result + report)
++
++    def assertShellExitNotEquals(self, unwanted, args, stdin=None, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, msg=""):
++        '''Test a shell command doesn't match a specific exit code'''
++        rc, report, out = self._testlib_shell_cmd(args, stdin=stdin, stdout=stdout, stderr=stderr)
++        result = 'Got (unwanted) exit code %d\n' % rc
++        self.assertNotEquals(unwanted, rc, msg + result + report)
++
++    def assertShellOutputContains(self, text, args, stdin=None, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, msg="", invert=False):
++        '''Test a shell command contains a specific output'''
++        rc, report, out = self._testlib_shell_cmd(args, stdin=stdin, stdout=stdout, stderr=stderr)
++        result = 'Got exit code %d.  Looking for text "%s"\n' % (rc, text)
++        if not invert:
++            self.assertTrue(text in out, msg + result + report)
++        else:
++            self.assertFalse(text in out, msg + result + report)
++
++    def assertShellOutputEquals(self, text, args, stdin=None, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, msg="", invert=False, expected=None):
++        '''Test a shell command matches a specific output'''
++        rc, report, out = self._testlib_shell_cmd(args, stdin=stdin, stdout=stdout, stderr=stderr)
++        result = 'Got exit code %d. Looking for exact text "%s" (%s)\n' % (rc, text, " ".join(args))
++        if not invert:
++            self.assertEquals(text, out, msg + result + report)
++        else:
++            self.assertNotEquals(text, out, msg + result + report)
++        if expected != None:
++            result = 'Got exit code %d. Expected %d (%s)\n' % (rc, expected, " ".join(args))
++            self.assertEquals(rc, expected, msg + result + report)
++
++    def _word_find(self, report, content, invert=False):
++        '''Check for a specific string'''
++        if invert:
++            warning = 'Found "%s"\n' % content
++            self.assertTrue(content not in report, warning + report)
++        else:
++            warning = 'Could not find "%s"\n' % content
++            self.assertTrue(content in report, warning + report)
++
++    def _test_sysctl_value(self, path, expected, msg=None, exists=True):
++        sysctl = '/proc/sys/%s' % (path)
++        self.assertEquals(exists, os.path.exists(sysctl), sysctl)
++        value = None
++        if exists:
++            value = int(file(sysctl).read())
++            report = "%s is not %d: %d" % (sysctl, expected, value)
++            if msg:
++                report += " (%s)" % (msg)
++            self.assertEquals(value, expected, report)
++        return value
++
++    def set_sysctl_value(self, path, desired):
++        sysctl = '/proc/sys/%s' % (path)
++        self.assertTrue(os.path.exists(sysctl),"%s does not exist" % (sysctl))
++        file(sysctl,'w').write(str(desired))
++        self._test_sysctl_value(path, desired)
++
++    def kernel_at_least(self, introduced):
++        return self.version_compare(self.kernel_version_ubuntu,
++                                    introduced) >= 0
++
++    def kernel_claims_cve_fixed(self, cve):
++        changelog = "/usr/share/doc/linux-image-%s/changelog.Debian.gz" % (self.kernel_version)
++        if os.path.exists(changelog):
++            for line in gzip.open(changelog):
++                if cve in line and not "revert" in line and not "Revert" in line:
++                    return True
++        return False
++
++class TestGroup:
++    '''Create a temporary test group and remove it again in the dtor.'''
++
++    def __init__(self, group=None, lower=False):
++        '''Create a new group'''
++
++        self.group = None
++        if group:
++            if group_exists(group):
++                raise ValueError, 'group name already exists'
++        else:
++            while(True):
++                group = random_string(7,lower=lower)
++                if not group_exists(group):
++                    break
++
++        assert subprocess.call(['groupadd',group]) == 0
++        self.group = group
++        g = grp.getgrnam(self.group)
++        self.gid = g[2]
++
++    def __del__(self):
++        '''Remove the created group.'''
++
++        if self.group:
++            rc, report = cmd(['groupdel', self.group])
++            assert rc == 0
++
++class TestUser:
++    '''Create a temporary test user and remove it again in the dtor.'''
++
++    def __init__(self, login=None, home=True, group=None, uidmin=None, lower=False, shell=None):
++        '''Create a new user account with a random password.
++
++        By default, the login name is random, too, but can be explicitly
++        specified with 'login'. By default, a home directory is created, this
++        can be suppressed with 'home=False'.'''
++
++        self.login = None
++
++        if os.geteuid() != 0:
++            raise ValueError, "You must be root to run this test"
++
++        if login:
++            if login_exists(login):
++                raise ValueError, 'login name already exists'
++        else:
++            while(True):
++                login = 't' + random_string(7,lower=lower)
++                if not login_exists(login):
++                    break
++
++        self.salt = random_string(2)
++        self.password = random_string(8,lower=lower)
++        self.crypted = crypt.crypt(self.password, self.salt)
++
++        creation = ['useradd', '-p', self.crypted]
++        if home:
++            creation += ['-m']
++        if group:
++            creation += ['-G',group]
++        if uidmin:
++            creation += ['-K','UID_MIN=%d'%uidmin]
++        if shell:
++            creation += ['-s',shell]
++        creation += [login]
++        assert subprocess.call(creation) == 0
++        # Set GECOS
++        assert subprocess.call(['usermod','-c','Buddy %s' % (login),login]) == 0
++
++        self.login = login
++        p = pwd.getpwnam(self.login)
++        self.uid   = p[2]
++        self.gid   = p[3]
++        self.gecos = p[4]
++        self.home  = p[5]
++        self.shell = p[6]
++
++    def __del__(self):
++        '''Remove the created user account.'''
++
++        if self.login:
++            # sanity check the login name so we don't accidentally wipe too much
++            if len(self.login)>3 and not '/' in self.login:
++                subprocess.call(['rm','-rf', '/home/'+self.login, '/var/mail/'+self.login])
++            rc, report = cmd(['userdel', '-f', self.login])
++            assert rc == 0
++
++    def add_to_group(self, group):
++        '''Add user to the specified group name'''
++        rc, report = cmd(['usermod', '-G', group, self.login])
++        if rc != 0:
++            print report
++        assert rc == 0
++
++# Timeout handler using alarm() from John P. Speno's Pythonic Avocado
++class TimeoutFunctionException(Exception):
++    """Exception to raise on a timeout"""
++    pass
++class TimeoutFunction:
++    def __init__(self, function, timeout):
++        self.timeout = timeout
++        self.function = function
++
++    def handle_timeout(self, signum, frame):
++        raise TimeoutFunctionException()
++
++    def __call__(self, *args, **kwargs):
++        old = signal.signal(signal.SIGALRM, self.handle_timeout)
++        signal.alarm(self.timeout)
++        try:
++            result = self.function(*args, **kwargs)
++        finally:
++            signal.signal(signal.SIGALRM, old)
++        signal.alarm(0)
++        return result
++
++def main():
++    print "hi"
++    unittest.main()
 diff --git a/debian/tests/testlib_httpd.py b/debian/tests/testlib_httpd.py
 new file mode 100644
 index 0000000..1468398
 --- /dev/null
 +++ b/debian/tests/testlib_httpd.py
@@ -0,0 +1,352 @@
++#!/usr/bin/python
++#
++#    testlib_httpd.py quality assurance test script
++#    Copyright (C) 2008-2013 Canonical Ltd.
++#    Author: Jamie Strandboge <jamie@canonical.com>
++#    Author: Marc Deslauriers <marc.deslauriers@canonical.com>
++#
++#    This program is free software: you can redistribute it and/or modify
++#    it under the terms of the GNU General Public License version 3,
++#    as published by the Free Software Foundation.
++#
++#    This program is distributed in the hope that it will be useful,
++#    but WITHOUT ANY WARRANTY; without even the implied warranty of
++#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++#    GNU General Public License for more details.
++#
++#    You should have received a copy of the GNU General Public License
++#    along with this program.  If not, see <httpd://www.gnu.org/licenses/>.
++#
++
++import unittest, subprocess
++import os
++import sys
++import tempfile
++import testlib
++import time
++import socket
++import shutil
++import cookielib
++import urllib2
++import re
++import base64
++
++class HttpdCommon(testlib.TestlibCase):
++    '''Common functions'''
++    def _setUp(self, clearlogs = False):
++        '''Setup'''
++        self.release = self.lsb_release['Codename']
++        self.html_page = "/var/www/test.html"
++        self.php_page = "/var/www/test.php"
++        self.cgi_page = "/usr/lib/cgi-bin/test-cgi.pl"
++        self.apache2_default = "/etc/default/apache2"
++        self.ssl_key = "/etc/ssl/private/server.key"
++        self.ssl_crt = "/etc/ssl/certs/server.crt"
++        self.ssl_site = "/etc/apache2/sites-enabled/999-testlib"
++        self.ports_file = "/etc/apache2/ports.conf"
++        self.access_log = "/var/log/apache2/access.log"
++        self.error_log = "/var/log/apache2/error.log"
++        if not hasattr(self, 'initscript'):
++            self._set_initscript("apache2")
++
++        # Dapper's apache2 is disabled by default
++        if self.lsb_release['Release'] == 6.06:
++            testlib.config_replace(self.apache2_default, "", append=True)
++            subprocess.call(['sed', '-i', 's/NO_START=1/NO_START=0/', self.apache2_default])
++
++        self._stop()
++        if clearlogs == True:
++            self._clearlogs()
++        self._start()
++
++    def _set_initscript(self, initscript):
++        self.initscript = initscript
++
++    def _tearDown(self):
++        '''Clean up after each test_* function'''
++        self._stop()
++        time.sleep(2)
++        if os.path.exists(self.html_page):
++            os.unlink(self.html_page)
++        if os.path.exists(self.php_page):
++            os.unlink(self.php_page)
++        if os.path.exists(self.cgi_page):
++            os.unlink(self.cgi_page)
++        if os.path.exists(self.ssl_key):
++            os.unlink(self.ssl_key)
++        if os.path.exists(self.ssl_crt):
++            os.unlink(self.ssl_crt)
++        if os.path.exists(self.ssl_site):
++            os.unlink(self.ssl_site)
++        self._disable_mod("ssl")
++        testlib.config_restore(self.ports_file)
++        testlib.config_restore(self.apache2_default)
++
++    def _start(self):
++        '''Start process'''
++        rc, report = testlib.cmd(['service', self.initscript, 'start'])
++        expected = 0
++        result = 'Got exit code %d, expected %d\n' % (rc, expected)
++        self.assertEquals(expected, rc, result + report)
++        time.sleep(2)
++
++    def _stop(self):
++        '''Stop process'''
++        rc, report = testlib.cmd(['service', self.initscript, 'stop'])
++        expected = 0
++        result = 'Got exit code %d, expected %d\n' % (rc, expected)
++        self.assertEquals(expected, rc, result + report)
++
++    def _clearlogs(self):
++        '''Clear httpd logs'''
++        if os.path.exists(self.access_log):
++            os.unlink(self.access_log)
++        if os.path.exists(self.error_log):
++            os.unlink(self.error_log)
++
++    def __disable_mod(self, mod):
++        if not os.path.exists(os.path.join("/etc/apache2/mods-available", mod + \
++                                       ".load")):
++            return
++        if not os.path.exists("/usr/sbin/a2dismod"):
++            return
++        rc, report = testlib.cmd(['a2dismod', mod])
++        expected = 0
++        result = 'Got exit code %d, expected %d\n' % (rc, expected)
++        self.assertEquals(expected, rc, result + report)
++
++    def _disable_mod(self, mod):
++        self.__disable_mod(mod)
++        self._restart()
++        time.sleep(2)
++
++    def _disable_mods(self, mods):
++        '''take a list of modules to disable'''
++        for mod in mods:
++            self.__disable_mod(mod)
++        self._restart()
++        time.sleep(2)
++
++    def __enable_mod(self, mod):
++        rc, report = testlib.cmd(['a2enmod', mod])
++        expected = 0
++        result = 'Got exit code %d, expected %d\n' % (rc, expected)
++        self.assertEquals(expected, rc, result + report)
++
++    def _enable_mod(self, mod):
++        self.__enable_mod(mod)
++        # for some reason, force-reload doesn't work
++        # if self.lsb_release['Release'] >= 8.04:
++        #    self._reload()
++        # else:
++        self._restart()
++        time.sleep(2)
++
++    def _enable_mods(self, mods):
++        '''take a list of modules to enable'''
++        for mod in mods:
++            self.__enable_mod(mod)
++        # for some reason, force-reload doesn't work
++        # if self.lsb_release['Release'] >= 8.04:
++        #    self._reload()
++        # else:
++        self._restart()
++        time.sleep(2)
++
++    def _disable_site(self, sitename):
++        rc, report = testlib.cmd(['a2dissite', sitename])
++        expected = 0
++        result = 'Got exit code %d, expected %d\n' % (rc, expected)
++        self.assertEquals(expected, rc, result + report)
++        self._restart()
++        time.sleep(2)
++
++    def _enable_site(self, sitename):
++        rc, report = testlib.cmd(['a2ensite', sitename])
++        expected = 0
++        result = 'Got exit code %d, expected %d\n' % (rc, expected)
++        self.assertEquals(expected, rc, result + report)
++        # for some reason, force-reload doesn't work
++        # if self.lsb_release['Release'] >= 8.04:
++        #    self._reload()
++        #else:
++        self._restart()
++        time.sleep(2)
++
++    def _reload(self):
++        '''Reload httpd'''
++        rc, report = testlib.cmd([self.initscript, 'force-reload'])
++        expected = 0
++        result = 'Got exit code %d, expected %d\n' % (rc, expected)
++        self.assertEquals(expected, rc, result + report)
++
++    def _restart(self):
++        '''Restart httpd'''
++        self._stop()
++        self._start()
++
++    def _prepare_ssl(self, srvkey, srvcert):
++        '''Prepare Apache for ssl connections'''
++        self._enable_mod("ssl")
++
++        # copy instead of rename so we don't get invalid cross-device link errors
++        shutil.copy(srvkey, self.ssl_key)
++        shutil.copy(srvcert, self.ssl_crt)
++
++        if self.lsb_release['Release'] <= 7.04:
++            testlib.config_replace(self.ports_file, "Listen 443", True)
++
++        # create the conffile entry
++        site_contents = '''
++NameVirtualHost *:443
++<VirtualHost *:443>
++        SSLEngine on
++        SSLOptions +StrictRequire
++        SSLCertificateFile /etc/ssl/certs/server.crt
++        SSLCertificateKeyFile /etc/ssl/private/server.key
++
++        ServerAdmin webmaster@localhost
++
++        DocumentRoot /var/www/
++        ErrorLog /var/log/apache2/error.log
++
++        # Possible values include: debug, info, notice, warn, error, crit,
++        # alert, emerg.
++        LogLevel warn
++
++        CustomLog /var/log/apache2/access.log combined
++        ServerSignature On
++</VirtualHost>
++'''
++        testlib.create_fill(self.ssl_site, site_contents)
++        self._reload()
++
++    def _test_url_proxy(self, url="http://localhost/", content="", proxy="localhost:3128"):
++        '''Test the given url'''
++        rc, report = testlib.cmd(['elinks', '-verbose', '2', '-no-home', '1', '-eval', 'set protocol.ftp.proxy.host = "%s"' %(proxy), '-eval',
++            'set protocol.http.proxy.host = "%s"' %(proxy), '-eval', 'set protocol.https.proxy.host = "%s"' %(proxy), '-dump', url])
++        expected = 0
++        result = 'Got exit code %d, expected %d\n' % (rc, expected)
++        self.assertEquals(expected, rc, result + report)
++
++        if content != "":
++            self._word_find(report, content)
++
++    def _test_url(self, url="http://localhost/", content="", invert=False, source=False):
++        '''Test the given url'''
++        if source:
++            report = self._get_page_source(url)
++        else:
++            report = self._get_page(url)
++
++        if content != "":
++            self._word_find(report, content, invert)
++
++    def _get_page_source(self, url="http://localhost/", data='', headers=None):
++        '''Fetch html source'''
++        cookies = "/tmp/cookies.lwp"
++        testlib.create_fill(cookies, "#LWP-Cookies-2.0")
++
++        if headers == None:
++            headers = {'User-agent' : 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)'}
++
++        clean_url = url
++        if re.search(r'http(|s)://.*:.*@[a-z].*', url):
++            tmp = re.sub(r'^http(|s)://', '', url)
++            username = tmp.split('@')[0].split(':')[0]
++            password = tmp.split('@')[0].split(':')[1]
++            base64_str = base64.encodestring('%s:%s' % (username, password))[:-1]
++            headers['Authorization'] = "Basic %s" % (base64_str)
++            # strip out the username and password from the url
++            clean_url = re.sub(r'%s:%s@' % (username, password), '', url)
++
++        cj = cookielib.LWPCookieJar(filename=cookies)
++        cj.load()
++
++        opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
++        urllib2.install_opener(opener)
++
++        try:
++            if data != '':
++                req = urllib2.Request(clean_url, data, headers)
++            else:
++                req = urllib2.Request(clean_url, headers=headers)
++        except:
++            raise
++
++        tries = 0
++        failed = True
++        while tries < 3:
++            try:
++                handle = urllib2.urlopen(req)
++                failed = False
++                break
++            except urllib2.HTTPError, e:
++                raise
++                if e.code != 503:
++                    # for debugging
++                    #print >>sys.stderr, 'Error retrieving page "url=%s", "data=%s"' % (url, data)
++                    raise
++            tries += 1
++            time.sleep(2)
++
++        self.assertFalse(failed, 'Could not retrieve page "url=%s", "data=%s"' % (url, data))
++        html = handle.read()
++        cj.save()
++
++        return html
++
++    def _get_page(self, url="http://localhost/"):
++        '''Get contents of given url'''
++        rc, report = testlib.cmd(['elinks', '-verbose', '2', '-no-home', '1', '-dump', url])
++        expected = 0
++
++        result = 'Got exit code %d, expected %d\n' % (rc, expected)
++        self.assertEquals(expected, rc, result + report)
++
++        return report
++
++    def _test_raw(self, request="", content="", host="localhost", port=80, invert = False, limit=1024):
++        '''Test the given url with a raw socket to include headers'''
++        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
++        s.connect((host, port))
++        s.send(request)
++        data = s.recv(limit)
++        s.close()
++
++        if content != "":
++            self._word_find(data, content, invert = invert)
++
++def create_php_page(page, php_content=None):
++    '''Create a basic php page'''
++
++    # complexity here is due to maintaining interface compatability when
++    # php_content is not provided
++    if not php_content:
++        str = "php works"
++        php_content = "echo '" + str + "'; "
++    else:
++        str = php_content
++    script = '''<?php
++%s
++?>''' %(php_content)
++    testlib.create_fill(page, script)
++    return str
++
++def create_perl_script(page):
++    '''Create a basic perl script'''
++    str = "perl works"
++    script = '''#!/usr/bin/perl
++print "Content-Type: text/plain\\n\\n";
++print "''' + str + '''\\n";
++
++'''
++    testlib.create_fill(page, script, 0755)
++
++    return str
++
++def create_html_page(page):
++    '''Create html page'''
++    str = "html works"
++    testlib.create_fill(page, "<html><body>" + str + "</body></html>")
++    return str
 diff --git a/debian/tests/upstream-test-suite b/debian/tests/upstream-test-suite
 index 4f6b332..ec3e370 100644
 --- a/debian/tests/upstream-test-suite
 +++ b/debian/tests/upstream-test-suite
@@ -2,7 +2,7 @@
  set -e
  dpkg-source --before-build `pwd`
--sed -i -e 's/\$(top_builddir)\/src\/squid/\/usr\/sbin\/squid/' test-suite/Makefile.am
++sed -i -e 's/\$(top_builddir)\/src\/squid\ /\/usr\/sbin\/squid\ /' test-suite/Makefile.am
  dpkg-buildpackage -rfakeroot --target=pre-build
  dpkg-buildpackage -rfakeroot --target=common-configure-arch 2>/dev/null
  make -C src/base libbase.la
 diff --git a/debian/usr.sbin.squid b/debian/usr.sbin.squid
 new file mode 100644
 index 0000000..2a400e9
 --- /dev/null
 +++ b/debian/usr.sbin.squid
@@ -0,0 +1,75 @@
++# Author: Simon Deziel
++#         Jamie Strandboge
++# vim:syntax=apparmor
++#include <tunables/global>
++
++/usr/sbin/squid {
++  #include <abstractions/base>
++  #include <abstractions/kerberosclient>
++  #include <abstractions/nameservice>
++
++  capability net_raw,
++  capability setuid,
++  capability setgid,
++  capability sys_chroot,
++
++  # allow child processes to run execvp(argv[0], [kidname, ...])
++  /usr/sbin/squid ix,
++
++  # pinger
++  network inet raw,
++  network inet6 raw,
++
++  /etc/mtab r,
++  @{PROC}/[0-9]*/mounts r,
++  @{PROC}/mounts r,
++
++  # squid3 configuration
++  /etc/squid/** r,
++  /{,var/}run/squid.pid rwk,
++  /var/spool/squid/ r,
++  /var/spool/squid/** rwk,
++  /usr/lib/squid{,3}/* rmix,
++  /usr/share/squid/** r,
++  /var/log/squid/* rw,
++
++  # squid-langpack
++  /usr/share/squid-langpack/** r,
++
++  # maas-proxy
++  /var/lib/maas/maas-proxy.conf r,
++  /var/log/maas/proxy/** rw,
++  /var/spool/maas-proxy/ r,
++  /var/spool/maas-proxy/** rwk,
++
++  # squid-deb-proxy
++  /etc/squid-deb-proxy/** r,
++  /{,var/}run/squid-deb-proxy.pid rwk,
++  /var/cache/squid-deb-proxy/ r,
++  /var/cache/squid-deb-proxy/** rwk,
++  /var/log/squid-deb-proxy/* rw,
++  owner /dev/shm/** rmw,
++
++  # squidguard
++  /usr/bin/squidGuard Cx -> squidguard,
++  profile squidguard {
++    #include <abstractions/base>
++
++    /etc/squid/squidGuard.conf r,
++    /var/log/squid{,3}/squidGuard.log w,
++    /var/lib/squidguard/** rw,
++
++    # squidguard by default uses /var/log/squid as its logdir, however, we
++    # don't want it to access squid's logs, only its own. Explicitly deny
++    # access to squid's files but allow all others since the user may specify
++    # anything for the squidGurad 'log' directive.
++    /var/log/squid{,3}/* rw,
++    audit deny /var/log/squid{,3}/{access,cache,store}.log* rw,
++
++    # Site-specific additions and overrides. See local/README for details.
++    #include <local/usr.sbin.squid>
++  }
++
++  # Site-specific additions and overrides. See local/README for details.
++  #include <local/usr.sbin.squid>
++}

Ubuntusquid3 package

Merge ~ahasenack/ubuntu/+source/squid3:artful-squid3-merge-1712653 into ~usd-import-team/ubuntu/+source/squid3:debian/sid

Commit Message

Description of the Change

Preview Diff

Subscribers

Ubuntu
squid3 package