diff -u -r -N squid-3.0.STABLE6/ChangeLog squid-3.0.STABLE7/ChangeLog --- squid-3.0.STABLE6/ChangeLog 2008-05-21 03:01:06.000000000 +1200 +++ squid-3.0.STABLE7/ChangeLog 2008-06-22 15:35:44.000000000 +1200 @@ -1,3 +1,14 @@ +Changes to squid-3.0.STABLE7 (22 Jun 2008): + + - Fix several ASN issues + - Fix SNMP reporting of counters + - Fix round-robin algorithms + - GCC 4.3 support + - Netfilter v1.4.0 bug workaround + - Bugs 2350 and 2323: memory issues + - Bugs 2384, 951, 1566: ESI assertions + - Various minor debug and documentation cleanups + Changes to squid-3.0.STABLE6 (20 May 2008): - Bug 2254: umask Feature from 2.6 added diff -u -r -N squid-3.0.STABLE6/configure squid-3.0.STABLE7/configure --- squid-3.0.STABLE6/configure 2008-05-21 03:01:16.000000000 +1200 +++ squid-3.0.STABLE7/configure 2008-06-22 15:35:54.000000000 +1200 @@ -1,7 +1,7 @@ #! /bin/sh # From configure.in Revision: 1.488.2.3 . # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.61 for Squid Web Proxy 3.0.STABLE6. +# Generated by GNU Autoconf 2.61 for Squid Web Proxy 3.0.STABLE7. # # Report bugs to . # @@ -729,8 +729,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='3.0.STABLE6' -PACKAGE_STRING='Squid Web Proxy 3.0.STABLE6' +PACKAGE_VERSION='3.0.STABLE7' +PACKAGE_STRING='Squid Web Proxy 3.0.STABLE7' PACKAGE_BUGREPORT='http://www.squid-cache.org/bugs/' ac_unique_file="src/main.cc" @@ -1507,7 +1507,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 3.0.STABLE6 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 3.0.STABLE7 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1577,7 +1577,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 3.0.STABLE6:";; + short | recursive ) echo "Configuration of Squid Web Proxy 3.0.STABLE7:";; esac cat <<\_ACEOF @@ -1886,7 +1886,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 3.0.STABLE6 +Squid Web Proxy configure 3.0.STABLE7 generated by GNU Autoconf 2.61 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1900,7 +1900,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 3.0.STABLE6, which was +It was created by Squid Web Proxy $as_me 3.0.STABLE7, which was generated by GNU Autoconf 2.61. Invocation command line was $ $0 $@ @@ -2574,7 +2574,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='3.0.STABLE6' + VERSION='3.0.STABLE7' cat >>confdefs.h <<_ACEOF @@ -22021,6 +22021,12 @@ _ACEOF IPFW_TRANSPARENT="yes" + else + +cat >>confdefs.h <<\_ACEOF +#define IPFW_TRANSPARENT 0 +_ACEOF + fi fi @@ -22036,6 +22042,12 @@ _ACEOF IPF_TRANSPARENT="yes" + else + +cat >>confdefs.h <<\_ACEOF +#define IPF_TRANSPARENT 0 +_ACEOF + fi fi @@ -22051,6 +22063,12 @@ _ACEOF PF_TRANSPARENT="yes" + else + +cat >>confdefs.h <<\_ACEOF +#define PF_TRANSPARENT 0 +_ACEOF + fi fi @@ -22066,6 +22084,12 @@ _ACEOF LINUX_NETFILTER="yes" + else + +cat >>confdefs.h <<\_ACEOF +#define LINUX_NETFILTER 0 +_ACEOF + fi fi @@ -22166,6 +22190,12 @@ echo "Linux-Netfilter Transparent Proxy automatically enabled" LINUX_NETFILTER="yes" fi + else + +cat >>confdefs.h <<\_ACEOF +#define LINUX_TPROXY2 0 +_ACEOF + fi fi @@ -24511,6 +24541,10 @@ #if HAVE_LIMITS_H #include #endif +/* Netfilter ip(6)tables v1.4.0 has broken headers */ +#if HAVE_NETINET_IN_H +#include +#endif #include <$ac_header> @@ -46007,7 +46041,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 3.0.STABLE6, which was +This file was extended by Squid Web Proxy $as_me 3.0.STABLE7, which was generated by GNU Autoconf 2.61. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -46060,7 +46094,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -Squid Web Proxy config.status 3.0.STABLE6 +Squid Web Proxy config.status 3.0.STABLE7 configured by $0, generated by GNU Autoconf 2.61, with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" diff -u -r -N squid-3.0.STABLE6/configure.in squid-3.0.STABLE7/configure.in --- squid-3.0.STABLE6/configure.in 2008-05-21 03:01:16.000000000 +1200 +++ squid-3.0.STABLE7/configure.in 2008-06-22 15:35:54.000000000 +1200 @@ -5,7 +5,7 @@ dnl dnl dnl -AC_INIT(Squid Web Proxy, 3.0.STABLE6, http://www.squid-cache.org/bugs/, squid) +AC_INIT(Squid Web Proxy, 3.0.STABLE7, http://www.squid-cache.org/bugs/, squid) AC_PREREQ(2.52) AM_CONFIG_HEADER(include/autoconf.h) AC_CONFIG_AUX_DIR(cfgaux) @@ -1091,6 +1091,8 @@ echo "IPFW Transparent Proxy enabled" AC_DEFINE(IPFW_TRANSPARENT,1,[Enable support for Transparent Proxy on systems using FreeBSD IPFW address redirection.]) IPFW_TRANSPARENT="yes" + else + AC_DEFINE(IPFW_TRANSPARENT,0,[Enable support for Transparent Proxy on systems using FreeBSD IPFW address redirection.]) fi ]) @@ -1103,6 +1105,8 @@ echo "IP-Filter Transparent Proxy enabled" AC_DEFINE(IPF_TRANSPARENT,1,[Enable support for Transparent Proxy on systems using IP-Filter address redirection. This provides "masquerading" support for non Linux system.]) IPF_TRANSPARENT="yes" + else + AC_DEFINE(IPF_TRANSPARENT,0,[Enable support for Transparent Proxy on systems using IP-Filter address redirection. This provides "masquerading" support for non Linux system.]) fi ]) @@ -1115,6 +1119,8 @@ echo "PF Transparent Proxy enabled" AC_DEFINE(PF_TRANSPARENT,1,[Enable support for Transparent Proxy on systems using PF address redirection. This provides "masquerading" support for OpenBSD.]) PF_TRANSPARENT="yes" + else + AC_DEFINE(PF_TRANSPARENT,0,[Enable support for Transparent Proxy on systems using PF address redirection. This provides "masquerading" support for OpenBSD.]) fi ]) @@ -1126,6 +1132,8 @@ echo "Linux (Netfilter) Transparent Proxy enabled" AC_DEFINE(LINUX_NETFILTER,1,[Enable support for Transparent Proxy on Linux (Netfilter) systems]) LINUX_NETFILTER="yes" + else + AC_DEFINE(LINUX_NETFILTER,0,[Enable support for Transparent Proxy on Linux (Netfilter) systems]) fi ]) @@ -1239,6 +1247,8 @@ echo "Linux-Netfilter Transparent Proxy automatically enabled" LINUX_NETFILTER="yes" fi + else + AC_DEFINE(LINUX_TPROXY2, 0, [Enable real Transparent Proxy support for Netfilter TPROXY v2.]) fi ]) @@ -1929,6 +1939,10 @@ #if HAVE_LIMITS_H #include #endif +/* Netfilter ip(6)tables v1.4.0 has broken headers */ +#if HAVE_NETINET_IN_H +#include +#endif ) dnl *BSD dont include the depenencies for all their net/ and netinet/ files diff -u -r -N squid-3.0.STABLE6/include/autoconf.h.in squid-3.0.STABLE7/include/autoconf.h.in --- squid-3.0.STABLE6/include/autoconf.h.in 2008-05-21 03:01:12.000000000 +1200 +++ squid-3.0.STABLE7/include/autoconf.h.in 2008-06-22 15:35:50.000000000 +1200 @@ -775,6 +775,9 @@ /* Enable real Transparent Proxy support for Netfilter TPROXY. */ #undef LINUX_TPROXY +/* Enable real Transparent Proxy support for Netfilter TPROXY v2. */ +#undef LINUX_TPROXY2 + /* If we need to declare sys_errlist[] as external */ #undef NEED_SYS_ERRLIST diff -u -r -N squid-3.0.STABLE6/include/version.h squid-3.0.STABLE7/include/version.h --- squid-3.0.STABLE6/include/version.h 2008-05-21 03:01:16.000000000 +1200 +++ squid-3.0.STABLE7/include/version.h 2008-06-22 15:35:54.000000000 +1200 @@ -9,5 +9,5 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1211295657 +#define SQUID_RELEASE_TIME 1214105735 #endif diff -u -r -N squid-3.0.STABLE6/lib/rfc1738.c squid-3.0.STABLE7/lib/rfc1738.c --- squid-3.0.STABLE6/lib/rfc1738.c 2008-05-21 03:01:12.000000000 +1200 +++ squid-3.0.STABLE7/lib/rfc1738.c 2008-06-22 15:35:50.000000000 +1200 @@ -98,7 +98,7 @@ bufsize = strlen(url) * 3 + 1; buf = xcalloc(bufsize, 1); } - for (p = url, q = buf; *p != '\0'; p++, q++) { + for (p = url, q = buf; *p != '\0' && q < (buf + bufsize - 1); p++, q++) { do_escape = 0; /* RFC 1738 defines these chars as unsafe */ diff -u -r -N squid-3.0.STABLE6/RELEASENOTES.html squid-3.0.STABLE7/RELEASENOTES.html --- squid-3.0.STABLE6/RELEASENOTES.html 2008-05-21 03:02:08.000000000 +1200 +++ squid-3.0.STABLE7/RELEASENOTES.html 2008-06-22 15:36:54.000000000 +1200 @@ -1,11 +1,11 @@ - - Squid 3.0.STABLE6 release notes + + Squid 3.0.STABLE7 release notes -

Squid 3.0.STABLE6 release notes

+

Squid 3.0.STABLE7 release notes

Squid Developers

$Id: release-3.0.sgml,v 1.30.2.5 2008/02/28 00:26:31 amosjeffries Exp $
@@ -15,7 +15,7 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-3.0.STABLE6.

+

The Squid Team are pleased to announce the release of Squid-3.0.STABLE7.

This new release is available for download from http://www.squid-cache.org/Versions/v3/3.0/ or the mirrors.

diff -u -r -N squid-3.0.STABLE6/snmplib/asn1.c squid-3.0.STABLE7/snmplib/asn1.c --- squid-3.0.STABLE6/snmplib/asn1.c 2008-05-21 03:01:12.000000000 +1200 +++ squid-3.0.STABLE7/snmplib/asn1.c 2008-06-22 15:35:50.000000000 +1200 @@ -324,10 +324,10 @@ return (NULL); } integer = *intp; - mask = (u_int) 0xFF << (8 * (sizeof(int) - 1)); - /* mask is 0xFF000000 on a big-endian machine */ - if ((u_char) ((integer & mask) >> (8 * (sizeof(int) - 1))) & 0x80) { - /* if MSB is set */ + mask = (u_int) 0x80 << (8 * (sizeof(int) - 1)); + /* mask is 0x80000000 on a big-endian machine */ + if ((integer & mask) != 0) { + /* add a null byte if MSB is set, to prevent sign extension */ add_null_byte = 1; intsize++; } @@ -336,11 +336,11 @@ * this 2's complement integer. * There should be no sequence of 9 consecutive 1's or 0's at the * most significant end of the integer. + * The 1's case is taken care of above by adding a null byte. */ mask = (u_int) 0x1FF << ((8 * (sizeof(int) - 1)) - 1); /* mask is 0xFF800000 on a big-endian machine */ - while ((((integer & mask) == 0) - || ((integer & mask) == mask)) && intsize > 1) { + while (((integer & mask) == 0) && intsize > 1) { intsize--; integer <<= 8; } @@ -484,7 +484,7 @@ return (NULL); header_len = bufp - data; - if (header_len + asn_length > *datalength) { + if (header_len + asn_length > *datalength || asn_length > (u_int)(2 << 18) ) { snmp_set_api_error(SNMPERR_ASN_DECODE); return (NULL); } diff -u -r -N squid-3.0.STABLE6/src/ACLMaxUserIP.cc squid-3.0.STABLE7/src/ACLMaxUserIP.cc --- squid-3.0.STABLE6/src/ACLMaxUserIP.cc 2008-05-21 03:01:13.000000000 +1200 +++ squid-3.0.STABLE7/src/ACLMaxUserIP.cc 2008-06-22 15:35:51.000000000 +1200 @@ -163,7 +163,7 @@ ti = match(checklist->auth_user_request, checklist->src_addr); - checklist->auth_user_request = NULL; + AUTHUSERREQUESTUNLOCK(checklist->auth_user_request, "ACLChecklist via ACLMaxUserIP"); return ti; } diff -u -r -N squid-3.0.STABLE6/src/ACLProxyAuth.cc squid-3.0.STABLE7/src/ACLProxyAuth.cc --- squid-3.0.STABLE6/src/ACLProxyAuth.cc 2008-05-21 03:01:13.000000000 +1200 +++ squid-3.0.STABLE7/src/ACLProxyAuth.cc 2008-06-22 15:35:51.000000000 +1200 @@ -215,7 +215,7 @@ /* check to see if we have matched the user-acl before */ int result = cacheMatchAcl(&checklist->auth_user_request->user()-> proxy_match_cache, checklist); - checklist->auth_user_request = NULL; + AUTHUSERREQUESTUNLOCK(checklist->auth_user_request, "ACLChecklist via ACLProxyAuth"); return result; } diff -u -r -N squid-3.0.STABLE6/src/cache_cf.cc squid-3.0.STABLE7/src/cache_cf.cc --- squid-3.0.STABLE6/src/cache_cf.cc 2008-05-21 03:01:14.000000000 +1200 +++ squid-3.0.STABLE7/src/cache_cf.cc 2008-06-22 15:35:52.000000000 +1200 @@ -2850,8 +2850,6 @@ } else if (strncmp(token, "name=", 5) == 0) { safe_free(s->name); s->name = xstrdup(token + 5); - } else if (strcmp(token, "transparent") == 0) { - s->transparent = 1; } else if (strcmp(token, "vhost") == 0) { s->vhost = 1; s->accel = 1; @@ -2876,11 +2874,19 @@ else self_destruct(); -#if LINUX_TPROXY + } else if (strcmp(token, "transparent") == 0) { + s->transparent = 1; + /* Log information regarding the port modes under interception. */ + debugs(3, 1, "Starting Authentication on port " << inet_ntoa(s->s.sin_addr) << ":" << s->s.sin_port); + debugs(3, 1, "Disabling Authentication on port " << inet_ntoa(s->s.sin_addr) << ":" << s->s.sin_port << " (interception enabled)"); +#if LINUX_TPROXY } else if (strcmp(token, "tproxy") == 0) { s->tproxy = 1; need_linux_tproxy = 1; + /* Log information regarding the port modes under transparency. */ + debugs(3, 1, "Starting IP Spoofing on port " << inet_ntoa(s->s.sin_addr) << ":" << s->s.sin_port); + debugs(3, 1, "Disabling Authentication on port " << inet_ntoa(s->s.sin_addr) << ":" << s->s.sin_port << " (IP spoofing enabled)"); #endif } else { diff -u -r -N squid-3.0.STABLE6/src/cf.data.pre squid-3.0.STABLE7/src/cf.data.pre --- squid-3.0.STABLE6/src/cf.data.pre 2008-05-21 03:01:14.000000000 +1200 +++ squid-3.0.STABLE7/src/cf.data.pre 2008-06-22 15:35:53.000000000 +1200 @@ -106,6 +106,7 @@ proxy as the client then thinks it is talking to an origin server and not the proxy. This is a limitation of bending the TCP/IP protocol to transparently intercepting port 80, not a limitation in Squid. + Ports flagged 'transparent' or 'tproxy' have authentication disabled. === Parameters for the basic scheme follow. === @@ -464,6 +465,9 @@ By default, regular expressions are CASE-SENSITIVE. To make them case-insensitive, use the -i option. + + ***** ACL TYPES AVAILABLE ***** + acl aclname src ip-address/netmask ... (clients IP address) acl aclname src addr1-addr2/netmask ... (range of addresses) acl aclname dst ip-address/netmask ... (URL host's IP address) @@ -478,7 +482,7 @@ # the same subnet. If the client is on a different subnet, then Squid cannot # find out its MAC address. - acl aclname srcdomain .foo.com ... # reverse lookup, client IP + acl aclname srcdomain .foo.com ... # reverse lookup, from client IP acl aclname dstdomain .foo.com ... # Destination server from URL acl aclname srcdom_regex [-i] xxx ... # regex matching client name acl aclname dstdom_regex [-i] xxx ... # regex matching server @@ -486,7 +490,15 @@ # based URL is used and no match is found. The name "none" is used # if the reverse lookup fails. - acl aclname http_status 200 301 500- 400-403 ... # status code in reply + acl aclname src_as number ... + acl aclname dst_as number ... + # Except for access control, AS numbers can be used for + # routing of requests to specific caches. Here's an + # example for routing all requests for AS#1241 and only + # those to mycache.mydomain.net: + # acl asexample dst_as 1241 + # cache_peer_access mycache.mydomain.net allow asexample + # cache_peer_access mycache_mydomain.net deny all acl aclname time [day-abbrevs] [h1:m1-h2:m2] day-abbrevs: @@ -498,32 +510,32 @@ F - Friday A - Saturday h1:m1 must be less than h2:m2 + acl aclname url_regex [-i] ^http:// ... # regex matching on whole URL acl aclname urlpath_regex [-i] \.gif$ ... # regex matching on URL path + acl aclname port 80 70 21 ... acl aclname port 0-1024 ... # ranges allowed acl aclname myport 3128 ... # (local socket TCP port) acl aclname myportname 3128 ... # http(s)_port name + acl aclname proto HTTP FTP ... + acl aclname method GET POST ... + + acl aclname http_status 200 301 500- 400-403 ... # status code in reply + acl aclname browser [-i] regexp ... # pattern match on User-Agent header (see also req_header below) + acl aclname referer_regex [-i] regexp ... # pattern match on Referer header # Referer is highly unreliable, so use with care + acl aclname ident username ... acl aclname ident_regex [-i] pattern ... # string match on ident output. # use REQUIRED to accept any non-null ident. - acl aclname src_as number ... - acl aclname dst_as number ... - # Except for access control, AS numbers can be used for - # routing of requests to specific caches. Here's an - # example for routing all requests for AS#1241 and only - # those to mycache.mydomain.net: - # acl asexample dst_as 1241 - # cache_peer_access mycache.mydomain.net allow asexample - # cache_peer_access mycache_mydomain.net deny all acl aclname proxy_auth [-i] username ... acl aclname proxy_auth_regex [-i] pattern ... @@ -538,8 +550,8 @@ # to check username/password combinations (see # auth_param directive). # - # NOTE: proxy_auth can't be used in a transparent proxy as - # the browser needs to be configured for using a proxy in order + # NOTE: proxy_auth can't be used in a transparent/intercepting proxy + # as the browser needs to be configured for using a proxy in order # to respond to proxy authentication. acl aclname snmp_community string ... @@ -565,7 +577,7 @@ # clients may appear to come from multiple addresses if they are # going through proxy farms, so a limit of 1 may cause user problems. - acl aclname req_mime_type mime-type1 ... + acl aclname req_mime_type [-i] mime-type1 ... # regex match against the mime type of the request generated # by the client. Can be used to detect file upload or some # types HTTP tunneling requests. @@ -577,7 +589,7 @@ # thought of as a superset of "browser", "referer" and "mime-type" # ACLs. - acl aclname rep_mime_type mime-type1 ... + acl aclname rep_mime_type [-i] mime-type1 ... # regex match against the mime type of the reply received by # squid. Can be used to detect file download or some # types HTTP tunneling requests. @@ -895,9 +907,11 @@ transparent Support for transparent interception of outgoing requests without browser settings. + NP: disables authentication on the port. tproxy Support Linux TPROXY for spoofing outgoing connections using the client IP address. + NP: disables authentication on the port. accel Accelerator mode. Also needs at least one of vhost / vport / defaultsite. @@ -1996,8 +2010,10 @@ a %Ss/%03Hs %a %Ss/%03Hs %h] [%a %Ss/%03Hs %a %Ss/%03Hs %h] [%a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %h" "%{User-Agent}>h" %Ss:%Sh DOC_END @@ -2517,9 +2533,10 @@ refresh-ims override-expire enforces min age even if the server - sent a Expires: header. Doing this VIOLATES the HTTP - standard. Enabling this feature could make you liable - for problems which it causes. + sent an explicit expiry time (e.g., with the + Expires: header or Cache-Control: max-age). Doing this + VIOLATES the HTTP standard. Enabling this feature + could make you liable for problems which it causes. override-lastmod enforces min age even on objects that were modified recently. @@ -2655,6 +2672,10 @@ negatively-cached for a configurable amount of time. The default is 5 minutes. Note that this is different from negative caching of DNS lookups. + + WARNING: Doing this VIOLATES the HTTP standard. Enabling + this feature could make you liable for problems which it + causes. DOC_END NAME: positive_dns_ttl @@ -2710,7 +2731,7 @@ DOC_START The minimum caching time according to (Expires - Date) Headers Squid honors if the object can't be revalidated - defaults to 60 seconds. In reverse proxy enorinments it + defaults to 60 seconds. In reverse proxy environments it might be desirable to honor shorter object lifetimes. It is most likely better to make your server return a meaningful Last-Modified header however. In ESI environments @@ -3776,7 +3797,7 @@ The relevant WCCPv2 flags: + src_ip_hash, dst_ip_hash - + source_port_hash, dest_port_hash + + source_port_hash, dst_port_hash + src_ip_alt_hash, dst_ip_alt_hash + src_port_alt_hash, dst_port_alt_hash + ports_source diff -u -r -N squid-3.0.STABLE6/src/ESI.cc squid-3.0.STABLE7/src/ESI.cc --- squid-3.0.STABLE6/src/ESI.cc 2008-05-21 03:01:13.000000000 +1200 +++ squid-3.0.STABLE7/src/ESI.cc 2008-06-22 15:35:51.000000000 +1200 @@ -1435,12 +1435,9 @@ void ESIContext::freeResources () { - debugs(86, 5, "ESIContext::freeResources: Freeing for this=" << this); + debugs(86, 5, HERE << "Freeing for this=" << this); - if (rep) { - delete rep; - rep = NULL; - } + HTTPMSGUNLOCK(rep); finishChildren (); diff -u -r -N squid-3.0.STABLE6/src/ESIInclude.cc squid-3.0.STABLE7/src/ESIInclude.cc --- squid-3.0.STABLE6/src/ESIInclude.cc 2008-05-21 03:01:13.000000000 +1200 +++ squid-3.0.STABLE7/src/ESIInclude.cc 2008-06-22 15:35:52.000000000 +1200 @@ -67,14 +67,22 @@ clientStreamDetach (node, http); } -/* - * Write a chunk of data to a client 'socket'. - * If the reply is present, send the reply headers down the wire too, - * and clean them up when finished. - * Pre-condition: +/** + * Write a chunk of data to a client 'socket'. + * If the reply is present, send the reply headers down the wire too. + * + * Pre-condition: * The request is an internal ESI subrequest. * data context is not NULL * There are no more entries in the stream chain. + * The caller is responsible for creation and deletion of the Reply headers. + * + \note + * Bug 975, bug 1566 : delete rep; 2006/09/02: TS, #975 + * + * This was causing double-deletes. Its possible that not deleting + * it here will cause memory leaks, but if so, this delete should + * not be reinstated or it will trigger bug #975 again - RBC 20060903 */ void esiBufferRecipient (clientStreamNode *node, ClientHttpRequest *http, HttpReply *rep, StoreIOBuffer receivedData) @@ -97,7 +105,7 @@ assert (receivedData.length <= sizeof(esiStream->localbuffer->buf)); assert (!esiStream->finished); - debugs (86,5, "esiBufferRecipient rep " << rep << " body " << receivedData.data << " len " << receivedData.length); + debugs (86,5, HERE << "rep " << rep << " body " << receivedData.data << " len " << receivedData.length); assert (node->readBuffer.offset == receivedData.offset || receivedData.length == 0); /* trivial case */ @@ -119,15 +127,6 @@ headersLog(0, 0, http->request->method, rep); #endif - - /* delete rep; 2006/09/02: TS, #975 - * - * This was causing double-deletes. Its possible that not deleting - * it here will cause memory leaks, but if so, this delete should - * not be reinstated or it will trigger bug #975 again - RBC - * 20060903 - */ - rep = NULL; } } @@ -154,7 +153,7 @@ /* EOF / Read error / aborted entry */ if (rep == NULL && receivedData.data == NULL && receivedData.length == 0) { /* TODO: get stream status to test the entry for aborts */ - debugs(86, 5, "Finished reading upstream data in subrequest"); + debugs(86, 5, HERE << "Finished reading upstream data in subrequest"); esiStream->include->subRequestDone (esiStream, true); esiStream->finished = 1; httpRequestFree (http); @@ -209,9 +208,8 @@ tempBuffer.length = sizeof (esiStream->buffer->buf); tempBuffer.data = esiStream->buffer->buf; /* now just read into 'buffer' */ - clientStreamRead (node, - http, tempBuffer); - debugs(86, 5, "esiBufferRecipient: Requested more data for ESI subrequest"); + clientStreamRead (node, http, tempBuffer); + debugs(86, 5, HERE << "Requested more data for ESI subrequest"); } break; diff -u -r -N squid-3.0.STABLE6/src/external_acl.cc squid-3.0.STABLE7/src/external_acl.cc --- squid-3.0.STABLE6/src/external_acl.cc 2008-05-21 03:01:15.000000000 +1200 +++ squid-3.0.STABLE7/src/external_acl.cc 2008-06-22 15:35:53.000000000 +1200 @@ -654,7 +654,7 @@ key = makeExternalAclKey(ch, acl); if (acl->def->require_auth) - ch->auth_user_request = NULL; + AUTHUSERREQUESTUNLOCK(ch->auth_user_request, "ACLChecklist via aclMatchExternal"); if (!key) { /* Not sufficient data to process */ diff -u -r -N squid-3.0.STABLE6/src/neighbors.cc squid-3.0.STABLE7/src/neighbors.cc --- squid-3.0.STABLE6/src/neighbors.cc 2008-05-21 03:01:15.000000000 +1200 +++ squid-3.0.STABLE7/src/neighbors.cc 2008-06-22 15:35:53.000000000 +1200 @@ -315,11 +315,16 @@ if (!peerHTTPOkay(p, request)) continue; - if (p->weight == 1) { - if (q && q->rr_count < p->rr_count) - continue; - } else if (p->weight == 0 || (q && q->rr_count < (p->rr_count / p->weight))) { + if (p->weight == 0) continue; + + if (q) { + if (p->weight == q->weight) { + if (q->rr_count < p->rr_count) + continue; + } else if ( (double) q->rr_count / q->weight < (double) p->rr_count / p->weight) { + continue; + } } q = p; @@ -328,7 +333,7 @@ if (q) q->rr_count++; - debugs(15, 3, "getRoundRobinParent: returning " << (q ? q->host : "NULL")); + debugs(15, 3, HERE << "returning " << (q ? q->host : "NULL")); return q; } diff -u -r -N squid-3.0.STABLE6/src/snmp_core.cc squid-3.0.STABLE7/src/snmp_core.cc --- squid-3.0.STABLE6/src/snmp_core.cc 2008-05-21 03:01:15.000000000 +1200 +++ squid-3.0.STABLE7/src/snmp_core.cc 2008-06-22 15:35:54.000000000 +1200 @@ -414,9 +414,7 @@ len = sizeof(struct sockaddr_in); memset(&xaddr, '\0', len); - x = getsockname(theOutSnmpConnection, - - (struct sockaddr *) &xaddr, &len); + x = getsockname(theOutSnmpConnection, (struct sockaddr *) &xaddr, &len); if (x < 0) debugs(51, 1, "theOutSnmpConnection FD " << theOutSnmpConnection << ": getsockname: " << xstrerror()); @@ -441,7 +439,8 @@ * and 'out' sockets might be just one FD. This prevents this * function from executing repeatedly. When we are really ready to * exit or restart, main will comm_close the 'out' descriptor. - */ theInSnmpConnection = -1; + */ + theInSnmpConnection = -1; /* * Normally we only write to the outgoing SNMP socket, but we @@ -462,6 +461,8 @@ if (theOutSnmpConnection > -1) { debugs(49, 1, "FD " << theOutSnmpConnection << " Closing SNMP socket"); comm_close(theOutSnmpConnection); + /* make sure the SNMP out connection is unset */ + theOutSnmpConnection = -1; } } diff -u -r -N squid-3.0.STABLE6/src/String.cci squid-3.0.STABLE7/src/String.cci --- squid-3.0.STABLE6/src/String.cci 2008-05-21 03:01:14.000000000 +1200 +++ squid-3.0.STABLE7/src/String.cci 2008-06-22 15:35:52.000000000 +1200 @@ -34,6 +34,7 @@ */ #include "assert.h" +#include String::String() : size_(0), len_(0), buf_ (NULL) { diff -u -r -N squid-3.0.STABLE6/src/tools.cc squid-3.0.STABLE7/src/tools.cc --- squid-3.0.STABLE6/src/tools.cc 2008-05-21 03:01:16.000000000 +1200 +++ squid-3.0.STABLE7/src/tools.cc 2008-06-22 15:35:54.000000000 +1200 @@ -462,6 +462,9 @@ void fatal(const char *message) { + /* suppress secondary errors from the dying */ + shutting_down = 1; + releaseServerSockets(); /* check for store_dirs_rebuilding because fatal() is often * used in early initialization phases, long before we ever @@ -1354,18 +1357,21 @@ restoreCapabilities(int keep) { #if defined(_SQUID_LINUX_) && HAVE_SYS_CAPABILITY_H - cap_user_header_t head = (cap_user_header_t) xcalloc(1, sizeof(cap_user_header_t)); - cap_user_data_t cap = (cap_user_data_t) xcalloc(1, sizeof(cap_user_data_t)); +#ifndef _LINUX_CAPABILITY_VERSION_1 +#define _LINUX_CAPABILITY_VERSION_1 _LINUX_CAPABILITY_VERSION +#endif + cap_user_header_t head = (cap_user_header_t) xcalloc(1, sizeof(*head)); + cap_user_data_t cap = (cap_user_data_t) xcalloc(1, sizeof(*cap)); - head->version = _LINUX_CAPABILITY_VERSION; + head->version = _LINUX_CAPABILITY_VERSION_1; if (capget(head, cap) != 0) { debugs(50, 1, "Can't get current capabilities"); goto nocap; } - if (head->version != _LINUX_CAPABILITY_VERSION) { - debugs(50, 1, "Invalid capability version " << head->version << " (expected " << _LINUX_CAPABILITY_VERSION << ")"); + if (head->version != _LINUX_CAPABILITY_VERSION_1) { + debugs(50, 1, "Invalid capability version " << head->version << " (expected " << _LINUX_CAPABILITY_VERSION_1 << ")"); goto nocap; } diff -u -r -N squid-3.0.STABLE6/test-suite/debug.cc squid-3.0.STABLE7/test-suite/debug.cc --- squid-3.0.STABLE6/test-suite/debug.cc 2008-05-21 03:01:16.000000000 +1200 +++ squid-3.0.STABLE7/test-suite/debug.cc 2008-06-22 15:35:54.000000000 +1200 @@ -71,7 +71,7 @@ } int -main (int argc, char *argv) +main(int argc, char **argv) { Debug::Levels[1] = 8; debugs (1,1,"test" << "string"); diff -u -r -N squid-3.0.STABLE6/test-suite/mem_hdr_test.cc squid-3.0.STABLE7/test-suite/mem_hdr_test.cc --- squid-3.0.STABLE6/test-suite/mem_hdr_test.cc 2008-05-21 03:01:16.000000000 +1200 +++ squid-3.0.STABLE7/test-suite/mem_hdr_test.cc 2008-06-22 15:35:54.000000000 +1200 @@ -116,7 +116,7 @@ } int -main (int argc, char *argv) +main(int argc, char **argv) { assert (mem_node::InUseCount() == 0); testLowAndHigh(); diff -u -r -N squid-3.0.STABLE6/test-suite/mem_node_test.cc squid-3.0.STABLE7/test-suite/mem_node_test.cc --- squid-3.0.STABLE6/test-suite/mem_node_test.cc 2008-05-21 03:01:16.000000000 +1200 +++ squid-3.0.STABLE7/test-suite/mem_node_test.cc 2008-06-22 15:35:54.000000000 +1200 @@ -46,7 +46,7 @@ } int -main (int argc, char *argv) +main(int argc, char **argv) { mem_node *aNode = new mem_node(0); assert (aNode); diff -u -r -N squid-3.0.STABLE6/test-suite/MemPoolTest.cc squid-3.0.STABLE7/test-suite/MemPoolTest.cc --- squid-3.0.STABLE6/test-suite/MemPoolTest.cc 2008-05-21 03:01:16.000000000 +1200 +++ squid-3.0.STABLE7/test-suite/MemPoolTest.cc 2008-06-22 15:35:54.000000000 +1200 @@ -75,7 +75,7 @@ } int -main (int argc, char *argv) +main (int argc, char **argv) { MemPoolTest aTest; aTest.run(); diff -u -r -N squid-3.0.STABLE6/test-suite/StackTest.cc squid-3.0.STABLE7/test-suite/StackTest.cc --- squid-3.0.STABLE6/test-suite/StackTest.cc 2008-05-21 03:01:16.000000000 +1200 +++ squid-3.0.STABLE7/test-suite/StackTest.cc 2008-06-22 15:35:54.000000000 +1200 @@ -38,7 +38,7 @@ #include "Stack.h" int -main (int argc, char *argv) +main(int argc, char **argv) { Stack aStack; assert (aStack.size() == 0); diff -u -r -N squid-3.0.STABLE6/test-suite/syntheticoperators.cc squid-3.0.STABLE7/test-suite/syntheticoperators.cc --- squid-3.0.STABLE6/test-suite/syntheticoperators.cc 2008-05-21 03:01:16.000000000 +1200 +++ squid-3.0.STABLE7/test-suite/syntheticoperators.cc 2008-06-22 15:35:54.000000000 +1200 @@ -171,7 +171,7 @@ } int -main (int argc, char *argv) +main(int argc, char **argv) { CheckHasExplicitWorks(); CheckSyntheticWorks(); diff -u -r -N squid-3.0.STABLE6/test-suite/VirtualDeleteOperator.cc squid-3.0.STABLE7/test-suite/VirtualDeleteOperator.cc --- squid-3.0.STABLE6/test-suite/VirtualDeleteOperator.cc 2008-05-21 03:01:16.000000000 +1200 +++ squid-3.0.STABLE7/test-suite/VirtualDeleteOperator.cc 2008-06-22 15:35:54.000000000 +1200 @@ -114,7 +114,7 @@ ChildVirtual::~ChildVirtual(){} int -main (int argc, char *argv) +main(int argc, char **argv) { assert (BaseVirtual::Calls.news() == 0); assert (BaseVirtual::Calls.deletes() == 0);