diff -u -r -N squid-3.4.5/acinclude/init.m4 squid-3.4.6/acinclude/init.m4 --- squid-3.4.5/acinclude/init.m4 2014-05-02 05:09:05.000000000 -0700 +++ squid-3.4.6/acinclude/init.m4 2014-06-25 07:41:39.000000000 -0700 @@ -35,12 +35,18 @@ dnl *BSD net headers AC_DEFUN([SQUID_BSDNET_INCLUDES],[ SQUID_DEFAULT_INCLUDES +#if HAVE_SYS_PARAM_H +#include +#endif #if HAVE_SYS_TIME_H #include #endif #if HAVE_SYS_SOCKET_H #include #endif +#if HAVE_NET_IF_H +#include +#endif #if HAVE_NETINET_IN_H #include #endif @@ -50,15 +56,9 @@ #if HAVE_NETINET_IP_COMPAT_H #include #endif -#if HAVE_NET_IF_H -#include -#endif #if HAVE_NETINET_IP_FIL_H #include #endif -#if HAVE_SYS_PARAM_H -#include -#endif ]) dnl =========================================================================== diff -u -r -N squid-3.4.5/cfgaux/config.guess squid-3.4.6/cfgaux/config.guess --- squid-3.4.5/cfgaux/config.guess 2014-05-02 05:09:48.000000000 -0700 +++ squid-3.4.6/cfgaux/config.guess 2014-06-25 07:42:31.000000000 -0700 @@ -1,8 +1,8 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2013 Free Software Foundation, Inc. +# Copyright 1992-2014 Free Software Foundation, Inc. -timestamp='2013-06-10' +timestamp='2014-03-23' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -50,7 +50,7 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2013 Free Software Foundation, Inc. +Copyright 1992-2014 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -149,7 +149,7 @@ LIBC=gnu #endif EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` ;; esac @@ -826,7 +826,7 @@ *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; - i*:MSYS*:*) + *:MSYS*:*) echo ${UNAME_MACHINE}-pc-msys exit ;; i*:windows32*:*) @@ -969,10 +969,10 @@ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } ;; - or1k:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + openrisc*:Linux:*:*) + echo or1k-unknown-linux-${LIBC} exit ;; - or32:Linux:*:*) + or32:Linux:*:* | or1k*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; padre:Linux:*:*) @@ -1260,16 +1260,26 @@ if test "$UNAME_PROCESSOR" = unknown ; then UNAME_PROCESSOR=powerpc fi - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then - if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - case $UNAME_PROCESSOR in - i386) UNAME_PROCESSOR=x86_64 ;; - powerpc) UNAME_PROCESSOR=powerpc64 ;; - esac + if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + case $UNAME_PROCESSOR in + i386) UNAME_PROCESSOR=x86_64 ;; + powerpc) UNAME_PROCESSOR=powerpc64 ;; + esac + fi fi + elif test "$UNAME_PROCESSOR" = i386 ; then + # Avoid executing cc on OS X 10.9, as it ships with a stub + # that puts up a graphical alert prompting to install + # developer tools. Any system running Mac OS X 10.7 or + # later (Darwin 11 and later) is required to have a 64-bit + # processor. This is not true of the ARM version of Darwin + # that Apple uses in portable devices. + UNAME_PROCESSOR=x86_64 fi echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; @@ -1361,154 +1371,6 @@ exit ;; esac -eval $set_cc_for_build -cat >$dummy.c < -# include -#endif -main () -{ -#if defined (sony) -#if defined (MIPSEB) - /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, - I don't know.... */ - printf ("mips-sony-bsd\n"); exit (0); -#else -#include - printf ("m68k-sony-newsos%s\n", -#ifdef NEWSOS4 - "4" -#else - "" -#endif - ); exit (0); -#endif -#endif - -#if defined (__arm) && defined (__acorn) && defined (__unix) - printf ("arm-acorn-riscix\n"); exit (0); -#endif - -#if defined (hp300) && !defined (hpux) - printf ("m68k-hp-bsd\n"); exit (0); -#endif - -#if defined (NeXT) -#if !defined (__ARCHITECTURE__) -#define __ARCHITECTURE__ "m68k" -#endif - int version; - version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; - if (version < 4) - printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); - else - printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); - exit (0); -#endif - -#if defined (MULTIMAX) || defined (n16) -#if defined (UMAXV) - printf ("ns32k-encore-sysv\n"); exit (0); -#else -#if defined (CMU) - printf ("ns32k-encore-mach\n"); exit (0); -#else - printf ("ns32k-encore-bsd\n"); exit (0); -#endif -#endif -#endif - -#if defined (__386BSD__) - printf ("i386-pc-bsd\n"); exit (0); -#endif - -#if defined (sequent) -#if defined (i386) - printf ("i386-sequent-dynix\n"); exit (0); -#endif -#if defined (ns32000) - printf ("ns32k-sequent-dynix\n"); exit (0); -#endif -#endif - -#if defined (_SEQUENT_) - struct utsname un; - - uname(&un); - - if (strncmp(un.version, "V2", 2) == 0) { - printf ("i386-sequent-ptx2\n"); exit (0); - } - if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ - printf ("i386-sequent-ptx1\n"); exit (0); - } - printf ("i386-sequent-ptx\n"); exit (0); - -#endif - -#if defined (vax) -# if !defined (ultrix) -# include -# if defined (BSD) -# if BSD == 43 - printf ("vax-dec-bsd4.3\n"); exit (0); -# else -# if BSD == 199006 - printf ("vax-dec-bsd4.3reno\n"); exit (0); -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# endif -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# else - printf ("vax-dec-ultrix\n"); exit (0); -# endif -#endif - -#if defined (alliant) && defined (i860) - printf ("i860-alliant-bsd\n"); exit (0); -#endif - - exit (1); -} -EOF - -$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && - { echo "$SYSTEM_NAME"; exit; } - -# Apollos put the system type in the environment. - -test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } - -# Convex versions that predate uname can use getsysinfo(1) - -if [ -x /usr/convex/getsysinfo ] -then - case `getsysinfo -f cpu_type` in - c1*) - echo c1-convex-bsd - exit ;; - c2*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi - exit ;; - c34*) - echo c34-convex-bsd - exit ;; - c38*) - echo c38-convex-bsd - exit ;; - c4*) - echo c4-convex-bsd - exit ;; - esac -fi - cat >&2 <. # @@ -595,8 +595,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='3.4.5' -PACKAGE_STRING='Squid Web Proxy 3.4.5' +PACKAGE_VERSION='3.4.6' +PACKAGE_STRING='Squid Web Proxy 3.4.6' PACKAGE_BUGREPORT='http://bugs.squid-cache.org/' PACKAGE_URL='' @@ -1605,7 +1605,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 3.4.5 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 3.4.6 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1675,7 +1675,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 3.4.5:";; + short | recursive ) echo "Configuration of Squid Web Proxy 3.4.6:";; esac cat <<\_ACEOF @@ -2071,7 +2071,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 3.4.5 +Squid Web Proxy configure 3.4.6 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -3175,7 +3175,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 3.4.5, which was +It was created by Squid Web Proxy $as_me 3.4.6, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4042,7 +4042,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='3.4.5' + VERSION='3.4.6' cat >>confdefs.h <<_ACEOF @@ -27422,12 +27422,18 @@ #include #endif +#if HAVE_SYS_PARAM_H +#include +#endif #if HAVE_SYS_TIME_H #include #endif #if HAVE_SYS_SOCKET_H #include #endif +#if HAVE_NET_IF_H +#include +#endif #if HAVE_NETINET_IN_H #include #endif @@ -27437,15 +27443,9 @@ #if HAVE_NETINET_IP_COMPAT_H #include #endif -#if HAVE_NET_IF_H -#include -#endif #if HAVE_NETINET_IP_FIL_H #include #endif -#if HAVE_SYS_PARAM_H -#include -#endif " if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : @@ -34219,7 +34219,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 3.4.5, which was +This file was extended by Squid Web Proxy $as_me 3.4.6, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -34285,7 +34285,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Squid Web Proxy config.status 3.4.5 +Squid Web Proxy config.status 3.4.6 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -u -r -N squid-3.4.5/configure.ac squid-3.4.6/configure.ac --- squid-3.4.5/configure.ac 2014-05-02 05:10:36.000000000 -0700 +++ squid-3.4.6/configure.ac 2014-06-25 07:43:23.000000000 -0700 @@ -1,4 +1,4 @@ -AC_INIT([Squid Web Proxy],[3.4.5],[http://bugs.squid-cache.org/],[squid]) +AC_INIT([Squid Web Proxy],[3.4.6],[http://bugs.squid-cache.org/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) diff -u -r -N squid-3.4.5/helpers/basic_auth/DB/basic_db_auth.8 squid-3.4.6/helpers/basic_auth/DB/basic_db_auth.8 --- squid-3.4.5/helpers/basic_auth/DB/basic_db_auth.8 2014-05-02 05:48:00.000000000 -0700 +++ squid-3.4.6/helpers/basic_auth/DB/basic_db_auth.8 2014-06-25 08:29:28.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_DB_AUTH 1" -.TH BASIC_DB_AUTH 1 "2014-05-02" "perl v5.18.2" "User Contributed Perl Documentation" +.TH BASIC_DB_AUTH 1 "2014-06-25" "perl v5.18.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.4.5/helpers/external_acl/SQL_session/ext_sql_session_acl.8 squid-3.4.6/helpers/external_acl/SQL_session/ext_sql_session_acl.8 --- squid-3.4.5/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2014-05-02 05:48:18.000000000 -0700 +++ squid-3.4.6/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2014-06-25 08:29:53.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_SQL_SESSION_ACL 1" -.TH EXT_SQL_SESSION_ACL 1 "2014-05-02" "perl v5.18.2" "User Contributed Perl Documentation" +.TH EXT_SQL_SESSION_ACL 1 "2014-06-25" "perl v5.18.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.4.5/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 squid-3.4.6/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 --- squid-3.4.5/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2014-05-02 05:48:21.000000000 -0700 +++ squid-3.4.6/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2014-06-25 08:29:56.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_WBINFO_GROUP_ACL.PL.IN 1" -.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2014-05-02" "perl v5.18.2" "User Contributed Perl Documentation" +.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2014-06-25" "perl v5.18.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.4.5/helpers/log_daemon/DB/log_db_daemon.8 squid-3.4.6/helpers/log_daemon/DB/log_db_daemon.8 --- squid-3.4.5/helpers/log_daemon/DB/log_db_daemon.8 2014-05-02 05:48:22.000000000 -0700 +++ squid-3.4.6/helpers/log_daemon/DB/log_db_daemon.8 2014-06-25 08:29:58.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "LOG_DB_DAEMON 1" -.TH LOG_DB_DAEMON 1 "2014-05-02" "perl v5.18.2" "User Contributed Perl Documentation" +.TH LOG_DB_DAEMON 1 "2014-06-25" "perl v5.18.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.4.5/helpers/storeid_rewrite/file/storeid_file_rewrite.8 squid-3.4.6/helpers/storeid_rewrite/file/storeid_file_rewrite.8 --- squid-3.4.5/helpers/storeid_rewrite/file/storeid_file_rewrite.8 2014-05-02 05:48:32.000000000 -0700 +++ squid-3.4.6/helpers/storeid_rewrite/file/storeid_file_rewrite.8 2014-06-25 08:30:10.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "STOREID_FILE_REWRITE 1" -.TH STOREID_FILE_REWRITE 1 "2014-05-02" "perl v5.18.2" "User Contributed Perl Documentation" +.TH STOREID_FILE_REWRITE 1 "2014-06-25" "perl v5.18.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.4.5/include/version.h squid-3.4.6/include/version.h --- squid-3.4.5/include/version.h 2014-05-02 05:10:36.000000000 -0700 +++ squid-3.4.6/include/version.h 2014-06-25 07:43:23.000000000 -0700 @@ -7,7 +7,7 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1399032539 +#define SQUID_RELEASE_TIME 1403707292 #endif #ifndef APP_SHORTNAME diff -u -r -N squid-3.4.5/libltdl/config/config.guess squid-3.4.6/libltdl/config/config.guess --- squid-3.4.5/libltdl/config/config.guess 2014-05-02 05:09:30.000000000 -0700 +++ squid-3.4.6/libltdl/config/config.guess 2014-06-25 07:42:11.000000000 -0700 @@ -1,8 +1,8 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2013 Free Software Foundation, Inc. +# Copyright 1992-2014 Free Software Foundation, Inc. -timestamp='2013-06-10' +timestamp='2014-03-23' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -50,7 +50,7 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2013 Free Software Foundation, Inc. +Copyright 1992-2014 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -149,7 +149,7 @@ LIBC=gnu #endif EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` ;; esac @@ -826,7 +826,7 @@ *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; - i*:MSYS*:*) + *:MSYS*:*) echo ${UNAME_MACHINE}-pc-msys exit ;; i*:windows32*:*) @@ -969,10 +969,10 @@ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } ;; - or1k:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + openrisc*:Linux:*:*) + echo or1k-unknown-linux-${LIBC} exit ;; - or32:Linux:*:*) + or32:Linux:*:* | or1k*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; padre:Linux:*:*) @@ -1260,16 +1260,26 @@ if test "$UNAME_PROCESSOR" = unknown ; then UNAME_PROCESSOR=powerpc fi - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then - if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - case $UNAME_PROCESSOR in - i386) UNAME_PROCESSOR=x86_64 ;; - powerpc) UNAME_PROCESSOR=powerpc64 ;; - esac + if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + case $UNAME_PROCESSOR in + i386) UNAME_PROCESSOR=x86_64 ;; + powerpc) UNAME_PROCESSOR=powerpc64 ;; + esac + fi fi + elif test "$UNAME_PROCESSOR" = i386 ; then + # Avoid executing cc on OS X 10.9, as it ships with a stub + # that puts up a graphical alert prompting to install + # developer tools. Any system running Mac OS X 10.7 or + # later (Darwin 11 and later) is required to have a 64-bit + # processor. This is not true of the ARM version of Darwin + # that Apple uses in portable devices. + UNAME_PROCESSOR=x86_64 fi echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; @@ -1361,154 +1371,6 @@ exit ;; esac -eval $set_cc_for_build -cat >$dummy.c < -# include -#endif -main () -{ -#if defined (sony) -#if defined (MIPSEB) - /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, - I don't know.... */ - printf ("mips-sony-bsd\n"); exit (0); -#else -#include - printf ("m68k-sony-newsos%s\n", -#ifdef NEWSOS4 - "4" -#else - "" -#endif - ); exit (0); -#endif -#endif - -#if defined (__arm) && defined (__acorn) && defined (__unix) - printf ("arm-acorn-riscix\n"); exit (0); -#endif - -#if defined (hp300) && !defined (hpux) - printf ("m68k-hp-bsd\n"); exit (0); -#endif - -#if defined (NeXT) -#if !defined (__ARCHITECTURE__) -#define __ARCHITECTURE__ "m68k" -#endif - int version; - version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; - if (version < 4) - printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); - else - printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); - exit (0); -#endif - -#if defined (MULTIMAX) || defined (n16) -#if defined (UMAXV) - printf ("ns32k-encore-sysv\n"); exit (0); -#else -#if defined (CMU) - printf ("ns32k-encore-mach\n"); exit (0); -#else - printf ("ns32k-encore-bsd\n"); exit (0); -#endif -#endif -#endif - -#if defined (__386BSD__) - printf ("i386-pc-bsd\n"); exit (0); -#endif - -#if defined (sequent) -#if defined (i386) - printf ("i386-sequent-dynix\n"); exit (0); -#endif -#if defined (ns32000) - printf ("ns32k-sequent-dynix\n"); exit (0); -#endif -#endif - -#if defined (_SEQUENT_) - struct utsname un; - - uname(&un); - - if (strncmp(un.version, "V2", 2) == 0) { - printf ("i386-sequent-ptx2\n"); exit (0); - } - if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ - printf ("i386-sequent-ptx1\n"); exit (0); - } - printf ("i386-sequent-ptx\n"); exit (0); - -#endif - -#if defined (vax) -# if !defined (ultrix) -# include -# if defined (BSD) -# if BSD == 43 - printf ("vax-dec-bsd4.3\n"); exit (0); -# else -# if BSD == 199006 - printf ("vax-dec-bsd4.3reno\n"); exit (0); -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# endif -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# else - printf ("vax-dec-ultrix\n"); exit (0); -# endif -#endif - -#if defined (alliant) && defined (i860) - printf ("i860-alliant-bsd\n"); exit (0); -#endif - - exit (1); -} -EOF - -$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && - { echo "$SYSTEM_NAME"; exit; } - -# Apollos put the system type in the environment. - -test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } - -# Convex versions that predate uname can use getsysinfo(1) - -if [ -x /usr/convex/getsysinfo ] -then - case `getsysinfo -f cpu_type` in - c1*) - echo c1-convex-bsd - exit ;; - c2*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi - exit ;; - c34*) - echo c34-convex-bsd - exit ;; - c38*) - echo c38-convex-bsd - exit ;; - c4*) - echo c4-convex-bsd - exit ;; - esac -fi - cat >&2 < #include - typedef std::set AclSet; /// Accumulates all ACLs to facilitate their clean deletion despite reuse. static AclSet *RegisteredAcls; // TODO: Remove when ACLs are refcounted @@ -263,17 +262,22 @@ } } +/// remove registered acl from the centralized deletion set +static +void +aclDeregister(ACL *acl) +{ + if (acl->registered) { + if (RegisteredAcls) + RegisteredAcls->erase(acl); + acl->registered = false; + } +} + /*********************/ /* Destroy functions */ /*********************/ -/// helper for RegisteredAcls cleanup -static void -aclDeleteOne(ACL *acl) -{ - delete acl; -} - /// called to delete ALL Acls. void aclDestroyAcls(ACL ** head) @@ -281,8 +285,15 @@ *head = NULL; // Config.aclList if (AclSet *acls = RegisteredAcls) { debugs(28, 8, "deleting all " << acls->size() << " ACLs"); - std::for_each(acls->begin(), acls->end(), &aclDeleteOne); - acls->clear(); + while (!acls->empty()) { + ACL *acl = *acls->begin(); + // We use centralized deletion (this function) so ~ACL should not + // delete other ACLs, but we still deregister first to prevent any + // accesses to the being-deleted ACL via RegisteredAcls. + assert(acl->registered); // make sure we are making progress + aclDeregister(acl); + delete acl; + } } } @@ -291,7 +302,8 @@ { debugs(28, 8, "aclDestroyAclList: invoked"); assert(list); - cbdataFree(*list); + delete *list; + *list = NULL; } void @@ -300,7 +312,8 @@ assert(list); if (*list) debugs(28, 3, "destroying: " << *list << ' ' << (*list)->name); - cbdataFree(*list); + delete *list; + *list = NULL; } /* maex@space.net (06.09.1996) diff -u -r -N squid-3.4.5/src/acl/InnerNode.cc squid-3.4.6/src/acl/InnerNode.cc --- squid-3.4.5/src/acl/InnerNode.cc 2014-05-02 05:09:05.000000000 -0700 +++ squid-3.4.6/src/acl/InnerNode.cc 2014-06-25 07:41:39.000000000 -0700 @@ -2,6 +2,7 @@ #include "acl/Acl.h" #include "acl/BoolOps.h" #include "acl/Checklist.h" +#include "acl/Gadgets.h" #include "acl/InnerNode.h" #include "cache_cf.h" #include "ConfigParser.h" @@ -27,6 +28,7 @@ { assert(node != NULL); nodes.push_back(node); + aclRegister(node); } // one call parses one "acl name acltype name1 name2 ..." line diff -u -r -N squid-3.4.5/src/adaptation/AccessRule.cc squid-3.4.6/src/adaptation/AccessRule.cc --- squid-3.4.5/src/adaptation/AccessRule.cc 2014-05-02 05:09:05.000000000 -0700 +++ squid-3.4.6/src/adaptation/AccessRule.cc 2014-06-25 07:41:39.000000000 -0700 @@ -1,5 +1,6 @@ #include "squid.h" #include "acl/Gadgets.h" +#include "acl/Tree.h" #include "adaptation/AccessRule.h" #include "adaptation/Service.h" #include "adaptation/ServiceGroups.h" @@ -14,7 +15,7 @@ Adaptation::AccessRule::~AccessRule() { - // XXX: leaking acls here? + delete acl; } void diff -u -r -N squid-3.4.5/src/auth/AclMaxUserIp.cc squid-3.4.6/src/auth/AclMaxUserIp.cc --- squid-3.4.5/src/auth/AclMaxUserIp.cc 2014-05-02 05:09:05.000000000 -0700 +++ squid-3.4.6/src/auth/AclMaxUserIp.cc 2014-06-25 07:41:39.000000000 -0700 @@ -27,7 +27,7 @@ ACLMaxUserIP::ACLMaxUserIP (ACLMaxUserIP const & old) : class_ (old.class_), maximum (old.maximum) { - flags = old.flags; + flags = old.flags; } ACLMaxUserIP::~ACLMaxUserIP() diff -u -r -N squid-3.4.5/src/base/LruMap.h squid-3.4.6/src/base/LruMap.h --- squid-3.4.5/src/base/LruMap.h 2014-05-02 05:09:05.000000000 -0700 +++ squid-3.4.6/src/base/LruMap.h 2014-06-25 07:41:39.000000000 -0700 @@ -143,6 +143,10 @@ del(key); trim(); + + if (memLimit() == 0) + return false; + index.push_front(new Entry(key, t)); storage.insert(MapPair(key, index.begin())); @@ -188,7 +192,7 @@ void LruMap::trim() { - while (memLimit() > 0 && size() >= memLimit()) { + while (size() >= memLimit()) { QueueIterator i = index.end(); --i; if (i != index.end()) { diff -u -r -N squid-3.4.5/src/cache_manager.cc squid-3.4.6/src/cache_manager.cc --- squid-3.4.5/src/cache_manager.cc 2014-05-02 05:09:05.000000000 -0700 +++ squid-3.4.6/src/cache_manager.cc 2014-06-25 07:41:39.000000000 -0700 @@ -82,7 +82,7 @@ CacheManager::registerProfile(const Mgr::ActionProfile::Pointer &profile) { Must(profile != NULL); - if (std::find(menu_.begin(), menu_.end(), profile) == menu_.end()) { + if (!CacheManager::findAction(profile->name)) { menu_.push_back(profile); debugs(16, 3, HERE << "registered profile: " << *profile); } else { diff -u -r -N squid-3.4.5/src/cf.data.pre squid-3.4.6/src/cf.data.pre --- squid-3.4.5/src/cf.data.pre 2014-05-02 05:09:05.000000000 -0700 +++ squid-3.4.6/src/cf.data.pre 2014-06-25 07:41:39.000000000 -0700 @@ -686,7 +686,7 @@ Up to the value of children-max. (default 1) concurrency=n concurrency level per process. Only used with helpers capable of processing more than one query at a time. - cache=n limit the result cache size, default is unbounded. + cache=n limit the result cache size, default is 262144. grace=n Percentage remaining of TTL where a refresh of a cached entry should be initiated without needing to wait for a new reply. (default is for no grace period) diff -u -r -N squid-3.4.5/src/client_db.cc squid-3.4.6/src/client_db.cc --- squid-3.4.5/src/client_db.cc 2014-05-02 05:09:05.000000000 -0700 +++ squid-3.4.6/src/client_db.cc 2014-06-25 07:41:39.000000000 -0700 @@ -123,8 +123,8 @@ class ClientDbRr: public RegisteredRunner { - public: - virtual void run(const RunnerRegistry &); +public: + virtual void run(const RunnerRegistry &); }; RunnerRegistrationEntry(rrAfterConfig, ClientDbRr); diff -u -r -N squid-3.4.5/src/client_side.cc squid-3.4.6/src/client_side.cc --- squid-3.4.5/src/client_side.cc 2014-05-02 05:09:05.000000000 -0700 +++ squid-3.4.6/src/client_side.cc 2014-06-25 07:41:39.000000000 -0700 @@ -3988,7 +3988,13 @@ if (!httpsCreate(clientConnection, sslContext)) return; - // commSetConnTimeout() was called for this request before we switched. + // bumped intercepted conns should already have Config.Timeout.request set + // but forwarded connections may only have Config.Timeout.lifetime. [Re]set + // to make sure the connection does not get stuck on non-SSL clients. + typedef CommCbMemFunT TimeoutDialer; + AsyncCall::Pointer timeoutCall = JobCallback(33, 5, TimeoutDialer, + this, ConnStateData::requestTimeout); + commSetConnTimeout(clientConnection, Config.Timeout.request, timeoutCall); // Disable the client read handler until CachePeer selection is complete Comm::SetSelect(clientConnection->fd, COMM_SELECT_READ, NULL, NULL, 0); diff -u -r -N squid-3.4.5/src/client_side_reply.cc squid-3.4.6/src/client_side_reply.cc --- squid-3.4.5/src/client_side_reply.cc 2014-05-02 05:09:05.000000000 -0700 +++ squid-3.4.6/src/client_side_reply.cc 2014-06-25 07:41:39.000000000 -0700 @@ -1323,7 +1323,7 @@ if (http->storeEntry()->timestamp <= squid_curtime) { // put X-Cache-Age: instead of Age: char age[64]; - snprintf(age, sizeof(age), "%ld", (long int) squid_curtime - http->storeEntry()->timestamp); + snprintf(age, sizeof(age), "%" PRId64, static_cast(squid_curtime - http->storeEntry()->timestamp)); hdr->putExt("X-Cache-Age", age); } } else if (http->storeEntry()->timestamp <= squid_curtime) { diff -u -r -N squid-3.4.5/src/comm/ConnOpener.cc squid-3.4.6/src/comm/ConnOpener.cc --- squid-3.4.5/src/comm/ConnOpener.cc 2014-05-02 05:09:05.000000000 -0700 +++ squid-3.4.6/src/comm/ConnOpener.cc 2014-06-25 07:41:39.000000000 -0700 @@ -230,7 +230,7 @@ } if (createFd()) - connect(); + doConnect(); } /// called at the end of Comm::ConnOpener::DelayedConnectRetry event @@ -241,7 +241,7 @@ calls_.sleep_ = false; if (createFd()) - connect(); + doConnect(); } /// Create a socket for the future connection or return false. @@ -311,7 +311,7 @@ /// Make an FD connection attempt. void -Comm::ConnOpener::connect() +Comm::ConnOpener::doConnect() { Must(conn_ != NULL); Must(temporaryFd_ >= 0); @@ -344,7 +344,7 @@ } else { // send ERROR back to the upper layer. debugs(5, 5, HERE << conn_ << ": * - ERR tried too many times already."); - sendAnswer(COMM_ERR_CONNECT, xerrno, "Comm::ConnOpener::connect"); + sendAnswer(COMM_ERR_CONNECT, xerrno, "Comm::ConnOpener::doConnect"); } } } @@ -426,7 +426,7 @@ } /* Legacy Wrapper for the retry event after COMM_INPROGRESS - * XXX: As soon as Comm::SetSelect() accepts Async calls we can use a ConnOpener::connect call + * XXX: As soon as Comm::SetSelect() accepts Async calls we can use a ConnOpener::doConnect call */ void Comm::ConnOpener::InProgressConnectRetry(int fd, void *data) @@ -437,7 +437,7 @@ // Ew. we are now outside the all AsyncJob protections. // get back inside by scheduling another call... typedef NullaryMemFunT Dialer; - AsyncCall::Pointer call = JobCallback(5, 4, Dialer, cs, Comm::ConnOpener::connect); + AsyncCall::Pointer call = JobCallback(5, 4, Dialer, cs, Comm::ConnOpener::doConnect); ScheduleCallHere(call); } delete ptr; diff -u -r -N squid-3.4.5/src/comm/ConnOpener.h squid-3.4.6/src/comm/ConnOpener.h --- squid-3.4.5/src/comm/ConnOpener.h 2014-05-02 05:09:05.000000000 -0700 +++ squid-3.4.6/src/comm/ConnOpener.h 2014-06-25 07:41:39.000000000 -0700 @@ -43,7 +43,7 @@ void sendAnswer(comm_err_t errFlag, int xerrno, const char *why); static void InProgressConnectRetry(int fd, void *data); static void DelayedConnectRetry(void *data); - void connect(); + void doConnect(); void connected(); void lookupLocalAddress(); diff -u -r -N squid-3.4.5/src/comm/TcpAcceptor.cc squid-3.4.6/src/comm/TcpAcceptor.cc --- squid-3.4.5/src/comm/TcpAcceptor.cc 2014-05-02 05:09:05.000000000 -0700 +++ squid-3.4.6/src/comm/TcpAcceptor.cc 2014-06-25 07:41:39.000000000 -0700 @@ -122,6 +122,12 @@ { debugs(5,5, HERE); unsubscribe("swanSong"); + if (IsConnOpen(conn)) { + if (closer_ != NULL) + comm_remove_close_handler(conn->fd, closer_); + conn->close(); + } + conn = NULL; AcceptLimiter::Instance().removeDead(this); AsyncJob::swanSong(); @@ -182,6 +188,20 @@ debugs(5, DBG_CRITICAL, "WARNING: accept_filter not supported on your OS"); #endif } + + typedef CommCbMemFunT Dialer; + closer_ = JobCallback(5, 4, Dialer, this, Comm::TcpAcceptor::handleClosure); + comm_add_close_handler(conn->fd, closer_); +} + +/// called when listening descriptor is closed by an external force +/// such as clientHttpConnectionsClose() +void +Comm::TcpAcceptor::handleClosure(const CommCloseCbParams &io) +{ + closer_ = NULL; + conn = NULL; + Must(done()); } /** diff -u -r -N squid-3.4.5/src/comm/TcpAcceptor.h squid-3.4.6/src/comm/TcpAcceptor.h --- squid-3.4.5/src/comm/TcpAcceptor.h 2014-05-02 05:09:05.000000000 -0700 +++ squid-3.4.6/src/comm/TcpAcceptor.h 2014-06-25 07:41:39.000000000 -0700 @@ -7,6 +7,8 @@ #include "comm_err_t.h" #include "comm/forward.h" +class CommCloseCbParams; + namespace Comm { @@ -73,6 +75,9 @@ /// Reserved for read-only use. ConnectionPointer conn; + /// listen socket closure handler + AsyncCall::Pointer closer_; + /// Method to test if there are enough file descriptors to open a new client connection /// if not the accept() will be postponed static bool okToAccept(); @@ -83,6 +88,7 @@ void acceptOne(); comm_err_t oldAccept(Comm::ConnectionPointer &details); void setListen(); + void handleClosure(const CommCloseCbParams &io); CBDATA_CLASS2(TcpAcceptor); }; diff -u -r -N squid-3.4.5/src/eui/Eui64.cc squid-3.4.6/src/eui/Eui64.cc --- squid-3.4.5/src/eui/Eui64.cc 2014-05-02 05:09:05.000000000 -0700 +++ squid-3.4.6/src/eui/Eui64.cc 2014-06-25 07:41:39.000000000 -0700 @@ -19,8 +19,8 @@ Eui::Eui64::decode(const char *asc) { if (eui64_aton(asc, (struct eui64 *)eui) != 0) { - debugs(28, 4, "id=" << (void*)this << " decode fail on " << asc); - return false; + debugs(28, 4, "id=" << (void*)this << " decode fail on " << asc); + return false; } debugs(28, 4, "id=" << (void*)this << " ATON decoded " << asc); diff -u -r -N squid-3.4.5/src/external_acl.cc squid-3.4.6/src/external_acl.cc --- squid-3.4.5/src/external_acl.cc 2014-05-02 05:09:05.000000000 -0700 +++ squid-3.4.6/src/external_acl.cc 2014-06-25 07:41:39.000000000 -0700 @@ -1603,14 +1603,16 @@ checklist->extacl_entry = cbdataReference((external_acl_entry *)result); // attach the helper kv-pair to the transaction - if (HttpRequest * req = checklist->request) { - // XXX: we have no access to the transaction / AccessLogEntry so cant SyncNotes(). - // workaround by using anything already set in HttpRequest - // OR use new and rely on a later Sync copying these to AccessLogEntry - if (!req->notes) - req->notes = new NotePairs; + if (checklist->extacl_entry) { + if (HttpRequest * req = checklist->request) { + // XXX: we have no access to the transaction / AccessLogEntry so cant SyncNotes(). + // workaround by using anything already set in HttpRequest + // OR use new and rely on a later Sync copying these to AccessLogEntry + if (!req->notes) + req->notes = new NotePairs; - req->notes->appendNewOnly(&checklist->extacl_entry->notes); + req->notes->appendNewOnly(&checklist->extacl_entry->notes); + } } checklist->resumeNonBlockingCheck(ExternalACLLookup::Instance()); diff -u -r -N squid-3.4.5/src/format/Format.cc squid-3.4.6/src/format/Format.cc --- squid-3.4.5/src/format/Format.cc 2014-05-02 05:09:05.000000000 -0700 +++ squid-3.4.6/src/format/Format.cc 2014-06-25 07:41:39.000000000 -0700 @@ -475,7 +475,7 @@ const char *spec; struct tm *t; - spec = fmt->data.timespec; + spec = fmt->data.string; if (fmt->type == LFT_TIME_LOCALTIME) { if (!spec) diff -u -r -N squid-3.4.5/src/format/Token.cc squid-3.4.6/src/format/Token.cc --- squid-3.4.5/src/format/Token.cc 2014-05-02 05:09:05.000000000 -0700 +++ squid-3.4.6/src/format/Token.cc 2014-06-25 07:41:39.000000000 -0700 @@ -541,24 +541,22 @@ } Format::Token::Token() : type(LFT_NONE), - label(NULL), - widthMin(-1), - widthMax(-1), - quote(LOG_QUOTE_NONE), - left(false), - space(false), - zero(false), - divisor(1), - next(NULL) + label(NULL), + widthMin(-1), + widthMax(-1), + quote(LOG_QUOTE_NONE), + left(false), + space(false), + zero(false), + divisor(1), + next(NULL) { data.string = NULL; - data.header.header = NULL; + data.header.header = NULL; data.header.element = NULL; data.header.separator = ','; } - - Format::Token::~Token() { label = NULL; // drop reference to global static. diff -u -r -N squid-3.4.5/src/format/Token.h squid-3.4.6/src/format/Token.h --- squid-3.4.5/src/format/Token.h 2014-05-02 05:09:05.000000000 -0700 +++ squid-3.4.6/src/format/Token.h 2014-06-25 07:41:39.000000000 -0700 @@ -49,7 +49,6 @@ char *element; char separator; } header; - char *timespec; } data; int widthMin; ///< minimum field width int widthMax; ///< maximum field width diff -u -r -N squid-3.4.5/src/FwdState.cc squid-3.4.6/src/FwdState.cc --- squid-3.4.5/src/FwdState.cc 2014-05-02 05:09:05.000000000 -0700 +++ squid-3.4.6/src/FwdState.cc 2014-06-25 07:41:39.000000000 -0700 @@ -718,7 +718,8 @@ // For intercepted connections, set the host name to the server // certificate CN. Otherwise, we just hope that CONNECT is using // a user-entered address (a host name or a user-entered IP). - const bool isConnectRequest = !request->clientConnectionManager->port->flags.isIntercepted(); + const bool isConnectRequest = request->clientConnectionManager.valid() && + !request->clientConnectionManager->port->flags.isIntercepted(); if (request->flags.sslPeek && !isConnectRequest) { if (X509 *srvX509 = errDetails->peerCert()) { if (const char *name = Ssl::CommonHostName(srvX509)) { @@ -964,7 +965,8 @@ // unless it was the CONNECT request with a user-typed address. const char *hostname = request->GetHost(); const bool hostnameIsIp = request->GetHostIsNumeric(); - const bool isConnectRequest = !request->clientConnectionManager->port->flags.isIntercepted(); + const bool isConnectRequest = request->clientConnectionManager.valid() && + !request->clientConnectionManager->port->flags.isIntercepted(); if (!request->flags.sslPeek || isConnectRequest) SSL_set_ex_data(ssl, ssl_ex_index_server, (void*)hostname); diff -u -r -N squid-3.4.5/src/http/StatusCode.cc squid-3.4.6/src/http/StatusCode.cc --- squid-3.4.5/src/http/StatusCode.cc 2014-05-02 05:09:05.000000000 -0700 +++ squid-3.4.6/src/http/StatusCode.cc 2014-06-25 07:41:39.000000000 -0700 @@ -7,12 +7,12 @@ { switch (status) { - // 000 + // 000 case Http::scNone: return "Init"; /* we init .status with code 0 */ break; - // 100-199 + // 100-199 case Http::scContinue: return "Continue"; break; @@ -25,7 +25,7 @@ return "Processing"; break; - // 200-299 + // 200-299 case Http::scOkay: return "OK"; break; @@ -66,7 +66,7 @@ return "IM Used"; break; - // 300-399 + // 300-399 case Http::scMultipleChoices: return "Multiple Choices"; break; @@ -99,7 +99,7 @@ return "Permanent Redirect"; break; - // 400-499 + // 400-499 case Http::scBadRequest: return "Bad Request"; break; @@ -200,7 +200,7 @@ return "Request Header Fields Too Large"; break; - // 500-599 + // 500-599 case Http::scInternalServerError: return "Internal Server Error"; break; @@ -245,7 +245,7 @@ return "Network Authentication Required"; break; - // 600+ + // 600+ case Http::scInvalidHeader: case Http::scHeaderTooLarge: // fall through to default. diff -u -r -N squid-3.4.5/src/http/StatusCode.h squid-3.4.6/src/http/StatusCode.h --- squid-3.4.5/src/http/StatusCode.h 2014-05-02 05:09:05.000000000 -0700 +++ squid-3.4.6/src/http/StatusCode.h 2014-06-25 07:41:39.000000000 -0700 @@ -31,7 +31,7 @@ scNotModified = 304, scUseProxy = 305, scTemporaryRedirect = 307, - scPermanentRedirect = 308, /**< RFC-reschke-http-status-308-07 */ + scPermanentRedirect = 308, /**< RFC7238 */ scBadRequest = 400, scUnauthorized = 401, scPaymentRequired = 402, diff -u -r -N squid-3.4.5/src/ip/Address.cc squid-3.4.6/src/ip/Address.cc --- squid-3.4.5/src/ip/Address.cc 2014-05-02 05:09:05.000000000 -0700 +++ squid-3.4.6/src/ip/Address.cc 2014-06-25 07:41:39.000000000 -0700 @@ -21,6 +21,15 @@ /* for inet_ntoa() */ #include #endif +#if HAVE_WS2TCPIP_H +// Windows IPv6 definitions +#include +#endif + +// some OS (ie WIndows) define IN6_ADDR_EQUAL instead +#if !defined(IN6_ARE_ADDR_EQUAL) && _SQUID_WINDOWS_ +#define IN6_ARE_ADDR_EQUAL IN6_ADDR_EQUAL +#endif /* Debugging only. Dump the address content when a fatal assert is encountered. */ #define IASSERT(a,b) \ @@ -35,7 +44,7 @@ int Ip::Address::cidr() const { - uint8_t shift,byte; + uint8_t shift,ipbyte; uint8_t bit,caught; int len = 0; const uint8_t *ptr= mSocketAddr_.sin6_addr.s6_addr; @@ -52,20 +61,20 @@ } for (; shiftnext) { - p->rr_count = 0; + p->rr_count = 1; } } @@ -1229,7 +1229,7 @@ peerCountMcastPeersSchedule(p, 10); #if USE_ICMP - if (p->type != PEER_MULTICAST) + if (p->type != PEER_MULTICAST && IamWorkerProcess()) if (!p->options.no_netdb_exchange) eventAddIsh("netdbExchangeStart", netdbExchangeStart, p, 30.0, 1); #endif diff -u -r -N squid-3.4.5/src/ssl/Config.cc squid-3.4.6/src/ssl/Config.cc --- squid-3.4.5/src/ssl/Config.cc 2014-05-02 05:09:05.000000000 -0700 +++ squid-3.4.6/src/ssl/Config.cc 2014-06-25 07:41:39.000000000 -0700 @@ -5,10 +5,10 @@ Ssl::Config::Config(): #if USE_SSL_CRTD - ssl_crtd(NULL), + ssl_crtd(NULL), #endif - ssl_crt_validator(NULL) -{ + ssl_crt_validator(NULL) +{ ssl_crt_validator_Children.concurrency = 1; } diff -u -r -N squid-3.4.5/src/ssl/support.cc squid-3.4.6/src/ssl/support.cc --- squid-3.4.5/src/ssl/support.cc 2014-05-02 05:09:05.000000000 -0700 +++ squid-3.4.6/src/ssl/support.cc 2014-06-25 07:41:39.000000000 -0700 @@ -705,37 +705,30 @@ static void ssl_initialize(void) { - static int ssl_initialized = 0; + static bool initialized = false; + if (initialized) + return; + initialized = true; - if (!ssl_initialized) { - ssl_initialized = 1; - SSL_load_error_strings(); - SSLeay_add_ssl_algorithms(); -#if HAVE_OPENSSL_ENGINE_H - - if (Config.SSL.ssl_engine) { - ENGINE *e; - - if (!(e = ENGINE_by_id(Config.SSL.ssl_engine))) { - fatalf("Unable to find SSL engine '%s'\n", Config.SSL.ssl_engine); - } + SSL_load_error_strings(); + SSLeay_add_ssl_algorithms(); - if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { - int ssl_error = ERR_get_error(); - fatalf("Failed to initialise SSL engine: %s\n", - ERR_error_string(ssl_error, NULL)); - } +#if HAVE_OPENSSL_ENGINE_H + if (Config.SSL.ssl_engine) { + ENGINE *e; + if (!(e = ENGINE_by_id(Config.SSL.ssl_engine))) + fatalf("Unable to find SSL engine '%s'\n", Config.SSL.ssl_engine); + + if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { + int ssl_error = ERR_get_error(); + fatalf("Failed to initialise SSL engine: %s\n", ERR_error_string(ssl_error, NULL)); } - + } #else - if (Config.SSL.ssl_engine) { - fatalf("Your OpenSSL has no SSL engine support\n"); - } - + if (Config.SSL.ssl_engine) + fatalf("Your OpenSSL has no SSL engine support\n"); #endif - } - ssl_ex_index_server = SSL_get_ex_new_index(0, (void *) "server", NULL, NULL, NULL); ssl_ctx_ex_index_dont_verify_domain = SSL_CTX_get_ex_new_index(0, (void *) "dont_verify_domain", NULL, NULL, NULL); ssl_ex_index_cert_error_check = SSL_get_ex_new_index(0, (void *) "cert_error_check", NULL, &ssl_dupAclChecklist, &ssl_freeAclChecklist); diff -u -r -N squid-3.4.5/src/tests/stub_libsslsquid.cc squid-3.4.6/src/tests/stub_libsslsquid.cc --- squid-3.4.5/src/tests/stub_libsslsquid.cc 2014-05-02 05:09:05.000000000 -0700 +++ squid-3.4.6/src/tests/stub_libsslsquid.cc 2014-06-25 07:41:39.000000000 -0700 @@ -12,9 +12,9 @@ #include "ssl/Config.h" Ssl::Config::Config(): #if USE_SSL_CRTD - ssl_crtd(NULL), + ssl_crtd(NULL), #endif - ssl_crt_validator(NULL) + ssl_crt_validator(NULL) { ssl_crt_validator_Children.concurrency = 1; STUB_NOP