diff -u -r -N squid-3.4.3/ChangeLog squid-3.4.4/ChangeLog --- squid-3.4.3/ChangeLog 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/ChangeLog 2014-03-09 22:40:56.000000000 +1300 @@ -1,3 +1,15 @@ +Changes to squid-3.4.4 (09 Mar 2014): + + - Bug 4029: intercepted HTTPS requests bypass caching checks + - Bug 4001: remove use of strsep() + - Bug 3186 and 3628: Digest authentication always sending stale=false for nonce + - Fix stalled concurrent rock store reads + - Fix helper ID number assignment + - Fix build failures from CMSG related definitions + - Fix build failures from libcompat unsafe.h protections + - Copyright: Relicense helpers by Treehouse Networks Ltd. + - ... and all bug fixes from 3.3.12 + Changes to squid-3.4.3 (02 Feb 2014): - Bug 4008: HttpHeader warnOnError should be an int not a bool @@ -96,6 +108,16 @@ - ... and many documentation changes - ... and much code cleanup and polishing +Changes to squid-3.3.12 (09 Mar 2014): + + - Regression Bug 3769: client_netmask not evaluated since Comm redesign + - Bug 4026: Fix SSL and adaptation_access handling of aborted connections + - Bug 3969: Fix credentials caching for Digest authentication + - Bug 3806: Caching responses with Vary header + - Fix umask default on crash report generated email + - Fix pthread library detection on FreeBSD 10 + - Avoid assertions on Range requests that trigger Squid-generated errors. + Changes to squid-3.3.11 (01 Dec 2013): - Regression Bug 3936: error-details.txt parse error with OpenSSL since 3.3.9 diff -u -r -N squid-3.4.3/compat/cmsg.h squid-3.4.4/compat/cmsg.h --- squid-3.4.3/compat/cmsg.h 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/compat/cmsg.h 2014-03-09 22:40:56.000000000 +1300 @@ -12,21 +12,22 @@ // WinSock2.h defines these for Windows #if HAVE_WINSOCK2_H #include -#define CMSG_H_ // prevent re-definition #endif -#ifndef CMSG_H_ -#define CMSG_H_ +// sockaddr_un might be in sys/un.h if not pulled in already +#if HAVE_SYS_UN_H +#include +#endif -/* mostly windows-specific */ -#ifndef CMSG_SPACE +#if !HAVE_CMSGHDR struct cmsghdr { - unsigned int cmsg_len; - int cmsg_level; - int cmsg_type; + unsigned int cmsg_len; + int cmsg_level; + int cmsg_type; unsigned char cmsg_data[16]; /* dummy */ /* followed by UCHAR cmsg_data[]; */ -} ; +}; +#endif /* lifted off https://metacpan.org/source/SAMPO/Socket-PassAccessRights-0.03/passfd.c */ #ifndef CMSG_DATA @@ -48,15 +49,25 @@ & ~(sizeof (size_t) - 1)) #endif +#ifndef CMSG_SPACE # define CMSG_SPACE(len) (CMSG_ALIGN (len) \ + CMSG_ALIGN (sizeof (struct cmsghdr))) #undef HAVE_CONSTANT_CMSG_SPACE #define HAVE_CONSTANT_CMSG_SPACE 1 +#endif #ifndef CMSG_LEN # define CMSG_LEN(len) (CMSG_ALIGN (sizeof (struct cmsghdr)) + (len)) #endif +#if !HAVE_IOVEC +struct iovec { + void *iov_base; + size_t iov_len; +}; +#endif + +#if !HAVE_MSGHDR struct msghdr { void *msg_name; /* Address to send to/receive from. */ socklen_t msg_namelen; /* Length of address data. */ @@ -72,19 +83,19 @@ int msg_flags; /* Flags on received message. */ }; +#endif -struct iovec { - void *iov_base; - size_t iov_len; -}; +#if !HAVE_SOCKADDR_UN struct sockaddr_un { char sun_family; char sun_path[256]; /* pathname */ }; +#endif + +#ifndef SUN_LEN # define SUN_LEN(ptr) ((size_t) (((struct sockaddr_un *) 0)->sun_path) \ + strlen ((ptr)->sun_path)) - -#endif /* CMSG_SPACE */ +#endif #ifndef SCM_RIGHTS #define SCM_RIGHTS 1 @@ -100,8 +111,6 @@ #define AF_LOCAL 1 #endif -#endif /* CMSG_H_ */ - // CMSG_SPACE is not constant on some systems (in particular Max OS X), // provide a replacement that can be used at build time in that case // NP: this must go below our replacement definitions. diff -u -r -N squid-3.4.3/compat/compat.h squid-3.4.4/compat/compat.h --- squid-3.4.3/compat/compat.h 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/compat/compat.h 2014-03-09 22:40:56.000000000 +1300 @@ -103,9 +103,6 @@ */ #include "compat/GnuRegex.h" -/* some functions are unsafe to be used in Squid. */ -#include "compat/unsafe.h" - /* cppunit is not quite C++0x compatible yet */ #include "compat/cppunit.h" diff -u -r -N squid-3.4.3/compat/Makefile.am squid-3.4.4/compat/Makefile.am --- squid-3.4.3/compat/Makefile.am 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/compat/Makefile.am 2014-03-09 22:40:56.000000000 +1300 @@ -39,13 +39,11 @@ stdio.h \ stdvarargs.h \ strnstr.cc \ - strsep.h \ strtoll.h \ strnrchr.h \ strnrchr.c \ tempnam.h \ types.h \ - unsafe.h \ valgrind.h \ xalloc.cc \ xalloc.h \ diff -u -r -N squid-3.4.3/compat/Makefile.in squid-3.4.4/compat/Makefile.in --- squid-3.4.3/compat/Makefile.in 2014-02-02 21:42:12.000000000 +1300 +++ squid-3.4.4/compat/Makefile.in 2014-03-09 22:41:39.000000000 +1300 @@ -41,7 +41,7 @@ DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ $(top_srcdir)/src/Common.am drand48.c getaddrinfo.c \ getnameinfo.c inet_ntop.c inet_pton.c initgroups.c psignal.c \ - strerror.c strsep.c strtoll.c tempnam.c + strerror.c strtoll.c tempnam.c check_PROGRAMS = testPreCompiler$(EXEEXT) TESTS = testPreCompiler$(EXEEXT) testHeaders @USE_LOADABLE_MODULES_TRUE@am__append_1 = $(INCLTDL) @@ -411,13 +411,11 @@ stdio.h \ stdvarargs.h \ strnstr.cc \ - strsep.h \ strtoll.h \ strnrchr.h \ strnrchr.c \ tempnam.h \ types.h \ - unsafe.h \ valgrind.h \ xalloc.cc \ xalloc.h \ @@ -527,7 +525,6 @@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/initgroups.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/psignal.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strerror.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strsep.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strtoll.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/tempnam.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/GnuRegex.Plo@am__quote@ diff -u -r -N squid-3.4.3/compat/os/mswindows.h squid-3.4.4/compat/os/mswindows.h --- squid-3.4.3/compat/os/mswindows.h 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/compat/os/mswindows.h 2014-03-09 22:40:56.000000000 +1300 @@ -962,7 +962,5 @@ /* prototypes */ void WIN32_maperror(unsigned long WIN32_oserrno); -#include "compat/strsep.h" - #endif /* _SQUID_WINDOWS_ */ #endif /* SQUID_OS_MSWINDOWS_H */ diff -u -r -N squid-3.4.3/compat/os/solaris.h squid-3.4.4/compat/os/solaris.h --- squid-3.4.3/compat/os/solaris.h 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/compat/os/solaris.h 2014-03-09 22:40:56.000000000 +1300 @@ -101,8 +101,5 @@ #define _PATH_DEVNULL "/dev/null" #endif -/* Solaris 10 does not define strsep() */ -#include "compat/strsep.h" - #endif /* _SQUID_SOLARIS_ */ #endif /* SQUID_OS_SOALRIS_H */ diff -u -r -N squid-3.4.3/compat/stdio.h squid-3.4.4/compat/stdio.h --- squid-3.4.3/compat/stdio.h 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/compat/stdio.h 2014-03-09 22:40:56.000000000 +1300 @@ -46,8 +46,8 @@ #endif /* __USE_FILE_OFFSET64 && !__REDIRECT */ // Finally import the stuff we actually use -#if HAVE_CSTDIO -#include +#if HAVE_CSTDIO && defined(__cplusplus) +#include #endif #ifndef MAXPATHLEN diff -u -r -N squid-3.4.3/compat/strsep.c squid-3.4.4/compat/strsep.c --- squid-3.4.3/compat/strsep.c 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/compat/strsep.c 1970-01-01 12:00:00.000000000 +1200 @@ -1,48 +0,0 @@ -/* Copyright (C) 2004 Free Software Foundation, Inc. - * Written by Yoann Vandoorselaere - * - * The file is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This file is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this file; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 - * USA. - */ - -#include "squid.h" -#include "compat/strsep.h" - -#include - -char * -strsep(char **stringp, const char *delim) -{ - char *start = *stringp; - char *ptr; - - if (!start) - return NULL; - - if (!*delim) - ptr = start + strlen (start); - else { - ptr = strpbrk (start, delim); - if (!ptr) { - *stringp = NULL; - return start; - } - } - - *ptr = '\0'; - *stringp = ptr + 1; - - return start; -} diff -u -r -N squid-3.4.3/compat/strsep.h squid-3.4.4/compat/strsep.h --- squid-3.4.3/compat/strsep.h 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/compat/strsep.h 1970-01-01 12:00:00.000000000 +1200 @@ -1,56 +0,0 @@ -/* Copyright (C) 2004 Free Software Foundation, Inc. - * Written by Yoann Vandoorselaere - * - * The file is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This file is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this file; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 - * USA. - */ -#ifndef GNULIB_STRSEP_H_ -#define GNULIB_STRSEP_H_ - -#if HAVE_STRSEP - -/* - * Get strsep() declaration. - */ -#if HAVE_STRING_H -#include -#endif - -#else - -/** - *\par - * Searches the next delimiter (char listed in DELIM) starting at *STRINGP. - * If one is found, it is overwritten with a NULL, and *STRINGP is advanced - * to point to the next char after it. Otherwise, *STRINGP is set to NULL. - * If *STRINGP was already NULL, nothing happens. - * Returns the old value of *STRINGP. - * - *\par - * This is a variant of strtok() that is multithread-safe and supports - * empty fields. - * - * \note Caveat: It modifies the original string. - * \note Caveat: These functions cannot be used on constant strings. - * \note Caveat: The identity of the delimiting character is lost. - * \note Caveat: It doesn't work with multibyte strings unless all of the delimiter - * characters are ASCII characters < 0x30. - * - * See also strtok_r(). - */ -SQUIDCEXTERN char *strsep(char **stringp, const char *delim); - -#endif /* HAVE_STRSEP */ -#endif /* GNULIB_STRSEP_H_ */ diff -u -r -N squid-3.4.3/compat/unsafe.h squid-3.4.4/compat/unsafe.h --- squid-3.4.3/compat/unsafe.h 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/compat/unsafe.h 1970-01-01 12:00:00.000000000 +1200 @@ -1,17 +0,0 @@ -#ifndef _SQUID_COMPAT_UNSAFE_H -#define _SQUID_COMPAT_UNSAFE_H - -/* - * Trap unintentional use of functions unsafe for use within squid. - */ - -#if !SQUID_NO_STRING_BUFFER_PROTECT -#ifndef sprintf -#define sprintf ERROR_sprintf_UNSAFE_IN_SQUID -#endif -#ifndef strdup -#define strdup ERROR_strdup_UNSAFE_IN_SQUID -#endif -#endif /* SQUID_NO_STRING_BUFFER_PROTECT */ - -#endif /* _SQUID_COMPAT_UNSAFE_H */ diff -u -r -N squid-3.4.3/configure squid-3.4.4/configure --- squid-3.4.3/configure 2014-02-02 21:42:34.000000000 +1300 +++ squid-3.4.4/configure 2014-03-09 22:42:04.000000000 +1300 @@ -1,7 +1,7 @@ #! /bin/sh # From configure.ac Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.4.3. +# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.4.4. # # Report bugs to . # @@ -575,8 +575,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='3.4.3' -PACKAGE_STRING='Squid Web Proxy 3.4.3' +PACKAGE_VERSION='3.4.4' +PACKAGE_STRING='Squid Web Proxy 3.4.4' PACKAGE_BUGREPORT='http://bugs.squid-cache.org/' PACKAGE_URL='' @@ -1579,7 +1579,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 3.4.3 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 3.4.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1649,7 +1649,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 3.4.3:";; + short | recursive ) echo "Configuration of Squid Web Proxy 3.4.4:";; esac cat <<\_ACEOF @@ -2037,7 +2037,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 3.4.3 +Squid Web Proxy configure 3.4.4 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -3133,7 +3133,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 3.4.3, which was +It was created by Squid Web Proxy $as_me 3.4.4, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -3952,7 +3952,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='3.4.3' + VERSION='3.4.4' cat >>confdefs.h <<_ACEOF @@ -19424,7 +19424,7 @@ $as_echo "$as_me: Windows threads support automatically enabled" >&6;} ;; freebsd) - if test `echo "$squid_host_os_version" | cut -b1` -lt 7 ; then + if test `echo "$squid_host_os_version" | tr -d .` -lt 70 ; then { $as_echo "$as_me:${as_lineno-$LINENO}: pthread library requires FreeBSD 7 or later" >&5 $as_echo "$as_me: pthread library requires FreeBSD 7 or later" >&6;} squid_opt_use_diskthreads="no" @@ -23720,7 +23720,7 @@ done - if test "x$ac_heimdal" == "x" ; then + if test "x$ac_heimdal" = "x" ; then for ac_header in gssapi/gssapi_generic.h do : ac_fn_cxx_check_header_mongrel "$LINENO" "gssapi/gssapi_generic.h" "ac_cv_header_gssapi_gssapi_generic_h" "$ac_includes_default" @@ -23917,7 +23917,7 @@ ac_com_error_message=no - if test "x$ac_cv_header_com_err_h" == "xyes" ; then + if test "x$ac_cv_header_com_err_h" = "xyes" ; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -23929,7 +23929,7 @@ fi rm -f conftest* - elif test "x$ac_cv_header_et_com_err_h" == "xyes" ; then + elif test "x$ac_cv_header_et_com_err_h" = "xyes" ; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -23990,7 +23990,7 @@ fi - if test `echo $KRB5LIBS | grep -c com_err` -ne 0 -a "x$ac_com_error_message" == "xyes" ; then + if test `echo $KRB5LIBS | grep -c com_err` -ne 0 -a "x$ac_com_error_message" = "xyes" ; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for error_message in -lcom_err" >&5 $as_echo_n "checking for error_message in -lcom_err... " >&6; } if ${ac_cv_lib_com_err_error_message+:} false; then : @@ -24033,7 +24033,7 @@ fi - elif test "x$ac_com_error_message" == "xyes" ; then + elif test "x$ac_com_error_message" = "xyes" ; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for error_message in -lkrb5" >&5 $as_echo_n "checking for error_message in -lkrb5... " >&6; } if ${ac_cv_lib_krb5_error_message+:} false; then : @@ -26147,6 +26147,7 @@ cassert \ crypt.h \ cstdarg \ + cstdio \ cstdlib \ cstring \ list \ @@ -30267,6 +30268,7 @@ CFLAGS="`echo $CFLAGS | sed -e 's/-O[0-9]*//'`" fi ;; + *-sgi-irix*) { $as_echo "$as_me:${as_lineno-$LINENO}: Removing -lsocket for IRIX..." >&5 $as_echo "$as_me: Removing -lsocket for IRIX..." >&6;} @@ -30466,7 +30468,7 @@ # Remove optimization for GCC 2.95.[123] # gcc -O[2] on *BSD and Linux (x86) causes pointers to magically become NULL if test "x$GCC" = "xyes"; then - GCCVER=`$CC -v 2>&1 | awk '$2 == "version" {print $3}'` + GCCVER=`$CC -v 2>&1 | awk '$2 == "version" {print $3}'` case "$GCCVER" in 2.95.[123]) { $as_echo "$as_me:${as_lineno-$LINENO}: Removing -O for gcc on $host with GCC $GCCVER" >&5 @@ -30705,19 +30707,6 @@ fi -ac_fn_cxx_check_func "$LINENO" "strsep" "ac_cv_func_strsep" -if test "x$ac_cv_func_strsep" = xyes; then : - $as_echo "#define HAVE_STRSEP 1" >>confdefs.h - -else - case " $LIBOBJS " in - *" strsep.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS strsep.$ac_objext" - ;; -esac - -fi - ac_fn_cxx_check_func "$LINENO" "strtoll" "ac_cv_func_strtoll" if test "x$ac_cv_func_strtoll" = xyes; then : $as_echo "#define HAVE_STRTOLL 1" >>confdefs.h @@ -30933,6 +30922,73 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_fn_cxx_check_type "$LINENO" "struct cmsghdr" "ac_cv_type_struct_cmsghdr" " + #if HAVE_SYS_SOCKET_H + #include + #endif + #if HAVE_WINSOCK2_H + #include + #endif + +" +if test "x$ac_cv_type_struct_cmsghdr" = xyes; then : + +$as_echo "#define HAVE_CMSGHDR 1" >>confdefs.h + +fi + + +ac_fn_cxx_check_type "$LINENO" "struct iovec" "ac_cv_type_struct_iovec" " + #if HAVE_SYS_SOCKET_H + #include + #endif + #if HAVE_WINSOCK2_H + #include + #endif + +" +if test "x$ac_cv_type_struct_iovec" = xyes; then : + +$as_echo "#define HAVE_IOVEC 1" >>confdefs.h + +fi + + +ac_fn_cxx_check_type "$LINENO" "struct msghdr" "ac_cv_type_struct_msghdr" " + #if HAVE_SYS_SOCKET_H + #include + #endif + #if HAVE_WINSOCK2_H + #include + #endif + +" +if test "x$ac_cv_type_struct_msghdr" = xyes; then : + +$as_echo "#define HAVE_MSGHDR 1" >>confdefs.h + +fi + + +ac_fn_cxx_check_type "$LINENO" "struct sockaddr_un" "ac_cv_type_struct_sockaddr_un" " + #if HAVE_SYS_UN_H + #include + #endif + #if HAVE_SYS_SOCKET_H + #include + #endif + #if HAVE_WINSOCK2_H + #include + #endif + +" +if test "x$ac_cv_type_struct_sockaddr_un" = xyes; then : + +$as_echo "#define HAVE_SOCKADDR_UN 1" >>confdefs.h + +fi + + # Yay! This one is a MacOSX brokenness. Its not good enough @@ -33119,7 +33175,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 3.4.3, which was +This file was extended by Squid Web Proxy $as_me 3.4.4, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -33185,7 +33241,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Squid Web Proxy config.status 3.4.3 +Squid Web Proxy config.status 3.4.4 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff -u -r -N squid-3.4.3/configure.ac squid-3.4.4/configure.ac --- squid-3.4.3/configure.ac 2014-02-02 21:42:34.000000000 +1300 +++ squid-3.4.4/configure.ac 2014-03-09 22:42:04.000000000 +1300 @@ -1,4 +1,4 @@ -AC_INIT([Squid Web Proxy],[3.4.3],[http://bugs.squid-cache.org/],[squid]) +AC_INIT([Squid Web Proxy],[3.4.4],[http://bugs.squid-cache.org/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) @@ -606,7 +606,7 @@ AC_MSG_NOTICE([Windows threads support automatically enabled]) ;; freebsd) - if test `echo "$squid_host_os_version" | cut -b1` -lt 7 ; then + if test `echo "$squid_host_os_version" | tr -d .` -lt 70 ; then AC_MSG_NOTICE(pthread library requires FreeBSD 7 or later) squid_opt_use_diskthreads="no" else @@ -1876,7 +1876,7 @@ CPPFLAGS="$CPPFLAGS $KRB5INCS" LIBS="$LIBS $KRB5LIBS" AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h gssapi/gssapi_krb5.h) - if test "x$ac_heimdal" == "x" ; then + if test "x$ac_heimdal" = "x" ; then AC_CHECK_HEADERS(gssapi/gssapi_generic.h) AC_CHECK_HEADERS(profile.h) fi @@ -1896,9 +1896,9 @@ AC_CHECK_HEADERS(krb5.h com_err.h et/com_err.h) ac_com_error_message=no - if test "x$ac_cv_header_com_err_h" == "xyes" ; then + if test "x$ac_cv_header_com_err_h" = "xyes" ; then AC_EGREP_HEADER(error_message,com_err.h,ac_com_error_message=yes) - elif test "x$ac_cv_header_et_com_err_h" == "xyes" ; then + elif test "x$ac_cv_header_et_com_err_h" = "xyes" ; then AC_EGREP_HEADER(error_message,et/com_err.h,ac_com_error_message=yes) fi @@ -1907,11 +1907,11 @@ AC_DEFINE(HAVE_MAX_SKEW_IN_KRB5_CONTEXT, 1, [Define to 1 if max_skew in struct krb5_context]) fi - if test `echo $KRB5LIBS | grep -c com_err` -ne 0 -a "x$ac_com_error_message" == "xyes" ; then + if test `echo $KRB5LIBS | grep -c com_err` -ne 0 -a "x$ac_com_error_message" = "xyes" ; then AC_CHECK_LIB(com_err,error_message, AC_DEFINE(HAVE_ERROR_MESSAGE,1, [Define to 1 if you have error_message]),) - elif test "x$ac_com_error_message" == "xyes" ; then + elif test "x$ac_com_error_message" = "xyes" ; then AC_CHECK_LIB(krb5,error_message, AC_DEFINE(HAVE_ERROR_MESSAGE,1, [Define to 1 if you have error_message]),) @@ -2212,6 +2212,7 @@ cassert \ crypt.h \ cstdarg \ + cstdio \ cstdlib \ cstring \ list \ @@ -2929,6 +2930,7 @@ CFLAGS="`echo $CFLAGS | sed -e 's/-O[[0-9]]*//'`" fi ;; + *-sgi-irix*) AC_MSG_NOTICE([Removing -lsocket for IRIX...]) LIBS=`echo $LIBS | sed -e s/-lsocket//` @@ -2991,7 +2993,7 @@ # Remove optimization for GCC 2.95.[123] # gcc -O[2] on *BSD and Linux (x86) causes pointers to magically become NULL if test "x$GCC" = "xyes"; then - GCCVER=`$CC -v 2>&1 | awk '$2 == "version" {print $3}'` + GCCVER=`$CC -v 2>&1 | awk '$2 == "version" {print $3}'` case "$GCCVER" in [2.95.[123]]) AC_MSG_NOTICE([Removing -O for gcc on $host with GCC $GCCVER]) @@ -3122,7 +3124,6 @@ getnameinfo \ psignal \ strerror \ - strsep \ strtoll \ tempnam \ ) @@ -3192,6 +3193,45 @@ AC_MSG_RESULT(no) ]) +AC_CHECK_TYPE(struct cmsghdr,AC_DEFINE(HAVE_CMSGHDR,1,[The system provides struct cmsghdr]),,[ + #if HAVE_SYS_SOCKET_H + #include + #endif + #if HAVE_WINSOCK2_H + #include + #endif +]) + +AC_CHECK_TYPE(struct iovec,AC_DEFINE(HAVE_IOVEC,1,[The system provides struct iovec]),,[ + #if HAVE_SYS_SOCKET_H + #include + #endif + #if HAVE_WINSOCK2_H + #include + #endif +]) + +AC_CHECK_TYPE(struct msghdr,AC_DEFINE(HAVE_MSGHDR,1,[The system provides struct msghdr]),,[ + #if HAVE_SYS_SOCKET_H + #include + #endif + #if HAVE_WINSOCK2_H + #include + #endif +]) + +AC_CHECK_TYPE(struct sockaddr_un,AC_DEFINE(HAVE_SOCKADDR_UN,1,[The system provides sockaddr_un]),,[ + #if HAVE_SYS_UN_H + #include + #endif + #if HAVE_SYS_SOCKET_H + #include + #endif + #if HAVE_WINSOCK2_H + #include + #endif +]) + SQUID_CHECK_FUNC_STRNSTR SQUID_CHECK_FUNC_VACOPY SQUID_CHECK_FUNC___VACOPY diff -u -r -N squid-3.4.3/CREDITS squid-3.4.4/CREDITS --- squid-3.4.3/CREDITS 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/CREDITS 2014-03-09 22:40:56.000000000 +1300 @@ -440,10 +440,44 @@ ============================================================================== +helpers/ defines.h: +helpers/basic_auth/fake/ fake.cc: +helpers/url_rewrite/fake/ fake.cc, url_fake_rewrite.sh: + +/* + * Copyright (c) 2009-2014, Treehouse Networks Ltd. New Zealand + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +============================================================================== + include/IPAddress.h lib/IPAddress.cc: include/rfc3596.h lib/rfc3596.cc: src/ICMPv6.h src/ICMPv6.cc: -helpers/url_rewrite/fake/ fake.h, fake.cc, url_fake_rewrite.sh: This code is copyright (C) 2007-2009 by Treehouse Networks Ltd of New Zealand. It is published and Licensed as an extension of @@ -484,28 +518,6 @@ ============================================================================== -compat/strsep.h, lib/strsep.c - - * Copyright (C) 2004 Free Software Foundation, Inc. - * Written by Yoann Vandoorselaere - * - * The file is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This file is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this file; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 - * USA. - -============================================================================== - helpers/external_acl/kerberos_ldap_group/support_ldap.cc /* get_attributes is partly from OpenLDAP Software . diff -u -r -N squid-3.4.3/helpers/basic_auth/DB/basic_db_auth.8 squid-3.4.4/helpers/basic_auth/DB/basic_db_auth.8 --- squid-3.4.3/helpers/basic_auth/DB/basic_db_auth.8 2014-02-02 21:58:46.000000000 +1300 +++ squid-3.4.4/helpers/basic_auth/DB/basic_db_auth.8 2014-03-09 23:02:25.000000000 +1300 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_DB_AUTH 1" -.TH BASIC_DB_AUTH 1 "2014-02-02" "perl v5.10.1" "User Contributed Perl Documentation" +.TH BASIC_DB_AUTH 1 "2014-03-09" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.4.3/helpers/basic_auth/fake/fake.cc squid-3.4.4/helpers/basic_auth/fake/fake.cc --- squid-3.4.3/helpers/basic_auth/fake/fake.cc 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/helpers/basic_auth/fake/fake.cc 2014-03-09 22:40:56.000000000 +1300 @@ -1,15 +1,37 @@ /* - * AUTHOR: Amos Jeffries + * Copyright (c) 2009-2014, Treehouse Networks Ltd. New Zealand + * All rights reserved. * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +/* * Fake Basic Authentication program for Squid. * * This code gets the user details and returns OK. * It is intended for testing use and as a base for further implementation. - * - * - * This code is copyright (C) 2009 by Treehouse Networks Ltd - * of New Zealand. It is published and Licensed as an extension of - * squid under the same conditions as the main squid application. */ #include "squid.h" diff -u -r -N squid-3.4.3/helpers/defines.h squid-3.4.4/helpers/defines.h --- squid-3.4.3/helpers/defines.h 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/helpers/defines.h 2014-03-09 22:40:56.000000000 +1300 @@ -2,6 +2,35 @@ #define __SQUID_HELPERS_DEFINES_H /* + * Copyright (c) 2009-2014, Treehouse Networks Ltd. New Zealand + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +/* * This file contains several macro definitions which are * useful and shared between helpers. */ diff -u -r -N squid-3.4.3/helpers/external_acl/SQL_session/ext_sql_session_acl.8 squid-3.4.4/helpers/external_acl/SQL_session/ext_sql_session_acl.8 --- squid-3.4.3/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2014-02-02 21:58:48.000000000 +1300 +++ squid-3.4.4/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2014-03-09 23:02:43.000000000 +1300 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EXT_SQL_SESSION_ACL 1" -.TH EXT_SQL_SESSION_ACL 1 "2014-02-02" "perl v5.10.1" "User Contributed Perl Documentation" +.TH EXT_SQL_SESSION_ACL 1 "2014-03-09" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.4.3/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 squid-3.4.4/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 --- squid-3.4.3/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2014-02-02 21:58:49.000000000 +1300 +++ squid-3.4.4/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2014-03-09 23:02:44.000000000 +1300 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EXT_WBINFO_GROUP_ACL.PL.IN 1" -.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2014-02-02" "perl v5.10.1" "User Contributed Perl Documentation" +.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2014-03-09" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.4.3/helpers/log_daemon/DB/log_db_daemon.8 squid-3.4.4/helpers/log_daemon/DB/log_db_daemon.8 --- squid-3.4.3/helpers/log_daemon/DB/log_db_daemon.8 2014-02-02 21:58:49.000000000 +1300 +++ squid-3.4.4/helpers/log_daemon/DB/log_db_daemon.8 2014-03-09 23:02:45.000000000 +1300 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "LOG_DB_DAEMON 1" -.TH LOG_DB_DAEMON 1 "2014-02-02" "perl v5.10.1" "User Contributed Perl Documentation" +.TH LOG_DB_DAEMON 1 "2014-03-09" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.4.3/helpers/storeid_rewrite/file/storeid_file_rewrite.8 squid-3.4.4/helpers/storeid_rewrite/file/storeid_file_rewrite.8 --- squid-3.4.3/helpers/storeid_rewrite/file/storeid_file_rewrite.8 2014-02-02 21:58:50.000000000 +1300 +++ squid-3.4.4/helpers/storeid_rewrite/file/storeid_file_rewrite.8 2014-03-09 23:02:52.000000000 +1300 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "STOREID_FILE_REWRITE 1" -.TH STOREID_FILE_REWRITE 1 "2014-02-02" "perl v5.10.1" "User Contributed Perl Documentation" +.TH STOREID_FILE_REWRITE 1 "2014-03-09" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.4.3/helpers/url_rewrite/fake/fake.cc squid-3.4.4/helpers/url_rewrite/fake/fake.cc --- squid-3.4.3/helpers/url_rewrite/fake/fake.cc 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/helpers/url_rewrite/fake/fake.cc 2014-03-09 22:40:56.000000000 +1300 @@ -1,15 +1,37 @@ /* - * AUTHOR: Amos Jeffries + * Copyright (c) 2009-2014, Treehouse Networks Ltd. New Zealand + * All rights reserved. * - * Example url re-writer program for Squid. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * This code gets the url and returns it. No re-writing is done. - * It is intended for testing use and as a base for further implementation. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * Example URL re-writer program for Squid. * - * This code is copyright (C) 2009 by Treehouse Networks Ltd - * of New Zealand. It is published and Licensed as an extension of - * squid under the same conditions as the main squid application. + * This code gets the url and returns it. No re-writing is done. + * It is intended for testing use and as a base for further implementation. */ #include "squid.h" diff -u -r -N squid-3.4.3/helpers/url_rewrite/fake/url_fake_rewrite.sh squid-3.4.4/helpers/url_rewrite/fake/url_fake_rewrite.sh --- squid-3.4.3/helpers/url_rewrite/fake/url_fake_rewrite.sh 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/helpers/url_rewrite/fake/url_fake_rewrite.sh 2014-03-09 22:40:56.000000000 +1300 @@ -1,11 +1,31 @@ #!/bin/sh # -# Author: Amos Jeffries +# Copyright (c) 2009-2014, Treehouse Networks Ltd. New Zealand +# All rights reserved. # -# This code is copyright (C) 2009 by Treehouse Networks Ltd -# of New Zealand. It is published and Licensed as an extension of -# squid under the same conditions as the main squid application. +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: # +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. if test "${1}" = "-h" ; then echo "Usage: $0 [-h] [-c] [-d logfile]" diff -u -r -N squid-3.4.3/include/autoconf.h.in squid-3.4.4/include/autoconf.h.in --- squid-3.4.3/include/autoconf.h.in 2014-02-02 21:42:09.000000000 +1300 +++ squid-3.4.4/include/autoconf.h.in 2014-03-09 22:41:31.000000000 +1300 @@ -136,6 +136,9 @@ /* Define to 1 if you have the `closedir' function. */ #undef HAVE_CLOSEDIR +/* The system provides struct cmsghdr */ +#undef HAVE_CMSGHDR + /* Define to 1 if you have the header file. */ #undef HAVE_COM_ERR_H @@ -158,6 +161,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_CSTDARG +/* Define to 1 if you have the header file. */ +#undef HAVE_CSTDIO + /* Define to 1 if you have the header file. */ #undef HAVE_CSTDLIB @@ -363,6 +369,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_IOSTREAM +/* The system provides struct iovec */ +#undef HAVE_IOVEC + /* Define to 1 if you have the header file. */ #undef HAVE_IPHLPAPI_H @@ -597,6 +606,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_MOZLDAP_LDAP_H +/* The system provides struct msghdr */ +#undef HAVE_MSGHDR + /* Define to 1 if you have the `mstats' function. */ #undef HAVE_MSTATS @@ -857,6 +869,9 @@ /* Define to 1 if you have the `snprintf' function. */ #undef HAVE_SNPRINTF +/* The system provides sockaddr_un */ +#undef HAVE_SOCKADDR_UN + /* Define to 1 if you have the `socketpair' function. */ #undef HAVE_SOCKETPAIR @@ -929,9 +944,6 @@ /* MacOS brokenness: strnstr() can overrun on that system */ #undef HAVE_STRNSTR -/* Define to 1 if you have the `strsep' function. */ -#undef HAVE_STRSEP - /* Define to 1 if you have the `strtoll' function. */ #undef HAVE_STRTOLL diff -u -r -N squid-3.4.3/include/version.h squid-3.4.4/include/version.h --- squid-3.4.3/include/version.h 2014-02-02 21:42:34.000000000 +1300 +++ squid-3.4.4/include/version.h 2014-03-09 22:42:04.000000000 +1300 @@ -7,7 +7,7 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1391330511 +#define SQUID_RELEASE_TIME 1394358053 #endif #ifndef APP_SHORTNAME diff -u -r -N squid-3.4.3/RELEASENOTES.html squid-3.4.4/RELEASENOTES.html --- squid-3.4.3/RELEASENOTES.html 2014-02-02 21:59:01.000000000 +1300 +++ squid-3.4.4/RELEASENOTES.html 2014-03-09 23:05:16.000000000 +1300 @@ -2,10 +2,10 @@ - Squid 3.4.3 release notes + Squid 3.4.4 release notes -

Squid 3.4.3 release notes

+

Squid 3.4.4 release notes

Squid Developers

@@ -57,7 +57,7 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-3.4.3 for testing.

+

The Squid Team are pleased to announce the release of Squid-3.4.4 for testing.

This new release is available for download from http://www.squid-cache.org/Versions/v3/3.4/ or the mirrors.

diff -u -r -N squid-3.4.3/src/AccessLogEntry.cc squid-3.4.4/src/AccessLogEntry.cc --- squid-3.4.3/src/AccessLogEntry.cc 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/AccessLogEntry.cc 2014-03-09 22:40:56.000000000 +1300 @@ -15,17 +15,30 @@ void AccessLogEntry::getLogClientIp(char *buf, size_t bufsz) const { + Ip::Address log_ip; + #if FOLLOW_X_FORWARDED_FOR if (Config.onoff.log_uses_indirect_client && request) - request->indirect_client_addr.toStr(buf, bufsz); + log_ip = request->indirect_client_addr; else #endif if (tcpClient != NULL) - tcpClient->remote.toStr(buf, bufsz); - else if (cache.caddr.isNoAddr()) // e.g., ICAP OPTIONS lack client + log_ip = tcpClient->remote; + else if (cache.caddr.isNoAddr()) { // e.g., ICAP OPTIONS lack client strncpy(buf, "-", bufsz); - else - cache.caddr.toStr(buf, bufsz); + return; + } else + log_ip = cache.caddr; + + // Apply so-called 'privacy masking' to IPv4 clients + // - localhost IP is always shown in full + // - IPv4 clients masked with client_netmask + // - IPv6 clients use 'privacy addressing' instead. + + if (!log_ip.isLocalhost() && log_ip.isIPv4()) + log_ip.applyMask(Config.Addrs.client_netmask); + + log_ip.toStr(buf, bufsz); } AccessLogEntry::~AccessLogEntry() diff -u -r -N squid-3.4.3/src/auth/basic/auth_basic.cc squid-3.4.4/src/auth/basic/auth_basic.cc --- squid-3.4.3/src/auth/basic/auth_basic.cc 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/auth/basic/auth_basic.cc 2014-03-09 22:40:56.000000000 +1300 @@ -195,25 +195,6 @@ helperStats(sentry, basicauthenticators, "Basic Authenticator Statistics"); } -static Auth::User::Pointer -authBasicAuthUserFindUsername(const char *username) -{ - AuthUserHashPointer *usernamehash; - debugs(29, 9, HERE << "Looking for user '" << username << "'"); - - if (username && (usernamehash = static_cast(hash_lookup(proxy_auth_username_cache, username)))) { - while (usernamehash) { - if ((usernamehash->user()->auth_type == Auth::AUTH_BASIC) && - !strcmp(username, (char const *)usernamehash->key)) - return usernamehash->user(); - - usernamehash = static_cast(usernamehash->next); - } - } - - return NULL; -} - char * Auth::Basic::Config::decodeCleartext(const char *httpAuthHeader) { @@ -310,7 +291,7 @@ /* now lookup and see if we have a matching auth_user structure in memory. */ Auth::User::Pointer auth_user; - if ((auth_user = authBasicAuthUserFindUsername(lb->username())) == NULL) { + if ((auth_user = findUserInCache(lb->username(), Auth::AUTH_BASIC)) == NULL) { /* the user doesn't exist in the username cache yet */ /* save the credentials */ debugs(29, 9, HERE << "Creating new user '" << lb->username() << "'"); diff -u -r -N squid-3.4.3/src/auth/Config.cc squid-3.4.4/src/auth/Config.cc --- squid-3.4.3/src/auth/Config.cc 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/auth/Config.cc 2014-03-09 22:40:56.000000000 +1300 @@ -32,6 +32,7 @@ #include "squid.h" #include "auth/Config.h" +#include "auth/Gadgets.h" #include "auth/UserRequest.h" #include "Debug.h" #include "globals.h" @@ -76,3 +77,22 @@ void Auth::Config::registerWithCacheManager(void) {} + +Auth::User::Pointer +Auth::Config::findUserInCache(const char *nameKey, Auth::Type authType) +{ + AuthUserHashPointer *usernamehash; + debugs(29, 9, "Looking for user '" << nameKey << "'"); + + if (nameKey && (usernamehash = static_cast(hash_lookup(proxy_auth_username_cache, nameKey)))) { + while (usernamehash) { + if ((usernamehash->user()->auth_type == authType) && + !strcmp(nameKey, (char const *)usernamehash->key)) + return usernamehash->user(); + + usernamehash = static_cast(usernamehash->next); + } + } + + return NULL; +} diff -u -r -N squid-3.4.3/src/auth/Config.h squid-3.4.4/src/auth/Config.h --- squid-3.4.3/src/auth/Config.h 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/auth/Config.h 2014-03-09 22:40:56.000000000 +1300 @@ -122,6 +122,9 @@ /** add headers as needed when challenging for auth */ virtual void fixHeader(UserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *) = 0; + /// Find any existing user credentials in the authentication cache by name and type. + virtual Auth::User::Pointer findUserInCache(const char *nameKey, Auth::Type type); + /** prepare to handle requests */ virtual void init(Config *) = 0; diff -u -r -N squid-3.4.3/src/auth/digest/auth_digest.cc squid-3.4.4/src/auth/digest/auth_digest.cc --- squid-3.4.3/src/auth/digest/auth_digest.cc 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/auth/digest/auth_digest.cc 2014-03-09 22:40:56.000000000 +1300 @@ -102,10 +102,8 @@ static void authenticateDigestNonceCacheCleanup(void *data); static digest_nonce_h *authenticateDigestNonceFindNonce(const char *nonceb64); -static digest_nonce_h *authenticateDigestNonceNew(void); static void authenticateDigestNonceDelete(digest_nonce_h * nonce); static void authenticateDigestNonceSetup(void); -static int authDigestNonceIsStale(digest_nonce_h * nonce); static void authDigestNonceEncode(digest_nonce_h * nonce); static void authDigestNonceLink(digest_nonce_h * nonce); #if NOT_USED @@ -125,7 +123,7 @@ nonce->key = xstrdup(base64_encode_bin((char *) &(nonce->noncedata), sizeof(digest_nonce_data))); } -static digest_nonce_h * +digest_nonce_h * authenticateDigestNonceNew(void) { digest_nonce_h *newnonce = static_cast < digest_nonce_h * >(digest_nonce_pool->alloc()); @@ -379,8 +377,8 @@ /* is the nonce-count ok ? */ if (!static_cast(Auth::Config::Find("digest"))->CheckNonceCount) { - ++nonce->nc; - return -1; /* forced OK by configuration */ + /* Ignore client supplied NC */ + intnc = nonce->nc + 1; } if ((static_cast(Auth::Config::Find("digest"))->NonceStrictness && intnc != nonce->nc + 1) || @@ -390,16 +388,15 @@ return 0; } - /* seems ok */ /* increment the nonce count - we've already checked that intnc is a * valid representation for us, so we don't need the test here. */ nonce->nc = intnc; - return -1; + return !authDigestNonceIsStale(nonce); } -static int +int authDigestNonceIsStale(digest_nonce_h * nonce) { /* do we have a nonce ? */ @@ -407,6 +404,10 @@ if (!nonce) return -1; + /* Is it already invalidated? */ + if (!nonce->flags.valid) + return -1; + /* has it's max duration expired? */ if (nonce->noncedata.creationtime + static_cast(Auth::Config::Find("digest"))->noncemaxduration < current_time.tv_sec) { debugs(29, 4, "authDigestNonceIsStale: Nonce is too old. " << @@ -475,25 +476,6 @@ authDigestNonceUnlink(nonce); } -/* USER related functions */ -static Auth::User::Pointer -authDigestUserFindUsername(const char *username) -{ - AuthUserHashPointer *usernamehash; - debugs(29, 9, HERE << "Looking for user '" << username << "'"); - - if (username && (usernamehash = static_cast < AuthUserHashPointer * >(hash_lookup(proxy_auth_username_cache, username)))) { - while ((usernamehash->user()->auth_type != Auth::AUTH_DIGEST) && (usernamehash->next)) - usernamehash = static_cast(usernamehash->next); - - if (usernamehash->user()->auth_type == Auth::AUTH_DIGEST) { - return usernamehash->user(); - } - } - - return NULL; -} - void Auth::Digest::Config::rotateHelpers() { @@ -549,17 +531,23 @@ if (!authenticateProgram) return; - int stale = 0; + bool stale = false; + digest_nonce_h *nonce = NULL; + /* on a 407 or 401 we always use a new nonce */ if (auth_user_request != NULL) { - Auth::Digest::UserRequest *digest_request = dynamic_cast(auth_user_request.getRaw()); - assert (digest_request != NULL); + Auth::Digest::User *digest_user = dynamic_cast(auth_user_request->user().getRaw()); - stale = !digest_request->flags.invalid_password; + if (digest_user) { + stale = digest_user->credentials() == Auth::Handshake; + if (stale) { + nonce = digest_user->currentNonce(); + } + } + } + if (!nonce) { + nonce = authenticateDigestNonceNew(); } - - /* on a 407 or 401 we always use a new nonce */ - digest_nonce_h *nonce = authenticateDigestNonceNew(); debugs(29, 9, HERE << "Sending type:" << hdrType << " header: 'Digest realm=\"" << digestAuthRealm << "\", nonce=\"" << @@ -722,13 +710,13 @@ nonce->user = NULL; } -/* authDigestUserLinkNonce: add a nonce to a given user's struct */ -static void +/* authDigesteserLinkNonce: add a nonce to a given user's struct */ +void authDigestUserLinkNonce(Auth::Digest::User * user, digest_nonce_h * nonce) { dlink_node *node; - if (!user || !nonce) + if (!user || !nonce || !nonce->user) return; Auth::Digest::User *digest_user = user; @@ -1045,14 +1033,24 @@ /* now the nonce */ nonce = authenticateDigestNonceFindNonce(digest_request->nonceb64); + /* check that we're not being hacked / the username hasn't changed */ + if (nonce && nonce->user && strcmp(username, nonce->user->username())) { + debugs(29, 2, "Username for the nonce does not equal the username for the request"); + nonce = NULL; + } + /* check for stale nonce */ + if (authDigestNonceIsStale(nonce)) { + debugs(29, 3, "The received nonce is stale from " << username); + digest_request->setDenyMessage("Stale nonce"); + nonce = NULL; + } if (!nonce) { /* we couldn't find a matching nonce! */ - debugs(29, 2, "Unexpected or invalid nonce received"); - if (digest_request->user() != NULL) - digest_request->user()->credentials(Auth::Failed); - rv = authDigestLogUsername(username, digest_request); + debugs(29, 2, "Unexpected or invalid nonce received from " << username); + Auth::UserRequest::Pointer auth_request = authDigestLogUsername(username, digest_request); + auth_request->user()->credentials(Auth::Handshake); safe_free(username); - return rv; + return auth_request; } digest_request->nonce = nonce; @@ -1075,7 +1073,7 @@ Auth::User::Pointer auth_user; - if ((auth_user = authDigestUserFindUsername(username)) == NULL) { + if ((auth_user = findUserInCache(username, Auth::AUTH_DIGEST)) == NULL) { /* the user doesn't exist in the username cache yet */ debugs(29, 9, HERE << "Creating new digest user '" << username << "'"); digest_user = new Auth::Digest::User(this); diff -u -r -N squid-3.4.3/src/auth/digest/auth_digest.h squid-3.4.4/src/auth/digest/auth_digest.h --- squid-3.4.3/src/auth/digest/auth_digest.h 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/auth/digest/auth_digest.h 2014-03-09 22:40:56.000000000 +1300 @@ -52,10 +52,13 @@ void authDigestNonceUnlink(digest_nonce_h * nonce); int authDigestNonceIsValid(digest_nonce_h * nonce, char nc[9]); +int authDigestNonceIsStale(digest_nonce_h * nonce); const char *authenticateDigestNonceNonceb64(const digest_nonce_h * nonce); int authDigestNonceLastRequest(digest_nonce_h * nonce); void authenticateDigestNonceShutdown(void); void authDigestNoncePurge(digest_nonce_h * nonce); +void authDigestUserLinkNonce(Auth::Digest::User * user, digest_nonce_h * nonce); +digest_nonce_h *authenticateDigestNonceNew(void); namespace Auth { diff -u -r -N squid-3.4.3/src/auth/digest/User.cc squid-3.4.4/src/auth/digest/User.cc --- squid-3.4.3/src/auth/digest/User.cc 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/auth/digest/User.cc 2014-03-09 22:40:56.000000000 +1300 @@ -50,3 +50,16 @@ return min(nonce_ttl, global_ttl); } + +digest_nonce_h * +Auth::Digest::User::currentNonce() +{ + digest_nonce_h *nonce = NULL; + dlink_node *link = nonces.tail; + if (link) { + nonce = static_cast(link->data); + if (authDigestNonceIsStale(nonce)) + nonce = NULL; + } + return nonce; +} diff -u -r -N squid-3.4.3/src/auth/digest/User.h squid-3.4.4/src/auth/digest/User.h --- squid-3.4.3/src/auth/digest/User.h 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/auth/digest/User.h 2014-03-09 22:40:56.000000000 +1300 @@ -25,6 +25,8 @@ /* what nonces have been allocated to this user */ dlink_list nonces; + + digest_nonce_h * currentNonce(); }; MEMPROXY_CLASS_INLINE(Auth::Digest::User); diff -u -r -N squid-3.4.3/src/auth/digest/UserRequest.cc squid-3.4.4/src/auth/digest/UserRequest.cc --- squid-3.4.3/src/auth/digest/UserRequest.cc 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/auth/digest/UserRequest.cc 2014-03-09 22:40:56.000000000 +1300 @@ -154,7 +154,7 @@ /* check for stale nonce */ if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) { debugs(29, 3, "user '" << auth_user->username() << "' validated OK but nonce stale"); - auth_user->credentials(Auth::Failed); + auth_user->credentials(Auth::Handshake); digest_request->setDenyMessage("Stale nonce"); return; } @@ -181,6 +181,7 @@ case Auth::Ok: return Auth::CRED_VALID; + case Auth::Handshake: case Auth::Failed: /* send new challenge */ return Auth::CRED_CHALLENGE; @@ -214,8 +215,14 @@ if ((static_cast(Auth::Config::Find("digest"))->authenticateProgram) && authDigestNonceLastRequest(nonce)) { flags.authinfo_sent = true; - debugs(29, 9, HERE << "Sending type:" << type << " header: 'nextnonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\""); - httpHeaderPutStrf(&rep->header, type, "nextnonce=\"%s\"", authenticateDigestNonceNonceb64(nonce)); + Auth::Digest::User *digest_user = dynamic_cast(user().getRaw()); + digest_nonce_h *nextnonce = digest_user->currentNonce(); + if (!nextnonce || authDigestNonceLastRequest(nonce)) { + nextnonce = authenticateDigestNonceNew(); + authDigestUserLinkNonce(digest_user, nextnonce); + } + debugs(29, 9, "Sending type:" << type << " header: 'nextnonce=\"" << authenticateDigestNonceNonceb64(nextnonce) << "\""); + httpHeaderPutStrf(&rep->header, type, "nextnonce=\"%s\"", authenticateDigestNonceNonceb64(nextnonce)); } } @@ -240,7 +247,13 @@ type = accel ? HDR_AUTHENTICATION_INFO : HDR_PROXY_AUTHENTICATION_INFO; if ((static_cast(digestScheme::GetInstance()->getConfig())->authenticate) && authDigestNonceLastRequest(nonce)) { - debugs(29, 9, HERE << "Sending type:" << type << " header: 'nextnonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\""); + Auth::Digest::User *digest_user = dynamic_cast(auth_user_request->user().getRaw()); + nonce = digest_user->currentNonce(); + if (!nonce) { + nonce = authenticateDigestNonceNew(); + authDigestUserLinkNonce(digest_user, nonce); + } + debugs(29, 9, "Sending type:" << type << " header: 'nextnonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\""); httpTrailerPutStrf(&rep->header, type, "nextnonce=\"%s\"", authenticateDigestNonceNonceb64(nonce)); } } diff -u -r -N squid-3.4.3/src/auth/UserRequest.cc squid-3.4.4/src/auth/UserRequest.cc --- squid-3.4.3/src/auth/UserRequest.cc 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/auth/UserRequest.cc 2014-03-09 22:40:56.000000000 +1300 @@ -523,9 +523,12 @@ for (Auth::ConfigVector::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i) { Auth::Config *scheme = *i; - if (scheme->active()) - scheme->fixHeader(NULL, rep, type, request); - else + if (scheme->active()) { + if (auth_user_request != NULL && auth_user_request->scheme()->type() == scheme->type()) + scheme->fixHeader(auth_user_request, rep, type, request); + else + scheme->fixHeader(NULL, rep, type, request); + } else debugs(29, 4, HERE << "Configured scheme " << scheme->type() << " not Active"); } } diff -u -r -N squid-3.4.3/src/base/LruMap.h squid-3.4.4/src/base/LruMap.h --- squid-3.4.3/src/base/LruMap.h 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/base/LruMap.h 2014-03-09 22:40:56.000000000 +1300 @@ -50,7 +50,7 @@ /// The available size for the map size_t memLimit() const {return memLimit_;} /// The free space of the map - size_t freeMem() const { return (memLimit() - size());} + size_t freeMem() const { return (memLimit() > size() ? memLimit() - size() : 0);} /// The current size of the map size_t size() const {return (entries_ * EntryCost);} /// The number of stored entries diff -u -r -N squid-3.4.3/src/cache_cf.cc squid-3.4.4/src/cache_cf.cc --- squid-3.4.3/src/cache_cf.cc 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/cache_cf.cc 2014-03-09 22:40:56.000000000 +1300 @@ -4525,10 +4525,10 @@ if (strcmp(al, Ssl::CertAdaptAlgorithmStr[Ssl::algSetValidAfter]) == 0) { ca->alg = Ssl::algSetValidAfter; - ca->param = strdup("on"); + ca->param = xstrdup("on"); } else if (strcmp(al, Ssl::CertAdaptAlgorithmStr[Ssl::algSetValidBefore]) == 0) { ca->alg = Ssl::algSetValidBefore; - ca->param = strdup("on"); + ca->param = xstrdup("on"); } else if (strcmp(al, Ssl::CertAdaptAlgorithmStr[Ssl::algSetCommonName]) == 0) { ca->alg = Ssl::algSetCommonName; if (param) { @@ -4537,7 +4537,7 @@ self_destruct(); return; } - ca->param = strdup(param); + ca->param = xstrdup(param); } } else { debugs(3, DBG_CRITICAL, "FATAL: sslproxy_cert_adapt: unknown cert adaptation algorithm: " << al); diff -u -r -N squid-3.4.3/src/client_side.cc squid-3.4.4/src/client_side.cc --- squid-3.4.3/src/client_side.cc 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/client_side.cc 2014-03-09 22:40:56.000000000 +1300 @@ -1366,9 +1366,7 @@ * offset data, but we won't be requesting it. * So, we can either re-request, or generate an error */ - debugs(33, 3, "clientBuildRangeHeader: will not do ranges: " << range_err << "."); - delete http->request->range; - http->request->range = NULL; + http->request->ignoreRange(range_err); } else { /* XXX: TODO: Review, this unconditional set may be wrong. */ rep->sline.set(rep->sline.version, Http::scPartialContent); @@ -1747,9 +1745,16 @@ int64_t ClientSocketContext::getNextRangeOffset() const { + debugs (33, 5, "range: " << http->request->range << + "; http offset " << http->out.offset << + "; reply " << reply); + + // XXX: This method is called from many places, including pullData() which + // may be called before prepareReply() [on some Squid-generated errors]. + // Hence, we may not even know yet whether we should honor/do ranges. + if (http->request->range) { /* offset in range specs does not count the prefix of an http msg */ - debugs (33, 5, "ClientSocketContext::getNextRangeOffset: http offset " << http->out.offset); /* check: reply was parsed and range iterator was initialized */ assert(http->range_iter.valid); /* filter out data according to range specs */ @@ -1786,7 +1791,7 @@ void ClientSocketContext::pullData() { - debugs(33, 5, HERE << clientConnection << " attempting to pull upstream data"); + debugs(33, 5, reply << " written " << http->out.size << " into " << clientConnection); /* More data will be coming from the stream. */ StoreIOBuffer readBuffer; @@ -2578,7 +2583,7 @@ clientReplyContext *repContext = dynamic_cast(node->data.getRaw()); assert(repContext); debugs(33, 5, "Responding with delated error for " << http->uri); - repContext->setReplyToStoreEntry(sslServerBump->entry); + repContext->setReplyToStoreEntry(sslServerBump->entry, "delayed SslBump error"); // save the original request for logging purposes if (!context->http->al->request) { @@ -3888,9 +3893,9 @@ assert(sslBumpCertKey.defined() && sslBumpCertKey[0] != '\0'); debugs(33, 5, HERE << "Finding SSL certificate for " << sslBumpCertKey << " in cache"); - Ssl::LocalContextStorage & ssl_ctx_cache(Ssl::TheGlobalContextStorage.getLocalStorage(port->s)); + Ssl::LocalContextStorage *ssl_ctx_cache = Ssl::TheGlobalContextStorage.getLocalStorage(port->s); SSL_CTX * dynCtx = NULL; - Ssl::SSL_CTX_Pointer *cachedCtx = ssl_ctx_cache.get(sslBumpCertKey.termedBuf()); + Ssl::SSL_CTX_Pointer *cachedCtx = ssl_ctx_cache ? ssl_ctx_cache->get(sslBumpCertKey.termedBuf()) : NULL; if (cachedCtx && (dynCtx = cachedCtx->get())) { debugs(33, 5, HERE << "SSL certificate for " << sslBumpCertKey << " have found in cache"); if (Ssl::verifySslCertificate(dynCtx, certProperties)) { @@ -3899,7 +3904,8 @@ return; } else { debugs(33, 5, HERE << "Cached SSL certificate for " << sslBumpCertKey << " is out of date. Delete this certificate from cache"); - ssl_ctx_cache.del(sslBumpCertKey.termedBuf()); + if (ssl_ctx_cache) + ssl_ctx_cache->del(sslBumpCertKey.termedBuf()); } } else { debugs(33, 5, HERE << "SSL certificate for " << sslBumpCertKey << " haven't found in cache"); @@ -3951,10 +3957,10 @@ } //else it is self-signed or untrusted do not attrach any certificate - Ssl::LocalContextStorage & ssl_ctx_cache(Ssl::TheGlobalContextStorage.getLocalStorage(port->s)); + Ssl::LocalContextStorage *ssl_ctx_cache = Ssl::TheGlobalContextStorage.getLocalStorage(port->s); assert(sslBumpCertKey.defined() && sslBumpCertKey[0] != '\0'); if (sslContext) { - if (!ssl_ctx_cache.add(sslBumpCertKey.termedBuf(), new Ssl::SSL_CTX_Pointer(sslContext))) { + if (!ssl_ctx_cache || !ssl_ctx_cache->add(sslBumpCertKey.termedBuf(), new Ssl::SSL_CTX_Pointer(sslContext))) { // If it is not in storage delete after using. Else storage deleted it. fd_table[clientConnection->fd].dynamicSslContext = sslContext; } diff -u -r -N squid-3.4.3/src/client_side_reply.cc squid-3.4.4/src/client_side_reply.cc --- squid-3.4.3/src/client_side_reply.cc 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/client_side_reply.cc 2014-03-09 22:40:56.000000000 +1300 @@ -132,13 +132,18 @@ http->al->http.code = errstate->httpStatus; + if (http->request) + http->request->ignoreRange("responding with a Squid-generated error"); + createStoreEntry(method, RequestFlags()); assert(errstate->callback_data == NULL); errorAppendEntry(http->storeEntry(), errstate); /* Now the caller reads to get this */ } -void clientReplyContext::setReplyToStoreEntry(StoreEntry *entry) +// Assumes that the entry contains an error response without Content-Range. +// To use with regular entries, make HTTP Range header removal conditional. +void clientReplyContext::setReplyToStoreEntry(StoreEntry *entry, const char *reason) { entry->lock(); // removeClientStoreReference() unlocks sc = storeClientListAdd(entry, this); @@ -147,6 +152,8 @@ #endif reqofs = 0; reqsize = 0; + if (http->request) + http->request->ignoreRange(reason); flags.storelogiccomplete = 1; http->storeEntry(entry); } diff -u -r -N squid-3.4.3/src/client_side_reply.h squid-3.4.4/src/client_side_reply.h --- squid-3.4.3/src/client_side_reply.h 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/client_side_reply.h 2014-03-09 22:40:56.000000000 +1300 @@ -68,7 +68,7 @@ int storeOKTransferDone() const; int storeNotOKTransferDone() const; /// replaces current response store entry with the given one - void setReplyToStoreEntry(StoreEntry *e); + void setReplyToStoreEntry(StoreEntry *e, const char *reason); /// builds error using clientBuildError() and calls setReplyToError() below void setReplyToError(err_type, Http::StatusCode, const HttpRequestMethod&, char const *, Ip::Address &, HttpRequest *, const char *, #if USE_AUTH diff -u -r -N squid-3.4.3/src/client_side_request.cc squid-3.4.4/src/client_side_request.cc --- squid-3.4.3/src/client_side_request.cc 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/client_side_request.cc 2014-03-09 22:40:56.000000000 +1300 @@ -848,11 +848,12 @@ #if ICAP_CLIENT Adaptation::Icap::History::Pointer ih = request->icapHistory(); if (ih != NULL) { - if (getConn() != NULL) { + if (getConn() != NULL && getConn()->clientConnection != NULL) { ih->rfc931 = getConn()->clientConnection->rfc931; #if USE_SSL - assert(getConn()->clientConnection != NULL); - ih->ssluser = sslGetUserEmail(fd_table[getConn()->clientConnection->fd].ssl); + if (getConn()->clientConnection->isOpen()) { + ih->ssluser = sslGetUserEmail(fd_table[getConn()->clientConnection->fd].ssl); + } #endif } ih->log_uri = log_uri; @@ -1144,8 +1145,7 @@ else { req_hdr->delById(HDR_RANGE); req_hdr->delById(HDR_REQUEST_RANGE); - delete request->range; - request->range = NULL; + request->ignoreRange("neither HEAD nor GET"); } if (req_hdr->has(HDR_AUTHORIZATION)) @@ -1812,7 +1812,7 @@ clientStreamNode *node = (clientStreamNode *)client_stream.tail->prev->data; clientReplyContext *repContext = dynamic_cast(node->data.getRaw()); assert (repContext); - repContext->setReplyToStoreEntry(e); + repContext->setReplyToStoreEntry(e, "immediate SslBump error"); errorAppendEntry(e, calloutContext->error); calloutContext->error = NULL; if (calloutContext->readNextRequest) diff -u -r -N squid-3.4.3/src/DiskIO/IpcIo/IpcIoFile.cc squid-3.4.4/src/DiskIO/IpcIo/IpcIoFile.cc --- squid-3.4.3/src/DiskIO/IpcIo/IpcIoFile.cc 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/DiskIO/IpcIo/IpcIoFile.cc 2014-03-09 22:40:56.000000000 +1300 @@ -301,9 +301,11 @@ /// track a new pending request void -IpcIoFile::trackPendingRequest(IpcIoPendingRequest *const pending) +IpcIoFile::trackPendingRequest(const unsigned int id, IpcIoPendingRequest *const pending) { - newerRequests->insert(std::make_pair(lastRequestId, pending)); + const std::pair result = + newerRequests->insert(std::make_pair(id, pending)); + Must(result.second); // failures means that id was not unique if (!timeoutCheckScheduled) scheduleTimeoutCheck(); } @@ -313,6 +315,7 @@ IpcIoFile::push(IpcIoPendingRequest *const pending) { // prevent queue overflows: check for responses to earlier requests + // warning: this call may result in indirect push() recursion HandleResponses("before push"); debugs(47, 7, HERE); @@ -322,6 +325,8 @@ IpcIoMsg ipcIo; try { + if (++lastRequestId == 0) // don't use zero value as requestId + ++lastRequestId; ipcIo.requestId = lastRequestId; ipcIo.start = current_time; if (pending->readRequest) { @@ -345,7 +350,7 @@ if (queue->push(diskId, ipcIo)) Notify(diskId); // must notify disker - trackPendingRequest(pending); + trackPendingRequest(ipcIo.requestId, pending); } catch (const Queue::Full &) { debugs(47, DBG_IMPORTANT, "Worker I/O push queue overflow: " << SipcIo(KidIdentifier, ipcIo, diskId)); // TODO: report queue len @@ -603,9 +608,6 @@ IpcIoPendingRequest::IpcIoPendingRequest(const IpcIoFile::Pointer &aFile): file(aFile), readRequest(NULL), writeRequest(NULL) { - Must(file != NULL); - if (++file->lastRequestId == 0) // don't use zero value as requestId - ++file->lastRequestId; } void diff -u -r -N squid-3.4.3/src/DiskIO/IpcIo/IpcIoFile.h squid-3.4.4/src/DiskIO/IpcIo/IpcIoFile.h --- squid-3.4.3/src/DiskIO/IpcIo/IpcIoFile.h 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/DiskIO/IpcIo/IpcIoFile.h 2014-03-09 22:40:56.000000000 +1300 @@ -85,7 +85,7 @@ bool canWait() const; private: - void trackPendingRequest(IpcIoPendingRequest *const pending); + void trackPendingRequest(const unsigned int id, IpcIoPendingRequest *const pending); void push(IpcIoPendingRequest *const pending); IpcIoPendingRequest *dequeueRequest(const unsigned int requestId); diff -u -r -N squid-3.4.3/src/helper.cc squid-3.4.4/src/helper.cc --- squid-3.4.3/src/helper.cc 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/helper.cc 2014-03-09 22:40:56.000000000 +1300 @@ -85,6 +85,8 @@ CBDATA_CLASS_INIT(statefulhelper); CBDATA_TYPE(helper_stateful_server); +InstanceIdDefinitions(HelperServerBase, "Hlpr"); + void HelperServerBase::initStats() { @@ -98,8 +100,6 @@ HelperServerBase::closePipesSafely() { #if _SQUID_WINDOWS_ - int no = index + 1; - shutdown(writePipe->fd, SD_BOTH); #endif @@ -115,7 +115,7 @@ if (WaitForSingleObject(hIpc, 5000) != WAIT_OBJECT_0) { getCurrentTime(); debugs(84, DBG_IMPORTANT, "WARNING: " << hlp->id_name << - " #" << no << " (" << hlp->cmdline->key << "," << + " #" << index << " (" << hlp->cmdline->key << "," << (long int)pid << ") didn't exit in 5 seconds"); } CloseHandle(hIpc); @@ -127,8 +127,6 @@ HelperServerBase::closeWritePipeSafely() { #if _SQUID_WINDOWS_ - int no = index + 1; - shutdown(writePipe->fd, (readPipe->fd == writePipe->fd ? SD_BOTH : SD_SEND)); #endif @@ -142,7 +140,7 @@ if (WaitForSingleObject(hIpc, 5000) != WAIT_OBJECT_0) { getCurrentTime(); debugs(84, DBG_IMPORTANT, "WARNING: " << hlp->id_name << - " #" << no << " (" << hlp->cmdline->key << "," << + " #" << index << " (" << hlp->cmdline->key << "," << (long int)pid << ") didn't exit in 5 seconds"); } CloseHandle(hIpc); @@ -228,7 +226,6 @@ srv->hIpc = hIpc; srv->pid = pid; srv->initStats(); - srv->index = k; srv->addr = hlp->addr; srv->readPipe = new Comm::Connection; srv->readPipe->fd = rfd; @@ -350,7 +347,6 @@ srv->pid = pid; srv->flags.reserved = false; srv->initStats(); - srv->index = k; srv->addr = hlp->addr; srv->readPipe = new Comm::Connection; srv->readPipe->fd = rfd; @@ -514,7 +510,7 @@ hlp->stats.avg_svc_time); storeAppendPrintf(sentry, "\n"); storeAppendPrintf(sentry, "%7s\t%7s\t%7s\t%11s\t%11s\t%s\t%7s\t%7s\t%7s\n", - "#", + "ID #", "FD", "PID", "# Requests", @@ -527,8 +523,8 @@ for (dlink_node *link = hlp->servers.head; link; link = link->next) { helper_server *srv = (helper_server*)link->data; double tt = 0.001 * (srv->requests[0] ? tvSubMsec(srv->requests[0]->dispatch_time, current_time) : tvSubMsec(srv->dispatch_time, srv->answer_time)); - storeAppendPrintf(sentry, "%7d\t%7d\t%7d\t%11" PRIu64 "\t%11" PRIu64 "\t%c%c%c%c\t%7.3f\t%7d\t%s\n", - srv->index + 1, + storeAppendPrintf(sentry, "%7u\t%7d\t%7d\t%11" PRIu64 "\t%11" PRIu64 "\t%c%c%c%c\t%7.3f\t%7d\t%s\n", + srv->index.value, srv->readPipe->fd, srv->pid, srv->stats.uses, @@ -569,7 +565,7 @@ hlp->stats.avg_svc_time); storeAppendPrintf(sentry, "\n"); storeAppendPrintf(sentry, "%7s\t%7s\t%7s\t%11s\t%11s\t%6s\t%7s\t%7s\t%7s\n", - "#", + "ID #", "FD", "PID", "# Requests", @@ -582,8 +578,8 @@ for (dlink_node *link = hlp->servers.head; link; link = link->next) { helper_stateful_server *srv = (helper_stateful_server *)link->data; double tt = 0.001 * tvSubMsec(srv->dispatch_time, srv->flags.busy ? current_time : srv->answer_time); - storeAppendPrintf(sentry, "%7d\t%7d\t%7d\t%11" PRIu64 "\t%11" PRIu64 "\t%c%c%c%c%c\t%7.3f\t%7d\t%s\n", - srv->index + 1, + storeAppendPrintf(sentry, "%7u\t%7d\t%7d\t%11" PRIu64 "\t%11" PRIu64 "\t%c%c%c%c%c\t%7.3f\t%7d\t%s\n", + srv->index.value, srv->readPipe->fd, srv->pid, srv->stats.uses, @@ -617,7 +613,7 @@ link = link->next; if (srv->flags.shutdown) { - debugs(84, 3, "helperShutdown: " << hlp->id_name << " #" << srv->index + 1 << " has already SHUT DOWN."); + debugs(84, 3, "helperShutdown: " << hlp->id_name << " #" << srv->index << " has already SHUT DOWN."); continue; } @@ -626,16 +622,16 @@ srv->flags.shutdown = true; /* request it to shut itself down */ if (srv->flags.closing) { - debugs(84, 3, "helperShutdown: " << hlp->id_name << " #" << srv->index + 1 << " is CLOSING."); + debugs(84, 3, "helperShutdown: " << hlp->id_name << " #" << srv->index << " is CLOSING."); continue; } if (srv->stats.pending) { - debugs(84, 3, "helperShutdown: " << hlp->id_name << " #" << srv->index + 1 << " is BUSY."); + debugs(84, 3, "helperShutdown: " << hlp->id_name << " #" << srv->index << " is BUSY."); continue; } - debugs(84, 3, "helperShutdown: " << hlp->id_name << " #" << srv->index + 1 << " shutting down."); + debugs(84, 3, "helperShutdown: " << hlp->id_name << " #" << srv->index << " shutting down."); /* the rest of the details is dealt with in the helperServerFree * close handler */ @@ -654,7 +650,7 @@ link = link->next; if (srv->flags.shutdown) { - debugs(84, 3, "helperStatefulShutdown: " << hlp->id_name << " #" << srv->index + 1 << " has already SHUT DOWN."); + debugs(84, 3, "helperStatefulShutdown: " << hlp->id_name << " #" << srv->index << " has already SHUT DOWN."); continue; } @@ -663,25 +659,25 @@ srv->flags.shutdown = true; /* request it to shut itself down */ if (srv->flags.busy) { - debugs(84, 3, "helperStatefulShutdown: " << hlp->id_name << " #" << srv->index + 1 << " is BUSY."); + debugs(84, 3, "helperStatefulShutdown: " << hlp->id_name << " #" << srv->index << " is BUSY."); continue; } if (srv->flags.closing) { - debugs(84, 3, "helperStatefulShutdown: " << hlp->id_name << " #" << srv->index + 1 << " is CLOSING."); + debugs(84, 3, "helperStatefulShutdown: " << hlp->id_name << " #" << srv->index << " is CLOSING."); continue; } if (srv->flags.reserved) { if (shutting_down) { - debugs(84, 3, "helperStatefulShutdown: " << hlp->id_name << " #" << srv->index + 1 << " is RESERVED. Closing anyway."); + debugs(84, 3, "helperStatefulShutdown: " << hlp->id_name << " #" << srv->index << " is RESERVED. Closing anyway."); } else { - debugs(84, 3, "helperStatefulShutdown: " << hlp->id_name << " #" << srv->index + 1 << " is RESERVED. Not Shutting Down Yet."); + debugs(84, 3, "helperStatefulShutdown: " << hlp->id_name << " #" << srv->index << " is RESERVED. Not Shutting Down Yet."); continue; } } - debugs(84, 3, "helperStatefulShutdown: " << hlp->id_name << " #" << srv->index + 1 << " shutting down."); + debugs(84, 3, "helperStatefulShutdown: " << hlp->id_name << " #" << srv->index << " shutting down."); /* the rest of the details is dealt with in the helperStatefulServerFree * close handler @@ -737,7 +733,7 @@ if (!srv->flags.shutdown) { assert(hlp->childs.n_active > 0); -- hlp->childs.n_active; - debugs(84, DBG_CRITICAL, "WARNING: " << hlp->id_name << " #" << srv->index + 1 << " exited"); + debugs(84, DBG_CRITICAL, "WARNING: " << hlp->id_name << " #" << srv->index << " exited"); if (hlp->childs.needNew() > 0) { debugs(80, DBG_IMPORTANT, "Too few " << hlp->id_name << " processes are running (need " << hlp->childs.needNew() << "/" << hlp->childs.n_max << ")"); @@ -805,7 +801,7 @@ if (!srv->flags.shutdown) { assert( hlp->childs.n_active > 0); -- hlp->childs.n_active; - debugs(84, DBG_CRITICAL, "WARNING: " << hlp->id_name << " #" << srv->index + 1 << " exited"); + debugs(84, DBG_CRITICAL, "WARNING: " << hlp->id_name << " #" << srv->index << " exited"); if (hlp->childs.needNew() > 0) { debugs(80, DBG_IMPORTANT, "Too few " << hlp->id_name << " processes are running (need " << hlp->childs.needNew() << "/" << hlp->childs.n_max << ")"); @@ -879,7 +875,7 @@ helperRequestFree(r); } else { debugs(84, DBG_IMPORTANT, "helperHandleRead: unexpected reply on channel " << - request_number << " from " << hlp->id_name << " #" << srv->index + 1 << + request_number << " from " << hlp->id_name << " #" << srv->index << " '" << srv->rbuf << "'"); } @@ -907,7 +903,7 @@ assert(conn->fd == srv->readPipe->fd); - debugs(84, 5, "helperHandleRead: " << len << " bytes from " << hlp->id_name << " #" << srv->index + 1); + debugs(84, 5, "helperHandleRead: " << len << " bytes from " << hlp->id_name << " #" << srv->index); if (flag != COMM_OK || len == 0) { srv->closePipesSafely(); @@ -921,7 +917,7 @@ if (!srv->stats.pending) { /* someone spoke without being spoken to */ debugs(84, DBG_IMPORTANT, "helperHandleRead: unexpected read from " << - hlp->id_name << " #" << srv->index + 1 << ", " << (int)len << + hlp->id_name << " #" << srv->index << ", " << (int)len << " bytes '" << srv->rbuf << "'"); srv->roffset = 0; @@ -974,8 +970,7 @@ if (!spaceSize) { debugs(84, DBG_IMPORTANT, "ERROR: Disconnecting from a " << "helper that overflowed " << srv->rbuf_sz << "-byte " << - "Squid input buffer: " << hlp->id_name << " #" << - (srv->index + 1)); + "Squid input buffer: " << hlp->id_name << " #" << srv->index); srv->closePipesSafely(); return; } @@ -1004,7 +999,7 @@ assert(conn->fd == srv->readPipe->fd); debugs(84, 5, "helperStatefulHandleRead: " << len << " bytes from " << - hlp->id_name << " #" << srv->index + 1); + hlp->id_name << " #" << srv->index); if (flag != COMM_OK || len == 0) { srv->closePipesSafely(); @@ -1019,7 +1014,7 @@ if (r == NULL) { /* someone spoke without being spoken to */ debugs(84, DBG_IMPORTANT, "helperStatefulHandleRead: unexpected read from " << - hlp->id_name << " #" << srv->index + 1 << ", " << (int)len << + hlp->id_name << " #" << srv->index << ", " << (int)len << " bytes '" << srv->rbuf << "'"); srv->roffset = 0; @@ -1095,8 +1090,7 @@ if (!spaceSize) { debugs(84, DBG_IMPORTANT, "ERROR: Disconnecting from a " << "helper that overflowed " << srv->rbuf_sz << "-byte " << - "Squid input buffer: " << hlp->id_name << " #" << - (srv->index + 1)); + "Squid input buffer: " << hlp->id_name << " #" << srv->index); srv->closePipesSafely(); return; } @@ -1297,7 +1291,7 @@ if (flag != COMM_OK) { /* Helper server has crashed */ - debugs(84, DBG_CRITICAL, "helperDispatch: Helper " << srv->parent->id_name << " #" << srv->index + 1 << " has crashed"); + debugs(84, DBG_CRITICAL, "helperDispatch: Helper " << srv->parent->id_name << " #" << srv->index << " has crashed"); return; } @@ -1353,7 +1347,7 @@ Comm::Write(srv->writePipe, srv->writebuf->content(), srv->writebuf->contentSize(), call, NULL); } - debugs(84, 5, "helperDispatch: Request sent to " << hlp->id_name << " #" << srv->index + 1 << ", " << strlen(r->buf) << " bytes"); + debugs(84, 5, "helperDispatch: Request sent to " << hlp->id_name << " #" << srv->index << ", " << strlen(r->buf) << " bytes"); ++ srv->stats.uses; ++ srv->stats.pending; @@ -1379,7 +1373,7 @@ return; } - debugs(84, 9, "helperStatefulDispatch busying helper " << hlp->id_name << " #" << srv->index + 1); + debugs(84, 9, "helperStatefulDispatch busying helper " << hlp->id_name << " #" << srv->index); if (r->placeholder == 1) { /* a callback is needed before this request can _use_ a helper. */ @@ -1407,7 +1401,7 @@ CommIoCbPtrFun(helperStatefulDispatchWriteDone, hlp)); Comm::Write(srv->writePipe, r->buf, strlen(r->buf), call, NULL); debugs(84, 5, "helperStatefulDispatch: Request sent to " << - hlp->id_name << " #" << srv->index + 1 << ", " << + hlp->id_name << " #" << srv->index << ", " << (int) strlen(r->buf) << " bytes"); ++ srv->stats.uses; diff -u -r -N squid-3.4.3/src/helper.h squid-3.4.4/src/helper.h --- squid-3.4.3/src/helper.h 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/helper.h 2014-03-09 22:40:56.000000000 +1300 @@ -34,6 +34,7 @@ #define SQUID_HELPER_H #include "base/AsyncCall.h" +#include "base/InstanceId.h" #include "cbdata.h" #include "comm/forward.h" #include "dlink.h" @@ -115,7 +116,9 @@ void closeWritePipeSafely(); public: - int index; + /// Helper program identifier; does not change when contents do, + /// including during assignment + const InstanceId index; int pid; Ip::Address addr; Comm::ConnectionPointer readPipe; diff -u -r -N squid-3.4.3/src/http.cc squid-3.4.4/src/http.cc --- squid-3.4.3/src/http.cc 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/http.cc 2014-03-09 22:40:56.000000000 +1300 @@ -1725,8 +1725,7 @@ /* don't cache the result */ request->flags.cachable = false; /* pretend it's not a range request */ - delete request->range; - request->range = NULL; + request->ignoreRange("want to request the whole object"); request->flags.isRanged = false; } diff -u -r -N squid-3.4.3/src/HttpRequest.cc squid-3.4.4/src/HttpRequest.cc --- squid-3.4.3/src/HttpRequest.cc 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/HttpRequest.cc 2014-03-09 22:40:56.000000000 +1300 @@ -596,6 +596,7 @@ switch (protocol) { case AnyP::PROTO_HTTP: + case AnyP::PROTO_HTTPS: if (!method.respMaybeCacheable()) return false; @@ -665,6 +666,20 @@ return rangeOffsetLimit; } +void +HttpRequest::ignoreRange(const char *reason) +{ + if (range) { + debugs(73, 3, static_cast(range) << " for " << reason); + delete range; + range = NULL; + } + // Some callers also reset isRanged but it may not be safe for all callers: + // isRanged is used to determine whether a weak ETag comparison is allowed, + // and that check should not ignore the Range header if it was present. + // TODO: Some callers also delete HDR_RANGE, HDR_REQUEST_RANGE. Should we? +} + bool HttpRequest::canHandle1xx() const { diff -u -r -N squid-3.4.3/src/HttpRequest.h squid-3.4.4/src/HttpRequest.h --- squid-3.4.3/src/HttpRequest.h 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/HttpRequest.h 2014-03-09 22:40:56.000000000 +1300 @@ -262,6 +262,8 @@ */ CbcPointer clientConnectionManager; + /// forgets about the cached Range header (for a reason) + void ignoreRange(const char *reason); int64_t getRangeOffsetLimit(); /* the result of this function gets cached in rangeOffsetLimit */ private: diff -u -r -N squid-3.4.3/src/MemBlob.cc squid-3.4.4/src/MemBlob.cc --- squid-3.4.3/src/MemBlob.cc 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/MemBlob.cc 2014-03-09 22:40:56.000000000 +1300 @@ -122,8 +122,7 @@ if (n > 0) { // appending zero bytes is allowed but only affects the stats Must(willFit(n)); Must(source); - /// \note memcpy() is safe because we copy to an unused area - memcpy(mem + size, source, n); + memmove(mem + size, source, n); size += n; } ++Stats.append; diff -u -r -N squid-3.4.3/src/snmp_core.cc squid-3.4.4/src/snmp_core.cc --- squid-3.4.3/src/snmp_core.cc 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/snmp_core.cc 2014-03-09 22:40:56.000000000 +1300 @@ -59,7 +59,7 @@ static mib_tree_entry *snmpAddNode(oid * name, int len, oid_ParseFn * parsefunction, instance_Fn * instancefunction, AggrType aggrType, int children,...); static oid *snmpCreateOid(int length,...); mib_tree_entry * snmpLookupNodeStr(mib_tree_entry *entry, const char *str); -int snmpCreateOidFromStr(const char *str, oid **name, int *nl); +bool snmpCreateOidFromStr(const char *str, oid **name, int *nl); SQUIDCEXTERN void (*snmplib_debug_hook) (int, char *); static oid *static_Inst(oid * name, snint * len, mib_tree_entry * current, oid_ParseFn ** Fn); static oid *time_Inst(oid * name, snint * len, mib_tree_entry * current, oid_ParseFn ** Fn); @@ -951,26 +951,29 @@ return e; } -int +bool snmpCreateOidFromStr(const char *str, oid **name, int *nl) { char const *delim = "."; - char *p; *name = NULL; *nl = 0; - char *s = xstrdup(str); - char *s_ = s; + const char *s = str; /* Parse the OID string into oid bits */ - while ( (p = strsep(&s_, delim)) != NULL) { + while (size_t len = strcspn(s, delim)) { *name = (oid*)xrealloc(*name, sizeof(oid) * ((*nl) + 1)); - (*name)[*nl] = atoi(p); + (*name)[*nl] = atoi(s); // stops at the '.' delimiter ++(*nl); + // exit with true when the last octet has been parsed + if (s[len] == '\0') + return true; + s += len+1; } - xfree(s); - return 1; + // if we aborted before the lst octet was found, return false. + safe_free(name); + return false; } /* diff -u -r -N squid-3.4.3/src/ssl/context_storage.cc squid-3.4.4/src/ssl/context_storage.cc --- squid-3.4.3/src/ssl/context_storage.cc 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/ssl/context_storage.cc 2014-03-09 22:40:56.000000000 +1300 @@ -65,16 +65,20 @@ configureStorage.insert(std::pair(address, size_of_store)); } -Ssl::LocalContextStorage & Ssl::GlobalContextStorage::getLocalStorage(Ip::Address const & address) +Ssl::LocalContextStorage *Ssl::GlobalContextStorage::getLocalStorage(Ip::Address const & address) { reconfigureFinish(); std::map::iterator i = storage.find(address); - assert (i != storage.end()); - return *(i->second); + + if (i == storage.end()) + return NULL; + else + return i->second; } void Ssl::GlobalContextStorage::reconfigureStart() { + configureStorage.clear(); reconfiguring = true; } @@ -86,7 +90,7 @@ // remove or change old local storages. for (std::map::iterator i = storage.begin(); i != storage.end(); ++i) { std::map::iterator conf_i = configureStorage.find(i->first); - if (conf_i == configureStorage.end()) { + if (conf_i == configureStorage.end() || conf_i->second <= 0) { storage.erase(i); } else { i->second->setMemLimit(conf_i->second); @@ -95,7 +99,7 @@ // add new local storages. for (std::map::iterator conf_i = configureStorage.begin(); conf_i != configureStorage.end(); ++conf_i ) { - if (storage.find(conf_i->first) == storage.end()) { + if (storage.find(conf_i->first) == storage.end() && conf_i->second > 0) { storage.insert(std::pair(conf_i->first, new LocalContextStorage(-1, conf_i->second))); } } diff -u -r -N squid-3.4.3/src/ssl/context_storage.h squid-3.4.4/src/ssl/context_storage.h --- squid-3.4.3/src/ssl/context_storage.h 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/ssl/context_storage.h 2014-03-09 22:40:56.000000000 +1300 @@ -52,7 +52,7 @@ /// Create new SSL context storage for the local listening address/port. void addLocalStorage(Ip::Address const & address, size_t size_of_store); /// Return the local storage for the given listening address/port. - LocalContextStorage & getLocalStorage(Ip::Address const & address); + LocalContextStorage *getLocalStorage(Ip::Address const & address); /// When reconfigring should be called this method. void reconfigureStart(); private: diff -u -r -N squid-3.4.3/src/tests/stub_libsslsquid.cc squid-3.4.4/src/tests/stub_libsslsquid.cc --- squid-3.4.3/src/tests/stub_libsslsquid.cc 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/tests/stub_libsslsquid.cc 2014-03-09 22:40:56.000000000 +1300 @@ -27,8 +27,8 @@ Ssl::CertificateStorageAction::Pointer Ssl::CertificateStorageAction::Create(const Mgr::Command::Pointer &cmd) STUB_RETSTATREF(Ssl::CertificateStorageAction::Pointer) void Ssl::CertificateStorageAction::dump(StoreEntry *sentry) STUB void Ssl::GlobalContextStorage::addLocalStorage(Ip::Address const & address, size_t size_of_store) STUB -Ssl::LocalContextStorage & Ssl::GlobalContextStorage::getLocalStorage(Ip::Address const & address) -{ fatal(STUB_API " required"); static Ssl::LocalContextStorage v(0,0); return v; } +Ssl::LocalContextStorage *Ssl::GlobalContextStorage::getLocalStorage(Ip::Address const & address) +{ fatal(STUB_API " required"); static Ssl::LocalContextStorage v(0,0); return &v; } void Ssl::GlobalContextStorage::reconfigureStart() STUB //Ssl::GlobalContextStorage Ssl::TheGlobalContextStorage; diff -u -r -N squid-3.4.3/src/tools.cc squid-3.4.4/src/tools.cc --- squid-3.4.3/src/tools.cc 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/tools.cc 2014-03-09 22:40:56.000000000 +1300 @@ -131,7 +131,14 @@ FILE *fp = NULL; static char command[256]; - const mode_t prev_umask=umask(S_IRWXU); + /* + * NP: umask() takes the mask of bits we DONT want set. + * + * We want the current user to have read/write access + * and since this file will be passed to mailsystem, + * the group and other must have read access. + */ + const mode_t prev_umask=umask(S_IXUSR|S_IXGRP|S_IWGRP|S_IWOTH|S_IXOTH); #if HAVE_MKSTEMP char filename[] = "/tmp/squid-XXXXXX"; diff -u -r -N squid-3.4.3/src/wccp2.cc squid-3.4.4/src/wccp2.cc --- squid-3.4.3/src/wccp2.cc 2014-02-02 21:41:53.000000000 +1300 +++ squid-3.4.4/src/wccp2.cc 2014-03-09 22:40:56.000000000 +1300 @@ -38,7 +38,6 @@ #include "comm.h" #include "comm/Connection.h" #include "comm/Loops.h" -#include "compat/strsep.h" #include "event.h" #include "ip/Address.h" #include "md5.h" @@ -2206,82 +2205,72 @@ static int parse_wccp2_service_flags(char *flags) { - char *tmp, *tmp2; - char *flag; - int retflag = 0; - - if (!flags) { + if (!flags) return 0; - } - tmp = xstrdup(flags); - tmp2 = tmp; + char *flag = flags; + int retflag = 0; - flag = strsep(&tmp2, ","); + while (size_t len = strcspn(flag, ",")) { - while (flag) { - if (strcmp(flag, "src_ip_hash") == 0) { + if (strncmp(flag, "src_ip_hash", len) == 0) { retflag |= WCCP2_SERVICE_SRC_IP_HASH; - } else if (strcmp(flag, "dst_ip_hash") == 0) { + } else if (strncmp(flag, "dst_ip_hash", len) == 0) { retflag |= WCCP2_SERVICE_DST_IP_HASH; - } else if (strcmp(flag, "source_port_hash") == 0) { + } else if (strncmp(flag, "source_port_hash", len) == 0) { retflag |= WCCP2_SERVICE_SRC_PORT_HASH; - } else if (strcmp(flag, "dst_port_hash") == 0) { + } else if (strncmp(flag, "dst_port_hash", len) == 0) { retflag |= WCCP2_SERVICE_DST_PORT_HASH; - } else if (strcmp(flag, "ports_source") == 0) { + } else if (strncmp(flag, "ports_source", len) == 0) { retflag |= WCCP2_SERVICE_PORTS_SOURCE; - } else if (strcmp(flag, "src_ip_alt_hash") == 0) { + } else if (strncmp(flag, "src_ip_alt_hash", len) == 0) { retflag |= WCCP2_SERVICE_SRC_IP_ALT_HASH; - } else if (strcmp(flag, "dst_ip_alt_hash") == 0) { + } else if (strncmp(flag, "dst_ip_alt_hash", len) == 0) { retflag |= WCCP2_SERVICE_DST_IP_ALT_HASH; - } else if (strcmp(flag, "src_port_alt_hash") == 0) { + } else if (strncmp(flag, "src_port_alt_hash", len) == 0) { retflag |= WCCP2_SERVICE_SRC_PORT_ALT_HASH; - } else if (strcmp(flag, "dst_port_alt_hash") == 0) { + } else if (strncmp(flag, "dst_port_alt_hash", len) == 0) { retflag |= WCCP2_SERVICE_DST_PORT_ALT_HASH; } else { + flag[len] = '\0'; fatalf("Unknown wccp2 service flag: %s\n", flag); } - flag = strsep(&tmp2, ","); + if (flag[len] == '\0') + break; + + flag += len+1; } - xfree(tmp); return retflag; } static void parse_wccp2_service_ports(char *options, int portlist[]) { - int i = 0; - int p; - char *tmp, *tmp2, *port; - if (!options) { return; } - tmp = xstrdup(options); - tmp2 = tmp; - - port = strsep(&tmp2, ","); + int i = 0; + char *tmp = options; - while (port && i < WCCP2_NUMPORTS) { - p = xatoi(port); + while (size_t len = strcspn(tmp, ",")) { + if (i >= WCCP2_NUMPORTS) { + fatalf("parse_wccp2_service_ports: too many ports (maximum: 8) in list '%s'\n", options); + } + int p = xatoi(tmp); if (p < 1 || p > 65535) { - fatalf("parse_wccp2_service_ports: port value '%s' isn't valid (1..65535)\n", port); + fatalf("parse_wccp2_service_ports: port value '%s' isn't valid (1..65535)\n", tmp); } portlist[i] = p; ++i; - port = strsep(&tmp2, ","); - } - - if (i == WCCP2_NUMPORTS && port) { - fatalf("parse_wccp2_service_ports: too many ports (maximum: 8) in list '%s'\n", options); + if (tmp[len] == '\0') + return; + tmp += len+1; } - - xfree(tmp); } void