diff -u -r -N squid-3.3.4/acinclude/lib-checks.m4 squid-3.3.5/acinclude/lib-checks.m4 --- squid-3.3.4/acinclude/lib-checks.m4 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/acinclude/lib-checks.m4 2013-05-20 23:48:55.000000000 +1200 @@ -94,3 +94,129 @@ ]) SQUID_STATE_ROLLBACK(iphlpapi) ]) + +dnl Checks whether the OpenSSL SSL_get_certificate crashes squid and if a +dnl workaround can be used instead of using the SSL_get_certificate +AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[ + AH_TEMPLATE(SQUID_SSLGETCERTIFICATE_BUGGY, "Define to 1 if the SSL_get_certificate crashes squid") + AH_TEMPLATE(SQUID_USE_SSLGETCERTIFICATE_HACK, "Define to 1 to use squid workaround for SSL_get_certificate") + SQUID_STATE_SAVE(check_SSL_get_certificate) + LIBS="$SSLLIB $LIBS" + if test "x$SSLLIBDIR" != "x"; then + LIBS="$LIBS -Wl,-rpath -Wl,$SSLLIBDIR" + fi + + AC_MSG_CHECKING(whether the SSL_get_certificate is buggy) + AC_RUN_IFELSE([ + AC_LANG_PROGRAM( + [ + #include + #include + ], + [ + SSLeay_add_ssl_algorithms(); + SSL_CTX *sslContext = SSL_CTX_new(SSLv3_method()); + SSL *ssl = SSL_new(sslContext); + X509* cert = SSL_get_certificate(ssl); + return 0; + ]) + ], + [ + AC_MSG_RESULT([no]) + ], + [ + AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 1) + AC_MSG_RESULT([yes]) + ], + []) + + AC_MSG_CHECKING(whether the workaround for SSL_get_certificate works) + AC_RUN_IFELSE([ + AC_LANG_PROGRAM( + [ + #include + #include + ], + [ + SSLeay_add_ssl_algorithms(); + SSL_CTX *sslContext = SSL_CTX_new(SSLv3_method()); + X509 ***pCert = (X509 ***)sslContext->cert; + X509 *sslCtxCert = pCert && *pCert ? **pCert : (X509 *)0x1; + if (sslCtxCert != NULL) + return 1; + return 0; + ]) + ], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 1) + ], + [ + AC_MSG_RESULT([no]) + ], +[]) + +SQUID_STATE_ROLLBACK(check_SSL_get_certificate) +]) + + +dnl Try to handle TXT_DB related problems: +dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version +dnl 2) The IMPLEMENT_LHASH_* openSSL macros in openSSL-1.0.1 and later releases is not +dnl implemented correctly and causes type conversion errors while compiling squid + +AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[ + AH_TEMPLATE(SQUID_SSLTXTDB_PSTRINGDATA, "Define to 1 if the TXT_DB uses OPENSSL_PSTRING data member") + AH_TEMPLATE(SQUID_USE_SSLLHASH_HACK, "Define to 1 to use squid workaround for openssl IMPLEMENT_LHASH_* type conversion errors") + + SQUID_STATE_SAVE(check_TXTDB) + + LIBS="$LIBS $SSLLIB" + AC_MSG_CHECKING(whether the TXT_DB use OPENSSL_PSTRING data member) + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM( + [ + #include + ], + [ + TXT_DB *db = NULL; + int i = sk_OPENSSL_PSTRING_num(db->data); + return 0; + ]) + ], + [ + AC_DEFINE(SQUID_SSLTXTDB_PSTRINGDATA, 1) + AC_MSG_RESULT([yes]) + ], + [ + AC_MSG_RESULT([no]) + ], + []) + + AC_MSG_CHECKING(whether the workaround for OpenSSL IMPLEMENT_LHASH_ macros should used) + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM( + [ + #include + + static unsigned long index_serial_hash(const char **a){} + static int index_serial_cmp(const char **a, const char **b){} + static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **) + static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **) + ], + [ + TXT_DB *db = NULL; + TXT_DB_create_index(db, 1, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp)); + ]) + ], + [ + AC_MSG_RESULT([no]) + ], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1) + ], +[]) + +SQUID_STATE_ROLLBACK(check_TXTDB) +]) diff -u -r -N squid-3.3.4/ChangeLog squid-3.3.5/ChangeLog --- squid-3.3.4/ChangeLog 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/ChangeLog 2013-05-20 23:48:55.000000000 +1200 @@ -1,4 +1,20 @@ +Changes to squid-3.3.5 (20 May 2013): + + - Bug 3851: Delay Pool class 5 tag:levels displayed incorrectly in cache manager + - Bug 3845: http_port tcpkeepalive= option fails parsing + - Bug 3840: assertion failed 'sde' in UFS cache loading + - Bug 3836: make check failures with automake-1.13 + - Bug 3827: Remove AccessLogEntry::cache.authuser + - Bug 3816 pt2: SSL_get_certificate call inside Ssl::verifySslCertificate crashes + - Bug 3780: cachemgr.cgi: output problem in HTTP Header Statistics + - Bug 3759: OpenSSL compilation error on stock Fedora17, RHEL, CentOS 6 systems + - Bug 3744: squid terminated: FATAL: Bungled (null) line 3: sslproxy_cert_sign signTrusted all + - Port from 2.6: external acl %ACL and %DATA tags + - Update copyright on SN.png + - ... and several minor memory leaks + - ... and some documentation polish + Changes to squid-3.3.4 (27 Apr 2013): - Bug 3831: basic_ncsa_auth Blowfish and SHA support @@ -74,6 +90,11 @@ - ... and many compile error fixes - ... and a very large amount of code polish for faster compilation +Changes to squid-3.2.11 (30 Apr 2013): + + - Regression Bug 3839: build error: src/tools.h: No such file or directory + - Update copyright on SN.png + Changes to squid-3.2.10 (27 Apr 2013): - Bug 3833: squidclient: Option '-k' is not present in man(1) page diff -u -r -N squid-3.3.4/configure squid-3.3.5/configure --- squid-3.3.4/configure 2013-04-27 15:35:47.000000000 +1200 +++ squid-3.3.5/configure 2013-05-20 23:50:55.000000000 +1200 @@ -1,7 +1,7 @@ #! /bin/sh # From configure.ac Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.3.4. +# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.3.5. # # Report bugs to . # @@ -575,8 +575,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='3.3.4' -PACKAGE_STRING='Squid Web Proxy 3.3.4' +PACKAGE_VERSION='3.3.5' +PACKAGE_STRING='Squid Web Proxy 3.3.5' PACKAGE_BUGREPORT='http://bugs.squid-cache.org/' PACKAGE_URL='' @@ -1570,7 +1570,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 3.3.4 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 3.3.5 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1640,7 +1640,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 3.3.4:";; + short | recursive ) echo "Configuration of Squid Web Proxy 3.3.5:";; esac cat <<\_ACEOF @@ -2014,7 +2014,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 3.3.4 +Squid Web Proxy configure 3.3.5 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -3110,7 +3110,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 3.3.4, which was +It was created by Squid Web Proxy $as_me 3.3.5, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -3929,7 +3929,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='3.3.4' + VERSION='3.3.5' cat >>confdefs.h <<_ACEOF @@ -4331,6 +4331,12 @@ + + + + + + # ============================================================================ # http://www.gnu.org/software/autoconf-archive/ax_cxx_compile_stdcxx_0x.html # ============================================================================ @@ -21018,6 +21024,282 @@ fi +if test "x$with_openssl" = "xyes"; then + + + + +# save state, key is check_SSL_get_certificate +check_SSL_get_certificate_CFLAGS="${CFLAGS}" +check_SSL_get_certificate_CXXFLAGS="${CXXFLAGS}" +check_SSL_get_certificate_LDFLAGS="${LDFLAGS}" +check_SSL_get_certificate_LIBS="${LIBS}" +check_SSL_get_certificate_CC="${CC}" +check_SSL_get_certificate_CXX="${CXX}" +check_SSL_get_certificate_squid_saved_vars="" +for squid_util_var_tosave in $check_SSL_get_certificate_squid_saved_vars +do + squid_util_var_tosave2="check_SSL_get_certificate_${squid_util_var_tosave}" + eval "${squid_util_var_tosave2}=\"${squid_util_var_tosave}\"" +done + + LIBS="$SSLLIB $LIBS" + if test "x$SSLLIBDIR" != "x"; then + LIBS="$LIBS -Wl,-rpath -Wl,$SSLLIBDIR" + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the SSL_get_certificate is buggy" >&5 +$as_echo_n "checking whether the SSL_get_certificate is buggy... " >&6; } + if test "$cross_compiling" = yes; then : + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot run test program while cross compiling +See \`config.log' for more details" "$LINENO" 5; } +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + + #include + #include + +int +main () +{ + + SSLeay_add_ssl_algorithms(); + SSL_CTX *sslContext = SSL_CTX_new(SSLv3_method()); + SSL *ssl = SSL_new(sslContext); + X509* cert = SSL_get_certificate(ssl); + return 0; + + ; + return 0; +} + +_ACEOF +if ac_fn_cxx_try_run "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +else + + $as_echo "#define SQUID_SSLGETCERTIFICATE_BUGGY 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the workaround for SSL_get_certificate works" >&5 +$as_echo_n "checking whether the workaround for SSL_get_certificate works... " >&6; } + if test "$cross_compiling" = yes; then : + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot run test program while cross compiling +See \`config.log' for more details" "$LINENO" 5; } +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + + #include + #include + +int +main () +{ + + SSLeay_add_ssl_algorithms(); + SSL_CTX *sslContext = SSL_CTX_new(SSLv3_method()); + X509 ***pCert = (X509 ***)sslContext->cert; + X509 *sslCtxCert = pCert && *pCert ? **pCert : (X509 *)0x1; + if (sslCtxCert != NULL) + return 1; + return 0; + + ; + return 0; +} + +_ACEOF +if ac_fn_cxx_try_run "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + $as_echo "#define SQUID_USE_SSLGETCERTIFICATE_HACK 1" >>confdefs.h + + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + + +# rollback state, key is check_SSL_get_certificate +CFLAGS="${check_SSL_get_certificate_CFLAGS}" +CXXFLAGS="${check_SSL_get_certificate_CXXFLAGS}" +LDFLAGS="${check_SSL_get_certificate_LDFLAGS}" +LIBS="${check_SSL_get_certificate_LIBS}" +CC="${check_SSL_get_certificate_CC}" +CXX="${check_SSL_get_certificate_CXX}" +for squid_util_var_tosave in $check_SSL_get_certificate_squid_saved_vars +do + squid_util_var_tosave2="\$check_SSL_get_certificate_${squid_util_var_tosave}" + eval "$squid_util_var_tosave=\"${squid_util_var_tosave2}\"" +done + +# commit state, key is check_SSL_get_certificate +unset check_SSL_get_certificate_CFLAGS +unset check_SSL_get_certificate_CXXFLAGS +unset check_SSL_get_certificate_LDFLAGS +unset check_SSL_get_certificate_LIBS +unset check_SSL_get_certificate_CC +unset check_SSL_get_certificate_CXX +for squid_util_var_tosave in $check_SSL_get_certificate_squid_saved_vars +do + unset ${squid_util_var_tosave} +done + + + + + + + + +# save state, key is check_TXTDB +check_TXTDB_CFLAGS="${CFLAGS}" +check_TXTDB_CXXFLAGS="${CXXFLAGS}" +check_TXTDB_LDFLAGS="${LDFLAGS}" +check_TXTDB_LIBS="${LIBS}" +check_TXTDB_CC="${CC}" +check_TXTDB_CXX="${CXX}" +check_TXTDB_squid_saved_vars="" +for squid_util_var_tosave in $check_TXTDB_squid_saved_vars +do + squid_util_var_tosave2="check_TXTDB_${squid_util_var_tosave}" + eval "${squid_util_var_tosave2}=\"${squid_util_var_tosave}\"" +done + + + LIBS="$LIBS $SSLLIB" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the TXT_DB use OPENSSL_PSTRING data member" >&5 +$as_echo_n "checking whether the TXT_DB use OPENSSL_PSTRING data member... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + + #include + +int +main () +{ + + TXT_DB *db = NULL; + int i = sk_OPENSSL_PSTRING_num(db->data); + return 0; + + ; + return 0; +} + +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + + $as_echo "#define SQUID_SSLTXTDB_PSTRINGDATA 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the workaround for OpenSSL IMPLEMENT_LHASH_ macros should used" >&5 +$as_echo_n "checking whether the workaround for OpenSSL IMPLEMENT_LHASH_ macros should used... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + + #include + + static unsigned long index_serial_hash(const char **a){} + static int index_serial_cmp(const char **a, const char **b){} + static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **) + static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **) + +int +main () +{ + + TXT_DB *db = NULL; + TXT_DB_create_index(db, 1, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp)); + + ; + return 0; +} + +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + $as_echo "#define SQUID_USE_SSLLHASH_HACK 1" >>confdefs.h + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + + +# rollback state, key is check_TXTDB +CFLAGS="${check_TXTDB_CFLAGS}" +CXXFLAGS="${check_TXTDB_CXXFLAGS}" +LDFLAGS="${check_TXTDB_LDFLAGS}" +LIBS="${check_TXTDB_LIBS}" +CC="${check_TXTDB_CC}" +CXX="${check_TXTDB_CXX}" +for squid_util_var_tosave in $check_TXTDB_squid_saved_vars +do + squid_util_var_tosave2="\$check_TXTDB_${squid_util_var_tosave}" + eval "$squid_util_var_tosave=\"${squid_util_var_tosave2}\"" +done + +# commit state, key is check_TXTDB +unset check_TXTDB_CFLAGS +unset check_TXTDB_CXXFLAGS +unset check_TXTDB_LDFLAGS +unset check_TXTDB_LIBS +unset check_TXTDB_CC +unset check_TXTDB_CXX +for squid_util_var_tosave in $check_TXTDB_squid_saved_vars +do + unset ${squid_util_var_tosave} +done + + + +fi # Check whether --enable-forw-via-db was given. if test "${enable_forw_via_db+set}" = set; then : @@ -31398,7 +31680,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 3.3.4, which was +This file was extended by Squid Web Proxy $as_me 3.3.5, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -31464,7 +31746,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Squid Web Proxy config.status 3.3.4 +Squid Web Proxy config.status 3.3.5 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff -u -r -N squid-3.3.4/configure.ac squid-3.3.5/configure.ac --- squid-3.3.4/configure.ac 2013-04-27 15:35:47.000000000 +1200 +++ squid-3.3.5/configure.ac 2013-05-20 23:50:55.000000000 +1200 @@ -1,4 +1,4 @@ -AC_INIT([Squid Web Proxy],[3.3.4],[http://bugs.squid-cache.org/],[squid]) +AC_INIT([Squid Web Proxy],[3.3.5],[http://bugs.squid-cache.org/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) @@ -1260,6 +1260,10 @@ fi AC_SUBST(SSLLIB) +if test "x$with_openssl" = "xyes"; then +SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS +SQUID_CHECK_OPENSSL_TXTDB +fi AC_ARG_ENABLE(forw-via-db, AS_HELP_STRING([--enable-forw-via-db],[Enable Forw/Via database]), [ diff -u -r -N squid-3.3.4/CREDITS squid-3.3.5/CREDITS --- squid-3.3.4/CREDITS 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/CREDITS 2013-05-20 23:48:55.000000000 +1200 @@ -540,9 +540,8 @@ Squid NOW icon - copyright Squid Project This work is licensed under the - Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported Liscence - (CC BY-NC-SA 3.0) - [ http://creativecommons.org/licenses/by-nc-sa/3.0/ ] + Creative Commons Attribution-ShareAlike 3.0 Unported Liscence (CC BY-SA 3.0) + [ http://creativecommons.org/licenses/by-sa/3.0/ ] ============================================================================== diff -u -r -N squid-3.3.4/helpers/basic_auth/DB/basic_db_auth.8 squid-3.3.5/helpers/basic_auth/DB/basic_db_auth.8 --- squid-3.3.4/helpers/basic_auth/DB/basic_db_auth.8 2013-04-27 15:59:21.000000000 +1200 +++ squid-3.3.5/helpers/basic_auth/DB/basic_db_auth.8 2013-05-21 00:24:20.000000000 +1200 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_DB_AUTH 1" -.TH BASIC_DB_AUTH 1 "2013-04-26" "perl v5.10.1" "User Contributed Perl Documentation" +.TH BASIC_DB_AUTH 1 "2013-05-20" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.3.4/helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc squid-3.3.5/helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc --- squid-3.3.4/helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc 2013-05-20 23:48:55.000000000 +1200 @@ -425,6 +425,7 @@ dp = xstrdup(rfc1738_escape(domain)); if (!domain && margs.ddomain) { domain = xstrdup(margs.ddomain); + dp = xstrdup(rfc1738_escape(domain)); if (debug_enabled) debug((char *) "%s| %s: INFO: Got User: %s set default domain: %s\n", LogTime(), PROGRAM, up, dp); else diff -u -r -N squid-3.3.4/helpers/external_acl/SQL_session/ext_sql_session_acl.8 squid-3.3.5/helpers/external_acl/SQL_session/ext_sql_session_acl.8 --- squid-3.3.4/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2013-04-27 15:59:25.000000000 +1200 +++ squid-3.3.5/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2013-05-21 00:24:25.000000000 +1200 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EXT_SQL_SESSION_ACL 1" -.TH EXT_SQL_SESSION_ACL 1 "2013-04-26" "perl v5.10.1" "User Contributed Perl Documentation" +.TH EXT_SQL_SESSION_ACL 1 "2013-05-20" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.3.4/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 squid-3.3.5/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 --- squid-3.3.4/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2013-04-27 15:59:26.000000000 +1200 +++ squid-3.3.5/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2013-05-21 00:24:26.000000000 +1200 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EXT_WBINFO_GROUP_ACL.PL.IN 1" -.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-04-26" "perl v5.10.1" "User Contributed Perl Documentation" +.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-05-20" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.3.4/helpers/log_daemon/DB/log_db_daemon.8 squid-3.3.5/helpers/log_daemon/DB/log_db_daemon.8 --- squid-3.3.4/helpers/log_daemon/DB/log_db_daemon.8 2013-04-27 15:59:26.000000000 +1200 +++ squid-3.3.5/helpers/log_daemon/DB/log_db_daemon.8 2013-05-21 00:24:26.000000000 +1200 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "LOG_DB_DAEMON 1" -.TH LOG_DB_DAEMON 1 "2013-04-26" "perl v5.10.1" "User Contributed Perl Documentation" +.TH LOG_DB_DAEMON 1 "2013-05-20" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -413,9 +413,3 @@ This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.8 or, at your option, any later version of Perl 5 you may have available. -.SH "POD ERRORS" -.IX Header "POD ERRORS" -Hey! \fBThe above document had some coding errors, which are explained below:\fR -.IP "Around line 199:" 4 -.IX Item "Around line 199:" -You forgot a '=back' before '=head1' diff -u -r -N squid-3.3.4/helpers/log_daemon/DB/log_db_daemon.pl.in squid-3.3.5/helpers/log_daemon/DB/log_db_daemon.pl.in --- squid-3.3.4/helpers/log_daemon/DB/log_db_daemon.pl.in 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/helpers/log_daemon/DB/log_db_daemon.pl.in 2013-05-20 23:48:55.000000000 +1200 @@ -41,6 +41,8 @@ Write debug messages to Squid stderr or cache.log +=back + =cut # the first argument to this script is the log file path describing the DSN @@ -196,6 +198,8 @@ __END__ +=pod + =head1 DESCRIPTION This module exploits the new logfile daemon support available in squid 2.7 and 3.2 to store access log entries in a MySQL database. diff -u -r -N squid-3.3.4/include/autoconf.h.in squid-3.3.5/include/autoconf.h.in --- squid-3.3.4/include/autoconf.h.in 2013-04-27 15:35:09.000000000 +1200 +++ squid-3.3.5/include/autoconf.h.in 2013-05-20 23:49:34.000000000 +1200 @@ -1208,12 +1208,25 @@ /* Define to enable SNMP monitoring of Squid */ #undef SQUID_SNMP +/* "Define to 1 if the SSL_get_certificate crashes squid" */ +#undef SQUID_SSLGETCERTIFICATE_BUGGY + +/* "Define to 1 if the TXT_DB uses OPENSSL_PSTRING data member" */ +#undef SQUID_SSLTXTDB_PSTRINGDATA + /* TCP receive buffer size */ #undef SQUID_TCP_SO_RCVBUF /* TCP send buffer size */ #undef SQUID_TCP_SO_SNDBUF +/* "Define to 1 to use squid workaround for SSL_get_certificate" */ +#undef SQUID_USE_SSLGETCERTIFICATE_HACK + +/* "Define to 1 to use squid workaround for openssl IMPLEMENT_LHASH_* type + conversion errors" */ +#undef SQUID_USE_SSLLHASH_HACK + /* If using the C implementation of alloca, define if you know the direction of stack growth for your system; otherwise it will be automatically deduced at runtime. diff -u -r -N squid-3.3.4/include/version.h squid-3.3.5/include/version.h --- squid-3.3.4/include/version.h 2013-04-27 15:35:47.000000000 +1200 +++ squid-3.3.5/include/version.h 2013-05-20 23:50:56.000000000 +1200 @@ -7,7 +7,7 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1367033686 +#define SQUID_RELEASE_TIME 1369050531 #endif #ifndef APP_SHORTNAME diff -u -r -N squid-3.3.4/lib/libTrie/aclocal.m4 squid-3.3.5/lib/libTrie/aclocal.m4 --- squid-3.3.4/lib/libTrie/aclocal.m4 2013-04-27 15:35:41.000000000 +1200 +++ squid-3.3.5/lib/libTrie/aclocal.m4 2013-05-20 23:50:38.000000000 +1200 @@ -406,18 +406,6 @@ [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"]) ]) -# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005 -# Free Software Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# serial 8 - -# AM_CONFIG_HEADER is obsolete. It has been replaced by AC_CONFIG_HEADERS. -AU_DEFUN([AM_CONFIG_HEADER], [AC_CONFIG_HEADERS($@)]) - # Do all the work for Automake. -*- Autoconf -*- # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, diff -u -r -N squid-3.3.4/lib/libTrie/configure.ac squid-3.3.5/lib/libTrie/configure.ac --- squid-3.3.4/lib/libTrie/configure.ac 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/lib/libTrie/configure.ac 2013-05-20 23:48:55.000000000 +1200 @@ -1,7 +1,7 @@ # Process this file with autoconf to produce a configure script. AC_INIT(libTrie, 0.1, rbtcollins@squid-cache.org) AC_CONFIG_SRCDIR([src/Trie.cc]) -AM_CONFIG_HEADER([config.h]) +AC_CONFIG_HEADERS([config.h]) AC_CONFIG_AUX_DIR(cfgaux) enable_inline=${enable_inline:=yes} diff -u -r -N squid-3.3.4/RELEASENOTES.html squid-3.3.5/RELEASENOTES.html --- squid-3.3.4/RELEASENOTES.html 2013-04-27 16:00:02.000000000 +1200 +++ squid-3.3.5/RELEASENOTES.html 2013-05-21 00:24:44.000000000 +1200 @@ -1,11 +1,11 @@ - - Squid 3.3.4 release notes + + Squid 3.3.5 release notes -

Squid 3.3.4 release notes

+

Squid 3.3.5 release notes

Squid Developers

@@ -56,7 +56,7 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-3.3.4.

+

The Squid Team are pleased to announce the release of Squid-3.3.5.

This new release is available for download from http://www.squid-cache.org/Versions/v3/3.3/ or the mirrors.

@@ -275,6 +275,12 @@ ssl::certUntrusted, ssl::certSelfSigned.

+
external_acl_type
+

%ACL format tag ported from 2.6. +Sends the name of ACL being tested to the external helper.

+

%DATA format tag ported from 2.6. +Inserts the ACL arguments into a particular location of the helper input instead of at the end of the line.

+
logformat

New token %ssl::bump_mode to log the SSL-bump mode type performed on a request. Logs values of: -, none, client-first, or server-first.

@@ -394,16 +400,9 @@
error_map

Not yet ported from 2.6

-
external_acl_type
-

%ACL format tag not yet ported from 2.6

-

%DATA format tag not yet ported from 2.6

-
external_refresh_check

Not yet ported from 2.7

-
http_port
-

act-as-origin not yet ported from 2.7

-
ignore_ims_on_miss

Not yet ported from 2.7

diff -u -r -N squid-3.3.4/scripts/find-alive.pl squid-3.3.5/scripts/find-alive.pl --- squid-3.3.4/scripts/find-alive.pl 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/scripts/find-alive.pl 2013-05-20 23:48:55.000000000 +1200 @@ -23,9 +23,9 @@ 'AsyncCall.* constructed, this=(\S+)', 'AsyncCall.* destruct.*, this=(\S+)', ], - HttpReq => [ - '\bHttpRequest.* constructed, this=(\S+)', - '\bHttpRequest.* destructed, this=(\S+)', + HttpHeaderEntry => [ + '\bHttpHeaderEntry.* created HttpHeaderEntry (\S+)', + '\bHttpHeaderEntry.* destroying entry (\S+)', ], ClientSocketContext => [ '\bClientSocketContext constructing, this=(\S+)', diff -u -r -N squid-3.3.4/src/AccessLogEntry.cc squid-3.3.5/src/AccessLogEntry.cc --- squid-3.3.4/src/AccessLogEntry.cc 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/src/AccessLogEntry.cc 2013-05-20 23:48:55.000000000 +1200 @@ -37,7 +37,6 @@ #endif safe_free(headers.reply); - safe_free(cache.authuser); safe_free(headers.adapted_request); HTTPMSGUNLOCK(adapted_request); diff -u -r -N squid-3.3.4/src/AccessLogEntry.h squid-3.3.5/src/AccessLogEntry.h --- squid-3.3.4/src/AccessLogEntry.h 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/src/AccessLogEntry.h 2013-05-20 23:48:55.000000000 +1200 @@ -151,7 +151,6 @@ code (LOG_TAG_NONE), msec(0), rfc931 (NULL), - authuser (NULL), extuser(NULL), #if USE_SSL ssluser(NULL), @@ -170,7 +169,6 @@ log_type code; int msec; const char *rfc931; - const char *authuser; const char *extuser; #if USE_SSL diff -u -r -N squid-3.3.4/src/cache_cf.cc squid-3.3.5/src/cache_cf.cc --- squid-3.3.4/src/cache_cf.cc 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/src/cache_cf.cc 2013-05-20 23:48:55.000000000 +1200 @@ -300,14 +300,10 @@ static void SetConfigFilename(char const *file_name, bool is_pipe) { - cfg_filename = file_name; - - char const *token; - if (is_pipe) cfg_filename = file_name + 1; - else if ((token = strrchr(cfg_filename, '/'))) - cfg_filename = token + 1; + else + cfg_filename = file_name; } static const char* @@ -528,7 +524,7 @@ if ((token = strchr(new_file_name, '"'))) *token = '\0'; - cfg_filename = new_file_name; + SetConfigFilename(new_file_name, false); } config_lineno = new_lineno; @@ -598,7 +594,7 @@ fclose(fp); } - cfg_filename = orig_cfg_filename; + SetConfigFilename(orig_cfg_filename, false); config_lineno = orig_config_lineno; xfree(tmp_line); @@ -1907,8 +1903,10 @@ fs = find_fstype(type_str); - if (fs < 0) - self_destruct(); + if (fs < 0) { + debugs(3, DBG_PARSE_NOTE(DBG_IMPORTANT), "ERROR: This proxy does not support the '" << type_str << "' cache type. Ignoring."); + return; + } /* reconfigure existing dir */ @@ -3687,17 +3685,16 @@ } else if (strncmp(token, "tcpkeepalive=", 13) == 0) { char *t = token + 13; s->tcp_keepalive.enabled = 1; - s->tcp_keepalive.idle = xatoui(t); + s->tcp_keepalive.idle = xatoui(t,','); t = strchr(t, ','); if (t) { ++t; - s->tcp_keepalive.interval = xatoui(t); + s->tcp_keepalive.interval = xatoui(t,','); t = strchr(t, ','); } if (t) { ++t; s->tcp_keepalive.timeout = xatoui(t); - // t = strchr(t, ','); // not really needed, left in as documentation } #if USE_SSL } else if (strcasecmp(token, "sslBump") == 0) { diff -u -r -N squid-3.3.4/src/cf.data.pre squid-3.3.5/src/cf.data.pre --- squid-3.3.4/src/cf.data.pre 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/src/cf.data.pre 2013-05-20 23:48:55.000000000 +1200 @@ -689,6 +689,13 @@ list separator. ; can be any non-alphanumeric character. + %ACL The name of the ACL being tested. + %DATA The ACL arguments. If not used then any arguments + is automatically added at the end of the line + sent to the helper. + NOTE: this will encode the arguments as one token, + whereas the default will pass each separately. + %% The percent sign. Useful for helpers which need an unchanging input format. @@ -3498,9 +3505,15 @@ HTTP related format codes: - [http::]>h Original request header. Optional header name argument - on the format header[:[separator]element] - [http::]>ha The HTTP request headers after adaptation and redirection. + [http::]>h Original received request header. + Usually differs from the request header sent by + Squid, although most fields are often preserved. + Accepts optional header field name/value filter + argument using name[:[separator]element] format. + [http::]>ha Received request header after adaptation and + redirection (pre-cache REQMOD vectoring point). + Usually differs from the request header sent by + Squid, although most fields are often preserved. Optional header name argument as for >h [http::]h diff -u -r -N squid-3.3.4/src/client_db.cc squid-3.3.5/src/client_db.cc --- squid-3.3.4/src/client_db.cc 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/src/client_db.cc 2013-05-20 23:48:55.000000000 +1200 @@ -79,8 +79,9 @@ clientdbAdd(const Ip::Address &addr) { ClientInfo *c; - char *buf = new char[MAX_IPSTRLEN]; + char *buf = static_cast(xmalloc(MAX_IPSTRLEN)); // becomes hash.key c = (ClientInfo *)memAllocate(MEM_CLIENT_INFO); + debugs(77, 9, "ClientInfo constructed, this=" << c); c->hash.key = addr.NtoA(buf,MAX_IPSTRLEN); c->addr = addr; #if USE_DELAY_POOLS @@ -362,6 +363,7 @@ } #endif + debugs(77, 9, "ClientInfo destructed, this=" << c); memFree(c, MEM_CLIENT_INFO); } diff -u -r -N squid-3.3.4/src/client_side.cc squid-3.3.5/src/client_side.cc --- squid-3.3.4/src/client_side.cc 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/src/client_side.cc 2013-05-20 23:48:55.000000000 +1200 @@ -618,13 +618,6 @@ aLogEntry->cache.requestSize += request->content_length; aLogEntry->cache.extuser = request->extacl_user.termedBuf(); -#if USE_AUTH - if (request->auth_user_request != NULL) { - if (request->auth_user_request->username()) - aLogEntry->cache.authuser = xstrdup(request->auth_user_request->username()); - } -#endif - // Adapted request, if any, inherits and then collects all the stats, but // the virgin request gets logged instead; copy the stats to log them. // TODO: avoid losses by keeping these stats in a shared history object? diff -u -r -N squid-3.3.4/src/DelayTagged.cc squid-3.3.5/src/DelayTagged.cc --- squid-3.3.4/src/DelayTagged.cc 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/src/DelayTagged.cc 2013-05-20 23:48:55.000000000 +1200 @@ -190,10 +190,10 @@ } void -DelayTaggedBucket::stats (StoreEntry *entry) const +DelayTaggedBucket::stats(StoreEntry *entry) const { - storeAppendPrintf(entry, " :" SQUIDSTRINGPH , SQUIDSTRINGPRINT(tag)); - theBucket.stats (entry); + storeAppendPrintf(entry, " " SQUIDSTRINGPH ":", SQUIDSTRINGPRINT(tag)); + theBucket.stats(entry); } DelayTagged::Id::Id(DelayTagged::Pointer aDelayTagged, String &aTag) : theTagged(aDelayTagged) diff -u -r -N squid-3.3.4/src/external_acl.cc squid-3.3.5/src/external_acl.cc --- squid-3.3.4/src/external_acl.cc 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/src/external_acl.cc 2013-05-20 23:48:55.000000000 +1200 @@ -194,6 +194,8 @@ #endif EXT_ACL_EXT_LOG, EXT_ACL_TAG, + EXT_ACL_ACLNAME, + EXT_ACL_ACLDATA, EXT_ACL_PERCENT, EXT_ACL_END } type; @@ -479,6 +481,10 @@ format->type = _external_acl_format::EXT_ACL_EXT_LOG; else if (strcmp(token, "%TAG") == 0) format->type = _external_acl_format::EXT_ACL_TAG; + else if (strcmp(token, "%ACL") == 0) + format->type = _external_acl_format::EXT_ACL_ACLNAME; + else if (strcmp(token, "%DATA") == 0) + format->type = _external_acl_format::EXT_ACL_ACLDATA; else if (strcmp(token, "%%") == 0) format->type = _external_acl_format::EXT_ACL_PERCENT; else { @@ -675,6 +681,7 @@ struct _external_acl_data { external_acl *def; + const char *name; wordlist *arguments; }; @@ -683,6 +690,7 @@ free_external_acl_data(void *data) { external_acl_data *p = static_cast(data); + safe_free(p->name); wordlistDestroy(&p->arguments); cbdataReferenceDone(p->def); } @@ -709,6 +717,10 @@ if (!data->def) self_destruct(); + // def->name is the name of the external_acl_type. + // this is the name of the 'acl' directive being tested + data->name = xstrdup(AclMatchedName); + while ((token = strtokFile())) { wordlistAdd(&data->arguments, token); } @@ -946,6 +958,7 @@ HttpRequest *request = ch->request; HttpReply *reply = ch->reply; mb.reset(); + bool data_used = false; for (format = acl_data->def->format; format; format = format->next) { const char *str = NULL; @@ -1136,6 +1149,29 @@ case _external_acl_format::EXT_ACL_TAG: str = request->tag.termedBuf(); break; + case _external_acl_format::EXT_ACL_ACLNAME: + str = acl_data->name; + break; + case _external_acl_format::EXT_ACL_ACLDATA: + data_used = true; + for (arg = acl_data->arguments; arg; arg = arg->next) { + if (!first) + sb.append(" ", 1); + + if (acl_data->def->quote == external_acl::QUOTE_METHOD_URL) { + const char *quoted = rfc1738_escape(arg->key); + sb.append(quoted, strlen(quoted)); + } else { + static MemBuf mb2; + mb2.init(); + strwordquote(&mb2, arg->key); + sb.append(mb2.buf, mb2.size); + mb2.clean(); + } + + first = 0; + } + break; case _external_acl_format::EXT_ACL_PERCENT: str = "%"; break; @@ -1168,18 +1204,20 @@ first = 0; } - for (arg = acl_data->arguments; arg; arg = arg->next) { - if (!first) - mb.append(" ", 1); + if (!data_used) { + for (arg = acl_data->arguments; arg; arg = arg->next) { + if (!first) + mb.append(" ", 1); + + if (acl_data->def->quote == external_acl::QUOTE_METHOD_URL) { + const char *quoted = rfc1738_escape(arg->key); + mb.append(quoted, strlen(quoted)); + } else { + strwordquote(&mb, arg->key); + } - if (acl_data->def->quote == external_acl::QUOTE_METHOD_URL) { - const char *quoted = rfc1738_escape(arg->key); - mb.append(quoted, strlen(quoted)); - } else { - strwordquote(&mb, arg->key); + first = 0; } - - first = 0; } return mb.buf; diff -u -r -N squid-3.3.4/src/format/Format.cc squid-3.3.5/src/format/Format.cc --- squid-3.3.4/src/format/Format.cc 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/src/format/Format.cc 2013-05-20 23:48:55.000000000 +1200 @@ -760,7 +760,10 @@ break; case LFT_USER_NAME: - out = strOrNull(al->cache.authuser); +#if USE_AUTH + if (al->request && al->request->auth_user_request != NULL) + out = strOrNull(al->request->auth_user_request->username()); +#endif if (!out) out = strOrNull(al->cache.extuser); #if USE_SSL @@ -772,7 +775,10 @@ break; case LFT_USER_LOGIN: - out = strOrNull(al->cache.authuser); +#if USE_AUTH + if (al->request && al->request->auth_user_request != NULL) + out = strOrNull(al->request->auth_user_request->username()); +#endif break; case LFT_USER_IDENT: diff -u -r -N squid-3.3.4/src/forward.cc squid-3.3.5/src/forward.cc --- squid-3.3.4/src/forward.cc 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/src/forward.cc 2013-05-20 23:48:55.000000000 +1200 @@ -545,10 +545,7 @@ if (!entry->isEmpty()) return false; - if (n_tries > 10) - return false; - - if (origin_tries > 2) + if (n_tries > Config.forward_max_tries) return false; if (squid_curtime - start_t > Config.Timeout.forward) @@ -1023,9 +1020,6 @@ debugs(17, 3, HERE << "reusing pconn " << serverConnection()); ++n_tries; - if (!serverConnection()->getPeer()) - ++origin_tries; - comm_add_close_handler(serverConnection()->fd, fwdServerClosedWrapper, this); /* Update server side TOS and Netfilter mark on the connection. */ @@ -1225,9 +1219,6 @@ if (n_tries > Config.forward_max_tries) return 0; - if (origin_tries > 1) - return 0; - if (request->bodyNibbled()) return 0; diff -u -r -N squid-3.3.4/src/forward.h squid-3.3.5/src/forward.h --- squid-3.3.4/src/forward.h 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/src/forward.h 2013-05-20 23:48:55.000000000 +1200 @@ -99,7 +99,6 @@ Comm::ConnectionPointer clientConn; ///< a possibly open connection to the client. time_t start_t; int n_tries; - int origin_tries; // AsyncCalls which we set and may need cancelling. struct { diff -u -r -N squid-3.3.4/src/fs/ufs/RebuildState.cc squid-3.3.5/src/fs/ufs/RebuildState.cc --- squid-3.3.4/src/fs/ufs/RebuildState.cc 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/src/fs/ufs/RebuildState.cc 2013-05-20 23:48:55.000000000 +1200 @@ -420,9 +420,14 @@ added->releaseRequest(); if (added->swap_filen > -1) { - UFSSwapDir *sde = dynamic_cast(INDEXSD(added->swap_dirn)); - assert(sde); - sde->undoAddDiskRestore(added); + SwapDir *someDir = INDEXSD(added->swap_dirn); + assert(someDir); + if (UFSSwapDir *ufsDir = dynamic_cast(someDir)) + ufsDir->undoAddDiskRestore(added); + // else the entry was loaded from and/or is currently in a non-UFS dir + // Thus, there is no use in preserving its disk file (the only purpose + // of undoAddDiskRestore!), even if we could. Instead, we release the + // the entry and [eventually] unlink its disk file or free its slot. } added->release(); diff -u -r -N squid-3.3.4/src/helper.cc squid-3.3.5/src/helper.cc --- squid-3.3.4/src/helper.cc 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/src/helper.cc 2013-05-20 23:48:55.000000000 +1200 @@ -36,6 +36,7 @@ #include "comm/Connection.h" #include "comm/Write.h" #include "fd.h" +#include "fde.h" #include "format/Quoting.h" #include "helper.h" #include "Mem.h" @@ -765,7 +766,7 @@ safe_free(srv->requests); cbdataReferenceDone(srv->parent); - cbdataFree(srv); + delete srv; } static void @@ -831,7 +832,7 @@ cbdataReferenceDone(srv->parent); - cbdataFree(srv); + delete srv; } /// Calls back with a pointer to the buffer with the helper output @@ -940,7 +941,7 @@ helperReturnBuffer(i, srv, hlp, msg, t); } - if (Comm::IsConnOpen(srv->readPipe)) { + if (Comm::IsConnOpen(srv->readPipe) && !fd_table[srv->readPipe->fd].closing()) { int spaceSize = srv->rbuf_sz - srv->roffset - 1; assert(spaceSize >= 0); @@ -1044,7 +1045,7 @@ helperStatefulReleaseServer(srv); } - if (Comm::IsConnOpen(srv->readPipe)) { + if (Comm::IsConnOpen(srv->readPipe) && !fd_table[srv->readPipe->fd].closing()) { int spaceSize = srv->rbuf_sz - srv->roffset - 1; assert(spaceSize >= 0); diff -u -r -N squid-3.3.4/src/HttpHeader.cc squid-3.3.5/src/HttpHeader.cc --- squid-3.3.4/src/HttpHeader.cc 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/src/HttpHeader.cc 2013-05-20 23:48:55.000000000 +1200 @@ -438,37 +438,37 @@ PROF_start(HttpHeaderClean); - /* - * An unfortunate bug. The entries array is initialized - * such that count is set to zero. httpHeaderClean() seems to - * be called both when 'hdr' is created, and destroyed. Thus, - * we accumulate a large number of zero counts for 'hdr' before - * it is ever used. Can't think of a good way to fix it, except - * adding a state variable that indicates whether or not 'hdr' - * has been used. As a hack, just never count zero-sized header - * arrays. - */ - if (owner <= hoReply) { + /* + * An unfortunate bug. The entries array is initialized + * such that count is set to zero. httpHeaderClean() seems to + * be called both when 'hdr' is created, and destroyed. Thus, + * we accumulate a large number of zero counts for 'hdr' before + * it is ever used. Can't think of a good way to fix it, except + * adding a state variable that indicates whether or not 'hdr' + * has been used. As a hack, just never count zero-sized header + * arrays. + */ if (0 != entries.count) HttpHeaderStats[owner].hdrUCountDistr.count(entries.count); ++ HttpHeaderStats[owner].destroyedCount; HttpHeaderStats[owner].busyDestroyedCount += entries.count > 0; + } // if (owner <= hoReply) - while ((e = getEntry(&pos))) { - /* tmp hack to try to avoid coredumps */ + while ((e = getEntry(&pos))) { + /* tmp hack to try to avoid coredumps */ - if (e->id < 0 || e->id >= HDR_ENUM_END) { - debugs(55, DBG_CRITICAL, "HttpHeader::clean BUG: entry[" << pos << "] is invalid (" << e->id << "). Ignored."); - } else { + if (e->id < 0 || e->id >= HDR_ENUM_END) { + debugs(55, DBG_CRITICAL, "HttpHeader::clean BUG: entry[" << pos << "] is invalid (" << e->id << "). Ignored."); + } else { + if (owner <= hoReply) HttpHeaderStats[owner].fieldTypeDistr.count(e->id); - /* yes, this deletion leaves us in an inconsistent state */ - delete e; - } + /* yes, this deletion leaves us in an inconsistent state */ + delete e; } - } // if (owner <= hoReply) + } entries.clean(); httpHeaderMaskInit(&mask, 0); len = 0; @@ -1738,6 +1738,7 @@ storeAppendPrintf(e, "%2s\t %-5s\t %5s\t %6s\n", "id", "#flds", "count", "%total"); hs->hdrUCountDistr.dump(e, httpHeaderFldsPerHdrDumper); + storeAppendPrintf(e, "\n"); dump_stat = NULL; } @@ -1759,7 +1760,6 @@ for (i = 1; i < HttpHeaderStatCount; ++i) { httpHeaderStatDump(HttpHeaderStats + i, e); - storeAppendPrintf(e, "%s\n", "
"); } /* field stats for all messages */ diff -u -r -N squid-3.3.4/src/HttpHeaderTools.h squid-3.3.5/src/HttpHeaderTools.h --- squid-3.3.4/src/HttpHeaderTools.h 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/src/HttpHeaderTools.h 2013-05-20 23:48:55.000000000 +1200 @@ -5,6 +5,9 @@ #include "HttpHeader.h" #include "typedefs.h" +#if HAVE_FUNCTIONAL +#include +#endif #if HAVE_LIST #include #endif @@ -14,6 +17,9 @@ #if HAVE_STRING #include #endif +#if HAVE_STRINGS_H +#include +#endif class acl_access; class ACLList; @@ -56,8 +62,18 @@ void dumpReplacement(StoreEntry *entry, const char *optionName) const; private: + /// Case-insensitive std::string "less than" comparison functor. + /// Fast version recommended by Meyers' "Effective STL" for ASCII c-strings. + class NoCaseLessThan: public std::binary_function + { + public: + bool operator()(const std::string &lhs, const std::string &rhs) const { + return strcasecmp(lhs.c_str(), rhs.c_str()) < 0; + } + }; + /// a name:mangler map; optimize: use unordered map or some such - typedef std::map ManglersByName; + typedef std::map ManglersByName; /// one mangler for each known header headerMangler known[HDR_ENUM_END]; diff -u -r -N squid-3.3.4/src/log/FormatHttpdCombined.cc squid-3.3.5/src/log/FormatHttpdCombined.cc --- squid-3.3.4/src/log/FormatHttpdCombined.cc 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/src/log/FormatHttpdCombined.cc 2013-05-20 23:48:55.000000000 +1200 @@ -45,13 +45,15 @@ Log::Format::HttpdCombined(const AccessLogEntry::Pointer &al, Logfile * logfile) { const char *user_ident = ::Format::QuoteUrlEncodeUsername(al->cache.rfc931); - - const char *user_auth = ::Format::QuoteUrlEncodeUsername(al->cache.authuser); - + const char *user_auth = NULL; const char *referer = NULL; const char *agent = NULL; if (al->request) { +#if USE_AUTH + if (al->request->auth_user_request != NULL) + user_auth = ::Format::QuoteUrlEncodeUsername(al->request->auth_user_request->username()); +#endif referer = al->request->header.getStr(HDR_REFERER); agent = al->request->header.getStr(HDR_USER_AGENT); } diff -u -r -N squid-3.3.4/src/log/FormatHttpdCommon.cc squid-3.3.5/src/log/FormatHttpdCommon.cc --- squid-3.3.4/src/log/FormatHttpdCommon.cc 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/src/log/FormatHttpdCommon.cc 2013-05-20 23:48:55.000000000 +1200 @@ -35,6 +35,7 @@ #include "format/Quoting.h" #include "format/Token.h" #include "globals.h" +#include "HttpRequest.h" #include "log/File.h" #include "log/Formats.h" #include "SquidConfig.h" @@ -43,7 +44,11 @@ void Log::Format::HttpdCommon(const AccessLogEntry::Pointer &al, Logfile * logfile) { - const char *user_auth = ::Format::QuoteUrlEncodeUsername(al->cache.authuser); + const char *user_auth = NULL; +#if USE_AUTH + if (al->request && al->request->auth_user_request != NULL) + user_auth = ::Format::QuoteUrlEncodeUsername(al->request->auth_user_request->username()); +#endif const char *user_ident = ::Format::QuoteUrlEncodeUsername(al->cache.rfc931); char clientip[MAX_IPSTRLEN]; diff -u -r -N squid-3.3.4/src/log/FormatSquidIcap.cc squid-3.3.5/src/log/FormatSquidIcap.cc --- squid-3.3.4/src/log/FormatSquidIcap.cc 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/src/log/FormatSquidIcap.cc 2013-05-20 23:48:55.000000000 +1200 @@ -59,7 +59,10 @@ client = al->cache.caddr.NtoA(clientbuf, MAX_IPSTRLEN); } - user = ::Format::QuoteUrlEncodeUsername(al->cache.authuser); +#if USE_AUTH + if (al->request != NULL && al->request->auth_user_request != NULL) + user = ::Format::QuoteUrlEncodeUsername(al->request->auth_user_request->username()); +#endif if (!user) user = ::Format::QuoteUrlEncodeUsername(al->cache.extuser); diff -u -r -N squid-3.3.4/src/log/FormatSquidNative.cc squid-3.3.5/src/log/FormatSquidNative.cc --- squid-3.3.4/src/log/FormatSquidNative.cc 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/src/log/FormatSquidNative.cc 2013-05-20 23:48:55.000000000 +1200 @@ -35,6 +35,7 @@ #include "format/Quoting.h" #include "format/Token.h" #include "globals.h" +#include "HttpRequest.h" #include "log/File.h" #include "log/Formats.h" #include "SquidConfig.h" @@ -45,7 +46,12 @@ { char hierHost[MAX_IPSTRLEN]; - const char *user = ::Format::QuoteUrlEncodeUsername(al->cache.authuser); + const char *user = NULL; + +#if USE_AUTH + if (al->request && al->request->auth_user_request != NULL) + user = ::Format::QuoteUrlEncodeUsername(al->request->auth_user_request->username()); +#endif if (!user) user = ::Format::QuoteUrlEncodeUsername(al->cache.extuser); diff -u -r -N squid-3.3.4/src/Makefile.am squid-3.3.5/src/Makefile.am --- squid-3.3.4/src/Makefile.am 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/src/Makefile.am 2013-05-20 23:48:55.000000000 +1200 @@ -974,7 +974,7 @@ cache_cf.o: cf_parser.cci # cf_gen builds the configuration files. -cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES) +cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES) cf_gen_defines.cci $(HOSTCXX) -o $@ $(srcdir)/cf_gen.cc -I$(srcdir) -I$(top_builddir)/include/ -I$(top_builddir)/src # squid.conf.default is built by cf_gen when making cf_parser.cci @@ -984,7 +984,9 @@ cf_parser.cci: cf.data cf_gen$(EXEEXT) ./cf_gen$(EXEEXT) cf.data $(srcdir)/cf.data.depend -cf_gen_defines.cci: $(srcdir)/cf_gen_defines $(srcdir)/cf.data.pre +# The cf_gen_defines.cci is auto-generated and does not exist when the +# dependencies computed. We need to add its include files (autoconf.h) here +cf_gen_defines.cci: $(srcdir)/cf_gen_defines $(srcdir)/cf.data.pre $(top_builddir)/include/autoconf.h $(AWK) -f $(srcdir)/cf_gen_defines <$(srcdir)/cf.data.pre >$@ || ($(RM) -f $@ && exit 1) diff -u -r -N squid-3.3.4/src/Makefile.in squid-3.3.5/src/Makefile.in --- squid-3.3.4/src/Makefile.in 2013-04-27 15:35:25.000000000 +1200 +++ squid-3.3.5/src/Makefile.in 2013-05-20 23:50:04.000000000 +1200 @@ -7294,7 +7294,7 @@ cache_cf.o: cf_parser.cci # cf_gen builds the configuration files. -cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES) +cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES) cf_gen_defines.cci $(HOSTCXX) -o $@ $(srcdir)/cf_gen.cc -I$(srcdir) -I$(top_builddir)/include/ -I$(top_builddir)/src # squid.conf.default is built by cf_gen when making cf_parser.cci @@ -7304,7 +7304,9 @@ cf_parser.cci: cf.data cf_gen$(EXEEXT) ./cf_gen$(EXEEXT) cf.data $(srcdir)/cf.data.depend -cf_gen_defines.cci: $(srcdir)/cf_gen_defines $(srcdir)/cf.data.pre +# The cf_gen_defines.cci is auto-generated and does not exist when the +# dependencies computed. We need to add its include files (autoconf.h) here +cf_gen_defines.cci: $(srcdir)/cf_gen_defines $(srcdir)/cf.data.pre $(top_builddir)/include/autoconf.h $(AWK) -f $(srcdir)/cf_gen_defines <$(srcdir)/cf.data.pre >$@ || ($(RM) -f $@ && exit 1) cf.data: cf.data.pre Makefile diff -u -r -N squid-3.3.4/src/Parsing.cc squid-3.3.5/src/Parsing.cc --- squid-3.3.4/src/Parsing.cc 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/src/Parsing.cc 2013-05-20 23:48:55.000000000 +1200 @@ -75,9 +75,9 @@ } unsigned int -xatoui(const char *token) +xatoui(const char *token, char eov) { - int64_t input = xatoll(token, 10); + int64_t input = xatoll(token, 10, eov); if (input < 0) { debugs(0, DBG_PARSE_NOTE(DBG_IMPORTANT), "ERROR: The input value '" << token << "' cannot be less than 0."); self_destruct(); @@ -107,7 +107,7 @@ } int64_t -xatoll(const char *token, int base) +xatoll(const char *token, int base, char eov) { char *end = NULL; int64_t ret = strtoll(token, &end, base); @@ -117,7 +117,7 @@ self_destruct(); } - if (*end) { + if (*end != eov) { debugs(0, DBG_PARSE_NOTE(DBG_IMPORTANT), "ERROR: Invalid value: '" << token << "' is supposed to be a number."); self_destruct(); } diff -u -r -N squid-3.3.4/src/Parsing.h squid-3.3.5/src/Parsing.h --- squid-3.3.4/src/Parsing.h 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/src/Parsing.h 2013-05-20 23:48:55.000000000 +1200 @@ -38,9 +38,9 @@ double xatof(const char *token); int xatoi(const char *token); -unsigned int xatoui(const char *token); +unsigned int xatoui(const char *token, char eov = '\0'); long xatol(const char *token); -int64_t xatoll(const char *token, int base); +int64_t xatoll(const char *token, int base, char eov = '\0'); unsigned short xatos(const char *token); /** diff -u -r -N squid-3.3.4/src/ssl/certificate_db.cc squid-3.3.5/src/ssl/certificate_db.cc --- squid-3.3.4/src/ssl/certificate_db.cc 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/src/ssl/certificate_db.cc 2013-05-20 23:48:55.000000000 +1200 @@ -165,7 +165,7 @@ if (!db) return; -#if OPENSSL_VERSION_NUMBER >= 0x1000004fL +#if SQUID_SSLTXTDB_PSTRINGDATA for (int i = 0; i < sk_OPENSSL_PSTRING_num(db->data); ++i) { const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db->data, i)); #else @@ -183,7 +183,7 @@ void Ssl::CertificateDb::sq_TXT_DB_delete_row(TXT_DB *db, int idx) { char **rrow; -#if OPENSSL_VERSION_NUMBER >= 0x1000004fL +#if SQUID_SSLTXTDB_PSTRINGDATA rrow = (char **)sk_OPENSSL_PSTRING_delete(db->data, idx); #else rrow = (char **)sk_delete(db->data, idx); @@ -197,7 +197,7 @@ const Columns db_indexes[]={cnlSerial, cnlName}; for (unsigned int i = 0; i < countof(db_indexes); ++i) { void *data = NULL; -#if OPENSSL_VERSION_NUMBER >= 0x1000004fL +#if SQUID_SSLTXTDB_PSTRINGDATA if (LHASH_OF(OPENSSL_STRING) *fieldIndex = db->index[db_indexes[i]]) data = lh_OPENSSL_STRING_delete(fieldIndex, rrow); #else @@ -471,19 +471,11 @@ corrupt = true; // Create indexes in db. -#if OPENSSL_VERSION_NUMBER >= 0x1000004fL - if (!corrupt && !TXT_DB_create_index(temp_db.get(), cnlSerial, NULL, LHASH_HASH_FN(index_serial), LHASH_COMP_FN(index_serial))) - corrupt = true; - - if (!corrupt && !TXT_DB_create_index(temp_db.get(), cnlName, NULL, LHASH_HASH_FN(index_name), LHASH_COMP_FN(index_name))) - corrupt = true; -#else if (!corrupt && !TXT_DB_create_index(temp_db.get(), cnlSerial, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp))) corrupt = true; if (!corrupt && !TXT_DB_create_index(temp_db.get(), cnlName, NULL, LHASH_HASH_FN(index_name_hash), LHASH_COMP_FN(index_name_cmp))) corrupt = true; -#endif if (corrupt) throw std::runtime_error("The SSL certificate database " + db_path + " is corrupted. Please rebuild"); @@ -523,7 +515,7 @@ return false; bool removed_one = false; -#if OPENSSL_VERSION_NUMBER >= 0x1000004fL +#if SQUID_SSLTXTDB_PSTRINGDATA for (int i = 0; i < sk_OPENSSL_PSTRING_num(db.get()->data); ++i) { const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db.get()->data, i)); #else @@ -548,14 +540,14 @@ if (!db) return false; -#if OPENSSL_VERSION_NUMBER >= 0x1000004fL +#if SQUID_SSLTXTDB_PSTRINGDATA if (sk_OPENSSL_PSTRING_num(db.get()->data) == 0) #else if (sk_num(db.get()->data) == 0) #endif return false; -#if OPENSSL_VERSION_NUMBER >= 0x1000004fL +#if SQUID_SSLTXTDB_PSTRINGDATA const char **row = (const char **)sk_OPENSSL_PSTRING_value(db.get()->data, 0); #else const char **row = (const char **)sk_value(db.get()->data, 0); @@ -571,7 +563,7 @@ if (!db) return false; -#if OPENSSL_VERSION_NUMBER >= 0x1000004fL +#if SQUID_SSLTXTDB_PSTRINGDATA for (int i = 0; i < sk_OPENSSL_PSTRING_num(db.get()->data); ++i) { const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db.get()->data, i)); #else diff -u -r -N squid-3.3.4/src/ssl/certificate_db.h squid-3.3.5/src/ssl/certificate_db.h --- squid-3.3.4/src/ssl/certificate_db.h 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/src/ssl/certificate_db.h 2013-05-20 23:48:55.000000000 +1200 @@ -136,17 +136,17 @@ /// Definitions required by openSSL, to use the index_* functions defined above ///with TXT_DB_create_index. -#if OPENSSL_VERSION_NUMBER > 0x10000000L - static unsigned long index_serial_LHASH_HASH(const void *a) { +#if SQUID_USE_SSLLHASH_HACK + static unsigned long index_serial_hash_LHASH_HASH(const void *a) { return index_serial_hash((const char **)a); } - static int index_serial_LHASH_COMP(const void *arg1, const void *arg2) { + static int index_serial_cmp_LHASH_COMP(const void *arg1, const void *arg2) { return index_serial_cmp((const char **)arg1, (const char **)arg2); } - static unsigned long index_name_LHASH_HASH(const void *a) { + static unsigned long index_name_hash_LHASH_HASH(const void *a) { return index_name_hash((const char **)a); } - static int index_name_LHASH_COMP(const void *arg1, const void *arg2) { + static int index_name_cmp_LHASH_COMP(const void *arg1, const void *arg2) { return index_name_cmp((const char **)arg1, (const char **)arg2); } #else diff -u -r -N squid-3.3.4/src/ssl/support.cc squid-3.3.5/src/ssl/support.cc --- squid-3.3.4/src/ssl/support.cc 2013-04-27 15:34:48.000000000 +1200 +++ squid-3.3.5/src/ssl/support.cc 2013-05-20 23:48:55.000000000 +1200 @@ -1413,9 +1413,12 @@ { // SSL_get_certificate is buggy in openssl versions 1.0.1d and 1.0.1e // Try to retrieve certificate directly from SSL_CTX object -#if OPENSSL_VERSION_NUMBER == 0x1000105fL || OPENSSL_VERSION_NUMBER == 0x1000104fL +#if SQUID_USE_SSLGETCERTIFICATE_HACK X509 ***pCert = (X509 ***)sslContext->cert; X509 * cert = pCert && *pCert ? **pCert : NULL; +#elif SQUID_SSLGETCERTIFICATE_BUGGY + X509 * cert = NULL; + assert(0); #else // Temporary ssl for getting X509 certificate from SSL_CTX. Ssl::SSL_Pointer ssl(SSL_new(sslContext));