diff -u -r -N squid-3.3.5/ChangeLog squid-3.3.6/ChangeLog
--- squid-3.3.5/ChangeLog 2013-05-20 23:48:55.000000000 +1200
+++ squid-3.3.6/ChangeLog 2013-07-01 16:02:11.000000000 +1200
@@ -1,4 +1,18 @@
+Changes to squid-3.3.6 (01 Jul 2013):
+
+ - Bug 3854: pt1: compile errors on AIX
+ - Bug 3802: Fix wrong check inside Format::Format::assemble
+ - Bug 3762: remove bogus WARNING in cache.log
+ - Bug 3717: assertion failed with dstdom_regex with IP based URL
+ - Bug 1991: kqueue causes SSL to hang
+ - Ask for SSL key password when started with -N but without sslpassword_program
+ - Make sure %.
#
@@ -575,8 +575,8 @@
# Identity of this package.
PACKAGE_NAME='Squid Web Proxy'
PACKAGE_TARNAME='squid'
-PACKAGE_VERSION='3.3.5'
-PACKAGE_STRING='Squid Web Proxy 3.3.5'
+PACKAGE_VERSION='3.3.6'
+PACKAGE_STRING='Squid Web Proxy 3.3.6'
PACKAGE_BUGREPORT='http://bugs.squid-cache.org/'
PACKAGE_URL=''
@@ -1570,7 +1570,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures Squid Web Proxy 3.3.5 to adapt to many kinds of systems.
+\`configure' configures Squid Web Proxy 3.3.6 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1640,7 +1640,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of Squid Web Proxy 3.3.5:";;
+ short | recursive ) echo "Configuration of Squid Web Proxy 3.3.6:";;
esac
cat <<\_ACEOF
@@ -2014,7 +2014,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-Squid Web Proxy configure 3.3.5
+Squid Web Proxy configure 3.3.6
generated by GNU Autoconf 2.68
Copyright (C) 2010 Free Software Foundation, Inc.
@@ -3110,7 +3110,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by Squid Web Proxy $as_me 3.3.5, which was
+It was created by Squid Web Proxy $as_me 3.3.6, which was
generated by GNU Autoconf 2.68. Invocation command line was
$ $0 $@
@@ -3929,7 +3929,7 @@
# Define the identity of the package.
PACKAGE='squid'
- VERSION='3.3.5'
+ VERSION='3.3.6'
cat >>confdefs.h <<_ACEOF
@@ -31680,7 +31680,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by Squid Web Proxy $as_me 3.3.5, which was
+This file was extended by Squid Web Proxy $as_me 3.3.6, which was
generated by GNU Autoconf 2.68. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -31746,7 +31746,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-Squid Web Proxy config.status 3.3.5
+Squid Web Proxy config.status 3.3.6
configured by $0, generated by GNU Autoconf 2.68,
with options \\"\$ac_cs_config\\"
diff -u -r -N squid-3.3.5/configure.ac squid-3.3.6/configure.ac
--- squid-3.3.5/configure.ac 2013-05-20 23:50:55.000000000 +1200
+++ squid-3.3.6/configure.ac 2013-07-01 16:03:25.000000000 +1200
@@ -1,4 +1,4 @@
-AC_INIT([Squid Web Proxy],[3.3.5],[http://bugs.squid-cache.org/],[squid])
+AC_INIT([Squid Web Proxy],[3.3.6],[http://bugs.squid-cache.org/],[squid])
AC_PREREQ(2.61)
AC_CONFIG_HEADERS([include/autoconf.h])
AC_CONFIG_AUX_DIR(cfgaux)
diff -u -r -N squid-3.3.5/helpers/basic_auth/DB/basic_db_auth.8 squid-3.3.6/helpers/basic_auth/DB/basic_db_auth.8
--- squid-3.3.5/helpers/basic_auth/DB/basic_db_auth.8 2013-05-21 00:24:20.000000000 +1200
+++ squid-3.3.6/helpers/basic_auth/DB/basic_db_auth.8 2013-07-01 16:28:41.000000000 +1200
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "BASIC_DB_AUTH 1"
-.TH BASIC_DB_AUTH 1 "2013-05-20" "perl v5.10.1" "User Contributed Perl Documentation"
+.TH BASIC_DB_AUTH 1 "2013-06-30" "perl v5.10.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-3.3.5/helpers/basic_auth/NCSA/basic_ncsa_auth.cc squid-3.3.6/helpers/basic_auth/NCSA/basic_ncsa_auth.cc
--- squid-3.3.5/helpers/basic_auth/NCSA/basic_ncsa_auth.cc 2013-05-20 23:48:55.000000000 +1200
+++ squid-3.3.6/helpers/basic_auth/NCSA/basic_ncsa_auth.cc 2013-07-01 16:02:11.000000000 +1200
@@ -149,8 +149,8 @@
continue;
}
char *crypted = NULL;
- size_t passwordLength = strlen(passwd);
#if HAVE_CRYPT
+ size_t passwordLength = strlen(passwd);
// Bug 3831: given algorithms more secure than DES crypt() does not truncate, so we can ignore the bug 3107 length checks below
// '$1$' = MD5, '$2a$' = Blowfish, '$5$' = SHA256 (Linux), '$6$' = SHA256 (BSD) and SHA512
if (passwordLength > 1 && u->passwd[0] == '$' &&
diff -u -r -N squid-3.3.5/helpers/external_acl/SQL_session/ext_sql_session_acl.8 squid-3.3.6/helpers/external_acl/SQL_session/ext_sql_session_acl.8
--- squid-3.3.5/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2013-05-21 00:24:25.000000000 +1200
+++ squid-3.3.6/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2013-07-01 16:28:43.000000000 +1200
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "EXT_SQL_SESSION_ACL 1"
-.TH EXT_SQL_SESSION_ACL 1 "2013-05-20" "perl v5.10.1" "User Contributed Perl Documentation"
+.TH EXT_SQL_SESSION_ACL 1 "2013-06-30" "perl v5.10.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-3.3.5/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 squid-3.3.6/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8
--- squid-3.3.5/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2013-05-21 00:24:26.000000000 +1200
+++ squid-3.3.6/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2013-07-01 16:28:43.000000000 +1200
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "EXT_WBINFO_GROUP_ACL.PL.IN 1"
-.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-05-20" "perl v5.10.1" "User Contributed Perl Documentation"
+.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-06-30" "perl v5.10.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-3.3.5/helpers/log_daemon/DB/log_db_daemon.8 squid-3.3.6/helpers/log_daemon/DB/log_db_daemon.8
--- squid-3.3.5/helpers/log_daemon/DB/log_db_daemon.8 2013-05-21 00:24:26.000000000 +1200
+++ squid-3.3.6/helpers/log_daemon/DB/log_db_daemon.8 2013-07-01 16:28:43.000000000 +1200
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "LOG_DB_DAEMON 1"
-.TH LOG_DB_DAEMON 1 "2013-05-20" "perl v5.10.1" "User Contributed Perl Documentation"
+.TH LOG_DB_DAEMON 1 "2013-06-30" "perl v5.10.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-3.3.5/include/version.h squid-3.3.6/include/version.h
--- squid-3.3.5/include/version.h 2013-05-20 23:50:56.000000000 +1200
+++ squid-3.3.6/include/version.h 2013-07-01 16:03:25.000000000 +1200
@@ -7,7 +7,7 @@
*/
#ifndef SQUID_RELEASE_TIME
-#define SQUID_RELEASE_TIME 1369050531
+#define SQUID_RELEASE_TIME 1372651329
#endif
#ifndef APP_SHORTNAME
diff -u -r -N squid-3.3.5/RELEASENOTES.html squid-3.3.6/RELEASENOTES.html
--- squid-3.3.5/RELEASENOTES.html 2013-05-21 00:24:44.000000000 +1200
+++ squid-3.3.6/RELEASENOTES.html 2013-07-01 16:28:50.000000000 +1200
@@ -2,10 +2,10 @@
- Squid 3.3.5 release notes
+ Squid 3.3.6 release notes
-Squid 3.3.5 release notes
+Squid 3.3.6 release notes
Squid Developers
@@ -56,7 +56,7 @@
-The Squid Team are pleased to announce the release of Squid-3.3.5.
+The Squid Team are pleased to announce the release of Squid-3.3.6.
This new release is available for download from
http://www.squid-cache.org/Versions/v3/3.3/ or the
mirrors.
diff -u -r -N squid-3.3.5/snmplib/parse.c squid-3.3.6/snmplib/parse.c
--- squid-3.3.5/snmplib/parse.c 2013-05-20 23:48:55.000000000 +1200
+++ squid-3.3.6/snmplib/parse.c 2013-07-01 16:02:11.000000000 +1200
@@ -691,7 +691,9 @@
if (count == (length - 2)) {
if (op->label) {
strncpy(np->parent, op->label, sizeof(np->parent));
+ np->parent[sizeof(np->parent-1)] = '\0';
strncpy(np->label, name, sizeof(np->label));
+ np->label[sizeof(np->label-1)] = '\0';
if (nop->subid != -1)
np->subid = nop->subid;
else
diff -u -r -N squid-3.3.5/src/acl/Acl.cc squid-3.3.6/src/acl/Acl.cc
--- squid-3.3.5/src/acl/Acl.cc 2013-05-20 23:48:55.000000000 +1200
+++ squid-3.3.6/src/acl/Acl.cc 2013-07-01 16:02:11.000000000 +1200
@@ -335,13 +335,24 @@
AclMatchedName = _acl->name;
debugs(28, 3, "ACLList::matches: checking " << (op ? null_string : "!") << _acl->name);
- if (_acl->checklistMatches(checklist) != op) {
- debugs(28, 4, "ACLList::matches: result is false");
- return false;
+ bool result = false;
+ if (_acl->checklistMatches(checklist) == 1) {
+ debugs(28, 5, _acl->name << " matched" << (op ? "." : ", negating."));
+ result = (op != 0);
+ } else if (checklist->finished()) {
+ debugs(28, 5, _acl->name << " failed.");
+ result = false;
+ } else if (checklist->asyncNeeded()) {
+ debugs(28, 5, _acl->name << " needs async lookup");
+ result = false;
+ } else {
+ debugs(28, 5, _acl->name << " mismatched" << (op ? "." : ", negating."));
+ result = (op == 0);
}
- debugs(28, 4, "ACLList::matches: result is true");
- return true;
+ debugs(28, 4, (op ? null_string : "!") << _acl->name << " result is " <<
+ (result ? "true" : "false"));
+ return result;
}
/*********************/
diff -u -r -N squid-3.3.5/src/adaptation/icap/ModXact.cc squid-3.3.6/src/adaptation/icap/ModXact.cc
--- squid-3.3.5/src/adaptation/icap/ModXact.cc 2013-05-20 23:48:55.000000000 +1200
+++ squid-3.3.6/src/adaptation/icap/ModXact.cc 2013-07-01 16:02:11.000000000 +1200
@@ -1254,9 +1254,11 @@
void Adaptation::Icap::ModXact::finalizeLogInfo()
{
HttpRequest * request_ = NULL;
+ HttpRequest * adapted_request_ = NULL;
HttpReply * reply_ = NULL;
- if (!(request_ = dynamic_cast(adapted.header))) {
- request_ = (virgin.cause? virgin.cause: dynamic_cast(virgin.header));
+ request_ = (virgin.cause? virgin.cause: dynamic_cast(virgin.header));
+ if (!(adapted_request_ = dynamic_cast(adapted.header))) {
+ adapted_request_ = request_;
reply_ = dynamic_cast(adapted.header);
}
@@ -1270,6 +1272,8 @@
al.cache.caddr = request_->client_addr;
al.request = HTTPMSGLOCK(request_);
+ al.adapted_request = HTTPMSGLOCK(adapted_request_);
+
if (reply_)
al.reply = HTTPMSGLOCK(reply_);
else
@@ -1313,7 +1317,7 @@
packerClean(&p);
mb.clean();
}
- prepareLogWithRequestDetails(request_, alep);
+ prepareLogWithRequestDetails(adapted_request_, alep);
Xaction::finalizeLogInfo();
}
diff -u -r -N squid-3.3.5/src/adaptation/icap/Xaction.cc squid-3.3.6/src/adaptation/icap/Xaction.cc
--- squid-3.3.5/src/adaptation/icap/Xaction.cc 2013-05-20 23:48:55.000000000 +1200
+++ squid-3.3.6/src/adaptation/icap/Xaction.cc 2013-07-01 16:02:11.000000000 +1200
@@ -549,7 +549,11 @@
void Adaptation::Icap::Xaction::maybeLog()
{
if (IcapLogfileStatus == LOG_ENABLE) {
- ACLChecklist *checklist = new ACLFilledChecklist(::Config.accessList.icap, al.request, dash_str);
+ ACLFilledChecklist *checklist = new ACLFilledChecklist(::Config.accessList.icap, al.request, dash_str);
+ if (al.reply) {
+ checklist->reply = al.reply;
+ HTTPMSGLOCK(checklist->reply);
+ }
if (!::Config.accessList.icap || checklist->fastCheck() == ACCESS_ALLOWED) {
finalizeLogInfo();
icapLogLog(alep, checklist);
diff -u -r -N squid-3.3.5/src/cache_cf.cc squid-3.3.6/src/cache_cf.cc
--- squid-3.3.5/src/cache_cf.cc 2013-05-20 23:48:55.000000000 +1200
+++ squid-3.3.6/src/cache_cf.cc 2013-07-01 16:02:11.000000000 +1200
@@ -674,12 +674,6 @@
Config.Store.maxObjectSize = 0x7FFF0000;
}
#endif
- if (0 == Store::Root().maxSize())
- /* people might want a zero-sized cache on purpose */
- (void) 0;
- else if (Store::Root().maxSize() < Config.memMaxSize)
- /* This is bogus. folk with NULL caches will want this */
- debugs(3, DBG_CRITICAL, "WARNING cache_mem is larger than total disk cache space!");
if (Config.Announce.period > 0) {
Config.onoff.announce = 1;
diff -u -r -N squid-3.3.5/src/cf.data.pre squid-3.3.6/src/cf.data.pre
--- squid-3.3.5/src/cf.data.pre 2013-05-20 23:48:55.000000000 +1200
+++ squid-3.3.6/src/cf.data.pre 2013-07-01 16:02:11.000000000 +1200
@@ -7329,6 +7329,8 @@
can even specify multiple identical services as long as their
service_names differ.
+ To activate a service, use the adaptation_access directive. To group
+ services, use adaptation_service_chain and adaptation_service_set.
Service options are separated by white space. ICAP services support
the following name=value options:
@@ -7460,6 +7462,8 @@
eCAP service must have a unique URI. Obtain the right URI from
the service provider.
+ To activate a service, use the adaptation_access directive. To group
+ services, use adaptation_service_chain and adaptation_service_set.
Service options are separated by white space. eCAP services support
the following name=value options:
diff -u -r -N squid-3.3.5/src/comm/ModKqueue.cc squid-3.3.6/src/comm/ModKqueue.cc
--- squid-3.3.5/src/comm/ModKqueue.cc 2013-05-20 23:48:55.000000000 +1200
+++ squid-3.3.6/src/comm/ModKqueue.cc 2013-07-01 16:02:11.000000000 +1200
@@ -197,7 +197,11 @@
", timeout=" << timeout);
if (type & COMM_SELECT_READ) {
+ if (F->flags.read_pending)
+ kq_update_events(fd, EVFILT_WRITE, handler);
+
kq_update_events(fd, EVFILT_READ, handler);
+
F->read_handler = handler;
F->read_data = client_data;
}
@@ -290,31 +294,24 @@
continue; /* XXX! */
}
- switch (ke[i].filter) {
-
- case EVFILT_READ:
-
+ if (ke[i].filter == EVFILT_READ || F->flags.read_pending) {
if ((hdl = F->read_handler) != NULL) {
F->read_handler = NULL;
F->flags.read_pending = 0;
hdl(fd, F->read_data);
}
+ }
- break;
-
- case EVFILT_WRITE:
-
+ if (ke[i].filter == EVFILT_WRITE) {
if ((hdl = F->write_handler) != NULL) {
F->write_handler = NULL;
hdl(fd, F->write_data);
}
+ }
- break;
-
- default:
+ if (ke[i].filter != EVFILT_WRITE && ke[i].filter != EVFILT_READ) {
/* Bad! -- adrian */
debugs(5, DBG_IMPORTANT, "comm_select: kevent returned " << ke[i].filter << "!");
- break;
}
}
diff -u -r -N squid-3.3.5/src/dns.cc squid-3.3.6/src/dns.cc
--- squid-3.3.5/src/dns.cc 2013-05-20 23:48:55.000000000 +1200
+++ squid-3.3.6/src/dns.cc 2013-07-01 16:02:11.000000000 +1200
@@ -39,6 +39,10 @@
#include "Store.h"
#include "wordlist.h"
+#if SQUID_SNMP
+#include "snmp_core.h"
+#endif
+
/* MS VisualStudio Projects are monolitich, so we need the following
#if to include the external DNS code in compile process when
using external DNS.
diff -u -r -N squid-3.3.5/src/external_acl.cc squid-3.3.6/src/external_acl.cc
--- squid-3.3.5/src/external_acl.cc 2013-05-20 23:48:55.000000000 +1200
+++ squid-3.3.6/src/external_acl.cc 2013-07-01 16:02:11.000000000 +1200
@@ -185,7 +185,7 @@
#if USE_SSL
EXT_ACL_USER_CERT,
- EXT_ACL_CA_CERT,
+ EXT_ACL_USER_CA_CERT,
EXT_ACL_USER_CERT_RAW,
EXT_ACL_USER_CERTCHAIN_RAW,
#endif
@@ -414,28 +414,31 @@
if (strncmp(token, "%{", 2) == 0) {
// deprecated. but assume the old configs all referred to request headers.
- debugs(82, DBG_IMPORTANT, "WARNING: external_acl_type format %{...} is being replaced by %>{...} for : " << token);
+ debugs(82, DBG_PARSE_NOTE(DBG_IMPORTANT), "WARNING: external_acl_type format %{...} is being replaced by %>ha{...} for : " << token);
parse_header_token(format, (token+2), _external_acl_format::EXT_ACL_HEADER_REQUEST);
} else if (strncmp(token, "%>{", 3) == 0) {
+ debugs(82, DBG_PARSE_NOTE(DBG_IMPORTANT), "WARNING: external_acl_type format %>{...} is being replaced by %>ha{...} for : " << token);
+ parse_header_token(format, (token+3), _external_acl_format::EXT_ACL_HEADER_REQUEST);
+ } else if (strncmp(token, "%>ha{", 5) == 0) {
parse_header_token(format, (token+3), _external_acl_format::EXT_ACL_HEADER_REQUEST);
} else if (strncmp(token, "%<{", 3) == 0) {
+ debugs(82, DBG_PARSE_NOTE(DBG_IMPORTANT), "WARNING: external_acl_type format %<{...} is being replaced by %type = _external_acl_format::EXT_ACL_LOGIN;
a->require_auth = true;
#endif
}
-
#if USE_IDENT
- else if (strcmp(token, "%IDENT") == 0)
+ else if (strcmp(token, "%IDENT") == 0 || strcmp(token, "%ui") == 0)
format->type = _external_acl_format::EXT_ACL_IDENT;
-
#endif
-
- else if (strcmp(token, "%SRC") == 0)
+ else if (strcmp(token, "%SRC") == 0 || strcmp(token, "%>a") == 0)
format->type = _external_acl_format::EXT_ACL_SRC;
- else if (strcmp(token, "%SRCPORT") == 0)
+ else if (strcmp(token, "%SRCPORT") == 0 || strcmp(token, "%>p") == 0)
format->type = _external_acl_format::EXT_ACL_SRCPORT;
#if USE_SQUID_EUI
else if (strcmp(token, "%SRCEUI48") == 0)
@@ -443,11 +446,11 @@
else if (strcmp(token, "%SRCEUI64") == 0)
format->type = _external_acl_format::EXT_ACL_SRCEUI64;
#endif
- else if (strcmp(token, "%MYADDR") == 0)
+ else if (strcmp(token, "%MYADDR") == 0 || strcmp(token, "%la") == 0)
format->type = _external_acl_format::EXT_ACL_MYADDR;
- else if (strcmp(token, "%MYPORT") == 0)
+ else if (strcmp(token, "%MYPORT") == 0 || strcmp(token, "%lp") == 0)
format->type = _external_acl_format::EXT_ACL_MYPORT;
- else if (strcmp(token, "%URI") == 0)
+ else if (strcmp(token, "%URI") == 0 || strcmp(token, "%>ru") == 0)
format->type = _external_acl_format::EXT_ACL_URI;
else if (strcmp(token, "%DST") == 0)
format->type = _external_acl_format::EXT_ACL_DST;
@@ -455,11 +458,10 @@
format->type = _external_acl_format::EXT_ACL_PROTO;
else if (strcmp(token, "%PORT") == 0)
format->type = _external_acl_format::EXT_ACL_PORT;
- else if (strcmp(token, "%PATH") == 0)
+ else if (strcmp(token, "%PATH") == 0 || strcmp(token, "%>rp") == 0)
format->type = _external_acl_format::EXT_ACL_PATH;
- else if (strcmp(token, "%METHOD") == 0)
+ else if (strcmp(token, "%METHOD") == 0 || strcmp(token, "%>rm") == 0)
format->type = _external_acl_format::EXT_ACL_METHOD;
-
#if USE_SSL
else if (strcmp(token, "%USER_CERT") == 0)
format->type = _external_acl_format::EXT_ACL_USER_CERT_RAW;
@@ -468,8 +470,12 @@
else if (strncmp(token, "%USER_CERT_", 11) == 0) {
format->type = _external_acl_format::EXT_ACL_USER_CERT;
format->header = xstrdup(token + 11);
+ } else if (strncmp(token, "%USER_CA_CERT_", 11) == 0) {
+ format->type = _external_acl_format::EXT_ACL_USER_CA_CERT;
+ format->header = xstrdup(token + 11);
} else if (strncmp(token, "%CA_CERT_", 11) == 0) {
- format->type = _external_acl_format::EXT_ACL_USER_CERT;
+ debugs(82, DBG_PARSE_NOTE(DBG_IMPORTANT), "WARNING: external_acl_type %CA_CERT_* code is obsolete. Use %USER_CA_CERT_* instead");
+ format->type = _external_acl_format::EXT_ACL_USER_CA_CERT;
format->header = xstrdup(token + 11);
}
#endif
@@ -612,7 +618,7 @@
DUMP_EXT_ACL_TYPE_FMT(USER_CERT_RAW, " %%USER_CERT_RAW");
DUMP_EXT_ACL_TYPE_FMT(USER_CERTCHAIN_RAW, " %%USER_CERTCHAIN_RAW");
DUMP_EXT_ACL_TYPE_FMT(USER_CERT, " %%USER_CERT_%s", format->header);
- DUMP_EXT_ACL_TYPE_FMT(CA_CERT, " %%CA_CERT_%s", format->header);
+ DUMP_EXT_ACL_TYPE_FMT(USER_CA_CERT, " %%USER_CA_CERT_%s", format->header);
#endif
#if USE_AUTH
DUMP_EXT_ACL_TYPE(EXT_USER);
@@ -1127,7 +1133,7 @@
break;
- case _external_acl_format::EXT_ACL_CA_CERT:
+ case _external_acl_format::EXT_ACL_USER_CA_CERT:
if (ch->conn() != NULL && Comm::IsConnOpen(ch->conn()->clientConnection)) {
SSL *ssl = fd_table[ch->conn()->clientConnection->fd].ssl;
diff -u -r -N squid-3.3.5/src/format/Format.cc squid-3.3.6/src/format/Format.cc
--- squid-3.3.5/src/format/Format.cc 2013-05-20 23:48:55.000000000 +1200
+++ squid-3.3.6/src/format/Format.cc 2013-07-01 16:02:11.000000000 +1200
@@ -510,7 +510,7 @@
case LFT_ADAPTED_REQUEST_HEADER:
- if (al->request)
+ if (al->adapted_request)
sb = al->adapted_request->header.getByName(fmt->data.header.header);
out = sb.termedBuf();
@@ -629,7 +629,7 @@
break;
case LFT_ICAP_REQ_HEADER_ELEM:
- if (al->request)
+ if (al->icap.request)
sb = al->icap.request->header.getByNameListMember(fmt->data.header.header, fmt->data.header.element, fmt->data.header.separator);
out = sb.termedBuf();
diff -u -r -N squid-3.3.5/src/forward.cc squid-3.3.6/src/forward.cc
--- squid-3.3.5/src/forward.cc 2013-05-20 23:48:55.000000000 +1200
+++ squid-3.3.6/src/forward.cc 2013-07-01 16:02:11.000000000 +1200
@@ -935,7 +935,7 @@
debugs(17, 3, "fwdConnectStart: " << entry->url());
- if (n_tries == 0) // first attempt
+ if (!request->hier.first_conn_start.tv_sec) // first attempt
request->hier.first_conn_start = current_time;
/* connection timeout */
diff -u -r -N squid-3.3.5/src/ip/Address.cc squid-3.3.6/src/ip/Address.cc
--- squid-3.3.5/src/ip/Address.cc 2013-05-20 23:48:55.000000000 +1200
+++ squid-3.3.6/src/ip/Address.cc 2013-07-01 16:02:11.000000000 +1200
@@ -451,7 +451,7 @@
{
/* some AF_* magic to tell socket types apart and what we need to do */
if (s.ss_family == AF_INET6) {
- memcpy(&m_SocketAddr, &s, sizeof(struct sockaddr_in));
+ memcpy(&m_SocketAddr, &s, sizeof(struct sockaddr_in6));
} else { // convert it to our storage mapping.
struct sockaddr_in *sin = (struct sockaddr_in*)&s;
m_SocketAddr.sin6_port = sin->sin_port;
diff -u -r -N squid-3.3.5/src/ssl/support.cc squid-3.3.6/src/ssl/support.cc
--- squid-3.3.5/src/ssl/support.cc 2013-05-20 23:48:55.000000000 +1200
+++ squid-3.3.6/src/ssl/support.cc 2013-07-01 16:02:11.000000000 +1200
@@ -1521,7 +1521,10 @@
chain.reset(sk_X509_new_null());
if (!chain)
debugs(83, DBG_IMPORTANT, "WARNING: unable to allocate memory for cert chain");
- pkey.reset(readSslPrivateKey(keyFilename, ssl_ask_password_cb));
+ // XXX: ssl_ask_password_cb needs SSL_CTX_set_default_passwd_cb_userdata()
+ // so this may not fully work iff Config.Program.ssl_password is set.
+ pem_password_cb *cb = ::Config.Program.ssl_password ? &ssl_ask_password_cb : NULL;
+ pkey.reset(readSslPrivateKey(keyFilename, cb));
cert.reset(readSslX509CertificatesChain(certFilename, chain.get()));
if (!pkey || !cert || !X509_check_private_key(cert.get(), pkey.get())) {
pkey.reset(NULL);
diff -u -r -N squid-3.3.5/tools/squidclient.cc squid-3.3.6/tools/squidclient.cc
--- squid-3.3.5/tools/squidclient.cc 2013-05-20 23:48:55.000000000 +1200
+++ squid-3.3.6/tools/squidclient.cc 2013-07-01 16:02:11.000000000 +1200
@@ -145,6 +145,13 @@
int total_bytes = 0;
int io_timeout = 120;
+#if _SQUID_AIX_
+/* Bug 3854: AIX 6.1 tries to link in this fde.h global symbol
+ * despite squidclient not using any of the fd_* code.
+ */
+fde *fde::Table = NULL;
+#endif
+
#if _SQUID_WINDOWS_
void
Win32SockCleanup(void)