diff -u -r -N squid-3.1.11/ChangeLog squid-3.1.12/ChangeLog --- squid-3.1.11/ChangeLog 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/ChangeLog 2011-04-04 13:24:06.000000000 +1200 @@ -1,3 +1,24 @@ +Changes to squid-3.1.12 (04 Apr 2011): + + - Regression fix: Use bigger buffer for server reads. + - Regression fix: Add reply_header_replace directive for ability lost since 2.7 + - Bug 3181: /dev/poll fails to build on Solaris with GCC 4.5.0 + - Bug 3177: assertion failed: comm.cc:1583: "fd >= 0" + - Bug 3175: IPv6 PTR lookup crashes on raw-IP URLs when IPv6 disabled + - Bug 3173: Assertion bodyPipe!=NULL on SslBump CONNECT response writing failure + - Bug 3164: Total memory info display 32-bit overflows + - Bug 3155: Werror is hard-coded in libTrie build + - Bug 3151: squid_kerb_auth: use autoconf LIBS instead of FLAGS for library linkage + - Bug 2976: invalid URL on intercepted requests during reconfigure + - Bug 2720: comment in same line as cache/mem_replacement_policy causes error + - Bug 2621: Provide request headers to RESPMOD when using cache_peer. + - Bug 2330: AuthUser objects are never unlocked + - Prevent CONNECT request relaying to origin servers + - squidclient HTTP/1.1 compliance updates (Pragma and User-Agent headers) + - squidclient: send Cache Manager password using -w + - eCAP: give full Request-URI to adapters + - ... and several debug and error display cleanups + Changes to squid-3.1.11 (08 Feb 2011): - Bug 3149: not caching eCAP adapted body diff -u -r -N squid-3.1.11/compat/compat_shared.h squid-3.1.12/compat/compat_shared.h --- squid-3.1.11/compat/compat_shared.h 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/compat/compat_shared.h 2011-04-04 13:24:06.000000000 +1200 @@ -195,6 +195,9 @@ * Signalling flags are apparently not always provided. * TODO find out if these can be moved into specific OS portability files. */ +#if HAVE_SIGNAL_H +#include +#endif #ifndef SA_RESTART #define SA_RESTART 0 #endif diff -u -r -N squid-3.1.11/configure squid-3.1.12/configure --- squid-3.1.11/configure 2011-02-08 17:07:06.000000000 +1300 +++ squid-3.1.12/configure 2011-04-04 13:25:13.000000000 +1200 @@ -1,7 +1,7 @@ #! /bin/sh # From configure.ac Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.1.11. +# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.1.12. # # Report bugs to . # @@ -575,8 +575,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='3.1.11' -PACKAGE_STRING='Squid Web Proxy 3.1.11' +PACKAGE_VERSION='3.1.12' +PACKAGE_STRING='Squid Web Proxy 3.1.12' PACKAGE_BUGREPORT='http://www.squid-cache.org/bugs/' PACKAGE_URL='' @@ -1536,7 +1536,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 3.1.11 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 3.1.12 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1606,7 +1606,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 3.1.11:";; + short | recursive ) echo "Configuration of Squid Web Proxy 3.1.12:";; esac cat <<\_ACEOF @@ -1934,7 +1934,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 3.1.11 +Squid Web Proxy configure 3.1.12 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -2945,7 +2945,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 3.1.11, which was +It was created by Squid Web Proxy $as_me 3.1.12, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -3764,7 +3764,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='3.1.11' + VERSION='3.1.12' cat >>confdefs.h <<_ACEOF @@ -28045,7 +28045,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 3.1.11, which was +This file was extended by Squid Web Proxy $as_me 3.1.12, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -28111,7 +28111,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Squid Web Proxy config.status 3.1.11 +Squid Web Proxy config.status 3.1.12 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff -u -r -N squid-3.1.11/configure.ac squid-3.1.12/configure.ac --- squid-3.1.11/configure.ac 2011-02-08 17:07:06.000000000 +1300 +++ squid-3.1.12/configure.ac 2011-04-04 13:25:13.000000000 +1200 @@ -2,7 +2,7 @@ dnl dnl $Id$ dnl -AC_INIT([Squid Web Proxy],[3.1.11],[http://www.squid-cache.org/bugs/],[squid]) +AC_INIT([Squid Web Proxy],[3.1.12],[http://www.squid-cache.org/bugs/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) diff -u -r -N squid-3.1.11/helpers/negotiate_auth/squid_kerb_auth/configure squid-3.1.12/helpers/negotiate_auth/squid_kerb_auth/configure --- squid-3.1.11/helpers/negotiate_auth/squid_kerb_auth/configure 2011-02-08 17:07:05.000000000 +1300 +++ squid-3.1.12/helpers/negotiate_auth/squid_kerb_auth/configure 2011-04-04 13:25:12.000000000 +1200 @@ -4138,7 +4138,7 @@ else ac_gssapi_libs=`krb5-config --libs gssapi 2>/dev/null` if test "x$ac_gssapi_libs" != "x" ; then - LDFLAGS="$LDFLAGS $ac_gssapi_libs" + LIBS="$LIBS $ac_gssapi_libs" else for lib in $ac_gss_libs; do as_ac_Lib=`$as_echo "ac_cv_lib_$lib''_main" | $as_tr_sh` @@ -4254,7 +4254,7 @@ fi ac_gssapi_libs=`krb5-config --libs gssapi 2>/dev/null` if test "x$ac_gssapi_libs" != "x" ; then - LDFLAGS="$LDFLAGS $ac_gssapi_libs" + LIBS="$LIBS $ac_gssapi_libs" else for lib in $ac_gss_libs; do as_ac_Lib=`$as_echo "ac_cv_lib_$lib''_main" | $as_tr_sh` @@ -4414,7 +4414,7 @@ ac_libdir=`echo $ac_gssapi_libs | sed -e 's/.*-L//' | sed -e 's/ .*//'` LDFLAGS="$LDFLAGS $w_flag$ac_libdir$w_flag_2" fi - LDFLAGS="$LDFLAGS $ac_gssapi_libs" + LIBS="$LIBS $ac_gssapi_libs" else for lib in $ac_gss_libs; do as_ac_Lib=`$as_echo "ac_cv_lib_$lib''_main" | $as_tr_sh` @@ -4535,7 +4535,7 @@ ac_libdir=`echo $ac_gssapi_libs | sed -e 's/.*-L//' | sed -e 's/ .*//'` LDFLAGS="$LDFLAGS $w_flag$ac_libdir$w_flag_2" fi - LDFLAGS="$LDFLAGS $ac_gssapi_libs" + LIBS="$LIBS $ac_gssapi_libs" else for lib in $ac_gss_libs; do as_ac_Lib=`$as_echo "ac_cv_lib_$lib''_main" | $as_tr_sh` diff -u -r -N squid-3.1.11/helpers/negotiate_auth/squid_kerb_auth/configure.ac squid-3.1.12/helpers/negotiate_auth/squid_kerb_auth/configure.ac --- squid-3.1.11/helpers/negotiate_auth/squid_kerb_auth/configure.ac 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/helpers/negotiate_auth/squid_kerb_auth/configure.ac 2011-04-04 13:24:06.000000000 +1200 @@ -93,7 +93,7 @@ else ac_gssapi_libs=`krb5-config --libs gssapi 2>/dev/null` if test "x$ac_gssapi_libs" != "x" ; then - LDFLAGS="$LDFLAGS $ac_gssapi_libs" + LIBS="$LIBS $ac_gssapi_libs" else for lib in $ac_gss_libs; do AC_CHECK_LIB($lib,main) @@ -117,7 +117,7 @@ fi ac_gssapi_libs=`krb5-config --libs gssapi 2>/dev/null` if test "x$ac_gssapi_libs" != "x" ; then - LDFLAGS="$LDFLAGS $ac_gssapi_libs" + LIBS="$LIBS $ac_gssapi_libs" else for lib in $ac_gss_libs; do AC_CHECK_LIB($lib,main) @@ -171,7 +171,7 @@ ac_libdir=`echo $ac_gssapi_libs | sed -e 's/.*-L//' | sed -e 's/ .*//'` LDFLAGS="$LDFLAGS $w_flag$ac_libdir$w_flag_2" fi - LDFLAGS="$LDFLAGS $ac_gssapi_libs" + LIBS="$LIBS $ac_gssapi_libs" else for lib in $ac_gss_libs; do AC_CHECK_LIB($lib,main) @@ -200,7 +200,7 @@ ac_libdir=`echo $ac_gssapi_libs | sed -e 's/.*-L//' | sed -e 's/ .*//'` LDFLAGS="$LDFLAGS $w_flag$ac_libdir$w_flag_2" fi - LDFLAGS="$LDFLAGS $ac_gssapi_libs" + LIBS="$LIBS $ac_gssapi_libs" else for lib in $ac_gss_libs; do AC_CHECK_LIB($lib,main) diff -u -r -N squid-3.1.11/include/rfc1738.h squid-3.1.12/include/rfc1738.h --- squid-3.1.11/include/rfc1738.h 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/include/rfc1738.h 2011-04-04 13:24:06.000000000 +1200 @@ -4,35 +4,46 @@ /* for SQUIDCEXTERN */ #include "config.h" - -/* Encoder rfc1738_do_escape flag values. */ -#define RFC1738_ESCAPE_UNSAFE 0 -#define RFC1738_ESCAPE_RESERVED 1 -#define RFC1738_ESCAPE_UNESCAPED -1 - +#define RFC1738_ESCAPE_CTRLS 1 +#define RFC1738_ESCAPE_UNSAFE 2 +#define RFC1738_ESCAPE_RESERVED 4 +#define RFC1738_ESCAPE_ALL (RFC1738_ESCAPE_UNSAFE|RFC1738_ESCAPE_RESERVED|RFC1738_ESCAPE_CTRLS) +// exclusions +#define RFC1738_ESCAPE_NOSPACE 128 +#define RFC1738_ESCAPE_NOPERCENT 256 +// Backward compatibility +#define RFC1738_ESCAPE_UNESCAPED (RFC1738_ESCAPE_UNSAFE|RFC1738_ESCAPE_CTRLS|RFC1738_ESCAPE_NOPERCENT) /** * \group rfc1738 RFC 1738 URL-escaping library * * Public API is formed of a triplet of encode functions mapping to the rfc1738_do_encode() engine. * - * ASCII characters are split into three groups: - * \item SAFE Characters which are safe to occur in any URL. For example A,B,C - * \item UNSAFE Characters which are completely usafe to occur in any URL. For example; backspace, tab, space, newline + * ASCII characters are split into four groups: + * \item CTRLS Binary control codes. Dangerous to include in URLs. + * \item UNSAFE Characters which are completely usafe to occur in any URL. For example; backspace, tab, space, newline. * \item RESERVED Characters which are reserved for special meaning and may only occur in certain parts of a URL. * * Returns a static buffer containing the RFC 1738 compliant, escaped version of the given url. * - * \param flags RFC1738_ESCAPE_UNSAFE Only encode unsafe characters. Ignore reserved. - * \param flags RFC1738_ESCAPE_RESERVED Encode all unsafe and reserved characters. - * \param flags RFC1738_ESCAPE_UNESCAPED Encode all unsafe characters which have not already been encoded. + * \param flags RFC1738_ESCAPE_CTRLS Encode the blatantly dangerous binary codes. + * \param flags RFC1738_ESCAPE_UNSAFE Encode printable unsafe characters (excluding CTRLs). + * \param flags RFC1738_ESCAPE_RESERVED Encode reserved characters. + * \param flags RFC1738_ESCAPE_ALL Encode all binary CTRL, unsafe and reserved characters. + * \param flags RFC1738_ESCAPE_NOSPACE Ignore the space whitespace character. + * \param flags RFC1738_ESCAPE_NOPERCENT Ignore the escaping delimiter '%'. */ SQUIDCEXTERN char *rfc1738_do_escape(const char *url, int flags); -/* Old API functions */ -#define rfc1738_escape(x) rfc1738_do_escape(x, RFC1738_ESCAPE_UNSAFE) -#define rfc1738_escape_part(x) rfc1738_do_escape(x, RFC1738_ESCAPE_RESERVED) -#define rfc1738_escape_unescaped(x) rfc1738_do_escape(x, RFC1738_ESCAPE_UNESCAPED) +/* Default RFC 1738 escaping. Escape all UNSAFE characters and binary CTRL codes */ +#define rfc1738_escape(x) rfc1738_do_escape(x, RFC1738_ESCAPE_UNSAFE|RFC1738_ESCAPE_CTRLS) + +/* Escape a partial URL. Encoding every binary code, unsafe or reserved character. */ +#define rfc1738_escape_part(x) rfc1738_do_escape(x, RFC1738_ESCAPE_ALL) + +/* Escape a URL. Encoding every unsafe characters but skipping reserved and already-encoded bytes. + * Suitable for safely encoding an absolute URL which may be encoded but is not trusted. */ +#define rfc1738_escape_unescaped(x) rfc1738_do_escape(x, RFC1738_ESCAPE_UNSAFE|RFC1738_ESCAPE_CTRLS|RFC1738_ESCAPE_NOPERCENT) /** diff -u -r -N squid-3.1.11/include/util.h squid-3.1.12/include/util.h --- squid-3.1.11/include/util.h 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/include/util.h 2011-04-04 13:24:06.000000000 +1200 @@ -150,7 +150,7 @@ /* * Returns the amount of known allocated memory */ -int statMemoryAccounted(void); +double statMemoryAccounted(void); /* Windows Port */ /* win32lib.c */ diff -u -r -N squid-3.1.11/include/version.h squid-3.1.12/include/version.h --- squid-3.1.11/include/version.h 2011-02-08 17:07:06.000000000 +1300 +++ squid-3.1.12/include/version.h 2011-04-04 13:25:13.000000000 +1200 @@ -9,7 +9,7 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1297137949 +#define SQUID_RELEASE_TIME 1301880244 #endif #ifndef APP_SHORTNAME diff -u -r -N squid-3.1.11/lib/libTrie/configure squid-3.1.12/lib/libTrie/configure --- squid-3.1.11/lib/libTrie/configure 2011-02-08 17:06:57.000000000 +1300 +++ squid-3.1.12/lib/libTrie/configure 2011-04-04 13:25:06.000000000 +1200 @@ -705,6 +705,7 @@ enable_inline enable_dependency_tracking enable_maintainer_mode +enable_strict_error_checking ' ac_precious_vars='build_alias host_alias @@ -1357,6 +1358,10 @@ --enable-dependency-tracking do not reject slow dependency extractors --enable-maintainer-mode enable make rules and dependencies not useful (and sometimes confusing) to the casual installer + --disable-strict-error-checking + By default compile with all possible static compiler + error-checks enabled. This flag disables the + behavior Some influential environment variables: CXX C++ compiler command @@ -4170,15 +4175,33 @@ fi +TRIE_CFLAGS= +TRIE_CXXFLAGS= if test "$GCC" = "yes"; then - TRIE_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments" - TRIE_CXXFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments" -else - TRIE_CFLAGS= - TRIE_CXXFLAGS= + TRIE_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments" + TRIE_CXXFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wcomments" + + # Check whether --enable-strict-error-checking was given. +if test "${enable_strict_error_checking+set}" = set; then : + enableval=$enable_strict_error_checking; + case $enableval in + yes|1|true) + enable_strict_error_checking=yes + ;; + *) + enable_strict_error_checking=no + ;; + esac + fi -if test "$GCC" = "yes" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: strict error checking enabled: ${enable_strict_error_checking:=yes}" >&5 +$as_echo "$as_me: strict error checking enabled: ${enable_strict_error_checking:=yes}" >&6;} + if test "x${enable_strict_error_checking:=yes}" = "xyes"; then + TRIE_CFLAGS="-Werror $TRIE_CFLAGS" + TRIE_CXXFLAGS="-Werror $TRIE_CXXFLAGS" + fi + if test "$GCC" = "yes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether compiler accepts -fhuge-objects" >&5 @@ -4210,7 +4233,7 @@ fi fi #gcc - TRIE_CXXFLAGS="$TRIE_CXXFLAGS $HUGE_OBJECT_FLAG" + TRIE_CXXFLAGS="$TRIE_CXXFLAGS $HUGE_OBJECT_FLAG" fi diff -u -r -N squid-3.1.11/lib/libTrie/configure.ac squid-3.1.12/lib/libTrie/configure.ac --- squid-3.1.11/lib/libTrie/configure.ac 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/lib/libTrie/configure.ac 2011-04-04 13:24:06.000000000 +1200 @@ -58,17 +58,33 @@ AC_PROG_RANLIB dnl set useful flags +TRIE_CFLAGS= +TRIE_CXXFLAGS= if test "$GCC" = "yes"; then - TRIE_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments" - TRIE_CXXFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments" -else - TRIE_CFLAGS= - TRIE_CXXFLAGS= -fi + TRIE_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments" + TRIE_CXXFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wcomments" + + AC_ARG_ENABLE(strict-error-checking, + AS_HELP_STRING([--disable-strict-error-checking],[By default compile + with all possible static compiler error-checks enabled. + This flag disables the behavior]), [ + case $enableval in + yes|1|true) + enable_strict_error_checking=yes + ;; + *) + enable_strict_error_checking=no + ;; + esac + ]) + AC_MSG_NOTICE([strict error checking enabled: ${enable_strict_error_checking:=yes}]) + if test "x${enable_strict_error_checking:=yes}" = "xyes"; then + TRIE_CFLAGS="-Werror $TRIE_CFLAGS" + TRIE_CXXFLAGS="-Werror $TRIE_CXXFLAGS" + fi -if test "$GCC" = "yes" ; then - AC_TEST_CHECKFORHUGEOBJECTS - TRIE_CXXFLAGS="$TRIE_CXXFLAGS $HUGE_OBJECT_FLAG" + AC_TEST_CHECKFORHUGEOBJECTS + TRIE_CXXFLAGS="$TRIE_CXXFLAGS $HUGE_OBJECT_FLAG" fi AC_SUBST(TRIE_CFLAGS) diff -u -r -N squid-3.1.11/lib/rfc1738.c squid-3.1.12/lib/rfc1738.c --- squid-3.1.11/lib/rfc1738.c 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/lib/rfc1738.c 2011-04-04 13:24:06.000000000 +1200 @@ -53,6 +53,7 @@ (char) 0x22, /* " */ (char) 0x23, /* # */ #if 0 /* done in code */ + (char) 0x20, /* space */ (char) 0x25, /* % */ #endif (char) 0x7B, /* { */ @@ -64,8 +65,7 @@ (char) 0x5B, /* [ */ (char) 0x5D, /* ] */ (char) 0x60, /* ` */ - (char) 0x27, /* ' */ - (char) 0x20 /* space */ + (char) 0x27 /* ' */ }; static char rfc1738_reserved_chars[] = { @@ -97,36 +97,49 @@ buf = (char*)xcalloc(bufsize, 1); } for (p = url, q = buf; *p != '\0' && q < (buf + bufsize - 1); p++, q++) { + + /* a-z, A-Z and 0-9 are SAFE. */ + if ((*p >= 'a' && *p <= 'z') || (*p >= 'A' && *p <= 'Z') || (*p >= '0' && *p <= '9')) { + *q = *p; + continue; + } + do_escape = 0; /* RFC 1738 defines these chars as unsafe */ - for (i = 0; i < sizeof(rfc1738_unsafe_chars); i++) { - if (*p == rfc1738_unsafe_chars[i]) { - do_escape = 1; - break; + if ((flags & RFC1738_ESCAPE_UNSAFE)) { + for (i = 0; i < sizeof(rfc1738_unsafe_chars); i++) { + if (*p == rfc1738_unsafe_chars[i]) { + do_escape = 1; + break; + } } + /* Handle % separately */ + if (!(flags & RFC1738_ESCAPE_NOPERCENT) && *p == '%') + do_escape = 1; + /* Handle space separately */ + else if (!(flags & RFC1738_ESCAPE_NOSPACE) && *p <= ' ') + do_escape = 1; } - /* Handle % separately */ - if (flags != RFC1738_ESCAPE_UNESCAPED && *p == '%') - do_escape = 1; /* RFC 1738 defines these chars as reserved */ - for (i = 0; i < sizeof(rfc1738_reserved_chars) && flags == RFC1738_ESCAPE_RESERVED; i++) { - if (*p == rfc1738_reserved_chars[i]) { - do_escape = 1; - break; + if ((flags & RFC1738_ESCAPE_RESERVED) && do_escape == 0) { + for (i = 0; i < sizeof(rfc1738_reserved_chars); i++) { + if (*p == rfc1738_reserved_chars[i]) { + do_escape = 1; + break; + } } } - /* RFC 1738 says any control chars (0x00-0x1F) are encoded */ - if ((unsigned char) *p <= (unsigned char) 0x1F) { - do_escape = 1; - } - /* RFC 1738 says 0x7f is encoded */ - if (*p == (char) 0x7F) { - do_escape = 1; - } - /* RFC 1738 says any non-US-ASCII are encoded */ - if (((unsigned char) *p >= (unsigned char) 0x80)) { - do_escape = 1; + if ((flags & RFC1738_ESCAPE_CTRLS) && do_escape == 0) { + /* RFC 1738 says any control chars (0x00-0x1F) are encoded */ + if ((unsigned char) *p <= (unsigned char) 0x1F) + do_escape = 1; + /* RFC 1738 says 0x7f is encoded */ + else if (*p == (char) 0x7F) + do_escape = 1; + /* RFC 1738 says any non-US-ASCII are encoded */ + else if (((unsigned char) *p >= (unsigned char) 0x80)) + do_escape = 1; } /* Do the triplet encoding, or just copy the char */ /* note: we do not need snprintf here as q is appropriately diff -u -r -N squid-3.1.11/lib/stub_memaccount.c squid-3.1.12/lib/stub_memaccount.c --- squid-3.1.11/lib/stub_memaccount.c 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/lib/stub_memaccount.c 2011-04-04 13:24:06.000000000 +1200 @@ -5,8 +5,8 @@ /* Stub function for programs not implementing statMemoryAccounted */ #include "config.h" #include "util.h" -int +double statMemoryAccounted(void) { - return -1; + return -1.0; } diff -u -r -N squid-3.1.11/lib/tests/testRFC1738.cc squid-3.1.12/lib/tests/testRFC1738.cc --- squid-3.1.11/lib/tests/testRFC1738.cc 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/lib/tests/testRFC1738.cc 2011-04-04 13:24:06.000000000 +1200 @@ -86,10 +86,6 @@ { char *result; -#define RFC1738_ESCAPE_UNSAFE 0 -#define RFC1738_ESCAPE_RESERVED 1 -#define RFC1738_ESCAPE_UNESCAPED -1 - /* TEST: Escaping only unsafe characters */ /* regular URL (no encoding needed) */ diff -u -r -N squid-3.1.11/lib/util.c squid-3.1.12/lib/util.c --- squid-3.1.11/lib/util.c 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/lib/util.c 2011-04-04 13:24:06.000000000 +1200 @@ -365,9 +365,9 @@ static void xmalloc_show_trace(void *p, int sign) { - int statMemoryAccounted(); - static size_t last_total = 0, last_accounted = 0, last_mallinfo = 0; - size_t accounted = statMemoryAccounted(); + static double last_accounted = 0; + static size_t last_total = 0, last_mallinfo = 0; + double accounted = statMemoryAccounted(); size_t mi = 0; size_t sz; #if HAVE_MALLINFO @@ -381,10 +381,10 @@ xmalloc_count += sign > 0; if (xmalloc_trace) { - fprintf(stderr, "%c%8p size=%5d/%d acc=%5d/%d mallinfo=%5d/%d %s:%d %s", + fprintf(stderr, "%c%8p size=%5d/%d acc=%5.0f/%.0f mallinfo=%5d/%d %s:%d %s", sign > 0 ? '+' : '-', p, (int) xmalloc_total - last_total, (int) xmalloc_total, - (int) accounted - last_accounted, (int) accounted, + accounted - last_accounted, accounted, (int) mi - last_mallinfo, (int) mi, xmalloc_file, xmalloc_line, xmalloc_func); diff -u -r -N squid-3.1.11/RELEASENOTES.html squid-3.1.12/RELEASENOTES.html --- squid-3.1.11/RELEASENOTES.html 2011-02-08 17:33:08.000000000 +1300 +++ squid-3.1.12/RELEASENOTES.html 2011-04-04 13:51:45.000000000 +1200 @@ -2,10 +2,10 @@ - Squid 3.1.11 release notes + Squid 3.1.12 release notes -

Squid 3.1.11 release notes

+

Squid 3.1.12 release notes

Squid Developers


@@ -70,7 +70,7 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-3.1.11

+

The Squid Team are pleased to announce the release of Squid-3.1.12

This new release is available for download from http://www.squid-cache.org/Versions/v3/3.1/ or the mirrors.

@@ -827,6 +827,28 @@

Controls how many different forward paths Squid will try before giving up. Default: 10

+
reply_header_replace
+

This option allows you to change the contents of reply headers. +

+        In Squid 2 header_replace (now deprecated) worked for both requests
+        and replies, while in Squid 3 it only did respect request headers.
+        This option brings back the functionality to replace the contents of
+        reply headers. Consult the documentation for usage details.
+        
+
+

+ +
request_header_replace
+

This option allows you to change the contents of request headers. +

+        To be consistent with the naming changes of header_access in Squid 3
+        (header_access has been split into two options request_header_access
+        and reply_header_access), header_replace (now deprecated) is being
+        replaced by request_header_replace.
+        
+
+

+
icap_log

New option to write ICAP log files record ICAP transaction summaries, one line per transaction. Similar to access.log. @@ -1217,7 +1239,6 @@

debug_options rotate=

New parameter rotate=N to control number of cache.log rotations independent of other logs.

-
external_acl_type

New options 'ipv4' and 'ipv6' are added to set the IPv4/v6 protocol between Squid and its helpers. Please be aware of some limits to these options. These options only affet the transport protocol used @@ -1262,6 +1283,9 @@

+
header_replace
+

Deprecated. Use request_header_replace or reply_header_replace instead.

+
http_port transparent intercept ssl-bump connection-auth[=on|off] ignore-cc

Option 'transparent' is being deprecated in favour of 'intercept' which more clearly identifies what the option does. For now option 'tproxy' remains with old behaviour meaning fully-invisible proxy using TPROXY support.

diff -u -r -N squid-3.1.11/src/acl/DomainData.cc squid-3.1.12/src/acl/DomainData.cc --- squid-3.1.11/src/acl/DomainData.cc 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/acl/DomainData.cc 2011-04-04 13:24:06.000000000 +1200 @@ -95,13 +95,20 @@ char *const d3 = d2; char *const d4 = d1; ret = aclHostDomainCompare(d3, d4); - } - - /* FIXME this warning may display d1 and d2 when it should display d3 and d4 */ - if (ret == 0) { - debugs(28, 0, "WARNING: '" << d1 << "' is a subdomain of '" << d2 << "'"); - debugs(28, 0, "WARNING: because of this '" << (char *) a << "' is ignored to keep splay tree searching predictable"); - debugs(28, 0, "WARNING: You should probably remove '" << d1 << "' from the ACL named '" << AclMatchedName << "'"); + if (ret == 0) { + // When a.example.com comes after .example.com in an ACL + // sub-domain is ignored. That is okay. Just important + debugs(28, DBG_IMPORTANT, "WARNING: '" << d3 << "' is a subdomain of '" << d4 << "'"); + debugs(28, DBG_IMPORTANT, "WARNING: because of this '" << d3 << "' is ignored to keep splay tree searching predictable"); + debugs(28, DBG_IMPORTANT, "WARNING: You should remove '" << (*d3=='.'?d4:d3) << "' from the ACL named '" << AclMatchedName << "'"); + } + } else if (ret == 0) { + // When a.example.com comes before .example.com in an ACL + // discarding the wildcard is critically bad. + debugs(28, DBG_CRITICAL, "ERROR: '" << d1 << "' is a subdomain of '" << d2 << "'"); + debugs(28, DBG_CRITICAL, "ERROR: because of this '" << d2 << "' is ignored to keep splay tree searching predictable"); + debugs(28, DBG_CRITICAL, "ERROR: You should remove '" << (*d1=='.'?d2:d1) << "' from the ACL named '" << AclMatchedName << "'"); + self_destruct(); } return ret; diff -u -r -N squid-3.1.11/src/adaptation/ecap/MessageRep.cc squid-3.1.12/src/adaptation/ecap/MessageRep.cc --- squid-3.1.11/src/adaptation/ecap/MessageRep.cc 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/adaptation/ecap/MessageRep.cc 2011-04-04 13:24:06.000000000 +1200 @@ -50,7 +50,7 @@ theHeader.addEntry(e); if (squidId == HDR_CONTENT_LENGTH) - theMessage.content_length = theHeader.getInt64(HDR_CONTENT_LENGTH); + theMessage.content_length = theHeader.getInt64(HDR_CONTENT_LENGTH); } void @@ -63,7 +63,7 @@ theHeader.delById(squidId); if (squidId == HDR_CONTENT_LENGTH) - theMessage.content_length = theHeader.getInt64(HDR_CONTENT_LENGTH); + theMessage.content_length = theHeader.getInt64(HDR_CONTENT_LENGTH); } libecap::Area @@ -199,8 +199,10 @@ Adaptation::Ecap::RequestLineRep::Area Adaptation::Ecap::RequestLineRep::uri() const { - return Area::FromTempBuffer(theMessage.urlpath.rawBuf(), - theMessage.urlpath.size()); + const char *fullUrl = urlCanonical(&theMessage); + Must(fullUrl); + // optimize: avoid copying by having an Area::Detail that locks theMessage + return Area::FromTempBuffer(fullUrl, strlen(fullUrl)); } void diff -u -r -N squid-3.1.11/src/adaptation/ecap/ServiceRep.cc squid-3.1.12/src/adaptation/ecap/ServiceRep.cc --- squid-3.1.11/src/adaptation/ecap/ServiceRep.cc 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/adaptation/ecap/ServiceRep.cc 2011-04-04 13:24:06.000000000 +1200 @@ -32,11 +32,10 @@ Adaptation::Service::finalize(); theService = FindAdapterService(cfg().uri); if (theService) { - debugs(93,3, HERE << "starting eCAP service: " << theService->uri()); + debugs(93,DBG_IMPORTANT, "Starting eCAP service: " << theService->uri()); theService->start(); } else { - debugs(93,1, "Warning: configured ecap_service was not loaded: " << - cfg().uri); + debugs(93,DBG_IMPORTANT, "WARNING: configured ecap_service was not loaded: " << cfg().uri); } } diff -u -r -N squid-3.1.11/src/auth/basic/auth_basic.cc squid-3.1.12/src/auth/basic/auth_basic.cc --- squid-3.1.11/src/auth/basic/auth_basic.cc 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/auth/basic/auth_basic.cc 2011-04-04 13:24:06.000000000 +1200 @@ -122,7 +122,7 @@ return basicScheme::GetInstance().type(); } -AuthBasicUserRequest::AuthBasicUserRequest() : _theUser(NULL) +AuthBasicUserRequest::AuthBasicUserRequest() {} AuthBasicUserRequest::~AuthBasicUserRequest() diff -u -r -N squid-3.1.11/src/auth/basic/auth_basic.h squid-3.1.12/src/auth/basic/auth_basic.h --- squid-3.1.11/src/auth/basic/auth_basic.h 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/auth/basic/auth_basic.h 2011-04-04 13:24:06.000000000 +1200 @@ -95,14 +95,6 @@ virtual void authenticate(HttpRequest * request, ConnStateData *conn, http_hdr_type type); virtual int module_direction(); virtual void module_start(RH *, void *); - virtual AuthUser *user() {return _theUser;} - - virtual const AuthUser *user() const {return _theUser;} - - virtual void user (AuthUser *aUser) {_theUser=dynamic_cast(aUser);} - -private: - BasicUser *_theUser; }; MEMPROXY_CLASS_INLINE(AuthBasicUserRequest); diff -u -r -N squid-3.1.11/src/auth/digest/auth_digest.cc squid-3.1.12/src/auth/digest/auth_digest.cc --- squid-3.1.11/src/auth/digest/auth_digest.cc 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/auth/digest/auth_digest.cc 2011-04-04 13:24:06.000000000 +1200 @@ -1446,7 +1446,7 @@ AuthDigestUserRequest::AuthDigestUserRequest() : nonceb64(NULL) ,cnonce(NULL) ,realm(NULL), pszPass(NULL) ,algorithm(NULL) ,pszMethod(NULL), qop(NULL) ,uri(NULL) ,response(NULL), - nonce(NULL), _theUser (NULL) , + nonce(NULL), credentials_ok (Unchecked) {} diff -u -r -N squid-3.1.11/src/auth/digest/auth_digest.h squid-3.1.12/src/auth/digest/auth_digest.h --- squid-3.1.11/src/auth/digest/auth_digest.h 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/auth/digest/auth_digest.h 2011-04-04 13:24:06.000000000 +1200 @@ -70,11 +70,6 @@ #endif virtual void module_start(RH *, void *); - virtual AuthUser *user() {return _theUser;} - - virtual const AuthUser *user() const {return _theUser;} - - virtual void user(AuthUser *aUser) {_theUser=dynamic_cast(aUser);} CredentialsState credentials() const; void credentials(CredentialsState); @@ -100,7 +95,6 @@ digest_nonce_h *nonce; private: - DigestUser *_theUser; CredentialsState credentials_ok; }; diff -u -r -N squid-3.1.11/src/auth/negotiate/auth_negotiate.cc squid-3.1.12/src/auth/negotiate/auth_negotiate.cc --- squid-3.1.11/src/auth/negotiate/auth_negotiate.cc 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/auth/negotiate/auth_negotiate.cc 2011-04-04 13:24:06.000000000 +1200 @@ -758,8 +758,7 @@ } AuthNegotiateUserRequest::AuthNegotiateUserRequest() : - /*conn(NULL),*/ auth_state(AUTHENTICATE_STATE_NONE), - _theUser(NULL) + /*conn(NULL),*/ auth_state(AUTHENTICATE_STATE_NONE) { waiting=0; client_blob=0; diff -u -r -N squid-3.1.11/src/auth/negotiate/auth_negotiate.h squid-3.1.12/src/auth/negotiate/auth_negotiate.h --- squid-3.1.11/src/auth/negotiate/auth_negotiate.h 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/auth/negotiate/auth_negotiate.h 2011-04-04 13:24:06.000000000 +1200 @@ -72,14 +72,9 @@ virtual int module_direction(); virtual void onConnectionClose(ConnStateData *); virtual void module_start(RH *, void *); - virtual AuthUser *user() {return _theUser;} - - virtual const AuthUser *user() const {return _theUser;} virtual void addHeader(HttpReply * rep, int accel); - virtual void user (AuthUser *aUser) {_theUser=dynamic_cast(aUser);} - virtual const char * connLastHeader(); /*we need to store the helper server between requests */ @@ -102,10 +97,6 @@ /* need access to the request flags to mess around on pconn failure */ HttpRequest *request; - -private: - /* the user */ - NegotiateUser * _theUser; }; MEMPROXY_CLASS_INLINE(AuthNegotiateUserRequest); diff -u -r -N squid-3.1.11/src/auth/ntlm/auth_ntlm.cc squid-3.1.12/src/auth/ntlm/auth_ntlm.cc --- squid-3.1.11/src/auth/ntlm/auth_ntlm.cc 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/auth/ntlm/auth_ntlm.cc 2011-04-04 13:24:06.000000000 +1200 @@ -676,8 +676,7 @@ } AuthNTLMUserRequest::AuthNTLMUserRequest() : - /*conn(NULL),*/ auth_state(AUTHENTICATE_STATE_NONE), - _theUser(NULL) + /*conn(NULL),*/ auth_state(AUTHENTICATE_STATE_NONE) { waiting=0; client_blob=0; diff -u -r -N squid-3.1.11/src/auth/ntlm/auth_ntlm.h squid-3.1.12/src/auth/ntlm/auth_ntlm.h --- squid-3.1.11/src/auth/ntlm/auth_ntlm.h 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/auth/ntlm/auth_ntlm.h 2011-04-04 13:24:06.000000000 +1200 @@ -60,11 +60,6 @@ virtual int module_direction(); virtual void onConnectionClose(ConnStateData *); virtual void module_start(RH *, void *); - virtual AuthUser *user() {return _theUser;} - - virtual const AuthUser *user() const {return _theUser;} - - virtual void user (AuthUser *aUser) {_theUser=dynamic_cast(aUser);} virtual const char * connLastHeader(); @@ -88,10 +83,6 @@ /* need access to the request flags to mess around on pconn failure */ HttpRequest *request; - -private: - /* the user */ - NTLMUser * _theUser; }; MEMPROXY_CLASS_INLINE(AuthNTLMUserRequest); diff -u -r -N squid-3.1.11/src/cf.data.pre squid-3.1.12/src/cf.data.pre --- squid-3.1.11/src/cf.data.pre 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/cf.data.pre 2011-04-04 13:24:06.000000000 +1200 @@ -3915,18 +3915,18 @@ performed). DOC_END -NAME: header_replace +NAME: request_header_replace header_replace IFDEF: HTTP_VIOLATIONS TYPE: http_header_replace[] LOC: Config.request_header_access DEFAULT: none DOC_START - Usage: header_replace header_name message - Example: header_replace User-Agent Nutscrape/1.0 (CP/M; 8-bit) + Usage: request_header_replace header_name message + Example: request_header_replace User-Agent Nutscrape/1.0 (CP/M; 8-bit) This option allows you to change the contents of headers - denied with header_access above, by replacing them with - some fixed string. This replaces the old fake_user_agent + denied with request_header_access above, by replacing them + with some fixed string. This replaces the old fake_user_agent option. This only applies to request headers, not reply headers. @@ -3934,6 +3934,24 @@ By default, headers are removed if denied. DOC_END +NAME: reply_header_replace +IFDEF: HTTP_VIOLATIONS +TYPE: http_header_replace[] +LOC: Config.reply_header_access +DEFAULT: none +DOC_START + Usage: reply_header_replace header_name message + Example: reply_header_replace Server Foo/1.0 + + This option allows you to change the contents of headers + denied with reply_header_access above, by replacing them + with some fixed string. + + This only applies to reply headers, not request headers. + + By default, headers are removed if denied. +DOC_END + NAME: relaxed_header_parser COMMENT: on|off|warn TYPE: tristate diff -u -r -N squid-3.1.11/src/client_side.cc squid-3.1.12/src/client_side.cc --- squid-3.1.11/src/client_side.cc 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/client_side.cc 2011-04-04 13:24:06.000000000 +1200 @@ -1775,14 +1775,52 @@ } void -setLogUri(ClientHttpRequest * http, char const *uri) +setLogUri(ClientHttpRequest * http, char const *uri, bool cleanUrl) { safe_free(http->log_uri); - if (!stringHasCntl(uri)) + if (!cleanUrl) + // The uri is already clean just dump it. http->log_uri = xstrndup(uri, MAX_URL); - else - http->log_uri = xstrndup(rfc1738_escape_unescaped(uri), MAX_URL); + else { + int flags = 0; + switch (Config.uri_whitespace) { + case URI_WHITESPACE_ALLOW: + flags |= RFC1738_ESCAPE_NOSPACE; + + case URI_WHITESPACE_ENCODE: + flags |= RFC1738_ESCAPE_UNESCAPED; + http->log_uri = xstrndup(rfc1738_do_escape(uri, flags), MAX_URL); + break; + + case URI_WHITESPACE_CHOP: { + flags |= RFC1738_ESCAPE_NOSPACE; + flags |= RFC1738_ESCAPE_UNESCAPED; + http->log_uri = xstrndup(rfc1738_do_escape(uri, flags), MAX_URL); + int pos = strcspn(http->log_uri, w_space); + http->log_uri[pos] = '\0'; + } + break; + + case URI_WHITESPACE_DENY: + case URI_WHITESPACE_STRIP: + default: { + const char *t; + char *tmp_uri = static_cast(xmalloc(strlen(uri) + 1)); + char *q = tmp_uri; + t = uri; + while (*t) { + if (!xisspace(*t)) + *q++ = *t; + t++; + } + *q = '\0'; + http->log_uri = xstrndup(rfc1738_escape_unescaped(tmp_uri), MAX_URL); + xfree(tmp_uri); + } + break; + } + } } static void @@ -1875,21 +1913,21 @@ return; /* already in good shape */ /* BUG: Squid cannot deal with '*' URLs (RFC2616 5.1.2) */ + // BUG 2976: Squid only accepts intercepted HTTP. if ((host = mime_get_header(req_hdr, "Host")) != NULL) { int url_sz = strlen(url) + 32 + Config.appendDomainLen + strlen(host); http->uri = (char *)xcalloc(url_sz, 1); - snprintf(http->uri, url_sz, "%s://%s%s", - conn->port->protocol, host, url); + snprintf(http->uri, url_sz, "http://%s%s", /*conn->port->protocol,*/ host, url); debugs(33, 5, "TRANSPARENT HOST REWRITE: '" << http->uri <<"'"); } else { /* Put the local socket IP address as the hostname. */ int url_sz = strlen(url) + 32 + Config.appendDomainLen; http->uri = (char *)xcalloc(url_sz, 1); http->getConn()->me.ToHostname(ipbuf,MAX_IPSTRLEN), - snprintf(http->uri, url_sz, "%s://%s:%d%s", - http->getConn()->port->protocol, + snprintf(http->uri, url_sz, "http://%s:%d%s", + // http->getConn()->port->protocol, ipbuf, http->getConn()->me.GetPort(), url); debugs(33, 5, "TRANSPARENT REWRITE: '" << http->uri << "'"); } @@ -2133,7 +2171,6 @@ strcpy(http->uri, url); } - setLogUri(http, http->uri); debugs(33, 5, "parseHttpRequest: Complete request received"); result->flags.parsed_ok = 1; xfree(url); @@ -2323,7 +2360,9 @@ if (context->flags.parsed_ok == 0) { clientStreamNode *node = context->getClientReplyContext(); - debugs(33, 1, "clientProcessRequest: Invalid Request"); + debugs(33, 2, "clientProcessRequest: Invalid Request"); + // setLogUri should called before repContext->setReplyToError + setLogUri(http, http->uri, true); clientReplyContext *repContext = dynamic_cast(node->data.getRaw()); assert (repContext); repContext->setReplyToError(ERR_INVALID_REQ, HTTP_BAD_REQUEST, method, NULL, conn->peer, NULL, conn->in.buf, NULL); @@ -2336,6 +2375,8 @@ if ((request = HttpRequest::CreateFromUrlAndMethod(http->uri, method)) == NULL) { clientStreamNode *node = context->getClientReplyContext(); debugs(33, 5, "Invalid URL: " << http->uri); + // setLogUri should called before repContext->setReplyToError + setLogUri(http, http->uri, true); clientReplyContext *repContext = dynamic_cast(node->data.getRaw()); assert (repContext); repContext->setReplyToError(ERR_INVALID_URL, HTTP_BAD_REQUEST, method, http->uri, conn->peer, NULL, NULL, NULL); @@ -2353,6 +2394,8 @@ clientStreamNode *node = context->getClientReplyContext(); debugs(33, 5, "Unsupported HTTP version discovered. :\n" << HttpParserHdrBuf(hp)); + // setLogUri should called before repContext->setReplyToError + setLogUri(http, http->uri, true); clientReplyContext *repContext = dynamic_cast(node->data.getRaw()); assert (repContext); repContext->setReplyToError(ERR_UNSUP_HTTPVERSION, HTTP_HTTP_VERSION_NOT_SUPPORTED, method, http->uri, conn->peer, NULL, HttpParserHdrBuf(hp), NULL); @@ -2368,6 +2411,8 @@ if (http_ver.major >= 1 && !request->parseHeader(HttpParserHdrBuf(hp), HttpParserHdrSz(hp))) { clientStreamNode *node = context->getClientReplyContext(); debugs(33, 5, "Failed to parse request headers:\n" << HttpParserHdrBuf(hp)); + // setLogUri should called before repContext->setReplyToError + setLogUri(http, http->uri, true); clientReplyContext *repContext = dynamic_cast(node->data.getRaw()); assert (repContext); repContext->setReplyToError(ERR_INVALID_REQ, HTTP_BAD_REQUEST, method, http->uri, conn->peer, NULL, NULL, NULL); diff -u -r -N squid-3.1.11/src/client_side.h squid-3.1.12/src/client_side.h --- squid-3.1.11/src/client_side.h 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/client_side.h 2011-04-04 13:24:06.000000000 +1200 @@ -289,7 +289,7 @@ /* convenience class while splitting up body handling */ /* temporary existence only - on stack use expected */ -void setLogUri(ClientHttpRequest * http, char const *uri); +void setLogUri(ClientHttpRequest * http, char const *uri, bool cleanUrl = false); const char *findTrailingHTTPVersion(const char *uriAndHTTPVersion, const char *end = NULL); diff -u -r -N squid-3.1.11/src/client_side_reply.cc squid-3.1.12/src/client_side_reply.cc --- squid-3.1.11/src/client_side_reply.cc 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/client_side_reply.cc 2011-04-04 13:24:06.000000000 +1200 @@ -1329,8 +1329,9 @@ else if (http->storeEntry()->timestamp > 0) hdr->insertTime(HDR_DATE, http->storeEntry()->timestamp); else { - debugs(88,1,"WARNING: An error inside Squid has caused an HTTP reply without Date:. Please report this"); - /* TODO: dump something useful about the problem */ + debugs(88,DBG_IMPORTANT,"WARNING: An error inside Squid has caused an HTTP reply without Date:. Please report this:"); + /* dump something useful about the problem */ + http->storeEntry()->dump(DBG_IMPORTANT); } } diff -u -r -N squid-3.1.11/src/client_side_request.cc squid-3.1.12/src/client_side_request.cc --- squid-3.1.11/src/client_side_request.cc 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/client_side_request.cc 2011-04-04 13:24:06.000000000 +1200 @@ -1178,7 +1178,8 @@ return; if (errflag) { - getConn()->startClosing("CONNECT response failure in SslBump"); + debugs(85, 3, HERE << "CONNECT response failure in SslBump: " << errflag); + comm_close(getConn()->fd); return; } diff -u -r -N squid-3.1.11/src/comm_devpoll.cc squid-3.1.12/src/comm_devpoll.cc --- squid-3.1.11/src/comm_devpoll.cc 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/comm_devpoll.cc 2011-04-04 13:24:06.000000000 +1200 @@ -88,7 +88,7 @@ * pfds structure elements have been set) until it is full before it * is written out the API. */ -struct { +static struct { struct pollfd *pfds; /**< ptr to array of struct pollfd config elements */ int cur; /**< index of last written element of array, or -1 if none */ int size; /**< maximum number of elements in array */ diff -u -r -N squid-3.1.11/src/dns_internal.cc squid-3.1.12/src/dns_internal.cc --- squid-3.1.11/src/dns_internal.cc 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/dns_internal.cc 2011-04-04 13:24:06.000000000 +1200 @@ -103,7 +103,7 @@ char buf[RESOLV_BUFSZ]; char name[NS_MAXDNAME + 1]; char orig[NS_MAXDNAME + 1]; - size_t sz; + ssize_t sz; unsigned short id; int nsends; int need_vc; @@ -1050,6 +1050,14 @@ debugs(78, 3, "idnsGrokReply: Trying A Query for " << q->name); q->sz = rfc3596BuildAQuery(q->name, q->buf, sizeof(q->buf), q->id, &q->query); } + + if (q->sz < 0) { + /* problem with query data -- query not sent */ + idnsCallback(static_cast(q->callback_data), NULL, 0, "Internal error"); + cbdataFree(q); + return; + } + idnsCacheQuery(q); idnsSendQuery(q); return; @@ -1088,6 +1096,14 @@ rfc1035SetQueryID(q->buf, q->id); q->sz = rfc3596BuildAQuery(q->name, q->buf, sizeof(q->buf), q->id, &q->query); q->need_A = false; + + if (q->sz < 0) { + /* problem with query data -- query not sent */ + idnsCallback(static_cast(q->callback_data), NULL, 0, "Internal error"); + cbdataFree(q); + return; + } + idnsCacheQuery(q); idnsSendQuery(q); return; @@ -1581,7 +1597,7 @@ q->id = idnsQueryID(); - if (Ip::EnableIpv6 && addr.IsIPv6()) { + if (addr.IsIPv6()) { struct in6_addr addr6; addr.GetInAddr(addr6); q->sz = rfc3596BuildPTRQuery6(addr6, q->buf, sizeof(q->buf), q->id, &q->query); diff -u -r -N squid-3.1.11/src/ftp.cc squid-3.1.12/src/ftp.cc --- squid-3.1.11/src/ftp.cc 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/ftp.cc 2011-04-04 13:24:06.000000000 +1200 @@ -3083,6 +3083,14 @@ return; } + if (io.flag != COMM_OK) { + data.close(); + debugs(9, DBG_IMPORTANT, "FTP AcceptDataConnection: FD " << io.fd << ": " << xstrerr(io.xerrno)); + /** \todo Need to send error message on control channel*/ + ftpFail(this); + return; + } + /** \par * When squid.conf ftp_sanitycheck is enabled, check the new connection is actually being * made by the remote client which is connected to the FTP control socket. @@ -3106,13 +3114,6 @@ } } - if (io.flag != COMM_OK) { - debugs(9, DBG_IMPORTANT, "ftpHandleDataAccept: comm_accept(" << io.nfd << "): " << xstrerr(io.xerrno)); - /** \todo XXX Need to set error message */ - ftpFail(this); - return; - } - /**\par * Replace the Listen socket with the accepted data socket */ data.close(); diff -u -r -N squid-3.1.11/src/htcp.cc squid-3.1.12/src/htcp.cc --- squid-3.1.11/src/htcp.cc 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/htcp.cc 2011-04-04 13:24:06.000000000 +1200 @@ -1347,10 +1347,10 @@ htcpDataHeader hdr; char *hbuf; int hsz; - assert (sz >= 0); - if ((size_t)sz < sizeof(htcpHeader)) { - debugs(31, 3, "htcpHandle: msg size less than htcpHeader size"); + if (sz < 0 || (size_t)sz < sizeof(htcpHeader)) { + // These are highly likely to be attack packets. Should probably get a bigger warning. + debugs(31, 2, "htcpHandle: msg size less than htcpHeader size from " << from); return; } diff -u -r -N squid-3.1.11/src/http.cc squid-3.1.12/src/http.cc --- squid-3.1.11/src/http.cc 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/http.cc 2011-04-04 13:24:06.000000000 +1200 @@ -85,7 +85,7 @@ surrogateNoStore = false; fd = fwd->server_fd; readBuf = new MemBuf; - readBuf->init(); + readBuf->init(16*1024, 256*1024); orig_request = HTTPMSGLOCK(fwd->request); // reset peer response time stats for %method) << " " << entry->url() << "\"" ); + debugs(11, 2, "statusIfComplete: Request not yet fully sent \"" << RequestMethodStr(orig_request->method) << " " << entry->url() << "\"" ); return COMPLETE_NONPERSISTENT_MSG; } @@ -2076,7 +2076,7 @@ #if HTTP_VIOLATIONS if (Config.accessList.brokenPosts) { - ACLFilledChecklist ch(Config.accessList.brokenPosts, request, NULL); + ACLFilledChecklist ch(Config.accessList.brokenPosts, originalRequest(), NULL); if (!ch.fastCheck()) { debugs(11, 5, "doneSendingRequestBody: didn't match brokenPosts"); CommIoCbParams io(NULL); diff -u -r -N squid-3.1.11/src/HttpMsg.h squid-3.1.12/src/HttpMsg.h --- squid-3.1.11/src/HttpMsg.h 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/HttpMsg.h 2011-04-04 13:24:06.000000000 +1200 @@ -208,8 +208,7 @@ const Msg &operator *() const { return *msg; } Msg *operator ->() { return msg; } const Msg *operator ->() const { return msg; } - operator Msg *() { return msg; } - operator const Msg *() const { return msg; } + operator Msg *() const { return msg; } // add more as needed /// public access for HttpMsgPointerT copying and assignment; avoid diff -u -r -N squid-3.1.11/src/ip/IpAddress.cc squid-3.1.12/src/ip/IpAddress.cc --- squid-3.1.11/src/ip/IpAddress.cc 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/ip/IpAddress.cc 2011-04-04 13:24:06.000000000 +1200 @@ -375,7 +375,7 @@ #endif if ( (err = xgetaddrinfo(s, NULL, &want, &res)) != 0) { - debugs(14,3, HERE << "Given Bad IP '" << s << "': " << xgai_strerror(err) ); + debugs(14,3, HERE << "Given Non-IP '" << s << "': " << xgai_strerror(err) ); /* free the memory xgetaddrinfo() dynamically allocated. */ if (res) { xfreeaddrinfo(res); diff -u -r -N squid-3.1.11/src/neighbors.cc squid-3.1.12/src/neighbors.cc --- squid-3.1.11/src/neighbors.cc 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/neighbors.cc 2011-04-04 13:24:06.000000000 +1200 @@ -167,6 +167,11 @@ return 0; } + // CONNECT requests are proxy requests. Not to be forwarded to origin servers. + // Unless the destination port matches, in which case we MAY perform a 'DIRECT' to this peer. + if (p->options.originserver && request->method == METHOD_CONNECT && request->port != p->in_addr.GetPort()) + return 0; + if (p->peer_domain == NULL && p->access == NULL) return do_ping; diff -u -r -N squid-3.1.11/src/repl/heap/store_repl_heap.cc squid-3.1.12/src/repl/heap/store_repl_heap.cc --- squid-3.1.11/src/repl/heap/store_repl_heap.cc 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/repl/heap/store_repl_heap.cc 2011-04-04 13:24:06.000000000 +1200 @@ -336,7 +336,10 @@ } /* No additional arguments expected */ - assert(!args); + while (args) { + debugs(81, DBG_IMPORTANT, "WARNING: discarding unknown removal policy '" << args->key << "'"); + args = args->next; + } heap_data->theHeap = new_heap(1000, heap_data->keyfunc); diff -u -r -N squid-3.1.11/src/Server.cc squid-3.1.12/src/Server.cc --- squid-3.1.11/src/Server.cc 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/Server.cc 2011-04-04 13:24:06.000000000 +1200 @@ -815,7 +815,7 @@ // The callback can be called with a NULL service if adaptation is off. adaptationAccessCheckPending = Adaptation::AccessCheck::Start( Adaptation::methodRespmod, Adaptation::pointPreCache, - request, virginReply(), adaptationAclCheckDoneWrapper, this); + originalRequest(), virginReply(), adaptationAclCheckDoneWrapper, this); debugs(11,5, HERE << "adaptationAccessCheckPending=" << adaptationAccessCheckPending); if (adaptationAccessCheckPending) return; diff -u -r -N squid-3.1.11/src/stat.cc squid-3.1.12/src/stat.cc --- squid-3.1.11/src/stat.cc 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/stat.cc 2011-04-04 13:24:06.000000000 +1200 @@ -445,14 +445,6 @@ struct rusage rusage; double cputime; double runtime; -#if HAVE_MSTATS && HAVE_GNUMALLOC_H - - struct mstats ms; -#elif HAVE_MALLINFO && HAVE_STRUCT_MALLINFO - - struct mallinfo mp; - long t; -#endif runtime = tvSubDsec(squid_start, current_time); @@ -624,72 +616,73 @@ #if HAVE_MSTATS && HAVE_GNUMALLOC_H - ms = mstats(); + + struct mstats ms = mstats(); storeAppendPrintf(sentry, "Memory usage for %s via mstats():\n",APP_SHORTNAME); - storeAppendPrintf(sentry, "\tTotal space in arena: %6ld KB\n", - (long)(ms.bytes_total >> 10)); + storeAppendPrintf(sentry, "\tTotal space in arena: %6.0f KB\n", + static_cast(ms.bytes_total / 1024)); - storeAppendPrintf(sentry, "\tTotal free: %6ld KB %d%%\n", - (long)(ms.bytes_free >> 10), Math::intPercent(ms.bytes_free, ms.bytes_total)); + storeAppendPrintf(sentry, "\tTotal free: %6.0f KB %.0f%%\n", + static_cast(ms.bytes_free / 1024), + Math::doublePercent(static_cast(ms.bytes_free), static_cast(ms.bytes_total))); #elif HAVE_MALLINFO && HAVE_STRUCT_MALLINFO - mp = mallinfo(); + struct mallinfo mp = mallinfo(); storeAppendPrintf(sentry, "Memory usage for %s via mallinfo():\n",APP_SHORTNAME); - storeAppendPrintf(sentry, "\tTotal space in arena: %6ld KB\n", - (long)(mp.arena >> 10)); + storeAppendPrintf(sentry, "\tTotal space in arena: %6.0f KB\n", + static_cast(mp.arena / 1024)); - storeAppendPrintf(sentry, "\tOrdinary blocks: %6ld KB %6ld blks\n", - (long)(mp.uordblks >> 10), (long)mp.ordblks); + storeAppendPrintf(sentry, "\tOrdinary blocks: %6.0f KB %6.0f blks\n", + static_cast(mp.uordblks / 1024), static_cast(mp.ordblks)); - storeAppendPrintf(sentry, "\tSmall blocks: %6ld KB %6ld blks\n", - (long)(mp.usmblks >> 10), (long)mp.smblks); + storeAppendPrintf(sentry, "\tSmall blocks: %6.0f KB %6.0f blks\n", + static_cast(mp.usmblks / 1024), static_cast(mp.smblks)); - storeAppendPrintf(sentry, "\tHolding blocks: %6ld KB %6ld blks\n", - (long)(mp.hblkhd >> 10), (long)mp.hblks); + storeAppendPrintf(sentry, "\tHolding blocks: %6.0f KB %6.0f blks\n", + static_cast(mp.hblkhd / 1024), static_cast(mp.hblks)); - storeAppendPrintf(sentry, "\tFree Small blocks: %6ld KB\n", - (long)(mp.fsmblks >> 10)); + storeAppendPrintf(sentry, "\tFree Small blocks: %6.0f KB\n", + static_cast(mp.fsmblks / 1024)); - storeAppendPrintf(sentry, "\tFree Ordinary blocks: %6ld KB\n", - (long)(mp.fordblks >> 10)); + storeAppendPrintf(sentry, "\tFree Ordinary blocks: %6.0f KB\n", + static_cast(mp.fordblks / 1024)); - t = mp.uordblks + mp.usmblks + mp.hblkhd; + double t = mp.uordblks + mp.usmblks + mp.hblkhd; - storeAppendPrintf(sentry, "\tTotal in use: %6ld KB %d%%\n", - (long)(t >> 10), Math::intPercent(t, mp.arena + mp.hblkhd)); + storeAppendPrintf(sentry, "\tTotal in use: %6.0f KB %.0f%%\n", + (t / 1024), Math::doublePercent(t, static_cast(mp.arena + mp.hblkhd))); t = mp.fsmblks + mp.fordblks; - storeAppendPrintf(sentry, "\tTotal free: %6ld KB %d%%\n", - (long)(t >> 10), Math::intPercent(t, mp.arena + mp.hblkhd)); + storeAppendPrintf(sentry, "\tTotal free: %6.0f KB %.0f%%\n", + (t / 1024), Math::doublePercent(t, static_cast(mp.arena + mp.hblkhd))); t = mp.arena + mp.hblkhd; - storeAppendPrintf(sentry, "\tTotal size: %6ld KB\n", - (long)(t >> 10)); + storeAppendPrintf(sentry, "\tTotal size: %6.0f KB\n", (t / 1024)); #if HAVE_STRUCT_MALLINFO_MXFAST - storeAppendPrintf(sentry, "\tmax size of small blocks:\t%d\n", mp.mxfast); + storeAppendPrintf(sentry, "\tmax size of small blocks:\t%.0f\n", static_cast(mp.mxfast)); - storeAppendPrintf(sentry, "\tnumber of small blocks in a holding block:\t%ld\n", - (long)mp.nlblks); + storeAppendPrintf(sentry, "\tnumber of small blocks in a holding block:\t%6.0f\n", + static_cast(mp.nlblks)); - storeAppendPrintf(sentry, "\tsmall block rounding factor:\t%ld\n", (long)mp.grain); + storeAppendPrintf(sentry, "\tsmall block rounding factor:\t%.0f\n", static_cast(mp.grain)); - storeAppendPrintf(sentry, "\tspace (including overhead) allocated in ord. blks:\t%ld\n", - (long)mp.uordbytes); + storeAppendPrintf(sentry, "\tspace (including overhead) allocated in ord. blks:\t%.0f\n", + static_cast(mp.uordbytes)); - storeAppendPrintf(sentry, "\tnumber of ordinary blocks allocated:\t%ld\n", - (long)mp.allocated); + storeAppendPrintf(sentry, "\tnumber of ordinary blocks allocated:\t%.0f\n", + static_cast(mp.allocated)); - storeAppendPrintf(sentry, "\tbytes used in maintaining the free tree:\t%ld\n", - (long)mp.treeoverhead); + storeAppendPrintf(sentry, "\tbytes used in maintaining the free tree:\t%.0f\n", + static_cast(mp.treeoverhead)); #endif /* HAVE_STRUCT_MALLINFO_MXFAST */ #endif /* HAVE_MALLINFO */ @@ -698,13 +691,13 @@ #if !(HAVE_MSTATS && HAVE_GNUMALLOC_H) && HAVE_MALLINFO && HAVE_STRUCT_MALLINFO - storeAppendPrintf(sentry, "\tTotal accounted: %6ld KB %3d%%\n", - (long)(statMemoryAccounted() >> 10), Math::intPercent(statMemoryAccounted(), t)); + storeAppendPrintf(sentry, "\tTotal accounted: %6.0f KB %.0f%%\n", + (statMemoryAccounted() / 1024), Math::doublePercent(statMemoryAccounted(), t)); #else - storeAppendPrintf(sentry, "\tTotal accounted: %6ld KB\n", - (long)(statMemoryAccounted() >> 10)); + storeAppendPrintf(sentry, "\tTotal accounted: %6.0f KB\n", + (statMemoryAccounted() / 1024)); #endif { @@ -712,15 +705,15 @@ memPoolGetGlobalStats(&mp_stats); #if !(HAVE_MSTATS && HAVE_GNUMALLOC_H) && HAVE_MALLINFO && HAVE_STRUCT_MALLINFO - storeAppendPrintf(sentry, "\tmemPool accounted: %6ld KB %3d%%\n", - (long)(mp_stats.TheMeter->alloc.level >> 10), - Math::intPercent(mp_stats.TheMeter->alloc.level, t)); + storeAppendPrintf(sentry, "\tmemPool accounted: %6.0f KB %.0f%%\n", + static_cast(mp_stats.TheMeter->alloc.level / 1024), + Math::doublePercent(static_cast(mp_stats.TheMeter->alloc.level), t)); - int iFree = 0; + double iFree = 0; if (t >= mp_stats.TheMeter->alloc.level) - iFree = Math::intPercent((t - mp_stats.TheMeter->alloc.level), t); - storeAppendPrintf(sentry, "\tmemPool unaccounted: %6ld KB %3d%%\n", - (long)((t - mp_stats.TheMeter->alloc.level) >> 10), iFree); + iFree = Math::doublePercent((t - static_cast(mp_stats.TheMeter->alloc.level)), t); + storeAppendPrintf(sentry, "\tmemPool unaccounted: %6.0f KB %.0f%%\n", + static_cast((t - mp_stats.TheMeter->alloc.level) / 1024), iFree); #endif storeAppendPrintf(sentry, "\tmemPoolAlloc calls: %9.0f\n", @@ -1774,8 +1767,8 @@ #endif /* STAT_GRAPHS */ -int +double statMemoryAccounted(void) { - return memPoolsTotalAllocated(); + return static_cast(memPoolsTotalAllocated()); } diff -u -r -N squid-3.1.11/src/tunnel.cc squid-3.1.12/src/tunnel.cc --- squid-3.1.11/src/tunnel.cc 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/src/tunnel.cc 2011-04-04 13:24:06.000000000 +1200 @@ -589,7 +589,7 @@ err->callback_data = tunnelState; errorSend(tunnelState->client.fd(), err); } else { - if (tunnelState->servers->_peer) + if (tunnelState->servers->_peer && !tunnelState->servers->_peer->options.originserver) tunnelProxyConnected(tunnelState->server.fd(), tunnelState); else { tunnelConnected(tunnelState->server.fd(), tunnelState); @@ -772,7 +772,7 @@ if (fs->_peer) { tunnelState->request->peer_login = fs->_peer->login; - tunnelState->request->flags.proxying = 1; + tunnelState->request->flags.proxying = (fs->_peer->options.originserver?0:1); } else { tunnelState->request->peer_login = NULL; tunnelState->request->flags.proxying = 0; diff -u -r -N squid-3.1.11/tools/squidclient.1 squid-3.1.12/tools/squidclient.1 --- squid-3.1.11/tools/squidclient.1 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/tools/squidclient.1 2011-04-04 13:24:06.000000000 +1200 @@ -3,8 +3,9 @@ squidclient -- a simple HTTP web client .SH SYNOPSIS .B squidclient -.RB [ \-arsv ] -.RB [ \-g +.RB [ \-arsv ] [ \-A +.IR string +.RB ] [ \-g .IR count ] .RB [ \-h .IR remote\-host ] @@ -50,6 +51,10 @@ .SH OPTIONS .IP "\-a" Do NOT include Accept: header. +.IP "\-A 'string'" +Send +.B string +as User-Agent: header. To omit the header completely set string to empty (''). .IP "\-g \fIcount\fP" Ping mode, perform .I count diff -u -r -N squid-3.1.11/tools/squidclient.cc squid-3.1.12/tools/squidclient.cc --- squid-3.1.11/tools/squidclient.cc 2011-02-08 17:05:51.000000000 +1300 +++ squid-3.1.12/tools/squidclient.cc 2011-04-04 13:24:06.000000000 +1200 @@ -132,12 +132,13 @@ { fprintf(stderr, "Version: %s\n" - "Usage: %s [-arsv] [-g count] [-h remote host] [-H 'string'] [-i IMS] [-I ping-interval] [-j 'Host-header']" + "Usage: %s [-arsv] [-A 'string'] [-g count] [-h remote host] [-H 'string'] [-i IMS] [-I ping-interval] [-j 'Host-header']" "[-k] [-l local-host] [-m method] [-p port] [-P file] [-t count] [-T timeout] [-u proxy-user] [-U www-user] " "[-V version] [-w proxy-password] [-W www-password] url\n" "\n" "Options:\n" " -a Do NOT include Accept: header.\n" + " -A User-Agent: header. Use \"\" to omit.\n" " -g count Ping mode, perform \"count\" iterations (0 to loop until interrupted).\n" " -h host Retrieve URL from cache on hostname. Default is localhost.\n" " -H 'string' Extra headers to send. Use '\\n' for new lines.\n" @@ -192,6 +193,7 @@ const char *www_password = NULL; const char *host = NULL; const char *version = "1.0"; + const char *useragent = NULL; /* set the defaults */ hostname = "localhost"; @@ -213,13 +215,18 @@ if (url[0] == '-') usage(argv[0]); - while ((c = getopt(argc, argv, "ah:j:V:l:P:i:km:p:rsvt:g:p:I:H:T:u:U:w:W:?")) != -1) + while ((c = getopt(argc, argv, "aA:h:j:V:l:P:i:km:p:rsvt:g:p:I:H:T:u:U:w:W:?")) != -1) switch (c) { case 'a': opt_noaccept = 1; break; + case 'A': + if (optarg != NULL) + useragent = optarg; + break; + case 'h': /* remote host */ if (optarg != NULL) hostname = optarg; @@ -336,7 +343,15 @@ /* Build the HTTP request */ if (strncmp(url, "mgr:", 4) == 0) { char *t = xstrdup(url + 4); - snprintf(url, BUFSIZ, "cache_object://%s/%s", hostname, t); + const char *at = NULL; + if (!strrchr(t, '@')) { // ignore any -w password if @ is explicit already. + at = proxy_password; + } + // embed the -w proxy password into old-style cachemgr URLs + if (at) + snprintf(url, BUFSIZ, "cache_object://%s/%s@%s", hostname, t, at); + else + snprintf(url, BUFSIZ, "cache_object://%s/%s", hostname, t); xfree(t); } if (put_file) { @@ -383,8 +398,16 @@ strcat(msg,buf); } + if (useragent == NULL) { + snprintf(buf, BUFSIZ, "User-Agent: squidclient/%s\r\n", VERSION); + strcat(msg,buf); + } else if (useragent[0] != '\0') { + snprintf(buf, BUFSIZ, "User-Agent: %s\r\n", useragent); + strcat(msg,buf); + } + if (reload) { - snprintf(buf, BUFSIZ, "Pragma: no-cache\r\n"); + snprintf(buf, BUFSIZ, "Cache-Control: no-cache\r\n"); strcat(msg, buf); } if (put_fd > 0) {