diff -u -r -N squid-3.1.11/ChangeLog squid-3.1.12/ChangeLog
--- squid-3.1.11/ChangeLog 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/ChangeLog 2011-04-04 13:24:06.000000000 +1200
@@ -1,3 +1,24 @@
+Changes to squid-3.1.12 (04 Apr 2011):
+
+ - Regression fix: Use bigger buffer for server reads.
+ - Regression fix: Add reply_header_replace directive for ability lost since 2.7
+ - Bug 3181: /dev/poll fails to build on Solaris with GCC 4.5.0
+ - Bug 3177: assertion failed: comm.cc:1583: "fd >= 0"
+ - Bug 3175: IPv6 PTR lookup crashes on raw-IP URLs when IPv6 disabled
+ - Bug 3173: Assertion bodyPipe!=NULL on SslBump CONNECT response writing failure
+ - Bug 3164: Total memory info display 32-bit overflows
+ - Bug 3155: Werror is hard-coded in libTrie build
+ - Bug 3151: squid_kerb_auth: use autoconf LIBS instead of FLAGS for library linkage
+ - Bug 2976: invalid URL on intercepted requests during reconfigure
+ - Bug 2720: comment in same line as cache/mem_replacement_policy causes error
+ - Bug 2621: Provide request headers to RESPMOD when using cache_peer.
+ - Bug 2330: AuthUser objects are never unlocked
+ - Prevent CONNECT request relaying to origin servers
+ - squidclient HTTP/1.1 compliance updates (Pragma and User-Agent headers)
+ - squidclient: send Cache Manager password using -w
+ - eCAP: give full Request-URI to adapters
+ - ... and several debug and error display cleanups
+
Changes to squid-3.1.11 (08 Feb 2011):
- Bug 3149: not caching eCAP adapted body
diff -u -r -N squid-3.1.11/compat/compat_shared.h squid-3.1.12/compat/compat_shared.h
--- squid-3.1.11/compat/compat_shared.h 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/compat/compat_shared.h 2011-04-04 13:24:06.000000000 +1200
@@ -195,6 +195,9 @@
* Signalling flags are apparently not always provided.
* TODO find out if these can be moved into specific OS portability files.
*/
+#if HAVE_SIGNAL_H
+#include
+#endif
#ifndef SA_RESTART
#define SA_RESTART 0
#endif
diff -u -r -N squid-3.1.11/configure squid-3.1.12/configure
--- squid-3.1.11/configure 2011-02-08 17:07:06.000000000 +1300
+++ squid-3.1.12/configure 2011-04-04 13:25:13.000000000 +1200
@@ -1,7 +1,7 @@
#! /bin/sh
# From configure.ac Revision.
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.1.11.
+# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.1.12.
#
# Report bugs to .
#
@@ -575,8 +575,8 @@
# Identity of this package.
PACKAGE_NAME='Squid Web Proxy'
PACKAGE_TARNAME='squid'
-PACKAGE_VERSION='3.1.11'
-PACKAGE_STRING='Squid Web Proxy 3.1.11'
+PACKAGE_VERSION='3.1.12'
+PACKAGE_STRING='Squid Web Proxy 3.1.12'
PACKAGE_BUGREPORT='http://www.squid-cache.org/bugs/'
PACKAGE_URL=''
@@ -1536,7 +1536,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures Squid Web Proxy 3.1.11 to adapt to many kinds of systems.
+\`configure' configures Squid Web Proxy 3.1.12 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1606,7 +1606,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of Squid Web Proxy 3.1.11:";;
+ short | recursive ) echo "Configuration of Squid Web Proxy 3.1.12:";;
esac
cat <<\_ACEOF
@@ -1934,7 +1934,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-Squid Web Proxy configure 3.1.11
+Squid Web Proxy configure 3.1.12
generated by GNU Autoconf 2.68
Copyright (C) 2010 Free Software Foundation, Inc.
@@ -2945,7 +2945,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by Squid Web Proxy $as_me 3.1.11, which was
+It was created by Squid Web Proxy $as_me 3.1.12, which was
generated by GNU Autoconf 2.68. Invocation command line was
$ $0 $@
@@ -3764,7 +3764,7 @@
# Define the identity of the package.
PACKAGE='squid'
- VERSION='3.1.11'
+ VERSION='3.1.12'
cat >>confdefs.h <<_ACEOF
@@ -28045,7 +28045,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by Squid Web Proxy $as_me 3.1.11, which was
+This file was extended by Squid Web Proxy $as_me 3.1.12, which was
generated by GNU Autoconf 2.68. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -28111,7 +28111,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-Squid Web Proxy config.status 3.1.11
+Squid Web Proxy config.status 3.1.12
configured by $0, generated by GNU Autoconf 2.68,
with options \\"\$ac_cs_config\\"
diff -u -r -N squid-3.1.11/configure.ac squid-3.1.12/configure.ac
--- squid-3.1.11/configure.ac 2011-02-08 17:07:06.000000000 +1300
+++ squid-3.1.12/configure.ac 2011-04-04 13:25:13.000000000 +1200
@@ -2,7 +2,7 @@
dnl
dnl $Id$
dnl
-AC_INIT([Squid Web Proxy],[3.1.11],[http://www.squid-cache.org/bugs/],[squid])
+AC_INIT([Squid Web Proxy],[3.1.12],[http://www.squid-cache.org/bugs/],[squid])
AC_PREREQ(2.61)
AC_CONFIG_HEADERS([include/autoconf.h])
AC_CONFIG_AUX_DIR(cfgaux)
diff -u -r -N squid-3.1.11/helpers/negotiate_auth/squid_kerb_auth/configure squid-3.1.12/helpers/negotiate_auth/squid_kerb_auth/configure
--- squid-3.1.11/helpers/negotiate_auth/squid_kerb_auth/configure 2011-02-08 17:07:05.000000000 +1300
+++ squid-3.1.12/helpers/negotiate_auth/squid_kerb_auth/configure 2011-04-04 13:25:12.000000000 +1200
@@ -4138,7 +4138,7 @@
else
ac_gssapi_libs=`krb5-config --libs gssapi 2>/dev/null`
if test "x$ac_gssapi_libs" != "x" ; then
- LDFLAGS="$LDFLAGS $ac_gssapi_libs"
+ LIBS="$LIBS $ac_gssapi_libs"
else
for lib in $ac_gss_libs; do
as_ac_Lib=`$as_echo "ac_cv_lib_$lib''_main" | $as_tr_sh`
@@ -4254,7 +4254,7 @@
fi
ac_gssapi_libs=`krb5-config --libs gssapi 2>/dev/null`
if test "x$ac_gssapi_libs" != "x" ; then
- LDFLAGS="$LDFLAGS $ac_gssapi_libs"
+ LIBS="$LIBS $ac_gssapi_libs"
else
for lib in $ac_gss_libs; do
as_ac_Lib=`$as_echo "ac_cv_lib_$lib''_main" | $as_tr_sh`
@@ -4414,7 +4414,7 @@
ac_libdir=`echo $ac_gssapi_libs | sed -e 's/.*-L//' | sed -e 's/ .*//'`
LDFLAGS="$LDFLAGS $w_flag$ac_libdir$w_flag_2"
fi
- LDFLAGS="$LDFLAGS $ac_gssapi_libs"
+ LIBS="$LIBS $ac_gssapi_libs"
else
for lib in $ac_gss_libs; do
as_ac_Lib=`$as_echo "ac_cv_lib_$lib''_main" | $as_tr_sh`
@@ -4535,7 +4535,7 @@
ac_libdir=`echo $ac_gssapi_libs | sed -e 's/.*-L//' | sed -e 's/ .*//'`
LDFLAGS="$LDFLAGS $w_flag$ac_libdir$w_flag_2"
fi
- LDFLAGS="$LDFLAGS $ac_gssapi_libs"
+ LIBS="$LIBS $ac_gssapi_libs"
else
for lib in $ac_gss_libs; do
as_ac_Lib=`$as_echo "ac_cv_lib_$lib''_main" | $as_tr_sh`
diff -u -r -N squid-3.1.11/helpers/negotiate_auth/squid_kerb_auth/configure.ac squid-3.1.12/helpers/negotiate_auth/squid_kerb_auth/configure.ac
--- squid-3.1.11/helpers/negotiate_auth/squid_kerb_auth/configure.ac 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/helpers/negotiate_auth/squid_kerb_auth/configure.ac 2011-04-04 13:24:06.000000000 +1200
@@ -93,7 +93,7 @@
else
ac_gssapi_libs=`krb5-config --libs gssapi 2>/dev/null`
if test "x$ac_gssapi_libs" != "x" ; then
- LDFLAGS="$LDFLAGS $ac_gssapi_libs"
+ LIBS="$LIBS $ac_gssapi_libs"
else
for lib in $ac_gss_libs; do
AC_CHECK_LIB($lib,main)
@@ -117,7 +117,7 @@
fi
ac_gssapi_libs=`krb5-config --libs gssapi 2>/dev/null`
if test "x$ac_gssapi_libs" != "x" ; then
- LDFLAGS="$LDFLAGS $ac_gssapi_libs"
+ LIBS="$LIBS $ac_gssapi_libs"
else
for lib in $ac_gss_libs; do
AC_CHECK_LIB($lib,main)
@@ -171,7 +171,7 @@
ac_libdir=`echo $ac_gssapi_libs | sed -e 's/.*-L//' | sed -e 's/ .*//'`
LDFLAGS="$LDFLAGS $w_flag$ac_libdir$w_flag_2"
fi
- LDFLAGS="$LDFLAGS $ac_gssapi_libs"
+ LIBS="$LIBS $ac_gssapi_libs"
else
for lib in $ac_gss_libs; do
AC_CHECK_LIB($lib,main)
@@ -200,7 +200,7 @@
ac_libdir=`echo $ac_gssapi_libs | sed -e 's/.*-L//' | sed -e 's/ .*//'`
LDFLAGS="$LDFLAGS $w_flag$ac_libdir$w_flag_2"
fi
- LDFLAGS="$LDFLAGS $ac_gssapi_libs"
+ LIBS="$LIBS $ac_gssapi_libs"
else
for lib in $ac_gss_libs; do
AC_CHECK_LIB($lib,main)
diff -u -r -N squid-3.1.11/include/rfc1738.h squid-3.1.12/include/rfc1738.h
--- squid-3.1.11/include/rfc1738.h 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/include/rfc1738.h 2011-04-04 13:24:06.000000000 +1200
@@ -4,35 +4,46 @@
/* for SQUIDCEXTERN */
#include "config.h"
-
-/* Encoder rfc1738_do_escape flag values. */
-#define RFC1738_ESCAPE_UNSAFE 0
-#define RFC1738_ESCAPE_RESERVED 1
-#define RFC1738_ESCAPE_UNESCAPED -1
-
+#define RFC1738_ESCAPE_CTRLS 1
+#define RFC1738_ESCAPE_UNSAFE 2
+#define RFC1738_ESCAPE_RESERVED 4
+#define RFC1738_ESCAPE_ALL (RFC1738_ESCAPE_UNSAFE|RFC1738_ESCAPE_RESERVED|RFC1738_ESCAPE_CTRLS)
+// exclusions
+#define RFC1738_ESCAPE_NOSPACE 128
+#define RFC1738_ESCAPE_NOPERCENT 256
+// Backward compatibility
+#define RFC1738_ESCAPE_UNESCAPED (RFC1738_ESCAPE_UNSAFE|RFC1738_ESCAPE_CTRLS|RFC1738_ESCAPE_NOPERCENT)
/**
* \group rfc1738 RFC 1738 URL-escaping library
*
* Public API is formed of a triplet of encode functions mapping to the rfc1738_do_encode() engine.
*
- * ASCII characters are split into three groups:
- * \item SAFE Characters which are safe to occur in any URL. For example A,B,C
- * \item UNSAFE Characters which are completely usafe to occur in any URL. For example; backspace, tab, space, newline
+ * ASCII characters are split into four groups:
+ * \item CTRLS Binary control codes. Dangerous to include in URLs.
+ * \item UNSAFE Characters which are completely usafe to occur in any URL. For example; backspace, tab, space, newline.
* \item RESERVED Characters which are reserved for special meaning and may only occur in certain parts of a URL.
*
* Returns a static buffer containing the RFC 1738 compliant, escaped version of the given url.
*
- * \param flags RFC1738_ESCAPE_UNSAFE Only encode unsafe characters. Ignore reserved.
- * \param flags RFC1738_ESCAPE_RESERVED Encode all unsafe and reserved characters.
- * \param flags RFC1738_ESCAPE_UNESCAPED Encode all unsafe characters which have not already been encoded.
+ * \param flags RFC1738_ESCAPE_CTRLS Encode the blatantly dangerous binary codes.
+ * \param flags RFC1738_ESCAPE_UNSAFE Encode printable unsafe characters (excluding CTRLs).
+ * \param flags RFC1738_ESCAPE_RESERVED Encode reserved characters.
+ * \param flags RFC1738_ESCAPE_ALL Encode all binary CTRL, unsafe and reserved characters.
+ * \param flags RFC1738_ESCAPE_NOSPACE Ignore the space whitespace character.
+ * \param flags RFC1738_ESCAPE_NOPERCENT Ignore the escaping delimiter '%'.
*/
SQUIDCEXTERN char *rfc1738_do_escape(const char *url, int flags);
-/* Old API functions */
-#define rfc1738_escape(x) rfc1738_do_escape(x, RFC1738_ESCAPE_UNSAFE)
-#define rfc1738_escape_part(x) rfc1738_do_escape(x, RFC1738_ESCAPE_RESERVED)
-#define rfc1738_escape_unescaped(x) rfc1738_do_escape(x, RFC1738_ESCAPE_UNESCAPED)
+/* Default RFC 1738 escaping. Escape all UNSAFE characters and binary CTRL codes */
+#define rfc1738_escape(x) rfc1738_do_escape(x, RFC1738_ESCAPE_UNSAFE|RFC1738_ESCAPE_CTRLS)
+
+/* Escape a partial URL. Encoding every binary code, unsafe or reserved character. */
+#define rfc1738_escape_part(x) rfc1738_do_escape(x, RFC1738_ESCAPE_ALL)
+
+/* Escape a URL. Encoding every unsafe characters but skipping reserved and already-encoded bytes.
+ * Suitable for safely encoding an absolute URL which may be encoded but is not trusted. */
+#define rfc1738_escape_unescaped(x) rfc1738_do_escape(x, RFC1738_ESCAPE_UNSAFE|RFC1738_ESCAPE_CTRLS|RFC1738_ESCAPE_NOPERCENT)
/**
diff -u -r -N squid-3.1.11/include/util.h squid-3.1.12/include/util.h
--- squid-3.1.11/include/util.h 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/include/util.h 2011-04-04 13:24:06.000000000 +1200
@@ -150,7 +150,7 @@
/*
* Returns the amount of known allocated memory
*/
-int statMemoryAccounted(void);
+double statMemoryAccounted(void);
/* Windows Port */
/* win32lib.c */
diff -u -r -N squid-3.1.11/include/version.h squid-3.1.12/include/version.h
--- squid-3.1.11/include/version.h 2011-02-08 17:07:06.000000000 +1300
+++ squid-3.1.12/include/version.h 2011-04-04 13:25:13.000000000 +1200
@@ -9,7 +9,7 @@
*/
#ifndef SQUID_RELEASE_TIME
-#define SQUID_RELEASE_TIME 1297137949
+#define SQUID_RELEASE_TIME 1301880244
#endif
#ifndef APP_SHORTNAME
diff -u -r -N squid-3.1.11/lib/libTrie/configure squid-3.1.12/lib/libTrie/configure
--- squid-3.1.11/lib/libTrie/configure 2011-02-08 17:06:57.000000000 +1300
+++ squid-3.1.12/lib/libTrie/configure 2011-04-04 13:25:06.000000000 +1200
@@ -705,6 +705,7 @@
enable_inline
enable_dependency_tracking
enable_maintainer_mode
+enable_strict_error_checking
'
ac_precious_vars='build_alias
host_alias
@@ -1357,6 +1358,10 @@
--enable-dependency-tracking do not reject slow dependency extractors
--enable-maintainer-mode enable make rules and dependencies not useful
(and sometimes confusing) to the casual installer
+ --disable-strict-error-checking
+ By default compile with all possible static compiler
+ error-checks enabled. This flag disables the
+ behavior
Some influential environment variables:
CXX C++ compiler command
@@ -4170,15 +4175,33 @@
fi
+TRIE_CFLAGS=
+TRIE_CXXFLAGS=
if test "$GCC" = "yes"; then
- TRIE_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments"
- TRIE_CXXFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments"
-else
- TRIE_CFLAGS=
- TRIE_CXXFLAGS=
+ TRIE_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments"
+ TRIE_CXXFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wcomments"
+
+ # Check whether --enable-strict-error-checking was given.
+if test "${enable_strict_error_checking+set}" = set; then :
+ enableval=$enable_strict_error_checking;
+ case $enableval in
+ yes|1|true)
+ enable_strict_error_checking=yes
+ ;;
+ *)
+ enable_strict_error_checking=no
+ ;;
+ esac
+
fi
-if test "$GCC" = "yes" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: strict error checking enabled: ${enable_strict_error_checking:=yes}" >&5
+$as_echo "$as_me: strict error checking enabled: ${enable_strict_error_checking:=yes}" >&6;}
+ if test "x${enable_strict_error_checking:=yes}" = "xyes"; then
+ TRIE_CFLAGS="-Werror $TRIE_CFLAGS"
+ TRIE_CXXFLAGS="-Werror $TRIE_CXXFLAGS"
+ fi
+
if test "$GCC" = "yes"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether compiler accepts -fhuge-objects" >&5
@@ -4210,7 +4233,7 @@
fi
fi #gcc
- TRIE_CXXFLAGS="$TRIE_CXXFLAGS $HUGE_OBJECT_FLAG"
+ TRIE_CXXFLAGS="$TRIE_CXXFLAGS $HUGE_OBJECT_FLAG"
fi
diff -u -r -N squid-3.1.11/lib/libTrie/configure.ac squid-3.1.12/lib/libTrie/configure.ac
--- squid-3.1.11/lib/libTrie/configure.ac 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/lib/libTrie/configure.ac 2011-04-04 13:24:06.000000000 +1200
@@ -58,17 +58,33 @@
AC_PROG_RANLIB
dnl set useful flags
+TRIE_CFLAGS=
+TRIE_CXXFLAGS=
if test "$GCC" = "yes"; then
- TRIE_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments"
- TRIE_CXXFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments"
-else
- TRIE_CFLAGS=
- TRIE_CXXFLAGS=
-fi
+ TRIE_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments"
+ TRIE_CXXFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wcomments"
+
+ AC_ARG_ENABLE(strict-error-checking,
+ AS_HELP_STRING([--disable-strict-error-checking],[By default compile
+ with all possible static compiler error-checks enabled.
+ This flag disables the behavior]), [
+ case $enableval in
+ yes|1|true)
+ enable_strict_error_checking=yes
+ ;;
+ *)
+ enable_strict_error_checking=no
+ ;;
+ esac
+ ])
+ AC_MSG_NOTICE([strict error checking enabled: ${enable_strict_error_checking:=yes}])
+ if test "x${enable_strict_error_checking:=yes}" = "xyes"; then
+ TRIE_CFLAGS="-Werror $TRIE_CFLAGS"
+ TRIE_CXXFLAGS="-Werror $TRIE_CXXFLAGS"
+ fi
-if test "$GCC" = "yes" ; then
- AC_TEST_CHECKFORHUGEOBJECTS
- TRIE_CXXFLAGS="$TRIE_CXXFLAGS $HUGE_OBJECT_FLAG"
+ AC_TEST_CHECKFORHUGEOBJECTS
+ TRIE_CXXFLAGS="$TRIE_CXXFLAGS $HUGE_OBJECT_FLAG"
fi
AC_SUBST(TRIE_CFLAGS)
diff -u -r -N squid-3.1.11/lib/rfc1738.c squid-3.1.12/lib/rfc1738.c
--- squid-3.1.11/lib/rfc1738.c 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/lib/rfc1738.c 2011-04-04 13:24:06.000000000 +1200
@@ -53,6 +53,7 @@
(char) 0x22, /* " */
(char) 0x23, /* # */
#if 0 /* done in code */
+ (char) 0x20, /* space */
(char) 0x25, /* % */
#endif
(char) 0x7B, /* { */
@@ -64,8 +65,7 @@
(char) 0x5B, /* [ */
(char) 0x5D, /* ] */
(char) 0x60, /* ` */
- (char) 0x27, /* ' */
- (char) 0x20 /* space */
+ (char) 0x27 /* ' */
};
static char rfc1738_reserved_chars[] = {
@@ -97,36 +97,49 @@
buf = (char*)xcalloc(bufsize, 1);
}
for (p = url, q = buf; *p != '\0' && q < (buf + bufsize - 1); p++, q++) {
+
+ /* a-z, A-Z and 0-9 are SAFE. */
+ if ((*p >= 'a' && *p <= 'z') || (*p >= 'A' && *p <= 'Z') || (*p >= '0' && *p <= '9')) {
+ *q = *p;
+ continue;
+ }
+
do_escape = 0;
/* RFC 1738 defines these chars as unsafe */
- for (i = 0; i < sizeof(rfc1738_unsafe_chars); i++) {
- if (*p == rfc1738_unsafe_chars[i]) {
- do_escape = 1;
- break;
+ if ((flags & RFC1738_ESCAPE_UNSAFE)) {
+ for (i = 0; i < sizeof(rfc1738_unsafe_chars); i++) {
+ if (*p == rfc1738_unsafe_chars[i]) {
+ do_escape = 1;
+ break;
+ }
}
+ /* Handle % separately */
+ if (!(flags & RFC1738_ESCAPE_NOPERCENT) && *p == '%')
+ do_escape = 1;
+ /* Handle space separately */
+ else if (!(flags & RFC1738_ESCAPE_NOSPACE) && *p <= ' ')
+ do_escape = 1;
}
- /* Handle % separately */
- if (flags != RFC1738_ESCAPE_UNESCAPED && *p == '%')
- do_escape = 1;
/* RFC 1738 defines these chars as reserved */
- for (i = 0; i < sizeof(rfc1738_reserved_chars) && flags == RFC1738_ESCAPE_RESERVED; i++) {
- if (*p == rfc1738_reserved_chars[i]) {
- do_escape = 1;
- break;
+ if ((flags & RFC1738_ESCAPE_RESERVED) && do_escape == 0) {
+ for (i = 0; i < sizeof(rfc1738_reserved_chars); i++) {
+ if (*p == rfc1738_reserved_chars[i]) {
+ do_escape = 1;
+ break;
+ }
}
}
- /* RFC 1738 says any control chars (0x00-0x1F) are encoded */
- if ((unsigned char) *p <= (unsigned char) 0x1F) {
- do_escape = 1;
- }
- /* RFC 1738 says 0x7f is encoded */
- if (*p == (char) 0x7F) {
- do_escape = 1;
- }
- /* RFC 1738 says any non-US-ASCII are encoded */
- if (((unsigned char) *p >= (unsigned char) 0x80)) {
- do_escape = 1;
+ if ((flags & RFC1738_ESCAPE_CTRLS) && do_escape == 0) {
+ /* RFC 1738 says any control chars (0x00-0x1F) are encoded */
+ if ((unsigned char) *p <= (unsigned char) 0x1F)
+ do_escape = 1;
+ /* RFC 1738 says 0x7f is encoded */
+ else if (*p == (char) 0x7F)
+ do_escape = 1;
+ /* RFC 1738 says any non-US-ASCII are encoded */
+ else if (((unsigned char) *p >= (unsigned char) 0x80))
+ do_escape = 1;
}
/* Do the triplet encoding, or just copy the char */
/* note: we do not need snprintf here as q is appropriately
diff -u -r -N squid-3.1.11/lib/stub_memaccount.c squid-3.1.12/lib/stub_memaccount.c
--- squid-3.1.11/lib/stub_memaccount.c 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/lib/stub_memaccount.c 2011-04-04 13:24:06.000000000 +1200
@@ -5,8 +5,8 @@
/* Stub function for programs not implementing statMemoryAccounted */
#include "config.h"
#include "util.h"
-int
+double
statMemoryAccounted(void)
{
- return -1;
+ return -1.0;
}
diff -u -r -N squid-3.1.11/lib/tests/testRFC1738.cc squid-3.1.12/lib/tests/testRFC1738.cc
--- squid-3.1.11/lib/tests/testRFC1738.cc 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/lib/tests/testRFC1738.cc 2011-04-04 13:24:06.000000000 +1200
@@ -86,10 +86,6 @@
{
char *result;
-#define RFC1738_ESCAPE_UNSAFE 0
-#define RFC1738_ESCAPE_RESERVED 1
-#define RFC1738_ESCAPE_UNESCAPED -1
-
/* TEST: Escaping only unsafe characters */
/* regular URL (no encoding needed) */
diff -u -r -N squid-3.1.11/lib/util.c squid-3.1.12/lib/util.c
--- squid-3.1.11/lib/util.c 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/lib/util.c 2011-04-04 13:24:06.000000000 +1200
@@ -365,9 +365,9 @@
static void
xmalloc_show_trace(void *p, int sign)
{
- int statMemoryAccounted();
- static size_t last_total = 0, last_accounted = 0, last_mallinfo = 0;
- size_t accounted = statMemoryAccounted();
+ static double last_accounted = 0;
+ static size_t last_total = 0, last_mallinfo = 0;
+ double accounted = statMemoryAccounted();
size_t mi = 0;
size_t sz;
#if HAVE_MALLINFO
@@ -381,10 +381,10 @@
xmalloc_count += sign > 0;
if (xmalloc_trace) {
- fprintf(stderr, "%c%8p size=%5d/%d acc=%5d/%d mallinfo=%5d/%d %s:%d %s",
+ fprintf(stderr, "%c%8p size=%5d/%d acc=%5.0f/%.0f mallinfo=%5d/%d %s:%d %s",
sign > 0 ? '+' : '-', p,
(int) xmalloc_total - last_total, (int) xmalloc_total,
- (int) accounted - last_accounted, (int) accounted,
+ accounted - last_accounted, accounted,
(int) mi - last_mallinfo, (int) mi,
xmalloc_file, xmalloc_line, xmalloc_func);
diff -u -r -N squid-3.1.11/RELEASENOTES.html squid-3.1.12/RELEASENOTES.html
--- squid-3.1.11/RELEASENOTES.html 2011-02-08 17:33:08.000000000 +1300
+++ squid-3.1.12/RELEASENOTES.html 2011-04-04 13:51:45.000000000 +1200
@@ -2,10 +2,10 @@
- Squid 3.1.11 release notes
+ Squid 3.1.12 release notes
-Squid 3.1.11 release notes
+Squid 3.1.12 release notes
Squid Developers
@@ -70,7 +70,7 @@
-The Squid Team are pleased to announce the release of Squid-3.1.11
+The Squid Team are pleased to announce the release of Squid-3.1.12
This new release is available for download from
http://www.squid-cache.org/Versions/v3/3.1/ or the
mirrors.
@@ -827,6 +827,28 @@
Controls how many different forward paths Squid will try
before giving up. Default: 10
+reply_header_replace
+This option allows you to change the contents of reply headers.
+
+ In Squid 2 header_replace (now deprecated) worked for both requests
+ and replies, while in Squid 3 it only did respect request headers.
+ This option brings back the functionality to replace the contents of
+ reply headers. Consult the documentation for usage details.
+
+
+
+
+request_header_replace
+This option allows you to change the contents of request headers.
+
+ To be consistent with the naming changes of header_access in Squid 3
+ (header_access has been split into two options request_header_access
+ and reply_header_access), header_replace (now deprecated) is being
+ replaced by request_header_replace.
+
+
+
+
icap_log
New option to write ICAP log files record ICAP transaction summaries, one line per
transaction. Similar to access.log.
@@ -1217,7 +1239,6 @@
debug_options rotate=
New parameter rotate=N to control number of cache.log rotations independent of other logs.
-
external_acl_type
New options 'ipv4' and 'ipv6' are added to set the IPv4/v6 protocol between Squid and its helpers.
Please be aware of some limits to these options. These options only affet the transport protocol used
@@ -1262,6 +1283,9 @@
+header_replace
+Deprecated. Use request_header_replace or reply_header_replace instead.
+
http_port transparent intercept ssl-bump connection-auth[=on|off] ignore-cc
Option 'transparent' is being deprecated in favour of 'intercept' which more clearly identifies what the option does.
For now option 'tproxy' remains with old behaviour meaning fully-invisible proxy using TPROXY support.
diff -u -r -N squid-3.1.11/src/acl/DomainData.cc squid-3.1.12/src/acl/DomainData.cc
--- squid-3.1.11/src/acl/DomainData.cc 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/acl/DomainData.cc 2011-04-04 13:24:06.000000000 +1200
@@ -95,13 +95,20 @@
char *const d3 = d2;
char *const d4 = d1;
ret = aclHostDomainCompare(d3, d4);
- }
-
- /* FIXME this warning may display d1 and d2 when it should display d3 and d4 */
- if (ret == 0) {
- debugs(28, 0, "WARNING: '" << d1 << "' is a subdomain of '" << d2 << "'");
- debugs(28, 0, "WARNING: because of this '" << (char *) a << "' is ignored to keep splay tree searching predictable");
- debugs(28, 0, "WARNING: You should probably remove '" << d1 << "' from the ACL named '" << AclMatchedName << "'");
+ if (ret == 0) {
+ // When a.example.com comes after .example.com in an ACL
+ // sub-domain is ignored. That is okay. Just important
+ debugs(28, DBG_IMPORTANT, "WARNING: '" << d3 << "' is a subdomain of '" << d4 << "'");
+ debugs(28, DBG_IMPORTANT, "WARNING: because of this '" << d3 << "' is ignored to keep splay tree searching predictable");
+ debugs(28, DBG_IMPORTANT, "WARNING: You should remove '" << (*d3=='.'?d4:d3) << "' from the ACL named '" << AclMatchedName << "'");
+ }
+ } else if (ret == 0) {
+ // When a.example.com comes before .example.com in an ACL
+ // discarding the wildcard is critically bad.
+ debugs(28, DBG_CRITICAL, "ERROR: '" << d1 << "' is a subdomain of '" << d2 << "'");
+ debugs(28, DBG_CRITICAL, "ERROR: because of this '" << d2 << "' is ignored to keep splay tree searching predictable");
+ debugs(28, DBG_CRITICAL, "ERROR: You should remove '" << (*d1=='.'?d2:d1) << "' from the ACL named '" << AclMatchedName << "'");
+ self_destruct();
}
return ret;
diff -u -r -N squid-3.1.11/src/adaptation/ecap/MessageRep.cc squid-3.1.12/src/adaptation/ecap/MessageRep.cc
--- squid-3.1.11/src/adaptation/ecap/MessageRep.cc 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/adaptation/ecap/MessageRep.cc 2011-04-04 13:24:06.000000000 +1200
@@ -50,7 +50,7 @@
theHeader.addEntry(e);
if (squidId == HDR_CONTENT_LENGTH)
- theMessage.content_length = theHeader.getInt64(HDR_CONTENT_LENGTH);
+ theMessage.content_length = theHeader.getInt64(HDR_CONTENT_LENGTH);
}
void
@@ -63,7 +63,7 @@
theHeader.delById(squidId);
if (squidId == HDR_CONTENT_LENGTH)
- theMessage.content_length = theHeader.getInt64(HDR_CONTENT_LENGTH);
+ theMessage.content_length = theHeader.getInt64(HDR_CONTENT_LENGTH);
}
libecap::Area
@@ -199,8 +199,10 @@
Adaptation::Ecap::RequestLineRep::Area
Adaptation::Ecap::RequestLineRep::uri() const
{
- return Area::FromTempBuffer(theMessage.urlpath.rawBuf(),
- theMessage.urlpath.size());
+ const char *fullUrl = urlCanonical(&theMessage);
+ Must(fullUrl);
+ // optimize: avoid copying by having an Area::Detail that locks theMessage
+ return Area::FromTempBuffer(fullUrl, strlen(fullUrl));
}
void
diff -u -r -N squid-3.1.11/src/adaptation/ecap/ServiceRep.cc squid-3.1.12/src/adaptation/ecap/ServiceRep.cc
--- squid-3.1.11/src/adaptation/ecap/ServiceRep.cc 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/adaptation/ecap/ServiceRep.cc 2011-04-04 13:24:06.000000000 +1200
@@ -32,11 +32,10 @@
Adaptation::Service::finalize();
theService = FindAdapterService(cfg().uri);
if (theService) {
- debugs(93,3, HERE << "starting eCAP service: " << theService->uri());
+ debugs(93,DBG_IMPORTANT, "Starting eCAP service: " << theService->uri());
theService->start();
} else {
- debugs(93,1, "Warning: configured ecap_service was not loaded: " <<
- cfg().uri);
+ debugs(93,DBG_IMPORTANT, "WARNING: configured ecap_service was not loaded: " << cfg().uri);
}
}
diff -u -r -N squid-3.1.11/src/auth/basic/auth_basic.cc squid-3.1.12/src/auth/basic/auth_basic.cc
--- squid-3.1.11/src/auth/basic/auth_basic.cc 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/auth/basic/auth_basic.cc 2011-04-04 13:24:06.000000000 +1200
@@ -122,7 +122,7 @@
return basicScheme::GetInstance().type();
}
-AuthBasicUserRequest::AuthBasicUserRequest() : _theUser(NULL)
+AuthBasicUserRequest::AuthBasicUserRequest()
{}
AuthBasicUserRequest::~AuthBasicUserRequest()
diff -u -r -N squid-3.1.11/src/auth/basic/auth_basic.h squid-3.1.12/src/auth/basic/auth_basic.h
--- squid-3.1.11/src/auth/basic/auth_basic.h 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/auth/basic/auth_basic.h 2011-04-04 13:24:06.000000000 +1200
@@ -95,14 +95,6 @@
virtual void authenticate(HttpRequest * request, ConnStateData *conn, http_hdr_type type);
virtual int module_direction();
virtual void module_start(RH *, void *);
- virtual AuthUser *user() {return _theUser;}
-
- virtual const AuthUser *user() const {return _theUser;}
-
- virtual void user (AuthUser *aUser) {_theUser=dynamic_cast(aUser);}
-
-private:
- BasicUser *_theUser;
};
MEMPROXY_CLASS_INLINE(AuthBasicUserRequest);
diff -u -r -N squid-3.1.11/src/auth/digest/auth_digest.cc squid-3.1.12/src/auth/digest/auth_digest.cc
--- squid-3.1.11/src/auth/digest/auth_digest.cc 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/auth/digest/auth_digest.cc 2011-04-04 13:24:06.000000000 +1200
@@ -1446,7 +1446,7 @@
AuthDigestUserRequest::AuthDigestUserRequest() : nonceb64(NULL) ,cnonce(NULL) ,realm(NULL),
pszPass(NULL) ,algorithm(NULL) ,pszMethod(NULL),
qop(NULL) ,uri(NULL) ,response(NULL),
- nonce(NULL), _theUser (NULL) ,
+ nonce(NULL),
credentials_ok (Unchecked)
{}
diff -u -r -N squid-3.1.11/src/auth/digest/auth_digest.h squid-3.1.12/src/auth/digest/auth_digest.h
--- squid-3.1.11/src/auth/digest/auth_digest.h 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/auth/digest/auth_digest.h 2011-04-04 13:24:06.000000000 +1200
@@ -70,11 +70,6 @@
#endif
virtual void module_start(RH *, void *);
- virtual AuthUser *user() {return _theUser;}
-
- virtual const AuthUser *user() const {return _theUser;}
-
- virtual void user(AuthUser *aUser) {_theUser=dynamic_cast(aUser);}
CredentialsState credentials() const;
void credentials(CredentialsState);
@@ -100,7 +95,6 @@
digest_nonce_h *nonce;
private:
- DigestUser *_theUser;
CredentialsState credentials_ok;
};
diff -u -r -N squid-3.1.11/src/auth/negotiate/auth_negotiate.cc squid-3.1.12/src/auth/negotiate/auth_negotiate.cc
--- squid-3.1.11/src/auth/negotiate/auth_negotiate.cc 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/auth/negotiate/auth_negotiate.cc 2011-04-04 13:24:06.000000000 +1200
@@ -758,8 +758,7 @@
}
AuthNegotiateUserRequest::AuthNegotiateUserRequest() :
- /*conn(NULL),*/ auth_state(AUTHENTICATE_STATE_NONE),
- _theUser(NULL)
+ /*conn(NULL),*/ auth_state(AUTHENTICATE_STATE_NONE)
{
waiting=0;
client_blob=0;
diff -u -r -N squid-3.1.11/src/auth/negotiate/auth_negotiate.h squid-3.1.12/src/auth/negotiate/auth_negotiate.h
--- squid-3.1.11/src/auth/negotiate/auth_negotiate.h 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/auth/negotiate/auth_negotiate.h 2011-04-04 13:24:06.000000000 +1200
@@ -72,14 +72,9 @@
virtual int module_direction();
virtual void onConnectionClose(ConnStateData *);
virtual void module_start(RH *, void *);
- virtual AuthUser *user() {return _theUser;}
-
- virtual const AuthUser *user() const {return _theUser;}
virtual void addHeader(HttpReply * rep, int accel);
- virtual void user (AuthUser *aUser) {_theUser=dynamic_cast(aUser);}
-
virtual const char * connLastHeader();
/*we need to store the helper server between requests */
@@ -102,10 +97,6 @@
/* need access to the request flags to mess around on pconn failure */
HttpRequest *request;
-
-private:
- /* the user */
- NegotiateUser * _theUser;
};
MEMPROXY_CLASS_INLINE(AuthNegotiateUserRequest);
diff -u -r -N squid-3.1.11/src/auth/ntlm/auth_ntlm.cc squid-3.1.12/src/auth/ntlm/auth_ntlm.cc
--- squid-3.1.11/src/auth/ntlm/auth_ntlm.cc 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/auth/ntlm/auth_ntlm.cc 2011-04-04 13:24:06.000000000 +1200
@@ -676,8 +676,7 @@
}
AuthNTLMUserRequest::AuthNTLMUserRequest() :
- /*conn(NULL),*/ auth_state(AUTHENTICATE_STATE_NONE),
- _theUser(NULL)
+ /*conn(NULL),*/ auth_state(AUTHENTICATE_STATE_NONE)
{
waiting=0;
client_blob=0;
diff -u -r -N squid-3.1.11/src/auth/ntlm/auth_ntlm.h squid-3.1.12/src/auth/ntlm/auth_ntlm.h
--- squid-3.1.11/src/auth/ntlm/auth_ntlm.h 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/auth/ntlm/auth_ntlm.h 2011-04-04 13:24:06.000000000 +1200
@@ -60,11 +60,6 @@
virtual int module_direction();
virtual void onConnectionClose(ConnStateData *);
virtual void module_start(RH *, void *);
- virtual AuthUser *user() {return _theUser;}
-
- virtual const AuthUser *user() const {return _theUser;}
-
- virtual void user (AuthUser *aUser) {_theUser=dynamic_cast(aUser);}
virtual const char * connLastHeader();
@@ -88,10 +83,6 @@
/* need access to the request flags to mess around on pconn failure */
HttpRequest *request;
-
-private:
- /* the user */
- NTLMUser * _theUser;
};
MEMPROXY_CLASS_INLINE(AuthNTLMUserRequest);
diff -u -r -N squid-3.1.11/src/cf.data.pre squid-3.1.12/src/cf.data.pre
--- squid-3.1.11/src/cf.data.pre 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/cf.data.pre 2011-04-04 13:24:06.000000000 +1200
@@ -3915,18 +3915,18 @@
performed).
DOC_END
-NAME: header_replace
+NAME: request_header_replace header_replace
IFDEF: HTTP_VIOLATIONS
TYPE: http_header_replace[]
LOC: Config.request_header_access
DEFAULT: none
DOC_START
- Usage: header_replace header_name message
- Example: header_replace User-Agent Nutscrape/1.0 (CP/M; 8-bit)
+ Usage: request_header_replace header_name message
+ Example: request_header_replace User-Agent Nutscrape/1.0 (CP/M; 8-bit)
This option allows you to change the contents of headers
- denied with header_access above, by replacing them with
- some fixed string. This replaces the old fake_user_agent
+ denied with request_header_access above, by replacing them
+ with some fixed string. This replaces the old fake_user_agent
option.
This only applies to request headers, not reply headers.
@@ -3934,6 +3934,24 @@
By default, headers are removed if denied.
DOC_END
+NAME: reply_header_replace
+IFDEF: HTTP_VIOLATIONS
+TYPE: http_header_replace[]
+LOC: Config.reply_header_access
+DEFAULT: none
+DOC_START
+ Usage: reply_header_replace header_name message
+ Example: reply_header_replace Server Foo/1.0
+
+ This option allows you to change the contents of headers
+ denied with reply_header_access above, by replacing them
+ with some fixed string.
+
+ This only applies to reply headers, not request headers.
+
+ By default, headers are removed if denied.
+DOC_END
+
NAME: relaxed_header_parser
COMMENT: on|off|warn
TYPE: tristate
diff -u -r -N squid-3.1.11/src/client_side.cc squid-3.1.12/src/client_side.cc
--- squid-3.1.11/src/client_side.cc 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/client_side.cc 2011-04-04 13:24:06.000000000 +1200
@@ -1775,14 +1775,52 @@
}
void
-setLogUri(ClientHttpRequest * http, char const *uri)
+setLogUri(ClientHttpRequest * http, char const *uri, bool cleanUrl)
{
safe_free(http->log_uri);
- if (!stringHasCntl(uri))
+ if (!cleanUrl)
+ // The uri is already clean just dump it.
http->log_uri = xstrndup(uri, MAX_URL);
- else
- http->log_uri = xstrndup(rfc1738_escape_unescaped(uri), MAX_URL);
+ else {
+ int flags = 0;
+ switch (Config.uri_whitespace) {
+ case URI_WHITESPACE_ALLOW:
+ flags |= RFC1738_ESCAPE_NOSPACE;
+
+ case URI_WHITESPACE_ENCODE:
+ flags |= RFC1738_ESCAPE_UNESCAPED;
+ http->log_uri = xstrndup(rfc1738_do_escape(uri, flags), MAX_URL);
+ break;
+
+ case URI_WHITESPACE_CHOP: {
+ flags |= RFC1738_ESCAPE_NOSPACE;
+ flags |= RFC1738_ESCAPE_UNESCAPED;
+ http->log_uri = xstrndup(rfc1738_do_escape(uri, flags), MAX_URL);
+ int pos = strcspn(http->log_uri, w_space);
+ http->log_uri[pos] = '\0';
+ }
+ break;
+
+ case URI_WHITESPACE_DENY:
+ case URI_WHITESPACE_STRIP:
+ default: {
+ const char *t;
+ char *tmp_uri = static_cast(xmalloc(strlen(uri) + 1));
+ char *q = tmp_uri;
+ t = uri;
+ while (*t) {
+ if (!xisspace(*t))
+ *q++ = *t;
+ t++;
+ }
+ *q = '\0';
+ http->log_uri = xstrndup(rfc1738_escape_unescaped(tmp_uri), MAX_URL);
+ xfree(tmp_uri);
+ }
+ break;
+ }
+ }
}
static void
@@ -1875,21 +1913,21 @@
return; /* already in good shape */
/* BUG: Squid cannot deal with '*' URLs (RFC2616 5.1.2) */
+ // BUG 2976: Squid only accepts intercepted HTTP.
if ((host = mime_get_header(req_hdr, "Host")) != NULL) {
int url_sz = strlen(url) + 32 + Config.appendDomainLen +
strlen(host);
http->uri = (char *)xcalloc(url_sz, 1);
- snprintf(http->uri, url_sz, "%s://%s%s",
- conn->port->protocol, host, url);
+ snprintf(http->uri, url_sz, "http://%s%s", /*conn->port->protocol,*/ host, url);
debugs(33, 5, "TRANSPARENT HOST REWRITE: '" << http->uri <<"'");
} else {
/* Put the local socket IP address as the hostname. */
int url_sz = strlen(url) + 32 + Config.appendDomainLen;
http->uri = (char *)xcalloc(url_sz, 1);
http->getConn()->me.ToHostname(ipbuf,MAX_IPSTRLEN),
- snprintf(http->uri, url_sz, "%s://%s:%d%s",
- http->getConn()->port->protocol,
+ snprintf(http->uri, url_sz, "http://%s:%d%s",
+ // http->getConn()->port->protocol,
ipbuf, http->getConn()->me.GetPort(), url);
debugs(33, 5, "TRANSPARENT REWRITE: '" << http->uri << "'");
}
@@ -2133,7 +2171,6 @@
strcpy(http->uri, url);
}
- setLogUri(http, http->uri);
debugs(33, 5, "parseHttpRequest: Complete request received");
result->flags.parsed_ok = 1;
xfree(url);
@@ -2323,7 +2360,9 @@
if (context->flags.parsed_ok == 0) {
clientStreamNode *node = context->getClientReplyContext();
- debugs(33, 1, "clientProcessRequest: Invalid Request");
+ debugs(33, 2, "clientProcessRequest: Invalid Request");
+ // setLogUri should called before repContext->setReplyToError
+ setLogUri(http, http->uri, true);
clientReplyContext *repContext = dynamic_cast(node->data.getRaw());
assert (repContext);
repContext->setReplyToError(ERR_INVALID_REQ, HTTP_BAD_REQUEST, method, NULL, conn->peer, NULL, conn->in.buf, NULL);
@@ -2336,6 +2375,8 @@
if ((request = HttpRequest::CreateFromUrlAndMethod(http->uri, method)) == NULL) {
clientStreamNode *node = context->getClientReplyContext();
debugs(33, 5, "Invalid URL: " << http->uri);
+ // setLogUri should called before repContext->setReplyToError
+ setLogUri(http, http->uri, true);
clientReplyContext *repContext = dynamic_cast(node->data.getRaw());
assert (repContext);
repContext->setReplyToError(ERR_INVALID_URL, HTTP_BAD_REQUEST, method, http->uri, conn->peer, NULL, NULL, NULL);
@@ -2353,6 +2394,8 @@
clientStreamNode *node = context->getClientReplyContext();
debugs(33, 5, "Unsupported HTTP version discovered. :\n" << HttpParserHdrBuf(hp));
+ // setLogUri should called before repContext->setReplyToError
+ setLogUri(http, http->uri, true);
clientReplyContext *repContext = dynamic_cast(node->data.getRaw());
assert (repContext);
repContext->setReplyToError(ERR_UNSUP_HTTPVERSION, HTTP_HTTP_VERSION_NOT_SUPPORTED, method, http->uri, conn->peer, NULL, HttpParserHdrBuf(hp), NULL);
@@ -2368,6 +2411,8 @@
if (http_ver.major >= 1 && !request->parseHeader(HttpParserHdrBuf(hp), HttpParserHdrSz(hp))) {
clientStreamNode *node = context->getClientReplyContext();
debugs(33, 5, "Failed to parse request headers:\n" << HttpParserHdrBuf(hp));
+ // setLogUri should called before repContext->setReplyToError
+ setLogUri(http, http->uri, true);
clientReplyContext *repContext = dynamic_cast(node->data.getRaw());
assert (repContext);
repContext->setReplyToError(ERR_INVALID_REQ, HTTP_BAD_REQUEST, method, http->uri, conn->peer, NULL, NULL, NULL);
diff -u -r -N squid-3.1.11/src/client_side.h squid-3.1.12/src/client_side.h
--- squid-3.1.11/src/client_side.h 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/client_side.h 2011-04-04 13:24:06.000000000 +1200
@@ -289,7 +289,7 @@
/* convenience class while splitting up body handling */
/* temporary existence only - on stack use expected */
-void setLogUri(ClientHttpRequest * http, char const *uri);
+void setLogUri(ClientHttpRequest * http, char const *uri, bool cleanUrl = false);
const char *findTrailingHTTPVersion(const char *uriAndHTTPVersion, const char *end = NULL);
diff -u -r -N squid-3.1.11/src/client_side_reply.cc squid-3.1.12/src/client_side_reply.cc
--- squid-3.1.11/src/client_side_reply.cc 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/client_side_reply.cc 2011-04-04 13:24:06.000000000 +1200
@@ -1329,8 +1329,9 @@
else if (http->storeEntry()->timestamp > 0)
hdr->insertTime(HDR_DATE, http->storeEntry()->timestamp);
else {
- debugs(88,1,"WARNING: An error inside Squid has caused an HTTP reply without Date:. Please report this");
- /* TODO: dump something useful about the problem */
+ debugs(88,DBG_IMPORTANT,"WARNING: An error inside Squid has caused an HTTP reply without Date:. Please report this:");
+ /* dump something useful about the problem */
+ http->storeEntry()->dump(DBG_IMPORTANT);
}
}
diff -u -r -N squid-3.1.11/src/client_side_request.cc squid-3.1.12/src/client_side_request.cc
--- squid-3.1.11/src/client_side_request.cc 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/client_side_request.cc 2011-04-04 13:24:06.000000000 +1200
@@ -1178,7 +1178,8 @@
return;
if (errflag) {
- getConn()->startClosing("CONNECT response failure in SslBump");
+ debugs(85, 3, HERE << "CONNECT response failure in SslBump: " << errflag);
+ comm_close(getConn()->fd);
return;
}
diff -u -r -N squid-3.1.11/src/comm_devpoll.cc squid-3.1.12/src/comm_devpoll.cc
--- squid-3.1.11/src/comm_devpoll.cc 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/comm_devpoll.cc 2011-04-04 13:24:06.000000000 +1200
@@ -88,7 +88,7 @@
* pfds structure elements have been set) until it is full before it
* is written out the API.
*/
-struct {
+static struct {
struct pollfd *pfds; /**< ptr to array of struct pollfd config elements */
int cur; /**< index of last written element of array, or -1 if none */
int size; /**< maximum number of elements in array */
diff -u -r -N squid-3.1.11/src/dns_internal.cc squid-3.1.12/src/dns_internal.cc
--- squid-3.1.11/src/dns_internal.cc 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/dns_internal.cc 2011-04-04 13:24:06.000000000 +1200
@@ -103,7 +103,7 @@
char buf[RESOLV_BUFSZ];
char name[NS_MAXDNAME + 1];
char orig[NS_MAXDNAME + 1];
- size_t sz;
+ ssize_t sz;
unsigned short id;
int nsends;
int need_vc;
@@ -1050,6 +1050,14 @@
debugs(78, 3, "idnsGrokReply: Trying A Query for " << q->name);
q->sz = rfc3596BuildAQuery(q->name, q->buf, sizeof(q->buf), q->id, &q->query);
}
+
+ if (q->sz < 0) {
+ /* problem with query data -- query not sent */
+ idnsCallback(static_cast(q->callback_data), NULL, 0, "Internal error");
+ cbdataFree(q);
+ return;
+ }
+
idnsCacheQuery(q);
idnsSendQuery(q);
return;
@@ -1088,6 +1096,14 @@
rfc1035SetQueryID(q->buf, q->id);
q->sz = rfc3596BuildAQuery(q->name, q->buf, sizeof(q->buf), q->id, &q->query);
q->need_A = false;
+
+ if (q->sz < 0) {
+ /* problem with query data -- query not sent */
+ idnsCallback(static_cast(q->callback_data), NULL, 0, "Internal error");
+ cbdataFree(q);
+ return;
+ }
+
idnsCacheQuery(q);
idnsSendQuery(q);
return;
@@ -1581,7 +1597,7 @@
q->id = idnsQueryID();
- if (Ip::EnableIpv6 && addr.IsIPv6()) {
+ if (addr.IsIPv6()) {
struct in6_addr addr6;
addr.GetInAddr(addr6);
q->sz = rfc3596BuildPTRQuery6(addr6, q->buf, sizeof(q->buf), q->id, &q->query);
diff -u -r -N squid-3.1.11/src/ftp.cc squid-3.1.12/src/ftp.cc
--- squid-3.1.11/src/ftp.cc 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/ftp.cc 2011-04-04 13:24:06.000000000 +1200
@@ -3083,6 +3083,14 @@
return;
}
+ if (io.flag != COMM_OK) {
+ data.close();
+ debugs(9, DBG_IMPORTANT, "FTP AcceptDataConnection: FD " << io.fd << ": " << xstrerr(io.xerrno));
+ /** \todo Need to send error message on control channel*/
+ ftpFail(this);
+ return;
+ }
+
/** \par
* When squid.conf ftp_sanitycheck is enabled, check the new connection is actually being
* made by the remote client which is connected to the FTP control socket.
@@ -3106,13 +3114,6 @@
}
}
- if (io.flag != COMM_OK) {
- debugs(9, DBG_IMPORTANT, "ftpHandleDataAccept: comm_accept(" << io.nfd << "): " << xstrerr(io.xerrno));
- /** \todo XXX Need to set error message */
- ftpFail(this);
- return;
- }
-
/**\par
* Replace the Listen socket with the accepted data socket */
data.close();
diff -u -r -N squid-3.1.11/src/htcp.cc squid-3.1.12/src/htcp.cc
--- squid-3.1.11/src/htcp.cc 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/htcp.cc 2011-04-04 13:24:06.000000000 +1200
@@ -1347,10 +1347,10 @@
htcpDataHeader hdr;
char *hbuf;
int hsz;
- assert (sz >= 0);
- if ((size_t)sz < sizeof(htcpHeader)) {
- debugs(31, 3, "htcpHandle: msg size less than htcpHeader size");
+ if (sz < 0 || (size_t)sz < sizeof(htcpHeader)) {
+ // These are highly likely to be attack packets. Should probably get a bigger warning.
+ debugs(31, 2, "htcpHandle: msg size less than htcpHeader size from " << from);
return;
}
diff -u -r -N squid-3.1.11/src/http.cc squid-3.1.12/src/http.cc
--- squid-3.1.11/src/http.cc 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/http.cc 2011-04-04 13:24:06.000000000 +1200
@@ -85,7 +85,7 @@
surrogateNoStore = false;
fd = fwd->server_fd;
readBuf = new MemBuf;
- readBuf->init();
+ readBuf->init(16*1024, 256*1024);
orig_request = HTTPMSGLOCK(fwd->request);
// reset peer response time stats for %method) << " " << entry->url() << "\"" );
+ debugs(11, 2, "statusIfComplete: Request not yet fully sent \"" << RequestMethodStr(orig_request->method) << " " << entry->url() << "\"" );
return COMPLETE_NONPERSISTENT_MSG;
}
@@ -2076,7 +2076,7 @@
#if HTTP_VIOLATIONS
if (Config.accessList.brokenPosts) {
- ACLFilledChecklist ch(Config.accessList.brokenPosts, request, NULL);
+ ACLFilledChecklist ch(Config.accessList.brokenPosts, originalRequest(), NULL);
if (!ch.fastCheck()) {
debugs(11, 5, "doneSendingRequestBody: didn't match brokenPosts");
CommIoCbParams io(NULL);
diff -u -r -N squid-3.1.11/src/HttpMsg.h squid-3.1.12/src/HttpMsg.h
--- squid-3.1.11/src/HttpMsg.h 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/HttpMsg.h 2011-04-04 13:24:06.000000000 +1200
@@ -208,8 +208,7 @@
const Msg &operator *() const { return *msg; }
Msg *operator ->() { return msg; }
const Msg *operator ->() const { return msg; }
- operator Msg *() { return msg; }
- operator const Msg *() const { return msg; }
+ operator Msg *() const { return msg; }
// add more as needed
/// public access for HttpMsgPointerT copying and assignment; avoid
diff -u -r -N squid-3.1.11/src/ip/IpAddress.cc squid-3.1.12/src/ip/IpAddress.cc
--- squid-3.1.11/src/ip/IpAddress.cc 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/ip/IpAddress.cc 2011-04-04 13:24:06.000000000 +1200
@@ -375,7 +375,7 @@
#endif
if ( (err = xgetaddrinfo(s, NULL, &want, &res)) != 0) {
- debugs(14,3, HERE << "Given Bad IP '" << s << "': " << xgai_strerror(err) );
+ debugs(14,3, HERE << "Given Non-IP '" << s << "': " << xgai_strerror(err) );
/* free the memory xgetaddrinfo() dynamically allocated. */
if (res) {
xfreeaddrinfo(res);
diff -u -r -N squid-3.1.11/src/neighbors.cc squid-3.1.12/src/neighbors.cc
--- squid-3.1.11/src/neighbors.cc 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/neighbors.cc 2011-04-04 13:24:06.000000000 +1200
@@ -167,6 +167,11 @@
return 0;
}
+ // CONNECT requests are proxy requests. Not to be forwarded to origin servers.
+ // Unless the destination port matches, in which case we MAY perform a 'DIRECT' to this peer.
+ if (p->options.originserver && request->method == METHOD_CONNECT && request->port != p->in_addr.GetPort())
+ return 0;
+
if (p->peer_domain == NULL && p->access == NULL)
return do_ping;
diff -u -r -N squid-3.1.11/src/repl/heap/store_repl_heap.cc squid-3.1.12/src/repl/heap/store_repl_heap.cc
--- squid-3.1.11/src/repl/heap/store_repl_heap.cc 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/repl/heap/store_repl_heap.cc 2011-04-04 13:24:06.000000000 +1200
@@ -336,7 +336,10 @@
}
/* No additional arguments expected */
- assert(!args);
+ while (args) {
+ debugs(81, DBG_IMPORTANT, "WARNING: discarding unknown removal policy '" << args->key << "'");
+ args = args->next;
+ }
heap_data->theHeap = new_heap(1000, heap_data->keyfunc);
diff -u -r -N squid-3.1.11/src/Server.cc squid-3.1.12/src/Server.cc
--- squid-3.1.11/src/Server.cc 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/Server.cc 2011-04-04 13:24:06.000000000 +1200
@@ -815,7 +815,7 @@
// The callback can be called with a NULL service if adaptation is off.
adaptationAccessCheckPending = Adaptation::AccessCheck::Start(
Adaptation::methodRespmod, Adaptation::pointPreCache,
- request, virginReply(), adaptationAclCheckDoneWrapper, this);
+ originalRequest(), virginReply(), adaptationAclCheckDoneWrapper, this);
debugs(11,5, HERE << "adaptationAccessCheckPending=" << adaptationAccessCheckPending);
if (adaptationAccessCheckPending)
return;
diff -u -r -N squid-3.1.11/src/stat.cc squid-3.1.12/src/stat.cc
--- squid-3.1.11/src/stat.cc 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/stat.cc 2011-04-04 13:24:06.000000000 +1200
@@ -445,14 +445,6 @@
struct rusage rusage;
double cputime;
double runtime;
-#if HAVE_MSTATS && HAVE_GNUMALLOC_H
-
- struct mstats ms;
-#elif HAVE_MALLINFO && HAVE_STRUCT_MALLINFO
-
- struct mallinfo mp;
- long t;
-#endif
runtime = tvSubDsec(squid_start, current_time);
@@ -624,72 +616,73 @@
#if HAVE_MSTATS && HAVE_GNUMALLOC_H
- ms = mstats();
+
+ struct mstats ms = mstats();
storeAppendPrintf(sentry, "Memory usage for %s via mstats():\n",APP_SHORTNAME);
- storeAppendPrintf(sentry, "\tTotal space in arena: %6ld KB\n",
- (long)(ms.bytes_total >> 10));
+ storeAppendPrintf(sentry, "\tTotal space in arena: %6.0f KB\n",
+ static_cast(ms.bytes_total / 1024));
- storeAppendPrintf(sentry, "\tTotal free: %6ld KB %d%%\n",
- (long)(ms.bytes_free >> 10), Math::intPercent(ms.bytes_free, ms.bytes_total));
+ storeAppendPrintf(sentry, "\tTotal free: %6.0f KB %.0f%%\n",
+ static_cast(ms.bytes_free / 1024),
+ Math::doublePercent(static_cast(ms.bytes_free), static_cast(ms.bytes_total)));
#elif HAVE_MALLINFO && HAVE_STRUCT_MALLINFO
- mp = mallinfo();
+ struct mallinfo mp = mallinfo();
storeAppendPrintf(sentry, "Memory usage for %s via mallinfo():\n",APP_SHORTNAME);
- storeAppendPrintf(sentry, "\tTotal space in arena: %6ld KB\n",
- (long)(mp.arena >> 10));
+ storeAppendPrintf(sentry, "\tTotal space in arena: %6.0f KB\n",
+ static_cast(mp.arena / 1024));
- storeAppendPrintf(sentry, "\tOrdinary blocks: %6ld KB %6ld blks\n",
- (long)(mp.uordblks >> 10), (long)mp.ordblks);
+ storeAppendPrintf(sentry, "\tOrdinary blocks: %6.0f KB %6.0f blks\n",
+ static_cast(mp.uordblks / 1024), static_cast(mp.ordblks));
- storeAppendPrintf(sentry, "\tSmall blocks: %6ld KB %6ld blks\n",
- (long)(mp.usmblks >> 10), (long)mp.smblks);
+ storeAppendPrintf(sentry, "\tSmall blocks: %6.0f KB %6.0f blks\n",
+ static_cast(mp.usmblks / 1024), static_cast(mp.smblks));
- storeAppendPrintf(sentry, "\tHolding blocks: %6ld KB %6ld blks\n",
- (long)(mp.hblkhd >> 10), (long)mp.hblks);
+ storeAppendPrintf(sentry, "\tHolding blocks: %6.0f KB %6.0f blks\n",
+ static_cast(mp.hblkhd / 1024), static_cast(mp.hblks));
- storeAppendPrintf(sentry, "\tFree Small blocks: %6ld KB\n",
- (long)(mp.fsmblks >> 10));
+ storeAppendPrintf(sentry, "\tFree Small blocks: %6.0f KB\n",
+ static_cast(mp.fsmblks / 1024));
- storeAppendPrintf(sentry, "\tFree Ordinary blocks: %6ld KB\n",
- (long)(mp.fordblks >> 10));
+ storeAppendPrintf(sentry, "\tFree Ordinary blocks: %6.0f KB\n",
+ static_cast(mp.fordblks / 1024));
- t = mp.uordblks + mp.usmblks + mp.hblkhd;
+ double t = mp.uordblks + mp.usmblks + mp.hblkhd;
- storeAppendPrintf(sentry, "\tTotal in use: %6ld KB %d%%\n",
- (long)(t >> 10), Math::intPercent(t, mp.arena + mp.hblkhd));
+ storeAppendPrintf(sentry, "\tTotal in use: %6.0f KB %.0f%%\n",
+ (t / 1024), Math::doublePercent(t, static_cast(mp.arena + mp.hblkhd)));
t = mp.fsmblks + mp.fordblks;
- storeAppendPrintf(sentry, "\tTotal free: %6ld KB %d%%\n",
- (long)(t >> 10), Math::intPercent(t, mp.arena + mp.hblkhd));
+ storeAppendPrintf(sentry, "\tTotal free: %6.0f KB %.0f%%\n",
+ (t / 1024), Math::doublePercent(t, static_cast(mp.arena + mp.hblkhd)));
t = mp.arena + mp.hblkhd;
- storeAppendPrintf(sentry, "\tTotal size: %6ld KB\n",
- (long)(t >> 10));
+ storeAppendPrintf(sentry, "\tTotal size: %6.0f KB\n", (t / 1024));
#if HAVE_STRUCT_MALLINFO_MXFAST
- storeAppendPrintf(sentry, "\tmax size of small blocks:\t%d\n", mp.mxfast);
+ storeAppendPrintf(sentry, "\tmax size of small blocks:\t%.0f\n", static_cast(mp.mxfast));
- storeAppendPrintf(sentry, "\tnumber of small blocks in a holding block:\t%ld\n",
- (long)mp.nlblks);
+ storeAppendPrintf(sentry, "\tnumber of small blocks in a holding block:\t%6.0f\n",
+ static_cast(mp.nlblks));
- storeAppendPrintf(sentry, "\tsmall block rounding factor:\t%ld\n", (long)mp.grain);
+ storeAppendPrintf(sentry, "\tsmall block rounding factor:\t%.0f\n", static_cast(mp.grain));
- storeAppendPrintf(sentry, "\tspace (including overhead) allocated in ord. blks:\t%ld\n",
- (long)mp.uordbytes);
+ storeAppendPrintf(sentry, "\tspace (including overhead) allocated in ord. blks:\t%.0f\n",
+ static_cast(mp.uordbytes));
- storeAppendPrintf(sentry, "\tnumber of ordinary blocks allocated:\t%ld\n",
- (long)mp.allocated);
+ storeAppendPrintf(sentry, "\tnumber of ordinary blocks allocated:\t%.0f\n",
+ static_cast(mp.allocated));
- storeAppendPrintf(sentry, "\tbytes used in maintaining the free tree:\t%ld\n",
- (long)mp.treeoverhead);
+ storeAppendPrintf(sentry, "\tbytes used in maintaining the free tree:\t%.0f\n",
+ static_cast(mp.treeoverhead));
#endif /* HAVE_STRUCT_MALLINFO_MXFAST */
#endif /* HAVE_MALLINFO */
@@ -698,13 +691,13 @@
#if !(HAVE_MSTATS && HAVE_GNUMALLOC_H) && HAVE_MALLINFO && HAVE_STRUCT_MALLINFO
- storeAppendPrintf(sentry, "\tTotal accounted: %6ld KB %3d%%\n",
- (long)(statMemoryAccounted() >> 10), Math::intPercent(statMemoryAccounted(), t));
+ storeAppendPrintf(sentry, "\tTotal accounted: %6.0f KB %.0f%%\n",
+ (statMemoryAccounted() / 1024), Math::doublePercent(statMemoryAccounted(), t));
#else
- storeAppendPrintf(sentry, "\tTotal accounted: %6ld KB\n",
- (long)(statMemoryAccounted() >> 10));
+ storeAppendPrintf(sentry, "\tTotal accounted: %6.0f KB\n",
+ (statMemoryAccounted() / 1024));
#endif
{
@@ -712,15 +705,15 @@
memPoolGetGlobalStats(&mp_stats);
#if !(HAVE_MSTATS && HAVE_GNUMALLOC_H) && HAVE_MALLINFO && HAVE_STRUCT_MALLINFO
- storeAppendPrintf(sentry, "\tmemPool accounted: %6ld KB %3d%%\n",
- (long)(mp_stats.TheMeter->alloc.level >> 10),
- Math::intPercent(mp_stats.TheMeter->alloc.level, t));
+ storeAppendPrintf(sentry, "\tmemPool accounted: %6.0f KB %.0f%%\n",
+ static_cast(mp_stats.TheMeter->alloc.level / 1024),
+ Math::doublePercent(static_cast(mp_stats.TheMeter->alloc.level), t));
- int iFree = 0;
+ double iFree = 0;
if (t >= mp_stats.TheMeter->alloc.level)
- iFree = Math::intPercent((t - mp_stats.TheMeter->alloc.level), t);
- storeAppendPrintf(sentry, "\tmemPool unaccounted: %6ld KB %3d%%\n",
- (long)((t - mp_stats.TheMeter->alloc.level) >> 10), iFree);
+ iFree = Math::doublePercent((t - static_cast(mp_stats.TheMeter->alloc.level)), t);
+ storeAppendPrintf(sentry, "\tmemPool unaccounted: %6.0f KB %.0f%%\n",
+ static_cast((t - mp_stats.TheMeter->alloc.level) / 1024), iFree);
#endif
storeAppendPrintf(sentry, "\tmemPoolAlloc calls: %9.0f\n",
@@ -1774,8 +1767,8 @@
#endif /* STAT_GRAPHS */
-int
+double
statMemoryAccounted(void)
{
- return memPoolsTotalAllocated();
+ return static_cast(memPoolsTotalAllocated());
}
diff -u -r -N squid-3.1.11/src/tunnel.cc squid-3.1.12/src/tunnel.cc
--- squid-3.1.11/src/tunnel.cc 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/src/tunnel.cc 2011-04-04 13:24:06.000000000 +1200
@@ -589,7 +589,7 @@
err->callback_data = tunnelState;
errorSend(tunnelState->client.fd(), err);
} else {
- if (tunnelState->servers->_peer)
+ if (tunnelState->servers->_peer && !tunnelState->servers->_peer->options.originserver)
tunnelProxyConnected(tunnelState->server.fd(), tunnelState);
else {
tunnelConnected(tunnelState->server.fd(), tunnelState);
@@ -772,7 +772,7 @@
if (fs->_peer) {
tunnelState->request->peer_login = fs->_peer->login;
- tunnelState->request->flags.proxying = 1;
+ tunnelState->request->flags.proxying = (fs->_peer->options.originserver?0:1);
} else {
tunnelState->request->peer_login = NULL;
tunnelState->request->flags.proxying = 0;
diff -u -r -N squid-3.1.11/tools/squidclient.1 squid-3.1.12/tools/squidclient.1
--- squid-3.1.11/tools/squidclient.1 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/tools/squidclient.1 2011-04-04 13:24:06.000000000 +1200
@@ -3,8 +3,9 @@
squidclient -- a simple HTTP web client
.SH SYNOPSIS
.B squidclient
-.RB [ \-arsv ]
-.RB [ \-g
+.RB [ \-arsv ] [ \-A
+.IR string
+.RB ] [ \-g
.IR count ]
.RB [ \-h
.IR remote\-host ]
@@ -50,6 +51,10 @@
.SH OPTIONS
.IP "\-a"
Do NOT include Accept: header.
+.IP "\-A 'string'"
+Send
+.B string
+as User-Agent: header. To omit the header completely set string to empty ('').
.IP "\-g \fIcount\fP"
Ping mode, perform
.I count
diff -u -r -N squid-3.1.11/tools/squidclient.cc squid-3.1.12/tools/squidclient.cc
--- squid-3.1.11/tools/squidclient.cc 2011-02-08 17:05:51.000000000 +1300
+++ squid-3.1.12/tools/squidclient.cc 2011-04-04 13:24:06.000000000 +1200
@@ -132,12 +132,13 @@
{
fprintf(stderr,
"Version: %s\n"
- "Usage: %s [-arsv] [-g count] [-h remote host] [-H 'string'] [-i IMS] [-I ping-interval] [-j 'Host-header']"
+ "Usage: %s [-arsv] [-A 'string'] [-g count] [-h remote host] [-H 'string'] [-i IMS] [-I ping-interval] [-j 'Host-header']"
"[-k] [-l local-host] [-m method] [-p port] [-P file] [-t count] [-T timeout] [-u proxy-user] [-U www-user] "
"[-V version] [-w proxy-password] [-W www-password] url\n"
"\n"
"Options:\n"
" -a Do NOT include Accept: header.\n"
+ " -A User-Agent: header. Use \"\" to omit.\n"
" -g count Ping mode, perform \"count\" iterations (0 to loop until interrupted).\n"
" -h host Retrieve URL from cache on hostname. Default is localhost.\n"
" -H 'string' Extra headers to send. Use '\\n' for new lines.\n"
@@ -192,6 +193,7 @@
const char *www_password = NULL;
const char *host = NULL;
const char *version = "1.0";
+ const char *useragent = NULL;
/* set the defaults */
hostname = "localhost";
@@ -213,13 +215,18 @@
if (url[0] == '-')
usage(argv[0]);
- while ((c = getopt(argc, argv, "ah:j:V:l:P:i:km:p:rsvt:g:p:I:H:T:u:U:w:W:?")) != -1)
+ while ((c = getopt(argc, argv, "aA:h:j:V:l:P:i:km:p:rsvt:g:p:I:H:T:u:U:w:W:?")) != -1)
switch (c) {
case 'a':
opt_noaccept = 1;
break;
+ case 'A':
+ if (optarg != NULL)
+ useragent = optarg;
+ break;
+
case 'h': /* remote host */
if (optarg != NULL)
hostname = optarg;
@@ -336,7 +343,15 @@
/* Build the HTTP request */
if (strncmp(url, "mgr:", 4) == 0) {
char *t = xstrdup(url + 4);
- snprintf(url, BUFSIZ, "cache_object://%s/%s", hostname, t);
+ const char *at = NULL;
+ if (!strrchr(t, '@')) { // ignore any -w password if @ is explicit already.
+ at = proxy_password;
+ }
+ // embed the -w proxy password into old-style cachemgr URLs
+ if (at)
+ snprintf(url, BUFSIZ, "cache_object://%s/%s@%s", hostname, t, at);
+ else
+ snprintf(url, BUFSIZ, "cache_object://%s/%s", hostname, t);
xfree(t);
}
if (put_file) {
@@ -383,8 +398,16 @@
strcat(msg,buf);
}
+ if (useragent == NULL) {
+ snprintf(buf, BUFSIZ, "User-Agent: squidclient/%s\r\n", VERSION);
+ strcat(msg,buf);
+ } else if (useragent[0] != '\0') {
+ snprintf(buf, BUFSIZ, "User-Agent: %s\r\n", useragent);
+ strcat(msg,buf);
+ }
+
if (reload) {
- snprintf(buf, BUFSIZ, "Pragma: no-cache\r\n");
+ snprintf(buf, BUFSIZ, "Cache-Control: no-cache\r\n");
strcat(msg, buf);
}
if (put_fd > 0) {