diff -u -r -N squid-3.2.1/acinclude/os-deps.m4 squid-3.2.2/acinclude/os-deps.m4 --- squid-3.2.1/acinclude/os-deps.m4 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/acinclude/os-deps.m4 2012-10-06 15:08:36.000000000 +1200 @@ -263,6 +263,7 @@ dnl sets shell var squid_filedescriptors_num AC_DEFUN([SQUID_CHECK_MAXFD],[ +AC_CHECK_FUNCS(setrlimit) AC_MSG_CHECKING(Maximum number of filedescriptors we can open) dnl damn! FreeBSD pthreads break dup2(). SQUID_STATE_SAVE(maxfd) diff -u -r -N squid-3.2.1/ChangeLog squid-3.2.2/ChangeLog --- squid-3.2.1/ChangeLog 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/ChangeLog 2012-10-06 15:08:36.000000000 +1200 @@ -1,3 +1,22 @@ +Changes to squid-3.2.1 (06 Oct 2012): + + - Regression: Make login=PASS send no credentials when none available + - Regression: Handle dstdomain duplicates and overlapping names better + - Bug 3661: Segmentation fault when using more than 1 worker + - Bug 3660: ACLFilledChecklist::fd set with wrong fd for sslproxy_cert_error + - Bug 3658: ERR_ZERO_SIZE_OBJECT propagates out even after successful retry + - Bug 3648: polish String class files + - Bug 3647: parsing hier_code acl fails + - Bug 3626: forwarding loops on intercepted traffic + - Bug 3616: retrieve client connection for ACL checks from the related HttpRequest object + - Bug 3609: several RADIUS helper improvements + - Bug 3605: memory leak in Negotiate authentication + - Fix small memory leak in src ACL parse + - Fix maximum_single_addr_tries upgrade + - Fix chunked encoding on responses carrying a Content-Range header. + - Do not reuse persistent connections for PUTs to avoid ERR_ZERO_SIZE_OBJECT + - ... and several compile errors + Changes to squid-3.2.1 (15 Aug 2012): - Bug 3605: memory leak in peer selection @@ -405,6 +424,24 @@ - ... and a great many testing improvements - ... and many documentation updates +Changes to squid-3.1.21 (23 Sep 2012): + + - Bug 3622: peerClearRRStart scheduling multiple events + - Bug 3615: configure check for default max number of FDs is broken + - Bug 3607: --enable-auth documented default action incorrect + - Bug 3593: socket failure: Address family not supported by protocol + - Bug 3584: Detection of setresuid() is broken + - Bug 3568: Consolidate external_acl_type config dumping and add missing %% + - Bug 3564: eCAP not supporting CoAP URI schemes + - Bug 3484: Docs: sslproxy_cert_error example flawed + - Bug 3462: Delay Pools and ICAP + - Bug 3133: better fix: Memory leak handling requests for sites that don't exist + - Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring + - Silence IOS 15.1 unknown capabilities messages. + - Account for Store disk client quota when bandwidth-limiting the server. + - ... and several documentation fixes + - ... and several compile fixes + Changes to squid-3.1.20 (08 Jun 2012): - Regression Bug 3545: FreeBSD dnsserver segfaults diff -u -r -N squid-3.2.1/compat/compat_shared.h squid-3.2.2/compat/compat_shared.h --- squid-3.2.1/compat/compat_shared.h 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/compat/compat_shared.h 2012-10-06 15:08:36.000000000 +1200 @@ -218,6 +218,11 @@ #include "compat/xstrto.h" #include "compat/xis.h" +/* + * strtoll() is needed. Squid provides a portable definition. + */ +#include "compat/strtoll.h" + #if !HAVE_MEMCPY #if HAVE_BCOPY #define memcpy(d,s,n) bcopy((s),(d),(n)) diff -u -r -N squid-3.2.1/configure squid-3.2.2/configure --- squid-3.2.1/configure 2012-08-15 15:25:31.000000000 +1200 +++ squid-3.2.2/configure 2012-10-06 15:09:35.000000000 +1200 @@ -1,7 +1,7 @@ #! /bin/sh # From configure.ac Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.2.1. +# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.2.2. # # Report bugs to . # @@ -575,8 +575,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='3.2.1' -PACKAGE_STRING='Squid Web Proxy 3.2.1' +PACKAGE_VERSION='3.2.2' +PACKAGE_STRING='Squid Web Proxy 3.2.2' PACKAGE_BUGREPORT='http://www.squid-cache.org/bugs/' PACKAGE_URL='' @@ -1571,7 +1571,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 3.2.1 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 3.2.2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1641,7 +1641,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 3.2.1:";; + short | recursive ) echo "Configuration of Squid Web Proxy 3.2.2:";; esac cat <<\_ACEOF @@ -2019,7 +2019,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 3.2.1 +Squid Web Proxy configure 3.2.2 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -3115,7 +3115,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 3.2.1, which was +It was created by Squid Web Proxy $as_me 3.2.2, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -3934,7 +3934,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='3.2.1' + VERSION='3.2.2' cat >>confdefs.h <<_ACEOF @@ -26688,6 +26688,17 @@ if test "x$squid_filedescriptors_num" = "x"; then +for ac_func in setrlimit +do : + ac_fn_cxx_check_func "$LINENO" "setrlimit" "ac_cv_func_setrlimit" +if test "x$ac_cv_func_setrlimit" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SETRLIMIT 1 +_ACEOF + +fi +done + { $as_echo "$as_me:${as_lineno-$LINENO}: checking Maximum number of filedescriptors we can open" >&5 $as_echo_n "checking Maximum number of filedescriptors we can open... " >&6; } @@ -28391,7 +28402,6 @@ seteuid \ setgroups \ setpgrp \ - setrlimit \ setsid \ sigaction \ snprintf \ @@ -30881,7 +30891,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 3.2.1, which was +This file was extended by Squid Web Proxy $as_me 3.2.2, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -30947,7 +30957,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Squid Web Proxy config.status 3.2.1 +Squid Web Proxy config.status 3.2.2 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff -u -r -N squid-3.2.1/configure.ac squid-3.2.2/configure.ac --- squid-3.2.1/configure.ac 2012-08-15 15:25:31.000000000 +1200 +++ squid-3.2.2/configure.ac 2012-10-06 15:09:35.000000000 +1200 @@ -3,7 +3,7 @@ dnl dnl dnl -AC_INIT([Squid Web Proxy],[3.2.1],[http://www.squid-cache.org/bugs/],[squid]) +AC_INIT([Squid Web Proxy],[3.2.2],[http://www.squid-cache.org/bugs/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) @@ -3166,7 +3166,6 @@ seteuid \ setgroups \ setpgrp \ - setrlimit \ setsid \ sigaction \ snprintf \ diff -u -r -N squid-3.2.1/helpers/basic_auth/DB/basic_db_auth.8 squid-3.2.2/helpers/basic_auth/DB/basic_db_auth.8 --- squid-3.2.1/helpers/basic_auth/DB/basic_db_auth.8 2012-08-15 15:43:15.000000000 +1200 +++ squid-3.2.2/helpers/basic_auth/DB/basic_db_auth.8 2012-10-06 15:31:39.000000000 +1200 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_DB_AUTH 1" -.TH BASIC_DB_AUTH 1 "2012-08-14" "perl v5.10.1" "User Contributed Perl Documentation" +.TH BASIC_DB_AUTH 1 "2012-10-05" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.2.1/helpers/basic_auth/RADIUS/basic_radius_auth.8 squid-3.2.2/helpers/basic_auth/RADIUS/basic_radius_auth.8 --- squid-3.2.1/helpers/basic_auth/RADIUS/basic_radius_auth.8 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/helpers/basic_auth/RADIUS/basic_radius_auth.8 2012-10-06 15:08:36.000000000 +1200 @@ -82,6 +82,10 @@ .if !'po4a'hide' .BI "port " portnumber Specifies the port number or service name where the helper should connect. . +.if !'po4a'hide' .TP +.if !'po4a'hide' .BI "timeout " seconds +Specifies the RADIUS request timeout. +. .SH AUTHOR This program is written by .if !'po4a'hide' .I Marc van Selm diff -u -r -N squid-3.2.1/helpers/basic_auth/RADIUS/basic_radius_auth.cc squid-3.2.2/helpers/basic_auth/RADIUS/basic_radius_auth.cc --- squid-3.2.1/helpers/basic_auth/RADIUS/basic_radius_auth.cc 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/helpers/basic_auth/RADIUS/basic_radius_auth.cc 2012-10-06 15:08:36.000000000 +1200 @@ -116,7 +116,7 @@ static int nasporttype = 0; static uint32_t nas_ipaddr; static uint32_t auth_ipaddr; -static int retries = 30; +static int retries = 10; char progname[] = "basic_radius_auth"; @@ -250,6 +250,8 @@ sscanf(line, "service %s", svc_name); if (!memcmp(line, "port", 4)) sscanf(line, "port %s", svc_name); + if (!memcmp(line, "timeout", 7)) + sscanf(line, "timeout %d", &retries); } fclose(cf); if (srv && crt) @@ -281,7 +283,7 @@ *dst = '\0'; } -static int +static void authenticate(int socket_fd, const char *username, const char *passwd) { AUTH_HDR *auth; @@ -446,16 +448,20 @@ continue; rc = result_recv(saremote.sin_addr.s_addr, saremote.sin_port, recv_buffer, len); - if (rc == 0) - return 1; - if (rc == 1) - return 0; + if (rc == 0) { + SEND_OK(""); + return; + } + if (rc == 1) { + SEND_ERR(""); + return; + } } } fprintf(stderr, "%s: No response from RADIUS server\n", progname); - - return 0; + SEND_ERR("No response from RADIUS server"); + return; } int @@ -597,10 +603,7 @@ ++ptr; urldecode(passwd, ptr, MAXPASS); - if (authenticate(sockfd, username, passwd)) - SEND_OK(""); - else - SEND_ERR(""); + authenticate(sockfd, username, passwd); } close(sockfd); exit(1); diff -u -r -N squid-3.2.1/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 squid-3.2.2/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 --- squid-3.2.1/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2012-08-15 15:43:17.000000000 +1200 +++ squid-3.2.2/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2012-10-06 15:31:41.000000000 +1200 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EXT_WBINFO_GROUP_ACL.PL.IN 1" -.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2012-08-14" "perl v5.10.1" "User Contributed Perl Documentation" +.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2012-10-05" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.2.1/include/version.h squid-3.2.2/include/version.h --- squid-3.2.1/include/version.h 2012-08-15 15:25:31.000000000 +1200 +++ squid-3.2.2/include/version.h 2012-10-06 15:09:35.000000000 +1200 @@ -9,7 +9,7 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1345001058 +#define SQUID_RELEASE_TIME 1349492914 #endif #ifndef APP_SHORTNAME diff -u -r -N squid-3.2.1/RELEASENOTES.html squid-3.2.2/RELEASENOTES.html --- squid-3.2.1/RELEASENOTES.html 2012-08-15 15:43:23.000000000 +1200 +++ squid-3.2.2/RELEASENOTES.html 2012-10-06 15:31:49.000000000 +1200 @@ -2,10 +2,10 @@ - Squid 3.2.1 release notes + Squid 3.2.2 release notes -

Squid 3.2.1 release notes

+

Squid 3.2.2 release notes

Squid Developers


@@ -72,7 +72,7 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-3.2.1 for testing.

+

The Squid Team are pleased to announce the release of Squid-3.2.2 for testing.

This new release is available for download from http://www.squid-cache.org/Versions/v3/3.2/ or the mirrors.

@@ -404,7 +404,7 @@ versions and beginning with 3.2 they are available in languages other than English (where translated).

Details in -The Squid wiki

+The Squid wiki

3.1 began the Internationalization of Squid with the public facing error pages. This move begins the Localization of the internal administrator facing manuals.

@@ -458,7 +458,8 @@ direct filesystem logging (stdio, daemon) to network logging (syslog, UDP and TCP). The daemon logging interface allows for a custom helper to be written to process logs in real-time.

-

Upgrading: the access_log was previously logged via what is now called the stdio module. +

Upgrading: the access_log and cache_store_log were previously logged via what is +now called the stdio module. This is still supported and used by default if no module is named. For best performance particularly in SMP environments we recommend the daemon be used. The provided log_file_daemon helper performs the traditional logging to local filesystem.

@@ -470,8 +471,8 @@ logging a single cache.log at relatively high debug levels on a high-traffic system. Or one which is required to store a long period of access.log and needs to conserve disk space.

-

The referer_log and useragent_log directives have been converted to built-in log formats. -These logs are now created using an access_log line with the format "referrer" or "useragent". +

The referer_log and useragent_log directives have been converted to built-in log formats. +These logs are now created using an access_log line with the format "referrer" or "useragent". They also now log all client requests, if there was no Referer or User-Agent header a dash (-) is logged.

Known Issue: The TCP logging module does not recover from broken connections well. @@ -748,6 +749,10 @@

htcp-* options collapsed into htcp= taking an optional comma-separated list of flags. The old form is deprecated but still accepted.

+
cache_store_log
+

Now uses logging modules. Example: stdio:/file/path +see access_log for a list of supported modules and their parameters.

+
clientside_mark

New configuration parameter clientside_mark

Allows packets leaving Squid on the client side to be marked with a Netfilter mark value in the same way as the existing clientside_tos feature.

diff -u -r -N squid-3.2.1/src/acl/DomainData.cc squid-3.2.2/src/acl/DomainData.cc --- squid-3.2.1/src/acl/DomainData.cc 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/acl/DomainData.cc 2012-10-06 15:08:36.000000000 +1200 @@ -98,16 +98,24 @@ if (ret == 0) { // When a.example.com comes after .example.com in an ACL // sub-domain is ignored. That is okay. Just important - debugs(28, DBG_IMPORTANT, "WARNING: '" << d3 << "' is a subdomain of '" << d4 << "'"); - debugs(28, DBG_IMPORTANT, "WARNING: because of this '" << d3 << "' is ignored to keep splay tree searching predictable"); - debugs(28, DBG_IMPORTANT, "WARNING: You should remove '" << (*d3=='.'?d4:d3) << "' from the ACL named '" << AclMatchedName << "'"); + bool d3big = (strlen(d3) > strlen(d4)); // Always suggest removing the longer one. + debugs(28, DBG_IMPORTANT, "WARNING: '" << (d3big?d3:d4) << "' is a subdomain of '" << (d3big?d4:d3) << "'"); + debugs(28, DBG_IMPORTANT, "WARNING: You should remove '" << (d3big?d3:d4) << "' from the ACL named '" << AclMatchedName << "'"); + debugs(28, 2, HERE << "Ignore '" << d3 << "' to keep splay tree searching predictable"); } } else if (ret == 0) { + // It may be an exact duplicate. No problem. Just drop. + if (strcmp(d1,d2)==0) { + debugs(28, 2, "WARNING: '" << d2 << "' is duplicated in the list."); + debugs(28, 2, "WARNING: You should remove one '" << d2 << "' from the ACL named '" << AclMatchedName << "'"); + return ret; + } // When a.example.com comes before .example.com in an ACL // discarding the wildcard is critically bad. - debugs(28, DBG_CRITICAL, "ERROR: '" << d1 << "' is a subdomain of '" << d2 << "'"); - debugs(28, DBG_CRITICAL, "ERROR: because of this '" << d2 << "' is ignored to keep splay tree searching predictable"); - debugs(28, DBG_CRITICAL, "ERROR: You should remove '" << (*d1=='.'?d2:d1) << "' from the ACL named '" << AclMatchedName << "'"); + // or Maybe even both are wildcards. Things are very weird in those cases. + bool d1big = (strlen(d1) > strlen(d2)); // Always suggest removing the longer one. + debugs(28, DBG_CRITICAL, "ERROR: '" << (d1big?d1:d2) << "' is a subdomain of '" << (d1big?d2:d1) << "'"); + debugs(28, DBG_CRITICAL, "ERROR: You need to remove '" << (d1big?d1:d2) << "' from the ACL named '" << AclMatchedName << "'"); self_destruct(); } diff -u -r -N squid-3.2.1/src/acl/FilledChecklist.cc squid-3.2.2/src/acl/FilledChecklist.cc --- squid-3.2.1/src/acl/FilledChecklist.cc 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/acl/FilledChecklist.cc 2012-10-06 15:08:36.000000000 +1200 @@ -110,6 +110,8 @@ void ACLFilledChecklist::conn(ConnStateData *aConn) { + if (conn() == aConn) + return; assert (conn() == NULL); conn_ = cbdataReference(aConn); } @@ -205,6 +207,9 @@ #endif /* FOLLOW_X_FORWARDED_FOR */ src_addr = request->client_addr; my_addr = request->my_addr; + + if (request->clientConnectionManager.valid()) + conn(request->clientConnectionManager.get()); } #if USE_IDENT diff -u -r -N squid-3.2.1/src/acl/FilledChecklist.h squid-3.2.2/src/acl/FilledChecklist.h --- squid-3.2.1/src/acl/FilledChecklist.h 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/acl/FilledChecklist.h 2012-10-06 15:08:36.000000000 +1200 @@ -23,14 +23,15 @@ ~ACLFilledChecklist(); public: + /// The client connection manager ConnStateData * conn() const; - /// uses conn() if available + /// The client side fd. It uses conn() if available int fd() const; /// set either conn void conn(ConnStateData *); - /// set FD + /// set the client side FD void fd(int aDescriptor); //int authenticated(); diff -u -r -N squid-3.2.1/src/acl/Ip.cc squid-3.2.2/src/acl/Ip.cc --- squid-3.2.1/src/acl/Ip.cc 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/acl/Ip.cc 2012-10-06 15:08:36.000000000 +1200 @@ -471,6 +471,7 @@ /* ignore IPv6 addresses when built with IPv4-only */ if ( iptype == AF_INET6 && !Ip::EnableIpv6) { debugs(28, DBG_IMPORTANT, "aclIpParseIpData: IPv6 has not been enabled."); + delete q; return NULL; } diff -u -r -N squid-3.2.1/src/auth/negotiate/UserRequest.cc squid-3.2.2/src/auth/negotiate/UserRequest.cc --- squid-3.2.1/src/auth/negotiate/UserRequest.cc 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/auth/negotiate/UserRequest.cc 2012-10-06 15:08:36.000000000 +1200 @@ -365,7 +365,10 @@ fatalf("authenticateNegotiateHandleReply: *** Unsupported helper response ***, '%s'\n", reply); } - lm_request->request = NULL; + if (lm_request->request) { + HTTPMSGUNLOCK(lm_request->request); + lm_request->request = NULL; + } r->handler(r->data); delete r; } diff -u -r -N squid-3.2.1/src/cf.data.pre squid-3.2.2/src/cf.data.pre --- squid-3.2.1/src/cf.data.pre 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/cf.data.pre 2012-10-06 15:08:36.000000000 +1200 @@ -123,6 +123,12 @@ Remove this line. Configure FTP page display using the CSS controls in errorpages.css instead. DOC_END +NAME: maximum_single_addr_tries +TYPE: obsolete +DOC_START + Replaced by connect_retries. The behaviour has changed, please read the documentation before altering. +DOC_END + NAME: url_rewrite_concurrency TYPE: obsolete DOC_START @@ -3351,12 +3357,16 @@ DOC_START Logs the activities of the storage manager. Shows which objects are ejected from the cache, and which objects are - saved and for how long. To disable, enter "none" or remove the line. + saved and for how long. There are not really utilities to analyze this data, so you can safely - disable it. - + disable it (the default). + + Store log uses modular logging outputs. See access_log for the list + of modules supported. + Example: - cache_store_log @DEFAULT_STORE_LOG@ + cache_store_log stdio:@DEFAULT_STORE_LOG@ + cache_store_log daemon:@DEFAULT_STORE_LOG@ DOC_END NAME: cache_swap_state cache_swap_log diff -u -r -N squid-3.2.1/src/client_side.cc squid-3.2.2/src/client_side.cc --- squid-3.2.1/src/client_side.cc 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/client_side.cc 2012-10-06 15:08:36.000000000 +1200 @@ -3856,16 +3856,6 @@ * the ident result on persistent connections... */ /* connection oriented auth also needs these two lines for it's operation. */ - /* - * Internal requests do not have a connection reference, because: A) their - * byte count may be transformed before being applied to an outbound - * connection B) they are internal - any limiting on them should be done on - * the server end. - */ - - if (conn != NULL) - ch->conn(conn); /* unreferenced in FilledCheckList.cc */ - return ch; } diff -u -r -N squid-3.2.1/src/client_side_reply.cc squid-3.2.2/src/client_side_reply.cc --- squid-3.2.1/src/client_side_reply.cc 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/client_side_reply.cc 2012-10-06 15:08:36.000000000 +1200 @@ -630,9 +630,8 @@ return; } - /// Deny loops for accelerator and interceptor. TODO: deny in all modes? - if (r->flags.loopdetect && - (http->flags.accel || http->flags.intercepted)) { + /// Deny loops + if (r->flags.loopdetect) { http->al->http.code = HTTP_FORBIDDEN; err = clientBuildError(ERR_ACCESS_DENIED, HTTP_FORBIDDEN, NULL, http->getConn()->clientConnection->remote, http->request); createStoreEntry(r->method, request_flags()); @@ -1433,7 +1432,11 @@ #endif - const bool maySendChunkedReply = !request->multipartRangeRequest() && + // XXX: chunking a Content-Range response may not violate specs, but our + // ClientSocketContext::writeComplete() confuses the end of ClientStream + // with the end of to-client writing and may quit before writing last-chunk + const bool maySendChunkedReply = !reply->content_range && + !request->multipartRangeRequest() && reply->sline.protocol == AnyP::PROTO_HTTP && // response is HTTP (request->http_ver >= HttpVersion(1, 1)); diff -u -r -N squid-3.2.1/src/CpuAffinitySet.cc squid-3.2.2/src/CpuAffinitySet.cc --- squid-3.2.1/src/CpuAffinitySet.cc 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/CpuAffinitySet.cc 2012-10-06 15:08:36.000000000 +1200 @@ -68,8 +68,11 @@ } bool -CpuAffinitySet::applied() const +CpuAffinitySet::applied() { + // NOTE: cannot be const. + // According to CPU_SET(3) and, apparently, on some systems (e.g., + // OpenSuSE 10.3) CPU_COUNT macro expects a non-const argument. return (CPU_COUNT(&theOrigCpuSet) > 0); } diff -u -r -N squid-3.2.1/src/CpuAffinitySet.h squid-3.2.2/src/CpuAffinitySet.h --- squid-3.2.1/src/CpuAffinitySet.h 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/CpuAffinitySet.h 2012-10-06 15:08:36.000000000 +1200 @@ -21,7 +21,7 @@ void undo(); /// whether apply() was called and was not undone - bool applied() const; + bool applied(); /// set CPU affinity mask void set(const cpu_set_t &aCpuSet); diff -u -r -N squid-3.2.1/src/forward.cc squid-3.2.2/src/forward.cc --- squid-3.2.1/src/forward.cc 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/forward.cc 2012-10-06 15:08:36.000000000 +1200 @@ -345,6 +345,7 @@ // this server link regardless of what happens when connecting to it. // IF sucessfuly connected this top destination will become the serverConnection(). request->hier.note(serverDestinations[0], request->GetHost()); + request->clearError(); connectStart(); } else { @@ -547,6 +548,12 @@ bool FwdState::checkRetriable() { + // Optimize: A compliant proxy may retry PUTs, but Squid lacks the [rather + // complicated] code required to protect the PUT request body from being + // nibbled during the first try. Thus, Squid cannot retry some PUTs today. + if (request->body_pipe != NULL) + return false; + /* RFC2616 9.1 Safe and Idempotent Methods */ switch (request->method.id()) { /* 9.1.1 Safe Methods */ @@ -761,7 +768,6 @@ // The list is used in ssl_verify_cb() and is freed in ssl_free(). if (acl_access *acl = Config.ssl_client.cert_error) { ACLFilledChecklist *check = new ACLFilledChecklist(acl, request, dash_str); - check->fd(fd); SSL_set_ex_data(ssl, ssl_ex_index_cert_error_check, check); } diff -u -r -N squid-3.2.1/src/hier_code.h squid-3.2.2/src/hier_code.h --- squid-3.2.1/src/hier_code.h 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/hier_code.h 2012-10-06 15:08:36.000000000 +1200 @@ -31,6 +31,6 @@ extern const char *hier_code_str[]; -inline hier_code operator++(hier_code &i) { return (hier_code)(i+1); } +inline hier_code operator++(hier_code &i) { return i = (hier_code)(1+(int)i); } #endif /* SQUID__HIER_CODE_H */ diff -u -r -N squid-3.2.1/src/http.cc squid-3.2.2/src/http.cc --- squid-3.2.1/src/http.cc 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/http.cc 2012-10-06 15:08:36.000000000 +1200 @@ -1576,6 +1576,9 @@ old_base64_encode(loginbuf)); return; } + // if no external user credentials are available to fake authentication with PASS acts like PASSTHRU + if (strcmp(request->peer_login, "PASS") == 0) + return; /* Kerberos login to peer */ #if HAVE_AUTH_MODULE_NEGOTIATE && HAVE_KRB5 && HAVE_GSSAPI diff -u -r -N squid-3.2.1/src/HttpRequest.cc squid-3.2.2/src/HttpRequest.cc --- squid-3.2.1/src/HttpRequest.cc 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/HttpRequest.cc 2012-10-06 15:08:36.000000000 +1200 @@ -207,6 +207,7 @@ copy->hier = hier; // Is it safe to copy? Should we? copy->errType = errType; + copy->errDetail = errDetail; // XXX: what to do with copy->peer_login? @@ -528,6 +529,14 @@ errDetail = aDetail; } +void +HttpRequest::clearError() +{ + debugs(11, 7, HERE << "old error details: " << errType << '/' << errDetail); + errType = ERR_NONE; + errDetail = ERR_DETAIL_NONE; +} + const char *HttpRequest::packableURI(bool full_uri) const { if (full_uri) diff -u -r -N squid-3.2.1/src/HttpRequest.h squid-3.2.2/src/HttpRequest.h --- squid-3.2.1/src/HttpRequest.h 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/HttpRequest.h 2012-10-06 15:08:36.000000000 +1200 @@ -121,6 +121,8 @@ /// sets error detail if no earlier detail was available void detailError(err_type aType, int aDetail); + /// clear error details, useful for retries/repeats + void clearError(); protected: void clean(); diff -u -r -N squid-3.2.1/src/ip/Address.cc squid-3.2.2/src/ip/Address.cc --- squid-3.2.1/src/ip/Address.cc 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/ip/Address.cc 2012-10-06 15:08:36.000000000 +1200 @@ -631,7 +631,12 @@ memset(dst, 0, sizeof(struct addrinfo)); // set defaults + // Mac OS X does not emit a flag indicating the output is numeric (IP address) +#if _SQUID_APPLE_ + dst->ai_flags = 0; +#else dst->ai_flags = AI_NUMERICHOST; +#endif if (dst->ai_socktype == 0) dst->ai_socktype = SOCK_STREAM; diff -u -r -N squid-3.2.1/src/ipc/mem/PageStack.cc squid-3.2.2/src/ipc/mem/PageStack.cc --- squid-3.2.1/src/ipc/mem/PageStack.cc 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/ipc/mem/PageStack.cc 2012-10-06 15:08:36.000000000 +1200 @@ -20,11 +20,17 @@ theSize(theCapacity), theLastReadable(prev(theSize)), theFirstWritable(next(theLastReadable)) { + theItems=new Item[theSize]; // initially, all pages are free for (Offset i = 0; i < theSize; ++i) theItems[i] = i + 1; // skip page number zero to keep numbers positive } +Ipc::Mem::PageStack::~PageStack() +{ + delete[] theItems; +} + /* * TODO: We currently rely on the theLastReadable hint during each * loop iteration. We could also use hint just for the start position: diff -u -r -N squid-3.2.1/src/ipc/mem/PageStack.h squid-3.2.2/src/ipc/mem/PageStack.h --- squid-3.2.1/src/ipc/mem/PageStack.h 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/ipc/mem/PageStack.h 2012-10-06 15:08:36.000000000 +1200 @@ -25,6 +25,7 @@ typedef uint32_t Value; ///< stack item type (a free page number) PageStack(const uint32_t aPoolId, const unsigned int aCapacity, const size_t aPageSize); + ~PageStack(); unsigned int capacity() const { return theCapacity; } size_t pageSize() const { return thePageSize; } @@ -67,7 +68,7 @@ Atomic::WordT theFirstWritable; typedef Atomic::WordT Item; - Item theItems[]; ///< page number storage + Item *theItems; ///< page number storage }; } // namespace Mem diff -u -r -N squid-3.2.1/src/ipc/Queue.cc squid-3.2.2/src/ipc/Queue.cc --- squid-3.2.1/src/ipc/Queue.cc 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/ipc/Queue.cc 2012-10-06 15:08:36.000000000 +1200 @@ -51,7 +51,12 @@ Ipc::QueueReaders::QueueReaders(const int aCapacity): theCapacity(aCapacity) { Must(theCapacity > 0); - new (theReaders) QueueReader[theCapacity]; + theReaders=new QueueReader[theCapacity]; +} + +Ipc::QueueReaders::~QueueReaders() +{ + delete[] theReaders; } size_t diff -u -r -N squid-3.2.1/src/ipc/Queue.h squid-3.2.2/src/ipc/Queue.h --- squid-3.2.1/src/ipc/Queue.h 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/ipc/Queue.h 2012-10-06 15:08:36.000000000 +1200 @@ -64,11 +64,16 @@ { public: QueueReaders(const int aCapacity); + ~QueueReaders(); size_t sharedMemorySize() const; static size_t SharedMemorySize(const int capacity); const int theCapacity; /// number of readers - QueueReader theReaders[]; /// readers + QueueReader *theReaders; /// readers +private: + QueueReaders(); //not implemented + QueueReaders& operator =(const QueueReaders&); //not implemented + QueueReaders(const QueueReaders&); //not implemented }; /** diff -u -r -N squid-3.2.1/src/ipc/StoreMap.cc squid-3.2.2/src/ipc/StoreMap.cc --- squid-3.2.1/src/ipc/StoreMap.cc 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/ipc/StoreMap.cc 2012-10-06 15:08:36.000000000 +1200 @@ -308,6 +308,12 @@ Ipc::StoreMap::Shared::Shared(const int aLimit, const size_t anExtrasSize): limit(aLimit), extrasSize(anExtrasSize), count(0) { + slots=new Slot[limit]; +} + +Ipc::StoreMap::Shared::~Shared() +{ + delete[] slots; } size_t diff -u -r -N squid-3.2.1/src/ipc/StoreMap.h squid-3.2.2/src/ipc/StoreMap.h --- squid-3.2.1/src/ipc/StoreMap.h 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/ipc/StoreMap.h 2012-10-06 15:08:36.000000000 +1200 @@ -62,11 +62,16 @@ Shared(const int aLimit, const size_t anExtrasSize); size_t sharedMemorySize() const; static size_t SharedMemorySize(const int limit, const size_t anExtrasSize); + ~Shared(); const int limit; ///< maximum number of map slots const size_t extrasSize; ///< size of slot extra data Atomic::Word count; ///< current number of map slots - Slot slots[]; ///< slots storage + Slot *slots; ///< slots storage + private: + Shared(); //disabled + Shared &operator=(const Shared&); //disabled + Shared(const Shared&); //disabled }; public: diff -u -r -N squid-3.2.1/src/neighbors.cc squid-3.2.2/src/neighbors.cc --- squid-3.2.1/src/neighbors.cc 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/neighbors.cc 2012-10-06 15:08:36.000000000 +1200 @@ -194,17 +194,6 @@ checklist.src_addr = request->client_addr; checklist.my_addr = request->my_addr; -#if 0 && USE_IDENT - /* - * this is currently broken because 'request->user_ident' has been - * moved to conn->rfc931 and we don't have access to the parent - * ConnStateData here. - */ - if (request->user_ident[0]) - xstrncpy(checklist.rfc931, request->user_ident, USER_IDENT_SZ); - -#endif - return (checklist.fastCheck() == ACCESS_ALLOWED); } @@ -413,9 +402,10 @@ void peerClearRRStart(void) { - static int event_added = 0; + static bool event_added = false; if (!event_added) { peerClearRRLoop(NULL); + event_added=true; } } diff -u -r -N squid-3.2.1/src/SquidString.h squid-3.2.2/src/SquidString.h --- squid-3.2.1/src/SquidString.h 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/SquidString.h 2012-10-06 15:08:36.000000000 +1200 @@ -58,13 +58,11 @@ public: static StringRegistry &Instance(); - void add - (String const *); + void add(String const *); StringRegistry(); - void remove - (String const *); + void remove(String const *); private: static OBJH Stat; @@ -87,8 +85,8 @@ public: _SQUID_INLINE_ String(); - String (char const *); - String (String const &); + String(char const *); + String(String const &); ~String(); typedef size_t size_type; //storage size intentionally unspecified @@ -134,7 +132,7 @@ void append(char const *buf, int len); void append(char const *buf); void append(char const); - void append (String const &); + void append(String const &); void absorb(String &old); const char * pos(char const *aString) const; const char * pos(char const ch) const; @@ -144,19 +142,19 @@ size_type find(char const *aString) const; const char * rpos(char const ch) const; size_type rfind(char const ch) const; - _SQUID_INLINE_ int cmp (char const *) const; - _SQUID_INLINE_ int cmp (char const *, size_type count) const; - _SQUID_INLINE_ int cmp (String const &) const; - _SQUID_INLINE_ int caseCmp (char const *) const; - _SQUID_INLINE_ int caseCmp (char const *, size_type count) const; - _SQUID_INLINE_ int caseCmp (String const &) const; + _SQUID_INLINE_ int cmp(char const *) const; + _SQUID_INLINE_ int cmp(char const *, size_type count) const; + _SQUID_INLINE_ int cmp(String const &) const; + _SQUID_INLINE_ int caseCmp(char const *) const; + _SQUID_INLINE_ int caseCmp(char const *, size_type count) const; + _SQUID_INLINE_ int caseCmp(String const &) const; String substr(size_type from, size_type to) const; _SQUID_INLINE_ void cut(size_type newLength); #if DEBUGSTRINGS - void stat (StoreEntry *) const; + void stat(StoreEntry *) const; #endif diff -u -r -N squid-3.2.1/src/String.cc squid-3.2.2/src/String.cc --- squid-3.2.1/src/String.cc 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/String.cc 2012-10-06 15:08:36.000000000 +1200 @@ -69,7 +69,7 @@ size_ = aSize; } -String::String (char const *aString) : size_(0), len_(0), buf_(NULL) +String::String(char const *aString) : size_(0), len_(0), buf_(NULL) { if (aString) allocAndFill(aString, strlen(aString)); @@ -87,7 +87,7 @@ } String & -String::operator = (String const &old) +String::operator =(String const &old) { clean(); // TODO: optimize to avoid cleaning the buffer we can use if (old.size() > 0) @@ -96,7 +96,7 @@ } bool -String::operator == (String const &that) const +String::operator ==(String const &that) const { if (0 == this->cmp(that)) return true; @@ -105,7 +105,7 @@ } bool -String::operator != (String const &that) const +String::operator !=(String const &that) const { if (0 == this->cmp(that)) return false; @@ -135,7 +135,7 @@ PROF_stop(StringAllocAndFill); } -String::String (String const &old) : size_(0), len_(0), buf_(NULL) +String::String(String const &old) : size_(0), len_(0), buf_(NULL) { if (old.size() > 0) allocAndFill(old.rawBuf(), old.size()); @@ -173,7 +173,7 @@ } void -String::reset(const char *str) +String::reset(char const *str) { PROF_start(StringReset); clean(); // TODO: optimize to avoid cleaning the buffer if we can reuse it @@ -183,7 +183,7 @@ } void -String::append(const char *str, int len) +String::append( char const *str, int len) { assert(this); assert(str && len >= 0); @@ -215,23 +215,23 @@ void String::append(char const *str) { - assert (str); - append (str, strlen(str)); + assert(str); + append(str, strlen(str)); } void -String::append (char chr) +String::append(char const chr) { char myString[2]; myString[0]=chr; myString[1]='\0'; - append (myString, 1); + append(myString, 1); } void String::append(String const &old) { - append (old.rawBuf(), old.len_); + append(old.rawBuf(), old.len_); } void diff -u -r -N squid-3.2.1/src/String.cci squid-3.2.2/src/String.cci --- squid-3.2.1/src/String.cci 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/String.cci 2012-10-06 15:08:36.000000000 +1200 @@ -42,8 +42,7 @@ #endif /* INT_MAX */ #endif /* HAVE_STDINT_H */ - -String::String() : size_(0), len_(0), buf_ (NULL) +String::String() : size_(0), len_(0), buf_(NULL) { #if DEBUGSTRINGS StringRegistry::Instance().add(this); @@ -107,7 +106,7 @@ int -String::cmp (char const *aString) const +String::cmp(char const *aString) const { int result = 0; if (nilCmp(!size(), (!aString || !*aString), result)) @@ -117,7 +116,7 @@ } int -String::cmp (char const *aString, String::size_type count) const +String::cmp(char const *aString, String::size_type count) const { int result = 0; if (nilCmp((!size() || !count), (!aString || !*aString || !count), result)) @@ -127,7 +126,7 @@ } int -String::cmp (String const &aString) const +String::cmp(String const &aString) const { int result = 0; if (nilCmp(!size(), !aString.size(), result)) diff -u -r -N squid-3.2.1/src/tests/testRock.cc squid-3.2.2/src/tests/testRock.cc --- squid-3.2.1/src/tests/testRock.cc 2012-08-15 15:24:19.000000000 +1200 +++ squid-3.2.2/src/tests/testRock.cc 2012-10-06 15:08:36.000000000 +1200 @@ -17,6 +17,9 @@ #if HAVE_STDEXCEPT #include #endif +#if HAVE_UNISTD_H +#include +#endif #define TESTDIR "testRock__testRockSearch" @@ -24,6 +27,8 @@ extern REMOVALPOLICYCREATE createRemovalPolicy_lru; +static char cwd[MAXPATHLEN]; + static void addSwapDir(testRock::SwapDirPointer aStore) { @@ -41,7 +46,9 @@ throw std::runtime_error("Failed to clean test work directory"); // use current directory for shared segments (on path-based OSes) - Ipc::Mem::Segment::BasePath = "."; + Ipc::Mem::Segment::BasePath = getcwd(cwd,MAXPATHLEN); + if (Ipc::Mem::Segment::BasePath == NULL) + Ipc::Mem::Segment::BasePath = "."; Store::Root(new StoreController);