diff -u -r -N squid-3.3.5/ChangeLog squid-3.3.6/ChangeLog --- squid-3.3.5/ChangeLog 2013-05-20 23:48:55.000000000 +1200 +++ squid-3.3.6/ChangeLog 2013-07-01 16:02:11.000000000 +1200 @@ -1,4 +1,18 @@ +Changes to squid-3.3.6 (01 Jul 2013): + + - Bug 3854: pt1: compile errors on AIX + - Bug 3802: Fix wrong check inside Format::Format::assemble + - Bug 3762: remove bogus WARNING in cache.log + - Bug 3717: assertion failed with dstdom_regex with IP based URL + - Bug 1991: kqueue causes SSL to hang + - Ask for SSL key password when started with -N but without sslpassword_program + - Make sure %. # @@ -575,8 +575,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='3.3.5' -PACKAGE_STRING='Squid Web Proxy 3.3.5' +PACKAGE_VERSION='3.3.6' +PACKAGE_STRING='Squid Web Proxy 3.3.6' PACKAGE_BUGREPORT='http://bugs.squid-cache.org/' PACKAGE_URL='' @@ -1570,7 +1570,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 3.3.5 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 3.3.6 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1640,7 +1640,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 3.3.5:";; + short | recursive ) echo "Configuration of Squid Web Proxy 3.3.6:";; esac cat <<\_ACEOF @@ -2014,7 +2014,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 3.3.5 +Squid Web Proxy configure 3.3.6 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -3110,7 +3110,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 3.3.5, which was +It was created by Squid Web Proxy $as_me 3.3.6, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -3929,7 +3929,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='3.3.5' + VERSION='3.3.6' cat >>confdefs.h <<_ACEOF @@ -31680,7 +31680,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 3.3.5, which was +This file was extended by Squid Web Proxy $as_me 3.3.6, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -31746,7 +31746,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Squid Web Proxy config.status 3.3.5 +Squid Web Proxy config.status 3.3.6 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff -u -r -N squid-3.3.5/configure.ac squid-3.3.6/configure.ac --- squid-3.3.5/configure.ac 2013-05-20 23:50:55.000000000 +1200 +++ squid-3.3.6/configure.ac 2013-07-01 16:03:25.000000000 +1200 @@ -1,4 +1,4 @@ -AC_INIT([Squid Web Proxy],[3.3.5],[http://bugs.squid-cache.org/],[squid]) +AC_INIT([Squid Web Proxy],[3.3.6],[http://bugs.squid-cache.org/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) diff -u -r -N squid-3.3.5/helpers/basic_auth/DB/basic_db_auth.8 squid-3.3.6/helpers/basic_auth/DB/basic_db_auth.8 --- squid-3.3.5/helpers/basic_auth/DB/basic_db_auth.8 2013-05-21 00:24:20.000000000 +1200 +++ squid-3.3.6/helpers/basic_auth/DB/basic_db_auth.8 2013-07-01 16:28:41.000000000 +1200 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_DB_AUTH 1" -.TH BASIC_DB_AUTH 1 "2013-05-20" "perl v5.10.1" "User Contributed Perl Documentation" +.TH BASIC_DB_AUTH 1 "2013-06-30" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.3.5/helpers/basic_auth/NCSA/basic_ncsa_auth.cc squid-3.3.6/helpers/basic_auth/NCSA/basic_ncsa_auth.cc --- squid-3.3.5/helpers/basic_auth/NCSA/basic_ncsa_auth.cc 2013-05-20 23:48:55.000000000 +1200 +++ squid-3.3.6/helpers/basic_auth/NCSA/basic_ncsa_auth.cc 2013-07-01 16:02:11.000000000 +1200 @@ -149,8 +149,8 @@ continue; } char *crypted = NULL; - size_t passwordLength = strlen(passwd); #if HAVE_CRYPT + size_t passwordLength = strlen(passwd); // Bug 3831: given algorithms more secure than DES crypt() does not truncate, so we can ignore the bug 3107 length checks below // '$1$' = MD5, '$2a$' = Blowfish, '$5$' = SHA256 (Linux), '$6$' = SHA256 (BSD) and SHA512 if (passwordLength > 1 && u->passwd[0] == '$' && diff -u -r -N squid-3.3.5/helpers/external_acl/SQL_session/ext_sql_session_acl.8 squid-3.3.6/helpers/external_acl/SQL_session/ext_sql_session_acl.8 --- squid-3.3.5/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2013-05-21 00:24:25.000000000 +1200 +++ squid-3.3.6/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2013-07-01 16:28:43.000000000 +1200 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EXT_SQL_SESSION_ACL 1" -.TH EXT_SQL_SESSION_ACL 1 "2013-05-20" "perl v5.10.1" "User Contributed Perl Documentation" +.TH EXT_SQL_SESSION_ACL 1 "2013-06-30" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.3.5/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 squid-3.3.6/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 --- squid-3.3.5/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2013-05-21 00:24:26.000000000 +1200 +++ squid-3.3.6/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2013-07-01 16:28:43.000000000 +1200 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EXT_WBINFO_GROUP_ACL.PL.IN 1" -.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-05-20" "perl v5.10.1" "User Contributed Perl Documentation" +.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-06-30" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.3.5/helpers/log_daemon/DB/log_db_daemon.8 squid-3.3.6/helpers/log_daemon/DB/log_db_daemon.8 --- squid-3.3.5/helpers/log_daemon/DB/log_db_daemon.8 2013-05-21 00:24:26.000000000 +1200 +++ squid-3.3.6/helpers/log_daemon/DB/log_db_daemon.8 2013-07-01 16:28:43.000000000 +1200 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "LOG_DB_DAEMON 1" -.TH LOG_DB_DAEMON 1 "2013-05-20" "perl v5.10.1" "User Contributed Perl Documentation" +.TH LOG_DB_DAEMON 1 "2013-06-30" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.3.5/include/version.h squid-3.3.6/include/version.h --- squid-3.3.5/include/version.h 2013-05-20 23:50:56.000000000 +1200 +++ squid-3.3.6/include/version.h 2013-07-01 16:03:25.000000000 +1200 @@ -7,7 +7,7 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1369050531 +#define SQUID_RELEASE_TIME 1372651329 #endif #ifndef APP_SHORTNAME diff -u -r -N squid-3.3.5/RELEASENOTES.html squid-3.3.6/RELEASENOTES.html --- squid-3.3.5/RELEASENOTES.html 2013-05-21 00:24:44.000000000 +1200 +++ squid-3.3.6/RELEASENOTES.html 2013-07-01 16:28:50.000000000 +1200 @@ -2,10 +2,10 @@ - Squid 3.3.5 release notes + Squid 3.3.6 release notes -

Squid 3.3.5 release notes

+

Squid 3.3.6 release notes

Squid Developers

@@ -56,7 +56,7 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-3.3.5.

+

The Squid Team are pleased to announce the release of Squid-3.3.6.

This new release is available for download from http://www.squid-cache.org/Versions/v3/3.3/ or the mirrors.

diff -u -r -N squid-3.3.5/snmplib/parse.c squid-3.3.6/snmplib/parse.c --- squid-3.3.5/snmplib/parse.c 2013-05-20 23:48:55.000000000 +1200 +++ squid-3.3.6/snmplib/parse.c 2013-07-01 16:02:11.000000000 +1200 @@ -691,7 +691,9 @@ if (count == (length - 2)) { if (op->label) { strncpy(np->parent, op->label, sizeof(np->parent)); + np->parent[sizeof(np->parent-1)] = '\0'; strncpy(np->label, name, sizeof(np->label)); + np->label[sizeof(np->label-1)] = '\0'; if (nop->subid != -1) np->subid = nop->subid; else diff -u -r -N squid-3.3.5/src/acl/Acl.cc squid-3.3.6/src/acl/Acl.cc --- squid-3.3.5/src/acl/Acl.cc 2013-05-20 23:48:55.000000000 +1200 +++ squid-3.3.6/src/acl/Acl.cc 2013-07-01 16:02:11.000000000 +1200 @@ -335,13 +335,24 @@ AclMatchedName = _acl->name; debugs(28, 3, "ACLList::matches: checking " << (op ? null_string : "!") << _acl->name); - if (_acl->checklistMatches(checklist) != op) { - debugs(28, 4, "ACLList::matches: result is false"); - return false; + bool result = false; + if (_acl->checklistMatches(checklist) == 1) { + debugs(28, 5, _acl->name << " matched" << (op ? "." : ", negating.")); + result = (op != 0); + } else if (checklist->finished()) { + debugs(28, 5, _acl->name << " failed."); + result = false; + } else if (checklist->asyncNeeded()) { + debugs(28, 5, _acl->name << " needs async lookup"); + result = false; + } else { + debugs(28, 5, _acl->name << " mismatched" << (op ? "." : ", negating.")); + result = (op == 0); } - debugs(28, 4, "ACLList::matches: result is true"); - return true; + debugs(28, 4, (op ? null_string : "!") << _acl->name << " result is " << + (result ? "true" : "false")); + return result; } /*********************/ diff -u -r -N squid-3.3.5/src/adaptation/icap/ModXact.cc squid-3.3.6/src/adaptation/icap/ModXact.cc --- squid-3.3.5/src/adaptation/icap/ModXact.cc 2013-05-20 23:48:55.000000000 +1200 +++ squid-3.3.6/src/adaptation/icap/ModXact.cc 2013-07-01 16:02:11.000000000 +1200 @@ -1254,9 +1254,11 @@ void Adaptation::Icap::ModXact::finalizeLogInfo() { HttpRequest * request_ = NULL; + HttpRequest * adapted_request_ = NULL; HttpReply * reply_ = NULL; - if (!(request_ = dynamic_cast(adapted.header))) { - request_ = (virgin.cause? virgin.cause: dynamic_cast(virgin.header)); + request_ = (virgin.cause? virgin.cause: dynamic_cast(virgin.header)); + if (!(adapted_request_ = dynamic_cast(adapted.header))) { + adapted_request_ = request_; reply_ = dynamic_cast(adapted.header); } @@ -1270,6 +1272,8 @@ al.cache.caddr = request_->client_addr; al.request = HTTPMSGLOCK(request_); + al.adapted_request = HTTPMSGLOCK(adapted_request_); + if (reply_) al.reply = HTTPMSGLOCK(reply_); else @@ -1313,7 +1317,7 @@ packerClean(&p); mb.clean(); } - prepareLogWithRequestDetails(request_, alep); + prepareLogWithRequestDetails(adapted_request_, alep); Xaction::finalizeLogInfo(); } diff -u -r -N squid-3.3.5/src/adaptation/icap/Xaction.cc squid-3.3.6/src/adaptation/icap/Xaction.cc --- squid-3.3.5/src/adaptation/icap/Xaction.cc 2013-05-20 23:48:55.000000000 +1200 +++ squid-3.3.6/src/adaptation/icap/Xaction.cc 2013-07-01 16:02:11.000000000 +1200 @@ -549,7 +549,11 @@ void Adaptation::Icap::Xaction::maybeLog() { if (IcapLogfileStatus == LOG_ENABLE) { - ACLChecklist *checklist = new ACLFilledChecklist(::Config.accessList.icap, al.request, dash_str); + ACLFilledChecklist *checklist = new ACLFilledChecklist(::Config.accessList.icap, al.request, dash_str); + if (al.reply) { + checklist->reply = al.reply; + HTTPMSGLOCK(checklist->reply); + } if (!::Config.accessList.icap || checklist->fastCheck() == ACCESS_ALLOWED) { finalizeLogInfo(); icapLogLog(alep, checklist); diff -u -r -N squid-3.3.5/src/cache_cf.cc squid-3.3.6/src/cache_cf.cc --- squid-3.3.5/src/cache_cf.cc 2013-05-20 23:48:55.000000000 +1200 +++ squid-3.3.6/src/cache_cf.cc 2013-07-01 16:02:11.000000000 +1200 @@ -674,12 +674,6 @@ Config.Store.maxObjectSize = 0x7FFF0000; } #endif - if (0 == Store::Root().maxSize()) - /* people might want a zero-sized cache on purpose */ - (void) 0; - else if (Store::Root().maxSize() < Config.memMaxSize) - /* This is bogus. folk with NULL caches will want this */ - debugs(3, DBG_CRITICAL, "WARNING cache_mem is larger than total disk cache space!"); if (Config.Announce.period > 0) { Config.onoff.announce = 1; diff -u -r -N squid-3.3.5/src/cf.data.pre squid-3.3.6/src/cf.data.pre --- squid-3.3.5/src/cf.data.pre 2013-05-20 23:48:55.000000000 +1200 +++ squid-3.3.6/src/cf.data.pre 2013-07-01 16:02:11.000000000 +1200 @@ -7329,6 +7329,8 @@ can even specify multiple identical services as long as their service_names differ. + To activate a service, use the adaptation_access directive. To group + services, use adaptation_service_chain and adaptation_service_set. Service options are separated by white space. ICAP services support the following name=value options: @@ -7460,6 +7462,8 @@ eCAP service must have a unique URI. Obtain the right URI from the service provider. + To activate a service, use the adaptation_access directive. To group + services, use adaptation_service_chain and adaptation_service_set. Service options are separated by white space. eCAP services support the following name=value options: diff -u -r -N squid-3.3.5/src/comm/ModKqueue.cc squid-3.3.6/src/comm/ModKqueue.cc --- squid-3.3.5/src/comm/ModKqueue.cc 2013-05-20 23:48:55.000000000 +1200 +++ squid-3.3.6/src/comm/ModKqueue.cc 2013-07-01 16:02:11.000000000 +1200 @@ -197,7 +197,11 @@ ", timeout=" << timeout); if (type & COMM_SELECT_READ) { + if (F->flags.read_pending) + kq_update_events(fd, EVFILT_WRITE, handler); + kq_update_events(fd, EVFILT_READ, handler); + F->read_handler = handler; F->read_data = client_data; } @@ -290,31 +294,24 @@ continue; /* XXX! */ } - switch (ke[i].filter) { - - case EVFILT_READ: - + if (ke[i].filter == EVFILT_READ || F->flags.read_pending) { if ((hdl = F->read_handler) != NULL) { F->read_handler = NULL; F->flags.read_pending = 0; hdl(fd, F->read_data); } + } - break; - - case EVFILT_WRITE: - + if (ke[i].filter == EVFILT_WRITE) { if ((hdl = F->write_handler) != NULL) { F->write_handler = NULL; hdl(fd, F->write_data); } + } - break; - - default: + if (ke[i].filter != EVFILT_WRITE && ke[i].filter != EVFILT_READ) { /* Bad! -- adrian */ debugs(5, DBG_IMPORTANT, "comm_select: kevent returned " << ke[i].filter << "!"); - break; } } diff -u -r -N squid-3.3.5/src/dns.cc squid-3.3.6/src/dns.cc --- squid-3.3.5/src/dns.cc 2013-05-20 23:48:55.000000000 +1200 +++ squid-3.3.6/src/dns.cc 2013-07-01 16:02:11.000000000 +1200 @@ -39,6 +39,10 @@ #include "Store.h" #include "wordlist.h" +#if SQUID_SNMP +#include "snmp_core.h" +#endif + /* MS VisualStudio Projects are monolitich, so we need the following #if to include the external DNS code in compile process when using external DNS. diff -u -r -N squid-3.3.5/src/external_acl.cc squid-3.3.6/src/external_acl.cc --- squid-3.3.5/src/external_acl.cc 2013-05-20 23:48:55.000000000 +1200 +++ squid-3.3.6/src/external_acl.cc 2013-07-01 16:02:11.000000000 +1200 @@ -185,7 +185,7 @@ #if USE_SSL EXT_ACL_USER_CERT, - EXT_ACL_CA_CERT, + EXT_ACL_USER_CA_CERT, EXT_ACL_USER_CERT_RAW, EXT_ACL_USER_CERTCHAIN_RAW, #endif @@ -414,28 +414,31 @@ if (strncmp(token, "%{", 2) == 0) { // deprecated. but assume the old configs all referred to request headers. - debugs(82, DBG_IMPORTANT, "WARNING: external_acl_type format %{...} is being replaced by %>{...} for : " << token); + debugs(82, DBG_PARSE_NOTE(DBG_IMPORTANT), "WARNING: external_acl_type format %{...} is being replaced by %>ha{...} for : " << token); parse_header_token(format, (token+2), _external_acl_format::EXT_ACL_HEADER_REQUEST); } else if (strncmp(token, "%>{", 3) == 0) { + debugs(82, DBG_PARSE_NOTE(DBG_IMPORTANT), "WARNING: external_acl_type format %>{...} is being replaced by %>ha{...} for : " << token); + parse_header_token(format, (token+3), _external_acl_format::EXT_ACL_HEADER_REQUEST); + } else if (strncmp(token, "%>ha{", 5) == 0) { parse_header_token(format, (token+3), _external_acl_format::EXT_ACL_HEADER_REQUEST); } else if (strncmp(token, "%<{", 3) == 0) { + debugs(82, DBG_PARSE_NOTE(DBG_IMPORTANT), "WARNING: external_acl_type format %<{...} is being replaced by %type = _external_acl_format::EXT_ACL_LOGIN; a->require_auth = true; #endif } - #if USE_IDENT - else if (strcmp(token, "%IDENT") == 0) + else if (strcmp(token, "%IDENT") == 0 || strcmp(token, "%ui") == 0) format->type = _external_acl_format::EXT_ACL_IDENT; - #endif - - else if (strcmp(token, "%SRC") == 0) + else if (strcmp(token, "%SRC") == 0 || strcmp(token, "%>a") == 0) format->type = _external_acl_format::EXT_ACL_SRC; - else if (strcmp(token, "%SRCPORT") == 0) + else if (strcmp(token, "%SRCPORT") == 0 || strcmp(token, "%>p") == 0) format->type = _external_acl_format::EXT_ACL_SRCPORT; #if USE_SQUID_EUI else if (strcmp(token, "%SRCEUI48") == 0) @@ -443,11 +446,11 @@ else if (strcmp(token, "%SRCEUI64") == 0) format->type = _external_acl_format::EXT_ACL_SRCEUI64; #endif - else if (strcmp(token, "%MYADDR") == 0) + else if (strcmp(token, "%MYADDR") == 0 || strcmp(token, "%la") == 0) format->type = _external_acl_format::EXT_ACL_MYADDR; - else if (strcmp(token, "%MYPORT") == 0) + else if (strcmp(token, "%MYPORT") == 0 || strcmp(token, "%lp") == 0) format->type = _external_acl_format::EXT_ACL_MYPORT; - else if (strcmp(token, "%URI") == 0) + else if (strcmp(token, "%URI") == 0 || strcmp(token, "%>ru") == 0) format->type = _external_acl_format::EXT_ACL_URI; else if (strcmp(token, "%DST") == 0) format->type = _external_acl_format::EXT_ACL_DST; @@ -455,11 +458,10 @@ format->type = _external_acl_format::EXT_ACL_PROTO; else if (strcmp(token, "%PORT") == 0) format->type = _external_acl_format::EXT_ACL_PORT; - else if (strcmp(token, "%PATH") == 0) + else if (strcmp(token, "%PATH") == 0 || strcmp(token, "%>rp") == 0) format->type = _external_acl_format::EXT_ACL_PATH; - else if (strcmp(token, "%METHOD") == 0) + else if (strcmp(token, "%METHOD") == 0 || strcmp(token, "%>rm") == 0) format->type = _external_acl_format::EXT_ACL_METHOD; - #if USE_SSL else if (strcmp(token, "%USER_CERT") == 0) format->type = _external_acl_format::EXT_ACL_USER_CERT_RAW; @@ -468,8 +470,12 @@ else if (strncmp(token, "%USER_CERT_", 11) == 0) { format->type = _external_acl_format::EXT_ACL_USER_CERT; format->header = xstrdup(token + 11); + } else if (strncmp(token, "%USER_CA_CERT_", 11) == 0) { + format->type = _external_acl_format::EXT_ACL_USER_CA_CERT; + format->header = xstrdup(token + 11); } else if (strncmp(token, "%CA_CERT_", 11) == 0) { - format->type = _external_acl_format::EXT_ACL_USER_CERT; + debugs(82, DBG_PARSE_NOTE(DBG_IMPORTANT), "WARNING: external_acl_type %CA_CERT_* code is obsolete. Use %USER_CA_CERT_* instead"); + format->type = _external_acl_format::EXT_ACL_USER_CA_CERT; format->header = xstrdup(token + 11); } #endif @@ -612,7 +618,7 @@ DUMP_EXT_ACL_TYPE_FMT(USER_CERT_RAW, " %%USER_CERT_RAW"); DUMP_EXT_ACL_TYPE_FMT(USER_CERTCHAIN_RAW, " %%USER_CERTCHAIN_RAW"); DUMP_EXT_ACL_TYPE_FMT(USER_CERT, " %%USER_CERT_%s", format->header); - DUMP_EXT_ACL_TYPE_FMT(CA_CERT, " %%CA_CERT_%s", format->header); + DUMP_EXT_ACL_TYPE_FMT(USER_CA_CERT, " %%USER_CA_CERT_%s", format->header); #endif #if USE_AUTH DUMP_EXT_ACL_TYPE(EXT_USER); @@ -1127,7 +1133,7 @@ break; - case _external_acl_format::EXT_ACL_CA_CERT: + case _external_acl_format::EXT_ACL_USER_CA_CERT: if (ch->conn() != NULL && Comm::IsConnOpen(ch->conn()->clientConnection)) { SSL *ssl = fd_table[ch->conn()->clientConnection->fd].ssl; diff -u -r -N squid-3.3.5/src/format/Format.cc squid-3.3.6/src/format/Format.cc --- squid-3.3.5/src/format/Format.cc 2013-05-20 23:48:55.000000000 +1200 +++ squid-3.3.6/src/format/Format.cc 2013-07-01 16:02:11.000000000 +1200 @@ -510,7 +510,7 @@ case LFT_ADAPTED_REQUEST_HEADER: - if (al->request) + if (al->adapted_request) sb = al->adapted_request->header.getByName(fmt->data.header.header); out = sb.termedBuf(); @@ -629,7 +629,7 @@ break; case LFT_ICAP_REQ_HEADER_ELEM: - if (al->request) + if (al->icap.request) sb = al->icap.request->header.getByNameListMember(fmt->data.header.header, fmt->data.header.element, fmt->data.header.separator); out = sb.termedBuf(); diff -u -r -N squid-3.3.5/src/forward.cc squid-3.3.6/src/forward.cc --- squid-3.3.5/src/forward.cc 2013-05-20 23:48:55.000000000 +1200 +++ squid-3.3.6/src/forward.cc 2013-07-01 16:02:11.000000000 +1200 @@ -935,7 +935,7 @@ debugs(17, 3, "fwdConnectStart: " << entry->url()); - if (n_tries == 0) // first attempt + if (!request->hier.first_conn_start.tv_sec) // first attempt request->hier.first_conn_start = current_time; /* connection timeout */ diff -u -r -N squid-3.3.5/src/ip/Address.cc squid-3.3.6/src/ip/Address.cc --- squid-3.3.5/src/ip/Address.cc 2013-05-20 23:48:55.000000000 +1200 +++ squid-3.3.6/src/ip/Address.cc 2013-07-01 16:02:11.000000000 +1200 @@ -451,7 +451,7 @@ { /* some AF_* magic to tell socket types apart and what we need to do */ if (s.ss_family == AF_INET6) { - memcpy(&m_SocketAddr, &s, sizeof(struct sockaddr_in)); + memcpy(&m_SocketAddr, &s, sizeof(struct sockaddr_in6)); } else { // convert it to our storage mapping. struct sockaddr_in *sin = (struct sockaddr_in*)&s; m_SocketAddr.sin6_port = sin->sin_port; diff -u -r -N squid-3.3.5/src/ssl/support.cc squid-3.3.6/src/ssl/support.cc --- squid-3.3.5/src/ssl/support.cc 2013-05-20 23:48:55.000000000 +1200 +++ squid-3.3.6/src/ssl/support.cc 2013-07-01 16:02:11.000000000 +1200 @@ -1521,7 +1521,10 @@ chain.reset(sk_X509_new_null()); if (!chain) debugs(83, DBG_IMPORTANT, "WARNING: unable to allocate memory for cert chain"); - pkey.reset(readSslPrivateKey(keyFilename, ssl_ask_password_cb)); + // XXX: ssl_ask_password_cb needs SSL_CTX_set_default_passwd_cb_userdata() + // so this may not fully work iff Config.Program.ssl_password is set. + pem_password_cb *cb = ::Config.Program.ssl_password ? &ssl_ask_password_cb : NULL; + pkey.reset(readSslPrivateKey(keyFilename, cb)); cert.reset(readSslX509CertificatesChain(certFilename, chain.get())); if (!pkey || !cert || !X509_check_private_key(cert.get(), pkey.get())) { pkey.reset(NULL); diff -u -r -N squid-3.3.5/tools/squidclient.cc squid-3.3.6/tools/squidclient.cc --- squid-3.3.5/tools/squidclient.cc 2013-05-20 23:48:55.000000000 +1200 +++ squid-3.3.6/tools/squidclient.cc 2013-07-01 16:02:11.000000000 +1200 @@ -145,6 +145,13 @@ int total_bytes = 0; int io_timeout = 120; +#if _SQUID_AIX_ +/* Bug 3854: AIX 6.1 tries to link in this fde.h global symbol + * despite squidclient not using any of the fd_* code. + */ +fde *fde::Table = NULL; +#endif + #if _SQUID_WINDOWS_ void Win32SockCleanup(void)