diff -u -r -N squid-3.4.0.2/acinclude/compiler-flags.m4 squid-3.4.0.3/acinclude/compiler-flags.m4 --- squid-3.4.0.2/acinclude/compiler-flags.m4 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/acinclude/compiler-flags.m4 2013-12-01 02:20:43.000000000 +1300 @@ -38,7 +38,7 @@ AC_REQUIRE([AC_PROG_CC]) SAVED_FLAGS="$CFLAGS" SAVED_CXXFLAGS="$CXXFLAGS" - CFLAGS="$CXXFLAGS $2" + CFLAGS="$CFLAGS $2" CXXFLAGS="$CXXFLAGS $2" AC_TRY_LINK([],[int foo; ], [$1=yes],[$1=no]) diff -u -r -N squid-3.4.0.2/ChangeLog squid-3.4.0.3/ChangeLog --- squid-3.4.0.2/ChangeLog 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/ChangeLog 2013-12-01 02:20:43.000000000 +1300 @@ -1,3 +1,11 @@ +Changes to squid-3.4.0.3 (01 Dec 2013): + + - Bug 3941: Release notes error + - Receive annotations from authentication and external ACL helpers + - basic_nis_auth: Improved portability + - ... and several documentation updates + - ... and all bug fixes from 3.3.9, 3.3.10, 3.3.11 + Changes to squid-3.4.0.2 (03 Oct 2013): - Regression Bug 3891: squid.conf parser errors in 3.4.0.1 @@ -54,6 +62,40 @@ - ... and many documentation changes - ... and much code cleanup and polishing +Changes to squid-3.3.11 (01 Dec 2013): + + - Regression Bug 3936: error-details.txt parse error with OpenSSL since 3.3.9 + - Bug 3972: Segfault when getting the deny_info page ID after a reconfigure + - Bug 3970: max_filedescriptors disabled due to missing setrlimit + - Bug 3967: ipc/Kid.cc compilation failure: 'time' was not declared in this scope + - Bug 3960: DEAD cache_peer are not revived + - Bug 3956: xstrndup: tried to dup a NULL pointer + - Bug 3906: Filedescriptor leaks in SNMP + - Bug 3782: Digest authentication not obeying nonce_max_count + - HTTP/1.1: Make header parser obey relaxed_header_parser + - HTTP/1.1: Re-compute Range response content offset after an FTP response was adapted + - SMP: Replace blocking sleep(3) and close UDS socket on failures + - Windows: fix several compile errors + +Changes to squid-3.3.10 (03 Nov 2013): + + - Bug 3929: request_header_add not working for tunnel requests + - Bug 3923: cbdata and undefined behavior due to dynamic runtime enumeration + - Bug 3918: Self Test Failures on Mac OS X 10.8 + - Bug 3887: tcp_outgoing_tos not working for IPv6 + - Bug 3836: Fix issues with automake 1.13+ and make check + - Bug 3480: StoreEntry::kickProducer() segfaults in store_client::copy() + - Fix pinning hierarchy log information + - Fix close idle client connections associated with closed idle pinned connections. + - Fix cbdata 'error: expression result unused' errors + - Avoid "hot idle": A series of rapid select() calls with zero timeout. + - Append Connection:close to OPTIONS requests when icap_persistent_connections is off + - ntlm_fake_auth: pass DOMAIN data to Squid in original case + - kerberos_ldap_group: fix LDAP string duplication + - Use IPv6 localhost nameserver on DNS configuration errors + - Add cache_miss_revalidate + - ... and several portability improvements + Changes to squid-3.3.9 (11 Sep 2013): - Regression Bug 3077: off-by-one error in Digest header decoding diff -u -r -N squid-3.4.0.2/configure squid-3.4.0.3/configure --- squid-3.4.0.2/configure 2013-10-04 00:33:30.000000000 +1200 +++ squid-3.4.0.3/configure 2013-12-01 02:21:24.000000000 +1300 @@ -1,7 +1,7 @@ #! /bin/sh # From configure.ac Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.4.0.2. +# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.4.0.3. # # Report bugs to . # @@ -575,8 +575,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='3.4.0.2' -PACKAGE_STRING='Squid Web Proxy 3.4.0.2' +PACKAGE_VERSION='3.4.0.3' +PACKAGE_STRING='Squid Web Proxy 3.4.0.3' PACKAGE_BUGREPORT='http://bugs.squid-cache.org/' PACKAGE_URL='' @@ -736,6 +736,10 @@ STORE_TESTS STORE_LIBS_TO_ADD STORE_LIBS_TO_BUILD +HAVE_FS_ROCK_FALSE +HAVE_FS_ROCK_TRUE +HAVE_FS_UFS_FALSE +HAVE_FS_UFS_TRUE USE_AIO_WIN32_FALSE USE_AIO_WIN32_TRUE USE_AIOPS_WIN32_FALSE @@ -1575,7 +1579,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 3.4.0.2 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 3.4.0.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1645,7 +1649,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 3.4.0.2:";; + short | recursive ) echo "Configuration of Squid Web Proxy 3.4.0.3:";; esac cat <<\_ACEOF @@ -2033,7 +2037,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 3.4.0.2 +Squid Web Proxy configure 3.4.0.3 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -3129,7 +3133,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 3.4.0.2, which was +It was created by Squid Web Proxy $as_me 3.4.0.3, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -3948,7 +3952,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='3.4.0.2' + VERSION='3.4.0.3' cat >>confdefs.h <<_ACEOF @@ -6017,7 +6021,7 @@ SAVED_FLAGS="$CFLAGS" SAVED_CXXFLAGS="$CXXFLAGS" - CFLAGS="$CXXFLAGS -march=native" + CFLAGS="$CFLAGS -march=native" CXXFLAGS="$CXXFLAGS -march=native" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -19991,13 +19995,30 @@ "x$squid_disk_module_candidates_Blocking" != "xyes"; then as_fn_error $? "Storage module Rock requires IpcIo or Blocking DiskIO module" "$LINENO" 5 fi - STORE_TESTS="$STORE_TESTS tests/testRock$EXEEXT" + squid_do_build_rock=true ;; ufs) - STORE_TESTS="$STORE_TESTS tests/testUfs$EXEEXT" + squid_do_build_ufs=true + ;; esac done + if test "x$squid_do_build_ufs" = "xtrue" ; then + HAVE_FS_UFS_TRUE= + HAVE_FS_UFS_FALSE='#' +else + HAVE_FS_UFS_TRUE='#' + HAVE_FS_UFS_FALSE= +fi + + if test "x$squid_do_build_rock" = "xtrue" ; then + HAVE_FS_ROCK_TRUE= + HAVE_FS_ROCK_FALSE='#' +else + HAVE_FS_ROCK_TRUE='#' + HAVE_FS_ROCK_FALSE= +fi + @@ -22701,12 +22722,19 @@ elif test "x$helper" = "xNIS" ; then - for ac_header in rpcsvc/yp_prot.h + for ac_header in sys/types.h rpc/rpc.h rpcsvc/yp_prot.h do : - ac_fn_cxx_check_header_mongrel "$LINENO" "rpcsvc/yp_prot.h" "ac_cv_header_rpcsvc_yp_prot_h" "$ac_includes_default" -if test "x$ac_cv_header_rpcsvc_yp_prot_h" = xyes; then : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_cxx_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" " +#if HAVE_RPC_RPC_H +#include +#endif + + +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF -#define HAVE_RPCSVC_YP_PROT_H 1 +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF BUILD_HELPER="NIS" fi @@ -28746,13 +28774,14 @@ esac - # Check whether --with-maxfd was given. if test "${with_maxfd+set}" = set; then : withval=$with_maxfd; case ${withval} in [0-9]*) squid_filedescriptors_num=$withval + { $as_echo "$as_me:${as_lineno-$LINENO}: forcing default of $squid_filedescriptors_num filedescriptors (user-forced)" >&5 +$as_echo "$as_me: forcing default of $squid_filedescriptors_num filedescriptors (user-forced)" >&6;} ;; *) as_fn_error $? "--with-maxfd expects a numeric argument" "$LINENO" 5 @@ -28769,6 +28798,8 @@ case ${withval} in [0-9]*) squid_filedescriptors_num=$withval + { $as_echo "$as_me:${as_lineno-$LINENO}: forcing default of $squid_filedescriptors_num filedescriptors (user-forced)" >&5 +$as_echo "$as_me: forcing default of $squid_filedescriptors_num filedescriptors (user-forced)" >&6;} ;; *) as_fn_error $? "--with-filedescriptors expects a numeric argument" "$LINENO" 5 @@ -28834,7 +28865,6 @@ _ACEOF -if test "x$squid_filedescriptors_num" = "x"; then for ac_func in setrlimit do : @@ -28988,9 +29018,9 @@ $as_echo "$as_me: WARNING: $squid_filedescriptors_num is not an multiple of 64. This may cause issues on certain platforms." >&2;} fi -else - { $as_echo "$as_me:${as_lineno-$LINENO}: forcing use of $squid_filedescriptors_num filedescriptors (user-forced)" >&5 -$as_echo "$as_me: forcing use of $squid_filedescriptors_num filedescriptors (user-forced)" >&6;} +if test "x$squid_filedescriptors_num" != "x"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: Default number of fieldescriptors: $squid_filedescriptors_num" >&5 +$as_echo "$as_me: Default number of fieldescriptors: $squid_filedescriptors_num" >&6;} fi if test "$squid_filedescriptors_num" -lt 512 ; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $squid_filedescriptors_num may not be enough filedescriptors if your" >&5 @@ -32557,6 +32587,14 @@ as_fn_error $? "conditional \"USE_AIO_WIN32\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${HAVE_FS_UFS_TRUE}" && test -z "${HAVE_FS_UFS_FALSE}"; then + as_fn_error $? "conditional \"HAVE_FS_UFS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_FS_ROCK_TRUE}" && test -z "${HAVE_FS_ROCK_FALSE}"; then + as_fn_error $? "conditional \"HAVE_FS_ROCK\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${ENABLE_PINGER_TRUE}" && test -z "${ENABLE_PINGER_FALSE}"; then as_fn_error $? "conditional \"ENABLE_PINGER\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -33095,7 +33133,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 3.4.0.2, which was +This file was extended by Squid Web Proxy $as_me 3.4.0.3, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -33161,7 +33199,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Squid Web Proxy config.status 3.4.0.2 +Squid Web Proxy config.status 3.4.0.3 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff -u -r -N squid-3.4.0.2/configure.ac squid-3.4.0.3/configure.ac --- squid-3.4.0.2/configure.ac 2013-10-04 00:33:30.000000000 +1200 +++ squid-3.4.0.3/configure.ac 2013-12-01 02:21:24.000000000 +1300 @@ -1,4 +1,4 @@ -AC_INIT([Squid Web Proxy],[3.4.0.2],[http://bugs.squid-cache.org/],[squid]) +AC_INIT([Squid Web Proxy],[3.4.0.3],[http://bugs.squid-cache.org/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) @@ -844,13 +844,16 @@ "x$squid_disk_module_candidates_Blocking" != "xyes"; then AC_MSG_ERROR([Storage module Rock requires IpcIo or Blocking DiskIO module]) fi - STORE_TESTS="$STORE_TESTS tests/testRock$EXEEXT" + squid_do_build_rock=true ;; ufs) - STORE_TESTS="$STORE_TESTS tests/testUfs$EXEEXT" + squid_do_build_ufs=true + ;; esac done - + +AM_CONDITIONAL(HAVE_FS_UFS,[test "x$squid_do_build_ufs" = "xtrue" ]) +AM_CONDITIONAL(HAVE_FS_ROCK,[test "x$squid_do_build_rock" = "xtrue" ]) dnl hack: need to define those even if not used in the build system to dnl make sure that global FS objects are linked to the squid binary. AH_TEMPLATE(HAVE_FS_UFS, "Define to 1 if ufs filesystem module is build") @@ -2572,7 +2575,6 @@ ;; esac - dnl --with-maxfd present for compatibility with Squid-2. dnl undocumented in ./configure --help to encourage using the Squid-3 directive AC_ARG_WITH(maxfd,, @@ -2580,6 +2582,7 @@ case ${withval} in [[0-9]]*) squid_filedescriptors_num=$withval + AC_MSG_NOTICE([forcing default of $squid_filedescriptors_num filedescriptors (user-forced)]) ;; *) AC_MSG_ERROR(--with-maxfd expects a numeric argument) @@ -2594,6 +2597,7 @@ case ${withval} in [[0-9]]*) squid_filedescriptors_num=$withval + AC_MSG_NOTICE([forcing default of $squid_filedescriptors_num filedescriptors (user-forced)]) ;; *) AC_MSG_ERROR(--with-filedescriptors expects a numeric argument) @@ -2602,10 +2606,9 @@ ]) SQUID_CHECK_DEFAULT_FD_SETSIZE -if test "x$squid_filedescriptors_num" = "x"; then - SQUID_CHECK_MAXFD -else - AC_MSG_NOTICE([forcing use of $squid_filedescriptors_num filedescriptors (user-forced)]) +SQUID_CHECK_MAXFD +if test "x$squid_filedescriptors_num" != "x"; then + AC_MSG_NOTICE([Default number of fieldescriptors: $squid_filedescriptors_num]) fi if test "$squid_filedescriptors_num" -lt 512 ; then AC_MSG_WARN([$squid_filedescriptors_num may not be enough filedescriptors if your]) @@ -3431,99 +3434,99 @@ dnl Clean up after OSF/1 core dump bug rm -f core -AC_CONFIG_FILES([\ - Makefile \ - compat/Makefile \ - lib/Makefile \ - lib/ntlmauth/Makefile \ - lib/libTrie/Makefile \ - lib/libTrie/test/Makefile \ - lib/profiler/Makefile \ - lib/rfcnb/Makefile \ - lib/smblib/Makefile \ - scripts/Makefile \ - src/Makefile \ - src/anyp/Makefile \ - src/base/Makefile \ - src/acl/Makefile \ - src/fs/Makefile \ - src/repl/Makefile \ - src/auth/Makefile \ - src/auth/basic/Makefile \ - src/auth/digest/Makefile \ - src/auth/negotiate/Makefile \ - src/auth/ntlm/Makefile \ - src/adaptation/Makefile \ - src/adaptation/icap/Makefile \ - src/adaptation/ecap/Makefile \ - src/comm/Makefile \ - src/esi/Makefile \ - src/eui/Makefile \ - src/format/Makefile \ - src/http/Makefile \ - src/icmp/Makefile \ - src/ident/Makefile \ - src/ip/Makefile \ - src/log/Makefile \ - src/ipc/Makefile \ - src/ssl/Makefile \ - src/mgr/Makefile \ - src/snmp/Makefile \ - contrib/Makefile \ - snmplib/Makefile \ - icons/Makefile \ - errors/Makefile \ - test-suite/Makefile \ - doc/Makefile \ - doc/manuals/Makefile \ - helpers/Makefile \ - helpers/basic_auth/Makefile \ - helpers/basic_auth/DB/Makefile \ - helpers/basic_auth/fake/Makefile \ - helpers/basic_auth/getpwnam/Makefile \ - helpers/basic_auth/LDAP/Makefile \ - helpers/basic_auth/MSNT/Makefile \ - helpers/basic_auth/MSNT-multi-domain/Makefile \ - helpers/basic_auth/NCSA/Makefile \ - helpers/basic_auth/NIS/Makefile \ - helpers/basic_auth/PAM/Makefile \ - helpers/basic_auth/POP3/Makefile \ - helpers/basic_auth/RADIUS/Makefile \ - helpers/basic_auth/SASL/Makefile \ - helpers/basic_auth/SMB/Makefile \ - helpers/basic_auth/SSPI/Makefile \ - helpers/digest_auth/Makefile \ - helpers/digest_auth/eDirectory/Makefile \ - helpers/digest_auth/file/Makefile \ - helpers/digest_auth/LDAP/Makefile \ - helpers/ntlm_auth/Makefile \ - helpers/ntlm_auth/fake/Makefile \ - helpers/ntlm_auth/smb_lm/Makefile \ - helpers/ntlm_auth/SSPI/Makefile \ - helpers/negotiate_auth/Makefile \ - helpers/negotiate_auth/kerberos/Makefile \ - helpers/negotiate_auth/SSPI/Makefile \ - helpers/negotiate_auth/wrapper/Makefile \ - helpers/external_acl/Makefile \ - helpers/external_acl/AD_group/Makefile \ - helpers/external_acl/eDirectory_userip/Makefile \ - helpers/external_acl/file_userip/Makefile \ - helpers/external_acl/kerberos_ldap_group/Makefile \ - helpers/external_acl/LDAP_group/Makefile \ - helpers/external_acl/LM_group/Makefile \ - helpers/external_acl/session/Makefile \ - helpers/external_acl/SQL_session/Makefile \ - helpers/external_acl/unix_group/Makefile \ - helpers/external_acl/wbinfo_group/Makefile \ - helpers/external_acl/time_quota/Makefile \ - helpers/log_daemon/Makefile \ - helpers/log_daemon/DB/Makefile \ - helpers/log_daemon/file/Makefile \ - helpers/url_rewrite/Makefile \ - helpers/url_rewrite/fake/Makefile \ - helpers/ssl/Makefile \ - helpers/storeid_rewrite/Makefile \ - helpers/storeid_rewrite/file/Makefile \ +AC_CONFIG_FILES([ + Makefile + compat/Makefile + lib/Makefile + lib/ntlmauth/Makefile + lib/libTrie/Makefile + lib/libTrie/test/Makefile + lib/profiler/Makefile + lib/rfcnb/Makefile + lib/smblib/Makefile + scripts/Makefile + src/Makefile + src/anyp/Makefile + src/base/Makefile + src/acl/Makefile + src/fs/Makefile + src/repl/Makefile + src/auth/Makefile + src/auth/basic/Makefile + src/auth/digest/Makefile + src/auth/negotiate/Makefile + src/auth/ntlm/Makefile + src/adaptation/Makefile + src/adaptation/icap/Makefile + src/adaptation/ecap/Makefile + src/comm/Makefile + src/esi/Makefile + src/eui/Makefile + src/format/Makefile + src/http/Makefile + src/icmp/Makefile + src/ident/Makefile + src/ip/Makefile + src/log/Makefile + src/ipc/Makefile + src/ssl/Makefile + src/mgr/Makefile + src/snmp/Makefile + contrib/Makefile + snmplib/Makefile + icons/Makefile + errors/Makefile + test-suite/Makefile + doc/Makefile + doc/manuals/Makefile + helpers/Makefile + helpers/basic_auth/Makefile + helpers/basic_auth/DB/Makefile + helpers/basic_auth/fake/Makefile + helpers/basic_auth/getpwnam/Makefile + helpers/basic_auth/LDAP/Makefile + helpers/basic_auth/MSNT/Makefile + helpers/basic_auth/MSNT-multi-domain/Makefile + helpers/basic_auth/NCSA/Makefile + helpers/basic_auth/NIS/Makefile + helpers/basic_auth/PAM/Makefile + helpers/basic_auth/POP3/Makefile + helpers/basic_auth/RADIUS/Makefile + helpers/basic_auth/SASL/Makefile + helpers/basic_auth/SMB/Makefile + helpers/basic_auth/SSPI/Makefile + helpers/digest_auth/Makefile + helpers/digest_auth/eDirectory/Makefile + helpers/digest_auth/file/Makefile + helpers/digest_auth/LDAP/Makefile + helpers/ntlm_auth/Makefile + helpers/ntlm_auth/fake/Makefile + helpers/ntlm_auth/smb_lm/Makefile + helpers/ntlm_auth/SSPI/Makefile + helpers/negotiate_auth/Makefile + helpers/negotiate_auth/kerberos/Makefile + helpers/negotiate_auth/SSPI/Makefile + helpers/negotiate_auth/wrapper/Makefile + helpers/external_acl/Makefile + helpers/external_acl/AD_group/Makefile + helpers/external_acl/eDirectory_userip/Makefile + helpers/external_acl/file_userip/Makefile + helpers/external_acl/kerberos_ldap_group/Makefile + helpers/external_acl/LDAP_group/Makefile + helpers/external_acl/LM_group/Makefile + helpers/external_acl/session/Makefile + helpers/external_acl/SQL_session/Makefile + helpers/external_acl/unix_group/Makefile + helpers/external_acl/wbinfo_group/Makefile + helpers/external_acl/time_quota/Makefile + helpers/log_daemon/Makefile + helpers/log_daemon/DB/Makefile + helpers/log_daemon/file/Makefile + helpers/url_rewrite/Makefile + helpers/url_rewrite/fake/Makefile + helpers/ssl/Makefile + helpers/storeid_rewrite/Makefile + helpers/storeid_rewrite/file/Makefile tools/Makefile tools/purge/Makefile ]) diff -u -r -N squid-3.4.0.2/helpers/basic_auth/DB/basic_db_auth.8 squid-3.4.0.3/helpers/basic_auth/DB/basic_db_auth.8 --- squid-3.4.0.2/helpers/basic_auth/DB/basic_db_auth.8 2013-10-04 00:49:48.000000000 +1200 +++ squid-3.4.0.3/helpers/basic_auth/DB/basic_db_auth.8 2013-12-01 02:37:27.000000000 +1300 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_DB_AUTH 1" -.TH BASIC_DB_AUTH 1 "2013-10-03" "perl v5.10.1" "User Contributed Perl Documentation" +.TH BASIC_DB_AUTH 1 "2013-11-30" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.4.0.2/helpers/basic_auth/NIS/nis_support.cc squid-3.4.0.3/helpers/basic_auth/NIS/nis_support.cc --- squid-3.4.0.2/helpers/basic_auth/NIS/nis_support.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/helpers/basic_auth/NIS/nis_support.cc 2013-12-01 02:20:43.000000000 +1300 @@ -2,12 +2,25 @@ * Written By Rabellino Sergio (rabellino@di.unito.it) For Solaris 2.x */ #include "squid.h" + +#if HAVE_STDLIB_H #include +#endif +#if HAVE_STDIO_H #include +#endif +#if HAVE_STRING_H #include +#endif +#if HAVE_SYSLOG_H #include +#endif +#if HAVE_SYS_TYPES_H #include +#endif +#if HAVE_RPC_RPC_H #include +#endif #if _SQUID_FREEBSD_ && !defined(BOOL_DEFINED) // BUG: FreeBSD rpcsvc/yp_* headers try to redefine bool unless we match their non-standard hack. @@ -15,7 +28,10 @@ #endif #include + +#if HAVE_RPCSVC_YP_PROT_H #include +#endif #include "nis_support.h" diff -u -r -N squid-3.4.0.2/helpers/basic_auth/NIS/required.m4 squid-3.4.0.3/helpers/basic_auth/NIS/required.m4 --- squid-3.4.0.2/helpers/basic_auth/NIS/required.m4 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/helpers/basic_auth/NIS/required.m4 2013-12-01 02:20:43.000000000 +1300 @@ -1 +1,5 @@ -AC_CHECK_HEADERS([rpcsvc/yp_prot.h],[BUILD_HELPER="NIS"]) +AC_CHECK_HEADERS([sys/types.h rpc/rpc.h rpcsvc/yp_prot.h],[BUILD_HELPER="NIS"],,AC_INCLUDES_DEFAULT([ +#if HAVE_RPC_RPC_H +#include +#endif +])) diff -u -r -N squid-3.4.0.2/helpers/external_acl/kerberos_ldap_group/support_ldap.cc squid-3.4.0.3/helpers/external_acl/kerberos_ldap_group/support_ldap.cc --- squid-3.4.0.2/helpers/external_acl/kerberos_ldap_group/support_ldap.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/helpers/external_acl/kerberos_ldap_group/support_ldap.cc 2013-12-01 02:20:43.000000000 +1300 @@ -640,11 +640,11 @@ memset(url, 0, sizeof(*url)); #ifdef HAVE_LDAP_URL_LUD_SCHEME if (ssl) - url->lud_scheme = (char *) "ldaps"; + url->lud_scheme = xstrdup("ldaps"); else - url->lud_scheme = (char *) "ldap"; + url->lud_scheme = xstrdup("ldap"); #endif - url->lud_host = host; + url->lud_host = xstrdup(host); url->lud_port = port; #ifdef HAVE_LDAP_SCOPE_DEFAULT url->lud_scope = LDAP_SCOPE_DEFAULT; @@ -707,9 +707,9 @@ url = (LDAPURLDesc *) xmalloc(sizeof(*url)); memset(url, 0, sizeof(*url)); #ifdef HAVE_LDAP_URL_LUD_SCHEME - url->lud_scheme = (char *) "ldaps"; + url->lud_scheme = xstrdup("ldaps"); #endif - url->lud_host = host; + url->lud_host = xstrdup(host); url->lud_port = port; #ifdef HAVE_LDAP_SCOPE_DEFAULT url->lud_scope = LDAP_SCOPE_DEFAULT; diff -u -r -N squid-3.4.0.2/helpers/external_acl/SQL_session/ext_sql_session_acl.8 squid-3.4.0.3/helpers/external_acl/SQL_session/ext_sql_session_acl.8 --- squid-3.4.0.2/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2013-10-04 00:49:50.000000000 +1200 +++ squid-3.4.0.3/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2013-12-01 02:37:29.000000000 +1300 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EXT_SQL_SESSION_ACL 1" -.TH EXT_SQL_SESSION_ACL 1 "2013-10-03" "perl v5.10.1" "User Contributed Perl Documentation" +.TH EXT_SQL_SESSION_ACL 1 "2013-11-30" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.4.0.2/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 squid-3.4.0.3/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 --- squid-3.4.0.2/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2013-10-04 00:49:50.000000000 +1200 +++ squid-3.4.0.3/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2013-12-01 02:37:29.000000000 +1300 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EXT_WBINFO_GROUP_ACL.PL.IN 1" -.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-10-03" "perl v5.10.1" "User Contributed Perl Documentation" +.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-11-30" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.4.0.2/helpers/log_daemon/DB/log_db_daemon.8 squid-3.4.0.3/helpers/log_daemon/DB/log_db_daemon.8 --- squid-3.4.0.2/helpers/log_daemon/DB/log_db_daemon.8 2013-10-04 00:49:51.000000000 +1200 +++ squid-3.4.0.3/helpers/log_daemon/DB/log_db_daemon.8 2013-12-01 02:37:30.000000000 +1300 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "LOG_DB_DAEMON 1" -.TH LOG_DB_DAEMON 1 "2013-10-03" "perl v5.10.1" "User Contributed Perl Documentation" +.TH LOG_DB_DAEMON 1 "2013-11-30" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.4.0.2/helpers/ntlm_auth/fake/ntlm_fake_auth.cc squid-3.4.0.3/helpers/ntlm_auth/fake/ntlm_fake_auth.cc --- squid-3.4.0.2/helpers/ntlm_auth/fake/ntlm_fake_auth.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/helpers/ntlm_auth/fake/ntlm_fake_auth.cc 2013-12-01 02:20:43.000000000 +1300 @@ -224,7 +224,6 @@ } else if (ntlm_validate_packet(packet, NTLM_AUTHENTICATE) == NTLM_ERR_NONE) { if (ntlm_unpack_auth((ntlm_authenticate *)packet, user, domain, decodedLen) == NTLM_ERR_NONE) { lc(user); - lc(domain); if (strip_domain_enabled) { SEND2("AF %s", user); } else { @@ -232,7 +231,6 @@ } } else { lc(user); - lc(domain); SEND4("NA invalid credentials, user=%s%s%s", domain, (*domain?"\\":""), user); } } else { diff -u -r -N squid-3.4.0.2/helpers/storeid_rewrite/file/storeid_file_rewrite.8 squid-3.4.0.3/helpers/storeid_rewrite/file/storeid_file_rewrite.8 --- squid-3.4.0.2/helpers/storeid_rewrite/file/storeid_file_rewrite.8 2013-10-04 00:49:52.000000000 +1200 +++ squid-3.4.0.3/helpers/storeid_rewrite/file/storeid_file_rewrite.8 2013-12-01 02:37:30.000000000 +1300 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "STOREID_FILE_REWRITE 1" -.TH STOREID_FILE_REWRITE 1 "2013-10-03" "perl v5.10.1" "User Contributed Perl Documentation" +.TH STOREID_FILE_REWRITE 1 "2013-11-30" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.4.0.2/include/autoconf.h.in squid-3.4.0.3/include/autoconf.h.in --- squid-3.4.0.2/include/autoconf.h.in 2013-10-04 00:33:05.000000000 +1200 +++ squid-3.4.0.3/include/autoconf.h.in 2013-12-01 02:20:59.000000000 +1300 @@ -780,6 +780,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_RPCSVC_YP_PROT_H +/* Define to 1 if you have the header file. */ +#undef HAVE_RPC_RPC_H + /* Define to 1 if Mac Darwin without sasl.h */ #undef HAVE_SASL_DARWIN diff -u -r -N squid-3.4.0.2/include/version.h squid-3.4.0.3/include/version.h --- squid-3.4.0.2/include/version.h 2013-10-04 00:33:30.000000000 +1200 +++ squid-3.4.0.3/include/version.h 2013-12-01 02:21:24.000000000 +1300 @@ -7,7 +7,7 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1380803565 +#define SQUID_RELEASE_TIME 1385817641 #endif #ifndef APP_SHORTNAME diff -u -r -N squid-3.4.0.2/lib/encrypt.c squid-3.4.0.3/lib/encrypt.c --- squid-3.4.0.2/lib/encrypt.c 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/lib/encrypt.c 2013-12-01 02:20:43.000000000 +1300 @@ -148,7 +148,7 @@ int n; { for (; n--; pc++, a++) - *a = e[*pc]; + *a = e[(int)*pc]; } static void @@ -164,7 +164,7 @@ for (i = 0; i < 8; i++) { for (j = 0, sbval = 0; j < 6; j++) - sbval = (sbval << 1) | (nachr_r[*e++] ^ *schl++); + sbval = (sbval << 1) | (nachr_r[(int)*e++] ^ *schl++); sbval = S_BOX[i][sbval]; for (tp += 4, j = 4; j--; sbval >>= 1) *--tp = sbval & 1; @@ -173,7 +173,7 @@ e = PERM; for (i = 0; i < BS2; i++) - *nachr_l++ ^= tmp[*e++]; + *nachr_l++ ^= tmp[(int)*e++]; } void diff -u -r -N squid-3.4.0.2/lib/ntlmauth/ntlmauth.cc squid-3.4.0.3/lib/ntlmauth/ntlmauth.cc --- squid-3.4.0.2/lib/ntlmauth/ntlmauth.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/lib/ntlmauth/ntlmauth.cc 2013-12-01 02:20:43.000000000 +1300 @@ -99,8 +99,6 @@ return NTLM_ERR_NONE; } -#define lstring_zero(s) s.str=NULL; s.l=-1; - /** * Fetches a string from the authentication packet. * The lstring data-part may point to inside the packet itself or a temporary static buffer. @@ -119,7 +117,8 @@ lstring rv; char *d; - lstring_zero(rv); + rv.str = NULL; + rv.l = -1; l = le16toh(str->len); o = le32toh(str->offset); @@ -130,6 +129,7 @@ return rv; } rv.str = (char *)packet + o; + rv.l = 0; if ((flags & NTLM_NEGOTIATE_ASCII) == 0) { /* UNICODE string */ unsigned short *s = (unsigned short *)rv.str; diff -u -r -N squid-3.4.0.2/RELEASENOTES.html squid-3.4.0.3/RELEASENOTES.html --- squid-3.4.0.2/RELEASENOTES.html 2013-10-04 00:49:57.000000000 +1200 +++ squid-3.4.0.3/RELEASENOTES.html 2013-12-01 02:37:35.000000000 +1300 @@ -2,10 +2,10 @@ - Squid 3.4.0.2 release notes + Squid 3.4.0.3 release notes -

Squid 3.4.0.2 release notes

+

Squid 3.4.0.3 release notes

Squid Developers

@@ -57,7 +57,7 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-3.4.0.2 for testing.

+

The Squid Team are pleased to announce the release of Squid-3.4.0.3 for testing.

This new release is available for download from http://www.squid-cache.org/Versions/v3/3.4/ or the mirrors.

@@ -72,13 +72,13 @@

Although this release is deemed good enough for use in many setups, please note the existence of open bugs against Squid-3.4.

-

1.2 Changes since earlier releases of Squid-3.4

The 3.4 change history can be viewed here.

+

2. Major new features since Squid-3.3

Squid 3.4 represents a new feature release above 3.3.

@@ -113,7 +113,7 @@

Arbitrary key-value pairs can be returned from any helper. Allowing future helpers to be forward- and backward- compatible -with this and future version of Squid.

+with this and future versions of Squid.

2.2 SSL Server Certificate Validator @@ -180,7 +180,7 @@ affects which refresh_pattern directive will be matched.

Store-ID helpers bundled with Squid can be built with the --enable-storeid-rewrite-helpers -options which is added in this version. Currently there is a file helper +option which is added in this version. Currently there is a file helper provided.

@@ -247,7 +247,7 @@ accordance with RFC 6762.

The dns_multicast_local directive must be set to on to enable this -feature.

+feature.

The multicast DNS group IP addresses for IPv4 and IPv6 resolving are added to the set of available DNS resolvers and used automatically for domain names ending in .local @@ -257,6 +257,10 @@

Statistics for multicast DNS resolution can be found on the idns cache manager report.

+

NOTE that the external DNS helper interface is now deprecated and has been +removed from future Squid versions. Any installations still using it for local hostname +resolution need to upgrade to mDNS resolution with this Squid version.

+

3. Changes to squid.conf since Squid-3.3

@@ -329,7 +333,7 @@

-
storeurl_rewrite_program
+
store_id_rewrite_program

A helper program to provide cache storage internal key ID value for a request.

Ported equivalent to storeurl_rewrite_program from 2.7

@@ -554,9 +558,6 @@
external_refresh_check

Not yet ported from 2.7

-
ignore_ims_on_miss
-

Not yet ported from 2.7

-
location_rewrite_access

Not yet ported from 2.6

diff -u -r -N squid-3.4.0.2/SPONSORS squid-3.4.0.3/SPONSORS --- squid-3.4.0.2/SPONSORS 2013-10-04 00:33:30.000000000 +1200 +++ squid-3.4.0.3/SPONSORS 2013-12-01 02:21:24.000000000 +1300 @@ -13,6 +13,12 @@ Messagenet donated hardware and bandwidth for the wiki server and most continuous integration testing. +RackSpace - http://www.rackspace.com/ + + RackSpace donated a number of virtual machines from their cloud + infrastructure to support and extend the continuous integration + testing infrastructure. + The Measurement Factory - http://www.measurement-factory.com/ Measurement Factory has constributed significant resources diff -u -r -N squid-3.4.0.2/src/acl/Gadgets.cc squid-3.4.0.3/src/acl/Gadgets.cc --- squid-3.4.0.2/src/acl/Gadgets.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/acl/Gadgets.cc 2013-12-01 02:20:43.000000000 +1300 @@ -54,6 +54,11 @@ err_type aclGetDenyInfoPage(AclDenyInfoList ** head, const char *name, int redirect_allowed) { + if (!name) { + debugs(28, 3, "ERR_NONE due to a NULL name"); + return ERR_NONE; + } + AclDenyInfoList *A = NULL; debugs(28, 8, HERE << "got called for " << name); @@ -83,10 +88,12 @@ int aclIsProxyAuth(const char *name) { - debugs(28, 5, "aclIsProxyAuth: called for " << name); - - if (NULL == name) + if (!name) { + debugs(28, 3, "false due to a NULL name"); return false; + } + + debugs(28, 5, "aclIsProxyAuth: called for " << name); ACL *a; diff -u -r -N squid-3.4.0.2/src/adaptation/icap/OptXact.cc squid-3.4.0.3/src/adaptation/icap/OptXact.cc --- squid-3.4.0.2/src/adaptation/icap/OptXact.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/adaptation/icap/OptXact.cc 2013-12-01 02:20:43.000000000 +1300 @@ -51,6 +51,10 @@ buf.Printf("OPTIONS " SQUIDSTRINGPH " ICAP/1.0\r\n", SQUIDSTRINGPRINT(uri)); const String host = s.cfg().host; buf.Printf("Host: " SQUIDSTRINGPH ":%d\r\n", SQUIDSTRINGPRINT(host), s.cfg().port); + + if (!TheConfig.reuse_connections) + buf.Printf("Connection: close\r\n"); + if (TheConfig.allow206_enable) buf.Printf("Allow: 206\r\n"); buf.append(ICAP::crlf, 2); diff -u -r -N squid-3.4.0.2/src/auth/basic/UserRequest.cc squid-3.4.0.3/src/auth/basic/UserRequest.cc --- squid-3.4.0.2/src/auth/basic/UserRequest.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/auth/basic/UserRequest.cc 2013-12-01 02:20:43.000000000 +1300 @@ -142,6 +142,10 @@ assert(r->auth_user_request != NULL); assert(r->auth_user_request->user()->auth_type == Auth::AUTH_BASIC); + // add new helper kv-pair notes to the credentials object + // so that any transaction using those credentials can access them + r->auth_user_request->user()->notes.appendNewOnly(&reply.notes); + /* this is okay since we only play with the Auth::Basic::User child fields below * and dont pass the pointer itself anywhere */ Auth::Basic::User *basic_auth = dynamic_cast(r->auth_user_request->user().getRaw()); diff -u -r -N squid-3.4.0.2/src/auth/digest/auth_digest.cc squid-3.4.0.3/src/auth/digest/auth_digest.cc --- squid-3.4.0.2/src/auth/digest/auth_digest.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/auth/digest/auth_digest.cc 2013-12-01 02:20:43.000000000 +1300 @@ -856,37 +856,43 @@ switch (t) { case DIGEST_USERNAME: safe_free(username); - username = xstrndup(value.rawBuf(), value.size() + 1); + if (value.size() != 0) + username = xstrndup(value.rawBuf(), value.size() + 1); debugs(29, 9, HERE << "Found Username '" << username << "'"); break; case DIGEST_REALM: safe_free(digest_request->realm); - digest_request->realm = xstrndup(value.rawBuf(), value.size() + 1); + if (value.size() != 0) + digest_request->realm = xstrndup(value.rawBuf(), value.size() + 1); debugs(29, 9, HERE << "Found realm '" << digest_request->realm << "'"); break; case DIGEST_QOP: safe_free(digest_request->qop); - digest_request->qop = xstrndup(value.rawBuf(), value.size() + 1); + if (value.size() != 0) + digest_request->qop = xstrndup(value.rawBuf(), value.size() + 1); debugs(29, 9, HERE << "Found qop '" << digest_request->qop << "'"); break; case DIGEST_ALGORITHM: safe_free(digest_request->algorithm); - digest_request->algorithm = xstrndup(value.rawBuf(), value.size() + 1); + if (value.size() != 0) + digest_request->algorithm = xstrndup(value.rawBuf(), value.size() + 1); debugs(29, 9, HERE << "Found algorithm '" << digest_request->algorithm << "'"); break; case DIGEST_URI: safe_free(digest_request->uri); - digest_request->uri = xstrndup(value.rawBuf(), value.size() + 1); + if (value.size() != 0) + digest_request->uri = xstrndup(value.rawBuf(), value.size() + 1); debugs(29, 9, HERE << "Found uri '" << digest_request->uri << "'"); break; case DIGEST_NONCE: safe_free(digest_request->nonceb64); - digest_request->nonceb64 = xstrndup(value.rawBuf(), value.size() + 1); + if (value.size() != 0) + digest_request->nonceb64 = xstrndup(value.rawBuf(), value.size() + 1); debugs(29, 9, HERE << "Found nonce '" << digest_request->nonceb64 << "'"); break; @@ -900,13 +906,15 @@ case DIGEST_CNONCE: safe_free(digest_request->cnonce); - digest_request->cnonce = xstrndup(value.rawBuf(), value.size() + 1); + if (value.size() != 0) + digest_request->cnonce = xstrndup(value.rawBuf(), value.size() + 1); debugs(29, 9, HERE << "Found cnonce '" << digest_request->cnonce << "'"); break; case DIGEST_RESPONSE: safe_free(digest_request->response); - digest_request->response = xstrndup(value.rawBuf(), value.size() + 1); + if (value.size() != 0) + digest_request->response = xstrndup(value.rawBuf(), value.size() + 1); debugs(29, 9, HERE << "Found response '" << digest_request->response << "'"); break; diff -u -r -N squid-3.4.0.2/src/auth/digest/UserRequest.cc squid-3.4.0.3/src/auth/digest/UserRequest.cc --- squid-3.4.0.2/src/auth/digest/UserRequest.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/auth/digest/UserRequest.cc 2013-12-01 02:20:43.000000000 +1300 @@ -149,14 +149,14 @@ digest_request->setDenyMessage("Incorrect password"); return; } + } - /* check for stale nonce */ - if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) { - debugs(29, 3, HERE << "user '" << auth_user->username() << "' validated OK but nonce stale"); - auth_user->credentials(Auth::Failed); - digest_request->setDenyMessage("Stale nonce"); - return; - } + /* check for stale nonce */ + if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) { + debugs(29, 3, "user '" << auth_user->username() << "' validated OK but nonce stale"); + auth_user->credentials(Auth::Failed); + digest_request->setDenyMessage("Stale nonce"); + return; } auth_user->credentials(Auth::Ok); @@ -282,6 +282,10 @@ assert(replyData->auth_user_request != NULL); Auth::UserRequest::Pointer auth_user_request = replyData->auth_user_request; + // add new helper kv-pair notes to the credentials object + // so that any transaction using those credentials can access them + auth_user_request->user()->notes.appendNewOnly(&reply.notes); + static bool oldHelperWarningDone = false; switch (reply.result) { case HelperReply::Unknown: { diff -u -r -N squid-3.4.0.2/src/auth/negotiate/UserRequest.cc squid-3.4.0.3/src/auth/negotiate/UserRequest.cc --- squid-3.4.0.2/src/auth/negotiate/UserRequest.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/auth/negotiate/UserRequest.cc 2013-12-01 02:20:43.000000000 +1300 @@ -226,6 +226,10 @@ Auth::UserRequest::Pointer auth_user_request = r->auth_user_request; assert(auth_user_request != NULL); + // add new helper kv-pair notes to the credentials object + // so that any transaction using those credentials can access them + auth_user_request->user()->notes.appendNewOnly(&reply.notes); + Auth::Negotiate::UserRequest *lm_request = dynamic_cast(auth_user_request.getRaw()); assert(lm_request != NULL); assert(lm_request->waiting); diff -u -r -N squid-3.4.0.2/src/auth/ntlm/UserRequest.cc squid-3.4.0.3/src/auth/ntlm/UserRequest.cc --- squid-3.4.0.2/src/auth/ntlm/UserRequest.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/auth/ntlm/UserRequest.cc 2013-12-01 02:20:43.000000000 +1300 @@ -220,6 +220,10 @@ Auth::UserRequest::Pointer auth_user_request = r->auth_user_request; assert(auth_user_request != NULL); + // add new helper kv-pair notes to the credentials object + // so that any transaction using those credentials can access them + auth_user_request->user()->notes.appendNewOnly(&reply.notes); + Auth::Ntlm::UserRequest *lm_request = dynamic_cast(auth_user_request.getRaw()); assert(lm_request != NULL); assert(lm_request->waiting); diff -u -r -N squid-3.4.0.2/src/auth/User.cc squid-3.4.0.3/src/auth/User.cc --- squid-3.4.0.2/src/auth/User.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/auth/User.cc 2013-12-01 02:20:43.000000000 +1300 @@ -58,6 +58,7 @@ config(aConfig), ipcount(0), expiretime(0), + notes(), credentials_state(Auth::Unchecked), username_(NULL) { @@ -99,6 +100,9 @@ debugs(29, 5, HERE << "auth_user '" << from << "' into auth_user '" << this << "'."); + // combine the helper response annotations. Ensuring no duplicates are copied. + notes.appendNewOnly(&from->notes); + /* absorb the list of IP address sources (for max_user_ip controls) */ AuthUserIP *new_ipdata; while (from->ip_list.head != NULL) { diff -u -r -N squid-3.4.0.2/src/auth/User.h squid-3.4.0.3/src/auth/User.h --- squid-3.4.0.2/src/auth/User.h 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/auth/User.h 2013-12-01 02:20:43.000000000 +1300 @@ -39,6 +39,7 @@ #include "base/RefCount.h" #include "dlink.h" #include "ip/Address.h" +#include "Notes.h" class AuthUserHashPointer; class StoreEntry; @@ -75,6 +76,9 @@ size_t ipcount; long expiretime; + /// list of key=value pairs the helper produced + NotePairs notes; + public: static void cacheInit(); static void CachedACLsReset(); diff -u -r -N squid-3.4.0.2/src/auth/UserRequest.cc squid-3.4.0.3/src/auth/UserRequest.cc --- squid-3.4.0.2/src/auth/UserRequest.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/auth/UserRequest.cc 2013-12-01 02:20:43.000000000 +1300 @@ -248,14 +248,27 @@ static Auth::UserRequest::Pointer authTryGetUser(Auth::UserRequest::Pointer auth_user_request, ConnStateData * conn, HttpRequest * request) { + Auth::UserRequest::Pointer res; + if (auth_user_request != NULL) - return auth_user_request; + res = auth_user_request; else if (request != NULL && request->auth_user_request != NULL) - return request->auth_user_request; + res = request->auth_user_request; else if (conn != NULL) - return conn->getAuth(); - else - return NULL; + res = conn->getAuth(); + + // attach the credential notes from helper to the transaction + if (request != NULL && res != NULL && res->user() != NULL) { + // XXX: we have no access to the transaction / AccessLogEntry so cant SyncNotes(). + // workaround by using anything already set in HttpRequest + // OR use new and rely on a later Sync copying these to AccessLogEntry + if (!request->notes) + request->notes = new NotePairs; + + request->notes->appendNewOnly(&res->user()->notes); + } + + return res; } /* returns one of diff -u -r -N squid-3.4.0.2/src/cache_cf.cc squid-3.4.0.3/src/cache_cf.cc --- squid-3.4.0.2/src/cache_cf.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/cache_cf.cc 2013-12-01 02:20:43.000000000 +1300 @@ -1008,6 +1008,14 @@ if (!strcmp(name, "log_icap")) self_destruct(); + + if (!strcmp(name, "ignore_ims_on_miss")) { + // the replacement directive cache_revalidate_on_miss has opposite meanings for ON/OFF value + // than the 2.7 directive. We need to parse and invert the configured value. + int temp = 0; + parse_onoff(&temp); + Config.onoff.cache_miss_revalidate = !temp; + } } /* Parse a time specification from the config file. Store the diff -u -r -N squid-3.4.0.2/src/cbdata.h squid-3.4.0.3/src/cbdata.h --- squid-3.4.0.2/src/cbdata.h 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/cbdata.h 2013-12-01 02:20:43.000000000 +1300 @@ -285,7 +285,8 @@ public: \ void *operator new(size_t size) { \ assert(size == sizeof(type)); \ - (CBDATA_##type ? CBDATA_UNKNOWN : (CBDATA_##type = cbdataInternalAddType(CBDATA_##type, #type, sizeof(type), NULL))); \ + if (!CBDATA_##type) \ + CBDATA_##type = cbdataInternalAddType(CBDATA_##type, #type, sizeof(type), NULL); \ return cbdataInternalAllocDbg(CBDATA_##type,__FILE__,__LINE__); \ } \ void operator delete (void *address) { \ @@ -332,7 +333,7 @@ /** * \ingroup CBDATAAPI * - * This needs to be defined LAST in teh class definition. It plays with private/public states in C++. + * This needs to be defined LAST in the class definition. It plays with private/public states in C++. */ #define CBDATA_CLASS2(type) \ private: \ @@ -340,7 +341,8 @@ public: \ void *operator new(size_t size) { \ assert(size == sizeof(type)); \ - (CBDATA_##type ? CBDATA_UNKNOWN : (CBDATA_##type = cbdataInternalAddType(CBDATA_##type, #type, sizeof(type), NULL))); \ + if (!CBDATA_##type) \ + CBDATA_##type = cbdataInternalAddType(CBDATA_##type, #type, sizeof(type), NULL); \ return (type *)cbdataInternalAlloc(CBDATA_##type); \ } \ void operator delete (void *address) { \ @@ -410,11 +412,12 @@ * Initializes the cbdatatype. Must be called prior to the first use of cbdataAlloc() for the type. * \par - * Alternative to CBDATA_INIT_TYPE_FREECB() + * Alternative to CBDATA_INIT_TYPE() * \param type Type being initialized + \param free_func The freehandler called when the last known reference to an allocated entry goes away. */ -#define CBDATA_INIT_TYPE(type) (CBDATA_##type ? CBDATA_UNKNOWN : (CBDATA_##type = cbdataInternalAddType(CBDATA_##type, #type, sizeof(type), NULL))) +#define CBDATA_INIT_TYPE_FREECB(type, free_func) do { if (!CBDATA_##type) CBDATA_##type = cbdataInternalAddType(CBDATA_##type, #type, sizeof(type), free_func); } while (false) /** \ingroup CBDATAAPI @@ -422,12 +425,11 @@ * Initializes the cbdatatype. Must be called prior to the first use of cbdataAlloc() for the type. * \par - * Alternative to CBDATA_INIT_TYPE() + * Alternative to CBDATA_INIT_TYPE_FREECB() * \param type Type being initialized - \param free_func The freehandler called when the last known reference to an allocated entry goes away. */ -#define CBDATA_INIT_TYPE_FREECB(type, free_func) (CBDATA_##type ? CBDATA_UNKNOWN : (CBDATA_##type = cbdataInternalAddType(CBDATA_##type, #type, sizeof(type), free_func))) +#define CBDATA_INIT_TYPE(type) CBDATA_INIT_TYPE_FREECB(type, NULL) /** \ingroup CBDATA diff -u -r -N squid-3.4.0.2/src/cf.data.pre squid-3.4.0.3/src/cf.data.pre --- squid-3.4.0.2/src/cf.data.pre 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/cf.data.pre 2013-12-01 02:20:43.000000000 +1300 @@ -149,26 +149,25 @@ This option is not yet supported by Squid-3. DOC_END -NAME: ignore_ims_on_miss +NAME: location_rewrite_program location_rewrite_access location_rewrite_children location_rewrite_concurrency TYPE: obsolete DOC_START This option is not yet supported by Squid-3. DOC_END -NAME: location_rewrite_program location_rewrite_access location_rewrite_children location_rewrite_concurrency +NAME: refresh_stale_hit TYPE: obsolete DOC_START This option is not yet supported by Squid-3. DOC_END -NAME: refresh_stale_hit +# Options Removed in 3.3 +NAME: ignore_ims_on_miss TYPE: obsolete DOC_START - This option is not yet supported by Squid-3. + Remove this line. The HTTP/1.1 feature is now fully supported by default. DOC_END -# no Options Removed in 3.3 - # Options Removed in 3.2 NAME: ignore_expect_100 TYPE: obsolete @@ -4555,12 +4554,17 @@ The new URL is fetched directly by Squid and returned to the client as the response to its request. + OK + When neither of url= and rewrite-url= are sent Squid does + not change the URL. + ERR Do not change the URL. BH An internal error occurred in the helper, preventing - a result being identified. + a result being identified. The 'message=' key name is + reserved for delivering a log message. In the future, the interface protocol will be extended with @@ -7308,6 +7312,25 @@ acts on cacheable requests. DOC_END +NAME: cache_miss_revalidate +COMMENT: on|off +TYPE: onoff +DEFAULT: on +LOC: Config.onoff.cache_miss_revalidate +DOC_START + Whether Squid on cache MISS will pass client revalidation requests + to the server or tries to fetch new content for caching. + This is useful while the cache is mostly empty to more quickly + have the cache populated. + + When set to 'on' (default), Squid will pass all client If-* headers + to the server. + + When set to 'off' and if the request is cacheable, Squid will + remove the clients If-Modified-Since and If-None-Match headers from + the request sent to the server. +DOC_END + NAME: always_direct TYPE: acl_access LOC: Config.accessList.AlwaysDirect diff -u -r -N squid-3.4.0.2/src/client_side.cc squid-3.4.0.3/src/client_side.cc --- squid-3.4.0.2/src/client_side.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/client_side.cc 2013-12-01 02:20:43.000000000 +1300 @@ -670,8 +670,7 @@ /*Add notes*/ // The al->notes and request->notes must point to the same object. - // Enable the following assertion to check for possible bugs. - // assert(request->notes == al->notes); + (void)SyncNotes(*al, *request); typedef Notes::iterator ACAMLI; for (ACAMLI i = Config.notes.begin(); i != Config.notes.end(); ++i) { if (const char *value = (*i)->match(request, al->reply)) { diff -u -r -N squid-3.4.0.2/src/event.cc squid-3.4.0.3/src/event.cc --- squid-3.4.0.2/src/event.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/event.cc 2013-12-01 02:20:43.000000000 +1300 @@ -39,6 +39,10 @@ #include "profiler/Profiler.h" #include "tools.h" +#if HAVE_MATH_H +#include +#endif + /* The list of event processes */ static OBJH eventDump; @@ -219,39 +223,37 @@ debug_trap("eventDelete: event not found"); } +// The event API does not guarantee exact timing, but guarantees that no event +// is fired before it is due. We may delay firing, but never fire too early. int -EventScheduler::checkDelay() +EventScheduler::timeRemaining() const { if (!tasks) return EVENT_IDLE; - int result = (int) ((tasks->when - current_dtime) * 1000); - - if (result < 0) - return 0; + if (tasks->when <= current_dtime) // we are on time or late + return 0; // fire the event ASAP - return result; + const double diff = tasks->when - current_dtime; // microseconds + // Round UP: If we come back a nanosecond earlier, we will wait again! + const int timeLeft = static_cast(ceil(1000*diff)); // milliseconds + // Avoid hot idle: A series of rapid select() calls with zero timeout. + const int minDelay = 1; // millisecond + return max(minDelay, timeLeft); } int EventScheduler::checkEvents(int timeout) { - - ev_entry *event = NULL; - - if (NULL == tasks) - return checkDelay(); - - if (tasks->when > current_dtime) - return checkDelay(); + int result = timeRemaining(); + if (result != 0) + return result; PROF_start(eventRun); - debugs(41, 5, HERE << "checkEvents"); - - while ((event = tasks)) { - if (event->when > current_dtime) - break; + do { + ev_entry *event = tasks; + assert(event); /* XXX assumes event->name is static memory! */ AsyncCall::Pointer call = asyncCall(41,5, event->name, @@ -265,14 +267,16 @@ tasks = event->next; delete event; + result = timeRemaining(); + // XXX: We may be called again during the same event loop iteration. // Is there a point in breaking now? if (heavy) break; // do not dequeue events following a heavy event - } + } while (result == 0); PROF_stop(eventRun); - return checkDelay(); + return result; } void diff -u -r -N squid-3.4.0.2/src/event.h squid-3.4.0.3/src/event.h --- squid-3.4.0.2/src/event.h 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/event.h 2013-12-01 02:20:43.000000000 +1300 @@ -80,8 +80,8 @@ void cancel(EVH * func, void * arg); /* clean up the used memory in the scheduler */ void clean(); - /* how long until the next event ? */ - int checkDelay(); + /* either EVENT_IDLE or milliseconds remaining until the next event */ + int timeRemaining() const; /* cache manager output for the event queue */ void dump(StoreEntry *); /* find a scheduled event */ diff -u -r -N squid-3.4.0.2/src/external_acl.cc squid-3.4.0.3/src/external_acl.cc --- squid-3.4.0.2/src/external_acl.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/external_acl.cc 2013-12-01 02:20:43.000000000 +1300 @@ -1376,6 +1376,8 @@ // XXX: make entryData store a proper HelperReply object instead of copying. + entryData.notes.append(&reply.notes); + const char *label = reply.notes.findFirst("tag"); if (label != NULL && *label != '\0') entryData.tag = label; @@ -1599,6 +1601,18 @@ { ACLFilledChecklist *checklist = Filled(static_cast(data)); checklist->extacl_entry = cbdataReference((external_acl_entry *)result); + + // attach the helper kv-pair to the transaction + if (HttpRequest * req = checklist->request) { + // XXX: we have no access to the transaction / AccessLogEntry so cant SyncNotes(). + // workaround by using anything already set in HttpRequest + // OR use new and rely on a later Sync copying these to AccessLogEntry + if (!req->notes) + req->notes = new NotePairs; + + req->notes->appendNewOnly(&checklist->extacl_entry->notes); + } + checklist->resumeNonBlockingCheck(ExternalACLLookup::Instance()); } diff -u -r -N squid-3.4.0.2/src/ExternalACLEntry.cc squid-3.4.0.3/src/ExternalACLEntry.cc --- squid-3.4.0.2/src/ExternalACLEntry.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/ExternalACLEntry.cc 2013-12-01 02:20:43.000000000 +1300 @@ -49,7 +49,8 @@ CBDATA_CLASS_INIT(ExternalACLEntry); -ExternalACLEntry::ExternalACLEntry() +ExternalACLEntry::ExternalACLEntry() : + notes() { lru.next = lru.prev = NULL; result = ACCESS_DENIED; @@ -67,6 +68,11 @@ { date = squid_curtime; result = someData.result; + + // replace all notes. not combine + notes.entries.clean(); + notes.append(&someData.notes); + #if USE_AUTH user = someData.user; password = someData.password; diff -u -r -N squid-3.4.0.2/src/ExternalACLEntry.h squid-3.4.0.3/src/ExternalACLEntry.h --- squid-3.4.0.2/src/ExternalACLEntry.h 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/ExternalACLEntry.h 2013-12-01 02:20:43.000000000 +1300 @@ -45,6 +45,7 @@ #include "acl/Acl.h" #include "cbdata.h" #include "hash.h" +#include "Notes.h" #include "SquidString.h" class external_acl; @@ -62,6 +63,10 @@ ExternalACLEntryData() : result(ACCESS_DUNNO) {} allow_t result; + + /// list of all kv-pairs returned by the helper + NotePairs notes; + #if USE_AUTH // TODO use an AuthUser to hold this info String user; @@ -88,6 +93,10 @@ dlink_node lru; allow_t result; time_t date; + + /// list of all kv-pairs returned by the helper + NotePairs notes; + #if USE_AUTH String user; String password; diff -u -r -N squid-3.4.0.2/src/http.cc squid-3.4.0.3/src/http.cc --- squid-3.4.0.2/src/http.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/http.cc 2013-12-01 02:20:43.000000000 +1300 @@ -913,9 +913,6 @@ Ctx ctx = ctx_enter(entry->mem_obj->url); HttpReply *rep = finalReply(); - if (rep->sline.status() == Http::scPartialContent && rep->content_range) - currentOffset = rep->content_range->spec.offset; - entry->timestampsSet(); /* Check if object is cacheable or not based on reply code */ @@ -1966,12 +1963,30 @@ case HDR_IF_MODIFIED_SINCE: /** \par If-Modified-Since: - * append unless we added our own; - * \note at most one client's ims header can pass through */ - - if (!hdr_out->has(HDR_IF_MODIFIED_SINCE)) + * append unless we added our own, + * but only if cache_miss_revalidate is enabled, or + * the request is not cacheable, or + * the request contains authentication credentials. + * \note at most one client's If-Modified-Since header can pass through + */ + // XXX: need to check and cleanup the auth case so cacheable auth requests get cached. + if (hdr_out->has(HDR_IF_MODIFIED_SINCE)) + break; + else if (Config.onoff.cache_miss_revalidate || !request->flags.cachable || request->flags.auth) hdr_out->addEntry(e->clone()); + break; + case HDR_IF_NONE_MATCH: + /** \par If-None-Match: + * append if the wildcard '*' special case value is present, or + * cache_miss_revalidate is disabled, or + * the request is not cacheable in this proxy, or + * the request contains authentication credentials. + * \note this header lists a set of responses for the server to elide sending. Squid added values are extending that set. + */ + // XXX: need to check and cleanup the auth case so cacheable auth requests get cached. + if (hdr_out->hasListMember(HDR_IF_MATCH, "*", ',') || Config.onoff.cache_miss_revalidate || !request->flags.cachable || request->flags.auth) + hdr_out->addEntry(e->clone()); break; case HDR_MAX_FORWARDS: diff -u -r -N squid-3.4.0.2/src/HttpHeader.cc squid-3.4.0.3/src/HttpHeader.cc --- squid-3.4.0.2/src/HttpHeader.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/HttpHeader.cc 2013-12-01 02:20:43.000000000 +1300 @@ -549,6 +549,7 @@ { const char *field_ptr = header_start; HttpHeaderEntry *e, *e2; + bool warnOnError = (Config.onoff.relaxed_header_parser <= 0 ? DBG_IMPORTANT : 2); PROF_start(HttpHeaderParse); @@ -590,7 +591,7 @@ cr_only = false; } if (cr_only) { - debugs(55, DBG_IMPORTANT, "WARNING: Rejecting HTTP request with a CR+ " + debugs(55, DBG_IMPORTANT, "SECURITY WARNING: Rejecting HTTP request with a CR+ " "header field to prevent request smuggling attacks: {" << getStringPrefix(header_start, header_end) << "}"); goto reset; @@ -600,7 +601,7 @@ /* Barf on stray CR characters */ if (memchr(this_line, '\r', field_end - this_line)) { - debugs(55, DBG_IMPORTANT, "WARNING: suspicious CR characters in HTTP header {" << + debugs(55, warnOnError, "WARNING: suspicious CR characters in HTTP header {" << getStringPrefix(field_start, field_end) << "}"); if (Config.onoff.relaxed_header_parser) { @@ -615,7 +616,7 @@ } if (this_line + 1 == field_end && this_line > field_start) { - debugs(55, DBG_IMPORTANT, "WARNING: Blank continuation line in HTTP header {" << + debugs(55, warnOnError, "WARNING: Blank continuation line in HTTP header {" << getStringPrefix(header_start, header_end) << "}"); goto reset; } @@ -623,7 +624,7 @@ if (field_start == field_end) { if (field_ptr < header_end) { - debugs(55, DBG_IMPORTANT, "WARNING: unparseable HTTP header field near {" << + debugs(55, warnOnError, "WARNING: unparseable HTTP header field near {" << getStringPrefix(field_start, header_end) << "}"); goto reset; } @@ -632,23 +633,21 @@ } if ((e = HttpHeaderEntry::parse(field_start, field_end)) == NULL) { - debugs(55, DBG_IMPORTANT, "WARNING: unparseable HTTP header field {" << + debugs(55, warnOnError, "WARNING: unparseable HTTP header field {" << getStringPrefix(field_start, field_end) << "}"); - debugs(55, Config.onoff.relaxed_header_parser <= 0 ? 1 : 2, - " in {" << getStringPrefix(header_start, header_end) << "}"); + debugs(55, warnOnError, " in {" << getStringPrefix(header_start, header_end) << "}"); if (Config.onoff.relaxed_header_parser) continue; - else - goto reset; + + goto reset; } if (e->id == HDR_CONTENT_LENGTH && (e2 = findEntry(e->id)) != NULL) { -// if (e->value.cmp(e2->value.termedBuf()) != 0) { if (e->value != e2->value) { int64_t l1, l2; - debugs(55, Config.onoff.relaxed_header_parser <= 0 ? 1 : 2, - "WARNING: found two conflicting content-length headers in {" << getStringPrefix(header_start, header_end) << "}"); + debugs(55, warnOnError, "WARNING: found two conflicting content-length headers in {" << + getStringPrefix(header_start, header_end) << "}"); if (!Config.onoff.relaxed_header_parser) { delete e; @@ -669,22 +668,18 @@ continue; } } else { - debugs(55, Config.onoff.relaxed_header_parser <= 0 ? 1 : 2, - "NOTICE: found double content-length header"); + debugs(55, warnOnError, "NOTICE: found double content-length header"); + delete e; - if (Config.onoff.relaxed_header_parser) { - delete e; + if (Config.onoff.relaxed_header_parser) continue; - } else { - delete e; - goto reset; - } + + goto reset; } } if (e->id == HDR_OTHER && stringHasWhitespace(e->name.termedBuf())) { - debugs(55, Config.onoff.relaxed_header_parser <= 0 ? 1 : 2, - "WARNING: found whitespace in HTTP header name {" << + debugs(55, warnOnError, "WARNING: found whitespace in HTTP header name {" << getStringPrefix(field_start, field_end) << "}"); if (!Config.onoff.relaxed_header_parser) { diff -u -r -N squid-3.4.0.2/src/ip/Qos.cci squid-3.4.0.3/src/ip/Qos.cci --- squid-3.4.0.2/src/ip/Qos.cci 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/ip/Qos.cci 2013-12-01 02:20:43.000000000 +1300 @@ -5,22 +5,40 @@ int Ip::Qos::setSockTos(const Comm::ConnectionPointer &conn, tos_t tos) { -#if defined(IP_TOS) // Bug 3731: FreeBSD produces 'invalid option' // unless we pass it a 32-bit variable storing 8-bits of data. // NP: it is documented as 'int' for all systems, even those like Linux which accept 8-bit char // so we convert to a int before setting. int bTos = tos; - int x = setsockopt(conn->fd, IPPROTO_IP, IP_TOS, &bTos, sizeof(bTos)); - if (x < 0) - debugs(50, 2, "Ip::Qos::setSockTos: setsockopt(IP_TOS) on " << conn << ": " << xstrerror()); - else - conn->tos = tos; - return x; + + if (conn->remote.isIPv4()) { +#if defined(IP_TOS) + int x = setsockopt(conn->fd, IPPROTO_IP, IP_TOS, &bTos, sizeof(bTos)); + if (x < 0) + debugs(50, 2, "Ip::Qos::setSockTos: setsockopt(IP_TOS) on " << conn << ": " << xstrerror()); + else + conn->tos = tos; + return x; #else - debugs(50, DBG_IMPORTANT, "WARNING: setsockopt(IP_TOS) not supported on this platform"); - return -1; + debugs(50, DBG_IMPORTANT, "WARNING: setsockopt(IP_TOS) not supported on this platform"); + return -1; #endif + + } else { // if (conn->remote.isIPv6()) { +#if defined(IPV6_TCLASS) + int x = setsockopt(conn->fd, IPPROTO_IPV6, IPV6_TCLASS, &bTos, sizeof(bTos)); + if (x < 0) + debugs(50, 2, "Ip::Qos::setSockTos: setsockopt(IPV6_TCLASS) on " << conn << ": " << xstrerror()); + else + conn->tos = tos; + return x; +#else + debugs(50, DBG_IMPORTANT, "WARNING: setsockopt(IPV6_TCLASS) not supported on this platform"); + return -1; +#endif + } + + /* CANNOT REACH HERE */ } int diff -u -r -N squid-3.4.0.2/src/ipc/Kid.cc squid-3.4.0.3/src/ipc/Kid.cc --- squid-3.4.0.2/src/ipc/Kid.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/ipc/Kid.cc 2013-12-01 02:20:43.000000000 +1300 @@ -7,6 +7,10 @@ #include "globals.h" #include "ipc/Kid.h" +#if HAVE_TIME_H +#include +#endif + #if HAVE_SYS_WAIT_H #include #endif diff -u -r -N squid-3.4.0.2/src/ipc/TypedMsgHdr.cc squid-3.4.0.3/src/ipc/TypedMsgHdr.cc --- squid-3.4.0.2/src/ipc/TypedMsgHdr.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/ipc/TypedMsgHdr.cc 2013-12-01 02:20:43.000000000 +1300 @@ -167,10 +167,20 @@ } } +bool +Ipc::TypedMsgHdr::hasFd() const +{ + struct cmsghdr *cmsg = CMSG_FIRSTHDR(this); + return cmsg && + cmsg->cmsg_level == SOL_SOCKET && + cmsg->cmsg_type == SCM_RIGHTS; +} + void Ipc::TypedMsgHdr::putFd(int fd) { Must(fd >= 0); + Must(!hasFd()); allocControl(); const int fdCount = 1; @@ -183,12 +193,15 @@ int *fdStore = reinterpret_cast(CMSG_DATA(cmsg)); memcpy(fdStore, &fd, fdCount * sizeof(int)); msg_controllen = cmsg->cmsg_len; + + Must(hasFd()); } int Ipc::TypedMsgHdr::getFd() const { Must(msg_control && msg_controllen); + Must(hasFd()); struct cmsghdr *cmsg = CMSG_FIRSTHDR(this); Must(cmsg->cmsg_level == SOL_SOCKET); diff -u -r -N squid-3.4.0.2/src/ipc/TypedMsgHdr.h squid-3.4.0.3/src/ipc/TypedMsgHdr.h --- squid-3.4.0.2/src/ipc/TypedMsgHdr.h 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/ipc/TypedMsgHdr.h 2013-12-01 02:20:43.000000000 +1300 @@ -59,7 +59,8 @@ /* access to a "file" descriptor that can be passed between processes */ void putFd(int aFd); ///< stores descriptor - int getFd() const; ///< returns descriptor + int getFd() const; ///< returns stored descriptor + bool hasFd() const; ///< whether the message has a descriptor stored /* raw, type-independent access for I/O */ void prepForReading(); ///< reset and provide all buffers diff -u -r -N squid-3.4.0.2/src/ipc/UdsOp.cc squid-3.4.0.3/src/ipc/UdsOp.cc --- squid-3.4.0.2/src/ipc/UdsOp.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/ipc/UdsOp.cc 2013-12-01 02:20:43.000000000 +1300 @@ -81,11 +81,21 @@ message(aMessage), retries(10), // TODO: make configurable? timeout(10), // TODO: make configurable? + sleeping(false), writing(false) { message.address(address); } +void Ipc::UdsSender::swanSong() +{ + // did we abort while waiting between retries? + if (sleeping) + cancelSleep(); + + UdsOp::swanSong(); +} + void Ipc::UdsSender::start() { UdsOp::start(); @@ -96,7 +106,7 @@ bool Ipc::UdsSender::doneAll() const { - return !writing && UdsOp::doneAll(); + return !writing && !sleeping && UdsOp::doneAll(); } void Ipc::UdsSender::write() @@ -114,8 +124,53 @@ debugs(54, 5, HERE << params.conn << " flag " << params.flag << " retries " << retries << " [" << this << ']'); writing = false; if (params.flag != COMM_OK && retries-- > 0) { - sleep(1); // do not spend all tries at once; XXX: use an async timed event instead of blocking here; store the time when we started writing so that we do not sleep if not needed? - write(); // XXX: should we close on error so that conn() reopens? + // perhaps a fresh connection and more time will help? + conn()->close(); + sleep(); + } +} + +/// pause for a while before resending the message +void Ipc::UdsSender::sleep() +{ + Must(!sleeping); + sleeping = true; + eventAdd("Ipc::UdsSender::DelayedRetry", + Ipc::UdsSender::DelayedRetry, + new Pointer(this), 1, 0, false); // TODO: Use Fibonacci increments +} + +/// stop sleeping (or do nothing if we were not) +void Ipc::UdsSender::cancelSleep() +{ + if (sleeping) { + // Why not delete the event? See Comm::ConnOpener::cancelSleep(). + sleeping = false; + debugs(54, 9, "stops sleeping"); + } +} + +/// legacy wrapper for Ipc::UdsSender::delayedRetry() +void Ipc::UdsSender::DelayedRetry(void *data) +{ + Pointer *ptr = static_cast(data); + assert(ptr); + if (UdsSender *us = dynamic_cast(ptr->valid())) { + // get back inside AsyncJob protection by scheduling an async job call + typedef NullaryMemFunT Dialer; + AsyncCall::Pointer call = JobCallback(54, 4, Dialer, us, Ipc::UdsSender::delayedRetry); + ScheduleCallHere(call); + } + delete ptr; +} + +/// make another sending attempt after a pause +void Ipc::UdsSender::delayedRetry() +{ + debugs(54, 5, HERE << sleeping); + if (sleeping) { + sleeping = false; + write(); // reopens the connection if needed } } diff -u -r -N squid-3.4.0.2/src/ipc/UdsOp.h squid-3.4.0.3/src/ipc/UdsOp.h --- squid-3.4.0.2/src/ipc/UdsOp.h 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/ipc/UdsOp.h 2013-12-01 02:20:43.000000000 +1300 @@ -65,11 +65,17 @@ UdsSender(const String& pathAddr, const TypedMsgHdr& aMessage); protected: + virtual void swanSong(); // UdsOp (AsyncJob) API virtual void start(); // UdsOp (AsyncJob) API virtual bool doneAll() const; // UdsOp (AsyncJob) API virtual void timedout(); // UdsOp API private: + void sleep(); + void cancelSleep(); + static void DelayedRetry(void *data); + void delayedRetry(); + void write(); ///< schedule writing void wrote(const CommIoCbParams& params); ///< done writing or error @@ -77,6 +83,7 @@ TypedMsgHdr message; ///< what to send int retries; ///< how many times to try after a write error int timeout; ///< total time to send the message + bool sleeping; ///< whether we are waiting to retry a failed write bool writing; ///< whether Comm started and did not finish writing private: diff -u -r -N squid-3.4.0.2/src/Makefile.am squid-3.4.0.3/src/Makefile.am --- squid-3.4.0.2/src/Makefile.am 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/Makefile.am 2013-12-01 02:20:43.000000000 +1300 @@ -1093,8 +1093,14 @@ tests/testURL \ tests/testConfigParser \ tests/testStatHist \ - tests/testVector \ - $(STORE_TESTS) + tests/testVector + +if HAVE_FS_ROCK +check_PROGRAMS += tests/testRock +endif +if HAVE_FS_UFS +check_PROGRAMS += tests/testUfs +endif ## NP: required to run the above list. check_PROGRAMS only builds the binaries... TESTS += $(check_PROGRAMS) @@ -1255,6 +1261,8 @@ int.cc \ MasterXaction.cc \ MasterXaction.h \ + Notes.cc \ + Notes.h \ SquidList.h \ SquidList.cc \ mem_node.cc \ @@ -3340,8 +3348,8 @@ cache_cf.h \ YesNoNone.h \ tests/stub_cache_cf.cc \ - tests/stub_cache_manager.cc \ client_db.h \ + tests/stub_cache_manager.cc \ tests/stub_client_db.cc \ tests/stub_client_side_request.cc \ tests/stub_debug.cc \ @@ -3355,6 +3363,7 @@ tests/stub_libeui.cc \ tests/stub_libformat.cc \ tests/stub_libicmp.cc \ + tests/stub_libmgr.cc \ tests/stub_MemStore.cc \ mime.h \ tests/stub_mime.cc \ @@ -3396,7 +3405,6 @@ acl/libapi.la \ acl/libstate.la \ ipc/libipc.la \ - mgr/libmgr.la \ base/libbase.la \ $(SSL_LIBS) \ $(top_builddir)/lib/libmisccontainers.la \ diff -u -r -N squid-3.4.0.2/src/Makefile.in squid-3.4.0.3/src/Makefile.in --- squid-3.4.0.2/src/Makefile.in 2013-10-04 00:33:19.000000000 +1200 +++ squid-3.4.0.3/src/Makefile.in 2013-12-01 02:21:13.000000000 +1300 @@ -56,7 +56,7 @@ tests/testStore$(EXEEXT) tests/testString$(EXEEXT) \ tests/testURL$(EXEEXT) tests/testConfigParser$(EXEEXT) \ tests/testStatHist$(EXEEXT) tests/testVector$(EXEEXT) \ - $(STORE_TESTS) testRefCount$(EXEEXT) + $(am__EXEEXT_2) $(am__EXEEXT_3) testRefCount$(EXEEXT) @USE_LOADABLE_MODULES_TRUE@am__append_1 = $(INCLTDL) @ENABLE_AUTH_TRUE@am__append_2 = auth @ENABLE_AUTH_TRUE@am__append_3 = tests/testACLMaxUserIP @@ -71,10 +71,12 @@ noinst_PROGRAMS = cf_gen$(EXEEXT) sbin_PROGRAMS = squid$(EXEEXT) bin_PROGRAMS = -libexec_PROGRAMS = $(am__EXEEXT_2) $(DISK_PROGRAMS) $(am__EXEEXT_3) +libexec_PROGRAMS = $(am__EXEEXT_4) $(DISK_PROGRAMS) $(am__EXEEXT_5) @USE_LOADABLE_MODULES_TRUE@am__append_8 = $(LOADABLE_MODULES_SOURCES) @USE_LOADABLE_MODULES_TRUE@am__append_9 = -L$(top_builddir) $(LIBLTDL) @USE_LOADABLE_MODULES_TRUE@am__append_10 = $(INCLTDL) +@HAVE_FS_ROCK_TRUE@am__append_11 = tests/testRock +@HAVE_FS_UFS_TRUE@am__append_12 = tests/testUfs subdir = src ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/acinclude/init.m4 \ @@ -214,8 +216,10 @@ "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)" \ "$(DESTDIR)$(datadir)" "$(DESTDIR)$(sysconfdir)" @ENABLE_AUTH_TRUE@am__EXEEXT_1 = tests/testACLMaxUserIP$(EXEEXT) -@ENABLE_DNSHELPER_TRUE@am__EXEEXT_2 = dnsserver$(EXEEXT) -@ENABLE_UNLINKD_TRUE@am__EXEEXT_3 = unlinkd$(EXEEXT) +@HAVE_FS_ROCK_TRUE@am__EXEEXT_2 = tests/testRock$(EXEEXT) +@HAVE_FS_UFS_TRUE@am__EXEEXT_3 = tests/testUfs$(EXEEXT) +@ENABLE_DNSHELPER_TRUE@am__EXEEXT_4 = dnsserver$(EXEEXT) +@ENABLE_UNLINKD_TRUE@am__EXEEXT_5 = unlinkd$(EXEEXT) PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) $(noinst_PROGRAMS) \ $(sbin_PROGRAMS) am_DiskIO_DiskDaemon_diskd_OBJECTS = \ @@ -461,9 +465,9 @@ HttpHdrRange.$(OBJEXT) HttpHdrCc.$(OBJEXT) HttpHdrSc.$(OBJEXT) \ HttpHdrScTarget.$(OBJEXT) HttpMsg.$(OBJEXT) \ HttpRequestMethod.$(OBJEXT) int.$(OBJEXT) \ - MasterXaction.$(OBJEXT) SquidList.$(OBJEXT) mem_node.$(OBJEXT) \ - Packer.$(OBJEXT) Parsing.$(OBJEXT) SquidMath.$(OBJEXT) \ - StatCounters.$(OBJEXT) StrList.$(OBJEXT) \ + MasterXaction.$(OBJEXT) Notes.$(OBJEXT) SquidList.$(OBJEXT) \ + mem_node.$(OBJEXT) Packer.$(OBJEXT) Parsing.$(OBJEXT) \ + SquidMath.$(OBJEXT) StatCounters.$(OBJEXT) StrList.$(OBJEXT) \ tests/stub_StatHist.$(OBJEXT) stmem.$(OBJEXT) String.$(OBJEXT) \ store_dir.$(OBJEXT) StoreIOState.$(OBJEXT) StoreMeta.$(OBJEXT) \ StoreMetaMD5.$(OBJEXT) StoreMetaSTD.$(OBJEXT) \ @@ -1284,15 +1288,15 @@ tests/testMain.cc tests/testRock.h tests/testStoreSupport.cc \ tests/testStoreSupport.h log/access_log.h \ tests/stub_access_log.cc cache_cf.h YesNoNone.h \ - tests/stub_cache_cf.cc tests/stub_cache_manager.cc client_db.h \ + tests/stub_cache_cf.cc client_db.h tests/stub_cache_manager.cc \ tests/stub_client_db.cc tests/stub_client_side_request.cc \ tests/stub_debug.cc tests/stub_errorpage.cc \ tests/stub_HelperChildConfig.cc tests/stub_http.cc \ tests/stub_HttpRequest.cc tests/stub_icp.cc tests/stub_ipc.cc \ tests/stub_ipcache.cc tests/stub_libeui.cc \ tests/stub_libformat.cc tests/stub_libicmp.cc \ - tests/stub_MemStore.cc mime.h tests/stub_mime.cc \ - tests/stub_Port.cc tests/stub_pconn.cc \ + tests/stub_libmgr.cc tests/stub_MemStore.cc mime.h \ + tests/stub_mime.cc tests/stub_Port.cc tests/stub_pconn.cc \ tests/stub_store_client.cc store_rebuild.h \ tests/stub_store_rebuild.cc tests/stub_store_stats.cc tools.h \ tests/stub_tools.cc time.cc url.cc URLScheme.cc wordlist.h \ @@ -1343,9 +1347,9 @@ tests/stub_icp.$(OBJEXT) tests/stub_ipc.$(OBJEXT) \ tests/stub_ipcache.$(OBJEXT) tests/stub_libeui.$(OBJEXT) \ tests/stub_libformat.$(OBJEXT) tests/stub_libicmp.$(OBJEXT) \ - tests/stub_MemStore.$(OBJEXT) tests/stub_mime.$(OBJEXT) \ - tests/stub_Port.$(OBJEXT) tests/stub_pconn.$(OBJEXT) \ - tests/stub_store_client.$(OBJEXT) \ + tests/stub_libmgr.$(OBJEXT) tests/stub_MemStore.$(OBJEXT) \ + tests/stub_mime.$(OBJEXT) tests/stub_Port.$(OBJEXT) \ + tests/stub_pconn.$(OBJEXT) tests/stub_store_client.$(OBJEXT) \ tests/stub_store_rebuild.$(OBJEXT) \ tests/stub_store_stats.$(OBJEXT) tests/stub_tools.$(OBJEXT) \ time.$(OBJEXT) url.$(OBJEXT) URLScheme.$(OBJEXT) \ @@ -3002,6 +3006,8 @@ int.cc \ MasterXaction.cc \ MasterXaction.h \ + Notes.cc \ + Notes.h \ SquidList.h \ SquidList.cc \ mem_node.cc \ @@ -5105,8 +5111,8 @@ cache_cf.h \ YesNoNone.h \ tests/stub_cache_cf.cc \ - tests/stub_cache_manager.cc \ client_db.h \ + tests/stub_cache_manager.cc \ tests/stub_client_db.cc \ tests/stub_client_side_request.cc \ tests/stub_debug.cc \ @@ -5120,6 +5126,7 @@ tests/stub_libeui.cc \ tests/stub_libformat.cc \ tests/stub_libicmp.cc \ + tests/stub_libmgr.cc \ tests/stub_MemStore.cc \ mime.h \ tests/stub_mime.cc \ @@ -5163,7 +5170,6 @@ acl/libapi.la \ acl/libstate.la \ ipc/libipc.la \ - mgr/libmgr.la \ base/libbase.la \ $(SSL_LIBS) \ $(top_builddir)/lib/libmisccontainers.la \ @@ -6214,6 +6220,8 @@ $(tests_testHttpRequest_LINK) $(tests_testHttpRequest_OBJECTS) $(tests_testHttpRequest_LDADD) $(LIBS) tests/testRock.$(OBJEXT): tests/$(am__dirstamp) \ tests/$(DEPDIR)/$(am__dirstamp) +tests/stub_libmgr.$(OBJEXT): tests/$(am__dirstamp) \ + tests/$(DEPDIR)/$(am__dirstamp) tests/testRock$(EXEEXT): $(tests_testRock_OBJECTS) $(tests_testRock_DEPENDENCIES) tests/$(am__dirstamp) @rm -f tests/testRock$(EXEEXT) $(tests_testRock_LINK) $(tests_testRock_OBJECTS) $(tests_testRock_LDADD) $(LIBS) @@ -6344,6 +6352,7 @@ -rm -f tests/stub_libeui.$(OBJEXT) -rm -f tests/stub_libformat.$(OBJEXT) -rm -f tests/stub_libicmp.$(OBJEXT) + -rm -f tests/stub_libmgr.$(OBJEXT) -rm -f tests/stub_libsslsquid.$(OBJEXT) -rm -f tests/stub_main_cc.$(OBJEXT) -rm -f tests/stub_mem.$(OBJEXT) @@ -6632,6 +6641,7 @@ @AMDEP_TRUE@@am__include@ @am__quote@tests/$(DEPDIR)/stub_libeui.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@tests/$(DEPDIR)/stub_libformat.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@tests/$(DEPDIR)/stub_libicmp.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@tests/$(DEPDIR)/stub_libmgr.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@tests/$(DEPDIR)/stub_libsslsquid.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@tests/$(DEPDIR)/stub_main_cc.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@tests/$(DEPDIR)/stub_mem.Po@am__quote@ diff -u -r -N squid-3.4.0.2/src/neighbors.cc squid-3.4.0.3/src/neighbors.cc --- squid-3.4.0.2/src/neighbors.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/neighbors.cc 2013-12-01 02:20:43.000000000 +1300 @@ -1316,6 +1316,7 @@ Comm::ConnectionPointer conn = new Comm::Connection; conn->remote = p->addresses[i]; conn->remote.port(p->http_port); + conn->setPeer(p); getOutgoingAddress(NULL, conn); ++ p->testing_now; diff -u -r -N squid-3.4.0.2/src/Notes.cc squid-3.4.0.3/src/Notes.cc --- squid-3.4.0.2/src/Notes.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/Notes.cc 2013-12-01 02:20:43.000000000 +1300 @@ -206,7 +206,7 @@ NotePairs::hasPair(const char *key, const char *value) const { for (Vector::const_iterator i = entries.begin(); i != entries.end(); ++i) { - if ((*i)->name.cmp(key) == 0 || (*i)->value.cmp(value) == 0) + if ((*i)->name.cmp(key) == 0 && (*i)->value.cmp(value) == 0) return true; } return false; @@ -220,12 +220,25 @@ } } +void +NotePairs::appendNewOnly(const NotePairs *src) +{ + for (Vector::const_iterator i = src->entries.begin(); i != src->entries.end(); ++i) { + if (!hasPair((*i)->name.termedBuf(), (*i)->value.termedBuf())) + entries.push_back(new NotePairs::Entry((*i)->name.termedBuf(), (*i)->value.termedBuf())); + } +} + NotePairs & SyncNotes(AccessLogEntry &ale, HttpRequest &request) { + // XXX: auth code only has access to HttpRequest being authenticated + // so we must handle the case where HttpRequest is set without ALE being set. + if (!ale.notes) { - assert(!request.notes); - ale.notes = request.notes = new NotePairs; + if (!request.notes) + request.notes = new NotePairs; + ale.notes = request.notes; } else { assert(ale.notes == request.notes); } diff -u -r -N squid-3.4.0.2/src/Notes.h squid-3.4.0.3/src/Notes.h --- squid-3.4.0.2/src/Notes.h 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/Notes.h 2013-12-01 02:20:43.000000000 +1300 @@ -131,6 +131,12 @@ void append(const NotePairs *src); /** + * Append any new entries of the src NotePairs list to our list. + * Entries which already exist in the destination set are ignored. + */ + void appendNewOnly(const NotePairs *src); + + /** * Returns a comma separated list of notes with key 'noteKey'. * Use findFirst instead when a unique kv-pair is needed. */ diff -u -r -N squid-3.4.0.2/src/Server.cc squid-3.4.0.3/src/Server.cc --- squid-3.4.0.2/src/Server.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/Server.cc 2013-12-01 02:20:43.000000000 +1300 @@ -39,6 +39,7 @@ #include "fd.h" #include "err_detail_type.h" #include "errorpage.h" +#include "HttpHdrContRange.h" #include "HttpReply.h" #include "HttpRequest.h" #include "Server.h" @@ -525,6 +526,11 @@ { Must(theFinalReply); maybePurgeOthers(); + + // adaptation may overwrite old offset computed using the virgin response + const bool partial = theFinalReply->content_range && + theFinalReply->sline.status() == Http::scPartialContent; + currentOffset = partial ? theFinalReply->content_range->spec.offset : 0; } HttpRequest * diff -u -r -N squid-3.4.0.2/src/snmp/Inquirer.cc squid-3.4.0.3/src/snmp/Inquirer.cc --- squid-3.4.0.2/src/snmp/Inquirer.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/snmp/Inquirer.cc 2013-12-01 02:20:43.000000000 +1300 @@ -28,6 +28,10 @@ closer = asyncCall(49, 5, "Snmp::Inquirer::noteCommClosed", CommCbMemFunT(this, &Inquirer::noteCommClosed)); comm_add_close_handler(conn->fd, closer); + + // forget client FD to avoid sending it to strands that may forget to close + if (Request *snmpRequest = dynamic_cast(request.getRaw())) + snmpRequest->fd = -1; } /// closes our copy of the client connection socket diff -u -r -N squid-3.4.0.2/src/snmp/Request.cc squid-3.4.0.3/src/snmp/Request.cc --- squid-3.4.0.2/src/snmp/Request.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/snmp/Request.cc 2013-12-01 02:20:43.000000000 +1300 @@ -33,7 +33,8 @@ session.unpack(msg); msg.getPod(address); - fd = msg.getFd(); + // Requests from strands have FDs. Requests from Coordinator do not. + fd = msg.hasFd() ? msg.getFd() : -1; } void @@ -46,7 +47,9 @@ session.pack(msg); msg.putPod(address); - msg.putFd(fd); + // Requests sent to Coordinator have FDs. Requests sent to strands do not. + if (fd >= 0) + msg.putFd(fd); } Ipc::Request::Pointer diff -u -r -N squid-3.4.0.2/src/SquidConfig.h squid-3.4.0.3/src/SquidConfig.h --- squid-3.4.0.2/src/SquidConfig.h 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/SquidConfig.h 2013-12-01 02:20:43.000000000 +1300 @@ -337,6 +337,7 @@ int check_hostnames; int allow_underscore; int via; + int cache_miss_revalidate; int emailErrData; int httpd_suppress_version_string; int global_internal_static; diff -u -r -N squid-3.4.0.2/src/ssl/ErrorDetail.cc squid-3.4.0.3/src/ssl/ErrorDetail.cc --- squid-3.4.0.2/src/ssl/ErrorDetail.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/ssl/ErrorDetail.cc 2013-12-01 02:20:43.000000000 +1300 @@ -221,6 +221,31 @@ {SSL_ERROR_NONE, NULL} }; +static const char *OptionalSslErrors[] = { + "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER", + "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION", + "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN", + "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION", + "X509_V_ERR_INVALID_NON_CA", + "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED", + "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE", + "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED", + "X509_V_ERR_INVALID_EXTENSION", + "X509_V_ERR_INVALID_POLICY_EXTENSION", + "X509_V_ERR_NO_EXPLICIT_POLICY", + "X509_V_ERR_DIFFERENT_CRL_SCOPE", + "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE", + "X509_V_ERR_UNNESTED_RESOURCE", + "X509_V_ERR_PERMITTED_VIOLATION", + "X509_V_ERR_EXCLUDED_VIOLATION", + "X509_V_ERR_SUBTREE_MINMAX", + "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE", + "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX", + "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX", + "X509_V_ERR_CRL_PATH_VALIDATION_ERROR", + NULL +}; + struct SslErrorAlias { const char *name; const Ssl::ssl_error_t *errors; @@ -331,6 +356,16 @@ return NULL; } +bool +Ssl::ErrorIsOptional(const char *name) +{ + for (int i = 0; OptionalSslErrors[i] != NULL; ++i) { + if (strcmp(name, OptionalSslErrors[i]) == 0) + return true; + } + return false; +} + const char * Ssl::GetErrorDescr(Ssl::ssl_error_t value) { diff -u -r -N squid-3.4.0.2/src/ssl/ErrorDetail.h squid-3.4.0.3/src/ssl/ErrorDetail.h --- squid-3.4.0.2/src/ssl/ErrorDetail.h 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/ssl/ErrorDetail.h 2013-12-01 02:20:43.000000000 +1300 @@ -40,6 +40,14 @@ /** \ingroup ServerProtocolSSLAPI + * Return true if the SSL error is optional and may not supported + * by current squid version + */ + +bool ErrorIsOptional(const char *name); + +/** + \ingroup ServerProtocolSSLAPI * Used to pass SSL error details to the error pages returned to the * end user. */ diff -u -r -N squid-3.4.0.2/src/ssl/ErrorDetailManager.cc squid-3.4.0.3/src/ssl/ErrorDetailManager.cc --- squid-3.4.0.2/src/ssl/ErrorDetailManager.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/ssl/ErrorDetailManager.cc 2013-12-01 02:20:43.000000000 +1300 @@ -218,32 +218,35 @@ } Ssl::ssl_error_t ssl_error = Ssl::GetErrorCode(errorName.termedBuf()); - if (ssl_error == SSL_ERROR_NONE) { - debugs(83, DBG_IMPORTANT, HERE << - "WARNING! invalid error detail name: " << errorName); - return false; - } + if (ssl_error != SSL_ERROR_NONE) { - if (theDetails->getErrorDetail(ssl_error)) { - debugs(83, DBG_IMPORTANT, HERE << - "WARNING! duplicate entry: " << errorName); - return false; - } + if (theDetails->getErrorDetail(ssl_error)) { + debugs(83, DBG_IMPORTANT, HERE << + "WARNING! duplicate entry: " << errorName); + return false; + } + + ErrorDetailEntry &entry = theDetails->theList[ssl_error]; + entry.error_no = ssl_error; + entry.name = errorName; + String tmp = parser.getByName("detail"); + httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail); + tmp = parser.getByName("descr"); + httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr); + bool parseOK = entry.descr.defined() && entry.detail.defined(); - ErrorDetailEntry &entry = theDetails->theList[ssl_error]; - entry.error_no = ssl_error; - entry.name = errorName; - String tmp = parser.getByName("detail"); - httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail); - tmp = parser.getByName("descr"); - httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr); - bool parseOK = entry.descr.defined() && entry.detail.defined(); + if (!parseOK) { + debugs(83, DBG_IMPORTANT, HERE << + "WARNING! missing important field for detail error: " << errorName); + return false; + } - if (!parseOK) { + } else if (!Ssl::ErrorIsOptional(errorName.termedBuf())) { debugs(83, DBG_IMPORTANT, HERE << - "WARNING! missing imporant field for detail error: " << errorName); + "WARNING! invalid error detail name: " << errorName); return false; } + }// else {only spaces and black lines; just ignore} buf.consume(size); diff -u -r -N squid-3.4.0.2/src/store_client.cc squid-3.4.0.3/src/store_client.cc --- squid-3.4.0.2/src/store_client.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/store_client.cc 2013-12-01 02:20:43.000000000 +1300 @@ -249,12 +249,20 @@ PROF_stop(storeClient_kickReads); copying = false; + // XXX: storeClientCopy2 calls doCopy() whose callback may free 'this'! + // We should make store copying asynchronous, to avoid worrying about + // 'this' being secretly deleted while we are still inside the object. + // For now, lock and use on-stack objects after storeClientCopy2(). + ++anEntry->lock_count; + storeClientCopy2(entry, this); #if USE_ADAPTATION - if (entry) - entry->kickProducer(); + anEntry->kickProducer(); #endif + + anEntry->unlock(); // after the "++enEntry->lock_count" above + // Add no code here. This object may no longer exist. } /* @@ -318,6 +326,9 @@ /* Warning: doCopy may indirectly free itself in callbacks, * hence the lock to keep it active for the duration of * this function + * XXX: Locking does not prevent calling sc destructor (it only prevents + * freeing sc memory) so sc may become invalid from C++ p.o.v. + * */ cbdataInternalLock(sc); assert (!sc->flags.store_copying); @@ -712,7 +723,14 @@ delete sc; + // This old assert seemed to imply that a locked entry cannot be deleted, + // but this entry may be deleted because StoreEntry::abort() unlocks it. assert(e->lock_count > 0); + // Since lock_count of 1 is not sufficient to prevent entry destruction, + // we must lock again so that we can dereference e after CheckQuickAbort(). + // Do not call expensive StoreEntry::lock() here; e "use" has been counted. + // TODO: Separate entry locking from "use" counting to make locking cheap. + ++e->lock_count; if (mem->nclients == 0) CheckQuickAbort(e); @@ -723,6 +741,7 @@ e->kickProducer(); #endif + e->unlock(); // after the "++e->lock_count" above return 1; } diff -u -r -N squid-3.4.0.2/src/tests/stub_event.cc squid-3.4.0.3/src/tests/stub_event.cc --- squid-3.4.0.2/src/tests/stub_event.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/tests/stub_event.cc 2013-12-01 02:20:43.000000000 +1300 @@ -21,8 +21,8 @@ EventScheduler::EventScheduler() STUB EventScheduler::~EventScheduler() STUB void EventScheduler::cancel(EVH * func, void * arg) STUB +int EventScheduler::timeRemaining() const STUB_RETVAL(1) void EventScheduler::clean() STUB -int EventScheduler::checkDelay() STUB_RETVAL(-1) void EventScheduler::dump(StoreEntry *) STUB bool EventScheduler::find(EVH * func, void * arg) STUB_RETVAL(false) void EventScheduler::schedule(const char *name, EVH * func, void *arg, double when, int weight, bool cbdata) STUB diff -u -r -N squid-3.4.0.2/src/tests/stub_libmgr.cc squid-3.4.0.3/src/tests/stub_libmgr.cc --- squid-3.4.0.2/src/tests/stub_libmgr.cc 2013-10-04 00:32:47.000000000 +1200 +++ squid-3.4.0.3/src/tests/stub_libmgr.cc 2013-12-01 02:20:43.000000000 +1300 @@ -27,8 +27,8 @@ static Mgr::Action::Pointer dummyAction; #include "mgr/ActionParams.h" -Mgr::ActionParams::ActionParams() STUB -Mgr::ActionParams::ActionParams(const Ipc::TypedMsgHdr &msg) STUB +Mgr::ActionParams::ActionParams() STUB_NOP +Mgr::ActionParams::ActionParams(const Ipc::TypedMsgHdr &msg) STUB_NOP void Mgr::ActionParams::pack(Ipc::TypedMsgHdr &msg) const STUB std::ostream &operator <<(std::ostream &os, const Mgr::ActionParams ¶ms) STUB_RETVAL(os) @@ -174,8 +174,8 @@ bool Mgr::QueryParams::ParseParam(const String& paramStr, Param& param) STUB_RETVAL(false) #include "mgr/Registration.h" -void Mgr::RegisterAction(char const * action, char const * desc, OBJH * handler, int pw_req_flag, int atomic); -void Mgr::RegisterAction(char const * action, char const * desc, ClassActionCreationHandler *handler, int pw_req_flag, int atomic); +//void Mgr::RegisterAction(char const * action, char const * desc, OBJH * handler, int pw_req_flag, int atomic); +//void Mgr::RegisterAction(char const * action, char const * desc, ClassActionCreationHandler *handler, int pw_req_flag, int atomic); #include "mgr/Request.h" //Mgr::Request::Request(int aRequestorId, unsigned int aRequestId, int aFd, const Mgr::ActionParams &aParams) STUB