diff -u -r -N squid-3.5.10/ChangeLog squid-3.5.11/ChangeLog
--- squid-3.5.10/ChangeLog 2015-10-01 07:52:11.000000000 -0700
+++ squid-3.5.11/ChangeLog 2015-11-01 02:44:25.000000000 -0800
@@ -1,3 +1,15 @@
+Changes to squid-3.5.11 (01 Nov 2015):
+
+ - Bug 3574: crashes on reconfigure and startup
+ - Bug 4347: compile errors with LibreSSL 2.3
+ - Bug 4281: copy-paste typos in src/tools.cc
+ - Bug 4279: No response from proxy for FTP-download of non-existing file
+ - Bug 4188: Bumping intercepted SSL connections does not work on Solaris
+ - Fix incorrect authentication headers on cache digest requests
+ - Fix connection stats, including %.
#
@@ -595,8 +595,8 @@
# Identity of this package.
PACKAGE_NAME='Squid Web Proxy'
PACKAGE_TARNAME='squid'
-PACKAGE_VERSION='3.5.10'
-PACKAGE_STRING='Squid Web Proxy 3.5.10'
+PACKAGE_VERSION='3.5.11'
+PACKAGE_STRING='Squid Web Proxy 3.5.11'
PACKAGE_BUGREPORT='http://bugs.squid-cache.org/'
PACKAGE_URL=''
@@ -1633,7 +1633,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures Squid Web Proxy 3.5.10 to adapt to many kinds of systems.
+\`configure' configures Squid Web Proxy 3.5.11 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1704,7 +1704,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of Squid Web Proxy 3.5.10:";;
+ short | recursive ) echo "Configuration of Squid Web Proxy 3.5.11:";;
esac
cat <<\_ACEOF
@@ -2111,7 +2111,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-Squid Web Proxy configure 3.5.10
+Squid Web Proxy configure 3.5.11
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -3215,7 +3215,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by Squid Web Proxy $as_me 3.5.10, which was
+It was created by Squid Web Proxy $as_me 3.5.11, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -4082,7 +4082,7 @@
# Define the identity of the package.
PACKAGE='squid'
- VERSION='3.5.10'
+ VERSION='3.5.11'
cat >>confdefs.h <<_ACEOF
@@ -41041,7 +41041,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by Squid Web Proxy $as_me 3.5.10, which was
+This file was extended by Squid Web Proxy $as_me 3.5.11, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -41107,7 +41107,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-Squid Web Proxy config.status 3.5.10
+Squid Web Proxy config.status 3.5.11
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -u -r -N squid-3.5.10/configure.ac squid-3.5.11/configure.ac
--- squid-3.5.10/configure.ac 2015-10-01 07:54:26.000000000 -0700
+++ squid-3.5.11/configure.ac 2015-11-01 02:46:19.000000000 -0800
@@ -5,7 +5,7 @@
## Please see the COPYING and CONTRIBUTORS files for details.
##
-AC_INIT([Squid Web Proxy],[3.5.10],[http://bugs.squid-cache.org/],[squid])
+AC_INIT([Squid Web Proxy],[3.5.11],[http://bugs.squid-cache.org/],[squid])
AC_PREREQ(2.61)
AC_CONFIG_HEADERS([include/autoconf.h])
AC_CONFIG_AUX_DIR(cfgaux)
diff -u -r -N squid-3.5.10/doc/release-notes/release-3.5.html squid-3.5.11/doc/release-notes/release-3.5.html
--- squid-3.5.10/doc/release-notes/release-3.5.html 2015-10-01 08:35:35.000000000 -0700
+++ squid-3.5.11/doc/release-notes/release-3.5.html 2015-11-01 03:26:35.000000000 -0800
@@ -1,11 +1,11 @@
-
- Squid 3.5.10 release notes
+
+ Squid 3.5.11 release notes
-Squid 3.5.10 release notes
+Squid 3.5.11 release notes
Squid Developers
@@ -63,7 +63,7 @@
-The Squid Team are pleased to announce the release of Squid-3.5.10.
+The Squid Team are pleased to announce the release of Squid-3.5.11.
This new release is available for download from
http://www.squid-cache.org/Versions/v3/3.5/ or the
mirrors.
diff -u -r -N squid-3.5.10/helpers/basic_auth/DB/basic_db_auth.8 squid-3.5.11/helpers/basic_auth/DB/basic_db_auth.8
--- squid-3.5.10/helpers/basic_auth/DB/basic_db_auth.8 2015-10-01 08:35:38.000000000 -0700
+++ squid-3.5.11/helpers/basic_auth/DB/basic_db_auth.8 2015-11-01 03:26:37.000000000 -0800
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BASIC_DB_AUTH 8"
-.TH BASIC_DB_AUTH 8 "2015-10-01" "perl v5.20.2" "User Contributed Perl Documentation"
+.TH BASIC_DB_AUTH 8 "2015-11-01" "perl v5.20.2" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-3.5.10/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 squid-3.5.11/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8
--- squid-3.5.10/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 2015-10-01 08:35:42.000000000 -0700
+++ squid-3.5.11/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 2015-11-01 03:26:41.000000000 -0800
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BASIC_MSNT_MULTI_DOMAIN_AUTH 1"
-.TH BASIC_MSNT_MULTI_DOMAIN_AUTH 1 "2015-10-01" "perl v5.20.2" "User Contributed Perl Documentation"
+.TH BASIC_MSNT_MULTI_DOMAIN_AUTH 1 "2015-11-01" "perl v5.20.2" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-3.5.10/helpers/basic_auth/POP3/basic_pop3_auth.8 squid-3.5.11/helpers/basic_auth/POP3/basic_pop3_auth.8
--- squid-3.5.10/helpers/basic_auth/POP3/basic_pop3_auth.8 2015-10-01 08:35:45.000000000 -0700
+++ squid-3.5.11/helpers/basic_auth/POP3/basic_pop3_auth.8 2015-11-01 03:26:44.000000000 -0800
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BASIC_POP3_AUTH 8"
-.TH BASIC_POP3_AUTH 8 "2015-10-01" "perl v5.20.2" "User Contributed Perl Documentation"
+.TH BASIC_POP3_AUTH 8 "2015-11-01" "perl v5.20.2" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-3.5.10/helpers/external_acl/delayer/ext_delayer_acl.8 squid-3.5.11/helpers/external_acl/delayer/ext_delayer_acl.8
--- squid-3.5.10/helpers/external_acl/delayer/ext_delayer_acl.8 2015-10-01 08:35:56.000000000 -0700
+++ squid-3.5.11/helpers/external_acl/delayer/ext_delayer_acl.8 2015-11-01 03:26:54.000000000 -0800
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EXT_DELAYER_ACL 8"
-.TH EXT_DELAYER_ACL 8 "2015-10-01" "perl v5.20.2" "User Contributed Perl Documentation"
+.TH EXT_DELAYER_ACL 8 "2015-11-01" "perl v5.20.2" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-3.5.10/helpers/external_acl/SQL_session/ext_sql_session_acl.8 squid-3.5.11/helpers/external_acl/SQL_session/ext_sql_session_acl.8
--- squid-3.5.10/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2015-10-01 08:36:04.000000000 -0700
+++ squid-3.5.11/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2015-11-01 03:27:01.000000000 -0800
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EXT_SQL_SESSION_ACL 8"
-.TH EXT_SQL_SESSION_ACL 8 "2015-10-01" "perl v5.20.2" "User Contributed Perl Documentation"
+.TH EXT_SQL_SESSION_ACL 8 "2015-11-01" "perl v5.20.2" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-3.5.10/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 squid-3.5.11/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8
--- squid-3.5.10/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2015-10-01 08:36:07.000000000 -0700
+++ squid-3.5.11/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2015-11-01 03:27:04.000000000 -0800
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EXT_WBINFO_GROUP_ACL 8"
-.TH EXT_WBINFO_GROUP_ACL 8 "2015-10-01" "perl v5.20.2" "User Contributed Perl Documentation"
+.TH EXT_WBINFO_GROUP_ACL 8 "2015-11-01" "perl v5.20.2" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-3.5.10/helpers/log_daemon/DB/log_db_daemon.8 squid-3.5.11/helpers/log_daemon/DB/log_db_daemon.8
--- squid-3.5.10/helpers/log_daemon/DB/log_db_daemon.8 2015-10-01 08:36:09.000000000 -0700
+++ squid-3.5.11/helpers/log_daemon/DB/log_db_daemon.8 2015-11-01 03:27:06.000000000 -0800
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "LOG_DB_DAEMON 8"
-.TH LOG_DB_DAEMON 8 "2015-10-01" "perl v5.20.2" "User Contributed Perl Documentation"
+.TH LOG_DB_DAEMON 8 "2015-11-01" "perl v5.20.2" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-3.5.10/helpers/storeid_rewrite/file/storeid_file_rewrite.8 squid-3.5.11/helpers/storeid_rewrite/file/storeid_file_rewrite.8
--- squid-3.5.10/helpers/storeid_rewrite/file/storeid_file_rewrite.8 2015-10-01 08:36:21.000000000 -0700
+++ squid-3.5.11/helpers/storeid_rewrite/file/storeid_file_rewrite.8 2015-11-01 03:27:17.000000000 -0800
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "STOREID_FILE_REWRITE 8"
-.TH STOREID_FILE_REWRITE 8 "2015-10-01" "perl v5.20.2" "User Contributed Perl Documentation"
+.TH STOREID_FILE_REWRITE 8 "2015-11-01" "perl v5.20.2" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-3.5.10/include/version.h squid-3.5.11/include/version.h
--- squid-3.5.10/include/version.h 2015-10-01 07:54:27.000000000 -0700
+++ squid-3.5.11/include/version.h 2015-11-01 02:46:19.000000000 -0800
@@ -7,7 +7,7 @@
*/
#ifndef SQUID_RELEASE_TIME
-#define SQUID_RELEASE_TIME 1443711114
+#define SQUID_RELEASE_TIME 1446374648
#endif
/*
diff -u -r -N squid-3.5.10/RELEASENOTES.html squid-3.5.11/RELEASENOTES.html
--- squid-3.5.10/RELEASENOTES.html 2015-10-01 08:35:35.000000000 -0700
+++ squid-3.5.11/RELEASENOTES.html 2015-11-01 03:26:35.000000000 -0800
@@ -1,11 +1,11 @@
-
- Squid 3.5.10 release notes
+
+ Squid 3.5.11 release notes
-Squid 3.5.10 release notes
+Squid 3.5.11 release notes
Squid Developers
@@ -63,7 +63,7 @@
-The Squid Team are pleased to announce the release of Squid-3.5.10.
+The Squid Team are pleased to announce the release of Squid-3.5.11.
This new release is available for download from
http://www.squid-cache.org/Versions/v3/3.5/ or the
mirrors.
diff -u -r -N squid-3.5.10/src/acl/Acl.cc squid-3.5.11/src/acl/Acl.cc
--- squid-3.5.10/src/acl/Acl.cc 2015-10-01 07:52:11.000000000 -0700
+++ squid-3.5.11/src/acl/Acl.cc 2015-11-01 02:44:25.000000000 -0800
@@ -227,6 +227,10 @@
}
theType = "localport";
debugs(28, DBG_IMPORTANT, "UPGRADE: ACL 'myport' type is has been renamed to 'localport' and matches the port the client connected to.");
+ } else if (strcmp(theType, "proto") == 0 && strcmp(aclname, "manager") == 0) {
+ // ACL manager is now a built-in and has a different type.
+ debugs(28, DBG_PARSE_NOTE(DBG_IMPORTANT), "UPGRADE: ACL 'manager' is now a built-in ACL. Remove it from your config file.");
+ return; // ignore the line
}
if (!Prototype::Registered(theType)) {
diff -u -r -N squid-3.5.10/src/clients/FtpClient.cc squid-3.5.11/src/clients/FtpClient.cc
--- squid-3.5.10/src/clients/FtpClient.cc 2015-10-01 07:52:11.000000000 -0700
+++ squid-3.5.11/src/clients/FtpClient.cc 2015-11-01 02:44:25.000000000 -0800
@@ -243,13 +243,23 @@
}
void
-Ftp::Client::failed(err_type error, int xerrno)
+Ftp::Client::failed(err_type error, int xerrno, ErrorState *err)
{
debugs(9, 3, "entry-null=" << (entry?entry->isEmpty():0) << ", entry=" << entry);
const char *command, *reply;
- const Http::StatusCode httpStatus = failedHttpStatus(error);
- ErrorState *const ftperr = new ErrorState(error, httpStatus, fwd->request);
+ ErrorState *ftperr;
+
+ if (err) {
+ debugs(9, 6, "error=" << err->type << ", code=" << xerrno <<
+ ", status=" << err->httpStatus);
+ error = err->type;
+ ftperr = err;
+ } else {
+ Http::StatusCode httpStatus = failedHttpStatus(error);
+ ftperr = new ErrorState(error, httpStatus, fwd->request);
+ }
+
ftperr->xerrno = xerrno;
ftperr->ftp.server_msg = ctrl.message;
@@ -274,10 +284,11 @@
if (reply)
ftperr->ftp.reply = xstrdup(reply);
- fwd->request->detailError(error, xerrno);
- fwd->fail(ftperr);
-
- closeServer(); // we failed, so no serverComplete()
+ if (!err) {
+ fwd->request->detailError(error, xerrno);
+ fwd->fail(ftperr);
+ closeServer(); // we failed, so no serverComplete()
+ }
}
Http::StatusCode
diff -u -r -N squid-3.5.10/src/clients/FtpClient.h squid-3.5.11/src/clients/FtpClient.h
--- squid-3.5.10/src/clients/FtpClient.h 2015-10-01 07:52:11.000000000 -0700
+++ squid-3.5.11/src/clients/FtpClient.h 2015-11-01 02:44:25.000000000 -0800
@@ -96,7 +96,8 @@
virtual ~Client();
/// handle a fatal transaction error, closing the control connection
- virtual void failed(err_type error = ERR_NONE, int xerrno = 0);
+ virtual void failed(err_type error = ERR_NONE, int xerrno = 0,
+ ErrorState *ftperr = NULL);
/// read timeout handler
virtual void timeout(const CommTimeoutCbParams &io);
diff -u -r -N squid-3.5.10/src/clients/FtpGateway.cc squid-3.5.11/src/clients/FtpGateway.cc
--- squid-3.5.10/src/clients/FtpGateway.cc 2015-10-01 07:52:11.000000000 -0700
+++ squid-3.5.11/src/clients/FtpGateway.cc 2015-11-01 02:44:25.000000000 -0800
@@ -1246,7 +1246,6 @@
Ftp::Gateway::loginFailed()
{
ErrorState *err = NULL;
- const char *command, *reply;
if ((state == SENT_USER || state == SENT_PASS) && ctrl.replycode >= 400) {
if (ctrl.replycode == 421 || ctrl.replycode == 426) {
@@ -1264,34 +1263,13 @@
}
}
- // any other problems are general falures.
if (!err) {
ftpFail(this);
return;
}
- err->ftp.server_msg = ctrl.message;
-
- ctrl.message = NULL;
-
- if (old_request)
- command = old_request;
- else
- command = ctrl.last_command;
-
- if (command && strncmp(command, "PASS", 4) == 0)
- command = "PASS ";
-
- if (old_reply)
- reply = old_reply;
- else
- reply = ctrl.last_reply;
-
- if (command)
- err->ftp.request = xstrdup(command);
-
- if (reply)
- err->ftp.reply = xstrdup(reply);
+ failed(ERR_NONE, ctrl.replycode, err);
+ // any other problems are general falures.
HttpReply *newrep = err->BuildHttpReply();
delete err;
@@ -2438,7 +2416,11 @@
static void
ftpFail(Ftp::Gateway *ftpState)
{
- debugs(9, 6, HERE << "flags(" <<
+ int code = ftpState->ctrl.replycode;
+ err_type error_code = ERR_NONE;
+
+ debugs(9, 6, "state " << ftpState->state <<
+ " reply code " << code << "flags(" <<
(ftpState->flags.isdir?"IS_DIR,":"") <<
(ftpState->flags.try_slash_hack?"TRY_SLASH_HACK":"") << "), " <<
"mdtm=" << ftpState->mdtm << ", size=" << ftpState->theSize <<
@@ -2464,8 +2446,15 @@
}
}
- ftpState->failed(ERR_NONE, 0);
- /* failed() closes ctrl.conn and frees this */
+ Http::StatusCode sc = ftpState->failedHttpStatus(error_code);
+ ErrorState *ftperr = new ErrorState(error_code, sc, ftpState->fwd->request);
+ ftpState->failed(error_code, code, ftperr);
+ ftperr->detailError(code);
+ HttpReply *newrep = ftperr->BuildHttpReply();
+ delete ftperr;
+
+ ftpState->entry->replaceHttpReply(newrep);
+ ftpSendQuit(ftpState);
}
Http::StatusCode
diff -u -r -N squid-3.5.10/src/comm/ModDevPoll.cc squid-3.5.11/src/comm/ModDevPoll.cc
--- squid-3.5.10/src/comm/ModDevPoll.cc 2015-10-01 07:52:11.000000000 -0700
+++ squid-3.5.11/src/comm/ModDevPoll.cc 2015-11-01 02:44:25.000000000 -0800
@@ -241,6 +241,9 @@
if ( type & COMM_SELECT_READ ) {
if ( handler != NULL ) {
+ // Hack to keep the events flowing if there is data immediately ready
+ if (F->flags.read_pending)
+ state_new |= POLLOUT;
/* we want to POLLIN */
state_new |= POLLIN;
} else {
diff -u -r -N squid-3.5.10/src/comm/TcpAcceptor.cc squid-3.5.11/src/comm/TcpAcceptor.cc
--- squid-3.5.10/src/comm/TcpAcceptor.cc 2015-10-01 07:52:11.000000000 -0700
+++ squid-3.5.11/src/comm/TcpAcceptor.cc 2015-11-01 02:44:25.000000000 -0800
@@ -181,13 +181,11 @@
// Set TOS if needed.
// To correctly implement TOS values on listening sockets, probably requires
// more work to inherit TOS values to created connection objects.
- if (conn->tos &&
- Ip::Qos::setSockTos(conn->fd, conn->tos, conn->remote.isIPv4() ? AF_INET : AF_INET6) < 0)
- conn->tos = 0;
+ if (conn->tos)
+ Ip::Qos::setSockTos(conn, conn->tos)
#if SO_MARK
- if (conn->nfmark &&
- Ip::Qos::setSockNfmark(conn->fd, conn->nfmark) < 0)
- conn->nfmark = 0;
+ if (conn->nfmark)
+ Ip::Qos::setSockNfmark(conn, conn->nfmark);
#endif
#endif
diff -u -r -N squid-3.5.10/src/FwdState.cc squid-3.5.11/src/FwdState.cc
--- squid-3.5.10/src/FwdState.cc 2015-10-01 07:52:11.000000000 -0700
+++ squid-3.5.11/src/FwdState.cc 2015-11-01 02:44:25.000000000 -0800
@@ -772,6 +772,21 @@
return (time_t)ctimeout;
}
+/// called when serverConn is set to an _open_ to-peer connection
+void
+FwdState::syncWithServerConn(const char *host)
+{
+ if (Ip::Qos::TheConfig.isAclTosActive())
+ Ip::Qos::setSockTos(serverConn, GetTosToServer(request));
+
+#if SO_MARK
+ if (Ip::Qos::TheConfig.isAclNfmarkActive())
+ Ip::Qos::setSockNfmark(serverConn, GetNfmarkToServer(request));
+#endif
+
+ request->hier.note(serverConn, host);
+}
+
/**
* Called after forwarding path selection (via peer select) has taken place
* and whenever forwarding needs to attempt a new connection (routing failover).
@@ -812,23 +827,11 @@
flags.connected_okay = true;
++n_tries;
request->flags.pinned = true;
- request->hier.note(serverConn, pinned_connection->pinning.host);
if (pinned_connection->pinnedAuth())
request->flags.auth = true;
comm_add_close_handler(serverConn->fd, fwdServerClosedWrapper, this);
- /* Update server side TOS and Netfilter mark on the connection. */
- if (Ip::Qos::TheConfig.isAclTosActive()) {
- debugs(17, 3, HERE << "setting tos for pinned connection to " << (int)serverConn->tos );
- serverConn->tos = GetTosToServer(request);
- Ip::Qos::setSockTos(serverConn, serverConn->tos);
- }
-#if SO_MARK
- if (Ip::Qos::TheConfig.isAclNfmarkActive()) {
- serverConn->nfmark = GetNfmarkToServer(request);
- Ip::Qos::setSockNfmark(serverConn, serverConn->nfmark);
- }
-#endif
+ syncWithServerConn(pinned_connection->pinning.host);
// the server may close the pinned connection before this request
pconnRace = racePossible;
@@ -867,17 +870,7 @@
comm_add_close_handler(serverConnection()->fd, fwdServerClosedWrapper, this);
- /* Update server side TOS and Netfilter mark on the connection. */
- if (Ip::Qos::TheConfig.isAclTosActive()) {
- const tos_t tos = GetTosToServer(request);
- Ip::Qos::setSockTos(temp, tos);
- }
-#if SO_MARK
- if (Ip::Qos::TheConfig.isAclNfmarkActive()) {
- const nfmark_t nfmark = GetNfmarkToServer(request);
- Ip::Qos::setSockNfmark(temp, nfmark);
- }
-#endif
+ syncWithServerConn(request->GetHost());
dispatch();
return;
diff -u -r -N squid-3.5.10/src/FwdState.h squid-3.5.11/src/FwdState.h
--- squid-3.5.10/src/FwdState.h 2015-10-01 07:52:11.000000000 -0700
+++ squid-3.5.11/src/FwdState.h 2015-11-01 02:44:25.000000000 -0800
@@ -120,6 +120,8 @@
/// stops monitoring server connection for closure and updates pconn stats
void closeServerConnection(const char *reason);
+ void syncWithServerConn(const char *host);
+
public:
StoreEntry *entry;
HttpRequest *request;
diff -u -r -N squid-3.5.10/src/ip/Qos.cci squid-3.5.11/src/ip/Qos.cci
--- squid-3.5.10/src/ip/Qos.cci 2015-10-01 07:52:11.000000000 -0700
+++ squid-3.5.11/src/ip/Qos.cci 2015-11-01 02:44:25.000000000 -0800
@@ -19,6 +19,8 @@
// so we convert to a int before setting.
int bTos = tos;
+ debugs(50, 3, "for FD " << fd << " to " << bTos);
+
if (type == AF_INET) {
#if defined(IP_TOS)
const int x = setsockopt(fd, IPPROTO_IP, IP_TOS, &bTos, sizeof(bTos));
@@ -48,9 +50,7 @@
Ip::Qos::setSockTos(const Comm::ConnectionPointer &conn, tos_t tos)
{
const int x = Ip::Qos::setSockTos(conn->fd, tos, conn->remote.isIPv4() ? AF_INET : AF_INET6);
- if (x >= 0)
- conn->tos = tos;
-
+ conn->tos = (x >= 0) ? tos : 0;
return x;
}
@@ -58,6 +58,7 @@
Ip::Qos::setSockNfmark(const int fd, nfmark_t mark)
{
#if SO_MARK && USE_LIBCAP
+ debugs(50, 3, "for FD " << fd << " to " << mark);
const int x = setsockopt(fd, SOL_SOCKET, SO_MARK, &mark, sizeof(nfmark_t));
if (x < 0)
debugs(50, 2, "setSockNfmark: setsockopt(SO_MARK) on " << fd << ": " << xstrerror());
@@ -75,8 +76,7 @@
Ip::Qos::setSockNfmark(const Comm::ConnectionPointer &conn, nfmark_t mark)
{
const int x = Ip::Qos::setSockNfmark(conn->fd, mark);
- if (x >= 0)
- conn->nfmark = mark;
+ conn->nfmark = (x >= 0) ? mark : 0;
return x;
}
diff -u -r -N squid-3.5.10/src/main.cc squid-3.5.11/src/main.cc
--- squid-3.5.10/src/main.cc 2015-10-01 07:52:11.000000000 -0700
+++ squid-3.5.11/src/main.cc 2015-11-01 02:44:25.000000000 -0800
@@ -224,8 +224,10 @@
PROF_start(SignalEngine_checkEvents);
if (do_reconfigure) {
- mainReconfigureStart();
- do_reconfigure = 0;
+ if (!reconfiguring && configured_once) {
+ mainReconfigureStart();
+ do_reconfigure = 0;
+ } // else wait until previous reconfigure is done
} else if (do_rotate) {
mainRotate();
do_rotate = 0;
@@ -889,6 +891,10 @@
writePidFile(); /* write PID file */
reconfiguring = 0;
+
+ // ignore any pending re-reconfigure signals if shutdown received
+ if (do_shutdown)
+ do_reconfigure = 0;
}
static void
@@ -991,6 +997,7 @@
squid_signal(SIGPIPE, SIG_IGN, SA_RESTART);
squid_signal(SIGCHLD, sig_child, SA_NODEFER | SA_RESTART);
+ squid_signal(SIGHUP, reconfigure, SA_RESTART);
setEffectiveUser();
@@ -1156,8 +1163,6 @@
#endif
- squid_signal(SIGHUP, reconfigure, SA_RESTART);
-
squid_signal(SIGTERM, shut_down, SA_NODEFER | SA_RESETHAND | SA_RESTART);
squid_signal(SIGINT, shut_down, SA_NODEFER | SA_RESETHAND | SA_RESTART);
@@ -1402,6 +1407,7 @@
Format::Token::Init(); // XXX: temporary. Use a runners registry of pre-parse runners instead.
try {
+ do_reconfigure = 0; // ignore any early (boot/startup) reconfigure signals
parse_err = parseConfigFile(ConfigFile);
} catch (...) {
// for now any errors are a fatal condition...
diff -u -r -N squid-3.5.10/src/peer_digest.cc squid-3.5.11/src/peer_digest.cc
--- squid-3.5.10/src/peer_digest.cc 2015-10-01 07:52:11.000000000 -0700
+++ squid-3.5.11/src/peer_digest.cc 2015-11-01 02:44:25.000000000 -0800
@@ -312,7 +312,7 @@
p->login[0] != '*' &&
strcmp(p->login, "PASS") != 0 &&
strcmp(p->login, "PASSTHRU") != 0 &&
- strcmp(p->login, "NEGOTIATE") != 0 &&
+ strncmp(p->login, "NEGOTIATE",9) != 0 &&
strcmp(p->login, "PROXYPASS") != 0) {
xstrncpy(req->login, p->login, MAX_LOGIN_SZ);
}
diff -u -r -N squid-3.5.10/src/SBuf.cc squid-3.5.11/src/SBuf.cc
--- squid-3.5.10/src/SBuf.cc 2015-10-01 07:52:11.000000000 -0700
+++ squid-3.5.11/src/SBuf.cc 2015-11-01 02:44:25.000000000 -0800
@@ -149,6 +149,7 @@
SBuf&
SBuf::assign(const char *S, size_type n)
{
+ const Locker blobKeeper(this, S);
debugs(24, 6, id << " from c-string, n=" << n << ")");
clear();
return append(S, n); //bounds checked in append()
@@ -202,12 +203,14 @@
SBuf&
SBuf::append(const SBuf &S)
{
+ const Locker blobKeeper(this, S.buf());
return lowAppend(S.buf(), S.length());
}
SBuf &
SBuf::append(const char * S, size_type Ssize)
{
+ const Locker blobKeeper(this, S);
if (S == NULL)
return *this;
if (Ssize == SBuf::npos)
@@ -226,6 +229,10 @@
SBuf&
SBuf::Printf(const char *fmt, ...)
{
+ // with printf() the fmt or an arg might be a dangerous char*
+ // NP: cant rely on vappendf() Locker because of clear()
+ const Locker blobKeeper(this, buf());
+
va_list args;
va_start(args, fmt);
clear();
@@ -247,6 +254,9 @@
SBuf&
SBuf::vappendf(const char *fmt, va_list vargs)
{
+ // with (v)appendf() the fmt or an arg might be a dangerous char*
+ const Locker blobKeeper(this, buf());
+
Must(fmt != NULL);
int sz = 0;
//reserve twice the format-string size, it's a likely heuristic
@@ -785,6 +795,10 @@
int
SBuf::scanf(const char *format, ...)
{
+ // with the format or an arg might be a dangerous char*
+ // that gets invalidated by c_str()
+ const Locker blobKeeper(this, buf());
+
va_list arg;
int rv;
++stats.scanf;
diff -u -r -N squid-3.5.10/src/SBuf.h squid-3.5.11/src/SBuf.h
--- squid-3.5.10/src/SBuf.h 2015-10-01 07:52:11.000000000 -0700
+++ squid-3.5.11/src/SBuf.h 2015-11-01 02:44:25.000000000 -0800
@@ -545,6 +545,27 @@
// TODO: possibly implement a replace() call
private:
+ /**
+ * Keeps SBuf's MemBlob alive in a blob-destroying context where
+ * a seemingly unrelated memory pointer may belong to the same blob.
+ * For [an extreme] example, consider: a.append(a).
+ * Compared to an SBuf temporary, this class is optimized to
+ * preserve blobs only if needed and to reduce debugging noise.
+ */
+ class Locker
+ {
+ public:
+ Locker(SBuf *parent, const char *otherBuffer) {
+ // lock if otherBuffer intersects the parents buffer area
+ const MemBlob *blob = parent->store_.getRaw();
+ if (blob->mem <= otherBuffer && otherBuffer < (blob->mem + blob->capacity))
+ locket = blob;
+ }
+ private:
+ MemBlob::Pointer locket;
+ };
+ friend class Locker;
+
MemBlob::Pointer store_; ///< memory block, possibly shared with other SBufs
size_type off_; ///< our content start offset from the beginning of shared store_
size_type len_; ///< number of our content bytes in shared store_
diff -u -r -N squid-3.5.10/src/ssl/bio.cc squid-3.5.11/src/ssl/bio.cc
--- squid-3.5.10/src/ssl/bio.cc 2015-10-01 07:52:11.000000000 -0700
+++ squid-3.5.11/src/ssl/bio.cc 2015-11-01 02:44:25.000000000 -0800
@@ -1009,7 +1009,11 @@
ciphers += 2;
if (ciphersLen) {
- const SSL_METHOD *method = SSLv3_method();
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+ const SSL_METHOD *method = TLS_method();
+#else
+ const SSL_METHOD *method = SSLv23_method();
+#endif
for (size_t i = 0; i < ciphersLen; i += 2) {
// each cipher in v3/tls HELLO message is of size 2
const SSL_CIPHER *c = method->get_cipher_by_char((ciphers + i));
@@ -1106,7 +1110,11 @@
return false;
if (ciphersLen) {
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+ const SSL_METHOD *method = TLS_method();
+#else
const SSL_METHOD *method = SSLv23_method();
+#endif
for (unsigned int i = 0; i < ciphersLen; i += 3) {
// The v2 hello messages cipher has 3 bytes.
// The v2 cipher has the first byte not null
diff -u -r -N squid-3.5.10/src/ssl/support.cc squid-3.5.11/src/ssl/support.cc
--- squid-3.5.10/src/ssl/support.cc 2015-10-01 07:52:11.000000000 -0700
+++ squid-3.5.11/src/ssl/support.cc 2015-11-01 02:44:25.000000000 -0800
@@ -1070,8 +1070,13 @@
break;
case 3:
+#if !defined(OPENSSL_NO_SSL3)
debugs(83, 5, "Using SSLv3.");
return SSLv3_client_method();
+#else
+ debugs(83, DBG_IMPORTANT, "SSLv3 is not available in this Proxy.");
+ return NULL;
+#endif
break;
case 4:
@@ -1117,7 +1122,7 @@
switch (version) {
case 2:
-#ifndef OPENSSL_NO_SSL2
+#if !defined(OPENSSL_NO_SSL2)
debugs(83, 5, "Using SSLv2.");
return SSLv2_server_method();
#else
@@ -1127,8 +1132,13 @@
break;
case 3:
+#if !defined(OPENSSL_NO_SSL3)
debugs(83, 5, "Using SSLv3.");
return SSLv3_server_method();
+#else
+ debugs(83, DBG_IMPORTANT, "SSLv3 is not available in this Proxy.");
+ return NULL;
+#endif
break;
case 4:
@@ -1543,7 +1553,7 @@
switch (version) {
case 2:
-#ifndef OPENSSL_NO_SSL2
+#if !defined(OPENSSL_NO_SSL2)
debugs(83, 5, "Using SSLv2.");
method = SSLv2_server_method();
#else
@@ -1553,8 +1563,13 @@
break;
case 3:
+#if !defined(OPENSSL_NO_SSL3)
debugs(83, 5, "Using SSLv3.");
method = SSLv3_server_method();
+#else
+ debugs(83, DBG_IMPORTANT, "SSLv3 is not available in this Proxy.");
+ return NULL;
+#endif
break;
case 4:
diff -u -r -N squid-3.5.10/src/tools.cc squid-3.5.11/src/tools.cc
--- squid-3.5.10/src/tools.cc 2015-10-01 07:52:11.000000000 -0700
+++ squid-3.5.11/src/tools.cc 2015-11-01 02:44:25.000000000 -0800
@@ -840,7 +840,7 @@
#endif
if (getrlimit(RLIMIT_NOFILE, &rl) < 0) {
- debugs(50, DBG_CRITICAL, "setrlimit: RLIMIT_NOFILE: " << xstrerror());
+ debugs(50, DBG_CRITICAL, "getrlimit: RLIMIT_NOFILE: " << xstrerror());
} else if (Config.max_filedescriptors > 0) {
#if USE_SELECT || USE_SELECT_WIN32
/* select() breaks if this gets set too big */
@@ -886,7 +886,7 @@
#endif
if (getrlimit(RLIMIT_NOFILE, &rl) < 0) {
- debugs(50, DBG_CRITICAL, "setrlimit: RLIMIT_NOFILE: " << xstrerror());
+ debugs(50, DBG_CRITICAL, "getrlimit: RLIMIT_NOFILE: " << xstrerror());
} else {
rl.rlim_cur = Squid_MaxFD;
if (setrlimit(RLIMIT_NOFILE, &rl) < 0) {