diff -u -r -N squid-3.5.17/cfgaux/config.guess squid-3.5.18/cfgaux/config.guess --- squid-3.5.17/cfgaux/config.guess 2016-04-21 00:25:13.000000000 +1200 +++ squid-3.5.18/cfgaux/config.guess 2016-05-06 22:14:16.000000000 +1200 @@ -1,8 +1,8 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2015 Free Software Foundation, Inc. +# Copyright 1992-2016 Free Software Foundation, Inc. -timestamp='2015-08-20' +timestamp='2016-04-02' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -27,7 +27,7 @@ # Originally written by Per Bothner; maintained since 2000 by Ben Elliston. # # You can get the latest version of this script from: -# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess # # Please send patches to . @@ -50,7 +50,7 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2015 Free Software Foundation, Inc. +Copyright 1992-2016 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -237,6 +237,10 @@ UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} exit ;; + *:LibertyBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-libertybsd${UNAME_RELEASE} + exit ;; *:ekkoBSD:*:*) echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} exit ;; @@ -268,42 +272,42 @@ ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` case "$ALPHA_CPU_TYPE" in "EV4 (21064)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "EV4.5 (21064)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "LCA4 (21066/21068)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "EV5 (21164)") - UNAME_MACHINE="alphaev5" ;; + UNAME_MACHINE=alphaev5 ;; "EV5.6 (21164A)") - UNAME_MACHINE="alphaev56" ;; + UNAME_MACHINE=alphaev56 ;; "EV5.6 (21164PC)") - UNAME_MACHINE="alphapca56" ;; + UNAME_MACHINE=alphapca56 ;; "EV5.7 (21164PC)") - UNAME_MACHINE="alphapca57" ;; + UNAME_MACHINE=alphapca57 ;; "EV6 (21264)") - UNAME_MACHINE="alphaev6" ;; + UNAME_MACHINE=alphaev6 ;; "EV6.7 (21264A)") - UNAME_MACHINE="alphaev67" ;; + UNAME_MACHINE=alphaev67 ;; "EV6.8CB (21264C)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.8AL (21264B)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.8CX (21264D)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.9A (21264/EV69A)") - UNAME_MACHINE="alphaev69" ;; + UNAME_MACHINE=alphaev69 ;; "EV7 (21364)") - UNAME_MACHINE="alphaev7" ;; + UNAME_MACHINE=alphaev7 ;; "EV7.9 (21364A)") - UNAME_MACHINE="alphaev79" ;; + UNAME_MACHINE=alphaev79 ;; esac # A Pn.n version is a patched version. # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. - echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` # Reset EXIT trap before exiting to avoid spurious non-zero exit code. exitcode=$? trap '' 0 @@ -376,16 +380,16 @@ exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) eval $set_cc_for_build - SUN_ARCH="i386" + SUN_ARCH=i386 # If there is a compiler, see if it is configured for 64-bit objects. # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. # This test works for both compilers. - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then - SUN_ARCH="x86_64" + SUN_ARCH=x86_64 fi fi echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` @@ -410,7 +414,7 @@ exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` - test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 + test "x${UNAME_RELEASE}" = x && UNAME_RELEASE=3 case "`/bin/arch`" in sun3) echo m68k-sun-sunos${UNAME_RELEASE} @@ -635,13 +639,13 @@ sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` case "${sc_cpu_version}" in - 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 - 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0 + 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 case "${sc_kernel_bits}" in - 32) HP_ARCH="hppa2.0n" ;; - 64) HP_ARCH="hppa2.0w" ;; - '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 + 32) HP_ARCH=hppa2.0n ;; + 64) HP_ARCH=hppa2.0w ;; + '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20 esac ;; esac fi @@ -680,11 +684,11 @@ exit (0); } EOF - (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` + (CCOPTS="" $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac - if [ ${HP_ARCH} = "hppa2.0w" ] + if [ ${HP_ARCH} = hppa2.0w ] then eval $set_cc_for_build @@ -697,12 +701,12 @@ # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess # => hppa64-hp-hpux11.23 - if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | + if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | grep -q __LP64__ then - HP_ARCH="hppa2.0w" + HP_ARCH=hppa2.0w else - HP_ARCH="hppa64" + HP_ARCH=hppa64 fi fi echo ${HP_ARCH}-hp-hpux${HPUX_REV} @@ -807,14 +811,14 @@ echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) - FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; 5000:UNIX_System_V:4.*:*) - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'` echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) @@ -896,7 +900,7 @@ exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland - echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix @@ -919,7 +923,7 @@ EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 - if test "$?" = 0 ; then LIBC="gnulibc1" ; fi + if test "$?" = 0 ; then LIBC=gnulibc1 ; fi echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; arc:Linux:*:* | arceb:Linux:*:*) @@ -965,6 +969,9 @@ ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; + k1om:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; m32r*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; @@ -1120,7 +1127,7 @@ # uname -m prints for DJGPP always 'pc', but it prints nothing about # the processor, so we play safe by assuming i586. # Note: whatever this is, it MUST be the same as what config.sub - # prints for the "djgpp" host, or else GDB configury will decide that + # prints for the "djgpp" host, or else GDB configure will decide that # this is a cross-build. echo i586-pc-msdosdjgpp exit ;; @@ -1269,6 +1276,9 @@ SX-8R:SUPER-UX:*:*) echo sx8r-nec-superux${UNAME_RELEASE} exit ;; + SX-ACE:SUPER-UX:*:*) + echo sxace-nec-superux${UNAME_RELEASE} + exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit ;; @@ -1282,9 +1292,9 @@ UNAME_PROCESSOR=powerpc fi if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then case $UNAME_PROCESSOR in @@ -1306,7 +1316,7 @@ exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` - if test "$UNAME_PROCESSOR" = "x86"; then + if test "$UNAME_PROCESSOR" = x86; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi @@ -1337,7 +1347,7 @@ # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. - if test "$cputype" = "386"; then + if test "$cputype" = 386; then UNAME_MACHINE=i386 else UNAME_MACHINE="$cputype" @@ -1379,7 +1389,7 @@ echo i386-pc-xenix exit ;; i*86:skyos:*:*) - echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' + echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE} | sed -e 's/ .*$//'` exit ;; i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos @@ -1390,6 +1400,9 @@ x86_64:VMkernel:*:*) echo ${UNAME_MACHINE}-unknown-esx exit ;; + amd64:Isilon\ OneFS:*:*) + echo x86_64-unknown-onefs + exit ;; esac cat >&2 <. # @@ -595,8 +595,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='3.5.17' -PACKAGE_STRING='Squid Web Proxy 3.5.17' +PACKAGE_VERSION='3.5.18' +PACKAGE_STRING='Squid Web Proxy 3.5.18' PACKAGE_BUGREPORT='http://bugs.squid-cache.org/' PACKAGE_URL='' @@ -1636,7 +1636,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 3.5.17 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 3.5.18 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1707,7 +1707,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 3.5.17:";; + short | recursive ) echo "Configuration of Squid Web Proxy 3.5.18:";; esac cat <<\_ACEOF @@ -2119,7 +2119,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 3.5.17 +Squid Web Proxy configure 3.5.18 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -3223,7 +3223,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 3.5.17, which was +It was created by Squid Web Proxy $as_me 3.5.18, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4090,7 +4090,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='3.5.17' + VERSION='3.5.18' cat >>confdefs.h <<_ACEOF @@ -41872,7 +41872,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 3.5.17, which was +This file was extended by Squid Web Proxy $as_me 3.5.18, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -41938,7 +41938,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Squid Web Proxy config.status 3.5.17 +Squid Web Proxy config.status 3.5.18 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -u -r -N squid-3.5.17/configure.ac squid-3.5.18/configure.ac --- squid-3.5.17/configure.ac 2016-04-21 00:26:07.000000000 +1200 +++ squid-3.5.18/configure.ac 2016-05-06 22:15:08.000000000 +1200 @@ -5,7 +5,7 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -AC_INIT([Squid Web Proxy],[3.5.17],[http://bugs.squid-cache.org/],[squid]) +AC_INIT([Squid Web Proxy],[3.5.18],[http://bugs.squid-cache.org/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) diff -u -r -N squid-3.5.17/doc/release-notes/release-3.5.html squid-3.5.18/doc/release-notes/release-3.5.html --- squid-3.5.17/doc/release-notes/release-3.5.html 2016-04-21 01:16:07.000000000 +1200 +++ squid-3.5.18/doc/release-notes/release-3.5.html 2016-05-06 23:04:01.000000000 +1200 @@ -2,10 +2,10 @@ - Squid 3.5.17 release notes + Squid 3.5.18 release notes -

Squid 3.5.17 release notes

+

Squid 3.5.18 release notes

Squid Developers

@@ -64,7 +64,7 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-3.5.17.

+

The Squid Team are pleased to announce the release of Squid-3.5.18.

This new release is available for download from http://www.squid-cache.org/Versions/v3/3.5/ or the mirrors.

diff -u -r -N squid-3.5.17/helpers/basic_auth/DB/basic_db_auth.8 squid-3.5.18/helpers/basic_auth/DB/basic_db_auth.8 --- squid-3.5.17/helpers/basic_auth/DB/basic_db_auth.8 2016-04-21 01:16:10.000000000 +1200 +++ squid-3.5.18/helpers/basic_auth/DB/basic_db_auth.8 2016-05-06 23:04:05.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_DB_AUTH 8" -.TH BASIC_DB_AUTH 8 "2016-04-20" "perl v5.22.1" "User Contributed Perl Documentation" +.TH BASIC_DB_AUTH 8 "2016-05-06" "perl v5.22.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.17/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 squid-3.5.18/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 --- squid-3.5.17/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 2016-04-21 01:16:14.000000000 +1200 +++ squid-3.5.18/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 2016-05-06 23:04:09.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_MSNT_MULTI_DOMAIN_AUTH 1" -.TH BASIC_MSNT_MULTI_DOMAIN_AUTH 1 "2016-04-20" "perl v5.22.1" "User Contributed Perl Documentation" +.TH BASIC_MSNT_MULTI_DOMAIN_AUTH 1 "2016-05-06" "perl v5.22.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.17/helpers/basic_auth/POP3/basic_pop3_auth.8 squid-3.5.18/helpers/basic_auth/POP3/basic_pop3_auth.8 --- squid-3.5.17/helpers/basic_auth/POP3/basic_pop3_auth.8 2016-04-21 01:16:19.000000000 +1200 +++ squid-3.5.18/helpers/basic_auth/POP3/basic_pop3_auth.8 2016-05-06 23:04:14.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_POP3_AUTH 8" -.TH BASIC_POP3_AUTH 8 "2016-04-20" "perl v5.22.1" "User Contributed Perl Documentation" +.TH BASIC_POP3_AUTH 8 "2016-05-06" "perl v5.22.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.17/helpers/external_acl/delayer/ext_delayer_acl.8 squid-3.5.18/helpers/external_acl/delayer/ext_delayer_acl.8 --- squid-3.5.17/helpers/external_acl/delayer/ext_delayer_acl.8 2016-04-21 01:16:33.000000000 +1200 +++ squid-3.5.18/helpers/external_acl/delayer/ext_delayer_acl.8 2016-05-06 23:04:27.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_DELAYER_ACL 8" -.TH EXT_DELAYER_ACL 8 "2016-04-20" "perl v5.22.1" "User Contributed Perl Documentation" +.TH EXT_DELAYER_ACL 8 "2016-05-06" "perl v5.22.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.17/helpers/external_acl/SQL_session/ext_sql_session_acl.8 squid-3.5.18/helpers/external_acl/SQL_session/ext_sql_session_acl.8 --- squid-3.5.17/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2016-04-21 01:16:41.000000000 +1200 +++ squid-3.5.18/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2016-05-06 23:04:35.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_SQL_SESSION_ACL 8" -.TH EXT_SQL_SESSION_ACL 8 "2016-04-20" "perl v5.22.1" "User Contributed Perl Documentation" +.TH EXT_SQL_SESSION_ACL 8 "2016-05-06" "perl v5.22.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.17/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 squid-3.5.18/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 --- squid-3.5.17/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2016-04-21 01:16:44.000000000 +1200 +++ squid-3.5.18/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2016-05-06 23:04:39.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_WBINFO_GROUP_ACL 8" -.TH EXT_WBINFO_GROUP_ACL 8 "2016-04-20" "perl v5.22.1" "User Contributed Perl Documentation" +.TH EXT_WBINFO_GROUP_ACL 8 "2016-05-06" "perl v5.22.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.17/helpers/log_daemon/DB/log_db_daemon.8 squid-3.5.18/helpers/log_daemon/DB/log_db_daemon.8 --- squid-3.5.17/helpers/log_daemon/DB/log_db_daemon.8 2016-04-21 01:16:46.000000000 +1200 +++ squid-3.5.18/helpers/log_daemon/DB/log_db_daemon.8 2016-05-06 23:04:42.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "LOG_DB_DAEMON 8" -.TH LOG_DB_DAEMON 8 "2016-04-20" "perl v5.22.1" "User Contributed Perl Documentation" +.TH LOG_DB_DAEMON 8 "2016-05-06" "perl v5.22.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.17/helpers/storeid_rewrite/file/storeid_file_rewrite.8 squid-3.5.18/helpers/storeid_rewrite/file/storeid_file_rewrite.8 --- squid-3.5.17/helpers/storeid_rewrite/file/storeid_file_rewrite.8 2016-04-21 01:17:00.000000000 +1200 +++ squid-3.5.18/helpers/storeid_rewrite/file/storeid_file_rewrite.8 2016-05-06 23:04:57.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "STOREID_FILE_REWRITE 8" -.TH STOREID_FILE_REWRITE 8 "2016-04-20" "perl v5.22.1" "User Contributed Perl Documentation" +.TH STOREID_FILE_REWRITE 8 "2016-05-06" "perl v5.22.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.17/include/version.h squid-3.5.18/include/version.h --- squid-3.5.17/include/version.h 2016-04-21 00:26:08.000000000 +1200 +++ squid-3.5.18/include/version.h 2016-05-06 22:15:09.000000000 +1200 @@ -7,7 +7,7 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1461155035 +#define SQUID_RELEASE_TIME 1462529584 #endif /* diff -u -r -N squid-3.5.17/RELEASENOTES.html squid-3.5.18/RELEASENOTES.html --- squid-3.5.17/RELEASENOTES.html 2016-04-21 01:16:07.000000000 +1200 +++ squid-3.5.18/RELEASENOTES.html 2016-05-06 23:04:01.000000000 +1200 @@ -2,10 +2,10 @@ - Squid 3.5.17 release notes + Squid 3.5.18 release notes -

Squid 3.5.17 release notes

+

Squid 3.5.18 release notes

Squid Developers

@@ -64,7 +64,7 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-3.5.17.

+

The Squid Team are pleased to announce the release of Squid-3.5.18.

This new release is available for download from http://www.squid-cache.org/Versions/v3/3.5/ or the mirrors.

diff -u -r -N squid-3.5.17/src/cf.data.pre squid-3.5.18/src/cf.data.pre --- squid-3.5.17/src/cf.data.pre 2016-04-21 00:24:03.000000000 +1200 +++ squid-3.5.18/src/cf.data.pre 2016-05-06 22:13:11.000000000 +1200 @@ -3620,8 +3620,6 @@ To avoid blocking locks, shared memory uses opportunistic algorithms that do not guarantee that every cachable entity that could have been shared among SMP workers will actually be shared. - - Currently, entities exceeding 32KB in size cannot be shared. DOC_END NAME: memory_cache_mode diff -u -r -N squid-3.5.17/src/client_side.cc squid-3.5.18/src/client_side.cc --- squid-3.5.17/src/client_side.cc 2016-04-21 00:24:03.000000000 +1200 +++ squid-3.5.18/src/client_side.cc 2016-05-06 22:13:11.000000000 +1200 @@ -2661,6 +2661,20 @@ clientProcessRequestFinished(conn, request); return; } + + // when absolute-URI is provided Host header should be ignored. However + // some code still uses Host directly so normalize it. + // For now preserve the case where Host is completely absent. That matters. + if (request->header.has(HDR_HOST)) { + const char *host = request->header.getStr(HDR_HOST); + SBuf authority(request->GetHost()); + if (request->port != urlDefaultPort(request->url.getScheme())) + authority.appendf(":%d", request->port); + debugs(33, 5, "URL domain " << authority << " overrides header Host: " << host); + // URL authority overrides Host header + request->header.delById(HDR_HOST); + request->header.putStr(HDR_HOST, authority.c_str()); + } } // Some blobs below are still HTTP-specific, but we would have to rewrite diff -u -r -N squid-3.5.17/src/client_side_request.cc squid-3.5.18/src/client_side_request.cc --- squid-3.5.17/src/client_side_request.cc 2016-04-21 00:24:03.000000000 +1200 +++ squid-3.5.18/src/client_side_request.cc 2016-05-06 22:13:11.000000000 +1200 @@ -141,16 +141,18 @@ setConn(aConn); al = new AccessLogEntry; al->cache.start_time = current_time; - al->tcpClient = clientConnection = aConn->clientConnection; - al->cache.port = aConn->port; - al->cache.caddr = aConn->log_addr; + if (aConn) { + al->tcpClient = clientConnection = aConn->clientConnection; + al->cache.port = aConn->port; + al->cache.caddr = aConn->log_addr; #if USE_OPENSSL - if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) { - if (SSL *ssl = fd_table[aConn->clientConnection->fd].ssl) - al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl)); - } + if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) { + if (SSL *ssl = fd_table[aConn->clientConnection->fd].ssl) + al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl)); + } #endif + } dlinkAdd(this, &active, &ClientActiveRequests); #if USE_ADAPTATION request_satisfaction_mode = false; diff -u -r -N squid-3.5.17/src/esi/Context.h squid-3.5.18/src/esi/Context.h --- squid-3.5.17/src/esi/Context.h 2016-04-21 00:24:03.000000000 +1200 +++ squid-3.5.18/src/esi/Context.h 2016-05-06 22:13:11.000000000 +1200 @@ -13,6 +13,7 @@ #include "err_type.h" #include "esi/Element.h" #include "esi/Parser.h" +#include "HttpReply.h" #include "http/StatusCode.h" class ESIVarState; @@ -91,7 +92,7 @@ err_type errorpage; /* if we error what page to use */ Http::StatusCode errorstatus; /* if we error, what code to return */ char *errormessage; /* error to pass to error page */ - HttpReply *rep; /* buffered until we pass data downstream */ + HttpReply::Pointer rep; /* buffered until we pass data downstream */ ESISegment::Pointer buffered; /* unprocessed data - for whatever reason */ ESISegment::Pointer incoming; /* processed data we are waiting to send, or for diff -u -r -N squid-3.5.17/src/esi/Esi.cc squid-3.5.18/src/esi/Esi.cc --- squid-3.5.17/src/esi/Esi.cc 2016-04-21 00:24:03.000000000 +1200 +++ squid-3.5.18/src/esi/Esi.cc 2016-05-06 22:13:11.000000000 +1200 @@ -573,7 +573,7 @@ #endif - if (!(rep || (outbound.getRaw() && + if (!(rep != NULL || (outbound.getRaw() && outbound->len && (outbound_offset <= outbound->len)))) { debugs(86, 5, "ESIContext::send: Nothing to send."); return 0; @@ -618,18 +618,18 @@ flags.clientwantsdata = 0; debugs(86, 5, "ESIContext::send: this=" << this << " Client no longer wants data "); /* Deal with re-entrancy */ - HttpReply *temprep = rep; + HttpReply::Pointer temprep = rep; rep = NULL; /* freed downstream */ - if (temprep && varState) - varState->buildVary (temprep); + if (temprep != NULL && varState) + varState->buildVary(temprep.getRaw()); { StoreIOBuffer tempBuffer; tempBuffer.length = len; tempBuffer.offset = pos - len; tempBuffer.data = next->readBuffer.data; - clientStreamCallback (thisNode, http, temprep, tempBuffer); + clientStreamCallback (thisNode, http, temprep.getRaw(), tempBuffer); } if (len == 0) @@ -1259,7 +1259,7 @@ ++parserState.stackdepth; } - if (rep && !parserState.inited()) + if (rep != NULL && !parserState.inited()) parserState.init(this); /* we have data */ @@ -1398,7 +1398,7 @@ { debugs(86, 5, HERE << "Freeing for this=" << this); - HTTPMSGUNLOCK(rep); + rep = NULL; // refcounted finishChildren (); diff -u -r -N squid-3.5.17/src/eui/Eui48.cc squid-3.5.18/src/eui/Eui48.cc --- squid-3.5.17/src/eui/Eui48.cc 2016-04-21 00:24:03.000000000 +1200 +++ squid-3.5.18/src/eui/Eui48.cc 2016-05-06 22:13:11.000000000 +1200 @@ -375,7 +375,11 @@ mib[4] = NET_RT_FLAGS; +#if defined(RTF_LLDATA) + mib[5] = RTF_LLDATA; +#else mib[5] = RTF_LLINFO; +#endif if (sysctl(mib, 6, NULL, &needed, NULL, 0) < 0) { debugs(28, DBG_CRITICAL, "Can't estimate ARP table size!"); diff -u -r -N squid-3.5.17/src/mime_header.cc squid-3.5.18/src/mime_header.cc --- squid-3.5.17/src/mime_header.cc 2016-04-21 00:24:03.000000000 +1200 +++ squid-3.5.18/src/mime_header.cc 2016-05-06 22:13:11.000000000 +1200 @@ -40,9 +40,6 @@ if (strcmp(p, "\r\n\r\n") == 0 || strcmp(p, "\n\n") == 0) return NULL; - while (xisspace(*p)) - ++p; - if (strncasecmp(p, name, namelen)) continue; diff -u -r -N squid-3.5.17/src/ssl/bio.cc squid-3.5.18/src/ssl/bio.cc --- squid-3.5.17/src/ssl/bio.cc 2016-04-21 00:24:03.000000000 +1200 +++ squid-3.5.18/src/ssl/bio.cc 2016-05-06 22:13:11.000000000 +1200 @@ -229,7 +229,7 @@ } if (helloState == atHelloNone) { - helloSize = features.parseMsgHead(rbuf); + const int helloSize = features.parseMsgHead(rbuf); if (helloSize == 0) { // Not enough bytes to get hello message size BIO_set_retry_read(table); @@ -246,7 +246,7 @@ const char *s = objToString(head, rbuf.contentSize()); debugs(83, 7, "SSL Header: " << s); - if (helloSize > rbuf.contentSize()) { + if (!features.helloRecord(rbuf)) { BIO_set_retry_read(table); return -1; } @@ -640,7 +640,7 @@ } } -Ssl::Bio::sslFeatures::sslFeatures(): sslVersion(-1), compressMethod(-1), helloMsgSize(0), unknownCiphers(false), doHeartBeats(true), tlsTicketsExtension(false), hasTlsTicket(false), tlsStatusRequest(false), hasCcsOrNst(false), initialized_(false) +Ssl::Bio::sslFeatures::sslFeatures(): sslVersion(-1), compressMethod(-1), helloRecordStart(0), helloMsgSize(0), unknownCiphers(false), doHeartBeats(true), tlsTicketsExtension(false), hasTlsTicket(false), tlsStatusRequest(false), hasCcsOrNst(false), initialized_(false) { memset(client_random, 0, SSL3_RANDOM_SIZE); } @@ -765,39 +765,68 @@ if (helloMsgSize > 0) return helloMsgSize; - // Check for SSLPlaintext/TLSPlaintext record - // RFC6101 section 5.2.1 - // RFC5246 section 6.2.1 - if (head[0] == 0x16) { - debugs(83, 7, "SSL version 3 handshake message"); - // The SSL version exist in the 2nd and 3rd bytes - sslVersion = (head[1] << 8) | head[2]; - debugs(83, 7, "SSL Version :" << std::hex << std::setw(8) << std::setfill('0') << sslVersion); - // The hello message size exist in 4th and 5th bytes - helloMsgSize = (head[3] << 8) + head[4]; - debugs(83, 7, "SSL Header Size: " << helloMsgSize); - helloMsgSize +=5; - } else if ((head[0] & 0x80) && head[2] == 0x01 && head[3] == 0x03) { + if ((head[0] & 0x80) && head[2] == 0x01 && head[3] == 0x03) { debugs(83, 7, "SSL version 2 handshake message with v3 support"); sslVersion = (head[3] << 8) | head[4]; + helloRecordStart = 0; debugs(83, 7, "SSL Version :" << std::hex << std::setw(8) << std::setfill('0') << sslVersion); // The hello message size exist in 2nd byte helloMsgSize = head[1]; helloMsgSize +=2; - } else { - debugs(83, 7, "Not an SSL acceptable handshake message (SSLv2 message?)"); - return (helloMsgSize = -1); + initialized_ = true; + return helloMsgSize; } - // Set object as initialized. Even if we did not full parsing yet - // The basic features, like the SSL version is set - initialized_ = true; - return helloMsgSize; + const int headSize = buf.contentSize(); + int currentPos = 0; + do { + const unsigned char *currentRecord = head + currentPos; + // Check for Alert Protocol records before hello message. RFC5246 section-7.2 + if (currentRecord[0] == 0x15) { + int recordSize = (currentRecord[3] << 8) + currentRecord[4]; + // We need at least 5 bytes for each record. + if ((currentPos + recordSize + 5) > headSize) + return 0; // Not enough bytes; + // Check for fatal Alert and abort if found + if (currentRecord[5] > 1) + return -1; + currentPos += recordSize + 5; + } else if (currentRecord[0] == 0x16) { + // SSLPlaintext/TLSPlaintext record + // RFC6101 section 5.2.1, RFC5246 section 6.2.1 + debugs(83, 7, "SSL version 3 handshake message"); + // The SSL version exist in the 2nd and 3rd bytes + sslVersion = (currentRecord[1] << 8) | currentRecord[2]; + debugs(83, 7, "SSL Version :" << std::hex << std::setw(8) << std::setfill('0') << sslVersion); + // The hello message size exist in 4th and 5th bytes + helloMsgSize = (currentRecord[3] << 8) + currentRecord[4]; + debugs(83, 7, "SSL Header Size: " << helloMsgSize); + helloMsgSize +=5; + helloRecordStart = currentPos; + + // Set object as initialized. Even if we did not full parsing yet + // The basic features, like the SSL version is set + initialized_ = true; + return helloMsgSize; + } else { + debugs(83, 7, "Not an SSL acceptable handshake message (SSLv2 message?)"); + return (helloMsgSize = -1); + } + } while (currentPos + 5 <= headSize); + + return 0; } bool -Ssl::Bio::sslFeatures::checkForCcsOrNst(const unsigned char *msg, size_t size) +Ssl::Bio::sslFeatures::checkForCcsOrNst(const MemBuf &buf) { + if (helloMsgSize <= 0) //unparsed content? + return false; + + // Check the records after the Hello record. + const int afterHello = helloRecordStart + helloMsgSize; + const unsigned char *msg = reinterpret_cast(buf.content()) + afterHello; + size_t size = (buf.contentSize() > afterHello) ? (size_t)(buf.contentSize() - afterHello) : 0; while (size > 5) { const int msgType = msg[0]; const int msgSslVersion = (msg[1] << 8) | msg[2]; @@ -828,6 +857,18 @@ return false; } +const unsigned char * +Ssl::Bio::sslFeatures::helloRecord(const MemBuf &buf) +{ + if (helloMsgSize <= 0) + return NULL; + + if (helloRecordStart + helloMsgSize <= buf.contentSize()) + return reinterpret_cast(buf.content()) + helloRecordStart; + + return NULL; +} + bool Ssl::Bio::sslFeatures::get(const MemBuf &buf, bool record) { @@ -837,17 +878,17 @@ return false; } - if (msgSize > buf.contentSize()) { - debugs(83, 2, "Partial SSL handshake message, can not parse!"); - return false; - } - if (record) { helloMessage.clear(); helloMessage.append(buf.content(), buf.contentSize()); } - const unsigned char *msg = (const unsigned char *)buf.content(); + const unsigned char *msg = helloRecord(buf); + if (!msg) { + debugs(83, 2, "Partial SSL handshake message, can not parse!"); + return false; + } + if (msg[0] & 0x80) return parseV23Hello(msg, (size_t)msgSize); else { @@ -860,7 +901,7 @@ // RFC5246 section 7.4 if (msg[5] == 0x2) { // ServerHello message if (parseV3ServerHello(msg, (size_t)msgSize)) { - hasCcsOrNst = checkForCcsOrNst(msg + msgSize, buf.contentSize() - msgSize); + hasCcsOrNst = checkForCcsOrNst(buf); return true; } } else if (msg[5] == 0x1) // ClientHello message, diff -u -r -N squid-3.5.17/src/ssl/bio.h squid-3.5.18/src/ssl/bio.h --- squid-3.5.17/src/ssl/bio.h 2016-04-21 00:24:03.000000000 +1200 +++ squid-3.5.18/src/ssl/bio.h 2016-05-06 22:13:11.000000000 +1200 @@ -52,17 +52,21 @@ int toSquidSSLVersion() const; /// Configure the SSL object with the SSL features of the sslFeatures object void applyToSSL(SSL *ssl, Ssl::BumpMode bumpMode) const; - /// Parses an SSL Message header. It returns the ssl Message size. + /// Parses an SSL Message header. It returns the Hello ssl Message size. /// \retval >0 if the hello size is retrieved /// \retval 0 if the contents of the buffer are not enough /// \retval <0 if the contents of buf are not SSLv3 or TLS hello message int parseMsgHead(const MemBuf &); - /// Parses msg buffer and return true if one of the Change Cipher Spec + /// Return a pointer to the SSL Record include the hello message + /// or NULL if this is not available + const unsigned char *helloRecord(const MemBuf &); + /// Parses buf buffer and return true if one of the Change Cipher Spec /// or New Session Ticket messages found - bool checkForCcsOrNst(const unsigned char *msg, size_t size); + bool checkForCcsOrNst(const MemBuf &buf); public: int sslVersion; ///< The requested/used SSL version int compressMethod; ///< The requested/used compressed method + int helloRecordStart; ///< The SSL hello position in SSL int helloMsgSize; ///< the hello message size mutable SBuf serverName; ///< The SNI hostname, if any std::string clientRequestedCiphers; ///< The client requested ciphers @@ -130,7 +134,7 @@ public: /// The ssl hello message read states typedef enum {atHelloNone = 0, atHelloStarted, atHelloReceived} HelloReadState; - explicit ClientBio(const int anFd): Bio(anFd), holdRead_(false), holdWrite_(false), helloState(atHelloNone), helloSize(0) {} + explicit ClientBio(const int anFd): Bio(anFd), holdRead_(false), holdWrite_(false), helloState(atHelloNone) {} /// The ClientBio version of the Ssl::Bio::stateChanged method /// When the client hello message retrieved, fill the @@ -157,7 +161,6 @@ bool holdRead_; ///< The read hold state of the bio. bool holdWrite_; ///< The write hold state of the bio. HelloReadState helloState; ///< The SSL hello read state - int helloSize; ///< The SSL hello message sent by client size }; /// BIO node to handle socket IO for squid server side diff -u -r -N squid-3.5.17/src/ssl/helper.cc squid-3.5.18/src/ssl/helper.cc --- squid-3.5.17/src/ssl/helper.cc 2016-04-21 00:24:03.000000000 +1200 +++ squid-3.5.18/src/ssl/helper.cc 2016-05-06 22:13:11.000000000 +1200 @@ -63,26 +63,9 @@ { char *tmp = xstrdup(Ssl::TheConfig.ssl_crtd); char *tmp_begin = tmp; - char * token = NULL; - bool db_path_was_found = false; - bool block_size_was_found = false; - char buffer[20] = "2048"; + char *token = NULL; while ((token = strwordtok(NULL, &tmp))) { wordlistAdd(&ssl_crtd->cmdline, token); - if (!strcmp(token, "-b")) - block_size_was_found = true; - if (!strcmp(token, "-s")) { - db_path_was_found = true; - } else if (db_path_was_found) { - db_path_was_found = false; - int fs_block_size = 0; - storeDirGetBlkSize(token, &fs_block_size); - snprintf(buffer, sizeof(buffer), "%i", fs_block_size); - } - } - if (!block_size_was_found) { - wordlistAdd(&ssl_crtd->cmdline, "-b"); - wordlistAdd(&ssl_crtd->cmdline, buffer); } safe_free(tmp_begin); } diff -u -r -N squid-3.5.17/src/ssl/ssl_crtd.cc squid-3.5.18/src/ssl/ssl_crtd.cc --- squid-3.5.17/src/ssl/ssl_crtd.cc 2016-04-21 00:24:03.000000000 +1200 +++ squid-3.5.18/src/ssl/ssl_crtd.cc 2016-05-06 22:13:11.000000000 +1200 @@ -24,8 +24,8 @@ \defgroup ssl_crtd ssl_crtd \ingroup ExternalPrograms \par - Because the standart generation of ssl certificate for - sslBump feature, Squid must use external proccess to + Because the standard generation of ssl certificate for + sslBump feature, Squid must use external process to actually make these calls. This process generate new ssl certificates and worked with ssl certificates disk cache. Typically there will be five ssl_crtd processes spawned @@ -188,11 +188,8 @@ std::cerr << help_string << std::endl; } -/** - \ingroup ssl_crtd - * Proccess new request message. - */ -static bool proccessNewRequest(Ssl::CrtdMessage & request_message, std::string const & db_path, size_t max_db_size, size_t fs_block_size) +/// Process new request message. +static bool processNewRequest(Ssl::CrtdMessage & request_message, std::string const & db_path, size_t max_db_size, size_t fs_block_size) { Ssl::CertificateProperties certProperties; std::string error; @@ -265,11 +262,11 @@ { try { size_t max_db_size = 0; - size_t fs_block_size = 2048; + size_t fs_block_size = 0; int8_t c; bool create_new_db = false; std::string db_path; - // proccess options. + // process options. while ((c = getopt(argc, argv, "dcghvs:M:b:n:")) != -1) { switch (c) { case 'd': @@ -310,13 +307,26 @@ exit(0); } + if (fs_block_size == 0) { + struct statvfs sfs; + + if (xstatvfs(db_path.c_str(), &sfs)) { + fs_block_size = 2048; + } else { + fs_block_size = sfs.f_frsize; + // Sanity check; make sure we have a meaningful value. + if (fs_block_size < 512) + fs_block_size = 2048; + } + } + { Ssl::CertificateDb::check(db_path, max_db_size, fs_block_size); } // Initialize SSL subsystem SSL_load_error_strings(); SSLeay_add_ssl_algorithms(); - // proccess request. + // process request. for (;;) { char request[HELPER_INPUT_BUFFER]; Ssl::CrtdMessage request_message(Ssl::CrtdMessage::REQUEST); @@ -332,7 +342,7 @@ if (parse_result == Ssl::CrtdMessage::ERROR) { throw std::runtime_error("Cannot parse request message."); } else if (request_message.getCode() == Ssl::CrtdMessage::code_new_certificate) { - proccessNewRequest(request_message, db_path, max_db_size, fs_block_size); + processNewRequest(request_message, db_path, max_db_size, fs_block_size); } else { throw std::runtime_error("Unknown request code: \"" + request_message.getCode() + "\"."); } diff -u -r -N squid-3.5.17/src/url.cc squid-3.5.18/src/url.cc --- squid-3.5.17/src/url.cc 2016-04-21 00:24:03.000000000 +1200 +++ squid-3.5.18/src/url.cc 2016-05-06 22:13:11.000000000 +1200 @@ -290,6 +290,8 @@ *t = 0; strncpy((char *) host, t + 1, sizeof(host)-1); host[sizeof(host)-1] = '\0'; + // Bug 4498: URL-unescape the login info after extraction + rfc1738_unescape(login); } /* Is there any host information? (we should eventually parse it above) */