diff -u -r -N squid-3.5.2/ChangeLog squid-3.5.3/ChangeLog --- squid-3.5.2/ChangeLog 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/ChangeLog 2015-03-28 03:58:05.000000000 -0700 @@ -1,3 +1,16 @@ +Changes to squid-3.5.3 (28 Mar 2015): + + - Regression Bug 4213: negotiate_kerberos_auth: freeing non-dynamic memory + - Regression Bug 4206: Incorrect connection close on expect:100-continue + - Bug 4204: ./configure does not abort when required helpers cannot be built + - Bug 3805: support shared memory on MacOS X in Mem::IPC::Segment + - Bug 2907: high CPU usage on CONNECT when using delay pools + - basic_getpwnam_auth: fail authentication on crypt() failures + - basic_nis_auth: fail authentication on crypt() failures + - ext_kerberos_ldap_group_acl: Heimdal support improvements + - ext_wbinfo_group_acl: Perl 5.20 support + - ... and several compile issues + Changes to squid-3.5.2 (18 Feb 2015): - Regression Bug 4176: Digest auth too many helper lookups diff -u -r -N squid-3.5.2/compat/Makefile.in squid-3.5.3/compat/Makefile.in --- squid-3.5.2/compat/Makefile.in 2015-02-18 04:18:03.000000000 -0800 +++ squid-3.5.3/compat/Makefile.in 2015-03-28 03:59:15.000000000 -0700 @@ -83,8 +83,8 @@ build_triplet = @build@ host_triplet = @host@ DIST_COMMON = $(top_srcdir)/src/Common.am $(srcdir)/Makefile.in \ - $(srcdir)/Makefile.am strtoll.c strerror.c initgroups.c \ - drand48.c tempnam.c psignal.c $(top_srcdir)/cfgaux/depcomp \ + $(srcdir)/Makefile.am initgroups.c strerror.c drand48.c \ + psignal.c strtoll.c tempnam.c $(top_srcdir)/cfgaux/depcomp \ $(top_srcdir)/cfgaux/test-driver check_PROGRAMS = testPreCompiler$(EXEEXT) TESTS = testPreCompiler$(EXEEXT) testHeaders diff -u -r -N squid-3.5.2/configure squid-3.5.3/configure --- squid-3.5.2/configure 2015-02-18 04:18:57.000000000 -0800 +++ squid-3.5.3/configure 2015-03-28 04:00:06.000000000 -0700 @@ -1,7 +1,7 @@ #! /bin/sh # From configure.ac Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for Squid Web Proxy 3.5.2. +# Generated by GNU Autoconf 2.69 for Squid Web Proxy 3.5.3. # # Report bugs to . # @@ -595,8 +595,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='3.5.2' -PACKAGE_STRING='Squid Web Proxy 3.5.2' +PACKAGE_VERSION='3.5.3' +PACKAGE_STRING='Squid Web Proxy 3.5.3' PACKAGE_BUGREPORT='http://bugs.squid-cache.org/' PACKAGE_URL='' @@ -1617,7 +1617,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 3.5.2 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 3.5.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1687,7 +1687,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 3.5.2:";; + short | recursive ) echo "Configuration of Squid Web Proxy 3.5.3:";; esac cat <<\_ACEOF @@ -2094,7 +2094,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 3.5.2 +Squid Web Proxy configure 3.5.3 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -3198,7 +3198,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 3.5.2, which was +It was created by Squid Web Proxy $as_me 3.5.3, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4065,7 +4065,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='3.5.2' + VERSION='3.5.3' cat >>confdefs.h <<_ACEOF @@ -20121,28 +20121,48 @@ # to be used by sub-commands export enable_inline +# Check for atomic operations support in the compiler { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU atomic operations support" >&5 $as_echo_n "checking for GNU atomic operations support... " >&6; } -if test "$cross_compiling" = yes; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiler cant tell" >&5 -$as_echo "cross-compiler cant tell" >&6; } +if ${squid_cv_gnu_atomics+:} false; then : + $as_echo_n "(cached) " >&6 +else +if test "$cross_compiling" = yes; then : + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot run test program while cross compiling +See \`config.log' for more details" "$LINENO" 5; } else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - int n = 0; +#include + int32_t n_32 = 0; + uint64_t n_64 = 0; int main () { - __sync_add_and_fetch(&n, 10); // n becomes 10 - __sync_fetch_and_add(&n, 20); // n becomes 30 - __sync_sub_and_fetch(&n, 15); // n becomes 15 - __sync_bool_compare_and_swap(&n, 15, 201); // n becomes 201 - __sync_fetch_and_and(&n, 200); // n becomes 200 - return (n == 200) ? 0 : -1; + // 32-bit + __sync_add_and_fetch(&n_32, 10); // n becomes 10 + __sync_fetch_and_add(&n_32, 20); // n becomes 30 + __sync_sub_and_fetch(&n_32, 15); // n becomes 15 + __sync_bool_compare_and_swap(&n_32, 15, 201); // n becomes 201 + __sync_fetch_and_and(&n_32, 200); // n becomes 200 + if (n_32 != 200) return -1; + + // 64-bit + __sync_add_and_fetch(&n_64, 10); // n becomes 10 + __sync_fetch_and_add(&n_64, 20); // n becomes 30 + __sync_sub_and_fetch(&n_64, 15); // n becomes 15 + __sync_bool_compare_and_swap(&n_64, 15, 201); // n becomes 201 + __sync_fetch_and_and(&n_64, 200); // n becomes 200 + if (n_64 != 200) return -1; + + // seems to be okay. + return 0; ; return 0; @@ -20150,16 +20170,11 @@ _ACEOF if ac_fn_cxx_try_run "$LINENO"; then : - -$as_echo "#define HAVE_ATOMIC_OPS 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + squid_cv_gnu_atomics=yes else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + squid_cv_gnu_atomics=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ @@ -20167,6 +20182,24 @@ fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $squid_cv_gnu_atomics" >&5 +$as_echo "$squid_cv_gnu_atomics" >&6; } + +squid_tmp_define="" +case "${squid_cv_gnu_atomics:=yes}" in + yes|true|1) squid_tmp_define="1" ;; + no|false|0|"") squid_tmp_define="0" ;; + *) as_fn_error $? "SQUID_DEFINE_BOOL: unrecognized value for HAVE_ATOMIC_OPS: '${squid_cv_gnu_atomics:=yes}'" "$LINENO" 5 ;; +esac + +cat >>confdefs.h <<_ACEOF +#define HAVE_ATOMIC_OPS $squid_tmp_define +_ACEOF + +unset squid_tmp_define + + # Check whether --enable-debug-cbdata was given. if test "${enable_debug_cbdata+set}" = set; then : enableval=$enable_debug_cbdata; @@ -31689,6 +31722,7 @@ as_fn_error $? "Basic auth requested but auth disabled" "$LINENO" 5 fi #define list of modules to build +auto_auth_basic_modules=no if test "x$enable_auth_basic" = "xyes" ; then enable_auth_basic="" @@ -31699,6 +31733,7 @@ fi done + auto_auth_basic_modules=yes fi #handle the "none" special case if test "x$enable_auth_basic" = "xnone" ; then @@ -32349,8 +32384,12 @@ if test -d "$srcdir/helpers/basic_auth/$helper"; then if test "$BUILD_HELPER" != "$helper"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: Basic auth helper $helper ... found but cannot be built" >&5 + if test "x$auto_auth_basic_modules" = "xyes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: Basic auth helper $helper ... found but cannot be built" >&5 $as_echo "$as_me: Basic auth helper $helper ... found but cannot be built" >&6;} + else + as_fn_error $? "Basic auth helper $helper ... found but cannot be built" "$LINENO" 5 + fi else BASIC_AUTH_HELPERS="$BASIC_AUTH_HELPERS $BUILD_HELPER" fi @@ -32401,6 +32440,7 @@ as_fn_error $? "Digest auth requested but auth disabled" "$LINENO" 5 fi #define list of modules to build +auto_auth_digest_modules=no if test "x$enable_auth_digest" = "xyes" ; then enable_auth_digest="" @@ -32411,6 +32451,7 @@ fi done + auto_auth_digest_modules=yes fi #handle the "none" special case if test "x$enable_auth_digest" = "xnone" ; then @@ -32493,8 +32534,12 @@ if test -d "$srcdir/helpers/digest_auth/$helper"; then if test "$BUILD_HELPER" != "$helper"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: Digest auth helper $helper ... found but cannot be built" >&5 + if test "x$auto_auth_digest_modules" = "xyes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: Digest auth helper $helper ... found but cannot be built" >&5 $as_echo "$as_me: Digest auth helper $helper ... found but cannot be built" >&6;} + else + as_fn_error $? "Digest auth helper $helper ... found but cannot be built" "$LINENO" 5 + fi else DIGEST_AUTH_HELPERS="$DIGEST_AUTH_HELPERS $BUILD_HELPER" fi @@ -32544,6 +32589,7 @@ as_fn_error $? "Negotiate auth requested but auth disabled" "$LINENO" 5 fi #define list of modules to build +auto_auth_negotiate_modules=no if test "x$enable_auth_negotiate" = "xyes" ; then enable_auth_negotiate="" @@ -32554,6 +32600,7 @@ fi done + auto_auth_negotiate_modules=yes fi #handle the "none" special case if test "x$enable_auth_negotiate" = "xnone" ; then @@ -32639,8 +32686,12 @@ if test -d "$srcdir/helpers/negotiate_auth/$helper"; then if test "$BUILD_HELPER" != "$helper"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: Negotiate auth helper $helper ... found but cannot be built" >&5 + if test "x$auto_auth_negotiate_modules" = "xyes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: Negotiate auth helper $helper ... found but cannot be built" >&5 $as_echo "$as_me: Negotiate auth helper $helper ... found but cannot be built" >&6;} + else + as_fn_error $? "Negotiate auth helper $helper ... found but cannot be built" "$LINENO" 5 + fi else NEGOTIATE_AUTH_HELPERS="$NEGOTIATE_AUTH_HELPERS $BUILD_HELPER" fi @@ -32690,6 +32741,7 @@ as_fn_error $? "NTLM auth requested but auth disabled" "$LINENO" 5 fi #define list of modules to build +auto_auth_ntlm_modules=no if test "x$enable_auth_ntlm" = "xyes" ; then enable_auth_ntlm="" @@ -32700,6 +32752,7 @@ fi done + auto_auth_ntlm_modules=yes fi #handle the "none" special case if test "x$enable_auth_ntlm" = "xnone" ; then @@ -32793,8 +32846,12 @@ if test -d "$srcdir/helpers/ntlm_auth/$helper"; then if test "$BUILD_HELPER" != "$helper"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: NTLM auth helper $helper ... found but cannot be built" >&5 + if test "x$auto_auth_ntlm_modules" = "xyes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: NTLM auth helper $helper ... found but cannot be built" >&5 $as_echo "$as_me: NTLM auth helper $helper ... found but cannot be built" >&6;} + else + as_fn_error $? "NTLM auth helper $helper ... found but cannot be built" "$LINENO" 5 + fi else NTLM_AUTH_HELPERS="$NTLM_AUTH_HELPERS $BUILD_HELPER" fi @@ -32878,6 +32935,7 @@ # FIXME: de-duplicate $enable_log_daemon_helpers list containing double entries. #define list of modules to build +auto_logdaemon_modules=no if test "x${enable_log_daemon_helpers:=yes}" = "xyes" ;then enable_log_daemon_helpers="" @@ -32889,6 +32947,7 @@ fi done + auto_logdaemon_modules=yes fi if test "x$enable_log_daemon_helpers" = "xnone" ; then enable_log_daemon_helpers="" @@ -32933,8 +32992,12 @@ if test -d "$srcdir/helpers/log_daemon/$helper"; then if test "$BUILD_HELPER" != "$helper"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: Log daemon helper $helper ... found but cannot be built" >&5 + if test "x$auto_logdaemon_modules" = "xyes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: Log daemon helper $helper ... found but cannot be built" >&5 $as_echo "$as_me: Log daemon helper $helper ... found but cannot be built" >&6;} + else + as_fn_error $? "Log daemon helper $helper ... found but cannot be built" "$LINENO" 5 + fi else LOG_DAEMON_HELPERS="$LOG_DAEMON_HELPERS $BUILD_HELPER" fi @@ -32968,6 +33031,7 @@ # FIXME: de-duplicate $enable_external_acl_helpers list containing double entries. #define list of modules to build +auto_ext_acl_modules=no if test "x${enable_external_acl_helpers:=yes}" = "xyes" ;then enable_external_acl_helpers="" @@ -32978,6 +33042,7 @@ fi done + auto_ext_acl_modules=yes fi if test "x$enable_external_acl_helpers" = "xnone" ; then enable_external_acl_helpers="" @@ -33426,8 +33491,12 @@ if test -d "$srcdir/helpers/external_acl/$helper"; then if test "$BUILD_HELPER" != "$helper"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: external acl helper $helper ... found but cannot be built" >&5 + if test "x$auto_ext_acl_modules" = "xyes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: external acl helper $helper ... found but cannot be built" >&5 $as_echo "$as_me: external acl helper $helper ... found but cannot be built" >&6;} + else + as_fn_error $? "external acl helper $helper ... found but cannot be built" "$LINENO" 5 + fi else EXTERNAL_ACL_HELPERS="$EXTERNAL_ACL_HELPERS $BUILD_HELPER" fi @@ -33460,6 +33529,7 @@ # FIXME: de-duplicate $enable_url_rewrite_helpers list containing double entries. #define list of modules to build +auto_urlrewrite_modules=no if test "x${enable_url_rewrite_helpers:=yes}" = "xyes" ; then enable_url_rewrite_helpers="" @@ -33470,6 +33540,7 @@ fi done + auto_urlrewrite_modules=yes fi enable_url_rewrite_helpers="`echo $enable_url_rewrite_helpers| sed -e 's/,/ /g;s/ */ /g'`" @@ -33500,8 +33571,12 @@ if test -d "$srcdir/helpers/url_rewrite/$helper"; then if test "$BUILD_HELPER" != "$helper"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: URL rewrite helper $helper ... found but cannot be built" >&5 + if test "x$auto_urlrewrite_modules" = "xyes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: URL rewrite helper $helper ... found but cannot be built" >&5 $as_echo "$as_me: URL rewrite helper $helper ... found but cannot be built" >&6;} + else + as_fn_error $? "URL rewrite helper $helper ... found but cannot be built" "$LINENO" 5 + fi else URL_REWRITE_HELPERS="$URL_REWRITE_HELPERS $BUILD_HELPER" fi @@ -33534,6 +33609,7 @@ # FIXME: de-duplicate $enable_storeid_rewrite_helpers list containing double entries. #define list of modules to build +auto_storeid_modules=no if test "x${enable_storeid_rewrite_helpers:=yes}" = "xyes" ; then enable_storeid_rewrite_helpers="" @@ -33544,6 +33620,7 @@ fi done + auto_storeid_modules=yes fi enable_storeid_rewrite_helpers="`echo $enable_storeid_rewrite_helpers| sed -e 's/,/ /g;s/ */ /g'`" @@ -33576,8 +33653,12 @@ if test -d "$srcdir/helpers/storeid_rewrite/$helper"; then if test "$BUILD_HELPER" != "$helper"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: Store-ID rewrite helper $helper ... found but cannot be built" >&5 + if test "x$auto_storeid_modules" = "xyes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: Store-ID rewrite helper $helper ... found but cannot be built" >&5 $as_echo "$as_me: Store-ID rewrite helper $helper ... found but cannot be built" >&6;} + else + as_fn_error $? "Store-ID rewrite helper $helper ... found but cannot be built" "$LINENO" 5 + fi else STOREID_REWRITE_HELPERS="$STOREID_REWRITE_HELPERS $BUILD_HELPER" fi @@ -40713,7 +40794,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 3.5.2, which was +This file was extended by Squid Web Proxy $as_me 3.5.3, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -40779,7 +40860,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Squid Web Proxy config.status 3.5.2 +Squid Web Proxy config.status 3.5.3 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -u -r -N squid-3.5.2/configure.ac squid-3.5.3/configure.ac --- squid-3.5.2/configure.ac 2015-02-18 04:18:57.000000000 -0800 +++ squid-3.5.3/configure.ac 2015-03-28 04:00:06.000000000 -0700 @@ -5,7 +5,7 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -AC_INIT([Squid Web Proxy],[3.5.2],[http://bugs.squid-cache.org/],[squid]) +AC_INIT([Squid Web Proxy],[3.5.3],[http://bugs.squid-cache.org/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) @@ -422,27 +422,39 @@ # to be used by sub-commands export enable_inline -dnl -dnl Check for atomic operations support in the compiler -dnl -AC_MSG_CHECKING([for GNU atomic operations support]) +# Check for atomic operations support in the compiler +AC_CACHE_CHECK([for GNU atomic operations support],[squid_cv_gnu_atomics],[ AC_RUN_IFELSE([AC_LANG_PROGRAM([[ - int n = 0; +#include + int32_t n_32 = 0; + uint64_t n_64 = 0; ]],[[ - __sync_add_and_fetch(&n, 10); // n becomes 10 - __sync_fetch_and_add(&n, 20); // n becomes 30 - __sync_sub_and_fetch(&n, 15); // n becomes 15 - __sync_bool_compare_and_swap(&n, 15, 201); // n becomes 201 - __sync_fetch_and_and(&n, 200); // n becomes 200 - return (n == 200) ? 0 : -1; + // 32-bit + __sync_add_and_fetch(&n_32, 10); // n becomes 10 + __sync_fetch_and_add(&n_32, 20); // n becomes 30 + __sync_sub_and_fetch(&n_32, 15); // n becomes 15 + __sync_bool_compare_and_swap(&n_32, 15, 201); // n becomes 201 + __sync_fetch_and_and(&n_32, 200); // n becomes 200 + if (n_32 != 200) return -1; + + // 64-bit + __sync_add_and_fetch(&n_64, 10); // n becomes 10 + __sync_fetch_and_add(&n_64, 20); // n becomes 30 + __sync_sub_and_fetch(&n_64, 15); // n becomes 15 + __sync_bool_compare_and_swap(&n_64, 15, 201); // n becomes 201 + __sync_fetch_and_and(&n_64, 200); // n becomes 200 + if (n_64 != 200) return -1; + + // seems to be okay. + return 0; ]])], [ - AC_DEFINE(HAVE_ATOMIC_OPS,1,[Define to 1 if you have __sync_add_and_fetch() and such]) - AC_MSG_RESULT(yes) + squid_cv_gnu_atomics=yes ],[ - AC_MSG_RESULT(no) -],[ AC_MSG_RESULT(cross-compiler cant tell) + squid_cv_gnu_atomics=no +]) ]) +SQUID_DEFINE_BOOL(HAVE_ATOMIC_OPS,${squid_cv_gnu_atomics:=yes},[Define to 1 if you have GCC __sync_add_and_fetch() and such]) AC_ARG_ENABLE(debug-cbdata, AS_HELP_STRING([--enable-debug-cbdata], diff -u -r -N squid-3.5.2/helpers/basic_auth/DB/basic_db_auth.8 squid-3.5.3/helpers/basic_auth/DB/basic_db_auth.8 --- squid-3.5.2/helpers/basic_auth/DB/basic_db_auth.8 2015-02-18 04:55:55.000000000 -0800 +++ squid-3.5.3/helpers/basic_auth/DB/basic_db_auth.8 2015-03-28 04:44:31.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_DB_AUTH 1" -.TH BASIC_DB_AUTH 1 "2015-02-18" "perl v5.20.1" "User Contributed Perl Documentation" +.TH BASIC_DB_AUTH 1 "2015-03-28" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.2/helpers/basic_auth/getpwnam/basic_getpwnam_auth.cc squid-3.5.3/helpers/basic_auth/getpwnam/basic_getpwnam_auth.cc --- squid-3.5.2/helpers/basic_auth/getpwnam/basic_getpwnam_auth.cc 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/helpers/basic_auth/getpwnam/basic_getpwnam_auth.cc 2015-03-28 03:58:05.000000000 -0700 @@ -59,7 +59,8 @@ if (pwd == NULL) { return 0; /* User does not exist */ } else { - if (strcmp(pwd->pw_passwd, (char *) crypt(passwd, pwd->pw_passwd))) { + char *crypted = crypt(passwd, pwd->pw_passwd); + if (!crypted || strcmp(pwd->pw_passwd, crypted)) { return 2; /* Wrong password */ } else { return 1; /* Authentication Sucessful */ @@ -76,7 +77,8 @@ if (pwd == NULL) { return passwd_auth(user, passwd); /* Fall back to passwd_auth */ } else { - if (strcmp(pwd->sp_pwdp, crypt(passwd, pwd->sp_pwdp))) { + char *crypted = crypt(passwd, pwd->sp_pwdp); + if (!crypted || strcmp(pwd->sp_pwdp, crypted)) { return 2; /* Wrong password */ } else { return 1; /* Authentication Sucessful */ diff -u -r -N squid-3.5.2/helpers/basic_auth/modules.m4 squid-3.5.3/helpers/basic_auth/modules.m4 --- squid-3.5.2/helpers/basic_auth/modules.m4 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/helpers/basic_auth/modules.m4 2015-03-28 03:58:05.000000000 -0700 @@ -19,8 +19,10 @@ AC_MSG_ERROR([Basic auth requested but auth disabled]) fi #define list of modules to build +auto_auth_basic_modules=no if test "x$enable_auth_basic" = "xyes" ; then SQUID_LOOK_FOR_MODULES([$srcdir/helpers/basic_auth],[enable_auth_basic]) + auto_auth_basic_modules=yes fi #handle the "none" special case if test "x$enable_auth_basic" = "xnone" ; then @@ -87,7 +89,11 @@ if test -d "$srcdir/helpers/basic_auth/$helper"; then if test "$BUILD_HELPER" != "$helper"; then - AC_MSG_NOTICE([Basic auth helper $helper ... found but cannot be built]) + if test "x$auto_auth_basic_modules" = "xyes"; then + AC_MSG_NOTICE([Basic auth helper $helper ... found but cannot be built]) + else + AC_MSG_ERROR([Basic auth helper $helper ... found but cannot be built]) + fi else BASIC_AUTH_HELPERS="$BASIC_AUTH_HELPERS $BUILD_HELPER" fi diff -u -r -N squid-3.5.2/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 squid-3.5.3/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 --- squid-3.5.2/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 2015-02-18 04:55:58.000000000 -0800 +++ squid-3.5.3/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 2015-03-28 04:44:39.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_MSNT_MULTI_DOMAIN_AUTH 1" -.TH BASIC_MSNT_MULTI_DOMAIN_AUTH 1 "2015-02-18" "perl v5.20.1" "User Contributed Perl Documentation" +.TH BASIC_MSNT_MULTI_DOMAIN_AUTH 1 "2015-03-28" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.2/helpers/basic_auth/NIS/basic_nis_auth.cc squid-3.5.3/helpers/basic_auth/NIS/basic_nis_auth.cc --- squid-3.5.2/helpers/basic_auth/NIS/basic_nis_auth.cc 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/helpers/basic_auth/NIS/basic_nis_auth.cc 2015-03-28 03:58:05.000000000 -0700 @@ -73,20 +73,22 @@ if (!nispasswd) { /* User does not exist */ printf("ERR No such user\n"); + continue; + } + #if HAVE_CRYPT - } else if (strcmp(nispasswd, (char *) crypt(passwd, nispasswd)) == 0) { + char *crypted = NULL; + if ((crypted = crypt(passwd, nispasswd)) && strcmp(nispasswd, crypted) == 0) { /* All ok !, thanks... */ printf("OK\n"); } else { /* Password incorrect */ printf("ERR Wrong password\n"); -#else } - else { - /* Password incorrect */ - printf("BH message=\"Missing crypto capability\"\n"); +#else + /* Password incorrect */ + printf("BH message=\"Missing crypto capability\"\n"); #endif - } } exit(0); } diff -u -r -N squid-3.5.2/helpers/basic_auth/POP3/basic_pop3_auth.8 squid-3.5.3/helpers/basic_auth/POP3/basic_pop3_auth.8 --- squid-3.5.2/helpers/basic_auth/POP3/basic_pop3_auth.8 2015-02-18 04:56:01.000000000 -0800 +++ squid-3.5.3/helpers/basic_auth/POP3/basic_pop3_auth.8 2015-03-28 04:44:47.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_POP3_AUTH 1" -.TH BASIC_POP3_AUTH 1 "2015-02-18" "perl v5.20.1" "User Contributed Perl Documentation" +.TH BASIC_POP3_AUTH 1 "2015-03-28" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.2/helpers/digest_auth/modules.m4 squid-3.5.3/helpers/digest_auth/modules.m4 --- squid-3.5.2/helpers/digest_auth/modules.m4 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/helpers/digest_auth/modules.m4 2015-03-28 03:58:05.000000000 -0700 @@ -19,8 +19,10 @@ AC_MSG_ERROR([Digest auth requested but auth disabled]) fi #define list of modules to build +auto_auth_digest_modules=no if test "x$enable_auth_digest" = "xyes" ; then SQUID_LOOK_FOR_MODULES([$srcdir/helpers/digest_auth],[enable_auth_digest]) + auto_auth_digest_modules=yes fi #handle the "none" special case if test "x$enable_auth_digest" = "xnone" ; then @@ -53,7 +55,11 @@ if test -d "$srcdir/helpers/digest_auth/$helper"; then if test "$BUILD_HELPER" != "$helper"; then - AC_MSG_NOTICE([Digest auth helper $helper ... found but cannot be built]) + if test "x$auto_auth_digest_modules" = "xyes"; then + AC_MSG_NOTICE([Digest auth helper $helper ... found but cannot be built]) + else + AC_MSG_ERROR([Digest auth helper $helper ... found but cannot be built]) + fi else DIGEST_AUTH_HELPERS="$DIGEST_AUTH_HELPERS $BUILD_HELPER" fi diff -u -r -N squid-3.5.2/helpers/external_acl/delayer/ext_delayer_acl.8 squid-3.5.3/helpers/external_acl/delayer/ext_delayer_acl.8 --- squid-3.5.2/helpers/external_acl/delayer/ext_delayer_acl.8 2015-02-18 04:56:11.000000000 -0800 +++ squid-3.5.3/helpers/external_acl/delayer/ext_delayer_acl.8 2015-03-28 04:45:31.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_DELAYER_ACL 1" -.TH EXT_DELAYER_ACL 1 "2015-02-18" "perl v5.20.1" "User Contributed Perl Documentation" +.TH EXT_DELAYER_ACL 1 "2015-03-28" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.2/helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 squid-3.5.3/helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 --- squid-3.5.2/helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 2015-03-28 03:58:05.000000000 -0700 @@ -7,7 +7,7 @@ . .SH SYNOPSIS .if !'po4a'hide' .B ext_kerberos_ldap_group_acl -.if !'po4a'hide' .B [\-h] [\-d] [\-i] [\-s] [\-a] [\-D Realm ] [\-N Netbios-Realm-List] [\-m Max-Depth] [\-u Ldap-User] [\-p Ldap-Password] [\-b Ldap-Bind-Path] [\-l Ldap-URL] [\-S ldap server list] \-g Group-Realm-List \-t Hex-Group-Realm-List \-T Hex-Group-Hex-Realm-List +.if !'po4a'hide' .B [\-h] [\-d] [\-i] [\-s] [\-a] [\-D Realm ] [\-N Netbios\-Realm\-List] [\-m Max\-Depth] [\-u Ldap\-User] [\-p Ldap\-Password] [\-b Ldap\-Bind\-Path] [\-l Ldap\-URL] [\-S ldap server list] \-g Group\-Realm\-List \-t Hex\-Group\-Realm\-List \-T Hex\-Group\-Hex\-Realm\-List . .SH DESCRIPTION .B ext_kerberos_ldap_group_acl @@ -85,18 +85,18 @@ Default Kerberos domain to use for usernames which do not contain domain information (e.g. for users using basic authentication). .if !'po4a'hide' .TP 12 -.if !'po4a'hide' .B \-N Netbios-Realm-List +.if !'po4a'hide' .B \-N Netbios\-Realm\-List A list of Netbios name mappings to Kerberos domain names of the form -Netbios-Name@Kerberos-Realm[:Netbios-Name@Kerberos-Realm] (e.g. for users +Netbios\-Name@Kerberos\-Realm[:Netbios\-Name@Kerberos\-Realm] (e.g. for users using NTLM authentication). .if !'po4a'hide' .TP 12 -.if !'po4a'hide' .B \-m Max-Depth +.if !'po4a'hide' .B \-m Max\-Depth Maximal depth of recursive group search. .if !'po4a'hide' .TP 12 -.if !'po4a'hide' .B \-u Ldap-User +.if !'po4a'hide' .B \-u Ldap\-User Username for LDAP server. .if !'po4a'hide' .TP 12 -.if !'po4a'hide' .B \-u Ldap-Password +.if !'po4a'hide' .B \-p Ldap\-Password Password for LDAP server. .IP As the password needs to be printed in plain text in your Squid configuration @@ -105,29 +105,29 @@ configuration file or extracts the password used from a process listing. . .if !'po4a'hide' .TP 12 -.if !'po4a'hide' .B \-b Ldap-Bind-Path +.if !'po4a'hide' .B \-b Ldap\-Bind\-Path LDAP server bind path. .if !'po4a'hide' .TP 12 -.if !'po4a'hide' .B \-u Ldap-URL +.if !'po4a'hide' .B \-l Ldap\-URL LDAP server URL in form ldap[s]://server:port .if !'po4a'hide' .TP 12 .if !'po4a'hide' .B \-S ldap server list list of ldap servers of the form lserver|lserver@|lserver@Realm[:lserver@|lserver@Realm] .if !'po4a'hide' .TP 12 -.if !'po4a'hide' .B \-g Group-Realm-List +.if !'po4a'hide' .B \-g Group\-Realm\-List A list of group name per Kerberos domain of the form Group|Group@|Group@Realm[:Group@|Group@Realm] .if !'po4a'hide' .TP 12 -.if !'po4a'hide' .B \-t Hex-Group-Realm-List +.if !'po4a'hide' .B \-t Hex\-Group\-Realm\-List A list of group name per Kerberos domain of the form Group|Group@|Group@Realm[:Group@|Group@Realm] where group is in -UTF-8 hex format +UTF\-8 hex format .if !'po4a'hide' .TP 12 -.if !'po4a'hide' .B \-T Hex-Group-Hex-Realm-List +.if !'po4a'hide' .B \-T Hex\-Group\-Hex\-Realm\-List A list of group name per Kerberos domain of the form Group|Group@|Group@Realm[:Group@|Group@Realm] where group and domain -is in UTF-8 hex format +is in UTF\-8 hex format . .SH CONFIGURATION .PP @@ -138,9 +138,9 @@ .if !'po4a'hide' .P .if !'po4a'hide' .ft CR .if !'po4a'hide' .nf -.if !'po4a'hide' external_acl_type kerberos_ldap_group1 ttl=3600 negative_ttl=3600 %LOGIN /path/to/ext_kerberos_ldap_group_acl -g GROUP1 +.if !'po4a'hide' external_acl_type kerberos_ldap_group1 ttl=3600 negative_ttl=3600 %LOGIN /path/to/ext_kerberos_ldap_group_acl \-g GROUP1 .if !'po4a'hide' .br -.if !'po4a'hide' external_acl_type kerberos_ldap_group2 ttl=3600 negative_ttl=3600 %LOGIN /path/to/ext_kerberos_ldap_group_acl -g GROUP2 +.if !'po4a'hide' external_acl_type kerberos_ldap_group2 ttl=3600 negative_ttl=3600 %LOGIN /path/to/ext_kerberos_ldap_group_acl \-g GROUP2 .if !'po4a'hide' .br .if !'po4a'hide' acl group1 external kerberos_ldap_group1 .if !'po4a'hide' .br @@ -168,7 +168,7 @@ .if !'po4a'hide' .P .if !'po4a'hide' .ft CR .if !'po4a'hide' .nf -.if !'po4a'hide' KRB5_CONFIG=/etc/krb5-squid.conf +.if !'po4a'hide' KRB5_CONFIG=/etc/krb5\-squid.conf .if !'po4a'hide' export KRB5_CONFIG .if !'po4a'hide' .fi .if !'po4a'hide' .ft @@ -182,37 +182,37 @@ c) Use LDAP_URL if given 2) For user - a) Use domain -D REALM and follow step 1) + a) Use domain \-D REALM and follow step 1) b) Use LDAP_URL if given The Groups to check against are determined as follows: 1) For user@REALM - a) Use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM - b) Use values given by -g option which contain a @ only e.g. -g GROUP1@:GROUP2@ - c) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2 + a) Use values given by \-g option which contain a @REALM e.g. \-g GROUP1@REALM:GROUP2@REALM + b) Use values given by \-g option which contain a @ only e.g. \-g GROUP1@:GROUP2@ + c) Use values given by \-g option which do not contain a realm e.g. \-g GROUP1:GROUP2 2) For user - a) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2 + a) Use values given by \-g option which do not contain a realm e.g. \-g GROUP1:GROUP2 3) For NDOMAIN\\user - a) Use realm given by -N NDOMAIN@REALM and then use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM + a) Use realm given by \-N NDOMAIN@REALM and then use values given by \-g option which contain a @REALM e.g. \-g GROUP1@REALM:GROUP2@REALM -To support Non-ASCII character use -t GROUP or -t GROUP@REALM instead of -g where GROUP is the hex UTF-8 representation e.g. +To support Non\-ASCII character use \-t GROUP or \-t GROUP@REALM instead of \-g where GROUP is the hex UTF\-8 representation e.g. - -t 6d61726b7573 instead of -g markus + \-t 6d61726b7573 instead of \-g markus -The REALM must still be based on the ASCII character set. If REALM contains also non ASCII characters use -T GROUP@REALM where GROUP and REALM are hex UTF-8 representation e.g. +The REALM must still be based on the ASCII character set. If REALM contains also non ASCII characters use \-T GROUP@REALM where GROUP and REALM are hex UTF\-8 representation e.g. - -T 6d61726b7573@57494e3230303352322e484f4d45 instead of -g markus@WIN2003R2.HOME + \-T 6d61726b7573@57494e3230303352322e484f4d45 instead of \-g markus@WIN2003R2.HOME -For a translation of hex UTF-8 see for example http://www.utf8-chartable.de/unicode-utf8-table.pl +For a translation of hex UTF\-8 see for example http://www.utf8\-chartable.de/unicode\-utf8\-table.pl The ldap server list can be: -server - In this case server can be used for all Kerberos domains -server@ - In this case server can be used for all Kerberos domains -server@domain - In this case server can be used for Kerberos domain domain -server1a@domain1:server1b@domain1:server2@domain2:server3@:server4 - A list is build with a colon as seperator +server \- In this case server can be used for all Kerberos domains +server@ \- In this case server can be used for all Kerberos domains +server@domain \- In this case server can be used for Kerberos domain domain +server1a@domain1:server1b@domain1:server2@domain2:server3@:server4 \- A list is build with a colon as seperator . .SH AUTHOR @@ -224,7 +224,7 @@ . .SH COPYRIGHT .PP - * Copyright (C) 1996-2015 The Squid Software Foundation and contributors + * Copyright (C) 1996\-2015 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. @@ -237,36 +237,36 @@ .SH QUESTIONS Questions on the usage of this program can be sent to the .I Squid Users mailing list -.if !'po4a'hide' +.if !'po4a'hide' . .SH REPORTING BUGS Bug reports need to be made in English. -See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. +See http://wiki.squid\-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. .PP -Report bugs or bug fixes using http://bugs.squid-cache.org/ +Report bugs or bug fixes using http://bugs.squid\-cache.org/ .PP Report serious security bugs to -.I Squid Bugs +.I Squid Bugs .PP Report ideas for new improvements to the .I Squid Developers mailing list -.if !'po4a'hide' +.if !'po4a'hide' . .SH SEE ALSO .if !'po4a'hide' .BR squid "(8) " .if !'po4a'hide' .BR negotiate_kerberos_auth "(8) " .br -.BR RFC1035 " - Domain names - implementation and specification," +.BR RFC1035 " \- Domain names \- implementation and specification," .br -.BR RFC2782 " - A DNS RR for specifying the location of services (DNS SRV)," +.BR RFC2782 " \- A DNS RR for specifying the location of services (DNS SRV)," .br -.BR RFC2254 " - The String Representation of LDAP Search Filters," +.BR RFC2254 " \- The String Representation of LDAP Search Filters," .br -.BR RFC2307bis " - An Approach for Using LDAP as a Network Information Service +.BR RFC2307bis " \- An Approach for Using LDAP as a Network Information Service http://www.padl.com/~lukeh/rfc2307bis.txt," .br The Squid FAQ wiki -.if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq +.if !'po4a'hide' http://wiki.squid\-cache.org/SquidFaq .br The Squid Configuration Manual -.if !'po4a'hide' http://www.squid-cache.org/Doc/config/ +.if !'po4a'hide' http://www.squid\-cache.org/Doc/config/ diff -u -r -N squid-3.5.2/helpers/external_acl/kerberos_ldap_group/support.h squid-3.5.3/helpers/external_acl/kerberos_ldap_group/support.h --- squid-3.5.2/helpers/external_acl/kerberos_ldap_group/support.h 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/helpers/external_acl/kerberos_ldap_group/support.h 2015-03-28 03:58:05.000000000 -0700 @@ -55,8 +55,6 @@ #if HAVE_COM_ERR_H #include -#elif USE_HEIMDAL_KRB5 -#define error_message(code) krb5_get_err_text(kparam.context,code) #endif /* HAVE_COM_ERR_H */ #define LDAP_DEPRECATED 1 diff -u -r -N squid-3.5.2/helpers/external_acl/kerberos_ldap_group/support_krb5.cc squid-3.5.3/helpers/external_acl/kerberos_ldap_group/support_krb5.cc --- squid-3.5.2/helpers/external_acl/kerberos_ldap_group/support_krb5.cc 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/helpers/external_acl/kerberos_ldap_group/support_krb5.cc 2015-03-28 03:58:05.000000000 -0700 @@ -55,6 +55,28 @@ krb5_free_context(kparam.context); } } + +static void +k5_error2(const char* msg, char* msg2, krb5_error_code code) +{ + const char *errmsg; + errmsg = krb5_get_error_message(kparam.context, code); + error((char *) "%s| %s: ERROR: %s%s : %s\n", LogTime(), PROGRAM, msg, msg2, errmsg); +#if HAVE_KRB5_FREE_ERROR_MESSAGE + krb5_free_error_message(kparam.context, errmsg); +#elif HAVE_KRB5_FREE_ERROR_STRING + krb5_free_error_string(kparam.context, (char *)errmsg); +#else + xfree(errmsg); +#endif +} + +static void +k5_error(const char* msg, krb5_error_code code) +{ + k5_error2(msg, (char *)"", code); +} + /* * create Kerberos memory cache */ @@ -86,7 +108,7 @@ code = krb5_init_context(&kparam.context); if (code) { - error((char *) "%s| %s: ERROR: Error while initialising Kerberos library : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while initialising Kerberos library",code); retval = 1; goto cleanup; } @@ -105,7 +127,7 @@ debug((char *) "%s| %s: DEBUG: Set credential cache to %s\n", LogTime(), PROGRAM, mem_cache); code = krb5_cc_resolve(kparam.context, mem_cache, &kparam.cc); if (code) { - error((char *) "%s| %s: ERROR: Error while resolving memory ccache : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while resolving memory ccache",code); retval = 1; goto cleanup; } @@ -123,13 +145,13 @@ code = krb5_kt_resolve(kparam.context, keytab_name, &keytab); if (code) { - error((char *) "%s| %s: ERROR: Error while resolving keytab %s : %s\n", LogTime(), PROGRAM, keytab_name, error_message(code)); + k5_error2("Error while resolving keytab",keytab_name,code); retval = 1; goto cleanup; } code = krb5_kt_start_seq_get(kparam.context, keytab, &cursor); if (code) { - error((char *) "%s| %s: ERROR: Error while starting keytab scan : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while starting keytab scan",code); retval = 1; goto cleanup; } @@ -154,7 +176,7 @@ { code = krb5_unparse_name(kparam.context, entry.principal, &principal_name); if (code) { - error((char *) "%s| %s: ERROR: Error while unparsing principal name : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while unparsing principal name",code); } else { debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name); found = 1; @@ -166,7 +188,7 @@ code = krb5_free_keytab_entry_contents(kparam.context, &entry); #endif if (code) { - error((char *) "%s| %s: ERROR: Error while freeing keytab entry : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while freeing keytab entry",code); retval = 1; break; } @@ -177,7 +199,7 @@ */ code = krb5_parse_name(kparam.context, principal_name, &principal); if (code) { - error((char *) "%s| %s: ERROR: Error while parsing name %s : %s\n", LogTime(), PROGRAM, principal_name, error_message(code)); + k5_error2("Error while parsing name",principal_name,code); safe_free(principal_name); if (principal) krb5_free_principal(kparam.context, principal); @@ -201,7 +223,7 @@ #endif if (code) { - error((char *) "%s| %s: ERROR: Error while initialising credentials from keytab : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while initialising credentials from keytab",code); safe_free(principal_name); if (principal) krb5_free_principal(kparam.context, principal); @@ -213,7 +235,7 @@ } code = krb5_cc_initialize(kparam.context, kparam.cc, principal); if (code) { - error((char *) "%s| %s: ERROR: Error while initializing memory caches : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while initialising memory caches",code); safe_free(principal_name); if (principal) krb5_free_principal(kparam.context, principal); @@ -225,7 +247,7 @@ } code = krb5_cc_store_cred(kparam.context, kparam.cc, creds); if (code) { - error((char *) "%s| %s: ERROR: Error while storing credentials : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while storing credentials",code); if (principal) krb5_free_principal(kparam.context, principal); safe_free(principal_name); @@ -241,13 +263,13 @@ } if (code && code != KRB5_KT_END) { - error((char *) "%s| %s: ERROR: Error while scanning keytab : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while scanning keytab",code); retval = 1; goto cleanup; } code = krb5_kt_end_seq_get(kparam.context, keytab, &cursor); if (code) { - error((char *) "%s| %s: ERROR: Error while ending keytab scan : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while ending keytab scan",code); retval = 1; goto cleanup; } @@ -269,7 +291,7 @@ */ code = krb5_unparse_name(kparam.context, principal_list[i], &principal_name); if (code) { - debug((char *) "%s| %s: DEBUG: Error while unparsing principal name : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while unparsing principal name",code); goto loop_end; } debug((char *) "%s| %s: DEBUG: Keytab entry has principal: %s\n", LogTime(), PROGRAM, principal_name); @@ -285,17 +307,17 @@ code = krb5_get_in_tkt_with_keytab(kparam.context, 0, NULL, NULL, NULL, keytab, NULL, creds, 0); #endif if (code) { - debug((char *) "%s| %s: DEBUG: Error while initialising credentials from keytab : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while initializing credentials from keytab",code); goto loop_end; } code = krb5_cc_initialize(kparam.context, kparam.cc, principal_list[i]); if (code) { - error((char *) "%s| %s: ERROR: Error while initializing memory caches : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while initializing memory caches",code); goto loop_end; } code = krb5_cc_store_cred(kparam.context, kparam.cc, creds); if (code) { - debug((char *) "%s| %s: DEBUG: Error while storing credentials : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while storing credentials",code); goto loop_end; } if (creds->server) @@ -310,12 +332,12 @@ code = krb5_parse_name(kparam.context, service, &creds->server); xfree(service); if (code) { - error((char *) "%s| %s: ERROR: Error while initialising TGT credentials : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while initialising TGT credentials",code); goto loop_end; } code = krb5_get_credentials(kparam.context, 0, kparam.cc, creds, &tgt_creds); if (code) { - debug((char *) "%s| %s: DEBUG: Error while getting tgt : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while getting TGT",code); goto loop_end; } else { debug((char *) "%s| %s: DEBUG: Found trusted principal name: %s\n", LogTime(), PROGRAM, principal_name); diff -u -r -N squid-3.5.2/helpers/external_acl/modules.m4 squid-3.5.3/helpers/external_acl/modules.m4 --- squid-3.5.2/helpers/external_acl/modules.m4 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/helpers/external_acl/modules.m4 2015-03-28 03:58:05.000000000 -0700 @@ -11,8 +11,10 @@ # FIXME: de-duplicate $enable_external_acl_helpers list containing double entries. #define list of modules to build +auto_ext_acl_modules=no if test "x${enable_external_acl_helpers:=yes}" = "xyes" ;then SQUID_LOOK_FOR_MODULES([$srcdir/helpers/external_acl],[enable_external_acl_helpers]) + auto_ext_acl_modules=yes fi if test "x$enable_external_acl_helpers" = "xnone" ; then enable_external_acl_helpers="" @@ -68,7 +70,11 @@ if test -d "$srcdir/helpers/external_acl/$helper"; then if test "$BUILD_HELPER" != "$helper"; then - AC_MSG_NOTICE([external acl helper $helper ... found but cannot be built]) + if test "x$auto_ext_acl_modules" = "xyes"; then + AC_MSG_NOTICE([external acl helper $helper ... found but cannot be built]) + else + AC_MSG_ERROR([external acl helper $helper ... found but cannot be built]) + fi else EXTERNAL_ACL_HELPERS="$EXTERNAL_ACL_HELPERS $BUILD_HELPER" fi diff -u -r -N squid-3.5.2/helpers/external_acl/SQL_session/ext_sql_session_acl.8 squid-3.5.3/helpers/external_acl/SQL_session/ext_sql_session_acl.8 --- squid-3.5.2/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2015-02-18 04:56:18.000000000 -0800 +++ squid-3.5.3/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2015-03-28 04:45:59.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_SQL_SESSION_ACL 1" -.TH EXT_SQL_SESSION_ACL 1 "2015-02-18" "perl v5.20.1" "User Contributed Perl Documentation" +.TH EXT_SQL_SESSION_ACL 1 "2015-03-28" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.2/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 squid-3.5.3/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 --- squid-3.5.2/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2015-02-18 04:56:21.000000000 -0800 +++ squid-3.5.3/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2015-03-28 04:46:13.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_WBINFO_GROUP_ACL 1" -.TH EXT_WBINFO_GROUP_ACL 1 "2015-02-18" "perl v5.20.1" "User Contributed Perl Documentation" +.TH EXT_WBINFO_GROUP_ACL 1 "2015-03-28" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.2/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.pl.in squid-3.5.3/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.pl.in --- squid-3.5.2/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.pl.in 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.pl.in 2015-03-28 03:58:05.000000000 -0700 @@ -121,6 +121,11 @@ # use vars qw/ %opt /; +my $user; +my $group; +my @groups; +my $ans; + # Disable output buffering $|=1; @@ -132,7 +137,11 @@ # Check if a user belongs to a group # sub check { - local($user, $group) = @_; + my $groupSID; + my $groupGID; + my @tmpuser; + + our($user, $group) = @_; if ($opt{K} && ($user =~ m/\@/)) { @tmpuser = split(/\@/, $user); $user = "$tmpuser[1]\\$tmpuser[0]"; diff -u -r -N squid-3.5.2/helpers/log_daemon/DB/log_db_daemon.8 squid-3.5.3/helpers/log_daemon/DB/log_db_daemon.8 --- squid-3.5.2/helpers/log_daemon/DB/log_db_daemon.8 2015-02-18 04:56:23.000000000 -0800 +++ squid-3.5.3/helpers/log_daemon/DB/log_db_daemon.8 2015-03-28 04:46:22.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "LOG_DB_DAEMON 1" -.TH LOG_DB_DAEMON 1 "2015-02-18" "perl v5.20.1" "User Contributed Perl Documentation" +.TH LOG_DB_DAEMON 1 "2015-03-28" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.2/helpers/log_daemon/modules.m4 squid-3.5.3/helpers/log_daemon/modules.m4 --- squid-3.5.2/helpers/log_daemon/modules.m4 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/helpers/log_daemon/modules.m4 2015-03-28 03:58:05.000000000 -0700 @@ -11,9 +11,11 @@ # FIXME: de-duplicate $enable_log_daemon_helpers list containing double entries. #define list of modules to build +auto_logdaemon_modules=no if test "x${enable_log_daemon_helpers:=yes}" = "xyes" ;then enable_log_daemon_helpers="" SQUID_LOOK_FOR_MODULES([$srcdir/helpers/log_daemon],[enable_log_daemon_helpers]) + auto_logdaemon_modules=yes fi if test "x$enable_log_daemon_helpers" = "xnone" ; then enable_log_daemon_helpers="" @@ -40,7 +42,11 @@ if test -d "$srcdir/helpers/log_daemon/$helper"; then if test "$BUILD_HELPER" != "$helper"; then - AC_MSG_NOTICE([Log daemon helper $helper ... found but cannot be built]) + if test "x$auto_logdaemon_modules" = "xyes"; then + AC_MSG_NOTICE([Log daemon helper $helper ... found but cannot be built]) + else + AC_MSG_ERROR([Log daemon helper $helper ... found but cannot be built]) + fi else LOG_DAEMON_HELPERS="$LOG_DAEMON_HELPERS $BUILD_HELPER" fi diff -u -r -N squid-3.5.2/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc squid-3.5.3/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc --- squid-3.5.2/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc 2015-03-28 03:58:05.000000000 -0700 @@ -540,7 +540,7 @@ if (!check_k5_err(context, "krb5_init_context", ret)) { krb5_kt_default_name(context, default_keytab, MAXPATHLEN); } - keytab_name = default_keytab; + keytab_name = xstrdup(default_keytab); krb5_free_context(context); } else keytab_name = xstrdup(keytab_name_env); diff -u -r -N squid-3.5.2/helpers/negotiate_auth/modules.m4 squid-3.5.3/helpers/negotiate_auth/modules.m4 --- squid-3.5.2/helpers/negotiate_auth/modules.m4 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/helpers/negotiate_auth/modules.m4 2015-03-28 03:58:05.000000000 -0700 @@ -19,8 +19,10 @@ AC_MSG_ERROR([Negotiate auth requested but auth disabled]) fi #define list of modules to build +auto_auth_negotiate_modules=no if test "x$enable_auth_negotiate" = "xyes" ; then SQUID_LOOK_FOR_MODULES([$srcdir/helpers/negotiate_auth],[enable_auth_negotiate]) + auto_auth_negotiate_modules=yes fi #handle the "none" special case if test "x$enable_auth_negotiate" = "xnone" ; then @@ -53,7 +55,11 @@ if test -d "$srcdir/helpers/negotiate_auth/$helper"; then if test "$BUILD_HELPER" != "$helper"; then - AC_MSG_NOTICE([Negotiate auth helper $helper ... found but cannot be built]) + if test "x$auto_auth_negotiate_modules" = "xyes"; then + AC_MSG_NOTICE([Negotiate auth helper $helper ... found but cannot be built]) + else + AC_MSG_ERROR([Negotiate auth helper $helper ... found but cannot be built]) + fi else NEGOTIATE_AUTH_HELPERS="$NEGOTIATE_AUTH_HELPERS $BUILD_HELPER" fi diff -u -r -N squid-3.5.2/helpers/ntlm_auth/modules.m4 squid-3.5.3/helpers/ntlm_auth/modules.m4 --- squid-3.5.2/helpers/ntlm_auth/modules.m4 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/helpers/ntlm_auth/modules.m4 2015-03-28 03:58:05.000000000 -0700 @@ -19,8 +19,10 @@ AC_MSG_ERROR([NTLM auth requested but auth disabled]) fi #define list of modules to build +auto_auth_ntlm_modules=no if test "x$enable_auth_ntlm" = "xyes" ; then SQUID_LOOK_FOR_MODULES([$srcdir/helpers/ntlm_auth],[enable_auth_ntlm]) + auto_auth_ntlm_modules=yes fi #handle the "none" special case if test "x$enable_auth_ntlm" = "xnone" ; then @@ -54,7 +56,11 @@ if test -d "$srcdir/helpers/ntlm_auth/$helper"; then if test "$BUILD_HELPER" != "$helper"; then - AC_MSG_NOTICE([NTLM auth helper $helper ... found but cannot be built]) + if test "x$auto_auth_ntlm_modules" = "xyes"; then + AC_MSG_NOTICE([NTLM auth helper $helper ... found but cannot be built]) + else + AC_MSG_ERROR([NTLM auth helper $helper ... found but cannot be built]) + fi else NTLM_AUTH_HELPERS="$NTLM_AUTH_HELPERS $BUILD_HELPER" fi diff -u -r -N squid-3.5.2/helpers/storeid_rewrite/file/storeid_file_rewrite.8 squid-3.5.3/helpers/storeid_rewrite/file/storeid_file_rewrite.8 --- squid-3.5.2/helpers/storeid_rewrite/file/storeid_file_rewrite.8 2015-02-18 04:56:33.000000000 -0800 +++ squid-3.5.3/helpers/storeid_rewrite/file/storeid_file_rewrite.8 2015-03-28 04:47:11.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "STOREID_FILE_REWRITE 1" -.TH STOREID_FILE_REWRITE 1 "2015-02-18" "perl v5.20.1" "User Contributed Perl Documentation" +.TH STOREID_FILE_REWRITE 1 "2015-03-28" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.2/helpers/storeid_rewrite/modules.m4 squid-3.5.3/helpers/storeid_rewrite/modules.m4 --- squid-3.5.2/helpers/storeid_rewrite/modules.m4 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/helpers/storeid_rewrite/modules.m4 2015-03-28 03:58:05.000000000 -0700 @@ -11,8 +11,10 @@ # FIXME: de-duplicate $enable_storeid_rewrite_helpers list containing double entries. #define list of modules to build +auto_storeid_modules=no if test "x${enable_storeid_rewrite_helpers:=yes}" = "xyes" ; then SQUID_LOOK_FOR_MODULES([$srcdir/helpers/storeid_rewrite],[enable_storeid_rewrite_helpers]) + auto_storeid_modules=yes fi enable_storeid_rewrite_helpers="`echo $enable_storeid_rewrite_helpers| sed -e 's/,/ /g;s/ */ /g'`" @@ -34,7 +36,11 @@ if test -d "$srcdir/helpers/storeid_rewrite/$helper"; then if test "$BUILD_HELPER" != "$helper"; then - AC_MSG_NOTICE([Store-ID rewrite helper $helper ... found but cannot be built]) + if test "x$auto_storeid_modules" = "xyes"; then + AC_MSG_NOTICE([Store-ID rewrite helper $helper ... found but cannot be built]) + else + AC_MSG_ERROR([Store-ID rewrite helper $helper ... found but cannot be built]) + fi else STOREID_REWRITE_HELPERS="$STOREID_REWRITE_HELPERS $BUILD_HELPER" fi diff -u -r -N squid-3.5.2/helpers/url_rewrite/modules.m4 squid-3.5.3/helpers/url_rewrite/modules.m4 --- squid-3.5.2/helpers/url_rewrite/modules.m4 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/helpers/url_rewrite/modules.m4 2015-03-28 03:58:05.000000000 -0700 @@ -11,8 +11,10 @@ # FIXME: de-duplicate $enable_url_rewrite_helpers list containing double entries. #define list of modules to build +auto_urlrewrite_modules=no if test "x${enable_url_rewrite_helpers:=yes}" = "xyes" ; then SQUID_LOOK_FOR_MODULES([$srcdir/helpers/url_rewrite],[enable_url_rewrite_helpers]) + auto_urlrewrite_modules=yes fi enable_url_rewrite_helpers="`echo $enable_url_rewrite_helpers| sed -e 's/,/ /g;s/ */ /g'`" @@ -34,7 +36,11 @@ if test -d "$srcdir/helpers/url_rewrite/$helper"; then if test "$BUILD_HELPER" != "$helper"; then - AC_MSG_NOTICE([URL rewrite helper $helper ... found but cannot be built]) + if test "x$auto_urlrewrite_modules" = "xyes"; then + AC_MSG_NOTICE([URL rewrite helper $helper ... found but cannot be built]) + else + AC_MSG_ERROR([URL rewrite helper $helper ... found but cannot be built]) + fi else URL_REWRITE_HELPERS="$URL_REWRITE_HELPERS $BUILD_HELPER" fi diff -u -r -N squid-3.5.2/include/autoconf.h.in squid-3.5.3/include/autoconf.h.in --- squid-3.5.2/include/autoconf.h.in 2015-02-18 04:17:41.000000000 -0800 +++ squid-3.5.3/include/autoconf.h.in 2015-03-28 03:58:51.000000000 -0700 @@ -76,7 +76,7 @@ /* Define to 1 if you have the header file. */ #undef HAVE_ASSERT_H -/* Define to 1 if you have __sync_add_and_fetch() and such */ +/* Define to 1 if you have GCC __sync_add_and_fetch() and such */ #undef HAVE_ATOMIC_OPS /* Basic auth module is built */ diff -u -r -N squid-3.5.2/include/version.h squid-3.5.3/include/version.h --- squid-3.5.2/include/version.h 2015-02-18 04:18:57.000000000 -0800 +++ squid-3.5.3/include/version.h 2015-03-28 04:00:06.000000000 -0700 @@ -7,7 +7,7 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1424261814 +#define SQUID_RELEASE_TIME 1427540278 #endif /* diff -u -r -N squid-3.5.2/INSTALL squid-3.5.3/INSTALL --- squid-3.5.2/INSTALL 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/INSTALL 2015-03-28 03:58:05.000000000 -0700 @@ -1,3 +1,11 @@ +/* + * Copyright (C) 1996-2015 The Squid Software Foundation and contributors + * + * Squid software is distributed under GPLv2+ license and includes + * contributions from numerous individuals and organizations. + * Please see the COPYING and CONTRIBUTORS files for details. + */ + To build and install the Squid Cache, type: % ./configure --prefix=/usr/local/squid @@ -16,5 +24,5 @@ % /usr/local/squid/sbin/squid If you want to use the WWW interface to the Cache Manager, copy -the cachemgr.cgi program into your httpd server's cgi-bin +the tools/cachemgr.cgi program into your httpd server's cgi-bin directory. diff -u -r -N squid-3.5.2/lib/libTrie/Makefile.in squid-3.5.3/lib/libTrie/Makefile.in --- squid-3.5.2/lib/libTrie/Makefile.in 2015-02-18 04:18:22.000000000 -0800 +++ squid-3.5.3/lib/libTrie/Makefile.in 2015-03-28 03:59:34.000000000 -0700 @@ -1275,7 +1275,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/lib/ntlmauth/Makefile.in squid-3.5.3/lib/ntlmauth/Makefile.in --- squid-3.5.2/lib/ntlmauth/Makefile.in 2015-02-18 04:18:23.000000000 -0800 +++ squid-3.5.3/lib/ntlmauth/Makefile.in 2015-03-28 03:59:35.000000000 -0700 @@ -1156,7 +1156,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/lib/profiler/Makefile.in squid-3.5.3/lib/profiler/Makefile.in --- squid-3.5.2/lib/profiler/Makefile.in 2015-02-18 04:18:24.000000000 -0800 +++ squid-3.5.3/lib/profiler/Makefile.in 2015-03-28 03:59:35.000000000 -0700 @@ -1162,7 +1162,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/lib/tests/testRFC1738.cc squid-3.5.3/lib/tests/testRFC1738.cc --- squid-3.5.2/lib/tests/testRFC1738.cc 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/lib/tests/testRFC1738.cc 2015-03-28 03:58:05.000000000 -0700 @@ -17,6 +17,11 @@ CPPUNIT_TEST_SUITE_REGISTRATION( testRFC1738 ); +#if _SQUID_OPENBSD_ +// the quite old GCC on OpenBSD 5.4 needs this when linking to libmisc-util.la +time_t squid_curtime; +#endif + /* Regular Format de-coding tests */ void testRFC1738::testUrlDecode() { diff -u -r -N squid-3.5.2/QUICKSTART squid-3.5.3/QUICKSTART --- squid-3.5.2/QUICKSTART 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/QUICKSTART 2015-03-28 03:58:05.000000000 -0700 @@ -20,40 +20,38 @@ acl, http_access Access control lists. This is important because it prevents people - from stealing your network resources. To fill in the - "localnet" ACL, use your network address (for instance 192.168.10.0 - your CIDR network mask (for instance 255.255.255.0 or /24): + from stealing your network resources. + + Edit the "localnet" ACL definition to be your LAN network address + ranges in CIDR format. For instance: - acl manager proto cache_object - acl localhost src 127.0.0.1 acl localnet src 192.168.10.0/24 - http_access deny manager all - http_access allow localnet - http_access deny all + Add any other ACLs and edit the http_access lines to match your policy + requirements for use of the proxy. See Squid FAQ for more details. cache_mgr - Put here the e-mail address of the manager: + Put here the e-mail address of the manager. + +============================================================================== + +Some configuration lines which are optional but may be needed. visible_hostname - The host name you advertise for the cache. + The publicly visible host name advertised for the cache. This will + be used for URLs generated by Squid for clients to fetch certain + objects from. cache_effective_user If building your own squid; use ./configure --with-default-user=X - If you must start Squid as root, find a safe user and group to run + You must start Squid as root, with a safe user and group to run as after startup (typically "nobody" and "nogroup"). Do not use "root", for security reasons. - -============================================================================== - -Some configuration lines which are optional but may be needed. - - cache_dir ufs /usr/local/squid/var/cache 100 16 256 Add here (first number, here 100) the amount of hard disk space @@ -98,5 +96,15 @@ start Squid at startup (it depends heavily on the Unix you use, you'll typically have to modify something in a /etc/rc_something). -This quick start file written by: Stephane Bortzmeyer and Duane -Wessels. +============================================================================== + +/* + * Copyright (C) 1996-2015 The Squid Software Foundation and contributors + * + * Squid software is distributed under GPLv2+ license and includes + * contributions from numerous individuals and organizations. + * Please see the COPYING and CONTRIBUTORS files for details. + */ + +This quick start file written by: + Stephane Bortzmeyer and Duane Wessels. diff -u -r -N squid-3.5.2/RELEASENOTES.html squid-3.5.3/RELEASENOTES.html --- squid-3.5.2/RELEASENOTES.html 2015-02-18 04:57:35.000000000 -0800 +++ squid-3.5.3/RELEASENOTES.html 2015-03-28 04:50:18.000000000 -0700 @@ -2,10 +2,10 @@ - Squid 3.5.2 release notes + Squid 3.5.3 release notes -

Squid 3.5.2 release notes

+

Squid 3.5.3 release notes

Squid Developers

@@ -63,7 +63,7 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-3.5.2.

+

The Squid Team are pleased to announce the release of Squid-3.5.3.

This new release is available for download from http://www.squid-cache.org/Versions/v3/3.5/ or the mirrors.

diff -u -r -N squid-3.5.2/src/acl/Makefile.in squid-3.5.3/src/acl/Makefile.in --- squid-3.5.2/src/acl/Makefile.in 2015-02-18 04:18:28.000000000 -0800 +++ squid-3.5.3/src/acl/Makefile.in 2015-03-28 03:59:39.000000000 -0700 @@ -1345,7 +1345,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/adaptation/ecap/Makefile.in squid-3.5.3/src/adaptation/ecap/Makefile.in --- squid-3.5.2/src/adaptation/ecap/Makefile.in 2015-02-18 04:18:29.000000000 -0800 +++ squid-3.5.3/src/adaptation/ecap/Makefile.in 2015-03-28 03:59:40.000000000 -0700 @@ -1214,7 +1214,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/adaptation/icap/Makefile.in squid-3.5.3/src/adaptation/icap/Makefile.in --- squid-3.5.2/src/adaptation/icap/Makefile.in 2015-02-18 04:18:30.000000000 -0800 +++ squid-3.5.3/src/adaptation/icap/Makefile.in 2015-03-28 03:59:41.000000000 -0700 @@ -1187,7 +1187,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/adaptation/Makefile.in squid-3.5.3/src/adaptation/Makefile.in --- squid-3.5.2/src/adaptation/Makefile.in 2015-02-18 04:18:29.000000000 -0800 +++ squid-3.5.3/src/adaptation/Makefile.in 2015-03-28 03:59:40.000000000 -0700 @@ -1321,7 +1321,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/anyp/Makefile.in squid-3.5.3/src/anyp/Makefile.in --- squid-3.5.2/src/anyp/Makefile.in 2015-02-18 04:18:30.000000000 -0800 +++ squid-3.5.3/src/anyp/Makefile.in 2015-03-28 03:59:41.000000000 -0700 @@ -1163,7 +1163,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/auth/basic/Makefile.in squid-3.5.3/src/auth/basic/Makefile.in --- squid-3.5.2/src/auth/basic/Makefile.in 2015-02-18 04:18:31.000000000 -0800 +++ squid-3.5.3/src/auth/basic/Makefile.in 2015-03-28 03:59:42.000000000 -0700 @@ -1163,7 +1163,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/auth/digest/Makefile.in squid-3.5.3/src/auth/digest/Makefile.in --- squid-3.5.2/src/auth/digest/Makefile.in 2015-02-18 04:18:32.000000000 -0800 +++ squid-3.5.3/src/auth/digest/Makefile.in 2015-03-28 03:59:43.000000000 -0700 @@ -1163,7 +1163,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/auth/Makefile.in squid-3.5.3/src/auth/Makefile.in --- squid-3.5.2/src/auth/Makefile.in 2015-02-18 04:18:31.000000000 -0800 +++ squid-3.5.3/src/auth/Makefile.in 2015-03-28 03:59:42.000000000 -0700 @@ -1313,7 +1313,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/auth/negotiate/Makefile.in squid-3.5.3/src/auth/negotiate/Makefile.in --- squid-3.5.2/src/auth/negotiate/Makefile.in 2015-02-18 04:18:32.000000000 -0800 +++ squid-3.5.3/src/auth/negotiate/Makefile.in 2015-03-28 03:59:43.000000000 -0700 @@ -1164,7 +1164,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/auth/ntlm/Makefile.in squid-3.5.3/src/auth/ntlm/Makefile.in --- squid-3.5.2/src/auth/ntlm/Makefile.in 2015-02-18 04:18:33.000000000 -0800 +++ squid-3.5.3/src/auth/ntlm/Makefile.in 2015-03-28 03:59:44.000000000 -0700 @@ -1163,7 +1163,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/base/Makefile.in squid-3.5.3/src/base/Makefile.in --- squid-3.5.2/src/base/Makefile.in 2015-02-18 04:18:33.000000000 -0800 +++ squid-3.5.3/src/base/Makefile.in 2015-03-28 03:59:44.000000000 -0700 @@ -1269,7 +1269,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/clients/Makefile.in squid-3.5.3/src/clients/Makefile.in --- squid-3.5.2/src/clients/Makefile.in 2015-02-18 04:18:34.000000000 -0800 +++ squid-3.5.3/src/clients/Makefile.in 2015-03-28 03:59:45.000000000 -0700 @@ -1163,7 +1163,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/client_side.cc squid-3.5.3/src/client_side.cc --- squid-3.5.2/src/client_side.cc 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/src/client_side.cc 2015-03-28 03:58:05.000000000 -0700 @@ -233,7 +233,8 @@ debugs(33, 4, HERE << clientConnection << ": reading request..."); - if (!in.maybeMakeSpaceAvailable()) + // we can only read if there is more than 1 byte of space free + if (Config.maxRequestBufferSize - in.buf.length() < 2) return; typedef CommCbMemFunT Dialer; @@ -2874,7 +2875,12 @@ // default to the configured pipeline size. // add 1 because the head of pipeline is counted in concurrent requests and not prefetch queue - const int concurrentRequestLimit = pipelinePrefetchMax() + 1; +#if USE_OPENSSL + const int internalRequest = (transparent() && sslBumpMode == Ssl::bumpSplice) ? 1 : 0; +#else + const int internalRequest = 0; +#endif + const int concurrentRequestLimit = pipelinePrefetchMax() + 1 + internalRequest; // when queue filled already we cant add more. if (existingRequestCount >= concurrentRequestLimit) { @@ -3232,6 +3238,7 @@ * Plus, it breaks our lame *HalfClosed() detection */ + in.maybeMakeSpaceAvailable(); CommIoCbParams rd(this); // will be expanded with ReadNow results rd.conn = io.conn; switch (Comm::ReadNow(rd, in.buf)) { @@ -3525,9 +3532,6 @@ BodyProducer::start(); HttpControlMsgSink::start(); - // ensure a buffer is present for this connection - in.maybeMakeSpaceAvailable(); - if (port->disable_pmtu_discovery != DISABLE_PMTU_OFF && (transparent() || port->disable_pmtu_discovery == DISABLE_PMTU_ALWAYS)) { #if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT) diff -u -r -N squid-3.5.2/src/comm/Makefile.in squid-3.5.3/src/comm/Makefile.in --- squid-3.5.2/src/comm/Makefile.in 2015-02-18 04:18:34.000000000 -0800 +++ squid-3.5.3/src/comm/Makefile.in 2015-03-28 03:59:45.000000000 -0700 @@ -1193,7 +1193,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/errorpage.cc squid-3.5.3/src/errorpage.cc --- squid-3.5.2/src/errorpage.cc 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/src/errorpage.cc 2015-03-28 03:58:05.000000000 -0700 @@ -914,7 +914,10 @@ case 'm': if (building_deny_info_url) break; #if USE_AUTH - p = auth_user_request->denyMessage("[not available]"); + if (auth_user_request.getRaw()) + p = auth_user_request->denyMessage("[not available]"); + else + p = "[not available]"; #else p = "-"; #endif diff -u -r -N squid-3.5.2/src/esi/Makefile.in squid-3.5.3/src/esi/Makefile.in --- squid-3.5.2/src/esi/Makefile.in 2015-02-18 04:18:35.000000000 -0800 +++ squid-3.5.3/src/esi/Makefile.in 2015-03-28 03:59:46.000000000 -0700 @@ -1213,7 +1213,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/eui/Makefile.in squid-3.5.3/src/eui/Makefile.in --- squid-3.5.2/src/eui/Makefile.in 2015-02-18 04:18:35.000000000 -0800 +++ squid-3.5.3/src/eui/Makefile.in 2015-03-28 03:59:46.000000000 -0700 @@ -1162,7 +1162,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/format/Makefile.in squid-3.5.3/src/format/Makefile.in --- squid-3.5.2/src/format/Makefile.in 2015-02-18 04:18:36.000000000 -0800 +++ squid-3.5.3/src/format/Makefile.in 2015-03-28 03:59:47.000000000 -0700 @@ -1165,7 +1165,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/ftp/Makefile.in squid-3.5.3/src/ftp/Makefile.in --- squid-3.5.2/src/ftp/Makefile.in 2015-02-18 04:18:37.000000000 -0800 +++ squid-3.5.3/src/ftp/Makefile.in 2015-03-28 03:59:48.000000000 -0700 @@ -1157,7 +1157,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/helper/Makefile.in squid-3.5.3/src/helper/Makefile.in --- squid-3.5.2/src/helper/Makefile.in 2015-02-18 04:18:38.000000000 -0800 +++ squid-3.5.3/src/helper/Makefile.in 2015-03-28 03:59:48.000000000 -0700 @@ -1160,7 +1160,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/http/Makefile.in squid-3.5.3/src/http/Makefile.in --- squid-3.5.2/src/http/Makefile.in 2015-02-18 04:18:38.000000000 -0800 +++ squid-3.5.3/src/http/Makefile.in 2015-03-28 03:59:49.000000000 -0700 @@ -1162,7 +1162,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/icmp/Makefile.in squid-3.5.3/src/icmp/Makefile.in --- squid-3.5.2/src/icmp/Makefile.in 2015-02-18 04:18:39.000000000 -0800 +++ squid-3.5.3/src/icmp/Makefile.in 2015-03-28 03:59:50.000000000 -0700 @@ -1473,7 +1473,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/ident/Makefile.in squid-3.5.3/src/ident/Makefile.in --- squid-3.5.2/src/ident/Makefile.in 2015-02-18 04:18:40.000000000 -0800 +++ squid-3.5.3/src/ident/Makefile.in 2015-03-28 03:59:50.000000000 -0700 @@ -1158,7 +1158,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/ip/Makefile.in squid-3.5.3/src/ip/Makefile.in --- squid-3.5.2/src/ip/Makefile.in 2015-02-18 04:18:40.000000000 -0800 +++ squid-3.5.3/src/ip/Makefile.in 2015-03-28 03:59:51.000000000 -0700 @@ -1241,7 +1241,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/ipc/Makefile.in squid-3.5.3/src/ipc/Makefile.in --- squid-3.5.2/src/ipc/Makefile.in 2015-02-18 04:18:41.000000000 -0800 +++ squid-3.5.3/src/ipc/Makefile.in 2015-03-28 03:59:51.000000000 -0700 @@ -1257,7 +1257,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/ipc/mem/Segment.cc squid-3.5.3/src/ipc/mem/Segment.cc --- squid-3.5.2/src/ipc/mem/Segment.cc 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/src/ipc/mem/Segment.cc 2015-03-28 03:58:05.000000000 -0700 @@ -88,7 +88,8 @@ assert(aSize > 0); assert(theFD < 0); - theFD = shm_open(theName.termedBuf(), O_CREAT | O_RDWR | O_TRUNC, + // OS X does not allow using O_TRUNC here. + theFD = shm_open(theName.termedBuf(), O_CREAT | O_RDWR, S_IRUSR | S_IWUSR); if (theFD < 0) { debugs(54, 5, HERE << "shm_open " << theName << ": " << xstrerror()); @@ -97,14 +98,19 @@ } if (ftruncate(theFD, aSize)) { - debugs(54, 5, HERE << "ftruncate " << theName << ": " << xstrerror()); + const int savedError = errno; + unlink(); + debugs(54, 5, HERE << "ftruncate " << theName << ": " << xstrerr(savedError)); fatalf("Ipc::Mem::Segment::create failed to ftruncate(%s): %s\n", - theName.termedBuf(), xstrerror()); + theName.termedBuf(), xstrerr(savedError)); } + // We assume that the shm_open(O_CREAT)+ftruncate() combo zeros the segment. + + theSize = statSize("Ipc::Mem::Segment::create"); - assert(statSize("Ipc::Mem::Segment::create") == aSize); // paranoid + // OS X will round up to a full page, so not checking for exact size match. + assert(theSize >= aSize); - theSize = aSize; theReserved = 0; doUnlink = true; diff -u -r -N squid-3.5.2/src/log/Makefile.in squid-3.5.3/src/log/Makefile.in --- squid-3.5.2/src/log/Makefile.in 2015-02-18 04:18:41.000000000 -0800 +++ squid-3.5.3/src/log/Makefile.in 2015-03-28 03:59:52.000000000 -0700 @@ -1197,7 +1197,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/main.cc squid-3.5.3/src/main.cc --- squid-3.5.2/src/main.cc 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/src/main.cc 2015-03-28 03:58:05.000000000 -0700 @@ -59,6 +59,7 @@ #include "profiler/Profiler.h" #include "redirect.h" #include "refresh.h" +#include "SBufStatsAction.h" #include "send-announce.h" #include "SquidConfig.h" #include "SquidDns.h" @@ -1089,6 +1090,8 @@ /* register the modules in the cache manager menus */ cbdataRegisterWithCacheManager(); + SBufStatsAction::RegisterWithCacheManager(); + /* These use separate calls so that the comm loops can eventually * coexist. */ diff -u -r -N squid-3.5.2/src/mgr/Makefile.in squid-3.5.3/src/mgr/Makefile.in --- squid-3.5.2/src/mgr/Makefile.in 2015-02-18 04:18:42.000000000 -0800 +++ squid-3.5.3/src/mgr/Makefile.in 2015-03-28 03:59:52.000000000 -0700 @@ -1229,7 +1229,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/parser/Makefile.in squid-3.5.3/src/parser/Makefile.in --- squid-3.5.2/src/parser/Makefile.in 2015-02-18 04:18:43.000000000 -0800 +++ squid-3.5.3/src/parser/Makefile.in 2015-03-28 03:59:53.000000000 -0700 @@ -1355,7 +1355,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/peer_select.cc squid-3.5.3/src/peer_select.cc --- squid-3.5.2/src/peer_select.cc 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/src/peer_select.cc 2015-03-28 03:58:05.000000000 -0700 @@ -955,6 +955,7 @@ callback (NULL), callback_data (NULL), lastError(NULL), + paths(NULL), servers (NULL), first_parent_miss(), closest_parent_miss(), diff -u -r -N squid-3.5.2/src/SBufStatsAction.cc squid-3.5.3/src/SBufStatsAction.cc --- squid-3.5.2/src/SBufStatsAction.cc 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/src/SBufStatsAction.cc 2015-03-28 03:58:05.000000000 -0700 @@ -82,7 +82,9 @@ msg.getPod(mbdata); } -static const bool Registered = (Mgr::RegisterAction("sbuf", - "String-Buffer statistics", &SBufStatsAction::Create, 0 , 1), - true); +void +SBufStatsAction::RegisterWithCacheManager() +{ + Mgr::RegisterAction("sbuf", "String-Buffer statistics", &SBufStatsAction::Create, 0 , 1); +} diff -u -r -N squid-3.5.2/src/SBufStatsAction.h squid-3.5.3/src/SBufStatsAction.h --- squid-3.5.2/src/SBufStatsAction.h 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/src/SBufStatsAction.h 2015-03-28 03:58:05.000000000 -0700 @@ -21,6 +21,7 @@ public: /// Mgr::ClassActionCreationHandler for Mgr::RegisterAction() static Pointer Create(const Mgr::CommandPointer &cmd); + static void RegisterWithCacheManager(void); protected: explicit SBufStatsAction(const Mgr::CommandPointer &cmd); diff -u -r -N squid-3.5.2/src/servers/Makefile.in squid-3.5.3/src/servers/Makefile.in --- squid-3.5.2/src/servers/Makefile.in 2015-02-18 04:18:44.000000000 -0800 +++ squid-3.5.3/src/servers/Makefile.in 2015-03-28 03:59:54.000000000 -0700 @@ -1157,7 +1157,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/snmp/Makefile.in squid-3.5.3/src/snmp/Makefile.in --- squid-3.5.2/src/snmp/Makefile.in 2015-02-18 04:18:45.000000000 -0800 +++ squid-3.5.3/src/snmp/Makefile.in 2015-03-28 03:59:55.000000000 -0700 @@ -1174,7 +1174,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/ssl/bio.cc squid-3.5.3/src/ssl/bio.cc --- squid-3.5.2/src/ssl/bio.cc 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/src/ssl/bio.cc 2015-03-28 03:58:05.000000000 -0700 @@ -151,12 +151,15 @@ bool Ssl::ClientBio::isClientHello(int state) { - return (state == SSL2_ST_GET_CLIENT_HELLO_A || - state == SSL3_ST_SR_CLNT_HELLO_A || - state == SSL23_ST_SR_CLNT_HELLO_A || - state == SSL23_ST_SR_CLNT_HELLO_B || - state == SSL3_ST_SR_CLNT_HELLO_B || - state == SSL3_ST_SR_CLNT_HELLO_C + return ( +#if defined(SSL2_ST_GET_CLIENT_HELLO_A) + state == SSL2_ST_GET_CLIENT_HELLO_A || +#endif + state == SSL3_ST_SR_CLNT_HELLO_A || + state == SSL23_ST_SR_CLNT_HELLO_A || + state == SSL23_ST_SR_CLNT_HELLO_B || + state == SSL3_ST_SR_CLNT_HELLO_B || + state == SSL3_ST_SR_CLNT_HELLO_C ); } @@ -325,7 +328,12 @@ // If the client supports compression but our context does not support // we can not adjust. - if (features.compressMethod && ssl->ctx->comp_methods == NULL) { +#if !defined(OPENSSL_NO_COMP) + const bool requireCompression = (features.compressMethod && ssl->ctx->comp_methods == NULL); +#else + const bool requireCompression = features.compressMethod; +#endif + if (requireCompression) { debugs(83, 5, "Client Hello Data supports compression, but we do not!"); return false; } @@ -669,9 +677,11 @@ debugs(83, 7, "SNI server name: " << serverName); #endif +#if !defined(OPENSSL_NO_COMP) if (ssl->session->compress_meth) compressMethod = ssl->session->compress_meth; else if (sslVersion >= 3) //if it is 3 or newer version then compression is disabled +#endif compressMethod = 0; debugs(83, 7, "SSL compression: " << compressMethod); diff -u -r -N squid-3.5.2/src/ssl/Makefile.in squid-3.5.3/src/ssl/Makefile.in --- squid-3.5.2/src/ssl/Makefile.in 2015-02-18 04:18:46.000000000 -0800 +++ squid-3.5.3/src/ssl/Makefile.in 2015-03-28 03:59:55.000000000 -0700 @@ -1284,7 +1284,7 @@ $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 .PHONY: testHeaders diff -u -r -N squid-3.5.2/src/TestHeaders.am squid-3.5.3/src/TestHeaders.am --- squid-3.5.2/src/TestHeaders.am 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/src/TestHeaders.am 2015-03-28 03:58:05.000000000 -0700 @@ -14,7 +14,7 @@ ## .h dependency test script ## aborts build process on errors; XXX: even with "make -k" testHeaders: $(srcdir)/*.h - $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" "$(srcdir)" || exit 1 + $(SHELL) $(top_srcdir)/test-suite/testheaders.sh "$(CXXCOMPILE)" $^ || exit 1 ## XXX: this is only needed because testheaders.sh creates a dummy file called ## testHeaders and distclean does not know about it. diff -u -r -N squid-3.5.2/src/tunnel.cc squid-3.5.3/src/tunnel.cc --- squid-3.5.2/src/tunnel.cc 2015-02-18 04:17:02.000000000 -0800 +++ squid-3.5.3/src/tunnel.cc 2015-03-28 03:58:05.000000000 -0700 @@ -12,6 +12,7 @@ #include "acl/FilledChecklist.h" #include "base/CbcPointer.h" #include "CachePeer.h" +#include "cbdata.h" #include "client_side.h" #include "client_side_request.h" #include "comm.h" @@ -113,7 +114,8 @@ { public: - Connection() : len (0), buf ((char *)xmalloc(SQUID_TCP_SO_RCVBUF)), size_ptr(NULL) {} + Connection() : len (0), buf ((char *)xmalloc(SQUID_TCP_SO_RCVBUF)), size_ptr(NULL), delayedLoops(0), + readPending(NULL), readPendingFunc(NULL) {} ~Connection(); @@ -135,7 +137,11 @@ int64_t *size_ptr; /* pointer to size in an ConnStateData for logging */ Comm::ConnectionPointer conn; ///< The currently connected connection. + uint8_t delayedLoops; ///< how many times a read on this connection has been postponed. + // XXX: make these an AsyncCall when event API can handle them + TunnelStateData *readPending; + EVH *readPendingFunc; private: #if USE_DELAY_POOLS @@ -206,6 +212,8 @@ static CLCB tunnelClientClosed; static CTCB tunnelTimeout; static PSC tunnelPeerSelectComplete; +static EVH tunnelDelayedClientRead; +static EVH tunnelDelayedServerRead; static void tunnelConnected(const Comm::ConnectionPointer &server, void *); static void tunnelRelayConnectRequest(const Comm::ConnectionPointer &server, void *); @@ -258,6 +266,8 @@ connectReqWriting(false) { debugs(26, 3, "TunnelStateData constructed this=" << this); + client.readPendingFunc = &tunnelDelayedClientRead; + server.readPendingFunc = &tunnelDelayedServerRead; } TunnelStateData::~TunnelStateData() @@ -271,6 +281,9 @@ TunnelStateData::Connection::~Connection() { + if (readPending) + eventDelete(readPendingFunc, readPending); + safe_free(buf); } @@ -327,6 +340,7 @@ TunnelStateData::readServer(char *buf, size_t len, Comm::Flag errcode, int xerrno) { debugs(26, 3, HERE << server.conn << ", read " << len << " bytes, err=" << errcode); + server.delayedLoops=0; /* * Bail out early on Comm::ERR_CLOSING @@ -472,6 +486,7 @@ TunnelStateData::readClient(char *buf, size_t len, Comm::Flag errcode, int xerrno) { debugs(26, 3, HERE << client.conn << ", read " << len << " bytes, err=" << errcode); + client.delayedLoops=0; /* * Bail out early on Comm::ERR_CLOSING @@ -672,13 +687,49 @@ conn->close(); } +static void +tunnelDelayedClientRead(void *data) +{ + if (!data) + return; + + TunnelStateData *tunnel = static_cast(data); + tunnel->client.readPending = NULL; + static uint64_t counter=0; + debugs(26, 7, "Client read(2) delayed " << ++counter << " times"); + tunnel->copyRead(tunnel->client, TunnelStateData::ReadClient); +} + +static void +tunnelDelayedServerRead(void *data) +{ + if (!data) + return; + + TunnelStateData *tunnel = static_cast(data); + tunnel->server.readPending = NULL; + static uint64_t counter=0; + debugs(26, 7, "Server read(2) delayed " << ++counter << " times"); + tunnel->copyRead(tunnel->server, TunnelStateData::ReadServer); +} + void TunnelStateData::copyRead(Connection &from, IOCB *completion) { assert(from.len == 0); + // If only the minimum permitted read size is going to be attempted + // then we schedule an event to try again in a few I/O cycles. + // Allow at least 1 byte to be read every (0.3*10) seconds. + int bw = from.bytesWanted(1, SQUID_TCP_SO_RCVBUF); + if (bw == 1 && ++from.delayedLoops < 10) { + from.readPending = this; + eventAdd("tunnelDelayedServerRead", from.readPendingFunc, from.readPending, 0.3, true); + return; + } + AsyncCall::Pointer call = commCbCall(5,4, "TunnelBlindCopyReadHandler", CommIoCbPtrFun(completion, this)); - comm_read(from.conn, from.buf, from.bytesWanted(1, SQUID_TCP_SO_RCVBUF), call); + comm_read(from.conn, from.buf, bw, call); } void