diff -u -r -N squid-3.5.8/cfgaux/config.guess squid-3.5.9/cfgaux/config.guess --- squid-3.5.8/cfgaux/config.guess 2015-09-01 12:53:02.000000000 -0700 +++ squid-3.5.9/cfgaux/config.guess 2015-09-17 06:07:42.000000000 -0700 @@ -1,8 +1,8 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2014 Free Software Foundation, Inc. +# Copyright 1992-2015 Free Software Foundation, Inc. -timestamp='2014-03-23' +timestamp='2015-08-20' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -24,12 +24,12 @@ # program. This Exception is an additional permission under section 7 # of the GNU General Public License, version 3 ("GPLv3"). # -# Originally written by Per Bothner. +# Originally written by Per Bothner; maintained since 2000 by Ben Elliston. # # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD # -# Please send patches with a ChangeLog entry to config-patches@gnu.org. +# Please send patches to . me=`echo "$0" | sed -e 's,.*/,,'` @@ -50,7 +50,7 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2014 Free Software Foundation, Inc. +Copyright 1992-2015 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -168,20 +168,27 @@ # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" - UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ - /usr/sbin/$sysctl 2>/dev/null || echo unknown)` + UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \ + /sbin/$sysctl 2>/dev/null || \ + /usr/sbin/$sysctl 2>/dev/null || \ + echo unknown)` case "${UNAME_MACHINE_ARCH}" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; sh5el) machine=sh5le-unknown ;; + earmv*) + arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'` + endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'` + machine=${arch}${endian}-unknown + ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently, or will in the future. case "${UNAME_MACHINE_ARCH}" in - arm*|i386|m68k|ns32k|sh3*|sparc|vax) + arm*|earm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ @@ -197,6 +204,13 @@ os=netbsd ;; esac + # Determine ABI tags. + case "${UNAME_MACHINE_ARCH}" in + earm*) + expr='s/^earmv[0-9]/-eabi/;s/eb$//' + abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"` + ;; + esac # The OS release # Debian GNU/NetBSD machines have a different userland, and # thus, need a distinct triplet. However, they do not need @@ -207,13 +221,13 @@ release='-gnu' ;; *) - release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + release=`echo ${UNAME_RELEASE} | sed -e 's/[-_].*//' | cut -d. -f1,2` ;; esac # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "${machine}-${os}${release}" + echo "${machine}-${os}${release}${abi}" exit ;; *:Bitrig:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` @@ -235,6 +249,9 @@ *:MirBSD:*:*) echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} exit ;; + *:Sortix:*:*) + echo ${UNAME_MACHINE}-unknown-sortix + exit ;; alpha:OSF1:*:*) case $UNAME_RELEASE in *4.0) @@ -579,8 +596,9 @@ else IBM_ARCH=powerpc fi - if [ -x /usr/bin/oslevel ] ; then - IBM_REV=`/usr/bin/oslevel` + if [ -x /usr/bin/lslpp ] ; then + IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | + awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi @@ -932,6 +950,9 @@ crisv32:Linux:*:*) echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; + e2k:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; frv:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; @@ -1020,7 +1041,7 @@ echo ${UNAME_MACHINE}-dec-linux-${LIBC} exit ;; x86_64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo ${UNAME_MACHINE}-pc-linux-${LIBC} exit ;; xtensa*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} diff -u -r -N squid-3.5.8/cfgaux/config.sub squid-3.5.9/cfgaux/config.sub --- squid-3.5.8/cfgaux/config.sub 2015-09-01 12:53:02.000000000 -0700 +++ squid-3.5.9/cfgaux/config.sub 2015-09-17 06:07:42.000000000 -0700 @@ -1,8 +1,8 @@ #! /bin/sh # Configuration validation subroutine script. -# Copyright 1992-2014 Free Software Foundation, Inc. +# Copyright 1992-2015 Free Software Foundation, Inc. -timestamp='2014-09-11' +timestamp='2015-08-20' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -25,7 +25,7 @@ # of the GNU General Public License, version 3 ("GPLv3"). -# Please send patches with a ChangeLog entry to config-patches@gnu.org. +# Please send patches to . # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. @@ -68,7 +68,7 @@ version="\ GNU config.sub ($timestamp) -Copyright 1992-2014 Free Software Foundation, Inc. +Copyright 1992-2015 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -117,7 +117,7 @@ case $maybe_os in nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ - knetbsd*-gnu* | netbsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \ kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os @@ -255,12 +255,13 @@ | arc | arceb \ | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ | avr | avr32 \ + | ba \ | be32 | be64 \ | bfin \ | c4x | c8051 | clipper \ | d10v | d30v | dlx | dsp16xx \ - | epiphany \ - | fido | fr30 | frv \ + | e2k | epiphany \ + | fido | fr30 | frv | ft32 \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | hexagon \ | i370 | i860 | i960 | ia64 \ @@ -305,7 +306,7 @@ | riscv32 | riscv64 \ | rl78 | rx \ | score \ - | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ @@ -313,6 +314,7 @@ | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ | ubicom32 \ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ + | visium \ | we32k \ | x86 | xc16x | xstormy16 | xtensa \ | z8k | z80) @@ -327,6 +329,9 @@ c6x) basic_machine=tic6x-unknown ;; + leon|leon[3-9]) + basic_machine=sparc-$basic_machine + ;; m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) basic_machine=$basic_machine-unknown os=-none @@ -372,12 +377,13 @@ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ + | ba-* \ | be32-* | be64-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* \ | c8051-* | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ - | elxsi-* \ + | e2k-* | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ @@ -424,12 +430,13 @@ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ | pyramid-* \ + | riscv32-* | riscv64-* \ | rl78-* | romp-* | rs6000-* | rx-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ - | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \ | tahoe-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ | tile*-* \ @@ -437,6 +444,7 @@ | ubicom32-* \ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ | vax-* \ + | visium-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* \ | xstormy16-* | xtensa*-* \ @@ -513,6 +521,9 @@ basic_machine=i386-pc os=-aros ;; + asmjs) + basic_machine=asmjs-unknown + ;; aux) basic_machine=m68k-apple os=-aux @@ -774,6 +785,9 @@ basic_machine=m68k-isi os=-sysv ;; + leon-*|leon[3-9]-*) + basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'` + ;; m68knommu) basic_machine=m68k-unknown os=-linux @@ -1365,7 +1379,7 @@ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ | -sym* | -kopensolaris* | -plan9* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* | -aros* \ + | -aos* | -aros* | -cloudabi* | -sortix* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ diff -u -r -N squid-3.5.8/ChangeLog squid-3.5.9/ChangeLog --- squid-3.5.8/ChangeLog 2015-09-01 12:52:00.000000000 -0700 +++ squid-3.5.9/ChangeLog 2015-09-17 06:06:28.000000000 -0700 @@ -1,3 +1,14 @@ +Changes to squid-3.5.9 (17 Sep 2015): + + - Regression Bug 3618: ntlm_smb_lm_auth rejects correct passwords + - Bug 4309: incorrect extensions detection in SSL Hello messages + - Bug 4309: crash during Skype login + - Bug 4284: missing sanity checks for malloc + - Regression Fix: CONNECT request debugging 11,2 traces + - Regression Fix: Quieten UFS cache maintenance skipped warnings + - TLS: Support SNI on generated CONNECT after peek + - ... and some documentation updates + Changes to squid-3.5.8 (02 Sep 2015): - Regression Bug 4306: build portability fix in Kerberos helpers diff -u -r -N squid-3.5.8/configure squid-3.5.9/configure --- squid-3.5.8/configure 2015-09-01 12:53:55.000000000 -0700 +++ squid-3.5.9/configure 2015-09-17 06:08:35.000000000 -0700 @@ -1,7 +1,7 @@ #! /bin/sh # From configure.ac Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for Squid Web Proxy 3.5.8. +# Generated by GNU Autoconf 2.69 for Squid Web Proxy 3.5.9. # # Report bugs to . # @@ -595,8 +595,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='3.5.8' -PACKAGE_STRING='Squid Web Proxy 3.5.8' +PACKAGE_VERSION='3.5.9' +PACKAGE_STRING='Squid Web Proxy 3.5.9' PACKAGE_BUGREPORT='http://bugs.squid-cache.org/' PACKAGE_URL='' @@ -1633,7 +1633,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 3.5.8 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 3.5.9 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1704,7 +1704,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 3.5.8:";; + short | recursive ) echo "Configuration of Squid Web Proxy 3.5.9:";; esac cat <<\_ACEOF @@ -2111,7 +2111,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 3.5.8 +Squid Web Proxy configure 3.5.9 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -3215,7 +3215,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 3.5.8, which was +It was created by Squid Web Proxy $as_me 3.5.9, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4082,7 +4082,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='3.5.8' + VERSION='3.5.9' cat >>confdefs.h <<_ACEOF @@ -41041,7 +41041,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 3.5.8, which was +This file was extended by Squid Web Proxy $as_me 3.5.9, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -41107,7 +41107,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Squid Web Proxy config.status 3.5.8 +Squid Web Proxy config.status 3.5.9 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -u -r -N squid-3.5.8/configure.ac squid-3.5.9/configure.ac --- squid-3.5.8/configure.ac 2015-09-01 12:53:54.000000000 -0700 +++ squid-3.5.9/configure.ac 2015-09-17 06:08:35.000000000 -0700 @@ -5,7 +5,7 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -AC_INIT([Squid Web Proxy],[3.5.8],[http://bugs.squid-cache.org/],[squid]) +AC_INIT([Squid Web Proxy],[3.5.9],[http://bugs.squid-cache.org/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) diff -u -r -N squid-3.5.8/doc/release-notes/release-3.5.html squid-3.5.9/doc/release-notes/release-3.5.html --- squid-3.5.8/doc/release-notes/release-3.5.html 2015-09-01 13:44:01.000000000 -0700 +++ squid-3.5.9/doc/release-notes/release-3.5.html 2015-09-17 06:59:10.000000000 -0700 @@ -2,10 +2,10 @@ - Squid 3.5.8 release notes + Squid 3.5.9 release notes -

Squid 3.5.8 release notes

+

Squid 3.5.9 release notes

Squid Developers

@@ -63,7 +63,7 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-3.5.8.

+

The Squid Team are pleased to announce the release of Squid-3.5.9.

This new release is available for download from http://www.squid-cache.org/Versions/v3/3.5/ or the mirrors.

diff -u -r -N squid-3.5.8/helpers/basic_auth/DB/basic_db_auth.8 squid-3.5.9/helpers/basic_auth/DB/basic_db_auth.8 --- squid-3.5.8/helpers/basic_auth/DB/basic_db_auth.8 2015-09-01 13:44:04.000000000 -0700 +++ squid-3.5.9/helpers/basic_auth/DB/basic_db_auth.8 2015-09-17 06:59:14.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_DB_AUTH 8" -.TH BASIC_DB_AUTH 8 "2015-09-01" "perl v5.20.2" "User Contributed Perl Documentation" +.TH BASIC_DB_AUTH 8 "2015-09-17" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.8/helpers/basic_auth/LDAP/basic_ldap_auth.cc squid-3.5.9/helpers/basic_auth/LDAP/basic_ldap_auth.cc --- squid-3.5.8/helpers/basic_auth/LDAP/basic_ldap_auth.cc 2015-09-01 12:52:00.000000000 -0700 +++ squid-3.5.9/helpers/basic_auth/LDAP/basic_ldap_auth.cc 2015-09-17 06:06:28.000000000 -0700 @@ -392,7 +392,7 @@ case 'h': if (ldapServer) { int len = strlen(ldapServer) + 1 + strlen(value) + 1; - char *newhost = static_cast(malloc(len)); + char *newhost = static_cast(xmalloc(len)); snprintf(newhost, len, "%s %s", ldapServer, value); free(ldapServer); ldapServer = newhost; @@ -512,7 +512,7 @@ char *value = argv[1]; if (ldapServer) { int len = strlen(ldapServer) + 1 + strlen(value) + 1; - char *newhost = static_cast(malloc(len)); + char *newhost = static_cast(xmalloc(len)); snprintf(newhost, len, "%s %s", ldapServer, value); free(ldapServer); ldapServer = newhost; diff -u -r -N squid-3.5.8/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 squid-3.5.9/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 --- squid-3.5.8/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 2015-09-01 13:44:08.000000000 -0700 +++ squid-3.5.9/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 2015-09-17 06:59:19.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_MSNT_MULTI_DOMAIN_AUTH 1" -.TH BASIC_MSNT_MULTI_DOMAIN_AUTH 1 "2015-09-01" "perl v5.20.2" "User Contributed Perl Documentation" +.TH BASIC_MSNT_MULTI_DOMAIN_AUTH 1 "2015-09-17" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.8/helpers/basic_auth/POP3/basic_pop3_auth.8 squid-3.5.9/helpers/basic_auth/POP3/basic_pop3_auth.8 --- squid-3.5.8/helpers/basic_auth/POP3/basic_pop3_auth.8 2015-09-01 13:44:12.000000000 -0700 +++ squid-3.5.9/helpers/basic_auth/POP3/basic_pop3_auth.8 2015-09-17 06:59:24.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_POP3_AUTH 8" -.TH BASIC_POP3_AUTH 8 "2015-09-01" "perl v5.20.2" "User Contributed Perl Documentation" +.TH BASIC_POP3_AUTH 8 "2015-09-17" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.8/helpers/basic_auth/SMB/basic_smb_auth.cc squid-3.5.9/helpers/basic_auth/SMB/basic_smb_auth.cc --- squid-3.5.8/helpers/basic_auth/SMB/basic_smb_auth.cc 2015-09-01 12:52:00.000000000 -0700 +++ squid-3.5.9/helpers/basic_auth/SMB/basic_smb_auth.cc 2015-09-17 06:06:28.000000000 -0700 @@ -111,8 +111,7 @@ break; if (strcmp(argv[i], "-W") == 0) { - if ((dom = (struct SMBDOMAIN *) malloc(sizeof(struct SMBDOMAIN))) == NULL) - return 1; + dom = static_cast(xmalloc(sizeof(struct SMBDOMAIN))); dom->name = dom->sname = argv[++i]; dom->passthrough = ""; diff -u -r -N squid-3.5.8/helpers/digest_auth/eDirectory/ldap_backend.cc squid-3.5.9/helpers/digest_auth/eDirectory/ldap_backend.cc --- squid-3.5.8/helpers/digest_auth/eDirectory/ldap_backend.cc 2015-09-01 12:52:00.000000000 -0700 +++ squid-3.5.9/helpers/digest_auth/eDirectory/ldap_backend.cc 2015-09-17 06:06:28.000000000 -0700 @@ -461,7 +461,7 @@ case 'h': if (ldapServer) { int len = strlen(ldapServer) + 1 + strlen(value) + 1; - char *newhost = (char*)malloc(len); + char *newhost = static_cast(xmalloc(len)); snprintf(newhost, len, "%s %s", ldapServer, value); free(ldapServer); ldapServer = newhost; @@ -590,7 +590,7 @@ char *value = argv[1]; if (ldapServer) { int len = strlen(ldapServer) + 1 + strlen(value) + 1; - char *newhost = (char*)malloc(len); + char *newhost = static_cast(xmalloc(len)); snprintf(newhost, len, "%s %s", ldapServer, value); free(ldapServer); ldapServer = newhost; diff -u -r -N squid-3.5.8/helpers/digest_auth/file/text_backend.cc squid-3.5.9/helpers/digest_auth/file/text_backend.cc --- squid-3.5.8/helpers/digest_auth/file/text_backend.cc 2015-09-01 12:52:00.000000000 -0700 +++ squid-3.5.9/helpers/digest_auth/file/text_backend.cc 2015-09-17 06:06:28.000000000 -0700 @@ -118,7 +118,7 @@ u = static_cast(xcalloc(1, sizeof(*u))); if (realm) { int len = strlen(user) + strlen(realm) + 2; - u->hash.key = malloc(len); + u->hash.key = xmalloc(len); snprintf(static_cast(u->hash.key), len, "%s:%s", user, realm); } else { u->hash.key = xstrdup(user); diff -u -r -N squid-3.5.8/helpers/digest_auth/LDAP/ldap_backend.cc squid-3.5.9/helpers/digest_auth/LDAP/ldap_backend.cc --- squid-3.5.8/helpers/digest_auth/LDAP/ldap_backend.cc 2015-09-01 12:52:00.000000000 -0700 +++ squid-3.5.9/helpers/digest_auth/LDAP/ldap_backend.cc 2015-09-17 06:06:28.000000000 -0700 @@ -434,7 +434,7 @@ case 'h': if (ldapServer) { int len = strlen(ldapServer) + 1 + strlen(value) + 1; - char *newhost = (char*)malloc(len); + char *newhost = static_cast(xmalloc(len)); snprintf(newhost, len, "%s %s", ldapServer, value); free(ldapServer); ldapServer = newhost; @@ -560,7 +560,7 @@ char *value = argv[1]; if (ldapServer) { int len = strlen(ldapServer) + 1 + strlen(value) + 1; - char *newhost = (char*)malloc(len); + char *newhost = static_cast(xmalloc(len)); snprintf(newhost, len, "%s %s", ldapServer, value); free(ldapServer); ldapServer = newhost; diff -u -r -N squid-3.5.8/helpers/external_acl/delayer/ext_delayer_acl.8 squid-3.5.9/helpers/external_acl/delayer/ext_delayer_acl.8 --- squid-3.5.8/helpers/external_acl/delayer/ext_delayer_acl.8 2015-09-01 13:44:24.000000000 -0700 +++ squid-3.5.9/helpers/external_acl/delayer/ext_delayer_acl.8 2015-09-17 06:59:41.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_DELAYER_ACL 8" -.TH EXT_DELAYER_ACL 8 "2015-09-01" "perl v5.20.2" "User Contributed Perl Documentation" +.TH EXT_DELAYER_ACL 8 "2015-09-17" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.8/helpers/external_acl/file_userip/ext_file_userip_acl.cc squid-3.5.9/helpers/external_acl/file_userip/ext_file_userip_acl.cc --- squid-3.5.8/helpers/external_acl/file_userip/ext_file_userip_acl.cc 2015-09-01 12:52:00.000000000 -0700 +++ squid-3.5.9/helpers/external_acl/file_userip/ext_file_userip_acl.cc 2015-09-17 06:06:28.000000000 -0700 @@ -80,7 +80,7 @@ bitwise AND */ /* the pointer to the first entry in the linked list */ - first_entry = (struct ip_user_dict*)malloc(sizeof(struct ip_user_dict)); + first_entry = static_cast(xmalloc(sizeof(struct ip_user_dict))); current_entry = first_entry; unsigned int lineCount = 0; @@ -128,7 +128,7 @@ /* get space and point current_entry to the new entry */ current_entry->next_entry = - (struct ip_user_dict*)malloc(sizeof(struct ip_user_dict)); + static_cast(xmalloc(sizeof(struct ip_user_dict))); current_entry = current_entry->next_entry; } diff -u -r -N squid-3.5.8/helpers/external_acl/LDAP_group/ext_ldap_group_acl.cc squid-3.5.9/helpers/external_acl/LDAP_group/ext_ldap_group_acl.cc --- squid-3.5.8/helpers/external_acl/LDAP_group/ext_ldap_group_acl.cc 2015-09-01 12:52:00.000000000 -0700 +++ squid-3.5.9/helpers/external_acl/LDAP_group/ext_ldap_group_acl.cc 2015-09-17 06:06:28.000000000 -0700 @@ -261,7 +261,7 @@ case 'h': if (ldapServer) { int len = strlen(ldapServer) + 1 + strlen(value) + 1; - char *newhost = (char*)malloc(len); + char *newhost = static_cast(xmalloc(len)); snprintf(newhost, len, "%s %s", ldapServer, value); free(ldapServer); ldapServer = newhost; @@ -390,7 +390,7 @@ char *value = argv[1]; if (ldapServer) { int len = strlen(ldapServer) + 1 + strlen(value) + 1; - char *newhost = (char*)malloc(len); + char *newhost = static_cast(xmalloc(len)); snprintf(newhost, len, "%s %s", ldapServer, value); free(ldapServer); ldapServer = newhost; diff -u -r -N squid-3.5.8/helpers/external_acl/SQL_session/ext_sql_session_acl.8 squid-3.5.9/helpers/external_acl/SQL_session/ext_sql_session_acl.8 --- squid-3.5.8/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2015-09-01 13:44:31.000000000 -0700 +++ squid-3.5.9/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2015-09-17 06:59:50.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_SQL_SESSION_ACL 8" -.TH EXT_SQL_SESSION_ACL 8 "2015-09-01" "perl v5.20.2" "User Contributed Perl Documentation" +.TH EXT_SQL_SESSION_ACL 8 "2015-09-17" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.8/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 squid-3.5.9/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 --- squid-3.5.8/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2015-09-01 13:44:34.000000000 -0700 +++ squid-3.5.9/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2015-09-17 06:59:54.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_WBINFO_GROUP_ACL 8" -.TH EXT_WBINFO_GROUP_ACL 8 "2015-09-01" "perl v5.20.2" "User Contributed Perl Documentation" +.TH EXT_WBINFO_GROUP_ACL 8 "2015-09-17" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.8/helpers/log_daemon/DB/log_db_daemon.8 squid-3.5.9/helpers/log_daemon/DB/log_db_daemon.8 --- squid-3.5.8/helpers/log_daemon/DB/log_db_daemon.8 2015-09-01 13:44:36.000000000 -0700 +++ squid-3.5.9/helpers/log_daemon/DB/log_db_daemon.8 2015-09-17 06:59:57.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "LOG_DB_DAEMON 8" -.TH LOG_DB_DAEMON 8 "2015-09-01" "perl v5.20.2" "User Contributed Perl Documentation" +.TH LOG_DB_DAEMON 8 "2015-09-17" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.8/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc squid-3.5.9/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc --- squid-3.5.8/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc 2015-09-01 12:52:00.000000000 -0700 +++ squid-3.5.9/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc 2015-09-17 06:06:28.000000000 -0700 @@ -246,12 +246,21 @@ memcpy(user, tmp.str, tmp.l); *(user + tmp.l) = '\0'; - /* Authenticating against the NT response doesn't seem to work... */ - tmp = ntlm_fetch_string(&(auth->hdr), auth_length, &auth->lmresponse, auth->flags); - if (tmp.str == NULL || tmp.l == 0) { - fprintf(stderr, "No auth at all. Returning no-auth\n"); - ntlm_errno = NTLM_ERR_LOGON; - return NULL; + // grab the *response blobs. these are fixed length 24 bytes of binary + const ntlmhdr *packet = &(auth->hdr); + { + const strhdr * str = &auth->lmresponse; + + int16_t len = le16toh(str->len); + int32_t offset = le32toh(str->offset); + + if (len != ENCODED_PASS_LEN || offset + len > auth_length || offset == 0) { + debug("LM response: insane data (pkt-sz: %d, fetch len: %d, offset: %d)\n", auth_length, len, offset); + ntlm_errno = NTLM_ERR_LOGON; + return NULL; + } + tmp.str = (char *)packet + offset; + tmp.l = len; } if (tmp.l > MAX_PASSWD_LEN) { debug("Password string exceeds %d bytes, rejecting\n", MAX_PASSWD_LEN); @@ -259,10 +268,10 @@ return NULL; } + /* Authenticating against the NT response doesn't seem to work... in SMB LM helper. */ memcpy(pass, tmp.str, tmp.l); pass[min(MAX_PASSWD_LEN,tmp.l)] = '\0'; -#if 1 debug("Empty LM pass detection: user: '%s', ours:'%s', his: '%s' (length: %d)\n", user,lmencoded_empty_pass,tmp.str,tmp.l); if (memcmp(tmp.str,lmencoded_empty_pass,ENCODED_PASS_LEN)==0) { @@ -272,19 +281,31 @@ return NULL; } - tmp = ntlm_fetch_string(&(auth->hdr), auth_length, &auth->ntresponse, auth->flags); - if (tmp.str != NULL && tmp.l != 0) { - debug("Empty NT pass detection: user: '%s', ours:'%s', his: '%s' (length: %d)\n", - user,ntencoded_empty_pass,tmp.str,tmp.l); - if (memcmp(tmp.str,lmencoded_empty_pass,ENCODED_PASS_LEN)==0) { - fprintf(stderr,"ERROR: Empty NT password supplied for user %s\\%s. No-auth\n", domain, user); - ntlm_errno = NTLM_ERR_LOGON; - return NULL; + /* still fetch the NT response and check validity against empty password */ + { + const strhdr * str = &auth->ntresponse; + int16_t len = le16toh(str->len); + // NT response field may be absent. that is okay. + if (len != 0) { + int32_t offset = le32toh(str->offset); + + if (len != ENCODED_PASS_LEN || offset + len > auth_length || offset == 0) { + debug("NT response: insane data (pkt-sz: %d, fetch len: %d, offset: %d)\n", auth_length, len, offset); + ntlm_errno = NTLM_ERR_LOGON; + return NULL; + } + tmp.str = (char *)packet + offset; + tmp.l = len; + + debug("Empty NT pass detection: user: '%s', ours:'%s', his: '%s' (length: %d)\n", + user,ntencoded_empty_pass,tmp.str,tmp.l); + if (memcmp(tmp.str,lmencoded_empty_pass,ENCODED_PASS_LEN)==0) { + fprintf(stderr,"ERROR: Empty NT password supplied for user %s\\%s. No-auth\n", domain, user); + ntlm_errno = NTLM_ERR_LOGON; + return NULL; + } } } -#endif - - /* TODO: check against empty password!!!!! */ debug("checking domain: '%s', user: '%s', pass='%s'\n", domain, user, pass); @@ -369,7 +390,7 @@ char *d, *c; /* d will not be freed in case of non-error. Since we don't reconfigure, * it's going to live as long as the process anyways */ - d = (char*)malloc(strlen(argv[j]) + 1); + d = static_cast(xmalloc(strlen(argv[j]) + 1)); strcpy(d, argv[j]); debug("Adding domain-controller %s\n", d); if (NULL == (c = strchr(d, '\\')) && NULL == (c = strchr(d, '/'))) { @@ -385,7 +406,7 @@ } *c= '\0'; ++c; - new_dc = (dc *) malloc(sizeof(dc)); + new_dc = static_cast(xmalloc(sizeof(dc))); if (!new_dc) { fprintf(stderr, "Malloc error while parsing DC options\n"); free(d); diff -u -r -N squid-3.5.8/helpers/storeid_rewrite/file/storeid_file_rewrite.8 squid-3.5.9/helpers/storeid_rewrite/file/storeid_file_rewrite.8 --- squid-3.5.8/helpers/storeid_rewrite/file/storeid_file_rewrite.8 2015-09-01 13:44:48.000000000 -0700 +++ squid-3.5.9/helpers/storeid_rewrite/file/storeid_file_rewrite.8 2015-09-17 07:00:12.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "STOREID_FILE_REWRITE 8" -.TH STOREID_FILE_REWRITE 8 "2015-09-01" "perl v5.20.2" "User Contributed Perl Documentation" +.TH STOREID_FILE_REWRITE 8 "2015-09-17" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.8/include/version.h squid-3.5.9/include/version.h --- squid-3.5.8/include/version.h 2015-09-01 12:53:55.000000000 -0700 +++ squid-3.5.9/include/version.h 2015-09-17 06:08:36.000000000 -0700 @@ -7,7 +7,7 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1441137118 +#define SQUID_RELEASE_TIME 1442495171 #endif /* diff -u -r -N squid-3.5.8/libltdl/config/config.guess squid-3.5.9/libltdl/config/config.guess --- squid-3.5.8/libltdl/config/config.guess 2015-09-01 12:52:43.000000000 -0700 +++ squid-3.5.9/libltdl/config/config.guess 2015-09-17 06:07:23.000000000 -0700 @@ -1,8 +1,8 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2014 Free Software Foundation, Inc. +# Copyright 1992-2015 Free Software Foundation, Inc. -timestamp='2014-03-23' +timestamp='2015-08-20' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -24,12 +24,12 @@ # program. This Exception is an additional permission under section 7 # of the GNU General Public License, version 3 ("GPLv3"). # -# Originally written by Per Bothner. +# Originally written by Per Bothner; maintained since 2000 by Ben Elliston. # # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD # -# Please send patches with a ChangeLog entry to config-patches@gnu.org. +# Please send patches to . me=`echo "$0" | sed -e 's,.*/,,'` @@ -50,7 +50,7 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2014 Free Software Foundation, Inc. +Copyright 1992-2015 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -168,20 +168,27 @@ # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" - UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ - /usr/sbin/$sysctl 2>/dev/null || echo unknown)` + UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \ + /sbin/$sysctl 2>/dev/null || \ + /usr/sbin/$sysctl 2>/dev/null || \ + echo unknown)` case "${UNAME_MACHINE_ARCH}" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; sh5el) machine=sh5le-unknown ;; + earmv*) + arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'` + endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'` + machine=${arch}${endian}-unknown + ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently, or will in the future. case "${UNAME_MACHINE_ARCH}" in - arm*|i386|m68k|ns32k|sh3*|sparc|vax) + arm*|earm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ @@ -197,6 +204,13 @@ os=netbsd ;; esac + # Determine ABI tags. + case "${UNAME_MACHINE_ARCH}" in + earm*) + expr='s/^earmv[0-9]/-eabi/;s/eb$//' + abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"` + ;; + esac # The OS release # Debian GNU/NetBSD machines have a different userland, and # thus, need a distinct triplet. However, they do not need @@ -207,13 +221,13 @@ release='-gnu' ;; *) - release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + release=`echo ${UNAME_RELEASE} | sed -e 's/[-_].*//' | cut -d. -f1,2` ;; esac # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "${machine}-${os}${release}" + echo "${machine}-${os}${release}${abi}" exit ;; *:Bitrig:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` @@ -235,6 +249,9 @@ *:MirBSD:*:*) echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} exit ;; + *:Sortix:*:*) + echo ${UNAME_MACHINE}-unknown-sortix + exit ;; alpha:OSF1:*:*) case $UNAME_RELEASE in *4.0) @@ -579,8 +596,9 @@ else IBM_ARCH=powerpc fi - if [ -x /usr/bin/oslevel ] ; then - IBM_REV=`/usr/bin/oslevel` + if [ -x /usr/bin/lslpp ] ; then + IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | + awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi @@ -932,6 +950,9 @@ crisv32:Linux:*:*) echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; + e2k:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; frv:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; @@ -1020,7 +1041,7 @@ echo ${UNAME_MACHINE}-dec-linux-${LIBC} exit ;; x86_64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo ${UNAME_MACHINE}-pc-linux-${LIBC} exit ;; xtensa*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} diff -u -r -N squid-3.5.8/libltdl/config/config.sub squid-3.5.9/libltdl/config/config.sub --- squid-3.5.8/libltdl/config/config.sub 2015-09-01 12:52:43.000000000 -0700 +++ squid-3.5.9/libltdl/config/config.sub 2015-09-17 06:07:23.000000000 -0700 @@ -1,8 +1,8 @@ #! /bin/sh # Configuration validation subroutine script. -# Copyright 1992-2014 Free Software Foundation, Inc. +# Copyright 1992-2015 Free Software Foundation, Inc. -timestamp='2014-09-11' +timestamp='2015-08-20' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -25,7 +25,7 @@ # of the GNU General Public License, version 3 ("GPLv3"). -# Please send patches with a ChangeLog entry to config-patches@gnu.org. +# Please send patches to . # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. @@ -68,7 +68,7 @@ version="\ GNU config.sub ($timestamp) -Copyright 1992-2014 Free Software Foundation, Inc. +Copyright 1992-2015 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -117,7 +117,7 @@ case $maybe_os in nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ - knetbsd*-gnu* | netbsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \ kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os @@ -255,12 +255,13 @@ | arc | arceb \ | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ | avr | avr32 \ + | ba \ | be32 | be64 \ | bfin \ | c4x | c8051 | clipper \ | d10v | d30v | dlx | dsp16xx \ - | epiphany \ - | fido | fr30 | frv \ + | e2k | epiphany \ + | fido | fr30 | frv | ft32 \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | hexagon \ | i370 | i860 | i960 | ia64 \ @@ -305,7 +306,7 @@ | riscv32 | riscv64 \ | rl78 | rx \ | score \ - | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ @@ -313,6 +314,7 @@ | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ | ubicom32 \ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ + | visium \ | we32k \ | x86 | xc16x | xstormy16 | xtensa \ | z8k | z80) @@ -327,6 +329,9 @@ c6x) basic_machine=tic6x-unknown ;; + leon|leon[3-9]) + basic_machine=sparc-$basic_machine + ;; m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) basic_machine=$basic_machine-unknown os=-none @@ -372,12 +377,13 @@ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ + | ba-* \ | be32-* | be64-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* \ | c8051-* | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ - | elxsi-* \ + | e2k-* | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ @@ -424,12 +430,13 @@ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ | pyramid-* \ + | riscv32-* | riscv64-* \ | rl78-* | romp-* | rs6000-* | rx-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ - | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \ | tahoe-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ | tile*-* \ @@ -437,6 +444,7 @@ | ubicom32-* \ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ | vax-* \ + | visium-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* \ | xstormy16-* | xtensa*-* \ @@ -513,6 +521,9 @@ basic_machine=i386-pc os=-aros ;; + asmjs) + basic_machine=asmjs-unknown + ;; aux) basic_machine=m68k-apple os=-aux @@ -774,6 +785,9 @@ basic_machine=m68k-isi os=-sysv ;; + leon-*|leon[3-9]-*) + basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'` + ;; m68knommu) basic_machine=m68k-unknown os=-linux @@ -1365,7 +1379,7 @@ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ | -sym* | -kopensolaris* | -plan9* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* | -aros* \ + | -aos* | -aros* | -cloudabi* | -sortix* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ diff -u -r -N squid-3.5.8/RELEASENOTES.html squid-3.5.9/RELEASENOTES.html --- squid-3.5.8/RELEASENOTES.html 2015-09-01 13:44:01.000000000 -0700 +++ squid-3.5.9/RELEASENOTES.html 2015-09-17 06:59:10.000000000 -0700 @@ -2,10 +2,10 @@ - Squid 3.5.8 release notes + Squid 3.5.9 release notes -

Squid 3.5.8 release notes

+

Squid 3.5.9 release notes

Squid Developers

@@ -63,7 +63,7 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-3.5.8.

+

The Squid Team are pleased to announce the release of Squid-3.5.9.

This new release is available for download from http://www.squid-cache.org/Versions/v3/3.5/ or the mirrors.

diff -u -r -N squid-3.5.8/src/client_side.cc squid-3.5.9/src/client_side.cc --- squid-3.5.8/src/client_side.cc 2015-09-01 12:52:00.000000000 -0700 +++ squid-3.5.9/src/client_side.cc 2015-09-17 06:06:28.000000000 -0700 @@ -4424,14 +4424,24 @@ ConnStateData::fakeAConnectRequest(const char *reason, const SBuf &payload) { // fake a CONNECT request to force connState to tunnel - static char ip[MAX_IPSTRLEN]; - clientConnection->local.toUrl(ip, sizeof(ip)); + SBuf connectHost; +#if USE_OPENSSL + if (serverBump() && !serverBump()->clientSni.isEmpty()) { + connectHost.assign(serverBump()->clientSni); + if (clientConnection->local.port() > 0) + connectHost.appendf(":%d",clientConnection->local.port()); + } else +#endif + { + static char ip[MAX_IPSTRLEN]; + connectHost.assign(clientConnection->local.toUrl(ip, sizeof(ip))); + } // Pre-pend this fake request to the TLS bits already in the buffer SBuf retStr; retStr.append("CONNECT "); - retStr.append(ip); + retStr.append(connectHost); retStr.append(" HTTP/1.1\r\nHost: "); - retStr.append(ip); + retStr.append(connectHost); retStr.append("\r\n\r\n"); retStr.append(payload); in.buf = retStr; diff -u -r -N squid-3.5.8/src/fs/Makefile.am squid-3.5.9/src/fs/Makefile.am --- squid-3.5.8/src/fs/Makefile.am 2015-09-01 12:52:00.000000000 -0700 +++ squid-3.5.9/src/fs/Makefile.am 2015-09-17 06:06:28.000000000 -0700 @@ -35,9 +35,9 @@ ufs/RebuildState.cc librock_la_SOURCES = \ + rock/forward.h \ rock/RockDbCell.cc \ rock/RockDbCell.h \ - rock/RockForward.h \ rock/RockIoState.cc \ rock/RockIoState.h \ rock/RockIoRequests.cc \ diff -u -r -N squid-3.5.8/src/fs/Makefile.in squid-3.5.9/src/fs/Makefile.in --- squid-3.5.8/src/fs/Makefile.in 2015-09-01 12:53:35.000000000 -0700 +++ squid-3.5.9/src/fs/Makefile.in 2015-09-17 06:08:16.000000000 -0700 @@ -737,9 +737,9 @@ ufs/RebuildState.cc librock_la_SOURCES = \ + rock/forward.h \ rock/RockDbCell.cc \ rock/RockDbCell.h \ - rock/RockForward.h \ rock/RockIoState.cc \ rock/RockIoState.h \ rock/RockIoRequests.cc \ diff -u -r -N squid-3.5.8/src/fs/rock/forward.h squid-3.5.9/src/fs/rock/forward.h --- squid-3.5.8/src/fs/rock/forward.h 1969-12-31 16:00:00.000000000 -0800 +++ squid-3.5.9/src/fs/rock/forward.h 2015-09-17 06:06:28.000000000 -0700 @@ -0,0 +1,42 @@ +/* + * Copyright (C) 1996-2015 The Squid Software Foundation and contributors + * + * Squid software is distributed under GPLv2+ license and includes + * contributions from numerous individuals and organizations. + * Please see the COPYING and CONTRIBUTORS files for details. + */ + +#ifndef SQUID_FS_ROCK_FORWARD_H +#define SQUID_FS_ROCK_FORWARD_H + +namespace Ipc +{ + +class StoreMapAnchor; +class StoreMapSlice; + +namespace Mem +{ +class PageId; +} + +} + +namespace Rock +{ + +class SwapDir; + +/// db cell number, starting with cell 0 (always occupied by the db header) +typedef sfileno SlotId; + +class Rebuild; + +class IoState; + +class DbCellHeader; + +} + +#endif /* SQUID_FS_ROCK_FORWARD_H */ + diff -u -r -N squid-3.5.8/src/fs/rock/RockForward.h squid-3.5.9/src/fs/rock/RockForward.h --- squid-3.5.8/src/fs/rock/RockForward.h 2015-09-01 12:52:00.000000000 -0700 +++ squid-3.5.9/src/fs/rock/RockForward.h 1969-12-31 16:00:00.000000000 -0800 @@ -1,42 +0,0 @@ -/* - * Copyright (C) 1996-2015 The Squid Software Foundation and contributors - * - * Squid software is distributed under GPLv2+ license and includes - * contributions from numerous individuals and organizations. - * Please see the COPYING and CONTRIBUTORS files for details. - */ - -#ifndef SQUID_FS_ROCK_FORWARD_H -#define SQUID_FS_ROCK_FORWARD_H - -namespace Ipc -{ - -class StoreMapAnchor; -class StoreMapSlice; - -namespace Mem -{ -class PageId; -} - -} - -namespace Rock -{ - -class SwapDir; - -/// db cell number, starting with cell 0 (always occupied by the db header) -typedef sfileno SlotId; - -class Rebuild; - -class IoState; - -class DbCellHeader; - -} - -#endif /* SQUID_FS_ROCK_FORWARD_H */ - diff -u -r -N squid-3.5.8/src/fs/rock/RockRebuild.h squid-3.5.9/src/fs/rock/RockRebuild.h --- squid-3.5.8/src/fs/rock/RockRebuild.h 2015-09-01 12:52:00.000000000 -0700 +++ squid-3.5.9/src/fs/rock/RockRebuild.h 2015-09-17 06:06:28.000000000 -0700 @@ -11,7 +11,7 @@ #include "base/AsyncJob.h" #include "cbdata.h" -#include "fs/rock/RockForward.h" +#include "fs/rock/forward.h" #include "MemBuf.h" #include "store_rebuild.h" diff -u -r -N squid-3.5.8/src/fs/rock/RockSwapDir.h squid-3.5.9/src/fs/rock/RockSwapDir.h --- squid-3.5.8/src/fs/rock/RockSwapDir.h 2015-09-01 12:52:00.000000000 -0700 +++ squid-3.5.9/src/fs/rock/RockSwapDir.h 2015-09-17 06:06:28.000000000 -0700 @@ -11,8 +11,8 @@ #include "DiskIO/DiskFile.h" #include "DiskIO/IORequestor.h" +#include "fs/rock/forward.h" #include "fs/rock/RockDbCell.h" -#include "fs/rock/RockForward.h" #include "ipc/mem/Page.h" #include "ipc/mem/PageStack.h" #include "ipc/StoreMap.h" diff -u -r -N squid-3.5.8/src/fs/ufs/UFSSwapDir.cc squid-3.5.9/src/fs/ufs/UFSSwapDir.cc --- squid-3.5.8/src/fs/ufs/UFSSwapDir.cc 2015-09-01 12:52:00.000000000 -0700 +++ squid-3.5.9/src/fs/ufs/UFSSwapDir.cc 2015-09-17 06:06:28.000000000 -0700 @@ -440,18 +440,25 @@ * of low-, high- water and the total capacity limit. */ - /* We can't delete objects while rebuilding swap */ - /* XXX FIXME each store should start maintaining as it comes online. */ - if (StoreController::store_dirs_rebuilding) { - debugs(47, DBG_IMPORTANT, StoreController::store_dirs_rebuilding << " cache_dir still rebuilding. Skip GC for " << path); - return; - } - // minSize() is swap_low_watermark in bytes const uint64_t lowWaterSz = minSize(); if (currentSize() < lowWaterSz) { - debugs(47, 2, "space still available in " << path); + debugs(47, 5, "space still available in " << path); + return; + } + + /* We can't delete objects while rebuilding swap */ + /* XXX each store should start maintaining as it comes online. */ + if (StoreController::store_dirs_rebuilding) { + // suppress the warnings, except once each minute + static int64_t lastWarn = 0; + int warnLevel = 3; + if (lastWarn+60 < squid_curtime) { + lastWarn = squid_curtime; + warnLevel = DBG_IMPORTANT; + } + debugs(47, warnLevel, StoreController::store_dirs_rebuilding << " cache_dir still rebuilding. Skip GC for " << path); return; } diff -u -r -N squid-3.5.8/src/ssl/bio.cc squid-3.5.9/src/ssl/bio.cc --- squid-3.5.8/src/ssl/bio.cc 2015-09-01 12:52:00.000000000 -0700 +++ squid-3.5.9/src/ssl/bio.cc 2015-09-17 06:06:28.000000000 -0700 @@ -873,15 +873,17 @@ } bool -Ssl::Bio::sslFeatures::parseV3ServerHello(const unsigned char *hello, size_t size) +Ssl::Bio::sslFeatures::parseV3ServerHello(const unsigned char *messageContainer, size_t messageContainerSize) { // Parse a ServerHello Handshake message // RFC5246 section 7.4, 7.4.1.3 - // The ServerHello starts at hello+5 - const size_t helloSize = (hello[6] << 16) | (hello[7] << 8) | hello[8]; + // The ServerHello starts at messageContainer + 5 + const unsigned char *serverHello = messageContainer + 5; + + // The Length field (bytes 1-3) plus 4 bytes of the serverHello message header (1 handshake type + 3 hello length) + const size_t helloSize = ((serverHello[1] << 16) | (serverHello[2] << 8) | serverHello[3]) + 4; debugs(83, 7, "ServerHello message size: " << helloSize); - // helloSize should be msgSize + hello Header (4 bytes) - if (helloSize + 4 > size) { + if (helloSize > messageContainerSize) { debugs(83, 2, "ServerHello parse error"); return false; } @@ -895,32 +897,32 @@ debugs(83, 7, "Get fake features from v3 ServerHello message."); // Get the correct version of the sub-hello message - sslVersion = (hello[9] << 8) | hello[10]; - // At the position 43 (MsgHeader(5 bytes) + HelloHeader (6bytes) + SSL3_RANDOM_SIZE (32bytes)) - const size_t sessIdLen = (size_t)hello[43]; + sslVersion = (serverHello[4] << 8) | serverHello[5]; + // At the position 38 (HelloHeader (6bytes) + SSL3_RANDOM_SIZE (32bytes)) + const size_t sessIdLen = static_cast(serverHello[38]); debugs(83, 7, "Session ID Length: " << sessIdLen); // The size should be enough to hold at least the following - // 5 MsgHelloHeader + 4 (hello header) + // 4 (hello header) // + 2 (SSL Version) + 32 (random) + 1 (sessionId length) // + sessIdLength + 2 (cipher suite) + 1 (compression method) - // = 47 + sessIdLength - if (47 + sessIdLen > size) { + // = 42 + sessIdLength + if (42 + sessIdLen > helloSize) { debugs(83, 2, "ciphers length parse error"); return false; } - // The sessionID stored at 44 position, after sessionID length field - sessionId.assign((const char *)(hello + 44), sessIdLen); + // The sessionID stored at 39 position, after sessionID length field + sessionId.assign(reinterpret_cast(serverHello + 39), sessIdLen); // Check if there are extensions in hello message // RFC5246 section 7.4.1.4 - if (size > 47 + sessIdLen + 2) { - // 47 + sessIdLen - const unsigned char *pToExtensions = hello + 47 + sessIdLen; + if (helloSize > 42 + sessIdLen + 2) { + // 42 + sessIdLen + const unsigned char *pToExtensions = serverHello + 42 + sessIdLen; const size_t extensionsLen = (pToExtensions[0] << 8) | pToExtensions[1]; // Check if the hello size can hold extensions - if (47 + 2 + sessIdLen + extensionsLen > size ) { + if (42 + 2 + sessIdLen + extensionsLen > helloSize ) { debugs(83, 2, "Extensions length parse error"); return false; } @@ -928,9 +930,9 @@ pToExtensions += 2; const unsigned char *ext = pToExtensions; while (ext + 4 <= pToExtensions + extensionsLen) { - const short extType = (ext[0] << 8) | ext[1]; + const size_t extType = (ext[0] << 8) | ext[1]; ext += 2; - const short extLen = (ext[0] << 8) | ext[1]; + const size_t extLen = (ext[0] << 8) | ext[1]; ext += 2; debugs(83, 7, "TLS Extension: " << std::hex << extType << " of size:" << extLen); // SessionTicket TLS Extension, RFC5077 section 3.2 @@ -944,17 +946,18 @@ } bool -Ssl::Bio::sslFeatures::parseV3Hello(const unsigned char *hello, size_t size) +Ssl::Bio::sslFeatures::parseV3Hello(const unsigned char *messageContainer, size_t messageContainerSize) { // Parse a ClientHello Handshake message // RFC5246 section 7.4, 7.4.1.2 - // The ClientHello starts at hello+5 + // The ClientHello starts at messageContainer + 5 + const unsigned char * clientHello = messageContainer + 5; debugs(83, 7, "Get fake features from v3 ClientHello message."); - const size_t helloSize = (hello[6] << 16) | (hello[7] << 8) | hello[8]; + // The Length field (bytes 1-3) plus 4 bytes of the clientHello message header (1 handshake type + 3 hello length) + const size_t helloSize = ((clientHello[1] << 16) | (clientHello[2] << 8) | clientHello[3]) + 4; debugs(83, 7, "ClientHello message size: " << helloSize); - // helloSize should be size + hello Header (4 bytes) - if (helloSize + 4 > size) { + if (helloSize > messageContainerSize) { debugs(83, 2, "ClientHello parse error"); return false; } @@ -967,118 +970,124 @@ } //For SSLv3 or TLSv1.* protocols we can get some more informations - if (hello[1] == 0x3 && hello[5] == 0x1 /*HELLO A message*/) { - // Get the correct version of the sub-hello message - sslVersion = (hello[9] << 8) | hello[10]; - //Get Client Random number. It starts on the position 11 of hello message - memcpy(client_random, hello + 11, SSL3_RANDOM_SIZE); - debugs(83, 7, "Client random: " << objToString(client_random, SSL3_RANDOM_SIZE)); - - // At the position 43 (11+SSL3_RANDOM_SIZE) - const size_t sessIDLen = (size_t)hello[43]; - debugs(83, 7, "Session ID Length: " << sessIDLen); - - // The size should be enough to hold at least the following - // 5 MsgHelloHeader + 4 (hello header) - // + 2 (SSL Version) + 32 (random) + 1 (sessionId length) - // + sessIdLength + 2 (cipher suite length) + 1 (compression method length) - // = 47 + sessIdLength - if (47 + sessIDLen > size) - return false; + if (messageContainer[1] != 0x3 || clientHello[0] != 0x1 /*HELLO A message*/) { + debugs(83, 2, "Not an SSLv3/TLSv1.x client hello message, stop parsing here"); + return true; + } - // The sessionID stored art 44 position, after sessionID length field - sessionId.assign((const char *)(hello + 44), sessIDLen); + // Get the correct version of the sub-hello message + sslVersion = (clientHello[4] << 8) | clientHello[5]; + //Get Client Random number. It starts on the position 6 of clientHello message + memcpy(client_random, clientHello + 6, SSL3_RANDOM_SIZE); + debugs(83, 7, "Client random: " << objToString(client_random, SSL3_RANDOM_SIZE)); + + // At the position 38 (6+SSL3_RANDOM_SIZE) + const size_t sessIDLen = static_cast(clientHello[38]); + debugs(83, 7, "Session ID Length: " << sessIDLen); - //Ciphers list. It is stored after the Session ID. - // It is a variable-length vector(RFC5246 section 4.3) - const unsigned char *ciphers = hello + 44 + sessIDLen; - const size_t ciphersLen = (ciphers[0] << 8) | ciphers[1]; - if (47 + sessIDLen + ciphersLen > size) { - debugs(83, 2, "ciphers length parse error"); - return false; + // The helloSize should be enough to hold at least the following + // 1 handshake type + 3 hello Length + // + 2 (SSL Version) + 32 (random) + 1 (sessionId length) + // + sessIdLength + 2 (cipher suite length) + 1 (compression method length) + // = 42 + sessIdLength + if (42 + sessIDLen > helloSize) { + debugs(83, 2, "Session ID length parse error"); + return false; + } + + // The sessionID stored art 39 position, after sessionID length field + sessionId.assign(reinterpret_cast(clientHello + 39), sessIDLen); + + //Ciphers list. It is stored after the Session ID. + // It is a variable-length vector(RFC5246 section 4.3) + const unsigned char *ciphers = clientHello + 39 + sessIDLen; + const size_t ciphersLen = (ciphers[0] << 8) | ciphers[1]; + if (42 + sessIDLen + ciphersLen > helloSize) { + debugs(83, 2, "ciphers length parse error"); + return false; + } + + ciphers += 2; + if (ciphersLen) { + const SSL_METHOD *method = SSLv3_method(); + const int cs = method->put_cipher_by_char(NULL, NULL); + assert(cs > 0); + for (size_t i = 0; i < ciphersLen; i += cs) { + const SSL_CIPHER *c = method->get_cipher_by_char((ciphers + i)); + if (c != NULL) { + if (!clientRequestedCiphers.empty()) + clientRequestedCiphers.append(":"); + clientRequestedCiphers.append(c->name); + } else + unknownCiphers = true; } + } + debugs(83, 7, "Ciphers requested by client: " << clientRequestedCiphers); - ciphers += 2; - if (ciphersLen) { - const SSL_METHOD *method = SSLv3_method(); - const int cs = method->put_cipher_by_char(NULL, NULL); - assert(cs > 0); - for (size_t i = 0; i < ciphersLen; i += cs) { - const SSL_CIPHER *c = method->get_cipher_by_char((ciphers + i)); - if (c != NULL) { - if (!clientRequestedCiphers.empty()) - clientRequestedCiphers.append(":"); - clientRequestedCiphers.append(c->name); - } else - unknownCiphers = true; - } + // Compression field: 1 bytes the number of compression methods and + // 1 byte for each compression method + const unsigned char *compression = ciphers + ciphersLen; + if (compression[0] > 1) + compressMethod = 1; + else + compressMethod = 0; + debugs(83, 7, "SSL compression methods number: " << static_cast(compression[0])); + + // Parse Extensions, RFC5246 section 7.4.1.4 + const unsigned char *pToExtensions = compression + 1 + static_cast(compression[0]); + if ((size_t)((pToExtensions - clientHello) + 2) < helloSize) { + const size_t extensionsLen = (pToExtensions[0] << 8) | pToExtensions[1]; + if ((pToExtensions - clientHello) + 2 + extensionsLen > helloSize) { + debugs(83, 2, "Extensions length parse error"); + return false; } - debugs(83, 7, "Ciphers requested by client: " << clientRequestedCiphers); - // Compression field: 1 bytes the number of compression methods and - // 1 byte for each compression method - const unsigned char *compression = ciphers + ciphersLen; - if (compression[0] > 1) - compressMethod = 1; - else - compressMethod = 0; - debugs(83, 7, "SSL compression methods number: " << (int)compression[0]); - - // Parse Extensions, RFC5246 section 7.4.1.4 - const unsigned char *pToExtensions = compression + 1 + (int)compression[0]; - if ((size_t)((pToExtensions - hello) + 2) < size) { - const size_t extensionsLen = (pToExtensions[0] << 8) | pToExtensions[1]; - if ((pToExtensions - hello) + 2 + extensionsLen > size) { - debugs(83, 2, "Extensions length parse error"); + pToExtensions += 2; + const unsigned char *ext = pToExtensions; + while (ext + 4 <= pToExtensions + extensionsLen) { + const size_t extType = (ext[0] << 8) | ext[1]; + ext += 2; + const size_t extLen = (ext[0] << 8) | ext[1]; + ext += 2; + debugs(83, 7, "TLS Extension: " << std::hex << extType << " of size:" << extLen); + + if (ext + extLen > pToExtensions + extensionsLen) { + debugs(83, 2, "Extension " << std::hex << extType << " length parser error"); return false; } - pToExtensions += 2; - const unsigned char *ext = pToExtensions; - while (ext + 4 <= pToExtensions + extensionsLen) { - const short extType = (ext[0] << 8) | ext[1]; - ext += 2; - const short extLen = (ext[0] << 8) | ext[1]; - ext += 2; - debugs(83, 7, "TLS Extension: " << std::hex << extType << " of size:" << extLen); - - if (ext + extLen > pToExtensions + extensionsLen) { - debugs(83, 2, "Extension " << std::hex << extType << " length parser error"); - return false; - } - - //The SNI extension has the type 0 (extType == 0) - // RFC6066 sections 3, 10.2 - // The two first bytes indicates the length of the SNI data (should be extLen-2) - // The next byte is the hostname type, it should be '0' for normal hostname (ext[2] == 0) - // The 3rd and 4th bytes are the length of the hostname - if (extType == 0 && ext[2] == 0) { - const int hostLen = (ext[3] << 8) | ext[4]; - serverName.assign((const char *)(ext+5), hostLen); - debugs(83, 7, "Found server name: " << serverName); - } else if (extType == 15 && ext[0] != 0) { - // The heartBeats are the type 15, RFC6520 - doHeartBeats = true; - } else if (extType == 0x23) { - //SessionTicket TLS Extension RFC5077 - tlsTicketsExtension = true; - if (extLen != 0) - hasTlsTicket = true; - } else if (extType == 0x05) { - // RFC6066 sections 8, 10.2 - tlsStatusRequest = true; - } else if (extType == 0x3374) { - // detected TLS next protocol negotiate extension - } else if (extType == 0x10) { - // Application-Layer Protocol Negotiation Extension, RFC7301 - const int listLen = (ext[0] << 8) | ext[1]; - if (listLen < extLen) - tlsAppLayerProtoNeg.assign((const char *)(ext+5), listLen); - } else - extensions.push_back(extType); + //The SNI extension has the type 0 (extType == 0) + // RFC6066 sections 3, 10.2 + // The two first bytes indicates the length of the SNI data (should be extLen-2) + // The next byte is the hostname type, it should be '0' for normal hostname (ext[2] == 0) + // The 3rd and 4th bytes are the length of the hostname + if (extType == 0 && ext[2] == 0) { + const size_t hostLen = (ext[3] << 8) | ext[4]; + if (hostLen < extLen) + serverName.assign(reinterpret_cast(ext+5), hostLen); + debugs(83, 7, "Found server name: " << serverName); + } else if (extType == 15 && ext[0] != 0) { + // The heartBeats are the type 15, RFC6520 + doHeartBeats = true; + } else if (extType == 0x23) { + //SessionTicket TLS Extension RFC5077 + tlsTicketsExtension = true; + if (extLen != 0) + hasTlsTicket = true; + } else if (extType == 0x05) { + // RFC6066 sections 8, 10.2 + tlsStatusRequest = true; + } else if (extType == 0x3374) { + // detected TLS next protocol negotiate extension + } else if (extType == 0x10) { + // Application-Layer Protocol Negotiation Extension, RFC7301 + const size_t listLen = (ext[0] << 8) | ext[1]; + if (listLen < extLen) + tlsAppLayerProtoNeg.assign(reinterpret_cast(ext+5), listLen); + } else + extensions.push_back(extType); - ext += extLen; - } + ext += extLen; } } return true; diff -u -r -N squid-3.5.8/src/tunnel.cc squid-3.5.9/src/tunnel.cc --- squid-3.5.8/src/tunnel.cc 2015-09-01 12:52:00.000000000 -0700 +++ squid-3.5.9/src/tunnel.cc 2015-09-17 06:06:28.000000000 -0700 @@ -1099,8 +1099,8 @@ packerClean(&p); mb.append("\r\n", 2); - debugs(11, 2, "Tunnel Server REQUEST: " << tunnelState->server.conn << ":\n----------\n" << - Raw("tunnelRelayConnectRequest", mb.content(), mb.contentSize()) << "\n----------"); + debugs(11, 2, "Tunnel Server REQUEST: " << tunnelState->server.conn << + ":\n----------\n" << mb.buf << "\n----------"); AsyncCall::Pointer writeCall = commCbCall(5,5, "tunnelConnectReqWriteDone", CommIoCbPtrFun(tunnelConnectReqWriteDone,