diff -u -r -N squid-4.0.9/cfgaux/config.guess squid-4.0.10/cfgaux/config.guess --- squid-4.0.9/cfgaux/config.guess 2016-04-21 01:21:01.000000000 +1200 +++ squid-4.0.10/cfgaux/config.guess 2016-05-06 23:36:20.000000000 +1200 @@ -1,8 +1,8 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2015 Free Software Foundation, Inc. +# Copyright 1992-2016 Free Software Foundation, Inc. -timestamp='2015-08-20' +timestamp='2016-04-02' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -27,7 +27,7 @@ # Originally written by Per Bothner; maintained since 2000 by Ben Elliston. # # You can get the latest version of this script from: -# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess # # Please send patches to . @@ -50,7 +50,7 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2015 Free Software Foundation, Inc. +Copyright 1992-2016 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -237,6 +237,10 @@ UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} exit ;; + *:LibertyBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-libertybsd${UNAME_RELEASE} + exit ;; *:ekkoBSD:*:*) echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} exit ;; @@ -268,42 +272,42 @@ ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` case "$ALPHA_CPU_TYPE" in "EV4 (21064)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "EV4.5 (21064)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "LCA4 (21066/21068)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "EV5 (21164)") - UNAME_MACHINE="alphaev5" ;; + UNAME_MACHINE=alphaev5 ;; "EV5.6 (21164A)") - UNAME_MACHINE="alphaev56" ;; + UNAME_MACHINE=alphaev56 ;; "EV5.6 (21164PC)") - UNAME_MACHINE="alphapca56" ;; + UNAME_MACHINE=alphapca56 ;; "EV5.7 (21164PC)") - UNAME_MACHINE="alphapca57" ;; + UNAME_MACHINE=alphapca57 ;; "EV6 (21264)") - UNAME_MACHINE="alphaev6" ;; + UNAME_MACHINE=alphaev6 ;; "EV6.7 (21264A)") - UNAME_MACHINE="alphaev67" ;; + UNAME_MACHINE=alphaev67 ;; "EV6.8CB (21264C)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.8AL (21264B)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.8CX (21264D)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.9A (21264/EV69A)") - UNAME_MACHINE="alphaev69" ;; + UNAME_MACHINE=alphaev69 ;; "EV7 (21364)") - UNAME_MACHINE="alphaev7" ;; + UNAME_MACHINE=alphaev7 ;; "EV7.9 (21364A)") - UNAME_MACHINE="alphaev79" ;; + UNAME_MACHINE=alphaev79 ;; esac # A Pn.n version is a patched version. # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. - echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` # Reset EXIT trap before exiting to avoid spurious non-zero exit code. exitcode=$? trap '' 0 @@ -376,16 +380,16 @@ exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) eval $set_cc_for_build - SUN_ARCH="i386" + SUN_ARCH=i386 # If there is a compiler, see if it is configured for 64-bit objects. # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. # This test works for both compilers. - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then - SUN_ARCH="x86_64" + SUN_ARCH=x86_64 fi fi echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` @@ -410,7 +414,7 @@ exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` - test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 + test "x${UNAME_RELEASE}" = x && UNAME_RELEASE=3 case "`/bin/arch`" in sun3) echo m68k-sun-sunos${UNAME_RELEASE} @@ -635,13 +639,13 @@ sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` case "${sc_cpu_version}" in - 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 - 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0 + 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 case "${sc_kernel_bits}" in - 32) HP_ARCH="hppa2.0n" ;; - 64) HP_ARCH="hppa2.0w" ;; - '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 + 32) HP_ARCH=hppa2.0n ;; + 64) HP_ARCH=hppa2.0w ;; + '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20 esac ;; esac fi @@ -680,11 +684,11 @@ exit (0); } EOF - (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` + (CCOPTS="" $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac - if [ ${HP_ARCH} = "hppa2.0w" ] + if [ ${HP_ARCH} = hppa2.0w ] then eval $set_cc_for_build @@ -697,12 +701,12 @@ # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess # => hppa64-hp-hpux11.23 - if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | + if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | grep -q __LP64__ then - HP_ARCH="hppa2.0w" + HP_ARCH=hppa2.0w else - HP_ARCH="hppa64" + HP_ARCH=hppa64 fi fi echo ${HP_ARCH}-hp-hpux${HPUX_REV} @@ -807,14 +811,14 @@ echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) - FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; 5000:UNIX_System_V:4.*:*) - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'` echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) @@ -896,7 +900,7 @@ exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland - echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix @@ -919,7 +923,7 @@ EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 - if test "$?" = 0 ; then LIBC="gnulibc1" ; fi + if test "$?" = 0 ; then LIBC=gnulibc1 ; fi echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; arc:Linux:*:* | arceb:Linux:*:*) @@ -965,6 +969,9 @@ ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; + k1om:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; m32r*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; @@ -1120,7 +1127,7 @@ # uname -m prints for DJGPP always 'pc', but it prints nothing about # the processor, so we play safe by assuming i586. # Note: whatever this is, it MUST be the same as what config.sub - # prints for the "djgpp" host, or else GDB configury will decide that + # prints for the "djgpp" host, or else GDB configure will decide that # this is a cross-build. echo i586-pc-msdosdjgpp exit ;; @@ -1269,6 +1276,9 @@ SX-8R:SUPER-UX:*:*) echo sx8r-nec-superux${UNAME_RELEASE} exit ;; + SX-ACE:SUPER-UX:*:*) + echo sxace-nec-superux${UNAME_RELEASE} + exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit ;; @@ -1282,9 +1292,9 @@ UNAME_PROCESSOR=powerpc fi if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then case $UNAME_PROCESSOR in @@ -1306,7 +1316,7 @@ exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` - if test "$UNAME_PROCESSOR" = "x86"; then + if test "$UNAME_PROCESSOR" = x86; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi @@ -1337,7 +1347,7 @@ # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. - if test "$cputype" = "386"; then + if test "$cputype" = 386; then UNAME_MACHINE=i386 else UNAME_MACHINE="$cputype" @@ -1379,7 +1389,7 @@ echo i386-pc-xenix exit ;; i*86:skyos:*:*) - echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' + echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE} | sed -e 's/ .*$//'` exit ;; i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos @@ -1390,6 +1400,9 @@ x86_64:VMkernel:*:*) echo ${UNAME_MACHINE}-unknown-esx exit ;; + amd64:Isilon\ OneFS:*:*) + echo x86_64-unknown-onefs + exit ;; esac cat >&2 <32KB) shm misses. + - ... and some documentation and code cleanup + - ... and all fixes from 3.5.18 + Changes to squid-4.0.9 (20 Apr 2016): - - Bug #4405: assertion failed: comm.cc:554: "Comm::IsConnOpen(conn)" + - Bug 4405: assertion failed: comm.cc:554: "Comm::IsConnOpen(conn)" - Add a new error page token for unquoted external ACL messages. - Stop parsing response prefix after discovering an "HTTP/0.9" response. - ... and some documentation updates @@ -148,6 +155,16 @@ - ... and many documentation changes - ... and much code cleanup and polishing +Changes to squid-3.5.18 (06 May 2016): + + - Bug 4510: stale comment about 32KB limit on shared memory cache entries + - Bug 4509: EUI compile error on NetBSD + - Bug 4501: HTTP/1.1: normalize Host header + - Bug 4498: URL-unescape the login-info after extraction from URI + - Bug 4455: SegFault from ESIInclude::Start + - Prevent Squid forcing -b 2048 into the arguments for sslcrtd_program + - Fix TLS/SSL server handshake alert handling + Changes to squid-3.5.17 (20 Apr 2016): - Regression Bug 4480: logformat [.width_max] diff -u -r -N squid-4.0.9/configure squid-4.0.10/configure --- squid-4.0.9/configure 2016-04-21 01:22:03.000000000 +1200 +++ squid-4.0.10/configure 2016-05-06 23:37:23.000000000 +1200 @@ -1,7 +1,7 @@ #! /bin/sh # From configure.ac Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for Squid Web Proxy 4.0.9. +# Generated by GNU Autoconf 2.69 for Squid Web Proxy 4.0.10. # # Report bugs to . # @@ -595,8 +595,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='4.0.9' -PACKAGE_STRING='Squid Web Proxy 4.0.9' +PACKAGE_VERSION='4.0.10' +PACKAGE_STRING='Squid Web Proxy 4.0.10' PACKAGE_BUGREPORT='http://bugs.squid-cache.org/' PACKAGE_URL='' @@ -1650,7 +1650,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 4.0.9 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 4.0.10 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1721,7 +1721,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 4.0.9:";; + short | recursive ) echo "Configuration of Squid Web Proxy 4.0.10:";; esac cat <<\_ACEOF @@ -2148,7 +2148,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 4.0.9 +Squid Web Proxy configure 4.0.10 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -3252,7 +3252,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 4.0.9, which was +It was created by Squid Web Proxy $as_me 4.0.10, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4119,7 +4119,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='4.0.9' + VERSION='4.0.10' cat >>confdefs.h <<_ACEOF @@ -42473,7 +42473,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 4.0.9, which was +This file was extended by Squid Web Proxy $as_me 4.0.10, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -42539,7 +42539,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Squid Web Proxy config.status 4.0.9 +Squid Web Proxy config.status 4.0.10 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -u -r -N squid-4.0.9/configure.ac squid-4.0.10/configure.ac --- squid-4.0.9/configure.ac 2016-04-21 01:22:03.000000000 +1200 +++ squid-4.0.10/configure.ac 2016-05-06 23:37:23.000000000 +1200 @@ -5,7 +5,7 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -AC_INIT([Squid Web Proxy],[4.0.9],[http://bugs.squid-cache.org/],[squid]) +AC_INIT([Squid Web Proxy],[4.0.10],[http://bugs.squid-cache.org/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) diff -u -r -N squid-4.0.9/doc/release-notes/release-4.html squid-4.0.10/doc/release-notes/release-4.html --- squid-4.0.9/doc/release-notes/release-4.html 2016-04-21 02:16:10.000000000 +1200 +++ squid-4.0.10/doc/release-notes/release-4.html 2016-05-07 00:29:29.000000000 +1200 @@ -2,10 +2,10 @@ - Squid 4.0.9 release notes + Squid 4.0.10 release notes -

Squid 4.0.9 release notes

+

Squid 4.0.10 release notes

Squid Developers

@@ -61,7 +61,7 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-4.0.9 for testing.

+

The Squid Team are pleased to announce the release of Squid-4.0.10 for testing.

This new release is available for download from http://www.squid-cache.org/Versions/v4/ or the mirrors.

diff -u -r -N squid-4.0.9/include/version.h squid-4.0.10/include/version.h --- squid-4.0.9/include/version.h 2016-04-21 01:22:03.000000000 +1200 +++ squid-4.0.10/include/version.h 2016-05-06 23:37:24.000000000 +1200 @@ -7,7 +7,7 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1461158391 +#define SQUID_RELEASE_TIME 1462534506 #endif /* diff -u -r -N squid-4.0.9/RELEASENOTES.html squid-4.0.10/RELEASENOTES.html --- squid-4.0.9/RELEASENOTES.html 2016-04-21 02:16:10.000000000 +1200 +++ squid-4.0.10/RELEASENOTES.html 2016-05-07 00:29:29.000000000 +1200 @@ -2,10 +2,10 @@ - Squid 4.0.9 release notes + Squid 4.0.10 release notes -

Squid 4.0.9 release notes

+

Squid 4.0.10 release notes

Squid Developers

@@ -61,7 +61,7 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-4.0.9 for testing.

+

The Squid Team are pleased to announce the release of Squid-4.0.10 for testing.

This new release is available for download from http://www.squid-cache.org/Versions/v4/ or the mirrors.

diff -u -r -N squid-4.0.9/src/acl/external/delayer/ext_delayer_acl.8 squid-4.0.10/src/acl/external/delayer/ext_delayer_acl.8 --- squid-4.0.9/src/acl/external/delayer/ext_delayer_acl.8 2016-04-21 02:16:49.000000000 +1200 +++ squid-4.0.10/src/acl/external/delayer/ext_delayer_acl.8 2016-05-07 00:30:34.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_DELAYER_ACL 8" -.TH EXT_DELAYER_ACL 8 "2016-04-20" "perl v5.22.1" "User Contributed Perl Documentation" +.TH EXT_DELAYER_ACL 8 "2016-05-06" "perl v5.22.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-4.0.9/src/acl/external/SQL_session/ext_sql_session_acl.8 squid-4.0.10/src/acl/external/SQL_session/ext_sql_session_acl.8 --- squid-4.0.9/src/acl/external/SQL_session/ext_sql_session_acl.8 2016-04-21 02:16:56.000000000 +1200 +++ squid-4.0.10/src/acl/external/SQL_session/ext_sql_session_acl.8 2016-05-07 00:30:46.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_SQL_SESSION_ACL 8" -.TH EXT_SQL_SESSION_ACL 8 "2016-04-20" "perl v5.22.1" "User Contributed Perl Documentation" +.TH EXT_SQL_SESSION_ACL 8 "2016-05-06" "perl v5.22.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-4.0.9/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 squid-4.0.10/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 --- squid-4.0.9/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 2016-04-21 02:16:59.000000000 +1200 +++ squid-4.0.10/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 2016-05-07 00:30:51.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_WBINFO_GROUP_ACL 8" -.TH EXT_WBINFO_GROUP_ACL 8 "2016-04-20" "perl v5.22.1" "User Contributed Perl Documentation" +.TH EXT_WBINFO_GROUP_ACL 8 "2016-05-06" "perl v5.22.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-4.0.9/src/auth/basic/DB/basic_db_auth.8 squid-4.0.10/src/auth/basic/DB/basic_db_auth.8 --- squid-4.0.9/src/auth/basic/DB/basic_db_auth.8 2016-04-21 02:17:22.000000000 +1200 +++ squid-4.0.10/src/auth/basic/DB/basic_db_auth.8 2016-05-07 00:31:30.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_DB_AUTH 8" -.TH BASIC_DB_AUTH 8 "2016-04-20" "perl v5.22.1" "User Contributed Perl Documentation" +.TH BASIC_DB_AUTH 8 "2016-05-06" "perl v5.22.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-4.0.9/src/auth/basic/POP3/basic_pop3_auth.8 squid-4.0.10/src/auth/basic/POP3/basic_pop3_auth.8 --- squid-4.0.9/src/auth/basic/POP3/basic_pop3_auth.8 2016-04-21 02:17:29.000000000 +1200 +++ squid-4.0.10/src/auth/basic/POP3/basic_pop3_auth.8 2016-05-07 00:31:41.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_POP3_AUTH 8" -.TH BASIC_POP3_AUTH 8 "2016-04-20" "perl v5.22.1" "User Contributed Perl Documentation" +.TH BASIC_POP3_AUTH 8 "2016-05-06" "perl v5.22.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-4.0.9/src/cf.data.pre squid-4.0.10/src/cf.data.pre --- squid-4.0.9/src/cf.data.pre 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/cf.data.pre 2016-05-06 23:35:13.000000000 +1200 @@ -3647,8 +3647,6 @@ To avoid blocking locks, shared memory uses opportunistic algorithms that do not guarantee that every cachable entity that could have been shared among SMP workers will actually be shared. - - Currently, entities exceeding 32KB in size cannot be shared. DOC_END NAME: memory_cache_mode diff -u -r -N squid-4.0.9/src/client_db.cc squid-4.0.10/src/client_db.cc --- squid-4.0.9/src/client_db.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/client_db.cc 2016-05-06 23:35:13.000000000 +1200 @@ -52,32 +52,40 @@ #define CLIENT_DB_HASH_SIZE 467 #endif -static ClientInfo * - -clientdbAdd(const Ip::Address &addr) -{ - ClientInfo *c; - char *buf = static_cast(xmalloc(MAX_IPSTRLEN)); // becomes hash.key - c = (ClientInfo *)memAllocate(MEM_CLIENT_INFO); - debugs(77, 9, "ClientInfo constructed, this=" << c); - c->hash.key = addr.toStr(buf,MAX_IPSTRLEN); - c->addr = addr; +ClientInfo::ClientInfo(const Ip::Address &ip) : + addr(ip), + n_established(0), + last_seen(0) #if USE_DELAY_POOLS - /* setup default values for client write limiter */ - c->writeLimitingActive=false; - c->writeSpeedLimit=0; - c->bucketSize = 0; - c->firstTimeConnection=true; - c->quotaQueue = NULL; - c->rationedQuota = 0; - c->rationedCount = 0; - c->selectWaiting = false; - c->eventWaiting = false; + , writeSpeedLimit(0), + prevTime(0), + bucketSize(0), + bucketSizeLimit(0), + writeLimitingActive(false), + firstTimeConnection(true), + quotaQueue(nullptr), + rationedQuota(0), + rationedCount(0), + selectWaiting(false), + eventWaiting(false) +#endif +{ + debugs(77, 9, "ClientInfo constructed, this=" << static_cast(this)); - /* get current time */ +#if USE_DELAY_POOLS getCurrentTime(); - c->prevTime=current_dtime;/* put current time to have something sensible here */ + /* put current time to have something sensible here */ + prevTime = current_dtime; #endif + + char *buf = static_cast(xmalloc(MAX_IPSTRLEN)); // becomes hash.key + hash.key = addr.toStr(buf,MAX_IPSTRLEN); +} + +static ClientInfo * +clientdbAdd(const Ip::Address &addr) +{ + ClientInfo *c = new ClientInfo(addr); hash_join(client_table, &c->hash); ++statCounter.client_http.clients; @@ -331,17 +339,21 @@ clientdbFreeItem(void *data) { ClientInfo *c = (ClientInfo *)data; - safe_free(c->hash.key); + delete c; +} + +ClientInfo::~ClientInfo() +{ + safe_free(hash.key); #if USE_DELAY_POOLS - if (CommQuotaQueue *q = c->quotaQueue) { + if (CommQuotaQueue *q = quotaQueue) { q->clientInfo = NULL; delete q; // invalidates cbdata, cancelling any pending kicks } #endif - debugs(77, 9, "ClientInfo destructed, this=" << c); - memFree(c, MEM_CLIENT_INFO); + debugs(77, 9, "ClientInfo destructed, this=" << static_cast(this)); } void diff -u -r -N squid-4.0.9/src/ClientInfo.h squid-4.0.10/src/ClientInfo.h --- squid-4.0.9/src/ClientInfo.h 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/ClientInfo.h 2016-05-06 23:35:13.000000000 +1200 @@ -15,6 +15,7 @@ #include "hash.h" #include "ip/Address.h" #include "LogTags.h" +#include "mem/forward.h" #include "typedefs.h" #include @@ -25,12 +26,21 @@ class ClientInfo { + MEMPROXY_CLASS(ClientInfo); + public: + explicit ClientInfo(const Ip::Address &); + ~ClientInfo(); + hash_link hash; /* must be first */ Ip::Address addr; - struct { + struct Protocol { + Protocol() : n_requests(0) { + memset(result_hist, 0, sizeof(result_hist)); + } + int result_hist[LOG_TYPE_MAX]; int n_requests; ByteCounter kbytes_in; @@ -38,7 +48,9 @@ ByteCounter hit_kbytes_out; } Http, Icp; - struct { + struct Cutoff { + Cutoff() : time(0), n_req(0), n_denied(0) {} + time_t time; int n_req; int n_denied; diff -u -r -N squid-4.0.9/src/client_side_request.cc squid-4.0.10/src/client_side_request.cc --- squid-4.0.9/src/client_side_request.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/client_side_request.cc 2016-05-06 23:35:13.000000000 +1200 @@ -169,16 +169,18 @@ setConn(aConn); al = new AccessLogEntry; al->cache.start_time = current_time; - al->tcpClient = clientConnection = aConn->clientConnection; - al->cache.port = aConn->port; - al->cache.caddr = aConn->log_addr; + if (aConn) { + al->tcpClient = clientConnection = aConn->clientConnection; + al->cache.port = aConn->port; + al->cache.caddr = aConn->log_addr; #if USE_OPENSSL - if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) { - if (auto ssl = fd_table[aConn->clientConnection->fd].ssl.get()) - al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl)); - } + if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) { + if (auto ssl = fd_table[aConn->clientConnection->fd].ssl.get()) + al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl)); + } #endif + } dlinkAdd(this, &active, &ClientActiveRequests); } diff -u -r -N squid-4.0.9/src/dns_internal.cc squid-4.0.10/src/dns_internal.cc --- squid-4.0.9/src/dns_internal.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/dns_internal.cc 2016-05-06 23:35:13.000000000 +1200 @@ -1626,7 +1626,6 @@ } if (!init) { - memDataInit(MEM_IDNS_QUERY, "idns_query", sizeof(idns_query), 0); memset(RcodeMatrix, '\0', sizeof(RcodeMatrix)); idns_lookup_hash = hash_create((HASHCMP *) strcmp, 103, hash_string); ++init; diff -u -r -N squid-4.0.9/src/esi/Assign.cc squid-4.0.10/src/esi/Assign.cc --- squid-4.0.9/src/esi/Assign.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/esi/Assign.cc 2016-05-06 23:35:13.000000000 +1200 @@ -18,6 +18,7 @@ #include "esi/Assign.h" #include "esi/Context.h" #include "esi/Sequence.h" +#include "HttpReply.h" ESIAssign::~ESIAssign() { diff -u -r -N squid-4.0.9/src/esi/Context.h squid-4.0.10/src/esi/Context.h --- squid-4.0.9/src/esi/Context.h 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/esi/Context.h 2016-05-06 23:35:13.000000000 +1200 @@ -13,6 +13,7 @@ #include "err_type.h" #include "esi/Element.h" #include "esi/Parser.h" +#include "http/forward.h" #include "http/StatusCode.h" class ESIVarState; @@ -92,7 +93,7 @@ err_type errorpage; /* if we error what page to use */ Http::StatusCode errorstatus; /* if we error, what code to return */ char *errormessage; /* error to pass to error page */ - HttpReply *rep; /* buffered until we pass data downstream */ + HttpReplyPointer rep; /* buffered until we pass data downstream */ ESISegment::Pointer buffered; /* unprocessed data - for whatever reason */ ESISegment::Pointer incoming; /* processed data we are waiting to send, or for diff -u -r -N squid-4.0.9/src/esi/Esi.cc squid-4.0.10/src/esi/Esi.cc --- squid-4.0.9/src/esi/Esi.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/esi/Esi.cc 2016-05-06 23:35:13.000000000 +1200 @@ -605,18 +605,18 @@ flags.clientwantsdata = 0; debugs(86, 5, "ESIContext::send: this=" << this << " Client no longer wants data "); /* Deal with re-entrancy */ - HttpReply *temprep = rep; + HttpReplyPointer temprep = rep; rep = NULL; /* freed downstream */ if (temprep && varState) - varState->buildVary (temprep); + varState->buildVary(temprep.getRaw()); { StoreIOBuffer tempBuffer; tempBuffer.length = len; tempBuffer.offset = pos - len; tempBuffer.data = next->readBuffer.data; - clientStreamCallback (thisNode, http, temprep, tempBuffer); + clientStreamCallback (thisNode, http, temprep.getRaw(), tempBuffer); } if (len == 0) @@ -1385,7 +1385,7 @@ { debugs(86, 5, HERE << "Freeing for this=" << this); - HTTPMSGUNLOCK(rep); + rep = nullptr; // refcounted finishChildren (); diff -u -r -N squid-4.0.9/src/eui/Eui48.cc squid-4.0.10/src/eui/Eui48.cc --- squid-4.0.9/src/eui/Eui48.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/eui/Eui48.cc 2016-05-06 23:35:13.000000000 +1200 @@ -371,7 +371,11 @@ mib[4] = NET_RT_FLAGS; +#if defined(RTF_LLDATA) + mib[5] = RTF_LLDATA; +#else mib[5] = RTF_LLINFO; +#endif if (sysctl(mib, 6, NULL, &needed, NULL, 0) < 0) { debugs(28, DBG_CRITICAL, "Can't estimate ARP table size!"); diff -u -r -N squid-4.0.9/src/fqdncache.cc squid-4.0.10/src/fqdncache.cc --- squid-4.0.9/src/fqdncache.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/fqdncache.cc 2016-05-06 23:35:13.000000000 +1200 @@ -72,7 +72,6 @@ #define FQDN_HIGH_WATER 95 /** - \ingroup FQDNCacheAPI * The data structure used for storing name-address mappings * is a small hashtable (static hash_table *fqdn_table), * where structures of type fqdncache_entry whose most @@ -80,7 +79,12 @@ */ class fqdncache_entry { + MEMPROXY_CLASS(fqdncache_entry); + public: + fqdncache_entry(const char *name); + ~fqdncache_entry(); + hash_link hash; /* must be first */ time_t lastref; time_t expires; @@ -94,7 +98,9 @@ dlink_node lru; unsigned short locks; - struct { + struct Flags { + Flags() : negcached(false), fromhosts(false) {} + bool negcached; bool fromhosts; } flags; @@ -117,7 +123,6 @@ static IDNSCB fqdncacheHandleReply; static int fqdncacheParse(fqdncache_entry *, const rfc1035_rr *, int, const char *error_message); static void fqdncacheRelease(fqdncache_entry *); -static fqdncache_entry *fqdncacheCreateEntry(const char *name); static void fqdncacheCallback(fqdncache_entry *, int wait); static fqdncache_entry *fqdncache_get(const char *); static int fqdncacheExpiredEntry(const fqdncache_entry *); @@ -151,21 +156,10 @@ static void fqdncacheRelease(fqdncache_entry * f) { - int k; hash_remove_link(fqdn_table, (hash_link *) f); - - for (k = 0; k < (int) f->name_count; ++k) - safe_free(f->names[k]); - debugs(35, 5, "fqdncacheRelease: Released FQDN record for '" << hashKeyStr(&f->hash) << "'."); - dlinkDelete(&f->lru, &lru_list); - - safe_free(f->hash.key); - - safe_free(f->error_message); - - memFree(f, MEM_FQDNCACHE_ENTRY); + delete f; } /** @@ -258,19 +252,19 @@ fqdncacheRelease(i); } -/** - \ingroup FQDNCacheInternal - * - * Create blank fqdncache_entry - */ -static fqdncache_entry * -fqdncacheCreateEntry(const char *name) +fqdncache_entry::fqdncache_entry(const char *name) : + lastref(0), + expires(squid_curtime + Config.negativeDnsTtl), + name_count(0), + handler(nullptr), + handlerData(nullptr), + error_message(nullptr), + locks(0) // XXX: use Lock { - static fqdncache_entry *f; - f = (fqdncache_entry *)memAllocate(MEM_FQDNCACHE_ENTRY); - f->hash.key = xstrdup(name); - f->expires = squid_curtime + Config.negativeDnsTtl; - return f; + hash.key = xstrdup(name); + + memset(&request_time, 0, sizeof(request_time)); + memset(&names, 0, sizeof(names)); } /// \ingroup FQDNCacheInternal @@ -464,7 +458,7 @@ debugs(35, 5, "fqdncache_nbgethostbyaddr: MISS for '" << name << "'"); ++ FqdncacheStats.misses; - f = fqdncacheCreateEntry(name); + f = new fqdncache_entry(name); f->handler = handler; f->handlerData = cbdataReference(handlerData); f->request_time = current_time; @@ -543,7 +537,7 @@ storeAppendPrintf(sentry, "FQDN Cache Statistics:\n"); storeAppendPrintf(sentry, "FQDNcache Entries In Use: %d\n", - memInUse(MEM_FQDNCACHE_ENTRY)); + fqdncache_entry::UseCount()); storeAppendPrintf(sentry, "FQDNcache Entries Cached: %d\n", fqdncacheCount()); @@ -609,16 +603,16 @@ fqdncacheFreeEntry(void *data) { fqdncache_entry *f = (fqdncache_entry *)data; - int k; - - for (k = 0; k < (int) f->name_count; ++k) - safe_free(f->names[k]); - - safe_free(f->hash.key); + delete f; +} - safe_free(f->error_message); +fqdncache_entry::~fqdncache_entry() +{ + for (int k = 0; k < (int)name_count; ++k) + xfree(names[k]); - memFree(f, MEM_FQDNCACHE_ENTRY); + xfree(hash.key); + xfree(error_message); } /// \ingroup FQDNCacheAPI @@ -675,7 +669,7 @@ } } - fce = fqdncacheCreateEntry(addr); + fce = new fqdncache_entry(addr); while (hostnames) { fce->names[j] = xstrdup(hostnames->key); @@ -734,9 +728,6 @@ n = hashPrime(fqdncache_high / 4); fqdn_table = hash_create((HASHCMP *) strcmp, n, hash4); - - memDataInit(MEM_FQDNCACHE_ENTRY, "fqdncache_entry", - sizeof(fqdncache_entry), 0); } #if SQUID_SNMP diff -u -r -N squid-4.0.9/src/fs/rock/RockIoState.cc squid-4.0.10/src/fs/rock/RockIoState.cc --- squid-4.0.9/src/fs/rock/RockIoState.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/fs/rock/RockIoState.cc 2016-05-06 23:35:13.000000000 +1200 @@ -184,6 +184,9 @@ // either this is the first write or append; we do not support write gaps assert(!coreOff || coreOff == -1); + // throw if an accepted unknown-size entry grew too big or max-size changed + Must(offset_ + size <= static_cast(dir->maxObjectSize())); + // allocate the first slice during the first write if (!coreOff) { assert(sidCurrent < 0); diff -u -r -N squid-4.0.9/src/fs/rock/RockSwapDir.cc squid-4.0.10/src/fs/rock/RockSwapDir.cc --- squid-4.0.9/src/fs/rock/RockSwapDir.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/fs/rock/RockSwapDir.cc 2016-05-06 23:35:13.000000000 +1200 @@ -604,7 +604,9 @@ bool Rock::SwapDir::canStore(const StoreEntry &e, int64_t diskSpaceNeeded, int &load) const { - if (!::SwapDir::canStore(e, sizeof(DbCellHeader)+diskSpaceNeeded, load)) + if (diskSpaceNeeded >= 0) + diskSpaceNeeded += sizeof(DbCellHeader); + if (!::SwapDir::canStore(e, diskSpaceNeeded, load)) return false; if (!theFile || !theFile->canWrite()) diff -u -r -N squid-4.0.9/src/fs/ufs/UFSStoreState.cc squid-4.0.10/src/fs/ufs/UFSStoreState.cc --- squid-4.0.9/src/fs/ufs/UFSStoreState.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/fs/ufs/UFSStoreState.cc 2016-05-06 23:35:13.000000000 +1200 @@ -14,6 +14,7 @@ #include "DiskIO/ReadRequest.h" #include "DiskIO/WriteRequest.h" #include "Generic.h" +#include "SquidConfig.h" #include "SquidList.h" #include "Store.h" #include "store/Disk.h" @@ -167,6 +168,15 @@ return false; } + const Store::Disk &dir = *INDEXSD(swap_dirn); + if (offset_ + size > static_cast(dir.maxObjectSize())) { + debugs(79, 2, "accepted unknown-size entry grew too big: " << + (offset_ + size) << " > " << dir.maxObjectSize()); + free_func((void*)buf); + tryClosing(); + return false; + } + queueWrite(buf, size, aOffset, free_func); drainWriteQueue(); return true; diff -u -r -N squid-4.0.9/src/helper.cc squid-4.0.10/src/helper.cc --- squid-4.0.9/src/helper.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/helper.cc 2016-05-06 23:35:13.000000000 +1200 @@ -54,8 +54,6 @@ static void helperServerFree(helper_server *srv); static void helperStatefulServerFree(helper_stateful_server *srv); static void Enqueue(helper * hlp, Helper::Request *); -static Helper::Request *Dequeue(helper * hlp); -static Helper::Request *StatefulDequeue(statefulhelper * hlp); static helper_server *GetFirstAvailable(helper * hlp); static helper_stateful_server *StatefulGetFirstAvailable(statefulhelper * hlp); static void helperDispatch(helper_server * srv, Helper::Request * r); @@ -667,7 +665,8 @@ { /* note, don't free id_name, it probably points to static memory */ - if (queue.head) + // TODO: if the queue is not empty it will leak Helper::Request's + if (!queue.empty()) debugs(84, DBG_CRITICAL, "WARNING: freeing " << id_name << " helper with " << stats.queue_size << " requests queued"); } @@ -1102,8 +1101,7 @@ static void Enqueue(helper * hlp, Helper::Request * r) { - dlink_node *link = (dlink_node *)memAllocate(MEM_DLINK_NODE); - dlinkAddTail(r, link, &hlp->queue); + hlp->queue.push(r); ++ hlp->stats.queue_size; /* do this first so idle=N has a chance to grow the child pool before it hits critical. */ @@ -1132,8 +1130,7 @@ static void StatefulEnqueue(statefulhelper * hlp, Helper::Request * r) { - dlink_node *link = (dlink_node *)memAllocate(MEM_DLINK_NODE); - dlinkAddTail(r, link, &hlp->queue); + hlp->queue.push(r); ++ hlp->stats.queue_size; /* do this first so idle=N has a chance to grow the child pool before it hits critical. */ @@ -1159,35 +1156,15 @@ debugs(84, DBG_CRITICAL, "WARNING: Consider increasing the number of " << hlp->id_name << " processes in your config file."); } -static Helper::Request * -Dequeue(helper * hlp) +Helper::Request * +helper::nextRequest() { - dlink_node *link; - Helper::Request *r = NULL; - - if ((link = hlp->queue.head)) { - r = (Helper::Request *)link->data; - dlinkDelete(link, &hlp->queue); - memFree(link, MEM_DLINK_NODE); - -- hlp->stats.queue_size; - } - - return r; -} - -static Helper::Request * -StatefulDequeue(statefulhelper * hlp) -{ - dlink_node *link; - Helper::Request *r = NULL; - - if ((link = hlp->queue.head)) { - r = (Helper::Request *)link->data; - dlinkDelete(link, &hlp->queue); - memFree(link, MEM_DLINK_NODE); - -- hlp->stats.queue_size; - } + if (queue.empty()) + return nullptr; + auto *r = queue.front(); + queue.pop(); + --stats.queue_size; return r; } @@ -1394,7 +1371,7 @@ Helper::Request *r; helper_server *srv; - while ((srv = GetFirstAvailable(hlp)) && (r = Dequeue(hlp))) + while ((srv = GetFirstAvailable(hlp)) && (r = hlp->nextRequest())) helperDispatch(srv, r); } @@ -1404,7 +1381,7 @@ Helper::Request *r; helper_stateful_server *srv; - while ((srv = StatefulGetFirstAvailable(hlp)) && (r = StatefulDequeue(hlp))) + while ((srv = StatefulGetFirstAvailable(hlp)) && (r = hlp->nextRequest())) helperStatefulDispatch(srv, r); } diff -u -r -N squid-4.0.9/src/helper.h squid-4.0.10/src/helper.h --- squid-4.0.9/src/helper.h 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/helper.h 2016-05-06 23:35:13.000000000 +1200 @@ -23,6 +23,7 @@ #include #include +#include class Packable; class wordlist; @@ -62,9 +63,12 @@ } ~helper(); - ///< whether at least one more request can be successfully submitted + /// whether at least one more request can be successfully submitted bool queueFull() const; + /// \returns next request in the queue, or nil. + Helper::Request *nextRequest(); + ///< If not full, submit request. Otherwise, either kill Squid or return false. bool trySubmit(const char *buf, HLPCB * callback, void *data); @@ -78,7 +82,7 @@ public: wordlist *cmdline; dlink_list servers; - dlink_list queue; + std::queue queue; const char *id_name; Helper::ChildConfig childs; ///< Configuration settings for number running. int ipc_type; diff -u -r -N squid-4.0.9/src/http/url_rewriters/LFS/url_lfs_rewrite.8 squid-4.0.10/src/http/url_rewriters/LFS/url_lfs_rewrite.8 --- squid-4.0.9/src/http/url_rewriters/LFS/url_lfs_rewrite.8 2016-04-21 02:17:52.000000000 +1200 +++ squid-4.0.10/src/http/url_rewriters/LFS/url_lfs_rewrite.8 2016-05-07 00:32:14.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "URL_LFS_REWRITE 8" -.TH URL_LFS_REWRITE 8 "2016-04-20" "perl v5.22.1" "User Contributed Perl Documentation" +.TH URL_LFS_REWRITE 8 "2016-05-06" "perl v5.22.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-4.0.9/src/HttpHdrContRange.cc squid-4.0.10/src/HttpHdrContRange.cc --- squid-4.0.9/src/HttpHdrContRange.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/HttpHdrContRange.cc 2016-05-06 23:35:13.000000000 +1200 @@ -117,7 +117,7 @@ HttpHdrContRange * httpHdrContRangeCreate(void) { - HttpHdrContRange *r = (HttpHdrContRange *)memAllocate(MEM_HTTP_HDR_CONTENT_RANGE); + HttpHdrContRange *r = new HttpHdrContRange; r->spec.offset = r->spec.length = range_spec_unknown; r->elength = range_spec_unknown; return r; @@ -129,8 +129,8 @@ HttpHdrContRange *r = httpHdrContRangeCreate(); if (!httpHdrContRangeParseInit(r, str)) { - httpHdrContRangeDestroy(r); - r = NULL; + delete r; + return nullptr; } return r; @@ -182,13 +182,6 @@ return 1; } -void -httpHdrContRangeDestroy(HttpHdrContRange * range) -{ - assert(range); - memFree(range, MEM_HTTP_HDR_CONTENT_RANGE); -} - HttpHdrContRange * httpHdrContRangeDup(const HttpHdrContRange * range) { diff -u -r -N squid-4.0.9/src/HttpHdrContRange.h squid-4.0.10/src/HttpHdrContRange.h --- squid-4.0.9/src/HttpHdrContRange.h 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/HttpHdrContRange.h 2016-05-06 23:35:13.000000000 +1200 @@ -9,16 +9,18 @@ #ifndef SQUID_HTTPHDRCONTRANGE_H #define SQUID_HTTPHDRCONTRANGE_H -class HttpHeader; - -/* for HttpHdrRangeSpec */ #include "HttpHeaderRange.h" +class HttpHeader; + /** HTTP Content-Range: header field */ class HttpHdrContRange { + MEMPROXY_CLASS(HttpHdrContRange); public: + HttpHdrContRange() : elength(0) {} + HttpHdrRangeSpec spec; int64_t elength; /**< entity length, not content length */ }; @@ -29,7 +31,6 @@ HttpHdrContRange *httpHdrContRangeParseCreate(const char *crange_spec); /** returns true if range is valid; inits HttpHdrContRange */ int httpHdrContRangeParseInit(HttpHdrContRange * crange, const char *crange_spec); -void httpHdrContRangeDestroy(HttpHdrContRange * crange); HttpHdrContRange *httpHdrContRangeDup(const HttpHdrContRange * crange); void httpHdrContRangePackInto(const HttpHdrContRange * crange, Packable * p); /** inits with given spec */ diff -u -r -N squid-4.0.9/src/HttpHeaderTools.cc squid-4.0.10/src/HttpHeaderTools.cc --- squid-4.0.9/src/HttpHeaderTools.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/HttpHeaderTools.cc 2016-05-06 23:35:13.000000000 +1200 @@ -78,7 +78,7 @@ assert(hdr && ent_len >= 0); httpHdrContRangeSet(cr, spec, ent_len); hdr->putContRange(cr); - httpHdrContRangeDestroy(cr); + delete cr; } /** diff -u -r -N squid-4.0.9/src/HttpReply.cc squid-4.0.10/src/HttpReply.cc --- squid-4.0.9/src/HttpReply.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/HttpReply.cc 2016-05-06 23:35:13.000000000 +1200 @@ -375,7 +375,7 @@ } if (content_range) { - httpHdrContRangeDestroy(content_range); + delete content_range; content_range = NULL; } } diff -u -r -N squid-4.0.9/src/icmp/net_db.cc squid-4.0.10/src/icmp/net_db.cc --- squid-4.0.9/src/icmp/net_db.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/icmp/net_db.cc 2016-05-06 23:35:13.000000000 +1200 @@ -150,30 +150,35 @@ hash_remove_link(addr_table, hptr); } +net_db_name::net_db_name(const char *hostname, netdbEntry *e) : + next(e ? e->hosts : nullptr), + net_db_entry(e) +{ + hash.key = xstrdup(hostname); + if (e) { + e->hosts = this; + ++ e->link_count; + } +} + static void netdbHostInsert(netdbEntry * n, const char *hostname) { - net_db_name *x = (net_db_name *)memAllocate(MEM_NET_DB_NAME); - x->hash.key = xstrdup(hostname); - x->next = n->hosts; - n->hosts = x; - x->net_db_entry = n; + net_db_name *x = new net_db_name(hostname, n); assert(hash_lookup(host_table, hostname) == NULL); hash_join(host_table, &x->hash); - ++ n->link_count; } static void netdbHostDelete(const net_db_name * x) { - netdbEntry *n; - net_db_name **X; assert(x != NULL); assert(x->net_db_entry != NULL); - n = x->net_db_entry; + + netdbEntry *n = x->net_db_entry; -- n->link_count; - for (X = &n->hosts; *X; X = &(*X)->next) { + for (auto **X = &n->hosts; *X; X = &(*X)->next) { if (*X == x) { *X = x->next; break; @@ -181,8 +186,7 @@ } hash_remove_link(host_table, (hash_link *) x); - xfree(x->hash.key); - memFree((void *) x, MEM_NET_DB_NAME); + delete x; } static netdbEntry * @@ -686,8 +690,7 @@ netdbFreeNameEntry(void *data) { net_db_name *x = (net_db_name *)data; - xfree(x->hash.key); - memFree(x, MEM_NET_DB_NAME); + delete x; } static void diff -u -r -N squid-4.0.9/src/icmp/net_db.h squid-4.0.10/src/icmp/net_db.h --- squid-4.0.9/src/icmp/net_db.h 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/icmp/net_db.h 2016-05-06 23:35:13.000000000 +1200 @@ -11,6 +11,7 @@ #include "hash.h" #include "ip/forward.h" +#include "mem/forward.h" class CachePeer; class HttpRequest; @@ -18,10 +19,14 @@ class StoreEntry; class URL; -// POD class net_db_name { + MEMPROXY_CLASS(net_db_name); + public: + net_db_name(const char *name, netdbEntry *); + ~net_db_name() {xfree(hash.key);} + hash_link hash; /* must be first */ net_db_name *next; netdbEntry *net_db_entry; diff -u -r -N squid-4.0.9/src/ipcache.cc squid-4.0.10/src/ipcache.cc --- squid-4.0.9/src/ipcache.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/ipcache.cc 2016-05-06 23:35:13.000000000 +1200 @@ -78,7 +78,12 @@ */ class ipcache_entry { + MEMPROXY_CLASS(ipcache_entry); + public: + ipcache_entry(const char *); + ~ipcache_entry(); + hash_link hash; /* must be first */ time_t lastref; time_t expires; @@ -90,7 +95,9 @@ struct timeval request_time; dlink_node lru; unsigned short locks; - struct { + struct Flags { + Flags() : negcached(false), fromhosts(false) {} + bool negcached; bool fromhosts; } flags; @@ -265,20 +272,19 @@ ipcacheRelease(i); } -/** - \ingroup IPCacheInternal - * - * create blank ipcache_entry - */ -static ipcache_entry * -ipcacheCreateEntry(const char *name) -{ - static ipcache_entry *i; - i = (ipcache_entry *)memAllocate(MEM_IPCACHE_ENTRY); - i->hash.key = xstrdup(name); - Tolower(static_cast(i->hash.key)); - i->expires = squid_curtime + Config.negativeDnsTtl; - return i; +ipcache_entry::ipcache_entry(const char *name) : + lastref(0), + expires(0), + handler(nullptr), + handlerData(nullptr), + error_message(nullptr), + locks(0) // XXX: use Lock type ? +{ + hash.key = xstrdup(name); + Tolower(static_cast(hash.key)); + expires = squid_curtime + Config.negativeDnsTtl; + + memset(&request_time, 0, sizeof(request_time)); } /// \ingroup IPCacheInternal @@ -547,7 +553,7 @@ debugs(14, 5, "ipcache_nbgethostbyname: MISS for '" << name << "'"); ++IpcacheStats.misses; - i = ipcacheCreateEntry(name); + i = new ipcache_entry(name); i->handler = handler; i->handlerData = cbdataReference(handlerData); i->request_time = current_time; @@ -589,7 +595,6 @@ (float) Config.ipcache.low) / (float) 100); n = hashPrime(ipcache_high / 4); ip_table = hash_create((HASHCMP *) strcmp, n, hash4); - memDataInit(MEM_IPCACHE_ENTRY, "ipcache_entry", sizeof(ipcache_entry), 0); ipcacheRegisterWithCacheManager(); } @@ -714,7 +719,7 @@ assert(ip_table != NULL); storeAppendPrintf(sentry, "IP Cache Statistics:\n"); storeAppendPrintf(sentry, "IPcache Entries In Use: %d\n", - memInUse(MEM_IPCACHE_ENTRY)); + ipcache_entry::UseCount()); storeAppendPrintf(sentry, "IPcache Entries Cached: %d\n", ipcacheCount()); storeAppendPrintf(sentry, "IPcache Requests: %d\n", @@ -985,11 +990,15 @@ ipcacheFreeEntry(void *data) { ipcache_entry *i = (ipcache_entry *)data; - safe_free(i->addrs.in_addrs); - safe_free(i->addrs.bad_mask); - safe_free(i->hash.key); - safe_free(i->error_message); - memFree(i, MEM_IPCACHE_ENTRY); + delete i; +} + +ipcache_entry::~ipcache_entry() +{ + xfree(addrs.in_addrs); + xfree(addrs.bad_mask); + xfree(error_message); + xfree(hash.key); } /// \ingroup IPCacheAPI @@ -1057,7 +1066,7 @@ } } - i = ipcacheCreateEntry(name); + i = new ipcache_entry(name); i->addrs.count = 1; i->addrs.cur = 0; i->addrs.badcount = 0; diff -u -r -N squid-4.0.9/src/ipcache.h squid-4.0.10/src/ipcache.h --- squid-4.0.9/src/ipcache.h 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/ipcache.h 2016-05-06 23:35:13.000000000 +1200 @@ -10,19 +10,19 @@ #define _SQUID_IPCACHE_H #include "dns/forward.h" +#include "ip/forward.h" -namespace Ip +class ipcache_addrs { -class Address; -} +public: + ipcache_addrs() : in_addrs(nullptr), bad_mask(nullptr), count(0), cur(0), badcount(0) {} -typedef struct _ipcache_addrs { Ip::Address *in_addrs; unsigned char *bad_mask; unsigned char count; unsigned char cur; unsigned char badcount; -} ipcache_addrs; +}; typedef void IPH(const ipcache_addrs *, const Dns::LookupDetails &details, void *); diff -u -r -N squid-4.0.9/src/log/DB/log_db_daemon.8 squid-4.0.10/src/log/DB/log_db_daemon.8 --- squid-4.0.9/src/log/DB/log_db_daemon.8 2016-04-21 02:17:59.000000000 +1200 +++ squid-4.0.10/src/log/DB/log_db_daemon.8 2016-05-07 00:32:23.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "LOG_DB_DAEMON 8" -.TH LOG_DB_DAEMON 8 "2016-04-20" "perl v5.22.1" "User Contributed Perl Documentation" +.TH LOG_DB_DAEMON 8 "2016-05-06" "perl v5.22.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-4.0.9/src/main.cc squid-4.0.10/src/main.cc --- squid-4.0.9/src/main.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/main.cc 2016-05-06 23:35:13.000000000 +1200 @@ -17,6 +17,7 @@ #include "base/Subscription.h" #include "base/TextException.h" #include "cache_cf.h" +#include "CachePeer.h" #include "carp.h" #include "client_db.h" #include "client_side.h" diff -u -r -N squid-4.0.9/src/mem/forward.h squid-4.0.10/src/mem/forward.h --- squid-4.0.9/src/mem/forward.h 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/mem/forward.h 2016-05-06 23:35:13.000000000 +1200 @@ -46,22 +46,11 @@ MEM_64K_BUF, MEM_ACL_DENY_INFO_LIST, MEM_ACL_NAME_LIST, - MEM_CLIENT_INFO, MEM_LINK_LIST, - MEM_DLINK_NODE, MEM_DREAD_CTRL, MEM_DWRITE_Q, - MEM_HTTP_HDR_CONTENT_RANGE, MEM_MD5_DIGEST, MEM_NETDBENTRY, - MEM_NET_DB_NAME, - // IMPORTANT: leave this here. pools above are initialized early with memInit() - MEM_DONTFREE, - // following pools are initialized late by their component if needed (or never) - MEM_FQDNCACHE_ENTRY, - MEM_FWD_SERVER, - MEM_IDNS_QUERY, - MEM_IPCACHE_ENTRY, MEM_MAX } mem_type; diff -u -r -N squid-4.0.9/src/mem/old_api.cc squid-4.0.10/src/mem/old_api.cc --- squid-4.0.9/src/mem/old_api.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/mem/old_api.cc 2016-05-06 23:35:13.000000000 +1200 @@ -411,9 +411,6 @@ MemPools::GetInstance().setIdleLimit(new_pool_limit); } -/* XXX make these classes do their own memory management */ -#include "HttpHdrContRange.h" - void Mem::Init(void) { @@ -449,13 +446,9 @@ sizeof(AclDenyInfoList), 0); memDataInit(MEM_ACL_NAME_LIST, "acl_name_list", sizeof(AclNameList), 0); memDataInit(MEM_LINK_LIST, "link_list", sizeof(link_list), 10); - memDataInit(MEM_DLINK_NODE, "dlink_node", sizeof(dlink_node), 10); memDataInit(MEM_DREAD_CTRL, "dread_ctrl", sizeof(dread_ctrl), 0); memDataInit(MEM_DWRITE_Q, "dwrite_q", sizeof(dwrite_q), 0); - memDataInit(MEM_HTTP_HDR_CONTENT_RANGE, "HttpHdrContRange", sizeof(HttpHdrContRange), 0); memDataInit(MEM_NETDBENTRY, "netdbEntry", sizeof(netdbEntry), 0); - memDataInit(MEM_NET_DB_NAME, "net_db_name", sizeof(net_db_name), 0); - memDataInit(MEM_CLIENT_INFO, "ClientInfo", sizeof(ClientInfo), 0); memDataInit(MEM_MD5_DIGEST, "MD5 digest", SQUID_MD5_DIGEST_LENGTH, 0); GetPool(MEM_MD5_DIGEST)->setChunkSize(512 * 1024); @@ -489,11 +482,10 @@ { mem_type t = MEM_NONE; - while (++t < MEM_DONTFREE) { + while (++t < MEM_MAX) { /* * If you hit this assertion, then you forgot to add a * memDataInit() line for type 't'. - * Or placed the pool type in the wrong section of the enum list. */ assert(GetPool(t)); } diff -u -r -N squid-4.0.9/src/MemStore.cc squid-4.0.10/src/MemStore.cc --- squid-4.0.9/src/MemStore.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/MemStore.cc 2016-05-06 23:35:13.000000000 +1200 @@ -625,16 +625,8 @@ } const int64_t expectedSize = e.mem_obj->expectedReplySize(); // may be < 0 - - // objects of unknown size are not allowed into memory cache, for now - if (expectedSize < 0) { - debugs(20, 5, "Unknown expected size: " << e); - return false; - } - const int64_t loadedSize = e.mem_obj->endOffset(); const int64_t ramSize = max(loadedSize, expectedSize); - if (ramSize > maxObjectSize()) { debugs(20, 5, HERE << "Too big max(" << loadedSize << ", " << expectedSize << "): " << e); @@ -674,7 +666,10 @@ e.mem_obj->memCache.index = index; e.mem_obj->memCache.io = MemObject::ioWriting; slot->set(e); - map->startAppending(index); + // Do not allow others to feed off an unknown-size entry because we will + // stop swapping it out if it grows too large. + if (e.mem_obj->expectedReplySize() >= 0) + map->startAppending(index); e.memOutDecision(true); return true; } @@ -700,6 +695,9 @@ return; // nothing to do (yet) } + // throw if an accepted unknown-size entry grew too big or max-size changed + Must(eSize <= maxObjectSize()); + const int32_t index = e.mem_obj->memCache.index; assert(index >= 0); Ipc::StoreMapAnchor &anchor = map->writeableEntry(index); @@ -777,6 +775,7 @@ slice.next = sliceOffset = reserveSapForWriting(page); extras->items[sliceOffset].page = page; debugs(20, 7, "entry " << fileNo << " new slice: " << sliceOffset); + continue; // to get and return the slice at the new sliceOffset } return slice; diff -u -r -N squid-4.0.9/src/peer_select.cc squid-4.0.10/src/peer_select.cc --- squid-4.0.9/src/peer_select.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/peer_select.cc 2016-05-06 23:35:13.000000000 +1200 @@ -70,8 +70,7 @@ { while (servers) { FwdServer *next = servers->next; - cbdataReferenceDone(servers->_peer); - memFree(servers, MEM_FWD_SERVER); + delete servers; servers = next; } @@ -236,7 +235,7 @@ Comm::ConnectionPointer p = new Comm::Connection(); p->remote = req->clientConnectionManager->clientConnection->local; p->peerType = ORIGINAL_DST; // fs->code is DIRECT. This fixes the display. - p->setPeer(fs->_peer); + p->setPeer(fs->_peer.get()); // check for a configured outgoing address for this destination... getOutgoingAddress(psstate->request, p); @@ -245,8 +244,7 @@ // clear the used fs and continue psstate->servers = fs->next; - cbdataReferenceDone(fs->_peer); - memFree(fs, MEM_FWD_SERVER); + delete fs; peerSelectDnsPaths(psstate); return; } @@ -254,7 +252,7 @@ // convert the list of FwdServer destinations into destinations IP addresses if (fs && psstate->paths->size() < (unsigned int)Config.forward_max_tries) { // send the next one off for DNS lookup. - const char *host = fs->_peer ? fs->_peer->host : psstate->request->url.host(); + const char *host = fs->_peer.valid() ? fs->_peer->host : psstate->request->url.host(); debugs(44, 2, "Find IP destination for: " << psstate->url() << "' via " << host); ipcache_nbgethostbyname(host, peerSelectDnsResults, psstate); return; @@ -267,8 +265,7 @@ assert(fs == psstate->servers); while (fs) { psstate->servers = fs->next; - cbdataReferenceDone(fs->_peer); - memFree(fs, MEM_FWD_SERVER); + delete fs; fs = psstate->servers; } } @@ -336,7 +333,7 @@ break; // for TPROXY spoofing we must skip unusable addresses. - if (psstate->request->flags.spoofClientIp && !(fs->_peer && fs->_peer->options.no_tproxy) ) { + if (psstate->request->flags.spoofClientIp && !(fs->_peer.valid() && fs->_peer->options.no_tproxy) ) { if (ia->in_addrs[ip].isIPv4() != psstate->request->client_addr.isIPv4()) { // we CAN'T spoof the address on this link. find another. continue; @@ -348,21 +345,21 @@ // when IPv6 is disabled we cannot use it if (!Ip::EnableIpv6 && p->remote.isIPv6()) { - const char *host = (fs->_peer ? fs->_peer->host : psstate->request->url.host()); + const char *host = (fs->_peer.valid() ? fs->_peer->host : psstate->request->url.host()); ipcacheMarkBadAddr(host, p->remote); continue; } - p->remote.port(fs->_peer ? fs->_peer->http_port : psstate->request->url.port()); + p->remote.port(fs->_peer.valid() ? fs->_peer->http_port : psstate->request->url.port()); p->peerType = fs->code; - p->setPeer(fs->_peer); + p->setPeer(fs->_peer.get()); // check for a configured outgoing address for this destination... getOutgoingAddress(psstate->request, p); psstate->paths->push_back(p); } } else { - debugs(44, 3, "Unknown host: " << (fs->_peer ? fs->_peer->host : psstate->request->url.host())); + debugs(44, 3, "Unknown host: " << (fs->_peer.valid() ? fs->_peer->host : psstate->request->url.host())); // discard any previous error. delete psstate->lastError; psstate->lastError = NULL; @@ -373,8 +370,7 @@ } psstate->servers = fs->next; - cbdataReferenceDone(fs->_peer); - memFree(fs, MEM_FWD_SERVER); + delete fs; // see if more paths can be found peerSelectDnsPaths(psstate); @@ -769,7 +765,6 @@ peerSelectInit(void) { memset(&PeerStats, '\0', sizeof(PeerStats)); - memDataInit(MEM_FWD_SERVER, "FwdServer", sizeof(FwdServer), 0); } static void @@ -931,12 +926,10 @@ static void peerAddFwdServer(FwdServer ** FSVR, CachePeer * p, hier_code code) { - FwdServer *fs = (FwdServer *)memAllocate(MEM_FWD_SERVER); debugs(44, 5, "peerAddFwdServer: adding " << (p ? p->host : "DIRECT") << " " << hier_code_str[code] ); - fs->_peer = cbdataReference(p); - fs->code = code; + FwdServer *fs = new FwdServer(p, code); while (*FSVR) FSVR = &(*FSVR)->next; diff -u -r -N squid-4.0.9/src/PeerSelectState.h squid-4.0.10/src/PeerSelectState.h --- squid-4.0.9/src/PeerSelectState.h 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/PeerSelectState.h 2016-05-06 23:35:13.000000000 +1200 @@ -11,10 +11,11 @@ #include "AccessLogEntry.h" #include "acl/Checklist.h" -#include "cbdata.h" +#include "base/CbcPointer.h" #include "comm/forward.h" #include "hier_code.h" #include "ip/Address.h" +#include "mem/forward.h" #include "PingData.h" class HttpRequest; @@ -37,8 +38,16 @@ */ class FwdServer { + MEMPROXY_CLASS(FwdServer); + public: - CachePeer *_peer; /* NULL --> origin server */ + FwdServer(CachePeer *p, hier_code c) : + _peer(p), + code(c), + next(nullptr) + {} + + CbcPointer _peer; /* NULL --> origin server */ hier_code code; FwdServer *next; }; diff -u -r -N squid-4.0.9/src/security/cert_generators/file/security_file_certgen.cc squid-4.0.10/src/security/cert_generators/file/security_file_certgen.cc --- squid-4.0.9/src/security/cert_generators/file/security_file_certgen.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/security/cert_generators/file/security_file_certgen.cc 2016-05-06 23:35:13.000000000 +1200 @@ -25,7 +25,7 @@ \ingroup ExternalPrograms \par Because the standard generation of SSL certificates for - sslBump feature, Squid must use external proccess to + sslBump feature, Squid must use external process to actually make these calls. This process generate new ssl certificates and worked with ssl certificates disk cache. Typically there will be five certificate generator processes @@ -178,8 +178,8 @@ std::cerr << help_string << std::endl; } -/// Proccess new request message. -static bool proccessNewRequest(Ssl::CrtdMessage & request_message, std::string const & db_path, size_t max_db_size, size_t fs_block_size) +/// Process new request message. +static bool processNewRequest(Ssl::CrtdMessage & request_message, std::string const & db_path, size_t max_db_size, size_t fs_block_size) { Ssl::CertificateProperties certProperties; std::string error; @@ -249,11 +249,11 @@ { try { size_t max_db_size = 0; - size_t fs_block_size = 2048; + size_t fs_block_size = 0; int8_t c; bool create_new_db = false; std::string db_path; - // proccess options. + // process options. while ((c = getopt(argc, argv, "dcghvs:M:b:n:")) != -1) { switch (c) { case 'd': @@ -294,13 +294,26 @@ exit(0); } + if (fs_block_size == 0) { + struct statvfs sfs; + + if (xstatvfs(db_path.c_str(), &sfs)) { + fs_block_size = 2048; + } else { + fs_block_size = sfs.f_frsize; + // Sanity check; make sure we have a meaningful value. + if (fs_block_size < 512) + fs_block_size = 2048; + } + } + { Ssl::CertificateDb::check(db_path, max_db_size, fs_block_size); } // Initialize SSL subsystem SSL_load_error_strings(); SSLeay_add_ssl_algorithms(); - // proccess request. + // process request. for (;;) { char request[HELPER_INPUT_BUFFER]; Ssl::CrtdMessage request_message(Ssl::CrtdMessage::REQUEST); @@ -316,7 +329,7 @@ if (parse_result == Ssl::CrtdMessage::ERROR) { throw std::runtime_error("Cannot parse request message."); } else if (request_message.getCode() == Ssl::CrtdMessage::code_new_certificate) { - proccessNewRequest(request_message, db_path, max_db_size, fs_block_size); + processNewRequest(request_message, db_path, max_db_size, fs_block_size); } else { throw std::runtime_error("Unknown request code: \"" + request_message.getCode() + "\"."); } diff -u -r -N squid-4.0.9/src/security/cert_validators/fake/security_fake_certverify.8 squid-4.0.10/src/security/cert_validators/fake/security_fake_certverify.8 --- squid-4.0.9/src/security/cert_validators/fake/security_fake_certverify.8 2016-04-21 02:18:12.000000000 +1200 +++ squid-4.0.10/src/security/cert_validators/fake/security_fake_certverify.8 2016-05-07 00:32:44.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SECURITY_FAKE_CERTVERIFY 8" -.TH SECURITY_FAKE_CERTVERIFY 8 "2016-04-20" "perl v5.22.1" "User Contributed Perl Documentation" +.TH SECURITY_FAKE_CERTVERIFY 8 "2016-05-06" "perl v5.22.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-4.0.9/src/servers/Http1Server.cc squid-4.0.10/src/servers/Http1Server.cc --- squid-4.0.9/src/servers/Http1Server.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/servers/Http1Server.cc 2016-05-06 23:35:13.000000000 +1200 @@ -173,6 +173,16 @@ return false; } + // when absolute-URI is provided Host header should be ignored. However + // some code still uses Host directly so normalize it using the previously + // sanitized URL authority value. + // For now preserve the case where Host is completely absent. That matters. + if (const auto x = request->header.delById(Http::HOST)) { + debugs(33, 5, "normalize " << x << " Host header using " << request->url.authority()); + SBuf tmp(request->url.authority()); + request->header.putStr(Http::HOST, tmp.c_str()); + } + http->request = request.getRaw(); HTTPMSGLOCK(http->request); diff -u -r -N squid-4.0.9/src/ssl/helper.cc squid-4.0.10/src/ssl/helper.cc --- squid-4.0.9/src/ssl/helper.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/ssl/helper.cc 2016-05-06 23:35:13.000000000 +1200 @@ -59,26 +59,9 @@ { char *tmp = xstrdup(Ssl::TheConfig.ssl_crtd); char *tmp_begin = tmp; - char * token = NULL; - bool db_path_was_found = false; - bool block_size_was_found = false; - char buffer[20] = "2048"; + char *token = NULL; while ((token = strwordtok(NULL, &tmp))) { wordlistAdd(&ssl_crtd->cmdline, token); - if (!strcmp(token, "-b")) - block_size_was_found = true; - if (!strcmp(token, "-s")) { - db_path_was_found = true; - } else if (db_path_was_found) { - db_path_was_found = false; - int fs_block_size = 0; - fsBlockSize(token, &fs_block_size); - snprintf(buffer, sizeof(buffer), "%i", fs_block_size); - } - } - if (!block_size_was_found) { - wordlistAdd(&ssl_crtd->cmdline, "-b"); - wordlistAdd(&ssl_crtd->cmdline, buffer); } safe_free(tmp_begin); } diff -u -r -N squid-4.0.9/src/store/Controller.cc squid-4.0.10/src/store/Controller.cc --- squid-4.0.9/src/store/Controller.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/store/Controller.cc 2016-05-06 23:35:13.000000000 +1200 @@ -183,6 +183,23 @@ return swapDir->maxObjectSize(); } +void +Store::Controller::updateLimits() +{ + swapDir->updateLimits(); + + store_swap_high = (long) (((float) maxSize() * + (float) Config.Swap.highWaterMark) / (float) 100); + store_swap_low = (long) (((float) maxSize() * + (float) Config.Swap.lowWaterMark) / (float) 100); + store_pages_max = Config.memMaxSize / sizeof(mem_node); + + // TODO: move this into a memory cache class when we have one + const int64_t memMax = static_cast(min(Config.Store.maxInMemObjSize, Config.memMaxSize)); + const int64_t disksMax = swapDir ? swapDir->maxObjectSize() : 0; + store_maxobjsize = std::max(disksMax, memMax); +} + StoreSearch * Store::Controller::search() { @@ -326,6 +343,13 @@ return nullptr; } +int64_t +Store::Controller::accumulateMore(StoreEntry &entry) const +{ + return swapDir ? swapDir->accumulateMore(entry) : 0; + // The memory cache should not influence for-swapout accumulation decision. +} + void Store::Controller::markForUnlink(StoreEntry &e) { diff -u -r -N squid-4.0.9/src/store/Controller.h squid-4.0.10/src/store/Controller.h --- squid-4.0.9/src/store/Controller.h 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/store/Controller.h 2016-05-06 23:35:13.000000000 +1200 @@ -42,6 +42,13 @@ virtual void unlink(StoreEntry &) override; virtual int callback() override; + /// Additional unknown-size entry bytes required by Store in order to + /// reduce the risk of selecting the wrong disk cache for the growing entry. + int64_t accumulateMore(StoreEntry &) const; + + /// slowly calculate (and cache) hi/lo watermarks and similar limits + void updateLimits(); + /// called when the entry is no longer needed by any transaction void handleIdleEntry(StoreEntry &); diff -u -r -N squid-4.0.9/src/store/Disk.cc squid-4.0.10/src/store/Disk.cc --- squid-4.0.9/src/store/Disk.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/store/Disk.cc 2016-05-06 23:35:13.000000000 +1200 @@ -22,7 +22,7 @@ #include "tools.h" Store::Disk::Disk(char const *aType): theType(aType), - max_size(0), min_objsize(0), max_objsize (-1), + max_size(0), min_objsize(-1), max_objsize (-1), path(NULL), index(-1), disker(-1), repl(NULL), removals(0), scanned(0), cleanLog(NULL) @@ -93,6 +93,13 @@ } int64_t +Store::Disk::minObjectSize() const +{ + // per-store min-size=N value is authoritative + return min_objsize > -1 ? min_objsize : Config.Store.minObjectSize; +} + +int64_t Store::Disk::maxObjectSize() const { // per-store max-size=N value is authoritative @@ -148,19 +155,9 @@ bool Store::Disk::objectSizeIsAcceptable(int64_t objsize) const { - // without limits, all object sizes are acceptable, including unknown ones - if (min_objsize <= 0 && max_objsize == -1) - return true; - - // with limits, objects with unknown sizes are not acceptable - if (objsize == -1) - return false; - - // without the upper limit, just check the lower limit - if (max_objsize == -1) - return min_objsize <= objsize; - - return min_objsize <= objsize && objsize < max_objsize; + // need either the expected or the already accumulated object size + assert(objsize >= 0); + return minObjectSize() <= objsize && objsize <= maxObjectSize(); } bool @@ -380,7 +377,7 @@ void Store::Disk::optionObjectSizeDump(StoreEntry * e) const { - if (min_objsize != 0) + if (min_objsize != -1) storeAppendPrintf(e, " min-size=%" PRId64, min_objsize); if (max_objsize != -1) diff -u -r -N squid-4.0.9/src/store/Disk.h squid-4.0.10/src/store/Disk.h --- squid-4.0.9/src/store/Disk.h 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/store/Disk.h 2016-05-06 23:35:13.000000000 +1200 @@ -54,6 +54,9 @@ virtual bool dereference(StoreEntry &e) override; virtual void maintain() override; + /// the size of the smallest entry this cache_dir can store + int64_t minObjectSize() const; + /// configure the maximum object size for this storage area. /// May be any size up to the total storage area. void maxObjectSize(int64_t newMax); diff -u -r -N squid-4.0.9/src/store/Disks.cc squid-4.0.10/src/store/Disks.cc --- squid-4.0.9/src/store/Disks.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/store/Disks.cc 2016-05-06 23:35:13.000000000 +1200 @@ -27,6 +27,24 @@ */ STDIRSELECT *storeDirSelectSwapDir = storeDirSelectSwapDirLeastLoad; +/// The entry size to use for Disk::canStore() size limit checks. +/// This is an optimization to avoid similar calculations in every cache_dir. +static int64_t +objectSizeForDirSelection(const StoreEntry &entry) +{ + // entry.objectLen() is negative here when we are still STORE_PENDING + int64_t minSize = entry.mem_obj->expectedReplySize(); + + // If entry size is unknown, use already accumulated bytes as an estimate. + // Controller::accumulateMore() guarantees that there are enough of them. + if (minSize < 0) + minSize = entry.mem_obj->endOffset(); + + assert(minSize >= 0); + minSize += entry.mem_obj->swap_hdr_sz; + return minSize; +} + /** * This new selection scheme simply does round-robin on all SwapDirs. * A SwapDir is skipped if it is over the max_size (100%) limit, or @@ -35,10 +53,7 @@ static int storeDirSelectSwapDirRoundRobin(const StoreEntry * e) { - // e->objectLen() is negative at this point when we are still STORE_PENDING - ssize_t objsize = e->mem_obj->expectedReplySize(); - if (objsize != -1) - objsize += e->mem_obj->swap_hdr_sz; + const int64_t objsize = objectSizeForDirSelection(*e); // Increment the first candidate once per selection (not once per // iteration) to reduce bias when some disk(s) attract more entries. @@ -81,18 +96,14 @@ storeDirSelectSwapDirLeastLoad(const StoreEntry * e) { int64_t most_free = 0; - ssize_t least_objsize = -1; + int64_t best_objsize = -1; int least_load = INT_MAX; int load; int dirn = -1; int i; RefCount SD; - // e->objectLen() is negative at this point when we are still STORE_PENDING - ssize_t objsize = e->mem_obj->expectedReplySize(); - - if (objsize != -1) - objsize += e->mem_obj->swap_hdr_sz; + const int64_t objsize = objectSizeForDirSelection(*e); for (i = 0; i < Config.cacheSwap.n_configured; ++i) { SD = dynamic_cast(INDEXSD(i)); @@ -111,11 +122,14 @@ /* If the load is equal, then look in more details */ if (load == least_load) { - /* closest max-size fit */ - - if (least_objsize != -1) - if (SD->maxObjectSize() > least_objsize) + /* best max-size fit */ + if (best_objsize != -1) { + // cache_dir with the smallest max-size gets the known-size object + // cache_dir with the largest max-size gets the unknown-size object + if ((objsize != -1 && SD->maxObjectSize() > best_objsize) || + (objsize == -1 && SD->maxObjectSize() < best_objsize)) continue; + } /* most free */ if (cur_free < most_free) @@ -123,7 +137,7 @@ } least_load = load; - least_objsize = SD->maxObjectSize(); + best_objsize = SD->maxObjectSize(); most_free = cur_free; dirn = i; } @@ -134,6 +148,13 @@ return dirn; } +Store::Disks::Disks(): + largestMinimumObjectSize(-1), + largestMaximumObjectSize(-1), + secondLargestMaximumObjectSize(-1) +{ +} + SwapDir * Store::Disks::store(int const x) const { @@ -330,14 +351,68 @@ int64_t Store::Disks::maxObjectSize() const { - int64_t result = -1; + return largestMaximumObjectSize; +} + +void +Store::Disks::updateLimits() +{ + largestMinimumObjectSize = -1; + largestMaximumObjectSize = -1; + secondLargestMaximumObjectSize = -1; for (int i = 0; i < Config.cacheSwap.n_configured; ++i) { - if (dir(i).active() && store(i)->maxObjectSize() > result) - result = store(i)->maxObjectSize(); + const auto &disk = dir(i); + if (!disk.active()) + continue; + + if (disk.minObjectSize() > largestMinimumObjectSize) + largestMinimumObjectSize = disk.minObjectSize(); + + const auto diskMaxObjectSize = disk.maxObjectSize(); + if (diskMaxObjectSize > largestMaximumObjectSize) { + if (largestMaximumObjectSize >= 0) // was set + secondLargestMaximumObjectSize = largestMaximumObjectSize; + largestMaximumObjectSize = diskMaxObjectSize; + } } +} - return result; +int64_t +Store::Disks::accumulateMore(const StoreEntry &entry) const +{ + const auto accumulated = entry.mem_obj->availableForSwapOut(); + + /* + * Keep accumulating more bytes until the set of disks eligible to accept + * the entry becomes stable, and, hence, accumulating more is not going to + * affect the cache_dir selection. A stable set is usually reached + * immediately (or soon) because most configurations either do not use + * cache_dirs with explicit min-size/max-size limits or use the same + * max-size limit for all cache_dirs (and low min-size limits). + */ + + // Can the set of min-size cache_dirs accepting this entry change? + if (accumulated < largestMinimumObjectSize) + return largestMinimumObjectSize - accumulated; + + // Can the set of max-size cache_dirs accepting this entry change + // (other than when the entry exceeds the largest maximum; see below)? + if (accumulated <= secondLargestMaximumObjectSize) + return secondLargestMaximumObjectSize - accumulated + 1; + + /* + * Checking largestMaximumObjectSize instead eliminates the risk of starting + * to swap out an entry that later grows too big, but also implies huge + * accumulation in most environments. Accumulating huge entries not only + * consumes lots of RAM but also creates a burst of doPages() write requests + * that overwhelm the disk. To avoid these problems, we take the risk and + * allow swap out now. The disk will quit swapping out if the entry + * eventually grows too big for its selected cache_dir. + */ + debugs(20, 3, "no: " << accumulated << '>' << + secondLargestMaximumObjectSize << ',' << largestMinimumObjectSize); + return 0; } void diff -u -r -N squid-4.0.9/src/store/Disks.h squid-4.0.10/src/store/Disks.h --- squid-4.0.9/src/store/Disks.h 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/store/Disks.h 2016-05-06 23:35:13.000000000 +1200 @@ -18,6 +18,8 @@ class Disks: public Controlled { public: + Disks(); + /* Storage API */ virtual void create() override; virtual void init() override; @@ -40,10 +42,21 @@ virtual void unlink(StoreEntry &) override; virtual int callback() override; + /// slowly calculate (and cache) hi/lo watermarks and similar limits + void updateLimits(); + + /// Additional unknown-size entry bytes required by disks in order to + /// reduce the risk of selecting the wrong disk cache for the growing entry. + int64_t accumulateMore(const StoreEntry&) const; + private: /* migration logic */ SwapDir *store(int const x) const; SwapDir &dir(int const idx) const; + + int64_t largestMinimumObjectSize; ///< maximum of all Disk::minObjectSize()s + int64_t largestMaximumObjectSize; ///< maximum of all Disk::maxObjectSize()s + int64_t secondLargestMaximumObjectSize; ///< the second-biggest Disk::maxObjectSize() }; } // namespace Store diff -u -r -N squid-4.0.9/src/store/id_rewriters/file/storeid_file_rewrite.8 squid-4.0.10/src/store/id_rewriters/file/storeid_file_rewrite.8 --- squid-4.0.9/src/store/id_rewriters/file/storeid_file_rewrite.8 2016-04-21 02:17:10.000000000 +1200 +++ squid-4.0.10/src/store/id_rewriters/file/storeid_file_rewrite.8 2016-05-07 00:31:09.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "STOREID_FILE_REWRITE 8" -.TH STOREID_FILE_REWRITE 8 "2016-04-20" "perl v5.22.1" "User Contributed Perl Documentation" +.TH STOREID_FILE_REWRITE 8 "2016-05-06" "perl v5.22.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-4.0.9/src/store.cc squid-4.0.10/src/store.cc --- squid-4.0.9/src/store.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/store.cc 2016-05-06 23:35:13.000000000 +1200 @@ -1370,40 +1370,10 @@ storeRegisterWithCacheManager(); } -/// computes maximum size of a cachable object -/// larger objects are rejected by all (disk and memory) cache stores -static int64_t -storeCalcMaxObjSize() -{ - int64_t ms = 0; // nothing can be cached without at least one store consent - - // global maximum is at least the disk store maximum - for (int i = 0; i < Config.cacheSwap.n_configured; ++i) { - assert (Config.cacheSwap.swapDirs[i].getRaw()); - const int64_t storeMax = dynamic_cast(Config.cacheSwap.swapDirs[i].getRaw())->maxObjectSize(); - if (ms < storeMax) - ms = storeMax; - } - - // global maximum is at least the memory store maximum - // TODO: move this into a memory cache class when we have one - const int64_t memMax = static_cast(min(Config.Store.maxInMemObjSize, Config.memMaxSize)); - if (ms < memMax) - ms = memMax; - - return ms; -} - void storeConfigure(void) { - store_swap_high = (long) (((float) Store::Root().maxSize() * - (float) Config.Swap.highWaterMark) / (float) 100); - store_swap_low = (long) (((float) Store::Root().maxSize() * - (float) Config.Swap.lowWaterMark) / (float) 100); - store_pages_max = Config.memMaxSize / sizeof(mem_node); - - store_maxobjsize = storeCalcMaxObjSize(); + Store::Root().updateLimits(); } bool diff -u -r -N squid-4.0.9/src/store_swapout.cc squid-4.0.10/src/store_swapout.cc --- squid-4.0.9/src/store_swapout.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/store_swapout.cc 2016-05-06 23:35:13.000000000 +1200 @@ -427,20 +427,11 @@ // prevent final default swPossible answer for yet unknown length if (expectedEnd < 0 && store_status != STORE_OK) { - const int64_t maxKnownSize = mem_obj->availableForSwapOut(); - debugs(20, 7, HERE << "maxKnownSize= " << maxKnownSize); - /* - * NOTE: the store_maxobjsize here is the global maximum - * size of object cacheable in any of Squid cache stores - * both disk and memory stores. - * - * However, I am worried that this - * deferance may consume a lot of memory in some cases. - * Should we add an option to limit this memory consumption? - */ - debugs(20, 5, HERE << "Deferring swapout start for " << - (store_maxobjsize - maxKnownSize) << " bytes"); - return true; // may still fit, but no final decision yet + const int64_t more = Store::Root().accumulateMore(*this); + if (more > 0) { + debugs(20, 5, "got " << currentEnd << "; defer decision for " << more << " more bytes"); + return true; // may still fit, but no final decision yet + } } } diff -u -r -N squid-4.0.9/src/tests/stub_SwapDir.cc squid-4.0.10/src/tests/stub_SwapDir.cc --- squid-4.0.9/src/tests/stub_SwapDir.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/tests/stub_SwapDir.cc 2016-05-06 23:35:13.000000000 +1200 @@ -22,6 +22,7 @@ void SwapDir::statfs(StoreEntry &)const STUB void SwapDir::maintain() STUB uint64_t SwapDir::minSize() const STUB_RETVAL(0) +int64_t SwapDir::minObjectSize() const STUB_RETVAL(0) int64_t SwapDir::maxObjectSize() const STUB_RETVAL(0) void SwapDir::maxObjectSize(int64_t) STUB void SwapDir::reference(StoreEntry &) STUB diff -u -r -N squid-4.0.9/src/url.cc squid-4.0.10/src/url.cc --- squid-4.0.9/src/url.cc 2016-04-21 01:19:59.000000000 +1200 +++ squid-4.0.10/src/url.cc 2016-05-06 23:35:13.000000000 +1200 @@ -287,6 +287,8 @@ *t = 0; strncpy((char *) host, t + 1, sizeof(host)-1); host[sizeof(host)-1] = '\0'; + // Bug 4498: URL-unescape the login info after extraction + rfc1738_unescape(login); } /* Is there any host information? (we should eventually parse it above) */ diff -u -r -N squid-4.0.9/tools/helper-mux/helper-mux.8 squid-4.0.10/tools/helper-mux/helper-mux.8 --- squid-4.0.9/tools/helper-mux/helper-mux.8 2016-04-21 02:18:25.000000000 +1200 +++ squid-4.0.10/tools/helper-mux/helper-mux.8 2016-05-07 00:33:04.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "HELPER-MUX 8" -.TH HELPER-MUX 8 "2016-04-20" "perl v5.22.1" "User Contributed Perl Documentation" +.TH HELPER-MUX 8 "2016-05-06" "perl v5.22.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l