diff -u -r -N squid-6.0.2/ChangeLog squid-6.0.3/ChangeLog --- squid-6.0.2/ChangeLog 2023-05-01 09:33:35.000000000 +1200 +++ squid-6.0.3/ChangeLog 2023-06-07 06:34:33.000000000 +1200 @@ -1,3 +1,13 @@ +Changes in squid-6.0.3 (07 Jun 2023): + + - Bug 5148: Log %Ss of failed tunnels as TCP_TUNNEL + - Do not leak Security::CertErrors created in X509_verify_cert() + - Do not erase aborted StoreMap entries that are still being read + - Fix build in environments lacking syslog + - Fix build failures in some environments due to time_t type conflicts in libdebug + - Remove obsolete caddr_t + - ... and some documentation changes + Changes in squid-6.0.2 (30 Apr 2023): - Avoid excessive disk I/O in some environments diff -u -r -N squid-6.0.2/compat/os/mswindows.h squid-6.0.3/compat/os/mswindows.h --- squid-6.0.2/compat/os/mswindows.h 2023-05-01 09:33:35.000000000 +1200 +++ squid-6.0.3/compat/os/mswindows.h 2023-06-07 06:34:33.000000000 +1200 @@ -311,8 +311,6 @@ #include -typedef char * caddr_t; - #ifndef _PATH_DEVNULL #define _PATH_DEVNULL "NUL" #endif diff -u -r -N squid-6.0.2/configure squid-6.0.3/configure --- squid-6.0.2/configure 2023-05-01 10:00:10.000000000 +1200 +++ squid-6.0.3/configure 2023-06-07 06:49:22.000000000 +1200 @@ -1,7 +1,7 @@ #! /bin/sh # From configure.ac Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for Squid Web Proxy 6.0.2. +# Generated by GNU Autoconf 2.71 for Squid Web Proxy 6.0.3. # # Report bugs to . # @@ -626,8 +626,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='6.0.2' -PACKAGE_STRING='Squid Web Proxy 6.0.2' +PACKAGE_VERSION='6.0.3' +PACKAGE_STRING='Squid Web Proxy 6.0.3' PACKAGE_BUGREPORT='http://bugs.squid-cache.org/' PACKAGE_URL='' @@ -1696,7 +1696,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 6.0.2 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 6.0.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1767,7 +1767,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 6.0.2:";; + short | recursive ) echo "Configuration of Squid Web Proxy 6.0.3:";; esac cat <<\_ACEOF @@ -2187,7 +2187,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 6.0.2 +Squid Web Proxy configure 6.0.3 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -3200,7 +3200,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 6.0.2, which was +It was created by Squid Web Proxy $as_me 6.0.3, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -4692,7 +4692,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='6.0.2' + VERSION='6.0.3' printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h @@ -56854,7 +56854,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 6.0.2, which was +This file was extended by Squid Web Proxy $as_me 6.0.3, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -56922,7 +56922,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -Squid Web Proxy config.status 6.0.2 +Squid Web Proxy config.status 6.0.3 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff -u -r -N squid-6.0.2/configure.ac squid-6.0.3/configure.ac --- squid-6.0.2/configure.ac 2023-05-01 10:00:10.000000000 +1200 +++ squid-6.0.3/configure.ac 2023-06-07 06:49:22.000000000 +1200 @@ -5,7 +5,7 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -AC_INIT([Squid Web Proxy],[6.0.2],[http://bugs.squid-cache.org/],[squid]) +AC_INIT([Squid Web Proxy],[6.0.3],[http://bugs.squid-cache.org/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) diff -u -r -N squid-6.0.2/doc/release-notes/release-6.html squid-6.0.3/doc/release-notes/release-6.html --- squid-6.0.2/doc/release-notes/release-6.html 2023-05-01 10:06:58.000000000 +1200 +++ squid-6.0.3/doc/release-notes/release-6.html 2023-06-07 06:53:17.000000000 +1200 @@ -3,10 +3,10 @@ - Squid 6.0.2 release notes + Squid 6.0.3 release notes -

Squid 6.0.2 release notes

+

Squid 6.0.3 release notes

Squid Developers

@@ -59,7 +59,7 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-6.0.2 for testing.

+

The Squid Team are pleased to announce the release of Squid-6.0.3 for testing.

This new release is available for download from http://www.squid-cache.org/Versions/v6/ or the mirrors.

@@ -329,6 +329,8 @@ made for this request.

Squid now adds ABORTED to values printed by the Ss code in more cases where a TCP Squid-to-server connection was closed prematurely.

+

Squid now logs TCP_TUNNEL with the Ss code when a CONNECT tunnel +is attempted, not just on successful tunnel setup.

server_cert_fingerprint

Removed the broken -sha option. SHA1 remains the default and diff -u -r -N squid-6.0.2/include/version.h squid-6.0.3/include/version.h --- squid-6.0.2/include/version.h 2023-05-01 10:00:10.000000000 +1200 +++ squid-6.0.3/include/version.h 2023-06-07 06:49:22.000000000 +1200 @@ -10,7 +10,7 @@ #define SQUID_VERSION_H #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1682891994 +#define SQUID_RELEASE_TIME 1686077352 #endif /* diff -u -r -N squid-6.0.2/lib/radix.c squid-6.0.3/lib/radix.c --- squid-6.0.2/lib/radix.c 2023-05-01 09:33:35.000000000 +1200 +++ squid-6.0.3/lib/radix.c 2023-06-07 06:34:33.000000000 +1200 @@ -98,7 +98,6 @@ #define rm_leaf rm_rmu.rmu_leaf /* extra field would make 32 bytes */ /* Helper macros */ -#define squid_Bcmp(a, b, l) (l == 0 ? 0 : memcmp((caddr_t)(a), (caddr_t)(b), (u_long)l)) #define squid_R_Malloc(p, t, n) (p = (t) xmalloc((unsigned int)(n))) #define squid_Free(p) xfree((char *)p) #define squid_MKGet(m) {\ @@ -151,7 +150,7 @@ struct squid_radix_node * squid_rn_search(void *v_arg, struct squid_radix_node *head) { register struct squid_radix_node *x; - register caddr_t v; + register char *v; for (x = head, v = v_arg; x->rn_b >= 0;) { if (x->rn_bmask & v[x->rn_off]) @@ -165,7 +164,7 @@ struct squid_radix_node * squid_rn_search_m(void *v_arg, struct squid_radix_node *head, void *m_arg) { register struct squid_radix_node *x; - register caddr_t v = v_arg, m = m_arg; + register char *v = v_arg, *m = m_arg; for (x = head; x->rn_b >= 0;) { if ((x->rn_bmask & m[x->rn_off]) && @@ -180,8 +179,8 @@ int squid_rn_refines(void *m_arg, void *n_arg) { - register caddr_t m = m_arg, n = n_arg; - register caddr_t lim, lim2 = lim = n + *(u_char *) n; + register char *m = m_arg, *n = n_arg; + register char *lim, *lim2 = lim = n + *(u_char *) n; int longer = (*(u_char *) n++) - (int) (*(u_char *) m++); int masks_are_equal = 1; @@ -206,7 +205,7 @@ struct squid_radix_node * squid_rn_lookup(void *v_arg, void *m_arg, struct squid_radix_node_head *head) { register struct squid_radix_node *x; - caddr_t netmask = 0; + char *netmask = NULL; if (m_arg) { if ((x = squid_rn_addmask(m_arg, 1, head->rnh_treetop->rn_off)) == 0) @@ -243,10 +242,10 @@ struct squid_radix_node * squid_rn_match(void *v_arg, struct squid_radix_node_head *head) { - caddr_t v = v_arg; + char *v = v_arg; register struct squid_radix_node *t = head->rnh_treetop, *x; - register caddr_t cp = v, cp2; - caddr_t cplim; + register char *cp = v, *cp2; + char *cplim; struct squid_radix_node *saved_t, *top = t; int off = t->rn_off, vlen = *(u_char *) cp, matched_off; register int test, b, rn_b; @@ -348,7 +347,7 @@ t->rn_l = tt; t->rn_off = b >> 3; tt->rn_b = -1; - tt->rn_key = (caddr_t) v; + tt->rn_key = (char *) v; tt->rn_p = t; tt->rn_flags = t->rn_flags = RNF_ACTIVE; return t; @@ -356,20 +355,20 @@ struct squid_radix_node * squid_rn_insert(void *v_arg, struct squid_radix_node_head *head, int *dupentry, struct squid_radix_node nodes[2]) { - caddr_t v = v_arg; + char *v = v_arg; struct squid_radix_node *top = head->rnh_treetop; int head_off = top->rn_off, vlen = (int) *((u_char *) v); register struct squid_radix_node *t = squid_rn_search(v_arg, top); - register caddr_t cp = v + head_off; + register char *cp = v + head_off; register int b; struct squid_radix_node *tt; /* * Find first bit at which v and t->rn_key differ */ { - register caddr_t cp2 = t->rn_key + head_off; + register char *cp2 = t->rn_key + head_off; register int cmp_res; - caddr_t cplim = v + vlen; + char *cplim = v + vlen; while (cp < cplim) if (*cp2++ != *cp++) @@ -412,9 +411,9 @@ struct squid_radix_node * squid_rn_addmask(void *n_arg, int search, int skip) { - caddr_t netmask = (caddr_t) n_arg; + char *netmask = (char *) n_arg; register struct squid_radix_node *x; - register caddr_t cp, cplim; + register char *cp, *cplim; register int b = 0, mlen, j; int maskduplicated, m0, isnormal; struct squid_radix_node *saved_x; @@ -453,7 +452,7 @@ if ((saved_x = x) == 0) return (0); memset(x, '\0', squid_max_keylen + 2 * sizeof(*x)); - netmask = cp = (caddr_t) (x + 2); + netmask = cp = (char *) (x + 2); memcpy(cp, addmask_key, mlen); x = squid_rn_insert(cp, squid_mask_rnhead, &maskduplicated, x); if (maskduplicated) { @@ -518,12 +517,12 @@ struct squid_radix_node * squid_rn_addroute(void *v_arg, void *n_arg, struct squid_radix_node_head *head, struct squid_radix_node treenodes[2]) { - caddr_t v = (caddr_t) v_arg, netmask = (caddr_t) n_arg; + char *v = (char *) v_arg, *netmask = (char *) n_arg; register struct squid_radix_node *t, *x = NULL, *tt; struct squid_radix_node *saved_tt, *top = head->rnh_treetop; short b = 0, b_leaf = 0; int keyduplicated; - caddr_t mmask; + char *mmask; struct squid_radix_mask *m, **mp; /* @@ -583,7 +582,7 @@ tt->rn_dupedkey = t->rn_dupedkey; t->rn_dupedkey = tt; } - tt->rn_key = (caddr_t) v; + tt->rn_key = (char *) v; tt->rn_b = -1; tt->rn_flags = RNF_ACTIVE; } @@ -666,7 +665,7 @@ register struct squid_radix_node *t, *p, *x, *tt; struct squid_radix_mask *m, *saved_m, **mp; struct squid_radix_node *dupedkey, *saved_tt, *top; - caddr_t v, netmask; + char *v, *netmask; int b, head_off, vlen; v = v_arg; diff -u -r -N squid-6.0.2/RELEASENOTES.html squid-6.0.3/RELEASENOTES.html --- squid-6.0.2/RELEASENOTES.html 2023-05-01 10:06:58.000000000 +1200 +++ squid-6.0.3/RELEASENOTES.html 2023-06-07 06:53:17.000000000 +1200 @@ -3,10 +3,10 @@ - Squid 6.0.2 release notes + Squid 6.0.3 release notes -

Squid 6.0.2 release notes

+

Squid 6.0.3 release notes

Squid Developers

@@ -59,7 +59,7 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-6.0.2 for testing.

+

The Squid Team are pleased to announce the release of Squid-6.0.3 for testing.

This new release is available for download from http://www.squid-cache.org/Versions/v6/ or the mirrors.

@@ -329,6 +329,8 @@ made for this request.

Squid now adds ABORTED to values printed by the Ss code in more cases where a TCP Squid-to-server connection was closed prematurely.

+

Squid now logs TCP_TUNNEL with the Ss code when a CONNECT tunnel +is attempted, not just on successful tunnel setup.

server_cert_fingerprint

Removed the broken -sha option. SHA1 remains the default and diff -u -r -N squid-6.0.2/SPONSORS squid-6.0.3/SPONSORS --- squid-6.0.2/SPONSORS 2023-05-01 10:00:10.000000000 +1200 +++ squid-6.0.3/SPONSORS 2023-06-07 06:49:22.000000000 +1200 @@ -13,7 +13,7 @@ DigitalOcean has donated droplets from their cloud infrastructure to host most of Squid Project's continuous integration farm. -SpinUp - https://SpinUp.com +SpinUp SpinUp has donated cloud resources to host our main website, wiki and mailing lists. diff -u -r -N squid-6.0.2/src/acl/external/delayer/ext_delayer_acl.8 squid-6.0.3/src/acl/external/delayer/ext_delayer_acl.8 --- squid-6.0.2/src/acl/external/delayer/ext_delayer_acl.8 2023-05-01 10:07:03.000000000 +1200 +++ squid-6.0.3/src/acl/external/delayer/ext_delayer_acl.8 2023-06-07 06:53:22.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_DELAYER_ACL 8" -.TH EXT_DELAYER_ACL 8 "2023-04-30" "perl v5.36.0" "User Contributed Perl Documentation" +.TH EXT_DELAYER_ACL 8 "2023-06-06" "perl v5.36.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-6.0.2/src/acl/external/kerberos_sid_group/ext_kerberos_sid_group_acl.8 squid-6.0.3/src/acl/external/kerberos_sid_group/ext_kerberos_sid_group_acl.8 --- squid-6.0.2/src/acl/external/kerberos_sid_group/ext_kerberos_sid_group_acl.8 2023-05-01 10:07:03.000000000 +1200 +++ squid-6.0.3/src/acl/external/kerberos_sid_group/ext_kerberos_sid_group_acl.8 2023-06-07 06:53:22.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_KERBEROS_SID_GROUP_ACL 8" -.TH EXT_KERBEROS_SID_GROUP_ACL 8 "2023-04-30" "perl v5.36.0" "User Contributed Perl Documentation" +.TH EXT_KERBEROS_SID_GROUP_ACL 8 "2023-06-06" "perl v5.36.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-6.0.2/src/acl/external/SQL_session/ext_sql_session_acl.8 squid-6.0.3/src/acl/external/SQL_session/ext_sql_session_acl.8 --- squid-6.0.2/src/acl/external/SQL_session/ext_sql_session_acl.8 2023-05-01 10:07:03.000000000 +1200 +++ squid-6.0.3/src/acl/external/SQL_session/ext_sql_session_acl.8 2023-06-07 06:53:22.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_SQL_SESSION_ACL 8" -.TH EXT_SQL_SESSION_ACL 8 "2023-04-30" "perl v5.36.0" "User Contributed Perl Documentation" +.TH EXT_SQL_SESSION_ACL 8 "2023-06-06" "perl v5.36.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-6.0.2/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 squid-6.0.3/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 --- squid-6.0.2/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 2023-05-01 10:07:04.000000000 +1200 +++ squid-6.0.3/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 2023-06-07 06:53:22.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_WBINFO_GROUP_ACL 8" -.TH EXT_WBINFO_GROUP_ACL 8 "2023-04-30" "perl v5.36.0" "User Contributed Perl Documentation" +.TH EXT_WBINFO_GROUP_ACL 8 "2023-06-06" "perl v5.36.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-6.0.2/src/acl/FilledChecklist.cc squid-6.0.3/src/acl/FilledChecklist.cc --- squid-6.0.2/src/acl/FilledChecklist.cc 2023-05-01 09:33:35.000000000 +1200 +++ squid-6.0.3/src/acl/FilledChecklist.cc 2023-06-07 06:34:33.000000000 +1200 @@ -34,9 +34,6 @@ #if SQUID_SNMP snmp_community(nullptr), #endif -#if USE_OPENSSL - sslErrors(nullptr), -#endif requestErrorType(ERR_MAX), conn_(nullptr), fd_(-1), @@ -61,10 +58,6 @@ cbdataReferenceDone(conn_); -#if USE_OPENSSL - cbdataReferenceDone(sslErrors); -#endif - debugs(28, 4, "ACLFilledChecklist destroyed " << this); } @@ -228,9 +221,6 @@ #if SQUID_SNMP snmp_community(nullptr), #endif -#if USE_OPENSSL - sslErrors(nullptr), -#endif requestErrorType(ERR_MAX), conn_(nullptr), fd_(-1), diff -u -r -N squid-6.0.2/src/acl/FilledChecklist.h squid-6.0.3/src/acl/FilledChecklist.h --- squid-6.0.2/src/acl/FilledChecklist.h 2023-05-01 09:33:35.000000000 +1200 +++ squid-6.0.3/src/acl/FilledChecklist.h 2023-06-07 06:34:33.000000000 +1200 @@ -87,11 +87,12 @@ char *snmp_community; #endif + // TODO: RefCount errors; do not ignore them because their "owner" is gone! /// TLS server [certificate validation] errors, in undefined order. /// The errors are accumulated as Squid goes through validation steps /// and server certificates. They are cleared on connection retries. /// For sslproxy_cert_error checks, contains just the current/last error. - const Security::CertErrors *sslErrors; + CbcPointer sslErrors; /// Peer certificate being checked by ssl_verify_cb() and by /// Security::PeerConnector class. In other contexts, the peer diff -u -r -N squid-6.0.2/src/acl/SslError.cc squid-6.0.3/src/acl/SslError.cc --- squid-6.0.2/src/acl/SslError.cc 2023-05-01 09:33:35.000000000 +1200 +++ squid-6.0.3/src/acl/SslError.cc 2023-06-07 06:34:33.000000000 +1200 @@ -14,6 +14,6 @@ int ACLSslErrorStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) { - return data->match (checklist->sslErrors); + return data->match(checklist->sslErrors.get()); } diff -u -r -N squid-6.0.2/src/auth/basic/DB/basic_db_auth.8 squid-6.0.3/src/auth/basic/DB/basic_db_auth.8 --- squid-6.0.2/src/auth/basic/DB/basic_db_auth.8 2023-05-01 10:07:05.000000000 +1200 +++ squid-6.0.3/src/auth/basic/DB/basic_db_auth.8 2023-06-07 06:53:23.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_DB_AUTH 8" -.TH BASIC_DB_AUTH 8 "2023-04-30" "perl v5.36.0" "User Contributed Perl Documentation" +.TH BASIC_DB_AUTH 8 "2023-06-06" "perl v5.36.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-6.0.2/src/auth/basic/POP3/basic_pop3_auth.8 squid-6.0.3/src/auth/basic/POP3/basic_pop3_auth.8 --- squid-6.0.2/src/auth/basic/POP3/basic_pop3_auth.8 2023-05-01 10:07:05.000000000 +1200 +++ squid-6.0.3/src/auth/basic/POP3/basic_pop3_auth.8 2023-06-07 06:53:23.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_POP3_AUTH 8" -.TH BASIC_POP3_AUTH 8 "2023-04-30" "perl v5.36.0" "User Contributed Perl Documentation" +.TH BASIC_POP3_AUTH 8 "2023-06-06" "perl v5.36.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-6.0.2/src/client_side.cc squid-6.0.3/src/client_side.cc --- squid-6.0.2/src/client_side.cc 2023-05-01 09:33:35.000000000 +1200 +++ squid-6.0.3/src/client_side.cc 2023-06-07 06:34:33.000000000 +1200 @@ -1524,11 +1524,10 @@ bool allowDomainMismatch = false; if (Config.ssl_client.cert_error) { ACLFilledChecklist check(Config.ssl_client.cert_error, nullptr); - check.sslErrors = new Security::CertErrors(Security::CertError(SQUID_X509_V_ERR_DOMAIN_MISMATCH, srvCert)); + const auto sslErrors = std::make_unique(Security::CertError(SQUID_X509_V_ERR_DOMAIN_MISMATCH, srvCert)); + check.sslErrors = sslErrors.get(); clientAclChecklistFill(check, http); allowDomainMismatch = check.fastCheck().allowed(); - delete check.sslErrors; - check.sslErrors = nullptr; } if (!allowDomainMismatch) { @@ -3583,7 +3582,7 @@ #if USE_OPENSSL if (!checklist.sslErrors && sslServerBump) - checklist.sslErrors = cbdataReference(sslServerBump->sslErrors()); + checklist.sslErrors = sslServerBump->sslErrors(); #endif if (!checklist.rfc931[0]) // checklist creator may have supplied it already diff -u -r -N squid-6.0.2/src/debug/debug.cc squid-6.0.3/src/debug/debug.cc --- squid-6.0.2/src/debug/debug.cc 2023-05-01 09:33:35.000000000 +1200 +++ squid-6.0.3/src/debug/debug.cc 2023-06-07 06:34:33.000000000 +1200 @@ -11,6 +11,7 @@ #include "squid.h" #include "base/TextException.h" #include "debug/Stream.h" +#include "fatal.h" #include "fd.h" #include "ipc/Kids.h" #include "time/gadgets.h" @@ -1226,10 +1227,11 @@ static time_t last_t = 0; if (Debug::Level() > 1) { + last_t = t.tv_sec; // 4 bytes smaller than buf to ensure .NNN catenation by snprintf() // is safe and works even if strftime() fills its buffer. char buf2[sizeof(buf)-4]; - const auto tm = localtime(&t.tv_sec); + const auto tm = localtime(&last_t); strftime(buf2, sizeof(buf2), "%Y/%m/%d %H:%M:%S", tm); buf2[sizeof(buf2)-1] = '\0'; const auto sz = snprintf(buf, sizeof(buf), "%s.%03d", buf2, static_cast(t.tv_usec / 1000)); @@ -1237,10 +1239,10 @@ // force buf reset for subsequent level-0/1 messages that should have no milliseconds last_t = 0; } else if (t.tv_sec != last_t) { - const auto tm = localtime(&t.tv_sec); + last_t = t.tv_sec; + const auto tm = localtime(&last_t); const int sz = strftime(buf, sizeof(buf), "%Y/%m/%d %H:%M:%S", tm); assert(0 < sz && sz <= static_cast(sizeof(buf))); - last_t = t.tv_sec; } buf[sizeof(buf)-1] = '\0'; diff -u -r -N squid-6.0.2/src/http/url_rewriters/LFS/url_lfs_rewrite.8 squid-6.0.3/src/http/url_rewriters/LFS/url_lfs_rewrite.8 --- squid-6.0.2/src/http/url_rewriters/LFS/url_lfs_rewrite.8 2023-05-01 10:07:06.000000000 +1200 +++ squid-6.0.3/src/http/url_rewriters/LFS/url_lfs_rewrite.8 2023-06-07 06:53:25.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "URL_LFS_REWRITE 8" -.TH URL_LFS_REWRITE 8 "2023-04-30" "perl v5.36.0" "User Contributed Perl Documentation" +.TH URL_LFS_REWRITE 8 "2023-06-06" "perl v5.36.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-6.0.2/src/ipc/ReadWriteLock.cc squid-6.0.3/src/ipc/ReadWriteLock.cc --- squid-6.0.2/src/ipc/ReadWriteLock.cc 2023-05-01 09:33:35.000000000 +1200 +++ squid-6.0.3/src/ipc/ReadWriteLock.cc 2023-06-07 06:34:33.000000000 +1200 @@ -127,6 +127,23 @@ appending = true; } +bool +Ipc::ReadWriteLock::stopAppendingAndRestoreExclusive() +{ + assert(writing); + assert(appending); + + appending = false; + + // Checking `readers` here would mishandle a lockShared() call that started + // before we banned appending above, saw still true `appending`, got on a + // "success" code path, but had not incremented the `readers` counter yet. + // Checking `readLevel` mishandles lockShared() that saw false `appending`, + // got on a "failure" code path, but had not decremented `readLevel` yet. + // Our callers prefer the wrong "false" to the wrong "true" result. + return !readLevel; +} + void Ipc::ReadWriteLock::updateStats(ReadWriteLockStats &stats) const { diff -u -r -N squid-6.0.2/src/ipc/ReadWriteLock.h squid-6.0.3/src/ipc/ReadWriteLock.h --- squid-6.0.2/src/ipc/ReadWriteLock.h 2023-05-01 09:33:35.000000000 +1200 +++ squid-6.0.3/src/ipc/ReadWriteLock.h 2023-06-07 06:34:33.000000000 +1200 @@ -42,6 +42,11 @@ void startAppending(); ///< writer keeps its lock but also allows reading + /// writer keeps its lock and disallows future readers + /// \returns whether access became exclusive (i.e. no readers) + /// \prec appending is true + bool stopAppendingAndRestoreExclusive(); + /// adds approximate current stats to the supplied ones void updateStats(ReadWriteLockStats &stats) const; diff -u -r -N squid-6.0.2/src/ipc/StoreMap.cc squid-6.0.3/src/ipc/StoreMap.cc --- squid-6.0.2/src/ipc/StoreMap.cc 2023-05-01 09:33:35.000000000 +1200 +++ squid-6.0.3/src/ipc/StoreMap.cc 2023-06-07 06:34:33.000000000 +1200 @@ -253,15 +253,14 @@ debugs(54, 5, "aborting entry " << fileno << " for writing " << path); Anchor &s = anchorAt(fileno); assert(s.writing()); - s.lock.appending = false; // locks out any new readers - if (!s.lock.readers) { + if (!s.lock.appending || s.lock.stopAppendingAndRestoreExclusive()) { freeChain(fileno, s, false); - debugs(54, 5, "closed clean entry " << fileno << " for writing " << path); + debugs(54, 5, "closed idle entry " << fileno << " for writing " << path); } else { s.waitingToBeFreed = true; s.writerHalted = true; s.lock.unlockExclusive(); - debugs(54, 5, "closed dirty entry " << fileno << " for writing " << path); + debugs(54, 5, "closed busy entry " << fileno << " for writing " << path); } } diff -u -r -N squid-6.0.2/src/log/DB/log_db_daemon.8 squid-6.0.3/src/log/DB/log_db_daemon.8 --- squid-6.0.2/src/log/DB/log_db_daemon.8 2023-05-01 10:07:06.000000000 +1200 +++ squid-6.0.3/src/log/DB/log_db_daemon.8 2023-06-07 06:53:25.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "LOG_DB_DAEMON 8" -.TH LOG_DB_DAEMON 8 "2023-04-30" "perl v5.36.0" "User Contributed Perl Documentation" +.TH LOG_DB_DAEMON 8 "2023-06-06" "perl v5.36.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-6.0.2/src/LogTags.h squid-6.0.3/src/LogTags.h --- squid-6.0.2/src/LogTags.h 2023-05-01 09:33:35.000000000 +1200 +++ squid-6.0.3/src/LogTags.h 2023-06-07 06:34:33.000000000 +1200 @@ -53,7 +53,7 @@ LOG_TCP_DENIED_REPLY, LOG_TCP_OFFLINE_HIT, LOG_TCP_REDIRECT, - LOG_TCP_TUNNEL, // a binary tunnel was established for this transaction + LOG_TCP_TUNNEL, ///< an attempt to establish a bidirectional TCP tunnel LOG_UDP_HIT, LOG_UDP_MISS, LOG_UDP_DENIED, diff -u -r -N squid-6.0.2/src/security/cert_validators/fake/security_fake_certverify.8 squid-6.0.3/src/security/cert_validators/fake/security_fake_certverify.8 --- squid-6.0.2/src/security/cert_validators/fake/security_fake_certverify.8 2023-05-01 10:07:07.000000000 +1200 +++ squid-6.0.3/src/security/cert_validators/fake/security_fake_certverify.8 2023-06-07 06:53:26.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SECURITY_FAKE_CERTVERIFY 8" -.TH SECURITY_FAKE_CERTVERIFY 8 "2023-04-30" "perl v5.36.0" "User Contributed Perl Documentation" +.TH SECURITY_FAKE_CERTVERIFY 8 "2023-06-06" "perl v5.36.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-6.0.2/src/security/PeerConnector.cc squid-6.0.3/src/security/PeerConnector.cc --- squid-6.0.2/src/security/PeerConnector.cc 2023-05-01 09:33:35.000000000 +1200 +++ squid-6.0.3/src/security/PeerConnector.cc 2023-06-07 06:34:33.000000000 +1200 @@ -402,9 +402,11 @@ if (!errDetails) { bool allowed = false; if (check) { - check->sslErrors = new Security::CertErrors(Security::CertError(i->error_no, i->cert, i->error_depth)); + const auto sslErrors = std::make_unique(Security::CertError(i->error_no, i->cert, i->error_depth)); + check->sslErrors = sslErrors.get(); if (check->fastCheck().allowed()) allowed = true; + check->sslErrors.clear(); } // else the Config.ssl_client.cert_error access list is not defined // and the first error will cause the error page @@ -418,10 +420,6 @@ const char *aReason = i->error_reason.empty() ? nullptr : i->error_reason.c_str(); errDetails = new ErrorDetail(i->error_no, peerCert, brokenCert, aReason); } - if (check) { - delete check->sslErrors; - check->sslErrors = nullptr; - } } if (!errs) diff -u -r -N squid-6.0.2/src/ssl/ServerBump.cc squid-6.0.3/src/ssl/ServerBump.cc --- squid-6.0.2/src/ssl/ServerBump.cc 2023-05-01 09:33:35.000000000 +1200 +++ squid-6.0.3/src/ssl/ServerBump.cc 2023-06-07 06:34:33.000000000 +1200 @@ -62,13 +62,12 @@ serverSession = s; } -const Security::CertErrors * +Security::CertErrors * Ssl::ServerBump::sslErrors() const { if (!serverSession) return nullptr; - const Security::CertErrors *errs = static_cast(SSL_get_ex_data(serverSession.get(), ssl_ex_index_ssl_errors)); - return errs; + return static_cast(SSL_get_ex_data(serverSession.get(), ssl_ex_index_ssl_errors)); } diff -u -r -N squid-6.0.2/src/ssl/ServerBump.h squid-6.0.3/src/ssl/ServerBump.h --- squid-6.0.2/src/ssl/ServerBump.h 2023-05-01 09:33:35.000000000 +1200 +++ squid-6.0.3/src/ssl/ServerBump.h 2023-06-07 06:34:33.000000000 +1200 @@ -38,7 +38,7 @@ explicit ServerBump(ClientHttpRequest *http, StoreEntry *e = nullptr, Ssl::BumpMode mode = Ssl::bumpServerFirst); ~ServerBump(); void attachServerSession(const Security::SessionPointer &); ///< Sets the server TLS session object - const Security::CertErrors *sslErrors() const; ///< SSL [certificate validation] errors + Security::CertErrors *sslErrors() const; ///< SSL [certificate validation] errors /// whether there was a successful connection to (and peeking at) the origin server bool connectedOk() const {return entry && entry->isEmpty();} diff -u -r -N squid-6.0.2/src/ssl/support.cc squid-6.0.3/src/ssl/support.cc --- squid-6.0.2/src/ssl/support.cc 2023-05-01 09:33:35.000000000 +1200 +++ squid-6.0.3/src/ssl/support.cc 2023-06-07 06:34:33.000000000 +1200 @@ -351,7 +351,8 @@ if (check) { ACLFilledChecklist *filledCheck = Filled(check); const auto savedErrors = filledCheck->sslErrors; - filledCheck->sslErrors = new Security::CertErrors(Security::CertError(error_no, broken_cert)); + const auto sslErrors = std::make_unique(Security::CertError(error_no, broken_cert)); + filledCheck->sslErrors = sslErrors.get(); filledCheck->serverCert = peer_cert; if (check->fastCheck().allowed()) { debugs(83, 3, "bypassing SSL error " << error_no << " in " << *peer_cert); @@ -359,7 +360,6 @@ } else { debugs(83, 5, "confirming SSL error " << error_no); } - delete filledCheck->sslErrors; filledCheck->sslErrors = savedErrors; filledCheck->serverCert.reset(); } diff -u -r -N squid-6.0.2/src/store/id_rewriters/file/storeid_file_rewrite.8 squid-6.0.3/src/store/id_rewriters/file/storeid_file_rewrite.8 --- squid-6.0.2/src/store/id_rewriters/file/storeid_file_rewrite.8 2023-05-01 10:07:04.000000000 +1200 +++ squid-6.0.3/src/store/id_rewriters/file/storeid_file_rewrite.8 2023-06-07 06:53:23.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "STOREID_FILE_REWRITE 8" -.TH STOREID_FILE_REWRITE 8 "2023-04-30" "perl v5.36.0" "User Contributed Perl Documentation" +.TH STOREID_FILE_REWRITE 8 "2023-06-06" "perl v5.36.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-6.0.2/src/tunnel.cc squid-6.0.3/src/tunnel.cc --- squid-6.0.2/src/tunnel.cc 2023-05-01 09:33:35.000000000 +1200 +++ squid-6.0.3/src/tunnel.cc 2023-06-07 06:34:33.000000000 +1200 @@ -370,6 +370,8 @@ al = clientRequest->al; http = clientRequest; + al->cache.code.update(LOG_TCP_TUNNEL); + client.initConnection(clientRequest->getConn()->clientConnection, tunnelClientClosed, "tunnelClientClosed", this); AsyncCall::Pointer timeoutCall = commCbCall(5, 4, "tunnelTimeout", @@ -927,7 +929,6 @@ commSetConnTimeout(tunnelState->server.conn, Config.Timeout.read, timeoutCall); *tunnelState->status_ptr = Http::scOkay; - tunnelState->al->cache.code.update(LOG_TCP_TUNNEL); if (cbdataReferenceValid(tunnelState)) { // Shovel any payload already pushed into reply buffer by the server response @@ -980,8 +981,6 @@ peerWait.finish(); server.len = 0; - al->cache.code.update(LOG_TCP_TUNNEL); - // XXX: al->http.code (i.e. *status_ptr) should not be (re)set // until we actually start responding to the client. Right here/now, we only // know how this cache_peer has responded to us. @@ -1164,6 +1163,7 @@ ch.syncAle(request, http->log_uri); if (ch.fastCheck().denied()) { debugs(26, 4, "MISS access forbidden."); + http->updateLoggingTags(LOG_TCP_TUNNEL); err = new ErrorState(ERR_FORWARDING_DENIED, Http::scForbidden, request, http->al); http->al->http.code = Http::scForbidden; errorSend(http->getConn()->clientConnection, err); diff -u -r -N squid-6.0.2/tools/helper-mux/helper-mux.8 squid-6.0.3/tools/helper-mux/helper-mux.8 --- squid-6.0.2/tools/helper-mux/helper-mux.8 2023-05-01 10:07:07.000000000 +1200 +++ squid-6.0.3/tools/helper-mux/helper-mux.8 2023-06-07 06:53:26.000000000 +1200 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "HELPER-MUX 8" -.TH HELPER-MUX 8 "2023-04-30" "perl v5.36.0" "User Contributed Perl Documentation" +.TH HELPER-MUX 8 "2023-06-06" "perl v5.36.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-6.0.2/tools/purge/copyout.cc squid-6.0.3/tools/purge/copyout.cc --- squid-6.0.2/tools/purge/copyout.cc 2023-05-01 09:33:35.000000000 +1200 +++ squid-6.0.3/tools/purge/copyout.cc 2023-06-07 06:34:33.000000000 +1200 @@ -252,17 +252,15 @@ } // create source mmap to copy from (mmap complete file) - caddr_t src = (caddr_t) mmap( nullptr, filesize, PROT_READ, - MAP_FILE | MAP_SHARED, input, 0 ); - if ( src == (caddr_t) -1 ) { + const auto src = static_cast(mmap(nullptr, filesize, PROT_READ, MAP_FILE | MAP_SHARED, input, 0)); + if (src == reinterpret_cast(-1)) { perror( "mmap input" ); BAUTZ(false); } // create destination mmap to copy into (mmap data portion) - caddr_t dst = (caddr_t) mmap( nullptr, filesize-metasize, PROT_READ | PROT_WRITE, - MAP_FILE | MAP_SHARED, out, 0 ); - if ( dst == (caddr_t) -1 ) { + auto dst = static_cast(mmap(nullptr, filesize-metasize, PROT_READ | PROT_WRITE, MAP_FILE | MAP_SHARED, out, 0)); + if (dst == reinterpret_cast(-1)) { perror( "mmap output" ); munmap( src, filesize ); BAUTZ(false);