diff -u -r -N squid-6.0.2/ChangeLog squid-6.0.3/ChangeLog
--- squid-6.0.2/ChangeLog 2023-05-01 09:33:35.000000000 +1200
+++ squid-6.0.3/ChangeLog 2023-06-07 06:34:33.000000000 +1200
@@ -1,3 +1,13 @@
+Changes in squid-6.0.3 (07 Jun 2023):
+
+ - Bug 5148: Log %Ss of failed tunnels as TCP_TUNNEL
+ - Do not leak Security::CertErrors created in X509_verify_cert()
+ - Do not erase aborted StoreMap entries that are still being read
+ - Fix build in environments lacking syslog
+ - Fix build failures in some environments due to time_t type conflicts in libdebug
+ - Remove obsolete caddr_t
+ - ... and some documentation changes
+
Changes in squid-6.0.2 (30 Apr 2023):
- Avoid excessive disk I/O in some environments
diff -u -r -N squid-6.0.2/compat/os/mswindows.h squid-6.0.3/compat/os/mswindows.h
--- squid-6.0.2/compat/os/mswindows.h 2023-05-01 09:33:35.000000000 +1200
+++ squid-6.0.3/compat/os/mswindows.h 2023-06-07 06:34:33.000000000 +1200
@@ -311,8 +311,6 @@
#include
-typedef char * caddr_t;
-
#ifndef _PATH_DEVNULL
#define _PATH_DEVNULL "NUL"
#endif
diff -u -r -N squid-6.0.2/configure squid-6.0.3/configure
--- squid-6.0.2/configure 2023-05-01 10:00:10.000000000 +1200
+++ squid-6.0.3/configure 2023-06-07 06:49:22.000000000 +1200
@@ -1,7 +1,7 @@
#! /bin/sh
# From configure.ac Revision.
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for Squid Web Proxy 6.0.2.
+# Generated by GNU Autoconf 2.71 for Squid Web Proxy 6.0.3.
#
# Report bugs to .
#
@@ -626,8 +626,8 @@
# Identity of this package.
PACKAGE_NAME='Squid Web Proxy'
PACKAGE_TARNAME='squid'
-PACKAGE_VERSION='6.0.2'
-PACKAGE_STRING='Squid Web Proxy 6.0.2'
+PACKAGE_VERSION='6.0.3'
+PACKAGE_STRING='Squid Web Proxy 6.0.3'
PACKAGE_BUGREPORT='http://bugs.squid-cache.org/'
PACKAGE_URL=''
@@ -1696,7 +1696,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures Squid Web Proxy 6.0.2 to adapt to many kinds of systems.
+\`configure' configures Squid Web Proxy 6.0.3 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1767,7 +1767,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of Squid Web Proxy 6.0.2:";;
+ short | recursive ) echo "Configuration of Squid Web Proxy 6.0.3:";;
esac
cat <<\_ACEOF
@@ -2187,7 +2187,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-Squid Web Proxy configure 6.0.2
+Squid Web Proxy configure 6.0.3
generated by GNU Autoconf 2.71
Copyright (C) 2021 Free Software Foundation, Inc.
@@ -3200,7 +3200,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by Squid Web Proxy $as_me 6.0.2, which was
+It was created by Squid Web Proxy $as_me 6.0.3, which was
generated by GNU Autoconf 2.71. Invocation command line was
$ $0$ac_configure_args_raw
@@ -4692,7 +4692,7 @@
# Define the identity of the package.
PACKAGE='squid'
- VERSION='6.0.2'
+ VERSION='6.0.3'
printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h
@@ -56854,7 +56854,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by Squid Web Proxy $as_me 6.0.2, which was
+This file was extended by Squid Web Proxy $as_me 6.0.3, which was
generated by GNU Autoconf 2.71. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -56922,7 +56922,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config='$ac_cs_config_escaped'
ac_cs_version="\\
-Squid Web Proxy config.status 6.0.2
+Squid Web Proxy config.status 6.0.3
configured by $0, generated by GNU Autoconf 2.71,
with options \\"\$ac_cs_config\\"
diff -u -r -N squid-6.0.2/configure.ac squid-6.0.3/configure.ac
--- squid-6.0.2/configure.ac 2023-05-01 10:00:10.000000000 +1200
+++ squid-6.0.3/configure.ac 2023-06-07 06:49:22.000000000 +1200
@@ -5,7 +5,7 @@
## Please see the COPYING and CONTRIBUTORS files for details.
##
-AC_INIT([Squid Web Proxy],[6.0.2],[http://bugs.squid-cache.org/],[squid])
+AC_INIT([Squid Web Proxy],[6.0.3],[http://bugs.squid-cache.org/],[squid])
AC_PREREQ(2.61)
AC_CONFIG_HEADERS([include/autoconf.h])
AC_CONFIG_AUX_DIR(cfgaux)
diff -u -r -N squid-6.0.2/doc/release-notes/release-6.html squid-6.0.3/doc/release-notes/release-6.html
--- squid-6.0.2/doc/release-notes/release-6.html 2023-05-01 10:06:58.000000000 +1200
+++ squid-6.0.3/doc/release-notes/release-6.html 2023-06-07 06:53:17.000000000 +1200
@@ -3,10 +3,10 @@
- Squid 6.0.2 release notes
+ Squid 6.0.3 release notes
-Squid 6.0.2 release notes
+Squid 6.0.3 release notes
Squid Developers
@@ -59,7 +59,7 @@
-The Squid Team are pleased to announce the release of Squid-6.0.2 for testing.
+The Squid Team are pleased to announce the release of Squid-6.0.3 for testing.
This new release is available for download from
http://www.squid-cache.org/Versions/v6/ or the
mirrors.
@@ -329,6 +329,8 @@
made for this request.
Squid now adds ABORTED to values printed by the Ss code in more
cases where a TCP Squid-to-server connection was closed prematurely.
+Squid now logs TCP_TUNNEL with the Ss code when a CONNECT tunnel
+is attempted, not just on successful tunnel setup.
server_cert_fingerprint
Removed the broken -sha option. SHA1 remains the default and
diff -u -r -N squid-6.0.2/include/version.h squid-6.0.3/include/version.h
--- squid-6.0.2/include/version.h 2023-05-01 10:00:10.000000000 +1200
+++ squid-6.0.3/include/version.h 2023-06-07 06:49:22.000000000 +1200
@@ -10,7 +10,7 @@
#define SQUID_VERSION_H
#ifndef SQUID_RELEASE_TIME
-#define SQUID_RELEASE_TIME 1682891994
+#define SQUID_RELEASE_TIME 1686077352
#endif
/*
diff -u -r -N squid-6.0.2/lib/radix.c squid-6.0.3/lib/radix.c
--- squid-6.0.2/lib/radix.c 2023-05-01 09:33:35.000000000 +1200
+++ squid-6.0.3/lib/radix.c 2023-06-07 06:34:33.000000000 +1200
@@ -98,7 +98,6 @@
#define rm_leaf rm_rmu.rmu_leaf /* extra field would make 32 bytes */
/* Helper macros */
-#define squid_Bcmp(a, b, l) (l == 0 ? 0 : memcmp((caddr_t)(a), (caddr_t)(b), (u_long)l))
#define squid_R_Malloc(p, t, n) (p = (t) xmalloc((unsigned int)(n)))
#define squid_Free(p) xfree((char *)p)
#define squid_MKGet(m) {\
@@ -151,7 +150,7 @@
struct squid_radix_node *
squid_rn_search(void *v_arg, struct squid_radix_node *head) {
register struct squid_radix_node *x;
- register caddr_t v;
+ register char *v;
for (x = head, v = v_arg; x->rn_b >= 0;) {
if (x->rn_bmask & v[x->rn_off])
@@ -165,7 +164,7 @@
struct squid_radix_node *
squid_rn_search_m(void *v_arg, struct squid_radix_node *head, void *m_arg) {
register struct squid_radix_node *x;
- register caddr_t v = v_arg, m = m_arg;
+ register char *v = v_arg, *m = m_arg;
for (x = head; x->rn_b >= 0;) {
if ((x->rn_bmask & m[x->rn_off]) &&
@@ -180,8 +179,8 @@
int
squid_rn_refines(void *m_arg, void *n_arg)
{
- register caddr_t m = m_arg, n = n_arg;
- register caddr_t lim, lim2 = lim = n + *(u_char *) n;
+ register char *m = m_arg, *n = n_arg;
+ register char *lim, *lim2 = lim = n + *(u_char *) n;
int longer = (*(u_char *) n++) - (int) (*(u_char *) m++);
int masks_are_equal = 1;
@@ -206,7 +205,7 @@
struct squid_radix_node *
squid_rn_lookup(void *v_arg, void *m_arg, struct squid_radix_node_head *head) {
register struct squid_radix_node *x;
- caddr_t netmask = 0;
+ char *netmask = NULL;
if (m_arg) {
if ((x = squid_rn_addmask(m_arg, 1, head->rnh_treetop->rn_off)) == 0)
@@ -243,10 +242,10 @@
struct squid_radix_node *
squid_rn_match(void *v_arg, struct squid_radix_node_head *head) {
- caddr_t v = v_arg;
+ char *v = v_arg;
register struct squid_radix_node *t = head->rnh_treetop, *x;
- register caddr_t cp = v, cp2;
- caddr_t cplim;
+ register char *cp = v, *cp2;
+ char *cplim;
struct squid_radix_node *saved_t, *top = t;
int off = t->rn_off, vlen = *(u_char *) cp, matched_off;
register int test, b, rn_b;
@@ -348,7 +347,7 @@
t->rn_l = tt;
t->rn_off = b >> 3;
tt->rn_b = -1;
- tt->rn_key = (caddr_t) v;
+ tt->rn_key = (char *) v;
tt->rn_p = t;
tt->rn_flags = t->rn_flags = RNF_ACTIVE;
return t;
@@ -356,20 +355,20 @@
struct squid_radix_node *
squid_rn_insert(void *v_arg, struct squid_radix_node_head *head, int *dupentry, struct squid_radix_node nodes[2]) {
- caddr_t v = v_arg;
+ char *v = v_arg;
struct squid_radix_node *top = head->rnh_treetop;
int head_off = top->rn_off, vlen = (int) *((u_char *) v);
register struct squid_radix_node *t = squid_rn_search(v_arg, top);
- register caddr_t cp = v + head_off;
+ register char *cp = v + head_off;
register int b;
struct squid_radix_node *tt;
/*
* Find first bit at which v and t->rn_key differ
*/
{
- register caddr_t cp2 = t->rn_key + head_off;
+ register char *cp2 = t->rn_key + head_off;
register int cmp_res;
- caddr_t cplim = v + vlen;
+ char *cplim = v + vlen;
while (cp < cplim)
if (*cp2++ != *cp++)
@@ -412,9 +411,9 @@
struct squid_radix_node *
squid_rn_addmask(void *n_arg, int search, int skip) {
- caddr_t netmask = (caddr_t) n_arg;
+ char *netmask = (char *) n_arg;
register struct squid_radix_node *x;
- register caddr_t cp, cplim;
+ register char *cp, *cplim;
register int b = 0, mlen, j;
int maskduplicated, m0, isnormal;
struct squid_radix_node *saved_x;
@@ -453,7 +452,7 @@
if ((saved_x = x) == 0)
return (0);
memset(x, '\0', squid_max_keylen + 2 * sizeof(*x));
- netmask = cp = (caddr_t) (x + 2);
+ netmask = cp = (char *) (x + 2);
memcpy(cp, addmask_key, mlen);
x = squid_rn_insert(cp, squid_mask_rnhead, &maskduplicated, x);
if (maskduplicated) {
@@ -518,12 +517,12 @@
struct squid_radix_node *
squid_rn_addroute(void *v_arg, void *n_arg, struct squid_radix_node_head *head, struct squid_radix_node treenodes[2]) {
- caddr_t v = (caddr_t) v_arg, netmask = (caddr_t) n_arg;
+ char *v = (char *) v_arg, *netmask = (char *) n_arg;
register struct squid_radix_node *t, *x = NULL, *tt;
struct squid_radix_node *saved_tt, *top = head->rnh_treetop;
short b = 0, b_leaf = 0;
int keyduplicated;
- caddr_t mmask;
+ char *mmask;
struct squid_radix_mask *m, **mp;
/*
@@ -583,7 +582,7 @@
tt->rn_dupedkey = t->rn_dupedkey;
t->rn_dupedkey = tt;
}
- tt->rn_key = (caddr_t) v;
+ tt->rn_key = (char *) v;
tt->rn_b = -1;
tt->rn_flags = RNF_ACTIVE;
}
@@ -666,7 +665,7 @@
register struct squid_radix_node *t, *p, *x, *tt;
struct squid_radix_mask *m, *saved_m, **mp;
struct squid_radix_node *dupedkey, *saved_tt, *top;
- caddr_t v, netmask;
+ char *v, *netmask;
int b, head_off, vlen;
v = v_arg;
diff -u -r -N squid-6.0.2/RELEASENOTES.html squid-6.0.3/RELEASENOTES.html
--- squid-6.0.2/RELEASENOTES.html 2023-05-01 10:06:58.000000000 +1200
+++ squid-6.0.3/RELEASENOTES.html 2023-06-07 06:53:17.000000000 +1200
@@ -3,10 +3,10 @@
- Squid 6.0.2 release notes
+ Squid 6.0.3 release notes
-Squid 6.0.2 release notes
+Squid 6.0.3 release notes
Squid Developers
@@ -59,7 +59,7 @@
-The Squid Team are pleased to announce the release of Squid-6.0.2 for testing.
+The Squid Team are pleased to announce the release of Squid-6.0.3 for testing.
This new release is available for download from
http://www.squid-cache.org/Versions/v6/ or the
mirrors.
@@ -329,6 +329,8 @@
made for this request.
Squid now adds ABORTED to values printed by the Ss code in more
cases where a TCP Squid-to-server connection was closed prematurely.
+Squid now logs TCP_TUNNEL with the Ss code when a CONNECT tunnel
+is attempted, not just on successful tunnel setup.
server_cert_fingerprint
Removed the broken -sha option. SHA1 remains the default and
diff -u -r -N squid-6.0.2/SPONSORS squid-6.0.3/SPONSORS
--- squid-6.0.2/SPONSORS 2023-05-01 10:00:10.000000000 +1200
+++ squid-6.0.3/SPONSORS 2023-06-07 06:49:22.000000000 +1200
@@ -13,7 +13,7 @@
DigitalOcean has donated droplets from their cloud infrastructure
to host most of Squid Project's continuous integration farm.
-SpinUp - https://SpinUp.com
+SpinUp
SpinUp has donated cloud resources to host our main website, wiki
and mailing lists.
diff -u -r -N squid-6.0.2/src/acl/external/delayer/ext_delayer_acl.8 squid-6.0.3/src/acl/external/delayer/ext_delayer_acl.8
--- squid-6.0.2/src/acl/external/delayer/ext_delayer_acl.8 2023-05-01 10:07:03.000000000 +1200
+++ squid-6.0.3/src/acl/external/delayer/ext_delayer_acl.8 2023-06-07 06:53:22.000000000 +1200
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EXT_DELAYER_ACL 8"
-.TH EXT_DELAYER_ACL 8 "2023-04-30" "perl v5.36.0" "User Contributed Perl Documentation"
+.TH EXT_DELAYER_ACL 8 "2023-06-06" "perl v5.36.0" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-6.0.2/src/acl/external/kerberos_sid_group/ext_kerberos_sid_group_acl.8 squid-6.0.3/src/acl/external/kerberos_sid_group/ext_kerberos_sid_group_acl.8
--- squid-6.0.2/src/acl/external/kerberos_sid_group/ext_kerberos_sid_group_acl.8 2023-05-01 10:07:03.000000000 +1200
+++ squid-6.0.3/src/acl/external/kerberos_sid_group/ext_kerberos_sid_group_acl.8 2023-06-07 06:53:22.000000000 +1200
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EXT_KERBEROS_SID_GROUP_ACL 8"
-.TH EXT_KERBEROS_SID_GROUP_ACL 8 "2023-04-30" "perl v5.36.0" "User Contributed Perl Documentation"
+.TH EXT_KERBEROS_SID_GROUP_ACL 8 "2023-06-06" "perl v5.36.0" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-6.0.2/src/acl/external/SQL_session/ext_sql_session_acl.8 squid-6.0.3/src/acl/external/SQL_session/ext_sql_session_acl.8
--- squid-6.0.2/src/acl/external/SQL_session/ext_sql_session_acl.8 2023-05-01 10:07:03.000000000 +1200
+++ squid-6.0.3/src/acl/external/SQL_session/ext_sql_session_acl.8 2023-06-07 06:53:22.000000000 +1200
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EXT_SQL_SESSION_ACL 8"
-.TH EXT_SQL_SESSION_ACL 8 "2023-04-30" "perl v5.36.0" "User Contributed Perl Documentation"
+.TH EXT_SQL_SESSION_ACL 8 "2023-06-06" "perl v5.36.0" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-6.0.2/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 squid-6.0.3/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8
--- squid-6.0.2/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 2023-05-01 10:07:04.000000000 +1200
+++ squid-6.0.3/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 2023-06-07 06:53:22.000000000 +1200
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EXT_WBINFO_GROUP_ACL 8"
-.TH EXT_WBINFO_GROUP_ACL 8 "2023-04-30" "perl v5.36.0" "User Contributed Perl Documentation"
+.TH EXT_WBINFO_GROUP_ACL 8 "2023-06-06" "perl v5.36.0" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-6.0.2/src/acl/FilledChecklist.cc squid-6.0.3/src/acl/FilledChecklist.cc
--- squid-6.0.2/src/acl/FilledChecklist.cc 2023-05-01 09:33:35.000000000 +1200
+++ squid-6.0.3/src/acl/FilledChecklist.cc 2023-06-07 06:34:33.000000000 +1200
@@ -34,9 +34,6 @@
#if SQUID_SNMP
snmp_community(nullptr),
#endif
-#if USE_OPENSSL
- sslErrors(nullptr),
-#endif
requestErrorType(ERR_MAX),
conn_(nullptr),
fd_(-1),
@@ -61,10 +58,6 @@
cbdataReferenceDone(conn_);
-#if USE_OPENSSL
- cbdataReferenceDone(sslErrors);
-#endif
-
debugs(28, 4, "ACLFilledChecklist destroyed " << this);
}
@@ -228,9 +221,6 @@
#if SQUID_SNMP
snmp_community(nullptr),
#endif
-#if USE_OPENSSL
- sslErrors(nullptr),
-#endif
requestErrorType(ERR_MAX),
conn_(nullptr),
fd_(-1),
diff -u -r -N squid-6.0.2/src/acl/FilledChecklist.h squid-6.0.3/src/acl/FilledChecklist.h
--- squid-6.0.2/src/acl/FilledChecklist.h 2023-05-01 09:33:35.000000000 +1200
+++ squid-6.0.3/src/acl/FilledChecklist.h 2023-06-07 06:34:33.000000000 +1200
@@ -87,11 +87,12 @@
char *snmp_community;
#endif
+ // TODO: RefCount errors; do not ignore them because their "owner" is gone!
/// TLS server [certificate validation] errors, in undefined order.
/// The errors are accumulated as Squid goes through validation steps
/// and server certificates. They are cleared on connection retries.
/// For sslproxy_cert_error checks, contains just the current/last error.
- const Security::CertErrors *sslErrors;
+ CbcPointer sslErrors;
/// Peer certificate being checked by ssl_verify_cb() and by
/// Security::PeerConnector class. In other contexts, the peer
diff -u -r -N squid-6.0.2/src/acl/SslError.cc squid-6.0.3/src/acl/SslError.cc
--- squid-6.0.2/src/acl/SslError.cc 2023-05-01 09:33:35.000000000 +1200
+++ squid-6.0.3/src/acl/SslError.cc 2023-06-07 06:34:33.000000000 +1200
@@ -14,6 +14,6 @@
int
ACLSslErrorStrategy::match (ACLData * &data, ACLFilledChecklist *checklist)
{
- return data->match (checklist->sslErrors);
+ return data->match(checklist->sslErrors.get());
}
diff -u -r -N squid-6.0.2/src/auth/basic/DB/basic_db_auth.8 squid-6.0.3/src/auth/basic/DB/basic_db_auth.8
--- squid-6.0.2/src/auth/basic/DB/basic_db_auth.8 2023-05-01 10:07:05.000000000 +1200
+++ squid-6.0.3/src/auth/basic/DB/basic_db_auth.8 2023-06-07 06:53:23.000000000 +1200
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BASIC_DB_AUTH 8"
-.TH BASIC_DB_AUTH 8 "2023-04-30" "perl v5.36.0" "User Contributed Perl Documentation"
+.TH BASIC_DB_AUTH 8 "2023-06-06" "perl v5.36.0" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-6.0.2/src/auth/basic/POP3/basic_pop3_auth.8 squid-6.0.3/src/auth/basic/POP3/basic_pop3_auth.8
--- squid-6.0.2/src/auth/basic/POP3/basic_pop3_auth.8 2023-05-01 10:07:05.000000000 +1200
+++ squid-6.0.3/src/auth/basic/POP3/basic_pop3_auth.8 2023-06-07 06:53:23.000000000 +1200
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BASIC_POP3_AUTH 8"
-.TH BASIC_POP3_AUTH 8 "2023-04-30" "perl v5.36.0" "User Contributed Perl Documentation"
+.TH BASIC_POP3_AUTH 8 "2023-06-06" "perl v5.36.0" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-6.0.2/src/client_side.cc squid-6.0.3/src/client_side.cc
--- squid-6.0.2/src/client_side.cc 2023-05-01 09:33:35.000000000 +1200
+++ squid-6.0.3/src/client_side.cc 2023-06-07 06:34:33.000000000 +1200
@@ -1524,11 +1524,10 @@
bool allowDomainMismatch = false;
if (Config.ssl_client.cert_error) {
ACLFilledChecklist check(Config.ssl_client.cert_error, nullptr);
- check.sslErrors = new Security::CertErrors(Security::CertError(SQUID_X509_V_ERR_DOMAIN_MISMATCH, srvCert));
+ const auto sslErrors = std::make_unique(Security::CertError(SQUID_X509_V_ERR_DOMAIN_MISMATCH, srvCert));
+ check.sslErrors = sslErrors.get();
clientAclChecklistFill(check, http);
allowDomainMismatch = check.fastCheck().allowed();
- delete check.sslErrors;
- check.sslErrors = nullptr;
}
if (!allowDomainMismatch) {
@@ -3583,7 +3582,7 @@
#if USE_OPENSSL
if (!checklist.sslErrors && sslServerBump)
- checklist.sslErrors = cbdataReference(sslServerBump->sslErrors());
+ checklist.sslErrors = sslServerBump->sslErrors();
#endif
if (!checklist.rfc931[0]) // checklist creator may have supplied it already
diff -u -r -N squid-6.0.2/src/debug/debug.cc squid-6.0.3/src/debug/debug.cc
--- squid-6.0.2/src/debug/debug.cc 2023-05-01 09:33:35.000000000 +1200
+++ squid-6.0.3/src/debug/debug.cc 2023-06-07 06:34:33.000000000 +1200
@@ -11,6 +11,7 @@
#include "squid.h"
#include "base/TextException.h"
#include "debug/Stream.h"
+#include "fatal.h"
#include "fd.h"
#include "ipc/Kids.h"
#include "time/gadgets.h"
@@ -1226,10 +1227,11 @@
static time_t last_t = 0;
if (Debug::Level() > 1) {
+ last_t = t.tv_sec;
// 4 bytes smaller than buf to ensure .NNN catenation by snprintf()
// is safe and works even if strftime() fills its buffer.
char buf2[sizeof(buf)-4];
- const auto tm = localtime(&t.tv_sec);
+ const auto tm = localtime(&last_t);
strftime(buf2, sizeof(buf2), "%Y/%m/%d %H:%M:%S", tm);
buf2[sizeof(buf2)-1] = '\0';
const auto sz = snprintf(buf, sizeof(buf), "%s.%03d", buf2, static_cast(t.tv_usec / 1000));
@@ -1237,10 +1239,10 @@
// force buf reset for subsequent level-0/1 messages that should have no milliseconds
last_t = 0;
} else if (t.tv_sec != last_t) {
- const auto tm = localtime(&t.tv_sec);
+ last_t = t.tv_sec;
+ const auto tm = localtime(&last_t);
const int sz = strftime(buf, sizeof(buf), "%Y/%m/%d %H:%M:%S", tm);
assert(0 < sz && sz <= static_cast(sizeof(buf)));
- last_t = t.tv_sec;
}
buf[sizeof(buf)-1] = '\0';
diff -u -r -N squid-6.0.2/src/http/url_rewriters/LFS/url_lfs_rewrite.8 squid-6.0.3/src/http/url_rewriters/LFS/url_lfs_rewrite.8
--- squid-6.0.2/src/http/url_rewriters/LFS/url_lfs_rewrite.8 2023-05-01 10:07:06.000000000 +1200
+++ squid-6.0.3/src/http/url_rewriters/LFS/url_lfs_rewrite.8 2023-06-07 06:53:25.000000000 +1200
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "URL_LFS_REWRITE 8"
-.TH URL_LFS_REWRITE 8 "2023-04-30" "perl v5.36.0" "User Contributed Perl Documentation"
+.TH URL_LFS_REWRITE 8 "2023-06-06" "perl v5.36.0" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-6.0.2/src/ipc/ReadWriteLock.cc squid-6.0.3/src/ipc/ReadWriteLock.cc
--- squid-6.0.2/src/ipc/ReadWriteLock.cc 2023-05-01 09:33:35.000000000 +1200
+++ squid-6.0.3/src/ipc/ReadWriteLock.cc 2023-06-07 06:34:33.000000000 +1200
@@ -127,6 +127,23 @@
appending = true;
}
+bool
+Ipc::ReadWriteLock::stopAppendingAndRestoreExclusive()
+{
+ assert(writing);
+ assert(appending);
+
+ appending = false;
+
+ // Checking `readers` here would mishandle a lockShared() call that started
+ // before we banned appending above, saw still true `appending`, got on a
+ // "success" code path, but had not incremented the `readers` counter yet.
+ // Checking `readLevel` mishandles lockShared() that saw false `appending`,
+ // got on a "failure" code path, but had not decremented `readLevel` yet.
+ // Our callers prefer the wrong "false" to the wrong "true" result.
+ return !readLevel;
+}
+
void
Ipc::ReadWriteLock::updateStats(ReadWriteLockStats &stats) const
{
diff -u -r -N squid-6.0.2/src/ipc/ReadWriteLock.h squid-6.0.3/src/ipc/ReadWriteLock.h
--- squid-6.0.2/src/ipc/ReadWriteLock.h 2023-05-01 09:33:35.000000000 +1200
+++ squid-6.0.3/src/ipc/ReadWriteLock.h 2023-06-07 06:34:33.000000000 +1200
@@ -42,6 +42,11 @@
void startAppending(); ///< writer keeps its lock but also allows reading
+ /// writer keeps its lock and disallows future readers
+ /// \returns whether access became exclusive (i.e. no readers)
+ /// \prec appending is true
+ bool stopAppendingAndRestoreExclusive();
+
/// adds approximate current stats to the supplied ones
void updateStats(ReadWriteLockStats &stats) const;
diff -u -r -N squid-6.0.2/src/ipc/StoreMap.cc squid-6.0.3/src/ipc/StoreMap.cc
--- squid-6.0.2/src/ipc/StoreMap.cc 2023-05-01 09:33:35.000000000 +1200
+++ squid-6.0.3/src/ipc/StoreMap.cc 2023-06-07 06:34:33.000000000 +1200
@@ -253,15 +253,14 @@
debugs(54, 5, "aborting entry " << fileno << " for writing " << path);
Anchor &s = anchorAt(fileno);
assert(s.writing());
- s.lock.appending = false; // locks out any new readers
- if (!s.lock.readers) {
+ if (!s.lock.appending || s.lock.stopAppendingAndRestoreExclusive()) {
freeChain(fileno, s, false);
- debugs(54, 5, "closed clean entry " << fileno << " for writing " << path);
+ debugs(54, 5, "closed idle entry " << fileno << " for writing " << path);
} else {
s.waitingToBeFreed = true;
s.writerHalted = true;
s.lock.unlockExclusive();
- debugs(54, 5, "closed dirty entry " << fileno << " for writing " << path);
+ debugs(54, 5, "closed busy entry " << fileno << " for writing " << path);
}
}
diff -u -r -N squid-6.0.2/src/log/DB/log_db_daemon.8 squid-6.0.3/src/log/DB/log_db_daemon.8
--- squid-6.0.2/src/log/DB/log_db_daemon.8 2023-05-01 10:07:06.000000000 +1200
+++ squid-6.0.3/src/log/DB/log_db_daemon.8 2023-06-07 06:53:25.000000000 +1200
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "LOG_DB_DAEMON 8"
-.TH LOG_DB_DAEMON 8 "2023-04-30" "perl v5.36.0" "User Contributed Perl Documentation"
+.TH LOG_DB_DAEMON 8 "2023-06-06" "perl v5.36.0" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-6.0.2/src/LogTags.h squid-6.0.3/src/LogTags.h
--- squid-6.0.2/src/LogTags.h 2023-05-01 09:33:35.000000000 +1200
+++ squid-6.0.3/src/LogTags.h 2023-06-07 06:34:33.000000000 +1200
@@ -53,7 +53,7 @@
LOG_TCP_DENIED_REPLY,
LOG_TCP_OFFLINE_HIT,
LOG_TCP_REDIRECT,
- LOG_TCP_TUNNEL, // a binary tunnel was established for this transaction
+ LOG_TCP_TUNNEL, ///< an attempt to establish a bidirectional TCP tunnel
LOG_UDP_HIT,
LOG_UDP_MISS,
LOG_UDP_DENIED,
diff -u -r -N squid-6.0.2/src/security/cert_validators/fake/security_fake_certverify.8 squid-6.0.3/src/security/cert_validators/fake/security_fake_certverify.8
--- squid-6.0.2/src/security/cert_validators/fake/security_fake_certverify.8 2023-05-01 10:07:07.000000000 +1200
+++ squid-6.0.3/src/security/cert_validators/fake/security_fake_certverify.8 2023-06-07 06:53:26.000000000 +1200
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SECURITY_FAKE_CERTVERIFY 8"
-.TH SECURITY_FAKE_CERTVERIFY 8 "2023-04-30" "perl v5.36.0" "User Contributed Perl Documentation"
+.TH SECURITY_FAKE_CERTVERIFY 8 "2023-06-06" "perl v5.36.0" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-6.0.2/src/security/PeerConnector.cc squid-6.0.3/src/security/PeerConnector.cc
--- squid-6.0.2/src/security/PeerConnector.cc 2023-05-01 09:33:35.000000000 +1200
+++ squid-6.0.3/src/security/PeerConnector.cc 2023-06-07 06:34:33.000000000 +1200
@@ -402,9 +402,11 @@
if (!errDetails) {
bool allowed = false;
if (check) {
- check->sslErrors = new Security::CertErrors(Security::CertError(i->error_no, i->cert, i->error_depth));
+ const auto sslErrors = std::make_unique(Security::CertError(i->error_no, i->cert, i->error_depth));
+ check->sslErrors = sslErrors.get();
if (check->fastCheck().allowed())
allowed = true;
+ check->sslErrors.clear();
}
// else the Config.ssl_client.cert_error access list is not defined
// and the first error will cause the error page
@@ -418,10 +420,6 @@
const char *aReason = i->error_reason.empty() ? nullptr : i->error_reason.c_str();
errDetails = new ErrorDetail(i->error_no, peerCert, brokenCert, aReason);
}
- if (check) {
- delete check->sslErrors;
- check->sslErrors = nullptr;
- }
}
if (!errs)
diff -u -r -N squid-6.0.2/src/ssl/ServerBump.cc squid-6.0.3/src/ssl/ServerBump.cc
--- squid-6.0.2/src/ssl/ServerBump.cc 2023-05-01 09:33:35.000000000 +1200
+++ squid-6.0.3/src/ssl/ServerBump.cc 2023-06-07 06:34:33.000000000 +1200
@@ -62,13 +62,12 @@
serverSession = s;
}
-const Security::CertErrors *
+Security::CertErrors *
Ssl::ServerBump::sslErrors() const
{
if (!serverSession)
return nullptr;
- const Security::CertErrors *errs = static_cast(SSL_get_ex_data(serverSession.get(), ssl_ex_index_ssl_errors));
- return errs;
+ return static_cast(SSL_get_ex_data(serverSession.get(), ssl_ex_index_ssl_errors));
}
diff -u -r -N squid-6.0.2/src/ssl/ServerBump.h squid-6.0.3/src/ssl/ServerBump.h
--- squid-6.0.2/src/ssl/ServerBump.h 2023-05-01 09:33:35.000000000 +1200
+++ squid-6.0.3/src/ssl/ServerBump.h 2023-06-07 06:34:33.000000000 +1200
@@ -38,7 +38,7 @@
explicit ServerBump(ClientHttpRequest *http, StoreEntry *e = nullptr, Ssl::BumpMode mode = Ssl::bumpServerFirst);
~ServerBump();
void attachServerSession(const Security::SessionPointer &); ///< Sets the server TLS session object
- const Security::CertErrors *sslErrors() const; ///< SSL [certificate validation] errors
+ Security::CertErrors *sslErrors() const; ///< SSL [certificate validation] errors
/// whether there was a successful connection to (and peeking at) the origin server
bool connectedOk() const {return entry && entry->isEmpty();}
diff -u -r -N squid-6.0.2/src/ssl/support.cc squid-6.0.3/src/ssl/support.cc
--- squid-6.0.2/src/ssl/support.cc 2023-05-01 09:33:35.000000000 +1200
+++ squid-6.0.3/src/ssl/support.cc 2023-06-07 06:34:33.000000000 +1200
@@ -351,7 +351,8 @@
if (check) {
ACLFilledChecklist *filledCheck = Filled(check);
const auto savedErrors = filledCheck->sslErrors;
- filledCheck->sslErrors = new Security::CertErrors(Security::CertError(error_no, broken_cert));
+ const auto sslErrors = std::make_unique(Security::CertError(error_no, broken_cert));
+ filledCheck->sslErrors = sslErrors.get();
filledCheck->serverCert = peer_cert;
if (check->fastCheck().allowed()) {
debugs(83, 3, "bypassing SSL error " << error_no << " in " << *peer_cert);
@@ -359,7 +360,6 @@
} else {
debugs(83, 5, "confirming SSL error " << error_no);
}
- delete filledCheck->sslErrors;
filledCheck->sslErrors = savedErrors;
filledCheck->serverCert.reset();
}
diff -u -r -N squid-6.0.2/src/store/id_rewriters/file/storeid_file_rewrite.8 squid-6.0.3/src/store/id_rewriters/file/storeid_file_rewrite.8
--- squid-6.0.2/src/store/id_rewriters/file/storeid_file_rewrite.8 2023-05-01 10:07:04.000000000 +1200
+++ squid-6.0.3/src/store/id_rewriters/file/storeid_file_rewrite.8 2023-06-07 06:53:23.000000000 +1200
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "STOREID_FILE_REWRITE 8"
-.TH STOREID_FILE_REWRITE 8 "2023-04-30" "perl v5.36.0" "User Contributed Perl Documentation"
+.TH STOREID_FILE_REWRITE 8 "2023-06-06" "perl v5.36.0" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-6.0.2/src/tunnel.cc squid-6.0.3/src/tunnel.cc
--- squid-6.0.2/src/tunnel.cc 2023-05-01 09:33:35.000000000 +1200
+++ squid-6.0.3/src/tunnel.cc 2023-06-07 06:34:33.000000000 +1200
@@ -370,6 +370,8 @@
al = clientRequest->al;
http = clientRequest;
+ al->cache.code.update(LOG_TCP_TUNNEL);
+
client.initConnection(clientRequest->getConn()->clientConnection, tunnelClientClosed, "tunnelClientClosed", this);
AsyncCall::Pointer timeoutCall = commCbCall(5, 4, "tunnelTimeout",
@@ -927,7 +929,6 @@
commSetConnTimeout(tunnelState->server.conn, Config.Timeout.read, timeoutCall);
*tunnelState->status_ptr = Http::scOkay;
- tunnelState->al->cache.code.update(LOG_TCP_TUNNEL);
if (cbdataReferenceValid(tunnelState)) {
// Shovel any payload already pushed into reply buffer by the server response
@@ -980,8 +981,6 @@
peerWait.finish();
server.len = 0;
- al->cache.code.update(LOG_TCP_TUNNEL);
-
// XXX: al->http.code (i.e. *status_ptr) should not be (re)set
// until we actually start responding to the client. Right here/now, we only
// know how this cache_peer has responded to us.
@@ -1164,6 +1163,7 @@
ch.syncAle(request, http->log_uri);
if (ch.fastCheck().denied()) {
debugs(26, 4, "MISS access forbidden.");
+ http->updateLoggingTags(LOG_TCP_TUNNEL);
err = new ErrorState(ERR_FORWARDING_DENIED, Http::scForbidden, request, http->al);
http->al->http.code = Http::scForbidden;
errorSend(http->getConn()->clientConnection, err);
diff -u -r -N squid-6.0.2/tools/helper-mux/helper-mux.8 squid-6.0.3/tools/helper-mux/helper-mux.8
--- squid-6.0.2/tools/helper-mux/helper-mux.8 2023-05-01 10:07:07.000000000 +1200
+++ squid-6.0.3/tools/helper-mux/helper-mux.8 2023-06-07 06:53:26.000000000 +1200
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "HELPER-MUX 8"
-.TH HELPER-MUX 8 "2023-04-30" "perl v5.36.0" "User Contributed Perl Documentation"
+.TH HELPER-MUX 8 "2023-06-06" "perl v5.36.0" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-6.0.2/tools/purge/copyout.cc squid-6.0.3/tools/purge/copyout.cc
--- squid-6.0.2/tools/purge/copyout.cc 2023-05-01 09:33:35.000000000 +1200
+++ squid-6.0.3/tools/purge/copyout.cc 2023-06-07 06:34:33.000000000 +1200
@@ -252,17 +252,15 @@
}
// create source mmap to copy from (mmap complete file)
- caddr_t src = (caddr_t) mmap( nullptr, filesize, PROT_READ,
- MAP_FILE | MAP_SHARED, input, 0 );
- if ( src == (caddr_t) -1 ) {
+ const auto src = static_cast(mmap(nullptr, filesize, PROT_READ, MAP_FILE | MAP_SHARED, input, 0));
+ if (src == reinterpret_cast(-1)) {
perror( "mmap input" );
BAUTZ(false);
}
// create destination mmap to copy into (mmap data portion)
- caddr_t dst = (caddr_t) mmap( nullptr, filesize-metasize, PROT_READ | PROT_WRITE,
- MAP_FILE | MAP_SHARED, out, 0 );
- if ( dst == (caddr_t) -1 ) {
+ auto dst = static_cast(mmap(nullptr, filesize-metasize, PROT_READ | PROT_WRITE, MAP_FILE | MAP_SHARED, out, 0));
+ if (dst == reinterpret_cast(-1)) {
perror( "mmap output" );
munmap( src, filesize );
BAUTZ(false);