diff -u -r -N squid-4.0.24/acinclude/os-deps.m4 squid-4.0.25/acinclude/os-deps.m4 --- squid-4.0.24/acinclude/os-deps.m4 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/acinclude/os-deps.m4 2018-06-12 04:30:57.000000000 +1200 @@ -912,4 +912,41 @@ #define IPFILTER_VERSION 5000004 #endif ]) + +## Solaris 10+ backported IPv6 NAT to their IPFilter v4.1 instead of using v5 + AC_CHECK_MEMBERS([ + struct natlookup.nl_inipaddr.in6, + struct natlookup.nl_realipaddr.in6 + ],,,[ +#if USE_SOLARIS_IPFILTER_MINOR_T_HACK +#define minor_t fubar +#endif +#if HAVE_SYS_TYPES_H +#include +#endif +#if HAVE_SYS_TIME_H +#include +#endif +#if HAVE_NETINET_IN_H +#include +#endif +#if HAVE_SYS_IOCCOM_H +#include +#endif +#if USE_SOLARIS_IPFILTER_MINOR_T_HACK +#undef minor_t +#endif +#if HAVE_IP_COMPAT_H +#include +#elif HAVE_NETINET_IP_COMPAT_H +#include +#endif +#if HAVE_IP_FIL_H +#include +#elif HAVE_NETINET_IP_FIL_H +#include +#endif +#include + ]) + ]) diff -u -r -N squid-4.0.24/acinclude/squid-util.m4 squid-4.0.25/acinclude/squid-util.m4 --- squid-4.0.24/acinclude/squid-util.m4 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/acinclude/squid-util.m4 2018-06-12 04:30:57.000000000 +1200 @@ -82,7 +82,7 @@ ]) dnl remove duplicates out of a list. -dnl dnl argument is the name of a variable to be checked and cleaned up +dnl argument is the name of a variable to be checked and cleaned up AC_DEFUN([SQUID_CLEANUP_MODULES_LIST],[ squid_cleanup_tmp_outlist="" for squid_cleanup_tmp in $$1 diff -u -r -N squid-4.0.24/cfgaux/ltmain.sh squid-4.0.25/cfgaux/ltmain.sh --- squid-4.0.24/cfgaux/ltmain.sh 2018-03-08 02:24:38.000000000 +1300 +++ squid-4.0.25/cfgaux/ltmain.sh 2018-06-12 04:47:56.000000000 +1200 @@ -31,7 +31,7 @@ PROGRAM=libtool PACKAGE=libtool -VERSION="2.4.6 Debian-2.4.6-2" +VERSION="2.4.6 Debian-2.4.6-2.1" package_revision=2.4.6 @@ -64,7 +64,7 @@ # libraries, which are installed to $pkgauxdir. # Set a version string for this script. -scriptversion=2015-01-20.17; # UTC +scriptversion=2015-10-12.13; # UTC # General shell script boiler plate, and helper functions. # Written by Gary V. Vaughan, 2004 @@ -580,16 +580,16 @@ { $debug_cmd - func_quote_for_eval "$2" - eval "$1+=\\ \$func_quote_for_eval_result" + func_quote_arg pretty "$2" + eval "$1+=\\ \$func_quote_arg_result" }' else func_append_quoted () { $debug_cmd - func_quote_for_eval "$2" - eval "$1=\$$1\\ \$func_quote_for_eval_result" + func_quote_arg pretty "$2" + eval "$1=\$$1\\ \$func_quote_arg_result" } fi @@ -1091,85 +1091,181 @@ } -# func_quote_for_eval ARG... -# -------------------------- -# Aesthetically quote ARGs to be evaled later. -# This function returns two values: -# i) func_quote_for_eval_result -# double-quoted, suitable for a subsequent eval -# ii) func_quote_for_eval_unquoted_result -# has all characters that are still active within double -# quotes backslashified. -func_quote_for_eval () +# func_quote_portable EVAL ARG +# ---------------------------- +# Internal function to portably implement func_quote_arg. Note that we still +# keep attention to performance here so we as much as possible try to avoid +# calling sed binary (so far O(N) complexity as long as func_append is O(1)). +func_quote_portable () { $debug_cmd - func_quote_for_eval_unquoted_result= - func_quote_for_eval_result= - while test 0 -lt $#; do - case $1 in - *[\\\`\"\$]*) - _G_unquoted_arg=`printf '%s\n' "$1" |$SED "$sed_quote_subst"` ;; - *) - _G_unquoted_arg=$1 ;; - esac - if test -n "$func_quote_for_eval_unquoted_result"; then - func_append func_quote_for_eval_unquoted_result " $_G_unquoted_arg" - else - func_append func_quote_for_eval_unquoted_result "$_G_unquoted_arg" + func_quote_portable_result=$2 + + # one-time-loop (easy break) + while true + do + if $1; then + func_quote_portable_result=`$ECHO "$2" | $SED \ + -e "$sed_double_quote_subst" -e "$sed_double_backslash"` + break fi - case $_G_unquoted_arg in - # Double-quote args containing shell metacharacters to delay - # word splitting, command substitution and variable expansion - # for a subsequent eval. - # Many Bourne shells cannot handle close brackets correctly - # in scan sets, so we specify it separately. - *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - _G_quoted_arg=\"$_G_unquoted_arg\" + # Quote for eval. + case $func_quote_portable_result in + *[\\\`\"\$]*) + case $func_quote_portable_result in + *[\[\*\?]*) + func_quote_portable_result=`$ECHO "$func_quote_portable_result" | $SED "$sed_quote_subst"` + break + ;; + esac + + func_quote_portable_old_IFS=$IFS + for _G_char in '\' '`' '"' '$' + do + # STATE($1) PREV($2) SEPARATOR($3) + set start "" "" + func_quote_portable_result=dummy"$_G_char$func_quote_portable_result$_G_char"dummy + IFS=$_G_char + for _G_part in $func_quote_portable_result + do + case $1 in + quote) + func_append func_quote_portable_result "$3$2" + set quote "$_G_part" "\\$_G_char" + ;; + start) + set first "" "" + func_quote_portable_result= + ;; + first) + set quote "$_G_part" "" + ;; + esac + done + done + IFS=$func_quote_portable_old_IFS ;; - *) - _G_quoted_arg=$_G_unquoted_arg - ;; + *) ;; esac - - if test -n "$func_quote_for_eval_result"; then - func_append func_quote_for_eval_result " $_G_quoted_arg" - else - func_append func_quote_for_eval_result "$_G_quoted_arg" - fi - shift + break done + + func_quote_portable_unquoted_result=$func_quote_portable_result + case $func_quote_portable_result in + # double-quote args containing shell metacharacters to delay + # word splitting, command substitution and variable expansion + # for a subsequent eval. + # many bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + func_quote_portable_result=\"$func_quote_portable_result\" + ;; + esac } -# func_quote_for_expand ARG -# ------------------------- -# Aesthetically quote ARG to be evaled later; same as above, -# but do not quote variable references. -func_quote_for_expand () -{ - $debug_cmd +# func_quotefast_eval ARG +# ----------------------- +# Quote one ARG (internal). This is equivalent to 'func_quote_arg eval ARG', +# but optimized for speed. Result is stored in $func_quotefast_eval. +if test xyes = `(x=; printf -v x %q yes; echo x"$x") 2>/dev/null`; then + func_quotefast_eval () + { + printf -v func_quotefast_eval_result %q "$1" + } +else + func_quotefast_eval () + { + func_quote_portable false "$1" + func_quotefast_eval_result=$func_quote_portable_result + } +fi - case $1 in - *[\\\`\"]*) - _G_arg=`$ECHO "$1" | $SED \ - -e "$sed_double_quote_subst" -e "$sed_double_backslash"` ;; - *) - _G_arg=$1 ;; + +# func_quote_arg MODEs ARG +# ------------------------ +# Quote one ARG to be evaled later. MODEs argument may contain zero ore more +# specifiers listed below separated by ',' character. This function returns two +# values: +# i) func_quote_arg_result +# double-quoted (when needed), suitable for a subsequent eval +# ii) func_quote_arg_unquoted_result +# has all characters that are still active within double +# quotes backslashified. Available only if 'unquoted' is specified. +# +# Available modes: +# ---------------- +# 'eval' (default) +# - escape shell special characters +# 'expand' +# - the same as 'eval'; but do not quote variable references +# 'pretty' +# - request aesthetic output, i.e. '"a b"' instead of 'a\ b'. This might +# later used in func_quote to get output like: 'echo "a b"' instead of +# 'echo a\ b'. This is slower than default on some shells. +# 'unquoted' +# - produce also $func_quote_arg_unquoted_result which does not contain +# wrapping double-quotes. +# +# Examples for 'func_quote_arg pretty,unquoted string': +# +# string | *_result | *_unquoted_result +# ------------+-----------------------+------------------- +# " | \" | \" +# a b | "a b" | a b +# "a b" | "\"a b\"" | \"a b\" +# * | "*" | * +# z="${x-$y}" | "z=\"\${x-\$y}\"" | z=\"\${x-\$y}\" +# +# Examples for 'func_quote_arg pretty,unquoted,expand string': +# +# string | *_result | *_unquoted_result +# --------------+---------------------+-------------------- +# z="${x-$y}" | "z=\"${x-$y}\"" | z=\"${x-$y}\" +func_quote_arg () +{ + _G_quote_expand=false + case ,$1, in + *,expand,*) + _G_quote_expand=: + ;; esac - case $_G_arg in - # Double-quote args containing shell metacharacters to delay - # word splitting and command substitution for a subsequent eval. - # Many Bourne shells cannot handle close brackets correctly - # in scan sets, so we specify it separately. - *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - _G_arg=\"$_G_arg\" + case ,$1, in + *,pretty,*|*,expand,*|*,unquoted,*) + func_quote_portable $_G_quote_expand "$2" + func_quote_arg_result=$func_quote_portable_result + func_quote_arg_unquoted_result=$func_quote_portable_unquoted_result + ;; + *) + # Faster quote-for-eval for some shells. + func_quotefast_eval "$2" + func_quote_arg_result=$func_quotefast_eval_result ;; esac +} + - func_quote_for_expand_result=$_G_arg +# func_quote MODEs ARGs... +# ------------------------ +# Quote all ARGs to be evaled later and join them into single command. See +# func_quote_arg's description for more info. +func_quote () +{ + $debug_cmd + _G_func_quote_mode=$1 ; shift + func_quote_result= + while test 0 -lt $#; do + func_quote_arg "$_G_func_quote_mode" "$1" + if test -n "$func_quote_result"; then + func_append func_quote_result " $func_quote_arg_result" + else + func_append func_quote_result "$func_quote_arg_result" + fi + shift + done } @@ -1215,8 +1311,8 @@ _G_cmd=$1 _G_fail_exp=${2-':'} - func_quote_for_expand "$_G_cmd" - eval "func_notquiet $func_quote_for_expand_result" + func_quote_arg pretty,expand "$_G_cmd" + eval "func_notquiet $func_quote_arg_result" $opt_dry_run || { eval "$_G_cmd" @@ -1241,8 +1337,8 @@ _G_fail_exp=${2-':'} $opt_quiet || { - func_quote_for_expand "$_G_cmd" - eval "func_echo $func_quote_for_expand_result" + func_quote_arg expand,pretty "$_G_cmd" + eval "func_echo $func_quote_arg_result" } $opt_dry_run || { @@ -1370,7 +1466,7 @@ #! /bin/sh # Set a version string for this script. -scriptversion=2014-01-07.03; # UTC +scriptversion=2015-10-12.13; # UTC # A portable, pluggable option parser for Bourne shell. # Written by Gary V. Vaughan, 2010 @@ -1530,6 +1626,8 @@ { $debug_cmd + _G_rc_run_hooks=false + case " $hookable_fns " in *" $1 "*) ;; *) func_fatal_error "'$1' does not support hook funcions.n" ;; @@ -1538,16 +1636,16 @@ eval _G_hook_fns=\$$1_hooks; shift for _G_hook in $_G_hook_fns; do - eval $_G_hook '"$@"' - - # store returned options list back into positional - # parameters for next 'cmd' execution. - eval _G_hook_result=\$${_G_hook}_result - eval set dummy "$_G_hook_result"; shift + if eval $_G_hook '"$@"'; then + # store returned options list back into positional + # parameters for next 'cmd' execution. + eval _G_hook_result=\$${_G_hook}_result + eval set dummy "$_G_hook_result"; shift + _G_rc_run_hooks=: + fi done - func_quote_for_eval ${1+"$@"} - func_run_hooks_result=$func_quote_for_eval_result + $_G_rc_run_hooks && func_run_hooks_result=$_G_hook_result } @@ -1557,10 +1655,16 @@ ## --------------- ## # In order to add your own option parsing hooks, you must accept the -# full positional parameter list in your hook function, remove any -# options that you action, and then pass back the remaining unprocessed +# full positional parameter list in your hook function, you may remove/edit +# any options that you action, and then pass back the remaining unprocessed # options in '_result', escaped suitably for -# 'eval'. Like this: +# 'eval'. In this case you also must return $EXIT_SUCCESS to let the +# hook's caller know that it should pay attention to +# '_result'. Returning $EXIT_FAILURE signalizes that +# arguments are left untouched by the hook and therefore caller will ignore the +# result variable. +# +# Like this: # # my_options_prep () # { @@ -1570,9 +1674,11 @@ # usage_message=$usage_message' # -s, --silent don'\''t print informational messages # ' -# -# func_quote_for_eval ${1+"$@"} -# my_options_prep_result=$func_quote_for_eval_result +# # No change in '$@' (ignored completely by this hook). There is +# # no need to do the equivalent (but slower) action: +# # func_quote eval ${1+"$@"} +# # my_options_prep_result=$func_quote_result +# false # } # func_add_hook func_options_prep my_options_prep # @@ -1581,25 +1687,37 @@ # { # $debug_cmd # +# args_changed=false +# # # Note that for efficiency, we parse as many options as we can # # recognise in a loop before passing the remainder back to the # # caller on the first unrecognised argument we encounter. # while test $# -gt 0; do # opt=$1; shift # case $opt in -# --silent|-s) opt_silent=: ;; +# --silent|-s) opt_silent=: +# args_changed=: +# ;; # # Separate non-argument short options: # -s*) func_split_short_opt "$_G_opt" # set dummy "$func_split_short_opt_name" \ # "-$func_split_short_opt_arg" ${1+"$@"} # shift +# args_changed=: # ;; -# *) set dummy "$_G_opt" "$*"; shift; break ;; +# *) # Make sure the first unrecognised option "$_G_opt" +# # is added back to "$@", we could need that later +# # if $args_changed is true. +# set dummy "$_G_opt" ${1+"$@"}; shift; break ;; # esac # done # -# func_quote_for_eval ${1+"$@"} -# my_silent_option_result=$func_quote_for_eval_result +# if $args_changed; then +# func_quote eval ${1+"$@"} +# my_silent_option_result=$func_quote_result +# fi +# +# $args_changed # } # func_add_hook func_parse_options my_silent_option # @@ -1611,16 +1729,32 @@ # $opt_silent && $opt_verbose && func_fatal_help "\ # '--silent' and '--verbose' options are mutually exclusive." # -# func_quote_for_eval ${1+"$@"} -# my_option_validation_result=$func_quote_for_eval_result +# false # } # func_add_hook func_validate_options my_option_validation # -# You'll alse need to manually amend $usage_message to reflect the extra +# You'll also need to manually amend $usage_message to reflect the extra # options you parse. It's preferable to append if you can, so that # multiple option parsing hooks can be added safely. +# func_options_finish [ARG]... +# ---------------------------- +# Finishing the option parse loop (call 'func_options' hooks ATM). +func_options_finish () +{ + $debug_cmd + + _G_func_options_finish_exit=false + if func_run_hooks func_options ${1+"$@"}; then + func_options_finish_result=$func_run_hooks_result + _G_func_options_finish_exit=: + fi + + $_G_func_options_finish_exit +} + + # func_options [ARG]... # --------------------- # All the functions called inside func_options are hookable. See the @@ -1630,17 +1764,28 @@ { $debug_cmd - func_options_prep ${1+"$@"} - eval func_parse_options \ - ${func_options_prep_result+"$func_options_prep_result"} - eval func_validate_options \ - ${func_parse_options_result+"$func_parse_options_result"} + _G_rc_options=false - eval func_run_hooks func_options \ - ${func_validate_options_result+"$func_validate_options_result"} + for my_func in options_prep parse_options validate_options options_finish + do + if eval func_$my_func '${1+"$@"}'; then + eval _G_res_var='$'"func_${my_func}_result" + eval set dummy "$_G_res_var" ; shift + _G_rc_options=: + fi + done + + # Save modified positional parameters for caller. As a top-level + # options-parser function we always need to set the 'func_options_result' + # variable (regardless the $_G_rc_options value). + if $_G_rc_options; then + func_options_result=$_G_res_var + else + func_quote eval ${1+"$@"} + func_options_result=$func_quote_result + fi - # save modified positional parameters for caller - func_options_result=$func_run_hooks_result + $_G_rc_options } @@ -1649,9 +1794,9 @@ # All initialisations required before starting the option parse loop. # Note that when calling hook functions, we pass through the list of # positional parameters. If a hook function modifies that list, and -# needs to propogate that back to rest of this script, then the complete +# needs to propagate that back to rest of this script, then the complete # modified list must be put in 'func_run_hooks_result' before -# returning. +# returning $EXIT_SUCCESS (otherwise $EXIT_FAILURE is returned). func_hookable func_options_prep func_options_prep () { @@ -1661,10 +1806,14 @@ opt_verbose=false opt_warning_types= - func_run_hooks func_options_prep ${1+"$@"} + _G_rc_options_prep=false + if func_run_hooks func_options_prep ${1+"$@"}; then + _G_rc_options_prep=: + # save modified positional parameters for caller + func_options_prep_result=$func_run_hooks_result + fi - # save modified positional parameters for caller - func_options_prep_result=$func_run_hooks_result + $_G_rc_options_prep } @@ -1678,18 +1827,20 @@ func_parse_options_result= + _G_rc_parse_options=false # this just eases exit handling while test $# -gt 0; do # Defer to hook functions for initial option parsing, so they # get priority in the event of reusing an option name. - func_run_hooks func_parse_options ${1+"$@"} - - # Adjust func_parse_options positional parameters to match - eval set dummy "$func_run_hooks_result"; shift + if func_run_hooks func_parse_options ${1+"$@"}; then + eval set dummy "$func_run_hooks_result"; shift + _G_rc_parse_options=: + fi # Break out of the loop if we already parsed every option. test $# -gt 0 || break + _G_match_parse_options=: _G_opt=$1 shift case $_G_opt in @@ -1704,7 +1855,10 @@ ;; --warnings|--warning|-W) - test $# = 0 && func_missing_arg $_G_opt && break + if test $# = 0 && func_missing_arg $_G_opt; then + _G_rc_parse_options=: + break + fi case " $warning_categories $1" in *" $1 "*) # trailing space prevents matching last $1 above @@ -1757,15 +1911,25 @@ shift ;; - --) break ;; + --) _G_rc_parse_options=: ; break ;; -*) func_fatal_help "unrecognised option: '$_G_opt'" ;; - *) set dummy "$_G_opt" ${1+"$@"}; shift; break ;; + *) set dummy "$_G_opt" ${1+"$@"}; shift + _G_match_parse_options=false + break + ;; esac + + $_G_match_parse_options && _G_rc_parse_options=: done - # save modified positional parameters for caller - func_quote_for_eval ${1+"$@"} - func_parse_options_result=$func_quote_for_eval_result + + if $_G_rc_parse_options; then + # save modified positional parameters for caller + func_quote eval ${1+"$@"} + func_parse_options_result=$func_quote_result + fi + + $_G_rc_parse_options } @@ -1778,16 +1942,21 @@ { $debug_cmd + _G_rc_validate_options=false + # Display all warnings if -W was not given. test -n "$opt_warning_types" || opt_warning_types=" $warning_categories" - func_run_hooks func_validate_options ${1+"$@"} + if func_run_hooks func_validate_options ${1+"$@"}; then + # save modified positional parameters for caller + func_validate_options_result=$func_run_hooks_result + _G_rc_validate_options=: + fi # Bail if the options were screwed! $exit_cmd $EXIT_FAILURE - # save modified positional parameters for caller - func_validate_options_result=$func_run_hooks_result + $_G_rc_validate_options } @@ -2068,7 +2237,7 @@ compiler: $LTCC compiler flags: $LTCFLAGS linker: $LD (gnu? $with_gnu_ld) - version: $progname $scriptversion Debian-2.4.6-2 + version: $progname $scriptversion Debian-2.4.6-2.1 automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q` autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q` @@ -2270,6 +2439,8 @@ nonopt= preserve_args= + _G_rc_lt_options_prep=: + # Shorthand for --mode=foo, only valid as the first argument case $1 in clean|clea|cle|cl) @@ -2293,11 +2464,18 @@ uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u) shift; set dummy --mode uninstall ${1+"$@"}; shift ;; + *) + _G_rc_lt_options_prep=false + ;; esac - # Pass back the list of options. - func_quote_for_eval ${1+"$@"} - libtool_options_prep_result=$func_quote_for_eval_result + if $_G_rc_lt_options_prep; then + # Pass back the list of options. + func_quote eval ${1+"$@"} + libtool_options_prep_result=$func_quote_result + fi + + $_G_rc_lt_options_prep } func_add_hook func_options_prep libtool_options_prep @@ -2309,9 +2487,12 @@ { $debug_cmd + _G_rc_lt_parse_options=false + # Perform our own loop to consume as many options as possible in # each iteration. while test $# -gt 0; do + _G_match_lt_parse_options=: _G_opt=$1 shift case $_G_opt in @@ -2386,15 +2567,22 @@ func_append preserve_args " $_G_opt" ;; - # An option not handled by this hook function: - *) set dummy "$_G_opt" ${1+"$@"}; shift; break ;; + # An option not handled by this hook function: + *) set dummy "$_G_opt" ${1+"$@"} ; shift + _G_match_lt_parse_options=false + break + ;; esac + $_G_match_lt_parse_options && _G_rc_lt_parse_options=: done + if $_G_rc_lt_parse_options; then + # save modified positional parameters for caller + func_quote eval ${1+"$@"} + libtool_parse_options_result=$func_quote_result + fi - # save modified positional parameters for caller - func_quote_for_eval ${1+"$@"} - libtool_parse_options_result=$func_quote_for_eval_result + $_G_rc_lt_parse_options } func_add_hook func_parse_options libtool_parse_options @@ -2451,8 +2639,8 @@ } # Pass back the unparsed argument list - func_quote_for_eval ${1+"$@"} - libtool_validate_options_result=$func_quote_for_eval_result + func_quote eval ${1+"$@"} + libtool_validate_options_result=$func_quote_result } func_add_hook func_validate_options libtool_validate_options @@ -3418,8 +3606,8 @@ esac done - func_quote_for_eval "$libobj" - test "X$libobj" != "X$func_quote_for_eval_result" \ + func_quote_arg pretty "$libobj" + test "X$libobj" != "X$func_quote_arg_result" \ && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"' &()|`$[]' \ && func_warning "libobj name '$libobj' may not contain shell special characters." func_dirname_and_basename "$obj" "/" "" @@ -3492,8 +3680,8 @@ func_to_tool_file "$srcfile" func_convert_file_msys_to_w32 srcfile=$func_to_tool_file_result - func_quote_for_eval "$srcfile" - qsrcfile=$func_quote_for_eval_result + func_quote_arg pretty "$srcfile" + qsrcfile=$func_quote_arg_result # Only build a PIC object if we are building libtool libraries. if test yes = "$build_libtool_libs"; then @@ -4096,8 +4284,8 @@ case $nonopt in *shtool*) :;; *) false;; esac then # Aesthetically quote it. - func_quote_for_eval "$nonopt" - install_prog="$func_quote_for_eval_result " + func_quote_arg pretty "$nonopt" + install_prog="$func_quote_arg_result " arg=$1 shift else @@ -4107,8 +4295,8 @@ # The real first argument should be the name of the installation program. # Aesthetically quote it. - func_quote_for_eval "$arg" - func_append install_prog "$func_quote_for_eval_result" + func_quote_arg pretty "$arg" + func_append install_prog "$func_quote_arg_result" install_shared_prog=$install_prog case " $install_prog " in *[\\\ /]cp\ *) install_cp=: ;; @@ -4165,12 +4353,12 @@ esac # Aesthetically quote the argument. - func_quote_for_eval "$arg" - func_append install_prog " $func_quote_for_eval_result" + func_quote_arg pretty "$arg" + func_append install_prog " $func_quote_arg_result" if test -n "$arg2"; then - func_quote_for_eval "$arg2" + func_quote_arg pretty "$arg2" fi - func_append install_shared_prog " $func_quote_for_eval_result" + func_append install_shared_prog " $func_quote_arg_result" done test -z "$install_prog" && \ @@ -4181,8 +4369,8 @@ if test -n "$install_override_mode" && $no_mode; then if $install_cp; then :; else - func_quote_for_eval "$install_override_mode" - func_append install_shared_prog " -m $func_quote_for_eval_result" + func_quote_arg pretty "$install_override_mode" + func_append install_shared_prog " -m $func_quote_arg_result" fi fi @@ -4478,8 +4666,8 @@ relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'` $opt_quiet || { - func_quote_for_expand "$relink_command" - eval "func_echo $func_quote_for_expand_result" + func_quote_arg expand,pretty "$relink_command" + eval "func_echo $func_quote_arg_result" } if eval "$relink_command"; then : else @@ -5258,7 +5446,8 @@ if test \"\$libtool_execute_magic\" != \"$magic\"; then file=\"\$0\"" - qECHO=`$ECHO "$ECHO" | $SED "$sed_quote_subst"` + func_quote_arg pretty "$ECHO" + qECHO=$func_quote_arg_result $ECHO "\ # A function that is used when there is no print builtin or printf. @@ -5268,7 +5457,7 @@ \$1 _LTECHO_EOF' } - ECHO=\"$qECHO\" + ECHO=$qECHO fi # Very basic option parsing. These options are (a) specific to @@ -6611,9 +6800,9 @@ while test "$#" -gt 0; do arg=$1 shift - func_quote_for_eval "$arg" - qarg=$func_quote_for_eval_unquoted_result - func_append libtool_args " $func_quote_for_eval_result" + func_quote_arg pretty,unquoted "$arg" + qarg=$func_quote_arg_unquoted_result + func_append libtool_args " $func_quote_arg_result" # If the previous option needs an argument, assign it. if test -n "$prev"; then @@ -7211,9 +7400,9 @@ save_ifs=$IFS; IFS=, for flag in $args; do IFS=$save_ifs - func_quote_for_eval "$flag" - func_append arg " $func_quote_for_eval_result" - func_append compiler_flags " $func_quote_for_eval_result" + func_quote_arg pretty "$flag" + func_append arg " $func_quote_arg_result" + func_append compiler_flags " $func_quote_arg_result" done IFS=$save_ifs func_stripname ' ' '' "$arg" @@ -7227,10 +7416,10 @@ save_ifs=$IFS; IFS=, for flag in $args; do IFS=$save_ifs - func_quote_for_eval "$flag" - func_append arg " $wl$func_quote_for_eval_result" - func_append compiler_flags " $wl$func_quote_for_eval_result" - func_append linker_flags " $func_quote_for_eval_result" + func_quote_arg pretty "$flag" + func_append arg " $wl$func_quote_arg_result" + func_append compiler_flags " $wl$func_quote_arg_result" + func_append linker_flags " $func_quote_arg_result" done IFS=$save_ifs func_stripname ' ' '' "$arg" @@ -7254,8 +7443,8 @@ # -msg_* for osf cc -msg_*) - func_quote_for_eval "$arg" - arg=$func_quote_for_eval_result + func_quote_arg pretty "$arg" + arg=$func_quote_arg_result ;; # Flags to be passed through unchanged, with rationale: @@ -7279,8 +7468,8 @@ -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \ -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*| \ -specs=*|-fsanitize=*) - func_quote_for_eval "$arg" - arg=$func_quote_for_eval_result + func_quote_arg pretty "$arg" + arg=$func_quote_arg_result func_append compile_command " $arg" func_append finalize_command " $arg" func_append compiler_flags " $arg" @@ -7301,15 +7490,15 @@ continue else # Otherwise treat like 'Some other compiler flag' below - func_quote_for_eval "$arg" - arg=$func_quote_for_eval_result + func_quote_arg pretty "$arg" + arg=$func_quote_arg_result fi ;; # Some other compiler flag. -* | +*) - func_quote_for_eval "$arg" - arg=$func_quote_for_eval_result + func_quote_arg pretty "$arg" + arg=$func_quote_arg_result ;; *.$objext) @@ -7429,8 +7618,8 @@ *) # Unknown arguments in both finalize_command and compile_command need # to be aesthetically quoted because they are evaled later. - func_quote_for_eval "$arg" - arg=$func_quote_for_eval_result + func_quote_arg pretty "$arg" + arg=$func_quote_arg_result ;; esac # arg @@ -9942,8 +10131,8 @@ for cmd in $concat_cmds; do IFS=$save_ifs $opt_quiet || { - func_quote_for_expand "$cmd" - eval "func_echo $func_quote_for_expand_result" + func_quote_arg expand,pretty "$cmd" + eval "func_echo $func_quote_arg_result" } $opt_dry_run || eval "$cmd" || { lt_exit=$? @@ -10036,8 +10225,8 @@ eval cmd=\"$cmd\" IFS=$save_ifs $opt_quiet || { - func_quote_for_expand "$cmd" - eval "func_echo $func_quote_for_expand_result" + func_quote_arg expand,pretty "$cmd" + eval "func_echo $func_quote_arg_result" } $opt_dry_run || eval "$cmd" || { lt_exit=$? @@ -10511,12 +10700,12 @@ elif eval var_value=\$$var; test -z "$var_value"; then relink_command="$var=; export $var; $relink_command" else - func_quote_for_eval "$var_value" - relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" + func_quote_arg pretty "$var_value" + relink_command="$var=$func_quote_arg_result; export $var; $relink_command" fi done - relink_command="(cd `pwd`; $relink_command)" - relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` + func_quote_arg pretty,unquoted "(cd `pwd`; $relink_command)" + relink_command=$func_quote_arg_unquoted_result fi # Only actually do things if not in dry run mode. @@ -10756,13 +10945,14 @@ elif eval var_value=\$$var; test -z "$var_value"; then relink_command="$var=; export $var; $relink_command" else - func_quote_for_eval "$var_value" - relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" + func_quote_arg pretty,unquoted "$var_value" + relink_command="$var=$func_quote_arg_unquoted_result; export $var; $relink_command" fi done # Quote the link command for shipping. relink_command="(cd `pwd`; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" - relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` + func_quote_arg pretty,unquoted "$relink_command" + relink_command=$func_quote_arg_unquoted_result if test yes = "$hardcode_automatic"; then relink_command= fi diff -u -r -N squid-4.0.24/ChangeLog squid-4.0.25/ChangeLog --- squid-4.0.24/ChangeLog 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/ChangeLog 2018-06-12 04:30:57.000000000 +1200 @@ -1,3 +1,25 @@ +Changes to squid-4.0.25 (11 Jun 2018): + + - Regression Bug 4855: querying private entries for HTCP/ICP + - Regression Bug 4852: deny_info %R macro not being expanded + - Regression Bug 4847: proxy_auth ACL -i/+i flags not working + - Regression Bug 4831: filter chain certificates for validity when loading + - Regression fix: Transient reader locking broken in 4.0.24 + - Bug 4845: NegotiateSsl crash on aborting transaction + - Bug 4843 pt1: ext_edirectory_userip_acl refactoring for GCC-8 + - Bug 4843 pt2: squidclient refactoring for GCC-8 + - Bug 4829: IPC shared memory leaks when disker queue overflows + - Bug 4828: Use feature detection for IPFilter API/ABI checks + - Bug 4816: update negotiate_kerberos_auth helper protocol to v3.4 + - Bug 4811: supply AccessLogEntry (ALE) for more fast ACL checks + - Bug 4707: purge tool does not obey --sysconfdir= build option + - Bug 4171: checking for log_file_daemon despite disabling logging + - Bug 4042: ext_kerberos_ldap_group: add -P principal option + - TLS: avoid "ssl_crtd" assertions on reconfiguration + - Add timestamps to (most) FATAL messages + - Add "--kid role-ID" command line option + - ... and many documentation updates + Changes to squid-4.0.24 (07 Mar 2018): - Bug 4822: Build failure (-Wformat) where time_t is not long int @@ -1638,7 +1660,7 @@ Changes to squid-3.2.0.6 (04 Apr 2011): - Regression fix: upgrade existing icons - - Regression fix: dont crash when accessing an SSL certificate with errors + - Regression fix: do not crash when accessing an SSL certificate with errors - Regression fix: prevent stdio log module segfaults on rotate - Regression fix: shutdown properly even if a worker process crashes on exit - Regression Bug 3159: (partial fix) ICAP and --disable-auth compile problems diff -u -r -N squid-4.0.24/compat/Makefile.in squid-4.0.25/compat/Makefile.in --- squid-4.0.24/compat/Makefile.in 2018-03-08 02:24:40.000000000 +1300 +++ squid-4.0.25/compat/Makefile.in 2018-06-12 04:47:58.000000000 +1200 @@ -509,7 +509,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/compat/os/solaris.h squid-4.0.25/compat/os/solaris.h --- squid-4.0.24/compat/os/solaris.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/compat/os/solaris.h 2018-06-12 04:30:57.000000000 +1200 @@ -50,7 +50,7 @@ #if defined(__SUNPRO_CC) // Solaris 11 needs this before to get the definition for msg_control -// and possibly other type definitions we dont know about specifically +// and possibly other type definitions we do not know about specifically #define _XPG4_2 1 #include #endif diff -u -r -N squid-4.0.24/configure squid-4.0.25/configure --- squid-4.0.24/configure 2018-03-08 02:24:46.000000000 +1300 +++ squid-4.0.25/configure 2018-06-12 04:48:04.000000000 +1200 @@ -1,7 +1,7 @@ #! /bin/sh # From configure.ac Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for Squid Web Proxy 4.0.24. +# Generated by GNU Autoconf 2.69 for Squid Web Proxy 4.0.25. # # Report bugs to . # @@ -595,8 +595,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='4.0.24' -PACKAGE_STRING='Squid Web Proxy 4.0.24' +PACKAGE_VERSION='4.0.25' +PACKAGE_STRING='Squid Web Proxy 4.0.25' PACKAGE_BUGREPORT='http://bugs.squid-cache.org/' PACKAGE_URL='' @@ -1647,7 +1647,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 4.0.24 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 4.0.25 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1718,7 +1718,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 4.0.24:";; + short | recursive ) echo "Configuration of Squid Web Proxy 4.0.25:";; esac cat <<\_ACEOF @@ -2147,7 +2147,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 4.0.24 +Squid Web Proxy configure 4.0.25 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -3251,7 +3251,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 4.0.24, which was +It was created by Squid Web Proxy $as_me 4.0.25, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4118,7 +4118,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='4.0.24' + VERSION='4.0.25' cat >>confdefs.h <<_ACEOF @@ -41575,6 +41575,91 @@ done +## Solaris 10+ backported IPv6 NAT to their IPFilter v4.1 instead of using v5 + ac_fn_cxx_check_member "$LINENO" "struct natlookup" "nl_inipaddr.in6" "ac_cv_member_struct_natlookup_nl_inipaddr_in6" " +#if USE_SOLARIS_IPFILTER_MINOR_T_HACK +#define minor_t fubar +#endif +#if HAVE_SYS_TYPES_H +#include +#endif +#if HAVE_SYS_TIME_H +#include +#endif +#if HAVE_NETINET_IN_H +#include +#endif +#if HAVE_SYS_IOCCOM_H +#include +#endif +#if USE_SOLARIS_IPFILTER_MINOR_T_HACK +#undef minor_t +#endif +#if HAVE_IP_COMPAT_H +#include +#elif HAVE_NETINET_IP_COMPAT_H +#include +#endif +#if HAVE_IP_FIL_H +#include +#elif HAVE_NETINET_IP_FIL_H +#include +#endif +#include + +" +if test "x$ac_cv_member_struct_natlookup_nl_inipaddr_in6" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_NATLOOKUP_NL_INIPADDR_IN6 1 +_ACEOF + + +fi +ac_fn_cxx_check_member "$LINENO" "struct natlookup" "nl_realipaddr.in6" + "ac_cv_member_struct_natlookup_nl_realipaddr_in6___" " +#if USE_SOLARIS_IPFILTER_MINOR_T_HACK +#define minor_t fubar +#endif +#if HAVE_SYS_TYPES_H +#include +#endif +#if HAVE_SYS_TIME_H +#include +#endif +#if HAVE_NETINET_IN_H +#include +#endif +#if HAVE_SYS_IOCCOM_H +#include +#endif +#if USE_SOLARIS_IPFILTER_MINOR_T_HACK +#undef minor_t +#endif +#if HAVE_IP_COMPAT_H +#include +#elif HAVE_NETINET_IP_COMPAT_H +#include +#endif +#if HAVE_IP_FIL_H +#include +#elif HAVE_NETINET_IP_FIL_H +#include +#endif +#include + +" +if test "x$ac_cv_member_struct_natlookup_nl_realipaddr_in6___" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_NATLOOKUP_NL_REALIPADDR_IN6___ 1 +_ACEOF + + +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for availability of IP-Filter header files" >&5 $as_echo_n "checking for availability of IP-Filter header files... " >&6; } # hold on to your hats... @@ -43734,7 +43819,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 4.0.24, which was +This file was extended by Squid Web Proxy $as_me 4.0.25, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -43800,7 +43885,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Squid Web Proxy config.status 4.0.24 +Squid Web Proxy config.status 4.0.25 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -u -r -N squid-4.0.24/configure.ac squid-4.0.25/configure.ac --- squid-4.0.24/configure.ac 2018-03-08 02:24:46.000000000 +1300 +++ squid-4.0.25/configure.ac 2018-06-12 04:48:04.000000000 +1200 @@ -5,7 +5,7 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -AC_INIT([Squid Web Proxy],[4.0.24],[http://bugs.squid-cache.org/],[squid]) +AC_INIT([Squid Web Proxy],[4.0.25],[http://bugs.squid-cache.org/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) @@ -2900,7 +2900,7 @@ #endif ) -dnl *BSD dont include the dependencies for all their net/ and netinet/ files +dnl *BSD do not include the dependencies for all their net/ and netinet/ files dnl We must include a few basic type headers for them to work. AC_CHECK_HEADERS( \ net/if.h \ diff -u -r -N squid-4.0.24/doc/release-notes/release-4.html squid-4.0.25/doc/release-notes/release-4.html --- squid-4.0.24/doc/release-notes/release-4.html 2018-03-08 02:33:23.000000000 +1300 +++ squid-4.0.25/doc/release-notes/release-4.html 2018-06-12 04:56:17.000000000 +1200 @@ -2,10 +2,10 @@ - Squid 4.0.24 release notes + Squid 4.0.25 release notes -

Squid 4.0.24 release notes

+

Squid 4.0.25 release notes

Squid Developers

@@ -63,7 +63,7 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-4.0.24 for testing.

+

The Squid Team are pleased to announce the release of Squid-4.0.25 for testing.

This new release is available for download from http://www.squid-cache.org/Versions/v4/ or the mirrors.

@@ -247,6 +247,10 @@ cache structures creation), as it allows the caller to wait until Squid has finished.

+

The squid binary now accepts a --kid command line option which +informs the process which role it is to take on. This aids with debugging +SMP issues with specific process types and resolves some SMP forking issues.

+

2.8 Initial GnuTLS support

@@ -463,6 +467,10 @@ verify the server certificate.

New tls-domain= option to verify the server certificate domain.

+
logfile_daemon
+

Now only requires that helper binary exists when daemon: log module +is actually being used.

+
logformat

New quoting modifier to produce \-escaped output.

New code %ssl::<cert_errors to display server X.509 diff -u -r -N squid-4.0.24/include/autoconf.h.in squid-4.0.25/include/autoconf.h.in --- squid-4.0.24/include/autoconf.h.in 2018-03-08 02:24:38.000000000 +1300 +++ squid-4.0.25/include/autoconf.h.in 2018-06-12 04:47:56.000000000 +1200 @@ -1009,6 +1009,12 @@ /* Define to 1 if `ip_hl' is a member of `struct iphdr'. */ #undef HAVE_STRUCT_IPHDR_IP_HL +/* Define to 1 if `nl_inipaddr.in6' is a member of `struct natlookup'. */ +#undef HAVE_STRUCT_NATLOOKUP_NL_INIPADDR_IN6 + +/* Define to 1 if `nl_realipaddr.in6' is a member of `struct natlookup '. */ +#undef HAVE_STRUCT_NATLOOKUP_NL_REALIPADDR_IN6___ + /* The system provides struct rusage */ #undef HAVE_STRUCT_RUSAGE diff -u -r -N squid-4.0.24/include/snmp_api.h squid-4.0.25/include/snmp_api.h --- squid-4.0.24/include/snmp_api.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/include/snmp_api.h 2018-06-12 04:30:57.000000000 +1200 @@ -97,7 +97,7 @@ * of outstanding requests on this session, then send the pdu. * Returns the request id of the generated packet if applicable, otherwise 1. * On any error, 0 is returned. - * The pdu is freed by snmp_send() unless a failure occured. + * The pdu is freed by snmp_send() unless a failure occurred. */ int snmp_send(struct snmp_session *, struct snmp_pdu *); diff -u -r -N squid-4.0.24/include/version.h squid-4.0.25/include/version.h --- squid-4.0.24/include/version.h 2018-03-08 02:24:46.000000000 +1300 +++ squid-4.0.25/include/version.h 2018-06-12 04:48:04.000000000 +1200 @@ -7,7 +7,7 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1520429072 +#define SQUID_RELEASE_TIME 1528735673 #endif /* diff -u -r -N squid-4.0.24/lib/getfullhostname.c squid-4.0.25/lib/getfullhostname.c --- squid-4.0.24/lib/getfullhostname.c 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/lib/getfullhostname.c 2018-06-12 04:30:57.000000000 +1200 @@ -25,21 +25,21 @@ #include "util.h" /** - \retval NULL An error occured. - \retval * The fully qualified name (FQDN) of the current host. - * Pointer is only valid until the next call to the gethost*() functions. - * - \todo Make this a squid String result so the duration limit is flexible. + * \retval nullptr An error occurred. + * \retval * The fully qualified name (FQDN) of the current host. + * Pointer is only valid until the next call to the + * gethost*() functions. */ const char * getfullhostname(void) { const struct hostent *hp = NULL; + // TODO: make this dynamic so the duration limit is flexible static char buf[RFC2181_MAXHOSTNAMELEN + 1]; if (gethostname(buf, RFC2181_MAXHOSTNAMELEN) < 0) return NULL; - /** \todo convert this to a getaddrinfo() call */ + // TODO: convert this to a getaddrinfo() call if ((hp = gethostbyname(buf)) != NULL) xstrncpy(buf, hp->h_name, RFC2181_MAXHOSTNAMELEN); return buf; diff -u -r -N squid-4.0.24/lib/libTrie/Makefile.in squid-4.0.25/lib/libTrie/Makefile.in --- squid-4.0.24/lib/libTrie/Makefile.in 2018-03-08 02:24:40.000000000 +1300 +++ squid-4.0.25/lib/libTrie/Makefile.in 2018-06-12 04:47:58.000000000 +1200 @@ -541,7 +541,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/lib/libTrie/test/Makefile.in squid-4.0.25/lib/libTrie/test/Makefile.in --- squid-4.0.24/lib/libTrie/test/Makefile.in 2018-03-08 02:24:40.000000000 +1300 +++ squid-4.0.25/lib/libTrie/test/Makefile.in 2018-06-12 04:47:58.000000000 +1200 @@ -472,7 +472,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/lib/Makefile.in squid-4.0.25/lib/Makefile.in --- squid-4.0.24/lib/Makefile.in 2018-03-08 02:24:40.000000000 +1300 +++ squid-4.0.25/lib/Makefile.in 2018-06-12 04:47:58.000000000 +1200 @@ -581,7 +581,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/lib/ntlmauth/Makefile.in squid-4.0.25/lib/ntlmauth/Makefile.in --- squid-4.0.24/lib/ntlmauth/Makefile.in 2018-03-08 02:24:40.000000000 +1300 +++ squid-4.0.25/lib/ntlmauth/Makefile.in 2018-06-12 04:47:58.000000000 +1200 @@ -492,7 +492,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/lib/ntlmauth/support_endian.h squid-4.0.25/lib/ntlmauth/support_endian.h --- squid-4.0.24/lib/ntlmauth/support_endian.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/lib/ntlmauth/support_endian.h 2018-06-12 04:30:57.000000000 +1200 @@ -40,7 +40,7 @@ * uint32_t le32toh(uint32_t); * * XXX: What about unusual byte orders like 3412 or 2143 ? - * Never had any problems reported, so we dont worry about them. + * Never had any problems reported, so we do not worry about them. */ #if !HAVE_HTOLE16 && !defined(htole16) diff -u -r -N squid-4.0.24/lib/profiler/Makefile.in squid-4.0.25/lib/profiler/Makefile.in --- squid-4.0.24/lib/profiler/Makefile.in 2018-03-08 02:24:40.000000000 +1300 +++ squid-4.0.25/lib/profiler/Makefile.in 2018-06-12 04:47:58.000000000 +1200 @@ -496,7 +496,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/lib/rfcnb/Makefile.in squid-4.0.25/lib/rfcnb/Makefile.in --- squid-4.0.24/lib/rfcnb/Makefile.in 2018-03-08 02:24:40.000000000 +1300 +++ squid-4.0.25/lib/rfcnb/Makefile.in 2018-06-12 04:47:58.000000000 +1200 @@ -472,7 +472,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/lib/smblib/Makefile.in squid-4.0.25/lib/smblib/Makefile.in --- squid-4.0.24/lib/smblib/Makefile.in 2018-03-08 02:24:40.000000000 +1300 +++ squid-4.0.25/lib/smblib/Makefile.in 2018-06-12 04:47:58.000000000 +1200 @@ -473,7 +473,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/lib/smblib/smblib-priv.h squid-4.0.25/lib/smblib/smblib-priv.h --- squid-4.0.24/lib/smblib/smblib-priv.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/lib/smblib/smblib-priv.h 2018-06-12 04:30:57.000000000 +1200 @@ -170,7 +170,7 @@ /* We define these as offsets into a char SMB[] array for the */ /* sake of portability */ -/* NOTE!. Some of the lenght defines, SMB__len do not include */ +/* NOTE!. Some of the length defines, SMB__len do not include */ /* the data that follows in the SMB packet, so the code will have to */ /* take that into account. */ diff -u -r -N squid-4.0.24/lib/snmplib/snmp_error.c squid-4.0.25/lib/snmplib/snmp_error.c --- squid-4.0.24/lib/snmplib/snmp_error.c 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/lib/snmplib/snmp_error.c 2018-06-12 04:30:57.000000000 +1200 @@ -44,7 +44,7 @@ "There is no such variable name in this MIB.", "The value given has the wrong type, length, or value", "This variable is read only", - "A general failure occured", + "A general failure occurred", /* 0x06 - 0x09 */ /* SNMPv2 Errors */ diff -u -r -N squid-4.0.24/RELEASENOTES.html squid-4.0.25/RELEASENOTES.html --- squid-4.0.24/RELEASENOTES.html 2018-03-08 02:33:23.000000000 +1300 +++ squid-4.0.25/RELEASENOTES.html 2018-06-12 04:56:17.000000000 +1200 @@ -2,10 +2,10 @@ - Squid 4.0.24 release notes + Squid 4.0.25 release notes -

Squid 4.0.24 release notes

+

Squid 4.0.25 release notes

Squid Developers

@@ -63,7 +63,7 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-4.0.24 for testing.

+

The Squid Team are pleased to announce the release of Squid-4.0.25 for testing.

This new release is available for download from http://www.squid-cache.org/Versions/v4/ or the mirrors.

@@ -247,6 +247,10 @@ cache structures creation), as it allows the caller to wait until Squid has finished.

+

The squid binary now accepts a --kid command line option which +informs the process which role it is to take on. This aids with debugging +SMP issues with specific process types and resolves some SMP forking issues.

+

2.8 Initial GnuTLS support

@@ -463,6 +467,10 @@ verify the server certificate.

New tls-domain= option to verify the server certificate domain.

+
logfile_daemon
+

Now only requires that helper binary exists when daemon: log module +is actually being used.

+
logformat

New quoting modifier to produce \-escaped output.

New code %ssl::<cert_errors to display server X.509 diff -u -r -N squid-4.0.24/src/acl/Acl.cc squid-4.0.25/src/acl/Acl.cc --- squid-4.0.24/src/acl/Acl.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/acl/Acl.cc 2018-06-12 04:30:57.000000000 +1200 @@ -141,7 +141,7 @@ } else { // make sure the ALE has as much data as possible if (requiresAle()) - checklist->syncAle(); + checklist->verifyAle(); // have to cast because old match() API is missing const result = const_cast(this)->match(checklist); diff -u -r -N squid-4.0.24/src/acl/Checklist.h squid-4.0.25/src/acl/Checklist.h --- squid-4.0.24/src/acl/Checklist.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/acl/Checklist.h 2018-06-12 04:30:57.000000000 +1200 @@ -13,6 +13,8 @@ #include #include +class HttpRequest; + /// ACL checklist callback typedef void ACLCB(allow_t, void *); @@ -164,7 +166,10 @@ virtual bool hasRequest() const = 0; virtual bool hasReply() const = 0; virtual bool hasAle() const = 0; - virtual void syncAle() const = 0; + /// assigns uninitialized adapted_request and url ALE components + virtual void syncAle(HttpRequest *adaptedRequest, const char *logUri) const = 0; + /// warns if there are uninitialized ALE components and fills them + virtual void verifyAle() const = 0; /// change the current ACL list /// \return a pointer to the old list value (may be nullptr) diff -u -r -N squid-4.0.24/src/acl/ConnectionsEncrypted.cc squid-4.0.25/src/acl/ConnectionsEncrypted.cc --- squid-4.0.24/src/acl/ConnectionsEncrypted.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/acl/ConnectionsEncrypted.cc 2018-06-12 04:30:57.000000000 +1200 @@ -47,7 +47,7 @@ Acl::ConnectionsEncrypted::parse() { if (ConfigParser::strtokFile()) { - debugs(89, DBG_CRITICAL, "WARNING: connections_encrypted does not accepts any value."); + debugs(89, DBG_CRITICAL, "WARNING: connections_encrypted does not accept any value."); } } diff -u -r -N squid-4.0.24/src/acl/external/AD_group/Makefile.in squid-4.0.25/src/acl/external/AD_group/Makefile.in --- squid-4.0.24/src/acl/external/AD_group/Makefile.in 2018-03-08 02:24:41.000000000 +1300 +++ squid-4.0.25/src/acl/external/AD_group/Makefile.in 2018-06-12 04:47:59.000000000 +1200 @@ -482,7 +482,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/acl/external/delayer/ext_delayer_acl.8 squid-4.0.25/src/acl/external/delayer/ext_delayer_acl.8 --- squid-4.0.24/src/acl/external/delayer/ext_delayer_acl.8 2018-03-08 02:33:24.000000000 +1300 +++ squid-4.0.25/src/acl/external/delayer/ext_delayer_acl.8 2018-06-12 04:56:18.000000000 +1200 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EXT_DELAYER_ACL 8" -.TH EXT_DELAYER_ACL 8 "2018-03-07" "perl v5.26.1" "User Contributed Perl Documentation" +.TH EXT_DELAYER_ACL 8 "2018-06-11" "perl v5.26.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-4.0.24/src/acl/external/delayer/Makefile.in squid-4.0.25/src/acl/external/delayer/Makefile.in --- squid-4.0.24/src/acl/external/delayer/Makefile.in 2018-03-08 02:24:41.000000000 +1300 +++ squid-4.0.25/src/acl/external/delayer/Makefile.in 2018-06-12 04:47:59.000000000 +1200 @@ -431,7 +431,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.cc squid-4.0.25/src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.cc --- squid-4.0.24/src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.cc 2018-06-12 04:30:57.000000000 +1200 @@ -66,6 +66,9 @@ #ifdef HAVE_LDAP_H #include #endif +#ifdef HAVE_NETDB_H +#include +#endif #ifdef HELPER_INPUT_BUFFER #define EDUI_MAXLEN HELPER_INPUT_BUFFER @@ -713,11 +716,14 @@ /* Copy details - dn and pw CAN be NULL for anonymous and/or TLS */ if (dn != NULL) { + if (strlen(dn) >= sizeof(l->dn)) + return LDAP_ERR_OOB; /* DN too large */ + if ((l->basedn[0] != '\0') && (strstr(dn, l->basedn) == NULL)) { /* We got a basedn, but it's not part of dn */ - xstrncpy(l->dn, dn, sizeof(l->dn)); - strncat(l->dn, ",", 1); - strncat(l->dn, l->basedn, strlen(l->basedn)); + const int x = snprintf(l->dn, sizeof(l->dn)-1, "%s,%s", dn, l->basedn); + if (x < 0 || static_cast(x) >= sizeof(l->dn)) + return LDAP_ERR_OOB; /* DN too large */ } else xstrncpy(l->dn, dn, sizeof(l->dn)); } @@ -777,24 +783,73 @@ } } +// XXX: duplicate (partial) of Ip::Address::lookupHostIp +/** + * Convert the IP address string representation in src to + * its binary representation. + * + * \return binary representation of the src IP address. + * Must be free'd using freeaddrinfo(). + */ +static struct addrinfo * +makeIpBinary(const char *src) +{ + struct addrinfo want; + memset(&want, 0, sizeof(want)); + want.ai_flags = AI_NUMERICHOST; // prevent actual DNS lookups! + + struct addrinfo *dst = nullptr; + if (getaddrinfo(src, nullptr, &want, &dst) != 0) { + // not an IP address + /* free any memory getaddrinfo() dynamically allocated. */ + if (dst) + freeaddrinfo(dst); + return nullptr; + } + + return dst; +} + +/** + * Convert srcLen bytes from src into HEX and store into dst, which + * has a maximum content size of dstSize including c-string terminator. + * The dst value produced will be a 0-terminated c-string. + * + * \retval N length of dst written (excluding c-string terminator) + * \retval -11 (LDAP_ERR_OOB) buffer overflow detected + */ +static int +makeHexString(char *dst, const int dstSize, const char *src, const int srcLen) +{ + // HEX encoding doubles the amount of bytes/octets copied + if ((srcLen*2) >= dstSize) + return LDAP_ERR_OOB; // cannot copy that many + + *dst = 0; + + for (int k = 0; k < srcLen; ++k) { + int c = static_cast(src[k]); + if (c < 0) + c = c + 256; + char hexc[4]; + const int hlen = snprintf(hexc, sizeof(hexc), "%02X", c); + if (hlen < 0 || static_cast(hlen) > sizeof(hexc)) // should be impossible + return LDAP_ERR_OOB; + strcat(dst, hexc); + } + return strlen(dst); +} + /* * ConvertIP() - * * Take an IPv4 address in dot-decimal or IPv6 notation, and convert to 2-digit HEX stored in l->search_ip * This is the networkAddress that we search LDAP for. - * - * PENDING -- CHANGE OVER TO inet*_pton, but inet6_pton does not provide the correct syntax - * */ static int ConvertIP(edui_ldap_t *l, char *ip) { - char bufa[EDUI_MAXLEN], bufb[EDUI_MAXLEN], obj[EDUI_MAXLEN]; - char hexc[4], *p; void *y, *z; - size_t s; - long x; - int i, j, t, swi; /* IPv6 "::" cut over toggle */ if (l == NULL) return LDAP_ERR_NULL; if (ip == NULL) return LDAP_ERR_PARAM; if (!(l->status & LDAP_INIT_S)) return LDAP_ERR_INIT; /* Not initalized */ @@ -830,183 +885,22 @@ l->status |= (LDAP_IPV4_S); z = NULL; } - s = strlen(ip); - *(bufa) = '\0'; - *(bufb) = '\0'; - *(obj) = '\0'; - /* StringSplit() will zero out bufa & obj at each call */ - memset(l->search_ip, '\0', sizeof(l->search_ip)); - xstrncpy(bufa, ip, sizeof(bufa)); /* To avoid segfaults, use bufa instead of ip */ - swi = 0; - if (l->status & LDAP_IPV6_S) { - /* Search for :: in string */ - if ((bufa[0] == ':') && (bufa[1] == ':')) { - /* bufa starts with a ::, so just copy and clear */ - xstrncpy(bufb, bufa, sizeof(bufb)); - *(bufa) = '\0'; - ++swi; /* Indicates that there is a bufb */ - } else if ((bufa[0] == ':') && (bufa[1] != ':')) { - /* bufa starts with a :, a typo so just fill in a ':', cat and clear */ - bufb[0] = ':'; - strncat(bufb, bufa, strlen(bufa)); - *(bufa) = '\0'; - ++swi; /* Indicates that there is a bufb */ - } else { - p = strstr(bufa, "::"); - if (p != NULL) { - /* Found it, break bufa down and split into bufb here */ - *(bufb) = '\0'; - i = strlen(p); - memcpy(bufb, p, i); - *p = '\0'; - bufb[i] = '\0'; - ++swi; /* Indicates that there is a bufb */ - } - } - } - s = strlen(bufa); - if (s < 1) - s = strlen(bufb); - while (s > 0) { - if ((l->status & LDAP_IPV4_S) && (swi == 0)) { - /* Break down IPv4 address */ - t = StringSplit(bufa, '.', obj, sizeof(obj)); - if (t > 0) { - errno = 0; - x = strtol(obj, (char **)NULL, 10); - if (((x < 0) || (x > 255)) || ((errno != 0) && (x == 0)) || ((obj[0] != '0') && (x == 0))) - return LDAP_ERR_OOB; /* Out of bounds -- Invalid address */ - memset(hexc, '\0', sizeof(hexc)); - int hlen = snprintf(hexc, sizeof(hexc), "%02X", (int)x); - strncat(l->search_ip, hexc, hlen); - } else - break; /* reached end of octet */ - } else if (l->status & LDAP_IPV6_S) { - /* Break down IPv6 address */ - if (swi > 1) - t = StringSplit(bufb, ':', obj, sizeof(obj)); /* After "::" */ - else - t = StringSplit(bufa, ':', obj, sizeof(obj)); /* Before "::" */ - /* Convert octet by size (t) - and fill 0's */ - switch (t) { /* IPv6 is already in HEX, copy contents */ - case 4: - hexc[0] = (char) toupper((int)obj[0]); - i = (int)hexc[0]; - if (!isxdigit(i)) - return LDAP_ERR_OOB; /* Out of bounds */ - hexc[1] = (char) toupper((int)obj[1]); - i = (int)hexc[1]; - if (!isxdigit(i)) - return LDAP_ERR_OOB; /* Out of bounds */ - hexc[2] = '\0'; - strncat(l->search_ip, hexc, 2); - hexc[0] = (char) toupper((int)obj[2]); - i = (int)hexc[0]; - if (!isxdigit(i)) - return LDAP_ERR_OOB; /* Out of bounds */ - hexc[1] = (char) toupper((int)obj[3]); - i = (int)hexc[1]; - if (!isxdigit(i)) - return LDAP_ERR_OOB; /* Out of bounds */ - hexc[2] = '\0'; - strncat(l->search_ip, hexc, 2); - break; - case 3: - hexc[0] = '0'; - hexc[1] = (char) toupper((int)obj[0]); - i = (int)hexc[1]; - if (!isxdigit(i)) - return LDAP_ERR_OOB; /* Out of bounds */ - hexc[2] = '\0'; - strncat(l->search_ip, hexc, 2); - hexc[0] = (char) toupper((int)obj[1]); - i = (int)hexc[0]; - if (!isxdigit(i)) - return LDAP_ERR_OOB; /* Out of bounds */ - hexc[1] = (char) toupper((int)obj[2]); - i = (int)hexc[1]; - if (!isxdigit(i)) - return LDAP_ERR_OOB; /* Out of bounds */ - hexc[2] = '\0'; - strncat(l->search_ip, hexc, 2); - break; - case 2: - strncat(l->search_ip, "00", 2); - hexc[0] = (char) toupper((int)obj[0]); - i = (int)hexc[0]; - if (!isxdigit(i)) - return LDAP_ERR_OOB; /* Out of bounds */ - hexc[1] = (char) toupper((int)obj[1]); - i = (int)hexc[1]; - if (!isxdigit(i)) - return LDAP_ERR_OOB; /* Out of bounds */ - hexc[2] = '\0'; - strncat(l->search_ip, hexc, 2); - break; - case 1: - strncat(l->search_ip, "00", 2); - hexc[0] = '0'; - hexc[1] = (char) toupper((int)obj[0]); - i = (int)hexc[1]; - if (!isxdigit(i)) - return LDAP_ERR_OOB; /* Out of bounds */ - hexc[2] = '\0'; - strncat(l->search_ip, hexc, 2); - break; - default: - if (t > 4) - return LDAP_ERR_OOB; - break; - } - /* Code to pad the address with 0's between a '::' */ - if ((strlen(bufa) == 0) && (swi == 1)) { - /* We are *AT* the split, pad in some 0000 */ - t = strlen(bufb); - /* How many ':' exist in bufb ? */ - j = 0; - for (i = 0; i < t; ++i) { - if (bufb[i] == ':') - ++j; - } - --j; /* Preceding "::" doesn't count */ - t = 8 - (strlen(l->search_ip) / 4) - j; /* Remainder */ - if (t > 0) { - for (i = 0; i < t; ++i) - strncat(l->search_ip, "0000", 4); - } - } - } - if ((bufa[0] == '\0') && (swi > 0)) { - s = strlen(bufb); - ++swi; - } else - s = strlen(bufa); - } - s = strlen(l->search_ip); - /* CHECK sizes of address, truncate or pad */ - /* if "::" is at end of ip, then pad another block or two */ - while ((l->status & LDAP_IPV6_S) && (s < 32)) { - strncat(l->search_ip, "0000", 4); - s = strlen(l->search_ip); - } - if ((l->status & LDAP_IPV6_S) && (s > 32)) { - /* Too long, truncate */ - l->search_ip[32] = '\0'; - s = strlen(l->search_ip); - } - /* If at end of ip, and its not long enough, then pad another block or two */ - while ((l->status & LDAP_IPV4_S) && (s < 8)) { - strncat(l->search_ip, "00", 2); - s = strlen(l->search_ip); - } - if ((l->status & LDAP_IPV4_S) && (s > 8)) { - /* Too long, truncate */ - l->search_ip[8] = '\0'; - s = strlen(l->search_ip); + size_t s = LDAP_ERR_INVALID; + if (struct addrinfo *dst = makeIpBinary(ip)) { + if (dst->ai_family == AF_INET6) { + struct sockaddr_in6 *sia = reinterpret_cast(dst->ai_addr); + const char *ia = reinterpret_cast(sia->sin6_addr.s6_addr); + s = makeHexString(l->search_ip, sizeof(l->search_ip), ia, 16); // IPv6 = 16-byte address + + } else if (dst->ai_family == AF_INET) { + struct sockaddr_in *sia = reinterpret_cast(dst->ai_addr); + const char *ia = reinterpret_cast(&(sia->sin_addr)); + s = makeHexString(l->search_ip, sizeof(l->search_ip), ia, 4); // IPv4 = 4-byte address + } // else leave s with LDAP_ERR_INVALID value + freeaddrinfo(dst); } - /* Completed, s is length of address in HEX */ return s; } @@ -1098,48 +992,42 @@ } if (group == NULL) { /* No groupMembership= to add, yay! */ - xstrncpy(bufa, "(&", sizeof(bufa)); - strncat(bufa, edui_conf.search_filter, strlen(edui_conf.search_filter)); /* networkAddress */ - snprintf(bufb, sizeof(bufb), "(|(networkAddress=1\\23%s)", bufc); if (l->status & LDAP_IPV4_S) { - int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=8\\23\\00\\00%s)(networkAddress=9\\23\\00\\00%s))", \ - bufc, bufc); - strncat(bufb, bufd, ln); + const int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=8\\23\\00\\00%s)(networkAddress=9\\23\\00\\00%s)", bufc, bufc); + if (ln < 0 || static_cast(ln) >= sizeof(bufd)) + return LDAP_ERR_OOB; + } else if (l->status & LDAP_IPV6_S) { - int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=10\\23\\00\\00%s)(networkAddress=11\\23\\00\\00%s))", \ - bufc, bufc); - strncat(bufb, bufd, ln); - } else - strncat(bufb, ")", 1); - strncat(bufa, bufb, strlen(bufb)); - strncat(bufa, ")", 1); + const int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=10\\23\\00\\00%s)(networkAddress=11\\23\\00\\00%s)", bufc, bufc); + if (ln < 0 || static_cast(ln) >= sizeof(bufd)) + return LDAP_ERR_OOB; + } + const int x = snprintf(bufa, sizeof(bufa), "(&%s(|(networkAddress=1\\23%s)%s))", edui_conf.search_filter, bufc, bufd); + if (x < 0 || static_cast(x) >= sizeof(bufa)) + return LDAP_ERR_OOB; + } else { /* Needs groupMembership= to add... */ - xstrncpy(bufa, "(&(&", sizeof(bufa)); - strncat(bufa, edui_conf.search_filter, strlen(edui_conf.search_filter)); /* groupMembership -- NOTE: Squid *MUST* provide "cn=" from squid.conf */ - snprintf(bufg, sizeof(bufg), "(groupMembership=%s", group); if ((l->basedn[0] != '\0') && (strstr(group, l->basedn) == NULL)) { - strncat(bufg, ",", 1); - strncat(bufg, l->basedn, strlen(l->basedn)); + const int ln = snprintf(bufg, sizeof(bufg), ",%s", l->basedn); + if (ln < 0 || static_cast(ln) >= sizeof(bufd)) + return LDAP_ERR_OOB; } - strncat(bufg, ")", 1); - strncat(bufa, bufg, strlen(bufg)); /* networkAddress */ - snprintf(bufb, sizeof(bufb), "(|(networkAddress=1\\23%s)", bufc); if (l->status & LDAP_IPV4_S) { - int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=8\\23\\00\\00%s)(networkAddress=9\\23\\00\\00%s))", \ - bufc, bufc); - strncat(bufb, bufd, ln); + const int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=8\\23\\00\\00%s)(networkAddress=9\\23\\00\\00%s)", bufc, bufc); + if (ln < 0 || static_cast(ln) >= sizeof(bufd)) + return LDAP_ERR_OOB; } else if (l->status & LDAP_IPV6_S) { - int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=10\\23\\00\\00%s)(networkAddress=11\\23\\00\\00%s))", \ - bufc, bufc); - strncat(bufb, bufd, ln); - } else - strncat(bufb, ")", 1); - strncat(bufa, bufb, strlen(bufb)); - strncat(bufa, "))", 2); + const int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=10\\23\\00\\00%s)(networkAddress=11\\23\\00\\00%s)", bufc, bufc); + if (ln < 0 || static_cast(ln) >= sizeof(bufd)) + return LDAP_ERR_OOB; + } + const int x = snprintf(bufa, sizeof(bufa), "(&(&%s(groupMembership=%s%s)(|(networkAddress=1\\23%s)%s)))", edui_conf.search_filter, group, bufg, bufc, bufd); + if (x < 0 || static_cast(x) >= sizeof(bufa)) + return LDAP_ERR_OOB; } s = strlen(bufa); xstrncpy(l->search_filter, bufa, sizeof(l->search_filter)); @@ -1211,10 +1099,10 @@ SearchIPLDAP(edui_ldap_t *l) { ber_len_t i, x; - ber_len_t j, k; - ber_len_t y, z; - int c; - char bufa[EDUI_MAXLEN], bufb[EDUI_MAXLEN], hexc[4]; + ber_len_t j; + ber_len_t z; + char bufa[EDUI_MAXLEN]; + char bufb[EDUI_MAXLEN]; LDAPMessage *ent; if (l == NULL) return LDAP_ERR_NULL; if (l->lp == NULL) return LDAP_ERR_POINTER; @@ -1272,19 +1160,11 @@ /* bufa is the address, just compare it */ if (!(l->status & LDAP_IPV4_S) || (l->status & LDAP_IPV6_S)) break; /* Not looking for IPv4 */ - for (k = 0; k < z; ++k) { - c = (int) bufa[k]; - if (c < 0) - c = c + 256; - int hlen = snprintf(hexc, sizeof(hexc), "%02X", c); - if (k == 0) - xstrncpy(bufb, hexc, sizeof(bufb)); - else - strncat(bufb, hexc, hlen); - } - y = strlen(bufb); + const int blen = makeHexString(bufb, sizeof(bufb), bufa, z); + if (blen < 0) + return blen; /* Compare value with IP */ - if (memcmp(l->search_ip, bufb, y) == 0) { + if (memcmp(l->search_ip, bufb, blen) == 0) { /* We got a match! - Scan 'ber' for 'cn' values */ z = ldap_count_values_len(ber); for (j = 0; j < z; ++j) { @@ -1307,19 +1187,11 @@ /* bufa + 2 is the address (skip 2 digit port) */ if (!(l->status & LDAP_IPV4_S) || (l->status & LDAP_IPV6_S)) break; /* Not looking for IPv4 */ - for (k = 2; k < z; ++k) { - c = (int) bufa[k]; - if (c < 0) - c = c + 256; - int hlen = snprintf(hexc, sizeof(hexc), "%02X", c); - if (k == 2) - xstrncpy(bufb, hexc, sizeof(bufb)); - else - strncat(bufb, hexc, hlen); - } - y = strlen(bufb); + const int blen = makeHexString(bufb, sizeof(bufb), &bufa[2], z); + if (blen < 0) + return blen; /* Compare value with IP */ - if (memcmp(l->search_ip, bufb, y) == 0) { + if (memcmp(l->search_ip, bufb, blen) == 0) { /* We got a match! - Scan 'ber' for 'cn' values */ z = ldap_count_values_len(ber); for (j = 0; j < z; ++j) { @@ -1342,19 +1214,11 @@ /* bufa + 2 is the address (skip 2 digit port) */ if (!(l->status & LDAP_IPV6_S)) break; /* Not looking for IPv6 */ - for (k = 2; k < z; ++k) { - c = (int) bufa[k]; - if (c < 0) - c = c + 256; - int hlen = snprintf(hexc, sizeof(hexc), "%02X", c); - if (k == 2) - xstrncpy(bufb, hexc, sizeof(bufb)); - else - strncat(bufb, hexc, hlen); - } - y = strlen(bufb); + const int blen = makeHexString(bufb, sizeof(bufb), &bufa[2], z); + if (blen < 0) + return blen; /* Compare value with IP */ - if (memcmp(l->search_ip, bufb, y) == 0) { + if (memcmp(l->search_ip, bufb, blen) == 0) { /* We got a match! - Scan 'ber' for 'cn' values */ z = ldap_count_values_len(ber); for (j = 0; j < z; ++j) { @@ -1446,13 +1310,13 @@ case LDAP_ERR_NOTFOUND: return "Item or object has not been found"; case LDAP_ERR_OTHER: - return "An unknown error has occured"; + return "An unknown error has occurred"; case LDAP_ERR_FAILED: return "Operation has failed"; case LDAP_ERR_SUCCESS: return "Operation is successful"; default: - return "An unknown error has occured"; + return "An unknown error has occurred"; } } diff -u -r -N squid-4.0.24/src/acl/external/eDirectory_userip/Makefile.in squid-4.0.25/src/acl/external/eDirectory_userip/Makefile.in --- squid-4.0.24/src/acl/external/eDirectory_userip/Makefile.in 2018-03-08 02:24:41.000000000 +1300 +++ squid-4.0.25/src/acl/external/eDirectory_userip/Makefile.in 2018-06-12 04:48:00.000000000 +1200 @@ -485,7 +485,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/acl/external/file_userip/Makefile.in squid-4.0.25/src/acl/external/file_userip/Makefile.in --- squid-4.0.24/src/acl/external/file_userip/Makefile.in 2018-03-08 02:24:41.000000000 +1300 +++ squid-4.0.25/src/acl/external/file_userip/Makefile.in 2018-06-12 04:48:00.000000000 +1200 @@ -483,7 +483,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 squid-4.0.25/src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 --- squid-4.0.24/src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 2018-06-12 04:30:57.000000000 +1200 @@ -7,7 +7,7 @@ . .SH SYNOPSIS .if !'po4a'hide' .B ext_kerberos_ldap_group_acl -.if !'po4a'hide' .B [\-h] [\-d] [\-i] [\-s] [\-a] [\-D Realm ] [\-N Netbios\-Realm\-List] [\-m Max\-Depth] [\-u Ldap\-User] [\-p Ldap\-Password] [\-b Ldap\-Bind\-Path] [\-l Ldap\-URL] [\-S ldap server list] \-g Group\-Realm\-List \-t Hex\-Group\-Realm\-List \-T Hex\-Group\-Hex\-Realm\-List +.if !'po4a'hide' .B [\-h] [\-d] [\-i] [\-s] [\-a] [\-D Realm ] [\-N Netbios\-Realm\-List] [\-P service principal name] [\-m Max\-Depth] [\-u Ldap\-User] [\-p Ldap\-Password] [\-b Ldap\-Bind\-Path] [\-l Ldap\-URL] [\-S ldap server list] \-g Group\-Realm\-List \-t Hex\-Group\-Realm\-List \-T Hex\-Group\-Hex\-Realm\-List . .SH DESCRIPTION .B ext_kerberos_ldap_group_acl @@ -89,6 +89,8 @@ A list of Netbios name mappings to Kerberos domain names of the form Netbios\-Name@Kerberos\-Realm[:Netbios\-Name@Kerberos\-Realm] (e.g. for users using NTLM authentication). +.if !'po4a'hide' .B \-P service principal name +The principal name in the keytab to use. Avoids automated selection of name. .if !'po4a'hide' .TP 12 .if !'po4a'hide' .B \-m Max\-Depth Maximal depth of recursive group search. @@ -100,7 +102,8 @@ Password for LDAP server. .IP As the password needs to be printed in plain text in your Squid configuration -it is strongly recommended to use an account with minimal associated privileges. +it is strongly recommended to use an account with minimal associated privileges. + This to limit the damage in case someone could get hold of a copy of your Squid configuration file or extracts the password used from a process listing. . @@ -119,7 +122,7 @@ A list of group name per Kerberos domain of the form Group|Group@|Group@Realm[:Group@|Group@Realm] .if !'po4a'hide' .TP 12 -.if !'po4a'hide' .B \-t Hex\-Group\-Realm\-List +.if !'po4a'hide' .B \-t Hex\-Group\-Realm\-List A list of group name per Kerberos domain of the form Group|Group@|Group@Realm[:Group@|Group@Realm] where group is in UTF\-8 hex format @@ -138,9 +141,9 @@ .if !'po4a'hide' .P .if !'po4a'hide' .ft CR .if !'po4a'hide' .nf -.if !'po4a'hide' external_acl_type kerberos_ldap_group1 ttl=3600 negative_ttl=3600 %LOGIN /path/to/ext_kerberos_ldap_group_acl \-g GROUP1 +.if !'po4a'hide' external_acl_type kerberos_ldap_group1 ttl=3600 negative_ttl=3600 %LOGIN /path/to/ext_kerberos_ldap_group_acl \-g GROUP1 .if !'po4a'hide' .br -.if !'po4a'hide' external_acl_type kerberos_ldap_group2 ttl=3600 negative_ttl=3600 %LOGIN /path/to/ext_kerberos_ldap_group_acl \-g GROUP2 +.if !'po4a'hide' external_acl_type kerberos_ldap_group2 ttl=3600 negative_ttl=3600 %LOGIN /path/to/ext_kerberos_ldap_group_acl \-g GROUP2 .if !'po4a'hide' .br .if !'po4a'hide' acl group1 external kerberos_ldap_group1 .if !'po4a'hide' .br @@ -198,7 +201,7 @@ 3) For NDOMAIN\\user a) Use realm given by \-N NDOMAIN@REALM and then use values given by \-g option which contain a @REALM e.g. \-g GROUP1@REALM:GROUP2@REALM -To support Non\-ASCII character use \-t GROUP or \-t GROUP@REALM instead of \-g where GROUP is the hex UTF\-8 representation e.g. +To support Non\-ASCII character use \-t GROUP or \-t GROUP@REALM instead of \-g where GROUP is the hex UTF\-8 representation e.g. \-t 6d61726b7573 instead of \-g markus @@ -210,8 +213,8 @@ The ldap server list can be: server \- In this case server can be used for all Kerberos domains -server@ \- In this case server can be used for all Kerberos domains -server@domain \- In this case server can be used for Kerberos domain domain +server@ \- In this case server can be used for all Kerberos domains +server@domain \- In this case server can be used for Kerberos domain domain server1a@domain1:server1b@domain1:server2@domain2:server3@:server4 \- A list is build with a colon as separator . diff -u -r -N squid-4.0.24/src/acl/external/kerberos_ldap_group/kerberos_ldap_group.cc squid-4.0.25/src/acl/external/kerberos_ldap_group/kerberos_ldap_group.cc --- squid-4.0.24/src/acl/external/kerberos_ldap_group/kerberos_ldap_group.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/acl/external/kerberos_ldap_group/kerberos_ldap_group.cc 2018-06-12 04:30:57.000000000 +1200 @@ -83,6 +83,7 @@ margs->groups = NULL; margs->ndoms = NULL; margs->lservs = NULL; + margs->principal = NULL; } void clean_gd(struct gdstruct *gdsp); @@ -178,6 +179,7 @@ clean_ls(margs->lservs); margs->lservs = NULL; } + safe_free(margs->principal); } void strup(char *s); @@ -202,7 +204,7 @@ init_args(&margs); - while (-1 != (opt = getopt(argc, argv, "diasng:D:N:S:u:U:t:T:p:l:b:m:h"))) { + while (-1 != (opt = getopt(argc, argv, "diasng:D:N:P:S:u:U:t:T:p:l:b:m:h"))) { switch (opt) { case 'd': debug_enabled = 1; @@ -228,6 +230,9 @@ case 'N': margs.nlist = xstrdup(optarg); break; + case 'P': + margs.principal = xstrdup(optarg); + break; case 'u': margs.luser = xstrdup(optarg); break; @@ -259,7 +264,7 @@ break; case 'h': fprintf(stderr, "Usage: \n"); - fprintf(stderr, "squid_kerb_ldap [-d] [-i] -g group list [-D domain] [-N netbios domain map] [-s] [-u ldap user] [-p ldap user password] [-l ldap url] [-b ldap bind path] [-a] [-m max depth] [-h]\n"); + fprintf(stderr, "squid_kerb_ldap [-d] [-i] -g group list [-D domain] [-N netbios domain map] [-P service principal name] [-s] [-u ldap user] [-p ldap user password] [-l ldap url] [-b ldap bind path] [-a] [-m max depth] [-h]\n"); fprintf(stderr, "-d full debug\n"); fprintf(stderr, "-i informational messages\n"); fprintf(stderr, "-n do not use Kerberos to authenticate to AD. Requires -u , -p and -l option\n"); @@ -268,6 +273,7 @@ fprintf(stderr, "-T group list (all in hex UTF-8 format - except separator @)\n"); fprintf(stderr, "-D default domain\n"); fprintf(stderr, "-N netbios to dns domain map\n"); + fprintf(stderr, "-P service principal name to be used from keytab\n"); fprintf(stderr, "-S ldap server to dns domain map\n"); fprintf(stderr, "-u ldap user\n"); fprintf(stderr, "-p ldap user password\n"); diff -u -r -N squid-4.0.24/src/acl/external/kerberos_ldap_group/Makefile.in squid-4.0.25/src/acl/external/kerberos_ldap_group/Makefile.in --- squid-4.0.24/src/acl/external/kerberos_ldap_group/Makefile.in 2018-03-08 02:24:41.000000000 +1300 +++ squid-4.0.25/src/acl/external/kerberos_ldap_group/Makefile.in 2018-06-12 04:48:00.000000000 +1200 @@ -513,7 +513,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/acl/external/kerberos_ldap_group/support.h squid-4.0.25/src/acl/external/kerberos_ldap_group/support.h --- squid-4.0.24/src/acl/external/kerberos_ldap_group/support.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/acl/external/kerberos_ldap_group/support.h 2018-06-12 04:30:57.000000000 +1200 @@ -110,6 +110,7 @@ struct gdstruct *groups; struct ndstruct *ndoms; struct lsstruct *lservs; + char *principal; }; SQUIDCEXTERN int log_enabled; @@ -181,7 +182,7 @@ char* mem_ccache[MAX_DOMAINS]; int ncache; }; -int krb5_create_cache(char *domain); +int krb5_create_cache(char *domain, char* princ); void krb5_cleanup(void); #endif diff -u -r -N squid-4.0.24/src/acl/external/kerberos_ldap_group/support_krb5.cc squid-4.0.25/src/acl/external/kerberos_ldap_group/support_krb5.cc --- squid-4.0.24/src/acl/external/kerberos_ldap_group/support_krb5.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/acl/external/kerberos_ldap_group/support_krb5.cc 2018-06-12 04:30:57.000000000 +1200 @@ -71,6 +71,21 @@ } static void +k5_debug(const char* msg, krb5_error_code code) +{ + const char *errmsg; + errmsg = krb5_get_error_message(kparam.context, code); + debug((char *) "%s| %s: DEBUG: %s : %s\n", LogTime(), PROGRAM, msg, errmsg); +#if HAVE_KRB5_FREE_ERROR_MESSAGE + krb5_free_error_message(kparam.context, errmsg); +#elif HAVE_KRB5_FREE_ERROR_STRING + krb5_free_error_string(kparam.context, (char *)errmsg); +#else + xfree(errmsg); +#endif +} + +static void k5_error(const char* msg, krb5_error_code code) { k5_error2(msg, (char *)"", code); @@ -80,7 +95,7 @@ * create Kerberos memory cache */ int -krb5_create_cache(char *domain) +krb5_create_cache(char *domain, char *service_principal_name) { krb5_keytab keytab = NULL; @@ -131,7 +146,7 @@ } code = krb5_cc_resolve(kparam.context, mem_cache, &kparam.cc[ccindex]); if (code) { - k5_error("Error while resolving memory ccache",code); + k5_error("Error while resolving memory ccache", code); retval = 1; goto cleanup; } @@ -145,22 +160,22 @@ if (principal) krb5_free_principal(kparam.context, principal); principal = NULL; - k5_error("No default principal found in ccache",code); + k5_debug("No default principal found in ccache", code); } else { /* * Look for krbtgt and check if it is expired (or soon to be expired) */ code = krb5_cc_start_seq_get(kparam.context, kparam.cc[ccindex], &ccursor); if (code) { - k5_error("Error while starting ccache scan",code); + k5_error("Error while starting ccache scan", code); code = krb5_cc_close (kparam.context, kparam.cc[ccindex]); if (code) { - k5_error("Error while closing ccache",code); + k5_error("Error while closing ccache", code); } if (kparam.cc[ccindex]) { code = krb5_cc_destroy(kparam.context, kparam.cc[ccindex]); if (code) { - k5_error("Error while destroying ccache",code); + k5_error("Error while destroying ccache", code); } } } else { @@ -169,10 +184,10 @@ while ((krb5_cc_next_cred(kparam.context, kparam.cc[ccindex], &ccursor, creds)) == 0) { code2 = krb5_unparse_name(kparam.context, creds->server, &principal_name); if (code2) { - k5_error("Error while unparsing principal",code2); + k5_error("Error while unparsing principal", code2); code = krb5_cc_destroy(kparam.context, kparam.cc[ccindex]); if (code) { - k5_error("Error while destroying ccache",code); + k5_error("Error while destroying ccache", code); } assert(creds != NULL); krb5_free_creds(kparam.context, creds); @@ -181,7 +196,7 @@ debug((char *) "%s| %s: DEBUG: Reset credential cache to %s\n", LogTime(), PROGRAM, mem_cache); code = krb5_cc_resolve(kparam.context, mem_cache, &kparam.cc[ccindex]); if (code) { - k5_error("Error while resolving memory ccache",code); + k5_error("Error while resolving memory ccache", code); retval = 1; goto cleanup; } @@ -205,7 +220,7 @@ principal = NULL; code = krb5_cc_destroy(kparam.context, kparam.cc[ccindex]); if (code) { - k5_error("Error while destroying ccache",code); + k5_error("Error while destroying ccache", code); } assert(creds != NULL); krb5_free_creds(kparam.context, creds); @@ -214,7 +229,7 @@ debug((char *) "%s| %s: DEBUG: Reset credential cache to %s\n", LogTime(), PROGRAM, mem_cache); code = krb5_cc_resolve(kparam.context, mem_cache, &kparam.cc[ccindex]); if (code) { - k5_error("Error while resolving ccache",code); + k5_error("Error while resolving ccache", code); retval = 1; goto cleanup; } @@ -234,7 +249,7 @@ creds = NULL; code2 = krb5_cc_end_seq_get(kparam.context, kparam.cc[ccindex], &ccursor); if (code2) { - k5_error("Error while ending ccache scan",code2); + k5_error("Error while ending ccache scan", code2); retval = 1; goto cleanup; } @@ -255,13 +270,13 @@ code = krb5_kt_resolve(kparam.context, keytab_name, &keytab); if (code) { - k5_error2("Error while resolving keytab ",keytab_name,code); + k5_error2("Error while resolving keytab ", keytab_name,code); retval = 1; goto cleanup; } code = krb5_kt_start_seq_get(kparam.context, keytab, &cursor); if (code) { - k5_error("Error while starting keytab scan",code); + k5_error("Error while starting keytab scan", code); retval = 1; goto cleanup; } @@ -286,10 +301,15 @@ { code = krb5_unparse_name(kparam.context, entry.principal, &principal_name); if (code) { - k5_error("Error while unparsing principal name",code); + k5_error("Error while unparsing principal name", code); } else { debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name); found = 1; + if (service_principal_name && strcasecmp(principal_name,service_principal_name) != 0 ) { + debug((char *) "%s| %s: DEBUG: principal name does not match parameter: %s\n", LogTime(), PROGRAM, service_principal_name); + safe_free(principal_name); + found = 0; + } } } #if USE_HEIMDAL_KRB5 || ( HAVE_KRB5_KT_FREE_ENTRY && HAVE_DECL_KRB5_KT_FREE_ENTRY ) @@ -298,7 +318,7 @@ code = krb5_free_keytab_entry_contents(kparam.context, &entry); #endif if (code) { - k5_error("Error while freeing keytab entry",code); + k5_error("Error while freeing keytab entry", code); retval = 1; break; } @@ -333,7 +353,7 @@ #endif if (code) { - k5_error("Error while initialising credentials from keytab" ,code); + k5_error("Error while initialising credentials from keytab", code); safe_free(principal_name); if (principal) krb5_free_principal(kparam.context, principal); @@ -345,7 +365,7 @@ } code = krb5_cc_initialize(kparam.context, kparam.cc[ccindex], principal); if (code) { - k5_error("Error while initialising memory caches" ,code); + k5_error("Error while initialising cache", code); safe_free(principal_name); if (principal) krb5_free_principal(kparam.context, principal); @@ -357,7 +377,7 @@ } code = krb5_cc_store_cred(kparam.context, kparam.cc[ccindex], creds); if (code) { - k5_error("Error while storing credentials" ,code); + k5_error("Error while storing credentials", code); if (principal) krb5_free_principal(kparam.context, principal); safe_free(principal_name); @@ -373,13 +393,13 @@ } if (code && code != KRB5_KT_END) { - k5_error("Error while scanning keytab" ,code); + k5_error("Error while scanning keytab", code); retval = 1; goto cleanup; } code = krb5_kt_end_seq_get(kparam.context, keytab, &cursor); if (code) { - k5_error("Error while ending keytab scan" ,code); + k5_error("Error while ending keytab scan", code); retval = 1; goto cleanup; } @@ -387,7 +407,7 @@ /* * if no principal name found in keytab for domain use the prinipal name which can get a TGT */ - if (!principal_name) { + if (!principal_name && !service_principal_name) { size_t i; debug((char *) "%s| %s: DEBUG: Did not find a principal in keytab for domain %s.\n", LogTime(), PROGRAM, domain); debug((char *) "%s| %s: DEBUG: Try to get principal of trusted domain.\n", LogTime(), PROGRAM); @@ -401,7 +421,7 @@ */ code = krb5_unparse_name(kparam.context, principal_list[i], &principal_name); if (code) { - k5_error("Error while unparsing principal name" ,code); + k5_error("Error while unparsing principal name", code); goto loop_end; } debug((char *) "%s| %s: DEBUG: Keytab entry has principal: %s\n", LogTime(), PROGRAM, principal_name); @@ -417,17 +437,17 @@ code = krb5_get_in_tkt_with_keytab(kparam.context, 0, NULL, NULL, NULL, keytab, NULL, creds, 0); #endif if (code) { - k5_error("Error while initialising credentials from keytab" ,code); + k5_error("Error while initialising credentials from keytab", code); goto loop_end; } code = krb5_cc_initialize(kparam.context, kparam.cc[ccindex], principal_list[i]); if (code) { - k5_error("Error while initialising memory caches" ,code); + k5_error("Error while initialising memory caches", code); goto loop_end; } code = krb5_cc_store_cred(kparam.context, kparam.cc[ccindex], creds); if (code) { - k5_error("Error while storing credentials" ,code); + k5_error("Error while storing credentials", code); goto loop_end; } if (creds->server) @@ -442,12 +462,12 @@ code = krb5_parse_name(kparam.context, service, &creds->server); xfree(service); if (code) { - k5_error("Error while initialising TGT credentials" ,code); + k5_error("Error while initialising TGT credentials", code); goto loop_end; } code = krb5_get_credentials(kparam.context, 0, kparam.cc[ccindex], creds, &tgt_creds); if (code) { - k5_error("Error while getting tgt" ,code); + k5_error("Error while getting tgt", code); goto loop_end; } else { debug((char *) "%s| %s: DEBUG: Found trusted principal name: %s\n", LogTime(), PROGRAM, principal_name); @@ -479,7 +499,7 @@ */ code = krb5_unparse_name(kparam.context, principal, &principal_name); if (code) { - k5_error("Error while unparsing principal name" ,code); + k5_error("Error while unparsing principal name", code); retval = 1; goto cleanup; } diff -u -r -N squid-4.0.24/src/acl/external/kerberos_ldap_group/support_ldap.cc squid-4.0.25/src/acl/external/kerberos_ldap_group/support_ldap.cc --- squid-4.0.24/src/acl/external/kerberos_ldap_group/support_ldap.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/acl/external/kerberos_ldap_group/support_ldap.cc 2018-06-12 04:30:57.000000000 +1200 @@ -1013,7 +1013,7 @@ "%s| %s: DEBUG: Kerberos is disabled. Use username/password with ldap url instead\n", LogTime(), PROGRAM); } else { - kc = krb5_create_cache(domain); + kc = krb5_create_cache(domain, margs->principal); if (kc) { error((char *) "%s| %s: ERROR: Error during setup of Kerberos credential cache\n", diff -u -r -N squid-4.0.24/src/acl/external/LDAP_group/Makefile.in squid-4.0.25/src/acl/external/LDAP_group/Makefile.in --- squid-4.0.24/src/acl/external/LDAP_group/Makefile.in 2018-03-08 02:24:41.000000000 +1300 +++ squid-4.0.25/src/acl/external/LDAP_group/Makefile.in 2018-06-12 04:47:59.000000000 +1200 @@ -485,7 +485,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/acl/external/LM_group/Makefile.in squid-4.0.25/src/acl/external/LM_group/Makefile.in --- squid-4.0.24/src/acl/external/LM_group/Makefile.in 2018-03-08 02:24:41.000000000 +1300 +++ squid-4.0.25/src/acl/external/LM_group/Makefile.in 2018-06-12 04:47:59.000000000 +1200 @@ -483,7 +483,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/acl/external/session/Makefile.in squid-4.0.25/src/acl/external/session/Makefile.in --- squid-4.0.24/src/acl/external/session/Makefile.in 2018-03-08 02:24:41.000000000 +1300 +++ squid-4.0.25/src/acl/external/session/Makefile.in 2018-06-12 04:48:00.000000000 +1200 @@ -480,7 +480,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/acl/external/SQL_session/ext_sql_session_acl.8 squid-4.0.25/src/acl/external/SQL_session/ext_sql_session_acl.8 --- squid-4.0.24/src/acl/external/SQL_session/ext_sql_session_acl.8 2018-03-08 02:33:24.000000000 +1300 +++ squid-4.0.25/src/acl/external/SQL_session/ext_sql_session_acl.8 2018-06-12 04:56:19.000000000 +1200 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EXT_SQL_SESSION_ACL 8" -.TH EXT_SQL_SESSION_ACL 8 "2018-03-07" "perl v5.26.1" "User Contributed Perl Documentation" +.TH EXT_SQL_SESSION_ACL 8 "2018-06-11" "perl v5.26.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-4.0.24/src/acl/external/SQL_session/Makefile.in squid-4.0.25/src/acl/external/SQL_session/Makefile.in --- squid-4.0.24/src/acl/external/SQL_session/Makefile.in 2018-03-08 02:24:41.000000000 +1300 +++ squid-4.0.25/src/acl/external/SQL_session/Makefile.in 2018-06-12 04:47:59.000000000 +1200 @@ -431,7 +431,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/acl/external/time_quota/Makefile.in squid-4.0.25/src/acl/external/time_quota/Makefile.in --- squid-4.0.24/src/acl/external/time_quota/Makefile.in 2018-03-08 02:24:41.000000000 +1300 +++ squid-4.0.25/src/acl/external/time_quota/Makefile.in 2018-06-12 04:48:00.000000000 +1200 @@ -480,7 +480,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ \ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" \ -DDEFAULT_QUOTA_DB=\"$(localstatedir)/ext_time_quota.db\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ diff -u -r -N squid-4.0.24/src/acl/external/unix_group/Makefile.in squid-4.0.25/src/acl/external/unix_group/Makefile.in --- squid-4.0.24/src/acl/external/unix_group/Makefile.in 2018-03-08 02:24:41.000000000 +1300 +++ squid-4.0.25/src/acl/external/unix_group/Makefile.in 2018-06-12 04:48:00.000000000 +1200 @@ -483,7 +483,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 squid-4.0.25/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 --- squid-4.0.24/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 2018-03-08 02:33:24.000000000 +1300 +++ squid-4.0.25/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 2018-06-12 04:56:19.000000000 +1200 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EXT_WBINFO_GROUP_ACL 8" -.TH EXT_WBINFO_GROUP_ACL 8 "2018-03-07" "perl v5.26.1" "User Contributed Perl Documentation" +.TH EXT_WBINFO_GROUP_ACL 8 "2018-06-11" "perl v5.26.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-4.0.24/src/acl/external/wbinfo_group/Makefile.in squid-4.0.25/src/acl/external/wbinfo_group/Makefile.in --- squid-4.0.24/src/acl/external/wbinfo_group/Makefile.in 2018-03-08 02:24:41.000000000 +1300 +++ squid-4.0.25/src/acl/external/wbinfo_group/Makefile.in 2018-06-12 04:48:00.000000000 +1200 @@ -431,7 +431,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/acl/FilledChecklist.cc squid-4.0.25/src/acl/FilledChecklist.cc --- squid-4.0.24/src/acl/FilledChecklist.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/acl/FilledChecklist.cc 2018-06-12 04:30:57.000000000 +1200 @@ -79,7 +79,7 @@ } void -ACLFilledChecklist::syncAle() const +ACLFilledChecklist::verifyAle() const { // make sure the ALE fields used by Format::assemble to // fill the old external_acl_type codes are set if any @@ -93,6 +93,8 @@ if (request) { if (!al->request) { showDebugWarning("HttpRequest object"); + // XXX: al->request should be original, + // but the request may be already adapted al->request = request; HTTPMSGLOCK(al->request); } @@ -105,6 +107,8 @@ if (al->url.isEmpty()) { showDebugWarning("URL"); + // XXX: al->url should be the request URL from client, + // but request->url may be different (e.g.,redirected) al->url = request->url.absolute(); } } @@ -123,6 +127,19 @@ #endif } +void +ACLFilledChecklist::syncAle(HttpRequest *adaptedRequest, const char *logUri) const +{ + if (!al) + return; + if (!al->adapted_request) { + al->adapted_request = adaptedRequest; + HTTPMSGLOCK(al->adapted_request); + } + if (al->url.isEmpty()) + al->url = logUri; +} + ConnStateData * ACLFilledChecklist::conn() const { diff -u -r -N squid-4.0.24/src/acl/FilledChecklist.h squid-4.0.25/src/acl/FilledChecklist.h --- squid-4.0.24/src/acl/FilledChecklist.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/acl/FilledChecklist.h 2018-06-12 04:30:57.000000000 +1200 @@ -61,7 +61,8 @@ virtual bool hasRequest() const { return request != NULL; } virtual bool hasReply() const { return reply != NULL; } virtual bool hasAle() const { return al != NULL; } - virtual void syncAle() const; + virtual void syncAle(HttpRequest *adaptedRequest, const char *logUri) const; + virtual void verifyAle() const; public: Ip::Address src_addr; diff -u -r -N squid-4.0.24/src/acl/Makefile.in squid-4.0.25/src/acl/Makefile.in --- squid-4.0.24/src/acl/Makefile.in 2018-03-08 02:24:41.000000000 +1300 +++ squid-4.0.25/src/acl/Makefile.in 2018-06-12 04:47:59.000000000 +1200 @@ -596,7 +596,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/acl/UserData.cc squid-4.0.25/src/acl/UserData.cc --- squid-4.0.24/src/acl/UserData.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/acl/UserData.cc 2018-06-12 04:30:57.000000000 +1200 @@ -17,6 +17,13 @@ #include "sbuf/Algorithms.h" #include "util.h" +const Acl::ParameterFlags & +ACLUserData::supportedFlags() const +{ + static const Acl::ParameterFlags flagNames = { "-i", "+i" }; + return flagNames; +} + bool ACLUserData::match(char const *user) { diff -u -r -N squid-4.0.24/src/acl/UserData.h squid-4.0.25/src/acl/UserData.h --- squid-4.0.24/src/acl/UserData.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/acl/UserData.h 2018-06-12 04:30:57.000000000 +1200 @@ -25,6 +25,7 @@ bool match(char const *user); virtual SBufList dump() const; void parse(); + virtual const Acl::ParameterFlags &supportedFlags() const; bool empty() const; virtual ACLData *clone() const; diff -u -r -N squid-4.0.24/src/adaptation/AccessCheck.cc squid-4.0.25/src/adaptation/AccessCheck.cc --- squid-4.0.24/src/adaptation/AccessCheck.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/adaptation/AccessCheck.cc 2018-06-12 04:30:57.000000000 +1200 @@ -135,6 +135,7 @@ if ((acl_checklist->reply = filter.reply)) HTTPMSGLOCK(acl_checklist->reply); acl_checklist->al = filter.al; + acl_checklist->syncAle(filter.request, nullptr); acl_checklist->nonBlockingCheck(AccessCheckCallbackWrapper, this); return; } diff -u -r -N squid-4.0.24/src/adaptation/ecap/Makefile.in squid-4.0.25/src/adaptation/ecap/Makefile.in --- squid-4.0.24/src/adaptation/ecap/Makefile.in 2018-03-08 02:24:41.000000000 +1300 +++ squid-4.0.25/src/adaptation/ecap/Makefile.in 2018-06-12 04:48:00.000000000 +1200 @@ -499,7 +499,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/adaptation/icap/Makefile.in squid-4.0.25/src/adaptation/icap/Makefile.in --- squid-4.0.24/src/adaptation/icap/Makefile.in 2018-03-08 02:24:41.000000000 +1300 +++ squid-4.0.25/src/adaptation/icap/Makefile.in 2018-06-12 04:48:00.000000000 +1200 @@ -494,7 +494,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/adaptation/icap/ModXact.cc squid-4.0.25/src/adaptation/icap/ModXact.cc --- squid-4.0.24/src/adaptation/icap/ModXact.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/adaptation/icap/ModXact.cc 2018-06-12 04:30:57.000000000 +1200 @@ -397,7 +397,7 @@ { return !act.active() || // did all (assuming it was originally planned) - !virgin.body_pipe->expectMoreAfter(act.offset()); // wont have more + !virgin.body_pipe->expectMoreAfter(act.offset()); // will not have more } // the size of buffered virgin body data available for the specified activity diff -u -r -N squid-4.0.24/src/adaptation/icap/ModXact.h squid-4.0.25/src/adaptation/icap/ModXact.h --- squid-4.0.24/src/adaptation/icap/ModXact.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/adaptation/icap/ModXact.h 2018-06-12 04:30:57.000000000 +1200 @@ -63,7 +63,7 @@ VirginBodyAct(); void plan(); // the activity may happen; do not consume at or above offset - void disable(); // the activity wont continue; no consumption restrictions + void disable(); // the activity will not continue; no consumption restrictions bool active() const { return theState == stActive; } bool disabled() const { return theState == stDisabled; } diff -u -r -N squid-4.0.24/src/adaptation/icap/Xaction.cc squid-4.0.25/src/adaptation/icap/Xaction.cc --- squid-4.0.24/src/adaptation/icap/Xaction.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/adaptation/icap/Xaction.cc 2018-06-12 04:30:57.000000000 +1200 @@ -588,8 +588,7 @@ void Adaptation::Icap::Xaction::setOutcome(const Adaptation::Icap::XactOutcome &xo) { if (al.icap.outcome != xoUnknown) { - debugs(93, 3, HERE << "Warning: reseting outcome: from " << - al.icap.outcome << " to " << xo); + debugs(93, 3, "WARNING: resetting outcome: from " << al.icap.outcome << " to " << xo); } else { debugs(93, 4, HERE << xo); } diff -u -r -N squid-4.0.24/src/adaptation/Makefile.in squid-4.0.25/src/adaptation/Makefile.in --- squid-4.0.24/src/adaptation/Makefile.in 2018-03-08 02:24:41.000000000 +1300 +++ squid-4.0.25/src/adaptation/Makefile.in 2018-06-12 04:48:00.000000000 +1200 @@ -539,7 +539,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/anyp/Makefile.in squid-4.0.25/src/anyp/Makefile.in --- squid-4.0.24/src/anyp/Makefile.in 2018-03-08 02:24:41.000000000 +1300 +++ squid-4.0.25/src/anyp/Makefile.in 2018-06-12 04:48:00.000000000 +1200 @@ -492,7 +492,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/AsyncEngine.h squid-4.0.25/src/AsyncEngine.h --- squid-4.0.24/src/AsyncEngine.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/AsyncEngine.h 2018-06-12 04:30:57.000000000 +1200 @@ -28,7 +28,7 @@ * registered with it that can create events */ EVENT_IDLE = -1, - /* some error has occured in this engine */ + /* some error has occurred in this engine */ EVENT_ERROR = -2 }; diff -u -r -N squid-4.0.24/src/auth/basic/DB/basic_db_auth.8 squid-4.0.25/src/auth/basic/DB/basic_db_auth.8 --- squid-4.0.24/src/auth/basic/DB/basic_db_auth.8 2018-03-08 02:33:25.000000000 +1300 +++ squid-4.0.25/src/auth/basic/DB/basic_db_auth.8 2018-06-12 04:56:19.000000000 +1200 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_DB_AUTH 8" -.TH BASIC_DB_AUTH 8 "2018-03-07" "perl v5.26.1" "User Contributed Perl Documentation" +.TH BASIC_DB_AUTH 8 "2018-06-11" "perl v5.26.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-4.0.24/src/auth/basic/DB/Makefile.in squid-4.0.25/src/auth/basic/DB/Makefile.in --- squid-4.0.24/src/auth/basic/DB/Makefile.in 2018-03-08 02:24:41.000000000 +1300 +++ squid-4.0.25/src/auth/basic/DB/Makefile.in 2018-06-12 04:48:00.000000000 +1200 @@ -431,7 +431,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/auth/basic/fake/Makefile.in squid-4.0.25/src/auth/basic/fake/Makefile.in --- squid-4.0.24/src/auth/basic/fake/Makefile.in 2018-03-08 02:24:42.000000000 +1300 +++ squid-4.0.25/src/auth/basic/fake/Makefile.in 2018-06-12 04:48:01.000000000 +1200 @@ -477,7 +477,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/auth/basic/getpwnam/Makefile.in squid-4.0.25/src/auth/basic/getpwnam/Makefile.in --- squid-4.0.24/src/auth/basic/getpwnam/Makefile.in 2018-03-08 02:24:42.000000000 +1300 +++ squid-4.0.25/src/auth/basic/getpwnam/Makefile.in 2018-06-12 04:48:01.000000000 +1200 @@ -483,7 +483,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/auth/basic/LDAP/Makefile.in squid-4.0.25/src/auth/basic/LDAP/Makefile.in --- squid-4.0.24/src/auth/basic/LDAP/Makefile.in 2018-03-08 02:24:41.000000000 +1300 +++ squid-4.0.25/src/auth/basic/LDAP/Makefile.in 2018-06-12 04:48:00.000000000 +1200 @@ -483,7 +483,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/auth/basic/Makefile.in squid-4.0.25/src/auth/basic/Makefile.in --- squid-4.0.24/src/auth/basic/Makefile.in 2018-03-08 02:24:41.000000000 +1300 +++ squid-4.0.25/src/auth/basic/Makefile.in 2018-06-12 04:48:00.000000000 +1200 @@ -532,7 +532,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/auth/basic/NCSA/Makefile.in squid-4.0.25/src/auth/basic/NCSA/Makefile.in --- squid-4.0.24/src/auth/basic/NCSA/Makefile.in 2018-03-08 02:24:42.000000000 +1300 +++ squid-4.0.25/src/auth/basic/NCSA/Makefile.in 2018-06-12 04:48:00.000000000 +1200 @@ -504,7 +504,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/auth/basic/NIS/Makefile.in squid-4.0.25/src/auth/basic/NIS/Makefile.in --- squid-4.0.24/src/auth/basic/NIS/Makefile.in 2018-03-08 02:24:42.000000000 +1300 +++ squid-4.0.25/src/auth/basic/NIS/Makefile.in 2018-06-12 04:48:00.000000000 +1200 @@ -499,7 +499,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/auth/basic/PAM/Makefile.in squid-4.0.25/src/auth/basic/PAM/Makefile.in --- squid-4.0.24/src/auth/basic/PAM/Makefile.in 2018-03-08 02:24:42.000000000 +1300 +++ squid-4.0.25/src/auth/basic/PAM/Makefile.in 2018-06-12 04:48:00.000000000 +1200 @@ -482,7 +482,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/auth/basic/POP3/basic_pop3_auth.8 squid-4.0.25/src/auth/basic/POP3/basic_pop3_auth.8 --- squid-4.0.24/src/auth/basic/POP3/basic_pop3_auth.8 2018-03-08 02:33:25.000000000 +1300 +++ squid-4.0.25/src/auth/basic/POP3/basic_pop3_auth.8 2018-06-12 04:56:20.000000000 +1200 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_POP3_AUTH 8" -.TH BASIC_POP3_AUTH 8 "2018-03-07" "perl v5.26.1" "User Contributed Perl Documentation" +.TH BASIC_POP3_AUTH 8 "2018-06-11" "perl v5.26.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-4.0.24/src/auth/basic/POP3/Makefile.in squid-4.0.25/src/auth/basic/POP3/Makefile.in --- squid-4.0.24/src/auth/basic/POP3/Makefile.in 2018-03-08 02:24:42.000000000 +1300 +++ squid-4.0.25/src/auth/basic/POP3/Makefile.in 2018-06-12 04:48:00.000000000 +1200 @@ -431,7 +431,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/auth/basic/RADIUS/Makefile.in squid-4.0.25/src/auth/basic/RADIUS/Makefile.in --- squid-4.0.24/src/auth/basic/RADIUS/Makefile.in 2018-03-08 02:24:42.000000000 +1300 +++ squid-4.0.25/src/auth/basic/RADIUS/Makefile.in 2018-06-12 04:48:00.000000000 +1200 @@ -504,7 +504,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/auth/basic/SASL/Makefile.in squid-4.0.25/src/auth/basic/SASL/Makefile.in --- squid-4.0.24/src/auth/basic/SASL/Makefile.in 2018-03-08 02:24:42.000000000 +1300 +++ squid-4.0.25/src/auth/basic/SASL/Makefile.in 2018-06-12 04:48:00.000000000 +1200 @@ -483,7 +483,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/auth/basic/SMB/Makefile.in squid-4.0.25/src/auth/basic/SMB/Makefile.in --- squid-4.0.24/src/auth/basic/SMB/Makefile.in 2018-03-08 02:24:42.000000000 +1300 +++ squid-4.0.25/src/auth/basic/SMB/Makefile.in 2018-06-12 04:48:00.000000000 +1200 @@ -487,7 +487,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/auth/basic/SMB_LM/Makefile.in squid-4.0.25/src/auth/basic/SMB_LM/Makefile.in --- squid-4.0.24/src/auth/basic/SMB_LM/Makefile.in 2018-03-08 02:24:42.000000000 +1300 +++ squid-4.0.25/src/auth/basic/SMB_LM/Makefile.in 2018-06-12 04:48:01.000000000 +1200 @@ -500,7 +500,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/auth/basic/SSPI/Makefile.in squid-4.0.25/src/auth/basic/SSPI/Makefile.in --- squid-4.0.24/src/auth/basic/SSPI/Makefile.in 2018-03-08 02:24:42.000000000 +1300 +++ squid-4.0.25/src/auth/basic/SSPI/Makefile.in 2018-06-12 04:48:01.000000000 +1200 @@ -508,7 +508,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/auth/basic/UserRequest.cc squid-4.0.25/src/auth/basic/UserRequest.cc --- squid-4.0.24/src/auth/basic/UserRequest.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/auth/basic/UserRequest.cc 2018-06-12 04:30:57.000000000 +1200 @@ -172,7 +172,7 @@ r->auth_user_request->user()->notes.appendNewOnly(&reply.notes); /* this is okay since we only play with the Auth::Basic::User child fields below - * and dont pass the pointer itself anywhere */ + * and do not pass the pointer itself anywhere */ Auth::Basic::User *basic_auth = dynamic_cast(r->auth_user_request->user().getRaw()); assert(basic_auth != NULL); diff -u -r -N squid-4.0.24/src/auth/CredentialsCache.h squid-4.0.25/src/auth/CredentialsCache.h --- squid-4.0.24/src/auth/CredentialsCache.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/auth/CredentialsCache.h 2018-06-12 04:30:57.000000000 +1200 @@ -51,7 +51,7 @@ void cleanup(); /** - * Cleanup cache data after a reconfiguration has occured. + * Cleanup cache data after a reconfiguration has occurred. * Similar to cleanup() but also flushes stale config dependent * state from retained entries. */ diff -u -r -N squid-4.0.24/src/auth/digest/eDirectory/Makefile.in squid-4.0.25/src/auth/digest/eDirectory/Makefile.in --- squid-4.0.24/src/auth/digest/eDirectory/Makefile.in 2018-03-08 02:24:42.000000000 +1300 +++ squid-4.0.25/src/auth/digest/eDirectory/Makefile.in 2018-06-12 04:48:01.000000000 +1200 @@ -501,7 +501,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/auth/digest/file/Makefile.in squid-4.0.25/src/auth/digest/file/Makefile.in --- squid-4.0.24/src/auth/digest/file/Makefile.in 2018-03-08 02:24:42.000000000 +1300 +++ squid-4.0.25/src/auth/digest/file/Makefile.in 2018-06-12 04:48:01.000000000 +1200 @@ -504,7 +504,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/auth/digest/LDAP/Makefile.in squid-4.0.25/src/auth/digest/LDAP/Makefile.in --- squid-4.0.24/src/auth/digest/LDAP/Makefile.in 2018-03-08 02:24:42.000000000 +1300 +++ squid-4.0.25/src/auth/digest/LDAP/Makefile.in 2018-06-12 04:48:01.000000000 +1200 @@ -501,7 +501,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/auth/digest/Makefile.in squid-4.0.25/src/auth/digest/Makefile.in --- squid-4.0.24/src/auth/digest/Makefile.in 2018-03-08 02:24:42.000000000 +1300 +++ squid-4.0.25/src/auth/digest/Makefile.in 2018-06-12 04:48:01.000000000 +1200 @@ -532,7 +532,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/auth/Makefile.in squid-4.0.25/src/auth/Makefile.in --- squid-4.0.24/src/auth/Makefile.in 2018-03-08 02:24:41.000000000 +1300 +++ squid-4.0.25/src/auth/Makefile.in 2018-06-12 04:48:00.000000000 +1200 @@ -537,7 +537,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/auth/negotiate/kerberos/Makefile.in squid-4.0.25/src/auth/negotiate/kerberos/Makefile.in --- squid-4.0.24/src/auth/negotiate/kerberos/Makefile.in 2018-03-08 02:24:42.000000000 +1300 +++ squid-4.0.25/src/auth/negotiate/kerberos/Makefile.in 2018-06-12 04:48:01.000000000 +1200 @@ -525,7 +525,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc squid-4.0.25/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc --- squid-4.0.24/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc 2018-06-12 04:30:57.000000000 +1200 @@ -737,7 +737,7 @@ goto cleanup; if (major_status & GSS_S_CONTINUE_NEEDED) { debug((char *) "%s| %s: INFO: continuation needed\n", LogTime(), PROGRAM); - fprintf(stdout, "TT %s\n", token); + fprintf(stdout, "TT token=%s\n", token); goto cleanup; } gss_release_buffer(&minor_status, &output_token); @@ -794,11 +794,11 @@ #endif rfc_user = rfc1738_escape(user); #if HAVE_PAC_SUPPORT - fprintf(stdout, "AF %s %s %s\n", token, rfc_user, ag?ag:"group="); + fprintf(stdout, "OK token=%s user=%s %s\n", token, rfc_user, ag?ag:"group="); #else - fprintf(stdout, "AF %s %s\n", token, rfc_user); + fprintf(stdout, "OK token=%s user=%s\n", token, rfc_user); #endif - debug((char *) "%s| %s: DEBUG: AF %s %s\n", LogTime(), PROGRAM, token, rfc_user); + debug((char *) "%s| %s: DEBUG: OK token=%s user=%s\n", LogTime(), PROGRAM, token, rfc_user); if (log) fprintf(stderr, "%s| %s: INFO: User %s authenticated\n", LogTime(), PROGRAM, rfc_user); @@ -808,7 +808,7 @@ goto cleanup; if (major_status & GSS_S_CONTINUE_NEEDED) { debug((char *) "%s| %s: INFO: continuation needed\n", LogTime(), PROGRAM); - fprintf(stdout, "NA %s\n", token); + fprintf(stdout, "ERR token=%s\n", token); goto cleanup; } gss_release_buffer(&minor_status, &output_token); @@ -834,11 +834,11 @@ } rfc_user = rfc1738_escape(user); #if HAVE_PAC_SUPPORT - fprintf(stdout, "AF %s %s %s\n", "AA==", rfc_user, ag?ag:"group="); + fprintf(stdout, "OK token=%s user=%s %s\n", "AA==", rfc_user, ag?ag:"group="); #else - fprintf(stdout, "AF %s %s\n", "AA==", rfc_user); + fprintf(stdout, "OK token=%s user=%s\n", "AA==", rfc_user); #endif - debug((char *) "%s| %s: DEBUG: AF %s %s\n", LogTime(), PROGRAM, "AA==", rfc_user); + debug((char *) "%s| %s: DEBUG: OK token=%s user=%s\n", LogTime(), PROGRAM, "AA==", rfc_user); if (log) fprintf(stderr, "%s| %s: INFO: User %s authenticated\n", LogTime(), PROGRAM, rfc_user); diff -u -r -N squid-4.0.24/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc squid-4.0.25/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc --- squid-4.0.24/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc 2018-06-12 04:30:57.000000000 +1200 @@ -402,7 +402,7 @@ p = (unsigned char *)ad_data->data; - debug((char *) "%s| %s: INFO: Got PAC data of lengh %d\n", + debug((char *) "%s| %s: INFO: Got PAC data of length %d\n", LogTime(), PROGRAM, (int)ad_data->length); /* Skip 16 bytes icommon RPC header diff -u -r -N squid-4.0.24/src/auth/negotiate/Makefile.in squid-4.0.25/src/auth/negotiate/Makefile.in --- squid-4.0.24/src/auth/negotiate/Makefile.in 2018-03-08 02:24:42.000000000 +1300 +++ squid-4.0.25/src/auth/negotiate/Makefile.in 2018-06-12 04:48:01.000000000 +1200 @@ -533,7 +533,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/auth/negotiate/SSPI/Makefile.in squid-4.0.25/src/auth/negotiate/SSPI/Makefile.in --- squid-4.0.24/src/auth/negotiate/SSPI/Makefile.in 2018-03-08 02:24:42.000000000 +1300 +++ squid-4.0.25/src/auth/negotiate/SSPI/Makefile.in 2018-06-12 04:48:01.000000000 +1200 @@ -483,7 +483,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/auth/negotiate/wrapper/Makefile.in squid-4.0.25/src/auth/negotiate/wrapper/Makefile.in --- squid-4.0.24/src/auth/negotiate/wrapper/Makefile.in 2018-03-08 02:24:42.000000000 +1300 +++ squid-4.0.25/src/auth/negotiate/wrapper/Makefile.in 2018-06-12 04:48:01.000000000 +1200 @@ -480,7 +480,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/auth/ntlm/fake/Makefile.in squid-4.0.25/src/auth/ntlm/fake/Makefile.in --- squid-4.0.24/src/auth/ntlm/fake/Makefile.in 2018-03-08 02:24:42.000000000 +1300 +++ squid-4.0.25/src/auth/ntlm/fake/Makefile.in 2018-06-12 04:48:01.000000000 +1200 @@ -482,7 +482,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/auth/ntlm/Makefile.in squid-4.0.25/src/auth/ntlm/Makefile.in --- squid-4.0.24/src/auth/ntlm/Makefile.in 2018-03-08 02:24:42.000000000 +1300 +++ squid-4.0.25/src/auth/ntlm/Makefile.in 2018-06-12 04:48:01.000000000 +1200 @@ -532,7 +532,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/auth/ntlm/SMB_LM/Makefile.in squid-4.0.25/src/auth/ntlm/SMB_LM/Makefile.in --- squid-4.0.24/src/auth/ntlm/SMB_LM/Makefile.in 2018-03-08 02:24:42.000000000 +1300 +++ squid-4.0.25/src/auth/ntlm/SMB_LM/Makefile.in 2018-06-12 04:48:01.000000000 +1200 @@ -484,7 +484,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/auth/ntlm/SSPI/Makefile.in squid-4.0.25/src/auth/ntlm/SSPI/Makefile.in --- squid-4.0.24/src/auth/ntlm/SSPI/Makefile.in 2018-03-08 02:24:42.000000000 +1300 +++ squid-4.0.25/src/auth/ntlm/SSPI/Makefile.in 2018-06-12 04:48:01.000000000 +1200 @@ -485,7 +485,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/base/Makefile.in squid-4.0.25/src/base/Makefile.in --- squid-4.0.24/src/base/Makefile.in 2018-03-08 02:24:42.000000000 +1300 +++ squid-4.0.25/src/base/Makefile.in 2018-06-12 04:48:01.000000000 +1200 @@ -494,7 +494,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/cache_cf.cc squid-4.0.25/src/cache_cf.cc --- squid-4.0.24/src/cache_cf.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/cache_cf.cc 2018-06-12 04:30:57.000000000 +1200 @@ -338,7 +338,7 @@ ProcessMacros(char*& line, int& len) { SubstituteMacro(line, len, "${service_name}", service_name.c_str()); - SubstituteMacro(line, len, "${process_name}", TheKidName); + SubstituteMacro(line, len, "${process_name}", TheKidName.c_str()); SubstituteMacro(line, len, "${process_number}", xitoa(KidIdentifier)); } @@ -734,7 +734,16 @@ requirePathnameExists("unlinkd_program", Config.Program.unlinkd); #endif - requirePathnameExists("logfile_daemon", Log::TheConfig.logfile_daemon); + bool logDaemonUsed = false; + for (const auto *log = Config.Log.accesslogs; !logDaemonUsed && log; log = log->next) + logDaemonUsed = log->usesDaemon(); +#if ICAP_CLIENT + for (const auto *log = Config.Log.icaplogs; !logDaemonUsed && log; log = log->next) + logDaemonUsed = log->usesDaemon(); +#endif + if (logDaemonUsed) + requirePathnameExists("logfile_daemon", Log::TheConfig.logfile_daemon); + if (Config.Program.redirect) requirePathnameExists("redirect_program", Config.Program.redirect->key); @@ -1391,7 +1400,7 @@ addr->setNoAddr(); else if ( (*addr = token) ) // try parse numeric/IPA (void) 0; - else if (addr->GetHostByName(token)) // dont use ipcache + else if (addr->GetHostByName(token)) // do not use ipcache (void) 0; else { // not an IP and not a hostname debugs(3, DBG_CRITICAL, "FATAL: invalid IP address or domain name '" << token << "'"); @@ -3438,7 +3447,7 @@ s->s.setIPv4(); debugs(3, 3, portType << "_port: Listen on Host/IP: " << host << " --> " << s->s); } else if ( s->s.GetHostByName(host) ) { /* check/parse for FQDN */ - /* dont use ipcache */ + /* do not use ipcache */ s->defaultsite = xstrdup(host); s->s.port(port); if (!Ip::EnableIpv6) @@ -4294,7 +4303,7 @@ static void parse_icap_class_type() { - debugs(93, DBG_CRITICAL, "WARNING: 'icap_class' is depricated. " << + debugs(93, DBG_CRITICAL, "WARNING: 'icap_class' is deprecated. " << "Use 'adaptation_service_set' instead"); Adaptation::Config::ParseServiceSet(); } @@ -4302,7 +4311,7 @@ static void parse_icap_access_type() { - debugs(93, DBG_CRITICAL, "WARNING: 'icap_access' is depricated. " << + debugs(93, DBG_CRITICAL, "WARNING: 'icap_access' is deprecated. " << "Use 'adaptation_access' instead"); Adaptation::Config::ParseAccess(LegacyParser); } @@ -4819,14 +4828,14 @@ else if (strcasecmp(value, "use_configured_response") == 0) { config->action = toutActUseConfiguredResponse; } else { - debugs(3, DBG_CRITICAL, "FATAL: unsuported \"on_timeout\" action:" << value); + debugs(3, DBG_CRITICAL, "FATAL: unsupported \"on_timeout\" action: " << value); self_destruct(); return; } } else if (strcasecmp(key, "response") == 0) { config->response = xstrdup(value); } else { - debugs(3, DBG_CRITICAL, "FATAL: unsuported option " << key); + debugs(3, DBG_CRITICAL, "FATAL: unsupported option " << key); self_destruct(); return; } @@ -4838,7 +4847,7 @@ } if (config->action != toutActUseConfiguredResponse && config->response) { - debugs(3, DBG_CRITICAL, "FATAL: 'response=' option is valid only when used with the 'on_timeout=use_configured_response' option"); + debugs(3, DBG_CRITICAL, "FATAL: 'response=' option is valid only when used with the 'on_timeout=use_configured_response' option"); self_destruct(); } } diff -u -r -N squid-4.0.24/src/CacheDigest.cc squid-4.0.25/src/CacheDigest.cc --- squid-4.0.24/src/CacheDigest.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/CacheDigest.cc 2018-06-12 04:30:57.000000000 +1200 @@ -284,7 +284,7 @@ CacheDigest::CalcMaskSize(uint64_t cap, uint8_t bpe) { uint64_t bitCount = (cap * bpe) + 7; - assert(bitCount < INT_MAX); // dont 31-bit overflow later + assert(bitCount < INT_MAX); // do not 31-bit overflow later return static_cast(bitCount / 8); } diff -u -r -N squid-4.0.24/src/cf.data.pre squid-4.0.25/src/cf.data.pre --- squid-4.0.24/src/cf.data.pre 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/cf.data.pre 2018-06-12 04:30:57.000000000 +1200 @@ -1046,19 +1046,27 @@ acl aclname dst [-n] ip-address/mask ... # URL host's IP address [slow] acl aclname localip ip-address/mask ... # IP address the client connected to [fast] - acl aclname arp mac-address ... (xx:xx:xx:xx:xx:xx notation) +if USE_SQUID_EUI + acl aclname arp mac-address ... + acl aclname eui64 eui64-address ... # [fast] + # MAC (EUI-48) and EUI-64 addresses use xx:xx:xx:xx:xx:xx notation. + # # The 'arp' ACL code is not portable to all operating systems. # It works on Linux, Solaris, Windows, FreeBSD, and some other # BSD variants. # - # NOTE: Squid can only determine the MAC/EUI address for IPv4 + # The eui_lookup directive is required to be 'on' (the default) + # and Squid built with --enable-eui for MAC/EUI addresses to be + # available for this ACL. + # + # Squid can only determine the MAC/EUI address for IPv4 # clients that are on the same subnet. If the client is on a # different subnet, then Squid cannot find out its address. # - # NOTE 2: IPv6 protocol does not contain ARP. MAC/EUI is either + # IPv6 protocol does not contain ARP. MAC/EUI is either # encoded directly in the IPv6 address or not available. - +endif acl aclname clientside_mark mark[/mask] ... # matches CONNMARK of an accepted connection [fast] # @@ -1101,6 +1109,7 @@ # cache_peer_access mycache_mydomain.net deny all acl aclname peername myPeer ... + acl aclname peername_regex [-i] regex-pattern ... # [fast] # match against a named cache_peer entry # set unique name= on cache_peer lines for reliable use. @@ -1145,7 +1154,7 @@ # pattern match on Referer header [fast] # Referer is highly unreliable, so use with care - acl aclname ident username ... + acl aclname ident [-i] username ... acl aclname ident_regex [-i] pattern ... # string match on ident output [slow] # use REQUIRED to accept any non-null ident. @@ -1240,7 +1249,7 @@ # match against attributes a users issuing CA SSL certificate # attribute is one of DN/C/O/CN/L/ST or a numerical OID [fast] - acl aclname ext_user username ... + acl aclname ext_user [-i] username ... acl aclname ext_user_regex [-i] pattern ... # string match on username returned by external acl helper [slow] # use REQUIRED to accept any non-null user name. @@ -3118,7 +3127,12 @@ DOC_START Specify the location and options of the executable for certificate generator. - @DEFAULT_SSL_CRTD@ program requires -s and -M parameters + + @DEFAULT_SSL_CRTD@ program can use a disk cache to improve response + times on repeated requests. To enable caching, specify -s and -M + parameters. If those parameters are not given, the program generates + a new certificate on every request. + For more information use: @DEFAULT_SSL_CRTD@ -h DOC_END @@ -5486,7 +5500,7 @@ The default is to use HTTP request URL as the store ID. BH - An internal error occured in the helper, preventing + An internal error occurred in the helper, preventing a result being identified. In addition to the above kv-pairs Squid also understands the following diff -u -r -N squid-4.0.24/src/clients/FtpGateway.cc squid-4.0.25/src/clients/FtpGateway.cc --- squid-4.0.24/src/clients/FtpGateway.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/clients/FtpGateway.cc 2018-06-12 04:30:57.000000000 +1200 @@ -1170,7 +1170,7 @@ { if (!checkAuth(&request->header)) { /* create appropriate reply */ - SBuf realm(ftpRealm()); // local copy so SBuf wont disappear too early + SBuf realm(ftpRealm()); // local copy so SBuf will not disappear too early HttpReply *reply = ftpAuthRequired(request, realm); entry->replaceHttpReply(reply); serverComplete(); @@ -1273,7 +1273,7 @@ #if HAVE_AUTH_MODULE_BASIC /* add Authenticate header */ // XXX: performance regression. c_str() may reallocate - SBuf realm(ftpRealm()); // local copy so SBuf wont disappear too early + SBuf realm(ftpRealm()); // local copy so SBuf will not disappear too early newrep->header.putAuth("Basic", realm.c_str()); #endif @@ -2094,7 +2094,7 @@ debugs(9, 3, HERE << "starting data transfer"); switchTimeoutToDataChannel(); sendMoreRequestBody(); - fwd->dontRetry(true); // dont permit re-trying if the body was sent. + fwd->dontRetry(true); // do not permit re-trying if the body was sent. state = WRITING_DATA; debugs(9, 3, HERE << "writing data channel"); } else if (code == 150) { diff -u -r -N squid-4.0.24/src/clients/Makefile.in squid-4.0.25/src/clients/Makefile.in --- squid-4.0.24/src/clients/Makefile.in 2018-03-08 02:24:43.000000000 +1300 +++ squid-4.0.25/src/clients/Makefile.in 2018-06-12 04:48:01.000000000 +1200 @@ -493,7 +493,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/client_side.cc squid-4.0.25/src/client_side.cc --- squid-4.0.24/src/client_side.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/client_side.cc 2018-06-12 04:30:57.000000000 +1200 @@ -446,11 +446,14 @@ al->adapted_request = request; HTTPMSGLOCK(al->adapted_request); } + // no need checklist.syncAle(): already synced + checklist.al = al; accessLogLog(al, &checklist); bool updatePerformanceCounters = true; if (Config.accessList.stats_collection) { ACLFilledChecklist statsCheck(Config.accessList.stats_collection, request, NULL); + statsCheck.al = al; if (al->reply) { statsCheck.reply = al->reply; HTTPMSGLOCK(statsCheck.reply); @@ -788,7 +791,7 @@ clientSocketRecipient(clientStreamNode * node, ClientHttpRequest * http, HttpReply * rep, StoreIOBuffer receivedData) { - // dont tryt to deliver if client already ABORTED + // do not try to deliver if client already ABORTED if (!http->getConn() || !cbdataReferenceValid(http->getConn()) || !Comm::IsConnOpen(http->getConn()->clientConnection)) return; @@ -1520,7 +1523,9 @@ bool allowDomainMismatch = false; if (Config.ssl_client.cert_error) { ACLFilledChecklist check(Config.ssl_client.cert_error, request, dash_str); + check.al = http->al; check.sslErrors = new Security::CertErrors(Security::CertError(SQUID_X509_V_ERR_DOMAIN_MISMATCH, srvCert)); + check.syncAle(request, http->log_uri); allowDomainMismatch = check.fastCheck().allowed(); delete check.sslErrors; check.sslErrors = NULL; @@ -1568,10 +1573,14 @@ { if (conn->mayTunnelUnsupportedProto()) { ACLFilledChecklist checklist(Config.accessList.on_unsupported_protocol, request.getRaw(), nullptr); + checklist.al = (context && context->http) ? context->http->al : nullptr; checklist.requestErrorType = requestError; checklist.src_addr = conn->clientConnection->remote; checklist.my_addr = conn->clientConnection->local; checklist.conn(conn); + ClientHttpRequest *http = context ? context->http : nullptr; + const char *log_uri = http ? http->log_uri : nullptr; + checklist.syncAle(request.getRaw(), log_uri); allow_t answer = checklist.fastCheck(); if (answer.allowed() && answer.kind == 1) { debugs(33, 3, "Request will be tunneled to server"); @@ -2821,6 +2830,10 @@ HTTPMSGUNLOCK(acl_checklist->al->request); acl_checklist->al->request = request; HTTPMSGLOCK(acl_checklist->al->request); + Http::StreamPointer context = pipeline.front(); + ClientHttpRequest *http = context ? context->http : nullptr; + const char *log_uri = http ? http->log_uri : nullptr; + acl_checklist->syncAle(request, log_uri); acl_checklist->nonBlockingCheck(httpsSslBumpAccessCheckDone, this); #else fatal("FATAL: SSL-Bump requires --with-openssl"); @@ -3023,7 +3036,7 @@ request_message.setCode(Ssl::CrtdMessage::code_new_certificate); request_message.composeRequest(certProperties); debugs(33, 5, HERE << "SSL crtd request: " << request_message.compose().c_str()); - Ssl::Helper::GetInstance()->sslSubmit(request_message, sslCrtdHandleReplyWrapper, this); + Ssl::Helper::Submit(request_message, sslCrtdHandleReplyWrapper, this); return; } catch (const std::exception &e) { debugs(33, DBG_IMPORTANT, "ERROR: Failed to compose ssl_crtd " << @@ -3286,6 +3299,8 @@ acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpNone)); acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpClientFirst)); acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpServerFirst)); + const char *log_uri = http ? http->log_uri : nullptr; + acl_checklist->syncAle(sslServerBump->request.getRaw(), log_uri); acl_checklist->nonBlockingCheck(httpsSslBumpStep2AccessCheckDone, this); return; } @@ -3725,6 +3740,7 @@ ACLFilledChecklist *ch = new ACLFilledChecklist(acl, http->request, cbdataReferenceValid(conn) && conn != NULL && conn->clientConnection != NULL ? conn->clientConnection->rfc931 : dash_str); ch->al = http->al; + ch->syncAle(http->request, http->log_uri); /* * hack for ident ACL. It needs to get full addresses, and a place to store * the ident result on persistent connections... diff -u -r -N squid-4.0.24/src/client_side_reply.cc squid-4.0.25/src/client_side_reply.cc --- squid-4.0.24/src/client_side_reply.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/client_side_reply.cc 2018-06-12 04:30:57.000000000 +1200 @@ -1906,7 +1906,7 @@ * We call into the stream, because we don't know that there is a * client socket! */ - debugs(88, 5, "clientReplyContext::sendStreamError: A stream error has occured, marking as complete and sending no data."); + debugs(88, 5, "A stream error has occurred, marking as complete and sending no data."); StoreIOBuffer localTempBuffer; flags.complete = 1; http->request->flags.streamError = true; diff -u -r -N squid-4.0.24/src/client_side_request.cc squid-4.0.25/src/client_side_request.cc --- squid-4.0.24/src/client_side_request.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/client_side_request.cc 2018-06-12 04:30:57.000000000 +1200 @@ -1390,8 +1390,8 @@ { acl_checklist = NULL; if (answer.denied()) { - http->request->flags.noCache = true; // dont read reply from cache - http->request->flags.cachable = false; // dont store reply into cache + http->request->flags.noCache = true; // do not read reply from cache + http->request->flags.cachable = false; // do not store reply into cache } http->doCallouts(); } @@ -1784,8 +1784,10 @@ calloutContext->tosToClientDone = true; if (getConn() != NULL && Comm::IsConnOpen(getConn()->clientConnection)) { ACLFilledChecklist ch(NULL, request, NULL); + ch.al = calloutContext->http->al; ch.src_addr = request->client_addr; ch.my_addr = request->my_addr; + ch.syncAle(request, log_uri); tos_t tos = aclMapTOS(Ip::Qos::TheConfig.tosToClient, &ch); if (tos) Ip::Qos::setSockTos(getConn()->clientConnection, tos); @@ -1796,8 +1798,10 @@ calloutContext->nfmarkToClientDone = true; if (getConn() != NULL && Comm::IsConnOpen(getConn()->clientConnection)) { ACLFilledChecklist ch(NULL, request, NULL); + ch.al = calloutContext->http->al; ch.src_addr = request->client_addr; ch.my_addr = request->my_addr; + ch.syncAle(request, log_uri); nfmark_t mark = aclMapNfmark(Ip::Qos::TheConfig.nfmarkToClient, &ch); if (mark) Ip::Qos::setSockNfmark(getConn()->clientConnection, mark); diff -u -r -N squid-4.0.24/src/clientStream.cc squid-4.0.25/src/clientStream.cc --- squid-4.0.24/src/clientStream.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/clientStream.cc 2018-06-12 04:30:57.000000000 +1200 @@ -209,7 +209,7 @@ delete thisObject; - /* and tell the prev that the detach has occured */ + /* and tell the prev that the detach has occurred */ /* * We do it in thisObject order so that the detaching node is always * at the end of the list diff -u -r -N squid-4.0.24/src/comm/Makefile.in squid-4.0.25/src/comm/Makefile.in --- squid-4.0.24/src/comm/Makefile.in 2018-03-08 02:24:43.000000000 +1300 +++ squid-4.0.25/src/comm/Makefile.in 2018-06-12 04:48:01.000000000 +1200 @@ -495,7 +495,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/comm/Read.h squid-4.0.25/src/comm/Read.h --- squid-4.0.24/src/comm/Read.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/comm/Read.h 2018-06-12 04:30:57.000000000 +1200 @@ -37,9 +37,9 @@ * The returned flag is also placed in params.flag. * * \retval Comm::OK data has been read and placed in buf, amount in params.size - * \retval Comm::COMM_ERROR an error occured, the code is placed in params.xerrno - * \retval Comm::INPROGRESS unable to read at this time, or a minor error occured - * \retval Comm::ENDFILE 0-byte read has occured. + * \retval Comm::COMM_ERROR an error occurred, the code is placed in params.xerrno + * \retval Comm::INPROGRESS unable to read at this time, or a minor error occurred + * \retval Comm::ENDFILE 0-byte read has occurred. * Usually indicates the remote end has disconnected. */ Comm::Flag ReadNow(CommIoCbParams ¶ms, SBuf &buf); diff -u -r -N squid-4.0.24/src/comm/TcpAcceptor.cc squid-4.0.25/src/comm/TcpAcceptor.cc --- squid-4.0.24/src/comm/TcpAcceptor.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/comm/TcpAcceptor.cc 2018-06-12 04:30:57.000000000 +1200 @@ -267,6 +267,7 @@ ACLFilledChecklist ch(nullptr, nullptr, nullptr); ch.src_addr = conn->remote; ch.my_addr = conn->local; + ch.al = al; accessLogLog(al, &ch); } @@ -344,10 +345,10 @@ * accept() and process * Wait for an incoming connection on our listener socket. * - * \retval Comm::OK success. details parameter filled. - * \retval Comm::NOMESSAGE attempted accept() but nothing useful came in. - * \retval Comm::COMM_ERROR an outright failure occured. - * Or if this client has too many connections already. + * \retval Comm::OK success. details parameter filled. + * \retval Comm::NOMESSAGE attempted accept() but nothing useful came in. + * \retval Comm::COMM_ERROR an outright failure occurred. + * Or this client has too many connections already. */ Comm::Flag Comm::TcpAcceptor::oldAccept(Comm::ConnectionPointer &details) diff -u -r -N squid-4.0.24/src/CommandLine.cc squid-4.0.25/src/CommandLine.cc --- squid-4.0.24/src/CommandLine.cc 1970-01-01 12:00:00.000000000 +1200 +++ squid-4.0.25/src/CommandLine.cc 2018-06-12 04:30:57.000000000 +1200 @@ -0,0 +1,169 @@ +/* + * Copyright (C) 1996-2018 The Squid Software Foundation and contributors + * + * Squid software is distributed under GPLv2+ license and includes + * contributions from numerous individuals and organizations. + * Please see the COPYING and CONTRIBUTORS files for details. + */ + +#include "squid.h" + +#include "CommandLine.h" +#include "sbuf/SBuf.h" + +static void +ResetGetopt(const bool allowStderrWarnings) +{ + opterr = allowStderrWarnings; + // Resetting optind to zero instead of conventional '1' has an + // advantage, since it also resets getopt(3) global state. + // getopt(3) always skips argv[0], even if optind is zero + optind = 0; +} + +CommandLine::CommandLine(int argC, char *argV[], const char *shortRules, const RawLongOption *longRules): + argv_(), + shortOptions_(shortRules ? xstrdup(shortRules) : ""), + longOptions_() +{ + assert(argC > 0); // C++ main() requirement that makes our arg0() safe + assert(shortRules); + + /* copy argV items */ + argv_.reserve(argC+1); + for (int i = 0; i < argC; ++i) + argv_.push_back(xstrdup(argV[i])); + argv_.push_back(nullptr); // POSIX argv "must be terminated by a null pointer" + + /* copy grammar rules for the long options */ + if (longRules) { + for (auto longOption = longRules; longOption->name; ++longOption) + longOptions_.emplace_back(*longOption); + longOptions_.emplace_back(); + } +} + +CommandLine::CommandLine(const CommandLine &them): + CommandLine(them.argc(), them.argv(), them.shortOptions_, them.longOptions()) +{ +} + +CommandLine & +CommandLine::operator =(const CommandLine &them) +{ + // cannot just swap(*this, them): std::swap(T,T) may call this assignment op + CommandLine tmp(them); + std::swap(argv_, tmp.argv_); + std::swap(shortOptions_, tmp.shortOptions_); + std::swap(longOptions_, tmp.longOptions_); + return *this; +} + +CommandLine::~CommandLine() +{ + for (auto arg: argv_) + xfree(arg); + + xfree(shortOptions_); +} + +bool +CommandLine::hasOption(const int optIdToFind, const char **optValue) const +{ + ResetGetopt(false); // avoid duped warnings; forEachOption() will complain + int optId = 0; + while (nextOption(optId)) { + if (optId == optIdToFind) { + if (optValue) { + // do not need to copy the optarg string because it is a pointer into the original + // argv array (https://www.gnu.org/software/libc/manual/html_node/Using-Getopt.html) + *optValue = optarg; + } + return true; + } + } + return false; +} + +void +CommandLine::forEachOption(Visitor visitor) const +{ + ResetGetopt(true); + int optId = 0; + while (nextOption(optId)) + visitor(optId, optarg); +} + +/// extracts the next option (if any) +/// \returns whether the option was extracted +/// throws on unknown option or missing required argument +bool +CommandLine::nextOption(int &optId) const +{ + optId = getopt_long(argc(), argv(), shortOptions_, longOptions(), nullptr); + if ((optId == ':' && shortOptions_[0] == ':') || optId == '?') { + assert(optind > 0 && static_cast(optind) < argv_.size()); + SBuf errMsg; + errMsg.Printf("'%s': %s", argv_[optind - 1], optId == '?' ? + "unrecognized option or missing required argument" : "missing required argument"); + throw TexcHere(errMsg); + } + return optId != -1; +} + +void +CommandLine::resetArg0(const char *programName) +{ + assert(programName); + xfree(argv_[0]); + argv_[0] = xstrdup(programName); +} + +void +CommandLine::pushFrontOption(const char *name, const char *value) +{ + assert(name); + argv_.insert(argv_.begin() + 1, xstrdup(name)); + if (value) + argv_.insert(argv_.begin() + 2, xstrdup(value)); +} + +LongOption::LongOption() : + option({nullptr, 0, nullptr, 0}) +{ +} + +LongOption::LongOption(const RawLongOption &opt) : + option({nullptr, 0, nullptr, 0}) +{ + copy(opt); +} + +LongOption::LongOption(const LongOption &opt): + LongOption(static_cast(opt)) +{ +} + +LongOption::~LongOption() +{ + xfree(name); +} + +LongOption & +LongOption::operator =(const LongOption &opt) +{ + if (this != &opt) + copy(static_cast(opt)); + return *this; +} + +void +LongOption::copy(const RawLongOption &opt) +{ + xfree(name); + name = opt.name ? xstrdup(opt.name) : nullptr; + has_arg = opt.has_arg; + flag = opt.flag; + val = opt.val; +} + diff -u -r -N squid-4.0.24/src/CommandLine.h squid-4.0.25/src/CommandLine.h --- squid-4.0.24/src/CommandLine.h 1970-01-01 12:00:00.000000000 +1200 +++ squid-4.0.25/src/CommandLine.h 2018-06-12 04:30:57.000000000 +1200 @@ -0,0 +1,85 @@ +/* + * Copyright (C) 1996-2018 The Squid Software Foundation and contributors + * + * Squid software is distributed under GPLv2+ license and includes + * contributions from numerous individuals and organizations. + * Please see the COPYING and CONTRIBUTORS files for details. + */ + +#ifndef SQUID_COMMANDLINE_H +#define SQUID_COMMANDLINE_H + +#if HAVE_GETOPT_H +#include +#endif +#include + +typedef struct option RawLongOption; + +/// A struct option C++ wrapper, helps with option::name copying/freeing. +class LongOption : public RawLongOption +{ +public: + LongOption(); + explicit LongOption(const RawLongOption &); + LongOption(const LongOption&); + LongOption &operator =(const LongOption &); + ~LongOption(); + +private: + void copy(const RawLongOption &); +}; + +/// Manages arguments passed to a program (i.e., main(argc, argv) parameters). +class CommandLine +{ +public: + /// expects main() input plus getopt_long(3) grammar rules for parsing argv + CommandLine(int argc, char *argv[], const char *shortRules, const RawLongOption *longRules); + CommandLine(const CommandLine &them); + ~CommandLine(); + + CommandLine &operator =(const CommandLine &); + + /// \returns whether the option with optId identifier is present + /// When returning true, sets non-nil optValue to the found option's value. + /// For letter options (-x) and their --long synonyms, the letter is the ID. + /// For long-only --options, the ID is the configured options::val value. + bool hasOption(const int optId, const char **optValue = nullptr) const; + + /// A callback function for forEachOption(); receives parsed options. + /// Must not call pushFrontOption(), hasOption() or forEachOption() -- getopt(3) uses globals! + typedef void Visitor(const int optId, const char *optValue); + + /// calls Visitor for each of the configured command line option + void forEachOption(Visitor) const; + + /// \returns argv[0], which is usually a program "name" + const char *arg0() const { return argv_[0]; } + + /// \returns main()'s argc, which is traditionally missing the last/nil item + int argc() const { return static_cast(argv_.size()) - 1; } + + /// \returns main()'s argv[] which is traditionally const-wrong + char **argv() const { return const_cast(argv_.data()); } + + /// replaces argv[0] with the new value + void resetArg0(const char *programName); + + /// inserts a (possibly duplicated) option at the beginning of options (just after argv[0]) + void pushFrontOption(const char *name, const char *value = nullptr); + +private: + const RawLongOption *longOptions() const { return longOptions_.size() ? longOptions_.data() : nullptr; } + bool nextOption(int &optId) const; + + /// raw main() parameters, including argv[0] and a nil argv[argc] + std::vector argv_; + + /* getopt_long() grammar rules */ + const char *shortOptions_; ///< single-dash, single-letter (-x) option rules + std::vector longOptions_; ///< long --option rules +}; + +#endif /* SQUID_COMMANDLINE_H */ + diff -u -r -N squid-4.0.24/src/CommCalls.h squid-4.0.25/src/CommCalls.h --- squid-4.0.24/src/CommCalls.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/CommCalls.h 2018-06-12 04:30:57.000000000 +1200 @@ -17,7 +17,7 @@ /* CommCalls implement AsyncCall interface for comm_* callbacks. * The classes cover two call dialer kinds: - * - A C-style call using a function pointer (depricated); + * - A C-style call using a function pointer (deprecated); * - A C++-style call to an AsyncJob child. * and several comm_* callback kinds: * - accept (IOACB) diff -u -r -N squid-4.0.24/src/Common.am squid-4.0.25/src/Common.am --- squid-4.0.24/src/Common.am 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/Common.am 2018-06-12 04:30:57.000000000 +1200 @@ -36,6 +36,11 @@ AM_CXXFLAGS = $(SQUID_CXXFLAGS) DEFS = @DEFS@ +# Make ./configure location settings above available to the code +DEFS += -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" + ## so that others can always use += for these variables CLEANFILES = check_PROGRAMS = diff -u -r -N squid-4.0.24/src/debug.cc squid-4.0.25/src/debug.cc --- squid-4.0.24/src/debug.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/debug.cc 2018-06-12 04:30:57.000000000 +1200 @@ -34,7 +34,7 @@ #ifdef LOG_LOCAL4 static int syslog_facility = 0; #endif -static void _db_print_syslog(const char *format, va_list args); +static void _db_print_syslog(const bool forceAlert, const char *format, va_list args); #endif static void _db_print_stderr(const char *format, va_list args); static void _db_print_file(const char *format, va_list args); @@ -108,8 +108,9 @@ assert(!file_ == !name); } +static void -_db_print(const char *format,...) +_db_print(const bool forceAlert, const char *format,...) { char f[BUFSIZ]; f[0]='\0'; @@ -167,7 +168,7 @@ _db_print_stderr(f, args2); #if HAVE_SYSLOG - _db_print_syslog(format, args3); + _db_print_syslog(forceAlert, format, args3); #endif #if _SQUID_WINDOWS_ @@ -207,15 +208,17 @@ #if HAVE_SYSLOG static void -_db_print_syslog(const char *format, va_list args) +_db_print_syslog(const bool forceAlert, const char *format, va_list args) { /* level 0,1 go to syslog */ - if (Debug::Level() > 1) - return; + if (!forceAlert) { + if (Debug::Level() > 1) + return; - if (!Debug::log_syslog) - return; + if (!Debug::log_syslog) + return; + } char tmpbuf[BUFSIZ]; tmpbuf[0] = '\0'; @@ -224,7 +227,7 @@ tmpbuf[BUFSIZ - 1] = '\0'; - syslog(Debug::Level() == 0 ? LOG_WARNING : LOG_NOTICE, "%s", tmpbuf); + syslog(forceAlert ? LOG_ALERT : (Debug::Level() == 0 ? LOG_WARNING : LOG_NOTICE), "%s", tmpbuf); } #endif /* HAVE_SYSLOG */ @@ -744,10 +747,10 @@ if (Ctx_Valid_Level < Ctx_Reported_Level) { if (Ctx_Reported_Level != Ctx_Valid_Level + 1) - _db_print("ctx: exit levels from %2d down to %2d\n", + _db_print(false, "ctx: exit levels from %2d down to %2d\n", Ctx_Reported_Level, Ctx_Valid_Level + 1); else - _db_print("ctx: exit level %2d\n", Ctx_Reported_Level); + _db_print(false, "ctx: exit level %2d\n", Ctx_Reported_Level); Ctx_Reported_Level = Ctx_Valid_Level; } @@ -756,7 +759,7 @@ while (Ctx_Reported_Level < Ctx_Current_Level) { ++Ctx_Reported_Level; ++Ctx_Valid_Level; - _db_print("ctx: enter level %2d: '%s'\n", Ctx_Reported_Level, + _db_print(false, "ctx: enter level %2d: '%s'\n", Ctx_Reported_Level, ctx_get_descr(Ctx_Reported_Level)); } @@ -779,7 +782,8 @@ Debug::Context::Context(const int aSection, const int aLevel): level(aLevel), sectionLevel(Levels[aSection]), - upper(Current) + upper(Current), + forceAlert(false) { formatStream(); } @@ -836,7 +840,8 @@ Debug::Finish() { // TODO: Optimize to remove at least one extra copy. - _db_print("%s\n", Current->buf.str().c_str()); + _db_print(Current->forceAlert, "%s\n", Current->buf.str().c_str()); + Current->forceAlert = false; Context *past = Current; Current = past->upper; @@ -845,6 +850,21 @@ // else it was a static topContext from Debug::Start() } +void +Debug::ForceAlert() +{ + // the ForceAlert(ostream) manipulator should only be used inside debugs() + if (Current) + Current->forceAlert = true; +} + +std::ostream& +ForceAlert(std::ostream& s) +{ + Debug::ForceAlert(); + return s; +} + /// print data bytes using hex notation void Raw::printHex(std::ostream &os) const diff -u -r -N squid-4.0.24/src/Debug.h squid-4.0.25/src/Debug.h --- squid-4.0.24/src/Debug.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/Debug.h 2018-06-12 04:30:57.000000000 +1200 @@ -68,6 +68,7 @@ void formatStream(); Context *upper; ///< previous or parent record in nested debugging calls std::ostringstream buf; ///< debugs() output sink + bool forceAlert; ///< the current debugs() will be a syslog ALERT }; /// whether debugging the given section and the given level produces output @@ -96,6 +97,8 @@ /// logs output buffer created in Start() and closes debugging context static void Finish(); + /// configures the active debugging context to write syslog ALERT + static void ForceAlert(); private: static Context *Current; ///< deepest active context; nil outside debugs() }; @@ -132,6 +135,11 @@ } \ } while (/*CONSTCOND*/ 0) +/// Does not change the stream being manipulated. Exists for its side effect: +/// In a debugs() context, forces the message to become a syslog ALERT. +/// Outside of debugs() context, has no effect and should not be used. +std::ostream& ForceAlert(std::ostream& s); + /** stream manipulator which does nothing. * \deprecated Do not add to new code, and remove when editing old code * @@ -166,7 +174,6 @@ /* Legacy debug function definitions */ void _db_init(const char *logfile, const char *options); -void _db_print(const char *,...) PRINTF_FORMAT_ARG1; void _db_set_syslog(const char *facility); void _db_rotate_log(void); diff -u -r -N squid-4.0.24/src/DiskIO/AIO/Makefile.in squid-4.0.25/src/DiskIO/AIO/Makefile.in --- squid-4.0.24/src/DiskIO/AIO/Makefile.in 2018-03-08 02:24:40.000000000 +1300 +++ squid-4.0.25/src/DiskIO/AIO/Makefile.in 2018-06-12 04:47:58.000000000 +1200 @@ -501,7 +501,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/DiskIO/Blocking/Makefile.in squid-4.0.25/src/DiskIO/Blocking/Makefile.in --- squid-4.0.24/src/DiskIO/Blocking/Makefile.in 2018-03-08 02:24:40.000000000 +1300 +++ squid-4.0.25/src/DiskIO/Blocking/Makefile.in 2018-06-12 04:47:58.000000000 +1200 @@ -493,7 +493,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/DiskIO/DiskDaemon/Makefile.in squid-4.0.25/src/DiskIO/DiskDaemon/Makefile.in --- squid-4.0.24/src/DiskIO/DiskDaemon/Makefile.in 2018-03-08 02:24:40.000000000 +1300 +++ squid-4.0.25/src/DiskIO/DiskDaemon/Makefile.in 2018-06-12 04:47:59.000000000 +1200 @@ -509,7 +509,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/DiskIO/DiskThreads/Makefile.in squid-4.0.25/src/DiskIO/DiskThreads/Makefile.in --- squid-4.0.24/src/DiskIO/DiskThreads/Makefile.in 2018-03-08 02:24:40.000000000 +1300 +++ squid-4.0.25/src/DiskIO/DiskThreads/Makefile.in 2018-06-12 04:47:59.000000000 +1200 @@ -503,7 +503,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/DiskIO/IpcIo/IpcIoFile.cc squid-4.0.25/src/DiskIO/IpcIo/IpcIoFile.cc --- squid-4.0.24/src/DiskIO/IpcIo/IpcIoFile.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/DiskIO/IpcIo/IpcIoFile.cc 2018-06-12 04:30:57.000000000 +1200 @@ -372,6 +372,8 @@ dbName << " overflow: " << SipcIo(KidIdentifier, ipcIo, diskId)); // TODO: report queue len // TODO: grow queue size + if (ipcIo.page) + Ipc::Mem::PutPage(ipcIo.page); pending->completeIo(NULL); delete pending; diff -u -r -N squid-4.0.24/src/DiskIO/IpcIo/Makefile.in squid-4.0.25/src/DiskIO/IpcIo/Makefile.in --- squid-4.0.24/src/DiskIO/IpcIo/Makefile.in 2018-03-08 02:24:40.000000000 +1300 +++ squid-4.0.25/src/DiskIO/IpcIo/Makefile.in 2018-06-12 04:47:59.000000000 +1200 @@ -493,7 +493,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/DiskIO/Makefile.in squid-4.0.25/src/DiskIO/Makefile.in --- squid-4.0.24/src/DiskIO/Makefile.in 2018-03-08 02:24:40.000000000 +1300 +++ squid-4.0.25/src/DiskIO/Makefile.in 2018-06-12 04:47:59.000000000 +1200 @@ -555,7 +555,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/DiskIO/Mmapped/Makefile.in squid-4.0.25/src/DiskIO/Mmapped/Makefile.in --- squid-4.0.24/src/DiskIO/Mmapped/Makefile.in 2018-03-08 02:24:40.000000000 +1300 +++ squid-4.0.25/src/DiskIO/Mmapped/Makefile.in 2018-06-12 04:47:59.000000000 +1200 @@ -493,7 +493,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/dns/Makefile.in squid-4.0.25/src/dns/Makefile.in --- squid-4.0.24/src/dns/Makefile.in 2018-03-08 02:24:43.000000000 +1300 +++ squid-4.0.25/src/dns/Makefile.in 2018-06-12 04:48:01.000000000 +1200 @@ -493,7 +493,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/dns_internal.cc squid-4.0.25/src/dns_internal.cc --- squid-4.0.24/src/dns_internal.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/dns_internal.cc 2018-06-12 04:30:57.000000000 +1200 @@ -1577,7 +1577,7 @@ static int init = 0; if (DnsSocketA < 0 && DnsSocketB < 0) { - Ip::Address addrV6; // since we don't want to alter Config.Addrs.udp_* and dont have one of our own. + Ip::Address addrV6; // since we do not want to alter Config.Addrs.udp_* and do not have one of our own. if (!Config.Addrs.udp_outgoing.isNoAddr()) addrV6 = Config.Addrs.udp_outgoing; diff -u -r -N squid-4.0.24/src/enums.h squid-4.0.25/src/enums.h --- squid-4.0.24/src/enums.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/enums.h 2018-06-12 04:30:57.000000000 +1200 @@ -95,12 +95,12 @@ typedef enum { STREAM_NONE, /* No particular status */ STREAM_COMPLETE, /* All data has been flushed, no more reads allowed */ - /* an unpredicted end has occured, no more - * reads occured, but no need to tell - * downstream that an error occured + /* an unpredicted end has occurred, no more + * reads occurred, but no need to tell + * downstream that an error occurred */ STREAM_UNPLANNED_COMPLETE, - /* An error has occured in this node or an above one, + /* An error has occurred in this node or an above one, * and the node is not generating an error body / it's * midstream */ diff -u -r -N squid-4.0.24/src/errorpage.cc squid-4.0.25/src/errorpage.cc --- squid-4.0.24/src/errorpage.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/errorpage.cc 2018-06-12 04:30:57.000000000 +1200 @@ -955,8 +955,8 @@ case 'R': if (building_deny_info_url) { if (request != NULL) { - SBuf tmp = request->url.path(); - p = tmp.c_str(); + const SBuf &tmp = request->url.path(); + mb.append(tmp.rawContent(), tmp.length()); no_urlescape = 1; } else p = "[no request]"; diff -u -r -N squid-4.0.24/src/esi/Context.h squid-4.0.25/src/esi/Context.h --- squid-4.0.24/src/esi/Context.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/esi/Context.h 2018-06-12 04:30:57.000000000 +1200 @@ -78,7 +78,7 @@ int oktosend:1; int finished:1; - /* an error has occured, send full body replies + /* an error has occurred, send full body replies * regardless. Note that we don't fail midstream * because we buffer until we can not fail */ diff -u -r -N squid-4.0.24/src/esi/Esi.cc squid-4.0.25/src/esi/Esi.cc --- squid-4.0.24/src/esi/Esi.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/esi/Esi.cc 2018-06-12 04:30:57.000000000 +1200 @@ -308,7 +308,7 @@ /* we've been detached from - we can't do anything more */ return ESI_KICK_FAILED; - /* Something has occured. Process any remaining nodes */ + /* Something has occurred. Process any remaining nodes */ if (!flags.finished) /* Process some of our data */ switch (process ()) { @@ -1666,7 +1666,7 @@ if (dynamic_cast(element.getRaw())) { if (attempt.getRaw()) { - debugs(86, DBG_IMPORTANT, "esiTryAdd: Failed for " << this << " - try allready has an attempt node (section 3.4)"); + debugs(86, DBG_IMPORTANT, "esiTryAdd: Failed for " << this << " - try already has an attempt node (section 3.4)"); return false; } diff -u -r -N squid-4.0.24/src/esi/Makefile.in squid-4.0.25/src/esi/Makefile.in --- squid-4.0.24/src/esi/Makefile.in 2018-03-08 02:24:43.000000000 +1300 +++ squid-4.0.25/src/esi/Makefile.in 2018-06-12 04:48:01.000000000 +1200 @@ -511,7 +511,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/eui/Eui48.cc squid-4.0.25/src/eui/Eui48.cc --- squid-4.0.24/src/eui/Eui48.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/eui/Eui48.cc 2018-06-12 04:30:57.000000000 +1200 @@ -20,7 +20,7 @@ #include /* START Legacy includes pattern */ -/* TODO: clean this up so we dont have per-OS requirements. +/* TODO: clean this up so we do not have per-OS requirements. The files are checked for existence individually and can be wrapped */ diff -u -r -N squid-4.0.24/src/eui/Makefile.in squid-4.0.25/src/eui/Makefile.in --- squid-4.0.24/src/eui/Makefile.in 2018-03-08 02:24:43.000000000 +1300 +++ squid-4.0.25/src/eui/Makefile.in 2018-06-12 04:48:02.000000000 +1200 @@ -493,7 +493,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/EventLoop.h squid-4.0.25/src/EventLoop.h --- squid-4.0.24/src/EventLoop.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/EventLoop.h 2018-06-12 04:30:57.000000000 +1200 @@ -87,7 +87,7 @@ TimeEngine * timeService; AsyncEngine * primaryEngine; int loop_delay; /**< the delay to be given to the primary engine */ - bool error; /**< has an error occured in this loop */ + bool error; /**< has an error occurred in this loop */ bool runOnceResult; /**< the result from runOnce */ }; diff -u -r -N squid-4.0.24/src/external_acl.cc squid-4.0.25/src/external_acl.cc --- squid-4.0.24/src/external_acl.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/external_acl.cc 2018-06-12 04:30:57.000000000 +1200 @@ -285,7 +285,7 @@ (*fmt)->quote = a->quote; // compatibility for old tokens incompatible with Format::Token syntax -#if USE_OPENSSL // dont bother if we dont have to. +#if USE_OPENSSL // do not bother unless we have to. if (strncmp(token, "%USER_CERT_", 11) == 0) { (*fmt)->type = Format::LFT_EXT_ACL_USER_CERT; (*fmt)->data.string = xstrdup(token + 11); @@ -610,7 +610,7 @@ if (!key) return ACCESS_DUNNO; // insufficent data to continue if (strcmp(key, (char*)entry->key) != 0) { - debugs(82, 9, "entry key='" << (char *)entry->key << "', our key='" << key << "' dont match. Discarded."); + debugs(82, 9, "entry key='" << (char *)entry->key << "', our key='" << key << "' do not match. Discarded."); // too bad. need a new lookup. entry = ch->extacl_entry = NULL; } @@ -991,6 +991,8 @@ entryData.password = label; #endif + // XXX: This state->def access conflicts with the cbdata validity check + // below. dlinkDelete(&state->list, &state->def->queue); ExternalACLEntryPointer entry; diff -u -r -N squid-4.0.24/src/fatal.cc squid-4.0.25/src/fatal.cc --- squid-4.0.24/src/fatal.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/fatal.cc 2018-06-12 04:30:57.000000000 +1200 @@ -16,19 +16,8 @@ static void fatal_common(const char *message) { -#if HAVE_SYSLOG - syslog(LOG_ALERT, "%s", message); -#endif - - fprintf(debug_log, "FATAL: %s\n", message); - - if (Debug::log_stderr > 0 && debug_log != stderr) - fprintf(stderr, "FATAL: %s\n", message); - - fprintf(debug_log, "Squid Cache (Version %s): Terminated abnormally.\n", - version_string); - - fflush(debug_log); + debugs(1, DBG_CRITICAL, ForceAlert << "FATAL: " << message); + debugs(1, DBG_CRITICAL, "Squid Cache (Version " << version_string << "): Terminated abnormally."); PrintRusage(); diff -u -r -N squid-4.0.24/src/format/Makefile.in squid-4.0.25/src/format/Makefile.in --- squid-4.0.24/src/format/Makefile.in 2018-03-08 02:24:43.000000000 +1300 +++ squid-4.0.25/src/format/Makefile.in 2018-06-12 04:48:02.000000000 +1200 @@ -492,7 +492,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/fs/Makefile.in squid-4.0.25/src/fs/Makefile.in --- squid-4.0.24/src/fs/Makefile.in 2018-03-08 02:24:43.000000000 +1300 +++ squid-4.0.25/src/fs/Makefile.in 2018-06-12 04:48:02.000000000 +1200 @@ -510,7 +510,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/fs/rock/RockRebuild.cc squid-4.0.25/src/fs/rock/RockRebuild.cc --- squid-4.0.24/src/fs/rock/RockRebuild.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/fs/rock/RockRebuild.cc 2018-06-12 04:30:57.000000000 +1200 @@ -491,7 +491,7 @@ anchor.basics.swap_file_sz = le.size; EBIT_SET(anchor.basics.flags, ENTRY_VALIDATED); le.state(LoadingEntry::leLoaded); - sd->map->closeForWriting(fileNo, false); + sd->map->closeForWriting(fileNo); ++counts.objcount; } diff -u -r -N squid-4.0.24/src/fs/rock/RockSwapDir.cc squid-4.0.25/src/fs/rock/RockSwapDir.cc --- squid-4.0.24/src/fs/rock/RockSwapDir.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/fs/rock/RockSwapDir.cc 2018-06-12 04:30:57.000000000 +1200 @@ -865,9 +865,8 @@ if (sio.touchingStoreEntry()) { sio.e->swap_file_sz = sio.writeableAnchor_->basics.swap_file_sz = sio.offset_; - - // close, the entry gets the read lock - map->closeForWriting(sio.swap_filen, true); + map->switchWritingToReading(sio.swap_filen); + // sio.e keeps the (now read) lock on the anchor } sio.writeableAnchor_ = NULL; sio.splicingPoint = request->sidCurrent; diff -u -r -N squid-4.0.24/src/fs/ufs/UFSStoreState.cc squid-4.0.25/src/fs/ufs/UFSStoreState.cc --- squid-4.0.24/src/fs/ufs/UFSStoreState.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/fs/ufs/UFSStoreState.cc 2018-06-12 04:30:57.000000000 +1200 @@ -55,7 +55,7 @@ std::setfill('0') << std::hex << std::setw(8) << swap_filen << " status "<< std::setfill(' ') << std::dec << theFile->error()); - /* Ok, notification past open means an error has occured */ + /* Ok, notification past open means an error has occurred */ assert (theFile->error()); tryClosing(); } diff -u -r -N squid-4.0.24/src/ftp/Makefile.in squid-4.0.25/src/ftp/Makefile.in --- squid-4.0.24/src/ftp/Makefile.in 2018-03-08 02:24:43.000000000 +1300 +++ squid-4.0.25/src/ftp/Makefile.in 2018-06-12 04:48:02.000000000 +1200 @@ -492,7 +492,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/FwdState.cc squid-4.0.25/src/FwdState.cc --- squid-4.0.24/src/FwdState.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/FwdState.cc 2018-06-12 04:30:57.000000000 +1200 @@ -323,7 +323,9 @@ * we do NOT want the indirect client address to be tested here. */ ACLFilledChecklist ch(Config.accessList.miss, request, NULL); + ch.al = al; ch.src_addr = request->client_addr; + ch.syncAle(request, nullptr); if (ch.fastCheck().denied()) { err_type page_id; page_id = aclGetDenyInfoPage(&Config.denyInfoList, AclMatchedName, 1); @@ -1180,6 +1182,8 @@ bool retriable = checkRetriable(); if (!retriable && Config.accessList.serverPconnForNonretriable) { ACLFilledChecklist ch(Config.accessList.serverPconnForNonretriable, request, NULL); + ch.al = al; + ch.syncAle(request, nullptr); retriable = ch.fastCheck().allowed(); } // always call shared pool first because we need to close an idle diff -u -r -N squid-4.0.24/src/globals.h squid-4.0.25/src/globals.h --- squid-4.0.24/src/globals.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/globals.h 2018-06-12 04:30:57.000000000 +1200 @@ -24,7 +24,6 @@ extern char config_input_line[BUFSIZ]; /// During parsing, the name of the current squid.conf directive being parsed. extern const char *cfg_directive; /* NULL */ -extern const char *DefaultConfigFile; /* DEFAULT_CONFIG_FILE */ extern const char *cfg_filename; /* NULL */ extern const char *dash_str; /* "-" */ extern const char *null_string; /* "" */ diff -u -r -N squid-4.0.24/src/helper/ChildConfig.cc squid-4.0.25/src/helper/ChildConfig.cc --- squid-4.0.24/src/helper/ChildConfig.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/helper/ChildConfig.cc 2018-06-12 04:30:57.000000000 +1200 @@ -64,7 +64,7 @@ /* keep a minimum of n_idle helpers free... */ if ( (n_active + n_idle) < n_max) return n_idle; - /* dont ever start more than n_max processes. */ + /* do not ever start more than n_max processes. */ return (n_max - n_active); } @@ -91,7 +91,7 @@ } else if (strncmp(token, "idle=", 5) == 0) { n_idle = xatoui(token + 5); if (n_idle < 1) { - debugs(0, DBG_CRITICAL, "WARNING OVERIDE: Using idle=0 for helpers causes request failures. Overiding to use idle=1 instead."); + debugs(0, DBG_CRITICAL, "WARNING OVERRIDE: Using idle=0 for helpers causes request failures. Overriding to use idle=1 instead."); n_idle = 1; } } else if (strncmp(token, "concurrency=", 12) == 0) { @@ -118,12 +118,12 @@ /* simple sanity. */ if (n_startup > n_max) { - debugs(0, DBG_CRITICAL, "WARNING OVERIDE: Capping startup=" << n_startup << " to the defined maximum (" << n_max <<")"); + debugs(0, DBG_CRITICAL, "WARNING OVERRIDE: Capping startup=" << n_startup << " to the defined maximum (" << n_max <<")"); n_startup = n_max; } if (n_idle > n_max) { - debugs(0, DBG_CRITICAL, "WARNING OVERIDE: Capping idle=" << n_idle << " to the defined maximum (" << n_max <<")"); + debugs(0, DBG_CRITICAL, "WARNING OVERRIDE: Capping idle=" << n_idle << " to the defined maximum (" << n_max <<")"); n_idle = n_max; } diff -u -r -N squid-4.0.24/src/helper/Makefile.in squid-4.0.25/src/helper/Makefile.in --- squid-4.0.24/src/helper/Makefile.in 2018-03-08 02:24:43.000000000 +1300 +++ squid-4.0.25/src/helper/Makefile.in 2018-06-12 04:48:02.000000000 +1200 @@ -492,7 +492,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/http/Makefile.in squid-4.0.25/src/http/Makefile.in --- squid-4.0.24/src/http/Makefile.in 2018-03-08 02:24:43.000000000 +1300 +++ squid-4.0.25/src/http/Makefile.in 2018-06-12 04:48:02.000000000 +1200 @@ -534,7 +534,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/http/one/Makefile.in squid-4.0.25/src/http/one/Makefile.in --- squid-4.0.24/src/http/one/Makefile.in 2018-03-08 02:24:43.000000000 +1300 +++ squid-4.0.25/src/http/one/Makefile.in 2018-06-12 04:48:02.000000000 +1200 @@ -493,7 +493,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/http/one/Parser.h squid-4.0.25/src/http/one/Parser.h --- squid-4.0.24/src/http/one/Parser.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/http/one/Parser.h 2018-06-12 04:30:57.000000000 +1200 @@ -131,7 +131,7 @@ * identified accurately within limit characters. * mimeHeaderBlock_ has been updated and buf_ consumed. * - * \retval false An error occured, or no mime terminator found within limit. + * \retval false An error occurred, or no mime terminator found within limit. */ bool grabMimeBlock(const char *which, const size_t limit); diff -u -r -N squid-4.0.24/src/http/one/TeChunkedParser.h squid-4.0.25/src/http/one/TeChunkedParser.h --- squid-4.0.24/src/http/one/TeChunkedParser.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/http/one/TeChunkedParser.h 2018-06-12 04:30:57.000000000 +1200 @@ -32,7 +32,7 @@ { public: TeChunkedParser(); - virtual ~TeChunkedParser() {theOut=NULL;/* we dont own this object */} + virtual ~TeChunkedParser() { theOut=nullptr; /* we do not own this object */ } /// set the buffer to be used to store decoded chunk data void setPayloadBuffer(MemBuf *parsedContent) {theOut = parsedContent;} diff -u -r -N squid-4.0.24/src/http/StatusLine.cc squid-4.0.25/src/http/StatusLine.cc --- squid-4.0.24/src/http/StatusLine.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/http/StatusLine.cc 2018-06-12 04:30:57.000000000 +1200 @@ -80,7 +80,7 @@ // casesensitive comparison (which is required by HTTP errata?) if (protoPrefix.cmp("ICY", 3) == 0) { - debugs(57, 3, "Invalid HTTP identifier. Detected ICY protocol istead."); + debugs(57, 3, "Invalid HTTP identifier. Detected ICY protocol instead."); protocol = AnyP::PROTO_ICY; start += protoPrefix.size(); } else if (protoPrefix.caseCmp(start, protoPrefix.size()) == 0) { diff -u -r -N squid-4.0.24/src/http/Stream.cc squid-4.0.25/src/http/Stream.cc --- squid-4.0.24/src/http/Stream.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/http/Stream.cc 2018-06-12 04:30:57.000000000 +1200 @@ -262,7 +262,7 @@ assert(rep); MemBuf *mb = rep->pack(); - // dump now, so we dont output any body. + // dump now, so we do not output any body. debugs(11, 2, "HTTP Client " << clientConnection); debugs(11, 2, "HTTP Client REPLY:\n---------\n" << mb->buf << "\n----------"); diff -u -r -N squid-4.0.24/src/http/url_rewriters/fake/Makefile.in squid-4.0.25/src/http/url_rewriters/fake/Makefile.in --- squid-4.0.24/src/http/url_rewriters/fake/Makefile.in 2018-03-08 02:24:43.000000000 +1300 +++ squid-4.0.25/src/http/url_rewriters/fake/Makefile.in 2018-06-12 04:48:02.000000000 +1200 @@ -479,7 +479,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/http/url_rewriters/LFS/Makefile.in squid-4.0.25/src/http/url_rewriters/LFS/Makefile.in --- squid-4.0.24/src/http/url_rewriters/LFS/Makefile.in 2018-03-08 02:24:43.000000000 +1300 +++ squid-4.0.25/src/http/url_rewriters/LFS/Makefile.in 2018-06-12 04:48:02.000000000 +1200 @@ -431,7 +431,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/http/url_rewriters/LFS/url_lfs_rewrite.8 squid-4.0.25/src/http/url_rewriters/LFS/url_lfs_rewrite.8 --- squid-4.0.24/src/http/url_rewriters/LFS/url_lfs_rewrite.8 2018-03-08 02:33:26.000000000 +1300 +++ squid-4.0.25/src/http/url_rewriters/LFS/url_lfs_rewrite.8 2018-06-12 04:56:20.000000000 +1200 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "URL_LFS_REWRITE 8" -.TH URL_LFS_REWRITE 8 "2018-03-07" "perl v5.26.1" "User Contributed Perl Documentation" +.TH URL_LFS_REWRITE 8 "2018-06-11" "perl v5.26.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-4.0.24/src/http.cc squid-4.0.25/src/http.cc --- squid-4.0.24/src/http.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/http.cc 2018-06-12 04:30:57.000000000 +1200 @@ -801,7 +801,9 @@ // check whether the 1xx response forwarding is allowed by squid.conf if (Config.accessList.reply) { ACLFilledChecklist ch(Config.accessList.reply, originalRequest(), NULL); + ch.al = fwd->al; ch.reply = reply; + ch.syncAle(originalRequest(), nullptr); HTTPMSGLOCK(ch.reply); if (!ch.fastCheck().allowed()) { // TODO: support slow lookups? debugs(11, 3, HERE << "ignoring denied 1xx"); @@ -1542,7 +1544,7 @@ if (limitBuffer < 0 || inBuf.length() >= (SBuf::size_type)limitBuffer) { // when buffer is at or over limit already - debugs(11, 7, "wont read up to " << limitBuffer << ". buffer has (" << inBuf.length() << "/" << inBuf.spaceSize() << ") from " << serverConnection); + debugs(11, 7, "will not read up to " << limitBuffer << ". buffer has (" << inBuf.length() << "/" << inBuf.spaceSize() << ") from " << serverConnection); debugs(11, DBG_DATA, "buffer has {" << inBuf << "}"); // Process next response from buffer processReply(); @@ -1553,17 +1555,17 @@ const size_t read_size = calcBufferSpaceToReserve(inBuf.spaceSize(), (limitBuffer - inBuf.length())); if (!read_size) { - debugs(11, 7, "wont read up to " << read_size << " into buffer (" << inBuf.length() << "/" << inBuf.spaceSize() << ") from " << serverConnection); + debugs(11, 7, "will not read up to " << read_size << " into buffer (" << inBuf.length() << "/" << inBuf.spaceSize() << ") from " << serverConnection); return false; } - // just report whether we could grow or not, dont actually do it + // just report whether we could grow or not, do not actually do it if (doGrow) return (read_size >= 2); // we may need to grow the buffer inBuf.reserveSpace(read_size); - debugs(11, 8, (!flags.do_next_read ? "wont" : "may") << + debugs(11, 8, (!flags.do_next_read ? "will not" : "may") << " read up to " << read_size << " bytes info buf(" << inBuf.length() << "/" << inBuf.spaceSize() << ") from " << serverConnection); @@ -2334,6 +2336,8 @@ } ACLFilledChecklist ch(Config.accessList.brokenPosts, originalRequest(), NULL); + ch.al = fwd->al; + ch.syncAle(originalRequest(), nullptr); if (!ch.fastCheck().allowed()) { debugs(11, 5, HERE << "didn't match brokenPosts"); return false; diff -u -r -N squid-4.0.24/src/HttpRequest.cc squid-4.0.25/src/HttpRequest.cc --- squid-4.0.24/src/HttpRequest.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/HttpRequest.cc 2018-06-12 04:30:57.000000000 +1200 @@ -704,6 +704,7 @@ if (Config.accessList.spoof_client_ip) { ACLFilledChecklist *checklist = new ACLFilledChecklist(Config.accessList.spoof_client_ip, this, clientConnection->rfc931); checklist->al = al; + checklist->syncAle(this, nullptr); flags.spoofClientIp = checklist->fastCheck().allowed(); delete checklist; } else diff -u -r -N squid-4.0.24/src/icmp/Makefile.am squid-4.0.25/src/icmp/Makefile.am --- squid-4.0.24/src/icmp/Makefile.am 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/icmp/Makefile.am 2018-06-12 04:30:57.000000000 +1200 @@ -8,11 +8,6 @@ include $(top_srcdir)/src/Common.am include $(top_srcdir)/src/TestHeaders.am -# TODO: get rid of this when config filename is no longer a global constant. -# its only here so the pinger globals.cc will link. -DEFS += -DDEFAULT_CONFIG_FILE=NULL - - # ICMP Specific Configurations if ENABLE_PINGER diff -u -r -N squid-4.0.24/src/icmp/Makefile.in squid-4.0.25/src/icmp/Makefile.in --- squid-4.0.24/src/icmp/Makefile.in 2018-03-08 02:24:43.000000000 +1300 +++ squid-4.0.25/src/icmp/Makefile.in 2018-06-12 04:48:02.000000000 +1200 @@ -521,9 +521,10 @@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -# TODO: get rid of this when config filename is no longer a global constant. -# its only here so the pinger globals.cc will link. -DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=NULL +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/ident/Ident.cc squid-4.0.25/src/ident/Ident.cc --- squid-4.0.24/src/ident/Ident.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/ident/Ident.cc 2018-06-12 04:30:57.000000000 +1200 @@ -256,7 +256,7 @@ state = new IdentStateData; state->hash.key = xstrdup(key); - // copy the conn details. We dont want the original FD to be re-used by IDENT. + // copy the conn details. We do not want the original FD to be re-used by IDENT. state->conn = conn->copyDetails(); // NP: use random port for secure outbound to IDENT_PORT state->conn->local.port(0); diff -u -r -N squid-4.0.24/src/ident/Makefile.in squid-4.0.25/src/ident/Makefile.in --- squid-4.0.24/src/ident/Makefile.in 2018-03-08 02:24:43.000000000 +1300 +++ squid-4.0.25/src/ident/Makefile.in 2018-06-12 04:48:02.000000000 +1200 @@ -492,7 +492,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/ip/Address.h squid-4.0.25/src/ip/Address.h --- squid-4.0.24/src/ip/Address.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/ip/Address.h 2018-06-12 04:30:57.000000000 +1200 @@ -137,7 +137,7 @@ /*@}*/ /** Retrieve the Port if stored. - \retval 0 Port is unset or an error occured. + \retval 0 Port is unset or an error occurred. \retval n Port associated with this address in host native -endian. */ unsigned short port() const; @@ -145,7 +145,7 @@ /** Set the Port value for an address. * Replaces any previously existing Port value. \param port Port being assigned in host native -endian. - \retval 0 Port is unset or an error occured. + \retval 0 Port is unset or an error occurred. \retval n Port associated with this address in host native -endian. */ unsigned short port(unsigned short port); diff -u -r -N squid-4.0.24/src/ip/Intercept.cc squid-4.0.25/src/ip/Intercept.cc --- squid-4.0.24/src/ip/Intercept.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/ip/Intercept.cc 2018-06-12 04:30:57.000000000 +1200 @@ -204,16 +204,7 @@ memset(&natLookup, 0, sizeof(natLookup)); // for NAT lookup set local and remote IP:port's if (newConn->remote.isIPv6()) { -#if IPFILTER_VERSION < 5000003 - // warn once every 10 at critical level, then push down a level each repeated event - static int warningLevel = DBG_CRITICAL; - debugs(89, warningLevel, "IPF (IPFilter v4) NAT does not support IPv6. Please upgrade to IPFilter v5.1"); - warningLevel = (warningLevel + 1) % 10; - return false; - } - newConn->local.getInAddr(natLookup.nl_inip); - newConn->remote.getInAddr(natLookup.nl_outip); -#else +#if HAVE_NATLOOKUP_NL_INIPADDR_IN6 natLookup.nl_v = 6; newConn->local.getInAddr(natLookup.nl_inipaddr.in6); newConn->remote.getInAddr(natLookup.nl_outipaddr.in6); @@ -223,6 +214,15 @@ newConn->local.getInAddr(natLookup.nl_inipaddr.in4); newConn->remote.getInAddr(natLookup.nl_outipaddr.in4); } +#else + // warn once every 10 at critical level, then push down a level each repeated event + static int warningLevel = DBG_CRITICAL; + debugs(89, warningLevel, "Your IPF (IPFilter) NAT does not support IPv6. Please upgrade it."); + warningLevel = (warningLevel + 1) % 10; + return false; + } + newConn->local.getInAddr(natLookup.nl_inip); + newConn->remote.getInAddr(natLookup.nl_outip); #endif natLookup.nl_inport = htons(newConn->local.port()); natLookup.nl_outport = htons(newConn->remote.port()); @@ -292,13 +292,13 @@ debugs(89, 9, HERE << "address: " << newConn); return false; } else { -#if IPFILTER_VERSION < 5000003 - newConn->local = natLookup.nl_realip; -#else +#if HAVE_NATLOOKUP_NL_REALIPADDR_IN6 if (newConn->remote.isIPv6()) newConn->local = natLookup.nl_realipaddr.in6; else newConn->local = natLookup.nl_realipaddr.in4; +#else + newConn->local = natLookup.nl_realip; #endif newConn->local.port(ntohs(natLookup.nl_realport)); debugs(89, 5, HERE << "address NAT: " << newConn); diff -u -r -N squid-4.0.24/src/ip/Makefile.in squid-4.0.25/src/ip/Makefile.in --- squid-4.0.24/src/ip/Makefile.in 2018-03-08 02:24:43.000000000 +1300 +++ squid-4.0.25/src/ip/Makefile.in 2018-06-12 04:48:02.000000000 +1200 @@ -492,7 +492,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/ipc/Kid.cc squid-4.0.25/src/ipc/Kid.cc --- squid-4.0.24/src/ipc/Kid.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/ipc/Kid.cc 2018-06-12 04:30:57.000000000 +1200 @@ -20,22 +20,13 @@ int TheProcessKind = pkOther; -Kid::Kid(): - badFailures(0), - pid(-1), - startTime(0), - isRunning(false), - status(0) +Kid::Kid() { } -Kid::Kid(const String& kid_name): - theName(kid_name), - badFailures(0), - pid(-1), - startTime(0), - isRunning(false), - status(0) +Kid::Kid(const char *aRole, const int anId): + processRole(aRole), + processId(anId) { } @@ -77,20 +68,20 @@ if (calledExit()) { syslog(LOG_NOTICE, "Squid Parent: %s process %d exited with status %d", - theName.termedBuf(), pid, exitStatus()); + gist().c_str(), pid, exitStatus()); } else if (signaled()) { syslog(LOG_NOTICE, "Squid Parent: %s process %d exited due to signal %d with status %d", - theName.termedBuf(), pid, termSignal(), exitStatus()); + gist().c_str(), pid, termSignal(), exitStatus()); } else { syslog(LOG_NOTICE, "Squid Parent: %s process %d exited", - theName.termedBuf(), pid); + gist().c_str(), pid); } if (hopeless() && Config.hopelessKidRevivalDelay) { syslog(LOG_NOTICE, "Squid Parent: %s process %d will not be restarted for %ld " "seconds due to repeated, frequent failures", - theName.termedBuf(), + gist().c_str(), pid, static_cast(Config.hopelessKidRevivalDelay)); } @@ -170,9 +161,19 @@ } /// returns kid name -const String& Kid::name() const +SBuf Kid::processName() const { - return theName; + SBuf name("("); + name.append(gist()); + name.append(")"); + return name; +} + +SBuf Kid::gist() const +{ + SBuf name(processRole); + name.appendf("-%d", processId); + return name; } time_t diff -u -r -N squid-4.0.24/src/ipc/Kid.h squid-4.0.25/src/ipc/Kid.h --- squid-4.0.24/src/ipc/Kid.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/ipc/Kid.h 2018-06-12 04:30:57.000000000 +1200 @@ -27,7 +27,7 @@ public: Kid(); - Kid(const String& kid_name); + Kid(const char *role, const int id); /// called when this kid got started, records PID void start(pid_t cpid); @@ -74,22 +74,26 @@ /// whether the process was terminated by a given signal bool signaled(int sgnl) const; - /// returns kid name - const String& name() const; + /// \returns kid's role and ID formatted for use as a process name + SBuf processName() const; + + /// \returns kid's role and ID summary; usable as a --kid parameter value + SBuf gist() const; private: void reportStopped() const; // Information preserved across restarts - String theName; ///< process name - int badFailures; ///< number of "repeated frequent" failures + SBuf processRole; + int processId = 0; + int badFailures = 0; ///< number of "repeated frequent" failures // Information specific to a running or stopped kid - pid_t pid; ///< current (for a running kid) or last (for stopped kid) PID - time_t startTime; ///< last start time + pid_t pid = -1; ///< current (for a running kid) or last (for stopped kid) PID + time_t startTime = 0; ///< last start time time_t stopTime = 0; ///< last termination time - bool isRunning; ///< whether the kid is assumed to be alive - PidStatus status; ///< exit status of a stopped kid + bool isRunning = false; ///< whether the kid is assumed to be alive + PidStatus status = 0; ///< exit status of a stopped kid }; // TODO: processes may not be kids; is there a better place to put this? diff -u -r -N squid-4.0.24/src/ipc/Kids.cc squid-4.0.25/src/ipc/Kids.cc --- squid-4.0.24/src/ipc/Kids.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/ipc/Kids.cc 2018-06-12 04:30:57.000000000 +1200 @@ -16,7 +16,7 @@ #include "tools.h" Kids TheKids; -KidName TheKidName; +SBuf TheKidName; Kids::Kids() { @@ -29,25 +29,16 @@ storage.reserve(NumberOfKids()); - char kid_name[32]; - - // add Kid records for all workers - for (int i = 0; i < Config.workers; ++i) { - snprintf(kid_name, sizeof(kid_name), "(squid-%d)", (int)(storage.size()+1)); - storage.push_back(Kid(kid_name)); - } + for (int i = 0; i < Config.workers; ++i) + storage.emplace_back("squid", storage.size() + 1); // add Kid records for all disk processes - for (int i = 0; i < Config.cacheSwap.n_strands; ++i) { - snprintf(kid_name, sizeof(kid_name), "(squid-disk-%d)", (int)(storage.size()+1)); - storage.push_back(Kid(kid_name)); - } + for (int i = 0; i < Config.cacheSwap.n_strands; ++i) + storage.emplace_back("squid-disk", storage.size() + 1); // if coordination is needed, add a Kid record for Coordinator - if (storage.size() > 1) { - snprintf(kid_name, sizeof(kid_name), "(squid-coord-%d)", (int)(storage.size()+1)); - storage.push_back(Kid(kid_name)); - } + if (storage.size() > 1) + storage.emplace_back("squid-coord", storage.size() + 1); Must(storage.size() == static_cast(NumberOfKids())); } diff -u -r -N squid-4.0.24/src/ipc/Kids.h squid-4.0.25/src/ipc/Kids.h --- squid-4.0.24/src/ipc/Kids.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/ipc/Kids.h 2018-06-12 04:30:57.000000000 +1200 @@ -64,8 +64,7 @@ extern Kids TheKids; ///< All kids being maintained -typedef char KidName[64]; ///< Squid process name (e.g., "squid-coord") -extern KidName TheKidName; ///< current Squid process name +extern SBuf TheKidName; ///< current Squid process name (e.g., "squid-coord") #endif /* SQUID_IPC_KIDS_H */ diff -u -r -N squid-4.0.24/src/ipc/Makefile.in squid-4.0.25/src/ipc/Makefile.in --- squid-4.0.24/src/ipc/Makefile.in 2018-03-08 02:24:43.000000000 +1300 +++ squid-4.0.25/src/ipc/Makefile.in 2018-06-12 04:48:02.000000000 +1200 @@ -498,7 +498,12 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ -DDEFAULT_STATEDIR=\"$(localstatedir)/run/squid\" + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" \ + -DDEFAULT_STATEDIR=\"$(localstatedir)/run/squid\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/ipc/MemMap.cc squid-4.0.25/src/ipc/MemMap.cc --- squid-4.0.24/src/ipc/MemMap.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/ipc/MemMap.cc 2018-06-12 04:30:57.000000000 +1200 @@ -88,17 +88,25 @@ } void -Ipc::MemMap::closeForWriting(const sfileno fileno, bool lockForReading) +Ipc::MemMap::closeForWriting(const sfileno fileno) { - debugs(54, 5, "closing slot at " << fileno << " for writing and " - "openning for reading in map [" << path << ']'); + debugs(54, 5, "stop writing slot at " << fileno << + " in map [" << path << ']'); assert(valid(fileno)); Slot &s = shared->slots[fileno]; assert(s.writing()); - if (lockForReading) - s.lock.switchExclusiveToShared(); - else - s.lock.unlockExclusive(); + s.lock.unlockExclusive(); +} + +void +Ipc::MemMap::switchWritingToReading(const sfileno fileno) +{ + debugs(54, 5, "switching writing slot at " << fileno << + " to reading in map [" << path << ']'); + assert(valid(fileno)); + Slot &s = shared->slots[fileno]; + assert(s.writing()); + s.lock.switchExclusiveToShared(); } /// terminate writing the entry, freeing its slot for others to use diff -u -r -N squid-4.0.24/src/ipc/MemMap.h squid-4.0.25/src/ipc/MemMap.h --- squid-4.0.24/src/ipc/MemMap.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/ipc/MemMap.h 2018-06-12 04:30:57.000000000 +1200 @@ -90,7 +90,10 @@ Slot *openForWritingAt(sfileno fileno, bool overwriteExisting = true); /// successfully finish writing the entry - void closeForWriting(const sfileno fileno, bool lockForReading = false); + void closeForWriting(const sfileno fileno); + + /// stop writing the locked entry and start reading it + void switchWritingToReading(const sfileno fileno); /// only works on locked entries; returns nil unless the slot is readable const Slot *peekAtReader(const sfileno fileno) const; diff -u -r -N squid-4.0.24/src/ipc/StoreMap.cc squid-4.0.25/src/ipc/StoreMap.cc --- squid-4.0.24/src/ipc/StoreMap.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/ipc/StoreMap.cc 2018-06-12 04:30:57.000000000 +1200 @@ -155,20 +155,24 @@ } void -Ipc::StoreMap::closeForWriting(const sfileno fileno, bool lockForReading) +Ipc::StoreMap::closeForWriting(const sfileno fileno) { Anchor &s = anchorAt(fileno); assert(s.writing()); - if (lockForReading) { - s.lock.switchExclusiveToShared(); - debugs(54, 5, "switched entry " << fileno << - " from writing to reading " << path); - assert(s.complete()); - } else { - s.lock.unlockExclusive(); - debugs(54, 5, "closed entry " << fileno << " for writing " << path); - // cannot assert completeness here because we have no lock - } + // TODO: assert(!s.empty()); // i.e., unlocked s becomes s.complete() + s.lock.unlockExclusive(); + debugs(54, 5, "closed entry " << fileno << " for writing " << path); + // cannot assert completeness here because we have no lock +} + +void +Ipc::StoreMap::switchWritingToReading(const sfileno fileno) +{ + debugs(54, 5, "switching entry " << fileno << " from writing to reading " << path); + Anchor &s = anchorAt(fileno); + assert(s.writing()); + s.lock.switchExclusiveToShared(); + assert(s.complete()); } Ipc::StoreMap::Slice & diff -u -r -N squid-4.0.24/src/ipc/StoreMap.h squid-4.0.25/src/ipc/StoreMap.h --- squid-4.0.24/src/ipc/StoreMap.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/ipc/StoreMap.h 2018-06-12 04:30:57.000000000 +1200 @@ -233,7 +233,9 @@ /// restrict opened for writing entry to appending operations; allow reads void startAppending(const sfileno fileno); /// successfully finish creating or updating the entry at fileno pos - void closeForWriting(const sfileno fileno, bool lockForReading = false); + void closeForWriting(const sfileno fileno); + /// stop writing (or updating) the locked entry and start reading it + void switchWritingToReading(const sfileno fileno); /// unlock and "forget" openForWriting entry, making it Empty again /// this call does not free entry slices so the caller has to do that void forgetWritingEntry(const sfileno fileno); diff -u -r -N squid-4.0.24/src/ipcache.cc squid-4.0.25/src/ipcache.cc --- squid-4.0.24/src/ipcache.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/ipcache.cc 2018-06-12 04:30:57.000000000 +1200 @@ -602,7 +602,7 @@ \param flags Default is NULL, set to IP_LOOKUP_IF_MISS * to explicitly perform DNS lookups. * - \retval NULL An error occured during lookup + \retval NULL An error occurred during lookup \retval NULL No results available in cache and no lookup specified \retval * Pointer to the ipcahce_addrs structure containing the lookup results */ diff -u -r -N squid-4.0.24/src/log/CustomLog.cc squid-4.0.25/src/log/CustomLog.cc --- squid-4.0.24/src/log/CustomLog.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/log/CustomLog.cc 2018-06-12 04:30:57.000000000 +1200 @@ -7,5 +7,12 @@ */ #include "squid.h" -#include "CustomLog.h" +#include "log/CustomLog.h" +#include "log/File.h" + +bool +CustomLog::usesDaemon() const +{ + return (filename && strncmp(filename, "daemon:", 7) == 0); +} diff -u -r -N squid-4.0.24/src/log/CustomLog.h squid-4.0.25/src/log/CustomLog.h --- squid-4.0.24/src/log/CustomLog.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/log/CustomLog.h 2018-06-12 04:30:57.000000000 +1200 @@ -22,6 +22,9 @@ class CustomLog { public: + /// \returns whether the daemon module is used for this log + bool usesDaemon() const; + char *filename; ACLList *aclList; Format::Format *logFormat; diff -u -r -N squid-4.0.24/src/log/DB/log_db_daemon.8 squid-4.0.25/src/log/DB/log_db_daemon.8 --- squid-4.0.24/src/log/DB/log_db_daemon.8 2018-03-08 02:33:26.000000000 +1300 +++ squid-4.0.25/src/log/DB/log_db_daemon.8 2018-06-12 04:56:21.000000000 +1200 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "LOG_DB_DAEMON 8" -.TH LOG_DB_DAEMON 8 "2018-03-07" "perl v5.26.1" "User Contributed Perl Documentation" +.TH LOG_DB_DAEMON 8 "2018-06-11" "perl v5.26.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-4.0.24/src/log/DB/Makefile.in squid-4.0.25/src/log/DB/Makefile.in --- squid-4.0.24/src/log/DB/Makefile.in 2018-03-08 02:24:43.000000000 +1300 +++ squid-4.0.25/src/log/DB/Makefile.in 2018-06-12 04:48:02.000000000 +1200 @@ -431,7 +431,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/log/file/Makefile.in squid-4.0.25/src/log/file/Makefile.in --- squid-4.0.24/src/log/file/Makefile.in 2018-03-08 02:24:43.000000000 +1300 +++ squid-4.0.25/src/log/file/Makefile.in 2018-06-12 04:48:02.000000000 +1200 @@ -479,7 +479,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/log/Makefile.in squid-4.0.25/src/log/Makefile.in --- squid-4.0.24/src/log/Makefile.in 2018-03-08 02:24:43.000000000 +1300 +++ squid-4.0.25/src/log/Makefile.in 2018-06-12 04:48:02.000000000 +1200 @@ -536,7 +536,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/main.cc squid-4.0.25/src/main.cc --- squid-4.0.24/src/main.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/main.cc 2018-06-12 04:30:57.000000000 +1200 @@ -24,6 +24,7 @@ #include "client_db.h" #include "client_side.h" #include "comm.h" +#include "CommandLine.h" #include "ConfigParser.h" #include "CpuAffinity.h" #include "DiskIO/DiskIOModule.h" @@ -56,6 +57,7 @@ #include "mime.h" #include "neighbors.h" #include "parser/Tokenizer.h" +#include "Parsing.h" #include "pconn.h" #include "peer_sourcehash.h" #include "peer_userhash.h" @@ -168,11 +170,11 @@ static void mainReconfigureFinish(void*); static void mainInitialize(void); static void usage(void); -static void mainParseOptions(int argc, char *argv[]); +static void mainHandleCommandLineOption(const int optId, const char *optValue); static void sendSignal(void); static void serverConnectionsOpen(void); static void serverConnectionsClose(void); -static void watch_child(char **); +static void watch_child(const CommandLine &); static void setEffectiveUser(void); static void SquidShutdown(void); static void mainSetCwd(void); @@ -393,6 +395,9 @@ " -N Master process runs in foreground and is a worker. No kids.\n" " --foreground\n" " Master process runs in foreground and creates worker kids.\n" + " --kid role-ID\n" + " Play a given SMP kid process role, with a given ID. Do not use\n" + " this option. It is meant for the master process use only.\n" #if USE_WIN32_SERVICE " -O options\n" " Set Windows Service Command line options in Registry.\n" @@ -401,312 +406,321 @@ " -S Double-check swap during rebuild.\n" " -X Force full debugging.\n" " -Y Only return UDP_HIT or UDP_MISS_NOFETCH during fast reload.\n", - APP_SHORTNAME, CACHE_HTTP_PORT, DefaultConfigFile, CACHE_ICP_PORT); - exit(1); + APP_SHORTNAME, CACHE_HTTP_PORT, DEFAULT_CONFIG_FILE, CACHE_ICP_PORT); + exit(EXIT_FAILURE); } -/** - * Parse the parameters received via command line interface. - * - * \param argc Number of options received on command line - * \param argv List of parameters received on command line - */ -static void -mainParseOptions(int argc, char *argv[]) -{ - int optIndex = 0; +/// CommandLine option IDs for --long options that lack a short (-x) equivalent +enum { + // The absolute values do not matter except that the following values should + // not be used: Values below 2 are for special getopt_long(3) use cases, and + // values in the [33,126] range are reserved for short options (-x). + optForeground = 2, + optKid +}; - // short options - const char *shortOpStr = +// short options +// TODO: consider prefixing with ':' for better logging +// (distinguish missing required argument cases) +static const char *shortOpStr = #if USE_WIN32_SERVICE - "O:Vir" + "O:Vir" #endif - "CDFNRSYXa:d:f:hk:m::n:sl:u:vz?"; - - // long options - static struct option squidOptions[] = { - {"foreground", no_argument, 0, 1 }, - {"help", no_argument, 0, 'h'}, - {"version", no_argument, 0, 'v'}, - {0, 0, 0, 0} - }; + "CDFNRSYXa:d:f:hk:m::n:sl:u:vz?"; - int c; - while ((c = getopt_long(argc, argv, shortOpStr, squidOptions, &optIndex)) != -1) { +// long options +static struct option squidOptions[] = { + {"foreground", no_argument, 0, optForeground}, + {"kid", required_argument, 0, optKid}, + {"help", no_argument, 0, 'h'}, + {"version", no_argument, 0, 'v'}, + {0, 0, 0, 0} +}; - switch (c) { +// handle a command line parameter +static void +mainHandleCommandLineOption(const int optId, const char *optValue) +{ + switch (optId) { - case 'C': - /** \par C - * Unset/disabel global option for catchign signals. opt_catch_signals */ - opt_catch_signals = 0; - break; - - case 'D': - /** \par D - * OBSOLETE: WAS: override to prevent optional startup DNS tests. */ - debugs(1,DBG_CRITICAL, "WARNING: -D command-line option is obsolete."); - break; - - case 'F': - /** \par F - * Set global option for foreground rebuild. opt_foreground_rebuild */ - opt_foreground_rebuild = 1; - break; - - case 'N': - /** \par N - * Set global option for 'no_daemon' mode. opt_no_daemon */ - opt_no_daemon = 1; - break; + case 'C': + /** \par C + * Unset/disabel global option for catchign signals. opt_catch_signals */ + opt_catch_signals = 0; + break; + + case 'D': + /** \par D + * OBSOLETE: WAS: override to prevent optional startup DNS tests. */ + debugs(1,DBG_CRITICAL, "WARNING: -D command-line option is obsolete."); + break; + + case 'F': + /** \par F + * Set global option for foreground rebuild. opt_foreground_rebuild */ + opt_foreground_rebuild = 1; + break; + + case 'N': + /** \par N + * Set global option for 'no_daemon' mode. opt_no_daemon */ + opt_no_daemon = 1; + break; #if USE_WIN32_SERVICE - case 'O': - /** \par O - * Set global option. opt_command_lin and WIN32_Command_Line */ - opt_command_line = 1; - WIN32_Command_Line = xstrdup(optarg); - break; -#endif - - case 'R': - /** \par R - * Unset/disable global option opt_reuseaddr */ - opt_reuseaddr = 0; - break; - - case 'S': - /** \par S - * Set global option opt_store_doublecheck */ - opt_store_doublecheck = 1; - break; - - case 'X': - /** \par X - * Force full debugging */ - Debug::parseOptions("rotate=0 ALL,9"); - Debug::override_X = 1; - sigusr2_handle(SIGUSR2); - break; - - case 'Y': - /** \par Y - * Set global option opt_reload_hit_only */ - opt_reload_hit_only = 1; - break; + case 'O': + /** \par O + * Set global option. opt_command_lin and WIN32_Command_Line */ + opt_command_line = 1; + WIN32_Command_Line = xstrdup(optValue); + break; +#endif + + case 'R': + /** \par R + * Unset/disable global option opt_reuseaddr */ + opt_reuseaddr = 0; + break; + + case 'S': + /** \par S + * Set global option opt_store_doublecheck */ + opt_store_doublecheck = 1; + break; + + case 'X': + /** \par X + * Force full debugging */ + Debug::parseOptions("rotate=0 ALL,9"); + Debug::override_X = 1; + sigusr2_handle(SIGUSR2); + break; + + case 'Y': + /** \par Y + * Set global option opt_reload_hit_only */ + opt_reload_hit_only = 1; + break; #if USE_WIN32_SERVICE - case 'i': - /** \par i - * Set global option opt_install_service (to TRUE) */ - opt_install_service = TRUE; - break; -#endif - - case 'a': - /** \par a - * Add optional HTTP port as given following the option */ - add_http_port(optarg); - break; - - case 'd': - /** \par d - * Set global option Debug::log_stderr to the number given following the option */ - Debug::log_stderr = atoi(optarg); - break; - - case 'f': - /** \par f - * Load the file given instead of the default squid.conf. */ - xfree(ConfigFile); - ConfigFile = xstrdup(optarg); - break; - - case 'k': - /** \par k - * Run the administrative action given following the option */ - - /** \li When it is missing or an unknown option display the usage help. */ - if (!optarg || strlen(optarg) < 1) - usage(); - - else if (!strncmp(optarg, "reconfigure", strlen(optarg))) - /** \li On reconfigure send SIGHUP. */ - opt_send_signal = SIGHUP; - else if (!strncmp(optarg, "rotate", strlen(optarg))) - /** \li On rotate send SIGQUIT or SIGUSR1. */ + case 'i': + /** \par i + * Set global option opt_install_service (to TRUE) */ + opt_install_service = TRUE; + break; +#endif + + case 'a': + { + /** \par a + * Add optional HTTP port as given following the option */ + char *port = xstrdup(optValue); + // use a copy to avoid optValue modification + add_http_port(port); + xfree(port); + break; + } + + case 'd': + /** \par d + * Set global option Debug::log_stderr to the number given following the option */ + Debug::log_stderr = xatoi(optValue); + break; + + case 'f': + /** \par f + * Load the file given instead of the default squid.conf. */ + xfree(ConfigFile); + ConfigFile = xstrdup(optValue); + break; + + case 'k': + /** \par k + * Run the administrative action given following the option */ + + /** \li When it is missing or an unknown option display the usage help. */ + if (!optValue || strlen(optValue) < 1) + usage(); + + else if (!strncmp(optValue, "reconfigure", strlen(optValue))) + /** \li On reconfigure send SIGHUP. */ + opt_send_signal = SIGHUP; + else if (!strncmp(optValue, "rotate", strlen(optValue))) + /** \li On rotate send SIGQUIT or SIGUSR1. */ #if defined(_SQUID_LINUX_THREADS_) - opt_send_signal = SIGQUIT; + opt_send_signal = SIGQUIT; #else - opt_send_signal = SIGUSR1; + opt_send_signal = SIGUSR1; #endif - else if (!strncmp(optarg, "debug", strlen(optarg))) - /** \li On debug send SIGTRAP or SIGUSR2. */ + else if (!strncmp(optValue, "debug", strlen(optValue))) + /** \li On debug send SIGTRAP or SIGUSR2. */ #if defined(_SQUID_LINUX_THREADS_) - opt_send_signal = SIGTRAP; + opt_send_signal = SIGTRAP; #else - opt_send_signal = SIGUSR2; + opt_send_signal = SIGUSR2; #endif - else if (!strncmp(optarg, "shutdown", strlen(optarg))) - /** \li On shutdown send SIGTERM. */ - opt_send_signal = SIGTERM; - else if (!strncmp(optarg, "interrupt", strlen(optarg))) - /** \li On interrupt send SIGINT. */ - opt_send_signal = SIGINT; - else if (!strncmp(optarg, "kill", strlen(optarg))) - /** \li On kill send SIGKILL. */ - opt_send_signal = SIGKILL; + else if (!strncmp(optValue, "shutdown", strlen(optValue))) + /** \li On shutdown send SIGTERM. */ + opt_send_signal = SIGTERM; + else if (!strncmp(optValue, "interrupt", strlen(optValue))) + /** \li On interrupt send SIGINT. */ + opt_send_signal = SIGINT; + else if (!strncmp(optValue, "kill", strlen(optValue))) + /** \li On kill send SIGKILL. */ + opt_send_signal = SIGKILL; #ifdef SIGTTIN - else if (!strncmp(optarg, "restart", strlen(optarg))) - /** \li On restart send SIGTTIN. (exit and restart by parent) */ - opt_send_signal = SIGTTIN; + else if (!strncmp(optValue, "restart", strlen(optValue))) + /** \li On restart send SIGTTIN. (exit and restart by parent) */ + opt_send_signal = SIGTTIN; #endif - else if (!strncmp(optarg, "check", strlen(optarg))) - /** \li On check send 0 / SIGNULL. */ - opt_send_signal = 0; /* SIGNULL */ - else if (!strncmp(optarg, "parse", strlen(optarg))) - /** \li On parse set global flag to re-parse the config file only. */ - opt_parse_cfg_only = 1; - else - usage(); - - break; - - case 'm': - /** \par m - * Set global malloc_debug_level to the value given following the option. - * if none is given it toggles the xmalloc_trace option on/off */ - if (optarg) { + else if (!strncmp(optValue, "check", strlen(optValue))) + /** \li On check send 0 / SIGNULL. */ + opt_send_signal = 0; /* SIGNULL */ + else if (!strncmp(optValue, "parse", strlen(optValue))) + /** \li On parse set global flag to re-parse the config file only. */ + opt_parse_cfg_only = 1; + else + usage(); + + break; + + case 'm': + /** \par m + * Set global malloc_debug_level to the value given following the option. + * if none is given it toggles the xmalloc_trace option on/off */ + if (optValue) { #if MALLOC_DBG - malloc_debug_level = atoi(optarg); + malloc_debug_level = xatoi(optValue); #else - fatal("Need to add -DMALLOC_DBG when compiling to use -mX option"); + fatal("Need to add -DMALLOC_DBG when compiling to use -mX option"); #endif - } - break; + } + break; - case 'n': - /** \par n - * Set global option opt_signal_service (to true). - * Stores the additional parameter given in global service_name */ - if (optarg && *optarg != '\0') { - const SBuf t(optarg); - ::Parser::Tokenizer tok(t); - const CharacterSet chr = CharacterSet::ALPHA+CharacterSet::DIGIT; - if (!tok.prefix(service_name, chr)) - fatalf("Expected alphanumeric service name for the -n option but got: %s", optarg); - if (!tok.atEnd()) - fatalf("Garbage after alphanumeric service name in the -n option value: %s", optarg); - if (service_name.length() > 32) - fatalf("Service name (-n option) must be limited to 32 characters but got %u", service_name.length()); - opt_signal_service = true; - } else { - fatal("A service name is required for the -n option"); - } - break; + case 'n': + /** \par n + * Set global option opt_signal_service (to true). + * Stores the additional parameter given in global service_name */ + if (optValue && *optValue != '\0') { + const SBuf t(optValue); + ::Parser::Tokenizer tok(t); + const CharacterSet chr = CharacterSet::ALPHA+CharacterSet::DIGIT; + if (!tok.prefix(service_name, chr)) + fatalf("Expected alphanumeric service name for the -n option but got: %s", optValue); + if (!tok.atEnd()) + fatalf("Garbage after alphanumeric service name in the -n option value: %s", optValue); + if (service_name.length() > 32) + fatalf("Service name (-n option) must be limited to 32 characters but got %u", service_name.length()); + opt_signal_service = true; + } else { + fatal("A service name is required for the -n option"); + } + break; #if USE_WIN32_SERVICE - case 'r': - /** \par r - * Set global option opt_remove_service (to TRUE) */ - opt_remove_service = TRUE; + case 'r': + /** \par r + * Set global option opt_remove_service (to TRUE) */ + opt_remove_service = TRUE; - break; + break; #endif - case 'l': - /** \par l - * Stores the syslog facility name in global opt_syslog_facility - * then performs actions for -s option. */ - xfree(opt_syslog_facility); // ignore any previous options sent - opt_syslog_facility = xstrdup(optarg); + case 'l': + /** \par l + * Stores the syslog facility name in global opt_syslog_facility + * then performs actions for -s option. */ + xfree(opt_syslog_facility); // ignore any previous options sent + opt_syslog_facility = xstrdup(optValue); - case 's': - /** \par s - * Initialize the syslog for output */ + case 's': + /** \par s + * Initialize the syslog for output */ #if HAVE_SYSLOG - _db_set_syslog(opt_syslog_facility); + _db_set_syslog(opt_syslog_facility); - break; + break; #else - fatal("Logging to syslog not available on this platform"); + fatal("Logging to syslog not available on this platform"); - /* NOTREACHED */ + /* NOTREACHED */ #endif - case 'u': - /** \par u - * Store the ICP port number given in global option icpPortNumOverride - * ensuring its a positive number. */ - icpPortNumOverride = atoi(optarg); - - if (icpPortNumOverride < 0) - icpPortNumOverride = 0; - - break; - - case 'v': - /** \par v - * Display squid version and build information. Then exit. */ - printf("Squid Cache: Version %s\n" ,version_string); - printf("Service Name: " SQUIDSBUFPH "\n", SQUIDSBUFPRINT(service_name)); - if (strlen(SQUID_BUILD_INFO)) - printf("%s\n",SQUID_BUILD_INFO); + case 'u': + /** \par u + * Store the ICP port number given in global option icpPortNumOverride + * ensuring its a positive number. */ + icpPortNumOverride = atoi(optValue); + + if (icpPortNumOverride < 0) + icpPortNumOverride = 0; + + break; + + case 'v': + /** \par v + * Display squid version and build information. Then exit. */ + printf("Squid Cache: Version %s\n",version_string); + printf("Service Name: " SQUIDSBUFPH "\n", SQUIDSBUFPRINT(service_name)); + if (strlen(SQUID_BUILD_INFO)) + printf("%s\n",SQUID_BUILD_INFO); #if USE_OPENSSL - printf("\nThis binary uses %s. ", SSLeay_version(SSLEAY_VERSION)); - printf("For legal restrictions on distribution see https://www.openssl.org/source/license.html\n\n"); + printf("\nThis binary uses %s. ", SSLeay_version(SSLEAY_VERSION)); + printf("For legal restrictions on distribution see https://www.openssl.org/source/license.html\n\n"); #endif - printf( "configure options: %s\n", SQUID_CONFIGURE_OPTIONS); + printf( "configure options: %s\n", SQUID_CONFIGURE_OPTIONS); #if USE_WIN32_SERVICE - printf("Compiled as Windows System Service.\n"); + printf("Compiled as Windows System Service.\n"); #endif - exit(0); - - /* NOTREACHED */ + exit(EXIT_SUCCESS); - case 'z': - /** \par z - * Set global option Debug::log_stderr and opt_create_swap_dirs */ - Debug::log_stderr = 1; - opt_create_swap_dirs = 1; - break; - - case 1: - /** \par --foreground - * Set global option opt_foreground */ - opt_foreground = 1; - break; - - case 'h': - - case '?': - - default: - /** \par h,?, or unknown - * \copydoc usage() */ - usage(); + /* NOTREACHED */ - break; - } + case 'z': + /** \par z + * Set global option Debug::log_stderr and opt_create_swap_dirs */ + Debug::log_stderr = 1; + opt_create_swap_dirs = 1; + break; + + case optForeground: + /** \par --foreground + * Set global option opt_foreground */ + opt_foreground = 1; + break; + + case optKid: + // already processed in ConfigureCurrentKid() + break; + + case 'h': + + case '?': + + default: + /** \par h,?, or unknown + * \copydoc usage() */ + usage(); + break; } } @@ -881,15 +895,9 @@ #if USE_HTCP htcpClosePorts(); #endif -#if USE_SSL_CRTD - Ssl::Helper::GetInstance()->Shutdown(); -#endif #if USE_OPENSSL - if (Ssl::CertValidationHelper::GetInstance()) - Ssl::CertValidationHelper::GetInstance()->Shutdown(); Ssl::TheGlobalContextStorage.reconfigureStart(); #endif - redirectShutdown(); #if USE_AUTH authenticateReset(); #endif @@ -977,14 +985,13 @@ storeLogOpen(); Dns::Init(); #if USE_SSL_CRTD - Ssl::Helper::GetInstance()->Init(); + Ssl::Helper::Reconfigure(); #endif #if USE_OPENSSL - if (Ssl::CertValidationHelper::GetInstance()) - Ssl::CertValidationHelper::GetInstance()->Init(); + Ssl::CertValidationHelper::Reconfigure(); #endif - redirectInit(); + redirectReconfigure(); #if USE_AUTH authenticateInit(&Auth::TheConfig); #endif @@ -1187,12 +1194,11 @@ Dns::Init(); #if USE_SSL_CRTD - Ssl::Helper::GetInstance()->Init(); + Ssl::Helper::Init(); #endif #if USE_OPENSSL - if (Ssl::CertValidationHelper::GetInstance()) - Ssl::CertValidationHelper::GetInstance()->Init(); + Ssl::CertValidationHelper::Init(); #endif redirectInit(); @@ -1416,26 +1422,27 @@ /// computes name and ID for the current kid process static void -ConfigureCurrentKid(const char *processName) +ConfigureCurrentKid(const CommandLine &cmdLine) { - // kids are marked with parenthesis around their process names - if (processName && processName[0] == '(') { - if (const char *idStart = strrchr(processName, '-')) { - KidIdentifier = atoi(idStart + 1); - const size_t nameLen = idStart - (processName + 1); - assert(nameLen < sizeof(TheKidName)); - xstrncpy(TheKidName, processName + 1, nameLen + 1); - if (!strcmp(TheKidName, "squid-coord")) - TheProcessKind = pkCoordinator; - else if (!strcmp(TheKidName, "squid")) - TheProcessKind = pkWorker; - else if (!strcmp(TheKidName, "squid-disk")) - TheProcessKind = pkDisker; - else - TheProcessKind = pkOther; // including coordinator - } + const char *kidParams = nullptr; + if (cmdLine.hasOption(optKid, &kidParams)) { + SBuf processName(kidParams); + SBuf kidId; + Parser::Tokenizer tok(processName); + tok.suffix(kidId, CharacterSet::DIGIT); + KidIdentifier = xatoi(kidId.c_str()); + tok.skipSuffix(SBuf("-")); + TheKidName = tok.remaining(); + if (TheKidName.cmp("squid-coord") == 0) + TheProcessKind = pkCoordinator; + else if (TheKidName.cmp("squid") == 0) + TheProcessKind = pkWorker; + else if (TheKidName.cmp("squid-disk") == 0) + TheProcessKind = pkDisker; + else + TheProcessKind = pkOther; // including coordinator } else { - xstrncpy(TheKidName, APP_SHORTNAME, sizeof(TheKidName)); + TheKidName.assign(APP_SHORTNAME); KidIdentifier = 0; } } @@ -1449,7 +1456,9 @@ int SquidMain(int argc, char **argv) { - ConfigureCurrentKid(argv[0]); + const CommandLine cmdLine(argc, argv, shortOpStr, squidOptions); + + ConfigureCurrentKid(cmdLine); Debug::parseOptions(NULL); @@ -1496,7 +1505,7 @@ #endif - mainParseOptions(argc, argv); + cmdLine.forEachOption(mainHandleCommandLineOption); if (opt_foreground && opt_no_daemon) { debugs(1, DBG_CRITICAL, "WARNING: --foreground command-line option has no effect with -N."); @@ -1531,7 +1540,7 @@ int parse_err; if (!ConfigFile) - ConfigFile = xstrdup(DefaultConfigFile); + ConfigFile = xstrdup(DEFAULT_CONFIG_FILE); assert(!configured_once); @@ -1612,7 +1621,7 @@ if (IamMasterProcess()) { if (InDaemonMode()) { - watch_child(argv); + watch_child(cmdLine); // NOTREACHED } else { Instance::WriteOurPid(); @@ -1885,10 +1894,9 @@ #endif /* !_SQUID_WINDOWS_ */ static void -watch_child(char *argv[]) +watch_child(const CommandLine &masterCommand) { #if !_SQUID_WINDOWS_ - char *prog; pid_t pid; #ifdef TIOCNOTTY @@ -1992,23 +2000,28 @@ continue; if (!mainStartScriptCalled) { - mainStartScript(argv[0]); + mainStartScript(masterCommand.arg0()); mainStartScriptCalled = true; } + // These are only needed by the forked child below, but let's keep + // them out of that "no man's land" between fork() and execvp(). + auto kidCommand = masterCommand; + kidCommand.resetArg0(kid.processName().c_str()); + assert(!kidCommand.hasOption(optKid)); + kidCommand.pushFrontOption("--kid", kid.gist().c_str()); + if ((pid = fork()) == 0) { /* child */ openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); - prog = argv[0]; - argv[0] = const_cast(kid.name().termedBuf()); - execvp(prog, argv); + (void)execvp(masterCommand.arg0(), kidCommand.argv()); int xerrno = errno; syslog(LOG_ALERT, "execvp failed: %s", xstrerr(xerrno)); } kid.start(pid); syslog(LOG_NOTICE, "Squid Parent: %s process %d started", - kid.name().termedBuf(), pid); + kid.processName().c_str(), pid); } /* parent */ @@ -2068,11 +2081,10 @@ debugs(1, DBG_IMPORTANT, "Shutting down..."); #if USE_SSL_CRTD - Ssl::Helper::GetInstance()->Shutdown(); + Ssl::Helper::Shutdown(); #endif #if USE_OPENSSL - if (Ssl::CertValidationHelper::GetInstance()) - Ssl::CertValidationHelper::GetInstance()->Shutdown(); + Ssl::CertValidationHelper::Shutdown(); #endif redirectShutdown(); externalAclShutdown(); diff -u -r -N squid-4.0.24/src/Makefile.am squid-4.0.25/src/Makefile.am --- squid-4.0.24/src/Makefile.am 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/Makefile.am 2018-06-12 04:30:57.000000000 +1200 @@ -250,6 +250,8 @@ clientStreamForward.h \ CollapsedForwarding.cc \ CollapsedForwarding.h \ + CommandLine.cc \ + CommandLine.h \ CompletionDispatcher.cc \ CompletionDispatcher.h \ CommRead.h \ @@ -726,9 +728,6 @@ mib.txt \ mime.conf.default -# Make location configure settings available to the code -DEFS += -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" - snmp_core.o snmp_agent.o: ../lib/snmplib/libsnmplib.la $(top_srcdir)/include/cache_snmp.h globals.cc: globals.h mk-globals-c.awk diff -u -r -N squid-4.0.24/src/Makefile.in squid-4.0.25/src/Makefile.in --- squid-4.0.24/src/Makefile.in 2018-03-08 02:24:41.000000000 +1300 +++ squid-4.0.25/src/Makefile.in 2018-06-12 04:47:59.000000000 +1200 @@ -245,38 +245,39 @@ client_side_request.cc client_side_request.h ClientInfo.h \ BodyPipe.cc BodyPipe.h ClientRequestContext.h clientStream.cc \ clientStream.h clientStreamForward.h CollapsedForwarding.cc \ - CollapsedForwarding.h CompletionDispatcher.cc \ - CompletionDispatcher.h CommRead.h ConfigOption.cc \ - ConfigParser.cc ConfigParser.h CpuAffinity.cc CpuAffinity.h \ - CpuAffinityMap.cc CpuAffinityMap.h CpuAffinitySet.cc \ - CpuAffinitySet.h debug.cc Debug.h defines.h CommonPool.h \ - CompositePoolNode.h delay_pools.cc DelayId.cc DelayId.h \ - DelayIdComposite.h DelayBucket.cc DelayBucket.h DelayConfig.cc \ - DelayConfig.h DelayPool.cc DelayPool.h DelayPools.h \ - DelaySpec.cc DelaySpec.h DelayTagged.cc DelayTagged.h \ - DelayUser.cc DelayUser.h DelayVector.cc DelayVector.h \ - NullDelayId.h ClientDelayConfig.cc ClientDelayConfig.h fs_io.h \ - fs_io.cc dlink.h dlink.cc dns_internal.cc Downloader.cc \ - Downloader.h enums.h err_type.h err_detail_type.h errorpage.cc \ - errorpage.h ETag.cc ETag.h event.cc event.h EventLoop.h \ - EventLoop.cc external_acl.cc ExternalACL.h ExternalACLEntry.cc \ - ExternalACLEntry.h FadingCounter.h FadingCounter.cc fatal.h \ - fatal.cc fd.h fd.cc fde.cc fde.h FileMap.h filemap.cc \ - fqdncache.h fqdncache.cc FwdState.cc FwdState.h Generic.h \ - globals.h gopher.h gopher.cc helper.cc helper.h hier_code.h \ - HierarchyLogEntry.h htcp.cc htcp.h http.cc http.h \ - HttpHeaderFieldStat.h HttpHdrCc.h HttpHdrCc.cc HttpHdrCc.cci \ - HttpHdrRange.cc HttpHdrSc.cc HttpHdrSc.h HttpHdrScTarget.cc \ - HttpHdrScTarget.h HttpHdrContRange.cc HttpHdrContRange.h \ - HttpHeaderStat.h HttpHeader.h HttpHeader.cc HttpHeaderMask.h \ - HttpHeaderRange.h HttpHeaderFieldInfo.h HttpHeaderTools.h \ - HttpHeaderTools.cc HttpBody.h HttpBody.cc HttpControlMsg.cc \ - HttpControlMsg.h HttpMsg.cc HttpMsg.h HttpReply.cc HttpReply.h \ - RequestFlags.h RequestFlags.cc HttpRequest.cc HttpRequest.h \ - ICP.h icp_opcode.h icp_v2.cc icp_v3.cc Instance.h Instance.cc \ - int.h int.cc internal.h internal.cc SquidIpc.h ipc.cc \ - ipc_win32.cc ipcache.cc ipcache.h LeakFinder.cc LogTags.cc \ - LogTags.h lookup_t.h main.cc MasterXaction.cc MasterXaction.h \ + CollapsedForwarding.h CommandLine.cc CommandLine.h \ + CompletionDispatcher.cc CompletionDispatcher.h CommRead.h \ + ConfigOption.cc ConfigParser.cc ConfigParser.h CpuAffinity.cc \ + CpuAffinity.h CpuAffinityMap.cc CpuAffinityMap.h \ + CpuAffinitySet.cc CpuAffinitySet.h debug.cc Debug.h defines.h \ + CommonPool.h CompositePoolNode.h delay_pools.cc DelayId.cc \ + DelayId.h DelayIdComposite.h DelayBucket.cc DelayBucket.h \ + DelayConfig.cc DelayConfig.h DelayPool.cc DelayPool.h \ + DelayPools.h DelaySpec.cc DelaySpec.h DelayTagged.cc \ + DelayTagged.h DelayUser.cc DelayUser.h DelayVector.cc \ + DelayVector.h NullDelayId.h ClientDelayConfig.cc \ + ClientDelayConfig.h fs_io.h fs_io.cc dlink.h dlink.cc \ + dns_internal.cc Downloader.cc Downloader.h enums.h err_type.h \ + err_detail_type.h errorpage.cc errorpage.h ETag.cc ETag.h \ + event.cc event.h EventLoop.h EventLoop.cc external_acl.cc \ + ExternalACL.h ExternalACLEntry.cc ExternalACLEntry.h \ + FadingCounter.h FadingCounter.cc fatal.h fatal.cc fd.h fd.cc \ + fde.cc fde.h FileMap.h filemap.cc fqdncache.h fqdncache.cc \ + FwdState.cc FwdState.h Generic.h globals.h gopher.h gopher.cc \ + helper.cc helper.h hier_code.h HierarchyLogEntry.h htcp.cc \ + htcp.h http.cc http.h HttpHeaderFieldStat.h HttpHdrCc.h \ + HttpHdrCc.cc HttpHdrCc.cci HttpHdrRange.cc HttpHdrSc.cc \ + HttpHdrSc.h HttpHdrScTarget.cc HttpHdrScTarget.h \ + HttpHdrContRange.cc HttpHdrContRange.h HttpHeaderStat.h \ + HttpHeader.h HttpHeader.cc HttpHeaderMask.h HttpHeaderRange.h \ + HttpHeaderFieldInfo.h HttpHeaderTools.h HttpHeaderTools.cc \ + HttpBody.h HttpBody.cc HttpControlMsg.cc HttpControlMsg.h \ + HttpMsg.cc HttpMsg.h HttpReply.cc HttpReply.h RequestFlags.h \ + RequestFlags.cc HttpRequest.cc HttpRequest.h ICP.h \ + icp_opcode.h icp_v2.cc icp_v3.cc Instance.h Instance.cc int.h \ + int.cc internal.h internal.cc SquidIpc.h ipc.cc ipc_win32.cc \ + ipcache.cc ipcache.h LeakFinder.cc LogTags.cc LogTags.h \ + lookup_t.h main.cc MasterXaction.cc MasterXaction.h \ mem_node.cc mem_node.h MemBuf.cc MemObject.cc MemObject.h \ MessageSizes.h mime.h mime.cc mime_header.h mime_header.cc \ multicast.h multicast.cc neighbors.h neighbors.cc Notes.h \ @@ -341,13 +342,14 @@ cbdata.$(OBJEXT) client_db.$(OBJEXT) client_side.$(OBJEXT) \ client_side_reply.$(OBJEXT) client_side_request.$(OBJEXT) \ BodyPipe.$(OBJEXT) clientStream.$(OBJEXT) \ - CollapsedForwarding.$(OBJEXT) CompletionDispatcher.$(OBJEXT) \ - ConfigOption.$(OBJEXT) ConfigParser.$(OBJEXT) \ - CpuAffinity.$(OBJEXT) CpuAffinityMap.$(OBJEXT) \ - CpuAffinitySet.$(OBJEXT) debug.$(OBJEXT) $(am__objects_3) \ - fs_io.$(OBJEXT) dlink.$(OBJEXT) $(am__objects_4) \ - Downloader.$(OBJEXT) errorpage.$(OBJEXT) ETag.$(OBJEXT) \ - event.$(OBJEXT) EventLoop.$(OBJEXT) external_acl.$(OBJEXT) \ + CollapsedForwarding.$(OBJEXT) CommandLine.$(OBJEXT) \ + CompletionDispatcher.$(OBJEXT) ConfigOption.$(OBJEXT) \ + ConfigParser.$(OBJEXT) CpuAffinity.$(OBJEXT) \ + CpuAffinityMap.$(OBJEXT) CpuAffinitySet.$(OBJEXT) \ + debug.$(OBJEXT) $(am__objects_3) fs_io.$(OBJEXT) \ + dlink.$(OBJEXT) $(am__objects_4) Downloader.$(OBJEXT) \ + errorpage.$(OBJEXT) ETag.$(OBJEXT) event.$(OBJEXT) \ + EventLoop.$(OBJEXT) external_acl.$(OBJEXT) \ ExternalACLEntry.$(OBJEXT) FadingCounter.$(OBJEXT) \ fatal.$(OBJEXT) fd.$(OBJEXT) fde.$(OBJEXT) filemap.$(OBJEXT) \ fqdncache.$(OBJEXT) FwdState.$(OBJEXT) gopher.$(OBJEXT) \ @@ -2498,7 +2500,7 @@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -# Make location configure settings available to the code +# Make ./configure location settings above available to the code DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" @@ -2852,11 +2854,11 @@ client_side_request.h ClientInfo.h BodyPipe.cc BodyPipe.h \ ClientInfo.h ClientRequestContext.h clientStream.cc \ clientStream.h clientStreamForward.h CollapsedForwarding.cc \ - CollapsedForwarding.h CompletionDispatcher.cc \ - CompletionDispatcher.h CommRead.h ConfigOption.cc \ - ConfigParser.cc ConfigParser.h CpuAffinity.cc CpuAffinity.h \ - CpuAffinityMap.cc CpuAffinityMap.h CpuAffinitySet.cc \ - CpuAffinitySet.h debug.cc Debug.h defines.h \ + CollapsedForwarding.h CommandLine.cc CommandLine.h \ + CompletionDispatcher.cc CompletionDispatcher.h CommRead.h \ + ConfigOption.cc ConfigParser.cc ConfigParser.h CpuAffinity.cc \ + CpuAffinity.h CpuAffinityMap.cc CpuAffinityMap.h \ + CpuAffinitySet.cc CpuAffinitySet.h debug.cc Debug.h defines.h \ $(DELAY_POOL_SOURCE) fs_io.h fs_io.cc dlink.h dlink.cc \ $(DNSSOURCE) Downloader.cc Downloader.h enums.h err_type.h \ err_detail_type.h errorpage.cc errorpage.h ETag.cc ETag.h \ @@ -6547,6 +6549,7 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ClientDelayConfig.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/CollapsedForwarding.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/CommCalls.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/CommandLine.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/CompletionDispatcher.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ConfigOption.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ConfigParser.Po@am__quote@ diff -u -r -N squid-4.0.24/src/mem/Makefile.in squid-4.0.25/src/mem/Makefile.in --- squid-4.0.24/src/mem/Makefile.in 2018-03-08 02:24:43.000000000 +1300 +++ squid-4.0.25/src/mem/Makefile.in 2018-06-12 04:48:02.000000000 +1200 @@ -493,7 +493,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/MemStore.cc squid-4.0.25/src/MemStore.cc --- squid-4.0.24/src/MemStore.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/MemStore.cc 2018-06-12 04:30:57.000000000 +1200 @@ -882,7 +882,7 @@ e.mem_obj->memCache.index = -1; e.mem_obj->memCache.io = MemObject::ioDone; - map->closeForWriting(index, false); + map->closeForWriting(index); CollapsedForwarding::Broadcast(e); // before we close our transient entry! Store::Root().transientsCompleteWriting(e); diff -u -r -N squid-4.0.24/src/mgr/Makefile.in squid-4.0.25/src/mgr/Makefile.in --- squid-4.0.24/src/mgr/Makefile.in 2018-03-08 02:24:44.000000000 +1300 +++ squid-4.0.25/src/mgr/Makefile.in 2018-06-12 04:48:02.000000000 +1200 @@ -497,7 +497,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/neighbors.cc squid-4.0.25/src/neighbors.cc --- squid-4.0.24/src/neighbors.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/neighbors.cc 2018-06-12 04:30:57.000000000 +1200 @@ -136,7 +136,6 @@ bool peerAllowedToUse(const CachePeer * p, HttpRequest * request) { - assert(request != NULL); if (neighborType(p, request->url) == PEER_SIBLING) { @@ -167,7 +166,8 @@ return true; ACLFilledChecklist checklist(p->access, request, NULL); - +// checklist.al = ps->al; + checklist.syncAle(request, nullptr); return checklist.fastCheck().allowed(); } @@ -984,7 +984,7 @@ debugs(15, 6, "neighborsUdpAck: opcode " << opcode << " '" << storeKeyText(key) << "'"); - if ((entry = Store::Root().findCallback(key))) + if ((entry = Store::Root().findCallbackXXX(key))) mem = entry->mem_obj; if ((p = whichPeer(from))) @@ -1278,7 +1278,7 @@ peerConnectSucceded(CachePeer * p) { if (!p->tcp_up) { - debugs(15, 2, "TCP connection to " << p->host << "/" << p->http_port << " succeded"); + debugs(15, 2, "TCP connection to " << p->host << "/" << p->http_port << " succeeded"); p->tcp_up = p->connect_fail_limit; // NP: so peerAlive(p) works properly. peerAlive(p); if (!p->n_addresses) @@ -1692,7 +1692,7 @@ void neighborsHtcpReply(const cache_key * key, HtcpReplyData * htcp, const Ip::Address &from) { - StoreEntry *e = Store::Root().findCallback(key); + StoreEntry *e = Store::Root().findCallbackXXX(key); MemObject *mem = NULL; CachePeer *p; peer_t ntype = PEER_NONE; diff -u -r -N squid-4.0.24/src/Notes.cc squid-4.0.25/src/Notes.cc --- squid-4.0.24/src/Notes.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/Notes.cc 2018-06-12 04:30:57.000000000 +1200 @@ -42,7 +42,9 @@ typedef Values::iterator VLI; ACLFilledChecklist ch(NULL, request, NULL); + ch.al = al; ch.reply = reply; + ch.syncAle(request, nullptr); if (reply) HTTPMSGLOCK(ch.reply); diff -u -r -N squid-4.0.24/src/parser/Makefile.in squid-4.0.25/src/parser/Makefile.in --- squid-4.0.24/src/parser/Makefile.in 2018-03-08 02:24:44.000000000 +1300 +++ squid-4.0.25/src/parser/Makefile.in 2018-06-12 04:48:02.000000000 +1200 @@ -492,7 +492,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/Parsing.cc squid-4.0.25/src/Parsing.cc --- squid-4.0.24/src/Parsing.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/Parsing.cc 2018-06-12 04:30:57.000000000 +1200 @@ -286,7 +286,7 @@ if (NULL == host) ipa->setAnyAddr(); - else if ( ipa->GetHostByName(host) ) /* dont use ipcache. Accept either FQDN or IPA. */ + else if (ipa->GetHostByName(host)) /* do not use ipcache. Accept either FQDN or IPA. */ (void) 0; else return false; diff -u -r -N squid-4.0.24/src/pconn.cc squid-4.0.25/src/pconn.cc --- squid-4.0.24/src/pconn.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/pconn.cc 2018-06-12 04:30:57.000000000 +1200 @@ -255,7 +255,7 @@ if (!isAvailable(i)) continue; - // local end port is required, but dont match. + // local end port is required, but do not match. if (keyCheckPort && aKey->local.port() != theList_[i]->local.port()) continue; diff -u -r -N squid-4.0.24/src/redirect.cc squid-4.0.25/src/redirect.cc --- squid-4.0.24/src/redirect.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/redirect.cc 2018-06-12 04:30:57.000000000 +1200 @@ -35,7 +35,7 @@ #include "ssl/support.h" #endif -/// url maximum lengh + extra informations passed to redirector +/// url maximum length + extra informations passed to redirector #define MAX_REDIRECTOR_REQUEST_STRLEN (MAX_URL + 1024) class RedirectStateData @@ -434,3 +434,10 @@ storeIdExtrasFmt = NULL; } +void +redirectReconfigure() +{ + redirectShutdown(); + redirectInit(); +} + diff -u -r -N squid-4.0.24/src/redirect.h squid-4.0.25/src/redirect.h --- squid-4.0.24/src/redirect.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/redirect.h 2018-06-12 04:30:57.000000000 +1200 @@ -19,6 +19,7 @@ void redirectInit(void); void redirectShutdown(void); +void redirectReconfigure(); void redirectStart(ClientHttpRequest *, HLPCB *, void *); void storeIdStart(ClientHttpRequest *, HLPCB *, void *); diff -u -r -N squid-4.0.24/src/repl/Makefile.in squid-4.0.25/src/repl/Makefile.in --- squid-4.0.24/src/repl/Makefile.in 2018-03-08 02:24:44.000000000 +1300 +++ squid-4.0.25/src/repl/Makefile.in 2018-06-12 04:48:02.000000000 +1200 @@ -503,7 +503,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/RequestFlags.h squid-4.0.25/src/RequestFlags.h --- squid-4.0.24/src/RequestFlags.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/RequestFlags.h 2018-06-12 04:30:57.000000000 +1200 @@ -90,7 +90,7 @@ bool noDirect = false; /** Reply with chunked transfer encoding */ bool chunkedReply = false; - /** set if stream error has occured */ + /** set if stream error has occurred */ bool streamError = false; /** internal ssl-bump request to get server cert */ bool sslPeek = false; diff -u -r -N squid-4.0.24/src/sbuf/Makefile.in squid-4.0.25/src/sbuf/Makefile.in --- squid-4.0.24/src/sbuf/Makefile.in 2018-03-08 02:24:44.000000000 +1300 +++ squid-4.0.25/src/sbuf/Makefile.in 2018-06-12 04:48:02.000000000 +1200 @@ -493,7 +493,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/security/cert_generators/file/Makefile.in squid-4.0.25/src/security/cert_generators/file/Makefile.in --- squid-4.0.24/src/security/cert_generators/file/Makefile.in 2018-03-08 02:24:44.000000000 +1300 +++ squid-4.0.25/src/security/cert_generators/file/Makefile.in 2018-06-12 04:48:03.000000000 +1200 @@ -505,7 +505,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/security/cert_validators/fake/Makefile.in squid-4.0.25/src/security/cert_validators/fake/Makefile.in --- squid-4.0.24/src/security/cert_validators/fake/Makefile.in 2018-03-08 02:24:44.000000000 +1300 +++ squid-4.0.25/src/security/cert_validators/fake/Makefile.in 2018-06-12 04:48:03.000000000 +1200 @@ -431,7 +431,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/security/cert_validators/fake/security_fake_certverify.8 squid-4.0.25/src/security/cert_validators/fake/security_fake_certverify.8 --- squid-4.0.24/src/security/cert_validators/fake/security_fake_certverify.8 2018-03-08 02:33:27.000000000 +1300 +++ squid-4.0.25/src/security/cert_validators/fake/security_fake_certverify.8 2018-06-12 04:56:21.000000000 +1200 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SECURITY_FAKE_CERTVERIFY 8" -.TH SECURITY_FAKE_CERTVERIFY 8 "2018-03-07" "perl v5.26.1" "User Contributed Perl Documentation" +.TH SECURITY_FAKE_CERTVERIFY 8 "2018-06-11" "perl v5.26.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-4.0.24/src/security/KeyData.cc squid-4.0.25/src/security/KeyData.cc --- squid-4.0.24/src/security/KeyData.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/security/KeyData.cc 2018-06-12 04:30:57.000000000 +1200 @@ -86,8 +86,6 @@ Security::KeyData::loadX509ChainFromFile() { #if USE_OPENSSL - // XXX: This BIO loads the public cert as first chain cert, - // so the code appending chains sends it twice in handshakes. const char *certFilename = certFile.c_str(); Ssl::BIO_Pointer bio(BIO_new(BIO_s_file())); if (!bio || !BIO_read_filename(bio.get(), certFilename)) { @@ -96,14 +94,41 @@ return; } - if (X509_check_issued(cert.get(), cert.get()) == X509_V_OK) - debugs(83, 5, "Certificate is self-signed, will not be chained"); - else { +#if TLS_CHAIN_NO_SELFSIGNED // ignore self-signed certs in the chain + if (X509_check_issued(cert.get(), cert.get()) == X509_V_OK) { + char *nameStr = X509_NAME_oneline(X509_get_subject_name(cert.get()), nullptr, 0); + debugs(83, DBG_PARSE_NOTE(2), "Certificate is self-signed, will not be chained: " << nameStr); + OPENSSL_free(nameStr); + } else +#endif + { + debugs(83, DBG_PARSE_NOTE(3), "Using certificate chain in " << certFile); // and add to the chain any other certificate exist in the file - while (X509 *ca = PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr)) { - // XXX: self-signed check should be applied to all certs loaded. - // XXX: missing checks that the chained certs are actually part of a chain for validating cert. - chain.emplace_front(Security::CertPointer(ca)); + CertPointer latestCert = cert; + + while (auto ca = PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr)) { + // get Issuer name of the cert for debug display + char *nameStr = X509_NAME_oneline(X509_get_subject_name(ca), nullptr, 0); + +#if TLS_CHAIN_NO_SELFSIGNED // ignore self-signed certs in the chain + // self-signed certificates are not valid in a sent chain + if (X509_check_issued(ca, ca) == X509_V_OK) { + debugs(83, DBG_PARSE_NOTE(2), "CA " << nameStr << " is self-signed, will not be chained: " << nameStr); + OPENSSL_free(nameStr); + continue; + } +#endif + // checks that the chained certs are actually part of a chain for validating cert + if (X509_check_issued(ca, latestCert.get()) == X509_V_OK) { + debugs(83, DBG_PARSE_NOTE(3), "Adding issuer CA: " << nameStr); + // OpenSSL API requires that we order certificates such that the + // chain can be appended directly into the on-wire traffic. + latestCert = CertPointer(ca); + chain.emplace_front(latestCert); + } else { + debugs(83, DBG_PARSE_NOTE(2), "Ignoring non-issuer CA from " << certFile << ": " << nameStr); + } + OPENSSL_free(nameStr); } } diff -u -r -N squid-4.0.24/src/security/Makefile.in squid-4.0.25/src/security/Makefile.in --- squid-4.0.24/src/security/Makefile.in 2018-03-08 02:24:44.000000000 +1300 +++ squid-4.0.25/src/security/Makefile.in 2018-06-12 04:48:02.000000000 +1200 @@ -535,7 +535,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/security/PeerConnector.cc squid-4.0.25/src/security/PeerConnector.cc --- squid-4.0.24/src/security/PeerConnector.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/security/PeerConnector.cc 2018-06-12 04:30:57.000000000 +1200 @@ -131,6 +131,7 @@ if (acl_access *acl = ::Config.ssl_client.cert_error) { ACLFilledChecklist *check = new ACLFilledChecklist(acl, request.getRaw(), dash_str); check->al = al; + check->syncAle(request.getRaw(), nullptr); // check->fd(fd); XXX: need client FD here SSL_set_ex_data(serverSession.get(), ssl_ex_index_cert_error_check, check); } @@ -241,7 +242,7 @@ try { debugs(83, 5, "Sending SSL certificate for validation to ssl_crtvd."); AsyncCall::Pointer call = asyncCall(83,5, "Security::PeerConnector::sslCrtvdHandleReply", Ssl::CertValidationHelper::CbDialer(this, &Security::PeerConnector::sslCrtvdHandleReply, nullptr)); - Ssl::CertValidationHelper::GetInstance()->sslSubmit(validationRequest, call); + Ssl::CertValidationHelper::Submit(validationRequest, call); return false; } catch (const std::exception &e) { debugs(83, DBG_IMPORTANT, "ERROR: Failed to compose ssl_crtvd " << @@ -324,6 +325,7 @@ if (acl_access *acl = ::Config.ssl_client.cert_error) { check = new ACLFilledChecklist(acl, request.getRaw(), dash_str); check->al = al; + check->syncAle(request.getRaw(), nullptr); } Security::CertErrors *errs = nullptr; @@ -375,9 +377,18 @@ void Security::PeerConnector::NegotiateSsl(int, void *data) { - PeerConnector *pc = static_cast(data); + const auto pc = static_cast(data); + if (pc->valid()) + (*pc)->negotiateSsl(); + delete pc; +} + +/// Comm::SetSelect() callback. Direct calls tickle/resume negotiations. +void +Security::PeerConnector::negotiateSsl() +{ // Use job calls to add done() checks and other job logic/protections. - CallJobHere(83, 7, pc, Security::PeerConnector, negotiate); + CallJobHere(83, 7, this, Security::PeerConnector, negotiate); } void @@ -460,19 +471,19 @@ srvBio->holdRead(false); // schedule a negotiateSSl to allow openSSL parse received data - Security::PeerConnector::NegotiateSsl(fd, this); + negotiateSsl(); return; } else if (srvBio->gotHelloFailed()) { srvBio->holdRead(false); debugs(83, DBG_IMPORTANT, "Error parsing SSL Server Hello Message on FD " << fd); // schedule a negotiateSSl to allow openSSL parse received data - Security::PeerConnector::NegotiateSsl(fd, this); + negotiateSsl(); return; } } #endif setReadTimeout(); - Comm::SetSelect(fd, COMM_SELECT_READ, &NegotiateSsl, this, 0); + Comm::SetSelect(fd, COMM_SELECT_READ, &NegotiateSsl, new Pointer(this), 0); } void @@ -480,7 +491,7 @@ { const int fd = serverConnection()->fd; debugs(83, 5, serverConnection()); - Comm::SetSelect(fd, COMM_SELECT_WRITE, &NegotiateSsl, this, 0); + Comm::SetSelect(fd, COMM_SELECT_WRITE, &NegotiateSsl, new Pointer(this), 0); return; } @@ -677,7 +688,7 @@ } srvBio->holdRead(false); - Security::PeerConnector::NegotiateSsl(serverConnection()->fd, this); + negotiateSsl(); } bool diff -u -r -N squid-4.0.24/src/security/PeerConnector.h squid-4.0.25/src/security/PeerConnector.h --- squid-4.0.24/src/security/PeerConnector.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/security/PeerConnector.h 2018-06-12 04:30:57.000000000 +1200 @@ -65,6 +65,8 @@ CBDATA_CLASS(PeerConnector); public: + typedef CbcPointer Pointer; + /// Callback dialer API to allow PeerConnector to set the answer. class CbDialer { @@ -191,8 +193,8 @@ Security::CertErrors *sslCrtvdCheckForErrors(Ssl::CertValidationResponse const &, Ssl::ErrorDetail *&); #endif - /// A wrapper function for negotiateSsl for use with Comm::SetSelect static void NegotiateSsl(int fd, void *data); + void negotiateSsl(); /// The maximum allowed missing certificates downloads. static const unsigned int MaxCertsDownloads = 10; diff -u -r -N squid-4.0.24/src/security/PeerOptions.cc squid-4.0.25/src/security/PeerOptions.cc --- squid-4.0.24/src/security/PeerOptions.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/security/PeerOptions.cc 2018-06-12 04:30:57.000000000 +1200 @@ -230,7 +230,7 @@ break; } if (add) { -#if USE_GNUTLS // dont bother otherwise +#if USE_GNUTLS // do not bother otherwise if (sslOptions.isEmpty()) sslOptions.append(add+1, strlen(add+1)); else diff -u -r -N squid-4.0.24/src/servers/FtpServer.cc squid-4.0.25/src/servers/FtpServer.cc --- squid-4.0.24/src/servers/FtpServer.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/servers/FtpServer.cc 2018-06-12 04:30:57.000000000 +1200 @@ -1821,13 +1821,13 @@ // because we want to signal the FTP user that we are not fully // done processing its data stream, even though all data bytes // have been sent or received already. - debugs(33, 5, "Transfering from FTP server is not complete"); + debugs(33, 5, "Transferring from FTP server is not complete"); return; } // Adjust our reply if the server aborted with an error before we are done. if (master->userDataDone == 226 && originDataDownloadAbortedOnError) { - debugs(33, 5, "Transfering from FTP server terminated with an error, adjust status code"); + debugs(33, 5, "Transferring from FTP server terminated with an error, adjust status code"); master->userDataDone = 451; } completeDataDownload(); diff -u -r -N squid-4.0.24/src/servers/Http1Server.cc squid-4.0.25/src/servers/Http1Server.cc --- squid-4.0.24/src/servers/Http1Server.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/servers/Http1Server.cc 2018-06-12 04:30:57.000000000 +1200 @@ -75,7 +75,7 @@ PROF_start(HttpServer_parseOneRequest); // parser is incremental. Generate new parser state if we, - // a) dont have one already + // a) do not have one already // b) have completed the previous request parsing already if (!parser_ || !parser_->needsMoreData()) parser_ = new Http1::RequestParser(mayTunnelUnsupportedProto()); diff -u -r -N squid-4.0.24/src/servers/Makefile.in squid-4.0.25/src/servers/Makefile.in --- squid-4.0.24/src/servers/Makefile.in 2018-03-08 02:24:44.000000000 +1300 +++ squid-4.0.25/src/servers/Makefile.in 2018-06-12 04:48:03.000000000 +1200 @@ -492,7 +492,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/snmp/Makefile.in squid-4.0.25/src/snmp/Makefile.in --- squid-4.0.24/src/snmp/Makefile.in 2018-03-08 02:24:44.000000000 +1300 +++ squid-4.0.25/src/snmp/Makefile.in 2018-06-12 04:48:03.000000000 +1200 @@ -493,7 +493,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/squid.8.in squid-4.0.25/src/squid.8.in --- squid-4.0.24/src/squid.8.in 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/squid.8.in 2018-06-12 04:30:57.000000000 +1200 @@ -124,6 +124,11 @@ which does not fork/exit at startup. . .if !'po4a'hide' .TP +.if !'po4a'hide' .B "\--kid roleID" +Play a given SMP kid process role, with a given ID. Do not use +this option. It is meant for the master process use only. +. +.if !'po4a'hide' .TP .if !'po4a'hide' .B "\-O options" Set Windows Service Command line options in Registry. . diff -u -r -N squid-4.0.24/src/ssl/helper.cc squid-4.0.25/src/ssl/helper.cc --- squid-4.0.24/src/ssl/helper.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/ssl/helper.cc 2018-06-12 04:30:57.000000000 +1200 @@ -67,20 +67,7 @@ /// pending Ssl::Helper requests (to all certificate generator helpers combined) static Ssl::GeneratorRequests TheGeneratorRequests; -Ssl::Helper * Ssl::Helper::GetInstance() -{ - static Ssl::Helper sslHelper; - return &sslHelper; -} - -Ssl::Helper::Helper() : ssl_crtd(NULL) -{ -} - -Ssl::Helper::~Helper() -{ - Shutdown(); -} +helper *Ssl::Helper::ssl_crtd = nullptr; void Ssl::Helper::Init() { @@ -123,10 +110,15 @@ ssl_crtd = NULL; } -void Ssl::Helper::sslSubmit(CrtdMessage const & message, HLPCB * callback, void * data) +void +Ssl::Helper::Reconfigure() { - assert(ssl_crtd); + Shutdown(); + Init(); +} +void Ssl::Helper::Submit(CrtdMessage const & message, HLPCB * callback, void * data) +{ SBuf rawMessage(message.compose().c_str()); // XXX: helpers cannot use SBuf rawMessage.append("\n", 1); @@ -142,7 +134,9 @@ request->emplace(callback, data); TheGeneratorRequests.emplace(request->query, request); debugs(83, 5, "request from " << data << " as " << *request); - if (ssl_crtd->trySubmit(request->query.c_str(), HandleGeneratorReply, request)) + // ssl_crtd becomes nil if Squid is reconfigured without SslBump or + // certificate generation disabled in the new configuration + if (ssl_crtd && ssl_crtd->trySubmit(request->query.c_str(), HandleGeneratorReply, request)) return; ::Helper::Reply failReply(::Helper::BrokenHelper); @@ -168,25 +162,13 @@ } #endif //USE_SSL_CRTD -Ssl::CertValidationHelper * Ssl::CertValidationHelper::GetInstance() -{ - static Ssl::CertValidationHelper sslHelper; - if (!Ssl::TheConfig.ssl_crt_validator) - return NULL; - return &sslHelper; -} - -Ssl::CertValidationHelper::CertValidationHelper() : ssl_crt_validator(NULL) -{ -} - -Ssl::CertValidationHelper::~CertValidationHelper() -{ - Shutdown(); -} +helper *Ssl::CertValidationHelper::ssl_crt_validator = nullptr; void Ssl::CertValidationHelper::Init() { + if (!Ssl::TheConfig.ssl_crt_validator) + return; + assert(ssl_crt_validator == NULL); // we need to start ssl_crtd only if some port(s) need to bump SSL @@ -249,6 +231,13 @@ HelperCache = NULL; } +void +Ssl::CertValidationHelper::Reconfigure() +{ + Shutdown(); + Init(); +} + class submitData { CBDATA_CLASS(submitData); @@ -298,10 +287,8 @@ delete crtdvdData; } -void Ssl::CertValidationHelper::sslSubmit(Ssl::CertValidationRequest const &request, AsyncCall::Pointer &callback) +void Ssl::CertValidationHelper::Submit(Ssl::CertValidationRequest const &request, AsyncCall::Pointer &callback) { - assert(ssl_crt_validator); - Ssl::CertValidationMsg message(Ssl::CrtdMessage::REQUEST); message.setCode(Ssl::CertValidationMsg::code_cert_validate); message.composeRequest(request); @@ -325,15 +312,18 @@ return; } - if (!ssl_crt_validator->trySubmit(crtdvdData->query.c_str(), sslCrtvdHandleReplyWrapper, crtdvdData)) { - Ssl::CertValidationResponse::Pointer resp = new Ssl::CertValidationResponse(crtdvdData->ssl); - resp->resultCode = ::Helper::BrokenHelper; - Ssl::CertValidationHelper::CbDialer *dialer = dynamic_cast(callback->getDialer()); - Must(dialer); - dialer->arg1 = resp; - ScheduleCallHere(callback); - delete crtdvdData; + // ssl_crt_validator becomes nil if Squid is reconfigured with cert + // validator disabled in the new configuration + if (ssl_crt_validator && ssl_crt_validator->trySubmit(crtdvdData->query.c_str(), sslCrtvdHandleReplyWrapper, crtdvdData)) return; - } + + Ssl::CertValidationResponse::Pointer resp = new Ssl::CertValidationResponse(crtdvdData->ssl); + resp->resultCode = ::Helper::BrokenHelper; + Ssl::CertValidationHelper::CbDialer *dialer = dynamic_cast(callback->getDialer()); + Must(dialer); + dialer->arg1 = resp; + ScheduleCallHere(callback); + delete crtdvdData; + return; } diff -u -r -N squid-4.0.24/src/ssl/helper.h squid-4.0.25/src/ssl/helper.h --- squid-4.0.24/src/ssl/helper.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/ssl/helper.h 2018-06-12 04:30:57.000000000 +1200 @@ -22,23 +22,19 @@ { #if USE_SSL_CRTD /** - * Set of thread for ssl_crtd. This class is singleton. Use this class only - * over GetIntance() static method. This class use helper structure - * for threads management. + * Set of thread for ssl_crtd. This class is singleton. + * This class use helper structure for threads management. */ class Helper { public: - static Helper * GetInstance(); ///< Instance class. - void Init(); ///< Init helper structure. - void Shutdown(); ///< Shutdown helper structure. + static void Init(); ///< Init helper structure. + static void Shutdown(); ///< Shutdown helper structure. + static void Reconfigure(); ///< Reconfigure helper structure. /// Submit crtd message to external crtd server. - void sslSubmit(CrtdMessage const & message, HLPCB * callback, void *data); + static void Submit(CrtdMessage const & message, HLPCB * callback, void *data); private: - Helper(); - ~Helper(); - - helper * ssl_crtd; ///< helper for management of ssl_crtd. + static helper * ssl_crtd; ///< helper for management of ssl_crtd. }; #endif @@ -50,16 +46,13 @@ typedef UnaryMemFunT CbDialer; typedef void CVHCB(void *, Ssl::CertValidationResponse const &); - static CertValidationHelper * GetInstance(); ///< Instance class. - void Init(); ///< Init helper structure. - void Shutdown(); ///< Shutdown helper structure. + static void Init(); ///< Init helper structure. + static void Shutdown(); ///< Shutdown helper structure. + static void Reconfigure(); ///< Reconfigure helper structure /// Submit crtd request message to external crtd server. - void sslSubmit(Ssl::CertValidationRequest const & request, AsyncCall::Pointer &); + static void Submit(Ssl::CertValidationRequest const & request, AsyncCall::Pointer &); private: - CertValidationHelper(); - ~CertValidationHelper(); - - helper * ssl_crt_validator; ///< helper for management of ssl_crtd. + static helper * ssl_crt_validator; ///< helper for management of ssl_crtd. public: typedef LruMap LruCache; static LruCache *HelperCache; ///< cache for cert validation helper diff -u -r -N squid-4.0.24/src/ssl/Makefile.in squid-4.0.25/src/ssl/Makefile.in --- squid-4.0.24/src/ssl/Makefile.in 2018-03-08 02:24:44.000000000 +1300 +++ squid-4.0.25/src/ssl/Makefile.in 2018-06-12 04:48:03.000000000 +1200 @@ -498,7 +498,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/ssl/PeekingPeerConnector.cc squid-4.0.25/src/ssl/PeekingPeerConnector.cc --- squid-4.0.24/src/ssl/PeekingPeerConnector.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/ssl/PeekingPeerConnector.cc 2018-06-12 04:30:57.000000000 +1200 @@ -70,6 +70,7 @@ acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpSplice)); if (!srvBio->canBump()) acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpBump)); + acl_checklist->syncAle(request.getRaw(), nullptr); acl_checklist->nonBlockingCheck(Ssl::PeekingPeerConnector::cbCheckForPeekAndSpliceDone, this); } diff -u -r -N squid-4.0.24/src/stat.cc squid-4.0.25/src/stat.cc --- squid-4.0.24/src/stat.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/stat.cc 2018-06-12 04:30:57.000000000 +1200 @@ -1287,7 +1287,7 @@ i /= (int) dt; if (Config.warnings.high_pf < i) - debugs(18, DBG_CRITICAL, "WARNING: Page faults occuring at " << i << "/sec"); + debugs(18, DBG_CRITICAL, "WARNING: Page faults occurring at " << i << "/sec"); } } diff -u -r -N squid-4.0.24/src/store/Controller.cc squid-4.0.25/src/store/Controller.cc --- squid-4.0.24/src/store/Controller.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/store/Controller.cc 2018-06-12 04:30:57.000000000 +1200 @@ -349,14 +349,16 @@ } StoreEntry * -Store::Controller::findCallback(const cache_key *key) +Store::Controller::findCallbackXXX(const cache_key *key) { // We could check for mem_obj presence (and more), moving and merging some // of the duplicated neighborsUdpAck() and neighborsHtcpReply() code here, // but that would mean polluting Store with HTCP/ICP code. Instead, we // should encapsulate callback-related data in a protocol-neutral MemObject // member or use an HTCP/ICP-specific index rather than store_table. - return peekAtLocal(key); + + // cannot reuse peekAtLocal() because HTCP/ICP callbacks may use private keys + return static_cast(hash_lookup(store_table, key)); } /// \returns either an existing local reusable StoreEntry object or nil diff -u -r -N squid-4.0.24/src/store/Controller.h squid-4.0.25/src/store/Controller.h --- squid-4.0.24/src/store/Controller.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/store/Controller.h 2018-06-12 04:30:57.000000000 +1200 @@ -56,9 +56,9 @@ /// \returns matching StoreEntry associated with local ICP/HTCP transaction /// Warning: The returned StoreEntry is not synced and may be marked for - /// deletion. Use it only for extracting transaction callback details. - /// TODO: Group and return just that callback-related data instead? - StoreEntry *findCallback(const cache_key *); + /// deletion. It can only be used for extracting transaction callback details. + /// New code should be designed to avoid this deprecated API. + StoreEntry *findCallbackXXX(const cache_key *); /// Whether a transient entry with the given public key exists and (but) was /// marked for removal some time ago; get(key) returns nil in such cases. diff -u -r -N squid-4.0.24/src/store/id_rewriters/file/Makefile.in squid-4.0.25/src/store/id_rewriters/file/Makefile.in --- squid-4.0.24/src/store/id_rewriters/file/Makefile.in 2018-03-08 02:24:44.000000000 +1300 +++ squid-4.0.25/src/store/id_rewriters/file/Makefile.in 2018-06-12 04:48:03.000000000 +1200 @@ -431,7 +431,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/store/id_rewriters/file/storeid_file_rewrite.8 squid-4.0.25/src/store/id_rewriters/file/storeid_file_rewrite.8 --- squid-4.0.24/src/store/id_rewriters/file/storeid_file_rewrite.8 2018-03-08 02:33:25.000000000 +1300 +++ squid-4.0.25/src/store/id_rewriters/file/storeid_file_rewrite.8 2018-06-12 04:56:19.000000000 +1200 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "STOREID_FILE_REWRITE 8" -.TH STOREID_FILE_REWRITE 8 "2018-03-07" "perl v5.26.1" "User Contributed Perl Documentation" +.TH STOREID_FILE_REWRITE 8 "2018-06-11" "perl v5.26.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-4.0.24/src/store/Makefile.in squid-4.0.25/src/store/Makefile.in --- squid-4.0.24/src/store/Makefile.in 2018-03-08 02:24:44.000000000 +1300 +++ squid-4.0.25/src/store/Makefile.in 2018-06-12 04:48:03.000000000 +1200 @@ -533,7 +533,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/src/store.cc squid-4.0.25/src/store.cc --- squid-4.0.24/src/store.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/store.cc 2018-06-12 04:30:57.000000000 +1200 @@ -216,8 +216,7 @@ // readers appeared to care around 2009/12/14 as they skipped reading // for other reasons. Closing may already be true at the delyaAwareRead // call time or may happen while we wait after delayRead() above. - debugs(20, 3, HERE << "wont read from closing " << conn << " for " << - callback); + debugs(20, 3, "will not read from closing " << conn << " for " << callback); return; // the read callback will never be called } @@ -354,7 +353,7 @@ if (!deferredProducer) deferredProducer = producer; else - debugs(20, 5, HERE << "Deferred producer call is allready set to: " << + debugs(20, 5, "Deferred producer call is already set to: " << *deferredProducer << ", requested call: " << *producer); } diff -u -r -N squid-4.0.24/src/tests/stub_debug.cc squid-4.0.25/src/tests/stub_debug.cc --- squid-4.0.24/src/tests/stub_debug.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/tests/stub_debug.cc 2018-06-12 04:30:57.000000000 +1200 @@ -26,6 +26,7 @@ int Debug::override_X = 0; int Debug::log_stderr = 1; bool Debug::log_syslog = false; +void Debug::ForceAlert() STUB void StopUsingDebugLog() STUB void ResyncDebugLog(FILE *) STUB @@ -125,6 +126,12 @@ } } +std::ostream& +ForceAlert(std::ostream& s) +{ + return s; +} + std::ostream & Raw::print(std::ostream &os) const { diff -u -r -N squid-4.0.24/src/tests/stub_HelperChildConfig.cc squid-4.0.25/src/tests/stub_HelperChildConfig.cc --- squid-4.0.24/src/tests/stub_HelperChildConfig.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/tests/stub_HelperChildConfig.cc 2018-06-12 04:30:57.000000000 +1200 @@ -48,7 +48,7 @@ /* keep a minimum of n_idle helpers free... */ if ( (n_active + n_idle) < n_max) return n_idle; - /* dont ever start more than n_max processes. */ + /* do not ever start more than n_max processes. */ return (n_max - n_active); } diff -u -r -N squid-4.0.24/src/tests/stub_liblog.cc squid-4.0.25/src/tests/stub_liblog.cc --- squid-4.0.24/src/tests/stub_liblog.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/tests/stub_liblog.cc 2018-06-12 04:30:57.000000000 +1200 @@ -43,7 +43,9 @@ LogConfig TheConfig; } -//#include "log/CustomLog.h" +#include "log/CustomLog.h" +bool CustomLog::usesDaemon() const STUB_RETVAL(false) + #include "log/File.h" CBDATA_CLASS_INIT(Logfile); Logfile::Logfile(const char *) {STUB} diff -u -r -N squid-4.0.24/src/tests/testEventLoop.cc squid-4.0.25/src/tests/testEventLoop.cc --- squid-4.0.24/src/tests/testEventLoop.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/tests/testEventLoop.cc 2018-06-12 04:30:57.000000000 +1200 @@ -103,7 +103,7 @@ * This test works by having a customer dispatcher which shuts the loop down * once its been invoked twice. * - * It also tests that loop.run() and loop.stop() work, because if they dont + * It also tests that loop.run() and loop.stop() work, because if they do not * work, this test will either hang, or fail. */ @@ -154,7 +154,7 @@ /* each AsyncEngine needs to be given a timeout. We want one engine in each * loop to be given the timeout value - and the rest to have a timeout of 0. * The last registered engine should be given this timeout, which will mean - * that we dont block in the loop until the last engine. This will allow for + * that we do not block in the loop until the last engine. This will allow for * dynamic introduction and removal of engines, as long as the last engine * is one which can do a os call rather than busy waiting. * diff -u -r -N squid-4.0.24/src/tests/testSBuf.cc squid-4.0.25/src/tests/testSBuf.cc --- squid-4.0.24/src/tests/testSBuf.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/tests/testSBuf.cc 2018-06-12 04:30:57.000000000 +1200 @@ -812,7 +812,7 @@ testSBuf::testReserve() { SBufReservationRequirements requirements; - // use unusual numbers to ensure we dont hit a lucky boundary situation + // use unusual numbers to ensure we do not hit a lucky boundary situation requirements.minSpace = 10; requirements.idealSpace = 82; requirements.maxCapacity = 259; diff -u -r -N squid-4.0.24/src/tools.cc squid-4.0.25/src/tools.cc --- squid-4.0.24/src/tools.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/tools.cc 2018-06-12 04:30:57.000000000 +1200 @@ -291,11 +291,11 @@ death(int sig) { if (sig == SIGSEGV) - fprintf(debug_log, "FATAL: Received Segment Violation...dying.\n"); + debugs(1, DBG_CRITICAL, ForceAlert << "FATAL: Received Segment Violation...dying."); else if (sig == SIGBUS) - fprintf(debug_log, "FATAL: Received Bus Error...dying.\n"); + debugs(1, DBG_CRITICAL, ForceAlert << "FATAL: Received Bus Error...dying."); else - fprintf(debug_log, "FATAL: Received signal %d...dying.\n", sig); + debugs(1, DBG_CRITICAL, ForceAlert << "FATAL: Received signal " << sig << "...dying."); #if PRINT_STACK_TRACE #if _SQUID_HPUX_ @@ -405,7 +405,7 @@ if (!opt_catch_signals) fatal_dump(message); - _db_print("WARNING: %s\n", message); + debugs(50, DBG_CRITICAL, "WARNING: " << message); } const char * @@ -603,7 +603,7 @@ uid_t uid; leave_suid(); uid = geteuid(); - debugs(21, 3, "no_suid: PID " << getpid() << " giving up root priveleges forever"); + debugs(21, 3, "no_suid: PID " << getpid() << " giving up root privileges forever"); if (setuid(0) < 0) { int xerrno = errno; diff -u -r -N squid-4.0.24/src/Transients.cc squid-4.0.25/src/Transients.cc --- squid-4.0.24/src/Transients.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/Transients.cc 2018-06-12 04:30:57.000000000 +1200 @@ -189,14 +189,11 @@ void Transients::monitorIo(StoreEntry *e, const cache_key *key, const Store::IoStatus direction) { - assert(direction == Store::ioReading || direction == Store::ioWriting); - if (!e->hasTransients()) { addEntry(e, key, direction); - e->mem_obj->xitTable.io = direction; + assert(e->hasTransients()); } - assert(e->hasTransients()); const auto index = e->mem_obj->xitTable.index; if (const auto old = locals->at(index)) { assert(old == e); @@ -207,7 +204,7 @@ } } -/// creates a new Transients entry or throws +/// creates a new Transients entry void Transients::addEntry(StoreEntry *e, const cache_key *key, const Store::IoStatus direction) { @@ -221,14 +218,20 @@ Ipc::StoreMapAnchor *slot = map->openForWriting(key, index); Must(slot); // no writer collisions - slot->set(*e, key); + // set ASAP in hope to unlock the slot if something throws e->mem_obj->xitTable.index = index; + e->mem_obj->xitTable.io = Store::ioWriting; + + slot->set(*e, key); if (direction == Store::ioWriting) { - // keep write lock; the caller will decide what to do with it - map->startAppending(e->mem_obj->xitTable.index); + // allow reading and receive remote DELETE events, but do not switch to + // the reading lock because transientReaders() callers want true readers + map->startAppending(index); } else { + assert(direction == Store::ioReading); // keep the entry locked (for reading) to receive remote DELETE events - map->closeForWriting(e->mem_obj->xitTable.index); + map->switchWritingToReading(index); + e->mem_obj->xitTable.io = Store::ioReading; } } @@ -255,7 +258,7 @@ { assert(e.hasTransients()); assert(isWriter(e)); - map->closeForWriting(e.mem_obj->xitTable.index, true); + map->switchWritingToReading(e.mem_obj->xitTable.index); e.mem_obj->xitTable.io = Store::ioReading; } diff -u -r -N squid-4.0.24/src/tunnel.cc squid-4.0.25/src/tunnel.cc --- squid-4.0.24/src/tunnel.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/tunnel.cc 2018-06-12 04:30:57.000000000 +1200 @@ -1089,8 +1089,10 @@ * default is to allow. */ ACLFilledChecklist ch(Config.accessList.miss, request, NULL); + ch.al = http->al; ch.src_addr = request->client_addr; ch.my_addr = request->my_addr; + ch.syncAle(request, http->log_uri); if (ch.fastCheck().denied()) { debugs(26, 4, HERE << "MISS access forbidden."); err = new ErrorState(ERR_FORWARDING_DENIED, Http::scForbidden, request); diff -u -r -N squid-4.0.24/src/unlinkd_daemon.cc squid-4.0.25/src/unlinkd_daemon.cc --- squid-4.0.24/src/unlinkd_daemon.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/unlinkd_daemon.cc 2018-06-12 04:30:57.000000000 +1200 @@ -45,7 +45,7 @@ * \param argc Ignored. \param argv Ignored. - \retval ERR An error occured removing the file. + \retval ERR An error occurred removing the file. \retval OK The file has been removed. */ int diff -u -r -N squid-4.0.24/src/WinSvc.cc squid-4.0.25/src/WinSvc.cc --- squid-4.0.24/src/WinSvc.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/src/WinSvc.cc 2018-06-12 04:30:57.000000000 +1200 @@ -517,7 +517,7 @@ ConfigFile = static_cast(xmalloc(Size)); RegQueryValueEx(hndKey, CONFIGFILE, NULL, &Type, (unsigned char *)ConfigFile, &Size); } else - ConfigFile = xstrdup(DefaultConfigFile); + ConfigFile = xstrdup(DEFAULT_CONFIG_FILE); Size = 0; @@ -533,7 +533,7 @@ RegCloseKey(hndKey); } else { - ConfigFile = xstrdup(DefaultConfigFile); + ConfigFile = xstrdup(DEFAULT_CONFIG_FILE); WIN32_Service_Command_Line = xstrdup(""); } @@ -778,7 +778,7 @@ /* Now store the config file location in the registry */ if (!ConfigFile) - ConfigFile = xstrdup(DefaultConfigFile); + ConfigFile = xstrdup(DEFAULT_CONFIG_FILE); WIN32_StoreKey(CONFIGFILE, REG_SZ, (unsigned char *) ConfigFile, strlen(ConfigFile) + 1); diff -u -r -N squid-4.0.24/test-suite/debug.cc squid-4.0.25/test-suite/debug.cc --- squid-4.0.24/test-suite/debug.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/test-suite/debug.cc 2018-06-12 04:30:57.000000000 +1200 @@ -50,7 +50,7 @@ { Debug::Levels[1] = 8; debugs (1,1,"test" << "string"); - debugs (1,9,"dont show this" << "string"); + debugs (1,9,"do not show this" << "string"); debugs (1,1,"test" << "string"); debugs (1,1,"test" << "string"); if (true) diff -u -r -N squid-4.0.24/test-suite/Makefile.in squid-4.0.25/test-suite/Makefile.in --- squid-4.0.24/test-suite/Makefile.in 2018-03-08 02:24:44.000000000 +1300 +++ squid-4.0.25/test-suite/Makefile.in 2018-06-12 04:48:03.000000000 +1200 @@ -575,7 +575,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/test-suite/stub_debug.cc squid-4.0.25/test-suite/stub_debug.cc --- squid-4.0.24/test-suite/stub_debug.cc 2018-03-08 02:33:27.000000000 +1300 +++ squid-4.0.25/test-suite/stub_debug.cc 2018-06-12 04:56:21.000000000 +1200 @@ -26,6 +26,7 @@ int Debug::override_X = 0; int Debug::log_stderr = 1; bool Debug::log_syslog = false; +void Debug::ForceAlert() STUB void StopUsingDebugLog() STUB void ResyncDebugLog(FILE *) STUB @@ -125,6 +126,12 @@ } } +std::ostream& +ForceAlert(std::ostream& s) +{ + return s; +} + std::ostream & Raw::print(std::ostream &os) const { diff -u -r -N squid-4.0.24/tools/helper-mux/helper-mux.8 squid-4.0.25/tools/helper-mux/helper-mux.8 --- squid-4.0.24/tools/helper-mux/helper-mux.8 2018-03-08 02:33:27.000000000 +1300 +++ squid-4.0.25/tools/helper-mux/helper-mux.8 2018-06-12 04:56:22.000000000 +1200 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "HELPER-MUX 8" -.TH HELPER-MUX 8 "2018-03-07" "perl v5.26.1" "User Contributed Perl Documentation" +.TH HELPER-MUX 8 "2018-06-11" "perl v5.26.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-4.0.24/tools/helper-mux/Makefile.in squid-4.0.25/tools/helper-mux/Makefile.in --- squid-4.0.24/tools/helper-mux/Makefile.in 2018-03-08 02:24:44.000000000 +1300 +++ squid-4.0.25/tools/helper-mux/Makefile.in 2018-06-12 04:48:03.000000000 +1200 @@ -431,7 +431,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/tools/Makefile.in squid-4.0.25/tools/Makefile.in --- squid-4.0.24/tools/Makefile.in 2018-03-08 02:24:44.000000000 +1300 +++ squid-4.0.25/tools/Makefile.in 2018-06-12 04:48:03.000000000 +1200 @@ -558,7 +558,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/tools/purge/conffile.hh squid-4.0.25/tools/purge/conffile.hh --- squid-4.0.24/tools/purge/conffile.hh 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/tools/purge/conffile.hh 2018-06-12 04:30:57.000000000 +1200 @@ -55,11 +55,6 @@ #endif #endif /* __cplusplus */ - -#if !defined(DEFAULT_SQUID_CONF) -#define DEFAULT_SQUID_CONF "/usr/local/squid/etc/squid.conf" -#endif - #include struct CacheDir { @@ -75,7 +70,7 @@ int readConfigFile( CacheDirVector& cachedir, - const char* fn = DEFAULT_SQUID_CONF, + const char* fn, FILE* debug = 0 ); // purpose: read squid.conf file and extract cache_dir entries // paramtr: cachedir (OUT): vector with an entry for each cache_dir found diff -u -r -N squid-4.0.24/tools/purge/Makefile.in squid-4.0.25/tools/purge/Makefile.in --- squid-4.0.24/tools/purge/Makefile.in 2018-03-08 02:24:44.000000000 +1300 +++ squid-4.0.25/tools/purge/Makefile.in 2018-06-12 04:48:03.000000000 +1200 @@ -501,7 +501,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/tools/purge/purge.cc squid-4.0.25/tools/purge/purge.cc --- squid-4.0.24/tools/purge/purge.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/tools/purge/purge.cc 2018-06-12 04:30:57.000000000 +1200 @@ -615,7 +615,7 @@ "\t0 and 1 are recommended - slow rebuild your cache with other modes.\n" " -s\tshow all options after option parsing, but before really starting.\n" " -v\tshow more information about the file, e.g. MD5, timestamps and flags.\n" - "\n", DEFAULT_SQUID_CONF, DEFAULTHOST, DEFAULTPORT ); + "\n", DEFAULT_CONFIG_FILE, DEFAULTHOST, DEFAULTPORT ); } @@ -890,7 +890,7 @@ { // setup variables REList* list = 0; - char* conffile = xstrdup( DEFAULT_SQUID_CONF ); + char* conffile = xstrdup(DEFAULT_CONFIG_FILE); serverPort = htons(DEFAULTPORT); if ( convertHostname(DEFAULTHOST,serverHost) == -1 ) { fprintf( stderr, "unable to resolve host %s!\n", DEFAULTHOST ); diff -u -r -N squid-4.0.24/tools/squidclient/Makefile.in squid-4.0.25/tools/squidclient/Makefile.in --- squid-4.0.24/tools/squidclient/Makefile.in 2018-03-08 02:24:44.000000000 +1300 +++ squid-4.0.25/tools/squidclient/Makefile.in 2018-06-12 04:48:03.000000000 +1200 @@ -551,7 +551,11 @@ DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ -DEFS = @DEFS@ + +# Make ./configure location settings above available to the code +DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" \ + -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" \ + -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\" DEPDIR = @DEPDIR@ DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ DISK_LIBS = @DISK_LIBS@ diff -u -r -N squid-4.0.24/tools/squidclient/squidclient.cc squid-4.0.25/tools/squidclient/squidclient.cc --- squid-4.0.24/tools/squidclient/squidclient.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/tools/squidclient/squidclient.cc 2018-06-12 04:30:57.000000000 +1200 @@ -26,6 +26,7 @@ #include #include #include +#include #if _SQUID_WINDOWS_ #include #endif @@ -54,12 +55,6 @@ #ifndef BUFSIZ #define BUFSIZ 8192 #endif -#ifndef MESSAGELEN -#define MESSAGELEN 65536 -#endif -#ifndef HEADERLEN -#define HEADERLEN 65536 -#endif /* Local functions */ static void usage(const char *progname); @@ -192,8 +187,9 @@ #if HAVE_GSSAPI int www_neg = 0, proxy_neg = 0; #endif - char url[BUFSIZ], msg[MESSAGELEN], buf[BUFSIZ]; - char extra_hdrs[HEADERLEN]; + char url[BUFSIZ]; + char buf[BUFSIZ]; + char *extra_hdrs = nullptr; const char *method = "GET"; extern char *optarg; time_t ims = 0; @@ -208,7 +204,6 @@ const char *useragent = NULL; /* set the defaults */ - extra_hdrs[0] = '\0'; to_stdout = true; reload = false; @@ -216,8 +211,8 @@ if (argc < 2 || argv[argc-1][0] == '-') { usage(argv[0]); /* need URL */ } else if (argc >= 2) { - strncpy(url, argv[argc - 1], BUFSIZ); - url[BUFSIZ - 1] = '\0'; + strncpy(url, argv[argc - 1], sizeof(url)); + url[sizeof(url) - 1] = '\0'; int optIndex = 0; const char *shortOpStr = "aA:h:j:V:l:P:i:km:nNp:rsvt:H:T:u:U:w:W:?"; @@ -312,7 +307,11 @@ case 'H': if (strlen(optarg)) { - strncpy(extra_hdrs, optarg, sizeof(extra_hdrs)); + if (extra_hdrs) { + std::cerr << "ERROR: multiple -H options not supported. Discarding previous value." << std::endl; + xfree(extra_hdrs); + } + extra_hdrs = xstrdup(optarg); shellUnescape(extra_hdrs); } break; @@ -385,9 +384,9 @@ } // embed the -w proxy password into old-style cachemgr URLs if (at) - snprintf(url, BUFSIZ, "cache_object://%s/%s@%s", Transport::Config.hostname, t, at); + snprintf(url, sizeof(url), "cache_object://%s/%s@%s", Transport::Config.hostname, t, at); else - snprintf(url, BUFSIZ, "cache_object://%s/%s", Transport::Config.hostname, t); + snprintf(url, sizeof(url), "cache_object://%s/%s", Transport::Config.hostname, t); xfree(t); } if (put_file) { @@ -425,47 +424,42 @@ } } + std::stringstream msg; + if (version[0] == '-' || !version[0]) { /* HTTP/0.9, no headers, no version */ - snprintf(msg, BUFSIZ, "%s %s\r\n", method, url); + msg << method << " " << url << "\r\n"; } else { - if (!xisdigit(version[0])) // not HTTP/n.n - snprintf(msg, BUFSIZ, "%s %s %s\r\n", method, url, version); - else - snprintf(msg, BUFSIZ, "%s %s HTTP/%s\r\n", method, url, version); + const auto versionImpliesHttp = xisdigit(version[0]); // is HTTP/n.n + msg << method << " " + << url << " " + << (versionImpliesHttp ? "HTTP/" : "") << version + << "\r\n"; if (host) { - snprintf(buf, BUFSIZ, "Host: %s\r\n", host); - strcat(msg,buf); + msg << "Host: " << host << "\r\n"; } - if (useragent == NULL) { - snprintf(buf, BUFSIZ, "User-Agent: squidclient/%s\r\n", VERSION); - strcat(msg,buf); + if (!useragent) { + msg << "User-Agent: squidclient/" << VERSION << "\r\n"; } else if (useragent[0] != '\0') { - snprintf(buf, BUFSIZ, "User-Agent: %s\r\n", useragent); - strcat(msg,buf); - } + msg << "User-Agent: " << useragent << "\r\n"; + } // else custom: no value U-A header if (reload) { - snprintf(buf, BUFSIZ, "Cache-Control: no-cache\r\n"); - strcat(msg, buf); + msg << "Cache-Control: no-cache\r\n"; } if (put_fd > 0) { - snprintf(buf, BUFSIZ, "Content-length: %" PRId64 "\r\n", (int64_t) sb.st_size); - strcat(msg, buf); + msg << "Content-length: " << sb.st_size << "\r\n"; } if (opt_noaccept == 0) { - snprintf(buf, BUFSIZ, "Accept: */*\r\n"); - strcat(msg, buf); + msg << "Accept: */*\r\n"; } if (ims) { - snprintf(buf, BUFSIZ, "If-Modified-Since: %s\r\n", mkrfc1123(ims)); - strcat(msg, buf); + msg << "If-Modified-Since: " << mkrfc1123(ims) << "\r\n"; } if (max_forwards > -1) { - snprintf(buf, BUFSIZ, "Max-Forwards: %d\r\n", max_forwards); - strcat(msg, buf); + msg << "Max-Forwards: " << max_forwards << "\r\n"; } struct base64_encode_ctx ctx; base64_encode_init(&ctx); @@ -486,8 +480,7 @@ blen += base64_encode_update(&ctx, pwdBuf+blen, 1, reinterpret_cast(":")); blen += base64_encode_update(&ctx, pwdBuf+blen, strlen(password), reinterpret_cast(password)); blen += base64_encode_final(&ctx, pwdBuf+blen); - snprintf(buf, BUFSIZ, "Proxy-Authorization: Basic %.*s\r\n", static_cast(blen), pwdBuf); - strcat(msg, buf); + msg << "Proxy-Authorization: Basic " << pwdBuf << "\r\n"; delete[] pwdBuf; } if (www_user) { @@ -506,16 +499,14 @@ blen += base64_encode_update(&ctx, pwdBuf+blen, 1, reinterpret_cast(":")); blen += base64_encode_update(&ctx, pwdBuf+blen, strlen(password), reinterpret_cast(password)); blen += base64_encode_final(&ctx, pwdBuf+blen); - snprintf(buf, BUFSIZ, "Authorization: Basic %.*s\r\n", static_cast(blen), pwdBuf); - strcat(msg, buf); + msg << "Proxy-Authorization: Basic " << pwdBuf << "\r\n"; delete[] pwdBuf; } #if HAVE_GSSAPI if (www_neg) { if (host) { const char *token = GSSAPI_token(host); - snprintf(buf, BUFSIZ, "Authorization: Negotiate %s\r\n", token); - strcat(msg, buf); + msg << "Proxy-Authorization: Negotiate " << token << "\r\n"; delete[] token; } else std::cerr << "ERROR: server host missing" << std::endl; @@ -523,8 +514,7 @@ if (proxy_neg) { if (Transport::Config.hostname) { const char *token = GSSAPI_token(Transport::Config.hostname); - snprintf(buf, BUFSIZ, "Proxy-Authorization: Negotiate %s\r\n", token); - strcat(msg, buf); + msg << "Proxy-Authorization: Negotiate " << token << "\r\n"; delete[] token; } else std::cerr << "ERROR: proxy server host missing" << std::endl; @@ -533,17 +523,22 @@ /* HTTP/1.0 may need keep-alive explicitly */ if (strcmp(version, "1.0") == 0 && keep_alive) - strcat(msg, "Connection: keep-alive\r\n"); + msg << "Connection: keep-alive\r\n"; /* HTTP/1.1 may need close explicitly */ if (!keep_alive) - strcat(msg, "Connection: close\r\n"); + msg << "Connection: close\r\n"; - strcat(msg, extra_hdrs); - strcat(msg, "\r\n"); + if (extra_hdrs) { + msg << extra_hdrs; + safe_free(extra_hdrs); + } + msg << "\r\n"; // empty line ends MIME header block } - debugVerbose(1, "Request:" << std::endl << msg << std::endl << "."); + msg.flush(); + const auto messageHeader = msg.str(); + debugVerbose(1, "Request:" << std::endl << messageHeader << std::endl << "."); uint32_t loops = Ping::Init(); @@ -555,14 +550,15 @@ /* Send the HTTP request */ debugVerbose(2, "Sending HTTP request ... "); - bytesWritten = Transport::Write(msg, strlen(msg)); + bytesWritten = Transport::Write(messageHeader.data(), messageHeader.length()); if (bytesWritten < 0) { std::cerr << "ERROR: write" << std::endl; - exit(1); - } else if ((unsigned) bytesWritten != strlen(msg)) { - std::cerr << "ERROR: Cannot send request?: " << std::endl << msg << std::endl; - exit(1); + exit(EXIT_FAILURE); + } else if (static_cast(bytesWritten) != messageHeader.length()) { + std::cerr << "ERROR: Failed to send the following request: " << std::endl + << messageHeader << std::endl; + exit(EXIT_FAILURE); } debugVerbose(2, "done."); diff -u -r -N squid-4.0.24/tools/squidclient/stub_debug.cc squid-4.0.25/tools/squidclient/stub_debug.cc --- squid-4.0.24/tools/squidclient/stub_debug.cc 2018-03-08 02:33:27.000000000 +1300 +++ squid-4.0.25/tools/squidclient/stub_debug.cc 2018-06-12 04:56:22.000000000 +1200 @@ -26,6 +26,7 @@ int Debug::override_X = 0; int Debug::log_stderr = 1; bool Debug::log_syslog = false; +void Debug::ForceAlert() STUB void StopUsingDebugLog() STUB void ResyncDebugLog(FILE *) STUB @@ -125,6 +126,12 @@ } } +std::ostream& +ForceAlert(std::ostream& s) +{ + return s; +} + std::ostream & Raw::print(std::ostream &os) const { diff -u -r -N squid-4.0.24/tools/squidclient/Transport.cc squid-4.0.25/tools/squidclient/Transport.cc --- squid-4.0.24/tools/squidclient/Transport.cc 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/tools/squidclient/Transport.cc 2018-06-12 04:30:57.000000000 +1200 @@ -235,7 +235,7 @@ } ssize_t -Transport::Write(void *buf, size_t len) +Transport::Write(const void *buf, size_t len) { if (conn < 0) return -1; diff -u -r -N squid-4.0.24/tools/squidclient/Transport.h squid-4.0.25/tools/squidclient/Transport.h --- squid-4.0.24/tools/squidclient/Transport.h 2018-03-08 02:16:46.000000000 +1300 +++ squid-4.0.25/tools/squidclient/Transport.h 2018-06-12 04:30:57.000000000 +1200 @@ -109,7 +109,7 @@ /// write len bytes to the currently open connection. /// \return the number of bytes written, or -1 on errors -ssize_t Write(void *buf, size_t len); +ssize_t Write(const void *buf, size_t len); /// read up to len bytes from the currently open connection. /// \return the number of bytes read, or -1 on errors diff -u -r -N squid-4.0.24/tools/stub_debug.cc squid-4.0.25/tools/stub_debug.cc --- squid-4.0.24/tools/stub_debug.cc 2018-03-08 02:33:27.000000000 +1300 +++ squid-4.0.25/tools/stub_debug.cc 2018-06-12 04:56:21.000000000 +1200 @@ -26,6 +26,7 @@ int Debug::override_X = 0; int Debug::log_stderr = 1; bool Debug::log_syslog = false; +void Debug::ForceAlert() STUB void StopUsingDebugLog() STUB void ResyncDebugLog(FILE *) STUB @@ -125,6 +126,12 @@ } } +std::ostream& +ForceAlert(std::ostream& s) +{ + return s; +} + std::ostream & Raw::print(std::ostream &os) const {