diff -ruN squid-2.5.STABLE8-RC4/ChangeLog squid-2.5.STABLE8/ChangeLog --- squid-2.5.STABLE8-RC4/ChangeLog Fri Feb 4 07:46:15 2005 +++ squid-2.5.STABLE8/ChangeLog Fri Feb 11 04:25:14 2005 @@ -1,10 +1,10 @@ -Changes to squid-2.5.STABLE8 () +Changes to squid-2.5.STABLE8 (11 Feb 2005) - [Minor] 100% CPU usage on half-closed PUT/POST requests (Bug #354, #1096) - [Cosmetic] Document -v (protocol version) option to LDAP helpers - [Minor] The new req_header and resp_header acls segfaults - immediately on parse of squid.conf + immediately on parse of squid.conf (Bug #961) - [Minor] Failure to shut down busy helpers on -k rotate/reconfigure (Bug #1118) - [Minor] Don't use O_NONBLOCK on disk files. (Bug #1102) @@ -13,6 +13,7 @@ - [Minor security] Random error messages in response to malformed host name (Bug #1143) - [Minor] PURGE should not be able to delete internal objects + (Bug #1112) - [Minor] httpd_accel_port 0 (virtual) not working correctly (Bug #1121) - [Minor] cachemgr vm_objects segfault (Bug #1149) @@ -44,7 +45,10 @@ - [Major] Segmentation fault on failed PUT/POST requests (Bug #1224) - [Medium] Persistent connection mismatch on failed PUT/POST request (Bug #1122) - - [Minor] WCCP easily disturbed by forged packets + - [Minor] WCCP easily disturbed by forged packets (Bug #1225) + - [Minor] Password management in ftp:// gatewaying improved (Bug #1226) + - [Major] HTTP reply data corruption in certain situations involving + reply headers split over multiple packets (Bug #1233) Changes to squid-2.5.STABLE7 (11 Oct 2004) diff -ruN squid-2.5.STABLE8-RC4/configure squid-2.5.STABLE8/configure --- squid-2.5.STABLE8-RC4/configure Fri Feb 4 07:54:34 2005 +++ squid-2.5.STABLE8/configure Fri Feb 11 04:30:17 2005 @@ -1000,7 +1000,7 @@ # Define the identity of the package. PACKAGE=squid -VERSION=2.5.STABLE8-RC4 +VERSION=2.5.STABLE8 cat >> confdefs.h <&6 echo "configure:1057: checking whether to enable maintainer-specific portions of Makefiles" >&5 # Check whether --enable-maintainer-mode or --disable-maintainer-mode was given. diff -ruN squid-2.5.STABLE8-RC4/configure.in squid-2.5.STABLE8/configure.in --- squid-2.5.STABLE8-RC4/configure.in Fri Feb 4 07:54:34 2005 +++ squid-2.5.STABLE8/configure.in Fri Feb 11 04:30:17 2005 @@ -3,15 +3,15 @@ dnl dnl Duane Wessels, wessels@nlanr.net, February 1996 (autoconf v2.9) dnl -dnl $Id: configure.in,v 1.251.2.77 2005/02/04 14:39:49 hno Exp $ +dnl $Id: configure.in,v 1.251.2.78 2005/02/11 11:25:14 hno Exp $ dnl dnl dnl AC_INIT(src/main.c) AC_CONFIG_AUX_DIR(cfgaux) -AM_INIT_AUTOMAKE(squid, 2.5.STABLE8-RC4) +AM_INIT_AUTOMAKE(squid, 2.5.STABLE8) AM_CONFIG_HEADER(include/autoconf.h) -AC_REVISION($Revision: 1.251.2.77 $)dnl +AC_REVISION($Revision: 1.251.2.78 $)dnl AC_PREFIX_DEFAULT(/usr/local/squid) AM_MAINTAINER_MODE diff -ruN squid-2.5.STABLE8-RC4/helpers/basic_auth/LDAP/squid_ldap_auth.c squid-2.5.STABLE8/helpers/basic_auth/LDAP/squid_ldap_auth.c --- squid-2.5.STABLE8-RC4/helpers/basic_auth/LDAP/squid_ldap_auth.c Thu Feb 3 16:08:06 2005 +++ squid-2.5.STABLE8/helpers/basic_auth/LDAP/squid_ldap_auth.c Sat Feb 5 03:53:07 2005 @@ -88,7 +88,6 @@ #include #include #include - #include "util.h" #define PROGRAM_NAME "squid_ldap_auth" @@ -121,6 +120,10 @@ static int readSecret(const char *filename); /* Yuck.. we need to glue to different versions of the API */ + +#ifndef LDAP_NO_ATTRS +#define LDAP_NO_ATTRS "1.1" +#endif #if defined(LDAP_API_VERSION) && LDAP_API_VERSION > 1823 static int diff -ruN squid-2.5.STABLE8-RC4/helpers/external_acl/ldap_group/squid_ldap_group.c squid-2.5.STABLE8/helpers/external_acl/ldap_group/squid_ldap_group.c --- squid-2.5.STABLE8-RC4/helpers/external_acl/ldap_group/squid_ldap_group.c Thu Feb 3 16:14:41 2005 +++ squid-2.5.STABLE8/helpers/external_acl/ldap_group/squid_ldap_group.c Sat Feb 5 03:53:07 2005 @@ -78,6 +78,10 @@ /* Yuck.. we need to glue to different versions of the API */ +#ifndef LDAP_NO_ATTRS +#define LDAP_NO_ATTRS "1.1" +#endif + #if defined(LDAP_API_VERSION) && LDAP_API_VERSION > 1823 static int squid_ldap_errno(LDAP * ld) diff -ruN squid-2.5.STABLE8-RC4/include/version.h squid-2.5.STABLE8/include/version.h --- squid-2.5.STABLE8-RC4/include/version.h Fri Feb 4 07:54:34 2005 +++ squid-2.5.STABLE8/include/version.h Fri Feb 11 04:30:17 2005 @@ -9,5 +9,5 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1107528871 +#define SQUID_RELEASE_TIME 1108121414 #endif diff -ruN squid-2.5.STABLE8-RC4/src/HttpHeader.c squid-2.5.STABLE8/src/HttpHeader.c --- squid-2.5.STABLE8-RC4/src/HttpHeader.c Tue Jan 25 06:36:52 2005 +++ squid-2.5.STABLE8/src/HttpHeader.c Thu Feb 10 03:07:05 2005 @@ -1,6 +1,6 @@ /* - * $Id: HttpHeader.c,v 1.74.2.23 2005/01/25 13:36:52 hno Exp $ + * $Id: HttpHeader.c,v 1.74.2.24 2005/02/10 10:07:05 hno Exp $ * * DEBUG: section 55 HTTP Header * AUTHOR: Alex Rousskov @@ -431,8 +431,11 @@ if (field_end > this_line && field_end[-1] == '\r') { field_end--; /* Ignore CR LF */ /* Ignore CR CR LF in relaxed mode */ - if (Config.onoff.relaxed_header_parser && field_end > this_line + 1 && field_end[-1] == '\r') + if (Config.onoff.relaxed_header_parser && field_end > this_line + 1 && field_end[-1] == '\r') { + debug(55, Config.onoff.relaxed_header_parser <= 0 ? 1 : 2) + ("WARNING: Double CR characters in HTTP header {%s}\n", getStringPrefix(field_start, field_end)); field_end--; + } } /* Barf on stray CR characters */ if (memchr(this_line, '\r', field_end - this_line)) { @@ -461,16 +464,18 @@ return httpHeaderReset(hdr); } if (e->id == HDR_CONTENT_LENGTH && (e2 = httpHeaderFindEntry(hdr, e->id)) != NULL) { - if (strCmp(e->value, strBuf(e2->value)) != 0) { + if (!Config.onoff.relaxed_header_parser || strCmp(e->value, strBuf(e2->value)) != 0) { debug(55, 1) ("WARNING: found two conflicting content-length headers\n"); httpHeaderEntryDestroy(e); return httpHeaderReset(hdr); } else { - debug(55, 2) ("NOTICE: found double content-length header\n"); + debug(55, Config.onoff.relaxed_header_parser <= 0 ? 1 : 2) + ("NOTICE: found double content-length header\n"); } } if (e->id == HDR_OTHER && stringHasWhitespace(strBuf(e->name))) { - debug(55, 1) ("WARNING: found whitespace in HTTP header name {%s}\n", getStringPrefix(field_start, field_end)); + debug(55, Config.onoff.relaxed_header_parser <= 0 ? 1 : 2) + ("WARNING: found whitespace in HTTP header name {%s}\n", getStringPrefix(field_start, field_end)); if (!Config.onoff.relaxed_header_parser) { httpHeaderEntryDestroy(e); return httpHeaderReset(hdr); @@ -1103,7 +1108,8 @@ return NULL; } if (Config.onoff.relaxed_header_parser && xisspace(field_start[name_len - 1])) { - debug(55, 1) ("NOTICE: Whitespace after header name in '%s'\n", getStringPrefix(field_start, field_end)); + debug(55, Config.onoff.relaxed_header_parser <= 0 ? 1 : 2) + ("NOTICE: Whitespace after header name in '%s'\n", getStringPrefix(field_start, field_end)); while (name_len > 0 && xisspace(field_start[name_len - 1])) name_len--; if (!name_len) diff -ruN squid-2.5.STABLE8-RC4/src/cache_cf.c squid-2.5.STABLE8/src/cache_cf.c --- squid-2.5.STABLE8-RC4/src/cache_cf.c Sat Sep 25 05:56:16 2004 +++ squid-2.5.STABLE8/src/cache_cf.c Thu Feb 10 03:07:05 2005 @@ -1,6 +1,6 @@ /* - * $Id: cache_cf.c,v 1.396.2.18 2004/09/25 11:56:16 hno Exp $ + * $Id: cache_cf.c,v 1.396.2.19 2005/02/10 10:07:05 hno Exp $ * * DEBUG: section 3 Configuration File Parsing * AUTHOR: Harvest Derived @@ -1841,8 +1841,36 @@ } #define free_onoff free_int -#define dump_eol dump_string -#define free_eol free_string + +static void +dump_tristate(StoreEntry * entry, const char *name, int var) +{ + const char *state; + if (var > 0) + state = "on"; + else if (var < 0) + state = "warn"; + else + state = "off"; + storeAppendPrintf(entry, "%s %s\n", name, state); +} + +static void +parse_tristate(int *var) +{ + char *token = strtok(NULL, w_space); + + if (token == NULL) + self_destruct(); + if (!strcasecmp(token, "on") || !strcasecmp(token, "enable")) + *var = 1; + else if (!strcasecmp(token, "warn")) + *var = -1; + else + *var = 0; +} + +#define free_tristate free_int static void dump_refreshpattern(StoreEntry * entry, const char *name, refresh_t * head) @@ -2019,6 +2047,10 @@ self_destruct(); *var = xstrdup((char *) token); } + +#define dump_eol dump_string +#define free_eol free_string + static void dump_time_t(StoreEntry * entry, const char *name, time_t var) diff -ruN squid-2.5.STABLE8-RC4/src/cf.data.pre squid-2.5.STABLE8/src/cf.data.pre --- squid-2.5.STABLE8-RC4/src/cf.data.pre Mon Jan 24 17:15:53 2005 +++ squid-2.5.STABLE8/src/cf.data.pre Thu Feb 10 03:07:05 2005 @@ -1,6 +1,6 @@ # -# $Id: cf.data.pre,v 1.245.2.83 2005/01/25 00:15:53 hno Exp $ +# $Id: cf.data.pre,v 1.245.2.84 2005/02/10 10:07:05 hno Exp $ # # # SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -4036,19 +4036,21 @@ DOC_END NAME: relaxed_header_parser -COMMENT: on|off -TYPE: onoff +COMMENT: on|off|warn +TYPE: tristate LOC: Config.onoff.relaxed_header_parser DEFAULT: on DOC_START - Set this to off if you want Squid to be strict about - the HTTP protocol syntax and reject non-compliant requests - or responses. - In the default "on" setting Squid accepts certain forms - of non-compliant HTTP messages where it is unambigous - what the sending application indended even if the message + of non-compliant HTTP messages where it is unambiguous + what the sending application intended even if the message is not correctly formatted. The messages is then normalized to the correct form when forwarded by Squid. + + If set to "warn" then a warning will be emitted in cache.log + each time such HTTP error is encountered. + + If set to "off" then such HTTP errors will cause the request + or response to be rejected. DOC_END EOF diff -ruN squid-2.5.STABLE8-RC4/src/ftp.c squid-2.5.STABLE8/src/ftp.c --- squid-2.5.STABLE8-RC4/src/ftp.c Fri Jan 21 04:52:01 2005 +++ squid-2.5.STABLE8/src/ftp.c Sat Feb 5 17:53:29 2005 @@ -1,6 +1,6 @@ /* - * $Id: ftp.c,v 1.316.2.16 2005/01/21 11:52:01 hno Exp $ + * $Id: ftp.c,v 1.316.2.17 2005/02/06 00:53:29 hno Exp $ * * DEBUG: section 9 File Transfer Protocol (FTP) * AUTHOR: Harvest Derived @@ -327,9 +327,10 @@ if ((s = strchr(ftpState->user, ':'))) { *s = 0; xstrncpy(ftpState->password, s + 1, MAX_URL); - if (escaped) + if (escaped) { rfc1738_unescape(ftpState->password); - ftpState->password_url = 1; + ftpState->password_url = 1; + } } else { xstrncpy(ftpState->password, null_string, MAX_URL); } @@ -2443,7 +2444,10 @@ case SENT_USER: case SENT_PASS: if (ftpState->ctrl.replycode > 500) - err = errorCon(ERR_FTP_FORBIDDEN, HTTP_FORBIDDEN); + if (ftpState->password_url) + err = errorCon(ERR_FTP_FORBIDDEN, HTTP_FORBIDDEN); + else + err = errorCon(ERR_FTP_FORBIDDEN, HTTP_UNAUTHORIZED); else if (ftpState->ctrl.replycode == 421) err = errorCon(ERR_FTP_UNAVAILABLE, HTTP_SERVICE_UNAVAILABLE); break; diff -ruN squid-2.5.STABLE8-RC4/src/http.c squid-2.5.STABLE8/src/http.c --- squid-2.5.STABLE8-RC4/src/http.c Thu Feb 3 17:30:01 2005 +++ squid-2.5.STABLE8/src/http.c Fri Feb 11 03:52:59 2005 @@ -1,6 +1,6 @@ /* - * $Id: http.c,v 1.384.2.27 2005/02/04 00:30:01 hno Exp $ + * $Id: http.c,v 1.384.2.28 2005/02/11 10:52:59 hno Exp $ * * DEBUG: section 11 Hypertext Transfer Protocol (HTTP) * AUTHOR: Harvest Derived @@ -399,7 +399,7 @@ { StoreEntry *entry = httpState->entry; size_t hdr_len; - size_t hdr_size = headersEnd(buf, size); + size_t hdr_size; HttpReply *reply = entry->mem_obj->reply; Ctx ctx = ctx_enter(entry->mem_obj->url); debug(11, 3) ("httpProcessReplyHeader: key '%s'\n", @@ -407,10 +407,7 @@ if (memBufIsNull(&httpState->reply_hdr)) memBufDefInit(&httpState->reply_hdr); assert(httpState->reply_hdr_state == 0); - if (hdr_size) - memBufAppend(&httpState->reply_hdr, buf, hdr_size); - else - memBufAppend(&httpState->reply_hdr, buf, size); + memBufAppend(&httpState->reply_hdr, buf, size); hdr_len = httpState->reply_hdr.size; if (hdr_len > 4 && strncmp(httpState->reply_hdr.buf, "HTTP/", 5)) { debug(11, 3) ("httpProcessReplyHeader: Non-HTTP-compliant header: '%s'\n", httpState->reply_hdr.buf); @@ -421,8 +418,7 @@ ctx_exit(ctx); return; } - if (hdr_size != hdr_len) - hdr_size = headersEnd(httpState->reply_hdr.buf, hdr_len); + hdr_size = headersEnd(httpState->reply_hdr.buf, hdr_len); if (hdr_size) hdr_len = hdr_size; if (hdr_len > Config.maxReplyHeaderSize) {