Boost redirector cache.log message to indicate <NULL> also received when
redirector returns an empty URL as destination.
Was just when NULL pointer received.
Do not disable ICAP preview by default. Now, by default, the preview will be
used for ICAP servers that request it. For a discussion, please see
http://www.squid-cache.org/mail-archive/squid-dev/200709/0066.html
Warn users that multiple ICAP services per icap_class are not yet supported.
Despite the warning, we still allow them in the configuration file, but that
may change. This warning may help to make the transition smoother.
Forward port of latest tproxy changes from SQUID 2:
- Automatically disable tproxy if the needed capabilities could not be set
- Keep the permitted set unless root privileges is completely dropped (chroot),
as is normally done when not using capabilities. This fixes file permissions
regarding the pid file.
- Test for sys/capability.h linux include file to avoid failing on systems missing libcap
Fix a compile-time memory corruption error causing cf_gen to fail
The change to include dependency tracking had a small memory allocation
error resulting in memory corruption, causing cf_gen to fail during the
compile on some platforms/compilers.
Polished "Major new features" list to downplay the importance of ESI and
related code changes (because nobody currently supports ESI modifications
amd they have known bugs).
Did not update the .html version for the lack of linuxdoc installation.
Author: Thomas-Martin Seck <tmseck@netcologne.de>
Bug #2071: SNMP not enabled on FreeBSD on some other systems
While investigating the SNMP linking issue, I noticed that configure.in contains
a bashism that will effectively disable SNMP support in environments where bash
is not present (e.g. a bare FreeBSD environment with a rather puristic
/bin/sh).
Bug 2067: do not print "aborting on premature eof" messages at debug level 1.
This messages are printed, for example, whenever the origin server closes
the connection prematurely. No need to warn the cache admin about such events.
More squid.conf reordering to get the dependencies between options sorted proper
this patch also adds an automatic dependency verification to cf_gen,
reducing the risk of this kind of confusing ordering of the directives.
driven by the new cf.data.depend file listing the directive types and
their dependencies.
Adjust default pconn timeouts to avoid shutting down connection while child sends request
The default pconn_timeout / persistent_request_timeout values was selected
a bit unfortunate. persistent_request_timeout should be bigger than
pconn_timeout, or we may risk closing the connection while a child sends
the next request.
There seems to be a race condition which may leave small objects (<4KB) in an
inconsistent internal state where Squid thinks the object is kept in memory
but part of it has been freed..
hno [Thu, 30 Aug 2007 19:50:24 +0000 (19:50 +0000)]
Bug #2058: deny_info TCP_RESET crashes squid
There was a race condition in request processing, easily triggered by using
deny_info TCP_RESET and denying access. It's very likely the problem could
also be triggered by other conditions where Squid very quickly closes the
client connection.
Was caused by a malplaced isClosed() condition. Moved this down to after the
request processing where it belongs.
This patch also adds some safeguards make further request processing stop and
avoid risking referencing the fd as valid after close.
Additionally connStateFree was renamed to the more appropriate connStateClosed
as all it does is to make the connState aware that the underlying fd has been
closed.
hno [Thu, 30 Aug 2007 19:15:13 +0000 (19:15 +0000)]
Bug #2028: Segmentation fault on http_reply_access deny
http_reply_access deny triggered an infinite recursion, eventually ending
up in a segmentation fault.
This patch builds on the previous patch to also exclude http_reply_access
deny error responses from further http_reply_access processing.
Note: When a request is denied by http_reply_access the internal client is
reset to attach it to the error page instead, making http_reply_access be
invoked again on the error.
hno [Thu, 30 Aug 2007 19:03:42 +0000 (19:03 +0000)]
Bug #2028: FATAL error if using http_reply_access in combination with authentication
The attached patch bypasses http_reply_access on access denied messages
generated by this Squid, and also optimizes processing slightly in the
common case of not using any http_reply_access rules at all.
hno [Thu, 30 Aug 2007 04:58:26 +0000 (04:58 +0000)]
Kill the test referring to get_epoll-lib.sh, it's not needed.
Test was broken, and
a) Only triggers if the undocumented --enable-epoll option is used
b) The script isn't even distributed with Squid-3, only Squid-2.
c) I think it's fair to let admins insisting on using epoll on a system not
built with epoll support have to do a bit of homework.
hno [Wed, 29 Aug 2007 04:35:29 +0000 (04:35 +0000)]
Bug #2057: NTLM stop work in messengers after upgrade to squid 2.6 stable 14
There is clients out there who only signal keep-alive during the NTLM
handshake, not on the final request. For example seen on CONNECT requests.
This patch makes Squid automatically fall back on Basic/Digest if NTLM
or Negotiate authentication can not be performed. Detected by seeing a
challenge from the helper on a non-persistent connection.