Bug 3405: ssl_crtd crashes failing to remove certificate
- Try to update the index file in all cases the database modified
rows. Currently we are using the new operator.
- The find operator in database should not modify the database. Currently
if an entry is expired, ssl_crtd removes the cert file but does not
update the index file.
- Fix a small memory leak when remove entries from database: A row object
removed from TXT_DB indexes but never released.
This patch:
* Use OPENSSL_malloc and OPENSSL_free to allocate/release memory for
TXT_DB rows. OpenSSL SDK assumes that always allocated using these
functions.
* Add code in Ssl::CertificateDb::Row destructor to correctly release
a TXT_DB row.
* Add the sq_TXT_DB_delete and sq_TXT_DB_delete_row functions which
removes a row from TXT_DB indexes.
Amos Jeffries [Sun, 28 Oct 2012 05:27:14 +0000 (23:27 -0600)]
Remove Bungled warning on missing component directives
* Make Squid display a ERROR notice and ignore squid.conf directives
which belong to components disabled at build time instead of throwing
up 'FATAL: Bungled' message and aborting.
* Polish the 'requires X' message text for better display of cases like
'requires MS Windows' and 'requires Linux'
* Add 'requires X' message for --enable-auth, --enable-eui, and
--enable-ssl-crtd which were missing.
* Add debug 'filename' for if-none and postscriptum logging
Amos Jeffries [Sun, 28 Oct 2012 05:25:21 +0000 (23:25 -0600)]
Add constructore/destructor for Mgr::ActionPasswordList
Missing constructor for Mgr::ActionPasswordList resulted in invalid values
for next pointer and segmentation fault parsing multiple cachemgr_passwd
directives.
Missing destructor resulted in memory leaks on reconfigure and shutdown.
Amos Jeffries [Sat, 20 Oct 2012 11:29:46 +0000 (05:29 -0600)]
Remove the refresh_pattern ignore-no-cache option
With the HTTP/1.1 Cache-Control:no-cache compliance upgrade this option became
obsolete. Its main use-case was to force caching of responses which contained this
control. Revalidation is now happening and no-cache objects are cached by default.
The one remaining effect of ignoring no-cache is to prevent no-cache from allowing
authenticated responses being cached. Which is the opposite of its usually expected
result and allowing that change of behaviour would be counter productive.
Amos Jeffries [Sat, 20 Oct 2012 06:29:43 +0000 (00:29 -0600)]
HTTP/1.1: Cache-Control compliance upgrade
trunk rev 11361 converted Cache-Control header from using a single mask
bitmap (shared by request and response) to separate CC header objects in
the request response. This conversion contained several regressions like
the one bug 3670 reports.
This patch:
* documents HttpStateData::cacheableReply() clarifying the overall
method action and what each individual check it doing.
* resolves several visible regressions, including bug 3670.
* extends the caching to handle the "no-cache" controls as per HTTP/1.1
(MAY store, but MUST revalidate before use).
* extends the caching for several lesser known cases of "MAY store"
exemptions handling authenticated transactions.
* removes an old hack handling Pragme:no-cache (undefined in HTTP/1.1)
One side effect of now caching transactions utilizing "no-cache" is that
hacks around Pragma:no-cache are reduced to only having any effect when
Cache-Control is absent. Reducing their performance cost. And now require
--enable-http-violations is built in since HTTP/1.1 states that
response Pragma are not defined and thus SHOULD be ignored.
Amos Jeffries [Tue, 16 Oct 2012 23:46:45 +0000 (17:46 -0600)]
HTTP/1.1: honour Cache-Control before Pragma:no-cache
HTTPbis WG clarifications on the interaction between Cache-Control and
Pragma specify that Cache-Control may be explicitly crafted to allow
conditional caching by HTTP/1.1 caches and Pragma:no-cache supplied to
prevent caching by older HTTP/1.0 caches unable to understand the
Cache-Control properly.
Squid does obey Cache-Control. So we can deprecate Pragma to the side
cases when Cache-Control is absent entirely.
Alex Rousskov [Tue, 16 Oct 2012 23:46:07 +0000 (17:46 -0600)]
Reverted trunk r12255 changes. Provided a portable flexible arrays replacement.
Trunk r12255 made Clang compiler happy by removing flexible nonPod[] arrays.
Unfortunately, it also moved shared memory items into local memory (in some
cases uninitialized).
This change provides a Clang-friendly flexible array replacement while keeping
items in the shared memory (and using placement-new initialization). The code
may have become even less readable, but hopefully more portable.
N.B. Flexible arrays were introdiced in C99 standard, after C++ was
standardized in 1998. They are not yet in any revised C++ standard, but most
C++ compilers support them, at least for PODs.
Alex Rousskov [Tue, 16 Oct 2012 23:43:54 +0000 (17:43 -0600)]
Allow a ufs cache_dir entry to coexist with a shared memory cache entry
... instead of being released when it becomes idle.
The original boolean version of the StoreController::dereference() code
(r11730) was written to make sure that idle unlocked local store_table entries
are released if nobody needs them (to avoid creating inconsistencies with
shared caches that could be modified in a different process).
Then, in r11786, we realized that the original code was destroying non-shared
memory cache entries if there were no cache_dirs to vote for keeping them in
store_table. I fixed that by changing the StoreController::dereference() logic
from "remove if nobody needs it" to "remove if somebody objects to keeping
it". That solved the problem at hand, but prohibited an entry to exist in
a non-shared cache_dir and in a shared memory cache at the same time.
We now go back to the original "remove if nobody needs it" design but also
give non-shared memory cache a vote so that it can protect idle but suitable
for memory cache entries from being released if there are no cache_dirs to
vote for them.
This is a second revision of the fix. The first one (r12231) was reverted
because it did not pass tests/testRock unit tests on some platforms. The unit
tests assume that the entry slot is not locked after the entry is stored, but
the first revision of the fix allowed idle entries to remain in store_table
and, hence, their slots were locked and could not be replaced, causing
assertions. This revision allows the idle entry to be destroyed (and its slot
unlocked) if [non-shared] memory caching is disabled.
It is not clear why only some of the platforms were affected by this. Should
not memory caching be disabled everywhere during testRock (because testRock
does not set memory cache capacity and memory cache entry size limits)?
Amos Jeffries [Sat, 13 Oct 2012 06:07:11 +0000 (00:07 -0600)]
Portability: pass OS name to helper config.test scripts
This will help us perform OS-specific enable/disable rather than having
to identify some software or file that SHOULD exist only in those OS, but
which might exist elsewhere for weird reasons (ie windows.h).
NP: the $@ which was being passed was unused by any current config.test
Removed it and converted to fixed-position parameters for easier
script development.
Amos Jeffries [Sat, 13 Oct 2012 06:01:01 +0000 (00:01 -0600)]
Portability: permit eCAP build without pkg-config
Windows does not have a port of pkg-config, other OS may be in the same
situation. That only impacts on Squids ability to confirm the library
version not on its ability to link and use it.
This reduces some configure errors to warnings when pkg-config is not
located on the local system.
Amos Jeffries [Wed, 10 Oct 2012 01:36:31 +0000 (19:36 -0600)]
Portability: support customization of --prefix= via compat/autoconf.h
Rather than defining DEFAULT_PREFIX on the compiler command line this
builds its value into autoconf.h for use whenever needed. Avoiding
potential issues with buggy Makefile.am coding.
Also allows the --prefix value to be sourced from the autoconf internal
default settings instead of requiring a manual --prefix parameter for
SNMP module to build and link properly.
Removed unnecessary extern declarations.
Changed mismatching class/struct declaration in fde.h
Created default constructor for _fde_disk and moved there proper initialization
Removed some dead function declarations
Amos Jeffries [Wed, 3 Oct 2012 00:44:13 +0000 (12:44 +1200)]
Fix website config display of default settings
The website page cfgman builder script was omitted when adding the
DEFAULT_DOC parameter and making DEFAULT / DEFAULT_IF_NONE support
multi-line values.
Amos Jeffries [Tue, 2 Oct 2012 02:18:50 +0000 (14:18 +1200)]
Bug 3130: helpers are crashing too rapidly
As discussed quite many months ago. This reduces the FATAL when helpers
crash/exit to a critical level ERROR have responded with useful reply to
at least one lookup.
The result is that Squid can now cope with helpers written in languages
which cannot loop infinitely. For example; PHP helpers often exit after
a timeout, broken scripts written to respond and exit immediately,
and helpers which encounter some permissions error and respond only with
"ERR" or "BH" results before aborting.
Amos Jeffries [Tue, 2 Oct 2012 01:55:36 +0000 (13:55 +1200)]
Polish: de-duplicate helper statistics objects
* Combine the stats structure on per-helper server classes. For more
consistent statistic gathering.
* Add initStats() method to initialize statistics variables correctly.
Previously only done for some counters on stateless helper objects.
* Add missing accounting of pending lookups in stateful helper code.
* Add counter for replies received from the helper.
* Add reporting of replies received back from each helper.
There are no logic or decision making logics affected by these changes.
The new increment/decrement and stats are purely affecting statistical
report outputs.
FUTURE TODO:
* replace the 'busy' flag on stateful helpers with pending>0 check
as used by stateless helpers to indicate queue count.
Amos Jeffries [Mon, 1 Oct 2012 22:47:10 +0000 (10:47 +1200)]
Cleanup: remove a wrong TODO
Squid may need to use the hop-by-hop response headers. This is too early
to be removing them. the right place is in client-side before delivering
to the client. Squid already contains code to do it there.
Fixes one minor memory leak when IPv6 is disabled and parsing an IPv6
address. For example the default localhost ACL ::1 value.
Caught by Valgrind:
==26647== 384 bytes in 4 blocks are definitely lost in loss record 1,132 of 1,726
==26647== at 0x4C25A28: calloc (vg_replace_malloc.c:467)
==26647== by 0x65B441: xcalloc (xalloc.cc:75)
==26647== by 0x657B99: MemPoolMalloc::allocate() (MemPoolMalloc.cc:62)
==26647== by 0x5A95B1: acl_ip_data::FactoryParse(char const*) (Ip.h:66)
==26647== by 0x5AA8BD: ACLIP::parse() (Ip.cc:523)
==26647== by 0x5E0A80: ACL::ParseAclLine(ConfigParser&, ACL**) (Acl.cc:174)
==26647== by 0x4B0C0F: parse_line(char*) (cache_cf.cc:1252)
==26647== by 0x4B2076: parseOneConfigFile(char const*, unsigned int) (cache_cf.cc:518)
==26647== by 0x4B29D0: parseConfigFile(char const*) (cache_cf.cc:558)
==26647== by 0x546B81: SquidMain(int, char**) (main.cc:1372)
==26647== by 0x547445: main (main.cc:1215)
Regression fix: Handle dstdomain duplicates and overlapping names better
Since 3.2 changes to dstdomain overlap detection teh case of duplicate
wildcards has become a fatal error needlessly.
This silently ignores all exact duplicates, even if they are wildcards.
Also, adjust the message display to always display the longer of the
domains first. Since we are dealing with sub-domains it is the most
reliable indicator of which should be removed to safely fix the detected
issue.
Clarified some comments in HttpHeaderFieldStat
Sorted class forward declarations in HTtpHeaderTools
Fixed debug in RequestFlags.cc
Properly indented constructor in RequestFlags.h
class-ified AclAddress
projects / thirdparty / squid.git / log
