Author: Alex Rousskov
Revision Date: 2017-07-12 18:03:11 UTC

Made clang happier after r15240: no type named vector in namespace std.

Author: Amos Jeffries
Revision Date: 2017-07-01 23:22:53 UTC

Fix build on FreeBSD after rev.14180

RefCount<> does not support assignment from nullptr with C++03

Author: Amos Jeffries
Revision Date: 2017-07-02 08:07:43 UTC

4.0.21

Author: Amos Jeffries
Revision Date: 2017-07-09 14:32:27 UTC

Sync with v5 r15238

Author: Alex Rousskov
Revision Date: 2017-07-06 19:19:42 UTC

Removed all differences with v5 r15230

... remaining after (or made by) bag1 r12459.

Author: Amos Jeffries
Revision Date: 2017-07-02 08:07:43 UTC

4.0.21

Author: Christos Tsantilas
Revision Date: 2017-06-29 07:26:24 UTC

Try fixing compile problems after r13879

Author: Amos Jeffries
Revision Date: 2017-06-12 07:15:43 UTC

Add debugs to trace DNS query I/O

Author: Andreas Weigel
Revision Date: 2017-06-09 13:50:03 UTC

fix option --foreground to implement expactable behavior

new, consolidated behavior:
* -N: The initial process is a master and a worker process.
      No kids.
      No daemonimization.

* --foreground: The initial process is the master process.
      One or more worker kids (depending on workers=N).
      No daemonimization.

* neither: The initial process double-forks the master process.
      One or more worker kids (depending on workers=N).
      Daemonimization.

rename InDaemonMode to UsingDedicatedMaster
   and opt_no_daemon to opt_use_single_process to make the code less confusing

update squid release notes to reflect new behavior

Author: Alex Rousskov
Revision Date: 2017-05-30 15:46:29 UTC

Count failures and use peer-specific connect timeouts when tunneling.

Same as v4 r15025.

Author: Amos Jeffries
Revision Date: 2017-05-23 10:26:53 UTC

Use Http::ProtocolVersion in config parsing

Author: Alex Rousskov
Revision Date: 2017-05-22 17:28:31 UTC

Do not unconditionally revive dead peers after a DNS refresh.

A simpler version of v5 r15145 (and bag14 r14071).

Author: Alex Rousskov
Revision Date: 2017-05-19 17:41:16 UTC

Assorted fixes and improvements accumulated for several years.

Author: Markus Moeller
Revision Date: 2017-04-06 23:13:58 UTC

Update to latest revision

Author: Amos Jeffries
Revision Date: 2017-03-24 17:58:41 UTC

Replace non-standard uint type with unsigned int

Author: Gary.Wang
Revision Date: 2017-03-17 07:56:35 UTC

To keep it consistent, change src/ipc/Port.cc to honor the new DEFAULT_IPC_PREFIX.

Author: Gary.Wang
Revision Date: 2017-02-25 09:34:28 UTC

Enable to package and compile squid in snap world.

1.Added conditional for snap packaging by testing "--enable-snap".
As all services run as root thanks to confinement in snap world,
so we need to get rid of uid, gid configured,
otherwise there will be bunch of apparmor DENIED issue when running
this snap in confined mode.
2.Fixed bunch of critical conf file reading path.
3.Make sure writeable path for some file reading. e.g pidfile
4.Make sure sem_open available inside snap. see
    https://bugs.launchpad.net/snappy/+bug/1653955

Author: eduard-bagdasaryan
Revision Date: 2017-01-30 13:50:37 UTC

Autoformatted.

Author: Garri Djavadyan
Revision Date: 2016-12-17 13:56:49 UTC

Bug 4169: HIT marked as MISS when If-None-Match does not match

Author: Garri Djavadyan
Revision Date: 2016-12-17 12:59:41 UTC

Bug 4169: HIT marked as MISS when If-None-Match does not match

Author: Amos Jeffries
Revision Date: 2016-12-17 06:37:44 UTC

Do not override user defined -std option

Author: Amos Jeffries
Revision Date: 2016-11-24 00:12:12 UTC

Refactor TE parser to multitask as Paxxer (ie. Parser and Packer)

Author: Amos Jeffries
Revision Date: 2016-10-11 06:11:52 UTC

QA: Regenerate layer-02-maximus

Author: Amos Jeffries
Revision Date: 2016-10-07 07:23:38 UTC

fix build error after merge

Author: eduard-bagdasaryan
Revision Date: 2016-07-15 22:05:22 UTC

Auto-formatted

Author: eduard-bagdasaryan
Revision Date: 2016-07-06 08:07:55 UTC

Merged from trunk r14734

Author: Celso Providelo
Revision Date: 2016-06-16 17:20:04 UTC

Snapcraft setup.

Author: Amos Jeffries
Revision Date: 2016-05-08 12:42:55 UTC

Bug 4515: regression after CVE-2016-4554 patch

Author: Amos Jeffries
Revision Date: 2016-04-22 19:19:10 UTC

Merged from trunk rev.14652

Author: Amos Jeffries
Revision Date: 2016-04-14 12:48:08 UTC

Merged from trunk rev.14641

Author: Francesco Chemolli
Revision Date: 2016-03-16 17:24:55 UTC

Merged from trunk

Author: Francesco Chemolli
Revision Date: 2016-03-15 15:00:41 UTC

Merged from trunk

Author: Francesco Chemolli
Revision Date: 2016-03-15 08:51:58 UTC

Merged from trunk

Author: Francesco Chemolli
Revision Date: 2016-03-15 08:42:40 UTC

Merged from trunk

Author: Alex Rousskov
Revision Date: 2016-03-11 17:10:47 UTC

Polished to address official review concerns.

No functionality changes expected.

Author: Amos Jeffries
Revision Date: 2016-03-02 15:14:11 UTC

Merged from trunk rev.14574

Author: Francesco Chemolli
Revision Date: 2016-02-10 09:54:52 UTC

Merged from trunk

Author: Amos Jeffries
Revision Date: 2016-01-14 14:13:23 UTC

Fix libbase.la SOURCES listing

Now that automake is managing the dependencies based on SOURCES and LDADD
automatically instead of manual DEPENDENCIES lists it is sensitive to
missing object references in those lists.

Sort alphabetically and add missing entries to the libbase SOURCES list.

Author: Francesco Chemolli
Revision Date: 2016-01-02 15:49:12 UTC

added missing files

Author: Francesco Chemolli
Revision Date: 2015-12-09 15:46:10 UTC

Fix argument types for toupper in smblib.c

Author: Francesco Chemolli
Revision Date: 2015-10-29 13:46:50 UTC

Removed useless includes and leftover declarations

Author: Francesco Chemolli
Revision Date: 2015-09-04 14:50:21 UTC

Fix permissions

Author: Pavel Timofeev
Revision Date: 2015-08-10 12:00:13 UTC

Clang-3.6 fixes in eCAP adaptation

Author: Christos Tsantilas
Revision Date: 2015-06-08 16:31:06 UTC

Fix assertion String.cc:221: "str"

This bug can be caused by certificates does not contain a CN field. In this
case the Ssl::ErrorDetail::cn method may return NULL causing this assertion
somewhere inside Ssl::ErrorDetail::buildDetail method, which expects always
a non NULL value from Ssl::ErrorDetail::cn and similar methods.

This patch try to hardening the Ssl::ErrorDetail error formating functions to
avoid always check for NULL values and also avoid sending wrong information
for various certificate fields in the case of an error while extracting the
information from certificate..

This is a Measurement Factory project

same as squid-3.5 r13846

Author: Amos Jeffries
Revision Date: 2015-05-26 12:26:42 UTC

Make Packable API methods return an object

Preparation for merging with SBuf API. The append methods there need to
return an object to chain append() call. Returning a Packable& is
suitable for that need and harmless for the other objects that use it
(if not a useful addition for them).

Author: Christos Tsantilas
Revision Date: 2015-04-23 18:30:38 UTC

Secure ICAP

This patch adds support for ICAP services that require SSL/TLS transport
connections. The same options used for the cache_peer directive are used for
the icap_service directive, with similar certificate validation logic.

To mark an ICAP service as "secure", use an "icaps://" service URI scheme when
listing your service via an icap_service directive. The industry is using a
"Secure ICAP" term, and Squid follows that convention, but "icaps" seems more
appropriate for a _scheme_ name.

Squid uses port 11344 for Secure ICAP by default, following another popular
proxy convention. The old 1344 default for plain ICAP ports has not changed.

This is a Measurement Factory project

This is the t5 patch posted to squid-dev

Author: Source Maintenance
Revision Date: 2015-04-23 13:02:10 UTC

Docs: Update CONTRIBUTORS

Author: Amos Jeffries
Revision Date: 2015-04-14 05:11:21 UTC

Merge from trunk rev.14016

Author: Amos Jeffries
Revision Date: 2015-03-16 20:35:38 UTC

Merged from trunk

Author: Amos Jeffries
Revision Date: 2015-02-17 04:41:02 UTC

Remove -Wuninitialized from CFLAGS

GCC requires -O for this flag to be accepted. We want to allow users to
be able to select their own optimization level, so its not possible.

Author: Amos Jeffries
Revision Date: 2015-01-19 10:45:51 UTC

Add missing Makefiles

Author: Amos Jeffries
Revision Date: 2014-12-26 11:41:54 UTC

De-duplicate basic Negotiate, Kerberos and NTLM UserRequest objects

Make Kerberos and NTLM scheme UserRequest objects inherit from Negotiate
scheme's object and include all data members, and basic state accessors.
But not the core scheme operational methods.

Build the libnegotiate library whenever Kerberos or NTLM are built, but
only build Negotiate-specific code when Negotiate is allowed.

Author: Alex Rousskov
Revision Date: 2014-09-19 00:27:10 UTC

A hack to ease transition from legacy configurations
still using server_ssl_cert_fingerprint instead of server_cert_fingerprint.

Author: Amos Jeffries
Revision Date: 2014-09-02 15:00:30 UTC

Sync with trunk after branch merge

Author: Francesco Chemolli
Revision Date: 2014-08-26 21:01:21 UTC

Added some code to node iterators

Author: Alex Rousskov
Revision Date: 2014-08-26 15:58:49 UTC

Ignore Range headers with unidentifiable byte-range values.

Same as trunk r13555.

Author: Amos Jeffries
Revision Date: 2014-08-14 15:22:13 UTC

Merged from trunk rev.13532

Author: Alex Rousskov
Revision Date: 2014-06-25 00:16:52 UTC

Merged from trunk r13477
to get Collapsed Forwarding fixes.

Author: Francesco Chemolli
Revision Date: 2014-06-11 22:00:26 UTC

Benchmark implemented

Author: Joel Peláez Jorge
Revision Date: 2014-06-06 03:46:29 UTC

Update to master branch

Author: Francesco Chemolli
Revision Date: 2014-05-30 09:45:32 UTC

Merged from trunk

Author: Amos Jeffries
Revision Date: 2014-05-02 15:46:04 UTC

Drop remnant of structs.h

Author: Francesco Chemolli
Revision Date: 2014-04-27 16:17:24 UTC

Merged from trunk

Author: Amos Jeffries
Revision Date: 2014-03-25 03:50:59 UTC

copy rev.13325 from trunk

Author: Alex Rousskov
Revision Date: 2014-03-13 04:25:28 UTC

Added secure peer support to the steady connection pool feature
(cache_peer ... ssl steady=N).

Supply a fake HTTP OPTIONS request to getOutgoingAddress() and
GetMarkingsToServer() to make their ACLs happier. The request is also needed
for Ssl::PeerConnector's ErrorState generation code.

Polished/finalized Ssl::PeerConnector callback answer API.

Removed double-negotiateSsl() call from Ssl::PeerConnector. The old bug did
not manifest itself except under valgrind tests for some reason.

Author: Alex Rousskov
Revision Date: 2014-03-13 21:24:19 UTC

Avoid assertions on Range requests that trigger Squid-generated errors.

Same as trunk r13306.

Author: Alex Rousskov
Revision Date: 2014-02-28 22:55:05 UTC

Update documentation and move prefix injection hack

Author: Francesco Chemolli
Revision Date: 2014-02-12 14:32:36 UTC

Merged from trunk

Author: Alex Rousskov
Revision Date: 2014-01-21 00:47:55 UTC

Simplify SSL session cache label used for naming the shared segment
in hope to avoid "Permission denied" errors for that segment on some appliances.

Same as bag5 r12741.

Author: Christos Tsantilas
Revision Date: 2014-01-08 11:31:19 UTC

merge from trunk

Author: Francesco Chemolli
Revision Date: 2014-01-04 21:07:40 UTC

Added missing includes

Author: Alex Rousskov
Revision Date: 2013-11-29 18:14:15 UTC

Make SupportedVersion() arguments "consistent" and use the newly added SBuf.

Author: Amos Jeffries
Revision Date: 2013-10-27 02:18:05 UTC

Separate MD5 library detection from OpenSSL

Use a different automake macro $(MD5LIB) to represent the library
providing MD5 functionality. It is not always OpenSSL -lssl.

TODO:
 - make MD5 check obey --without-openssl. Currently always checks -lssl
 - add support for other libraries providing MD5
 - update SquidMD5 wrapper definition to operate cleanly with alternate
   library APIs.

Author: Francesco Chemolli
Revision Date: 2013-10-14 20:17:28 UTC

More unused parameters marked as such

Author: Alex Rousskov
Revision Date: 2013-06-06 16:44:00 UTC

Do not log bogus ERRORs when url_rewrite_access bypasses url_rewriter.

Same as trunk r12896.

Author: Alex Rousskov
Revision Date: 2013-05-17 02:23:45 UTC

Moved most of the helper queue overflow maintenance from callers into the helper class.
Documented overflow maintenance logic.

TODO: Make the queue limits configurable. Propagate changes to stateful helpers.
Remove remaining custom maintenance code from StoreID and URL rewriter helpers.

Author: Alex Rousskov
Revision Date: 2013-05-11 20:37:46 UTC

Merged from trunk r12804.

Author: Tim Perkins
Revision Date: 2013-03-24 05:53:08 UTC

Modified packaging files to enable ssl.

Author: Alex Rousskov
Revision Date: 2013-03-23 03:58:17 UTC

Support proper bootstrapping and "make dist".

Author: Alex Rousskov
Revision Date: 2013-03-23 02:07:38 UTC

Initial support for "values with spaces" in ACL directives.

Needs more work to support escape sequences, macros, and include files, but
can be disabled using "configuration_includes_quoted_values off" in squid.conf.

Needs better documentation.

Author: Amos Jeffries
Revision Date: 2013-03-03 12:29:52 UTC

Merge from trunk

Author: Christos Tsantilas
Revision Date: 2012-12-07 14:01:35 UTC

Fix to allow build on amd64-CentOs-icc

Author: Christos Tsantilas
Revision Date: 2012-12-07 13:42:26 UTC

Ssl::CertValidationMsg::parseResponse: fix parsed errors checking

The parsed SSL errors returned by cert validator checking was wrong and caused
the Ssl::CertValidationMsg::parseResponse method to return false on valid
messages

Author: Alex Rousskov
Revision Date: 2012-12-03 02:27:39 UTC

Fixed storing SSL session data in the shared cache.

i2d_SSL_SESSION() increments buffer pointer passed to it, so we cannot use
that pointer to retrieve buffer contents that i2d_SSL_SESSION() created.

And if the above increment did not happen (perhaps the increment is OpenSSL
version dependent?), our Ipc::MemMapSlot::set() was copying session data
pointed by "block" into Slot::p data member while "block" was already pointing
to p, violating memcpy() "no overlap" prerequisite.

Author: Christos Tsantilas
Revision Date: 2012-11-13 13:10:18 UTC

cert validation cache

The
 - investigates the LruMap template class which can be used to implement object
   caches in squid
 - Use LruMap as cache for SSL_CTX objects. The LocalContextStorage removed and
   replaced with a LruMap based class.
 - Use LruMap to cache cert validator responses. New parameters add to cert
   validator helper line to allow user control caching behaviour:
     ttl=n TTL in seconds for cached results.The default is 60 secs
     cache=n limit the result cache size. The default value is 2048

Author: Alex Rousskov
Revision Date: 2012-10-13 05:12:56 UTC

GCC v4.1.2 requires <new> for the placement-new operator to be declared.

Author: Alex Rousskov
Revision Date: 2012-08-30 18:01:27 UTC

Log TCP_IMS_HIT status when sending a hit due to If-None-Match mismatch.

We used to log TCP_MISS instead, which was wrong because this is a pure
hit case (the origin server is not contacted at all).

TODO: Consider adding a more precise/specific TCP_INM_HIT request status.

Author: Robert Collins
Revision Date: 2012-06-13 01:14:44 UTC

Backport the EXT_TAG external acl support.

Author: Alex Rousskov
Revision Date: 2012-03-06 03:57:40 UTC

Merged from parent (trunk r12075, v3.2.0.15+).

Author: Francesco Chemolli
Revision Date: 2011-10-19 09:20:07 UTC

Fixed css layout and table style rendering
Implemented table-ification of table contents and HTML quoting.

Author: Alex Rousskov
Revision Date: 2011-04-06 21:48:56 UTC

Polished request reading code to fix CONNECT double-read assertion
comm.cc:216: "fd_table[fd].halfClosedReader != NULL"

ConnStateData::flags.readMoreRequests, do_next_read variables, and
ClientSocketContext::mayUseConnection() methods were used (or unused!)
incorrectly or inconsistently.

This change removes all do_next_read variables to simplify the state. Instead,
the renamed ConnStateData::flags.readMore indicates whether client_side.cc
should call comm_read. The mayUseConnection() methods are now used to indicate
whether the next client-sent byte (buffered or read) should be reserved for
the current request rather than being interpreted as the beginning of the next
request.

Usually,
                      flags.readMore mayUseConnection
    regular requests: true false
requests with bodies: true true
              errors: false false
             tunnels: false true

Author: Alex Rousskov
Revision Date: 2011-04-05 20:57:18 UTC

Merged from parent (trunk r11345, circa 3.2.0.6+).

Author: Alex Rousskov
Revision Date: 2010-09-01 05:07:21 UTC

SMP Cache Manager, Phase2. Initial implementation.

Cache Manager actions are forwarded to Coordinator. Coordinator iterates over
Kids, aggregating their stats if possible and/or allowing them to dump
non-aggregatable output if needed.

Old code computed and dumped stats to Store at the same time. To avoid
computing code duplication, we now collect stats in primitive Stats objects
and then either dump those to Store or send them to Coordinator for
aggregation and, eventually, dumping to Store. This is orchestrated by
action-specific *Action classes that Cache Manager creates on-demand using
ActionCreator.

Needs post-merge polishing in a bootstrap-capable environment.