diff -u -r -N squid-3.2.8/ChangeLog squid-3.2.9/ChangeLog --- squid-3.2.8/ChangeLog 2013-03-02 14:46:03.000000000 +1300 +++ squid-3.2.9/ChangeLog 2013-03-12 23:15:58.000000000 +1300 @@ -1,3 +1,10 @@ +Changes to squid-3.2.9 (12 Mar 2013): + + - Regression fix: Accept-Language header parse + - Bug 3673: Silence 'Failed to select source' messages + - Fix authentication headers sent on peer digest requests + - Fix build error on Solaris, OpenIndiana, Omnios + Changes to squid-3.2.8 (02 Mar 2013): - Bug 3767: tcp_outgoing_tos/mark ACLs do not obey acl_uses_indirect_client diff -u -r -N squid-3.2.8/configure squid-3.2.9/configure --- squid-3.2.8/configure 2013-03-02 14:47:21.000000000 +1300 +++ squid-3.2.9/configure 2013-03-12 23:17:19.000000000 +1300 @@ -1,7 +1,7 @@ #! /bin/sh # From configure.ac Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.2.8. +# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.2.9. # # Report bugs to . # @@ -575,8 +575,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='3.2.8' -PACKAGE_STRING='Squid Web Proxy 3.2.8' +PACKAGE_VERSION='3.2.9' +PACKAGE_STRING='Squid Web Proxy 3.2.9' PACKAGE_BUGREPORT='http://bugs.squid-cache.org/' PACKAGE_URL='' @@ -1571,7 +1571,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 3.2.8 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 3.2.9 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1641,7 +1641,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 3.2.8:";; + short | recursive ) echo "Configuration of Squid Web Proxy 3.2.9:";; esac cat <<\_ACEOF @@ -2019,7 +2019,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 3.2.8 +Squid Web Proxy configure 3.2.9 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -3115,7 +3115,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 3.2.8, which was +It was created by Squid Web Proxy $as_me 3.2.9, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -3934,7 +3934,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='3.2.8' + VERSION='3.2.9' cat >>confdefs.h <<_ACEOF @@ -30894,7 +30894,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 3.2.8, which was +This file was extended by Squid Web Proxy $as_me 3.2.9, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -30960,7 +30960,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Squid Web Proxy config.status 3.2.8 +Squid Web Proxy config.status 3.2.9 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff -u -r -N squid-3.2.8/configure.ac squid-3.2.9/configure.ac --- squid-3.2.8/configure.ac 2013-03-02 14:47:21.000000000 +1300 +++ squid-3.2.9/configure.ac 2013-03-12 23:17:18.000000000 +1300 @@ -1,4 +1,4 @@ -AC_INIT([Squid Web Proxy],[3.2.8],[http://bugs.squid-cache.org/],[squid]) +AC_INIT([Squid Web Proxy],[3.2.9],[http://bugs.squid-cache.org/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) diff -u -r -N squid-3.2.8/helpers/basic_auth/DB/basic_db_auth.8 squid-3.2.9/helpers/basic_auth/DB/basic_db_auth.8 --- squid-3.2.8/helpers/basic_auth/DB/basic_db_auth.8 2013-03-02 15:07:58.000000000 +1300 +++ squid-3.2.9/helpers/basic_auth/DB/basic_db_auth.8 2013-03-12 23:46:22.000000000 +1300 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_DB_AUTH 1" -.TH BASIC_DB_AUTH 1 "2013-03-01" "perl v5.10.1" "User Contributed Perl Documentation" +.TH BASIC_DB_AUTH 1 "2013-03-12" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.2.8/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 squid-3.2.9/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 --- squid-3.2.8/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2013-03-02 15:08:02.000000000 +1300 +++ squid-3.2.9/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2013-03-12 23:46:35.000000000 +1300 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EXT_WBINFO_GROUP_ACL.PL.IN 1" -.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-03-01" "perl v5.10.1" "User Contributed Perl Documentation" +.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-03-12" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.2.8/include/version.h squid-3.2.9/include/version.h --- squid-3.2.8/include/version.h 2013-03-02 14:47:21.000000000 +1300 +++ squid-3.2.9/include/version.h 2013-03-12 23:17:19.000000000 +1300 @@ -9,7 +9,7 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1362188760 +#define SQUID_RELEASE_TIME 1363083354 #endif #ifndef APP_SHORTNAME diff -u -r -N squid-3.2.8/RELEASENOTES.html squid-3.2.9/RELEASENOTES.html --- squid-3.2.8/RELEASENOTES.html 2013-03-02 15:08:19.000000000 +1300 +++ squid-3.2.9/RELEASENOTES.html 2013-03-12 23:47:23.000000000 +1300 @@ -2,10 +2,10 @@ - Squid 3.2.7 release notes + Squid 3.2.9 release notes -

Squid 3.2.7 release notes

+

Squid 3.2.9 release notes

Squid Developers

@@ -72,12 +72,14 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-3.2.7 for -testing.

+

The Squid Team are pleased to announce the release of Squid-3.2.9.

This new release is available for download from -http://www.squid-cache.org/Versions/v3/3.2/ or the +http://www.squid-cache.org/Versions/v3/3.2/ or the mirrors.

-

While this release is not deemed ready for production use, we believe it is ready for wider testing by the community.

+ +

A large number of the show-stopper bugs have been fixed along with general improvements to the IPv6 support. +While this release is not fully bug-free we believe it is ready for use in production on many systems.

+

We welcome feedback and bug reports. If you find a bug, please see http://wiki.squid-cache.org/SquidFaq/BugReporting for how to submit a report with a stack trace.

@@ -86,7 +88,7 @@

Although this release is deemed good enough for use in many setups, please note the existence of -open bugs against Squid-3.2.

+open bugs against Squid-3.2.

Some issues to note as currently known in this release which are not able to be fixed in the 3.2 series are:

@@ -160,7 +162,7 @@ DNS lookups to locate alternative DIRECT destinations will not be done.

Known Issue: When non-strict validation fails Squid will relay the request, but can only do -so safely to the orginal destination IP the client was contacting. The client original +so safely to the original destination IP the client was contacting. The client original destination IP is lost when relaying to peers in a hierarchy. This means the upstream peers are still at risk of causing same-origin bypass CVE-2009-0801 vulnerability. Developer time is required to implement safe transit of these requests. @@ -253,7 +255,7 @@ path and parameters as its own command parameters. The concurrency setting already existing in Squid is used to configure how many child helpers it may run.

-

For example, a traditional configration is +

For example, a traditional configuration is 

         url_rewrite_program /your/redirector.sh
         url_rewrite_children 5
@@ -289,10 +291,10 @@
 
The on-demand helpers feature allows greater flexibility and resolves this problem by allowing
 maximum, initial and idle thresholds to be configured. Squid will start the initial set during
 start and reconfigure phases. However over the operational use new helpers up to the maxium will
-be started as load demands. The idle threshold determins how many more helpers to start if the
+be started as load demands. The idle threshold determines how many more helpers to start if the
 currently running set is not enough to handle current request loads.

 
-
For example, a traditional configration is
+
For example, a traditional configuration is
 
         auth_param ntlm /usr/libexec/squid/ntlm_auth
         auth_param ntlm children 200
@@ -357,7 +359,7 @@
 

 
    
 
  • mswin_check_ad_group - ext_ad_group_acl - Check logged in users Group membership using Active Directory.
    • 
-
  • ip_user_check - ext_file_userip_acl - Restrict users to cetain IP addresses, using a text file backend.
    • 
+
  • ip_user_check - ext_file_userip_acl - Restrict users to certain IP addresses, using a text file backend.
    • 
 
  • squid_kerb_ldap - ext_kerberos_ldap_group_acl - Check logged in Kerberos or NTLM users Group membership using LDAP.
    • 
 
  • squid_ldap_group - ext_ldap_group_acl - Check logged in users Group membership using LDAP.
    • 
 
  • mswin_check_lm_group - ext_lm_group_acl - Check logged in users Group membership using LanManager.
    • 
@@ -416,8 +418,8 @@
 
 
    Automatic detection and use of the pthreads library available from Solaris 10
    
 
-
    The result of this addition means that faster more efficient AUFS cache storage mechanisims
-are now available in Solaris 10.
    
+
    The result of this addition means that faster more efficient AUFS cache storage mechanism
+is now available in Solaris 10.
    
 
 
    Support is experimental at this stage due to lack of feedback on the results of enabling it.
 We recommend giving AUFS a try for faster disk storage and encourage feedback.
    
@@ -431,14 +433,14 @@
 feature support in Squid. This release opens Surrogate support to all reverse proxies.
    
 
 
    Reverse proxy requests sent on to the web server include the HTTP header Surrogate-Capabilities:
-specifying the capabilities of the reverse proxy along with an ID which can be used to target reponses with
+specifying the capabilities of the reverse proxy along with an ID which can be used to target responses with
 a Surrogate-Control: HTTP header used instead of the Cache-Control: header.
    
 
 
    The default surrogate ID is generated automatically from the Squid site-unique hostname as found by the
 automatic detection or manual configuration of visible_hostname although can be configured
 separately with the httpd_accel_surrogate_id option.
    
 
-
    Security Considerations: Websites sould be careful of accepting any surrogate ID.
+
    Security Considerations: Websites should be careful of accepting any surrogate ID.
 Older releases of Squid leak the Surrogate-Control headers to external servers.
 This 3.2 series of Squid will now prevent this leakage of its own ID destined responses, however it is possible
 and for some uses desirable to receive external reverse-proxies Surrogate-Capabilities: headers.
    
@@ -553,7 +555,7 @@
 
      
 
    • should contain a complete HTML page, with optional client-side scripting.
      • 
 
    • must not contain server-side scripting. 
      • 
-
    • will have macro substitution performed on it using the same macros as used by the error page tempates.
      • 
+
    • will have macro substitution performed on it using the same macros as used by the error page templates.
      • 
 
    
 
    
 
@@ -588,32 +590,32 @@
 headers or eCAP options to Squid ICAP requests or eCAP transactions.
    
 
 
    adaptation_send_client_ip
    
-
    Same as depricated icap_send_client_ip
+
    Same as deprecated icap_send_client_ip
 but applies to both ICAP and eCAP.
    
 
 
    adaptation_send_username
    
-
    Same as depricated icap_send_client_username
+
    Same as deprecated icap_send_client_username
 but applies to both ICAP and eCAP.
    
 
 
    adaptation_uses_indirect_client
    
-
    Same as depricated icap_uses_indirect_client
+
    Same as deprecated icap_uses_indirect_client
 but applies to both ICAP and eCAP.
    
 
 
    client_delay_pools
    
-
    New setting for client bandwith limits to specifies the number 
+
    New setting for client bandwidth limits to specifies the number 
 of client delay pools used.
    
 
 
    client_delay_initial_bucket_level
    
-
    New setting for client bandwith limits to determine the initial 
+
    New setting for client bandwidth limits to determine the initial 
 bucket size as a percentage of  max_bucket_size from 
 client_delay_parameters.
    
 
 
    client_delay_parameters
    
-
    New setting for client bandwith limits to configures client-side 
+
    New setting for client bandwidth limits to configures client-side 
 bandwidth limits.
    
 
 
    client_delay_access
    
-
    New setting for client bandwith limits to determines the 
+
    New setting for client bandwidth limits to determines the 
 client-side delay pool for the request.
    
 
 
    client_dst_passthru
    
@@ -727,17 +729,12 @@
 New installs, or installs with no logs configured explicitly will use this module by default.
    
 
    New tcp module to send each log line as text data to a TCP receiver.
    
 
    New udp module to send each log line as text data to a UDP receiver.
    
-
    New format referrer to log with the format prevously used by referer_log directive.
    
-
    New format useragent to log with the format prevously used by useragent_log directive.
    
+
    New format referrer to log with the format previously used by referer_log directive.
    
+
    New format useragent to log with the format previously used by useragent_log directive.
    
 
-
    acl : random, localip, localport
    
+
    acl : random, urllogin
    
 
    New type random. Pseudo-randomly match requests based on a configured probability.
    
-
    Renamed myip to localip. It matches the IP which the client connected to.
    
-
    Renamed myport to localport. It matches the port which the client connected to.
    
 
    Ported urllogin option from Squid 2.7, to match a regex pattern on the URL login field (if any).
    
-
    The localip/localport differ from earlier releases where they matched a mix of
-of an invalid IP and port 0, the client destination IP/port or the Squid listening IP/port.
-This definition is now consistent across all modes of traffic received by Squid.
    
 
    The manager ACL requires adjustment to cover new cache manager access. So it has now been
 built-in as a predefined ACL name matching URLs equivalent to the following regular expression:
 
    @@ -749,7 +746,7 @@
 
 
    auth_param
    
 
    New options for Basic, Digest, NTLM, Negotiate children settings.
-startup=N determins minimum number of helper processes used.
+startup=N determines minimum number of helper processes used.
 idle=N determines how many helper to retain as buffer against sudden traffic loads.
 concurrency=N previously called auth_param ... concurrency as a separate option.
    
 
    Removed Basic, Digest, NTLM, Negotiate auth_param ... concurrency setting option.
    
@@ -783,8 +780,8 @@
 
    %SRCEUI64 EUI-64 of clients with SLAAC address.
    
 
    %EXT_LOG log= message returned by previous external ACL calls. An updated version may be returned.
    
 
    %EXT_TAG tag= value returned by previous external ACL calls. Tag may not be altered once set.
    
-
    children-max=N determins maximum number of helper processes used.
    
-
    children-startup=N determins minimum number of helper processes used.
    
+
    children-max=N determines maximum number of helper processes used.
    
+
    children-startup=N determines minimum number of helper processes used.
    
 
    children-idle=N determines how many helper to retain as buffer against sudden traffic loads.
    
 
    Deprecated children=N in favor of children-max=N.
    
 
@@ -1024,16 +1021,16 @@
 
    Replaced by --enable-eui
    
 
 
    --enable-auth-basic-helpers
    
-
    replaced by --enable-auth-basic.
    
+
    Replaced by --enable-auth-basic.
    
 
 
    --enable-auth-digest-helpers
    
-
    replaced by --enable-auth-digest.
    
+
    Replaced by --enable-auth-digest.
    
 
 
    --enable-auth-negotiate-helpers
    
-
    replaced by --enable-auth-negotiate.
    
+
    Replaced by --enable-auth-negotiate.
    
 
 
    --enable-auth-ntlm-helpers
    
-
    replaced by --enable-auth-ntlm.
    
+
    Replaced by --enable-auth-ntlm.
    
 
 
    --enable-referer-log
    
 
    Obsolete.
    
@@ -1066,7 +1063,7 @@
 An external_acl_type helper may be used to bypass authentication if that is suitable.
    
 
 
    cache_peer
    
-
    http11 Obsolete.
    
+
    Option http11 obsolete.
    
 
 
    external_acl_type
    
 
    Format tag %{Header} replaced by %>{Header}
    
@@ -1076,9 +1073,9 @@
 
    Replaced by request_header_access and reply_header_access
    
 
 
    http_port
    
-
    no-connection-auth replaced by connection-auth=[on|off]. Default is ON.
    
-
    transparent option replaced by intercept
    
-
    http11 obsolete.
    
+
    Option no-connection-auth replaced by connection-auth=[on|off]. Default is ON.
    
+
    Option transparent option replaced by intercept
    
+
    Option http11 obsolete.
    
 
 
    http_access2
    
 
    Replaced by adapted_http_access
    
@@ -1095,6 +1092,12 @@
 
    server_http11
    
 
    Obsolete.
    
 
+
    update_headers
    
+
    Obsolete. The experimental actions enabled in 2.7 by this option have been integrated as default
+actions for the rock storage type and memory caches.
+The configuration option is no longer necessary and has been dropped.
+NOTE: It is not yet supported by ufs, aufs, or diskd storage.
    
+
 
    upgrade_http0.9
    
 
    Obsolete.
    
 
@@ -1275,9 +1278,6 @@
 
    storeurl_rewrite_program
    
 
    Not yet ported from 2.7
    
 
-
    update_headers
    
-
    Not yet fully ported from 2.7. Memory and rock storage caches support this natively. UFS caches do not support it.
    
-
 
 
    
 
diff -u -r -N squid-3.2.8/src/comm/ModDevPoll.cc squid-3.2.9/src/comm/ModDevPoll.cc
--- squid-3.2.8/src/comm/ModDevPoll.cc	2013-03-02 14:46:03.000000000 +1300
+++ squid-3.2.9/src/comm/ModDevPoll.cc	2013-03-12 23:15:58.000000000 +1300
@@ -67,10 +67,13 @@
 /* Solaris /dev/poll support, see "man -s 7D poll" */
 #include 
 #endif
+#if HAVE_LIMITS_H
+#include 
+#endif
 
 #define DEBUG_DEVPOLL 0
 
-/* OPEN_MAX is defined in , presumably included by sys/devpoll.h */
+// OPEN_MAX is defined in 
 #define	DEVPOLL_UPDATESIZE	OPEN_MAX
 #define	DEVPOLL_QUERYSIZE	OPEN_MAX
 
diff -u -r -N squid-3.2.8/src/errorpage.cc squid-3.2.9/src/errorpage.cc
--- squid-3.2.8/src/errorpage.cc	2013-03-02 14:46:03.000000000 +1300
+++ squid-3.2.9/src/errorpage.cc	2013-03-12 23:15:58.000000000 +1300
@@ -376,17 +376,9 @@
     while (pos < hdr.size()) {
         char *dt = lang;
 
-        if (!pos) {
-            /* skip any initial whitespace. */
-            while (pos < hdr.size() && xisspace(hdr[pos]))
-                ++pos;
-        } else {
-            // IFF we terminated the tag on whitespace or ';' we need to skip to the next ',' or end of header.
-            while (pos < hdr.size() && hdr[pos] != ',')
-                ++pos;
-            if (hdr[pos] == ',')
-                ++pos;
-        }
+        /* skip any initial whitespace. */
+        while (pos < hdr.size() && xisspace(hdr[pos]))
+            ++pos;
 
         /*
          * Header value format:
@@ -417,6 +409,13 @@
         *dt = '\0'; // nul-terminated the filename content string before system use.
         ++dt;
 
+        // if we terminated the tag on garbage or ';' we need to skip to the next ',' or end of header.
+        while (pos < hdr.size() && hdr[pos] != ',')
+            ++pos;
+
+        if (pos < hdr.size() && hdr[pos] == ',')
+            ++pos;
+
         debugs(4, 9, HERE << "STATE: dt='" << dt << "', lang='" << lang << "', pos=" << pos << ", buf='" << ((pos < hdr.size()) ? hdr.substr(pos,hdr.size()) : "") << "'");
 
         /* if we found anything we might use, try it. */
diff -u -r -N squid-3.2.8/src/errorpage.h squid-3.2.9/src/errorpage.h
--- squid-3.2.8/src/errorpage.h	2013-03-02 14:46:03.000000000 +1300
+++ squid-3.2.9/src/errorpage.h	2013-03-12 23:15:58.000000000 +1300
@@ -307,11 +307,16 @@
 /**
  * Parses the Accept-Language header value and return one language item on
  * each call.
+ * Will ignore any whitespace, q-values, and detectably invalid language
+ * codes in the header.
+ *
  * \param hdr is the Accept-Language header value
- * \param lang a buffer given by the user to store parsed language
+ * \param lang a buffer to store parsed language code in
  * \param langlen the length of the lang buffer
- * \param pos it is used to store the state of parsing. Must be "0" on first call
- * \return true on success, false otherwise
+ * \param pos is used to store the offset state of parsing. Must be "0" on first call.
+ *            Will be altered to point at the start of next field-value.
+ * \return true if something looking like a language token has been placed in lang, false otherwise
  */
 bool strHdrAcptLangGetItem(const String &hdr, char *lang, int langLen, size_t &pos);
+
 #endif /* SQUID_ERRORPAGE_H */
diff -u -r -N squid-3.2.8/src/peer_digest.cc squid-3.2.9/src/peer_digest.cc
--- squid-3.2.8/src/peer_digest.cc	2013-03-02 14:46:03.000000000 +1300
+++ squid-3.2.9/src/peer_digest.cc	2013-03-12 23:15:58.000000000 +1300
@@ -343,9 +343,14 @@
 
     req->header.putStr(HDR_ACCEPT, "text/html");
 
-    if (p->login)
+    if (p->login &&
+            p->login[0] != '*' &&
+            strcmp(p->login, "PASS") != 0 &&
+            strcmp(p->login, "PASSTHRU") != 0 &&
+            strcmp(p->login, "NEGOTIATE") != 0 &&
+            strcmp(p->login, "PROXYPASS") != 0) {
         xstrncpy(req->login, p->login, MAX_LOGIN_SZ);
-
+    }
     /* create fetch state structure */
     CBDATA_INIT_TYPE(DigestFetchState);
 
diff -u -r -N squid-3.2.8/src/peer_select.cc squid-3.2.9/src/peer_select.cc
--- squid-3.2.8/src/peer_select.cc	2013-03-02 14:46:03.000000000 +1300
+++ squid-3.2.9/src/peer_select.cc	2013-03-12 23:15:58.000000000 +1300
@@ -48,6 +48,7 @@
 #include "icmp/net_db.h"
 #include "ipcache.h"
 #include "ip/tools.h"
+#include "URL.h"
 
 static struct {
     int timeouts;
@@ -289,15 +290,10 @@
     PSC *callback = psstate->callback;
     psstate->callback = NULL;
 
-    if (psstate->paths->size() < 1) {
-        debugs(44, DBG_IMPORTANT, "Failed to select source for '" << psstate->entry->url() << "'");
-        debugs(44, DBG_IMPORTANT, "  always_direct = " << psstate->always_direct);
-        debugs(44, DBG_IMPORTANT, "   never_direct = " << psstate->never_direct);
-        debugs(44, DBG_IMPORTANT, "       timedout = " << psstate->ping.timedout);
-    } else {
-        debugs(44, 2, "Found sources for '" << psstate->entry->url() << "'");
-        debugs(44, 2, "  always_direct = " << psstate->always_direct);
-        debugs(44, 2, "   never_direct = " << psstate->never_direct);
+    debugs(44, 2, (psstate->paths->size()<1?"Failed to select source":"Found sources") << " for '" << psstate->url() << "'");
+    debugs(44, 2, "  always_direct = " << psstate->always_direct);
+    debugs(44, 2, "   never_direct = " << psstate->never_direct);
+    if (psstate->paths) {
         for (size_t i = 0; i < psstate->paths->size(); ++i) {
             if ((*psstate->paths)[i]->peerType == HIER_DIRECT)
                 debugs(44, 2, "         DIRECT = " << (*psstate->paths)[i]);
@@ -308,8 +304,8 @@
             else
                 debugs(44, 2, "     cache_peer = " << (*psstate->paths)[i]);
         }
-        debugs(44, 2, "       timedout = " << psstate->ping.timedout);
     }
+    debugs(44, 2, "       timedout = " << psstate->ping.timedout);
 
     psstate->ping.stop = current_time;
     psstate->request->hier.ping = psstate->ping;
@@ -977,6 +973,18 @@
     ; // no local defaults.
 }
 
+const char *
+ps_state::url() const
+{
+    if (entry)
+        return entry->url();
+
+    if (request)
+        return urlCanonical(request);
+
+    return "[no URL]";
+}
+
 ping_data::ping_data() :
         n_sent(0),
         n_recv(0),
diff -u -r -N squid-3.2.8/src/PeerSelectState.h squid-3.2.9/src/PeerSelectState.h
--- squid-3.2.8/src/PeerSelectState.h	2013-03-02 14:46:03.000000000 +1300
+++ squid-3.2.9/src/PeerSelectState.h	2013-03-12 23:15:58.000000000 +1300
@@ -73,6 +73,11 @@
 public:
     void *operator new(size_t);
     ps_state();
+
+    // Produce a URL for display identifying the transaction we are
+    // trying to locate a peer for.
+    const char * url() const;
+
     HttpRequest *request;
     StoreEntry *entry;
     allow_t always_direct;
diff -u -r -N squid-3.2.8/src/store_dir.cc squid-3.2.9/src/store_dir.cc
--- squid-3.2.8/src/store_dir.cc	2013-03-02 14:46:03.000000000 +1300
+++ squid-3.2.9/src/store_dir.cc	2013-03-12 23:15:58.000000000 +1300
@@ -52,6 +52,9 @@
 #if HAVE_SYS_PARAM_H
 #include 
 #endif
+#if HAVE_LIMITS_H
+#include 
+#endif
 #if HAVE_SYS_MOUNT_H
 #include 
 #endif