webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-21 00:12:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/next'

Browse Source
This commit is contained in:
Arne Fitzenreiter
2017-09-23 10:38:18 +02:00
parent fe6f676b35 6ec860b8d2
commit 3aa4579f8f
92 changed files with 1895 additions and 2805 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
config/httpd/httpd.conf
View File

@@ -65,7 +65,6 @@ Include /etc/httpd/conf/global.conf
# associate MIME types with filename extensions
TypesConfig /etc/mime.types
DefaultType text/plain
# global (server-wide) SSL configuration, that is not specific to
# any virtual host
@@ -80,8 +79,7 @@ Include /etc/httpd/conf/ssl-global.conf
AccessFileName .htaccess
# and never show them
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Require all denied
</Files>
# List of resources to look for when the client requests a directory

10
config/httpd/loadmodule.conf
View File

@@ -1,8 +1,11 @@
LoadModule authn_file_module /usr/lib/apache/mod_authn_file.so
LoadModule unixd_module /usr/lib/apache/mod_unixd.so
#LoadModule authn_dbm_module /usr/lib/apache/mod_authn_dbm.so
#LoadModule authn_anon_module /usr/lib/apache/mod_authn_anon.so
#LoadModule authn_dbd_module /usr/lib/apache/mod_authn_dbd.so
#LoadModule authn_default_module /usr/lib/apache/mod_authn_default.so
LoadModule authn_core_module /usr/lib/apache/mod_authn_core.so
LoadModule authz_core_module /usr/lib/apache/mod_authz_core.so
LoadModule authz_host_module /usr/lib/apache/mod_authz_host.so
#LoadModule authz_groupfile_module /usr/lib/apache/mod_authz_groupfile.so
LoadModule authz_user_module /usr/lib/apache/mod_authz_user.so
@@ -10,7 +13,7 @@ LoadModule authz_user_module /usr/lib/apache/mod_authz_user.so
#LoadModule authz_owner_module /usr/lib/apache/mod_authz_owner.so
#LoadModule authz_default_module /usr/lib/apache/mod_authz_default.so
LoadModule auth_basic_module /usr/lib/apache/mod_auth_basic.so
LoadModule auth_digest_module /usr/lib/apache/mod_auth_digest.so
#LoadModule auth_digest_module /usr/lib/apache/mod_auth_digest.so
#LoadModule dbd_module /usr/lib/apache/mod_dbd.so
#LoadModule dumpio_module /usr/lib/apache/mod_dumpio.so
#LoadModule ext_filter_module /usr/lib/apache/mod_ext_filter.so
@@ -33,10 +36,10 @@ LoadModule setenvif_module /usr/lib/apache/mod_setenvif.so
LoadModule mime_module /usr/lib/apache/mod_mime.so
#LoadModule dav_module /usr/lib/apache/mod_dav.so
#LoadModule status_module /usr/lib/apache/mod_status.so
LoadModule autoindex_module /usr/lib/apache/mod_autoindex.so
#LoadModule autoindex_module /usr/lib/apache/mod_autoindex.so
#LoadModule asis_module /usr/lib/apache/mod_asis.so
#LoadModule info_module /usr/lib/apache/mod_info.so
LoadModule cgi_module /usr/lib/apache/mod_cgi.so
LoadModule cgid_module /usr/lib/apache/mod_cgid.so
#LoadModule dav_fs_module /usr/lib/apache/mod_dav_fs.so
#LoadModule vhost_alias_module /usr/lib/apache/mod_vhost_alias.so
#LoadModule negotiation_module /usr/lib/apache/mod_negotiation.so
@@ -47,5 +50,6 @@ LoadModule dir_module /usr/lib/apache/mod_dir.so
#LoadModule userdir_module /usr/lib/apache/mod_userdir.so
LoadModule alias_module /usr/lib/apache/mod_alias.so
LoadModule rewrite_module /usr/lib/apache/mod_rewrite.so
LoadModule socache_shmcb_module /usr/lib/apache/mod_socache_shmcb.so
LoadModule ssl_module /usr/lib/apache/mod_ssl.so
LoadModule php5_module /usr/lib/apache/libphp5.so

7
config/httpd/server-tuning.conf
View File

@@ -17,10 +17,11 @@ MaxKeepAliveRequests 100
#
KeepAliveTimeout 15
MinSpareServers 1
MaxSpareServers 10
MinSpareThreads 1
MaxSpareThreads 20
StartServers 2
MaxClients 256
MaxRequestWorkers 256
ThreadsPerChild 16
#
# The following directives modify normal HTTP response behavior to

5
config/httpd/ssl-global.conf
View File

@@ -39,11 +39,6 @@
SSLSessionCache shmcb:/var/log/httpd/ssl_scache(512000)
SSLSessionCacheTimeout 900
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
SSLMutex file:/var/log/httpd/ssl_mutex
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.

21
config/httpd/vhosts.d/ipfire-interface-ssl.conf
View File

@@ -17,8 +17,7 @@
<Directory /srv/web/ipfire/html>
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
Require all granted
</Directory>
<DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">
AuthName "IPFire - Restricted"
@@ -34,17 +33,11 @@
AuthType Basic
AuthUserFile /var/ipfire/auth/users
Require user admin
<Files chpasswd.cgi>
Satisfy Any
Allow from All
<Files chpasswd.cgi>
Require all granted
</Files>
<Files webaccess.cgi>
Satisfy Any
Allow from All
</Files>
<Files credits.cgi>
Satisfy Any
Allow from All
Require all granted
</Files>
<Files dial.cgi>
Require user admin
@@ -75,16 +68,14 @@
<Directory /var/updatecache>
Options ExecCGI
AllowOverride None
Order deny,allow
Allow from all
Require all granted
</Directory>
Alias /repository/ /var/urlrepo/
<Directory /var/urlrepo>
Options ExecCGI
AllowOverride None
Order deny,allow
Allow from all
Require all granted
</Directory>
Alias /proxy-reports/ /var/log/sarg/

19
config/httpd/vhosts.d/ipfire-interface.conf
View File

@@ -9,8 +9,7 @@
<Directory /srv/web/ipfire/html>
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
Require all granted
</Directory>
<DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">
AuthName "IPFire - Restricted"
@@ -27,16 +26,10 @@
AuthUserFile /var/ipfire/auth/users
Require user admin
<Files chpasswd.cgi>
Satisfy Any
Allow from All
Require all granted
</Files>
<Files webaccess.cgi>
Satisfy Any
Allow from All
</Files>
<Files credits.cgi>
Satisfy Any
Allow from All
Require all granted
</Files>
<Files dial.cgi>
Require user admin
@@ -54,15 +47,13 @@
<Directory /var/updatecache>
Options ExecCGI
AllowOverride None
Order deny,allow
Allow from all
Require all granted
</Directory>
Alias /repository/ /var/urlrepo/
<Directory /var/urlrepo>
Options ExecCGI
AllowOverride None
Order deny,allow
Allow from all
Require all granted
</Directory>
Alias /wpad.dat /srv/web/ipfire/html/proxy.pac
</VirtualHost>

14
config/httpd/vhosts.d/nagios.conf
View File

@@ -16,11 +16,8 @@ ScriptAlias /nagios/cgi-bin "/usr/share/nagios/cgi-bin"
# SSLRequireSSL
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
# Require all granted
# Require ip 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/htpasswd.users
@@ -33,11 +30,8 @@ Alias /nagios "/usr/share/nagios"
# SSLRequireSSL
Options None
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
# Require all granted
# Require ip 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/htpasswd.users

3
config/httpd/vhosts.d/openmailadmin.conf
View File

@@ -9,8 +9,7 @@ Listen 1001
<Directory /srv/web/openmailadmin>
Options +FollowSymlinks
AllowOverride None
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>

6
config/icinga/icinga.conf
View File

@@ -15,9 +15,6 @@ Listen 1010
AuthType Basic
AuthUserFile /etc/icinga/htpasswd.users
Order allow,deny
Allow from all
Require valid-user
</Directory>
@@ -29,9 +26,6 @@ Listen 1010
AuthType Basic
AuthUserFile /etc/icinga/htpasswd.users
Order allow,deny
Allow from all
Require valid-user
</Directory>
</VirtualHost>

17
config/nagiosql/nagios.conf
View File

@@ -16,11 +16,8 @@ ScriptAlias /nagios/cgi-bin "/usr/share/nagios/cgi-bin"
# SSLRequireSSL
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
# Require all granted
# Require ip 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/htpasswd.users
@@ -33,11 +30,8 @@ Alias /nagios "/usr/share/nagios"
# SSLRequireSSL
Options None
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
# Require all granted
# Require ip 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/htpasswd.users
@@ -50,8 +44,7 @@ Alias /nagiosql "/usr/share/nagiosql"
include /etc/httpd/conf/conf.d/php*.conf
Options None
AllowOverride None
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>

3
config/owncloud/owncloud.conf
View File

@@ -15,7 +15,6 @@ Listen 1011
<Directory /srv/web/owncloud>
Options Indexes FollowSymlinks MultiViews
AllowOverride ALL
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>

2
config/php/php.ini
View File

@@ -533,7 +533,7 @@ doc_root =
user_dir =
; Directory in which the loadable extensions (modules) reside.
extension_dir = "/usr/lib/php/extensions/no-debug-non-zts-20090626/"
extension_dir = "/usr/lib/php/extensions/no-debug-zts-20090626/"
; Whether or not to enable the dl() function. The dl() function does NOT work
; properly in multithreaded servers, such as IIS or Zeus, and is automatically

3
config/phpSANE/phpSANE.conf
View File

@@ -9,8 +9,7 @@ Listen 1003
<Directory /srv/web/phpSANE>
Options None
AllowOverride None
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>

601
config/rootfiles/common/apache2
View File

File diff suppressed because it is too large Load Diff

57
config/rootfiles/common/apr Normal file
View File

@@ -0,0 +1,57 @@
usr/bin/apr-1-config
#usr/include/apr-1
#usr/include/apr-1/apr.h
#usr/include/apr-1/apr_allocator.h
#usr/include/apr-1/apr_atomic.h
#usr/include/apr-1/apr_cstr.h
#usr/include/apr-1/apr_dso.h
#usr/include/apr-1/apr_env.h
#usr/include/apr-1/apr_errno.h
#usr/include/apr-1/apr_escape.h
#usr/include/apr-1/apr_file_info.h
#usr/include/apr-1/apr_file_io.h
#usr/include/apr-1/apr_fnmatch.h
#usr/include/apr-1/apr_general.h
#usr/include/apr-1/apr_getopt.h
#usr/include/apr-1/apr_global_mutex.h
#usr/include/apr-1/apr_hash.h
#usr/include/apr-1/apr_inherit.h
#usr/include/apr-1/apr_lib.h
#usr/include/apr-1/apr_mmap.h
#usr/include/apr-1/apr_network_io.h
#usr/include/apr-1/apr_perms_set.h
#usr/include/apr-1/apr_poll.h
#usr/include/apr-1/apr_pools.h
#usr/include/apr-1/apr_portable.h
#usr/include/apr-1/apr_proc_mutex.h
#usr/include/apr-1/apr_random.h
#usr/include/apr-1/apr_ring.h
#usr/include/apr-1/apr_shm.h
#usr/include/apr-1/apr_signal.h
#usr/include/apr-1/apr_skiplist.h
#usr/include/apr-1/apr_strings.h
#usr/include/apr-1/apr_support.h
#usr/include/apr-1/apr_tables.h
#usr/include/apr-1/apr_thread_cond.h
#usr/include/apr-1/apr_thread_mutex.h
#usr/include/apr-1/apr_thread_proc.h
#usr/include/apr-1/apr_thread_rwlock.h
#usr/include/apr-1/apr_time.h
#usr/include/apr-1/apr_user.h
#usr/include/apr-1/apr_version.h
#usr/include/apr-1/apr_want.h
#usr/lib/apr.exp
#usr/lib/libapr-1.la
#usr/lib/libapr-1.so
usr/lib/libapr-1.so.0
usr/lib/libapr-1.so.0.6.2
#usr/lib/pkgconfig/apr-1.pc
#usr/share/apr-1
#usr/share/apr-1/build
#usr/share/apr-1/build/apr_common.m4
#usr/share/apr-1/build/apr_rules.mk
#usr/share/apr-1/build/find_apr.m4
#usr/share/apr-1/build/libtool
#usr/share/apr-1/build/make_exports.awk
#usr/share/apr-1/build/make_var_export.awk
#usr/share/apr-1/build/mkdir.sh

47
config/rootfiles/common/aprutil Normal file
View File

@@ -0,0 +1,47 @@
usr/bin/apu-1-config
#usr/include/apr-1/apr_anylock.h
#usr/include/apr-1/apr_base64.h
#usr/include/apr-1/apr_buckets.h
#usr/include/apr-1/apr_crypto.h
#usr/include/apr-1/apr_date.h
#usr/include/apr-1/apr_dbd.h
#usr/include/apr-1/apr_dbm.h
#usr/include/apr-1/apr_hooks.h
#usr/include/apr-1/apr_ldap.h
#usr/include/apr-1/apr_ldap_init.h
#usr/include/apr-1/apr_ldap_option.h
#usr/include/apr-1/apr_ldap_rebind.h
#usr/include/apr-1/apr_ldap_url.h
#usr/include/apr-1/apr_md4.h
#usr/include/apr-1/apr_md5.h
#usr/include/apr-1/apr_memcache.h
#usr/include/apr-1/apr_optional.h
#usr/include/apr-1/apr_optional_hooks.h
#usr/include/apr-1/apr_queue.h
#usr/include/apr-1/apr_redis.h
#usr/include/apr-1/apr_reslist.h
#usr/include/apr-1/apr_rmm.h
#usr/include/apr-1/apr_sdbm.h
#usr/include/apr-1/apr_sha1.h
#usr/include/apr-1/apr_siphash.h
#usr/include/apr-1/apr_strmatch.h
#usr/include/apr-1/apr_thread_pool.h
#usr/include/apr-1/apr_uri.h
#usr/include/apr-1/apr_uuid.h
#usr/include/apr-1/apr_xlate.h
#usr/include/apr-1/apr_xml.h
#usr/include/apr-1/apu.h
#usr/include/apr-1/apu_errno.h
#usr/include/apr-1/apu_version.h
#usr/include/apr-1/apu_want.h
#usr/include/apr-1/expat.h
#usr/lib/apr-util-1
usr/lib/apr-util-1/apr_crypto_openssl-1.so
#usr/lib/apr-util-1/apr_crypto_openssl.la
usr/lib/apr-util-1/apr_crypto_openssl.so
#usr/lib/aprutil.exp
#usr/lib/libaprutil-1.la
#usr/lib/libaprutil-1.so
usr/lib/libaprutil-1.so.0
usr/lib/libaprutil-1.so.0.6.0
#usr/lib/pkgconfig/apr-util-1.pc

2
config/rootfiles/common/gnutls
View File

@@ -33,7 +33,7 @@ usr/lib/libgnutls-dane.so.0.4.1
#usr/lib/libgnutls.la
#usr/lib/libgnutls.so
usr/lib/libgnutls.so.30
usr/lib/libgnutls.so.30.14.6
usr/lib/libgnutls.so.30.14.7
#usr/lib/libgnutlsxx.la
#usr/lib/libgnutlsxx.so
usr/lib/libgnutlsxx.so.28

7
config/rootfiles/common/php
View File

@@ -522,9 +522,9 @@ usr/lib/php/XML/Util.php
usr/lib/php/doc/XML_Util/examples/example.php
usr/lib/php/doc/XML_Util/examples/example2.php
#usr/lib/php/extensions
#usr/lib/php/extensions/no-debug-non-zts-20090626
usr/lib/php/extensions/no-debug-non-zts-20090626/dba.so
usr/lib/php/extensions/no-debug-non-zts-20090626/idn.so
#usr/lib/php/extensions/no-debug-zts-20090626
usr/lib/php/extensions/no-debug-zts-20090626/dba.so
usr/lib/php/extensions/no-debug-zts-20090626/idn.so
#usr/lib/php/pearcmd.php
#usr/lib/php/peclcmd.php
#usr/lib/php/test
@@ -557,4 +557,3 @@ usr/lib/php/extensions/no-debug-non-zts-20090626/idn.so
#usr/man/man1/php-config.1
#usr/man/man1/php.1
#usr/man/man1/phpize.1
etc/httpd/conf/conf.d/php5.conf

1
config/rootfiles/common/strongswan
View File

@@ -71,6 +71,7 @@ etc/strongswan.d/starter.conf
etc/strongswan.d/swanctl.conf
#etc/swanctl
etc/swanctl/bliss
etc/swanctl/conf.d
etc/swanctl/ecdsa
etc/swanctl/pkcs12
etc/swanctl/pkcs8

2
config/rootfiles/common/unbound
View File

@@ -11,7 +11,7 @@ etc/unbound/unbound.conf
#usr/lib/libunbound.la
#usr/lib/libunbound.so
usr/lib/libunbound.so.2
usr/lib/libunbound.so.2.5.3
usr/lib/libunbound.so.2.5.5
usr/sbin/unbound
usr/sbin/unbound-anchor
usr/sbin/unbound-checkconf

0
config/rootfiles/core/113/exclude → config/rootfiles/core/114/exclude
View File

1
config/rootfiles/core/114/filelists/apache2 Symbolic link
View File

@@ -0,0 +1 @@
../../../common/apache2

1
config/rootfiles/core/114/filelists/apr Symbolic link
View File

@@ -0,0 +1 @@
../../../common/apr

1
config/rootfiles/core/114/filelists/aprutil Symbolic link
View File

@@ -0,0 +1 @@
../../../common/aprutil

4
config/rootfiles/core/114/filelists/files Normal file
View File

@@ -0,0 +1,4 @@
etc/system-release
etc/issue
etc/rc.d/init.d/unbound
var/ipfire/langs

0
config/rootfiles/core/113/filelists/gnutls → config/rootfiles/core/114/filelists/gnutls
View File

1
config/rootfiles/core/114/filelists/hdparm Symbolic link
View File

@@ -0,0 +1 @@
../../../common/hdparm

0
config/rootfiles/core/113/filelists/i586/strongswan-padlock → config/rootfiles/core/114/filelists/i586/strongswan-padlock
View File

0
config/rootfiles/core/113/filelists/squid → config/rootfiles/core/114/filelists/squid
View File

0
config/rootfiles/core/113/filelists/strongswan → config/rootfiles/core/114/filelists/strongswan
View File

0
config/rootfiles/core/113/filelists/unbound → config/rootfiles/core/114/filelists/unbound
View File

0
config/rootfiles/core/113/meta → config/rootfiles/core/114/meta
View File

108
config/rootfiles/core/114/update.sh Normal file
View File

@@ -0,0 +1,108 @@
#!/bin/bash
############################################################################
# #
# This file is part of the IPFire Firewall. #
# #
# IPFire is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 3 of the License, or #
# (at your option) any later version. #
# #
# IPFire is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with IPFire; if not, write to the Free Software #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
# #
# Copyright (C) 2017 IPFire-Team <info@ipfire.org>. #
# #
############################################################################
#
. /opt/pakfire/lib/functions.sh
/usr/local/bin/backupctrl exclude >/dev/null 2>&1
core=114
# Remove old core updates from pakfire cache to save space...
for (( i=1; i<=$core; i++ )); do
rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
done
# Stop services
ipsec stop
/etc/init.d/squid stop
/etc/init.d/unbound stop
/etc/init.d/apache stop
# Remove old apache configuration files of add-ons
# These will be reinstalled by the updated packages
# as soon as the core update is finished.
rm -f \
/etc/httpd/conf/vhosts.d/cacti.conf \
/etc/httpd/conf/vhosts.d/icinga.conf \
/etc/httpd/conf/vhosts.d/nagios.conf \
/etc/httpd/conf/vhosts.d/openmailadmin.conf \
/etc/httpd/conf/vhosts.d/owncloud.conf \
/etc/httpd/conf/vhosts.d/phpSANE.conf
# Extract files
extract_files
# update linker config
ldconfig
# Remove some files
rm -f /usr/sbin/htpasswd
# Update Language cache
/usr/local/bin/update-lang-cache
# Start services
/etc/init.d/unbound start
/etc/init.d/apache start
/etc/init.d/squid start
if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then
ipsec start
fi
#
# After pakfire has ended run it again and update all addons
# this is needed for apache update.
#
echo '#!/bin/bash' > /tmp/pak_update
echo 'while [ "$(ps -A | grep " update.sh")" != "" ]; do' >> /tmp/pak_update
echo ' sleep 1' >> /tmp/pak_update
echo 'done' >> /tmp/pak_update
echo 'while [ "$(ps -A | grep " pakfire")" != "" ]; do' >> /tmp/pak_update
echo ' sleep 1' >> /tmp/pak_update
echo 'done' >> /tmp/pak_update
echo '/opt/pakfire/pakfire update -y --force' >> /tmp/pak_update
echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update
echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update
echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update
echo 'touch /var/run/need_reboot ' >> /tmp/pak_update
#
killall -KILL pak_update
chmod +x /tmp/pak_update
/tmp/pak_update &
# This update need a reboot...
touch /var/run/need_reboot
# Finish
/etc/init.d/fireinfo start
sendprofile
# Update grub config to display new core version
if [ -e /boot/grub/grub.cfg ]; then
grub-mkconfig -o /boot/grub/grub.cfg
fi
sync
# Don't report the exitcode last command
exit 0

30
config/rootfiles/oldcore/113/exclude Normal file
View File

@@ -0,0 +1,30 @@
boot/config.txt
boot/grub/grub.cfg
boot/grub/grubenv
etc/alternatives
etc/collectd.custom
etc/default/grub
etc/ipsec.conf
etc/ipsec.secrets
etc/ipsec.user.conf
etc/ipsec.user.secrets
etc/localtime
etc/shadow
etc/snort/snort.conf
etc/ssh/ssh_config
etc/ssh/sshd_config
etc/ssl/openssl.cnf
etc/sudoers
etc/sysconfig/firewall.local
etc/sysconfig/rc.local
etc/udev/rules.d/30-persistent-network.rules
srv/web/ipfire/html/proxy.pac
var/ipfire/dma
var/ipfire/time
var/ipfire/ovpn
var/lib/alternatives
var/log/cache
var/log/dhcpcd.log
var/log/messages
var/state/dhcp/dhcpd.leases
var/updatecache

0
config/rootfiles/core/113/filelists/armv5tel/util-linux → config/rootfiles/oldcore/113/filelists/armv5tel/util-linux
View File

0
config/rootfiles/core/113/filelists/files → config/rootfiles/oldcore/113/filelists/files
View File

1
config/rootfiles/oldcore/113/filelists/gnutls Symbolic link
View File

@@ -0,0 +1 @@
../../../common/gnutls

0
config/rootfiles/core/113/filelists/grep → config/rootfiles/oldcore/113/filelists/grep
View File

0
config/rootfiles/core/113/filelists/i586/openssl-sse2 → config/rootfiles/oldcore/113/filelists/i586/openssl-sse2
View File

1
config/rootfiles/oldcore/113/filelists/i586/strongswan-padlock Symbolic link
View File

@@ -0,0 +1 @@
../../../../common/i586/strongswan-padlock

0
config/rootfiles/core/113/filelists/i586/util-linux → config/rootfiles/oldcore/113/filelists/i586/util-linux
View File

0
config/rootfiles/core/113/filelists/libgcrypt → config/rootfiles/oldcore/113/filelists/libgcrypt
View File

0
config/rootfiles/core/113/filelists/logrotate → config/rootfiles/oldcore/113/filelists/logrotate
View File

0
config/rootfiles/core/113/filelists/mdadm → config/rootfiles/oldcore/113/filelists/mdadm
View File

0
config/rootfiles/core/113/filelists/openssl → config/rootfiles/oldcore/113/filelists/openssl
View File

0
config/rootfiles/core/113/filelists/openvpn → config/rootfiles/oldcore/113/filelists/openvpn
View File

0
config/rootfiles/core/113/filelists/pcre → config/rootfiles/oldcore/113/filelists/pcre
View File

1
config/rootfiles/oldcore/113/filelists/squid Symbolic link
View File

@@ -0,0 +1 @@
../../../common/squid

1
config/rootfiles/oldcore/113/filelists/strongswan Symbolic link
View File

@@ -0,0 +1 @@
../../../common/strongswan

1
config/rootfiles/oldcore/113/filelists/unbound Symbolic link
View File

@@ -0,0 +1 @@
../../../common/unbound

0
config/rootfiles/core/113/filelists/x86_64/util-linux → config/rootfiles/oldcore/113/filelists/x86_64/util-linux
View File

1
config/rootfiles/oldcore/113/meta Normal file
View File

@@ -0,0 +1 @@
DEPS=""

0
config/rootfiles/core/113/update.sh → config/rootfiles/oldcore/113/update.sh
View File

4
html/cgi-bin/wlanap.cgi
View File

@@ -154,7 +154,7 @@ if ( $wlanapsettings{'ACTION'} eq "$Lang::tr{'save'}" ){
$memory=0;
}
&Header::openpage('', 1, '', '');
&Header::openpage($Lang::tr{'wlanap configuration'}, 1, '', '');
&Header::openbigbox('100%', 'left', '', $errormessage);
if ( $errormessage ){
@@ -323,7 +323,7 @@ if ( $wlan_card_status ne '' ){
print "<tr><td class='base'>$Lang::tr{'wlanap wlan card'} ($wlanapsettings{'DRIVER'})</td>";
print $wlan_card_status eq 'up' ? $status_started : $status_stopped;
print"<td colspan='4'></td></tr>";
print "<tr><td class='base' bgcolor='$color{'color22'}'>$Lang::tr{'wlanap access point'}</td>";
print "<tr><td class='base' bgcolor='$color{'color22'}'>$Lang::tr{'wlanap'}</td>";
print $wlan_ap_status eq 'up' ? $status_started : $status_stopped;
if ( ($memory != 0) && (@pid[0] ne "///") ){
print "<td bgcolor='$color{'color22'}' align='center'>@pid[0]</td>";

265
langs/de/cgi-bin/de.pl
View File

@@ -15,10 +15,10 @@
'ConnSched change profile title' => 'Wechsle zu Profil:',
'ConnSched days' => 'Tage:',
'ConnSched dial' => 'Verbinden',
'ConnSched down' => 'Runter',
'ConnSched down' => 'Herunter',
'ConnSched hangup' => 'Trennen',
'ConnSched ipsecstart' => 'IPsec (neu)starten',
'ConnSched ipsecstop' => 'IPsec stop',
'ConnSched ipsecstop' => 'IPsec stoppen',
'ConnSched reboot' => 'Neustarten',
'ConnSched reconnect' => 'Neu verbinden',
'ConnSched scheduled actions' => 'Geplante Aktionen',
@@ -26,12 +26,12 @@
'ConnSched select profile' => 'Wähle Profil',
'ConnSched shutdown' => 'Herunterfahren',
'ConnSched time' => 'Zeit:',
'ConnSched up' => 'Hoch',
'ConnSched up' => 'Herauf',
'ConnSched weekdays' => 'Wochentage:',
'Edit an existing route' => 'Eine existierende Route editieren',
'Enter TOS' => 'Aktivieren oder deaktivieren Sie die TOS-Bits <br /> und klicken Sie danach auf <i>Speichern</i>.',
'Existing Files' => 'Dateien in der Datenbank',
'HDD temperature' => 'HDD-Temperatur',
'HDD temperature' => 'Festplatten-Temperatur',
'Level7 Protocol' => 'Level7-Protokoll',
'Level7 Rule' => 'Level7-Regel',
'Level7 rule' => 'Level7-Regel',
@@ -248,7 +248,7 @@
'advproxy errmsg no browser' => 'Mindestens ein Browser oder Client muss für den Web-Zugriff zugelassen sein',
'advproxy errmsg no password' => 'Passwort kann nicht leer sein',
'advproxy errmsg no username' => 'Benutzername darf nicht leer sein',
'advproxy errmsg non-transparent proxy required' => 'Web Proxy muss für die Authentifizierung im Nicht-transparenten Modus laufen',
'advproxy errmsg non-transparent proxy required' => 'Web Proxy muss für die Authentifizierung im nicht-transparenten Modus laufen',
'advproxy errmsg ntlm domain' => 'Windows-Domänenname erforderlich',
'advproxy errmsg ntlm pdc' => 'Hostname der Primary Domain Controllers erforderlich',
'advproxy errmsg password incorrect' => 'Falsches Passwort',
@@ -264,8 +264,8 @@
'advproxy error design' => 'Design der Fehlermeldungen',
'advproxy error language' => 'Sprache der Fehlermeldungen',
'advproxy fake referer' => 'Gefälschter Referer für externe Web-Sites',
'advproxy fake useragent' => 'Gefälschter Useragent für externe Web-Sites',
'advproxy friday' => 'Fre',
'advproxy fake useragent' => 'Gefälschter User-Agent für externe Web-Sites',
'advproxy friday' => 'Fr',
'advproxy from' => 'Von',
'advproxy group access control' => 'Gruppenbasierte Zugriffskontrolle',
'advproxy group required' => 'Erforderliche Gruppe',
@@ -274,7 +274,7 @@
'advproxy log enabled' => 'Protokoll aktiviert',
'advproxy log query' => 'Protokolliere Query Terms',
'advproxy log settings' => 'Protokolleinstellungen',
'advproxy log useragent' => 'Protokolliere Useragents',
'advproxy log useragent' => 'Protokolliere User-Agents',
'advproxy max download size' => 'Max. Größe von Downloads (KB)',
'advproxy max size' => 'Max. Objektgröße (KB)',
'advproxy max upload size' => 'Max. Größe von Uploads (KB)',
@@ -282,7 +282,7 @@
'advproxy min size' => 'Min. Objektgröße (KB)',
'advproxy mode allow' => 'Zulassen',
'advproxy mode deny' => 'Verweigern',
'advproxy monday' => 'Mon',
'advproxy monday' => 'Mo',
'advproxy network based access' => 'Netzwerkbasierte Zugriffskontrolle',
'advproxy no cache sites' => 'Diese Domains nicht zwischenspeichern (eine pro Zeile)',
'advproxy no clients defined' => 'Keine Clients definiert',
@@ -300,7 +300,7 @@
'advproxy ram cache size' => 'Cachegröße im Arbeitsspeicher (MB)',
'advproxy redirector children' => 'Anzahl der Filterprozesse',
'advproxy reset' => 'Zurücksetzen',
'advproxy saturday' => 'Sam',
'advproxy saturday' => 'Sa',
'advproxy save and restart' => 'Speichern und Neustart',
'advproxy squid version' => 'Squid Cache Version',
'advproxy squidclamav' => 'SquidClamav',
@@ -308,21 +308,21 @@
'advproxy ssl ports' => 'Zulässige SSL-Ports (einer pro Zeile)',
'advproxy standard' => 'Standard',
'advproxy standard ports' => 'Zulässige Standard-Ports (einer pro Zeile)',
'advproxy sunday' => 'Son',
'advproxy sunday' => 'So',
'advproxy supervisor password' => 'Supervisor-Passwort',
'advproxy suppress version' => 'Unterdrücke Versions-Informationen',
'advproxy suppress version' => 'Unterdrücke Versionsinformationen',
'advproxy throttle binary' => 'Binärdateien',
'advproxy throttle dskimg' => 'CD-Images',
'advproxy throttle mmedia' => 'Multimedia',
'advproxy throttling per host on' => 'Begrenzung pro Host auf',
'advproxy throttling total on' => 'Begrenzung insgesamt auf',
'advproxy throttling unlimited' => 'unbegrenzt',
'advproxy thursday' => 'Don',
'advproxy thursday' => 'Do',
'advproxy time restrictions' => 'Zeitbeschränkungen',
'advproxy to' => 'Bis',
'advproxy transfer limits' => 'Transfergrenzen',
'advproxy transparent on' => 'Transparent auf',
'advproxy tuesday' => 'Die',
'advproxy tuesday' => 'Di',
'advproxy unknown' => 'Unbekannt',
'advproxy unrestricted ip clients' => 'Uneingeschränkte IP-Adressen (eine pro Zeile)',
'advproxy unrestricted mac clients' => 'Uneingeschränkte MAC-Adressen (eine pro Zeile)',
@@ -337,7 +337,7 @@
'advproxy via forwarding' => 'Proxy-Adresse weiterleiten',
'advproxy visible hostname' => 'Sichtbarer Hostname',
'advproxy web browser' => 'Web-Browser',
'advproxy wednesday' => 'Mit',
'advproxy wednesday' => 'Mi',
'again' => 'Wiederholung:',
'age second' => 'Sekunde',
'age seconds' => 'Sekunden',
@@ -359,7 +359,7 @@
'alt dialup' => 'Einwahl',
'alt home' => 'Startseite',
'alt information' => 'Information',
'alt logs' => 'Logs',
'alt logs' => 'Protokolle',
'alt ovpn' => 'OpenVPN',
'alt proxy' => 'Proxy',
'alt services' => 'Dienste',
@@ -766,12 +766,12 @@
'dnsforward entries' => 'Aktuelle Einträge',
'dnsforward forward_server' => 'DNS-Server',
'dnsforward zone' => 'Zone',
'dnssec aware' => 'DNSSEC-aware',
'dnssec disabled warning' => 'WARNING: DNSSEC wurde deaktiviert',
'dnssec aware' => 'DNSSEC-Informationen verfügbar, aber nicht validierend',
'dnssec disabled warning' => 'WARNUNG: DNSSEC wurde deaktiviert',
'dnssec information' => 'DNSSEC-Informationen',
'dnssec not supported' => 'DNSSEC wird nicht unterstützt',
'dnssec validating' => 'DNSSEC-validierend',
'do not log this port list' => 'Verwerfe diese Port-Liste kurz bevor sie protokolliert werden (reduziert Protokollgröße)',
'do not log this port list' => 'Verwerfe diese Port-Liste, kurz bevor sie protokolliert werden (reduziert Protokollgröße)',
'dod' => 'Dial-on-Demand-Modus',
'dod for dns' => 'Dial-on-Demand für DNS:',
'dod not compatible with ddns' => 'Dial-on-Demand ist nicht kompatibel mit dynamischen DNS-Diensten',
@@ -805,15 +805,15 @@
'drop action' => 'Standardverhalten der (Forward) Firewall in Modus "Blocked"',
'drop action1' => 'Standardverhalten der (Outgoing) Firewall in Modus "Blocked"',
'drop action2' => 'Standardverhalten der (Input) Firewall',
'drop forward' => 'Verworfene (Forward) Firewall-Pakete loggen',
'drop input' => 'Verworfene Input Pakete loggen',
'drop newnotsyn' => 'Verworfene New Not Syn Pakete loggen',
'drop outgoing' => 'Verworfene (Outgoing) Firewall-Pakete loggen',
'drop portscan' => 'Verworfene Portscan Pakete loggen',
'drop proxy' => 'Alle Pakete verwerfen die nicht direkt an den Proxy gerichtet sind',
'drop samba' => 'Alle Microsoft Pakete verwerfen, Ports 135,137,138,139,445,1025',
'drop wirelessforward' => 'Verworfene Wireless Forward Pakete loggen',
'drop wirelessinput' => 'Verworfene Wireless Input Pakete loggen',
'drop forward' => 'Verworfene (Forward) Firewall-Pakete protokollieren',
'drop input' => 'Verworfene Input Pakete protokollieren',
'drop newnotsyn' => 'Verworfene New Not Syn Pakete protokollieren',
'drop outgoing' => 'Verworfene (Outgoing) Firewall-Pakete protokollieren',
'drop portscan' => 'Verworfene Portscan Pakete protokollieren',
'drop proxy' => 'Alle Pakete verwerfen, die nicht direkt an den Proxy gerichtet sind',
'drop samba' => 'Alle Microsoft Pakete verwerfen (Ports 135,137,138,139,445,1025)',
'drop wirelessforward' => 'Verworfene Wireless Forward Pakete protokollieren',
'drop wirelessinput' => 'Verworfene Wireless Input Pakete protokollieren',
'dst port' => 'Ziel-Port',
'dstprt range overlaps' => 'Der Zielportbereich überlappt mit einem bereits definierten Port.',
'dstprt within existing' => 'Der Zielport liegt innerhalb eines bereits definierten Portbereichs.',
@@ -843,7 +843,7 @@
'eg' => 'z.B.:',
'email config' => 'Konfiguration',
'email empty field' => 'Leeres Feld',
'email error' => 'ERROR: Testmail konnte nicht versendet werden',
'email error' => 'FEHLER: Test-E-Mail konnte nicht versendet werden',
'email invalid' => 'Ungültiges Feld',
'email invalid mailfqdn' => 'Ungültiger FQDN für Mailserver',
'email invalid mailip' => 'Ungültige IP-Adresse für Mailserver',
@@ -854,15 +854,15 @@
'email mailrcpt' => 'E-Mail-Empfänger',
'email mailsender' => 'E-Mail-Absender',
'email mailuser' => 'Benutzername',
'email server can not be empty' => 'Email-Server darf nicht leer sein',
'email server can not be empty' => 'E-Mail-Server darf nicht leer sein',
'email settings' => 'Mailversand',
'email subject' => 'IPFire Testmail',
'email success' => 'Testmail erfolgreich versendet',
'email subject' => 'IPFire Test-E-Mail',
'email success' => 'Test-E-Mail erfolgreich versendet',
'email testmail' => 'Testnachricht senden',
'email text' => 'Testnachricht vom IPFire Mailversand.',
'email tls' => 'TLS aktivieren',
'email usemail' => 'Mailversand aktivieren',
'emailreportlevel' => 'Email-Reportlevel',
'emailreportlevel' => 'E-Mail-Reportlevel',
'empty' => 'Dieses Feld kann leer bleiben',
'empty profile' => 'Unbenannt',
'enable ignore filter' => '&quot;Ignorieren&quot;-Filter ein',
@@ -899,7 +899,7 @@
'esp keylife should be between 1 and 24 hours' => 'ESP Schlüssel-Lebensdauer sollte zwischen 1 und 24 Stunden betragen.',
'every' => 'Alle',
'exampel' => 'Beispiel',
'exclude logfiles' => 'ohne Logdateien',
'exclude logfiles' => 'ohne Protokolldateien',
'excluding buffers and cache' => '-/+ Puffer/Zwischenspeicher',
'expected' => 'Erwartet',
'expertoptions' => 'Expertenoptionen',
@@ -908,9 +908,9 @@
'exportkey' => 'PSK exportieren',
'external access' => 'Externer Zugang',
'external access configuration' => 'Einstellungen für externen Zugang',
'external access rule added' => 'Regel für externen Zugang hinzugefügt; Starte Zugangskontroller neu',
'external access rule changed' => 'External access Regel geändert; Der access controller wird neu gestartet.',
'external access rule removed' => ' Regel für externen Zugang entfernt; Starte Zugangskontroller neu',
'external access rule added' => 'Regel für externen Zugang hinzugefügt; starte Zugangskontroller neu',
'external access rule changed' => 'External access Regel geändert; der access controller wird neu gestartet.',
'external access rule removed' => ' Regel für externen Zugang entfernt; starte Zugangskontroller neu',
'external aliases configuration' => 'Externe Alias-Konfiguration',
'extrahd' => 'ExtraHD',
'extrahd because there is already a device mounted' => ' mounten, weil bereits ein Gerät gemountet ist',
@@ -957,10 +957,10 @@
'firewall log country' => 'Firewall-Protokoll (Land)',
'firewall log ip' => 'Firewall-Protokoll (IP)',
'firewall log port' => 'Firewall-Protokoll (Port)',
'firewall logs' => 'Firewall-Logdateien',
'firewall logs country' => 'Fw-Logdiagramme (Land)',
'firewall logs ip' => 'Fw-Logdiagramme (IP)',
'firewall logs port' => 'Fw-Logdiagramme (Port)',
'firewall logs' => 'Firewall-Protokolldateien',
'firewall logs country' => 'Fw-Protokolldiagramme (Land)',
'firewall logs ip' => 'Fw-Protokolldiagramme (IP)',
'firewall logs port' => 'Fw-Protokolldiagramme (Port)',
'firewall rules' => 'Firewallregeln',
'firewallhits' => 'Firewalltreffer',
'firmware' => 'Firmware',
@@ -984,14 +984,14 @@
'fritzdsl help' => 'Um eines der folgenden Fritz!DSL Modems (Fritz!Card DSL=fcdsl / Fritz!CardDSL SL=fcdslsl / Fritz!Card DSL V2.0=fcdsl2 / Fritz!Card DSL USB=fcdslusb / Fritz!Card DSL USB SL=fcdslslusb) nutzen zu können, müssen Sie ein Paket auf Ihre IPFire-Box laden. Bitte laden Sie den tarball entsprechend Ihrer Version von der IPFire-Webseite herunter und laden Sie dann die gesamte <b>fcdsl-(ihre_version).tgz</b> mit dem folgenden Formular hoch.',
'fritzdsl upload' => 'Fritz!DSL-Treiber hochladen',
'from' => 'Von',
'from email adr' => 'Von Email Adresse',
'from email pw' => 'Von Email Passwort',
'from email server' => 'Von Email Server',
'from email user' => 'Von Email Benutzer',
'from warn email bad' => 'Von Email Adresse ist nicht gültig',
'from email adr' => 'Von E-Mail-Adresse',
'from email pw' => 'Von E-Mail-Passwort',
'from email server' => 'Von E-Mail-Server',
'from email user' => 'Von E-Mail-Benutzer',
'from warn email bad' => 'Von E-Mail-Adresse ist nicht gültig',
'fw blue' => 'Firewalloptionen für das Blaue Interface',
'fw default drop' => 'Firewall Policy',
'fw logging' => 'Firewall-Logging',
'fw default drop' => 'Firewall Richtlinie',
'fw logging' => 'Firewall-Protokollierung',
'fw settings' => 'Firewall-Einstellungen',
'fw settings color' => 'Farben in Regeltabelle anzeigen',
'fw settings dropdown' => 'Alle Netzwerke auf Regelerstellungsseite anzeigen',
@@ -1037,8 +1037,8 @@
'fwdfw external port nat' => 'Externer Port (NAT)',
'fwdfw final_rule' => 'Letzte Regel: ',
'fwdfw from' => 'Von:',
'fwdfw hint ip1' => 'Die zuletzt erzeugte Regel mag eventuell niemals zutreffen, da sich Quelle und Ziel überlappen.',
'fwdfw hint ip2' => 'Bitte überprüfen Sie, ob diese Regel Sinn macht: ',
'fwdfw hint ip1' => 'Die zuletzt erzeugte Regel könnte eventuell niemals zutreffen, da sich Quelle und Ziel überlappen.',
'fwdfw hint ip2' => 'Bitte überprüfen Sie, ob diese Regel Sinn ergibt: ',
'fwdfw hint mac' => 'Sie nutzen MAC-Adressen in der Zielgruppe. Diese werden bei der Regelerstellung übersprungen.',
'fwdfw iface' => 'Interface',
'fwdfw ipsec network' => 'IPsec-Netzwerke:',
@@ -1183,7 +1183,7 @@
'fwhost stdnet' => 'Standard-Netzwerke:',
'fwhost type' => 'Typ',
'fwhost used' => 'Genutzt',
'fwhost welcome' => 'Hier können einzelne Hosts, Netzwerke oder Dienste zu Gruppen zusammengefasst werden, was das erstellen von Firewallregeln einfacher und schneller macht.',
'fwhost welcome' => 'Hier können einzelne Hosts, Netzwerke oder Dienste zu Gruppen zusammengefasst werden, was das Erstellen von Firewallregeln einfacher und schneller macht.',
'fwhost wo subnet' => '(Ohne Subnetz)',
'gateway' => 'Gateway',
'gateway ip' => 'Gateway-IP',
@@ -1228,7 +1228,7 @@
'hangup' => 'Trennen',
'hangup string' => 'Auflegen:',
'harddisk temperature' => 'Festplattentemperatur',
'harddisk temperature graphs' => 'HDD-Diagramme',
'harddisk temperature graphs' => 'Festplatten-Diagramme',
'hardware graphs' => 'Hardware-Diagramme',
'hardware support' => 'Hardware-Unterstützung',
'hdd temperature in' => 'Festplattentemperatur in',
@@ -1261,8 +1261,8 @@
'idle' => 'Leerlauf',
'idle timeout' => 'Leerlauf-Wartezeit in min (0 zum Deaktivieren):',
'idle timeout not set' => 'Leerlauf-Wartezeit nicht angegeben.',
'ids log viewer' => 'Ansicht IDS-Log',
'ids logs' => 'IDS-Logdateien',
'ids log viewer' => 'Ansicht IDS-Protokoll',
'ids logs' => 'IDS-Protokolldateien',
'ids preprocessor' => 'IDS-Präprozessor',
'ids rules license' => 'Um Sourcefire VRT Zertifizierte Regeln zu nutzen, müssen Sie sich unter',
'ids rules license1' => ' registrieren.',
@@ -1282,7 +1282,7 @@
'imsi' => 'IMSI',
'in' => 'Ein',
'inactive' => 'inaktiv',
'include logfiles' => 'mit Logdateien',
'include logfiles' => 'mit Protokolldateien',
'incoming' => 'eingehend',
'incoming compression in bytes per second' => 'Eingehende Kompression',
'incoming firewall access' => 'Eingehender Firewallzugang',
@@ -1303,7 +1303,7 @@
'internet' => 'INTERNET',
'intrusion detection' => 'Einbruchdetektierung',
'intrusion detection system' => 'Intrusion Detection System',
'intrusion detection system log viewer' => 'Betrachter der IDS-Logfiles',
'intrusion detection system log viewer' => 'Betrachter der IDS-Protokolldateien',
'intrusion detection system rules' => 'Intrusion Detection System Regeln',
'intrusion detection system2' => 'Intrusion Detection System:',
'invalid broadcast ip' => 'Ungültige Broadcast-IP',
@@ -1327,12 +1327,12 @@
'invalid input for dhcp wins' => 'Ungültige Eingabe für DHCP WINS',
'invalid input for dpd delay' => 'Ungültige Eingabe für DPD-Verzögerung',
'invalid input for dpd timeout' => 'Ungültige Eingabe für DPD-Zeitüberschreitung',
'invalid input for e-mail address' => 'Ungültige Eingabe für die E-mail Adresse',
'invalid input for e-mail address' => 'Ungültige Eingabe für die E-Mail-Adresse',
'invalid input for esp keylife' => 'Ungültige Eingabe für ESP Schlüssel-Lebensdauer',
'invalid input for hostname' => 'Ungültige Eingabe für Hostname',
'invalid input for ike lifetime' => 'Ungültige Eingabe für IKE Lebensdauer',
'invalid input for keepalive 1' => 'Ungültige Eingabe für Keepalive ping',
'invalid input for keepalive 1:2' => 'Ungültige Eingabe für Keepalive mindestens ein Verhältnis von 1:2',
'invalid input for keepalive 1:2' => 'Ungültige Eingabe für Keepalive (mindestens ein Verhältnis von 1:2)',
'invalid input for keepalive 2' => 'Ungültige Eingabe für Keepalive ping-restart',
'invalid input for max clients' => 'Ungültige Eingabe für Max Clients',
'invalid input for name' => 'Ungültige Eingabe für vollen Namen des Benutzers oder des System Hostnamens',
@@ -1346,7 +1346,7 @@
'invalid key' => 'Ungültiger Schlüssel.',
'invalid loaded file' => 'Ungültige geladene Datei',
'invalid local-remote id' => 'Local-Id und Remote-Id dürfen nicht gleich sein, und müssen einem "@"-Zeichen beginnen. Dies sind leftid und rightid in der StrongSwan-Terminologie.',
'invalid logserver address' => 'Ungültige syslogd server Adresse',
'invalid logserver address' => 'Ungültige syslogd-Server-Adresse',
'invalid mac address' => 'Ungültige MAC-Adresse',
'invalid max lease time' => 'Ungültige max. Haltezeit.',
'invalid maximum incoming size' => 'Ungültige max. ankommende Größe.',
@@ -1357,7 +1357,7 @@
'invalid mtu input' => 'Ungültige MTU',
'invalid netmask' => 'Ungültige Netzwerkmaske',
'invalid port' => 'Ungültiger Port. Bitte gültige Portnummer eingeben.',
'invalid port list' => 'Portlisten-Syntax lautet: port[,port]... wobei port in /etc/services vorkommt oder Nummer',
'invalid port list' => 'Portlisten-Syntax lautet: port[,port]... wobei port in /etc/services enthalten ist, alternativ Portnummer',
'invalid primary dns' => 'Ungültiger primärer DNS.',
'invalid primary ntp' => 'Ungültiger primärer NTP.',
'invalid secondary dns' => 'Ungültiger sekundärer DNS.',
@@ -1367,13 +1367,13 @@
'invalid time period' => 'Unzulässiger Zeitabschnitt.',
'invalid uplink speed' => 'Ungültige Uplink-Geschwindigkeit.',
'invalid upstream proxy username or password setting' => 'Ungültige/r Remote-Proxy-Benutzername oder Passwort-Einstellung',
'invalid users' => 'Liste mit Benutzern denen der Zugriff untersagt ist',
'invalid users' => 'Liste mit Benutzern, denen der Zugriff untersagt ist',
'invalid vpi vpci' => 'Ungültige VPI/VPCI-Einstellungen',
'invalid wins address' => 'Ungültige WINS Server Addresse.',
'invert' => 'Invertieren',
'ip address' => 'IP-Adresse',
'ip address in use' => 'IP-Adresse bereits vergeben',
'ip address outside subnets' => 'IP-Adresse ausserhalb der(s) lokalen Subnetze(s)',
'ip address outside subnets' => 'IP-Adresse außerhalb der(s) lokalen Subnetze(s)',
'ip alias added' => 'Externer IP-Alias hinzugefügt',
'ip alias changed' => 'Externer IP-Alias geändert',
'ip alias removed' => 'Externer IP-Alias entfernt',
@@ -1386,7 +1386,7 @@
'ipinfo' => 'IP-Info',
'ipsec' => 'IPsec',
'ipsec network' => 'IPsec-Netzwerke',
'ipsec no connections' => 'Keine aktiven IPsec Verbindungen',
'ipsec no connections' => 'Keine aktiven IPsec-Verbindungen',
'iptable rules' => 'IPTable-Regeln',
'iptmangles' => 'IPTable Mangles',
'iptnats' => 'IPTable Network Address Translation',
@@ -1419,7 +1419,7 @@
'lifetime' => 'Lebensdauer:',
'line' => 'Leitung',
'linkq' => 'Antwortzeit',
'load printer' => 'Load Printer',
'load printer' => 'Lade Drucker',
'loaded modules' => 'Geladene Module:',
'local hard disk' => 'Festplatte',
'local master' => 'Local Master',
@@ -1430,23 +1430,23 @@
'localkey' => 'Localkey',
'localkeyfile' => 'Localkeyfile',
'log' => 'Protokoll',
'log enabled' => 'Log aktiviert',
'log level' => 'Log Level',
'log enabled' => 'Protokoll aktiviert',
'log level' => 'Protokollierungslevel',
'log lines per page' => 'Zeilen pro Seite',
'log server address' => 'Syslog Server',
'log settings' => 'Logdatei-Einstellungen',
'log summaries' => 'Log Übersicht',
'log summary' => 'Log Zusammenfassung',
'log settings' => 'Protokolldatei-Einstellungen',
'log summaries' => 'Protokollübersicht',
'log summary' => 'Protokollzusammenfassung',
'log var messages' => 'Einstellungen für /var/log/messages',
'log view' => 'Log Anzeige',
'log view' => 'Protokollanzeige',
'log viewer' => 'Protokollansicht',
'log viewing options' => 'Log Ansichts-Optionen',
'log-options' => 'Logfile Optionen',
'log viewing options' => 'Protokollansichtsoptionen',
'log-options' => 'Protokolldateioptionen',
'loged in at' => 'Angemeldet seit',
'logging' => 'Logging',
'logging' => 'Protokollierung',
'logging server' => 'Protokollierungs-Server',
'loginlogout' => 'Login/Logout',
'logs' => 'Logdateien',
'logs' => 'Protokolldateien',
'lookup failed' => 'Reverse Lookup gescheitert',
'loosedirectorychecking' => 'Loose directorychecking',
'low' => 'Niedrig',
@@ -1499,7 +1499,7 @@
'masquerading enabled' => 'NAT eingeschaltet',
'max bandwith' => 'Maximale Bandbreite',
'max incoming size' => 'Max. eingehende Größe (kB):',
'max lease time' => 'Max. Haltezeit in min:',
'max lease time' => 'Max. Haltezeit in min.:',
'max outgoing size' => 'Max. abgehende Größe (kB):',
'max reliability' => 'Maximale Zuverlässigkeit',
'max renewal time' => 'Maximale Aktualisierungszeit',
@@ -1511,15 +1511,15 @@
'maximum retries' => 'Maximale Wiederholversuche:',
'may' => 'Mai',
'mbmon display' => 'Anzeigen',
'mbmon fan' => 'Fan Speed',
'mbmon fan in' => 'Fan Speed in',
'mbmon fan' => 'Lüftergeschwindigkeit',
'mbmon fan in' => 'Lüftergeschwindigkeit in',
'mbmon graphs' => 'mbmon-Diagramme',
'mbmon label' => 'Label',
'mbmon settings' => 'mbmongraph Einstellungen',
'mbmon temp' => 'Temperature',
'mbmon temp in' => 'Temperature in',
'mbmon temp' => 'Temperatur',
'mbmon temp in' => 'Temperatur in',
'mbmon value' => 'Wert',
'mbmon volt' => 'Voltage',
'mbmon volt' => 'Spannung',
'meaning' => 'Bedeutung',
'media' => 'Laufwerke',
'media information' => 'Laufwerksinformationen',
@@ -1528,7 +1528,7 @@
'memory information' => 'Speicherinformationen',
'memory usage per' => 'Speichernutzung pro',
'messages' => 'Meldungen',
'messages logging' => 'Logeinstellungen für /var/log/messages',
'messages logging' => 'Protokolleinstellungen für /var/log/messages',
'method' => 'Methode:',
'min costs' => 'Minimale Kosten',
'min delay' => 'Minimale Verzögerung',
@@ -1637,7 +1637,7 @@
'no fritzdsl driver' => 'Kein Fritz!DSL-Treiber vorhanden. Bitte hochladen.',
'no hardware random number generator' => 'Dieses System hat keine Entropiequelle.',
'no information available' => 'Keine Informationen verfügbar.',
'no log selected' => 'kein Log ausgewählt',
'no log selected' => 'kein Protokoll ausgewählt',
'no modem selected' => 'Kein Modem ausgewählt',
'no set selected' => 'Es wurde kein Satz ausgewählt',
'no time limit' => 'unbregenzte Zeit',
@@ -1681,7 +1681,7 @@
'openvpn disabled' => 'DEAKTIVIERT',
'openvpn enabled' => 'AKTIVIERT',
'openvpn fragment allowed with udp' => '"fragment" kann nur in Kombination mit dem UDP-Protokoll genutzt werden.',
'openvpn log' => 'OpenVPN Log',
'openvpn log' => 'OpenVPN Protokoll',
'openvpn mssfix allowed with udp' => '"mssfix" kann nur in Kombination mit dem UDP-Protokoll genutzt werden.',
'openvpn network' => 'OpenVPN-Netzwerke',
'openvpn prefix local subnet' => 'Die Prefix-Notation wird nicht unterstützt. Bitte geben Sie eine Subnetzmaske beim lokalen Subnetz ein wie z.B. 255.255.255.0.',
@@ -1693,8 +1693,8 @@
'optional data' => '3. Optionale Einstellungen',
'options' => 'Optionen',
'options fw' => 'Firewalloptionen',
'optionsfw portlist hint' => 'Die Liste der Ports muss durch ein Komma getrennt werden (z.B. 137,138). Sie können maximal bis zu 15 Ports pro Protokoll angeben.',
'optionsfw warning' => 'Verändern dieser Optionen bedingt einen Neustart der Firewall',
'optionsfw portlist hint' => 'Die Liste der Ports muss durch Kommata getrennt werden (z.B. 137,138). Sie können maximal bis zu 15 Ports pro Protokoll angeben.',
'optionsfw warning' => 'Verändern dieser Optionen erfordert einen Neustart der Firewall',
'or' => 'oder',
'orange' => 'ORANGE',
'organization cant be empty' => 'Organisation darf nicht leer sein.',
@@ -1718,10 +1718,10 @@
'outgoing firewall edit ip group' => 'IP Adressgruppen bearbeiten',
'outgoing firewall edit mac group' => 'MAC Adressgruppen bearbeiten',
'outgoing firewall group error' => 'Eine Gruppe mit dem selben Namen existiert bereits.',
'outgoing firewall groups' => 'Firewall Gruppen',
'outgoing firewall groups' => 'Firewallgruppen',
'outgoing firewall ip groups' => 'Ausgehende Firewall IP Adressgruppen',
'outgoing firewall mac groups' => 'Ausgehende Firewall MAC Adressgruppen',
'outgoing firewall mode0' => 'In diesem Modus ist es allen Rechnern im Netzwerk uneingeschränkt möglich Verbindungen ins Internet aufzubauen.',
'outgoing firewall mode0' => 'In diesem Modus ist es allen Rechnern im Netzwerk uneingeschränkt möglich, Verbindungen ins Internet aufzubauen.',
'outgoing firewall mode1' => 'In diesem Modus werden nur Verbindungen nach den oben definierten Regeln zugelassen.',
'outgoing firewall mode2' => 'In diesem Modus werden sämtliche Verbindungen erlaubt, bis auf die oben definierten Block-Regeln.',
'outgoing firewall outgoing firewall reserved groupname' => 'Bitte einen anderen Gruppennamen verwenden, dieser ist ein reserviertes Wort.',
@@ -1753,7 +1753,7 @@
'ovpn generating the root and host certificates' => 'Die Erzeugung der Root- und Host-Zertifikate kann lange Zeit dauern.',
'ovpn ha' => 'Hash-Algorithmus',
'ovpn hmac' => 'HMAC-Optionen',
'ovpn log' => 'OVPN-Log',
'ovpn log' => 'OVPN-Protokoll',
'ovpn mgmt in root range' => 'Ein Port von 1024 oder höher ist erforderlich.',
'ovpn mtu-disc' => 'Path MTU Discovery',
'ovpn mtu-disc and mtu not 1500' => 'Path MTU Discovery benötigt eine MTU von 1500.',
@@ -1767,7 +1767,7 @@
'ovpn on orange' => 'OpenVPN auf ORANGE:',
'ovpn on red' => 'OpenVPN auf ROT:',
'ovpn port in root range' => 'Ein Port von 1024 oder höher ist erforderlich.',
'ovpn reneg sec' => 'Session Key Lifetime',
'ovpn reneg sec' => 'Sitzungsschlüssellebensdauer',
'ovpn routes push' => 'Routen (eine pro Zeile) z.b. 192.168.10.0/255.255.255.0 192.168.20.0/24',
'ovpn routes push options' => 'Route push Optionen',
'ovpn server status' => 'OpenVPN-Server-Status',
@@ -1788,8 +1788,8 @@
'ovpn_processprioN' => 'Normal',
'ovpn_processprioVD' => 'Sehr Tief',
'ovpn_processprioVH' => 'Sehr Hoch',
'ovpnstatus log' => 'OVPN-Status-Log',
'ovpnsys log' => 'OVPN-System-Log',
'ovpnstatus log' => 'OVPN-Status-Protokoll',
'ovpnsys log' => 'OVPN-System-Protokoll',
'p2p block' => 'P2P-Netzwerke',
'p2p block save notice' => 'Bitte lesen Sie die Firewallregeln neu ein, damit die Änderungen aktiv werden.',
'package failed to install' => 'Programmpaket konnte nicht installiert werden.',
@@ -1798,10 +1798,10 @@
'pakfire ago' => 'her.',
'pakfire available addons' => 'Verfügbare Addons:',
'pakfire configuration' => 'Pakfire Konfiguration',
'pakfire core update auto' => 'Core und Addon Updates automatisch installieren:',
'pakfire core update auto' => 'Core- und Addon-Updates automatisch installieren:',
'pakfire core update level' => 'Core-Update-Level',
'pakfire health check' => 'Mirrors auf Erreichbarkeit prüfen (Ping):',
'pakfire install description' => 'Wählen Sie ein oder mehrere Pakete zur Installation aus und drücken Sie auf das plus Symbol.',
'pakfire install description' => 'Wählen Sie ein oder mehrere Pakete zur Installation aus und drücken Sie auf das plus-Symbol.',
'pakfire install package' => 'Sie möchten folgende Pakete installieren: ',
'pakfire installed addons' => 'Installierte Addons:',
'pakfire last core list update' => 'Letztes Corelisten Update ist',
@@ -1811,7 +1811,7 @@
'pakfire possible dependency' => ' Möglicherweise haben diese Pakete Abhängigkeiten, d.h. andere Pakete müssen zusätzlich installiert werden. Dazu sehen Sie unten eine Liste.',
'pakfire register' => 'Registrierung am Pakfire-Server:',
'pakfire system state' => 'System Status',
'pakfire uninstall description' => 'Wählen Sie ein oder mehrere Pakete zur Deinstallation aus und drücken Sie auf das minus Symbol.',
'pakfire uninstall description' => 'Wählen Sie ein oder mehrere Pakete zur Deinstallation aus und drücken Sie auf das minus-Symbol.',
'pakfire uninstall package' => 'Sie möchten folgende Pakete deinstallieren: ',
'pakfire update daily' => 'Täglich nach Updates suchen:',
'pakfire updates' => 'Zur Verfügung stehende Updates:',
@@ -1882,8 +1882,8 @@
'proxy cachemgr' => 'Cachemanager aktivieren',
'proxy errmsg filedescriptors' => 'Ungültiger Anzahl Filedescriptoren',
'proxy filedescriptors' => 'Anzahl Filedescriptoren',
'proxy log viewer' => 'Ansicht Proxy-Log',
'proxy logs' => 'Proxy-Logdateien',
'proxy log viewer' => 'Ansicht Proxy-Protokoll',
'proxy logs' => 'Proxy-Protokolldateien',
'proxy no proxy extend' => 'oder geben Sie eine Liste von Zielen an, welche nicht über den Proxy angesprochen werden sollen',
'proxy no proxy local' => 'Lokalen Proxy auf blauen/grünen Netzwerken verhindern',
'proxy port' => 'Proxy-Port',
@@ -1928,10 +1928,10 @@
'remote access' => 'Fernwartung',
'remote announce' => 'Remote Announce',
'remote browse sync' => 'Remote Browse Sync',
'remote host/ip' => 'Remote Host/IP',
'remote logging' => 'Remote logging',
'remote subnet' => 'Remote Subnetz:',
'remote subnet is invalid' => 'Remote Subnetz ist ungültig.',
'remote host/ip' => 'Entfernte(r) Host/IP',
'remote logging' => 'Entfernte Protokollierung',
'remote subnet' => 'Entferntes Subnetz:',
'remote subnet is invalid' => 'Entferntes Subnetz ist ungültig.',
'removable device advice' => 'Stecken Sie ein Gerät an, aktualisieren Sie und binden Sie es vor der Benutzung ein. Melden Sie das Gerät vorm Entfernen ab.',
'remove' => 'Löschen',
'remove ca certificate' => 'CA-Zertifikat entfernen',
@@ -1947,7 +1947,7 @@
'reset' => 'Zurücksetzen',
'reset shares' => 'Freigaben zurücksetzen',
'resetglobals' => 'Globale Einstellungen zurücksetzen',
'resetpolicy' => 'Policy zurücksetzen',
'resetpolicy' => 'Richtlinie zurücksetzen',
'resetshares' => 'Shares zurücksetzen?',
'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections' => 'Das Löschen des X509 wird die Root-CA, die Host-Zertifikate und alle zertifikatsbasierten Verbindungen entfernen.',
'restart' => 'Neustart',
@@ -1995,7 +1995,7 @@
'select source net' => 'Auswahl Quell-Netz',
'selecttraffic' => 'Trafficübersicht auswählen:',
'send cr' => 'ISP verlangt Zeilenrücklaufzeichen:',
'send email notification' => 'Aktiviert, Email Benachrichtigung senden',
'send email notification' => 'Aktiviert, E-Mail Benachrichtigung senden',
'send test mail' => 'Sende Testemail',
'september' => 'September',
'serial' => 'serielle',
@@ -2119,7 +2119,7 @@
'stop ovpn server' => 'Stoppe OpenVPN-Server',
'stopped' => 'ANGEHALTEN',
'subject' => 'Betreff',
'subject test' => 'Testemail',
'subject test' => 'Test-E-Mail',
'subject warn' => 'Warnung - Warnlevel erreicht',
'subnet' => 'Subnet',
'subnet is invalid' => 'Netzmaske ist ungültig',
@@ -2135,16 +2135,16 @@
'system has hwrng' => 'Dieses System hat einen Hardware-Zufallszahlengenerator.',
'system has rdrand' => 'Dieses System unterstützt Intel(R) RDRAND.',
'system information' => 'Systeminformationen',
'system log viewer' => 'Betrachter der System-Logdateien',
'system logs' => 'System-Logdateien',
'system log viewer' => 'Betrachter der Systemprotokolldateien',
'system logs' => 'Systemprotokolldateien',
'system status information' => 'System-Statusinformationen',
'ta key' => 'TLS-Authentifizierungsschlüssel',
'telephone not set' => 'Telefonnummer nicht angegeben.',
'template' => 'Vorlage',
'template warning' => 'Zur Einrichtung von QoS stehen Ihnen 2 Möglichkeiten zur Auswahl. Entweder Sie wählen speichern und erstellen Klassen und Regeln nach Ihren Wünschen, oder Sie wählen Vorlage, dann werden die Klassen und Regeln durch ein Template generiert.',
'test' => 'test',
'test email could not be sent' => 'Könnte Testemail nicht senden',
'test email was sent' => 'Testemail wurde erfolgreich versand',
'test email could not be sent' => 'Könnte Test-E-Mail nicht senden',
'test email was sent' => 'Test-E-Mail wurde erfolgreich versand',
'the following update was successfully installed' => 'Das folgende Update wurde erfolgreich installiert',
'the statistics were last updated at' => 'Die Statistik wurde zuletzt aktualisiert am',
'theme' => 'Style',
@@ -2194,10 +2194,10 @@
'tor connected relays' => 'Verbundene Relays',
'tor contact info' => 'Kontaktinformationen',
'tor daemon' => 'Daemon',
'tor directory port' => 'Directory-Port',
'tor directory port' => 'Verzeichnis-Port',
'tor enabled' => 'Tor einschalten',
'tor errmsg invalid accounting limit' => 'Ungültiges Accounting-Limit',
'tor errmsg invalid directory port' => 'Ungültiger Directory-Port',
'tor errmsg invalid directory port' => 'Ungültiger Verzeichnis-Port',
'tor errmsg invalid ip or mask' => 'Ungültiges IP-Subnetz',
'tor errmsg invalid relay address' => 'Ungültige Relay-Adresse',
'tor errmsg invalid relay name' => 'Ungültiger Relay-Nickname',
@@ -2211,12 +2211,12 @@
'tor relay enabled' => 'Tor-Relay einschalten',
'tor relay external address' => 'Externe Relay-Adresse',
'tor relay fingerprint' => 'Relay-Fingerabdruck',
'tor relay mode' => 'Relay-Modues',
'tor relay mode' => 'Relay-Modus',
'tor relay mode bridge' => 'Bridge',
'tor relay mode exit' => 'Exit-Node',
'tor relay mode private bridge' => 'private Bridge',
'tor relay mode relay' => 'Nur Relay',
'tor relay nickname' => 'Relay-Nickname',
'tor relay nickname' => 'Relay-Spitzname',
'tor relay port' => 'Relay-Port',
'tor service' => 'Tor-Service',
'tor socks port' => 'SOCKS-Port',
@@ -2226,7 +2226,7 @@
'tor traffic read written' => 'Gesamter Traffic (empfangen/gesendet)',
'tor use exit nodes' => 'Nur diese Exit-Nodes benutzen (eins pro Zeile)',
'total connection time' => 'Verbindungszeit',
'total hits for log section' => 'Gesamte Treffer für Log Sektion',
'total hits for log section' => 'Gesamte Treffer für Protokollsektion',
'traffic back' => 'Zurück',
'traffic calc time' => 'Berechnungszeitpunkt',
'traffic calc time bad' => 'Berechnungsintervall ist nicht gültig',
@@ -2364,7 +2364,7 @@
'upload a certificate request' => 'Eine Zertifikatsanfrage hochladen:',
'upload ca certificate' => 'CA-Zertifikat hochladen',
'upload dh key' => 'Diffie-Hellman-Parameter hochladen',
'upload file' => 'Datei zum hochladen',
'upload file' => 'Datei zum Hochladen',
'upload new ruleset' => 'Neuen Regelsatz hochladen',
'upload p12 file' => 'PKCS12-Datei hochladen',
'upload static key' => 'Statischen Schlüssel hochladen',
@@ -2466,7 +2466,7 @@
'urlfilter filesize' => 'Größe',
'urlfilter filter settings' => 'URL-Filter Einstellungen',
'urlfilter fri' => 'F',
'urlfilter friday' => 'Fre',
'urlfilter friday' => 'Fr',
'urlfilter from' => 'Von',
'urlfilter hourly' => 'stündlich',
'urlfilter import blacklist' => 'Blacklist importieren',
@@ -2480,10 +2480,10 @@
'urlfilter invalid user error' => 'Ungültiger Benutzername',
'urlfilter load blacklist' => 'Blacklist laden',
'urlfilter local file redirection' => 'Lokale Dateiumleitung',
'urlfilter log' => 'Urlfilter Log',
'urlfilter log' => 'URL-Filter Protokoll',
'urlfilter log summary' => 'Gesamtanzahl der URL-Filter-Treffer für',
'urlfilter log viewer' => 'Ansicht URL-Filter-Log',
'urlfilter logs' => 'URL-Filter-Logdateien',
'urlfilter log viewer' => 'Ansicht URL-Filter-Protokoll',
'urlfilter logs' => 'URL-Filter-Protokolldateien',
'urlfilter maintenance' => 'URL-Filter Wartung',
'urlfilter manage local file repository' => 'Lokale Dateiablage verwalten',
'urlfilter manage repository' => 'Ablage verwalten',
@@ -2491,7 +2491,7 @@
'urlfilter mode allow' => 'erlauben',
'urlfilter mode block' => 'sperren',
'urlfilter mon' => 'M',
'urlfilter monday' => 'Mon',
'urlfilter monday' => 'Mo',
'urlfilter monthly' => 'monatlich',
'urlfilter msg text 1' => 'Nachricht Zeile 1',
'urlfilter msg text 2' => 'Nachricht Zeile 2',
@@ -2519,7 +2519,7 @@
'urlfilter restore text' => 'Um eine vorher gesicherte Konfiguration wieder herzustellen, kann hier eine .tar.gz-Sicherungsdatei hochgeladen werden',
'urlfilter safesearch' => 'Aktiviere SafeSearch',
'urlfilter sat' => 'S',
'urlfilter saturday' => 'Sam',
'urlfilter saturday' => 'Sa',
'urlfilter save and restart' => 'Speichern und Neustart',
'urlfilter save schedule' => 'Updateeinstellungen speichern',
'urlfilter select blacklist' => 'Vorhandene Blacklist auswählen',
@@ -2535,10 +2535,10 @@
'urlfilter src' => 'Quelle',
'urlfilter src error' => 'Quelle darf nicht leer sein',
'urlfilter sun' => 'S',
'urlfilter sunday' => 'Son',
'urlfilter sunday' => 'So',
'urlfilter tar error' => 'Konnte die Dateien nicht aus dem Archiv extrahieren',
'urlfilter thu' => 'D',
'urlfilter thursday' => 'Don',
'urlfilter thursday' => 'Do',
'urlfilter time' => 'Zeit',
'urlfilter time quota' => 'Zeitkontingent',
'urlfilter time space' => 'Zeitraum',
@@ -2546,7 +2546,7 @@
'urlfilter timespace error' => 'Fehler bei der Angabe des Zeitraumes',
'urlfilter to' => 'Bis',
'urlfilter tue' => 'D',
'urlfilter tuesday' => 'Die',
'urlfilter tuesday' => 'Di',
'urlfilter unfiltered clients' => 'Ungefilterte IP-Adressen',
'urlfilter update information' => 'Eine aktualisierte Version steht zum Download bereit. Besuchen Sie <a href="http://www.urlfilter.net" target="_blank">http://www.urlfilter.net</a> für weitere Informationen.',
'urlfilter update notification' => 'Update-Benachrichtigung!',
@@ -2570,7 +2570,7 @@
'urlfilter username log' => 'Protokolliere Benutzername',
'urlfilter web proxy service required' => 'Um den URL-Filter zu verwenden, muss der Web-Proxy-Dienst aktiviert sein',
'urlfilter wed' => 'M',
'urlfilter wednesday' => 'Mit',
'urlfilter wednesday' => 'Mi',
'urlfilter weekday error' => 'Es muss mindestens ein Tag ausgewählt werden',
'urlfilter weekly' => 'wöchentlich',
'urlfilter whitelist always allowed' => 'Erlaube angepasste Whitelist für gesperrte Clients',
@@ -2585,18 +2585,18 @@
'used memory' => 'Genutzter Speicher',
'used swap' => 'Genutzter Swap',
'user' => 'Benutzer',
'user log' => 'Benutzer Log',
'user proxy logs' => 'Benutzer Proxy Log',
'user log' => 'Benutzerprotokoll',
'user proxy logs' => 'Benutzer Proxy Protokoll',
'username' => 'Benutzername:',
'username not set' => 'Benutzername nicht angegeben.',
'users department' => 'Abteilung des Benutzers',
'users email' => 'E-mail-Adresse des Benutzers',
'users email' => 'E-Mail-Adresse des Benutzers',
'users fullname or system hostname' => 'Voller Name oder System-Hostname des Benutzers',
'valid root certificate already exists' => 'Ein gültiges Root-Zertifikat existiert bereits.',
'valid till' => 'Gültig bis',
'vci number' => 'VCI-Nummer:',
'vendor' => 'Hersteller',
'view log' => 'Log anzeigen',
'view log' => 'Protokoll anzeigen',
'virtual address' => 'Virtuelle Addresse',
'virtual private networking' => 'Virtuelles Privates Netzwerk',
'visible in browselist' => 'Sichtbar in der Verzeichnisliste',
@@ -2612,7 +2612,7 @@
'vpn auth-dn' => 'Peer wird identifiziert durch entweder ein IPV4_ADDR, FQDN, USER_FQDN oder DER_ASN1_DN string in Remote ID Feld',
'vpn broken' => 'Gebrochen',
'vpn connecting' => 'VERBINDUNGSAUFBAU',
'vpn delayed start' => 'Verzögerung bevor VPN gestartet wird (Sekunden)',
'vpn delayed start' => 'Verzögerung, bevor VPN gestartet wird (in Sekunden)',
'vpn delayed start help' => 'Falls notwendig, kann diese Verzögerung dazu verwendet werden, um Dynamic-DNS-Updates ordnungsgemäß anzuwenden. 60 ist ein gängiger Wert, wenn ROT (RED) eine dynamische IP Adresse ist.',
'vpn incompatible use of defaultroute' => 'Hostname=%defaultroute nicht zulässig',
'vpn keyexchange' => 'Schlüsseltausch',
@@ -2623,12 +2623,12 @@
'vpn on blue' => 'VPN auf BLAU',
'vpn on green' => 'VPN auf GRÜN',
'vpn on orange' => 'VPN auf ORANGE',
'vpn on-demand' => 'ON DEMAND',
'vpn on-demand' => 'BEI BEDARF',
'vpn payload compression' => 'Datennutzlast-Kompression aushandeln',
'vpn red name' => 'Öffentliche IP oder FQDN für das rote Interface oder <%defaultroute>',
'vpn remote id' => 'Remote ID',
'vpn start action' => 'Startaktion',
'vpn start action route' => 'On Demand',
'vpn start action route' => 'Bei Bedarf',
'vpn start action start' => 'Immer An',
'vpn statistic n2n' => 'OpenVPN-Netz-zu-Netz-Statistik',
'vpn statistic rw' => 'OpenVPN-Roadwarrior-Statistik',
@@ -2703,8 +2703,9 @@
'wlan client wpa mode ccmp tkip' => 'CCMP-TKIP',
'wlan client wpa mode tkip tkip' => 'TKIP-TKIP',
'wlan clients' => 'WLAN-Clients',
'wlanap access point' => 'Access Point',
'wlanap' => 'Access Point',
'wlanap channel' => 'Kanal',
'wlanap configuration' => 'Access Point Konfiguration',
'wlanap country' => 'Ländercode',
'wlanap debugging' => 'Debugging',
'wlanap del interface' => 'Ausgewähltes Interface zurücksetzen?',
@@ -2735,7 +2736,7 @@
'yes' => 'Ja',
'you can only define one roadwarrior connection when using pre-shared key authentication' => 'Sie können nur eine Roadwarrior-Verbindung definieren, wenn die Pre-shared-Schlüsselauthentifizierung verwendet wird.<br/>Entweder haben Sie bereits eine Roadwarrior-Verbindung mit Pre-shared-Schlüsselauthentifizierung, oder Sie versuchen gerade, eine hinzuzufügen.',
'your department' => 'Ihre Abteilung',
'your e-mail' => 'Ihre E-mail Adresse',
'your e-mail' => 'Ihre E-Mail-Adresse',
);
#EOF

3
langs/en/cgi-bin/en.pl
View File

@@ -2748,8 +2748,9 @@
'wlan client wpa mode ccmp tkip' => 'CCMP-TKIP',
'wlan client wpa mode tkip tkip' => 'TKIP-TKIP',
'wlan clients' => 'Wireless clients',
'wlanap access point' => 'Access Point',
'wlanap' => 'Access Point',
'wlanap channel' => 'Channel',
'wlanap configuration' => 'Access Point Configuration',
'wlanap country' => 'Country Code',
'wlanap debugging' => 'Debugging',
'wlanap del interface' => 'Remove selected interface?',

27
lfs/apache2
View File

@@ -25,27 +25,27 @@
include Config
VER = 2.2.29
VER = 2.4.27
THISAPP = httpd-$(VER)
DL_FILE = $(THISAPP).tar.bz2
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
DEPS = "aprutil pcre"
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE) \
httpd-2.2.2-config-1.patch
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
httpd-2.2.2-config-1.patch = $(DL_FROM)/httpd-2.2.2-config-1.patch
$(DL_FILE)_MD5 = 579342fdeaa7b8b68d17fee91f8fab6e
httpd-2.2.2-config-1.patch_MD5 = e02a3ec5925eb9e111400b9aa229f822
$(DL_FILE)_MD5 = 97b6bbfa83c866dbe20ef317e3afd108
install : $(TARGET)
@@ -75,8 +75,8 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 -i $(DIR_DL)/httpd-2.2.2-config-1.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/apache-2.4.27-PR61382-fix.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/apache-2.4.27-CVE-2017-9798-fix.patch
### Add IPFire's layout, too
echo "# IPFire layout" >> $(DIR_APP)/config.layout
echo "<Layout IPFire>" >> $(DIR_APP)/config.layout
@@ -103,14 +103,15 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
echo "</Layout>" >> $(DIR_APP)/config.layout
cd $(DIR_APP) && ./configure --enable-layout=IPFire \
--enable-ssl --enable-mods-shared=all --enable-proxy
--enable-ssl --enable-mods-shared=all --enable-proxy --with-mpm=event
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
chown -v root:root /usr/lib/apache/httpd.exp \
/usr/sbin/{apxs,apachectl,dbmmanage,envvars{,-std}} \
/usr/share/man/man1/{dbmmanage,ht{dbm,digest,passwd,txt2dbm}}.1 \
/usr/share/man/man8/{ab,apachectl,apxs,htcacheclean,httpd}.8 \
/usr/share/man/man8/{logresolve,rotatelogs,suexec}.8
/usr/bin/{apxs,dbmmanage} \
/usr/sbin/apachectl \
/usr/share/man/man1/{ab,apxs,dbmmanage,ht{dbm,digest,passwd,txt2dbm},logresolve}.1 \
/usr/share/man/man8/{apachectl,htcacheclean,httpd}.8 \
/usr/share/man/man8/{rotatelogs,suexec}.8
# Install apache config
cp -rf $(DIR_CONF)/httpd/* /etc/httpd/conf

82
lfs/apr Normal file
View File

@@ -0,0 +1,82 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
VER = 1.6.2
THISAPP = apr-$(VER)
DL_FILE = $(THISAPP).tar.bz2
DL_FROM = http://archive.apache.org/dist/apr
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = e81a851967c79b5ce9bfbc909e4bf735
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
md5 : $(subst %,%_MD5,$(objects))
###############################################################################
# Downloading, checking, md5sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_MD5,$(objects)) :
@$(MD5)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && ./configure --prefix=/usr \
--disable-static --with-installbuilddir=/usr/share/apr-1/build
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
@$(POSTBUILD)

84
lfs/aprutil Normal file
View File

@@ -0,0 +1,84 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
VER = 1.6.0
THISAPP = apr-util-$(VER)
DL_FILE = $(THISAPP).tar.bz2
DL_FROM = http://archive.apache.org/dist/apr
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
DEPS = "apr"
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 069a9a980776acab05212c5f37ef8368
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
md5 : $(subst %,%_MD5,$(objects))
###############################################################################
# Downloading, checking, md5sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_MD5,$(objects)) :
@$(MD5)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && ./configure --prefix=/usr \
--with-apr=/usr --with-gdbm=/usr --with-openssl=/usr --with-crypto --with-expat=/usr
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
@$(POSTBUILD)

2
lfs/cacti
View File

@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = cacti
PAK_VER = 5
PAK_VER = 6
DEPS = "netsnmpd mysql"

4
lfs/gnutls
View File

@@ -24,7 +24,7 @@
include Config
VER = 3.5.14
VER = 3.5.15
THISAPP = gnutls-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 1e84b57a472b5f3b01f2c1b7a3a2bcbe
$(DL_FILE)_MD5 = bcdcbc65c50a7499617ad9f4d0058de9
install : $(TARGET)

6
lfs/hdparm
View File

@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2015 IPFire Team <info@ipfire.org> #
# Copyright (C) 2007-2017 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
VER = 9.50
VER = 9.52
THISAPP = hdparm-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = d380062ad6c4b40076736efbb640f1f5
$(DL_FILE)_MD5 = 410539d0bf3cc247181594581edbfb53
install : $(TARGET)

2
lfs/hostapd
View File

@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = hostapd
PAK_VER = 38
PAK_VER = 39
DEPS = ""

2
lfs/icinga
View File

@@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = icinga
PAK_VER = 1
PAK_VER = 2
DEPS = ""

2
lfs/nagios
View File

@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = nagios
PAK_VER = 2
PAK_VER = 3
DEPS = "traceroute"

2
lfs/openmailadmin
View File

@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = openmailadmin
PAK_VER = 1
PAK_VER = 2
DEPS = "cyrus-imapd postfix mysql"

2
lfs/owncloud
View File

@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = owncloud
PAK_VER = 6
PAK_VER = 7
DEPS = ""

2
lfs/phpSANE
View File

@@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = phpSANE
PAK_VER = 1
PAK_VER = 2
DEPS = "sane netpbm"

20
lfs/squid
View File

@@ -24,7 +24,7 @@
include Config
VER = 3.5.26
VER = 3.5.27
THISAPP = squid-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 510e2c84773879c00d0e7ced997864d9
$(DL_FILE)_MD5 = 39ef8199675d48a314b540f92c00c545
install : $(TARGET)
@@ -70,21 +70,7 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14169.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14170.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14171.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14172.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14173.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14174.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14175.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14176.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14177.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14178.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14179.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14180.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14181.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14182.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.26-fix-max-file-descriptors.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.27-fix-max-file-descriptors.patch
cd $(DIR_APP) && autoreconf -vfi
cd $(DIR_APP)/libltdl && autoreconf -vfi

4
lfs/strongswan
View File

@@ -24,7 +24,7 @@
include Config
VER = 5.5.3
VER = 5.6.0
THISAPP = strongswan-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 4afffe3c219bb2e04f09510905af836b
$(DL_FILE)_MD5 = befb5e827d02433fea6669c20e11530a
install : $(TARGET)

6
lfs/tcpdump
View File

@@ -24,7 +24,7 @@
include Config
VER = 4.9.0
VER = 4.9.2
THISAPP = tcpdump-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = tcpdump
PAK_VER = 8
PAK_VER = 9
DEPS = ""
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 2b83364eef53b63ca3181b4eb56dab0c
$(DL_FILE)_MD5 = 9bbc1ee33dab61302411b02dd0515576
install : $(TARGET)

4
lfs/unbound
View File

@@ -24,7 +24,7 @@
include Config
VER = 1.6.4
VER = 1.6.6
THISAPP = unbound-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = ab6f7c07610907f1d87191c9ac2db87a
$(DL_FILE)_MD5 = f2cc56bd88c9634fe18334d2421205f1
install : $(TARGET)

6
make.sh
View File

@@ -25,8 +25,8 @@
NAME="IPFire" # Software name
SNAME="ipfire" # Short name
VERSION="2.19" # Version number
CORE="113" # Core Level (Filename)
PAKFIRE_CORE="113" # Core Level (PAKFIRE)
CORE="114" # Core Level (Filename)
PAKFIRE_CORE="114" # Core Level (PAKFIRE)
GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
CONFIG_ROOT=/var/ipfire # Configuration rootdir
@@ -497,6 +497,8 @@ buildipfire() {
lfsmake2 libevent2
lfsmake2 libevent2-compat
lfsmake2 expat
lfsmake2 apr
lfsmake2 aprutil
lfsmake2 unbound
lfsmake2 gnutls
lfsmake2 bind

27
src/initscripts/system/unbound
View File

@@ -454,6 +454,18 @@ disable_dnssec() {
unbound-control -q set_option val-permissive-mode: yes
}
fix_time_if_dns_fail() {
# If DNS still not work try to init ntp with
# hardcoded ntp.ipfire.org (81.3.27.46)
if [ -e /var/ipfire/red/active ]; then
host 0.ipfire.pool.ntp.org > /dev/null 2>&1
if [ "${?}" != "0" ]; then
boot_mesg "DNS still not work ... init time with ntp.ipfire.org at 81.3.27.46 ..."
loadproc /usr/local/bin/settime 81.3.27.46
fi
fi
}
case "$1" in
start)
# Print a nicer messagen when unbound is already running
@@ -485,15 +497,7 @@ case "$1" in
# Update hosts
update_hosts
# If DNS still not work try to init ntp with
# hardcoded ntp.ipfire.org (81.3.27.46)
if [ -e /var/ipfire/red/active ]; then
host 0.ipfire.pool.ntp.org > /dev/null 2>&1
if [ "${?}" != "0" ]; then
boot_mesg "DNS still not work ... init time with ntp.ipfire.org at 81.3.27.46 ..."
loadproc /usr/local/bin/settime 81.3.27.46
fi
fi
fix_time_if_dns_fail
;;
stop)
@@ -518,6 +522,11 @@ case "$1" in
fi
update_forwarders
unbound-control flush_negative > /dev/null
unbound-control flush_bogus > /dev/null
fix_time_if_dns_fail
;;
test-name-server)

15
src/patches/apache-2.4.27-CVE-2017-9798-fix.patch Normal file
View File

@@ -0,0 +1,15 @@
--- server/core.c 2017/08/16 16:50:29 1805223
+++ server/core.c 2017/09/08 13:13:11 1807754
@@ -2262,6 +2262,12 @@
/* method has not been registered yet, but resource restriction
* is always checked before method handling, so register it.
*/
+ if (cmd->pool == cmd->temp_pool) {
+ /* In .htaccess, we can't globally register new methods. */
+ return apr_psprintf(cmd->pool, "Could not register method '%s' "
+ "for %s from .htaccess configuration",
+ method, cmd->cmd->name);
+ }
methnum = ap_method_register(cmd->pool,
apr_pstrdup(cmd->pool, method));
}

783
src/patches/apache-2.4.27-PR61382-fix.patch Normal file
View File

@@ -0,0 +1,783 @@
Index: modules/http2/h2_bucket_beam.c
===================================================================
--- modules/http2/h2_bucket_beam.c (revision 1804645)
+++ modules/http2/h2_bucket_beam.c (working copy)
@@ -287,7 +287,7 @@
/* do not count */
}
else if (APR_BUCKET_IS_FILE(b)) {
- /* if unread, has no real mem footprint. how to test? */
+ /* if unread, has no real mem footprint. */
}
else {
len += b->length;
@@ -316,32 +316,80 @@
return APR_SIZE_MAX;
}
-static apr_status_t wait_cond(h2_bucket_beam *beam, apr_thread_mutex_t *lock)
+static int buffer_is_empty(h2_bucket_beam *beam)
{
- if (beam->timeout > 0) {
- return apr_thread_cond_timedwait(beam->cond, lock, beam->timeout);
+ return ((!beam->recv_buffer || APR_BRIGADE_EMPTY(beam->recv_buffer))
+ && H2_BLIST_EMPTY(&beam->send_list));
+}
+
+static apr_status_t wait_empty(h2_bucket_beam *beam, apr_read_type_e block,
+ apr_thread_mutex_t *lock)
+{
+ apr_status_t rv = APR_SUCCESS;
+
+ while (!buffer_is_empty(beam) && APR_SUCCESS == rv) {
+ if (APR_BLOCK_READ != block || !lock) {
+ rv = APR_EAGAIN;
+ }
+ else if (beam->timeout > 0) {
+ rv = apr_thread_cond_timedwait(beam->change, lock, beam->timeout);
+ }
+ else {
+ rv = apr_thread_cond_wait(beam->change, lock);
+ }
}
- else {
- return apr_thread_cond_wait(beam->cond, lock);
+ return rv;
+}
+
+static apr_status_t wait_not_empty(h2_bucket_beam *beam, apr_read_type_e block,
+ apr_thread_mutex_t *lock)
+{
+ apr_status_t rv = APR_SUCCESS;
+
+ while (buffer_is_empty(beam) && APR_SUCCESS == rv) {
+ if (beam->aborted) {
+ rv = APR_ECONNABORTED;
+ }
+ else if (beam->closed) {
+ rv = APR_EOF;
+ }
+ else if (APR_BLOCK_READ != block || !lock) {
+ rv = APR_EAGAIN;
+ }
+ else if (beam->timeout > 0) {
+ rv = apr_thread_cond_timedwait(beam->change, lock, beam->timeout);
+ }
+ else {
+ rv = apr_thread_cond_wait(beam->change, lock);
+ }
}
+ return rv;
}
-static apr_status_t r_wait_space(h2_bucket_beam *beam, apr_read_type_e block,
- h2_beam_lock *pbl, apr_size_t *premain)
+static apr_status_t wait_not_full(h2_bucket_beam *beam, apr_read_type_e block,
+ apr_size_t *pspace_left, h2_beam_lock *bl)
{
- *premain = calc_space_left(beam);
- while (!beam->aborted && *premain <= 0
- && (block == APR_BLOCK_READ) && pbl->mutex) {
- apr_status_t status;
- report_prod_io(beam, 1, pbl);
- status = wait_cond(beam, pbl->mutex);
- if (APR_STATUS_IS_TIMEUP(status)) {
- return status;
+ apr_status_t rv = APR_SUCCESS;
+ apr_size_t left;
+
+ while (0 == (left = calc_space_left(beam)) && APR_SUCCESS == rv) {
+ if (beam->aborted) {
+ rv = APR_ECONNABORTED;
}
- r_purge_sent(beam);
- *premain = calc_space_left(beam);
+ else if (block != APR_BLOCK_READ || !bl->mutex) {
+ rv = APR_EAGAIN;
+ }
+ else {
+ if (beam->timeout > 0) {
+ rv = apr_thread_cond_timedwait(beam->change, bl->mutex, beam->timeout);
+ }
+ else {
+ rv = apr_thread_cond_wait(beam->change, bl->mutex);
+ }
+ }
}
- return beam->aborted? APR_ECONNABORTED : APR_SUCCESS;
+ *pspace_left = left;
+ return rv;
}
static void h2_beam_emitted(h2_bucket_beam *beam, h2_beam_proxy *proxy)
@@ -404,8 +452,8 @@
if (!bl.mutex) {
r_purge_sent(beam);
}
- else if (beam->cond) {
- apr_thread_cond_broadcast(beam->cond);
+ else {
+ apr_thread_cond_broadcast(beam->change);
}
leave_yellow(beam, &bl);
}
@@ -425,9 +473,7 @@
{
if (!beam->closed) {
beam->closed = 1;
- if (beam->cond) {
- apr_thread_cond_broadcast(beam->cond);
- }
+ apr_thread_cond_broadcast(beam->change);
}
return APR_SUCCESS;
}
@@ -582,7 +628,7 @@
apr_interval_time_t timeout)
{
h2_bucket_beam *beam;
- apr_status_t status = APR_SUCCESS;
+ apr_status_t rv = APR_SUCCESS;
beam = apr_pcalloc(pool, sizeof(*beam));
if (!beam) {
@@ -601,16 +647,15 @@
beam->max_buf_size = max_buf_size;
beam->timeout = timeout;
- status = apr_thread_mutex_create(&beam->lock, APR_THREAD_MUTEX_DEFAULT,
- pool);
- if (status == APR_SUCCESS) {
- status = apr_thread_cond_create(&beam->cond, pool);
- if (status == APR_SUCCESS) {
+ rv = apr_thread_mutex_create(&beam->lock, APR_THREAD_MUTEX_DEFAULT, pool);
+ if (APR_SUCCESS == rv) {
+ rv = apr_thread_cond_create(&beam->change, pool);
+ if (APR_SUCCESS == rv) {
apr_pool_pre_cleanup_register(pool, beam, beam_cleanup);
*pbeam = beam;
}
}
- return status;
+ return rv;
}
void h2_beam_buffer_size_set(h2_bucket_beam *beam, apr_size_t buffer_size)
@@ -691,9 +736,7 @@
h2_blist_cleanup(&beam->send_list);
report_consumption(beam, &bl);
}
- if (beam->cond) {
- apr_thread_cond_broadcast(beam->cond);
- }
+ apr_thread_cond_broadcast(beam->change);
leave_yellow(beam, &bl);
}
}
@@ -730,18 +773,7 @@
h2_beam_lock bl;
if ((status = enter_yellow(beam, &bl)) == APR_SUCCESS) {
- while (status == APR_SUCCESS
- && !H2_BLIST_EMPTY(&beam->send_list)
- && !H2_BPROXY_LIST_EMPTY(&beam->proxies)) {
- if (block == APR_NONBLOCK_READ || !bl.mutex) {
- status = APR_EAGAIN;
- break;
- }
- if (beam->cond) {
- apr_thread_cond_broadcast(beam->cond);
- }
- status = wait_cond(beam, bl.mutex);
- }
+ status = wait_empty(beam, block, bl.mutex);
leave_yellow(beam, &bl);
}
return status;
@@ -761,13 +793,18 @@
static apr_status_t append_bucket(h2_bucket_beam *beam,
apr_bucket *b,
apr_read_type_e block,
+ apr_size_t *pspace_left,
h2_beam_lock *pbl)
{
const char *data;
apr_size_t len;
- apr_size_t space_left = 0;
apr_status_t status;
+ int can_beam, check_len;
+ if (beam->aborted) {
+ return APR_ECONNABORTED;
+ }
+
if (APR_BUCKET_IS_METADATA(b)) {
if (APR_BUCKET_IS_EOS(b)) {
beam->closed = 1;
@@ -777,11 +814,31 @@
return APR_SUCCESS;
}
else if (APR_BUCKET_IS_FILE(b)) {
- /* file bucket lengths do not really count */
+ /* For file buckets the problem is their internal readpool that
+ * is used on the first read to allocate buffer/mmap.
+ * Since setting aside a file bucket will de-register the
+ * file cleanup function from the previous pool, we need to
+ * call that only from the sender thread.
+ *
+ * Currently, we do not handle file bucket with refcount > 1 as
+ * the beam is then not in complete control of the file's lifetime.
+ * Which results in the bug that a file get closed by the receiver
+ * while the sender or the beam still have buckets using it.
+ *
+ * Additionally, we allow callbacks to prevent beaming file
+ * handles across. The use case for this is to limit the number
+ * of open file handles and rather use a less efficient beam
+ * transport. */
+ apr_bucket_file *bf = b->data;
+ apr_file_t *fd = bf->fd;
+ can_beam = (bf->refcount.refcount == 1);
+ if (can_beam && beam->can_beam_fn) {
+ can_beam = beam->can_beam_fn(beam->can_beam_ctx, beam, fd);
+ }
+ check_len = !can_beam;
}
else {
- space_left = calc_space_left(beam);
- if (space_left > 0 && b->length == ((apr_size_t)-1)) {
+ if (b->length == ((apr_size_t)-1)) {
const char *data;
status = apr_bucket_read(b, &data, &len, APR_BLOCK_READ);
if (status != APR_SUCCESS) {
@@ -788,19 +845,15 @@
return status;
}
}
-
- if (space_left <= 0) {
- status = r_wait_space(beam, block, pbl, &space_left);
- if (status != APR_SUCCESS) {
- return status;
- }
- if (space_left <= 0) {
- return APR_EAGAIN;
- }
+ check_len = 1;
+ }
+
+ if (check_len) {
+ if (b->length > *pspace_left) {
+ apr_bucket_split(b, *pspace_left);
}
- /* space available, maybe need bucket split */
+ *pspace_left -= b->length;
}
-
/* The fundamental problem is that reading a sender bucket from
* a receiver thread is a total NO GO, because the bucket might use
@@ -830,32 +883,8 @@
apr_bucket_heap_make(b, data, len, NULL);
}
}
- else if (APR_BUCKET_IS_FILE(b)) {
- /* For file buckets the problem is their internal readpool that
- * is used on the first read to allocate buffer/mmap.
- * Since setting aside a file bucket will de-register the
- * file cleanup function from the previous pool, we need to
- * call that only from the sender thread.
- *
- * Currently, we do not handle file bucket with refcount > 1 as
- * the beam is then not in complete control of the file's lifetime.
- * Which results in the bug that a file get closed by the receiver
- * while the sender or the beam still have buckets using it.
- *
- * Additionally, we allow callbacks to prevent beaming file
- * handles across. The use case for this is to limit the number
- * of open file handles and rather use a less efficient beam
- * transport. */
- apr_bucket_file *bf = b->data;
- apr_file_t *fd = bf->fd;
- int can_beam = (bf->refcount.refcount == 1);
- if (can_beam && beam->can_beam_fn) {
- can_beam = beam->can_beam_fn(beam->can_beam_ctx, beam, fd);
- }
- if (can_beam) {
- status = apr_bucket_setaside(b, beam->send_pool);
- }
- /* else: enter ENOTIMPL case below */
+ else if (APR_BUCKET_IS_FILE(b) && can_beam) {
+ status = apr_bucket_setaside(b, beam->send_pool);
}
if (status == APR_ENOTIMPL) {
@@ -865,12 +894,6 @@
* a counter example).
* We do the read while in the sender thread, so that the bucket may
* use pools/allocators safely. */
- if (space_left < APR_BUCKET_BUFF_SIZE) {
- space_left = APR_BUCKET_BUFF_SIZE;
- }
- if (space_left < b->length) {
- apr_bucket_split(b, space_left);
- }
status = apr_bucket_read(b, &data, &len, APR_BLOCK_READ);
if (status == APR_SUCCESS) {
status = apr_bucket_setaside(b, beam->send_pool);
@@ -884,7 +907,7 @@
APR_BUCKET_REMOVE(b);
H2_BLIST_INSERT_TAIL(&beam->send_list, b);
beam->sent_bytes += b->length;
-
+
return APR_SUCCESS;
}
@@ -904,7 +927,8 @@
apr_read_type_e block)
{
apr_bucket *b;
- apr_status_t status = APR_SUCCESS;
+ apr_status_t rv = APR_SUCCESS;
+ apr_size_t space_left = 0;
h2_beam_lock bl;
/* Called from the sender thread to add buckets to the beam */
@@ -914,23 +938,31 @@
if (beam->aborted) {
move_to_hold(beam, sender_bb);
- status = APR_ECONNABORTED;
+ rv = APR_ECONNABORTED;
}
else if (sender_bb) {
- int force_report = !APR_BRIGADE_EMPTY(sender_bb);
- while (!APR_BRIGADE_EMPTY(sender_bb) && status == APR_SUCCESS) {
+ int force_report = !APR_BRIGADE_EMPTY(sender_bb);
+
+ space_left = calc_space_left(beam);
+ while (!APR_BRIGADE_EMPTY(sender_bb) && APR_SUCCESS == rv) {
+ if (space_left <= 0) {
+ report_prod_io(beam, force_report, &bl);
+ rv = wait_not_full(beam, block, &space_left, &bl);
+ if (APR_SUCCESS != rv) {
+ break;
+ }
+ }
b = APR_BRIGADE_FIRST(sender_bb);
- status = append_bucket(beam, b, block, &bl);
+ rv = append_bucket(beam, b, block, &space_left, &bl);
}
+
report_prod_io(beam, force_report, &bl);
- if (beam->cond) {
- apr_thread_cond_broadcast(beam->cond);
- }
+ apr_thread_cond_broadcast(beam->change);
}
report_consumption(beam, &bl);
leave_yellow(beam, &bl);
}
- return status;
+ return rv;
}
apr_status_t h2_beam_receive(h2_bucket_beam *beam,
@@ -942,11 +974,16 @@
apr_bucket *bsender, *brecv, *ng;
int transferred = 0;
apr_status_t status = APR_SUCCESS;
- apr_off_t remain = readbytes;
+ apr_off_t remain;
int transferred_buckets = 0;
/* Called from the receiver thread to take buckets from the beam */
if (enter_yellow(beam, &bl) == APR_SUCCESS) {
+ if (readbytes <= 0) {
+ readbytes = APR_SIZE_MAX;
+ }
+ remain = readbytes;
+
transfer:
if (beam->aborted) {
recv_buffer_cleanup(beam, &bl);
@@ -955,11 +992,12 @@
}
/* transfer enough buckets from our receiver brigade, if we have one */
- while (beam->recv_buffer
- && !APR_BRIGADE_EMPTY(beam->recv_buffer)
- && (readbytes <= 0 || remain >= 0)) {
+ while (remain >= 0
+ && beam->recv_buffer
+ && !APR_BRIGADE_EMPTY(beam->recv_buffer)) {
+
brecv = APR_BRIGADE_FIRST(beam->recv_buffer);
- if (readbytes > 0 && brecv->length > 0 && remain <= 0) {
+ if (brecv->length > 0 && remain <= 0) {
break;
}
APR_BUCKET_REMOVE(brecv);
@@ -970,11 +1008,11 @@
/* transfer from our sender brigade, transforming sender buckets to
* receiver ones until we have enough */
- while (!H2_BLIST_EMPTY(&beam->send_list) && (readbytes <= 0 || remain >= 0)) {
- bsender = H2_BLIST_FIRST(&beam->send_list);
+ while (remain >= 0 && !H2_BLIST_EMPTY(&beam->send_list)) {
+
brecv = NULL;
-
- if (readbytes > 0 && bsender->length > 0 && remain <= 0) {
+ bsender = H2_BLIST_FIRST(&beam->send_list);
+ if (bsender->length > 0 && remain <= 0) {
break;
}
@@ -1020,11 +1058,12 @@
* been handed out. See also PR 59348 */
apr_bucket_file_enable_mmap(ng, 0);
#endif
- remain -= bsender->length;
- ++transferred;
APR_BUCKET_REMOVE(bsender);
H2_BLIST_INSERT_TAIL(&beam->hold_list, bsender);
+
+ remain -= bsender->length;
++transferred;
+ ++transferred_buckets;
continue;
}
else {
@@ -1041,6 +1080,7 @@
* receiver bucket references it any more. */
APR_BUCKET_REMOVE(bsender);
H2_BLIST_INSERT_TAIL(&beam->hold_list, bsender);
+
beam->received_bytes += bsender->length;
++transferred_buckets;
@@ -1063,8 +1103,8 @@
}
}
- if (readbytes > 0 && remain < 0) {
- /* too much, put some back */
+ if (remain < 0) {
+ /* too much, put some back into out recv_buffer */
remain = readbytes;
for (brecv = APR_BRIGADE_FIRST(bb);
brecv != APR_BRIGADE_SENTINEL(bb);
@@ -1081,15 +1121,7 @@
}
}
- if (transferred_buckets > 0) {
- if (beam->cons_ev_cb) {
- beam->cons_ev_cb(beam->cons_ctx, beam);
- }
- }
-
- if (beam->closed
- && (!beam->recv_buffer || APR_BRIGADE_EMPTY(beam->recv_buffer))
- && H2_BLIST_EMPTY(&beam->send_list)) {
+ if (beam->closed && buffer_is_empty(beam)) {
/* beam is closed and we have nothing more to receive */
if (!beam->close_sent) {
apr_bucket *b = apr_bucket_eos_create(bb->bucket_alloc);
@@ -1100,28 +1132,23 @@
}
}
+ if (transferred_buckets > 0) {
+ if (beam->cons_ev_cb) {
+ beam->cons_ev_cb(beam->cons_ctx, beam);
+ }
+ }
+
if (transferred) {
- if (beam->cond) {
- apr_thread_cond_broadcast(beam->cond);
- }
+ apr_thread_cond_broadcast(beam->change);
status = APR_SUCCESS;
}
- else if (beam->closed) {
- status = APR_EOF;
- }
- else if (block == APR_BLOCK_READ && bl.mutex && beam->cond) {
- status = wait_cond(beam, bl.mutex);
+ else {
+ status = wait_not_empty(beam, block, bl.mutex);
if (status != APR_SUCCESS) {
goto leave;
}
goto transfer;
}
- else {
- if (beam->cond) {
- apr_thread_cond_broadcast(beam->cond);
- }
- status = APR_EAGAIN;
- }
leave:
leave_yellow(beam, &bl);
}
Index: modules/http2/h2_bucket_beam.h
===================================================================
--- modules/http2/h2_bucket_beam.h (revision 1804645)
+++ modules/http2/h2_bucket_beam.h (working copy)
@@ -190,7 +190,7 @@
unsigned int tx_mem_limits : 1; /* only memory size counts on transfers */
struct apr_thread_mutex_t *lock;
- struct apr_thread_cond_t *cond;
+ struct apr_thread_cond_t *change;
void *m_ctx;
h2_beam_mutex_enter *m_enter;
Index: modules/http2/h2_stream.c
===================================================================
--- modules/http2/h2_stream.c (revision 1804645)
+++ modules/http2/h2_stream.c (working copy)
@@ -774,20 +774,20 @@
return NULL;
}
-static apr_status_t add_data(h2_stream *stream, apr_off_t requested,
- apr_off_t *plen, int *peos, int *complete,
- h2_headers **pheaders)
+static apr_status_t add_buffered_data(h2_stream *stream, apr_off_t requested,
+ apr_off_t *plen, int *peos, int *is_all,
+ h2_headers **pheaders)
{
apr_bucket *b, *e;
*peos = 0;
*plen = 0;
- *complete = 0;
+ *is_all = 0;
if (pheaders) {
*pheaders = NULL;
}
- H2_STREAM_OUT_LOG(APLOG_TRACE2, stream, "add_data");
+ H2_STREAM_OUT_LOG(APLOG_TRACE2, stream, "add_buffered_data");
b = APR_BRIGADE_FIRST(stream->out_buffer);
while (b != APR_BRIGADE_SENTINEL(stream->out_buffer)) {
e = APR_BUCKET_NEXT(b);
@@ -833,7 +833,7 @@
}
b = e;
}
- *complete = 1;
+ *is_all = 1;
return APR_SUCCESS;
}
@@ -865,7 +865,7 @@
requested = (*plen > 0)? H2MIN(*plen, max_chunk) : max_chunk;
/* count the buffered data until eos or a headers bucket */
- status = add_data(stream, requested, plen, peos, &complete, pheaders);
+ status = add_buffered_data(stream, requested, plen, peos, &complete, pheaders);
if (status == APR_EAGAIN) {
/* TODO: ugly, someone needs to retrieve the response first */
@@ -882,29 +882,39 @@
return APR_SUCCESS;
}
+ /* If there we do not have enough buffered data to satisfy the requested
+ * length *and* we counted the _complete_ buffer (and did not stop in the middle
+ * because of meta data there), lets see if we can read more from the
+ * output beam */
missing = H2MIN(requested, stream->max_mem) - *plen;
if (complete && !*peos && missing > 0) {
+ apr_status_t rv = APR_EOF;
+
if (stream->output) {
H2_STREAM_OUT_LOG(APLOG_TRACE2, stream, "pre");
- status = h2_beam_receive(stream->output, stream->out_buffer,
- APR_NONBLOCK_READ,
- stream->max_mem - *plen);
+ rv = h2_beam_receive(stream->output, stream->out_buffer,
+ APR_NONBLOCK_READ, stream->max_mem - *plen);
H2_STREAM_OUT_LOG(APLOG_TRACE2, stream, "post");
}
- else {
- status = APR_EOF;
+
+ if (rv == APR_SUCCESS) {
+ /* count the buffer again, now that we have read output */
+ status = add_buffered_data(stream, requested, plen, peos, &complete, pheaders);
}
-
- if (APR_STATUS_IS_EOF(status)) {
+ else if (APR_STATUS_IS_EOF(rv)) {
apr_bucket *eos = apr_bucket_eos_create(c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(stream->out_buffer, eos);
*peos = 1;
- status = APR_SUCCESS;
}
- else if (status == APR_SUCCESS) {
- /* do it again, now that we have gotten more */
- status = add_data(stream, requested, plen, peos, &complete, pheaders);
+ else if (APR_STATUS_IS_EAGAIN(rv)) {
+ /* we set this is the status of this call only if there
+ * is no buffered data, see check below */
}
+ else {
+ /* real error reading. Give this back directly, even though
+ * we may have something buffered. */
+ status = rv;
+ }
}
if (status == APR_SUCCESS) {
Index: modules/http2/h2_task.c
===================================================================
--- modules/http2/h2_task.c (revision 1804645)
+++ modules/http2/h2_task.c (working copy)
@@ -129,7 +129,7 @@
apr_bucket_brigade* bb)
{
apr_bucket *b;
- apr_status_t status = APR_SUCCESS;
+ apr_status_t rv = APR_SUCCESS;
int flush = 0, blocking;
if (task->frozen) {
@@ -148,17 +148,16 @@
return APR_SUCCESS;
}
+send:
/* we send block once we opened the output, so someone is there
* reading it *and* the task is not assigned to a h2_req_engine */
blocking = (!task->assigned && task->output.opened);
- if (!task->output.opened) {
- for (b = APR_BRIGADE_FIRST(bb);
- b != APR_BRIGADE_SENTINEL(bb);
- b = APR_BUCKET_NEXT(b)) {
- if (APR_BUCKET_IS_FLUSH(b)) {
- flush = 1;
- break;
- }
+ for (b = APR_BRIGADE_FIRST(bb);
+ b != APR_BRIGADE_SENTINEL(bb);
+ b = APR_BUCKET_NEXT(b)) {
+ if (APR_BUCKET_IS_FLUSH(b) || APR_BUCKET_IS_EOS(b) || AP_BUCKET_IS_EOR(b)) {
+ flush = 1;
+ break;
}
}
@@ -166,32 +165,48 @@
/* still have data buffered from previous attempt.
* setaside and append new data and try to pass the complete data */
if (!APR_BRIGADE_EMPTY(bb)) {
- status = ap_save_brigade(f, &task->output.bb, &bb, task->pool);
+ if (APR_SUCCESS != (rv = ap_save_brigade(f, &task->output.bb, &bb, task->pool))) {
+ goto out;
+ }
}
- if (status == APR_SUCCESS) {
- status = send_out(task, task->output.bb, blocking);
- }
+ rv = send_out(task, task->output.bb, blocking);
}
else {
- /* no data buffered here, try to pass the brigade directly */
- status = send_out(task, bb, blocking);
- if (status == APR_SUCCESS && !APR_BRIGADE_EMPTY(bb)) {
- /* could not write all, buffer the rest */
- ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, task->c, APLOGNO(03405)
- "h2_slave_out(%s): saving brigade",
- task->id);
- status = ap_save_brigade(f, &task->output.bb, &bb, task->pool);
- flush = 1;
+ /* no data buffered previously, pass brigade directly */
+ rv = send_out(task, bb, blocking);
+
+ if (APR_SUCCESS == rv && !APR_BRIGADE_EMPTY(bb)) {
+ /* output refused to buffer it all, time to open? */
+ if (!task->output.opened && APR_SUCCESS == (rv = open_output(task))) {
+ /* Make another attempt to send the data. With the output open,
+ * the call might be blocking and send all data, so we do not need
+ * to save the brigade */
+ goto send;
+ }
+ else if (blocking && flush) {
+ /* Need to keep on doing this. */
+ goto send;
+ }
+
+ if (APR_SUCCESS == rv) {
+ /* could not write all, buffer the rest */
+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, task->c, APLOGNO(03405)
+ "h2_slave_out(%s): saving brigade", task->id);
+ ap_assert(NULL);
+ rv = ap_save_brigade(f, &task->output.bb, &bb, task->pool);
+ flush = 1;
+ }
}
}
- if (status == APR_SUCCESS && !task->output.opened && flush) {
+ if (APR_SUCCESS == rv && !task->output.opened && flush) {
/* got a flush or could not write all, time to tell someone to read */
- status = open_output(task);
+ rv = open_output(task);
}
- ap_log_cerror(APLOG_MARK, APLOG_TRACE2, status, task->c,
+out:
+ ap_log_cerror(APLOG_MARK, APLOG_TRACE2, rv, task->c,
"h2_slave_out(%s): slave_out leave", task->id);
- return status;
+ return rv;
}
static apr_status_t output_finish(h2_task *task)
Index: modules/http2/h2_version.h
===================================================================
--- modules/http2/h2_version.h (revision 1804645)
+++ modules/http2/h2_version.h (working copy)
@@ -26,7 +26,7 @@
* @macro
* Version number of the http2 module as c string
*/
-#define MOD_HTTP2_VERSION "1.10.7"
+#define MOD_HTTP2_VERSION "1.10.10"
/**
* @macro
@@ -34,7 +34,7 @@
* release. This is a 24 bit number with 8 bits for major number, 8 bits
* for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
*/
-#define MOD_HTTP2_VERSION_NUM 0x010a06
+#define MOD_HTTP2_VERSION_NUM 0x010a0a
#endif /* mod_h2_h2_version_h */
Index: modules/http2
===================================================================
--- modules/http2 (revision 1804645)
+++ modules/http2 (working copy)
Property changes on: modules/http2
___________________________________________________________________
Modified: svn:mergeinfo
## -0,0 +0,1 ##
Merged /httpd/httpd/trunk/modules/http2:r1803420,1803454,1804090
Index: .
===================================================================
--- . (revision 1804645)
+++ . (working copy)
Property changes on: .
___________________________________________________________________
Modified: svn:mergeinfo
## -0,0 +0,1 ##
Merged /httpd/httpd/trunk:r1803420,1803454,1804090

0
src/patches/squid-3.5.26-fix-max-file-descriptors.patch → src/patches/squid-3.5.27-fix-max-file-descriptors.patch
View File

881
src/patches/squid/squid-3.5-14169.patch
View File

@@ -1,881 +0,0 @@
------------------------------------------------------------
revno: 14169
revision-id: squid3@treenet.co.nz-20170614213720-3qmiohlx4zr2jnqq
parent: squid3@treenet.co.nz-20170601134753-6u64sl2rzmbfs67l
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=2833
author: Eduard Bagdasaryan <eduard.bagdasaryan@measurement-factory.com>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Thu 2017-06-15 09:37:20 +1200
message:
Bug 2833 pt2: Collapse internal revalidation requests (SMP-unaware caches), again.
The security fix in v5 r14979 had a negative effect on collapsed
forwarding. All "private" entries were considered automatically
non-shareable among collapsed clients. However this is not true: there
are many situations when collapsed forwarding should work despite of
"private" entry status: 304/5xx responses are good examples of that.
This patch fixes that by means of a new StoreEntry::shareableWhenPrivate
flag.
The suggested fix is not complete: To cover all possible situations, we
need to decide whether StoreEntry::shareableWhenPrivate is true or not
for all contexts where StoreEntry::setPrivateKey() is used. This patch
fixes only few important cases inside http.cc, making CF (as well
collapsed revalidation) work for some [non-cacheable] response status
codes, including 3xx, 5xx and some others.
The original support for internal revalidation requests collapsing
was in trink r14755 and referred to Squid bugs 2833, 4311, and 4471.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20170614213720-3qmiohlx4zr2jnqq
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 9e248e2e9d2f1defe1070eb808177df978fb4146
# timestamp: 2017-06-14 21:51:05 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20170601134753-\
# 6u64sl2rzmbfs67l
#
# Begin patch
=== modified file 'src/HttpHdrCc.cc'
--- src/HttpHdrCc.cc 2017-01-01 00:16:45 +0000
+++ src/HttpHdrCc.cc 2017-06-14 21:37:20 +0000
@@ -262,8 +262,8 @@
case CC_PUBLIC:
break;
case CC_PRIVATE:
- if (Private().size())
- packerPrintf(p, "=\"" SQUIDSTRINGPH "\"", SQUIDSTRINGPRINT(Private()));
+ if (private_.size())
+ packerPrintf(p, "=\"" SQUIDSTRINGPH "\"", SQUIDSTRINGPRINT(private_));
break;
case CC_NO_CACHE:
=== modified file 'src/MemStore.cc'
--- src/MemStore.cc 2017-01-01 00:16:45 +0000
+++ src/MemStore.cc 2017-06-14 21:37:20 +0000
@@ -299,7 +299,7 @@
e.ping_status = PING_NONE;
EBIT_CLR(e.flags, RELEASE_REQUEST);
- EBIT_CLR(e.flags, KEY_PRIVATE);
+ e.clearPrivate();
EBIT_SET(e.flags, ENTRY_VALIDATED);
MemObject::MemCache &mc = e.mem_obj->memCache;
=== modified file 'src/Store.h'
--- src/Store.h 2017-01-01 00:16:45 +0000
+++ src/Store.h 2017-06-14 21:37:20 +0000
@@ -95,15 +95,19 @@
void abort();
void unlink();
void makePublic(const KeyScope keyScope = ksDefault);
- void makePrivate();
+ void makePrivate(const bool shareable);
+ /// A low-level method just resetting "private key" flags.
+ /// To avoid key inconsistency please use forcePublicKey()
+ /// or similar instead.
+ void clearPrivate();
void setPublicKey(const KeyScope keyScope = ksDefault);
/// Resets existing public key to a public key with default scope,
/// releasing the old default-scope entry (if any).
/// Does nothing if the existing public key already has default scope.
void clearPublicKeyScope();
- void setPrivateKey();
+ void setPrivateKey(const bool shareable);
void expireNow();
- void releaseRequest();
+ void releaseRequest(const bool shareable = false);
void negativeCache();
void cacheNegatively(); /** \todo argh, why both? */
void invokeHandlers();
@@ -230,7 +234,13 @@
/// update last reference timestamp and related Store metadata
void touch();
- virtual void release();
+ virtual void release(const bool shareable = false);
+
+ /// May the caller commit to treating this [previously locked]
+ /// entry as a cache hit?
+ bool mayStartHitting() const {
+ return !EBIT_TEST(flags, KEY_PRIVATE) || shareableWhenPrivate;
+ }
#if USE_ADAPTATION
/// call back producer when more buffer space is available
@@ -252,6 +262,13 @@
unsigned short lock_count; /* Assume < 65536! */
+ /// Nobody can find/lock KEY_PRIVATE entries, but some transactions
+ /// (e.g., collapsed requests) find/lock a public entry before it becomes
+ /// private. May such transactions start using the now-private entry
+ /// they previously locked? This member should not affect transactions
+ /// that already started reading from the entry.
+ bool shareableWhenPrivate;
+
#if USE_ADAPTATION
/// producer callback registered with deferProducer
AsyncCall::Pointer deferredProducer;
@@ -259,6 +276,8 @@
bool validLength() const;
bool hasOneOfEtags(const String &reqETags, const bool allowWeakMatch) const;
+
+ friend std::ostream &operator <<(std::ostream &os, const StoreEntry &e);
};
std::ostream &operator <<(std::ostream &os, const StoreEntry &e);
=== modified file 'src/client_side_reply.cc'
--- src/client_side_reply.cc 2017-05-29 13:15:55 +0000
+++ src/client_side_reply.cc 2017-06-14 21:37:20 +0000
@@ -396,8 +396,8 @@
if (result.flags.error && !EBIT_TEST(http->storeEntry()->flags, ENTRY_ABORTED))
return;
- if (collapsedRevalidation == crSlave && EBIT_TEST(http->storeEntry()->flags, KEY_PRIVATE)) {
- debugs(88, 3, "CF slave hit private " << *http->storeEntry() << ". MISS");
+ if (collapsedRevalidation == crSlave && !http->storeEntry()->mayStartHitting()) {
+ debugs(88, 3, "CF slave hit private non-shareable " << *http->storeEntry() << ". MISS");
// restore context to meet processMiss() expectations
restoreState();
http->logType = LOG_TCP_MISS;
@@ -530,7 +530,7 @@
// The previously identified hit suddenly became unsharable!
// This is common for collapsed forwarding slaves but might also
// happen to regular hits because we are called asynchronously.
- if (EBIT_TEST(e->flags, KEY_PRIVATE)) {
+ if (!e->mayStartHitting()) {
debugs(88, 3, "unsharable " << *e << ". MISS");
http->logType = LOG_TCP_MISS;
processMiss();
=== modified file 'src/fs/rock/RockSwapDir.cc'
--- src/fs/rock/RockSwapDir.cc 2017-01-01 00:16:45 +0000
+++ src/fs/rock/RockSwapDir.cc 2017-06-14 21:37:20 +0000
@@ -149,7 +149,7 @@
e.ping_status = PING_NONE;
EBIT_CLR(e.flags, RELEASE_REQUEST);
- EBIT_CLR(e.flags, KEY_PRIVATE);
+ e.clearPrivate();
EBIT_SET(e.flags, ENTRY_VALIDATED);
e.swap_dirn = index;
=== modified file 'src/fs/ufs/UFSSwapDir.cc'
--- src/fs/ufs/UFSSwapDir.cc 2017-01-01 00:16:45 +0000
+++ src/fs/ufs/UFSSwapDir.cc 2017-06-14 21:37:20 +0000
@@ -809,7 +809,7 @@
e->refcount = refcount;
e->flags = newFlags;
EBIT_CLR(e->flags, RELEASE_REQUEST);
- EBIT_CLR(e->flags, KEY_PRIVATE);
+ e->clearPrivate();
e->ping_status = PING_NONE;
EBIT_CLR(e->flags, ENTRY_VALIDATED);
mapBitSet(e->swap_filen);
=== modified file 'src/http.cc'
--- src/http.cc 2017-01-01 00:16:45 +0000
+++ src/http.cc 2017-06-14 21:37:20 +0000
@@ -290,7 +290,9 @@
(Config.onoff.surrogate_is_remote
&& sctusable->noStoreRemote())) {
surrogateNoStore = true;
- entry->makePrivate();
+ // Be conservative for now and make it non-shareable because
+ // there is no enough information here to make the decision.
+ entry->makePrivate(false);
}
/* The HttpHeader logic cannot tell if the header it's parsing is a reply to an
@@ -315,12 +317,13 @@
}
}
-int
-HttpStateData::cacheableReply()
+HttpStateData::ReuseDecision::Answers
+HttpStateData::reusableReply(HttpStateData::ReuseDecision &decision)
{
HttpReply const *rep = finalReply();
HttpHeader const *hdr = &rep->header;
const char *v;
+
#if USE_HTTP_VIOLATIONS
const RefreshPattern *R = NULL;
@@ -337,24 +340,19 @@
#define REFRESH_OVERRIDE(flag) 0
#endif
- if (EBIT_TEST(entry->flags, RELEASE_REQUEST)) {
- debugs(22, 3, "NO because " << *entry << " has been released.");
- return 0;
- }
+ if (EBIT_TEST(entry->flags, RELEASE_REQUEST))
+ return decision.make(ReuseDecision::reuseNot, "the entry has been released");
// RFC 7234 section 4: a cache MUST use the most recent response
// (as determined by the Date header field)
- if (sawDateGoBack) {
- debugs(22, 3, "NO because " << *entry << " has an older date header.");
- return 0;
- }
+ // TODO: whether such responses could be shareable?
+ if (sawDateGoBack)
+ return decision.make(ReuseDecision::reuseNot, "the response has an older date header");
// Check for Surrogate/1.0 protocol conditions
// NP: reverse-proxy traffic our parent server has instructed us never to cache
- if (surrogateNoStore) {
- debugs(22, 3, HERE << "NO because Surrogate-Control:no-store");
- return 0;
- }
+ if (surrogateNoStore)
+ return decision.make(ReuseDecision::reuseNot, "Surrogate-Control:no-store");
// RFC 2616: HTTP/1.1 Cache-Control conditions
if (!ignoreCacheControl) {
@@ -363,11 +361,10 @@
// for now we are not reliably doing that so we waste CPU re-checking request CC
// RFC 2616 section 14.9.2 - MUST NOT cache any response with request CC:no-store
- if (request && request->cache_control && request->cache_control->noStore() &&
- !REFRESH_OVERRIDE(ignore_no_store)) {
- debugs(22, 3, HERE << "NO because client request Cache-Control:no-store");
- return 0;
- }
+ if (request && request->cache_control && request->cache_control->hasNoStore() &&
+ !REFRESH_OVERRIDE(ignore_no_store))
+ return decision.make(ReuseDecision::reuseNot,
+ "client request Cache-Control:no-store");
// NP: request CC:no-cache only means cache READ is forbidden. STORE is permitted.
if (rep->cache_control && rep->cache_control->hasNoCache() && rep->cache_control->noCache().size() > 0) {
@@ -376,19 +373,18 @@
* successfully (ie, must revalidate AND these headers are prohibited on stale replies).
* That is a bit tricky for squid right now so we avoid caching entirely.
*/
- debugs(22, 3, HERE << "NO because server reply Cache-Control:no-cache has parameters");
- return 0;
+ return decision.make(ReuseDecision::reuseNot,
+ "server reply Cache-Control:no-cache has parameters");
}
// NP: request CC:private is undefined. We ignore.
// NP: other request CC flags are limiters on HIT/MISS. We don't care about here.
// RFC 2616 section 14.9.2 - MUST NOT cache any response with CC:no-store
- if (rep->cache_control && rep->cache_control->noStore() &&
- !REFRESH_OVERRIDE(ignore_no_store)) {
- debugs(22, 3, HERE << "NO because server reply Cache-Control:no-store");
- return 0;
- }
+ if (rep->cache_control && rep->cache_control->hasNoStore() &&
+ !REFRESH_OVERRIDE(ignore_no_store))
+ return decision.make(ReuseDecision::reuseNot,
+ "server reply Cache-Control:no-store");
// RFC 2616 section 14.9.1 - MUST NOT cache any response with CC:private in a shared cache like Squid.
// CC:private overrides CC:public when both are present in a response.
@@ -401,27 +397,25 @@
* successfully (ie, must revalidate AND these headers are prohibited on stale replies).
* That is a bit tricky for squid right now so we avoid caching entirely.
*/
- debugs(22, 3, HERE << "NO because server reply Cache-Control:private");
- return 0;
+ return decision.make(ReuseDecision::reuseNot,
+ "server reply Cache-Control:private");
}
}
// RFC 2068, sec 14.9.4 - MUST NOT cache any response with Authentication UNLESS certain CC controls are present
// allow HTTP violations to IGNORE those controls (ie re-block caching Auth)
if (request && (request->flags.auth || request->flags.authSent) && !REFRESH_OVERRIDE(ignore_auth)) {
- if (!rep->cache_control) {
- debugs(22, 3, HERE << "NO because Authenticated and server reply missing Cache-Control");
- return 0;
- }
+ if (!rep->cache_control)
+ return decision.make(ReuseDecision::reuseNot,
+ "authenticated and server reply missing Cache-Control");
- if (ignoreCacheControl) {
- debugs(22, 3, HERE << "NO because Authenticated and ignoring Cache-Control");
- return 0;
- }
+ if (ignoreCacheControl)
+ return decision.make(ReuseDecision::reuseNot,
+ "authenticated and ignoring Cache-Control");
bool mayStore = false;
// HTTPbis pt6 section 3.2: a response CC:public is present
- if (rep->cache_control->Public()) {
+ if (rep->cache_control->hasPublic()) {
debugs(22, 3, HERE << "Authenticated but server reply Cache-Control:public");
mayStore = true;
@@ -441,15 +435,13 @@
#endif
// HTTPbis pt6 section 3.2: a response CC:s-maxage is present
- } else if (rep->cache_control->sMaxAge()) {
+ } else if (rep->cache_control->hasSMaxAge()) {
debugs(22, 3, HERE << "Authenticated but server reply Cache-Control:s-maxage");
mayStore = true;
}
- if (!mayStore) {
- debugs(22, 3, HERE << "NO because Authenticated transaction");
- return 0;
- }
+ if (!mayStore)
+ return decision.make(ReuseDecision::reuseNot, "authenticated transaction");
// NP: response CC:no-cache is equivalent to CC:must-revalidate,max-age=0. We MAY cache, and do so.
// NP: other request CC flags are limiters on HIT/MISS/REFRESH. We don't care about here.
@@ -460,12 +452,26 @@
* probably should not be cachable
*/
if ((v = hdr->getStr(HDR_CONTENT_TYPE)))
- if (!strncasecmp(v, "multipart/x-mixed-replace", 25)) {
- debugs(22, 3, HERE << "NO because Content-Type:multipart/x-mixed-replace");
- return 0;
- }
+ if (!strncasecmp(v, "multipart/x-mixed-replace", 25))
+ return decision.make(ReuseDecision::reuseNot, "Content-Type:multipart/x-mixed-replace");
+
+ // TODO: if possible, provide more specific message for each status code
+ static const char *shareableError = "shareable error status code";
+ static const char *nonShareableError = "non-shareable error status code";
+ ReuseDecision::Answers statusAnswer = ReuseDecision::reuseNot;
+ const char *statusReason = nonShareableError;
switch (rep->sline.status()) {
+
+ /* There are several situations when a non-cacheable response may be
+ * still shareable (e.g., among collapsed clients). We assume that these
+ * are 3xx and 5xx responses, indicating server problems and some of
+ * 4xx responses, common for all clients with a given cache key (e.g.,
+ * 404 Not Found or 414 URI Too Long). On the other hand, we should not
+ * share non-cacheable client-specific errors, such as 400 Bad Request
+ * or 406 Not Acceptable.
+ */
+
/* Responses that are cacheable */
case Http::scOkay:
@@ -482,112 +488,90 @@
* Don't cache objects that need to be refreshed on next request,
* unless we know how to refresh it.
*/
+ if (refreshIsCachable(entry) || REFRESH_OVERRIDE(store_stale))
+ decision.make(ReuseDecision::cachePositively, "refresh check returned cacheable");
+ else
+ decision.make(ReuseDecision::doNotCacheButShare, "refresh check returned non-cacheable");
- if (!refreshIsCachable(entry) && !REFRESH_OVERRIDE(store_stale)) {
- debugs(22, 3, "NO because refreshIsCachable() returned non-cacheable..");
- return 0;
- } else {
- debugs(22, 3, HERE << "YES because HTTP status " << rep->sline.status());
- return 1;
- }
- /* NOTREACHED */
break;
/* Responses that only are cacheable if the server says so */
case Http::scFound:
case Http::scTemporaryRedirect:
- if (rep->date <= 0) {
- debugs(22, 3, HERE << "NO because HTTP status " << rep->sline.status() << " and Date missing/invalid");
- return 0;
- }
- if (rep->expires > rep->date) {
- debugs(22, 3, HERE << "YES because HTTP status " << rep->sline.status() << " and Expires > Date");
- return 1;
- } else {
- debugs(22, 3, HERE << "NO because HTTP status " << rep->sline.status() << " and Expires <= Date");
- return 0;
- }
- /* NOTREACHED */
+
+ if (rep->date <= 0)
+ decision.make(ReuseDecision::doNotCacheButShare, "Date is missing/invalid");
+ else if (rep->expires > rep->date)
+ decision.make(ReuseDecision::cachePositively, "Expires > Date");
+ else
+ decision.make(ReuseDecision::doNotCacheButShare, "Expires <= Date");
break;
- /* Errors can be negatively cached */
-
+ /* These responses can be negatively cached. Most can also be shared. */
case Http::scNoContent:
-
case Http::scUseProxy:
-
- case Http::scBadRequest:
-
case Http::scForbidden:
-
case Http::scNotFound:
-
case Http::scMethodNotAllowed:
-
case Http::scUriTooLong:
-
case Http::scInternalServerError:
-
case Http::scNotImplemented:
-
case Http::scBadGateway:
-
case Http::scServiceUnavailable:
-
case Http::scGatewayTimeout:
case Http::scMisdirectedRequest:
-
- debugs(22, 3, "MAYBE because HTTP status " << rep->sline.status());
- return -1;
-
- /* NOTREACHED */
+ statusAnswer = ReuseDecision::doNotCacheButShare;
+ statusReason = shareableError;
+ // fall through to the actual decision making below
+
+ case Http::scBadRequest: // no sharing; perhaps the server did not like something specific to this request
+
+#if USE_HTTP_VIOLATIONS
+ if (Config.negativeTtl > 0)
+ decision.make(ReuseDecision::cacheNegatively, "Config.negativeTtl > 0");
+ else
+#endif
+ decision.make(statusAnswer, statusReason);
break;
- /* Some responses can never be cached */
-
- case Http::scPartialContent: /* Not yet supported */
-
+ /* these responses can never be cached, some
+ of them can be shared though */
case Http::scSeeOther:
-
case Http::scNotModified:
-
case Http::scUnauthorized:
-
case Http::scProxyAuthenticationRequired:
-
- case Http::scInvalidHeader: /* Squid header parsing error */
-
- case Http::scHeaderTooLarge:
-
case Http::scPaymentRequired:
+ case Http::scInsufficientStorage:
+ // TODO: use more specific reason for non-error status codes
+ decision.make(ReuseDecision::doNotCacheButShare, shareableError);
+ break;
+
+ case Http::scPartialContent: /* Not yet supported. TODO: make shareable for suitable ranges */
case Http::scNotAcceptable:
- case Http::scRequestTimeout:
- case Http::scConflict:
+ case Http::scRequestTimeout: // TODO: is this shareable?
+ case Http::scConflict: // TODO: is this shareable?
case Http::scLengthRequired:
case Http::scPreconditionFailed:
case Http::scPayloadTooLarge:
case Http::scUnsupportedMediaType:
case Http::scUnprocessableEntity:
- case Http::scLocked:
+ case Http::scLocked: // TODO: is this shareable?
case Http::scFailedDependency:
- case Http::scInsufficientStorage:
case Http::scRequestedRangeNotSatisfied:
case Http::scExpectationFailed:
-
- debugs(22, 3, HERE << "NO because HTTP status " << rep->sline.status());
- return 0;
-
+ case Http::scInvalidHeader: /* Squid header parsing error */
+ case Http::scHeaderTooLarge:
+ decision.make(ReuseDecision::reuseNot, nonShareableError);
+ break;
default:
/* RFC 2616 section 6.1.1: an unrecognized response MUST NOT be cached. */
- debugs (11, 3, HERE << "NO because unknown HTTP status code " << rep->sline.status());
- return 0;
- /* NOTREACHED */
+ decision.make(ReuseDecision::reuseNot, "unknown status code");
break;
}
- /* NOTREACHED */
+ return decision.answer;
}
/// assemble a variant key (vary-mark) from the given Vary header and HTTP request
@@ -898,11 +882,12 @@
Ctx ctx = ctx_enter(entry->mem_obj->urlXXX());
HttpReply *rep = finalReply();
+ const Http::StatusCode statusCode = rep->sline.status();
entry->timestampsSet();
/* Check if object is cacheable or not based on reply code */
- debugs(11, 3, "HTTP CODE: " << rep->sline.status());
+ debugs(11, 3, "HTTP CODE: " << statusCode);
if (const StoreEntry *oldEntry = findPreviouslyCachedEntry(entry))
sawDateGoBack = rep->olderThan(oldEntry->getReply());
@@ -919,7 +904,9 @@
const SBuf vary(httpMakeVaryMark(request, rep));
if (vary.isEmpty()) {
- entry->makePrivate();
+ // TODO: check whether such responses are shareable.
+ // Do not share for now.
+ entry->makePrivate(false);
if (!fwd->reforwardableStatus(rep->sline.status()))
EBIT_CLR(entry->flags, ENTRY_FWD_HDR_WAIT);
varyFailure = true;
@@ -942,30 +929,31 @@
if (!fwd->reforwardableStatus(rep->sline.status()))
EBIT_CLR(entry->flags, ENTRY_FWD_HDR_WAIT);
- switch (cacheableReply()) {
-
- case 1:
+ ReuseDecision decision(entry, statusCode);
+
+ switch (reusableReply(decision)) {
+
+ case ReuseDecision::reuseNot:
+ entry->makePrivate(false);
+ break;
+
+ case ReuseDecision::cachePositively:
entry->makePublic();
break;
- case 0:
- entry->makePrivate();
+ case ReuseDecision::cacheNegatively:
+ entry->cacheNegatively();
break;
- case -1:
-
-#if USE_HTTP_VIOLATIONS
- if (Config.negativeTtl > 0)
- entry->cacheNegatively();
- else
-#endif
- entry->makePrivate();
+ case ReuseDecision::doNotCacheButShare:
+ entry->makePrivate(true);
break;
default:
assert(0);
break;
}
+ debugs(11, 3, "decided: " << decision);
}
if (!ignoreCacheControl) {
@@ -2429,3 +2417,29 @@
mustStop(reason);
}
+HttpStateData::ReuseDecision::ReuseDecision(const StoreEntry *e, const Http::StatusCode code)
+ : answer(HttpStateData::ReuseDecision::reuseNot), reason(nullptr), entry(e), statusCode(code) {}
+
+HttpStateData::ReuseDecision::Answers
+HttpStateData::ReuseDecision::make(const HttpStateData::ReuseDecision::Answers ans, const char *why)
+{
+ answer = ans;
+ reason = why;
+ return answer;
+}
+
+std::ostream &operator <<(std::ostream &os, const HttpStateData::ReuseDecision &d)
+{
+ static const char *ReuseMessages[] = {
+ "do not cache and do not share", // reuseNot
+ "cache positively and share", // cachePositively
+ "cache negatively and share", // cacheNegatively
+ "do not cache but share" // doNotCacheButShare
+ };
+
+ assert(d.answer >= HttpStateData::ReuseDecision::reuseNot &&
+ d.answer <= HttpStateData::ReuseDecision::doNotCacheButShare);
+ return os << ReuseMessages[d.answer] << " because " << d.reason <<
+ "; HTTP status " << d.statusCode << " " << *(d.entry);
+}
+
=== modified file 'src/http.h'
--- src/http.h 2017-01-01 00:16:45 +0000
+++ src/http.h 2017-06-14 21:37:20 +0000
@@ -22,6 +22,23 @@
{
public:
+
+ /// assists in making and relaying entry caching/sharing decision
+ class ReuseDecision
+ {
+ public:
+ enum Answers { reuseNot = 0, cachePositively, cacheNegatively, doNotCacheButShare };
+
+ ReuseDecision(const StoreEntry *e, const Http::StatusCode code);
+ /// stores the corresponding decision
+ Answers make(const Answers ans, const char *why);
+
+ Answers answer; ///< the decision id
+ const char *reason; ///< the decision reason
+ const StoreEntry *entry; ///< entry for debugging
+ const Http::StatusCode statusCode; ///< HTTP status for debugging
+ };
+
HttpStateData(FwdState *);
~HttpStateData();
@@ -39,8 +56,8 @@
void readReply(const CommIoCbParams &io);
virtual void maybeReadVirginBody(); // read response data from the network
- // Determine whether the response is a cacheable representation
- int cacheableReply();
+ // Checks whether the response is cacheable/shareable.
+ ReuseDecision::Answers reusableReply(ReuseDecision &decision);
CachePeer *_peer; /* CachePeer request made to */
int eof; /* reached end-of-object? */
@@ -119,6 +136,8 @@
CBDATA_CLASS2(HttpStateData);
};
+std::ostream &operator <<(std::ostream &os, const HttpStateData::ReuseDecision &d);
+
int httpCachable(const HttpRequestMethod&);
void httpStart(FwdState *);
SBuf httpMakeVaryMark(HttpRequest * request, HttpReply const * reply);
=== modified file 'src/store.cc'
--- src/store.cc 2017-01-01 00:16:45 +0000
+++ src/store.cc 2017-06-14 21:37:20 +0000
@@ -171,11 +171,18 @@
}
void
-StoreEntry::makePrivate()
+StoreEntry::makePrivate(const bool shareable)
{
/* This object should never be cached at all */
expireNow();
- releaseRequest(); /* delete object when not used */
+ releaseRequest(shareable); /* delete object when not used */
+}
+
+void
+StoreEntry::clearPrivate()
+{
+ EBIT_CLR(flags, KEY_PRIVATE);
+ shareableWhenPrivate = false;
}
void
@@ -365,7 +372,8 @@
ping_status(PING_NONE),
store_status(STORE_PENDING),
swap_status(SWAPOUT_NONE),
- lock_count(0)
+ lock_count(0),
+ shareableWhenPrivate(false)
{
debugs(20, 5, "StoreEntry constructed, this=" << this);
}
@@ -504,14 +512,14 @@
}
void
-StoreEntry::releaseRequest()
+StoreEntry::releaseRequest(const bool shareable)
{
if (EBIT_TEST(flags, RELEASE_REQUEST))
return;
setReleaseFlag(); // makes validToSend() false, preventing future hits
- setPrivateKey();
+ setPrivateKey(shareable);
}
int
@@ -623,12 +631,16 @@
* concept'.
*/
void
-StoreEntry::setPrivateKey()
+StoreEntry::setPrivateKey(const bool shareable)
{
const cache_key *newkey;
- if (key && EBIT_TEST(flags, KEY_PRIVATE))
- return; /* is already private */
+ if (key && EBIT_TEST(flags, KEY_PRIVATE)) {
+ // The entry is already private, but it may be still shareable.
+ if (!shareable)
+ shareableWhenPrivate = false;
+ return;
+ }
if (key) {
setReleaseFlag(); // will markForUnlink(); all caches/workers will know
@@ -649,6 +661,7 @@
assert(hash_lookup(store_table, newkey) == NULL);
EBIT_SET(flags, KEY_PRIVATE);
+ shareableWhenPrivate = shareable;
hashInsert(newkey);
}
@@ -705,14 +718,17 @@
if (StoreEntry *e2 = (StoreEntry *)hash_lookup(store_table, newkey)) {
assert(e2 != this);
debugs(20, 3, "Making old " << *e2 << " private.");
- e2->setPrivateKey();
- e2->release();
+
+ // TODO: check whether there is any sense in keeping old entry
+ // shareable here. Leaving it non-shareable for now.
+ e2->setPrivateKey(false);
+ e2->release(false);
}
if (key)
hashDelete();
- EBIT_CLR(flags, KEY_PRIVATE);
+ clearPrivate();
hashInsert(newkey);
@@ -830,7 +846,7 @@
e->lock("storeCreateEntry");
if (neighbors_do_private_keys || !flags.hierarchical)
- e->setPrivateKey();
+ e->setPrivateKey(false);
else
e->setPublicKey();
@@ -1264,7 +1280,7 @@
/* release an object from a cache */
void
-StoreEntry::release()
+StoreEntry::release(const bool shareable)
{
PROF_start(storeRelease);
debugs(20, 3, "releasing " << *this << ' ' << getMD5Text());
@@ -1274,7 +1290,7 @@
if (locked()) {
expireNow();
debugs(20, 3, "storeRelease: Only setting RELEASE_REQUEST bit");
- releaseRequest();
+ releaseRequest(shareable);
PROF_stop(storeRelease);
return;
}
@@ -1282,7 +1298,7 @@
Store::Root().memoryUnlink(*this);
if (StoreController::store_dirs_rebuilding && swap_filen > -1) {
- setPrivateKey();
+ setPrivateKey(shareable);
if (swap_filen > -1) {
// lock the entry until rebuilding is done
@@ -2181,7 +2197,11 @@
if (EBIT_TEST(e.flags, REFRESH_REQUEST)) os << 'F';
if (EBIT_TEST(e.flags, ENTRY_REVALIDATE_STALE)) os << 'E';
if (EBIT_TEST(e.flags, ENTRY_DISPATCHED)) os << 'D';
- if (EBIT_TEST(e.flags, KEY_PRIVATE)) os << 'I';
+ if (EBIT_TEST(e.flags, KEY_PRIVATE)) {
+ os << 'I';
+ if (e.shareableWhenPrivate)
+ os << 'H';
+ }
if (EBIT_TEST(e.flags, ENTRY_FWD_HDR_WAIT)) os << 'W';
if (EBIT_TEST(e.flags, ENTRY_NEGCACHED)) os << 'N';
if (EBIT_TEST(e.flags, ENTRY_VALIDATED)) os << 'V';
=== modified file 'src/tests/stub_store.cc'
--- src/tests/stub_store.cc 2017-01-01 00:16:45 +0000
+++ src/tests/stub_store.cc 2017-06-14 21:37:20 +0000
@@ -43,11 +43,11 @@
void StoreEntry::abort() STUB
void StoreEntry::unlink() STUB
void StoreEntry::makePublic(const KeyScope keyScope) STUB
-void StoreEntry::makePrivate() STUB
+void StoreEntry::makePrivate(const bool shareable) STUB
void StoreEntry::setPublicKey(const KeyScope keyScope) STUB
-void StoreEntry::setPrivateKey() STUB
+void StoreEntry::setPrivateKey(const bool shareable) STUB
void StoreEntry::expireNow() STUB
-void StoreEntry::releaseRequest() STUB
+void StoreEntry::releaseRequest(const bool shareable) STUB
void StoreEntry::negativeCache() STUB
void StoreEntry::cacheNegatively() STUB
void StoreEntry::purgeMem() STUB
@@ -99,7 +99,7 @@
int64_t StoreEntry::contentLen() const STUB_RETVAL(0)
void StoreEntry::lock(const char *) STUB
void StoreEntry::touch() STUB
-void StoreEntry::release() STUB
+void StoreEntry::release(const bool shareable) STUB
NullStoreEntry *NullStoreEntry::getInstance() STUB_RETVAL(NULL)
const char *NullStoreEntry::getMD5Text() const STUB_RETVAL(NULL)
=== modified file 'src/tests/testStoreController.cc'
--- src/tests/testStoreController.cc 2017-01-01 00:16:45 +0000
+++ src/tests/testStoreController.cc 2017-06-14 21:37:20 +0000
@@ -116,7 +116,7 @@
e->lastModified(squid_curtime);
e->refcount = 1;
EBIT_CLR(e->flags, RELEASE_REQUEST);
- EBIT_CLR(e->flags, KEY_PRIVATE);
+ e->clearPrivate();
e->ping_status = PING_NONE;
EBIT_CLR(e->flags, ENTRY_VALIDATED);
e->hashInsert((const cache_key *)name.termedBuf()); /* do it after we clear KEY_PRIVATE */
=== modified file 'src/tests/testStoreHashIndex.cc'
--- src/tests/testStoreHashIndex.cc 2017-01-01 00:16:45 +0000
+++ src/tests/testStoreHashIndex.cc 2017-06-14 21:37:20 +0000
@@ -97,7 +97,7 @@
e->lastModified(squid_curtime);
e->refcount = 1;
EBIT_CLR(e->flags, RELEASE_REQUEST);
- EBIT_CLR(e->flags, KEY_PRIVATE);
+ e->clearPrivate();
e->ping_status = PING_NONE;
EBIT_CLR(e->flags, ENTRY_VALIDATED);
e->hashInsert((const cache_key *)name.termedBuf()); /* do it after we clear KEY_PRIVATE */

85
src/patches/squid/squid-3.5-14170.patch
View File

@@ -1,85 +0,0 @@
------------------------------------------------------------
revno: 14170
revision-id: squid3@treenet.co.nz-20170614215906-ly36sobvlr2pt0u6
parent: squid3@treenet.co.nz-20170614213720-3qmiohlx4zr2jnqq
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=2833
author: Eduard Bagdasaryan <eduard.bagdasaryan@measurement-factory.com>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Thu 2017-06-15 09:59:06 +1200
message:
Bug 2833 pt3: Do not respond with HTTP/304 to unconditional requests
... after internal revalidation. The original unconditional HttpRequest
was still marked (and processed) as conditional after internal
revalidation because the original (clear) Last-Modified and ETag values
were not restored (cleared) after the internal revalidation abused them.
TODO: Isolate the code converting the request into conditional one _and_
the code that undoes that conversion, to keep both actions in sync.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20170614215906-ly36sobvlr2pt0u6
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 0991e2d39b3bcebcf18cba3db0e3b57aabf23b8b
# timestamp: 2017-06-14 22:22:43 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20170614213720-\
# 3qmiohlx4zr2jnqq
#
# Begin patch
=== modified file 'src/client_side_reply.cc'
--- src/client_side_reply.cc 2017-06-14 21:37:20 +0000
+++ src/client_side_reply.cc 2017-06-14 21:59:06 +0000
@@ -72,8 +72,8 @@
HTTPMSGUNLOCK(reply);
}
-clientReplyContext::clientReplyContext(ClientHttpRequest *clientContext) : http (cbdataReference(clientContext)), old_entry (NULL), old_sc(NULL), deleting(false),
- collapsedRevalidation(crNone)
+clientReplyContext::clientReplyContext(ClientHttpRequest *clientContext) : http (cbdataReference(clientContext)), old_entry (NULL),
+ old_sc(NULL), old_lastmod(-1), deleting(false), collapsedRevalidation(crNone)
{}
/** Create an error in the store awaiting the client side to read it.
@@ -185,6 +185,8 @@
debugs(88, 3, "clientReplyContext::saveState: saving store context");
old_entry = http->storeEntry();
old_sc = sc;
+ old_lastmod = http->request->lastmod;
+ old_etag = http->request->etag;
old_reqsize = reqsize;
tempBuffer.offset = reqofs;
/* Prevent accessing the now saved entries */
@@ -204,9 +206,13 @@
sc = old_sc;
reqsize = old_reqsize;
reqofs = tempBuffer.offset;
+ http->request->lastmod = old_lastmod;
+ http->request->etag = old_etag;
/* Prevent accessed the old saved entries */
old_entry = NULL;
old_sc = NULL;
+ old_lastmod = -1;
+ old_etag.clean();
old_reqsize = 0;
tempBuffer.offset = 0;
}
=== modified file 'src/client_side_reply.h'
--- src/client_side_reply.h 2017-01-01 00:16:45 +0000
+++ src/client_side_reply.h 2017-06-14 21:59:06 +0000
@@ -130,7 +130,11 @@
void sendNotModifiedOrPreconditionFailedError();
StoreEntry *old_entry;
- store_client *old_sc; /* ... for entry to be validated */
+ /* ... for entry to be validated */
+ store_client *old_sc;
+ time_t old_lastmod;
+ String old_etag;
+
bool deleting;
typedef enum {

45
src/patches/squid/squid-3.5-14171.patch
View File

@@ -1,45 +0,0 @@
------------------------------------------------------------
revno: 14171
revision-id: squidadm@squid-cache.org-20170615001633-wgrl5w8isv15o7gg
parent: squid3@treenet.co.nz-20170614215906-ly36sobvlr2pt0u6
committer: Source Maintenance <squidadm@squid-cache.org>
branch nick: 3.5
timestamp: Thu 2017-06-15 00:16:33 +0000
message:
SourceFormat Enforcement
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squidadm@squid-cache.org-20170615001633-\
# wgrl5w8isv15o7gg
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 237182ac5eed6aca7e9aca295a90057f3a8cf10b
# timestamp: 2017-06-15 00:51:05 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20170614215906-\
# ly36sobvlr2pt0u6
#
# Begin patch
=== modified file 'src/http.cc'
--- src/http.cc 2017-06-14 21:37:20 +0000
+++ src/http.cc 2017-06-15 00:16:33 +0000
@@ -523,7 +523,7 @@
case Http::scMisdirectedRequest:
statusAnswer = ReuseDecision::doNotCacheButShare;
statusReason = shareableError;
- // fall through to the actual decision making below
+ // fall through to the actual decision making below
case Http::scBadRequest: // no sharing; perhaps the server did not like something specific to this request
@@ -2438,8 +2438,8 @@
};
assert(d.answer >= HttpStateData::ReuseDecision::reuseNot &&
- d.answer <= HttpStateData::ReuseDecision::doNotCacheButShare);
+ d.answer <= HttpStateData::ReuseDecision::doNotCacheButShare);
return os << ReuseMessages[d.answer] << " because " << d.reason <<
- "; HTTP status " << d.statusCode << " " << *(d.entry);
+ "; HTTP status " << d.statusCode << " " << *(d.entry);
}

40
src/patches/squid/squid-3.5-14172.patch
View File

@@ -1,40 +0,0 @@
------------------------------------------------------------
revno: 14172
revision-id: squid3@treenet.co.nz-20170621195439-l63xfsad58ghhhfu
parent: squidadm@squid-cache.org-20170615001633-wgrl5w8isv15o7gg
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4671
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Thu 2017-06-22 07:54:39 +1200
message:
Bug 4671 pt2: GCC 7: raise FTP Gateway CTRL channel buffer to 16KB
Fixes
error: %s directive output may be truncated writing up to 8191 bytes
into a region of size 1019
note: snprintf output between 8 and 8199 bytes into a destination of
size 1024
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20170621195439-l63xfsad58ghhhfu
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: eeb32b45efe5504eebeaae89088d4a81d807807c
# timestamp: 2017-06-21 20:50:58 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squidadm@squid-cache.org-20170615001633-\
# wgrl5w8isv15o7gg
#
# Begin patch
=== modified file 'src/clients/FtpGateway.cc'
--- src/clients/FtpGateway.cc 2017-05-29 04:37:41 +0000
+++ src/clients/FtpGateway.cc 2017-06-21 19:54:39 +0000
@@ -192,7 +192,7 @@
#define FTP_LOGIN_NOT_ESCAPED 0
-#define CTRL_BUFLEN 1024
+#define CTRL_BUFLEN 16*1024
static char cbuf[CTRL_BUFLEN];
/*

254
src/patches/squid/squid-3.5-14173.patch
View File

@@ -1,254 +0,0 @@
------------------------------------------------------------
revno: 14173
revision-id: squid3@treenet.co.nz-20170621201248-ezpvykg0b307ix61
parent: squid3@treenet.co.nz-20170621195439-l63xfsad58ghhhfu
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4671
author: Alex Rousskov <rousskov@measurement-factory.com>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Thu 2017-06-22 08:12:48 +1200
message:
Replace new/delete operators using modern C++ rules.
This change was motivated by "Mismatched free()/delete/delete[]" errors
reported by valgrind and mused about in Squid source code.
I speculate that the old new/delete replacement code was the result of
slow accumulation of working hacks to accomodate various environments,
as compiler support for the feature evolved. The cumulative result does
not actually work well (see the above paragraph), and the replacement
functions had the following visible coding problems according to [1,2]:
a) Declared with non-standard profiles that included throw specifiers.
b) Declared inline. C++ says that the results of inline declarations
have unspecified effects. In Squid, they probably necessitated
complex compiler-specific "extern inline" workarounds.
c) Defined in the header file. C++ says that defining replacements "in
any source file" is enough and that multiple replacements per
program (which is what a header file definition produces) result in
"undefined behavior".
d) Declared inconsistently (only 2 out of 4 flavors). Declaring one base
flavor should be sufficient, but if we declare more, we should
declare all of them.
[1] http://en.cppreference.com/w/cpp/memory/new/operator_new
[2] http://en.cppreference.com/w/cpp/memory/new/operator_delete
The replacements were not provided to clang (trunk r13219), but there
was no explanation why. This patch does not change that exclusion.
I have no idea whether any of the old hacks are still necessary in some
cases. However, I suspect that either we do not care much if the
replacements are not enabled on some poorly supported platforms OR we
can disable them (or make them work) using much simpler hacks for the
platforms we do care about.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20170621201248-ezpvykg0b307ix61
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 4f15c23326e4e4fe2ca2a6c7a13333e01677a0b0
# timestamp: 2017-06-21 20:51:02 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20170621195439-\
# l63xfsad58ghhhfu
#
# Begin patch
=== modified file 'compat/os/macosx.h'
--- compat/os/macosx.h 2017-01-01 00:16:45 +0000
+++ compat/os/macosx.h 2017-06-21 20:12:48 +0000
@@ -28,11 +28,6 @@
#include "compat/cmsg.h"
-// MacOS GCC 4.0.1 and 4.2.1 supply __GNUC_GNU_INLINE__ but do not actually define __attribute__((gnu_inline))
-#if defined(__cplusplus) && !defined(_SQUID_EXTERNNEW_)
-#define _SQUID_EXTERNNEW_ extern inline
-#endif
-
#endif /* _SQUID_APPLE_ */
#endif /* SQUID_OS_MACOSX_H */
=== modified file 'compat/os/sgi.h'
--- compat/os/sgi.h 2017-01-01 00:16:45 +0000
+++ compat/os/sgi.h 2017-06-21 20:12:48 +0000
@@ -25,15 +25,6 @@
#define _ABI_SOURCE
#endif /* USE_ASYNC_IO */
-#if defined(__cplusplus) && !defined(_SQUID_EXTERNNEW_) && !defined(_GNUC_)
-/*
- * The gcc compiler treats extern inline functions as being extern,
- * while the SGI MIPSpro compilers treat them as inline. To get equivalent
- * behavior, remove the inline keyword.
- */
-#define _SQUID_EXTERNNEW_ extern
-#endif
-
#endif /* _SQUID_SGI_ */
#endif /* SQUID_OS_SGI_H */
=== modified file 'compat/os/solaris.h'
--- compat/os/solaris.h 2017-01-01 00:16:45 +0000
+++ compat/os/solaris.h 2017-06-21 20:12:48 +0000
@@ -59,13 +59,6 @@
#endif
/*
- * SunPro CC handles extern inline as inline, PLUS extern symbols.
- */
-#if !defined(_SQUID_EXTERNNEW_) && defined(__SUNPRO_CC)
-#define _SQUID_EXTERNNEW_ extern
-#endif
-
-/*
* SunStudio CC does not define C++ portability API __FUNCTION__
*/
#if defined(__SUNPRO_CC) && !defined(__FUNCTION__)
=== removed file 'include/SquidNew.h'
--- include/SquidNew.h 2017-01-01 00:16:45 +0000
+++ include/SquidNew.h 1970-01-01 00:00:00 +0000
@@ -1,41 +0,0 @@
-/*
- * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
- *
- * Squid software is distributed under GPLv2+ license and includes
- * contributions from numerous individuals and organizations.
- * Please see the COPYING and CONTRIBUTORS files for details.
- */
-
-#ifndef SQUID_NEW_H
-#define SQUID_NEW_H
-
-#if !defined(__SUNPRO_CC) && !defined(__clang__)
-/* Any code using libstdc++ must have externally resolvable overloads
- * for void * operator new - which means in the .o for the binary,
- * or in a shared library. static libs don't propogate the symbol
- * so, look in the translation unit containing main() in squid
- * for the extern version in squid
- */
-#include <new>
-
-_SQUID_EXTERNNEW_ void *operator new(size_t size) throw (std::bad_alloc)
-{
- return xmalloc(size);
-}
-_SQUID_EXTERNNEW_ void operator delete (void *address) throw()
-{
- xfree(address);
-}
-_SQUID_EXTERNNEW_ void *operator new[] (size_t size) throw (std::bad_alloc)
-{
- return xmalloc(size);
-}
-_SQUID_EXTERNNEW_ void operator delete[] (void *address) throw()
-{
- xfree(address);
-}
-
-#endif /* !__SUNPRO_CC && !__clang__*/
-
-#endif /* SQUID_NEW_H */
-
=== modified file 'include/util.h'
--- include/util.h 2017-01-01 00:16:45 +0000
+++ include/util.h 2017-06-21 20:12:48 +0000
@@ -19,23 +19,6 @@
SQUIDCEXTERN int tvSubUsec(struct timeval, struct timeval);
SQUIDCEXTERN double tvSubDsec(struct timeval, struct timeval);
SQUIDCEXTERN void Tolower(char *);
-#if defined(__cplusplus)
-/*
- * Any code using libstdc++ must have externally resolvable overloads
- * for void * operator new - which means in the .o for the binary,
- * or in a shared library. static libs don't propogate the symbol
- * so, look in the translation unit containing main() in squid
- * for the extern version in squid
- */
-#if !defined(_SQUID_EXTERNNEW_)
-#if defined(__GNUC_STDC_INLINE__) || defined(__GNUC_GNU_INLINE__)
-#define _SQUID_EXTERNNEW_ extern inline __attribute__((gnu_inline))
-#else
-#define _SQUID_EXTERNNEW_ extern inline
-#endif
-#endif
-#include "SquidNew.h"
-#endif
SQUIDCEXTERN time_t parse_iso3307_time(const char *buf);
=== modified file 'src/SquidNew.cc'
--- src/SquidNew.cc 2017-01-01 00:16:45 +0000
+++ src/SquidNew.cc 2017-06-21 20:12:48 +0000
@@ -8,29 +8,45 @@
/* DEBUG: none Memory Allocation */
-#define _SQUID_EXTERNNEW_
-
#include "squid.h"
-#ifdef __SUNPRO_CC
+#if !defined(__clang__)
#include <new>
-void *operator new(size_t size) throw (std::bad_alloc)
-{
- return xmalloc(size);
-}
-void operator delete (void *address) throw()
-{
- xfree (address);
-}
-void *operator new[] (size_t size) throw (std::bad_alloc)
-{
- return xmalloc(size);
-}
-void operator delete[] (void *address) throw()
-{
- xfree (address);
-}
-
-#endif /* __SUNPRO_CC */
+
+void *operator new(size_t size)
+{
+ return xmalloc(size);
+}
+void operator delete(void *address)
+{
+ xfree(address);
+}
+void *operator new[](size_t size)
+{
+ return xmalloc(size);
+}
+void operator delete[](void *address)
+{
+ xfree(address);
+}
+
+void *operator new(size_t size, const std::nothrow_t &tag)
+{
+ return xmalloc(size);
+}
+void operator delete(void *address, const std::nothrow_t &tag)
+{
+ xfree(address);
+}
+void *operator new[](size_t size, const std::nothrow_t &tag)
+{
+ return xmalloc(size);
+}
+void operator delete[](void *address, const std::nothrow_t &tag)
+{
+ xfree(address);
+}
+
+#endif /* !defined(__clang__) */

274
src/patches/squid/squid-3.5-14174.patch
View File

@@ -1,274 +0,0 @@
------------------------------------------------------------
revno: 14174
revision-id: squid3@treenet.co.nz-20170622153146-nxo8vl6a9r8z03v4
parent: squid3@treenet.co.nz-20170621201248-ezpvykg0b307ix61
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4671
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Fri 2017-06-23 03:31:46 +1200
message:
Bug 4671 pt3: various GCC 7 compile errors
Also, remove limit on FTP realm strings
Convert ftpRealm() from generating char* to SBuf. This fixes issues identified
by GCC 7 where the realm string may be longer than the available buffer and
gets truncated.
The size of the buffer was making the occurance rather rare, but it is still
possible.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20170622153146-nxo8vl6a9r8z03v4
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: b54e1a339544443ed9b34a094717b2781c746c76
# timestamp: 2017-06-22 15:50:59 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20170621201248-\
# ezpvykg0b307ix61
#
# Begin patch
=== modified file 'src/DiskIO/DiskThreads/aiops.cc'
--- src/DiskIO/DiskThreads/aiops.cc 2017-01-01 00:16:45 +0000
+++ src/DiskIO/DiskThreads/aiops.cc 2017-06-22 15:31:46 +0000
@@ -290,7 +290,7 @@
/* Create threads and get them to sit in their wait loop */
squidaio_thread_pool = memPoolCreate("aio_thread", sizeof(squidaio_thread_t));
- assert(NUMTHREADS);
+ assert(NUMTHREADS != 0);
for (i = 0; i < NUMTHREADS; ++i) {
threadp = (squidaio_thread_t *)squidaio_thread_pool->alloc();
=== modified file 'src/clients/FtpGateway.cc'
--- src/clients/FtpGateway.cc 2017-06-21 19:54:39 +0000
+++ src/clients/FtpGateway.cc 2017-06-22 15:31:46 +0000
@@ -153,8 +153,8 @@
virtual void timeout(const CommTimeoutCbParams &io);
void ftpAcceptDataConnection(const CommAcceptCbParams &io);
- static HttpReply *ftpAuthRequired(HttpRequest * request, const char *realm);
- const char *ftpRealm(void);
+ static HttpReply *ftpAuthRequired(HttpRequest * request, SBuf &realm);
+ SBuf ftpRealm();
void loginFailed(void);
virtual void haveParsedReplyHeaders();
@@ -1189,7 +1189,8 @@
{
if (!checkAuth(&request->header)) {
/* create appropriate reply */
- HttpReply *reply = ftpAuthRequired(request, ftpRealm());
+ SBuf realm(ftpRealm()); // local copy so SBuf wont disappear too early
+ HttpReply *reply = ftpAuthRequired(request, realm);
entry->replaceHttpReply(reply);
serverComplete();
return;
@@ -1290,7 +1291,9 @@
#if HAVE_AUTH_MODULE_BASIC
/* add Authenticate header */
- newrep->header.putAuth("Basic", ftpRealm());
+ // XXX: performance regression. c_str() may reallocate
+ SBuf realm(ftpRealm()); // local copy so SBuf wont disappear too early
+ newrep->header.putAuth("Basic", realm.c_str());
#endif
// add it to the store entry for response....
@@ -1298,18 +1301,19 @@
serverComplete();
}
-const char *
+SBuf
Ftp::Gateway::ftpRealm()
{
- static char realm[8192];
+ SBuf realm;
/* This request is not fully authenticated */
- if (!request) {
- snprintf(realm, 8192, "FTP %s unknown", user);
- } else if (request->port == 21) {
- snprintf(realm, 8192, "FTP %s %s", user, request->GetHost());
- } else {
- snprintf(realm, 8192, "FTP %s %s port %d", user, request->GetHost(), request->port);
+ realm.appendf("FTP %s ", user);
+ if (!request)
+ realm.append("unknown", 7);
+ else {
+ realm.append(request->GetHost());
+ if (request->port != 21)
+ realm.appendf(" port %d", request->port);
}
return realm;
}
@@ -2673,13 +2677,14 @@
}
HttpReply *
-Ftp::Gateway::ftpAuthRequired(HttpRequest * request, const char *realm)
+Ftp::Gateway::ftpAuthRequired(HttpRequest * request, SBuf &realm)
{
ErrorState err(ERR_CACHE_ACCESS_DENIED, Http::scUnauthorized, request);
HttpReply *newrep = err.BuildHttpReply();
#if HAVE_AUTH_MODULE_BASIC
/* add Authenticate header */
- newrep->header.putAuth("Basic", realm);
+ // XXX: performance regression. c_str() may reallocate
+ newrep->header.putAuth("Basic", realm.c_str());
#endif
return newrep;
}
=== modified file 'src/fde.cc'
--- src/fde.cc 2017-01-01 00:16:45 +0000
+++ src/fde.cc 2017-06-22 15:31:46 +0000
@@ -85,15 +85,15 @@
char const *
fde::remoteAddr() const
{
- LOCAL_ARRAY(char, buf, MAX_IPSTRLEN );
+ static char buf[MAX_IPSTRLEN+7]; // 7 = length of ':port' strings
if (type != FD_SOCKET)
return null_string;
if ( *ipaddr )
- snprintf( buf, MAX_IPSTRLEN, "%s:%d", ipaddr, (int)remote_port);
+ snprintf(buf, sizeof(buf), "%s:%u", ipaddr, remote_port);
else
- local_addr.toUrl(buf,MAX_IPSTRLEN); // toHostStr does not include port.
+ local_addr.toUrl(buf, sizeof(buf)); // toHostStr does not include port.
return buf;
}
=== modified file 'src/fs/ufs/RebuildState.cc'
--- src/fs/ufs/RebuildState.cc 2017-01-01 00:16:45 +0000
+++ src/fs/ufs/RebuildState.cc 2017-06-22 15:31:46 +0000
@@ -444,7 +444,7 @@
}
if (0 == in_dir) { /* we need to read in a new directory */
- snprintf(fullpath, MAXPATHLEN, "%s/%02X/%02X",
+ snprintf(fullpath, sizeof(fullpath), "%s/%02X/%02X",
sd->path,
curlvl1, curlvl2);
@@ -489,7 +489,7 @@
continue;
}
- snprintf(fullfilename, MAXPATHLEN, "%s/%s",
+ snprintf(fullfilename, sizeof(fullfilename), "%s/%s",
fullpath, entry->d_name);
debugs(47, 3, HERE << "Opening " << fullfilename);
fd = file_open(fullfilename, O_RDONLY | O_BINARY);
=== modified file 'src/fs/ufs/RebuildState.h'
--- src/fs/ufs/RebuildState.h 2017-01-01 00:16:45 +0000
+++ src/fs/ufs/RebuildState.h 2017-06-22 15:31:46 +0000
@@ -54,7 +54,7 @@
dirent_t *entry;
DIR *td;
char fullpath[MAXPATHLEN];
- char fullfilename[MAXPATHLEN];
+ char fullfilename[MAXPATHLEN*2];
StoreRebuildData counts;
=== modified file 'src/gopher.cc'
--- src/gopher.cc 2017-01-01 00:16:45 +0000
+++ src/gopher.cc 2017-06-22 15:31:46 +0000
@@ -820,7 +820,7 @@
* This will be called when request write is complete. Schedule read of reply.
*/
static void
-gopherSendComplete(const Comm::ConnectionPointer &conn, char *buf, size_t size, Comm::Flag errflag, int xerrno, void *data)
+gopherSendComplete(const Comm::ConnectionPointer &conn, char *, size_t size, Comm::Flag errflag, int xerrno, void *data)
{
GopherStateData *gopherState = (GopherStateData *) data;
StoreEntry *entry = gopherState->entry;
@@ -840,10 +840,6 @@
err->url = xstrdup(entry->url());
gopherState->fwd->fail(err);
gopherState->serverConn->close();
-
- if (buf)
- memFree(buf, MEM_4K_BUF); /* Allocated by gopherSendRequest. */
-
return;
}
@@ -885,9 +881,6 @@
AsyncCall::Pointer call = commCbCall(5,5, "gopherReadReply",
CommIoCbPtrFun(gopherReadReply, gopherState));
entry->delayAwareRead(conn, gopherState->replybuf, BUFSIZ, call);
-
- if (buf)
- memFree(buf, MEM_4K_BUF); /* Allocated by gopherSendRequest. */
}
/**
@@ -898,32 +891,31 @@
gopherSendRequest(int fd, void *data)
{
GopherStateData *gopherState = (GopherStateData *)data;
- char *buf = (char *)memAllocate(MEM_4K_BUF);
+ MemBuf mb;
+ mb.init();
if (gopherState->type_id == GOPHER_CSO) {
const char *t = strchr(gopherState->request, '?');
- if (t != NULL)
+ if (t)
++t; /* skip the ? */
else
t = "";
- snprintf(buf, 4096, "query %s\r\nquit\r\n", t);
- } else if (gopherState->type_id == GOPHER_INDEX) {
- char *t = strchr(gopherState->request, '?');
-
- if (t != NULL)
- *t = '\t';
-
- snprintf(buf, 4096, "%s\r\n", gopherState->request);
+ mb.Printf("query %s\r\nquit", t);
} else {
- snprintf(buf, 4096, "%s\r\n", gopherState->request);
+ if (gopherState->type_id == GOPHER_INDEX) {
+ if (char *t = strchr(gopherState->request, '?'))
+ *t = '\t';
+ }
+ mb.append(gopherState->request, strlen(gopherState->request));
}
+ mb.append("\r\n", 2);
- debugs(10, 5, HERE << gopherState->serverConn);
+ debugs(10, 5, gopherState->serverConn);
AsyncCall::Pointer call = commCbCall(5,5, "gopherSendComplete",
CommIoCbPtrFun(gopherSendComplete, gopherState));
- Comm::Write(gopherState->serverConn, buf, strlen(buf), call, NULL);
+ Comm::Write(gopherState->serverConn, &mb, call);
gopherState->entry->makePublic();
}
=== modified file 'src/icmp/Makefile.am'
--- src/icmp/Makefile.am 2017-01-01 00:16:45 +0000
+++ src/icmp/Makefile.am 2017-06-22 15:31:46 +0000
@@ -59,7 +59,8 @@
pinger_LDFLAGS = $(LIBADD_DL)
pinger_LDADD=\
libicmp-core.la \
- ../ip/libip.la \
+ $(top_builddir)/src/ip/libip.la \
+ $(top_builddir)/src/base/libbase.la \
$(COMPAT_LIB) \
$(XTRA_LIBS)

34
src/patches/squid/squid-3.5-14175.patch
View File

@@ -1,34 +0,0 @@
------------------------------------------------------------
revno: 14175
revision-id: squid3@treenet.co.nz-20170629125627-socq6szqysvm9ifa
parent: squid3@treenet.co.nz-20170622153146-nxo8vl6a9r8z03v4
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4112
author: Sven Eisenberg <sven.eisenberg@lairdtech.com>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Fri 2017-06-30 00:56:27 +1200
message:
Bug 4112: ssl_engine does not accept cryptodev
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20170629125627-socq6szqysvm9ifa
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: c74e6941e5b6df8e36d26dd5c02389ae2955bc21
# timestamp: 2017-06-29 13:51:04 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20170622153146-\
# nxo8vl6a9r8z03v4
#
# Begin patch
=== modified file 'src/ssl/support.cc'
--- src/ssl/support.cc 2017-01-27 16:14:19 +0000
+++ src/ssl/support.cc 2017-06-29 12:56:27 +0000
@@ -737,6 +737,7 @@
#if HAVE_OPENSSL_ENGINE_H
if (Config.SSL.ssl_engine) {
+ ENGINE_load_builtin_engines();
ENGINE *e;
if (!(e = ENGINE_by_id(Config.SSL.ssl_engine)))
fatalf("Unable to find SSL engine '%s'\n", Config.SSL.ssl_engine);

42
src/patches/squid/squid-3.5-14176.patch
View File

@@ -1,42 +0,0 @@
------------------------------------------------------------
revno: 14176
revision-id: squid3@treenet.co.nz-20170701073514-uzowexcysowqostf
parent: squid3@treenet.co.nz-20170629125627-socq6szqysvm9ifa
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4687
author: Lubos Uhliarik <luhliari@redhat.com>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sat 2017-07-01 19:35:14 +1200
message:
Bug 4687: Wrong names of components in man page, section SEE ALSO
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20170701073514-uzowexcysowqostf
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 9099c98de3cb8fc125dd9952373de42c079b0ccc
# timestamp: 2017-07-01 07:45:05 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20170629125627-\
# socq6szqysvm9ifa
#
# Begin patch
=== modified file 'src/squid.8.in'
--- src/squid.8.in 2017-01-01 00:16:45 +0000
+++ src/squid.8.in 2017-07-01 07:35:14 +0000
@@ -265,11 +265,11 @@
.SH SEE ALSO
.if !'po4a'hide' .B cachemgr.cgi "(8), "
.if !'po4a'hide' .B squidclient "(1), "
-.if !'po4a'hide' .B pam_auth "(8), "
-.if !'po4a'hide' .B squid_ldap_auth "(8), "
-.if !'po4a'hide' .B squid_ldap_group "(8), "
+.if !'po4a'hide' .B basic_pam_auth "(8), "
+.if !'po4a'hide' .B basic_ldap_auth "(8), "
+.if !'po4a'hide' .B ext_ldap_group_acl "(8), "
.if !'po4a'hide' .B ext_session_acl "(8), "
-.if !'po4a'hide' .B squid_unix_group "(8), "
+.if !'po4a'hide' .B ext_unix_group_acl "(8), "
.br
The Squid FAQ wiki
.if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq

52
src/patches/squid/squid-3.5-14177.patch
View File

@@ -1,52 +0,0 @@
------------------------------------------------------------
revno: 14177
revision-id: squid3@treenet.co.nz-20170701073754-4x1i6p5s1gzk73co
parent: squid3@treenet.co.nz-20170701073514-uzowexcysowqostf
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sat 2017-07-01 19:37:54 +1200
message:
basic_ncsa_auth: fix hash listing wrap in man(8) page
'*' list bullet points must be indented with whitespace.
If they are not the list is treated as a single wrapped paragraph.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20170701073754-4x1i6p5s1gzk73co
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: ffd783ab19a438c56affcdc6c1d106fa00403f4f
# timestamp: 2017-07-01 07:45:09 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20170701073514-\
# uzowexcysowqostf
#
# Begin patch
=== modified file 'helpers/basic_auth/NCSA/basic_ncsa_auth.8'
--- helpers/basic_auth/NCSA/basic_ncsa_auth.8 2017-01-01 00:16:45 +0000
+++ helpers/basic_auth/NCSA/basic_ncsa_auth.8 2017-07-01 07:37:54 +0000
@@ -18,15 +18,15 @@
.PP
This authenticator accepts:
.BR
-* Blowfish - for passwords 72 characters or less in length
-.BR
-* SHA256 - with salting and magic strings
-.BR
-* SHA512 - with salting and magic strings
-.BR
-* MD5 - with optional salt and magic strings
-.BR
-* DES - for passwords 8 characters or less in length
+ * Blowfish \- for passwords 72 characters or less in length.
+.BR
+ * SHA256 \- with salting and magic strings.
+.BR
+ * SHA512 \- with salting and magic strings.
+.BR
+ * MD5 \- with optional salt and magic strings.
+.BR
+ * DES \- for passwords 8 characters or less in length.
.
NOTE: Blowfish and SHA algorithms require system-specific support.
.

36
src/patches/squid/squid-3.5-14178.patch
View File

@@ -1,36 +0,0 @@
------------------------------------------------------------
revno: 14178
revision-id: squid3@treenet.co.nz-20170701081116-xekwolj1wdkeaxqv
parent: squid3@treenet.co.nz-20170701073754-4x1i6p5s1gzk73co
author: Alex Rousskov <rousskov@measurement-factory.com>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sat 2017-07-01 20:11:16 +1200
message:
Fix message packing error handling in mgr and snmp SMP Forwarders.
A missing "return" resulted in Forwarders sending garbage (or worse) to
Coordinator.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20170701081116-xekwolj1wdkeaxqv
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: a593abc992a79d4539dede76b4f63e013f96d33a
# timestamp: 2017-07-01 08:51:30 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20170701073754-\
# 4x1i6p5s1gzk73co
#
# Begin patch
=== modified file 'src/ipc/Forwarder.cc'
--- src/ipc/Forwarder.cc 2017-01-01 00:16:45 +0000
+++ src/ipc/Forwarder.cc 2017-07-01 08:11:16 +0000
@@ -62,6 +62,7 @@
// assume the pack() call failed because the message did not fit
// TODO: add a more specific exception?
handleError();
+ return;
}
SendMessage(Ipc::Port::CoordinatorAddr(), message);

105
src/patches/squid/squid-3.5-14179.patch
View File

@@ -1,105 +0,0 @@
------------------------------------------------------------
revno: 14179
revision-id: squid3@treenet.co.nz-20170701095916-wknqmneq2w0mxt6a
parent: squid3@treenet.co.nz-20170701081116-xekwolj1wdkeaxqv
author: Alex Rousskov <rousskov@measurement-factory.com>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sat 2017-07-01 21:59:16 +1200
message:
Fix mgr query handoff from the original recipient to Coordinator.
This bug has already been fixed once, in trunk r11164.1.61, but that fix
was accidentally undone shortly after, during significant cross-branch
merging activity combined with the Forwarder class split. The final
merge importing the associated code (trunk r11730) was buggy.
The bug (explained in r11164.1.61) leads to a race condition between
* Store notifying Server classes about the entry completion (which might
trigger a bogus error message sent to the cache manager client while
Coordinator sends its own valid response on the same connection!) and
* post-cleanup() connection closure handlers of Server classes silently
closing everything (and leaving Coordinator the only responding
process on that shared connection).
The bug probably was not noticed for so long because, evidently, the
latter actions tend to win in the current code.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20170701095916-wknqmneq2w0mxt6a
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: c7e89c80468c7f388f7e09ad2d68a245789db50d
# timestamp: 2017-07-01 10:51:12 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20170701081116-\
# xekwolj1wdkeaxqv
#
# Begin patch
=== modified file 'src/ipc/Forwarder.h'
--- src/ipc/Forwarder.h 2017-01-01 00:16:45 +0000
+++ src/ipc/Forwarder.h 2017-07-01 09:59:16 +0000
@@ -47,12 +47,14 @@
virtual void handleError();
virtual void handleTimeout();
virtual void handleException(const std::exception& e);
- virtual void handleRemoteAck();
private:
static void RequestTimedOut(void* param);
void requestTimedOut();
void removeTimeoutEvent();
+
+ void handleRemoteAck();
+
static AsyncCall::Pointer DequeueRequest(unsigned int requestId);
protected:
=== modified file 'src/mgr/Forwarder.cc'
--- src/mgr/Forwarder.cc 2017-01-01 00:16:45 +0000
+++ src/mgr/Forwarder.cc 2017-07-01 09:59:16 +0000
@@ -102,17 +102,6 @@
mustStop("commClosed");
}
-/// called when Coordinator starts processing the request
-void
-Mgr::Forwarder::handleRemoteAck()
-{
- Ipc::Forwarder::handleRemoteAck();
-
- Must(entry != NULL);
- EBIT_CLR(entry->flags, ENTRY_FWD_HDR_WAIT);
- entry->complete();
-}
-
/// send error page
void
Mgr::Forwarder::sendError(ErrorState *error)
=== modified file 'src/mgr/Forwarder.h'
--- src/mgr/Forwarder.h 2017-01-01 00:16:45 +0000
+++ src/mgr/Forwarder.h 2017-07-01 09:59:16 +0000
@@ -40,7 +40,6 @@
virtual void handleError();
virtual void handleTimeout();
virtual void handleException(const std::exception& e);
- virtual void handleRemoteAck();
private:
void noteCommClosed(const CommCloseCbParams& params);
=== modified file 'src/tests/stub_libmgr.cc'
--- src/tests/stub_libmgr.cc 2017-01-01 00:16:45 +0000
+++ src/tests/stub_libmgr.cc 2017-07-01 09:59:16 +0000
@@ -100,7 +100,6 @@
void Mgr::Forwarder::handleError() STUB
void Mgr::Forwarder::handleTimeout() STUB
void Mgr::Forwarder::handleException(const std::exception& e) STUB
-void Mgr::Forwarder::handleRemoteAck() STUB
#include "mgr/FunAction.h"
Mgr::Action::Pointer Mgr::FunAction::Create(const CommandPointer &cmd, OBJH *aHandler) STUB_RETVAL(dummyAction)

448
src/patches/squid/squid-3.5-14180.patch
View File

@@ -1,448 +0,0 @@
------------------------------------------------------------
revno: 14180
revision-id: squid3@treenet.co.nz-20170701120848-q2xznzfvxb4kwvb6
parent: squid3@treenet.co.nz-20170701095916-wknqmneq2w0mxt6a
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4464
author: Christos Tsantilas <chtsanti@users.sourceforge.net>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sun 2017-07-02 00:08:48 +1200
message:
Bug 4464: Reduce "!Comm::MonitorsRead(serverConnection->fd)" assertions.
* Protect Squid Client classes from new requests that compete with
ongoing pinned connection use and
* resume dealing with new requests when those Client classes are done
using the pinned connection.
Replaced primary ConnStateData::pinConnection() calls with a pair of
pinBusyConnection() and notePinnedConnectionBecameIdle() calls,
depending on the pinned connection state ("busy" or "idle").
Removed pinConnection() parameters that were not longer used or could be computed from the remaining parameters.
Removed ConnStateData::httpsPeeked() code "hiding" the originating
request and connection peer details while entering the first "idle"
state. The old (trunk r11880.1.6) bump-server-first code used a pair of
NULLs because "Intercepted connections do not have requests at the
connection pinning stage", but that limitation no longer applicable
because Squid always fakes (when intercepting) or parses (a CONNECT)
request now, even during SslBump step1.
The added XXX and TODOs are not directly related to this fix. They
were added to document problems discovered while working on this fix.
In v3.5 code, the same problems manifest as Read.cc
"fd_table[conn->fd].halfClosedReader != NULL" assertions.
This is a Measurement Factory project
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20170701120848-q2xznzfvxb4kwvb6
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: e4f432eed8a845431d4bbbf023de04d682adeaff
# timestamp: 2017-07-01 12:32:26 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20170701095916-\
# wknqmneq2w0mxt6a
#
# Begin patch
=== modified file 'src/FwdState.cc'
--- src/FwdState.cc 2017-01-01 00:16:45 +0000
+++ src/FwdState.cc 2017-07-01 12:08:48 +0000
@@ -246,7 +246,7 @@
#if USE_OPENSSL
if (request->flags.sslPeek && request->clientConnectionManager.valid()) {
CallJobHere1(17, 4, request->clientConnectionManager, ConnStateData,
- ConnStateData::httpsPeeked, Comm::ConnectionPointer(NULL));
+ ConnStateData::httpsPeeked, ConnStateData::PinnedIdleContext(Comm::ConnectionPointer(nullptr), request));
}
#endif
} else {
@@ -952,7 +952,7 @@
#if USE_OPENSSL
if (request->flags.sslPeek) {
CallJobHere1(17, 4, request->clientConnectionManager, ConnStateData,
- ConnStateData::httpsPeeked, serverConnection());
+ ConnStateData::httpsPeeked, ConnStateData::PinnedIdleContext(serverConnection(), request));
unregister(serverConn); // async call owns it now
complete(); // destroys us
return;
=== modified file 'src/base/RefCount.h'
--- src/base/RefCount.h 2017-01-01 00:16:45 +0000
+++ src/base/RefCount.h 2017-07-01 12:08:48 +0000
@@ -54,9 +54,7 @@
C & operator * () const {return *const_cast<C *>(p_); }
- C const * getRaw() const {return p_; }
-
- C * getRaw() {return const_cast<C *>(p_); }
+ C * getRaw() const { return const_cast<C *>(p_); }
bool operator == (const RefCount& p) const {
return p.p_ == p_;
=== modified file 'src/client_side.cc'
--- src/client_side.cc 2017-05-29 13:15:55 +0000
+++ src/client_side.cc 2017-07-01 12:08:48 +0000
@@ -836,6 +836,7 @@
assert(areAllContextsForThisConnection());
freeAllContexts();
+ // XXX: Closing pinned conn is too harsh: The Client may want to continue!
unpinConnection(true);
if (Comm::IsConnOpen(clientConnection))
@@ -1559,6 +1560,13 @@
debugs(33, 3, HERE << "ConnnStateData(" << conn->clientConnection << "), Context(" << clientConnection << ")");
connIsFinished();
+ conn->kick();
+}
+
+void
+ConnStateData::kick()
+{
+ ConnStateData * conn = this; // XXX: Remove this diff minimization hack
if (conn->pinning.pinned && !Comm::IsConnOpen(conn->pinning.serverConnection)) {
debugs(33, 2, HERE << conn->clientConnection << " Connection was pinned but server side gone. Terminating client connection");
@@ -3240,6 +3248,13 @@
if (in.buf.isEmpty())
break;
+ // Prohibit concurrent requests when using a pinned to-server connection
+ // because our Client classes do not support request pipelining.
+ if (pinning.pinned && !pinning.readHandler) {
+ debugs(33, 3, clientConnection << " waits for busy " << pinning.serverConnection);
+ break;
+ }
+
/* Limit the number of concurrent requests */
if (concurrentRequestQueueFilled())
break;
@@ -4434,22 +4449,19 @@
}
void
-ConnStateData::httpsPeeked(Comm::ConnectionPointer serverConnection)
+ConnStateData::httpsPeeked(PinnedIdleContext pic)
{
Must(sslServerBump != NULL);
+ Must(sslServerBump->request == pic.request);
+ Must(currentobject == NULL || currentobject->http == NULL || currentobject->http->request == pic.request.getRaw());
- if (Comm::IsConnOpen(serverConnection)) {
- pinConnection(serverConnection, NULL, NULL, false);
+ if (Comm::IsConnOpen(pic.connection)) {
+ notePinnedConnectionBecameIdle(pic);
debugs(33, 5, HERE << "bumped HTTPS server: " << sslConnectHostOrIp);
- } else {
+ } else
debugs(33, 5, HERE << "Error while bumping: " << sslConnectHostOrIp);
- // copy error detail from bump-server-first request to CONNECT request
- if (currentobject != NULL && currentobject->http != NULL && currentobject->http->request)
- currentobject->http->request->detailError(sslServerBump->request->errType, sslServerBump->request->errDetail);
- }
-
getSslContextStart();
}
@@ -4952,19 +4964,35 @@
}
void
-ConnStateData::pinConnection(const Comm::ConnectionPointer &pinServer, HttpRequest *request, CachePeer *aPeer, bool auth, bool monitor)
-{
- if (!Comm::IsConnOpen(pinning.serverConnection) ||
- pinning.serverConnection->fd != pinServer->fd)
- pinNewConnection(pinServer, request, aPeer, auth);
-
- if (monitor)
- startPinnedConnectionMonitoring();
-}
-
-void
-ConnStateData::pinNewConnection(const Comm::ConnectionPointer &pinServer, HttpRequest *request, CachePeer *aPeer, bool auth)
-{
+ConnStateData::pinBusyConnection(const Comm::ConnectionPointer &pinServer, const HttpRequest::Pointer &request)
+{
+ pinConnection(pinServer, request);
+}
+
+void
+ConnStateData::notePinnedConnectionBecameIdle(PinnedIdleContext pic)
+{
+ Must(pic.connection != NULL);
+ Must(pic.request != NULL);
+ pinConnection(pic.connection, pic.request);
+
+ // monitor pinned server connection for remote-end closures.
+ startPinnedConnectionMonitoring();
+
+ if (!currentobject)
+ kick(); // in case clientParseRequests() was blocked by a busy pic.connection
+}
+
+/// Forward future client requests using the given server connection.
+void
+ConnStateData::pinConnection(const Comm::ConnectionPointer &pinServer, const HttpRequest::Pointer &request)
+{
+ if (Comm::IsConnOpen(pinning.serverConnection) &&
+ pinning.serverConnection->fd == pinServer->fd) {
+ debugs(33, 3, "already pinned" << pinServer);
+ return;
+ }
+
unpinConnection(true); // closes pinned connection, if any, and resets fields
pinning.serverConnection = pinServer;
@@ -4973,23 +5001,21 @@
Must(pinning.serverConnection != NULL);
- // when pinning an SSL bumped connection, the request may be NULL
const char *pinnedHost = "[unknown]";
- if (request) {
+ if (request != NULL) {
pinning.host = xstrdup(request->GetHost());
pinning.port = request->port;
pinnedHost = pinning.host;
+ pinning.auth = request->flags.connectionAuth;
} else {
pinning.port = pinServer->remote.port();
}
pinning.pinned = true;
- if (aPeer)
- pinning.peer = cbdataReference(aPeer);
- pinning.auth = auth;
+ pinning.peer = cbdataReference(pinServer->getPeer());
char stmp[MAX_IPSTRLEN];
char desc[FD_DESC_SZ];
snprintf(desc, FD_DESC_SZ, "%s pinned connection for %s (%d)",
- (auth || !aPeer) ? pinnedHost : aPeer->name,
+ (pinning.auth || !pinning.peer) ? pinnedHost : pinning.peer->name,
clientConnection->remote.toUrl(stmp,MAX_IPSTRLEN),
clientConnection->fd);
fd_note(pinning.serverConnection->fd, desc);
@@ -5164,3 +5190,8 @@
* connection has gone away */
}
+std::ostream &
+operator <<(std::ostream &os, const ConnStateData::PinnedIdleContext &pic)
+{
+ return os << pic.connection << ", request=" << pic.request;
+}
=== modified file 'src/client_side.h'
--- src/client_side.h 2017-01-01 00:16:45 +0000
+++ src/client_side.h 2017-07-01 12:08:48 +0000
@@ -26,6 +26,8 @@
#include "ssl/support.h"
#endif
+#include <iosfwd>
+
class ConnStateData;
class ClientHttpRequest;
class clientStreamNode;
@@ -188,6 +190,11 @@
/// Traffic parsing
bool clientParseRequests();
void readNextRequest();
+
+ // In v3.5, usually called via ClientSocketContext::keepaliveNextRequest().
+ /// try to make progress on a transaction or read more I/O
+ void kick();
+
ClientSocketContext::Pointer getCurrentContext() const;
void addContextToQueue(ClientSocketContext * context);
int getConcurrentRequestCount() const;
@@ -287,9 +294,21 @@
bool handleReadData();
bool handleRequestBodyData();
- /// Forward future client requests using the given server connection.
- /// Optionally, monitor pinned server connection for remote-end closures.
- void pinConnection(const Comm::ConnectionPointer &pinServerConn, HttpRequest *request, CachePeer *peer, bool auth, bool monitor = true);
+ /// parameters for the async notePinnedConnectionBecameIdle() call
+ class PinnedIdleContext
+ {
+ public:
+ PinnedIdleContext(const Comm::ConnectionPointer &conn, const HttpRequest::Pointer &req): connection(conn), request(req) {}
+
+ Comm::ConnectionPointer connection; ///< to-server connection to be pinned
+ HttpRequest::Pointer request; ///< to-server request that initiated serverConnection
+ };
+
+ /// Called when a pinned connection becomes available for forwarding the next request.
+ void notePinnedConnectionBecameIdle(PinnedIdleContext pic);
+ /// Forward future client requests using the given to-server connection.
+ /// The connection is still being used by the current client request.
+ void pinBusyConnection(const Comm::ConnectionPointer &pinServerConn, const HttpRequest::Pointer &request);
/// Undo pinConnection() and, optionally, close the pinned connection.
void unpinConnection(const bool andClose);
/// Returns validated pinnned server connection (and stops its monitoring).
@@ -345,7 +364,7 @@
/// generated
void doPeekAndSpliceStep();
/// called by FwdState when it is done bumping the server
- void httpsPeeked(Comm::ConnectionPointer serverConnection);
+ void httpsPeeked(PinnedIdleContext pic);
/// Start to create dynamic SSL_CTX for host or uses static port SSL context.
void getSslContextStart();
@@ -449,7 +468,7 @@
void clientAfterReadingRequests();
bool concurrentRequestQueueFilled() const;
- void pinNewConnection(const Comm::ConnectionPointer &pinServer, HttpRequest *request, CachePeer *aPeer, bool auth);
+ void pinConnection(const Comm::ConnectionPointer &pinServerConn, const HttpRequest::Pointer &request);
/* PROXY protocol functionality */
bool proxyProtocolValidateClient();
@@ -516,5 +535,7 @@
void clientProcessRequest(ConnStateData *conn, HttpParser *hp, ClientSocketContext *context, const HttpRequestMethod& method, Http::ProtocolVersion http_ver);
void clientPostHttpsAccept(ConnStateData *connState);
+std::ostream &operator <<(std::ostream &os, const ConnStateData::PinnedIdleContext &pic);
+
#endif /* SQUID_CLIENTSIDE_H */
=== modified file 'src/clients/FtpRelay.cc'
--- src/clients/FtpRelay.cc 2017-01-01 00:16:45 +0000
+++ src/clients/FtpRelay.cc 2017-07-01 12:08:48 +0000
@@ -210,9 +210,10 @@
mgr->unpinConnection(false);
ctrl.close();
} else {
- mgr->pinConnection(ctrl.conn, fwd->request,
- ctrl.conn->getPeer(),
- fwd->request->flags.connectionAuth);
+ CallJobHere1(9, 4, mgr,
+ ConnStateData,
+ notePinnedConnectionBecameIdle,
+ ConnStateData::PinnedIdleContext(ctrl.conn, fwd->request));
ctrl.forget();
}
}
=== modified file 'src/http.cc'
--- src/http.cc 2017-06-15 00:16:33 +0000
+++ src/http.cc 2017-07-01 12:08:48 +0000
@@ -1383,9 +1383,6 @@
void
HttpStateData::processReplyBody()
{
- Ip::Address client_addr;
- bool ispinned = false;
-
if (!flags.headers_parsed) {
flags.do_next_read = true;
maybeReadVirginBody();
@@ -1435,35 +1432,49 @@
}
break;
- case COMPLETE_PERSISTENT_MSG:
+ case COMPLETE_PERSISTENT_MSG: {
debugs(11, 5, "processReplyBody: COMPLETE_PERSISTENT_MSG from " << serverConnection);
- /* yes we have to clear all these! */
+
+ // TODO: Remove serverConnectionSaved but preserve exception safety.
+
commUnsetConnTimeout(serverConnection);
flags.do_next_read = false;
comm_remove_close_handler(serverConnection->fd, closeHandler);
closeHandler = NULL;
- fwd->unregister(serverConnection);
+ Ip::Address client_addr; // XXX: Remove as unused. Why was it added?
if (request->flags.spoofClientIp)
client_addr = request->client_addr;
+ Comm::ConnectionPointer serverConnectionSaved = serverConnection;
+ fwd->unregister(serverConnection);
+ serverConnection = nullptr;
+
+ bool ispinned = false; // TODO: Rename to isOrShouldBePinned
if (request->flags.pinned) {
ispinned = true;
} else if (request->flags.connectionAuth && request->flags.authSent) {
ispinned = true;
}
- if (ispinned && request->clientConnectionManager.valid()) {
- request->clientConnectionManager->pinConnection(serverConnection, request, _peer,
- (request->flags.connectionAuth));
+ if (ispinned) {
+ if (request->clientConnectionManager.valid()) {
+ CallJobHere1(11, 4, request->clientConnectionManager,
+ ConnStateData,
+ notePinnedConnectionBecameIdle,
+ ConnStateData::PinnedIdleContext(serverConnectionSaved, request));
+ } else {
+ // must not pool/share ispinned connections, even orphaned ones
+ serverConnectionSaved->close();
+ }
} else {
- fwd->pconnPush(serverConnection, request->GetHost());
+ fwd->pconnPush(serverConnectionSaved, request->GetHost());
}
- serverConnection = NULL;
serverComplete();
return;
+ }
case COMPLETE_NONPERSISTENT_MSG:
debugs(11, 5, "processReplyBody: COMPLETE_NONPERSISTENT_MSG from " << serverConnection);
=== modified file 'src/servers/FtpServer.cc'
--- src/servers/FtpServer.cc 2017-02-26 11:09:42 +0000
+++ src/servers/FtpServer.cc 2017-07-01 12:08:48 +0000
@@ -301,12 +301,8 @@
Must(http != NULL);
HttpRequest *const request = http->request;
Must(request != NULL);
-
- // this is not an idle connection, so we do not want I/O monitoring
- const bool monitor = false;
-
// make FTP peer connection exclusive to our request
- pinConnection(conn, request, conn->getPeer(), false, monitor);
+ pinBusyConnection(conn, request);
}
void
=== modified file 'src/tests/stub_client_side.cc'
--- src/tests/stub_client_side.cc 2017-01-01 00:16:45 +0000
+++ src/tests/stub_client_side.cc 2017-07-01 12:08:48 +0000
@@ -60,7 +60,8 @@
void ConnStateData::noteBodyConsumerAborted(BodyPipe::Pointer) STUB
bool ConnStateData::handleReadData() STUB_RETVAL(false)
bool ConnStateData::handleRequestBodyData() STUB_RETVAL(false)
-void ConnStateData::pinConnection(const Comm::ConnectionPointer &pinServerConn, HttpRequest *request, CachePeer *peer, bool auth, bool monitor) STUB
+void ConnStateData::pinBusyConnection(const Comm::ConnectionPointer &, const HttpRequest::Pointer &) STUB
+void ConnStateData::notePinnedConnectionBecameIdle(PinnedIdleContext) STUB
void ConnStateData::unpinConnection(const bool andClose) STUB
const Comm::ConnectionPointer ConnStateData::validatePinnedConnection(HttpRequest *request, const CachePeer *peer) STUB_RETVAL(NULL)
void ConnStateData::clientPinnedConnectionClosed(const CommCloseCbParams &io) STUB
@@ -70,7 +71,7 @@
void ConnStateData::swanSong() STUB
void ConnStateData::quitAfterError(HttpRequest *request) STUB
#if USE_OPENSSL
-void ConnStateData::httpsPeeked(Comm::ConnectionPointer serverConnection) STUB
+void ConnStateData::httpsPeeked(PinnedIdleContext) STUB
void ConnStateData::getSslContextStart() STUB
void ConnStateData::getSslContextDone(SSL_CTX * sslContext, bool isNew) STUB
void ConnStateData::sslCrtdHandleReplyWrapper(void *data, const Helper::Reply &reply) STUB

30
src/patches/squid/squid-3.5-14181.patch
View File

@@ -1,30 +0,0 @@
------------------------------------------------------------
revno: 14181
revision-id: squidadm@squid-cache.org-20170701121615-ktx76udds2mzmc6c
parent: squid3@treenet.co.nz-20170701120848-q2xznzfvxb4kwvb6
committer: Source Maintenance <squidadm@squid-cache.org>
branch nick: 3.5
timestamp: Sat 2017-07-01 12:16:15 +0000
message:
SourceFormat Enforcement
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squidadm@squid-cache.org-20170701121615-\
# ktx76udds2mzmc6c
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: d7942d1260def31f62ccc820a44bb769381beae2
# timestamp: 2017-07-01 12:32:29 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20170701120848-\
# q2xznzfvxb4kwvb6
#
# Begin patch
=== modified file 'src/client_side.cc'
--- src/client_side.cc 2017-07-01 12:08:48 +0000
+++ src/client_side.cc 2017-07-01 12:16:15 +0000
@@ -5195,3 +5195,4 @@
{
return os << pic.connection << ", request=" << pic.request;
}
+

35
src/patches/squid/squid-3.5-14182.patch
View File

@@ -1,35 +0,0 @@
------------------------------------------------------------
revno: 14182
revision-id: squid3@treenet.co.nz-20170701232253-3beaysa03xf5c67p
parent: squidadm@squid-cache.org-20170701121615-ktx76udds2mzmc6c
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sun 2017-07-02 11:22:53 +1200
message:
Fix build on FreeBSD after rev.14180
RefCount<> does not support assignment from nullptr with C++03
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20170701232253-3beaysa03xf5c67p
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: d5ecf68c60c022783f69311e9049e546be8fa1a0
# timestamp: 2017-07-01 23:50:58 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squidadm@squid-cache.org-20170701121615-\
# ktx76udds2mzmc6c
#
# Begin patch
=== modified file 'src/http.cc'
--- src/http.cc 2017-07-01 12:08:48 +0000
+++ src/http.cc 2017-07-01 23:22:53 +0000
@@ -1449,7 +1449,7 @@
Comm::ConnectionPointer serverConnectionSaved = serverConnection;
fwd->unregister(serverConnection);
- serverConnection = nullptr;
+ serverConnection = NULL;
bool ispinned = false; // TODO: Rename to isOrShouldBePinned
if (request->flags.pinned) {

2
src/setup/passwords.c
View File

@@ -56,7 +56,7 @@ int handleadminpassword(void)
return 0;
snprintf(commandstring, STRING_SIZE,
"/usr/sbin/htpasswd -c -m -b " CONFIG_ROOT "/auth/users admin '%s'", password);
"/usr/bin/htpasswd -c -B -C 7 -b " CONFIG_ROOT "/auth/users admin '%s'", password);
sprintf(message, _("Setting %s 'admin' user password..."), NAME);
if (runhiddencommandwithstatus(commandstring, _("Setting password"), message, NULL)) {
sprintf(message, _("Problem setting %s 'admin' user password."), NAME);