webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next

Browse Source
This commit is contained in:
Michael Tremer
2016-08-31 22:40:16 +01:00
parent a07b8a2d55 5e358816c5
commit 457367e13d
42 changed files with 1224 additions and 327 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/rootfiles/common/gnupg
View File

@@ -13,6 +13,4 @@ usr/lib/gnupg/gpgkeys_ldap
#usr/share/info/gnupg1.info
#usr/share/man/man1/gpg-zip.1
#usr/share/man/man1/gpg.1
#usr/share/man/man1/gpg.ru.1
#usr/share/man/man1/gpgv.1
#usr/share/man/man7/gnupg.7

2
config/rootfiles/common/libgcrypt
View File

@@ -6,7 +6,7 @@
#usr/lib/libgcrypt.la
#usr/lib/libgcrypt.so
usr/lib/libgcrypt.so.20
usr/lib/libgcrypt.so.20.0.4
usr/lib/libgcrypt.so.20.1.3
#usr/share/aclocal/libgcrypt.m4
#usr/share/info/gcrypt.info
#usr/share/man/man1/hmac256.1

2
config/rootfiles/common/libgpg-error
View File

@@ -4,7 +4,7 @@ usr/bin/gpg-error
#usr/lib/libgpg-error.la
#usr/lib/libgpg-error.so
usr/lib/libgpg-error.so.0
usr/lib/libgpg-error.so.0.16.0
usr/lib/libgpg-error.so.0.19.1
#usr/share/aclocal/gpg-error.m4
#usr/share/common-lisp
#usr/share/common-lisp/source

5
config/rootfiles/core/104/update.sh
View File

@@ -139,11 +139,6 @@ esac
# Extract files
tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /
# Update customservices
cp /var/ipfire/fwhosts/customservices /var/ipfire/fwhosts/customservices.old
echo 35,Submission (TCP),587,TCP,BLANK,0 >> /var/ipfire/fwhosts/customservices
echo 36,SSMTP,465,TCP,BLANK,0 >> /var/ipfire/fwhosts/customservices
# Remove some old files
rm -f /bin/groups /lib/libshadow.so.0*

2
config/rootfiles/packages/libassuan
View File

@@ -3,6 +3,6 @@ usr/bin/libassuan-config
#usr/lib/libassuan.la
usr/lib/libassuan.so
usr/lib/libassuan.so.0
usr/lib/libassuan.so.0.5.0
usr/lib/libassuan.so.0.7.3
#usr/share/aclocal/libassuan.m4
#usr/share/info/assuan.info

2
lfs/clamav
View File

@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = clamav
PAK_VER = 33
PAK_VER = 34
DEPS = ""

4
lfs/dnsmasq
View File

@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2016 Michael Tremer & Christian Schmidt #
# Copyright (C) 2007-2016 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -87,6 +87,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/012-Compile-time_check_on_buffer_sizes_for_leasefile_parsing_code.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/013-auth-zone_allow_to_exclude_ip_addresses_from_answer.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/014-Bump_auth_zone_serial_when_reloading_etc_hosts_and_friends.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/015-Handle_v4-mapped_IPv6_addresses_sanely_for_--synth-domain.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/016-Refactor_openBSD_pftables_code_to_remove_blatant_copyright_violation.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch
cd $(DIR_APP) && sed -i src/config.h \

6
lfs/gnupg
View File

@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2014 Michael Tremer & Christian Schmidt #
# Copyright (C) 2007-2016 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
VER = 1.4.18
VER = 1.4.21
THISAPP = gnupg-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 54db1be9588b11afbbdd8b82d4ea883a
$(DL_FILE)_MD5 = 9bdeabf3c0f87ff21cb3f9216efdd01d
install : $(TARGET)

2
lfs/hostapd
View File

@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = hostapd
PAK_VER = 36
PAK_VER = 37
DEPS = ""

8
lfs/libassuan
View File

@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2015 Michael Tremer & Christian Schmidt #
# Copyright (C) 2007-2016 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
VER = 2.2.0
VER = 2.4.3
THISAPP = libassuan-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = libassuan
PAK_VER = 3
PAK_VER = 4
DEPS = ""
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = a104faed3e97b9c302c5d67cc22b1d60
$(DL_FILE)_MD5 = 8e01a7c72d3e5d154481230668e6eb5a
install : $(TARGET)

6
lfs/libgcrypt
View File

@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2015 Michael Tremer & Christian Schmidt #
# Copyright (C) 2007-2016 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
VER = 1.6.4
VER = 1.7.3
THISAPP = libgcrypt-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 4c13c5fa43147866f993d73ee62af176
$(DL_FILE)_MD5 = c869e542cc13a1c28d8055487bf7f5c4
install : $(TARGET)

6
lfs/libgpg-error
View File

@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2015 Michael Tremer & Christian Schmidt #
# Copyright (C) 2007-2016 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
VER = 1.20
VER = 1.24
THISAPP = libgpg-error-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 9997d9203b672402a04760176811589d
$(DL_FILE)_MD5 = feb42198c0aaf3b28eabe8f41a34b983
install : $(TARGET)

20
lfs/linux
View File

@@ -24,10 +24,10 @@
include Config
VER = 3.14.74
RPI_PATCHES = 3.14.74-grsec-ipfire1
A7M_PATCHES = 3.14.74-grsec-ipfire1
GRS_PATCHES = grsecurity-3.1ipfire-3.14.74-v1.patch.xz
VER = 3.14.77
RPI_PATCHES = 3.14.77-grsec-ipfire1
A7M_PATCHES = 3.14.77-grsec-ipfire1
GRS_PATCHES = grsecurity-3.1ipfire-3.14.77-v1.patch.xz
THISAPP = linux-$(VER)
@@ -37,7 +37,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP)
CFLAGS =
CXXFLAGS =
PAK_VER = 69
PAK_VER = 71
DEPS = ""
KERNEL_ARCH = $(MACHINE)
@@ -83,10 +83,10 @@ rpi-patches-$(RPI_PATCHES).patch.xz = $(URL_IPFIRE)/rpi-patches-$(RPI_PATCHES).
arm7-multi-patches-$(A7M_PATCHES).patch.xz = $(URL_IPFIRE)/arm7-multi-patches-$(A7M_PATCHES).patch.xz
$(GRS_PATCHES) = $(URL_IPFIRE)/$(GRS_PATCHES)
$(DL_FILE)_MD5 = f83028755dc380862a91fe75e64b01aa
rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = 32b1101dc51f89c1fb3bfb1907f4bce5
arm7-multi-patches-$(A7M_PATCHES).patch.xz_MD5 = b9a638c68cefd4c08dfcb9c4434458b1
$(GRS_PATCHES)_MD5 = 5f4595575e159dd730b222d204cc9b39
$(DL_FILE)_MD5 = 7ecb8518498d0666a7b88f359e566f4c
rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = 3213020a9627ea73cc9668e2db4ff8a4
arm7-multi-patches-$(A7M_PATCHES).patch.xz_MD5 = 56949a37637656d5ea23658cc9222f64
$(GRS_PATCHES)_MD5 = 5ed67f97c3b0de1b290f9155eb166c56
install : $(TARGET)
@@ -132,6 +132,7 @@ ifneq "$(KCFG)" "-headers"
cd $(DIR_APP) && xz -c -d $(DIR_DL)/$(GRS_PATCHES) | patch -Np1
cd $(DIR_APP) && rm localversion-grsec
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.7-disable-compat_vdso.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.14.77-gsrec_tcp_input_access_once_rw.patch
endif
# DVB Patches
@@ -199,6 +200,7 @@ endif
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/0023-hyperv-Fix-error-return-code-in-netvsc_init_buf.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/0024-hyperv-Fix-a-bug-in-netvsc_send.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/0025-Drivers-hv-vmbus-Support-per-channel-driver-state.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-hyperv_Mark_the_Hyoer-V_TSC_as_unstable.patch
# fix empty symbol crc's
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-genksyms_fix_typeof_handling.patch

2
lfs/mc
View File

@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = mc
PAK_VER = 12
PAK_VER = 13
DEPS = ""

6
lfs/nano
View File

@@ -24,7 +24,7 @@
include Config
VER = 2.6.1
VER = 2.6.3
THISAPP = nano-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = nano
PAK_VER = 10
PAK_VER = 11
DEPS = ""
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 5154704d2f3461140e6798470e03b711
$(DL_FILE)_MD5 = 1213c7f17916e65afefc95054c1f90f9
install : $(TARGET)

2
lfs/nfs
View File

@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = nfs
PAK_VER = 8
PAK_VER = 9
DEPS = "rpcbind"

2
lfs/rpcbind
View File

@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = rpcbind
PAK_VER = 1
PAK_VER = 2
DEPS = "libtirpc"

6
lfs/smartmontools
View File

@@ -24,7 +24,7 @@
include Config
VER = 6.3
VER = 6.5
THISAPP = smartmontools-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 2ea0c62206e110192a97b59291b17f54
$(DL_FILE)_MD5 = 093aeec3f8f39fa9a37593c4012d3156
install : $(TARGET)
@@ -70,7 +70,7 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/smartmontools-5.39-exit_segfault.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/smartmontools-6.5-exit_segfault.patch
cd $(DIR_APP) && autoreconf
cd $(DIR_APP) && ./configure --prefix=/usr
cd $(DIR_APP) && make BUILD_INFO='"($(NAME) $(VERSION))"' $(MAKETUNING)

21
lfs/squid
View File

@@ -24,7 +24,7 @@
include Config
VER = 3.5.19
VER = 3.5.20
THISAPP = squid-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = a1d990284c429a63ee85d80ee5b3b8b9
$(DL_FILE)_MD5 = 48fb18679a30606de98882528beab3a7
install : $(TARGET)
@@ -70,13 +70,16 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14051.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14052.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14053.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14054.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14055.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14056.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.17-fix-max-file-descriptors.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14067.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14068.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14069.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14070.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14071.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14072.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14073.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14074.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14075.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.20-fix-max-file-descriptors.patch
cd $(DIR_APP) && autoreconf -vfi
cd $(DIR_APP)/libltdl && autoreconf -vfi

2
make.sh
View File

@@ -26,7 +26,7 @@ NAME="IPFire" # Software name
SNAME="ipfire" # Short name
VERSION="2.19" # Version number
CORE="104" # Core Level (Filename)
PAKFIRE_CORE="103" # Core Level (PAKFIRE)
PAKFIRE_CORE="104" # Core Level (PAKFIRE)
GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
CONFIG_ROOT=/var/ipfire # Configuration rootdir

20
src/patches/arm-multi-grsec-compile-fixes.patch
View File

@@ -1,18 +1,18 @@
diff -Naur linux-3.14.74.org/arch/arm/mach-omap2/cclock3xxx_data.c linux-3.14.74/arch/arm/mach-omap2/cclock3xxx_data.c
--- linux-3.14.74.org/arch/arm/mach-omap2/cclock3xxx_data.c 2016-07-27 18:56:02.000000000 +0200
+++ linux-3.14.74/arch/arm/mach-omap2/cclock3xxx_data.c 2016-07-29 01:47:45.272515907 +0200
diff -Naur linux-3.14.76.org/arch/arm/mach-omap2/cclock3xxx_data.c linux-3.14.76/arch/arm/mach-omap2/cclock3xxx_data.c
--- linux-3.14.76.org/arch/arm/mach-omap2/cclock3xxx_data.c 2016-08-18 06:26:02.000000000 +0200
+++ linux-3.14.76/arch/arm/mach-omap2/cclock3xxx_data.c 2016-08-18 06:37:51.442186995 +0200
@@ -250,7 +250,7 @@
static struct clk dpll1_ck;
-static const struct clk_ops dpll1_ck_ops = {
+static clk_ops_no_const dpll1_ck_ops = {
-static struct clk_ops dpll1_ck_ops;
+static clk_ops_no_const dpll1_ck_ops;
static struct clk_ops dpll1_ck_ops_34xx __initdata = {
.init = &omap2_init_clk_clkdm,
.enable = &omap3_noncore_dpll_enable,
.disable = &omap3_noncore_dpll_disable,
diff -Naur linux-3.14.74.org/net/ipv6/addrconf.c linux-3.14.74/net/ipv6/addrconf.c
--- linux-3.14.74.org/net/ipv6/addrconf.c 2016-07-29 03:47:13.000000000 +0200
+++ linux-3.14.74/net/ipv6/addrconf.c 2016-07-29 00:47:00.000000000 +0200
diff -Naur linux-3.14.76.org/net/ipv6/addrconf.c linux-3.14.76/net/ipv6/addrconf.c
--- linux-3.14.76.org/net/ipv6/addrconf.c 2016-08-18 06:25:51.000000000 +0200
+++ linux-3.14.76/net/ipv6/addrconf.c 2016-08-18 06:31:51.802186824 +0200
@@ -4818,7 +4818,7 @@
{
struct inet6_dev *idev = ctl->extra1;

101
src/patches/dnsmasq/015-Handle_v4-mapped_IPv6_addresses_sanely_for_--synth-domain.patch Normal file
View File

@@ -0,0 +1,101 @@
From 6d95099c56a926d672e0407d6017fef9714f40c4 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Thu, 11 Aug 2016 23:38:54 +0100
Subject: [PATCH] Handle v4-mapped IPv6 addresses sanely for --synth-domain.
---
CHANGELOG | 7 ++++++-
man/dnsmasq.8 | 2 ++
src/domain.c | 34 ++++++++++++++++++++++++----------
3 files changed, 32 insertions(+), 11 deletions(-)
diff --git a/CHANGELOG b/CHANGELOG
index 4f89799..2731cc4 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -24,7 +24,12 @@ version 2.77
Bump zone serial on reloading /etc/hosts and friends
when providing authoritative DNS. Thanks to Harrald
Dunkel for spotting this.
-
+
+ Handle v4-mapped IPv6 addresses sanely in --synth-domain.
+ These have standard representation like ::ffff:1.2.3.4
+ and are now converted to names like
+ <prefix>--ffff-1-2-3-4.<domain>
+
version 2.76
Include 0.0.0.0/8 in DNS rebind checks. This range
diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
index 8910947..91fe672 100644
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -619,6 +619,8 @@ but IPv6 addresses may start with '::'
but DNS labels may not start with '-' so in this case if no prefix is
configured a zero is added in front of the label. ::1 becomes 0--1.
+V4 mapped IPv6 addresses, which have a representation like ::ffff:1.2.3.4 are handled specially, and become like 0--ffff-1-2-3-4
+
The address range can be of the form
<ip address>,<ip address> or <ip address>/<netmask>
.TP
diff --git a/src/domain.c b/src/domain.c
index 1dd5027..a007acd 100644
--- a/src/domain.c
+++ b/src/domain.c
@@ -77,18 +77,31 @@ int is_name_synthetic(int flags, char *name, struct all_addr *addr)
*p = 0;
- /* swap . or : for - */
- for (p = tail; *p; p++)
- if (*p == '-')
- {
- if (prot == AF_INET)
+ #ifdef HAVE_IPV6
+ if (prot == AF_INET6 && strstr(tail, "--ffff-") == tail)
+ {
+ /* special hack for v4-mapped. */
+ memcpy(tail, "::ffff:", 7);
+ for (p = tail + 7; *p; p++)
+ if (*p == '-')
*p = '.';
+ }
+ else
+#endif
+ {
+ /* swap . or : for - */
+ for (p = tail; *p; p++)
+ if (*p == '-')
+ {
+ if (prot == AF_INET)
+ *p = '.';
#ifdef HAVE_IPV6
- else
- *p = ':';
+ else
+ *p = ':';
#endif
- }
-
+ }
+ }
+
if (hostname_isequal(c->domain, p+1) && inet_pton(prot, tail, addr))
{
if (prot == AF_INET)
@@ -169,8 +182,9 @@ int is_rev_synth(int flag, struct all_addr *addr, char *name)
inet_ntop(AF_INET6, &addr->addr.addr6, name+1, ADDRSTRLEN);
}
+ /* V4-mapped have periods.... */
for (p = name; *p; p++)
- if (*p == ':')
+ if (*p == ':' || *p == '.')
*p = '-';
strncat(name, ".", MAXDNAME);
--
1.7.10.4

149
src/patches/dnsmasq/016-Refactor_openBSD_pftables_code_to_remove_blatant_copyright_violation.patch Normal file
View File

@@ -0,0 +1,149 @@
From 396750cef533cf72c7e6a72e47a9c93e2e431cb7 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Sat, 13 Aug 2016 22:34:11 +0100
Subject: [PATCH] Refactor openBSD pftables code to remove blatant copyright
violation.
---
src/tables.c | 90 +++++++++++++++++++++-------------------------------------
1 file changed, 32 insertions(+), 58 deletions(-)
diff --git a/src/tables.c b/src/tables.c
index aae1252..4fa3487 100644
--- a/src/tables.c
+++ b/src/tables.c
@@ -53,52 +53,6 @@ static char *pfr_strerror(int errnum)
}
}
-static int pfr_add_tables(struct pfr_table *tbl, int size, int *nadd, int flags)
-{
- struct pfioc_table io;
-
- if (size < 0 || (size && tbl == NULL))
- {
- errno = EINVAL;
- return (-1);
- }
- bzero(&io, sizeof io);
- io.pfrio_flags = flags;
- io.pfrio_buffer = tbl;
- io.pfrio_esize = sizeof(*tbl);
- io.pfrio_size = size;
- if (ioctl(dev, DIOCRADDTABLES, &io))
- return (-1);
- if (nadd != NULL)
- *nadd = io.pfrio_nadd;
- return (0);
-}
-
-static int fill_addr(const struct all_addr *ipaddr, int flags, struct pfr_addr* addr) {
- if ( !addr || !ipaddr)
- {
- my_syslog(LOG_ERR, _("error: fill_addr missused"));
- return -1;
- }
- bzero(addr, sizeof(*addr));
-#ifdef HAVE_IPV6
- if (flags & F_IPV6)
- {
- addr->pfra_af = AF_INET6;
- addr->pfra_net = 0x80;
- memcpy(&(addr->pfra_ip6addr), &(ipaddr->addr), sizeof(struct in6_addr));
- }
- else
-#endif
- {
- addr->pfra_af = AF_INET;
- addr->pfra_net = 0x20;
- addr->pfra_ip4addr.s_addr = ipaddr->addr.addr4.s_addr;
- }
- return 1;
-}
-
-/*****************************************************************************/
void ipset_init(void)
{
@@ -111,14 +65,13 @@ void ipset_init(void)
}
int add_to_ipset(const char *setname, const struct all_addr *ipaddr,
- int flags, int remove)
+ int flags, int remove)
{
struct pfr_addr addr;
struct pfioc_table io;
struct pfr_table table;
- int n = 0, rc = 0;
- if ( dev == -1 )
+ if (dev == -1)
{
my_syslog(LOG_ERR, _("warning: no opened pf devices %s"), pf_device);
return -1;
@@ -126,31 +79,52 @@ int add_to_ipset(const char *setname, const struct all_addr *ipaddr,
bzero(&table, sizeof(struct pfr_table));
table.pfrt_flags |= PFR_TFLAG_PERSIST;
- if ( strlen(setname) >= PF_TABLE_NAME_SIZE )
+ if (strlen(setname) >= PF_TABLE_NAME_SIZE)
{
my_syslog(LOG_ERR, _("error: cannot use table name %s"), setname);
errno = ENAMETOOLONG;
return -1;
}
- if ( strlcpy(table.pfrt_name, setname,
- sizeof(table.pfrt_name)) >= sizeof(table.pfrt_name))
+ if (strlcpy(table.pfrt_name, setname,
+ sizeof(table.pfrt_name)) >= sizeof(table.pfrt_name))
{
my_syslog(LOG_ERR, _("error: cannot strlcpy table name %s"), setname);
return -1;
}
- if ((rc = pfr_add_tables(&table, 1, &n, 0)))
+ bzero(&io, sizeof io);
+ io.pfrio_flags = 0;
+ io.pfrio_buffer = &table;
+ io.pfrio_esize = sizeof(table);
+ io.pfrio_size = 1;
+ if (ioctl(dev, DIOCRADDTABLES, &io))
{
- my_syslog(LOG_WARNING, _("warning: pfr_add_tables: %s(%d)"),
- pfr_strerror(errno),rc);
+ my_syslog(LOG_WARNING, _("IPset: error:%s"), pfr_strerror(errno));
+
return -1;
}
+
table.pfrt_flags &= ~PFR_TFLAG_PERSIST;
- if (n)
+ if (io.pfrio_nadd)
my_syslog(LOG_INFO, _("info: table created"));
-
- fill_addr(ipaddr,flags,&addr);
+
+ bzero(&addr, sizeof(addr));
+#ifdef HAVE_IPV6
+ if (flags & F_IPV6)
+ {
+ addr.pfra_af = AF_INET6;
+ addr.pfra_net = 0x80;
+ memcpy(&(addr.pfra_ip6addr), &(ipaddr->addr), sizeof(struct in6_addr));
+ }
+ else
+#endif
+ {
+ addr.pfra_af = AF_INET;
+ addr.pfra_net = 0x20;
+ addr.pfra_ip4addr.s_addr = ipaddr->addr.addr4.s_addr;
+ }
+
bzero(&io, sizeof(io));
io.pfrio_flags = 0;
io.pfrio_table = table;
--
1.7.10.4

18
src/patches/linux-3.14.77-gsrec_tcp_input_access_once_rw.patch Normal file
View File

@@ -0,0 +1,18 @@
diff -Naur linux-3.14.77.org/net/ipv4/tcp_input.c linux-3.14.77/net/ipv4/tcp_input.c
--- linux-3.14.77.org/net/ipv4/tcp_input.c 2016-08-21 19:58:45.000000000 +0200
+++ linux-3.14.77/net/ipv4/tcp_input.c 2016-08-21 21:11:24.336757369 +0200
@@ -3299,12 +3299,12 @@
u32 half = (sysctl_tcp_challenge_ack_limit + 1) >> 1;
challenge_timestamp = now;
- ACCESS_ONCE(challenge_count) = half +
+ ACCESS_ONCE_RW(challenge_count) = half +
prandom_u32_max(sysctl_tcp_challenge_ack_limit);
}
count = ACCESS_ONCE(challenge_count);
if (count > 0) {
- ACCESS_ONCE(challenge_count) = count - 1;
+ ACCESS_ONCE_RW(challenge_count) = count - 1;
NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPCHALLENGEACK);
tcp_send_ack(sk);
}

47
src/patches/linux-hyperv_Mark_the_Hyoer-V_TSC_as_unstable.patch Normal file
View File

@@ -0,0 +1,47 @@
From 88c9281a9fba67636ab26c1fd6afbc78a632374f Mon Sep 17 00:00:00 2001
From: Vitaly Kuznetsov <vkuznets@redhat.com>
Date: Wed, 19 Aug 2015 09:54:24 -0700
Subject: x86/hyperv: Mark the Hyper-V TSC as unstable
The Hyper-V top-level functional specification states, that
"algorithms should be resilient to sudden jumps forward or
backward in the TSC value", this means that we should consider
TSC as unstable. In some cases tsc tests are able to detect the
instability, it was detected in 543 out of 646 boots in my
testing:
Measured 6277 cycles TSC warp between CPUs, turning off TSC clock.
tsc: Marking TSC unstable due to check_tsc_sync_source failed
This is, however, just a heuristic. On Hyper-V platform there
are two good clocksources: MSR-based hyperv_clocksource and
recently introduced TSC page.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: Haiyang Zhang <haiyangz@microsoft.com>
Cc: K. Y. Srinivasan <kys@microsoft.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: devel@linuxdriverproject.org
Link: http://lkml.kernel.org/r/1440003264-9949-1-git-send-email-vkuznets@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
arch/x86/kernel/cpu/mshyperv.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c
index aad4bd8..6fd023d 100644
--- a/arch/x86/kernel/cpu/mshyperv.c
+++ b/arch/x86/kernel/cpu/mshyperv.c
@@ -141,6 +141,7 @@ static void __init ms_hyperv_init_platform(void)
no_timer_check = 1;
#endif
+ mark_tsc_unstable("running on Hyper-V");
}
const __refconst struct hypervisor_x86 x86_hyper_ms_hyperv = {
--
cgit v0.12

12
src/patches/smartmontools-5.39-exit_segfault.patch → src/patches/smartmontools-6.5-exit_segfault.patch
View File

@@ -1,7 +1,6 @@
diff -Naur smartmontools-5.39-svn_r2877/utility.h smartmontools-5.39-svn_r2877.new/utility.h
--- smartmontools-5.39-svn_r2877/utility.h 2009-08-24 12:48:50.000000000 +0200
+++ smartmontools-5.39-svn_r2877.new/utility.h 2009-08-29 09:11:07.000000000 +0200
@@ -102,7 +102,11 @@
--- a/utility.h Sun Apr 24 16:59:15 2016
+++ b/utility.h Sat Aug 20 22:40:33 2016
@@ -97,7 +97,11 @@
// Replacement for exit(status)
// (exit is not compatible with C++ destructors)
@@ -12,5 +11,6 @@ diff -Naur smartmontools-5.39-svn_r2877/utility.h smartmontools-5.39-svn_r2877.n
+//tried to use exit and found no problems yet
+#define EXIT(status) { exit ((int)(status)); }
#ifdef OLD_INTERFACE
// Compile time check of byte ordering
// (inline const function allows compiler to remove dead code)

4
src/patches/squid-3.5.17-fix-max-file-descriptors.patch → src/patches/squid-3.5.20-fix-max-file-descriptors.patch
View File

@@ -1,6 +1,6 @@
--- configure.ac.~ Wed Apr 20 14:26:07 2016
+++ configure.ac Fri Apr 22 17:20:46 2016
@@ -3131,6 +3131,9 @@
@@ -3135,6 +3135,9 @@
;;
esac
@@ -10,7 +10,7 @@
dnl --with-maxfd present for compatibility with Squid-2.
dnl undocumented in ./configure --help to encourage using the Squid-3 directive
AC_ARG_WITH(maxfd,,
@@ -3161,8 +3164,6 @@
@@ -3165,8 +3168,6 @@
esac
])

63
src/patches/squid/squid-3.5-14051.patch
View File

@@ -1,63 +0,0 @@
------------------------------------------------------------
revno: 14051
revision-id: squid3@treenet.co.nz-20160517145850-uos9z00nrt7xd9ik
parent: squid3@treenet.co.nz-20160508124125-fytgvn68zppfr8ix
author: Steve Hill <steve@opendium.com>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Wed 2016-05-18 02:58:50 +1200
message:
Support unified EUI format code in external_acl_type
Squid supports %>eui as a logformat specifier, which produces an EUI-48
for IPv4 clients and an EUI-64 for IPv6 clients. However, This is not
allowed as a format specifier for the external ACLs, and you have to use
%SRCEUI48 and %SRCEUI64 instead. %SRCEUI48 is only useful for IPv4
clients and %SRCEUI64 is only useful for IPv6 clients, so supporting
both v4 and v6 is a bit messy.
Adds the %>eui specifier for external ACLs and behaves in the same way
as the logformat specifier.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160517145850-uos9z00nrt7xd9ik
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: ad0743717948a65cfd4f306acc2bbaa9343e9a76
# timestamp: 2016-05-17 15:50:54 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160508124125-\
# fytgvn68zppfr8ix
#
# Begin patch
=== modified file 'src/external_acl.cc'
--- src/external_acl.cc 2016-01-01 00:14:27 +0000
+++ src/external_acl.cc 2016-05-17 14:58:50 +0000
@@ -356,6 +356,8 @@
else if (strcmp(token, "%SRCPORT") == 0 || strcmp(token, "%>p") == 0)
format->type = Format::LFT_CLIENT_PORT;
#if USE_SQUID_EUI
+ else if (strcmp(token, "%>eui") == 0)
+ format->type = Format::LFT_CLIENT_EUI;
else if (strcmp(token, "%SRCEUI48") == 0)
format->type = Format::LFT_EXT_ACL_CLIENT_EUI48;
else if (strcmp(token, "%SRCEUI64") == 0)
@@ -944,6 +946,18 @@
break;
#if USE_SQUID_EUI
+ case Format::LFT_CLIENT_EUI:
+ // TODO make the ACL checklist have a direct link to any TCP details.
+ if (request->clientConnectionManager.valid() && request->clientConnectionManager->clientConnection != NULL)
+ {
+ if (request->clientConnectionManager->clientConnection->remote.isIPv4())
+ request->clientConnectionManager->clientConnection->remoteEui48.encode(buf, sizeof(buf));
+ else
+ request->clientConnectionManager->clientConnection->remoteEui64.encode(buf, sizeof(buf));
+ str = buf;
+ }
+ break;
+
case Format::LFT_EXT_ACL_CLIENT_EUI48:
if (request->clientConnectionManager.valid() && request->clientConnectionManager->clientConnection != NULL &&
request->clientConnectionManager->clientConnection->remoteEui48.encode(buf, sizeof(buf)))

34
src/patches/squid/squid-3.5-14052.patch
View File

@@ -1,34 +0,0 @@
------------------------------------------------------------
revno: 14052
revision-id: squidadm@squid-cache.org-20160517181416-sfrjdosd9dhx7u8o
parent: squid3@treenet.co.nz-20160517145850-uos9z00nrt7xd9ik
committer: Source Maintenance <squidadm@squid-cache.org>
branch nick: 3.5
timestamp: Tue 2016-05-17 18:14:16 +0000
message:
SourceFormat Enforcement
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squidadm@squid-cache.org-20160517181416-\
# sfrjdosd9dhx7u8o
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: e30c12805cacdb559925da08cc6a25fe4a39c19b
# timestamp: 2016-05-17 18:51:06 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160517145850-\
# uos9z00nrt7xd9ik
#
# Begin patch
=== modified file 'src/external_acl.cc'
--- src/external_acl.cc 2016-05-17 14:58:50 +0000
+++ src/external_acl.cc 2016-05-17 18:14:16 +0000
@@ -956,7 +956,7 @@
request->clientConnectionManager->clientConnection->remoteEui64.encode(buf, sizeof(buf));
str = buf;
}
- break;
+ break;
case Format::LFT_EXT_ACL_CLIENT_EUI48:
if (request->clientConnectionManager.valid() && request->clientConnectionManager->clientConnection != NULL &&

46
src/patches/squid/squid-3.5-14053.patch
View File

@@ -1,46 +0,0 @@
------------------------------------------------------------
revno: 14053
revision-id: squid3@treenet.co.nz-20160521130058-zq8zugw0fohwfu3z
parent: squidadm@squid-cache.org-20160517181416-sfrjdosd9dhx7u8o
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sun 2016-05-22 01:00:58 +1200
message:
Do not override user defined -std option
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160521130058-zq8zugw0fohwfu3z
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: a75245a622ccfa385ef5e4722f9a9fb438a16135
# timestamp: 2016-05-21 13:08:06 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squidadm@squid-cache.org-20160517181416-\
# sfrjdosd9dhx7u8o
#
# Begin patch
=== modified file 'configure.ac'
--- configure.ac 2016-05-08 12:41:25 +0000
+++ configure.ac 2016-05-21 13:00:58 +0000
@@ -95,6 +95,9 @@
# Guess the compiler type (sets squid_cv_compiler)
SQUID_CC_GUESS_VARIANT
+# If the user did not specify a C++ version.
+user_cxx=`echo "$PRESET_CXXFLAGS" | grep -o -E "\-std="`
+if test "x$user_cxx" = "x"; then
# Check for C++11 compiler support
#
# BUG 3613: when clang -std=c++0x is used, it activates a "strict mode"
@@ -103,8 +106,9 @@
#
# Similar POSIX issues on MinGW 32-bit and Cygwin
#
-if ! test "x$squid_host_os" = "xmingw" -o "x$squid_host_os" = "xcygwin" -o "x$squid_cv_compiler" = "xclang"; then
- AX_CXX_COMPILE_STDCXX_11([noext],[optional])
+ if ! test "x$squid_host_os" = "xmingw" -o "x$squid_host_os" = "xcygwin" -o "x$squid_cv_compiler" = "xclang"; then
+ AX_CXX_COMPILE_STDCXX_11([noext],[optional])
+ fi
fi
# test for programs

37
src/patches/squid/squid-3.5-14054.patch
View File

@@ -1,37 +0,0 @@
------------------------------------------------------------
revno: 14054
revision-id: squid3@treenet.co.nz-20160521130144-6xtcayieij00fm5v
parent: squid3@treenet.co.nz-20160521130058-zq8zugw0fohwfu3z
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sun 2016-05-22 01:01:44 +1200
message:
Fix OpenSSL detection on FreeBSD
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160521130144-6xtcayieij00fm5v
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 3d8c0d7a9f1886523ac55d79e4d3e8f0340e2ec9
# timestamp: 2016-05-21 13:08:08 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160521130058-\
# zq8zugw0fohwfu3z
#
# Begin patch
=== modified file 'configure.ac'
--- configure.ac 2016-05-21 13:00:58 +0000
+++ configure.ac 2016-05-21 13:01:44 +0000
@@ -1348,10 +1348,10 @@
AC_CHECK_LIB(crypto,[CRYPTO_new_ex_data],[LIBOPENSSL_LIBS="-lcrypto $LIBOPENSSL_LIBS"],[
AC_MSG_ERROR([library 'crypto' is required for OpenSSL])
- ])
+ ],$LIBOPENSSL_LIBS)
AC_CHECK_LIB(ssl,[SSL_library_init],[LIBOPENSSL_LIBS="-lssl $LIBOPENSSL_LIBS"],[
AC_MSG_ERROR([library 'ssl' is required for OpenSSL])
- ])
+ ],$LIBOPENSSL_LIBS)
])
# This is a workaround for RedHat 9 brain damage..

39
src/patches/squid/squid-3.5-14055.patch
View File

@@ -1,39 +0,0 @@
------------------------------------------------------------
revno: 14055
revision-id: squid3@treenet.co.nz-20160521155202-pp53utwamdhkugvg
parent: squid3@treenet.co.nz-20160521130144-6xtcayieij00fm5v
author: Alex Rousskov <rousskov@measurement-factory.com>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sun 2016-05-22 03:52:02 +1200
message:
Fix icons loading speed.
Since trunk r14100 (Bug 3875: bad mimeLoadIconFile error handling), each
icon was read from disk and written to Store one character at a time. I
did not measure startup delays in production, but in debugging runs,
fixing this bug sped up icons loading from 1 minute to 4 seconds.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160521155202-pp53utwamdhkugvg
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 79b78480d81666c15406d23837608ba9a578da4b
# timestamp: 2016-05-21 16:51:00 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160521130144-\
# 6xtcayieij00fm5v
#
# Begin patch
=== modified file 'src/mime.cc'
--- src/mime.cc 2016-01-01 00:14:27 +0000
+++ src/mime.cc 2016-05-21 15:52:02 +0000
@@ -430,7 +430,7 @@
/* read the file into the buffer and append it to store */
int n;
char *buf = (char *)memAllocate(MEM_4K_BUF);
- while ((n = FD_READ_METHOD(fd, buf, sizeof(*buf))) > 0)
+ while ((n = FD_READ_METHOD(fd, buf, 4096)) > 0)
e->append(buf, n);
file_close(fd);

36
src/patches/squid/squid-3.5-14056.patch
View File

@@ -1,36 +0,0 @@
------------------------------------------------------------
revno: 14056
revision-id: squid3@treenet.co.nz-20160521172919-du6cbdirqcxdjbtr
parent: squid3@treenet.co.nz-20160521155202-pp53utwamdhkugvg
author: Christos Tsantilas <chtsanti@users.sourceforge.net>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sun 2016-05-22 05:29:19 +1200
message:
Increase debug level in a peek-and-splice related debug message
It may produced one debugging line for each SSL transaction in some cases
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160521172919-du6cbdirqcxdjbtr
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 76c2e864289dabb1065c470c954f9fc5ec4c7b4f
# timestamp: 2016-05-21 17:50:54 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160521155202-\
# pp53utwamdhkugvg
#
# Begin patch
=== modified file 'src/ssl/PeerConnector.cc'
--- src/ssl/PeerConnector.cc 2016-02-15 11:29:50 +0000
+++ src/ssl/PeerConnector.cc 2016-05-21 17:29:19 +0000
@@ -598,7 +598,7 @@
case SSL_ERROR_WANT_WRITE:
if ((srvBio->bumpMode() == Ssl::bumpPeek || srvBio->bumpMode() == Ssl::bumpStare) && srvBio->holdWrite()) {
- debugs(81, DBG_IMPORTANT, "hold write on SSL connection on FD " << fd);
+ debugs(81, 3, "hold write on SSL connection on FD " << fd);
checkForPeekAndSplice();
return;
}

381
src/patches/squid/squid-3.5-14067.patch Normal file
View File

@@ -0,0 +1,381 @@
------------------------------------------------------------
revno: 14067
revision-id: squid3@treenet.co.nz-20160723071620-1wzqpbyi1rk5w6vg
parent: squid3@treenet.co.nz-20160701113616-vpjak1pq4uecadd2
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4534
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sat 2016-07-23 19:16:20 +1200
message:
Bug 4534: assertion failure in xcalloc when using many cache_dir
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160723071620-1wzqpbyi1rk5w6vg
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: fcd663f0fd4a24d505f81eb94ef95d627a4ca363
# timestamp: 2016-07-23 07:24:01 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160701113616-\
# vpjak1pq4uecadd2
#
# Begin patch
=== modified file 'src/CacheDigest.cc'
--- src/CacheDigest.cc 2016-01-01 00:14:27 +0000
+++ src/CacheDigest.cc 2016-07-23 07:16:20 +0000
@@ -35,12 +35,12 @@
static uint32_t hashed_keys[4];
static void
-cacheDigestInit(CacheDigest * cd, int capacity, int bpe)
+cacheDigestInit(CacheDigest * cd, uint64_t capacity, uint8_t bpe)
{
- const size_t mask_size = cacheDigestCalcMaskSize(capacity, bpe);
+ const uint32_t mask_size = cacheDigestCalcMaskSize(capacity, bpe);
assert(cd);
assert(capacity > 0 && bpe > 0);
- assert(mask_size > 0);
+ assert(mask_size != 0);
cd->capacity = capacity;
cd->bits_per_entry = bpe;
cd->mask_size = mask_size;
@@ -50,7 +50,7 @@
}
CacheDigest *
-cacheDigestCreate(int capacity, int bpe)
+cacheDigestCreate(uint64_t capacity, uint8_t bpe)
{
CacheDigest *cd = (CacheDigest *)memAllocate(MEM_CACHE_DIGEST);
assert(SQUID_MD5_DIGEST_LENGTH == 16); /* our hash functions rely on 16 byte keys */
@@ -97,7 +97,7 @@
/* changes mask size, resets bits to 0, preserves "cd" pointer */
void
-cacheDigestChangeCap(CacheDigest * cd, int new_cap)
+cacheDigestChangeCap(CacheDigest * cd, uint64_t new_cap)
{
assert(cd);
cacheDigestClean(cd);
@@ -278,12 +278,12 @@
storeAppendPrintf(e, "%s digest: size: %d bytes\n",
label ? label : "", stats.bit_count / 8
);
- storeAppendPrintf(e, "\t entries: count: %d capacity: %d util: %d%%\n",
+ storeAppendPrintf(e, "\t entries: count: %" PRIu64 " capacity: %" PRIu64 " util: %d%%\n",
cd->count,
cd->capacity,
xpercentInt(cd->count, cd->capacity)
);
- storeAppendPrintf(e, "\t deletion attempts: %d\n",
+ storeAppendPrintf(e, "\t deletion attempts: %" PRIu64 "\n",
cd->del_count
);
storeAppendPrintf(e, "\t bits: per entry: %d on: %d capacity: %d util: %d%%\n",
@@ -297,16 +297,18 @@
);
}
-size_t
-cacheDigestCalcMaskSize(int cap, int bpe)
+uint32_t
+cacheDigestCalcMaskSize(uint64_t cap, uint8_t bpe)
{
- return (size_t) (cap * bpe + 7) / 8;
+ uint64_t bitCount = (cap * bpe) + 7;
+ assert(bitCount < INT_MAX); // dont 31-bit overflow later
+ return static_cast<uint32_t>(bitCount / 8);
}
static void
cacheDigestHashKey(const CacheDigest * cd, const cache_key * key)
{
- const unsigned int bit_count = cd->mask_size * 8;
+ const uint32_t bit_count = cd->mask_size * 8;
unsigned int tmp_keys[4];
/* we must memcpy to ensure alignment */
memcpy(tmp_keys, key, sizeof(tmp_keys));
=== modified file 'src/CacheDigest.h'
--- src/CacheDigest.h 2016-01-01 00:14:27 +0000
+++ src/CacheDigest.h 2016-07-23 07:16:20 +0000
@@ -22,23 +22,23 @@
{
public:
/* public, read-only */
- char *mask; /* bit mask */
- int mask_size; /* mask size in bytes */
- int capacity; /* expected maximum for .count, not a hard limit */
- int bits_per_entry; /* number of bits allocated for each entry from capacity */
- int count; /* number of digested entries */
- int del_count; /* number of deletions performed so far */
+ uint64_t count; /* number of digested entries */
+ uint64_t del_count; /* number of deletions performed so far */
+ uint64_t capacity; /* expected maximum for .count, not a hard limit */
+ char *mask; /* bit mask */
+ uint32_t mask_size; /* mask size in bytes */
+ int8_t bits_per_entry; /* number of bits allocated for each entry from capacity */
};
-CacheDigest *cacheDigestCreate(int capacity, int bpe);
+CacheDigest *cacheDigestCreate(uint64_t capacity, uint8_t bpe);
void cacheDigestDestroy(CacheDigest * cd);
CacheDigest *cacheDigestClone(const CacheDigest * cd);
void cacheDigestClear(CacheDigest * cd);
-void cacheDigestChangeCap(CacheDigest * cd, int new_cap);
+void cacheDigestChangeCap(CacheDigest * cd, uint64_t new_cap);
int cacheDigestTest(const CacheDigest * cd, const cache_key * key);
void cacheDigestAdd(CacheDigest * cd, const cache_key * key);
void cacheDigestDel(CacheDigest * cd, const cache_key * key);
-size_t cacheDigestCalcMaskSize(int cap, int bpe);
+uint32_t cacheDigestCalcMaskSize(uint64_t cap, uint8_t bpe);
int cacheDigestBitUtil(const CacheDigest * cd);
void cacheDigestGuessStatsUpdate(CacheDigestGuessStats * stats, int real_hit, int guess_hit);
void cacheDigestGuessStatsReport(const CacheDigestGuessStats * stats, StoreEntry * sentry, const char *label);
=== modified file 'src/PeerDigest.h'
--- src/PeerDigest.h 2016-01-01 00:14:27 +0000
+++ src/PeerDigest.h 2016-07-23 07:16:20 +0000
@@ -52,7 +52,7 @@
store_client *old_sc;
HttpRequest *request;
int offset;
- int mask_offset;
+ uint32_t mask_offset;
time_t start_time;
time_t resp_time;
time_t expires;
=== modified file 'src/peer_digest.cc'
--- src/peer_digest.cc 2016-01-01 00:14:27 +0000
+++ src/peer_digest.cc 2016-07-23 07:16:20 +0000
@@ -754,7 +754,7 @@
if (!reason && !size) {
if (!pd->cd)
reason = "null digest?!";
- else if (fetch->mask_offset != (int)pd->cd->mask_size)
+ else if (fetch->mask_offset != pd->cd->mask_size)
reason = "premature end of digest?!";
else if (!peerDigestUseful(pd))
reason = "useless digest";
=== modified file 'src/store_digest.cc'
--- src/store_digest.cc 2016-01-01 00:14:27 +0000
+++ src/store_digest.cc 2016-07-23 07:16:20 +0000
@@ -76,36 +76,63 @@
static void storeDigestRewriteFinish(StoreEntry * e);
static EVH storeDigestSwapOutStep;
static void storeDigestCBlockSwapOut(StoreEntry * e);
-static int storeDigestCalcCap(void);
-static int storeDigestResize(void);
static void storeDigestAdd(const StoreEntry *);
+/// calculates digest capacity
+static uint64_t
+storeDigestCalcCap()
+{
+ /*
+ * To-Do: Bloom proved that the optimal filter utilization is 50% (half of
+ * the bits are off). However, we do not have a formula to calculate the
+ * number of _entries_ we want to pre-allocate for.
+ */
+ const uint64_t hi_cap = Store::Root().maxSize() / Config.Store.avgObjectSize;
+ const uint64_t lo_cap = 1 + Store::Root().currentSize() / Config.Store.avgObjectSize;
+ const uint64_t e_count = StoreEntry::inUseCount();
+ uint64_t cap = e_count ? e_count : hi_cap;
+ debugs(71, 2, "have: " << e_count << ", want " << cap <<
+ " entries; limits: [" << lo_cap << ", " << hi_cap << "]");
+
+ if (cap < lo_cap)
+ cap = lo_cap;
+
+ /* do not enforce hi_cap limit, average-based estimation may be wrong
+ *if (cap > hi_cap)
+ * cap = hi_cap;
+ */
+
+ // Bug 4534: we still have to set an upper-limit at some reasonable value though.
+ // this matches cacheDigestCalcMaskSize doing (cap*bpe)+7 < INT_MAX
+ const uint64_t absolute_max = (INT_MAX -8) / Config.digest.bits_per_entry;
+ if (cap > absolute_max) {
+ static time_t last_loud = 0;
+ if (last_loud < squid_curtime - 86400) {
+ debugs(71, DBG_IMPORTANT, "WARNING: Cache Digest cannot store " << cap << " entries. Limiting to " << absolute_max);
+ last_loud = squid_curtime;
+ } else {
+ debugs(71, 3, "WARNING: Cache Digest cannot store " << cap << " entries. Limiting to " << absolute_max);
+ }
+ cap = absolute_max;
+ }
+
+ return cap;
+}
#endif /* USE_CACHE_DIGESTS */
-static void
-storeDigestRegisterWithCacheManager(void)
+void
+storeDigestInit(void)
{
Mgr::RegisterAction("store_digest", "Store Digest", storeDigestReport, 0, 1);
-}
-
-/*
- * PUBLIC FUNCTIONS
- */
-
-void
-storeDigestInit(void)
-{
- storeDigestRegisterWithCacheManager();
#if USE_CACHE_DIGESTS
- const int cap = storeDigestCalcCap();
-
if (!Config.onoff.digest_generation) {
store_digest = NULL;
debugs(71, 3, "Local cache digest generation disabled");
return;
}
+ const uint64_t cap = storeDigestCalcCap();
store_digest = cacheDigestCreate(cap, Config.digest.bits_per_entry);
debugs(71, DBG_IMPORTANT, "Local cache digest enabled; rebuild/rewrite every " <<
(int) Config.digest.rebuild_period << "/" <<
@@ -290,6 +317,31 @@
storeDigestRebuildResume();
}
+/// \returns true if we actually resized the digest
+static bool
+storeDigestResize()
+{
+ const uint64_t cap = storeDigestCalcCap();
+ assert(store_digest);
+ uint64_t diff;
+ if (cap > store_digest->capacity)
+ diff = cap - store_digest->capacity;
+ else
+ diff = store_digest->capacity - cap;
+ debugs(71, 2, store_digest->capacity << " -> " << cap << "; change: " <<
+ diff << " (" << xpercentInt(diff, store_digest->capacity) << "%)" );
+ /* avoid minor adjustments */
+
+ if (diff <= store_digest->capacity / 10) {
+ debugs(71, 2, "small change, will not resize.");
+ return false;
+ } else {
+ debugs(71, 2, "big change, resizing.");
+ cacheDigestChangeCap(store_digest, cap);
+ }
+ return true;
+}
+
/* called be Rewrite to push Rebuild forward */
static void
storeDigestRebuildResume(void)
@@ -439,7 +491,7 @@
assert(e);
/* _add_ check that nothing bad happened while we were waiting @?@ @?@ */
- if (sd_state.rewrite_offset + chunk_size > store_digest->mask_size)
+ if (static_cast<uint32_t>(sd_state.rewrite_offset + chunk_size) > store_digest->mask_size)
chunk_size = store_digest->mask_size - sd_state.rewrite_offset;
e->append(store_digest->mask + sd_state.rewrite_offset, chunk_size);
@@ -451,7 +503,7 @@
sd_state.rewrite_offset += chunk_size;
/* are we done ? */
- if (sd_state.rewrite_offset >= store_digest->mask_size)
+ if (static_cast<uint32_t>(sd_state.rewrite_offset) >= store_digest->mask_size)
storeDigestRewriteFinish(e);
else
eventAdd("storeDigestSwapOutStep", storeDigestSwapOutStep, data, 0.0, 1, false);
@@ -467,60 +519,10 @@
sd_state.cblock.count = htonl(store_digest->count);
sd_state.cblock.del_count = htonl(store_digest->del_count);
sd_state.cblock.mask_size = htonl(store_digest->mask_size);
- sd_state.cblock.bits_per_entry = (unsigned char)
- Config.digest.bits_per_entry;
+ sd_state.cblock.bits_per_entry = Config.digest.bits_per_entry;
sd_state.cblock.hash_func_count = (unsigned char) CacheDigestHashFuncCount;
e->append((char *) &sd_state.cblock, sizeof(sd_state.cblock));
}
-/* calculates digest capacity */
-static int
-storeDigestCalcCap(void)
-{
- /*
- * To-Do: Bloom proved that the optimal filter utilization is 50% (half of
- * the bits are off). However, we do not have a formula to calculate the
- * number of _entries_ we want to pre-allocate for.
- */
- const int hi_cap = Store::Root().maxSize() / Config.Store.avgObjectSize;
- const int lo_cap = 1 + Store::Root().currentSize() / Config.Store.avgObjectSize;
- const int e_count = StoreEntry::inUseCount();
- int cap = e_count ? e_count :hi_cap;
- debugs(71, 2, "storeDigestCalcCap: have: " << e_count << ", want " << cap <<
- " entries; limits: [" << lo_cap << ", " << hi_cap << "]");
-
- if (cap < lo_cap)
- cap = lo_cap;
-
- /* do not enforce hi_cap limit, average-based estimation may be wrong
- *if (cap > hi_cap)
- * cap = hi_cap;
- */
- return cap;
-}
-
-/* returns true if we actually resized the digest */
-static int
-storeDigestResize(void)
-{
- const int cap = storeDigestCalcCap();
- int diff;
- assert(store_digest);
- diff = abs(cap - store_digest->capacity);
- debugs(71, 2, "storeDigestResize: " <<
- store_digest->capacity << " -> " << cap << "; change: " <<
- diff << " (" << xpercentInt(diff, store_digest->capacity) << "%)" );
- /* avoid minor adjustments */
-
- if (diff <= store_digest->capacity / 10) {
- debugs(71, 2, "storeDigestResize: small change, will not resize.");
- return 0;
- } else {
- debugs(71, 2, "storeDigestResize: big change, resizing.");
- cacheDigestChangeCap(store_digest, cap);
- return 1;
- }
-}
-
#endif /* USE_CACHE_DIGESTS */
=== modified file 'src/tests/stub_CacheDigest.cc'
--- src/tests/stub_CacheDigest.cc 2016-01-01 00:14:27 +0000
+++ src/tests/stub_CacheDigest.cc 2016-07-23 07:16:20 +0000
@@ -16,11 +16,11 @@
class CacheDigestGuessStats;
class StoreEntry;
-CacheDigest * cacheDigestCreate(int, int) STUB_RETVAL(NULL)
+CacheDigest * cacheDigestCreate(uint64_t, uint8_t) STUB_RETVAL(NULL)
void cacheDigestDestroy(CacheDigest *) STUB
CacheDigest * cacheDigestClone(const CacheDigest *) STUB_RETVAL(NULL)
void cacheDigestClear(CacheDigest * ) STUB
-void cacheDigestChangeCap(CacheDigest *,int) STUB
+void cacheDigestChangeCap(CacheDigest *,uint64_t) STUB
int cacheDigestTest(const CacheDigest *, const cache_key *) STUB_RETVAL(1)
void cacheDigestAdd(CacheDigest *, const cache_key *) STUB
void cacheDigestDel(CacheDigest *, const cache_key *) STUB
@@ -28,5 +28,4 @@
void cacheDigestGuessStatsUpdate(CacheDigestGuessStats *, int, int) STUB
void cacheDigestGuessStatsReport(const CacheDigestGuessStats *, StoreEntry *, const char *) STUB
void cacheDigestReport(CacheDigest *, const char *, StoreEntry *) STUB
-size_t cacheDigestCalcMaskSize(int, int) STUB_RETVAL(1)
-
+uint32_t cacheDigestCalcMaskSize(uint64_t, uint8_t) STUB_RETVAL(1)

35
src/patches/squid/squid-3.5-14068.patch Normal file
View File

@@ -0,0 +1,35 @@
------------------------------------------------------------
revno: 14068
revision-id: squid3@treenet.co.nz-20160723071930-cemledcltg8pkc28
parent: squid3@treenet.co.nz-20160723071620-1wzqpbyi1rk5w6vg
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4542
author: Anonymous <bigparrot@pirateperfection.com>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sat 2016-07-23 19:19:30 +1200
message:
Bug #4542: authentication credentials IP TTL updated incorrectly
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160723071930-cemledcltg8pkc28
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: ee0c6aab5414532d9554ef338cce049263902fd8
# timestamp: 2016-07-23 07:24:05 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160723071620-\
# 1wzqpbyi1rk5w6vg
#
# Begin patch
=== modified file 'src/auth/User.cc'
--- src/auth/User.cc 2016-01-01 00:14:27 +0000
+++ src/auth/User.cc 2016-07-23 07:19:30 +0000
@@ -284,7 +284,7 @@
/* This ip has already been seen. */
found = 1;
/* update IP ttl */
- ipdata->ip_expiretime = squid_curtime;
+ ipdata->ip_expiretime = squid_curtime + ::Config.authenticateIpTTL;
} else if (ipdata->ip_expiretime <= squid_curtime) {
/* This IP has expired - remove from the seen list */
dlinkDelete(&ipdata->node, &ip_list);

30
src/patches/squid/squid-3.5-14069.patch Normal file
View File

@@ -0,0 +1,30 @@
------------------------------------------------------------
revno: 14069
revision-id: squidadm@squid-cache.org-20160723121351-iuc8hwstrqd0l1dv
parent: squid3@treenet.co.nz-20160723071930-cemledcltg8pkc28
committer: Source Maintenance <squidadm@squid-cache.org>
branch nick: 3.5
timestamp: Sat 2016-07-23 12:13:51 +0000
message:
SourceFormat Enforcement
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squidadm@squid-cache.org-20160723121351-\
# iuc8hwstrqd0l1dv
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: c9e37a723686ae2ee489ba7ec2e981ae153bda28
# timestamp: 2016-07-23 12:50:56 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160723071930-\
# cemledcltg8pkc28
#
# Begin patch
=== modified file 'src/tests/stub_CacheDigest.cc'
--- src/tests/stub_CacheDigest.cc 2016-07-23 07:16:20 +0000
+++ src/tests/stub_CacheDigest.cc 2016-07-23 12:13:51 +0000
@@ -29,3 +29,4 @@
void cacheDigestGuessStatsReport(const CacheDigestGuessStats *, StoreEntry *, const char *) STUB
void cacheDigestReport(CacheDigest *, const char *, StoreEntry *) STUB
uint32_t cacheDigestCalcMaskSize(uint64_t, uint8_t) STUB_RETVAL(1)
+

44
src/patches/squid/squid-3.5-14070.patch Normal file
View File

@@ -0,0 +1,44 @@
------------------------------------------------------------
revno: 14070
revision-id: squid3@treenet.co.nz-20160805145933-0cpyy47o8955lamx
parent: squidadm@squid-cache.org-20160723121351-iuc8hwstrqd0l1dv
author: Christos Tsantilas <chtsanti@users.sourceforge.net>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sat 2016-08-06 02:59:33 +1200
message:
Squid segfault via Ftp::Client::readControlReply().
Ftp::Client::scheduleReadControlReply(), which may called from the
asynchronous start() or readControlReply()/handleControlReply()
handlers, does not check whether the control connection is still usable
before using it.
This is a Measurement Factory project.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160805145933-0cpyy47o8955lamx
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 1c21ce821f9cbc22b3e8ff2b1029f7084b5f0643
# timestamp: 2016-08-05 15:00:22 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squidadm@squid-cache.org-20160723121351-\
# iuc8hwstrqd0l1dv
#
# Begin patch
=== modified file 'src/clients/FtpClient.cc'
--- src/clients/FtpClient.cc 2016-02-19 23:15:41 +0000
+++ src/clients/FtpClient.cc 2016-08-05 14:59:33 +0000
@@ -314,6 +314,11 @@
/* We've already read some reply data */
handleControlReply();
} else {
+
+ if (!Comm::IsConnOpen(ctrl.conn)) {
+ debugs(9, 3, "cannot read without ctrl " << ctrl.conn);
+ return;
+ }
/*
* Cancel the timeout on the Data socket (if any) and
* establish one on the control socket.

70
src/patches/squid/squid-3.5-14071.patch Normal file
View File

@@ -0,0 +1,70 @@
------------------------------------------------------------
revno: 14071
revision-id: squid3@treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3
parent: squid3@treenet.co.nz-20160805145933-0cpyy47o8955lamx
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4428
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Wed 2016-08-17 14:55:01 +1200
message:
Bug 4428: mal-formed Cache-Control:stale-if-error header
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: b3b3ef13c45062a97bd5cc88c934019fe4af7a3c
# timestamp: 2016-08-17 02:55:20 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160805145933-\
# 0cpyy47o8955lamx
#
# Begin patch
=== modified file 'src/HttpHdrCc.cc'
--- src/HttpHdrCc.cc 2016-01-01 00:14:27 +0000
+++ src/HttpHdrCc.cc 2016-08-17 02:55:01 +0000
@@ -257,6 +257,27 @@
/* for all options having values, "=value" after the name */
switch (flag) {
+ case CC_BADHDR:
+ break;
+ case CC_PUBLIC:
+ break;
+ case CC_PRIVATE:
+ if (Private().size())
+ packerPrintf(p, "=\"" SQUIDSTRINGPH "\"", SQUIDSTRINGPRINT(Private()));
+ break;
+
+ case CC_NO_CACHE:
+ if (noCache().size())
+ packerPrintf(p, "=\"" SQUIDSTRINGPH "\"", SQUIDSTRINGPRINT(noCache()));
+ break;
+ case CC_NO_STORE:
+ break;
+ case CC_NO_TRANSFORM:
+ break;
+ case CC_MUST_REVALIDATE:
+ break;
+ case CC_PROXY_REVALIDATE:
+ break;
case CC_MAX_AGE:
packerPrintf(p, "=%d", (int) maxAge());
break;
@@ -272,8 +293,14 @@
case CC_MIN_FRESH:
packerPrintf(p, "=%d", (int) minFresh());
break;
- default:
- /* do nothing, directive was already printed */
+ case CC_ONLY_IF_CACHED:
+ break;
+ case CC_STALE_IF_ERROR:
+ packerPrintf(p, "=%d", staleIfError());
+ break;
+ case CC_OTHER:
+ case CC_ENUM_END:
+ // done below after the loop
break;
}

33
src/patches/squid/squid-3.5-14072.patch Normal file
View File

@@ -0,0 +1,33 @@
------------------------------------------------------------
revno: 14072
revision-id: squid3@treenet.co.nz-20160817025828-s4102klt2ei25tsm
parent: squid3@treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Wed 2016-08-17 14:58:28 +1200
message:
Fix SSL-Bump failure results in SEGFAULT
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160817025828-s4102klt2ei25tsm
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 73877d276fba41282aeb5973207d02851d5eb784
# timestamp: 2016-08-17 03:50:56 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160817025501-\
# e66sjxm0bfy3ksn3
#
# Begin patch
=== modified file 'src/client_side_request.cc'
--- src/client_side_request.cc 2016-05-06 08:24:29 +0000
+++ src/client_side_request.cc 2016-08-17 02:58:28 +0000
@@ -1811,7 +1811,7 @@
repContext->setReplyToStoreEntry(e, "immediate SslBump error");
errorAppendEntry(e, calloutContext->error);
calloutContext->error = NULL;
- if (calloutContext->readNextRequest)
+ if (calloutContext->readNextRequest && getConn())
getConn()->flags.readMore = true; // resume any pipeline reads.
node = (clientStreamNode *)client_stream.tail->data;
clientStreamRead(node, this, node->readBuffer);

151
src/patches/squid/squid-3.5-14073.patch Normal file
View File

@@ -0,0 +1,151 @@
------------------------------------------------------------
revno: 14073
revision-id: squid3@treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj
parent: squid3@treenet.co.nz-20160817025828-s4102klt2ei25tsm
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4563
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Wed 2016-08-17 17:10:37 +1200
message:
Bug 4563: duplicate code in httpMakeVaryMark
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: bba9a17715b8759e9d70db2c75f70f3c6152ae8a
# timestamp: 2016-08-17 05:50:53 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160817025828-\
# s4102klt2ei25tsm
#
# Begin patch
=== modified file 'src/http.cc'
--- src/http.cc 2016-04-01 06:15:31 +0000
+++ src/http.cc 2016-08-17 05:10:37 +0000
@@ -572,6 +572,38 @@
/* NOTREACHED */
}
+/// assemble a variant key (vary-mark) from the given Vary header and HTTP request
+static void
+assembleVaryKey(String &vary, SBuf &vstr, const HttpRequest &request)
+{
+ static const SBuf asterisk("*");
+ const char *pos = nullptr;
+ const char *item = nullptr;
+ int ilen = 0;
+
+ while (strListGetItem(&vary, ',', &item, &ilen, &pos)) {
+ SBuf name(item, ilen);
+ if (name == asterisk) {
+ vstr.clear();
+ break;
+ }
+ name.toLower();
+ if (!vstr.isEmpty())
+ vstr.append(", ", 2);
+ vstr.append(name);
+ String hdr(request.header.getByName(name.c_str()));
+ const char *value = hdr.termedBuf();
+ if (value) {
+ value = rfc1738_escape_part(value);
+ vstr.append("=\"", 2);
+ vstr.append(value);
+ vstr.append("\"", 1);
+ }
+
+ hdr.clean();
+ }
+}
+
/*
* For Vary, store the relevant request headers as
* virtual headers in the reply
@@ -580,81 +612,16 @@
SBuf
httpMakeVaryMark(HttpRequest * request, HttpReply const * reply)
{
- String vary, hdr;
- const char *pos = NULL;
- const char *item;
- const char *value;
- int ilen;
SBuf vstr;
- static const SBuf asterisk("*");
+ String vary;
vary = reply->header.getList(HDR_VARY);
-
- while (strListGetItem(&vary, ',', &item, &ilen, &pos)) {
- char *name = (char *)xmalloc(ilen + 1);
- xstrncpy(name, item, ilen + 1);
- Tolower(name);
-
- if (strcmp(name, "*") == 0) {
- /* Can not handle "Vary: *" withtout ETag support */
- safe_free(name);
- vstr.clear();
- break;
- }
-
- if (!vstr.isEmpty())
- vstr.append(", ", 2);
- vstr.append(name);
- hdr = request->header.getByName(name);
- safe_free(name);
- value = hdr.termedBuf();
-
- if (value) {
- value = rfc1738_escape_part(value);
- vstr.append("=\"", 2);
- vstr.append(value);
- vstr.append("\"", 1);
- }
-
- hdr.clean();
- }
-
+ assembleVaryKey(vary, vstr, *request);
+
+#if X_ACCELERATOR_VARY
vary.clean();
-#if X_ACCELERATOR_VARY
-
- pos = NULL;
vary = reply->header.getList(HDR_X_ACCELERATOR_VARY);
-
- while (strListGetItem(&vary, ',', &item, &ilen, &pos)) {
- char *name = (char *)xmalloc(ilen + 1);
- xstrncpy(name, item, ilen + 1);
- Tolower(name);
-
- if (strcmp(name, "*") == 0) {
- /* Can not handle "Vary: *" withtout ETag support */
- safe_free(name);
- vstr.clear();
- break;
- }
-
- if (!vstr.isEmpty())
- vstr.append(", ", 2);
- vstr.append(name);
- hdr = request->header.getByName(name);
- safe_free(name);
- value = hdr.termedBuf();
-
- if (value) {
- value = rfc1738_escape_part(value);
- vstr.append("=\"", 2);
- vstr.append(value);
- vstr.append("\"", 1);
- }
-
- hdr.clean();
- }
-
- vary.clean();
+ assembleVaryKey(vary, vstr, *request);
#endif
debugs(11, 3, vstr);

55
src/patches/squid/squid-3.5-14074.patch Normal file
View File

@@ -0,0 +1,55 @@
------------------------------------------------------------
revno: 14074
revision-id: squid3@treenet.co.nz-20160817054829-rl7q49ysi40sj01i
parent: squid3@treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3025
author: mkishi <mkishi@104.net>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Wed 2016-08-17 17:48:29 +1200
message:
Bug 3025: Proxy-Authenticate problem using ICAP server
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160817054829-rl7q49ysi40sj01i
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: f4eb1b35dc72bba74a398070900a0951257e547e
# timestamp: 2016-08-17 05:50:56 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160817051037-\
# p0kaj2iw2u4u8iqj
#
# Begin patch
=== modified file 'src/client_side_reply.cc'
--- src/client_side_reply.cc 2016-04-01 06:15:31 +0000
+++ src/client_side_reply.cc 2016-08-17 05:48:29 +0000
@@ -1305,8 +1305,14 @@
// if there is not configured a peer proxy with login=PASS or login=PASSTHRU option enabled
// remove the Proxy-Authenticate header
- if ( !request->peer_login || (strcmp(request->peer_login,"PASS") != 0 && strcmp(request->peer_login,"PASSTHRU") != 0))
- reply->header.delById(HDR_PROXY_AUTHENTICATE);
+ if ( !request->peer_login || (strcmp(request->peer_login,"PASS") != 0 && strcmp(request->peer_login,"PASSTHRU") != 0)) {
+#if USE_ADAPTATION
+ // but allow adaptation services to authenticate clients
+ // via request satisfaction
+ if (!http->requestSatisfactionMode())
+#endif
+ reply->header.delById(HDR_PROXY_AUTHENTICATE);
+ }
reply->header.removeHopByHopEntries();
=== modified file 'src/client_side_request.h'
--- src/client_side_request.h 2016-01-01 00:14:27 +0000
+++ src/client_side_request.h 2016-08-17 05:48:29 +0000
@@ -140,6 +140,7 @@
public:
void startAdaptation(const Adaptation::ServiceGroupPointer &g);
+ bool requestSatisfactionMode() const { return request_satisfaction_mode; }
// private but exposed for ClientRequestContext
void handleAdaptationFailure(int errDetail, bool bypassable = false);

38
src/patches/squid/squid-3.5-14075.patch Normal file
View File

@@ -0,0 +1,38 @@
------------------------------------------------------------
revno: 14075
revision-id: squid3@treenet.co.nz-20160817133413-vdmm0d6kvo8bfszk
parent: squid3@treenet.co.nz-20160817054829-rl7q49ysi40sj01i
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Thu 2016-08-18 01:34:13 +1200
message:
Fix logic error in rev.13930
Using !=0 on both string compares means any login= value will permit
40x responses through. Only PASS and PASSTHRU should be doing that.
Detected by Coverity Scan. Issue 1364711
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160817133413-vdmm0d6kvo8bfszk
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 31f0c4e0f435e0aa994ffe8937e4d4c58fed37f5
# timestamp: 2016-08-17 13:34:59 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160817054829-\
# rl7q49ysi40sj01i
#
# Begin patch
=== modified file 'src/tunnel.cc'
--- src/tunnel.cc 2016-01-01 00:14:27 +0000
+++ src/tunnel.cc 2016-08-17 13:34:13 +0000
@@ -476,7 +476,7 @@
// we need to relay the 401/407 responses when login=PASS(THRU)
const char *pwd = server.conn->getPeer()->login;
- const bool relay = pwd && (strcmp(pwd, "PASS") != 0 || strcmp(pwd, "PASSTHRU") != 0) &&
+ const bool relay = pwd && (strcmp(pwd, "PASS") == 0 || strcmp(pwd, "PASSTHRU") == 0) &&
(*status_ptr == Http::scProxyAuthenticationRequired ||
*status_ptr == Http::scUnauthorized);