diff --git a/config/rootfiles/common/gnupg b/config/rootfiles/common/gnupg index 9aecc418a..edd2beccb 100644 --- a/config/rootfiles/common/gnupg +++ b/config/rootfiles/common/gnupg @@ -13,6 +13,4 @@ usr/lib/gnupg/gpgkeys_ldap #usr/share/info/gnupg1.info #usr/share/man/man1/gpg-zip.1 #usr/share/man/man1/gpg.1 -#usr/share/man/man1/gpg.ru.1 #usr/share/man/man1/gpgv.1 -#usr/share/man/man7/gnupg.7 diff --git a/config/rootfiles/common/libgcrypt b/config/rootfiles/common/libgcrypt index 578e0b689..470634341 100644 --- a/config/rootfiles/common/libgcrypt +++ b/config/rootfiles/common/libgcrypt @@ -6,7 +6,7 @@ #usr/lib/libgcrypt.la #usr/lib/libgcrypt.so usr/lib/libgcrypt.so.20 -usr/lib/libgcrypt.so.20.0.4 +usr/lib/libgcrypt.so.20.1.3 #usr/share/aclocal/libgcrypt.m4 #usr/share/info/gcrypt.info #usr/share/man/man1/hmac256.1 diff --git a/config/rootfiles/common/libgpg-error b/config/rootfiles/common/libgpg-error index 3e927ed91..92ac1f3f9 100644 --- a/config/rootfiles/common/libgpg-error +++ b/config/rootfiles/common/libgpg-error @@ -4,7 +4,7 @@ usr/bin/gpg-error #usr/lib/libgpg-error.la #usr/lib/libgpg-error.so usr/lib/libgpg-error.so.0 -usr/lib/libgpg-error.so.0.16.0 +usr/lib/libgpg-error.so.0.19.1 #usr/share/aclocal/gpg-error.m4 #usr/share/common-lisp #usr/share/common-lisp/source diff --git a/config/rootfiles/core/104/update.sh b/config/rootfiles/core/104/update.sh index 3988a9dab..0223923d2 100644 --- a/config/rootfiles/core/104/update.sh +++ b/config/rootfiles/core/104/update.sh @@ -139,11 +139,6 @@ esac # Extract files tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C / -# Update customservices -cp /var/ipfire/fwhosts/customservices /var/ipfire/fwhosts/customservices.old -echo 35,Submission (TCP),587,TCP,BLANK,0 >> /var/ipfire/fwhosts/customservices -echo 36,SSMTP,465,TCP,BLANK,0 >> /var/ipfire/fwhosts/customservices - # Remove some old files rm -f /bin/groups /lib/libshadow.so.0* diff --git a/config/rootfiles/packages/libassuan b/config/rootfiles/packages/libassuan index 9c7aadbb9..8670ee704 100644 --- a/config/rootfiles/packages/libassuan +++ b/config/rootfiles/packages/libassuan @@ -3,6 +3,6 @@ usr/bin/libassuan-config #usr/lib/libassuan.la usr/lib/libassuan.so usr/lib/libassuan.so.0 -usr/lib/libassuan.so.0.5.0 +usr/lib/libassuan.so.0.7.3 #usr/share/aclocal/libassuan.m4 #usr/share/info/assuan.info diff --git a/lfs/clamav b/lfs/clamav index 891161919..0625ecf93 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = clamav -PAK_VER = 33 +PAK_VER = 34 DEPS = "" diff --git a/lfs/dnsmasq b/lfs/dnsmasq index 474dacc61..7a11061da 100644 --- a/lfs/dnsmasq +++ b/lfs/dnsmasq @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2016 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2016 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -87,6 +87,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/012-Compile-time_check_on_buffer_sizes_for_leasefile_parsing_code.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/013-auth-zone_allow_to_exclude_ip_addresses_from_answer.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/014-Bump_auth_zone_serial_when_reloading_etc_hosts_and_friends.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/015-Handle_v4-mapped_IPv6_addresses_sanely_for_--synth-domain.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/016-Refactor_openBSD_pftables_code_to_remove_blatant_copyright_violation.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch cd $(DIR_APP) && sed -i src/config.h \ diff --git a/lfs/gnupg b/lfs/gnupg index 29835e082..aa76042e3 100644 --- a/lfs/gnupg +++ b/lfs/gnupg @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2014 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2016 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.4.18 +VER = 1.4.21 THISAPP = gnupg-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 54db1be9588b11afbbdd8b82d4ea883a +$(DL_FILE)_MD5 = 9bdeabf3c0f87ff21cb3f9216efdd01d install : $(TARGET) diff --git a/lfs/hostapd b/lfs/hostapd index 7d193d977..a4fe99a92 100644 --- a/lfs/hostapd +++ b/lfs/hostapd @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = hostapd -PAK_VER = 36 +PAK_VER = 37 DEPS = "" diff --git a/lfs/libassuan b/lfs/libassuan index 0137d14b2..29f799a07 100644 --- a/lfs/libassuan +++ b/lfs/libassuan @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2015 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2016 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 2.2.0 +VER = 2.4.3 THISAPP = libassuan-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = libassuan -PAK_VER = 3 +PAK_VER = 4 DEPS = "" @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = a104faed3e97b9c302c5d67cc22b1d60 +$(DL_FILE)_MD5 = 8e01a7c72d3e5d154481230668e6eb5a install : $(TARGET) diff --git a/lfs/libgcrypt b/lfs/libgcrypt index 98cf7871e..5a060325b 100644 --- a/lfs/libgcrypt +++ b/lfs/libgcrypt @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2015 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2016 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.6.4 +VER = 1.7.3 THISAPP = libgcrypt-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 4c13c5fa43147866f993d73ee62af176 +$(DL_FILE)_MD5 = c869e542cc13a1c28d8055487bf7f5c4 install : $(TARGET) diff --git a/lfs/libgpg-error b/lfs/libgpg-error index ab9499e11..84af2aa36 100644 --- a/lfs/libgpg-error +++ b/lfs/libgpg-error @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2015 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2016 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.20 +VER = 1.24 THISAPP = libgpg-error-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 9997d9203b672402a04760176811589d +$(DL_FILE)_MD5 = feb42198c0aaf3b28eabe8f41a34b983 install : $(TARGET) diff --git a/lfs/linux b/lfs/linux index c643da409..e365be6af 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,10 +24,10 @@ include Config -VER = 3.14.74 -RPI_PATCHES = 3.14.74-grsec-ipfire1 -A7M_PATCHES = 3.14.74-grsec-ipfire1 -GRS_PATCHES = grsecurity-3.1ipfire-3.14.74-v1.patch.xz +VER = 3.14.77 +RPI_PATCHES = 3.14.77-grsec-ipfire1 +A7M_PATCHES = 3.14.77-grsec-ipfire1 +GRS_PATCHES = grsecurity-3.1ipfire-3.14.77-v1.patch.xz THISAPP = linux-$(VER) @@ -37,7 +37,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) CFLAGS = CXXFLAGS = -PAK_VER = 69 +PAK_VER = 71 DEPS = "" KERNEL_ARCH = $(MACHINE) @@ -83,10 +83,10 @@ rpi-patches-$(RPI_PATCHES).patch.xz = $(URL_IPFIRE)/rpi-patches-$(RPI_PATCHES). arm7-multi-patches-$(A7M_PATCHES).patch.xz = $(URL_IPFIRE)/arm7-multi-patches-$(A7M_PATCHES).patch.xz $(GRS_PATCHES) = $(URL_IPFIRE)/$(GRS_PATCHES) -$(DL_FILE)_MD5 = f83028755dc380862a91fe75e64b01aa -rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = 32b1101dc51f89c1fb3bfb1907f4bce5 -arm7-multi-patches-$(A7M_PATCHES).patch.xz_MD5 = b9a638c68cefd4c08dfcb9c4434458b1 -$(GRS_PATCHES)_MD5 = 5f4595575e159dd730b222d204cc9b39 +$(DL_FILE)_MD5 = 7ecb8518498d0666a7b88f359e566f4c +rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = 3213020a9627ea73cc9668e2db4ff8a4 +arm7-multi-patches-$(A7M_PATCHES).patch.xz_MD5 = 56949a37637656d5ea23658cc9222f64 +$(GRS_PATCHES)_MD5 = 5ed67f97c3b0de1b290f9155eb166c56 install : $(TARGET) @@ -132,6 +132,7 @@ ifneq "$(KCFG)" "-headers" cd $(DIR_APP) && xz -c -d $(DIR_DL)/$(GRS_PATCHES) | patch -Np1 cd $(DIR_APP) && rm localversion-grsec cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.7-disable-compat_vdso.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.14.77-gsrec_tcp_input_access_once_rw.patch endif # DVB Patches @@ -199,6 +200,7 @@ endif cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/0023-hyperv-Fix-error-return-code-in-netvsc_init_buf.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/0024-hyperv-Fix-a-bug-in-netvsc_send.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/0025-Drivers-hv-vmbus-Support-per-channel-driver-state.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-hyperv_Mark_the_Hyoer-V_TSC_as_unstable.patch # fix empty symbol crc's cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-genksyms_fix_typeof_handling.patch diff --git a/lfs/mc b/lfs/mc index 945d604a5..b682d645e 100644 --- a/lfs/mc +++ b/lfs/mc @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = mc -PAK_VER = 12 +PAK_VER = 13 DEPS = "" diff --git a/lfs/nano b/lfs/nano index 6bf411b2a..5dcf4845e 100644 --- a/lfs/nano +++ b/lfs/nano @@ -24,7 +24,7 @@ include Config -VER = 2.6.1 +VER = 2.6.3 THISAPP = nano-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = nano -PAK_VER = 10 +PAK_VER = 11 DEPS = "" @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 5154704d2f3461140e6798470e03b711 +$(DL_FILE)_MD5 = 1213c7f17916e65afefc95054c1f90f9 install : $(TARGET) diff --git a/lfs/nfs b/lfs/nfs index 42ac5b586..23a17739e 100644 --- a/lfs/nfs +++ b/lfs/nfs @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = nfs -PAK_VER = 8 +PAK_VER = 9 DEPS = "rpcbind" diff --git a/lfs/rpcbind b/lfs/rpcbind index d9e28854e..e7f9eff08 100644 --- a/lfs/rpcbind +++ b/lfs/rpcbind @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = rpcbind -PAK_VER = 1 +PAK_VER = 2 DEPS = "libtirpc" diff --git a/lfs/smartmontools b/lfs/smartmontools index c3ba635a5..6c6d7db1d 100644 --- a/lfs/smartmontools +++ b/lfs/smartmontools @@ -24,7 +24,7 @@ include Config -VER = 6.3 +VER = 6.5 THISAPP = smartmontools-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 2ea0c62206e110192a97b59291b17f54 +$(DL_FILE)_MD5 = 093aeec3f8f39fa9a37593c4012d3156 install : $(TARGET) @@ -70,7 +70,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/smartmontools-5.39-exit_segfault.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/smartmontools-6.5-exit_segfault.patch cd $(DIR_APP) && autoreconf cd $(DIR_APP) && ./configure --prefix=/usr cd $(DIR_APP) && make BUILD_INFO='"($(NAME) $(VERSION))"' $(MAKETUNING) diff --git a/lfs/squid b/lfs/squid index edaf943d6..2d9c5960f 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,7 +24,7 @@ include Config -VER = 3.5.19 +VER = 3.5.20 THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = a1d990284c429a63ee85d80ee5b3b8b9 +$(DL_FILE)_MD5 = 48fb18679a30606de98882528beab3a7 install : $(TARGET) @@ -70,13 +70,16 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14051.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14052.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14053.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14054.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14055.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14056.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.17-fix-max-file-descriptors.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14067.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14068.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14069.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14070.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14071.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14072.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14073.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14074.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14075.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.20-fix-max-file-descriptors.patch cd $(DIR_APP) && autoreconf -vfi cd $(DIR_APP)/libltdl && autoreconf -vfi diff --git a/make.sh b/make.sh index efbdfb856..1c832d016 100755 --- a/make.sh +++ b/make.sh @@ -26,7 +26,7 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.19" # Version number CORE="104" # Core Level (Filename) -PAKFIRE_CORE="103" # Core Level (PAKFIRE) +PAKFIRE_CORE="104" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir diff --git a/src/patches/arm-multi-grsec-compile-fixes.patch b/src/patches/arm-multi-grsec-compile-fixes.patch index 08726f8a2..b71d9aec6 100644 --- a/src/patches/arm-multi-grsec-compile-fixes.patch +++ b/src/patches/arm-multi-grsec-compile-fixes.patch @@ -1,18 +1,18 @@ -diff -Naur linux-3.14.74.org/arch/arm/mach-omap2/cclock3xxx_data.c linux-3.14.74/arch/arm/mach-omap2/cclock3xxx_data.c ---- linux-3.14.74.org/arch/arm/mach-omap2/cclock3xxx_data.c 2016-07-27 18:56:02.000000000 +0200 -+++ linux-3.14.74/arch/arm/mach-omap2/cclock3xxx_data.c 2016-07-29 01:47:45.272515907 +0200 +diff -Naur linux-3.14.76.org/arch/arm/mach-omap2/cclock3xxx_data.c linux-3.14.76/arch/arm/mach-omap2/cclock3xxx_data.c +--- linux-3.14.76.org/arch/arm/mach-omap2/cclock3xxx_data.c 2016-08-18 06:26:02.000000000 +0200 ++++ linux-3.14.76/arch/arm/mach-omap2/cclock3xxx_data.c 2016-08-18 06:37:51.442186995 +0200 @@ -250,7 +250,7 @@ static struct clk dpll1_ck; --static const struct clk_ops dpll1_ck_ops = { -+static clk_ops_no_const dpll1_ck_ops = { +-static struct clk_ops dpll1_ck_ops; ++static clk_ops_no_const dpll1_ck_ops; + + static struct clk_ops dpll1_ck_ops_34xx __initdata = { .init = &omap2_init_clk_clkdm, - .enable = &omap3_noncore_dpll_enable, - .disable = &omap3_noncore_dpll_disable, -diff -Naur linux-3.14.74.org/net/ipv6/addrconf.c linux-3.14.74/net/ipv6/addrconf.c ---- linux-3.14.74.org/net/ipv6/addrconf.c 2016-07-29 03:47:13.000000000 +0200 -+++ linux-3.14.74/net/ipv6/addrconf.c 2016-07-29 00:47:00.000000000 +0200 +diff -Naur linux-3.14.76.org/net/ipv6/addrconf.c linux-3.14.76/net/ipv6/addrconf.c +--- linux-3.14.76.org/net/ipv6/addrconf.c 2016-08-18 06:25:51.000000000 +0200 ++++ linux-3.14.76/net/ipv6/addrconf.c 2016-08-18 06:31:51.802186824 +0200 @@ -4818,7 +4818,7 @@ { struct inet6_dev *idev = ctl->extra1; diff --git a/src/patches/dnsmasq/015-Handle_v4-mapped_IPv6_addresses_sanely_for_--synth-domain.patch b/src/patches/dnsmasq/015-Handle_v4-mapped_IPv6_addresses_sanely_for_--synth-domain.patch new file mode 100644 index 000000000..7ebef8378 --- /dev/null +++ b/src/patches/dnsmasq/015-Handle_v4-mapped_IPv6_addresses_sanely_for_--synth-domain.patch @@ -0,0 +1,101 @@ +From 6d95099c56a926d672e0407d6017fef9714f40c4 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Thu, 11 Aug 2016 23:38:54 +0100 +Subject: [PATCH] Handle v4-mapped IPv6 addresses sanely for --synth-domain. + +--- + CHANGELOG | 7 ++++++- + man/dnsmasq.8 | 2 ++ + src/domain.c | 34 ++++++++++++++++++++++++---------- + 3 files changed, 32 insertions(+), 11 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 4f89799..2731cc4 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -24,7 +24,12 @@ version 2.77 + Bump zone serial on reloading /etc/hosts and friends + when providing authoritative DNS. Thanks to Harrald + Dunkel for spotting this. +- ++ ++ Handle v4-mapped IPv6 addresses sanely in --synth-domain. ++ These have standard representation like ::ffff:1.2.3.4 ++ and are now converted to names like ++ --ffff-1-2-3-4. ++ + + version 2.76 + Include 0.0.0.0/8 in DNS rebind checks. This range +diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 +index 8910947..91fe672 100644 +--- a/man/dnsmasq.8 ++++ b/man/dnsmasq.8 +@@ -619,6 +619,8 @@ but IPv6 addresses may start with '::' + but DNS labels may not start with '-' so in this case if no prefix is + configured a zero is added in front of the label. ::1 becomes 0--1. + ++V4 mapped IPv6 addresses, which have a representation like ::ffff:1.2.3.4 are handled specially, and become like 0--ffff-1-2-3-4 ++ + The address range can be of the form + , or / + .TP +diff --git a/src/domain.c b/src/domain.c +index 1dd5027..a007acd 100644 +--- a/src/domain.c ++++ b/src/domain.c +@@ -77,18 +77,31 @@ int is_name_synthetic(int flags, char *name, struct all_addr *addr) + + *p = 0; + +- /* swap . or : for - */ +- for (p = tail; *p; p++) +- if (*p == '-') +- { +- if (prot == AF_INET) ++ #ifdef HAVE_IPV6 ++ if (prot == AF_INET6 && strstr(tail, "--ffff-") == tail) ++ { ++ /* special hack for v4-mapped. */ ++ memcpy(tail, "::ffff:", 7); ++ for (p = tail + 7; *p; p++) ++ if (*p == '-') + *p = '.'; ++ } ++ else ++#endif ++ { ++ /* swap . or : for - */ ++ for (p = tail; *p; p++) ++ if (*p == '-') ++ { ++ if (prot == AF_INET) ++ *p = '.'; + #ifdef HAVE_IPV6 +- else +- *p = ':'; ++ else ++ *p = ':'; + #endif +- } +- ++ } ++ } ++ + if (hostname_isequal(c->domain, p+1) && inet_pton(prot, tail, addr)) + { + if (prot == AF_INET) +@@ -169,8 +182,9 @@ int is_rev_synth(int flag, struct all_addr *addr, char *name) + inet_ntop(AF_INET6, &addr->addr.addr6, name+1, ADDRSTRLEN); + } + ++ /* V4-mapped have periods.... */ + for (p = name; *p; p++) +- if (*p == ':') ++ if (*p == ':' || *p == '.') + *p = '-'; + + strncat(name, ".", MAXDNAME); +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/016-Refactor_openBSD_pftables_code_to_remove_blatant_copyright_violation.patch b/src/patches/dnsmasq/016-Refactor_openBSD_pftables_code_to_remove_blatant_copyright_violation.patch new file mode 100644 index 000000000..db27f9043 --- /dev/null +++ b/src/patches/dnsmasq/016-Refactor_openBSD_pftables_code_to_remove_blatant_copyright_violation.patch @@ -0,0 +1,149 @@ +From 396750cef533cf72c7e6a72e47a9c93e2e431cb7 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Sat, 13 Aug 2016 22:34:11 +0100 +Subject: [PATCH] Refactor openBSD pftables code to remove blatant copyright + violation. + +--- + src/tables.c | 90 +++++++++++++++++++++------------------------------------- + 1 file changed, 32 insertions(+), 58 deletions(-) + +diff --git a/src/tables.c b/src/tables.c +index aae1252..4fa3487 100644 +--- a/src/tables.c ++++ b/src/tables.c +@@ -53,52 +53,6 @@ static char *pfr_strerror(int errnum) + } + } + +-static int pfr_add_tables(struct pfr_table *tbl, int size, int *nadd, int flags) +-{ +- struct pfioc_table io; +- +- if (size < 0 || (size && tbl == NULL)) +- { +- errno = EINVAL; +- return (-1); +- } +- bzero(&io, sizeof io); +- io.pfrio_flags = flags; +- io.pfrio_buffer = tbl; +- io.pfrio_esize = sizeof(*tbl); +- io.pfrio_size = size; +- if (ioctl(dev, DIOCRADDTABLES, &io)) +- return (-1); +- if (nadd != NULL) +- *nadd = io.pfrio_nadd; +- return (0); +-} +- +-static int fill_addr(const struct all_addr *ipaddr, int flags, struct pfr_addr* addr) { +- if ( !addr || !ipaddr) +- { +- my_syslog(LOG_ERR, _("error: fill_addr missused")); +- return -1; +- } +- bzero(addr, sizeof(*addr)); +-#ifdef HAVE_IPV6 +- if (flags & F_IPV6) +- { +- addr->pfra_af = AF_INET6; +- addr->pfra_net = 0x80; +- memcpy(&(addr->pfra_ip6addr), &(ipaddr->addr), sizeof(struct in6_addr)); +- } +- else +-#endif +- { +- addr->pfra_af = AF_INET; +- addr->pfra_net = 0x20; +- addr->pfra_ip4addr.s_addr = ipaddr->addr.addr4.s_addr; +- } +- return 1; +-} +- +-/*****************************************************************************/ + + void ipset_init(void) + { +@@ -111,14 +65,13 @@ void ipset_init(void) + } + + int add_to_ipset(const char *setname, const struct all_addr *ipaddr, +- int flags, int remove) ++ int flags, int remove) + { + struct pfr_addr addr; + struct pfioc_table io; + struct pfr_table table; +- int n = 0, rc = 0; + +- if ( dev == -1 ) ++ if (dev == -1) + { + my_syslog(LOG_ERR, _("warning: no opened pf devices %s"), pf_device); + return -1; +@@ -126,31 +79,52 @@ int add_to_ipset(const char *setname, const struct all_addr *ipaddr, + + bzero(&table, sizeof(struct pfr_table)); + table.pfrt_flags |= PFR_TFLAG_PERSIST; +- if ( strlen(setname) >= PF_TABLE_NAME_SIZE ) ++ if (strlen(setname) >= PF_TABLE_NAME_SIZE) + { + my_syslog(LOG_ERR, _("error: cannot use table name %s"), setname); + errno = ENAMETOOLONG; + return -1; + } + +- if ( strlcpy(table.pfrt_name, setname, +- sizeof(table.pfrt_name)) >= sizeof(table.pfrt_name)) ++ if (strlcpy(table.pfrt_name, setname, ++ sizeof(table.pfrt_name)) >= sizeof(table.pfrt_name)) + { + my_syslog(LOG_ERR, _("error: cannot strlcpy table name %s"), setname); + return -1; + } + +- if ((rc = pfr_add_tables(&table, 1, &n, 0))) ++ bzero(&io, sizeof io); ++ io.pfrio_flags = 0; ++ io.pfrio_buffer = &table; ++ io.pfrio_esize = sizeof(table); ++ io.pfrio_size = 1; ++ if (ioctl(dev, DIOCRADDTABLES, &io)) + { +- my_syslog(LOG_WARNING, _("warning: pfr_add_tables: %s(%d)"), +- pfr_strerror(errno),rc); ++ my_syslog(LOG_WARNING, _("IPset: error:%s"), pfr_strerror(errno)); ++ + return -1; + } ++ + table.pfrt_flags &= ~PFR_TFLAG_PERSIST; +- if (n) ++ if (io.pfrio_nadd) + my_syslog(LOG_INFO, _("info: table created")); +- +- fill_addr(ipaddr,flags,&addr); ++ ++ bzero(&addr, sizeof(addr)); ++#ifdef HAVE_IPV6 ++ if (flags & F_IPV6) ++ { ++ addr.pfra_af = AF_INET6; ++ addr.pfra_net = 0x80; ++ memcpy(&(addr.pfra_ip6addr), &(ipaddr->addr), sizeof(struct in6_addr)); ++ } ++ else ++#endif ++ { ++ addr.pfra_af = AF_INET; ++ addr.pfra_net = 0x20; ++ addr.pfra_ip4addr.s_addr = ipaddr->addr.addr4.s_addr; ++ } ++ + bzero(&io, sizeof(io)); + io.pfrio_flags = 0; + io.pfrio_table = table; +-- +1.7.10.4 + diff --git a/src/patches/linux-3.14.77-gsrec_tcp_input_access_once_rw.patch b/src/patches/linux-3.14.77-gsrec_tcp_input_access_once_rw.patch new file mode 100644 index 000000000..19d044892 --- /dev/null +++ b/src/patches/linux-3.14.77-gsrec_tcp_input_access_once_rw.patch @@ -0,0 +1,18 @@ +diff -Naur linux-3.14.77.org/net/ipv4/tcp_input.c linux-3.14.77/net/ipv4/tcp_input.c +--- linux-3.14.77.org/net/ipv4/tcp_input.c 2016-08-21 19:58:45.000000000 +0200 ++++ linux-3.14.77/net/ipv4/tcp_input.c 2016-08-21 21:11:24.336757369 +0200 +@@ -3299,12 +3299,12 @@ + u32 half = (sysctl_tcp_challenge_ack_limit + 1) >> 1; + + challenge_timestamp = now; +- ACCESS_ONCE(challenge_count) = half + ++ ACCESS_ONCE_RW(challenge_count) = half + + prandom_u32_max(sysctl_tcp_challenge_ack_limit); + } + count = ACCESS_ONCE(challenge_count); + if (count > 0) { +- ACCESS_ONCE(challenge_count) = count - 1; ++ ACCESS_ONCE_RW(challenge_count) = count - 1; + NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPCHALLENGEACK); + tcp_send_ack(sk); + } diff --git a/src/patches/linux-hyperv_Mark_the_Hyoer-V_TSC_as_unstable.patch b/src/patches/linux-hyperv_Mark_the_Hyoer-V_TSC_as_unstable.patch new file mode 100644 index 000000000..d12f46b6a --- /dev/null +++ b/src/patches/linux-hyperv_Mark_the_Hyoer-V_TSC_as_unstable.patch @@ -0,0 +1,47 @@ +From 88c9281a9fba67636ab26c1fd6afbc78a632374f Mon Sep 17 00:00:00 2001 +From: Vitaly Kuznetsov +Date: Wed, 19 Aug 2015 09:54:24 -0700 +Subject: x86/hyperv: Mark the Hyper-V TSC as unstable + +The Hyper-V top-level functional specification states, that +"algorithms should be resilient to sudden jumps forward or +backward in the TSC value", this means that we should consider +TSC as unstable. In some cases tsc tests are able to detect the +instability, it was detected in 543 out of 646 boots in my +testing: + + Measured 6277 cycles TSC warp between CPUs, turning off TSC clock. + tsc: Marking TSC unstable due to check_tsc_sync_source failed + +This is, however, just a heuristic. On Hyper-V platform there +are two good clocksources: MSR-based hyperv_clocksource and +recently introduced TSC page. + +Signed-off-by: Vitaly Kuznetsov +Cc: Haiyang Zhang +Cc: K. Y. Srinivasan +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: devel@linuxdriverproject.org +Link: http://lkml.kernel.org/r/1440003264-9949-1-git-send-email-vkuznets@redhat.com +Signed-off-by: Ingo Molnar +--- + arch/x86/kernel/cpu/mshyperv.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c +index aad4bd8..6fd023d 100644 +--- a/arch/x86/kernel/cpu/mshyperv.c ++++ b/arch/x86/kernel/cpu/mshyperv.c +@@ -141,6 +141,7 @@ static void __init ms_hyperv_init_platform(void) + no_timer_check = 1; + #endif + ++ mark_tsc_unstable("running on Hyper-V"); + } + + const __refconst struct hypervisor_x86 x86_hyper_ms_hyperv = { +-- +cgit v0.12 + diff --git a/src/patches/smartmontools-5.39-exit_segfault.patch b/src/patches/smartmontools-6.5-exit_segfault.patch similarity index 50% rename from src/patches/smartmontools-5.39-exit_segfault.patch rename to src/patches/smartmontools-6.5-exit_segfault.patch index 5ed4b1099..6c5df8aac 100644 --- a/src/patches/smartmontools-5.39-exit_segfault.patch +++ b/src/patches/smartmontools-6.5-exit_segfault.patch @@ -1,7 +1,6 @@ -diff -Naur smartmontools-5.39-svn_r2877/utility.h smartmontools-5.39-svn_r2877.new/utility.h ---- smartmontools-5.39-svn_r2877/utility.h 2009-08-24 12:48:50.000000000 +0200 -+++ smartmontools-5.39-svn_r2877.new/utility.h 2009-08-29 09:11:07.000000000 +0200 -@@ -102,7 +102,11 @@ +--- a/utility.h Sun Apr 24 16:59:15 2016 ++++ b/utility.h Sat Aug 20 22:40:33 2016 +@@ -97,7 +97,11 @@ // Replacement for exit(status) // (exit is not compatible with C++ destructors) @@ -12,5 +11,6 @@ diff -Naur smartmontools-5.39-svn_r2877/utility.h smartmontools-5.39-svn_r2877.n +//tried to use exit and found no problems yet +#define EXIT(status) { exit ((int)(status)); } - - #ifdef OLD_INTERFACE + // Compile time check of byte ordering + // (inline const function allows compiler to remove dead code) + diff --git a/src/patches/squid-3.5.17-fix-max-file-descriptors.patch b/src/patches/squid-3.5.20-fix-max-file-descriptors.patch similarity index 92% rename from src/patches/squid-3.5.17-fix-max-file-descriptors.patch rename to src/patches/squid-3.5.20-fix-max-file-descriptors.patch index b0efa76d0..b740b6104 100644 --- a/src/patches/squid-3.5.17-fix-max-file-descriptors.patch +++ b/src/patches/squid-3.5.20-fix-max-file-descriptors.patch @@ -1,6 +1,6 @@ --- configure.ac.~ Wed Apr 20 14:26:07 2016 +++ configure.ac Fri Apr 22 17:20:46 2016 -@@ -3131,6 +3131,9 @@ +@@ -3135,6 +3135,9 @@ ;; esac @@ -10,7 +10,7 @@ dnl --with-maxfd present for compatibility with Squid-2. dnl undocumented in ./configure --help to encourage using the Squid-3 directive AC_ARG_WITH(maxfd,, -@@ -3161,8 +3164,6 @@ +@@ -3165,8 +3168,6 @@ esac ]) diff --git a/src/patches/squid/squid-3.5-14051.patch b/src/patches/squid/squid-3.5-14051.patch deleted file mode 100644 index 58892dc87..000000000 --- a/src/patches/squid/squid-3.5-14051.patch +++ /dev/null @@ -1,63 +0,0 @@ ------------------------------------------------------------- -revno: 14051 -revision-id: squid3@treenet.co.nz-20160517145850-uos9z00nrt7xd9ik -parent: squid3@treenet.co.nz-20160508124125-fytgvn68zppfr8ix -author: Steve Hill -committer: Amos Jeffries -branch nick: 3.5 -timestamp: Wed 2016-05-18 02:58:50 +1200 -message: - Support unified EUI format code in external_acl_type - - Squid supports %>eui as a logformat specifier, which produces an EUI-48 - for IPv4 clients and an EUI-64 for IPv6 clients. However, This is not - allowed as a format specifier for the external ACLs, and you have to use - %SRCEUI48 and %SRCEUI64 instead. %SRCEUI48 is only useful for IPv4 - clients and %SRCEUI64 is only useful for IPv6 clients, so supporting - both v4 and v6 is a bit messy. - - Adds the %>eui specifier for external ACLs and behaves in the same way - as the logformat specifier. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20160517145850-uos9z00nrt7xd9ik -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: ad0743717948a65cfd4f306acc2bbaa9343e9a76 -# timestamp: 2016-05-17 15:50:54 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20160508124125-\ -# fytgvn68zppfr8ix -# -# Begin patch -=== modified file 'src/external_acl.cc' ---- src/external_acl.cc 2016-01-01 00:14:27 +0000 -+++ src/external_acl.cc 2016-05-17 14:58:50 +0000 -@@ -356,6 +356,8 @@ - else if (strcmp(token, "%SRCPORT") == 0 || strcmp(token, "%>p") == 0) - format->type = Format::LFT_CLIENT_PORT; - #if USE_SQUID_EUI -+ else if (strcmp(token, "%>eui") == 0) -+ format->type = Format::LFT_CLIENT_EUI; - else if (strcmp(token, "%SRCEUI48") == 0) - format->type = Format::LFT_EXT_ACL_CLIENT_EUI48; - else if (strcmp(token, "%SRCEUI64") == 0) -@@ -944,6 +946,18 @@ - break; - - #if USE_SQUID_EUI -+ case Format::LFT_CLIENT_EUI: -+ // TODO make the ACL checklist have a direct link to any TCP details. -+ if (request->clientConnectionManager.valid() && request->clientConnectionManager->clientConnection != NULL) -+ { -+ if (request->clientConnectionManager->clientConnection->remote.isIPv4()) -+ request->clientConnectionManager->clientConnection->remoteEui48.encode(buf, sizeof(buf)); -+ else -+ request->clientConnectionManager->clientConnection->remoteEui64.encode(buf, sizeof(buf)); -+ str = buf; -+ } -+ break; -+ - case Format::LFT_EXT_ACL_CLIENT_EUI48: - if (request->clientConnectionManager.valid() && request->clientConnectionManager->clientConnection != NULL && - request->clientConnectionManager->clientConnection->remoteEui48.encode(buf, sizeof(buf))) - diff --git a/src/patches/squid/squid-3.5-14052.patch b/src/patches/squid/squid-3.5-14052.patch deleted file mode 100644 index 4fba15956..000000000 --- a/src/patches/squid/squid-3.5-14052.patch +++ /dev/null @@ -1,34 +0,0 @@ ------------------------------------------------------------- -revno: 14052 -revision-id: squidadm@squid-cache.org-20160517181416-sfrjdosd9dhx7u8o -parent: squid3@treenet.co.nz-20160517145850-uos9z00nrt7xd9ik -committer: Source Maintenance -branch nick: 3.5 -timestamp: Tue 2016-05-17 18:14:16 +0000 -message: - SourceFormat Enforcement ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squidadm@squid-cache.org-20160517181416-\ -# sfrjdosd9dhx7u8o -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: e30c12805cacdb559925da08cc6a25fe4a39c19b -# timestamp: 2016-05-17 18:51:06 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20160517145850-\ -# uos9z00nrt7xd9ik -# -# Begin patch -=== modified file 'src/external_acl.cc' ---- src/external_acl.cc 2016-05-17 14:58:50 +0000 -+++ src/external_acl.cc 2016-05-17 18:14:16 +0000 -@@ -956,7 +956,7 @@ - request->clientConnectionManager->clientConnection->remoteEui64.encode(buf, sizeof(buf)); - str = buf; - } -- break; -+ break; - - case Format::LFT_EXT_ACL_CLIENT_EUI48: - if (request->clientConnectionManager.valid() && request->clientConnectionManager->clientConnection != NULL && - diff --git a/src/patches/squid/squid-3.5-14053.patch b/src/patches/squid/squid-3.5-14053.patch deleted file mode 100644 index f669449ae..000000000 --- a/src/patches/squid/squid-3.5-14053.patch +++ /dev/null @@ -1,46 +0,0 @@ ------------------------------------------------------------- -revno: 14053 -revision-id: squid3@treenet.co.nz-20160521130058-zq8zugw0fohwfu3z -parent: squidadm@squid-cache.org-20160517181416-sfrjdosd9dhx7u8o -committer: Amos Jeffries -branch nick: 3.5 -timestamp: Sun 2016-05-22 01:00:58 +1200 -message: - Do not override user defined -std option ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20160521130058-zq8zugw0fohwfu3z -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: a75245a622ccfa385ef5e4722f9a9fb438a16135 -# timestamp: 2016-05-21 13:08:06 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squidadm@squid-cache.org-20160517181416-\ -# sfrjdosd9dhx7u8o -# -# Begin patch -=== modified file 'configure.ac' ---- configure.ac 2016-05-08 12:41:25 +0000 -+++ configure.ac 2016-05-21 13:00:58 +0000 -@@ -95,6 +95,9 @@ - # Guess the compiler type (sets squid_cv_compiler) - SQUID_CC_GUESS_VARIANT - -+# If the user did not specify a C++ version. -+user_cxx=`echo "$PRESET_CXXFLAGS" | grep -o -E "\-std="` -+if test "x$user_cxx" = "x"; then - # Check for C++11 compiler support - # - # BUG 3613: when clang -std=c++0x is used, it activates a "strict mode" -@@ -103,8 +106,9 @@ - # - # Similar POSIX issues on MinGW 32-bit and Cygwin - # --if ! test "x$squid_host_os" = "xmingw" -o "x$squid_host_os" = "xcygwin" -o "x$squid_cv_compiler" = "xclang"; then -- AX_CXX_COMPILE_STDCXX_11([noext],[optional]) -+ if ! test "x$squid_host_os" = "xmingw" -o "x$squid_host_os" = "xcygwin" -o "x$squid_cv_compiler" = "xclang"; then -+ AX_CXX_COMPILE_STDCXX_11([noext],[optional]) -+ fi - fi - - # test for programs - diff --git a/src/patches/squid/squid-3.5-14054.patch b/src/patches/squid/squid-3.5-14054.patch deleted file mode 100644 index 90b34c13f..000000000 --- a/src/patches/squid/squid-3.5-14054.patch +++ /dev/null @@ -1,37 +0,0 @@ ------------------------------------------------------------- -revno: 14054 -revision-id: squid3@treenet.co.nz-20160521130144-6xtcayieij00fm5v -parent: squid3@treenet.co.nz-20160521130058-zq8zugw0fohwfu3z -committer: Amos Jeffries -branch nick: 3.5 -timestamp: Sun 2016-05-22 01:01:44 +1200 -message: - Fix OpenSSL detection on FreeBSD ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20160521130144-6xtcayieij00fm5v -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 3d8c0d7a9f1886523ac55d79e4d3e8f0340e2ec9 -# timestamp: 2016-05-21 13:08:08 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20160521130058-\ -# zq8zugw0fohwfu3z -# -# Begin patch -=== modified file 'configure.ac' ---- configure.ac 2016-05-21 13:00:58 +0000 -+++ configure.ac 2016-05-21 13:01:44 +0000 -@@ -1348,10 +1348,10 @@ - - AC_CHECK_LIB(crypto,[CRYPTO_new_ex_data],[LIBOPENSSL_LIBS="-lcrypto $LIBOPENSSL_LIBS"],[ - AC_MSG_ERROR([library 'crypto' is required for OpenSSL]) -- ]) -+ ],$LIBOPENSSL_LIBS) - AC_CHECK_LIB(ssl,[SSL_library_init],[LIBOPENSSL_LIBS="-lssl $LIBOPENSSL_LIBS"],[ - AC_MSG_ERROR([library 'ssl' is required for OpenSSL]) -- ]) -+ ],$LIBOPENSSL_LIBS) - ]) - - # This is a workaround for RedHat 9 brain damage.. - diff --git a/src/patches/squid/squid-3.5-14055.patch b/src/patches/squid/squid-3.5-14055.patch deleted file mode 100644 index ac04bb61a..000000000 --- a/src/patches/squid/squid-3.5-14055.patch +++ /dev/null @@ -1,39 +0,0 @@ ------------------------------------------------------------- -revno: 14055 -revision-id: squid3@treenet.co.nz-20160521155202-pp53utwamdhkugvg -parent: squid3@treenet.co.nz-20160521130144-6xtcayieij00fm5v -author: Alex Rousskov -committer: Amos Jeffries -branch nick: 3.5 -timestamp: Sun 2016-05-22 03:52:02 +1200 -message: - Fix icons loading speed. - - Since trunk r14100 (Bug 3875: bad mimeLoadIconFile error handling), each - icon was read from disk and written to Store one character at a time. I - did not measure startup delays in production, but in debugging runs, - fixing this bug sped up icons loading from 1 minute to 4 seconds. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20160521155202-pp53utwamdhkugvg -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 79b78480d81666c15406d23837608ba9a578da4b -# timestamp: 2016-05-21 16:51:00 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20160521130144-\ -# 6xtcayieij00fm5v -# -# Begin patch -=== modified file 'src/mime.cc' ---- src/mime.cc 2016-01-01 00:14:27 +0000 -+++ src/mime.cc 2016-05-21 15:52:02 +0000 -@@ -430,7 +430,7 @@ - /* read the file into the buffer and append it to store */ - int n; - char *buf = (char *)memAllocate(MEM_4K_BUF); -- while ((n = FD_READ_METHOD(fd, buf, sizeof(*buf))) > 0) -+ while ((n = FD_READ_METHOD(fd, buf, 4096)) > 0) - e->append(buf, n); - - file_close(fd); - diff --git a/src/patches/squid/squid-3.5-14056.patch b/src/patches/squid/squid-3.5-14056.patch deleted file mode 100644 index 4ea3808b5..000000000 --- a/src/patches/squid/squid-3.5-14056.patch +++ /dev/null @@ -1,36 +0,0 @@ ------------------------------------------------------------- -revno: 14056 -revision-id: squid3@treenet.co.nz-20160521172919-du6cbdirqcxdjbtr -parent: squid3@treenet.co.nz-20160521155202-pp53utwamdhkugvg -author: Christos Tsantilas -committer: Amos Jeffries -branch nick: 3.5 -timestamp: Sun 2016-05-22 05:29:19 +1200 -message: - Increase debug level in a peek-and-splice related debug message - - It may produced one debugging line for each SSL transaction in some cases ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20160521172919-du6cbdirqcxdjbtr -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 76c2e864289dabb1065c470c954f9fc5ec4c7b4f -# timestamp: 2016-05-21 17:50:54 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20160521155202-\ -# pp53utwamdhkugvg -# -# Begin patch -=== modified file 'src/ssl/PeerConnector.cc' ---- src/ssl/PeerConnector.cc 2016-02-15 11:29:50 +0000 -+++ src/ssl/PeerConnector.cc 2016-05-21 17:29:19 +0000 -@@ -598,7 +598,7 @@ - - case SSL_ERROR_WANT_WRITE: - if ((srvBio->bumpMode() == Ssl::bumpPeek || srvBio->bumpMode() == Ssl::bumpStare) && srvBio->holdWrite()) { -- debugs(81, DBG_IMPORTANT, "hold write on SSL connection on FD " << fd); -+ debugs(81, 3, "hold write on SSL connection on FD " << fd); - checkForPeekAndSplice(); - return; - } - diff --git a/src/patches/squid/squid-3.5-14067.patch b/src/patches/squid/squid-3.5-14067.patch new file mode 100644 index 000000000..8d9cb21a1 --- /dev/null +++ b/src/patches/squid/squid-3.5-14067.patch @@ -0,0 +1,381 @@ +------------------------------------------------------------ +revno: 14067 +revision-id: squid3@treenet.co.nz-20160723071620-1wzqpbyi1rk5w6vg +parent: squid3@treenet.co.nz-20160701113616-vpjak1pq4uecadd2 +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4534 +committer: Amos Jeffries +branch nick: 3.5 +timestamp: Sat 2016-07-23 19:16:20 +1200 +message: + Bug 4534: assertion failure in xcalloc when using many cache_dir +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20160723071620-1wzqpbyi1rk5w6vg +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: fcd663f0fd4a24d505f81eb94ef95d627a4ca363 +# timestamp: 2016-07-23 07:24:01 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20160701113616-\ +# vpjak1pq4uecadd2 +# +# Begin patch +=== modified file 'src/CacheDigest.cc' +--- src/CacheDigest.cc 2016-01-01 00:14:27 +0000 ++++ src/CacheDigest.cc 2016-07-23 07:16:20 +0000 +@@ -35,12 +35,12 @@ + static uint32_t hashed_keys[4]; + + static void +-cacheDigestInit(CacheDigest * cd, int capacity, int bpe) ++cacheDigestInit(CacheDigest * cd, uint64_t capacity, uint8_t bpe) + { +- const size_t mask_size = cacheDigestCalcMaskSize(capacity, bpe); ++ const uint32_t mask_size = cacheDigestCalcMaskSize(capacity, bpe); + assert(cd); + assert(capacity > 0 && bpe > 0); +- assert(mask_size > 0); ++ assert(mask_size != 0); + cd->capacity = capacity; + cd->bits_per_entry = bpe; + cd->mask_size = mask_size; +@@ -50,7 +50,7 @@ + } + + CacheDigest * +-cacheDigestCreate(int capacity, int bpe) ++cacheDigestCreate(uint64_t capacity, uint8_t bpe) + { + CacheDigest *cd = (CacheDigest *)memAllocate(MEM_CACHE_DIGEST); + assert(SQUID_MD5_DIGEST_LENGTH == 16); /* our hash functions rely on 16 byte keys */ +@@ -97,7 +97,7 @@ + + /* changes mask size, resets bits to 0, preserves "cd" pointer */ + void +-cacheDigestChangeCap(CacheDigest * cd, int new_cap) ++cacheDigestChangeCap(CacheDigest * cd, uint64_t new_cap) + { + assert(cd); + cacheDigestClean(cd); +@@ -278,12 +278,12 @@ + storeAppendPrintf(e, "%s digest: size: %d bytes\n", + label ? label : "", stats.bit_count / 8 + ); +- storeAppendPrintf(e, "\t entries: count: %d capacity: %d util: %d%%\n", ++ storeAppendPrintf(e, "\t entries: count: %" PRIu64 " capacity: %" PRIu64 " util: %d%%\n", + cd->count, + cd->capacity, + xpercentInt(cd->count, cd->capacity) + ); +- storeAppendPrintf(e, "\t deletion attempts: %d\n", ++ storeAppendPrintf(e, "\t deletion attempts: %" PRIu64 "\n", + cd->del_count + ); + storeAppendPrintf(e, "\t bits: per entry: %d on: %d capacity: %d util: %d%%\n", +@@ -297,16 +297,18 @@ + ); + } + +-size_t +-cacheDigestCalcMaskSize(int cap, int bpe) ++uint32_t ++cacheDigestCalcMaskSize(uint64_t cap, uint8_t bpe) + { +- return (size_t) (cap * bpe + 7) / 8; ++ uint64_t bitCount = (cap * bpe) + 7; ++ assert(bitCount < INT_MAX); // dont 31-bit overflow later ++ return static_cast(bitCount / 8); + } + + static void + cacheDigestHashKey(const CacheDigest * cd, const cache_key * key) + { +- const unsigned int bit_count = cd->mask_size * 8; ++ const uint32_t bit_count = cd->mask_size * 8; + unsigned int tmp_keys[4]; + /* we must memcpy to ensure alignment */ + memcpy(tmp_keys, key, sizeof(tmp_keys)); + +=== modified file 'src/CacheDigest.h' +--- src/CacheDigest.h 2016-01-01 00:14:27 +0000 ++++ src/CacheDigest.h 2016-07-23 07:16:20 +0000 +@@ -22,23 +22,23 @@ + { + public: + /* public, read-only */ +- char *mask; /* bit mask */ +- int mask_size; /* mask size in bytes */ +- int capacity; /* expected maximum for .count, not a hard limit */ +- int bits_per_entry; /* number of bits allocated for each entry from capacity */ +- int count; /* number of digested entries */ +- int del_count; /* number of deletions performed so far */ ++ uint64_t count; /* number of digested entries */ ++ uint64_t del_count; /* number of deletions performed so far */ ++ uint64_t capacity; /* expected maximum for .count, not a hard limit */ ++ char *mask; /* bit mask */ ++ uint32_t mask_size; /* mask size in bytes */ ++ int8_t bits_per_entry; /* number of bits allocated for each entry from capacity */ + }; + +-CacheDigest *cacheDigestCreate(int capacity, int bpe); ++CacheDigest *cacheDigestCreate(uint64_t capacity, uint8_t bpe); + void cacheDigestDestroy(CacheDigest * cd); + CacheDigest *cacheDigestClone(const CacheDigest * cd); + void cacheDigestClear(CacheDigest * cd); +-void cacheDigestChangeCap(CacheDigest * cd, int new_cap); ++void cacheDigestChangeCap(CacheDigest * cd, uint64_t new_cap); + int cacheDigestTest(const CacheDigest * cd, const cache_key * key); + void cacheDigestAdd(CacheDigest * cd, const cache_key * key); + void cacheDigestDel(CacheDigest * cd, const cache_key * key); +-size_t cacheDigestCalcMaskSize(int cap, int bpe); ++uint32_t cacheDigestCalcMaskSize(uint64_t cap, uint8_t bpe); + int cacheDigestBitUtil(const CacheDigest * cd); + void cacheDigestGuessStatsUpdate(CacheDigestGuessStats * stats, int real_hit, int guess_hit); + void cacheDigestGuessStatsReport(const CacheDigestGuessStats * stats, StoreEntry * sentry, const char *label); + +=== modified file 'src/PeerDigest.h' +--- src/PeerDigest.h 2016-01-01 00:14:27 +0000 ++++ src/PeerDigest.h 2016-07-23 07:16:20 +0000 +@@ -52,7 +52,7 @@ + store_client *old_sc; + HttpRequest *request; + int offset; +- int mask_offset; ++ uint32_t mask_offset; + time_t start_time; + time_t resp_time; + time_t expires; + +=== modified file 'src/peer_digest.cc' +--- src/peer_digest.cc 2016-01-01 00:14:27 +0000 ++++ src/peer_digest.cc 2016-07-23 07:16:20 +0000 +@@ -754,7 +754,7 @@ + if (!reason && !size) { + if (!pd->cd) + reason = "null digest?!"; +- else if (fetch->mask_offset != (int)pd->cd->mask_size) ++ else if (fetch->mask_offset != pd->cd->mask_size) + reason = "premature end of digest?!"; + else if (!peerDigestUseful(pd)) + reason = "useless digest"; + +=== modified file 'src/store_digest.cc' +--- src/store_digest.cc 2016-01-01 00:14:27 +0000 ++++ src/store_digest.cc 2016-07-23 07:16:20 +0000 +@@ -76,36 +76,63 @@ + static void storeDigestRewriteFinish(StoreEntry * e); + static EVH storeDigestSwapOutStep; + static void storeDigestCBlockSwapOut(StoreEntry * e); +-static int storeDigestCalcCap(void); +-static int storeDigestResize(void); + static void storeDigestAdd(const StoreEntry *); + ++/// calculates digest capacity ++static uint64_t ++storeDigestCalcCap() ++{ ++ /* ++ * To-Do: Bloom proved that the optimal filter utilization is 50% (half of ++ * the bits are off). However, we do not have a formula to calculate the ++ * number of _entries_ we want to pre-allocate for. ++ */ ++ const uint64_t hi_cap = Store::Root().maxSize() / Config.Store.avgObjectSize; ++ const uint64_t lo_cap = 1 + Store::Root().currentSize() / Config.Store.avgObjectSize; ++ const uint64_t e_count = StoreEntry::inUseCount(); ++ uint64_t cap = e_count ? e_count : hi_cap; ++ debugs(71, 2, "have: " << e_count << ", want " << cap << ++ " entries; limits: [" << lo_cap << ", " << hi_cap << "]"); ++ ++ if (cap < lo_cap) ++ cap = lo_cap; ++ ++ /* do not enforce hi_cap limit, average-based estimation may be wrong ++ *if (cap > hi_cap) ++ * cap = hi_cap; ++ */ ++ ++ // Bug 4534: we still have to set an upper-limit at some reasonable value though. ++ // this matches cacheDigestCalcMaskSize doing (cap*bpe)+7 < INT_MAX ++ const uint64_t absolute_max = (INT_MAX -8) / Config.digest.bits_per_entry; ++ if (cap > absolute_max) { ++ static time_t last_loud = 0; ++ if (last_loud < squid_curtime - 86400) { ++ debugs(71, DBG_IMPORTANT, "WARNING: Cache Digest cannot store " << cap << " entries. Limiting to " << absolute_max); ++ last_loud = squid_curtime; ++ } else { ++ debugs(71, 3, "WARNING: Cache Digest cannot store " << cap << " entries. Limiting to " << absolute_max); ++ } ++ cap = absolute_max; ++ } ++ ++ return cap; ++} + #endif /* USE_CACHE_DIGESTS */ + +-static void +-storeDigestRegisterWithCacheManager(void) ++void ++storeDigestInit(void) + { + Mgr::RegisterAction("store_digest", "Store Digest", storeDigestReport, 0, 1); +-} +- +-/* +- * PUBLIC FUNCTIONS +- */ +- +-void +-storeDigestInit(void) +-{ +- storeDigestRegisterWithCacheManager(); + + #if USE_CACHE_DIGESTS +- const int cap = storeDigestCalcCap(); +- + if (!Config.onoff.digest_generation) { + store_digest = NULL; + debugs(71, 3, "Local cache digest generation disabled"); + return; + } + ++ const uint64_t cap = storeDigestCalcCap(); + store_digest = cacheDigestCreate(cap, Config.digest.bits_per_entry); + debugs(71, DBG_IMPORTANT, "Local cache digest enabled; rebuild/rewrite every " << + (int) Config.digest.rebuild_period << "/" << +@@ -290,6 +317,31 @@ + storeDigestRebuildResume(); + } + ++/// \returns true if we actually resized the digest ++static bool ++storeDigestResize() ++{ ++ const uint64_t cap = storeDigestCalcCap(); ++ assert(store_digest); ++ uint64_t diff; ++ if (cap > store_digest->capacity) ++ diff = cap - store_digest->capacity; ++ else ++ diff = store_digest->capacity - cap; ++ debugs(71, 2, store_digest->capacity << " -> " << cap << "; change: " << ++ diff << " (" << xpercentInt(diff, store_digest->capacity) << "%)" ); ++ /* avoid minor adjustments */ ++ ++ if (diff <= store_digest->capacity / 10) { ++ debugs(71, 2, "small change, will not resize."); ++ return false; ++ } else { ++ debugs(71, 2, "big change, resizing."); ++ cacheDigestChangeCap(store_digest, cap); ++ } ++ return true; ++} ++ + /* called be Rewrite to push Rebuild forward */ + static void + storeDigestRebuildResume(void) +@@ -439,7 +491,7 @@ + assert(e); + /* _add_ check that nothing bad happened while we were waiting @?@ @?@ */ + +- if (sd_state.rewrite_offset + chunk_size > store_digest->mask_size) ++ if (static_cast(sd_state.rewrite_offset + chunk_size) > store_digest->mask_size) + chunk_size = store_digest->mask_size - sd_state.rewrite_offset; + + e->append(store_digest->mask + sd_state.rewrite_offset, chunk_size); +@@ -451,7 +503,7 @@ + sd_state.rewrite_offset += chunk_size; + + /* are we done ? */ +- if (sd_state.rewrite_offset >= store_digest->mask_size) ++ if (static_cast(sd_state.rewrite_offset) >= store_digest->mask_size) + storeDigestRewriteFinish(e); + else + eventAdd("storeDigestSwapOutStep", storeDigestSwapOutStep, data, 0.0, 1, false); +@@ -467,60 +519,10 @@ + sd_state.cblock.count = htonl(store_digest->count); + sd_state.cblock.del_count = htonl(store_digest->del_count); + sd_state.cblock.mask_size = htonl(store_digest->mask_size); +- sd_state.cblock.bits_per_entry = (unsigned char) +- Config.digest.bits_per_entry; ++ sd_state.cblock.bits_per_entry = Config.digest.bits_per_entry; + sd_state.cblock.hash_func_count = (unsigned char) CacheDigestHashFuncCount; + e->append((char *) &sd_state.cblock, sizeof(sd_state.cblock)); + } + +-/* calculates digest capacity */ +-static int +-storeDigestCalcCap(void) +-{ +- /* +- * To-Do: Bloom proved that the optimal filter utilization is 50% (half of +- * the bits are off). However, we do not have a formula to calculate the +- * number of _entries_ we want to pre-allocate for. +- */ +- const int hi_cap = Store::Root().maxSize() / Config.Store.avgObjectSize; +- const int lo_cap = 1 + Store::Root().currentSize() / Config.Store.avgObjectSize; +- const int e_count = StoreEntry::inUseCount(); +- int cap = e_count ? e_count :hi_cap; +- debugs(71, 2, "storeDigestCalcCap: have: " << e_count << ", want " << cap << +- " entries; limits: [" << lo_cap << ", " << hi_cap << "]"); +- +- if (cap < lo_cap) +- cap = lo_cap; +- +- /* do not enforce hi_cap limit, average-based estimation may be wrong +- *if (cap > hi_cap) +- * cap = hi_cap; +- */ +- return cap; +-} +- +-/* returns true if we actually resized the digest */ +-static int +-storeDigestResize(void) +-{ +- const int cap = storeDigestCalcCap(); +- int diff; +- assert(store_digest); +- diff = abs(cap - store_digest->capacity); +- debugs(71, 2, "storeDigestResize: " << +- store_digest->capacity << " -> " << cap << "; change: " << +- diff << " (" << xpercentInt(diff, store_digest->capacity) << "%)" ); +- /* avoid minor adjustments */ +- +- if (diff <= store_digest->capacity / 10) { +- debugs(71, 2, "storeDigestResize: small change, will not resize."); +- return 0; +- } else { +- debugs(71, 2, "storeDigestResize: big change, resizing."); +- cacheDigestChangeCap(store_digest, cap); +- return 1; +- } +-} +- + #endif /* USE_CACHE_DIGESTS */ + + +=== modified file 'src/tests/stub_CacheDigest.cc' +--- src/tests/stub_CacheDigest.cc 2016-01-01 00:14:27 +0000 ++++ src/tests/stub_CacheDigest.cc 2016-07-23 07:16:20 +0000 +@@ -16,11 +16,11 @@ + class CacheDigestGuessStats; + class StoreEntry; + +-CacheDigest * cacheDigestCreate(int, int) STUB_RETVAL(NULL) ++CacheDigest * cacheDigestCreate(uint64_t, uint8_t) STUB_RETVAL(NULL) + void cacheDigestDestroy(CacheDigest *) STUB + CacheDigest * cacheDigestClone(const CacheDigest *) STUB_RETVAL(NULL) + void cacheDigestClear(CacheDigest * ) STUB +-void cacheDigestChangeCap(CacheDigest *,int) STUB ++void cacheDigestChangeCap(CacheDigest *,uint64_t) STUB + int cacheDigestTest(const CacheDigest *, const cache_key *) STUB_RETVAL(1) + void cacheDigestAdd(CacheDigest *, const cache_key *) STUB + void cacheDigestDel(CacheDigest *, const cache_key *) STUB +@@ -28,5 +28,4 @@ + void cacheDigestGuessStatsUpdate(CacheDigestGuessStats *, int, int) STUB + void cacheDigestGuessStatsReport(const CacheDigestGuessStats *, StoreEntry *, const char *) STUB + void cacheDigestReport(CacheDigest *, const char *, StoreEntry *) STUB +-size_t cacheDigestCalcMaskSize(int, int) STUB_RETVAL(1) +- ++uint32_t cacheDigestCalcMaskSize(uint64_t, uint8_t) STUB_RETVAL(1) + diff --git a/src/patches/squid/squid-3.5-14068.patch b/src/patches/squid/squid-3.5-14068.patch new file mode 100644 index 000000000..4766e008f --- /dev/null +++ b/src/patches/squid/squid-3.5-14068.patch @@ -0,0 +1,35 @@ +------------------------------------------------------------ +revno: 14068 +revision-id: squid3@treenet.co.nz-20160723071930-cemledcltg8pkc28 +parent: squid3@treenet.co.nz-20160723071620-1wzqpbyi1rk5w6vg +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4542 +author: Anonymous +committer: Amos Jeffries +branch nick: 3.5 +timestamp: Sat 2016-07-23 19:19:30 +1200 +message: + Bug #4542: authentication credentials IP TTL updated incorrectly +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20160723071930-cemledcltg8pkc28 +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: ee0c6aab5414532d9554ef338cce049263902fd8 +# timestamp: 2016-07-23 07:24:05 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20160723071620-\ +# 1wzqpbyi1rk5w6vg +# +# Begin patch +=== modified file 'src/auth/User.cc' +--- src/auth/User.cc 2016-01-01 00:14:27 +0000 ++++ src/auth/User.cc 2016-07-23 07:19:30 +0000 +@@ -284,7 +284,7 @@ + /* This ip has already been seen. */ + found = 1; + /* update IP ttl */ +- ipdata->ip_expiretime = squid_curtime; ++ ipdata->ip_expiretime = squid_curtime + ::Config.authenticateIpTTL; + } else if (ipdata->ip_expiretime <= squid_curtime) { + /* This IP has expired - remove from the seen list */ + dlinkDelete(&ipdata->node, &ip_list); + diff --git a/src/patches/squid/squid-3.5-14069.patch b/src/patches/squid/squid-3.5-14069.patch new file mode 100644 index 000000000..15ca37aff --- /dev/null +++ b/src/patches/squid/squid-3.5-14069.patch @@ -0,0 +1,30 @@ +------------------------------------------------------------ +revno: 14069 +revision-id: squidadm@squid-cache.org-20160723121351-iuc8hwstrqd0l1dv +parent: squid3@treenet.co.nz-20160723071930-cemledcltg8pkc28 +committer: Source Maintenance +branch nick: 3.5 +timestamp: Sat 2016-07-23 12:13:51 +0000 +message: + SourceFormat Enforcement +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squidadm@squid-cache.org-20160723121351-\ +# iuc8hwstrqd0l1dv +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: c9e37a723686ae2ee489ba7ec2e981ae153bda28 +# timestamp: 2016-07-23 12:50:56 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20160723071930-\ +# cemledcltg8pkc28 +# +# Begin patch +=== modified file 'src/tests/stub_CacheDigest.cc' +--- src/tests/stub_CacheDigest.cc 2016-07-23 07:16:20 +0000 ++++ src/tests/stub_CacheDigest.cc 2016-07-23 12:13:51 +0000 +@@ -29,3 +29,4 @@ + void cacheDigestGuessStatsReport(const CacheDigestGuessStats *, StoreEntry *, const char *) STUB + void cacheDigestReport(CacheDigest *, const char *, StoreEntry *) STUB + uint32_t cacheDigestCalcMaskSize(uint64_t, uint8_t) STUB_RETVAL(1) ++ + diff --git a/src/patches/squid/squid-3.5-14070.patch b/src/patches/squid/squid-3.5-14070.patch new file mode 100644 index 000000000..5fcc39f2e --- /dev/null +++ b/src/patches/squid/squid-3.5-14070.patch @@ -0,0 +1,44 @@ +------------------------------------------------------------ +revno: 14070 +revision-id: squid3@treenet.co.nz-20160805145933-0cpyy47o8955lamx +parent: squidadm@squid-cache.org-20160723121351-iuc8hwstrqd0l1dv +author: Christos Tsantilas +committer: Amos Jeffries +branch nick: 3.5 +timestamp: Sat 2016-08-06 02:59:33 +1200 +message: + Squid segfault via Ftp::Client::readControlReply(). + + Ftp::Client::scheduleReadControlReply(), which may called from the + asynchronous start() or readControlReply()/handleControlReply() + handlers, does not check whether the control connection is still usable + before using it. + + This is a Measurement Factory project. +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20160805145933-0cpyy47o8955lamx +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: 1c21ce821f9cbc22b3e8ff2b1029f7084b5f0643 +# timestamp: 2016-08-05 15:00:22 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squidadm@squid-cache.org-20160723121351-\ +# iuc8hwstrqd0l1dv +# +# Begin patch +=== modified file 'src/clients/FtpClient.cc' +--- src/clients/FtpClient.cc 2016-02-19 23:15:41 +0000 ++++ src/clients/FtpClient.cc 2016-08-05 14:59:33 +0000 +@@ -314,6 +314,11 @@ + /* We've already read some reply data */ + handleControlReply(); + } else { ++ ++ if (!Comm::IsConnOpen(ctrl.conn)) { ++ debugs(9, 3, "cannot read without ctrl " << ctrl.conn); ++ return; ++ } + /* + * Cancel the timeout on the Data socket (if any) and + * establish one on the control socket. + diff --git a/src/patches/squid/squid-3.5-14071.patch b/src/patches/squid/squid-3.5-14071.patch new file mode 100644 index 000000000..6b353eabc --- /dev/null +++ b/src/patches/squid/squid-3.5-14071.patch @@ -0,0 +1,70 @@ +------------------------------------------------------------ +revno: 14071 +revision-id: squid3@treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3 +parent: squid3@treenet.co.nz-20160805145933-0cpyy47o8955lamx +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4428 +committer: Amos Jeffries +branch nick: 3.5 +timestamp: Wed 2016-08-17 14:55:01 +1200 +message: + Bug 4428: mal-formed Cache-Control:stale-if-error header +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3 +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: b3b3ef13c45062a97bd5cc88c934019fe4af7a3c +# timestamp: 2016-08-17 02:55:20 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20160805145933-\ +# 0cpyy47o8955lamx +# +# Begin patch +=== modified file 'src/HttpHdrCc.cc' +--- src/HttpHdrCc.cc 2016-01-01 00:14:27 +0000 ++++ src/HttpHdrCc.cc 2016-08-17 02:55:01 +0000 +@@ -257,6 +257,27 @@ + + /* for all options having values, "=value" after the name */ + switch (flag) { ++ case CC_BADHDR: ++ break; ++ case CC_PUBLIC: ++ break; ++ case CC_PRIVATE: ++ if (Private().size()) ++ packerPrintf(p, "=\"" SQUIDSTRINGPH "\"", SQUIDSTRINGPRINT(Private())); ++ break; ++ ++ case CC_NO_CACHE: ++ if (noCache().size()) ++ packerPrintf(p, "=\"" SQUIDSTRINGPH "\"", SQUIDSTRINGPRINT(noCache())); ++ break; ++ case CC_NO_STORE: ++ break; ++ case CC_NO_TRANSFORM: ++ break; ++ case CC_MUST_REVALIDATE: ++ break; ++ case CC_PROXY_REVALIDATE: ++ break; + case CC_MAX_AGE: + packerPrintf(p, "=%d", (int) maxAge()); + break; +@@ -272,8 +293,14 @@ + case CC_MIN_FRESH: + packerPrintf(p, "=%d", (int) minFresh()); + break; +- default: +- /* do nothing, directive was already printed */ ++ case CC_ONLY_IF_CACHED: ++ break; ++ case CC_STALE_IF_ERROR: ++ packerPrintf(p, "=%d", staleIfError()); ++ break; ++ case CC_OTHER: ++ case CC_ENUM_END: ++ // done below after the loop + break; + } + + diff --git a/src/patches/squid/squid-3.5-14072.patch b/src/patches/squid/squid-3.5-14072.patch new file mode 100644 index 000000000..228e773d5 --- /dev/null +++ b/src/patches/squid/squid-3.5-14072.patch @@ -0,0 +1,33 @@ +------------------------------------------------------------ +revno: 14072 +revision-id: squid3@treenet.co.nz-20160817025828-s4102klt2ei25tsm +parent: squid3@treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3 +committer: Amos Jeffries +branch nick: 3.5 +timestamp: Wed 2016-08-17 14:58:28 +1200 +message: + Fix SSL-Bump failure results in SEGFAULT +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20160817025828-s4102klt2ei25tsm +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: 73877d276fba41282aeb5973207d02851d5eb784 +# timestamp: 2016-08-17 03:50:56 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20160817025501-\ +# e66sjxm0bfy3ksn3 +# +# Begin patch +=== modified file 'src/client_side_request.cc' +--- src/client_side_request.cc 2016-05-06 08:24:29 +0000 ++++ src/client_side_request.cc 2016-08-17 02:58:28 +0000 +@@ -1811,7 +1811,7 @@ + repContext->setReplyToStoreEntry(e, "immediate SslBump error"); + errorAppendEntry(e, calloutContext->error); + calloutContext->error = NULL; +- if (calloutContext->readNextRequest) ++ if (calloutContext->readNextRequest && getConn()) + getConn()->flags.readMore = true; // resume any pipeline reads. + node = (clientStreamNode *)client_stream.tail->data; + clientStreamRead(node, this, node->readBuffer); + diff --git a/src/patches/squid/squid-3.5-14073.patch b/src/patches/squid/squid-3.5-14073.patch new file mode 100644 index 000000000..b7915a4a1 --- /dev/null +++ b/src/patches/squid/squid-3.5-14073.patch @@ -0,0 +1,151 @@ +------------------------------------------------------------ +revno: 14073 +revision-id: squid3@treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj +parent: squid3@treenet.co.nz-20160817025828-s4102klt2ei25tsm +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4563 +committer: Amos Jeffries +branch nick: 3.5 +timestamp: Wed 2016-08-17 17:10:37 +1200 +message: + Bug 4563: duplicate code in httpMakeVaryMark +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: bba9a17715b8759e9d70db2c75f70f3c6152ae8a +# timestamp: 2016-08-17 05:50:53 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20160817025828-\ +# s4102klt2ei25tsm +# +# Begin patch +=== modified file 'src/http.cc' +--- src/http.cc 2016-04-01 06:15:31 +0000 ++++ src/http.cc 2016-08-17 05:10:37 +0000 +@@ -572,6 +572,38 @@ + /* NOTREACHED */ + } + ++/// assemble a variant key (vary-mark) from the given Vary header and HTTP request ++static void ++assembleVaryKey(String &vary, SBuf &vstr, const HttpRequest &request) ++{ ++ static const SBuf asterisk("*"); ++ const char *pos = nullptr; ++ const char *item = nullptr; ++ int ilen = 0; ++ ++ while (strListGetItem(&vary, ',', &item, &ilen, &pos)) { ++ SBuf name(item, ilen); ++ if (name == asterisk) { ++ vstr.clear(); ++ break; ++ } ++ name.toLower(); ++ if (!vstr.isEmpty()) ++ vstr.append(", ", 2); ++ vstr.append(name); ++ String hdr(request.header.getByName(name.c_str())); ++ const char *value = hdr.termedBuf(); ++ if (value) { ++ value = rfc1738_escape_part(value); ++ vstr.append("=\"", 2); ++ vstr.append(value); ++ vstr.append("\"", 1); ++ } ++ ++ hdr.clean(); ++ } ++} ++ + /* + * For Vary, store the relevant request headers as + * virtual headers in the reply +@@ -580,81 +612,16 @@ + SBuf + httpMakeVaryMark(HttpRequest * request, HttpReply const * reply) + { +- String vary, hdr; +- const char *pos = NULL; +- const char *item; +- const char *value; +- int ilen; + SBuf vstr; +- static const SBuf asterisk("*"); ++ String vary; + + vary = reply->header.getList(HDR_VARY); +- +- while (strListGetItem(&vary, ',', &item, &ilen, &pos)) { +- char *name = (char *)xmalloc(ilen + 1); +- xstrncpy(name, item, ilen + 1); +- Tolower(name); +- +- if (strcmp(name, "*") == 0) { +- /* Can not handle "Vary: *" withtout ETag support */ +- safe_free(name); +- vstr.clear(); +- break; +- } +- +- if (!vstr.isEmpty()) +- vstr.append(", ", 2); +- vstr.append(name); +- hdr = request->header.getByName(name); +- safe_free(name); +- value = hdr.termedBuf(); +- +- if (value) { +- value = rfc1738_escape_part(value); +- vstr.append("=\"", 2); +- vstr.append(value); +- vstr.append("\"", 1); +- } +- +- hdr.clean(); +- } +- ++ assembleVaryKey(vary, vstr, *request); ++ ++#if X_ACCELERATOR_VARY + vary.clean(); +-#if X_ACCELERATOR_VARY +- +- pos = NULL; + vary = reply->header.getList(HDR_X_ACCELERATOR_VARY); +- +- while (strListGetItem(&vary, ',', &item, &ilen, &pos)) { +- char *name = (char *)xmalloc(ilen + 1); +- xstrncpy(name, item, ilen + 1); +- Tolower(name); +- +- if (strcmp(name, "*") == 0) { +- /* Can not handle "Vary: *" withtout ETag support */ +- safe_free(name); +- vstr.clear(); +- break; +- } +- +- if (!vstr.isEmpty()) +- vstr.append(", ", 2); +- vstr.append(name); +- hdr = request->header.getByName(name); +- safe_free(name); +- value = hdr.termedBuf(); +- +- if (value) { +- value = rfc1738_escape_part(value); +- vstr.append("=\"", 2); +- vstr.append(value); +- vstr.append("\"", 1); +- } +- +- hdr.clean(); +- } +- +- vary.clean(); ++ assembleVaryKey(vary, vstr, *request); + #endif + + debugs(11, 3, vstr); + diff --git a/src/patches/squid/squid-3.5-14074.patch b/src/patches/squid/squid-3.5-14074.patch new file mode 100644 index 000000000..dbafbf016 --- /dev/null +++ b/src/patches/squid/squid-3.5-14074.patch @@ -0,0 +1,55 @@ +------------------------------------------------------------ +revno: 14074 +revision-id: squid3@treenet.co.nz-20160817054829-rl7q49ysi40sj01i +parent: squid3@treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3025 +author: mkishi +committer: Amos Jeffries +branch nick: 3.5 +timestamp: Wed 2016-08-17 17:48:29 +1200 +message: + Bug 3025: Proxy-Authenticate problem using ICAP server +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20160817054829-rl7q49ysi40sj01i +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: f4eb1b35dc72bba74a398070900a0951257e547e +# timestamp: 2016-08-17 05:50:56 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20160817051037-\ +# p0kaj2iw2u4u8iqj +# +# Begin patch +=== modified file 'src/client_side_reply.cc' +--- src/client_side_reply.cc 2016-04-01 06:15:31 +0000 ++++ src/client_side_reply.cc 2016-08-17 05:48:29 +0000 +@@ -1305,8 +1305,14 @@ + + // if there is not configured a peer proxy with login=PASS or login=PASSTHRU option enabled + // remove the Proxy-Authenticate header +- if ( !request->peer_login || (strcmp(request->peer_login,"PASS") != 0 && strcmp(request->peer_login,"PASSTHRU") != 0)) +- reply->header.delById(HDR_PROXY_AUTHENTICATE); ++ if ( !request->peer_login || (strcmp(request->peer_login,"PASS") != 0 && strcmp(request->peer_login,"PASSTHRU") != 0)) { ++#if USE_ADAPTATION ++ // but allow adaptation services to authenticate clients ++ // via request satisfaction ++ if (!http->requestSatisfactionMode()) ++#endif ++ reply->header.delById(HDR_PROXY_AUTHENTICATE); ++ } + + reply->header.removeHopByHopEntries(); + + +=== modified file 'src/client_side_request.h' +--- src/client_side_request.h 2016-01-01 00:14:27 +0000 ++++ src/client_side_request.h 2016-08-17 05:48:29 +0000 +@@ -140,6 +140,7 @@ + + public: + void startAdaptation(const Adaptation::ServiceGroupPointer &g); ++ bool requestSatisfactionMode() const { return request_satisfaction_mode; } + + // private but exposed for ClientRequestContext + void handleAdaptationFailure(int errDetail, bool bypassable = false); + diff --git a/src/patches/squid/squid-3.5-14075.patch b/src/patches/squid/squid-3.5-14075.patch new file mode 100644 index 000000000..8c0b5a3e9 --- /dev/null +++ b/src/patches/squid/squid-3.5-14075.patch @@ -0,0 +1,38 @@ +------------------------------------------------------------ +revno: 14075 +revision-id: squid3@treenet.co.nz-20160817133413-vdmm0d6kvo8bfszk +parent: squid3@treenet.co.nz-20160817054829-rl7q49ysi40sj01i +committer: Amos Jeffries +branch nick: 3.5 +timestamp: Thu 2016-08-18 01:34:13 +1200 +message: + Fix logic error in rev.13930 + + Using !=0 on both string compares means any login= value will permit + 40x responses through. Only PASS and PASSTHRU should be doing that. + + Detected by Coverity Scan. Issue 1364711 +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20160817133413-vdmm0d6kvo8bfszk +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: 31f0c4e0f435e0aa994ffe8937e4d4c58fed37f5 +# timestamp: 2016-08-17 13:34:59 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20160817054829-\ +# rl7q49ysi40sj01i +# +# Begin patch +=== modified file 'src/tunnel.cc' +--- src/tunnel.cc 2016-01-01 00:14:27 +0000 ++++ src/tunnel.cc 2016-08-17 13:34:13 +0000 +@@ -476,7 +476,7 @@ + + // we need to relay the 401/407 responses when login=PASS(THRU) + const char *pwd = server.conn->getPeer()->login; +- const bool relay = pwd && (strcmp(pwd, "PASS") != 0 || strcmp(pwd, "PASSTHRU") != 0) && ++ const bool relay = pwd && (strcmp(pwd, "PASS") == 0 || strcmp(pwd, "PASSTHRU") == 0) && + (*status_ptr == Http::scProxyAuthenticationRequired || + *status_ptr == Http::scUnauthorized); + +