webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

squid: Update to 3.5.23

Browse Source 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Matthias Fischer
2016-12-17 14:11:53 +01:00
committed by Michael Tremer
parent 3c22a549ab
commit a1bc7f3ab9
30 changed files with 3 additions and 2023 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
lfs/squid
View File

@@ -24,7 +24,7 @@
include Config
VER = 3.5.22
VER = 3.5.23
THISAPP = squid-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = afb82d2748c06c95815c171463b4aa14
$(DL_FILE)_MD5 = 9b68f689e3d9578932b9c6a4041037c2
install : $(TARGET)
@@ -70,35 +70,7 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14099.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14100.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14101.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14102.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14103.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14104.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14105.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14106.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14107.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14108.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14109.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14110.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14111.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14112.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14113.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14114.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14115.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14116.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14117.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14118.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14119.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14120.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14121.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14122.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14123.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14124.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14125.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14126.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.22-fix-max-file-descriptors.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.23-fix-max-file-descriptors.patch
cd $(DIR_APP) && autoreconf -vfi
cd $(DIR_APP)/libltdl && autoreconf -vfi

0
src/patches/squid-3.5.22-fix-max-file-descriptors.patch → src/patches/squid-3.5.23-fix-max-file-descriptors.patch
View File

65
src/patches/squid/squid-3.5-14099.patch
View File

@@ -1,65 +0,0 @@
------------------------------------------------------------
revno: 14099
revision-id: squid3@treenet.co.nz-20161015042024-jagzafukd2t6gcr0
parent: squid3@treenet.co.nz-20161009195739-pcju9hl8vqwijt26
author: Alex Rousskov <rousskov@measurement-factory.com>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sat 2016-10-15 17:20:24 +1300
message:
Fix build with eCAP but without ICAP support.
That is, when ./configured with --enable-ecap --disable-icap-client.
AccessLogEntry::icap requires ICAP_CLIENT, not just USE_ADAPTATION.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161015042024-jagzafukd2t6gcr0
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 4cd2e7bf4e2be0acd252963afc107537b17450fc
# timestamp: 2016-10-15 04:52:07 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161009195739-\
# pcju9hl8vqwijt26
#
# Begin patch
=== modified file 'src/format/Format.cc'
--- src/format/Format.cc 2016-09-16 11:53:28 +0000
+++ src/format/Format.cc 2016-10-15 04:20:24 +0000
@@ -318,7 +318,7 @@
actualReplyHeader(const AccessLogEntry::Pointer &al)
{
const HttpMsg *msg = al->reply;
-#if USE_ADAPTATION
+#if ICAP_CLIENT
// al->icap.reqMethod is methodNone in access.log context
if (!msg && al->icap.reqMethod == Adaptation::methodReqmod)
msg = al->adapted_request;
@@ -331,7 +331,7 @@
static const HttpMsg *
actualRequestHeader(const AccessLogEntry::Pointer &al)
{
-#if USE_ADAPTATION
+#if ICAP_CLIENT
// al->icap.reqMethod is methodNone in access.log context
if (al->icap.reqMethod == Adaptation::methodRespmod) {
// XXX: for now AccessLogEntry lacks virgin response headers
@@ -819,7 +819,7 @@
break;
case LFT_REQUEST_ALL_HEADERS:
-#if USE_ADAPTATION
+#if ICAP_CLIENT
if (al->icap.reqMethod == Adaptation::methodRespmod) {
// XXX: since AccessLogEntry::Headers lacks virgin response
// headers, do nothing for now
@@ -843,7 +843,7 @@
case LFT_REPLY_ALL_HEADERS:
out = al->headers.reply;
-#if USE_ADAPTATION
+#if ICAP_CLIENT
if (!out && al->icap.reqMethod == Adaptation::methodReqmod)
out = al->headers.adapted_request;
#endif

39
src/patches/squid/squid-3.5-14100.patch
View File

@@ -1,39 +0,0 @@
------------------------------------------------------------
revno: 14100
revision-id: squid3@treenet.co.nz-20161025081949-3sxzd0n4snmadlke
parent: squid3@treenet.co.nz-20161015042024-jagzafukd2t6gcr0
author: Christos Tsantilas <chtsanti@users.sourceforge.net>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Tue 2016-10-25 21:19:49 +1300
message:
Fix regression bug introduced by r14089.
Squid crashed because HttpMsg::body_pipe was used without check that it
was initialized. The message lacks body pipe when it has no body or
empty body.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161025081949-3sxzd0n4snmadlke
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 50468130801fc3ebf75129c103bcfe4be9b6d4b7
# timestamp: 2016-10-25 08:28:30 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161015042024-\
# jagzafukd2t6gcr0
#
# Begin patch
=== modified file 'src/adaptation/icap/ModXact.cc'
--- src/adaptation/icap/ModXact.cc 2016-09-16 18:50:04 +0000
+++ src/adaptation/icap/ModXact.cc 2016-10-25 08:19:49 +0000
@@ -1303,7 +1303,8 @@
virgin_msg = virgin_request_;
assert(virgin_msg != virgin.cause);
al.http.clientRequestSz.header = virgin_msg->hdr_sz;
- al.http.clientRequestSz.payloadData = virgin_msg->body_pipe->producedSize();
+ if (virgin_msg->body_pipe != NULL)
+ al.http.clientRequestSz.payloadData = virgin_msg->body_pipe->producedSize();
// leave al.icap.bodyBytesRead negative if no body
if (replyHttpHeaderSize >= 0 || replyHttpBodySize >= 0) {

59
src/patches/squid/squid-3.5-14101.patch
View File

@@ -1,59 +0,0 @@
------------------------------------------------------------
revno: 14101
revision-id: squid3@treenet.co.nz-20161025082349-4gds2nic8qcahkem
parent: squid3@treenet.co.nz-20161025081949-3sxzd0n4snmadlke
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Tue 2016-10-25 21:23:49 +1300
message:
Fix external_acl_type default children documentations
The max children has always been 5, not 20.
Also, make mgr:config report dumper actually hide only the real default
values. (sync with helper/ChildConfig.cc defaults)
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161025082349-4gds2nic8qcahkem
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 02234eff0589032ea31d911c20f792617eeb18a9
# timestamp: 2016-10-25 08:28:32 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161025081949-\
# 3sxzd0n4snmadlke
#
# Begin patch
=== modified file 'src/cf.data.pre'
--- src/cf.data.pre 2016-09-23 15:28:42 +0000
+++ src/cf.data.pre 2016-10-25 08:23:49 +0000
@@ -678,7 +678,7 @@
children-max=n
Maximum number of acl helper processes spawned to service
- external acl lookups of this type. (default 20)
+ external acl lookups of this type. (default 5)
children-startup=n
Minimum number of acl helper processes to spawn during
=== modified file 'src/external_acl.cc'
--- src/external_acl.cc 2016-05-17 18:14:16 +0000
+++ src/external_acl.cc 2016-10-25 08:23:49 +0000
@@ -474,13 +474,13 @@
if (node->children.n_max != DEFAULT_EXTERNAL_ACL_CHILDREN)
storeAppendPrintf(sentry, " children-max=%d", node->children.n_max);
- if (node->children.n_startup != 1)
+ if (node->children.n_startup != 0) // sync with helper/ChildConfig.cc default
storeAppendPrintf(sentry, " children-startup=%d", node->children.n_startup);
- if (node->children.n_idle != (node->children.n_max + node->children.n_startup) )
+ if (node->children.n_idle != 1) // sync with helper/ChildConfig.cc default
storeAppendPrintf(sentry, " children-idle=%d", node->children.n_idle);
- if (node->children.concurrency)
+ if (node->children.concurrency != 0)
storeAppendPrintf(sentry, " concurrency=%d", node->children.concurrency);
if (node->cache)

38
src/patches/squid/squid-3.5-14102.patch
View File

@@ -1,38 +0,0 @@
------------------------------------------------------------
revno: 14102
revision-id: squid3@treenet.co.nz-20161025082530-do632qnr9bwyk5et
parent: squid3@treenet.co.nz-20161025082349-4gds2nic8qcahkem
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4620
author: Takahiro Kambe <taca@back-street.net>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Tue 2016-10-25 21:25:30 +1300
message:
Bug 4620: NetBSD build error with --enable-ipf-transparent
On NetBSD sys/param.h must be included before netinet/ip_compat.h
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161025082530-do632qnr9bwyk5et
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: eedfc8764a631aa008fd4aba589ca08ee161c3a5
# timestamp: 2016-10-25 08:28:35 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161025082349-\
# 4gds2nic8qcahkem
#
# Begin patch
=== modified file 'src/ip/Intercept.cc'
--- src/ip/Intercept.cc 2016-10-09 00:14:14 +0000
+++ src/ip/Intercept.cc 2016-10-25 08:25:30 +0000
@@ -25,6 +25,9 @@
#define IPFILTER_VERSION 5000004
#endif
+#if HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
#if HAVE_SYS_IOCCOM_H
#include <sys/ioccom.h>
#endif

61
src/patches/squid/squid-3.5-14103.patch
View File

@@ -1,61 +0,0 @@
------------------------------------------------------------
revno: 14103
revision-id: squid3@treenet.co.nz-20161029232628-1y2u918re62uqs3v
parent: squid3@treenet.co.nz-20161025082530-do632qnr9bwyk5et
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4627
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sun 2016-10-30 12:26:28 +1300
message:
Bug 4627: fix generate-host-certificates and dynamic_cert_mem_cache_size docs
For Squid-3 the fix is just to update the documentation.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161029232628-1y2u918re62uqs3v
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: ea728cefc977ea5489da01b7a742821121c29476
# timestamp: 2016-10-29 23:51:13 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161025082530-\
# do632qnr9bwyk5et
#
# Begin patch
=== modified file 'src/cf.data.pre'
--- src/cf.data.pre 2016-10-25 08:23:49 +0000
+++ src/cf.data.pre 2016-10-29 23:26:28 +0000
@@ -1787,13 +1787,12 @@
certificate equals lifetime of the CA certificate. If
generated certificate is selfsigned lifetime is three
years.
- This option is enabled by default when ssl-bump is used.
- See the ssl-bump option above for more information.
+ This option is disabled by default. See the ssl-bump
+ option above for more information.
dynamic_cert_mem_cache_size=SIZE
Approximate total RAM size spent on cached generated
- certificates. If set to zero, caching is disabled. The
- default value is 4MB.
+ certificates. If set to zero, caching is disabled.
TLS / SSL Options:
@@ -2063,13 +2062,12 @@
certificate equals lifetime of CA certificate. If
generated certificate is selfsigned lifetime is three
years.
- This option is enabled by default when SslBump is used.
- See the sslBump option above for more information.
+ This option is disabled by default. See the ssl-bump
+ option above for more information.
dynamic_cert_mem_cache_size=SIZE
Approximate total RAM size spent on cached generated
- certificates. If set to zero, caching is disabled. The
- default value is 4MB.
+ certificates. If set to zero, caching is disabled.
See http_port for a list of available options.
DOC_END

66
src/patches/squid/squid-3.5-14104.patch
View File

@@ -1,66 +0,0 @@
------------------------------------------------------------
revno: 14104
revision-id: squid3@treenet.co.nz-20161030093816-7vwnk5zrrql2p5ks
parent: squid3@treenet.co.nz-20161029232628-1y2u918re62uqs3v
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sun 2016-10-30 22:38:16 +1300
message:
Copyright: add some missing blurbs and contributor details
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161030093816-7vwnk5zrrql2p5ks
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 8d44709a8f9c34926ce569e58aef82603a3d514b
# timestamp: 2016-10-30 09:40:44 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161029232628-\
# 1y2u918re62uqs3v
#
# Begin patch
=== modified file 'CONTRIBUTORS'
--- CONTRIBUTORS 2016-01-06 14:27:36 +0000
+++ CONTRIBUTORS 2016-10-30 09:38:16 +0000
@@ -211,6 +211,8 @@
Joe Ramey <ramey@jello.csc.ti.com>
Joerg Lehrke <jlehrke@noc.de>
Johnathan Conley <johnathan.conley@gmail.com>
+ John@MCC.ac.uk
+ John@Pharmweb.NET
John Dilley <jad@hpl.hp.com>
John M Cooper <john.cooper@yourcommunications.co.uk>
John Saunders <johns@rd.scitec.com.au>
=== modified file 'contrib/url-normalizer.pl'
--- contrib/url-normalizer.pl 1996-12-07 00:54:31 +0000
+++ contrib/url-normalizer.pl 2016-10-30 09:38:16 +0000
@@ -1,4 +1,11 @@
#!/usr/local/bin/perl -Tw
+#
+# * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
+# *
+# * Squid software is distributed under GPLv2+ license and includes
+# * contributions from numerous individuals and organizations.
+# * Please see the COPYING and CONTRIBUTORS files for details.
+#
# From: Markus Gyger <mgyger@itr.ch>
#
=== modified file 'contrib/user-agents.pl'
--- contrib/user-agents.pl 1996-12-07 00:28:56 +0000
+++ contrib/user-agents.pl 2016-10-30 09:38:16 +0000
@@ -1,5 +1,13 @@
#!/usr/bin/perl
#
+# * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
+# *
+# * Squid software is distributed under GPLv2+ license and includes
+# * contributions from numerous individuals and organizations.
+# * Please see the COPYING and CONTRIBUTORS files for details.
+#
+
+#
# John@MCC.ac.uk
# John@Pharmweb.NET

48
src/patches/squid/squid-3.5-14105.patch
View File

@@ -1,48 +0,0 @@
------------------------------------------------------------
revno: 14105
revision-id: squid3@treenet.co.nz-20161030093920-5f7f2px9ea08rxlq
parent: squid3@treenet.co.nz-20161030093816-7vwnk5zrrql2p5ks
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4567
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sun 2016-10-30 22:39:20 +1300
message:
Bug 4567: Strange IPv6 shown in access.log
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161030093920-5f7f2px9ea08rxlq
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 8dbae4e7fc5fb80afc6eee6800743abd1b1eaa47
# timestamp: 2016-10-30 09:40:47 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161030093816-\
# 7vwnk5zrrql2p5ks
#
# Begin patch
=== modified file 'src/AccessLogEntry.cc'
--- src/AccessLogEntry.cc 2016-01-01 00:14:27 +0000
+++ src/AccessLogEntry.cc 2016-10-30 09:39:20 +0000
@@ -30,14 +30,17 @@
log_ip = request->indirect_client_addr;
else
#endif
- if (tcpClient != NULL)
+ if (tcpClient)
log_ip = tcpClient->remote;
- else if (cache.caddr.isNoAddr()) { // e.g., ICAP OPTIONS lack client
- strncpy(buf, "-", bufsz);
- return;
- } else
+ else
log_ip = cache.caddr;
+ // internally generated requests (and some ICAP) lack client IP
+ if (log_ip.isNoAddr()) {
+ strncpy(buf, "-", bufsz);
+ return;
+ }
+
// Apply so-called 'privacy masking' to IPv4 clients
// - localhost IP is always shown in full
// - IPv4 clients masked with client_netmask

34
src/patches/squid/squid-3.5-14106.patch
View File

@@ -1,34 +0,0 @@
------------------------------------------------------------
revno: 14106
revision-id: squid3@treenet.co.nz-20161030094025-l4b8fdahoru8h16d
parent: squid3@treenet.co.nz-20161030093920-5f7f2px9ea08rxlq
author: Garri Djavadyan <garryd@comnet.uz>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sun 2016-10-30 22:40:25 +1300
message:
Fix debug message in ACLChecklist::bannedAction()
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161030094025-l4b8fdahoru8h16d
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 4fd7942b294096f5c27e3d460b6d4c79580443e1
# timestamp: 2016-10-30 09:40:49 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161030093920-\
# 5f7f2px9ea08rxlq
#
# Begin patch
=== modified file 'src/acl/Checklist.cc'
--- src/acl/Checklist.cc 2016-01-01 00:14:27 +0000
+++ src/acl/Checklist.cc 2016-10-30 09:40:25 +0000
@@ -397,7 +397,7 @@
ACLChecklist::bannedAction(const allow_t &action) const
{
const bool found = std::find(bannedActions_.begin(), bannedActions_.end(), action) != bannedActions_.end();
- debugs(28, 5, "Action '" << action << "/" << action.kind << (found ? " is " : "is not") << " banned");
+ debugs(28, 5, "Action '" << action << "/" << action.kind << (found ? "' is " : "' is not") << " banned");
return found;
}

56
src/patches/squid/squid-3.5-14107.patch
View File

@@ -1,56 +0,0 @@
------------------------------------------------------------
revno: 14107
revision-id: squid3@treenet.co.nz-20161030094503-rwdft21ffff44rns
parent: squid3@treenet.co.nz-20161030094025-l4b8fdahoru8h16d
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sun 2016-10-30 22:45:03 +1300
message:
HTTP/1.1: make Vary:* objects cacheable
Under new clauses from RFC 7231 section 7.1.4 and HTTP response
containing header Vary:* (wifcard variant) can be cached, but
requires revalidation with server before each use.
Use the new mandatory revalidation flags to allow storing of any
wildcard Vary:* response.
Note that responses with headers like Vary:A,B,C,* are equivalent
to Vary:*. The cache key string for these objects is normalized.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161030094503-rwdft21ffff44rns
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 2652a5a689745e31fc450e0dfd1c5c472f6d68d6
# timestamp: 2016-10-30 09:45:47 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161030094025-\
# l4b8fdahoru8h16d
#
# Begin patch
=== modified file 'src/http.cc'
--- src/http.cc 2016-10-09 19:47:26 +0000
+++ src/http.cc 2016-10-30 09:45:03 +0000
@@ -594,7 +594,7 @@
while (strListGetItem(&vary, ',', &item, &ilen, &pos)) {
SBuf name(item, ilen);
if (name == asterisk) {
- vstr.clear();
+ vstr = asterisk;
break;
}
name.toLower();
@@ -917,6 +917,12 @@
varyFailure = true;
} else {
entry->mem_obj->vary_headers = vary;
+
+ // RFC 7231 section 7.1.4
+ // Vary:* can be cached, but has mandatory revalidation
+ static const SBuf asterisk("*");
+ if (vary == asterisk)
+ EBIT_SET(entry->flags, ENTRY_REVALIDATE_ALWAYS);
}
}

33
src/patches/squid/squid-3.5-14108.patch
View File

@@ -1,33 +0,0 @@
------------------------------------------------------------
revno: 14108
revision-id: squid3@treenet.co.nz-20161101112231-k77st4up2sekl5zx
parent: squid3@treenet.co.nz-20161030094503-rwdft21ffff44rns
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Wed 2016-11-02 00:22:31 +1300
message:
Fix build issue after rev.14105
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161101112231-k77st4up2sekl5zx
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: fea1ede525ccb3ad7bf50e8de8f125a86a8dc016
# timestamp: 2016-11-01 11:51:06 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161030094503-\
# rwdft21ffff44rns
#
# Begin patch
=== modified file 'src/AccessLogEntry.cc'
--- src/AccessLogEntry.cc 2016-10-30 09:39:20 +0000
+++ src/AccessLogEntry.cc 2016-11-01 11:22:31 +0000
@@ -30,7 +30,7 @@
log_ip = request->indirect_client_addr;
else
#endif
- if (tcpClient)
+ if (tcpClient != NULL)
log_ip = tcpClient->remote;
else
log_ip = cache.caddr;

167
src/patches/squid/squid-3.5-14109.patch
View File

@@ -1,167 +0,0 @@
------------------------------------------------------------
revno: 14109
revision-id: squid3@treenet.co.nz-20161111060325-yh8chavvnzuvfh3h
parent: squid3@treenet.co.nz-20161101112231-k77st4up2sekl5zx
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3379
author: Garri Djavadyan <garryd@comnet.uz>, Amos Jeffries <squid3@treenet.co.nz>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Fri 2016-11-11 19:03:25 +1300
message:
Bug 3379: Combination of If-Match and a Cache Hit result in TCP Connection Failure
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161111060325-yh8chavvnzuvfh3h
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 50d66878a765925d9a64569b3c226bebdee1f736
# timestamp: 2016-11-11 06:10:37 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161101112231-\
# k77st4up2sekl5zx
#
# Begin patch
=== modified file 'src/client_side_reply.cc'
--- src/client_side_reply.cc 2016-10-09 19:47:26 +0000
+++ src/client_side_reply.cc 2016-11-11 06:03:25 +0000
@@ -589,6 +589,7 @@
debugs(88, 5, "negative-HIT");
http->logType = LOG_TCP_NEGATIVE_HIT;
sendMoreData(result);
+ return;
} else if (blockedHit()) {
debugs(88, 5, "send_hit forces a MISS");
http->logType = LOG_TCP_MISS;
@@ -641,27 +642,29 @@
http->logType = LOG_TCP_MISS;
processMiss();
}
+ return;
} else if (r->conditional()) {
debugs(88, 5, "conditional HIT");
- processConditional(result);
- } else {
- /*
- * plain ol' cache hit
- */
- debugs(88, 5, "plain old HIT");
+ if (processConditional(result))
+ return;
+ }
+
+ /*
+ * plain ol' cache hit
+ */
+ debugs(88, 5, "plain old HIT");
#if USE_DELAY_POOLS
- if (e->store_status != STORE_OK)
- http->logType = LOG_TCP_MISS;
- else
+ if (e->store_status != STORE_OK)
+ http->logType = LOG_TCP_MISS;
+ else
#endif
- if (e->mem_status == IN_MEMORY)
- http->logType = LOG_TCP_MEM_HIT;
- else if (Config.onoff.offline)
- http->logType = LOG_TCP_OFFLINE_HIT;
+ if (e->mem_status == IN_MEMORY)
+ http->logType = LOG_TCP_MEM_HIT;
+ else if (Config.onoff.offline)
+ http->logType = LOG_TCP_OFFLINE_HIT;
- sendMoreData(result);
- }
+ sendMoreData(result);
}
/**
@@ -755,17 +758,16 @@
}
/// process conditional request from client
-void
+bool
clientReplyContext::processConditional(StoreIOBuffer &result)
{
StoreEntry *const e = http->storeEntry();
if (e->getReply()->sline.status() != Http::scOkay) {
- debugs(88, 4, "clientReplyContext::processConditional: Reply code " <<
- e->getReply()->sline.status() << " != 200");
+ debugs(88, 4, "Reply code " << e->getReply()->sline.status() << " != 200");
http->logType = LOG_TCP_MISS;
processMiss();
- return;
+ return true;
}
HttpRequest &r = *http->request;
@@ -773,7 +775,7 @@
if (r.header.has(HDR_IF_MATCH) && !e->hasIfMatchEtag(r)) {
// RFC 2616: reply with 412 Precondition Failed if If-Match did not match
sendPreconditionFailedError();
- return;
+ return true;
}
bool matchedIfNoneMatch = false;
@@ -786,14 +788,14 @@
r.header.delById(HDR_IF_MODIFIED_SINCE);
http->logType = LOG_TCP_MISS;
sendMoreData(result);
- return;
+ return true;
}
if (!r.flags.ims) {
// RFC 2616: if If-None-Match matched and there is no IMS,
// reply with 304 Not Modified or 412 Precondition Failed
sendNotModifiedOrPreconditionFailedError();
- return;
+ return true;
}
// otherwise check IMS below to decide if we reply with 304 or 412
@@ -805,19 +807,20 @@
if (e->modifiedSince(r.ims, r.imslen)) {
http->logType = LOG_TCP_IMS_HIT;
sendMoreData(result);
- return;
- }
- if (matchedIfNoneMatch) {
+ } else if (matchedIfNoneMatch) {
// If-None-Match matched, reply with 304 Not Modified or
// 412 Precondition Failed
sendNotModifiedOrPreconditionFailedError();
- return;
+
+ } else {
+ // otherwise reply with 304 Not Modified
+ sendNotModified();
}
-
- // otherwise reply with 304 Not Modified
- sendNotModified();
+ return true;
}
+
+ return false;
}
/// whether squid.conf send_hit prevents us from serving this hit
=== modified file 'src/client_side_reply.h'
--- src/client_side_reply.h 2016-09-23 15:28:42 +0000
+++ src/client_side_reply.h 2016-11-11 06:03:25 +0000
@@ -114,7 +114,7 @@
bool alwaysAllowResponse(Http::StatusCode sline) const;
int checkTransferDone();
void processOnlyIfCachedMiss();
- void processConditional(StoreIOBuffer &result);
+ bool processConditional(StoreIOBuffer &result);
void cacheHit(StoreIOBuffer result);
void handleIMSReply(StoreIOBuffer result);
void sendMoreData(StoreIOBuffer result);

102
src/patches/squid/squid-3.5-14110.patch
View File

@@ -1,102 +0,0 @@
------------------------------------------------------------
revno: 14110
revision-id: squid3@treenet.co.nz-20161114105124-46hmtnsg8uj4owxz
parent: squid3@treenet.co.nz-20161111060325-yh8chavvnzuvfh3h
author: Christos Tsantilas <chtsanti@users.sourceforge.net>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Mon 2016-11-14 23:51:24 +1300
message:
Fix ssl::server_name ACL badly broken since inception.
The original server_name code mishandled all SNI checks and some rare
host checks:
* The SNI-derived value was pointing to an already freed memory storage.
* Missing host-derived values were not detected (host() is never nil).
* Mismatches were re-checked with an undocumented "none" value
instead of being treated as mismatches.
Same for ssl::server_name_regex.
Also set SNI for more server-first and client-first transactions.
This is a Measurement Factory project.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161114105124-46hmtnsg8uj4owxz
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 46aadc410b46d91d597218961dbf1c634fb834fb
# timestamp: 2016-11-14 10:56:00 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161111060325-\
# yh8chavvnzuvfh3h
#
# Begin patch
=== modified file 'src/acl/ServerName.cc'
--- src/acl/ServerName.cc 2016-09-08 12:27:06 +0000
+++ src/acl/ServerName.cc 2016-11-14 10:51:24 +0000
@@ -90,27 +90,28 @@
{
assert(checklist != NULL && checklist->request != NULL);
- if (checklist->conn() && checklist->conn()->serverBump()) {
- if (X509 *peer_cert = checklist->conn()->serverBump()->serverCert.get()) {
- if (Ssl::matchX509CommonNames(peer_cert, (void *)data, check_cert_domain<MatchType>))
- return 1;
- }
- }
-
const char *serverName = NULL;
- if (checklist->conn() && !checklist->conn()->sslCommonName().isEmpty()) {
- SBuf scn = checklist->conn()->sslCommonName();
- serverName = scn.c_str();
- }
-
- if (serverName == NULL)
- serverName = checklist->request->GetHost();
-
- if (serverName && data->match(serverName)) {
- return 1;
- }
-
- return data->match("none");
+ SBuf serverNameKeeper; // because c_str() is not constant
+ if (ConnStateData *conn = checklist->conn()) {
+ if (conn->serverBump()) {
+ if (X509 *peer_cert = conn->serverBump()->serverCert.get())
+ return Ssl::matchX509CommonNames(peer_cert, (void *)data, check_cert_domain<MatchType>);
+ }
+
+ if (conn->sslCommonName().isEmpty()) {
+ const char *host = checklist->request->GetHost();
+ if (host && *host) // paranoid first condition: host() is never nil
+ serverName = host;
+ } else {
+ serverNameKeeper = conn->sslCommonName();
+ serverName = serverNameKeeper.c_str();
+ }
+ }
+
+ if (!serverName)
+ serverName = "none";
+
+ return data->match(serverName);
}
ACLServerNameStrategy *
=== modified file 'src/cf.data.pre'
--- src/cf.data.pre 2016-10-29 23:26:28 +0000
+++ src/cf.data.pre 2016-11-14 10:51:24 +0000
@@ -1167,6 +1167,9 @@
# During each Ssl-Bump step, Squid may improve its understanding of a
# "true server name". Unlike dstdomain, this ACL does not perform
# DNS lookups.
+ # The "none" name can be used to match transactions where Squid
+ # could not compute the server name using any information source
+ # already available at the ACL evaluation time.
acl aclname ssl::server_name_regex [-i] \.foo\.com ...
# regex matches server name obtained from various sources [fast]

43
src/patches/squid/squid-3.5-14111.patch
View File

@@ -1,43 +0,0 @@
------------------------------------------------------------
revno: 14111
revision-id: squid3@treenet.co.nz-20161114105434-f1uvw2lu8l4lpgay
parent: squid3@treenet.co.nz-20161114105124-46hmtnsg8uj4owxz
author: Garri Djavadyan <garryd@comnet.uz>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Mon 2016-11-14 23:54:34 +1300
message:
Fix spelling for digest nonce cache maintenance event
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161114105434-f1uvw2lu8l4lpgay
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 8c91678868beb689db5e0e6eaa6911c44f503ac8
# timestamp: 2016-11-14 10:56:03 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161114105124-\
# 46hmtnsg8uj4owxz
#
# Begin patch
=== modified file 'src/auth/digest/Config.cc'
--- src/auth/digest/Config.cc 2016-01-01 00:14:27 +0000
+++ src/auth/digest/Config.cc 2016-11-14 10:54:34 +0000
@@ -204,7 +204,7 @@
if (!digest_nonce_cache) {
digest_nonce_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string);
assert(digest_nonce_cache);
- eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->nonceGCInterval, 1);
+ eventAdd("Digest nonce cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->nonceGCInterval, 1);
}
}
@@ -268,7 +268,7 @@
debugs(29, 3, "Finished cleaning the nonce cache.");
if (static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->active())
- eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->nonceGCInterval, 1);
+ eventAdd("Digest nonce cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->nonceGCInterval, 1);
}
static void

60
src/patches/squid/squid-3.5-14112.patch
View File

@@ -1,60 +0,0 @@
------------------------------------------------------------
revno: 14112
revision-id: squid3@treenet.co.nz-20161114124051-s0vzoj5exv5g8w56
parent: squid3@treenet.co.nz-20161114105434-f1uvw2lu8l4lpgay
author: Alex Rousskov <rousskov@measurement-factory.com>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Tue 2016-11-15 01:40:51 +1300
message:
Honor SBufReservationRequirements::minSize regardless of idealSize.
In a fully specified SBufReservationRequirements, idealSize would
naturally match or exceed minSize. However, the idealSize default value
(zero) may not. We should honor minSize regardless of idealSize, just as
the API documentation promises to do.
No runtime changes expected right now because the only existing user of
SBufReservationRequirements sets .idealSize to CLIENT_REQ_BUF_SZ (4096)
and .minSize to 1024.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161114124051-s0vzoj5exv5g8w56
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: fb0969aa035352582364b529a70286cbfd89564a
# timestamp: 2016-11-14 12:43:10 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161114105434-\
# f1uvw2lu8l4lpgay
#
# Begin patch
=== modified file 'src/SBuf.cc'
--- src/SBuf.cc 2016-06-18 13:36:07 +0000
+++ src/SBuf.cc 2016-11-14 12:40:51 +0000
@@ -178,7 +178,8 @@
if (!mustRealloc && len_ >= req.maxCapacity)
return spaceSize(); // but we cannot reallocate
- const size_type newSpace = std::min(req.idealSpace, maxSize - len_);
+ const size_type desiredSpace = std::max(req.minSpace, req.idealSpace);
+ const size_type newSpace = std::min(desiredSpace, maxSize - len_);
reserveCapacity(std::min(len_ + newSpace, req.maxCapacity));
debugs(24, 7, id << " now: " << off_ << '+' << len_ << '+' << spaceSize() <<
'=' << store_->capacity);
=== modified file 'src/SBuf.h'
--- src/SBuf.h 2016-06-18 13:36:07 +0000
+++ src/SBuf.h 2016-11-14 12:40:51 +0000
@@ -635,9 +635,10 @@
/*
* Parameters are listed in the reverse order of importance: Satisfaction of
* the lower-listed requirements may violate the higher-listed requirements.
+ * For example, idealSpace has no effect unless it exceeds minSpace.
*/
size_type idealSpace; ///< if allocating anyway, provide this much space
- size_type minSpace; ///< allocate if spaceSize() is smaller
+ size_type minSpace; ///< allocate [at least this much] if spaceSize() is smaller
size_type maxCapacity; ///< do not allocate more than this
bool allowShared; ///< whether sharing our storage with others is OK
};

47
src/patches/squid/squid-3.5-14113.patch
View File

@@ -1,47 +0,0 @@
------------------------------------------------------------
revno: 14113
revision-id: squid3@treenet.co.nz-20161115075728-2xj2621oh5bwn8wn
parent: squid3@treenet.co.nz-20161114124051-s0vzoj5exv5g8w56
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Tue 2016-11-15 20:57:28 +1300
message:
TLS: Make key= before cert= an error instead of quietly hiding the issue
This squid.conf setup is fatal in Squid-4. So best to fix these installations.
Even though Squdi-3 can cope with it.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161115075728-2xj2621oh5bwn8wn
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: a18738f4cbf0c1bd368e61d4b19c5d6f5005b919
# timestamp: 2016-11-15 07:58:39 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161114124051-\
# s0vzoj5exv5g8w56
#
# Begin patch
=== modified file 'src/cache_cf.cc'
--- src/cache_cf.cc 2016-09-23 11:11:48 +0000
+++ src/cache_cf.cc 2016-11-15 07:57:28 +0000
@@ -2257,6 +2257,9 @@
safe_free(p->sslcert);
p->sslcert = xstrdup(token + 8);
} else if (strncmp(token, "sslkey=", 7) == 0) {
+ if (!p->sslcert) {
+ debugs(3, DBG_CRITICAL, "ERROR: " << cfg_directive << ": sslcert= option must be set before sslkey= is used.");
+ }
safe_free(p->sslkey);
p->sslkey = xstrdup(token + 7);
} else if (strncmp(token, "sslversion=", 11) == 0) {
@@ -3729,6 +3732,9 @@
safe_free(s->cert);
s->cert = xstrdup(token + 5);
} else if (strncmp(token, "key=", 4) == 0) {
+ if (!s->cert) {
+ debugs(3, DBG_CRITICAL, "ERROR: " << cfg_directive << ": cert= option must be set before key= is used.");
+ }
safe_free(s->key);
s->key = xstrdup(token + 4);
} else if (strncmp(token, "version=", 8) == 0) {

46
src/patches/squid/squid-3.5-14114.patch
View File

@@ -1,46 +0,0 @@
------------------------------------------------------------
revno: 14114
revision-id: squid3@treenet.co.nz-20161130154205-c9z1bhqzuh3rafl3
parent: squid3@treenet.co.nz-20161115075728-2xj2621oh5bwn8wn
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Thu 2016-12-01 04:42:05 +1300
message:
Improve debugs warnings when loading signing certs fails
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161130154205-c9z1bhqzuh3rafl3
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: e760bf590489a354e314f19dd158b063d23ef7a7
# timestamp: 2016-11-30 15:51:47 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161115075728-\
# 2xj2621oh5bwn8wn
#
# Begin patch
=== modified file 'src/ssl/support.cc'
--- src/ssl/support.cc 2016-10-09 14:30:11 +0000
+++ src/ssl/support.cc 2016-11-30 15:42:05 +0000
@@ -2011,10 +2011,17 @@
pem_password_cb *cb = ::Config.Program.ssl_password ? &ssl_ask_password_cb : NULL;
pkey.reset(readSslPrivateKey(keyFilename, cb));
cert.reset(readSslX509CertificatesChain(certFilename, chain.get()));
- if (!pkey || !cert || !X509_check_private_key(cert.get(), pkey.get())) {
- pkey.reset(NULL);
- cert.reset(NULL);
- }
+ if (!cert) {
+ debugs(83, DBG_IMPORTANT, "WARNING: missing cert in '" << certFilename << "'");
+ } else if (!pkey) {
+ debugs(83, DBG_IMPORTANT, "WARNING: missing private key in '" << keyFilename << "'");
+ } else if (!X509_check_private_key(cert.get(), pkey.get())) {
+ debugs(83, DBG_IMPORTANT, "WARNING: X509_check_private_key() failed to verify signing cert");
+ } else
+ return; // everything is okay
+
+ pkey.reset(NULL);
+ cert.reset(NULL);
}
bool Ssl::generateUntrustedCert(X509_Pointer &untrustedCert, EVP_PKEY_Pointer &untrustedPkey, X509_Pointer const &cert, EVP_PKEY_Pointer const & pkey)

197
src/patches/squid/squid-3.5-14115.patch
View File

@@ -1,197 +0,0 @@
------------------------------------------------------------
revno: 14115
revision-id: squid3@treenet.co.nz-20161130215630-c42qucqar9bi9a1k
parent: squid3@treenet.co.nz-20161130154205-c9z1bhqzuh3rafl3
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4004
author: Christos Tsantilas <chtsanti@users.sourceforge.net>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Thu 2016-12-01 10:56:30 +1300
message:
Bug 4004 partial: Fix segfault via Ftp::Client::readControlReply
Added nil dereference checks for Ftp::Client::ctrl.conn, including:
- Ftp::Client::handlePasvReply() and handleEpsvReply() that dereference
ctrl.conn in DBG_IMPORTANT messages.
- Many functions inside FtpClient.cc and FtpGateway.cc files.
TODO: We need to find a better way to handle nil ctrl.conn. It is only
a matter of time when we forget to add another dereference check or
discover a place we missed during this change.
Also disabled forwarding of EPRT and PORT commands to origin servers.
Squid support for those commands is broken and their forwarding may
cause segfaults (bug #4004). Active FTP is still supported, of course.
This is a Measurement Factory project
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161130215630-c42qucqar9bi9a1k
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 345883c1b5a5cd221e9d0e68b254df7d955372ad
# timestamp: 2016-11-30 22:42:02 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161130154205-\
# c9z1bhqzuh3rafl3
#
# Begin patch
=== modified file 'src/clients/FtpClient.cc'
--- src/clients/FtpClient.cc 2016-08-05 14:59:33 +0000
+++ src/clients/FtpClient.cc 2016-11-30 21:56:30 +0000
@@ -442,6 +442,11 @@
char *buf;
debugs(9, 3, status());
+ if (!Comm::IsConnOpen(ctrl.conn)) {
+ debugs(9, 5, "The control connection to the remote end is closed");
+ return false;
+ }
+
if (code != 227) {
debugs(9, 2, "PASV not supported by remote end");
return false;
@@ -473,6 +478,11 @@
char *buf;
debugs(9, 3, status());
+ if (!Comm::IsConnOpen(ctrl.conn)) {
+ debugs(9, 5, "The control connection to the remote end is closed");
+ return false;
+ }
+
if (code != 229 && code != 522) {
if (code == 200) {
/* handle broken servers (RFC 2428 says OK code for EPSV MUST be 229 not 200) */
@@ -733,6 +743,11 @@
void
Ftp::Client::connectDataChannel()
{
+ if (!Comm::IsConnOpen(ctrl.conn)) {
+ debugs(9, 5, "The control connection to the remote end is closed");
+ return;
+ }
+
safe_free(ctrl.last_command);
safe_free(ctrl.last_reply);
=== modified file 'src/clients/FtpGateway.cc'
--- src/clients/FtpGateway.cc 2016-01-31 05:39:09 +0000
+++ src/clients/FtpGateway.cc 2016-11-30 21:56:30 +0000
@@ -212,7 +212,9 @@
static FTPSM ftpReadMdtm;
static FTPSM ftpSendSize;
static FTPSM ftpReadSize;
+#if 0
static FTPSM ftpSendEPRT;
+#endif
static FTPSM ftpReadEPRT;
static FTPSM ftpSendPORT;
static FTPSM ftpReadPORT;
@@ -450,6 +452,11 @@
void
Ftp::Gateway::listenForDataChannel(const Comm::ConnectionPointer &conn)
{
+ if (!Comm::IsConnOpen(ctrl.conn)) {
+ debugs(9, 5, "The control connection to the remote end is closed");
+ return;
+ }
+
assert(!Comm::IsConnOpen(data.conn));
typedef CommCbMemFunT<Gateway, CommAcceptCbParams> AcceptDialer;
@@ -1183,7 +1190,7 @@
checkUrlpath();
buildTitleUrl();
- debugs(9, 5, HERE << "FD " << ctrl.conn->fd << " : host=" << request->GetHost() <<
+ debugs(9, 5, "FD " << (ctrl.conn != NULL ? ctrl.conn->fd : -1) << " : host=" << request->GetHost() <<
", path=" << request->urlpath << ", user=" << user << ", passwd=" << password);
state = BEGIN;
Ftp::Client::start();
@@ -1750,7 +1757,9 @@
if (ftpState->handlePasvReply(srvAddr))
ftpState->connectDataChannel();
else {
- ftpSendEPRT(ftpState);
+ ftpFail(ftpState);
+ // Currently disabled, does not work correctly:
+ // ftpSendEPRT(ftpState);
return;
}
}
@@ -1790,6 +1799,11 @@
}
safe_free(ftpState->data.host);
+ if (!Comm::IsConnOpen(ftpState->ctrl.conn)) {
+ debugs(9, 5, "The control connection to the remote end is closed");
+ return;
+ }
+
/*
* Set up a listen socket on the same local address as the
* control connection.
@@ -1875,9 +1889,14 @@
ftpRestOrList(ftpState);
}
+#if 0
static void
ftpSendEPRT(Ftp::Gateway * ftpState)
{
+ /* check the server control channel is still available */
+ if (!ftpState || !ftpState->haveControlChannel("ftpSendEPRT"))
+ return;
+
if (Config.Ftp.epsv_all && ftpState->flags.epsv_all_sent) {
debugs(9, DBG_IMPORTANT, "FTP does not allow EPRT method after 'EPSV ALL' has been sent.");
return;
@@ -1913,6 +1932,7 @@
ftpState->writeCommand(cbuf);
ftpState->state = Ftp::Client::SENT_EPRT;
}
+#endif
static void
ftpReadEPRT(Ftp::Gateway * ftpState)
@@ -1939,10 +1959,8 @@
{
debugs(9, 3, HERE);
- if (EBIT_TEST(entry->flags, ENTRY_ABORTED)) {
- abortAll("entry aborted when accepting data conn");
- data.listenConn->close();
- data.listenConn = NULL;
+ if (!Comm::IsConnOpen(ctrl.conn)) { /*Close handlers will cleanup*/
+ debugs(9, 5, "The control connection to the remote end is closed");
return;
}
@@ -1955,6 +1973,14 @@
return;
}
+ if (EBIT_TEST(entry->flags, ENTRY_ABORTED)) {
+ abortAll("entry aborted when accepting data conn");
+ data.listenConn->close();
+ data.listenConn = NULL;
+ io.conn->close();
+ return;
+ }
+
/* data listening conn is no longer even open. abort. */
if (!Comm::IsConnOpen(data.listenConn)) {
data.listenConn = NULL; // ensure that it's cleared and not just closed.
@@ -2705,8 +2731,8 @@
Ftp::Gateway::completeForwarding()
{
if (fwd == NULL || flags.completed_forwarding) {
- debugs(9, 3, HERE << "completeForwarding avoids " <<
- "double-complete on FD " << ctrl.conn->fd << ", Data FD " << data.conn->fd <<
+ debugs(9, 3, "avoid double-complete on FD " <<
+ (ctrl.conn != NULL ? ctrl.conn->fd : -1) << ", Data FD " << data.conn->fd <<
", this " << this << ", fwd " << fwd);
return;
}

38
src/patches/squid/squid-3.5-14116.patch
View File

@@ -1,38 +0,0 @@
------------------------------------------------------------
revno: 14116
revision-id: squid3@treenet.co.nz-20161130223332-zcaxll4prj3kag1b
parent: squid3@treenet.co.nz-20161130215630-c42qucqar9bi9a1k
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3533
author: Garri Djavadyan <garryd@comnet.uz>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Thu 2016-12-01 11:33:32 +1300
message:
Bug 3533: Cache still valid after HTTP/1.1 303 See Other
RFC7231 does not mention 303 response as non-cacheable.
So, assuming that means it *is* cacheable.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161130223332-zcaxll4prj3kag1b
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: c90320c95a4b64c8d18794fbe5df526fe0f9f702
# timestamp: 2016-11-30 22:42:05 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161130215630-\
# c42qucqar9bi9a1k
#
# Begin patch
=== modified file 'src/http.cc'
--- src/http.cc 2016-10-30 09:45:03 +0000
+++ src/http.cc 2016-11-30 22:33:32 +0000
@@ -203,6 +203,8 @@
case Http::scFound:
+ case Http::scSeeOther:
+
case Http::scGone:
case Http::scNotFound:

152
src/patches/squid/squid-3.5-14117.patch
View File

@@ -1,152 +0,0 @@
------------------------------------------------------------
revno: 14117
revision-id: squid3@treenet.co.nz-20161130232039-z18ikhhcf3j185my
parent: squid3@treenet.co.nz-20161130223332-zcaxll4prj3kag1b
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4007
author: Stephen Baynes <sbaynes@mail.com>, Amos Jeffries <squid3@treenet.co.nz>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Thu 2016-12-01 12:20:39 +1300
message:
Bug 4007: Hang on DNS query with dead-end CNAME
DNS lookup recursion no longer occurs. ipcacheParse() return values are no
longer useful.
Also, cleanup the debugging output.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161130232039-z18ikhhcf3j185my
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 9059c7a07e5366bd2eac606c72f875077766ed34
# timestamp: 2016-11-30 23:27:11 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161130223332-\
# zcaxll4prj3kag1b
#
# Begin patch
=== modified file 'src/ipcache.cc'
--- src/ipcache.cc 2016-01-01 00:14:27 +0000
+++ src/ipcache.cc 2016-11-30 23:20:39 +0000
@@ -123,7 +123,6 @@
static FREE ipcacheFreeEntry;
static IDNSCB ipcacheHandleReply;
static int ipcacheExpiredEntry(ipcache_entry *);
-static int ipcacheParse(ipcache_entry *, const rfc1035_rr *, int, const char *error);
static ipcache_entry *ipcache_get(const char *);
static void ipcacheLockEntry(ipcache_entry *);
static void ipcacheStatPrint(ipcache_entry *, StoreEntry *);
@@ -328,8 +327,7 @@
ipcacheUnlockEntry(i);
}
-/// \ingroup IPCacheAPI
-static int
+static void
ipcacheParse(ipcache_entry *i, const rfc1035_rr * answers, int nr, const char *error_message)
{
int k;
@@ -350,25 +348,25 @@
i->addrs.count = 0;
if (nr < 0) {
- debugs(14, 3, "ipcacheParse: Lookup failed '" << error_message << "' for '" << (const char *)i->hash.key << "'");
+ debugs(14, 3, "Lookup failed '" << error_message << "' for '" << (const char *)i->hash.key << "'");
i->error_message = xstrdup(error_message);
- return -1;
+ return;
}
if (nr == 0) {
- debugs(14, 3, "ipcacheParse: No DNS records in response to '" << name << "'");
+ debugs(14, 3, "No DNS records in response to '" << name << "'");
i->error_message = xstrdup("No DNS records");
- return -1;
+ return;
}
- debugs(14, 3, "ipcacheParse: " << nr << " answers for '" << name << "'");
+ debugs(14, 3, nr << " answers for '" << name << "'");
assert(answers);
for (k = 0; k < nr; ++k) {
if (Ip::EnableIpv6 && answers[k].type == RFC1035_TYPE_AAAA) {
if (answers[k].rdlength != sizeof(struct in6_addr)) {
- debugs(14, DBG_IMPORTANT, "ipcacheParse: Invalid IPv6 address in response to '" << name << "'");
+ debugs(14, DBG_IMPORTANT, MYNAME << "Invalid IPv6 address in response to '" << name << "'");
continue;
}
++na;
@@ -378,7 +376,7 @@
if (answers[k].type == RFC1035_TYPE_A) {
if (answers[k].rdlength != sizeof(struct in_addr)) {
- debugs(14, DBG_IMPORTANT, "ipcacheParse: Invalid IPv4 address in response to '" << name << "'");
+ debugs(14, DBG_IMPORTANT, MYNAME << "Invalid IPv4 address in response to '" << name << "'");
continue;
}
++na;
@@ -394,14 +392,14 @@
}
// otherwise its an unknown RR. debug at level 9 since we usually want to ignore these and they are common.
- debugs(14, 9, HERE << "Unknown RR type received: type=" << answers[k].type << " starting at " << &(answers[k]) );
+ debugs(14, 9, "Unknown RR type received: type=" << answers[k].type << " starting at " << &(answers[k]) );
}
if (na == 0) {
- debugs(14, DBG_IMPORTANT, "ipcacheParse: No Address records in response to '" << name << "'");
+ debugs(14, DBG_IMPORTANT, MYNAME << "No Address records in response to '" << name << "'");
i->error_message = xstrdup("No Address records");
if (cname_found)
++IpcacheStats.cname_only;
- return 0;
+ return;
}
i->addrs.in_addrs = static_cast<Ip::Address *>(xcalloc(na, sizeof(Ip::Address)));
@@ -419,7 +417,7 @@
memcpy(&temp, answers[k].rdata, sizeof(struct in_addr));
i->addrs.in_addrs[j] = temp;
- debugs(14, 3, "ipcacheParse: " << name << " #" << j << " " << i->addrs.in_addrs[j]);
+ debugs(14, 3, name << " #" << j << " " << i->addrs.in_addrs[j]);
++j;
} else if (Ip::EnableIpv6 && answers[k].type == RFC1035_TYPE_AAAA) {
@@ -430,7 +428,7 @@
memcpy(&temp, answers[k].rdata, sizeof(struct in6_addr));
i->addrs.in_addrs[j] = temp;
- debugs(14, 3, "ipcacheParse: " << name << " #" << j << " " << i->addrs.in_addrs[j] );
+ debugs(14, 3, name << " #" << j << " " << i->addrs.in_addrs[j] );
++j;
}
if (ttl == 0 || (int) answers[k].ttl < ttl)
@@ -453,8 +451,6 @@
i->expires = squid_curtime + ttl;
i->flags.negcached = false;
-
- return i->addrs.count;
}
/// \ingroup IPCacheInternal
@@ -467,13 +463,9 @@
const int age = i->age();
statCounter.dns.svcTime.count(age);
- int done = ipcacheParse(i, answers, na, error_message);
-
- /* If we have not produced either IPs or Error immediately, wait for recursion to finish. */
- if (done != 0 || error_message != NULL) {
- ipcacheAddEntry(i);
- ipcacheCallback(i, age);
- }
+ ipcacheParse(i, answers, na, error_message);
+ ipcacheAddEntry(i);
+ ipcacheCallback(i, age);
}
/**

55
src/patches/squid/squid-3.5-14118.patch
View File

@@ -1,55 +0,0 @@
------------------------------------------------------------
revno: 14118
revision-id: squid3@treenet.co.nz-20161130233304-lk3q0bx8gn5l3l85
parent: squid3@treenet.co.nz-20161130232039-z18ikhhcf3j185my
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3290
author: Garri Djavadyan <garryd@comnet.uz>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Thu 2016-12-01 12:33:04 +1300
message:
Bug 3290: authenticate_ttl not working for digest authentication
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161130233304-lk3q0bx8gn5l3l85
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 50ff391db1484222ead5fb50b1bca0694c37ed4c
# timestamp: 2016-11-30 23:34:59 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161130232039-\
# z18ikhhcf3j185my
#
# Begin patch
=== modified file 'src/auth/digest/Config.cc'
--- src/auth/digest/Config.cc 2016-11-14 10:54:34 +0000
+++ src/auth/digest/Config.cc 2016-11-30 23:33:04 +0000
@@ -1058,6 +1058,10 @@
* the user agent won't change user name without warning.
*/
authDigestUserLinkNonce(digest_user, nonce);
+
+ /* auth_user is now linked, we reset these values
+ * after external auth occurs anyway */
+ auth_user->expiretime = current_time.tv_sec;
} else {
debugs(29, 9, "Found user '" << username << "' in the user cache as '" << auth_user << "'");
digest_user = static_cast<Auth::Digest::User *>(auth_user.getRaw());
=== modified file 'src/auth/digest/UserRequest.cc'
--- src/auth/digest/UserRequest.cc 2016-01-01 00:14:27 +0000
+++ src/auth/digest/UserRequest.cc 2016-11-30 23:33:04 +0000
@@ -187,12 +187,7 @@
auth_user->credentials(Auth::Ok);
/* password was checked and did match */
- debugs(29, 4, HERE << "user '" << auth_user->username() << "' validated OK");
-
- /* auth_user is now linked, we reset these values
- * after external auth occurs anyway */
- auth_user->expiretime = current_time.tv_sec;
- return;
+ debugs(29, 4, "user '" << auth_user->username() << "' validated OK");
}
Auth::Direction

184
src/patches/squid/squid-3.5-14119.patch
View File

@@ -1,184 +0,0 @@
------------------------------------------------------------
revno: 14119
revision-id: squid3@treenet.co.nz-20161209015833-xm965d5l6u03qhew
parent: squid3@treenet.co.nz-20161130233304-lk3q0bx8gn5l3l85
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4174
author: Christos Tsantilas <chtsanti@users.sourceforge.net>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Fri 2016-12-09 14:58:33 +1300
message:
Bug 4174 partial: fix Write.cc:41 "!ccb->active()" assertion.
The following sequence of events triggers this assertion:
- The server sends an 1xx control message.
- http.cc schedules ConnStateData::sendControlMsg call.
- Before sendControlMsg is fired, http.cc detects an error (e.g., I/O
error or timeout) and starts writing the reply to the user.
- The ConnStateData::sendControlMsg is fired, starts writing 1xx, and
hits the "no concurrent writes" assertion.
We could only reproduce this sequence in the lab after changing Squid
code to trigger a timeout at the right moment, but the sequence looks
plausible. Other event sequences might result in the same outcome.
To avoid concurrent writes, Squid now drops the control message if
Http::One::Server detects that a reply is already being written. Also,
ConnStateData delays reply writing until a pending control message write
has been completed.
This is a Measurement Factory project.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161209015833-xm965d5l6u03qhew
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 103c6fc1fa45d78ba7f9e85ab3d89fff898ee762
# timestamp: 2016-12-09 02:51:06 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161130233304-\
# lk3q0bx8gn5l3l85
#
# Begin patch
=== modified file 'src/client_side.cc'
--- src/client_side.cc 2016-09-23 20:49:24 +0000
+++ src/client_side.cc 2016-12-09 01:58:33 +0000
@@ -340,7 +340,21 @@
AsyncCall::Pointer call = commCbCall(33, 5, "ClientSocketContext::wroteControlMsg",
CommIoCbPtrFun(&WroteControlMsg, this));
- getConn()->writeControlMsgAndCall(this, rep.getRaw(), call);
+ if (!getConn()->writeControlMsgAndCall(this, rep.getRaw(), call)) {
+ // but still inform the caller (so it may resume its operation)
+ doneWithControlMsg();
+ }
+}
+
+void
+ClientSocketContext::doneWithControlMsg()
+{
+ ScheduleCallHere(cbControlMsgSent);
+ cbControlMsgSent = NULL;
+
+ debugs(33, 3, clientConnection << ": calling PushDeferredIfNeeded after control msg wrote");
+ ClientSocketContextPushDeferredIfNeeded(this, getConn());
+
}
/// called when we wrote the 1xx response
@@ -351,7 +365,7 @@
return;
if (errflag == Comm::OK) {
- ScheduleCallHere(cbControlMsgSent);
+ doneWithControlMsg();
return;
}
@@ -1455,6 +1469,8 @@
if (context != http->getConn()->getCurrentContext())
context->deferRecipientForLater(node, rep, receivedData);
+ else if (context->controlMsgIsPending())
+ context->deferRecipientForLater(node, rep, receivedData);
else
http->getConn()->handleReply(rep, receivedData);
=== modified file 'src/client_side.h'
--- src/client_side.h 2016-06-18 13:36:07 +0000
+++ src/client_side.h 2016-12-09 01:58:33 +0000
@@ -129,9 +129,13 @@
/// starts writing 1xx control message to the client
void writeControlMsg(HttpControlMsg &msg);
+ /// true if 1xx to the user is pending
+ bool controlMsgIsPending() {return cbControlMsgSent != NULL;}
+
protected:
static IOCB WroteControlMsg;
void wroteControlMsg(const Comm::ConnectionPointer &conn, char *bufnotused, size_t size, Comm::Flag errflag, int xerrno);
+ void doneWithControlMsg();
private:
void prepareReply(HttpReply * rep);
@@ -387,7 +391,7 @@
void connectionTag(const char *aTag) { connectionTag_ = aTag; }
/// handle a control message received by context from a peer and call back
- virtual void writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call) = 0;
+ virtual bool writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call) = 0;
/// ClientStream calls this to supply response header (once) and data
/// for the current ClientSocketContext.
=== modified file 'src/servers/FtpServer.cc'
--- src/servers/FtpServer.cc 2016-06-30 21:09:12 +0000
+++ src/servers/FtpServer.cc 2016-12-09 01:58:33 +0000
@@ -1152,12 +1152,13 @@
writeErrorReply(reply, 451);
}
-void
+bool
Ftp::Server::writeControlMsgAndCall(ClientSocketContext *context, HttpReply *reply, AsyncCall::Pointer &call)
{
// the caller guarantees that we are dealing with the current context only
// the caller should also make sure reply->header.has(HDR_FTP_STATUS)
writeForwardedReplyAndCall(reply, call);
+ return true;
}
void
=== modified file 'src/servers/FtpServer.h'
--- src/servers/FtpServer.h 2016-03-15 18:14:15 +0000
+++ src/servers/FtpServer.h 2016-12-09 01:58:33 +0000
@@ -94,7 +94,7 @@
virtual void clientPinnedConnectionClosed(const CommCloseCbParams &io);
virtual void handleReply(HttpReply *header, StoreIOBuffer receivedData);
virtual int pipelinePrefetchMax() const;
- virtual void writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call);
+ virtual bool writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call);
virtual time_t idleTimeout() const;
/* BodyPipe API */
=== modified file 'src/servers/HttpServer.cc'
--- src/servers/HttpServer.cc 2016-01-01 00:14:27 +0000
+++ src/servers/HttpServer.cc 2016-12-09 01:58:33 +0000
@@ -35,7 +35,7 @@
virtual ClientSocketContext *parseOneRequest(Http::ProtocolVersion &ver);
virtual void processParsedRequest(ClientSocketContext *context, const Http::ProtocolVersion &ver);
virtual void handleReply(HttpReply *rep, StoreIOBuffer receivedData);
- virtual void writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call);
+ virtual bool writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call);
virtual time_t idleTimeout() const;
/* BodyPipe API */
@@ -167,9 +167,16 @@
context->sendStartOfMessage(rep, receivedData);
}
-void
+bool
Http::Server::writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call)
{
+ // Ignore this late control message if we have started sending a
+ // reply to the user already (e.g., after an error).
+ if (context->reply) {
+ debugs(11, 2, "drop 1xx made late by " << context->reply);
+ return false;
+ }
+
// apply selected clientReplyContext::buildReplyHeader() mods
// it is not clear what headers are required for control messages
rep->header.removeHopByHopEntries();
@@ -184,6 +191,7 @@
Comm::Write(context->clientConnection, mb, call);
delete mb;
+ return true;
}
ConnStateData *

62
src/patches/squid/squid-3.5-14120.patch
View File

@@ -1,62 +0,0 @@
------------------------------------------------------------
revno: 14120
revision-id: squid3@treenet.co.nz-20161209034636-wytrnx7ks2jv0sxt
parent: squid3@treenet.co.nz-20161209015833-xm965d5l6u03qhew
author: Egervary Gergely <gergely@egervary.hu>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Fri 2016-12-09 16:46:36 +1300
message:
Support IPv6 NAT with PF for NetBSD and FreeBSD
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161209034636-wytrnx7ks2jv0sxt
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: b47da8d30fe000bbe50ea978bab7594065f7dc07
# timestamp: 2016-12-09 03:51:01 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161209015833-\
# xm965d5l6u03qhew
#
# Begin patch
=== modified file 'src/ip/Intercept.cc'
--- src/ip/Intercept.cc 2016-10-25 08:25:30 +0000
+++ src/ip/Intercept.cc 2016-12-09 03:46:36 +0000
@@ -339,13 +339,20 @@
}
memset(&nl, 0, sizeof(struct pfioc_natlook));
- newConn->remote.getInAddr(nl.saddr.v4);
+
+ if (newConn->remote.isIPv6()) {
+ newConn->remote.getInAddr(nl.saddr.v6);
+ newConn->local.getInAddr(nl.daddr.v6);
+ nl.af = AF_INET6;
+ } else {
+ newConn->remote.getInAddr(nl.saddr.v4);
+ newConn->local.getInAddr(nl.daddr.v4);
+ nl.af = AF_INET;
+ }
+
nl.sport = htons(newConn->remote.port());
-
- newConn->local.getInAddr(nl.daddr.v4);
nl.dport = htons(newConn->local.port());
- nl.af = AF_INET;
nl.proto = IPPROTO_TCP;
nl.direction = PF_OUT;
@@ -361,7 +368,10 @@
debugs(89, 9, HERE << "address: " << newConn);
return false;
} else {
- newConn->local = nl.rdaddr.v4;
+ if (newConn->remote.isIPv6())
+ newConn->local = nl.rdaddr.v6;
+ else
+ newConn->local = nl.rdaddr.v4;
newConn->local.port(ntohs(nl.rdport));
debugs(89, 5, HERE << "address NAT: " << newConn);
return true;

36
src/patches/squid/squid-3.5-14121.patch
View File

@@ -1,36 +0,0 @@
------------------------------------------------------------
revno: 14121
revision-id: squid3@treenet.co.nz-20161209043304-krtzvsm4a0zbzgi8
parent: squid3@treenet.co.nz-20161209034636-wytrnx7ks2jv0sxt
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4406
author: Michael Buchau <mike@m-buchau.de>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Fri 2016-12-09 17:33:04 +1300
message:
Bug 4406: SIGSEV in TunnelStateData::handleConnectResponse() during reconfigure and restart
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161209043304-krtzvsm4a0zbzgi8
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: ce1153061cb79ac9ede6851f438ec830ed7a3e78
# timestamp: 2016-12-09 04:51:01 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161209034636-\
# wytrnx7ks2jv0sxt
#
# Begin patch
=== modified file 'src/tunnel.cc'
--- src/tunnel.cc 2016-08-17 13:34:13 +0000
+++ src/tunnel.cc 2016-12-09 04:33:04 +0000
@@ -475,7 +475,8 @@
*status_ptr = rep.sline.status();
// we need to relay the 401/407 responses when login=PASS(THRU)
- const char *pwd = server.conn->getPeer()->login;
+ const CachePeer *peer = server.conn->getPeer();
+ const char *pwd = (peer ? peer->login : NULL);
const bool relay = pwd && (strcmp(pwd, "PASS") == 0 || strcmp(pwd, "PASSTHRU") == 0) &&
(*status_ptr == Http::scProxyAuthenticationRequired ||
*status_ptr == Http::scUnauthorized);

34
src/patches/squid/squid-3.5-14122.patch
View File

@@ -1,34 +0,0 @@
------------------------------------------------------------
revno: 14122
revision-id: squidadm@squid-cache.org-20161209061551-361ava4lrrmbwiy9
parent: squid3@treenet.co.nz-20161209043304-krtzvsm4a0zbzgi8
committer: Source Maintenance <squidadm@squid-cache.org>
branch nick: 3.5
timestamp: Fri 2016-12-09 06:15:51 +0000
message:
SourceFormat Enforcement
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squidadm@squid-cache.org-20161209061551-\
# 361ava4lrrmbwiy9
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: cb4bfe0e0aaf3e3d107ffb16e2729c6f46d5a822
# timestamp: 2016-12-09 06:51:04 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161209043304-\
# krtzvsm4a0zbzgi8
#
# Begin patch
=== modified file 'src/servers/HttpServer.cc'
--- src/servers/HttpServer.cc 2016-12-09 01:58:33 +0000
+++ src/servers/HttpServer.cc 2016-12-09 06:15:51 +0000
@@ -170,7 +170,7 @@
bool
Http::Server::writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call)
{
- // Ignore this late control message if we have started sending a
+ // Ignore this late control message if we have started sending a
// reply to the user already (e.g., after an error).
if (context->reply) {
debugs(11, 2, "drop 1xx made late by " << context->reply);

59
src/patches/squid/squid-3.5-14123.patch
View File

@@ -1,59 +0,0 @@
------------------------------------------------------------
revno: 14123
revision-id: squid3@treenet.co.nz-20161215090342-ml7nmzlfmiiov7j5
parent: squidadm@squid-cache.org-20161209061551-361ava4lrrmbwiy9
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=2258
author: Garri Djavadyan <garryd@comnet.uz>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Thu 2016-12-15 22:03:42 +1300
message:
Bug 2258: bypassing cache but not destroying cache entry
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161215090342-ml7nmzlfmiiov7j5
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: e4ce2fda10feb3e4e6b64d6dfa566ba6f0ac07f1
# timestamp: 2016-12-15 09:08:35 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squidadm@squid-cache.org-20161209061551-\
# 361ava4lrrmbwiy9
#
# Begin patch
=== modified file 'src/HttpRequest.cc'
--- src/HttpRequest.cc 2016-04-01 06:15:31 +0000
+++ src/HttpRequest.cc 2016-12-15 09:03:42 +0000
@@ -576,8 +576,13 @@
if (!method.respMaybeCacheable())
return false;
- // XXX: this would seem the correct place to detect request cache-controls
- // no-store, private and related which block cacheability
+ // RFC 7234 section 5.2.1.5:
+ // "cache MUST NOT store any part of either this request or any response to it"
+ //
+ // NP: refresh_pattern ignore-no-store only applies to response messages
+ // this test is handling request message CC header.
+ if (!flags.ignoreCc && cache_control && cache_control->noStore())
+ return false;
break;
case AnyP::PROTO_GOPHER:
=== modified file 'src/http.cc'
--- src/http.cc 2016-11-30 22:33:32 +0000
+++ src/http.cc 2016-12-15 09:03:42 +0000
@@ -191,6 +191,12 @@
if (!EBIT_TEST(e->flags, KEY_PRIVATE))
return;
+ // If the new/incoming response cannot be stored, then it does not
+ // compete with the old stored response for the public key, and the
+ // old stored response should be left as is.
+ if (e->mem_obj->request && !e->mem_obj->request->flags.cachable)
+ return;
+
switch (status) {
case Http::scOkay:

47
src/patches/squid/squid-3.5-14124.patch
View File

@@ -1,47 +0,0 @@
------------------------------------------------------------
revno: 14124
revision-id: squid3@treenet.co.nz-20161215092210-8gupdsihb4d8fufk
parent: squid3@treenet.co.nz-20161215090342-ml7nmzlfmiiov7j5
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Thu 2016-12-15 22:22:10 +1300
message:
HTTP/1.1: Add registered codes entry for new 103 (Early Hints) status code
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161215092210-8gupdsihb4d8fufk
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: b9e9ff6a7fe0972dfd8a3b1a45ba25a66ef03552
# timestamp: 2016-12-15 09:22:58 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161215090342-\
# ml7nmzlfmiiov7j5
#
# Begin patch
=== modified file 'src/http/StatusCode.cc'
--- src/http/StatusCode.cc 2016-03-23 14:00:51 +0000
+++ src/http/StatusCode.cc 2016-12-15 09:22:10 +0000
@@ -33,6 +33,10 @@
return "Processing";
break;
+ case Http::scEarlyHints: // 103
+ return "Early Hints";
+ break;
+
// 200-299
case Http::scOkay:
return "OK";
=== modified file 'src/http/StatusCode.h'
--- src/http/StatusCode.h 2016-03-23 14:00:51 +0000
+++ src/http/StatusCode.h 2016-12-15 09:22:10 +0000
@@ -22,6 +22,7 @@
scContinue = 100,
scSwitchingProtocols = 101,
scProcessing = 102, /**< RFC2518 section 10.1 */
+ scEarlyHints = 103, /**< draft-kazuho-early-hints-status-code */
scOkay = 200,
scCreated = 201,
scAccepted = 202,

41
src/patches/squid/squid-3.5-14125.patch
View File

@@ -1,41 +0,0 @@
------------------------------------------------------------
revno: 14125
revision-id: squid3@treenet.co.nz-20161215093634-ykbs6tv8pdusz7cj
parent: squid3@treenet.co.nz-20161215092210-8gupdsihb4d8fufk
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3940
author: Garri Djavadyan <garryd@comnet.uz>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Thu 2016-12-15 22:36:34 +1300
message:
Bug 3940 (partial): hostHeaderVerify failures MISS when they should be HIT
This fixes the critical condition leading to the HIT. However not all
code is correctly setting flags.noCache and flags.cacheable (see bugzilla).
So there may be other fixes needed after this.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161215093634-ykbs6tv8pdusz7cj
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 3e1ebda070635dcabfa4f77d697ac12e8683106f
# timestamp: 2016-12-15 09:39:01 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161215092210-\
# 8gupdsihb4d8fufk
#
# Begin patch
=== modified file 'src/client_side_reply.cc'
--- src/client_side_reply.cc 2016-11-11 06:03:25 +0000
+++ src/client_side_reply.cc 2016-12-15 09:36:34 +0000
@@ -1649,7 +1649,9 @@
{
HttpRequest *r = http->request;
- if (r->flags.cachable || r->flags.internal) {
+ // client sent CC:no-cache or some other condition has been
+ // encountered which prevents delivering a public/cached object.
+ if (!r->flags.noCache || r->flags.internal) {
lookingforstore = 5;
StoreEntry::getPublicByRequest (this, r);
} else {

123
src/patches/squid/squid-3.5-14126.patch
View File

@@ -1,123 +0,0 @@
------------------------------------------------------------
revno: 14126
revision-id: squid3@treenet.co.nz-20161215103357-827wow3k1y3k9yql
parent: squid3@treenet.co.nz-20161215093634-ykbs6tv8pdusz7cj
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4169
author: Garri Djavadyan <garryd@comnet.uz>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Thu 2016-12-15 23:33:57 +1300
message:
Bug 4169: HIT marked as MISS when If-None-Match does not match
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20161215103357-827wow3k1y3k9yql
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 258cd3e400bcb137a7bcdf6e7e0240287ea581a3
# timestamp: 2016-12-15 10:34:30 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20161215093634-\
# ykbs6tv8pdusz7cj
#
# Begin patch
=== modified file 'src/LogTags.h'
--- src/LogTags.h 2016-10-09 19:47:26 +0000
+++ src/LogTags.h 2016-12-15 10:33:57 +0000
@@ -28,6 +28,7 @@
LOG_TCP_REFRESH_IGNORED, // refresh from origin ignored, stale entry sent
LOG_TCP_CLIENT_REFRESH_MISS,
LOG_TCP_IMS_HIT,
+ LOG_TCP_INM_HIT,
LOG_TCP_SWAPFAIL_MISS,
LOG_TCP_NEGATIVE_HIT,
LOG_TCP_MEM_HIT,
@@ -54,6 +55,7 @@
return
(code == LOG_TCP_HIT) ||
(code == LOG_TCP_IMS_HIT) ||
+ (code == LOG_TCP_INM_HIT) ||
(code == LOG_TCP_REFRESH_FAIL_OLD) ||
(code == LOG_TCP_REFRESH_UNMODIFIED) ||
(code == LOG_TCP_NEGATIVE_HIT) ||
=== modified file 'src/client_side.cc'
--- src/client_side.cc 2016-12-09 01:58:33 +0000
+++ src/client_side.cc 2016-12-15 10:33:57 +0000
@@ -429,6 +429,7 @@
statCounter.client_http.nearHitSvcTime.count(svc_time);
break;
+ case LOG_TCP_INM_HIT:
case LOG_TCP_IMS_HIT:
statCounter.client_http.nearMissSvcTime.count(svc_time);
break;
=== modified file 'src/client_side_reply.cc'
--- src/client_side_reply.cc 2016-12-15 09:36:34 +0000
+++ src/client_side_reply.cc 2016-12-15 10:33:57 +0000
@@ -778,40 +778,27 @@
return true;
}
- bool matchedIfNoneMatch = false;
if (r.header.has(HDR_IF_NONE_MATCH)) {
- if (!e->hasIfNoneMatchEtag(r)) {
- // RFC 2616: ignore IMS if If-None-Match did not match
- r.flags.ims = false;
- r.ims = -1;
- r.imslen = 0;
- r.header.delById(HDR_IF_MODIFIED_SINCE);
- http->logType = LOG_TCP_MISS;
- sendMoreData(result);
- return true;
- }
+ // RFC 7232: If-None-Match recipient MUST ignore IMS
+ r.flags.ims = false;
+ r.ims = -1;
+ r.imslen = 0;
+ r.header.delById(HDR_IF_MODIFIED_SINCE);
- if (!r.flags.ims) {
- // RFC 2616: if If-None-Match matched and there is no IMS,
- // reply with 304 Not Modified or 412 Precondition Failed
+ if (e->hasIfNoneMatchEtag(r)) {
sendNotModifiedOrPreconditionFailedError();
return true;
}
- // otherwise check IMS below to decide if we reply with 304 or 412
- matchedIfNoneMatch = true;
+ // None-Match is true (no ETag matched); treat as an unconditional hit
+ return false;
}
if (r.flags.ims) {
// handle If-Modified-Since requests from the client
if (e->modifiedSince(r.ims, r.imslen)) {
- http->logType = LOG_TCP_IMS_HIT;
- sendMoreData(result);
-
- } else if (matchedIfNoneMatch) {
- // If-None-Match matched, reply with 304 Not Modified or
- // 412 Precondition Failed
- sendNotModifiedOrPreconditionFailedError();
+ // Modified-Since is true; treat as an unconditional hit
+ return false;
} else {
// otherwise reply with 304 Not Modified
@@ -1974,7 +1961,12 @@
StoreEntry *e = http->storeEntry();
const time_t timestamp = e->timestamp;
HttpReply *const temprep = e->getReply()->make304();
- http->logType = LOG_TCP_IMS_HIT;
+ // log as TCP_INM_HIT if code 304 generated for
+ // If-None-Match request
+ if (!http->request->flags.ims)
+ http->logType = LOG_TCP_INM_HIT;
+ else
+ http->logType = LOG_TCP_IMS_HIT;
removeClientStoreReference(&sc, http);
createStoreEntry(http->request->method, RequestFlags());
e = http->storeEntry();