webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-26 19:00:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

squid: Update to 3.5.20 with latest patches (14067-14075)

Browse Source 
For details, see:
http://www.squid-cache.org/Versions/v3/3.5/changesets/

Since there were problems with "trailing white spaces" I started a new 'squid_3'
branch from scratch, based on current 'next'.
I hope this is what is needed and that it helps.

This one was built without errors and is running here without seen problems.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Matthias Fischer
2016-08-20 00:15:55 +02:00
committed by Michael Tremer
parent 66cb9ec42b
commit d8efad249a
17 changed files with 851 additions and 266 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/patches/squid-3.5.17-fix-max-file-descriptors.patch → src/patches/squid-3.5.20-fix-max-file-descriptors.patch
View File

@@ -1,6 +1,6 @@
--- configure.ac.~ Wed Apr 20 14:26:07 2016
+++ configure.ac Fri Apr 22 17:20:46 2016
@@ -3131,6 +3131,9 @@
@@ -3135,6 +3135,9 @@
;;
esac
@@ -10,7 +10,7 @@
dnl --with-maxfd present for compatibility with Squid-2.
dnl undocumented in ./configure --help to encourage using the Squid-3 directive
AC_ARG_WITH(maxfd,,
@@ -3161,8 +3164,6 @@
@@ -3165,8 +3168,6 @@
esac
])

63
src/patches/squid/squid-3.5-14051.patch
View File

@@ -1,63 +0,0 @@
------------------------------------------------------------
revno: 14051
revision-id: squid3@treenet.co.nz-20160517145850-uos9z00nrt7xd9ik
parent: squid3@treenet.co.nz-20160508124125-fytgvn68zppfr8ix
author: Steve Hill <steve@opendium.com>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Wed 2016-05-18 02:58:50 +1200
message:
Support unified EUI format code in external_acl_type
Squid supports %>eui as a logformat specifier, which produces an EUI-48
for IPv4 clients and an EUI-64 for IPv6 clients. However, This is not
allowed as a format specifier for the external ACLs, and you have to use
%SRCEUI48 and %SRCEUI64 instead. %SRCEUI48 is only useful for IPv4
clients and %SRCEUI64 is only useful for IPv6 clients, so supporting
both v4 and v6 is a bit messy.
Adds the %>eui specifier for external ACLs and behaves in the same way
as the logformat specifier.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160517145850-uos9z00nrt7xd9ik
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: ad0743717948a65cfd4f306acc2bbaa9343e9a76
# timestamp: 2016-05-17 15:50:54 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160508124125-\
# fytgvn68zppfr8ix
#
# Begin patch
=== modified file 'src/external_acl.cc'
--- src/external_acl.cc 2016-01-01 00:14:27 +0000
+++ src/external_acl.cc 2016-05-17 14:58:50 +0000
@@ -356,6 +356,8 @@
else if (strcmp(token, "%SRCPORT") == 0 || strcmp(token, "%>p") == 0)
format->type = Format::LFT_CLIENT_PORT;
#if USE_SQUID_EUI
+ else if (strcmp(token, "%>eui") == 0)
+ format->type = Format::LFT_CLIENT_EUI;
else if (strcmp(token, "%SRCEUI48") == 0)
format->type = Format::LFT_EXT_ACL_CLIENT_EUI48;
else if (strcmp(token, "%SRCEUI64") == 0)
@@ -944,6 +946,18 @@
break;
#if USE_SQUID_EUI
+ case Format::LFT_CLIENT_EUI:
+ // TODO make the ACL checklist have a direct link to any TCP details.
+ if (request->clientConnectionManager.valid() && request->clientConnectionManager->clientConnection != NULL)
+ {
+ if (request->clientConnectionManager->clientConnection->remote.isIPv4())
+ request->clientConnectionManager->clientConnection->remoteEui48.encode(buf, sizeof(buf));
+ else
+ request->clientConnectionManager->clientConnection->remoteEui64.encode(buf, sizeof(buf));
+ str = buf;
+ }
+ break;
+
case Format::LFT_EXT_ACL_CLIENT_EUI48:
if (request->clientConnectionManager.valid() && request->clientConnectionManager->clientConnection != NULL &&
request->clientConnectionManager->clientConnection->remoteEui48.encode(buf, sizeof(buf)))

34
src/patches/squid/squid-3.5-14052.patch
View File

@@ -1,34 +0,0 @@
------------------------------------------------------------
revno: 14052
revision-id: squidadm@squid-cache.org-20160517181416-sfrjdosd9dhx7u8o
parent: squid3@treenet.co.nz-20160517145850-uos9z00nrt7xd9ik
committer: Source Maintenance <squidadm@squid-cache.org>
branch nick: 3.5
timestamp: Tue 2016-05-17 18:14:16 +0000
message:
SourceFormat Enforcement
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squidadm@squid-cache.org-20160517181416-\
# sfrjdosd9dhx7u8o
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: e30c12805cacdb559925da08cc6a25fe4a39c19b
# timestamp: 2016-05-17 18:51:06 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160517145850-\
# uos9z00nrt7xd9ik
#
# Begin patch
=== modified file 'src/external_acl.cc'
--- src/external_acl.cc 2016-05-17 14:58:50 +0000
+++ src/external_acl.cc 2016-05-17 18:14:16 +0000
@@ -956,7 +956,7 @@
request->clientConnectionManager->clientConnection->remoteEui64.encode(buf, sizeof(buf));
str = buf;
}
- break;
+ break;
case Format::LFT_EXT_ACL_CLIENT_EUI48:
if (request->clientConnectionManager.valid() && request->clientConnectionManager->clientConnection != NULL &&

46
src/patches/squid/squid-3.5-14053.patch
View File

@@ -1,46 +0,0 @@
------------------------------------------------------------
revno: 14053
revision-id: squid3@treenet.co.nz-20160521130058-zq8zugw0fohwfu3z
parent: squidadm@squid-cache.org-20160517181416-sfrjdosd9dhx7u8o
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sun 2016-05-22 01:00:58 +1200
message:
Do not override user defined -std option
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160521130058-zq8zugw0fohwfu3z
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: a75245a622ccfa385ef5e4722f9a9fb438a16135
# timestamp: 2016-05-21 13:08:06 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squidadm@squid-cache.org-20160517181416-\
# sfrjdosd9dhx7u8o
#
# Begin patch
=== modified file 'configure.ac'
--- configure.ac 2016-05-08 12:41:25 +0000
+++ configure.ac 2016-05-21 13:00:58 +0000
@@ -95,6 +95,9 @@
# Guess the compiler type (sets squid_cv_compiler)
SQUID_CC_GUESS_VARIANT
+# If the user did not specify a C++ version.
+user_cxx=`echo "$PRESET_CXXFLAGS" | grep -o -E "\-std="`
+if test "x$user_cxx" = "x"; then
# Check for C++11 compiler support
#
# BUG 3613: when clang -std=c++0x is used, it activates a "strict mode"
@@ -103,8 +106,9 @@
#
# Similar POSIX issues on MinGW 32-bit and Cygwin
#
-if ! test "x$squid_host_os" = "xmingw" -o "x$squid_host_os" = "xcygwin" -o "x$squid_cv_compiler" = "xclang"; then
- AX_CXX_COMPILE_STDCXX_11([noext],[optional])
+ if ! test "x$squid_host_os" = "xmingw" -o "x$squid_host_os" = "xcygwin" -o "x$squid_cv_compiler" = "xclang"; then
+ AX_CXX_COMPILE_STDCXX_11([noext],[optional])
+ fi
fi
# test for programs

37
src/patches/squid/squid-3.5-14054.patch
View File

@@ -1,37 +0,0 @@
------------------------------------------------------------
revno: 14054
revision-id: squid3@treenet.co.nz-20160521130144-6xtcayieij00fm5v
parent: squid3@treenet.co.nz-20160521130058-zq8zugw0fohwfu3z
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sun 2016-05-22 01:01:44 +1200
message:
Fix OpenSSL detection on FreeBSD
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160521130144-6xtcayieij00fm5v
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 3d8c0d7a9f1886523ac55d79e4d3e8f0340e2ec9
# timestamp: 2016-05-21 13:08:08 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160521130058-\
# zq8zugw0fohwfu3z
#
# Begin patch
=== modified file 'configure.ac'
--- configure.ac 2016-05-21 13:00:58 +0000
+++ configure.ac 2016-05-21 13:01:44 +0000
@@ -1348,10 +1348,10 @@
AC_CHECK_LIB(crypto,[CRYPTO_new_ex_data],[LIBOPENSSL_LIBS="-lcrypto $LIBOPENSSL_LIBS"],[
AC_MSG_ERROR([library 'crypto' is required for OpenSSL])
- ])
+ ],$LIBOPENSSL_LIBS)
AC_CHECK_LIB(ssl,[SSL_library_init],[LIBOPENSSL_LIBS="-lssl $LIBOPENSSL_LIBS"],[
AC_MSG_ERROR([library 'ssl' is required for OpenSSL])
- ])
+ ],$LIBOPENSSL_LIBS)
])
# This is a workaround for RedHat 9 brain damage..

39
src/patches/squid/squid-3.5-14055.patch
View File

@@ -1,39 +0,0 @@
------------------------------------------------------------
revno: 14055
revision-id: squid3@treenet.co.nz-20160521155202-pp53utwamdhkugvg
parent: squid3@treenet.co.nz-20160521130144-6xtcayieij00fm5v
author: Alex Rousskov <rousskov@measurement-factory.com>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sun 2016-05-22 03:52:02 +1200
message:
Fix icons loading speed.
Since trunk r14100 (Bug 3875: bad mimeLoadIconFile error handling), each
icon was read from disk and written to Store one character at a time. I
did not measure startup delays in production, but in debugging runs,
fixing this bug sped up icons loading from 1 minute to 4 seconds.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160521155202-pp53utwamdhkugvg
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 79b78480d81666c15406d23837608ba9a578da4b
# timestamp: 2016-05-21 16:51:00 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160521130144-\
# 6xtcayieij00fm5v
#
# Begin patch
=== modified file 'src/mime.cc'
--- src/mime.cc 2016-01-01 00:14:27 +0000
+++ src/mime.cc 2016-05-21 15:52:02 +0000
@@ -430,7 +430,7 @@
/* read the file into the buffer and append it to store */
int n;
char *buf = (char *)memAllocate(MEM_4K_BUF);
- while ((n = FD_READ_METHOD(fd, buf, sizeof(*buf))) > 0)
+ while ((n = FD_READ_METHOD(fd, buf, 4096)) > 0)
e->append(buf, n);
file_close(fd);

36
src/patches/squid/squid-3.5-14056.patch
View File

@@ -1,36 +0,0 @@
------------------------------------------------------------
revno: 14056
revision-id: squid3@treenet.co.nz-20160521172919-du6cbdirqcxdjbtr
parent: squid3@treenet.co.nz-20160521155202-pp53utwamdhkugvg
author: Christos Tsantilas <chtsanti@users.sourceforge.net>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sun 2016-05-22 05:29:19 +1200
message:
Increase debug level in a peek-and-splice related debug message
It may produced one debugging line for each SSL transaction in some cases
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160521172919-du6cbdirqcxdjbtr
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 76c2e864289dabb1065c470c954f9fc5ec4c7b4f
# timestamp: 2016-05-21 17:50:54 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160521155202-\
# pp53utwamdhkugvg
#
# Begin patch
=== modified file 'src/ssl/PeerConnector.cc'
--- src/ssl/PeerConnector.cc 2016-02-15 11:29:50 +0000
+++ src/ssl/PeerConnector.cc 2016-05-21 17:29:19 +0000
@@ -598,7 +598,7 @@
case SSL_ERROR_WANT_WRITE:
if ((srvBio->bumpMode() == Ssl::bumpPeek || srvBio->bumpMode() == Ssl::bumpStare) && srvBio->holdWrite()) {
- debugs(81, DBG_IMPORTANT, "hold write on SSL connection on FD " << fd);
+ debugs(81, 3, "hold write on SSL connection on FD " << fd);
checkForPeekAndSplice();
return;
}

381
src/patches/squid/squid-3.5-14067.patch Normal file
View File

@@ -0,0 +1,381 @@
------------------------------------------------------------
revno: 14067
revision-id: squid3@treenet.co.nz-20160723071620-1wzqpbyi1rk5w6vg
parent: squid3@treenet.co.nz-20160701113616-vpjak1pq4uecadd2
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4534
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sat 2016-07-23 19:16:20 +1200
message:
Bug 4534: assertion failure in xcalloc when using many cache_dir
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160723071620-1wzqpbyi1rk5w6vg
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: fcd663f0fd4a24d505f81eb94ef95d627a4ca363
# timestamp: 2016-07-23 07:24:01 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160701113616-\
# vpjak1pq4uecadd2
#
# Begin patch
=== modified file 'src/CacheDigest.cc'
--- src/CacheDigest.cc 2016-01-01 00:14:27 +0000
+++ src/CacheDigest.cc 2016-07-23 07:16:20 +0000
@@ -35,12 +35,12 @@
static uint32_t hashed_keys[4];
static void
-cacheDigestInit(CacheDigest * cd, int capacity, int bpe)
+cacheDigestInit(CacheDigest * cd, uint64_t capacity, uint8_t bpe)
{
- const size_t mask_size = cacheDigestCalcMaskSize(capacity, bpe);
+ const uint32_t mask_size = cacheDigestCalcMaskSize(capacity, bpe);
assert(cd);
assert(capacity > 0 && bpe > 0);
- assert(mask_size > 0);
+ assert(mask_size != 0);
cd->capacity = capacity;
cd->bits_per_entry = bpe;
cd->mask_size = mask_size;
@@ -50,7 +50,7 @@
}
CacheDigest *
-cacheDigestCreate(int capacity, int bpe)
+cacheDigestCreate(uint64_t capacity, uint8_t bpe)
{
CacheDigest *cd = (CacheDigest *)memAllocate(MEM_CACHE_DIGEST);
assert(SQUID_MD5_DIGEST_LENGTH == 16); /* our hash functions rely on 16 byte keys */
@@ -97,7 +97,7 @@
/* changes mask size, resets bits to 0, preserves "cd" pointer */
void
-cacheDigestChangeCap(CacheDigest * cd, int new_cap)
+cacheDigestChangeCap(CacheDigest * cd, uint64_t new_cap)
{
assert(cd);
cacheDigestClean(cd);
@@ -278,12 +278,12 @@
storeAppendPrintf(e, "%s digest: size: %d bytes\n",
label ? label : "", stats.bit_count / 8
);
- storeAppendPrintf(e, "\t entries: count: %d capacity: %d util: %d%%\n",
+ storeAppendPrintf(e, "\t entries: count: %" PRIu64 " capacity: %" PRIu64 " util: %d%%\n",
cd->count,
cd->capacity,
xpercentInt(cd->count, cd->capacity)
);
- storeAppendPrintf(e, "\t deletion attempts: %d\n",
+ storeAppendPrintf(e, "\t deletion attempts: %" PRIu64 "\n",
cd->del_count
);
storeAppendPrintf(e, "\t bits: per entry: %d on: %d capacity: %d util: %d%%\n",
@@ -297,16 +297,18 @@
);
}
-size_t
-cacheDigestCalcMaskSize(int cap, int bpe)
+uint32_t
+cacheDigestCalcMaskSize(uint64_t cap, uint8_t bpe)
{
- return (size_t) (cap * bpe + 7) / 8;
+ uint64_t bitCount = (cap * bpe) + 7;
+ assert(bitCount < INT_MAX); // dont 31-bit overflow later
+ return static_cast<uint32_t>(bitCount / 8);
}
static void
cacheDigestHashKey(const CacheDigest * cd, const cache_key * key)
{
- const unsigned int bit_count = cd->mask_size * 8;
+ const uint32_t bit_count = cd->mask_size * 8;
unsigned int tmp_keys[4];
/* we must memcpy to ensure alignment */
memcpy(tmp_keys, key, sizeof(tmp_keys));
=== modified file 'src/CacheDigest.h'
--- src/CacheDigest.h 2016-01-01 00:14:27 +0000
+++ src/CacheDigest.h 2016-07-23 07:16:20 +0000
@@ -22,23 +22,23 @@
{
public:
/* public, read-only */
- char *mask; /* bit mask */
- int mask_size; /* mask size in bytes */
- int capacity; /* expected maximum for .count, not a hard limit */
- int bits_per_entry; /* number of bits allocated for each entry from capacity */
- int count; /* number of digested entries */
- int del_count; /* number of deletions performed so far */
+ uint64_t count; /* number of digested entries */
+ uint64_t del_count; /* number of deletions performed so far */
+ uint64_t capacity; /* expected maximum for .count, not a hard limit */
+ char *mask; /* bit mask */
+ uint32_t mask_size; /* mask size in bytes */
+ int8_t bits_per_entry; /* number of bits allocated for each entry from capacity */
};
-CacheDigest *cacheDigestCreate(int capacity, int bpe);
+CacheDigest *cacheDigestCreate(uint64_t capacity, uint8_t bpe);
void cacheDigestDestroy(CacheDigest * cd);
CacheDigest *cacheDigestClone(const CacheDigest * cd);
void cacheDigestClear(CacheDigest * cd);
-void cacheDigestChangeCap(CacheDigest * cd, int new_cap);
+void cacheDigestChangeCap(CacheDigest * cd, uint64_t new_cap);
int cacheDigestTest(const CacheDigest * cd, const cache_key * key);
void cacheDigestAdd(CacheDigest * cd, const cache_key * key);
void cacheDigestDel(CacheDigest * cd, const cache_key * key);
-size_t cacheDigestCalcMaskSize(int cap, int bpe);
+uint32_t cacheDigestCalcMaskSize(uint64_t cap, uint8_t bpe);
int cacheDigestBitUtil(const CacheDigest * cd);
void cacheDigestGuessStatsUpdate(CacheDigestGuessStats * stats, int real_hit, int guess_hit);
void cacheDigestGuessStatsReport(const CacheDigestGuessStats * stats, StoreEntry * sentry, const char *label);
=== modified file 'src/PeerDigest.h'
--- src/PeerDigest.h 2016-01-01 00:14:27 +0000
+++ src/PeerDigest.h 2016-07-23 07:16:20 +0000
@@ -52,7 +52,7 @@
store_client *old_sc;
HttpRequest *request;
int offset;
- int mask_offset;
+ uint32_t mask_offset;
time_t start_time;
time_t resp_time;
time_t expires;
=== modified file 'src/peer_digest.cc'
--- src/peer_digest.cc 2016-01-01 00:14:27 +0000
+++ src/peer_digest.cc 2016-07-23 07:16:20 +0000
@@ -754,7 +754,7 @@
if (!reason && !size) {
if (!pd->cd)
reason = "null digest?!";
- else if (fetch->mask_offset != (int)pd->cd->mask_size)
+ else if (fetch->mask_offset != pd->cd->mask_size)
reason = "premature end of digest?!";
else if (!peerDigestUseful(pd))
reason = "useless digest";
=== modified file 'src/store_digest.cc'
--- src/store_digest.cc 2016-01-01 00:14:27 +0000
+++ src/store_digest.cc 2016-07-23 07:16:20 +0000
@@ -76,36 +76,63 @@
static void storeDigestRewriteFinish(StoreEntry * e);
static EVH storeDigestSwapOutStep;
static void storeDigestCBlockSwapOut(StoreEntry * e);
-static int storeDigestCalcCap(void);
-static int storeDigestResize(void);
static void storeDigestAdd(const StoreEntry *);
+/// calculates digest capacity
+static uint64_t
+storeDigestCalcCap()
+{
+ /*
+ * To-Do: Bloom proved that the optimal filter utilization is 50% (half of
+ * the bits are off). However, we do not have a formula to calculate the
+ * number of _entries_ we want to pre-allocate for.
+ */
+ const uint64_t hi_cap = Store::Root().maxSize() / Config.Store.avgObjectSize;
+ const uint64_t lo_cap = 1 + Store::Root().currentSize() / Config.Store.avgObjectSize;
+ const uint64_t e_count = StoreEntry::inUseCount();
+ uint64_t cap = e_count ? e_count : hi_cap;
+ debugs(71, 2, "have: " << e_count << ", want " << cap <<
+ " entries; limits: [" << lo_cap << ", " << hi_cap << "]");
+
+ if (cap < lo_cap)
+ cap = lo_cap;
+
+ /* do not enforce hi_cap limit, average-based estimation may be wrong
+ *if (cap > hi_cap)
+ * cap = hi_cap;
+ */
+
+ // Bug 4534: we still have to set an upper-limit at some reasonable value though.
+ // this matches cacheDigestCalcMaskSize doing (cap*bpe)+7 < INT_MAX
+ const uint64_t absolute_max = (INT_MAX -8) / Config.digest.bits_per_entry;
+ if (cap > absolute_max) {
+ static time_t last_loud = 0;
+ if (last_loud < squid_curtime - 86400) {
+ debugs(71, DBG_IMPORTANT, "WARNING: Cache Digest cannot store " << cap << " entries. Limiting to " << absolute_max);
+ last_loud = squid_curtime;
+ } else {
+ debugs(71, 3, "WARNING: Cache Digest cannot store " << cap << " entries. Limiting to " << absolute_max);
+ }
+ cap = absolute_max;
+ }
+
+ return cap;
+}
#endif /* USE_CACHE_DIGESTS */
-static void
-storeDigestRegisterWithCacheManager(void)
+void
+storeDigestInit(void)
{
Mgr::RegisterAction("store_digest", "Store Digest", storeDigestReport, 0, 1);
-}
-
-/*
- * PUBLIC FUNCTIONS
- */
-
-void
-storeDigestInit(void)
-{
- storeDigestRegisterWithCacheManager();
#if USE_CACHE_DIGESTS
- const int cap = storeDigestCalcCap();
-
if (!Config.onoff.digest_generation) {
store_digest = NULL;
debugs(71, 3, "Local cache digest generation disabled");
return;
}
+ const uint64_t cap = storeDigestCalcCap();
store_digest = cacheDigestCreate(cap, Config.digest.bits_per_entry);
debugs(71, DBG_IMPORTANT, "Local cache digest enabled; rebuild/rewrite every " <<
(int) Config.digest.rebuild_period << "/" <<
@@ -290,6 +317,31 @@
storeDigestRebuildResume();
}
+/// \returns true if we actually resized the digest
+static bool
+storeDigestResize()
+{
+ const uint64_t cap = storeDigestCalcCap();
+ assert(store_digest);
+ uint64_t diff;
+ if (cap > store_digest->capacity)
+ diff = cap - store_digest->capacity;
+ else
+ diff = store_digest->capacity - cap;
+ debugs(71, 2, store_digest->capacity << " -> " << cap << "; change: " <<
+ diff << " (" << xpercentInt(diff, store_digest->capacity) << "%)" );
+ /* avoid minor adjustments */
+
+ if (diff <= store_digest->capacity / 10) {
+ debugs(71, 2, "small change, will not resize.");
+ return false;
+ } else {
+ debugs(71, 2, "big change, resizing.");
+ cacheDigestChangeCap(store_digest, cap);
+ }
+ return true;
+}
+
/* called be Rewrite to push Rebuild forward */
static void
storeDigestRebuildResume(void)
@@ -439,7 +491,7 @@
assert(e);
/* _add_ check that nothing bad happened while we were waiting @?@ @?@ */
- if (sd_state.rewrite_offset + chunk_size > store_digest->mask_size)
+ if (static_cast<uint32_t>(sd_state.rewrite_offset + chunk_size) > store_digest->mask_size)
chunk_size = store_digest->mask_size - sd_state.rewrite_offset;
e->append(store_digest->mask + sd_state.rewrite_offset, chunk_size);
@@ -451,7 +503,7 @@
sd_state.rewrite_offset += chunk_size;
/* are we done ? */
- if (sd_state.rewrite_offset >= store_digest->mask_size)
+ if (static_cast<uint32_t>(sd_state.rewrite_offset) >= store_digest->mask_size)
storeDigestRewriteFinish(e);
else
eventAdd("storeDigestSwapOutStep", storeDigestSwapOutStep, data, 0.0, 1, false);
@@ -467,60 +519,10 @@
sd_state.cblock.count = htonl(store_digest->count);
sd_state.cblock.del_count = htonl(store_digest->del_count);
sd_state.cblock.mask_size = htonl(store_digest->mask_size);
- sd_state.cblock.bits_per_entry = (unsigned char)
- Config.digest.bits_per_entry;
+ sd_state.cblock.bits_per_entry = Config.digest.bits_per_entry;
sd_state.cblock.hash_func_count = (unsigned char) CacheDigestHashFuncCount;
e->append((char *) &sd_state.cblock, sizeof(sd_state.cblock));
}
-/* calculates digest capacity */
-static int
-storeDigestCalcCap(void)
-{
- /*
- * To-Do: Bloom proved that the optimal filter utilization is 50% (half of
- * the bits are off). However, we do not have a formula to calculate the
- * number of _entries_ we want to pre-allocate for.
- */
- const int hi_cap = Store::Root().maxSize() / Config.Store.avgObjectSize;
- const int lo_cap = 1 + Store::Root().currentSize() / Config.Store.avgObjectSize;
- const int e_count = StoreEntry::inUseCount();
- int cap = e_count ? e_count :hi_cap;
- debugs(71, 2, "storeDigestCalcCap: have: " << e_count << ", want " << cap <<
- " entries; limits: [" << lo_cap << ", " << hi_cap << "]");
-
- if (cap < lo_cap)
- cap = lo_cap;
-
- /* do not enforce hi_cap limit, average-based estimation may be wrong
- *if (cap > hi_cap)
- * cap = hi_cap;
- */
- return cap;
-}
-
-/* returns true if we actually resized the digest */
-static int
-storeDigestResize(void)
-{
- const int cap = storeDigestCalcCap();
- int diff;
- assert(store_digest);
- diff = abs(cap - store_digest->capacity);
- debugs(71, 2, "storeDigestResize: " <<
- store_digest->capacity << " -> " << cap << "; change: " <<
- diff << " (" << xpercentInt(diff, store_digest->capacity) << "%)" );
- /* avoid minor adjustments */
-
- if (diff <= store_digest->capacity / 10) {
- debugs(71, 2, "storeDigestResize: small change, will not resize.");
- return 0;
- } else {
- debugs(71, 2, "storeDigestResize: big change, resizing.");
- cacheDigestChangeCap(store_digest, cap);
- return 1;
- }
-}
-
#endif /* USE_CACHE_DIGESTS */
=== modified file 'src/tests/stub_CacheDigest.cc'
--- src/tests/stub_CacheDigest.cc 2016-01-01 00:14:27 +0000
+++ src/tests/stub_CacheDigest.cc 2016-07-23 07:16:20 +0000
@@ -16,11 +16,11 @@
class CacheDigestGuessStats;
class StoreEntry;
-CacheDigest * cacheDigestCreate(int, int) STUB_RETVAL(NULL)
+CacheDigest * cacheDigestCreate(uint64_t, uint8_t) STUB_RETVAL(NULL)
void cacheDigestDestroy(CacheDigest *) STUB
CacheDigest * cacheDigestClone(const CacheDigest *) STUB_RETVAL(NULL)
void cacheDigestClear(CacheDigest * ) STUB
-void cacheDigestChangeCap(CacheDigest *,int) STUB
+void cacheDigestChangeCap(CacheDigest *,uint64_t) STUB
int cacheDigestTest(const CacheDigest *, const cache_key *) STUB_RETVAL(1)
void cacheDigestAdd(CacheDigest *, const cache_key *) STUB
void cacheDigestDel(CacheDigest *, const cache_key *) STUB
@@ -28,5 +28,4 @@
void cacheDigestGuessStatsUpdate(CacheDigestGuessStats *, int, int) STUB
void cacheDigestGuessStatsReport(const CacheDigestGuessStats *, StoreEntry *, const char *) STUB
void cacheDigestReport(CacheDigest *, const char *, StoreEntry *) STUB
-size_t cacheDigestCalcMaskSize(int, int) STUB_RETVAL(1)
-
+uint32_t cacheDigestCalcMaskSize(uint64_t, uint8_t) STUB_RETVAL(1)

35
src/patches/squid/squid-3.5-14068.patch Normal file
View File

@@ -0,0 +1,35 @@
------------------------------------------------------------
revno: 14068
revision-id: squid3@treenet.co.nz-20160723071930-cemledcltg8pkc28
parent: squid3@treenet.co.nz-20160723071620-1wzqpbyi1rk5w6vg
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4542
author: Anonymous <bigparrot@pirateperfection.com>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sat 2016-07-23 19:19:30 +1200
message:
Bug #4542: authentication credentials IP TTL updated incorrectly
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160723071930-cemledcltg8pkc28
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: ee0c6aab5414532d9554ef338cce049263902fd8
# timestamp: 2016-07-23 07:24:05 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160723071620-\
# 1wzqpbyi1rk5w6vg
#
# Begin patch
=== modified file 'src/auth/User.cc'
--- src/auth/User.cc 2016-01-01 00:14:27 +0000
+++ src/auth/User.cc 2016-07-23 07:19:30 +0000
@@ -284,7 +284,7 @@
/* This ip has already been seen. */
found = 1;
/* update IP ttl */
- ipdata->ip_expiretime = squid_curtime;
+ ipdata->ip_expiretime = squid_curtime + ::Config.authenticateIpTTL;
} else if (ipdata->ip_expiretime <= squid_curtime) {
/* This IP has expired - remove from the seen list */
dlinkDelete(&ipdata->node, &ip_list);

30
src/patches/squid/squid-3.5-14069.patch Normal file
View File

@@ -0,0 +1,30 @@
------------------------------------------------------------
revno: 14069
revision-id: squidadm@squid-cache.org-20160723121351-iuc8hwstrqd0l1dv
parent: squid3@treenet.co.nz-20160723071930-cemledcltg8pkc28
committer: Source Maintenance <squidadm@squid-cache.org>
branch nick: 3.5
timestamp: Sat 2016-07-23 12:13:51 +0000
message:
SourceFormat Enforcement
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squidadm@squid-cache.org-20160723121351-\
# iuc8hwstrqd0l1dv
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: c9e37a723686ae2ee489ba7ec2e981ae153bda28
# timestamp: 2016-07-23 12:50:56 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160723071930-\
# cemledcltg8pkc28
#
# Begin patch
=== modified file 'src/tests/stub_CacheDigest.cc'
--- src/tests/stub_CacheDigest.cc 2016-07-23 07:16:20 +0000
+++ src/tests/stub_CacheDigest.cc 2016-07-23 12:13:51 +0000
@@ -29,3 +29,4 @@
void cacheDigestGuessStatsReport(const CacheDigestGuessStats *, StoreEntry *, const char *) STUB
void cacheDigestReport(CacheDigest *, const char *, StoreEntry *) STUB
uint32_t cacheDigestCalcMaskSize(uint64_t, uint8_t) STUB_RETVAL(1)
+

44
src/patches/squid/squid-3.5-14070.patch Normal file
View File

@@ -0,0 +1,44 @@
------------------------------------------------------------
revno: 14070
revision-id: squid3@treenet.co.nz-20160805145933-0cpyy47o8955lamx
parent: squidadm@squid-cache.org-20160723121351-iuc8hwstrqd0l1dv
author: Christos Tsantilas <chtsanti@users.sourceforge.net>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sat 2016-08-06 02:59:33 +1200
message:
Squid segfault via Ftp::Client::readControlReply().
Ftp::Client::scheduleReadControlReply(), which may called from the
asynchronous start() or readControlReply()/handleControlReply()
handlers, does not check whether the control connection is still usable
before using it.
This is a Measurement Factory project.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160805145933-0cpyy47o8955lamx
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 1c21ce821f9cbc22b3e8ff2b1029f7084b5f0643
# timestamp: 2016-08-05 15:00:22 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squidadm@squid-cache.org-20160723121351-\
# iuc8hwstrqd0l1dv
#
# Begin patch
=== modified file 'src/clients/FtpClient.cc'
--- src/clients/FtpClient.cc 2016-02-19 23:15:41 +0000
+++ src/clients/FtpClient.cc 2016-08-05 14:59:33 +0000
@@ -314,6 +314,11 @@
/* We've already read some reply data */
handleControlReply();
} else {
+
+ if (!Comm::IsConnOpen(ctrl.conn)) {
+ debugs(9, 3, "cannot read without ctrl " << ctrl.conn);
+ return;
+ }
/*
* Cancel the timeout on the Data socket (if any) and
* establish one on the control socket.

70
src/patches/squid/squid-3.5-14071.patch Normal file
View File

@@ -0,0 +1,70 @@
------------------------------------------------------------
revno: 14071
revision-id: squid3@treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3
parent: squid3@treenet.co.nz-20160805145933-0cpyy47o8955lamx
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4428
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Wed 2016-08-17 14:55:01 +1200
message:
Bug 4428: mal-formed Cache-Control:stale-if-error header
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: b3b3ef13c45062a97bd5cc88c934019fe4af7a3c
# timestamp: 2016-08-17 02:55:20 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160805145933-\
# 0cpyy47o8955lamx
#
# Begin patch
=== modified file 'src/HttpHdrCc.cc'
--- src/HttpHdrCc.cc 2016-01-01 00:14:27 +0000
+++ src/HttpHdrCc.cc 2016-08-17 02:55:01 +0000
@@ -257,6 +257,27 @@
/* for all options having values, "=value" after the name */
switch (flag) {
+ case CC_BADHDR:
+ break;
+ case CC_PUBLIC:
+ break;
+ case CC_PRIVATE:
+ if (Private().size())
+ packerPrintf(p, "=\"" SQUIDSTRINGPH "\"", SQUIDSTRINGPRINT(Private()));
+ break;
+
+ case CC_NO_CACHE:
+ if (noCache().size())
+ packerPrintf(p, "=\"" SQUIDSTRINGPH "\"", SQUIDSTRINGPRINT(noCache()));
+ break;
+ case CC_NO_STORE:
+ break;
+ case CC_NO_TRANSFORM:
+ break;
+ case CC_MUST_REVALIDATE:
+ break;
+ case CC_PROXY_REVALIDATE:
+ break;
case CC_MAX_AGE:
packerPrintf(p, "=%d", (int) maxAge());
break;
@@ -272,8 +293,14 @@
case CC_MIN_FRESH:
packerPrintf(p, "=%d", (int) minFresh());
break;
- default:
- /* do nothing, directive was already printed */
+ case CC_ONLY_IF_CACHED:
+ break;
+ case CC_STALE_IF_ERROR:
+ packerPrintf(p, "=%d", staleIfError());
+ break;
+ case CC_OTHER:
+ case CC_ENUM_END:
+ // done below after the loop
break;
}

33
src/patches/squid/squid-3.5-14072.patch Normal file
View File

@@ -0,0 +1,33 @@
------------------------------------------------------------
revno: 14072
revision-id: squid3@treenet.co.nz-20160817025828-s4102klt2ei25tsm
parent: squid3@treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Wed 2016-08-17 14:58:28 +1200
message:
Fix SSL-Bump failure results in SEGFAULT
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160817025828-s4102klt2ei25tsm
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 73877d276fba41282aeb5973207d02851d5eb784
# timestamp: 2016-08-17 03:50:56 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160817025501-\
# e66sjxm0bfy3ksn3
#
# Begin patch
=== modified file 'src/client_side_request.cc'
--- src/client_side_request.cc 2016-05-06 08:24:29 +0000
+++ src/client_side_request.cc 2016-08-17 02:58:28 +0000
@@ -1811,7 +1811,7 @@
repContext->setReplyToStoreEntry(e, "immediate SslBump error");
errorAppendEntry(e, calloutContext->error);
calloutContext->error = NULL;
- if (calloutContext->readNextRequest)
+ if (calloutContext->readNextRequest && getConn())
getConn()->flags.readMore = true; // resume any pipeline reads.
node = (clientStreamNode *)client_stream.tail->data;
clientStreamRead(node, this, node->readBuffer);

151
src/patches/squid/squid-3.5-14073.patch Normal file
View File

@@ -0,0 +1,151 @@
------------------------------------------------------------
revno: 14073
revision-id: squid3@treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj
parent: squid3@treenet.co.nz-20160817025828-s4102klt2ei25tsm
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4563
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Wed 2016-08-17 17:10:37 +1200
message:
Bug 4563: duplicate code in httpMakeVaryMark
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: bba9a17715b8759e9d70db2c75f70f3c6152ae8a
# timestamp: 2016-08-17 05:50:53 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160817025828-\
# s4102klt2ei25tsm
#
# Begin patch
=== modified file 'src/http.cc'
--- src/http.cc 2016-04-01 06:15:31 +0000
+++ src/http.cc 2016-08-17 05:10:37 +0000
@@ -572,6 +572,38 @@
/* NOTREACHED */
}
+/// assemble a variant key (vary-mark) from the given Vary header and HTTP request
+static void
+assembleVaryKey(String &vary, SBuf &vstr, const HttpRequest &request)
+{
+ static const SBuf asterisk("*");
+ const char *pos = nullptr;
+ const char *item = nullptr;
+ int ilen = 0;
+
+ while (strListGetItem(&vary, ',', &item, &ilen, &pos)) {
+ SBuf name(item, ilen);
+ if (name == asterisk) {
+ vstr.clear();
+ break;
+ }
+ name.toLower();
+ if (!vstr.isEmpty())
+ vstr.append(", ", 2);
+ vstr.append(name);
+ String hdr(request.header.getByName(name.c_str()));
+ const char *value = hdr.termedBuf();
+ if (value) {
+ value = rfc1738_escape_part(value);
+ vstr.append("=\"", 2);
+ vstr.append(value);
+ vstr.append("\"", 1);
+ }
+
+ hdr.clean();
+ }
+}
+
/*
* For Vary, store the relevant request headers as
* virtual headers in the reply
@@ -580,81 +612,16 @@
SBuf
httpMakeVaryMark(HttpRequest * request, HttpReply const * reply)
{
- String vary, hdr;
- const char *pos = NULL;
- const char *item;
- const char *value;
- int ilen;
SBuf vstr;
- static const SBuf asterisk("*");
+ String vary;
vary = reply->header.getList(HDR_VARY);
-
- while (strListGetItem(&vary, ',', &item, &ilen, &pos)) {
- char *name = (char *)xmalloc(ilen + 1);
- xstrncpy(name, item, ilen + 1);
- Tolower(name);
-
- if (strcmp(name, "*") == 0) {
- /* Can not handle "Vary: *" withtout ETag support */
- safe_free(name);
- vstr.clear();
- break;
- }
-
- if (!vstr.isEmpty())
- vstr.append(", ", 2);
- vstr.append(name);
- hdr = request->header.getByName(name);
- safe_free(name);
- value = hdr.termedBuf();
-
- if (value) {
- value = rfc1738_escape_part(value);
- vstr.append("=\"", 2);
- vstr.append(value);
- vstr.append("\"", 1);
- }
-
- hdr.clean();
- }
-
+ assembleVaryKey(vary, vstr, *request);
+
+#if X_ACCELERATOR_VARY
vary.clean();
-#if X_ACCELERATOR_VARY
-
- pos = NULL;
vary = reply->header.getList(HDR_X_ACCELERATOR_VARY);
-
- while (strListGetItem(&vary, ',', &item, &ilen, &pos)) {
- char *name = (char *)xmalloc(ilen + 1);
- xstrncpy(name, item, ilen + 1);
- Tolower(name);
-
- if (strcmp(name, "*") == 0) {
- /* Can not handle "Vary: *" withtout ETag support */
- safe_free(name);
- vstr.clear();
- break;
- }
-
- if (!vstr.isEmpty())
- vstr.append(", ", 2);
- vstr.append(name);
- hdr = request->header.getByName(name);
- safe_free(name);
- value = hdr.termedBuf();
-
- if (value) {
- value = rfc1738_escape_part(value);
- vstr.append("=\"", 2);
- vstr.append(value);
- vstr.append("\"", 1);
- }
-
- hdr.clean();
- }
-
- vary.clean();
+ assembleVaryKey(vary, vstr, *request);
#endif
debugs(11, 3, vstr);

55
src/patches/squid/squid-3.5-14074.patch Normal file
View File

@@ -0,0 +1,55 @@
------------------------------------------------------------
revno: 14074
revision-id: squid3@treenet.co.nz-20160817054829-rl7q49ysi40sj01i
parent: squid3@treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3025
author: mkishi <mkishi@104.net>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Wed 2016-08-17 17:48:29 +1200
message:
Bug 3025: Proxy-Authenticate problem using ICAP server
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160817054829-rl7q49ysi40sj01i
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: f4eb1b35dc72bba74a398070900a0951257e547e
# timestamp: 2016-08-17 05:50:56 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160817051037-\
# p0kaj2iw2u4u8iqj
#
# Begin patch
=== modified file 'src/client_side_reply.cc'
--- src/client_side_reply.cc 2016-04-01 06:15:31 +0000
+++ src/client_side_reply.cc 2016-08-17 05:48:29 +0000
@@ -1305,8 +1305,14 @@
// if there is not configured a peer proxy with login=PASS or login=PASSTHRU option enabled
// remove the Proxy-Authenticate header
- if ( !request->peer_login || (strcmp(request->peer_login,"PASS") != 0 && strcmp(request->peer_login,"PASSTHRU") != 0))
- reply->header.delById(HDR_PROXY_AUTHENTICATE);
+ if ( !request->peer_login || (strcmp(request->peer_login,"PASS") != 0 && strcmp(request->peer_login,"PASSTHRU") != 0)) {
+#if USE_ADAPTATION
+ // but allow adaptation services to authenticate clients
+ // via request satisfaction
+ if (!http->requestSatisfactionMode())
+#endif
+ reply->header.delById(HDR_PROXY_AUTHENTICATE);
+ }
reply->header.removeHopByHopEntries();
=== modified file 'src/client_side_request.h'
--- src/client_side_request.h 2016-01-01 00:14:27 +0000
+++ src/client_side_request.h 2016-08-17 05:48:29 +0000
@@ -140,6 +140,7 @@
public:
void startAdaptation(const Adaptation::ServiceGroupPointer &g);
+ bool requestSatisfactionMode() const { return request_satisfaction_mode; }
// private but exposed for ClientRequestContext
void handleAdaptationFailure(int errDetail, bool bypassable = false);

38
src/patches/squid/squid-3.5-14075.patch Normal file
View File

@@ -0,0 +1,38 @@
------------------------------------------------------------
revno: 14075
revision-id: squid3@treenet.co.nz-20160817133413-vdmm0d6kvo8bfszk
parent: squid3@treenet.co.nz-20160817054829-rl7q49ysi40sj01i
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Thu 2016-08-18 01:34:13 +1200
message:
Fix logic error in rev.13930
Using !=0 on both string compares means any login= value will permit
40x responses through. Only PASS and PASSTHRU should be doing that.
Detected by Coverity Scan. Issue 1364711
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160817133413-vdmm0d6kvo8bfszk
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 31f0c4e0f435e0aa994ffe8937e4d4c58fed37f5
# timestamp: 2016-08-17 13:34:59 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160817054829-\
# rl7q49ysi40sj01i
#
# Begin patch
=== modified file 'src/tunnel.cc'
--- src/tunnel.cc 2016-01-01 00:14:27 +0000
+++ src/tunnel.cc 2016-08-17 13:34:13 +0000
@@ -476,7 +476,7 @@
// we need to relay the 401/407 responses when login=PASS(THRU)
const char *pwd = server.conn->getPeer()->login;
- const bool relay = pwd && (strcmp(pwd, "PASS") != 0 || strcmp(pwd, "PASSTHRU") != 0) &&
+ const bool relay = pwd && (strcmp(pwd, "PASS") == 0 || strcmp(pwd, "PASSTHRU") == 0) &&
(*status_ptr == Http::scProxyAuthenticationRequired ||
*status_ptr == Http::scUnauthorized);