From: Matthias Fischer <matthias.fischer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] squid 3.5.20: latest patches
Date: Thu, 18 Aug 2016 18:04:26 +0200 [thread overview]
Message-ID: <20160818160426.3684-1-matthias.fischer@ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 16015 bytes --]
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
lfs/squid | 5 ++
src/patches/squid/squid-3.5-14071.patch | 70 +++++++++++++++
src/patches/squid/squid-3.5-14072.patch | 33 +++++++
src/patches/squid/squid-3.5-14073.patch | 151 ++++++++++++++++++++++++++++++++
src/patches/squid/squid-3.5-14074.patch | 55 ++++++++++++
src/patches/squid/squid-3.5-14075.patch | 38 ++++++++
6 files changed, 352 insertions(+)
create mode 100644 src/patches/squid/squid-3.5-14071.patch
create mode 100644 src/patches/squid/squid-3.5-14072.patch
create mode 100644 src/patches/squid/squid-3.5-14073.patch
create mode 100644 src/patches/squid/squid-3.5-14074.patch
create mode 100644 src/patches/squid/squid-3.5-14075.patch
diff --git a/lfs/squid b/lfs/squid
index c07afe8..2d9c596 100644
--- a/lfs/squid
+++ b/lfs/squid
@@ -74,6 +74,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14068.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14069.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14070.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14071.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14072.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14073.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14074.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14075.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.20-fix-max-file-descriptors.patch
cd $(DIR_APP) && autoreconf -vfi
diff --git a/src/patches/squid/squid-3.5-14071.patch b/src/patches/squid/squid-3.5-14071.patch
new file mode 100644
index 0000000..6b353ea
--- /dev/null
+++ b/src/patches/squid/squid-3.5-14071.patch
@@ -0,0 +1,70 @@
+------------------------------------------------------------
+revno: 14071
+revision-id: squid3(a)treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3
+parent: squid3(a)treenet.co.nz-20160805145933-0cpyy47o8955lamx
+fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4428
+committer: Amos Jeffries <squid3(a)treenet.co.nz>
+branch nick: 3.5
+timestamp: Wed 2016-08-17 14:55:01 +1200
+message:
+ Bug 4428: mal-formed Cache-Control:stale-if-error header
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3(a)treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# testament_sha1: b3b3ef13c45062a97bd5cc88c934019fe4af7a3c
+# timestamp: 2016-08-17 02:55:20 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# base_revision_id: squid3(a)treenet.co.nz-20160805145933-\
+# 0cpyy47o8955lamx
+#
+# Begin patch
+=== modified file 'src/HttpHdrCc.cc'
+--- src/HttpHdrCc.cc 2016-01-01 00:14:27 +0000
++++ src/HttpHdrCc.cc 2016-08-17 02:55:01 +0000
+@@ -257,6 +257,27 @@
+
+ /* for all options having values, "=value" after the name */
+ switch (flag) {
++ case CC_BADHDR:
++ break;
++ case CC_PUBLIC:
++ break;
++ case CC_PRIVATE:
++ if (Private().size())
++ packerPrintf(p, "=\"" SQUIDSTRINGPH "\"", SQUIDSTRINGPRINT(Private()));
++ break;
++
++ case CC_NO_CACHE:
++ if (noCache().size())
++ packerPrintf(p, "=\"" SQUIDSTRINGPH "\"", SQUIDSTRINGPRINT(noCache()));
++ break;
++ case CC_NO_STORE:
++ break;
++ case CC_NO_TRANSFORM:
++ break;
++ case CC_MUST_REVALIDATE:
++ break;
++ case CC_PROXY_REVALIDATE:
++ break;
+ case CC_MAX_AGE:
+ packerPrintf(p, "=%d", (int) maxAge());
+ break;
+@@ -272,8 +293,14 @@
+ case CC_MIN_FRESH:
+ packerPrintf(p, "=%d", (int) minFresh());
+ break;
+- default:
+- /* do nothing, directive was already printed */
++ case CC_ONLY_IF_CACHED:
++ break;
++ case CC_STALE_IF_ERROR:
++ packerPrintf(p, "=%d", staleIfError());
++ break;
++ case CC_OTHER:
++ case CC_ENUM_END:
++ // done below after the loop
+ break;
+ }
+
+
diff --git a/src/patches/squid/squid-3.5-14072.patch b/src/patches/squid/squid-3.5-14072.patch
new file mode 100644
index 0000000..228e773
--- /dev/null
+++ b/src/patches/squid/squid-3.5-14072.patch
@@ -0,0 +1,33 @@
+------------------------------------------------------------
+revno: 14072
+revision-id: squid3(a)treenet.co.nz-20160817025828-s4102klt2ei25tsm
+parent: squid3(a)treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3
+committer: Amos Jeffries <squid3(a)treenet.co.nz>
+branch nick: 3.5
+timestamp: Wed 2016-08-17 14:58:28 +1200
+message:
+ Fix SSL-Bump failure results in SEGFAULT
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3(a)treenet.co.nz-20160817025828-s4102klt2ei25tsm
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# testament_sha1: 73877d276fba41282aeb5973207d02851d5eb784
+# timestamp: 2016-08-17 03:50:56 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# base_revision_id: squid3(a)treenet.co.nz-20160817025501-\
+# e66sjxm0bfy3ksn3
+#
+# Begin patch
+=== modified file 'src/client_side_request.cc'
+--- src/client_side_request.cc 2016-05-06 08:24:29 +0000
++++ src/client_side_request.cc 2016-08-17 02:58:28 +0000
+@@ -1811,7 +1811,7 @@
+ repContext->setReplyToStoreEntry(e, "immediate SslBump error");
+ errorAppendEntry(e, calloutContext->error);
+ calloutContext->error = NULL;
+- if (calloutContext->readNextRequest)
++ if (calloutContext->readNextRequest && getConn())
+ getConn()->flags.readMore = true; // resume any pipeline reads.
+ node = (clientStreamNode *)client_stream.tail->data;
+ clientStreamRead(node, this, node->readBuffer);
+
diff --git a/src/patches/squid/squid-3.5-14073.patch b/src/patches/squid/squid-3.5-14073.patch
new file mode 100644
index 0000000..b7915a4
--- /dev/null
+++ b/src/patches/squid/squid-3.5-14073.patch
@@ -0,0 +1,151 @@
+------------------------------------------------------------
+revno: 14073
+revision-id: squid3(a)treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj
+parent: squid3(a)treenet.co.nz-20160817025828-s4102klt2ei25tsm
+fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4563
+committer: Amos Jeffries <squid3(a)treenet.co.nz>
+branch nick: 3.5
+timestamp: Wed 2016-08-17 17:10:37 +1200
+message:
+ Bug 4563: duplicate code in httpMakeVaryMark
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3(a)treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# testament_sha1: bba9a17715b8759e9d70db2c75f70f3c6152ae8a
+# timestamp: 2016-08-17 05:50:53 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# base_revision_id: squid3(a)treenet.co.nz-20160817025828-\
+# s4102klt2ei25tsm
+#
+# Begin patch
+=== modified file 'src/http.cc'
+--- src/http.cc 2016-04-01 06:15:31 +0000
++++ src/http.cc 2016-08-17 05:10:37 +0000
+@@ -572,6 +572,38 @@
+ /* NOTREACHED */
+ }
+
++/// assemble a variant key (vary-mark) from the given Vary header and HTTP request
++static void
++assembleVaryKey(String &vary, SBuf &vstr, const HttpRequest &request)
++{
++ static const SBuf asterisk("*");
++ const char *pos = nullptr;
++ const char *item = nullptr;
++ int ilen = 0;
++
++ while (strListGetItem(&vary, ',', &item, &ilen, &pos)) {
++ SBuf name(item, ilen);
++ if (name == asterisk) {
++ vstr.clear();
++ break;
++ }
++ name.toLower();
++ if (!vstr.isEmpty())
++ vstr.append(", ", 2);
++ vstr.append(name);
++ String hdr(request.header.getByName(name.c_str()));
++ const char *value = hdr.termedBuf();
++ if (value) {
++ value = rfc1738_escape_part(value);
++ vstr.append("=\"", 2);
++ vstr.append(value);
++ vstr.append("\"", 1);
++ }
++
++ hdr.clean();
++ }
++}
++
+ /*
+ * For Vary, store the relevant request headers as
+ * virtual headers in the reply
+@@ -580,81 +612,16 @@
+ SBuf
+ httpMakeVaryMark(HttpRequest * request, HttpReply const * reply)
+ {
+- String vary, hdr;
+- const char *pos = NULL;
+- const char *item;
+- const char *value;
+- int ilen;
+ SBuf vstr;
+- static const SBuf asterisk("*");
++ String vary;
+
+ vary = reply->header.getList(HDR_VARY);
+-
+- while (strListGetItem(&vary, ',', &item, &ilen, &pos)) {
+- char *name = (char *)xmalloc(ilen + 1);
+- xstrncpy(name, item, ilen + 1);
+- Tolower(name);
+-
+- if (strcmp(name, "*") == 0) {
+- /* Can not handle "Vary: *" withtout ETag support */
+- safe_free(name);
+- vstr.clear();
+- break;
+- }
+-
+- if (!vstr.isEmpty())
+- vstr.append(", ", 2);
+- vstr.append(name);
+- hdr = request->header.getByName(name);
+- safe_free(name);
+- value = hdr.termedBuf();
+-
+- if (value) {
+- value = rfc1738_escape_part(value);
+- vstr.append("=\"", 2);
+- vstr.append(value);
+- vstr.append("\"", 1);
+- }
+-
+- hdr.clean();
+- }
+-
++ assembleVaryKey(vary, vstr, *request);
++
++#if X_ACCELERATOR_VARY
+ vary.clean();
+-#if X_ACCELERATOR_VARY
+-
+- pos = NULL;
+ vary = reply->header.getList(HDR_X_ACCELERATOR_VARY);
+-
+- while (strListGetItem(&vary, ',', &item, &ilen, &pos)) {
+- char *name = (char *)xmalloc(ilen + 1);
+- xstrncpy(name, item, ilen + 1);
+- Tolower(name);
+-
+- if (strcmp(name, "*") == 0) {
+- /* Can not handle "Vary: *" withtout ETag support */
+- safe_free(name);
+- vstr.clear();
+- break;
+- }
+-
+- if (!vstr.isEmpty())
+- vstr.append(", ", 2);
+- vstr.append(name);
+- hdr = request->header.getByName(name);
+- safe_free(name);
+- value = hdr.termedBuf();
+-
+- if (value) {
+- value = rfc1738_escape_part(value);
+- vstr.append("=\"", 2);
+- vstr.append(value);
+- vstr.append("\"", 1);
+- }
+-
+- hdr.clean();
+- }
+-
+- vary.clean();
++ assembleVaryKey(vary, vstr, *request);
+ #endif
+
+ debugs(11, 3, vstr);
+
diff --git a/src/patches/squid/squid-3.5-14074.patch b/src/patches/squid/squid-3.5-14074.patch
new file mode 100644
index 0000000..dbafbf0
--- /dev/null
+++ b/src/patches/squid/squid-3.5-14074.patch
@@ -0,0 +1,55 @@
+------------------------------------------------------------
+revno: 14074
+revision-id: squid3(a)treenet.co.nz-20160817054829-rl7q49ysi40sj01i
+parent: squid3(a)treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj
+fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3025
+author: mkishi <mkishi(a)104.net>
+committer: Amos Jeffries <squid3(a)treenet.co.nz>
+branch nick: 3.5
+timestamp: Wed 2016-08-17 17:48:29 +1200
+message:
+ Bug 3025: Proxy-Authenticate problem using ICAP server
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3(a)treenet.co.nz-20160817054829-rl7q49ysi40sj01i
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# testament_sha1: f4eb1b35dc72bba74a398070900a0951257e547e
+# timestamp: 2016-08-17 05:50:56 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# base_revision_id: squid3(a)treenet.co.nz-20160817051037-\
+# p0kaj2iw2u4u8iqj
+#
+# Begin patch
+=== modified file 'src/client_side_reply.cc'
+--- src/client_side_reply.cc 2016-04-01 06:15:31 +0000
++++ src/client_side_reply.cc 2016-08-17 05:48:29 +0000
+@@ -1305,8 +1305,14 @@
+
+ // if there is not configured a peer proxy with login=PASS or login=PASSTHRU option enabled
+ // remove the Proxy-Authenticate header
+- if ( !request->peer_login || (strcmp(request->peer_login,"PASS") != 0 && strcmp(request->peer_login,"PASSTHRU") != 0))
+- reply->header.delById(HDR_PROXY_AUTHENTICATE);
++ if ( !request->peer_login || (strcmp(request->peer_login,"PASS") != 0 && strcmp(request->peer_login,"PASSTHRU") != 0)) {
++#if USE_ADAPTATION
++ // but allow adaptation services to authenticate clients
++ // via request satisfaction
++ if (!http->requestSatisfactionMode())
++#endif
++ reply->header.delById(HDR_PROXY_AUTHENTICATE);
++ }
+
+ reply->header.removeHopByHopEntries();
+
+
+=== modified file 'src/client_side_request.h'
+--- src/client_side_request.h 2016-01-01 00:14:27 +0000
++++ src/client_side_request.h 2016-08-17 05:48:29 +0000
+@@ -140,6 +140,7 @@
+
+ public:
+ void startAdaptation(const Adaptation::ServiceGroupPointer &g);
++ bool requestSatisfactionMode() const { return request_satisfaction_mode; }
+
+ // private but exposed for ClientRequestContext
+ void handleAdaptationFailure(int errDetail, bool bypassable = false);
+
diff --git a/src/patches/squid/squid-3.5-14075.patch b/src/patches/squid/squid-3.5-14075.patch
new file mode 100644
index 0000000..8c0b5a3
--- /dev/null
+++ b/src/patches/squid/squid-3.5-14075.patch
@@ -0,0 +1,38 @@
+------------------------------------------------------------
+revno: 14075
+revision-id: squid3(a)treenet.co.nz-20160817133413-vdmm0d6kvo8bfszk
+parent: squid3(a)treenet.co.nz-20160817054829-rl7q49ysi40sj01i
+committer: Amos Jeffries <squid3(a)treenet.co.nz>
+branch nick: 3.5
+timestamp: Thu 2016-08-18 01:34:13 +1200
+message:
+ Fix logic error in rev.13930
+
+ Using !=0 on both string compares means any login= value will permit
+ 40x responses through. Only PASS and PASSTHRU should be doing that.
+
+ Detected by Coverity Scan. Issue 1364711
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3(a)treenet.co.nz-20160817133413-vdmm0d6kvo8bfszk
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# testament_sha1: 31f0c4e0f435e0aa994ffe8937e4d4c58fed37f5
+# timestamp: 2016-08-17 13:34:59 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# base_revision_id: squid3(a)treenet.co.nz-20160817054829-\
+# rl7q49ysi40sj01i
+#
+# Begin patch
+=== modified file 'src/tunnel.cc'
+--- src/tunnel.cc 2016-01-01 00:14:27 +0000
++++ src/tunnel.cc 2016-08-17 13:34:13 +0000
+@@ -476,7 +476,7 @@
+
+ // we need to relay the 401/407 responses when login=PASS(THRU)
+ const char *pwd = server.conn->getPeer()->login;
+- const bool relay = pwd && (strcmp(pwd, "PASS") != 0 || strcmp(pwd, "PASSTHRU") != 0) &&
++ const bool relay = pwd && (strcmp(pwd, "PASS") == 0 || strcmp(pwd, "PASSTHRU") == 0) &&
+ (*status_ptr == Http::scProxyAuthenticationRequired ||
+ *status_ptr == Http::scUnauthorized);
+
+
--
2.9.3
next reply other threads:[~2016-08-18 16:04 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-18 16:04 Matthias Fischer [this message]
-- strict thread matches above, loose matches on Subject: below --
2016-08-12 19:09 Matthias Fischer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160818160426.3684-1-matthias.fischer@ipfire.org \
--to=matthias.fischer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox