From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matthias Fischer To: development@lists.ipfire.org Subject: [PATCH] squid 3.5.20: latest patches Date: Thu, 18 Aug 2016 18:04:26 +0200 Message-ID: <20160818160426.3684-1-matthias.fischer@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5183309229142691383==" List-Id: --===============5183309229142691383== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Signed-off-by: Matthias Fischer --- lfs/squid | 5 ++ src/patches/squid/squid-3.5-14071.patch | 70 +++++++++++++++ src/patches/squid/squid-3.5-14072.patch | 33 +++++++ src/patches/squid/squid-3.5-14073.patch | 151 ++++++++++++++++++++++++++++++= ++ src/patches/squid/squid-3.5-14074.patch | 55 ++++++++++++ src/patches/squid/squid-3.5-14075.patch | 38 ++++++++ 6 files changed, 352 insertions(+) create mode 100644 src/patches/squid/squid-3.5-14071.patch create mode 100644 src/patches/squid/squid-3.5-14072.patch create mode 100644 src/patches/squid/squid-3.5-14073.patch create mode 100644 src/patches/squid/squid-3.5-14074.patch create mode 100644 src/patches/squid/squid-3.5-14075.patch diff --git a/lfs/squid b/lfs/squid index c07afe8..2d9c596 100644 --- a/lfs/squid +++ b/lfs/squid @@ -74,6 +74,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14068= .patch cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14069= .patch cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14070= .patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14071= .patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14072= .patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14073= .patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14074= .patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14075= .patch cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.20-fix-max-= file-descriptors.patch =20 cd $(DIR_APP) && autoreconf -vfi diff --git a/src/patches/squid/squid-3.5-14071.patch b/src/patches/squid/squi= d-3.5-14071.patch new file mode 100644 index 0000000..6b353ea --- /dev/null +++ b/src/patches/squid/squid-3.5-14071.patch @@ -0,0 +1,70 @@ +------------------------------------------------------------ +revno: 14071 +revision-id: squid3(a)treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3 +parent: squid3(a)treenet.co.nz-20160805145933-0cpyy47o8955lamx +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3D4428 +committer: Amos Jeffries +branch nick: 3.5 +timestamp: Wed 2016-08-17 14:55:01 +1200 +message: + Bug 4428: mal-formed Cache-Control:stale-if-error header +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3(a)treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3 +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: b3b3ef13c45062a97bd5cc88c934019fe4af7a3c +# timestamp: 2016-08-17 02:55:20 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3(a)treenet.co.nz-20160805145933-\ +# 0cpyy47o8955lamx +#=20 +# Begin patch +=3D=3D=3D modified file 'src/HttpHdrCc.cc' +--- src/HttpHdrCc.cc 2016-01-01 00:14:27 +0000 ++++ src/HttpHdrCc.cc 2016-08-17 02:55:01 +0000 +@@ -257,6 +257,27 @@ +=20 + /* for all options having values, "=3Dvalue" after the name */ + switch (flag) { ++ case CC_BADHDR: ++ break; ++ case CC_PUBLIC: ++ break; ++ case CC_PRIVATE: ++ if (Private().size()) ++ packerPrintf(p, "=3D\"" SQUIDSTRINGPH "\"", SQUIDSTRING= PRINT(Private())); ++ break; ++ ++ case CC_NO_CACHE: ++ if (noCache().size()) ++ packerPrintf(p, "=3D\"" SQUIDSTRINGPH "\"", SQUIDSTRING= PRINT(noCache())); ++ break; ++ case CC_NO_STORE: ++ break; ++ case CC_NO_TRANSFORM: ++ break; ++ case CC_MUST_REVALIDATE: ++ break; ++ case CC_PROXY_REVALIDATE: ++ break; + case CC_MAX_AGE: + packerPrintf(p, "=3D%d", (int) maxAge()); + break; +@@ -272,8 +293,14 @@ + case CC_MIN_FRESH: + packerPrintf(p, "=3D%d", (int) minFresh()); + break; +- default: +- /* do nothing, directive was already printed */ ++ case CC_ONLY_IF_CACHED: ++ break; ++ case CC_STALE_IF_ERROR: ++ packerPrintf(p, "=3D%d", staleIfError()); ++ break; ++ case CC_OTHER: ++ case CC_ENUM_END: ++ // done below after the loop + break; + } +=20 + diff --git a/src/patches/squid/squid-3.5-14072.patch b/src/patches/squid/squi= d-3.5-14072.patch new file mode 100644 index 0000000..228e773 --- /dev/null +++ b/src/patches/squid/squid-3.5-14072.patch @@ -0,0 +1,33 @@ +------------------------------------------------------------ +revno: 14072 +revision-id: squid3(a)treenet.co.nz-20160817025828-s4102klt2ei25tsm +parent: squid3(a)treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3 +committer: Amos Jeffries +branch nick: 3.5 +timestamp: Wed 2016-08-17 14:58:28 +1200 +message: + Fix SSL-Bump failure results in SEGFAULT +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3(a)treenet.co.nz-20160817025828-s4102klt2ei25tsm +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: 73877d276fba41282aeb5973207d02851d5eb784 +# timestamp: 2016-08-17 03:50:56 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3(a)treenet.co.nz-20160817025501-\ +# e66sjxm0bfy3ksn3 +#=20 +# Begin patch +=3D=3D=3D modified file 'src/client_side_request.cc' +--- src/client_side_request.cc 2016-05-06 08:24:29 +0000 ++++ src/client_side_request.cc 2016-08-17 02:58:28 +0000 +@@ -1811,7 +1811,7 @@ + repContext->setReplyToStoreEntry(e, "immediate SslBump error"); + errorAppendEntry(e, calloutContext->error); + calloutContext->error =3D NULL; +- if (calloutContext->readNextRequest) ++ if (calloutContext->readNextRequest && getConn()) + getConn()->flags.readMore =3D true; // resume any pipeline = reads. + node =3D (clientStreamNode *)client_stream.tail->data; + clientStreamRead(node, this, node->readBuffer); + diff --git a/src/patches/squid/squid-3.5-14073.patch b/src/patches/squid/squi= d-3.5-14073.patch new file mode 100644 index 0000000..b7915a4 --- /dev/null +++ b/src/patches/squid/squid-3.5-14073.patch @@ -0,0 +1,151 @@ +------------------------------------------------------------ +revno: 14073 +revision-id: squid3(a)treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj +parent: squid3(a)treenet.co.nz-20160817025828-s4102klt2ei25tsm +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3D4563 +committer: Amos Jeffries +branch nick: 3.5 +timestamp: Wed 2016-08-17 17:10:37 +1200 +message: + Bug 4563: duplicate code in httpMakeVaryMark +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3(a)treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: bba9a17715b8759e9d70db2c75f70f3c6152ae8a +# timestamp: 2016-08-17 05:50:53 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3(a)treenet.co.nz-20160817025828-\ +# s4102klt2ei25tsm +#=20 +# Begin patch +=3D=3D=3D modified file 'src/http.cc' +--- src/http.cc 2016-04-01 06:15:31 +0000 ++++ src/http.cc 2016-08-17 05:10:37 +0000 +@@ -572,6 +572,38 @@ + /* NOTREACHED */ + } +=20 ++/// assemble a variant key (vary-mark) from the given Vary header and HTTP = request ++static void ++assembleVaryKey(String &vary, SBuf &vstr, const HttpRequest &request) ++{ ++ static const SBuf asterisk("*"); ++ const char *pos =3D nullptr; ++ const char *item =3D nullptr; ++ int ilen =3D 0; ++ ++ while (strListGetItem(&vary, ',', &item, &ilen, &pos)) { ++ SBuf name(item, ilen); ++ if (name =3D=3D asterisk) { ++ vstr.clear(); ++ break; ++ } ++ name.toLower(); ++ if (!vstr.isEmpty()) ++ vstr.append(", ", 2); ++ vstr.append(name); ++ String hdr(request.header.getByName(name.c_str())); ++ const char *value =3D hdr.termedBuf(); ++ if (value) { ++ value =3D rfc1738_escape_part(value); ++ vstr.append("=3D\"", 2); ++ vstr.append(value); ++ vstr.append("\"", 1); ++ } ++ ++ hdr.clean(); ++ } ++} ++ + /* + * For Vary, store the relevant request headers as + * virtual headers in the reply +@@ -580,81 +612,16 @@ + SBuf + httpMakeVaryMark(HttpRequest * request, HttpReply const * reply) + { +- String vary, hdr; +- const char *pos =3D NULL; +- const char *item; +- const char *value; +- int ilen; + SBuf vstr; +- static const SBuf asterisk("*"); ++ String vary; +=20 + vary =3D reply->header.getList(HDR_VARY); +- +- while (strListGetItem(&vary, ',', &item, &ilen, &pos)) { +- char *name =3D (char *)xmalloc(ilen + 1); +- xstrncpy(name, item, ilen + 1); +- Tolower(name); +- +- if (strcmp(name, "*") =3D=3D 0) { +- /* Can not handle "Vary: *" withtout ETag support */ +- safe_free(name); +- vstr.clear(); +- break; +- } +- +- if (!vstr.isEmpty()) +- vstr.append(", ", 2); +- vstr.append(name); +- hdr =3D request->header.getByName(name); +- safe_free(name); +- value =3D hdr.termedBuf(); +- +- if (value) { +- value =3D rfc1738_escape_part(value); +- vstr.append("=3D\"", 2); +- vstr.append(value); +- vstr.append("\"", 1); +- } +- +- hdr.clean(); +- } +- ++ assembleVaryKey(vary, vstr, *request); ++ ++#if X_ACCELERATOR_VARY + vary.clean(); +-#if X_ACCELERATOR_VARY +- +- pos =3D NULL; + vary =3D reply->header.getList(HDR_X_ACCELERATOR_VARY); +- +- while (strListGetItem(&vary, ',', &item, &ilen, &pos)) { +- char *name =3D (char *)xmalloc(ilen + 1); +- xstrncpy(name, item, ilen + 1); +- Tolower(name); +- +- if (strcmp(name, "*") =3D=3D 0) { +- /* Can not handle "Vary: *" withtout ETag support */ +- safe_free(name); +- vstr.clear(); +- break; +- } +- +- if (!vstr.isEmpty()) +- vstr.append(", ", 2); +- vstr.append(name); +- hdr =3D request->header.getByName(name); +- safe_free(name); +- value =3D hdr.termedBuf(); +- +- if (value) { +- value =3D rfc1738_escape_part(value); +- vstr.append("=3D\"", 2); +- vstr.append(value); +- vstr.append("\"", 1); +- } +- +- hdr.clean(); +- } +- +- vary.clean(); ++ assembleVaryKey(vary, vstr, *request); + #endif +=20 + debugs(11, 3, vstr); + diff --git a/src/patches/squid/squid-3.5-14074.patch b/src/patches/squid/squi= d-3.5-14074.patch new file mode 100644 index 0000000..dbafbf0 --- /dev/null +++ b/src/patches/squid/squid-3.5-14074.patch @@ -0,0 +1,55 @@ +------------------------------------------------------------ +revno: 14074 +revision-id: squid3(a)treenet.co.nz-20160817054829-rl7q49ysi40sj01i +parent: squid3(a)treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3D3025 +author: mkishi +committer: Amos Jeffries +branch nick: 3.5 +timestamp: Wed 2016-08-17 17:48:29 +1200 +message: + Bug 3025: Proxy-Authenticate problem using ICAP server +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3(a)treenet.co.nz-20160817054829-rl7q49ysi40sj01i +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: f4eb1b35dc72bba74a398070900a0951257e547e +# timestamp: 2016-08-17 05:50:56 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3(a)treenet.co.nz-20160817051037-\ +# p0kaj2iw2u4u8iqj +#=20 +# Begin patch +=3D=3D=3D modified file 'src/client_side_reply.cc' +--- src/client_side_reply.cc 2016-04-01 06:15:31 +0000 ++++ src/client_side_reply.cc 2016-08-17 05:48:29 +0000 +@@ -1305,8 +1305,14 @@ +=20 + // if there is not configured a peer proxy with login=3DPASS or login= =3DPASSTHRU option enabled + // remove the Proxy-Authenticate header +- if ( !request->peer_login || (strcmp(request->peer_login,"PASS") !=3D 0= && strcmp(request->peer_login,"PASSTHRU") !=3D 0)) +- reply->header.delById(HDR_PROXY_AUTHENTICATE); ++ if ( !request->peer_login || (strcmp(request->peer_login,"PASS") !=3D 0= && strcmp(request->peer_login,"PASSTHRU") !=3D 0)) { ++#if USE_ADAPTATION ++ // but allow adaptation services to authenticate clients ++ // via request satisfaction ++ if (!http->requestSatisfactionMode()) ++#endif ++ reply->header.delById(HDR_PROXY_AUTHENTICATE); ++ } +=20 + reply->header.removeHopByHopEntries(); +=20 + +=3D=3D=3D modified file 'src/client_side_request.h' +--- src/client_side_request.h 2016-01-01 00:14:27 +0000 ++++ src/client_side_request.h 2016-08-17 05:48:29 +0000 +@@ -140,6 +140,7 @@ +=20 + public: + void startAdaptation(const Adaptation::ServiceGroupPointer &g); ++ bool requestSatisfactionMode() const { return request_satisfaction_mode= ; } +=20 + // private but exposed for ClientRequestContext + void handleAdaptationFailure(int errDetail, bool bypassable =3D false); + diff --git a/src/patches/squid/squid-3.5-14075.patch b/src/patches/squid/squi= d-3.5-14075.patch new file mode 100644 index 0000000..8c0b5a3 --- /dev/null +++ b/src/patches/squid/squid-3.5-14075.patch @@ -0,0 +1,38 @@ +------------------------------------------------------------ +revno: 14075 +revision-id: squid3(a)treenet.co.nz-20160817133413-vdmm0d6kvo8bfszk +parent: squid3(a)treenet.co.nz-20160817054829-rl7q49ysi40sj01i +committer: Amos Jeffries +branch nick: 3.5 +timestamp: Thu 2016-08-18 01:34:13 +1200 +message: + Fix logic error in rev.13930 + =20 + Using !=3D0 on both string compares means any login=3D value will permit + 40x responses through. Only PASS and PASSTHRU should be doing that. + =20 + Detected by Coverity Scan. Issue 1364711 +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3(a)treenet.co.nz-20160817133413-vdmm0d6kvo8bfszk +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: 31f0c4e0f435e0aa994ffe8937e4d4c58fed37f5 +# timestamp: 2016-08-17 13:34:59 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3(a)treenet.co.nz-20160817054829-\ +# rl7q49ysi40sj01i +#=20 +# Begin patch +=3D=3D=3D modified file 'src/tunnel.cc' +--- src/tunnel.cc 2016-01-01 00:14:27 +0000 ++++ src/tunnel.cc 2016-08-17 13:34:13 +0000 +@@ -476,7 +476,7 @@ +=20 + // we need to relay the 401/407 responses when login=3DPASS(THRU) + const char *pwd =3D server.conn->getPeer()->login; +- const bool relay =3D pwd && (strcmp(pwd, "PASS") !=3D 0 || strcmp(pwd, = "PASSTHRU") !=3D 0) && ++ const bool relay =3D pwd && (strcmp(pwd, "PASS") =3D=3D 0 || strcmp(pwd= , "PASSTHRU") =3D=3D 0) && + (*status_ptr =3D=3D Http::scProxyAuthenticationRequi= red || + *status_ptr =3D=3D Http::scUnauthorized); +=20 + --=20 2.9.3 --===============5183309229142691383==--