Development August 2016

development@lists.ipfire.org

11 participants
33 discussions

[PATCH] gnupg: Update to 1.4.21
by Matthias Fischer 23 Aug '16

23 Aug '16

Second try: Update from 1.4.18 to 1.4.21, based on current 'next'. Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- config/rootfiles/common/gnupg | 2 -- lfs/gnupg | 6 +++--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/config/rootfiles/common/gnupg b/config/rootfiles/common/gnupg index 9aecc41..edd2bec 100644 --- a/config/rootfiles/common/gnupg +++ b/config/rootfiles/common/gnupg @@ -13,6 +13,4 @@ usr/lib/gnupg/gpgkeys_ldap #usr/share/info/gnupg1.info #usr/share/man/man1/gpg-zip.1 #usr/share/man/man1/gpg.1 -#usr/share/man/man1/gpg.ru.1 #usr/share/man/man1/gpgv.1 -#usr/share/man/man7/gnupg.7 diff --git a/lfs/gnupg b/lfs/gnupg index 29835e0..aa76042 100644 --- a/lfs/gnupg +++ b/lfs/gnupg @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2014 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2016 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.4.18 +VER = 1.4.21 THISAPP = gnupg-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 54db1be9588b11afbbdd8b82d4ea883a +$(DL_FILE)_MD5 = 9bdeabf3c0f87ff21cb3f9216efdd01d install : $(TARGET) -- 2.9.3

1 0

[PATCH] gnupg: Update to 1.4.21
by Matthias Fischer 22 Aug '16

22 Aug '16

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- config/rootfiles/common/gnupg | 2 -- lfs/gnupg | 6 +++--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/config/rootfiles/common/gnupg b/config/rootfiles/common/gnupg index 9aecc41..edd2bec 100644 --- a/config/rootfiles/common/gnupg +++ b/config/rootfiles/common/gnupg @@ -13,6 +13,4 @@ usr/lib/gnupg/gpgkeys_ldap #usr/share/info/gnupg1.info #usr/share/man/man1/gpg-zip.1 #usr/share/man/man1/gpg.1 -#usr/share/man/man1/gpg.ru.1 #usr/share/man/man1/gpgv.1 -#usr/share/man/man7/gnupg.7 diff --git a/lfs/gnupg b/lfs/gnupg index e5e34c1..aa76042 100644 --- a/lfs/gnupg +++ b/lfs/gnupg @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2015 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2016 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.4.19 +VER = 1.4.21 THISAPP = gnupg-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 3af4ab5b3113b3e28d3551ecf9600785 +$(DL_FILE)_MD5 = 9bdeabf3c0f87ff21cb3f9216efdd01d install : $(TARGET) -- 2.9.3

2 3

libgcrypt new version *fix a critical security problem*
by 5p9 22 Aug '16

22 Aug '16

Hi @ all, for your information. I found a new version for libgcrypt, see http://www.linuxfromscratch.org/blfs/view/svn/general/libgcrypt.html or https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html BR, Thomas

2 1

[PATCH] smartmontools: Update to 6.5
by Matthias Fischer 20 Aug '16

20 Aug '16

For details, see: https://www.smartmontools.org/browser/tags/RELEASE_6_5/smartmontools/NEWS Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- lfs/smartmontools | 6 +++--- ..._segfault.patch => smartmontools-6.5-exit_segfault.patch} | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) rename src/patches/{smartmontools-5.39-exit_segfault.patch => smartmontools-6.5-exit_segfault.patch} (50%) diff --git a/lfs/smartmontools b/lfs/smartmontools index c3ba635..6c6d7db 100644 --- a/lfs/smartmontools +++ b/lfs/smartmontools @@ -24,7 +24,7 @@ include Config -VER = 6.3 +VER = 6.5 THISAPP = smartmontools-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 2ea0c62206e110192a97b59291b17f54 +$(DL_FILE)_MD5 = 093aeec3f8f39fa9a37593c4012d3156 install : $(TARGET) @@ -70,7 +70,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/smartmontools-5.39-exit_segfault.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/smartmontools-6.5-exit_segfault.patch cd $(DIR_APP) && autoreconf cd $(DIR_APP) && ./configure --prefix=/usr cd $(DIR_APP) && make BUILD_INFO='"($(NAME) $(VERSION))"' $(MAKETUNING) diff --git a/src/patches/smartmontools-5.39-exit_segfault.patch b/src/patches/smartmontools-6.5-exit_segfault.patch similarity index 50% rename from src/patches/smartmontools-5.39-exit_segfault.patch rename to src/patches/smartmontools-6.5-exit_segfault.patch index 5ed4b10..6c5df8a 100644 --- a/src/patches/smartmontools-5.39-exit_segfault.patch +++ b/src/patches/smartmontools-6.5-exit_segfault.patch @@ -1,7 +1,6 @@ -diff -Naur smartmontools-5.39-svn_r2877/utility.h smartmontools-5.39-svn_r2877.new/utility.h ---- smartmontools-5.39-svn_r2877/utility.h 2009-08-24 12:48:50.000000000 +0200 -+++ smartmontools-5.39-svn_r2877.new/utility.h 2009-08-29 09:11:07.000000000 +0200 -@@ -102,7 +102,11 @@ +--- a/utility.h Sun Apr 24 16:59:15 2016 ++++ b/utility.h Sat Aug 20 22:40:33 2016 +@@ -97,7 +97,11 @@ // Replacement for exit(status) // (exit is not compatible with C++ destructors) @@ -12,5 +11,6 @@ diff -Naur smartmontools-5.39-svn_r2877/utility.h smartmontools-5.39-svn_r2877.n +//tried to use exit and found no problems yet +#define EXIT(status) { exit ((int)(status)); } - - #ifdef OLD_INTERFACE + // Compile time check of byte ordering + // (inline const function allows compiler to remove dead code) + -- 2.9.3

1 0

[PATCH] libgpg-error: Update to 1.24
by Matthias Fischer 20 Aug '16

20 Aug '16

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- config/rootfiles/common/libgpg-error | 2 +- lfs/libgpg-error | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/rootfiles/common/libgpg-error b/config/rootfiles/common/libgpg-error index 3e927ed..92ac1f3 100644 --- a/config/rootfiles/common/libgpg-error +++ b/config/rootfiles/common/libgpg-error @@ -4,7 +4,7 @@ usr/bin/gpg-error #usr/lib/libgpg-error.la #usr/lib/libgpg-error.so usr/lib/libgpg-error.so.0 -usr/lib/libgpg-error.so.0.16.0 +usr/lib/libgpg-error.so.0.19.1 #usr/share/aclocal/gpg-error.m4 #usr/share/common-lisp #usr/share/common-lisp/source diff --git a/lfs/libgpg-error b/lfs/libgpg-error index ab9499e..84af2aa 100644 --- a/lfs/libgpg-error +++ b/lfs/libgpg-error @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2015 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2016 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.20 +VER = 1.24 THISAPP = libgpg-error-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 9997d9203b672402a04760176811589d +$(DL_FILE)_MD5 = feb42198c0aaf3b28eabe8f41a34b983 install : $(TARGET) -- 2.9.3

1 0

[PATCH] libgcrypt: Update to 1.7.3
by Matthias Fischer 20 Aug '16

20 Aug '16

Fixes CVE-2016-6313 For details, see: https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html https://bugzilla.redhat.com/show_bug.cgi?id=1366105 Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- config/rootfiles/common/libgcrypt | 2 +- lfs/libgcrypt | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/rootfiles/common/libgcrypt b/config/rootfiles/common/libgcrypt index 578e0b6..4706343 100644 --- a/config/rootfiles/common/libgcrypt +++ b/config/rootfiles/common/libgcrypt @@ -6,7 +6,7 @@ #usr/lib/libgcrypt.la #usr/lib/libgcrypt.so usr/lib/libgcrypt.so.20 -usr/lib/libgcrypt.so.20.0.4 +usr/lib/libgcrypt.so.20.1.3 #usr/share/aclocal/libgcrypt.m4 #usr/share/info/gcrypt.info #usr/share/man/man1/hmac256.1 diff --git a/lfs/libgcrypt b/lfs/libgcrypt index 98cf787..5a06032 100644 --- a/lfs/libgcrypt +++ b/lfs/libgcrypt @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2015 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2016 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.6.4 +VER = 1.7.3 THISAPP = libgcrypt-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 4c13c5fa43147866f993d73ee62af176 +$(DL_FILE)_MD5 = c869e542cc13a1c28d8055487bf7f5c4 install : $(TARGET) -- 2.9.3

1 0

[PATCH] libassuan: Update to 2.4.3
by Matthias Fischer 20 Aug '16

20 Aug '16

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- config/rootfiles/packages/libassuan | 2 +- lfs/libassuan | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/config/rootfiles/packages/libassuan b/config/rootfiles/packages/libassuan index 9c7aadb..8670ee7 100644 --- a/config/rootfiles/packages/libassuan +++ b/config/rootfiles/packages/libassuan @@ -3,6 +3,6 @@ usr/bin/libassuan-config #usr/lib/libassuan.la usr/lib/libassuan.so usr/lib/libassuan.so.0 -usr/lib/libassuan.so.0.5.0 +usr/lib/libassuan.so.0.7.3 #usr/share/aclocal/libassuan.m4 #usr/share/info/assuan.info diff --git a/lfs/libassuan b/lfs/libassuan index 0137d14..29f799a 100644 --- a/lfs/libassuan +++ b/lfs/libassuan @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2015 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2016 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 2.2.0 +VER = 2.4.3 THISAPP = libassuan-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = libassuan -PAK_VER = 3 +PAK_VER = 4 DEPS = "" @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = a104faed3e97b9c302c5d67cc22b1d60 +$(DL_FILE)_MD5 = 8e01a7c72d3e5d154481230668e6eb5a install : $(TARGET) -- 2.9.3

1 0

[PATCH] squid: Update to 3.5.20 with latest patches (14067-14075)
by Matthias Fischer 19 Aug '16

19 Aug '16

For details, see: http://www.squid-cache.org/Versions/v3/3.5/changesets/ Since there were problems with "trailing white spaces" I started a new 'squid_3' branch from scratch, based on current 'next'. I hope this is what is needed and that it helps. This one was built without errors and is running here without seen problems. Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- lfs/squid | 21 +- ...=> squid-3.5.20-fix-max-file-descriptors.patch} | 4 +- src/patches/squid/squid-3.5-14051.patch | 63 ---- src/patches/squid/squid-3.5-14052.patch | 34 -- src/patches/squid/squid-3.5-14053.patch | 46 --- src/patches/squid/squid-3.5-14054.patch | 37 -- src/patches/squid/squid-3.5-14055.patch | 39 --- src/patches/squid/squid-3.5-14056.patch | 36 -- src/patches/squid/squid-3.5-14067.patch | 381 +++++++++++++++++++++ src/patches/squid/squid-3.5-14068.patch | 35 ++ src/patches/squid/squid-3.5-14069.patch | 30 ++ src/patches/squid/squid-3.5-14070.patch | 44 +++ src/patches/squid/squid-3.5-14071.patch | 70 ++++ src/patches/squid/squid-3.5-14072.patch | 33 ++ src/patches/squid/squid-3.5-14073.patch | 151 ++++++++ src/patches/squid/squid-3.5-14074.patch | 55 +++ src/patches/squid/squid-3.5-14075.patch | 38 ++ 17 files changed, 851 insertions(+), 266 deletions(-) rename src/patches/{squid-3.5.17-fix-max-file-descriptors.patch => squid-3.5.20-fix-max-file-descriptors.patch} (92%) delete mode 100644 src/patches/squid/squid-3.5-14051.patch delete mode 100644 src/patches/squid/squid-3.5-14052.patch delete mode 100644 src/patches/squid/squid-3.5-14053.patch delete mode 100644 src/patches/squid/squid-3.5-14054.patch delete mode 100644 src/patches/squid/squid-3.5-14055.patch delete mode 100644 src/patches/squid/squid-3.5-14056.patch create mode 100644 src/patches/squid/squid-3.5-14067.patch create mode 100644 src/patches/squid/squid-3.5-14068.patch create mode 100644 src/patches/squid/squid-3.5-14069.patch create mode 100644 src/patches/squid/squid-3.5-14070.patch create mode 100644 src/patches/squid/squid-3.5-14071.patch create mode 100644 src/patches/squid/squid-3.5-14072.patch create mode 100644 src/patches/squid/squid-3.5-14073.patch create mode 100644 src/patches/squid/squid-3.5-14074.patch create mode 100644 src/patches/squid/squid-3.5-14075.patch diff --git a/lfs/squid b/lfs/squid index edaf943..2d9c596 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,7 +24,7 @@ include Config -VER = 3.5.19 +VER = 3.5.20 THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = a1d990284c429a63ee85d80ee5b3b8b9 +$(DL_FILE)_MD5 = 48fb18679a30606de98882528beab3a7 install : $(TARGET) @@ -70,13 +70,16 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14051.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14052.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14053.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14054.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14055.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14056.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.17-fix-max-file-descriptors.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14067.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14068.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14069.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14070.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14071.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14072.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14073.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14074.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14075.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.20-fix-max-file-descriptors.patch cd $(DIR_APP) && autoreconf -vfi cd $(DIR_APP)/libltdl && autoreconf -vfi diff --git a/src/patches/squid-3.5.17-fix-max-file-descriptors.patch b/src/patches/squid-3.5.20-fix-max-file-descriptors.patch similarity index 92% rename from src/patches/squid-3.5.17-fix-max-file-descriptors.patch rename to src/patches/squid-3.5.20-fix-max-file-descriptors.patch index b0efa76..b740b61 100644 --- a/src/patches/squid-3.5.17-fix-max-file-descriptors.patch +++ b/src/patches/squid-3.5.20-fix-max-file-descriptors.patch @@ -1,6 +1,6 @@ --- configure.ac.~ Wed Apr 20 14:26:07 2016 +++ configure.ac Fri Apr 22 17:20:46 2016 -@@ -3131,6 +3131,9 @@ +@@ -3135,6 +3135,9 @@ ;; esac @@ -10,7 +10,7 @@ dnl --with-maxfd present for compatibility with Squid-2. dnl undocumented in ./configure --help to encourage using the Squid-3 directive AC_ARG_WITH(maxfd,, -@@ -3161,8 +3164,6 @@ +@@ -3165,8 +3168,6 @@ esac ]) diff --git a/src/patches/squid/squid-3.5-14051.patch b/src/patches/squid/squid-3.5-14051.patch deleted file mode 100644 index 58892dc..0000000 --- a/src/patches/squid/squid-3.5-14051.patch +++ /dev/null @@ -1,63 +0,0 @@ ------------------------------------------------------------- -revno: 14051 -revision-id: squid3(a)treenet.co.nz-20160517145850-uos9z00nrt7xd9ik -parent: squid3(a)treenet.co.nz-20160508124125-fytgvn68zppfr8ix -author: Steve Hill <steve(a)opendium.com> -committer: Amos Jeffries <squid3(a)treenet.co.nz> -branch nick: 3.5 -timestamp: Wed 2016-05-18 02:58:50 +1200 -message: - Support unified EUI format code in external_acl_type - - Squid supports %>eui as a logformat specifier, which produces an EUI-48 - for IPv4 clients and an EUI-64 for IPv6 clients. However, This is not - allowed as a format specifier for the external ACLs, and you have to use - %SRCEUI48 and %SRCEUI64 instead. %SRCEUI48 is only useful for IPv4 - clients and %SRCEUI64 is only useful for IPv6 clients, so supporting - both v4 and v6 is a bit messy. - - Adds the %>eui specifier for external ACLs and behaves in the same way - as the logformat specifier. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3(a)treenet.co.nz-20160517145850-uos9z00nrt7xd9ik -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: ad0743717948a65cfd4f306acc2bbaa9343e9a76 -# timestamp: 2016-05-17 15:50:54 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3(a)treenet.co.nz-20160508124125-\ -# fytgvn68zppfr8ix -# -# Begin patch -=== modified file 'src/external_acl.cc' ---- src/external_acl.cc 2016-01-01 00:14:27 +0000 -+++ src/external_acl.cc 2016-05-17 14:58:50 +0000 -@@ -356,6 +356,8 @@ - else if (strcmp(token, "%SRCPORT") == 0 || strcmp(token, "%>p") == 0) - format->type = Format::LFT_CLIENT_PORT; - #if USE_SQUID_EUI -+ else if (strcmp(token, "%>eui") == 0) -+ format->type = Format::LFT_CLIENT_EUI; - else if (strcmp(token, "%SRCEUI48") == 0) - format->type = Format::LFT_EXT_ACL_CLIENT_EUI48; - else if (strcmp(token, "%SRCEUI64") == 0) -@@ -944,6 +946,18 @@ - break; - - #if USE_SQUID_EUI -+ case Format::LFT_CLIENT_EUI: -+ // TODO make the ACL checklist have a direct link to any TCP details. -+ if (request->clientConnectionManager.valid() && request->clientConnectionManager->clientConnection != NULL) -+ { -+ if (request->clientConnectionManager->clientConnection->remote.isIPv4()) -+ request->clientConnectionManager->clientConnection->remoteEui48.encode(buf, sizeof(buf)); -+ else -+ request->clientConnectionManager->clientConnection->remoteEui64.encode(buf, sizeof(buf)); -+ str = buf; -+ } -+ break; -+ - case Format::LFT_EXT_ACL_CLIENT_EUI48: - if (request->clientConnectionManager.valid() && request->clientConnectionManager->clientConnection != NULL && - request->clientConnectionManager->clientConnection->remoteEui48.encode(buf, sizeof(buf))) - diff --git a/src/patches/squid/squid-3.5-14052.patch b/src/patches/squid/squid-3.5-14052.patch deleted file mode 100644 index 4fba159..0000000 --- a/src/patches/squid/squid-3.5-14052.patch +++ /dev/null @@ -1,34 +0,0 @@ ------------------------------------------------------------- -revno: 14052 -revision-id: squidadm(a)squid-cache.org-20160517181416-sfrjdosd9dhx7u8o -parent: squid3(a)treenet.co.nz-20160517145850-uos9z00nrt7xd9ik -committer: Source Maintenance <squidadm(a)squid-cache.org> -branch nick: 3.5 -timestamp: Tue 2016-05-17 18:14:16 +0000 -message: - SourceFormat Enforcement ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squidadm(a)squid-cache.org-20160517181416-\ -# sfrjdosd9dhx7u8o -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: e30c12805cacdb559925da08cc6a25fe4a39c19b -# timestamp: 2016-05-17 18:51:06 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3(a)treenet.co.nz-20160517145850-\ -# uos9z00nrt7xd9ik -# -# Begin patch -=== modified file 'src/external_acl.cc' ---- src/external_acl.cc 2016-05-17 14:58:50 +0000 -+++ src/external_acl.cc 2016-05-17 18:14:16 +0000 -@@ -956,7 +956,7 @@ - request->clientConnectionManager->clientConnection->remoteEui64.encode(buf, sizeof(buf)); - str = buf; - } -- break; -+ break; - - case Format::LFT_EXT_ACL_CLIENT_EUI48: - if (request->clientConnectionManager.valid() && request->clientConnectionManager->clientConnection != NULL && - diff --git a/src/patches/squid/squid-3.5-14053.patch b/src/patches/squid/squid-3.5-14053.patch deleted file mode 100644 index f669449..0000000 --- a/src/patches/squid/squid-3.5-14053.patch +++ /dev/null @@ -1,46 +0,0 @@ ------------------------------------------------------------- -revno: 14053 -revision-id: squid3(a)treenet.co.nz-20160521130058-zq8zugw0fohwfu3z -parent: squidadm(a)squid-cache.org-20160517181416-sfrjdosd9dhx7u8o -committer: Amos Jeffries <squid3(a)treenet.co.nz> -branch nick: 3.5 -timestamp: Sun 2016-05-22 01:00:58 +1200 -message: - Do not override user defined -std option ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3(a)treenet.co.nz-20160521130058-zq8zugw0fohwfu3z -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: a75245a622ccfa385ef5e4722f9a9fb438a16135 -# timestamp: 2016-05-21 13:08:06 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squidadm(a)squid-cache.org-20160517181416-\ -# sfrjdosd9dhx7u8o -# -# Begin patch -=== modified file 'configure.ac' ---- configure.ac 2016-05-08 12:41:25 +0000 -+++ configure.ac 2016-05-21 13:00:58 +0000 -@@ -95,6 +95,9 @@ - # Guess the compiler type (sets squid_cv_compiler) - SQUID_CC_GUESS_VARIANT - -+# If the user did not specify a C++ version. -+user_cxx=`echo "$PRESET_CXXFLAGS" | grep -o -E "\-std="` -+if test "x$user_cxx" = "x"; then - # Check for C++11 compiler support - # - # BUG 3613: when clang -std=c++0x is used, it activates a "strict mode" -@@ -103,8 +106,9 @@ - # - # Similar POSIX issues on MinGW 32-bit and Cygwin - # --if ! test "x$squid_host_os" = "xmingw" -o "x$squid_host_os" = "xcygwin" -o "x$squid_cv_compiler" = "xclang"; then -- AX_CXX_COMPILE_STDCXX_11([noext],[optional]) -+ if ! test "x$squid_host_os" = "xmingw" -o "x$squid_host_os" = "xcygwin" -o "x$squid_cv_compiler" = "xclang"; then -+ AX_CXX_COMPILE_STDCXX_11([noext],[optional]) -+ fi - fi - - # test for programs - diff --git a/src/patches/squid/squid-3.5-14054.patch b/src/patches/squid/squid-3.5-14054.patch deleted file mode 100644 index 90b34c1..0000000 --- a/src/patches/squid/squid-3.5-14054.patch +++ /dev/null @@ -1,37 +0,0 @@ ------------------------------------------------------------- -revno: 14054 -revision-id: squid3(a)treenet.co.nz-20160521130144-6xtcayieij00fm5v -parent: squid3(a)treenet.co.nz-20160521130058-zq8zugw0fohwfu3z -committer: Amos Jeffries <squid3(a)treenet.co.nz> -branch nick: 3.5 -timestamp: Sun 2016-05-22 01:01:44 +1200 -message: - Fix OpenSSL detection on FreeBSD ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3(a)treenet.co.nz-20160521130144-6xtcayieij00fm5v -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 3d8c0d7a9f1886523ac55d79e4d3e8f0340e2ec9 -# timestamp: 2016-05-21 13:08:08 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3(a)treenet.co.nz-20160521130058-\ -# zq8zugw0fohwfu3z -# -# Begin patch -=== modified file 'configure.ac' ---- configure.ac 2016-05-21 13:00:58 +0000 -+++ configure.ac 2016-05-21 13:01:44 +0000 -@@ -1348,10 +1348,10 @@ - - AC_CHECK_LIB(crypto,[CRYPTO_new_ex_data],[LIBOPENSSL_LIBS="-lcrypto $LIBOPENSSL_LIBS"],[ - AC_MSG_ERROR([library 'crypto' is required for OpenSSL]) -- ]) -+ ],$LIBOPENSSL_LIBS) - AC_CHECK_LIB(ssl,[SSL_library_init],[LIBOPENSSL_LIBS="-lssl $LIBOPENSSL_LIBS"],[ - AC_MSG_ERROR([library 'ssl' is required for OpenSSL]) -- ]) -+ ],$LIBOPENSSL_LIBS) - ]) - - # This is a workaround for RedHat 9 brain damage.. - diff --git a/src/patches/squid/squid-3.5-14055.patch b/src/patches/squid/squid-3.5-14055.patch deleted file mode 100644 index ac04bb6..0000000 --- a/src/patches/squid/squid-3.5-14055.patch +++ /dev/null @@ -1,39 +0,0 @@ ------------------------------------------------------------- -revno: 14055 -revision-id: squid3(a)treenet.co.nz-20160521155202-pp53utwamdhkugvg -parent: squid3(a)treenet.co.nz-20160521130144-6xtcayieij00fm5v -author: Alex Rousskov <rousskov(a)measurement-factory.com> -committer: Amos Jeffries <squid3(a)treenet.co.nz> -branch nick: 3.5 -timestamp: Sun 2016-05-22 03:52:02 +1200 -message: - Fix icons loading speed. - - Since trunk r14100 (Bug 3875: bad mimeLoadIconFile error handling), each - icon was read from disk and written to Store one character at a time. I - did not measure startup delays in production, but in debugging runs, - fixing this bug sped up icons loading from 1 minute to 4 seconds. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3(a)treenet.co.nz-20160521155202-pp53utwamdhkugvg -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 79b78480d81666c15406d23837608ba9a578da4b -# timestamp: 2016-05-21 16:51:00 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3(a)treenet.co.nz-20160521130144-\ -# 6xtcayieij00fm5v -# -# Begin patch -=== modified file 'src/mime.cc' ---- src/mime.cc 2016-01-01 00:14:27 +0000 -+++ src/mime.cc 2016-05-21 15:52:02 +0000 -@@ -430,7 +430,7 @@ - /* read the file into the buffer and append it to store */ - int n; - char *buf = (char *)memAllocate(MEM_4K_BUF); -- while ((n = FD_READ_METHOD(fd, buf, sizeof(*buf))) > 0) -+ while ((n = FD_READ_METHOD(fd, buf, 4096)) > 0) - e->append(buf, n); - - file_close(fd); - diff --git a/src/patches/squid/squid-3.5-14056.patch b/src/patches/squid/squid-3.5-14056.patch deleted file mode 100644 index 4ea3808..0000000 --- a/src/patches/squid/squid-3.5-14056.patch +++ /dev/null @@ -1,36 +0,0 @@ ------------------------------------------------------------- -revno: 14056 -revision-id: squid3(a)treenet.co.nz-20160521172919-du6cbdirqcxdjbtr -parent: squid3(a)treenet.co.nz-20160521155202-pp53utwamdhkugvg -author: Christos Tsantilas <chtsanti(a)users.sourceforge.net> -committer: Amos Jeffries <squid3(a)treenet.co.nz> -branch nick: 3.5 -timestamp: Sun 2016-05-22 05:29:19 +1200 -message: - Increase debug level in a peek-and-splice related debug message - - It may produced one debugging line for each SSL transaction in some cases ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3(a)treenet.co.nz-20160521172919-du6cbdirqcxdjbtr -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 76c2e864289dabb1065c470c954f9fc5ec4c7b4f -# timestamp: 2016-05-21 17:50:54 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3(a)treenet.co.nz-20160521155202-\ -# pp53utwamdhkugvg -# -# Begin patch -=== modified file 'src/ssl/PeerConnector.cc' ---- src/ssl/PeerConnector.cc 2016-02-15 11:29:50 +0000 -+++ src/ssl/PeerConnector.cc 2016-05-21 17:29:19 +0000 -@@ -598,7 +598,7 @@ - - case SSL_ERROR_WANT_WRITE: - if ((srvBio->bumpMode() == Ssl::bumpPeek || srvBio->bumpMode() == Ssl::bumpStare) && srvBio->holdWrite()) { -- debugs(81, DBG_IMPORTANT, "hold write on SSL connection on FD " << fd); -+ debugs(81, 3, "hold write on SSL connection on FD " << fd); - checkForPeekAndSplice(); - return; - } - diff --git a/src/patches/squid/squid-3.5-14067.patch b/src/patches/squid/squid-3.5-14067.patch new file mode 100644 index 0000000..8d9cb21 --- /dev/null +++ b/src/patches/squid/squid-3.5-14067.patch @@ -0,0 +1,381 @@ +------------------------------------------------------------ +revno: 14067 +revision-id: squid3(a)treenet.co.nz-20160723071620-1wzqpbyi1rk5w6vg +parent: squid3(a)treenet.co.nz-20160701113616-vpjak1pq4uecadd2 +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4534 +committer: Amos Jeffries <squid3(a)treenet.co.nz> +branch nick: 3.5 +timestamp: Sat 2016-07-23 19:16:20 +1200 +message: + Bug 4534: assertion failure in xcalloc when using many cache_dir +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3(a)treenet.co.nz-20160723071620-1wzqpbyi1rk5w6vg +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: fcd663f0fd4a24d505f81eb94ef95d627a4ca363 +# timestamp: 2016-07-23 07:24:01 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3(a)treenet.co.nz-20160701113616-\ +# vpjak1pq4uecadd2 +# +# Begin patch +=== modified file 'src/CacheDigest.cc' +--- src/CacheDigest.cc 2016-01-01 00:14:27 +0000 ++++ src/CacheDigest.cc 2016-07-23 07:16:20 +0000 +@@ -35,12 +35,12 @@ + static uint32_t hashed_keys[4]; + + static void +-cacheDigestInit(CacheDigest * cd, int capacity, int bpe) ++cacheDigestInit(CacheDigest * cd, uint64_t capacity, uint8_t bpe) + { +- const size_t mask_size = cacheDigestCalcMaskSize(capacity, bpe); ++ const uint32_t mask_size = cacheDigestCalcMaskSize(capacity, bpe); + assert(cd); + assert(capacity > 0 && bpe > 0); +- assert(mask_size > 0); ++ assert(mask_size != 0); + cd->capacity = capacity; + cd->bits_per_entry = bpe; + cd->mask_size = mask_size; +@@ -50,7 +50,7 @@ + } + + CacheDigest * +-cacheDigestCreate(int capacity, int bpe) ++cacheDigestCreate(uint64_t capacity, uint8_t bpe) + { + CacheDigest *cd = (CacheDigest *)memAllocate(MEM_CACHE_DIGEST); + assert(SQUID_MD5_DIGEST_LENGTH == 16); /* our hash functions rely on 16 byte keys */ +@@ -97,7 +97,7 @@ + + /* changes mask size, resets bits to 0, preserves "cd" pointer */ + void +-cacheDigestChangeCap(CacheDigest * cd, int new_cap) ++cacheDigestChangeCap(CacheDigest * cd, uint64_t new_cap) + { + assert(cd); + cacheDigestClean(cd); +@@ -278,12 +278,12 @@ + storeAppendPrintf(e, "%s digest: size: %d bytes\n", + label ? label : "", stats.bit_count / 8 + ); +- storeAppendPrintf(e, "\t entries: count: %d capacity: %d util: %d%%\n", ++ storeAppendPrintf(e, "\t entries: count: %" PRIu64 " capacity: %" PRIu64 " util: %d%%\n", + cd->count, + cd->capacity, + xpercentInt(cd->count, cd->capacity) + ); +- storeAppendPrintf(e, "\t deletion attempts: %d\n", ++ storeAppendPrintf(e, "\t deletion attempts: %" PRIu64 "\n", + cd->del_count + ); + storeAppendPrintf(e, "\t bits: per entry: %d on: %d capacity: %d util: %d%%\n", +@@ -297,16 +297,18 @@ + ); + } + +-size_t +-cacheDigestCalcMaskSize(int cap, int bpe) ++uint32_t ++cacheDigestCalcMaskSize(uint64_t cap, uint8_t bpe) + { +- return (size_t) (cap * bpe + 7) / 8; ++ uint64_t bitCount = (cap * bpe) + 7; ++ assert(bitCount < INT_MAX); // dont 31-bit overflow later ++ return static_cast<uint32_t>(bitCount / 8); + } + + static void + cacheDigestHashKey(const CacheDigest * cd, const cache_key * key) + { +- const unsigned int bit_count = cd->mask_size * 8; ++ const uint32_t bit_count = cd->mask_size * 8; + unsigned int tmp_keys[4]; + /* we must memcpy to ensure alignment */ + memcpy(tmp_keys, key, sizeof(tmp_keys)); + +=== modified file 'src/CacheDigest.h' +--- src/CacheDigest.h 2016-01-01 00:14:27 +0000 ++++ src/CacheDigest.h 2016-07-23 07:16:20 +0000 +@@ -22,23 +22,23 @@ + { + public: + /* public, read-only */ +- char *mask; /* bit mask */ +- int mask_size; /* mask size in bytes */ +- int capacity; /* expected maximum for .count, not a hard limit */ +- int bits_per_entry; /* number of bits allocated for each entry from capacity */ +- int count; /* number of digested entries */ +- int del_count; /* number of deletions performed so far */ ++ uint64_t count; /* number of digested entries */ ++ uint64_t del_count; /* number of deletions performed so far */ ++ uint64_t capacity; /* expected maximum for .count, not a hard limit */ ++ char *mask; /* bit mask */ ++ uint32_t mask_size; /* mask size in bytes */ ++ int8_t bits_per_entry; /* number of bits allocated for each entry from capacity */ + }; + +-CacheDigest *cacheDigestCreate(int capacity, int bpe); ++CacheDigest *cacheDigestCreate(uint64_t capacity, uint8_t bpe); + void cacheDigestDestroy(CacheDigest * cd); + CacheDigest *cacheDigestClone(const CacheDigest * cd); + void cacheDigestClear(CacheDigest * cd); +-void cacheDigestChangeCap(CacheDigest * cd, int new_cap); ++void cacheDigestChangeCap(CacheDigest * cd, uint64_t new_cap); + int cacheDigestTest(const CacheDigest * cd, const cache_key * key); + void cacheDigestAdd(CacheDigest * cd, const cache_key * key); + void cacheDigestDel(CacheDigest * cd, const cache_key * key); +-size_t cacheDigestCalcMaskSize(int cap, int bpe); ++uint32_t cacheDigestCalcMaskSize(uint64_t cap, uint8_t bpe); + int cacheDigestBitUtil(const CacheDigest * cd); + void cacheDigestGuessStatsUpdate(CacheDigestGuessStats * stats, int real_hit, int guess_hit); + void cacheDigestGuessStatsReport(const CacheDigestGuessStats * stats, StoreEntry * sentry, const char *label); + +=== modified file 'src/PeerDigest.h' +--- src/PeerDigest.h 2016-01-01 00:14:27 +0000 ++++ src/PeerDigest.h 2016-07-23 07:16:20 +0000 +@@ -52,7 +52,7 @@ + store_client *old_sc; + HttpRequest *request; + int offset; +- int mask_offset; ++ uint32_t mask_offset; + time_t start_time; + time_t resp_time; + time_t expires; + +=== modified file 'src/peer_digest.cc' +--- src/peer_digest.cc 2016-01-01 00:14:27 +0000 ++++ src/peer_digest.cc 2016-07-23 07:16:20 +0000 +@@ -754,7 +754,7 @@ + if (!reason && !size) { + if (!pd->cd) + reason = "null digest?!"; +- else if (fetch->mask_offset != (int)pd->cd->mask_size) ++ else if (fetch->mask_offset != pd->cd->mask_size) + reason = "premature end of digest?!"; + else if (!peerDigestUseful(pd)) + reason = "useless digest"; + +=== modified file 'src/store_digest.cc' +--- src/store_digest.cc 2016-01-01 00:14:27 +0000 ++++ src/store_digest.cc 2016-07-23 07:16:20 +0000 +@@ -76,36 +76,63 @@ + static void storeDigestRewriteFinish(StoreEntry * e); + static EVH storeDigestSwapOutStep; + static void storeDigestCBlockSwapOut(StoreEntry * e); +-static int storeDigestCalcCap(void); +-static int storeDigestResize(void); + static void storeDigestAdd(const StoreEntry *); + ++/// calculates digest capacity ++static uint64_t ++storeDigestCalcCap() ++{ ++ /* ++ * To-Do: Bloom proved that the optimal filter utilization is 50% (half of ++ * the bits are off). However, we do not have a formula to calculate the ++ * number of _entries_ we want to pre-allocate for. ++ */ ++ const uint64_t hi_cap = Store::Root().maxSize() / Config.Store.avgObjectSize; ++ const uint64_t lo_cap = 1 + Store::Root().currentSize() / Config.Store.avgObjectSize; ++ const uint64_t e_count = StoreEntry::inUseCount(); ++ uint64_t cap = e_count ? e_count : hi_cap; ++ debugs(71, 2, "have: " << e_count << ", want " << cap << ++ " entries; limits: [" << lo_cap << ", " << hi_cap << "]"); ++ ++ if (cap < lo_cap) ++ cap = lo_cap; ++ ++ /* do not enforce hi_cap limit, average-based estimation may be wrong ++ *if (cap > hi_cap) ++ * cap = hi_cap; ++ */ ++ ++ // Bug 4534: we still have to set an upper-limit at some reasonable value though. ++ // this matches cacheDigestCalcMaskSize doing (cap*bpe)+7 < INT_MAX ++ const uint64_t absolute_max = (INT_MAX -8) / Config.digest.bits_per_entry; ++ if (cap > absolute_max) { ++ static time_t last_loud = 0; ++ if (last_loud < squid_curtime - 86400) { ++ debugs(71, DBG_IMPORTANT, "WARNING: Cache Digest cannot store " << cap << " entries. Limiting to " << absolute_max); ++ last_loud = squid_curtime; ++ } else { ++ debugs(71, 3, "WARNING: Cache Digest cannot store " << cap << " entries. Limiting to " << absolute_max); ++ } ++ cap = absolute_max; ++ } ++ ++ return cap; ++} + #endif /* USE_CACHE_DIGESTS */ + +-static void +-storeDigestRegisterWithCacheManager(void) ++void ++storeDigestInit(void) + { + Mgr::RegisterAction("store_digest", "Store Digest", storeDigestReport, 0, 1); +-} +- +-/* +- * PUBLIC FUNCTIONS +- */ +- +-void +-storeDigestInit(void) +-{ +- storeDigestRegisterWithCacheManager(); + + #if USE_CACHE_DIGESTS +- const int cap = storeDigestCalcCap(); +- + if (!Config.onoff.digest_generation) { + store_digest = NULL; + debugs(71, 3, "Local cache digest generation disabled"); + return; + } + ++ const uint64_t cap = storeDigestCalcCap(); + store_digest = cacheDigestCreate(cap, Config.digest.bits_per_entry); + debugs(71, DBG_IMPORTANT, "Local cache digest enabled; rebuild/rewrite every " << + (int) Config.digest.rebuild_period << "/" << +@@ -290,6 +317,31 @@ + storeDigestRebuildResume(); + } + ++/// \returns true if we actually resized the digest ++static bool ++storeDigestResize() ++{ ++ const uint64_t cap = storeDigestCalcCap(); ++ assert(store_digest); ++ uint64_t diff; ++ if (cap > store_digest->capacity) ++ diff = cap - store_digest->capacity; ++ else ++ diff = store_digest->capacity - cap; ++ debugs(71, 2, store_digest->capacity << " -> " << cap << "; change: " << ++ diff << " (" << xpercentInt(diff, store_digest->capacity) << "%)" ); ++ /* avoid minor adjustments */ ++ ++ if (diff <= store_digest->capacity / 10) { ++ debugs(71, 2, "small change, will not resize."); ++ return false; ++ } else { ++ debugs(71, 2, "big change, resizing."); ++ cacheDigestChangeCap(store_digest, cap); ++ } ++ return true; ++} ++ + /* called be Rewrite to push Rebuild forward */ + static void + storeDigestRebuildResume(void) +@@ -439,7 +491,7 @@ + assert(e); + /* _add_ check that nothing bad happened while we were waiting @?@ @?@ */ + +- if (sd_state.rewrite_offset + chunk_size > store_digest->mask_size) ++ if (static_cast<uint32_t>(sd_state.rewrite_offset + chunk_size) > store_digest->mask_size) + chunk_size = store_digest->mask_size - sd_state.rewrite_offset; + + e->append(store_digest->mask + sd_state.rewrite_offset, chunk_size); +@@ -451,7 +503,7 @@ + sd_state.rewrite_offset += chunk_size; + + /* are we done ? */ +- if (sd_state.rewrite_offset >= store_digest->mask_size) ++ if (static_cast<uint32_t>(sd_state.rewrite_offset) >= store_digest->mask_size) + storeDigestRewriteFinish(e); + else + eventAdd("storeDigestSwapOutStep", storeDigestSwapOutStep, data, 0.0, 1, false); +@@ -467,60 +519,10 @@ + sd_state.cblock.count = htonl(store_digest->count); + sd_state.cblock.del_count = htonl(store_digest->del_count); + sd_state.cblock.mask_size = htonl(store_digest->mask_size); +- sd_state.cblock.bits_per_entry = (unsigned char) +- Config.digest.bits_per_entry; ++ sd_state.cblock.bits_per_entry = Config.digest.bits_per_entry; + sd_state.cblock.hash_func_count = (unsigned char) CacheDigestHashFuncCount; + e->append((char *) &sd_state.cblock, sizeof(sd_state.cblock)); + } + +-/* calculates digest capacity */ +-static int +-storeDigestCalcCap(void) +-{ +- /* +- * To-Do: Bloom proved that the optimal filter utilization is 50% (half of +- * the bits are off). However, we do not have a formula to calculate the +- * number of _entries_ we want to pre-allocate for. +- */ +- const int hi_cap = Store::Root().maxSize() / Config.Store.avgObjectSize; +- const int lo_cap = 1 + Store::Root().currentSize() / Config.Store.avgObjectSize; +- const int e_count = StoreEntry::inUseCount(); +- int cap = e_count ? e_count :hi_cap; +- debugs(71, 2, "storeDigestCalcCap: have: " << e_count << ", want " << cap << +- " entries; limits: [" << lo_cap << ", " << hi_cap << "]"); +- +- if (cap < lo_cap) +- cap = lo_cap; +- +- /* do not enforce hi_cap limit, average-based estimation may be wrong +- *if (cap > hi_cap) +- * cap = hi_cap; +- */ +- return cap; +-} +- +-/* returns true if we actually resized the digest */ +-static int +-storeDigestResize(void) +-{ +- const int cap = storeDigestCalcCap(); +- int diff; +- assert(store_digest); +- diff = abs(cap - store_digest->capacity); +- debugs(71, 2, "storeDigestResize: " << +- store_digest->capacity << " -> " << cap << "; change: " << +- diff << " (" << xpercentInt(diff, store_digest->capacity) << "%)" ); +- /* avoid minor adjustments */ +- +- if (diff <= store_digest->capacity / 10) { +- debugs(71, 2, "storeDigestResize: small change, will not resize."); +- return 0; +- } else { +- debugs(71, 2, "storeDigestResize: big change, resizing."); +- cacheDigestChangeCap(store_digest, cap); +- return 1; +- } +-} +- + #endif /* USE_CACHE_DIGESTS */ + + +=== modified file 'src/tests/stub_CacheDigest.cc' +--- src/tests/stub_CacheDigest.cc 2016-01-01 00:14:27 +0000 ++++ src/tests/stub_CacheDigest.cc 2016-07-23 07:16:20 +0000 +@@ -16,11 +16,11 @@ + class CacheDigestGuessStats; + class StoreEntry; + +-CacheDigest * cacheDigestCreate(int, int) STUB_RETVAL(NULL) ++CacheDigest * cacheDigestCreate(uint64_t, uint8_t) STUB_RETVAL(NULL) + void cacheDigestDestroy(CacheDigest *) STUB + CacheDigest * cacheDigestClone(const CacheDigest *) STUB_RETVAL(NULL) + void cacheDigestClear(CacheDigest * ) STUB +-void cacheDigestChangeCap(CacheDigest *,int) STUB ++void cacheDigestChangeCap(CacheDigest *,uint64_t) STUB + int cacheDigestTest(const CacheDigest *, const cache_key *) STUB_RETVAL(1) + void cacheDigestAdd(CacheDigest *, const cache_key *) STUB + void cacheDigestDel(CacheDigest *, const cache_key *) STUB +@@ -28,5 +28,4 @@ + void cacheDigestGuessStatsUpdate(CacheDigestGuessStats *, int, int) STUB + void cacheDigestGuessStatsReport(const CacheDigestGuessStats *, StoreEntry *, const char *) STUB + void cacheDigestReport(CacheDigest *, const char *, StoreEntry *) STUB +-size_t cacheDigestCalcMaskSize(int, int) STUB_RETVAL(1) +- ++uint32_t cacheDigestCalcMaskSize(uint64_t, uint8_t) STUB_RETVAL(1) + diff --git a/src/patches/squid/squid-3.5-14068.patch b/src/patches/squid/squid-3.5-14068.patch new file mode 100644 index 0000000..4766e00 --- /dev/null +++ b/src/patches/squid/squid-3.5-14068.patch @@ -0,0 +1,35 @@ +------------------------------------------------------------ +revno: 14068 +revision-id: squid3(a)treenet.co.nz-20160723071930-cemledcltg8pkc28 +parent: squid3(a)treenet.co.nz-20160723071620-1wzqpbyi1rk5w6vg +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4542 +author: Anonymous <bigparrot(a)pirateperfection.com> +committer: Amos Jeffries <squid3(a)treenet.co.nz> +branch nick: 3.5 +timestamp: Sat 2016-07-23 19:19:30 +1200 +message: + Bug #4542: authentication credentials IP TTL updated incorrectly +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3(a)treenet.co.nz-20160723071930-cemledcltg8pkc28 +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: ee0c6aab5414532d9554ef338cce049263902fd8 +# timestamp: 2016-07-23 07:24:05 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3(a)treenet.co.nz-20160723071620-\ +# 1wzqpbyi1rk5w6vg +# +# Begin patch +=== modified file 'src/auth/User.cc' +--- src/auth/User.cc 2016-01-01 00:14:27 +0000 ++++ src/auth/User.cc 2016-07-23 07:19:30 +0000 +@@ -284,7 +284,7 @@ + /* This ip has already been seen. */ + found = 1; + /* update IP ttl */ +- ipdata->ip_expiretime = squid_curtime; ++ ipdata->ip_expiretime = squid_curtime + ::Config.authenticateIpTTL; + } else if (ipdata->ip_expiretime <= squid_curtime) { + /* This IP has expired - remove from the seen list */ + dlinkDelete(&ipdata->node, &ip_list); + diff --git a/src/patches/squid/squid-3.5-14069.patch b/src/patches/squid/squid-3.5-14069.patch new file mode 100644 index 0000000..15ca37a --- /dev/null +++ b/src/patches/squid/squid-3.5-14069.patch @@ -0,0 +1,30 @@ +------------------------------------------------------------ +revno: 14069 +revision-id: squidadm(a)squid-cache.org-20160723121351-iuc8hwstrqd0l1dv +parent: squid3(a)treenet.co.nz-20160723071930-cemledcltg8pkc28 +committer: Source Maintenance <squidadm(a)squid-cache.org> +branch nick: 3.5 +timestamp: Sat 2016-07-23 12:13:51 +0000 +message: + SourceFormat Enforcement +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squidadm(a)squid-cache.org-20160723121351-\ +# iuc8hwstrqd0l1dv +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: c9e37a723686ae2ee489ba7ec2e981ae153bda28 +# timestamp: 2016-07-23 12:50:56 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3(a)treenet.co.nz-20160723071930-\ +# cemledcltg8pkc28 +# +# Begin patch +=== modified file 'src/tests/stub_CacheDigest.cc' +--- src/tests/stub_CacheDigest.cc 2016-07-23 07:16:20 +0000 ++++ src/tests/stub_CacheDigest.cc 2016-07-23 12:13:51 +0000 +@@ -29,3 +29,4 @@ + void cacheDigestGuessStatsReport(const CacheDigestGuessStats *, StoreEntry *, const char *) STUB + void cacheDigestReport(CacheDigest *, const char *, StoreEntry *) STUB + uint32_t cacheDigestCalcMaskSize(uint64_t, uint8_t) STUB_RETVAL(1) ++ + diff --git a/src/patches/squid/squid-3.5-14070.patch b/src/patches/squid/squid-3.5-14070.patch new file mode 100644 index 0000000..5fcc39f --- /dev/null +++ b/src/patches/squid/squid-3.5-14070.patch @@ -0,0 +1,44 @@ +------------------------------------------------------------ +revno: 14070 +revision-id: squid3(a)treenet.co.nz-20160805145933-0cpyy47o8955lamx +parent: squidadm(a)squid-cache.org-20160723121351-iuc8hwstrqd0l1dv +author: Christos Tsantilas <chtsanti(a)users.sourceforge.net> +committer: Amos Jeffries <squid3(a)treenet.co.nz> +branch nick: 3.5 +timestamp: Sat 2016-08-06 02:59:33 +1200 +message: + Squid segfault via Ftp::Client::readControlReply(). + + Ftp::Client::scheduleReadControlReply(), which may called from the + asynchronous start() or readControlReply()/handleControlReply() + handlers, does not check whether the control connection is still usable + before using it. + + This is a Measurement Factory project. +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3(a)treenet.co.nz-20160805145933-0cpyy47o8955lamx +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: 1c21ce821f9cbc22b3e8ff2b1029f7084b5f0643 +# timestamp: 2016-08-05 15:00:22 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squidadm(a)squid-cache.org-20160723121351-\ +# iuc8hwstrqd0l1dv +# +# Begin patch +=== modified file 'src/clients/FtpClient.cc' +--- src/clients/FtpClient.cc 2016-02-19 23:15:41 +0000 ++++ src/clients/FtpClient.cc 2016-08-05 14:59:33 +0000 +@@ -314,6 +314,11 @@ + /* We've already read some reply data */ + handleControlReply(); + } else { ++ ++ if (!Comm::IsConnOpen(ctrl.conn)) { ++ debugs(9, 3, "cannot read without ctrl " << ctrl.conn); ++ return; ++ } + /* + * Cancel the timeout on the Data socket (if any) and + * establish one on the control socket. + diff --git a/src/patches/squid/squid-3.5-14071.patch b/src/patches/squid/squid-3.5-14071.patch new file mode 100644 index 0000000..6b353ea --- /dev/null +++ b/src/patches/squid/squid-3.5-14071.patch @@ -0,0 +1,70 @@ +------------------------------------------------------------ +revno: 14071 +revision-id: squid3(a)treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3 +parent: squid3(a)treenet.co.nz-20160805145933-0cpyy47o8955lamx +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4428 +committer: Amos Jeffries <squid3(a)treenet.co.nz> +branch nick: 3.5 +timestamp: Wed 2016-08-17 14:55:01 +1200 +message: + Bug 4428: mal-formed Cache-Control:stale-if-error header +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3(a)treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3 +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: b3b3ef13c45062a97bd5cc88c934019fe4af7a3c +# timestamp: 2016-08-17 02:55:20 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3(a)treenet.co.nz-20160805145933-\ +# 0cpyy47o8955lamx +# +# Begin patch +=== modified file 'src/HttpHdrCc.cc' +--- src/HttpHdrCc.cc 2016-01-01 00:14:27 +0000 ++++ src/HttpHdrCc.cc 2016-08-17 02:55:01 +0000 +@@ -257,6 +257,27 @@ + + /* for all options having values, "=value" after the name */ + switch (flag) { ++ case CC_BADHDR: ++ break; ++ case CC_PUBLIC: ++ break; ++ case CC_PRIVATE: ++ if (Private().size()) ++ packerPrintf(p, "=\"" SQUIDSTRINGPH "\"", SQUIDSTRINGPRINT(Private())); ++ break; ++ ++ case CC_NO_CACHE: ++ if (noCache().size()) ++ packerPrintf(p, "=\"" SQUIDSTRINGPH "\"", SQUIDSTRINGPRINT(noCache())); ++ break; ++ case CC_NO_STORE: ++ break; ++ case CC_NO_TRANSFORM: ++ break; ++ case CC_MUST_REVALIDATE: ++ break; ++ case CC_PROXY_REVALIDATE: ++ break; + case CC_MAX_AGE: + packerPrintf(p, "=%d", (int) maxAge()); + break; +@@ -272,8 +293,14 @@ + case CC_MIN_FRESH: + packerPrintf(p, "=%d", (int) minFresh()); + break; +- default: +- /* do nothing, directive was already printed */ ++ case CC_ONLY_IF_CACHED: ++ break; ++ case CC_STALE_IF_ERROR: ++ packerPrintf(p, "=%d", staleIfError()); ++ break; ++ case CC_OTHER: ++ case CC_ENUM_END: ++ // done below after the loop + break; + } + + diff --git a/src/patches/squid/squid-3.5-14072.patch b/src/patches/squid/squid-3.5-14072.patch new file mode 100644 index 0000000..228e773 --- /dev/null +++ b/src/patches/squid/squid-3.5-14072.patch @@ -0,0 +1,33 @@ +------------------------------------------------------------ +revno: 14072 +revision-id: squid3(a)treenet.co.nz-20160817025828-s4102klt2ei25tsm +parent: squid3(a)treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3 +committer: Amos Jeffries <squid3(a)treenet.co.nz> +branch nick: 3.5 +timestamp: Wed 2016-08-17 14:58:28 +1200 +message: + Fix SSL-Bump failure results in SEGFAULT +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3(a)treenet.co.nz-20160817025828-s4102klt2ei25tsm +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: 73877d276fba41282aeb5973207d02851d5eb784 +# timestamp: 2016-08-17 03:50:56 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3(a)treenet.co.nz-20160817025501-\ +# e66sjxm0bfy3ksn3 +# +# Begin patch +=== modified file 'src/client_side_request.cc' +--- src/client_side_request.cc 2016-05-06 08:24:29 +0000 ++++ src/client_side_request.cc 2016-08-17 02:58:28 +0000 +@@ -1811,7 +1811,7 @@ + repContext->setReplyToStoreEntry(e, "immediate SslBump error"); + errorAppendEntry(e, calloutContext->error); + calloutContext->error = NULL; +- if (calloutContext->readNextRequest) ++ if (calloutContext->readNextRequest && getConn()) + getConn()->flags.readMore = true; // resume any pipeline reads. + node = (clientStreamNode *)client_stream.tail->data; + clientStreamRead(node, this, node->readBuffer); + diff --git a/src/patches/squid/squid-3.5-14073.patch b/src/patches/squid/squid-3.5-14073.patch new file mode 100644 index 0000000..b7915a4 --- /dev/null +++ b/src/patches/squid/squid-3.5-14073.patch @@ -0,0 +1,151 @@ +------------------------------------------------------------ +revno: 14073 +revision-id: squid3(a)treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj +parent: squid3(a)treenet.co.nz-20160817025828-s4102klt2ei25tsm +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4563 +committer: Amos Jeffries <squid3(a)treenet.co.nz> +branch nick: 3.5 +timestamp: Wed 2016-08-17 17:10:37 +1200 +message: + Bug 4563: duplicate code in httpMakeVaryMark +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3(a)treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: bba9a17715b8759e9d70db2c75f70f3c6152ae8a +# timestamp: 2016-08-17 05:50:53 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3(a)treenet.co.nz-20160817025828-\ +# s4102klt2ei25tsm +# +# Begin patch +=== modified file 'src/http.cc' +--- src/http.cc 2016-04-01 06:15:31 +0000 ++++ src/http.cc 2016-08-17 05:10:37 +0000 +@@ -572,6 +572,38 @@ + /* NOTREACHED */ + } + ++/// assemble a variant key (vary-mark) from the given Vary header and HTTP request ++static void ++assembleVaryKey(String &vary, SBuf &vstr, const HttpRequest &request) ++{ ++ static const SBuf asterisk("*"); ++ const char *pos = nullptr; ++ const char *item = nullptr; ++ int ilen = 0; ++ ++ while (strListGetItem(&vary, ',', &item, &ilen, &pos)) { ++ SBuf name(item, ilen); ++ if (name == asterisk) { ++ vstr.clear(); ++ break; ++ } ++ name.toLower(); ++ if (!vstr.isEmpty()) ++ vstr.append(", ", 2); ++ vstr.append(name); ++ String hdr(request.header.getByName(name.c_str())); ++ const char *value = hdr.termedBuf(); ++ if (value) { ++ value = rfc1738_escape_part(value); ++ vstr.append("=\"", 2); ++ vstr.append(value); ++ vstr.append("\"", 1); ++ } ++ ++ hdr.clean(); ++ } ++} ++ + /* + * For Vary, store the relevant request headers as + * virtual headers in the reply +@@ -580,81 +612,16 @@ + SBuf + httpMakeVaryMark(HttpRequest * request, HttpReply const * reply) + { +- String vary, hdr; +- const char *pos = NULL; +- const char *item; +- const char *value; +- int ilen; + SBuf vstr; +- static const SBuf asterisk("*"); ++ String vary; + + vary = reply->header.getList(HDR_VARY); +- +- while (strListGetItem(&vary, ',', &item, &ilen, &pos)) { +- char *name = (char *)xmalloc(ilen + 1); +- xstrncpy(name, item, ilen + 1); +- Tolower(name); +- +- if (strcmp(name, "*") == 0) { +- /* Can not handle "Vary: *" withtout ETag support */ +- safe_free(name); +- vstr.clear(); +- break; +- } +- +- if (!vstr.isEmpty()) +- vstr.append(", ", 2); +- vstr.append(name); +- hdr = request->header.getByName(name); +- safe_free(name); +- value = hdr.termedBuf(); +- +- if (value) { +- value = rfc1738_escape_part(value); +- vstr.append("=\"", 2); +- vstr.append(value); +- vstr.append("\"", 1); +- } +- +- hdr.clean(); +- } +- ++ assembleVaryKey(vary, vstr, *request); ++ ++#if X_ACCELERATOR_VARY + vary.clean(); +-#if X_ACCELERATOR_VARY +- +- pos = NULL; + vary = reply->header.getList(HDR_X_ACCELERATOR_VARY); +- +- while (strListGetItem(&vary, ',', &item, &ilen, &pos)) { +- char *name = (char *)xmalloc(ilen + 1); +- xstrncpy(name, item, ilen + 1); +- Tolower(name); +- +- if (strcmp(name, "*") == 0) { +- /* Can not handle "Vary: *" withtout ETag support */ +- safe_free(name); +- vstr.clear(); +- break; +- } +- +- if (!vstr.isEmpty()) +- vstr.append(", ", 2); +- vstr.append(name); +- hdr = request->header.getByName(name); +- safe_free(name); +- value = hdr.termedBuf(); +- +- if (value) { +- value = rfc1738_escape_part(value); +- vstr.append("=\"", 2); +- vstr.append(value); +- vstr.append("\"", 1); +- } +- +- hdr.clean(); +- } +- +- vary.clean(); ++ assembleVaryKey(vary, vstr, *request); + #endif + + debugs(11, 3, vstr); + diff --git a/src/patches/squid/squid-3.5-14074.patch b/src/patches/squid/squid-3.5-14074.patch new file mode 100644 index 0000000..dbafbf0 --- /dev/null +++ b/src/patches/squid/squid-3.5-14074.patch @@ -0,0 +1,55 @@ +------------------------------------------------------------ +revno: 14074 +revision-id: squid3(a)treenet.co.nz-20160817054829-rl7q49ysi40sj01i +parent: squid3(a)treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3025 +author: mkishi <mkishi(a)104.net> +committer: Amos Jeffries <squid3(a)treenet.co.nz> +branch nick: 3.5 +timestamp: Wed 2016-08-17 17:48:29 +1200 +message: + Bug 3025: Proxy-Authenticate problem using ICAP server +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3(a)treenet.co.nz-20160817054829-rl7q49ysi40sj01i +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: f4eb1b35dc72bba74a398070900a0951257e547e +# timestamp: 2016-08-17 05:50:56 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3(a)treenet.co.nz-20160817051037-\ +# p0kaj2iw2u4u8iqj +# +# Begin patch +=== modified file 'src/client_side_reply.cc' +--- src/client_side_reply.cc 2016-04-01 06:15:31 +0000 ++++ src/client_side_reply.cc 2016-08-17 05:48:29 +0000 +@@ -1305,8 +1305,14 @@ + + // if there is not configured a peer proxy with login=PASS or login=PASSTHRU option enabled + // remove the Proxy-Authenticate header +- if ( !request->peer_login || (strcmp(request->peer_login,"PASS") != 0 && strcmp(request->peer_login,"PASSTHRU") != 0)) +- reply->header.delById(HDR_PROXY_AUTHENTICATE); ++ if ( !request->peer_login || (strcmp(request->peer_login,"PASS") != 0 && strcmp(request->peer_login,"PASSTHRU") != 0)) { ++#if USE_ADAPTATION ++ // but allow adaptation services to authenticate clients ++ // via request satisfaction ++ if (!http->requestSatisfactionMode()) ++#endif ++ reply->header.delById(HDR_PROXY_AUTHENTICATE); ++ } + + reply->header.removeHopByHopEntries(); + + +=== modified file 'src/client_side_request.h' +--- src/client_side_request.h 2016-01-01 00:14:27 +0000 ++++ src/client_side_request.h 2016-08-17 05:48:29 +0000 +@@ -140,6 +140,7 @@ + + public: + void startAdaptation(const Adaptation::ServiceGroupPointer &g); ++ bool requestSatisfactionMode() const { return request_satisfaction_mode; } + + // private but exposed for ClientRequestContext + void handleAdaptationFailure(int errDetail, bool bypassable = false); + diff --git a/src/patches/squid/squid-3.5-14075.patch b/src/patches/squid/squid-3.5-14075.patch new file mode 100644 index 0000000..8c0b5a3 --- /dev/null +++ b/src/patches/squid/squid-3.5-14075.patch @@ -0,0 +1,38 @@ +------------------------------------------------------------ +revno: 14075 +revision-id: squid3(a)treenet.co.nz-20160817133413-vdmm0d6kvo8bfszk +parent: squid3(a)treenet.co.nz-20160817054829-rl7q49ysi40sj01i +committer: Amos Jeffries <squid3(a)treenet.co.nz> +branch nick: 3.5 +timestamp: Thu 2016-08-18 01:34:13 +1200 +message: + Fix logic error in rev.13930 + + Using !=0 on both string compares means any login= value will permit + 40x responses through. Only PASS and PASSTHRU should be doing that. + + Detected by Coverity Scan. Issue 1364711 +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3(a)treenet.co.nz-20160817133413-vdmm0d6kvo8bfszk +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: 31f0c4e0f435e0aa994ffe8937e4d4c58fed37f5 +# timestamp: 2016-08-17 13:34:59 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3(a)treenet.co.nz-20160817054829-\ +# rl7q49ysi40sj01i +# +# Begin patch +=== modified file 'src/tunnel.cc' +--- src/tunnel.cc 2016-01-01 00:14:27 +0000 ++++ src/tunnel.cc 2016-08-17 13:34:13 +0000 +@@ -476,7 +476,7 @@ + + // we need to relay the 401/407 responses when login=PASS(THRU) + const char *pwd = server.conn->getPeer()->login; +- const bool relay = pwd && (strcmp(pwd, "PASS") != 0 || strcmp(pwd, "PASSTHRU") != 0) && ++ const bool relay = pwd && (strcmp(pwd, "PASS") == 0 || strcmp(pwd, "PASSTHRU") == 0) && + (*status_ptr == Http::scProxyAuthenticationRequired || + *status_ptr == Http::scUnauthorized); + + -- 2.9.3

1 0

[PATCH] squid 3.5.20: latest patches from upstream
by Matthias Fischer 18 Aug '16

18 Aug '16

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- lfs/squid | 3 + src/patches/squid/squid-3.5-14067.patch | 381 ++++++++++++++++++++++++++++++++ src/patches/squid/squid-3.5-14068.patch | 35 +++ src/patches/squid/squid-3.5-14069.patch | 30 +++ 4 files changed, 449 insertions(+) create mode 100644 src/patches/squid/squid-3.5-14067.patch create mode 100644 src/patches/squid/squid-3.5-14068.patch create mode 100644 src/patches/squid/squid-3.5-14069.patch diff --git a/lfs/squid b/lfs/squid index 5bc976e..a88f0c5 100644 --- a/lfs/squid +++ b/lfs/squid @@ -70,6 +70,9 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14067.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14068.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14069.patch cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.17-fix-max-file-descriptors.patch cd $(DIR_APP) && autoreconf -vfi diff --git a/src/patches/squid/squid-3.5-14067.patch b/src/patches/squid/squid-3.5-14067.patch new file mode 100644 index 0000000..8d9cb21 --- /dev/null +++ b/src/patches/squid/squid-3.5-14067.patch @@ -0,0 +1,381 @@ +------------------------------------------------------------ +revno: 14067 +revision-id: squid3(a)treenet.co.nz-20160723071620-1wzqpbyi1rk5w6vg +parent: squid3(a)treenet.co.nz-20160701113616-vpjak1pq4uecadd2 +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4534 +committer: Amos Jeffries <squid3(a)treenet.co.nz> +branch nick: 3.5 +timestamp: Sat 2016-07-23 19:16:20 +1200 +message: + Bug 4534: assertion failure in xcalloc when using many cache_dir +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3(a)treenet.co.nz-20160723071620-1wzqpbyi1rk5w6vg +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: fcd663f0fd4a24d505f81eb94ef95d627a4ca363 +# timestamp: 2016-07-23 07:24:01 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3(a)treenet.co.nz-20160701113616-\ +# vpjak1pq4uecadd2 +# +# Begin patch +=== modified file 'src/CacheDigest.cc' +--- src/CacheDigest.cc 2016-01-01 00:14:27 +0000 ++++ src/CacheDigest.cc 2016-07-23 07:16:20 +0000 +@@ -35,12 +35,12 @@ + static uint32_t hashed_keys[4]; + + static void +-cacheDigestInit(CacheDigest * cd, int capacity, int bpe) ++cacheDigestInit(CacheDigest * cd, uint64_t capacity, uint8_t bpe) + { +- const size_t mask_size = cacheDigestCalcMaskSize(capacity, bpe); ++ const uint32_t mask_size = cacheDigestCalcMaskSize(capacity, bpe); + assert(cd); + assert(capacity > 0 && bpe > 0); +- assert(mask_size > 0); ++ assert(mask_size != 0); + cd->capacity = capacity; + cd->bits_per_entry = bpe; + cd->mask_size = mask_size; +@@ -50,7 +50,7 @@ + } + + CacheDigest * +-cacheDigestCreate(int capacity, int bpe) ++cacheDigestCreate(uint64_t capacity, uint8_t bpe) + { + CacheDigest *cd = (CacheDigest *)memAllocate(MEM_CACHE_DIGEST); + assert(SQUID_MD5_DIGEST_LENGTH == 16); /* our hash functions rely on 16 byte keys */ +@@ -97,7 +97,7 @@ + + /* changes mask size, resets bits to 0, preserves "cd" pointer */ + void +-cacheDigestChangeCap(CacheDigest * cd, int new_cap) ++cacheDigestChangeCap(CacheDigest * cd, uint64_t new_cap) + { + assert(cd); + cacheDigestClean(cd); +@@ -278,12 +278,12 @@ + storeAppendPrintf(e, "%s digest: size: %d bytes\n", + label ? label : "", stats.bit_count / 8 + ); +- storeAppendPrintf(e, "\t entries: count: %d capacity: %d util: %d%%\n", ++ storeAppendPrintf(e, "\t entries: count: %" PRIu64 " capacity: %" PRIu64 " util: %d%%\n", + cd->count, + cd->capacity, + xpercentInt(cd->count, cd->capacity) + ); +- storeAppendPrintf(e, "\t deletion attempts: %d\n", ++ storeAppendPrintf(e, "\t deletion attempts: %" PRIu64 "\n", + cd->del_count + ); + storeAppendPrintf(e, "\t bits: per entry: %d on: %d capacity: %d util: %d%%\n", +@@ -297,16 +297,18 @@ + ); + } + +-size_t +-cacheDigestCalcMaskSize(int cap, int bpe) ++uint32_t ++cacheDigestCalcMaskSize(uint64_t cap, uint8_t bpe) + { +- return (size_t) (cap * bpe + 7) / 8; ++ uint64_t bitCount = (cap * bpe) + 7; ++ assert(bitCount < INT_MAX); // dont 31-bit overflow later ++ return static_cast<uint32_t>(bitCount / 8); + } + + static void + cacheDigestHashKey(const CacheDigest * cd, const cache_key * key) + { +- const unsigned int bit_count = cd->mask_size * 8; ++ const uint32_t bit_count = cd->mask_size * 8; + unsigned int tmp_keys[4]; + /* we must memcpy to ensure alignment */ + memcpy(tmp_keys, key, sizeof(tmp_keys)); + +=== modified file 'src/CacheDigest.h' +--- src/CacheDigest.h 2016-01-01 00:14:27 +0000 ++++ src/CacheDigest.h 2016-07-23 07:16:20 +0000 +@@ -22,23 +22,23 @@ + { + public: + /* public, read-only */ +- char *mask; /* bit mask */ +- int mask_size; /* mask size in bytes */ +- int capacity; /* expected maximum for .count, not a hard limit */ +- int bits_per_entry; /* number of bits allocated for each entry from capacity */ +- int count; /* number of digested entries */ +- int del_count; /* number of deletions performed so far */ ++ uint64_t count; /* number of digested entries */ ++ uint64_t del_count; /* number of deletions performed so far */ ++ uint64_t capacity; /* expected maximum for .count, not a hard limit */ ++ char *mask; /* bit mask */ ++ uint32_t mask_size; /* mask size in bytes */ ++ int8_t bits_per_entry; /* number of bits allocated for each entry from capacity */ + }; + +-CacheDigest *cacheDigestCreate(int capacity, int bpe); ++CacheDigest *cacheDigestCreate(uint64_t capacity, uint8_t bpe); + void cacheDigestDestroy(CacheDigest * cd); + CacheDigest *cacheDigestClone(const CacheDigest * cd); + void cacheDigestClear(CacheDigest * cd); +-void cacheDigestChangeCap(CacheDigest * cd, int new_cap); ++void cacheDigestChangeCap(CacheDigest * cd, uint64_t new_cap); + int cacheDigestTest(const CacheDigest * cd, const cache_key * key); + void cacheDigestAdd(CacheDigest * cd, const cache_key * key); + void cacheDigestDel(CacheDigest * cd, const cache_key * key); +-size_t cacheDigestCalcMaskSize(int cap, int bpe); ++uint32_t cacheDigestCalcMaskSize(uint64_t cap, uint8_t bpe); + int cacheDigestBitUtil(const CacheDigest * cd); + void cacheDigestGuessStatsUpdate(CacheDigestGuessStats * stats, int real_hit, int guess_hit); + void cacheDigestGuessStatsReport(const CacheDigestGuessStats * stats, StoreEntry * sentry, const char *label); + +=== modified file 'src/PeerDigest.h' +--- src/PeerDigest.h 2016-01-01 00:14:27 +0000 ++++ src/PeerDigest.h 2016-07-23 07:16:20 +0000 +@@ -52,7 +52,7 @@ + store_client *old_sc; + HttpRequest *request; + int offset; +- int mask_offset; ++ uint32_t mask_offset; + time_t start_time; + time_t resp_time; + time_t expires; + +=== modified file 'src/peer_digest.cc' +--- src/peer_digest.cc 2016-01-01 00:14:27 +0000 ++++ src/peer_digest.cc 2016-07-23 07:16:20 +0000 +@@ -754,7 +754,7 @@ + if (!reason && !size) { + if (!pd->cd) + reason = "null digest?!"; +- else if (fetch->mask_offset != (int)pd->cd->mask_size) ++ else if (fetch->mask_offset != pd->cd->mask_size) + reason = "premature end of digest?!"; + else if (!peerDigestUseful(pd)) + reason = "useless digest"; + +=== modified file 'src/store_digest.cc' +--- src/store_digest.cc 2016-01-01 00:14:27 +0000 ++++ src/store_digest.cc 2016-07-23 07:16:20 +0000 +@@ -76,36 +76,63 @@ + static void storeDigestRewriteFinish(StoreEntry * e); + static EVH storeDigestSwapOutStep; + static void storeDigestCBlockSwapOut(StoreEntry * e); +-static int storeDigestCalcCap(void); +-static int storeDigestResize(void); + static void storeDigestAdd(const StoreEntry *); + ++/// calculates digest capacity ++static uint64_t ++storeDigestCalcCap() ++{ ++ /* ++ * To-Do: Bloom proved that the optimal filter utilization is 50% (half of ++ * the bits are off). However, we do not have a formula to calculate the ++ * number of _entries_ we want to pre-allocate for. ++ */ ++ const uint64_t hi_cap = Store::Root().maxSize() / Config.Store.avgObjectSize; ++ const uint64_t lo_cap = 1 + Store::Root().currentSize() / Config.Store.avgObjectSize; ++ const uint64_t e_count = StoreEntry::inUseCount(); ++ uint64_t cap = e_count ? e_count : hi_cap; ++ debugs(71, 2, "have: " << e_count << ", want " << cap << ++ " entries; limits: [" << lo_cap << ", " << hi_cap << "]"); ++ ++ if (cap < lo_cap) ++ cap = lo_cap; ++ ++ /* do not enforce hi_cap limit, average-based estimation may be wrong ++ *if (cap > hi_cap) ++ * cap = hi_cap; ++ */ ++ ++ // Bug 4534: we still have to set an upper-limit at some reasonable value though. ++ // this matches cacheDigestCalcMaskSize doing (cap*bpe)+7 < INT_MAX ++ const uint64_t absolute_max = (INT_MAX -8) / Config.digest.bits_per_entry; ++ if (cap > absolute_max) { ++ static time_t last_loud = 0; ++ if (last_loud < squid_curtime - 86400) { ++ debugs(71, DBG_IMPORTANT, "WARNING: Cache Digest cannot store " << cap << " entries. Limiting to " << absolute_max); ++ last_loud = squid_curtime; ++ } else { ++ debugs(71, 3, "WARNING: Cache Digest cannot store " << cap << " entries. Limiting to " << absolute_max); ++ } ++ cap = absolute_max; ++ } ++ ++ return cap; ++} + #endif /* USE_CACHE_DIGESTS */ + +-static void +-storeDigestRegisterWithCacheManager(void) ++void ++storeDigestInit(void) + { + Mgr::RegisterAction("store_digest", "Store Digest", storeDigestReport, 0, 1); +-} +- +-/* +- * PUBLIC FUNCTIONS +- */ +- +-void +-storeDigestInit(void) +-{ +- storeDigestRegisterWithCacheManager(); + + #if USE_CACHE_DIGESTS +- const int cap = storeDigestCalcCap(); +- + if (!Config.onoff.digest_generation) { + store_digest = NULL; + debugs(71, 3, "Local cache digest generation disabled"); + return; + } + ++ const uint64_t cap = storeDigestCalcCap(); + store_digest = cacheDigestCreate(cap, Config.digest.bits_per_entry); + debugs(71, DBG_IMPORTANT, "Local cache digest enabled; rebuild/rewrite every " << + (int) Config.digest.rebuild_period << "/" << +@@ -290,6 +317,31 @@ + storeDigestRebuildResume(); + } + ++/// \returns true if we actually resized the digest ++static bool ++storeDigestResize() ++{ ++ const uint64_t cap = storeDigestCalcCap(); ++ assert(store_digest); ++ uint64_t diff; ++ if (cap > store_digest->capacity) ++ diff = cap - store_digest->capacity; ++ else ++ diff = store_digest->capacity - cap; ++ debugs(71, 2, store_digest->capacity << " -> " << cap << "; change: " << ++ diff << " (" << xpercentInt(diff, store_digest->capacity) << "%)" ); ++ /* avoid minor adjustments */ ++ ++ if (diff <= store_digest->capacity / 10) { ++ debugs(71, 2, "small change, will not resize."); ++ return false; ++ } else { ++ debugs(71, 2, "big change, resizing."); ++ cacheDigestChangeCap(store_digest, cap); ++ } ++ return true; ++} ++ + /* called be Rewrite to push Rebuild forward */ + static void + storeDigestRebuildResume(void) +@@ -439,7 +491,7 @@ + assert(e); + /* _add_ check that nothing bad happened while we were waiting @?@ @?@ */ + +- if (sd_state.rewrite_offset + chunk_size > store_digest->mask_size) ++ if (static_cast<uint32_t>(sd_state.rewrite_offset + chunk_size) > store_digest->mask_size) + chunk_size = store_digest->mask_size - sd_state.rewrite_offset; + + e->append(store_digest->mask + sd_state.rewrite_offset, chunk_size); +@@ -451,7 +503,7 @@ + sd_state.rewrite_offset += chunk_size; + + /* are we done ? */ +- if (sd_state.rewrite_offset >= store_digest->mask_size) ++ if (static_cast<uint32_t>(sd_state.rewrite_offset) >= store_digest->mask_size) + storeDigestRewriteFinish(e); + else + eventAdd("storeDigestSwapOutStep", storeDigestSwapOutStep, data, 0.0, 1, false); +@@ -467,60 +519,10 @@ + sd_state.cblock.count = htonl(store_digest->count); + sd_state.cblock.del_count = htonl(store_digest->del_count); + sd_state.cblock.mask_size = htonl(store_digest->mask_size); +- sd_state.cblock.bits_per_entry = (unsigned char) +- Config.digest.bits_per_entry; ++ sd_state.cblock.bits_per_entry = Config.digest.bits_per_entry; + sd_state.cblock.hash_func_count = (unsigned char) CacheDigestHashFuncCount; + e->append((char *) &sd_state.cblock, sizeof(sd_state.cblock)); + } + +-/* calculates digest capacity */ +-static int +-storeDigestCalcCap(void) +-{ +- /* +- * To-Do: Bloom proved that the optimal filter utilization is 50% (half of +- * the bits are off). However, we do not have a formula to calculate the +- * number of _entries_ we want to pre-allocate for. +- */ +- const int hi_cap = Store::Root().maxSize() / Config.Store.avgObjectSize; +- const int lo_cap = 1 + Store::Root().currentSize() / Config.Store.avgObjectSize; +- const int e_count = StoreEntry::inUseCount(); +- int cap = e_count ? e_count :hi_cap; +- debugs(71, 2, "storeDigestCalcCap: have: " << e_count << ", want " << cap << +- " entries; limits: [" << lo_cap << ", " << hi_cap << "]"); +- +- if (cap < lo_cap) +- cap = lo_cap; +- +- /* do not enforce hi_cap limit, average-based estimation may be wrong +- *if (cap > hi_cap) +- * cap = hi_cap; +- */ +- return cap; +-} +- +-/* returns true if we actually resized the digest */ +-static int +-storeDigestResize(void) +-{ +- const int cap = storeDigestCalcCap(); +- int diff; +- assert(store_digest); +- diff = abs(cap - store_digest->capacity); +- debugs(71, 2, "storeDigestResize: " << +- store_digest->capacity << " -> " << cap << "; change: " << +- diff << " (" << xpercentInt(diff, store_digest->capacity) << "%)" ); +- /* avoid minor adjustments */ +- +- if (diff <= store_digest->capacity / 10) { +- debugs(71, 2, "storeDigestResize: small change, will not resize."); +- return 0; +- } else { +- debugs(71, 2, "storeDigestResize: big change, resizing."); +- cacheDigestChangeCap(store_digest, cap); +- return 1; +- } +-} +- + #endif /* USE_CACHE_DIGESTS */ + + +=== modified file 'src/tests/stub_CacheDigest.cc' +--- src/tests/stub_CacheDigest.cc 2016-01-01 00:14:27 +0000 ++++ src/tests/stub_CacheDigest.cc 2016-07-23 07:16:20 +0000 +@@ -16,11 +16,11 @@ + class CacheDigestGuessStats; + class StoreEntry; + +-CacheDigest * cacheDigestCreate(int, int) STUB_RETVAL(NULL) ++CacheDigest * cacheDigestCreate(uint64_t, uint8_t) STUB_RETVAL(NULL) + void cacheDigestDestroy(CacheDigest *) STUB + CacheDigest * cacheDigestClone(const CacheDigest *) STUB_RETVAL(NULL) + void cacheDigestClear(CacheDigest * ) STUB +-void cacheDigestChangeCap(CacheDigest *,int) STUB ++void cacheDigestChangeCap(CacheDigest *,uint64_t) STUB + int cacheDigestTest(const CacheDigest *, const cache_key *) STUB_RETVAL(1) + void cacheDigestAdd(CacheDigest *, const cache_key *) STUB + void cacheDigestDel(CacheDigest *, const cache_key *) STUB +@@ -28,5 +28,4 @@ + void cacheDigestGuessStatsUpdate(CacheDigestGuessStats *, int, int) STUB + void cacheDigestGuessStatsReport(const CacheDigestGuessStats *, StoreEntry *, const char *) STUB + void cacheDigestReport(CacheDigest *, const char *, StoreEntry *) STUB +-size_t cacheDigestCalcMaskSize(int, int) STUB_RETVAL(1) +- ++uint32_t cacheDigestCalcMaskSize(uint64_t, uint8_t) STUB_RETVAL(1) + diff --git a/src/patches/squid/squid-3.5-14068.patch b/src/patches/squid/squid-3.5-14068.patch new file mode 100644 index 0000000..4766e00 --- /dev/null +++ b/src/patches/squid/squid-3.5-14068.patch @@ -0,0 +1,35 @@ +------------------------------------------------------------ +revno: 14068 +revision-id: squid3(a)treenet.co.nz-20160723071930-cemledcltg8pkc28 +parent: squid3(a)treenet.co.nz-20160723071620-1wzqpbyi1rk5w6vg +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4542 +author: Anonymous <bigparrot(a)pirateperfection.com> +committer: Amos Jeffries <squid3(a)treenet.co.nz> +branch nick: 3.5 +timestamp: Sat 2016-07-23 19:19:30 +1200 +message: + Bug #4542: authentication credentials IP TTL updated incorrectly +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3(a)treenet.co.nz-20160723071930-cemledcltg8pkc28 +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: ee0c6aab5414532d9554ef338cce049263902fd8 +# timestamp: 2016-07-23 07:24:05 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3(a)treenet.co.nz-20160723071620-\ +# 1wzqpbyi1rk5w6vg +# +# Begin patch +=== modified file 'src/auth/User.cc' +--- src/auth/User.cc 2016-01-01 00:14:27 +0000 ++++ src/auth/User.cc 2016-07-23 07:19:30 +0000 +@@ -284,7 +284,7 @@ + /* This ip has already been seen. */ + found = 1; + /* update IP ttl */ +- ipdata->ip_expiretime = squid_curtime; ++ ipdata->ip_expiretime = squid_curtime + ::Config.authenticateIpTTL; + } else if (ipdata->ip_expiretime <= squid_curtime) { + /* This IP has expired - remove from the seen list */ + dlinkDelete(&ipdata->node, &ip_list); + diff --git a/src/patches/squid/squid-3.5-14069.patch b/src/patches/squid/squid-3.5-14069.patch new file mode 100644 index 0000000..15ca37a --- /dev/null +++ b/src/patches/squid/squid-3.5-14069.patch @@ -0,0 +1,30 @@ +------------------------------------------------------------ +revno: 14069 +revision-id: squidadm(a)squid-cache.org-20160723121351-iuc8hwstrqd0l1dv +parent: squid3(a)treenet.co.nz-20160723071930-cemledcltg8pkc28 +committer: Source Maintenance <squidadm(a)squid-cache.org> +branch nick: 3.5 +timestamp: Sat 2016-07-23 12:13:51 +0000 +message: + SourceFormat Enforcement +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squidadm(a)squid-cache.org-20160723121351-\ +# iuc8hwstrqd0l1dv +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: c9e37a723686ae2ee489ba7ec2e981ae153bda28 +# timestamp: 2016-07-23 12:50:56 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3(a)treenet.co.nz-20160723071930-\ +# cemledcltg8pkc28 +# +# Begin patch +=== modified file 'src/tests/stub_CacheDigest.cc' +--- src/tests/stub_CacheDigest.cc 2016-07-23 07:16:20 +0000 ++++ src/tests/stub_CacheDigest.cc 2016-07-23 12:13:51 +0000 +@@ -29,3 +29,4 @@ + void cacheDigestGuessStatsReport(const CacheDigestGuessStats *, StoreEntry *, const char *) STUB + void cacheDigestReport(CacheDigest *, const char *, StoreEntry *) STUB + uint32_t cacheDigestCalcMaskSize(uint64_t, uint8_t) STUB_RETVAL(1) ++ + -- 2.9.2

2 6

[PATCH] squid 3.5.20: latest patches
by Matthias Fischer 18 Aug '16

18 Aug '16

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- lfs/squid | 5 ++ src/patches/squid/squid-3.5-14071.patch | 70 +++++++++++++++ src/patches/squid/squid-3.5-14072.patch | 33 +++++++ src/patches/squid/squid-3.5-14073.patch | 151 ++++++++++++++++++++++++++++++++ src/patches/squid/squid-3.5-14074.patch | 55 ++++++++++++ src/patches/squid/squid-3.5-14075.patch | 38 ++++++++ 6 files changed, 352 insertions(+) create mode 100644 src/patches/squid/squid-3.5-14071.patch create mode 100644 src/patches/squid/squid-3.5-14072.patch create mode 100644 src/patches/squid/squid-3.5-14073.patch create mode 100644 src/patches/squid/squid-3.5-14074.patch create mode 100644 src/patches/squid/squid-3.5-14075.patch diff --git a/lfs/squid b/lfs/squid index c07afe8..2d9c596 100644 --- a/lfs/squid +++ b/lfs/squid @@ -74,6 +74,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14068.patch cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14069.patch cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14070.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14071.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14072.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14073.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14074.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14075.patch cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.20-fix-max-file-descriptors.patch cd $(DIR_APP) && autoreconf -vfi diff --git a/src/patches/squid/squid-3.5-14071.patch b/src/patches/squid/squid-3.5-14071.patch new file mode 100644 index 0000000..6b353ea --- /dev/null +++ b/src/patches/squid/squid-3.5-14071.patch @@ -0,0 +1,70 @@ +------------------------------------------------------------ +revno: 14071 +revision-id: squid3(a)treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3 +parent: squid3(a)treenet.co.nz-20160805145933-0cpyy47o8955lamx +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4428 +committer: Amos Jeffries <squid3(a)treenet.co.nz> +branch nick: 3.5 +timestamp: Wed 2016-08-17 14:55:01 +1200 +message: + Bug 4428: mal-formed Cache-Control:stale-if-error header +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3(a)treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3 +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: b3b3ef13c45062a97bd5cc88c934019fe4af7a3c +# timestamp: 2016-08-17 02:55:20 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3(a)treenet.co.nz-20160805145933-\ +# 0cpyy47o8955lamx +# +# Begin patch +=== modified file 'src/HttpHdrCc.cc' +--- src/HttpHdrCc.cc 2016-01-01 00:14:27 +0000 ++++ src/HttpHdrCc.cc 2016-08-17 02:55:01 +0000 +@@ -257,6 +257,27 @@ + + /* for all options having values, "=value" after the name */ + switch (flag) { ++ case CC_BADHDR: ++ break; ++ case CC_PUBLIC: ++ break; ++ case CC_PRIVATE: ++ if (Private().size()) ++ packerPrintf(p, "=\"" SQUIDSTRINGPH "\"", SQUIDSTRINGPRINT(Private())); ++ break; ++ ++ case CC_NO_CACHE: ++ if (noCache().size()) ++ packerPrintf(p, "=\"" SQUIDSTRINGPH "\"", SQUIDSTRINGPRINT(noCache())); ++ break; ++ case CC_NO_STORE: ++ break; ++ case CC_NO_TRANSFORM: ++ break; ++ case CC_MUST_REVALIDATE: ++ break; ++ case CC_PROXY_REVALIDATE: ++ break; + case CC_MAX_AGE: + packerPrintf(p, "=%d", (int) maxAge()); + break; +@@ -272,8 +293,14 @@ + case CC_MIN_FRESH: + packerPrintf(p, "=%d", (int) minFresh()); + break; +- default: +- /* do nothing, directive was already printed */ ++ case CC_ONLY_IF_CACHED: ++ break; ++ case CC_STALE_IF_ERROR: ++ packerPrintf(p, "=%d", staleIfError()); ++ break; ++ case CC_OTHER: ++ case CC_ENUM_END: ++ // done below after the loop + break; + } + + diff --git a/src/patches/squid/squid-3.5-14072.patch b/src/patches/squid/squid-3.5-14072.patch new file mode 100644 index 0000000..228e773 --- /dev/null +++ b/src/patches/squid/squid-3.5-14072.patch @@ -0,0 +1,33 @@ +------------------------------------------------------------ +revno: 14072 +revision-id: squid3(a)treenet.co.nz-20160817025828-s4102klt2ei25tsm +parent: squid3(a)treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3 +committer: Amos Jeffries <squid3(a)treenet.co.nz> +branch nick: 3.5 +timestamp: Wed 2016-08-17 14:58:28 +1200 +message: + Fix SSL-Bump failure results in SEGFAULT +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3(a)treenet.co.nz-20160817025828-s4102klt2ei25tsm +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: 73877d276fba41282aeb5973207d02851d5eb784 +# timestamp: 2016-08-17 03:50:56 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3(a)treenet.co.nz-20160817025501-\ +# e66sjxm0bfy3ksn3 +# +# Begin patch +=== modified file 'src/client_side_request.cc' +--- src/client_side_request.cc 2016-05-06 08:24:29 +0000 ++++ src/client_side_request.cc 2016-08-17 02:58:28 +0000 +@@ -1811,7 +1811,7 @@ + repContext->setReplyToStoreEntry(e, "immediate SslBump error"); + errorAppendEntry(e, calloutContext->error); + calloutContext->error = NULL; +- if (calloutContext->readNextRequest) ++ if (calloutContext->readNextRequest && getConn()) + getConn()->flags.readMore = true; // resume any pipeline reads. + node = (clientStreamNode *)client_stream.tail->data; + clientStreamRead(node, this, node->readBuffer); + diff --git a/src/patches/squid/squid-3.5-14073.patch b/src/patches/squid/squid-3.5-14073.patch new file mode 100644 index 0000000..b7915a4 --- /dev/null +++ b/src/patches/squid/squid-3.5-14073.patch @@ -0,0 +1,151 @@ +------------------------------------------------------------ +revno: 14073 +revision-id: squid3(a)treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj +parent: squid3(a)treenet.co.nz-20160817025828-s4102klt2ei25tsm +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4563 +committer: Amos Jeffries <squid3(a)treenet.co.nz> +branch nick: 3.5 +timestamp: Wed 2016-08-17 17:10:37 +1200 +message: + Bug 4563: duplicate code in httpMakeVaryMark +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3(a)treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: bba9a17715b8759e9d70db2c75f70f3c6152ae8a +# timestamp: 2016-08-17 05:50:53 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3(a)treenet.co.nz-20160817025828-\ +# s4102klt2ei25tsm +# +# Begin patch +=== modified file 'src/http.cc' +--- src/http.cc 2016-04-01 06:15:31 +0000 ++++ src/http.cc 2016-08-17 05:10:37 +0000 +@@ -572,6 +572,38 @@ + /* NOTREACHED */ + } + ++/// assemble a variant key (vary-mark) from the given Vary header and HTTP request ++static void ++assembleVaryKey(String &vary, SBuf &vstr, const HttpRequest &request) ++{ ++ static const SBuf asterisk("*"); ++ const char *pos = nullptr; ++ const char *item = nullptr; ++ int ilen = 0; ++ ++ while (strListGetItem(&vary, ',', &item, &ilen, &pos)) { ++ SBuf name(item, ilen); ++ if (name == asterisk) { ++ vstr.clear(); ++ break; ++ } ++ name.toLower(); ++ if (!vstr.isEmpty()) ++ vstr.append(", ", 2); ++ vstr.append(name); ++ String hdr(request.header.getByName(name.c_str())); ++ const char *value = hdr.termedBuf(); ++ if (value) { ++ value = rfc1738_escape_part(value); ++ vstr.append("=\"", 2); ++ vstr.append(value); ++ vstr.append("\"", 1); ++ } ++ ++ hdr.clean(); ++ } ++} ++ + /* + * For Vary, store the relevant request headers as + * virtual headers in the reply +@@ -580,81 +612,16 @@ + SBuf + httpMakeVaryMark(HttpRequest * request, HttpReply const * reply) + { +- String vary, hdr; +- const char *pos = NULL; +- const char *item; +- const char *value; +- int ilen; + SBuf vstr; +- static const SBuf asterisk("*"); ++ String vary; + + vary = reply->header.getList(HDR_VARY); +- +- while (strListGetItem(&vary, ',', &item, &ilen, &pos)) { +- char *name = (char *)xmalloc(ilen + 1); +- xstrncpy(name, item, ilen + 1); +- Tolower(name); +- +- if (strcmp(name, "*") == 0) { +- /* Can not handle "Vary: *" withtout ETag support */ +- safe_free(name); +- vstr.clear(); +- break; +- } +- +- if (!vstr.isEmpty()) +- vstr.append(", ", 2); +- vstr.append(name); +- hdr = request->header.getByName(name); +- safe_free(name); +- value = hdr.termedBuf(); +- +- if (value) { +- value = rfc1738_escape_part(value); +- vstr.append("=\"", 2); +- vstr.append(value); +- vstr.append("\"", 1); +- } +- +- hdr.clean(); +- } +- ++ assembleVaryKey(vary, vstr, *request); ++ ++#if X_ACCELERATOR_VARY + vary.clean(); +-#if X_ACCELERATOR_VARY +- +- pos = NULL; + vary = reply->header.getList(HDR_X_ACCELERATOR_VARY); +- +- while (strListGetItem(&vary, ',', &item, &ilen, &pos)) { +- char *name = (char *)xmalloc(ilen + 1); +- xstrncpy(name, item, ilen + 1); +- Tolower(name); +- +- if (strcmp(name, "*") == 0) { +- /* Can not handle "Vary: *" withtout ETag support */ +- safe_free(name); +- vstr.clear(); +- break; +- } +- +- if (!vstr.isEmpty()) +- vstr.append(", ", 2); +- vstr.append(name); +- hdr = request->header.getByName(name); +- safe_free(name); +- value = hdr.termedBuf(); +- +- if (value) { +- value = rfc1738_escape_part(value); +- vstr.append("=\"", 2); +- vstr.append(value); +- vstr.append("\"", 1); +- } +- +- hdr.clean(); +- } +- +- vary.clean(); ++ assembleVaryKey(vary, vstr, *request); + #endif + + debugs(11, 3, vstr); + diff --git a/src/patches/squid/squid-3.5-14074.patch b/src/patches/squid/squid-3.5-14074.patch new file mode 100644 index 0000000..dbafbf0 --- /dev/null +++ b/src/patches/squid/squid-3.5-14074.patch @@ -0,0 +1,55 @@ +------------------------------------------------------------ +revno: 14074 +revision-id: squid3(a)treenet.co.nz-20160817054829-rl7q49ysi40sj01i +parent: squid3(a)treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3025 +author: mkishi <mkishi(a)104.net> +committer: Amos Jeffries <squid3(a)treenet.co.nz> +branch nick: 3.5 +timestamp: Wed 2016-08-17 17:48:29 +1200 +message: + Bug 3025: Proxy-Authenticate problem using ICAP server +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3(a)treenet.co.nz-20160817054829-rl7q49ysi40sj01i +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: f4eb1b35dc72bba74a398070900a0951257e547e +# timestamp: 2016-08-17 05:50:56 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3(a)treenet.co.nz-20160817051037-\ +# p0kaj2iw2u4u8iqj +# +# Begin patch +=== modified file 'src/client_side_reply.cc' +--- src/client_side_reply.cc 2016-04-01 06:15:31 +0000 ++++ src/client_side_reply.cc 2016-08-17 05:48:29 +0000 +@@ -1305,8 +1305,14 @@ + + // if there is not configured a peer proxy with login=PASS or login=PASSTHRU option enabled + // remove the Proxy-Authenticate header +- if ( !request->peer_login || (strcmp(request->peer_login,"PASS") != 0 && strcmp(request->peer_login,"PASSTHRU") != 0)) +- reply->header.delById(HDR_PROXY_AUTHENTICATE); ++ if ( !request->peer_login || (strcmp(request->peer_login,"PASS") != 0 && strcmp(request->peer_login,"PASSTHRU") != 0)) { ++#if USE_ADAPTATION ++ // but allow adaptation services to authenticate clients ++ // via request satisfaction ++ if (!http->requestSatisfactionMode()) ++#endif ++ reply->header.delById(HDR_PROXY_AUTHENTICATE); ++ } + + reply->header.removeHopByHopEntries(); + + +=== modified file 'src/client_side_request.h' +--- src/client_side_request.h 2016-01-01 00:14:27 +0000 ++++ src/client_side_request.h 2016-08-17 05:48:29 +0000 +@@ -140,6 +140,7 @@ + + public: + void startAdaptation(const Adaptation::ServiceGroupPointer &g); ++ bool requestSatisfactionMode() const { return request_satisfaction_mode; } + + // private but exposed for ClientRequestContext + void handleAdaptationFailure(int errDetail, bool bypassable = false); + diff --git a/src/patches/squid/squid-3.5-14075.patch b/src/patches/squid/squid-3.5-14075.patch new file mode 100644 index 0000000..8c0b5a3 --- /dev/null +++ b/src/patches/squid/squid-3.5-14075.patch @@ -0,0 +1,38 @@ +------------------------------------------------------------ +revno: 14075 +revision-id: squid3(a)treenet.co.nz-20160817133413-vdmm0d6kvo8bfszk +parent: squid3(a)treenet.co.nz-20160817054829-rl7q49ysi40sj01i +committer: Amos Jeffries <squid3(a)treenet.co.nz> +branch nick: 3.5 +timestamp: Thu 2016-08-18 01:34:13 +1200 +message: + Fix logic error in rev.13930 + + Using !=0 on both string compares means any login= value will permit + 40x responses through. Only PASS and PASSTHRU should be doing that. + + Detected by Coverity Scan. Issue 1364711 +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3(a)treenet.co.nz-20160817133413-vdmm0d6kvo8bfszk +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: 31f0c4e0f435e0aa994ffe8937e4d4c58fed37f5 +# timestamp: 2016-08-17 13:34:59 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3(a)treenet.co.nz-20160817054829-\ +# rl7q49ysi40sj01i +# +# Begin patch +=== modified file 'src/tunnel.cc' +--- src/tunnel.cc 2016-01-01 00:14:27 +0000 ++++ src/tunnel.cc 2016-08-17 13:34:13 +0000 +@@ -476,7 +476,7 @@ + + // we need to relay the 401/407 responses when login=PASS(THRU) + const char *pwd = server.conn->getPeer()->login; +- const bool relay = pwd && (strcmp(pwd, "PASS") != 0 || strcmp(pwd, "PASSTHRU") != 0) && ++ const bool relay = pwd && (strcmp(pwd, "PASS") == 0 || strcmp(pwd, "PASSTHRU") == 0) && + (*status_ptr == Http::scProxyAuthenticationRequired || + *status_ptr == Http::scUnauthorized); + + -- 2.9.3

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Development August 2016