Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org --- lfs/squid | 4 + src/patches/squid/squid-3.5-14119.patch | 184 ++++++++++++++++++++++++++++++++ src/patches/squid/squid-3.5-14120.patch | 62 +++++++++++ src/patches/squid/squid-3.5-14121.patch | 36 +++++++ src/patches/squid/squid-3.5-14122.patch | 34 ++++++ 5 files changed, 320 insertions(+) create mode 100644 src/patches/squid/squid-3.5-14119.patch create mode 100644 src/patches/squid/squid-3.5-14120.patch create mode 100644 src/patches/squid/squid-3.5-14121.patch create mode 100644 src/patches/squid/squid-3.5-14122.patch
diff --git a/lfs/squid b/lfs/squid index 0642532d0..70d90d819 100644 --- a/lfs/squid +++ b/lfs/squid @@ -90,6 +90,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14116.patch cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14117.patch cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14118.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14119.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14120.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14121.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14122.patch cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.22-fix-max-file-descriptors.patch
cd $(DIR_APP) && autoreconf -vfi diff --git a/src/patches/squid/squid-3.5-14119.patch b/src/patches/squid/squid-3.5-14119.patch new file mode 100644 index 000000000..d6e85a5e9 --- /dev/null +++ b/src/patches/squid/squid-3.5-14119.patch @@ -0,0 +1,184 @@ +------------------------------------------------------------ +revno: 14119 +revision-id: squid3@treenet.co.nz-20161209015833-xm965d5l6u03qhew +parent: squid3@treenet.co.nz-20161130233304-lk3q0bx8gn5l3l85 +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4174 +author: Christos Tsantilas chtsanti@users.sourceforge.net +committer: Amos Jeffries squid3@treenet.co.nz +branch nick: 3.5 +timestamp: Fri 2016-12-09 14:58:33 +1300 +message: + Bug 4174 partial: fix Write.cc:41 "!ccb->active()" assertion. + + The following sequence of events triggers this assertion: + - The server sends an 1xx control message. + - http.cc schedules ConnStateData::sendControlMsg call. + - Before sendControlMsg is fired, http.cc detects an error (e.g., I/O + error or timeout) and starts writing the reply to the user. + - The ConnStateData::sendControlMsg is fired, starts writing 1xx, and + hits the "no concurrent writes" assertion. + + We could only reproduce this sequence in the lab after changing Squid + code to trigger a timeout at the right moment, but the sequence looks + plausible. Other event sequences might result in the same outcome. + + To avoid concurrent writes, Squid now drops the control message if + Http::One::Server detects that a reply is already being written. Also, + ConnStateData delays reply writing until a pending control message write + has been completed. + + This is a Measurement Factory project. +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20161209015833-xm965d5l6u03qhew +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: 103c6fc1fa45d78ba7f9e85ab3d89fff898ee762 +# timestamp: 2016-12-09 02:51:06 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20161130233304-\ +# lk3q0bx8gn5l3l85 +# +# Begin patch +=== modified file 'src/client_side.cc' +--- src/client_side.cc 2016-09-23 20:49:24 +0000 ++++ src/client_side.cc 2016-12-09 01:58:33 +0000 +@@ -340,7 +340,21 @@ + AsyncCall::Pointer call = commCbCall(33, 5, "ClientSocketContext::wroteControlMsg", + CommIoCbPtrFun(&WroteControlMsg, this)); + +- getConn()->writeControlMsgAndCall(this, rep.getRaw(), call); ++ if (!getConn()->writeControlMsgAndCall(this, rep.getRaw(), call)) { ++ // but still inform the caller (so it may resume its operation) ++ doneWithControlMsg(); ++ } ++} ++ ++void ++ClientSocketContext::doneWithControlMsg() ++{ ++ ScheduleCallHere(cbControlMsgSent); ++ cbControlMsgSent = NULL; ++ ++ debugs(33, 3, clientConnection << ": calling PushDeferredIfNeeded after control msg wrote"); ++ ClientSocketContextPushDeferredIfNeeded(this, getConn()); ++ + } + + /// called when we wrote the 1xx response +@@ -351,7 +365,7 @@ + return; + + if (errflag == Comm::OK) { +- ScheduleCallHere(cbControlMsgSent); ++ doneWithControlMsg(); + return; + } + +@@ -1455,6 +1469,8 @@ + + if (context != http->getConn()->getCurrentContext()) + context->deferRecipientForLater(node, rep, receivedData); ++ else if (context->controlMsgIsPending()) ++ context->deferRecipientForLater(node, rep, receivedData); + else + http->getConn()->handleReply(rep, receivedData); + + +=== modified file 'src/client_side.h' +--- src/client_side.h 2016-06-18 13:36:07 +0000 ++++ src/client_side.h 2016-12-09 01:58:33 +0000 +@@ -129,9 +129,13 @@ + /// starts writing 1xx control message to the client + void writeControlMsg(HttpControlMsg &msg); + ++ /// true if 1xx to the user is pending ++ bool controlMsgIsPending() {return cbControlMsgSent != NULL;} ++ + protected: + static IOCB WroteControlMsg; + void wroteControlMsg(const Comm::ConnectionPointer &conn, char *bufnotused, size_t size, Comm::Flag errflag, int xerrno); ++ void doneWithControlMsg(); + + private: + void prepareReply(HttpReply * rep); +@@ -387,7 +391,7 @@ + void connectionTag(const char *aTag) { connectionTag_ = aTag; } + + /// handle a control message received by context from a peer and call back +- virtual void writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call) = 0; ++ virtual bool writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call) = 0; + + /// ClientStream calls this to supply response header (once) and data + /// for the current ClientSocketContext. + +=== modified file 'src/servers/FtpServer.cc' +--- src/servers/FtpServer.cc 2016-06-30 21:09:12 +0000 ++++ src/servers/FtpServer.cc 2016-12-09 01:58:33 +0000 +@@ -1152,12 +1152,13 @@ + writeErrorReply(reply, 451); + } + +-void ++bool + Ftp::Server::writeControlMsgAndCall(ClientSocketContext *context, HttpReply *reply, AsyncCall::Pointer &call) + { + // the caller guarantees that we are dealing with the current context only + // the caller should also make sure reply->header.has(HDR_FTP_STATUS) + writeForwardedReplyAndCall(reply, call); ++ return true; + } + + void + +=== modified file 'src/servers/FtpServer.h' +--- src/servers/FtpServer.h 2016-03-15 18:14:15 +0000 ++++ src/servers/FtpServer.h 2016-12-09 01:58:33 +0000 +@@ -94,7 +94,7 @@ + virtual void clientPinnedConnectionClosed(const CommCloseCbParams &io); + virtual void handleReply(HttpReply *header, StoreIOBuffer receivedData); + virtual int pipelinePrefetchMax() const; +- virtual void writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call); ++ virtual bool writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call); + virtual time_t idleTimeout() const; + + /* BodyPipe API */ + +=== modified file 'src/servers/HttpServer.cc' +--- src/servers/HttpServer.cc 2016-01-01 00:14:27 +0000 ++++ src/servers/HttpServer.cc 2016-12-09 01:58:33 +0000 +@@ -35,7 +35,7 @@ + virtual ClientSocketContext *parseOneRequest(Http::ProtocolVersion &ver); + virtual void processParsedRequest(ClientSocketContext *context, const Http::ProtocolVersion &ver); + virtual void handleReply(HttpReply *rep, StoreIOBuffer receivedData); +- virtual void writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call); ++ virtual bool writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call); + virtual time_t idleTimeout() const; + + /* BodyPipe API */ +@@ -167,9 +167,16 @@ + context->sendStartOfMessage(rep, receivedData); + } + +-void ++bool + Http::Server::writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call) + { ++ // Ignore this late control message if we have started sending a ++ // reply to the user already (e.g., after an error). ++ if (context->reply) { ++ debugs(11, 2, "drop 1xx made late by " << context->reply); ++ return false; ++ } ++ + // apply selected clientReplyContext::buildReplyHeader() mods + // it is not clear what headers are required for control messages + rep->header.removeHopByHopEntries(); +@@ -184,6 +191,7 @@ + Comm::Write(context->clientConnection, mb, call); + + delete mb; ++ return true; + } + + ConnStateData * + diff --git a/src/patches/squid/squid-3.5-14120.patch b/src/patches/squid/squid-3.5-14120.patch new file mode 100644 index 000000000..4d28d4a95 --- /dev/null +++ b/src/patches/squid/squid-3.5-14120.patch @@ -0,0 +1,62 @@ +------------------------------------------------------------ +revno: 14120 +revision-id: squid3@treenet.co.nz-20161209034636-wytrnx7ks2jv0sxt +parent: squid3@treenet.co.nz-20161209015833-xm965d5l6u03qhew +author: Egervary Gergely gergely@egervary.hu +committer: Amos Jeffries squid3@treenet.co.nz +branch nick: 3.5 +timestamp: Fri 2016-12-09 16:46:36 +1300 +message: + Support IPv6 NAT with PF for NetBSD and FreeBSD +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20161209034636-wytrnx7ks2jv0sxt +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: b47da8d30fe000bbe50ea978bab7594065f7dc07 +# timestamp: 2016-12-09 03:51:01 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20161209015833-\ +# xm965d5l6u03qhew +# +# Begin patch +=== modified file 'src/ip/Intercept.cc' +--- src/ip/Intercept.cc 2016-10-25 08:25:30 +0000 ++++ src/ip/Intercept.cc 2016-12-09 03:46:36 +0000 +@@ -339,13 +339,20 @@ + } + + memset(&nl, 0, sizeof(struct pfioc_natlook)); +- newConn->remote.getInAddr(nl.saddr.v4); ++ ++ if (newConn->remote.isIPv6()) { ++ newConn->remote.getInAddr(nl.saddr.v6); ++ newConn->local.getInAddr(nl.daddr.v6); ++ nl.af = AF_INET6; ++ } else { ++ newConn->remote.getInAddr(nl.saddr.v4); ++ newConn->local.getInAddr(nl.daddr.v4); ++ nl.af = AF_INET; ++ } ++ + nl.sport = htons(newConn->remote.port()); +- +- newConn->local.getInAddr(nl.daddr.v4); + nl.dport = htons(newConn->local.port()); + +- nl.af = AF_INET; + nl.proto = IPPROTO_TCP; + nl.direction = PF_OUT; + +@@ -361,7 +368,10 @@ + debugs(89, 9, HERE << "address: " << newConn); + return false; + } else { +- newConn->local = nl.rdaddr.v4; ++ if (newConn->remote.isIPv6()) ++ newConn->local = nl.rdaddr.v6; ++ else ++ newConn->local = nl.rdaddr.v4; + newConn->local.port(ntohs(nl.rdport)); + debugs(89, 5, HERE << "address NAT: " << newConn); + return true; + diff --git a/src/patches/squid/squid-3.5-14121.patch b/src/patches/squid/squid-3.5-14121.patch new file mode 100644 index 000000000..36f3f7a8d --- /dev/null +++ b/src/patches/squid/squid-3.5-14121.patch @@ -0,0 +1,36 @@ +------------------------------------------------------------ +revno: 14121 +revision-id: squid3@treenet.co.nz-20161209043304-krtzvsm4a0zbzgi8 +parent: squid3@treenet.co.nz-20161209034636-wytrnx7ks2jv0sxt +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4406 +author: Michael Buchau mike@m-buchau.de +committer: Amos Jeffries squid3@treenet.co.nz +branch nick: 3.5 +timestamp: Fri 2016-12-09 17:33:04 +1300 +message: + Bug 4406: SIGSEV in TunnelStateData::handleConnectResponse() during reconfigure and restart +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20161209043304-krtzvsm4a0zbzgi8 +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: ce1153061cb79ac9ede6851f438ec830ed7a3e78 +# timestamp: 2016-12-09 04:51:01 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20161209034636-\ +# wytrnx7ks2jv0sxt +# +# Begin patch +=== modified file 'src/tunnel.cc' +--- src/tunnel.cc 2016-08-17 13:34:13 +0000 ++++ src/tunnel.cc 2016-12-09 04:33:04 +0000 +@@ -475,7 +475,8 @@ + *status_ptr = rep.sline.status(); + + // we need to relay the 401/407 responses when login=PASS(THRU) +- const char *pwd = server.conn->getPeer()->login; ++ const CachePeer *peer = server.conn->getPeer(); ++ const char *pwd = (peer ? peer->login : NULL); + const bool relay = pwd && (strcmp(pwd, "PASS") == 0 || strcmp(pwd, "PASSTHRU") == 0) && + (*status_ptr == Http::scProxyAuthenticationRequired || + *status_ptr == Http::scUnauthorized); + diff --git a/src/patches/squid/squid-3.5-14122.patch b/src/patches/squid/squid-3.5-14122.patch new file mode 100644 index 000000000..292306e9e --- /dev/null +++ b/src/patches/squid/squid-3.5-14122.patch @@ -0,0 +1,34 @@ +------------------------------------------------------------ +revno: 14122 +revision-id: squidadm@squid-cache.org-20161209061551-361ava4lrrmbwiy9 +parent: squid3@treenet.co.nz-20161209043304-krtzvsm4a0zbzgi8 +committer: Source Maintenance squidadm@squid-cache.org +branch nick: 3.5 +timestamp: Fri 2016-12-09 06:15:51 +0000 +message: + SourceFormat Enforcement +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squidadm@squid-cache.org-20161209061551-\ +# 361ava4lrrmbwiy9 +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: cb4bfe0e0aaf3e3d107ffb16e2729c6f46d5a822 +# timestamp: 2016-12-09 06:51:04 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20161209043304-\ +# krtzvsm4a0zbzgi8 +# +# Begin patch +=== modified file 'src/servers/HttpServer.cc' +--- src/servers/HttpServer.cc 2016-12-09 01:58:33 +0000 ++++ src/servers/HttpServer.cc 2016-12-09 06:15:51 +0000 +@@ -170,7 +170,7 @@ + bool + Http::Server::writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call) + { +- // Ignore this late control message if we have started sending a ++ // Ignore this late control message if we have started sending a + // reply to the user already (e.g., after an error). + if (context->reply) { + debugs(11, 2, "drop 1xx made late by " << context->reply); +