Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org --- lfs/squid | 34 +--- ...=> squid-3.5.23-fix-max-file-descriptors.patch} | 0 src/patches/squid/squid-3.5-14099.patch | 65 ------- src/patches/squid/squid-3.5-14100.patch | 39 ---- src/patches/squid/squid-3.5-14101.patch | 59 ------ src/patches/squid/squid-3.5-14102.patch | 38 ---- src/patches/squid/squid-3.5-14103.patch | 61 ------- src/patches/squid/squid-3.5-14104.patch | 66 ------- src/patches/squid/squid-3.5-14105.patch | 48 ----- src/patches/squid/squid-3.5-14106.patch | 34 ---- src/patches/squid/squid-3.5-14107.patch | 56 ------ src/patches/squid/squid-3.5-14108.patch | 33 ---- src/patches/squid/squid-3.5-14109.patch | 167 ----------------- src/patches/squid/squid-3.5-14110.patch | 102 ----------- src/patches/squid/squid-3.5-14111.patch | 43 ----- src/patches/squid/squid-3.5-14112.patch | 60 ------- src/patches/squid/squid-3.5-14113.patch | 47 ----- src/patches/squid/squid-3.5-14114.patch | 46 ----- src/patches/squid/squid-3.5-14115.patch | 197 --------------------- src/patches/squid/squid-3.5-14116.patch | 38 ---- src/patches/squid/squid-3.5-14117.patch | 152 ---------------- src/patches/squid/squid-3.5-14118.patch | 55 ------ src/patches/squid/squid-3.5-14119.patch | 184 ------------------- src/patches/squid/squid-3.5-14120.patch | 62 ------- src/patches/squid/squid-3.5-14121.patch | 36 ---- src/patches/squid/squid-3.5-14122.patch | 34 ---- src/patches/squid/squid-3.5-14123.patch | 59 ------ src/patches/squid/squid-3.5-14124.patch | 47 ----- src/patches/squid/squid-3.5-14125.patch | 41 ----- src/patches/squid/squid-3.5-14126.patch | 123 ------------- 30 files changed, 3 insertions(+), 2023 deletions(-) rename src/patches/{squid-3.5.22-fix-max-file-descriptors.patch => squid-3.5.23-fix-max-file-descriptors.patch} (100%) delete mode 100644 src/patches/squid/squid-3.5-14099.patch delete mode 100644 src/patches/squid/squid-3.5-14100.patch delete mode 100644 src/patches/squid/squid-3.5-14101.patch delete mode 100644 src/patches/squid/squid-3.5-14102.patch delete mode 100644 src/patches/squid/squid-3.5-14103.patch delete mode 100644 src/patches/squid/squid-3.5-14104.patch delete mode 100644 src/patches/squid/squid-3.5-14105.patch delete mode 100644 src/patches/squid/squid-3.5-14106.patch delete mode 100644 src/patches/squid/squid-3.5-14107.patch delete mode 100644 src/patches/squid/squid-3.5-14108.patch delete mode 100644 src/patches/squid/squid-3.5-14109.patch delete mode 100644 src/patches/squid/squid-3.5-14110.patch delete mode 100644 src/patches/squid/squid-3.5-14111.patch delete mode 100644 src/patches/squid/squid-3.5-14112.patch delete mode 100644 src/patches/squid/squid-3.5-14113.patch delete mode 100644 src/patches/squid/squid-3.5-14114.patch delete mode 100644 src/patches/squid/squid-3.5-14115.patch delete mode 100644 src/patches/squid/squid-3.5-14116.patch delete mode 100644 src/patches/squid/squid-3.5-14117.patch delete mode 100644 src/patches/squid/squid-3.5-14118.patch delete mode 100644 src/patches/squid/squid-3.5-14119.patch delete mode 100644 src/patches/squid/squid-3.5-14120.patch delete mode 100644 src/patches/squid/squid-3.5-14121.patch delete mode 100644 src/patches/squid/squid-3.5-14122.patch delete mode 100644 src/patches/squid/squid-3.5-14123.patch delete mode 100644 src/patches/squid/squid-3.5-14124.patch delete mode 100644 src/patches/squid/squid-3.5-14125.patch delete mode 100644 src/patches/squid/squid-3.5-14126.patch

diff --git a/lfs/squid b/lfs/squid index 0fa36d71a..db02367e5 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,7 +24,7 @@

include Config

-VER = 3.5.22 +VER = 3.5.23

THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_MD5 = afb82d2748c06c95815c171463b4aa14 +$(DL_FILE)_MD5 = 9b68f689e3d9578932b9c6a4041037c2

install : $(TARGET)

@@ -70,35 +70,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14099.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14100.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14101.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14102.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14103.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14104.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14105.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14106.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14107.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14108.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14109.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14110.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14111.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14112.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14113.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14114.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14115.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14116.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14117.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14118.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14119.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14120.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14121.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14122.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14123.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14124.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14125.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14126.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.22-fix-max-file-descriptors.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.23-fix-max-file-descriptors.patch

cd $(DIR_APP) && autoreconf -vfi cd $(DIR_APP)/libltdl && autoreconf -vfi diff --git a/src/patches/squid-3.5.22-fix-max-file-descriptors.patch b/src/patches/squid-3.5.23-fix-max-file-descriptors.patch similarity index 100% rename from src/patches/squid-3.5.22-fix-max-file-descriptors.patch rename to src/patches/squid-3.5.23-fix-max-file-descriptors.patch diff --git a/src/patches/squid/squid-3.5-14099.patch b/src/patches/squid/squid-3.5-14099.patch deleted file mode 100644 index 0e10effec..000000000 --- a/src/patches/squid/squid-3.5-14099.patch +++ /dev/null @@ -1,65 +0,0 @@ ------------------------------------------------------------- -revno: 14099 -revision-id: squid3@treenet.co.nz-20161015042024-jagzafukd2t6gcr0 -parent: squid3@treenet.co.nz-20161009195739-pcju9hl8vqwijt26 -author: Alex Rousskov rousskov@measurement-factory.com -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sat 2016-10-15 17:20:24 +1300 -message: - Fix build with eCAP but without ICAP support. - - That is, when ./configured with --enable-ecap --disable-icap-client. - - AccessLogEntry::icap requires ICAP_CLIENT, not just USE_ADAPTATION. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161015042024-jagzafukd2t6gcr0 -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 4cd2e7bf4e2be0acd252963afc107537b17450fc -# timestamp: 2016-10-15 04:52:07 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161009195739-\ -# pcju9hl8vqwijt26 -# -# Begin patch -=== modified file 'src/format/Format.cc' ---- src/format/Format.cc 2016-09-16 11:53:28 +0000 -+++ src/format/Format.cc 2016-10-15 04:20:24 +0000 -@@ -318,7 +318,7 @@ - actualReplyHeader(const AccessLogEntry::Pointer &al) - { - const HttpMsg *msg = al->reply; --#if USE_ADAPTATION -+#if ICAP_CLIENT - // al->icap.reqMethod is methodNone in access.log context - if (!msg && al->icap.reqMethod == Adaptation::methodReqmod) - msg = al->adapted_request; -@@ -331,7 +331,7 @@ - static const HttpMsg * - actualRequestHeader(const AccessLogEntry::Pointer &al) - { --#if USE_ADAPTATION -+#if ICAP_CLIENT - // al->icap.reqMethod is methodNone in access.log context - if (al->icap.reqMethod == Adaptation::methodRespmod) { - // XXX: for now AccessLogEntry lacks virgin response headers -@@ -819,7 +819,7 @@ - break; - - case LFT_REQUEST_ALL_HEADERS: --#if USE_ADAPTATION -+#if ICAP_CLIENT - if (al->icap.reqMethod == Adaptation::methodRespmod) { - // XXX: since AccessLogEntry::Headers lacks virgin response - // headers, do nothing for now -@@ -843,7 +843,7 @@ - - case LFT_REPLY_ALL_HEADERS: - out = al->headers.reply; --#if USE_ADAPTATION -+#if ICAP_CLIENT - if (!out && al->icap.reqMethod == Adaptation::methodReqmod) - out = al->headers.adapted_request; - #endif - diff --git a/src/patches/squid/squid-3.5-14100.patch b/src/patches/squid/squid-3.5-14100.patch deleted file mode 100644 index 7e5335a64..000000000 --- a/src/patches/squid/squid-3.5-14100.patch +++ /dev/null @@ -1,39 +0,0 @@ ------------------------------------------------------------- -revno: 14100 -revision-id: squid3@treenet.co.nz-20161025081949-3sxzd0n4snmadlke -parent: squid3@treenet.co.nz-20161015042024-jagzafukd2t6gcr0 -author: Christos Tsantilas chtsanti@users.sourceforge.net -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Tue 2016-10-25 21:19:49 +1300 -message: - Fix regression bug introduced by r14089. - - Squid crashed because HttpMsg::body_pipe was used without check that it - was initialized. The message lacks body pipe when it has no body or - empty body. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161025081949-3sxzd0n4snmadlke -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 50468130801fc3ebf75129c103bcfe4be9b6d4b7 -# timestamp: 2016-10-25 08:28:30 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161015042024-\ -# jagzafukd2t6gcr0 -# -# Begin patch -=== modified file 'src/adaptation/icap/ModXact.cc' ---- src/adaptation/icap/ModXact.cc 2016-09-16 18:50:04 +0000 -+++ src/adaptation/icap/ModXact.cc 2016-10-25 08:19:49 +0000 -@@ -1303,7 +1303,8 @@ - virgin_msg = virgin_request_; - assert(virgin_msg != virgin.cause); - al.http.clientRequestSz.header = virgin_msg->hdr_sz; -- al.http.clientRequestSz.payloadData = virgin_msg->body_pipe->producedSize(); -+ if (virgin_msg->body_pipe != NULL) -+ al.http.clientRequestSz.payloadData = virgin_msg->body_pipe->producedSize(); - - // leave al.icap.bodyBytesRead negative if no body - if (replyHttpHeaderSize >= 0 || replyHttpBodySize >= 0) { - diff --git a/src/patches/squid/squid-3.5-14101.patch b/src/patches/squid/squid-3.5-14101.patch deleted file mode 100644 index 92ff4d448..000000000 --- a/src/patches/squid/squid-3.5-14101.patch +++ /dev/null @@ -1,59 +0,0 @@ ------------------------------------------------------------- -revno: 14101 -revision-id: squid3@treenet.co.nz-20161025082349-4gds2nic8qcahkem -parent: squid3@treenet.co.nz-20161025081949-3sxzd0n4snmadlke -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Tue 2016-10-25 21:23:49 +1300 -message: - Fix external_acl_type default children documentations - - The max children has always been 5, not 20. - - Also, make mgr:config report dumper actually hide only the real default - values. (sync with helper/ChildConfig.cc defaults) ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161025082349-4gds2nic8qcahkem -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 02234eff0589032ea31d911c20f792617eeb18a9 -# timestamp: 2016-10-25 08:28:32 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161025081949-\ -# 3sxzd0n4snmadlke -# -# Begin patch -=== modified file 'src/cf.data.pre' ---- src/cf.data.pre 2016-09-23 15:28:42 +0000 -+++ src/cf.data.pre 2016-10-25 08:23:49 +0000 -@@ -678,7 +678,7 @@ - - children-max=n - Maximum number of acl helper processes spawned to service -- external acl lookups of this type. (default 20) -+ external acl lookups of this type. (default 5) - - children-startup=n - Minimum number of acl helper processes to spawn during - -=== modified file 'src/external_acl.cc' ---- src/external_acl.cc 2016-05-17 18:14:16 +0000 -+++ src/external_acl.cc 2016-10-25 08:23:49 +0000 -@@ -474,13 +474,13 @@ - if (node->children.n_max != DEFAULT_EXTERNAL_ACL_CHILDREN) - storeAppendPrintf(sentry, " children-max=%d", node->children.n_max); - -- if (node->children.n_startup != 1) -+ if (node->children.n_startup != 0) // sync with helper/ChildConfig.cc default - storeAppendPrintf(sentry, " children-startup=%d", node->children.n_startup); - -- if (node->children.n_idle != (node->children.n_max + node->children.n_startup) ) -+ if (node->children.n_idle != 1) // sync with helper/ChildConfig.cc default - storeAppendPrintf(sentry, " children-idle=%d", node->children.n_idle); - -- if (node->children.concurrency) -+ if (node->children.concurrency != 0) - storeAppendPrintf(sentry, " concurrency=%d", node->children.concurrency); - - if (node->cache) - diff --git a/src/patches/squid/squid-3.5-14102.patch b/src/patches/squid/squid-3.5-14102.patch deleted file mode 100644 index f59253161..000000000 --- a/src/patches/squid/squid-3.5-14102.patch +++ /dev/null @@ -1,38 +0,0 @@ ------------------------------------------------------------- -revno: 14102 -revision-id: squid3@treenet.co.nz-20161025082530-do632qnr9bwyk5et -parent: squid3@treenet.co.nz-20161025082349-4gds2nic8qcahkem -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4620 -author: Takahiro Kambe taca@back-street.net -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Tue 2016-10-25 21:25:30 +1300 -message: - Bug 4620: NetBSD build error with --enable-ipf-transparent - - On NetBSD sys/param.h must be included before netinet/ip_compat.h ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161025082530-do632qnr9bwyk5et -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: eedfc8764a631aa008fd4aba589ca08ee161c3a5 -# timestamp: 2016-10-25 08:28:35 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161025082349-\ -# 4gds2nic8qcahkem -# -# Begin patch -=== modified file 'src/ip/Intercept.cc' ---- src/ip/Intercept.cc 2016-10-09 00:14:14 +0000 -+++ src/ip/Intercept.cc 2016-10-25 08:25:30 +0000 -@@ -25,6 +25,9 @@ - #define IPFILTER_VERSION 5000004 - #endif - -+#if HAVE_SYS_PARAM_H -+#include <sys/param.h> -+#endif - #if HAVE_SYS_IOCCOM_H - #include <sys/ioccom.h> - #endif - diff --git a/src/patches/squid/squid-3.5-14103.patch b/src/patches/squid/squid-3.5-14103.patch deleted file mode 100644 index 816aa9173..000000000 --- a/src/patches/squid/squid-3.5-14103.patch +++ /dev/null @@ -1,61 +0,0 @@ ------------------------------------------------------------- -revno: 14103 -revision-id: squid3@treenet.co.nz-20161029232628-1y2u918re62uqs3v -parent: squid3@treenet.co.nz-20161025082530-do632qnr9bwyk5et -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4627 -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sun 2016-10-30 12:26:28 +1300 -message: - Bug 4627: fix generate-host-certificates and dynamic_cert_mem_cache_size docs - - For Squid-3 the fix is just to update the documentation. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161029232628-1y2u918re62uqs3v -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: ea728cefc977ea5489da01b7a742821121c29476 -# timestamp: 2016-10-29 23:51:13 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161025082530-\ -# do632qnr9bwyk5et -# -# Begin patch -=== modified file 'src/cf.data.pre' ---- src/cf.data.pre 2016-10-25 08:23:49 +0000 -+++ src/cf.data.pre 2016-10-29 23:26:28 +0000 -@@ -1787,13 +1787,12 @@ - certificate equals lifetime of the CA certificate. If - generated certificate is selfsigned lifetime is three - years. -- This option is enabled by default when ssl-bump is used. -- See the ssl-bump option above for more information. -+ This option is disabled by default. See the ssl-bump -+ option above for more information. - - dynamic_cert_mem_cache_size=SIZE - Approximate total RAM size spent on cached generated -- certificates. If set to zero, caching is disabled. The -- default value is 4MB. -+ certificates. If set to zero, caching is disabled. - - TLS / SSL Options: - -@@ -2063,13 +2062,12 @@ - certificate equals lifetime of CA certificate. If - generated certificate is selfsigned lifetime is three - years. -- This option is enabled by default when SslBump is used. -- See the sslBump option above for more information. -+ This option is disabled by default. See the ssl-bump -+ option above for more information. - - dynamic_cert_mem_cache_size=SIZE - Approximate total RAM size spent on cached generated -- certificates. If set to zero, caching is disabled. The -- default value is 4MB. -+ certificates. If set to zero, caching is disabled. - - See http_port for a list of available options. - DOC_END - diff --git a/src/patches/squid/squid-3.5-14104.patch b/src/patches/squid/squid-3.5-14104.patch deleted file mode 100644 index c5d6ed088..000000000 --- a/src/patches/squid/squid-3.5-14104.patch +++ /dev/null @@ -1,66 +0,0 @@ ------------------------------------------------------------- -revno: 14104 -revision-id: squid3@treenet.co.nz-20161030093816-7vwnk5zrrql2p5ks -parent: squid3@treenet.co.nz-20161029232628-1y2u918re62uqs3v -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sun 2016-10-30 22:38:16 +1300 -message: - Copyright: add some missing blurbs and contributor details ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161030093816-7vwnk5zrrql2p5ks -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 8d44709a8f9c34926ce569e58aef82603a3d514b -# timestamp: 2016-10-30 09:40:44 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161029232628-\ -# 1y2u918re62uqs3v -# -# Begin patch -=== modified file 'CONTRIBUTORS' ---- CONTRIBUTORS 2016-01-06 14:27:36 +0000 -+++ CONTRIBUTORS 2016-10-30 09:38:16 +0000 -@@ -211,6 +211,8 @@ - Joe Ramey ramey@jello.csc.ti.com - Joerg Lehrke jlehrke@noc.de - Johnathan Conley johnathan.conley@gmail.com -+ John@MCC.ac.uk -+ John@Pharmweb.NET - John Dilley jad@hpl.hp.com - John M Cooper john.cooper@yourcommunications.co.uk - John Saunders johns@rd.scitec.com.au - -=== modified file 'contrib/url-normalizer.pl' ---- contrib/url-normalizer.pl 1996-12-07 00:54:31 +0000 -+++ contrib/url-normalizer.pl 2016-10-30 09:38:16 +0000 -@@ -1,4 +1,11 @@ - #!/usr/local/bin/perl -Tw -+# -+# * Copyright (C) 1996-2016 The Squid Software Foundation and contributors -+# * -+# * Squid software is distributed under GPLv2+ license and includes -+# * contributions from numerous individuals and organizations. -+# * Please see the COPYING and CONTRIBUTORS files for details. -+# - - # From: Markus Gyger mgyger@itr.ch - # - -=== modified file 'contrib/user-agents.pl' ---- contrib/user-agents.pl 1996-12-07 00:28:56 +0000 -+++ contrib/user-agents.pl 2016-10-30 09:38:16 +0000 -@@ -1,5 +1,13 @@ - #!/usr/bin/perl - # -+# * Copyright (C) 1996-2016 The Squid Software Foundation and contributors -+# * -+# * Squid software is distributed under GPLv2+ license and includes -+# * contributions from numerous individuals and organizations. -+# * Please see the COPYING and CONTRIBUTORS files for details. -+# -+ -+# - # John@MCC.ac.uk - # John@Pharmweb.NET - diff --git a/src/patches/squid/squid-3.5-14105.patch b/src/patches/squid/squid-3.5-14105.patch deleted file mode 100644 index d73dcea89..000000000 --- a/src/patches/squid/squid-3.5-14105.patch +++ /dev/null @@ -1,48 +0,0 @@ ------------------------------------------------------------- -revno: 14105 -revision-id: squid3@treenet.co.nz-20161030093920-5f7f2px9ea08rxlq -parent: squid3@treenet.co.nz-20161030093816-7vwnk5zrrql2p5ks -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4567 -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sun 2016-10-30 22:39:20 +1300 -message: - Bug 4567: Strange IPv6 shown in access.log ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161030093920-5f7f2px9ea08rxlq -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 8dbae4e7fc5fb80afc6eee6800743abd1b1eaa47 -# timestamp: 2016-10-30 09:40:47 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161030093816-\ -# 7vwnk5zrrql2p5ks -# -# Begin patch -=== modified file 'src/AccessLogEntry.cc' ---- src/AccessLogEntry.cc 2016-01-01 00:14:27 +0000 -+++ src/AccessLogEntry.cc 2016-10-30 09:39:20 +0000 -@@ -30,14 +30,17 @@ - log_ip = request->indirect_client_addr; - else - #endif -- if (tcpClient != NULL) -+ if (tcpClient) - log_ip = tcpClient->remote; -- else if (cache.caddr.isNoAddr()) { // e.g., ICAP OPTIONS lack client -- strncpy(buf, "-", bufsz); -- return; -- } else -+ else - log_ip = cache.caddr; - -+ // internally generated requests (and some ICAP) lack client IP -+ if (log_ip.isNoAddr()) { -+ strncpy(buf, "-", bufsz); -+ return; -+ } -+ - // Apply so-called 'privacy masking' to IPv4 clients - // - localhost IP is always shown in full - // - IPv4 clients masked with client_netmask - diff --git a/src/patches/squid/squid-3.5-14106.patch b/src/patches/squid/squid-3.5-14106.patch deleted file mode 100644 index cd3f63fa6..000000000 --- a/src/patches/squid/squid-3.5-14106.patch +++ /dev/null @@ -1,34 +0,0 @@ ------------------------------------------------------------- -revno: 14106 -revision-id: squid3@treenet.co.nz-20161030094025-l4b8fdahoru8h16d -parent: squid3@treenet.co.nz-20161030093920-5f7f2px9ea08rxlq -author: Garri Djavadyan garryd@comnet.uz -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sun 2016-10-30 22:40:25 +1300 -message: - Fix debug message in ACLChecklist::bannedAction() ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161030094025-l4b8fdahoru8h16d -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 4fd7942b294096f5c27e3d460b6d4c79580443e1 -# timestamp: 2016-10-30 09:40:49 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161030093920-\ -# 5f7f2px9ea08rxlq -# -# Begin patch -=== modified file 'src/acl/Checklist.cc' ---- src/acl/Checklist.cc 2016-01-01 00:14:27 +0000 -+++ src/acl/Checklist.cc 2016-10-30 09:40:25 +0000 -@@ -397,7 +397,7 @@ - ACLChecklist::bannedAction(const allow_t &action) const - { - const bool found = std::find(bannedActions_.begin(), bannedActions_.end(), action) != bannedActions_.end(); -- debugs(28, 5, "Action '" << action << "/" << action.kind << (found ? " is " : "is not") << " banned"); -+ debugs(28, 5, "Action '" << action << "/" << action.kind << (found ? "' is " : "' is not") << " banned"); - return found; - } - - diff --git a/src/patches/squid/squid-3.5-14107.patch b/src/patches/squid/squid-3.5-14107.patch deleted file mode 100644 index 34b0ace4c..000000000 --- a/src/patches/squid/squid-3.5-14107.patch +++ /dev/null @@ -1,56 +0,0 @@ ------------------------------------------------------------- -revno: 14107 -revision-id: squid3@treenet.co.nz-20161030094503-rwdft21ffff44rns -parent: squid3@treenet.co.nz-20161030094025-l4b8fdahoru8h16d -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sun 2016-10-30 22:45:03 +1300 -message: - HTTP/1.1: make Vary:* objects cacheable - - Under new clauses from RFC 7231 section 7.1.4 and HTTP response - containing header Vary:* (wifcard variant) can be cached, but - requires revalidation with server before each use. - - Use the new mandatory revalidation flags to allow storing of any - wildcard Vary:* response. - - Note that responses with headers like Vary:A,B,C,* are equivalent - to Vary:*. The cache key string for these objects is normalized. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161030094503-rwdft21ffff44rns -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 2652a5a689745e31fc450e0dfd1c5c472f6d68d6 -# timestamp: 2016-10-30 09:45:47 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161030094025-\ -# l4b8fdahoru8h16d -# -# Begin patch -=== modified file 'src/http.cc' ---- src/http.cc 2016-10-09 19:47:26 +0000 -+++ src/http.cc 2016-10-30 09:45:03 +0000 -@@ -594,7 +594,7 @@ - while (strListGetItem(&vary, ',', &item, &ilen, &pos)) { - SBuf name(item, ilen); - if (name == asterisk) { -- vstr.clear(); -+ vstr = asterisk; - break; - } - name.toLower(); -@@ -917,6 +917,12 @@ - varyFailure = true; - } else { - entry->mem_obj->vary_headers = vary; -+ -+ // RFC 7231 section 7.1.4 -+ // Vary:* can be cached, but has mandatory revalidation -+ static const SBuf asterisk("*"); -+ if (vary == asterisk) -+ EBIT_SET(entry->flags, ENTRY_REVALIDATE_ALWAYS); - } - } - - diff --git a/src/patches/squid/squid-3.5-14108.patch b/src/patches/squid/squid-3.5-14108.patch deleted file mode 100644 index 282fe41d9..000000000 --- a/src/patches/squid/squid-3.5-14108.patch +++ /dev/null @@ -1,33 +0,0 @@ ------------------------------------------------------------- -revno: 14108 -revision-id: squid3@treenet.co.nz-20161101112231-k77st4up2sekl5zx -parent: squid3@treenet.co.nz-20161030094503-rwdft21ffff44rns -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Wed 2016-11-02 00:22:31 +1300 -message: - Fix build issue after rev.14105 ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161101112231-k77st4up2sekl5zx -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: fea1ede525ccb3ad7bf50e8de8f125a86a8dc016 -# timestamp: 2016-11-01 11:51:06 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161030094503-\ -# rwdft21ffff44rns -# -# Begin patch -=== modified file 'src/AccessLogEntry.cc' ---- src/AccessLogEntry.cc 2016-10-30 09:39:20 +0000 -+++ src/AccessLogEntry.cc 2016-11-01 11:22:31 +0000 -@@ -30,7 +30,7 @@ - log_ip = request->indirect_client_addr; - else - #endif -- if (tcpClient) -+ if (tcpClient != NULL) - log_ip = tcpClient->remote; - else - log_ip = cache.caddr; - diff --git a/src/patches/squid/squid-3.5-14109.patch b/src/patches/squid/squid-3.5-14109.patch deleted file mode 100644 index 82b7dd270..000000000 --- a/src/patches/squid/squid-3.5-14109.patch +++ /dev/null @@ -1,167 +0,0 @@ ------------------------------------------------------------- -revno: 14109 -revision-id: squid3@treenet.co.nz-20161111060325-yh8chavvnzuvfh3h -parent: squid3@treenet.co.nz-20161101112231-k77st4up2sekl5zx -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3379 -author: Garri Djavadyan garryd@comnet.uz, Amos Jeffries squid3@treenet.co.nz -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Fri 2016-11-11 19:03:25 +1300 -message: - Bug 3379: Combination of If-Match and a Cache Hit result in TCP Connection Failure ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161111060325-yh8chavvnzuvfh3h -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 50d66878a765925d9a64569b3c226bebdee1f736 -# timestamp: 2016-11-11 06:10:37 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161101112231-\ -# k77st4up2sekl5zx -# -# Begin patch -=== modified file 'src/client_side_reply.cc' ---- src/client_side_reply.cc 2016-10-09 19:47:26 +0000 -+++ src/client_side_reply.cc 2016-11-11 06:03:25 +0000 -@@ -589,6 +589,7 @@ - debugs(88, 5, "negative-HIT"); - http->logType = LOG_TCP_NEGATIVE_HIT; - sendMoreData(result); -+ return; - } else if (blockedHit()) { - debugs(88, 5, "send_hit forces a MISS"); - http->logType = LOG_TCP_MISS; -@@ -641,27 +642,29 @@ - http->logType = LOG_TCP_MISS; - processMiss(); - } -+ return; - } else if (r->conditional()) { - debugs(88, 5, "conditional HIT"); -- processConditional(result); -- } else { -- /* -- * plain ol' cache hit -- */ -- debugs(88, 5, "plain old HIT"); -+ if (processConditional(result)) -+ return; -+ } -+ -+ /* -+ * plain ol' cache hit -+ */ -+ debugs(88, 5, "plain old HIT"); - - #if USE_DELAY_POOLS -- if (e->store_status != STORE_OK) -- http->logType = LOG_TCP_MISS; -- else -+ if (e->store_status != STORE_OK) -+ http->logType = LOG_TCP_MISS; -+ else - #endif -- if (e->mem_status == IN_MEMORY) -- http->logType = LOG_TCP_MEM_HIT; -- else if (Config.onoff.offline) -- http->logType = LOG_TCP_OFFLINE_HIT; -+ if (e->mem_status == IN_MEMORY) -+ http->logType = LOG_TCP_MEM_HIT; -+ else if (Config.onoff.offline) -+ http->logType = LOG_TCP_OFFLINE_HIT; - -- sendMoreData(result); -- } -+ sendMoreData(result); - } - - /** -@@ -755,17 +758,16 @@ - } - - /// process conditional request from client --void -+bool - clientReplyContext::processConditional(StoreIOBuffer &result) - { - StoreEntry *const e = http->storeEntry(); - - if (e->getReply()->sline.status() != Http::scOkay) { -- debugs(88, 4, "clientReplyContext::processConditional: Reply code " << -- e->getReply()->sline.status() << " != 200"); -+ debugs(88, 4, "Reply code " << e->getReply()->sline.status() << " != 200"); - http->logType = LOG_TCP_MISS; - processMiss(); -- return; -+ return true; - } - - HttpRequest &r = *http->request; -@@ -773,7 +775,7 @@ - if (r.header.has(HDR_IF_MATCH) && !e->hasIfMatchEtag(r)) { - // RFC 2616: reply with 412 Precondition Failed if If-Match did not match - sendPreconditionFailedError(); -- return; -+ return true; - } - - bool matchedIfNoneMatch = false; -@@ -786,14 +788,14 @@ - r.header.delById(HDR_IF_MODIFIED_SINCE); - http->logType = LOG_TCP_MISS; - sendMoreData(result); -- return; -+ return true; - } - - if (!r.flags.ims) { - // RFC 2616: if If-None-Match matched and there is no IMS, - // reply with 304 Not Modified or 412 Precondition Failed - sendNotModifiedOrPreconditionFailedError(); -- return; -+ return true; - } - - // otherwise check IMS below to decide if we reply with 304 or 412 -@@ -805,19 +807,20 @@ - if (e->modifiedSince(r.ims, r.imslen)) { - http->logType = LOG_TCP_IMS_HIT; - sendMoreData(result); -- return; -- } - -- if (matchedIfNoneMatch) { -+ } else if (matchedIfNoneMatch) { - // If-None-Match matched, reply with 304 Not Modified or - // 412 Precondition Failed - sendNotModifiedOrPreconditionFailedError(); -- return; -+ -+ } else { -+ // otherwise reply with 304 Not Modified -+ sendNotModified(); - } -- -- // otherwise reply with 304 Not Modified -- sendNotModified(); -+ return true; - } -+ -+ return false; - } - - /// whether squid.conf send_hit prevents us from serving this hit - -=== modified file 'src/client_side_reply.h' ---- src/client_side_reply.h 2016-09-23 15:28:42 +0000 -+++ src/client_side_reply.h 2016-11-11 06:03:25 +0000 -@@ -114,7 +114,7 @@ - bool alwaysAllowResponse(Http::StatusCode sline) const; - int checkTransferDone(); - void processOnlyIfCachedMiss(); -- void processConditional(StoreIOBuffer &result); -+ bool processConditional(StoreIOBuffer &result); - void cacheHit(StoreIOBuffer result); - void handleIMSReply(StoreIOBuffer result); - void sendMoreData(StoreIOBuffer result); - diff --git a/src/patches/squid/squid-3.5-14110.patch b/src/patches/squid/squid-3.5-14110.patch deleted file mode 100644 index 0d0a9db4b..000000000 --- a/src/patches/squid/squid-3.5-14110.patch +++ /dev/null @@ -1,102 +0,0 @@ ------------------------------------------------------------- -revno: 14110 -revision-id: squid3@treenet.co.nz-20161114105124-46hmtnsg8uj4owxz -parent: squid3@treenet.co.nz-20161111060325-yh8chavvnzuvfh3h -author: Christos Tsantilas chtsanti@users.sourceforge.net -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Mon 2016-11-14 23:51:24 +1300 -message: - Fix ssl::server_name ACL badly broken since inception. - - The original server_name code mishandled all SNI checks and some rare - host checks: - - * The SNI-derived value was pointing to an already freed memory storage. - * Missing host-derived values were not detected (host() is never nil). - * Mismatches were re-checked with an undocumented "none" value - instead of being treated as mismatches. - - Same for ssl::server_name_regex. - - Also set SNI for more server-first and client-first transactions. - - This is a Measurement Factory project. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161114105124-46hmtnsg8uj4owxz -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 46aadc410b46d91d597218961dbf1c634fb834fb -# timestamp: 2016-11-14 10:56:00 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161111060325-\ -# yh8chavvnzuvfh3h -# -# Begin patch -=== modified file 'src/acl/ServerName.cc' ---- src/acl/ServerName.cc 2016-09-08 12:27:06 +0000 -+++ src/acl/ServerName.cc 2016-11-14 10:51:24 +0000 -@@ -90,27 +90,28 @@ - { - assert(checklist != NULL && checklist->request != NULL); - -- if (checklist->conn() && checklist->conn()->serverBump()) { -- if (X509 *peer_cert = checklist->conn()->serverBump()->serverCert.get()) { -- if (Ssl::matchX509CommonNames(peer_cert, (void *)data, check_cert_domain<MatchType>)) -- return 1; -- } -- } -- - const char *serverName = NULL; -- if (checklist->conn() && !checklist->conn()->sslCommonName().isEmpty()) { -- SBuf scn = checklist->conn()->sslCommonName(); -- serverName = scn.c_str(); -- } -- -- if (serverName == NULL) -- serverName = checklist->request->GetHost(); -- -- if (serverName && data->match(serverName)) { -- return 1; -- } -- -- return data->match("none"); -+ SBuf serverNameKeeper; // because c_str() is not constant -+ if (ConnStateData *conn = checklist->conn()) { -+ if (conn->serverBump()) { -+ if (X509 *peer_cert = conn->serverBump()->serverCert.get()) -+ return Ssl::matchX509CommonNames(peer_cert, (void *)data, check_cert_domain<MatchType>); -+ } -+ -+ if (conn->sslCommonName().isEmpty()) { -+ const char *host = checklist->request->GetHost(); -+ if (host && *host) // paranoid first condition: host() is never nil -+ serverName = host; -+ } else { -+ serverNameKeeper = conn->sslCommonName(); -+ serverName = serverNameKeeper.c_str(); -+ } -+ } -+ -+ if (!serverName) -+ serverName = "none"; -+ -+ return data->match(serverName); - } - - ACLServerNameStrategy * - -=== modified file 'src/cf.data.pre' ---- src/cf.data.pre 2016-10-29 23:26:28 +0000 -+++ src/cf.data.pre 2016-11-14 10:51:24 +0000 -@@ -1167,6 +1167,9 @@ - # During each Ssl-Bump step, Squid may improve its understanding of a - # "true server name". Unlike dstdomain, this ACL does not perform - # DNS lookups. -+ # The "none" name can be used to match transactions where Squid -+ # could not compute the server name using any information source -+ # already available at the ACL evaluation time. - - acl aclname ssl::server_name_regex [-i] .foo.com ... - # regex matches server name obtained from various sources [fast] - diff --git a/src/patches/squid/squid-3.5-14111.patch b/src/patches/squid/squid-3.5-14111.patch deleted file mode 100644 index 984069b0c..000000000 --- a/src/patches/squid/squid-3.5-14111.patch +++ /dev/null @@ -1,43 +0,0 @@ ------------------------------------------------------------- -revno: 14111 -revision-id: squid3@treenet.co.nz-20161114105434-f1uvw2lu8l4lpgay -parent: squid3@treenet.co.nz-20161114105124-46hmtnsg8uj4owxz -author: Garri Djavadyan garryd@comnet.uz -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Mon 2016-11-14 23:54:34 +1300 -message: - Fix spelling for digest nonce cache maintenance event ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161114105434-f1uvw2lu8l4lpgay -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 8c91678868beb689db5e0e6eaa6911c44f503ac8 -# timestamp: 2016-11-14 10:56:03 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161114105124-\ -# 46hmtnsg8uj4owxz -# -# Begin patch -=== modified file 'src/auth/digest/Config.cc' ---- src/auth/digest/Config.cc 2016-01-01 00:14:27 +0000 -+++ src/auth/digest/Config.cc 2016-11-14 10:54:34 +0000 -@@ -204,7 +204,7 @@ - if (!digest_nonce_cache) { - digest_nonce_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string); - assert(digest_nonce_cache); -- eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_castAuth::Digest::Config*(Auth::Config::Find("digest"))->nonceGCInterval, 1); -+ eventAdd("Digest nonce cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_castAuth::Digest::Config*(Auth::Config::Find("digest"))->nonceGCInterval, 1); - } - } - -@@ -268,7 +268,7 @@ - debugs(29, 3, "Finished cleaning the nonce cache."); - - if (static_castAuth::Digest::Config*(Auth::Config::Find("digest"))->active()) -- eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_castAuth::Digest::Config*(Auth::Config::Find("digest"))->nonceGCInterval, 1); -+ eventAdd("Digest nonce cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_castAuth::Digest::Config*(Auth::Config::Find("digest"))->nonceGCInterval, 1); - } - - static void - diff --git a/src/patches/squid/squid-3.5-14112.patch b/src/patches/squid/squid-3.5-14112.patch deleted file mode 100644 index a63c1c0a2..000000000 --- a/src/patches/squid/squid-3.5-14112.patch +++ /dev/null @@ -1,60 +0,0 @@ ------------------------------------------------------------- -revno: 14112 -revision-id: squid3@treenet.co.nz-20161114124051-s0vzoj5exv5g8w56 -parent: squid3@treenet.co.nz-20161114105434-f1uvw2lu8l4lpgay -author: Alex Rousskov rousskov@measurement-factory.com -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Tue 2016-11-15 01:40:51 +1300 -message: - Honor SBufReservationRequirements::minSize regardless of idealSize. - - In a fully specified SBufReservationRequirements, idealSize would - naturally match or exceed minSize. However, the idealSize default value - (zero) may not. We should honor minSize regardless of idealSize, just as - the API documentation promises to do. - - No runtime changes expected right now because the only existing user of - SBufReservationRequirements sets .idealSize to CLIENT_REQ_BUF_SZ (4096) - and .minSize to 1024. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161114124051-s0vzoj5exv5g8w56 -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: fb0969aa035352582364b529a70286cbfd89564a -# timestamp: 2016-11-14 12:43:10 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161114105434-\ -# f1uvw2lu8l4lpgay -# -# Begin patch -=== modified file 'src/SBuf.cc' ---- src/SBuf.cc 2016-06-18 13:36:07 +0000 -+++ src/SBuf.cc 2016-11-14 12:40:51 +0000 -@@ -178,7 +178,8 @@ - if (!mustRealloc && len_ >= req.maxCapacity) - return spaceSize(); // but we cannot reallocate - -- const size_type newSpace = std::min(req.idealSpace, maxSize - len_); -+ const size_type desiredSpace = std::max(req.minSpace, req.idealSpace); -+ const size_type newSpace = std::min(desiredSpace, maxSize - len_); - reserveCapacity(std::min(len_ + newSpace, req.maxCapacity)); - debugs(24, 7, id << " now: " << off_ << '+' << len_ << '+' << spaceSize() << - '=' << store_->capacity); - -=== modified file 'src/SBuf.h' ---- src/SBuf.h 2016-06-18 13:36:07 +0000 -+++ src/SBuf.h 2016-11-14 12:40:51 +0000 -@@ -635,9 +635,10 @@ - /* - * Parameters are listed in the reverse order of importance: Satisfaction of - * the lower-listed requirements may violate the higher-listed requirements. -+ * For example, idealSpace has no effect unless it exceeds minSpace. - */ - size_type idealSpace; ///< if allocating anyway, provide this much space -- size_type minSpace; ///< allocate if spaceSize() is smaller -+ size_type minSpace; ///< allocate [at least this much] if spaceSize() is smaller - size_type maxCapacity; ///< do not allocate more than this - bool allowShared; ///< whether sharing our storage with others is OK - }; - diff --git a/src/patches/squid/squid-3.5-14113.patch b/src/patches/squid/squid-3.5-14113.patch deleted file mode 100644 index d54502630..000000000 --- a/src/patches/squid/squid-3.5-14113.patch +++ /dev/null @@ -1,47 +0,0 @@ ------------------------------------------------------------- -revno: 14113 -revision-id: squid3@treenet.co.nz-20161115075728-2xj2621oh5bwn8wn -parent: squid3@treenet.co.nz-20161114124051-s0vzoj5exv5g8w56 -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Tue 2016-11-15 20:57:28 +1300 -message: - TLS: Make key= before cert= an error instead of quietly hiding the issue - - This squid.conf setup is fatal in Squid-4. So best to fix these installations. - Even though Squdi-3 can cope with it. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161115075728-2xj2621oh5bwn8wn -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: a18738f4cbf0c1bd368e61d4b19c5d6f5005b919 -# timestamp: 2016-11-15 07:58:39 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161114124051-\ -# s0vzoj5exv5g8w56 -# -# Begin patch -=== modified file 'src/cache_cf.cc' ---- src/cache_cf.cc 2016-09-23 11:11:48 +0000 -+++ src/cache_cf.cc 2016-11-15 07:57:28 +0000 -@@ -2257,6 +2257,9 @@ - safe_free(p->sslcert); - p->sslcert = xstrdup(token + 8); - } else if (strncmp(token, "sslkey=", 7) == 0) { -+ if (!p->sslcert) { -+ debugs(3, DBG_CRITICAL, "ERROR: " << cfg_directive << ": sslcert= option must be set before sslkey= is used."); -+ } - safe_free(p->sslkey); - p->sslkey = xstrdup(token + 7); - } else if (strncmp(token, "sslversion=", 11) == 0) { -@@ -3729,6 +3732,9 @@ - safe_free(s->cert); - s->cert = xstrdup(token + 5); - } else if (strncmp(token, "key=", 4) == 0) { -+ if (!s->cert) { -+ debugs(3, DBG_CRITICAL, "ERROR: " << cfg_directive << ": cert= option must be set before key= is used."); -+ } - safe_free(s->key); - s->key = xstrdup(token + 4); - } else if (strncmp(token, "version=", 8) == 0) { - diff --git a/src/patches/squid/squid-3.5-14114.patch b/src/patches/squid/squid-3.5-14114.patch deleted file mode 100644 index 098500429..000000000 --- a/src/patches/squid/squid-3.5-14114.patch +++ /dev/null @@ -1,46 +0,0 @@ ------------------------------------------------------------- -revno: 14114 -revision-id: squid3@treenet.co.nz-20161130154205-c9z1bhqzuh3rafl3 -parent: squid3@treenet.co.nz-20161115075728-2xj2621oh5bwn8wn -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Thu 2016-12-01 04:42:05 +1300 -message: - Improve debugs warnings when loading signing certs fails ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161130154205-c9z1bhqzuh3rafl3 -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: e760bf590489a354e314f19dd158b063d23ef7a7 -# timestamp: 2016-11-30 15:51:47 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161115075728-\ -# 2xj2621oh5bwn8wn -# -# Begin patch -=== modified file 'src/ssl/support.cc' ---- src/ssl/support.cc 2016-10-09 14:30:11 +0000 -+++ src/ssl/support.cc 2016-11-30 15:42:05 +0000 -@@ -2011,10 +2011,17 @@ - pem_password_cb *cb = ::Config.Program.ssl_password ? &ssl_ask_password_cb : NULL; - pkey.reset(readSslPrivateKey(keyFilename, cb)); - cert.reset(readSslX509CertificatesChain(certFilename, chain.get())); -- if (!pkey || !cert || !X509_check_private_key(cert.get(), pkey.get())) { -- pkey.reset(NULL); -- cert.reset(NULL); -- } -+ if (!cert) { -+ debugs(83, DBG_IMPORTANT, "WARNING: missing cert in '" << certFilename << "'"); -+ } else if (!pkey) { -+ debugs(83, DBG_IMPORTANT, "WARNING: missing private key in '" << keyFilename << "'"); -+ } else if (!X509_check_private_key(cert.get(), pkey.get())) { -+ debugs(83, DBG_IMPORTANT, "WARNING: X509_check_private_key() failed to verify signing cert"); -+ } else -+ return; // everything is okay -+ -+ pkey.reset(NULL); -+ cert.reset(NULL); - } - - bool Ssl::generateUntrustedCert(X509_Pointer &untrustedCert, EVP_PKEY_Pointer &untrustedPkey, X509_Pointer const &cert, EVP_PKEY_Pointer const & pkey) - diff --git a/src/patches/squid/squid-3.5-14115.patch b/src/patches/squid/squid-3.5-14115.patch deleted file mode 100644 index 4e5e3cf2b..000000000 --- a/src/patches/squid/squid-3.5-14115.patch +++ /dev/null @@ -1,197 +0,0 @@ ------------------------------------------------------------- -revno: 14115 -revision-id: squid3@treenet.co.nz-20161130215630-c42qucqar9bi9a1k -parent: squid3@treenet.co.nz-20161130154205-c9z1bhqzuh3rafl3 -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4004 -author: Christos Tsantilas chtsanti@users.sourceforge.net -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Thu 2016-12-01 10:56:30 +1300 -message: - Bug 4004 partial: Fix segfault via Ftp::Client::readControlReply - - Added nil dereference checks for Ftp::Client::ctrl.conn, including: - - Ftp::Client::handlePasvReply() and handleEpsvReply() that dereference - ctrl.conn in DBG_IMPORTANT messages. - - Many functions inside FtpClient.cc and FtpGateway.cc files. - - TODO: We need to find a better way to handle nil ctrl.conn. It is only - a matter of time when we forget to add another dereference check or - discover a place we missed during this change. - - Also disabled forwarding of EPRT and PORT commands to origin servers. - Squid support for those commands is broken and their forwarding may - cause segfaults (bug #4004). Active FTP is still supported, of course. - - This is a Measurement Factory project ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161130215630-c42qucqar9bi9a1k -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 345883c1b5a5cd221e9d0e68b254df7d955372ad -# timestamp: 2016-11-30 22:42:02 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161130154205-\ -# c9z1bhqzuh3rafl3 -# -# Begin patch -=== modified file 'src/clients/FtpClient.cc' ---- src/clients/FtpClient.cc 2016-08-05 14:59:33 +0000 -+++ src/clients/FtpClient.cc 2016-11-30 21:56:30 +0000 -@@ -442,6 +442,11 @@ - char *buf; - debugs(9, 3, status()); - -+ if (!Comm::IsConnOpen(ctrl.conn)) { -+ debugs(9, 5, "The control connection to the remote end is closed"); -+ return false; -+ } -+ - if (code != 227) { - debugs(9, 2, "PASV not supported by remote end"); - return false; -@@ -473,6 +478,11 @@ - char *buf; - debugs(9, 3, status()); - -+ if (!Comm::IsConnOpen(ctrl.conn)) { -+ debugs(9, 5, "The control connection to the remote end is closed"); -+ return false; -+ } -+ - if (code != 229 && code != 522) { - if (code == 200) { - /* handle broken servers (RFC 2428 says OK code for EPSV MUST be 229 not 200) */ -@@ -733,6 +743,11 @@ - void - Ftp::Client::connectDataChannel() - { -+ if (!Comm::IsConnOpen(ctrl.conn)) { -+ debugs(9, 5, "The control connection to the remote end is closed"); -+ return; -+ } -+ - safe_free(ctrl.last_command); - - safe_free(ctrl.last_reply); - -=== modified file 'src/clients/FtpGateway.cc' ---- src/clients/FtpGateway.cc 2016-01-31 05:39:09 +0000 -+++ src/clients/FtpGateway.cc 2016-11-30 21:56:30 +0000 -@@ -212,7 +212,9 @@ - static FTPSM ftpReadMdtm; - static FTPSM ftpSendSize; - static FTPSM ftpReadSize; -+#if 0 - static FTPSM ftpSendEPRT; -+#endif - static FTPSM ftpReadEPRT; - static FTPSM ftpSendPORT; - static FTPSM ftpReadPORT; -@@ -450,6 +452,11 @@ - void - Ftp::Gateway::listenForDataChannel(const Comm::ConnectionPointer &conn) - { -+ if (!Comm::IsConnOpen(ctrl.conn)) { -+ debugs(9, 5, "The control connection to the remote end is closed"); -+ return; -+ } -+ - assert(!Comm::IsConnOpen(data.conn)); - - typedef CommCbMemFunT<Gateway, CommAcceptCbParams> AcceptDialer; -@@ -1183,7 +1190,7 @@ - - checkUrlpath(); - buildTitleUrl(); -- debugs(9, 5, HERE << "FD " << ctrl.conn->fd << " : host=" << request->GetHost() << -+ debugs(9, 5, "FD " << (ctrl.conn != NULL ? ctrl.conn->fd : -1) << " : host=" << request->GetHost() << - ", path=" << request->urlpath << ", user=" << user << ", passwd=" << password); - state = BEGIN; - Ftp::Client::start(); -@@ -1750,7 +1757,9 @@ - if (ftpState->handlePasvReply(srvAddr)) - ftpState->connectDataChannel(); - else { -- ftpSendEPRT(ftpState); -+ ftpFail(ftpState); -+ // Currently disabled, does not work correctly: -+ // ftpSendEPRT(ftpState); - return; - } - } -@@ -1790,6 +1799,11 @@ - } - safe_free(ftpState->data.host); - -+ if (!Comm::IsConnOpen(ftpState->ctrl.conn)) { -+ debugs(9, 5, "The control connection to the remote end is closed"); -+ return; -+ } -+ - /* - * Set up a listen socket on the same local address as the - * control connection. -@@ -1875,9 +1889,14 @@ - ftpRestOrList(ftpState); - } - -+#if 0 - static void - ftpSendEPRT(Ftp::Gateway * ftpState) - { -+ /* check the server control channel is still available */ -+ if (!ftpState || !ftpState->haveControlChannel("ftpSendEPRT")) -+ return; -+ - if (Config.Ftp.epsv_all && ftpState->flags.epsv_all_sent) { - debugs(9, DBG_IMPORTANT, "FTP does not allow EPRT method after 'EPSV ALL' has been sent."); - return; -@@ -1913,6 +1932,7 @@ - ftpState->writeCommand(cbuf); - ftpState->state = Ftp::Client::SENT_EPRT; - } -+#endif - - static void - ftpReadEPRT(Ftp::Gateway * ftpState) -@@ -1939,10 +1959,8 @@ - { - debugs(9, 3, HERE); - -- if (EBIT_TEST(entry->flags, ENTRY_ABORTED)) { -- abortAll("entry aborted when accepting data conn"); -- data.listenConn->close(); -- data.listenConn = NULL; -+ if (!Comm::IsConnOpen(ctrl.conn)) { /*Close handlers will cleanup*/ -+ debugs(9, 5, "The control connection to the remote end is closed"); - return; - } - -@@ -1955,6 +1973,14 @@ - return; - } - -+ if (EBIT_TEST(entry->flags, ENTRY_ABORTED)) { -+ abortAll("entry aborted when accepting data conn"); -+ data.listenConn->close(); -+ data.listenConn = NULL; -+ io.conn->close(); -+ return; -+ } -+ - /* data listening conn is no longer even open. abort. */ - if (!Comm::IsConnOpen(data.listenConn)) { - data.listenConn = NULL; // ensure that it's cleared and not just closed. -@@ -2705,8 +2731,8 @@ - Ftp::Gateway::completeForwarding() - { - if (fwd == NULL || flags.completed_forwarding) { -- debugs(9, 3, HERE << "completeForwarding avoids " << -- "double-complete on FD " << ctrl.conn->fd << ", Data FD " << data.conn->fd << -+ debugs(9, 3, "avoid double-complete on FD " << -+ (ctrl.conn != NULL ? ctrl.conn->fd : -1) << ", Data FD " << data.conn->fd << - ", this " << this << ", fwd " << fwd); - return; - } - diff --git a/src/patches/squid/squid-3.5-14116.patch b/src/patches/squid/squid-3.5-14116.patch deleted file mode 100644 index c92d8b80c..000000000 --- a/src/patches/squid/squid-3.5-14116.patch +++ /dev/null @@ -1,38 +0,0 @@ ------------------------------------------------------------- -revno: 14116 -revision-id: squid3@treenet.co.nz-20161130223332-zcaxll4prj3kag1b -parent: squid3@treenet.co.nz-20161130215630-c42qucqar9bi9a1k -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3533 -author: Garri Djavadyan garryd@comnet.uz -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Thu 2016-12-01 11:33:32 +1300 -message: - Bug 3533: Cache still valid after HTTP/1.1 303 See Other - - RFC7231 does not mention 303 response as non-cacheable. - So, assuming that means it *is* cacheable. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161130223332-zcaxll4prj3kag1b -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: c90320c95a4b64c8d18794fbe5df526fe0f9f702 -# timestamp: 2016-11-30 22:42:05 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161130215630-\ -# c42qucqar9bi9a1k -# -# Begin patch -=== modified file 'src/http.cc' ---- src/http.cc 2016-10-30 09:45:03 +0000 -+++ src/http.cc 2016-11-30 22:33:32 +0000 -@@ -203,6 +203,8 @@ - - case Http::scFound: - -+ case Http::scSeeOther: -+ - case Http::scGone: - - case Http::scNotFound: - diff --git a/src/patches/squid/squid-3.5-14117.patch b/src/patches/squid/squid-3.5-14117.patch deleted file mode 100644 index 23d5376f2..000000000 --- a/src/patches/squid/squid-3.5-14117.patch +++ /dev/null @@ -1,152 +0,0 @@ ------------------------------------------------------------- -revno: 14117 -revision-id: squid3@treenet.co.nz-20161130232039-z18ikhhcf3j185my -parent: squid3@treenet.co.nz-20161130223332-zcaxll4prj3kag1b -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4007 -author: Stephen Baynes sbaynes@mail.com, Amos Jeffries squid3@treenet.co.nz -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Thu 2016-12-01 12:20:39 +1300 -message: - Bug 4007: Hang on DNS query with dead-end CNAME - - DNS lookup recursion no longer occurs. ipcacheParse() return values are no - longer useful. - - Also, cleanup the debugging output. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161130232039-z18ikhhcf3j185my -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 9059c7a07e5366bd2eac606c72f875077766ed34 -# timestamp: 2016-11-30 23:27:11 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161130223332-\ -# zcaxll4prj3kag1b -# -# Begin patch -=== modified file 'src/ipcache.cc' ---- src/ipcache.cc 2016-01-01 00:14:27 +0000 -+++ src/ipcache.cc 2016-11-30 23:20:39 +0000 -@@ -123,7 +123,6 @@ - static FREE ipcacheFreeEntry; - static IDNSCB ipcacheHandleReply; - static int ipcacheExpiredEntry(ipcache_entry *); --static int ipcacheParse(ipcache_entry *, const rfc1035_rr *, int, const char *error); - static ipcache_entry *ipcache_get(const char *); - static void ipcacheLockEntry(ipcache_entry *); - static void ipcacheStatPrint(ipcache_entry *, StoreEntry *); -@@ -328,8 +327,7 @@ - ipcacheUnlockEntry(i); - } - --/// \ingroup IPCacheAPI --static int -+static void - ipcacheParse(ipcache_entry *i, const rfc1035_rr * answers, int nr, const char *error_message) - { - int k; -@@ -350,25 +348,25 @@ - i->addrs.count = 0; - - if (nr < 0) { -- debugs(14, 3, "ipcacheParse: Lookup failed '" << error_message << "' for '" << (const char *)i->hash.key << "'"); -+ debugs(14, 3, "Lookup failed '" << error_message << "' for '" << (const char *)i->hash.key << "'"); - i->error_message = xstrdup(error_message); -- return -1; -+ return; - } - - if (nr == 0) { -- debugs(14, 3, "ipcacheParse: No DNS records in response to '" << name << "'"); -+ debugs(14, 3, "No DNS records in response to '" << name << "'"); - i->error_message = xstrdup("No DNS records"); -- return -1; -+ return; - } - -- debugs(14, 3, "ipcacheParse: " << nr << " answers for '" << name << "'"); -+ debugs(14, 3, nr << " answers for '" << name << "'"); - assert(answers); - - for (k = 0; k < nr; ++k) { - - if (Ip::EnableIpv6 && answers[k].type == RFC1035_TYPE_AAAA) { - if (answers[k].rdlength != sizeof(struct in6_addr)) { -- debugs(14, DBG_IMPORTANT, "ipcacheParse: Invalid IPv6 address in response to '" << name << "'"); -+ debugs(14, DBG_IMPORTANT, MYNAME << "Invalid IPv6 address in response to '" << name << "'"); - continue; - } - ++na; -@@ -378,7 +376,7 @@ - - if (answers[k].type == RFC1035_TYPE_A) { - if (answers[k].rdlength != sizeof(struct in_addr)) { -- debugs(14, DBG_IMPORTANT, "ipcacheParse: Invalid IPv4 address in response to '" << name << "'"); -+ debugs(14, DBG_IMPORTANT, MYNAME << "Invalid IPv4 address in response to '" << name << "'"); - continue; - } - ++na; -@@ -394,14 +392,14 @@ - } - - // otherwise its an unknown RR. debug at level 9 since we usually want to ignore these and they are common. -- debugs(14, 9, HERE << "Unknown RR type received: type=" << answers[k].type << " starting at " << &(answers[k]) ); -+ debugs(14, 9, "Unknown RR type received: type=" << answers[k].type << " starting at " << &(answers[k]) ); - } - if (na == 0) { -- debugs(14, DBG_IMPORTANT, "ipcacheParse: No Address records in response to '" << name << "'"); -+ debugs(14, DBG_IMPORTANT, MYNAME << "No Address records in response to '" << name << "'"); - i->error_message = xstrdup("No Address records"); - if (cname_found) - ++IpcacheStats.cname_only; -- return 0; -+ return; - } - - i->addrs.in_addrs = static_cast<Ip::Address *>(xcalloc(na, sizeof(Ip::Address))); -@@ -419,7 +417,7 @@ - memcpy(&temp, answers[k].rdata, sizeof(struct in_addr)); - i->addrs.in_addrs[j] = temp; - -- debugs(14, 3, "ipcacheParse: " << name << " #" << j << " " << i->addrs.in_addrs[j]); -+ debugs(14, 3, name << " #" << j << " " << i->addrs.in_addrs[j]); - ++j; - - } else if (Ip::EnableIpv6 && answers[k].type == RFC1035_TYPE_AAAA) { -@@ -430,7 +428,7 @@ - memcpy(&temp, answers[k].rdata, sizeof(struct in6_addr)); - i->addrs.in_addrs[j] = temp; - -- debugs(14, 3, "ipcacheParse: " << name << " #" << j << " " << i->addrs.in_addrs[j] ); -+ debugs(14, 3, name << " #" << j << " " << i->addrs.in_addrs[j] ); - ++j; - } - if (ttl == 0 || (int) answers[k].ttl < ttl) -@@ -453,8 +451,6 @@ - i->expires = squid_curtime + ttl; - - i->flags.negcached = false; -- -- return i->addrs.count; - } - - /// \ingroup IPCacheInternal -@@ -467,13 +463,9 @@ - const int age = i->age(); - statCounter.dns.svcTime.count(age); - -- int done = ipcacheParse(i, answers, na, error_message); -- -- /* If we have not produced either IPs or Error immediately, wait for recursion to finish. */ -- if (done != 0 || error_message != NULL) { -- ipcacheAddEntry(i); -- ipcacheCallback(i, age); -- } -+ ipcacheParse(i, answers, na, error_message); -+ ipcacheAddEntry(i); -+ ipcacheCallback(i, age); - } - - /** - diff --git a/src/patches/squid/squid-3.5-14118.patch b/src/patches/squid/squid-3.5-14118.patch deleted file mode 100644 index 1e36294f3..000000000 --- a/src/patches/squid/squid-3.5-14118.patch +++ /dev/null @@ -1,55 +0,0 @@ ------------------------------------------------------------- -revno: 14118 -revision-id: squid3@treenet.co.nz-20161130233304-lk3q0bx8gn5l3l85 -parent: squid3@treenet.co.nz-20161130232039-z18ikhhcf3j185my -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3290 -author: Garri Djavadyan garryd@comnet.uz -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Thu 2016-12-01 12:33:04 +1300 -message: - Bug 3290: authenticate_ttl not working for digest authentication ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161130233304-lk3q0bx8gn5l3l85 -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 50ff391db1484222ead5fb50b1bca0694c37ed4c -# timestamp: 2016-11-30 23:34:59 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161130232039-\ -# z18ikhhcf3j185my -# -# Begin patch -=== modified file 'src/auth/digest/Config.cc' ---- src/auth/digest/Config.cc 2016-11-14 10:54:34 +0000 -+++ src/auth/digest/Config.cc 2016-11-30 23:33:04 +0000 -@@ -1058,6 +1058,10 @@ - * the user agent won't change user name without warning. - */ - authDigestUserLinkNonce(digest_user, nonce); -+ -+ /* auth_user is now linked, we reset these values -+ * after external auth occurs anyway */ -+ auth_user->expiretime = current_time.tv_sec; - } else { - debugs(29, 9, "Found user '" << username << "' in the user cache as '" << auth_user << "'"); - digest_user = static_cast<Auth::Digest::User *>(auth_user.getRaw()); - -=== modified file 'src/auth/digest/UserRequest.cc' ---- src/auth/digest/UserRequest.cc 2016-01-01 00:14:27 +0000 -+++ src/auth/digest/UserRequest.cc 2016-11-30 23:33:04 +0000 -@@ -187,12 +187,7 @@ - auth_user->credentials(Auth::Ok); - - /* password was checked and did match */ -- debugs(29, 4, HERE << "user '" << auth_user->username() << "' validated OK"); -- -- /* auth_user is now linked, we reset these values -- * after external auth occurs anyway */ -- auth_user->expiretime = current_time.tv_sec; -- return; -+ debugs(29, 4, "user '" << auth_user->username() << "' validated OK"); - } - - Auth::Direction - diff --git a/src/patches/squid/squid-3.5-14119.patch b/src/patches/squid/squid-3.5-14119.patch deleted file mode 100644 index d6e85a5e9..000000000 --- a/src/patches/squid/squid-3.5-14119.patch +++ /dev/null @@ -1,184 +0,0 @@ ------------------------------------------------------------- -revno: 14119 -revision-id: squid3@treenet.co.nz-20161209015833-xm965d5l6u03qhew -parent: squid3@treenet.co.nz-20161130233304-lk3q0bx8gn5l3l85 -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4174 -author: Christos Tsantilas chtsanti@users.sourceforge.net -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Fri 2016-12-09 14:58:33 +1300 -message: - Bug 4174 partial: fix Write.cc:41 "!ccb->active()" assertion. - - The following sequence of events triggers this assertion: - - The server sends an 1xx control message. - - http.cc schedules ConnStateData::sendControlMsg call. - - Before sendControlMsg is fired, http.cc detects an error (e.g., I/O - error or timeout) and starts writing the reply to the user. - - The ConnStateData::sendControlMsg is fired, starts writing 1xx, and - hits the "no concurrent writes" assertion. - - We could only reproduce this sequence in the lab after changing Squid - code to trigger a timeout at the right moment, but the sequence looks - plausible. Other event sequences might result in the same outcome. - - To avoid concurrent writes, Squid now drops the control message if - Http::One::Server detects that a reply is already being written. Also, - ConnStateData delays reply writing until a pending control message write - has been completed. - - This is a Measurement Factory project. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161209015833-xm965d5l6u03qhew -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 103c6fc1fa45d78ba7f9e85ab3d89fff898ee762 -# timestamp: 2016-12-09 02:51:06 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161130233304-\ -# lk3q0bx8gn5l3l85 -# -# Begin patch -=== modified file 'src/client_side.cc' ---- src/client_side.cc 2016-09-23 20:49:24 +0000 -+++ src/client_side.cc 2016-12-09 01:58:33 +0000 -@@ -340,7 +340,21 @@ - AsyncCall::Pointer call = commCbCall(33, 5, "ClientSocketContext::wroteControlMsg", - CommIoCbPtrFun(&WroteControlMsg, this)); - -- getConn()->writeControlMsgAndCall(this, rep.getRaw(), call); -+ if (!getConn()->writeControlMsgAndCall(this, rep.getRaw(), call)) { -+ // but still inform the caller (so it may resume its operation) -+ doneWithControlMsg(); -+ } -+} -+ -+void -+ClientSocketContext::doneWithControlMsg() -+{ -+ ScheduleCallHere(cbControlMsgSent); -+ cbControlMsgSent = NULL; -+ -+ debugs(33, 3, clientConnection << ": calling PushDeferredIfNeeded after control msg wrote"); -+ ClientSocketContextPushDeferredIfNeeded(this, getConn()); -+ - } - - /// called when we wrote the 1xx response -@@ -351,7 +365,7 @@ - return; - - if (errflag == Comm::OK) { -- ScheduleCallHere(cbControlMsgSent); -+ doneWithControlMsg(); - return; - } - -@@ -1455,6 +1469,8 @@ - - if (context != http->getConn()->getCurrentContext()) - context->deferRecipientForLater(node, rep, receivedData); -+ else if (context->controlMsgIsPending()) -+ context->deferRecipientForLater(node, rep, receivedData); - else - http->getConn()->handleReply(rep, receivedData); - - -=== modified file 'src/client_side.h' ---- src/client_side.h 2016-06-18 13:36:07 +0000 -+++ src/client_side.h 2016-12-09 01:58:33 +0000 -@@ -129,9 +129,13 @@ - /// starts writing 1xx control message to the client - void writeControlMsg(HttpControlMsg &msg); - -+ /// true if 1xx to the user is pending -+ bool controlMsgIsPending() {return cbControlMsgSent != NULL;} -+ - protected: - static IOCB WroteControlMsg; - void wroteControlMsg(const Comm::ConnectionPointer &conn, char *bufnotused, size_t size, Comm::Flag errflag, int xerrno); -+ void doneWithControlMsg(); - - private: - void prepareReply(HttpReply * rep); -@@ -387,7 +391,7 @@ - void connectionTag(const char *aTag) { connectionTag_ = aTag; } - - /// handle a control message received by context from a peer and call back -- virtual void writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call) = 0; -+ virtual bool writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call) = 0; - - /// ClientStream calls this to supply response header (once) and data - /// for the current ClientSocketContext. - -=== modified file 'src/servers/FtpServer.cc' ---- src/servers/FtpServer.cc 2016-06-30 21:09:12 +0000 -+++ src/servers/FtpServer.cc 2016-12-09 01:58:33 +0000 -@@ -1152,12 +1152,13 @@ - writeErrorReply(reply, 451); - } - --void -+bool - Ftp::Server::writeControlMsgAndCall(ClientSocketContext *context, HttpReply *reply, AsyncCall::Pointer &call) - { - // the caller guarantees that we are dealing with the current context only - // the caller should also make sure reply->header.has(HDR_FTP_STATUS) - writeForwardedReplyAndCall(reply, call); -+ return true; - } - - void - -=== modified file 'src/servers/FtpServer.h' ---- src/servers/FtpServer.h 2016-03-15 18:14:15 +0000 -+++ src/servers/FtpServer.h 2016-12-09 01:58:33 +0000 -@@ -94,7 +94,7 @@ - virtual void clientPinnedConnectionClosed(const CommCloseCbParams &io); - virtual void handleReply(HttpReply *header, StoreIOBuffer receivedData); - virtual int pipelinePrefetchMax() const; -- virtual void writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call); -+ virtual bool writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call); - virtual time_t idleTimeout() const; - - /* BodyPipe API */ - -=== modified file 'src/servers/HttpServer.cc' ---- src/servers/HttpServer.cc 2016-01-01 00:14:27 +0000 -+++ src/servers/HttpServer.cc 2016-12-09 01:58:33 +0000 -@@ -35,7 +35,7 @@ - virtual ClientSocketContext *parseOneRequest(Http::ProtocolVersion &ver); - virtual void processParsedRequest(ClientSocketContext *context, const Http::ProtocolVersion &ver); - virtual void handleReply(HttpReply *rep, StoreIOBuffer receivedData); -- virtual void writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call); -+ virtual bool writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call); - virtual time_t idleTimeout() const; - - /* BodyPipe API */ -@@ -167,9 +167,16 @@ - context->sendStartOfMessage(rep, receivedData); - } - --void -+bool - Http::Server::writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call) - { -+ // Ignore this late control message if we have started sending a -+ // reply to the user already (e.g., after an error). -+ if (context->reply) { -+ debugs(11, 2, "drop 1xx made late by " << context->reply); -+ return false; -+ } -+ - // apply selected clientReplyContext::buildReplyHeader() mods - // it is not clear what headers are required for control messages - rep->header.removeHopByHopEntries(); -@@ -184,6 +191,7 @@ - Comm::Write(context->clientConnection, mb, call); - - delete mb; -+ return true; - } - - ConnStateData * - diff --git a/src/patches/squid/squid-3.5-14120.patch b/src/patches/squid/squid-3.5-14120.patch deleted file mode 100644 index 4d28d4a95..000000000 --- a/src/patches/squid/squid-3.5-14120.patch +++ /dev/null @@ -1,62 +0,0 @@ ------------------------------------------------------------- -revno: 14120 -revision-id: squid3@treenet.co.nz-20161209034636-wytrnx7ks2jv0sxt -parent: squid3@treenet.co.nz-20161209015833-xm965d5l6u03qhew -author: Egervary Gergely gergely@egervary.hu -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Fri 2016-12-09 16:46:36 +1300 -message: - Support IPv6 NAT with PF for NetBSD and FreeBSD ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161209034636-wytrnx7ks2jv0sxt -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: b47da8d30fe000bbe50ea978bab7594065f7dc07 -# timestamp: 2016-12-09 03:51:01 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161209015833-\ -# xm965d5l6u03qhew -# -# Begin patch -=== modified file 'src/ip/Intercept.cc' ---- src/ip/Intercept.cc 2016-10-25 08:25:30 +0000 -+++ src/ip/Intercept.cc 2016-12-09 03:46:36 +0000 -@@ -339,13 +339,20 @@ - } - - memset(&nl, 0, sizeof(struct pfioc_natlook)); -- newConn->remote.getInAddr(nl.saddr.v4); -+ -+ if (newConn->remote.isIPv6()) { -+ newConn->remote.getInAddr(nl.saddr.v6); -+ newConn->local.getInAddr(nl.daddr.v6); -+ nl.af = AF_INET6; -+ } else { -+ newConn->remote.getInAddr(nl.saddr.v4); -+ newConn->local.getInAddr(nl.daddr.v4); -+ nl.af = AF_INET; -+ } -+ - nl.sport = htons(newConn->remote.port()); -- -- newConn->local.getInAddr(nl.daddr.v4); - nl.dport = htons(newConn->local.port()); - -- nl.af = AF_INET; - nl.proto = IPPROTO_TCP; - nl.direction = PF_OUT; - -@@ -361,7 +368,10 @@ - debugs(89, 9, HERE << "address: " << newConn); - return false; - } else { -- newConn->local = nl.rdaddr.v4; -+ if (newConn->remote.isIPv6()) -+ newConn->local = nl.rdaddr.v6; -+ else -+ newConn->local = nl.rdaddr.v4; - newConn->local.port(ntohs(nl.rdport)); - debugs(89, 5, HERE << "address NAT: " << newConn); - return true; - diff --git a/src/patches/squid/squid-3.5-14121.patch b/src/patches/squid/squid-3.5-14121.patch deleted file mode 100644 index 36f3f7a8d..000000000 --- a/src/patches/squid/squid-3.5-14121.patch +++ /dev/null @@ -1,36 +0,0 @@ ------------------------------------------------------------- -revno: 14121 -revision-id: squid3@treenet.co.nz-20161209043304-krtzvsm4a0zbzgi8 -parent: squid3@treenet.co.nz-20161209034636-wytrnx7ks2jv0sxt -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4406 -author: Michael Buchau mike@m-buchau.de -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Fri 2016-12-09 17:33:04 +1300 -message: - Bug 4406: SIGSEV in TunnelStateData::handleConnectResponse() during reconfigure and restart ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161209043304-krtzvsm4a0zbzgi8 -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: ce1153061cb79ac9ede6851f438ec830ed7a3e78 -# timestamp: 2016-12-09 04:51:01 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161209034636-\ -# wytrnx7ks2jv0sxt -# -# Begin patch -=== modified file 'src/tunnel.cc' ---- src/tunnel.cc 2016-08-17 13:34:13 +0000 -+++ src/tunnel.cc 2016-12-09 04:33:04 +0000 -@@ -475,7 +475,8 @@ - *status_ptr = rep.sline.status(); - - // we need to relay the 401/407 responses when login=PASS(THRU) -- const char *pwd = server.conn->getPeer()->login; -+ const CachePeer *peer = server.conn->getPeer(); -+ const char *pwd = (peer ? peer->login : NULL); - const bool relay = pwd && (strcmp(pwd, "PASS") == 0 || strcmp(pwd, "PASSTHRU") == 0) && - (*status_ptr == Http::scProxyAuthenticationRequired || - *status_ptr == Http::scUnauthorized); - diff --git a/src/patches/squid/squid-3.5-14122.patch b/src/patches/squid/squid-3.5-14122.patch deleted file mode 100644 index 292306e9e..000000000 --- a/src/patches/squid/squid-3.5-14122.patch +++ /dev/null @@ -1,34 +0,0 @@ ------------------------------------------------------------- -revno: 14122 -revision-id: squidadm@squid-cache.org-20161209061551-361ava4lrrmbwiy9 -parent: squid3@treenet.co.nz-20161209043304-krtzvsm4a0zbzgi8 -committer: Source Maintenance squidadm@squid-cache.org -branch nick: 3.5 -timestamp: Fri 2016-12-09 06:15:51 +0000 -message: - SourceFormat Enforcement ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squidadm@squid-cache.org-20161209061551-\ -# 361ava4lrrmbwiy9 -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: cb4bfe0e0aaf3e3d107ffb16e2729c6f46d5a822 -# timestamp: 2016-12-09 06:51:04 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161209043304-\ -# krtzvsm4a0zbzgi8 -# -# Begin patch -=== modified file 'src/servers/HttpServer.cc' ---- src/servers/HttpServer.cc 2016-12-09 01:58:33 +0000 -+++ src/servers/HttpServer.cc 2016-12-09 06:15:51 +0000 -@@ -170,7 +170,7 @@ - bool - Http::Server::writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call) - { -- // Ignore this late control message if we have started sending a -+ // Ignore this late control message if we have started sending a - // reply to the user already (e.g., after an error). - if (context->reply) { - debugs(11, 2, "drop 1xx made late by " << context->reply); - diff --git a/src/patches/squid/squid-3.5-14123.patch b/src/patches/squid/squid-3.5-14123.patch deleted file mode 100644 index 4d11541e9..000000000 --- a/src/patches/squid/squid-3.5-14123.patch +++ /dev/null @@ -1,59 +0,0 @@ ------------------------------------------------------------- -revno: 14123 -revision-id: squid3@treenet.co.nz-20161215090342-ml7nmzlfmiiov7j5 -parent: squidadm@squid-cache.org-20161209061551-361ava4lrrmbwiy9 -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=2258 -author: Garri Djavadyan garryd@comnet.uz -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Thu 2016-12-15 22:03:42 +1300 -message: - Bug 2258: bypassing cache but not destroying cache entry ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161215090342-ml7nmzlfmiiov7j5 -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: e4ce2fda10feb3e4e6b64d6dfa566ba6f0ac07f1 -# timestamp: 2016-12-15 09:08:35 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squidadm@squid-cache.org-20161209061551-\ -# 361ava4lrrmbwiy9 -# -# Begin patch -=== modified file 'src/HttpRequest.cc' ---- src/HttpRequest.cc 2016-04-01 06:15:31 +0000 -+++ src/HttpRequest.cc 2016-12-15 09:03:42 +0000 -@@ -576,8 +576,13 @@ - if (!method.respMaybeCacheable()) - return false; - -- // XXX: this would seem the correct place to detect request cache-controls -- // no-store, private and related which block cacheability -+ // RFC 7234 section 5.2.1.5: -+ // "cache MUST NOT store any part of either this request or any response to it" -+ // -+ // NP: refresh_pattern ignore-no-store only applies to response messages -+ // this test is handling request message CC header. -+ if (!flags.ignoreCc && cache_control && cache_control->noStore()) -+ return false; - break; - - case AnyP::PROTO_GOPHER: - -=== modified file 'src/http.cc' ---- src/http.cc 2016-11-30 22:33:32 +0000 -+++ src/http.cc 2016-12-15 09:03:42 +0000 -@@ -191,6 +191,12 @@ - if (!EBIT_TEST(e->flags, KEY_PRIVATE)) - return; - -+ // If the new/incoming response cannot be stored, then it does not -+ // compete with the old stored response for the public key, and the -+ // old stored response should be left as is. -+ if (e->mem_obj->request && !e->mem_obj->request->flags.cachable) -+ return; -+ - switch (status) { - - case Http::scOkay: - diff --git a/src/patches/squid/squid-3.5-14124.patch b/src/patches/squid/squid-3.5-14124.patch deleted file mode 100644 index 65cd2b13b..000000000 --- a/src/patches/squid/squid-3.5-14124.patch +++ /dev/null @@ -1,47 +0,0 @@ ------------------------------------------------------------- -revno: 14124 -revision-id: squid3@treenet.co.nz-20161215092210-8gupdsihb4d8fufk -parent: squid3@treenet.co.nz-20161215090342-ml7nmzlfmiiov7j5 -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Thu 2016-12-15 22:22:10 +1300 -message: - HTTP/1.1: Add registered codes entry for new 103 (Early Hints) status code ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161215092210-8gupdsihb4d8fufk -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: b9e9ff6a7fe0972dfd8a3b1a45ba25a66ef03552 -# timestamp: 2016-12-15 09:22:58 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161215090342-\ -# ml7nmzlfmiiov7j5 -# -# Begin patch -=== modified file 'src/http/StatusCode.cc' ---- src/http/StatusCode.cc 2016-03-23 14:00:51 +0000 -+++ src/http/StatusCode.cc 2016-12-15 09:22:10 +0000 -@@ -33,6 +33,10 @@ - return "Processing"; - break; - -+ case Http::scEarlyHints: // 103 -+ return "Early Hints"; -+ break; -+ - // 200-299 - case Http::scOkay: - return "OK"; - -=== modified file 'src/http/StatusCode.h' ---- src/http/StatusCode.h 2016-03-23 14:00:51 +0000 -+++ src/http/StatusCode.h 2016-12-15 09:22:10 +0000 -@@ -22,6 +22,7 @@ - scContinue = 100, - scSwitchingProtocols = 101, - scProcessing = 102, /**< RFC2518 section 10.1 */ -+ scEarlyHints = 103, /**< draft-kazuho-early-hints-status-code */ - scOkay = 200, - scCreated = 201, - scAccepted = 202, - diff --git a/src/patches/squid/squid-3.5-14125.patch b/src/patches/squid/squid-3.5-14125.patch deleted file mode 100644 index a42cbf749..000000000 --- a/src/patches/squid/squid-3.5-14125.patch +++ /dev/null @@ -1,41 +0,0 @@ ------------------------------------------------------------- -revno: 14125 -revision-id: squid3@treenet.co.nz-20161215093634-ykbs6tv8pdusz7cj -parent: squid3@treenet.co.nz-20161215092210-8gupdsihb4d8fufk -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3940 -author: Garri Djavadyan garryd@comnet.uz -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Thu 2016-12-15 22:36:34 +1300 -message: - Bug 3940 (partial): hostHeaderVerify failures MISS when they should be HIT - - This fixes the critical condition leading to the HIT. However not all - code is correctly setting flags.noCache and flags.cacheable (see bugzilla). - So there may be other fixes needed after this. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161215093634-ykbs6tv8pdusz7cj -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 3e1ebda070635dcabfa4f77d697ac12e8683106f -# timestamp: 2016-12-15 09:39:01 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161215092210-\ -# 8gupdsihb4d8fufk -# -# Begin patch -=== modified file 'src/client_side_reply.cc' ---- src/client_side_reply.cc 2016-11-11 06:03:25 +0000 -+++ src/client_side_reply.cc 2016-12-15 09:36:34 +0000 -@@ -1649,7 +1649,9 @@ - { - HttpRequest *r = http->request; - -- if (r->flags.cachable || r->flags.internal) { -+ // client sent CC:no-cache or some other condition has been -+ // encountered which prevents delivering a public/cached object. -+ if (!r->flags.noCache || r->flags.internal) { - lookingforstore = 5; - StoreEntry::getPublicByRequest (this, r); - } else { - diff --git a/src/patches/squid/squid-3.5-14126.patch b/src/patches/squid/squid-3.5-14126.patch deleted file mode 100644 index 9097d3b25..000000000 --- a/src/patches/squid/squid-3.5-14126.patch +++ /dev/null @@ -1,123 +0,0 @@ ------------------------------------------------------------- -revno: 14126 -revision-id: squid3@treenet.co.nz-20161215103357-827wow3k1y3k9yql -parent: squid3@treenet.co.nz-20161215093634-ykbs6tv8pdusz7cj -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4169 -author: Garri Djavadyan garryd@comnet.uz -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Thu 2016-12-15 23:33:57 +1300 -message: - Bug 4169: HIT marked as MISS when If-None-Match does not match ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161215103357-827wow3k1y3k9yql -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 258cd3e400bcb137a7bcdf6e7e0240287ea581a3 -# timestamp: 2016-12-15 10:34:30 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161215093634-\ -# ykbs6tv8pdusz7cj -# -# Begin patch -=== modified file 'src/LogTags.h' ---- src/LogTags.h 2016-10-09 19:47:26 +0000 -+++ src/LogTags.h 2016-12-15 10:33:57 +0000 -@@ -28,6 +28,7 @@ - LOG_TCP_REFRESH_IGNORED, // refresh from origin ignored, stale entry sent - LOG_TCP_CLIENT_REFRESH_MISS, - LOG_TCP_IMS_HIT, -+ LOG_TCP_INM_HIT, - LOG_TCP_SWAPFAIL_MISS, - LOG_TCP_NEGATIVE_HIT, - LOG_TCP_MEM_HIT, -@@ -54,6 +55,7 @@ - return - (code == LOG_TCP_HIT) || - (code == LOG_TCP_IMS_HIT) || -+ (code == LOG_TCP_INM_HIT) || - (code == LOG_TCP_REFRESH_FAIL_OLD) || - (code == LOG_TCP_REFRESH_UNMODIFIED) || - (code == LOG_TCP_NEGATIVE_HIT) || - -=== modified file 'src/client_side.cc' ---- src/client_side.cc 2016-12-09 01:58:33 +0000 -+++ src/client_side.cc 2016-12-15 10:33:57 +0000 -@@ -429,6 +429,7 @@ - statCounter.client_http.nearHitSvcTime.count(svc_time); - break; - -+ case LOG_TCP_INM_HIT: - case LOG_TCP_IMS_HIT: - statCounter.client_http.nearMissSvcTime.count(svc_time); - break; - -=== modified file 'src/client_side_reply.cc' ---- src/client_side_reply.cc 2016-12-15 09:36:34 +0000 -+++ src/client_side_reply.cc 2016-12-15 10:33:57 +0000 -@@ -778,40 +778,27 @@ - return true; - } - -- bool matchedIfNoneMatch = false; - if (r.header.has(HDR_IF_NONE_MATCH)) { -- if (!e->hasIfNoneMatchEtag(r)) { -- // RFC 2616: ignore IMS if If-None-Match did not match -- r.flags.ims = false; -- r.ims = -1; -- r.imslen = 0; -- r.header.delById(HDR_IF_MODIFIED_SINCE); -- http->logType = LOG_TCP_MISS; -- sendMoreData(result); -- return true; -- } -+ // RFC 7232: If-None-Match recipient MUST ignore IMS -+ r.flags.ims = false; -+ r.ims = -1; -+ r.imslen = 0; -+ r.header.delById(HDR_IF_MODIFIED_SINCE); - -- if (!r.flags.ims) { -- // RFC 2616: if If-None-Match matched and there is no IMS, -- // reply with 304 Not Modified or 412 Precondition Failed -+ if (e->hasIfNoneMatchEtag(r)) { - sendNotModifiedOrPreconditionFailedError(); - return true; - } - -- // otherwise check IMS below to decide if we reply with 304 or 412 -- matchedIfNoneMatch = true; -+ // None-Match is true (no ETag matched); treat as an unconditional hit -+ return false; - } - - if (r.flags.ims) { - // handle If-Modified-Since requests from the client - if (e->modifiedSince(r.ims, r.imslen)) { -- http->logType = LOG_TCP_IMS_HIT; -- sendMoreData(result); -- -- } else if (matchedIfNoneMatch) { -- // If-None-Match matched, reply with 304 Not Modified or -- // 412 Precondition Failed -- sendNotModifiedOrPreconditionFailedError(); -+ // Modified-Since is true; treat as an unconditional hit -+ return false; - - } else { - // otherwise reply with 304 Not Modified -@@ -1974,7 +1961,12 @@ - StoreEntry *e = http->storeEntry(); - const time_t timestamp = e->timestamp; - HttpReply *const temprep = e->getReply()->make304(); -- http->logType = LOG_TCP_IMS_HIT; -+ // log as TCP_INM_HIT if code 304 generated for -+ // If-None-Match request -+ if (!http->request->flags.ims) -+ http->logType = LOG_TCP_INM_HIT; -+ else -+ http->logType = LOG_TCP_IMS_HIT; - removeClientStoreReference(&sc, http); - createStoreEntry(http->request->method, RequestFlags()); - e = http->storeEntry(); -