[PATCH] squid 3.5.22: latest patches (14123-14126) - Development

16 Dec 2016

Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
---
 lfs/squid                               |   4 ++
 src/patches/squid/squid-3.5-14123.patch |  59 +++++++++++++++
 src/patches/squid/squid-3.5-14124.patch |  47 ++++++++++++
 src/patches/squid/squid-3.5-14125.patch |  41 +++++++++++
 src/patches/squid/squid-3.5-14126.patch | 123 ++++++++++++++++++++++++++++++++
 5 files changed, 274 insertions(+)
 create mode 100644 src/patches/squid/squid-3.5-14123.patch
 create mode 100644 src/patches/squid/squid-3.5-14124.patch
 create mode 100644 src/patches/squid/squid-3.5-14125.patch
 create mode 100644 src/patches/squid/squid-3.5-14126.patch

diff --git a/lfs/squid b/lfs/squid
index 70d90d819..0fa36d71a 100644
--- a/lfs/squid
+++ b/lfs/squid
@@ -94,6 +94,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
    cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14120.patch
    cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14121.patch
    cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14122.patch
+	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14123.patch
+	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14124.patch
+	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14125.patch
+	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14126.patch
    cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.22-fix-max-file-descriptors.patch
cd $(DIR_APP) && autoreconf -vfi
diff --git a/src/patches/squid/squid-3.5-14123.patch b/src/patches/squid/squid-3.5-14123.patch
new file mode 100644
index 000000000..4d11541e9
--- /dev/null
+++ b/src/patches/squid/squid-3.5-14123.patch
@@ -0,0 +1,59 @@
+------------------------------------------------------------
+revno: 14123
+revision-id: squid3@treenet.co.nz-20161215090342-ml7nmzlfmiiov7j5
+parent: squidadm@squid-cache.org-20161209061551-361ava4lrrmbwiy9
+fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=2258
+author: Garri Djavadyan garryd@comnet.uz
+committer: Amos Jeffries squid3@treenet.co.nz
+branch nick: 3.5
+timestamp: Thu 2016-12-15 22:03:42 +1300
+message:
+  Bug 2258: bypassing cache but not destroying cache entry
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3@treenet.co.nz-20161215090342-ml7nmzlfmiiov7j5
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# testament_sha1: e4ce2fda10feb3e4e6b64d6dfa566ba6f0ac07f1
+# timestamp: 2016-12-15 09:08:35 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# base_revision_id: squidadm@squid-cache.org-20161209061551-\
+#   361ava4lrrmbwiy9
+# 
+# Begin patch
+=== modified file 'src/HttpRequest.cc'
+--- src/HttpRequest.cc	2016-04-01 06:15:31 +0000
++++ src/HttpRequest.cc	2016-12-15 09:03:42 +0000
+@@ -576,8 +576,13 @@
+         if (!method.respMaybeCacheable())
+             return false;
+ 
+-        // XXX: this would seem the correct place to detect request cache-controls
+-        //      no-store, private and related which block cacheability
++        // RFC 7234 section 5.2.1.5:
++        // "cache MUST NOT store any part of either this request or any response to it"
++        //
++        // NP: refresh_pattern ignore-no-store only applies to response messages
++        //     this test is handling request message CC header.
++        if (!flags.ignoreCc && cache_control && cache_control->noStore())
++            return false;
+         break;
+ 
+     case AnyP::PROTO_GOPHER:
+
+=== modified file 'src/http.cc'
+--- src/http.cc	2016-11-30 22:33:32 +0000
++++ src/http.cc	2016-12-15 09:03:42 +0000
+@@ -191,6 +191,12 @@
+     if (!EBIT_TEST(e->flags, KEY_PRIVATE))
+         return;
+ 
++    // If the new/incoming response cannot be stored, then it does not
++    // compete with the old stored response for the public key, and the
++    // old stored response should be left as is.
++    if (e->mem_obj->request && !e->mem_obj->request->flags.cachable)
++        return;
++
+     switch (status) {
+ 
+     case Http::scOkay:
+
diff --git a/src/patches/squid/squid-3.5-14124.patch b/src/patches/squid/squid-3.5-14124.patch
new file mode 100644
index 000000000..65cd2b13b
--- /dev/null
+++ b/src/patches/squid/squid-3.5-14124.patch
@@ -0,0 +1,47 @@
+------------------------------------------------------------
+revno: 14124
+revision-id: squid3@treenet.co.nz-20161215092210-8gupdsihb4d8fufk
+parent: squid3@treenet.co.nz-20161215090342-ml7nmzlfmiiov7j5
+committer: Amos Jeffries squid3@treenet.co.nz
+branch nick: 3.5
+timestamp: Thu 2016-12-15 22:22:10 +1300
+message:
+  HTTP/1.1: Add registered codes entry for new 103 (Early Hints) status code
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3@treenet.co.nz-20161215092210-8gupdsihb4d8fufk
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# testament_sha1: b9e9ff6a7fe0972dfd8a3b1a45ba25a66ef03552
+# timestamp: 2016-12-15 09:22:58 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# base_revision_id: squid3@treenet.co.nz-20161215090342-\
+#   ml7nmzlfmiiov7j5
+# 
+# Begin patch
+=== modified file 'src/http/StatusCode.cc'
+--- src/http/StatusCode.cc	2016-03-23 14:00:51 +0000
++++ src/http/StatusCode.cc	2016-12-15 09:22:10 +0000
+@@ -33,6 +33,10 @@
+         return "Processing";
+         break;
+ 
++    case Http::scEarlyHints: // 103
++        return "Early Hints";
++        break;
++
+     // 200-299
+     case Http::scOkay:
+         return "OK";
+
+=== modified file 'src/http/StatusCode.h'
+--- src/http/StatusCode.h	2016-03-23 14:00:51 +0000
++++ src/http/StatusCode.h	2016-12-15 09:22:10 +0000
+@@ -22,6 +22,7 @@
+     scContinue = 100,
+     scSwitchingProtocols = 101,
+     scProcessing = 102,      /**< RFC2518 section 10.1 */
++    scEarlyHints = 103,      /**< draft-kazuho-early-hints-status-code */
+     scOkay = 200,
+     scCreated = 201,
+     scAccepted = 202,
+
diff --git a/src/patches/squid/squid-3.5-14125.patch b/src/patches/squid/squid-3.5-14125.patch
new file mode 100644
index 000000000..a42cbf749
--- /dev/null
+++ b/src/patches/squid/squid-3.5-14125.patch
@@ -0,0 +1,41 @@
+------------------------------------------------------------
+revno: 14125
+revision-id: squid3@treenet.co.nz-20161215093634-ykbs6tv8pdusz7cj
+parent: squid3@treenet.co.nz-20161215092210-8gupdsihb4d8fufk
+fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3940
+author: Garri Djavadyan garryd@comnet.uz
+committer: Amos Jeffries squid3@treenet.co.nz
+branch nick: 3.5
+timestamp: Thu 2016-12-15 22:36:34 +1300
+message:
+  Bug 3940 (partial): hostHeaderVerify failures MISS when they should be HIT
+  
+  This fixes the critical condition leading to the HIT. However not all
+  code is correctly setting flags.noCache and flags.cacheable (see bugzilla).
+  So there may be other fixes needed after this.
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3@treenet.co.nz-20161215093634-ykbs6tv8pdusz7cj
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# testament_sha1: 3e1ebda070635dcabfa4f77d697ac12e8683106f
+# timestamp: 2016-12-15 09:39:01 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# base_revision_id: squid3@treenet.co.nz-20161215092210-\
+#   8gupdsihb4d8fufk
+# 
+# Begin patch
+=== modified file 'src/client_side_reply.cc'
+--- src/client_side_reply.cc	2016-11-11 06:03:25 +0000
++++ src/client_side_reply.cc	2016-12-15 09:36:34 +0000
+@@ -1649,7 +1649,9 @@
+ {
+     HttpRequest *r = http->request;
+ 
+-    if (r->flags.cachable || r->flags.internal) {
++    // client sent CC:no-cache or some other condition has been
++    // encountered which prevents delivering a public/cached object.
++    if (!r->flags.noCache || r->flags.internal) {
+         lookingforstore = 5;
+         StoreEntry::getPublicByRequest (this, r);
+     } else {
+
diff --git a/src/patches/squid/squid-3.5-14126.patch b/src/patches/squid/squid-3.5-14126.patch
new file mode 100644
index 000000000..9097d3b25
--- /dev/null
+++ b/src/patches/squid/squid-3.5-14126.patch
@@ -0,0 +1,123 @@
+------------------------------------------------------------
+revno: 14126
+revision-id: squid3@treenet.co.nz-20161215103357-827wow3k1y3k9yql
+parent: squid3@treenet.co.nz-20161215093634-ykbs6tv8pdusz7cj
+fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4169
+author: Garri Djavadyan garryd@comnet.uz
+committer: Amos Jeffries squid3@treenet.co.nz
+branch nick: 3.5
+timestamp: Thu 2016-12-15 23:33:57 +1300
+message:
+  Bug 4169: HIT marked as MISS when If-None-Match does not match
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3@treenet.co.nz-20161215103357-827wow3k1y3k9yql
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# testament_sha1: 258cd3e400bcb137a7bcdf6e7e0240287ea581a3
+# timestamp: 2016-12-15 10:34:30 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# base_revision_id: squid3@treenet.co.nz-20161215093634-\
+#   ykbs6tv8pdusz7cj
+# 
+# Begin patch
+=== modified file 'src/LogTags.h'
+--- src/LogTags.h	2016-10-09 19:47:26 +0000
++++ src/LogTags.h	2016-12-15 10:33:57 +0000
+@@ -28,6 +28,7 @@
+     LOG_TCP_REFRESH_IGNORED,    // refresh from origin ignored, stale entry sent
+     LOG_TCP_CLIENT_REFRESH_MISS,
+     LOG_TCP_IMS_HIT,
++    LOG_TCP_INM_HIT,
+     LOG_TCP_SWAPFAIL_MISS,
+     LOG_TCP_NEGATIVE_HIT,
+     LOG_TCP_MEM_HIT,
+@@ -54,6 +55,7 @@
+     return
+         (code == LOG_TCP_HIT) ||
+         (code == LOG_TCP_IMS_HIT) ||
++        (code == LOG_TCP_INM_HIT) ||
+         (code == LOG_TCP_REFRESH_FAIL_OLD) ||
+         (code == LOG_TCP_REFRESH_UNMODIFIED) ||
+         (code == LOG_TCP_NEGATIVE_HIT) ||
+
+=== modified file 'src/client_side.cc'
+--- src/client_side.cc	2016-12-09 01:58:33 +0000
++++ src/client_side.cc	2016-12-15 10:33:57 +0000
+@@ -429,6 +429,7 @@
+         statCounter.client_http.nearHitSvcTime.count(svc_time);
+         break;
+ 
++    case LOG_TCP_INM_HIT:
+     case LOG_TCP_IMS_HIT:
+         statCounter.client_http.nearMissSvcTime.count(svc_time);
+         break;
+
+=== modified file 'src/client_side_reply.cc'
+--- src/client_side_reply.cc	2016-12-15 09:36:34 +0000
++++ src/client_side_reply.cc	2016-12-15 10:33:57 +0000
+@@ -778,40 +778,27 @@
+         return true;
+     }
+ 
+-    bool matchedIfNoneMatch = false;
+     if (r.header.has(HDR_IF_NONE_MATCH)) {
+-        if (!e->hasIfNoneMatchEtag(r)) {
+-            // RFC 2616: ignore IMS if If-None-Match did not match
+-            r.flags.ims = false;
+-            r.ims = -1;
+-            r.imslen = 0;
+-            r.header.delById(HDR_IF_MODIFIED_SINCE);
+-            http->logType = LOG_TCP_MISS;
+-            sendMoreData(result);
+-            return true;
+-        }
++        // RFC 7232: If-None-Match recipient MUST ignore IMS
++        r.flags.ims = false;
++        r.ims = -1;
++        r.imslen = 0;
++        r.header.delById(HDR_IF_MODIFIED_SINCE);
+ 
+-        if (!r.flags.ims) {
+-            // RFC 2616: if If-None-Match matched and there is no IMS,
+-            // reply with 304 Not Modified or 412 Precondition Failed
++        if (e->hasIfNoneMatchEtag(r)) {
+             sendNotModifiedOrPreconditionFailedError();
+             return true;
+         }
+ 
+-        // otherwise check IMS below to decide if we reply with 304 or 412
+-        matchedIfNoneMatch = true;
++        // None-Match is true (no ETag matched); treat as an unconditional hit
++        return false;
+     }
+ 
+     if (r.flags.ims) {
+         // handle If-Modified-Since requests from the client
+         if (e->modifiedSince(r.ims, r.imslen)) {
+-            http->logType = LOG_TCP_IMS_HIT;
+-            sendMoreData(result);
+-
+-        } else if (matchedIfNoneMatch) {
+-            // If-None-Match matched, reply with 304 Not Modified or
+-            // 412 Precondition Failed
+-            sendNotModifiedOrPreconditionFailedError();
++            // Modified-Since is true; treat as an unconditional hit
++            return false;
+ 
+         } else {
+             // otherwise reply with 304 Not Modified
+@@ -1974,7 +1961,12 @@
+     StoreEntry *e = http->storeEntry();
+     const time_t timestamp = e->timestamp;
+     HttpReply *const temprep = e->getReply()->make304();
+-    http->logType = LOG_TCP_IMS_HIT;
++    // log as TCP_INM_HIT if code 304 generated for
++    // If-None-Match request
++    if (!http->request->flags.ims)
++        http->logType = LOG_TCP_INM_HIT;
++    else
++        http->logType = LOG_TCP_IMS_HIT;
+     removeClientStoreReference(&sc, http);
+     createStoreEntry(http->request->method, RequestFlags());
+     e = http->storeEntry();
+
-- 
2.11.0


    