This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 455f261b15e6b3d08c08679b2fc5fffe39ff8061 (commit) via c60ad61a14b948c759041cdbbc400e6522e0a69d (commit) via fa9c7bd04731b107233b22d7a744196397a718f6 (commit) via 3fdddd37ab29bc7d157acb2d7bb368e15ed5c996 (commit) via 38b95ad5d998ae21bb53f09836f648f05c426751 (commit) via 7fe22fdc0cd9e30e8be46a16e0f7a24667c4df41 (commit) from 1d7d4460d6757a3c744d33c789daccb87594bfd7 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 455f261b15e6b3d08c08679b2fc5fffe39ff8061 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Aug 23 11:33:41 2017 +0100
core114: Ship updated squid
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c60ad61a14b948c759041cdbbc400e6522e0a69d Author: Matthias Fischer matthias.fischer@ipfire.org Date: Mon Aug 21 18:54:25 2017 +0200
squid: Update to 3.5.27
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit fa9c7bd04731b107233b22d7a744196397a718f6 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Aug 23 11:31:56 2017 +0100
core114: Ship updated gnutls
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 3fdddd37ab29bc7d157acb2d7bb368e15ed5c996 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Wed Aug 23 03:54:03 2017 +0200
gnutls: Update to 3.5.15
For details see: https://lists.gnupg.org/pipermail/gnutls-devel/2017-August/008483.html
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 38b95ad5d998ae21bb53f09836f648f05c426751 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Aug 23 11:29:55 2017 +0100
core114: Ship updated unbound
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 7fe22fdc0cd9e30e8be46a16e0f7a24667c4df41 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Tue Aug 22 21:06:19 2017 +0200
unbound: Update to 1.6.5
Changelog:
"21 Aug 2017: Wouter - Fix install of trust anchor when two anchors are present, makes both valid. Checks hash of DS but not signature of new key. This fixes installs between sep11 and oct11 2017."
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/gnutls | 2 +- config/rootfiles/common/unbound | 2 +- .../{oldcore/110 => core/114}/filelists/gnutls | 0 .../{oldcore/100 => core/114}/filelists/squid | 0 .../{oldcore/106 => core/114}/filelists/unbound | 0 config/rootfiles/core/114/update.sh | 4 + lfs/gnutls | 4 +- lfs/squid | 20 +- lfs/unbound | 4 +- ...=> squid-3.5.27-fix-max-file-descriptors.patch} | 0 src/patches/squid/squid-3.5-14169.patch | 881 --------------------- src/patches/squid/squid-3.5-14170.patch | 85 -- src/patches/squid/squid-3.5-14171.patch | 45 -- src/patches/squid/squid-3.5-14172.patch | 40 - src/patches/squid/squid-3.5-14173.patch | 254 ------ src/patches/squid/squid-3.5-14174.patch | 274 ------- src/patches/squid/squid-3.5-14175.patch | 34 - src/patches/squid/squid-3.5-14176.patch | 42 - src/patches/squid/squid-3.5-14177.patch | 52 -- src/patches/squid/squid-3.5-14178.patch | 36 - src/patches/squid/squid-3.5-14179.patch | 105 --- src/patches/squid/squid-3.5-14180.patch | 448 ----------- src/patches/squid/squid-3.5-14181.patch | 30 - src/patches/squid/squid-3.5-14182.patch | 35 - 24 files changed, 13 insertions(+), 2384 deletions(-) copy config/rootfiles/{oldcore/110 => core/114}/filelists/gnutls (100%) copy config/rootfiles/{oldcore/100 => core/114}/filelists/squid (100%) copy config/rootfiles/{oldcore/106 => core/114}/filelists/unbound (100%) rename src/patches/{squid-3.5.26-fix-max-file-descriptors.patch => squid-3.5.27-fix-max-file-descriptors.patch} (100%) delete mode 100644 src/patches/squid/squid-3.5-14169.patch delete mode 100644 src/patches/squid/squid-3.5-14170.patch delete mode 100644 src/patches/squid/squid-3.5-14171.patch delete mode 100644 src/patches/squid/squid-3.5-14172.patch delete mode 100644 src/patches/squid/squid-3.5-14173.patch delete mode 100644 src/patches/squid/squid-3.5-14174.patch delete mode 100644 src/patches/squid/squid-3.5-14175.patch delete mode 100644 src/patches/squid/squid-3.5-14176.patch delete mode 100644 src/patches/squid/squid-3.5-14177.patch delete mode 100644 src/patches/squid/squid-3.5-14178.patch delete mode 100644 src/patches/squid/squid-3.5-14179.patch delete mode 100644 src/patches/squid/squid-3.5-14180.patch delete mode 100644 src/patches/squid/squid-3.5-14181.patch delete mode 100644 src/patches/squid/squid-3.5-14182.patch
Difference in files: diff --git a/config/rootfiles/common/gnutls b/config/rootfiles/common/gnutls index 13d97c6..8231c75 100644 --- a/config/rootfiles/common/gnutls +++ b/config/rootfiles/common/gnutls @@ -33,7 +33,7 @@ usr/lib/libgnutls-dane.so.0.4.1 #usr/lib/libgnutls.la #usr/lib/libgnutls.so usr/lib/libgnutls.so.30 -usr/lib/libgnutls.so.30.14.6 +usr/lib/libgnutls.so.30.14.7 #usr/lib/libgnutlsxx.la #usr/lib/libgnutlsxx.so usr/lib/libgnutlsxx.so.28 diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound index 5d33140..b029c8b 100644 --- a/config/rootfiles/common/unbound +++ b/config/rootfiles/common/unbound @@ -11,7 +11,7 @@ etc/unbound/unbound.conf #usr/lib/libunbound.la #usr/lib/libunbound.so usr/lib/libunbound.so.2 -usr/lib/libunbound.so.2.5.3 +usr/lib/libunbound.so.2.5.4 usr/sbin/unbound usr/sbin/unbound-anchor usr/sbin/unbound-checkconf diff --git a/config/rootfiles/core/114/filelists/gnutls b/config/rootfiles/core/114/filelists/gnutls new file mode 120000 index 0000000..8dbe60b --- /dev/null +++ b/config/rootfiles/core/114/filelists/gnutls @@ -0,0 +1 @@ +../../../common/gnutls \ No newline at end of file diff --git a/config/rootfiles/core/114/filelists/squid b/config/rootfiles/core/114/filelists/squid new file mode 120000 index 0000000..2dc8372 --- /dev/null +++ b/config/rootfiles/core/114/filelists/squid @@ -0,0 +1 @@ +../../../common/squid \ No newline at end of file diff --git a/config/rootfiles/core/114/filelists/unbound b/config/rootfiles/core/114/filelists/unbound new file mode 120000 index 0000000..66adf09 --- /dev/null +++ b/config/rootfiles/core/114/filelists/unbound @@ -0,0 +1 @@ +../../../common/unbound \ No newline at end of file diff --git a/config/rootfiles/core/114/update.sh b/config/rootfiles/core/114/update.sh index 3e2929e..b68af03 100644 --- a/config/rootfiles/core/114/update.sh +++ b/config/rootfiles/core/114/update.sh @@ -32,6 +32,8 @@ for (( i=1; i<=$core; i++ )); do done
# Stop services +/etc/init.d/squid stop +/etc/init.d/unbound stop
# Extract files extract_files @@ -45,6 +47,8 @@ ldconfig /usr/local/bin/update-lang-cache
# Start services +/etc/init.d/unbound start +/etc/init.d/squid start
# This update need a reboot... touch /var/run/need_reboot diff --git a/lfs/gnutls b/lfs/gnutls index 86e7fb2..360594f 100644 --- a/lfs/gnutls +++ b/lfs/gnutls @@ -24,7 +24,7 @@
include Config
-VER = 3.5.14 +VER = 3.5.15
THISAPP = gnutls-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 1e84b57a472b5f3b01f2c1b7a3a2bcbe +$(DL_FILE)_MD5 = bcdcbc65c50a7499617ad9f4d0058de9
install : $(TARGET)
diff --git a/lfs/squid b/lfs/squid index 8440cf8..08583d0 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,7 +24,7 @@
include Config
-VER = 3.5.26 +VER = 3.5.27
THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 510e2c84773879c00d0e7ced997864d9 +$(DL_FILE)_MD5 = 39ef8199675d48a314b540f92c00c545
install : $(TARGET)
@@ -70,21 +70,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14169.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14170.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14171.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14172.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14173.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14174.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14175.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14176.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14177.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14178.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14179.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14180.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14181.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14182.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.26-fix-max-file-descriptors.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.27-fix-max-file-descriptors.patch
cd $(DIR_APP) && autoreconf -vfi cd $(DIR_APP)/libltdl && autoreconf -vfi diff --git a/lfs/unbound b/lfs/unbound index 5046f45..4625284 100644 --- a/lfs/unbound +++ b/lfs/unbound @@ -24,7 +24,7 @@
include Config
-VER = 1.6.4 +VER = 1.6.5
THISAPP = unbound-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = ab6f7c07610907f1d87191c9ac2db87a +$(DL_FILE)_MD5 = 5825332b72bae9d8793f9cba16cb13fd
install : $(TARGET)
diff --git a/src/patches/squid-3.5.26-fix-max-file-descriptors.patch b/src/patches/squid-3.5.27-fix-max-file-descriptors.patch similarity index 100% rename from src/patches/squid-3.5.26-fix-max-file-descriptors.patch rename to src/patches/squid-3.5.27-fix-max-file-descriptors.patch diff --git a/src/patches/squid/squid-3.5-14169.patch b/src/patches/squid/squid-3.5-14169.patch deleted file mode 100644 index 464ce53..0000000 --- a/src/patches/squid/squid-3.5-14169.patch +++ /dev/null @@ -1,881 +0,0 @@ ------------------------------------------------------------- -revno: 14169 -revision-id: squid3@treenet.co.nz-20170614213720-3qmiohlx4zr2jnqq -parent: squid3@treenet.co.nz-20170601134753-6u64sl2rzmbfs67l -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=2833 -author: Eduard Bagdasaryan eduard.bagdasaryan@measurement-factory.com -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Thu 2017-06-15 09:37:20 +1200 -message: - Bug 2833 pt2: Collapse internal revalidation requests (SMP-unaware caches), again. - - The security fix in v5 r14979 had a negative effect on collapsed - forwarding. All "private" entries were considered automatically - non-shareable among collapsed clients. However this is not true: there - are many situations when collapsed forwarding should work despite of - "private" entry status: 304/5xx responses are good examples of that. - This patch fixes that by means of a new StoreEntry::shareableWhenPrivate - flag. - - The suggested fix is not complete: To cover all possible situations, we - need to decide whether StoreEntry::shareableWhenPrivate is true or not - for all contexts where StoreEntry::setPrivateKey() is used. This patch - fixes only few important cases inside http.cc, making CF (as well - collapsed revalidation) work for some [non-cacheable] response status - codes, including 3xx, 5xx and some others. - - The original support for internal revalidation requests collapsing - was in trink r14755 and referred to Squid bugs 2833, 4311, and 4471. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20170614213720-3qmiohlx4zr2jnqq -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 9e248e2e9d2f1defe1070eb808177df978fb4146 -# timestamp: 2017-06-14 21:51:05 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20170601134753-\ -# 6u64sl2rzmbfs67l -# -# Begin patch -=== modified file 'src/HttpHdrCc.cc' ---- src/HttpHdrCc.cc 2017-01-01 00:16:45 +0000 -+++ src/HttpHdrCc.cc 2017-06-14 21:37:20 +0000 -@@ -262,8 +262,8 @@ - case CC_PUBLIC: - break; - case CC_PRIVATE: -- if (Private().size()) -- packerPrintf(p, "="" SQUIDSTRINGPH """, SQUIDSTRINGPRINT(Private())); -+ if (private_.size()) -+ packerPrintf(p, "="" SQUIDSTRINGPH """, SQUIDSTRINGPRINT(private_)); - break; - - case CC_NO_CACHE: - -=== modified file 'src/MemStore.cc' ---- src/MemStore.cc 2017-01-01 00:16:45 +0000 -+++ src/MemStore.cc 2017-06-14 21:37:20 +0000 -@@ -299,7 +299,7 @@ - e.ping_status = PING_NONE; - - EBIT_CLR(e.flags, RELEASE_REQUEST); -- EBIT_CLR(e.flags, KEY_PRIVATE); -+ e.clearPrivate(); - EBIT_SET(e.flags, ENTRY_VALIDATED); - - MemObject::MemCache &mc = e.mem_obj->memCache; - -=== modified file 'src/Store.h' ---- src/Store.h 2017-01-01 00:16:45 +0000 -+++ src/Store.h 2017-06-14 21:37:20 +0000 -@@ -95,15 +95,19 @@ - void abort(); - void unlink(); - void makePublic(const KeyScope keyScope = ksDefault); -- void makePrivate(); -+ void makePrivate(const bool shareable); -+ /// A low-level method just resetting "private key" flags. -+ /// To avoid key inconsistency please use forcePublicKey() -+ /// or similar instead. -+ void clearPrivate(); - void setPublicKey(const KeyScope keyScope = ksDefault); - /// Resets existing public key to a public key with default scope, - /// releasing the old default-scope entry (if any). - /// Does nothing if the existing public key already has default scope. - void clearPublicKeyScope(); -- void setPrivateKey(); -+ void setPrivateKey(const bool shareable); - void expireNow(); -- void releaseRequest(); -+ void releaseRequest(const bool shareable = false); - void negativeCache(); - void cacheNegatively(); /** \todo argh, why both? */ - void invokeHandlers(); -@@ -230,7 +234,13 @@ - /// update last reference timestamp and related Store metadata - void touch(); - -- virtual void release(); -+ virtual void release(const bool shareable = false); -+ -+ /// May the caller commit to treating this [previously locked] -+ /// entry as a cache hit? -+ bool mayStartHitting() const { -+ return !EBIT_TEST(flags, KEY_PRIVATE) || shareableWhenPrivate; -+ } - - #if USE_ADAPTATION - /// call back producer when more buffer space is available -@@ -252,6 +262,13 @@ - - unsigned short lock_count; /* Assume < 65536! */ - -+ /// Nobody can find/lock KEY_PRIVATE entries, but some transactions -+ /// (e.g., collapsed requests) find/lock a public entry before it becomes -+ /// private. May such transactions start using the now-private entry -+ /// they previously locked? This member should not affect transactions -+ /// that already started reading from the entry. -+ bool shareableWhenPrivate; -+ - #if USE_ADAPTATION - /// producer callback registered with deferProducer - AsyncCall::Pointer deferredProducer; -@@ -259,6 +276,8 @@ - - bool validLength() const; - bool hasOneOfEtags(const String &reqETags, const bool allowWeakMatch) const; -+ -+ friend std::ostream &operator <<(std::ostream &os, const StoreEntry &e); - }; - - std::ostream &operator <<(std::ostream &os, const StoreEntry &e); - -=== modified file 'src/client_side_reply.cc' ---- src/client_side_reply.cc 2017-05-29 13:15:55 +0000 -+++ src/client_side_reply.cc 2017-06-14 21:37:20 +0000 -@@ -396,8 +396,8 @@ - if (result.flags.error && !EBIT_TEST(http->storeEntry()->flags, ENTRY_ABORTED)) - return; - -- if (collapsedRevalidation == crSlave && EBIT_TEST(http->storeEntry()->flags, KEY_PRIVATE)) { -- debugs(88, 3, "CF slave hit private " << *http->storeEntry() << ". MISS"); -+ if (collapsedRevalidation == crSlave && !http->storeEntry()->mayStartHitting()) { -+ debugs(88, 3, "CF slave hit private non-shareable " << *http->storeEntry() << ". MISS"); - // restore context to meet processMiss() expectations - restoreState(); - http->logType = LOG_TCP_MISS; -@@ -530,7 +530,7 @@ - // The previously identified hit suddenly became unsharable! - // This is common for collapsed forwarding slaves but might also - // happen to regular hits because we are called asynchronously. -- if (EBIT_TEST(e->flags, KEY_PRIVATE)) { -+ if (!e->mayStartHitting()) { - debugs(88, 3, "unsharable " << *e << ". MISS"); - http->logType = LOG_TCP_MISS; - processMiss(); - -=== modified file 'src/fs/rock/RockSwapDir.cc' ---- src/fs/rock/RockSwapDir.cc 2017-01-01 00:16:45 +0000 -+++ src/fs/rock/RockSwapDir.cc 2017-06-14 21:37:20 +0000 -@@ -149,7 +149,7 @@ - e.ping_status = PING_NONE; - - EBIT_CLR(e.flags, RELEASE_REQUEST); -- EBIT_CLR(e.flags, KEY_PRIVATE); -+ e.clearPrivate(); - EBIT_SET(e.flags, ENTRY_VALIDATED); - - e.swap_dirn = index; - -=== modified file 'src/fs/ufs/UFSSwapDir.cc' ---- src/fs/ufs/UFSSwapDir.cc 2017-01-01 00:16:45 +0000 -+++ src/fs/ufs/UFSSwapDir.cc 2017-06-14 21:37:20 +0000 -@@ -809,7 +809,7 @@ - e->refcount = refcount; - e->flags = newFlags; - EBIT_CLR(e->flags, RELEASE_REQUEST); -- EBIT_CLR(e->flags, KEY_PRIVATE); -+ e->clearPrivate(); - e->ping_status = PING_NONE; - EBIT_CLR(e->flags, ENTRY_VALIDATED); - mapBitSet(e->swap_filen); - -=== modified file 'src/http.cc' ---- src/http.cc 2017-01-01 00:16:45 +0000 -+++ src/http.cc 2017-06-14 21:37:20 +0000 -@@ -290,7 +290,9 @@ - (Config.onoff.surrogate_is_remote - && sctusable->noStoreRemote())) { - surrogateNoStore = true; -- entry->makePrivate(); -+ // Be conservative for now and make it non-shareable because -+ // there is no enough information here to make the decision. -+ entry->makePrivate(false); - } - - /* The HttpHeader logic cannot tell if the header it's parsing is a reply to an -@@ -315,12 +317,13 @@ - } - } - --int --HttpStateData::cacheableReply() -+HttpStateData::ReuseDecision::Answers -+HttpStateData::reusableReply(HttpStateData::ReuseDecision &decision) - { - HttpReply const *rep = finalReply(); - HttpHeader const *hdr = &rep->header; - const char *v; -+ - #if USE_HTTP_VIOLATIONS - - const RefreshPattern *R = NULL; -@@ -337,24 +340,19 @@ - #define REFRESH_OVERRIDE(flag) 0 - #endif - -- if (EBIT_TEST(entry->flags, RELEASE_REQUEST)) { -- debugs(22, 3, "NO because " << *entry << " has been released."); -- return 0; -- } -+ if (EBIT_TEST(entry->flags, RELEASE_REQUEST)) -+ return decision.make(ReuseDecision::reuseNot, "the entry has been released"); - - // RFC 7234 section 4: a cache MUST use the most recent response - // (as determined by the Date header field) -- if (sawDateGoBack) { -- debugs(22, 3, "NO because " << *entry << " has an older date header."); -- return 0; -- } -+ // TODO: whether such responses could be shareable? -+ if (sawDateGoBack) -+ return decision.make(ReuseDecision::reuseNot, "the response has an older date header"); - - // Check for Surrogate/1.0 protocol conditions - // NP: reverse-proxy traffic our parent server has instructed us never to cache -- if (surrogateNoStore) { -- debugs(22, 3, HERE << "NO because Surrogate-Control:no-store"); -- return 0; -- } -+ if (surrogateNoStore) -+ return decision.make(ReuseDecision::reuseNot, "Surrogate-Control:no-store"); - - // RFC 2616: HTTP/1.1 Cache-Control conditions - if (!ignoreCacheControl) { -@@ -363,11 +361,10 @@ - // for now we are not reliably doing that so we waste CPU re-checking request CC - - // RFC 2616 section 14.9.2 - MUST NOT cache any response with request CC:no-store -- if (request && request->cache_control && request->cache_control->noStore() && -- !REFRESH_OVERRIDE(ignore_no_store)) { -- debugs(22, 3, HERE << "NO because client request Cache-Control:no-store"); -- return 0; -- } -+ if (request && request->cache_control && request->cache_control->hasNoStore() && -+ !REFRESH_OVERRIDE(ignore_no_store)) -+ return decision.make(ReuseDecision::reuseNot, -+ "client request Cache-Control:no-store"); - - // NP: request CC:no-cache only means cache READ is forbidden. STORE is permitted. - if (rep->cache_control && rep->cache_control->hasNoCache() && rep->cache_control->noCache().size() > 0) { -@@ -376,19 +373,18 @@ - * successfully (ie, must revalidate AND these headers are prohibited on stale replies). - * That is a bit tricky for squid right now so we avoid caching entirely. - */ -- debugs(22, 3, HERE << "NO because server reply Cache-Control:no-cache has parameters"); -- return 0; -+ return decision.make(ReuseDecision::reuseNot, -+ "server reply Cache-Control:no-cache has parameters"); - } - - // NP: request CC:private is undefined. We ignore. - // NP: other request CC flags are limiters on HIT/MISS. We don't care about here. - - // RFC 2616 section 14.9.2 - MUST NOT cache any response with CC:no-store -- if (rep->cache_control && rep->cache_control->noStore() && -- !REFRESH_OVERRIDE(ignore_no_store)) { -- debugs(22, 3, HERE << "NO because server reply Cache-Control:no-store"); -- return 0; -- } -+ if (rep->cache_control && rep->cache_control->hasNoStore() && -+ !REFRESH_OVERRIDE(ignore_no_store)) -+ return decision.make(ReuseDecision::reuseNot, -+ "server reply Cache-Control:no-store"); - - // RFC 2616 section 14.9.1 - MUST NOT cache any response with CC:private in a shared cache like Squid. - // CC:private overrides CC:public when both are present in a response. -@@ -401,27 +397,25 @@ - * successfully (ie, must revalidate AND these headers are prohibited on stale replies). - * That is a bit tricky for squid right now so we avoid caching entirely. - */ -- debugs(22, 3, HERE << "NO because server reply Cache-Control:private"); -- return 0; -+ return decision.make(ReuseDecision::reuseNot, -+ "server reply Cache-Control:private"); - } - } - - // RFC 2068, sec 14.9.4 - MUST NOT cache any response with Authentication UNLESS certain CC controls are present - // allow HTTP violations to IGNORE those controls (ie re-block caching Auth) - if (request && (request->flags.auth || request->flags.authSent) && !REFRESH_OVERRIDE(ignore_auth)) { -- if (!rep->cache_control) { -- debugs(22, 3, HERE << "NO because Authenticated and server reply missing Cache-Control"); -- return 0; -- } -+ if (!rep->cache_control) -+ return decision.make(ReuseDecision::reuseNot, -+ "authenticated and server reply missing Cache-Control"); - -- if (ignoreCacheControl) { -- debugs(22, 3, HERE << "NO because Authenticated and ignoring Cache-Control"); -- return 0; -- } -+ if (ignoreCacheControl) -+ return decision.make(ReuseDecision::reuseNot, -+ "authenticated and ignoring Cache-Control"); - - bool mayStore = false; - // HTTPbis pt6 section 3.2: a response CC:public is present -- if (rep->cache_control->Public()) { -+ if (rep->cache_control->hasPublic()) { - debugs(22, 3, HERE << "Authenticated but server reply Cache-Control:public"); - mayStore = true; - -@@ -441,15 +435,13 @@ - #endif - - // HTTPbis pt6 section 3.2: a response CC:s-maxage is present -- } else if (rep->cache_control->sMaxAge()) { -+ } else if (rep->cache_control->hasSMaxAge()) { - debugs(22, 3, HERE << "Authenticated but server reply Cache-Control:s-maxage"); - mayStore = true; - } - -- if (!mayStore) { -- debugs(22, 3, HERE << "NO because Authenticated transaction"); -- return 0; -- } -+ if (!mayStore) -+ return decision.make(ReuseDecision::reuseNot, "authenticated transaction"); - - // NP: response CC:no-cache is equivalent to CC:must-revalidate,max-age=0. We MAY cache, and do so. - // NP: other request CC flags are limiters on HIT/MISS/REFRESH. We don't care about here. -@@ -460,12 +452,26 @@ - * probably should not be cachable - */ - if ((v = hdr->getStr(HDR_CONTENT_TYPE))) -- if (!strncasecmp(v, "multipart/x-mixed-replace", 25)) { -- debugs(22, 3, HERE << "NO because Content-Type:multipart/x-mixed-replace"); -- return 0; -- } -+ if (!strncasecmp(v, "multipart/x-mixed-replace", 25)) -+ return decision.make(ReuseDecision::reuseNot, "Content-Type:multipart/x-mixed-replace"); -+ -+ // TODO: if possible, provide more specific message for each status code -+ static const char *shareableError = "shareable error status code"; -+ static const char *nonShareableError = "non-shareable error status code"; -+ ReuseDecision::Answers statusAnswer = ReuseDecision::reuseNot; -+ const char *statusReason = nonShareableError; - - switch (rep->sline.status()) { -+ -+ /* There are several situations when a non-cacheable response may be -+ * still shareable (e.g., among collapsed clients). We assume that these -+ * are 3xx and 5xx responses, indicating server problems and some of -+ * 4xx responses, common for all clients with a given cache key (e.g., -+ * 404 Not Found or 414 URI Too Long). On the other hand, we should not -+ * share non-cacheable client-specific errors, such as 400 Bad Request -+ * or 406 Not Acceptable. -+ */ -+ - /* Responses that are cacheable */ - - case Http::scOkay: -@@ -482,112 +488,90 @@ - * Don't cache objects that need to be refreshed on next request, - * unless we know how to refresh it. - */ -+ if (refreshIsCachable(entry) || REFRESH_OVERRIDE(store_stale)) -+ decision.make(ReuseDecision::cachePositively, "refresh check returned cacheable"); -+ else -+ decision.make(ReuseDecision::doNotCacheButShare, "refresh check returned non-cacheable"); - -- if (!refreshIsCachable(entry) && !REFRESH_OVERRIDE(store_stale)) { -- debugs(22, 3, "NO because refreshIsCachable() returned non-cacheable.."); -- return 0; -- } else { -- debugs(22, 3, HERE << "YES because HTTP status " << rep->sline.status()); -- return 1; -- } -- /* NOTREACHED */ - break; - - /* Responses that only are cacheable if the server says so */ - - case Http::scFound: - case Http::scTemporaryRedirect: -- if (rep->date <= 0) { -- debugs(22, 3, HERE << "NO because HTTP status " << rep->sline.status() << " and Date missing/invalid"); -- return 0; -- } -- if (rep->expires > rep->date) { -- debugs(22, 3, HERE << "YES because HTTP status " << rep->sline.status() << " and Expires > Date"); -- return 1; -- } else { -- debugs(22, 3, HERE << "NO because HTTP status " << rep->sline.status() << " and Expires <= Date"); -- return 0; -- } -- /* NOTREACHED */ -+ -+ if (rep->date <= 0) -+ decision.make(ReuseDecision::doNotCacheButShare, "Date is missing/invalid"); -+ else if (rep->expires > rep->date) -+ decision.make(ReuseDecision::cachePositively, "Expires > Date"); -+ else -+ decision.make(ReuseDecision::doNotCacheButShare, "Expires <= Date"); - break; - -- /* Errors can be negatively cached */ -- -+ /* These responses can be negatively cached. Most can also be shared. */ - case Http::scNoContent: -- - case Http::scUseProxy: -- -- case Http::scBadRequest: -- - case Http::scForbidden: -- - case Http::scNotFound: -- - case Http::scMethodNotAllowed: -- - case Http::scUriTooLong: -- - case Http::scInternalServerError: -- - case Http::scNotImplemented: -- - case Http::scBadGateway: -- - case Http::scServiceUnavailable: -- - case Http::scGatewayTimeout: - case Http::scMisdirectedRequest: -- -- debugs(22, 3, "MAYBE because HTTP status " << rep->sline.status()); -- return -1; -- -- /* NOTREACHED */ -+ statusAnswer = ReuseDecision::doNotCacheButShare; -+ statusReason = shareableError; -+ // fall through to the actual decision making below -+ -+ case Http::scBadRequest: // no sharing; perhaps the server did not like something specific to this request -+ -+#if USE_HTTP_VIOLATIONS -+ if (Config.negativeTtl > 0) -+ decision.make(ReuseDecision::cacheNegatively, "Config.negativeTtl > 0"); -+ else -+#endif -+ decision.make(statusAnswer, statusReason); - break; - -- /* Some responses can never be cached */ -- -- case Http::scPartialContent: /* Not yet supported */ -- -+ /* these responses can never be cached, some -+ of them can be shared though */ - case Http::scSeeOther: -- - case Http::scNotModified: -- - case Http::scUnauthorized: -- - case Http::scProxyAuthenticationRequired: -- -- case Http::scInvalidHeader: /* Squid header parsing error */ -- -- case Http::scHeaderTooLarge: -- - case Http::scPaymentRequired: -+ case Http::scInsufficientStorage: -+ // TODO: use more specific reason for non-error status codes -+ decision.make(ReuseDecision::doNotCacheButShare, shareableError); -+ break; -+ -+ case Http::scPartialContent: /* Not yet supported. TODO: make shareable for suitable ranges */ - case Http::scNotAcceptable: -- case Http::scRequestTimeout: -- case Http::scConflict: -+ case Http::scRequestTimeout: // TODO: is this shareable? -+ case Http::scConflict: // TODO: is this shareable? - case Http::scLengthRequired: - case Http::scPreconditionFailed: - case Http::scPayloadTooLarge: - case Http::scUnsupportedMediaType: - case Http::scUnprocessableEntity: -- case Http::scLocked: -+ case Http::scLocked: // TODO: is this shareable? - case Http::scFailedDependency: -- case Http::scInsufficientStorage: - case Http::scRequestedRangeNotSatisfied: - case Http::scExpectationFailed: -- -- debugs(22, 3, HERE << "NO because HTTP status " << rep->sline.status()); -- return 0; -- -+ case Http::scInvalidHeader: /* Squid header parsing error */ -+ case Http::scHeaderTooLarge: -+ decision.make(ReuseDecision::reuseNot, nonShareableError); -+ break; - default: - /* RFC 2616 section 6.1.1: an unrecognized response MUST NOT be cached. */ -- debugs (11, 3, HERE << "NO because unknown HTTP status code " << rep->sline.status()); -- return 0; - -- /* NOTREACHED */ -+ decision.make(ReuseDecision::reuseNot, "unknown status code"); - break; - } - -- /* NOTREACHED */ -+ return decision.answer; - } - - /// assemble a variant key (vary-mark) from the given Vary header and HTTP request -@@ -898,11 +882,12 @@ - - Ctx ctx = ctx_enter(entry->mem_obj->urlXXX()); - HttpReply *rep = finalReply(); -+ const Http::StatusCode statusCode = rep->sline.status(); - - entry->timestampsSet(); - - /* Check if object is cacheable or not based on reply code */ -- debugs(11, 3, "HTTP CODE: " << rep->sline.status()); -+ debugs(11, 3, "HTTP CODE: " << statusCode); - - if (const StoreEntry *oldEntry = findPreviouslyCachedEntry(entry)) - sawDateGoBack = rep->olderThan(oldEntry->getReply()); -@@ -919,7 +904,9 @@ - const SBuf vary(httpMakeVaryMark(request, rep)); - - if (vary.isEmpty()) { -- entry->makePrivate(); -+ // TODO: check whether such responses are shareable. -+ // Do not share for now. -+ entry->makePrivate(false); - if (!fwd->reforwardableStatus(rep->sline.status())) - EBIT_CLR(entry->flags, ENTRY_FWD_HDR_WAIT); - varyFailure = true; -@@ -942,30 +929,31 @@ - if (!fwd->reforwardableStatus(rep->sline.status())) - EBIT_CLR(entry->flags, ENTRY_FWD_HDR_WAIT); - -- switch (cacheableReply()) { -- -- case 1: -+ ReuseDecision decision(entry, statusCode); -+ -+ switch (reusableReply(decision)) { -+ -+ case ReuseDecision::reuseNot: -+ entry->makePrivate(false); -+ break; -+ -+ case ReuseDecision::cachePositively: - entry->makePublic(); - break; - -- case 0: -- entry->makePrivate(); -+ case ReuseDecision::cacheNegatively: -+ entry->cacheNegatively(); - break; - -- case -1: -- --#if USE_HTTP_VIOLATIONS -- if (Config.negativeTtl > 0) -- entry->cacheNegatively(); -- else --#endif -- entry->makePrivate(); -+ case ReuseDecision::doNotCacheButShare: -+ entry->makePrivate(true); - break; - - default: - assert(0); - break; - } -+ debugs(11, 3, "decided: " << decision); - } - - if (!ignoreCacheControl) { -@@ -2429,3 +2417,29 @@ - mustStop(reason); - } - -+HttpStateData::ReuseDecision::ReuseDecision(const StoreEntry *e, const Http::StatusCode code) -+ : answer(HttpStateData::ReuseDecision::reuseNot), reason(nullptr), entry(e), statusCode(code) {} -+ -+HttpStateData::ReuseDecision::Answers -+HttpStateData::ReuseDecision::make(const HttpStateData::ReuseDecision::Answers ans, const char *why) -+{ -+ answer = ans; -+ reason = why; -+ return answer; -+} -+ -+std::ostream &operator <<(std::ostream &os, const HttpStateData::ReuseDecision &d) -+{ -+ static const char *ReuseMessages[] = { -+ "do not cache and do not share", // reuseNot -+ "cache positively and share", // cachePositively -+ "cache negatively and share", // cacheNegatively -+ "do not cache but share" // doNotCacheButShare -+ }; -+ -+ assert(d.answer >= HttpStateData::ReuseDecision::reuseNot && -+ d.answer <= HttpStateData::ReuseDecision::doNotCacheButShare); -+ return os << ReuseMessages[d.answer] << " because " << d.reason << -+ "; HTTP status " << d.statusCode << " " << *(d.entry); -+} -+ - -=== modified file 'src/http.h' ---- src/http.h 2017-01-01 00:16:45 +0000 -+++ src/http.h 2017-06-14 21:37:20 +0000 -@@ -22,6 +22,23 @@ - { - - public: -+ -+ /// assists in making and relaying entry caching/sharing decision -+ class ReuseDecision -+ { -+ public: -+ enum Answers { reuseNot = 0, cachePositively, cacheNegatively, doNotCacheButShare }; -+ -+ ReuseDecision(const StoreEntry *e, const Http::StatusCode code); -+ /// stores the corresponding decision -+ Answers make(const Answers ans, const char *why); -+ -+ Answers answer; ///< the decision id -+ const char *reason; ///< the decision reason -+ const StoreEntry *entry; ///< entry for debugging -+ const Http::StatusCode statusCode; ///< HTTP status for debugging -+ }; -+ - HttpStateData(FwdState *); - ~HttpStateData(); - -@@ -39,8 +56,8 @@ - void readReply(const CommIoCbParams &io); - virtual void maybeReadVirginBody(); // read response data from the network - -- // Determine whether the response is a cacheable representation -- int cacheableReply(); -+ // Checks whether the response is cacheable/shareable. -+ ReuseDecision::Answers reusableReply(ReuseDecision &decision); - - CachePeer *_peer; /* CachePeer request made to */ - int eof; /* reached end-of-object? */ -@@ -119,6 +136,8 @@ - CBDATA_CLASS2(HttpStateData); - }; - -+std::ostream &operator <<(std::ostream &os, const HttpStateData::ReuseDecision &d); -+ - int httpCachable(const HttpRequestMethod&); - void httpStart(FwdState *); - SBuf httpMakeVaryMark(HttpRequest * request, HttpReply const * reply); - -=== modified file 'src/store.cc' ---- src/store.cc 2017-01-01 00:16:45 +0000 -+++ src/store.cc 2017-06-14 21:37:20 +0000 -@@ -171,11 +171,18 @@ - } - - void --StoreEntry::makePrivate() -+StoreEntry::makePrivate(const bool shareable) - { - /* This object should never be cached at all */ - expireNow(); -- releaseRequest(); /* delete object when not used */ -+ releaseRequest(shareable); /* delete object when not used */ -+} -+ -+void -+StoreEntry::clearPrivate() -+{ -+ EBIT_CLR(flags, KEY_PRIVATE); -+ shareableWhenPrivate = false; - } - - void -@@ -365,7 +372,8 @@ - ping_status(PING_NONE), - store_status(STORE_PENDING), - swap_status(SWAPOUT_NONE), -- lock_count(0) -+ lock_count(0), -+ shareableWhenPrivate(false) - { - debugs(20, 5, "StoreEntry constructed, this=" << this); - } -@@ -504,14 +512,14 @@ - } - - void --StoreEntry::releaseRequest() -+StoreEntry::releaseRequest(const bool shareable) - { - if (EBIT_TEST(flags, RELEASE_REQUEST)) - return; - - setReleaseFlag(); // makes validToSend() false, preventing future hits - -- setPrivateKey(); -+ setPrivateKey(shareable); - } - - int -@@ -623,12 +631,16 @@ - * concept'. - */ - void --StoreEntry::setPrivateKey() -+StoreEntry::setPrivateKey(const bool shareable) - { - const cache_key *newkey; - -- if (key && EBIT_TEST(flags, KEY_PRIVATE)) -- return; /* is already private */ -+ if (key && EBIT_TEST(flags, KEY_PRIVATE)) { -+ // The entry is already private, but it may be still shareable. -+ if (!shareable) -+ shareableWhenPrivate = false; -+ return; -+ } - - if (key) { - setReleaseFlag(); // will markForUnlink(); all caches/workers will know -@@ -649,6 +661,7 @@ - - assert(hash_lookup(store_table, newkey) == NULL); - EBIT_SET(flags, KEY_PRIVATE); -+ shareableWhenPrivate = shareable; - hashInsert(newkey); - } - -@@ -705,14 +718,17 @@ - if (StoreEntry *e2 = (StoreEntry *)hash_lookup(store_table, newkey)) { - assert(e2 != this); - debugs(20, 3, "Making old " << *e2 << " private."); -- e2->setPrivateKey(); -- e2->release(); -+ -+ // TODO: check whether there is any sense in keeping old entry -+ // shareable here. Leaving it non-shareable for now. -+ e2->setPrivateKey(false); -+ e2->release(false); - } - - if (key) - hashDelete(); - -- EBIT_CLR(flags, KEY_PRIVATE); -+ clearPrivate(); - - hashInsert(newkey); - -@@ -830,7 +846,7 @@ - e->lock("storeCreateEntry"); - - if (neighbors_do_private_keys || !flags.hierarchical) -- e->setPrivateKey(); -+ e->setPrivateKey(false); - else - e->setPublicKey(); - -@@ -1264,7 +1280,7 @@ - - /* release an object from a cache */ - void --StoreEntry::release() -+StoreEntry::release(const bool shareable) - { - PROF_start(storeRelease); - debugs(20, 3, "releasing " << *this << ' ' << getMD5Text()); -@@ -1274,7 +1290,7 @@ - if (locked()) { - expireNow(); - debugs(20, 3, "storeRelease: Only setting RELEASE_REQUEST bit"); -- releaseRequest(); -+ releaseRequest(shareable); - PROF_stop(storeRelease); - return; - } -@@ -1282,7 +1298,7 @@ - Store::Root().memoryUnlink(*this); - - if (StoreController::store_dirs_rebuilding && swap_filen > -1) { -- setPrivateKey(); -+ setPrivateKey(shareable); - - if (swap_filen > -1) { - // lock the entry until rebuilding is done -@@ -2181,7 +2197,11 @@ - if (EBIT_TEST(e.flags, REFRESH_REQUEST)) os << 'F'; - if (EBIT_TEST(e.flags, ENTRY_REVALIDATE_STALE)) os << 'E'; - if (EBIT_TEST(e.flags, ENTRY_DISPATCHED)) os << 'D'; -- if (EBIT_TEST(e.flags, KEY_PRIVATE)) os << 'I'; -+ if (EBIT_TEST(e.flags, KEY_PRIVATE)) { -+ os << 'I'; -+ if (e.shareableWhenPrivate) -+ os << 'H'; -+ } - if (EBIT_TEST(e.flags, ENTRY_FWD_HDR_WAIT)) os << 'W'; - if (EBIT_TEST(e.flags, ENTRY_NEGCACHED)) os << 'N'; - if (EBIT_TEST(e.flags, ENTRY_VALIDATED)) os << 'V'; - -=== modified file 'src/tests/stub_store.cc' ---- src/tests/stub_store.cc 2017-01-01 00:16:45 +0000 -+++ src/tests/stub_store.cc 2017-06-14 21:37:20 +0000 -@@ -43,11 +43,11 @@ - void StoreEntry::abort() STUB - void StoreEntry::unlink() STUB - void StoreEntry::makePublic(const KeyScope keyScope) STUB --void StoreEntry::makePrivate() STUB -+void StoreEntry::makePrivate(const bool shareable) STUB - void StoreEntry::setPublicKey(const KeyScope keyScope) STUB --void StoreEntry::setPrivateKey() STUB -+void StoreEntry::setPrivateKey(const bool shareable) STUB - void StoreEntry::expireNow() STUB --void StoreEntry::releaseRequest() STUB -+void StoreEntry::releaseRequest(const bool shareable) STUB - void StoreEntry::negativeCache() STUB - void StoreEntry::cacheNegatively() STUB - void StoreEntry::purgeMem() STUB -@@ -99,7 +99,7 @@ - int64_t StoreEntry::contentLen() const STUB_RETVAL(0) - void StoreEntry::lock(const char *) STUB - void StoreEntry::touch() STUB --void StoreEntry::release() STUB -+void StoreEntry::release(const bool shareable) STUB - - NullStoreEntry *NullStoreEntry::getInstance() STUB_RETVAL(NULL) - const char *NullStoreEntry::getMD5Text() const STUB_RETVAL(NULL) - -=== modified file 'src/tests/testStoreController.cc' ---- src/tests/testStoreController.cc 2017-01-01 00:16:45 +0000 -+++ src/tests/testStoreController.cc 2017-06-14 21:37:20 +0000 -@@ -116,7 +116,7 @@ - e->lastModified(squid_curtime); - e->refcount = 1; - EBIT_CLR(e->flags, RELEASE_REQUEST); -- EBIT_CLR(e->flags, KEY_PRIVATE); -+ e->clearPrivate(); - e->ping_status = PING_NONE; - EBIT_CLR(e->flags, ENTRY_VALIDATED); - e->hashInsert((const cache_key *)name.termedBuf()); /* do it after we clear KEY_PRIVATE */ - -=== modified file 'src/tests/testStoreHashIndex.cc' ---- src/tests/testStoreHashIndex.cc 2017-01-01 00:16:45 +0000 -+++ src/tests/testStoreHashIndex.cc 2017-06-14 21:37:20 +0000 -@@ -97,7 +97,7 @@ - e->lastModified(squid_curtime); - e->refcount = 1; - EBIT_CLR(e->flags, RELEASE_REQUEST); -- EBIT_CLR(e->flags, KEY_PRIVATE); -+ e->clearPrivate(); - e->ping_status = PING_NONE; - EBIT_CLR(e->flags, ENTRY_VALIDATED); - e->hashInsert((const cache_key *)name.termedBuf()); /* do it after we clear KEY_PRIVATE */ - diff --git a/src/patches/squid/squid-3.5-14170.patch b/src/patches/squid/squid-3.5-14170.patch deleted file mode 100644 index cea0f13..0000000 --- a/src/patches/squid/squid-3.5-14170.patch +++ /dev/null @@ -1,85 +0,0 @@ ------------------------------------------------------------- -revno: 14170 -revision-id: squid3@treenet.co.nz-20170614215906-ly36sobvlr2pt0u6 -parent: squid3@treenet.co.nz-20170614213720-3qmiohlx4zr2jnqq -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=2833 -author: Eduard Bagdasaryan eduard.bagdasaryan@measurement-factory.com -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Thu 2017-06-15 09:59:06 +1200 -message: - Bug 2833 pt3: Do not respond with HTTP/304 to unconditional requests - - ... after internal revalidation. The original unconditional HttpRequest - was still marked (and processed) as conditional after internal - revalidation because the original (clear) Last-Modified and ETag values - were not restored (cleared) after the internal revalidation abused them. - - TODO: Isolate the code converting the request into conditional one _and_ - the code that undoes that conversion, to keep both actions in sync. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20170614215906-ly36sobvlr2pt0u6 -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 0991e2d39b3bcebcf18cba3db0e3b57aabf23b8b -# timestamp: 2017-06-14 22:22:43 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20170614213720-\ -# 3qmiohlx4zr2jnqq -# -# Begin patch -=== modified file 'src/client_side_reply.cc' ---- src/client_side_reply.cc 2017-06-14 21:37:20 +0000 -+++ src/client_side_reply.cc 2017-06-14 21:59:06 +0000 -@@ -72,8 +72,8 @@ - HTTPMSGUNLOCK(reply); - } - --clientReplyContext::clientReplyContext(ClientHttpRequest *clientContext) : http (cbdataReference(clientContext)), old_entry (NULL), old_sc(NULL), deleting(false), -- collapsedRevalidation(crNone) -+clientReplyContext::clientReplyContext(ClientHttpRequest *clientContext) : http (cbdataReference(clientContext)), old_entry (NULL), -+ old_sc(NULL), old_lastmod(-1), deleting(false), collapsedRevalidation(crNone) - {} - - /** Create an error in the store awaiting the client side to read it. -@@ -185,6 +185,8 @@ - debugs(88, 3, "clientReplyContext::saveState: saving store context"); - old_entry = http->storeEntry(); - old_sc = sc; -+ old_lastmod = http->request->lastmod; -+ old_etag = http->request->etag; - old_reqsize = reqsize; - tempBuffer.offset = reqofs; - /* Prevent accessing the now saved entries */ -@@ -204,9 +206,13 @@ - sc = old_sc; - reqsize = old_reqsize; - reqofs = tempBuffer.offset; -+ http->request->lastmod = old_lastmod; -+ http->request->etag = old_etag; - /* Prevent accessed the old saved entries */ - old_entry = NULL; - old_sc = NULL; -+ old_lastmod = -1; -+ old_etag.clean(); - old_reqsize = 0; - tempBuffer.offset = 0; - } - -=== modified file 'src/client_side_reply.h' ---- src/client_side_reply.h 2017-01-01 00:16:45 +0000 -+++ src/client_side_reply.h 2017-06-14 21:59:06 +0000 -@@ -130,7 +130,11 @@ - void sendNotModifiedOrPreconditionFailedError(); - - StoreEntry *old_entry; -- store_client *old_sc; /* ... for entry to be validated */ -+ /* ... for entry to be validated */ -+ store_client *old_sc; -+ time_t old_lastmod; -+ String old_etag; -+ - bool deleting; - - typedef enum { - diff --git a/src/patches/squid/squid-3.5-14171.patch b/src/patches/squid/squid-3.5-14171.patch deleted file mode 100644 index f357045..0000000 --- a/src/patches/squid/squid-3.5-14171.patch +++ /dev/null @@ -1,45 +0,0 @@ ------------------------------------------------------------- -revno: 14171 -revision-id: squidadm@squid-cache.org-20170615001633-wgrl5w8isv15o7gg -parent: squid3@treenet.co.nz-20170614215906-ly36sobvlr2pt0u6 -committer: Source Maintenance squidadm@squid-cache.org -branch nick: 3.5 -timestamp: Thu 2017-06-15 00:16:33 +0000 -message: - SourceFormat Enforcement ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squidadm@squid-cache.org-20170615001633-\ -# wgrl5w8isv15o7gg -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 237182ac5eed6aca7e9aca295a90057f3a8cf10b -# timestamp: 2017-06-15 00:51:05 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20170614215906-\ -# ly36sobvlr2pt0u6 -# -# Begin patch -=== modified file 'src/http.cc' ---- src/http.cc 2017-06-14 21:37:20 +0000 -+++ src/http.cc 2017-06-15 00:16:33 +0000 -@@ -523,7 +523,7 @@ - case Http::scMisdirectedRequest: - statusAnswer = ReuseDecision::doNotCacheButShare; - statusReason = shareableError; -- // fall through to the actual decision making below -+ // fall through to the actual decision making below - - case Http::scBadRequest: // no sharing; perhaps the server did not like something specific to this request - -@@ -2438,8 +2438,8 @@ - }; - - assert(d.answer >= HttpStateData::ReuseDecision::reuseNot && -- d.answer <= HttpStateData::ReuseDecision::doNotCacheButShare); -+ d.answer <= HttpStateData::ReuseDecision::doNotCacheButShare); - return os << ReuseMessages[d.answer] << " because " << d.reason << -- "; HTTP status " << d.statusCode << " " << *(d.entry); -+ "; HTTP status " << d.statusCode << " " << *(d.entry); - } - - diff --git a/src/patches/squid/squid-3.5-14172.patch b/src/patches/squid/squid-3.5-14172.patch deleted file mode 100644 index aa73327..0000000 --- a/src/patches/squid/squid-3.5-14172.patch +++ /dev/null @@ -1,40 +0,0 @@ ------------------------------------------------------------- -revno: 14172 -revision-id: squid3@treenet.co.nz-20170621195439-l63xfsad58ghhhfu -parent: squidadm@squid-cache.org-20170615001633-wgrl5w8isv15o7gg -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4671 -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Thu 2017-06-22 07:54:39 +1200 -message: - Bug 4671 pt2: GCC 7: raise FTP Gateway CTRL channel buffer to 16KB - - Fixes - error: %s directive output may be truncated writing up to 8191 bytes - into a region of size 1019 - note: snprintf output between 8 and 8199 bytes into a destination of - size 1024 ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20170621195439-l63xfsad58ghhhfu -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: eeb32b45efe5504eebeaae89088d4a81d807807c -# timestamp: 2017-06-21 20:50:58 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squidadm@squid-cache.org-20170615001633-\ -# wgrl5w8isv15o7gg -# -# Begin patch -=== modified file 'src/clients/FtpGateway.cc' ---- src/clients/FtpGateway.cc 2017-05-29 04:37:41 +0000 -+++ src/clients/FtpGateway.cc 2017-06-21 19:54:39 +0000 -@@ -192,7 +192,7 @@ - - #define FTP_LOGIN_NOT_ESCAPED 0 - --#define CTRL_BUFLEN 1024 -+#define CTRL_BUFLEN 16*1024 - static char cbuf[CTRL_BUFLEN]; - - /* - diff --git a/src/patches/squid/squid-3.5-14173.patch b/src/patches/squid/squid-3.5-14173.patch deleted file mode 100644 index 6841202..0000000 --- a/src/patches/squid/squid-3.5-14173.patch +++ /dev/null @@ -1,254 +0,0 @@ ------------------------------------------------------------- -revno: 14173 -revision-id: squid3@treenet.co.nz-20170621201248-ezpvykg0b307ix61 -parent: squid3@treenet.co.nz-20170621195439-l63xfsad58ghhhfu -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4671 -author: Alex Rousskov rousskov@measurement-factory.com -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Thu 2017-06-22 08:12:48 +1200 -message: - Replace new/delete operators using modern C++ rules. - - This change was motivated by "Mismatched free()/delete/delete[]" errors - reported by valgrind and mused about in Squid source code. - - I speculate that the old new/delete replacement code was the result of - slow accumulation of working hacks to accomodate various environments, - as compiler support for the feature evolved. The cumulative result does - not actually work well (see the above paragraph), and the replacement - functions had the following visible coding problems according to [1,2]: - - a) Declared with non-standard profiles that included throw specifiers. - b) Declared inline. C++ says that the results of inline declarations - have unspecified effects. In Squid, they probably necessitated - complex compiler-specific "extern inline" workarounds. - c) Defined in the header file. C++ says that defining replacements "in - any source file" is enough and that multiple replacements per - program (which is what a header file definition produces) result in - "undefined behavior". - d) Declared inconsistently (only 2 out of 4 flavors). Declaring one base - flavor should be sufficient, but if we declare more, we should - declare all of them. - - [1] http://en.cppreference.com/w/cpp/memory/new/operator_new - [2] http://en.cppreference.com/w/cpp/memory/new/operator_delete - - The replacements were not provided to clang (trunk r13219), but there - was no explanation why. This patch does not change that exclusion. - - I have no idea whether any of the old hacks are still necessary in some - cases. However, I suspect that either we do not care much if the - replacements are not enabled on some poorly supported platforms OR we - can disable them (or make them work) using much simpler hacks for the - platforms we do care about. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20170621201248-ezpvykg0b307ix61 -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 4f15c23326e4e4fe2ca2a6c7a13333e01677a0b0 -# timestamp: 2017-06-21 20:51:02 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20170621195439-\ -# l63xfsad58ghhhfu -# -# Begin patch -=== modified file 'compat/os/macosx.h' ---- compat/os/macosx.h 2017-01-01 00:16:45 +0000 -+++ compat/os/macosx.h 2017-06-21 20:12:48 +0000 -@@ -28,11 +28,6 @@ - - #include "compat/cmsg.h" - --// MacOS GCC 4.0.1 and 4.2.1 supply __GNUC_GNU_INLINE__ but do not actually define __attribute__((gnu_inline)) --#if defined(__cplusplus) && !defined(_SQUID_EXTERNNEW_) --#define _SQUID_EXTERNNEW_ extern inline --#endif -- - #endif /* _SQUID_APPLE_ */ - #endif /* SQUID_OS_MACOSX_H */ - - -=== modified file 'compat/os/sgi.h' ---- compat/os/sgi.h 2017-01-01 00:16:45 +0000 -+++ compat/os/sgi.h 2017-06-21 20:12:48 +0000 -@@ -25,15 +25,6 @@ - #define _ABI_SOURCE - #endif /* USE_ASYNC_IO */ - --#if defined(__cplusplus) && !defined(_SQUID_EXTERNNEW_) && !defined(_GNUC_) --/* -- * The gcc compiler treats extern inline functions as being extern, -- * while the SGI MIPSpro compilers treat them as inline. To get equivalent -- * behavior, remove the inline keyword. -- */ --#define _SQUID_EXTERNNEW_ extern --#endif -- - #endif /* _SQUID_SGI_ */ - #endif /* SQUID_OS_SGI_H */ - - -=== modified file 'compat/os/solaris.h' ---- compat/os/solaris.h 2017-01-01 00:16:45 +0000 -+++ compat/os/solaris.h 2017-06-21 20:12:48 +0000 -@@ -59,13 +59,6 @@ - #endif - - /* -- * SunPro CC handles extern inline as inline, PLUS extern symbols. -- */ --#if !defined(_SQUID_EXTERNNEW_) && defined(__SUNPRO_CC) --#define _SQUID_EXTERNNEW_ extern --#endif -- --/* - * SunStudio CC does not define C++ portability API __FUNCTION__ - */ - #if defined(__SUNPRO_CC) && !defined(__FUNCTION__) - -=== removed file 'include/SquidNew.h' ---- include/SquidNew.h 2017-01-01 00:16:45 +0000 -+++ include/SquidNew.h 1970-01-01 00:00:00 +0000 -@@ -1,41 +0,0 @@ --/* -- * Copyright (C) 1996-2017 The Squid Software Foundation and contributors -- * -- * Squid software is distributed under GPLv2+ license and includes -- * contributions from numerous individuals and organizations. -- * Please see the COPYING and CONTRIBUTORS files for details. -- */ -- --#ifndef SQUID_NEW_H --#define SQUID_NEW_H -- --#if !defined(__SUNPRO_CC) && !defined(__clang__) --/* Any code using libstdc++ must have externally resolvable overloads -- * for void * operator new - which means in the .o for the binary, -- * or in a shared library. static libs don't propogate the symbol -- * so, look in the translation unit containing main() in squid -- * for the extern version in squid -- */ --#include <new> -- --_SQUID_EXTERNNEW_ void *operator new(size_t size) throw (std::bad_alloc) --{ -- return xmalloc(size); --} --_SQUID_EXTERNNEW_ void operator delete (void *address) throw() --{ -- xfree(address); --} --_SQUID_EXTERNNEW_ void *operator new[] (size_t size) throw (std::bad_alloc) --{ -- return xmalloc(size); --} --_SQUID_EXTERNNEW_ void operator delete[] (void *address) throw() --{ -- xfree(address); --} -- --#endif /* !__SUNPRO_CC && !__clang__*/ -- --#endif /* SQUID_NEW_H */ -- - -=== modified file 'include/util.h' ---- include/util.h 2017-01-01 00:16:45 +0000 -+++ include/util.h 2017-06-21 20:12:48 +0000 -@@ -19,23 +19,6 @@ - SQUIDCEXTERN int tvSubUsec(struct timeval, struct timeval); - SQUIDCEXTERN double tvSubDsec(struct timeval, struct timeval); - SQUIDCEXTERN void Tolower(char *); --#if defined(__cplusplus) --/* -- * Any code using libstdc++ must have externally resolvable overloads -- * for void * operator new - which means in the .o for the binary, -- * or in a shared library. static libs don't propogate the symbol -- * so, look in the translation unit containing main() in squid -- * for the extern version in squid -- */ --#if !defined(_SQUID_EXTERNNEW_) --#if defined(__GNUC_STDC_INLINE__) || defined(__GNUC_GNU_INLINE__) --#define _SQUID_EXTERNNEW_ extern inline __attribute__((gnu_inline)) --#else --#define _SQUID_EXTERNNEW_ extern inline --#endif --#endif --#include "SquidNew.h" --#endif - - SQUIDCEXTERN time_t parse_iso3307_time(const char *buf); - - -=== modified file 'src/SquidNew.cc' ---- src/SquidNew.cc 2017-01-01 00:16:45 +0000 -+++ src/SquidNew.cc 2017-06-21 20:12:48 +0000 -@@ -8,29 +8,45 @@ - - /* DEBUG: none Memory Allocation */ - --#define _SQUID_EXTERNNEW_ -- - #include "squid.h" - --#ifdef __SUNPRO_CC -+#if !defined(__clang__) - - #include <new> --void *operator new(size_t size) throw (std::bad_alloc) --{ -- return xmalloc(size); --} --void operator delete (void *address) throw() --{ -- xfree (address); --} --void *operator new[] (size_t size) throw (std::bad_alloc) --{ -- return xmalloc(size); --} --void operator delete[] (void *address) throw() --{ -- xfree (address); --} -- --#endif /* __SUNPRO_CC */ -+ -+void *operator new(size_t size) -+{ -+ return xmalloc(size); -+} -+void operator delete(void *address) -+{ -+ xfree(address); -+} -+void *operator new[](size_t size) -+{ -+ return xmalloc(size); -+} -+void operator delete[](void *address) -+{ -+ xfree(address); -+} -+ -+void *operator new(size_t size, const std::nothrow_t &tag) -+{ -+ return xmalloc(size); -+} -+void operator delete(void *address, const std::nothrow_t &tag) -+{ -+ xfree(address); -+} -+void *operator new[](size_t size, const std::nothrow_t &tag) -+{ -+ return xmalloc(size); -+} -+void operator delete[](void *address, const std::nothrow_t &tag) -+{ -+ xfree(address); -+} -+ -+#endif /* !defined(__clang__) */ - - diff --git a/src/patches/squid/squid-3.5-14174.patch b/src/patches/squid/squid-3.5-14174.patch deleted file mode 100644 index 7427eb3..0000000 --- a/src/patches/squid/squid-3.5-14174.patch +++ /dev/null @@ -1,274 +0,0 @@ ------------------------------------------------------------- -revno: 14174 -revision-id: squid3@treenet.co.nz-20170622153146-nxo8vl6a9r8z03v4 -parent: squid3@treenet.co.nz-20170621201248-ezpvykg0b307ix61 -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4671 -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Fri 2017-06-23 03:31:46 +1200 -message: - Bug 4671 pt3: various GCC 7 compile errors - - Also, remove limit on FTP realm strings - - Convert ftpRealm() from generating char* to SBuf. This fixes issues identified - by GCC 7 where the realm string may be longer than the available buffer and - gets truncated. - The size of the buffer was making the occurance rather rare, but it is still - possible. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20170622153146-nxo8vl6a9r8z03v4 -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: b54e1a339544443ed9b34a094717b2781c746c76 -# timestamp: 2017-06-22 15:50:59 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20170621201248-\ -# ezpvykg0b307ix61 -# -# Begin patch -=== modified file 'src/DiskIO/DiskThreads/aiops.cc' ---- src/DiskIO/DiskThreads/aiops.cc 2017-01-01 00:16:45 +0000 -+++ src/DiskIO/DiskThreads/aiops.cc 2017-06-22 15:31:46 +0000 -@@ -290,7 +290,7 @@ - /* Create threads and get them to sit in their wait loop */ - squidaio_thread_pool = memPoolCreate("aio_thread", sizeof(squidaio_thread_t)); - -- assert(NUMTHREADS); -+ assert(NUMTHREADS != 0); - - for (i = 0; i < NUMTHREADS; ++i) { - threadp = (squidaio_thread_t *)squidaio_thread_pool->alloc(); - -=== modified file 'src/clients/FtpGateway.cc' ---- src/clients/FtpGateway.cc 2017-06-21 19:54:39 +0000 -+++ src/clients/FtpGateway.cc 2017-06-22 15:31:46 +0000 -@@ -153,8 +153,8 @@ - virtual void timeout(const CommTimeoutCbParams &io); - void ftpAcceptDataConnection(const CommAcceptCbParams &io); - -- static HttpReply *ftpAuthRequired(HttpRequest * request, const char *realm); -- const char *ftpRealm(void); -+ static HttpReply *ftpAuthRequired(HttpRequest * request, SBuf &realm); -+ SBuf ftpRealm(); - void loginFailed(void); - - virtual void haveParsedReplyHeaders(); -@@ -1189,7 +1189,8 @@ - { - if (!checkAuth(&request->header)) { - /* create appropriate reply */ -- HttpReply *reply = ftpAuthRequired(request, ftpRealm()); -+ SBuf realm(ftpRealm()); // local copy so SBuf wont disappear too early -+ HttpReply *reply = ftpAuthRequired(request, realm); - entry->replaceHttpReply(reply); - serverComplete(); - return; -@@ -1290,7 +1291,9 @@ - - #if HAVE_AUTH_MODULE_BASIC - /* add Authenticate header */ -- newrep->header.putAuth("Basic", ftpRealm()); -+ // XXX: performance regression. c_str() may reallocate -+ SBuf realm(ftpRealm()); // local copy so SBuf wont disappear too early -+ newrep->header.putAuth("Basic", realm.c_str()); - #endif - - // add it to the store entry for response.... -@@ -1298,18 +1301,19 @@ - serverComplete(); - } - --const char * -+SBuf - Ftp::Gateway::ftpRealm() - { -- static char realm[8192]; -+ SBuf realm; - - /* This request is not fully authenticated */ -- if (!request) { -- snprintf(realm, 8192, "FTP %s unknown", user); -- } else if (request->port == 21) { -- snprintf(realm, 8192, "FTP %s %s", user, request->GetHost()); -- } else { -- snprintf(realm, 8192, "FTP %s %s port %d", user, request->GetHost(), request->port); -+ realm.appendf("FTP %s ", user); -+ if (!request) -+ realm.append("unknown", 7); -+ else { -+ realm.append(request->GetHost()); -+ if (request->port != 21) -+ realm.appendf(" port %d", request->port); - } - return realm; - } -@@ -2673,13 +2677,14 @@ - } - - HttpReply * --Ftp::Gateway::ftpAuthRequired(HttpRequest * request, const char *realm) -+Ftp::Gateway::ftpAuthRequired(HttpRequest * request, SBuf &realm) - { - ErrorState err(ERR_CACHE_ACCESS_DENIED, Http::scUnauthorized, request); - HttpReply *newrep = err.BuildHttpReply(); - #if HAVE_AUTH_MODULE_BASIC - /* add Authenticate header */ -- newrep->header.putAuth("Basic", realm); -+ // XXX: performance regression. c_str() may reallocate -+ newrep->header.putAuth("Basic", realm.c_str()); - #endif - return newrep; - } - -=== modified file 'src/fde.cc' ---- src/fde.cc 2017-01-01 00:16:45 +0000 -+++ src/fde.cc 2017-06-22 15:31:46 +0000 -@@ -85,15 +85,15 @@ - char const * - fde::remoteAddr() const - { -- LOCAL_ARRAY(char, buf, MAX_IPSTRLEN ); -+ static char buf[MAX_IPSTRLEN+7]; // 7 = length of ':port' strings - - if (type != FD_SOCKET) - return null_string; - - if ( *ipaddr ) -- snprintf( buf, MAX_IPSTRLEN, "%s:%d", ipaddr, (int)remote_port); -+ snprintf(buf, sizeof(buf), "%s:%u", ipaddr, remote_port); - else -- local_addr.toUrl(buf,MAX_IPSTRLEN); // toHostStr does not include port. -+ local_addr.toUrl(buf, sizeof(buf)); // toHostStr does not include port. - - return buf; - } - -=== modified file 'src/fs/ufs/RebuildState.cc' ---- src/fs/ufs/RebuildState.cc 2017-01-01 00:16:45 +0000 -+++ src/fs/ufs/RebuildState.cc 2017-06-22 15:31:46 +0000 -@@ -444,7 +444,7 @@ - } - - if (0 == in_dir) { /* we need to read in a new directory */ -- snprintf(fullpath, MAXPATHLEN, "%s/%02X/%02X", -+ snprintf(fullpath, sizeof(fullpath), "%s/%02X/%02X", - sd->path, - curlvl1, curlvl2); - -@@ -489,7 +489,7 @@ - continue; - } - -- snprintf(fullfilename, MAXPATHLEN, "%s/%s", -+ snprintf(fullfilename, sizeof(fullfilename), "%s/%s", - fullpath, entry->d_name); - debugs(47, 3, HERE << "Opening " << fullfilename); - fd = file_open(fullfilename, O_RDONLY | O_BINARY); - -=== modified file 'src/fs/ufs/RebuildState.h' ---- src/fs/ufs/RebuildState.h 2017-01-01 00:16:45 +0000 -+++ src/fs/ufs/RebuildState.h 2017-06-22 15:31:46 +0000 -@@ -54,7 +54,7 @@ - dirent_t *entry; - DIR *td; - char fullpath[MAXPATHLEN]; -- char fullfilename[MAXPATHLEN]; -+ char fullfilename[MAXPATHLEN*2]; - - StoreRebuildData counts; - - -=== modified file 'src/gopher.cc' ---- src/gopher.cc 2017-01-01 00:16:45 +0000 -+++ src/gopher.cc 2017-06-22 15:31:46 +0000 -@@ -820,7 +820,7 @@ - * This will be called when request write is complete. Schedule read of reply. - */ - static void --gopherSendComplete(const Comm::ConnectionPointer &conn, char *buf, size_t size, Comm::Flag errflag, int xerrno, void *data) -+gopherSendComplete(const Comm::ConnectionPointer &conn, char *, size_t size, Comm::Flag errflag, int xerrno, void *data) - { - GopherStateData *gopherState = (GopherStateData *) data; - StoreEntry *entry = gopherState->entry; -@@ -840,10 +840,6 @@ - err->url = xstrdup(entry->url()); - gopherState->fwd->fail(err); - gopherState->serverConn->close(); -- -- if (buf) -- memFree(buf, MEM_4K_BUF); /* Allocated by gopherSendRequest. */ -- - return; - } - -@@ -885,9 +881,6 @@ - AsyncCall::Pointer call = commCbCall(5,5, "gopherReadReply", - CommIoCbPtrFun(gopherReadReply, gopherState)); - entry->delayAwareRead(conn, gopherState->replybuf, BUFSIZ, call); -- -- if (buf) -- memFree(buf, MEM_4K_BUF); /* Allocated by gopherSendRequest. */ - } - - /** -@@ -898,32 +891,31 @@ - gopherSendRequest(int fd, void *data) - { - GopherStateData *gopherState = (GopherStateData *)data; -- char *buf = (char *)memAllocate(MEM_4K_BUF); -+ MemBuf mb; -+ mb.init(); - - if (gopherState->type_id == GOPHER_CSO) { - const char *t = strchr(gopherState->request, '?'); - -- if (t != NULL) -+ if (t) - ++t; /* skip the ? */ - else - t = ""; - -- snprintf(buf, 4096, "query %s\r\nquit\r\n", t); -- } else if (gopherState->type_id == GOPHER_INDEX) { -- char *t = strchr(gopherState->request, '?'); -- -- if (t != NULL) -- *t = '\t'; -- -- snprintf(buf, 4096, "%s\r\n", gopherState->request); -+ mb.Printf("query %s\r\nquit", t); - } else { -- snprintf(buf, 4096, "%s\r\n", gopherState->request); -+ if (gopherState->type_id == GOPHER_INDEX) { -+ if (char *t = strchr(gopherState->request, '?')) -+ *t = '\t'; -+ } -+ mb.append(gopherState->request, strlen(gopherState->request)); - } -+ mb.append("\r\n", 2); - -- debugs(10, 5, HERE << gopherState->serverConn); -+ debugs(10, 5, gopherState->serverConn); - AsyncCall::Pointer call = commCbCall(5,5, "gopherSendComplete", - CommIoCbPtrFun(gopherSendComplete, gopherState)); -- Comm::Write(gopherState->serverConn, buf, strlen(buf), call, NULL); -+ Comm::Write(gopherState->serverConn, &mb, call); - - gopherState->entry->makePublic(); - } - -=== modified file 'src/icmp/Makefile.am' ---- src/icmp/Makefile.am 2017-01-01 00:16:45 +0000 -+++ src/icmp/Makefile.am 2017-06-22 15:31:46 +0000 -@@ -59,7 +59,8 @@ - pinger_LDFLAGS = $(LIBADD_DL) - pinger_LDADD=\ - libicmp-core.la \ -- ../ip/libip.la \ -+ $(top_builddir)/src/ip/libip.la \ -+ $(top_builddir)/src/base/libbase.la \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - - diff --git a/src/patches/squid/squid-3.5-14175.patch b/src/patches/squid/squid-3.5-14175.patch deleted file mode 100644 index a2a8a5d..0000000 --- a/src/patches/squid/squid-3.5-14175.patch +++ /dev/null @@ -1,34 +0,0 @@ ------------------------------------------------------------- -revno: 14175 -revision-id: squid3@treenet.co.nz-20170629125627-socq6szqysvm9ifa -parent: squid3@treenet.co.nz-20170622153146-nxo8vl6a9r8z03v4 -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4112 -author: Sven Eisenberg sven.eisenberg@lairdtech.com -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Fri 2017-06-30 00:56:27 +1200 -message: - Bug 4112: ssl_engine does not accept cryptodev ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20170629125627-socq6szqysvm9ifa -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: c74e6941e5b6df8e36d26dd5c02389ae2955bc21 -# timestamp: 2017-06-29 13:51:04 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20170622153146-\ -# nxo8vl6a9r8z03v4 -# -# Begin patch -=== modified file 'src/ssl/support.cc' ---- src/ssl/support.cc 2017-01-27 16:14:19 +0000 -+++ src/ssl/support.cc 2017-06-29 12:56:27 +0000 -@@ -737,6 +737,7 @@ - - #if HAVE_OPENSSL_ENGINE_H - if (Config.SSL.ssl_engine) { -+ ENGINE_load_builtin_engines(); - ENGINE *e; - if (!(e = ENGINE_by_id(Config.SSL.ssl_engine))) - fatalf("Unable to find SSL engine '%s'\n", Config.SSL.ssl_engine); - diff --git a/src/patches/squid/squid-3.5-14176.patch b/src/patches/squid/squid-3.5-14176.patch deleted file mode 100644 index 63141e3..0000000 --- a/src/patches/squid/squid-3.5-14176.patch +++ /dev/null @@ -1,42 +0,0 @@ ------------------------------------------------------------- -revno: 14176 -revision-id: squid3@treenet.co.nz-20170701073514-uzowexcysowqostf -parent: squid3@treenet.co.nz-20170629125627-socq6szqysvm9ifa -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4687 -author: Lubos Uhliarik luhliari@redhat.com -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sat 2017-07-01 19:35:14 +1200 -message: - Bug 4687: Wrong names of components in man page, section SEE ALSO ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20170701073514-uzowexcysowqostf -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 9099c98de3cb8fc125dd9952373de42c079b0ccc -# timestamp: 2017-07-01 07:45:05 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20170629125627-\ -# socq6szqysvm9ifa -# -# Begin patch -=== modified file 'src/squid.8.in' ---- src/squid.8.in 2017-01-01 00:16:45 +0000 -+++ src/squid.8.in 2017-07-01 07:35:14 +0000 -@@ -265,11 +265,11 @@ - .SH SEE ALSO - .if !'po4a'hide' .B cachemgr.cgi "(8), " - .if !'po4a'hide' .B squidclient "(1), " --.if !'po4a'hide' .B pam_auth "(8), " --.if !'po4a'hide' .B squid_ldap_auth "(8), " --.if !'po4a'hide' .B squid_ldap_group "(8), " -+.if !'po4a'hide' .B basic_pam_auth "(8), " -+.if !'po4a'hide' .B basic_ldap_auth "(8), " -+.if !'po4a'hide' .B ext_ldap_group_acl "(8), " - .if !'po4a'hide' .B ext_session_acl "(8), " --.if !'po4a'hide' .B squid_unix_group "(8), " -+.if !'po4a'hide' .B ext_unix_group_acl "(8), " - .br - The Squid FAQ wiki - .if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq - diff --git a/src/patches/squid/squid-3.5-14177.patch b/src/patches/squid/squid-3.5-14177.patch deleted file mode 100644 index c9920ad..0000000 --- a/src/patches/squid/squid-3.5-14177.patch +++ /dev/null @@ -1,52 +0,0 @@ ------------------------------------------------------------- -revno: 14177 -revision-id: squid3@treenet.co.nz-20170701073754-4x1i6p5s1gzk73co -parent: squid3@treenet.co.nz-20170701073514-uzowexcysowqostf -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sat 2017-07-01 19:37:54 +1200 -message: - basic_ncsa_auth: fix hash listing wrap in man(8) page - - '*' list bullet points must be indented with whitespace. - If they are not the list is treated as a single wrapped paragraph. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20170701073754-4x1i6p5s1gzk73co -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: ffd783ab19a438c56affcdc6c1d106fa00403f4f -# timestamp: 2017-07-01 07:45:09 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20170701073514-\ -# uzowexcysowqostf -# -# Begin patch -=== modified file 'helpers/basic_auth/NCSA/basic_ncsa_auth.8' ---- helpers/basic_auth/NCSA/basic_ncsa_auth.8 2017-01-01 00:16:45 +0000 -+++ helpers/basic_auth/NCSA/basic_ncsa_auth.8 2017-07-01 07:37:54 +0000 -@@ -18,15 +18,15 @@ - .PP - This authenticator accepts: - .BR --* Blowfish - for passwords 72 characters or less in length --.BR --* SHA256 - with salting and magic strings --.BR --* SHA512 - with salting and magic strings --.BR --* MD5 - with optional salt and magic strings --.BR --* DES - for passwords 8 characters or less in length -+ * Blowfish - for passwords 72 characters or less in length. -+.BR -+ * SHA256 - with salting and magic strings. -+.BR -+ * SHA512 - with salting and magic strings. -+.BR -+ * MD5 - with optional salt and magic strings. -+.BR -+ * DES - for passwords 8 characters or less in length. - . - NOTE: Blowfish and SHA algorithms require system-specific support. - . - diff --git a/src/patches/squid/squid-3.5-14178.patch b/src/patches/squid/squid-3.5-14178.patch deleted file mode 100644 index 1a95150..0000000 --- a/src/patches/squid/squid-3.5-14178.patch +++ /dev/null @@ -1,36 +0,0 @@ ------------------------------------------------------------- -revno: 14178 -revision-id: squid3@treenet.co.nz-20170701081116-xekwolj1wdkeaxqv -parent: squid3@treenet.co.nz-20170701073754-4x1i6p5s1gzk73co -author: Alex Rousskov rousskov@measurement-factory.com -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sat 2017-07-01 20:11:16 +1200 -message: - Fix message packing error handling in mgr and snmp SMP Forwarders. - - A missing "return" resulted in Forwarders sending garbage (or worse) to - Coordinator. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20170701081116-xekwolj1wdkeaxqv -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: a593abc992a79d4539dede76b4f63e013f96d33a -# timestamp: 2017-07-01 08:51:30 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20170701073754-\ -# 4x1i6p5s1gzk73co -# -# Begin patch -=== modified file 'src/ipc/Forwarder.cc' ---- src/ipc/Forwarder.cc 2017-01-01 00:16:45 +0000 -+++ src/ipc/Forwarder.cc 2017-07-01 08:11:16 +0000 -@@ -62,6 +62,7 @@ - // assume the pack() call failed because the message did not fit - // TODO: add a more specific exception? - handleError(); -+ return; - } - - SendMessage(Ipc::Port::CoordinatorAddr(), message); - diff --git a/src/patches/squid/squid-3.5-14179.patch b/src/patches/squid/squid-3.5-14179.patch deleted file mode 100644 index 112bdb0..0000000 --- a/src/patches/squid/squid-3.5-14179.patch +++ /dev/null @@ -1,105 +0,0 @@ ------------------------------------------------------------- -revno: 14179 -revision-id: squid3@treenet.co.nz-20170701095916-wknqmneq2w0mxt6a -parent: squid3@treenet.co.nz-20170701081116-xekwolj1wdkeaxqv -author: Alex Rousskov rousskov@measurement-factory.com -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sat 2017-07-01 21:59:16 +1200 -message: - Fix mgr query handoff from the original recipient to Coordinator. - - This bug has already been fixed once, in trunk r11164.1.61, but that fix - was accidentally undone shortly after, during significant cross-branch - merging activity combined with the Forwarder class split. The final - merge importing the associated code (trunk r11730) was buggy. - - The bug (explained in r11164.1.61) leads to a race condition between - - * Store notifying Server classes about the entry completion (which might - trigger a bogus error message sent to the cache manager client while - Coordinator sends its own valid response on the same connection!) and - - * post-cleanup() connection closure handlers of Server classes silently - closing everything (and leaving Coordinator the only responding - process on that shared connection). - - The bug probably was not noticed for so long because, evidently, the - latter actions tend to win in the current code. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20170701095916-wknqmneq2w0mxt6a -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: c7e89c80468c7f388f7e09ad2d68a245789db50d -# timestamp: 2017-07-01 10:51:12 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20170701081116-\ -# xekwolj1wdkeaxqv -# -# Begin patch -=== modified file 'src/ipc/Forwarder.h' ---- src/ipc/Forwarder.h 2017-01-01 00:16:45 +0000 -+++ src/ipc/Forwarder.h 2017-07-01 09:59:16 +0000 -@@ -47,12 +47,14 @@ - virtual void handleError(); - virtual void handleTimeout(); - virtual void handleException(const std::exception& e); -- virtual void handleRemoteAck(); - - private: - static void RequestTimedOut(void* param); - void requestTimedOut(); - void removeTimeoutEvent(); -+ -+ void handleRemoteAck(); -+ - static AsyncCall::Pointer DequeueRequest(unsigned int requestId); - - protected: - -=== modified file 'src/mgr/Forwarder.cc' ---- src/mgr/Forwarder.cc 2017-01-01 00:16:45 +0000 -+++ src/mgr/Forwarder.cc 2017-07-01 09:59:16 +0000 -@@ -102,17 +102,6 @@ - mustStop("commClosed"); - } - --/// called when Coordinator starts processing the request --void --Mgr::Forwarder::handleRemoteAck() --{ -- Ipc::Forwarder::handleRemoteAck(); -- -- Must(entry != NULL); -- EBIT_CLR(entry->flags, ENTRY_FWD_HDR_WAIT); -- entry->complete(); --} -- - /// send error page - void - Mgr::Forwarder::sendError(ErrorState *error) - -=== modified file 'src/mgr/Forwarder.h' ---- src/mgr/Forwarder.h 2017-01-01 00:16:45 +0000 -+++ src/mgr/Forwarder.h 2017-07-01 09:59:16 +0000 -@@ -40,7 +40,6 @@ - virtual void handleError(); - virtual void handleTimeout(); - virtual void handleException(const std::exception& e); -- virtual void handleRemoteAck(); - - private: - void noteCommClosed(const CommCloseCbParams& params); - -=== modified file 'src/tests/stub_libmgr.cc' ---- src/tests/stub_libmgr.cc 2017-01-01 00:16:45 +0000 -+++ src/tests/stub_libmgr.cc 2017-07-01 09:59:16 +0000 -@@ -100,7 +100,6 @@ - void Mgr::Forwarder::handleError() STUB - void Mgr::Forwarder::handleTimeout() STUB - void Mgr::Forwarder::handleException(const std::exception& e) STUB --void Mgr::Forwarder::handleRemoteAck() STUB - - #include "mgr/FunAction.h" - Mgr::Action::Pointer Mgr::FunAction::Create(const CommandPointer &cmd, OBJH *aHandler) STUB_RETVAL(dummyAction) - diff --git a/src/patches/squid/squid-3.5-14180.patch b/src/patches/squid/squid-3.5-14180.patch deleted file mode 100644 index 01d11cd..0000000 --- a/src/patches/squid/squid-3.5-14180.patch +++ /dev/null @@ -1,448 +0,0 @@ ------------------------------------------------------------- -revno: 14180 -revision-id: squid3@treenet.co.nz-20170701120848-q2xznzfvxb4kwvb6 -parent: squid3@treenet.co.nz-20170701095916-wknqmneq2w0mxt6a -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4464 -author: Christos Tsantilas chtsanti@users.sourceforge.net -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sun 2017-07-02 00:08:48 +1200 -message: - Bug 4464: Reduce "!Comm::MonitorsRead(serverConnection->fd)" assertions. - - * Protect Squid Client classes from new requests that compete with - ongoing pinned connection use and - * resume dealing with new requests when those Client classes are done - using the pinned connection. - - Replaced primary ConnStateData::pinConnection() calls with a pair of - pinBusyConnection() and notePinnedConnectionBecameIdle() calls, - depending on the pinned connection state ("busy" or "idle"). - - Removed pinConnection() parameters that were not longer used or could be computed from the remaining parameters. - - Removed ConnStateData::httpsPeeked() code "hiding" the originating - request and connection peer details while entering the first "idle" - state. The old (trunk r11880.1.6) bump-server-first code used a pair of - NULLs because "Intercepted connections do not have requests at the - connection pinning stage", but that limitation no longer applicable - because Squid always fakes (when intercepting) or parses (a CONNECT) - request now, even during SslBump step1. - - The added XXX and TODOs are not directly related to this fix. They - were added to document problems discovered while working on this fix. - - In v3.5 code, the same problems manifest as Read.cc - "fd_table[conn->fd].halfClosedReader != NULL" assertions. - - This is a Measurement Factory project ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20170701120848-q2xznzfvxb4kwvb6 -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: e4f432eed8a845431d4bbbf023de04d682adeaff -# timestamp: 2017-07-01 12:32:26 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20170701095916-\ -# wknqmneq2w0mxt6a -# -# Begin patch -=== modified file 'src/FwdState.cc' ---- src/FwdState.cc 2017-01-01 00:16:45 +0000 -+++ src/FwdState.cc 2017-07-01 12:08:48 +0000 -@@ -246,7 +246,7 @@ - #if USE_OPENSSL - if (request->flags.sslPeek && request->clientConnectionManager.valid()) { - CallJobHere1(17, 4, request->clientConnectionManager, ConnStateData, -- ConnStateData::httpsPeeked, Comm::ConnectionPointer(NULL)); -+ ConnStateData::httpsPeeked, ConnStateData::PinnedIdleContext(Comm::ConnectionPointer(nullptr), request)); - } - #endif - } else { -@@ -952,7 +952,7 @@ - #if USE_OPENSSL - if (request->flags.sslPeek) { - CallJobHere1(17, 4, request->clientConnectionManager, ConnStateData, -- ConnStateData::httpsPeeked, serverConnection()); -+ ConnStateData::httpsPeeked, ConnStateData::PinnedIdleContext(serverConnection(), request)); - unregister(serverConn); // async call owns it now - complete(); // destroys us - return; - -=== modified file 'src/base/RefCount.h' ---- src/base/RefCount.h 2017-01-01 00:16:45 +0000 -+++ src/base/RefCount.h 2017-07-01 12:08:48 +0000 -@@ -54,9 +54,7 @@ - - C & operator * () const {return *const_cast<C *>(p_); } - -- C const * getRaw() const {return p_; } -- -- C * getRaw() {return const_cast<C *>(p_); } -+ C * getRaw() const { return const_cast<C *>(p_); } - - bool operator == (const RefCount& p) const { - return p.p_ == p_; - -=== modified file 'src/client_side.cc' ---- src/client_side.cc 2017-05-29 13:15:55 +0000 -+++ src/client_side.cc 2017-07-01 12:08:48 +0000 -@@ -836,6 +836,7 @@ - assert(areAllContextsForThisConnection()); - freeAllContexts(); - -+ // XXX: Closing pinned conn is too harsh: The Client may want to continue! - unpinConnection(true); - - if (Comm::IsConnOpen(clientConnection)) -@@ -1559,6 +1560,13 @@ - - debugs(33, 3, HERE << "ConnnStateData(" << conn->clientConnection << "), Context(" << clientConnection << ")"); - connIsFinished(); -+ conn->kick(); -+} -+ -+void -+ConnStateData::kick() -+{ -+ ConnStateData * conn = this; // XXX: Remove this diff minimization hack - - if (conn->pinning.pinned && !Comm::IsConnOpen(conn->pinning.serverConnection)) { - debugs(33, 2, HERE << conn->clientConnection << " Connection was pinned but server side gone. Terminating client connection"); -@@ -3240,6 +3248,13 @@ - if (in.buf.isEmpty()) - break; - -+ // Prohibit concurrent requests when using a pinned to-server connection -+ // because our Client classes do not support request pipelining. -+ if (pinning.pinned && !pinning.readHandler) { -+ debugs(33, 3, clientConnection << " waits for busy " << pinning.serverConnection); -+ break; -+ } -+ - /* Limit the number of concurrent requests */ - if (concurrentRequestQueueFilled()) - break; -@@ -4434,22 +4449,19 @@ - } - - void --ConnStateData::httpsPeeked(Comm::ConnectionPointer serverConnection) -+ConnStateData::httpsPeeked(PinnedIdleContext pic) - { - Must(sslServerBump != NULL); -+ Must(sslServerBump->request == pic.request); -+ Must(currentobject == NULL || currentobject->http == NULL || currentobject->http->request == pic.request.getRaw()); - -- if (Comm::IsConnOpen(serverConnection)) { -- pinConnection(serverConnection, NULL, NULL, false); -+ if (Comm::IsConnOpen(pic.connection)) { -+ notePinnedConnectionBecameIdle(pic); - - debugs(33, 5, HERE << "bumped HTTPS server: " << sslConnectHostOrIp); -- } else { -+ } else - debugs(33, 5, HERE << "Error while bumping: " << sslConnectHostOrIp); - -- // copy error detail from bump-server-first request to CONNECT request -- if (currentobject != NULL && currentobject->http != NULL && currentobject->http->request) -- currentobject->http->request->detailError(sslServerBump->request->errType, sslServerBump->request->errDetail); -- } -- - getSslContextStart(); - } - -@@ -4952,19 +4964,35 @@ - } - - void --ConnStateData::pinConnection(const Comm::ConnectionPointer &pinServer, HttpRequest *request, CachePeer *aPeer, bool auth, bool monitor) --{ -- if (!Comm::IsConnOpen(pinning.serverConnection) || -- pinning.serverConnection->fd != pinServer->fd) -- pinNewConnection(pinServer, request, aPeer, auth); -- -- if (monitor) -- startPinnedConnectionMonitoring(); --} -- --void --ConnStateData::pinNewConnection(const Comm::ConnectionPointer &pinServer, HttpRequest *request, CachePeer *aPeer, bool auth) --{ -+ConnStateData::pinBusyConnection(const Comm::ConnectionPointer &pinServer, const HttpRequest::Pointer &request) -+{ -+ pinConnection(pinServer, request); -+} -+ -+void -+ConnStateData::notePinnedConnectionBecameIdle(PinnedIdleContext pic) -+{ -+ Must(pic.connection != NULL); -+ Must(pic.request != NULL); -+ pinConnection(pic.connection, pic.request); -+ -+ // monitor pinned server connection for remote-end closures. -+ startPinnedConnectionMonitoring(); -+ -+ if (!currentobject) -+ kick(); // in case clientParseRequests() was blocked by a busy pic.connection -+} -+ -+/// Forward future client requests using the given server connection. -+void -+ConnStateData::pinConnection(const Comm::ConnectionPointer &pinServer, const HttpRequest::Pointer &request) -+{ -+ if (Comm::IsConnOpen(pinning.serverConnection) && -+ pinning.serverConnection->fd == pinServer->fd) { -+ debugs(33, 3, "already pinned" << pinServer); -+ return; -+ } -+ - unpinConnection(true); // closes pinned connection, if any, and resets fields - - pinning.serverConnection = pinServer; -@@ -4973,23 +5001,21 @@ - - Must(pinning.serverConnection != NULL); - -- // when pinning an SSL bumped connection, the request may be NULL - const char *pinnedHost = "[unknown]"; -- if (request) { -+ if (request != NULL) { - pinning.host = xstrdup(request->GetHost()); - pinning.port = request->port; - pinnedHost = pinning.host; -+ pinning.auth = request->flags.connectionAuth; - } else { - pinning.port = pinServer->remote.port(); - } - pinning.pinned = true; -- if (aPeer) -- pinning.peer = cbdataReference(aPeer); -- pinning.auth = auth; -+ pinning.peer = cbdataReference(pinServer->getPeer()); - char stmp[MAX_IPSTRLEN]; - char desc[FD_DESC_SZ]; - snprintf(desc, FD_DESC_SZ, "%s pinned connection for %s (%d)", -- (auth || !aPeer) ? pinnedHost : aPeer->name, -+ (pinning.auth || !pinning.peer) ? pinnedHost : pinning.peer->name, - clientConnection->remote.toUrl(stmp,MAX_IPSTRLEN), - clientConnection->fd); - fd_note(pinning.serverConnection->fd, desc); -@@ -5164,3 +5190,8 @@ - * connection has gone away */ - } - -+std::ostream & -+operator <<(std::ostream &os, const ConnStateData::PinnedIdleContext &pic) -+{ -+ return os << pic.connection << ", request=" << pic.request; -+} - -=== modified file 'src/client_side.h' ---- src/client_side.h 2017-01-01 00:16:45 +0000 -+++ src/client_side.h 2017-07-01 12:08:48 +0000 -@@ -26,6 +26,8 @@ - #include "ssl/support.h" - #endif - -+#include <iosfwd> -+ - class ConnStateData; - class ClientHttpRequest; - class clientStreamNode; -@@ -188,6 +190,11 @@ - /// Traffic parsing - bool clientParseRequests(); - void readNextRequest(); -+ -+ // In v3.5, usually called via ClientSocketContext::keepaliveNextRequest(). -+ /// try to make progress on a transaction or read more I/O -+ void kick(); -+ - ClientSocketContext::Pointer getCurrentContext() const; - void addContextToQueue(ClientSocketContext * context); - int getConcurrentRequestCount() const; -@@ -287,9 +294,21 @@ - bool handleReadData(); - bool handleRequestBodyData(); - -- /// Forward future client requests using the given server connection. -- /// Optionally, monitor pinned server connection for remote-end closures. -- void pinConnection(const Comm::ConnectionPointer &pinServerConn, HttpRequest *request, CachePeer *peer, bool auth, bool monitor = true); -+ /// parameters for the async notePinnedConnectionBecameIdle() call -+ class PinnedIdleContext -+ { -+ public: -+ PinnedIdleContext(const Comm::ConnectionPointer &conn, const HttpRequest::Pointer &req): connection(conn), request(req) {} -+ -+ Comm::ConnectionPointer connection; ///< to-server connection to be pinned -+ HttpRequest::Pointer request; ///< to-server request that initiated serverConnection -+ }; -+ -+ /// Called when a pinned connection becomes available for forwarding the next request. -+ void notePinnedConnectionBecameIdle(PinnedIdleContext pic); -+ /// Forward future client requests using the given to-server connection. -+ /// The connection is still being used by the current client request. -+ void pinBusyConnection(const Comm::ConnectionPointer &pinServerConn, const HttpRequest::Pointer &request); - /// Undo pinConnection() and, optionally, close the pinned connection. - void unpinConnection(const bool andClose); - /// Returns validated pinnned server connection (and stops its monitoring). -@@ -345,7 +364,7 @@ - /// generated - void doPeekAndSpliceStep(); - /// called by FwdState when it is done bumping the server -- void httpsPeeked(Comm::ConnectionPointer serverConnection); -+ void httpsPeeked(PinnedIdleContext pic); - - /// Start to create dynamic SSL_CTX for host or uses static port SSL context. - void getSslContextStart(); -@@ -449,7 +468,7 @@ - void clientAfterReadingRequests(); - bool concurrentRequestQueueFilled() const; - -- void pinNewConnection(const Comm::ConnectionPointer &pinServer, HttpRequest *request, CachePeer *aPeer, bool auth); -+ void pinConnection(const Comm::ConnectionPointer &pinServerConn, const HttpRequest::Pointer &request); - - /* PROXY protocol functionality */ - bool proxyProtocolValidateClient(); -@@ -516,5 +535,7 @@ - void clientProcessRequest(ConnStateData *conn, HttpParser *hp, ClientSocketContext *context, const HttpRequestMethod& method, Http::ProtocolVersion http_ver); - void clientPostHttpsAccept(ConnStateData *connState); - -+std::ostream &operator <<(std::ostream &os, const ConnStateData::PinnedIdleContext &pic); -+ - #endif /* SQUID_CLIENTSIDE_H */ - - -=== modified file 'src/clients/FtpRelay.cc' ---- src/clients/FtpRelay.cc 2017-01-01 00:16:45 +0000 -+++ src/clients/FtpRelay.cc 2017-07-01 12:08:48 +0000 -@@ -210,9 +210,10 @@ - mgr->unpinConnection(false); - ctrl.close(); - } else { -- mgr->pinConnection(ctrl.conn, fwd->request, -- ctrl.conn->getPeer(), -- fwd->request->flags.connectionAuth); -+ CallJobHere1(9, 4, mgr, -+ ConnStateData, -+ notePinnedConnectionBecameIdle, -+ ConnStateData::PinnedIdleContext(ctrl.conn, fwd->request)); - ctrl.forget(); - } - } - -=== modified file 'src/http.cc' ---- src/http.cc 2017-06-15 00:16:33 +0000 -+++ src/http.cc 2017-07-01 12:08:48 +0000 -@@ -1383,9 +1383,6 @@ - void - HttpStateData::processReplyBody() - { -- Ip::Address client_addr; -- bool ispinned = false; -- - if (!flags.headers_parsed) { - flags.do_next_read = true; - maybeReadVirginBody(); -@@ -1435,35 +1432,49 @@ - } - break; - -- case COMPLETE_PERSISTENT_MSG: -+ case COMPLETE_PERSISTENT_MSG: { - debugs(11, 5, "processReplyBody: COMPLETE_PERSISTENT_MSG from " << serverConnection); -- /* yes we have to clear all these! */ -+ -+ // TODO: Remove serverConnectionSaved but preserve exception safety. -+ - commUnsetConnTimeout(serverConnection); - flags.do_next_read = false; - - comm_remove_close_handler(serverConnection->fd, closeHandler); - closeHandler = NULL; -- fwd->unregister(serverConnection); - -+ Ip::Address client_addr; // XXX: Remove as unused. Why was it added? - if (request->flags.spoofClientIp) - client_addr = request->client_addr; - -+ Comm::ConnectionPointer serverConnectionSaved = serverConnection; -+ fwd->unregister(serverConnection); -+ serverConnection = nullptr; -+ -+ bool ispinned = false; // TODO: Rename to isOrShouldBePinned - if (request->flags.pinned) { - ispinned = true; - } else if (request->flags.connectionAuth && request->flags.authSent) { - ispinned = true; - } - -- if (ispinned && request->clientConnectionManager.valid()) { -- request->clientConnectionManager->pinConnection(serverConnection, request, _peer, -- (request->flags.connectionAuth)); -+ if (ispinned) { -+ if (request->clientConnectionManager.valid()) { -+ CallJobHere1(11, 4, request->clientConnectionManager, -+ ConnStateData, -+ notePinnedConnectionBecameIdle, -+ ConnStateData::PinnedIdleContext(serverConnectionSaved, request)); -+ } else { -+ // must not pool/share ispinned connections, even orphaned ones -+ serverConnectionSaved->close(); -+ } - } else { -- fwd->pconnPush(serverConnection, request->GetHost()); -+ fwd->pconnPush(serverConnectionSaved, request->GetHost()); - } - -- serverConnection = NULL; - serverComplete(); - return; -+ } - - case COMPLETE_NONPERSISTENT_MSG: - debugs(11, 5, "processReplyBody: COMPLETE_NONPERSISTENT_MSG from " << serverConnection); - -=== modified file 'src/servers/FtpServer.cc' ---- src/servers/FtpServer.cc 2017-02-26 11:09:42 +0000 -+++ src/servers/FtpServer.cc 2017-07-01 12:08:48 +0000 -@@ -301,12 +301,8 @@ - Must(http != NULL); - HttpRequest *const request = http->request; - Must(request != NULL); -- -- // this is not an idle connection, so we do not want I/O monitoring -- const bool monitor = false; -- - // make FTP peer connection exclusive to our request -- pinConnection(conn, request, conn->getPeer(), false, monitor); -+ pinBusyConnection(conn, request); - } - - void - -=== modified file 'src/tests/stub_client_side.cc' ---- src/tests/stub_client_side.cc 2017-01-01 00:16:45 +0000 -+++ src/tests/stub_client_side.cc 2017-07-01 12:08:48 +0000 -@@ -60,7 +60,8 @@ - void ConnStateData::noteBodyConsumerAborted(BodyPipe::Pointer) STUB - bool ConnStateData::handleReadData() STUB_RETVAL(false) - bool ConnStateData::handleRequestBodyData() STUB_RETVAL(false) --void ConnStateData::pinConnection(const Comm::ConnectionPointer &pinServerConn, HttpRequest *request, CachePeer *peer, bool auth, bool monitor) STUB -+void ConnStateData::pinBusyConnection(const Comm::ConnectionPointer &, const HttpRequest::Pointer &) STUB -+void ConnStateData::notePinnedConnectionBecameIdle(PinnedIdleContext) STUB - void ConnStateData::unpinConnection(const bool andClose) STUB - const Comm::ConnectionPointer ConnStateData::validatePinnedConnection(HttpRequest *request, const CachePeer *peer) STUB_RETVAL(NULL) - void ConnStateData::clientPinnedConnectionClosed(const CommCloseCbParams &io) STUB -@@ -70,7 +71,7 @@ - void ConnStateData::swanSong() STUB - void ConnStateData::quitAfterError(HttpRequest *request) STUB - #if USE_OPENSSL --void ConnStateData::httpsPeeked(Comm::ConnectionPointer serverConnection) STUB -+void ConnStateData::httpsPeeked(PinnedIdleContext) STUB - void ConnStateData::getSslContextStart() STUB - void ConnStateData::getSslContextDone(SSL_CTX * sslContext, bool isNew) STUB - void ConnStateData::sslCrtdHandleReplyWrapper(void *data, const Helper::Reply &reply) STUB - diff --git a/src/patches/squid/squid-3.5-14181.patch b/src/patches/squid/squid-3.5-14181.patch deleted file mode 100644 index 4516d60..0000000 --- a/src/patches/squid/squid-3.5-14181.patch +++ /dev/null @@ -1,30 +0,0 @@ ------------------------------------------------------------- -revno: 14181 -revision-id: squidadm@squid-cache.org-20170701121615-ktx76udds2mzmc6c -parent: squid3@treenet.co.nz-20170701120848-q2xznzfvxb4kwvb6 -committer: Source Maintenance squidadm@squid-cache.org -branch nick: 3.5 -timestamp: Sat 2017-07-01 12:16:15 +0000 -message: - SourceFormat Enforcement ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squidadm@squid-cache.org-20170701121615-\ -# ktx76udds2mzmc6c -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: d7942d1260def31f62ccc820a44bb769381beae2 -# timestamp: 2017-07-01 12:32:29 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20170701120848-\ -# q2xznzfvxb4kwvb6 -# -# Begin patch -=== modified file 'src/client_side.cc' ---- src/client_side.cc 2017-07-01 12:08:48 +0000 -+++ src/client_side.cc 2017-07-01 12:16:15 +0000 -@@ -5195,3 +5195,4 @@ - { - return os << pic.connection << ", request=" << pic.request; - } -+ - diff --git a/src/patches/squid/squid-3.5-14182.patch b/src/patches/squid/squid-3.5-14182.patch deleted file mode 100644 index 3354881..0000000 --- a/src/patches/squid/squid-3.5-14182.patch +++ /dev/null @@ -1,35 +0,0 @@ ------------------------------------------------------------- -revno: 14182 -revision-id: squid3@treenet.co.nz-20170701232253-3beaysa03xf5c67p -parent: squidadm@squid-cache.org-20170701121615-ktx76udds2mzmc6c -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sun 2017-07-02 11:22:53 +1200 -message: - Fix build on FreeBSD after rev.14180 - - RefCount<> does not support assignment from nullptr with C++03 ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20170701232253-3beaysa03xf5c67p -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: d5ecf68c60c022783f69311e9049e546be8fa1a0 -# timestamp: 2017-07-01 23:50:58 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squidadm@squid-cache.org-20170701121615-\ -# ktx76udds2mzmc6c -# -# Begin patch -=== modified file 'src/http.cc' ---- src/http.cc 2017-07-01 12:08:48 +0000 -+++ src/http.cc 2017-07-01 23:22:53 +0000 -@@ -1449,7 +1449,7 @@ - - Comm::ConnectionPointer serverConnectionSaved = serverConnection; - fwd->unregister(serverConnection); -- serverConnection = nullptr; -+ serverConnection = NULL; - - bool ispinned = false; // TODO: Rename to isOrShouldBePinned - if (request->flags.pinned) { -
hooks/post-receive -- IPFire 2.x development tree