This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via a1bc7f3ab9e9b001b5e2d2ee92165bb49623f55f (commit) via 3c22a549ab7937c34d0adfcfa02307ead4ed6685 (commit) from c2adb460d66b2d7813bcda533960c9f4c7e89fb2 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit a1bc7f3ab9e9b001b5e2d2ee92165bb49623f55f Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Dec 17 14:11:53 2016 +0100
squid: Update to 3.5.23
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 3c22a549ab7937c34d0adfcfa02307ead4ed6685 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Dec 16 08:41:32 2016 +0100
squid 3.5.22: latest patches (14123-14126)
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: lfs/squid | 30 +--- ...=> squid-3.5.23-fix-max-file-descriptors.patch} | 0 src/patches/squid/squid-3.5-14099.patch | 65 ------- src/patches/squid/squid-3.5-14100.patch | 39 ---- src/patches/squid/squid-3.5-14101.patch | 59 ------ src/patches/squid/squid-3.5-14102.patch | 38 ---- src/patches/squid/squid-3.5-14103.patch | 61 ------- src/patches/squid/squid-3.5-14104.patch | 66 ------- src/patches/squid/squid-3.5-14105.patch | 48 ----- src/patches/squid/squid-3.5-14106.patch | 34 ---- src/patches/squid/squid-3.5-14107.patch | 56 ------ src/patches/squid/squid-3.5-14108.patch | 33 ---- src/patches/squid/squid-3.5-14109.patch | 167 ----------------- src/patches/squid/squid-3.5-14110.patch | 102 ----------- src/patches/squid/squid-3.5-14111.patch | 43 ----- src/patches/squid/squid-3.5-14112.patch | 60 ------- src/patches/squid/squid-3.5-14113.patch | 47 ----- src/patches/squid/squid-3.5-14114.patch | 46 ----- src/patches/squid/squid-3.5-14115.patch | 197 --------------------- src/patches/squid/squid-3.5-14116.patch | 38 ---- src/patches/squid/squid-3.5-14117.patch | 152 ---------------- src/patches/squid/squid-3.5-14118.patch | 55 ------ src/patches/squid/squid-3.5-14119.patch | 184 ------------------- src/patches/squid/squid-3.5-14120.patch | 62 ------- src/patches/squid/squid-3.5-14121.patch | 36 ---- src/patches/squid/squid-3.5-14122.patch | 34 ---- 26 files changed, 3 insertions(+), 1749 deletions(-) rename src/patches/{squid-3.5.22-fix-max-file-descriptors.patch => squid-3.5.23-fix-max-file-descriptors.patch} (100%) delete mode 100644 src/patches/squid/squid-3.5-14099.patch delete mode 100644 src/patches/squid/squid-3.5-14100.patch delete mode 100644 src/patches/squid/squid-3.5-14101.patch delete mode 100644 src/patches/squid/squid-3.5-14102.patch delete mode 100644 src/patches/squid/squid-3.5-14103.patch delete mode 100644 src/patches/squid/squid-3.5-14104.patch delete mode 100644 src/patches/squid/squid-3.5-14105.patch delete mode 100644 src/patches/squid/squid-3.5-14106.patch delete mode 100644 src/patches/squid/squid-3.5-14107.patch delete mode 100644 src/patches/squid/squid-3.5-14108.patch delete mode 100644 src/patches/squid/squid-3.5-14109.patch delete mode 100644 src/patches/squid/squid-3.5-14110.patch delete mode 100644 src/patches/squid/squid-3.5-14111.patch delete mode 100644 src/patches/squid/squid-3.5-14112.patch delete mode 100644 src/patches/squid/squid-3.5-14113.patch delete mode 100644 src/patches/squid/squid-3.5-14114.patch delete mode 100644 src/patches/squid/squid-3.5-14115.patch delete mode 100644 src/patches/squid/squid-3.5-14116.patch delete mode 100644 src/patches/squid/squid-3.5-14117.patch delete mode 100644 src/patches/squid/squid-3.5-14118.patch delete mode 100644 src/patches/squid/squid-3.5-14119.patch delete mode 100644 src/patches/squid/squid-3.5-14120.patch delete mode 100644 src/patches/squid/squid-3.5-14121.patch delete mode 100644 src/patches/squid/squid-3.5-14122.patch
Difference in files: diff --git a/lfs/squid b/lfs/squid index 70d90d8..db02367 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,7 +24,7 @@
include Config
-VER = 3.5.22 +VER = 3.5.23
THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = afb82d2748c06c95815c171463b4aa14 +$(DL_FILE)_MD5 = 9b68f689e3d9578932b9c6a4041037c2
install : $(TARGET)
@@ -70,31 +70,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14099.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14100.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14101.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14102.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14103.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14104.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14105.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14106.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14107.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14108.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14109.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14110.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14111.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14112.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14113.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14114.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14115.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14116.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14117.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14118.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14119.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14120.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14121.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14122.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.22-fix-max-file-descriptors.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.23-fix-max-file-descriptors.patch
cd $(DIR_APP) && autoreconf -vfi cd $(DIR_APP)/libltdl && autoreconf -vfi diff --git a/src/patches/squid-3.5.22-fix-max-file-descriptors.patch b/src/patches/squid-3.5.22-fix-max-file-descriptors.patch deleted file mode 100644 index b740b61..0000000 --- a/src/patches/squid-3.5.22-fix-max-file-descriptors.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- configure.ac.~ Wed Apr 20 14:26:07 2016 -+++ configure.ac Fri Apr 22 17:20:46 2016 -@@ -3135,6 +3135,9 @@ - ;; - esac - -+SQUID_CHECK_DEFAULT_FD_SETSIZE -+SQUID_CHECK_MAXFD -+ - dnl --with-maxfd present for compatibility with Squid-2. - dnl undocumented in ./configure --help to encourage using the Squid-3 directive - AC_ARG_WITH(maxfd,, -@@ -3165,8 +3168,6 @@ - esac - ]) - --SQUID_CHECK_DEFAULT_FD_SETSIZE --SQUID_CHECK_MAXFD - if test "x$squid_filedescriptors_num" != "x"; then - AC_MSG_NOTICE([Default number of fieldescriptors: $squid_filedescriptors_num]) - fi diff --git a/src/patches/squid-3.5.23-fix-max-file-descriptors.patch b/src/patches/squid-3.5.23-fix-max-file-descriptors.patch new file mode 100644 index 0000000..b740b61 --- /dev/null +++ b/src/patches/squid-3.5.23-fix-max-file-descriptors.patch @@ -0,0 +1,21 @@ +--- configure.ac.~ Wed Apr 20 14:26:07 2016 ++++ configure.ac Fri Apr 22 17:20:46 2016 +@@ -3135,6 +3135,9 @@ + ;; + esac + ++SQUID_CHECK_DEFAULT_FD_SETSIZE ++SQUID_CHECK_MAXFD ++ + dnl --with-maxfd present for compatibility with Squid-2. + dnl undocumented in ./configure --help to encourage using the Squid-3 directive + AC_ARG_WITH(maxfd,, +@@ -3165,8 +3168,6 @@ + esac + ]) + +-SQUID_CHECK_DEFAULT_FD_SETSIZE +-SQUID_CHECK_MAXFD + if test "x$squid_filedescriptors_num" != "x"; then + AC_MSG_NOTICE([Default number of fieldescriptors: $squid_filedescriptors_num]) + fi diff --git a/src/patches/squid/squid-3.5-14099.patch b/src/patches/squid/squid-3.5-14099.patch deleted file mode 100644 index 0e10eff..0000000 --- a/src/patches/squid/squid-3.5-14099.patch +++ /dev/null @@ -1,65 +0,0 @@ ------------------------------------------------------------- -revno: 14099 -revision-id: squid3@treenet.co.nz-20161015042024-jagzafukd2t6gcr0 -parent: squid3@treenet.co.nz-20161009195739-pcju9hl8vqwijt26 -author: Alex Rousskov rousskov@measurement-factory.com -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sat 2016-10-15 17:20:24 +1300 -message: - Fix build with eCAP but without ICAP support. - - That is, when ./configured with --enable-ecap --disable-icap-client. - - AccessLogEntry::icap requires ICAP_CLIENT, not just USE_ADAPTATION. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161015042024-jagzafukd2t6gcr0 -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 4cd2e7bf4e2be0acd252963afc107537b17450fc -# timestamp: 2016-10-15 04:52:07 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161009195739-\ -# pcju9hl8vqwijt26 -# -# Begin patch -=== modified file 'src/format/Format.cc' ---- src/format/Format.cc 2016-09-16 11:53:28 +0000 -+++ src/format/Format.cc 2016-10-15 04:20:24 +0000 -@@ -318,7 +318,7 @@ - actualReplyHeader(const AccessLogEntry::Pointer &al) - { - const HttpMsg *msg = al->reply; --#if USE_ADAPTATION -+#if ICAP_CLIENT - // al->icap.reqMethod is methodNone in access.log context - if (!msg && al->icap.reqMethod == Adaptation::methodReqmod) - msg = al->adapted_request; -@@ -331,7 +331,7 @@ - static const HttpMsg * - actualRequestHeader(const AccessLogEntry::Pointer &al) - { --#if USE_ADAPTATION -+#if ICAP_CLIENT - // al->icap.reqMethod is methodNone in access.log context - if (al->icap.reqMethod == Adaptation::methodRespmod) { - // XXX: for now AccessLogEntry lacks virgin response headers -@@ -819,7 +819,7 @@ - break; - - case LFT_REQUEST_ALL_HEADERS: --#if USE_ADAPTATION -+#if ICAP_CLIENT - if (al->icap.reqMethod == Adaptation::methodRespmod) { - // XXX: since AccessLogEntry::Headers lacks virgin response - // headers, do nothing for now -@@ -843,7 +843,7 @@ - - case LFT_REPLY_ALL_HEADERS: - out = al->headers.reply; --#if USE_ADAPTATION -+#if ICAP_CLIENT - if (!out && al->icap.reqMethod == Adaptation::methodReqmod) - out = al->headers.adapted_request; - #endif - diff --git a/src/patches/squid/squid-3.5-14100.patch b/src/patches/squid/squid-3.5-14100.patch deleted file mode 100644 index 7e5335a..0000000 --- a/src/patches/squid/squid-3.5-14100.patch +++ /dev/null @@ -1,39 +0,0 @@ ------------------------------------------------------------- -revno: 14100 -revision-id: squid3@treenet.co.nz-20161025081949-3sxzd0n4snmadlke -parent: squid3@treenet.co.nz-20161015042024-jagzafukd2t6gcr0 -author: Christos Tsantilas chtsanti@users.sourceforge.net -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Tue 2016-10-25 21:19:49 +1300 -message: - Fix regression bug introduced by r14089. - - Squid crashed because HttpMsg::body_pipe was used without check that it - was initialized. The message lacks body pipe when it has no body or - empty body. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161025081949-3sxzd0n4snmadlke -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 50468130801fc3ebf75129c103bcfe4be9b6d4b7 -# timestamp: 2016-10-25 08:28:30 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161015042024-\ -# jagzafukd2t6gcr0 -# -# Begin patch -=== modified file 'src/adaptation/icap/ModXact.cc' ---- src/adaptation/icap/ModXact.cc 2016-09-16 18:50:04 +0000 -+++ src/adaptation/icap/ModXact.cc 2016-10-25 08:19:49 +0000 -@@ -1303,7 +1303,8 @@ - virgin_msg = virgin_request_; - assert(virgin_msg != virgin.cause); - al.http.clientRequestSz.header = virgin_msg->hdr_sz; -- al.http.clientRequestSz.payloadData = virgin_msg->body_pipe->producedSize(); -+ if (virgin_msg->body_pipe != NULL) -+ al.http.clientRequestSz.payloadData = virgin_msg->body_pipe->producedSize(); - - // leave al.icap.bodyBytesRead negative if no body - if (replyHttpHeaderSize >= 0 || replyHttpBodySize >= 0) { - diff --git a/src/patches/squid/squid-3.5-14101.patch b/src/patches/squid/squid-3.5-14101.patch deleted file mode 100644 index 92ff4d4..0000000 --- a/src/patches/squid/squid-3.5-14101.patch +++ /dev/null @@ -1,59 +0,0 @@ ------------------------------------------------------------- -revno: 14101 -revision-id: squid3@treenet.co.nz-20161025082349-4gds2nic8qcahkem -parent: squid3@treenet.co.nz-20161025081949-3sxzd0n4snmadlke -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Tue 2016-10-25 21:23:49 +1300 -message: - Fix external_acl_type default children documentations - - The max children has always been 5, not 20. - - Also, make mgr:config report dumper actually hide only the real default - values. (sync with helper/ChildConfig.cc defaults) ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161025082349-4gds2nic8qcahkem -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 02234eff0589032ea31d911c20f792617eeb18a9 -# timestamp: 2016-10-25 08:28:32 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161025081949-\ -# 3sxzd0n4snmadlke -# -# Begin patch -=== modified file 'src/cf.data.pre' ---- src/cf.data.pre 2016-09-23 15:28:42 +0000 -+++ src/cf.data.pre 2016-10-25 08:23:49 +0000 -@@ -678,7 +678,7 @@ - - children-max=n - Maximum number of acl helper processes spawned to service -- external acl lookups of this type. (default 20) -+ external acl lookups of this type. (default 5) - - children-startup=n - Minimum number of acl helper processes to spawn during - -=== modified file 'src/external_acl.cc' ---- src/external_acl.cc 2016-05-17 18:14:16 +0000 -+++ src/external_acl.cc 2016-10-25 08:23:49 +0000 -@@ -474,13 +474,13 @@ - if (node->children.n_max != DEFAULT_EXTERNAL_ACL_CHILDREN) - storeAppendPrintf(sentry, " children-max=%d", node->children.n_max); - -- if (node->children.n_startup != 1) -+ if (node->children.n_startup != 0) // sync with helper/ChildConfig.cc default - storeAppendPrintf(sentry, " children-startup=%d", node->children.n_startup); - -- if (node->children.n_idle != (node->children.n_max + node->children.n_startup) ) -+ if (node->children.n_idle != 1) // sync with helper/ChildConfig.cc default - storeAppendPrintf(sentry, " children-idle=%d", node->children.n_idle); - -- if (node->children.concurrency) -+ if (node->children.concurrency != 0) - storeAppendPrintf(sentry, " concurrency=%d", node->children.concurrency); - - if (node->cache) - diff --git a/src/patches/squid/squid-3.5-14102.patch b/src/patches/squid/squid-3.5-14102.patch deleted file mode 100644 index f592531..0000000 --- a/src/patches/squid/squid-3.5-14102.patch +++ /dev/null @@ -1,38 +0,0 @@ ------------------------------------------------------------- -revno: 14102 -revision-id: squid3@treenet.co.nz-20161025082530-do632qnr9bwyk5et -parent: squid3@treenet.co.nz-20161025082349-4gds2nic8qcahkem -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4620 -author: Takahiro Kambe taca@back-street.net -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Tue 2016-10-25 21:25:30 +1300 -message: - Bug 4620: NetBSD build error with --enable-ipf-transparent - - On NetBSD sys/param.h must be included before netinet/ip_compat.h ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161025082530-do632qnr9bwyk5et -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: eedfc8764a631aa008fd4aba589ca08ee161c3a5 -# timestamp: 2016-10-25 08:28:35 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161025082349-\ -# 4gds2nic8qcahkem -# -# Begin patch -=== modified file 'src/ip/Intercept.cc' ---- src/ip/Intercept.cc 2016-10-09 00:14:14 +0000 -+++ src/ip/Intercept.cc 2016-10-25 08:25:30 +0000 -@@ -25,6 +25,9 @@ - #define IPFILTER_VERSION 5000004 - #endif - -+#if HAVE_SYS_PARAM_H -+#include <sys/param.h> -+#endif - #if HAVE_SYS_IOCCOM_H - #include <sys/ioccom.h> - #endif - diff --git a/src/patches/squid/squid-3.5-14103.patch b/src/patches/squid/squid-3.5-14103.patch deleted file mode 100644 index 816aa91..0000000 --- a/src/patches/squid/squid-3.5-14103.patch +++ /dev/null @@ -1,61 +0,0 @@ ------------------------------------------------------------- -revno: 14103 -revision-id: squid3@treenet.co.nz-20161029232628-1y2u918re62uqs3v -parent: squid3@treenet.co.nz-20161025082530-do632qnr9bwyk5et -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4627 -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sun 2016-10-30 12:26:28 +1300 -message: - Bug 4627: fix generate-host-certificates and dynamic_cert_mem_cache_size docs - - For Squid-3 the fix is just to update the documentation. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161029232628-1y2u918re62uqs3v -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: ea728cefc977ea5489da01b7a742821121c29476 -# timestamp: 2016-10-29 23:51:13 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161025082530-\ -# do632qnr9bwyk5et -# -# Begin patch -=== modified file 'src/cf.data.pre' ---- src/cf.data.pre 2016-10-25 08:23:49 +0000 -+++ src/cf.data.pre 2016-10-29 23:26:28 +0000 -@@ -1787,13 +1787,12 @@ - certificate equals lifetime of the CA certificate. If - generated certificate is selfsigned lifetime is three - years. -- This option is enabled by default when ssl-bump is used. -- See the ssl-bump option above for more information. -+ This option is disabled by default. See the ssl-bump -+ option above for more information. - - dynamic_cert_mem_cache_size=SIZE - Approximate total RAM size spent on cached generated -- certificates. If set to zero, caching is disabled. The -- default value is 4MB. -+ certificates. If set to zero, caching is disabled. - - TLS / SSL Options: - -@@ -2063,13 +2062,12 @@ - certificate equals lifetime of CA certificate. If - generated certificate is selfsigned lifetime is three - years. -- This option is enabled by default when SslBump is used. -- See the sslBump option above for more information. -+ This option is disabled by default. See the ssl-bump -+ option above for more information. - - dynamic_cert_mem_cache_size=SIZE - Approximate total RAM size spent on cached generated -- certificates. If set to zero, caching is disabled. The -- default value is 4MB. -+ certificates. If set to zero, caching is disabled. - - See http_port for a list of available options. - DOC_END - diff --git a/src/patches/squid/squid-3.5-14104.patch b/src/patches/squid/squid-3.5-14104.patch deleted file mode 100644 index c5d6ed0..0000000 --- a/src/patches/squid/squid-3.5-14104.patch +++ /dev/null @@ -1,66 +0,0 @@ ------------------------------------------------------------- -revno: 14104 -revision-id: squid3@treenet.co.nz-20161030093816-7vwnk5zrrql2p5ks -parent: squid3@treenet.co.nz-20161029232628-1y2u918re62uqs3v -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sun 2016-10-30 22:38:16 +1300 -message: - Copyright: add some missing blurbs and contributor details ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161030093816-7vwnk5zrrql2p5ks -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 8d44709a8f9c34926ce569e58aef82603a3d514b -# timestamp: 2016-10-30 09:40:44 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161029232628-\ -# 1y2u918re62uqs3v -# -# Begin patch -=== modified file 'CONTRIBUTORS' ---- CONTRIBUTORS 2016-01-06 14:27:36 +0000 -+++ CONTRIBUTORS 2016-10-30 09:38:16 +0000 -@@ -211,6 +211,8 @@ - Joe Ramey ramey@jello.csc.ti.com - Joerg Lehrke jlehrke@noc.de - Johnathan Conley johnathan.conley@gmail.com -+ John@MCC.ac.uk -+ John@Pharmweb.NET - John Dilley jad@hpl.hp.com - John M Cooper john.cooper@yourcommunications.co.uk - John Saunders johns@rd.scitec.com.au - -=== modified file 'contrib/url-normalizer.pl' ---- contrib/url-normalizer.pl 1996-12-07 00:54:31 +0000 -+++ contrib/url-normalizer.pl 2016-10-30 09:38:16 +0000 -@@ -1,4 +1,11 @@ - #!/usr/local/bin/perl -Tw -+# -+# * Copyright (C) 1996-2016 The Squid Software Foundation and contributors -+# * -+# * Squid software is distributed under GPLv2+ license and includes -+# * contributions from numerous individuals and organizations. -+# * Please see the COPYING and CONTRIBUTORS files for details. -+# - - # From: Markus Gyger mgyger@itr.ch - # - -=== modified file 'contrib/user-agents.pl' ---- contrib/user-agents.pl 1996-12-07 00:28:56 +0000 -+++ contrib/user-agents.pl 2016-10-30 09:38:16 +0000 -@@ -1,5 +1,13 @@ - #!/usr/bin/perl - # -+# * Copyright (C) 1996-2016 The Squid Software Foundation and contributors -+# * -+# * Squid software is distributed under GPLv2+ license and includes -+# * contributions from numerous individuals and organizations. -+# * Please see the COPYING and CONTRIBUTORS files for details. -+# -+ -+# - # John@MCC.ac.uk - # John@Pharmweb.NET - diff --git a/src/patches/squid/squid-3.5-14105.patch b/src/patches/squid/squid-3.5-14105.patch deleted file mode 100644 index d73dcea..0000000 --- a/src/patches/squid/squid-3.5-14105.patch +++ /dev/null @@ -1,48 +0,0 @@ ------------------------------------------------------------- -revno: 14105 -revision-id: squid3@treenet.co.nz-20161030093920-5f7f2px9ea08rxlq -parent: squid3@treenet.co.nz-20161030093816-7vwnk5zrrql2p5ks -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4567 -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sun 2016-10-30 22:39:20 +1300 -message: - Bug 4567: Strange IPv6 shown in access.log ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161030093920-5f7f2px9ea08rxlq -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 8dbae4e7fc5fb80afc6eee6800743abd1b1eaa47 -# timestamp: 2016-10-30 09:40:47 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161030093816-\ -# 7vwnk5zrrql2p5ks -# -# Begin patch -=== modified file 'src/AccessLogEntry.cc' ---- src/AccessLogEntry.cc 2016-01-01 00:14:27 +0000 -+++ src/AccessLogEntry.cc 2016-10-30 09:39:20 +0000 -@@ -30,14 +30,17 @@ - log_ip = request->indirect_client_addr; - else - #endif -- if (tcpClient != NULL) -+ if (tcpClient) - log_ip = tcpClient->remote; -- else if (cache.caddr.isNoAddr()) { // e.g., ICAP OPTIONS lack client -- strncpy(buf, "-", bufsz); -- return; -- } else -+ else - log_ip = cache.caddr; - -+ // internally generated requests (and some ICAP) lack client IP -+ if (log_ip.isNoAddr()) { -+ strncpy(buf, "-", bufsz); -+ return; -+ } -+ - // Apply so-called 'privacy masking' to IPv4 clients - // - localhost IP is always shown in full - // - IPv4 clients masked with client_netmask - diff --git a/src/patches/squid/squid-3.5-14106.patch b/src/patches/squid/squid-3.5-14106.patch deleted file mode 100644 index cd3f63f..0000000 --- a/src/patches/squid/squid-3.5-14106.patch +++ /dev/null @@ -1,34 +0,0 @@ ------------------------------------------------------------- -revno: 14106 -revision-id: squid3@treenet.co.nz-20161030094025-l4b8fdahoru8h16d -parent: squid3@treenet.co.nz-20161030093920-5f7f2px9ea08rxlq -author: Garri Djavadyan garryd@comnet.uz -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sun 2016-10-30 22:40:25 +1300 -message: - Fix debug message in ACLChecklist::bannedAction() ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161030094025-l4b8fdahoru8h16d -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 4fd7942b294096f5c27e3d460b6d4c79580443e1 -# timestamp: 2016-10-30 09:40:49 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161030093920-\ -# 5f7f2px9ea08rxlq -# -# Begin patch -=== modified file 'src/acl/Checklist.cc' ---- src/acl/Checklist.cc 2016-01-01 00:14:27 +0000 -+++ src/acl/Checklist.cc 2016-10-30 09:40:25 +0000 -@@ -397,7 +397,7 @@ - ACLChecklist::bannedAction(const allow_t &action) const - { - const bool found = std::find(bannedActions_.begin(), bannedActions_.end(), action) != bannedActions_.end(); -- debugs(28, 5, "Action '" << action << "/" << action.kind << (found ? " is " : "is not") << " banned"); -+ debugs(28, 5, "Action '" << action << "/" << action.kind << (found ? "' is " : "' is not") << " banned"); - return found; - } - - diff --git a/src/patches/squid/squid-3.5-14107.patch b/src/patches/squid/squid-3.5-14107.patch deleted file mode 100644 index 34b0ace..0000000 --- a/src/patches/squid/squid-3.5-14107.patch +++ /dev/null @@ -1,56 +0,0 @@ ------------------------------------------------------------- -revno: 14107 -revision-id: squid3@treenet.co.nz-20161030094503-rwdft21ffff44rns -parent: squid3@treenet.co.nz-20161030094025-l4b8fdahoru8h16d -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sun 2016-10-30 22:45:03 +1300 -message: - HTTP/1.1: make Vary:* objects cacheable - - Under new clauses from RFC 7231 section 7.1.4 and HTTP response - containing header Vary:* (wifcard variant) can be cached, but - requires revalidation with server before each use. - - Use the new mandatory revalidation flags to allow storing of any - wildcard Vary:* response. - - Note that responses with headers like Vary:A,B,C,* are equivalent - to Vary:*. The cache key string for these objects is normalized. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161030094503-rwdft21ffff44rns -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 2652a5a689745e31fc450e0dfd1c5c472f6d68d6 -# timestamp: 2016-10-30 09:45:47 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161030094025-\ -# l4b8fdahoru8h16d -# -# Begin patch -=== modified file 'src/http.cc' ---- src/http.cc 2016-10-09 19:47:26 +0000 -+++ src/http.cc 2016-10-30 09:45:03 +0000 -@@ -594,7 +594,7 @@ - while (strListGetItem(&vary, ',', &item, &ilen, &pos)) { - SBuf name(item, ilen); - if (name == asterisk) { -- vstr.clear(); -+ vstr = asterisk; - break; - } - name.toLower(); -@@ -917,6 +917,12 @@ - varyFailure = true; - } else { - entry->mem_obj->vary_headers = vary; -+ -+ // RFC 7231 section 7.1.4 -+ // Vary:* can be cached, but has mandatory revalidation -+ static const SBuf asterisk("*"); -+ if (vary == asterisk) -+ EBIT_SET(entry->flags, ENTRY_REVALIDATE_ALWAYS); - } - } - - diff --git a/src/patches/squid/squid-3.5-14108.patch b/src/patches/squid/squid-3.5-14108.patch deleted file mode 100644 index 282fe41..0000000 --- a/src/patches/squid/squid-3.5-14108.patch +++ /dev/null @@ -1,33 +0,0 @@ ------------------------------------------------------------- -revno: 14108 -revision-id: squid3@treenet.co.nz-20161101112231-k77st4up2sekl5zx -parent: squid3@treenet.co.nz-20161030094503-rwdft21ffff44rns -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Wed 2016-11-02 00:22:31 +1300 -message: - Fix build issue after rev.14105 ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161101112231-k77st4up2sekl5zx -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: fea1ede525ccb3ad7bf50e8de8f125a86a8dc016 -# timestamp: 2016-11-01 11:51:06 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161030094503-\ -# rwdft21ffff44rns -# -# Begin patch -=== modified file 'src/AccessLogEntry.cc' ---- src/AccessLogEntry.cc 2016-10-30 09:39:20 +0000 -+++ src/AccessLogEntry.cc 2016-11-01 11:22:31 +0000 -@@ -30,7 +30,7 @@ - log_ip = request->indirect_client_addr; - else - #endif -- if (tcpClient) -+ if (tcpClient != NULL) - log_ip = tcpClient->remote; - else - log_ip = cache.caddr; - diff --git a/src/patches/squid/squid-3.5-14109.patch b/src/patches/squid/squid-3.5-14109.patch deleted file mode 100644 index 82b7dd2..0000000 --- a/src/patches/squid/squid-3.5-14109.patch +++ /dev/null @@ -1,167 +0,0 @@ ------------------------------------------------------------- -revno: 14109 -revision-id: squid3@treenet.co.nz-20161111060325-yh8chavvnzuvfh3h -parent: squid3@treenet.co.nz-20161101112231-k77st4up2sekl5zx -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3379 -author: Garri Djavadyan garryd@comnet.uz, Amos Jeffries squid3@treenet.co.nz -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Fri 2016-11-11 19:03:25 +1300 -message: - Bug 3379: Combination of If-Match and a Cache Hit result in TCP Connection Failure ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161111060325-yh8chavvnzuvfh3h -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 50d66878a765925d9a64569b3c226bebdee1f736 -# timestamp: 2016-11-11 06:10:37 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161101112231-\ -# k77st4up2sekl5zx -# -# Begin patch -=== modified file 'src/client_side_reply.cc' ---- src/client_side_reply.cc 2016-10-09 19:47:26 +0000 -+++ src/client_side_reply.cc 2016-11-11 06:03:25 +0000 -@@ -589,6 +589,7 @@ - debugs(88, 5, "negative-HIT"); - http->logType = LOG_TCP_NEGATIVE_HIT; - sendMoreData(result); -+ return; - } else if (blockedHit()) { - debugs(88, 5, "send_hit forces a MISS"); - http->logType = LOG_TCP_MISS; -@@ -641,27 +642,29 @@ - http->logType = LOG_TCP_MISS; - processMiss(); - } -+ return; - } else if (r->conditional()) { - debugs(88, 5, "conditional HIT"); -- processConditional(result); -- } else { -- /* -- * plain ol' cache hit -- */ -- debugs(88, 5, "plain old HIT"); -+ if (processConditional(result)) -+ return; -+ } -+ -+ /* -+ * plain ol' cache hit -+ */ -+ debugs(88, 5, "plain old HIT"); - - #if USE_DELAY_POOLS -- if (e->store_status != STORE_OK) -- http->logType = LOG_TCP_MISS; -- else -+ if (e->store_status != STORE_OK) -+ http->logType = LOG_TCP_MISS; -+ else - #endif -- if (e->mem_status == IN_MEMORY) -- http->logType = LOG_TCP_MEM_HIT; -- else if (Config.onoff.offline) -- http->logType = LOG_TCP_OFFLINE_HIT; -+ if (e->mem_status == IN_MEMORY) -+ http->logType = LOG_TCP_MEM_HIT; -+ else if (Config.onoff.offline) -+ http->logType = LOG_TCP_OFFLINE_HIT; - -- sendMoreData(result); -- } -+ sendMoreData(result); - } - - /** -@@ -755,17 +758,16 @@ - } - - /// process conditional request from client --void -+bool - clientReplyContext::processConditional(StoreIOBuffer &result) - { - StoreEntry *const e = http->storeEntry(); - - if (e->getReply()->sline.status() != Http::scOkay) { -- debugs(88, 4, "clientReplyContext::processConditional: Reply code " << -- e->getReply()->sline.status() << " != 200"); -+ debugs(88, 4, "Reply code " << e->getReply()->sline.status() << " != 200"); - http->logType = LOG_TCP_MISS; - processMiss(); -- return; -+ return true; - } - - HttpRequest &r = *http->request; -@@ -773,7 +775,7 @@ - if (r.header.has(HDR_IF_MATCH) && !e->hasIfMatchEtag(r)) { - // RFC 2616: reply with 412 Precondition Failed if If-Match did not match - sendPreconditionFailedError(); -- return; -+ return true; - } - - bool matchedIfNoneMatch = false; -@@ -786,14 +788,14 @@ - r.header.delById(HDR_IF_MODIFIED_SINCE); - http->logType = LOG_TCP_MISS; - sendMoreData(result); -- return; -+ return true; - } - - if (!r.flags.ims) { - // RFC 2616: if If-None-Match matched and there is no IMS, - // reply with 304 Not Modified or 412 Precondition Failed - sendNotModifiedOrPreconditionFailedError(); -- return; -+ return true; - } - - // otherwise check IMS below to decide if we reply with 304 or 412 -@@ -805,19 +807,20 @@ - if (e->modifiedSince(r.ims, r.imslen)) { - http->logType = LOG_TCP_IMS_HIT; - sendMoreData(result); -- return; -- } - -- if (matchedIfNoneMatch) { -+ } else if (matchedIfNoneMatch) { - // If-None-Match matched, reply with 304 Not Modified or - // 412 Precondition Failed - sendNotModifiedOrPreconditionFailedError(); -- return; -+ -+ } else { -+ // otherwise reply with 304 Not Modified -+ sendNotModified(); - } -- -- // otherwise reply with 304 Not Modified -- sendNotModified(); -+ return true; - } -+ -+ return false; - } - - /// whether squid.conf send_hit prevents us from serving this hit - -=== modified file 'src/client_side_reply.h' ---- src/client_side_reply.h 2016-09-23 15:28:42 +0000 -+++ src/client_side_reply.h 2016-11-11 06:03:25 +0000 -@@ -114,7 +114,7 @@ - bool alwaysAllowResponse(Http::StatusCode sline) const; - int checkTransferDone(); - void processOnlyIfCachedMiss(); -- void processConditional(StoreIOBuffer &result); -+ bool processConditional(StoreIOBuffer &result); - void cacheHit(StoreIOBuffer result); - void handleIMSReply(StoreIOBuffer result); - void sendMoreData(StoreIOBuffer result); - diff --git a/src/patches/squid/squid-3.5-14110.patch b/src/patches/squid/squid-3.5-14110.patch deleted file mode 100644 index 0d0a9db..0000000 --- a/src/patches/squid/squid-3.5-14110.patch +++ /dev/null @@ -1,102 +0,0 @@ ------------------------------------------------------------- -revno: 14110 -revision-id: squid3@treenet.co.nz-20161114105124-46hmtnsg8uj4owxz -parent: squid3@treenet.co.nz-20161111060325-yh8chavvnzuvfh3h -author: Christos Tsantilas chtsanti@users.sourceforge.net -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Mon 2016-11-14 23:51:24 +1300 -message: - Fix ssl::server_name ACL badly broken since inception. - - The original server_name code mishandled all SNI checks and some rare - host checks: - - * The SNI-derived value was pointing to an already freed memory storage. - * Missing host-derived values were not detected (host() is never nil). - * Mismatches were re-checked with an undocumented "none" value - instead of being treated as mismatches. - - Same for ssl::server_name_regex. - - Also set SNI for more server-first and client-first transactions. - - This is a Measurement Factory project. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161114105124-46hmtnsg8uj4owxz -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 46aadc410b46d91d597218961dbf1c634fb834fb -# timestamp: 2016-11-14 10:56:00 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161111060325-\ -# yh8chavvnzuvfh3h -# -# Begin patch -=== modified file 'src/acl/ServerName.cc' ---- src/acl/ServerName.cc 2016-09-08 12:27:06 +0000 -+++ src/acl/ServerName.cc 2016-11-14 10:51:24 +0000 -@@ -90,27 +90,28 @@ - { - assert(checklist != NULL && checklist->request != NULL); - -- if (checklist->conn() && checklist->conn()->serverBump()) { -- if (X509 *peer_cert = checklist->conn()->serverBump()->serverCert.get()) { -- if (Ssl::matchX509CommonNames(peer_cert, (void *)data, check_cert_domain<MatchType>)) -- return 1; -- } -- } -- - const char *serverName = NULL; -- if (checklist->conn() && !checklist->conn()->sslCommonName().isEmpty()) { -- SBuf scn = checklist->conn()->sslCommonName(); -- serverName = scn.c_str(); -- } -- -- if (serverName == NULL) -- serverName = checklist->request->GetHost(); -- -- if (serverName && data->match(serverName)) { -- return 1; -- } -- -- return data->match("none"); -+ SBuf serverNameKeeper; // because c_str() is not constant -+ if (ConnStateData *conn = checklist->conn()) { -+ if (conn->serverBump()) { -+ if (X509 *peer_cert = conn->serverBump()->serverCert.get()) -+ return Ssl::matchX509CommonNames(peer_cert, (void *)data, check_cert_domain<MatchType>); -+ } -+ -+ if (conn->sslCommonName().isEmpty()) { -+ const char *host = checklist->request->GetHost(); -+ if (host && *host) // paranoid first condition: host() is never nil -+ serverName = host; -+ } else { -+ serverNameKeeper = conn->sslCommonName(); -+ serverName = serverNameKeeper.c_str(); -+ } -+ } -+ -+ if (!serverName) -+ serverName = "none"; -+ -+ return data->match(serverName); - } - - ACLServerNameStrategy * - -=== modified file 'src/cf.data.pre' ---- src/cf.data.pre 2016-10-29 23:26:28 +0000 -+++ src/cf.data.pre 2016-11-14 10:51:24 +0000 -@@ -1167,6 +1167,9 @@ - # During each Ssl-Bump step, Squid may improve its understanding of a - # "true server name". Unlike dstdomain, this ACL does not perform - # DNS lookups. -+ # The "none" name can be used to match transactions where Squid -+ # could not compute the server name using any information source -+ # already available at the ACL evaluation time. - - acl aclname ssl::server_name_regex [-i] .foo.com ... - # regex matches server name obtained from various sources [fast] - diff --git a/src/patches/squid/squid-3.5-14111.patch b/src/patches/squid/squid-3.5-14111.patch deleted file mode 100644 index 984069b..0000000 --- a/src/patches/squid/squid-3.5-14111.patch +++ /dev/null @@ -1,43 +0,0 @@ ------------------------------------------------------------- -revno: 14111 -revision-id: squid3@treenet.co.nz-20161114105434-f1uvw2lu8l4lpgay -parent: squid3@treenet.co.nz-20161114105124-46hmtnsg8uj4owxz -author: Garri Djavadyan garryd@comnet.uz -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Mon 2016-11-14 23:54:34 +1300 -message: - Fix spelling for digest nonce cache maintenance event ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161114105434-f1uvw2lu8l4lpgay -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 8c91678868beb689db5e0e6eaa6911c44f503ac8 -# timestamp: 2016-11-14 10:56:03 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161114105124-\ -# 46hmtnsg8uj4owxz -# -# Begin patch -=== modified file 'src/auth/digest/Config.cc' ---- src/auth/digest/Config.cc 2016-01-01 00:14:27 +0000 -+++ src/auth/digest/Config.cc 2016-11-14 10:54:34 +0000 -@@ -204,7 +204,7 @@ - if (!digest_nonce_cache) { - digest_nonce_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string); - assert(digest_nonce_cache); -- eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_castAuth::Digest::Config*(Auth::Config::Find("digest"))->nonceGCInterval, 1); -+ eventAdd("Digest nonce cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_castAuth::Digest::Config*(Auth::Config::Find("digest"))->nonceGCInterval, 1); - } - } - -@@ -268,7 +268,7 @@ - debugs(29, 3, "Finished cleaning the nonce cache."); - - if (static_castAuth::Digest::Config*(Auth::Config::Find("digest"))->active()) -- eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_castAuth::Digest::Config*(Auth::Config::Find("digest"))->nonceGCInterval, 1); -+ eventAdd("Digest nonce cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_castAuth::Digest::Config*(Auth::Config::Find("digest"))->nonceGCInterval, 1); - } - - static void - diff --git a/src/patches/squid/squid-3.5-14112.patch b/src/patches/squid/squid-3.5-14112.patch deleted file mode 100644 index a63c1c0..0000000 --- a/src/patches/squid/squid-3.5-14112.patch +++ /dev/null @@ -1,60 +0,0 @@ ------------------------------------------------------------- -revno: 14112 -revision-id: squid3@treenet.co.nz-20161114124051-s0vzoj5exv5g8w56 -parent: squid3@treenet.co.nz-20161114105434-f1uvw2lu8l4lpgay -author: Alex Rousskov rousskov@measurement-factory.com -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Tue 2016-11-15 01:40:51 +1300 -message: - Honor SBufReservationRequirements::minSize regardless of idealSize. - - In a fully specified SBufReservationRequirements, idealSize would - naturally match or exceed minSize. However, the idealSize default value - (zero) may not. We should honor minSize regardless of idealSize, just as - the API documentation promises to do. - - No runtime changes expected right now because the only existing user of - SBufReservationRequirements sets .idealSize to CLIENT_REQ_BUF_SZ (4096) - and .minSize to 1024. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161114124051-s0vzoj5exv5g8w56 -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: fb0969aa035352582364b529a70286cbfd89564a -# timestamp: 2016-11-14 12:43:10 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161114105434-\ -# f1uvw2lu8l4lpgay -# -# Begin patch -=== modified file 'src/SBuf.cc' ---- src/SBuf.cc 2016-06-18 13:36:07 +0000 -+++ src/SBuf.cc 2016-11-14 12:40:51 +0000 -@@ -178,7 +178,8 @@ - if (!mustRealloc && len_ >= req.maxCapacity) - return spaceSize(); // but we cannot reallocate - -- const size_type newSpace = std::min(req.idealSpace, maxSize - len_); -+ const size_type desiredSpace = std::max(req.minSpace, req.idealSpace); -+ const size_type newSpace = std::min(desiredSpace, maxSize - len_); - reserveCapacity(std::min(len_ + newSpace, req.maxCapacity)); - debugs(24, 7, id << " now: " << off_ << '+' << len_ << '+' << spaceSize() << - '=' << store_->capacity); - -=== modified file 'src/SBuf.h' ---- src/SBuf.h 2016-06-18 13:36:07 +0000 -+++ src/SBuf.h 2016-11-14 12:40:51 +0000 -@@ -635,9 +635,10 @@ - /* - * Parameters are listed in the reverse order of importance: Satisfaction of - * the lower-listed requirements may violate the higher-listed requirements. -+ * For example, idealSpace has no effect unless it exceeds minSpace. - */ - size_type idealSpace; ///< if allocating anyway, provide this much space -- size_type minSpace; ///< allocate if spaceSize() is smaller -+ size_type minSpace; ///< allocate [at least this much] if spaceSize() is smaller - size_type maxCapacity; ///< do not allocate more than this - bool allowShared; ///< whether sharing our storage with others is OK - }; - diff --git a/src/patches/squid/squid-3.5-14113.patch b/src/patches/squid/squid-3.5-14113.patch deleted file mode 100644 index d545026..0000000 --- a/src/patches/squid/squid-3.5-14113.patch +++ /dev/null @@ -1,47 +0,0 @@ ------------------------------------------------------------- -revno: 14113 -revision-id: squid3@treenet.co.nz-20161115075728-2xj2621oh5bwn8wn -parent: squid3@treenet.co.nz-20161114124051-s0vzoj5exv5g8w56 -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Tue 2016-11-15 20:57:28 +1300 -message: - TLS: Make key= before cert= an error instead of quietly hiding the issue - - This squid.conf setup is fatal in Squid-4. So best to fix these installations. - Even though Squdi-3 can cope with it. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161115075728-2xj2621oh5bwn8wn -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: a18738f4cbf0c1bd368e61d4b19c5d6f5005b919 -# timestamp: 2016-11-15 07:58:39 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161114124051-\ -# s0vzoj5exv5g8w56 -# -# Begin patch -=== modified file 'src/cache_cf.cc' ---- src/cache_cf.cc 2016-09-23 11:11:48 +0000 -+++ src/cache_cf.cc 2016-11-15 07:57:28 +0000 -@@ -2257,6 +2257,9 @@ - safe_free(p->sslcert); - p->sslcert = xstrdup(token + 8); - } else if (strncmp(token, "sslkey=", 7) == 0) { -+ if (!p->sslcert) { -+ debugs(3, DBG_CRITICAL, "ERROR: " << cfg_directive << ": sslcert= option must be set before sslkey= is used."); -+ } - safe_free(p->sslkey); - p->sslkey = xstrdup(token + 7); - } else if (strncmp(token, "sslversion=", 11) == 0) { -@@ -3729,6 +3732,9 @@ - safe_free(s->cert); - s->cert = xstrdup(token + 5); - } else if (strncmp(token, "key=", 4) == 0) { -+ if (!s->cert) { -+ debugs(3, DBG_CRITICAL, "ERROR: " << cfg_directive << ": cert= option must be set before key= is used."); -+ } - safe_free(s->key); - s->key = xstrdup(token + 4); - } else if (strncmp(token, "version=", 8) == 0) { - diff --git a/src/patches/squid/squid-3.5-14114.patch b/src/patches/squid/squid-3.5-14114.patch deleted file mode 100644 index 0985004..0000000 --- a/src/patches/squid/squid-3.5-14114.patch +++ /dev/null @@ -1,46 +0,0 @@ ------------------------------------------------------------- -revno: 14114 -revision-id: squid3@treenet.co.nz-20161130154205-c9z1bhqzuh3rafl3 -parent: squid3@treenet.co.nz-20161115075728-2xj2621oh5bwn8wn -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Thu 2016-12-01 04:42:05 +1300 -message: - Improve debugs warnings when loading signing certs fails ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161130154205-c9z1bhqzuh3rafl3 -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: e760bf590489a354e314f19dd158b063d23ef7a7 -# timestamp: 2016-11-30 15:51:47 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161115075728-\ -# 2xj2621oh5bwn8wn -# -# Begin patch -=== modified file 'src/ssl/support.cc' ---- src/ssl/support.cc 2016-10-09 14:30:11 +0000 -+++ src/ssl/support.cc 2016-11-30 15:42:05 +0000 -@@ -2011,10 +2011,17 @@ - pem_password_cb *cb = ::Config.Program.ssl_password ? &ssl_ask_password_cb : NULL; - pkey.reset(readSslPrivateKey(keyFilename, cb)); - cert.reset(readSslX509CertificatesChain(certFilename, chain.get())); -- if (!pkey || !cert || !X509_check_private_key(cert.get(), pkey.get())) { -- pkey.reset(NULL); -- cert.reset(NULL); -- } -+ if (!cert) { -+ debugs(83, DBG_IMPORTANT, "WARNING: missing cert in '" << certFilename << "'"); -+ } else if (!pkey) { -+ debugs(83, DBG_IMPORTANT, "WARNING: missing private key in '" << keyFilename << "'"); -+ } else if (!X509_check_private_key(cert.get(), pkey.get())) { -+ debugs(83, DBG_IMPORTANT, "WARNING: X509_check_private_key() failed to verify signing cert"); -+ } else -+ return; // everything is okay -+ -+ pkey.reset(NULL); -+ cert.reset(NULL); - } - - bool Ssl::generateUntrustedCert(X509_Pointer &untrustedCert, EVP_PKEY_Pointer &untrustedPkey, X509_Pointer const &cert, EVP_PKEY_Pointer const & pkey) - diff --git a/src/patches/squid/squid-3.5-14115.patch b/src/patches/squid/squid-3.5-14115.patch deleted file mode 100644 index 4e5e3cf..0000000 --- a/src/patches/squid/squid-3.5-14115.patch +++ /dev/null @@ -1,197 +0,0 @@ ------------------------------------------------------------- -revno: 14115 -revision-id: squid3@treenet.co.nz-20161130215630-c42qucqar9bi9a1k -parent: squid3@treenet.co.nz-20161130154205-c9z1bhqzuh3rafl3 -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4004 -author: Christos Tsantilas chtsanti@users.sourceforge.net -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Thu 2016-12-01 10:56:30 +1300 -message: - Bug 4004 partial: Fix segfault via Ftp::Client::readControlReply - - Added nil dereference checks for Ftp::Client::ctrl.conn, including: - - Ftp::Client::handlePasvReply() and handleEpsvReply() that dereference - ctrl.conn in DBG_IMPORTANT messages. - - Many functions inside FtpClient.cc and FtpGateway.cc files. - - TODO: We need to find a better way to handle nil ctrl.conn. It is only - a matter of time when we forget to add another dereference check or - discover a place we missed during this change. - - Also disabled forwarding of EPRT and PORT commands to origin servers. - Squid support for those commands is broken and their forwarding may - cause segfaults (bug #4004). Active FTP is still supported, of course. - - This is a Measurement Factory project ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161130215630-c42qucqar9bi9a1k -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 345883c1b5a5cd221e9d0e68b254df7d955372ad -# timestamp: 2016-11-30 22:42:02 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161130154205-\ -# c9z1bhqzuh3rafl3 -# -# Begin patch -=== modified file 'src/clients/FtpClient.cc' ---- src/clients/FtpClient.cc 2016-08-05 14:59:33 +0000 -+++ src/clients/FtpClient.cc 2016-11-30 21:56:30 +0000 -@@ -442,6 +442,11 @@ - char *buf; - debugs(9, 3, status()); - -+ if (!Comm::IsConnOpen(ctrl.conn)) { -+ debugs(9, 5, "The control connection to the remote end is closed"); -+ return false; -+ } -+ - if (code != 227) { - debugs(9, 2, "PASV not supported by remote end"); - return false; -@@ -473,6 +478,11 @@ - char *buf; - debugs(9, 3, status()); - -+ if (!Comm::IsConnOpen(ctrl.conn)) { -+ debugs(9, 5, "The control connection to the remote end is closed"); -+ return false; -+ } -+ - if (code != 229 && code != 522) { - if (code == 200) { - /* handle broken servers (RFC 2428 says OK code for EPSV MUST be 229 not 200) */ -@@ -733,6 +743,11 @@ - void - Ftp::Client::connectDataChannel() - { -+ if (!Comm::IsConnOpen(ctrl.conn)) { -+ debugs(9, 5, "The control connection to the remote end is closed"); -+ return; -+ } -+ - safe_free(ctrl.last_command); - - safe_free(ctrl.last_reply); - -=== modified file 'src/clients/FtpGateway.cc' ---- src/clients/FtpGateway.cc 2016-01-31 05:39:09 +0000 -+++ src/clients/FtpGateway.cc 2016-11-30 21:56:30 +0000 -@@ -212,7 +212,9 @@ - static FTPSM ftpReadMdtm; - static FTPSM ftpSendSize; - static FTPSM ftpReadSize; -+#if 0 - static FTPSM ftpSendEPRT; -+#endif - static FTPSM ftpReadEPRT; - static FTPSM ftpSendPORT; - static FTPSM ftpReadPORT; -@@ -450,6 +452,11 @@ - void - Ftp::Gateway::listenForDataChannel(const Comm::ConnectionPointer &conn) - { -+ if (!Comm::IsConnOpen(ctrl.conn)) { -+ debugs(9, 5, "The control connection to the remote end is closed"); -+ return; -+ } -+ - assert(!Comm::IsConnOpen(data.conn)); - - typedef CommCbMemFunT<Gateway, CommAcceptCbParams> AcceptDialer; -@@ -1183,7 +1190,7 @@ - - checkUrlpath(); - buildTitleUrl(); -- debugs(9, 5, HERE << "FD " << ctrl.conn->fd << " : host=" << request->GetHost() << -+ debugs(9, 5, "FD " << (ctrl.conn != NULL ? ctrl.conn->fd : -1) << " : host=" << request->GetHost() << - ", path=" << request->urlpath << ", user=" << user << ", passwd=" << password); - state = BEGIN; - Ftp::Client::start(); -@@ -1750,7 +1757,9 @@ - if (ftpState->handlePasvReply(srvAddr)) - ftpState->connectDataChannel(); - else { -- ftpSendEPRT(ftpState); -+ ftpFail(ftpState); -+ // Currently disabled, does not work correctly: -+ // ftpSendEPRT(ftpState); - return; - } - } -@@ -1790,6 +1799,11 @@ - } - safe_free(ftpState->data.host); - -+ if (!Comm::IsConnOpen(ftpState->ctrl.conn)) { -+ debugs(9, 5, "The control connection to the remote end is closed"); -+ return; -+ } -+ - /* - * Set up a listen socket on the same local address as the - * control connection. -@@ -1875,9 +1889,14 @@ - ftpRestOrList(ftpState); - } - -+#if 0 - static void - ftpSendEPRT(Ftp::Gateway * ftpState) - { -+ /* check the server control channel is still available */ -+ if (!ftpState || !ftpState->haveControlChannel("ftpSendEPRT")) -+ return; -+ - if (Config.Ftp.epsv_all && ftpState->flags.epsv_all_sent) { - debugs(9, DBG_IMPORTANT, "FTP does not allow EPRT method after 'EPSV ALL' has been sent."); - return; -@@ -1913,6 +1932,7 @@ - ftpState->writeCommand(cbuf); - ftpState->state = Ftp::Client::SENT_EPRT; - } -+#endif - - static void - ftpReadEPRT(Ftp::Gateway * ftpState) -@@ -1939,10 +1959,8 @@ - { - debugs(9, 3, HERE); - -- if (EBIT_TEST(entry->flags, ENTRY_ABORTED)) { -- abortAll("entry aborted when accepting data conn"); -- data.listenConn->close(); -- data.listenConn = NULL; -+ if (!Comm::IsConnOpen(ctrl.conn)) { /*Close handlers will cleanup*/ -+ debugs(9, 5, "The control connection to the remote end is closed"); - return; - } - -@@ -1955,6 +1973,14 @@ - return; - } - -+ if (EBIT_TEST(entry->flags, ENTRY_ABORTED)) { -+ abortAll("entry aborted when accepting data conn"); -+ data.listenConn->close(); -+ data.listenConn = NULL; -+ io.conn->close(); -+ return; -+ } -+ - /* data listening conn is no longer even open. abort. */ - if (!Comm::IsConnOpen(data.listenConn)) { - data.listenConn = NULL; // ensure that it's cleared and not just closed. -@@ -2705,8 +2731,8 @@ - Ftp::Gateway::completeForwarding() - { - if (fwd == NULL || flags.completed_forwarding) { -- debugs(9, 3, HERE << "completeForwarding avoids " << -- "double-complete on FD " << ctrl.conn->fd << ", Data FD " << data.conn->fd << -+ debugs(9, 3, "avoid double-complete on FD " << -+ (ctrl.conn != NULL ? ctrl.conn->fd : -1) << ", Data FD " << data.conn->fd << - ", this " << this << ", fwd " << fwd); - return; - } - diff --git a/src/patches/squid/squid-3.5-14116.patch b/src/patches/squid/squid-3.5-14116.patch deleted file mode 100644 index c92d8b8..0000000 --- a/src/patches/squid/squid-3.5-14116.patch +++ /dev/null @@ -1,38 +0,0 @@ ------------------------------------------------------------- -revno: 14116 -revision-id: squid3@treenet.co.nz-20161130223332-zcaxll4prj3kag1b -parent: squid3@treenet.co.nz-20161130215630-c42qucqar9bi9a1k -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3533 -author: Garri Djavadyan garryd@comnet.uz -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Thu 2016-12-01 11:33:32 +1300 -message: - Bug 3533: Cache still valid after HTTP/1.1 303 See Other - - RFC7231 does not mention 303 response as non-cacheable. - So, assuming that means it *is* cacheable. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161130223332-zcaxll4prj3kag1b -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: c90320c95a4b64c8d18794fbe5df526fe0f9f702 -# timestamp: 2016-11-30 22:42:05 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161130215630-\ -# c42qucqar9bi9a1k -# -# Begin patch -=== modified file 'src/http.cc' ---- src/http.cc 2016-10-30 09:45:03 +0000 -+++ src/http.cc 2016-11-30 22:33:32 +0000 -@@ -203,6 +203,8 @@ - - case Http::scFound: - -+ case Http::scSeeOther: -+ - case Http::scGone: - - case Http::scNotFound: - diff --git a/src/patches/squid/squid-3.5-14117.patch b/src/patches/squid/squid-3.5-14117.patch deleted file mode 100644 index 23d5376..0000000 --- a/src/patches/squid/squid-3.5-14117.patch +++ /dev/null @@ -1,152 +0,0 @@ ------------------------------------------------------------- -revno: 14117 -revision-id: squid3@treenet.co.nz-20161130232039-z18ikhhcf3j185my -parent: squid3@treenet.co.nz-20161130223332-zcaxll4prj3kag1b -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4007 -author: Stephen Baynes sbaynes@mail.com, Amos Jeffries squid3@treenet.co.nz -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Thu 2016-12-01 12:20:39 +1300 -message: - Bug 4007: Hang on DNS query with dead-end CNAME - - DNS lookup recursion no longer occurs. ipcacheParse() return values are no - longer useful. - - Also, cleanup the debugging output. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161130232039-z18ikhhcf3j185my -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 9059c7a07e5366bd2eac606c72f875077766ed34 -# timestamp: 2016-11-30 23:27:11 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161130223332-\ -# zcaxll4prj3kag1b -# -# Begin patch -=== modified file 'src/ipcache.cc' ---- src/ipcache.cc 2016-01-01 00:14:27 +0000 -+++ src/ipcache.cc 2016-11-30 23:20:39 +0000 -@@ -123,7 +123,6 @@ - static FREE ipcacheFreeEntry; - static IDNSCB ipcacheHandleReply; - static int ipcacheExpiredEntry(ipcache_entry *); --static int ipcacheParse(ipcache_entry *, const rfc1035_rr *, int, const char *error); - static ipcache_entry *ipcache_get(const char *); - static void ipcacheLockEntry(ipcache_entry *); - static void ipcacheStatPrint(ipcache_entry *, StoreEntry *); -@@ -328,8 +327,7 @@ - ipcacheUnlockEntry(i); - } - --/// \ingroup IPCacheAPI --static int -+static void - ipcacheParse(ipcache_entry *i, const rfc1035_rr * answers, int nr, const char *error_message) - { - int k; -@@ -350,25 +348,25 @@ - i->addrs.count = 0; - - if (nr < 0) { -- debugs(14, 3, "ipcacheParse: Lookup failed '" << error_message << "' for '" << (const char *)i->hash.key << "'"); -+ debugs(14, 3, "Lookup failed '" << error_message << "' for '" << (const char *)i->hash.key << "'"); - i->error_message = xstrdup(error_message); -- return -1; -+ return; - } - - if (nr == 0) { -- debugs(14, 3, "ipcacheParse: No DNS records in response to '" << name << "'"); -+ debugs(14, 3, "No DNS records in response to '" << name << "'"); - i->error_message = xstrdup("No DNS records"); -- return -1; -+ return; - } - -- debugs(14, 3, "ipcacheParse: " << nr << " answers for '" << name << "'"); -+ debugs(14, 3, nr << " answers for '" << name << "'"); - assert(answers); - - for (k = 0; k < nr; ++k) { - - if (Ip::EnableIpv6 && answers[k].type == RFC1035_TYPE_AAAA) { - if (answers[k].rdlength != sizeof(struct in6_addr)) { -- debugs(14, DBG_IMPORTANT, "ipcacheParse: Invalid IPv6 address in response to '" << name << "'"); -+ debugs(14, DBG_IMPORTANT, MYNAME << "Invalid IPv6 address in response to '" << name << "'"); - continue; - } - ++na; -@@ -378,7 +376,7 @@ - - if (answers[k].type == RFC1035_TYPE_A) { - if (answers[k].rdlength != sizeof(struct in_addr)) { -- debugs(14, DBG_IMPORTANT, "ipcacheParse: Invalid IPv4 address in response to '" << name << "'"); -+ debugs(14, DBG_IMPORTANT, MYNAME << "Invalid IPv4 address in response to '" << name << "'"); - continue; - } - ++na; -@@ -394,14 +392,14 @@ - } - - // otherwise its an unknown RR. debug at level 9 since we usually want to ignore these and they are common. -- debugs(14, 9, HERE << "Unknown RR type received: type=" << answers[k].type << " starting at " << &(answers[k]) ); -+ debugs(14, 9, "Unknown RR type received: type=" << answers[k].type << " starting at " << &(answers[k]) ); - } - if (na == 0) { -- debugs(14, DBG_IMPORTANT, "ipcacheParse: No Address records in response to '" << name << "'"); -+ debugs(14, DBG_IMPORTANT, MYNAME << "No Address records in response to '" << name << "'"); - i->error_message = xstrdup("No Address records"); - if (cname_found) - ++IpcacheStats.cname_only; -- return 0; -+ return; - } - - i->addrs.in_addrs = static_cast<Ip::Address *>(xcalloc(na, sizeof(Ip::Address))); -@@ -419,7 +417,7 @@ - memcpy(&temp, answers[k].rdata, sizeof(struct in_addr)); - i->addrs.in_addrs[j] = temp; - -- debugs(14, 3, "ipcacheParse: " << name << " #" << j << " " << i->addrs.in_addrs[j]); -+ debugs(14, 3, name << " #" << j << " " << i->addrs.in_addrs[j]); - ++j; - - } else if (Ip::EnableIpv6 && answers[k].type == RFC1035_TYPE_AAAA) { -@@ -430,7 +428,7 @@ - memcpy(&temp, answers[k].rdata, sizeof(struct in6_addr)); - i->addrs.in_addrs[j] = temp; - -- debugs(14, 3, "ipcacheParse: " << name << " #" << j << " " << i->addrs.in_addrs[j] ); -+ debugs(14, 3, name << " #" << j << " " << i->addrs.in_addrs[j] ); - ++j; - } - if (ttl == 0 || (int) answers[k].ttl < ttl) -@@ -453,8 +451,6 @@ - i->expires = squid_curtime + ttl; - - i->flags.negcached = false; -- -- return i->addrs.count; - } - - /// \ingroup IPCacheInternal -@@ -467,13 +463,9 @@ - const int age = i->age(); - statCounter.dns.svcTime.count(age); - -- int done = ipcacheParse(i, answers, na, error_message); -- -- /* If we have not produced either IPs or Error immediately, wait for recursion to finish. */ -- if (done != 0 || error_message != NULL) { -- ipcacheAddEntry(i); -- ipcacheCallback(i, age); -- } -+ ipcacheParse(i, answers, na, error_message); -+ ipcacheAddEntry(i); -+ ipcacheCallback(i, age); - } - - /** - diff --git a/src/patches/squid/squid-3.5-14118.patch b/src/patches/squid/squid-3.5-14118.patch deleted file mode 100644 index 1e36294..0000000 --- a/src/patches/squid/squid-3.5-14118.patch +++ /dev/null @@ -1,55 +0,0 @@ ------------------------------------------------------------- -revno: 14118 -revision-id: squid3@treenet.co.nz-20161130233304-lk3q0bx8gn5l3l85 -parent: squid3@treenet.co.nz-20161130232039-z18ikhhcf3j185my -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3290 -author: Garri Djavadyan garryd@comnet.uz -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Thu 2016-12-01 12:33:04 +1300 -message: - Bug 3290: authenticate_ttl not working for digest authentication ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161130233304-lk3q0bx8gn5l3l85 -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 50ff391db1484222ead5fb50b1bca0694c37ed4c -# timestamp: 2016-11-30 23:34:59 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161130232039-\ -# z18ikhhcf3j185my -# -# Begin patch -=== modified file 'src/auth/digest/Config.cc' ---- src/auth/digest/Config.cc 2016-11-14 10:54:34 +0000 -+++ src/auth/digest/Config.cc 2016-11-30 23:33:04 +0000 -@@ -1058,6 +1058,10 @@ - * the user agent won't change user name without warning. - */ - authDigestUserLinkNonce(digest_user, nonce); -+ -+ /* auth_user is now linked, we reset these values -+ * after external auth occurs anyway */ -+ auth_user->expiretime = current_time.tv_sec; - } else { - debugs(29, 9, "Found user '" << username << "' in the user cache as '" << auth_user << "'"); - digest_user = static_cast<Auth::Digest::User *>(auth_user.getRaw()); - -=== modified file 'src/auth/digest/UserRequest.cc' ---- src/auth/digest/UserRequest.cc 2016-01-01 00:14:27 +0000 -+++ src/auth/digest/UserRequest.cc 2016-11-30 23:33:04 +0000 -@@ -187,12 +187,7 @@ - auth_user->credentials(Auth::Ok); - - /* password was checked and did match */ -- debugs(29, 4, HERE << "user '" << auth_user->username() << "' validated OK"); -- -- /* auth_user is now linked, we reset these values -- * after external auth occurs anyway */ -- auth_user->expiretime = current_time.tv_sec; -- return; -+ debugs(29, 4, "user '" << auth_user->username() << "' validated OK"); - } - - Auth::Direction - diff --git a/src/patches/squid/squid-3.5-14119.patch b/src/patches/squid/squid-3.5-14119.patch deleted file mode 100644 index d6e85a5..0000000 --- a/src/patches/squid/squid-3.5-14119.patch +++ /dev/null @@ -1,184 +0,0 @@ ------------------------------------------------------------- -revno: 14119 -revision-id: squid3@treenet.co.nz-20161209015833-xm965d5l6u03qhew -parent: squid3@treenet.co.nz-20161130233304-lk3q0bx8gn5l3l85 -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4174 -author: Christos Tsantilas chtsanti@users.sourceforge.net -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Fri 2016-12-09 14:58:33 +1300 -message: - Bug 4174 partial: fix Write.cc:41 "!ccb->active()" assertion. - - The following sequence of events triggers this assertion: - - The server sends an 1xx control message. - - http.cc schedules ConnStateData::sendControlMsg call. - - Before sendControlMsg is fired, http.cc detects an error (e.g., I/O - error or timeout) and starts writing the reply to the user. - - The ConnStateData::sendControlMsg is fired, starts writing 1xx, and - hits the "no concurrent writes" assertion. - - We could only reproduce this sequence in the lab after changing Squid - code to trigger a timeout at the right moment, but the sequence looks - plausible. Other event sequences might result in the same outcome. - - To avoid concurrent writes, Squid now drops the control message if - Http::One::Server detects that a reply is already being written. Also, - ConnStateData delays reply writing until a pending control message write - has been completed. - - This is a Measurement Factory project. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161209015833-xm965d5l6u03qhew -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 103c6fc1fa45d78ba7f9e85ab3d89fff898ee762 -# timestamp: 2016-12-09 02:51:06 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161130233304-\ -# lk3q0bx8gn5l3l85 -# -# Begin patch -=== modified file 'src/client_side.cc' ---- src/client_side.cc 2016-09-23 20:49:24 +0000 -+++ src/client_side.cc 2016-12-09 01:58:33 +0000 -@@ -340,7 +340,21 @@ - AsyncCall::Pointer call = commCbCall(33, 5, "ClientSocketContext::wroteControlMsg", - CommIoCbPtrFun(&WroteControlMsg, this)); - -- getConn()->writeControlMsgAndCall(this, rep.getRaw(), call); -+ if (!getConn()->writeControlMsgAndCall(this, rep.getRaw(), call)) { -+ // but still inform the caller (so it may resume its operation) -+ doneWithControlMsg(); -+ } -+} -+ -+void -+ClientSocketContext::doneWithControlMsg() -+{ -+ ScheduleCallHere(cbControlMsgSent); -+ cbControlMsgSent = NULL; -+ -+ debugs(33, 3, clientConnection << ": calling PushDeferredIfNeeded after control msg wrote"); -+ ClientSocketContextPushDeferredIfNeeded(this, getConn()); -+ - } - - /// called when we wrote the 1xx response -@@ -351,7 +365,7 @@ - return; - - if (errflag == Comm::OK) { -- ScheduleCallHere(cbControlMsgSent); -+ doneWithControlMsg(); - return; - } - -@@ -1455,6 +1469,8 @@ - - if (context != http->getConn()->getCurrentContext()) - context->deferRecipientForLater(node, rep, receivedData); -+ else if (context->controlMsgIsPending()) -+ context->deferRecipientForLater(node, rep, receivedData); - else - http->getConn()->handleReply(rep, receivedData); - - -=== modified file 'src/client_side.h' ---- src/client_side.h 2016-06-18 13:36:07 +0000 -+++ src/client_side.h 2016-12-09 01:58:33 +0000 -@@ -129,9 +129,13 @@ - /// starts writing 1xx control message to the client - void writeControlMsg(HttpControlMsg &msg); - -+ /// true if 1xx to the user is pending -+ bool controlMsgIsPending() {return cbControlMsgSent != NULL;} -+ - protected: - static IOCB WroteControlMsg; - void wroteControlMsg(const Comm::ConnectionPointer &conn, char *bufnotused, size_t size, Comm::Flag errflag, int xerrno); -+ void doneWithControlMsg(); - - private: - void prepareReply(HttpReply * rep); -@@ -387,7 +391,7 @@ - void connectionTag(const char *aTag) { connectionTag_ = aTag; } - - /// handle a control message received by context from a peer and call back -- virtual void writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call) = 0; -+ virtual bool writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call) = 0; - - /// ClientStream calls this to supply response header (once) and data - /// for the current ClientSocketContext. - -=== modified file 'src/servers/FtpServer.cc' ---- src/servers/FtpServer.cc 2016-06-30 21:09:12 +0000 -+++ src/servers/FtpServer.cc 2016-12-09 01:58:33 +0000 -@@ -1152,12 +1152,13 @@ - writeErrorReply(reply, 451); - } - --void -+bool - Ftp::Server::writeControlMsgAndCall(ClientSocketContext *context, HttpReply *reply, AsyncCall::Pointer &call) - { - // the caller guarantees that we are dealing with the current context only - // the caller should also make sure reply->header.has(HDR_FTP_STATUS) - writeForwardedReplyAndCall(reply, call); -+ return true; - } - - void - -=== modified file 'src/servers/FtpServer.h' ---- src/servers/FtpServer.h 2016-03-15 18:14:15 +0000 -+++ src/servers/FtpServer.h 2016-12-09 01:58:33 +0000 -@@ -94,7 +94,7 @@ - virtual void clientPinnedConnectionClosed(const CommCloseCbParams &io); - virtual void handleReply(HttpReply *header, StoreIOBuffer receivedData); - virtual int pipelinePrefetchMax() const; -- virtual void writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call); -+ virtual bool writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call); - virtual time_t idleTimeout() const; - - /* BodyPipe API */ - -=== modified file 'src/servers/HttpServer.cc' ---- src/servers/HttpServer.cc 2016-01-01 00:14:27 +0000 -+++ src/servers/HttpServer.cc 2016-12-09 01:58:33 +0000 -@@ -35,7 +35,7 @@ - virtual ClientSocketContext *parseOneRequest(Http::ProtocolVersion &ver); - virtual void processParsedRequest(ClientSocketContext *context, const Http::ProtocolVersion &ver); - virtual void handleReply(HttpReply *rep, StoreIOBuffer receivedData); -- virtual void writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call); -+ virtual bool writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call); - virtual time_t idleTimeout() const; - - /* BodyPipe API */ -@@ -167,9 +167,16 @@ - context->sendStartOfMessage(rep, receivedData); - } - --void -+bool - Http::Server::writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call) - { -+ // Ignore this late control message if we have started sending a -+ // reply to the user already (e.g., after an error). -+ if (context->reply) { -+ debugs(11, 2, "drop 1xx made late by " << context->reply); -+ return false; -+ } -+ - // apply selected clientReplyContext::buildReplyHeader() mods - // it is not clear what headers are required for control messages - rep->header.removeHopByHopEntries(); -@@ -184,6 +191,7 @@ - Comm::Write(context->clientConnection, mb, call); - - delete mb; -+ return true; - } - - ConnStateData * - diff --git a/src/patches/squid/squid-3.5-14120.patch b/src/patches/squid/squid-3.5-14120.patch deleted file mode 100644 index 4d28d4a..0000000 --- a/src/patches/squid/squid-3.5-14120.patch +++ /dev/null @@ -1,62 +0,0 @@ ------------------------------------------------------------- -revno: 14120 -revision-id: squid3@treenet.co.nz-20161209034636-wytrnx7ks2jv0sxt -parent: squid3@treenet.co.nz-20161209015833-xm965d5l6u03qhew -author: Egervary Gergely gergely@egervary.hu -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Fri 2016-12-09 16:46:36 +1300 -message: - Support IPv6 NAT with PF for NetBSD and FreeBSD ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161209034636-wytrnx7ks2jv0sxt -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: b47da8d30fe000bbe50ea978bab7594065f7dc07 -# timestamp: 2016-12-09 03:51:01 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161209015833-\ -# xm965d5l6u03qhew -# -# Begin patch -=== modified file 'src/ip/Intercept.cc' ---- src/ip/Intercept.cc 2016-10-25 08:25:30 +0000 -+++ src/ip/Intercept.cc 2016-12-09 03:46:36 +0000 -@@ -339,13 +339,20 @@ - } - - memset(&nl, 0, sizeof(struct pfioc_natlook)); -- newConn->remote.getInAddr(nl.saddr.v4); -+ -+ if (newConn->remote.isIPv6()) { -+ newConn->remote.getInAddr(nl.saddr.v6); -+ newConn->local.getInAddr(nl.daddr.v6); -+ nl.af = AF_INET6; -+ } else { -+ newConn->remote.getInAddr(nl.saddr.v4); -+ newConn->local.getInAddr(nl.daddr.v4); -+ nl.af = AF_INET; -+ } -+ - nl.sport = htons(newConn->remote.port()); -- -- newConn->local.getInAddr(nl.daddr.v4); - nl.dport = htons(newConn->local.port()); - -- nl.af = AF_INET; - nl.proto = IPPROTO_TCP; - nl.direction = PF_OUT; - -@@ -361,7 +368,10 @@ - debugs(89, 9, HERE << "address: " << newConn); - return false; - } else { -- newConn->local = nl.rdaddr.v4; -+ if (newConn->remote.isIPv6()) -+ newConn->local = nl.rdaddr.v6; -+ else -+ newConn->local = nl.rdaddr.v4; - newConn->local.port(ntohs(nl.rdport)); - debugs(89, 5, HERE << "address NAT: " << newConn); - return true; - diff --git a/src/patches/squid/squid-3.5-14121.patch b/src/patches/squid/squid-3.5-14121.patch deleted file mode 100644 index 36f3f7a..0000000 --- a/src/patches/squid/squid-3.5-14121.patch +++ /dev/null @@ -1,36 +0,0 @@ ------------------------------------------------------------- -revno: 14121 -revision-id: squid3@treenet.co.nz-20161209043304-krtzvsm4a0zbzgi8 -parent: squid3@treenet.co.nz-20161209034636-wytrnx7ks2jv0sxt -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4406 -author: Michael Buchau mike@m-buchau.de -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Fri 2016-12-09 17:33:04 +1300 -message: - Bug 4406: SIGSEV in TunnelStateData::handleConnectResponse() during reconfigure and restart ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20161209043304-krtzvsm4a0zbzgi8 -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: ce1153061cb79ac9ede6851f438ec830ed7a3e78 -# timestamp: 2016-12-09 04:51:01 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161209034636-\ -# wytrnx7ks2jv0sxt -# -# Begin patch -=== modified file 'src/tunnel.cc' ---- src/tunnel.cc 2016-08-17 13:34:13 +0000 -+++ src/tunnel.cc 2016-12-09 04:33:04 +0000 -@@ -475,7 +475,8 @@ - *status_ptr = rep.sline.status(); - - // we need to relay the 401/407 responses when login=PASS(THRU) -- const char *pwd = server.conn->getPeer()->login; -+ const CachePeer *peer = server.conn->getPeer(); -+ const char *pwd = (peer ? peer->login : NULL); - const bool relay = pwd && (strcmp(pwd, "PASS") == 0 || strcmp(pwd, "PASSTHRU") == 0) && - (*status_ptr == Http::scProxyAuthenticationRequired || - *status_ptr == Http::scUnauthorized); - diff --git a/src/patches/squid/squid-3.5-14122.patch b/src/patches/squid/squid-3.5-14122.patch deleted file mode 100644 index 292306e..0000000 --- a/src/patches/squid/squid-3.5-14122.patch +++ /dev/null @@ -1,34 +0,0 @@ ------------------------------------------------------------- -revno: 14122 -revision-id: squidadm@squid-cache.org-20161209061551-361ava4lrrmbwiy9 -parent: squid3@treenet.co.nz-20161209043304-krtzvsm4a0zbzgi8 -committer: Source Maintenance squidadm@squid-cache.org -branch nick: 3.5 -timestamp: Fri 2016-12-09 06:15:51 +0000 -message: - SourceFormat Enforcement ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squidadm@squid-cache.org-20161209061551-\ -# 361ava4lrrmbwiy9 -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: cb4bfe0e0aaf3e3d107ffb16e2729c6f46d5a822 -# timestamp: 2016-12-09 06:51:04 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20161209043304-\ -# krtzvsm4a0zbzgi8 -# -# Begin patch -=== modified file 'src/servers/HttpServer.cc' ---- src/servers/HttpServer.cc 2016-12-09 01:58:33 +0000 -+++ src/servers/HttpServer.cc 2016-12-09 06:15:51 +0000 -@@ -170,7 +170,7 @@ - bool - Http::Server::writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call) - { -- // Ignore this late control message if we have started sending a -+ // Ignore this late control message if we have started sending a - // reply to the user already (e.g., after an error). - if (context->reply) { - debugs(11, 2, "drop 1xx made late by " << context->reply); -
hooks/post-receive -- IPFire 2.x development tree