This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 53aad60d6f35b622ea571faf3fc1c5d4ee28e1f0 (commit) via d8e31f431168d8eb56fb314a2d0f5e9e7e90fadc (commit) via a59e2e1c65c8061627acfaddf7a44f5f716071e4 (commit) via 616edca2ba4cfe8d8ad6d628d9d2cab4a91cd047 (commit) via d8efad249a19fb3a9a43b087685aabde7b534de9 (commit) from 66cb9ec42bba14237972f3e7e4532eb1d936100d (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 53aad60d6f35b622ea571faf3fc1c5d4ee28e1f0 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Aug 20 23:51:20 2016 +0200
smartmontools: Update to 6.5
For details, see: https://www.smartmontools.org/browser/tags/RELEASE_6_5/smartmontools/NEWS
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d8e31f431168d8eb56fb314a2d0f5e9e7e90fadc Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Aug 20 12:39:17 2016 +0200
libgpg-error: Update to 1.24
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a59e2e1c65c8061627acfaddf7a44f5f716071e4 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Aug 20 12:33:55 2016 +0200
libgcrypt: Update to 1.7.3
Fixes CVE-2016-6313
For details, see: https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html https://bugzilla.redhat.com/show_bug.cgi?id=1366105
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 616edca2ba4cfe8d8ad6d628d9d2cab4a91cd047 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Aug 20 12:20:10 2016 +0200
libassuan: Update to 2.4.3
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d8efad249a19fb3a9a43b087685aabde7b534de9 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Aug 20 00:15:55 2016 +0200
squid: Update to 3.5.20 with latest patches (14067-14075)
For details, see: http://www.squid-cache.org/Versions/v3/3.5/changesets/
Since there were problems with "trailing white spaces" I started a new 'squid_3' branch from scratch, based on current 'next'. I hope this is what is needed and that it helps.
This one was built without errors and is running here without seen problems.
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/libgcrypt | 2 +- config/rootfiles/common/libgpg-error | 2 +- config/rootfiles/packages/libassuan | 2 +- lfs/libassuan | 8 +- lfs/libgcrypt | 6 +- lfs/libgpg-error | 6 +- lfs/smartmontools | 6 +- lfs/squid | 21 +- ...patch => smartmontools-6.5-exit_segfault.patch} | 12 +- ...=> squid-3.5.20-fix-max-file-descriptors.patch} | 4 +- src/patches/squid/squid-3.5-14051.patch | 63 ---- src/patches/squid/squid-3.5-14052.patch | 34 -- src/patches/squid/squid-3.5-14053.patch | 46 --- src/patches/squid/squid-3.5-14054.patch | 37 -- src/patches/squid/squid-3.5-14055.patch | 39 --- src/patches/squid/squid-3.5-14056.patch | 36 -- src/patches/squid/squid-3.5-14067.patch | 381 +++++++++++++++++++++ src/patches/squid/squid-3.5-14068.patch | 35 ++ src/patches/squid/squid-3.5-14069.patch | 30 ++ src/patches/squid/squid-3.5-14070.patch | 44 +++ src/patches/squid/squid-3.5-14071.patch | 70 ++++ src/patches/squid/squid-3.5-14072.patch | 33 ++ src/patches/squid/squid-3.5-14073.patch | 151 ++++++++ src/patches/squid/squid-3.5-14074.patch | 55 +++ src/patches/squid/squid-3.5-14075.patch | 38 ++ 25 files changed, 873 insertions(+), 288 deletions(-) rename src/patches/{smartmontools-5.39-exit_segfault.patch => smartmontools-6.5-exit_segfault.patch} (50%) rename src/patches/{squid-3.5.17-fix-max-file-descriptors.patch => squid-3.5.20-fix-max-file-descriptors.patch} (92%) delete mode 100644 src/patches/squid/squid-3.5-14051.patch delete mode 100644 src/patches/squid/squid-3.5-14052.patch delete mode 100644 src/patches/squid/squid-3.5-14053.patch delete mode 100644 src/patches/squid/squid-3.5-14054.patch delete mode 100644 src/patches/squid/squid-3.5-14055.patch delete mode 100644 src/patches/squid/squid-3.5-14056.patch create mode 100644 src/patches/squid/squid-3.5-14067.patch create mode 100644 src/patches/squid/squid-3.5-14068.patch create mode 100644 src/patches/squid/squid-3.5-14069.patch create mode 100644 src/patches/squid/squid-3.5-14070.patch create mode 100644 src/patches/squid/squid-3.5-14071.patch create mode 100644 src/patches/squid/squid-3.5-14072.patch create mode 100644 src/patches/squid/squid-3.5-14073.patch create mode 100644 src/patches/squid/squid-3.5-14074.patch create mode 100644 src/patches/squid/squid-3.5-14075.patch
Difference in files: diff --git a/config/rootfiles/common/libgcrypt b/config/rootfiles/common/libgcrypt index 578e0b6..4706343 100644 --- a/config/rootfiles/common/libgcrypt +++ b/config/rootfiles/common/libgcrypt @@ -6,7 +6,7 @@ #usr/lib/libgcrypt.la #usr/lib/libgcrypt.so usr/lib/libgcrypt.so.20 -usr/lib/libgcrypt.so.20.0.4 +usr/lib/libgcrypt.so.20.1.3 #usr/share/aclocal/libgcrypt.m4 #usr/share/info/gcrypt.info #usr/share/man/man1/hmac256.1 diff --git a/config/rootfiles/common/libgpg-error b/config/rootfiles/common/libgpg-error index 3e927ed..92ac1f3 100644 --- a/config/rootfiles/common/libgpg-error +++ b/config/rootfiles/common/libgpg-error @@ -4,7 +4,7 @@ usr/bin/gpg-error #usr/lib/libgpg-error.la #usr/lib/libgpg-error.so usr/lib/libgpg-error.so.0 -usr/lib/libgpg-error.so.0.16.0 +usr/lib/libgpg-error.so.0.19.1 #usr/share/aclocal/gpg-error.m4 #usr/share/common-lisp #usr/share/common-lisp/source diff --git a/config/rootfiles/packages/libassuan b/config/rootfiles/packages/libassuan index 9c7aadb..8670ee7 100644 --- a/config/rootfiles/packages/libassuan +++ b/config/rootfiles/packages/libassuan @@ -3,6 +3,6 @@ usr/bin/libassuan-config #usr/lib/libassuan.la usr/lib/libassuan.so usr/lib/libassuan.so.0 -usr/lib/libassuan.so.0.5.0 +usr/lib/libassuan.so.0.7.3 #usr/share/aclocal/libassuan.m4 #usr/share/info/assuan.info diff --git a/lfs/libassuan b/lfs/libassuan index 0137d14..29f799a 100644 --- a/lfs/libassuan +++ b/lfs/libassuan @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2015 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2016 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 2.2.0 +VER = 2.4.3
THISAPP = libassuan-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = libassuan -PAK_VER = 3 +PAK_VER = 4
DEPS = ""
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a104faed3e97b9c302c5d67cc22b1d60 +$(DL_FILE)_MD5 = 8e01a7c72d3e5d154481230668e6eb5a
install : $(TARGET)
diff --git a/lfs/libgcrypt b/lfs/libgcrypt index 98cf787..5a06032 100644 --- a/lfs/libgcrypt +++ b/lfs/libgcrypt @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2015 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2016 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 1.6.4 +VER = 1.7.3
THISAPP = libgcrypt-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 4c13c5fa43147866f993d73ee62af176 +$(DL_FILE)_MD5 = c869e542cc13a1c28d8055487bf7f5c4
install : $(TARGET)
diff --git a/lfs/libgpg-error b/lfs/libgpg-error index ab9499e..84af2aa 100644 --- a/lfs/libgpg-error +++ b/lfs/libgpg-error @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2015 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2016 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 1.20 +VER = 1.24
THISAPP = libgpg-error-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 9997d9203b672402a04760176811589d +$(DL_FILE)_MD5 = feb42198c0aaf3b28eabe8f41a34b983
install : $(TARGET)
diff --git a/lfs/smartmontools b/lfs/smartmontools index c3ba635..6c6d7db 100644 --- a/lfs/smartmontools +++ b/lfs/smartmontools @@ -24,7 +24,7 @@
include Config
-VER = 6.3 +VER = 6.5
THISAPP = smartmontools-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 2ea0c62206e110192a97b59291b17f54 +$(DL_FILE)_MD5 = 093aeec3f8f39fa9a37593c4012d3156
install : $(TARGET)
@@ -70,7 +70,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/smartmontools-5.39-exit_segfault.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/smartmontools-6.5-exit_segfault.patch cd $(DIR_APP) && autoreconf cd $(DIR_APP) && ./configure --prefix=/usr cd $(DIR_APP) && make BUILD_INFO='"($(NAME) $(VERSION))"' $(MAKETUNING) diff --git a/lfs/squid b/lfs/squid index edaf943..2d9c596 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,7 +24,7 @@
include Config
-VER = 3.5.19 +VER = 3.5.20
THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a1d990284c429a63ee85d80ee5b3b8b9 +$(DL_FILE)_MD5 = 48fb18679a30606de98882528beab3a7
install : $(TARGET)
@@ -70,13 +70,16 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14051.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14052.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14053.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14054.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14055.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14056.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.17-fix-max-file-descriptors.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14067.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14068.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14069.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14070.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14071.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14072.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14073.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14074.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14075.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.20-fix-max-file-descriptors.patch
cd $(DIR_APP) && autoreconf -vfi cd $(DIR_APP)/libltdl && autoreconf -vfi diff --git a/src/patches/smartmontools-5.39-exit_segfault.patch b/src/patches/smartmontools-5.39-exit_segfault.patch deleted file mode 100644 index 5ed4b10..0000000 --- a/src/patches/smartmontools-5.39-exit_segfault.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -Naur smartmontools-5.39-svn_r2877/utility.h smartmontools-5.39-svn_r2877.new/utility.h ---- smartmontools-5.39-svn_r2877/utility.h 2009-08-24 12:48:50.000000000 +0200 -+++ smartmontools-5.39-svn_r2877.new/utility.h 2009-08-29 09:11:07.000000000 +0200 -@@ -102,7 +102,11 @@ - - // Replacement for exit(status) - // (exit is not compatible with C++ destructors) --#define EXIT(status) { throw (int)(status); } -+ -+//This doesn't work on IPFire. -+//#define EXIT(status) { throw (int)(status); } -+//tried to use exit and found no problems yet -+#define EXIT(status) { exit ((int)(status)); } - - - #ifdef OLD_INTERFACE diff --git a/src/patches/smartmontools-6.5-exit_segfault.patch b/src/patches/smartmontools-6.5-exit_segfault.patch new file mode 100644 index 0000000..6c5df8a --- /dev/null +++ b/src/patches/smartmontools-6.5-exit_segfault.patch @@ -0,0 +1,16 @@ +--- a/utility.h Sun Apr 24 16:59:15 2016 ++++ b/utility.h Sat Aug 20 22:40:33 2016 +@@ -97,7 +97,11 @@ + + // Replacement for exit(status) + // (exit is not compatible with C++ destructors) +-#define EXIT(status) { throw (int)(status); } ++ ++//This doesn't work on IPFire. ++//#define EXIT(status) { throw (int)(status); } ++//tried to use exit and found no problems yet ++#define EXIT(status) { exit ((int)(status)); } + + // Compile time check of byte ordering + // (inline const function allows compiler to remove dead code) + diff --git a/src/patches/squid-3.5.17-fix-max-file-descriptors.patch b/src/patches/squid-3.5.17-fix-max-file-descriptors.patch deleted file mode 100644 index b0efa76..0000000 --- a/src/patches/squid-3.5.17-fix-max-file-descriptors.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- configure.ac.~ Wed Apr 20 14:26:07 2016 -+++ configure.ac Fri Apr 22 17:20:46 2016 -@@ -3131,6 +3131,9 @@ - ;; - esac - -+SQUID_CHECK_DEFAULT_FD_SETSIZE -+SQUID_CHECK_MAXFD -+ - dnl --with-maxfd present for compatibility with Squid-2. - dnl undocumented in ./configure --help to encourage using the Squid-3 directive - AC_ARG_WITH(maxfd,, -@@ -3161,8 +3164,6 @@ - esac - ]) - --SQUID_CHECK_DEFAULT_FD_SETSIZE --SQUID_CHECK_MAXFD - if test "x$squid_filedescriptors_num" != "x"; then - AC_MSG_NOTICE([Default number of fieldescriptors: $squid_filedescriptors_num]) - fi diff --git a/src/patches/squid-3.5.20-fix-max-file-descriptors.patch b/src/patches/squid-3.5.20-fix-max-file-descriptors.patch new file mode 100644 index 0000000..b740b61 --- /dev/null +++ b/src/patches/squid-3.5.20-fix-max-file-descriptors.patch @@ -0,0 +1,21 @@ +--- configure.ac.~ Wed Apr 20 14:26:07 2016 ++++ configure.ac Fri Apr 22 17:20:46 2016 +@@ -3135,6 +3135,9 @@ + ;; + esac + ++SQUID_CHECK_DEFAULT_FD_SETSIZE ++SQUID_CHECK_MAXFD ++ + dnl --with-maxfd present for compatibility with Squid-2. + dnl undocumented in ./configure --help to encourage using the Squid-3 directive + AC_ARG_WITH(maxfd,, +@@ -3165,8 +3168,6 @@ + esac + ]) + +-SQUID_CHECK_DEFAULT_FD_SETSIZE +-SQUID_CHECK_MAXFD + if test "x$squid_filedescriptors_num" != "x"; then + AC_MSG_NOTICE([Default number of fieldescriptors: $squid_filedescriptors_num]) + fi diff --git a/src/patches/squid/squid-3.5-14051.patch b/src/patches/squid/squid-3.5-14051.patch deleted file mode 100644 index 58892dc..0000000 --- a/src/patches/squid/squid-3.5-14051.patch +++ /dev/null @@ -1,63 +0,0 @@ ------------------------------------------------------------- -revno: 14051 -revision-id: squid3@treenet.co.nz-20160517145850-uos9z00nrt7xd9ik -parent: squid3@treenet.co.nz-20160508124125-fytgvn68zppfr8ix -author: Steve Hill steve@opendium.com -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Wed 2016-05-18 02:58:50 +1200 -message: - Support unified EUI format code in external_acl_type - - Squid supports %>eui as a logformat specifier, which produces an EUI-48 - for IPv4 clients and an EUI-64 for IPv6 clients. However, This is not - allowed as a format specifier for the external ACLs, and you have to use - %SRCEUI48 and %SRCEUI64 instead. %SRCEUI48 is only useful for IPv4 - clients and %SRCEUI64 is only useful for IPv6 clients, so supporting - both v4 and v6 is a bit messy. - - Adds the %>eui specifier for external ACLs and behaves in the same way - as the logformat specifier. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20160517145850-uos9z00nrt7xd9ik -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: ad0743717948a65cfd4f306acc2bbaa9343e9a76 -# timestamp: 2016-05-17 15:50:54 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20160508124125-\ -# fytgvn68zppfr8ix -# -# Begin patch -=== modified file 'src/external_acl.cc' ---- src/external_acl.cc 2016-01-01 00:14:27 +0000 -+++ src/external_acl.cc 2016-05-17 14:58:50 +0000 -@@ -356,6 +356,8 @@ - else if (strcmp(token, "%SRCPORT") == 0 || strcmp(token, "%>p") == 0) - format->type = Format::LFT_CLIENT_PORT; - #if USE_SQUID_EUI -+ else if (strcmp(token, "%>eui") == 0) -+ format->type = Format::LFT_CLIENT_EUI; - else if (strcmp(token, "%SRCEUI48") == 0) - format->type = Format::LFT_EXT_ACL_CLIENT_EUI48; - else if (strcmp(token, "%SRCEUI64") == 0) -@@ -944,6 +946,18 @@ - break; - - #if USE_SQUID_EUI -+ case Format::LFT_CLIENT_EUI: -+ // TODO make the ACL checklist have a direct link to any TCP details. -+ if (request->clientConnectionManager.valid() && request->clientConnectionManager->clientConnection != NULL) -+ { -+ if (request->clientConnectionManager->clientConnection->remote.isIPv4()) -+ request->clientConnectionManager->clientConnection->remoteEui48.encode(buf, sizeof(buf)); -+ else -+ request->clientConnectionManager->clientConnection->remoteEui64.encode(buf, sizeof(buf)); -+ str = buf; -+ } -+ break; -+ - case Format::LFT_EXT_ACL_CLIENT_EUI48: - if (request->clientConnectionManager.valid() && request->clientConnectionManager->clientConnection != NULL && - request->clientConnectionManager->clientConnection->remoteEui48.encode(buf, sizeof(buf))) - diff --git a/src/patches/squid/squid-3.5-14052.patch b/src/patches/squid/squid-3.5-14052.patch deleted file mode 100644 index 4fba159..0000000 --- a/src/patches/squid/squid-3.5-14052.patch +++ /dev/null @@ -1,34 +0,0 @@ ------------------------------------------------------------- -revno: 14052 -revision-id: squidadm@squid-cache.org-20160517181416-sfrjdosd9dhx7u8o -parent: squid3@treenet.co.nz-20160517145850-uos9z00nrt7xd9ik -committer: Source Maintenance squidadm@squid-cache.org -branch nick: 3.5 -timestamp: Tue 2016-05-17 18:14:16 +0000 -message: - SourceFormat Enforcement ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squidadm@squid-cache.org-20160517181416-\ -# sfrjdosd9dhx7u8o -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: e30c12805cacdb559925da08cc6a25fe4a39c19b -# timestamp: 2016-05-17 18:51:06 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20160517145850-\ -# uos9z00nrt7xd9ik -# -# Begin patch -=== modified file 'src/external_acl.cc' ---- src/external_acl.cc 2016-05-17 14:58:50 +0000 -+++ src/external_acl.cc 2016-05-17 18:14:16 +0000 -@@ -956,7 +956,7 @@ - request->clientConnectionManager->clientConnection->remoteEui64.encode(buf, sizeof(buf)); - str = buf; - } -- break; -+ break; - - case Format::LFT_EXT_ACL_CLIENT_EUI48: - if (request->clientConnectionManager.valid() && request->clientConnectionManager->clientConnection != NULL && - diff --git a/src/patches/squid/squid-3.5-14053.patch b/src/patches/squid/squid-3.5-14053.patch deleted file mode 100644 index f669449..0000000 --- a/src/patches/squid/squid-3.5-14053.patch +++ /dev/null @@ -1,46 +0,0 @@ ------------------------------------------------------------- -revno: 14053 -revision-id: squid3@treenet.co.nz-20160521130058-zq8zugw0fohwfu3z -parent: squidadm@squid-cache.org-20160517181416-sfrjdosd9dhx7u8o -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sun 2016-05-22 01:00:58 +1200 -message: - Do not override user defined -std option ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20160521130058-zq8zugw0fohwfu3z -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: a75245a622ccfa385ef5e4722f9a9fb438a16135 -# timestamp: 2016-05-21 13:08:06 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squidadm@squid-cache.org-20160517181416-\ -# sfrjdosd9dhx7u8o -# -# Begin patch -=== modified file 'configure.ac' ---- configure.ac 2016-05-08 12:41:25 +0000 -+++ configure.ac 2016-05-21 13:00:58 +0000 -@@ -95,6 +95,9 @@ - # Guess the compiler type (sets squid_cv_compiler) - SQUID_CC_GUESS_VARIANT - -+# If the user did not specify a C++ version. -+user_cxx=`echo "$PRESET_CXXFLAGS" | grep -o -E "-std="` -+if test "x$user_cxx" = "x"; then - # Check for C++11 compiler support - # - # BUG 3613: when clang -std=c++0x is used, it activates a "strict mode" -@@ -103,8 +106,9 @@ - # - # Similar POSIX issues on MinGW 32-bit and Cygwin - # --if ! test "x$squid_host_os" = "xmingw" -o "x$squid_host_os" = "xcygwin" -o "x$squid_cv_compiler" = "xclang"; then -- AX_CXX_COMPILE_STDCXX_11([noext],[optional]) -+ if ! test "x$squid_host_os" = "xmingw" -o "x$squid_host_os" = "xcygwin" -o "x$squid_cv_compiler" = "xclang"; then -+ AX_CXX_COMPILE_STDCXX_11([noext],[optional]) -+ fi - fi - - # test for programs - diff --git a/src/patches/squid/squid-3.5-14054.patch b/src/patches/squid/squid-3.5-14054.patch deleted file mode 100644 index 90b34c1..0000000 --- a/src/patches/squid/squid-3.5-14054.patch +++ /dev/null @@ -1,37 +0,0 @@ ------------------------------------------------------------- -revno: 14054 -revision-id: squid3@treenet.co.nz-20160521130144-6xtcayieij00fm5v -parent: squid3@treenet.co.nz-20160521130058-zq8zugw0fohwfu3z -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sun 2016-05-22 01:01:44 +1200 -message: - Fix OpenSSL detection on FreeBSD ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20160521130144-6xtcayieij00fm5v -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 3d8c0d7a9f1886523ac55d79e4d3e8f0340e2ec9 -# timestamp: 2016-05-21 13:08:08 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20160521130058-\ -# zq8zugw0fohwfu3z -# -# Begin patch -=== modified file 'configure.ac' ---- configure.ac 2016-05-21 13:00:58 +0000 -+++ configure.ac 2016-05-21 13:01:44 +0000 -@@ -1348,10 +1348,10 @@ - - AC_CHECK_LIB(crypto,[CRYPTO_new_ex_data],[LIBOPENSSL_LIBS="-lcrypto $LIBOPENSSL_LIBS"],[ - AC_MSG_ERROR([library 'crypto' is required for OpenSSL]) -- ]) -+ ],$LIBOPENSSL_LIBS) - AC_CHECK_LIB(ssl,[SSL_library_init],[LIBOPENSSL_LIBS="-lssl $LIBOPENSSL_LIBS"],[ - AC_MSG_ERROR([library 'ssl' is required for OpenSSL]) -- ]) -+ ],$LIBOPENSSL_LIBS) - ]) - - # This is a workaround for RedHat 9 brain damage.. - diff --git a/src/patches/squid/squid-3.5-14055.patch b/src/patches/squid/squid-3.5-14055.patch deleted file mode 100644 index ac04bb6..0000000 --- a/src/patches/squid/squid-3.5-14055.patch +++ /dev/null @@ -1,39 +0,0 @@ ------------------------------------------------------------- -revno: 14055 -revision-id: squid3@treenet.co.nz-20160521155202-pp53utwamdhkugvg -parent: squid3@treenet.co.nz-20160521130144-6xtcayieij00fm5v -author: Alex Rousskov rousskov@measurement-factory.com -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sun 2016-05-22 03:52:02 +1200 -message: - Fix icons loading speed. - - Since trunk r14100 (Bug 3875: bad mimeLoadIconFile error handling), each - icon was read from disk and written to Store one character at a time. I - did not measure startup delays in production, but in debugging runs, - fixing this bug sped up icons loading from 1 minute to 4 seconds. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20160521155202-pp53utwamdhkugvg -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 79b78480d81666c15406d23837608ba9a578da4b -# timestamp: 2016-05-21 16:51:00 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20160521130144-\ -# 6xtcayieij00fm5v -# -# Begin patch -=== modified file 'src/mime.cc' ---- src/mime.cc 2016-01-01 00:14:27 +0000 -+++ src/mime.cc 2016-05-21 15:52:02 +0000 -@@ -430,7 +430,7 @@ - /* read the file into the buffer and append it to store */ - int n; - char *buf = (char *)memAllocate(MEM_4K_BUF); -- while ((n = FD_READ_METHOD(fd, buf, sizeof(*buf))) > 0) -+ while ((n = FD_READ_METHOD(fd, buf, 4096)) > 0) - e->append(buf, n); - - file_close(fd); - diff --git a/src/patches/squid/squid-3.5-14056.patch b/src/patches/squid/squid-3.5-14056.patch deleted file mode 100644 index 4ea3808..0000000 --- a/src/patches/squid/squid-3.5-14056.patch +++ /dev/null @@ -1,36 +0,0 @@ ------------------------------------------------------------- -revno: 14056 -revision-id: squid3@treenet.co.nz-20160521172919-du6cbdirqcxdjbtr -parent: squid3@treenet.co.nz-20160521155202-pp53utwamdhkugvg -author: Christos Tsantilas chtsanti@users.sourceforge.net -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sun 2016-05-22 05:29:19 +1200 -message: - Increase debug level in a peek-and-splice related debug message - - It may produced one debugging line for each SSL transaction in some cases ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20160521172919-du6cbdirqcxdjbtr -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 76c2e864289dabb1065c470c954f9fc5ec4c7b4f -# timestamp: 2016-05-21 17:50:54 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20160521155202-\ -# pp53utwamdhkugvg -# -# Begin patch -=== modified file 'src/ssl/PeerConnector.cc' ---- src/ssl/PeerConnector.cc 2016-02-15 11:29:50 +0000 -+++ src/ssl/PeerConnector.cc 2016-05-21 17:29:19 +0000 -@@ -598,7 +598,7 @@ - - case SSL_ERROR_WANT_WRITE: - if ((srvBio->bumpMode() == Ssl::bumpPeek || srvBio->bumpMode() == Ssl::bumpStare) && srvBio->holdWrite()) { -- debugs(81, DBG_IMPORTANT, "hold write on SSL connection on FD " << fd); -+ debugs(81, 3, "hold write on SSL connection on FD " << fd); - checkForPeekAndSplice(); - return; - } - diff --git a/src/patches/squid/squid-3.5-14067.patch b/src/patches/squid/squid-3.5-14067.patch new file mode 100644 index 0000000..8d9cb21 --- /dev/null +++ b/src/patches/squid/squid-3.5-14067.patch @@ -0,0 +1,381 @@ +------------------------------------------------------------ +revno: 14067 +revision-id: squid3@treenet.co.nz-20160723071620-1wzqpbyi1rk5w6vg +parent: squid3@treenet.co.nz-20160701113616-vpjak1pq4uecadd2 +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4534 +committer: Amos Jeffries squid3@treenet.co.nz +branch nick: 3.5 +timestamp: Sat 2016-07-23 19:16:20 +1200 +message: + Bug 4534: assertion failure in xcalloc when using many cache_dir +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20160723071620-1wzqpbyi1rk5w6vg +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: fcd663f0fd4a24d505f81eb94ef95d627a4ca363 +# timestamp: 2016-07-23 07:24:01 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20160701113616-\ +# vpjak1pq4uecadd2 +# +# Begin patch +=== modified file 'src/CacheDigest.cc' +--- src/CacheDigest.cc 2016-01-01 00:14:27 +0000 ++++ src/CacheDigest.cc 2016-07-23 07:16:20 +0000 +@@ -35,12 +35,12 @@ + static uint32_t hashed_keys[4]; + + static void +-cacheDigestInit(CacheDigest * cd, int capacity, int bpe) ++cacheDigestInit(CacheDigest * cd, uint64_t capacity, uint8_t bpe) + { +- const size_t mask_size = cacheDigestCalcMaskSize(capacity, bpe); ++ const uint32_t mask_size = cacheDigestCalcMaskSize(capacity, bpe); + assert(cd); + assert(capacity > 0 && bpe > 0); +- assert(mask_size > 0); ++ assert(mask_size != 0); + cd->capacity = capacity; + cd->bits_per_entry = bpe; + cd->mask_size = mask_size; +@@ -50,7 +50,7 @@ + } + + CacheDigest * +-cacheDigestCreate(int capacity, int bpe) ++cacheDigestCreate(uint64_t capacity, uint8_t bpe) + { + CacheDigest *cd = (CacheDigest *)memAllocate(MEM_CACHE_DIGEST); + assert(SQUID_MD5_DIGEST_LENGTH == 16); /* our hash functions rely on 16 byte keys */ +@@ -97,7 +97,7 @@ + + /* changes mask size, resets bits to 0, preserves "cd" pointer */ + void +-cacheDigestChangeCap(CacheDigest * cd, int new_cap) ++cacheDigestChangeCap(CacheDigest * cd, uint64_t new_cap) + { + assert(cd); + cacheDigestClean(cd); +@@ -278,12 +278,12 @@ + storeAppendPrintf(e, "%s digest: size: %d bytes\n", + label ? label : "", stats.bit_count / 8 + ); +- storeAppendPrintf(e, "\t entries: count: %d capacity: %d util: %d%%\n", ++ storeAppendPrintf(e, "\t entries: count: %" PRIu64 " capacity: %" PRIu64 " util: %d%%\n", + cd->count, + cd->capacity, + xpercentInt(cd->count, cd->capacity) + ); +- storeAppendPrintf(e, "\t deletion attempts: %d\n", ++ storeAppendPrintf(e, "\t deletion attempts: %" PRIu64 "\n", + cd->del_count + ); + storeAppendPrintf(e, "\t bits: per entry: %d on: %d capacity: %d util: %d%%\n", +@@ -297,16 +297,18 @@ + ); + } + +-size_t +-cacheDigestCalcMaskSize(int cap, int bpe) ++uint32_t ++cacheDigestCalcMaskSize(uint64_t cap, uint8_t bpe) + { +- return (size_t) (cap * bpe + 7) / 8; ++ uint64_t bitCount = (cap * bpe) + 7; ++ assert(bitCount < INT_MAX); // dont 31-bit overflow later ++ return static_cast<uint32_t>(bitCount / 8); + } + + static void + cacheDigestHashKey(const CacheDigest * cd, const cache_key * key) + { +- const unsigned int bit_count = cd->mask_size * 8; ++ const uint32_t bit_count = cd->mask_size * 8; + unsigned int tmp_keys[4]; + /* we must memcpy to ensure alignment */ + memcpy(tmp_keys, key, sizeof(tmp_keys)); + +=== modified file 'src/CacheDigest.h' +--- src/CacheDigest.h 2016-01-01 00:14:27 +0000 ++++ src/CacheDigest.h 2016-07-23 07:16:20 +0000 +@@ -22,23 +22,23 @@ + { + public: + /* public, read-only */ +- char *mask; /* bit mask */ +- int mask_size; /* mask size in bytes */ +- int capacity; /* expected maximum for .count, not a hard limit */ +- int bits_per_entry; /* number of bits allocated for each entry from capacity */ +- int count; /* number of digested entries */ +- int del_count; /* number of deletions performed so far */ ++ uint64_t count; /* number of digested entries */ ++ uint64_t del_count; /* number of deletions performed so far */ ++ uint64_t capacity; /* expected maximum for .count, not a hard limit */ ++ char *mask; /* bit mask */ ++ uint32_t mask_size; /* mask size in bytes */ ++ int8_t bits_per_entry; /* number of bits allocated for each entry from capacity */ + }; + +-CacheDigest *cacheDigestCreate(int capacity, int bpe); ++CacheDigest *cacheDigestCreate(uint64_t capacity, uint8_t bpe); + void cacheDigestDestroy(CacheDigest * cd); + CacheDigest *cacheDigestClone(const CacheDigest * cd); + void cacheDigestClear(CacheDigest * cd); +-void cacheDigestChangeCap(CacheDigest * cd, int new_cap); ++void cacheDigestChangeCap(CacheDigest * cd, uint64_t new_cap); + int cacheDigestTest(const CacheDigest * cd, const cache_key * key); + void cacheDigestAdd(CacheDigest * cd, const cache_key * key); + void cacheDigestDel(CacheDigest * cd, const cache_key * key); +-size_t cacheDigestCalcMaskSize(int cap, int bpe); ++uint32_t cacheDigestCalcMaskSize(uint64_t cap, uint8_t bpe); + int cacheDigestBitUtil(const CacheDigest * cd); + void cacheDigestGuessStatsUpdate(CacheDigestGuessStats * stats, int real_hit, int guess_hit); + void cacheDigestGuessStatsReport(const CacheDigestGuessStats * stats, StoreEntry * sentry, const char *label); + +=== modified file 'src/PeerDigest.h' +--- src/PeerDigest.h 2016-01-01 00:14:27 +0000 ++++ src/PeerDigest.h 2016-07-23 07:16:20 +0000 +@@ -52,7 +52,7 @@ + store_client *old_sc; + HttpRequest *request; + int offset; +- int mask_offset; ++ uint32_t mask_offset; + time_t start_time; + time_t resp_time; + time_t expires; + +=== modified file 'src/peer_digest.cc' +--- src/peer_digest.cc 2016-01-01 00:14:27 +0000 ++++ src/peer_digest.cc 2016-07-23 07:16:20 +0000 +@@ -754,7 +754,7 @@ + if (!reason && !size) { + if (!pd->cd) + reason = "null digest?!"; +- else if (fetch->mask_offset != (int)pd->cd->mask_size) ++ else if (fetch->mask_offset != pd->cd->mask_size) + reason = "premature end of digest?!"; + else if (!peerDigestUseful(pd)) + reason = "useless digest"; + +=== modified file 'src/store_digest.cc' +--- src/store_digest.cc 2016-01-01 00:14:27 +0000 ++++ src/store_digest.cc 2016-07-23 07:16:20 +0000 +@@ -76,36 +76,63 @@ + static void storeDigestRewriteFinish(StoreEntry * e); + static EVH storeDigestSwapOutStep; + static void storeDigestCBlockSwapOut(StoreEntry * e); +-static int storeDigestCalcCap(void); +-static int storeDigestResize(void); + static void storeDigestAdd(const StoreEntry *); + ++/// calculates digest capacity ++static uint64_t ++storeDigestCalcCap() ++{ ++ /* ++ * To-Do: Bloom proved that the optimal filter utilization is 50% (half of ++ * the bits are off). However, we do not have a formula to calculate the ++ * number of _entries_ we want to pre-allocate for. ++ */ ++ const uint64_t hi_cap = Store::Root().maxSize() / Config.Store.avgObjectSize; ++ const uint64_t lo_cap = 1 + Store::Root().currentSize() / Config.Store.avgObjectSize; ++ const uint64_t e_count = StoreEntry::inUseCount(); ++ uint64_t cap = e_count ? e_count : hi_cap; ++ debugs(71, 2, "have: " << e_count << ", want " << cap << ++ " entries; limits: [" << lo_cap << ", " << hi_cap << "]"); ++ ++ if (cap < lo_cap) ++ cap = lo_cap; ++ ++ /* do not enforce hi_cap limit, average-based estimation may be wrong ++ *if (cap > hi_cap) ++ * cap = hi_cap; ++ */ ++ ++ // Bug 4534: we still have to set an upper-limit at some reasonable value though. ++ // this matches cacheDigestCalcMaskSize doing (cap*bpe)+7 < INT_MAX ++ const uint64_t absolute_max = (INT_MAX -8) / Config.digest.bits_per_entry; ++ if (cap > absolute_max) { ++ static time_t last_loud = 0; ++ if (last_loud < squid_curtime - 86400) { ++ debugs(71, DBG_IMPORTANT, "WARNING: Cache Digest cannot store " << cap << " entries. Limiting to " << absolute_max); ++ last_loud = squid_curtime; ++ } else { ++ debugs(71, 3, "WARNING: Cache Digest cannot store " << cap << " entries. Limiting to " << absolute_max); ++ } ++ cap = absolute_max; ++ } ++ ++ return cap; ++} + #endif /* USE_CACHE_DIGESTS */ + +-static void +-storeDigestRegisterWithCacheManager(void) ++void ++storeDigestInit(void) + { + Mgr::RegisterAction("store_digest", "Store Digest", storeDigestReport, 0, 1); +-} +- +-/* +- * PUBLIC FUNCTIONS +- */ +- +-void +-storeDigestInit(void) +-{ +- storeDigestRegisterWithCacheManager(); + + #if USE_CACHE_DIGESTS +- const int cap = storeDigestCalcCap(); +- + if (!Config.onoff.digest_generation) { + store_digest = NULL; + debugs(71, 3, "Local cache digest generation disabled"); + return; + } + ++ const uint64_t cap = storeDigestCalcCap(); + store_digest = cacheDigestCreate(cap, Config.digest.bits_per_entry); + debugs(71, DBG_IMPORTANT, "Local cache digest enabled; rebuild/rewrite every " << + (int) Config.digest.rebuild_period << "/" << +@@ -290,6 +317,31 @@ + storeDigestRebuildResume(); + } + ++/// \returns true if we actually resized the digest ++static bool ++storeDigestResize() ++{ ++ const uint64_t cap = storeDigestCalcCap(); ++ assert(store_digest); ++ uint64_t diff; ++ if (cap > store_digest->capacity) ++ diff = cap - store_digest->capacity; ++ else ++ diff = store_digest->capacity - cap; ++ debugs(71, 2, store_digest->capacity << " -> " << cap << "; change: " << ++ diff << " (" << xpercentInt(diff, store_digest->capacity) << "%)" ); ++ /* avoid minor adjustments */ ++ ++ if (diff <= store_digest->capacity / 10) { ++ debugs(71, 2, "small change, will not resize."); ++ return false; ++ } else { ++ debugs(71, 2, "big change, resizing."); ++ cacheDigestChangeCap(store_digest, cap); ++ } ++ return true; ++} ++ + /* called be Rewrite to push Rebuild forward */ + static void + storeDigestRebuildResume(void) +@@ -439,7 +491,7 @@ + assert(e); + /* _add_ check that nothing bad happened while we were waiting @?@ @?@ */ + +- if (sd_state.rewrite_offset + chunk_size > store_digest->mask_size) ++ if (static_cast<uint32_t>(sd_state.rewrite_offset + chunk_size) > store_digest->mask_size) + chunk_size = store_digest->mask_size - sd_state.rewrite_offset; + + e->append(store_digest->mask + sd_state.rewrite_offset, chunk_size); +@@ -451,7 +503,7 @@ + sd_state.rewrite_offset += chunk_size; + + /* are we done ? */ +- if (sd_state.rewrite_offset >= store_digest->mask_size) ++ if (static_cast<uint32_t>(sd_state.rewrite_offset) >= store_digest->mask_size) + storeDigestRewriteFinish(e); + else + eventAdd("storeDigestSwapOutStep", storeDigestSwapOutStep, data, 0.0, 1, false); +@@ -467,60 +519,10 @@ + sd_state.cblock.count = htonl(store_digest->count); + sd_state.cblock.del_count = htonl(store_digest->del_count); + sd_state.cblock.mask_size = htonl(store_digest->mask_size); +- sd_state.cblock.bits_per_entry = (unsigned char) +- Config.digest.bits_per_entry; ++ sd_state.cblock.bits_per_entry = Config.digest.bits_per_entry; + sd_state.cblock.hash_func_count = (unsigned char) CacheDigestHashFuncCount; + e->append((char *) &sd_state.cblock, sizeof(sd_state.cblock)); + } + +-/* calculates digest capacity */ +-static int +-storeDigestCalcCap(void) +-{ +- /* +- * To-Do: Bloom proved that the optimal filter utilization is 50% (half of +- * the bits are off). However, we do not have a formula to calculate the +- * number of _entries_ we want to pre-allocate for. +- */ +- const int hi_cap = Store::Root().maxSize() / Config.Store.avgObjectSize; +- const int lo_cap = 1 + Store::Root().currentSize() / Config.Store.avgObjectSize; +- const int e_count = StoreEntry::inUseCount(); +- int cap = e_count ? e_count :hi_cap; +- debugs(71, 2, "storeDigestCalcCap: have: " << e_count << ", want " << cap << +- " entries; limits: [" << lo_cap << ", " << hi_cap << "]"); +- +- if (cap < lo_cap) +- cap = lo_cap; +- +- /* do not enforce hi_cap limit, average-based estimation may be wrong +- *if (cap > hi_cap) +- * cap = hi_cap; +- */ +- return cap; +-} +- +-/* returns true if we actually resized the digest */ +-static int +-storeDigestResize(void) +-{ +- const int cap = storeDigestCalcCap(); +- int diff; +- assert(store_digest); +- diff = abs(cap - store_digest->capacity); +- debugs(71, 2, "storeDigestResize: " << +- store_digest->capacity << " -> " << cap << "; change: " << +- diff << " (" << xpercentInt(diff, store_digest->capacity) << "%)" ); +- /* avoid minor adjustments */ +- +- if (diff <= store_digest->capacity / 10) { +- debugs(71, 2, "storeDigestResize: small change, will not resize."); +- return 0; +- } else { +- debugs(71, 2, "storeDigestResize: big change, resizing."); +- cacheDigestChangeCap(store_digest, cap); +- return 1; +- } +-} +- + #endif /* USE_CACHE_DIGESTS */ + + +=== modified file 'src/tests/stub_CacheDigest.cc' +--- src/tests/stub_CacheDigest.cc 2016-01-01 00:14:27 +0000 ++++ src/tests/stub_CacheDigest.cc 2016-07-23 07:16:20 +0000 +@@ -16,11 +16,11 @@ + class CacheDigestGuessStats; + class StoreEntry; + +-CacheDigest * cacheDigestCreate(int, int) STUB_RETVAL(NULL) ++CacheDigest * cacheDigestCreate(uint64_t, uint8_t) STUB_RETVAL(NULL) + void cacheDigestDestroy(CacheDigest *) STUB + CacheDigest * cacheDigestClone(const CacheDigest *) STUB_RETVAL(NULL) + void cacheDigestClear(CacheDigest * ) STUB +-void cacheDigestChangeCap(CacheDigest *,int) STUB ++void cacheDigestChangeCap(CacheDigest *,uint64_t) STUB + int cacheDigestTest(const CacheDigest *, const cache_key *) STUB_RETVAL(1) + void cacheDigestAdd(CacheDigest *, const cache_key *) STUB + void cacheDigestDel(CacheDigest *, const cache_key *) STUB +@@ -28,5 +28,4 @@ + void cacheDigestGuessStatsUpdate(CacheDigestGuessStats *, int, int) STUB + void cacheDigestGuessStatsReport(const CacheDigestGuessStats *, StoreEntry *, const char *) STUB + void cacheDigestReport(CacheDigest *, const char *, StoreEntry *) STUB +-size_t cacheDigestCalcMaskSize(int, int) STUB_RETVAL(1) +- ++uint32_t cacheDigestCalcMaskSize(uint64_t, uint8_t) STUB_RETVAL(1) + diff --git a/src/patches/squid/squid-3.5-14068.patch b/src/patches/squid/squid-3.5-14068.patch new file mode 100644 index 0000000..4766e00 --- /dev/null +++ b/src/patches/squid/squid-3.5-14068.patch @@ -0,0 +1,35 @@ +------------------------------------------------------------ +revno: 14068 +revision-id: squid3@treenet.co.nz-20160723071930-cemledcltg8pkc28 +parent: squid3@treenet.co.nz-20160723071620-1wzqpbyi1rk5w6vg +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4542 +author: Anonymous bigparrot@pirateperfection.com +committer: Amos Jeffries squid3@treenet.co.nz +branch nick: 3.5 +timestamp: Sat 2016-07-23 19:19:30 +1200 +message: + Bug #4542: authentication credentials IP TTL updated incorrectly +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20160723071930-cemledcltg8pkc28 +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: ee0c6aab5414532d9554ef338cce049263902fd8 +# timestamp: 2016-07-23 07:24:05 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20160723071620-\ +# 1wzqpbyi1rk5w6vg +# +# Begin patch +=== modified file 'src/auth/User.cc' +--- src/auth/User.cc 2016-01-01 00:14:27 +0000 ++++ src/auth/User.cc 2016-07-23 07:19:30 +0000 +@@ -284,7 +284,7 @@ + /* This ip has already been seen. */ + found = 1; + /* update IP ttl */ +- ipdata->ip_expiretime = squid_curtime; ++ ipdata->ip_expiretime = squid_curtime + ::Config.authenticateIpTTL; + } else if (ipdata->ip_expiretime <= squid_curtime) { + /* This IP has expired - remove from the seen list */ + dlinkDelete(&ipdata->node, &ip_list); + diff --git a/src/patches/squid/squid-3.5-14069.patch b/src/patches/squid/squid-3.5-14069.patch new file mode 100644 index 0000000..15ca37a --- /dev/null +++ b/src/patches/squid/squid-3.5-14069.patch @@ -0,0 +1,30 @@ +------------------------------------------------------------ +revno: 14069 +revision-id: squidadm@squid-cache.org-20160723121351-iuc8hwstrqd0l1dv +parent: squid3@treenet.co.nz-20160723071930-cemledcltg8pkc28 +committer: Source Maintenance squidadm@squid-cache.org +branch nick: 3.5 +timestamp: Sat 2016-07-23 12:13:51 +0000 +message: + SourceFormat Enforcement +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squidadm@squid-cache.org-20160723121351-\ +# iuc8hwstrqd0l1dv +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: c9e37a723686ae2ee489ba7ec2e981ae153bda28 +# timestamp: 2016-07-23 12:50:56 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20160723071930-\ +# cemledcltg8pkc28 +# +# Begin patch +=== modified file 'src/tests/stub_CacheDigest.cc' +--- src/tests/stub_CacheDigest.cc 2016-07-23 07:16:20 +0000 ++++ src/tests/stub_CacheDigest.cc 2016-07-23 12:13:51 +0000 +@@ -29,3 +29,4 @@ + void cacheDigestGuessStatsReport(const CacheDigestGuessStats *, StoreEntry *, const char *) STUB + void cacheDigestReport(CacheDigest *, const char *, StoreEntry *) STUB + uint32_t cacheDigestCalcMaskSize(uint64_t, uint8_t) STUB_RETVAL(1) ++ + diff --git a/src/patches/squid/squid-3.5-14070.patch b/src/patches/squid/squid-3.5-14070.patch new file mode 100644 index 0000000..5fcc39f --- /dev/null +++ b/src/patches/squid/squid-3.5-14070.patch @@ -0,0 +1,44 @@ +------------------------------------------------------------ +revno: 14070 +revision-id: squid3@treenet.co.nz-20160805145933-0cpyy47o8955lamx +parent: squidadm@squid-cache.org-20160723121351-iuc8hwstrqd0l1dv +author: Christos Tsantilas chtsanti@users.sourceforge.net +committer: Amos Jeffries squid3@treenet.co.nz +branch nick: 3.5 +timestamp: Sat 2016-08-06 02:59:33 +1200 +message: + Squid segfault via Ftp::Client::readControlReply(). + + Ftp::Client::scheduleReadControlReply(), which may called from the + asynchronous start() or readControlReply()/handleControlReply() + handlers, does not check whether the control connection is still usable + before using it. + + This is a Measurement Factory project. +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20160805145933-0cpyy47o8955lamx +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: 1c21ce821f9cbc22b3e8ff2b1029f7084b5f0643 +# timestamp: 2016-08-05 15:00:22 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squidadm@squid-cache.org-20160723121351-\ +# iuc8hwstrqd0l1dv +# +# Begin patch +=== modified file 'src/clients/FtpClient.cc' +--- src/clients/FtpClient.cc 2016-02-19 23:15:41 +0000 ++++ src/clients/FtpClient.cc 2016-08-05 14:59:33 +0000 +@@ -314,6 +314,11 @@ + /* We've already read some reply data */ + handleControlReply(); + } else { ++ ++ if (!Comm::IsConnOpen(ctrl.conn)) { ++ debugs(9, 3, "cannot read without ctrl " << ctrl.conn); ++ return; ++ } + /* + * Cancel the timeout on the Data socket (if any) and + * establish one on the control socket. + diff --git a/src/patches/squid/squid-3.5-14071.patch b/src/patches/squid/squid-3.5-14071.patch new file mode 100644 index 0000000..6b353ea --- /dev/null +++ b/src/patches/squid/squid-3.5-14071.patch @@ -0,0 +1,70 @@ +------------------------------------------------------------ +revno: 14071 +revision-id: squid3@treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3 +parent: squid3@treenet.co.nz-20160805145933-0cpyy47o8955lamx +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4428 +committer: Amos Jeffries squid3@treenet.co.nz +branch nick: 3.5 +timestamp: Wed 2016-08-17 14:55:01 +1200 +message: + Bug 4428: mal-formed Cache-Control:stale-if-error header +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3 +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: b3b3ef13c45062a97bd5cc88c934019fe4af7a3c +# timestamp: 2016-08-17 02:55:20 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20160805145933-\ +# 0cpyy47o8955lamx +# +# Begin patch +=== modified file 'src/HttpHdrCc.cc' +--- src/HttpHdrCc.cc 2016-01-01 00:14:27 +0000 ++++ src/HttpHdrCc.cc 2016-08-17 02:55:01 +0000 +@@ -257,6 +257,27 @@ + + /* for all options having values, "=value" after the name */ + switch (flag) { ++ case CC_BADHDR: ++ break; ++ case CC_PUBLIC: ++ break; ++ case CC_PRIVATE: ++ if (Private().size()) ++ packerPrintf(p, "="" SQUIDSTRINGPH """, SQUIDSTRINGPRINT(Private())); ++ break; ++ ++ case CC_NO_CACHE: ++ if (noCache().size()) ++ packerPrintf(p, "="" SQUIDSTRINGPH """, SQUIDSTRINGPRINT(noCache())); ++ break; ++ case CC_NO_STORE: ++ break; ++ case CC_NO_TRANSFORM: ++ break; ++ case CC_MUST_REVALIDATE: ++ break; ++ case CC_PROXY_REVALIDATE: ++ break; + case CC_MAX_AGE: + packerPrintf(p, "=%d", (int) maxAge()); + break; +@@ -272,8 +293,14 @@ + case CC_MIN_FRESH: + packerPrintf(p, "=%d", (int) minFresh()); + break; +- default: +- /* do nothing, directive was already printed */ ++ case CC_ONLY_IF_CACHED: ++ break; ++ case CC_STALE_IF_ERROR: ++ packerPrintf(p, "=%d", staleIfError()); ++ break; ++ case CC_OTHER: ++ case CC_ENUM_END: ++ // done below after the loop + break; + } + + diff --git a/src/patches/squid/squid-3.5-14072.patch b/src/patches/squid/squid-3.5-14072.patch new file mode 100644 index 0000000..228e773 --- /dev/null +++ b/src/patches/squid/squid-3.5-14072.patch @@ -0,0 +1,33 @@ +------------------------------------------------------------ +revno: 14072 +revision-id: squid3@treenet.co.nz-20160817025828-s4102klt2ei25tsm +parent: squid3@treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3 +committer: Amos Jeffries squid3@treenet.co.nz +branch nick: 3.5 +timestamp: Wed 2016-08-17 14:58:28 +1200 +message: + Fix SSL-Bump failure results in SEGFAULT +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20160817025828-s4102klt2ei25tsm +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: 73877d276fba41282aeb5973207d02851d5eb784 +# timestamp: 2016-08-17 03:50:56 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20160817025501-\ +# e66sjxm0bfy3ksn3 +# +# Begin patch +=== modified file 'src/client_side_request.cc' +--- src/client_side_request.cc 2016-05-06 08:24:29 +0000 ++++ src/client_side_request.cc 2016-08-17 02:58:28 +0000 +@@ -1811,7 +1811,7 @@ + repContext->setReplyToStoreEntry(e, "immediate SslBump error"); + errorAppendEntry(e, calloutContext->error); + calloutContext->error = NULL; +- if (calloutContext->readNextRequest) ++ if (calloutContext->readNextRequest && getConn()) + getConn()->flags.readMore = true; // resume any pipeline reads. + node = (clientStreamNode *)client_stream.tail->data; + clientStreamRead(node, this, node->readBuffer); + diff --git a/src/patches/squid/squid-3.5-14073.patch b/src/patches/squid/squid-3.5-14073.patch new file mode 100644 index 0000000..b7915a4 --- /dev/null +++ b/src/patches/squid/squid-3.5-14073.patch @@ -0,0 +1,151 @@ +------------------------------------------------------------ +revno: 14073 +revision-id: squid3@treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj +parent: squid3@treenet.co.nz-20160817025828-s4102klt2ei25tsm +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4563 +committer: Amos Jeffries squid3@treenet.co.nz +branch nick: 3.5 +timestamp: Wed 2016-08-17 17:10:37 +1200 +message: + Bug 4563: duplicate code in httpMakeVaryMark +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: bba9a17715b8759e9d70db2c75f70f3c6152ae8a +# timestamp: 2016-08-17 05:50:53 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20160817025828-\ +# s4102klt2ei25tsm +# +# Begin patch +=== modified file 'src/http.cc' +--- src/http.cc 2016-04-01 06:15:31 +0000 ++++ src/http.cc 2016-08-17 05:10:37 +0000 +@@ -572,6 +572,38 @@ + /* NOTREACHED */ + } + ++/// assemble a variant key (vary-mark) from the given Vary header and HTTP request ++static void ++assembleVaryKey(String &vary, SBuf &vstr, const HttpRequest &request) ++{ ++ static const SBuf asterisk("*"); ++ const char *pos = nullptr; ++ const char *item = nullptr; ++ int ilen = 0; ++ ++ while (strListGetItem(&vary, ',', &item, &ilen, &pos)) { ++ SBuf name(item, ilen); ++ if (name == asterisk) { ++ vstr.clear(); ++ break; ++ } ++ name.toLower(); ++ if (!vstr.isEmpty()) ++ vstr.append(", ", 2); ++ vstr.append(name); ++ String hdr(request.header.getByName(name.c_str())); ++ const char *value = hdr.termedBuf(); ++ if (value) { ++ value = rfc1738_escape_part(value); ++ vstr.append("="", 2); ++ vstr.append(value); ++ vstr.append(""", 1); ++ } ++ ++ hdr.clean(); ++ } ++} ++ + /* + * For Vary, store the relevant request headers as + * virtual headers in the reply +@@ -580,81 +612,16 @@ + SBuf + httpMakeVaryMark(HttpRequest * request, HttpReply const * reply) + { +- String vary, hdr; +- const char *pos = NULL; +- const char *item; +- const char *value; +- int ilen; + SBuf vstr; +- static const SBuf asterisk("*"); ++ String vary; + + vary = reply->header.getList(HDR_VARY); +- +- while (strListGetItem(&vary, ',', &item, &ilen, &pos)) { +- char *name = (char *)xmalloc(ilen + 1); +- xstrncpy(name, item, ilen + 1); +- Tolower(name); +- +- if (strcmp(name, "*") == 0) { +- /* Can not handle "Vary: *" withtout ETag support */ +- safe_free(name); +- vstr.clear(); +- break; +- } +- +- if (!vstr.isEmpty()) +- vstr.append(", ", 2); +- vstr.append(name); +- hdr = request->header.getByName(name); +- safe_free(name); +- value = hdr.termedBuf(); +- +- if (value) { +- value = rfc1738_escape_part(value); +- vstr.append("="", 2); +- vstr.append(value); +- vstr.append(""", 1); +- } +- +- hdr.clean(); +- } +- ++ assembleVaryKey(vary, vstr, *request); ++ ++#if X_ACCELERATOR_VARY + vary.clean(); +-#if X_ACCELERATOR_VARY +- +- pos = NULL; + vary = reply->header.getList(HDR_X_ACCELERATOR_VARY); +- +- while (strListGetItem(&vary, ',', &item, &ilen, &pos)) { +- char *name = (char *)xmalloc(ilen + 1); +- xstrncpy(name, item, ilen + 1); +- Tolower(name); +- +- if (strcmp(name, "*") == 0) { +- /* Can not handle "Vary: *" withtout ETag support */ +- safe_free(name); +- vstr.clear(); +- break; +- } +- +- if (!vstr.isEmpty()) +- vstr.append(", ", 2); +- vstr.append(name); +- hdr = request->header.getByName(name); +- safe_free(name); +- value = hdr.termedBuf(); +- +- if (value) { +- value = rfc1738_escape_part(value); +- vstr.append("="", 2); +- vstr.append(value); +- vstr.append(""", 1); +- } +- +- hdr.clean(); +- } +- +- vary.clean(); ++ assembleVaryKey(vary, vstr, *request); + #endif + + debugs(11, 3, vstr); + diff --git a/src/patches/squid/squid-3.5-14074.patch b/src/patches/squid/squid-3.5-14074.patch new file mode 100644 index 0000000..dbafbf0 --- /dev/null +++ b/src/patches/squid/squid-3.5-14074.patch @@ -0,0 +1,55 @@ +------------------------------------------------------------ +revno: 14074 +revision-id: squid3@treenet.co.nz-20160817054829-rl7q49ysi40sj01i +parent: squid3@treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3025 +author: mkishi mkishi@104.net +committer: Amos Jeffries squid3@treenet.co.nz +branch nick: 3.5 +timestamp: Wed 2016-08-17 17:48:29 +1200 +message: + Bug 3025: Proxy-Authenticate problem using ICAP server +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20160817054829-rl7q49ysi40sj01i +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: f4eb1b35dc72bba74a398070900a0951257e547e +# timestamp: 2016-08-17 05:50:56 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20160817051037-\ +# p0kaj2iw2u4u8iqj +# +# Begin patch +=== modified file 'src/client_side_reply.cc' +--- src/client_side_reply.cc 2016-04-01 06:15:31 +0000 ++++ src/client_side_reply.cc 2016-08-17 05:48:29 +0000 +@@ -1305,8 +1305,14 @@ + + // if there is not configured a peer proxy with login=PASS or login=PASSTHRU option enabled + // remove the Proxy-Authenticate header +- if ( !request->peer_login || (strcmp(request->peer_login,"PASS") != 0 && strcmp(request->peer_login,"PASSTHRU") != 0)) +- reply->header.delById(HDR_PROXY_AUTHENTICATE); ++ if ( !request->peer_login || (strcmp(request->peer_login,"PASS") != 0 && strcmp(request->peer_login,"PASSTHRU") != 0)) { ++#if USE_ADAPTATION ++ // but allow adaptation services to authenticate clients ++ // via request satisfaction ++ if (!http->requestSatisfactionMode()) ++#endif ++ reply->header.delById(HDR_PROXY_AUTHENTICATE); ++ } + + reply->header.removeHopByHopEntries(); + + +=== modified file 'src/client_side_request.h' +--- src/client_side_request.h 2016-01-01 00:14:27 +0000 ++++ src/client_side_request.h 2016-08-17 05:48:29 +0000 +@@ -140,6 +140,7 @@ + + public: + void startAdaptation(const Adaptation::ServiceGroupPointer &g); ++ bool requestSatisfactionMode() const { return request_satisfaction_mode; } + + // private but exposed for ClientRequestContext + void handleAdaptationFailure(int errDetail, bool bypassable = false); + diff --git a/src/patches/squid/squid-3.5-14075.patch b/src/patches/squid/squid-3.5-14075.patch new file mode 100644 index 0000000..8c0b5a3 --- /dev/null +++ b/src/patches/squid/squid-3.5-14075.patch @@ -0,0 +1,38 @@ +------------------------------------------------------------ +revno: 14075 +revision-id: squid3@treenet.co.nz-20160817133413-vdmm0d6kvo8bfszk +parent: squid3@treenet.co.nz-20160817054829-rl7q49ysi40sj01i +committer: Amos Jeffries squid3@treenet.co.nz +branch nick: 3.5 +timestamp: Thu 2016-08-18 01:34:13 +1200 +message: + Fix logic error in rev.13930 + + Using !=0 on both string compares means any login= value will permit + 40x responses through. Only PASS and PASSTHRU should be doing that. + + Detected by Coverity Scan. Issue 1364711 +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20160817133413-vdmm0d6kvo8bfszk +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: 31f0c4e0f435e0aa994ffe8937e4d4c58fed37f5 +# timestamp: 2016-08-17 13:34:59 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20160817054829-\ +# rl7q49ysi40sj01i +# +# Begin patch +=== modified file 'src/tunnel.cc' +--- src/tunnel.cc 2016-01-01 00:14:27 +0000 ++++ src/tunnel.cc 2016-08-17 13:34:13 +0000 +@@ -476,7 +476,7 @@ + + // we need to relay the 401/407 responses when login=PASS(THRU) + const char *pwd = server.conn->getPeer()->login; +- const bool relay = pwd && (strcmp(pwd, "PASS") != 0 || strcmp(pwd, "PASSTHRU") != 0) && ++ const bool relay = pwd && (strcmp(pwd, "PASS") == 0 || strcmp(pwd, "PASSTHRU") == 0) && + (*status_ptr == Http::scProxyAuthenticationRequired || + *status_ptr == Http::scUnauthorized); + +
hooks/post-receive -- IPFire 2.x development tree