include Config
-VER = 3.5.25
+VER = 3.5.26
THISAPP = squid-$(VER)
DL_FILE = $(THISAPP).tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 6b7dd7b42b1adacf08f3155640ea2782
+$(DL_FILE)_MD5 = 510e2c84773879c00d0e7ced997864d9
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14155.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14156.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14157.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14158.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14159.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14160.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14161.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14162.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14163.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14164.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14165.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14166.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14167.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.25-fix-max-file-descriptors.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.26-fix-max-file-descriptors.patch
cd $(DIR_APP) && autoreconf -vfi
cd $(DIR_APP)/libltdl && autoreconf -vfi
+++ /dev/null
-------------------------------------------------------------
-revno: 14155
-revision-id: squid3@treenet.co.nz-20170504061416-ks61dfut8wyml2qu
-parent: squid3@treenet.co.nz-20170402121452-ox6d8ttzlmbov3xm
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4682
-author: Christos Tsantilas <chtsanti@users.sourceforge.net>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Thu 2017-05-04 18:14:16 +1200
-message:
- Bug 4682: Fix ssl_bump "bump" action documentation
-
- Fixes squid documentation to correctly describe the squid behavior when the
- "bump" action is selected on step SslBump1. In this case squid selects
- the client-first bumping mode.
-
- This is a Measurement Factory project
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170504061416-ks61dfut8wyml2qu
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: f3b4861a085e069948da25398782237609037c5f
-# timestamp: 2017-05-04 06:16:54 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170402121452-\
-# ox6d8ttzlmbov3xm
-#
-# Begin patch
-=== modified file 'src/cf.data.pre'
---- src/cf.data.pre 2017-03-31 23:38:31 +0000
-+++ src/cf.data.pre 2017-05-04 06:14:16 +0000
-@@ -2669,8 +2669,11 @@
- This is the default action.
-
- bump
-- Establish a secure connection with the server and, using a
-- mimicked server certificate, with the client.
-+ When used on step SslBump1, establishes a secure connection
-+ with the client first, then connect to the server.
-+ When used on step SslBump2 or SslBump3, establishes a secure
-+ connection with the server and, using a mimicked server
-+ certificate, with the client.
-
- peek
- Receive client (step SslBump1) or server (step SslBump2)
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14156
-revision-id: squid3@treenet.co.nz-20170508110920-73gma737u4x6ce87
-parent: squid3@treenet.co.nz-20170504061416-ks61dfut8wyml2qu
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4695
-author: Lubos Uhliarik <luhliari@redhat.com>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Mon 2017-05-08 23:09:20 +1200
-message:
- Bug 4695: squidpurge: GCC 7 build errors
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170508110920-73gma737u4x6ce87
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: a0f0c573b5be3d81cf0f8e65ae52bf27bd08dba5
-# timestamp: 2017-05-08 11:51:08 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170504061416-\
-# ks61dfut8wyml2qu
-#
-# Begin patch
-=== modified file 'tools/purge/purge.cc'
---- tools/purge/purge.cc 2017-01-01 00:16:45 +0000
-+++ tools/purge/purge.cc 2017-05-08 11:09:20 +0000
-@@ -272,7 +272,7 @@
- snprintf( md5, sizeof(md5), "%-32s", "(no_md5_data_available)" );
- }
-
-- char timeb[64];
-+ char timeb[256];
- if ( meta && (findings = meta->search( STORE_META_STD )) ) {
- StoreMetaStd temp;
- // make data aligned, avoid SIGBUS on RISC machines (ARGH!)
-@@ -283,7 +283,7 @@
- } else if ( meta && (findings = meta->search( STORE_META_STD_LFS )) ) {
- StoreMetaStdLFS temp;
- // make data aligned, avoid SIGBUS on RISC machines (ARGH!)
-- memcpy( &temp, findings->data, sizeof(StoreMetaStd) );
-+ memcpy( &temp, findings->data, sizeof(StoreMetaStdLFS) );
- snprintf( timeb, sizeof(timeb), "%08lx %08lx %08lx %08lx %04x %5hu ",
- (unsigned long)temp.timestamp, (unsigned long)temp.lastref,
- (unsigned long)temp.expires, (unsigned long)temp.lastmod, temp.flags, temp.refcount );
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14157
-revision-id: squid3@treenet.co.nz-20170529042116-kp9naxxmdsqicpjv
-parent: squid3@treenet.co.nz-20170508110920-73gma737u4x6ce87
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4589
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Mon 2017-05-29 16:21:16 +1200
-message:
- Bug 4589: ssl_crtd: returning zero on failure
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170529042116-kp9naxxmdsqicpjv
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: ad29dd184416dc47dee80234c541185cca166bb3
-# timestamp: 2017-05-29 04:39:57 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170508110920-\
-# 73gma737u4x6ce87
-#
-# Begin patch
-=== modified file 'src/ssl/ssl_crtd.cc'
---- src/ssl/ssl_crtd.cc 2017-01-01 00:16:45 +0000
-+++ src/ssl/ssl_crtd.cc 2017-05-29 04:21:16 +0000
-@@ -350,7 +350,7 @@
- }
- } catch (std::runtime_error & error) {
- std::cerr << argv[0] << ": " << error.what() << std::endl;
-- return 0;
-+ return -1;
- }
- return 0;
- }
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14158
-revision-id: squid3@treenet.co.nz-20170529043611-1hyb93ivtu5wrdwg
-parent: squid3@treenet.co.nz-20170529042116-kp9naxxmdsqicpjv
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3102
-author: Martin von Gagern <martin.vgagern@gmx.net>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Mon 2017-05-29 16:36:11 +1200
-message:
- Bug 3102: FTP directory listing drops fist character of file names
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170529043611-1hyb93ivtu5wrdwg
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 60a5f01fc9c9967c55c651c31546cb1067325705
-# timestamp: 2017-05-29 04:39:59 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170529042116-\
-# kp9naxxmdsqicpjv
-#
-# Begin patch
-=== modified file 'src/clients/FtpGateway.cc'
---- src/clients/FtpGateway.cc 2017-02-26 08:50:09 +0000
-+++ src/clients/FtpGateway.cc 2017-05-29 04:36:11 +0000
-@@ -626,10 +626,17 @@
- while (strchr(w_space, *copyFrom))
- ++copyFrom;
- } else {
-- /* XXX assumes a single space between date and filename
-+ /* Handle the following four formats:
-+ * "MMM DD YYYY Name"
-+ * "MMM DD YYYYName"
-+ * "MMM DD YYYY Name"
-+ * "MMM DD YYYY Name"
-+ * Assuming a single space between date and filename
- * suggested by: Nathan.Bailey@cc.monash.edu.au and
- * Mike Battersby <mike@starbug.bofh.asn.au> */
-- copyFrom += strlen(tbuf) + 1;
-+ copyFrom += strlen(tbuf);
-+ if (strchr(w_space, *copyFrom))
-+ ++copyFrom;
- }
-
- p->name = xstrdup(copyFrom);
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14159
-revision-id: squid3@treenet.co.nz-20170529043741-9chwfs5onxuip52x
-parent: squid3@treenet.co.nz-20170529043611-1hyb93ivtu5wrdwg
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3772
-author: Rainer Tammer <rainer.tammer@schulergroup.com>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Mon 2017-05-29 16:37:41 +1200
-message:
- Bug 3772: message from FTP server gets mangled
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170529043741-9chwfs5onxuip52x
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 800db5dab62d996440fd6fccd35e9f1f34f2f0e1
-# timestamp: 2017-05-29 04:40:02 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170529043611-\
-# 1hyb93ivtu5wrdwg
-#
-# Begin patch
-=== modified file 'src/clients/FtpGateway.cc'
---- src/clients/FtpGateway.cc 2017-05-29 04:36:11 +0000
-+++ src/clients/FtpGateway.cc 2017-05-29 04:37:41 +0000
-@@ -1541,7 +1541,7 @@
- /* Reset cwd_message to only include the last message */
- ftpState->cwd_message.reset("");
- for (wordlist *w = ftpState->ctrl.message; w; w = w->next) {
-- ftpState->cwd_message.append(' ');
-+ ftpState->cwd_message.append('\n');
- ftpState->cwd_message.append(w->key);
- }
- ftpState->ctrl.message = NULL;
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14160
-revision-id: squid3@treenet.co.nz-20170529043852-zkf91gxhaqdj0rkn
-parent: squid3@treenet.co.nz-20170529043741-9chwfs5onxuip52x
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Mon 2017-05-29 16:38:52 +1200
-message:
- Add OpenSSL library details to -v output
-
- This is partially to meet the OpenSSL copyright requirement that binaries
- mention when they are using the library, and partially for admin to see
- which library their Squid is using when multiple are present in the system.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170529043852-zkf91gxhaqdj0rkn
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: c401fe3de5518102ac6a3a4dc7b121ac415c05d4
-# timestamp: 2017-05-29 04:40:04 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170529043741-\
-# 9chwfs5onxuip52x
-#
-# Begin patch
-=== modified file 'src/main.cc'
---- src/main.cc 2017-02-26 08:52:45 +0000
-+++ src/main.cc 2017-05-29 04:38:52 +0000
-@@ -563,6 +563,10 @@
- printf("Service Name: " SQUIDSBUFPH "\n", SQUIDSBUFPRINT(service_name));
- if (strlen(SQUID_BUILD_INFO))
- printf("%s\n",SQUID_BUILD_INFO);
-+#if USE_OPENSSL
-+ printf("\nThis binary uses %s. ", SSLeay_version(SSLEAY_VERSION));
-+ printf("For legal restrictions on distribution see https://www.openssl.org/source/license.html\n\n");
-+#endif
- printf( "configure options: %s\n", SQUID_CONFIGURE_OPTIONS);
-
- #if USE_WIN32_SERVICE
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14161
-revision-id: squid3@treenet.co.nz-20170529053359-xtbuev2zwmdfj9mp
-parent: squid3@treenet.co.nz-20170529043852-zkf91gxhaqdj0rkn
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4682
-author: Christos Tsantilas <chtsanti@users.sourceforge.net>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Mon 2017-05-29 17:33:59 +1200
-message:
- Bug 4653: %st lies about tunneled traffic volumes
-
- Squid-5 and squid-4 does not count the "HTTP/1.1 200 Connection Established"
- header size for %<st formatting code.
-
- This is a Measurement Factory project
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170529053359-xtbuev2zwmdfj9mp
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: c340785d0d5042ae0f783d606f0998d605290ac4
-# timestamp: 2017-05-29 05:51:04 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170529043852-\
-# zkf91gxhaqdj0rkn
-#
-# Begin patch
-=== modified file 'src/tunnel.cc'
---- src/tunnel.cc 2017-01-01 00:16:45 +0000
-+++ src/tunnel.cc 2017-05-29 05:33:59 +0000
-@@ -836,7 +836,7 @@
- * Call the tunnelStartShoveling to start the blind pump.
- */
- static void
--tunnelConnectedWriteDone(const Comm::ConnectionPointer &conn, char *buf, size_t size, Comm::Flag flag, int xerrno, void *data)
-+tunnelConnectedWriteDone(const Comm::ConnectionPointer &conn, char *, size_t len, Comm::Flag flag, int, void *data)
- {
- TunnelStateData *tunnelState = (TunnelStateData *)data;
- debugs(26, 3, HERE << conn << ", flag=" << flag);
-@@ -848,6 +848,11 @@
- return;
- }
-
-+ if (ClientHttpRequest *http = tunnelState->http.get()) {
-+ http->out.headers_sz += len;
-+ http->out.size += len;
-+ }
-+
- tunnelStartShoveling(tunnelState);
- }
-
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14162
-revision-id: squid3@treenet.co.nz-20170529055234-790hfbazjwy0fmk4
-parent: squid3@treenet.co.nz-20170529053359-xtbuev2zwmdfj9mp
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4711
-author: Christos Tsantilas <chtsanti@users.sourceforge.net>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Mon 2017-05-29 17:52:34 +1200
-message:
- Bug 4711: SubjectAlternativeNames is missing in some generated certificates
-
- Squid may generate certificates which have a Common Name, but do not have
- a subjectAltName extension. For example when squid generated certificates
- do not mimic an origin certificate or when the certificate adaptation
- algorithm sslproxy_cert_adapt/setCommonName is used.
-
- This is causes problems to some browsers, which validates a certificate using
- the SubjectAlternativeNames but ignore the CommonName field.
-
- This patch fixes squid to always add a SubjectAlternativeNames extension in
- generated certificates which do not mimic an origin certificate.
-
- Squid still will not add a subjectAltName extension when mimicking an origin
- server certificate, even if that origin server certificate does not include
- the subjectAltName extension. Such origin server may have problems when
- talking directly to browsers, and patched Squid is not trying to fix those
- problems.
-
- This is a Measurement Factory project
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170529055234-790hfbazjwy0fmk4
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: e3162152cf590c8126eb3d189ea1ab90ba9a5c37
-# timestamp: 2017-05-29 05:54:13 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170529053359-\
-# xtbuev2zwmdfj9mp
-#
-# Begin patch
-=== modified file 'src/ssl/gadgets.cc'
---- src/ssl/gadgets.cc 2017-01-01 00:16:45 +0000
-+++ src/ssl/gadgets.cc 2017-05-29 05:52:34 +0000
-@@ -339,7 +339,40 @@
- return added;
- }
-
--static bool buildCertificate(Ssl::X509_Pointer & cert, Ssl::CertificateProperties const &properties)
-+/// Adds a new subjectAltName extension contining Subject CN or returns false
-+/// expects the caller to check for the existing subjectAltName extension
-+static bool
-+addAltNameWithSubjectCn(Ssl::X509_Pointer &cert)
-+{
-+ X509_NAME *name = X509_get_subject_name(cert.get());
-+ if (!name)
-+ return false;
-+
-+ const int loc = X509_NAME_get_index_by_NID(name, NID_commonName, -1);
-+ if (loc < 0)
-+ return false;
-+
-+ ASN1_STRING *cn_data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, loc));
-+ if (!cn_data)
-+ return false;
-+
-+ char dnsName[1024]; // DNS names are limited to 256 characters
-+ const int res = snprintf(dnsName, sizeof(dnsName), "DNS:%*s", cn_data->length, cn_data->data);
-+ if (res <= 0 || res >= static_cast<int>(sizeof(dnsName)))
-+ return false;
-+
-+ X509_EXTENSION *ext = X509V3_EXT_conf_nid(NULL, NULL, NID_subject_alt_name, dnsName);
-+ if (!ext)
-+ return false;
-+
-+ const bool result = X509_add_ext(cert.get(), ext, -1);
-+
-+ X509_EXTENSION_free(ext);
-+ return result;
-+}
-+
-+static bool
-+buildCertificate(Ssl::X509_Pointer & cert, Ssl::CertificateProperties const &properties)
- {
- // not an Ssl::X509_NAME_Pointer because X509_REQ_get_subject_name()
- // returns a pointer to the existing subject name. Nothing to clean here.
-@@ -387,6 +420,8 @@
- } else if (!X509_gmtime_adj(X509_get_notAfter(cert.get()), 60*60*24*356*3))
- return false;
-
-+ int addedExtensions = 0;
-+ bool useCommonNameAsAltName = true;
- // mimic the alias and possibly subjectAltName
- if (properties.mimicCert.get()) {
- unsigned char *alStr;
-@@ -396,26 +431,29 @@
- X509_alias_set1(cert.get(), alStr, alLen);
- }
-
-- int addedExtensions = 0;
--
- // Mimic subjectAltName unless we used a configured CN: browsers reject
- // certificates with CN unrelated to subjectAltNames.
- if (!properties.setCommonName) {
-- int pos=X509_get_ext_by_NID (properties.mimicCert.get(), OBJ_sn2nid("subjectAltName"), -1);
-+ int pos = X509_get_ext_by_NID(properties.mimicCert.get(), NID_subject_alt_name, -1);
- X509_EXTENSION *ext=X509_get_ext(properties.mimicCert.get(), pos);
- if (ext) {
- if (X509_add_ext(cert.get(), ext, -1))
- ++addedExtensions;
- }
-+ // We want to mimic the server-sent subjectAltName, not enhance it.
-+ useCommonNameAsAltName = false;
- }
-
- addedExtensions += mimicExtensions(cert, properties.mimicCert);
--
-- // According to RFC 5280, using extensions requires v3 certificate.
-- if (addedExtensions)
-- X509_set_version(cert.get(), 2); // value 2 means v3
- }
-
-+ if (useCommonNameAsAltName && addAltNameWithSubjectCn(cert))
-+ ++addedExtensions;
-+
-+ // According to RFC 5280, using extensions requires v3 certificate.
-+ if (addedExtensions)
-+ X509_set_version(cert.get(), 2); // value 2 means v3
-+
- return true;
- }
-
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14163
-revision-id: squid3@treenet.co.nz-20170529062945-gf7u7dukaumjof74
-parent: squid3@treenet.co.nz-20170529055234-790hfbazjwy0fmk4
-author: Ingo Schwarze, Francesco Chemolli <kinkie@squid-cache.org>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Mon 2017-05-29 18:29:45 +1200
-message:
- Docs: Improve formatting of several manual pages
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170529062945-gf7u7dukaumjof74
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: b417bbc7ffb2351fb670e7baa721b9d9b8315024
-# timestamp: 2017-05-29 06:33:51 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170529055234-\
-# 790hfbazjwy0fmk4
-#
-# Begin patch
-=== modified file 'helpers/basic_auth/LDAP/basic_ldap_auth.8'
---- helpers/basic_auth/LDAP/basic_ldap_auth.8 2017-03-31 23:47:47 +0000
-+++ helpers/basic_auth/LDAP/basic_ldap_auth.8 2017-05-29 06:29:45 +0000
-@@ -5,9 +5,9 @@
- .
- .SH SYNOPSIS
- .if !'po4a'hide' .B basic_ldap_auth
--.if !'po4a'hide' .B \-b\ \"
-+.if !'po4a'hide' .B \-b\ \(dq
- base DN
--.if !'po4a'hide' .B \"\ [\-u
-+.if !'po4a'hide' .B \(dq\ [\-u
- attribute
- .if !'po4a'hide' .B ]\ [
- options
-@@ -20,11 +20,11 @@
- .if !'po4a'hide' .B ]...
- .br
- .if !'po4a'hide' .B basic_ldap_auth
--.if !'po4a'hide' .B \-b\ \"
-+.if !'po4a'hide' .B \-b\ \(dq
- base DN
--.if !'po4a'hide' .B \"\ \-f\ \"
-+.if !'po4a'hide' .B \(dq\ \-f\ \(dq
- LDAP search filter
--.if !'po4a'hide' .B \"\ [
-+.if !'po4a'hide' .B \(dq\ [
- options
- .if !'po4a'hide' .B ]\ [
- LDAP server name
-@@ -74,7 +74,7 @@
- The search filter can contain up to 15 occurrences of
- .B %s
- which will be replaced by the username, as in
--.B "\"uid\=%s\""
-+.B "\(dquid\=%s\(dq"
- for RFC2037 directories. For a detailed description of LDAP search
- filter syntax see RFC2254.
- .br
-
-=== modified file 'helpers/basic_auth/RADIUS/basic_radius_auth.8'
---- helpers/basic_auth/RADIUS/basic_radius_auth.8 2017-01-01 00:16:45 +0000
-+++ helpers/basic_auth/RADIUS/basic_radius_auth.8 2017-05-29 06:29:45 +0000
-@@ -9,9 +9,9 @@
- config file
- .br
- .if !'po4a'hide' .B basic_radius_auth
--.if !'po4a'hide' .B "\-h \""
-+.if !'po4a'hide' .B "\-h \(dq"
- server name
--.if !'po4a'hide' .B "\" [\-p "
-+.if !'po4a'hide' .B "\(dq [\-p "
- port
- .if !'po4a'hide' .B "] [\-i "
- identifier
-
-=== modified file 'helpers/external_acl/file_userip/ext_file_userip_acl.8'
---- helpers/external_acl/file_userip/ext_file_userip_acl.8 2017-01-01 00:16:45 +0000
-+++ helpers/external_acl/file_userip/ext_file_userip_acl.8 2017-05-29 06:29:45 +0000
-@@ -68,7 +68,7 @@
- .B ALL
- and
- .B NONE
--, which mean \"any user on this IP address may authenticate\" or \"no user on this IP address may authenticate\".
-+, which mean \(dqany user on this IP address may authenticate\(dq or \(dqno user on this IP address may authenticate\(dq.
- .
- .SH AUTHOR
- This program was written by
-
-=== modified file 'tools/squidclient/squidclient.1'
---- tools/squidclient/squidclient.1 2017-01-01 00:16:45 +0000
-+++ tools/squidclient/squidclient.1 2017-05-29 06:29:45 +0000
-@@ -86,7 +86,7 @@
- .if !'po4a'hide' .TP
- .if !'po4a'hide' .B "\-H 'string'"
- Extra headers to send. Use
--.B '\\n'
-+.B '\en'
- for new lines.
- .
- .if !'po4a'hide' .TP
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14164
-revision-id: squid3@treenet.co.nz-20170529063645-qmu68scq9go0wbqr
-parent: squid3@treenet.co.nz-20170529062945-gf7u7dukaumjof74
-author: Alex Rousskov <rousskov@measurement-factory.com>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Mon 2017-05-29 18:36:45 +1200
-message:
- Fix xstrndup() documentation, callers. Disclosed implementation bugs.
-
- xstrndup() does not work like strndup(3), and some callers got confused:
-
- 1. When n is the str length or less, standard strndup(str,n) copies all
- n bytes but our xstrndup(str,n) drops the last one. Thus, all callers
- must add one to the desired result length when calling xstrndup().
- Most already do, but it is often hard to see due to low code quality
- (e.g., one must remember that MAX_URL is not the maximum URL length).
-
- 2. xstrndup() also assumes that the source string is 0-terminated. This
- dangerous assumption does not contradict many official strndup(3)
- descriptions, but that lack of contradiction is actually a recently
- fixed POSIX documentation bug (i.e., correct implementations must not
- assume 0-termination): http://austingroupbugs.net/view.php?id=1019
-
- The OutOfBoundsException bug led to truncated exception messages.
-
- The ESI bug led to truncated 'literal strings', but I do not know what
- that means in terms of user impact. That ESI fix is untested.
-
- cachemgr.cc bug was masked by the fact that the buffer ends with \n
- that is unused and stripped by the custom xstrtok() implementation.
-
- TODO. Fix xstrndup() implementation (and rename the function so that
- fixed callers do not misbehave if carelessly ported to older Squids).
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170529063645-qmu68scq9go0wbqr
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 7321050a4405a155a8fe02f7125e446b9516dd51
-# timestamp: 2017-05-29 06:51:18 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170529062945-\
-# gf7u7dukaumjof74
-#
-# Begin patch
-=== modified file 'compat/xstring.h'
---- compat/xstring.h 2017-01-01 00:16:45 +0000
-+++ compat/xstring.h 2017-05-29 06:36:45 +0000
-@@ -41,7 +41,10 @@
- char *xstrncpy(char *dst, const char *src, size_t n);
-
- /**
-- * xstrndup() - same as strndup(3). Used for portability.
-+ * xstrndup() - Somewhat similar(XXX) to strndup(3): Allocates up to n bytes,
-+ * while strndup(3) copies up to n bytes and allocates up to n+1 bytes
-+ * to fit the terminating character. Assumes s is 0-terminated (another XXX).
-+ *
- * Never returns NULL; fatal on error.
- *
- * Sets errno to EINVAL if a NULL pointer or negative
-
-=== modified file 'src/SBufExceptions.cc'
---- src/SBufExceptions.cc 2017-01-01 00:16:45 +0000
-+++ src/SBufExceptions.cc 2017-05-29 06:36:45 +0000
-@@ -25,9 +25,7 @@
- explanatoryText.appendf(" in file %s", aFileName);
- explanatoryText.appendf(" while accessing position %d in a SBuf long %d",
- pos, throwingBuf.length());
-- // we can safely alias c_str as both are local to the object
-- // and will not further manipulated.
-- message = xstrndup(explanatoryText.c_str(),explanatoryText.length());
-+ message = xstrdup(explanatoryText.c_str());
- }
-
- OutOfBoundsException::~OutOfBoundsException() throw()
-
-=== modified file 'src/esi/Expression.cc'
---- src/esi/Expression.cc 2017-01-01 00:16:45 +0000
-+++ src/esi/Expression.cc 2017-05-29 06:36:45 +0000
-@@ -743,7 +743,7 @@
- /* Special case for zero length strings */
-
- if (t - s - 1)
-- rv.value.string = xstrndup(s + 1, t - s - 1);
-+ rv.value.string = xstrndup(s + 1, t - (s + 1) + 1);
- else
- rv.value.string = static_cast<char *>(xcalloc(1,1));
-
-
-=== modified file 'tools/cachemgr.cc'
---- tools/cachemgr.cc 2017-01-01 00:16:45 +0000
-+++ tools/cachemgr.cc 2017-05-29 06:36:45 +0000
-@@ -440,7 +440,7 @@
- return;
- }
-
-- buf_copy = x = xstrndup(buf, bufLen);
-+ buf_copy = x = xstrndup(buf, bufLen+1);
-
- a = xstrtok(&x, '\t');
-
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14165
-revision-id: squid3@treenet.co.nz-20170529071037-o91o8xvaqata5y2b
-parent: squid3@treenet.co.nz-20170529063645-qmu68scq9go0wbqr
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4682
-author: Christos Tsantilas <chtsanti@users.sourceforge.net>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Mon 2017-05-29 19:10:37 +1200
-message:
- Bug 4682: ignoring http_access deny when client-first bumping mode is used
-
- Squid fails to identify HTTP requests which are tunneled inside an already
- established client-first bumped tunnel, and this is results in ignoring
- http_access denied for these requests.
-
- This is a Measurement Factory project
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170529071037-o91o8xvaqata5y2b
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: f77b81826612d7248fb774ef1ea00747cd04d479
-# timestamp: 2017-05-29 07:51:03 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170529063645-\
-# qmu68scq9go0wbqr
-#
-# Begin patch
-=== modified file 'src/client_side_request.cc'
---- src/client_side_request.cc 2017-03-30 13:31:22 +0000
-+++ src/client_side_request.cc 2017-05-29 07:10:37 +0000
-@@ -1424,7 +1424,17 @@
- if (bumpMode != Ssl::bumpEnd) {
- debugs(85, 5, HERE << "SslBump already decided (" << bumpMode <<
- "), " << "ignoring ssl_bump for " << http->getConn());
-- if (!http->getConn()->serverBump())
-+
-+ // We need the following "if" for transparently bumped TLS connection,
-+ // because in this case we are running ssl_bump access list before
-+ // the doCallouts runs. It can be removed after the bug #4340 fixed.
-+ // We do not want to proceed to bumping steps:
-+ // - if the TLS connection with the client is already established
-+ // because we are accepting normal HTTP requests on TLS port,
-+ // or because of the client-first bumping mode
-+ // - When the bumping is already started
-+ if (!http->getConn()->switchedToHttps() &&
-+ !http->getConn()->serverBump())
- http->sslBumpNeed(bumpMode); // for processRequest() to bump if needed and not already bumped
- http->al->ssl.bumpMode = bumpMode; // inherited from bumped connection
- return false;
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14166
-revision-id: squid3@treenet.co.nz-20170529125748-qt7yhdloygl4xosg
-parent: squid3@treenet.co.nz-20170529071037-o91o8xvaqata5y2b
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Tue 2017-05-30 00:57:48 +1200
-message:
- Revert r14161
-
- Wrong patch and commit message.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170529125748-qt7yhdloygl4xosg
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: ddecde537486c58df04564f3818b8ad9929dd186
-# timestamp: 2017-05-29 13:51:06 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170529071037-\
-# o91o8xvaqata5y2b
-#
-# Begin patch
-=== modified file 'src/tunnel.cc'
---- src/tunnel.cc 2017-05-29 05:33:59 +0000
-+++ src/tunnel.cc 2017-05-29 12:57:48 +0000
-@@ -836,7 +836,7 @@
- * Call the tunnelStartShoveling to start the blind pump.
- */
- static void
--tunnelConnectedWriteDone(const Comm::ConnectionPointer &conn, char *, size_t len, Comm::Flag flag, int, void *data)
-+tunnelConnectedWriteDone(const Comm::ConnectionPointer &conn, char *buf, size_t size, Comm::Flag flag, int xerrno, void *data)
- {
- TunnelStateData *tunnelState = (TunnelStateData *)data;
- debugs(26, 3, HERE << conn << ", flag=" << flag);
-@@ -848,11 +848,6 @@
- return;
- }
-
-- if (ClientHttpRequest *http = tunnelState->http.get()) {
-- http->out.headers_sz += len;
-- http->out.size += len;
-- }
--
- tunnelStartShoveling(tunnelState);
- }
-
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14167
-revision-id: squid3@treenet.co.nz-20170529131555-kut221f3geb3aczf
-parent: squid3@treenet.co.nz-20170529125748-qt7yhdloygl4xosg
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4653
-author: Christos Tsantilas <chtsanti@users.sourceforge.net>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Tue 2017-05-30 01:15:55 +1200
-message:
- Bug 4653: %st lies about tunneled traffic volumes
-
- Squid-3.5 counts only the "CONNECT ..." header size for %>st and does not
- count the "HTTP/1.1 200" response header for the %<st.
-
- This is a Measurement Factory project
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170529131555-kut221f3geb3aczf
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: dd5783b425c7c7125303a1bd1a5685bc28011754
-# timestamp: 2017-05-29 13:51:09 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170529125748-\
-# qt7yhdloygl4xosg
-#
-# Begin patch
-=== modified file 'src/client_side.cc'
---- src/client_side.cc 2017-03-31 00:51:52 +0000
-+++ src/client_side.cc 2017-05-29 13:15:55 +0000
-@@ -4391,7 +4391,7 @@
- // in.buf still has the "CONNECT ..." request data, reset it to SSL hello message
- connState->in.buf.append(rbuf.content(), rbuf.contentSize());
- ClientHttpRequest *http = context->http;
-- tunnelStart(http, &http->out.size, &http->al->http.code, http->al);
-+ tunnelStart(http);
- }
- }
- }
-
-=== modified file 'src/client_side_reply.cc'
---- src/client_side_reply.cc 2017-01-01 00:16:45 +0000
-+++ src/client_side_reply.cc 2017-05-29 13:15:55 +0000
-@@ -1179,7 +1179,7 @@
- if (curReply->content_length < 0)
- return 0;
-
-- int64_t expectedLength = curReply->content_length + http->out.headers_sz;
-+ uint64_t expectedLength = curReply->content_length + http->out.headers_sz;
-
- if (http->out.size < expectedLength)
- return 0;
-
-=== modified file 'src/client_side_request.cc'
---- src/client_side_request.cc 2017-05-29 07:10:37 +0000
-+++ src/client_side_request.cc 2017-05-29 13:15:55 +0000
-@@ -1522,7 +1522,7 @@
- }
- #endif
- getConn()->stopReading(); // tunnels read for themselves
-- tunnelStart(this, &out.size, &al->http.code, al);
-+ tunnelStart(this);
- return;
- }
-
-
-=== modified file 'src/client_side_request.h'
---- src/client_side_request.h 2017-01-23 02:05:46 +0000
-+++ src/client_side_request.h 2017-05-29 13:15:55 +0000
-@@ -73,7 +73,7 @@
-
- struct {
- int64_t offset;
-- int64_t size;
-+ uint64_t size;
- size_t headers_sz;
- } out;
-
-@@ -182,7 +182,7 @@
- void clientAccessCheck(ClientHttpRequest *);
-
- /* ones that should be elsewhere */
--void tunnelStart(ClientHttpRequest *, int64_t *, int *, const AccessLogEntry::Pointer &al);
-+void tunnelStart(ClientHttpRequest *);
-
- #if _USE_INLINE_
- #include "client_side_request.cci"
-
-=== modified file 'src/tests/stub_tunnel.cc'
---- src/tests/stub_tunnel.cc 2017-01-01 00:16:45 +0000
-+++ src/tests/stub_tunnel.cc 2017-05-29 13:15:55 +0000
-@@ -14,7 +14,7 @@
- #include "FwdState.h"
- class ClientHttpRequest;
-
--void tunnelStart(ClientHttpRequest *, int64_t *, int *, const AccessLogEntryPointer &al) STUB
-+void tunnelStart(ClientHttpRequest *) STUB
-
- void switchToTunnel(HttpRequest *request, Comm::ConnectionPointer &clientConn, Comm::ConnectionPointer &srvConn) STUB
-
-
-=== modified file 'src/tunnel.cc'
---- src/tunnel.cc 2017-05-29 12:57:48 +0000
-+++ src/tunnel.cc 2017-05-29 13:15:55 +0000
-@@ -139,7 +139,7 @@
- int len;
- char *buf;
- AsyncCall::Pointer writer; ///< pending Comm::Write callback
-- int64_t *size_ptr; /* pointer to size in an ConnStateData for logging */
-+ uint64_t *size_ptr; /* pointer to size in an ConnStateData for logging */
-
- Comm::ConnectionPointer conn; ///< The currently connected connection.
- uint8_t delayedLoops; ///< how many times a read on this connection has been postponed.
-@@ -848,6 +848,11 @@
- return;
- }
-
-+ if (ClientHttpRequest *http = tunnelState->http.get()) {
-+ http->out.headers_sz += size;
-+ http->out.size += size;
-+ }
-+
- tunnelStartShoveling(tunnelState);
- }
-
-@@ -995,7 +1000,7 @@
- }
-
- void
--tunnelStart(ClientHttpRequest * http, int64_t * size_ptr, int *status_ptr, const AccessLogEntryPointer &al)
-+tunnelStart(ClientHttpRequest * http)
- {
- debugs(26, 3, HERE);
- /* Create state structure. */
-@@ -1021,7 +1026,7 @@
- if (ch.fastCheck() == ACCESS_DENIED) {
- debugs(26, 4, HERE << "MISS access forbidden.");
- err = new ErrorState(ERR_FORWARDING_DENIED, Http::scForbidden, request);
-- *status_ptr = Http::scForbidden;
-+ http->al->http.code = Http::scForbidden;
- errorSend(http->getConn()->clientConnection, err);
- return;
- }
-@@ -1037,12 +1042,13 @@
- #endif
- tunnelState->url = xstrdup(url);
- tunnelState->request = request;
-- tunnelState->server.size_ptr = size_ptr;
-- tunnelState->status_ptr = status_ptr;
-+ tunnelState->server.size_ptr = &http->out.size;
-+ tunnelState->client.size_ptr = &http->al->http.clientRequestSz.payloadData;
-+ tunnelState->status_ptr = &http->al->http.code;
- tunnelState->logTag_ptr = &http->logType;
- tunnelState->client.conn = http->getConn()->clientConnection;
- tunnelState->http = http;
-- tunnelState->al = al;
-+ tunnelState->al = http->al ;
- tunnelState->started = squid_curtime;
-
- comm_add_close_handler(tunnelState->client.conn->fd,
-@@ -1053,7 +1059,7 @@
- CommTimeoutCbPtrFun(tunnelTimeout, tunnelState));
- commSetConnTimeout(tunnelState->client.conn, Config.Timeout.lifetime, timeoutCall);
-
-- peerSelect(&(tunnelState->serverDestinations), request, al,
-+ peerSelect(&(tunnelState->serverDestinations), request, tunnelState->al,
- NULL,
- tunnelPeerSelectComplete,
- tunnelState);
-@@ -1226,6 +1232,10 @@
- if (context != NULL && context->http != NULL) {
- tunnelState->logTag_ptr = &context->http->logType;
- tunnelState->server.size_ptr = &context->http->out.size;
-+ if (context->http->al != NULL) {
-+ tunnelState->al = context->http->al;
-+ tunnelState->client.size_ptr = &context->http->al->http.clientRequestSz.payloadData;
-+ }
-
- #if USE_DELAY_POOLS
- /* no point using the delayIsNoDelay stuff since tunnel is nice and simple */
-
projects / people / pmueller / ipfire-2.x.git / commitdiff
