include Config
-VER = 3.5.22
+VER = 3.5.23
THISAPP = squid-$(VER)
DL_FILE = $(THISAPP).tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = afb82d2748c06c95815c171463b4aa14
+$(DL_FILE)_MD5 = 9b68f689e3d9578932b9c6a4041037c2
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14099.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14100.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14101.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14102.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14103.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14104.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14105.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14106.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14107.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14108.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14109.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14110.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14111.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14112.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14113.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14114.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14115.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14116.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14117.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14118.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14119.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14120.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14121.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14122.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14123.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14124.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14125.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14126.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.22-fix-max-file-descriptors.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.23-fix-max-file-descriptors.patch
cd $(DIR_APP) && autoreconf -vfi
cd $(DIR_APP)/libltdl && autoreconf -vfi
+++ /dev/null
-------------------------------------------------------------
-revno: 14099
-revision-id: squid3@treenet.co.nz-20161015042024-jagzafukd2t6gcr0
-parent: squid3@treenet.co.nz-20161009195739-pcju9hl8vqwijt26
-author: Alex Rousskov <rousskov@measurement-factory.com>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sat 2016-10-15 17:20:24 +1300
-message:
- Fix build with eCAP but without ICAP support.
-
- That is, when ./configured with --enable-ecap --disable-icap-client.
-
- AccessLogEntry::icap requires ICAP_CLIENT, not just USE_ADAPTATION.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161015042024-jagzafukd2t6gcr0
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 4cd2e7bf4e2be0acd252963afc107537b17450fc
-# timestamp: 2016-10-15 04:52:07 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161009195739-\
-# pcju9hl8vqwijt26
-#
-# Begin patch
-=== modified file 'src/format/Format.cc'
---- src/format/Format.cc 2016-09-16 11:53:28 +0000
-+++ src/format/Format.cc 2016-10-15 04:20:24 +0000
-@@ -318,7 +318,7 @@
- actualReplyHeader(const AccessLogEntry::Pointer &al)
- {
- const HttpMsg *msg = al->reply;
--#if USE_ADAPTATION
-+#if ICAP_CLIENT
- // al->icap.reqMethod is methodNone in access.log context
- if (!msg && al->icap.reqMethod == Adaptation::methodReqmod)
- msg = al->adapted_request;
-@@ -331,7 +331,7 @@
- static const HttpMsg *
- actualRequestHeader(const AccessLogEntry::Pointer &al)
- {
--#if USE_ADAPTATION
-+#if ICAP_CLIENT
- // al->icap.reqMethod is methodNone in access.log context
- if (al->icap.reqMethod == Adaptation::methodRespmod) {
- // XXX: for now AccessLogEntry lacks virgin response headers
-@@ -819,7 +819,7 @@
- break;
-
- case LFT_REQUEST_ALL_HEADERS:
--#if USE_ADAPTATION
-+#if ICAP_CLIENT
- if (al->icap.reqMethod == Adaptation::methodRespmod) {
- // XXX: since AccessLogEntry::Headers lacks virgin response
- // headers, do nothing for now
-@@ -843,7 +843,7 @@
-
- case LFT_REPLY_ALL_HEADERS:
- out = al->headers.reply;
--#if USE_ADAPTATION
-+#if ICAP_CLIENT
- if (!out && al->icap.reqMethod == Adaptation::methodReqmod)
- out = al->headers.adapted_request;
- #endif
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14100
-revision-id: squid3@treenet.co.nz-20161025081949-3sxzd0n4snmadlke
-parent: squid3@treenet.co.nz-20161015042024-jagzafukd2t6gcr0
-author: Christos Tsantilas <chtsanti@users.sourceforge.net>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Tue 2016-10-25 21:19:49 +1300
-message:
- Fix regression bug introduced by r14089.
-
- Squid crashed because HttpMsg::body_pipe was used without check that it
- was initialized. The message lacks body pipe when it has no body or
- empty body.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161025081949-3sxzd0n4snmadlke
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 50468130801fc3ebf75129c103bcfe4be9b6d4b7
-# timestamp: 2016-10-25 08:28:30 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161015042024-\
-# jagzafukd2t6gcr0
-#
-# Begin patch
-=== modified file 'src/adaptation/icap/ModXact.cc'
---- src/adaptation/icap/ModXact.cc 2016-09-16 18:50:04 +0000
-+++ src/adaptation/icap/ModXact.cc 2016-10-25 08:19:49 +0000
-@@ -1303,7 +1303,8 @@
- virgin_msg = virgin_request_;
- assert(virgin_msg != virgin.cause);
- al.http.clientRequestSz.header = virgin_msg->hdr_sz;
-- al.http.clientRequestSz.payloadData = virgin_msg->body_pipe->producedSize();
-+ if (virgin_msg->body_pipe != NULL)
-+ al.http.clientRequestSz.payloadData = virgin_msg->body_pipe->producedSize();
-
- // leave al.icap.bodyBytesRead negative if no body
- if (replyHttpHeaderSize >= 0 || replyHttpBodySize >= 0) {
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14101
-revision-id: squid3@treenet.co.nz-20161025082349-4gds2nic8qcahkem
-parent: squid3@treenet.co.nz-20161025081949-3sxzd0n4snmadlke
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Tue 2016-10-25 21:23:49 +1300
-message:
- Fix external_acl_type default children documentations
-
- The max children has always been 5, not 20.
-
- Also, make mgr:config report dumper actually hide only the real default
- values. (sync with helper/ChildConfig.cc defaults)
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161025082349-4gds2nic8qcahkem
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 02234eff0589032ea31d911c20f792617eeb18a9
-# timestamp: 2016-10-25 08:28:32 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161025081949-\
-# 3sxzd0n4snmadlke
-#
-# Begin patch
-=== modified file 'src/cf.data.pre'
---- src/cf.data.pre 2016-09-23 15:28:42 +0000
-+++ src/cf.data.pre 2016-10-25 08:23:49 +0000
-@@ -678,7 +678,7 @@
-
- children-max=n
- Maximum number of acl helper processes spawned to service
-- external acl lookups of this type. (default 20)
-+ external acl lookups of this type. (default 5)
-
- children-startup=n
- Minimum number of acl helper processes to spawn during
-
-=== modified file 'src/external_acl.cc'
---- src/external_acl.cc 2016-05-17 18:14:16 +0000
-+++ src/external_acl.cc 2016-10-25 08:23:49 +0000
-@@ -474,13 +474,13 @@
- if (node->children.n_max != DEFAULT_EXTERNAL_ACL_CHILDREN)
- storeAppendPrintf(sentry, " children-max=%d", node->children.n_max);
-
-- if (node->children.n_startup != 1)
-+ if (node->children.n_startup != 0) // sync with helper/ChildConfig.cc default
- storeAppendPrintf(sentry, " children-startup=%d", node->children.n_startup);
-
-- if (node->children.n_idle != (node->children.n_max + node->children.n_startup) )
-+ if (node->children.n_idle != 1) // sync with helper/ChildConfig.cc default
- storeAppendPrintf(sentry, " children-idle=%d", node->children.n_idle);
-
-- if (node->children.concurrency)
-+ if (node->children.concurrency != 0)
- storeAppendPrintf(sentry, " concurrency=%d", node->children.concurrency);
-
- if (node->cache)
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14102
-revision-id: squid3@treenet.co.nz-20161025082530-do632qnr9bwyk5et
-parent: squid3@treenet.co.nz-20161025082349-4gds2nic8qcahkem
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4620
-author: Takahiro Kambe <taca@back-street.net>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Tue 2016-10-25 21:25:30 +1300
-message:
- Bug 4620: NetBSD build error with --enable-ipf-transparent
-
- On NetBSD sys/param.h must be included before netinet/ip_compat.h
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161025082530-do632qnr9bwyk5et
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: eedfc8764a631aa008fd4aba589ca08ee161c3a5
-# timestamp: 2016-10-25 08:28:35 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161025082349-\
-# 4gds2nic8qcahkem
-#
-# Begin patch
-=== modified file 'src/ip/Intercept.cc'
---- src/ip/Intercept.cc 2016-10-09 00:14:14 +0000
-+++ src/ip/Intercept.cc 2016-10-25 08:25:30 +0000
-@@ -25,6 +25,9 @@
- #define IPFILTER_VERSION 5000004
- #endif
-
-+#if HAVE_SYS_PARAM_H
-+#include <sys/param.h>
-+#endif
- #if HAVE_SYS_IOCCOM_H
- #include <sys/ioccom.h>
- #endif
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14103
-revision-id: squid3@treenet.co.nz-20161029232628-1y2u918re62uqs3v
-parent: squid3@treenet.co.nz-20161025082530-do632qnr9bwyk5et
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4627
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sun 2016-10-30 12:26:28 +1300
-message:
- Bug 4627: fix generate-host-certificates and dynamic_cert_mem_cache_size docs
-
- For Squid-3 the fix is just to update the documentation.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161029232628-1y2u918re62uqs3v
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: ea728cefc977ea5489da01b7a742821121c29476
-# timestamp: 2016-10-29 23:51:13 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161025082530-\
-# do632qnr9bwyk5et
-#
-# Begin patch
-=== modified file 'src/cf.data.pre'
---- src/cf.data.pre 2016-10-25 08:23:49 +0000
-+++ src/cf.data.pre 2016-10-29 23:26:28 +0000
-@@ -1787,13 +1787,12 @@
- certificate equals lifetime of the CA certificate. If
- generated certificate is selfsigned lifetime is three
- years.
-- This option is enabled by default when ssl-bump is used.
-- See the ssl-bump option above for more information.
-+ This option is disabled by default. See the ssl-bump
-+ option above for more information.
-
- dynamic_cert_mem_cache_size=SIZE
- Approximate total RAM size spent on cached generated
-- certificates. If set to zero, caching is disabled. The
-- default value is 4MB.
-+ certificates. If set to zero, caching is disabled.
-
- TLS / SSL Options:
-
-@@ -2063,13 +2062,12 @@
- certificate equals lifetime of CA certificate. If
- generated certificate is selfsigned lifetime is three
- years.
-- This option is enabled by default when SslBump is used.
-- See the sslBump option above for more information.
-+ This option is disabled by default. See the ssl-bump
-+ option above for more information.
-
- dynamic_cert_mem_cache_size=SIZE
- Approximate total RAM size spent on cached generated
-- certificates. If set to zero, caching is disabled. The
-- default value is 4MB.
-+ certificates. If set to zero, caching is disabled.
-
- See http_port for a list of available options.
- DOC_END
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14104
-revision-id: squid3@treenet.co.nz-20161030093816-7vwnk5zrrql2p5ks
-parent: squid3@treenet.co.nz-20161029232628-1y2u918re62uqs3v
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sun 2016-10-30 22:38:16 +1300
-message:
- Copyright: add some missing blurbs and contributor details
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161030093816-7vwnk5zrrql2p5ks
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 8d44709a8f9c34926ce569e58aef82603a3d514b
-# timestamp: 2016-10-30 09:40:44 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161029232628-\
-# 1y2u918re62uqs3v
-#
-# Begin patch
-=== modified file 'CONTRIBUTORS'
---- CONTRIBUTORS 2016-01-06 14:27:36 +0000
-+++ CONTRIBUTORS 2016-10-30 09:38:16 +0000
-@@ -211,6 +211,8 @@
- Joe Ramey <ramey@jello.csc.ti.com>
- Joerg Lehrke <jlehrke@noc.de>
- Johnathan Conley <johnathan.conley@gmail.com>
-+ John@MCC.ac.uk
-+ John@Pharmweb.NET
- John Dilley <jad@hpl.hp.com>
- John M Cooper <john.cooper@yourcommunications.co.uk>
- John Saunders <johns@rd.scitec.com.au>
-
-=== modified file 'contrib/url-normalizer.pl'
---- contrib/url-normalizer.pl 1996-12-07 00:54:31 +0000
-+++ contrib/url-normalizer.pl 2016-10-30 09:38:16 +0000
-@@ -1,4 +1,11 @@
- #!/usr/local/bin/perl -Tw
-+#
-+# * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
-+# *
-+# * Squid software is distributed under GPLv2+ license and includes
-+# * contributions from numerous individuals and organizations.
-+# * Please see the COPYING and CONTRIBUTORS files for details.
-+#
-
- # From: Markus Gyger <mgyger@itr.ch>
- #
-
-=== modified file 'contrib/user-agents.pl'
---- contrib/user-agents.pl 1996-12-07 00:28:56 +0000
-+++ contrib/user-agents.pl 2016-10-30 09:38:16 +0000
-@@ -1,5 +1,13 @@
- #!/usr/bin/perl
- #
-+# * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
-+# *
-+# * Squid software is distributed under GPLv2+ license and includes
-+# * contributions from numerous individuals and organizations.
-+# * Please see the COPYING and CONTRIBUTORS files for details.
-+#
-+
-+#
- # John@MCC.ac.uk
- # John@Pharmweb.NET
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14105
-revision-id: squid3@treenet.co.nz-20161030093920-5f7f2px9ea08rxlq
-parent: squid3@treenet.co.nz-20161030093816-7vwnk5zrrql2p5ks
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4567
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sun 2016-10-30 22:39:20 +1300
-message:
- Bug 4567: Strange IPv6 shown in access.log
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161030093920-5f7f2px9ea08rxlq
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 8dbae4e7fc5fb80afc6eee6800743abd1b1eaa47
-# timestamp: 2016-10-30 09:40:47 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161030093816-\
-# 7vwnk5zrrql2p5ks
-#
-# Begin patch
-=== modified file 'src/AccessLogEntry.cc'
---- src/AccessLogEntry.cc 2016-01-01 00:14:27 +0000
-+++ src/AccessLogEntry.cc 2016-10-30 09:39:20 +0000
-@@ -30,14 +30,17 @@
- log_ip = request->indirect_client_addr;
- else
- #endif
-- if (tcpClient != NULL)
-+ if (tcpClient)
- log_ip = tcpClient->remote;
-- else if (cache.caddr.isNoAddr()) { // e.g., ICAP OPTIONS lack client
-- strncpy(buf, "-", bufsz);
-- return;
-- } else
-+ else
- log_ip = cache.caddr;
-
-+ // internally generated requests (and some ICAP) lack client IP
-+ if (log_ip.isNoAddr()) {
-+ strncpy(buf, "-", bufsz);
-+ return;
-+ }
-+
- // Apply so-called 'privacy masking' to IPv4 clients
- // - localhost IP is always shown in full
- // - IPv4 clients masked with client_netmask
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14106
-revision-id: squid3@treenet.co.nz-20161030094025-l4b8fdahoru8h16d
-parent: squid3@treenet.co.nz-20161030093920-5f7f2px9ea08rxlq
-author: Garri Djavadyan <garryd@comnet.uz>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sun 2016-10-30 22:40:25 +1300
-message:
- Fix debug message in ACLChecklist::bannedAction()
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161030094025-l4b8fdahoru8h16d
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 4fd7942b294096f5c27e3d460b6d4c79580443e1
-# timestamp: 2016-10-30 09:40:49 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161030093920-\
-# 5f7f2px9ea08rxlq
-#
-# Begin patch
-=== modified file 'src/acl/Checklist.cc'
---- src/acl/Checklist.cc 2016-01-01 00:14:27 +0000
-+++ src/acl/Checklist.cc 2016-10-30 09:40:25 +0000
-@@ -397,7 +397,7 @@
- ACLChecklist::bannedAction(const allow_t &action) const
- {
- const bool found = std::find(bannedActions_.begin(), bannedActions_.end(), action) != bannedActions_.end();
-- debugs(28, 5, "Action '" << action << "/" << action.kind << (found ? " is " : "is not") << " banned");
-+ debugs(28, 5, "Action '" << action << "/" << action.kind << (found ? "' is " : "' is not") << " banned");
- return found;
- }
-
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14107
-revision-id: squid3@treenet.co.nz-20161030094503-rwdft21ffff44rns
-parent: squid3@treenet.co.nz-20161030094025-l4b8fdahoru8h16d
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sun 2016-10-30 22:45:03 +1300
-message:
- HTTP/1.1: make Vary:* objects cacheable
-
- Under new clauses from RFC 7231 section 7.1.4 and HTTP response
- containing header Vary:* (wifcard variant) can be cached, but
- requires revalidation with server before each use.
-
- Use the new mandatory revalidation flags to allow storing of any
- wildcard Vary:* response.
-
- Note that responses with headers like Vary:A,B,C,* are equivalent
- to Vary:*. The cache key string for these objects is normalized.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161030094503-rwdft21ffff44rns
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 2652a5a689745e31fc450e0dfd1c5c472f6d68d6
-# timestamp: 2016-10-30 09:45:47 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161030094025-\
-# l4b8fdahoru8h16d
-#
-# Begin patch
-=== modified file 'src/http.cc'
---- src/http.cc 2016-10-09 19:47:26 +0000
-+++ src/http.cc 2016-10-30 09:45:03 +0000
-@@ -594,7 +594,7 @@
- while (strListGetItem(&vary, ',', &item, &ilen, &pos)) {
- SBuf name(item, ilen);
- if (name == asterisk) {
-- vstr.clear();
-+ vstr = asterisk;
- break;
- }
- name.toLower();
-@@ -917,6 +917,12 @@
- varyFailure = true;
- } else {
- entry->mem_obj->vary_headers = vary;
-+
-+ // RFC 7231 section 7.1.4
-+ // Vary:* can be cached, but has mandatory revalidation
-+ static const SBuf asterisk("*");
-+ if (vary == asterisk)
-+ EBIT_SET(entry->flags, ENTRY_REVALIDATE_ALWAYS);
- }
- }
-
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14108
-revision-id: squid3@treenet.co.nz-20161101112231-k77st4up2sekl5zx
-parent: squid3@treenet.co.nz-20161030094503-rwdft21ffff44rns
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Wed 2016-11-02 00:22:31 +1300
-message:
- Fix build issue after rev.14105
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161101112231-k77st4up2sekl5zx
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: fea1ede525ccb3ad7bf50e8de8f125a86a8dc016
-# timestamp: 2016-11-01 11:51:06 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161030094503-\
-# rwdft21ffff44rns
-#
-# Begin patch
-=== modified file 'src/AccessLogEntry.cc'
---- src/AccessLogEntry.cc 2016-10-30 09:39:20 +0000
-+++ src/AccessLogEntry.cc 2016-11-01 11:22:31 +0000
-@@ -30,7 +30,7 @@
- log_ip = request->indirect_client_addr;
- else
- #endif
-- if (tcpClient)
-+ if (tcpClient != NULL)
- log_ip = tcpClient->remote;
- else
- log_ip = cache.caddr;
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14109
-revision-id: squid3@treenet.co.nz-20161111060325-yh8chavvnzuvfh3h
-parent: squid3@treenet.co.nz-20161101112231-k77st4up2sekl5zx
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3379
-author: Garri Djavadyan <garryd@comnet.uz>, Amos Jeffries <squid3@treenet.co.nz>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Fri 2016-11-11 19:03:25 +1300
-message:
- Bug 3379: Combination of If-Match and a Cache Hit result in TCP Connection Failure
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161111060325-yh8chavvnzuvfh3h
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 50d66878a765925d9a64569b3c226bebdee1f736
-# timestamp: 2016-11-11 06:10:37 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161101112231-\
-# k77st4up2sekl5zx
-#
-# Begin patch
-=== modified file 'src/client_side_reply.cc'
---- src/client_side_reply.cc 2016-10-09 19:47:26 +0000
-+++ src/client_side_reply.cc 2016-11-11 06:03:25 +0000
-@@ -589,6 +589,7 @@
- debugs(88, 5, "negative-HIT");
- http->logType = LOG_TCP_NEGATIVE_HIT;
- sendMoreData(result);
-+ return;
- } else if (blockedHit()) {
- debugs(88, 5, "send_hit forces a MISS");
- http->logType = LOG_TCP_MISS;
-@@ -641,27 +642,29 @@
- http->logType = LOG_TCP_MISS;
- processMiss();
- }
-+ return;
- } else if (r->conditional()) {
- debugs(88, 5, "conditional HIT");
-- processConditional(result);
-- } else {
-- /*
-- * plain ol' cache hit
-- */
-- debugs(88, 5, "plain old HIT");
-+ if (processConditional(result))
-+ return;
-+ }
-+
-+ /*
-+ * plain ol' cache hit
-+ */
-+ debugs(88, 5, "plain old HIT");
-
- #if USE_DELAY_POOLS
-- if (e->store_status != STORE_OK)
-- http->logType = LOG_TCP_MISS;
-- else
-+ if (e->store_status != STORE_OK)
-+ http->logType = LOG_TCP_MISS;
-+ else
- #endif
-- if (e->mem_status == IN_MEMORY)
-- http->logType = LOG_TCP_MEM_HIT;
-- else if (Config.onoff.offline)
-- http->logType = LOG_TCP_OFFLINE_HIT;
-+ if (e->mem_status == IN_MEMORY)
-+ http->logType = LOG_TCP_MEM_HIT;
-+ else if (Config.onoff.offline)
-+ http->logType = LOG_TCP_OFFLINE_HIT;
-
-- sendMoreData(result);
-- }
-+ sendMoreData(result);
- }
-
- /**
-@@ -755,17 +758,16 @@
- }
-
- /// process conditional request from client
--void
-+bool
- clientReplyContext::processConditional(StoreIOBuffer &result)
- {
- StoreEntry *const e = http->storeEntry();
-
- if (e->getReply()->sline.status() != Http::scOkay) {
-- debugs(88, 4, "clientReplyContext::processConditional: Reply code " <<
-- e->getReply()->sline.status() << " != 200");
-+ debugs(88, 4, "Reply code " << e->getReply()->sline.status() << " != 200");
- http->logType = LOG_TCP_MISS;
- processMiss();
-- return;
-+ return true;
- }
-
- HttpRequest &r = *http->request;
-@@ -773,7 +775,7 @@
- if (r.header.has(HDR_IF_MATCH) && !e->hasIfMatchEtag(r)) {
- // RFC 2616: reply with 412 Precondition Failed if If-Match did not match
- sendPreconditionFailedError();
-- return;
-+ return true;
- }
-
- bool matchedIfNoneMatch = false;
-@@ -786,14 +788,14 @@
- r.header.delById(HDR_IF_MODIFIED_SINCE);
- http->logType = LOG_TCP_MISS;
- sendMoreData(result);
-- return;
-+ return true;
- }
-
- if (!r.flags.ims) {
- // RFC 2616: if If-None-Match matched and there is no IMS,
- // reply with 304 Not Modified or 412 Precondition Failed
- sendNotModifiedOrPreconditionFailedError();
-- return;
-+ return true;
- }
-
- // otherwise check IMS below to decide if we reply with 304 or 412
-@@ -805,19 +807,20 @@
- if (e->modifiedSince(r.ims, r.imslen)) {
- http->logType = LOG_TCP_IMS_HIT;
- sendMoreData(result);
-- return;
-- }
-
-- if (matchedIfNoneMatch) {
-+ } else if (matchedIfNoneMatch) {
- // If-None-Match matched, reply with 304 Not Modified or
- // 412 Precondition Failed
- sendNotModifiedOrPreconditionFailedError();
-- return;
-+
-+ } else {
-+ // otherwise reply with 304 Not Modified
-+ sendNotModified();
- }
--
-- // otherwise reply with 304 Not Modified
-- sendNotModified();
-+ return true;
- }
-+
-+ return false;
- }
-
- /// whether squid.conf send_hit prevents us from serving this hit
-
-=== modified file 'src/client_side_reply.h'
---- src/client_side_reply.h 2016-09-23 15:28:42 +0000
-+++ src/client_side_reply.h 2016-11-11 06:03:25 +0000
-@@ -114,7 +114,7 @@
- bool alwaysAllowResponse(Http::StatusCode sline) const;
- int checkTransferDone();
- void processOnlyIfCachedMiss();
-- void processConditional(StoreIOBuffer &result);
-+ bool processConditional(StoreIOBuffer &result);
- void cacheHit(StoreIOBuffer result);
- void handleIMSReply(StoreIOBuffer result);
- void sendMoreData(StoreIOBuffer result);
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14110
-revision-id: squid3@treenet.co.nz-20161114105124-46hmtnsg8uj4owxz
-parent: squid3@treenet.co.nz-20161111060325-yh8chavvnzuvfh3h
-author: Christos Tsantilas <chtsanti@users.sourceforge.net>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Mon 2016-11-14 23:51:24 +1300
-message:
- Fix ssl::server_name ACL badly broken since inception.
-
- The original server_name code mishandled all SNI checks and some rare
- host checks:
-
- * The SNI-derived value was pointing to an already freed memory storage.
- * Missing host-derived values were not detected (host() is never nil).
- * Mismatches were re-checked with an undocumented "none" value
- instead of being treated as mismatches.
-
- Same for ssl::server_name_regex.
-
- Also set SNI for more server-first and client-first transactions.
-
- This is a Measurement Factory project.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161114105124-46hmtnsg8uj4owxz
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 46aadc410b46d91d597218961dbf1c634fb834fb
-# timestamp: 2016-11-14 10:56:00 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161111060325-\
-# yh8chavvnzuvfh3h
-#
-# Begin patch
-=== modified file 'src/acl/ServerName.cc'
---- src/acl/ServerName.cc 2016-09-08 12:27:06 +0000
-+++ src/acl/ServerName.cc 2016-11-14 10:51:24 +0000
-@@ -90,27 +90,28 @@
- {
- assert(checklist != NULL && checklist->request != NULL);
-
-- if (checklist->conn() && checklist->conn()->serverBump()) {
-- if (X509 *peer_cert = checklist->conn()->serverBump()->serverCert.get()) {
-- if (Ssl::matchX509CommonNames(peer_cert, (void *)data, check_cert_domain<MatchType>))
-- return 1;
-- }
-- }
--
- const char *serverName = NULL;
-- if (checklist->conn() && !checklist->conn()->sslCommonName().isEmpty()) {
-- SBuf scn = checklist->conn()->sslCommonName();
-- serverName = scn.c_str();
-- }
--
-- if (serverName == NULL)
-- serverName = checklist->request->GetHost();
--
-- if (serverName && data->match(serverName)) {
-- return 1;
-- }
--
-- return data->match("none");
-+ SBuf serverNameKeeper; // because c_str() is not constant
-+ if (ConnStateData *conn = checklist->conn()) {
-+ if (conn->serverBump()) {
-+ if (X509 *peer_cert = conn->serverBump()->serverCert.get())
-+ return Ssl::matchX509CommonNames(peer_cert, (void *)data, check_cert_domain<MatchType>);
-+ }
-+
-+ if (conn->sslCommonName().isEmpty()) {
-+ const char *host = checklist->request->GetHost();
-+ if (host && *host) // paranoid first condition: host() is never nil
-+ serverName = host;
-+ } else {
-+ serverNameKeeper = conn->sslCommonName();
-+ serverName = serverNameKeeper.c_str();
-+ }
-+ }
-+
-+ if (!serverName)
-+ serverName = "none";
-+
-+ return data->match(serverName);
- }
-
- ACLServerNameStrategy *
-
-=== modified file 'src/cf.data.pre'
---- src/cf.data.pre 2016-10-29 23:26:28 +0000
-+++ src/cf.data.pre 2016-11-14 10:51:24 +0000
-@@ -1167,6 +1167,9 @@
- # During each Ssl-Bump step, Squid may improve its understanding of a
- # "true server name". Unlike dstdomain, this ACL does not perform
- # DNS lookups.
-+ # The "none" name can be used to match transactions where Squid
-+ # could not compute the server name using any information source
-+ # already available at the ACL evaluation time.
-
- acl aclname ssl::server_name_regex [-i] \.foo\.com ...
- # regex matches server name obtained from various sources [fast]
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14111
-revision-id: squid3@treenet.co.nz-20161114105434-f1uvw2lu8l4lpgay
-parent: squid3@treenet.co.nz-20161114105124-46hmtnsg8uj4owxz
-author: Garri Djavadyan <garryd@comnet.uz>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Mon 2016-11-14 23:54:34 +1300
-message:
- Fix spelling for digest nonce cache maintenance event
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161114105434-f1uvw2lu8l4lpgay
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 8c91678868beb689db5e0e6eaa6911c44f503ac8
-# timestamp: 2016-11-14 10:56:03 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161114105124-\
-# 46hmtnsg8uj4owxz
-#
-# Begin patch
-=== modified file 'src/auth/digest/Config.cc'
---- src/auth/digest/Config.cc 2016-01-01 00:14:27 +0000
-+++ src/auth/digest/Config.cc 2016-11-14 10:54:34 +0000
-@@ -204,7 +204,7 @@
- if (!digest_nonce_cache) {
- digest_nonce_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string);
- assert(digest_nonce_cache);
-- eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->nonceGCInterval, 1);
-+ eventAdd("Digest nonce cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->nonceGCInterval, 1);
- }
- }
-
-@@ -268,7 +268,7 @@
- debugs(29, 3, "Finished cleaning the nonce cache.");
-
- if (static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->active())
-- eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->nonceGCInterval, 1);
-+ eventAdd("Digest nonce cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->nonceGCInterval, 1);
- }
-
- static void
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14112
-revision-id: squid3@treenet.co.nz-20161114124051-s0vzoj5exv5g8w56
-parent: squid3@treenet.co.nz-20161114105434-f1uvw2lu8l4lpgay
-author: Alex Rousskov <rousskov@measurement-factory.com>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Tue 2016-11-15 01:40:51 +1300
-message:
- Honor SBufReservationRequirements::minSize regardless of idealSize.
-
- In a fully specified SBufReservationRequirements, idealSize would
- naturally match or exceed minSize. However, the idealSize default value
- (zero) may not. We should honor minSize regardless of idealSize, just as
- the API documentation promises to do.
-
- No runtime changes expected right now because the only existing user of
- SBufReservationRequirements sets .idealSize to CLIENT_REQ_BUF_SZ (4096)
- and .minSize to 1024.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161114124051-s0vzoj5exv5g8w56
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: fb0969aa035352582364b529a70286cbfd89564a
-# timestamp: 2016-11-14 12:43:10 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161114105434-\
-# f1uvw2lu8l4lpgay
-#
-# Begin patch
-=== modified file 'src/SBuf.cc'
---- src/SBuf.cc 2016-06-18 13:36:07 +0000
-+++ src/SBuf.cc 2016-11-14 12:40:51 +0000
-@@ -178,7 +178,8 @@
- if (!mustRealloc && len_ >= req.maxCapacity)
- return spaceSize(); // but we cannot reallocate
-
-- const size_type newSpace = std::min(req.idealSpace, maxSize - len_);
-+ const size_type desiredSpace = std::max(req.minSpace, req.idealSpace);
-+ const size_type newSpace = std::min(desiredSpace, maxSize - len_);
- reserveCapacity(std::min(len_ + newSpace, req.maxCapacity));
- debugs(24, 7, id << " now: " << off_ << '+' << len_ << '+' << spaceSize() <<
- '=' << store_->capacity);
-
-=== modified file 'src/SBuf.h'
---- src/SBuf.h 2016-06-18 13:36:07 +0000
-+++ src/SBuf.h 2016-11-14 12:40:51 +0000
-@@ -635,9 +635,10 @@
- /*
- * Parameters are listed in the reverse order of importance: Satisfaction of
- * the lower-listed requirements may violate the higher-listed requirements.
-+ * For example, idealSpace has no effect unless it exceeds minSpace.
- */
- size_type idealSpace; ///< if allocating anyway, provide this much space
-- size_type minSpace; ///< allocate if spaceSize() is smaller
-+ size_type minSpace; ///< allocate [at least this much] if spaceSize() is smaller
- size_type maxCapacity; ///< do not allocate more than this
- bool allowShared; ///< whether sharing our storage with others is OK
- };
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14113
-revision-id: squid3@treenet.co.nz-20161115075728-2xj2621oh5bwn8wn
-parent: squid3@treenet.co.nz-20161114124051-s0vzoj5exv5g8w56
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Tue 2016-11-15 20:57:28 +1300
-message:
- TLS: Make key= before cert= an error instead of quietly hiding the issue
-
- This squid.conf setup is fatal in Squid-4. So best to fix these installations.
- Even though Squdi-3 can cope with it.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161115075728-2xj2621oh5bwn8wn
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: a18738f4cbf0c1bd368e61d4b19c5d6f5005b919
-# timestamp: 2016-11-15 07:58:39 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161114124051-\
-# s0vzoj5exv5g8w56
-#
-# Begin patch
-=== modified file 'src/cache_cf.cc'
---- src/cache_cf.cc 2016-09-23 11:11:48 +0000
-+++ src/cache_cf.cc 2016-11-15 07:57:28 +0000
-@@ -2257,6 +2257,9 @@
- safe_free(p->sslcert);
- p->sslcert = xstrdup(token + 8);
- } else if (strncmp(token, "sslkey=", 7) == 0) {
-+ if (!p->sslcert) {
-+ debugs(3, DBG_CRITICAL, "ERROR: " << cfg_directive << ": sslcert= option must be set before sslkey= is used.");
-+ }
- safe_free(p->sslkey);
- p->sslkey = xstrdup(token + 7);
- } else if (strncmp(token, "sslversion=", 11) == 0) {
-@@ -3729,6 +3732,9 @@
- safe_free(s->cert);
- s->cert = xstrdup(token + 5);
- } else if (strncmp(token, "key=", 4) == 0) {
-+ if (!s->cert) {
-+ debugs(3, DBG_CRITICAL, "ERROR: " << cfg_directive << ": cert= option must be set before key= is used.");
-+ }
- safe_free(s->key);
- s->key = xstrdup(token + 4);
- } else if (strncmp(token, "version=", 8) == 0) {
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14114
-revision-id: squid3@treenet.co.nz-20161130154205-c9z1bhqzuh3rafl3
-parent: squid3@treenet.co.nz-20161115075728-2xj2621oh5bwn8wn
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Thu 2016-12-01 04:42:05 +1300
-message:
- Improve debugs warnings when loading signing certs fails
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161130154205-c9z1bhqzuh3rafl3
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: e760bf590489a354e314f19dd158b063d23ef7a7
-# timestamp: 2016-11-30 15:51:47 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161115075728-\
-# 2xj2621oh5bwn8wn
-#
-# Begin patch
-=== modified file 'src/ssl/support.cc'
---- src/ssl/support.cc 2016-10-09 14:30:11 +0000
-+++ src/ssl/support.cc 2016-11-30 15:42:05 +0000
-@@ -2011,10 +2011,17 @@
- pem_password_cb *cb = ::Config.Program.ssl_password ? &ssl_ask_password_cb : NULL;
- pkey.reset(readSslPrivateKey(keyFilename, cb));
- cert.reset(readSslX509CertificatesChain(certFilename, chain.get()));
-- if (!pkey || !cert || !X509_check_private_key(cert.get(), pkey.get())) {
-- pkey.reset(NULL);
-- cert.reset(NULL);
-- }
-+ if (!cert) {
-+ debugs(83, DBG_IMPORTANT, "WARNING: missing cert in '" << certFilename << "'");
-+ } else if (!pkey) {
-+ debugs(83, DBG_IMPORTANT, "WARNING: missing private key in '" << keyFilename << "'");
-+ } else if (!X509_check_private_key(cert.get(), pkey.get())) {
-+ debugs(83, DBG_IMPORTANT, "WARNING: X509_check_private_key() failed to verify signing cert");
-+ } else
-+ return; // everything is okay
-+
-+ pkey.reset(NULL);
-+ cert.reset(NULL);
- }
-
- bool Ssl::generateUntrustedCert(X509_Pointer &untrustedCert, EVP_PKEY_Pointer &untrustedPkey, X509_Pointer const &cert, EVP_PKEY_Pointer const & pkey)
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14115
-revision-id: squid3@treenet.co.nz-20161130215630-c42qucqar9bi9a1k
-parent: squid3@treenet.co.nz-20161130154205-c9z1bhqzuh3rafl3
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4004
-author: Christos Tsantilas <chtsanti@users.sourceforge.net>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Thu 2016-12-01 10:56:30 +1300
-message:
- Bug 4004 partial: Fix segfault via Ftp::Client::readControlReply
-
- Added nil dereference checks for Ftp::Client::ctrl.conn, including:
- - Ftp::Client::handlePasvReply() and handleEpsvReply() that dereference
- ctrl.conn in DBG_IMPORTANT messages.
- - Many functions inside FtpClient.cc and FtpGateway.cc files.
-
- TODO: We need to find a better way to handle nil ctrl.conn. It is only
- a matter of time when we forget to add another dereference check or
- discover a place we missed during this change.
-
- Also disabled forwarding of EPRT and PORT commands to origin servers.
- Squid support for those commands is broken and their forwarding may
- cause segfaults (bug #4004). Active FTP is still supported, of course.
-
- This is a Measurement Factory project
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161130215630-c42qucqar9bi9a1k
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 345883c1b5a5cd221e9d0e68b254df7d955372ad
-# timestamp: 2016-11-30 22:42:02 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161130154205-\
-# c9z1bhqzuh3rafl3
-#
-# Begin patch
-=== modified file 'src/clients/FtpClient.cc'
---- src/clients/FtpClient.cc 2016-08-05 14:59:33 +0000
-+++ src/clients/FtpClient.cc 2016-11-30 21:56:30 +0000
-@@ -442,6 +442,11 @@
- char *buf;
- debugs(9, 3, status());
-
-+ if (!Comm::IsConnOpen(ctrl.conn)) {
-+ debugs(9, 5, "The control connection to the remote end is closed");
-+ return false;
-+ }
-+
- if (code != 227) {
- debugs(9, 2, "PASV not supported by remote end");
- return false;
-@@ -473,6 +478,11 @@
- char *buf;
- debugs(9, 3, status());
-
-+ if (!Comm::IsConnOpen(ctrl.conn)) {
-+ debugs(9, 5, "The control connection to the remote end is closed");
-+ return false;
-+ }
-+
- if (code != 229 && code != 522) {
- if (code == 200) {
- /* handle broken servers (RFC 2428 says OK code for EPSV MUST be 229 not 200) */
-@@ -733,6 +743,11 @@
- void
- Ftp::Client::connectDataChannel()
- {
-+ if (!Comm::IsConnOpen(ctrl.conn)) {
-+ debugs(9, 5, "The control connection to the remote end is closed");
-+ return;
-+ }
-+
- safe_free(ctrl.last_command);
-
- safe_free(ctrl.last_reply);
-
-=== modified file 'src/clients/FtpGateway.cc'
---- src/clients/FtpGateway.cc 2016-01-31 05:39:09 +0000
-+++ src/clients/FtpGateway.cc 2016-11-30 21:56:30 +0000
-@@ -212,7 +212,9 @@
- static FTPSM ftpReadMdtm;
- static FTPSM ftpSendSize;
- static FTPSM ftpReadSize;
-+#if 0
- static FTPSM ftpSendEPRT;
-+#endif
- static FTPSM ftpReadEPRT;
- static FTPSM ftpSendPORT;
- static FTPSM ftpReadPORT;
-@@ -450,6 +452,11 @@
- void
- Ftp::Gateway::listenForDataChannel(const Comm::ConnectionPointer &conn)
- {
-+ if (!Comm::IsConnOpen(ctrl.conn)) {
-+ debugs(9, 5, "The control connection to the remote end is closed");
-+ return;
-+ }
-+
- assert(!Comm::IsConnOpen(data.conn));
-
- typedef CommCbMemFunT<Gateway, CommAcceptCbParams> AcceptDialer;
-@@ -1183,7 +1190,7 @@
-
- checkUrlpath();
- buildTitleUrl();
-- debugs(9, 5, HERE << "FD " << ctrl.conn->fd << " : host=" << request->GetHost() <<
-+ debugs(9, 5, "FD " << (ctrl.conn != NULL ? ctrl.conn->fd : -1) << " : host=" << request->GetHost() <<
- ", path=" << request->urlpath << ", user=" << user << ", passwd=" << password);
- state = BEGIN;
- Ftp::Client::start();
-@@ -1750,7 +1757,9 @@
- if (ftpState->handlePasvReply(srvAddr))
- ftpState->connectDataChannel();
- else {
-- ftpSendEPRT(ftpState);
-+ ftpFail(ftpState);
-+ // Currently disabled, does not work correctly:
-+ // ftpSendEPRT(ftpState);
- return;
- }
- }
-@@ -1790,6 +1799,11 @@
- }
- safe_free(ftpState->data.host);
-
-+ if (!Comm::IsConnOpen(ftpState->ctrl.conn)) {
-+ debugs(9, 5, "The control connection to the remote end is closed");
-+ return;
-+ }
-+
- /*
- * Set up a listen socket on the same local address as the
- * control connection.
-@@ -1875,9 +1889,14 @@
- ftpRestOrList(ftpState);
- }
-
-+#if 0
- static void
- ftpSendEPRT(Ftp::Gateway * ftpState)
- {
-+ /* check the server control channel is still available */
-+ if (!ftpState || !ftpState->haveControlChannel("ftpSendEPRT"))
-+ return;
-+
- if (Config.Ftp.epsv_all && ftpState->flags.epsv_all_sent) {
- debugs(9, DBG_IMPORTANT, "FTP does not allow EPRT method after 'EPSV ALL' has been sent.");
- return;
-@@ -1913,6 +1932,7 @@
- ftpState->writeCommand(cbuf);
- ftpState->state = Ftp::Client::SENT_EPRT;
- }
-+#endif
-
- static void
- ftpReadEPRT(Ftp::Gateway * ftpState)
-@@ -1939,10 +1959,8 @@
- {
- debugs(9, 3, HERE);
-
-- if (EBIT_TEST(entry->flags, ENTRY_ABORTED)) {
-- abortAll("entry aborted when accepting data conn");
-- data.listenConn->close();
-- data.listenConn = NULL;
-+ if (!Comm::IsConnOpen(ctrl.conn)) { /*Close handlers will cleanup*/
-+ debugs(9, 5, "The control connection to the remote end is closed");
- return;
- }
-
-@@ -1955,6 +1973,14 @@
- return;
- }
-
-+ if (EBIT_TEST(entry->flags, ENTRY_ABORTED)) {
-+ abortAll("entry aborted when accepting data conn");
-+ data.listenConn->close();
-+ data.listenConn = NULL;
-+ io.conn->close();
-+ return;
-+ }
-+
- /* data listening conn is no longer even open. abort. */
- if (!Comm::IsConnOpen(data.listenConn)) {
- data.listenConn = NULL; // ensure that it's cleared and not just closed.
-@@ -2705,8 +2731,8 @@
- Ftp::Gateway::completeForwarding()
- {
- if (fwd == NULL || flags.completed_forwarding) {
-- debugs(9, 3, HERE << "completeForwarding avoids " <<
-- "double-complete on FD " << ctrl.conn->fd << ", Data FD " << data.conn->fd <<
-+ debugs(9, 3, "avoid double-complete on FD " <<
-+ (ctrl.conn != NULL ? ctrl.conn->fd : -1) << ", Data FD " << data.conn->fd <<
- ", this " << this << ", fwd " << fwd);
- return;
- }
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14116
-revision-id: squid3@treenet.co.nz-20161130223332-zcaxll4prj3kag1b
-parent: squid3@treenet.co.nz-20161130215630-c42qucqar9bi9a1k
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3533
-author: Garri Djavadyan <garryd@comnet.uz>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Thu 2016-12-01 11:33:32 +1300
-message:
- Bug 3533: Cache still valid after HTTP/1.1 303 See Other
-
- RFC7231 does not mention 303 response as non-cacheable.
- So, assuming that means it *is* cacheable.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161130223332-zcaxll4prj3kag1b
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: c90320c95a4b64c8d18794fbe5df526fe0f9f702
-# timestamp: 2016-11-30 22:42:05 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161130215630-\
-# c42qucqar9bi9a1k
-#
-# Begin patch
-=== modified file 'src/http.cc'
---- src/http.cc 2016-10-30 09:45:03 +0000
-+++ src/http.cc 2016-11-30 22:33:32 +0000
-@@ -203,6 +203,8 @@
-
- case Http::scFound:
-
-+ case Http::scSeeOther:
-+
- case Http::scGone:
-
- case Http::scNotFound:
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14117
-revision-id: squid3@treenet.co.nz-20161130232039-z18ikhhcf3j185my
-parent: squid3@treenet.co.nz-20161130223332-zcaxll4prj3kag1b
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4007
-author: Stephen Baynes <sbaynes@mail.com>, Amos Jeffries <squid3@treenet.co.nz>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Thu 2016-12-01 12:20:39 +1300
-message:
- Bug 4007: Hang on DNS query with dead-end CNAME
-
- DNS lookup recursion no longer occurs. ipcacheParse() return values are no
- longer useful.
-
- Also, cleanup the debugging output.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161130232039-z18ikhhcf3j185my
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 9059c7a07e5366bd2eac606c72f875077766ed34
-# timestamp: 2016-11-30 23:27:11 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161130223332-\
-# zcaxll4prj3kag1b
-#
-# Begin patch
-=== modified file 'src/ipcache.cc'
---- src/ipcache.cc 2016-01-01 00:14:27 +0000
-+++ src/ipcache.cc 2016-11-30 23:20:39 +0000
-@@ -123,7 +123,6 @@
- static FREE ipcacheFreeEntry;
- static IDNSCB ipcacheHandleReply;
- static int ipcacheExpiredEntry(ipcache_entry *);
--static int ipcacheParse(ipcache_entry *, const rfc1035_rr *, int, const char *error);
- static ipcache_entry *ipcache_get(const char *);
- static void ipcacheLockEntry(ipcache_entry *);
- static void ipcacheStatPrint(ipcache_entry *, StoreEntry *);
-@@ -328,8 +327,7 @@
- ipcacheUnlockEntry(i);
- }
-
--/// \ingroup IPCacheAPI
--static int
-+static void
- ipcacheParse(ipcache_entry *i, const rfc1035_rr * answers, int nr, const char *error_message)
- {
- int k;
-@@ -350,25 +348,25 @@
- i->addrs.count = 0;
-
- if (nr < 0) {
-- debugs(14, 3, "ipcacheParse: Lookup failed '" << error_message << "' for '" << (const char *)i->hash.key << "'");
-+ debugs(14, 3, "Lookup failed '" << error_message << "' for '" << (const char *)i->hash.key << "'");
- i->error_message = xstrdup(error_message);
-- return -1;
-+ return;
- }
-
- if (nr == 0) {
-- debugs(14, 3, "ipcacheParse: No DNS records in response to '" << name << "'");
-+ debugs(14, 3, "No DNS records in response to '" << name << "'");
- i->error_message = xstrdup("No DNS records");
-- return -1;
-+ return;
- }
-
-- debugs(14, 3, "ipcacheParse: " << nr << " answers for '" << name << "'");
-+ debugs(14, 3, nr << " answers for '" << name << "'");
- assert(answers);
-
- for (k = 0; k < nr; ++k) {
-
- if (Ip::EnableIpv6 && answers[k].type == RFC1035_TYPE_AAAA) {
- if (answers[k].rdlength != sizeof(struct in6_addr)) {
-- debugs(14, DBG_IMPORTANT, "ipcacheParse: Invalid IPv6 address in response to '" << name << "'");
-+ debugs(14, DBG_IMPORTANT, MYNAME << "Invalid IPv6 address in response to '" << name << "'");
- continue;
- }
- ++na;
-@@ -378,7 +376,7 @@
-
- if (answers[k].type == RFC1035_TYPE_A) {
- if (answers[k].rdlength != sizeof(struct in_addr)) {
-- debugs(14, DBG_IMPORTANT, "ipcacheParse: Invalid IPv4 address in response to '" << name << "'");
-+ debugs(14, DBG_IMPORTANT, MYNAME << "Invalid IPv4 address in response to '" << name << "'");
- continue;
- }
- ++na;
-@@ -394,14 +392,14 @@
- }
-
- // otherwise its an unknown RR. debug at level 9 since we usually want to ignore these and they are common.
-- debugs(14, 9, HERE << "Unknown RR type received: type=" << answers[k].type << " starting at " << &(answers[k]) );
-+ debugs(14, 9, "Unknown RR type received: type=" << answers[k].type << " starting at " << &(answers[k]) );
- }
- if (na == 0) {
-- debugs(14, DBG_IMPORTANT, "ipcacheParse: No Address records in response to '" << name << "'");
-+ debugs(14, DBG_IMPORTANT, MYNAME << "No Address records in response to '" << name << "'");
- i->error_message = xstrdup("No Address records");
- if (cname_found)
- ++IpcacheStats.cname_only;
-- return 0;
-+ return;
- }
-
- i->addrs.in_addrs = static_cast<Ip::Address *>(xcalloc(na, sizeof(Ip::Address)));
-@@ -419,7 +417,7 @@
- memcpy(&temp, answers[k].rdata, sizeof(struct in_addr));
- i->addrs.in_addrs[j] = temp;
-
-- debugs(14, 3, "ipcacheParse: " << name << " #" << j << " " << i->addrs.in_addrs[j]);
-+ debugs(14, 3, name << " #" << j << " " << i->addrs.in_addrs[j]);
- ++j;
-
- } else if (Ip::EnableIpv6 && answers[k].type == RFC1035_TYPE_AAAA) {
-@@ -430,7 +428,7 @@
- memcpy(&temp, answers[k].rdata, sizeof(struct in6_addr));
- i->addrs.in_addrs[j] = temp;
-
-- debugs(14, 3, "ipcacheParse: " << name << " #" << j << " " << i->addrs.in_addrs[j] );
-+ debugs(14, 3, name << " #" << j << " " << i->addrs.in_addrs[j] );
- ++j;
- }
- if (ttl == 0 || (int) answers[k].ttl < ttl)
-@@ -453,8 +451,6 @@
- i->expires = squid_curtime + ttl;
-
- i->flags.negcached = false;
--
-- return i->addrs.count;
- }
-
- /// \ingroup IPCacheInternal
-@@ -467,13 +463,9 @@
- const int age = i->age();
- statCounter.dns.svcTime.count(age);
-
-- int done = ipcacheParse(i, answers, na, error_message);
--
-- /* If we have not produced either IPs or Error immediately, wait for recursion to finish. */
-- if (done != 0 || error_message != NULL) {
-- ipcacheAddEntry(i);
-- ipcacheCallback(i, age);
-- }
-+ ipcacheParse(i, answers, na, error_message);
-+ ipcacheAddEntry(i);
-+ ipcacheCallback(i, age);
- }
-
- /**
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14118
-revision-id: squid3@treenet.co.nz-20161130233304-lk3q0bx8gn5l3l85
-parent: squid3@treenet.co.nz-20161130232039-z18ikhhcf3j185my
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3290
-author: Garri Djavadyan <garryd@comnet.uz>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Thu 2016-12-01 12:33:04 +1300
-message:
- Bug 3290: authenticate_ttl not working for digest authentication
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161130233304-lk3q0bx8gn5l3l85
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 50ff391db1484222ead5fb50b1bca0694c37ed4c
-# timestamp: 2016-11-30 23:34:59 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161130232039-\
-# z18ikhhcf3j185my
-#
-# Begin patch
-=== modified file 'src/auth/digest/Config.cc'
---- src/auth/digest/Config.cc 2016-11-14 10:54:34 +0000
-+++ src/auth/digest/Config.cc 2016-11-30 23:33:04 +0000
-@@ -1058,6 +1058,10 @@
- * the user agent won't change user name without warning.
- */
- authDigestUserLinkNonce(digest_user, nonce);
-+
-+ /* auth_user is now linked, we reset these values
-+ * after external auth occurs anyway */
-+ auth_user->expiretime = current_time.tv_sec;
- } else {
- debugs(29, 9, "Found user '" << username << "' in the user cache as '" << auth_user << "'");
- digest_user = static_cast<Auth::Digest::User *>(auth_user.getRaw());
-
-=== modified file 'src/auth/digest/UserRequest.cc'
---- src/auth/digest/UserRequest.cc 2016-01-01 00:14:27 +0000
-+++ src/auth/digest/UserRequest.cc 2016-11-30 23:33:04 +0000
-@@ -187,12 +187,7 @@
- auth_user->credentials(Auth::Ok);
-
- /* password was checked and did match */
-- debugs(29, 4, HERE << "user '" << auth_user->username() << "' validated OK");
--
-- /* auth_user is now linked, we reset these values
-- * after external auth occurs anyway */
-- auth_user->expiretime = current_time.tv_sec;
-- return;
-+ debugs(29, 4, "user '" << auth_user->username() << "' validated OK");
- }
-
- Auth::Direction
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14119
-revision-id: squid3@treenet.co.nz-20161209015833-xm965d5l6u03qhew
-parent: squid3@treenet.co.nz-20161130233304-lk3q0bx8gn5l3l85
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4174
-author: Christos Tsantilas <chtsanti@users.sourceforge.net>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Fri 2016-12-09 14:58:33 +1300
-message:
- Bug 4174 partial: fix Write.cc:41 "!ccb->active()" assertion.
-
- The following sequence of events triggers this assertion:
- - The server sends an 1xx control message.
- - http.cc schedules ConnStateData::sendControlMsg call.
- - Before sendControlMsg is fired, http.cc detects an error (e.g., I/O
- error or timeout) and starts writing the reply to the user.
- - The ConnStateData::sendControlMsg is fired, starts writing 1xx, and
- hits the "no concurrent writes" assertion.
-
- We could only reproduce this sequence in the lab after changing Squid
- code to trigger a timeout at the right moment, but the sequence looks
- plausible. Other event sequences might result in the same outcome.
-
- To avoid concurrent writes, Squid now drops the control message if
- Http::One::Server detects that a reply is already being written. Also,
- ConnStateData delays reply writing until a pending control message write
- has been completed.
-
- This is a Measurement Factory project.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161209015833-xm965d5l6u03qhew
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 103c6fc1fa45d78ba7f9e85ab3d89fff898ee762
-# timestamp: 2016-12-09 02:51:06 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161130233304-\
-# lk3q0bx8gn5l3l85
-#
-# Begin patch
-=== modified file 'src/client_side.cc'
---- src/client_side.cc 2016-09-23 20:49:24 +0000
-+++ src/client_side.cc 2016-12-09 01:58:33 +0000
-@@ -340,7 +340,21 @@
- AsyncCall::Pointer call = commCbCall(33, 5, "ClientSocketContext::wroteControlMsg",
- CommIoCbPtrFun(&WroteControlMsg, this));
-
-- getConn()->writeControlMsgAndCall(this, rep.getRaw(), call);
-+ if (!getConn()->writeControlMsgAndCall(this, rep.getRaw(), call)) {
-+ // but still inform the caller (so it may resume its operation)
-+ doneWithControlMsg();
-+ }
-+}
-+
-+void
-+ClientSocketContext::doneWithControlMsg()
-+{
-+ ScheduleCallHere(cbControlMsgSent);
-+ cbControlMsgSent = NULL;
-+
-+ debugs(33, 3, clientConnection << ": calling PushDeferredIfNeeded after control msg wrote");
-+ ClientSocketContextPushDeferredIfNeeded(this, getConn());
-+
- }
-
- /// called when we wrote the 1xx response
-@@ -351,7 +365,7 @@
- return;
-
- if (errflag == Comm::OK) {
-- ScheduleCallHere(cbControlMsgSent);
-+ doneWithControlMsg();
- return;
- }
-
-@@ -1455,6 +1469,8 @@
-
- if (context != http->getConn()->getCurrentContext())
- context->deferRecipientForLater(node, rep, receivedData);
-+ else if (context->controlMsgIsPending())
-+ context->deferRecipientForLater(node, rep, receivedData);
- else
- http->getConn()->handleReply(rep, receivedData);
-
-
-=== modified file 'src/client_side.h'
---- src/client_side.h 2016-06-18 13:36:07 +0000
-+++ src/client_side.h 2016-12-09 01:58:33 +0000
-@@ -129,9 +129,13 @@
- /// starts writing 1xx control message to the client
- void writeControlMsg(HttpControlMsg &msg);
-
-+ /// true if 1xx to the user is pending
-+ bool controlMsgIsPending() {return cbControlMsgSent != NULL;}
-+
- protected:
- static IOCB WroteControlMsg;
- void wroteControlMsg(const Comm::ConnectionPointer &conn, char *bufnotused, size_t size, Comm::Flag errflag, int xerrno);
-+ void doneWithControlMsg();
-
- private:
- void prepareReply(HttpReply * rep);
-@@ -387,7 +391,7 @@
- void connectionTag(const char *aTag) { connectionTag_ = aTag; }
-
- /// handle a control message received by context from a peer and call back
-- virtual void writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call) = 0;
-+ virtual bool writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call) = 0;
-
- /// ClientStream calls this to supply response header (once) and data
- /// for the current ClientSocketContext.
-
-=== modified file 'src/servers/FtpServer.cc'
---- src/servers/FtpServer.cc 2016-06-30 21:09:12 +0000
-+++ src/servers/FtpServer.cc 2016-12-09 01:58:33 +0000
-@@ -1152,12 +1152,13 @@
- writeErrorReply(reply, 451);
- }
-
--void
-+bool
- Ftp::Server::writeControlMsgAndCall(ClientSocketContext *context, HttpReply *reply, AsyncCall::Pointer &call)
- {
- // the caller guarantees that we are dealing with the current context only
- // the caller should also make sure reply->header.has(HDR_FTP_STATUS)
- writeForwardedReplyAndCall(reply, call);
-+ return true;
- }
-
- void
-
-=== modified file 'src/servers/FtpServer.h'
---- src/servers/FtpServer.h 2016-03-15 18:14:15 +0000
-+++ src/servers/FtpServer.h 2016-12-09 01:58:33 +0000
-@@ -94,7 +94,7 @@
- virtual void clientPinnedConnectionClosed(const CommCloseCbParams &io);
- virtual void handleReply(HttpReply *header, StoreIOBuffer receivedData);
- virtual int pipelinePrefetchMax() const;
-- virtual void writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call);
-+ virtual bool writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call);
- virtual time_t idleTimeout() const;
-
- /* BodyPipe API */
-
-=== modified file 'src/servers/HttpServer.cc'
---- src/servers/HttpServer.cc 2016-01-01 00:14:27 +0000
-+++ src/servers/HttpServer.cc 2016-12-09 01:58:33 +0000
-@@ -35,7 +35,7 @@
- virtual ClientSocketContext *parseOneRequest(Http::ProtocolVersion &ver);
- virtual void processParsedRequest(ClientSocketContext *context, const Http::ProtocolVersion &ver);
- virtual void handleReply(HttpReply *rep, StoreIOBuffer receivedData);
-- virtual void writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call);
-+ virtual bool writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call);
- virtual time_t idleTimeout() const;
-
- /* BodyPipe API */
-@@ -167,9 +167,16 @@
- context->sendStartOfMessage(rep, receivedData);
- }
-
--void
-+bool
- Http::Server::writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call)
- {
-+ // Ignore this late control message if we have started sending a
-+ // reply to the user already (e.g., after an error).
-+ if (context->reply) {
-+ debugs(11, 2, "drop 1xx made late by " << context->reply);
-+ return false;
-+ }
-+
- // apply selected clientReplyContext::buildReplyHeader() mods
- // it is not clear what headers are required for control messages
- rep->header.removeHopByHopEntries();
-@@ -184,6 +191,7 @@
- Comm::Write(context->clientConnection, mb, call);
-
- delete mb;
-+ return true;
- }
-
- ConnStateData *
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14120
-revision-id: squid3@treenet.co.nz-20161209034636-wytrnx7ks2jv0sxt
-parent: squid3@treenet.co.nz-20161209015833-xm965d5l6u03qhew
-author: Egervary Gergely <gergely@egervary.hu>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Fri 2016-12-09 16:46:36 +1300
-message:
- Support IPv6 NAT with PF for NetBSD and FreeBSD
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161209034636-wytrnx7ks2jv0sxt
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: b47da8d30fe000bbe50ea978bab7594065f7dc07
-# timestamp: 2016-12-09 03:51:01 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161209015833-\
-# xm965d5l6u03qhew
-#
-# Begin patch
-=== modified file 'src/ip/Intercept.cc'
---- src/ip/Intercept.cc 2016-10-25 08:25:30 +0000
-+++ src/ip/Intercept.cc 2016-12-09 03:46:36 +0000
-@@ -339,13 +339,20 @@
- }
-
- memset(&nl, 0, sizeof(struct pfioc_natlook));
-- newConn->remote.getInAddr(nl.saddr.v4);
-+
-+ if (newConn->remote.isIPv6()) {
-+ newConn->remote.getInAddr(nl.saddr.v6);
-+ newConn->local.getInAddr(nl.daddr.v6);
-+ nl.af = AF_INET6;
-+ } else {
-+ newConn->remote.getInAddr(nl.saddr.v4);
-+ newConn->local.getInAddr(nl.daddr.v4);
-+ nl.af = AF_INET;
-+ }
-+
- nl.sport = htons(newConn->remote.port());
--
-- newConn->local.getInAddr(nl.daddr.v4);
- nl.dport = htons(newConn->local.port());
-
-- nl.af = AF_INET;
- nl.proto = IPPROTO_TCP;
- nl.direction = PF_OUT;
-
-@@ -361,7 +368,10 @@
- debugs(89, 9, HERE << "address: " << newConn);
- return false;
- } else {
-- newConn->local = nl.rdaddr.v4;
-+ if (newConn->remote.isIPv6())
-+ newConn->local = nl.rdaddr.v6;
-+ else
-+ newConn->local = nl.rdaddr.v4;
- newConn->local.port(ntohs(nl.rdport));
- debugs(89, 5, HERE << "address NAT: " << newConn);
- return true;
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14121
-revision-id: squid3@treenet.co.nz-20161209043304-krtzvsm4a0zbzgi8
-parent: squid3@treenet.co.nz-20161209034636-wytrnx7ks2jv0sxt
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4406
-author: Michael Buchau <mike@m-buchau.de>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Fri 2016-12-09 17:33:04 +1300
-message:
- Bug 4406: SIGSEV in TunnelStateData::handleConnectResponse() during reconfigure and restart
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161209043304-krtzvsm4a0zbzgi8
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: ce1153061cb79ac9ede6851f438ec830ed7a3e78
-# timestamp: 2016-12-09 04:51:01 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161209034636-\
-# wytrnx7ks2jv0sxt
-#
-# Begin patch
-=== modified file 'src/tunnel.cc'
---- src/tunnel.cc 2016-08-17 13:34:13 +0000
-+++ src/tunnel.cc 2016-12-09 04:33:04 +0000
-@@ -475,7 +475,8 @@
- *status_ptr = rep.sline.status();
-
- // we need to relay the 401/407 responses when login=PASS(THRU)
-- const char *pwd = server.conn->getPeer()->login;
-+ const CachePeer *peer = server.conn->getPeer();
-+ const char *pwd = (peer ? peer->login : NULL);
- const bool relay = pwd && (strcmp(pwd, "PASS") == 0 || strcmp(pwd, "PASSTHRU") == 0) &&
- (*status_ptr == Http::scProxyAuthenticationRequired ||
- *status_ptr == Http::scUnauthorized);
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14122
-revision-id: squidadm@squid-cache.org-20161209061551-361ava4lrrmbwiy9
-parent: squid3@treenet.co.nz-20161209043304-krtzvsm4a0zbzgi8
-committer: Source Maintenance <squidadm@squid-cache.org>
-branch nick: 3.5
-timestamp: Fri 2016-12-09 06:15:51 +0000
-message:
- SourceFormat Enforcement
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squidadm@squid-cache.org-20161209061551-\
-# 361ava4lrrmbwiy9
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: cb4bfe0e0aaf3e3d107ffb16e2729c6f46d5a822
-# timestamp: 2016-12-09 06:51:04 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161209043304-\
-# krtzvsm4a0zbzgi8
-#
-# Begin patch
-=== modified file 'src/servers/HttpServer.cc'
---- src/servers/HttpServer.cc 2016-12-09 01:58:33 +0000
-+++ src/servers/HttpServer.cc 2016-12-09 06:15:51 +0000
-@@ -170,7 +170,7 @@
- bool
- Http::Server::writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call)
- {
-- // Ignore this late control message if we have started sending a
-+ // Ignore this late control message if we have started sending a
- // reply to the user already (e.g., after an error).
- if (context->reply) {
- debugs(11, 2, "drop 1xx made late by " << context->reply);
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14123
-revision-id: squid3@treenet.co.nz-20161215090342-ml7nmzlfmiiov7j5
-parent: squidadm@squid-cache.org-20161209061551-361ava4lrrmbwiy9
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=2258
-author: Garri Djavadyan <garryd@comnet.uz>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Thu 2016-12-15 22:03:42 +1300
-message:
- Bug 2258: bypassing cache but not destroying cache entry
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161215090342-ml7nmzlfmiiov7j5
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: e4ce2fda10feb3e4e6b64d6dfa566ba6f0ac07f1
-# timestamp: 2016-12-15 09:08:35 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squidadm@squid-cache.org-20161209061551-\
-# 361ava4lrrmbwiy9
-#
-# Begin patch
-=== modified file 'src/HttpRequest.cc'
---- src/HttpRequest.cc 2016-04-01 06:15:31 +0000
-+++ src/HttpRequest.cc 2016-12-15 09:03:42 +0000
-@@ -576,8 +576,13 @@
- if (!method.respMaybeCacheable())
- return false;
-
-- // XXX: this would seem the correct place to detect request cache-controls
-- // no-store, private and related which block cacheability
-+ // RFC 7234 section 5.2.1.5:
-+ // "cache MUST NOT store any part of either this request or any response to it"
-+ //
-+ // NP: refresh_pattern ignore-no-store only applies to response messages
-+ // this test is handling request message CC header.
-+ if (!flags.ignoreCc && cache_control && cache_control->noStore())
-+ return false;
- break;
-
- case AnyP::PROTO_GOPHER:
-
-=== modified file 'src/http.cc'
---- src/http.cc 2016-11-30 22:33:32 +0000
-+++ src/http.cc 2016-12-15 09:03:42 +0000
-@@ -191,6 +191,12 @@
- if (!EBIT_TEST(e->flags, KEY_PRIVATE))
- return;
-
-+ // If the new/incoming response cannot be stored, then it does not
-+ // compete with the old stored response for the public key, and the
-+ // old stored response should be left as is.
-+ if (e->mem_obj->request && !e->mem_obj->request->flags.cachable)
-+ return;
-+
- switch (status) {
-
- case Http::scOkay:
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14124
-revision-id: squid3@treenet.co.nz-20161215092210-8gupdsihb4d8fufk
-parent: squid3@treenet.co.nz-20161215090342-ml7nmzlfmiiov7j5
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Thu 2016-12-15 22:22:10 +1300
-message:
- HTTP/1.1: Add registered codes entry for new 103 (Early Hints) status code
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161215092210-8gupdsihb4d8fufk
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: b9e9ff6a7fe0972dfd8a3b1a45ba25a66ef03552
-# timestamp: 2016-12-15 09:22:58 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161215090342-\
-# ml7nmzlfmiiov7j5
-#
-# Begin patch
-=== modified file 'src/http/StatusCode.cc'
---- src/http/StatusCode.cc 2016-03-23 14:00:51 +0000
-+++ src/http/StatusCode.cc 2016-12-15 09:22:10 +0000
-@@ -33,6 +33,10 @@
- return "Processing";
- break;
-
-+ case Http::scEarlyHints: // 103
-+ return "Early Hints";
-+ break;
-+
- // 200-299
- case Http::scOkay:
- return "OK";
-
-=== modified file 'src/http/StatusCode.h'
---- src/http/StatusCode.h 2016-03-23 14:00:51 +0000
-+++ src/http/StatusCode.h 2016-12-15 09:22:10 +0000
-@@ -22,6 +22,7 @@
- scContinue = 100,
- scSwitchingProtocols = 101,
- scProcessing = 102, /**< RFC2518 section 10.1 */
-+ scEarlyHints = 103, /**< draft-kazuho-early-hints-status-code */
- scOkay = 200,
- scCreated = 201,
- scAccepted = 202,
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14125
-revision-id: squid3@treenet.co.nz-20161215093634-ykbs6tv8pdusz7cj
-parent: squid3@treenet.co.nz-20161215092210-8gupdsihb4d8fufk
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3940
-author: Garri Djavadyan <garryd@comnet.uz>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Thu 2016-12-15 22:36:34 +1300
-message:
- Bug 3940 (partial): hostHeaderVerify failures MISS when they should be HIT
-
- This fixes the critical condition leading to the HIT. However not all
- code is correctly setting flags.noCache and flags.cacheable (see bugzilla).
- So there may be other fixes needed after this.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161215093634-ykbs6tv8pdusz7cj
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 3e1ebda070635dcabfa4f77d697ac12e8683106f
-# timestamp: 2016-12-15 09:39:01 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161215092210-\
-# 8gupdsihb4d8fufk
-#
-# Begin patch
-=== modified file 'src/client_side_reply.cc'
---- src/client_side_reply.cc 2016-11-11 06:03:25 +0000
-+++ src/client_side_reply.cc 2016-12-15 09:36:34 +0000
-@@ -1649,7 +1649,9 @@
- {
- HttpRequest *r = http->request;
-
-- if (r->flags.cachable || r->flags.internal) {
-+ // client sent CC:no-cache or some other condition has been
-+ // encountered which prevents delivering a public/cached object.
-+ if (!r->flags.noCache || r->flags.internal) {
- lookingforstore = 5;
- StoreEntry::getPublicByRequest (this, r);
- } else {
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14126
-revision-id: squid3@treenet.co.nz-20161215103357-827wow3k1y3k9yql
-parent: squid3@treenet.co.nz-20161215093634-ykbs6tv8pdusz7cj
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4169
-author: Garri Djavadyan <garryd@comnet.uz>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Thu 2016-12-15 23:33:57 +1300
-message:
- Bug 4169: HIT marked as MISS when If-None-Match does not match
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20161215103357-827wow3k1y3k9yql
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 258cd3e400bcb137a7bcdf6e7e0240287ea581a3
-# timestamp: 2016-12-15 10:34:30 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20161215093634-\
-# ykbs6tv8pdusz7cj
-#
-# Begin patch
-=== modified file 'src/LogTags.h'
---- src/LogTags.h 2016-10-09 19:47:26 +0000
-+++ src/LogTags.h 2016-12-15 10:33:57 +0000
-@@ -28,6 +28,7 @@
- LOG_TCP_REFRESH_IGNORED, // refresh from origin ignored, stale entry sent
- LOG_TCP_CLIENT_REFRESH_MISS,
- LOG_TCP_IMS_HIT,
-+ LOG_TCP_INM_HIT,
- LOG_TCP_SWAPFAIL_MISS,
- LOG_TCP_NEGATIVE_HIT,
- LOG_TCP_MEM_HIT,
-@@ -54,6 +55,7 @@
- return
- (code == LOG_TCP_HIT) ||
- (code == LOG_TCP_IMS_HIT) ||
-+ (code == LOG_TCP_INM_HIT) ||
- (code == LOG_TCP_REFRESH_FAIL_OLD) ||
- (code == LOG_TCP_REFRESH_UNMODIFIED) ||
- (code == LOG_TCP_NEGATIVE_HIT) ||
-
-=== modified file 'src/client_side.cc'
---- src/client_side.cc 2016-12-09 01:58:33 +0000
-+++ src/client_side.cc 2016-12-15 10:33:57 +0000
-@@ -429,6 +429,7 @@
- statCounter.client_http.nearHitSvcTime.count(svc_time);
- break;
-
-+ case LOG_TCP_INM_HIT:
- case LOG_TCP_IMS_HIT:
- statCounter.client_http.nearMissSvcTime.count(svc_time);
- break;
-
-=== modified file 'src/client_side_reply.cc'
---- src/client_side_reply.cc 2016-12-15 09:36:34 +0000
-+++ src/client_side_reply.cc 2016-12-15 10:33:57 +0000
-@@ -778,40 +778,27 @@
- return true;
- }
-
-- bool matchedIfNoneMatch = false;
- if (r.header.has(HDR_IF_NONE_MATCH)) {
-- if (!e->hasIfNoneMatchEtag(r)) {
-- // RFC 2616: ignore IMS if If-None-Match did not match
-- r.flags.ims = false;
-- r.ims = -1;
-- r.imslen = 0;
-- r.header.delById(HDR_IF_MODIFIED_SINCE);
-- http->logType = LOG_TCP_MISS;
-- sendMoreData(result);
-- return true;
-- }
-+ // RFC 7232: If-None-Match recipient MUST ignore IMS
-+ r.flags.ims = false;
-+ r.ims = -1;
-+ r.imslen = 0;
-+ r.header.delById(HDR_IF_MODIFIED_SINCE);
-
-- if (!r.flags.ims) {
-- // RFC 2616: if If-None-Match matched and there is no IMS,
-- // reply with 304 Not Modified or 412 Precondition Failed
-+ if (e->hasIfNoneMatchEtag(r)) {
- sendNotModifiedOrPreconditionFailedError();
- return true;
- }
-
-- // otherwise check IMS below to decide if we reply with 304 or 412
-- matchedIfNoneMatch = true;
-+ // None-Match is true (no ETag matched); treat as an unconditional hit
-+ return false;
- }
-
- if (r.flags.ims) {
- // handle If-Modified-Since requests from the client
- if (e->modifiedSince(r.ims, r.imslen)) {
-- http->logType = LOG_TCP_IMS_HIT;
-- sendMoreData(result);
--
-- } else if (matchedIfNoneMatch) {
-- // If-None-Match matched, reply with 304 Not Modified or
-- // 412 Precondition Failed
-- sendNotModifiedOrPreconditionFailedError();
-+ // Modified-Since is true; treat as an unconditional hit
-+ return false;
-
- } else {
- // otherwise reply with 304 Not Modified
-@@ -1974,7 +1961,12 @@
- StoreEntry *e = http->storeEntry();
- const time_t timestamp = e->timestamp;
- HttpReply *const temprep = e->getReply()->make304();
-- http->logType = LOG_TCP_IMS_HIT;
-+ // log as TCP_INM_HIT if code 304 generated for
-+ // If-None-Match request
-+ if (!http->request->flags.ims)
-+ http->logType = LOG_TCP_INM_HIT;
-+ else
-+ http->logType = LOG_TCP_IMS_HIT;
- removeClientStoreReference(&sc, http);
- createStoreEntry(http->request->method, RequestFlags());
- e = http->storeEntry();
-
projects / people / pmueller / ipfire-2.x.git / commitdiff
