include Config
-VER = 3.5.19
+VER = 3.5.20
THISAPP = squid-$(VER)
DL_FILE = $(THISAPP).tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a1d990284c429a63ee85d80ee5b3b8b9
+$(DL_FILE)_MD5 = 48fb18679a30606de98882528beab3a7
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14051.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14052.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14053.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14054.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14055.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14056.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.17-fix-max-file-descriptors.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14067.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14068.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14069.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14070.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14071.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14072.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14073.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14074.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14075.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.20-fix-max-file-descriptors.patch
cd $(DIR_APP) && autoreconf -vfi
cd $(DIR_APP)/libltdl && autoreconf -vfi
--- configure.ac.~ Wed Apr 20 14:26:07 2016
+++ configure.ac Fri Apr 22 17:20:46 2016
-@@ -3131,6 +3131,9 @@
+@@ -3135,6 +3135,9 @@
;;
esac
dnl --with-maxfd present for compatibility with Squid-2.
dnl undocumented in ./configure --help to encourage using the Squid-3 directive
AC_ARG_WITH(maxfd,,
-@@ -3161,8 +3164,6 @@
+@@ -3165,8 +3168,6 @@
esac
])
+++ /dev/null
-------------------------------------------------------------
-revno: 14051
-revision-id: squid3@treenet.co.nz-20160517145850-uos9z00nrt7xd9ik
-parent: squid3@treenet.co.nz-20160508124125-fytgvn68zppfr8ix
-author: Steve Hill <steve@opendium.com>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Wed 2016-05-18 02:58:50 +1200
-message:
- Support unified EUI format code in external_acl_type
-
- Squid supports %>eui as a logformat specifier, which produces an EUI-48
- for IPv4 clients and an EUI-64 for IPv6 clients. However, This is not
- allowed as a format specifier for the external ACLs, and you have to use
- %SRCEUI48 and %SRCEUI64 instead. %SRCEUI48 is only useful for IPv4
- clients and %SRCEUI64 is only useful for IPv6 clients, so supporting
- both v4 and v6 is a bit messy.
-
- Adds the %>eui specifier for external ACLs and behaves in the same way
- as the logformat specifier.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20160517145850-uos9z00nrt7xd9ik
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: ad0743717948a65cfd4f306acc2bbaa9343e9a76
-# timestamp: 2016-05-17 15:50:54 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20160508124125-\
-# fytgvn68zppfr8ix
-#
-# Begin patch
-=== modified file 'src/external_acl.cc'
---- src/external_acl.cc 2016-01-01 00:14:27 +0000
-+++ src/external_acl.cc 2016-05-17 14:58:50 +0000
-@@ -356,6 +356,8 @@
- else if (strcmp(token, "%SRCPORT") == 0 || strcmp(token, "%>p") == 0)
- format->type = Format::LFT_CLIENT_PORT;
- #if USE_SQUID_EUI
-+ else if (strcmp(token, "%>eui") == 0)
-+ format->type = Format::LFT_CLIENT_EUI;
- else if (strcmp(token, "%SRCEUI48") == 0)
- format->type = Format::LFT_EXT_ACL_CLIENT_EUI48;
- else if (strcmp(token, "%SRCEUI64") == 0)
-@@ -944,6 +946,18 @@
- break;
-
- #if USE_SQUID_EUI
-+ case Format::LFT_CLIENT_EUI:
-+ // TODO make the ACL checklist have a direct link to any TCP details.
-+ if (request->clientConnectionManager.valid() && request->clientConnectionManager->clientConnection != NULL)
-+ {
-+ if (request->clientConnectionManager->clientConnection->remote.isIPv4())
-+ request->clientConnectionManager->clientConnection->remoteEui48.encode(buf, sizeof(buf));
-+ else
-+ request->clientConnectionManager->clientConnection->remoteEui64.encode(buf, sizeof(buf));
-+ str = buf;
-+ }
-+ break;
-+
- case Format::LFT_EXT_ACL_CLIENT_EUI48:
- if (request->clientConnectionManager.valid() && request->clientConnectionManager->clientConnection != NULL &&
- request->clientConnectionManager->clientConnection->remoteEui48.encode(buf, sizeof(buf)))
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14052
-revision-id: squidadm@squid-cache.org-20160517181416-sfrjdosd9dhx7u8o
-parent: squid3@treenet.co.nz-20160517145850-uos9z00nrt7xd9ik
-committer: Source Maintenance <squidadm@squid-cache.org>
-branch nick: 3.5
-timestamp: Tue 2016-05-17 18:14:16 +0000
-message:
- SourceFormat Enforcement
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squidadm@squid-cache.org-20160517181416-\
-# sfrjdosd9dhx7u8o
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: e30c12805cacdb559925da08cc6a25fe4a39c19b
-# timestamp: 2016-05-17 18:51:06 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20160517145850-\
-# uos9z00nrt7xd9ik
-#
-# Begin patch
-=== modified file 'src/external_acl.cc'
---- src/external_acl.cc 2016-05-17 14:58:50 +0000
-+++ src/external_acl.cc 2016-05-17 18:14:16 +0000
-@@ -956,7 +956,7 @@
- request->clientConnectionManager->clientConnection->remoteEui64.encode(buf, sizeof(buf));
- str = buf;
- }
-- break;
-+ break;
-
- case Format::LFT_EXT_ACL_CLIENT_EUI48:
- if (request->clientConnectionManager.valid() && request->clientConnectionManager->clientConnection != NULL &&
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14053
-revision-id: squid3@treenet.co.nz-20160521130058-zq8zugw0fohwfu3z
-parent: squidadm@squid-cache.org-20160517181416-sfrjdosd9dhx7u8o
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sun 2016-05-22 01:00:58 +1200
-message:
- Do not override user defined -std option
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20160521130058-zq8zugw0fohwfu3z
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: a75245a622ccfa385ef5e4722f9a9fb438a16135
-# timestamp: 2016-05-21 13:08:06 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squidadm@squid-cache.org-20160517181416-\
-# sfrjdosd9dhx7u8o
-#
-# Begin patch
-=== modified file 'configure.ac'
---- configure.ac 2016-05-08 12:41:25 +0000
-+++ configure.ac 2016-05-21 13:00:58 +0000
-@@ -95,6 +95,9 @@
- # Guess the compiler type (sets squid_cv_compiler)
- SQUID_CC_GUESS_VARIANT
-
-+# If the user did not specify a C++ version.
-+user_cxx=`echo "$PRESET_CXXFLAGS" | grep -o -E "\-std="`
-+if test "x$user_cxx" = "x"; then
- # Check for C++11 compiler support
- #
- # BUG 3613: when clang -std=c++0x is used, it activates a "strict mode"
-@@ -103,8 +106,9 @@
- #
- # Similar POSIX issues on MinGW 32-bit and Cygwin
- #
--if ! test "x$squid_host_os" = "xmingw" -o "x$squid_host_os" = "xcygwin" -o "x$squid_cv_compiler" = "xclang"; then
-- AX_CXX_COMPILE_STDCXX_11([noext],[optional])
-+ if ! test "x$squid_host_os" = "xmingw" -o "x$squid_host_os" = "xcygwin" -o "x$squid_cv_compiler" = "xclang"; then
-+ AX_CXX_COMPILE_STDCXX_11([noext],[optional])
-+ fi
- fi
-
- # test for programs
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14054
-revision-id: squid3@treenet.co.nz-20160521130144-6xtcayieij00fm5v
-parent: squid3@treenet.co.nz-20160521130058-zq8zugw0fohwfu3z
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sun 2016-05-22 01:01:44 +1200
-message:
- Fix OpenSSL detection on FreeBSD
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20160521130144-6xtcayieij00fm5v
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 3d8c0d7a9f1886523ac55d79e4d3e8f0340e2ec9
-# timestamp: 2016-05-21 13:08:08 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20160521130058-\
-# zq8zugw0fohwfu3z
-#
-# Begin patch
-=== modified file 'configure.ac'
---- configure.ac 2016-05-21 13:00:58 +0000
-+++ configure.ac 2016-05-21 13:01:44 +0000
-@@ -1348,10 +1348,10 @@
-
- AC_CHECK_LIB(crypto,[CRYPTO_new_ex_data],[LIBOPENSSL_LIBS="-lcrypto $LIBOPENSSL_LIBS"],[
- AC_MSG_ERROR([library 'crypto' is required for OpenSSL])
-- ])
-+ ],$LIBOPENSSL_LIBS)
- AC_CHECK_LIB(ssl,[SSL_library_init],[LIBOPENSSL_LIBS="-lssl $LIBOPENSSL_LIBS"],[
- AC_MSG_ERROR([library 'ssl' is required for OpenSSL])
-- ])
-+ ],$LIBOPENSSL_LIBS)
- ])
-
- # This is a workaround for RedHat 9 brain damage..
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14055
-revision-id: squid3@treenet.co.nz-20160521155202-pp53utwamdhkugvg
-parent: squid3@treenet.co.nz-20160521130144-6xtcayieij00fm5v
-author: Alex Rousskov <rousskov@measurement-factory.com>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sun 2016-05-22 03:52:02 +1200
-message:
- Fix icons loading speed.
-
- Since trunk r14100 (Bug 3875: bad mimeLoadIconFile error handling), each
- icon was read from disk and written to Store one character at a time. I
- did not measure startup delays in production, but in debugging runs,
- fixing this bug sped up icons loading from 1 minute to 4 seconds.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20160521155202-pp53utwamdhkugvg
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 79b78480d81666c15406d23837608ba9a578da4b
-# timestamp: 2016-05-21 16:51:00 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20160521130144-\
-# 6xtcayieij00fm5v
-#
-# Begin patch
-=== modified file 'src/mime.cc'
---- src/mime.cc 2016-01-01 00:14:27 +0000
-+++ src/mime.cc 2016-05-21 15:52:02 +0000
-@@ -430,7 +430,7 @@
- /* read the file into the buffer and append it to store */
- int n;
- char *buf = (char *)memAllocate(MEM_4K_BUF);
-- while ((n = FD_READ_METHOD(fd, buf, sizeof(*buf))) > 0)
-+ while ((n = FD_READ_METHOD(fd, buf, 4096)) > 0)
- e->append(buf, n);
-
- file_close(fd);
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14056
-revision-id: squid3@treenet.co.nz-20160521172919-du6cbdirqcxdjbtr
-parent: squid3@treenet.co.nz-20160521155202-pp53utwamdhkugvg
-author: Christos Tsantilas <chtsanti@users.sourceforge.net>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sun 2016-05-22 05:29:19 +1200
-message:
- Increase debug level in a peek-and-splice related debug message
-
- It may produced one debugging line for each SSL transaction in some cases
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20160521172919-du6cbdirqcxdjbtr
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 76c2e864289dabb1065c470c954f9fc5ec4c7b4f
-# timestamp: 2016-05-21 17:50:54 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20160521155202-\
-# pp53utwamdhkugvg
-#
-# Begin patch
-=== modified file 'src/ssl/PeerConnector.cc'
---- src/ssl/PeerConnector.cc 2016-02-15 11:29:50 +0000
-+++ src/ssl/PeerConnector.cc 2016-05-21 17:29:19 +0000
-@@ -598,7 +598,7 @@
-
- case SSL_ERROR_WANT_WRITE:
- if ((srvBio->bumpMode() == Ssl::bumpPeek || srvBio->bumpMode() == Ssl::bumpStare) && srvBio->holdWrite()) {
-- debugs(81, DBG_IMPORTANT, "hold write on SSL connection on FD " << fd);
-+ debugs(81, 3, "hold write on SSL connection on FD " << fd);
- checkForPeekAndSplice();
- return;
- }
-
--- /dev/null
+------------------------------------------------------------
+revno: 14067
+revision-id: squid3@treenet.co.nz-20160723071620-1wzqpbyi1rk5w6vg
+parent: squid3@treenet.co.nz-20160701113616-vpjak1pq4uecadd2
+fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4534
+committer: Amos Jeffries <squid3@treenet.co.nz>
+branch nick: 3.5
+timestamp: Sat 2016-07-23 19:16:20 +1200
+message:
+ Bug 4534: assertion failure in xcalloc when using many cache_dir
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3@treenet.co.nz-20160723071620-1wzqpbyi1rk5w6vg
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# testament_sha1: fcd663f0fd4a24d505f81eb94ef95d627a4ca363
+# timestamp: 2016-07-23 07:24:01 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# base_revision_id: squid3@treenet.co.nz-20160701113616-\
+# vpjak1pq4uecadd2
+#
+# Begin patch
+=== modified file 'src/CacheDigest.cc'
+--- src/CacheDigest.cc 2016-01-01 00:14:27 +0000
++++ src/CacheDigest.cc 2016-07-23 07:16:20 +0000
+@@ -35,12 +35,12 @@
+ static uint32_t hashed_keys[4];
+
+ static void
+-cacheDigestInit(CacheDigest * cd, int capacity, int bpe)
++cacheDigestInit(CacheDigest * cd, uint64_t capacity, uint8_t bpe)
+ {
+- const size_t mask_size = cacheDigestCalcMaskSize(capacity, bpe);
++ const uint32_t mask_size = cacheDigestCalcMaskSize(capacity, bpe);
+ assert(cd);
+ assert(capacity > 0 && bpe > 0);
+- assert(mask_size > 0);
++ assert(mask_size != 0);
+ cd->capacity = capacity;
+ cd->bits_per_entry = bpe;
+ cd->mask_size = mask_size;
+@@ -50,7 +50,7 @@
+ }
+
+ CacheDigest *
+-cacheDigestCreate(int capacity, int bpe)
++cacheDigestCreate(uint64_t capacity, uint8_t bpe)
+ {
+ CacheDigest *cd = (CacheDigest *)memAllocate(MEM_CACHE_DIGEST);
+ assert(SQUID_MD5_DIGEST_LENGTH == 16); /* our hash functions rely on 16 byte keys */
+@@ -97,7 +97,7 @@
+
+ /* changes mask size, resets bits to 0, preserves "cd" pointer */
+ void
+-cacheDigestChangeCap(CacheDigest * cd, int new_cap)
++cacheDigestChangeCap(CacheDigest * cd, uint64_t new_cap)
+ {
+ assert(cd);
+ cacheDigestClean(cd);
+@@ -278,12 +278,12 @@
+ storeAppendPrintf(e, "%s digest: size: %d bytes\n",
+ label ? label : "", stats.bit_count / 8
+ );
+- storeAppendPrintf(e, "\t entries: count: %d capacity: %d util: %d%%\n",
++ storeAppendPrintf(e, "\t entries: count: %" PRIu64 " capacity: %" PRIu64 " util: %d%%\n",
+ cd->count,
+ cd->capacity,
+ xpercentInt(cd->count, cd->capacity)
+ );
+- storeAppendPrintf(e, "\t deletion attempts: %d\n",
++ storeAppendPrintf(e, "\t deletion attempts: %" PRIu64 "\n",
+ cd->del_count
+ );
+ storeAppendPrintf(e, "\t bits: per entry: %d on: %d capacity: %d util: %d%%\n",
+@@ -297,16 +297,18 @@
+ );
+ }
+
+-size_t
+-cacheDigestCalcMaskSize(int cap, int bpe)
++uint32_t
++cacheDigestCalcMaskSize(uint64_t cap, uint8_t bpe)
+ {
+- return (size_t) (cap * bpe + 7) / 8;
++ uint64_t bitCount = (cap * bpe) + 7;
++ assert(bitCount < INT_MAX); // dont 31-bit overflow later
++ return static_cast<uint32_t>(bitCount / 8);
+ }
+
+ static void
+ cacheDigestHashKey(const CacheDigest * cd, const cache_key * key)
+ {
+- const unsigned int bit_count = cd->mask_size * 8;
++ const uint32_t bit_count = cd->mask_size * 8;
+ unsigned int tmp_keys[4];
+ /* we must memcpy to ensure alignment */
+ memcpy(tmp_keys, key, sizeof(tmp_keys));
+
+=== modified file 'src/CacheDigest.h'
+--- src/CacheDigest.h 2016-01-01 00:14:27 +0000
++++ src/CacheDigest.h 2016-07-23 07:16:20 +0000
+@@ -22,23 +22,23 @@
+ {
+ public:
+ /* public, read-only */
+- char *mask; /* bit mask */
+- int mask_size; /* mask size in bytes */
+- int capacity; /* expected maximum for .count, not a hard limit */
+- int bits_per_entry; /* number of bits allocated for each entry from capacity */
+- int count; /* number of digested entries */
+- int del_count; /* number of deletions performed so far */
++ uint64_t count; /* number of digested entries */
++ uint64_t del_count; /* number of deletions performed so far */
++ uint64_t capacity; /* expected maximum for .count, not a hard limit */
++ char *mask; /* bit mask */
++ uint32_t mask_size; /* mask size in bytes */
++ int8_t bits_per_entry; /* number of bits allocated for each entry from capacity */
+ };
+
+-CacheDigest *cacheDigestCreate(int capacity, int bpe);
++CacheDigest *cacheDigestCreate(uint64_t capacity, uint8_t bpe);
+ void cacheDigestDestroy(CacheDigest * cd);
+ CacheDigest *cacheDigestClone(const CacheDigest * cd);
+ void cacheDigestClear(CacheDigest * cd);
+-void cacheDigestChangeCap(CacheDigest * cd, int new_cap);
++void cacheDigestChangeCap(CacheDigest * cd, uint64_t new_cap);
+ int cacheDigestTest(const CacheDigest * cd, const cache_key * key);
+ void cacheDigestAdd(CacheDigest * cd, const cache_key * key);
+ void cacheDigestDel(CacheDigest * cd, const cache_key * key);
+-size_t cacheDigestCalcMaskSize(int cap, int bpe);
++uint32_t cacheDigestCalcMaskSize(uint64_t cap, uint8_t bpe);
+ int cacheDigestBitUtil(const CacheDigest * cd);
+ void cacheDigestGuessStatsUpdate(CacheDigestGuessStats * stats, int real_hit, int guess_hit);
+ void cacheDigestGuessStatsReport(const CacheDigestGuessStats * stats, StoreEntry * sentry, const char *label);
+
+=== modified file 'src/PeerDigest.h'
+--- src/PeerDigest.h 2016-01-01 00:14:27 +0000
++++ src/PeerDigest.h 2016-07-23 07:16:20 +0000
+@@ -52,7 +52,7 @@
+ store_client *old_sc;
+ HttpRequest *request;
+ int offset;
+- int mask_offset;
++ uint32_t mask_offset;
+ time_t start_time;
+ time_t resp_time;
+ time_t expires;
+
+=== modified file 'src/peer_digest.cc'
+--- src/peer_digest.cc 2016-01-01 00:14:27 +0000
++++ src/peer_digest.cc 2016-07-23 07:16:20 +0000
+@@ -754,7 +754,7 @@
+ if (!reason && !size) {
+ if (!pd->cd)
+ reason = "null digest?!";
+- else if (fetch->mask_offset != (int)pd->cd->mask_size)
++ else if (fetch->mask_offset != pd->cd->mask_size)
+ reason = "premature end of digest?!";
+ else if (!peerDigestUseful(pd))
+ reason = "useless digest";
+
+=== modified file 'src/store_digest.cc'
+--- src/store_digest.cc 2016-01-01 00:14:27 +0000
++++ src/store_digest.cc 2016-07-23 07:16:20 +0000
+@@ -76,36 +76,63 @@
+ static void storeDigestRewriteFinish(StoreEntry * e);
+ static EVH storeDigestSwapOutStep;
+ static void storeDigestCBlockSwapOut(StoreEntry * e);
+-static int storeDigestCalcCap(void);
+-static int storeDigestResize(void);
+ static void storeDigestAdd(const StoreEntry *);
+
++/// calculates digest capacity
++static uint64_t
++storeDigestCalcCap()
++{
++ /*
++ * To-Do: Bloom proved that the optimal filter utilization is 50% (half of
++ * the bits are off). However, we do not have a formula to calculate the
++ * number of _entries_ we want to pre-allocate for.
++ */
++ const uint64_t hi_cap = Store::Root().maxSize() / Config.Store.avgObjectSize;
++ const uint64_t lo_cap = 1 + Store::Root().currentSize() / Config.Store.avgObjectSize;
++ const uint64_t e_count = StoreEntry::inUseCount();
++ uint64_t cap = e_count ? e_count : hi_cap;
++ debugs(71, 2, "have: " << e_count << ", want " << cap <<
++ " entries; limits: [" << lo_cap << ", " << hi_cap << "]");
++
++ if (cap < lo_cap)
++ cap = lo_cap;
++
++ /* do not enforce hi_cap limit, average-based estimation may be wrong
++ *if (cap > hi_cap)
++ * cap = hi_cap;
++ */
++
++ // Bug 4534: we still have to set an upper-limit at some reasonable value though.
++ // this matches cacheDigestCalcMaskSize doing (cap*bpe)+7 < INT_MAX
++ const uint64_t absolute_max = (INT_MAX -8) / Config.digest.bits_per_entry;
++ if (cap > absolute_max) {
++ static time_t last_loud = 0;
++ if (last_loud < squid_curtime - 86400) {
++ debugs(71, DBG_IMPORTANT, "WARNING: Cache Digest cannot store " << cap << " entries. Limiting to " << absolute_max);
++ last_loud = squid_curtime;
++ } else {
++ debugs(71, 3, "WARNING: Cache Digest cannot store " << cap << " entries. Limiting to " << absolute_max);
++ }
++ cap = absolute_max;
++ }
++
++ return cap;
++}
+ #endif /* USE_CACHE_DIGESTS */
+
+-static void
+-storeDigestRegisterWithCacheManager(void)
++void
++storeDigestInit(void)
+ {
+ Mgr::RegisterAction("store_digest", "Store Digest", storeDigestReport, 0, 1);
+-}
+-
+-/*
+- * PUBLIC FUNCTIONS
+- */
+-
+-void
+-storeDigestInit(void)
+-{
+- storeDigestRegisterWithCacheManager();
+
+ #if USE_CACHE_DIGESTS
+- const int cap = storeDigestCalcCap();
+-
+ if (!Config.onoff.digest_generation) {
+ store_digest = NULL;
+ debugs(71, 3, "Local cache digest generation disabled");
+ return;
+ }
+
++ const uint64_t cap = storeDigestCalcCap();
+ store_digest = cacheDigestCreate(cap, Config.digest.bits_per_entry);
+ debugs(71, DBG_IMPORTANT, "Local cache digest enabled; rebuild/rewrite every " <<
+ (int) Config.digest.rebuild_period << "/" <<
+@@ -290,6 +317,31 @@
+ storeDigestRebuildResume();
+ }
+
++/// \returns true if we actually resized the digest
++static bool
++storeDigestResize()
++{
++ const uint64_t cap = storeDigestCalcCap();
++ assert(store_digest);
++ uint64_t diff;
++ if (cap > store_digest->capacity)
++ diff = cap - store_digest->capacity;
++ else
++ diff = store_digest->capacity - cap;
++ debugs(71, 2, store_digest->capacity << " -> " << cap << "; change: " <<
++ diff << " (" << xpercentInt(diff, store_digest->capacity) << "%)" );
++ /* avoid minor adjustments */
++
++ if (diff <= store_digest->capacity / 10) {
++ debugs(71, 2, "small change, will not resize.");
++ return false;
++ } else {
++ debugs(71, 2, "big change, resizing.");
++ cacheDigestChangeCap(store_digest, cap);
++ }
++ return true;
++}
++
+ /* called be Rewrite to push Rebuild forward */
+ static void
+ storeDigestRebuildResume(void)
+@@ -439,7 +491,7 @@
+ assert(e);
+ /* _add_ check that nothing bad happened while we were waiting @?@ @?@ */
+
+- if (sd_state.rewrite_offset + chunk_size > store_digest->mask_size)
++ if (static_cast<uint32_t>(sd_state.rewrite_offset + chunk_size) > store_digest->mask_size)
+ chunk_size = store_digest->mask_size - sd_state.rewrite_offset;
+
+ e->append(store_digest->mask + sd_state.rewrite_offset, chunk_size);
+@@ -451,7 +503,7 @@
+ sd_state.rewrite_offset += chunk_size;
+
+ /* are we done ? */
+- if (sd_state.rewrite_offset >= store_digest->mask_size)
++ if (static_cast<uint32_t>(sd_state.rewrite_offset) >= store_digest->mask_size)
+ storeDigestRewriteFinish(e);
+ else
+ eventAdd("storeDigestSwapOutStep", storeDigestSwapOutStep, data, 0.0, 1, false);
+@@ -467,60 +519,10 @@
+ sd_state.cblock.count = htonl(store_digest->count);
+ sd_state.cblock.del_count = htonl(store_digest->del_count);
+ sd_state.cblock.mask_size = htonl(store_digest->mask_size);
+- sd_state.cblock.bits_per_entry = (unsigned char)
+- Config.digest.bits_per_entry;
++ sd_state.cblock.bits_per_entry = Config.digest.bits_per_entry;
+ sd_state.cblock.hash_func_count = (unsigned char) CacheDigestHashFuncCount;
+ e->append((char *) &sd_state.cblock, sizeof(sd_state.cblock));
+ }
+
+-/* calculates digest capacity */
+-static int
+-storeDigestCalcCap(void)
+-{
+- /*
+- * To-Do: Bloom proved that the optimal filter utilization is 50% (half of
+- * the bits are off). However, we do not have a formula to calculate the
+- * number of _entries_ we want to pre-allocate for.
+- */
+- const int hi_cap = Store::Root().maxSize() / Config.Store.avgObjectSize;
+- const int lo_cap = 1 + Store::Root().currentSize() / Config.Store.avgObjectSize;
+- const int e_count = StoreEntry::inUseCount();
+- int cap = e_count ? e_count :hi_cap;
+- debugs(71, 2, "storeDigestCalcCap: have: " << e_count << ", want " << cap <<
+- " entries; limits: [" << lo_cap << ", " << hi_cap << "]");
+-
+- if (cap < lo_cap)
+- cap = lo_cap;
+-
+- /* do not enforce hi_cap limit, average-based estimation may be wrong
+- *if (cap > hi_cap)
+- * cap = hi_cap;
+- */
+- return cap;
+-}
+-
+-/* returns true if we actually resized the digest */
+-static int
+-storeDigestResize(void)
+-{
+- const int cap = storeDigestCalcCap();
+- int diff;
+- assert(store_digest);
+- diff = abs(cap - store_digest->capacity);
+- debugs(71, 2, "storeDigestResize: " <<
+- store_digest->capacity << " -> " << cap << "; change: " <<
+- diff << " (" << xpercentInt(diff, store_digest->capacity) << "%)" );
+- /* avoid minor adjustments */
+-
+- if (diff <= store_digest->capacity / 10) {
+- debugs(71, 2, "storeDigestResize: small change, will not resize.");
+- return 0;
+- } else {
+- debugs(71, 2, "storeDigestResize: big change, resizing.");
+- cacheDigestChangeCap(store_digest, cap);
+- return 1;
+- }
+-}
+-
+ #endif /* USE_CACHE_DIGESTS */
+
+
+=== modified file 'src/tests/stub_CacheDigest.cc'
+--- src/tests/stub_CacheDigest.cc 2016-01-01 00:14:27 +0000
++++ src/tests/stub_CacheDigest.cc 2016-07-23 07:16:20 +0000
+@@ -16,11 +16,11 @@
+ class CacheDigestGuessStats;
+ class StoreEntry;
+
+-CacheDigest * cacheDigestCreate(int, int) STUB_RETVAL(NULL)
++CacheDigest * cacheDigestCreate(uint64_t, uint8_t) STUB_RETVAL(NULL)
+ void cacheDigestDestroy(CacheDigest *) STUB
+ CacheDigest * cacheDigestClone(const CacheDigest *) STUB_RETVAL(NULL)
+ void cacheDigestClear(CacheDigest * ) STUB
+-void cacheDigestChangeCap(CacheDigest *,int) STUB
++void cacheDigestChangeCap(CacheDigest *,uint64_t) STUB
+ int cacheDigestTest(const CacheDigest *, const cache_key *) STUB_RETVAL(1)
+ void cacheDigestAdd(CacheDigest *, const cache_key *) STUB
+ void cacheDigestDel(CacheDigest *, const cache_key *) STUB
+@@ -28,5 +28,4 @@
+ void cacheDigestGuessStatsUpdate(CacheDigestGuessStats *, int, int) STUB
+ void cacheDigestGuessStatsReport(const CacheDigestGuessStats *, StoreEntry *, const char *) STUB
+ void cacheDigestReport(CacheDigest *, const char *, StoreEntry *) STUB
+-size_t cacheDigestCalcMaskSize(int, int) STUB_RETVAL(1)
+-
++uint32_t cacheDigestCalcMaskSize(uint64_t, uint8_t) STUB_RETVAL(1)
+
--- /dev/null
+------------------------------------------------------------
+revno: 14068
+revision-id: squid3@treenet.co.nz-20160723071930-cemledcltg8pkc28
+parent: squid3@treenet.co.nz-20160723071620-1wzqpbyi1rk5w6vg
+fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4542
+author: Anonymous <bigparrot@pirateperfection.com>
+committer: Amos Jeffries <squid3@treenet.co.nz>
+branch nick: 3.5
+timestamp: Sat 2016-07-23 19:19:30 +1200
+message:
+ Bug #4542: authentication credentials IP TTL updated incorrectly
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3@treenet.co.nz-20160723071930-cemledcltg8pkc28
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# testament_sha1: ee0c6aab5414532d9554ef338cce049263902fd8
+# timestamp: 2016-07-23 07:24:05 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# base_revision_id: squid3@treenet.co.nz-20160723071620-\
+# 1wzqpbyi1rk5w6vg
+#
+# Begin patch
+=== modified file 'src/auth/User.cc'
+--- src/auth/User.cc 2016-01-01 00:14:27 +0000
++++ src/auth/User.cc 2016-07-23 07:19:30 +0000
+@@ -284,7 +284,7 @@
+ /* This ip has already been seen. */
+ found = 1;
+ /* update IP ttl */
+- ipdata->ip_expiretime = squid_curtime;
++ ipdata->ip_expiretime = squid_curtime + ::Config.authenticateIpTTL;
+ } else if (ipdata->ip_expiretime <= squid_curtime) {
+ /* This IP has expired - remove from the seen list */
+ dlinkDelete(&ipdata->node, &ip_list);
+
--- /dev/null
+------------------------------------------------------------
+revno: 14069
+revision-id: squidadm@squid-cache.org-20160723121351-iuc8hwstrqd0l1dv
+parent: squid3@treenet.co.nz-20160723071930-cemledcltg8pkc28
+committer: Source Maintenance <squidadm@squid-cache.org>
+branch nick: 3.5
+timestamp: Sat 2016-07-23 12:13:51 +0000
+message:
+ SourceFormat Enforcement
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squidadm@squid-cache.org-20160723121351-\
+# iuc8hwstrqd0l1dv
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# testament_sha1: c9e37a723686ae2ee489ba7ec2e981ae153bda28
+# timestamp: 2016-07-23 12:50:56 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# base_revision_id: squid3@treenet.co.nz-20160723071930-\
+# cemledcltg8pkc28
+#
+# Begin patch
+=== modified file 'src/tests/stub_CacheDigest.cc'
+--- src/tests/stub_CacheDigest.cc 2016-07-23 07:16:20 +0000
++++ src/tests/stub_CacheDigest.cc 2016-07-23 12:13:51 +0000
+@@ -29,3 +29,4 @@
+ void cacheDigestGuessStatsReport(const CacheDigestGuessStats *, StoreEntry *, const char *) STUB
+ void cacheDigestReport(CacheDigest *, const char *, StoreEntry *) STUB
+ uint32_t cacheDigestCalcMaskSize(uint64_t, uint8_t) STUB_RETVAL(1)
++
+
--- /dev/null
+------------------------------------------------------------
+revno: 14070
+revision-id: squid3@treenet.co.nz-20160805145933-0cpyy47o8955lamx
+parent: squidadm@squid-cache.org-20160723121351-iuc8hwstrqd0l1dv
+author: Christos Tsantilas <chtsanti@users.sourceforge.net>
+committer: Amos Jeffries <squid3@treenet.co.nz>
+branch nick: 3.5
+timestamp: Sat 2016-08-06 02:59:33 +1200
+message:
+ Squid segfault via Ftp::Client::readControlReply().
+
+ Ftp::Client::scheduleReadControlReply(), which may called from the
+ asynchronous start() or readControlReply()/handleControlReply()
+ handlers, does not check whether the control connection is still usable
+ before using it.
+
+ This is a Measurement Factory project.
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3@treenet.co.nz-20160805145933-0cpyy47o8955lamx
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# testament_sha1: 1c21ce821f9cbc22b3e8ff2b1029f7084b5f0643
+# timestamp: 2016-08-05 15:00:22 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# base_revision_id: squidadm@squid-cache.org-20160723121351-\
+# iuc8hwstrqd0l1dv
+#
+# Begin patch
+=== modified file 'src/clients/FtpClient.cc'
+--- src/clients/FtpClient.cc 2016-02-19 23:15:41 +0000
++++ src/clients/FtpClient.cc 2016-08-05 14:59:33 +0000
+@@ -314,6 +314,11 @@
+ /* We've already read some reply data */
+ handleControlReply();
+ } else {
++
++ if (!Comm::IsConnOpen(ctrl.conn)) {
++ debugs(9, 3, "cannot read without ctrl " << ctrl.conn);
++ return;
++ }
+ /*
+ * Cancel the timeout on the Data socket (if any) and
+ * establish one on the control socket.
+
--- /dev/null
+------------------------------------------------------------
+revno: 14071
+revision-id: squid3@treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3
+parent: squid3@treenet.co.nz-20160805145933-0cpyy47o8955lamx
+fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4428
+committer: Amos Jeffries <squid3@treenet.co.nz>
+branch nick: 3.5
+timestamp: Wed 2016-08-17 14:55:01 +1200
+message:
+ Bug 4428: mal-formed Cache-Control:stale-if-error header
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3@treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# testament_sha1: b3b3ef13c45062a97bd5cc88c934019fe4af7a3c
+# timestamp: 2016-08-17 02:55:20 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# base_revision_id: squid3@treenet.co.nz-20160805145933-\
+# 0cpyy47o8955lamx
+#
+# Begin patch
+=== modified file 'src/HttpHdrCc.cc'
+--- src/HttpHdrCc.cc 2016-01-01 00:14:27 +0000
++++ src/HttpHdrCc.cc 2016-08-17 02:55:01 +0000
+@@ -257,6 +257,27 @@
+
+ /* for all options having values, "=value" after the name */
+ switch (flag) {
++ case CC_BADHDR:
++ break;
++ case CC_PUBLIC:
++ break;
++ case CC_PRIVATE:
++ if (Private().size())
++ packerPrintf(p, "=\"" SQUIDSTRINGPH "\"", SQUIDSTRINGPRINT(Private()));
++ break;
++
++ case CC_NO_CACHE:
++ if (noCache().size())
++ packerPrintf(p, "=\"" SQUIDSTRINGPH "\"", SQUIDSTRINGPRINT(noCache()));
++ break;
++ case CC_NO_STORE:
++ break;
++ case CC_NO_TRANSFORM:
++ break;
++ case CC_MUST_REVALIDATE:
++ break;
++ case CC_PROXY_REVALIDATE:
++ break;
+ case CC_MAX_AGE:
+ packerPrintf(p, "=%d", (int) maxAge());
+ break;
+@@ -272,8 +293,14 @@
+ case CC_MIN_FRESH:
+ packerPrintf(p, "=%d", (int) minFresh());
+ break;
+- default:
+- /* do nothing, directive was already printed */
++ case CC_ONLY_IF_CACHED:
++ break;
++ case CC_STALE_IF_ERROR:
++ packerPrintf(p, "=%d", staleIfError());
++ break;
++ case CC_OTHER:
++ case CC_ENUM_END:
++ // done below after the loop
+ break;
+ }
+
+
--- /dev/null
+------------------------------------------------------------
+revno: 14072
+revision-id: squid3@treenet.co.nz-20160817025828-s4102klt2ei25tsm
+parent: squid3@treenet.co.nz-20160817025501-e66sjxm0bfy3ksn3
+committer: Amos Jeffries <squid3@treenet.co.nz>
+branch nick: 3.5
+timestamp: Wed 2016-08-17 14:58:28 +1200
+message:
+ Fix SSL-Bump failure results in SEGFAULT
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3@treenet.co.nz-20160817025828-s4102klt2ei25tsm
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# testament_sha1: 73877d276fba41282aeb5973207d02851d5eb784
+# timestamp: 2016-08-17 03:50:56 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# base_revision_id: squid3@treenet.co.nz-20160817025501-\
+# e66sjxm0bfy3ksn3
+#
+# Begin patch
+=== modified file 'src/client_side_request.cc'
+--- src/client_side_request.cc 2016-05-06 08:24:29 +0000
++++ src/client_side_request.cc 2016-08-17 02:58:28 +0000
+@@ -1811,7 +1811,7 @@
+ repContext->setReplyToStoreEntry(e, "immediate SslBump error");
+ errorAppendEntry(e, calloutContext->error);
+ calloutContext->error = NULL;
+- if (calloutContext->readNextRequest)
++ if (calloutContext->readNextRequest && getConn())
+ getConn()->flags.readMore = true; // resume any pipeline reads.
+ node = (clientStreamNode *)client_stream.tail->data;
+ clientStreamRead(node, this, node->readBuffer);
+
--- /dev/null
+------------------------------------------------------------
+revno: 14073
+revision-id: squid3@treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj
+parent: squid3@treenet.co.nz-20160817025828-s4102klt2ei25tsm
+fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4563
+committer: Amos Jeffries <squid3@treenet.co.nz>
+branch nick: 3.5
+timestamp: Wed 2016-08-17 17:10:37 +1200
+message:
+ Bug 4563: duplicate code in httpMakeVaryMark
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3@treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# testament_sha1: bba9a17715b8759e9d70db2c75f70f3c6152ae8a
+# timestamp: 2016-08-17 05:50:53 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# base_revision_id: squid3@treenet.co.nz-20160817025828-\
+# s4102klt2ei25tsm
+#
+# Begin patch
+=== modified file 'src/http.cc'
+--- src/http.cc 2016-04-01 06:15:31 +0000
++++ src/http.cc 2016-08-17 05:10:37 +0000
+@@ -572,6 +572,38 @@
+ /* NOTREACHED */
+ }
+
++/// assemble a variant key (vary-mark) from the given Vary header and HTTP request
++static void
++assembleVaryKey(String &vary, SBuf &vstr, const HttpRequest &request)
++{
++ static const SBuf asterisk("*");
++ const char *pos = nullptr;
++ const char *item = nullptr;
++ int ilen = 0;
++
++ while (strListGetItem(&vary, ',', &item, &ilen, &pos)) {
++ SBuf name(item, ilen);
++ if (name == asterisk) {
++ vstr.clear();
++ break;
++ }
++ name.toLower();
++ if (!vstr.isEmpty())
++ vstr.append(", ", 2);
++ vstr.append(name);
++ String hdr(request.header.getByName(name.c_str()));
++ const char *value = hdr.termedBuf();
++ if (value) {
++ value = rfc1738_escape_part(value);
++ vstr.append("=\"", 2);
++ vstr.append(value);
++ vstr.append("\"", 1);
++ }
++
++ hdr.clean();
++ }
++}
++
+ /*
+ * For Vary, store the relevant request headers as
+ * virtual headers in the reply
+@@ -580,81 +612,16 @@
+ SBuf
+ httpMakeVaryMark(HttpRequest * request, HttpReply const * reply)
+ {
+- String vary, hdr;
+- const char *pos = NULL;
+- const char *item;
+- const char *value;
+- int ilen;
+ SBuf vstr;
+- static const SBuf asterisk("*");
++ String vary;
+
+ vary = reply->header.getList(HDR_VARY);
+-
+- while (strListGetItem(&vary, ',', &item, &ilen, &pos)) {
+- char *name = (char *)xmalloc(ilen + 1);
+- xstrncpy(name, item, ilen + 1);
+- Tolower(name);
+-
+- if (strcmp(name, "*") == 0) {
+- /* Can not handle "Vary: *" withtout ETag support */
+- safe_free(name);
+- vstr.clear();
+- break;
+- }
+-
+- if (!vstr.isEmpty())
+- vstr.append(", ", 2);
+- vstr.append(name);
+- hdr = request->header.getByName(name);
+- safe_free(name);
+- value = hdr.termedBuf();
+-
+- if (value) {
+- value = rfc1738_escape_part(value);
+- vstr.append("=\"", 2);
+- vstr.append(value);
+- vstr.append("\"", 1);
+- }
+-
+- hdr.clean();
+- }
+-
++ assembleVaryKey(vary, vstr, *request);
++
++#if X_ACCELERATOR_VARY
+ vary.clean();
+-#if X_ACCELERATOR_VARY
+-
+- pos = NULL;
+ vary = reply->header.getList(HDR_X_ACCELERATOR_VARY);
+-
+- while (strListGetItem(&vary, ',', &item, &ilen, &pos)) {
+- char *name = (char *)xmalloc(ilen + 1);
+- xstrncpy(name, item, ilen + 1);
+- Tolower(name);
+-
+- if (strcmp(name, "*") == 0) {
+- /* Can not handle "Vary: *" withtout ETag support */
+- safe_free(name);
+- vstr.clear();
+- break;
+- }
+-
+- if (!vstr.isEmpty())
+- vstr.append(", ", 2);
+- vstr.append(name);
+- hdr = request->header.getByName(name);
+- safe_free(name);
+- value = hdr.termedBuf();
+-
+- if (value) {
+- value = rfc1738_escape_part(value);
+- vstr.append("=\"", 2);
+- vstr.append(value);
+- vstr.append("\"", 1);
+- }
+-
+- hdr.clean();
+- }
+-
+- vary.clean();
++ assembleVaryKey(vary, vstr, *request);
+ #endif
+
+ debugs(11, 3, vstr);
+
--- /dev/null
+------------------------------------------------------------
+revno: 14074
+revision-id: squid3@treenet.co.nz-20160817054829-rl7q49ysi40sj01i
+parent: squid3@treenet.co.nz-20160817051037-p0kaj2iw2u4u8iqj
+fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3025
+author: mkishi <mkishi@104.net>
+committer: Amos Jeffries <squid3@treenet.co.nz>
+branch nick: 3.5
+timestamp: Wed 2016-08-17 17:48:29 +1200
+message:
+ Bug 3025: Proxy-Authenticate problem using ICAP server
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3@treenet.co.nz-20160817054829-rl7q49ysi40sj01i
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# testament_sha1: f4eb1b35dc72bba74a398070900a0951257e547e
+# timestamp: 2016-08-17 05:50:56 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# base_revision_id: squid3@treenet.co.nz-20160817051037-\
+# p0kaj2iw2u4u8iqj
+#
+# Begin patch
+=== modified file 'src/client_side_reply.cc'
+--- src/client_side_reply.cc 2016-04-01 06:15:31 +0000
++++ src/client_side_reply.cc 2016-08-17 05:48:29 +0000
+@@ -1305,8 +1305,14 @@
+
+ // if there is not configured a peer proxy with login=PASS or login=PASSTHRU option enabled
+ // remove the Proxy-Authenticate header
+- if ( !request->peer_login || (strcmp(request->peer_login,"PASS") != 0 && strcmp(request->peer_login,"PASSTHRU") != 0))
+- reply->header.delById(HDR_PROXY_AUTHENTICATE);
++ if ( !request->peer_login || (strcmp(request->peer_login,"PASS") != 0 && strcmp(request->peer_login,"PASSTHRU") != 0)) {
++#if USE_ADAPTATION
++ // but allow adaptation services to authenticate clients
++ // via request satisfaction
++ if (!http->requestSatisfactionMode())
++#endif
++ reply->header.delById(HDR_PROXY_AUTHENTICATE);
++ }
+
+ reply->header.removeHopByHopEntries();
+
+
+=== modified file 'src/client_side_request.h'
+--- src/client_side_request.h 2016-01-01 00:14:27 +0000
++++ src/client_side_request.h 2016-08-17 05:48:29 +0000
+@@ -140,6 +140,7 @@
+
+ public:
+ void startAdaptation(const Adaptation::ServiceGroupPointer &g);
++ bool requestSatisfactionMode() const { return request_satisfaction_mode; }
+
+ // private but exposed for ClientRequestContext
+ void handleAdaptationFailure(int errDetail, bool bypassable = false);
+
--- /dev/null
+------------------------------------------------------------
+revno: 14075
+revision-id: squid3@treenet.co.nz-20160817133413-vdmm0d6kvo8bfszk
+parent: squid3@treenet.co.nz-20160817054829-rl7q49ysi40sj01i
+committer: Amos Jeffries <squid3@treenet.co.nz>
+branch nick: 3.5
+timestamp: Thu 2016-08-18 01:34:13 +1200
+message:
+ Fix logic error in rev.13930
+
+ Using !=0 on both string compares means any login= value will permit
+ 40x responses through. Only PASS and PASSTHRU should be doing that.
+
+ Detected by Coverity Scan. Issue 1364711
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3@treenet.co.nz-20160817133413-vdmm0d6kvo8bfszk
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# testament_sha1: 31f0c4e0f435e0aa994ffe8937e4d4c58fed37f5
+# timestamp: 2016-08-17 13:34:59 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# base_revision_id: squid3@treenet.co.nz-20160817054829-\
+# rl7q49ysi40sj01i
+#
+# Begin patch
+=== modified file 'src/tunnel.cc'
+--- src/tunnel.cc 2016-01-01 00:14:27 +0000
++++ src/tunnel.cc 2016-08-17 13:34:13 +0000
+@@ -476,7 +476,7 @@
+
+ // we need to relay the 401/407 responses when login=PASS(THRU)
+ const char *pwd = server.conn->getPeer()->login;
+- const bool relay = pwd && (strcmp(pwd, "PASS") != 0 || strcmp(pwd, "PASSTHRU") != 0) &&
++ const bool relay = pwd && (strcmp(pwd, "PASS") == 0 || strcmp(pwd, "PASSTHRU") == 0) &&
+ (*status_ptr == Http::scProxyAuthenticationRequired ||
+ *status_ptr == Http::scUnauthorized);
+
+
projects / people / pmueller / ipfire-2.x.git / commitdiff
