rpms
/
squid
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import squid-4.11-1.module+el8.3.0+6769+637637ab

This commit is contained in:
CentOS Sources 2020-07-01 20:35:10 +00:00 committed by Andrew Lukoshko
commit 6d8247dd32
18 changed files with 2218 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/squid-4.11.tar.xz

1
.squid.metadata Normal file
View File

@ -0,0 +1 @@
053277bf5497163ffc9261b9807abda5959bb6fc SOURCES/squid-4.11.tar.xz

16
SOURCES/cache_swap.sh Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
if [ -f /etc/sysconfig/squid ]; then
. /etc/sysconfig/squid
fi
SQUID_CONF=${SQUID_CONF:-"/etc/squid/squid.conf"}
CACHE_SWAP=`sed -e 's/#.*//g' $SQUID_CONF | \
grep cache_dir | awk '{ print $3 }'`
for adir in $CACHE_SWAP; do
if [ ! -d $adir/00 ]; then
echo -n "init_cache_dir $adir... "
squid -N -z -F -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
fi
done

3
SOURCES/perl-requires-squid.sh Executable file
View File

@ -0,0 +1,3 @@
#!/bin/sh
/usr/lib/rpm/perl.req $* | grep -v "Authen::Smb"

127
SOURCES/squid-4.11-active-ftp.patch Normal file
View File

@ -0,0 +1,127 @@
diff --git a/src/clients/FtpClient.cc b/src/clients/FtpClient.cc
index b665bcf..d287e55 100644
--- a/src/clients/FtpClient.cc
+++ b/src/clients/FtpClient.cc
@@ -778,7 +778,8 @@ Ftp::Client::connectDataChannel()
bool
Ftp::Client::openListenSocket()
{
- return false;
+ debugs(9, 3, HERE);
+ return false;
}
/// creates a data channel Comm close callback
diff --git a/src/clients/FtpClient.h b/src/clients/FtpClient.h
index a76a5a0..218d696 100644
--- a/src/clients/FtpClient.h
+++ b/src/clients/FtpClient.h
@@ -118,7 +118,7 @@ public:
bool sendPort();
bool sendPassive();
void connectDataChannel();
- bool openListenSocket();
+ virtual bool openListenSocket();
void switchTimeoutToDataChannel();
CtrlChannel ctrl; ///< FTP control channel state
diff --git a/src/clients/FtpGateway.cc b/src/clients/FtpGateway.cc
index 411bce9..31d3e36 100644
--- a/src/clients/FtpGateway.cc
+++ b/src/clients/FtpGateway.cc
@@ -87,6 +87,13 @@ struct GatewayFlags {
class Gateway;
typedef void (StateMethod)(Ftp::Gateway *);
+} // namespace FTP
+
+static void ftpOpenListenSocket(Ftp::Gateway * ftpState, int fallback);
+
+namespace Ftp
+{
+
/// FTP Gateway: An FTP client that takes an HTTP request with an ftp:// URI,
/// converts it into one or more FTP commands, and then
/// converts one or more FTP responses into the final HTTP response.
@@ -137,7 +144,11 @@ public:
/// create a data channel acceptor and start listening.
void listenForDataChannel(const Comm::ConnectionPointer &conn);
-
+ virtual bool openListenSocket() {
+ debugs(9, 3, HERE);
+ ftpOpenListenSocket(this, 0);
+ return Comm::IsConnOpen(data.conn);
+ }
int checkAuth(const HttpHeader * req_hdr);
void checkUrlpath();
void buildTitleUrl();
@@ -1787,6 +1798,7 @@ ftpOpenListenSocket(Ftp::Gateway * ftpState, int fallback)
}
ftpState->listenForDataChannel(temp);
+ ftpState->data.listenConn = temp;
}
static void
@@ -1822,13 +1834,19 @@ ftpSendPORT(Ftp::Gateway * ftpState)
// pull out the internal IP address bytes to send in PORT command...
// source them from the listen_conn->local
+ struct sockaddr_in addr;
+ socklen_t addrlen = sizeof(addr);
+ getsockname(ftpState->data.listenConn->fd, (struct sockaddr *) &addr, &addrlen);
+ unsigned char port_high = ntohs(addr.sin_port) >> 8;
+ unsigned char port_low = ntohs(addr.sin_port) & 0xff;
+
struct addrinfo *AI = NULL;
ftpState->data.listenConn->local.getAddrInfo(AI, AF_INET);
unsigned char *addrptr = (unsigned char *) &((struct sockaddr_in*)AI->ai_addr)->sin_addr;
- unsigned char *portptr = (unsigned char *) &((struct sockaddr_in*)AI->ai_addr)->sin_port;
+ // unsigned char *portptr = (unsigned char *) &((struct sockaddr_in*)AI->ai_addr)->sin_port;
snprintf(cbuf, CTRL_BUFLEN, "PORT %d,%d,%d,%d,%d,%d\r\n",
addrptr[0], addrptr[1], addrptr[2], addrptr[3],
- portptr[0], portptr[1]);
+ port_high, port_low);
ftpState->writeCommand(cbuf);
ftpState->state = Ftp::Client::SENT_PORT;
@@ -1881,14 +1899,27 @@ ftpSendEPRT(Ftp::Gateway * ftpState)
return;
}
+
+ unsigned int port;
+ struct sockaddr_storage addr;
+ socklen_t addrlen = sizeof(addr);
+ getsockname(ftpState->data.listenConn->fd, (struct sockaddr *) &addr, &addrlen);
+ if (addr.ss_family == AF_INET) {
+ struct sockaddr_in *addr4 = (struct sockaddr_in*) &addr;
+ port = ntohs( addr4->sin_port );
+ } else {
+ struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &addr;
+ port = ntohs( addr6->sin6_port );
+ }
+
char buf[MAX_IPSTRLEN];
/* RFC 2428 defines EPRT as IPv6 equivalent to IPv4 PORT command. */
/* Which can be used by EITHER protocol. */
- snprintf(cbuf, CTRL_BUFLEN, "EPRT |%d|%s|%d|\r\n",
+ snprintf(cbuf, CTRL_BUFLEN, "EPRT |%d|%s|%u|\r\n",
( ftpState->data.listenConn->local.isIPv6() ? 2 : 1 ),
ftpState->data.listenConn->local.toStr(buf,MAX_IPSTRLEN),
- ftpState->data.listenConn->local.port() );
+ port);
ftpState->writeCommand(cbuf);
ftpState->state = Ftp::Client::SENT_EPRT;
@@ -1907,7 +1938,7 @@ ftpReadEPRT(Ftp::Gateway * ftpState)
ftpSendPORT(ftpState);
return;
}
-
+ ftpState->ctrl.message = NULL;
ftpRestOrList(ftpState);
}

27
SOURCES/squid-4.11-config.patch Normal file
View File

@ -0,0 +1,27 @@
diff --git a/src/cf.data.pre b/src/cf.data.pre
index 26ef576..30d5509 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -5006,7 +5006,7 @@ DOC_END
NAME: logfile_rotate
TYPE: int
-DEFAULT: 10
+DEFAULT: 0
LOC: Config.Log.rotateNumber
DOC_START
Specifies the default number of logfile rotations to make when you
@@ -6857,11 +6857,11 @@ COMMENT_END
NAME: cache_mgr
TYPE: string
-DEFAULT: webmaster
+DEFAULT: root
LOC: Config.adminEmail
DOC_START
Email-address of local cache manager who will receive
- mail if the cache dies. The default is "webmaster".
+ mail if the cache dies. The default is "root".
DOC_END
NAME: mail_from

41
SOURCES/squid-4.11-include-guards.patch Normal file
View File

@ -0,0 +1,41 @@
diff --git a/compat/os/linux.h b/compat/os/linux.h
index 0ff05c6..d51389b 100644
--- a/compat/os/linux.h
+++ b/compat/os/linux.h
@@ -44,6 +44,36 @@
#include <netinet/in.h>
#endif
+/*
+ * Netfilter header madness. (see Bug 4323)
+ *
+ * Netfilter have a history of defining their own versions of network protocol
+ * primitives without sufficient protection against the POSIX defines which are
+ * aways present in Linux.
+ *
+ * netinet/in.h must be included before any other sys header in order to properly
+ * activate include guards in <linux/libc-compat.h> the kernel maintainers added
+ * to workaround it.
+ */
+#if HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+/*
+ * Netfilter header madness. (see Bug 4323)
+ *
+ * Netfilter have a history of defining their own versions of network protocol
+ * primitives without sufficient protection against the POSIX defines which are
+ * aways present in Linux.
+ *
+ * netinet/in.h must be included before any other sys header in order to properly
+ * activate include guards in <linux/libc-compat.h> the kernel maintainers added
+ * to workaround it.
+ */
+#if HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
/*
* sys/capability.h is only needed in Linux apparently.
*

178
SOURCES/squid-4.11-large-acl.patch Normal file
View File

@ -0,0 +1,178 @@
diff --git a/src/acl/RegexData.cc b/src/acl/RegexData.cc
index 01a4c12..b5c1679 100644
--- a/src/acl/RegexData.cc
+++ b/src/acl/RegexData.cc
@@ -22,6 +22,7 @@
#include "ConfigParser.h"
#include "Debug.h"
#include "sbuf/List.h"
+#include "sbuf/Algorithms.h"
ACLRegexData::~ACLRegexData()
{
@@ -129,6 +130,18 @@ compileRE(std::list<RegexPattern> &curlist, const char * RE, int flags)
return true;
}
+static bool
+compileRE(std::list<RegexPattern> &curlist, const SBufList &RE, int flags)
+{
+ if (RE.empty())
+ return curlist.empty(); // XXX: old code did this. It looks wrong.
+ SBuf regexp;
+ static const SBuf openparen("("), closeparen(")"), separator(")|(");
+ JoinContainerIntoSBuf(regexp, RE.begin(), RE.end(), separator, openparen,
+ closeparen);
+ return compileRE(curlist, regexp.c_str(), flags);
+}
+
/** Compose and compile one large RE from a set of (small) REs.
* The ultimate goal is to have only one RE per ACL so that match() is
* called only once per ACL.
@@ -137,16 +150,11 @@ static int
compileOptimisedREs(std::list<RegexPattern> &curlist, const SBufList &sl)
{
std::list<RegexPattern> newlist;
- int numREs = 0;
+ SBufList accumulatedRE;
+ int numREs = 0, reSize = 0;
int flags = REG_EXTENDED | REG_NOSUB;
- int largeREindex = 0;
- char largeRE[BUFSIZ];
- *largeRE = 0;
for (const SBuf & configurationLineWord : sl) {
- int RElen;
- RElen = configurationLineWord.length();
-
static const SBuf minus_i("-i");
static const SBuf plus_i("+i");
if (configurationLineWord == minus_i) {
@@ -155,10 +163,11 @@ compileOptimisedREs(std::list<RegexPattern> &curlist, const SBufList &sl)
debugs(28, 2, "optimisation of -i ... -i" );
} else {
debugs(28, 2, "-i" );
- if (!compileRE(newlist, largeRE, flags))
+ if (!compileRE(newlist, accumulatedRE, flags))
return 0;
flags |= REG_ICASE;
- largeRE[largeREindex=0] = '\0';
+ accumulatedRE.clear();
+ reSize = 0;
}
} else if (configurationLineWord == plus_i) {
if ((flags & REG_ICASE) == 0) {
@@ -166,37 +175,34 @@ compileOptimisedREs(std::list<RegexPattern> &curlist, const SBufList &sl)
debugs(28, 2, "optimisation of +i ... +i");
} else {
debugs(28, 2, "+i");
- if (!compileRE(newlist, largeRE, flags))
+ if (!compileRE(newlist, accumulatedRE, flags))
return 0;
flags &= ~REG_ICASE;
- largeRE[largeREindex=0] = '\0';
+ accumulatedRE.clear();
+ reSize = 0;
}
- } else if (RElen + largeREindex + 3 < BUFSIZ-1) {
+ } else if (reSize < 1024) {
debugs(28, 2, "adding RE '" << configurationLineWord << "'");
- if (largeREindex > 0) {
- largeRE[largeREindex] = '|';
- ++largeREindex;
- }
- largeRE[largeREindex] = '(';
- ++largeREindex;
- configurationLineWord.copy(largeRE+largeREindex, BUFSIZ-largeREindex);
- largeREindex += configurationLineWord.length();
- largeRE[largeREindex] = ')';
- ++largeREindex;
- largeRE[largeREindex] = '\0';
+ accumulatedRE.push_back(configurationLineWord);
++numREs;
+ reSize += configurationLineWord.length();
} else {
debugs(28, 2, "buffer full, generating new optimised RE..." );
- if (!compileRE(newlist, largeRE, flags))
+ accumulatedRE.push_back(configurationLineWord);
+ if (!compileRE(newlist, accumulatedRE, flags))
return 0;
- largeRE[largeREindex=0] = '\0';
+ accumulatedRE.clear();
+ reSize = 0;
continue; /* do the loop again to add the RE to largeRE */
}
}
- if (!compileRE(newlist, largeRE, flags))
+ if (!compileRE(newlist, accumulatedRE, flags))
return 0;
+ accumulatedRE.clear();
+ reSize = 0;
+
/* all was successful, so put the new list at the tail */
curlist.splice(curlist.end(), newlist);
diff --git a/src/sbuf/Algorithms.h b/src/sbuf/Algorithms.h
index 21ee889..338e9c0 100644
--- a/src/sbuf/Algorithms.h
+++ b/src/sbuf/Algorithms.h
@@ -81,6 +81,57 @@ SBufContainerJoin(const Container &items, const SBuf& separator)
return rv;
}
+/** Join container of SBufs and append to supplied target
+ *
+ * append to the target SBuf all elements in the [begin,end) range from
+ * an iterable container, prefixed by prefix, separated by separator and
+ * followed by suffix. Prefix and suffix are added also in case of empty
+ * iterable
+ *
+ * \return the modified dest
+ */
+template <class ContainerIterator>
+SBuf&
+JoinContainerIntoSBuf(SBuf &dest, const ContainerIterator &begin,
+ const ContainerIterator &end, const SBuf& separator,
+ const SBuf& prefix = SBuf(), const SBuf& suffix = SBuf())
+{
+ if (begin == end) {
+ dest.append(prefix).append(suffix);
+ return dest;
+ }
+
+ // optimization: pre-calculate needed storage
+ const SBuf::size_type totalContainerSize =
+ std::accumulate(begin, end, 0, SBufAddLength(separator)) +
+ dest.length() + prefix.length() + suffix.length();
+ SBufReservationRequirements req;
+ req.minSpace = totalContainerSize;
+ dest.reserve(req);
+
+ auto i = begin;
+ dest.append(prefix);
+ dest.append(*i);
+ ++i;
+ for (; i != end; ++i)
+ dest.append(separator).append(*i);
+ dest.append(suffix);
+ return dest;
+}
+
+
+/// convenience wrapper of JoinContainerIntoSBuf with no caller-supplied SBuf
+template <class ContainerIterator>
+SBuf
+JoinContainerToSBuf(const ContainerIterator &begin,
+ const ContainerIterator &end, const SBuf& separator,
+ const SBuf& prefix = SBuf(), const SBuf& suffix = SBuf())
+{
+ SBuf rv;
+ return JoinContainerIntoSBuf(rv, begin, end, separator, prefix, suffix);
+}
+
+
namespace std {
/// default hash functor to support std::unordered_map<SBuf,*>
template <>

33
SOURCES/squid-4.11-location.patch Normal file
View File

@ -0,0 +1,33 @@
diff --git a/QUICKSTART b/QUICKSTART
index e5299b4..a243437 100644
--- a/QUICKSTART
+++ b/QUICKSTART
@@ -10,10 +10,9 @@ After you retrieved, compiled and installed the Squid software (see
INSTALL in the same directory), you have to configure the squid.conf
file. This is the list of the values you *need* to change, because no
sensible defaults could be defined. Do not touch the other variables
-for now. We assume you have installed Squid in the default location:
-/usr/local/squid
+for now.
-Uncomment and edit the following lines in /usr/local/squid/etc/squid.conf:
+Uncomment and edit the following lines in /etc/squid/squid.conf:
==============================================================================
@@ -80,12 +79,12 @@ After editing squid.conf to your liking, run Squid from the command
line TWICE:
To create any disk cache_dir configured:
- % /usr/local/squid/sbin/squid -z
+ % /usr/sbin/squid -z
To start squid:
- % /usr/local/squid/sbin/squid
+ % /usr/sbin/squid
-Check in the cache.log (/usr/local/squid/var/logs/cache.log) that
+Check in the cache.log (/var/log/squid/cache.log) that
everything is all right.
Once Squid created all its files (it can take several minutes on some

10
SOURCES/squid-4.11-perlpath.patch Normal file
View File

@ -0,0 +1,10 @@
diff --git a/contrib/url-normalizer.pl b/contrib/url-normalizer.pl
index 90ac6a4..8dbed90 100755
--- a/contrib/url-normalizer.pl
+++ b/contrib/url-normalizer.pl
@@ -1,4 +1,4 @@
-#!/usr/local/bin/perl -Tw
+#!/usr/bin/perl -Tw
#
# * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
# *

39
SOURCES/squid-4.11-systemd.patch Normal file
View File

@ -0,0 +1,39 @@
diff --git a/configure b/configure
index 17b2ebf..9530f6b 100755
--- a/configure
+++ b/configure
@@ -33915,6 +33915,7 @@ done
fi
if test "x$SYSTEMD_LIBS" != "x" ; then
CXXFLAGS="$SYSTEMD_CFLAGS $CXXFLAGS"
+ LDFLAGS="$SYSTEMD_LIBS $LDFLAGS"
$as_echo "#define USE_SYSTEMD 1" >>confdefs.h
diff --git a/src/Debug.h b/src/Debug.h
index 6eecd01..ddd9e38 100644
--- a/src/Debug.h
+++ b/src/Debug.h
@@ -99,6 +99,10 @@ public:
/// configures the active debugging context to write syslog ALERT
static void ForceAlert();
+
+ /// prefixes each grouped debugs() line after the first one in the group
+ static std::ostream& Extra(std::ostream &os) { return os << "\n "; }
+
private:
static Context *Current; ///< deepest active context; nil outside debugs()
};
diff --git a/configure.ac b/configure.ac
index d3c5da8..806302c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2162,6 +2162,7 @@ if test "x$with_systemd" != "xno" -a "x$squid_host_os" = "xlinux"; then
fi
if test "x$SYSTEMD_LIBS" != "x" ; then
CXXFLAGS="$SYSTEMD_CFLAGS $CXXFLAGS"
+ LDFLAGS="$SYSTEMD_LIBS $LDFLAGS"
AC_DEFINE(USE_SYSTEMD,1,[systemd support is available])
else
with_systemd=no

25
SOURCES/squid-4.11.tar.xz.asc Normal file
View File

@ -0,0 +1,25 @@
File: squid-4.11.tar.xz
Date: Sun Apr 19 12:56:37 UTC 2020
Size: 2447700
MD5 : 10f34e852153a9996aa4614670e2bda1
SHA1: 053277bf5497163ffc9261b9807abda5959bb6fc
Key : CD6DBF8EF3B17D3E <squid3@treenet.co.nz>
B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E
keyring = http://www.squid-cache.org/pgp.asc
keyserver = pool.sks-keyservers.net
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAl6cSpEACgkQzW2/jvOx
fT6YbA/6A+IbIbNBJUW45oj23Io9Tw/CzAcTeLHR+McKwV77qMbR+L+kQ+fUdM5F
rHAmd8bVVlyHc4WanVfWItEmzBzHA/ifTNvVpefSGGEbDb80RF66k7ACiZUokg1b
kkPwc/SjDhe2wvketIaBiVVd7pylrlCdVvazcF8gE9MWDOIlJND5mnHXidXvwkbJ
T2//8JZVEmcmN9pdFGNAUVckFm+AnwWXcRM1SQPYDGSVUtjVlqido8snLTA1mZwl
rIpjppujMV54OOWlj+Gqa3MZkpNzIaMCAfphzUFlsQY+/sRUYAOv1wmxw2WclxlK
WlWM+fw8OsYNDMwkOScKZZWceoAkq6UsUHzCAdJIdLqV/R6mZ9nfuZ6BHIr0+2dP
bDf9MU4KXbwEuXiRD/KPziUxxOZwSPivbm3wy9DqTTZfO9V+Iq6FVHX+ahxJ0XbM
JWRYA3GW+DRLjorfsWxU5r4UJsrnBfhItPUAfGPjPjEGZ/pn8r9G6MGenNGPLMKy
wP1rMlOhrZPwerzokzAvKx8G0WWkfN+IPv2JK3rDot6RiJIOuvnZZd4RIuVNTGbh
liO7M24JlWX3WD2wHBzxQag46+plb3VvrrVChwIQnZ2Qzpf50w0Bife/wtNBGpK0
k/Xi/nocO796YS8GZBnmhS1lEGEwp/YpJBFWmIjTWMUMEOcswVA=
=PKl0
-----END PGP SIGNATURE-----

16
SOURCES/squid.logrotate Normal file
View File

@ -0,0 +1,16 @@
/var/log/squid/*.log {
weekly
rotate 5
compress
notifempty
missingok
nocreate
sharedscripts
postrotate
# Asks squid to reopen its logs. (logfile_rotate 0 is set in squid.conf)
# errors redirected to make it silent if squid is not running
/usr/sbin/squid -k rotate 2>/dev/null
# Wait a little to allow Squid to catch up before the logs is compressed
sleep 1
endscript
}

7
SOURCES/squid.nm Executable file
View File

@ -0,0 +1,7 @@
#!/bin/sh
case "$2" in
up|down|vpn-up|vpn-down)
/bin/systemctl -q reload squid.service || :
;;
esac

3
SOURCES/squid.pam Normal file
View File

@ -0,0 +1,3 @@
#%PAM-1.0
auth include password-auth
account include password-auth

18
SOURCES/squid.service Normal file
View File

@ -0,0 +1,18 @@
[Unit]
Description=Squid caching proxy
Documentation=man:squid(8)
After=network.target network-online.target nss-lookup.target
[Service]
Type=notify
LimitNOFILE=16384
PIDFile=/run/squid.pid
EnvironmentFile=/etc/sysconfig/squid
ExecStartPre=/usr/libexec/squid/cache_swap.sh
ExecStart=/usr/sbin/squid --foreground $SQUID_OPTS -f ${SQUID_CONF}
ExecReload=/usr/bin/kill -HUP $MAINPID
KillMode=mixed
NotifyAccess=all
[Install]
WantedBy=multi-user.target

9
SOURCES/squid.sysconfig Normal file
View File

@ -0,0 +1,9 @@
# default squid options
SQUID_OPTS=""
# Time to wait for Squid to shut down when asked. Should not be necessary
# most of the time.
SQUID_SHUTDOWN_TIMEOUT=100
# default squid conf file
SQUID_CONF="/etc/squid/squid.conf"

1664
SPECS/squid.spec Normal file
View File

File diff suppressed because it is too large Load Diff