commit
80d8cd46d8
@ -0,0 +1 @@
|
|||||||
|
SOURCES/squid-6.10.tar.xz
|
@ -0,0 +1 @@
|
|||||||
|
70e90865df0e4e9ba7765b622da40bda9bb8fc5d SOURCES/squid-6.10.tar.xz
|
@ -0,0 +1,21 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
if [ -f /etc/sysconfig/squid ]; then
|
||||||
|
. /etc/sysconfig/squid
|
||||||
|
fi
|
||||||
|
|
||||||
|
SQUID_CONF=${SQUID_CONF:-"/etc/squid/squid.conf"}
|
||||||
|
|
||||||
|
CACHE_SWAP=`awk '/^[[:blank:]]*cache_dir/ { print $3 }' "$SQUID_CONF"`
|
||||||
|
|
||||||
|
init_cache_dirs=0
|
||||||
|
for adir in $CACHE_SWAP; do
|
||||||
|
if [ ! -d $adir/00 ]; then
|
||||||
|
echo -n "init_cache_dir $adir... "
|
||||||
|
init_cache_dirs=1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ $init_cache_dirs -ne 0 ]; then
|
||||||
|
echo ""
|
||||||
|
squid --foreground -z -f "$SQUID_CONF" >> /var/log/squid/squid.out 2>&1
|
||||||
|
fi
|
@ -0,0 +1,3 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
/usr/lib/rpm/perl.req $* | grep -v "Authen::Smb"
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,27 @@
|
|||||||
|
diff --git a/src/cf.data.pre b/src/cf.data.pre
|
||||||
|
index 44aa34d..12225bc 100644
|
||||||
|
--- a/src/cf.data.pre
|
||||||
|
+++ b/src/cf.data.pre
|
||||||
|
@@ -5453,7 +5453,7 @@ DOC_END
|
||||||
|
|
||||||
|
NAME: logfile_rotate
|
||||||
|
TYPE: int
|
||||||
|
-DEFAULT: 10
|
||||||
|
+DEFAULT: 0
|
||||||
|
LOC: Config.Log.rotateNumber
|
||||||
|
DOC_START
|
||||||
|
Specifies the default number of logfile rotations to make when you
|
||||||
|
@@ -7447,11 +7447,11 @@ COMMENT_END
|
||||||
|
|
||||||
|
NAME: cache_mgr
|
||||||
|
TYPE: string
|
||||||
|
-DEFAULT: webmaster
|
||||||
|
+DEFAULT: root
|
||||||
|
LOC: Config.adminEmail
|
||||||
|
DOC_START
|
||||||
|
Email-address of local cache manager who will receive
|
||||||
|
- mail if the cache dies. The default is "webmaster".
|
||||||
|
+ mail if the cache dies. The default is "root".
|
||||||
|
DOC_END
|
||||||
|
|
||||||
|
NAME: mail_from
|
@ -0,0 +1,158 @@
|
|||||||
|
diff --git a/src/client_side.cc b/src/client_side.cc
|
||||||
|
index f488fc4..69586df 100644
|
||||||
|
--- a/src/client_side.cc
|
||||||
|
+++ b/src/client_side.cc
|
||||||
|
@@ -932,7 +932,7 @@ ConnStateData::kick()
|
||||||
|
* We are done with the response, and we are either still receiving request
|
||||||
|
* body (early response!) or have already stopped receiving anything.
|
||||||
|
*
|
||||||
|
- * If we are still receiving, then clientParseRequest() below will fail.
|
||||||
|
+ * If we are still receiving, then parseRequests() below will fail.
|
||||||
|
* (XXX: but then we will call readNextRequest() which may succeed and
|
||||||
|
* execute a smuggled request as we are not done with the current request).
|
||||||
|
*
|
||||||
|
@@ -952,28 +952,12 @@ ConnStateData::kick()
|
||||||
|
* Attempt to parse a request from the request buffer.
|
||||||
|
* If we've been fed a pipelined request it may already
|
||||||
|
* be in our read buffer.
|
||||||
|
- *
|
||||||
|
- \par
|
||||||
|
- * This needs to fall through - if we're unlucky and parse the _last_ request
|
||||||
|
- * from our read buffer we may never re-register for another client read.
|
||||||
|
*/
|
||||||
|
|
||||||
|
- if (clientParseRequests()) {
|
||||||
|
- debugs(33, 3, clientConnection << ": parsed next request from buffer");
|
||||||
|
- }
|
||||||
|
+ parseRequests();
|
||||||
|
|
||||||
|
- /** \par
|
||||||
|
- * Either we need to kick-start another read or, if we have
|
||||||
|
- * a half-closed connection, kill it after the last request.
|
||||||
|
- * This saves waiting for half-closed connections to finished being
|
||||||
|
- * half-closed _AND_ then, sometimes, spending "Timeout" time in
|
||||||
|
- * the keepalive "Waiting for next request" state.
|
||||||
|
- */
|
||||||
|
- if (commIsHalfClosed(clientConnection->fd) && pipeline.empty()) {
|
||||||
|
- debugs(33, 3, "half-closed client with no pending requests, closing");
|
||||||
|
- clientConnection->close();
|
||||||
|
+ if (!isOpen())
|
||||||
|
return;
|
||||||
|
- }
|
||||||
|
|
||||||
|
/** \par
|
||||||
|
* At this point we either have a parsed request (which we've
|
||||||
|
@@ -1893,16 +1877,11 @@ ConnStateData::receivedFirstByte()
|
||||||
|
resetReadTimeout(Config.Timeout.request);
|
||||||
|
}
|
||||||
|
|
||||||
|
-/**
|
||||||
|
- * Attempt to parse one or more requests from the input buffer.
|
||||||
|
- * Returns true after completing parsing of at least one request [header]. That
|
||||||
|
- * includes cases where parsing ended with an error (e.g., a huge request).
|
||||||
|
- */
|
||||||
|
-bool
|
||||||
|
-ConnStateData::clientParseRequests()
|
||||||
|
+/// Attempt to parse one or more requests from the input buffer.
|
||||||
|
+/// May close the connection.
|
||||||
|
+void
|
||||||
|
+ConnStateData::parseRequests()
|
||||||
|
{
|
||||||
|
- bool parsed_req = false;
|
||||||
|
-
|
||||||
|
debugs(33, 5, clientConnection << ": attempting to parse");
|
||||||
|
|
||||||
|
// Loop while we have read bytes that are not needed for producing the body
|
||||||
|
@@ -1947,8 +1926,6 @@ ConnStateData::clientParseRequests()
|
||||||
|
|
||||||
|
processParsedRequest(context);
|
||||||
|
|
||||||
|
- parsed_req = true; // XXX: do we really need to parse everything right NOW ?
|
||||||
|
-
|
||||||
|
if (context->mayUseConnection()) {
|
||||||
|
debugs(33, 3, "Not parsing new requests, as this request may need the connection");
|
||||||
|
break;
|
||||||
|
@@ -1961,8 +1938,19 @@ ConnStateData::clientParseRequests()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- /* XXX where to 'finish' the parsing pass? */
|
||||||
|
- return parsed_req;
|
||||||
|
+ debugs(33, 7, "buffered leftovers: " << inBuf.length());
|
||||||
|
+
|
||||||
|
+ if (isOpen() && commIsHalfClosed(clientConnection->fd)) {
|
||||||
|
+ if (pipeline.empty()) {
|
||||||
|
+ // we processed what we could parse, and no more data is coming
|
||||||
|
+ debugs(33, 5, "closing half-closed without parsed requests: " << clientConnection);
|
||||||
|
+ clientConnection->close();
|
||||||
|
+ } else {
|
||||||
|
+ // we parsed what we could, and no more data is coming
|
||||||
|
+ debugs(33, 5, "monitoring half-closed while processing parsed requests: " << clientConnection);
|
||||||
|
+ flags.readMore = false; // may already be false
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
@@ -1979,18 +1967,7 @@ ConnStateData::afterClientRead()
|
||||||
|
if (pipeline.empty())
|
||||||
|
fd_note(clientConnection->fd, "Reading next request");
|
||||||
|
|
||||||
|
- if (!clientParseRequests()) {
|
||||||
|
- if (!isOpen())
|
||||||
|
- return;
|
||||||
|
- // We may get here if the client half-closed after sending a partial
|
||||||
|
- // request. See doClientRead() and shouldCloseOnEof().
|
||||||
|
- // XXX: This partially duplicates ConnStateData::kick().
|
||||||
|
- if (pipeline.empty() && commIsHalfClosed(clientConnection->fd)) {
|
||||||
|
- debugs(33, 5, clientConnection << ": half-closed connection, no completed request parsed, connection closing.");
|
||||||
|
- clientConnection->close();
|
||||||
|
- return;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
+ parseRequests();
|
||||||
|
|
||||||
|
if (!isOpen())
|
||||||
|
return;
|
||||||
|
@@ -3775,7 +3752,7 @@ ConnStateData::notePinnedConnectionBecameIdle(PinnedIdleContext pic)
|
||||||
|
startPinnedConnectionMonitoring();
|
||||||
|
|
||||||
|
if (pipeline.empty())
|
||||||
|
- kick(); // in case clientParseRequests() was blocked by a busy pic.connection
|
||||||
|
+ kick(); // in case parseRequests() was blocked by a busy pic.connection
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Forward future client requests using the given server connection.
|
||||||
|
diff --git a/src/client_side.h b/src/client_side.h
|
||||||
|
index 6027b31..60b99b1 100644
|
||||||
|
--- a/src/client_side.h
|
||||||
|
+++ b/src/client_side.h
|
||||||
|
@@ -98,7 +98,6 @@ public:
|
||||||
|
void doneWithControlMsg() override;
|
||||||
|
|
||||||
|
/// Traffic parsing
|
||||||
|
- bool clientParseRequests();
|
||||||
|
void readNextRequest();
|
||||||
|
|
||||||
|
/// try to make progress on a transaction or read more I/O
|
||||||
|
@@ -443,6 +442,7 @@ private:
|
||||||
|
|
||||||
|
void checkLogging();
|
||||||
|
|
||||||
|
+ void parseRequests();
|
||||||
|
void clientAfterReadingRequests();
|
||||||
|
bool concurrentRequestQueueFilled() const;
|
||||||
|
|
||||||
|
diff --git a/src/tests/stub_client_side.cc b/src/tests/stub_client_side.cc
|
||||||
|
index 8c160e5..f49d5dc 100644
|
||||||
|
--- a/src/tests/stub_client_side.cc
|
||||||
|
+++ b/src/tests/stub_client_side.cc
|
||||||
|
@@ -14,7 +14,7 @@
|
||||||
|
#include "tests/STUB.h"
|
||||||
|
|
||||||
|
#include "client_side.h"
|
||||||
|
-bool ConnStateData::clientParseRequests() STUB_RETVAL(false)
|
||||||
|
+void ConnStateData::parseRequests() STUB
|
||||||
|
void ConnStateData::readNextRequest() STUB
|
||||||
|
bool ConnStateData::isOpen() const STUB_RETVAL(false)
|
||||||
|
void ConnStateData::kick() STUB
|
@ -0,0 +1,32 @@
|
|||||||
|
diff -up squid-3.1.0.9/QUICKSTART.location squid-3.1.0.9/QUICKSTART
|
||||||
|
--- squid-3.1.0.9/QUICKSTART.location 2009-06-26 12:35:27.000000000 +0200
|
||||||
|
+++ squid-3.1.0.9/QUICKSTART 2009-07-17 14:03:10.000000000 +0200
|
||||||
|
@@ -10,10 +10,9 @@ After you retrieved, compiled and instal
|
||||||
|
INSTALL in the same directory), you have to configure the squid.conf
|
||||||
|
file. This is the list of the values you *need* to change, because no
|
||||||
|
sensible defaults could be defined. Do not touch the other variables
|
||||||
|
-for now. We assume you have installed Squid in the default location:
|
||||||
|
-/usr/local/squid
|
||||||
|
+for now.
|
||||||
|
|
||||||
|
-Uncomment and edit the following lines in /usr/local/squid/etc/squid.conf:
|
||||||
|
+Uncomment and edit the following lines in /etc/squid/squid.conf:
|
||||||
|
|
||||||
|
==============================================================================
|
||||||
|
|
||||||
|
@@ -82,12 +81,12 @@ After editing squid.conf to your liking,
|
||||||
|
line TWICE:
|
||||||
|
|
||||||
|
To create any disk cache_dir configured:
|
||||||
|
- % /usr/local/squid/sbin/squid -z
|
||||||
|
+ % /usr/sbin/squid -z
|
||||||
|
|
||||||
|
To start squid:
|
||||||
|
- % /usr/local/squid/sbin/squid
|
||||||
|
+ % /usr/sbin/squid
|
||||||
|
|
||||||
|
-Check in the cache.log (/usr/local/squid/var/logs/cache.log) that
|
||||||
|
+Check in the cache.log (/var/log/squid/cache.log) that
|
||||||
|
everything is all right.
|
||||||
|
|
||||||
|
Once Squid created all its files (it can take several minutes on some
|
@ -0,0 +1,10 @@
|
|||||||
|
diff --git a/contrib/url-normalizer.pl b/contrib/url-normalizer.pl
|
||||||
|
index e965e9e..ed5ffcb 100755
|
||||||
|
--- a/contrib/url-normalizer.pl
|
||||||
|
+++ b/contrib/url-normalizer.pl
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-#!/usr/local/bin/perl -Tw
|
||||||
|
+#!/usr/bin/perl -Tw
|
||||||
|
#
|
||||||
|
# * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
|
||||||
|
# *
|
@ -0,0 +1,26 @@
|
|||||||
|
diff --git a/errors/aliases b/errors/aliases
|
||||||
|
index c256106..38c123a 100644
|
||||||
|
--- a/errors/aliases
|
||||||
|
+++ b/errors/aliases
|
||||||
|
@@ -14,8 +14,7 @@ da da-dk
|
||||||
|
de de-at de-ch de-de de-li de-lu
|
||||||
|
el el-gr
|
||||||
|
en en-au en-bz en-ca en-cn en-gb en-ie en-in en-jm en-nz en-ph en-sg en-tt en-uk en-us en-za en-zw
|
||||||
|
-es es-ar es-bo es-cl es-cu es-co es-do es-ec es-es es-pe es-pr es-py es-us es-uy es-ve es-xl spq
|
||||||
|
-es-mx es-bz es-cr es-gt es-hn es-ni es-pa es-sv
|
||||||
|
+es es-ar es-bo es-cl es-co es-cr es-do es-ec es-es es-gt es-hn es-mx es-ni es-pa es-pe es-pr es-py es-sv es-us es-uy es-ve es-xl
|
||||||
|
et et-ee
|
||||||
|
fa fa-fa fa-ir
|
||||||
|
fi fi-fi
|
||||||
|
diff --git a/errors/language.am b/errors/language.am
|
||||||
|
index a437d17..f2fe463 100644
|
||||||
|
--- a/errors/language.am
|
||||||
|
+++ b/errors/language.am
|
||||||
|
@@ -19,7 +19,6 @@ LANGUAGE_FILES = \
|
||||||
|
de.lang \
|
||||||
|
el.lang \
|
||||||
|
en.lang \
|
||||||
|
- es-mx.lang \
|
||||||
|
es.lang \
|
||||||
|
et.lang \
|
||||||
|
fa.lang \
|
@ -0,0 +1,367 @@
|
|||||||
|
From 8d0ee420a4d91ac7fd97316338f1e28b4b060cbf Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
|
||||||
|
Date: Thu, 10 Oct 2024 19:26:27 +0200
|
||||||
|
Subject: [PATCH 1/6] Ignore whitespace chars after chunk-size
|
||||||
|
|
||||||
|
Previously (before #1498 change), squid was accepting TE-chunked replies
|
||||||
|
with whitespaces after chunk-size and missing chunk-ext data. After
|
||||||
|
|
||||||
|
It turned out that replies with such whitespace chars are pretty
|
||||||
|
common and other webservers which can act as forward proxies (e.g.
|
||||||
|
nginx, httpd...) are accepting them.
|
||||||
|
|
||||||
|
This change will allow to proxy chunked responses from origin server,
|
||||||
|
which had whitespaces inbetween chunk-size and CRLF.
|
||||||
|
---
|
||||||
|
src/http/one/TeChunkedParser.cc | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/src/http/one/TeChunkedParser.cc b/src/http/one/TeChunkedParser.cc
|
||||||
|
index 9cce10fdc91..04753395e16 100644
|
||||||
|
--- a/src/http/one/TeChunkedParser.cc
|
||||||
|
+++ b/src/http/one/TeChunkedParser.cc
|
||||||
|
@@ -125,6 +125,7 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok)
|
||||||
|
// Code becomes much simpler when incremental parsing functions throw on
|
||||||
|
// bad or insufficient input, like in the code below. TODO: Expand up.
|
||||||
|
try {
|
||||||
|
+ tok.skipAll(CharacterSet::WSP); // Some servers send SP/TAB after chunk-size
|
||||||
|
parseChunkExtensions(tok); // a possibly empty chunk-ext list
|
||||||
|
tok.skipRequired("CRLF after [chunk-ext]", Http1::CrLf());
|
||||||
|
buf_ = tok.remaining();
|
||||||
|
|
||||||
|
From 9c8d35f899035fa06021ab3fe6919f892c2f0c6b Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
|
||||||
|
Date: Fri, 11 Oct 2024 02:06:31 +0200
|
||||||
|
Subject: [PATCH 2/6] Added new argument to Http::One::ParseBws()
|
||||||
|
|
||||||
|
Depending on new wsp_only argument in ParseBws() it will be decided
|
||||||
|
which set of whitespaces characters will be parsed. If wsp_only is set
|
||||||
|
to true, only SP and HTAB chars will be parsed.
|
||||||
|
|
||||||
|
Also optimized number of ParseBws calls.
|
||||||
|
---
|
||||||
|
src/http/one/Parser.cc | 4 ++--
|
||||||
|
src/http/one/Parser.h | 3 ++-
|
||||||
|
src/http/one/TeChunkedParser.cc | 13 +++++++++----
|
||||||
|
src/http/one/TeChunkedParser.h | 2 +-
|
||||||
|
4 files changed, 14 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/http/one/Parser.cc b/src/http/one/Parser.cc
|
||||||
|
index b1908316a0b..01d7e3bc0e8 100644
|
||||||
|
--- a/src/http/one/Parser.cc
|
||||||
|
+++ b/src/http/one/Parser.cc
|
||||||
|
@@ -273,9 +273,9 @@ Http::One::ErrorLevel()
|
||||||
|
|
||||||
|
// BWS = *( SP / HTAB ) ; WhitespaceCharacters() may relax this RFC 7230 rule
|
||||||
|
void
|
||||||
|
-Http::One::ParseBws(Parser::Tokenizer &tok)
|
||||||
|
+Http::One::ParseBws(Parser::Tokenizer &tok, const bool wsp_only)
|
||||||
|
{
|
||||||
|
- const auto count = tok.skipAll(Parser::WhitespaceCharacters());
|
||||||
|
+ const auto count = tok.skipAll(wsp_only ? CharacterSet::WSP : Parser::WhitespaceCharacters());
|
||||||
|
|
||||||
|
if (tok.atEnd())
|
||||||
|
throw InsufficientInput(); // even if count is positive
|
||||||
|
diff --git a/src/http/one/Parser.h b/src/http/one/Parser.h
|
||||||
|
index d9a0ac8c273..08200371cd6 100644
|
||||||
|
--- a/src/http/one/Parser.h
|
||||||
|
+++ b/src/http/one/Parser.h
|
||||||
|
@@ -163,8 +163,9 @@ class Parser : public RefCountable
|
||||||
|
};
|
||||||
|
|
||||||
|
/// skips and, if needed, warns about RFC 7230 BWS ("bad" whitespace)
|
||||||
|
+/// \param wsp_only force skipping of whitespaces only, don't consider skipping relaxed delimeter chars
|
||||||
|
/// \throws InsufficientInput when the end of BWS cannot be confirmed
|
||||||
|
-void ParseBws(Parser::Tokenizer &);
|
||||||
|
+void ParseBws(Parser::Tokenizer &, const bool wsp_only = false);
|
||||||
|
|
||||||
|
/// the right debugs() level for logging HTTP violation messages
|
||||||
|
int ErrorLevel();
|
||||||
|
diff --git a/src/http/one/TeChunkedParser.cc b/src/http/one/TeChunkedParser.cc
|
||||||
|
index 04753395e16..41e1e5ddaea 100644
|
||||||
|
--- a/src/http/one/TeChunkedParser.cc
|
||||||
|
+++ b/src/http/one/TeChunkedParser.cc
|
||||||
|
@@ -125,8 +125,11 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok)
|
||||||
|
// Code becomes much simpler when incremental parsing functions throw on
|
||||||
|
// bad or insufficient input, like in the code below. TODO: Expand up.
|
||||||
|
try {
|
||||||
|
- tok.skipAll(CharacterSet::WSP); // Some servers send SP/TAB after chunk-size
|
||||||
|
- parseChunkExtensions(tok); // a possibly empty chunk-ext list
|
||||||
|
+ // A possibly empty chunk-ext list. If no chunk-ext has been found,
|
||||||
|
+ // try to skip trailing BWS, because some servers send "chunk-size BWS CRLF".
|
||||||
|
+ if (!parseChunkExtensions(tok))
|
||||||
|
+ ParseBws(tok, true);
|
||||||
|
+
|
||||||
|
tok.skipRequired("CRLF after [chunk-ext]", Http1::CrLf());
|
||||||
|
buf_ = tok.remaining();
|
||||||
|
parsingStage_ = theChunkSize ? Http1::HTTP_PARSE_CHUNK : Http1::HTTP_PARSE_MIME;
|
||||||
|
@@ -140,20 +143,22 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok)
|
||||||
|
|
||||||
|
/// Parses the chunk-ext list (RFC 9112 section 7.1.1:
|
||||||
|
/// chunk-ext = *( BWS ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] )
|
||||||
|
-void
|
||||||
|
+bool
|
||||||
|
Http::One::TeChunkedParser::parseChunkExtensions(Tokenizer &callerTok)
|
||||||
|
{
|
||||||
|
+ bool foundChunkExt = false;
|
||||||
|
do {
|
||||||
|
auto tok = callerTok;
|
||||||
|
|
||||||
|
ParseBws(tok); // Bug 4492: IBM_HTTP_Server sends SP after chunk-size
|
||||||
|
|
||||||
|
if (!tok.skip(';'))
|
||||||
|
- return; // reached the end of extensions (if any)
|
||||||
|
+ return foundChunkExt; // reached the end of extensions (if any)
|
||||||
|
|
||||||
|
parseOneChunkExtension(tok);
|
||||||
|
buf_ = tok.remaining(); // got one extension
|
||||||
|
callerTok = tok;
|
||||||
|
+ foundChunkExt = true;
|
||||||
|
} while (true);
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/src/http/one/TeChunkedParser.h b/src/http/one/TeChunkedParser.h
|
||||||
|
index 02eacd1bb89..8c5d4bb4cba 100644
|
||||||
|
--- a/src/http/one/TeChunkedParser.h
|
||||||
|
+++ b/src/http/one/TeChunkedParser.h
|
||||||
|
@@ -71,7 +71,7 @@ class TeChunkedParser : public Http1::Parser
|
||||||
|
private:
|
||||||
|
bool parseChunkSize(Tokenizer &tok);
|
||||||
|
bool parseChunkMetadataSuffix(Tokenizer &);
|
||||||
|
- void parseChunkExtensions(Tokenizer &);
|
||||||
|
+ bool parseChunkExtensions(Tokenizer &);
|
||||||
|
void parseOneChunkExtension(Tokenizer &);
|
||||||
|
bool parseChunkBody(Tokenizer &tok);
|
||||||
|
bool parseChunkEnd(Tokenizer &tok);
|
||||||
|
|
||||||
|
From 81e67f97f9c386bdd0bb4a5e182395c46adb70ad Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
|
||||||
|
Date: Fri, 11 Oct 2024 02:44:33 +0200
|
||||||
|
Subject: [PATCH 3/6] Fix typo in Parser.h
|
||||||
|
|
||||||
|
---
|
||||||
|
src/http/one/Parser.h | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/http/one/Parser.h b/src/http/one/Parser.h
|
||||||
|
index 08200371cd6..3ef4c5f7752 100644
|
||||||
|
--- a/src/http/one/Parser.h
|
||||||
|
+++ b/src/http/one/Parser.h
|
||||||
|
@@ -163,7 +163,7 @@ class Parser : public RefCountable
|
||||||
|
};
|
||||||
|
|
||||||
|
/// skips and, if needed, warns about RFC 7230 BWS ("bad" whitespace)
|
||||||
|
-/// \param wsp_only force skipping of whitespaces only, don't consider skipping relaxed delimeter chars
|
||||||
|
+/// \param wsp_only force skipping of whitespaces only, don't consider skipping relaxed delimiter chars
|
||||||
|
/// \throws InsufficientInput when the end of BWS cannot be confirmed
|
||||||
|
void ParseBws(Parser::Tokenizer &, const bool wsp_only = false);
|
||||||
|
|
||||||
|
|
||||||
|
From a0d4fe1794e605f8299a5c118c758a807453f016 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alex Rousskov <rousskov@measurement-factory.com>
|
||||||
|
Date: Thu, 10 Oct 2024 22:39:42 -0400
|
||||||
|
Subject: [PATCH 4/6] Bug 5449 is a regression of Bug 4492!
|
||||||
|
|
||||||
|
Both bugs deal with "chunk-size SP+ CRLF" use cases. Bug 4492 had _two_
|
||||||
|
spaces after chunk-size, which answers one of the PR review questions:
|
||||||
|
Should we skip just one space? No, we should not.
|
||||||
|
|
||||||
|
The lines moved around in many commits, but I believe this regression
|
||||||
|
was introduced in commit 951013d0 because that commit stopped consuming
|
||||||
|
partially parsed chunk-ext sequences. That consumption was wrong, but it
|
||||||
|
had a positive side effect -- fixing Bug 4492...
|
||||||
|
---
|
||||||
|
src/http/one/TeChunkedParser.cc | 10 +++++-----
|
||||||
|
1 file changed, 5 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/http/one/TeChunkedParser.cc b/src/http/one/TeChunkedParser.cc
|
||||||
|
index 41e1e5ddaea..aa4a840fdcf 100644
|
||||||
|
--- a/src/http/one/TeChunkedParser.cc
|
||||||
|
+++ b/src/http/one/TeChunkedParser.cc
|
||||||
|
@@ -125,10 +125,10 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok)
|
||||||
|
// Code becomes much simpler when incremental parsing functions throw on
|
||||||
|
// bad or insufficient input, like in the code below. TODO: Expand up.
|
||||||
|
try {
|
||||||
|
- // A possibly empty chunk-ext list. If no chunk-ext has been found,
|
||||||
|
- // try to skip trailing BWS, because some servers send "chunk-size BWS CRLF".
|
||||||
|
- if (!parseChunkExtensions(tok))
|
||||||
|
- ParseBws(tok, true);
|
||||||
|
+ // Bug 4492: IBM_HTTP_Server sends SP after chunk-size
|
||||||
|
+ ParseBws(tok, true);
|
||||||
|
+
|
||||||
|
+ parseChunkExtensions(tok);
|
||||||
|
|
||||||
|
tok.skipRequired("CRLF after [chunk-ext]", Http1::CrLf());
|
||||||
|
buf_ = tok.remaining();
|
||||||
|
@@ -150,7 +150,7 @@ Http::One::TeChunkedParser::parseChunkExtensions(Tokenizer &callerTok)
|
||||||
|
do {
|
||||||
|
auto tok = callerTok;
|
||||||
|
|
||||||
|
- ParseBws(tok); // Bug 4492: IBM_HTTP_Server sends SP after chunk-size
|
||||||
|
+ ParseBws(tok);
|
||||||
|
|
||||||
|
if (!tok.skip(';'))
|
||||||
|
return foundChunkExt; // reached the end of extensions (if any)
|
||||||
|
|
||||||
|
From f837f5ff61301a17008f16ce1fb793c2abf19786 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alex Rousskov <rousskov@measurement-factory.com>
|
||||||
|
Date: Thu, 10 Oct 2024 23:06:42 -0400
|
||||||
|
Subject: [PATCH 5/6] fixup: Fewer conditionals/ifs and more explicit spelling
|
||||||
|
|
||||||
|
... to draw code reader attention when something unusual is going on.
|
||||||
|
---
|
||||||
|
src/http/one/Parser.cc | 22 ++++++++++++++++++----
|
||||||
|
src/http/one/Parser.h | 10 ++++++++--
|
||||||
|
src/http/one/TeChunkedParser.cc | 14 ++++++--------
|
||||||
|
src/http/one/TeChunkedParser.h | 2 +-
|
||||||
|
4 files changed, 33 insertions(+), 15 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/http/one/Parser.cc b/src/http/one/Parser.cc
|
||||||
|
index 01d7e3bc0e8..d3937e5e96b 100644
|
||||||
|
--- a/src/http/one/Parser.cc
|
||||||
|
+++ b/src/http/one/Parser.cc
|
||||||
|
@@ -271,11 +271,12 @@ Http::One::ErrorLevel()
|
||||||
|
return Config.onoff.relaxed_header_parser < 0 ? DBG_IMPORTANT : 5;
|
||||||
|
}
|
||||||
|
|
||||||
|
-// BWS = *( SP / HTAB ) ; WhitespaceCharacters() may relax this RFC 7230 rule
|
||||||
|
-void
|
||||||
|
-Http::One::ParseBws(Parser::Tokenizer &tok, const bool wsp_only)
|
||||||
|
+/// common part of ParseBws() and ParseStrctBws()
|
||||||
|
+namespace Http::One {
|
||||||
|
+static void
|
||||||
|
+ParseBws_(Parser::Tokenizer &tok, const CharacterSet &bwsChars)
|
||||||
|
{
|
||||||
|
- const auto count = tok.skipAll(wsp_only ? CharacterSet::WSP : Parser::WhitespaceCharacters());
|
||||||
|
+ const auto count = tok.skipAll(bwsChars);
|
||||||
|
|
||||||
|
if (tok.atEnd())
|
||||||
|
throw InsufficientInput(); // even if count is positive
|
||||||
|
@@ -290,4 +291,17 @@ Http::One::ParseBws(Parser::Tokenizer &tok, const bool wsp_only)
|
||||||
|
|
||||||
|
// success: no more BWS characters expected
|
||||||
|
}
|
||||||
|
+} // namespace Http::One
|
||||||
|
+
|
||||||
|
+void
|
||||||
|
+Http::One::ParseBws(Parser::Tokenizer &tok)
|
||||||
|
+{
|
||||||
|
+ ParseBws_(tok, CharacterSet::WSP);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void
|
||||||
|
+Http::One::ParseStrictBws(Parser::Tokenizer &tok)
|
||||||
|
+{
|
||||||
|
+ ParseBws_(tok, Parser::WhitespaceCharacters());
|
||||||
|
+}
|
||||||
|
|
||||||
|
diff --git a/src/http/one/Parser.h b/src/http/one/Parser.h
|
||||||
|
index 3ef4c5f7752..49e399de546 100644
|
||||||
|
--- a/src/http/one/Parser.h
|
||||||
|
+++ b/src/http/one/Parser.h
|
||||||
|
@@ -163,9 +163,15 @@ class Parser : public RefCountable
|
||||||
|
};
|
||||||
|
|
||||||
|
/// skips and, if needed, warns about RFC 7230 BWS ("bad" whitespace)
|
||||||
|
-/// \param wsp_only force skipping of whitespaces only, don't consider skipping relaxed delimiter chars
|
||||||
|
/// \throws InsufficientInput when the end of BWS cannot be confirmed
|
||||||
|
-void ParseBws(Parser::Tokenizer &, const bool wsp_only = false);
|
||||||
|
+/// \sa WhitespaceCharacters() for the definition of BWS characters
|
||||||
|
+/// \sa ParseStrictBws() that avoids WhitespaceCharacters() uncertainties
|
||||||
|
+void ParseBws(Parser::Tokenizer &);
|
||||||
|
+
|
||||||
|
+/// Like ParseBws() but only skips CharacterSet::WSP characters. This variation
|
||||||
|
+/// must be used if the next element may start with CR or any other character
|
||||||
|
+/// from RelaxedDelimiterCharacters().
|
||||||
|
+void ParseStrictBws(Parser::Tokenizer &);
|
||||||
|
|
||||||
|
/// the right debugs() level for logging HTTP violation messages
|
||||||
|
int ErrorLevel();
|
||||||
|
diff --git a/src/http/one/TeChunkedParser.cc b/src/http/one/TeChunkedParser.cc
|
||||||
|
index aa4a840fdcf..859471b8c77 100644
|
||||||
|
--- a/src/http/one/TeChunkedParser.cc
|
||||||
|
+++ b/src/http/one/TeChunkedParser.cc
|
||||||
|
@@ -125,11 +125,11 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok)
|
||||||
|
// Code becomes much simpler when incremental parsing functions throw on
|
||||||
|
// bad or insufficient input, like in the code below. TODO: Expand up.
|
||||||
|
try {
|
||||||
|
- // Bug 4492: IBM_HTTP_Server sends SP after chunk-size
|
||||||
|
- ParseBws(tok, true);
|
||||||
|
-
|
||||||
|
- parseChunkExtensions(tok);
|
||||||
|
+ // Bug 4492: IBM_HTTP_Server sends SP after chunk-size.
|
||||||
|
+ // No ParseBws() here because it may consume CR required further below.
|
||||||
|
+ ParseStrictBws(tok);
|
||||||
|
|
||||||
|
+ parseChunkExtensions(tok); // a possibly empty chunk-ext list
|
||||||
|
tok.skipRequired("CRLF after [chunk-ext]", Http1::CrLf());
|
||||||
|
buf_ = tok.remaining();
|
||||||
|
parsingStage_ = theChunkSize ? Http1::HTTP_PARSE_CHUNK : Http1::HTTP_PARSE_MIME;
|
||||||
|
@@ -143,22 +143,20 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok)
|
||||||
|
|
||||||
|
/// Parses the chunk-ext list (RFC 9112 section 7.1.1:
|
||||||
|
/// chunk-ext = *( BWS ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] )
|
||||||
|
-bool
|
||||||
|
+void
|
||||||
|
Http::One::TeChunkedParser::parseChunkExtensions(Tokenizer &callerTok)
|
||||||
|
{
|
||||||
|
- bool foundChunkExt = false;
|
||||||
|
do {
|
||||||
|
auto tok = callerTok;
|
||||||
|
|
||||||
|
ParseBws(tok);
|
||||||
|
|
||||||
|
if (!tok.skip(';'))
|
||||||
|
- return foundChunkExt; // reached the end of extensions (if any)
|
||||||
|
+ return; // reached the end of extensions (if any)
|
||||||
|
|
||||||
|
parseOneChunkExtension(tok);
|
||||||
|
buf_ = tok.remaining(); // got one extension
|
||||||
|
callerTok = tok;
|
||||||
|
- foundChunkExt = true;
|
||||||
|
} while (true);
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/src/http/one/TeChunkedParser.h b/src/http/one/TeChunkedParser.h
|
||||||
|
index 8c5d4bb4cba..02eacd1bb89 100644
|
||||||
|
--- a/src/http/one/TeChunkedParser.h
|
||||||
|
+++ b/src/http/one/TeChunkedParser.h
|
||||||
|
@@ -71,7 +71,7 @@ class TeChunkedParser : public Http1::Parser
|
||||||
|
private:
|
||||||
|
bool parseChunkSize(Tokenizer &tok);
|
||||||
|
bool parseChunkMetadataSuffix(Tokenizer &);
|
||||||
|
- bool parseChunkExtensions(Tokenizer &);
|
||||||
|
+ void parseChunkExtensions(Tokenizer &);
|
||||||
|
void parseOneChunkExtension(Tokenizer &);
|
||||||
|
bool parseChunkBody(Tokenizer &tok);
|
||||||
|
bool parseChunkEnd(Tokenizer &tok);
|
||||||
|
|
||||||
|
From f79936a234e722adb2dd08f31cf6019d81ee712c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alex Rousskov <rousskov@measurement-factory.com>
|
||||||
|
Date: Thu, 10 Oct 2024 23:31:08 -0400
|
||||||
|
Subject: [PATCH 6/6] fixup: Deadly typo
|
||||||
|
|
||||||
|
---
|
||||||
|
src/http/one/Parser.cc | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/http/one/Parser.cc b/src/http/one/Parser.cc
|
||||||
|
index d3937e5e96b..7403a9163a2 100644
|
||||||
|
--- a/src/http/one/Parser.cc
|
||||||
|
+++ b/src/http/one/Parser.cc
|
||||||
|
@@ -296,12 +296,12 @@ ParseBws_(Parser::Tokenizer &tok, const CharacterSet &bwsChars)
|
||||||
|
void
|
||||||
|
Http::One::ParseBws(Parser::Tokenizer &tok)
|
||||||
|
{
|
||||||
|
- ParseBws_(tok, CharacterSet::WSP);
|
||||||
|
+ ParseBws_(tok, Parser::WhitespaceCharacters());
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
Http::One::ParseStrictBws(Parser::Tokenizer &tok)
|
||||||
|
{
|
||||||
|
- ParseBws_(tok, Parser::WhitespaceCharacters());
|
||||||
|
+ ParseBws_(tok, CharacterSet::WSP);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
@ -0,0 +1,17 @@
|
|||||||
|
File: squid-6.10.tar.xz
|
||||||
|
Date: Sat Jun 8 02:53:29 PM UTC 2024
|
||||||
|
Size: 2558208
|
||||||
|
MD5 : 86deefa7282c4388be95260aa4d4cf6a
|
||||||
|
SHA1: 70e90865df0e4e9ba7765b622da40bda9bb8fc5d
|
||||||
|
Key : 29B4B1F7CE03D1B1DED22F3028F85029FEF6E865 <kinkie@squid-cache.org>
|
||||||
|
29B4 B1F7 CE03 D1B1 DED2 2F30 28F8 5029 FEF6 E865
|
||||||
|
sub cv25519 2021-05-15 [E]
|
||||||
|
keyring = http://www.squid-cache.org/pgp.asc
|
||||||
|
keyserver = pool.sks-keyservers.net
|
||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iHUEABYKAB0WIQQptLH3zgPRsd7SLzAo+FAp/vboZQUCZmRwewAKCRAo+FAp/vbo
|
||||||
|
ZZV0AP0WDdXJFarEEYCSXSv/zT1l0FrI8jLQCT3Rsp6nTbWxfwD/VYmUMDetPLPJ
|
||||||
|
GYHJNrRm7OceMQcsqhQIz6X71SR9AQs=
|
||||||
|
=4HPC
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -0,0 +1,15 @@
|
|||||||
|
/var/log/squid/*.log {
|
||||||
|
weekly
|
||||||
|
rotate 5
|
||||||
|
compress
|
||||||
|
delaycompress
|
||||||
|
notifempty
|
||||||
|
missingok
|
||||||
|
nocreate
|
||||||
|
sharedscripts
|
||||||
|
postrotate
|
||||||
|
# Asks squid to reopen its logs. (logfile_rotate 0 is set in squid.conf)
|
||||||
|
# errors redirected to make it silent if squid is not running
|
||||||
|
/usr/sbin/squid -k rotate 2>/dev/null
|
||||||
|
endscript
|
||||||
|
}
|
@ -0,0 +1,7 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
case "$2" in
|
||||||
|
up|down|vpn-up|vpn-down)
|
||||||
|
/usr/bin/systemctl -q reload squid.service || :
|
||||||
|
;;
|
||||||
|
esac
|
@ -0,0 +1,3 @@
|
|||||||
|
#%PAM-1.0
|
||||||
|
auth include password-auth
|
||||||
|
account include password-auth
|
@ -0,0 +1,18 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Squid caching proxy
|
||||||
|
Documentation=man:squid(8)
|
||||||
|
After=network.target network-online.target nss-lookup.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=notify
|
||||||
|
LimitNOFILE=16384
|
||||||
|
PIDFile=/run/squid.pid
|
||||||
|
EnvironmentFile=/etc/sysconfig/squid
|
||||||
|
ExecStartPre=/usr/libexec/squid/cache_swap.sh
|
||||||
|
ExecStart=/usr/sbin/squid --foreground $SQUID_OPTS -f ${SQUID_CONF}
|
||||||
|
ExecReload=/usr/bin/kill -HUP $MAINPID
|
||||||
|
KillMode=mixed
|
||||||
|
NotifyAccess=all
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
@ -0,0 +1,5 @@
|
|||||||
|
# default squid options
|
||||||
|
SQUID_OPTS=""
|
||||||
|
|
||||||
|
# default squid conf file
|
||||||
|
SQUID_CONF="/etc/squid/squid.conf"
|
@ -0,0 +1,2 @@
|
|||||||
|
g squid 23 -
|
||||||
|
u squid 23 "Squid proxy user" /var/spool/squid /sbin/nologin
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in new issue