commit
8d8da22aa0
@ -0,0 +1 @@
|
||||
SOURCES/squid-6.10.tar.xz
|
@ -0,0 +1 @@
|
||||
70e90865df0e4e9ba7765b622da40bda9bb8fc5d SOURCES/squid-6.10.tar.xz
|
@ -0,0 +1,21 @@
|
||||
#!/bin/bash
|
||||
if [ -f /etc/sysconfig/squid ]; then
|
||||
. /etc/sysconfig/squid
|
||||
fi
|
||||
|
||||
SQUID_CONF=${SQUID_CONF:-"/etc/squid/squid.conf"}
|
||||
|
||||
CACHE_SWAP=`awk '/^[[:blank:]]*cache_dir/ { print $3 }' "$SQUID_CONF"`
|
||||
|
||||
init_cache_dirs=0
|
||||
for adir in $CACHE_SWAP; do
|
||||
if [ ! -d $adir/00 ]; then
|
||||
echo -n "init_cache_dir $adir... "
|
||||
init_cache_dirs=1
|
||||
fi
|
||||
done
|
||||
|
||||
if [ $init_cache_dirs -ne 0 ]; then
|
||||
echo ""
|
||||
squid --foreground -z -f "$SQUID_CONF" >> /var/log/squid/squid.out 2>&1
|
||||
fi
|
@ -0,0 +1,3 @@
|
||||
#!/bin/sh
|
||||
|
||||
/usr/lib/rpm/perl.req $* | grep -v "Authen::Smb"
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,27 @@
|
||||
diff --git a/src/cf.data.pre b/src/cf.data.pre
|
||||
index 44aa34d..12225bc 100644
|
||||
--- a/src/cf.data.pre
|
||||
+++ b/src/cf.data.pre
|
||||
@@ -5453,7 +5453,7 @@ DOC_END
|
||||
|
||||
NAME: logfile_rotate
|
||||
TYPE: int
|
||||
-DEFAULT: 10
|
||||
+DEFAULT: 0
|
||||
LOC: Config.Log.rotateNumber
|
||||
DOC_START
|
||||
Specifies the default number of logfile rotations to make when you
|
||||
@@ -7447,11 +7447,11 @@ COMMENT_END
|
||||
|
||||
NAME: cache_mgr
|
||||
TYPE: string
|
||||
-DEFAULT: webmaster
|
||||
+DEFAULT: root
|
||||
LOC: Config.adminEmail
|
||||
DOC_START
|
||||
Email-address of local cache manager who will receive
|
||||
- mail if the cache dies. The default is "webmaster".
|
||||
+ mail if the cache dies. The default is "root".
|
||||
DOC_END
|
||||
|
||||
NAME: mail_from
|
@ -0,0 +1,158 @@
|
||||
diff --git a/src/client_side.cc b/src/client_side.cc
|
||||
index f488fc4..69586df 100644
|
||||
--- a/src/client_side.cc
|
||||
+++ b/src/client_side.cc
|
||||
@@ -932,7 +932,7 @@ ConnStateData::kick()
|
||||
* We are done with the response, and we are either still receiving request
|
||||
* body (early response!) or have already stopped receiving anything.
|
||||
*
|
||||
- * If we are still receiving, then clientParseRequest() below will fail.
|
||||
+ * If we are still receiving, then parseRequests() below will fail.
|
||||
* (XXX: but then we will call readNextRequest() which may succeed and
|
||||
* execute a smuggled request as we are not done with the current request).
|
||||
*
|
||||
@@ -952,28 +952,12 @@ ConnStateData::kick()
|
||||
* Attempt to parse a request from the request buffer.
|
||||
* If we've been fed a pipelined request it may already
|
||||
* be in our read buffer.
|
||||
- *
|
||||
- \par
|
||||
- * This needs to fall through - if we're unlucky and parse the _last_ request
|
||||
- * from our read buffer we may never re-register for another client read.
|
||||
*/
|
||||
|
||||
- if (clientParseRequests()) {
|
||||
- debugs(33, 3, clientConnection << ": parsed next request from buffer");
|
||||
- }
|
||||
+ parseRequests();
|
||||
|
||||
- /** \par
|
||||
- * Either we need to kick-start another read or, if we have
|
||||
- * a half-closed connection, kill it after the last request.
|
||||
- * This saves waiting for half-closed connections to finished being
|
||||
- * half-closed _AND_ then, sometimes, spending "Timeout" time in
|
||||
- * the keepalive "Waiting for next request" state.
|
||||
- */
|
||||
- if (commIsHalfClosed(clientConnection->fd) && pipeline.empty()) {
|
||||
- debugs(33, 3, "half-closed client with no pending requests, closing");
|
||||
- clientConnection->close();
|
||||
+ if (!isOpen())
|
||||
return;
|
||||
- }
|
||||
|
||||
/** \par
|
||||
* At this point we either have a parsed request (which we've
|
||||
@@ -1893,16 +1877,11 @@ ConnStateData::receivedFirstByte()
|
||||
resetReadTimeout(Config.Timeout.request);
|
||||
}
|
||||
|
||||
-/**
|
||||
- * Attempt to parse one or more requests from the input buffer.
|
||||
- * Returns true after completing parsing of at least one request [header]. That
|
||||
- * includes cases where parsing ended with an error (e.g., a huge request).
|
||||
- */
|
||||
-bool
|
||||
-ConnStateData::clientParseRequests()
|
||||
+/// Attempt to parse one or more requests from the input buffer.
|
||||
+/// May close the connection.
|
||||
+void
|
||||
+ConnStateData::parseRequests()
|
||||
{
|
||||
- bool parsed_req = false;
|
||||
-
|
||||
debugs(33, 5, clientConnection << ": attempting to parse");
|
||||
|
||||
// Loop while we have read bytes that are not needed for producing the body
|
||||
@@ -1947,8 +1926,6 @@ ConnStateData::clientParseRequests()
|
||||
|
||||
processParsedRequest(context);
|
||||
|
||||
- parsed_req = true; // XXX: do we really need to parse everything right NOW ?
|
||||
-
|
||||
if (context->mayUseConnection()) {
|
||||
debugs(33, 3, "Not parsing new requests, as this request may need the connection");
|
||||
break;
|
||||
@@ -1961,8 +1938,19 @@ ConnStateData::clientParseRequests()
|
||||
}
|
||||
}
|
||||
|
||||
- /* XXX where to 'finish' the parsing pass? */
|
||||
- return parsed_req;
|
||||
+ debugs(33, 7, "buffered leftovers: " << inBuf.length());
|
||||
+
|
||||
+ if (isOpen() && commIsHalfClosed(clientConnection->fd)) {
|
||||
+ if (pipeline.empty()) {
|
||||
+ // we processed what we could parse, and no more data is coming
|
||||
+ debugs(33, 5, "closing half-closed without parsed requests: " << clientConnection);
|
||||
+ clientConnection->close();
|
||||
+ } else {
|
||||
+ // we parsed what we could, and no more data is coming
|
||||
+ debugs(33, 5, "monitoring half-closed while processing parsed requests: " << clientConnection);
|
||||
+ flags.readMore = false; // may already be false
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
|
||||
void
|
||||
@@ -1979,18 +1967,7 @@ ConnStateData::afterClientRead()
|
||||
if (pipeline.empty())
|
||||
fd_note(clientConnection->fd, "Reading next request");
|
||||
|
||||
- if (!clientParseRequests()) {
|
||||
- if (!isOpen())
|
||||
- return;
|
||||
- // We may get here if the client half-closed after sending a partial
|
||||
- // request. See doClientRead() and shouldCloseOnEof().
|
||||
- // XXX: This partially duplicates ConnStateData::kick().
|
||||
- if (pipeline.empty() && commIsHalfClosed(clientConnection->fd)) {
|
||||
- debugs(33, 5, clientConnection << ": half-closed connection, no completed request parsed, connection closing.");
|
||||
- clientConnection->close();
|
||||
- return;
|
||||
- }
|
||||
- }
|
||||
+ parseRequests();
|
||||
|
||||
if (!isOpen())
|
||||
return;
|
||||
@@ -3775,7 +3752,7 @@ ConnStateData::notePinnedConnectionBecameIdle(PinnedIdleContext pic)
|
||||
startPinnedConnectionMonitoring();
|
||||
|
||||
if (pipeline.empty())
|
||||
- kick(); // in case clientParseRequests() was blocked by a busy pic.connection
|
||||
+ kick(); // in case parseRequests() was blocked by a busy pic.connection
|
||||
}
|
||||
|
||||
/// Forward future client requests using the given server connection.
|
||||
diff --git a/src/client_side.h b/src/client_side.h
|
||||
index 6027b31..60b99b1 100644
|
||||
--- a/src/client_side.h
|
||||
+++ b/src/client_side.h
|
||||
@@ -98,7 +98,6 @@ public:
|
||||
void doneWithControlMsg() override;
|
||||
|
||||
/// Traffic parsing
|
||||
- bool clientParseRequests();
|
||||
void readNextRequest();
|
||||
|
||||
/// try to make progress on a transaction or read more I/O
|
||||
@@ -443,6 +442,7 @@ private:
|
||||
|
||||
void checkLogging();
|
||||
|
||||
+ void parseRequests();
|
||||
void clientAfterReadingRequests();
|
||||
bool concurrentRequestQueueFilled() const;
|
||||
|
||||
diff --git a/src/tests/stub_client_side.cc b/src/tests/stub_client_side.cc
|
||||
index 8c160e5..f49d5dc 100644
|
||||
--- a/src/tests/stub_client_side.cc
|
||||
+++ b/src/tests/stub_client_side.cc
|
||||
@@ -14,7 +14,7 @@
|
||||
#include "tests/STUB.h"
|
||||
|
||||
#include "client_side.h"
|
||||
-bool ConnStateData::clientParseRequests() STUB_RETVAL(false)
|
||||
+void ConnStateData::parseRequests() STUB
|
||||
void ConnStateData::readNextRequest() STUB
|
||||
bool ConnStateData::isOpen() const STUB_RETVAL(false)
|
||||
void ConnStateData::kick() STUB
|
@ -0,0 +1,32 @@
|
||||
diff -up squid-3.1.0.9/QUICKSTART.location squid-3.1.0.9/QUICKSTART
|
||||
--- squid-3.1.0.9/QUICKSTART.location 2009-06-26 12:35:27.000000000 +0200
|
||||
+++ squid-3.1.0.9/QUICKSTART 2009-07-17 14:03:10.000000000 +0200
|
||||
@@ -10,10 +10,9 @@ After you retrieved, compiled and instal
|
||||
INSTALL in the same directory), you have to configure the squid.conf
|
||||
file. This is the list of the values you *need* to change, because no
|
||||
sensible defaults could be defined. Do not touch the other variables
|
||||
-for now. We assume you have installed Squid in the default location:
|
||||
-/usr/local/squid
|
||||
+for now.
|
||||
|
||||
-Uncomment and edit the following lines in /usr/local/squid/etc/squid.conf:
|
||||
+Uncomment and edit the following lines in /etc/squid/squid.conf:
|
||||
|
||||
==============================================================================
|
||||
|
||||
@@ -82,12 +81,12 @@ After editing squid.conf to your liking,
|
||||
line TWICE:
|
||||
|
||||
To create any disk cache_dir configured:
|
||||
- % /usr/local/squid/sbin/squid -z
|
||||
+ % /usr/sbin/squid -z
|
||||
|
||||
To start squid:
|
||||
- % /usr/local/squid/sbin/squid
|
||||
+ % /usr/sbin/squid
|
||||
|
||||
-Check in the cache.log (/usr/local/squid/var/logs/cache.log) that
|
||||
+Check in the cache.log (/var/log/squid/cache.log) that
|
||||
everything is all right.
|
||||
|
||||
Once Squid created all its files (it can take several minutes on some
|
@ -0,0 +1,10 @@
|
||||
diff --git a/contrib/url-normalizer.pl b/contrib/url-normalizer.pl
|
||||
index e965e9e..ed5ffcb 100755
|
||||
--- a/contrib/url-normalizer.pl
|
||||
+++ b/contrib/url-normalizer.pl
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/local/bin/perl -Tw
|
||||
+#!/usr/bin/perl -Tw
|
||||
#
|
||||
# * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
|
||||
# *
|
@ -0,0 +1,26 @@
|
||||
diff --git a/errors/aliases b/errors/aliases
|
||||
index c256106..38c123a 100644
|
||||
--- a/errors/aliases
|
||||
+++ b/errors/aliases
|
||||
@@ -14,8 +14,7 @@ da da-dk
|
||||
de de-at de-ch de-de de-li de-lu
|
||||
el el-gr
|
||||
en en-au en-bz en-ca en-cn en-gb en-ie en-in en-jm en-nz en-ph en-sg en-tt en-uk en-us en-za en-zw
|
||||
-es es-ar es-bo es-cl es-cu es-co es-do es-ec es-es es-pe es-pr es-py es-us es-uy es-ve es-xl spq
|
||||
-es-mx es-bz es-cr es-gt es-hn es-ni es-pa es-sv
|
||||
+es es-ar es-bo es-cl es-co es-cr es-do es-ec es-es es-gt es-hn es-mx es-ni es-pa es-pe es-pr es-py es-sv es-us es-uy es-ve es-xl
|
||||
et et-ee
|
||||
fa fa-fa fa-ir
|
||||
fi fi-fi
|
||||
diff --git a/errors/language.am b/errors/language.am
|
||||
index a437d17..f2fe463 100644
|
||||
--- a/errors/language.am
|
||||
+++ b/errors/language.am
|
||||
@@ -19,7 +19,6 @@ LANGUAGE_FILES = \
|
||||
de.lang \
|
||||
el.lang \
|
||||
en.lang \
|
||||
- es-mx.lang \
|
||||
es.lang \
|
||||
et.lang \
|
||||
fa.lang \
|
@ -0,0 +1,367 @@
|
||||
From 8d0ee420a4d91ac7fd97316338f1e28b4b060cbf Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
|
||||
Date: Thu, 10 Oct 2024 19:26:27 +0200
|
||||
Subject: [PATCH 1/6] Ignore whitespace chars after chunk-size
|
||||
|
||||
Previously (before #1498 change), squid was accepting TE-chunked replies
|
||||
with whitespaces after chunk-size and missing chunk-ext data. After
|
||||
|
||||
It turned out that replies with such whitespace chars are pretty
|
||||
common and other webservers which can act as forward proxies (e.g.
|
||||
nginx, httpd...) are accepting them.
|
||||
|
||||
This change will allow to proxy chunked responses from origin server,
|
||||
which had whitespaces inbetween chunk-size and CRLF.
|
||||
---
|
||||
src/http/one/TeChunkedParser.cc | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/http/one/TeChunkedParser.cc b/src/http/one/TeChunkedParser.cc
|
||||
index 9cce10fdc91..04753395e16 100644
|
||||
--- a/src/http/one/TeChunkedParser.cc
|
||||
+++ b/src/http/one/TeChunkedParser.cc
|
||||
@@ -125,6 +125,7 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok)
|
||||
// Code becomes much simpler when incremental parsing functions throw on
|
||||
// bad or insufficient input, like in the code below. TODO: Expand up.
|
||||
try {
|
||||
+ tok.skipAll(CharacterSet::WSP); // Some servers send SP/TAB after chunk-size
|
||||
parseChunkExtensions(tok); // a possibly empty chunk-ext list
|
||||
tok.skipRequired("CRLF after [chunk-ext]", Http1::CrLf());
|
||||
buf_ = tok.remaining();
|
||||
|
||||
From 9c8d35f899035fa06021ab3fe6919f892c2f0c6b Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
|
||||
Date: Fri, 11 Oct 2024 02:06:31 +0200
|
||||
Subject: [PATCH 2/6] Added new argument to Http::One::ParseBws()
|
||||
|
||||
Depending on new wsp_only argument in ParseBws() it will be decided
|
||||
which set of whitespaces characters will be parsed. If wsp_only is set
|
||||
to true, only SP and HTAB chars will be parsed.
|
||||
|
||||
Also optimized number of ParseBws calls.
|
||||
---
|
||||
src/http/one/Parser.cc | 4 ++--
|
||||
src/http/one/Parser.h | 3 ++-
|
||||
src/http/one/TeChunkedParser.cc | 13 +++++++++----
|
||||
src/http/one/TeChunkedParser.h | 2 +-
|
||||
4 files changed, 14 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/src/http/one/Parser.cc b/src/http/one/Parser.cc
|
||||
index b1908316a0b..01d7e3bc0e8 100644
|
||||
--- a/src/http/one/Parser.cc
|
||||
+++ b/src/http/one/Parser.cc
|
||||
@@ -273,9 +273,9 @@ Http::One::ErrorLevel()
|
||||
|
||||
// BWS = *( SP / HTAB ) ; WhitespaceCharacters() may relax this RFC 7230 rule
|
||||
void
|
||||
-Http::One::ParseBws(Parser::Tokenizer &tok)
|
||||
+Http::One::ParseBws(Parser::Tokenizer &tok, const bool wsp_only)
|
||||
{
|
||||
- const auto count = tok.skipAll(Parser::WhitespaceCharacters());
|
||||
+ const auto count = tok.skipAll(wsp_only ? CharacterSet::WSP : Parser::WhitespaceCharacters());
|
||||
|
||||
if (tok.atEnd())
|
||||
throw InsufficientInput(); // even if count is positive
|
||||
diff --git a/src/http/one/Parser.h b/src/http/one/Parser.h
|
||||
index d9a0ac8c273..08200371cd6 100644
|
||||
--- a/src/http/one/Parser.h
|
||||
+++ b/src/http/one/Parser.h
|
||||
@@ -163,8 +163,9 @@ class Parser : public RefCountable
|
||||
};
|
||||
|
||||
/// skips and, if needed, warns about RFC 7230 BWS ("bad" whitespace)
|
||||
+/// \param wsp_only force skipping of whitespaces only, don't consider skipping relaxed delimeter chars
|
||||
/// \throws InsufficientInput when the end of BWS cannot be confirmed
|
||||
-void ParseBws(Parser::Tokenizer &);
|
||||
+void ParseBws(Parser::Tokenizer &, const bool wsp_only = false);
|
||||
|
||||
/// the right debugs() level for logging HTTP violation messages
|
||||
int ErrorLevel();
|
||||
diff --git a/src/http/one/TeChunkedParser.cc b/src/http/one/TeChunkedParser.cc
|
||||
index 04753395e16..41e1e5ddaea 100644
|
||||
--- a/src/http/one/TeChunkedParser.cc
|
||||
+++ b/src/http/one/TeChunkedParser.cc
|
||||
@@ -125,8 +125,11 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok)
|
||||
// Code becomes much simpler when incremental parsing functions throw on
|
||||
// bad or insufficient input, like in the code below. TODO: Expand up.
|
||||
try {
|
||||
- tok.skipAll(CharacterSet::WSP); // Some servers send SP/TAB after chunk-size
|
||||
- parseChunkExtensions(tok); // a possibly empty chunk-ext list
|
||||
+ // A possibly empty chunk-ext list. If no chunk-ext has been found,
|
||||
+ // try to skip trailing BWS, because some servers send "chunk-size BWS CRLF".
|
||||
+ if (!parseChunkExtensions(tok))
|
||||
+ ParseBws(tok, true);
|
||||
+
|
||||
tok.skipRequired("CRLF after [chunk-ext]", Http1::CrLf());
|
||||
buf_ = tok.remaining();
|
||||
parsingStage_ = theChunkSize ? Http1::HTTP_PARSE_CHUNK : Http1::HTTP_PARSE_MIME;
|
||||
@@ -140,20 +143,22 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok)
|
||||
|
||||
/// Parses the chunk-ext list (RFC 9112 section 7.1.1:
|
||||
/// chunk-ext = *( BWS ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] )
|
||||
-void
|
||||
+bool
|
||||
Http::One::TeChunkedParser::parseChunkExtensions(Tokenizer &callerTok)
|
||||
{
|
||||
+ bool foundChunkExt = false;
|
||||
do {
|
||||
auto tok = callerTok;
|
||||
|
||||
ParseBws(tok); // Bug 4492: IBM_HTTP_Server sends SP after chunk-size
|
||||
|
||||
if (!tok.skip(';'))
|
||||
- return; // reached the end of extensions (if any)
|
||||
+ return foundChunkExt; // reached the end of extensions (if any)
|
||||
|
||||
parseOneChunkExtension(tok);
|
||||
buf_ = tok.remaining(); // got one extension
|
||||
callerTok = tok;
|
||||
+ foundChunkExt = true;
|
||||
} while (true);
|
||||
}
|
||||
|
||||
diff --git a/src/http/one/TeChunkedParser.h b/src/http/one/TeChunkedParser.h
|
||||
index 02eacd1bb89..8c5d4bb4cba 100644
|
||||
--- a/src/http/one/TeChunkedParser.h
|
||||
+++ b/src/http/one/TeChunkedParser.h
|
||||
@@ -71,7 +71,7 @@ class TeChunkedParser : public Http1::Parser
|
||||
private:
|
||||
bool parseChunkSize(Tokenizer &tok);
|
||||
bool parseChunkMetadataSuffix(Tokenizer &);
|
||||
- void parseChunkExtensions(Tokenizer &);
|
||||
+ bool parseChunkExtensions(Tokenizer &);
|
||||
void parseOneChunkExtension(Tokenizer &);
|
||||
bool parseChunkBody(Tokenizer &tok);
|
||||
bool parseChunkEnd(Tokenizer &tok);
|
||||
|
||||
From 81e67f97f9c386bdd0bb4a5e182395c46adb70ad Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
|
||||
Date: Fri, 11 Oct 2024 02:44:33 +0200
|
||||
Subject: [PATCH 3/6] Fix typo in Parser.h
|
||||
|
||||
---
|
||||
src/http/one/Parser.h | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/http/one/Parser.h b/src/http/one/Parser.h
|
||||
index 08200371cd6..3ef4c5f7752 100644
|
||||
--- a/src/http/one/Parser.h
|
||||
+++ b/src/http/one/Parser.h
|
||||
@@ -163,7 +163,7 @@ class Parser : public RefCountable
|
||||
};
|
||||
|
||||
/// skips and, if needed, warns about RFC 7230 BWS ("bad" whitespace)
|
||||
-/// \param wsp_only force skipping of whitespaces only, don't consider skipping relaxed delimeter chars
|
||||
+/// \param wsp_only force skipping of whitespaces only, don't consider skipping relaxed delimiter chars
|
||||
/// \throws InsufficientInput when the end of BWS cannot be confirmed
|
||||
void ParseBws(Parser::Tokenizer &, const bool wsp_only = false);
|
||||
|
||||
|
||||
From a0d4fe1794e605f8299a5c118c758a807453f016 Mon Sep 17 00:00:00 2001
|
||||
From: Alex Rousskov <rousskov@measurement-factory.com>
|
||||
Date: Thu, 10 Oct 2024 22:39:42 -0400
|
||||
Subject: [PATCH 4/6] Bug 5449 is a regression of Bug 4492!
|
||||
|
||||
Both bugs deal with "chunk-size SP+ CRLF" use cases. Bug 4492 had _two_
|
||||
spaces after chunk-size, which answers one of the PR review questions:
|
||||
Should we skip just one space? No, we should not.
|
||||
|
||||
The lines moved around in many commits, but I believe this regression
|
||||
was introduced in commit 951013d0 because that commit stopped consuming
|
||||
partially parsed chunk-ext sequences. That consumption was wrong, but it
|
||||
had a positive side effect -- fixing Bug 4492...
|
||||
---
|
||||
src/http/one/TeChunkedParser.cc | 10 +++++-----
|
||||
1 file changed, 5 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/http/one/TeChunkedParser.cc b/src/http/one/TeChunkedParser.cc
|
||||
index 41e1e5ddaea..aa4a840fdcf 100644
|
||||
--- a/src/http/one/TeChunkedParser.cc
|
||||
+++ b/src/http/one/TeChunkedParser.cc
|
||||
@@ -125,10 +125,10 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok)
|
||||
// Code becomes much simpler when incremental parsing functions throw on
|
||||
// bad or insufficient input, like in the code below. TODO: Expand up.
|
||||
try {
|
||||
- // A possibly empty chunk-ext list. If no chunk-ext has been found,
|
||||
- // try to skip trailing BWS, because some servers send "chunk-size BWS CRLF".
|
||||
- if (!parseChunkExtensions(tok))
|
||||
- ParseBws(tok, true);
|
||||
+ // Bug 4492: IBM_HTTP_Server sends SP after chunk-size
|
||||
+ ParseBws(tok, true);
|
||||
+
|
||||
+ parseChunkExtensions(tok);
|
||||
|
||||
tok.skipRequired("CRLF after [chunk-ext]", Http1::CrLf());
|
||||
buf_ = tok.remaining();
|
||||
@@ -150,7 +150,7 @@ Http::One::TeChunkedParser::parseChunkExtensions(Tokenizer &callerTok)
|
||||
do {
|
||||
auto tok = callerTok;
|
||||
|
||||
- ParseBws(tok); // Bug 4492: IBM_HTTP_Server sends SP after chunk-size
|
||||
+ ParseBws(tok);
|
||||
|
||||
if (!tok.skip(';'))
|
||||
return foundChunkExt; // reached the end of extensions (if any)
|
||||
|
||||
From f837f5ff61301a17008f16ce1fb793c2abf19786 Mon Sep 17 00:00:00 2001
|
||||
From: Alex Rousskov <rousskov@measurement-factory.com>
|
||||
Date: Thu, 10 Oct 2024 23:06:42 -0400
|
||||
Subject: [PATCH 5/6] fixup: Fewer conditionals/ifs and more explicit spelling
|
||||
|
||||
... to draw code reader attention when something unusual is going on.
|
||||
---
|
||||
src/http/one/Parser.cc | 22 ++++++++++++++++++----
|
||||
src/http/one/Parser.h | 10 ++++++++--
|
||||
src/http/one/TeChunkedParser.cc | 14 ++++++--------
|
||||
src/http/one/TeChunkedParser.h | 2 +-
|
||||
4 files changed, 33 insertions(+), 15 deletions(-)
|
||||
|
||||
diff --git a/src/http/one/Parser.cc b/src/http/one/Parser.cc
|
||||
index 01d7e3bc0e8..d3937e5e96b 100644
|
||||
--- a/src/http/one/Parser.cc
|
||||
+++ b/src/http/one/Parser.cc
|
||||
@@ -271,11 +271,12 @@ Http::One::ErrorLevel()
|
||||
return Config.onoff.relaxed_header_parser < 0 ? DBG_IMPORTANT : 5;
|
||||
}
|
||||
|
||||
-// BWS = *( SP / HTAB ) ; WhitespaceCharacters() may relax this RFC 7230 rule
|
||||
-void
|
||||
-Http::One::ParseBws(Parser::Tokenizer &tok, const bool wsp_only)
|
||||
+/// common part of ParseBws() and ParseStrctBws()
|
||||
+namespace Http::One {
|
||||
+static void
|
||||
+ParseBws_(Parser::Tokenizer &tok, const CharacterSet &bwsChars)
|
||||
{
|
||||
- const auto count = tok.skipAll(wsp_only ? CharacterSet::WSP : Parser::WhitespaceCharacters());
|
||||
+ const auto count = tok.skipAll(bwsChars);
|
||||
|
||||
if (tok.atEnd())
|
||||
throw InsufficientInput(); // even if count is positive
|
||||
@@ -290,4 +291,17 @@ Http::One::ParseBws(Parser::Tokenizer &tok, const bool wsp_only)
|
||||
|
||||
// success: no more BWS characters expected
|
||||
}
|
||||
+} // namespace Http::One
|
||||
+
|
||||
+void
|
||||
+Http::One::ParseBws(Parser::Tokenizer &tok)
|
||||
+{
|
||||
+ ParseBws_(tok, CharacterSet::WSP);
|
||||
+}
|
||||
+
|
||||
+void
|
||||
+Http::One::ParseStrictBws(Parser::Tokenizer &tok)
|
||||
+{
|
||||
+ ParseBws_(tok, Parser::WhitespaceCharacters());
|
||||
+}
|
||||
|
||||
diff --git a/src/http/one/Parser.h b/src/http/one/Parser.h
|
||||
index 3ef4c5f7752..49e399de546 100644
|
||||
--- a/src/http/one/Parser.h
|
||||
+++ b/src/http/one/Parser.h
|
||||
@@ -163,9 +163,15 @@ class Parser : public RefCountable
|
||||
};
|
||||
|
||||
/// skips and, if needed, warns about RFC 7230 BWS ("bad" whitespace)
|
||||
-/// \param wsp_only force skipping of whitespaces only, don't consider skipping relaxed delimiter chars
|
||||
/// \throws InsufficientInput when the end of BWS cannot be confirmed
|
||||
-void ParseBws(Parser::Tokenizer &, const bool wsp_only = false);
|
||||
+/// \sa WhitespaceCharacters() for the definition of BWS characters
|
||||
+/// \sa ParseStrictBws() that avoids WhitespaceCharacters() uncertainties
|
||||
+void ParseBws(Parser::Tokenizer &);
|
||||
+
|
||||
+/// Like ParseBws() but only skips CharacterSet::WSP characters. This variation
|
||||
+/// must be used if the next element may start with CR or any other character
|
||||
+/// from RelaxedDelimiterCharacters().
|
||||
+void ParseStrictBws(Parser::Tokenizer &);
|
||||
|
||||
/// the right debugs() level for logging HTTP violation messages
|
||||
int ErrorLevel();
|
||||
diff --git a/src/http/one/TeChunkedParser.cc b/src/http/one/TeChunkedParser.cc
|
||||
index aa4a840fdcf..859471b8c77 100644
|
||||
--- a/src/http/one/TeChunkedParser.cc
|
||||
+++ b/src/http/one/TeChunkedParser.cc
|
||||
@@ -125,11 +125,11 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok)
|
||||
// Code becomes much simpler when incremental parsing functions throw on
|
||||
// bad or insufficient input, like in the code below. TODO: Expand up.
|
||||
try {
|
||||
- // Bug 4492: IBM_HTTP_Server sends SP after chunk-size
|
||||
- ParseBws(tok, true);
|
||||
-
|
||||
- parseChunkExtensions(tok);
|
||||
+ // Bug 4492: IBM_HTTP_Server sends SP after chunk-size.
|
||||
+ // No ParseBws() here because it may consume CR required further below.
|
||||
+ ParseStrictBws(tok);
|
||||
|
||||
+ parseChunkExtensions(tok); // a possibly empty chunk-ext list
|
||||
tok.skipRequired("CRLF after [chunk-ext]", Http1::CrLf());
|
||||
buf_ = tok.remaining();
|
||||
parsingStage_ = theChunkSize ? Http1::HTTP_PARSE_CHUNK : Http1::HTTP_PARSE_MIME;
|
||||
@@ -143,22 +143,20 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok)
|
||||
|
||||
/// Parses the chunk-ext list (RFC 9112 section 7.1.1:
|
||||
/// chunk-ext = *( BWS ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] )
|
||||
-bool
|
||||
+void
|
||||
Http::One::TeChunkedParser::parseChunkExtensions(Tokenizer &callerTok)
|
||||
{
|
||||
- bool foundChunkExt = false;
|
||||
do {
|
||||
auto tok = callerTok;
|
||||
|
||||
ParseBws(tok);
|
||||
|
||||
if (!tok.skip(';'))
|
||||
- return foundChunkExt; // reached the end of extensions (if any)
|
||||
+ return; // reached the end of extensions (if any)
|
||||
|
||||
parseOneChunkExtension(tok);
|
||||
buf_ = tok.remaining(); // got one extension
|
||||
callerTok = tok;
|
||||
- foundChunkExt = true;
|
||||
} while (true);
|
||||
}
|
||||
|
||||
diff --git a/src/http/one/TeChunkedParser.h b/src/http/one/TeChunkedParser.h
|
||||
index 8c5d4bb4cba..02eacd1bb89 100644
|
||||
--- a/src/http/one/TeChunkedParser.h
|
||||
+++ b/src/http/one/TeChunkedParser.h
|
||||
@@ -71,7 +71,7 @@ class TeChunkedParser : public Http1::Parser
|
||||
private:
|
||||
bool parseChunkSize(Tokenizer &tok);
|
||||
bool parseChunkMetadataSuffix(Tokenizer &);
|
||||
- bool parseChunkExtensions(Tokenizer &);
|
||||
+ void parseChunkExtensions(Tokenizer &);
|
||||
void parseOneChunkExtension(Tokenizer &);
|
||||
bool parseChunkBody(Tokenizer &tok);
|
||||
bool parseChunkEnd(Tokenizer &tok);
|
||||
|
||||
From f79936a234e722adb2dd08f31cf6019d81ee712c Mon Sep 17 00:00:00 2001
|
||||
From: Alex Rousskov <rousskov@measurement-factory.com>
|
||||
Date: Thu, 10 Oct 2024 23:31:08 -0400
|
||||
Subject: [PATCH 6/6] fixup: Deadly typo
|
||||
|
||||
---
|
||||
src/http/one/Parser.cc | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/http/one/Parser.cc b/src/http/one/Parser.cc
|
||||
index d3937e5e96b..7403a9163a2 100644
|
||||
--- a/src/http/one/Parser.cc
|
||||
+++ b/src/http/one/Parser.cc
|
||||
@@ -296,12 +296,12 @@ ParseBws_(Parser::Tokenizer &tok, const CharacterSet &bwsChars)
|
||||
void
|
||||
Http::One::ParseBws(Parser::Tokenizer &tok)
|
||||
{
|
||||
- ParseBws_(tok, CharacterSet::WSP);
|
||||
+ ParseBws_(tok, Parser::WhitespaceCharacters());
|
||||
}
|
||||
|
||||
void
|
||||
Http::One::ParseStrictBws(Parser::Tokenizer &tok)
|
||||
{
|
||||
- ParseBws_(tok, Parser::WhitespaceCharacters());
|
||||
+ ParseBws_(tok, CharacterSet::WSP);
|
||||
}
|
||||
|
||||
|
@ -0,0 +1,17 @@
|
||||
File: squid-6.10.tar.xz
|
||||
Date: Sat Jun 8 02:53:29 PM UTC 2024
|
||||
Size: 2558208
|
||||
MD5 : 86deefa7282c4388be95260aa4d4cf6a
|
||||
SHA1: 70e90865df0e4e9ba7765b622da40bda9bb8fc5d
|
||||
Key : 29B4B1F7CE03D1B1DED22F3028F85029FEF6E865 <kinkie@squid-cache.org>
|
||||
29B4 B1F7 CE03 D1B1 DED2 2F30 28F8 5029 FEF6 E865
|
||||
sub cv25519 2021-05-15 [E]
|
||||
keyring = http://www.squid-cache.org/pgp.asc
|
||||
keyserver = pool.sks-keyservers.net
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iHUEABYKAB0WIQQptLH3zgPRsd7SLzAo+FAp/vboZQUCZmRwewAKCRAo+FAp/vbo
|
||||
ZZV0AP0WDdXJFarEEYCSXSv/zT1l0FrI8jLQCT3Rsp6nTbWxfwD/VYmUMDetPLPJ
|
||||
GYHJNrRm7OceMQcsqhQIz6X71SR9AQs=
|
||||
=4HPC
|
||||
-----END PGP SIGNATURE-----
|
@ -0,0 +1,15 @@
|
||||
/var/log/squid/*.log {
|
||||
weekly
|
||||
rotate 5
|
||||
compress
|
||||
delaycompress
|
||||
notifempty
|
||||
missingok
|
||||
nocreate
|
||||
sharedscripts
|
||||
postrotate
|
||||
# Asks squid to reopen its logs. (logfile_rotate 0 is set in squid.conf)
|
||||
# errors redirected to make it silent if squid is not running
|
||||
/usr/sbin/squid -k rotate 2>/dev/null
|
||||
endscript
|
||||
}
|
@ -0,0 +1,7 @@
|
||||
#!/bin/sh
|
||||
|
||||
case "$2" in
|
||||
up|down|vpn-up|vpn-down)
|
||||
/usr/bin/systemctl -q reload squid.service || :
|
||||
;;
|
||||
esac
|
@ -0,0 +1,3 @@
|
||||
#%PAM-1.0
|
||||
auth include password-auth
|
||||
account include password-auth
|
@ -0,0 +1,18 @@
|
||||
[Unit]
|
||||
Description=Squid caching proxy
|
||||
Documentation=man:squid(8)
|
||||
After=network.target network-online.target nss-lookup.target
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
LimitNOFILE=16384
|
||||
PIDFile=/run/squid.pid
|
||||
EnvironmentFile=/etc/sysconfig/squid
|
||||
ExecStartPre=/usr/libexec/squid/cache_swap.sh
|
||||
ExecStart=/usr/sbin/squid --foreground $SQUID_OPTS -f ${SQUID_CONF}
|
||||
ExecReload=/usr/bin/kill -HUP $MAINPID
|
||||
KillMode=mixed
|
||||
NotifyAccess=all
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -0,0 +1,5 @@
|
||||
# default squid options
|
||||
SQUID_OPTS=""
|
||||
|
||||
# default squid conf file
|
||||
SQUID_CONF="/etc/squid/squid.conf"
|
@ -0,0 +1,2 @@
|
||||
g squid 23 -
|
||||
u squid 23 "Squid proxy user" /var/spool/squid /sbin/nologin
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in new issue