diff options
author | lwhsu <lwhsu@FreeBSD.org> | 2010-08-19 06:26:21 +0800 |
---|---|---|
committer | lwhsu <lwhsu@FreeBSD.org> | 2010-08-19 06:26:21 +0800 |
commit | b2e59c4b62785d5ff000ad17248e3e43253bf5d8 (patch) | |
tree | ba7ce699f45abd61ba121803a9fa16c6642f70c9 /www/squid31/files | |
parent | 77c527993ba6eae2c7f7a1ef6fdeb3b0b596165d (diff) | |
download | freebsd-ports-gnome-b2e59c4b62785d5ff000ad17248e3e43253bf5d8.tar.gz freebsd-ports-gnome-b2e59c4b62785d5ff000ad17248e3e43253bf5d8.tar.zst freebsd-ports-gnome-b2e59c4b62785d5ff000ad17248e3e43253bf5d8.zip |
- Unbreak HTTPS on IPv4-only systems by adding a trimmed version
of the vendor patch
PR: ports/149582
Submitted by: Thomas-Martin Seck <tmseck AT web.de> (maintainer)
Obtained from: http://bugs.squid-cache.org/show_bug.cgi?id=3011
Diffstat (limited to 'www/squid31/files')
-rw-r--r-- | www/squid31/files/patch-changeset_10063 | 237 |
1 files changed, 237 insertions, 0 deletions
diff --git a/www/squid31/files/patch-changeset_10063 b/www/squid31/files/patch-changeset_10063 new file mode 100644 index 000000000000..91c4037802a0 --- /dev/null +++ b/www/squid31/files/patch-changeset_10063 @@ -0,0 +1,237 @@ +This FreeBSD port patch is a slightly trimmed version of the original +changeset (http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10063.patch): +The part that patches a file that is not present in the downloadable +tarball was removed. +This is a fix for Squid bug 3011: "squid 3.1.6 doesn't work on +ipv4-only-systems". +------------------------------------------------------------ +revno: 10063 +revision-id: amosjeffries@squid-cache.org-20100811111641-hybknxtyd8ukt5c1 +parent: amosjeffries@squid-cache.org-20100810083149-w98pbcc8f0d5tlpo +committer: Amos Jeffries <amosjeffries@squid-cache.org> +branch nick: SQUID_3_1 +timestamp: Wed 2010-08-11 05:16:41 -0600 +message: + Bug 3011: ICAP, HTTPS, cache_peer probe IPv4-only port fixes + + Also updates the forwarding CONNECT_FAIL errors to display more correct + errno messages. +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: amosjeffries@squid-cache.org-20100811111641-\ +# hybknxtyd8ukt5c1 +# target_branch: http://www.squid-cache.org/bzr/squid3/trunk/ +# testament_sha1: 2aac12c8c664a6c3dbdbd075b256aefeb53926a8 +# timestamp: 2010-08-11 11:31:46 +0000 +# source_branch: http://www.squid-cache.org/bzr/squid3/branches\ +# /SQUID_3_1 +# base_revision_id: amosjeffries@squid-cache.org-20100810083149-\ +# w98pbcc8f0d5tlpo +# +# Begin patch +=== modified file 'src/adaptation/ServiceConfig.cc' +--- src/adaptation/ServiceConfig.cc 2010-05-26 04:00:23 +0000 ++++ src/adaptation/ServiceConfig.cc 2010-08-11 11:16:41 +0000 +@@ -5,10 +5,11 @@ + #include "squid.h" + #include "ConfigParser.h" + #include "adaptation/ServiceConfig.h" ++#include "ip/tools.h" + + Adaptation::ServiceConfig::ServiceConfig(): + port(-1), method(methodNone), point(pointNone), +- bypass(false), routing(false) ++ bypass(false), routing(false), ipv6(false) + {} + + const char * +@@ -93,7 +94,11 @@ + grokked = grokBool(bypass, name, value); + else if (strcmp(name, "routing") == 0) + grokked = grokBool(routing, name, value); +- else { ++ else if (strcmp(name, "ipv6") == 0) { ++ grokked = grokBool(ipv6, name, value); ++ if (grokked && ipv6 && !Ip::EnableIpv6) ++ debugs(3, DBG_IMPORTANT, "WARNING: IPv6 is disabled. ICAP service option ignored."); ++ } else { + debugs(3, 0, cfg_filename << ':' << config_lineno << ": " << + "unknown adaptation service option: " << name << '=' << value); + } + +=== modified file 'src/adaptation/ServiceConfig.h' +--- src/adaptation/ServiceConfig.h 2009-09-03 12:15:55 +0000 ++++ src/adaptation/ServiceConfig.h 2010-08-11 11:16:41 +0000 +@@ -33,6 +33,7 @@ + VectPoint point; // where the adaptation happens (pre- or post-cache) + bool bypass; + bool routing; ///< whether this service may determine the next service(s) ++ bool ipv6; ///< whether this service uses IPv6 transport (default IPv4) + + protected: + Method parseMethod(const char *buf) const; + +=== modified file 'src/adaptation/icap/Xaction.cc' +--- src/adaptation/icap/Xaction.cc 2009-09-03 12:15:55 +0000 ++++ src/adaptation/icap/Xaction.cc 2010-08-11 11:16:41 +0000 +@@ -13,6 +13,7 @@ + #include "pconn.h" + #include "HttpRequest.h" + #include "HttpReply.h" ++#include "ip/tools.h" + #include "acl/FilledChecklist.h" + #include "icap_log.h" + #include "fde.h" +@@ -116,6 +117,15 @@ + disableRetries(); // we only retry pconn failures + + IpAddress outgoing; ++ if (!Ip::EnableIpv6 && !outgoing.SetIPv4()) { ++ debugs(31, DBG_CRITICAL, "ERROR: IPv6 is disabled. " << outgoing << " is not an IPv4 address."); ++ dieOnConnectionFailure(); // throws ++ } ++ /* split-stack for now requires default IPv4-only socket */ ++ if (Ip::EnableIpv6&IPV6_SPECIAL_SPLITSTACK && outgoing.IsAnyAddr() && !s.cfg().ipv6) { ++ outgoing.SetIPv4(); ++ } ++ + connection = comm_open(SOCK_STREAM, 0, outgoing, + COMM_NONBLOCKING, s.cfg().uri.termedBuf()); + + +=== modified file 'src/cf.data.pre' +--- src/cf.data.pre 2010-08-10 08:31:49 +0000 ++++ src/cf.data.pre 2010-08-11 11:16:41 +0000 +@@ -5798,6 +5798,11 @@ + Routing is not allowed by default: the ICAP X-Next-Services + response header is ignored. + ++ ipv6=on|off ++ Only has effect on split-stack systems. The default on those systems ++ is to use IPv4-only connections. When set to 'on' this option will ++ make Squid use IPv6-only connections to contact this ICAP service. ++ + Older icap_service format without optional named parameters is + deprecated but supported for backward compatibility. + + +=== modified file 'src/dns_internal.cc' +--- src/dns_internal.cc 2010-07-27 13:02:31 +0000 ++++ src/dns_internal.cc 2010-08-11 11:16:41 +0000 +@@ -201,10 +201,15 @@ + + if (A.IsAnyAddr()) { + debugs(78, 0, "WARNING: Squid does not accept " << A << " in DNS server specifications."); +- A = "127.0.0.1"; ++ A.SetLocalhost(); + debugs(78, 0, "Will be using " << A << " instead, assuming you meant that DNS is running on the same machine"); + } + ++ if (!Ip::EnableIpv6 && !A.SetIPv4()) { ++ debugs(78, DBG_IMPORTANT, "WARNING: IPv6 is disabled. Discarding " << A << " in DNS server specifications."); ++ return; ++ } ++ + if (nns == nns_alloc) { + int oldalloc = nns_alloc; + ns *oldptr = nameservers; +@@ -742,6 +747,12 @@ + else + addr = Config.Addrs.udp_incoming; + ++ if (nameservers[ns].S.IsIPv4() && !addr.SetIPv4()) { ++ debugs(31, DBG_CRITICAL, "ERROR: Cannot contact DNS nameserver " << nameservers[ns].S << " from " << addr); ++ addr.SetAnyAddr(); ++ addr.SetIPv4(); ++ } ++ + vc->queue = new MemBuf; + + vc->msg = new MemBuf; + +=== modified file 'src/forward.cc' +--- src/forward.cc 2010-08-01 13:29:09 +0000 ++++ src/forward.cc 2010-08-11 11:16:41 +0000 +@@ -870,9 +870,9 @@ + + // if IPv6 is disabled try to force IPv4-only outgoing. + if (!Ip::EnableIpv6 && !outgoing.SetIPv4()) { +- debugs(50, 4, "fwdConnectStart: " << xstrerror()); ++ debugs(50, 4, "fwdConnectStart: IPv6 is Disabled. Cannot connect from " << outgoing); + ErrorState *anErr = errorCon(ERR_CONNECT_FAIL, HTTP_SERVICE_UNAVAILABLE, request); +- anErr->xerrno = errno; ++ anErr->xerrno = EAFNOSUPPORT; + fail(anErr); + self = NULL; // refcounted + return; + +=== modified file 'src/neighbors.cc' +--- src/neighbors.cc 2010-02-14 05:30:15 +0000 ++++ src/neighbors.cc 2010-08-11 11:16:41 +0000 +@@ -46,6 +46,7 @@ + #include "Store.h" + #include "icmp/net_db.h" + #include "ip/IpAddress.h" ++#include "ip/tools.h" + + /* count mcast group peers every 15 minutes */ + #define MCAST_COUNT_RATE 900 +@@ -1387,6 +1388,20 @@ + + IpAddress temp(getOutgoingAddr(NULL,p)); + ++ // if IPv6 is disabled try to force IPv4-only outgoing. ++ if (!Ip::EnableIpv6 && !temp.SetIPv4()) { ++ debugs(50, DBG_IMPORTANT, "WARNING: IPv6 is disabled. Failed to use " << temp << " to probe " << p->host); ++ return ret; ++ } ++ ++ // if IPv6 is split-stack, prefer IPv4 ++ if (Ip::EnableIpv6&IPV6_SPECIAL_SPLITSTACK) { ++ // NP: This is not a great choice of default, ++ // but with the current Internet being IPv4-majority has a higher success rate. ++ // if setting to IPv4 fails we dont care, that just means to use IPv6 outgoing. ++ temp.SetIPv4(); ++ } ++ + fd = comm_open(SOCK_STREAM, IPPROTO_TCP, temp, COMM_NONBLOCKING, p->host); + + if (fd < 0) + +=== modified file 'src/tunnel.cc' +--- src/tunnel.cc 2010-07-23 04:30:08 +0000 ++++ src/tunnel.cc 2010-08-11 11:16:41 +0000 +@@ -46,6 +46,7 @@ + #include "client_side.h" + #include "MemBuf.h" + #include "http.h" ++#include "ip/tools.h" + + class TunnelStateData + { +@@ -641,6 +642,24 @@ + statCounter.server.other.requests++; + /* Create socket. */ + IpAddress temp = getOutgoingAddr(request,NULL); ++ ++ // if IPv6 is disabled try to force IPv4-only outgoing. ++ if (!Ip::EnableIpv6 && !temp.SetIPv4()) { ++ debugs(50, 4, "tunnelStart: IPv6 is Disabled. Tunnel failed from " << temp); ++ ErrorState *anErr = errorCon(ERR_CONNECT_FAIL, HTTP_SERVICE_UNAVAILABLE, request); ++ anErr->xerrno = EAFNOSUPPORT; ++ errorSend(fd, anErr); ++ return; ++ } ++ ++ // if IPv6 is split-stack, prefer IPv4 ++ if (Ip::EnableIpv6&IPV6_SPECIAL_SPLITSTACK) { ++ // NP: This is not a great choice of default, ++ // but with the current Internet being IPv4-majority has a higher success rate. ++ // if setting to IPv4 fails we dont care, that just means to use IPv6 outgoing. ++ temp.SetIPv4(); ++ } ++ + int flags = COMM_NONBLOCKING; + if (request->flags.spoof_client_ip) { + flags |= COMM_TRANSPARENT; + |