Merge upstream fix for broken https support (#331965).

(Portage version: 2.1.8.3/cvs/Linux x86_64, RepoMan options: --force)
author: Alin Năstac <mrness@gentoo.org> 2010-08-12 06:29:33 +0000
committer: Alin Năstac <mrness@gentoo.org> 2010-08-12 06:29:33 +0000
commit: a1d0318f38a203380dba095381492fe1563f7df7 (patch)
tree: 990d45d6eb22a0d36c96c7517d7c692a13af0427 /net-proxy
parent: Add patch to generated testsuite to avoid autotools #331577. (diff)
download: gentoo-2-a1d0318f38a203380dba095381492fe1563f7df7.tar.gz
gentoo-2-a1d0318f38a203380dba095381492fe1563f7df7.tar.bz2
gentoo-2-a1d0318f38a203380dba095381492fe1563f7df7.zip
3 files changed, 125 insertions, 2 deletions
diff --git a/net-proxy/squid/ChangeLog b/net-proxy/squid/ChangeLog
index d97695299b28..950b51074566 100644
--- a/net-proxy/squid/ChangeLog
+++ b/net-proxy/squid/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-proxy/squid
 # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.303 2010/08/09 17:49:07 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.304 2010/08/12 06:29:32 mrness Exp $
+
+*squid-3.1.6-r1 (12 Aug 2010)
+
+  12 Aug 2010; Alin Năstac <mrness@gentoo.org> -squid-3.1.6.ebuild,
+  +squid-3.1.6-r1.ebuild, +files/squid-3.1.6-bug3011.patch:
+  Merge upstream fix for broken https support (#331965).
 
   09 Aug 2010; Jeroen Roovers <jer@gentoo.org> squid-2.7.9.ebuild,
   squid-3.1.6.ebuild:
diff --git a/net-proxy/squid/files/squid-3.1.6-bug3011.patch b/net-proxy/squid/files/squid-3.1.6-bug3011.patch
new file mode 100644
index 000000000000..fe431d2dbd63
--- /dev/null
+++ b/net-proxy/squid/files/squid-3.1.6-bug3011.patch
@@ -0,0 +1,116 @@
+diff -ur ./src/dns_internal.cc /var/tmp/squid-3.1.6/src/dns_internal.cc
+--- ./src/dns_internal.cc	2010-08-01 22:01:37.000000000 +0800
++++ /var/tmp/squid-3.1.6/src/dns_internal.cc	2010-08-10 19:31:46.000000000 +0800
+@@ -201,10 +201,15 @@
+ 
+     if (A.IsAnyAddr()) {
+         debugs(78, 0, "WARNING: Squid does not accept " << A << " in DNS server specifications.");
+-        A = "127.0.0.1";
++        A.SetLocalhost();
+         debugs(78, 0, "Will be using " << A << " instead, assuming you meant that DNS is running on the same machine");
+     }
+ 
++    if (!Ip::EnableIpv6 && !A.SetIPv4()) {
++        debugs(78, DBG_IMPORTANT, "WARNING: IPv6 is disabled. Discarding " << A << " in DNS server specifications.");
++        return;
++    }
++
+     if (nns == nns_alloc) {
+         int oldalloc = nns_alloc;
+         ns *oldptr = nameservers;
+@@ -742,6 +747,12 @@
+     else
+         addr = Config.Addrs.udp_incoming;
+ 
++    if (nameservers[ns].S.IsIPv4() && !addr.SetIPv4()) {
++        debugs(31, DBG_CRITICAL, "ERROR: Cannot contact DNS nameserver " << nameservers[ns].S << " from " << addr);
++        addr.SetAnyAddr();
++        addr.SetIPv4();
++    }
++
+     vc->queue = new MemBuf;
+ 
+     vc->msg = new MemBuf;
+diff -ur ./src/forward.cc /var/tmp/squid-3.1.6/src/forward.cc
+--- ./src/forward.cc	2010-08-01 22:01:37.000000000 +0800
++++ /var/tmp/squid-3.1.6/src/forward.cc	2010-08-10 19:31:46.000000000 +0800
+@@ -870,9 +870,9 @@
+ 
+     // if IPv6 is disabled try to force IPv4-only outgoing.
+     if (!Ip::EnableIpv6 && !outgoing.SetIPv4()) {
+-        debugs(50, 4, "fwdConnectStart: " << xstrerror());
++        debugs(50, 4, "fwdConnectStart: IPv6 is Disabled. Cannot connect from " << outgoing);
+         ErrorState *anErr = errorCon(ERR_CONNECT_FAIL, HTTP_SERVICE_UNAVAILABLE, request);
+-        anErr->xerrno = errno;
++        anErr->xerrno = EAFNOSUPPORT;
+         fail(anErr);
+         self = NULL;	// refcounted
+         return;
+diff -ur ./src/neighbors.cc /var/tmp/squid-3.1.6/src/neighbors.cc
+--- ./src/neighbors.cc	2010-08-01 22:01:38.000000000 +0800
++++ /var/tmp/squid-3.1.6/src/neighbors.cc	2010-08-10 19:49:16.000000000 +0800
+@@ -46,6 +46,7 @@
+ #include "Store.h"
+ #include "icmp/net_db.h"
+ #include "ip/IpAddress.h"
++#include "ip/tools.h"
+ 
+ /* count mcast group peers every 15 minutes */
+ #define MCAST_COUNT_RATE 900
+@@ -1387,6 +1388,20 @@
+ 
+     IpAddress temp(getOutgoingAddr(NULL,p));
+ 
++    // if IPv6 is disabled try to force IPv4-only outgoing.
++    if (!Ip::EnableIpv6 && !temp.SetIPv4()) {
++        debugs(50, DBG_IMPORTANT, "WARNING: IPv6 is disabled. Failed to use " << temp << " to probe " << p->host);
++        return ret;
++    }
++
++    // if IPv6 is split-stack, prefer IPv4
++    if (Ip::EnableIpv6&IPV6_SPECIAL_SPLITSTACK) {
++        // NP: This is not a great choice of default,
++        // but with the current Internet being IPv4-majority has a higher success rate.
++        // if setting to IPv4 fails we dont care, that just means to use IPv6 outgoing.
++        temp.SetIPv4();
++    }
++
+     fd = comm_open(SOCK_STREAM, IPPROTO_TCP, temp, COMM_NONBLOCKING, p->host);
+ 
+     if (fd < 0)
+diff -ur ./src/tunnel.cc /var/tmp/squid-3.1.6/src/tunnel.cc
+--- ./src/tunnel.cc	2010-08-01 22:01:38.000000000 +0800
++++ /var/tmp/squid-3.1.6/src/tunnel.cc	2010-08-10 20:02:46.000000000 +0800
+@@ -46,6 +46,7 @@
+ #include "client_side.h"
+ #include "MemBuf.h"
+ #include "http.h"
++#include "ip/tools.h"
+ 
+ class TunnelStateData
+ {
+@@ -641,6 +642,24 @@
+     statCounter.server.other.requests++;
+     /* Create socket. */
+     IpAddress temp = getOutgoingAddr(request,NULL);
++
++    // if IPv6 is disabled try to force IPv4-only outgoing.
++    if (!Ip::EnableIpv6 && !temp.SetIPv4()) {
++        debugs(50, 4, "tunnelStart: IPv6 is Disabled. Tunnel failed from " << temp);
++        err = errorCon(ERR_CONNECT_FAIL, HTTP_SERVICE_UNAVAILABLE, request);
++        err->xerrno = EAFNOSUPPORT;
++        errorSend(fd, err);
++        return;
++    }
++
++    // if IPv6 is split-stack, prefer IPv4
++    if (Ip::EnableIpv6&IPV6_SPECIAL_SPLITSTACK) {
++        // NP: This is not a great choice of default,
++        // but with the current Internet being IPv4-majority has a higher success rate.
++        // if setting to IPv4 fails we dont care, that just means to use IPv6 outgoing.
++        temp.SetIPv4();
++    }
++
+     int flags = COMM_NONBLOCKING;
+     if (request->flags.spoof_client_ip) {
+         flags |= COMM_TRANSPARENT;
diff --git a/net-proxy/squid/squid-3.1.6.ebuild b/net-proxy/squid/squid-3.1.6-r1.ebuild
index 68f724ba521a..35d42bbfc5e0 100644
--- a/net-proxy/squid/squid-3.1.6.ebuild
+++ b/net-proxy/squid/squid-3.1.6-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2010 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-3.1.6.ebuild,v 1.6 2010/08/09 17:49:07 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-3.1.6-r1.ebuild,v 1.1 2010/08/12 06:29:32 mrness Exp $
 
 EAPI="2"
 
@@ -68,6 +68,7 @@ src_prepare() {
 	epatch "${FILESDIR}"/${P}-gentoo.patch
 	epatch "${FILESDIR}"/${P}-qafixes.patch
 	epatch "${FILESDIR}"/${P}-libmd5.patch
+	epatch "${FILESDIR}"/${P}-bug3011.patch
 
 	# eautoreconf breaks lib/libLtdl/libtool script
 	./bootstrap.sh || die "autoreconf failed"
author	Alin Năstac <mrness@gentoo.org>	2010-08-12 06:29:33 +0000
committer	Alin Năstac <mrness@gentoo.org>	2010-08-12 06:29:33 +0000
commit	a1d0318f38a203380dba095381492fe1563f7df7 (patch)
tree	990d45d6eb22a0d36c96c7517d7c692a13af0427 /net-proxy
parent	Add patch to generated testsuite to avoid autotools #331577. (diff)
download	gentoo-2-a1d0318f38a203380dba095381492fe1563f7df7.tar.gz gentoo-2-a1d0318f38a203380dba095381492fe1563f7df7.tar.bz2 gentoo-2-a1d0318f38a203380dba095381492fe1563f7df7.zip