diff -Nru squid3-3.3.8/debian/changelog squid3-3.3.8/debian/changelog --- squid3-3.3.8/debian/changelog 2014-11-25 14:03:13.000000000 +0000 +++ squid3-3.3.8/debian/changelog 2015-07-01 22:25:59.000000000 +0000 @@ -1,3 +1,11 @@ +squid3 (3.3.8-1ubuntu6.3) trusty-proposed; urgency=low + + * d/patches/fix-caching-vary-header.patch: Added upstream patch + for the bug which prevented squid from caching responses with + Vary header. (LP: #1336742) Based on work by Oleg Strikov. + + -- Rolf Leggewie Wed, 01 Jul 2015 15:25:59 -0700 + squid3 (3.3.8-1ubuntu6.2) trusty-security; urgency=medium * SECURITY UPDATE: Fix various ICMP handling issues in Squid pinger. diff -Nru squid3-3.3.8/debian/patches/fix-caching-vary-header.patch squid3-3.3.8/debian/patches/fix-caching-vary-header.patch --- squid3-3.3.8/debian/patches/fix-caching-vary-header.patch 1970-01-01 00:00:00.000000000 +0000 +++ squid3-3.3.8/debian/patches/fix-caching-vary-header.patch 2015-07-01 22:25:02.000000000 +0000 @@ -0,0 +1,62 @@ +Description: Fix bug which prevented squid from caching responses with Vary header +Origin: upstream, http://bazaar.launchpad.net/~squid/squid/3-trunk/revision/13179 +Author: Alex Rousskov +Bug: http://bugs.squid-cache.org/show_bug.cgi?id=3806 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/1336742 +Index: bug-1336742/src/MemStore.cc +=================================================================== +--- bug-1336742.orig/src/MemStore.cc ++++ bug-1336742/src/MemStore.cc +@@ -310,6 +310,12 @@ MemStore::considerKeeping(StoreEntry &e) + return; + } + ++ if (e.mem_obj->vary_headers) { ++ // XXX: We must store/load SerialisedMetaData to cache Vary in RAM ++ debugs(20, 5, "Vary not yet supported: " << e.mem_obj->vary_headers); ++ return; ++ } ++ + keep(e); // may still fail + } + +Index: bug-1336742/src/client_side_reply.cc +=================================================================== +--- bug-1336742.orig/src/client_side_reply.cc ++++ bug-1336742/src/client_side_reply.cc +@@ -499,6 +499,7 @@ clientReplyContext::cacheHit(StoreIOBuff + + if (strcmp(e->mem_obj->url, urlCanonical(r)) != 0) { + debugs(33, DBG_IMPORTANT, "clientProcessHit: URL mismatch, '" << e->mem_obj->url << "' != '" << urlCanonical(r) << "'"); ++ http->logType = LOG_TCP_MISS; // we lack a more precise LOG_*_MISS code + processMiss(); + return; + } +@@ -530,6 +531,7 @@ clientReplyContext::cacheHit(StoreIOBuff + case VARY_CANCEL: + /* varyEvaluateMatch found a object loop. Process as miss */ + debugs(88, DBG_IMPORTANT, "clientProcessHit: Vary object loop!"); ++ http->logType = LOG_TCP_MISS; // we lack a more precise LOG_*_MISS code + processMiss(); + return; + } +Index: bug-1336742/src/store.cc +=================================================================== +--- bug-1336742.orig/src/store.cc ++++ bug-1336742/src/store.cc +@@ -780,12 +780,14 @@ StoreEntry::setPublicKey() + } + + #endif +- pe->replaceHttpReply(rep); ++ pe->replaceHttpReply(rep, false); // no write until key is public + + pe->timestampsSet(); + + pe->makePublic(); + ++ pe->startWriting(); // after makePublic() ++ + pe->complete(); + + pe->unlock(); diff -Nru squid3-3.3.8/debian/patches/series squid3-3.3.8/debian/patches/series --- squid3-3.3.8/debian/patches/series 2014-11-25 13:27:50.000000000 +0000 +++ squid3-3.3.8/debian/patches/series 2015-07-01 22:25:02.000000000 +0000 @@ -8,3 +8,4 @@ fix-distribution.patch CVE-2014-3609.patch fix-icmp-pinger-icmp4-6.patch +fix-caching-vary-header.patch