aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Wilke <miwi@FreeBSD.org>2007-04-26 08:11:29 +0000
committerMartin Wilke <miwi@FreeBSD.org>2007-04-26 08:11:29 +0000
commit4d7c38b4978e3cdd86d2660e5bdc7a2232a2d5e6 (patch)
treea49c450240f4bda5749a5d4d048c736db4c2e459
parent5cbfa18239958337bc3bf357f4394ce555492b86 (diff)
Add a patch for Squid bug #1814, see <http://www.squid-cache.org/bugs/show_bug.cgi?id=1814>.
The patchset is a slightly modified version of the Squid patchset 11375. Notes: Since this patch conflicts with the ICAP patchset and only affects non-default configurations that have been compiled using the WITH_SQUID_SSL configuration option, apply the patch only when this option is enabled. Set IGNORE when both WITH_SQUID_SSL and WITH_SQUID_ICAP are defined. PR: 112054 Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
Notes
Notes: svn path=/head/; revision=190906
-rw-r--r--www/squid/Makefile5
-rw-r--r--www/squid/files/extra-patch-changeset_1137577
-rw-r--r--www/squid30/Makefile5
-rw-r--r--www/squid30/files/extra-patch-changeset_1137577
-rw-r--r--www/squid31/Makefile5
-rw-r--r--www/squid31/files/extra-patch-changeset_1137577
6 files changed, 246 insertions, 0 deletions
diff --git a/www/squid/Makefile b/www/squid/Makefile
index 8c91129c4831..d82c16d861c8 100644
--- a/www/squid/Makefile
+++ b/www/squid/Makefile
@@ -76,6 +76,7 @@
PORTNAME= squid
PORTVERSION= 2.6.12
+PORTREVISION= 1
CATEGORIES= www
MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
ftp://ftp.vistech.net/pub/squid/%SUBDIR%/ \
@@ -279,6 +280,10 @@ CONFIGURE_ARGS+= --enable-ssl \
--with-openssl="${OPENSSLBASE}"
CFLAGS+= -I${OPENSSLINC}
LDFLAGS+= -L${OPENSSLLIB}
+.if defined(WITH_SQUID_ICAP)
+IGNORE= is currently broken with both ICAP and SSL support enabled because of conflicting patches. This will be resolved for Squid 2.6.13
+.endif
+EXTRA_PATCHES+= ${PATCHDIR}/extra-patch-changeset_11375
.endif
.if defined(WITH_SQUID_PINGER)
CONFIGURE_ARGS+= --enable-icmp
diff --git a/www/squid/files/extra-patch-changeset_11375 b/www/squid/files/extra-patch-changeset_11375
new file mode 100644
index 000000000000..ec49cb17fd92
--- /dev/null
+++ b/www/squid/files/extra-patch-changeset_11375
@@ -0,0 +1,77 @@
+---------------------
+PatchSet 11375
+Date: 2007/04/17 09:35:17
+Author: hno
+Branch: SQUID_2_6
+Tag: (none)
+Log:
+MFC: Bug #1814: SSL memory leak on persistent SSL connections
+
+Memory leak when attemting to reuse SSL-negotiated outgoing connections.
+
+Mainly affects reverse proxy setups using SSL-enabled peers.
+
+Merged changes:
+2007/04/16 23:05:50 hno +8 -6 Bug #1814: SSL memory leak on persistent SSL connections
+
+Members:
+ src/forward.c:1.120.2.2->1.120.2.3
+
+Note: this patchset was slightly modified for the FreeBSD port
+ to make it apply cleanly (one hunk removed, path information stripped)
+
+Index: squid/src/forward.c
+===================================================================
+RCS file: /cvsroot/squid/squid/src/forward.c,v
+retrieving revision 1.120.2.2
+retrieving revision 1.120.2.3
+diff -u -r1.120.2.2 -r1.120.2.3
+--- src/forward.c 26 Mar 2007 23:14:09 -0000 1.120.2.2
++++ src/forward.c 17 Apr 2007 09:35:17 -0000 1.120.2.3
+@@ -319,6 +319,7 @@
+ fd_table[fd].ssl = ssl;
+ fd_table[fd].read_method = &ssl_read_method;
+ fd_table[fd].write_method = &ssl_write_method;
++ fd_note(fd, "Negotiating SSL");
+ fwdNegotiateSSL(fd, fwdState);
+ }
+ #endif
+@@ -357,10 +358,6 @@
+ comm_close(server_fd);
+ } else {
+ debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry));
+- fd_note(server_fd, storeUrl(fwdState->entry));
+- fd_table[server_fd].uses++;
+- if (fd_table[server_fd].uses == 1 && fs->peer)
+- peerConnectSucceded(fs->peer);
+ #if USE_SSL
+ if ((fs->peer && fs->peer->use_ssl) ||
+ (!fs->peer && request->protocol == PROTO_HTTPS)) {
+@@ -535,7 +532,7 @@
+ hierarchyNote(&fwdState->request->hier, fs->code, fd_table[fd].ipaddr);
+ else
+ hierarchyNote(&fwdState->request->hier, fs->code, name);
+- fwdConnectDone(fd, COMM_OK, fwdState);
++ fwdDispatch(fwdState);
+ return;
+ } else {
+ /* Discard the persistent connection to not cause
+@@ -653,6 +650,7 @@
+ StoreEntry *entry = fwdState->entry;
+ ErrorState *err;
+ int server_fd = fwdState->server_fd;
++ FwdServer *fs = fwdState->servers;
+ debug(17, 3) ("fwdDispatch: FD %d: Fetching '%s %s'\n",
+ fwdState->client_fd,
+ RequestMethodStr[request->method],
+@@ -667,6 +665,10 @@
+ assert(entry->ping_status != PING_WAITING);
+ assert(entry->lock_count);
+ EBIT_SET(entry->flags, ENTRY_DISPATCHED);
++ fd_note(server_fd, storeUrl(fwdState->entry));
++ fd_table[server_fd].uses++;
++ if (fd_table[server_fd].uses == 1 && fs->peer)
++ peerConnectSucceded(fs->peer);
+ netdbPingSite(request->host);
+ entry->mem_obj->refresh_timestamp = squid_curtime;
+ if (fwdState->servers && (p = fwdState->servers->peer)) {
diff --git a/www/squid30/Makefile b/www/squid30/Makefile
index 8c91129c4831..d82c16d861c8 100644
--- a/www/squid30/Makefile
+++ b/www/squid30/Makefile
@@ -76,6 +76,7 @@
PORTNAME= squid
PORTVERSION= 2.6.12
+PORTREVISION= 1
CATEGORIES= www
MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
ftp://ftp.vistech.net/pub/squid/%SUBDIR%/ \
@@ -279,6 +280,10 @@ CONFIGURE_ARGS+= --enable-ssl \
--with-openssl="${OPENSSLBASE}"
CFLAGS+= -I${OPENSSLINC}
LDFLAGS+= -L${OPENSSLLIB}
+.if defined(WITH_SQUID_ICAP)
+IGNORE= is currently broken with both ICAP and SSL support enabled because of conflicting patches. This will be resolved for Squid 2.6.13
+.endif
+EXTRA_PATCHES+= ${PATCHDIR}/extra-patch-changeset_11375
.endif
.if defined(WITH_SQUID_PINGER)
CONFIGURE_ARGS+= --enable-icmp
diff --git a/www/squid30/files/extra-patch-changeset_11375 b/www/squid30/files/extra-patch-changeset_11375
new file mode 100644
index 000000000000..ec49cb17fd92
--- /dev/null
+++ b/www/squid30/files/extra-patch-changeset_11375
@@ -0,0 +1,77 @@
+---------------------
+PatchSet 11375
+Date: 2007/04/17 09:35:17
+Author: hno
+Branch: SQUID_2_6
+Tag: (none)
+Log:
+MFC: Bug #1814: SSL memory leak on persistent SSL connections
+
+Memory leak when attemting to reuse SSL-negotiated outgoing connections.
+
+Mainly affects reverse proxy setups using SSL-enabled peers.
+
+Merged changes:
+2007/04/16 23:05:50 hno +8 -6 Bug #1814: SSL memory leak on persistent SSL connections
+
+Members:
+ src/forward.c:1.120.2.2->1.120.2.3
+
+Note: this patchset was slightly modified for the FreeBSD port
+ to make it apply cleanly (one hunk removed, path information stripped)
+
+Index: squid/src/forward.c
+===================================================================
+RCS file: /cvsroot/squid/squid/src/forward.c,v
+retrieving revision 1.120.2.2
+retrieving revision 1.120.2.3
+diff -u -r1.120.2.2 -r1.120.2.3
+--- src/forward.c 26 Mar 2007 23:14:09 -0000 1.120.2.2
++++ src/forward.c 17 Apr 2007 09:35:17 -0000 1.120.2.3
+@@ -319,6 +319,7 @@
+ fd_table[fd].ssl = ssl;
+ fd_table[fd].read_method = &ssl_read_method;
+ fd_table[fd].write_method = &ssl_write_method;
++ fd_note(fd, "Negotiating SSL");
+ fwdNegotiateSSL(fd, fwdState);
+ }
+ #endif
+@@ -357,10 +358,6 @@
+ comm_close(server_fd);
+ } else {
+ debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry));
+- fd_note(server_fd, storeUrl(fwdState->entry));
+- fd_table[server_fd].uses++;
+- if (fd_table[server_fd].uses == 1 && fs->peer)
+- peerConnectSucceded(fs->peer);
+ #if USE_SSL
+ if ((fs->peer && fs->peer->use_ssl) ||
+ (!fs->peer && request->protocol == PROTO_HTTPS)) {
+@@ -535,7 +532,7 @@
+ hierarchyNote(&fwdState->request->hier, fs->code, fd_table[fd].ipaddr);
+ else
+ hierarchyNote(&fwdState->request->hier, fs->code, name);
+- fwdConnectDone(fd, COMM_OK, fwdState);
++ fwdDispatch(fwdState);
+ return;
+ } else {
+ /* Discard the persistent connection to not cause
+@@ -653,6 +650,7 @@
+ StoreEntry *entry = fwdState->entry;
+ ErrorState *err;
+ int server_fd = fwdState->server_fd;
++ FwdServer *fs = fwdState->servers;
+ debug(17, 3) ("fwdDispatch: FD %d: Fetching '%s %s'\n",
+ fwdState->client_fd,
+ RequestMethodStr[request->method],
+@@ -667,6 +665,10 @@
+ assert(entry->ping_status != PING_WAITING);
+ assert(entry->lock_count);
+ EBIT_SET(entry->flags, ENTRY_DISPATCHED);
++ fd_note(server_fd, storeUrl(fwdState->entry));
++ fd_table[server_fd].uses++;
++ if (fd_table[server_fd].uses == 1 && fs->peer)
++ peerConnectSucceded(fs->peer);
+ netdbPingSite(request->host);
+ entry->mem_obj->refresh_timestamp = squid_curtime;
+ if (fwdState->servers && (p = fwdState->servers->peer)) {
diff --git a/www/squid31/Makefile b/www/squid31/Makefile
index 8c91129c4831..d82c16d861c8 100644
--- a/www/squid31/Makefile
+++ b/www/squid31/Makefile
@@ -76,6 +76,7 @@
PORTNAME= squid
PORTVERSION= 2.6.12
+PORTREVISION= 1
CATEGORIES= www
MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
ftp://ftp.vistech.net/pub/squid/%SUBDIR%/ \
@@ -279,6 +280,10 @@ CONFIGURE_ARGS+= --enable-ssl \
--with-openssl="${OPENSSLBASE}"
CFLAGS+= -I${OPENSSLINC}
LDFLAGS+= -L${OPENSSLLIB}
+.if defined(WITH_SQUID_ICAP)
+IGNORE= is currently broken with both ICAP and SSL support enabled because of conflicting patches. This will be resolved for Squid 2.6.13
+.endif
+EXTRA_PATCHES+= ${PATCHDIR}/extra-patch-changeset_11375
.endif
.if defined(WITH_SQUID_PINGER)
CONFIGURE_ARGS+= --enable-icmp
diff --git a/www/squid31/files/extra-patch-changeset_11375 b/www/squid31/files/extra-patch-changeset_11375
new file mode 100644
index 000000000000..ec49cb17fd92
--- /dev/null
+++ b/www/squid31/files/extra-patch-changeset_11375
@@ -0,0 +1,77 @@
+---------------------
+PatchSet 11375
+Date: 2007/04/17 09:35:17
+Author: hno
+Branch: SQUID_2_6
+Tag: (none)
+Log:
+MFC: Bug #1814: SSL memory leak on persistent SSL connections
+
+Memory leak when attemting to reuse SSL-negotiated outgoing connections.
+
+Mainly affects reverse proxy setups using SSL-enabled peers.
+
+Merged changes:
+2007/04/16 23:05:50 hno +8 -6 Bug #1814: SSL memory leak on persistent SSL connections
+
+Members:
+ src/forward.c:1.120.2.2->1.120.2.3
+
+Note: this patchset was slightly modified for the FreeBSD port
+ to make it apply cleanly (one hunk removed, path information stripped)
+
+Index: squid/src/forward.c
+===================================================================
+RCS file: /cvsroot/squid/squid/src/forward.c,v
+retrieving revision 1.120.2.2
+retrieving revision 1.120.2.3
+diff -u -r1.120.2.2 -r1.120.2.3
+--- src/forward.c 26 Mar 2007 23:14:09 -0000 1.120.2.2
++++ src/forward.c 17 Apr 2007 09:35:17 -0000 1.120.2.3
+@@ -319,6 +319,7 @@
+ fd_table[fd].ssl = ssl;
+ fd_table[fd].read_method = &ssl_read_method;
+ fd_table[fd].write_method = &ssl_write_method;
++ fd_note(fd, "Negotiating SSL");
+ fwdNegotiateSSL(fd, fwdState);
+ }
+ #endif
+@@ -357,10 +358,6 @@
+ comm_close(server_fd);
+ } else {
+ debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry));
+- fd_note(server_fd, storeUrl(fwdState->entry));
+- fd_table[server_fd].uses++;
+- if (fd_table[server_fd].uses == 1 && fs->peer)
+- peerConnectSucceded(fs->peer);
+ #if USE_SSL
+ if ((fs->peer && fs->peer->use_ssl) ||
+ (!fs->peer && request->protocol == PROTO_HTTPS)) {
+@@ -535,7 +532,7 @@
+ hierarchyNote(&fwdState->request->hier, fs->code, fd_table[fd].ipaddr);
+ else
+ hierarchyNote(&fwdState->request->hier, fs->code, name);
+- fwdConnectDone(fd, COMM_OK, fwdState);
++ fwdDispatch(fwdState);
+ return;
+ } else {
+ /* Discard the persistent connection to not cause
+@@ -653,6 +650,7 @@
+ StoreEntry *entry = fwdState->entry;
+ ErrorState *err;
+ int server_fd = fwdState->server_fd;
++ FwdServer *fs = fwdState->servers;
+ debug(17, 3) ("fwdDispatch: FD %d: Fetching '%s %s'\n",
+ fwdState->client_fd,
+ RequestMethodStr[request->method],
+@@ -667,6 +665,10 @@
+ assert(entry->ping_status != PING_WAITING);
+ assert(entry->lock_count);
+ EBIT_SET(entry->flags, ENTRY_DISPATCHED);
++ fd_note(server_fd, storeUrl(fwdState->entry));
++ fd_table[server_fd].uses++;
++ if (fd_table[server_fd].uses == 1 && fs->peer)
++ peerConnectSucceded(fs->peer);
+ netdbPingSite(request->host);
+ entry->mem_obj->refresh_timestamp = squid_curtime;
+ if (fwdState->servers && (p = fwdState->servers->peer)) {