diff options
author | miwi <miwi@FreeBSD.org> | 2007-04-26 08:11:29 +0000 |
---|---|---|
committer | miwi <miwi@FreeBSD.org> | 2007-04-26 08:11:29 +0000 |
commit | 79d1125f3ed232db25739024f3f965c41f18a4b2 (patch) | |
tree | d5d605afa0548e368d6baf9a1a2ec642bdb2b858 | |
parent | dd275444727661bf6275a6c64f8becf328c13a67 (diff) | |
download | FreeBSD-ports-79d1125f3ed232db25739024f3f965c41f18a4b2.zip FreeBSD-ports-79d1125f3ed232db25739024f3f965c41f18a4b2.tar.gz |
Add a patch for Squid bug #1814, see <http://www.squid-cache.org/bugs/show_bug.cgi?id=1814>.
The patchset is a slightly modified version of the Squid patchset 11375.
Notes:
Since this patch conflicts with the ICAP patchset and only affects
non-default configurations that have been compiled using the
WITH_SQUID_SSL configuration option, apply the patch only when this
option is enabled. Set IGNORE when both WITH_SQUID_SSL and
WITH_SQUID_ICAP are defined.
PR: 112054
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
-rw-r--r-- | www/squid/Makefile | 5 | ||||
-rw-r--r-- | www/squid/files/extra-patch-changeset_11375 | 77 | ||||
-rw-r--r-- | www/squid30/Makefile | 5 | ||||
-rw-r--r-- | www/squid30/files/extra-patch-changeset_11375 | 77 | ||||
-rw-r--r-- | www/squid31/Makefile | 5 | ||||
-rw-r--r-- | www/squid31/files/extra-patch-changeset_11375 | 77 |
6 files changed, 246 insertions, 0 deletions
diff --git a/www/squid/Makefile b/www/squid/Makefile index 8c91129..d82c16d 100644 --- a/www/squid/Makefile +++ b/www/squid/Makefile @@ -76,6 +76,7 @@ PORTNAME= squid PORTVERSION= 2.6.12 +PORTREVISION= 1 CATEGORIES= www MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ ftp://ftp.vistech.net/pub/squid/%SUBDIR%/ \ @@ -279,6 +280,10 @@ CONFIGURE_ARGS+= --enable-ssl \ --with-openssl="${OPENSSLBASE}" CFLAGS+= -I${OPENSSLINC} LDFLAGS+= -L${OPENSSLLIB} +.if defined(WITH_SQUID_ICAP) +IGNORE= is currently broken with both ICAP and SSL support enabled because of conflicting patches. This will be resolved for Squid 2.6.13 +.endif +EXTRA_PATCHES+= ${PATCHDIR}/extra-patch-changeset_11375 .endif .if defined(WITH_SQUID_PINGER) CONFIGURE_ARGS+= --enable-icmp diff --git a/www/squid/files/extra-patch-changeset_11375 b/www/squid/files/extra-patch-changeset_11375 new file mode 100644 index 0000000..ec49cb1 --- /dev/null +++ b/www/squid/files/extra-patch-changeset_11375 @@ -0,0 +1,77 @@ +--------------------- +PatchSet 11375 +Date: 2007/04/17 09:35:17 +Author: hno +Branch: SQUID_2_6 +Tag: (none) +Log: +MFC: Bug #1814: SSL memory leak on persistent SSL connections + +Memory leak when attemting to reuse SSL-negotiated outgoing connections. + +Mainly affects reverse proxy setups using SSL-enabled peers. + +Merged changes: +2007/04/16 23:05:50 hno +8 -6 Bug #1814: SSL memory leak on persistent SSL connections + +Members: + src/forward.c:1.120.2.2->1.120.2.3 + +Note: this patchset was slightly modified for the FreeBSD port + to make it apply cleanly (one hunk removed, path information stripped) + +Index: squid/src/forward.c +=================================================================== +RCS file: /cvsroot/squid/squid/src/forward.c,v +retrieving revision 1.120.2.2 +retrieving revision 1.120.2.3 +diff -u -r1.120.2.2 -r1.120.2.3 +--- src/forward.c 26 Mar 2007 23:14:09 -0000 1.120.2.2 ++++ src/forward.c 17 Apr 2007 09:35:17 -0000 1.120.2.3 +@@ -319,6 +319,7 @@ + fd_table[fd].ssl = ssl; + fd_table[fd].read_method = &ssl_read_method; + fd_table[fd].write_method = &ssl_write_method; ++ fd_note(fd, "Negotiating SSL"); + fwdNegotiateSSL(fd, fwdState); + } + #endif +@@ -357,10 +358,6 @@ + comm_close(server_fd); + } else { + debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry)); +- fd_note(server_fd, storeUrl(fwdState->entry)); +- fd_table[server_fd].uses++; +- if (fd_table[server_fd].uses == 1 && fs->peer) +- peerConnectSucceded(fs->peer); + #if USE_SSL + if ((fs->peer && fs->peer->use_ssl) || + (!fs->peer && request->protocol == PROTO_HTTPS)) { +@@ -535,7 +532,7 @@ + hierarchyNote(&fwdState->request->hier, fs->code, fd_table[fd].ipaddr); + else + hierarchyNote(&fwdState->request->hier, fs->code, name); +- fwdConnectDone(fd, COMM_OK, fwdState); ++ fwdDispatch(fwdState); + return; + } else { + /* Discard the persistent connection to not cause +@@ -653,6 +650,7 @@ + StoreEntry *entry = fwdState->entry; + ErrorState *err; + int server_fd = fwdState->server_fd; ++ FwdServer *fs = fwdState->servers; + debug(17, 3) ("fwdDispatch: FD %d: Fetching '%s %s'\n", + fwdState->client_fd, + RequestMethodStr[request->method], +@@ -667,6 +665,10 @@ + assert(entry->ping_status != PING_WAITING); + assert(entry->lock_count); + EBIT_SET(entry->flags, ENTRY_DISPATCHED); ++ fd_note(server_fd, storeUrl(fwdState->entry)); ++ fd_table[server_fd].uses++; ++ if (fd_table[server_fd].uses == 1 && fs->peer) ++ peerConnectSucceded(fs->peer); + netdbPingSite(request->host); + entry->mem_obj->refresh_timestamp = squid_curtime; + if (fwdState->servers && (p = fwdState->servers->peer)) { diff --git a/www/squid30/Makefile b/www/squid30/Makefile index 8c91129..d82c16d 100644 --- a/www/squid30/Makefile +++ b/www/squid30/Makefile @@ -76,6 +76,7 @@ PORTNAME= squid PORTVERSION= 2.6.12 +PORTREVISION= 1 CATEGORIES= www MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ ftp://ftp.vistech.net/pub/squid/%SUBDIR%/ \ @@ -279,6 +280,10 @@ CONFIGURE_ARGS+= --enable-ssl \ --with-openssl="${OPENSSLBASE}" CFLAGS+= -I${OPENSSLINC} LDFLAGS+= -L${OPENSSLLIB} +.if defined(WITH_SQUID_ICAP) +IGNORE= is currently broken with both ICAP and SSL support enabled because of conflicting patches. This will be resolved for Squid 2.6.13 +.endif +EXTRA_PATCHES+= ${PATCHDIR}/extra-patch-changeset_11375 .endif .if defined(WITH_SQUID_PINGER) CONFIGURE_ARGS+= --enable-icmp diff --git a/www/squid30/files/extra-patch-changeset_11375 b/www/squid30/files/extra-patch-changeset_11375 new file mode 100644 index 0000000..ec49cb1 --- /dev/null +++ b/www/squid30/files/extra-patch-changeset_11375 @@ -0,0 +1,77 @@ +--------------------- +PatchSet 11375 +Date: 2007/04/17 09:35:17 +Author: hno +Branch: SQUID_2_6 +Tag: (none) +Log: +MFC: Bug #1814: SSL memory leak on persistent SSL connections + +Memory leak when attemting to reuse SSL-negotiated outgoing connections. + +Mainly affects reverse proxy setups using SSL-enabled peers. + +Merged changes: +2007/04/16 23:05:50 hno +8 -6 Bug #1814: SSL memory leak on persistent SSL connections + +Members: + src/forward.c:1.120.2.2->1.120.2.3 + +Note: this patchset was slightly modified for the FreeBSD port + to make it apply cleanly (one hunk removed, path information stripped) + +Index: squid/src/forward.c +=================================================================== +RCS file: /cvsroot/squid/squid/src/forward.c,v +retrieving revision 1.120.2.2 +retrieving revision 1.120.2.3 +diff -u -r1.120.2.2 -r1.120.2.3 +--- src/forward.c 26 Mar 2007 23:14:09 -0000 1.120.2.2 ++++ src/forward.c 17 Apr 2007 09:35:17 -0000 1.120.2.3 +@@ -319,6 +319,7 @@ + fd_table[fd].ssl = ssl; + fd_table[fd].read_method = &ssl_read_method; + fd_table[fd].write_method = &ssl_write_method; ++ fd_note(fd, "Negotiating SSL"); + fwdNegotiateSSL(fd, fwdState); + } + #endif +@@ -357,10 +358,6 @@ + comm_close(server_fd); + } else { + debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry)); +- fd_note(server_fd, storeUrl(fwdState->entry)); +- fd_table[server_fd].uses++; +- if (fd_table[server_fd].uses == 1 && fs->peer) +- peerConnectSucceded(fs->peer); + #if USE_SSL + if ((fs->peer && fs->peer->use_ssl) || + (!fs->peer && request->protocol == PROTO_HTTPS)) { +@@ -535,7 +532,7 @@ + hierarchyNote(&fwdState->request->hier, fs->code, fd_table[fd].ipaddr); + else + hierarchyNote(&fwdState->request->hier, fs->code, name); +- fwdConnectDone(fd, COMM_OK, fwdState); ++ fwdDispatch(fwdState); + return; + } else { + /* Discard the persistent connection to not cause +@@ -653,6 +650,7 @@ + StoreEntry *entry = fwdState->entry; + ErrorState *err; + int server_fd = fwdState->server_fd; ++ FwdServer *fs = fwdState->servers; + debug(17, 3) ("fwdDispatch: FD %d: Fetching '%s %s'\n", + fwdState->client_fd, + RequestMethodStr[request->method], +@@ -667,6 +665,10 @@ + assert(entry->ping_status != PING_WAITING); + assert(entry->lock_count); + EBIT_SET(entry->flags, ENTRY_DISPATCHED); ++ fd_note(server_fd, storeUrl(fwdState->entry)); ++ fd_table[server_fd].uses++; ++ if (fd_table[server_fd].uses == 1 && fs->peer) ++ peerConnectSucceded(fs->peer); + netdbPingSite(request->host); + entry->mem_obj->refresh_timestamp = squid_curtime; + if (fwdState->servers && (p = fwdState->servers->peer)) { diff --git a/www/squid31/Makefile b/www/squid31/Makefile index 8c91129..d82c16d 100644 --- a/www/squid31/Makefile +++ b/www/squid31/Makefile @@ -76,6 +76,7 @@ PORTNAME= squid PORTVERSION= 2.6.12 +PORTREVISION= 1 CATEGORIES= www MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ ftp://ftp.vistech.net/pub/squid/%SUBDIR%/ \ @@ -279,6 +280,10 @@ CONFIGURE_ARGS+= --enable-ssl \ --with-openssl="${OPENSSLBASE}" CFLAGS+= -I${OPENSSLINC} LDFLAGS+= -L${OPENSSLLIB} +.if defined(WITH_SQUID_ICAP) +IGNORE= is currently broken with both ICAP and SSL support enabled because of conflicting patches. This will be resolved for Squid 2.6.13 +.endif +EXTRA_PATCHES+= ${PATCHDIR}/extra-patch-changeset_11375 .endif .if defined(WITH_SQUID_PINGER) CONFIGURE_ARGS+= --enable-icmp diff --git a/www/squid31/files/extra-patch-changeset_11375 b/www/squid31/files/extra-patch-changeset_11375 new file mode 100644 index 0000000..ec49cb1 --- /dev/null +++ b/www/squid31/files/extra-patch-changeset_11375 @@ -0,0 +1,77 @@ +--------------------- +PatchSet 11375 +Date: 2007/04/17 09:35:17 +Author: hno +Branch: SQUID_2_6 +Tag: (none) +Log: +MFC: Bug #1814: SSL memory leak on persistent SSL connections + +Memory leak when attemting to reuse SSL-negotiated outgoing connections. + +Mainly affects reverse proxy setups using SSL-enabled peers. + +Merged changes: +2007/04/16 23:05:50 hno +8 -6 Bug #1814: SSL memory leak on persistent SSL connections + +Members: + src/forward.c:1.120.2.2->1.120.2.3 + +Note: this patchset was slightly modified for the FreeBSD port + to make it apply cleanly (one hunk removed, path information stripped) + +Index: squid/src/forward.c +=================================================================== +RCS file: /cvsroot/squid/squid/src/forward.c,v +retrieving revision 1.120.2.2 +retrieving revision 1.120.2.3 +diff -u -r1.120.2.2 -r1.120.2.3 +--- src/forward.c 26 Mar 2007 23:14:09 -0000 1.120.2.2 ++++ src/forward.c 17 Apr 2007 09:35:17 -0000 1.120.2.3 +@@ -319,6 +319,7 @@ + fd_table[fd].ssl = ssl; + fd_table[fd].read_method = &ssl_read_method; + fd_table[fd].write_method = &ssl_write_method; ++ fd_note(fd, "Negotiating SSL"); + fwdNegotiateSSL(fd, fwdState); + } + #endif +@@ -357,10 +358,6 @@ + comm_close(server_fd); + } else { + debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry)); +- fd_note(server_fd, storeUrl(fwdState->entry)); +- fd_table[server_fd].uses++; +- if (fd_table[server_fd].uses == 1 && fs->peer) +- peerConnectSucceded(fs->peer); + #if USE_SSL + if ((fs->peer && fs->peer->use_ssl) || + (!fs->peer && request->protocol == PROTO_HTTPS)) { +@@ -535,7 +532,7 @@ + hierarchyNote(&fwdState->request->hier, fs->code, fd_table[fd].ipaddr); + else + hierarchyNote(&fwdState->request->hier, fs->code, name); +- fwdConnectDone(fd, COMM_OK, fwdState); ++ fwdDispatch(fwdState); + return; + } else { + /* Discard the persistent connection to not cause +@@ -653,6 +650,7 @@ + StoreEntry *entry = fwdState->entry; + ErrorState *err; + int server_fd = fwdState->server_fd; ++ FwdServer *fs = fwdState->servers; + debug(17, 3) ("fwdDispatch: FD %d: Fetching '%s %s'\n", + fwdState->client_fd, + RequestMethodStr[request->method], +@@ -667,6 +665,10 @@ + assert(entry->ping_status != PING_WAITING); + assert(entry->lock_count); + EBIT_SET(entry->flags, ENTRY_DISPATCHED); ++ fd_note(server_fd, storeUrl(fwdState->entry)); ++ fd_table[server_fd].uses++; ++ if (fd_table[server_fd].uses == 1 && fs->peer) ++ peerConnectSucceded(fs->peer); + netdbPingSite(request->host); + entry->mem_obj->refresh_timestamp = squid_curtime; + if (fwdState->servers && (p = fwdState->servers->peer)) { |