- update to 2.6.STABLE13

- replace sunsite.auc.dk which is no longer serving Squid distfiles
   (cf fenner's distfile survey) and replace it with ftp.belnet.be.
   The Squid mirror list seems to have vanished (temporarily) during
   their website redesign spree but it used to be listed there as
   an official Belgian mirror.
 - remove files/extra-patch-changeset_11375 which was added in
   2.6.12_1, the fix is present in 2.6.STABLE13.
 - simplify the SQUID_KQUEUE parsing; Squid-2 will automatically enable
   kqueue(2) support and the new OPTIONS parser does no longer require
   .ifndef WITHOUT_* constructs
 - remove IGNORE for the combination of SQUID_SSL and SQUID_ICAP
 - (try to) adapt the ICAP-core patch to the changes in the Squid code base
 - add a +ICAP identifier to the internal Squid version string to help the
   Squid developers in identifying patched up Squid versions (some
   reported bugs were not really Squid but rather ICAP bugs it seems)

Submitted by:	Thomas-Martin Seck (maintainer)
PR:		ports/112751
This commit is contained in:
Xin LI 2007-05-25 01:52:13 +00:00
parent 9291d1b365
commit 4d4711e32e
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=191700
15 changed files with 99 additions and 363 deletions

View file

@ -75,20 +75,19 @@
# Enable experimental multicast notification of cachemisses.
PORTNAME= squid
PORTVERSION= 2.6.12
PORTREVISION= 1
PORTVERSION= 2.6.13
CATEGORIES= www
MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
ftp://ftp.vistech.net/pub/squid/%SUBDIR%/ \
ftp://mirrors.24-7-solutions.net/pub/squid/%SUBDIR%/ \
ftp://sunsite.auc.dk/pub/infosystems/squid/%SUBDIR%/ \
ftp://ftp.belnet.be/packages/squid/pub/%SUBDIR%/ \
ftp://ftp.nl.uu.net/pub/unix/www/squid/%SUBDIR%/ \
ftp://ftp.mirrorservice.org/sites/ftp.squid-cache.org/pub/%SUBDIR%/ \
ftp://ftp.ntua.gr/pub/www/Squid/%SUBDIR%/ \
ftp://ftp.ccs.neu.edu/pub/mirrors/squid.nlanr.net/pub/%SUBDIR%/ \
${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/www/squid/&,}
MASTER_SITE_SUBDIR= squid-2/STABLE
DISTNAME= squid-2.6.STABLE12
DISTNAME= squid-2.6.STABLE13
DIST_SUBDIR= squid2.6
PATCH_SITES= http://www.squid-cache.org/%SUBDIR%/ \
@ -280,10 +279,6 @@ CONFIGURE_ARGS+= --enable-ssl \
--with-openssl="${OPENSSLBASE}"
CFLAGS+= -I${OPENSSLINC}
LDFLAGS+= -L${OPENSSLLIB}
.if defined(WITH_SQUID_ICAP)
IGNORE= is currently broken with both ICAP and SSL support enabled because of conflicting patches. This will be resolved for Squid 2.6.13
.endif
EXTRA_PATCHES+= ${PATCHDIR}/extra-patch-changeset_11375
.endif
.if defined(WITH_SQUID_PINGER)
CONFIGURE_ARGS+= --enable-icmp
@ -337,7 +332,7 @@ IGNORE= pf available only in FreeBSD 5.3 and newer
# information.
.if defined(WITH_SQUID_IPFILTER)
.if (${OSVERSION} >= 470000 && ${OSVERSION} < 500000) || (${OSVERSION} > 500032 && ${OSVERSION} < 501101)
IGNORE= IPFilter headers are not part of the base system
IGNORE= the IPFilter headers are not part of the base system
.else
CONFIGURE_ARGS+= --enable-ipf-transparent
.endif
@ -351,9 +346,7 @@ EXTRA_PATCHES+= ${PATCHDIR}/icap-2.6-bootstrap.patch \
CONFIGURE_ARGS+= --enable-icap-support
error_files+= ERR_ICAP_FAILURE
.endif
.if !defined(WITHOUT_SQUID_KQUEUE)
CONFIGURE_ARGS+= --enable-kqueue
.else
.if defined(WITHOUT_SQUID_KQUEUE)
CONFIGURE_ARGS+= --disable-kqueue
.endif
.if defined(WITH_SQUID_LARGEFILE)

View file

@ -1,3 +1,3 @@
MD5 (squid2.6/squid-2.6.STABLE12.tar.bz2) = a830ccc95cb39cdfa5e5b773add0bb0d
SHA256 (squid2.6/squid-2.6.STABLE12.tar.bz2) = 7956fb449cc8ce7b3e01b6bc5dd1318810c11c0630ef7fa4989ae15dfabdb858
SIZE (squid2.6/squid-2.6.STABLE12.tar.bz2) = 1263085
MD5 (squid2.6/squid-2.6.STABLE13.tar.bz2) = fdc4ece264b47bab1b112d8f6f842b8b
SHA256 (squid2.6/squid-2.6.STABLE13.tar.bz2) = 894802914a63992d5c5cf7061e2f242fdefd09b4af79d84b217e977f9195fdad
SIZE (squid2.6/squid-2.6.STABLE13.tar.bz2) = 1263229

View file

@ -1,77 +0,0 @@
---------------------
PatchSet 11375
Date: 2007/04/17 09:35:17
Author: hno
Branch: SQUID_2_6
Tag: (none)
Log:
MFC: Bug #1814: SSL memory leak on persistent SSL connections
Memory leak when attemting to reuse SSL-negotiated outgoing connections.
Mainly affects reverse proxy setups using SSL-enabled peers.
Merged changes:
2007/04/16 23:05:50 hno +8 -6 Bug #1814: SSL memory leak on persistent SSL connections
Members:
src/forward.c:1.120.2.2->1.120.2.3
Note: this patchset was slightly modified for the FreeBSD port
to make it apply cleanly (one hunk removed, path information stripped)
Index: squid/src/forward.c
===================================================================
RCS file: /cvsroot/squid/squid/src/forward.c,v
retrieving revision 1.120.2.2
retrieving revision 1.120.2.3
diff -u -r1.120.2.2 -r1.120.2.3
--- src/forward.c 26 Mar 2007 23:14:09 -0000 1.120.2.2
+++ src/forward.c 17 Apr 2007 09:35:17 -0000 1.120.2.3
@@ -319,6 +319,7 @@
fd_table[fd].ssl = ssl;
fd_table[fd].read_method = &ssl_read_method;
fd_table[fd].write_method = &ssl_write_method;
+ fd_note(fd, "Negotiating SSL");
fwdNegotiateSSL(fd, fwdState);
}
#endif
@@ -357,10 +358,6 @@
comm_close(server_fd);
} else {
debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry));
- fd_note(server_fd, storeUrl(fwdState->entry));
- fd_table[server_fd].uses++;
- if (fd_table[server_fd].uses == 1 && fs->peer)
- peerConnectSucceded(fs->peer);
#if USE_SSL
if ((fs->peer && fs->peer->use_ssl) ||
(!fs->peer && request->protocol == PROTO_HTTPS)) {
@@ -535,7 +532,7 @@
hierarchyNote(&fwdState->request->hier, fs->code, fd_table[fd].ipaddr);
else
hierarchyNote(&fwdState->request->hier, fs->code, name);
- fwdConnectDone(fd, COMM_OK, fwdState);
+ fwdDispatch(fwdState);
return;
} else {
/* Discard the persistent connection to not cause
@@ -653,6 +650,7 @@
StoreEntry *entry = fwdState->entry;
ErrorState *err;
int server_fd = fwdState->server_fd;
+ FwdServer *fs = fwdState->servers;
debug(17, 3) ("fwdDispatch: FD %d: Fetching '%s %s'\n",
fwdState->client_fd,
RequestMethodStr[request->method],
@@ -667,6 +665,10 @@
assert(entry->ping_status != PING_WAITING);
assert(entry->lock_count);
EBIT_SET(entry->flags, ENTRY_DISPATCHED);
+ fd_note(server_fd, storeUrl(fwdState->entry));
+ fd_table[server_fd].uses++;
+ if (fd_table[server_fd].uses == 1 && fs->peer)
+ peerConnectSucceded(fs->peer);
netdbPingSite(request->host);
entry->mem_obj->refresh_timestamp = squid_curtime;
if (fwdState->servers && (p = fwdState->servers->peer)) {

View file

@ -7,10 +7,10 @@ ICAP patchset.
Please see icap-2.6-core.patch for further information.
Patch last updated: 2006-11-04
Patch last updated: 2007-05-17
--- configure.orig Sat Nov 4 16:28:41 2006
+++ configure Sat Nov 4 16:31:58 2006
--- configure.orig Thu May 17 13:34:14 2007
+++ configure Thu May 17 13:35:15 2007
@@ -312,7 +312,7 @@
# include <unistd.h>
#endif"
@ -28,6 +28,15 @@ Patch last updated: 2006-11-04
--enable-useragent-log Enable logging of User-Agent header
--enable-referer-log Enable logging of Referer header
--disable-wccp Disable Web Cache Coordination V1 Protocol
@@ -1818,7 +1818,7 @@
# Define the identity of the package.
PACKAGE='squid'
- VERSION='2.6.STABLE13'
+ VERSION='2.6.STABLE13+ICAP'
cat >>confdefs.h <<_ACEOF
@@ -3954,6 +3955,40 @@
fi;

View file

@ -13,14 +13,17 @@ at cvs.devel.squid-cache.org using
cvs diff -u -b -N -kk -rZ-icap-2_6_merge_HEAD -ricap-2_6
and manually adapted because of changes in the Squid code base.
See http://devel.squid-cache.org/icap/ for further information
about the ICAP client project.
Patch last updated: 2007-03-18
Patch last updated: 2007-05-17
Note: the patchset needs manual adjustments once in a while because
the ICAP developers develop against Squid-2-HEAD and not
Squid-2.6.
Note: ICAP client support for Squid-2 is no longer supported by
the Squid developers. This means that even known bugs in this
code will not be fixed. If you need ICAP support please try
Squid-3.
Index: errors/Azerbaijani/ERR_ICAP_FAILURE
===================================================================
@ -2644,25 +2647,9 @@ diff -p -u -b -r1.57 -r1.45.4.6
#endif /* SQUID_ENUMS_H */
Index: src/forward.c
===================================================================
RCS file: /cvsroot/squid/squid/src/forward.c,v
retrieving revision 1.43
retrieving revision 1.20.4.10
diff -p -u -b -r1.43 -r1.20.4.10
--- src/forward.c 10 Dec 2006 05:51:43 -0000 1.43
+++ src/forward.c 12 Dec 2006 22:49:45 -0000 1.20.4.10
@@ -358,8 +358,9 @@ fwdConnectDone(int server_fd, int status
} else {
debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry));
fd_note(server_fd, storeUrl(fwdState->entry));
- fd_table[server_fd].uses++;
- if (fd_table[server_fd].uses == 1 && fs->peer)
+ fd_table[server_fd].pconn.uses++;
+ fd_table[server_fd].pconn.type = 1;
+ if (fd_table[server_fd].pconn.uses ==1 && fs->peer)
peerConnectSucceded(fs->peer);
#if USE_SSL
if ((fs->peer && fs->peer->use_ssl) ||
@@ -941,6 +942,8 @@ fwdCheckDeferRead(int fd, void *data)
--- src/forward.c Tue Apr 17 11:35:17 2007
+++ src/forward.c Thu May 17 13:08:19 2007
@@ -943,6 +943,8 @@ fwdCheckDeferRead(int fd, void *data)
void
fwdFail(FwdState * fwdState, ErrorState * errorState)
{
@ -2671,7 +2658,7 @@ diff -p -u -b -r1.43 -r1.20.4.10
debug(17, 3) ("fwdFail: %s \"%s\"\n\t%s\n",
err_type_str[errorState->type],
httpStatusString(errorState->http_status),
@@ -979,6 +982,8 @@ fwdPeerClosed(int fd, void *data)
@@ -981,6 +983,8 @@ fwdPeerClosed(int fd, void *data)
void
fwdUnregister(int fd, FwdState * fwdState)
{
@ -2680,7 +2667,7 @@ diff -p -u -b -r1.43 -r1.20.4.10
debug(17, 3) ("fwdUnregister: %s\n", storeUrl(fwdState->entry));
assert(fd == fwdState->server_fd);
assert(fd > -1);
@@ -998,7 +1003,10 @@ fwdUnregister(int fd, FwdState * fwdStat
@@ -1000,7 +1004,10 @@ fwdUnregister(int fd, FwdState * fwdStat
void
fwdComplete(FwdState * fwdState)
{
@ -2969,7 +2956,7 @@ diff -p -u -b -r1.58 -r1.28.4.13
+ * the icap server, rather than put it into
+ * a StoreEntry
+ */
+ storeClientUnregisterAbort(httpState->entry);
+ storeUnregisterAbort(httpState->entry);
+ storeUnlockObject(httpState->entry);
+ /*
+ * create a bogus entry because the code assumes one is

View file

@ -75,20 +75,19 @@
# Enable experimental multicast notification of cachemisses.
PORTNAME= squid
PORTVERSION= 2.6.12
PORTREVISION= 1
PORTVERSION= 2.6.13
CATEGORIES= www
MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
ftp://ftp.vistech.net/pub/squid/%SUBDIR%/ \
ftp://mirrors.24-7-solutions.net/pub/squid/%SUBDIR%/ \
ftp://sunsite.auc.dk/pub/infosystems/squid/%SUBDIR%/ \
ftp://ftp.belnet.be/packages/squid/pub/%SUBDIR%/ \
ftp://ftp.nl.uu.net/pub/unix/www/squid/%SUBDIR%/ \
ftp://ftp.mirrorservice.org/sites/ftp.squid-cache.org/pub/%SUBDIR%/ \
ftp://ftp.ntua.gr/pub/www/Squid/%SUBDIR%/ \
ftp://ftp.ccs.neu.edu/pub/mirrors/squid.nlanr.net/pub/%SUBDIR%/ \
${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/www/squid/&,}
MASTER_SITE_SUBDIR= squid-2/STABLE
DISTNAME= squid-2.6.STABLE12
DISTNAME= squid-2.6.STABLE13
DIST_SUBDIR= squid2.6
PATCH_SITES= http://www.squid-cache.org/%SUBDIR%/ \
@ -280,10 +279,6 @@ CONFIGURE_ARGS+= --enable-ssl \
--with-openssl="${OPENSSLBASE}"
CFLAGS+= -I${OPENSSLINC}
LDFLAGS+= -L${OPENSSLLIB}
.if defined(WITH_SQUID_ICAP)
IGNORE= is currently broken with both ICAP and SSL support enabled because of conflicting patches. This will be resolved for Squid 2.6.13
.endif
EXTRA_PATCHES+= ${PATCHDIR}/extra-patch-changeset_11375
.endif
.if defined(WITH_SQUID_PINGER)
CONFIGURE_ARGS+= --enable-icmp
@ -337,7 +332,7 @@ IGNORE= pf available only in FreeBSD 5.3 and newer
# information.
.if defined(WITH_SQUID_IPFILTER)
.if (${OSVERSION} >= 470000 && ${OSVERSION} < 500000) || (${OSVERSION} > 500032 && ${OSVERSION} < 501101)
IGNORE= IPFilter headers are not part of the base system
IGNORE= the IPFilter headers are not part of the base system
.else
CONFIGURE_ARGS+= --enable-ipf-transparent
.endif
@ -351,9 +346,7 @@ EXTRA_PATCHES+= ${PATCHDIR}/icap-2.6-bootstrap.patch \
CONFIGURE_ARGS+= --enable-icap-support
error_files+= ERR_ICAP_FAILURE
.endif
.if !defined(WITHOUT_SQUID_KQUEUE)
CONFIGURE_ARGS+= --enable-kqueue
.else
.if defined(WITHOUT_SQUID_KQUEUE)
CONFIGURE_ARGS+= --disable-kqueue
.endif
.if defined(WITH_SQUID_LARGEFILE)

View file

@ -1,3 +1,3 @@
MD5 (squid2.6/squid-2.6.STABLE12.tar.bz2) = a830ccc95cb39cdfa5e5b773add0bb0d
SHA256 (squid2.6/squid-2.6.STABLE12.tar.bz2) = 7956fb449cc8ce7b3e01b6bc5dd1318810c11c0630ef7fa4989ae15dfabdb858
SIZE (squid2.6/squid-2.6.STABLE12.tar.bz2) = 1263085
MD5 (squid2.6/squid-2.6.STABLE13.tar.bz2) = fdc4ece264b47bab1b112d8f6f842b8b
SHA256 (squid2.6/squid-2.6.STABLE13.tar.bz2) = 894802914a63992d5c5cf7061e2f242fdefd09b4af79d84b217e977f9195fdad
SIZE (squid2.6/squid-2.6.STABLE13.tar.bz2) = 1263229

View file

@ -1,77 +0,0 @@
---------------------
PatchSet 11375
Date: 2007/04/17 09:35:17
Author: hno
Branch: SQUID_2_6
Tag: (none)
Log:
MFC: Bug #1814: SSL memory leak on persistent SSL connections
Memory leak when attemting to reuse SSL-negotiated outgoing connections.
Mainly affects reverse proxy setups using SSL-enabled peers.
Merged changes:
2007/04/16 23:05:50 hno +8 -6 Bug #1814: SSL memory leak on persistent SSL connections
Members:
src/forward.c:1.120.2.2->1.120.2.3
Note: this patchset was slightly modified for the FreeBSD port
to make it apply cleanly (one hunk removed, path information stripped)
Index: squid/src/forward.c
===================================================================
RCS file: /cvsroot/squid/squid/src/forward.c,v
retrieving revision 1.120.2.2
retrieving revision 1.120.2.3
diff -u -r1.120.2.2 -r1.120.2.3
--- src/forward.c 26 Mar 2007 23:14:09 -0000 1.120.2.2
+++ src/forward.c 17 Apr 2007 09:35:17 -0000 1.120.2.3
@@ -319,6 +319,7 @@
fd_table[fd].ssl = ssl;
fd_table[fd].read_method = &ssl_read_method;
fd_table[fd].write_method = &ssl_write_method;
+ fd_note(fd, "Negotiating SSL");
fwdNegotiateSSL(fd, fwdState);
}
#endif
@@ -357,10 +358,6 @@
comm_close(server_fd);
} else {
debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry));
- fd_note(server_fd, storeUrl(fwdState->entry));
- fd_table[server_fd].uses++;
- if (fd_table[server_fd].uses == 1 && fs->peer)
- peerConnectSucceded(fs->peer);
#if USE_SSL
if ((fs->peer && fs->peer->use_ssl) ||
(!fs->peer && request->protocol == PROTO_HTTPS)) {
@@ -535,7 +532,7 @@
hierarchyNote(&fwdState->request->hier, fs->code, fd_table[fd].ipaddr);
else
hierarchyNote(&fwdState->request->hier, fs->code, name);
- fwdConnectDone(fd, COMM_OK, fwdState);
+ fwdDispatch(fwdState);
return;
} else {
/* Discard the persistent connection to not cause
@@ -653,6 +650,7 @@
StoreEntry *entry = fwdState->entry;
ErrorState *err;
int server_fd = fwdState->server_fd;
+ FwdServer *fs = fwdState->servers;
debug(17, 3) ("fwdDispatch: FD %d: Fetching '%s %s'\n",
fwdState->client_fd,
RequestMethodStr[request->method],
@@ -667,6 +665,10 @@
assert(entry->ping_status != PING_WAITING);
assert(entry->lock_count);
EBIT_SET(entry->flags, ENTRY_DISPATCHED);
+ fd_note(server_fd, storeUrl(fwdState->entry));
+ fd_table[server_fd].uses++;
+ if (fd_table[server_fd].uses == 1 && fs->peer)
+ peerConnectSucceded(fs->peer);
netdbPingSite(request->host);
entry->mem_obj->refresh_timestamp = squid_curtime;
if (fwdState->servers && (p = fwdState->servers->peer)) {

View file

@ -7,10 +7,10 @@ ICAP patchset.
Please see icap-2.6-core.patch for further information.
Patch last updated: 2006-11-04
Patch last updated: 2007-05-17
--- configure.orig Sat Nov 4 16:28:41 2006
+++ configure Sat Nov 4 16:31:58 2006
--- configure.orig Thu May 17 13:34:14 2007
+++ configure Thu May 17 13:35:15 2007
@@ -312,7 +312,7 @@
# include <unistd.h>
#endif"
@ -28,6 +28,15 @@ Patch last updated: 2006-11-04
--enable-useragent-log Enable logging of User-Agent header
--enable-referer-log Enable logging of Referer header
--disable-wccp Disable Web Cache Coordination V1 Protocol
@@ -1818,7 +1818,7 @@
# Define the identity of the package.
PACKAGE='squid'
- VERSION='2.6.STABLE13'
+ VERSION='2.6.STABLE13+ICAP'
cat >>confdefs.h <<_ACEOF
@@ -3954,6 +3955,40 @@
fi;

View file

@ -13,14 +13,17 @@ at cvs.devel.squid-cache.org using
cvs diff -u -b -N -kk -rZ-icap-2_6_merge_HEAD -ricap-2_6
and manually adapted because of changes in the Squid code base.
See http://devel.squid-cache.org/icap/ for further information
about the ICAP client project.
Patch last updated: 2007-03-18
Patch last updated: 2007-05-17
Note: the patchset needs manual adjustments once in a while because
the ICAP developers develop against Squid-2-HEAD and not
Squid-2.6.
Note: ICAP client support for Squid-2 is no longer supported by
the Squid developers. This means that even known bugs in this
code will not be fixed. If you need ICAP support please try
Squid-3.
Index: errors/Azerbaijani/ERR_ICAP_FAILURE
===================================================================
@ -2644,25 +2647,9 @@ diff -p -u -b -r1.57 -r1.45.4.6
#endif /* SQUID_ENUMS_H */
Index: src/forward.c
===================================================================
RCS file: /cvsroot/squid/squid/src/forward.c,v
retrieving revision 1.43
retrieving revision 1.20.4.10
diff -p -u -b -r1.43 -r1.20.4.10
--- src/forward.c 10 Dec 2006 05:51:43 -0000 1.43
+++ src/forward.c 12 Dec 2006 22:49:45 -0000 1.20.4.10
@@ -358,8 +358,9 @@ fwdConnectDone(int server_fd, int status
} else {
debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry));
fd_note(server_fd, storeUrl(fwdState->entry));
- fd_table[server_fd].uses++;
- if (fd_table[server_fd].uses == 1 && fs->peer)
+ fd_table[server_fd].pconn.uses++;
+ fd_table[server_fd].pconn.type = 1;
+ if (fd_table[server_fd].pconn.uses ==1 && fs->peer)
peerConnectSucceded(fs->peer);
#if USE_SSL
if ((fs->peer && fs->peer->use_ssl) ||
@@ -941,6 +942,8 @@ fwdCheckDeferRead(int fd, void *data)
--- src/forward.c Tue Apr 17 11:35:17 2007
+++ src/forward.c Thu May 17 13:08:19 2007
@@ -943,6 +943,8 @@ fwdCheckDeferRead(int fd, void *data)
void
fwdFail(FwdState * fwdState, ErrorState * errorState)
{
@ -2671,7 +2658,7 @@ diff -p -u -b -r1.43 -r1.20.4.10
debug(17, 3) ("fwdFail: %s \"%s\"\n\t%s\n",
err_type_str[errorState->type],
httpStatusString(errorState->http_status),
@@ -979,6 +982,8 @@ fwdPeerClosed(int fd, void *data)
@@ -981,6 +983,8 @@ fwdPeerClosed(int fd, void *data)
void
fwdUnregister(int fd, FwdState * fwdState)
{
@ -2680,7 +2667,7 @@ diff -p -u -b -r1.43 -r1.20.4.10
debug(17, 3) ("fwdUnregister: %s\n", storeUrl(fwdState->entry));
assert(fd == fwdState->server_fd);
assert(fd > -1);
@@ -998,7 +1003,10 @@ fwdUnregister(int fd, FwdState * fwdStat
@@ -1000,7 +1004,10 @@ fwdUnregister(int fd, FwdState * fwdStat
void
fwdComplete(FwdState * fwdState)
{
@ -2969,7 +2956,7 @@ diff -p -u -b -r1.58 -r1.28.4.13
+ * the icap server, rather than put it into
+ * a StoreEntry
+ */
+ storeClientUnregisterAbort(httpState->entry);
+ storeUnregisterAbort(httpState->entry);
+ storeUnlockObject(httpState->entry);
+ /*
+ * create a bogus entry because the code assumes one is

View file

@ -75,20 +75,19 @@
# Enable experimental multicast notification of cachemisses.
PORTNAME= squid
PORTVERSION= 2.6.12
PORTREVISION= 1
PORTVERSION= 2.6.13
CATEGORIES= www
MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
ftp://ftp.vistech.net/pub/squid/%SUBDIR%/ \
ftp://mirrors.24-7-solutions.net/pub/squid/%SUBDIR%/ \
ftp://sunsite.auc.dk/pub/infosystems/squid/%SUBDIR%/ \
ftp://ftp.belnet.be/packages/squid/pub/%SUBDIR%/ \
ftp://ftp.nl.uu.net/pub/unix/www/squid/%SUBDIR%/ \
ftp://ftp.mirrorservice.org/sites/ftp.squid-cache.org/pub/%SUBDIR%/ \
ftp://ftp.ntua.gr/pub/www/Squid/%SUBDIR%/ \
ftp://ftp.ccs.neu.edu/pub/mirrors/squid.nlanr.net/pub/%SUBDIR%/ \
${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/www/squid/&,}
MASTER_SITE_SUBDIR= squid-2/STABLE
DISTNAME= squid-2.6.STABLE12
DISTNAME= squid-2.6.STABLE13
DIST_SUBDIR= squid2.6
PATCH_SITES= http://www.squid-cache.org/%SUBDIR%/ \
@ -280,10 +279,6 @@ CONFIGURE_ARGS+= --enable-ssl \
--with-openssl="${OPENSSLBASE}"
CFLAGS+= -I${OPENSSLINC}
LDFLAGS+= -L${OPENSSLLIB}
.if defined(WITH_SQUID_ICAP)
IGNORE= is currently broken with both ICAP and SSL support enabled because of conflicting patches. This will be resolved for Squid 2.6.13
.endif
EXTRA_PATCHES+= ${PATCHDIR}/extra-patch-changeset_11375
.endif
.if defined(WITH_SQUID_PINGER)
CONFIGURE_ARGS+= --enable-icmp
@ -337,7 +332,7 @@ IGNORE= pf available only in FreeBSD 5.3 and newer
# information.
.if defined(WITH_SQUID_IPFILTER)
.if (${OSVERSION} >= 470000 && ${OSVERSION} < 500000) || (${OSVERSION} > 500032 && ${OSVERSION} < 501101)
IGNORE= IPFilter headers are not part of the base system
IGNORE= the IPFilter headers are not part of the base system
.else
CONFIGURE_ARGS+= --enable-ipf-transparent
.endif
@ -351,9 +346,7 @@ EXTRA_PATCHES+= ${PATCHDIR}/icap-2.6-bootstrap.patch \
CONFIGURE_ARGS+= --enable-icap-support
error_files+= ERR_ICAP_FAILURE
.endif
.if !defined(WITHOUT_SQUID_KQUEUE)
CONFIGURE_ARGS+= --enable-kqueue
.else
.if defined(WITHOUT_SQUID_KQUEUE)
CONFIGURE_ARGS+= --disable-kqueue
.endif
.if defined(WITH_SQUID_LARGEFILE)

View file

@ -1,3 +1,3 @@
MD5 (squid2.6/squid-2.6.STABLE12.tar.bz2) = a830ccc95cb39cdfa5e5b773add0bb0d
SHA256 (squid2.6/squid-2.6.STABLE12.tar.bz2) = 7956fb449cc8ce7b3e01b6bc5dd1318810c11c0630ef7fa4989ae15dfabdb858
SIZE (squid2.6/squid-2.6.STABLE12.tar.bz2) = 1263085
MD5 (squid2.6/squid-2.6.STABLE13.tar.bz2) = fdc4ece264b47bab1b112d8f6f842b8b
SHA256 (squid2.6/squid-2.6.STABLE13.tar.bz2) = 894802914a63992d5c5cf7061e2f242fdefd09b4af79d84b217e977f9195fdad
SIZE (squid2.6/squid-2.6.STABLE13.tar.bz2) = 1263229

View file

@ -1,77 +0,0 @@
---------------------
PatchSet 11375
Date: 2007/04/17 09:35:17
Author: hno
Branch: SQUID_2_6
Tag: (none)
Log:
MFC: Bug #1814: SSL memory leak on persistent SSL connections
Memory leak when attemting to reuse SSL-negotiated outgoing connections.
Mainly affects reverse proxy setups using SSL-enabled peers.
Merged changes:
2007/04/16 23:05:50 hno +8 -6 Bug #1814: SSL memory leak on persistent SSL connections
Members:
src/forward.c:1.120.2.2->1.120.2.3
Note: this patchset was slightly modified for the FreeBSD port
to make it apply cleanly (one hunk removed, path information stripped)
Index: squid/src/forward.c
===================================================================
RCS file: /cvsroot/squid/squid/src/forward.c,v
retrieving revision 1.120.2.2
retrieving revision 1.120.2.3
diff -u -r1.120.2.2 -r1.120.2.3
--- src/forward.c 26 Mar 2007 23:14:09 -0000 1.120.2.2
+++ src/forward.c 17 Apr 2007 09:35:17 -0000 1.120.2.3
@@ -319,6 +319,7 @@
fd_table[fd].ssl = ssl;
fd_table[fd].read_method = &ssl_read_method;
fd_table[fd].write_method = &ssl_write_method;
+ fd_note(fd, "Negotiating SSL");
fwdNegotiateSSL(fd, fwdState);
}
#endif
@@ -357,10 +358,6 @@
comm_close(server_fd);
} else {
debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry));
- fd_note(server_fd, storeUrl(fwdState->entry));
- fd_table[server_fd].uses++;
- if (fd_table[server_fd].uses == 1 && fs->peer)
- peerConnectSucceded(fs->peer);
#if USE_SSL
if ((fs->peer && fs->peer->use_ssl) ||
(!fs->peer && request->protocol == PROTO_HTTPS)) {
@@ -535,7 +532,7 @@
hierarchyNote(&fwdState->request->hier, fs->code, fd_table[fd].ipaddr);
else
hierarchyNote(&fwdState->request->hier, fs->code, name);
- fwdConnectDone(fd, COMM_OK, fwdState);
+ fwdDispatch(fwdState);
return;
} else {
/* Discard the persistent connection to not cause
@@ -653,6 +650,7 @@
StoreEntry *entry = fwdState->entry;
ErrorState *err;
int server_fd = fwdState->server_fd;
+ FwdServer *fs = fwdState->servers;
debug(17, 3) ("fwdDispatch: FD %d: Fetching '%s %s'\n",
fwdState->client_fd,
RequestMethodStr[request->method],
@@ -667,6 +665,10 @@
assert(entry->ping_status != PING_WAITING);
assert(entry->lock_count);
EBIT_SET(entry->flags, ENTRY_DISPATCHED);
+ fd_note(server_fd, storeUrl(fwdState->entry));
+ fd_table[server_fd].uses++;
+ if (fd_table[server_fd].uses == 1 && fs->peer)
+ peerConnectSucceded(fs->peer);
netdbPingSite(request->host);
entry->mem_obj->refresh_timestamp = squid_curtime;
if (fwdState->servers && (p = fwdState->servers->peer)) {

View file

@ -7,10 +7,10 @@ ICAP patchset.
Please see icap-2.6-core.patch for further information.
Patch last updated: 2006-11-04
Patch last updated: 2007-05-17
--- configure.orig Sat Nov 4 16:28:41 2006
+++ configure Sat Nov 4 16:31:58 2006
--- configure.orig Thu May 17 13:34:14 2007
+++ configure Thu May 17 13:35:15 2007
@@ -312,7 +312,7 @@
# include <unistd.h>
#endif"
@ -28,6 +28,15 @@ Patch last updated: 2006-11-04
--enable-useragent-log Enable logging of User-Agent header
--enable-referer-log Enable logging of Referer header
--disable-wccp Disable Web Cache Coordination V1 Protocol
@@ -1818,7 +1818,7 @@
# Define the identity of the package.
PACKAGE='squid'
- VERSION='2.6.STABLE13'
+ VERSION='2.6.STABLE13+ICAP'
cat >>confdefs.h <<_ACEOF
@@ -3954,6 +3955,40 @@
fi;

View file

@ -13,14 +13,17 @@ at cvs.devel.squid-cache.org using
cvs diff -u -b -N -kk -rZ-icap-2_6_merge_HEAD -ricap-2_6
and manually adapted because of changes in the Squid code base.
See http://devel.squid-cache.org/icap/ for further information
about the ICAP client project.
Patch last updated: 2007-03-18
Patch last updated: 2007-05-17
Note: the patchset needs manual adjustments once in a while because
the ICAP developers develop against Squid-2-HEAD and not
Squid-2.6.
Note: ICAP client support for Squid-2 is no longer supported by
the Squid developers. This means that even known bugs in this
code will not be fixed. If you need ICAP support please try
Squid-3.
Index: errors/Azerbaijani/ERR_ICAP_FAILURE
===================================================================
@ -2644,25 +2647,9 @@ diff -p -u -b -r1.57 -r1.45.4.6
#endif /* SQUID_ENUMS_H */
Index: src/forward.c
===================================================================
RCS file: /cvsroot/squid/squid/src/forward.c,v
retrieving revision 1.43
retrieving revision 1.20.4.10
diff -p -u -b -r1.43 -r1.20.4.10
--- src/forward.c 10 Dec 2006 05:51:43 -0000 1.43
+++ src/forward.c 12 Dec 2006 22:49:45 -0000 1.20.4.10
@@ -358,8 +358,9 @@ fwdConnectDone(int server_fd, int status
} else {
debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry));
fd_note(server_fd, storeUrl(fwdState->entry));
- fd_table[server_fd].uses++;
- if (fd_table[server_fd].uses == 1 && fs->peer)
+ fd_table[server_fd].pconn.uses++;
+ fd_table[server_fd].pconn.type = 1;
+ if (fd_table[server_fd].pconn.uses ==1 && fs->peer)
peerConnectSucceded(fs->peer);
#if USE_SSL
if ((fs->peer && fs->peer->use_ssl) ||
@@ -941,6 +942,8 @@ fwdCheckDeferRead(int fd, void *data)
--- src/forward.c Tue Apr 17 11:35:17 2007
+++ src/forward.c Thu May 17 13:08:19 2007
@@ -943,6 +943,8 @@ fwdCheckDeferRead(int fd, void *data)
void
fwdFail(FwdState * fwdState, ErrorState * errorState)
{
@ -2671,7 +2658,7 @@ diff -p -u -b -r1.43 -r1.20.4.10
debug(17, 3) ("fwdFail: %s \"%s\"\n\t%s\n",
err_type_str[errorState->type],
httpStatusString(errorState->http_status),
@@ -979,6 +982,8 @@ fwdPeerClosed(int fd, void *data)
@@ -981,6 +983,8 @@ fwdPeerClosed(int fd, void *data)
void
fwdUnregister(int fd, FwdState * fwdState)
{
@ -2680,7 +2667,7 @@ diff -p -u -b -r1.43 -r1.20.4.10
debug(17, 3) ("fwdUnregister: %s\n", storeUrl(fwdState->entry));
assert(fd == fwdState->server_fd);
assert(fd > -1);
@@ -998,7 +1003,10 @@ fwdUnregister(int fd, FwdState * fwdStat
@@ -1000,7 +1004,10 @@ fwdUnregister(int fd, FwdState * fwdStat
void
fwdComplete(FwdState * fwdState)
{
@ -2969,7 +2956,7 @@ diff -p -u -b -r1.58 -r1.28.4.13
+ * the icap server, rather than put it into
+ * a StoreEntry
+ */
+ storeClientUnregisterAbort(httpState->entry);
+ storeUnregisterAbort(httpState->entry);
+ storeUnlockObject(httpState->entry);
+ /*
+ * create a bogus entry because the code assumes one is