- update to 2.6.STABLE13
- replace sunsite.auc.dk which is no longer serving Squid distfiles (cf fenner's distfile survey) and replace it with ftp.belnet.be. The Squid mirror list seems to have vanished (temporarily) during their website redesign spree but it used to be listed there as an official Belgian mirror. - remove files/extra-patch-changeset_11375 which was added in 2.6.12_1, the fix is present in 2.6.STABLE13. - simplify the SQUID_KQUEUE parsing; Squid-2 will automatically enable kqueue(2) support and the new OPTIONS parser does no longer require .ifndef WITHOUT_* constructs - remove IGNORE for the combination of SQUID_SSL and SQUID_ICAP - (try to) adapt the ICAP-core patch to the changes in the Squid code base - add a +ICAP identifier to the internal Squid version string to help the Squid developers in identifying patched up Squid versions (some reported bugs were not really Squid but rather ICAP bugs it seems) Submitted by: Thomas-Martin Seck (maintainer) PR: ports/112751
This commit is contained in:
parent
9291d1b365
commit
4d4711e32e
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=191700
15 changed files with 99 additions and 363 deletions
|
@ -75,20 +75,19 @@
|
|||
# Enable experimental multicast notification of cachemisses.
|
||||
|
||||
PORTNAME= squid
|
||||
PORTVERSION= 2.6.12
|
||||
PORTREVISION= 1
|
||||
PORTVERSION= 2.6.13
|
||||
CATEGORIES= www
|
||||
MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
|
||||
ftp://ftp.vistech.net/pub/squid/%SUBDIR%/ \
|
||||
ftp://mirrors.24-7-solutions.net/pub/squid/%SUBDIR%/ \
|
||||
ftp://sunsite.auc.dk/pub/infosystems/squid/%SUBDIR%/ \
|
||||
ftp://ftp.belnet.be/packages/squid/pub/%SUBDIR%/ \
|
||||
ftp://ftp.nl.uu.net/pub/unix/www/squid/%SUBDIR%/ \
|
||||
ftp://ftp.mirrorservice.org/sites/ftp.squid-cache.org/pub/%SUBDIR%/ \
|
||||
ftp://ftp.ntua.gr/pub/www/Squid/%SUBDIR%/ \
|
||||
ftp://ftp.ccs.neu.edu/pub/mirrors/squid.nlanr.net/pub/%SUBDIR%/ \
|
||||
${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/www/squid/&,}
|
||||
MASTER_SITE_SUBDIR= squid-2/STABLE
|
||||
DISTNAME= squid-2.6.STABLE12
|
||||
DISTNAME= squid-2.6.STABLE13
|
||||
DIST_SUBDIR= squid2.6
|
||||
|
||||
PATCH_SITES= http://www.squid-cache.org/%SUBDIR%/ \
|
||||
|
@ -280,10 +279,6 @@ CONFIGURE_ARGS+= --enable-ssl \
|
|||
--with-openssl="${OPENSSLBASE}"
|
||||
CFLAGS+= -I${OPENSSLINC}
|
||||
LDFLAGS+= -L${OPENSSLLIB}
|
||||
.if defined(WITH_SQUID_ICAP)
|
||||
IGNORE= is currently broken with both ICAP and SSL support enabled because of conflicting patches. This will be resolved for Squid 2.6.13
|
||||
.endif
|
||||
EXTRA_PATCHES+= ${PATCHDIR}/extra-patch-changeset_11375
|
||||
.endif
|
||||
.if defined(WITH_SQUID_PINGER)
|
||||
CONFIGURE_ARGS+= --enable-icmp
|
||||
|
@ -337,7 +332,7 @@ IGNORE= pf available only in FreeBSD 5.3 and newer
|
|||
# information.
|
||||
.if defined(WITH_SQUID_IPFILTER)
|
||||
.if (${OSVERSION} >= 470000 && ${OSVERSION} < 500000) || (${OSVERSION} > 500032 && ${OSVERSION} < 501101)
|
||||
IGNORE= IPFilter headers are not part of the base system
|
||||
IGNORE= the IPFilter headers are not part of the base system
|
||||
.else
|
||||
CONFIGURE_ARGS+= --enable-ipf-transparent
|
||||
.endif
|
||||
|
@ -351,9 +346,7 @@ EXTRA_PATCHES+= ${PATCHDIR}/icap-2.6-bootstrap.patch \
|
|||
CONFIGURE_ARGS+= --enable-icap-support
|
||||
error_files+= ERR_ICAP_FAILURE
|
||||
.endif
|
||||
.if !defined(WITHOUT_SQUID_KQUEUE)
|
||||
CONFIGURE_ARGS+= --enable-kqueue
|
||||
.else
|
||||
.if defined(WITHOUT_SQUID_KQUEUE)
|
||||
CONFIGURE_ARGS+= --disable-kqueue
|
||||
.endif
|
||||
.if defined(WITH_SQUID_LARGEFILE)
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
MD5 (squid2.6/squid-2.6.STABLE12.tar.bz2) = a830ccc95cb39cdfa5e5b773add0bb0d
|
||||
SHA256 (squid2.6/squid-2.6.STABLE12.tar.bz2) = 7956fb449cc8ce7b3e01b6bc5dd1318810c11c0630ef7fa4989ae15dfabdb858
|
||||
SIZE (squid2.6/squid-2.6.STABLE12.tar.bz2) = 1263085
|
||||
MD5 (squid2.6/squid-2.6.STABLE13.tar.bz2) = fdc4ece264b47bab1b112d8f6f842b8b
|
||||
SHA256 (squid2.6/squid-2.6.STABLE13.tar.bz2) = 894802914a63992d5c5cf7061e2f242fdefd09b4af79d84b217e977f9195fdad
|
||||
SIZE (squid2.6/squid-2.6.STABLE13.tar.bz2) = 1263229
|
||||
|
|
|
@ -1,77 +0,0 @@
|
|||
---------------------
|
||||
PatchSet 11375
|
||||
Date: 2007/04/17 09:35:17
|
||||
Author: hno
|
||||
Branch: SQUID_2_6
|
||||
Tag: (none)
|
||||
Log:
|
||||
MFC: Bug #1814: SSL memory leak on persistent SSL connections
|
||||
|
||||
Memory leak when attemting to reuse SSL-negotiated outgoing connections.
|
||||
|
||||
Mainly affects reverse proxy setups using SSL-enabled peers.
|
||||
|
||||
Merged changes:
|
||||
2007/04/16 23:05:50 hno +8 -6 Bug #1814: SSL memory leak on persistent SSL connections
|
||||
|
||||
Members:
|
||||
src/forward.c:1.120.2.2->1.120.2.3
|
||||
|
||||
Note: this patchset was slightly modified for the FreeBSD port
|
||||
to make it apply cleanly (one hunk removed, path information stripped)
|
||||
|
||||
Index: squid/src/forward.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/squid/squid/src/forward.c,v
|
||||
retrieving revision 1.120.2.2
|
||||
retrieving revision 1.120.2.3
|
||||
diff -u -r1.120.2.2 -r1.120.2.3
|
||||
--- src/forward.c 26 Mar 2007 23:14:09 -0000 1.120.2.2
|
||||
+++ src/forward.c 17 Apr 2007 09:35:17 -0000 1.120.2.3
|
||||
@@ -319,6 +319,7 @@
|
||||
fd_table[fd].ssl = ssl;
|
||||
fd_table[fd].read_method = &ssl_read_method;
|
||||
fd_table[fd].write_method = &ssl_write_method;
|
||||
+ fd_note(fd, "Negotiating SSL");
|
||||
fwdNegotiateSSL(fd, fwdState);
|
||||
}
|
||||
#endif
|
||||
@@ -357,10 +358,6 @@
|
||||
comm_close(server_fd);
|
||||
} else {
|
||||
debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry));
|
||||
- fd_note(server_fd, storeUrl(fwdState->entry));
|
||||
- fd_table[server_fd].uses++;
|
||||
- if (fd_table[server_fd].uses == 1 && fs->peer)
|
||||
- peerConnectSucceded(fs->peer);
|
||||
#if USE_SSL
|
||||
if ((fs->peer && fs->peer->use_ssl) ||
|
||||
(!fs->peer && request->protocol == PROTO_HTTPS)) {
|
||||
@@ -535,7 +532,7 @@
|
||||
hierarchyNote(&fwdState->request->hier, fs->code, fd_table[fd].ipaddr);
|
||||
else
|
||||
hierarchyNote(&fwdState->request->hier, fs->code, name);
|
||||
- fwdConnectDone(fd, COMM_OK, fwdState);
|
||||
+ fwdDispatch(fwdState);
|
||||
return;
|
||||
} else {
|
||||
/* Discard the persistent connection to not cause
|
||||
@@ -653,6 +650,7 @@
|
||||
StoreEntry *entry = fwdState->entry;
|
||||
ErrorState *err;
|
||||
int server_fd = fwdState->server_fd;
|
||||
+ FwdServer *fs = fwdState->servers;
|
||||
debug(17, 3) ("fwdDispatch: FD %d: Fetching '%s %s'\n",
|
||||
fwdState->client_fd,
|
||||
RequestMethodStr[request->method],
|
||||
@@ -667,6 +665,10 @@
|
||||
assert(entry->ping_status != PING_WAITING);
|
||||
assert(entry->lock_count);
|
||||
EBIT_SET(entry->flags, ENTRY_DISPATCHED);
|
||||
+ fd_note(server_fd, storeUrl(fwdState->entry));
|
||||
+ fd_table[server_fd].uses++;
|
||||
+ if (fd_table[server_fd].uses == 1 && fs->peer)
|
||||
+ peerConnectSucceded(fs->peer);
|
||||
netdbPingSite(request->host);
|
||||
entry->mem_obj->refresh_timestamp = squid_curtime;
|
||||
if (fwdState->servers && (p = fwdState->servers->peer)) {
|
|
@ -7,10 +7,10 @@ ICAP patchset.
|
|||
|
||||
Please see icap-2.6-core.patch for further information.
|
||||
|
||||
Patch last updated: 2006-11-04
|
||||
Patch last updated: 2007-05-17
|
||||
|
||||
--- configure.orig Sat Nov 4 16:28:41 2006
|
||||
+++ configure Sat Nov 4 16:31:58 2006
|
||||
--- configure.orig Thu May 17 13:34:14 2007
|
||||
+++ configure Thu May 17 13:35:15 2007
|
||||
@@ -312,7 +312,7 @@
|
||||
# include <unistd.h>
|
||||
#endif"
|
||||
|
@ -28,6 +28,15 @@ Patch last updated: 2006-11-04
|
|||
--enable-useragent-log Enable logging of User-Agent header
|
||||
--enable-referer-log Enable logging of Referer header
|
||||
--disable-wccp Disable Web Cache Coordination V1 Protocol
|
||||
@@ -1818,7 +1818,7 @@
|
||||
|
||||
# Define the identity of the package.
|
||||
PACKAGE='squid'
|
||||
- VERSION='2.6.STABLE13'
|
||||
+ VERSION='2.6.STABLE13+ICAP'
|
||||
|
||||
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
@@ -3954,6 +3955,40 @@
|
||||
fi;
|
||||
|
||||
|
|
|
@ -13,14 +13,17 @@ at cvs.devel.squid-cache.org using
|
|||
|
||||
cvs diff -u -b -N -kk -rZ-icap-2_6_merge_HEAD -ricap-2_6
|
||||
|
||||
and manually adapted because of changes in the Squid code base.
|
||||
|
||||
See http://devel.squid-cache.org/icap/ for further information
|
||||
about the ICAP client project.
|
||||
|
||||
Patch last updated: 2007-03-18
|
||||
Patch last updated: 2007-05-17
|
||||
|
||||
Note: the patchset needs manual adjustments once in a while because
|
||||
the ICAP developers develop against Squid-2-HEAD and not
|
||||
Squid-2.6.
|
||||
Note: ICAP client support for Squid-2 is no longer supported by
|
||||
the Squid developers. This means that even known bugs in this
|
||||
code will not be fixed. If you need ICAP support please try
|
||||
Squid-3.
|
||||
|
||||
Index: errors/Azerbaijani/ERR_ICAP_FAILURE
|
||||
===================================================================
|
||||
|
@ -2644,25 +2647,9 @@ diff -p -u -b -r1.57 -r1.45.4.6
|
|||
#endif /* SQUID_ENUMS_H */
|
||||
Index: src/forward.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/squid/squid/src/forward.c,v
|
||||
retrieving revision 1.43
|
||||
retrieving revision 1.20.4.10
|
||||
diff -p -u -b -r1.43 -r1.20.4.10
|
||||
--- src/forward.c 10 Dec 2006 05:51:43 -0000 1.43
|
||||
+++ src/forward.c 12 Dec 2006 22:49:45 -0000 1.20.4.10
|
||||
@@ -358,8 +358,9 @@ fwdConnectDone(int server_fd, int status
|
||||
} else {
|
||||
debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry));
|
||||
fd_note(server_fd, storeUrl(fwdState->entry));
|
||||
- fd_table[server_fd].uses++;
|
||||
- if (fd_table[server_fd].uses == 1 && fs->peer)
|
||||
+ fd_table[server_fd].pconn.uses++;
|
||||
+ fd_table[server_fd].pconn.type = 1;
|
||||
+ if (fd_table[server_fd].pconn.uses ==1 && fs->peer)
|
||||
peerConnectSucceded(fs->peer);
|
||||
#if USE_SSL
|
||||
if ((fs->peer && fs->peer->use_ssl) ||
|
||||
@@ -941,6 +942,8 @@ fwdCheckDeferRead(int fd, void *data)
|
||||
--- src/forward.c Tue Apr 17 11:35:17 2007
|
||||
+++ src/forward.c Thu May 17 13:08:19 2007
|
||||
@@ -943,6 +943,8 @@ fwdCheckDeferRead(int fd, void *data)
|
||||
void
|
||||
fwdFail(FwdState * fwdState, ErrorState * errorState)
|
||||
{
|
||||
|
@ -2671,7 +2658,7 @@ diff -p -u -b -r1.43 -r1.20.4.10
|
|||
debug(17, 3) ("fwdFail: %s \"%s\"\n\t%s\n",
|
||||
err_type_str[errorState->type],
|
||||
httpStatusString(errorState->http_status),
|
||||
@@ -979,6 +982,8 @@ fwdPeerClosed(int fd, void *data)
|
||||
@@ -981,6 +983,8 @@ fwdPeerClosed(int fd, void *data)
|
||||
void
|
||||
fwdUnregister(int fd, FwdState * fwdState)
|
||||
{
|
||||
|
@ -2680,7 +2667,7 @@ diff -p -u -b -r1.43 -r1.20.4.10
|
|||
debug(17, 3) ("fwdUnregister: %s\n", storeUrl(fwdState->entry));
|
||||
assert(fd == fwdState->server_fd);
|
||||
assert(fd > -1);
|
||||
@@ -998,7 +1003,10 @@ fwdUnregister(int fd, FwdState * fwdStat
|
||||
@@ -1000,7 +1004,10 @@ fwdUnregister(int fd, FwdState * fwdStat
|
||||
void
|
||||
fwdComplete(FwdState * fwdState)
|
||||
{
|
||||
|
@ -2969,7 +2956,7 @@ diff -p -u -b -r1.58 -r1.28.4.13
|
|||
+ * the icap server, rather than put it into
|
||||
+ * a StoreEntry
|
||||
+ */
|
||||
+ storeClientUnregisterAbort(httpState->entry);
|
||||
+ storeUnregisterAbort(httpState->entry);
|
||||
+ storeUnlockObject(httpState->entry);
|
||||
+ /*
|
||||
+ * create a bogus entry because the code assumes one is
|
||||
|
|
|
@ -75,20 +75,19 @@
|
|||
# Enable experimental multicast notification of cachemisses.
|
||||
|
||||
PORTNAME= squid
|
||||
PORTVERSION= 2.6.12
|
||||
PORTREVISION= 1
|
||||
PORTVERSION= 2.6.13
|
||||
CATEGORIES= www
|
||||
MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
|
||||
ftp://ftp.vistech.net/pub/squid/%SUBDIR%/ \
|
||||
ftp://mirrors.24-7-solutions.net/pub/squid/%SUBDIR%/ \
|
||||
ftp://sunsite.auc.dk/pub/infosystems/squid/%SUBDIR%/ \
|
||||
ftp://ftp.belnet.be/packages/squid/pub/%SUBDIR%/ \
|
||||
ftp://ftp.nl.uu.net/pub/unix/www/squid/%SUBDIR%/ \
|
||||
ftp://ftp.mirrorservice.org/sites/ftp.squid-cache.org/pub/%SUBDIR%/ \
|
||||
ftp://ftp.ntua.gr/pub/www/Squid/%SUBDIR%/ \
|
||||
ftp://ftp.ccs.neu.edu/pub/mirrors/squid.nlanr.net/pub/%SUBDIR%/ \
|
||||
${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/www/squid/&,}
|
||||
MASTER_SITE_SUBDIR= squid-2/STABLE
|
||||
DISTNAME= squid-2.6.STABLE12
|
||||
DISTNAME= squid-2.6.STABLE13
|
||||
DIST_SUBDIR= squid2.6
|
||||
|
||||
PATCH_SITES= http://www.squid-cache.org/%SUBDIR%/ \
|
||||
|
@ -280,10 +279,6 @@ CONFIGURE_ARGS+= --enable-ssl \
|
|||
--with-openssl="${OPENSSLBASE}"
|
||||
CFLAGS+= -I${OPENSSLINC}
|
||||
LDFLAGS+= -L${OPENSSLLIB}
|
||||
.if defined(WITH_SQUID_ICAP)
|
||||
IGNORE= is currently broken with both ICAP and SSL support enabled because of conflicting patches. This will be resolved for Squid 2.6.13
|
||||
.endif
|
||||
EXTRA_PATCHES+= ${PATCHDIR}/extra-patch-changeset_11375
|
||||
.endif
|
||||
.if defined(WITH_SQUID_PINGER)
|
||||
CONFIGURE_ARGS+= --enable-icmp
|
||||
|
@ -337,7 +332,7 @@ IGNORE= pf available only in FreeBSD 5.3 and newer
|
|||
# information.
|
||||
.if defined(WITH_SQUID_IPFILTER)
|
||||
.if (${OSVERSION} >= 470000 && ${OSVERSION} < 500000) || (${OSVERSION} > 500032 && ${OSVERSION} < 501101)
|
||||
IGNORE= IPFilter headers are not part of the base system
|
||||
IGNORE= the IPFilter headers are not part of the base system
|
||||
.else
|
||||
CONFIGURE_ARGS+= --enable-ipf-transparent
|
||||
.endif
|
||||
|
@ -351,9 +346,7 @@ EXTRA_PATCHES+= ${PATCHDIR}/icap-2.6-bootstrap.patch \
|
|||
CONFIGURE_ARGS+= --enable-icap-support
|
||||
error_files+= ERR_ICAP_FAILURE
|
||||
.endif
|
||||
.if !defined(WITHOUT_SQUID_KQUEUE)
|
||||
CONFIGURE_ARGS+= --enable-kqueue
|
||||
.else
|
||||
.if defined(WITHOUT_SQUID_KQUEUE)
|
||||
CONFIGURE_ARGS+= --disable-kqueue
|
||||
.endif
|
||||
.if defined(WITH_SQUID_LARGEFILE)
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
MD5 (squid2.6/squid-2.6.STABLE12.tar.bz2) = a830ccc95cb39cdfa5e5b773add0bb0d
|
||||
SHA256 (squid2.6/squid-2.6.STABLE12.tar.bz2) = 7956fb449cc8ce7b3e01b6bc5dd1318810c11c0630ef7fa4989ae15dfabdb858
|
||||
SIZE (squid2.6/squid-2.6.STABLE12.tar.bz2) = 1263085
|
||||
MD5 (squid2.6/squid-2.6.STABLE13.tar.bz2) = fdc4ece264b47bab1b112d8f6f842b8b
|
||||
SHA256 (squid2.6/squid-2.6.STABLE13.tar.bz2) = 894802914a63992d5c5cf7061e2f242fdefd09b4af79d84b217e977f9195fdad
|
||||
SIZE (squid2.6/squid-2.6.STABLE13.tar.bz2) = 1263229
|
||||
|
|
|
@ -1,77 +0,0 @@
|
|||
---------------------
|
||||
PatchSet 11375
|
||||
Date: 2007/04/17 09:35:17
|
||||
Author: hno
|
||||
Branch: SQUID_2_6
|
||||
Tag: (none)
|
||||
Log:
|
||||
MFC: Bug #1814: SSL memory leak on persistent SSL connections
|
||||
|
||||
Memory leak when attemting to reuse SSL-negotiated outgoing connections.
|
||||
|
||||
Mainly affects reverse proxy setups using SSL-enabled peers.
|
||||
|
||||
Merged changes:
|
||||
2007/04/16 23:05:50 hno +8 -6 Bug #1814: SSL memory leak on persistent SSL connections
|
||||
|
||||
Members:
|
||||
src/forward.c:1.120.2.2->1.120.2.3
|
||||
|
||||
Note: this patchset was slightly modified for the FreeBSD port
|
||||
to make it apply cleanly (one hunk removed, path information stripped)
|
||||
|
||||
Index: squid/src/forward.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/squid/squid/src/forward.c,v
|
||||
retrieving revision 1.120.2.2
|
||||
retrieving revision 1.120.2.3
|
||||
diff -u -r1.120.2.2 -r1.120.2.3
|
||||
--- src/forward.c 26 Mar 2007 23:14:09 -0000 1.120.2.2
|
||||
+++ src/forward.c 17 Apr 2007 09:35:17 -0000 1.120.2.3
|
||||
@@ -319,6 +319,7 @@
|
||||
fd_table[fd].ssl = ssl;
|
||||
fd_table[fd].read_method = &ssl_read_method;
|
||||
fd_table[fd].write_method = &ssl_write_method;
|
||||
+ fd_note(fd, "Negotiating SSL");
|
||||
fwdNegotiateSSL(fd, fwdState);
|
||||
}
|
||||
#endif
|
||||
@@ -357,10 +358,6 @@
|
||||
comm_close(server_fd);
|
||||
} else {
|
||||
debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry));
|
||||
- fd_note(server_fd, storeUrl(fwdState->entry));
|
||||
- fd_table[server_fd].uses++;
|
||||
- if (fd_table[server_fd].uses == 1 && fs->peer)
|
||||
- peerConnectSucceded(fs->peer);
|
||||
#if USE_SSL
|
||||
if ((fs->peer && fs->peer->use_ssl) ||
|
||||
(!fs->peer && request->protocol == PROTO_HTTPS)) {
|
||||
@@ -535,7 +532,7 @@
|
||||
hierarchyNote(&fwdState->request->hier, fs->code, fd_table[fd].ipaddr);
|
||||
else
|
||||
hierarchyNote(&fwdState->request->hier, fs->code, name);
|
||||
- fwdConnectDone(fd, COMM_OK, fwdState);
|
||||
+ fwdDispatch(fwdState);
|
||||
return;
|
||||
} else {
|
||||
/* Discard the persistent connection to not cause
|
||||
@@ -653,6 +650,7 @@
|
||||
StoreEntry *entry = fwdState->entry;
|
||||
ErrorState *err;
|
||||
int server_fd = fwdState->server_fd;
|
||||
+ FwdServer *fs = fwdState->servers;
|
||||
debug(17, 3) ("fwdDispatch: FD %d: Fetching '%s %s'\n",
|
||||
fwdState->client_fd,
|
||||
RequestMethodStr[request->method],
|
||||
@@ -667,6 +665,10 @@
|
||||
assert(entry->ping_status != PING_WAITING);
|
||||
assert(entry->lock_count);
|
||||
EBIT_SET(entry->flags, ENTRY_DISPATCHED);
|
||||
+ fd_note(server_fd, storeUrl(fwdState->entry));
|
||||
+ fd_table[server_fd].uses++;
|
||||
+ if (fd_table[server_fd].uses == 1 && fs->peer)
|
||||
+ peerConnectSucceded(fs->peer);
|
||||
netdbPingSite(request->host);
|
||||
entry->mem_obj->refresh_timestamp = squid_curtime;
|
||||
if (fwdState->servers && (p = fwdState->servers->peer)) {
|
|
@ -7,10 +7,10 @@ ICAP patchset.
|
|||
|
||||
Please see icap-2.6-core.patch for further information.
|
||||
|
||||
Patch last updated: 2006-11-04
|
||||
Patch last updated: 2007-05-17
|
||||
|
||||
--- configure.orig Sat Nov 4 16:28:41 2006
|
||||
+++ configure Sat Nov 4 16:31:58 2006
|
||||
--- configure.orig Thu May 17 13:34:14 2007
|
||||
+++ configure Thu May 17 13:35:15 2007
|
||||
@@ -312,7 +312,7 @@
|
||||
# include <unistd.h>
|
||||
#endif"
|
||||
|
@ -28,6 +28,15 @@ Patch last updated: 2006-11-04
|
|||
--enable-useragent-log Enable logging of User-Agent header
|
||||
--enable-referer-log Enable logging of Referer header
|
||||
--disable-wccp Disable Web Cache Coordination V1 Protocol
|
||||
@@ -1818,7 +1818,7 @@
|
||||
|
||||
# Define the identity of the package.
|
||||
PACKAGE='squid'
|
||||
- VERSION='2.6.STABLE13'
|
||||
+ VERSION='2.6.STABLE13+ICAP'
|
||||
|
||||
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
@@ -3954,6 +3955,40 @@
|
||||
fi;
|
||||
|
||||
|
|
|
@ -13,14 +13,17 @@ at cvs.devel.squid-cache.org using
|
|||
|
||||
cvs diff -u -b -N -kk -rZ-icap-2_6_merge_HEAD -ricap-2_6
|
||||
|
||||
and manually adapted because of changes in the Squid code base.
|
||||
|
||||
See http://devel.squid-cache.org/icap/ for further information
|
||||
about the ICAP client project.
|
||||
|
||||
Patch last updated: 2007-03-18
|
||||
Patch last updated: 2007-05-17
|
||||
|
||||
Note: the patchset needs manual adjustments once in a while because
|
||||
the ICAP developers develop against Squid-2-HEAD and not
|
||||
Squid-2.6.
|
||||
Note: ICAP client support for Squid-2 is no longer supported by
|
||||
the Squid developers. This means that even known bugs in this
|
||||
code will not be fixed. If you need ICAP support please try
|
||||
Squid-3.
|
||||
|
||||
Index: errors/Azerbaijani/ERR_ICAP_FAILURE
|
||||
===================================================================
|
||||
|
@ -2644,25 +2647,9 @@ diff -p -u -b -r1.57 -r1.45.4.6
|
|||
#endif /* SQUID_ENUMS_H */
|
||||
Index: src/forward.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/squid/squid/src/forward.c,v
|
||||
retrieving revision 1.43
|
||||
retrieving revision 1.20.4.10
|
||||
diff -p -u -b -r1.43 -r1.20.4.10
|
||||
--- src/forward.c 10 Dec 2006 05:51:43 -0000 1.43
|
||||
+++ src/forward.c 12 Dec 2006 22:49:45 -0000 1.20.4.10
|
||||
@@ -358,8 +358,9 @@ fwdConnectDone(int server_fd, int status
|
||||
} else {
|
||||
debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry));
|
||||
fd_note(server_fd, storeUrl(fwdState->entry));
|
||||
- fd_table[server_fd].uses++;
|
||||
- if (fd_table[server_fd].uses == 1 && fs->peer)
|
||||
+ fd_table[server_fd].pconn.uses++;
|
||||
+ fd_table[server_fd].pconn.type = 1;
|
||||
+ if (fd_table[server_fd].pconn.uses ==1 && fs->peer)
|
||||
peerConnectSucceded(fs->peer);
|
||||
#if USE_SSL
|
||||
if ((fs->peer && fs->peer->use_ssl) ||
|
||||
@@ -941,6 +942,8 @@ fwdCheckDeferRead(int fd, void *data)
|
||||
--- src/forward.c Tue Apr 17 11:35:17 2007
|
||||
+++ src/forward.c Thu May 17 13:08:19 2007
|
||||
@@ -943,6 +943,8 @@ fwdCheckDeferRead(int fd, void *data)
|
||||
void
|
||||
fwdFail(FwdState * fwdState, ErrorState * errorState)
|
||||
{
|
||||
|
@ -2671,7 +2658,7 @@ diff -p -u -b -r1.43 -r1.20.4.10
|
|||
debug(17, 3) ("fwdFail: %s \"%s\"\n\t%s\n",
|
||||
err_type_str[errorState->type],
|
||||
httpStatusString(errorState->http_status),
|
||||
@@ -979,6 +982,8 @@ fwdPeerClosed(int fd, void *data)
|
||||
@@ -981,6 +983,8 @@ fwdPeerClosed(int fd, void *data)
|
||||
void
|
||||
fwdUnregister(int fd, FwdState * fwdState)
|
||||
{
|
||||
|
@ -2680,7 +2667,7 @@ diff -p -u -b -r1.43 -r1.20.4.10
|
|||
debug(17, 3) ("fwdUnregister: %s\n", storeUrl(fwdState->entry));
|
||||
assert(fd == fwdState->server_fd);
|
||||
assert(fd > -1);
|
||||
@@ -998,7 +1003,10 @@ fwdUnregister(int fd, FwdState * fwdStat
|
||||
@@ -1000,7 +1004,10 @@ fwdUnregister(int fd, FwdState * fwdStat
|
||||
void
|
||||
fwdComplete(FwdState * fwdState)
|
||||
{
|
||||
|
@ -2969,7 +2956,7 @@ diff -p -u -b -r1.58 -r1.28.4.13
|
|||
+ * the icap server, rather than put it into
|
||||
+ * a StoreEntry
|
||||
+ */
|
||||
+ storeClientUnregisterAbort(httpState->entry);
|
||||
+ storeUnregisterAbort(httpState->entry);
|
||||
+ storeUnlockObject(httpState->entry);
|
||||
+ /*
|
||||
+ * create a bogus entry because the code assumes one is
|
||||
|
|
|
@ -75,20 +75,19 @@
|
|||
# Enable experimental multicast notification of cachemisses.
|
||||
|
||||
PORTNAME= squid
|
||||
PORTVERSION= 2.6.12
|
||||
PORTREVISION= 1
|
||||
PORTVERSION= 2.6.13
|
||||
CATEGORIES= www
|
||||
MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
|
||||
ftp://ftp.vistech.net/pub/squid/%SUBDIR%/ \
|
||||
ftp://mirrors.24-7-solutions.net/pub/squid/%SUBDIR%/ \
|
||||
ftp://sunsite.auc.dk/pub/infosystems/squid/%SUBDIR%/ \
|
||||
ftp://ftp.belnet.be/packages/squid/pub/%SUBDIR%/ \
|
||||
ftp://ftp.nl.uu.net/pub/unix/www/squid/%SUBDIR%/ \
|
||||
ftp://ftp.mirrorservice.org/sites/ftp.squid-cache.org/pub/%SUBDIR%/ \
|
||||
ftp://ftp.ntua.gr/pub/www/Squid/%SUBDIR%/ \
|
||||
ftp://ftp.ccs.neu.edu/pub/mirrors/squid.nlanr.net/pub/%SUBDIR%/ \
|
||||
${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/www/squid/&,}
|
||||
MASTER_SITE_SUBDIR= squid-2/STABLE
|
||||
DISTNAME= squid-2.6.STABLE12
|
||||
DISTNAME= squid-2.6.STABLE13
|
||||
DIST_SUBDIR= squid2.6
|
||||
|
||||
PATCH_SITES= http://www.squid-cache.org/%SUBDIR%/ \
|
||||
|
@ -280,10 +279,6 @@ CONFIGURE_ARGS+= --enable-ssl \
|
|||
--with-openssl="${OPENSSLBASE}"
|
||||
CFLAGS+= -I${OPENSSLINC}
|
||||
LDFLAGS+= -L${OPENSSLLIB}
|
||||
.if defined(WITH_SQUID_ICAP)
|
||||
IGNORE= is currently broken with both ICAP and SSL support enabled because of conflicting patches. This will be resolved for Squid 2.6.13
|
||||
.endif
|
||||
EXTRA_PATCHES+= ${PATCHDIR}/extra-patch-changeset_11375
|
||||
.endif
|
||||
.if defined(WITH_SQUID_PINGER)
|
||||
CONFIGURE_ARGS+= --enable-icmp
|
||||
|
@ -337,7 +332,7 @@ IGNORE= pf available only in FreeBSD 5.3 and newer
|
|||
# information.
|
||||
.if defined(WITH_SQUID_IPFILTER)
|
||||
.if (${OSVERSION} >= 470000 && ${OSVERSION} < 500000) || (${OSVERSION} > 500032 && ${OSVERSION} < 501101)
|
||||
IGNORE= IPFilter headers are not part of the base system
|
||||
IGNORE= the IPFilter headers are not part of the base system
|
||||
.else
|
||||
CONFIGURE_ARGS+= --enable-ipf-transparent
|
||||
.endif
|
||||
|
@ -351,9 +346,7 @@ EXTRA_PATCHES+= ${PATCHDIR}/icap-2.6-bootstrap.patch \
|
|||
CONFIGURE_ARGS+= --enable-icap-support
|
||||
error_files+= ERR_ICAP_FAILURE
|
||||
.endif
|
||||
.if !defined(WITHOUT_SQUID_KQUEUE)
|
||||
CONFIGURE_ARGS+= --enable-kqueue
|
||||
.else
|
||||
.if defined(WITHOUT_SQUID_KQUEUE)
|
||||
CONFIGURE_ARGS+= --disable-kqueue
|
||||
.endif
|
||||
.if defined(WITH_SQUID_LARGEFILE)
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
MD5 (squid2.6/squid-2.6.STABLE12.tar.bz2) = a830ccc95cb39cdfa5e5b773add0bb0d
|
||||
SHA256 (squid2.6/squid-2.6.STABLE12.tar.bz2) = 7956fb449cc8ce7b3e01b6bc5dd1318810c11c0630ef7fa4989ae15dfabdb858
|
||||
SIZE (squid2.6/squid-2.6.STABLE12.tar.bz2) = 1263085
|
||||
MD5 (squid2.6/squid-2.6.STABLE13.tar.bz2) = fdc4ece264b47bab1b112d8f6f842b8b
|
||||
SHA256 (squid2.6/squid-2.6.STABLE13.tar.bz2) = 894802914a63992d5c5cf7061e2f242fdefd09b4af79d84b217e977f9195fdad
|
||||
SIZE (squid2.6/squid-2.6.STABLE13.tar.bz2) = 1263229
|
||||
|
|
|
@ -1,77 +0,0 @@
|
|||
---------------------
|
||||
PatchSet 11375
|
||||
Date: 2007/04/17 09:35:17
|
||||
Author: hno
|
||||
Branch: SQUID_2_6
|
||||
Tag: (none)
|
||||
Log:
|
||||
MFC: Bug #1814: SSL memory leak on persistent SSL connections
|
||||
|
||||
Memory leak when attemting to reuse SSL-negotiated outgoing connections.
|
||||
|
||||
Mainly affects reverse proxy setups using SSL-enabled peers.
|
||||
|
||||
Merged changes:
|
||||
2007/04/16 23:05:50 hno +8 -6 Bug #1814: SSL memory leak on persistent SSL connections
|
||||
|
||||
Members:
|
||||
src/forward.c:1.120.2.2->1.120.2.3
|
||||
|
||||
Note: this patchset was slightly modified for the FreeBSD port
|
||||
to make it apply cleanly (one hunk removed, path information stripped)
|
||||
|
||||
Index: squid/src/forward.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/squid/squid/src/forward.c,v
|
||||
retrieving revision 1.120.2.2
|
||||
retrieving revision 1.120.2.3
|
||||
diff -u -r1.120.2.2 -r1.120.2.3
|
||||
--- src/forward.c 26 Mar 2007 23:14:09 -0000 1.120.2.2
|
||||
+++ src/forward.c 17 Apr 2007 09:35:17 -0000 1.120.2.3
|
||||
@@ -319,6 +319,7 @@
|
||||
fd_table[fd].ssl = ssl;
|
||||
fd_table[fd].read_method = &ssl_read_method;
|
||||
fd_table[fd].write_method = &ssl_write_method;
|
||||
+ fd_note(fd, "Negotiating SSL");
|
||||
fwdNegotiateSSL(fd, fwdState);
|
||||
}
|
||||
#endif
|
||||
@@ -357,10 +358,6 @@
|
||||
comm_close(server_fd);
|
||||
} else {
|
||||
debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry));
|
||||
- fd_note(server_fd, storeUrl(fwdState->entry));
|
||||
- fd_table[server_fd].uses++;
|
||||
- if (fd_table[server_fd].uses == 1 && fs->peer)
|
||||
- peerConnectSucceded(fs->peer);
|
||||
#if USE_SSL
|
||||
if ((fs->peer && fs->peer->use_ssl) ||
|
||||
(!fs->peer && request->protocol == PROTO_HTTPS)) {
|
||||
@@ -535,7 +532,7 @@
|
||||
hierarchyNote(&fwdState->request->hier, fs->code, fd_table[fd].ipaddr);
|
||||
else
|
||||
hierarchyNote(&fwdState->request->hier, fs->code, name);
|
||||
- fwdConnectDone(fd, COMM_OK, fwdState);
|
||||
+ fwdDispatch(fwdState);
|
||||
return;
|
||||
} else {
|
||||
/* Discard the persistent connection to not cause
|
||||
@@ -653,6 +650,7 @@
|
||||
StoreEntry *entry = fwdState->entry;
|
||||
ErrorState *err;
|
||||
int server_fd = fwdState->server_fd;
|
||||
+ FwdServer *fs = fwdState->servers;
|
||||
debug(17, 3) ("fwdDispatch: FD %d: Fetching '%s %s'\n",
|
||||
fwdState->client_fd,
|
||||
RequestMethodStr[request->method],
|
||||
@@ -667,6 +665,10 @@
|
||||
assert(entry->ping_status != PING_WAITING);
|
||||
assert(entry->lock_count);
|
||||
EBIT_SET(entry->flags, ENTRY_DISPATCHED);
|
||||
+ fd_note(server_fd, storeUrl(fwdState->entry));
|
||||
+ fd_table[server_fd].uses++;
|
||||
+ if (fd_table[server_fd].uses == 1 && fs->peer)
|
||||
+ peerConnectSucceded(fs->peer);
|
||||
netdbPingSite(request->host);
|
||||
entry->mem_obj->refresh_timestamp = squid_curtime;
|
||||
if (fwdState->servers && (p = fwdState->servers->peer)) {
|
|
@ -7,10 +7,10 @@ ICAP patchset.
|
|||
|
||||
Please see icap-2.6-core.patch for further information.
|
||||
|
||||
Patch last updated: 2006-11-04
|
||||
Patch last updated: 2007-05-17
|
||||
|
||||
--- configure.orig Sat Nov 4 16:28:41 2006
|
||||
+++ configure Sat Nov 4 16:31:58 2006
|
||||
--- configure.orig Thu May 17 13:34:14 2007
|
||||
+++ configure Thu May 17 13:35:15 2007
|
||||
@@ -312,7 +312,7 @@
|
||||
# include <unistd.h>
|
||||
#endif"
|
||||
|
@ -28,6 +28,15 @@ Patch last updated: 2006-11-04
|
|||
--enable-useragent-log Enable logging of User-Agent header
|
||||
--enable-referer-log Enable logging of Referer header
|
||||
--disable-wccp Disable Web Cache Coordination V1 Protocol
|
||||
@@ -1818,7 +1818,7 @@
|
||||
|
||||
# Define the identity of the package.
|
||||
PACKAGE='squid'
|
||||
- VERSION='2.6.STABLE13'
|
||||
+ VERSION='2.6.STABLE13+ICAP'
|
||||
|
||||
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
@@ -3954,6 +3955,40 @@
|
||||
fi;
|
||||
|
||||
|
|
|
@ -13,14 +13,17 @@ at cvs.devel.squid-cache.org using
|
|||
|
||||
cvs diff -u -b -N -kk -rZ-icap-2_6_merge_HEAD -ricap-2_6
|
||||
|
||||
and manually adapted because of changes in the Squid code base.
|
||||
|
||||
See http://devel.squid-cache.org/icap/ for further information
|
||||
about the ICAP client project.
|
||||
|
||||
Patch last updated: 2007-03-18
|
||||
Patch last updated: 2007-05-17
|
||||
|
||||
Note: the patchset needs manual adjustments once in a while because
|
||||
the ICAP developers develop against Squid-2-HEAD and not
|
||||
Squid-2.6.
|
||||
Note: ICAP client support for Squid-2 is no longer supported by
|
||||
the Squid developers. This means that even known bugs in this
|
||||
code will not be fixed. If you need ICAP support please try
|
||||
Squid-3.
|
||||
|
||||
Index: errors/Azerbaijani/ERR_ICAP_FAILURE
|
||||
===================================================================
|
||||
|
@ -2644,25 +2647,9 @@ diff -p -u -b -r1.57 -r1.45.4.6
|
|||
#endif /* SQUID_ENUMS_H */
|
||||
Index: src/forward.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/squid/squid/src/forward.c,v
|
||||
retrieving revision 1.43
|
||||
retrieving revision 1.20.4.10
|
||||
diff -p -u -b -r1.43 -r1.20.4.10
|
||||
--- src/forward.c 10 Dec 2006 05:51:43 -0000 1.43
|
||||
+++ src/forward.c 12 Dec 2006 22:49:45 -0000 1.20.4.10
|
||||
@@ -358,8 +358,9 @@ fwdConnectDone(int server_fd, int status
|
||||
} else {
|
||||
debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry));
|
||||
fd_note(server_fd, storeUrl(fwdState->entry));
|
||||
- fd_table[server_fd].uses++;
|
||||
- if (fd_table[server_fd].uses == 1 && fs->peer)
|
||||
+ fd_table[server_fd].pconn.uses++;
|
||||
+ fd_table[server_fd].pconn.type = 1;
|
||||
+ if (fd_table[server_fd].pconn.uses ==1 && fs->peer)
|
||||
peerConnectSucceded(fs->peer);
|
||||
#if USE_SSL
|
||||
if ((fs->peer && fs->peer->use_ssl) ||
|
||||
@@ -941,6 +942,8 @@ fwdCheckDeferRead(int fd, void *data)
|
||||
--- src/forward.c Tue Apr 17 11:35:17 2007
|
||||
+++ src/forward.c Thu May 17 13:08:19 2007
|
||||
@@ -943,6 +943,8 @@ fwdCheckDeferRead(int fd, void *data)
|
||||
void
|
||||
fwdFail(FwdState * fwdState, ErrorState * errorState)
|
||||
{
|
||||
|
@ -2671,7 +2658,7 @@ diff -p -u -b -r1.43 -r1.20.4.10
|
|||
debug(17, 3) ("fwdFail: %s \"%s\"\n\t%s\n",
|
||||
err_type_str[errorState->type],
|
||||
httpStatusString(errorState->http_status),
|
||||
@@ -979,6 +982,8 @@ fwdPeerClosed(int fd, void *data)
|
||||
@@ -981,6 +983,8 @@ fwdPeerClosed(int fd, void *data)
|
||||
void
|
||||
fwdUnregister(int fd, FwdState * fwdState)
|
||||
{
|
||||
|
@ -2680,7 +2667,7 @@ diff -p -u -b -r1.43 -r1.20.4.10
|
|||
debug(17, 3) ("fwdUnregister: %s\n", storeUrl(fwdState->entry));
|
||||
assert(fd == fwdState->server_fd);
|
||||
assert(fd > -1);
|
||||
@@ -998,7 +1003,10 @@ fwdUnregister(int fd, FwdState * fwdStat
|
||||
@@ -1000,7 +1004,10 @@ fwdUnregister(int fd, FwdState * fwdStat
|
||||
void
|
||||
fwdComplete(FwdState * fwdState)
|
||||
{
|
||||
|
@ -2969,7 +2956,7 @@ diff -p -u -b -r1.58 -r1.28.4.13
|
|||
+ * the icap server, rather than put it into
|
||||
+ * a StoreEntry
|
||||
+ */
|
||||
+ storeClientUnregisterAbort(httpState->entry);
|
||||
+ storeUnregisterAbort(httpState->entry);
|
||||
+ storeUnlockObject(httpState->entry);
|
||||
+ /*
|
||||
+ * create a bogus entry because the code assumes one is
|
||||
|
|
Loading…
Reference in a new issue