diff --git a/www/squid/Makefile b/www/squid/Makefile index d82c16d861c8..0a74f0971cb6 100644 --- a/www/squid/Makefile +++ b/www/squid/Makefile @@ -75,20 +75,19 @@ # Enable experimental multicast notification of cachemisses. PORTNAME= squid -PORTVERSION= 2.6.12 -PORTREVISION= 1 +PORTVERSION= 2.6.13 CATEGORIES= www MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ ftp://ftp.vistech.net/pub/squid/%SUBDIR%/ \ ftp://mirrors.24-7-solutions.net/pub/squid/%SUBDIR%/ \ - ftp://sunsite.auc.dk/pub/infosystems/squid/%SUBDIR%/ \ + ftp://ftp.belnet.be/packages/squid/pub/%SUBDIR%/ \ ftp://ftp.nl.uu.net/pub/unix/www/squid/%SUBDIR%/ \ ftp://ftp.mirrorservice.org/sites/ftp.squid-cache.org/pub/%SUBDIR%/ \ ftp://ftp.ntua.gr/pub/www/Squid/%SUBDIR%/ \ ftp://ftp.ccs.neu.edu/pub/mirrors/squid.nlanr.net/pub/%SUBDIR%/ \ ${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/www/squid/&,} MASTER_SITE_SUBDIR= squid-2/STABLE -DISTNAME= squid-2.6.STABLE12 +DISTNAME= squid-2.6.STABLE13 DIST_SUBDIR= squid2.6 PATCH_SITES= http://www.squid-cache.org/%SUBDIR%/ \ @@ -280,10 +279,6 @@ CONFIGURE_ARGS+= --enable-ssl \ --with-openssl="${OPENSSLBASE}" CFLAGS+= -I${OPENSSLINC} LDFLAGS+= -L${OPENSSLLIB} -.if defined(WITH_SQUID_ICAP) -IGNORE= is currently broken with both ICAP and SSL support enabled because of conflicting patches. This will be resolved for Squid 2.6.13 -.endif -EXTRA_PATCHES+= ${PATCHDIR}/extra-patch-changeset_11375 .endif .if defined(WITH_SQUID_PINGER) CONFIGURE_ARGS+= --enable-icmp @@ -337,7 +332,7 @@ IGNORE= pf available only in FreeBSD 5.3 and newer # information. .if defined(WITH_SQUID_IPFILTER) .if (${OSVERSION} >= 470000 && ${OSVERSION} < 500000) || (${OSVERSION} > 500032 && ${OSVERSION} < 501101) -IGNORE= IPFilter headers are not part of the base system +IGNORE= the IPFilter headers are not part of the base system .else CONFIGURE_ARGS+= --enable-ipf-transparent .endif @@ -351,9 +346,7 @@ EXTRA_PATCHES+= ${PATCHDIR}/icap-2.6-bootstrap.patch \ CONFIGURE_ARGS+= --enable-icap-support error_files+= ERR_ICAP_FAILURE .endif -.if !defined(WITHOUT_SQUID_KQUEUE) -CONFIGURE_ARGS+= --enable-kqueue -.else +.if defined(WITHOUT_SQUID_KQUEUE) CONFIGURE_ARGS+= --disable-kqueue .endif .if defined(WITH_SQUID_LARGEFILE) diff --git a/www/squid/distinfo b/www/squid/distinfo index fdd479f9b0d3..1620a5eb8f2c 100644 --- a/www/squid/distinfo +++ b/www/squid/distinfo @@ -1,3 +1,3 @@ -MD5 (squid2.6/squid-2.6.STABLE12.tar.bz2) = a830ccc95cb39cdfa5e5b773add0bb0d -SHA256 (squid2.6/squid-2.6.STABLE12.tar.bz2) = 7956fb449cc8ce7b3e01b6bc5dd1318810c11c0630ef7fa4989ae15dfabdb858 -SIZE (squid2.6/squid-2.6.STABLE12.tar.bz2) = 1263085 +MD5 (squid2.6/squid-2.6.STABLE13.tar.bz2) = fdc4ece264b47bab1b112d8f6f842b8b +SHA256 (squid2.6/squid-2.6.STABLE13.tar.bz2) = 894802914a63992d5c5cf7061e2f242fdefd09b4af79d84b217e977f9195fdad +SIZE (squid2.6/squid-2.6.STABLE13.tar.bz2) = 1263229 diff --git a/www/squid/files/extra-patch-changeset_11375 b/www/squid/files/extra-patch-changeset_11375 deleted file mode 100644 index ec49cb17fd92..000000000000 --- a/www/squid/files/extra-patch-changeset_11375 +++ /dev/null @@ -1,77 +0,0 @@ ---------------------- -PatchSet 11375 -Date: 2007/04/17 09:35:17 -Author: hno -Branch: SQUID_2_6 -Tag: (none) -Log: -MFC: Bug #1814: SSL memory leak on persistent SSL connections - -Memory leak when attemting to reuse SSL-negotiated outgoing connections. - -Mainly affects reverse proxy setups using SSL-enabled peers. - -Merged changes: -2007/04/16 23:05:50 hno +8 -6 Bug #1814: SSL memory leak on persistent SSL connections - -Members: - src/forward.c:1.120.2.2->1.120.2.3 - -Note: this patchset was slightly modified for the FreeBSD port - to make it apply cleanly (one hunk removed, path information stripped) - -Index: squid/src/forward.c -=================================================================== -RCS file: /cvsroot/squid/squid/src/forward.c,v -retrieving revision 1.120.2.2 -retrieving revision 1.120.2.3 -diff -u -r1.120.2.2 -r1.120.2.3 ---- src/forward.c 26 Mar 2007 23:14:09 -0000 1.120.2.2 -+++ src/forward.c 17 Apr 2007 09:35:17 -0000 1.120.2.3 -@@ -319,6 +319,7 @@ - fd_table[fd].ssl = ssl; - fd_table[fd].read_method = &ssl_read_method; - fd_table[fd].write_method = &ssl_write_method; -+ fd_note(fd, "Negotiating SSL"); - fwdNegotiateSSL(fd, fwdState); - } - #endif -@@ -357,10 +358,6 @@ - comm_close(server_fd); - } else { - debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry)); -- fd_note(server_fd, storeUrl(fwdState->entry)); -- fd_table[server_fd].uses++; -- if (fd_table[server_fd].uses == 1 && fs->peer) -- peerConnectSucceded(fs->peer); - #if USE_SSL - if ((fs->peer && fs->peer->use_ssl) || - (!fs->peer && request->protocol == PROTO_HTTPS)) { -@@ -535,7 +532,7 @@ - hierarchyNote(&fwdState->request->hier, fs->code, fd_table[fd].ipaddr); - else - hierarchyNote(&fwdState->request->hier, fs->code, name); -- fwdConnectDone(fd, COMM_OK, fwdState); -+ fwdDispatch(fwdState); - return; - } else { - /* Discard the persistent connection to not cause -@@ -653,6 +650,7 @@ - StoreEntry *entry = fwdState->entry; - ErrorState *err; - int server_fd = fwdState->server_fd; -+ FwdServer *fs = fwdState->servers; - debug(17, 3) ("fwdDispatch: FD %d: Fetching '%s %s'\n", - fwdState->client_fd, - RequestMethodStr[request->method], -@@ -667,6 +665,10 @@ - assert(entry->ping_status != PING_WAITING); - assert(entry->lock_count); - EBIT_SET(entry->flags, ENTRY_DISPATCHED); -+ fd_note(server_fd, storeUrl(fwdState->entry)); -+ fd_table[server_fd].uses++; -+ if (fd_table[server_fd].uses == 1 && fs->peer) -+ peerConnectSucceded(fs->peer); - netdbPingSite(request->host); - entry->mem_obj->refresh_timestamp = squid_curtime; - if (fwdState->servers && (p = fwdState->servers->peer)) { diff --git a/www/squid/files/icap-2.6-bootstrap.patch b/www/squid/files/icap-2.6-bootstrap.patch index e14fe0a1a1d8..97c7de88ce0a 100644 --- a/www/squid/files/icap-2.6-bootstrap.patch +++ b/www/squid/files/icap-2.6-bootstrap.patch @@ -7,10 +7,10 @@ ICAP patchset. Please see icap-2.6-core.patch for further information. -Patch last updated: 2006-11-04 +Patch last updated: 2007-05-17 ---- configure.orig Sat Nov 4 16:28:41 2006 -+++ configure Sat Nov 4 16:31:58 2006 +--- configure.orig Thu May 17 13:34:14 2007 ++++ configure Thu May 17 13:35:15 2007 @@ -312,7 +312,7 @@ # include #endif" @@ -28,6 +28,15 @@ Patch last updated: 2006-11-04 --enable-useragent-log Enable logging of User-Agent header --enable-referer-log Enable logging of Referer header --disable-wccp Disable Web Cache Coordination V1 Protocol +@@ -1818,7 +1818,7 @@ + + # Define the identity of the package. + PACKAGE='squid' +- VERSION='2.6.STABLE13' ++ VERSION='2.6.STABLE13+ICAP' + + + cat >>confdefs.h <<_ACEOF @@ -3954,6 +3955,40 @@ fi; diff --git a/www/squid/files/icap-2.6-core.patch b/www/squid/files/icap-2.6-core.patch index c3108f986e0c..50aafd4a4a51 100644 --- a/www/squid/files/icap-2.6-core.patch +++ b/www/squid/files/icap-2.6-core.patch @@ -13,14 +13,17 @@ at cvs.devel.squid-cache.org using cvs diff -u -b -N -kk -rZ-icap-2_6_merge_HEAD -ricap-2_6 +and manually adapted because of changes in the Squid code base. + See http://devel.squid-cache.org/icap/ for further information about the ICAP client project. -Patch last updated: 2007-03-18 +Patch last updated: 2007-05-17 -Note: the patchset needs manual adjustments once in a while because - the ICAP developers develop against Squid-2-HEAD and not - Squid-2.6. +Note: ICAP client support for Squid-2 is no longer supported by + the Squid developers. This means that even known bugs in this + code will not be fixed. If you need ICAP support please try + Squid-3. Index: errors/Azerbaijani/ERR_ICAP_FAILURE =================================================================== @@ -2644,25 +2647,9 @@ diff -p -u -b -r1.57 -r1.45.4.6 #endif /* SQUID_ENUMS_H */ Index: src/forward.c =================================================================== -RCS file: /cvsroot/squid/squid/src/forward.c,v -retrieving revision 1.43 -retrieving revision 1.20.4.10 -diff -p -u -b -r1.43 -r1.20.4.10 ---- src/forward.c 10 Dec 2006 05:51:43 -0000 1.43 -+++ src/forward.c 12 Dec 2006 22:49:45 -0000 1.20.4.10 -@@ -358,8 +358,9 @@ fwdConnectDone(int server_fd, int status - } else { - debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry)); - fd_note(server_fd, storeUrl(fwdState->entry)); -- fd_table[server_fd].uses++; -- if (fd_table[server_fd].uses == 1 && fs->peer) -+ fd_table[server_fd].pconn.uses++; -+ fd_table[server_fd].pconn.type = 1; -+ if (fd_table[server_fd].pconn.uses ==1 && fs->peer) - peerConnectSucceded(fs->peer); - #if USE_SSL - if ((fs->peer && fs->peer->use_ssl) || -@@ -941,6 +942,8 @@ fwdCheckDeferRead(int fd, void *data) +--- src/forward.c Tue Apr 17 11:35:17 2007 ++++ src/forward.c Thu May 17 13:08:19 2007 +@@ -943,6 +943,8 @@ fwdCheckDeferRead(int fd, void *data) void fwdFail(FwdState * fwdState, ErrorState * errorState) { @@ -2671,7 +2658,7 @@ diff -p -u -b -r1.43 -r1.20.4.10 debug(17, 3) ("fwdFail: %s \"%s\"\n\t%s\n", err_type_str[errorState->type], httpStatusString(errorState->http_status), -@@ -979,6 +982,8 @@ fwdPeerClosed(int fd, void *data) +@@ -981,6 +983,8 @@ fwdPeerClosed(int fd, void *data) void fwdUnregister(int fd, FwdState * fwdState) { @@ -2680,7 +2667,7 @@ diff -p -u -b -r1.43 -r1.20.4.10 debug(17, 3) ("fwdUnregister: %s\n", storeUrl(fwdState->entry)); assert(fd == fwdState->server_fd); assert(fd > -1); -@@ -998,7 +1003,10 @@ fwdUnregister(int fd, FwdState * fwdStat +@@ -1000,7 +1004,10 @@ fwdUnregister(int fd, FwdState * fwdStat void fwdComplete(FwdState * fwdState) { @@ -2969,7 +2956,7 @@ diff -p -u -b -r1.58 -r1.28.4.13 + * the icap server, rather than put it into + * a StoreEntry + */ -+ storeClientUnregisterAbort(httpState->entry); ++ storeUnregisterAbort(httpState->entry); + storeUnlockObject(httpState->entry); + /* + * create a bogus entry because the code assumes one is diff --git a/www/squid30/Makefile b/www/squid30/Makefile index d82c16d861c8..0a74f0971cb6 100644 --- a/www/squid30/Makefile +++ b/www/squid30/Makefile @@ -75,20 +75,19 @@ # Enable experimental multicast notification of cachemisses. PORTNAME= squid -PORTVERSION= 2.6.12 -PORTREVISION= 1 +PORTVERSION= 2.6.13 CATEGORIES= www MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ ftp://ftp.vistech.net/pub/squid/%SUBDIR%/ \ ftp://mirrors.24-7-solutions.net/pub/squid/%SUBDIR%/ \ - ftp://sunsite.auc.dk/pub/infosystems/squid/%SUBDIR%/ \ + ftp://ftp.belnet.be/packages/squid/pub/%SUBDIR%/ \ ftp://ftp.nl.uu.net/pub/unix/www/squid/%SUBDIR%/ \ ftp://ftp.mirrorservice.org/sites/ftp.squid-cache.org/pub/%SUBDIR%/ \ ftp://ftp.ntua.gr/pub/www/Squid/%SUBDIR%/ \ ftp://ftp.ccs.neu.edu/pub/mirrors/squid.nlanr.net/pub/%SUBDIR%/ \ ${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/www/squid/&,} MASTER_SITE_SUBDIR= squid-2/STABLE -DISTNAME= squid-2.6.STABLE12 +DISTNAME= squid-2.6.STABLE13 DIST_SUBDIR= squid2.6 PATCH_SITES= http://www.squid-cache.org/%SUBDIR%/ \ @@ -280,10 +279,6 @@ CONFIGURE_ARGS+= --enable-ssl \ --with-openssl="${OPENSSLBASE}" CFLAGS+= -I${OPENSSLINC} LDFLAGS+= -L${OPENSSLLIB} -.if defined(WITH_SQUID_ICAP) -IGNORE= is currently broken with both ICAP and SSL support enabled because of conflicting patches. This will be resolved for Squid 2.6.13 -.endif -EXTRA_PATCHES+= ${PATCHDIR}/extra-patch-changeset_11375 .endif .if defined(WITH_SQUID_PINGER) CONFIGURE_ARGS+= --enable-icmp @@ -337,7 +332,7 @@ IGNORE= pf available only in FreeBSD 5.3 and newer # information. .if defined(WITH_SQUID_IPFILTER) .if (${OSVERSION} >= 470000 && ${OSVERSION} < 500000) || (${OSVERSION} > 500032 && ${OSVERSION} < 501101) -IGNORE= IPFilter headers are not part of the base system +IGNORE= the IPFilter headers are not part of the base system .else CONFIGURE_ARGS+= --enable-ipf-transparent .endif @@ -351,9 +346,7 @@ EXTRA_PATCHES+= ${PATCHDIR}/icap-2.6-bootstrap.patch \ CONFIGURE_ARGS+= --enable-icap-support error_files+= ERR_ICAP_FAILURE .endif -.if !defined(WITHOUT_SQUID_KQUEUE) -CONFIGURE_ARGS+= --enable-kqueue -.else +.if defined(WITHOUT_SQUID_KQUEUE) CONFIGURE_ARGS+= --disable-kqueue .endif .if defined(WITH_SQUID_LARGEFILE) diff --git a/www/squid30/distinfo b/www/squid30/distinfo index fdd479f9b0d3..1620a5eb8f2c 100644 --- a/www/squid30/distinfo +++ b/www/squid30/distinfo @@ -1,3 +1,3 @@ -MD5 (squid2.6/squid-2.6.STABLE12.tar.bz2) = a830ccc95cb39cdfa5e5b773add0bb0d -SHA256 (squid2.6/squid-2.6.STABLE12.tar.bz2) = 7956fb449cc8ce7b3e01b6bc5dd1318810c11c0630ef7fa4989ae15dfabdb858 -SIZE (squid2.6/squid-2.6.STABLE12.tar.bz2) = 1263085 +MD5 (squid2.6/squid-2.6.STABLE13.tar.bz2) = fdc4ece264b47bab1b112d8f6f842b8b +SHA256 (squid2.6/squid-2.6.STABLE13.tar.bz2) = 894802914a63992d5c5cf7061e2f242fdefd09b4af79d84b217e977f9195fdad +SIZE (squid2.6/squid-2.6.STABLE13.tar.bz2) = 1263229 diff --git a/www/squid30/files/extra-patch-changeset_11375 b/www/squid30/files/extra-patch-changeset_11375 deleted file mode 100644 index ec49cb17fd92..000000000000 --- a/www/squid30/files/extra-patch-changeset_11375 +++ /dev/null @@ -1,77 +0,0 @@ ---------------------- -PatchSet 11375 -Date: 2007/04/17 09:35:17 -Author: hno -Branch: SQUID_2_6 -Tag: (none) -Log: -MFC: Bug #1814: SSL memory leak on persistent SSL connections - -Memory leak when attemting to reuse SSL-negotiated outgoing connections. - -Mainly affects reverse proxy setups using SSL-enabled peers. - -Merged changes: -2007/04/16 23:05:50 hno +8 -6 Bug #1814: SSL memory leak on persistent SSL connections - -Members: - src/forward.c:1.120.2.2->1.120.2.3 - -Note: this patchset was slightly modified for the FreeBSD port - to make it apply cleanly (one hunk removed, path information stripped) - -Index: squid/src/forward.c -=================================================================== -RCS file: /cvsroot/squid/squid/src/forward.c,v -retrieving revision 1.120.2.2 -retrieving revision 1.120.2.3 -diff -u -r1.120.2.2 -r1.120.2.3 ---- src/forward.c 26 Mar 2007 23:14:09 -0000 1.120.2.2 -+++ src/forward.c 17 Apr 2007 09:35:17 -0000 1.120.2.3 -@@ -319,6 +319,7 @@ - fd_table[fd].ssl = ssl; - fd_table[fd].read_method = &ssl_read_method; - fd_table[fd].write_method = &ssl_write_method; -+ fd_note(fd, "Negotiating SSL"); - fwdNegotiateSSL(fd, fwdState); - } - #endif -@@ -357,10 +358,6 @@ - comm_close(server_fd); - } else { - debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry)); -- fd_note(server_fd, storeUrl(fwdState->entry)); -- fd_table[server_fd].uses++; -- if (fd_table[server_fd].uses == 1 && fs->peer) -- peerConnectSucceded(fs->peer); - #if USE_SSL - if ((fs->peer && fs->peer->use_ssl) || - (!fs->peer && request->protocol == PROTO_HTTPS)) { -@@ -535,7 +532,7 @@ - hierarchyNote(&fwdState->request->hier, fs->code, fd_table[fd].ipaddr); - else - hierarchyNote(&fwdState->request->hier, fs->code, name); -- fwdConnectDone(fd, COMM_OK, fwdState); -+ fwdDispatch(fwdState); - return; - } else { - /* Discard the persistent connection to not cause -@@ -653,6 +650,7 @@ - StoreEntry *entry = fwdState->entry; - ErrorState *err; - int server_fd = fwdState->server_fd; -+ FwdServer *fs = fwdState->servers; - debug(17, 3) ("fwdDispatch: FD %d: Fetching '%s %s'\n", - fwdState->client_fd, - RequestMethodStr[request->method], -@@ -667,6 +665,10 @@ - assert(entry->ping_status != PING_WAITING); - assert(entry->lock_count); - EBIT_SET(entry->flags, ENTRY_DISPATCHED); -+ fd_note(server_fd, storeUrl(fwdState->entry)); -+ fd_table[server_fd].uses++; -+ if (fd_table[server_fd].uses == 1 && fs->peer) -+ peerConnectSucceded(fs->peer); - netdbPingSite(request->host); - entry->mem_obj->refresh_timestamp = squid_curtime; - if (fwdState->servers && (p = fwdState->servers->peer)) { diff --git a/www/squid30/files/icap-2.6-bootstrap.patch b/www/squid30/files/icap-2.6-bootstrap.patch index e14fe0a1a1d8..97c7de88ce0a 100644 --- a/www/squid30/files/icap-2.6-bootstrap.patch +++ b/www/squid30/files/icap-2.6-bootstrap.patch @@ -7,10 +7,10 @@ ICAP patchset. Please see icap-2.6-core.patch for further information. -Patch last updated: 2006-11-04 +Patch last updated: 2007-05-17 ---- configure.orig Sat Nov 4 16:28:41 2006 -+++ configure Sat Nov 4 16:31:58 2006 +--- configure.orig Thu May 17 13:34:14 2007 ++++ configure Thu May 17 13:35:15 2007 @@ -312,7 +312,7 @@ # include #endif" @@ -28,6 +28,15 @@ Patch last updated: 2006-11-04 --enable-useragent-log Enable logging of User-Agent header --enable-referer-log Enable logging of Referer header --disable-wccp Disable Web Cache Coordination V1 Protocol +@@ -1818,7 +1818,7 @@ + + # Define the identity of the package. + PACKAGE='squid' +- VERSION='2.6.STABLE13' ++ VERSION='2.6.STABLE13+ICAP' + + + cat >>confdefs.h <<_ACEOF @@ -3954,6 +3955,40 @@ fi; diff --git a/www/squid30/files/icap-2.6-core.patch b/www/squid30/files/icap-2.6-core.patch index c3108f986e0c..50aafd4a4a51 100644 --- a/www/squid30/files/icap-2.6-core.patch +++ b/www/squid30/files/icap-2.6-core.patch @@ -13,14 +13,17 @@ at cvs.devel.squid-cache.org using cvs diff -u -b -N -kk -rZ-icap-2_6_merge_HEAD -ricap-2_6 +and manually adapted because of changes in the Squid code base. + See http://devel.squid-cache.org/icap/ for further information about the ICAP client project. -Patch last updated: 2007-03-18 +Patch last updated: 2007-05-17 -Note: the patchset needs manual adjustments once in a while because - the ICAP developers develop against Squid-2-HEAD and not - Squid-2.6. +Note: ICAP client support for Squid-2 is no longer supported by + the Squid developers. This means that even known bugs in this + code will not be fixed. If you need ICAP support please try + Squid-3. Index: errors/Azerbaijani/ERR_ICAP_FAILURE =================================================================== @@ -2644,25 +2647,9 @@ diff -p -u -b -r1.57 -r1.45.4.6 #endif /* SQUID_ENUMS_H */ Index: src/forward.c =================================================================== -RCS file: /cvsroot/squid/squid/src/forward.c,v -retrieving revision 1.43 -retrieving revision 1.20.4.10 -diff -p -u -b -r1.43 -r1.20.4.10 ---- src/forward.c 10 Dec 2006 05:51:43 -0000 1.43 -+++ src/forward.c 12 Dec 2006 22:49:45 -0000 1.20.4.10 -@@ -358,8 +358,9 @@ fwdConnectDone(int server_fd, int status - } else { - debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry)); - fd_note(server_fd, storeUrl(fwdState->entry)); -- fd_table[server_fd].uses++; -- if (fd_table[server_fd].uses == 1 && fs->peer) -+ fd_table[server_fd].pconn.uses++; -+ fd_table[server_fd].pconn.type = 1; -+ if (fd_table[server_fd].pconn.uses ==1 && fs->peer) - peerConnectSucceded(fs->peer); - #if USE_SSL - if ((fs->peer && fs->peer->use_ssl) || -@@ -941,6 +942,8 @@ fwdCheckDeferRead(int fd, void *data) +--- src/forward.c Tue Apr 17 11:35:17 2007 ++++ src/forward.c Thu May 17 13:08:19 2007 +@@ -943,6 +943,8 @@ fwdCheckDeferRead(int fd, void *data) void fwdFail(FwdState * fwdState, ErrorState * errorState) { @@ -2671,7 +2658,7 @@ diff -p -u -b -r1.43 -r1.20.4.10 debug(17, 3) ("fwdFail: %s \"%s\"\n\t%s\n", err_type_str[errorState->type], httpStatusString(errorState->http_status), -@@ -979,6 +982,8 @@ fwdPeerClosed(int fd, void *data) +@@ -981,6 +983,8 @@ fwdPeerClosed(int fd, void *data) void fwdUnregister(int fd, FwdState * fwdState) { @@ -2680,7 +2667,7 @@ diff -p -u -b -r1.43 -r1.20.4.10 debug(17, 3) ("fwdUnregister: %s\n", storeUrl(fwdState->entry)); assert(fd == fwdState->server_fd); assert(fd > -1); -@@ -998,7 +1003,10 @@ fwdUnregister(int fd, FwdState * fwdStat +@@ -1000,7 +1004,10 @@ fwdUnregister(int fd, FwdState * fwdStat void fwdComplete(FwdState * fwdState) { @@ -2969,7 +2956,7 @@ diff -p -u -b -r1.58 -r1.28.4.13 + * the icap server, rather than put it into + * a StoreEntry + */ -+ storeClientUnregisterAbort(httpState->entry); ++ storeUnregisterAbort(httpState->entry); + storeUnlockObject(httpState->entry); + /* + * create a bogus entry because the code assumes one is diff --git a/www/squid31/Makefile b/www/squid31/Makefile index d82c16d861c8..0a74f0971cb6 100644 --- a/www/squid31/Makefile +++ b/www/squid31/Makefile @@ -75,20 +75,19 @@ # Enable experimental multicast notification of cachemisses. PORTNAME= squid -PORTVERSION= 2.6.12 -PORTREVISION= 1 +PORTVERSION= 2.6.13 CATEGORIES= www MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ ftp://ftp.vistech.net/pub/squid/%SUBDIR%/ \ ftp://mirrors.24-7-solutions.net/pub/squid/%SUBDIR%/ \ - ftp://sunsite.auc.dk/pub/infosystems/squid/%SUBDIR%/ \ + ftp://ftp.belnet.be/packages/squid/pub/%SUBDIR%/ \ ftp://ftp.nl.uu.net/pub/unix/www/squid/%SUBDIR%/ \ ftp://ftp.mirrorservice.org/sites/ftp.squid-cache.org/pub/%SUBDIR%/ \ ftp://ftp.ntua.gr/pub/www/Squid/%SUBDIR%/ \ ftp://ftp.ccs.neu.edu/pub/mirrors/squid.nlanr.net/pub/%SUBDIR%/ \ ${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/www/squid/&,} MASTER_SITE_SUBDIR= squid-2/STABLE -DISTNAME= squid-2.6.STABLE12 +DISTNAME= squid-2.6.STABLE13 DIST_SUBDIR= squid2.6 PATCH_SITES= http://www.squid-cache.org/%SUBDIR%/ \ @@ -280,10 +279,6 @@ CONFIGURE_ARGS+= --enable-ssl \ --with-openssl="${OPENSSLBASE}" CFLAGS+= -I${OPENSSLINC} LDFLAGS+= -L${OPENSSLLIB} -.if defined(WITH_SQUID_ICAP) -IGNORE= is currently broken with both ICAP and SSL support enabled because of conflicting patches. This will be resolved for Squid 2.6.13 -.endif -EXTRA_PATCHES+= ${PATCHDIR}/extra-patch-changeset_11375 .endif .if defined(WITH_SQUID_PINGER) CONFIGURE_ARGS+= --enable-icmp @@ -337,7 +332,7 @@ IGNORE= pf available only in FreeBSD 5.3 and newer # information. .if defined(WITH_SQUID_IPFILTER) .if (${OSVERSION} >= 470000 && ${OSVERSION} < 500000) || (${OSVERSION} > 500032 && ${OSVERSION} < 501101) -IGNORE= IPFilter headers are not part of the base system +IGNORE= the IPFilter headers are not part of the base system .else CONFIGURE_ARGS+= --enable-ipf-transparent .endif @@ -351,9 +346,7 @@ EXTRA_PATCHES+= ${PATCHDIR}/icap-2.6-bootstrap.patch \ CONFIGURE_ARGS+= --enable-icap-support error_files+= ERR_ICAP_FAILURE .endif -.if !defined(WITHOUT_SQUID_KQUEUE) -CONFIGURE_ARGS+= --enable-kqueue -.else +.if defined(WITHOUT_SQUID_KQUEUE) CONFIGURE_ARGS+= --disable-kqueue .endif .if defined(WITH_SQUID_LARGEFILE) diff --git a/www/squid31/distinfo b/www/squid31/distinfo index fdd479f9b0d3..1620a5eb8f2c 100644 --- a/www/squid31/distinfo +++ b/www/squid31/distinfo @@ -1,3 +1,3 @@ -MD5 (squid2.6/squid-2.6.STABLE12.tar.bz2) = a830ccc95cb39cdfa5e5b773add0bb0d -SHA256 (squid2.6/squid-2.6.STABLE12.tar.bz2) = 7956fb449cc8ce7b3e01b6bc5dd1318810c11c0630ef7fa4989ae15dfabdb858 -SIZE (squid2.6/squid-2.6.STABLE12.tar.bz2) = 1263085 +MD5 (squid2.6/squid-2.6.STABLE13.tar.bz2) = fdc4ece264b47bab1b112d8f6f842b8b +SHA256 (squid2.6/squid-2.6.STABLE13.tar.bz2) = 894802914a63992d5c5cf7061e2f242fdefd09b4af79d84b217e977f9195fdad +SIZE (squid2.6/squid-2.6.STABLE13.tar.bz2) = 1263229 diff --git a/www/squid31/files/extra-patch-changeset_11375 b/www/squid31/files/extra-patch-changeset_11375 deleted file mode 100644 index ec49cb17fd92..000000000000 --- a/www/squid31/files/extra-patch-changeset_11375 +++ /dev/null @@ -1,77 +0,0 @@ ---------------------- -PatchSet 11375 -Date: 2007/04/17 09:35:17 -Author: hno -Branch: SQUID_2_6 -Tag: (none) -Log: -MFC: Bug #1814: SSL memory leak on persistent SSL connections - -Memory leak when attemting to reuse SSL-negotiated outgoing connections. - -Mainly affects reverse proxy setups using SSL-enabled peers. - -Merged changes: -2007/04/16 23:05:50 hno +8 -6 Bug #1814: SSL memory leak on persistent SSL connections - -Members: - src/forward.c:1.120.2.2->1.120.2.3 - -Note: this patchset was slightly modified for the FreeBSD port - to make it apply cleanly (one hunk removed, path information stripped) - -Index: squid/src/forward.c -=================================================================== -RCS file: /cvsroot/squid/squid/src/forward.c,v -retrieving revision 1.120.2.2 -retrieving revision 1.120.2.3 -diff -u -r1.120.2.2 -r1.120.2.3 ---- src/forward.c 26 Mar 2007 23:14:09 -0000 1.120.2.2 -+++ src/forward.c 17 Apr 2007 09:35:17 -0000 1.120.2.3 -@@ -319,6 +319,7 @@ - fd_table[fd].ssl = ssl; - fd_table[fd].read_method = &ssl_read_method; - fd_table[fd].write_method = &ssl_write_method; -+ fd_note(fd, "Negotiating SSL"); - fwdNegotiateSSL(fd, fwdState); - } - #endif -@@ -357,10 +358,6 @@ - comm_close(server_fd); - } else { - debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry)); -- fd_note(server_fd, storeUrl(fwdState->entry)); -- fd_table[server_fd].uses++; -- if (fd_table[server_fd].uses == 1 && fs->peer) -- peerConnectSucceded(fs->peer); - #if USE_SSL - if ((fs->peer && fs->peer->use_ssl) || - (!fs->peer && request->protocol == PROTO_HTTPS)) { -@@ -535,7 +532,7 @@ - hierarchyNote(&fwdState->request->hier, fs->code, fd_table[fd].ipaddr); - else - hierarchyNote(&fwdState->request->hier, fs->code, name); -- fwdConnectDone(fd, COMM_OK, fwdState); -+ fwdDispatch(fwdState); - return; - } else { - /* Discard the persistent connection to not cause -@@ -653,6 +650,7 @@ - StoreEntry *entry = fwdState->entry; - ErrorState *err; - int server_fd = fwdState->server_fd; -+ FwdServer *fs = fwdState->servers; - debug(17, 3) ("fwdDispatch: FD %d: Fetching '%s %s'\n", - fwdState->client_fd, - RequestMethodStr[request->method], -@@ -667,6 +665,10 @@ - assert(entry->ping_status != PING_WAITING); - assert(entry->lock_count); - EBIT_SET(entry->flags, ENTRY_DISPATCHED); -+ fd_note(server_fd, storeUrl(fwdState->entry)); -+ fd_table[server_fd].uses++; -+ if (fd_table[server_fd].uses == 1 && fs->peer) -+ peerConnectSucceded(fs->peer); - netdbPingSite(request->host); - entry->mem_obj->refresh_timestamp = squid_curtime; - if (fwdState->servers && (p = fwdState->servers->peer)) { diff --git a/www/squid31/files/icap-2.6-bootstrap.patch b/www/squid31/files/icap-2.6-bootstrap.patch index e14fe0a1a1d8..97c7de88ce0a 100644 --- a/www/squid31/files/icap-2.6-bootstrap.patch +++ b/www/squid31/files/icap-2.6-bootstrap.patch @@ -7,10 +7,10 @@ ICAP patchset. Please see icap-2.6-core.patch for further information. -Patch last updated: 2006-11-04 +Patch last updated: 2007-05-17 ---- configure.orig Sat Nov 4 16:28:41 2006 -+++ configure Sat Nov 4 16:31:58 2006 +--- configure.orig Thu May 17 13:34:14 2007 ++++ configure Thu May 17 13:35:15 2007 @@ -312,7 +312,7 @@ # include #endif" @@ -28,6 +28,15 @@ Patch last updated: 2006-11-04 --enable-useragent-log Enable logging of User-Agent header --enable-referer-log Enable logging of Referer header --disable-wccp Disable Web Cache Coordination V1 Protocol +@@ -1818,7 +1818,7 @@ + + # Define the identity of the package. + PACKAGE='squid' +- VERSION='2.6.STABLE13' ++ VERSION='2.6.STABLE13+ICAP' + + + cat >>confdefs.h <<_ACEOF @@ -3954,6 +3955,40 @@ fi; diff --git a/www/squid31/files/icap-2.6-core.patch b/www/squid31/files/icap-2.6-core.patch index c3108f986e0c..50aafd4a4a51 100644 --- a/www/squid31/files/icap-2.6-core.patch +++ b/www/squid31/files/icap-2.6-core.patch @@ -13,14 +13,17 @@ at cvs.devel.squid-cache.org using cvs diff -u -b -N -kk -rZ-icap-2_6_merge_HEAD -ricap-2_6 +and manually adapted because of changes in the Squid code base. + See http://devel.squid-cache.org/icap/ for further information about the ICAP client project. -Patch last updated: 2007-03-18 +Patch last updated: 2007-05-17 -Note: the patchset needs manual adjustments once in a while because - the ICAP developers develop against Squid-2-HEAD and not - Squid-2.6. +Note: ICAP client support for Squid-2 is no longer supported by + the Squid developers. This means that even known bugs in this + code will not be fixed. If you need ICAP support please try + Squid-3. Index: errors/Azerbaijani/ERR_ICAP_FAILURE =================================================================== @@ -2644,25 +2647,9 @@ diff -p -u -b -r1.57 -r1.45.4.6 #endif /* SQUID_ENUMS_H */ Index: src/forward.c =================================================================== -RCS file: /cvsroot/squid/squid/src/forward.c,v -retrieving revision 1.43 -retrieving revision 1.20.4.10 -diff -p -u -b -r1.43 -r1.20.4.10 ---- src/forward.c 10 Dec 2006 05:51:43 -0000 1.43 -+++ src/forward.c 12 Dec 2006 22:49:45 -0000 1.20.4.10 -@@ -358,8 +358,9 @@ fwdConnectDone(int server_fd, int status - } else { - debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry)); - fd_note(server_fd, storeUrl(fwdState->entry)); -- fd_table[server_fd].uses++; -- if (fd_table[server_fd].uses == 1 && fs->peer) -+ fd_table[server_fd].pconn.uses++; -+ fd_table[server_fd].pconn.type = 1; -+ if (fd_table[server_fd].pconn.uses ==1 && fs->peer) - peerConnectSucceded(fs->peer); - #if USE_SSL - if ((fs->peer && fs->peer->use_ssl) || -@@ -941,6 +942,8 @@ fwdCheckDeferRead(int fd, void *data) +--- src/forward.c Tue Apr 17 11:35:17 2007 ++++ src/forward.c Thu May 17 13:08:19 2007 +@@ -943,6 +943,8 @@ fwdCheckDeferRead(int fd, void *data) void fwdFail(FwdState * fwdState, ErrorState * errorState) { @@ -2671,7 +2658,7 @@ diff -p -u -b -r1.43 -r1.20.4.10 debug(17, 3) ("fwdFail: %s \"%s\"\n\t%s\n", err_type_str[errorState->type], httpStatusString(errorState->http_status), -@@ -979,6 +982,8 @@ fwdPeerClosed(int fd, void *data) +@@ -981,6 +983,8 @@ fwdPeerClosed(int fd, void *data) void fwdUnregister(int fd, FwdState * fwdState) { @@ -2680,7 +2667,7 @@ diff -p -u -b -r1.43 -r1.20.4.10 debug(17, 3) ("fwdUnregister: %s\n", storeUrl(fwdState->entry)); assert(fd == fwdState->server_fd); assert(fd > -1); -@@ -998,7 +1003,10 @@ fwdUnregister(int fd, FwdState * fwdStat +@@ -1000,7 +1004,10 @@ fwdUnregister(int fd, FwdState * fwdStat void fwdComplete(FwdState * fwdState) { @@ -2969,7 +2956,7 @@ diff -p -u -b -r1.58 -r1.28.4.13 + * the icap server, rather than put it into + * a StoreEntry + */ -+ storeClientUnregisterAbort(httpState->entry); ++ storeUnregisterAbort(httpState->entry); + storeUnlockObject(httpState->entry); + /* + * create a bogus entry because the code assumes one is