From owner-freebsd-ports-bugs@FreeBSD.ORG Mon Apr 23 21:00:14 2007 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 58ABE16A401 for ; Mon, 23 Apr 2007 21:00:14 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 342CC13C448 for ; Mon, 23 Apr 2007 21:00:14 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l3NL0BB6037873 for ; Mon, 23 Apr 2007 21:00:12 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l3NL0BDv037869; Mon, 23 Apr 2007 21:00:11 GMT (envelope-from gnats) Resent-Date: Mon, 23 Apr 2007 21:00:11 GMT Resent-Message-Id: <200704232100.l3NL0BDv037869@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Thomas-Martin Seck Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3AE6B16A401 for ; Mon, 23 Apr 2007 20:50:24 +0000 (UTC) (envelope-from tmseck@netcologne.de) Received: from smtp2.netcologne.de (smtp2.netcologne.de [194.8.194.112]) by mx1.freebsd.org (Postfix) with ESMTP id EFA8413C448 for ; Mon, 23 Apr 2007 20:50:23 +0000 (UTC) (envelope-from tmseck@netcologne.de) Received: from laurel.tmseck.homedns.org (xdsl-81-173-175-27.netcologne.de [81.173.175.27]) by smtp2.netcologne.de (Postfix) with SMTP id 1A0DC64CF for ; Mon, 23 Apr 2007 22:50:21 +0200 (MEST) Received: (qmail 1585 invoked from network); 23 Apr 2007 20:50:22 -0000 Received: from unknown (HELO hardy.tmseck.homedns.org) (192.168.1.2) by 0 with SMTP; 23 Apr 2007 20:50:22 -0000 Received: from hardy.tmseck.homedns.org (localhost [127.0.0.1]) by hardy.tmseck.homedns.org (8.13.8/8.13.8) with ESMTP id l3NKoLxh028886; Mon, 23 Apr 2007 22:50:21 +0200 (CEST) (envelope-from tmseck@netcologne.de) Received: (from thomas@localhost) by hardy.tmseck.homedns.org (8.13.8/8.13.8/Submit) id l3NKoChP028885; Mon, 23 Apr 2007 22:50:12 +0200 (CEST) (envelope-from tmseck@netcologne.de) Message-Id: <200704232050.l3NKoChP028885@hardy.tmseck.homedns.org> Date: Mon, 23 Apr 2007 22:50:12 +0200 (CEST) From: Thomas-Martin Seck To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/112054: [Maintainer] www/squid: add vendor patch for Squid bug #1814 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Thomas-Martin Seck List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Apr 2007 21:00:14 -0000 >Number: 112054 >Category: ports >Synopsis: [Maintainer] www/squid: add vendor patch for Squid bug #1814 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Mon Apr 23 21:00:11 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Thomas-Martin Seck >Release: FreeBSD 6.2-STABLE i386 >Organization: a private site in Germany >Environment: FreeBSD ports collection as of April 23, 2007. >Description: Add a patch for Squid bug #1814, see . The patchset is a slightly modified version of the Squid patchset 11375. Since this patch conflicts with the ICAP patchset and only affects non-default configurations that have been compiled using the WITH_SQUID_SSL configuration option, apply the patch only when this option is enabled. Set IGNORE when both WITH_SQUID_SSL and WITH_SQUID_ICAP are defined. Bump PORTREVISION (not strictly necessary because the default installation and package remain unchanged but maybe helpful to identify the fixed version). I leave this to the committer's discretion. Added file: files/extra-patch-changeset_11375 >How-To-Repeat: >Fix: Apply this patch: Index: Makefile =================================================================== --- Makefile (.../www/squid) (revision 1152) +++ Makefile (.../local/squid) (revision 1152) @@ -76,6 +76,7 @@ PORTNAME= squid PORTVERSION= 2.6.12 +PORTREVISION= 1 CATEGORIES= www MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ ftp://ftp.vistech.net/pub/squid/%SUBDIR%/ \ @@ -279,7 +280,11 @@ --with-openssl="${OPENSSLBASE}" CFLAGS+= -I${OPENSSLINC} LDFLAGS+= -L${OPENSSLLIB} +.if defined(WITH_SQUID_ICAP) +IGNORE= is currently broken with both ICAP and SSL support enabled because of conflicting patches. This will be resolved for Squid 2.6.13 .endif +EXTRA_PATCHES+= ${PATCHDIR}/extra-patch-changeset_11375 +.endif .if defined(WITH_SQUID_PINGER) CONFIGURE_ARGS+= --enable-icmp libexec+= pinger Index: files/extra-patch-changeset_11375 =================================================================== --- files/extra-patch-changeset_11375 (.../www/squid) (revision 0) +++ files/extra-patch-changeset_11375 (.../local/squid) (revision 1152) @@ -0,0 +1,77 @@ +--------------------- +PatchSet 11375 +Date: 2007/04/17 09:35:17 +Author: hno +Branch: SQUID_2_6 +Tag: (none) +Log: +MFC: Bug #1814: SSL memory leak on persistent SSL connections + +Memory leak when attemting to reuse SSL-negotiated outgoing connections. + +Mainly affects reverse proxy setups using SSL-enabled peers. + +Merged changes: +2007/04/16 23:05:50 hno +8 -6 Bug #1814: SSL memory leak on persistent SSL connections + +Members: + src/forward.c:1.120.2.2->1.120.2.3 + +Note: this patchset was slightly modified for the FreeBSD port + to make it apply cleanly (one hunk removed, path information stripped) + +Index: squid/src/forward.c +=================================================================== +RCS file: /cvsroot/squid/squid/src/forward.c,v +retrieving revision 1.120.2.2 +retrieving revision 1.120.2.3 +diff -u -r1.120.2.2 -r1.120.2.3 +--- src/forward.c 26 Mar 2007 23:14:09 -0000 1.120.2.2 ++++ src/forward.c 17 Apr 2007 09:35:17 -0000 1.120.2.3 +@@ -319,6 +319,7 @@ + fd_table[fd].ssl = ssl; + fd_table[fd].read_method = &ssl_read_method; + fd_table[fd].write_method = &ssl_write_method; ++ fd_note(fd, "Negotiating SSL"); + fwdNegotiateSSL(fd, fwdState); + } + #endif +@@ -357,10 +358,6 @@ + comm_close(server_fd); + } else { + debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry)); +- fd_note(server_fd, storeUrl(fwdState->entry)); +- fd_table[server_fd].uses++; +- if (fd_table[server_fd].uses == 1 && fs->peer) +- peerConnectSucceded(fs->peer); + #if USE_SSL + if ((fs->peer && fs->peer->use_ssl) || + (!fs->peer && request->protocol == PROTO_HTTPS)) { +@@ -535,7 +532,7 @@ + hierarchyNote(&fwdState->request->hier, fs->code, fd_table[fd].ipaddr); + else + hierarchyNote(&fwdState->request->hier, fs->code, name); +- fwdConnectDone(fd, COMM_OK, fwdState); ++ fwdDispatch(fwdState); + return; + } else { + /* Discard the persistent connection to not cause +@@ -653,6 +650,7 @@ + StoreEntry *entry = fwdState->entry; + ErrorState *err; + int server_fd = fwdState->server_fd; ++ FwdServer *fs = fwdState->servers; + debug(17, 3) ("fwdDispatch: FD %d: Fetching '%s %s'\n", + fwdState->client_fd, + RequestMethodStr[request->method], +@@ -667,6 +665,10 @@ + assert(entry->ping_status != PING_WAITING); + assert(entry->lock_count); + EBIT_SET(entry->flags, ENTRY_DISPATCHED); ++ fd_note(server_fd, storeUrl(fwdState->entry)); ++ fd_table[server_fd].uses++; ++ if (fd_table[server_fd].uses == 1 && fs->peer) ++ peerConnectSucceded(fs->peer); + netdbPingSite(request->host); + entry->mem_obj->refresh_timestamp = squid_curtime; + if (fwdState->servers && (p = fwdState->servers->peer)) { >Release-Note: >Audit-Trail: >Unformatted: