Hello community, here is the log from the commit of package libserf for openSUSE:Factory checked in at 2012-10-05 13:45:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libserf (Old) and /work/SRC/openSUSE:Factory/.libserf.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libserf", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/libserf/libserf.changes 2012-06-10 23:19:16.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libserf.new/libserf.changes 2012-10-06 18:38:51.000000000 +0200 @@ -1,0 +2,14 @@ +Thu Oct 4 21:45:29 UTC 2012 - andreas.stieger@gmx.de + +- update to Serf 1.1.1 + This patch release contains fixes for some important connection + stability issues. + * ensure requeued requests are correctly handled. This fixes: + - infinite loop with multiple connection resets or SIGPIPE errors + - "connection" hang where we would not re-queue requests that are held after + we re-connect + * test_all goes in an endless loop + * Fix memory leak when conn. is closed explicitly/due to pool cleanups + * Add new error codes for the SSL bucket + +------------------------------------------------------------------- Old: ---- serf-1.1.0.tar.bz2 New: ---- serf-1.1.1.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libserf.spec ++++++ --- /var/tmp/diff_new_pack.Y92YXT/_old 2012-10-06 18:38:52.000000000 +0200 +++ /var/tmp/diff_new_pack.Y92YXT/_new 2012-10-06 18:38:52.000000000 +0200 @@ -19,7 +19,7 @@ Name: libserf %define soname 0 %define major 1 -Version: 1.1.0 +Version: 1.1.1 Release: 0 Summary: High-Performance Asynchronous HTTP Client Library License: Apache-2.0 ++++++ serf-1.1.0.tar.bz2 -> serf-1.1.1.tar.bz2 ++++++ ++++ 6513 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/serf-1.1.0/CHANGES new/serf-1.1.1/CHANGES --- old/serf-1.1.0/CHANGES 2012-06-07 22:12:29.000000000 +0200 +++ new/serf-1.1.1/CHANGES 2012-10-04 22:06:40.000000000 +0200 @@ -1,3 +1,14 @@ +Serf 1.1.1 [2012-10-04, from /tags/1.1.1] + Fixed issue 86: ensure requeued requests are correctly handled. This fixes: + - infinite loop with multiple connection resets or SIGPIPE errors + - "connection" hang where we would not re-queue requests that are held after + we re-connect + Fixed issue 74: test_all goes in an endless loop + Fix memory leak when conn. is closed explicitly/due to pool cleanups (r1623) + Fix for https on Windows: handle connection aborts (r1628..-30,-33,-34,-37) + Add new error codes for the SSL bucket + + Serf 1.1.0 [2012-06-07, from /tags/1.1.0] New: serf_bucket_request_set_CL() for C-L based, non-chunked requests New: serf_ssl_server_cert_chain_callback_set() for full-chain validation diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/serf-1.1.0/buckets/ssl_buckets.c new/serf-1.1.1/buckets/ssl_buckets.c --- old/serf-1.1.0/buckets/ssl_buckets.c 2012-04-19 23:43:22.000000000 +0200 +++ new/serf-1.1.1/buckets/ssl_buckets.c 2012-09-11 22:01:04.000000000 +0200 @@ -180,6 +180,10 @@ EVP_PKEY *cached_cert_pw; apr_status_t pending_err; + + /* Status of a fatal error, returned on subsequent encrypt or decrypt + requests. */ + apr_status_t fatal_err; }; typedef struct { @@ -534,6 +538,9 @@ const char *data; int ssl_len; + if (ctx->fatal_err) + return ctx->fatal_err; + #ifdef SSL_VERBOSE printf("ssl_decrypt: begin %d\n", bufsize); #endif @@ -581,16 +588,44 @@ break; case SSL_ERROR_SSL: *len = 0; - status = ctx->pending_err ? ctx->pending_err : APR_EGENERAL; - ctx->pending_err = 0; + if (ctx->pending_err) { + status = ctx->pending_err; + ctx->pending_err = 0; + } else { + ctx->fatal_err = status = SERF_ERROR_SSL_COMM_FAILED; + } break; default: *len = 0; - status = APR_EGENERAL; + ctx->fatal_err = status = SERF_ERROR_SSL_COMM_FAILED; break; } - } - else { + } else if (ssl_len == 0) { + /* The server shut down the connection. */ + int ssl_err, shutdown; + *len = 0; + + /* Check for SSL_RECEIVED_SHUTDOWN */ + shutdown = SSL_get_shutdown(ctx->ssl); + /* Check for SSL_ERROR_ZERO_RETURN */ + ssl_err = SSL_get_error(ctx->ssl, ssl_len); + + if (shutdown == SSL_RECEIVED_SHUTDOWN && + ssl_err == SSL_ERROR_ZERO_RETURN) { + /* The server closed the SSL session. While this doesn't + necessary mean the connection is closed, let's close + it here anyway. + We can optimize this later. */ +#ifdef SSL_VERBOSE + printf("ssl_decrypt: SSL read error: server shut down"\ + "connection!\n"); +#endif + status = APR_EOF; + } else { + /* A fatal error occurred. */ + ctx->fatal_err = status = SERF_ERROR_SSL_COMM_FAILED; + } + } else { *len = ssl_len; #ifdef SSL_VERBOSE printf("---\n%s\n-(%d)-\n", buf, *len); @@ -616,6 +651,9 @@ serf_ssl_context_t *ctx = baton; apr_status_t status; + if (ctx->fatal_err) + return ctx->fatal_err; + #ifdef SSL_VERBOSE printf("ssl_encrypt: begin %d\n", bufsize); #endif @@ -735,7 +773,7 @@ status = SERF_ERROR_WAIT_CONN; } else { - status = APR_EGENERAL; + ctx->fatal_err = status = SERF_ERROR_SSL_COMM_FAILED; } } #ifdef SSL_VERBOSE @@ -1107,6 +1145,7 @@ ssl_ctx->cached_cert = 0; ssl_ctx->cached_cert_pw = 0; ssl_ctx->pending_err = APR_SUCCESS; + ssl_ctx->fatal_err = APR_SUCCESS; ssl_ctx->cert_callback = NULL; ssl_ctx->cert_pw_callback = NULL; @@ -1206,7 +1245,7 @@ int result = X509_STORE_set_default_paths(store); - return result ? APR_SUCCESS : APR_EGENERAL; + return result ? APR_SUCCESS : SERF_ERROR_SSL_CERT_FAILED; } apr_status_t serf_ssl_load_cert_file( @@ -1228,7 +1267,7 @@ } } - return APR_EGENERAL; + return SERF_ERROR_SSL_CERT_FAILED; } @@ -1240,7 +1279,7 @@ int result = X509_STORE_add_cert(store, cert->ssl_cert); - return result ? APR_SUCCESS : APR_EGENERAL; + return result ? APR_SUCCESS : SERF_ERROR_SSL_CERT_FAILED; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/serf-1.1.0/context.c new/serf-1.1.1/context.c --- old/serf-1.1.0/context.c 2011-07-13 04:39:16.000000000 +0200 +++ new/serf-1.1.1/context.c 2012-09-11 22:01:04.000000000 +0200 @@ -354,6 +354,10 @@ return "An error occurred during decompression"; case SERF_ERROR_BAD_HTTP_RESPONSE: return "The server sent an improper HTTP response"; + case SERF_ERROR_SSL_COMM_FAILED: + return "An error occurred during SSL communication"; + case SERF_ERROR_SSL_CERT_FAILED: + return "An SSL certificate related error occurred "; case SERF_ERROR_AUTHN_FAILED: return "An error occurred during authentication"; case SERF_ERROR_AUTHN_NOT_SUPPORTED: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/serf-1.1.0/outgoing.c new/serf-1.1.1/outgoing.c --- old/serf-1.1.0/outgoing.c 2011-06-23 23:20:11.000000000 +0200 +++ new/serf-1.1.1/outgoing.c 2012-09-11 21:58:11.000000000 +0200 @@ -103,15 +103,19 @@ /* Now put it back in with the correct read/write values. */ desc.reqevents = APR_POLLHUP | APR_POLLERR; - if (conn->requests) { + if (conn->requests && + conn->state != SERF_CONN_INIT) { /* If there are any outstanding events, then we want to read. */ /* ### not true. we only want to read IF we have sent some data */ desc.reqevents |= APR_POLLIN; - /* If the connection has unwritten data, or there are any requests - * that still have buckets to write out, then we want to write. + /* If the connection is not closing down and + * has unwritten data or + * there are any requests that still have buckets to write out, + * then we want to write. */ - if (conn->vec_len) + if (conn->vec_len && + conn->state != SERF_CONN_CLOSING) desc.reqevents |= APR_POLLOUT; else { serf_request_t *request = conn->requests; @@ -256,6 +260,7 @@ serf__ssltunnel_connect(conn); else conn->state = SERF_CONN_CONNECTED; + } return APR_SUCCESS; @@ -267,14 +272,6 @@ /* Note that we should hold new requests until we open our new socket. */ conn->state = SERF_CONN_CLOSING; - /* We can take the *next* request in our list and assume it hasn't - * been written yet and 'save' it for the new socket. - */ - conn->hold_requests = request->next; - conn->hold_requests_tail = conn->requests_tail; - request->next = NULL; - conn->requests_tail = request; - /* Clear our iovec. */ conn->vec_len = 0; @@ -411,20 +408,13 @@ { serf_context_t *ctx = conn->ctx; apr_status_t status; - serf_request_t *old_reqs, *held_reqs, *held_reqs_tail; + serf_request_t *old_reqs; conn->probable_keepalive_limit = conn->completed_responses; conn->completed_requests = 0; conn->completed_responses = 0; old_reqs = conn->requests; - held_reqs = conn->hold_requests; - held_reqs_tail = conn->hold_requests_tail; - - if (conn->state == SERF_CONN_CLOSING) { - conn->hold_requests = NULL; - conn->hold_requests_tail = NULL; - } conn->requests = NULL; conn->requests_tail = NULL; @@ -444,16 +434,6 @@ } } - if (conn->requests_tail) { - conn->requests_tail->next = held_reqs; - } - else { - conn->requests = held_reqs; - } - if (held_reqs_tail) { - conn->requests_tail = held_reqs_tail; - } - if (conn->skt != NULL) { remove_connection(ctx, conn); status = apr_socket_close(conn->skt); @@ -667,7 +647,9 @@ */ if (APR_STATUS_IS_EAGAIN(status)) return APR_SUCCESS; - if (APR_STATUS_IS_EPIPE(status)) + if (APR_STATUS_IS_EPIPE(status) || + APR_STATUS_IS_ECONNRESET(status) || + APR_STATUS_IS_ECONNABORTED(status)) return no_more_writes(conn, request); if (status) return status; @@ -762,7 +744,8 @@ return APR_SUCCESS; if (APR_STATUS_IS_EPIPE(status)) return no_more_writes(conn, request); - if (APR_STATUS_IS_ECONNRESET(status)) { + if (APR_STATUS_IS_ECONNRESET(status) || + APR_STATUS_IS_ECONNABORTED(status)) { return no_more_writes(conn, request); } if (status) @@ -929,10 +912,12 @@ * 2) Doing the initial SSL handshake - we'll get EAGAIN * as the SSL buckets will hide the handshake from us * but not return any data. + * 3) When the server sends us an SSL alert. * * In these cases, we should not receive any actual user data. * - * If we see an EOF (due to an expired timeout), we'll reset the + * If we see an EOF (due to either an expired timeout or the serer + * sending the SSL 'close notify' shutdown alert), we'll reset the * connection and open a new one. */ if (request->req_bkt || !request->written) { @@ -969,9 +954,10 @@ status = handle_response(request, tmppool); /* Some systems will not generate a HUP poll event so we have to - * handle the ECONNRESET issue here. + * handle the ECONNRESET issue and ECONNABORT here. */ if (APR_STATUS_IS_ECONNRESET(status) || + APR_STATUS_IS_ECONNABORTED(status) || status == SERF_ERROR_REQUEST_LOST) { reset_connection(conn, 1); status = APR_SUCCESS; @@ -1213,6 +1199,8 @@ conn->stream = NULL; } + destroy_ostream(conn); + /* Remove the connection from the context. We don't want to * deal with it any more. */ @@ -1279,16 +1267,11 @@ request->next = NULL; /* Link the request to the end of the request chain. */ - if (conn->state == SERF_CONN_CLOSING) { - link_requests(&conn->hold_requests, &conn->hold_requests_tail, request); - } - else { - link_requests(&conn->requests, &conn->requests_tail, request); - - /* Ensure our pollset becomes writable in context run */ - conn->ctx->dirty_pollset = 1; - conn->dirty_conn = 1; - } + link_requests(&conn->requests, &conn->requests_tail, request); + + /* Ensure our pollset becomes writable in context run */ + conn->ctx->dirty_pollset = 1; + conn->dirty_conn = 1; return request; } @@ -1314,14 +1297,8 @@ request->written = 0; request->next = NULL; - /* Link the new request after the last written request, but before all - upcoming requests. */ - if (conn->state == SERF_CONN_CLOSING) { - iter = conn->hold_requests; - } - else { - iter = conn->requests; - } + /* Link the new request after the last written request. */ + iter = conn->requests; prev = NULL; /* Find a request that has data which needs to be delivered. */ @@ -1341,19 +1318,12 @@ prev->next = request; } else { request->next = iter; - if (conn->state == SERF_CONN_CLOSING) { - conn->hold_requests = request; - } - else { - conn->requests = request; - } + conn->requests = request; } - if (conn->state != SERF_CONN_CLOSING) { - /* Ensure our pollset becomes writable in context run */ - conn->ctx->dirty_pollset = 1; - conn->dirty_conn = 1; - } + /* Ensure our pollset becomes writable in context run */ + conn->ctx->dirty_pollset = 1; + conn->dirty_conn = 1; return request; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/serf-1.1.0/serf.h new/serf-1.1.1/serf.h --- old/serf-1.1.0/serf.h 2012-03-20 20:42:49.000000000 +0100 +++ new/serf-1.1.1/serf.h 2012-09-11 22:01:04.000000000 +0200 @@ -83,6 +83,12 @@ #define SERF_ERROR_BAD_HTTP_RESPONSE (APR_OS_START_USERERR + \ SERF_ERROR_RANGE + 5) +/* SSL certificates related errors */ +#define SERF_ERROR_SSL_CERT_FAILED (APR_OS_START_USERERR + SERF_ERROR_RANGE + 70) + +/* SSL communications related errors */ +#define SERF_ERROR_SSL_COMM_FAILED (APR_OS_START_USERERR + SERF_ERROR_RANGE + 71) + /* General authentication related errors */ #define SERF_ERROR_AUTHN_FAILED (APR_OS_START_USERERR + SERF_ERROR_RANGE + 90) @@ -1031,7 +1037,7 @@ /* Version info */ #define SERF_MAJOR_VERSION 1 #define SERF_MINOR_VERSION 1 -#define SERF_PATCH_VERSION 0 +#define SERF_PATCH_VERSION 1 /* Version number string */ #define SERF_VERSION_STRING APR_STRINGIFY(SERF_MAJOR_VERSION) "." \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/serf-1.1.0/serf_private.h new/serf-1.1.1/serf_private.h --- old/serf-1.1.0/serf_private.h 2011-06-16 09:56:09.000000000 +0200 +++ new/serf-1.1.1/serf_private.h 2012-09-11 21:55:18.000000000 +0200 @@ -203,12 +203,6 @@ serf_request_t *requests; serf_request_t *requests_tail; - /* The list of requests we're holding on to because we're going to - * reset the connection soon. - */ - serf_request_t *hold_requests; - serf_request_t *hold_requests_tail; - struct iovec vec[IOV_MAX]; int vec_len; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/serf-1.1.0/test/server/test_server.c new/serf-1.1.1/test/server/test_server.c --- old/serf-1.1.0/test/server/test_server.c 2012-02-15 21:16:09.000000000 +0100 +++ new/serf-1.1.1/test/server/test_server.c 2012-09-29 11:12:27.000000000 +0200 @@ -219,7 +219,13 @@ const apr_pollfd_t *desc; /* create a new pollset */ +#ifdef BROKEN_WSAPOLL + status = apr_pollset_create_ex(&pollset, 32, pool, 0, + APR_POLLSET_SELECT); +#else status = apr_pollset_create(&pollset, 32, pool, 0); +#endif + if (status != APR_SUCCESS) return status; -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org