www/squid-devel: update 4.0.14 -> 4.0.17

- Remove upstreamed patch (IPv6 + PF crash) - Add --enable-zph-qos option to default set http://wiki.squid-cache.org/Features/QualityOfService - Mark broken if ssl set to openssl-devel, it doesn't build - Switch IPV6 option to options helpers PR: 215418 Submitted by: Pavel Timofeev <timp87@gmail.com> (maintainer) Security: CVE-2016-10002 Security: CVE-2016-10003 Security: https://vuxml.FreeBSD.org/freebsd/41f8af15-c8b9-11e6-ae1b-002590263bf5.html MFH: 2016Q4
svn path=/head/; revision=429220
2024-12-04 01:48:54 +00:00 · 2016-12-23 04:39:06 +00:00 · 2016-12-23 04:39:06 +00:00 · 8b40a2586d · 2021-03-31 03:12:20 +00:00
commit 8b40a2586d
parent b41aa230b0
10 changed files with 36 additions and 70 deletions
--- a/www/squid-devel/Makefile
+++ b/www/squid-devel/Makefile
@ -1,7 +1,7 @@
 # $FreeBSD$

 PORTNAME=	squid
-PORTVERSION=	4.0.14
+PORTVERSION=	4.0.17
 CATEGORIES=	www ipv6
 MASTER_SITES=	http://www.squid-cache.org/Versions/v4/ \
 		http://www2.us.squid-cache.org/Versions/v4/ \
@ -216,6 +216,7 @@ CONFIGURE_ARGS=	--with-default-user=squid \
 		--with-swapdir=/var/squid/cache \
 		--without-gnutls \
 		--enable-auth \
+		--enable-zph-qos \
 		--enable-build-info \
 		--enable-loadable-modules \
 		--enable-removal-policies="lru heap" \
@ -288,7 +289,7 @@ post-patch:
 		${change_files})
 	@(cd ${WRKSRC} && ${MV} src/mime.conf.default src/mime.conf.sample)

-.if !${PORT_OPTIONS:MIPV6}
+post-patch-IPV6-off:
 	@${REINPLACE_CMD} -e's/ ::1//' -e's/ fc00::\/7//' \
 		-e's/ fe80::\/10//' -e's/ 2001:DB8::2//' \
 		-e's/ 2001:DB8::a:0\/64//' \
@ -296,7 +297,6 @@ post-patch:
 		-e'/tcp_outgoing_address 2001:db8::beef normal_service_net/d' \
 		-e'/tcp_outgoing_address 2001:db8::1/d' \
 		${WRKSRC}/src/cf.data.pre
-.endif

 post-install:
 	@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
@ -307,6 +307,10 @@ post-install:

 .include <bsd.port.pre.mk>

+.if ${PORT_OPTIONS:MSSL} && ${SSL_DEFAULT:Mopenssl-devel}
+BROKEN=		Does not build with openssl-devel
+.endif
+
 .if ${CHOSEN_COMPILER_TYPE} == clang
 #CXXFLAGS+=	-Wno-unused-private-field
 CXXFLAGS+=	-Wno-unknown-warning-option
--- a/www/squid-devel/distinfo
+++ b/www/squid-devel/distinfo
@ -1,3 +1,3 @@
 TIMESTAMP = 1467941699
-SHA256 (squid4.0/squid-4.0.14.tar.xz) = c0e9e2d1bc2e18b2317aff165d3d697eac253977a6c37b9659de3ed81d004d1a
-SIZE (squid4.0/squid-4.0.14.tar.xz) = 2404528
+SHA256 (squid4.0/squid-4.0.17.tar.xz) = 8b1f3487495d1b02892bd63d6bdd97862be62a9cebc27245426de4543876239c
+SIZE (squid4.0/squid-4.0.17.tar.xz) = 2410244
--- a/www/squid-devel/files/patch-compat_compat.h
+++ b/www/squid-devel/files/patch-compat_compat.h
@ -1,8 +1,8 @@
--- compat/compat.h.orig	2015-11-01 10:44:25 UTC
+--- compat/compat.h.orig	2016-12-16 10:06:20 UTC
 +++ compat/compat.h
-@@ -42,17 +42,6 @@
- #endif
- #endif
+@@ -29,17 +29,6 @@
+ /******************************************************/
+ #include "compat/osdetect.h"
 
 -/* Solaris 10 has a broken definition for minor_t in IPFilter compat.
 - * We must pre-define before doing anything with OS headers so the OS
--- a/www/squid-devel/files/patch-compat_shm.cc
+++ b/www/squid-devel/files/patch-compat_shm.cc
@ -1,4 +1,4 @@
--- compat/shm.cc.orig	2015-11-01 10:44:25 UTC
+--- compat/shm.cc.orig	2016-12-16 10:06:20 UTC
 +++ compat/shm.cc
@@ -29,6 +29,8 @@ shm_portable_segment_name_is_path()
     size_t len = sizeof(jailed);
--- a/www/squid-devel/files/patch-configure
+++ b/www/squid-devel/files/patch-configure
@ -1,6 +1,6 @@
--- configure.orig	2015-11-01 10:46:19 UTC
+--- configure.orig	2016-12-16 10:19:31 UTC
 +++ configure
-@@ -32038,7 +32040,7 @@ done
+@@ -33043,7 +33043,7 @@ done
 ##
 
 BUILD_HELPER="NIS"
@ -9,7 +9,7 @@
 do :
   as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
 ac_fn_cxx_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "
-@@ -32053,8 +32055,10 @@ if eval test \"x\$"$as_ac_Header"\" = x"
+@@ -33058,8 +33058,10 @@ if eval test \"x\$"$as_ac_Header"\" = x"
 #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
 _ACEOF
 
@ -22,7 +22,7 @@
 fi
 
 done
-@@ -32519,7 +32523,7 @@ done
+@@ -33532,7 +33534,7 @@ done
 
   # unconditionally requires crypt(3), for now
   if test "x$ac_cv_func_crypt" != "x"; then
@ -31,7 +31,7 @@
 do :
   as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
 ac_fn_cxx_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
-@@ -34574,7 +34578,7 @@ for ac_header in \
+@@ -35882,7 +35884,7 @@ for ac_header in \
   arpa/nameser.h \
   assert.h \
   bstring.h \
@ -40,7 +40,7 @@
   ctype.h \
   direct.h \
   errno.h \
-@@ -34785,6 +34789,7 @@ ac_fn_cxx_check_header_compile "$LINENO"
+@@ -36092,6 +36094,7 @@ ac_fn_cxx_check_header_compile "$LINENO"
 #include <netinet/ip.h>
 #endif
 #if HAVE_NETINET_IP_COMPAT_H
@ -48,7 +48,7 @@
 #include <netinet/ip_compat.h>
 #endif
 #if HAVE_NETINET_IP_FIL_H
-@@ -38773,6 +38778,7 @@ if test "x$enable_ipf_transparent" != "x
+@@ -40315,6 +40318,7 @@ if test "x$enable_ipf_transparent" != "x
 #     include <sys/ioccom.h>
 #     include <netinet/in.h>
 
@ -56,7 +56,7 @@
 #     include <netinet/ip_compat.h>
 #     include <netinet/ip_fil.h>
 #     include <netinet/ip_nat.h>
-@@ -38803,6 +38809,7 @@ else
+@@ -40345,6 +40349,7 @@ else
 #       include <sys/ioccom.h>
 #       include <netinet/in.h>
 #undef minor_t
@ -64,7 +64,7 @@
 #       include <netinet/ip_compat.h>
 #       include <netinet/ip_fil.h>
 #       include <netinet/ip_nat.h>
-@@ -38847,6 +38854,7 @@ _ACEOF
+@@ -40389,6 +40394,7 @@ _ACEOF
 	ip_fil_compat.h \
 	ip_fil.h \
 	ip_nat.h \
@ -72,7 +72,7 @@
 	netinet/ip_compat.h \
 	netinet/ip_fil_compat.h \
 	netinet/ip_fil.h \
-@@ -38876,6 +38884,7 @@ ac_fn_cxx_check_header_compile "$LINENO"
+@@ -40418,6 +40424,7 @@ ac_fn_cxx_check_header_compile "$LINENO"
 #if HAVE_IP_COMPAT_H
 #include <ip_compat.h>
 #elif HAVE_NETINET_IP_COMPAT_H
--- a/www/squid-devel/files/patch-src-cf.data.pre
+++ b/www/squid-devel/files/patch-src-cf.data.pre
@ -1,6 +1,6 @@
--- src/cf.data.pre.orig	2015-11-01 10:44:25 UTC
+--- src/cf.data.pre.orig	2016-12-16 10:06:20 UTC
 +++ src/cf.data.pre
-@@ -4558,6 +4558,10 @@ DEFAULT: @DEFAULT_PID_FILE@
+@@ -4754,6 +4754,10 @@ DEFAULT: @DEFAULT_PID_FILE@
 LOC: Config.pidFilename
 DOC_START
 	A filename to write the process-id to.  To disable, enter "none".
--- a/www/squid-devel/files/patch-src_DiskIO_Mmapped_MmappedFile.cc
+++ b/www/squid-devel/files/patch-src_DiskIO_Mmapped_MmappedFile.cc
@ -1,6 +1,6 @@
--- src/DiskIO/Mmapped/MmappedFile.cc.orig	2015-11-01 10:44:25 UTC
+--- src/DiskIO/Mmapped/MmappedFile.cc.orig	2016-12-16 10:06:20 UTC
 +++ src/DiskIO/Mmapped/MmappedFile.cc
-@@ -235,7 +235,7 @@ Mmapping::map()
+@@ -236,7 +236,7 @@ Mmapping::map()
     static const int pageSize = getpagesize();
     delta = offset % pageSize;
 
--- a/www/squid-devel/files/patch-srcipIntercept.cc
+++ b/www/squid-devel/files/patch-srcipIntercept.cc
@ -1,6 +1,6 @@
--- src/ip/Intercept.cc.orig	2015-11-01 10:44:25 UTC
+--- src/ip/Intercept.cc.orig	2016-12-16 10:06:20 UTC
 +++ src/ip/Intercept.cc
-@@ -202,10 +202,10 @@ Ip::Intercept::IpfInterception(const Com
+@@ -206,10 +206,10 @@ Ip::Intercept::IpfInterception(const Com
     // for NAT lookup set local and remote IP:port's
     if (newConn->remote.isIPv6()) {
 #if IPFILTER_VERSION < 5000003
@ -11,43 +11,5 @@
 -        warningLevel = (warningLevel + 1) % 10;
 +        warningLevel = (warningLevel + 1) % 1048576;
         return false;
- #else
-         natLookup.nl_v = 6;
-@@ -323,13 +323,21 @@
     }
- 
-     memset(&nl, 0, sizeof(struct pfioc_natlook));
-    newConn->remote.getInAddr(nl.saddr.v4);
-+    if (newConn->remote.isIPv4()) {
-+        newConn->remote.getInAddr(nl.saddr.v4);
-+    } else {
-+        newConn->remote.getInAddr(nl.saddr.v6);
-+    }
-     nl.sport = htons(newConn->remote.port());
- 
-    newConn->local.getInAddr(nl.daddr.v4);
-+    if (newConn->local.isIPv4()) {
-+        newConn->local.getInAddr(nl.daddr.v4);
-+    } else {
-+        newConn->local.getInAddr(nl.daddr.v6);
-+    }
-     nl.dport = htons(newConn->local.port());
- 
-    nl.af = AF_INET;
-+    nl.af = newConn->remote.isIPv4() ? AF_INET : AF_INET6;
-     nl.proto = IPPROTO_TCP;
-     nl.direction = PF_OUT;
- 
-@@ -345,7 +353,11 @@
-         debugs(89, 9, HERE << "address: " << newConn);
-         return false;
-     } else {
-        newConn->local = nl.rdaddr.v4;
-+        if (nl.af == AF_INET) {
-+            newConn->local = nl.rdaddr.v4;
-+        } else {
-+            newConn->local = nl.rdaddr.v6;
-+        }
-         newConn->local.port(ntohs(nl.rdport));
-         debugs(89, 5, HERE << "address NAT: " << newConn);
-         return true;
+     newConn->local.getInAddr(natLookup.nl_inip);
--- a/www/squid-devel/files/patch-src_ipc_mem_Segment.cc
+++ b/www/squid-devel/files/patch-src_ipc_mem_Segment.cc
@ -1,11 +1,11 @@
--- src/ipc/mem/Segment.cc.orig	2015-11-01 10:44:25 UTC
+--- src/ipc/mem/Segment.cc.orig	2016-12-16 10:06:20 UTC
 +++ src/ipc/mem/Segment.cc
-@@ -150,7 +150,7 @@ Ipc::Mem::Segment::attach()
+@@ -173,7 +173,7 @@ Ipc::Mem::Segment::attach()
     assert(theSize == static_cast<off_t>(static_cast<size_t>(theSize)));
 
     void *const p =
 -        mmap(NULL, theSize, PROT_READ | PROT_WRITE, MAP_SHARED, theFD, 0);
 +        mmap(NULL, theSize, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_NOSYNC, theFD, 0);
     if (p == MAP_FAILED) {
-         debugs(54, 5, HERE << "mmap " << theName << ": " << xstrerror());
-         fatalf("Ipc::Mem::Segment::attach failed to mmap(%s): %s\n",
+         int xerrno = errno;
+         debugs(54, 5, "mmap " << theName << ": " << xstrerr(xerrno));
--- a/www/squid-devel/files/patch-src_tools.cc
+++ b/www/squid-devel/files/patch-src_tools.cc
@ -1,4 +1,4 @@
--- src/tools.cc.orig	2015-11-01 10:44:25 UTC
+--- src/tools.cc.orig	2016-12-16 10:06:20 UTC
 +++ src/tools.cc
@@ -603,7 +603,7 @@ no_suid(void)
     uid = geteuid();