diff options
author | Jason Unovitch <junovitch@FreeBSD.org> | 2016-12-23 03:46:34 +0000 |
---|---|---|
committer | Jason Unovitch <junovitch@FreeBSD.org> | 2016-12-23 03:46:34 +0000 |
commit | 7bd265346d0ff0ebb5aa87286a3e81be7c276c52 (patch) | |
tree | 6a1e6127fde4a41a4b7fd8325d61eaa6a92d3131 | |
parent | 525a092e0e8ac68d3b17960bd6af4839f142de61 (diff) | |
download | ports-7bd265346d0ff0ebb5aa87286a3e81be7c276c52.tar.gz ports-7bd265346d0ff0ebb5aa87286a3e81be7c276c52.zip |
MFH: r427008 r427389 (www/squid only) r429217
www/squid: update 3.5.22 -> 3.5.23
- Switch to options helpers
- Mark as not openssl-devel ready
- Spell CHOSEN_COMPILER_TYPE correctly
- Remove upstreamed patch (IPv6 + PF crash)
- Add --enable-zph-qos option to default set
http://wiki.squid-cache.org/Features/QualityOfService
PR: 215416
Submitted by: Pavel Timofeev <timp87@gmail.com> (maintainer)
Security: CVE-2016-10002
Security: CVE-2016-10003
Security: https://vuxml.FreeBSD.org/freebsd/41f8af15-c8b9-11e6-ae1b-002590263bf5.html
Approved by: ports-secteam (with hat)
Notes
Notes:
svn path=/branches/2016Q4/; revision=429218
-rw-r--r-- | www/squid/Makefile | 15 | ||||
-rw-r--r-- | www/squid/distinfo | 6 | ||||
-rw-r--r-- | www/squid/files/patch-src__ip__Intercept.cc | 38 |
3 files changed, 12 insertions, 47 deletions
diff --git a/www/squid/Makefile b/www/squid/Makefile index d49a159d281f..92fbacbdbfec 100644 --- a/www/squid/Makefile +++ b/www/squid/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= squid -PORTVERSION= 3.5.20 +PORTVERSION= 3.5.23 CATEGORIES= www ipv6 MASTER_SITES= http://www.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \ http://www2.us.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \ @@ -222,6 +222,7 @@ CONFIGURE_ARGS= --with-default-user=squid \ --with-swapdir=/var/squid/cache \ --without-gnutls \ --enable-auth \ + --enable-zph-qos \ --enable-build-info \ --enable-loadable-modules \ --enable-removal-policies="lru heap" \ @@ -294,7 +295,7 @@ post-patch: ${change_files}) @(cd ${WRKSRC} && ${MV} src/mime.conf.default src/mime.conf.sample) -.if !${PORT_OPTIONS:MIPV6} +post-patch-IPV6-off: @${REINPLACE_CMD} -e's/ ::1//' -e's/ fc00::\/7//' \ -e's/ fe80::\/10//' -e's/ 2001:DB8::2//' \ -e's/ 2001:DB8::a:0\/64//' \ @@ -302,7 +303,6 @@ post-patch: -e'/tcp_outgoing_address 2001:db8::beef normal_service_net/d' \ -e'/tcp_outgoing_address 2001:db8::1/d' \ ${WRKSRC}/src/cf.data.pre -.endif post-install: @${MKDIR} ${STAGEDIR}${EXAMPLESDIR} @@ -313,11 +313,14 @@ post-install: .include <bsd.port.pre.mk> -.if ${COMPILER_TYPE} == clang +.if ${PORT_OPTIONS:MSSL} && ${SSL_DEFAULT:Mopenssl-devel} +BROKEN= Does not build with openssl-devel +.endif + +.if ${CHOSEN_COMPILER_TYPE} == clang #CXXFLAGS+= -Wno-unused-private-field -.if ${COMPILER_VERSION} >= 35 +CXXFLAGS+= -Wno-unknown-warning-option CXXFLAGS+= -Wno-undefined-bool-conversion -Wno-tautological-undefined-compare -Wno-dynamic-class-memaccess .endif -.endif .include <bsd.port.post.mk> diff --git a/www/squid/distinfo b/www/squid/distinfo index a402b9954f06..6b87b3bbb3ae 100644 --- a/www/squid/distinfo +++ b/www/squid/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1467937151 -SHA256 (squid3.5/squid-3.5.20.tar.xz) = 37db73bd33ddd3503fe375bc3f2b47d9fb7309042e439ad3651f21d5dcf2d395 -SIZE (squid3.5/squid-3.5.20.tar.xz) = 2319780 +TIMESTAMP = 1479930399 +SHA256 (squid3.5/squid-3.5.23.tar.xz) = fa4c0c99f41e92fe1330bed3968d176c6f47ef2e3aea2f83977d5501afa40bdb +SIZE (squid3.5/squid-3.5.23.tar.xz) = 2325884 diff --git a/www/squid/files/patch-src__ip__Intercept.cc b/www/squid/files/patch-src__ip__Intercept.cc index 7bb4250b30d0..1648e1837415 100644 --- a/www/squid/files/patch-src__ip__Intercept.cc +++ b/www/squid/files/patch-src__ip__Intercept.cc @@ -13,41 +13,3 @@ return false; #else natLookup.nl_v = 6; -@@ -323,13 +323,21 @@ - } - - memset(&nl, 0, sizeof(struct pfioc_natlook)); -- newConn->remote.getInAddr(nl.saddr.v4); -+ if (newConn->remote.isIPv4()) { -+ newConn->remote.getInAddr(nl.saddr.v4); -+ } else { -+ newConn->remote.getInAddr(nl.saddr.v6); -+ } - nl.sport = htons(newConn->remote.port()); - -- newConn->local.getInAddr(nl.daddr.v4); -+ if (newConn->local.isIPv4()) { -+ newConn->local.getInAddr(nl.daddr.v4); -+ } else { -+ newConn->local.getInAddr(nl.daddr.v6); -+ } - nl.dport = htons(newConn->local.port()); - -- nl.af = AF_INET; -+ nl.af = newConn->remote.isIPv4() ? AF_INET : AF_INET6; - nl.proto = IPPROTO_TCP; - nl.direction = PF_OUT; - -@@ -345,7 +353,11 @@ - debugs(89, 9, HERE << "address: " << newConn); - return false; - } else { -- newConn->local = nl.rdaddr.v4; -+ if (nl.af == AF_INET) { -+ newConn->local = nl.rdaddr.v4; -+ } else { -+ newConn->local = nl.rdaddr.v6; -+ } - newConn->local.port(ntohs(nl.rdport)); - debugs(89, 5, HERE << "address NAT: " << newConn); - return true; |