Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2020Q1]: pkgsrc/www/squid4 Pullup ticket #6179 - requested by ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/7df567029ee2
branches: pkgsrc-2020Q1
changeset: 430341:7df567029ee2
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Thu Apr 30 08:35:50 2020 +0000
description:
Pullup ticket #6179 - requested by taca
www/squid4: security fix
Revisions pulled up:
- www/squid4/Makefile 1.6-1.7
- www/squid4/distinfo 1.4-1.6
- www/squid4/patches/patch-acinclude_os-deps.m4 1.1-1.2
- www/squid4/patches/patch-configure 1.3-1.5
- www/squid4/patches/patch-src_ip_Intercept.cc 1.1
---
Module Name: pkgsrc
Committed By: sborrill
Date: Thu Apr 9 09:45:20 UTC 2020
Modified Files:
pkgsrc/www/squid4: Makefile distinfo
pkgsrc/www/squid4/patches: patch-configure
Added Files:
pkgsrc/www/squid4/patches: patch-acinclude_os-deps.m4
patch-src_ip_Intercept.cc
Log Message:
Fix IPFilter transparent proxy support by:
- including correct headers in configure tests
- using correct autoconf value output by configure
Bump PKGREVISION
---
Module Name: pkgsrc
Committed By: sborrill
Date: Thu Apr 9 16:27:15 UTC 2020
Modified Files:
pkgsrc/www/squid4: distinfo
pkgsrc/www/squid4/patches: patch-acinclude_os-deps.m4 patch-configure
Log Message:
Generate correct #defines for the IPFilter IPv6 detection with no trailing
underscores
---
Module Name: pkgsrc
Committed By: mef
Date: Thu Apr 23 13:52:24 UTC 2020
Modified Files:
pkgsrc/www/squid4: Makefile distinfo
pkgsrc/www/squid4/patches: patch-configure
Log Message:
(www/squid4) Updated to 4.10 (and clear pkglint one point in patch)
Changes to squid-4.11 (18 Apr 2020):
- Bug 5036: capital 'L's in logs when daemon queue overflows
- Bug 5022: Reconfigure kills Coordinator in SMP+ufs configurations
- Bug 5016: systemd thinks Squid is ready before Squid listens
- kerberos_ldap_group: fix encryption type for cross realm check
- HTTP: Ignore malformed Host header in intercept and reverse proxy mode
- Fix Digest authentication nonce handling
- Supply ALE to request_header_add/reply_header_add
- ... and some documentation updates
- ... and some compile fixes
diffstat:
www/squid4/Makefile | 5 +-
www/squid4/distinfo | 14 +++--
www/squid4/patches/patch-acinclude_os-deps.m4 | 37 +++++++++++++
www/squid4/patches/patch-configure | 72 +++++++++++++++++++++++---
www/squid4/patches/patch-src_ip_Intercept.cc | 24 +++++++++
5 files changed, 133 insertions(+), 19 deletions(-)
diffs (233 lines):
diff -r 8db4e96af69a -r 7df567029ee2 www/squid4/Makefile
--- a/www/squid4/Makefile Thu Apr 30 07:54:55 2020 +0000
+++ b/www/squid4/Makefile Thu Apr 30 08:35:50 2020 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.5 2020/03/08 16:51:39 wiz Exp $
+# $NetBSD: Makefile,v 1.5.2.1 2020/04/30 08:35:50 bsiegert Exp $
-DISTNAME= squid-4.10
-PKGREVISION= 1
+DISTNAME= squid-4.11
CATEGORIES= www
MASTER_SITES= http://www.squid-cache.org/Versions/v4/
MASTER_SITES+= ftp://ftp.squid-cache.org/pub/squid/
diff -r 8db4e96af69a -r 7df567029ee2 www/squid4/distinfo
--- a/www/squid4/distinfo Thu Apr 30 07:54:55 2020 +0000
+++ b/www/squid4/distinfo Thu Apr 30 08:35:50 2020 +0000
@@ -1,14 +1,16 @@
-$NetBSD: distinfo,v 1.3 2020/02/04 03:03:48 taca Exp $
+$NetBSD: distinfo,v 1.3.2.1 2020/04/30 08:35:50 bsiegert Exp $
-SHA1 (squid-4.10.tar.xz) = b8b267771550bb8c7f2b2968b305118090e7217a
-RMD160 (squid-4.10.tar.xz) = 33b4f2fb2a428fb37379541eabb1c892fa29ae44
-SHA512 (squid-4.10.tar.xz) = 033891f84789fe23a23fabcfb6f51a5b044c16892600f94380b5f0bcbceaef67b95c7047154d940511146248ca9846a949f00a609c6ed27f9af8829325eb08e0
-Size (squid-4.10.tar.xz) = 2445848 bytes
+SHA1 (squid-4.11.tar.xz) = 053277bf5497163ffc9261b9807abda5959bb6fc
+RMD160 (squid-4.11.tar.xz) = 14392a0e6a5b44c0673bcc37b5753d274762b10e
+SHA512 (squid-4.11.tar.xz) = 02d4bb4d5860124347670615e69b1b92be7ea4fc0131e54091a06cb2e67bd73583d8e6cbe472473f0c59764611a49561d02ab9fe2bf0305ce4652d4ec7714f26
+Size (squid-4.11.tar.xz) = 2447700 bytes
+SHA1 (patch-acinclude_os-deps.m4) = 7af769f4df2c8293bec0be1fb4c222da35aa3fee
SHA1 (patch-compat_compat.h) = 839381a5e1f46e7d9b822bbb53d82a53c996ddc0
-SHA1 (patch-configure) = e7920ba353716e26d0b7559366c86b22cb03adfd
+SHA1 (patch-configure) = 24ae8657741697f4170c5e41657b07715956de95
SHA1 (patch-errors_Makefile.in) = 84cbf5c836f02ed5fbfff140888c6d3aadeac326
SHA1 (patch-src_Makefile.in) = afc5aefd97c46d1ffab43e97aeaeade3a5a8c648
SHA1 (patch-src_acl_external_kerberos__ldap__group_support__resolv.cc) = 0ea41d55e32d689a16e012391a9eea67631daf3a
SHA1 (patch-src_comm_ModKqueue.cc) = d8c5d235f07a48731275101d60fcbf2e22f77b96
SHA1 (patch-src_fs_ufs_RebuildState.h) = 76ee5c437b3dad05e428ae89cd5af6c052a40e59
+SHA1 (patch-src_ip_Intercept.cc) = dd24a402f3634d156ecaeb4eae815b21c7a0adfa
SHA1 (patch-tools_Makefile.in) = d098c0c9dc4af577f74e562d99f07ed98be5ae01
diff -r 8db4e96af69a -r 7df567029ee2 www/squid4/patches/patch-acinclude_os-deps.m4
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/squid4/patches/patch-acinclude_os-deps.m4 Thu Apr 30 08:35:50 2020 +0000
@@ -0,0 +1,37 @@
+$NetBSD$
+
+Fix detection of IPv6 NAT in IPFilter by including correct headers
+Generate correct #defines without trailing underscores
+
+https://github.com/squid-cache/squid/pull/596
+
+--- acinclude/os-deps.m4.orig 2020-01-20 02:51:40.000000000 +0000
++++ acinclude/os-deps.m4 2020-04-09 15:59:34.000000000 +0100
+@@ -925,11 +925,13 @@
+ ## Solaris 10+ backported IPv6 NAT to their IPFilter v4.1 instead of using v5
+ AC_CHECK_MEMBERS([
+ struct natlookup.nl_inipaddr.in6,
+- struct natlookup.nl_realipaddr.in6
+- ],,,[
++ struct natlookup.nl_realipaddr.in6],,,[
+ #if USE_SOLARIS_IPFILTER_MINOR_T_HACK
+ #define minor_t fubar
+ #endif
++#if HAVE_SYS_PARAM_H
++#include <sys/param.h>
++#endif
+ #if HAVE_SYS_TYPES_H
+ #include <sys/types.h>
+ #endif
+@@ -955,7 +957,11 @@
+ #elif HAVE_NETINET_IP_FIL_H
+ #include <netinet/ip_fil.h>
+ #endif
++#if HAVE_IP_NAT_H
+ #include <ip_nat.h>
++#elif HAVE_NETINET_IP_NAT_H
++#include <netinet/ip_nat.h>
++#endif
+ ])
+
+ ])
diff -r 8db4e96af69a -r 7df567029ee2 www/squid4/patches/patch-configure
--- a/www/squid4/patches/patch-configure Thu Apr 30 07:54:55 2020 +0000
+++ b/www/squid4/patches/patch-configure Thu Apr 30 08:35:50 2020 +0000
@@ -1,14 +1,16 @@
-$NetBSD: patch-configure,v 1.2 2020/02/04 03:03:49 taca Exp $
+$NetBSD: patch-configure,v 1.2.2.1 2020/04/30 08:35:50 bsiegert Exp $
* More support for OpenSSL 1.1; not only check SSL_Library_init() but
also check OPENSSL_init_ssl().
* Fix syntax error by accidental new line.
-* Utilisze <stdlib.h> on BSD.
+* Utilize <stdlib.h> on BSD.
* Do not override CFLAGS/CXXFLAGS except linux.
+* Fix detection of IPv6 NAT in IPFilter by including correct headers
+ and generating correct #defines without trailing underscores
--- configure.orig 2020-01-20 02:51:59.000000000 +0000
-+++ configure
-@@ -23201,10 +23201,12 @@ do
++++ configure 2020-04-09 16:05:04.000000000 +0100
+@@ -23201,10 +23201,12 @@
done
# GLIBC 2.30 deprecates sysctl.h. Test with the same flags that (may) break includes later.
@@ -24,7 +26,7 @@
${TRUE}
;;
mingw)
-@@ -23244,6 +23246,7 @@ done
+@@ -23244,6 +23246,7 @@
do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_cxx_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "
@@ -32,7 +34,7 @@
#include <sys/types.h>
#include <sys/socket.h>
-@@ -24080,7 +24083,51 @@ if test "x$ac_cv_lib_ssl_SSL_CTX_new" =
+@@ -24080,7 +24083,51 @@
LIBOPENSSL_LIBS="-lssl $LIBOPENSSL_LIBS"
else
@@ -85,7 +87,7 @@
fi
-@@ -24183,7 +24230,51 @@ if test "x$ac_cv_lib_ssl_SSL_CTX_new" =
+@@ -24183,7 +24230,51 @@
LIBOPENSSL_LIBS="-lssl $LIBOPENSSL_LIBS"
else
@@ -138,7 +140,7 @@
fi
-@@ -39234,6 +39325,8 @@ else
+@@ -39234,6 +39325,8 @@
# ifdef _MSC_VER
# include <malloc.h>
# define alloca _alloca
@@ -147,12 +149,62 @@
# else
# ifdef HAVE_ALLOCA_H
# include <alloca.h>
-@@ -42057,7 +42150,7 @@ _ACEOF
+@@ -42021,6 +42114,9 @@
+ #if USE_SOLARIS_IPFILTER_MINOR_T_HACK
+ #define minor_t fubar
+ #endif
++#if HAVE_SYS_PARAM_H
++#include <sys/param.h>
++#endif
+ #if HAVE_SYS_TYPES_H
+ #include <sys/types.h>
+ #endif
+@@ -42046,7 +42142,11 @@
+ #elif HAVE_NETINET_IP_FIL_H
+ #include <netinet/ip_fil.h>
+ #endif
++#if HAVE_IP_NAT_H
+ #include <ip_nat.h>
++#elif HAVE_NETINET_IP_NAT_H
++#include <netinet/ip_nat.h>
++#endif
+
+ "
+ if test "x$ac_cv_member_struct_natlookup_nl_inipaddr_in6" = xyes; then :
+@@ -42057,11 +42157,14 @@
fi
-ac_fn_cxx_check_member "$LINENO" "struct natlookup" "nl_realipaddr.in6"
+- "ac_cv_member_struct_natlookup_nl_realipaddr_in6___" "
+ac_fn_cxx_check_member "$LINENO" "struct natlookup" "nl_realipaddr.in6" \
- "ac_cv_member_struct_natlookup_nl_realipaddr_in6___" "
++ "ac_cv_member_struct_natlookup_nl_realipaddr_in6" "
#if USE_SOLARIS_IPFILTER_MINOR_T_HACK
#define minor_t fubar
+ #endif
++#if HAVE_SYS_PARAM_H
++#include <sys/param.h>
++#endif
+ #if HAVE_SYS_TYPES_H
+ #include <sys/types.h>
+ #endif
+@@ -42087,13 +42190,17 @@
+ #elif HAVE_NETINET_IP_FIL_H
+ #include <netinet/ip_fil.h>
+ #endif
++#if HAVE_IP_NAT_H
+ #include <ip_nat.h>
++#elif HAVE_NETINET_IP_NAT_H
++#include <netinet/ip_nat.h>
++#endif
+
+ "
+-if test "x$ac_cv_member_struct_natlookup_nl_realipaddr_in6___" = xyes; then :
++if test "x$ac_cv_member_struct_natlookup_nl_realipaddr_in6" = xyes; then :
+
+ cat >>confdefs.h <<_ACEOF
+-#define HAVE_STRUCT_NATLOOKUP_NL_REALIPADDR_IN6___ 1
++#define HAVE_STRUCT_NATLOOKUP_NL_REALIPADDR_IN6 1
+ _ACEOF
+
+
diff -r 8db4e96af69a -r 7df567029ee2 www/squid4/patches/patch-src_ip_Intercept.cc
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/squid4/patches/patch-src_ip_Intercept.cc Thu Apr 30 08:35:50 2020 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-src_ip_Intercept.cc,v 1.1.2.2 2020/04/30 08:35:50 bsiegert Exp $
+
+Fix: use correct #if to look for IPv6 support
+
+--- src/ip/Intercept.cc.orig 2020-01-20 02:51:40.000000000 +0000
++++ src/ip/Intercept.cc 2020-04-09 08:58:13.000000000 +0100
+@@ -204,7 +204,7 @@
+ memset(&natLookup, 0, sizeof(natLookup));
+ // for NAT lookup set local and remote IP:port's
+ if (newConn->remote.isIPv6()) {
+-#if HAVE_NATLOOKUP_NL_INIPADDR_IN6
++#if HAVE_STRUCT_NATLOOKUP_NL_INIPADDR_IN6
+ natLookup.nl_v = 6;
+ newConn->local.getInAddr(natLookup.nl_inipaddr.in6);
+ newConn->remote.getInAddr(natLookup.nl_outipaddr.in6);
+@@ -292,7 +292,7 @@
+ debugs(89, 9, HERE << "address: " << newConn);
+ return false;
+ } else {
+-#if HAVE_NATLOOKUP_NL_REALIPADDR_IN6
++#if HAVE_STRUCT_NATLOOKUP_NL_REALIPADDR_IN6
+ if (newConn->remote.isIPv6())
+ newConn->local = natLookup.nl_realipaddr.in6;
+ else
Home |
Main Index |
Thread Index |
Old Index