Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2020Q1]: pkgsrc/www/squid4 Pullup ticket #6179 - requested by ...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/2ade4fc00f94
branches:  pkgsrc-2020Q1
changeset: 430348:2ade4fc00f94
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Thu Apr 30 08:35:50 2020 +0000

description:
Pullup ticket #6179 - requested by taca
www/squid4: security fix

Revisions pulled up:
- www/squid4/Makefile                                           1.6-1.7
- www/squid4/distinfo                                           1.4-1.6
- www/squid4/patches/patch-acinclude_os-deps.m4                 1.1-1.2
- www/squid4/patches/patch-configure                            1.3-1.5
- www/squid4/patches/patch-src_ip_Intercept.cc                  1.1

---
   Module Name: pkgsrc
   Committed By:        sborrill
   Date:                Thu Apr  9 09:45:20 UTC 2020

   Modified Files:
        pkgsrc/www/squid4: Makefile distinfo
        pkgsrc/www/squid4/patches: patch-configure
   Added Files:
        pkgsrc/www/squid4/patches: patch-acinclude_os-deps.m4
            patch-src_ip_Intercept.cc

   Log Message:
   Fix IPFilter transparent proxy support by:
   - including correct headers in configure tests
   - using correct autoconf value output by configure

   Bump PKGREVISION

---
   Module Name: pkgsrc
   Committed By:        sborrill
   Date:                Thu Apr  9 16:27:15 UTC 2020

   Modified Files:
        pkgsrc/www/squid4: distinfo
        pkgsrc/www/squid4/patches: patch-acinclude_os-deps.m4 patch-configure

   Log Message:
   Generate correct #defines for the IPFilter IPv6 detection with no trailing
   underscores

---
   Module Name: pkgsrc
   Committed By:        mef
   Date:                Thu Apr 23 13:52:24 UTC 2020

   Modified Files:
        pkgsrc/www/squid4: Makefile distinfo
        pkgsrc/www/squid4/patches: patch-configure

   Log Message:
   (www/squid4) Updated to 4.10 (and clear pkglint one point in patch)

   Changes to squid-4.11 (18 Apr 2020):

           - Bug 5036: capital 'L's in logs when daemon queue overflows
           - Bug 5022: Reconfigure kills Coordinator in SMP+ufs configurations
           - Bug 5016: systemd thinks Squid is ready before Squid listens
           - kerberos_ldap_group: fix encryption type for cross realm check
           - HTTP: Ignore malformed Host header in intercept and reverse proxy mode
           - Fix Digest authentication nonce handling
           - Supply ALE to request_header_add/reply_header_add
           - ... and some documentation updates
           - ... and some compile fixes

diffstat:

 www/squid4/Makefile                           |   5 +-
 www/squid4/distinfo                           |  14 +++--
 www/squid4/patches/patch-acinclude_os-deps.m4 |  37 +++++++++++++
 www/squid4/patches/patch-configure            |  72 +++++++++++++++++++++++---
 www/squid4/patches/patch-src_ip_Intercept.cc  |  24 +++++++++
 5 files changed, 133 insertions(+), 19 deletions(-)

diffs (233 lines):

diff -r 8db4e96af69a -r 2ade4fc00f94 www/squid4/Makefile
--- a/www/squid4/Makefile       Thu Apr 30 07:54:55 2020 +0000
+++ b/www/squid4/Makefile       Thu Apr 30 08:35:50 2020 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.5 2020/03/08 16:51:39 wiz Exp $
+# $NetBSD: Makefile,v 1.5.2.1 2020/04/30 08:35:50 bsiegert Exp $
 
-DISTNAME=      squid-4.10
-PKGREVISION=   1
+DISTNAME=      squid-4.11
 CATEGORIES=    www
 MASTER_SITES=  http://www.squid-cache.org/Versions/v4/
 MASTER_SITES+= ftp://ftp.squid-cache.org/pub/squid/
diff -r 8db4e96af69a -r 2ade4fc00f94 www/squid4/distinfo
--- a/www/squid4/distinfo       Thu Apr 30 07:54:55 2020 +0000
+++ b/www/squid4/distinfo       Thu Apr 30 08:35:50 2020 +0000
@@ -1,14 +1,16 @@
-$NetBSD: distinfo,v 1.3 2020/02/04 03:03:48 taca Exp $
+$NetBSD: distinfo,v 1.3.2.1 2020/04/30 08:35:50 bsiegert Exp $
 
-SHA1 (squid-4.10.tar.xz) = b8b267771550bb8c7f2b2968b305118090e7217a
-RMD160 (squid-4.10.tar.xz) = 33b4f2fb2a428fb37379541eabb1c892fa29ae44
-SHA512 (squid-4.10.tar.xz) = 033891f84789fe23a23fabcfb6f51a5b044c16892600f94380b5f0bcbceaef67b95c7047154d940511146248ca9846a949f00a609c6ed27f9af8829325eb08e0
-Size (squid-4.10.tar.xz) = 2445848 bytes
+SHA1 (squid-4.11.tar.xz) = 053277bf5497163ffc9261b9807abda5959bb6fc
+RMD160 (squid-4.11.tar.xz) = 14392a0e6a5b44c0673bcc37b5753d274762b10e
+SHA512 (squid-4.11.tar.xz) = 02d4bb4d5860124347670615e69b1b92be7ea4fc0131e54091a06cb2e67bd73583d8e6cbe472473f0c59764611a49561d02ab9fe2bf0305ce4652d4ec7714f26
+Size (squid-4.11.tar.xz) = 2447700 bytes
+SHA1 (patch-acinclude_os-deps.m4) = 7af769f4df2c8293bec0be1fb4c222da35aa3fee
 SHA1 (patch-compat_compat.h) = 839381a5e1f46e7d9b822bbb53d82a53c996ddc0
-SHA1 (patch-configure) = e7920ba353716e26d0b7559366c86b22cb03adfd
+SHA1 (patch-configure) = 24ae8657741697f4170c5e41657b07715956de95
 SHA1 (patch-errors_Makefile.in) = 84cbf5c836f02ed5fbfff140888c6d3aadeac326
 SHA1 (patch-src_Makefile.in) = afc5aefd97c46d1ffab43e97aeaeade3a5a8c648
 SHA1 (patch-src_acl_external_kerberos__ldap__group_support__resolv.cc) = 0ea41d55e32d689a16e012391a9eea67631daf3a
 SHA1 (patch-src_comm_ModKqueue.cc) = d8c5d235f07a48731275101d60fcbf2e22f77b96
 SHA1 (patch-src_fs_ufs_RebuildState.h) = 76ee5c437b3dad05e428ae89cd5af6c052a40e59
+SHA1 (patch-src_ip_Intercept.cc) = dd24a402f3634d156ecaeb4eae815b21c7a0adfa
 SHA1 (patch-tools_Makefile.in) = d098c0c9dc4af577f74e562d99f07ed98be5ae01
diff -r 8db4e96af69a -r 2ade4fc00f94 www/squid4/patches/patch-acinclude_os-deps.m4
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/squid4/patches/patch-acinclude_os-deps.m4     Thu Apr 30 08:35:50 2020 +0000
@@ -0,0 +1,37 @@
+$NetBSD: patch-acinclude_os-deps.m4,v 1.2.2.2 2020/04/30 08:35:50 bsiegert Exp $
+
+Fix detection of IPv6 NAT in IPFilter by including correct headers
+Generate correct #defines without trailing underscores
+
+https://github.com/squid-cache/squid/pull/596
+
+--- acinclude/os-deps.m4.orig  2020-01-20 02:51:40.000000000 +0000
++++ acinclude/os-deps.m4       2020-04-09 15:59:34.000000000 +0100
+@@ -925,11 +925,13 @@
+ ## Solaris 10+ backported IPv6 NAT to their IPFilter v4.1 instead of using v5
+   AC_CHECK_MEMBERS([
+     struct natlookup.nl_inipaddr.in6,
+-    struct natlookup.nl_realipaddr.in6
+-  ],,,[
++    struct natlookup.nl_realipaddr.in6],,,[
+ #if USE_SOLARIS_IPFILTER_MINOR_T_HACK
+ #define minor_t fubar
+ #endif
++#if HAVE_SYS_PARAM_H
++#include <sys/param.h>
++#endif
+ #if HAVE_SYS_TYPES_H
+ #include <sys/types.h>
+ #endif
+@@ -955,7 +957,11 @@
+ #elif HAVE_NETINET_IP_FIL_H
+ #include <netinet/ip_fil.h>
+ #endif
++#if HAVE_IP_NAT_H
+ #include <ip_nat.h>
++#elif HAVE_NETINET_IP_NAT_H
++#include <netinet/ip_nat.h>
++#endif
+   ])
+ 
+ ])
diff -r 8db4e96af69a -r 2ade4fc00f94 www/squid4/patches/patch-configure
--- a/www/squid4/patches/patch-configure        Thu Apr 30 07:54:55 2020 +0000
+++ b/www/squid4/patches/patch-configure        Thu Apr 30 08:35:50 2020 +0000
@@ -1,14 +1,16 @@
-$NetBSD: patch-configure,v 1.2 2020/02/04 03:03:49 taca Exp $
+$NetBSD: patch-configure,v 1.2.2.1 2020/04/30 08:35:50 bsiegert Exp $
 
 * More support for OpenSSL 1.1; not only check SSL_Library_init() but
   also check OPENSSL_init_ssl().
 * Fix syntax error by accidental new line.
-* Utilisze <stdlib.h> on BSD.
+* Utilize <stdlib.h> on BSD.
 * Do not override CFLAGS/CXXFLAGS except linux.
+* Fix detection of IPv6 NAT in IPFilter by including correct headers
+  and generating correct #defines without trailing underscores
 
 --- configure.orig     2020-01-20 02:51:59.000000000 +0000
-+++ configure
-@@ -23201,10 +23201,12 @@ do
++++ configure  2020-04-09 16:05:04.000000000 +0100
+@@ -23201,10 +23201,12 @@
  done
  
    # GLIBC 2.30 deprecates sysctl.h. Test with the same flags that (may) break includes later.
@@ -24,7 +26,7 @@
        ${TRUE}
        ;;
      mingw)
-@@ -23244,6 +23246,7 @@ done
+@@ -23244,6 +23246,7 @@
  do :
    as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
  ac_fn_cxx_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "
@@ -32,7 +34,7 @@
  #include <sys/types.h>
  #include <sys/socket.h>
  
-@@ -24080,7 +24083,51 @@ if test "x$ac_cv_lib_ssl_SSL_CTX_new" = 
+@@ -24080,7 +24083,51 @@
    LIBOPENSSL_LIBS="-lssl $LIBOPENSSL_LIBS"
  else
  
@@ -85,7 +87,7 @@
  
  fi
  
-@@ -24183,7 +24230,51 @@ if test "x$ac_cv_lib_ssl_SSL_CTX_new" = 
+@@ -24183,7 +24230,51 @@
    LIBOPENSSL_LIBS="-lssl $LIBOPENSSL_LIBS"
  else
  
@@ -138,7 +140,7 @@
  
  fi
  
-@@ -39234,6 +39325,8 @@ else
+@@ -39234,6 +39325,8 @@
  # ifdef _MSC_VER
  #  include <malloc.h>
  #  define alloca _alloca
@@ -147,12 +149,62 @@
  # else
  #  ifdef HAVE_ALLOCA_H
  #   include <alloca.h>
-@@ -42057,7 +42150,7 @@ _ACEOF
+@@ -42021,6 +42114,9 @@
+ #if USE_SOLARIS_IPFILTER_MINOR_T_HACK
+ #define minor_t fubar
+ #endif
++#if HAVE_SYS_PARAM_H
++#include <sys/param.h>
++#endif
+ #if HAVE_SYS_TYPES_H
+ #include <sys/types.h>
+ #endif
+@@ -42046,7 +42142,11 @@
+ #elif HAVE_NETINET_IP_FIL_H
+ #include <netinet/ip_fil.h>
+ #endif
++#if HAVE_IP_NAT_H
+ #include <ip_nat.h>
++#elif HAVE_NETINET_IP_NAT_H
++#include <netinet/ip_nat.h>
++#endif
+ 
+ "
+ if test "x$ac_cv_member_struct_natlookup_nl_inipaddr_in6" = xyes; then :
+@@ -42057,11 +42157,14 @@
  
  
  fi
 -ac_fn_cxx_check_member "$LINENO" "struct natlookup" "nl_realipaddr.in6"
+-   "ac_cv_member_struct_natlookup_nl_realipaddr_in6___" "
 +ac_fn_cxx_check_member "$LINENO" "struct natlookup" "nl_realipaddr.in6" \
-    "ac_cv_member_struct_natlookup_nl_realipaddr_in6___" "
++   "ac_cv_member_struct_natlookup_nl_realipaddr_in6" "
  #if USE_SOLARIS_IPFILTER_MINOR_T_HACK
  #define minor_t fubar
+ #endif
++#if HAVE_SYS_PARAM_H
++#include <sys/param.h>
++#endif
+ #if HAVE_SYS_TYPES_H
+ #include <sys/types.h>
+ #endif
+@@ -42087,13 +42190,17 @@
+ #elif HAVE_NETINET_IP_FIL_H
+ #include <netinet/ip_fil.h>
+ #endif
++#if HAVE_IP_NAT_H
+ #include <ip_nat.h>
++#elif HAVE_NETINET_IP_NAT_H
++#include <netinet/ip_nat.h>
++#endif
+ 
+ "
+-if test "x$ac_cv_member_struct_natlookup_nl_realipaddr_in6___" = xyes; then :
++if test "x$ac_cv_member_struct_natlookup_nl_realipaddr_in6" = xyes; then :
+ 
+ cat >>confdefs.h <<_ACEOF
+-#define HAVE_STRUCT_NATLOOKUP_NL_REALIPADDR_IN6___ 1
++#define HAVE_STRUCT_NATLOOKUP_NL_REALIPADDR_IN6 1
+ _ACEOF
+ 
+ 
diff -r 8db4e96af69a -r 2ade4fc00f94 www/squid4/patches/patch-src_ip_Intercept.cc
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/squid4/patches/patch-src_ip_Intercept.cc      Thu Apr 30 08:35:50 2020 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-src_ip_Intercept.cc,v 1.1.2.2 2020/04/30 08:35:50 bsiegert Exp $
+
+Fix: use correct #if to look for IPv6 support
+
+--- src/ip/Intercept.cc.orig   2020-01-20 02:51:40.000000000 +0000
++++ src/ip/Intercept.cc        2020-04-09 08:58:13.000000000 +0100
+@@ -204,7 +204,7 @@
+     memset(&natLookup, 0, sizeof(natLookup));
+     // for NAT lookup set local and remote IP:port's
+     if (newConn->remote.isIPv6()) {
+-#if HAVE_NATLOOKUP_NL_INIPADDR_IN6
++#if HAVE_STRUCT_NATLOOKUP_NL_INIPADDR_IN6
+         natLookup.nl_v = 6;
+         newConn->local.getInAddr(natLookup.nl_inipaddr.in6);
+         newConn->remote.getInAddr(natLookup.nl_outipaddr.in6);
+@@ -292,7 +292,7 @@
+         debugs(89, 9, HERE << "address: " << newConn);
+         return false;
+     } else {
+-#if HAVE_NATLOOKUP_NL_REALIPADDR_IN6
++#if HAVE_STRUCT_NATLOOKUP_NL_REALIPADDR_IN6
+         if (newConn->remote.isIPv6())
+             newConn->local = natLookup.nl_realipaddr.in6;
+         else



Home | Main Index | Thread Index | Old Index