Date: 6 Feb 2004 17:19:03 -0000 From: Thomas-Martin Seck <thomas@tmseck.homedns.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/62442: [Maintainer update] www/squid: New patches, misc cleanups Message-ID: <20040206171903.29584.qmail@laurel.tmseck.homedns.org> Resent-Message-ID: <200402061730.i16HUMsC083397@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 62442 >Category: ports >Synopsis: [Maintainer update] www/squid: New patches, misc cleanups >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Fri Feb 06 09:30:21 PST 2004 >Closed-Date: >Last-Modified: >Originator: Thomas-Martin Seck >Release: FreeBSD 4.9-STABLE i386 >Organization: private site >Environment: FreeBSD ports repository as of Feb 06, 2004. >Description: - integrate a new patch from squid-cache.org, see http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE4-ftp_telnet for details - integrate a patch by Glen Gibb to enable ARP based ACLs and make this an OPTION; see also http://www.squid-cache.org/bugs/show_bug.cgi?id=909 for his original bug report - make --enable-underscores an OPTION - set a tighter ACL on libexec/pinger - use $SQUID_USER and $SQUID_GROUP in pkg-install - wordsmith comments - bump PORTREVISION >How-To-Repeat: >Fix: Here's the patch: Index: projekte/FreeBSD/ports/www/squid/Makefile diff -u projekte/FreeBSD/ports/www/squid/Makefile:1.8 projekte/FreeBSD/ports/www/squid/Makefile:1.5.2.12 --- projekte/FreeBSD/ports/www/squid/Makefile:1.8 Fri Feb 6 17:08:45 2004 +++ projekte/FreeBSD/ports/www/squid/Makefile Fri Feb 6 18:05:30 2004 @@ -23,7 +23,7 @@ PORTNAME= squid PORTVERSION= 2.5.4 -PORTREVISION= 8 +PORTREVISION= 9 CATEGORIES= www MASTER_SITES= \ ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ @@ -71,7 +71,8 @@ squid-2.5.STABLE4-ldap_tls.patch \ squid-2.5.STABLE4-ldap_group_bufsize.patch \ squid-2.5.STABLE4-http_workarounds.patch \ - squid-2.5.STABLE4-empty_proxy_auth.patch + squid-2.5.STABLE4-empty_proxy_auth.patch \ + squid-2.5.STABLE4-ftp_telnet.patch PATCH_DIST_STRIP= -p1 MAINTAINER= tmseck@netcologne.de @@ -103,9 +104,11 @@ SQUID_VIA_DB "Enable forward/via database" off \ SQUID_CACHE_DIGESTS "Enable cache digests" off \ SQUID_WCCP "Enable Web Cache Coordination Protocol" on \ + SQUID_UNDERSCORES "Allow underscores in hostnames" on \ SQUID_STRICT_HTTP "Be strictly HTTP compliant" off \ SQUID_IDENT "Enable ident (RFC 931) lookups" on \ - SQUID_USERAGENT_LOG "Enable User-Agent-header logging" off + SQUID_USERAGENT_LOG "Enable User-Agent-header logging" off \ + SQUID_ARP_ACL "Enable ACLs based on ethernet address" off PLIST_FILES= etc/rc.d/squid.sh etc/squid/mib.txt etc/squid/mime.conf.default \ etc/squid/msntauth.conf.default etc/squid/squid.conf.default \ @@ -117,7 +120,6 @@ --localstatedir=${PREFIX}/squid \ --enable-storeio="ufs diskd null" \ --enable-removal-policies="lru heap" \ - --enable-underscores .include <bsd.port.pre.mk> @@ -140,7 +142,7 @@ --enable-external-acl-helpers="${external_acl}" \ --enable-ntlm-auth-helpers="SMB winbind" -# Options set via 'make config': +# Other options set via 'make config': .if defined(WITH_SQUID_DELAY_POOLS) CONFIGURE_ARGS+= --enable-delay-pools @@ -172,6 +174,9 @@ .if defined(WITHOUT_SQUID_WCCP) CONFIGURE_ARGS+= --disable-wccp .endif +.if defined(WITH_SQUID_UNDERSCORES) +CONFIGURE_ARGS+= --enable-underscores +.endif .if defined(WITH_SQUID_STRICT_HTTP) CONFIGURE_ARGS+= --disable-http-violations .endif @@ -181,11 +186,14 @@ .if defined(WITH_SQUID_USERAGENT_LOG) CONFIGURE_ARGS+= --enable-useragent-log .endif +.if defined(WITH_SQUID_ARP_ACL) +CONFIGURE_ARGS+= --enable-arp-acl +.endif # Languages: # # If you do not define SQUID_LANGUAGES yourself, all available language files -# will be installed; the default language will be english. +# will be installed; the default language will be English. SQUID_LANGUAGES?= \ Bulgarian Catalan Czech Danish Dutch English Estonian Finnish \ @@ -223,11 +231,8 @@ # --enable-stacktraces # Enable automatic call backtrace on fatal errors # -# These options do not yet work on FreeBSD: +# This option does not yet work on FreeBSD: # -# --enable-arp-acl -# Enable ACL based on ethernet address (eg: for machines with dynamic DHCP -# assigned IP addresses) # --enable-ipf-transparent # Enable Transparent Proxy support for IP-Filter systems (incl 3.0) # (IPFilter headers are not currently installed to the base system, @@ -254,12 +259,12 @@ >${WRKDIR}/squid.sh pre-su-install: - @${SETENV} SQUID_UID=${SQUID_UID} SQUID_GID=${SQUID_GID} \ + @${SETENV} SQUID_USER=${SQUID_UID} SQUID_GROUP=${SQUID_GID} \ PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL post-install: .if defined(WITH_SQUID_PINGER) - ${CHMOD} 4710 ${PREFIX}/libexec/squid/pinger; \ + ${CHMOD} 4510 ${PREFIX}/libexec/squid/pinger; \ ${CHGRP} ${SQUID_GID} ${PREFIX}/libexec/squid/pinger .endif ${INSTALL_SCRIPT} ${WRKDIR}/squid.sh ${PREFIX}/etc/rc.d Index: projekte/FreeBSD/ports/www/squid/distinfo diff -u projekte/FreeBSD/ports/www/squid/distinfo:1.6 projekte/FreeBSD/ports/www/squid/distinfo:1.4.2.5 --- projekte/FreeBSD/ports/www/squid/distinfo:1.6 Fri Feb 6 17:08:45 2004 +++ projekte/FreeBSD/ports/www/squid/distinfo Fri Feb 6 17:51:05 2004 @@ -72,3 +72,5 @@ SIZE (squid2.5/squid-2.5.STABLE4-http_workarounds.patch) = 12322 MD5 (squid2.5/squid-2.5.STABLE4-empty_proxy_auth.patch) = ff55a2c7a718868ad245fd6de07018c9 SIZE (squid2.5/squid-2.5.STABLE4-empty_proxy_auth.patch) = 2719 +MD5 (squid2.5/squid-2.5.STABLE4-ftp_telnet.patch) = 570ed0193201946fc10b42c0d96f7f48 +SIZE (squid2.5/squid-2.5.STABLE4-ftp_telnet.patch) = 3844 Index: projekte/FreeBSD/ports/www/squid/pkg-install diff -u projekte/FreeBSD/ports/www/squid/pkg-install:1.3 projekte/FreeBSD/ports/www/squid/pkg-install:1.2.2.2 --- projekte/FreeBSD/ports/www/squid/pkg-install:1.3 Sat Jan 17 15:37:40 2004 +++ projekte/FreeBSD/ports/www/squid/pkg-install Fri Feb 6 18:04:31 2004 @@ -7,8 +7,8 @@ pkgname=$1 squid_base=${PKG_PREFIX:-/usr/local}/squid squid_confdir=${PKG_PREFIX:-/usr/local}/etc/squid -squid_user=${SQUID_UID:=squid} -squid_group=${SQUID_GID:=squid} +squid_user=${SQUID_USER:=squid} +squid_group=${SQUID_GROUP:=squid} squid_gid=3128 squid_uid=3128 Index: projekte/FreeBSD/ports/www/squid/files/patch-src_acl.c diff -u /dev/null projekte/FreeBSD/ports/www/squid/files/patch-src_acl.c:1.1.2.1 --- /dev/null Fri Feb 6 18:09:33 2004 +++ projekte/FreeBSD/ports/www/squid/files/patch-src_acl.c Fri Feb 6 17:51:17 2004 @@ -0,0 +1,117 @@ +--- src/acl.c 2004/02/04 05:45:07 1.1 ++++ src/acl.c 2004/02/04 05:45:16 +@@ -2626,6 +2626,9 @@ + #endif + #include <net/route.h> + #include <net/if.h> ++#ifdef _SQUID_FREEBSD__ ++#include <net/if_arp.h> ++#endif + #if HAVE_NETINET_IF_ETHER_H + #include <netinet/if_ether.h> + #endif +@@ -2846,6 +2849,82 @@ + inet_ntoa(c), splayLastResult ? "NOT found" : "found"); + return (0 == splayLastResult); + } ++#elif defined(_SQUID_FREEBSD_) ++ struct arpreq arpReq; ++ struct sockaddr_in ipAddr; ++ unsigned char ifbuffer[sizeof(struct ifreq) * 64]; ++ struct ifconf ifc; ++ struct ifreq *ifr; ++ int offset; ++ splayNode **Top = dataptr; ++ ++ int mib[6]; ++ size_t needed; ++ char *lim, *buf, *next; ++ struct rt_msghdr *rtm; ++ struct sockaddr_inarp *sin; ++ struct sockaddr_dl *sdl; ++ ++ /* ++ * Set up structures for ARP lookup with blank interface name ++ */ ++ ipAddr.sin_family = AF_INET; ++ ipAddr.sin_port = 0; ++ ipAddr.sin_addr = c; ++ memset(&arpReq, '\0', sizeof(arpReq)); ++ xmemcpy(&arpReq.arp_pa, &ipAddr, sizeof(struct sockaddr_in)); ++ ++ /* Query ARP table */ ++ mib[0] = CTL_NET; ++ mib[1] = PF_ROUTE; ++ mib[2] = 0; ++ mib[3] = AF_INET; ++ mib[4] = NET_RT_FLAGS; ++ mib[5] = RTF_LLINFO; ++ if (sysctl(mib, 6, NULL, &needed, NULL, 0) < 0) { ++ debug(28, 0) ("Can't estimate ARP table size!\n"); ++ return 0; ++ } ++ if ((buf = xmalloc(needed)) == NULL) { ++ debug(28, 0) ("Can't allocate temporary ARP table!\n"); ++ return 0; ++ } ++ if (sysctl(mib, 6, buf, &needed, NULL, 0) < 0) { ++ debug(28, 0) ("Can't retrieve ARP table!\n"); ++ xfree(buf); ++ return 0; ++ } ++ lim = buf + needed; ++ for (next = buf; next < lim; next += rtm->rtm_msglen) { ++ rtm = (struct rt_msghdr *) next; ++ sin = (struct sockaddr_inarp *) (rtm + 1); ++ /*sdl = (struct sockaddr_dl *) (sin + 1);*/ ++#define ROUNDUP(a) \ ++ ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long)) ++ (char *)sdl = (char *)sin + ROUNDUP(sin->sin_len); ++ if (c.s_addr == sin->sin_addr.s_addr) { ++ if (sdl->sdl_alen) ++ { ++ arpReq.arp_ha.sa_len = sizeof(struct sockaddr); ++ arpReq.arp_ha.sa_family = AF_UNSPEC; ++ memcpy(arpReq.arp_ha.sa_data, LLADDR(sdl), sdl->sdl_alen); ++ } ++ } ++ } ++ xfree(buf); ++ if (arpReq.arp_ha.sa_data[0] == 0 && arpReq.arp_ha.sa_data[1] == 0 && ++ arpReq.arp_ha.sa_data[2] == 0 && arpReq.arp_ha.sa_data[3] == 0 && ++ arpReq.arp_ha.sa_data[4] == 0 && arpReq.arp_ha.sa_data[5] == 0) ++ return 0; ++ debug(28, 4) ("Got address %02x:%02x:%02x:%02x:%02x:%02x\n", ++ arpReq.arp_ha.sa_data[0] & 0xff, arpReq.arp_ha.sa_data[1] & 0xff, ++ arpReq.arp_ha.sa_data[2] & 0xff, arpReq.arp_ha.sa_data[3] & 0xff, ++ arpReq.arp_ha.sa_data[4] & 0xff, arpReq.arp_ha.sa_data[5] & 0xff); ++ /* Do lookup */ ++ *Top = splay_splay(&arpReq.arp_ha.sa_data, *Top, aclArpCompare); ++ debug(28, 3) ("aclMatchArp: '%s' %s\n", ++ inet_ntoa(c), splayLastResult ? "NOT found" : "found"); ++ return (0 == splayLastResult); + #else + WRITE ME; + #endif +@@ -2869,6 +2948,21 @@ + if (d1[2] != d2[2]) + return (d1[2] > d2[2]) ? 1 : -1; + #elif defined(_SQUID_SOLARIS_) ++ const unsigned char *d1 = a; ++ const unsigned char *d2 = b; ++ if (d1[0] != d2[0]) ++ return (d1[0] > d2[0]) ? 1 : -1; ++ if (d1[1] != d2[1]) ++ return (d1[1] > d2[1]) ? 1 : -1; ++ if (d1[2] != d2[2]) ++ return (d1[2] > d2[2]) ? 1 : -1; ++ if (d1[3] != d2[3]) ++ return (d1[3] > d2[3]) ? 1 : -1; ++ if (d1[4] != d2[4]) ++ return (d1[4] > d2[4]) ? 1 : -1; ++ if (d1[5] != d2[5]) ++ return (d1[5] > d2[5]) ? 1 : -1; ++#elif defined(_SQUID_FREEBSD_) + const unsigned char *d1 = a; + const unsigned char *d2 = b; + if (d1[0] != d2[0]) >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040206171903.29584.qmail>