Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 23 Dec 2016 03:46:34 +0000 (UTC)
From:      Jason Unovitch <junovitch@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org
Subject:   svn commit: r429218 - in branches/2016Q4/www/squid: . files
Message-ID:  <201612230346.uBN3kYUu008734@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: junovitch
Date: Fri Dec 23 03:46:34 2016
New Revision: 429218
URL: https://svnweb.freebsd.org/changeset/ports/429218

Log:
  MFH: r427008 r427389 (www/squid only) r429217
  
  www/squid: update 3.5.22 -> 3.5.23
  
  - Switch to options helpers
  - Mark as not openssl-devel ready
  - Spell CHOSEN_COMPILER_TYPE correctly
  - Remove upstreamed patch (IPv6 + PF crash)
  - Add --enable-zph-qos option to default set
    http://wiki.squid-cache.org/Features/QualityOfService
  
  PR:		215416
  Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)
  Security:	CVE-2016-10002
  Security:	CVE-2016-10003
  Security:	https://vuxml.FreeBSD.org/freebsd/41f8af15-c8b9-11e6-ae1b-002590263bf5.html
  Approved by:	ports-secteam (with hat)

Modified:
  branches/2016Q4/www/squid/Makefile
  branches/2016Q4/www/squid/distinfo
  branches/2016Q4/www/squid/files/patch-src__ip__Intercept.cc
Directory Properties:
  branches/2016Q4/   (props changed)

Modified: branches/2016Q4/www/squid/Makefile
==============================================================================
--- branches/2016Q4/www/squid/Makefile	Fri Dec 23 03:41:51 2016	(r429217)
+++ branches/2016Q4/www/squid/Makefile	Fri Dec 23 03:46:34 2016	(r429218)
@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	squid
-PORTVERSION=	3.5.20
+PORTVERSION=	3.5.23
 CATEGORIES=	www ipv6
 MASTER_SITES=	http://www.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \
 		http://www2.us.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \
@@ -222,6 +222,7 @@ CONFIGURE_ARGS=	--with-default-user=squi
 		--with-swapdir=/var/squid/cache \
 		--without-gnutls \
 		--enable-auth \
+		--enable-zph-qos \
 		--enable-build-info \
 		--enable-loadable-modules \
 		--enable-removal-policies="lru heap" \
@@ -294,7 +295,7 @@ post-patch:
 		${change_files})
 	@(cd ${WRKSRC} && ${MV} src/mime.conf.default src/mime.conf.sample)
 
-.if !${PORT_OPTIONS:MIPV6}
+post-patch-IPV6-off:
 	@${REINPLACE_CMD} -e's/ ::1//' -e's/ fc00::\/7//' \
 		-e's/ fe80::\/10//' -e's/ 2001:DB8::2//' \
 		-e's/ 2001:DB8::a:0\/64//' \
@@ -302,7 +303,6 @@ post-patch:
 		-e'/tcp_outgoing_address 2001:db8::beef normal_service_net/d' \
 		-e'/tcp_outgoing_address 2001:db8::1/d' \
 		${WRKSRC}/src/cf.data.pre
-.endif
 
 post-install:
 	@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
@@ -313,11 +313,14 @@ post-install:
 
 .include <bsd.port.pre.mk>
 
-.if ${COMPILER_TYPE} == clang
+.if ${PORT_OPTIONS:MSSL} && ${SSL_DEFAULT:Mopenssl-devel}
+BROKEN=		Does not build with openssl-devel
+.endif
+
+.if ${CHOSEN_COMPILER_TYPE} == clang
 #CXXFLAGS+=	-Wno-unused-private-field
-.if ${COMPILER_VERSION} >= 35
+CXXFLAGS+=	-Wno-unknown-warning-option
 CXXFLAGS+=	-Wno-undefined-bool-conversion -Wno-tautological-undefined-compare -Wno-dynamic-class-memaccess
 .endif
-.endif
 
 .include <bsd.port.post.mk>

Modified: branches/2016Q4/www/squid/distinfo
==============================================================================
--- branches/2016Q4/www/squid/distinfo	Fri Dec 23 03:41:51 2016	(r429217)
+++ branches/2016Q4/www/squid/distinfo	Fri Dec 23 03:46:34 2016	(r429218)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1467937151
-SHA256 (squid3.5/squid-3.5.20.tar.xz) = 37db73bd33ddd3503fe375bc3f2b47d9fb7309042e439ad3651f21d5dcf2d395
-SIZE (squid3.5/squid-3.5.20.tar.xz) = 2319780
+TIMESTAMP = 1479930399
+SHA256 (squid3.5/squid-3.5.23.tar.xz) = fa4c0c99f41e92fe1330bed3968d176c6f47ef2e3aea2f83977d5501afa40bdb
+SIZE (squid3.5/squid-3.5.23.tar.xz) = 2325884

Modified: branches/2016Q4/www/squid/files/patch-src__ip__Intercept.cc
==============================================================================
--- branches/2016Q4/www/squid/files/patch-src__ip__Intercept.cc	Fri Dec 23 03:41:51 2016	(r429217)
+++ branches/2016Q4/www/squid/files/patch-src__ip__Intercept.cc	Fri Dec 23 03:46:34 2016	(r429218)
@@ -13,41 +13,3 @@
          return false;
  #else
          natLookup.nl_v = 6;
-@@ -323,13 +323,21 @@
-     }
- 
-     memset(&nl, 0, sizeof(struct pfioc_natlook));
--    newConn->remote.getInAddr(nl.saddr.v4);
-+    if (newConn->remote.isIPv4()) {
-+        newConn->remote.getInAddr(nl.saddr.v4);
-+    } else {
-+        newConn->remote.getInAddr(nl.saddr.v6);
-+    }
-     nl.sport = htons(newConn->remote.port());
- 
--    newConn->local.getInAddr(nl.daddr.v4);
-+    if (newConn->local.isIPv4()) {
-+        newConn->local.getInAddr(nl.daddr.v4);
-+    } else {
-+        newConn->local.getInAddr(nl.daddr.v6);
-+    }
-     nl.dport = htons(newConn->local.port());
- 
--    nl.af = AF_INET;
-+    nl.af = newConn->remote.isIPv4() ? AF_INET : AF_INET6;
-     nl.proto = IPPROTO_TCP;
-     nl.direction = PF_OUT;
- 
-@@ -345,7 +353,11 @@
-         debugs(89, 9, HERE << "address: " << newConn);
-         return false;
-     } else {
--        newConn->local = nl.rdaddr.v4;
-+        if (nl.af == AF_INET) {
-+            newConn->local = nl.rdaddr.v4;
-+        } else {
-+            newConn->local = nl.rdaddr.v6;
-+        }
-         newConn->local.port(ntohs(nl.rdport));
-         debugs(89, 5, HERE << "address NAT: " << newConn);
-         return true;



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201612230346.uBN3kYUu008734>