From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Jun 10 15:30:31 2004 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C3D7816A4CE for ; Thu, 10 Jun 2004 15:30:31 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B787D43D46 for ; Thu, 10 Jun 2004 15:30:31 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) i5AFUMlP069547 for ; Thu, 10 Jun 2004 15:30:22 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i5AFUMDc069546; Thu, 10 Jun 2004 15:30:22 GMT (envelope-from gnats) Resent-Date: Thu, 10 Jun 2004 15:30:22 GMT Resent-Message-Id: <200406101530.i5AFUMDc069546@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Thomas-Martin Seck Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 415C916A4CE for ; Thu, 10 Jun 2004 15:29:05 +0000 (GMT) Received: from smtp1.netcologne.de (smtp1.netcologne.de [194.8.194.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id F2AAA43D39 for ; Thu, 10 Jun 2004 15:29:04 +0000 (GMT) (envelope-from thomas@laurel.tmseck.homedns.org) Received: from laurel.tmseck.homedns.org (xdsl-213-196-243-4.netcologne.de [213.196.243.4]) by smtp1.netcologne.de (Postfix) with SMTP id 5D8B038EC6 for ; Thu, 10 Jun 2004 17:28:27 +0200 (MEST) Received: (qmail 15192 invoked by uid 1001); 10 Jun 2004 15:27:45 -0000 Message-Id: <20040610152745.15191.qmail@laurel.tmseck.homedns.org> Date: 10 Jun 2004 15:27:45 -0000 From: Thomas-Martin Seck To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: ports/67797: [Maintainer] www/squid: support pf(4) on 5.x-RELEASE, misc cleanups X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Thomas-Martin Seck List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jun 2004 15:30:31 -0000 >Number: 67797 >Category: ports >Synopsis: [Maintainer] www/squid: support pf(4) on 5.x-RELEASE, misc cleanups >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Thu Jun 10 15:30:22 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Thomas-Martin Seck >Release: FreeBSD 4.10-STABLE i386 >Organization: a private site in Germany >Environment: FreeBSD ports repository as of June 10th, 2004. >Description: - support systems where pf(4) must be installed from ports (see ports/67724, submitted by Michal F. Hanula) - change ": foo=${foo:=bar}" into "foo=${foo:-bar}" to make the shell scripts easier to read and understand - correct credits for the recently published NTLM auth vulnerability and fix a nearby braino, too - bump PORTREVISION (because of squid.sh changes; I leave the final decision to the committer) added file: files/pf_from_ports.patch.in This PR corrects the issue reported in ports/67724 which can be closed. >How-To-Repeat: >Fix: Apply this patch and "cvs add" files/pf_from_ports.patch.in Index: files/pf_from_ports.patch.in =================================================================== --- files/pf_from_ports.patch.in (revision 0) +++ files/pf_from_ports.patch.in (revision 91) @@ -0,0 +1,20 @@ +--- configure.orig Thu Jun 10 12:22:06 2004 ++++ configure Thu Jun 10 13:31:53 2004 +@@ -3781,7 +3781,7 @@ + memory.h \ + mount.h \ + net/if.h \ +- net/pfvar.h \ ++ %%PF_INCLUDEDIR%%/net/pfvar.h \ + netdb.h \ + netinet/if_ether.h \ + netinet/in.h \ +@@ -7604,7 +7604,7 @@ + echo $ac_n "checking if PF header file is installed""... $ac_c" 1>&6 + echo "configure:7606: checking if PF header file is installed" >&5 + # hold on to your hats... +- if test "$ac_cv_header_net_pfvar_h" = "yes"; then ++ if test "$ac_cv_header_%%PF_AC_INCLUDEPATH%%_net_pfvar_h" = "yes"; then + PF_TRANSPARENT="yes" + cat >> confdefs.h <<\EOF + #define PF_TRANSPARENT 1 Index: files/patch-helpers-ntlm_auth-SMB-libntlmssp.c =================================================================== --- files/patch-helpers-ntlm_auth-SMB-libntlmssp.c (.../www/squid) (revision 91) +++ files/patch-helpers-ntlm_auth-SMB-libntlmssp.c (.../local/squid) (revision 91) @@ -1,11 +1,11 @@ This patch fixes a buffer overflow vulnerability in the NTLM auth -helper which was reported by Stefan Esser on the 07th June 2004. +helper which was reported by iDefense on the 07th June 2004. Original advisory: CVE-ID: CAN-2004-0541 Patch obtained from: -The patch was slightly modified by the me (tmseck@netcologne.de) to make +The patch was slightly modified by me (tmseck@netcologne.de) to make it apply cleanly to the FreeBSD port. Index: libntlmssp.c Index: files/squid.sh =================================================================== --- files/squid.sh (.../www/squid) (revision 91) +++ files/squid.sh (.../local/squid) (revision 91) @@ -20,9 +20,9 @@ extra_commands=reload reload_cmd="${command} -k reconfigure" stop_cmd="${command} -k shutdown" -: ${squid_chdir:=%%PREFIX%%/squid/logs} -: ${squid_user:=%%SQUID_UID%%} -: ${squid_flags:="-D"} +squid_chdir=${squid_chdir:-%%PREFIX%%/squid/logs} +squid_user=${squid_user:-%%SQUID_UID%%} +squid_flags=${squid_flags:-"-D"} default_config=%%PREFIX%%/etc/squid/squid.conf if [ -f /etc/rc.subr ]; then Index: pkg-install =================================================================== --- pkg-install (.../www/squid) (revision 91) +++ pkg-install (.../local/squid) (revision 91) @@ -12,8 +12,8 @@ else nologin=/sbin/nologin fi -: ${squid_user:=squid} -: ${squid_group:=squid} +squid_user=${squid_user:-squid} +squid_group=${squid_group:-squid} squid_gid=100 squid_uid=100 # Try to catch the case where the $squid_user might have been created with an Index: Makefile =================================================================== --- Makefile (.../www/squid) (revision 91) +++ Makefile (.../local/squid) (revision 91) @@ -29,7 +29,7 @@ PORTNAME= squid PORTVERSION= 2.5.5 -PORTREVISION= 9 +PORTREVISION= 10 CATEGORIES= www MASTER_SITES= \ ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ @@ -214,13 +214,12 @@ CONFIGURE_ARGS+= --enable-arp-acl .endif .if defined(WITH_SQUID_PF) -.if ${OSVERSION} >= 502106 -# This will work only systems where PF is part of the base system for now. -# If someone is eager to teach squid's configure script how to pick up the pf -# port on 5.[0-2] systems instead, go on, I will integrate your patch. CONFIGURE_ARGS+= --enable-pf-transparent -.else -IGNORE= WITH_SQUID_PF only works on systems where pf is part of the base system. +.if ${OSVERSION} < 502106 +pf_includedir= ${LOCALBASE}/include/pf +BUILD_DEPENDS+= ${pf_includedir}/net/pfvar.h:${PORTSDIR}/security/pf +CFLAGS+= "-I${pf_includedir}" +EXTRA_PATCHES+= ${WRKDIR}/pf_from_ports.patch .endif .endif .if defined(WITH_SQUID_FOLLOW_XFF) @@ -283,6 +282,15 @@ CONFIGURE_ENV+= CFLAGS="${CFLAGS}" \ LDFLAGS="${LDFLAGS}" +pre-patch: +# Check whether we need to create the extra patch that makes pf(4) +# visible for squid's configure script: +.if defined(pf_includedir) + @${SED} -e 's|%%PF_INCLUDEDIR%%|${pf_includedir}|g' \ + -e 's|%%PF_AC_INCLUDEPATH%%|${pf_includedir:S,/,_,g}|g' \ + ${FILESDIR}/pf_from_ports.patch.in >${WRKDIR}/pf_from_ports.patch +.endif + post-patch: @${REINPLACE_CMD} -e 's|-lpthread|${PTHREAD_LIBS}|g' ${WRKSRC}/configure @${REINPLACE_CMD} -e 's|/etc|${PREFIX}/etc|g' ${WRKSRC}/doc/squid.8 >Release-Note: >Audit-Trail: >Unformatted: