Date: Fri, 23 Dec 2016 04:41:08 +0000 (UTC) From: Jason Unovitch <junovitch@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r429222 - in branches/2016Q4/www/squid-devel: . files Message-ID: <201612230441.uBN4f8Hm032228@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: junovitch Date: Fri Dec 23 04:41:07 2016 New Revision: 429222 URL: https://svnweb.freebsd.org/changeset/ports/429222 Log: MFH: r425986 r429220 www/squid-devel: update 4.0.14 -> 4.0.17 - Spell CHOSEN_COMPILER_TYPE correctly - Remove upstreamed patch (IPv6 + PF crash) - Add --enable-zph-qos option to default set http://wiki.squid-cache.org/Features/QualityOfService - Mark broken if ssl set to openssl-devel, it doesn't build - Switch IPV6 option to options helpers PR: 215418 Submitted by: Pavel Timofeev <timp87@gmail.com> (maintainer) Security: CVE-2016-10002 Security: CVE-2016-10003 Security: https://vuxml.FreeBSD.org/freebsd/41f8af15-c8b9-11e6-ae1b-002590263bf5.html Approved by: ports-secteam (with hat) Modified: branches/2016Q4/www/squid-devel/Makefile branches/2016Q4/www/squid-devel/distinfo branches/2016Q4/www/squid-devel/files/patch-compat_compat.h branches/2016Q4/www/squid-devel/files/patch-compat_shm.cc branches/2016Q4/www/squid-devel/files/patch-configure branches/2016Q4/www/squid-devel/files/patch-src-cf.data.pre branches/2016Q4/www/squid-devel/files/patch-src_DiskIO_Mmapped_MmappedFile.cc branches/2016Q4/www/squid-devel/files/patch-src__ip__Intercept.cc branches/2016Q4/www/squid-devel/files/patch-src_ipc_mem_Segment.cc branches/2016Q4/www/squid-devel/files/patch-src_tools.cc Directory Properties: branches/2016Q4/ (props changed) Modified: branches/2016Q4/www/squid-devel/Makefile ============================================================================== --- branches/2016Q4/www/squid-devel/Makefile Fri Dec 23 04:39:47 2016 (r429221) +++ branches/2016Q4/www/squid-devel/Makefile Fri Dec 23 04:41:07 2016 (r429222) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= squid -PORTVERSION= 4.0.14 +PORTVERSION= 4.0.17 CATEGORIES= www ipv6 MASTER_SITES= http://www.squid-cache.org/Versions/v4/ \ http://www2.us.squid-cache.org/Versions/v4/ \ @@ -216,6 +216,7 @@ CONFIGURE_ARGS= --with-default-user=squi --with-swapdir=/var/squid/cache \ --without-gnutls \ --enable-auth \ + --enable-zph-qos \ --enable-build-info \ --enable-loadable-modules \ --enable-removal-policies="lru heap" \ @@ -288,7 +289,7 @@ post-patch: ${change_files}) @(cd ${WRKSRC} && ${MV} src/mime.conf.default src/mime.conf.sample) -.if !${PORT_OPTIONS:MIPV6} +post-patch-IPV6-off: @${REINPLACE_CMD} -e's/ ::1//' -e's/ fc00::\/7//' \ -e's/ fe80::\/10//' -e's/ 2001:DB8::2//' \ -e's/ 2001:DB8::a:0\/64//' \ @@ -296,7 +297,6 @@ post-patch: -e'/tcp_outgoing_address 2001:db8::beef normal_service_net/d' \ -e'/tcp_outgoing_address 2001:db8::1/d' \ ${WRKSRC}/src/cf.data.pre -.endif post-install: @${MKDIR} ${STAGEDIR}${EXAMPLESDIR} @@ -307,11 +307,14 @@ post-install: .include <bsd.port.pre.mk> -.if ${COMPILER_TYPE} == clang +.if ${PORT_OPTIONS:MSSL} && ${SSL_DEFAULT:Mopenssl-devel} +BROKEN= Does not build with openssl-devel +.endif + +.if ${CHOSEN_COMPILER_TYPE} == clang #CXXFLAGS+= -Wno-unused-private-field -.if ${COMPILER_VERSION} >= 35 +CXXFLAGS+= -Wno-unknown-warning-option CXXFLAGS+= -Wno-undefined-bool-conversion -Wno-tautological-undefined-compare -Wno-dynamic-class-memaccess .endif -.endif .include <bsd.port.post.mk> Modified: branches/2016Q4/www/squid-devel/distinfo ============================================================================== --- branches/2016Q4/www/squid-devel/distinfo Fri Dec 23 04:39:47 2016 (r429221) +++ branches/2016Q4/www/squid-devel/distinfo Fri Dec 23 04:41:07 2016 (r429222) @@ -1,3 +1,3 @@ TIMESTAMP = 1467941699 -SHA256 (squid4.0/squid-4.0.14.tar.xz) = c0e9e2d1bc2e18b2317aff165d3d697eac253977a6c37b9659de3ed81d004d1a -SIZE (squid4.0/squid-4.0.14.tar.xz) = 2404528 +SHA256 (squid4.0/squid-4.0.17.tar.xz) = 8b1f3487495d1b02892bd63d6bdd97862be62a9cebc27245426de4543876239c +SIZE (squid4.0/squid-4.0.17.tar.xz) = 2410244 Modified: branches/2016Q4/www/squid-devel/files/patch-compat_compat.h ============================================================================== --- branches/2016Q4/www/squid-devel/files/patch-compat_compat.h Fri Dec 23 04:39:47 2016 (r429221) +++ branches/2016Q4/www/squid-devel/files/patch-compat_compat.h Fri Dec 23 04:41:07 2016 (r429222) @@ -1,8 +1,8 @@ ---- compat/compat.h.orig 2015-11-01 10:44:25 UTC +--- compat/compat.h.orig 2016-12-16 10:06:20 UTC +++ compat/compat.h -@@ -42,17 +42,6 @@ - #endif - #endif +@@ -29,17 +29,6 @@ + /******************************************************/ + #include "compat/osdetect.h" -/* Solaris 10 has a broken definition for minor_t in IPFilter compat. - * We must pre-define before doing anything with OS headers so the OS Modified: branches/2016Q4/www/squid-devel/files/patch-compat_shm.cc ============================================================================== --- branches/2016Q4/www/squid-devel/files/patch-compat_shm.cc Fri Dec 23 04:39:47 2016 (r429221) +++ branches/2016Q4/www/squid-devel/files/patch-compat_shm.cc Fri Dec 23 04:41:07 2016 (r429222) @@ -1,4 +1,4 @@ ---- compat/shm.cc.orig 2015-11-01 10:44:25 UTC +--- compat/shm.cc.orig 2016-12-16 10:06:20 UTC +++ compat/shm.cc @@ -29,6 +29,8 @@ shm_portable_segment_name_is_path() size_t len = sizeof(jailed); Modified: branches/2016Q4/www/squid-devel/files/patch-configure ============================================================================== --- branches/2016Q4/www/squid-devel/files/patch-configure Fri Dec 23 04:39:47 2016 (r429221) +++ branches/2016Q4/www/squid-devel/files/patch-configure Fri Dec 23 04:41:07 2016 (r429222) @@ -1,6 +1,6 @@ ---- configure.orig 2015-11-01 10:46:19 UTC +--- configure.orig 2016-12-16 10:19:31 UTC +++ configure -@@ -32038,7 +32040,7 @@ done +@@ -33043,7 +33043,7 @@ done ## BUILD_HELPER="NIS" @@ -9,7 +9,7 @@ do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_cxx_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" " -@@ -32053,8 +32055,10 @@ if eval test \"x\$"$as_ac_Header"\" = x" +@@ -33058,8 +33058,10 @@ if eval test \"x\$"$as_ac_Header"\" = x" #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF @@ -22,7 +22,7 @@ fi done -@@ -32519,7 +32523,7 @@ done +@@ -33532,7 +33534,7 @@ done # unconditionally requires crypt(3), for now if test "x$ac_cv_func_crypt" != "x"; then @@ -31,7 +31,7 @@ do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_cxx_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -@@ -34574,7 +34578,7 @@ for ac_header in \ +@@ -35882,7 +35884,7 @@ for ac_header in \ arpa/nameser.h \ assert.h \ bstring.h \ @@ -40,7 +40,7 @@ ctype.h \ direct.h \ errno.h \ -@@ -34785,6 +34789,7 @@ ac_fn_cxx_check_header_compile "$LINENO" +@@ -36092,6 +36094,7 @@ ac_fn_cxx_check_header_compile "$LINENO" #include <netinet/ip.h> #endif #if HAVE_NETINET_IP_COMPAT_H @@ -48,7 +48,7 @@ #include <netinet/ip_compat.h> #endif #if HAVE_NETINET_IP_FIL_H -@@ -38773,6 +38778,7 @@ if test "x$enable_ipf_transparent" != "x +@@ -40315,6 +40318,7 @@ if test "x$enable_ipf_transparent" != "x # include <sys/ioccom.h> # include <netinet/in.h> @@ -56,7 +56,7 @@ # include <netinet/ip_compat.h> # include <netinet/ip_fil.h> # include <netinet/ip_nat.h> -@@ -38803,6 +38809,7 @@ else +@@ -40345,6 +40349,7 @@ else # include <sys/ioccom.h> # include <netinet/in.h> #undef minor_t @@ -64,7 +64,7 @@ # include <netinet/ip_compat.h> # include <netinet/ip_fil.h> # include <netinet/ip_nat.h> -@@ -38847,6 +38854,7 @@ _ACEOF +@@ -40389,6 +40394,7 @@ _ACEOF ip_fil_compat.h \ ip_fil.h \ ip_nat.h \ @@ -72,7 +72,7 @@ netinet/ip_compat.h \ netinet/ip_fil_compat.h \ netinet/ip_fil.h \ -@@ -38876,6 +38884,7 @@ ac_fn_cxx_check_header_compile "$LINENO" +@@ -40418,6 +40424,7 @@ ac_fn_cxx_check_header_compile "$LINENO" #if HAVE_IP_COMPAT_H #include <ip_compat.h> #elif HAVE_NETINET_IP_COMPAT_H Modified: branches/2016Q4/www/squid-devel/files/patch-src-cf.data.pre ============================================================================== --- branches/2016Q4/www/squid-devel/files/patch-src-cf.data.pre Fri Dec 23 04:39:47 2016 (r429221) +++ branches/2016Q4/www/squid-devel/files/patch-src-cf.data.pre Fri Dec 23 04:41:07 2016 (r429222) @@ -1,6 +1,6 @@ ---- src/cf.data.pre.orig 2015-11-01 10:44:25 UTC +--- src/cf.data.pre.orig 2016-12-16 10:06:20 UTC +++ src/cf.data.pre -@@ -4558,6 +4558,10 @@ DEFAULT: @DEFAULT_PID_FILE@ +@@ -4754,6 +4754,10 @@ DEFAULT: @DEFAULT_PID_FILE@ LOC: Config.pidFilename DOC_START A filename to write the process-id to. To disable, enter "none". Modified: branches/2016Q4/www/squid-devel/files/patch-src_DiskIO_Mmapped_MmappedFile.cc ============================================================================== --- branches/2016Q4/www/squid-devel/files/patch-src_DiskIO_Mmapped_MmappedFile.cc Fri Dec 23 04:39:47 2016 (r429221) +++ branches/2016Q4/www/squid-devel/files/patch-src_DiskIO_Mmapped_MmappedFile.cc Fri Dec 23 04:41:07 2016 (r429222) @@ -1,6 +1,6 @@ ---- src/DiskIO/Mmapped/MmappedFile.cc.orig 2015-11-01 10:44:25 UTC +--- src/DiskIO/Mmapped/MmappedFile.cc.orig 2016-12-16 10:06:20 UTC +++ src/DiskIO/Mmapped/MmappedFile.cc -@@ -235,7 +235,7 @@ Mmapping::map() +@@ -236,7 +236,7 @@ Mmapping::map() static const int pageSize = getpagesize(); delta = offset % pageSize; Modified: branches/2016Q4/www/squid-devel/files/patch-src__ip__Intercept.cc ============================================================================== --- branches/2016Q4/www/squid-devel/files/patch-src__ip__Intercept.cc Fri Dec 23 04:39:47 2016 (r429221) +++ branches/2016Q4/www/squid-devel/files/patch-src__ip__Intercept.cc Fri Dec 23 04:41:07 2016 (r429222) @@ -1,6 +1,6 @@ ---- src/ip/Intercept.cc.orig 2015-11-01 10:44:25 UTC +--- src/ip/Intercept.cc.orig 2016-12-16 10:06:20 UTC +++ src/ip/Intercept.cc -@@ -202,10 +202,10 @@ Ip::Intercept::IpfInterception(const Com +@@ -206,10 +206,10 @@ Ip::Intercept::IpfInterception(const Com // for NAT lookup set local and remote IP:port's if (newConn->remote.isIPv6()) { #if IPFILTER_VERSION < 5000003 @@ -11,43 +11,5 @@ - warningLevel = (warningLevel + 1) % 10; + warningLevel = (warningLevel + 1) % 1048576; return false; - #else - natLookup.nl_v = 6; -@@ -323,13 +323,21 @@ } - - memset(&nl, 0, sizeof(struct pfioc_natlook)); -- newConn->remote.getInAddr(nl.saddr.v4); -+ if (newConn->remote.isIPv4()) { -+ newConn->remote.getInAddr(nl.saddr.v4); -+ } else { -+ newConn->remote.getInAddr(nl.saddr.v6); -+ } - nl.sport = htons(newConn->remote.port()); - -- newConn->local.getInAddr(nl.daddr.v4); -+ if (newConn->local.isIPv4()) { -+ newConn->local.getInAddr(nl.daddr.v4); -+ } else { -+ newConn->local.getInAddr(nl.daddr.v6); -+ } - nl.dport = htons(newConn->local.port()); - -- nl.af = AF_INET; -+ nl.af = newConn->remote.isIPv4() ? AF_INET : AF_INET6; - nl.proto = IPPROTO_TCP; - nl.direction = PF_OUT; - -@@ -345,7 +353,11 @@ - debugs(89, 9, HERE << "address: " << newConn); - return false; - } else { -- newConn->local = nl.rdaddr.v4; -+ if (nl.af == AF_INET) { -+ newConn->local = nl.rdaddr.v4; -+ } else { -+ newConn->local = nl.rdaddr.v6; -+ } - newConn->local.port(ntohs(nl.rdport)); - debugs(89, 5, HERE << "address NAT: " << newConn); - return true; + newConn->local.getInAddr(natLookup.nl_inip); Modified: branches/2016Q4/www/squid-devel/files/patch-src_ipc_mem_Segment.cc ============================================================================== --- branches/2016Q4/www/squid-devel/files/patch-src_ipc_mem_Segment.cc Fri Dec 23 04:39:47 2016 (r429221) +++ branches/2016Q4/www/squid-devel/files/patch-src_ipc_mem_Segment.cc Fri Dec 23 04:41:07 2016 (r429222) @@ -1,11 +1,11 @@ ---- src/ipc/mem/Segment.cc.orig 2015-11-01 10:44:25 UTC +--- src/ipc/mem/Segment.cc.orig 2016-12-16 10:06:20 UTC +++ src/ipc/mem/Segment.cc -@@ -150,7 +150,7 @@ Ipc::Mem::Segment::attach() +@@ -173,7 +173,7 @@ Ipc::Mem::Segment::attach() assert(theSize == static_cast<off_t>(static_cast<size_t>(theSize))); void *const p = - mmap(NULL, theSize, PROT_READ | PROT_WRITE, MAP_SHARED, theFD, 0); + mmap(NULL, theSize, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_NOSYNC, theFD, 0); if (p == MAP_FAILED) { - debugs(54, 5, HERE << "mmap " << theName << ": " << xstrerror()); - fatalf("Ipc::Mem::Segment::attach failed to mmap(%s): %s\n", + int xerrno = errno; + debugs(54, 5, "mmap " << theName << ": " << xstrerr(xerrno)); Modified: branches/2016Q4/www/squid-devel/files/patch-src_tools.cc ============================================================================== --- branches/2016Q4/www/squid-devel/files/patch-src_tools.cc Fri Dec 23 04:39:47 2016 (r429221) +++ branches/2016Q4/www/squid-devel/files/patch-src_tools.cc Fri Dec 23 04:41:07 2016 (r429222) @@ -1,4 +1,4 @@ ---- src/tools.cc.orig 2015-11-01 10:44:25 UTC +--- src/tools.cc.orig 2016-12-16 10:06:20 UTC +++ src/tools.cc @@ -603,7 +603,7 @@ no_suid(void) uid = geteuid();
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201612230441.uBN4f8Hm032228>