diff options
author | bsiegert <bsiegert> | 2015-11-24 18:19:32 +0000 |
---|---|---|
committer | bsiegert <bsiegert> | 2015-11-24 18:19:32 +0000 |
commit | ed044f508ad3f37ada6e99a86e03376f9cf54630 (patch) | |
tree | 79a859291d6d5fffe737f1333440055371cb0988 | |
parent | 9c00195391e671f5db5243ce0c6e88e7797183d0 (diff) | |
download | pkgsrc-ed044f508ad3f37ada6e99a86e03376f9cf54630.tar.gz |
Pullup ticket #4860 - requested by taca
www/squid3: security fix
Revisions pulled up:
- www/squid3/Makefile 1.54-1.56
- www/squid3/distinfo 1.41-1.43
- www/squid3/files/squid.sh 1.3
---
Module Name: pkgsrc
Committed By: adam
Date: Fri Oct 2 07:57:13 UTC 2015
Modified Files:
pkgsrc/www/squid3: Makefile distinfo
Log Message:
Changes 3.5.10:
* Align behavior of MEMPROXY_CLASS's operator delete with ::delete on nullptr
* Bug 4330: Do not use SSL_METHOD::put_cipher_by_char to determine size
* Fix cache_peer login=PASS(THRU) after CVE-2015-5400
* Bug 4304: PeerConnector.cc:743 "!callback" assertion.
* Relicense SSPI helper to GPLv2+
* Bug 4208: more than one port in wccp2_service_info line causes error
* Relicense smb_lm auth helper to GPLv2+
* Relicense ntlm_fake_auth.pl to GPLv2+
* SMP: register worker listening ports one by one
* Bug 4328: %un format code does not work for external ACLs in credentials-fetching rules
* Bug 4323: Netfilter broken cross-includes with Linux 4.2
* Cleanup: Migrate StoreEntry to using MEMPROXY_CLASS
* Remove custom pool chunk size for StoreEntry
* Implement default constructor for hash_link
* Bug 4326: base64 binary encoder rejects data beginning with nil byte
---
Module Name: pkgsrc
Committed By: sborrill
Date: Thu Oct 8 10:07:10 UTC 2015
Modified Files:
pkgsrc/www/squid3: Makefile
pkgsrc/www/squid3/files: squid.sh
Log Message:
Check current file descriptor limit and raise if required rather than
blindly setting to 4096 (which may in fact be lower than current limit).
Bump PKGREVISION
---
Module Name: pkgsrc
Committed By: adam
Date: Wed Nov 4 21:44:27 UTC 2015
Modified Files:
pkgsrc/www/squid3: Makefile distinfo
Log Message:
Changes 3.5.11:
* Add Locker friend class to SBuf for protection against memory issues
* Connection stats, including %<lp, missing for persistent connections
* Fix incorrect authentication headers on cache digest requests
* Bug 4281: copy-paste typos in src/tools.cc
* Bug 4188: Bumping intercepted SSL connections does not work on Solaris
* Avoid errors when parsing manager ACL in old squid.conf
* Bug 4279: No response from proxy for FTP-download of non-existing file
* Bug 3574: crashes on reconfigure and startup
* Bug 4347: compile errors with LibreSSL 2.3
-rw-r--r-- | www/squid3/Makefile | 4 | ||||
-rw-r--r-- | www/squid3/distinfo | 9 | ||||
-rw-r--r-- | www/squid3/files/squid.sh | 14 |
3 files changed, 19 insertions, 8 deletions
diff --git a/www/squid3/Makefile b/www/squid3/Makefile index effa8ff14a7..afc63501f96 100644 --- a/www/squid3/Makefile +++ b/www/squid3/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.53 2015/09/22 13:39:31 taca Exp $ +# $NetBSD: Makefile,v 1.53.2.1 2015/11/24 18:19:32 bsiegert Exp $ -DISTNAME= squid-3.5.9 +DISTNAME= squid-3.5.11 CATEGORIES= www MASTER_SITES= http://www.squid-cache.org/Versions/v3/${PKGVERSION_NOREV:R}/ \ ftp://ftp.squid-cache.org/pub/squid/ \ diff --git a/www/squid3/distinfo b/www/squid3/distinfo index 41dfa2c6b5a..cd01410536e 100644 --- a/www/squid3/distinfo +++ b/www/squid3/distinfo @@ -1,8 +1,9 @@ -$NetBSD: distinfo,v 1.40 2015/09/23 03:59:03 taca Exp $ +$NetBSD: distinfo,v 1.40.2.1 2015/11/24 18:19:32 bsiegert Exp $ -SHA1 (squid-3.5.9.tar.xz) = 4856ca628cafbd1cbfa0ddcbadec440e6f4c2da7 -RMD160 (squid-3.5.9.tar.xz) = 090d9ba34bf51d1bfc8d4795080024835f16c9f9 -Size (squid-3.5.9.tar.xz) = 2296384 bytes +SHA1 (squid-3.5.11.tar.xz) = 623e0d4a41ddc70e0f59a3f38c091e0dc946172c +RMD160 (squid-3.5.11.tar.xz) = fb8c01c40a5ef97785759acdc2b706dfb402de7b +SHA512 (squid-3.5.11.tar.xz) = 7d7557f949d7a5995eff4745f6bf58d3c4899b882828a83332e269c4396de8470d7847d76701f383fd889cf7990b8d5c9ace6d557d00a9dd4a8d326f9b116c09 +Size (squid-3.5.11.tar.xz) = 2298436 bytes SHA1 (patch-compat_compat.h) = d6cd93fa7a6d0faad3bf1aca8ae4fa5c984fe288 SHA1 (patch-compat_debug.cc) = 95fc0aa6901834175b9bbf1ddb51eeb7d9ddc8c7 SHA1 (patch-compat_debug.h) = a828871704b1578b520d412393c3d398099a5fdc diff --git a/www/squid3/files/squid.sh b/www/squid3/files/squid.sh index e3d5ff7d0c5..f64377fd695 100644 --- a/www/squid3/files/squid.sh +++ b/www/squid3/files/squid.sh @@ -1,6 +1,6 @@ #!@RCD_SCRIPTS_SHELL@ # -# $NetBSD: squid.sh,v 1.2 2014/08/29 11:13:46 tron Exp $ +# $NetBSD: squid.sh,v 1.2.10.1 2015/11/24 18:19:32 bsiegert Exp $ # # PROVIDE: squid # REQUIRE: DAEMON @@ -20,7 +20,17 @@ procname="squid-1" required_files="${squid_conf} @PKG_SYSCONFDIR@/mime.conf" command_args="-Y -f ${squid_conf}" -start_precmd='ulimit -n 4096' +start_precmd='setproclimits' + +setproclimits() +{ + local climit + climit=`ulimit -n` + if [ "$climit" -lt 4096 ]; then + ulimit -n 4096 + fi +} + # Note: 'shutdown' waits 30 seconds, while 'interrupt' stops immediately reload_cmd="${command} ${squid_flags} ${command_args} -k reconfigure" rotate_cmd="${command} ${squid_flags} ${command_args} -k rotate" |