diff options
| author | taca <taca> | 2002-02-18 17:00:38 +0000 |
|---|---|---|
| committer | taca <taca> | 2002-02-18 17:00:38 +0000 |
| commit | b60d9c32b483540fa922aa98a1f48ab076a9be57 (patch) | |
| tree | 6efbe7506c87102cac4114874c3c49baede22e64 /www/squid | |
| parent | 00e43d8a06b81849fa88541925011681e18b82bb (diff) | |
| download | pkgsrc-b60d9c32b483540fa922aa98a1f48ab076a9be57.tar.gz | |
Update squid to squid-2.4.3nb1.
- replace a hack adding fd_mask definition in autoconf.h with re-writing
configure script. It cause to run configure twice and result "no fd_mask".
- Incorporate three official patches from
http://www.squid-cache.org/Versions/v2/2.4/bugs/.
o SNMP memory leaks
synopsis
The SNMP implementation in Squid had several memory leaks
possibly causing an denial of service.
workaround
Disable the SNMP port if enabled by using "snmp_port 0" in
squid.conf. Or if you only use SNMP for MRTG data
collection running on the same host then use
"snmp_incoming_address 127.0.0.1" to limit reachability
of the SNMP port to only localhost or some other trusted
network.
o Coredump on certain ftp:// style URL's
synopsis
If certain constructed ftp:// style URL's are received then
squid crashes, causing a denial of service and maybe even
remote execution of code.
workaround
Deny forwarding of non-anonymous FTP URLs by inserting
the following rules at the top of squid.conf, prior to
any http_access allow lines.
acl non_anonymous_ftp url_regex -i ftp://[^/@]*@
http_access deny non_anonymous_ftp
o "htcp_port 0" fails to disable the HTCP port
synopsis
"htcp_port 0" fails to completely disable the HTCP port as
documented in squid.conf, instead HTCP will be listening on
a random port number.
Diffstat (limited to 'www/squid')
| -rw-r--r-- | www/squid/Makefile | 15 | ||||
| -rw-r--r-- | www/squid/distinfo | 11 | ||||
| -rw-r--r-- | www/squid/patches/patch-ag | 79 | ||||
| -rw-r--r-- | www/squid/patches/patch-an | 42 |
4 files changed, 118 insertions, 29 deletions
diff --git a/www/squid/Makefile b/www/squid/Makefile index f6bfcbdc9e1..8327b8619ee 100644 --- a/www/squid/Makefile +++ b/www/squid/Makefile @@ -1,12 +1,19 @@ -# $NetBSD: Makefile,v 1.58 2002/02/10 19:26:56 veego Exp $ +# $NetBSD: Makefile,v 1.59 2002/02/18 17:00:38 taca Exp $ DISTNAME= squid-2.4.STABLE3-src PKGNAME= squid-2.4.3 +PKGREVISION= 1 CATEGORIES= www MASTER_SITES= http://www.squid-cache.org/Versions/v2/2.4/ \ ftp://ftp.leo.org/pub/comp/general/infosys/www/daemons/squid/squid-2/STABLE/ \ ftp://ftp1.au.squid-cache.org/pub/squid/squid-2/STABLE/ +PATCH_SITES= http://www.squid-cache.org/Versions/v2/2.4/bugs/ +PATCHFILES= squid-2.4.STABLE3-SNMP_memory_leaks.patch \ + squid-2.4.STABLE3-ftp_coredump.patch \ + squid-2.4.STABLE3-htcp_off.patch +PATCH_DIST_STRIP= -p1 + MAINTAINER= tron@netbsd.org HOMEPAGE= http://www.squid-cache.org/ COMMENT= Post-Harvest_cached WWW proxy cache and accelerator @@ -43,12 +50,6 @@ SQUID_SYSCONFDIR?= ${PKG_SYSCONFDIR} OPTIONAL_FILES= libexec/diskd libexec/dnsserver libexec/pinger libexec/unlinkd -post-configure: - @cd ${WRKSRC}/include && \ - ${MV} autoconf.h autoconf.h.prepatch && \ - ${SED} -e 's%#define fd_mask int%/* #undef fd_mask */%' <autoconf.h.prepatch \ - >autoconf.h - post-build: ${SED} s#@PREFIX@#${PREFIX}#g <${FILESDIR}/squid.sh >${WRKDIR}/squid.sh ${SED} s#@SYSCONFDIR@#${SQUID_SYSCONFDIR}#g <${PKGDIR}/INSTALL \ diff --git a/www/squid/distinfo b/www/squid/distinfo index 0d8ee850794..89c6c7c1c15 100644 --- a/www/squid/distinfo +++ b/www/squid/distinfo @@ -1,16 +1,23 @@ -$NetBSD: distinfo,v 1.7 2001/12/12 17:06:19 taca Exp $ +$NetBSD: distinfo,v 1.8 2002/02/18 17:00:39 taca Exp $ SHA1 (squid-2.4.STABLE3-src.tar.gz) = c388825d57998a80f2733a60d42ebe4b0bface49 Size (squid-2.4.STABLE3-src.tar.gz) = 1081040 bytes +SHA1 (squid-2.4.STABLE3-SNMP_memory_leaks.patch) = 95f79d5564ad73e7c4b1a76d4c3f276d5e4420ef +Size (squid-2.4.STABLE3-SNMP_memory_leaks.patch) = 10291 bytes +SHA1 (squid-2.4.STABLE3-ftp_coredump.patch) = d01d4fbd11bd0d2a2380a714e3e608ac8ae25e2b +Size (squid-2.4.STABLE3-ftp_coredump.patch) = 8732 bytes +SHA1 (squid-2.4.STABLE3-htcp_off.patch) = 310160da38c5b006d756ec75938effcf0114ccb2 +Size (squid-2.4.STABLE3-htcp_off.patch) = 1014 bytes SHA1 (patch-aa) = d56966fabb9477ec1f4db2b91b1ed1e4be35a952 SHA1 (patch-ab) = afb0c443c708d03fc7ab39120ae9a3c68d9e9b88 SHA1 (patch-ac) = b962e05bcaccd0d9a0969b2f1419fd73456440cd SHA1 (patch-ad) = 03f76c2a781bff4b3a8680ee815f8c5dcbdd70d0 SHA1 (patch-ae) = 5189de99c6f453ef58b97a4df54c065c87cf7e21 -SHA1 (patch-ag) = 9403399f18ac6ca3b0295055c1064df97f7d3edf +SHA1 (patch-ag) = a35c10cfa52205a5670dbb7dfc1d61d80627f389 SHA1 (patch-ah) = c80f9d8ce5fae7f399583607aa7f7153824465b7 SHA1 (patch-aj) = 2a8a7df72d0e978c069a8f273a0ee91ac31aa985 SHA1 (patch-ak) = a3f3000dbab7ba6f08904008ccf9e08bc70b3e3f SHA1 (patch-al) = d0741a93a4df8bf94b07e65680b50c294243c728 SHA1 (patch-am) = c844378a03ae27ae52eb454958fb9ed7bc0ce21e +SHA1 (patch-an) = fe6314ad2730021c2728a00eb164faab80bc4575 SHA1 (patch-ba) = a66094abbf55b1eda9d38204bdcf6a4dd1679cda diff --git a/www/squid/patches/patch-ag b/www/squid/patches/patch-ag index 4161c4a6536..4ea13c33c5f 100644 --- a/www/squid/patches/patch-ag +++ b/www/squid/patches/patch-ag @@ -1,24 +1,7 @@ -$NetBSD: patch-ag,v 1.9 2001/12/12 17:06:20 taca Exp $ +$NetBSD: patch-ag,v 1.10 2002/02/18 17:00:39 taca Exp $ --- configure.orig Thu Nov 29 08:56:25 2001 +++ configure -@@ -711,11 +711,11 @@ - REGEXLIB='' # -lregex - LIBREGEX='' # libregex.a - --if test "$libexecdir" = '${exec_prefix}/libexec' && -- test "$localstatedir" = '${prefix}/var'; then -- libexecdir='${prefix}/libexec/squid' -- localstatedir='${prefix}' --fi -+#if test "$libexecdir" = '${exec_prefix}/libexec' && -+# test "$localstatedir" = '${prefix}/var'; then -+# libexecdir='${prefix}/libexec/squid' -+# localstatedir='${prefix}' -+#fi - - case "$host_os" in - cygwin|cygwin32|os2) @@ -1428,7 +1428,7 @@ #define SQUID_SNMP 1 EOF @@ -28,13 +11,69 @@ $NetBSD: patch-ag,v 1.9 2001/12/12 17:06:20 taca Exp $ SNMP_OBJS='$(SNMP_OBJS)' SNMP_MAKEFILE=./snmplib/Makefile makesnmplib=snmplib -@@ -4501,8 +4501,8 @@ +@@ -3668,39 +3668,37 @@ + + fi + +-echo $ac_n "checking for fd_mask""... $ac_c" 1>&6 +-echo "configure:3673: checking for fd_mask" >&5 +-if eval "test \"`echo '$''{'ac_cv_type_fd_mask'+set}'`\" = set"; then ++ ++echo $ac_n "checking for fd_set""... $ac_c" 1>&6 ++echo "configure:3673: checking for fd_set" >&5 ++if eval "test \"`echo '$''{'ac_cv_have_fd_mask'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else ++ + cat > conftest.$ac_ext <<EOF + #line 3678 "configure" + #include "confdefs.h" + #include <sys/types.h> +-#if STDC_HEADERS +-#include <stdlib.h> +-#include <stddef.h> +-#endif ++#include <sys/time.h> ++#include <sys/unistd.h> ++int main() { ++fd_mask fds; ++; return 0; } + EOF +-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | +- egrep "(^|[^a-zA-Z_0-9])fd_mask[^a-zA-Z_0-9]" >/dev/null 2>&1; then ++if { (eval echo configure:3689: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* +- ac_cv_type_fd_mask=yes ++ ac_cv_have_fd_mask="yes" + else ++ echo "configure: failed program was:" >&5 ++ cat conftest.$ac_ext >&5 + rm -rf conftest* +- ac_cv_type_fd_mask=no ++ ac_cv_have_fd_mask="no" + fi + rm -f conftest* + + fi +-echo "$ac_t""$ac_cv_type_fd_mask" 1>&6 +-if test $ac_cv_type_fd_mask = no; then +- cat >> confdefs.h <<\EOF +-#define fd_mask int +-EOF +- +-fi + ++echo "$ac_t""$ac_cv_have_fd_mask" 1>&6 + + echo $ac_n "checking for socklen_t""... $ac_c" 1>&6 + echo "configure:3707: checking for socklen_t" >&5 +@@ -4501,8 +4499,8 @@ GCCVER=`$CC -v 2>&1 | awk '$2 == "version" {print $3}'` case "$GCCVER" in 2.95.[123]) - echo "Removing -O for gcc on $host with GCC $GCCVER" - CFLAGS="`echo $CFLAGS | sed -e 's/-O[0-9]*//'`" -+ echo "Making -O[2-9] to -O for gcc on $host with GCC $GCCVER" ++ echo "Making -O\[2-9\] to -O for gcc on $host with GCC $GCCVER" + CFLAGS="`echo $CFLAGS | sed -e 's/-O[0-9]*/-O/'`" ;; esac diff --git a/www/squid/patches/patch-an b/www/squid/patches/patch-an new file mode 100644 index 00000000000..73eea5a053e --- /dev/null +++ b/www/squid/patches/patch-an @@ -0,0 +1,42 @@ +$NetBSD: patch-an,v 1.1 2002/02/18 17:00:40 taca Exp $ + +--- configure.in.orig Wed Sep 12 18:46:43 2001 ++++ configure.in +@@ -438,7 +438,7 @@ + [ if test "$enableval" = "yes" ; then + echo "SNMP monitoring enabled" + AC_DEFINE(SQUID_SNMP) +- SNMPLIB='-L../snmplib -lsnmp' ++ SNMPLIB='../snmplib/libsnmp.a' + SNMP_OBJS='$(SNMP_OBJS)' + SNMP_MAKEFILE=./snmplib/Makefile + makesnmplib=snmplib +@@ -976,7 +976,16 @@ + AC_CHECK_TYPE(ssize_t, int) + AC_CHECK_TYPE(off_t, int) + AC_CHECK_TYPE(mode_t, u_short) +-AC_CHECK_TYPE(fd_mask, int) ++ ++dnl Check for type fd_mask ++AC_CACHE_CHECK(for fd_set,ac_cv_have_fd_mask, [ ++ AC_TRY_COMPILE([#include <sys/types.h> ++#include <sys/time.h> ++#include <sys/unistd.h>], ++ [fd_mask fds;], ++ ac_cv_have_fd_mask="yes", ++ ac_cv_have_fd_mask="no") ++]) + + dnl Check for type in sys/socket.h + AC_CACHE_CHECK(for socklen_t, ac_cv_type_socklen_t, [ +@@ -1123,8 +1132,8 @@ + GCCVER=`$CC -v 2>&1 | awk '$2 == "version" {print $3}'` + case "$GCCVER" in + [2.95.[123]]) +- echo "Removing -O for gcc on $host with GCC $GCCVER" +- CFLAGS="`echo $CFLAGS | sed -e 's/-O[[0-9]]*//'`" ++ echo "Making -O\[[2-9\]] to -O for gcc on $host with GCC $GCCVER" ++ CFLAGS="`echo $CFLAGS | sed -e 's/-O[[0-9]]*/-O/'`" + ;; + esac + fi |