From 42bad3fe54c824e861223ef1efa16fee85bd1e94 Mon Sep 17 00:00:00 2001 From: krion Date: Thu, 10 Jun 2004 15:40:44 +0000 Subject: - Support systems where pf(4) must be installed from ports (see ports/67724, submitted by Michal F. Hanula) - Change ": foo=${foo:=bar}" into "foo=${foo:-bar}" to make the shell scripts easier to read and understand - Correct credits for the recently published NTLM auth vulnerability and fix a nearby braino, too - Bump PORTREVISION PR: ports/67797 Submitted by: maintainer --- www/squid31/Makefile | 22 +++++++++++++++------- .../files/patch-helpers-ntlm_auth-SMB-libntlmssp.c | 4 ++-- www/squid31/files/pf_from_ports.patch.in | 20 ++++++++++++++++++++ www/squid31/files/squid.sh | 6 +++--- www/squid31/pkg-install | 4 ++-- 5 files changed, 42 insertions(+), 14 deletions(-) create mode 100644 www/squid31/files/pf_from_ports.patch.in (limited to 'www/squid31') diff --git a/www/squid31/Makefile b/www/squid31/Makefile index 8bc9b0833d32..70f66a13af59 100644 --- a/www/squid31/Makefile +++ b/www/squid31/Makefile @@ -29,7 +29,7 @@ PORTNAME= squid PORTVERSION= 2.5.5 -PORTREVISION= 9 +PORTREVISION= 10 CATEGORIES= www MASTER_SITES= \ ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ @@ -214,13 +214,12 @@ CONFIGURE_ARGS+= --enable-useragent-log CONFIGURE_ARGS+= --enable-arp-acl .endif .if defined(WITH_SQUID_PF) -.if ${OSVERSION} >= 502106 -# This will work only systems where PF is part of the base system for now. -# If someone is eager to teach squid's configure script how to pick up the pf -# port on 5.[0-2] systems instead, go on, I will integrate your patch. CONFIGURE_ARGS+= --enable-pf-transparent -.else -IGNORE= WITH_SQUID_PF only works on systems where pf is part of the base system. +.if ${OSVERSION} < 502106 +pf_includedir= ${LOCALBASE}/include/pf +BUILD_DEPENDS+= ${pf_includedir}/net/pfvar.h:${PORTSDIR}/security/pf +CFLAGS+= "-I${pf_includedir}" +EXTRA_PATCHES+= ${WRKDIR}/pf_from_ports.patch .endif .endif .if defined(WITH_SQUID_FOLLOW_XFF) @@ -283,6 +282,15 @@ CONFIGURE_ARGS+= ${SQUID_CONFIGURE_ARGS} CONFIGURE_ENV+= CFLAGS="${CFLAGS}" \ LDFLAGS="${LDFLAGS}" +pre-patch: +# Check whether we need to create the extra patch that makes pf(4) +# visible for squid's configure script: +.if defined(pf_includedir) + @${SED} -e 's|%%PF_INCLUDEDIR%%|${pf_includedir}|g' \ + -e 's|%%PF_AC_INCLUDEPATH%%|${pf_includedir:S,/,_,g}|g' \ + ${FILESDIR}/pf_from_ports.patch.in >${WRKDIR}/pf_from_ports.patch +.endif + post-patch: @${REINPLACE_CMD} -e 's|-lpthread|${PTHREAD_LIBS}|g' ${WRKSRC}/configure @${REINPLACE_CMD} -e 's|/etc|${PREFIX}/etc|g' ${WRKSRC}/doc/squid.8 diff --git a/www/squid31/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c b/www/squid31/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c index c837e41da5d3..8b91e979a9d2 100644 --- a/www/squid31/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c +++ b/www/squid31/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c @@ -1,11 +1,11 @@ This patch fixes a buffer overflow vulnerability in the NTLM auth -helper which was reported by Stefan Esser on the 07th June 2004. +helper which was reported by iDefense on the 07th June 2004. Original advisory: CVE-ID: CAN-2004-0541 Patch obtained from: -The patch was slightly modified by the me (tmseck@netcologne.de) to make +The patch was slightly modified by me (tmseck@netcologne.de) to make it apply cleanly to the FreeBSD port. Index: libntlmssp.c diff --git a/www/squid31/files/pf_from_ports.patch.in b/www/squid31/files/pf_from_ports.patch.in new file mode 100644 index 000000000000..dd0617e41500 --- /dev/null +++ b/www/squid31/files/pf_from_ports.patch.in @@ -0,0 +1,20 @@ +--- configure.orig Thu Jun 10 12:22:06 2004 ++++ configure Thu Jun 10 13:31:53 2004 +@@ -3781,7 +3781,7 @@ + memory.h \ + mount.h \ + net/if.h \ +- net/pfvar.h \ ++ %%PF_INCLUDEDIR%%/net/pfvar.h \ + netdb.h \ + netinet/if_ether.h \ + netinet/in.h \ +@@ -7604,7 +7604,7 @@ + echo $ac_n "checking if PF header file is installed""... $ac_c" 1>&6 + echo "configure:7606: checking if PF header file is installed" >&5 + # hold on to your hats... +- if test "$ac_cv_header_net_pfvar_h" = "yes"; then ++ if test "$ac_cv_header_%%PF_AC_INCLUDEPATH%%_net_pfvar_h" = "yes"; then + PF_TRANSPARENT="yes" + cat >> confdefs.h <<\EOF + #define PF_TRANSPARENT 1 diff --git a/www/squid31/files/squid.sh b/www/squid31/files/squid.sh index 73fb0504db7a..4102d27fbc11 100644 --- a/www/squid31/files/squid.sh +++ b/www/squid31/files/squid.sh @@ -20,9 +20,9 @@ command=%%PREFIX%%/sbin/squid extra_commands=reload reload_cmd="${command} -k reconfigure" stop_cmd="${command} -k shutdown" -: ${squid_chdir:=%%PREFIX%%/squid/logs} -: ${squid_user:=%%SQUID_UID%%} -: ${squid_flags:="-D"} +squid_chdir=${squid_chdir:-%%PREFIX%%/squid/logs} +squid_user=${squid_user:-%%SQUID_UID%%} +squid_flags=${squid_flags:-"-D"} default_config=%%PREFIX%%/etc/squid/squid.conf if [ -f /etc/rc.subr ]; then diff --git a/www/squid31/pkg-install b/www/squid31/pkg-install index c8eecd888d70..bbb7d0c9eafb 100644 --- a/www/squid31/pkg-install +++ b/www/squid31/pkg-install @@ -12,8 +12,8 @@ if [ -x /usr/sbin/nologin ]; then else nologin=/sbin/nologin fi -: ${squid_user:=squid} -: ${squid_group:=squid} +squid_user=${squid_user:-squid} +squid_group=${squid_group:-squid} squid_gid=100 squid_uid=100 # Try to catch the case where the $squid_user might have been created with an -- cgit