aboutsummaryrefslogtreecommitdiffstats
path: root/www/squid
diff options
context:
space:
mode:
authorkrion <krion@FreeBSD.org>2004-06-18 19:49:44 +0800
committerkrion <krion@FreeBSD.org>2004-06-18 19:49:44 +0800
commitbed969b791cbd1085d59a0a7baa4d21b82adbbdc (patch)
tree86c90ca0b2c8aad06008a5a972798a1b35a1c97d /www/squid
parenta77f00e9f54645459d83be870e68f16a0c82c786 (diff)
downloadfreebsd-ports-graphics-bed969b791cbd1085d59a0a7baa4d21b82adbbdc.tar.gz
freebsd-ports-graphics-bed969b791cbd1085d59a0a7baa4d21b82adbbdc.tar.zst
freebsd-ports-graphics-bed969b791cbd1085d59a0a7baa4d21b82adbbdc.zip
Correct the patch for the NTLM helper vulnerability according
to <http://www.squid-cache.org/bugs/show_bug.cgi?id=998> Apply some cleanups: + prefer PATCHDIR over FILEDIR when referring patches + remove unnecessary quotes + move all substitution tasks to the post-patch target + use "${FALSE}" instead of "exit 1" to generate error 1 from a shell Bump PORTREVISION PR: ports/68078 Submitted by: maintainer
Diffstat (limited to 'www/squid')
-rw-r--r--www/squid/Makefile14
-rw-r--r--www/squid/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c21
2 files changed, 12 insertions, 23 deletions
diff --git a/www/squid/Makefile b/www/squid/Makefile
index 70f66a13af5..c01bb810d8e 100644
--- a/www/squid/Makefile
+++ b/www/squid/Makefile
@@ -29,7 +29,7 @@
PORTNAME= squid
PORTVERSION= 2.5.5
-PORTREVISION= 10
+PORTREVISION= 11
CATEGORIES= www
MASTER_SITES= \
ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
@@ -218,7 +218,7 @@ CONFIGURE_ARGS+= --enable-pf-transparent
.if ${OSVERSION} < 502106
pf_includedir= ${LOCALBASE}/include/pf
BUILD_DEPENDS+= ${pf_includedir}/net/pfvar.h:${PORTSDIR}/security/pf
-CFLAGS+= "-I${pf_includedir}"
+CFLAGS+= -I${pf_includedir}
EXTRA_PATCHES+= ${WRKDIR}/pf_from_ports.patch
.endif
.endif
@@ -284,18 +284,16 @@ CONFIGURE_ENV+= CFLAGS="${CFLAGS}" \
pre-patch:
# Check whether we need to create the extra patch that makes pf(4)
-# visible for squid's configure script:
+# visible to squid's configure script:
.if defined(pf_includedir)
@${SED} -e 's|%%PF_INCLUDEDIR%%|${pf_includedir}|g' \
-e 's|%%PF_AC_INCLUDEPATH%%|${pf_includedir:S,/,_,g}|g' \
- ${FILESDIR}/pf_from_ports.patch.in >${WRKDIR}/pf_from_ports.patch
+ ${PATCHDIR}/pf_from_ports.patch.in >${WRKDIR}/pf_from_ports.patch
.endif
post-patch:
@${REINPLACE_CMD} -e 's|-lpthread|${PTHREAD_LIBS}|g' ${WRKSRC}/configure
@${REINPLACE_CMD} -e 's|/etc|${PREFIX}/etc|g' ${WRKSRC}/doc/squid.8
-
-pre-configure:
@${REINPLACE_CMD} -e 's|%%SQUID_UID%%|${SQUID_UID}|g' \
-e 's|%%SQUID_GID%%|${SQUID_GID}|g' ${WRKSRC}/src/cf.data.pre
@@ -348,10 +346,10 @@ changeuser:
.if ${SQUID_UID:L} == nobody
@${ECHO_CMD} "'nobody' is a system user, you do not need to execute"; \
${ECHO_CMD} "this target!"
- exit 1
+ ${FALSE}
.endif
@if [ `${ID} -u` -ne 0 ]; \
- then ${ECHO_CMD} "Sorry, you must be root to use this target."; exit 1; fi; \
+ then ${ECHO_CMD} "Sorry, you must be root to use this target."; ${FALSE}; fi; \
current_uid=`id -u ${SQUID_UID}`; \
current_gid=`pw groupshow ${SQUID_GID}|cut -f 3 -d :`; \
${ECHO_CMD} "I will remove this user:"; \
diff --git a/www/squid/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c b/www/squid/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c
index 8b91e979a9d..54eeeb6bcde 100644
--- a/www/squid/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c
+++ b/www/squid/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c
@@ -3,18 +3,12 @@ helper which was reported by iDefense on the 07th June 2004.
Original advisory:
<http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities&flashstatus=false>
CVE-ID: CAN-2004-0541
-Patch obtained from:
+Patch and correction obtained from:
<http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch>
-The patch was slightly modified by me (tmseck@netcologne.de) to make
-it apply cleanly to the FreeBSD port.
+<http://www.squid-cache.org/bugs/show_bug.cgi?id=998>
-Index: libntlmssp.c
-===================================================================
-RCS file: /server/cvs-server/squid/squid/helpers/ntlm_auth/SMB/libntlmssp.c,v
-retrieving revision 1.7
-diff -u -3 -p -u -r1.7 libntlmssp.c
---- helpers/ntlm_auth/SMB/libntlmssp.c 30 Nov 2001 09:50:28 -0000 1.7
-+++ helpers/ntlm_auth/SMB/libntlmssp.c 20 May 2004 22:31:33 -0000
+--- helpers/ntlm_auth/SMB/libntlmssp.c.orig Fri Nov 30 10:50:06 2001
++++ helpers/ntlm_auth/SMB/libntlmssp.c Fri Jun 18 13:17:35 2004
@@ -161,7 +161,10 @@ make_challenge(char *domain, char *domai
#define min(A,B) (A<B?A:B)
@@ -36,7 +30,7 @@ diff -u -3 -p -u -r1.7 libntlmssp.c
char *domain = credentials;
char *user;
lstring tmp;
-@@ -215,8 +218,13 @@ ntlm_check_auth(ntlm_authenticate * auth
+@@ -215,6 +218,11 @@ ntlm_check_auth(ntlm_authenticate * auth
ntlm_errno = NTLM_LOGON_ERROR;
return NULL;
}
@@ -46,11 +40,8 @@ diff -u -3 -p -u -r1.7 libntlmssp.c
+ return NULL;
+ }
memcpy(domain, tmp.str, tmp.l);
-- user = domain + tmp.l;
-+ user = domain + tmp.l + 1;
+ user = domain + tmp.l;
*user++ = '\0';
-
- /* debug("fetching user name\n"); */
@@ -226,20 +234,30 @@ ntlm_check_auth(ntlm_authenticate * auth
ntlm_errno = NTLM_LOGON_ERROR;
return NULL;