- Integrate vendor patches as published on

<http://www.squid-cache.org/Versions/v2/2.5/bugs/>: + Reject malformed HTTP requests and responses that conflict with the HTTP specifications This issue is qualified as a security issue by the vendor. + PURGE is allowed to delete internal objects (squid bug #1112) + Disable Path-MTU discovery on intercepted requests (squid bug #1154) (VuXML vid=b4d94fa0-6e38-11d9-9e1e-c296ac722cb3) - Clean up and correct package list generation. Now installed files and directories are visible via PLIST_FILES and PLIST_DIRS. - Don't claim that squid related files or directories are still present after deinstallation when in fact they are not. - Add "-g" to CFLAGS when WITH_SQUID_STACKTRACES is defined to make this option actually useful. PR: ports/76628 Submitted by: maintainer
author: sem <sem@FreeBSD.org> 2005-01-26 17:56:25 +0000
committer: sem <sem@FreeBSD.org> 2005-01-26 17:56:25 +0000
commit: 626b83d416487333a95c6421931fb26f518606c5 (patch)
tree: 1e35f9cdb95816a08fe9d60369ab6920044bcf78 /www/squid27
parent: 458e0f592bea2255ee1b14a7ad13f0eb171d5333 (diff)
download: FreeBSD-ports-626b83d416487333a95c6421931fb26f518606c5.zip
FreeBSD-ports-626b83d416487333a95c6421931fb26f518606c5.tar.gz
4 files changed, 213 insertions, 42 deletions
diff --git a/www/squid27/Makefile b/www/squid27/Makefile
index 6293669..81505e1 100644
--- a/www/squid27/Makefile
+++ b/www/squid27/Makefile
@@ -74,7 +74,7 @@
 
 PORTNAME=	squid
 PORTVERSION=	2.5.7
-PORTREVISION=	8
+PORTREVISION=	9
 CATEGORIES=	www
 MASTER_SITES=	\
 		ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
@@ -93,6 +93,7 @@ PATCHFILES=	squid-2.5.STABLE7-half_closed_POST.patch \
 		squid-2.5.STABLE7-helper_shutdown.patch \
 		squid-2.5.STABLE7-blank_response.patch \
 		squid-2.5.STABLE7-dothost.patch \
+		squid-2.5.STABLE7-PURGE_internal.patch \
 		squid-2.5.STABLE7-httpd_accel_vport.patch \
 		squid-2.5.STABLE7-cachemgr_vmobjects.patch \
 		squid-2.5.STABLE7-empty_acls.patch \
@@ -103,6 +104,8 @@ PATCHFILES=	squid-2.5.STABLE7-half_closed_POST.patch \
 		squid-2.5.STABLE7-dns_memleak.patch \
 		squid-2.5.STABLE7-fqdn_truncated.patch \
 		squid-2.5.STABLE7-ldap_spaces.patch \
+		squid-2.5.STABLE7-header_parsing.patch \
+		squid-2.5.STABLE7-httpd_accel_no_pmtu_disc.patch \
 		squid-2.5.STABLE7-ftp_datachannel.patch \
 		squid-2.5.STABLE7-short_icons_urls.patch \
 		squid-2.5.STABLE7-response_splitting.patch
@@ -150,9 +153,8 @@ OPTIONS=	SQUID_LDAP_AUTH "Install LDAP authentication helpers" off \
 		SQUID_STACKTRACES "Create backtraces on fatal errors" off \
 		SQUID_RCNG "Install an rcNG startup script" on
 
-PLIST_FILES=	etc/rc.d/squid.sh etc/squid/mib.txt etc/squid/mime.conf.default \
-		etc/squid/msntauth.conf.default etc/squid/squid.conf.default \
-		sbin/RunAccel sbin/RunCache sbin/squidclient sbin/squid
+etc_files=	rc.d/squid.sh squid/mib.txt squid/mime.conf.default \
+		squid/msntauth.conf.default squid/squid.conf.default
 
 icon_files=	anthony-binhex.gif anthony-bomb.gif anthony-box.gif \
 		anthony-box2.gif anthony-c.gif anthony-compressed.gif \
@@ -169,17 +171,22 @@ error_files=	ERR_ACCESS_DENIED ERR_CACHE_ACCESS_DENIED \
 		ERR_CONNECT_FAIL ERR_DNS_FAIL ERR_FORWARDING_DENIED \
 		ERR_FTP_DISABLED ERR_FTP_FAILURE ERR_FTP_FORBIDDEN \
 		ERR_FTP_NOT_FOUND ERR_FTP_PUT_CREATED \
-		ERR_FTP_PUT_ERROR ERR_FTP_PUT_MODIFIED \
-		ERR_FTP_UNAVAILABLE ERR_INVALID_REQ ERR_INVALID_URL \
+		ERR_FTP_PUT_ERROR ERR_FTP_PUT_MODIFIED ERR_FTP_UNAVAILABLE \
+		ERR_INVALID_REQ ERR_INVALID_RESP ERR_INVALID_URL \
 		ERR_LIFETIME_EXP ERR_NO_RELAY ERR_ONLY_IF_CACHED_MISS \
 		ERR_READ_ERROR ERR_READ_TIMEOUT ERR_SHUTTING_DOWN \
 		ERR_SOCKET_FAILURE ERR_TOO_BIG ERR_UNSUP_REQ \
 		ERR_URN_RESOLVE ERR_WRITE_ERROR ERR_ZERO_SIZE_OBJECT
 
-libexec=	cachemgr.cgi digest_pw_auth diskd dnsserver ip_user_check \
-		squid_ldap_auth squid_ldap_group msnt_auth ncsa_auth ntlm_auth \
-		pam_auth pinger smb_auth smb_auth.sh squid_unix_group \
-		unlinkd wb_auth wb_group wb_ntlmauth wbinfo_group.pl
+libexec=	cachemgr.cgi digest_pw_auth diskd ip_user_check \
+		msnt_auth ncsa_auth ntlm_auth \
+		pam_auth smb_auth smb_auth.sh squid_unix_group \
+		wb_auth wb_group wb_ntlmauth wbinfo_group.pl
+.if !defined(SQUID_CONFIGURE_ARGS) || ${SQUID_CONFIGURE_ARGS:M*--disable-unlinkd*} == ""
+libexec+=	unlinkd
+.endif
+
+sbin=		RunAccel RunCache squidclient squid
 
 CONFIGURE_ARGS=	--bindir=${PREFIX}/sbin  --sysconfdir=${PREFIX}/etc/squid \
 		--datadir=${PREFIX}/etc/squid \
@@ -201,6 +208,7 @@ LDFLAGS+=	-L${LOCALBASE}/lib
 MAN8+=		squid_ldap_auth.8 squid_ldap_group.8
 basic_auth+=	LDAP
 external_acl+=	ldap_group
+libexec+=	squid_ldap_auth squid_ldap_group
 .endif
 .if !defined(NO_NIS)
 basic_auth+=	YP
@@ -251,9 +259,11 @@ LDFLAGS+=	-I${LOCALBASE}/lib
 .endif
 .if defined(WITH_SQUID_PINGER)
 CONFIGURE_ARGS+=	--enable-icmp
+libexec+=	pinger
 .endif
 .if defined(WITH_SQUID_DNS_HELPER)
 CONFIGURE_ARGS+=	--disable-internal-dns
+libexec+=	dnsserver
 .endif
 .if defined(WITH_SQUID_HTCP)
 CONFIGURE_ARGS+=	--enable-htcp
@@ -301,6 +311,7 @@ CONFIGURE_ARGS+=	--enable-follow-x-forwarded-for
 .endif
 .if defined(WITH_SQUID_STACKTRACES)
 CONFIGURE_ARGS+=	--enable-stacktraces
+CFLAGS+=	-g
 STRIP=			""
 .endif
 .if !defined(WITHOUT_SQUID_RCNG)
@@ -332,6 +343,16 @@ CONFIGURE_ARGS+=	${SQUID_CONFIGURE_ARGS}
 CONFIGURE_ENV+=		CFLAGS="${CFLAGS}" \
 			LDFLAGS="${LDFLAGS}"
 
+PLIST_DIRS=	etc/squid/icons libexec/squid
+PLIST_FILES=	${etc_files:S,^,etc/,} ${icon_files:S,^,etc/squid/icons/,} \
+		${libexec:S,^,libexec/squid/,} ${sbin:S,^,sbin/,}
+
+.for d in ${SQUID_LANGUAGES}
+PLIST_DIRS+=	etc/squid/errors/${d}
+PLIST_FILES+=	${error_files:S,^,etc/squid/errors/${d}/,}
+.endfor
+PLIST_DIRS+=	etc/squid/errors etc/squid squid/logs squid/cache squid
+
 pre-patch:
 # Check whether we need to create the extra patch that makes pf(4)
 # visible to squid's configure script:
@@ -375,27 +396,6 @@ post-install:
 .endif
 	@${SETENV} PKG_PREFIX=${PREFIX} \
 	    ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
-# Create package list:
-	@for f in ${libexec}; do \
-	    ${TEST} -f ${PREFIX}/libexec/squid/$${f} && \
-	    ${ECHO_CMD} "libexec/squid/$${f}" >>${TMPPLIST} || ${TRUE} ; \
-	done
-	@${ECHO_CMD} "@unexec rmdir %D/libexec/squid 2>/dev/null || true" \
-	    >>${TMPPLIST}
-	@for f in ${icon_files}; do \
-	    ${ECHO_CMD} "etc/squid/icons/$${f}" >>${TMPPLIST}; \
-	done
-	@${ECHO_CMD} "@unexec rmdir %D/etc/squid/icons 2>/dev/null || true" \
-	    >>${TMPPLIST}
-	@for d in ${SQUID_LANGUAGES}; do \
-	    for f in ${error_files}; do \
-		${ECHO_CMD} "etc/squid/errors/$${d}/$${f}" >>${TMPPLIST} ; \
-	    done; \
-	    ${ECHO_CMD} "@unexec rmdir %D/etc/squid/errors/$${d} 2>/dev/null || true" \
-		>>${TMPPLIST}; \
-	done
-	@${ECHO_CMD} "@unexec rmdir %D/etc/squid/errors 2>/dev/null || true" \
-	    >>${TMPPLIST}
 
 changeuser:
 # Recover from the problem that earlier versions of this port created the
diff --git a/www/squid27/distinfo b/www/squid27/distinfo
index 1f4b544..e1ca82e 100644
--- a/www/squid27/distinfo
+++ b/www/squid27/distinfo
@@ -12,6 +12,8 @@ MD5 (squid2.5/squid-2.5.STABLE7-blank_response.patch) = b4d3265c55888f9b9ba3c5bc
 SIZE (squid2.5/squid-2.5.STABLE7-blank_response.patch) = 723
 MD5 (squid2.5/squid-2.5.STABLE7-dothost.patch) = 81034e9092a06d9aa1e9ede26632ae03
 SIZE (squid2.5/squid-2.5.STABLE7-dothost.patch) = 2155
+MD5 (squid2.5/squid-2.5.STABLE7-PURGE_internal.patch) = bc9d928b8dd37eaadd61bf7fefc375a7
+SIZE (squid2.5/squid-2.5.STABLE7-PURGE_internal.patch) = 871
 MD5 (squid2.5/squid-2.5.STABLE7-httpd_accel_vport.patch) = 2366a84e29fad439c2a488b03f112779
 SIZE (squid2.5/squid-2.5.STABLE7-httpd_accel_vport.patch) = 843
 MD5 (squid2.5/squid-2.5.STABLE7-cachemgr_vmobjects.patch) = fdde57025dbfb8caf9154e24b4e1bf3e
@@ -32,6 +34,10 @@ MD5 (squid2.5/squid-2.5.STABLE7-fqdn_truncated.patch) = 1c38e69132cfc469f0aa6db4
 SIZE (squid2.5/squid-2.5.STABLE7-fqdn_truncated.patch) = 4484
 MD5 (squid2.5/squid-2.5.STABLE7-ldap_spaces.patch) = 8c2eb269b16d757b562ee32a2eb7ef99
 SIZE (squid2.5/squid-2.5.STABLE7-ldap_spaces.patch) = 1974
+MD5 (squid2.5/squid-2.5.STABLE7-header_parsing.patch) = 81fc39556c20fa64f4bffacbaf5876b1
+SIZE (squid2.5/squid-2.5.STABLE7-header_parsing.patch) = 44080
+MD5 (squid2.5/squid-2.5.STABLE7-httpd_accel_no_pmtu_disc.patch) = a151cd22387e815028351b8b69541eec
+SIZE (squid2.5/squid-2.5.STABLE7-httpd_accel_no_pmtu_disc.patch) = 4113
 MD5 (squid2.5/squid-2.5.STABLE7-ftp_datachannel.patch) = cc65c481c7ea1e2cb2bc1c0b61f09a69
 SIZE (squid2.5/squid-2.5.STABLE7-ftp_datachannel.patch) = 4825
 MD5 (squid2.5/squid-2.5.STABLE7-short_icons_urls.patch) = 3cbed4fe923641bff5f23e69c444d63e
diff --git a/www/squid27/files/patch-ERR_INVALID_RESP b/www/squid27/files/patch-ERR_INVALID_RESP
new file mode 100644
index 0000000..e49da92
--- /dev/null
+++ b/www/squid27/files/patch-ERR_INVALID_RESP
@@ -0,0 +1,165 @@
+diff -ruP errors.orig/Korean/ERR_INVALID_RESP errors/Korean/ERR_INVALID_RESP
+--- errors.orig/Korean/ERR_INVALID_RESP	Thu Jan  1 01:00:00 1970
++++ errors/Korean/ERR_INVALID_RESP	Mon Jan 24 19:19:43 2005
+@@ -0,0 +1,29 @@
++<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
++<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
++<TITLE>ERROR: The requested URL could not be retrieved</TITLE>
++<STYLE type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>
++</HEAD><BODY>
++<H1>ERROR</H1>
++<H2>The requested URL could not be retrieved</H2>
++<HR noshade size="1px">
++<P>
++While trying to process the request:
++<PRE>
++%R
++</PRE>
++<P>
++The following error was encountered:
++<UL>
++<LI>
++<STRONG>
++Invalid Response
++</STRONG>
++</UL>
++
++<P>
++The HTTP Response message received from the contacted server
++could not be understood or was otherwise malformed. Please contact
++the site operator. Your cache administrator may be able to provide
++you with more details about the exact nature of the problem if needed.
++
++<P>Your cache administrator is <A HREF="mailto:%w">%w</A>. 
+diff -ruP errors.orig/Lithuanian/ERR_INVALID_RESP errors/Lithuanian/ERR_INVALID_RESP
+--- errors.orig/Lithuanian/ERR_INVALID_RESP	Thu Jan  1 01:00:00 1970
++++ errors/Lithuanian/ERR_INVALID_RESP	Mon Jan 24 19:19:43 2005
+@@ -0,0 +1,29 @@
++<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
++<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
++<TITLE>ERROR: The requested URL could not be retrieved</TITLE>
++<STYLE type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>
++</HEAD><BODY>
++<H1>ERROR</H1>
++<H2>The requested URL could not be retrieved</H2>
++<HR noshade size="1px">
++<P>
++While trying to process the request:
++<PRE>
++%R
++</PRE>
++<P>
++The following error was encountered:
++<UL>
++<LI>
++<STRONG>
++Invalid Response
++</STRONG>
++</UL>
++
++<P>
++The HTTP Response message received from the contacted server
++could not be understood or was otherwise malformed. Please contact
++the site operator. Your cache administrator may be able to provide
++you with more details about the exact nature of the problem if needed.
++
++<P>Your cache administrator is <A HREF="mailto:%w">%w</A>. 
+diff -ruP errors.orig/Polish/ERR_INVALID_RESP errors/Polish/ERR_INVALID_RESP
+--- errors.orig/Polish/ERR_INVALID_RESP	Thu Jan  1 01:00:00 1970
++++ errors/Polish/ERR_INVALID_RESP	Mon Jan 24 19:19:43 2005
+@@ -0,0 +1,29 @@
++<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
++<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
++<TITLE>ERROR: The requested URL could not be retrieved</TITLE>
++<STYLE type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>
++</HEAD><BODY>
++<H1>ERROR</H1>
++<H2>The requested URL could not be retrieved</H2>
++<HR noshade size="1px">
++<P>
++While trying to process the request:
++<PRE>
++%R
++</PRE>
++<P>
++The following error was encountered:
++<UL>
++<LI>
++<STRONG>
++Invalid Response
++</STRONG>
++</UL>
++
++<P>
++The HTTP Response message received from the contacted server
++could not be understood or was otherwise malformed. Please contact
++the site operator. Your cache administrator may be able to provide
++you with more details about the exact nature of the problem if needed.
++
++<P>Your cache administrator is <A HREF="mailto:%w">%w</A>. 
+diff -ruP errors.orig/Portuguese/ERR_INVALID_RESP errors/Portuguese/ERR_INVALID_RESP
+--- errors.orig/Portuguese/ERR_INVALID_RESP	Thu Jan  1 01:00:00 1970
++++ errors/Portuguese/ERR_INVALID_RESP	Mon Jan 24 19:19:43 2005
+@@ -0,0 +1,29 @@
++<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
++<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
++<TITLE>ERROR: The requested URL could not be retrieved</TITLE>
++<STYLE type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>
++</HEAD><BODY>
++<H1>ERROR</H1>
++<H2>The requested URL could not be retrieved</H2>
++<HR noshade size="1px">
++<P>
++While trying to process the request:
++<PRE>
++%R
++</PRE>
++<P>
++The following error was encountered:
++<UL>
++<LI>
++<STRONG>
++Invalid Response
++</STRONG>
++</UL>
++
++<P>
++The HTTP Response message received from the contacted server
++could not be understood or was otherwise malformed. Please contact
++the site operator. Your cache administrator may be able to provide
++you with more details about the exact nature of the problem if needed.
++
++<P>Your cache administrator is <A HREF="mailto:%w">%w</A>. 
+diff -ruP errors.orig/Romanian/ERR_INVALID_RESP errors/Romanian/ERR_INVALID_RESP
+--- errors.orig/Romanian/ERR_INVALID_RESP	Thu Jan  1 01:00:00 1970
++++ errors/Romanian/ERR_INVALID_RESP	Mon Jan 24 19:19:43 2005
+@@ -0,0 +1,29 @@
++<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
++<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
++<TITLE>ERROR: The requested URL could not be retrieved</TITLE>
++<STYLE type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>
++</HEAD><BODY>
++<H1>ERROR</H1>
++<H2>The requested URL could not be retrieved</H2>
++<HR noshade size="1px">
++<P>
++While trying to process the request:
++<PRE>
++%R
++</PRE>
++<P>
++The following error was encountered:
++<UL>
++<LI>
++<STRONG>
++Invalid Response
++</STRONG>
++</UL>
++
++<P>
++The HTTP Response message received from the contacted server
++could not be understood or was otherwise malformed. Please contact
++the site operator. Your cache administrator may be able to provide
++you with more details about the exact nature of the problem if needed.
++
++<P>Your cache administrator is <A HREF="mailto:%w">%w</A>. 
diff --git a/www/squid27/pkg-deinstall b/www/squid27/pkg-deinstall
index 42ccaec..16c46fb 100644
--- a/www/squid27/pkg-deinstall
+++ b/www/squid27/pkg-deinstall
@@ -13,20 +13,20 @@ DEINSTALL)
 	done
 	;;
 POST-DEINSTALL)
-	rmdir ${PKG_PREFIX}/etc/squid 2>/dev/null
-	rmdir ${PKG_PREFIX}/squid/cache 2>/dev/null
-	rmdir ${PKG_PREFIX}/squid/logs 2>/dev/null
-	rmdir ${PKG_PREFIX}/squid 2>/dev/null
 	echo "===> post-deinstallation information for $1"
 	echo ""
-	echo "     Please note that $1 was not completely removed"
-	echo "     from this system."
+	echo "     Please note that squid was not completely removed"
+	echo "     from this system:"
 	echo ""
-	echo "     The cache and log directories, squid's user account,"
-	echo "     and any modified configuration files have been preserved"
-	echo "     in case you want to install an updated version of squid"
-	echo "     on this system. You must remove them manually if you do"
-	echo "     not want to use squid any longer."
+	echo "     Any squid related user accounts were kept."
+	if  [ -d ${PKG_PREFIX}/squid -o -d ${PKG_PREFIX}/etc/squid ] ; then
+		echo ""
+		echo "     Additionally, cache and log directories as well as"
+		echo "     configuration files modified by you were preserved"
+		echo "     too, in case you want to install an updated version"
+		echo "     of squid. You need to remove them manually if you do"
+		echo "     not want to use it any longer."
+	fi
 	echo ""
 	;;
 *)
author	sem <sem@FreeBSD.org>	2005-01-26 17:56:25 +0000
committer	sem <sem@FreeBSD.org>	2005-01-26 17:56:25 +0000
commit	626b83d416487333a95c6421931fb26f518606c5 (patch)
tree	1e35f9cdb95816a08fe9d60369ab6920044bcf78 /www/squid27
parent	458e0f592bea2255ee1b14a7ad13f0eb171d5333 (diff)
download	FreeBSD-ports-626b83d416487333a95c6421931fb26f518606c5.zip FreeBSD-ports-626b83d416487333a95c6421931fb26f518606c5.tar.gz