ports/81213: [Maintainer] www/squid: update to 2.5.STABLE10
Thomas-Martin Seck
tmseck at netcologne.de
Wed May 18 18:40:04 UTC 2005
>Number: 81213
>Category: ports
>Synopsis: [Maintainer] www/squid: update to 2.5.STABLE10
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Wed May 18 18:40:01 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Thomas-Martin Seck
>Release: FreeBSD 4.11-STABLE i386
>Organization:
a private site in Germany
>Environment:
FreeBSD ports collection as of May 18, 2005.
>Description:
- Update to 2.5.STABLE10.
See
<http://www.squid-cache.org/Versions/v2/2.5/squid-2.5.STABLE10-RELEASENOTES.html>,
section 12, for details.
- Replace a dead mirror site
- Cosmetic changes
Note to committer:
- Please 'cvs add' files/patch-src-Makefile.in
- Please add the following entry to /usr/ports/UPDATING:
20050518:
AFFECTS: users of www/squid
AUTHOR: tmseck at netcologne.de
Starting with 2.5.10, the cachemgr.cgi program uses a configuration file
cachemgr.conf to control which hosts this program is allowed to manage.
To prevent abuse, the configuration defaults to "localhost" only.
Please see cachemgr.cgi(8) for further details.
- Please add the following entries to security/vuxml/vuln.xml:
<vuln vid="a395397c-c7c8-11d9-9e1e-c296ac722cb3">
<topic>squid -- possible abuse of cachemgr.cgi</topic>
<affects>
<package>
<name>squid</name>
<range><lt>2.5.10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The squid patches page notes:</p>
<blockquote cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-cachemgr_conf">
<p>This patch adds access controls to the cachemgr.cgi script,
preventing it from being abused to reach other servers than
allowed in a local configuration file.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-1999-0710</cvename>
<url>http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-cachemgr_conf</url>
<url>http://www.squid-cache.org/bugs/show_bug.cgi?id=1094</url>
</references>
<dates>
<discovery>19990729</discovery>
<entry>TO BE FILLED IN</entry>
</dates>
</vuln>
<vuln vid="7e97b288-c7ca-11d9-9e1e-c296ac722cb3">
<topic>squid -- DNS lookup spoofing vulnerability</topic>
<affects>
<package>
<name>squid</name>
<range><lt>2.5.10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The squid patches page notes:</p>
<blockquote cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query">
<p>Malicious users may spoof DNS lookups if the DNS client UDP port
(random, assigned by OS as startup) is unfiltered and your network
is not protected from IP spoofing.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CAN-2005-1519</cvename>
<url>http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_reply</url>
<url>http://secunia.com/advisories/15294</url>
</references>
<dates>
<discovery>20050511</discovery>
<entry>TO BE FILLED IN</entry>
</dates>
</vuln>
>How-To-Repeat:
>Fix:
Apply this patch:
Index: distinfo
===================================================================
--- distinfo (.../www/squid) (revision 481)
+++ distinfo (.../local/squid) (revision 481)
@@ -1,48 +1,2 @@
-MD5 (squid2.5/squid-2.5.STABLE9.tar.bz2) = 5a34a303dcab8851c7ab20e24af69b61
-SIZE (squid2.5/squid-2.5.STABLE9.tar.bz2) = 1057776
-MD5 (squid2.5/squid-2.5.STABLE9-setcookie.patch) = f4abbc43af5251380b3caaa9b08d0572
-SIZE (squid2.5/squid-2.5.STABLE9-setcookie.patch) = 5328
-MD5 (squid2.5/squid-2.5.STABLE9-ftp_EPLF.patch) = c4ae820794f301b909415e0f4728f1c9
-SIZE (squid2.5/squid-2.5.STABLE9-ftp_EPLF.patch) = 4108
-MD5 (squid2.5/squid-2.5.STABLE9-ftp_base_href.patch) = ddc034a2c2a002bfcf6bf97eb21e8b57
-SIZE (squid2.5/squid-2.5.STABLE9-ftp_base_href.patch) = 709
-MD5 (squid2.5/squid-2.5.STABLE9-acl_error.patch) = f70922d873ce73c7fdad8bf7156afeb4
-SIZE (squid2.5/squid-2.5.STABLE9-acl_error.patch) = 8499
-MD5 (squid2.5/squid-2.5.STABLE9-date.patch) = 7ce5a1f82bf646f5c6fdd60be658ea3f
-SIZE (squid2.5/squid-2.5.STABLE9-date.patch) = 5647
-MD5 (squid2.5/squid-2.5.STABLE9-reload_into_ims.patch) = 433dde5bbbd67eee5ca60cd2e0827263
-SIZE (squid2.5/squid-2.5.STABLE9-reload_into_ims.patch) = 852
-MD5 (squid2.5/squid-2.5.STABLE9-delay_access_doc.patch) = 6550fb36d16ea17067dbab43964a224a
-SIZE (squid2.5/squid-2.5.STABLE9-delay_access_doc.patch) = 1258
-MD5 (squid2.5/squid-2.5.STABLE9-config_overflow.patch) = 8770c7900b1135a3ded7560ed4491887
-SIZE (squid2.5/squid-2.5.STABLE9-config_overflow.patch) = 591
-MD5 (squid2.5/squid-2.5.STABLE9-bzero.patch) = 90c46b9ba7ff62034c0ca63a70eb2c09
-SIZE (squid2.5/squid-2.5.STABLE9-bzero.patch) = 11326
-MD5 (squid2.5/squid-2.5.STABLE9-pid_t.patch) = 58e869d6d34fe4bff497271003da0916
-SIZE (squid2.5/squid-2.5.STABLE9-pid_t.patch) = 5576
-MD5 (squid2.5/squid-2.5.STABLE9-ctype.patch) = 039b4cf0e8c5b910be54da68952400e1
-SIZE (squid2.5/squid-2.5.STABLE9-ctype.patch) = 4698
-MD5 (squid2.5/squid-2.5.STABLE9-defer_digest_fetch.patch) = 437d440cc4cfeb37b636c998e124a5fe
-SIZE (squid2.5/squid-2.5.STABLE9-defer_digest_fetch.patch) = 1026
-MD5 (squid2.5/squid-2.5.STABLE9-dup_content_length.patch) = 50da2e64f2b3a80b1a8ffdd94e2b4ef4
-SIZE (squid2.5/squid-2.5.STABLE9-dup_content_length.patch) = 1685
-MD5 (squid2.5/squid-2.5.STABLE9-excess_data.patch) = c9ab2d162574e44da51f4e14c653652e
-SIZE (squid2.5/squid-2.5.STABLE9-excess_data.patch) = 1553
-MD5 (squid2.5/squid-2.5.STABLE9-aufs.patch) = db9e5a04e525da825e8d16764a996618
-SIZE (squid2.5/squid-2.5.STABLE9-aufs.patch) = 9317
-MD5 (squid2.5/squid-2.5.STABLE9-long_basic_auth.patch) = 38ba50f5fd44ba860cff7a4ddc67dac0
-SIZE (squid2.5/squid-2.5.STABLE9-long_basic_auth.patch) = 1328
-MD5 (squid2.5/squid-2.5.STABLE9-CONNECT_truncated.patch) = 76292a83e6f4c4d0b368522deac045ee
-SIZE (squid2.5/squid-2.5.STABLE9-CONNECT_truncated.patch) = 4885
-MD5 (squid2.5/squid-2.5.STABLE9-disable_hostname_checks.patch) = dc3eb6e50a1c5e59beddad2e78d0743e
-SIZE (squid2.5/squid-2.5.STABLE9-disable_hostname_checks.patch) = 2964
-MD5 (squid2.5/squid-2.5.STABLE9-aufs_shutdown.patch) = 2ab5c4eaa70d5236c867a68834e1ff4d
-SIZE (squid2.5/squid-2.5.STABLE9-aufs_shutdown.patch) = 10649
-MD5 (squid2.5/squid-2.5.STABLE9-2GB.patch) = bd40083101352328694d2cd7f296b536
-SIZE (squid2.5/squid-2.5.STABLE9-2GB.patch) = 248552
-MD5 (squid2.5/squid-2.5.STABLE9-cachemgr_objects.patch) = cc3c6c61b46f50ea93271997e3002349
-SIZE (squid2.5/squid-2.5.STABLE9-cachemgr_objects.patch) = 2625
-MD5 (squid2.5/squid-2.5.STABLE9-extaclauth.patch) = b3c3282e6f1550e698e7a3f3ad87a7bc
-SIZE (squid2.5/squid-2.5.STABLE9-extaclauth.patch) = 1799
-MD5 (squid2.5/squid-2.5.STABLE9-syslog.patch) = 80998c4bea14b0eacabc10065acb672e
-SIZE (squid2.5/squid-2.5.STABLE9-syslog.patch) = 7439
+MD5 (squid2.5/squid-2.5.STABLE10.tar.bz2) = e6db8bdfc783b3baed7de803c9a39e55
+SIZE (squid2.5/squid-2.5.STABLE10.tar.bz2) = 1069922
Index: files/patch-src-Makefile.in
===================================================================
--- files/patch-src-Makefile.in (.../www/squid) (revision 0)
+++ files/patch-src-Makefile.in (.../local/squid) (revision 481)
@@ -0,0 +1,11 @@
+--- src/Makefile.in.orig Tue May 17 22:06:43 2005
++++ src/Makefile.in Tue May 17 22:05:39 2005
+@@ -377,7 +377,7 @@
+
+ DEFAULT_PREFIX = $(prefix)
+ DEFAULT_CONFIG_FILE = $(sysconfdir)/squid.conf
+-DEFAULT_CACHEMGR_CONFIG = $(sysconfdir)/cachemgr.conf
++DEFAULT_CACHEMGR_CONFIG = $(sysconfdir)/cachemgr.conf.default
+ DEFAULT_MIME_TABLE = $(sysconfdir)/mime.conf
+ DEFAULT_DNSSERVER = $(libexecdir)/`echo dnsserver | sed '$(transform);s/$$/$(EXEEXT)/'`
+ DEFAULT_LOG_PREFIX = $(localstatedir)/logs
Index: pkg-install
===================================================================
--- pkg-install (.../www/squid) (revision 481)
+++ pkg-install (.../local/squid) (revision 481)
@@ -121,13 +121,14 @@
fi
;;
POST-INSTALL)
- for file in mime.conf squid.conf; do
+ for file in cachemgr.conf mime.conf squid.conf; do
if [ ! -f ${squid_confdir}/${file} \
-a -f ${squid_confdir}/${file}.default ]; then
- echo "Creating ${file} from default..."
- install -c -o root -g ${squid_group} -m 0640 \
- ${squid_confdir}/${file}.default ${squid_confdir}/${file}
- fi
+ echo "Creating ${file} from default..."
+ install -c -o root -g ${squid_group} -m 0640 \
+ ${squid_confdir}/${file}.default \
+ ${squid_confdir}/${file}
+ fi
done
echo "===> Post-installation informations for ${pkgname}"
Index: Makefile
===================================================================
--- Makefile (.../www/squid) (revision 481)
+++ Makefile (.../local/squid) (revision 481)
@@ -65,43 +65,20 @@
#
PORTNAME= squid
-PORTVERSION= 2.5.9
-PORTREVISION= 5
+PORTVERSION= 2.5.10
CATEGORIES= www
MASTER_SITES= \
ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
ftp://ftp.unimelb.edu.au/pub/cwis/servers/unix/squid/%SUBDIR%/ \
ftp://sunsite.auc.dk/pub/infosystems/squid/%SUBDIR%/ \
- ftp://ftp.leo.org/pub/comp/general/infosys/www/servers/squid/%SUBDIR%/ \
+ ftp://ftp.mirrorservice.org/sites/ftp.squid-cache.org/pub/ \
${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/www/squid/&,}
MASTER_SITE_SUBDIR= squid-2/STABLE
-DISTNAME= squid-2.5.STABLE9
+DISTNAME= squid-2.5.STABLE10
DIST_SUBDIR= squid2.5
PATCH_SITES= http://www.squid-cache.org/Versions/v2/2.5/bugs/
-PATCHFILES= squid-2.5.STABLE9-setcookie.patch \
- squid-2.5.STABLE9-ftp_EPLF.patch \
- squid-2.5.STABLE9-ftp_base_href.patch \
- squid-2.5.STABLE9-acl_error.patch \
- squid-2.5.STABLE9-date.patch \
- squid-2.5.STABLE9-reload_into_ims.patch \
- squid-2.5.STABLE9-delay_access_doc.patch \
- squid-2.5.STABLE9-config_overflow.patch \
- squid-2.5.STABLE9-bzero.patch \
- squid-2.5.STABLE9-pid_t.patch \
- squid-2.5.STABLE9-ctype.patch \
- squid-2.5.STABLE9-defer_digest_fetch.patch \
- squid-2.5.STABLE9-dup_content_length.patch \
- squid-2.5.STABLE9-excess_data.patch \
- squid-2.5.STABLE9-aufs.patch \
- squid-2.5.STABLE9-long_basic_auth.patch \
- squid-2.5.STABLE9-CONNECT_truncated.patch \
- squid-2.5.STABLE9-disable_hostname_checks.patch \
- squid-2.5.STABLE9-aufs_shutdown.patch \
- squid-2.5.STABLE9-2GB.patch \
- squid-2.5.STABLE9-cachemgr_objects.patch \
- squid-2.5.STABLE9-extaclauth.patch \
- squid-2.5.STABLE9-syslog.patch
+PATCHFILES=
PATCH_DIST_STRIP= -p1
MAINTAINER= tmseck at netcologne.de
@@ -116,7 +93,7 @@
SQUID_UID?= squid
SQUID_GID?= squid
-MAN8= squid.8
+MAN8= cachemgr.cgi.8 squid.8
docs= QUICKSTART README RELEASENOTES.html doc/debug-sections.txt
.if !defined(NOPORTDOCS)
PORTDOCS= ${docs:T}
@@ -148,7 +125,8 @@
SQUID_STACKTRACES "Create backtraces on fatal errors" off \
SQUID_RCNG "Install an rcNG startup script" on
-etc_files= rc.d/squid.sh squid/mib.txt squid/mime.conf.default \
+etc_files= rc.d/squid.sh squid/cachemgr.conf.default \
+ squid/mib.txt squid/mime.conf.default \
squid/msntauth.conf.default squid/squid.conf.default
icon_files= anthony-binhex.gif anthony-bomb.gif anthony-box.gif \
@@ -307,7 +285,7 @@
# information.
.if defined(WITH_SQUID_IPFILTER)
.if (${OSVERSION} >= 470000 && ${OSVERSION} < 500000) || (${OSVERSION} > 500032 && ${OSVERSION} < 501101)
-IGNORE= "IPFilter headers are not part of the base system"
+IGNORE= IPFilter headers are not part of the base system
.else
CONFIGURE_ARGS+= --enable-ipf-transparent
.endif
@@ -375,7 +353,6 @@
post-patch:
@${REINPLACE_CMD} -e 's|-lpthread|${PTHREAD_LIBS}|g' ${WRKSRC}/configure
- @${REINPLACE_CMD} -e 's|/etc|${PREFIX}/etc|g' ${WRKSRC}/doc/squid.8
@${REINPLACE_CMD} -e 's|%%SQUID_UID%%|${SQUID_UID}|g' \
-e 's|%%SQUID_GID%%|${SQUID_GID}|g' ${WRKSRC}/src/cf.data.pre
Index: pkg-deinstall
===================================================================
--- pkg-deinstall (.../www/squid) (revision 481)
+++ pkg-deinstall (.../local/squid) (revision 481)
@@ -8,7 +8,7 @@
case $2 in
DEINSTALL)
cd ${PKG_PREFIX}/etc/squid || exit 1
- for f in squid.conf mime.conf msntauth.conf; do
+ for f in cachemgr.conf mime.conf msntauth.conf squid.conf; do
cmp -s -z ${f} ${f}.default && rm ${f}
done
;;
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list