ports/137437: [Maintainer] www/squid31: update to 3.1.0.13, fix vid e1156e90-7ad6-11de-b26a-0048543d60ce
Thomas-Martin Seck
tmseck at web.de
Tue Aug 4 21:40:12 UTC 2009
>Number: 137437
>Category: ports
>Synopsis: [Maintainer] www/squid31: update to 3.1.0.13, fix vid e1156e90-7ad6-11de-b26a-0048543d60ce
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Tue Aug 04 21:40:07 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Thomas-Martin Seck
>Release: FreeBSD 7.2-RELEASE i386
>Organization:
a private site in Germany
>Environment:
FreeBSD ports collection as of August 4, 2009.
>Description:
Update to 3.1.0.13.
This update fixes the remote denial of service vulnerabilities
documented in vid e1156e90-7ad6-11de-b26a-0048543d60ce.
Update for vuln.xml is below. I corrected the minimum affected
version to >= 3.1.0.1 to make clear that every 3.1 version is
affected, not just the version we offered first via FreeBSD ports.
The issue was corrected upstream in 3.1.0.12.
--- vuln.xml.orig 2009-08-04 23:08:35.000000000 +0200
+++ vuln.xml 2009-08-04 23:09:39.000000000 +0200
@@ -146,7 +146,7 @@
<package>
<name>squid</name>
<range><ge>3.0.1</ge><lt>3.0.17</lt></range>
- <range><ge>3.1.0.8</ge></range>
+ <range><ge>3.1.0.1</ge><lt>3.1.0.12</range>
</package>
</affects>
<description>
>How-To-Repeat:
>Fix:
Apply this patch:
Index: Makefile
===================================================================
--- Makefile (.../www/squid31) (revision 1653)
+++ Makefile (.../local/squid31) (revision 1653)
@@ -91,7 +91,7 @@
LATEST_LINK= squid31
-SQUID_BETA_VER= 8
+SQUID_BETA_VER= 13
CONFLICTS= squid-2.[0-9].* squid-3.[^1].* cacheboy-[0-9]*
GNU_CONFIGURE= yes
@@ -102,6 +102,7 @@
SQUID_UID?= squid
SQUID_GID?= squid
+MAN1= squidclient.1
MAN8= cachemgr.cgi.8 squid.8 squid_radius_auth.8
docs= QUICKSTART README RELEASENOTES.html doc/debug-sections.txt
PORTDOCS= ${docs:T}
@@ -163,7 +164,7 @@
ERR_CACHE_MGR_ACCESS_DENIED ERR_CANNOT_FORWARD \
ERR_CONNECT_FAIL ERR_DNS_FAIL ERR_ESI ERR_FORWARDING_DENIED \
ERR_FTP_DISABLED ERR_FTP_FAILURE ERR_FTP_FORBIDDEN \
- ERR_FTP_NOT_FOUND ERR_FTP_PUT_CREATED \
+ ERR_FTP_LISTING ERR_FTP_NOT_FOUND ERR_FTP_PUT_CREATED \
ERR_FTP_PUT_ERROR ERR_FTP_PUT_MODIFIED ERR_FTP_UNAVAILABLE \
ERR_ICAP_FAILURE ERR_INVALID_REQ ERR_INVALID_RESP \
ERR_INVALID_URL ERR_LIFETIME_EXP ERR_NO_RELAY \
@@ -171,18 +172,21 @@
ERR_SECURE_CONNECT_FAIL ERR_SHUTTING_DOWN ERR_SOCKET_FAILURE \
ERR_TOO_BIG ERR_UNSUP_REQ ERR_UNSUP_HTTPVERSION \
ERR_URN_RESOLVE ERR_WRITE_ERROR ERR_ZERO_SIZE_OBJECT
-# XXX:
-# This is a workaround for the problem that this file does not exist
-# in the "old-style" error directories (errors/<Language>).
-error_files_new_only= ERR_FTP_LISTING
-error_dirs_old= Hebrew Hungarian Korean Lithuanian Polish Portuguese \
- Slovak Traditional_Chinese
-
-error_dirs_new= ar az bg ca cs da de el en en-au en-gb en-nz en-us es et \
- fa fi fr hy id it ja lv nl pt-br ro ru sr sv tr uk uz zh-cn \
+error_dirs= ar az bg ca cs da de el en es et fa fi fr he hu hy id it \
+ ja ko lt lv ms nl pl pt pt-br ro ru sk sr sv th tr uk uz \
+ zh-cn zh-tw \
templates
+error_dir_links= ar-ae ar-bh ar-dz ar-eg ar-iq ar-jo ar-kw ar-lb \
+ ar-ly ar-ma ar-om ar-qa ar-sa ar-sy ar-tn ar-ye \
+ az-az bg-bg cs-cz da-dk de-de el-gr en-au en-ca \
+ en-gb en-in en-nz en-sg en-tt en-uk en-us en-za \
+ es-ar es-pe es-es et-ee fi-fi fr-fr he-il hu-hu \
+ hy-am id-id it-it ja-jp ko-kr lt-lt lv-lv ms-my \
+ nl-nl pl-pl pt-pt ro-ro ru-ru sk-sk sr-sp sv-se \
+ th-th tr-tr uk-ua zh-hk zh-mo zh-sg
+
libexec= cachemgr.cgi digest_pw_auth diskd ip_user_check \
msnt_auth ncsa_auth ntlm_smb_lm_auth pam_auth smb_auth \
smb_auth.sh squid_db_auth squid_radius_auth squid_session \
@@ -217,7 +221,8 @@
--enable-removal-policies="lru heap" \
--disable-linux-netfilter \
--disable-linux-tproxy \
- --disable-epoll
+ --disable-epoll \
+ --disable-translation
.include <bsd.port.pre.mk>
@@ -257,10 +262,8 @@
--enable-ntlm-auth-helpers="smb_lm"
.if !defined(NO_KERBEROS) && !defined(WITHOUT_KERBEROS)
CONFIGURE_ARGS+= --enable-negotiate-auth-helpers="squid_kerb_auth"
-# XXX:
-# these files moved from libexec to sbin : Bug or Feature?
-sbin+= negotiate_kerb_auth negotiate_kerb_auth_test \
- squid_kerb_auth squid_kerb_auth_test
+libexec+= negotiate_kerb_auth negotiate_kerb_auth_test \
+ squid_kerb_auth squid_kerb_auth_test
.endif
# Storage schemes:
@@ -406,15 +409,12 @@
PLIST_FILES= ${etc_files:S,^,etc/,} ${icon_files:S,^,etc/squid/icons/,} \
${libexec:S,^,libexec/squid/,} ${sbin:S,^,sbin/,}
-.for d in ${error_dirs_old}
+PLIST_FILES+= etc/squid/errors/COPYRIGHT etc/squid/errors/TRANSLATORS
+.for d in ${error_dirs}
PLIST_DIRS+= etc/squid/errors/${d}
PLIST_FILES+= ${error_files:S,^,etc/squid/errors/${d}/,}
.endfor
-.for d in ${error_dirs_new}
-PLIST_DIRS+= etc/squid/errors/${d}
-PLIST_FILES+= ${error_files:S,^,etc/squid/errors/${d}/,}
-PLIST_FILES+= ${error_files_new_only:S,^,etc/squid/errors/${d}/,}
-.endfor
+PLIST_FILES+= ${error_dir_links:S,^,etc/squid/errors/,}
PLIST_DIRS+= etc/squid/errors etc/squid squid/logs squid/cache squid
post-patch:
Index: distinfo
===================================================================
--- distinfo (.../www/squid31) (revision 1653)
+++ distinfo (.../local/squid31) (revision 1653)
@@ -1,3 +1,3 @@
-MD5 (squid3.1/squid-3.1.0.8.tar.bz2) = 468fc9677a8771f9423ddb15fcd2e03d
-SHA256 (squid3.1/squid-3.1.0.8.tar.bz2) = 57964f7d5f9fe9cf37a4178807c169b714335ce132f7f53aee894a638a19d735
-SIZE (squid3.1/squid-3.1.0.8.tar.bz2) = 2345063
+MD5 (squid3.1/squid-3.1.0.13.tar.bz2) = a7e3f6c35853a8ad200ba448004417da
+SHA256 (squid3.1/squid-3.1.0.13.tar.bz2) = 25316da63796d2ef459bfa8c25f44a09e7a552e5d9517c4a98d320101e64a67e
+SIZE (squid3.1/squid-3.1.0.13.tar.bz2) = 2386678
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list