ports/62442: [Maintainer update] www/squid: New patches, misc cleanups
Thomas-Martin Seck
thomas at tmseck.homedns.org
Fri Feb 6 17:31:43 UTC 2004
>Number: 62442
>Category: ports
>Synopsis: [Maintainer update] www/squid: New patches, misc cleanups
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Fri Feb 06 09:30:21 PST 2004
>Closed-Date:
>Last-Modified:
>Originator: Thomas-Martin Seck
>Release: FreeBSD 4.9-STABLE i386
>Organization:
private site
>Environment:
FreeBSD ports repository as of Feb 06, 2004.
>Description:
- integrate a new patch from squid-cache.org, see
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE4-ftp_telnet
for details
- integrate a patch by Glen Gibb to enable ARP based ACLs and make this an
OPTION; see also http://www.squid-cache.org/bugs/show_bug.cgi?id=909
for his original bug report
- make --enable-underscores an OPTION
- set a tighter ACL on libexec/pinger
- use $SQUID_USER and $SQUID_GROUP in pkg-install
- wordsmith comments
- bump PORTREVISION
>How-To-Repeat:
>Fix:
Here's the patch:
Index: projekte/FreeBSD/ports/www/squid/Makefile
diff -u projekte/FreeBSD/ports/www/squid/Makefile:1.8 projekte/FreeBSD/ports/www/squid/Makefile:1.5.2.12
--- projekte/FreeBSD/ports/www/squid/Makefile:1.8 Fri Feb 6 17:08:45 2004
+++ projekte/FreeBSD/ports/www/squid/Makefile Fri Feb 6 18:05:30 2004
@@ -23,7 +23,7 @@
PORTNAME= squid
PORTVERSION= 2.5.4
-PORTREVISION= 8
+PORTREVISION= 9
CATEGORIES= www
MASTER_SITES= \
ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
@@ -71,7 +71,8 @@
squid-2.5.STABLE4-ldap_tls.patch \
squid-2.5.STABLE4-ldap_group_bufsize.patch \
squid-2.5.STABLE4-http_workarounds.patch \
- squid-2.5.STABLE4-empty_proxy_auth.patch
+ squid-2.5.STABLE4-empty_proxy_auth.patch \
+ squid-2.5.STABLE4-ftp_telnet.patch
PATCH_DIST_STRIP= -p1
MAINTAINER= tmseck at netcologne.de
@@ -103,9 +104,11 @@
SQUID_VIA_DB "Enable forward/via database" off \
SQUID_CACHE_DIGESTS "Enable cache digests" off \
SQUID_WCCP "Enable Web Cache Coordination Protocol" on \
+ SQUID_UNDERSCORES "Allow underscores in hostnames" on \
SQUID_STRICT_HTTP "Be strictly HTTP compliant" off \
SQUID_IDENT "Enable ident (RFC 931) lookups" on \
- SQUID_USERAGENT_LOG "Enable User-Agent-header logging" off
+ SQUID_USERAGENT_LOG "Enable User-Agent-header logging" off \
+ SQUID_ARP_ACL "Enable ACLs based on ethernet address" off
PLIST_FILES= etc/rc.d/squid.sh etc/squid/mib.txt etc/squid/mime.conf.default \
etc/squid/msntauth.conf.default etc/squid/squid.conf.default \
@@ -117,7 +120,6 @@
--localstatedir=${PREFIX}/squid \
--enable-storeio="ufs diskd null" \
--enable-removal-policies="lru heap" \
- --enable-underscores
.include <bsd.port.pre.mk>
@@ -140,7 +142,7 @@
--enable-external-acl-helpers="${external_acl}" \
--enable-ntlm-auth-helpers="SMB winbind"
-# Options set via 'make config':
+# Other options set via 'make config':
.if defined(WITH_SQUID_DELAY_POOLS)
CONFIGURE_ARGS+= --enable-delay-pools
@@ -172,6 +174,9 @@
.if defined(WITHOUT_SQUID_WCCP)
CONFIGURE_ARGS+= --disable-wccp
.endif
+.if defined(WITH_SQUID_UNDERSCORES)
+CONFIGURE_ARGS+= --enable-underscores
+.endif
.if defined(WITH_SQUID_STRICT_HTTP)
CONFIGURE_ARGS+= --disable-http-violations
.endif
@@ -181,11 +186,14 @@
.if defined(WITH_SQUID_USERAGENT_LOG)
CONFIGURE_ARGS+= --enable-useragent-log
.endif
+.if defined(WITH_SQUID_ARP_ACL)
+CONFIGURE_ARGS+= --enable-arp-acl
+.endif
# Languages:
#
# If you do not define SQUID_LANGUAGES yourself, all available language files
-# will be installed; the default language will be english.
+# will be installed; the default language will be English.
SQUID_LANGUAGES?= \
Bulgarian Catalan Czech Danish Dutch English Estonian Finnish \
@@ -223,11 +231,8 @@
# --enable-stacktraces
# Enable automatic call backtrace on fatal errors
#
-# These options do not yet work on FreeBSD:
+# This option does not yet work on FreeBSD:
#
-# --enable-arp-acl
-# Enable ACL based on ethernet address (eg: for machines with dynamic DHCP
-# assigned IP addresses)
# --enable-ipf-transparent
# Enable Transparent Proxy support for IP-Filter systems (incl 3.0)
# (IPFilter headers are not currently installed to the base system,
@@ -254,12 +259,12 @@
>${WRKDIR}/squid.sh
pre-su-install:
- @${SETENV} SQUID_UID=${SQUID_UID} SQUID_GID=${SQUID_GID} \
+ @${SETENV} SQUID_USER=${SQUID_UID} SQUID_GROUP=${SQUID_GID} \
PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
post-install:
.if defined(WITH_SQUID_PINGER)
- ${CHMOD} 4710 ${PREFIX}/libexec/squid/pinger; \
+ ${CHMOD} 4510 ${PREFIX}/libexec/squid/pinger; \
${CHGRP} ${SQUID_GID} ${PREFIX}/libexec/squid/pinger
.endif
${INSTALL_SCRIPT} ${WRKDIR}/squid.sh ${PREFIX}/etc/rc.d
Index: projekte/FreeBSD/ports/www/squid/distinfo
diff -u projekte/FreeBSD/ports/www/squid/distinfo:1.6 projekte/FreeBSD/ports/www/squid/distinfo:1.4.2.5
--- projekte/FreeBSD/ports/www/squid/distinfo:1.6 Fri Feb 6 17:08:45 2004
+++ projekte/FreeBSD/ports/www/squid/distinfo Fri Feb 6 17:51:05 2004
@@ -72,3 +72,5 @@
SIZE (squid2.5/squid-2.5.STABLE4-http_workarounds.patch) = 12322
MD5 (squid2.5/squid-2.5.STABLE4-empty_proxy_auth.patch) = ff55a2c7a718868ad245fd6de07018c9
SIZE (squid2.5/squid-2.5.STABLE4-empty_proxy_auth.patch) = 2719
+MD5 (squid2.5/squid-2.5.STABLE4-ftp_telnet.patch) = 570ed0193201946fc10b42c0d96f7f48
+SIZE (squid2.5/squid-2.5.STABLE4-ftp_telnet.patch) = 3844
Index: projekte/FreeBSD/ports/www/squid/pkg-install
diff -u projekte/FreeBSD/ports/www/squid/pkg-install:1.3 projekte/FreeBSD/ports/www/squid/pkg-install:1.2.2.2
--- projekte/FreeBSD/ports/www/squid/pkg-install:1.3 Sat Jan 17 15:37:40 2004
+++ projekte/FreeBSD/ports/www/squid/pkg-install Fri Feb 6 18:04:31 2004
@@ -7,8 +7,8 @@
pkgname=$1
squid_base=${PKG_PREFIX:-/usr/local}/squid
squid_confdir=${PKG_PREFIX:-/usr/local}/etc/squid
-squid_user=${SQUID_UID:=squid}
-squid_group=${SQUID_GID:=squid}
+squid_user=${SQUID_USER:=squid}
+squid_group=${SQUID_GROUP:=squid}
squid_gid=3128
squid_uid=3128
Index: projekte/FreeBSD/ports/www/squid/files/patch-src_acl.c
diff -u /dev/null projekte/FreeBSD/ports/www/squid/files/patch-src_acl.c:1.1.2.1
--- /dev/null Fri Feb 6 18:09:33 2004
+++ projekte/FreeBSD/ports/www/squid/files/patch-src_acl.c Fri Feb 6 17:51:17 2004
@@ -0,0 +1,117 @@
+--- src/acl.c 2004/02/04 05:45:07 1.1
++++ src/acl.c 2004/02/04 05:45:16
+@@ -2626,6 +2626,9 @@
+ #endif
+ #include <net/route.h>
+ #include <net/if.h>
++#ifdef _SQUID_FREEBSD__
++#include <net/if_arp.h>
++#endif
+ #if HAVE_NETINET_IF_ETHER_H
+ #include <netinet/if_ether.h>
+ #endif
+@@ -2846,6 +2849,82 @@
+ inet_ntoa(c), splayLastResult ? "NOT found" : "found");
+ return (0 == splayLastResult);
+ }
++#elif defined(_SQUID_FREEBSD_)
++ struct arpreq arpReq;
++ struct sockaddr_in ipAddr;
++ unsigned char ifbuffer[sizeof(struct ifreq) * 64];
++ struct ifconf ifc;
++ struct ifreq *ifr;
++ int offset;
++ splayNode **Top = dataptr;
++
++ int mib[6];
++ size_t needed;
++ char *lim, *buf, *next;
++ struct rt_msghdr *rtm;
++ struct sockaddr_inarp *sin;
++ struct sockaddr_dl *sdl;
++
++ /*
++ * Set up structures for ARP lookup with blank interface name
++ */
++ ipAddr.sin_family = AF_INET;
++ ipAddr.sin_port = 0;
++ ipAddr.sin_addr = c;
++ memset(&arpReq, '\0', sizeof(arpReq));
++ xmemcpy(&arpReq.arp_pa, &ipAddr, sizeof(struct sockaddr_in));
++
++ /* Query ARP table */
++ mib[0] = CTL_NET;
++ mib[1] = PF_ROUTE;
++ mib[2] = 0;
++ mib[3] = AF_INET;
++ mib[4] = NET_RT_FLAGS;
++ mib[5] = RTF_LLINFO;
++ if (sysctl(mib, 6, NULL, &needed, NULL, 0) < 0) {
++ debug(28, 0) ("Can't estimate ARP table size!\n");
++ return 0;
++ }
++ if ((buf = xmalloc(needed)) == NULL) {
++ debug(28, 0) ("Can't allocate temporary ARP table!\n");
++ return 0;
++ }
++ if (sysctl(mib, 6, buf, &needed, NULL, 0) < 0) {
++ debug(28, 0) ("Can't retrieve ARP table!\n");
++ xfree(buf);
++ return 0;
++ }
++ lim = buf + needed;
++ for (next = buf; next < lim; next += rtm->rtm_msglen) {
++ rtm = (struct rt_msghdr *) next;
++ sin = (struct sockaddr_inarp *) (rtm + 1);
++ /*sdl = (struct sockaddr_dl *) (sin + 1);*/
++#define ROUNDUP(a) \
++ ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
++ (char *)sdl = (char *)sin + ROUNDUP(sin->sin_len);
++ if (c.s_addr == sin->sin_addr.s_addr) {
++ if (sdl->sdl_alen)
++ {
++ arpReq.arp_ha.sa_len = sizeof(struct sockaddr);
++ arpReq.arp_ha.sa_family = AF_UNSPEC;
++ memcpy(arpReq.arp_ha.sa_data, LLADDR(sdl), sdl->sdl_alen);
++ }
++ }
++ }
++ xfree(buf);
++ if (arpReq.arp_ha.sa_data[0] == 0 && arpReq.arp_ha.sa_data[1] == 0 &&
++ arpReq.arp_ha.sa_data[2] == 0 && arpReq.arp_ha.sa_data[3] == 0 &&
++ arpReq.arp_ha.sa_data[4] == 0 && arpReq.arp_ha.sa_data[5] == 0)
++ return 0;
++ debug(28, 4) ("Got address %02x:%02x:%02x:%02x:%02x:%02x\n",
++ arpReq.arp_ha.sa_data[0] & 0xff, arpReq.arp_ha.sa_data[1] & 0xff,
++ arpReq.arp_ha.sa_data[2] & 0xff, arpReq.arp_ha.sa_data[3] & 0xff,
++ arpReq.arp_ha.sa_data[4] & 0xff, arpReq.arp_ha.sa_data[5] & 0xff);
++ /* Do lookup */
++ *Top = splay_splay(&arpReq.arp_ha.sa_data, *Top, aclArpCompare);
++ debug(28, 3) ("aclMatchArp: '%s' %s\n",
++ inet_ntoa(c), splayLastResult ? "NOT found" : "found");
++ return (0 == splayLastResult);
+ #else
+ WRITE ME;
+ #endif
+@@ -2869,6 +2948,21 @@
+ if (d1[2] != d2[2])
+ return (d1[2] > d2[2]) ? 1 : -1;
+ #elif defined(_SQUID_SOLARIS_)
++ const unsigned char *d1 = a;
++ const unsigned char *d2 = b;
++ if (d1[0] != d2[0])
++ return (d1[0] > d2[0]) ? 1 : -1;
++ if (d1[1] != d2[1])
++ return (d1[1] > d2[1]) ? 1 : -1;
++ if (d1[2] != d2[2])
++ return (d1[2] > d2[2]) ? 1 : -1;
++ if (d1[3] != d2[3])
++ return (d1[3] > d2[3]) ? 1 : -1;
++ if (d1[4] != d2[4])
++ return (d1[4] > d2[4]) ? 1 : -1;
++ if (d1[5] != d2[5])
++ return (d1[5] > d2[5]) ? 1 : -1;
++#elif defined(_SQUID_FREEBSD_)
+ const unsigned char *d1 = a;
+ const unsigned char *d2 = b;
+ if (d1[0] != d2[0])
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list