ports/67797: [Maintainer] www/squid: support pf(4) on 5.x-RELEASE, misc cleanups

Thomas-Martin Seck tmseck at netcologne.de
Thu Jun 10 15:30:31 UTC 2004 

>Number:         67797
>Category:       ports
>Synopsis:       [Maintainer] www/squid: support pf(4) on 5.x-RELEASE, misc cleanups
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jun 10 15:30:22 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Thomas-Martin Seck
>Release:        FreeBSD 4.10-STABLE i386
>Organization:
a private site in Germany
>Environment:
FreeBSD ports repository as of June 10th, 2004.

	
>Description:
- support systems where pf(4) must be installed from ports (see ports/67724,
  submitted by Michal F. Hanula)
- change ": foo=${foo:=bar}" into "foo=${foo:-bar}" to make the shell
  scripts easier to read and understand
- correct credits for the recently published NTLM auth vulnerability and
  fix a nearby braino, too
- bump PORTREVISION (because of squid.sh changes; I leave the final decision
  to the committer)

added file:
files/pf_from_ports.patch.in

This PR corrects the issue reported in ports/67724 which can be closed.
	
>How-To-Repeat:
	
>Fix:
Apply this patch and "cvs add" files/pf_from_ports.patch.in
Index: files/pf_from_ports.patch.in
===================================================================
--- files/pf_from_ports.patch.in	(revision 0)
+++ files/pf_from_ports.patch.in	(revision 91)
@@ -0,0 +1,20 @@
+--- configure.orig	Thu Jun 10 12:22:06 2004
++++ configure	Thu Jun 10 13:31:53 2004
+@@ -3781,7 +3781,7 @@
+ 	memory.h \
+ 	mount.h \
+ 	net/if.h \
+-	net/pfvar.h \
++	%%PF_INCLUDEDIR%%/net/pfvar.h \
+ 	netdb.h \
+ 	netinet/if_ether.h \
+ 	netinet/in.h \
+@@ -7604,7 +7604,7 @@
+     echo $ac_n "checking if PF header file is installed""... $ac_c" 1>&6
+ echo "configure:7606: checking if PF header file is installed" >&5
+     # hold on to your hats...
+-    if test "$ac_cv_header_net_pfvar_h" = "yes"; then
++    if test "$ac_cv_header_%%PF_AC_INCLUDEPATH%%_net_pfvar_h" = "yes"; then
+         PF_TRANSPARENT="yes"
+         cat >> confdefs.h <<\EOF
+ #define PF_TRANSPARENT 1
Index: files/patch-helpers-ntlm_auth-SMB-libntlmssp.c
===================================================================
--- files/patch-helpers-ntlm_auth-SMB-libntlmssp.c	(.../www/squid)	(revision 91)
+++ files/patch-helpers-ntlm_auth-SMB-libntlmssp.c	(.../local/squid)	(revision 91)
@@ -1,11 +1,11 @@
 This patch fixes a buffer overflow vulnerability in the NTLM auth
-helper which was reported by Stefan Esser on the 07th June 2004.
+helper which was reported by iDefense on the 07th June 2004.
 Original advisory:
 <http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities&flashstatus=false>
 CVE-ID: CAN-2004-0541
 Patch obtained from:
 <http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch>
-The patch was slightly modified by the me (tmseck at netcologne.de) to make
+The patch was slightly modified by me (tmseck at netcologne.de) to make
 it apply cleanly to the FreeBSD port.
 
 Index: libntlmssp.c
Index: files/squid.sh
===================================================================
--- files/squid.sh	(.../www/squid)	(revision 91)
+++ files/squid.sh	(.../local/squid)	(revision 91)
@@ -20,9 +20,9 @@
 extra_commands=reload
 reload_cmd="${command} -k reconfigure"
 stop_cmd="${command} -k shutdown"
-: ${squid_chdir:=%%PREFIX%%/squid/logs}
-: ${squid_user:=%%SQUID_UID%%}
-: ${squid_flags:="-D"}
+squid_chdir=${squid_chdir:-%%PREFIX%%/squid/logs}
+squid_user=${squid_user:-%%SQUID_UID%%}
+squid_flags=${squid_flags:-"-D"}
 default_config=%%PREFIX%%/etc/squid/squid.conf
 
 if [ -f /etc/rc.subr ]; then
Index: pkg-install
===================================================================
--- pkg-install	(.../www/squid)	(revision 91)
+++ pkg-install	(.../local/squid)	(revision 91)
@@ -12,8 +12,8 @@
 else
 	nologin=/sbin/nologin
 fi
-: ${squid_user:=squid}
-: ${squid_group:=squid}
+squid_user=${squid_user:-squid}
+squid_group=${squid_group:-squid}
 squid_gid=100
 squid_uid=100
 # Try to catch the case where the $squid_user might have been created with an
Index: Makefile
===================================================================
--- Makefile	(.../www/squid)	(revision 91)
+++ Makefile	(.../local/squid)	(revision 91)
@@ -29,7 +29,7 @@
 
 PORTNAME=	squid
 PORTVERSION=	2.5.5
-PORTREVISION=	9
+PORTREVISION=	10
 CATEGORIES=	www
 MASTER_SITES=	\
 		ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
@@ -214,13 +214,12 @@
 CONFIGURE_ARGS+=	--enable-arp-acl
 .endif
 .if defined(WITH_SQUID_PF)
-.if ${OSVERSION} >= 502106
-# This will work only systems where PF is part of the base system for now.
-# If someone is eager to teach squid's configure script how to pick up the pf
-# port on 5.[0-2] systems instead, go on, I will integrate your patch.
 CONFIGURE_ARGS+=	--enable-pf-transparent
-.else
-IGNORE=	WITH_SQUID_PF only works on systems where pf is part of the base system.
+.if ${OSVERSION} < 502106
+pf_includedir=	${LOCALBASE}/include/pf
+BUILD_DEPENDS+=	${pf_includedir}/net/pfvar.h:${PORTSDIR}/security/pf
+CFLAGS+=	"-I${pf_includedir}"
+EXTRA_PATCHES+=	${WRKDIR}/pf_from_ports.patch
 .endif
 .endif
 .if defined(WITH_SQUID_FOLLOW_XFF)
@@ -283,6 +282,15 @@
 CONFIGURE_ENV+=		CFLAGS="${CFLAGS}" \
 			LDFLAGS="${LDFLAGS}"
 
+pre-patch:
+# Check whether we need to create the extra patch that makes pf(4)
+# visible for squid's configure script:
+.if defined(pf_includedir)
+	@${SED} -e 's|%%PF_INCLUDEDIR%%|${pf_includedir}|g' \
+	    -e 's|%%PF_AC_INCLUDEPATH%%|${pf_includedir:S,/,_,g}|g' \
+	    ${FILESDIR}/pf_from_ports.patch.in >${WRKDIR}/pf_from_ports.patch
+.endif
+
 post-patch:
 	@${REINPLACE_CMD} -e 's|-lpthread|${PTHREAD_LIBS}|g' ${WRKSRC}/configure
 	@${REINPLACE_CMD} -e 's|/etc|${PREFIX}/etc|g' ${WRKSRC}/doc/squid.8
	


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list