ports/68078: [Maintainer] www/squid: fix NTLM helper patch, minor cleanups

Fri Jun 18 11:41:30 UTC 2004

>Number:         68078
>Category:       ports
>Synopsis:       [Maintainer] www/squid: fix NTLM helper patch, minor cleanups
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jun 18 11:40:26 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Thomas-Martin Seck
>Release:        FreeBSD 4.10-STABLE i386
>Organization:
a private site in Germany
>Environment:
FreeBSD ports collection as of June 18th, 2004

	
>Description:
- correct the patch for the NTLM helper vulnerability according to
  <http://www.squid-cache.org/bugs/show_bug.cgi?id=998>
- apply some cleanups:
  + prefer PATCHDIR over FILEDIR when referring patches
  + remove unnecessary quotes
  + move all substitution tasks to the post-patch target
  + use "${FALSE}" instead of "exit 1" to generate error 1 from a shell
- bump PORTREVISION
	
>How-To-Repeat:
	
>Fix:
Apply this patch:

Index: files/patch-helpers-ntlm_auth-SMB-libntlmssp.c
===================================================================

--- files/patch-helpers-ntlm_auth-SMB-libntlmssp.c	(.../www/squid)	(revision 96)
+++ files/patch-helpers-ntlm_auth-SMB-libntlmssp.c	(.../local/squid)	(revision 96)
@@ -3,18 +3,12 @@
 Original advisory:
 <http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities&flashstatus=false>
 CVE-ID: CAN-2004-0541
-Patch obtained from:
+Patch and correction obtained from:
 <http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch>
-The patch was slightly modified by me (tmseck at netcologne.de) to make
-it apply cleanly to the FreeBSD port.
+<http://www.squid-cache.org/bugs/show_bug.cgi?id=998>
 
-Index: libntlmssp.c
-===================================================================
-RCS file: /server/cvs-server/squid/squid/helpers/ntlm_auth/SMB/libntlmssp.c,v
-retrieving revision 1.7
-diff -u -3 -p -u -r1.7 libntlmssp.c
---- helpers/ntlm_auth/SMB/libntlmssp.c	30 Nov 2001 09:50:28 -0000	1.7
-+++ helpers/ntlm_auth/SMB/libntlmssp.c	20 May 2004 22:31:33 -0000
+--- helpers/ntlm_auth/SMB/libntlmssp.c.orig	Fri Nov 30 10:50:06 2001
++++ helpers/ntlm_auth/SMB/libntlmssp.c	Fri Jun 18 13:17:35 2004
 @@ -161,7 +161,10 @@ make_challenge(char *domain, char *domai
  #define min(A,B) (A<B?A:B)
  
@@ -36,7 +30,7 @@
      char *domain = credentials;
      char *user;
      lstring tmp;
-@@ -215,8 +218,13 @@ ntlm_check_auth(ntlm_authenticate * auth
+@@ -215,6 +218,11 @@ ntlm_check_auth(ntlm_authenticate * auth
  	ntlm_errno = NTLM_LOGON_ERROR;
  	return NULL;
      }
@@ -46,11 +40,8 @@
 +	return NULL;
 +    }
      memcpy(domain, tmp.str, tmp.l);
--    user = domain + tmp.l;
-+    user = domain + tmp.l + 1;
+     user = domain + tmp.l;
      *user++ = '\0';
- 
- /*      debug("fetching user name\n"); */
 @@ -226,20 +234,30 @@ ntlm_check_auth(ntlm_authenticate * auth
  	ntlm_errno = NTLM_LOGON_ERROR;
  	return NULL;
Index: Makefile
===================================================================
--- Makefile	(.../www/squid)	(revision 96)
+++ Makefile	(.../local/squid)	(revision 96)
@@ -29,7 +29,7 @@
 
 PORTNAME=	squid
 PORTVERSION=	2.5.5
-PORTREVISION=	10
+PORTREVISION=	11
 CATEGORIES=	www
 MASTER_SITES=	\
 		ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
@@ -218,7 +218,7 @@
 .if ${OSVERSION} < 502106
 pf_includedir=	${LOCALBASE}/include/pf
 BUILD_DEPENDS+=	${pf_includedir}/net/pfvar.h:${PORTSDIR}/security/pf
-CFLAGS+=	"-I${pf_includedir}"
+CFLAGS+=	-I${pf_includedir}
 EXTRA_PATCHES+=	${WRKDIR}/pf_from_ports.patch
 .endif
 .endif
@@ -284,18 +284,16 @@
 
 pre-patch:
 # Check whether we need to create the extra patch that makes pf(4)
-# visible for squid's configure script:
+# visible to squid's configure script:
 .if defined(pf_includedir)
 	@${SED} -e 's|%%PF_INCLUDEDIR%%|${pf_includedir}|g' \
 	    -e 's|%%PF_AC_INCLUDEPATH%%|${pf_includedir:S,/,_,g}|g' \
-	    ${FILESDIR}/pf_from_ports.patch.in >${WRKDIR}/pf_from_ports.patch
+	    ${PATCHDIR}/pf_from_ports.patch.in >${WRKDIR}/pf_from_ports.patch
 .endif
 
 post-patch:
 	@${REINPLACE_CMD} -e 's|-lpthread|${PTHREAD_LIBS}|g' ${WRKSRC}/configure
 	@${REINPLACE_CMD} -e 's|/etc|${PREFIX}/etc|g' ${WRKSRC}/doc/squid.8
-
-pre-configure:
 	@${REINPLACE_CMD} -e 's|%%SQUID_UID%%|${SQUID_UID}|g' \
 	    -e 's|%%SQUID_GID%%|${SQUID_GID}|g' ${WRKSRC}/src/cf.data.pre
 
@@ -348,10 +346,10 @@
 .if ${SQUID_UID:L} == nobody
 	@${ECHO_CMD} "'nobody' is a system user, you do not need to execute"; \
 	${ECHO_CMD} "this target!"
-	exit 1
+	${FALSE}
 .endif
 	@if [ `${ID} -u` -ne 0 ]; \
-	then ${ECHO_CMD} "Sorry, you must be root to use this target."; exit 1; fi; \
+	then ${ECHO_CMD} "Sorry, you must be root to use this target."; ${FALSE}; fi; \
 	current_uid=`id -u ${SQUID_UID}`; \
 	current_gid=`pw groupshow ${SQUID_GID}|cut -f 3 -d :`; \
 	${ECHO_CMD} "I will remove this user:"; \
	


>Release-Note:
>Audit-Trail:
>Unformatted:

