From 429f7b8550c4021ee6e5c3ebf8d95302261eb665 Mon Sep 17 00:00:00 2001
From: Sergei Kolobov <sergei@FreeBSD.org>
Date: Tue, 17 Feb 2004 11:07:18 +0000
Subject: - integrate a new patch from squid-cache.org, see
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE4-ftp_telnet
for details - integrate a patch by Glen Gibb to enable ARP based ACLs and
make this an OPTION; see also
http://www.squid-cache.org/bugs/show_bug.cgi?id=909 for his original bug
report - integrate additional vendor patches - make --enable-underscores an
OPTION - set a tighter ACL on libexec/pinger - use $SQUID_USER and
$SQUID_GROUP in pkg-install - wordsmith comments - bump PORTREVISION
PR: ports/62442
Submitted by: maintainer
- Fix checksum for updated errorpages patch
PR: ports/62923
Submitted by: Michal Pasternak <dotz@irc.pl>
Approved by: maintainer
---
www/squid25/Makefile | 33 +++++++----
www/squid25/distinfo | 14 ++++-
www/squid25/files/patch-src_acl.c | 117 ++++++++++++++++++++++++++++++++++++++
www/squid25/pkg-install | 4 +-
4 files changed, 152 insertions(+), 16 deletions(-)
create mode 100644 www/squid25/files/patch-src_acl.c
(limited to 'www/squid25')
diff --git a/www/squid25/Makefile b/www/squid25/Makefile
index 78aacde3fc22..07b755491a4a 100644
--- a/www/squid25/Makefile
+++ b/www/squid25/Makefile
@@ -23,7 +23,7 @@
PORTNAME= squid
PORTVERSION= 2.5.4
-PORTREVISION= 8
+PORTREVISION= 9
CATEGORIES= www
MASTER_SITES= \
ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
@@ -71,7 +71,12 @@ PATCHFILES= squid-2.5.STABLE4-reconfigure_message.patch \
squid-2.5.STABLE4-ldap_tls.patch \
squid-2.5.STABLE4-ldap_group_bufsize.patch \
squid-2.5.STABLE4-http_workarounds.patch \
- squid-2.5.STABLE4-empty_proxy_auth.patch
+ squid-2.5.STABLE4-empty_proxy_auth.patch \
+ squid-2.5.STABLE4-ftp_telnet.patch \
+ squid-2.5.STABLE4-ntlm_auth_popups.patch \
+ squid-2.5.STABLE4-ldap_group-S.patch \
+ squid-2.5.STABLE4-ipcache_purge.patch \
+ squid-2.5.STABLE4-cache_peer_access_ntlm.patch
PATCH_DIST_STRIP= -p1
MAINTAINER= tmseck@netcologne.de
@@ -103,9 +108,11 @@ OPTIONS= SQUID_LDAP_AUTH "Install LDAP authentication helpers" off \
SQUID_VIA_DB "Enable forward/via database" off \
SQUID_CACHE_DIGESTS "Enable cache digests" off \
SQUID_WCCP "Enable Web Cache Coordination Protocol" on \
+ SQUID_UNDERSCORES "Allow underscores in hostnames" on \
SQUID_STRICT_HTTP "Be strictly HTTP compliant" off \
SQUID_IDENT "Enable ident (RFC 931) lookups" on \
- SQUID_USERAGENT_LOG "Enable User-Agent-header logging" off
+ SQUID_USERAGENT_LOG "Enable User-Agent-header logging" off \
+ SQUID_ARP_ACL "Enable ACLs based on ethernet address" off
PLIST_FILES= etc/rc.d/squid.sh etc/squid/mib.txt etc/squid/mime.conf.default \
etc/squid/msntauth.conf.default etc/squid/squid.conf.default \
@@ -117,7 +124,6 @@ CONFIGURE_ARGS= --bindir=${PREFIX}/sbin --sysconfdir=${PREFIX}/etc/squid \
--localstatedir=${PREFIX}/squid \
--enable-storeio="ufs diskd null" \
--enable-removal-policies="lru heap" \
- --enable-underscores
.include <bsd.port.pre.mk>
@@ -140,7 +146,7 @@ CONFIGURE_ARGS+= --enable-auth="basic ntlm digest" \
--enable-external-acl-helpers="${external_acl}" \
--enable-ntlm-auth-helpers="SMB winbind"
-# Options set via 'make config':
+# Other options set via 'make config':
.if defined(WITH_SQUID_DELAY_POOLS)
CONFIGURE_ARGS+= --enable-delay-pools
@@ -172,6 +178,9 @@ CONFIGURE_ARGS+= --enable-cache-digests
.if defined(WITHOUT_SQUID_WCCP)
CONFIGURE_ARGS+= --disable-wccp
.endif
+.if defined(WITH_SQUID_UNDERSCORES)
+CONFIGURE_ARGS+= --enable-underscores
+.endif
.if defined(WITH_SQUID_STRICT_HTTP)
CONFIGURE_ARGS+= --disable-http-violations
.endif
@@ -181,11 +190,14 @@ CONFIGURE_ARGS+= --disable-ident-lookups
.if defined(WITH_SQUID_USERAGENT_LOG)
CONFIGURE_ARGS+= --enable-useragent-log
.endif
+.if defined(WITH_SQUID_ARP_ACL)
+CONFIGURE_ARGS+= --enable-arp-acl
+.endif
# Languages:
#
# If you do not define SQUID_LANGUAGES yourself, all available language files
-# will be installed; the default language will be english.
+# will be installed; the default language will be English.
SQUID_LANGUAGES?= \
Bulgarian Catalan Czech Danish Dutch English Estonian Finnish \
@@ -223,11 +235,8 @@ CONFIGURE_ARGS+= --enable-err-languages="${SQUID_LANGUAGES}" \
# --enable-stacktraces
# Enable automatic call backtrace on fatal errors
#
-# These options do not yet work on FreeBSD:
+# This option does not yet work on FreeBSD:
#
-# --enable-arp-acl
-# Enable ACL based on ethernet address (eg: for machines with dynamic DHCP
-# assigned IP addresses)
# --enable-ipf-transparent
# Enable Transparent Proxy support for IP-Filter systems (incl 3.0)
# (IPFilter headers are not currently installed to the base system,
@@ -254,12 +263,12 @@ pre-install:
>${WRKDIR}/squid.sh
pre-su-install:
- @${SETENV} SQUID_UID=${SQUID_UID} SQUID_GID=${SQUID_GID} \
+ @${SETENV} SQUID_USER=${SQUID_UID} SQUID_GROUP=${SQUID_GID} \
PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
post-install:
.if defined(WITH_SQUID_PINGER)
- ${CHMOD} 4710 ${PREFIX}/libexec/squid/pinger; \
+ ${CHMOD} 4510 ${PREFIX}/libexec/squid/pinger; \
${CHGRP} ${SQUID_GID} ${PREFIX}/libexec/squid/pinger
.endif
${INSTALL_SCRIPT} ${WRKDIR}/squid.sh ${PREFIX}/etc/rc.d
diff --git a/www/squid25/distinfo b/www/squid25/distinfo
index 928dbafc99c2..73777e606a05 100644
--- a/www/squid25/distinfo
+++ b/www/squid25/distinfo
@@ -12,8 +12,8 @@ MD5 (squid2.5/pam_auth-2.2.patch) = 3037a67d8f4b85cd7d51cb2dd5b4e8b8
SIZE (squid2.5/pam_auth-2.2.patch) = 4878
MD5 (squid2.5/squid-2.5.STABLE4_auth_param_doc.patch) = 3b35c424db58c71c541563cd5ae39d15
SIZE (squid2.5/squid-2.5.STABLE4_auth_param_doc.patch) = 9068
-MD5 (squid2.5/squid-2.5.STABLE4-errorpages.patch) = cd2afde3f233df8ab8015e045f304ee7
-SIZE (squid2.5/squid-2.5.STABLE4-errorpages.patch) = 49938
+MD5 (squid2.5/squid-2.5.STABLE4-errorpages.patch) = df16c73a786ce0c59b1585ab6b745210
+SIZE (squid2.5/squid-2.5.STABLE4-errorpages.patch) = 49937
MD5 (squid2.5/squid-2.5.STABLE4-error_load_text.patch) = 3935a3005d125f55cd78b228eba20647
SIZE (squid2.5/squid-2.5.STABLE4-error_load_text.patch) = 571
MD5 (squid2.5/squid-2.5.STABLE4-xpi_mime.patch) = 1143fb9244690a24450c3c9ce6105da4
@@ -72,3 +72,13 @@ MD5 (squid2.5/squid-2.5.STABLE4-http_workarounds.patch) = 77d1a43dffa7aa97eb39b9
SIZE (squid2.5/squid-2.5.STABLE4-http_workarounds.patch) = 12322
MD5 (squid2.5/squid-2.5.STABLE4-empty_proxy_auth.patch) = ff55a2c7a718868ad245fd6de07018c9
SIZE (squid2.5/squid-2.5.STABLE4-empty_proxy_auth.patch) = 2719
+MD5 (squid2.5/squid-2.5.STABLE4-ftp_telnet.patch) = 570ed0193201946fc10b42c0d96f7f48
+SIZE (squid2.5/squid-2.5.STABLE4-ftp_telnet.patch) = 3844
+MD5 (squid2.5/squid-2.5.STABLE4-ntlm_auth_popups.patch) = 922ef0774b855866b6daeb5df19bb4b3
+SIZE (squid2.5/squid-2.5.STABLE4-ntlm_auth_popups.patch) = 63653
+MD5 (squid2.5/squid-2.5.STABLE4-ldap_group-S.patch) = 35eb045971a1fe12b847e05862614aa6
+SIZE (squid2.5/squid-2.5.STABLE4-ldap_group-S.patch) = 993
+MD5 (squid2.5/squid-2.5.STABLE4-ipcache_purge.patch) = d76b6163f0806494defe9cba37a2d708
+SIZE (squid2.5/squid-2.5.STABLE4-ipcache_purge.patch) = 1022
+MD5 (squid2.5/squid-2.5.STABLE4-cache_peer_access_ntlm.patch) = 94841c505d86a1ab310b817119079e3b
+SIZE (squid2.5/squid-2.5.STABLE4-cache_peer_access_ntlm.patch) = 3378
diff --git a/www/squid25/files/patch-src_acl.c b/www/squid25/files/patch-src_acl.c
new file mode 100644
index 000000000000..727b44080369
--- /dev/null
+++ b/www/squid25/files/patch-src_acl.c
@@ -0,0 +1,117 @@
+--- src/acl.c 2004/02/04 05:45:07 1.1
++++ src/acl.c 2004/02/04 05:45:16
+@@ -2626,6 +2626,9 @@
+ #endif
+ #include <net/route.h>
+ #include <net/if.h>
++#ifdef _SQUID_FREEBSD__
++#include <net/if_arp.h>
++#endif
+ #if HAVE_NETINET_IF_ETHER_H
+ #include <netinet/if_ether.h>
+ #endif
+@@ -2846,6 +2849,82 @@
+ inet_ntoa(c), splayLastResult ? "NOT found" : "found");
+ return (0 == splayLastResult);
+ }
++#elif defined(_SQUID_FREEBSD_)
++ struct arpreq arpReq;
++ struct sockaddr_in ipAddr;
++ unsigned char ifbuffer[sizeof(struct ifreq) * 64];
++ struct ifconf ifc;
++ struct ifreq *ifr;
++ int offset;
++ splayNode **Top = dataptr;
++
++ int mib[6];
++ size_t needed;
++ char *lim, *buf, *next;
++ struct rt_msghdr *rtm;
++ struct sockaddr_inarp *sin;
++ struct sockaddr_dl *sdl;
++
++ /*
++ * Set up structures for ARP lookup with blank interface name
++ */
++ ipAddr.sin_family = AF_INET;
++ ipAddr.sin_port = 0;
++ ipAddr.sin_addr = c;
++ memset(&arpReq, '\0', sizeof(arpReq));
++ xmemcpy(&arpReq.arp_pa, &ipAddr, sizeof(struct sockaddr_in));
++
++ /* Query ARP table */
++ mib[0] = CTL_NET;
++ mib[1] = PF_ROUTE;
++ mib[2] = 0;
++ mib[3] = AF_INET;
++ mib[4] = NET_RT_FLAGS;
++ mib[5] = RTF_LLINFO;
++ if (sysctl(mib, 6, NULL, &needed, NULL, 0) < 0) {
++ debug(28, 0) ("Can't estimate ARP table size!\n");
++ return 0;
++ }
++ if ((buf = xmalloc(needed)) == NULL) {
++ debug(28, 0) ("Can't allocate temporary ARP table!\n");
++ return 0;
++ }
++ if (sysctl(mib, 6, buf, &needed, NULL, 0) < 0) {
++ debug(28, 0) ("Can't retrieve ARP table!\n");
++ xfree(buf);
++ return 0;
++ }
++ lim = buf + needed;
++ for (next = buf; next < lim; next += rtm->rtm_msglen) {
++ rtm = (struct rt_msghdr *) next;
++ sin = (struct sockaddr_inarp *) (rtm + 1);
++ /*sdl = (struct sockaddr_dl *) (sin + 1);*/
++#define ROUNDUP(a) \
++ ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
++ (char *)sdl = (char *)sin + ROUNDUP(sin->sin_len);
++ if (c.s_addr == sin->sin_addr.s_addr) {
++ if (sdl->sdl_alen)
++ {
++ arpReq.arp_ha.sa_len = sizeof(struct sockaddr);
++ arpReq.arp_ha.sa_family = AF_UNSPEC;
++ memcpy(arpReq.arp_ha.sa_data, LLADDR(sdl), sdl->sdl_alen);
++ }
++ }
++ }
++ xfree(buf);
++ if (arpReq.arp_ha.sa_data[0] == 0 && arpReq.arp_ha.sa_data[1] == 0 &&
++ arpReq.arp_ha.sa_data[2] == 0 && arpReq.arp_ha.sa_data[3] == 0 &&
++ arpReq.arp_ha.sa_data[4] == 0 && arpReq.arp_ha.sa_data[5] == 0)
++ return 0;
++ debug(28, 4) ("Got address %02x:%02x:%02x:%02x:%02x:%02x\n",
++ arpReq.arp_ha.sa_data[0] & 0xff, arpReq.arp_ha.sa_data[1] & 0xff,
++ arpReq.arp_ha.sa_data[2] & 0xff, arpReq.arp_ha.sa_data[3] & 0xff,
++ arpReq.arp_ha.sa_data[4] & 0xff, arpReq.arp_ha.sa_data[5] & 0xff);
++ /* Do lookup */
++ *Top = splay_splay(&arpReq.arp_ha.sa_data, *Top, aclArpCompare);
++ debug(28, 3) ("aclMatchArp: '%s' %s\n",
++ inet_ntoa(c), splayLastResult ? "NOT found" : "found");
++ return (0 == splayLastResult);
+ #else
+ WRITE ME;
+ #endif
+@@ -2869,6 +2948,21 @@
+ if (d1[2] != d2[2])
+ return (d1[2] > d2[2]) ? 1 : -1;
+ #elif defined(_SQUID_SOLARIS_)
++ const unsigned char *d1 = a;
++ const unsigned char *d2 = b;
++ if (d1[0] != d2[0])
++ return (d1[0] > d2[0]) ? 1 : -1;
++ if (d1[1] != d2[1])
++ return (d1[1] > d2[1]) ? 1 : -1;
++ if (d1[2] != d2[2])
++ return (d1[2] > d2[2]) ? 1 : -1;
++ if (d1[3] != d2[3])
++ return (d1[3] > d2[3]) ? 1 : -1;
++ if (d1[4] != d2[4])
++ return (d1[4] > d2[4]) ? 1 : -1;
++ if (d1[5] != d2[5])
++ return (d1[5] > d2[5]) ? 1 : -1;
++#elif defined(_SQUID_FREEBSD_)
+ const unsigned char *d1 = a;
+ const unsigned char *d2 = b;
+ if (d1[0] != d2[0])
diff --git a/www/squid25/pkg-install b/www/squid25/pkg-install
index 3b16eee43fda..ed7fd6d9c992 100644
--- a/www/squid25/pkg-install
+++ b/www/squid25/pkg-install
@@ -7,8 +7,8 @@ PATH=/bin:/usr/bin:/usr/sbin
pkgname=$1
squid_base=${PKG_PREFIX:-/usr/local}/squid
squid_confdir=${PKG_PREFIX:-/usr/local}/etc/squid
-squid_user=${SQUID_UID:=squid}
-squid_group=${SQUID_GID:=squid}
+squid_user=${SQUID_USER:=squid}
+squid_group=${SQUID_GROUP:=squid}
squid_gid=3128
squid_uid=3128
--
cgit v1.2.3