From owner-svn-ports-head@FreeBSD.ORG Tue Sep 16 12:29:22 2014 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 004CBA5D; Tue, 16 Sep 2014 12:29:21 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DDFA8656; Tue, 16 Sep 2014 12:29:21 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s8GCTLP9039282; Tue, 16 Sep 2014 12:29:21 GMT (envelope-from marino@FreeBSD.org) Received: (from marino@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s8GCTK6B039272; Tue, 16 Sep 2014 12:29:20 GMT (envelope-from marino@FreeBSD.org) Message-Id: <201409161229.s8GCTK6B039272@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: marino set sender to marino@FreeBSD.org using -f From: John Marino Date: Tue, 16 Sep 2014 12:29:20 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r368307 - in head/www: squid squid/files squid33 X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Sep 2014 12:29:22 -0000 Author: marino Date: Tue Sep 16 12:29:19 2014 New Revision: 368307 URL: http://svnweb.freebsd.org/changeset/ports/368307 QAT: https://qat.redports.org/buildarchive/r368307/ Log: www/squid: Upgrade version 2.7.9 => 3.4.7 From now on, there will only be one squid port, this one. Squid33 has been deprecated and will expire on 31 JAN 2015. PR: 192828 Submitted by: timp87 (gmail) Contributions: takefu (airport.fm), Dennis Glatting Added: head/www/squid/files/patch-compat_Makefile.in (contents, props changed) head/www/squid/files/patch-compat_strlen.c (contents, props changed) head/www/squid/files/patch-src_tools.cc (contents, props changed) head/www/squid/pkg-plist (contents, props changed) Deleted: head/www/squid/files/extra-patch-src-cf.data.pre.aufs head/www/squid/files/patch-helpers-basic_auth-SMB-Makefile.in head/www/squid/files/patch-helpers-basic_auth-SMB-smb_auth.sh head/www/squid/files/patch-include-squid_types.h head/www/squid/files/patch-squid_kerb_auth head/www/squid/files/patch-tools-Makefile.in head/www/squid/files/pkg-deinstall.in Modified: head/www/squid/Makefile head/www/squid/distinfo head/www/squid/files/patch-configure head/www/squid/files/patch-src-cf.data.pre head/www/squid/files/pkg-install.in head/www/squid/files/pkg-message.in head/www/squid/files/squid.in head/www/squid/pkg-descr head/www/squid33/Makefile Modified: head/www/squid/Makefile ============================================================================== --- head/www/squid/Makefile Tue Sep 16 12:04:06 2014 (r368306) +++ head/www/squid/Makefile Tue Sep 16 12:29:19 2014 (r368307) @@ -1,450 +1,340 @@ -# Created by: Adrian Chadd # $FreeBSD$ -# Tunables not (yet) configurable via 'make config': -# SQUID_{U,G}ID -# Which user/group Squid should run as (default: squid/squid). -# The user and group will be created if they do not already exist using -# a uid:gid of 100:100. -# NOTE: older versions of Squid defaulted to nobody/nogroup. -# If you wish to run Squid as "nobody" (which is not recommended), please -# define SQUID_UID=nobody and SQUID_GID=nogroup in your make environment -# before you start the update or installation of this port. -# -# SQUID_LANGUAGES -# A list of languages for which error page files should be installed -# (default: all) -# -# E.g. use `make SQUID_LANGUAGES="English French"' if you want to -# install the files for these languages only. -# Use `make -VSQUID_LANGUAGES' or scroll down to this variable's -# definition to see which values are valid. -# -# SQUID_DEFAULT_LANG -# If you define SQUID_LANGUAGES, select which language should be the default -# one (this variable defaults to English). This setting can be overwritten -# with squid.conf's error_directory directive. -# -# SQUID_CONFIGURE_ARGS -# Additional configuration options. -# -# To enable them, use e.g -# `make SQUID_CONFIGURE_ARGS="--enable-dlmalloc --enable-truncate" install' -# -# The list below may be incomplete, please see the configure script -# in the Squid source distribution for the complete list of additional -# options. -# Note that you probably do not need to worry about these options in most -# cases, they are included in case you want to experiment with them. -# -# --enable-dlmalloc -# Compile and use the malloc package from Doug Lea -# --enable-gnuregex -# Compile and use the supplied GNUregex routines instead of BSD regex -# (not recommended). -# --enable-xmalloc-statistics -# Show malloc statistics in status page -# --enable-cachemgr-hostname=some.hostname -# Set an explicit hostname in cachemgr.cgi -# --enable-truncate -# Use truncate() rather than unlink() -# --disable-unlinkd -# Do not use "unlinkd" -# --with-aufs-threads=N_THREADS -# Tune the number of worker threads for the aufs object -# --with-coss-membuf-size -# COSS membuf size (default: 1048576 bytes) -# --with-maxfd=N -# Override the maximum number of filedescriptors. Useful if you -# build as another user who is not privileged to use the amount -# of filedescriptors the resulting binary is expected to support. -# --enable-ntlm-fail-open -# Enable NTLM fail open, where a helper that fails one of the -# Authentication steps can allow Squid to still authenticate the user -# --enable-x-accelerator-vary -# Enable support for the X-Accelerator-Vary HTTP header. Can be used -# to indicate variance within an accelerator setup. Typically used -# together with other code that adds custom HTTP headers to the -# requests. -# --enable-forward-log -# Enable experimental forward_log directive. -# --enable-multicast-miss -# Enable experimental multicast notification of cachemisses. -# - PORTNAME= squid -PORTVERSION= 2.7.${SQUID_STABLE_VER} -PORTREVISION= 5 -CATEGORIES= www -MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ - http://mirrors.ccs.neu.edu/Squid/ \ - ftp://ftp.fu-berlin.de/unix/www/squid/squid/ \ - ftp://ftp.nl.uu.net/pub/unix/www/squid/ \ - ftp://ftp.solnet.ch/mirror/squid/ \ - ftp://ftp.ntua.gr/pub/www/Squid/squid/ \ - http://mirror.aarnet.edu.au/pub/squid/squid/ \ - ${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/www/squid,} \ - http://www.squid-cache.org/Versions/v2/2.7/ \ - http://www2.us.squid-cache.org/Versions/v2/2.7/ \ - http://www1.at.squid-cache.org/Versions/v2/2.7/ \ - http://www2.de.squid-cache.org/Versions/v2/2.7/ \ - http://www.eu.squid-cache.org/Versions/v2/2.7/ \ - http://www1.ie.squid-cache.org/Versions/v2/2.7/ \ - http://www1.jp.squid-cache.org/Versions/v2/2.7/ \ - http://www2.tw.squid-cache.org/Versions/v2/2.7/ +PORTVERSION= 3.4.7 +CATEGORIES= www ipv6 +MASTER_SITES= http://www.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \ + http://www2.us.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \ + http://www1.at.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \ + http://www.eu.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \ + http://www1.jp.squid-cache.org/Versions/v3/${PORTVERSION:R}/ MASTER_SITE_SUBDIR= squid -DISTNAME= squid-2.7.STABLE${SQUID_STABLE_VER} -DIST_SUBDIR= squid2.7 +DIST_SUBDIR= squid3.4 PATCH_SITES= http://www.squid-cache.org/%SUBDIR%/ \ http://www2.us.squid-cache.org/%SUBDIR%/ \ http://www1.at.squid-cache.org/%SUBDIR%/ \ - http://www2.de.squid-cache.org/%SUBDIR%/ \ http://www.eu.squid-cache.org/%SUBDIR%/ \ - http://www1.ie.squid-cache.org/%SUBDIR%/ \ http://www1.jp.squid-cache.org/%SUBDIR%/ \ - http://www2.tw.squid-cache.org/%SUBDIR%/ -PATCH_SITE_SUBDIR= Versions/v2/2.7/changesets -#PATCH_DIST_STRIP= -p1 -PATCHFILES= SQUID-2012_1.patch + http://master.squid-cache.org/~amosjeffries/patches/:nosid +PATCH_SITE_SUBDIR= Versions/v3/${PORTVERSION:R}/changesets +#PATCHFILES= MAINTAINER= ports@FreeBSD.org COMMENT= HTTP Caching Proxy -DEPRECATED= Reach EOL on 14 Aug 2012 -EXPIRATION_DATE=2014-09-15 +LICENSE= GPLv2 +LICENSE_FILE= ${WRKSRC}/COPYING -SQUID_STABLE_VER= 9 +CONFLICTS_INSTALL= squid33-* -CONFLICTS_INSTALL= squid-2.[^7]* squid3?-* cacheboy-[0-9]* lusca-head-[0-9]* -USES= perl5 shebangfix tar:bzip2 -SHEBANG_FILES= scripts/*.pl \ - src/mk-globals-c.pl \ - src/mk-string-arrays.pl \ - contrib/rredir.pl \ - contrib/user-agents.pl \ - contrib/url-normalizer.pl \ - helpers/basic_auth/multi-domain-NTLM/smb_auth.pl \ - helpers/basic_auth/POP3/pop3.pl \ - helpers/ntlm_auth/no_check/no_check.pl \ - helpers/external_acl/wbinfo_group/wbinfo_group.pl +USES= perl5 tar:xz shebangfix +SHEBANG_FILES= scripts/*.pl contrib/*.pl src/*.pl tools/*.pl \ + helpers/external_acl/kerberos_ldap_group/cert_tool \ + helpers/ssl/cert_valid.pl GNU_CONFIGURE= yes USE_RC_SUBR= squid -SQUID_UID?= squid -SQUID_GID?= squid - -MAN8= cachemgr.cgi.8 squid.8 -docs= QUICKSTART README RELEASENOTES.html doc/debug-sections.txt -PORTDOCS= ${docs:T} -PORTEXAMPLES= passwd.sql -SUB_FILES+= pkg-deinstall pkg-install pkg-message -SUB_LIST+= SQUID_UID=${SQUID_UID} SQUID_GID=${SQUID_GID} - -OPTIONS_DEFINE= KERB_AUTH LDAP_AUTH NIS_AUTH SASL_AUTH DELAY_POOLS SNMP CARP \ - SSL PINGER DNS_HELPER HTCP VIA_DB CACHE_DIGESTS WCCP WCCPV2 \ - STRICT_HTTP IDENT REFERER_LOG USERAGENT_LOG ARP_ACL PF IPFILTER \ - FOLLOW_XFF AUFS COSS KQUEUE LARGEFILE STACKTRACES -OPTIONS_DEFAULT= KERB_AUTH NIS_AUTH CARP WCCP IDENT KQUEUE -KERB_AUTH_DESC= Install Kerberos authentication helpers -LDAP_AUTH_DESC= Install LDAP authentication helpers -NIS_AUTH_DESC= Install NIS/YP authentication helpers -SASL_AUTH_DESC= Install SASL authentication helpers -DELAY_POOLS_DESC= Enable delay pools -SNMP_DESC= Enable SNMP support -CARP_DESC= Enable CARP support -SSL_DESC= Enable SSL support for reverse proxies -PINGER_DESC= Install the icmp helper -DNS_HELPER_DESC= Use the old 'dnsserver' helper -HTCP_DESC= Enable HTCP support -VIA_DB_DESC= Enable forward/via database -CACHE_DIGESTS_DESC= Enable cache digests -WCCP_DESC= Enable Web Cache Coordination Prot. v1 -WCCPV2_DESC= Enable Web Cache Coordination Prot. v2 -STRICT_HTTP_DESC= Be strictly HTTP compliant -IDENT_DESC= Enable ident (RFC 931) lookups -REFERER_LOG_DESC= Enable Referer-header logging -USERAGENT_LOG_DESC= Enable User-Agent-header logging -ARP_ACL_DESC= Enable ACLs based on ethernet address -PF_DESC= Enable transparent proxying with PF -IPFILTER_DESC= Enable transp. proxying with IPFilter -FOLLOW_XFF_DESC= Follow X-Forwarded-For headers -AUFS_DESC= Enable the aufs storage scheme -COSS_DESC= Enable the COSS storage scheme -KQUEUE_DESC= Use kqueue(2) instead of poll(2) -LARGEFILE_DESC= Support log and cache files >2GB -STACKTRACES_DESC= Create backtraces on fatal errors - -etc_files= squid/cachemgr.conf.default \ - squid/mib.txt squid/mime.conf.default \ - squid/msntauth.conf.default squid/squid.conf.default - -icon_files= anthony-binhex.gif anthony-bomb.gif anthony-box.gif \ - anthony-box2.gif anthony-c.gif anthony-compressed.gif \ - anthony-dir.gif anthony-dirup.gif anthony-dvi.gif \ - anthony-f.gif anthony-image.gif anthony-image2.gif \ - anthony-layout.gif anthony-link.gif anthony-movie.gif \ - anthony-pdf.gif anthony-portal.gif anthony-ps.gif \ - anthony-quill.gif anthony-script.gif anthony-sound.gif \ - anthony-tar.gif anthony-tex.gif anthony-text.gif \ - anthony-unknown.gif anthony-xbm.gif anthony-xpm.gif - -error_files= ERR_ACCESS_DENIED ERR_CACHE_ACCESS_DENIED \ - ERR_CACHE_MGR_ACCESS_DENIED ERR_CANNOT_FORWARD \ - ERR_CONNECT_FAIL ERR_DNS_FAIL ERR_FORWARDING_DENIED \ - ERR_FTP_DISABLED ERR_FTP_FAILURE ERR_FTP_FORBIDDEN \ - ERR_FTP_NOT_FOUND ERR_FTP_PUT_CREATED \ - ERR_FTP_PUT_ERROR ERR_FTP_PUT_MODIFIED ERR_FTP_UNAVAILABLE \ - ERR_INVALID_REQ ERR_INVALID_RESP ERR_INVALID_URL \ - ERR_LIFETIME_EXP ERR_NO_RELAY ERR_ONLY_IF_CACHED_MISS \ - ERR_READ_ERROR ERR_READ_TIMEOUT ERR_SHUTTING_DOWN \ - ERR_SOCKET_FAILURE ERR_TOO_BIG ERR_UNSUP_REQ \ - ERR_URN_RESOLVE ERR_WRITE_ERROR ERR_ZERO_SIZE_OBJECT - -libexec= cachemgr.cgi digest_pw_auth diskd-daemon \ - ip_user_check logfile-daemon \ - msnt_auth ncsa_auth ntlm_auth \ - pam_auth smb_auth smb_auth.sh squid_db_auth squid_session \ - squid_unix_group wbinfo_group.pl -.if !defined(SQUID_CONFIGURE_ARGS) || ${SQUID_CONFIGURE_ARGS:M*--disable-unlinkd*} == "" -libexec+= unlinkd -.endif - -sbin= RunCache squidclient squid +USERS= squid +GROUPS= squid -CONFIGURE_ARGS= --bindir=${PREFIX}/sbin \ - --sbindir=${PREFIX}/sbin \ +MYDOCS= QUICKSTART README RELEASENOTES.html doc/debug-sections.txt +PORTDOCS= ${MYDOCS:T} +PORTEXAMPLES= * +SUB_FILES+= pkg-install pkg-message + +OPTIONS_SUB= yes +OPTIONS_DEFINE= ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS AUTH_SASL AUTH_SMB \ + AUTH_SQL \ + CACHE_DIGESTS DEBUG DELAY_POOLS DNS_HELPER ECAP ESI \ + FOLLOW_XFF FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE \ + LARGEFILE SNMP SSL SSL_CRTD STACKTRACES LAX_HTTP \ + TP_IPF TP_IPFW TP_PF VIA_DB WCCP WCCPV2 DOCS EXAMPLES + +# Note: FS_FCOSS was removed from OPTIONS, it is broken and only experimentel +#OPTIONS_DEFINE+= FS_COSS + +OPTIONS_DEFAULT=AUTH_KERB AUTH_NIS FS_AUFS HTCP IDENT KQUEUE SNMP WCCP WCCPV2 + +ARP_ACL_CONFIGURE_ENABLE= eui +AUTH_LDAP_CFLAGS= -I${LOCALBASE}/include +AUTH_LDAP_LDFLAGS= -L${LOCALBASE}/lib +AUTH_LDAP_USE= OPENLDAP=yes +AUTH_SASL_CFLAGS= -I${LOCALBASE}/include +AUTH_SASL_CPPFLAGS= -I${LOCALBASE}/include +AUTH_SASL_LDFLAGS= -L${LOCALBASE}/lib +AUTH_SASL_LIB_DEPENDS= libsasl2.so:${PORTSDIR}/security/cyrus-sasl2 +AUTH_SMB_BUILD_DEPENDS= smbclient:${PORTSDIR}/net/samba36 +AUTH_SMB_RUN_DEPENDS= smbclient:${PORTSDIR}/net/samba36 +AUTH_SQL_RUN_DEPENDS= p5-DBD-mysql>=0:${PORTSDIR}/databases/p5-DBD-mysql +AUTH_SQL_USE= MYSQL=yes +CACHE_DIGESTS_CONFIGURE_ENABLE= cache-digests +DELAY_POOLS_CONFIGURE_ENABLE= delay-pools +DNS_HELPER_CONFIGURE_ON= --disable-internal-dns +ECAP_CFLAGS= -I${LOCALBASE}/include +ECAP_CONFIGURE_ENABLE= ecap +ECAP_LDFLAGS= -L${LOCALBASE}/lib +ECAP_LIB_DEPENDS= libecap.so:${PORTSDIR}/www/libecap +ECAP_USES= pkgconfig:build +ESI_CFLAGS= -I${LOCALBASE}/include -I${LOCALBASE}/include/libxml2 +ESI_CONFIGURE_ENABLE= esi +ESI_LDFLAGS= -L${LOCALBASE}/lib +ESI_LIB_DEPENDS= libexpat.so:${PORTSDIR}/textproc/expat2 \ + libxml2.so:${PORTSDIR}/textproc/libxml2 +FOLLOW_XFF_CONFIGURE_ENABLE= follow-x-forwarded-for +HTCP_CONFIGURE_ENABLE= htcp +ICAP_CONFIGURE_ENABLE= icap-client +ICMP_CONFIGURE_ENABLE= icmp +IDENT_CONFIGURE_ENABLE= ident-lookups +IPV6_CONFIGURE_ENABLE= ipv6 +KQUEUE_CONFIGURE_ENABLE= kqueue +LARGEFILE_CONFIGURE_WITH= large-files +LAX_HTTP_CONFIGURE_ENABLE= http-violations +SNMP_CONFIGURE_ENABLE= snmp +SSL_CONFIGURE_ENABLE= ssl +SSL_CRTD_CONFIGURE_ENABLE= ssl-crtd +STACKTRACES_CONFIGURE_ENABLE= stacktraces +TP_IPFW_CONFIGURE_ENABLE= ipfw-transparent +TP_IPF_CONFIGURE_ENABLE= ipf-transparent +TP_PF_CONFIGURE_ENABLE= pf-transparent +VIA_DB_CONFIGURE_ENABLE= forw-via-db +WCCPV2_CONFIGURE_ENABLE= wccpv2 +WCCP_CONFIGURE_ENABLE= wccp + +# TODO: +# add an option for external_acl/session (requires some kind of external +# Berkeley DB support, unsure which one) +ARP_ACL_DESC= ARP/MAC/EUI based authentification +AUTH_KERB_DESC= Install Kerberos authentication helpers +AUTH_LDAP_DESC= Install LDAP authentication helpers +AUTH_NIS_DESC= Install NIS/YP authentication helpers +AUTH_SASL_DESC= Install SASL authentication helpers +AUTH_SMB_DESC= Install SMB auth. helpers (req. Samba) +AUTH_SQL_DESC= Install SQL based auth (uses MySQL) +CACHE_DIGESTS_DESC= Use cache digests +DEBUG_DESC= Build with extended debugging support +DELAY_POOLS_DESC= Delay pools (bandwidth limiting) +DNS_HELPER_DESC= Use external dnsserver processes for DNS +ECAP_DESC= Loadable content adaptation modules (broken on FreeBSD 10+) +ESI_DESC= ESI support +FOLLOW_XFF_DESC= Support for the X-Following-For header +FS_AUFS_DESC= AUFS (async-io) support +FS_COSS_DESC= COSS (not stable yet) +HTCP_DESC= HTCP support +ICAP_DESC= the ICAP client +ICMP_DESC= ICMP pinging and network measurement +IDENT_DESC= Ident lookups (RFC 931) +KQUEUE_DESC= Kqueue(2) support +LARGEFILE_DESC= Support large (>2GB) cache and log files +SNMP_DESC= SNMP support +SSL_CRTD_DESC= Use ssl_crtd to handle SSL cert requests +SSL_DESC= SSL gatewaying support +STACKTRACES_DESC= Enable automatic backtraces on fatal errors +LAX_HTTP_DESC= Do not enforce strict HTTP compliance +TP_IPFW_DESC= Transparent proxying with IPFW +TP_IPF_DESC= Transparent proxying with IPFilter +TP_PF_DESC= Transparent proxying with PF +VIA_DB_DESC= Forward/Via database +WCCPV2_DESC= Web Cache Coordination Protocol v2 +WCCP_DESC= Web Cache Coordination Protocol + +change_files= ChangeLog \ + contrib/nextstep/makepkg \ + contrib/nextstep/post_install \ + errors/Makefile.am \ + errors/Makefile.in \ + helpers/basic_auth/MSNT/Makefile.am \ + helpers/basic_auth/MSNT/Makefile.in \ + src/Makefile.am \ + src/Makefile.in \ + src/cf_gen.cc \ + src/squid.8.in \ + tools/Makefile.am \ + tools/Makefile.in + +.if !defined(SQUID_CONFIGURE_ARGS) \ + || ${SQUID_CONFIGURE_ARGS:M*--disable-unlinkd*} == "" +PLIST_SUB+= UNLINKD="" +.else +PLIST_SUB+= UNLINKD="@comment " +.endif + +CONFIGURE_ARGS= --with-default-user=squid \ + --bindir=${PREFIX}/sbin \ + --sbindir=${PREFIX}/sbin \ --datadir=${ETCDIR} \ --libexecdir=${PREFIX}/libexec/squid \ - --localstatedir=/var/squid \ + --localstatedir=/var \ --sysconfdir=${ETCDIR} \ + --with-logdir=/var/log/squid \ + --with-pidfile=/var/run/squid/squid.pid \ + --with-swapdir=/var/squid/cache/squid \ + --enable-auth \ + --enable-build-info \ + --enable-loadable-modules \ --enable-removal-policies="lru heap" \ + --disable-epoll \ --disable-linux-netfilter \ --disable-linux-tproxy \ - --disable-epoll + --disable-translation -.include +.include + +.if ${CC:T:Mclang*} || ${CXX:T:Mclang++*} \ + || ${OPSYS} == FreeBSD && ${OSVERSION} >= 1000024 +CXXFLAGS+= -Wno-unused-private-field +.endif # Authentication methods and modules: -basic_auth= DB NCSA PAM MSNT SMB -digest_auth= password -external_acl= ip_user session unix_group wbinfo_group -MAN8+= ncsa_auth.8 pam_auth.8 squid_db_auth.8 squid_session.8 \ - squid_unix_group.8 -.if ${PORT_OPTIONS:MLDAP_AUTH} -USE_OPENLDAP= yes -CFLAGS+= -I${LOCALBASE}/include -LDFLAGS+= -L${LOCALBASE}/lib -MAN8+= squid_ldap_auth.8 squid_ldap_group.8 +basic_auth= DB MSNT MSNT-multi-domain NCSA PAM POP3 RADIUS fake getpwnam +digest_auth= file +external_acl= file_userip time_quota unix_group +ntlm_auth= fake smb_lm + +.if ${PORT_OPTIONS:MAUTH_LDAP} basic_auth+= LDAP -digest_auth+= ldap -external_acl+= ldap_group -libexec+= digest_ldap_auth squid_ldap_auth squid_ldap_group +external_acl+= LDAP_group .endif -.if ${PORT_OPTIONS:MSASL_AUTH} -LIB_DEPENDS+= libsasl2.so:${PORTSDIR}/security/cyrus-sasl2 -CFLAGS+= -I${LOCALBASE}/include -CPPFLAGS+= -I${LOCALBASE}/include -LDFLAGS+= -L${LOCALBASE}/lib + +.if ${PORT_OPTIONS:MAUTH_SASL} basic_auth+= SASL -libexec+= sasl_auth .endif + +.if ${PORT_OPTIONS:MAUTH_SMB} +basic_auth+= SMB +external_acl+= wbinfo_group +.endif + +.if ${PORT_OPTIONS:MAUTH_SQL} +external_acl+= SQL_session +.endif + # POLA: allow the old global make.conf(5) (pre src.conf(5)) defines, too: -.if ${PORT_OPTIONS:MNIS_AUTH} && !defined(NO_NIS) && !defined(WITHOUT_NIS) -basic_auth+= YP -libexec+= yp_auth -.endif -CONFIGURE_ARGS+= --enable-auth="basic digest negotiate ntlm" \ - --enable-basic-auth-helpers="${basic_auth}" \ - --enable-digest-auth-helpers="${digest_auth}" \ - --enable-external-acl-helpers="${external_acl}" \ - --enable-ntlm-auth-helpers="SMB" +.if ${PORT_OPTIONS:MAUTH_NIS} && !defined(NO_NIS) && !defined(WITHOUT_NIS) +basic_auth+= NIS +.endif + # POLA: allow the old global make.conf(5) (pre src.conf(5)) defines, too: -.if ${PORT_OPTIONS:MKERB_AUTH} && !defined(NO_KERBEROS) && !defined(WITHOUT_KERBEROS) -# XXX This currently only works with heimdal from the base system, -# see files/patch-squid_kerb_auth: -CONFIGURE_ARGS+= --enable-negotiate-auth-helpers="squid_kerb_auth" -libexec+= squid_kerb_auth +.if ${PORT_OPTIONS:MAUTH_KERB} && !defined(NO_KERBEROS) && !defined(WITHOUT_KERBEROS) +negotiate_auth= kerberos wrapper +. if ${OPSYS} == DragonFly +LIB_DEPENDS+= libkrb5.so:${PORTSDIR}/security/krb5 +. endif +# the kerberos_ldap_group external helper depends on LDAP and SASL: +. if ${PORT_OPTIONS:MAUTH_LDAP} && ${PORT_OPTIONS:MAUTH_SASL} +external_acl+= kerberos_ldap_group +. endif +.else +negotiate_auth= none .endif +CONFIGURE_ARGS+= --enable-auth-basic="${basic_auth}" \ + --enable-auth-digest="${digest_auth}" \ + --enable-external-acl-helpers="${external_acl}" \ + --enable-auth-negotiate="${negotiate_auth}" \ + --enable-auth-ntlm="${ntlm_auth}" + # Storage schemes: +storage_schemes= diskd rock ufs +diskio_modules= AIO Blocking DiskDaemon IpcIo Mmapped -storage_schemes= ufs diskd null -.if ${PORT_OPTIONS:MAUFS} +.if ${PORT_OPTIONS:MFS_AUFS} storage_schemes+= aufs -.if ${OSVERSION}<700055 -# Only document libmap.conf for releases where it may be needed to -# switch from libpthread (aka libkse) to libthr: -EXTRA_PATCHES+= ${PATCHDIR}/extra-patch-src-cf.data.pre.aufs +diskio_modules+= DiskThreads +# Nil aufs threads is default, set any other value via SQUID_CONFIGURE_ARGS, +# e.g. SQUID_CONFIGURE_ARGS=--with-aufs-threads=N +LDFLAGS+= -pthread +.else +CONFIGURE_ARGS+= --without-pthreads .endif -# Nil aufs threads is default, set any other value via SQUID_CONFIGURE_ARGS -CONFIGURE_ARGS+= --with-pthreads -.endif -.if ${PORT_OPTIONS:MCOSS} + +.if ${PORT_OPTIONS:MFS_COSS} +BROKEN= FS_COSS does not compile storage_schemes+= coss -.if ! ${PORT_OPTIONS:MAUFS} -# use Posix AIO instead of aufs' AIO; note that you then need the kernel to -# supply AIO support, either by loading the aio(4) module (n/a on 4.x) or by -# adding the option VFS_AIO to your kernel configuration if you want to -# actually use COSS storage: -CONFIGURE_ARGS+= --enable-coss-aio-ops .endif -sbin+= cossdump -.endif -CONFIGURE_ARGS+= --enable-storeio="${storage_schemes}" + +CONFIGURE_ARGS+= --enable-storeio="${storage_schemes}" \ + --enable-disk-io="${diskio_modules}" + +# Log daemon helpers: +logdaemon_helpers= file +CONFIGURE_ARGS+= --enable-log-daemon-helpers="${logdaemon_helpers}" + +# URL rewrite helpers: +url_rewrite_helpers= fake +CONFIGURE_ARGS+= --enable-url-rewrite-helpers="${url_rewrite_helpers}" + +# Storeid rewrite helpers: +storeid_rewrite_helpers= file +CONFIGURE_ARGS+= --enable-storeid-rewrite-helpers="${storeid_rewrite_helpers}" # Other options set via 'make config': -.if ${PORT_OPTIONS:MDELAY_POOLS} -CONFIGURE_ARGS+= --enable-delay-pools -.endif -.if ${PORT_OPTIONS:MSNMP} -CONFIGURE_ARGS+= --enable-snmp -.endif -.if ! ${PORT_OPTIONS:MCARP} -CONFIGURE_ARGS+= --disable-carp -.endif .if ${PORT_OPTIONS:MSSL} # we need to .include bsd.openssl.mk manually here.because USE_OPENSSL only # works when it is defined before bsd.port{.pre}.mk is .included. # This makes it currently impossible to combine this macro with OPTIONS to # conditionally include OpenSSL support. +# XXX: is this still true with OptionsNG as of 2014-09? +#.include "${.CURDIR}/../../Mk/bsd.openssl.mk" .include "${PORTSDIR}/Mk/bsd.openssl.mk" -CONFIGURE_ARGS+= --enable-ssl \ - --with-openssl="${OPENSSLBASE}" -CFLAGS+= -I${OPENSSLINC} -LDFLAGS+= -L${OPENSSLLIB} -.endif -.if ${PORT_OPTIONS:MPINGER} -CONFIGURE_ARGS+= --enable-icmp -libexec+= pinger -.endif -.if ${PORT_OPTIONS:MDNS_HELPER} -CONFIGURE_ARGS+= --disable-internal-dns -libexec+= dnsserver -.endif -.if ${PORT_OPTIONS:MHTCP} -CONFIGURE_ARGS+= --enable-htcp -.endif -.if ${PORT_OPTIONS:MVIA_DB} -CONFIGURE_ARGS+= --enable-forw-via-db -.endif -.if ${PORT_OPTIONS:MCACHE_DIGESTS} -CONFIGURE_ARGS+= --enable-cache-digests -.endif -.if ! ${PORT_OPTIONS:MWCCP} -CONFIGURE_ARGS+= --disable-wccp -.endif -.if ${PORT_OPTIONS:MWCCPV2} -CONFIGURE_ARGS+= --enable-wccpv2 -.endif -.if ${PORT_OPTIONS:MSTRICT_HTTP} -CONFIGURE_ARGS+= --disable-http-violations -.endif -.if ! ${PORT_OPTIONS:MIDENT} -CONFIGURE_ARGS+= --disable-ident-lookups -.endif -.if ${PORT_OPTIONS:MREFERER_LOG} -CONFIGURE_ARGS+= --enable-referer-log -.endif -.if ${PORT_OPTIONS:MUSERAGENT_LOG} -CONFIGURE_ARGS+= --enable-useragent-log -.endif -.if ${PORT_OPTIONS:MARP_ACL} -CONFIGURE_ARGS+= --enable-arp-acl -.endif -.if ${PORT_OPTIONS:MPF} -CONFIGURE_ARGS+= --enable-pf-transparent +CONFIGURE_ARGS+= --with-openssl="${OPENSSLBASE}" +CFLAGS+= -I${OPENSSLINC} +LDFLAGS+= -L${OPENSSLLIB} .endif -.if ${PORT_OPTIONS:MIPFILTER} -CONFIGURE_ARGS+= --enable-ipf-transparent -.endif -.if ${PORT_OPTIONS:MFOLLOW_XFF} -CONFIGURE_ARGS+= --enable-follow-x-forwarded-for -.endif -.if ${PORT_OPTIONS:MICAP} -IGNORE= does not have working ICAP support anymore -- please use Squid 3.x if you need ICAP. Please remove WITH_SQUID_ICAP from your make environment -.endif -.if ! ${PORT_OPTIONS:MKQUEUE} -CONFIGURE_ARGS+= --disable-kqueue + +.if ${PORT_OPTIONS:MECAP} +.if ${OPSYS} == FreeBSD && ${OSVERSION} > 1000000 +# re-evaluate on FreeBSD 10+ with the next release +# http://www.squid-cache.org/mail-archive/squid-users/201402/0324.html +BROKEN= ECAP and clang are not friendly .endif -.if ${PORT_OPTIONS:MLARGEFILE} -CONFIGURE_ARGS+= --with-large-files --enable-large-cache-files +LIB_DEPENDS+= libecap.so:${PORTSDIR}/www/libecap +CFLAGS+= -I${LOCALBASE}/include +LDFLAGS+= -L${LOCALBASE}/lib .endif + .if ${PORT_OPTIONS:MSTACKTRACES} -CONFIGURE_ARGS+= --enable-stacktraces CFLAGS+= -g STRIP= .endif -# Languages: -# -# If you do not define SQUID_LANGUAGES yourself, all available language files -# will be installed; the default language will be English. - -SQUID_LANGUAGES?= Armenian Azerbaijani Bulgarian Catalan Czech Danish \ - Dutch English Estonian Finnish French German Greek \ - Hebrew Hungarian Italian Japanese Korean Lithuanian \ - Polish Portuguese Romanian Russian-1251 Russian-koi8-r \ - Serbian Simplify_Chinese Slovak Spanish Swedish \ - Traditional_Chinese Turkish Ukrainian-1251 \ - Ukrainian-koi8-u Ukrainian-utf8 -SQUID_DEFAULT_LANG?= English -CONFIGURE_ARGS+= --enable-err-languages="${SQUID_LANGUAGES}" \ - --enable-default-err-language=${SQUID_DEFAULT_LANG} +.if ${PORT_OPTIONS:MDEBUG} || defined(WITH_DEBUG) +CONFIGURE_ARGS+= --disable-optimizations --enable-debug-cbdata +WITH_DEBUG?= yes +.endif # Finally, add additional user specified configuration options: CONFIGURE_ARGS+= ${SQUID_CONFIGURE_ARGS} -CONFIGURE_ENV+= GREP="${GREP}" - -PLIST_DIRS= %%ETCDIR%%/icons libexec/squid -PLIST_FILES= ${etc_files:S,^,etc/,} ${icon_files:S,^,%%ETCDIR%%/icons/,} \ - ${libexec:S,^,libexec/squid/,} ${sbin:S,^,sbin/,} -PLIST_FILES+= man/man8/cachemgr.cgi.8.gz \ - man/man8/ncsa_auth.8.gz \ - man/man8/pam_auth.8.gz \ - man/man8/squid.8.gz \ - man/man8/squid_db_auth.8.gz \ - man/man8/squid_session.8.gz \ - man/man8/squid_unix_group.8.gz \ - %%ETCDIR%%/cachemgr.conf \ - %%ETCDIR%%/mime.conf \ - %%ETCDIR%%/msntauth.conf \ - %%ETCDIR%%/squid.conf - -.for d in ${SQUID_LANGUAGES} -PLIST_DIRS+= %%ETCDIR%%/errors/${d} -PLIST_FILES+= ${error_files:S,^,%%ETCDIR%%/errors/${d}/,} -.endfor -PLIST_DIRS+= %%ETCDIR%%/errors -PLIST_DIRSTRY+= %%ETCDIR%% /var/squid/logs /var/squid - post-patch: - @${REINPLACE_CMD} -e 's|%%SQUID_UID%%|${SQUID_UID}|g' \ - -e 's|%%SQUID_GID%%|${SQUID_GID}|g' \ - -e 's|%%PREFIX%%|${PREFIX}|g' ${WRKSRC}/src/cf.data.pre - @${REINPLACE_CMD} -e 's|%%LOCALBASE%%|${LOCALBASE}|g' \ - ${WRKSRC}/helpers/basic_auth/SMB/Makefile.in \ - ${WRKSRC}/helpers/basic_auth/SMB/smb_auth.sh -# Prevent installation of .orig files by deleting them. - @${FIND} ${WRKSRC} -name '*.bak' -delete - @${FIND} ${WRKSRC} -name '*.orig' -delete + @${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|g' \ + ${WRKSRC}/src/cf.data.pre + @(cd ${WRKSRC} && ${REINPLACE_CMD} \ + -e 's|\.conf\.default|.conf.sample|' \ + -e 's|)\.default|).sample|' \ + ${change_files}) + @(cd ${WRKSRC} && ${MV} helpers/basic_auth/MSNT/msntauth.conf.default \ + helpers/basic_auth/MSNT/msntauth.conf.sample) + @(cd ${WRKSRC} && ${MV} src/mime.conf.default src/mime.conf.sample) + +.if !${PORT_OPTIONS:MIPV6} + @${REINPLACE_CMD} -e's/ ::1//' -e's/ fc00::\/7//' \ + -e's/ fe80::\/10//' -e's/ 2001:DB8::2//' \ + -e's/ 2001:DB8::a:0\/64//' \ + -e'/tcp_outgoing_address 2001:db8::c001 good_service_net/d' \ + -e'/tcp_outgoing_address 2001:db8::beef normal_service_net/d' \ + -e'/tcp_outgoing_address 2001:db8::1/d' \ + ${WRKSRC}/src/cf.data.pre +.endif post-install: -.if ${PORT_OPTIONS:MEXAMPLES} @${MKDIR} ${STAGEDIR}${EXAMPLESDIR} ${INSTALL_DATA} ${WRKSRC}/helpers/basic_auth/DB/passwd.sql \ ${STAGEDIR}${EXAMPLESDIR} -.endif -.if ${PORT_OPTIONS:MPINGER} - ${CHMOD} 4510 ${STAGEDIR}${PREFIX}/libexec/squid/pinger; \ - ${CHGRP} ${SQUID_GID} ${STAGEDIR}${PREFIX}/libexec/squid/pinger -.endif -.if ${PORT_OPTIONS:MDOCS} @${MKDIR} ${STAGEDIR}${DOCSDIR} - cd ${WRKSRC} && ${INSTALL_DATA} ${docs} ${STAGEDIR}${DOCSDIR} -.endif + (cd ${WRKSRC} && ${INSTALL_DATA} ${MYDOCS} ${STAGEDIR}${DOCSDIR}) + ${MKDIR} ${STAGEDIR}/var/squid/logs -.include +.include Modified: head/www/squid/distinfo ============================================================================== --- head/www/squid/distinfo Tue Sep 16 12:04:06 2014 (r368306) +++ head/www/squid/distinfo Tue Sep 16 12:29:19 2014 (r368307) @@ -1,4 +1,2 @@ -SHA256 (squid2.7/squid-2.7.STABLE9.tar.bz2) = c0bdfcb5bb68debc1c9441308178bf148c67979b824c892a4710dc80a5b05d5e -SIZE (squid2.7/squid-2.7.STABLE9.tar.bz2) = 1351366 -SHA256 (squid2.7/SQUID-2012_1.patch) = a456ed7a45fbecd94a4c68c0e72905135c4424c41c01ab858dc8c5760ee03a6f -SIZE (squid2.7/SQUID-2012_1.patch) = 4804 +SHA256 (squid3.4/squid-3.4.7.tar.xz) = cc40a3cccdcdfc11269ea969e658d99e3ef2202999b78aa01a647a6bc71759ee +SIZE (squid3.4/squid-3.4.7.tar.xz) = 2158672 Added: head/www/squid/files/patch-compat_Makefile.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/squid/files/patch-compat_Makefile.in Tue Sep 16 12:29:19 2014 (r368307) @@ -0,0 +1,28 @@ +--- compat/Makefile.in.orig 2013-12-30 04:33:49.000000000 -0700 ++++ compat/Makefile.in 2014-01-27 00:05:25.000000000 -0700 +@@ -113,7 +113,8 @@ + libcompat_squid_la_DEPENDENCIES = $(LIBOBJS) + am_libcompat_squid_la_OBJECTS = assert.lo compat.lo debug.lo \ + eui64_aton.lo GnuRegex.lo shm.lo strnstr.lo strnrchr.lo \ +- xalloc.lo xstrerror.lo xstring.lo xstrto.lo mswindows.lo ++ xalloc.lo xstrerror.lo xstring.lo xstrto.lo mswindows.lo \ ++ strlen.lo + libcompat_squid_la_OBJECTS = $(am_libcompat_squid_la_OBJECTS) + am_testPreCompiler_OBJECTS = testPreCompiler.$(OBJEXT) \ + testMain.$(OBJEXT) +@@ -401,6 +402,7 @@ + getnameinfo.h \ + GnuRegex.c \ + GnuRegex.h \ ++ strlen.c \ + inet_ntop.h \ + inet_pton.h \ + initgroups.h \ +@@ -539,6 +541,7 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/shm.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strnrchr.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strnstr.Plo@am__quote@ ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strlen.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/testMain.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/testPreCompiler.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xalloc.Plo@am__quote@ Added: head/www/squid/files/patch-compat_strlen.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/squid/files/patch-compat_strlen.c Tue Sep 16 12:29:19 2014 (r368307) @@ -0,0 +1,31 @@ +--- compat/strlen.c.orig 2014-01-26 23:28:26.000000000 -0700 ++++ compat/strlen.c 2014-01-26 23:33:01.000000000 -0700 +@@ -0,0 +1,28 @@ ++/* Dennis Glatting ++ January 2014 ++ ++ Various places within Squid call strlen() with a NULL pointer, ++ which causes a SIGSEV on FreeBSD. This is a simple, dumb ++ replacement that first checks for a NULL pointer before counting ++ the string's length. In the case of a NULL pointer, the string's ++ length is 0. ++ ++ */ ++ ++ ++#include "squid.h" ++#include ++ ++size_t ++strlen( const char* s ) { ++ ++ size_t c = 0; ++ ++ if( s == NULL ) ++ return 0; ++ ++ while( *s++ ) ++ ++c; ++ ++ return c; ++} Modified: head/www/squid/files/patch-configure ============================================================================== --- head/www/squid/files/patch-configure Tue Sep 16 12:04:06 2014 (r368306) +++ head/www/squid/files/patch-configure Tue Sep 16 12:29:19 2014 (r368307) @@ -1,19 +1,11 @@ -Patch for Squid bug 2203: - ---with-maxfd inadvertently unsets LDFLAGS. ---- configure.orig 2009-02-05 19:27:06.000000000 +0100 -+++ configure 2009-02-05 19:27:59.000000000 +0100 -@@ -27810,11 +27810,12 @@ +--- configure.orig 2014-06-25 18:43:23.000000000 +0400 ++++ configure 2014-08-18 14:46:23.000000000 +0400 +@@ -31752,6 +31752,8 @@ fi -+TLDFLAGS="$LDFLAGS" ++LIBOBJS="$LIBOBJS strlen.$ac_objext" + - if test -z "$SQUID_MAXFD"; then - - { $as_echo "$as_me:$LINENO: checking Maximum number of filedescriptors we can open" >&5 - $as_echo_n "checking Maximum number of filedescriptors we can open... " >&6; } --TLDFLAGS="$LDFLAGS" - case $host in - i386-unknown-freebsd*) - if echo "$LDFLAGS" | grep -q pthread; then + ac_fn_cxx_check_func "$LINENO" "strtoll" "ac_cv_func_strtoll" + if test "x$ac_cv_func_strtoll" = xyes; then : + $as_echo "#define HAVE_STRTOLL 1" >>confdefs.h Modified: head/www/squid/files/patch-src-cf.data.pre ============================================================================== --- head/www/squid/files/patch-src-cf.data.pre Tue Sep 16 12:04:06 2014 (r368306) +++ head/www/squid/files/patch-src-cf.data.pre Tue Sep 16 12:29:19 2014 (r368307) @@ -1,28 +1,6 @@ ---- src/cf.data.pre.orig Tue Jun 26 01:34:57 2007 -+++ src/cf.data.pre Mon Jul 16 20:02:21 2007 -@@ -1207,6 +1207,21 @@ - - Note that for coss, max-size must be less than COSS_MEMBUF_SZ - (hard coded at 1 MB). -+ -+ Note for FreeBSD users: -+ COSS -- like aufs -- uses async IO so if you compiled Squid without -+ support for the aufs storage type, COSS will use POSIX AIO. -+ This means that you need to add the line -+ -+ options VFS_AIO -+ -+ to your kernel configuration in order to use COSS. -+ -+ On FreeBSD 5 and higher you can load the aio(4) module and do not -+ necessarily need to recompile your kernel. -+ -+ If you compiled Squid with both support for aufs and COSS, COSS -+ will use aufs' routines and does not need special kernel support. - DOC_END - - NAME: logformat -@@ -1439,6 +1454,10 @@ +--- src/cf.data.pre.orig 2013-03-12 11:17:07.000000000 +0100 ++++ src/cf.data.pre 2013-04-09 11:43:01.000000000 +0200 +@@ -3849,6 +3849,10 @@ LOC: Config.pidFilename DOC_START A filename to write the process-id to. To disable, enter "none". @@ -32,19 +10,4 @@ + %%PREFIX%%/etc/rc.d/squid for details. DOC_END - NAME: debug_options -@@ -3275,12 +3294,12 @@ - - NAME: cache_effective_user - TYPE: string --DEFAULT: nobody -+DEFAULT: %%SQUID_UID%% - LOC: Config.effectiveUser - DOC_START - If you start Squid as root, it will change its effective/real - UID/GID to the user specified below. The default is to change -- to UID to nobody. If you define cache_effective_user, but not -+ to UID to %%SQUID_UID%%. If you define cache_effective_user, but not - cache_effective_group, Squid sets the GID to the effective - user's default group ID (taken from the password file) and - supplementary group list from the from groups membership of + NAME: log_fqdn Added: head/www/squid/files/patch-src_tools.cc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/squid/files/patch-src_tools.cc Tue Sep 16 12:29:19 2014 (r368307) @@ -0,0 +1,11 @@ +--- src/tools.cc.orig 2014-08-19 13:38:40.000000000 +0400 ++++ src/tools.cc 2014-08-19 13:39:00.000000000 +0400 +@@ -735,7 +735,7 @@ + uid = geteuid(); + debugs(21, 3, "no_suid: PID " << getpid() << " giving up root priveleges forever"); + +- if (setuid(0) < 0) ++ if (setuid(0) < 0 && TheProcessKind != pkHelper) + debugs(50, DBG_IMPORTANT, "WARNING: no_suid: setuid(0): " << xstrerror()); + + if (setuid(uid) < 0) Modified: head/www/squid/files/pkg-install.in ============================================================================== --- head/www/squid/files/pkg-install.in Tue Sep 16 12:04:06 2014 (r368306) +++ head/www/squid/files/pkg-install.in Tue Sep 16 12:29:19 2014 (r368307) @@ -5,66 +5,55 @@ PATH=/bin:/usr/bin:/usr/sbin pkgname=$1 -squid_base="/var/squid" +squid_homedir="/var/squid" +squid_cache_basedir="${squid_homedir}/cache" squid_confdir="${PKG_PREFIX:-%%PREFIX%%}/etc/squid" -if [ -x /usr/sbin/nologin ]; then - nologin=/usr/sbin/nologin -else - nologin=/sbin/nologin -fi -squid_user="%%SQUID_UID%%" -squid_group="%%SQUID_GID%%" +squid_logdir="/var/log/squid" +# these are hardcoded, see /usr/ports/UIDs and /usr/ports/GIDs: +squid_user=squid +squid_group=squid squid_gid=100 squid_uid=100 case $2 in PRE-INSTALL) echo "===> Pre-installation configuration for ${pkgname}" - if ! pw groupshow ${squid_group} -q >/dev/null ; then - echo "There is no group '${squid_group}' on this system, so I will try to create it (using group id ${squid_gid}):" - if ! pw groupadd ${squid_group} -g ${squid_gid} -q ; then - echo "Failed to create group \"${squid_group}\"!" >&2 - echo "Please create it manually." >&2 - exit 1 - else - echo "Group '${squid_group}' created successfully:" - fi - else - echo "I will use the existing group '${squid_group}':" - fi - pw groupshow ${squid_group} - - if ! pw usershow ${squid_user} -q >/dev/null ; then - echo "There is no account '${squid_user}' on this system, so I will try to create it (using user id ${squid_uid}):" - if ! pw useradd -q -n ${squid_user} \ - -u ${squid_uid} -g ${squid_group} \ - -c "Squid caching-proxy pseudo user" \ - -d "${squid_base}" -s "${nologin}" \ - -h - ; then - echo "Failed to create user '${squid_user}'!" >&2 - echo "Please create it manually." >&2 - exit 1 - else - echo "User '${squid_user}' created successfully:" - fi + ;; +POST-INSTALL) + # Since we usually start the Squid master process as ${squid_user} + # instead of root make sure that ${squid_homedir} is writable for it. + if [ ! -d ${squid_homedir} ]; then + echo "Creating ${squid_homedir}..." + install -d -o root -g ${squid_group} \ + -m 0775 ${squid_homedir} else - echo "I will use the existing user '${squid_user}':" + chgrp ${squid_group} ${squid_homedir} + chmod g+w ${squid_homedir} fi - pw usershow ${squid_user} - for dir in cache logs; do - if [ ! -d ${squid_base}/${dir} ]; then - echo "Creating ${squid_base}/${dir}..." + if [ ! -d ${squid_cache_basedir} ]; then + echo "Creating ${squid_cache_basedir} ..." install -d -o ${squid_user} -g ${squid_group} \ - -m 0750 ${squid_base}/${dir} + -m 0750 ${squid_cache_basedir} + else + chown ${squid_user} ${squid_cache_basedir} + chgrp ${squid_group} ${squid_cache_basedir} + chmod 0750 ${squid_cache_basedir} fi - done if [ ! -d ${squid_confdir} ]; then echo "Creating ${squid_confdir}..." install -d -o root -g ${squid_group} \ -m 0755 ${squid_confdir} + else + chgrp ${squid_group} ${squid_confdir} fi - ;; -POST-INSTALL) - for file in cachemgr.conf mime.conf squid.conf; do + if [ ! -d ${squid_logdir} ]; then + echo "Creating ${squid_logdir}..." + install -d -o ${squid_user} -g ${squid_group} \ + -m 0750 ${squid_logdir} + else + chown ${squid_user} ${squid_logdir} + chgrp ${squid_group} ${squid_logdir} + fi + for file in cachemgr.conf errorpage.css mime.conf msntauth.conf squid.conf; do if [ ! -f ${squid_confdir}/${file} \ -a -f ${squid_confdir}/${file}.default ]; then echo "Creating ${file} from default..." Modified: head/www/squid/files/pkg-message.in ============================================================================== --- head/www/squid/files/pkg-message.in Tue Sep 16 12:04:06 2014 (r368306) +++ head/www/squid/files/pkg-message.in Tue Sep 16 12:29:19 2014 (r368307) @@ -1,28 +1,33 @@ o You can find the configuration files for this package in the directory %%PREFIX%%/etc/squid. *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***