From owner-svn-ports-branches@freebsd.org  Fri Dec 23 04:41:10 2016
Return-Path: <owner-svn-ports-branches@freebsd.org>
Delivered-To: svn-ports-branches@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3485DC8C21C;
 Fri, 23 Dec 2016 04:41:10 +0000 (UTC)
 (envelope-from junovitch@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 02E8F15E9;
 Fri, 23 Dec 2016 04:41:09 +0000 (UTC)
 (envelope-from junovitch@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id uBN4f9Xb032239;
 Fri, 23 Dec 2016 04:41:09 GMT (envelope-from junovitch@FreeBSD.org)
Received: (from junovitch@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id uBN4f8Hm032228;
 Fri, 23 Dec 2016 04:41:08 GMT (envelope-from junovitch@FreeBSD.org)
Message-Id: <201612230441.uBN4f8Hm032228@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: junovitch set sender to
 junovitch@FreeBSD.org using -f
From: Jason Unovitch <junovitch@FreeBSD.org>
Date: Fri, 23 Dec 2016 04:41:08 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-branches@freebsd.org
Subject: svn commit: r429222 - in branches/2016Q4/www/squid-devel: . files
X-SVN-Group: ports-branches
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-branches@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for all the branches of the ports tree
 <svn-ports-branches.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-branches>, 
 <mailto:svn-ports-branches-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-branches/>
List-Post: <mailto:svn-ports-branches@freebsd.org>
List-Help: <mailto:svn-ports-branches-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-branches>, 
 <mailto:svn-ports-branches-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Dec 2016 04:41:10 -0000

Author: junovitch
Date: Fri Dec 23 04:41:07 2016
New Revision: 429222
URL: https://svnweb.freebsd.org/changeset/ports/429222

Log:
  MFH: r425986 r429220
  
  www/squid-devel: update 4.0.14 -> 4.0.17
  
  - Spell CHOSEN_COMPILER_TYPE correctly
  - Remove upstreamed patch (IPv6 + PF crash)
  - Add --enable-zph-qos option to default set
    http://wiki.squid-cache.org/Features/QualityOfService
  - Mark broken if ssl set to openssl-devel, it doesn't build
  - Switch IPV6 option to options helpers
  
  PR:		215418
  Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)
  Security:	CVE-2016-10002
  Security:	CVE-2016-10003
  Security:	https://vuxml.FreeBSD.org/freebsd/41f8af15-c8b9-11e6-ae1b-002590263bf5.html
  Approved by:	ports-secteam (with hat)

Modified:
  branches/2016Q4/www/squid-devel/Makefile
  branches/2016Q4/www/squid-devel/distinfo
  branches/2016Q4/www/squid-devel/files/patch-compat_compat.h
  branches/2016Q4/www/squid-devel/files/patch-compat_shm.cc
  branches/2016Q4/www/squid-devel/files/patch-configure
  branches/2016Q4/www/squid-devel/files/patch-src-cf.data.pre
  branches/2016Q4/www/squid-devel/files/patch-src_DiskIO_Mmapped_MmappedFile.cc
  branches/2016Q4/www/squid-devel/files/patch-src__ip__Intercept.cc
  branches/2016Q4/www/squid-devel/files/patch-src_ipc_mem_Segment.cc
  branches/2016Q4/www/squid-devel/files/patch-src_tools.cc
Directory Properties:
  branches/2016Q4/   (props changed)

Modified: branches/2016Q4/www/squid-devel/Makefile
==============================================================================
--- branches/2016Q4/www/squid-devel/Makefile	Fri Dec 23 04:39:47 2016	(r429221)
+++ branches/2016Q4/www/squid-devel/Makefile	Fri Dec 23 04:41:07 2016	(r429222)
@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	squid
-PORTVERSION=	4.0.14
+PORTVERSION=	4.0.17
 CATEGORIES=	www ipv6
 MASTER_SITES=	http://www.squid-cache.org/Versions/v4/ \
 		http://www2.us.squid-cache.org/Versions/v4/ \
@@ -216,6 +216,7 @@ CONFIGURE_ARGS=	--with-default-user=squi
 		--with-swapdir=/var/squid/cache \
 		--without-gnutls \
 		--enable-auth \
+		--enable-zph-qos \
 		--enable-build-info \
 		--enable-loadable-modules \
 		--enable-removal-policies="lru heap" \
@@ -288,7 +289,7 @@ post-patch:
 		${change_files})
 	@(cd ${WRKSRC} && ${MV} src/mime.conf.default src/mime.conf.sample)
 
-.if !${PORT_OPTIONS:MIPV6}
+post-patch-IPV6-off:
 	@${REINPLACE_CMD} -e's/ ::1//' -e's/ fc00::\/7//' \
 		-e's/ fe80::\/10//' -e's/ 2001:DB8::2//' \
 		-e's/ 2001:DB8::a:0\/64//' \
@@ -296,7 +297,6 @@ post-patch:
 		-e'/tcp_outgoing_address 2001:db8::beef normal_service_net/d' \
 		-e'/tcp_outgoing_address 2001:db8::1/d' \
 		${WRKSRC}/src/cf.data.pre
-.endif
 
 post-install:
 	@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
@@ -307,11 +307,14 @@ post-install:
 
 .include <bsd.port.pre.mk>
 
-.if ${COMPILER_TYPE} == clang
+.if ${PORT_OPTIONS:MSSL} && ${SSL_DEFAULT:Mopenssl-devel}
+BROKEN=		Does not build with openssl-devel
+.endif
+
+.if ${CHOSEN_COMPILER_TYPE} == clang
 #CXXFLAGS+=	-Wno-unused-private-field
-.if ${COMPILER_VERSION} >= 35
+CXXFLAGS+=	-Wno-unknown-warning-option
 CXXFLAGS+=	-Wno-undefined-bool-conversion -Wno-tautological-undefined-compare -Wno-dynamic-class-memaccess
 .endif
-.endif
 
 .include <bsd.port.post.mk>

Modified: branches/2016Q4/www/squid-devel/distinfo
==============================================================================
--- branches/2016Q4/www/squid-devel/distinfo	Fri Dec 23 04:39:47 2016	(r429221)
+++ branches/2016Q4/www/squid-devel/distinfo	Fri Dec 23 04:41:07 2016	(r429222)
@@ -1,3 +1,3 @@
 TIMESTAMP = 1467941699
-SHA256 (squid4.0/squid-4.0.14.tar.xz) = c0e9e2d1bc2e18b2317aff165d3d697eac253977a6c37b9659de3ed81d004d1a
-SIZE (squid4.0/squid-4.0.14.tar.xz) = 2404528
+SHA256 (squid4.0/squid-4.0.17.tar.xz) = 8b1f3487495d1b02892bd63d6bdd97862be62a9cebc27245426de4543876239c
+SIZE (squid4.0/squid-4.0.17.tar.xz) = 2410244

Modified: branches/2016Q4/www/squid-devel/files/patch-compat_compat.h
==============================================================================
--- branches/2016Q4/www/squid-devel/files/patch-compat_compat.h	Fri Dec 23 04:39:47 2016	(r429221)
+++ branches/2016Q4/www/squid-devel/files/patch-compat_compat.h	Fri Dec 23 04:41:07 2016	(r429222)
@@ -1,8 +1,8 @@
---- compat/compat.h.orig	2015-11-01 10:44:25 UTC
+--- compat/compat.h.orig	2016-12-16 10:06:20 UTC
 +++ compat/compat.h
-@@ -42,17 +42,6 @@
- #endif
- #endif
+@@ -29,17 +29,6 @@
+ /******************************************************/
+ #include "compat/osdetect.h"
  
 -/* Solaris 10 has a broken definition for minor_t in IPFilter compat.
 - * We must pre-define before doing anything with OS headers so the OS

Modified: branches/2016Q4/www/squid-devel/files/patch-compat_shm.cc
==============================================================================
--- branches/2016Q4/www/squid-devel/files/patch-compat_shm.cc	Fri Dec 23 04:39:47 2016	(r429221)
+++ branches/2016Q4/www/squid-devel/files/patch-compat_shm.cc	Fri Dec 23 04:41:07 2016	(r429222)
@@ -1,4 +1,4 @@
---- compat/shm.cc.orig	2015-11-01 10:44:25 UTC
+--- compat/shm.cc.orig	2016-12-16 10:06:20 UTC
 +++ compat/shm.cc
 @@ -29,6 +29,8 @@ shm_portable_segment_name_is_path()
      size_t len = sizeof(jailed);

Modified: branches/2016Q4/www/squid-devel/files/patch-configure
==============================================================================
--- branches/2016Q4/www/squid-devel/files/patch-configure	Fri Dec 23 04:39:47 2016	(r429221)
+++ branches/2016Q4/www/squid-devel/files/patch-configure	Fri Dec 23 04:41:07 2016	(r429222)
@@ -1,6 +1,6 @@
---- configure.orig	2015-11-01 10:46:19 UTC
+--- configure.orig	2016-12-16 10:19:31 UTC
 +++ configure
-@@ -32038,7 +32040,7 @@ done
+@@ -33043,7 +33043,7 @@ done
  ##
  
  BUILD_HELPER="NIS"
@@ -9,7 +9,7 @@
  do :
    as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
  ac_fn_cxx_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "
-@@ -32053,8 +32055,10 @@ if eval test \"x\$"$as_ac_Header"\" = x"
+@@ -33058,8 +33058,10 @@ if eval test \"x\$"$as_ac_Header"\" = x"
  #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
  _ACEOF
  
@@ -22,7 +22,7 @@
  fi
  
  done
-@@ -32519,7 +32523,7 @@ done
+@@ -33532,7 +33534,7 @@ done
  
    # unconditionally requires crypt(3), for now
    if test "x$ac_cv_func_crypt" != "x"; then
@@ -31,7 +31,7 @@
  do :
    as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
  ac_fn_cxx_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
-@@ -34574,7 +34578,7 @@ for ac_header in \
+@@ -35882,7 +35884,7 @@ for ac_header in \
    arpa/nameser.h \
    assert.h \
    bstring.h \
@@ -40,7 +40,7 @@
    ctype.h \
    direct.h \
    errno.h \
-@@ -34785,6 +34789,7 @@ ac_fn_cxx_check_header_compile "$LINENO"
+@@ -36092,6 +36094,7 @@ ac_fn_cxx_check_header_compile "$LINENO"
  #include <netinet/ip.h>
  #endif
  #if HAVE_NETINET_IP_COMPAT_H
@@ -48,7 +48,7 @@
  #include <netinet/ip_compat.h>
  #endif
  #if HAVE_NETINET_IP_FIL_H
-@@ -38773,6 +38778,7 @@ if test "x$enable_ipf_transparent" != "x
+@@ -40315,6 +40318,7 @@ if test "x$enable_ipf_transparent" != "x
  #     include <sys/ioccom.h>
  #     include <netinet/in.h>
  
@@ -56,7 +56,7 @@
  #     include <netinet/ip_compat.h>
  #     include <netinet/ip_fil.h>
  #     include <netinet/ip_nat.h>
-@@ -38803,6 +38809,7 @@ else
+@@ -40345,6 +40349,7 @@ else
  #       include <sys/ioccom.h>
  #       include <netinet/in.h>
  #undef minor_t
@@ -64,7 +64,7 @@
  #       include <netinet/ip_compat.h>
  #       include <netinet/ip_fil.h>
  #       include <netinet/ip_nat.h>
-@@ -38847,6 +38854,7 @@ _ACEOF
+@@ -40389,6 +40394,7 @@ _ACEOF
  	ip_fil_compat.h \
  	ip_fil.h \
  	ip_nat.h \
@@ -72,7 +72,7 @@
  	netinet/ip_compat.h \
  	netinet/ip_fil_compat.h \
  	netinet/ip_fil.h \
-@@ -38876,6 +38884,7 @@ ac_fn_cxx_check_header_compile "$LINENO"
+@@ -40418,6 +40424,7 @@ ac_fn_cxx_check_header_compile "$LINENO"
  #if HAVE_IP_COMPAT_H
  #include <ip_compat.h>
  #elif HAVE_NETINET_IP_COMPAT_H

Modified: branches/2016Q4/www/squid-devel/files/patch-src-cf.data.pre
==============================================================================
--- branches/2016Q4/www/squid-devel/files/patch-src-cf.data.pre	Fri Dec 23 04:39:47 2016	(r429221)
+++ branches/2016Q4/www/squid-devel/files/patch-src-cf.data.pre	Fri Dec 23 04:41:07 2016	(r429222)
@@ -1,6 +1,6 @@
---- src/cf.data.pre.orig	2015-11-01 10:44:25 UTC
+--- src/cf.data.pre.orig	2016-12-16 10:06:20 UTC
 +++ src/cf.data.pre
-@@ -4558,6 +4558,10 @@ DEFAULT: @DEFAULT_PID_FILE@
+@@ -4754,6 +4754,10 @@ DEFAULT: @DEFAULT_PID_FILE@
  LOC: Config.pidFilename
  DOC_START
  	A filename to write the process-id to.  To disable, enter "none".

Modified: branches/2016Q4/www/squid-devel/files/patch-src_DiskIO_Mmapped_MmappedFile.cc
==============================================================================
--- branches/2016Q4/www/squid-devel/files/patch-src_DiskIO_Mmapped_MmappedFile.cc	Fri Dec 23 04:39:47 2016	(r429221)
+++ branches/2016Q4/www/squid-devel/files/patch-src_DiskIO_Mmapped_MmappedFile.cc	Fri Dec 23 04:41:07 2016	(r429222)
@@ -1,6 +1,6 @@
---- src/DiskIO/Mmapped/MmappedFile.cc.orig	2015-11-01 10:44:25 UTC
+--- src/DiskIO/Mmapped/MmappedFile.cc.orig	2016-12-16 10:06:20 UTC
 +++ src/DiskIO/Mmapped/MmappedFile.cc
-@@ -235,7 +235,7 @@ Mmapping::map()
+@@ -236,7 +236,7 @@ Mmapping::map()
      static const int pageSize = getpagesize();
      delta = offset % pageSize;
  

Modified: branches/2016Q4/www/squid-devel/files/patch-src__ip__Intercept.cc
==============================================================================
--- branches/2016Q4/www/squid-devel/files/patch-src__ip__Intercept.cc	Fri Dec 23 04:39:47 2016	(r429221)
+++ branches/2016Q4/www/squid-devel/files/patch-src__ip__Intercept.cc	Fri Dec 23 04:41:07 2016	(r429222)
@@ -1,6 +1,6 @@
---- src/ip/Intercept.cc.orig	2015-11-01 10:44:25 UTC
+--- src/ip/Intercept.cc.orig	2016-12-16 10:06:20 UTC
 +++ src/ip/Intercept.cc
-@@ -202,10 +202,10 @@ Ip::Intercept::IpfInterception(const Com
+@@ -206,10 +206,10 @@ Ip::Intercept::IpfInterception(const Com
      // for NAT lookup set local and remote IP:port's
      if (newConn->remote.isIPv6()) {
  #if IPFILTER_VERSION < 5000003
@@ -11,43 +11,5 @@
 -        warningLevel = (warningLevel + 1) % 10;
 +        warningLevel = (warningLevel + 1) % 1048576;
          return false;
- #else
-         natLookup.nl_v = 6;
-@@ -323,13 +323,21 @@
      }
- 
-     memset(&nl, 0, sizeof(struct pfioc_natlook));
--    newConn->remote.getInAddr(nl.saddr.v4);
-+    if (newConn->remote.isIPv4()) {
-+        newConn->remote.getInAddr(nl.saddr.v4);
-+    } else {
-+        newConn->remote.getInAddr(nl.saddr.v6);
-+    }
-     nl.sport = htons(newConn->remote.port());
- 
--    newConn->local.getInAddr(nl.daddr.v4);
-+    if (newConn->local.isIPv4()) {
-+        newConn->local.getInAddr(nl.daddr.v4);
-+    } else {
-+        newConn->local.getInAddr(nl.daddr.v6);
-+    }
-     nl.dport = htons(newConn->local.port());
- 
--    nl.af = AF_INET;
-+    nl.af = newConn->remote.isIPv4() ? AF_INET : AF_INET6;
-     nl.proto = IPPROTO_TCP;
-     nl.direction = PF_OUT;
- 
-@@ -345,7 +353,11 @@
-         debugs(89, 9, HERE << "address: " << newConn);
-         return false;
-     } else {
--        newConn->local = nl.rdaddr.v4;
-+        if (nl.af == AF_INET) {
-+            newConn->local = nl.rdaddr.v4;
-+        } else {
-+            newConn->local = nl.rdaddr.v6;
-+        }
-         newConn->local.port(ntohs(nl.rdport));
-         debugs(89, 5, HERE << "address NAT: " << newConn);
-         return true;
+     newConn->local.getInAddr(natLookup.nl_inip);

Modified: branches/2016Q4/www/squid-devel/files/patch-src_ipc_mem_Segment.cc
==============================================================================
--- branches/2016Q4/www/squid-devel/files/patch-src_ipc_mem_Segment.cc	Fri Dec 23 04:39:47 2016	(r429221)
+++ branches/2016Q4/www/squid-devel/files/patch-src_ipc_mem_Segment.cc	Fri Dec 23 04:41:07 2016	(r429222)
@@ -1,11 +1,11 @@
---- src/ipc/mem/Segment.cc.orig	2015-11-01 10:44:25 UTC
+--- src/ipc/mem/Segment.cc.orig	2016-12-16 10:06:20 UTC
 +++ src/ipc/mem/Segment.cc
-@@ -150,7 +150,7 @@ Ipc::Mem::Segment::attach()
+@@ -173,7 +173,7 @@ Ipc::Mem::Segment::attach()
      assert(theSize == static_cast<off_t>(static_cast<size_t>(theSize)));
  
      void *const p =
 -        mmap(NULL, theSize, PROT_READ | PROT_WRITE, MAP_SHARED, theFD, 0);
 +        mmap(NULL, theSize, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_NOSYNC, theFD, 0);
      if (p == MAP_FAILED) {
-         debugs(54, 5, HERE << "mmap " << theName << ": " << xstrerror());
-         fatalf("Ipc::Mem::Segment::attach failed to mmap(%s): %s\n",
+         int xerrno = errno;
+         debugs(54, 5, "mmap " << theName << ": " << xstrerr(xerrno));

Modified: branches/2016Q4/www/squid-devel/files/patch-src_tools.cc
==============================================================================
--- branches/2016Q4/www/squid-devel/files/patch-src_tools.cc	Fri Dec 23 04:39:47 2016	(r429221)
+++ branches/2016Q4/www/squid-devel/files/patch-src_tools.cc	Fri Dec 23 04:41:07 2016	(r429222)
@@ -1,4 +1,4 @@
---- src/tools.cc.orig	2015-11-01 10:44:25 UTC
+--- src/tools.cc.orig	2016-12-16 10:06:20 UTC
 +++ src/tools.cc
 @@ -603,7 +603,7 @@ no_suid(void)
      uid = geteuid();