Date: 18 Jun 2004 11:39:37 -0000 From: Thomas-Martin Seck <tmseck@netcologne.de> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/68078: [Maintainer] www/squid: fix NTLM helper patch, minor cleanups Message-ID: <20040618113937.12821.qmail@laurel.tmseck.homedns.org> Resent-Message-ID: <200406181140.i5IBeRWq090794@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 68078 >Category: ports >Synopsis: [Maintainer] www/squid: fix NTLM helper patch, minor cleanups >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Fri Jun 18 11:40:26 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Thomas-Martin Seck >Release: FreeBSD 4.10-STABLE i386 >Organization: a private site in Germany >Environment: FreeBSD ports collection as of June 18th, 2004 >Description: - correct the patch for the NTLM helper vulnerability according to <http://www.squid-cache.org/bugs/show_bug.cgi?id=998>; - apply some cleanups: + prefer PATCHDIR over FILEDIR when referring patches + remove unnecessary quotes + move all substitution tasks to the post-patch target + use "${FALSE}" instead of "exit 1" to generate error 1 from a shell - bump PORTREVISION >How-To-Repeat: >Fix: Apply this patch: Index: files/patch-helpers-ntlm_auth-SMB-libntlmssp.c =================================================================== --- files/patch-helpers-ntlm_auth-SMB-libntlmssp.c (.../www/squid) (revision 96) +++ files/patch-helpers-ntlm_auth-SMB-libntlmssp.c (.../local/squid) (revision 96) @@ -3,18 +3,12 @@ Original advisory: <http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities&flashstatus=false>; CVE-ID: CAN-2004-0541 -Patch obtained from: +Patch and correction obtained from: <http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch>; -The patch was slightly modified by me (tmseck@netcologne.de) to make -it apply cleanly to the FreeBSD port. +<http://www.squid-cache.org/bugs/show_bug.cgi?id=998>; -Index: libntlmssp.c -=================================================================== -RCS file: /server/cvs-server/squid/squid/helpers/ntlm_auth/SMB/libntlmssp.c,v -retrieving revision 1.7 -diff -u -3 -p -u -r1.7 libntlmssp.c ---- helpers/ntlm_auth/SMB/libntlmssp.c 30 Nov 2001 09:50:28 -0000 1.7 -+++ helpers/ntlm_auth/SMB/libntlmssp.c 20 May 2004 22:31:33 -0000 +--- helpers/ntlm_auth/SMB/libntlmssp.c.orig Fri Nov 30 10:50:06 2001 ++++ helpers/ntlm_auth/SMB/libntlmssp.c Fri Jun 18 13:17:35 2004 @@ -161,7 +161,10 @@ make_challenge(char *domain, char *domai #define min(A,B) (A<B?A:B) @@ -36,7 +30,7 @@ char *domain = credentials; char *user; lstring tmp; -@@ -215,8 +218,13 @@ ntlm_check_auth(ntlm_authenticate * auth +@@ -215,6 +218,11 @@ ntlm_check_auth(ntlm_authenticate * auth ntlm_errno = NTLM_LOGON_ERROR; return NULL; } @@ -46,11 +40,8 @@ + return NULL; + } memcpy(domain, tmp.str, tmp.l); -- user = domain + tmp.l; -+ user = domain + tmp.l + 1; + user = domain + tmp.l; *user++ = '\0'; - - /* debug("fetching user name\n"); */ @@ -226,20 +234,30 @@ ntlm_check_auth(ntlm_authenticate * auth ntlm_errno = NTLM_LOGON_ERROR; return NULL; Index: Makefile =================================================================== --- Makefile (.../www/squid) (revision 96) +++ Makefile (.../local/squid) (revision 96) @@ -29,7 +29,7 @@ PORTNAME= squid PORTVERSION= 2.5.5 -PORTREVISION= 10 +PORTREVISION= 11 CATEGORIES= www MASTER_SITES= \ ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ @@ -218,7 +218,7 @@ .if ${OSVERSION} < 502106 pf_includedir= ${LOCALBASE}/include/pf BUILD_DEPENDS+= ${pf_includedir}/net/pfvar.h:${PORTSDIR}/security/pf -CFLAGS+= "-I${pf_includedir}" +CFLAGS+= -I${pf_includedir} EXTRA_PATCHES+= ${WRKDIR}/pf_from_ports.patch .endif .endif @@ -284,18 +284,16 @@ pre-patch: # Check whether we need to create the extra patch that makes pf(4) -# visible for squid's configure script: +# visible to squid's configure script: .if defined(pf_includedir) @${SED} -e 's|%%PF_INCLUDEDIR%%|${pf_includedir}|g' \ -e 's|%%PF_AC_INCLUDEPATH%%|${pf_includedir:S,/,_,g}|g' \ - ${FILESDIR}/pf_from_ports.patch.in >${WRKDIR}/pf_from_ports.patch + ${PATCHDIR}/pf_from_ports.patch.in >${WRKDIR}/pf_from_ports.patch .endif post-patch: @${REINPLACE_CMD} -e 's|-lpthread|${PTHREAD_LIBS}|g' ${WRKSRC}/configure @${REINPLACE_CMD} -e 's|/etc|${PREFIX}/etc|g' ${WRKSRC}/doc/squid.8 - -pre-configure: @${REINPLACE_CMD} -e 's|%%SQUID_UID%%|${SQUID_UID}|g' \ -e 's|%%SQUID_GID%%|${SQUID_GID}|g' ${WRKSRC}/src/cf.data.pre @@ -348,10 +346,10 @@ .if ${SQUID_UID:L} == nobody @${ECHO_CMD} "'nobody' is a system user, you do not need to execute"; \ ${ECHO_CMD} "this target!" - exit 1 + ${FALSE} .endif @if [ `${ID} -u` -ne 0 ]; \ - then ${ECHO_CMD} "Sorry, you must be root to use this target."; exit 1; fi; \ + then ${ECHO_CMD} "Sorry, you must be root to use this target."; ${FALSE}; fi; \ current_uid=`id -u ${SQUID_UID}`; \ current_gid=`pw groupshow ${SQUID_GID}|cut -f 3 -d :`; \ ${ECHO_CMD} "I will remove this user:"; \ >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040618113937.12821.qmail>