From owner-svn-ports-all@freebsd.org Mon Mar 14 16:27:35 2016 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7C89CAD08EF; Mon, 14 Mar 2016 16:27:35 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 56E85BBE; Mon, 14 Mar 2016 16:27:35 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u2EGRYgd044590; Mon, 14 Mar 2016 16:27:34 GMT (envelope-from feld@FreeBSD.org) Received: (from feld@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u2EGRYbN044587; Mon, 14 Mar 2016 16:27:34 GMT (envelope-from feld@FreeBSD.org) Message-Id: <201603141627.u2EGRYbN044587@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: feld set sender to feld@FreeBSD.org using -f From: Mark Felder Date: Mon, 14 Mar 2016 16:27:34 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r411101 - in branches/2016Q1/www/squid: . files X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Mar 2016 16:27:35 -0000 Author: feld Date: Mon Mar 14 16:27:33 2016 New Revision: 411101 URL: https://svnweb.freebsd.org/changeset/ports/411101 Log: MFH: r411100 www/squid: Fix crashes under heavy load Squid 3.5.15 addresses security issues, but reports have been made that it is unstable under load. These patches repair stability while not requiring we downgrade to 3.5.14 which reintroduces security vulnerabilities. PR: 207762 Approved by: maintainer Approved by: ports-secteam (with hat) Modified: branches/2016Q1/www/squid/Makefile branches/2016Q1/www/squid/distinfo branches/2016Q1/www/squid/files/patch-configure Directory Properties: branches/2016Q1/ (props changed) Modified: branches/2016Q1/www/squid/Makefile ============================================================================== --- branches/2016Q1/www/squid/Makefile Mon Mar 14 16:26:40 2016 (r411100) +++ branches/2016Q1/www/squid/Makefile Mon Mar 14 16:27:33 2016 (r411101) @@ -2,6 +2,7 @@ PORTNAME= squid PORTVERSION= 3.5.15 +PORTREVISION= 1 CATEGORIES= www ipv6 MASTER_SITES= http://www.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \ http://www2.us.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \ @@ -17,7 +18,10 @@ PATCH_SITES= http://www.squid-cache.org/ http://www1.jp.squid-cache.org/%SUBDIR%/ \ http://master.squid-cache.org/~amosjeffries/patches/:nosid PATCH_SITE_SUBDIR= Versions/v3/${PORTVERSION:R}/changesets -PATCHFILES= # empty +PATCHFILES= squid-3.5-13997.patch \ + squid-3.5-13998.patch \ + squid-3.5-13999.patch \ + squid-3.5-14000.patch MAINTAINER= timp87@gmail.com COMMENT= HTTP Caching Proxy Modified: branches/2016Q1/www/squid/distinfo ============================================================================== --- branches/2016Q1/www/squid/distinfo Mon Mar 14 16:26:40 2016 (r411100) +++ branches/2016Q1/www/squid/distinfo Mon Mar 14 16:27:33 2016 (r411101) @@ -1,2 +1,10 @@ SHA256 (squid3.5/squid-3.5.15.tar.xz) = 9cfce3231c7b3b33816fc54414d8720a51ac5e723663e0685a8bb995b9f450d2 SIZE (squid3.5/squid-3.5.15.tar.xz) = 2315628 +SHA256 (squid3.5/squid-3.5-13997.patch) = 43533b41af0e5d067c576de87842b85a33bac9b293c19d816fa1475324eb89fd +SIZE (squid3.5/squid-3.5-13997.patch) = 1509 +SHA256 (squid3.5/squid-3.5-13998.patch) = c53a9d3e48224b06eedb5867b248e1b1c1226deab73c7c4d9ce8f72524e91214 +SIZE (squid3.5/squid-3.5-13998.patch) = 8184 +SHA256 (squid3.5/squid-3.5-13999.patch) = 07e82e0b7f0d766de443277f1153165177c867cbc75514890f2fe4de8d43c820 +SIZE (squid3.5/squid-3.5-13999.patch) = 1585 +SHA256 (squid3.5/squid-3.5-14000.patch) = 36578a13e87150d1604b543c68b419de1c941be3f90e80fbf464f9c23139e2de +SIZE (squid3.5/squid-3.5-14000.patch) = 1676 Modified: branches/2016Q1/www/squid/files/patch-configure ============================================================================== --- branches/2016Q1/www/squid/files/patch-configure Mon Mar 14 16:26:40 2016 (r411100) +++ branches/2016Q1/www/squid/files/patch-configure Mon Mar 14 16:27:33 2016 (r411101) @@ -1,15 +1,18 @@ --- configure.orig 2015-11-01 10:46:19 UTC +++ configure -@@ -27107,9 +27107,6 @@ - if test "x$ac_cv_path_krb5_config" != "xno" ; then - krb5confpath="`dirname $ac_cv_path_krb5_config`" - ac_heimdal="`$ac_cv_path_krb5_config --version 2>/dev/null | grep -c -i heimdal`" -- if test "x$with_heimdal_krb5" = "xyes"; then -- as_fn_error $? "Could not find pkg-config or krb5-config for Heimdal Kerberos" "$LINENO" 5 -- fi - else - if test "x$with_heimdal_krb5" = "xyes"; then - as_fn_error $? "Could not find krb5-config in path" "$LINENO" 5 +@@ -27729,9 +27729,11 @@ + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + squid_pc_krb5_name="heimdal-gssapi" ++ else ++ squid_pc_krb5_name="heimdal-gssapi" + fi + fi +- if test "x$squid_pc_krb5_name" != "x" -a "$cross_compiling" = "no"; then ++ if test "x$squid_pc_krb5_name" = "x" -a "$cross_compiling" = "no"; then + # Look for krb5-config (unless cross-compiling) + # Extract the first word of "krb5-config", so it can be a program name with args. + set dummy krb5-config; ac_word=$2 @@ -32038,7 +32040,7 @@ done ##