head 1.10; access; symbols pkgsrc-2015Q2:1.7.0.2 pkgsrc-2015Q2-base:1.7 pkgsrc-2015Q1:1.5.0.2 pkgsrc-2015Q1-base:1.5 pkgsrc-2013Q4:1.2.0.6 pkgsrc-2013Q4-base:1.2 pkgsrc-2013Q3:1.2.0.4 pkgsrc-2013Q3-base:1.2 pkgsrc-2013Q2:1.2.0.2 pkgsrc-2013Q2-base:1.2 pkgsrc-2013Q1:1.1.0.2 pkgsrc-2013Q1-base:1.1; locks; strict; comment @# @; 1.10 date 2015.09.05.14.25.38; author adam; state dead; branches; next 1.9; commitid 2fLc3XS1o9FDw4Ay; 1.9 date 2015.08.17.16.39.38; author prlw1; state Exp; branches; next 1.8; commitid w2YqVAPxL3EOSDxy; 1.8 date 2015.07.06.09.39.40; author adam; state Exp; branches; next 1.7; commitid wZCVGmuue13pUcsy; 1.7 date 2015.06.01.16.18.20; author sborrill; state Exp; branches 1.7.2.1; next 1.6; commitid zaEWP1F5XIOefKny; 1.6 date 2015.05.04.09.13.35; author adam; state Exp; branches; next 1.5; commitid vDXT9FkygYbbM6ky; 1.5 date 2015.01.22.11.38.58; author obache; state Exp; branches 1.5.2.1; next 1.4; commitid DICVr5ND1jVIR07y; 1.4 date 2015.01.21.11.23.16; author adam; state Exp; branches; next 1.3; commitid xaOIdhxWe318PS6y; 1.3 date 2014.03.10.12.19.42; author adam; state dead; branches; next 1.2; commitid aXAxVyv8SUSFj9sx; 1.2 date 2013.05.23.20.21.28; author adam; state Exp; branches; next 1.1; commitid BVkYRyRZYBcPkNQw; 1.1 date 2013.02.10.18.16.53; author adam; state Exp; branches; next ; 1.7.2.1 date 2015.07.21.17.28.23; author tron; state Exp; branches; next ; commitid YeKdKYElgPrM1buy; 1.5.2.1 date 2015.05.11.19.42.27; author tron; state Exp; branches; next ; commitid hqzuWW9aunKg34ly; desc @@ 1.10 log @Changes 3.5.8: Fix FreeBSD Clang-3.5 build error Support splice for SSLv3 and TLSv1 sessions that start with an SSLv2 Hello Bug 3553: cache_swap_high ignored and maxCapacity used instead Fix memory leak in Surrogate-Capability header detection When a RESPMOD service aborts, mark the body it produced as truncated. Cleanup: fix assertion in Store unit tests Bug 3696: crash when client delay pools are activated Bug 4278: Docs: typo in the refresh_pattern freshness algorithm Bug 4306: build portability fix in Kerberos helpers Docs: auto-build release notes for snapshots FtpServer.cc:1024: "reply != NULL" assertion Work around clang-3.6 complaining of unknown attributes in libxml2 Ignore impossible SSL bumping actions, as intended and documented. Bug 4242: compile errors with eCAP using clang-3.6 Docs: fix typo in miss_access Bug 4285 partial: %us is not supported in access.log Bug 4302: IPFilter v5 transparent interception Docs: update intercept/tproxy related text Bug 4301: compile errors with IPFilter interception Polish: add debug section,level to cache.log Reject non-chunked HTTP messages with conflicting Content-Length values Boilerplate: update ignored files Boilerplate: add Foundation details to rfcnb and smblib documentation files Cleanup: de-duplicate fake-CONNECT code Use automake subdir-objects feature @ text @$NetBSD: patch-configure,v 1.9 2015/08/17 16:39:38 prlw1 Exp $ * Portability fix. http://bugs.squid-cache.org/show_bug.cgi?id=4306 * Fix broken tests for IPFilter http://bugs.squid-cache.org/show_bug.cgi?id=4301 --- configure.orig 2015-08-01 06:10:24.000000000 +0000 +++ configure @@@@ -32753,7 +32753,7 @@@@ done ## Please see the COPYING and CONTRIBUTORS files for details. ## -if test "x$with_krb5" == "xyes"; then +if test "x$with_krb5" = "xyes"; then BUILD_HELPER="kerberos" fi @@@@ -33327,7 +33327,7 @@@@ done ## Please see the COPYING and CONTRIBUTORS files for details. ## -if test "x$with_krb5" == "xyes"; then +if test "x$with_krb5" = "xyes"; then BUILD_HELPER="kerberos_ldap_group" if test "x$with_apple_krb5" = "xyes" ; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lresolv" >&5 @@@@ -38704,6 +38704,7 @@@@ if test "x$enable_ipf_transparent" != "x /* end confdefs.h. */ # include +# include # include # include @@@@ -38733,6 +38734,7 @@@@ else #define minor_t fubaar # include +# include # include # include #undef minor_t @@@@ -38756,8 +38758,7 @@@@ $as_echo "yes" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: unable to make IPFilter work with netinet/ headers" >&5 -$as_echo "unable to make IPFilter work with netinet/ headers" >&6; } + as_fn_error $? "unable to make IPFilter work with netinet/ headers" "$LINENO" 5 fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext @@@@ -38795,6 +38796,9 @@@@ ac_fn_cxx_check_header_compile "$LINENO" #if HAVE_SYS_TYPES_H #include #endif +#if HAVE_SYS_TIME_H +#include +#endif #if HAVE_NETINET_IN_H #include #endif @ 1.9 log @Fix transparent proxying with IPFilter v5. Also fix ipf configure test, and remove superfluous debug patch. @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.8 2015/07/06 09:39:40 adam Exp $ @ 1.8 log @Changes 3.5.6: * ext_edirectory_userip_acl: fix uninitialized variable * Do not blindly forward cache peer CONNECT responses. * Bug 3483: assertion failed store.cc:1866: 'isEmpty()' * Use relative-URL in errorpage.css for SN.png * Bug 4193: Memory leak on FTP listings * Bug 4274: ssl_crtd.8 not being installed * Fix CONNECT failover to IPv4 after trying broken IPv6 servers * Bug 4183: segfault when freeing https_port clientca on reconfigure or exit. * TLS: Disable client-initiated renegotiation * Translations: add Spanish US dialect alias * Cleanup: replace __DATE__ and __TIME__ macros * Fix assertion String.cc:221: "str" * Fix assertion comm.cc:759: "Comm::IsConnOpen(conn)" in ConnStateData::getSslContextDone * Bug 3875: bad mimeLoadIconFile error handling * Support custom OIDs in *_cert ACLs * Bug 3329: The server side pinned connection is not closed properly @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.7 2015/06/01 16:18:20 sborrill Exp $ d4 1 d6 1 d8 3 a10 3 --- configure.orig 2015-05-01 12:29:25.000000000 +0100 +++ configure 2015-05-29 11:47:07.000000000 +0100 @@@@ -32733,7 +32733,7 @@@@ d19 1 a19 1 @@@@ -33292,7 +33292,7 @@@@ d28 23 a50 1 @@@@ -38708,7 +38708,7 @@@@ a51 4 { $as_echo "$as_me:${as_lineno-$LINENO}: result: unable to make IPFilter work with netinet/ headers" >&5 $as_echo "unable to make IPFilter work with netinet/ headers" >&6; } - + squid_cv_broken_ipfilter_minor_t=0 d54 3 a56 4 @@@@ -38751,6 +38751,9 @@@@ #if HAVE_SYS_IOCCOM_H #include d58 2 a59 2 +#if HAVE_NET_IF_H +#include d61 2 a62 2 #if USE_SOLARIS_IPFILTER_MINOR_T_HACK #undef minor_t @ 1.7 log @Fix transparent proxying with IPFilter. Patch submitted to squid mailing list. @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.6 2015/05/04 09:13:35 adam Exp $ a44 15 @@@@ -41022,6 +41025,14 @@@@ case $ac_option in # Handling of the options. -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + : Avoid regenerating within pkgsrc + exit 0 + : Avoid regenerating within pkgsrc + exit 0 + : Avoid regenerating within pkgsrc + exit 0 + : Avoid regenerating within pkgsrc + exit 0 ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) $as_echo "$ac_cs_version"; exit ;; @ 1.7.2.1 log @Pullup ticket #4777 - requested by taca www/squid3: security update Revisions pulled up: - www/squid3/Makefile 1.49 - www/squid3/PLIST 1.11 - www/squid3/distinfo 1.35 - www/squid3/patches/patch-configure 1.8 --- Module Name: pkgsrc Committed By: adam Date: Mon Jul 6 09:39:40 UTC 2015 Modified Files: pkgsrc/www/squid3: Makefile PLIST distinfo pkgsrc/www/squid3/patches: patch-configure Log Message: Changes 3.5.6: * ext_edirectory_userip_acl: fix uninitialized variable * Do not blindly forward cache peer CONNECT responses. * Bug 3483: assertion failed store.cc:1866: 'isEmpty()' * Use relative-URL in errorpage.css for SN.png * Bug 4193: Memory leak on FTP listings * Bug 4274: ssl_crtd.8 not being installed * Fix CONNECT failover to IPv4 after trying broken IPv6 servers * Bug 4183: segfault when freeing https_port clientca on reconfigure or exit. * TLS: Disable client-initiated renegotiation * Translations: add Spanish US dialect alias * Cleanup: replace __DATE__ and __TIME__ macros * Fix assertion String.cc:221: "str" * Fix assertion comm.cc:759: "Comm::IsConnOpen(conn)" in ConnStateData::getSslContextDone * Bug 3875: bad mimeLoadIconFile error handling * Support custom OIDs in *_cert ACLs * Bug 3329: The server side pinned connection is not closed properly @ text @d1 1 a1 1 $NetBSD$ d45 15 @ 1.6 log @Changes 3.5.4: * Fix X509 server certificate domain matching * Bug 3775: Disable HTTP/1.1 pipeline feature for pinned connections * Cleanup: Display correct error code in debugging output for IoCallback::finish * Cleanup: Fix spelling error in debug message in parseHttpRequest() * Cleanup: Add whitespace to make debug message in writeComplete() more readable * Add Kerberos support for MAC OS X 10.x * Bug 4234: comm_connect_addr uses errno incorrectly * Fix 'access_log none' to prevent following logs being used * Unexpected SQUID_X509_V_ERR_DOMAIN_MISMATCH errors while accessing sites with valid certificates * Docs: Update CONTRIBUTORS * Ensure class Lock counter remains within bounds * Portability: Add hacks to define C++11 explicit N-bit type limits * Fix SSL_get_peer_certificate memory leak * Bug 4231 pt2: comm_open_uds does not provide description for newly opened FD * Bug 4231 pt1: fd_open() not correctly handling empty descriptions * Negotiate Kerberos authentication request size exceeds output buffer size. * Do not increment an iterator invalidated by std::map::erase(). * Fix require-proxy-header preventing HTTPS proxying and ssl-bump * Fix atomics check broken by C++11 #include added in v3.5 branch r13783 * Support for resuming TLS sessions * Bug 4212: ssl_crtd crashes with corrupt database * Fix rev.13795 ServerName class * Add server_name ACL matching server name(s) obtained from various sources * Bug 4226: digest_edirectory_auth: found but cannot be built * Invalid request->clientConnectionManager object used by Ssl::PeerConnector::handleNegotiateError * Bug 4198: assertion failed: client_side.h:364: "sslServerBump == srvBump" * Fix cross-compile issues with SSL_get_certificate() * Docs: RFC 7238 obsoleted by RFC 7538 * Boilerplate: reference Translator copyrights in CREDITS * Cleanup: Place explicit size on ref-count lock counter * Cleanup: extend SBuf debugging information * digest_edirectory_auth: Fix -lnettle dependency error @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.5 2015/01/22 11:38:58 obache Exp $ d4 1 d6 3 a8 3 --- configure.orig 2015-05-01 11:29:25.000000000 +0000 +++ configure @@@@ -32733,7 +32733,7 @@@@ done d17 1 a17 1 @@@@ -33292,7 +33292,7 @@@@ done d26 34 @ 1.5 log @int64_t GNU atomic operations are used, check them instead in configure. i486 is not sufficient, i686 and/or much newer compiler will be required for NetBSD-5.*-i386. @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.4 2015/01/21 11:23:16 adam Exp $ a2 1 * int64_t GNU atomic operations are used, check them instead. d5 1 a5 1 --- configure.orig 2015-01-13 12:54:26.000000000 +0000 d7 1 a7 18 @@@@ -20128,8 +20128,14 @@@@ $as_echo "cross-compiler cant tell" >&6; else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - - int n = 0; +$ac_includes_default +#ifdef HAVE_INTTYPES_H +# include +#endif +#ifdef HAVE_STDINT_H +# include +#endif + int64_t n = 0; int main () @@@@ -32600,7 +32606,7 @@@@ done d16 1 a16 1 @@@@ -33141,7 +33147,7 @@@@ done d23 2 a24 2 squid_cv_check_sasl="auto" @ 1.5.2.1 log @Pullup ticket #4711 - requested by taca www/squid3: security update Revisions pulled up: - www/squid3/Makefile 1.45 - www/squid3/distinfo 1.32 - www/squid3/options.mk 1.16 - www/squid3/patches/patch-configure 1.6 --- Module Name: pkgsrc Committed By: adam Date: Mon May 4 09:13:35 UTC 2015 Modified Files: pkgsrc/www/squid3: Makefile distinfo options.mk pkgsrc/www/squid3/patches: patch-configure Log Message: Changes 3.5.4: * Fix X509 server certificate domain matching * Bug 3775: Disable HTTP/1.1 pipeline feature for pinned connections * Cleanup: Display correct error code in debugging output for IoCallback::finish * Cleanup: Fix spelling error in debug message in parseHttpRequest() * Cleanup: Add whitespace to make debug message in writeComplete() more readable * Add Kerberos support for MAC OS X 10.x * Bug 4234: comm_connect_addr uses errno incorrectly * Fix 'access_log none' to prevent following logs being used * Unexpected SQUID_X509_V_ERR_DOMAIN_MISMATCH errors while accessing sites with valid certificates * Docs: Update CONTRIBUTORS * Ensure class Lock counter remains within bounds * Portability: Add hacks to define C++11 explicit N-bit type limits * Fix SSL_get_peer_certificate memory leak * Bug 4231 pt2: comm_open_uds does not provide description for newly opened FD * Bug 4231 pt1: fd_open() not correctly handling empty descriptions * Negotiate Kerberos authentication request size exceeds output buffer size. * Do not increment an iterator invalidated by std::map::erase(). * Fix require-proxy-header preventing HTTPS proxying and ssl-bump * Fix atomics check broken by C++11 #include added in v3.5 branch r13783 * Support for resuming TLS sessions * Bug 4212: ssl_crtd crashes with corrupt database * Fix rev.13795 ServerName class * Add server_name ACL matching server name(s) obtained from various sources * Bug 4226: digest_edirectory_auth: found but cannot be built * Invalid request->clientConnectionManager object used by Ssl::PeerConnector::handleNegotiateError * Bug 4198: assertion failed: client_side.h:364: "sslServerBump == srvBump" * Fix cross-compile issues with SSL_get_certificate() * Docs: RFC 7238 obsoleted by RFC 7538 * Boilerplate: reference Translator copyrights in CREDITS * Cleanup: Place explicit size on ref-count lock counter * Cleanup: extend SBuf debugging information * digest_edirectory_auth: Fix -lnettle dependency error @ text @d1 1 a1 1 $NetBSD$ d3 1 d6 1 a6 1 --- configure.orig 2015-05-01 11:29:25.000000000 +0000 d8 18 a25 1 @@@@ -32733,7 +32733,7 @@@@ done d34 1 a34 1 @@@@ -33292,7 +33292,7 @@@@ done d41 2 a42 2 if test "x$with_apple_krb5" = "xyes" ; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lresolv" >&5 @ 1.4 log @Changes 3.5.1: Support libecap v1.0 Authentication helper query extensions Support named services Upgraded squidclient tool Helper support for concurrency channels Native FTP Relay Receive PROXY protocol, Versions 1 & 2 Basic authentication MSNT helper changes @ text @d1 1 a1 1 $NetBSD$ d3 2 a4 1 Portability fix. d6 1 a6 1 --- configure.orig 2015-01-21 08:58:55.000000000 +0000 d8 18 a25 1 @@@@ -32600,7 +32600,7 @@@@ done d34 1 a34 1 @@@@ -33141,7 +33141,7 @@@@ done @ 1.3 log @Changes 3.4.4: * Avoid assertions on Range requests that trigger Squid-generated errors. * Protect MemBlob::append() against raw-space writes * Copyright: Relicense helpers by Treehouse Networks Ltd. * Portability: define CMSG related structures individually * Fix helper ID number assignment * Fixed stalled concurrent rock store reads by insuring their ID uniqueness. * Bug 3186, Bug 3628: Digest authentication always sending stale=false for nonce * dynamic_cert_mem_cache_size option related fixes * Fix umask default on crash report generated email * Fix pthread library detection on FreeBSD 10 * Bug 4029: intercepted HTTPS requests bypass caching checks * Bug 4026: SSL and adaptation_access does not handle aborted connections * Bug 4001: remove use of strsep() * Move compat/unsafe.h protections from libcompat to source maintenance * Bug 3969: user credentials cache lookup for Digest authentication broken * Various fixes to configure for FreeBSD 10 * Regression Bug 3769: client_netmask not evaluated since Comm redesign @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.2 2013/05/23 20:21:28 adam Exp $ d3 1 a3 1 Compatibility problems. d5 1 a5 1 --- configure.orig 2013-05-20 11:50:55.000000000 +0000 d7 7 a13 19 @@@@ -22798,7 +22798,7 @@@@ fi done - if test "x$ac_heimdal" == "x" ; then + if test "x$ac_heimdal" = "x" ; then for ac_header in gssapi/gssapi_generic.h do : ac_fn_cxx_check_header_mongrel "$LINENO" "gssapi/gssapi_generic.h" "ac_cv_header_gssapi_gssapi_generic_h" "$ac_includes_default" @@@@ -22995,7 +22995,7 @@@@ done ac_com_error_message=no - if test "x$ac_cv_header_com_err_h" == "xyes" ; then + if test "x$ac_cv_header_com_err_h" = "xyes" ; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@@@ -23007,7 +23007,7 @@@@ if (eval "$ac_cpp conftest.$ac_ext") 2>& a14 1 rm -f conftest* d16 7 a22 17 - elif test "x$ac_cv_header_et_com_err_h" == "xyes" ; then + elif test "x$ac_cv_header_et_com_err_h" = "xyes" ; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@@@ -23068,7 +23068,7 @@@@ $as_echo "#define HAVE_MAX_SKEW_IN_KRB5_ fi - if test `echo $KRB5LIBS | grep -c com_err` -ne 0 -a "x$ac_com_error_message" == "xyes" ; then + if test `echo $KRB5LIBS | grep -c com_err` -ne 0 -a "x$ac_com_error_message" = "xyes" ; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for error_message in -lcom_err" >&5 $as_echo_n "checking for error_message in -lcom_err... " >&6; } if ${ac_cv_lib_com_err_error_message+:} false; then : @@@@ -23111,7 +23111,7 @@@@ $as_echo "#define HAVE_ERROR_MESSAGE 1" fi d24 1 a24 5 - elif test "x$ac_com_error_message" == "xyes" ; then + elif test "x$ac_com_error_message" = "xyes" ; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for error_message in -lkrb5" >&5 $as_echo_n "checking for error_message in -lkrb5... " >&6; } if ${ac_cv_lib_krb5_error_message+:} false; then : @ 1.2 log @Changes 3.3.5: * Allocate ClientInfo::hash.key using malloc() instead of new char[] * Bug 3851: Delay Pool class 5 tag:levels displayed incorrectly in cache manager * Use case-insensitive comparison for HTTP header names in *_header_access * Bug 3744: squid terminated: FATAL: Bungled (null) line 3: sslproxy_cert_sign signTrusted all * Bug 3759: OpenSSL compilation error on stock Fedora17, RHEL, CentOS 6 systems * Bug 3816: SSL_get_certificate call inside Ssl::verifySslCertificate crashes squid, part2 * Port from 2.6: external acl %ACL and %DATA tags * Log an ERROR instead of halting on unknown cache_dir types * Add missing piece omitted from rev.9677 * Remove origin_tries limiter on forwarding * Fixed leaking configurable SSL error details. * Fix memory error with Kerberos authentication * Avoid !closing assertions when helpers call comm_read [during reconfigure]. * Avoid Comm::Connection leaks when helpers are reconfigured or otherwise closed. * find-alive.pl: Replaced HttpReq entry (already covered by the guessing code) with HttpHeaderEntry entry * Docs: Polish [http::]>h and [http::]>ha descriptions to emphasize their pre-cache scope * Polish: show file path on Bungled lines @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.1 2013/02/10 18:16:53 adam Exp $ @ 1.1 log @Squid 3.3 represents a new feature release above 3.2. The most important of these new features are: * SQL Database logging helper * Time-Quota session helper * SSL-Bump Server First * Server Certificate Mimic * Custom HTTP request headers @ text @d1 1 a1 1 $NetBSD$ d5 1 a5 1 --- configure.orig 2013-02-09 07:30:57.000000000 +0000 d7 1 a7 1 @@@@ -22437,7 +22437,7 @@@@ fi d16 1 a16 1 @@@@ -22634,7 +22634,7 @@@@ done d25 1 a25 1 @@@@ -22646,7 +22646,7 @@@@ if (eval "$ac_cpp conftest.$ac_ext") 2>& d34 1 a34 1 @@@@ -22707,7 +22707,7 @@@@ $as_echo "#define HAVE_MAX_SKEW_IN_KRB5_ d43 1 a43 1 @@@@ -22750,7 +22750,7 @@@@ $as_echo "#define HAVE_ERROR_MESSAGE 1" @