From 535910590731ee5b76a71f85083ee81a09b98d13 Mon Sep 17 00:00:00 2001
From: brad <brad@openbsd.org>
Date: Wed, 25 May 2005 02:27:13 +0000
Subject: [PATCH] upgrade to 2.5.STABLE10

- Malicious users may spoof DNS lookups if the DNS client UDP port (random,
  assigned by OS at startup) is unfiltered and your network is not protected
  from IP spoofing.
- CVE-1999-0710, adds access controls to the cachemgr.cgi script, preventing
  it from being abused to reach other servers than allowed in a local
  configuration file.
---
 www/squid/Makefile                         |  4 ++--
 www/squid/distinfo                         |  8 ++++----
 www/squid/patches/patch-configure_in       |  8 ++++----
 www/squid/patches/patch-errors_Makefile_in |  8 ++++----
 www/squid/patches/patch-icons_Makefile_in  |  8 ++++----
 www/squid/patches/patch-src_Makefile_in    | 20 +++++++++++---------
 www/squid/patches/patch-src_cf_data_pre    | 10 +++++-----
 www/squid/pkg/PLIST                        |  7 +++++--
 8 files changed, 39 insertions(+), 34 deletions(-)

diff --git a/www/squid/Makefile b/www/squid/Makefile
index 9c37b38c885..080a383df25 100644
--- a/www/squid/Makefile
+++ b/www/squid/Makefile
@@ -1,8 +1,8 @@
-# $OpenBSD: Makefile,v 1.72 2005/02/25 16:37:25 brad Exp $
+# $OpenBSD: Makefile,v 1.73 2005/05/25 02:27:13 brad Exp $
 
 COMMENT=	"WWW and FTP proxy cache and accelerator"
 
-DISTNAME=	squid-2.5.STABLE9
+DISTNAME=	squid-2.5.STABLE10
 CATEGORIES=	www
 MASTER_SITES=	${HOMEPAGE}Versions/v2/2.5/
 DIST_SUBDIR=	squid
diff --git a/www/squid/distinfo b/www/squid/distinfo
index fdd8b2f3bed..857c03e239c 100644
--- a/www/squid/distinfo
+++ b/www/squid/distinfo
@@ -1,4 +1,4 @@
-MD5 (squid/squid-2.5.STABLE9.tar.gz) = b0cf322157a7923c16b27bb12e4bf92f
-RMD160 (squid/squid-2.5.STABLE9.tar.gz) = edaf0aeaf2bc408afc5b38145a6f5cb1be3f33d4
-SHA1 (squid/squid-2.5.STABLE9.tar.gz) = c04f308f5e32068ca88eca96c8cdb01a76e965ea
-SIZE (squid/squid-2.5.STABLE9.tar.gz) = 1372326
+MD5 (squid/squid-2.5.STABLE10.tar.gz) = b74d7a0be462e9e3435ab771316385af
+RMD160 (squid/squid-2.5.STABLE10.tar.gz) = f33c343cb834075a1d6df7d0dd690721b62cfc22
+SHA1 (squid/squid-2.5.STABLE10.tar.gz) = 20682b8b5250592deb2a531df353f23e265456b5
+SIZE (squid/squid-2.5.STABLE10.tar.gz) = 1383522
diff --git a/www/squid/patches/patch-configure_in b/www/squid/patches/patch-configure_in
index 11444c43a2b..ceb8bff2323 100644
--- a/www/squid/patches/patch-configure_in
+++ b/www/squid/patches/patch-configure_in
@@ -1,7 +1,7 @@
-$OpenBSD: patch-configure_in,v 1.15 2004/10/20 21:44:21 brad Exp $
---- configure.in.orig	Mon Oct 11 16:27:03 2004
-+++ configure.in	Wed Oct 20 16:43:07 2004
-@@ -1633,18 +1633,6 @@ dnl during compile.
+$OpenBSD: patch-configure_in,v 1.16 2005/05/25 02:27:13 brad Exp $
+--- configure.in.orig	Mon May 16 18:41:14 2005
++++ configure.in	Wed May 18 18:10:12 2005
+@@ -1710,18 +1710,6 @@ dnl during compile.
  		;;
  esac
  
diff --git a/www/squid/patches/patch-errors_Makefile_in b/www/squid/patches/patch-errors_Makefile_in
index ce2bbb1a792..a9b97e4e205 100644
--- a/www/squid/patches/patch-errors_Makefile_in
+++ b/www/squid/patches/patch-errors_Makefile_in
@@ -1,7 +1,7 @@
-$OpenBSD: patch-errors_Makefile_in,v 1.5 2004/07/11 17:00:47 brad Exp $
---- errors/Makefile.in.orig	Tue Jun  8 07:37:11 2004
-+++ errors/Makefile.in	Sun Jul 11 12:23:14 2004
-@@ -118,7 +118,7 @@ am__quote = @am__quote@
+$OpenBSD: patch-errors_Makefile_in,v 1.6 2005/05/25 02:27:13 brad Exp $
+--- errors/Makefile.in.orig	Fri Mar 18 19:55:41 2005
++++ errors/Makefile.in	Wed May 18 18:10:12 2005
+@@ -119,7 +119,7 @@ am__quote = @am__quote@
  install_sh = @install_sh@
  makesnmplib = @makesnmplib@
  
diff --git a/www/squid/patches/patch-icons_Makefile_in b/www/squid/patches/patch-icons_Makefile_in
index ba8d30a55ef..7fc16d74688 100644
--- a/www/squid/patches/patch-icons_Makefile_in
+++ b/www/squid/patches/patch-icons_Makefile_in
@@ -1,7 +1,7 @@
-$OpenBSD: patch-icons_Makefile_in,v 1.5 2004/07/11 17:00:47 brad Exp $
---- icons/Makefile.in.orig	Tue Jun  8 07:37:22 2004
-+++ icons/Makefile.in	Sun Jul 11 12:23:14 2004
-@@ -146,7 +146,7 @@ ICON2 = anthony-bomb.gif \
+$OpenBSD: patch-icons_Makefile_in,v 1.6 2005/05/25 02:27:13 brad Exp $
+--- icons/Makefile.in.orig	Fri Mar 18 19:55:51 2005
++++ icons/Makefile.in	Wed May 18 18:10:12 2005
+@@ -147,7 +147,7 @@ ICON2 = anthony-bomb.gif \
  		anthony-xpm.gif
  
  
diff --git a/www/squid/patches/patch-src_Makefile_in b/www/squid/patches/patch-src_Makefile_in
index 369a62adced..d346b5fc91d 100644
--- a/www/squid/patches/patch-src_Makefile_in
+++ b/www/squid/patches/patch-src_Makefile_in
@@ -1,6 +1,6 @@
-$OpenBSD: patch-src_Makefile_in,v 1.8 2004/10/20 21:44:21 brad Exp $
---- src/Makefile.in.orig	Sat Sep 25 17:37:59 2004
-+++ src/Makefile.in	Wed Oct 20 16:45:55 2004
+$OpenBSD: patch-src_Makefile_in,v 1.9 2005/05/25 02:27:13 brad Exp $
+--- src/Makefile.in.orig	Sat Apr 23 20:12:08 2005
++++ src/Makefile.in	Wed May 18 18:11:44 2005
 @@ -33,7 +33,7 @@ bindir = @bindir@
  sbindir = @sbindir@
  libexecdir = @libexecdir@
@@ -10,18 +10,20 @@ $OpenBSD: patch-src_Makefile_in,v 1.8 2004/10/20 21:44:21 brad Exp $
  sharedstatedir = @sharedstatedir@
  localstatedir = @localstatedir@
  libdir = @libdir@
-@@ -373,8 +373,8 @@ EXTRA_DIST = \
+@@ -376,9 +376,9 @@ EXTRA_DIST = \
  
  
  DEFAULT_PREFIX = $(prefix)
 -DEFAULT_CONFIG_FILE = $(sysconfdir)/squid.conf
+-DEFAULT_CACHEMGR_CONFIG = $(sysconfdir)/cachemgr.conf
 -DEFAULT_MIME_TABLE = $(sysconfdir)/mime.conf
 +DEFAULT_CONFIG_FILE = $(prefix)/share/examples/squid/squid.conf
++DEFAULT_CACHEMGR_CONFIG = $(prefix)/share/examples/squid/cachemgr.conf
 +DEFAULT_MIME_TABLE = $(prefix)/share/examples/squid/mime.conf
  DEFAULT_DNSSERVER = $(libexecdir)/`echo dnsserver | sed '$(transform);s/$$/$(EXEEXT)/'`
  DEFAULT_LOG_PREFIX = $(localstatedir)/logs
  DEFAULT_CACHE_LOG = $(DEFAULT_LOG_PREFIX)/cache.log
-@@ -389,7 +389,7 @@ DEFAULT_ICON_DIR = $(datadir)/icons
+@@ -393,7 +393,7 @@ DEFAULT_ICON_DIR = $(datadir)/icons
  DEFAULT_ERROR_DIR = $(datadir)/errors/@ERR_DEFAULT_LANGUAGE@
  DEFAULT_MIB_PATH = $(datadir)/mib.txt
  
@@ -30,7 +32,7 @@ $OpenBSD: patch-src_Makefile_in,v 1.8 2004/10/20 21:44:21 brad Exp $
  
  
  # Don't automatically uninstall config files
-@@ -443,7 +443,7 @@ am_cachemgr__CGIEXT__OBJECTS = cachemgr.
+@@ -447,7 +447,7 @@ am_cachemgr__CGIEXT__OBJECTS = cachemgr_
  cachemgr__CGIEXT__OBJECTS = $(am_cachemgr__CGIEXT__OBJECTS)
  cachemgr__CGIEXT__LDADD = $(LDADD)
  cachemgr__CGIEXT__DEPENDENCIES =
@@ -39,7 +41,7 @@ $OpenBSD: patch-src_Makefile_in,v 1.8 2004/10/20 21:44:21 brad Exp $
  am_cf_gen_OBJECTS = cf_gen.$(OBJEXT)
  cf_gen_OBJECTS = $(am_cf_gen_OBJECTS)
  cf_gen_LDADD = $(LDADD)
-@@ -838,37 +838,37 @@ CCDEPMODE = @CCDEPMODE@
+@@ -856,37 +856,37 @@ CCDEPMODE = @CCDEPMODE@
  uninstall-info-am:
  install-dataDATA: $(data_DATA)
  	@$(NORMAL_INSTALL)
@@ -87,7 +89,7 @@ $OpenBSD: patch-src_Makefile_in,v 1.8 2004/10/20 21:44:21 brad Exp $
  	done
  
  # This directory's subdirectories are mostly independent; you can cd
-@@ -1002,7 +1002,7 @@ check: check-recursive
+@@ -1020,7 +1020,7 @@ check: check-recursive
  all-am: Makefile $(PROGRAMS) $(DATA)
  installdirs: installdirs-recursive
  installdirs-am:
@@ -96,7 +98,7 @@ $OpenBSD: patch-src_Makefile_in,v 1.8 2004/10/20 21:44:21 brad Exp $
  
  install: install-recursive
  install-exec: install-exec-recursive
-@@ -1126,7 +1126,7 @@ cf_gen_defines.h: $(srcdir)/cf_gen_defin
+@@ -1144,7 +1144,7 @@ cf_gen_defines.h: $(srcdir)/cf_gen_defin
  
  cf.data: cf.data.pre Makefile
  	sed "\
diff --git a/www/squid/patches/patch-src_cf_data_pre b/www/squid/patches/patch-src_cf_data_pre
index 473c5186581..7c35c6085d3 100644
--- a/www/squid/patches/patch-src_cf_data_pre
+++ b/www/squid/patches/patch-src_cf_data_pre
@@ -1,7 +1,7 @@
-$OpenBSD: patch-src_cf_data_pre,v 1.16 2004/10/20 21:44:21 brad Exp $
---- src/cf.data.pre.orig	Fri Oct  8 13:41:10 2004
-+++ src/cf.data.pre	Wed Oct 20 16:44:53 2004
-@@ -2425,7 +2425,7 @@ DOC_END
+$OpenBSD: patch-src_cf_data_pre,v 1.17 2005/05/25 02:27:13 brad Exp $
+--- src/cf.data.pre.orig	Tue May 10 19:08:40 2005
++++ src/cf.data.pre	Wed May 18 18:10:13 2005
+@@ -2446,7 +2446,7 @@ DOC_END
  
  NAME: cache_effective_user
  TYPE: string
@@ -10,7 +10,7 @@ $OpenBSD: patch-src_cf_data_pre,v 1.16 2004/10/20 21:44:21 brad Exp $
  LOC: Config.effectiveUser
  DOC_START
  	If you start Squid as root, it will change its effective/real
-@@ -2440,7 +2440,7 @@ DOC_END
+@@ -2461,7 +2461,7 @@ DOC_END
  
  NAME: cache_effective_group
  TYPE: string
diff --git a/www/squid/pkg/PLIST b/www/squid/pkg/PLIST
index 70538ce9dc3..341af498028 100644
--- a/www/squid/pkg/PLIST
+++ b/www/squid/pkg/PLIST
@@ -1,4 +1,4 @@
-@comment $OpenBSD: PLIST,v 1.21 2005/02/17 03:32:24 brad Exp $
+@comment $OpenBSD: PLIST,v 1.22 2005/05/25 02:27:13 brad Exp $
 @newgroup _squid:515
 @newuser _squid:515:_squid:daemon:Squid Account:/nonexistent:/sbin/nologin
 bin/RunAccel
@@ -12,10 +12,14 @@ libexec/ncsa_auth
 libexec/squid_unix_group
 libexec/unlinkd
 libexec/yp_auth
+@man man/man8/cachemgr.cgi.8
 @man man/man8/squid.8
 @man man/man8/squid_unix_group.8
 sbin/squid
 share/examples/squid/
+@sample ${SYSCONFDIR}/squid/
+share/examples/squid/cachemgr.conf
+@sample ${SYSCONFDIR}/squid/cachemgr.conf
 share/examples/squid/errors/
 @sample share/squid/errors/
 share/examples/squid/errors/Bulgarian/
@@ -1810,7 +1814,6 @@ share/examples/squid/icons/anthony-xbm.gif
 @sample share/squid/icons/anthony-xbm.gif
 share/examples/squid/icons/anthony-xpm.gif
 @sample share/squid/icons/anthony-xpm.gif
-@sample ${SYSCONFDIR}/squid/
 share/examples/squid/mib.txt
 @sample ${SYSCONFDIR}/squid/mib.txt
 share/examples/squid/mime.conf