upgrade to 2.5.STABLE10

- Malicious users may spoof DNS lookups if the DNS client UDP port (random, assigned by OS at startup) is unfiltered and your network is not protected from IP spoofing. - CVE-1999-0710, adds access controls to the cachemgr.cgi script, preventing it from being abused to reach other servers than allowed in a local configuration file.
2005-05-25 02:27:13 +00:00 · 2005-05-25 02:27:13 +00:00 · 5359105907
commit 5359105907
parent 12ad1c83f0
8 changed files with 39 additions and 34 deletions
--- a/www/squid/Makefile
+++ b/www/squid/Makefile
@ -1,8 +1,8 @@
-# $OpenBSD: Makefile,v 1.72 2005/02/25 16:37:25 brad Exp $
+# $OpenBSD: Makefile,v 1.73 2005/05/25 02:27:13 brad Exp $

 COMMENT=	"WWW and FTP proxy cache and accelerator"

-DISTNAME=	squid-2.5.STABLE9
+DISTNAME=	squid-2.5.STABLE10
 CATEGORIES=	www
 MASTER_SITES=	${HOMEPAGE}Versions/v2/2.5/
 DIST_SUBDIR=	squid
--- a/www/squid/distinfo
+++ b/www/squid/distinfo
@ -1,4 +1,4 @@
-MD5 (squid/squid-2.5.STABLE9.tar.gz) = b0cf322157a7923c16b27bb12e4bf92f
-RMD160 (squid/squid-2.5.STABLE9.tar.gz) = edaf0aeaf2bc408afc5b38145a6f5cb1be3f33d4
-SHA1 (squid/squid-2.5.STABLE9.tar.gz) = c04f308f5e32068ca88eca96c8cdb01a76e965ea
-SIZE (squid/squid-2.5.STABLE9.tar.gz) = 1372326
+MD5 (squid/squid-2.5.STABLE10.tar.gz) = b74d7a0be462e9e3435ab771316385af
+RMD160 (squid/squid-2.5.STABLE10.tar.gz) = f33c343cb834075a1d6df7d0dd690721b62cfc22
+SHA1 (squid/squid-2.5.STABLE10.tar.gz) = 20682b8b5250592deb2a531df353f23e265456b5
+SIZE (squid/squid-2.5.STABLE10.tar.gz) = 1383522
--- a/www/squid/patches/patch-configure_in
+++ b/www/squid/patches/patch-configure_in
@ -1,7 +1,7 @@
-$OpenBSD: patch-configure_in,v 1.15 2004/10/20 21:44:21 brad Exp $
--- configure.in.orig	Mon Oct 11 16:27:03 2004
-+++ configure.in	Wed Oct 20 16:43:07 2004
-@@ -1633,18 +1633,6 @@ dnl during compile.
+$OpenBSD: patch-configure_in,v 1.16 2005/05/25 02:27:13 brad Exp $
+--- configure.in.orig	Mon May 16 18:41:14 2005
+++ configure.in	Wed May 18 18:10:12 2005
+@@ -1710,18 +1710,6 @@ dnl during compile.
 		;;
 esac
 
--- a/www/squid/patches/patch-errors_Makefile_in
+++ b/www/squid/patches/patch-errors_Makefile_in
@ -1,7 +1,7 @@
-$OpenBSD: patch-errors_Makefile_in,v 1.5 2004/07/11 17:00:47 brad Exp $
--- errors/Makefile.in.orig	Tue Jun  8 07:37:11 2004
-+++ errors/Makefile.in	Sun Jul 11 12:23:14 2004
-@@ -118,7 +118,7 @@ am__quote = @am__quote@
+$OpenBSD: patch-errors_Makefile_in,v 1.6 2005/05/25 02:27:13 brad Exp $
+--- errors/Makefile.in.orig	Fri Mar 18 19:55:41 2005
+++ errors/Makefile.in	Wed May 18 18:10:12 2005
+@@ -119,7 +119,7 @@ am__quote = @am__quote@
 install_sh = @install_sh@
 makesnmplib = @makesnmplib@
 
--- a/www/squid/patches/patch-icons_Makefile_in
+++ b/www/squid/patches/patch-icons_Makefile_in
@ -1,7 +1,7 @@
-$OpenBSD: patch-icons_Makefile_in,v 1.5 2004/07/11 17:00:47 brad Exp $
--- icons/Makefile.in.orig	Tue Jun  8 07:37:22 2004
-+++ icons/Makefile.in	Sun Jul 11 12:23:14 2004
-@@ -146,7 +146,7 @@ ICON2 = anthony-bomb.gif \
+$OpenBSD: patch-icons_Makefile_in,v 1.6 2005/05/25 02:27:13 brad Exp $
+--- icons/Makefile.in.orig	Fri Mar 18 19:55:51 2005
+++ icons/Makefile.in	Wed May 18 18:10:12 2005
+@@ -147,7 +147,7 @@ ICON2 = anthony-bomb.gif \
 		anthony-xpm.gif
 
 
--- a/www/squid/patches/patch-src_Makefile_in
+++ b/www/squid/patches/patch-src_Makefile_in
@ -1,6 +1,6 @@
-$OpenBSD: patch-src_Makefile_in,v 1.8 2004/10/20 21:44:21 brad Exp $
--- src/Makefile.in.orig	Sat Sep 25 17:37:59 2004
-+++ src/Makefile.in	Wed Oct 20 16:45:55 2004
+$OpenBSD: patch-src_Makefile_in,v 1.9 2005/05/25 02:27:13 brad Exp $
+--- src/Makefile.in.orig	Sat Apr 23 20:12:08 2005
+++ src/Makefile.in	Wed May 18 18:11:44 2005
@@ -33,7 +33,7 @@ bindir = @bindir@
 sbindir = @sbindir@
 libexecdir = @libexecdir@
@ -10,18 +10,20 @@ $OpenBSD: patch-src_Makefile_in,v 1.8 2004/10/20 21:44:21 brad Exp $
 sharedstatedir = @sharedstatedir@
 localstatedir = @localstatedir@
 libdir = @libdir@
-@@ -373,8 +373,8 @@ EXTRA_DIST = \
+@@ -376,9 +376,9 @@ EXTRA_DIST = \
 
 
 DEFAULT_PREFIX = $(prefix)
 -DEFAULT_CONFIG_FILE = $(sysconfdir)/squid.conf
+-DEFAULT_CACHEMGR_CONFIG = $(sysconfdir)/cachemgr.conf
 -DEFAULT_MIME_TABLE = $(sysconfdir)/mime.conf
 +DEFAULT_CONFIG_FILE = $(prefix)/share/examples/squid/squid.conf
+DEFAULT_CACHEMGR_CONFIG = $(prefix)/share/examples/squid/cachemgr.conf
 +DEFAULT_MIME_TABLE = $(prefix)/share/examples/squid/mime.conf
 DEFAULT_DNSSERVER = $(libexecdir)/`echo dnsserver | sed '$(transform);s/$$/$(EXEEXT)/'`
 DEFAULT_LOG_PREFIX = $(localstatedir)/logs
 DEFAULT_CACHE_LOG = $(DEFAULT_LOG_PREFIX)/cache.log
-@@ -389,7 +389,7 @@ DEFAULT_ICON_DIR = $(datadir)/icons
+@@ -393,7 +393,7 @@ DEFAULT_ICON_DIR = $(datadir)/icons
 DEFAULT_ERROR_DIR = $(datadir)/errors/@ERR_DEFAULT_LANGUAGE@
 DEFAULT_MIB_PATH = $(datadir)/mib.txt
 
@ -30,7 +32,7 @@ $OpenBSD: patch-src_Makefile_in,v 1.8 2004/10/20 21:44:21 brad Exp $
 
 
 # Don't automatically uninstall config files
-@@ -443,7 +443,7 @@ am_cachemgr__CGIEXT__OBJECTS = cachemgr.
+@@ -447,7 +447,7 @@ am_cachemgr__CGIEXT__OBJECTS = cachemgr_
 cachemgr__CGIEXT__OBJECTS = $(am_cachemgr__CGIEXT__OBJECTS)
 cachemgr__CGIEXT__LDADD = $(LDADD)
 cachemgr__CGIEXT__DEPENDENCIES =
@ -39,7 +41,7 @@ $OpenBSD: patch-src_Makefile_in,v 1.8 2004/10/20 21:44:21 brad Exp $
 am_cf_gen_OBJECTS = cf_gen.$(OBJEXT)
 cf_gen_OBJECTS = $(am_cf_gen_OBJECTS)
 cf_gen_LDADD = $(LDADD)
-@@ -838,37 +838,37 @@ CCDEPMODE = @CCDEPMODE@
+@@ -856,37 +856,37 @@ CCDEPMODE = @CCDEPMODE@
 uninstall-info-am:
 install-dataDATA: $(data_DATA)
 	@$(NORMAL_INSTALL)
@ -87,7 +89,7 @@ $OpenBSD: patch-src_Makefile_in,v 1.8 2004/10/20 21:44:21 brad Exp $
 	done
 
 # This directory's subdirectories are mostly independent; you can cd
-@@ -1002,7 +1002,7 @@ check: check-recursive
+@@ -1020,7 +1020,7 @@ check: check-recursive
 all-am: Makefile $(PROGRAMS) $(DATA)
 installdirs: installdirs-recursive
 installdirs-am:
@ -96,7 +98,7 @@ $OpenBSD: patch-src_Makefile_in,v 1.8 2004/10/20 21:44:21 brad Exp $
 
 install: install-recursive
 install-exec: install-exec-recursive
-@@ -1126,7 +1126,7 @@ cf_gen_defines.h: $(srcdir)/cf_gen_defin
+@@ -1144,7 +1144,7 @@ cf_gen_defines.h: $(srcdir)/cf_gen_defin
 
 cf.data: cf.data.pre Makefile
 	sed "\
--- a/www/squid/patches/patch-src_cf_data_pre
+++ b/www/squid/patches/patch-src_cf_data_pre
@ -1,7 +1,7 @@
-$OpenBSD: patch-src_cf_data_pre,v 1.16 2004/10/20 21:44:21 brad Exp $
--- src/cf.data.pre.orig	Fri Oct  8 13:41:10 2004
-+++ src/cf.data.pre	Wed Oct 20 16:44:53 2004
-@@ -2425,7 +2425,7 @@ DOC_END
+$OpenBSD: patch-src_cf_data_pre,v 1.17 2005/05/25 02:27:13 brad Exp $
+--- src/cf.data.pre.orig	Tue May 10 19:08:40 2005
+++ src/cf.data.pre	Wed May 18 18:10:13 2005
+@@ -2446,7 +2446,7 @@ DOC_END
 
 NAME: cache_effective_user
 TYPE: string
@ -10,7 +10,7 @@ $OpenBSD: patch-src_cf_data_pre,v 1.16 2004/10/20 21:44:21 brad Exp $
 LOC: Config.effectiveUser
 DOC_START
 	If you start Squid as root, it will change its effective/real
-@@ -2440,7 +2440,7 @@ DOC_END
+@@ -2461,7 +2461,7 @@ DOC_END
 
 NAME: cache_effective_group
 TYPE: string
--- a/www/squid/pkg/PLIST
+++ b/www/squid/pkg/PLIST
@ -1,4 +1,4 @@
-@comment $OpenBSD: PLIST,v 1.21 2005/02/17 03:32:24 brad Exp $
+@comment $OpenBSD: PLIST,v 1.22 2005/05/25 02:27:13 brad Exp $
@newgroup _squid:515
@newuser _squid:515:_squid:daemon:Squid Account:/nonexistent:/sbin/nologin
 bin/RunAccel
@ -12,10 +12,14 @@ libexec/ncsa_auth
 libexec/squid_unix_group
 libexec/unlinkd
 libexec/yp_auth
+@man man/man8/cachemgr.cgi.8
@man man/man8/squid.8
@man man/man8/squid_unix_group.8
 sbin/squid
 share/examples/squid/
+@sample ${SYSCONFDIR}/squid/
+share/examples/squid/cachemgr.conf
+@sample ${SYSCONFDIR}/squid/cachemgr.conf
 share/examples/squid/errors/
@sample share/squid/errors/
 share/examples/squid/errors/Bulgarian/
@ -1810,7 +1814,6 @@ share/examples/squid/icons/anthony-xbm.gif
@sample share/squid/icons/anthony-xbm.gif
 share/examples/squid/icons/anthony-xpm.gif
@sample share/squid/icons/anthony-xpm.gif
-@sample ${SYSCONFDIR}/squid/
 share/examples/squid/mib.txt
@sample ${SYSCONFDIR}/squid/mib.txt
 share/examples/squid/mime.conf