cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
108,538 Commits 1 Branch 0 Tags
Commit Graph

277 Commits

Author SHA1 Message Date
sthen
eeede057c8 update to squid-3.5.13, a couple of fixes, mostly TLS-intercept-related 2016-01-10 20:09:58 +00:00
sthen
aa7f6d8dac update to squid-3.5.12 2015-11-30 10:26:16 +00:00
sthen
2a41ed34cd fix autoconf check which used SSLv3_method; results in assert failure in 
some ssl interception modes
 2015-11-04 15:39:55 +00:00
sthen
c9e2ff2014 update to squid-3.5.11 2015-11-02 17:21:55 +00:00
sthen
f712f64382 update to squid-3.5.10 2015-10-09 00:28:56 +00:00
sthen
83f88baaa6 bump REVISION to ensure the pkg version number in -current is above 
-stable, especially now that dirs have been reorganised.
 2015-09-30 08:56:27 +00:00
sthen
0f44ba58ad Update to squid-3.5.9, fixes problems with TLS/SSL parsing in configurations 
using SSL-Bump.

- int overflow with extension parsing: char << 8 into a short
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13915.patch

- {Client,Server}Hello parsing; when checking for TLS extensions, don't
check for bytes following compression_method in the _whole_ message, only
in the *Hello part ("does not account for the fact that the message may
contain more than just ServerHello").
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13915.patch
 2015-09-18 11:17:04 +00:00
sthen
f5d8cc22e3 drop accidentally-added .orig patch file. ports ignore these anyway so no bump. 2015-09-10 13:02:40 +00:00
sthen
6c2a6e4b95 Currently Squid 3.5 is considered stable. Rather than moving snapshot/* 
to stable/*, just drop back to a single version of squid in ports.
 2015-09-10 13:00:10 +00:00
sthen
cda9ae88c4 update to squid-3.5.8 and reenable -ntlm subpackage while there. 
(I have no way to test ntlmauth but it builds ok, reports welcome).
 2015-09-04 21:39:31 +00:00
sthen
1ae5691acb update to squid-3.5.8 and reenable -ntlm subpackage while there. 
(I have no way to test ntlmauth but it builds ok, reports welcome).
 2015-09-04 21:38:46 +00:00
sthen
8fb57d1a40 fix squid-3.5 build with OPENSSL_NO_SSL3, with help from jsing and 
the src/ssl/support.cc part is borrwed from jca's diff to squid-3.4
 2015-08-28 21:43:50 +00:00
jca
7056367d18 Additional fixes for SSLv3 removal. ok sthen@ (maintainer) 2015-08-28 11:45:39 +00:00
ajacoutot
b6c53696b5 /var/run content is already removed by /etc/rc, so no need to handle that in 
the package. If a /var/run/foo directory must exist for proper start of a
software, then the rc.d script should take care of it.
 2015-08-25 07:30:29 +00:00
sthen
19d3101693 add a secondary MASTER_SITES 2015-08-24 10:44:26 +00:00
sthen
1cb2abdb65 update to squid-3.5.7 2015-08-11 21:54:55 +00:00
sthen
0cf34d4698 SECURITY update to squid-3.4.14 
- Do not blindly forward cache peer CONNECT responses (CVE-2015-5400)
 2015-08-11 20:47:47 +00:00
sthen
682738c92b guard SSLv3_client_method with OPENSSL_NO_SSL3 2015-07-18 21:00:13 +00:00
sthen
809418b1bc update to squid 3.5.6 2015-07-06 13:43:06 +00:00
sthen
655c23489d update to squid-3.5.5 2015-06-11 14:57:30 +00:00
sthen
73094487fc don't pick up openpam if installed; dpb junking problem reported by aja. 
no bump needed, it is used to decide whether or not to build a helper app
that isn't packaged anyway.
 2015-06-06 23:08:22 +00:00
pascal
f0585aa4cf gcc4 bumps, reminded by aja@ 2015-05-28 10:17:22 +00:00
sthen
5507f6ccfa update to squid-3.5.4, fixing a certificate validation bypass issue 
in SSL-Bump configurations using "client-first" or "bump" modes.
This does not affect configurations that don't use SSL-Bump (this is
not something you are likely to have enabled by accident as it needs
fairly significant configuration).

http://www.squid-cache.org/Advisories/SQUID-2015_1.txt
 2015-05-04 11:04:24 +00:00
sthen
a2f2fe367e update to squid-3.4.13, fixing a certificate validation bypass issue 
in SSL-Bump configurations using "client-first" or "bump" modes.
This does not affect configurations that don't use SSL-Bump (this is
not something you are likely to have enabled by accident as it needs
fairly significant configuration).

http://www.squid-cache.org/Advisories/SQUID-2015_1.txt
 2015-05-04 11:04:08 +00:00
sthen
bae64ff4c6 update to squid-3.5.3, upstream have rolled in patches to build with libressl 2015-04-03 19:23:27 +00:00
sthen
fdff74eaaf add portroach limit 2015-03-16 09:16:17 +00:00
sthen
ffa0530eb6 update to squid-3.5.2 2015-03-14 21:07:04 +00:00
sthen
a0c780fe5c bugfix update to squid-3.4.12, including several crashes with debugging, 
and fix silent SSL/TLS failure on "split-stack" OS (i.e. using different
sockets for v4/v6, like us)
 2015-02-19 14:30:29 +00:00
sthen
647b551c25 update squid 3.5 branch to 3.5.1 and re-enable now that the horrible 
*_cipher_by_char API has been added back to libssl.
 2015-02-06 16:30:17 +00:00
sthen
244819fe9a update to squid 3.4.11 2015-01-19 08:35:43 +00:00
sthen
a3de8ff79f update squid/snapshot to 3.5.0.4 and mark BROKEN for now 2015-01-06 22:51:54 +00:00
sthen
b718a009bb disable squid/snapshot for now, the present version is stale, there are newer 
versions but they require some libressl compat work first
 2015-01-06 22:50:35 +00:00
sthen
868b4bdcb7 update to squid 3.4.10 and enable ssl-crtd 
Fixes a segmentation fault in ACLUrlPathStrategy::match which would
occur when urlpath_regex ACL was used in access controls to test
transactions where no URL path is available. eg CONNECT or OPTIONS
requests, some WebDAV requests, etc.
 2014-12-12 22:17:33 +00:00
sthen
192dd39297 Reduce warning spam during build now that we have le*toh. From sven falempin. 2014-12-09 21:44:29 +00:00
ajacoutot
d6aa8845b4 Bump daemon_timeout from 31 to 35. Default squid shutdown timeout is 30s, 
but we may be a bit slow, so give us some room.

ok sthen@ (maintainer)
 2014-11-17 14:02:19 +00:00
sthen
a5edcc6e38 update to squid 3.4.9 2014-11-07 01:00:01 +00:00
sthen
1a0439b56b update to squid-3.4.8, fix off by one in SNMP subsystem 
3.4.8 also fixes an issue with the standalone pinger process as described
in http://www.openwall.com/lists/oss-security/2014/09/16/6, but we don't have
that enabled in the port at present.
 2014-09-16 15:29:30 +00:00
sthen
546337cb98 SECURITY update to squid 3.4.7 - clients can perform a DoS due to 
incorrect input validation in range checking.

http://www.squid-cache.org/Advisories/SQUID-2014_2.txt
 2014-09-10 09:59:55 +00:00
ajacoutot
9ecb6ea3d9 /etc/rc.d -> ${RCDIR} 
(as pedantic and useless as /usr/local vs LOCALBASE|PREFIX but well...)

ok sthen@
 2014-07-19 22:36:13 +00:00
ajacoutot
bd5a8990d9 Drop local shutdown patch and set daemon_timeout="31". 
prodded by sthen@
 2014-07-09 14:19:58 +00:00
sthen
c6d998bb71 BUILD_DEPENDS+= works better if it's after a previous BUILD_DEPENDS 
rather than before it... found my naddy (and myself earlier but I didn't
see the problem then).
 2014-06-26 21:13:47 +00:00
sthen
130723b94e update squid/snapshot to squid-3.HEAD-20140626 2014-06-26 13:08:42 +00:00
sthen
065fc55d2f Update to squid-3.4.6, various fixes (especially for SSL-bump but some general 
ones). Includes some memory leak and segv fixes.
 2014-06-26 12:54:31 +00:00
sthen
7d9a5fdb74 remove leftovers 2014-06-16 21:39:57 +00:00
sthen
51bd12abbb add patch (committed upstrem) to fix an uninitialised use when %tg is used in 
a logformat config line.
 2014-05-19 11:29:01 +00:00
sthen
5102b6fb88 disable "rock" storeio backend, it doesn't currently work on OpenBSD (creates 
initial db file ok, but EMSGSIZE when trying to open at normal startup)
 2014-05-15 21:24:33 +00:00
sthen
fd5ba335ea don't pick up execinfo (dpb junking problem, reported by naddy) 2014-05-10 22:24:33 +00:00
sthen
5d181c2e95 add a comment about ac_cv_path_CPPUNITCONFIG=false which I may switch to 
instead of a build dep on cppunit when the devel version becomes stable.
 2014-05-09 10:06:46 +00:00
sthen
0d39e456e9 Add a build dependency on cppunit. Not required for Squid itself, but tests 
are enabled if it's present at configure time, and junking it mid-build
causes a failure. Found by espie@.
 2014-05-09 09:13:47 +00:00
sthen
0518f009de update squid/stable to 3.4.5 and squid/snapshot to 20140506-r13398. 
use ports/lang/gcc to build snapshot, squid will be moving to requiring
c++11 so let's build this with it already to get more experience.
squid/stable stays with base gcc for most arch for now.
 2014-05-07 20:52:06 +00:00