cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
104,059 Commits 1 Branch 0 Tags
Commit Graph

266 Commits

Author SHA1 Message Date
sthen
8fb57d1a40 fix squid-3.5 build with OPENSSL_NO_SSL3, with help from jsing and 
the src/ssl/support.cc part is borrwed from jca's diff to squid-3.4
 2015-08-28 21:43:50 +00:00
jca
7056367d18 Additional fixes for SSLv3 removal. ok sthen@ (maintainer) 2015-08-28 11:45:39 +00:00
ajacoutot
b6c53696b5 /var/run content is already removed by /etc/rc, so no need to handle that in 
the package. If a /var/run/foo directory must exist for proper start of a
software, then the rc.d script should take care of it.
 2015-08-25 07:30:29 +00:00
sthen
19d3101693 add a secondary MASTER_SITES 2015-08-24 10:44:26 +00:00
sthen
1cb2abdb65 update to squid-3.5.7 2015-08-11 21:54:55 +00:00
sthen
0cf34d4698 SECURITY update to squid-3.4.14 
- Do not blindly forward cache peer CONNECT responses (CVE-2015-5400)
 2015-08-11 20:47:47 +00:00
sthen
682738c92b guard SSLv3_client_method with OPENSSL_NO_SSL3 2015-07-18 21:00:13 +00:00
sthen
809418b1bc update to squid 3.5.6 2015-07-06 13:43:06 +00:00
sthen
655c23489d update to squid-3.5.5 2015-06-11 14:57:30 +00:00
sthen
73094487fc don't pick up openpam if installed; dpb junking problem reported by aja. 
no bump needed, it is used to decide whether or not to build a helper app
that isn't packaged anyway.
 2015-06-06 23:08:22 +00:00
pascal
f0585aa4cf gcc4 bumps, reminded by aja@ 2015-05-28 10:17:22 +00:00
sthen
5507f6ccfa update to squid-3.5.4, fixing a certificate validation bypass issue 
in SSL-Bump configurations using "client-first" or "bump" modes.
This does not affect configurations that don't use SSL-Bump (this is
not something you are likely to have enabled by accident as it needs
fairly significant configuration).

http://www.squid-cache.org/Advisories/SQUID-2015_1.txt
 2015-05-04 11:04:24 +00:00
sthen
a2f2fe367e update to squid-3.4.13, fixing a certificate validation bypass issue 
in SSL-Bump configurations using "client-first" or "bump" modes.
This does not affect configurations that don't use SSL-Bump (this is
not something you are likely to have enabled by accident as it needs
fairly significant configuration).

http://www.squid-cache.org/Advisories/SQUID-2015_1.txt
 2015-05-04 11:04:08 +00:00
sthen
bae64ff4c6 update to squid-3.5.3, upstream have rolled in patches to build with libressl 2015-04-03 19:23:27 +00:00
sthen
fdff74eaaf add portroach limit 2015-03-16 09:16:17 +00:00
sthen
ffa0530eb6 update to squid-3.5.2 2015-03-14 21:07:04 +00:00
sthen
a0c780fe5c bugfix update to squid-3.4.12, including several crashes with debugging, 
and fix silent SSL/TLS failure on "split-stack" OS (i.e. using different
sockets for v4/v6, like us)
 2015-02-19 14:30:29 +00:00
sthen
647b551c25 update squid 3.5 branch to 3.5.1 and re-enable now that the horrible 
*_cipher_by_char API has been added back to libssl.
 2015-02-06 16:30:17 +00:00
sthen
244819fe9a update to squid 3.4.11 2015-01-19 08:35:43 +00:00
sthen
a3de8ff79f update squid/snapshot to 3.5.0.4 and mark BROKEN for now 2015-01-06 22:51:54 +00:00
sthen
b718a009bb disable squid/snapshot for now, the present version is stale, there are newer 
versions but they require some libressl compat work first
 2015-01-06 22:50:35 +00:00
sthen
868b4bdcb7 update to squid 3.4.10 and enable ssl-crtd 
Fixes a segmentation fault in ACLUrlPathStrategy::match which would
occur when urlpath_regex ACL was used in access controls to test
transactions where no URL path is available. eg CONNECT or OPTIONS
requests, some WebDAV requests, etc.
 2014-12-12 22:17:33 +00:00
sthen
192dd39297 Reduce warning spam during build now that we have le*toh. From sven falempin. 2014-12-09 21:44:29 +00:00
ajacoutot
d6aa8845b4 Bump daemon_timeout from 31 to 35. Default squid shutdown timeout is 30s, 
but we may be a bit slow, so give us some room.

ok sthen@ (maintainer)
 2014-11-17 14:02:19 +00:00
sthen
a5edcc6e38 update to squid 3.4.9 2014-11-07 01:00:01 +00:00
sthen
1a0439b56b update to squid-3.4.8, fix off by one in SNMP subsystem 
3.4.8 also fixes an issue with the standalone pinger process as described
in http://www.openwall.com/lists/oss-security/2014/09/16/6, but we don't have
that enabled in the port at present.
 2014-09-16 15:29:30 +00:00
sthen
546337cb98 SECURITY update to squid 3.4.7 - clients can perform a DoS due to 
incorrect input validation in range checking.

http://www.squid-cache.org/Advisories/SQUID-2014_2.txt
 2014-09-10 09:59:55 +00:00
ajacoutot
9ecb6ea3d9 /etc/rc.d -> ${RCDIR} 
(as pedantic and useless as /usr/local vs LOCALBASE|PREFIX but well...)

ok sthen@
 2014-07-19 22:36:13 +00:00
ajacoutot
bd5a8990d9 Drop local shutdown patch and set daemon_timeout="31". 
prodded by sthen@
 2014-07-09 14:19:58 +00:00
sthen
c6d998bb71 BUILD_DEPENDS+= works better if it's after a previous BUILD_DEPENDS 
rather than before it... found my naddy (and myself earlier but I didn't
see the problem then).
 2014-06-26 21:13:47 +00:00
sthen
130723b94e update squid/snapshot to squid-3.HEAD-20140626 2014-06-26 13:08:42 +00:00
sthen
065fc55d2f Update to squid-3.4.6, various fixes (especially for SSL-bump but some general 
ones). Includes some memory leak and segv fixes.
 2014-06-26 12:54:31 +00:00
sthen
7d9a5fdb74 remove leftovers 2014-06-16 21:39:57 +00:00
sthen
51bd12abbb add patch (committed upstrem) to fix an uninitialised use when %tg is used in 
a logformat config line.
 2014-05-19 11:29:01 +00:00
sthen
5102b6fb88 disable "rock" storeio backend, it doesn't currently work on OpenBSD (creates 
initial db file ok, but EMSGSIZE when trying to open at normal startup)
 2014-05-15 21:24:33 +00:00
sthen
fd5ba335ea don't pick up execinfo (dpb junking problem, reported by naddy) 2014-05-10 22:24:33 +00:00
sthen
5d181c2e95 add a comment about ac_cv_path_CPPUNITCONFIG=false which I may switch to 
instead of a build dep on cppunit when the devel version becomes stable.
 2014-05-09 10:06:46 +00:00
sthen
0d39e456e9 Add a build dependency on cppunit. Not required for Squid itself, but tests 
are enabled if it's present at configure time, and junking it mid-build
causes a failure. Found by espie@.
 2014-05-09 09:13:47 +00:00
sthen
0518f009de update squid/stable to 3.4.5 and squid/snapshot to 20140506-r13398. 
use ports/lang/gcc to build snapshot, squid will be moving to requiring
c++11 so let's build this with it already to get more experience.
squid/stable stays with base gcc for most arch for now.
 2014-05-07 20:52:06 +00:00
sthen
accef96e34 un-revert previous revert, and add a patch from upstream to fix https tunnels 2014-04-26 12:06:52 +00:00
sthen
01cf8eec5e partially revert upstream commit to fix failures with https CONNECT 
introduced in 3.4.4.2

http://bugs.squid-cache.org/show_bug.cgi?id=4051
 2014-04-26 10:34:04 +00:00
sthen
441a9c2a35 update squid/stable to 3.4.4.2, move some now-common pieces up into 
squid/Makefile.inc, and regen PLISTs with @commented pieces from PLIST-ntlm
to avoid problems with future regens if samba is installed.
 2014-04-24 14:26:21 +00:00
sthen
877f724b3e disable ntlm subpackage for now, it depends on samba,ads 2014-04-21 23:37:55 +00:00
sthen
19137831c2 disable kerberos 2014-04-21 20:29:50 +00:00
sthen
08667fdeed remove dead patch files 2014-04-21 19:22:06 +00:00
ajacoutot
cfe4be35c5 No need to explicitely SUBST_VARS LOCALSTATEDIR anymore. 2014-04-15 08:53:04 +00:00
sthen
7fc1244a3e adjust autoconf test to check for working 64-bit atomic ops (which is not the 
case on i386 without using -march=i586 or higher), and remove BROKEN-i386
 2014-04-13 21:41:00 +00:00
sthen
838bf67e0b update to newer snapshot of squid, and mark BROKEN-i386 for now - stable 
version is unaffected. (If atomic ops are available at all, it wants 64-bit
ops; http://permalink.gmane.org/gmane.comp.web.squid.devel/22453)
 2014-04-13 12:38:37 +00:00
sthen
8341c987d2 missed a bump when I moved this from snapshots/ to stable/, thanks naddy@ 2014-04-09 19:47:51 +00:00
sthen
5d4f1010d1 switch squid/stable to the 3.4 branch, and update squid/snapshot to a 
recent snapshot from the 3.5 branch
 2014-04-08 12:22:48 +00:00