Fri Jun 19 13:44:28 2020 UTC ()
www/squid4: update to 4.12

Update squid4 to 4.12 (Squid 4.12).  This release includes fix for
CVE-2020-14058:   <http://www.squid-cache.org/Advisories/SQUID-2020_6.txt>.

Changes to squid-4.12 (05 Jun 2020):

	- Regression Fix: Revert to slow search for new SMP shm pages
	- Bug 5045: ext_edirectory_userip_acl is missing include files
	- Bug 5041: Missing Debug::Extra breaks build on hosts with systemd
	- Bug 5030: Negative responses are never cached
	- HTTP: validate Content-Length value prefix
	- HTTP: add flexible RFC 3986 URI encoder
	- SslBump: disable OpenSSL TLSv1.3 support for older TLS traffic
	- Tests: Support passing a custom config.cache to test builds
	- Fix IPFilter IPv6 detection, especially on NetBSD
	- Fix stall if transaction overwrites a recently active cache entry
	- ... and some compile fixes


(taca)
diff -r1.9 -r1.10 pkgsrc/www/squid4/Makefile
diff -r1.6 -r1.7 pkgsrc/www/squid4/distinfo
diff -r1.2 -r0 pkgsrc/www/squid4/patches/patch-acinclude_os-deps.m4
diff -r1.5 -r1.6 pkgsrc/www/squid4/patches/patch-configure
diff -r1.1 -r0 pkgsrc/www/squid4/patches/patch-src_ip_Intercept.cc
cvs diff -r1.9 -r1.10 pkgsrc/www/squid4/Makefile (expand / switch to unified diff)

--- pkgsrc/www/squid4/Makefile 2020/05/22 10:56:47 1.9
+++ pkgsrc/www/squid4/Makefile 2020/06/19 13:44:28 1.10
@@ -1,17 +1,16 @@ @@ -1,17 +1,16 @@
1# $NetBSD: Makefile,v 1.9 2020/05/22 10:56:47 adam Exp $ 1# $NetBSD: Makefile,v 1.10 2020/06/19 13:44:28 taca Exp $
2 2
3DISTNAME= squid-4.11 3DISTNAME= squid-4.12
4PKGREVISION= 2 
5CATEGORIES= www 4CATEGORIES= www
6MASTER_SITES= http://www.squid-cache.org/Versions/v4/ 5MASTER_SITES= http://www.squid-cache.org/Versions/v4/
7MASTER_SITES+= ftp://ftp.squid-cache.org/pub/squid/ 6MASTER_SITES+= ftp://ftp.squid-cache.org/pub/squid/
8MASTER_SITES+= ftp://ftp.squid-cache.org/pub/archive/4/ 7MASTER_SITES+= ftp://ftp.squid-cache.org/pub/archive/4/
9EXTRACT_SUFX= .tar.xz 8EXTRACT_SUFX= .tar.xz
10 9
11MAINTAINER= pkgsrc-users@NetBSD.org 10MAINTAINER= pkgsrc-users@NetBSD.org
12HOMEPAGE= http://www.squid-cache.org/ 11HOMEPAGE= http://www.squid-cache.org/
13COMMENT= Post-Harvest_cached WWW proxy cache and accelerator 12COMMENT= Post-Harvest_cached WWW proxy cache and accelerator
14LICENSE= gnu-gpl-v2 13LICENSE= gnu-gpl-v2
15 14
16USE_LANGUAGES= c c++11 15USE_LANGUAGES= c c++11
17USE_TOOLS+= perl:run gmake 16USE_TOOLS+= perl:run gmake
cvs diff -r1.6 -r1.7 pkgsrc/www/squid4/distinfo (expand / switch to unified diff)

--- pkgsrc/www/squid4/distinfo 2020/04/23 13:52:24 1.6
+++ pkgsrc/www/squid4/distinfo 2020/06/19 13:44:28 1.7
@@ -1,16 +1,14 @@ @@ -1,16 +1,14 @@
1$NetBSD: distinfo,v 1.6 2020/04/23 13:52:24 mef Exp $ 1$NetBSD: distinfo,v 1.7 2020/06/19 13:44:28 taca Exp $
2 2
3SHA1 (squid-4.11.tar.xz) = 053277bf5497163ffc9261b9807abda5959bb6fc 3SHA1 (squid-4.12.tar.xz) = 316b8a343aa542b5e7469d33b9d726bee00679c6
4RMD160 (squid-4.11.tar.xz) = 14392a0e6a5b44c0673bcc37b5753d274762b10e 4RMD160 (squid-4.12.tar.xz) = 5d593efe84ca34c39a21bab523e75621dec4e9bb
5SHA512 (squid-4.11.tar.xz) = 02d4bb4d5860124347670615e69b1b92be7ea4fc0131e54091a06cb2e67bd73583d8e6cbe472473f0c59764611a49561d02ab9fe2bf0305ce4652d4ec7714f26 5SHA512 (squid-4.12.tar.xz) = 96fa700a0c28711eb1ec5e44e1d324dc8d3accdddbc675def8babe057e2cc71083bd3817bc37cbd9f3c03772743df578573ee3698bbd6131df68c3580ad31ef4
6Size (squid-4.11.tar.xz) = 2447700 bytes 6Size (squid-4.12.tar.xz) = 2450564 bytes
7SHA1 (patch-acinclude_os-deps.m4) = 7af769f4df2c8293bec0be1fb4c222da35aa3fee 
8SHA1 (patch-compat_compat.h) = 839381a5e1f46e7d9b822bbb53d82a53c996ddc0 7SHA1 (patch-compat_compat.h) = 839381a5e1f46e7d9b822bbb53d82a53c996ddc0
9SHA1 (patch-configure) = 24ae8657741697f4170c5e41657b07715956de95 8SHA1 (patch-configure) = 0d204989666c36172f0765f2a44766d9194c7bb2
10SHA1 (patch-errors_Makefile.in) = 84cbf5c836f02ed5fbfff140888c6d3aadeac326 9SHA1 (patch-errors_Makefile.in) = 84cbf5c836f02ed5fbfff140888c6d3aadeac326
11SHA1 (patch-src_Makefile.in) = afc5aefd97c46d1ffab43e97aeaeade3a5a8c648 10SHA1 (patch-src_Makefile.in) = afc5aefd97c46d1ffab43e97aeaeade3a5a8c648
12SHA1 (patch-src_acl_external_kerberos__ldap__group_support__resolv.cc) = 0ea41d55e32d689a16e012391a9eea67631daf3a 11SHA1 (patch-src_acl_external_kerberos__ldap__group_support__resolv.cc) = 0ea41d55e32d689a16e012391a9eea67631daf3a
13SHA1 (patch-src_comm_ModKqueue.cc) = d8c5d235f07a48731275101d60fcbf2e22f77b96 12SHA1 (patch-src_comm_ModKqueue.cc) = d8c5d235f07a48731275101d60fcbf2e22f77b96
14SHA1 (patch-src_fs_ufs_RebuildState.h) = 76ee5c437b3dad05e428ae89cd5af6c052a40e59 13SHA1 (patch-src_fs_ufs_RebuildState.h) = 76ee5c437b3dad05e428ae89cd5af6c052a40e59
15SHA1 (patch-src_ip_Intercept.cc) = dd24a402f3634d156ecaeb4eae815b21c7a0adfa 
16SHA1 (patch-tools_Makefile.in) = d098c0c9dc4af577f74e562d99f07ed98be5ae01 14SHA1 (patch-tools_Makefile.in) = d098c0c9dc4af577f74e562d99f07ed98be5ae01
File Deleted: pkgsrc/www/squid4/patches/Attic/patch-acinclude_os-deps.m4
cvs diff -r1.5 -r1.6 pkgsrc/www/squid4/patches/patch-configure (expand / switch to unified diff)

--- pkgsrc/www/squid4/patches/patch-configure 2020/04/23 13:52:24 1.5
+++ pkgsrc/www/squid4/patches/patch-configure 2020/06/19 13:44:28 1.6
@@ -1,50 +1,48 @@ @@ -1,50 +1,48 @@
1$NetBSD: patch-configure,v 1.5 2020/04/23 13:52:24 mef Exp $ 1$NetBSD: patch-configure,v 1.6 2020/06/19 13:44:28 taca Exp $
2 2
3* More support for OpenSSL 1.1; not only check SSL_Library_init() but 3* More support for OpenSSL 1.1; not only check SSL_Library_init() but
4 also check OPENSSL_init_ssl(). 4 also check OPENSSL_init_ssl().
5* Fix syntax error by accidental new line. 5* Fix syntax error by accidental new line.
6* Utilize <stdlib.h> on BSD. 6* Utilize <stdlib.h> on BSD.
7* Do not override CFLAGS/CXXFLAGS except linux. 7* Do not override CFLAGS/CXXFLAGS except linux.
8* Fix detection of IPv6 NAT in IPFilter by including correct headers 
9 and generating correct #defines without trailing underscores 
10 8
11--- configure.orig 2020-01-20 02:51:59.000000000 +0000 9--- configure.orig 2020-06-09 07:15:48.000000000 +0000
12+++ configure 2020-04-09 16:05:04.000000000 +0100 10+++ configure
13@@ -23201,10 +23201,12 @@ 11@@ -23226,10 +23226,12 @@ do
14 done 12 done
15  13
16 # GLIBC 2.30 deprecates sysctl.h. Test with the same flags that (may) break includes later. 14 # GLIBC 2.30 deprecates sysctl.h. Test with the same flags that (may) break includes later.
17- CFLAGS=$SQUID_CFLAGS 15- CFLAGS=$SQUID_CFLAGS
18- CXXFLAGS=$SQUID_CXXFLAGS 16- CXXFLAGS=$SQUID_CXXFLAGS
19 case "$squid_host_os" in 17 case "$squid_host_os" in
20- linux|solaris|freebsd|openbsd|netbsd|cygwin) 18- linux|solaris|freebsd|openbsd|netbsd|cygwin)
21+ linux) 19+ linux)
22+ CFLAGS=$SQUID_CFLAGS 20+ CFLAGS=$SQUID_CFLAGS
23+ CXXFLAGS=$SQUID_CXXFLAGS 21+ CXXFLAGS=$SQUID_CXXFLAGS
24+ ;; 22+ ;;
25+ solaris|freebsd|openbsd|netbsd|cygwin) 23+ solaris|freebsd|openbsd|netbsd|cygwin)
26 ${TRUE} 24 ${TRUE}
27 ;; 25 ;;
28 mingw) 26 mingw)
29@@ -23244,6 +23246,7 @@ 27@@ -23269,6 +23271,7 @@ done
30 do : 28 do :
31 as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` 29 as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
32 ac_fn_cxx_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" " 30 ac_fn_cxx_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "
33+#include <stdio.h> 31+#include <stdio.h>
34 #include <sys/types.h> 32 #include <sys/types.h>
35 #include <sys/socket.h> 33 #include <sys/socket.h>
36  34
37@@ -24080,7 +24083,51 @@ 35@@ -24105,7 +24108,51 @@ if test "x$ac_cv_lib_ssl_SSL_CTX_new" =
38 LIBOPENSSL_LIBS="-lssl $LIBOPENSSL_LIBS" 36 LIBOPENSSL_LIBS="-lssl $LIBOPENSSL_LIBS"
39 else 37 else
40  38
41- as_fn_error $? "library 'ssl' is required for OpenSSL" "$LINENO" 5 39- as_fn_error $? "library 'ssl' is required for OpenSSL" "$LINENO" 5
42+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OPENSSL_init_ssl in -lssl" >&5 40+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OPENSSL_init_ssl in -lssl" >&5
43+$as_echo_n "checking for OPENSSL_init_ssl in -lssl... " >&6; } 41+$as_echo_n "checking for OPENSSL_init_ssl in -lssl... " >&6; }
44+if ${ac_cv_lib_ssl_OPENSSL_init_ssl+:} false; then : 42+if ${ac_cv_lib_ssl_OPENSSL_init_ssl+:} false; then :
45+ $as_echo_n "(cached) " >&6 43+ $as_echo_n "(cached) " >&6
46+else 44+else
47+ ac_check_lib_save_LIBS=$LIBS 45+ ac_check_lib_save_LIBS=$LIBS
48+LIBS="-lssl $LIBOPENSSL_LIBS $LIBS" 46+LIBS="-lssl $LIBOPENSSL_LIBS $LIBS"
49+cat confdefs.h - <<_ACEOF >conftest.$ac_ext 47+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
50+/* end confdefs.h. */ 48+/* end confdefs.h. */
@@ -77,27 +75,27 @@ $NetBSD: patch-configure,v 1.5 2020/04/2 @@ -77,27 +75,27 @@ $NetBSD: patch-configure,v 1.5 2020/04/2
77+$as_echo "$ac_cv_lib_ssl_OPENSSL_init_ssl" >&6; } 75+$as_echo "$ac_cv_lib_ssl_OPENSSL_init_ssl" >&6; }
78+if test "x$ac_cv_lib_ssl_OPENSSL_init_ssl" = xyes; then : 76+if test "x$ac_cv_lib_ssl_OPENSSL_init_ssl" = xyes; then :
79+ LIBOPENSSL_LIBS="-lssl $LIBOPENSSL_LIBS" 77+ LIBOPENSSL_LIBS="-lssl $LIBOPENSSL_LIBS"
80+else 78+else
81+ 79+
82+ as_fn_error $? "library 'ssl' is required for OpenSSL" "$LINENO" 5 80+ as_fn_error $? "library 'ssl' is required for OpenSSL" "$LINENO" 5
83+ 81+
84+fi 82+fi
85+ 83+
86+ 84+
87  85
88 fi 86 fi
89  87
90@@ -24183,7 +24230,51 @@ 88@@ -24208,7 +24255,51 @@ if test "x$ac_cv_lib_ssl_SSL_CTX_new" =
91 LIBOPENSSL_LIBS="-lssl $LIBOPENSSL_LIBS" 89 LIBOPENSSL_LIBS="-lssl $LIBOPENSSL_LIBS"
92 else 90 else
93  91
94- as_fn_error $? "library 'ssl' is required for OpenSSL" "$LINENO" 5 92- as_fn_error $? "library 'ssl' is required for OpenSSL" "$LINENO" 5
95+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OPENSSL_init_ssl in -lssl" >&5 93+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OPENSSL_init_ssl in -lssl" >&5
96+$as_echo_n "checking for OPENSSL_init_ssl in -lssl... " >&6; } 94+$as_echo_n "checking for OPENSSL_init_ssl in -lssl... " >&6; }
97+if ${ac_cv_lib_ssl_OPENSSL_init_ssl+:} false; then : 95+if ${ac_cv_lib_ssl_OPENSSL_init_ssl+:} false; then :
98+ $as_echo_n "(cached) " >&6 96+ $as_echo_n "(cached) " >&6
99+else 97+else
100+ ac_check_lib_save_LIBS=$LIBS 98+ ac_check_lib_save_LIBS=$LIBS
101+LIBS="-lssl $LIBOPENSSL_LIBS $LIBS" 99+LIBS="-lssl $LIBOPENSSL_LIBS $LIBS"
102+cat confdefs.h - <<_ACEOF >conftest.$ac_ext 100+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
103+/* end confdefs.h. */ 101+/* end confdefs.h. */
@@ -130,81 +128,32 @@ $NetBSD: patch-configure,v 1.5 2020/04/2 @@ -130,81 +128,32 @@ $NetBSD: patch-configure,v 1.5 2020/04/2
130+$as_echo "$ac_cv_lib_ssl_OPENSSL_init_ssl" >&6; } 128+$as_echo "$ac_cv_lib_ssl_OPENSSL_init_ssl" >&6; }
131+if test "x$ac_cv_lib_ssl_OPENSSL_init_ssl" = xyes; then : 129+if test "x$ac_cv_lib_ssl_OPENSSL_init_ssl" = xyes; then :
132+ LIBOPENSSL_LIBS="-lssl $LIBOPENSSL_LIBS" 130+ LIBOPENSSL_LIBS="-lssl $LIBOPENSSL_LIBS"
133+else 131+else
134+ 132+
135+ as_fn_error $? "library 'ssl' is required for OpenSSL" "$LINENO" 5 133+ as_fn_error $? "library 'ssl' is required for OpenSSL" "$LINENO" 5
136+ 134+
137+fi 135+fi
138+ 136+
139+ 137+
140  138
141 fi 139 fi
142  140
143@@ -39234,6 +39325,8 @@ 141@@ -39571,6 +39662,8 @@ else
144 # ifdef _MSC_VER 142 # ifdef _MSC_VER
145 # include <malloc.h> 143 # include <malloc.h>
146 # define alloca _alloca 144 # define alloca _alloca
147+# elif defined(__NetBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) || defined(__OpenBSD__) 145+# elif defined(__NetBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) || defined(__OpenBSD__)
148+# include <stdlib.h> 146+# include <stdlib.h>
149 # else 147 # else
150 # ifdef HAVE_ALLOCA_H 148 # ifdef HAVE_ALLOCA_H
151 # include <alloca.h> 149 # include <alloca.h>
152@@ -42021,6 +42114,9 @@ 150@@ -42313,6 +42406,9 @@ ac_fn_cxx_check_header_compile "$LINENO"
153 #if USE_SOLARIS_IPFILTER_MINOR_T_HACK 151 #if USE_SOLARIS_IPFILTER_MINOR_T_HACK
154 #define minor_t fubar 152 #define minor_t fubar
155 #endif 153 #endif
156+#if HAVE_SYS_PARAM_H 154+#if HAVE_SYS_PARAM_H
157+#include <sys/param.h> 155+#include <sys/param.h>
158+#endif 156+#endif
159 #if HAVE_SYS_TYPES_H 157 #if HAVE_SYS_TYPES_H
160 #include <sys/types.h> 158 #include <sys/types.h>
161 #endif 159 #endif
162@@ -42046,7 +42142,11 @@ 
163 #elif HAVE_NETINET_IP_FIL_H 
164 #include <netinet/ip_fil.h> 
165 #endif 
166+#if HAVE_IP_NAT_H 
167 #include <ip_nat.h> 
168+#elif HAVE_NETINET_IP_NAT_H 
169+#include <netinet/ip_nat.h> 
170+#endif 
171  
172 " 
173 if test "x$ac_cv_member_struct_natlookup_nl_inipaddr_in6" = xyes; then : 
174@@ -42057,11 +42157,14 @@ 
175  
176  
177 fi 
178-ac_fn_cxx_check_member "$LINENO" "struct natlookup" "nl_realipaddr.in6" 
179- "ac_cv_member_struct_natlookup_nl_realipaddr_in6___" " 
180+ac_fn_cxx_check_member "$LINENO" "struct natlookup" "nl_realipaddr.in6" \ 
181+ "ac_cv_member_struct_natlookup_nl_realipaddr_in6" " 
182 #if USE_SOLARIS_IPFILTER_MINOR_T_HACK 
183 #define minor_t fubar 
184 #endif 
185+#if HAVE_SYS_PARAM_H 
186+#include <sys/param.h> 
187+#endif 
188 #if HAVE_SYS_TYPES_H 
189 #include <sys/types.h> 
190 #endif 
191@@ -42087,13 +42190,17 @@ 
192 #elif HAVE_NETINET_IP_FIL_H 
193 #include <netinet/ip_fil.h> 
194 #endif 
195+#if HAVE_IP_NAT_H 
196 #include <ip_nat.h> 
197+#elif HAVE_NETINET_IP_NAT_H 
198+#include <netinet/ip_nat.h> 
199+#endif 
200  
201 " 
202-if test "x$ac_cv_member_struct_natlookup_nl_realipaddr_in6___" = xyes; then : 
203+if test "x$ac_cv_member_struct_natlookup_nl_realipaddr_in6" = xyes; then : 
204  
205 cat >>confdefs.h <<_ACEOF 
206-#define HAVE_STRUCT_NATLOOKUP_NL_REALIPADDR_IN6___ 1 
207+#define HAVE_STRUCT_NATLOOKUP_NL_REALIPADDR_IN6 1 
208 _ACEOF 
209  
210  
File Deleted: pkgsrc/www/squid4/patches/Attic/patch-src_ip_Intercept.cc