Index: head/www/squid/Makefile =================================================================== --- head/www/squid/Makefile (revision 412286) +++ head/www/squid/Makefile (revision 412287) @@ -1,365 +1,391 @@ # $FreeBSD$ PORTNAME= squid PORTVERSION= 3.5.15 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= www ipv6 MASTER_SITES= http://www.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \ http://www2.us.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \ http://www1.at.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \ http://www.eu.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \ http://www1.jp.squid-cache.org/Versions/v3/${PORTVERSION:R}/ DIST_SUBDIR= squid${PORTVERSION:R} PATCH_SITES= http://www.squid-cache.org/%SUBDIR%/ \ http://www2.us.squid-cache.org/%SUBDIR%/ \ http://www1.at.squid-cache.org/%SUBDIR%/ \ http://www.eu.squid-cache.org/%SUBDIR%/ \ http://www1.jp.squid-cache.org/%SUBDIR%/ \ http://master.squid-cache.org/~amosjeffries/patches/:nosid PATCH_SITE_SUBDIR= Versions/v3/${PORTVERSION:R}/changesets PATCHFILES= squid-3.5-13997.patch \ squid-3.5-13998.patch \ squid-3.5-13999.patch \ - squid-3.5-14000.patch + squid-3.5-14000.patch \ + squid-3.5-14001.patch \ + squid-3.5-14002.patch \ + squid-3.5-14003.patch \ + squid-3.5-14004.patch \ + squid-3.5-14005.patch \ + squid-3.5-14006.patch \ + squid-3.5-14007.patch \ + squid-3.5-14008.patch \ + squid-3.5-14009.patch \ + squid-3.5-14010.patch \ + squid-3.5-14011.patch \ + squid-3.5-14012.patch MAINTAINER= timp87@gmail.com COMMENT= HTTP Caching Proxy LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/COPYING USES= compiler cpe perl5 shebangfix tar:xz CPE_VENDOR= squid-cache SHEBANG_FILES= scripts/*.pl contrib/*.pl src/*.pl tools/*.pl \ helpers/ssl/cert_valid.pl GNU_CONFIGURE= yes USE_RC_SUBR= squid USERS= squid GROUPS= squid MYDOCS= QUICKSTART README RELEASENOTES.html doc/debug-sections.txt PORTDOCS= ${MYDOCS:T} PORTEXAMPLES= * SUB_FILES+= pkg-install pkg-message OPTIONS_SUB= yes -OPTIONS_DEFINE= ARP_ACL AUTH_LDAP AUTH_NIS AUTH_SASL AUTH_SMB \ - AUTH_SQL CACHE_DIGESTS DEBUG DELAY_POOLS ECAP ESI \ +OPTIONS_GROUP= AUTH +OPTIONS_RADIO= SMB +OPTIONS_GROUP_AUTH=AUTH_LDAP AUTH_NIS AUTH_SASL AUTH_SQL +OPTIONS_RADIO_SMB=AUTH_SMB3 AUTH_SMB4 +OPTIONS_DEFINE= ARP_ACL CACHE_DIGESTS DEBUG DELAY_POOLS ECAP ESI \ FOLLOW_XFF FS_AUFS FS_DISKD FS_ROCK HTCP ICAP ICMP IDENT IPV6 \ KQUEUE LARGEFILE NETTLE SNMP SSL SSL_CRTD STACKTRACES LAX_HTTP \ TP_IPF TP_IPFW TP_PF VIA_DB WCCP WCCPV2 DOCS EXAMPLES OPTIONS_SINGLE= GSSAPI OPTIONS_SINGLE_GSSAPI= GSSAPI_NONE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT -OPTIONS_DEFAULT=GSSAPI_BASE AUTH_NIS FS_AUFS FS_DISKD HTCP IDENT KQUEUE SNMP \ - WCCP WCCPV2 +OPTIONS_DEFAULT=ARP_ACL AUTH_NIS CACHE_DIGESTS DELAY_POOLS DOCS EXAMPLES FOLLOW_XFF \ + FS_AUFS FS_DISKD FS_ROCK HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE \ + LAX_HTTP SNMP SSL SSL_CRTD TP_IPF TP_IPFW TP_PF VIA_DB WCCP WCCPV2 \ + GSSAPI_BASE ARP_ACL_CONFIGURE_ENABLE= eui AUTH_LDAP_CFLAGS= -I${LOCALBASE}/include AUTH_LDAP_LDFLAGS= -L${LOCALBASE}/lib AUTH_LDAP_USE= OPENLDAP=yes AUTH_SASL_CFLAGS= -I${LOCALBASE}/include AUTH_SASL_CPPFLAGS= -I${LOCALBASE}/include AUTH_SASL_LDFLAGS= -L${LOCALBASE}/lib AUTH_SASL_LIB_DEPENDS= libsasl2.so:${PORTSDIR}/security/cyrus-sasl2 -AUTH_SMB_BUILD_DEPENDS= smbclient:${PORTSDIR}/net/samba36 -AUTH_SMB_RUN_DEPENDS= smbclient:${PORTSDIR}/net/samba36 -AUTH_SQL_RUN_DEPENDS= p5-DBD-mysql>=0:${PORTSDIR}/databases/p5-DBD-mysql -AUTH_SQL_USE= MYSQL=yes +AUTH_SMB3_RUN_DEPENDS= smbclient:${PORTSDIR}/net/samba36 +AUTH_SMB4_RUN_DEPENDS= smbclient:${PORTSDIR}/net/samba42 +AUTH_SQL_RUN_DEPENDS= p5-DBI>=1.08:${PORTSDIR}/databases/p5-DBI CACHE_DIGESTS_CONFIGURE_ENABLE= cache-digests DELAY_POOLS_CONFIGURE_ENABLE= delay-pools ECAP_CFLAGS= -I${LOCALBASE}/include ECAP_CONFIGURE_ENABLE= ecap ECAP_LDFLAGS= -L${LOCALBASE}/lib ECAP_LIB_DEPENDS= libecap.so:${PORTSDIR}/www/libecap ECAP_USES= pkgconfig:build ESI_CFLAGS= -I${LOCALBASE}/include -I${LOCALBASE}/include/libxml2 ESI_CONFIGURE_ENABLE= esi ESI_LDFLAGS= -L${LOCALBASE}/lib ESI_LIB_DEPENDS= libexpat.so:${PORTSDIR}/textproc/expat2 \ libxml2.so:${PORTSDIR}/textproc/libxml2 FOLLOW_XFF_CONFIGURE_ENABLE= follow-x-forwarded-for HTCP_CONFIGURE_ENABLE= htcp ICAP_CONFIGURE_ENABLE= icap-client ICMP_CONFIGURE_ENABLE= icmp IDENT_CONFIGURE_ENABLE= ident-lookups IPV6_CONFIGURE_ENABLE= ipv6 KQUEUE_CONFIGURE_ENABLE= kqueue LARGEFILE_CONFIGURE_WITH= large-files LAX_HTTP_CONFIGURE_ENABLE= http-violations NETTLE_LIB_DEPENDS= libnettle.so:${PORTSDIR}/security/nettle NETTLE_CONFIGURE_OFF= --without-nettle SNMP_CONFIGURE_ENABLE= snmp SSL_CONFIGURE_ENABLE= ssl SSL_CRTD_CONFIGURE_ENABLE= ssl-crtd STACKTRACES_CONFIGURE_ENABLE= stacktraces STACKTRACES_LIB_DEPENDS= libunwind.so:${PORTSDIR}/devel/libunwind STACKTRACES_CONFIGURE_ON= --disable-strict-error-checking TP_IPFW_CONFIGURE_ENABLE= ipfw-transparent TP_IPF_CONFIGURE_ENABLE= ipf-transparent TP_PF_CONFIGURE_ENABLE= pf-transparent TP_PF_CONFIGURE_WITH= nat-devpf VIA_DB_CONFIGURE_ENABLE= forw-via-db WCCPV2_CONFIGURE_ENABLE= wccpv2 WCCP_CONFIGURE_ENABLE= wccp GSSAPI_NONE_CONFIGURE_ON= --without-heimdal-krb5 \ --without-mit-krb5 \ --without-gss GSSAPI_BASE_USES= gssapi GSSAPI_BASE_CONFIGURE_ON= --with-heimdal-krb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} GSSAPI_HEIMDAL_USES= gssapi:heimdal GSSAPI_HEIMDAL_CONFIGURE_ON= --with-heimdal-krb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} GSSAPI_MIT_USES= gssapi:mit GSSAPI_MIT_CONFIGURE_ON= --with-mit-krb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} # TODO: # add an option for external_acl/session (requires some kind of external # Berkeley DB support, unsure which one) ARP_ACL_DESC= ARP/MAC/EUI based authentification +AUTH_DESC= Authentication helpers GSSAPI_DESC= Install Kerberos authentication helpers GSSAPI_NONE_DESC= Build without Kerberos support GSSAPI_BASE_DESC= Build with Kerberos support from base GSSAPI_HEIMDAL_DESC= Build with Kerberos support from security/heimdal GSSAPI_MIT_DESC= Build with Kerberos support from security/krb5 AUTH_LDAP_DESC= Install LDAP authentication helpers AUTH_NIS_DESC= Install NIS/YP authentication helpers AUTH_SASL_DESC= Install SASL authentication helpers -AUTH_SMB_DESC= Install SMB auth. helpers (req. Samba) -AUTH_SQL_DESC= Install SQL based auth (uses MySQL) +AUTH_SMB3_DESC= Install SMB3 auth. helpers (req. net/samba36) +AUTH_SMB4_DESC= Install SMB4 auth. helpers (req. net/samba42) +AUTH_SQL_DESC= Install SQL based auth CACHE_DIGESTS_DESC= Use cache digests DEBUG_DESC= Build with extended debugging support DELAY_POOLS_DESC= Delay pools (bandwidth limiting) ECAP_DESC= Loadable content adaptation modules ESI_DESC= ESI support FOLLOW_XFF_DESC= Support for the X-Following-For header FS_AUFS_DESC= AUFS (threaded-io) support FS_DISKD_DESC= DISKD storage engine controlled by separate service FS_ROCK_DESC= ROCK storage engine HTCP_DESC= HTCP support ICAP_DESC= the ICAP client ICMP_DESC= ICMP pinging and network measurement IDENT_DESC= Ident lookups (RFC 931) KQUEUE_DESC= Kqueue(2) support LARGEFILE_DESC= Support large (>2GB) cache and log files NETTLE_DESC= Nettle MD5 algorithm support +SMB_DESC= Samba authentication helpers SNMP_DESC= SNMP support SSL_CRTD_DESC= Use ssl_crtd to handle SSL cert requests SSL_DESC= SSL gatewaying support STACKTRACES_DESC= Enable automatic backtraces on fatal errors LAX_HTTP_DESC= Do not enforce strict HTTP compliance TP_IPFW_DESC= Transparent proxying with IPFW TP_IPF_DESC= Transparent proxying with IPFilter TP_PF_DESC= Transparent proxying with PF VIA_DB_DESC= Forward/Via database WCCPV2_DESC= Web Cache Coordination Protocol v2 WCCP_DESC= Web Cache Coordination Protocol change_files= ChangeLog \ contrib/nextstep/makepkg \ contrib/nextstep/post_install \ errors/Makefile.am \ errors/Makefile.in \ helpers/basic_auth/SMB_LM/README.html \ src/Makefile.am \ src/Makefile.in \ src/cf_gen.cc \ src/squid.8.in \ test-suite/Makefile.in \ tools/Makefile.am \ tools/Makefile.in .if !defined(SQUID_CONFIGURE_ARGS) \ || ${SQUID_CONFIGURE_ARGS:M*--disable-unlinkd*} == "" PLIST_SUB+= UNLINKD="" .else PLIST_SUB+= UNLINKD="@comment " .endif CONFIGURE_ARGS= --with-default-user=squid \ --bindir=${PREFIX}/sbin \ --sbindir=${PREFIX}/sbin \ --datadir=${ETCDIR} \ --libexecdir=${PREFIX}/libexec/squid \ --localstatedir=/var \ --sysconfdir=${ETCDIR} \ --with-logdir=/var/log/squid \ --with-pidfile=/var/run/squid/squid.pid \ --with-swapdir=/var/squid/cache \ --without-gnutls \ --enable-auth \ --enable-build-info \ --enable-loadable-modules \ --enable-removal-policies="lru heap" \ --disable-epoll \ --disable-linux-netfilter \ --disable-linux-tproxy \ --disable-translation \ --disable-arch-native .include # Authentication methods and modules: basic_auth= DB SMB_LM MSNT-multi-domain NCSA PAM POP3 RADIUS fake getpwnam digest_auth= file external_acl= file_userip time_quota unix_group ntlm_auth= fake smb_lm .if ${PORT_OPTIONS:MAUTH_LDAP} basic_auth+= LDAP external_acl+= LDAP_group .endif .if ${PORT_OPTIONS:MAUTH_SASL} basic_auth+= SASL .endif -.if ${PORT_OPTIONS:MAUTH_SMB} +.if ${PORT_OPTIONS:MAUTH_SMB3} || ${PORT_OPTIONS:MAUTH_SMB4} +PLIST_SUB+= AUTH_SMB="" basic_auth+= SMB external_acl+= wbinfo_group +.else +PLIST_SUB+= AUTH_SMB="@comment " .endif .if ${PORT_OPTIONS:MAUTH_SQL} external_acl+= SQL_session .endif # POLA: allow the old global make.conf(5) (pre src.conf(5)) defines, too: .if ${PORT_OPTIONS:MAUTH_NIS} && !defined(NO_NIS) && !defined(WITHOUT_NIS) basic_auth+= NIS .endif # POLA: allow the old global make.conf(5) (pre src.conf(5)) defines, too: .if ${PORT_OPTIONS:MGSSAPI_NONE} || defined(NO_KERBEROS) || defined(WITHOUT_KERBEROS) negotiate_auth= none PLIST_SUB+= AUTH_KERB="@comment " .else # The kerberos_ldap_group external helper also depends on LDAP and SASL: . if ${PORT_OPTIONS:MAUTH_LDAP} && ${PORT_OPTIONS:MAUTH_SASL} external_acl+= kerberos_ldap_group . endif negotiate_auth= kerberos wrapper PLIST_SUB+= AUTH_KERB="" .endif # Make it build on FreeBSD < 10 .if ${PORT_OPTIONS:MGSSAPI_BASE} EXTRA_PATCHES+= ${FILESDIR}/extra-patch-build-8-9 .endif CONFIGURE_ARGS+= --enable-auth-basic="${basic_auth}" \ --enable-auth-digest="${digest_auth}" \ --enable-external-acl-helpers="${external_acl}" \ --enable-auth-negotiate="${negotiate_auth}" \ --enable-auth-ntlm="${ntlm_auth}" # Storage schemes: storage_schemes= ufs diskio_modules= AIO Blocking IpcIo Mmapped .if ${PORT_OPTIONS:MFS_AUFS} storage_schemes+= aufs diskio_modules+= DiskThreads # Nil aufs threads is default, set any other value via SQUID_CONFIGURE_ARGS, # e.g. SQUID_CONFIGURE_ARGS=--with-aufs-threads=N LDFLAGS+= -pthread .else CONFIGURE_ARGS+= --without-pthreads .endif .if ${PORT_OPTIONS:MFS_DISKD} storage_schemes+= diskd diskio_modules+= DiskDaemon .endif .if ${PORT_OPTIONS:MFS_ROCK} storage_schemes+= rock .endif CONFIGURE_ARGS+= --enable-storeio="${storage_schemes}" \ --enable-disk-io="${diskio_modules}" # Log daemon helpers: logdaemon_helpers= file CONFIGURE_ARGS+= --enable-log-daemon-helpers="${logdaemon_helpers}" # URL rewrite helpers: url_rewrite_helpers= fake CONFIGURE_ARGS+= --enable-url-rewrite-helpers="${url_rewrite_helpers}" # Storeid rewrite helpers: storeid_rewrite_helpers= file CONFIGURE_ARGS+= --enable-storeid-rewrite-helpers="${storeid_rewrite_helpers}" # Other options set via 'make config': .if ${PORT_OPTIONS:MSSL} # we need to .include bsd.openssl.mk manually here.because USE_OPENSSL only # works when it is defined before bsd.port{.pre}.mk is .included. # This makes it currently impossible to combine this macro with OPTIONS to # conditionally include OpenSSL support. # XXX: is this still true with OptionsNG as of 2015-03? #.include "${.CURDIR}/../../Mk/bsd.openssl.mk" .include "${PORTSDIR}/Mk/bsd.openssl.mk" CONFIGURE_ARGS+= --with-openssl="${OPENSSLBASE}" CFLAGS+= -I${OPENSSLINC} LDFLAGS+= -L${OPENSSLLIB} +.endif + +.if ${PORT_OPTIONS:MSSL_CRTD} && !${PORT_OPTIONS:MSSL} +IGNORE=SSL_CRTD option can be used only if SSL option is enabled .endif .if ${PORT_OPTIONS:MSTACKTRACES} CFLAGS+= -g LDFLAGS+= -lunwind -L${LOCALBASE}/lib STRIP= EXTRA_PATCHES+= ${FILESDIR}/extra-patch-gen-stacktrace .endif .if ${PORT_OPTIONS:MDEBUG} || defined(WITH_DEBUG) CONFIGURE_ARGS+= --disable-optimizations --enable-debug-cbdata WITH_DEBUG?= yes .endif # Finally, add additional user specified configuration options: CONFIGURE_ARGS+= ${SQUID_CONFIGURE_ARGS} post-patch: @${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|g' \ ${WRKSRC}/src/cf.data.pre @(cd ${WRKSRC} && ${REINPLACE_CMD} \ -e 's|\.conf\.default|.conf.sample|' \ -e 's|)\.default|).sample|' \ ${change_files}) @(cd ${WRKSRC} && ${MV} src/mime.conf.default src/mime.conf.sample) .if !${PORT_OPTIONS:MIPV6} @${REINPLACE_CMD} -e's/ ::1//' -e's/ fc00::\/7//' \ -e's/ fe80::\/10//' -e's/ 2001:DB8::2//' \ -e's/ 2001:DB8::a:0\/64//' \ -e'/tcp_outgoing_address 2001:db8::c001 good_service_net/d' \ -e'/tcp_outgoing_address 2001:db8::beef normal_service_net/d' \ -e'/tcp_outgoing_address 2001:db8::1/d' \ ${WRKSRC}/src/cf.data.pre .endif post-install: @${MKDIR} ${STAGEDIR}${EXAMPLESDIR} ${INSTALL_DATA} ${WRKSRC}/helpers/basic_auth/DB/passwd.sql \ ${STAGEDIR}${EXAMPLESDIR} @${MKDIR} ${STAGEDIR}${DOCSDIR} (cd ${WRKSRC} && ${INSTALL_DATA} ${MYDOCS} ${STAGEDIR}${DOCSDIR}) .include .if ${COMPILER_TYPE} == clang #CXXFLAGS+= -Wno-unused-private-field .if ${COMPILER_VERSION} >= 35 CXXFLAGS+= -Wno-undefined-bool-conversion -Wno-tautological-undefined-compare -Wno-dynamic-class-memaccess .endif .endif .include Index: head/www/squid/distinfo =================================================================== --- head/www/squid/distinfo (revision 412286) +++ head/www/squid/distinfo (revision 412287) @@ -1,10 +1,34 @@ SHA256 (squid3.5/squid-3.5.15.tar.xz) = 9cfce3231c7b3b33816fc54414d8720a51ac5e723663e0685a8bb995b9f450d2 SIZE (squid3.5/squid-3.5.15.tar.xz) = 2315628 SHA256 (squid3.5/squid-3.5-13997.patch) = 43533b41af0e5d067c576de87842b85a33bac9b293c19d816fa1475324eb89fd SIZE (squid3.5/squid-3.5-13997.patch) = 1509 SHA256 (squid3.5/squid-3.5-13998.patch) = c53a9d3e48224b06eedb5867b248e1b1c1226deab73c7c4d9ce8f72524e91214 SIZE (squid3.5/squid-3.5-13998.patch) = 8184 SHA256 (squid3.5/squid-3.5-13999.patch) = 07e82e0b7f0d766de443277f1153165177c867cbc75514890f2fe4de8d43c820 SIZE (squid3.5/squid-3.5-13999.patch) = 1585 SHA256 (squid3.5/squid-3.5-14000.patch) = 36578a13e87150d1604b543c68b419de1c941be3f90e80fbf464f9c23139e2de SIZE (squid3.5/squid-3.5-14000.patch) = 1676 +SHA256 (squid3.5/squid-3.5-14001.patch) = 127720c408c368070b7807092faae7980d900888f8bbaee0e2689b86573fea94 +SIZE (squid3.5/squid-3.5-14001.patch) = 14099 +SHA256 (squid3.5/squid-3.5-14002.patch) = 49c8dea344473c103fefce2b830e96fe94af14bc20640a0c244eea01ac03469d +SIZE (squid3.5/squid-3.5-14002.patch) = 2054 +SHA256 (squid3.5/squid-3.5-14003.patch) = 27ccd9aeabf4e66fbf25a914cc614c8f8020c8010e94d2b6bf499def79fce8b6 +SIZE (squid3.5/squid-3.5-14003.patch) = 1636 +SHA256 (squid3.5/squid-3.5-14004.patch) = fc515a51866d518f4ff7e57ef92f2554d2715b59f547927af63192302238690f +SIZE (squid3.5/squid-3.5-14004.patch) = 1948 +SHA256 (squid3.5/squid-3.5-14005.patch) = e7f17a11cb49742f6b535e8e4e8558e03f71335524c524f84f1ef68f71f99b93 +SIZE (squid3.5/squid-3.5-14005.patch) = 1249 +SHA256 (squid3.5/squid-3.5-14006.patch) = 88dd50a459ed68fb7c797a840f92a0ada6655b3fb92052f679088704eb1d9f32 +SIZE (squid3.5/squid-3.5-14006.patch) = 2500 +SHA256 (squid3.5/squid-3.5-14007.patch) = 1e2e14809e7ca8608300cfc3be027cd55c21fbe3084cc4568c8091adebc256c0 +SIZE (squid3.5/squid-3.5-14007.patch) = 1214 +SHA256 (squid3.5/squid-3.5-14008.patch) = 6c2f511ee33d74d1c91cae5ef0a9645facf0104067397866dd542bf3ff975255 +SIZE (squid3.5/squid-3.5-14008.patch) = 1559 +SHA256 (squid3.5/squid-3.5-14009.patch) = addc7dd78c5632b428f747eab93382195d2d4a820742afd2661ec920f1dc9a77 +SIZE (squid3.5/squid-3.5-14009.patch) = 1902 +SHA256 (squid3.5/squid-3.5-14010.patch) = bed1fb437b3f3925293d42c7032c44c7aa4e1944cc6ed17e9cc9e498a06ada7c +SIZE (squid3.5/squid-3.5-14010.patch) = 2974 +SHA256 (squid3.5/squid-3.5-14011.patch) = c87ce0edb4dcb1f0ae49fb10006009534ce1e5922a4ceb8d784386681ce4b164 +SIZE (squid3.5/squid-3.5-14011.patch) = 2400 +SHA256 (squid3.5/squid-3.5-14012.patch) = 6f749e014907150cc9692b16edcb9d9a73fdb3831c718d908bd7c48561702b3c +SIZE (squid3.5/squid-3.5-14012.patch) = 1287 Index: head/www/squid/files/patch-configure =================================================================== --- head/www/squid/files/patch-configure (revision 412286) +++ head/www/squid/files/patch-configure (revision 412287) @@ -1,95 +1,100 @@ --- configure.orig 2015-11-01 10:46:19 UTC +++ configure -@@ -27729,9 +27729,11 @@ - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then +@@ -27731,7 +27731,7 @@ squid_pc_krb5_name="heimdal-gssapi" -+ else -+ squid_pc_krb5_name="heimdal-gssapi" fi fi - if test "x$squid_pc_krb5_name" != "x" -a "$cross_compiling" = "no"; then + if test "x$squid_pc_krb5_name" = "x" -a "$cross_compiling" = "no"; then # Look for krb5-config (unless cross-compiling) # Extract the first word of "krb5-config", so it can be a program name with args. set dummy krb5-config; ac_word=$2 +@@ -27777,7 +27777,7 @@ + if test "x$ac_cv_path_krb5_config" != "xno" ; then + krb5confpath="`dirname $ac_cv_path_krb5_config`" + ac_heimdal="`$ac_cv_path_krb5_config --version 2>/dev/null | grep -c -i heimdal`" +- if test "x$with_heimdal_krb5" = "xyes"; then ++ if test "x$with_heimdal_krb5" = "xyes" -a $ac_heimdal = 0; then + as_fn_error $? "Could not find pkg-config or krb5-config for Heimdal Kerberos" "$LINENO" 5 + fi + else @@ -32038,7 +32040,7 @@ done ## BUILD_HELPER="NIS" -for ac_header in sys/types.h rpc/rpc.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h crypt.h +for ac_header in sys/types.h rpc/rpc.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h rpcsvc/crypt.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_cxx_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" " @@ -32053,8 +32055,10 @@ if eval test \"x\$"$as_ac_Header"\" = x" #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF -else - BUILD_HELPER="" +# XXX: On FreeBSD we have to do this to make NIS work +# until https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188247 +# is resolved. + BUILD_HELPER="NIS" fi done @@ -32519,7 +32523,7 @@ done # unconditionally requires crypt(3), for now if test "x$ac_cv_func_crypt" != "x"; then - for ac_header in unistd.h crypt.h shadow.h + for ac_header in unistd.h rpcsvc/crypt.h shadow.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_cxx_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" @@ -34574,7 +34578,7 @@ for ac_header in \ arpa/nameser.h \ assert.h \ bstring.h \ - crypt.h \ + rpcsvc/crypt.h \ ctype.h \ direct.h \ errno.h \ @@ -34785,6 +34789,7 @@ ac_fn_cxx_check_header_compile "$LINENO" #include #endif #if HAVE_NETINET_IP_COMPAT_H +#include /* IFNAMSIZ */ #include #endif #if HAVE_NETINET_IP_FIL_H @@ -38773,6 +38778,7 @@ if test "x$enable_ipf_transparent" != "x # include # include +# include /* IFNAMSIZ */ # include # include # include @@ -38803,6 +38809,7 @@ else # include # include #undef minor_t +# include /* IFNAMSIZ */ # include # include # include @@ -38847,6 +38854,7 @@ _ACEOF ip_fil_compat.h \ ip_fil.h \ ip_nat.h \ + net/if.h \ netinet/ip_compat.h \ netinet/ip_fil_compat.h \ netinet/ip_fil.h \ @@ -38876,6 +38884,7 @@ ac_fn_cxx_check_header_compile "$LINENO" #if HAVE_IP_COMPAT_H #include #elif HAVE_NETINET_IP_COMPAT_H +#include /* IFNAMSIZ */ #include #endif #if HAVE_IP_FIL_H Index: head/www/squid/files/patch-src__ip__Intercept.cc =================================================================== --- head/www/squid/files/patch-src__ip__Intercept.cc (revision 412286) +++ head/www/squid/files/patch-src__ip__Intercept.cc (revision 412287) @@ -1,15 +1,53 @@ --- src/ip/Intercept.cc.orig 2015-11-01 10:44:25 UTC +++ src/ip/Intercept.cc @@ -202,10 +202,10 @@ Ip::Intercept::IpfInterception(const Com // for NAT lookup set local and remote IP:port's if (newConn->remote.isIPv6()) { #if IPFILTER_VERSION < 5000003 - // warn once every 10 at critical level, then push down a level each repeated event + // warn once every million at critical level, then push down a level each repeated event static int warningLevel = DBG_CRITICAL; debugs(89, warningLevel, "IPF (IPFilter v4) NAT does not support IPv6. Please upgrade to IPFilter v5.1"); - warningLevel = ++warningLevel % 10; + warningLevel = (warningLevel + 1) % 1048576; return false; #else natLookup.nl_v = 6; +@@ -323,13 +323,21 @@ + } + + memset(&nl, 0, sizeof(struct pfioc_natlook)); +- newConn->remote.getInAddr(nl.saddr.v4); ++ if (newConn->remote.isIPv4()) { ++ newConn->remote.getInAddr(nl.saddr.v4); ++ } else { ++ newConn->remote.getInAddr(nl.saddr.v6); ++ } + nl.sport = htons(newConn->remote.port()); + +- newConn->local.getInAddr(nl.daddr.v4); ++ if (newConn->local.isIPv4()) { ++ newConn->local.getInAddr(nl.daddr.v4); ++ } else { ++ newConn->local.getInAddr(nl.daddr.v6); ++ } + nl.dport = htons(newConn->local.port()); + +- nl.af = AF_INET; ++ nl.af = newConn->remote.isIPv4() ? AF_INET : AF_INET6; + nl.proto = IPPROTO_TCP; + nl.direction = PF_OUT; + +@@ -345,7 +353,11 @@ + debugs(89, 9, HERE << "address: " << newConn); + return false; + } else { +- newConn->local = nl.rdaddr.v4; ++ if (nl.af == AF_INET) { ++ newConn->local = nl.rdaddr.v4; ++ } else { ++ newConn->local = nl.rdaddr.v6; ++ } + newConn->local.port(ntohs(nl.rdport)); + debugs(89, 5, HERE << "address NAT: " << newConn); + return true; Index: head/www/squid/files/pkg-message.in =================================================================== --- head/www/squid/files/pkg-message.in (revision 412286) +++ head/www/squid/files/pkg-message.in (revision 412287) @@ -1,42 +1,48 @@ o You can find the configuration files for this package in the directory %%PREFIX%%/etc/squid. o The default cache directory is /var/squid/cache/. The default log directory is /var/log/squid/. Note: You must initialize new cache directories before you can start squid. Do this by running "squid -z" as 'root' or 'squid'. If your cache directories are already initialized (e.g. after an upgrade of squid) you do not need to initialize them again. - 0 When using DiskD storage scheme remember to read documentation: + o When using DiskD storage scheme remember to read documentation: http://wiki.squid-cache.org/Features/DiskDaemon and alter your kern.ipc defaults in /boot/loader.conf. DiskD will not work reliably without this. Last recomendations were: kern.ipc.msgmnb=8192 kern.ipc.msgssz=64 kern.ipc.msgtql=2048 o The default configuration will deny everyone but the local host and local networks as defined in RFC 1918 for IPv4 and RFCs 4193 and 4291 for IPv6 access to the proxy service. Edit the "http_access allow/deny" directives in %%PREFIX%%/etc/squid/squid.conf to suit your needs. + + o If AUTH_SQL option is set, please, don't forget to install one of + following perl modules depending on database you like: + databases/p5-DBD-mysql + databases/p5-DBD-Pg + databases/p5-DBD-SQLite To enable Squid, set squid_enable=yes in either /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/squid Please see %%PREFIX%%/etc/rc.d/squid for further details. Note: If you just updated your Squid installation from an earlier version, make sure to check your Squid configuration against the 3.4 default configuration file %%PREFIX%%/etc/squid/squid.conf.sample. %%PREFIX%%/etc/squid/squid.conf.documented is a fully annotated configuration file you can consult for further reference. Additionally, you should check your configuration by calling 'squid -f /path/to/squid.conf -k parse' before starting Squid. Index: head/www/squid/files/squid.in =================================================================== --- head/www/squid/files/squid.in (revision 412286) +++ head/www/squid/files/squid.in (revision 412287) @@ -1,150 +1,148 @@ #!/bin/sh # # $FreeBSD$ # # PROVIDE: squid # REQUIRE: LOGIN # KEYWORD: shutdown # # Note: # Set "squid_enable=yes" in either /etc/rc.conf, /etc/rc.conf.local or # /etc/rc.conf.d/squid to activate Squid. # # Additional variables you can define in one of these files: # # squid_chdir: the directory into which the rc system moves into before # starting Squid. Default: /var/squid # # squid_conf: The configuration file that Squid should use. # Default: %%PREFIX%%/etc/squid/squid.conf # # squid_fib: The alternative routing table id that Squid should use. # Default: none # See setfib(1) for further details. Note that the setfib(2) # system call is not available in FreeBSD versions prior to 7.1. # # squid_user: The user id that should be used to run the Squid master # process. Default: squid. # Note that you probably need to define "squid_user=root" if # you want to run Squid in reverse proxy setups or if you want # Squid to listen on a "privileged" port < 1024. # # squid_pidfile: # The name (including the full path) of the Squid # master process' PID file. # Default: /var/run/squid/squid.pid. # You only need to change this if you changed the # corresponding entry in your Squid configuration. # # squid_flags: Additional commandline arguments for Squid you might want to # use. See squid(8) for further details. # # squid_krb5_ktname: # Alternative Kerberos 5 Key Table. # Default: none . /etc/rc.subr name=squid rcvar=squid_enable # Make sure that we invoke squid with "-f ${squid_conf}"; define this # variable early so reload_cmd and stop_precmd pick it up: extra_commands="reload configtest" reload_cmd=squid_reload start_precmd=squid_prestart start_postcmd=squid_getpid stop_precmd=squid_prestop configtest_cmd=squid_configtest reload_precmd=squid_configtest restart_precmd=squid_configtest # squid(8) will not start if ${squid_conf} is not present so try # to catch that beforehand via ${required_files} rather than make # squid(8) crash. squid_load_rc_config() { : ${squid_chdir:=/var/squid} : ${squid_conf:=%%PREFIX%%/etc/squid/squid.conf} : ${squid_enable:=NO} : ${squid_program:=%%PREFIX%%/sbin/squid} : ${squid_pidfile:=/var/run/squid/squid.pid} : ${squid_user:=squid} required_args="-f ${squid_conf}" required_dirs=$chdir required_files=$squid_conf command_args="${required_args} ${squid_flags}" procname="?squid-*" pidfile=$squid_pidfile } squid_prestart() { # setup KRB5_KTNAME: squid_krb5_ktname=${squid_krb5_ktname:-"NONE"} if [ "${squid_krb5_ktname}" != "NONE" ]; then export KRB5_KTNAME=${squid_krb5_ktname} fi # setup FIB tables: if command -v check_namevarlist > /dev/null 2>&1; then check_namevarlist fib && return 0 fi ${SYSCTL} net.fibs >/dev/null 2>&1 || return 0 squid_fib=${squid_fib:-"NONE"} if [ "${squid_fib}" != "NONE" ]; then command="setfib -F $squid_fib $command" else return 0 fi squid_configtest } squid_reload() { - $command $required_args $squid_flags -k reconfigure } squid_configtest() { - echo "Performing sanity check on ${name} configuration." if $command $required_args $squid_flags -k check; then echo "Configuration for ${name} passes." return 0 else return $? fi } squid_getpid() { # retrieve the PID of the Squid master process explicitly here # in case rc.subr was unable to determine it: if [ -z "$rc_pid" ]; then while ! [ -f ${pidfile} ]; do sleep 1 done read _pid _junk <${pidfile} [ -z "${_pid}" ] || pid=${_pid} else pid=${rc_pid} fi } squid_prestop() { command_args="$command_args -k shutdown" - $command $required_args $squid_flags -k check 2>/dev/null + squid_configtest } load_rc_config $name squid_load_rc_config run_rc_command $1