Index: branches/2016Q4/www/squid/Makefile =================================================================== --- branches/2016Q4/www/squid/Makefile (revision 429217) +++ branches/2016Q4/www/squid/Makefile (revision 429218) @@ -1,323 +1,326 @@ # $FreeBSD$ PORTNAME= squid -PORTVERSION= 3.5.20 +PORTVERSION= 3.5.23 CATEGORIES= www ipv6 MASTER_SITES= http://www.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \ http://www2.us.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \ http://www1.at.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \ http://www.eu.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \ http://www1.jp.squid-cache.org/Versions/v3/${PORTVERSION:R}/ DIST_SUBDIR= squid${PORTVERSION:R} PATCH_SITES= http://www.squid-cache.org/%SUBDIR%/ \ http://www2.us.squid-cache.org/%SUBDIR%/ \ http://www1.at.squid-cache.org/%SUBDIR%/ \ http://www.eu.squid-cache.org/%SUBDIR%/ \ http://www1.jp.squid-cache.org/%SUBDIR%/ \ http://master.squid-cache.org/~amosjeffries/patches/:nosid PATCH_SITE_SUBDIR= Versions/v3/${PORTVERSION:R}/changesets #PATCHFILES= MAINTAINER= timp87@gmail.com COMMENT= HTTP Caching Proxy LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/COPYING CONFLICTS= squid*-4.* BROKEN_powerpc64= Does not build USES= compiler cpe perl5 shebangfix tar:xz CPE_VENDOR= squid-cache SHEBANG_FILES= scripts/*.pl contrib/*.pl src/*.pl tools/*.pl \ helpers/ssl/cert_valid.pl GNU_CONFIGURE= yes USE_RC_SUBR= squid USERS= squid GROUPS= squid MYDOCS= QUICKSTART README RELEASENOTES.html doc/debug-sections.txt PORTDOCS= ${MYDOCS:T} PORTEXAMPLES= * SUB_FILES+= pkg-install pkg-message OPTIONS_SUB= yes OPTIONS_GROUP= AUTH OPTIONS_RADIO= SMB FW OPTIONS_GROUP_AUTH=AUTH_LDAP AUTH_NIS AUTH_SASL AUTH_SQL OPTIONS_RADIO_SMB=AUTH_SMB3 AUTH_SMB4 OPTIONS_RADIO_FW=TP_IPF TP_IPFW TP_PF OPTIONS_DEFINE= ARP_ACL CACHE_DIGESTS DEBUG DELAY_POOLS ECAP ESI \ FOLLOW_XFF FS_AUFS FS_DISKD FS_ROCK HTCP ICAP ICMP IDENT IPV6 \ KQUEUE LARGEFILE NETTLE SNMP SSL SSL_CRTD STACKTRACES LAX_HTTP \ VIA_DB WCCP WCCPV2 DOCS EXAMPLES OPTIONS_SINGLE= GSSAPI OPTIONS_SINGLE_GSSAPI= GSSAPI_NONE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT OPTIONS_DEFAULT=ARP_ACL AUTH_NIS CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF \ FS_AUFS FS_DISKD FS_ROCK HTCP ICAP ICMP IDENT KQUEUE LARGEFILE \ LAX_HTTP SNMP SSL SSL_CRTD TP_IPFW VIA_DB WCCP WCCPV2 GSSAPI_BASE ARP_ACL_CONFIGURE_ENABLE= eui AUTH_LDAP_CFLAGS= -I${LOCALBASE}/include AUTH_LDAP_LDFLAGS= -L${LOCALBASE}/lib AUTH_LDAP_USE= OPENLDAP=yes AUTH_LDAP_VARS= BASIC_AUTH+=LDAP EXTERNAL_ACL+=LDAP_group AUTH_SASL_CFLAGS= -I${LOCALBASE}/include AUTH_SASL_CPPFLAGS= -I${LOCALBASE}/include AUTH_SASL_LDFLAGS= -L${LOCALBASE}/lib AUTH_SASL_LIB_DEPENDS= libsasl2.so:security/cyrus-sasl2 AUTH_SASL_VARS= BASIC_AUTH+=SASL AUTH_SMB3_RUN_DEPENDS= smbclient:net/samba36 AUTH_SMB3_VARS= BASIC_AUTH+=SMB EXTERNAL_ACL+=wbinfo_group AUTH_SMB3_PLIST_SUB= AUTH_SMB="" AUTH_SMB4_RUN_DEPENDS= smbclient:net/samba42 AUTH_SMB4_VARS= BASIC_AUTH+=SMB EXTERNAL_ACL+=wbinfo_group AUTH_SMB4_PLIST_SUB= AUTH_SMB="" AUTH_SQL_RUN_DEPENDS= p5-DBI>=1.08:databases/p5-DBI AUTH_SQL_VARS= EXTERNAL_ACL+=SQL_session CACHE_DIGESTS_CONFIGURE_ENABLE= cache-digests DELAY_POOLS_CONFIGURE_ENABLE= delay-pools ECAP_CFLAGS= -I${LOCALBASE}/include ECAP_CONFIGURE_ENABLE= ecap ECAP_LDFLAGS= -L${LOCALBASE}/lib ECAP_LIB_DEPENDS= libecap.so:www/libecap ECAP_USES= pkgconfig:build ESI_CFLAGS= -I${LOCALBASE}/include -I${LOCALBASE}/include/libxml2 ESI_CONFIGURE_ENABLE= esi ESI_LDFLAGS= -L${LOCALBASE}/lib ESI_LIB_DEPENDS= libexpat.so:textproc/expat2 \ libxml2.so:textproc/libxml2 FOLLOW_XFF_CONFIGURE_ENABLE= follow-x-forwarded-for HTCP_CONFIGURE_ENABLE= htcp ICAP_CONFIGURE_ENABLE= icap-client ICMP_CONFIGURE_ENABLE= icmp IDENT_CONFIGURE_ENABLE= ident-lookups IPV6_CONFIGURE_ENABLE= ipv6 KQUEUE_CONFIGURE_ENABLE= kqueue LARGEFILE_CONFIGURE_WITH= large-files LAX_HTTP_CONFIGURE_ENABLE= http-violations FS_AUFS_VARS= STORAGE_SCHEMES+=aufs DISKIO_MODULES+=DiskThreads FS_AUFS_LDFLAGS= -pthread FS_AUFS_CONFIGURE_OFF= --without-pthreads FS_DISKD_VARS= STORAGE_SCHEMES+=diskd DISKIO_MODULES+=DiskDaemon FS_ROCK_VARS= STORAGE_SCHEMES+=rock NETTLE_LIB_DEPENDS= libnettle.so:security/nettle NETTLE_CONFIGURE_OFF= --without-nettle SNMP_CONFIGURE_ENABLE= snmp SSL_CONFIGURE_ENABLE= ssl SSL_CONFIGURE_ON= --with-openssl=${OPENSSLBASE} \ LIBOPENSSL_CFLAGS=-I${OPENSSLINC} \ LIBOPENSSL_LIBS="-lcrypto -lssl" SSL_USES= ssl SSL_CRTD_CONFIGURE_ENABLE= ssl-crtd SSL_CRTD_IMPLIES= SSL STACKTRACES_CONFIGURE_ENABLE= stacktraces STACKTRACES_EXTRA_PATCHES+= ${FILESDIR}/extra-patch-gen-stacktrace STACKTRACES_LIB_DEPENDS= libunwind.so:devel/libunwind STACKTRACES_CONFIGURE_ON= --disable-strict-error-checking STACKTRACES_CFLAGS= -g STACKTRACES_LDFLAGS= -lunwind -L${LOCALBASE}/lib STACKTRACES_VARS= strip="" TP_IPFW_CONFIGURE_ENABLE= ipfw-transparent TP_IPF_CONFIGURE_ENABLE= ipf-transparent TP_PF_CONFIGURE_ENABLE= pf-transparent TP_PF_CONFIGURE_WITH= nat-devpf VIA_DB_CONFIGURE_ENABLE= forw-via-db WCCPV2_CONFIGURE_ENABLE= wccpv2 WCCP_CONFIGURE_ENABLE= wccp GSSAPI_NONE_CONFIGURE_ON= --without-heimdal-krb5 \ --without-mit-krb5 \ --without-gss GSSAPI_BASE_USES= gssapi GSSAPI_BASE_CONFIGURE_ON= --with-heimdal-krb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} GSSAPI_BASE_PLIST_SUB= AUTH_KERB="" # Make it build on FreeBSD < 10 GSSAPI_BASE_EXTRA_PATCHES= ${FILESDIR}/extra-patch-build-8-9 GSSAPI_HEIMDAL_USES= gssapi:heimdal GSSAPI_HEIMDAL_CONFIGURE_ON= --with-heimdal-krb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} GSSAPI_HEIMDAL_PLIST_SUB= AUTH_KERB="" GSSAPI_MIT_USES= gssapi:mit GSSAPI_MIT_CONFIGURE_ON= --with-mit-krb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} GSSAPI_MIT_PLIST_SUB= AUTH_KERB="" # TODO: # add an option for external_acl/session (requires some kind of external # Berkeley DB support, unsure which one) ARP_ACL_DESC= ARP/MAC/EUI based authentification AUTH_DESC= Authentication helpers AUTH_LDAP_DESC= Install LDAP authentication helpers AUTH_NIS_DESC= Install NIS/YP authentication helpers AUTH_SASL_DESC= Install SASL authentication helpers AUTH_SMB3_DESC= Install SMB3 auth. helpers (req. net/samba36) AUTH_SMB4_DESC= Install SMB4 auth. helpers (req. net/samba42) AUTH_SQL_DESC= Install SQL based auth CACHE_DIGESTS_DESC= Use cache digests DEBUG_DESC= Build with extended debugging support DELAY_POOLS_DESC= Delay pools (bandwidth limiting) ECAP_DESC= Loadable content adaptation modules ESI_DESC= ESI support FOLLOW_XFF_DESC= Support for the X-Following-For header FS_AUFS_DESC= AUFS (threaded-io) support FS_DISKD_DESC= DISKD storage engine controlled by separate service FS_ROCK_DESC= ROCK storage engine HTCP_DESC= HTCP support ICAP_DESC= the ICAP client ICMP_DESC= ICMP pinging and network measurement IDENT_DESC= Ident lookups (RFC 931) KQUEUE_DESC= Kqueue(2) support LARGEFILE_DESC= Support large (>2GB) cache and log files NETTLE_DESC= Nettle MD5 algorithm support SMB_DESC= Samba authentication helpers SNMP_DESC= SNMP support SSL_CRTD_DESC= Use ssl_crtd to handle SSL cert requests SSL_DESC= SSL gatewaying support STACKTRACES_DESC= Enable automatic backtraces on fatal errors LAX_HTTP_DESC= Do not enforce strict HTTP compliance TP_IPFW_DESC= Transparent proxying with IPFW TP_IPF_DESC= Transparent proxying with IPFilter TP_PF_DESC= Transparent proxying with PF VIA_DB_DESC= Forward/Via database WCCPV2_DESC= Web Cache Coordination Protocol v2 WCCP_DESC= Web Cache Coordination Protocol change_files= ChangeLog \ contrib/nextstep/makepkg \ contrib/nextstep/post_install \ errors/Makefile.am \ errors/Makefile.in \ helpers/basic_auth/SMB_LM/README.html \ src/Makefile.am \ src/Makefile.in \ src/cf_gen.cc \ src/squid.8.in \ test-suite/Makefile.in \ tools/Makefile.am \ tools/Makefile.in .if !defined(SQUID_CONFIGURE_ARGS) \ || ${SQUID_CONFIGURE_ARGS:M*--disable-unlinkd*} == "" PLIST_SUB+= UNLINKD="" .else PLIST_SUB+= UNLINKD="@comment " .endif CONFIGURE_ARGS= --with-default-user=squid \ --bindir=${PREFIX}/sbin \ --sbindir=${PREFIX}/sbin \ --datadir=${ETCDIR} \ --libexecdir=${PREFIX}/libexec/squid \ --localstatedir=/var \ --sysconfdir=${ETCDIR} \ --with-logdir=/var/log/squid \ --with-pidfile=/var/run/squid/squid.pid \ --with-swapdir=/var/squid/cache \ --without-gnutls \ --enable-auth \ + --enable-zph-qos \ --enable-build-info \ --enable-loadable-modules \ --enable-removal-policies="lru heap" \ --disable-epoll \ --disable-linux-netfilter \ --disable-linux-tproxy \ --disable-translation \ --disable-arch-native .include # Authentication methods and modules: BASIC_AUTH+= DB SMB_LM MSNT-multi-domain NCSA PAM POP3 RADIUS fake getpwnam EXTERNAL_ACL+= file_userip time_quota unix_group .if !defined(AUTH_SMB) PLIST_SUB+= AUTH_SMB="@comment " .endif # POLA: allow the old global make.conf(5) (pre src.conf(5)) defines, too: .if ${PORT_OPTIONS:MAUTH_NIS} && !defined(NO_NIS) && !defined(WITHOUT_NIS) BASIC_AUTH+= NIS .endif # POLA: allow the old global make.conf(5) (pre src.conf(5)) defines, too: .if ${PORT_OPTIONS:MGSSAPI_NONE} || defined(NO_KERBEROS) || defined(WITHOUT_KERBEROS) NEGOTIATE_AUTH= none PLIST_SUB+= AUTH_KERB="@comment " .else # The kerberos_ldap_group external helper also depends on LDAP and SASL: . if ${PORT_OPTIONS:MAUTH_LDAP} && ${PORT_OPTIONS:MAUTH_SASL} EXTERNAL_ACL+= kerberos_ldap_group . endif NEGOTIATE_AUTH= kerberos wrapper .endif # Storage schemes STORAGE_SCHEMES+= ufs DISKIO_MODULES+= AIO Blocking IpcIo Mmapped CONFIGURE_ARGS+= --enable-auth-basic="${BASIC_AUTH}" \ --enable-auth-digest="file" \ --enable-external-acl-helpers="${EXTERNAL_ACL}" \ --enable-auth-negotiate="${NEGOTIATE_AUTH}" \ --enable-auth-ntlm="fake smb_lm" \ --enable-storeio="${STORAGE_SCHEMES}" \ --enable-disk-io="${DISKIO_MODULES}" \ --enable-log-daemon-helpers="file" \ --enable-url-rewrite-helpers="fake" \ --enable-storeid-rewrite-helpers="file" # Other options set via 'make config': .if ${PORT_OPTIONS:MDEBUG} || defined(WITH_DEBUG) CONFIGURE_ARGS+= --disable-optimizations --enable-debug-cbdata WITH_DEBUG?= yes .endif # Finally, add additional user specified configuration options: CONFIGURE_ARGS+= ${SQUID_CONFIGURE_ARGS} post-patch: @${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|g' \ ${WRKSRC}/src/cf.data.pre @(cd ${WRKSRC} && ${REINPLACE_CMD} \ -e 's|\.conf\.default|.conf.sample|' \ -e 's|)\.default|).sample|' \ ${change_files}) @(cd ${WRKSRC} && ${MV} src/mime.conf.default src/mime.conf.sample) -.if !${PORT_OPTIONS:MIPV6} +post-patch-IPV6-off: @${REINPLACE_CMD} -e's/ ::1//' -e's/ fc00::\/7//' \ -e's/ fe80::\/10//' -e's/ 2001:DB8::2//' \ -e's/ 2001:DB8::a:0\/64//' \ -e'/tcp_outgoing_address 2001:db8::c001 good_service_net/d' \ -e'/tcp_outgoing_address 2001:db8::beef normal_service_net/d' \ -e'/tcp_outgoing_address 2001:db8::1/d' \ ${WRKSRC}/src/cf.data.pre -.endif post-install: @${MKDIR} ${STAGEDIR}${EXAMPLESDIR} ${INSTALL_DATA} ${WRKSRC}/helpers/basic_auth/DB/passwd.sql \ ${STAGEDIR}${EXAMPLESDIR} @${MKDIR} ${STAGEDIR}${DOCSDIR} (cd ${WRKSRC} && ${INSTALL_DATA} ${MYDOCS} ${STAGEDIR}${DOCSDIR}) .include -.if ${COMPILER_TYPE} == clang +.if ${PORT_OPTIONS:MSSL} && ${SSL_DEFAULT:Mopenssl-devel} +BROKEN= Does not build with openssl-devel +.endif + +.if ${CHOSEN_COMPILER_TYPE} == clang #CXXFLAGS+= -Wno-unused-private-field -.if ${COMPILER_VERSION} >= 35 +CXXFLAGS+= -Wno-unknown-warning-option CXXFLAGS+= -Wno-undefined-bool-conversion -Wno-tautological-undefined-compare -Wno-dynamic-class-memaccess -.endif .endif .include Index: branches/2016Q4/www/squid/distinfo =================================================================== --- branches/2016Q4/www/squid/distinfo (revision 429217) +++ branches/2016Q4/www/squid/distinfo (revision 429218) @@ -1,3 +1,3 @@ -TIMESTAMP = 1467937151 -SHA256 (squid3.5/squid-3.5.20.tar.xz) = 37db73bd33ddd3503fe375bc3f2b47d9fb7309042e439ad3651f21d5dcf2d395 -SIZE (squid3.5/squid-3.5.20.tar.xz) = 2319780 +TIMESTAMP = 1479930399 +SHA256 (squid3.5/squid-3.5.23.tar.xz) = fa4c0c99f41e92fe1330bed3968d176c6f47ef2e3aea2f83977d5501afa40bdb +SIZE (squid3.5/squid-3.5.23.tar.xz) = 2325884 Index: branches/2016Q4/www/squid/files/patch-src__ip__Intercept.cc =================================================================== --- branches/2016Q4/www/squid/files/patch-src__ip__Intercept.cc (revision 429217) +++ branches/2016Q4/www/squid/files/patch-src__ip__Intercept.cc (revision 429218) @@ -1,53 +1,15 @@ --- src/ip/Intercept.cc.orig 2015-11-01 10:44:25 UTC +++ src/ip/Intercept.cc @@ -202,10 +202,10 @@ Ip::Intercept::IpfInterception(const Com // for NAT lookup set local and remote IP:port's if (newConn->remote.isIPv6()) { #if IPFILTER_VERSION < 5000003 - // warn once every 10 at critical level, then push down a level each repeated event + // warn once every million at critical level, then push down a level each repeated event static int warningLevel = DBG_CRITICAL; debugs(89, warningLevel, "IPF (IPFilter v4) NAT does not support IPv6. Please upgrade to IPFilter v5.1"); - warningLevel = (warningLevel + 1) % 10; + warningLevel = (warningLevel + 1) % 1048576; return false; #else natLookup.nl_v = 6; -@@ -323,13 +323,21 @@ - } - - memset(&nl, 0, sizeof(struct pfioc_natlook)); -- newConn->remote.getInAddr(nl.saddr.v4); -+ if (newConn->remote.isIPv4()) { -+ newConn->remote.getInAddr(nl.saddr.v4); -+ } else { -+ newConn->remote.getInAddr(nl.saddr.v6); -+ } - nl.sport = htons(newConn->remote.port()); - -- newConn->local.getInAddr(nl.daddr.v4); -+ if (newConn->local.isIPv4()) { -+ newConn->local.getInAddr(nl.daddr.v4); -+ } else { -+ newConn->local.getInAddr(nl.daddr.v6); -+ } - nl.dport = htons(newConn->local.port()); - -- nl.af = AF_INET; -+ nl.af = newConn->remote.isIPv4() ? AF_INET : AF_INET6; - nl.proto = IPPROTO_TCP; - nl.direction = PF_OUT; - -@@ -345,7 +353,11 @@ - debugs(89, 9, HERE << "address: " << newConn); - return false; - } else { -- newConn->local = nl.rdaddr.v4; -+ if (nl.af == AF_INET) { -+ newConn->local = nl.rdaddr.v4; -+ } else { -+ newConn->local = nl.rdaddr.v6; -+ } - newConn->local.port(ntohs(nl.rdport)); - debugs(89, 5, HERE << "address NAT: " << newConn); - return true; Index: branches/2016Q4 =================================================================== --- branches/2016Q4 (revision 429217) +++ branches/2016Q4 (revision 429218) Property changes on: branches/2016Q4 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /head:r427008,429217