head 1.10; access; symbols pkgsrc-2026Q1:1.9.0.2 pkgsrc-2026Q1-base:1.9 pkgsrc-2025Q4:1.5.0.2 pkgsrc-2025Q4-base:1.5 pkgsrc-2025Q3:1.1.0.2 pkgsrc-2025Q3-base:1.1; locks; strict; comment @# @; 1.10 date 2026.05.14.16.42.24; author ryoon; state Exp; branches; next 1.9; commitid tKipFjQKzke3NNFG; 1.9 date 2026.03.15.15.26.52; author taca; state Exp; branches; next 1.8; commitid 6kJ8bwi9xP1Hj5yG; 1.8 date 2026.02.11.09.18.49; author taca; state Exp; branches; next 1.7; commitid dAdTuhHv86LajWtG; 1.7 date 2026.02.06.10.06.12; author wiz; state Exp; branches; next 1.6; commitid MwQEYCXeWSFvIitG; 1.6 date 2026.01.07.08.49.26; author wiz; state Exp; branches; next 1.5; commitid 1wQ3ICD8eebefrpG; 1.5 date 2025.12.18.08.54.43; author nia; state Exp; branches; next 1.4; commitid rjUciHLwhWJxWRmG; 1.4 date 2025.10.29.00.27.09; author taca; state Exp; branches; next 1.3; commitid d7sBSjwJkn33KogG; 1.3 date 2025.10.28.15.46.38; author taca; state Exp; branches; next 1.2; commitid pesZtxgBNzTrRlgG; 1.2 date 2025.10.22.14.38.28; author taca; state Exp; branches; next 1.1; commitid 9BmHYZGcnJu3GzfG; 1.1 date 2025.07.16.10.58.02; author sborrill; state Exp; branches 1.1.2.1; next ; commitid BjsFnYQqMfYDBX2G; 1.1.2.1 date 2025.10.23.03.25.18; author maya; state Exp; branches; next 1.1.2.2; commitid eTAy1DboO29aVDfG; 1.1.2.2 date 2025.11.01.03.12.05; author maya; state Exp; branches; next ; commitid YDtn1jwrkKHGyNgG; desc @@ 1.10 log @*: Recursive revbump from security/nettle-4.0 @ text @# $NetBSD: Makefile,v 1.9 2026/03/15 15:26:52 taca Exp $ DISTNAME= squid-${VERSION} PKGREVISION= 1 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_GITHUB:=squid-cache/}squid/releases/download/SQUID_${VERSION:S/./_/g}/ EXTRACT_SUFX= .tar.xz MAINTAINER= pkgsrc-users@@NetBSD.org HOMEPAGE= http://www.squid-cache.org/ COMMENT= Post-Harvest_cached WWW proxy cache and accelerator LICENSE= gnu-gpl-v2 VERSION= 7.5 # GCC 7 fails even with c++17 # src/ipc/TypedMsgHdr.h fails with # static_assert(std::is_trivially_copyable::value, "getPod() used for a POD") USE_CXX_FEATURES+= c++17 USE_LANGUAGES+= c c++ GCC_REQD+= 10 USE_TOOLS+= perl:run gmake GNU_CONFIGURE= yes GNU_CONFIGURE_STRICT= no # has sub-configure in libltdl CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} CONFIGURE_ARGS+= --localstatedir=${SQUID_DATADIR} CONFIGURE_ARGS+= --datarootdir=${PREFIX}/share/squid CONFIGURE_ARGS+= --disable-arch-native CONFIGURE_ARGS+= --enable-cachemgr-hostname=localhost CONFIGURE_ARGS+= --enable-delay-pools CONFIGURE_ARGS+= --enable-icap-client CONFIGURE_ARGS+= --enable-icmp CONFIGURE_ARGS+= --enable-poll CONFIGURE_ARGS+= --enable-removal-policies=lru,heap CONFIGURE_ARGS+= --enable-storeio=${SQUID_BACKENDS:Q} CONFIGURE_ARGS+= --enable-translation CONFIGURE_ARGS+= --with-aio CONFIGURE_ARGS+= --with-default-user=${SQUID_USER} CONFIGURE_ARGS+= --with-pidfile=${VARBASE}/run/squid.pid LDFLAGS.SunOS+= -lsocket BUILD_DEFS= VARBASE # Let 'purge' find correct config file by default. CPPFLAGS+= -DDEFAULT_SQUID_CONF=\"${PKG_SYSCONFDIR}/squid.conf\" BUILDLINK_TRANSFORM+= rm:-Werror MAKE_ENV+= INSTALL_SCRIPT=${INSTALL_SCRIPT:Q} MAKE_ENV+= PKG_PREFIX=${PREFIX} VARBASE=${VARBASE} REPLACE_PERL+= contrib/url-normalizer.pl contrib/user-agents.pl \ scripts/AnnounceCache.pl scripts/access-log-matrix.pl \ scripts/cache-compare.pl scripts/cachetrace.pl \ scripts/calc-must-ids.pl scripts/check_cache.pl \ scripts/fileno-to-pathname.pl scripts/find-alive.pl \ scripts/flag_truncs.pl scripts/icp-test.pl \ scripts/icpserver.pl \ scripts/trace-job.pl scripts/trace-master.pl \ scripts/udp-banger.pl scripts/upgrade-1.0-store.pl \ tools/helper-ok-dying.pl tools/helper-ok.pl EGFILES= src/mime.conf.default src/squid.conf.default \ errors/errorpage.css EGDIR= share/examples/squid .for f in errorpage.css mime.conf squid.conf CONF_FILES+= ${PREFIX}/${EGDIR}/${f} ${PKG_SYSCONFDIR}/${f} .endfor OWN_DIRS= ${SQUID_DATADIR} OWN_DIRS_PERMS+= ${SQUID_DATADIR}/cache ${SQUID_USER} ${SQUID_GROUP} 0750 \ ${SQUID_DATADIR}/logs ${SQUID_USER} ${SQUID_GROUP} 0750 .include "Makefile.common" .include "options.mk" # Incorrect check for on FreeBSD: CONFIGURE_ENV.FreeBSD+= ac_cv_header_netinet_ip_icmp_h=yes INSTALLATION_DIRS+= ${EGDIR} share/doc/squid SPECIAL_PERMS+= libexec/pinger ${SETUID_ROOT_PERMS} RCD_SCRIPTS= squid RCD_SCRIPT_SRC.squid= files/squid.sh SMF_NAME= squid SUBST_CLASSES+= confs SUBST_STAGE.confs= pre-configure SUBST_FILES.confs= src/cf.data.pre SUBST_SED.confs= -e "s/@@DEFAULT_CACHE_EFFECTIVE_USER@@/${SQUID_USER}/" SUBST_MESSAGE.confs= Fixing configuration files. SUBST_CLASSES+= name SUBST_STAGE.name= pre-configure SUBST_FILES.name= ${WRKDIR}/README-pkgsrc SUBST_VARS.name+= PKGNAME SUBST_MESSAGE.name= Fixing package name. post-patch: ${CP} ${FILESDIR}/README-pkgsrc ${WRKDIR}/README-pkgsrc post-build: cd ${WRKSRC}/src && ${CP} -pf squid.conf.documented squid.conf.default post-install: .for f in ${EGFILES} ${INSTALL_DATA} ${WRKSRC}/${f} \ ${DESTDIR}${PREFIX}/${EGDIR}/`basename ${f} .default` .endfor ${INSTALL_DATA} ${WRKDIR}/README-pkgsrc \ ${DESTDIR}${PREFIX}/share/doc/squid .include "../../devel/libltdl/buildlink3.mk" .include "../../mk/atomic64.mk" .include "../../mk/bsd.pkg.mk" @ 1.9 log @www/squid7: update to 7.5 Squid 7.5 (2026-03-12) * Bug 5501: Squid may exit when ACLs decode an invalid URI * ICP: Fix HttpRequest lifetime for ICP v3 queries * ICP: Fix validation of packet sizes and URLs * Do not escape malformed URI twice when sending ICP errors * ... and some code, CI, and documentation cleanups @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.8 2026/02/11 09:18:49 taca Exp $ d4 1 @ 1.8 log @www/squid7: update to 7.4 pkgsrc change: * Move MESSAGE to README-pkgsrc. * Use own Makefile.common now preparing remove of squid6. 7.4 (2026-01-20) - Do not create world-readable directories - digest_edirectory_auth: Fix LDAPS memory leaks - snmplib: Improve handling of zero-length ASN OCTET STRINGs - Debug tls_read_method()/tls_write_method() errors - ICMP: Harden echo paths, fix overflows, UB, and leaks - Set SSL_OP_LEGACY_SERVER_CONNECT when peeking at servers - security_file_certgen: Fix OPENSSL_malloc()/free(3) mismatch - Detect FreeBSD ports Heimdal package - Remove SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H macro - Remove SQUID_CHECK_KRB5_SOLARIS_BROKEN_KRB5_H macro - ext_kerberos_ldap_group_acl: Do not prohibit all LDFLAGS - negotiate_sspi_auth: Respond with ERR when FormatMessage() fails - ... and some code cleanups - ... and some CI improvements @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.7 2026/02/06 10:06:12 wiz Exp $ d13 1 a13 1 VERSION= 7.4 @ 1.7 log @*: recursive bump for nettle 4.0 shlib major bump @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.6 2026/01/07 08:49:26 wiz Exp $ a3 1 PKGREVISION= 2 d13 1 a13 1 VERSION= 7.3 d72 1 a72 1 .include "../../www/squid6/Makefile.common" d78 1 a78 1 INSTALLATION_DIRS= ${EGDIR} d92 9 d109 2 @ 1.6 log @*: recursive bump for icu 78.1 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.5 2025/12/18 08:54:43 nia Exp $ d4 1 a4 1 PKGREVISION= 1 @ 1.5 log @squid7: Requires socket lib on SunOS. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.4 2025/10/29 00:27:09 taca Exp $ d4 1 @ 1.4 log @www/squid7: update to 7.3 Squid 7.3 (2025-10-28) * Regression Bug 5520: ERR_INVALID_URL for CONNECT host with leading digit * Quit NTLM authenticate() on missing NTLM authorization header * Fix Auth::User::absorb() IP list transfer logic * Fix type mismatch in new/delete of addrinfo::ai_addr * Fix libntlmauth string parsing on big-endian machines * ... and some code cleanups * ... and some CI improvements @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.3 2025/10/28 15:46:38 taca Exp $ d41 2 @ 1.3 log @www/squid7: Apply fix for Squid Bug 5520 * Add patch for fix Squid bug 5520. * Reduce pkglint warnings. * There is no scripts/tcp-banger.pl any more. * Use PKG_OPTIONS.squid7 instead of PKG_OPTIONS.squid5. Bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.2 2025/10/22 14:38:28 taca Exp $ a3 1 PKGREVISION= 1 d13 1 a13 1 VERSION= 7.2 @ 1.2 log @www/squid7: update to 7.2 Squid 7.2 (2025-10-15) - Bug 3390: Proxy auth data visible to scripts - Bug 5504: Document that Squid discards invalid rewrite-url - Bug 5407: Support at least 1000 groups per Kerberos user - Fix parsing of malformed quoted squid.conf strings - Fix off-by-one in helper args count assertion - Fix UDP log module opening and closing code - Fix BodyPipe debugging in handleChunkedRequestBody() - Fix debugging of Eui48::lookup() problems - Fix memory leak when parsing deprecated %rG logformat code - Fix SQUID_YESNO 'syntax error near unexpected token' - DNS: fix RRPack memcpy - DNS: Do not leak RR data upon RR data unpacking errors - FTP: Avoid null dereferences when handling ftp_port traffic - FTP: fix response parsing and error handling memory leaks - HTCP: Check for too-small packed and too-large unpacked fields - HTTP: fix purging of entries by relative [Content-]Location URLs - SNMP: Improve parsing of malformed ASN.1 object identifiers - SNMP: Check for objid memory allocation failures - SNMP: Fix ASN.1 encoding of long OIDs - SNMP: Do not assert when debugging requests with long OIDs - SNMP: Match Var allocation/deallocation methods - digest_edirectory_auth: null-terminate NMAS values array - digest_edirectory_auth: safely return password - ext_ad_group_acl: Fix domain lookup error handling - ext_edirectory_userip_acl: Redact password from stdout - ext_file_userip_acl: harden lookups and memory handling - ext_kerberos_ldap_group_acl: avoid freeing getenv() pointer - ext_kerberos_ldap_group_acl: Improve LDAPMessage freeing - ext_ldap_group_acl: avoid infinite loop on login containing '%s' - negotiate_kerberos_auth: Properly align NDR data - negotiate_sspi_auth: Do not exit on the first request - ntlm_sspi_auth: memcmp not memcpy, send newline, no uninit mem - text_backend: avoid memory leaks when reload/clearing - Reduce UDS/segment name clashes across same-service instances - Reject eui64 ACL addresses with trailing garbage - Validate raw-IPv4 when parsing hostnames - Avoid memory leaks when logging to MS Windows syslog - Flip configure --enable-arch-native default - Support no-digest X509 certificate keys like ML-DSA/EdDSA - Do not allow client_ip_max_connections+1 connections - Remove bundled smblib and librfcnb - ... and several code cleanups - ... and some documentation improvements @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.1 2025/07/16 10:58:02 sborrill Exp $ a2 1 VERSION= 7.2 d4 1 a4 1 d14 2 d57 1 a57 1 scripts/icpserver.pl scripts/tcp-banger.pl \ @ 1.1 log @squid7: Add 7.1 Squid is a fully-featured HTTP/1.0 proxy with partial HTTP/1.1 support The 7 series brings many new features and upgrades to the basic networking protocols. A short list of the major new features is: Squid 7 represents a new feature release, the most important of these new features are: * better support for overlapping IP ranges and wildcard domains in acl * countless security, portability, and documentation fixes Since version 6, some previously deprecated features have been removed: * Edge Side Includes (ESI) * access to the cache manager using the cache_object:// scheme - use http instead * the squidclient tool - use curl http:///squid-internal-mgr/menu instead * the cachemgr.cgi tool * the purge tool - use the http PURGE method instead * Ident protocol support * basic_smb_lm_auth and ntlm_smb_lm_auth helpers - use Samba's ntlm_auth instead @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.22 2025/06/30 10:22:39 sborrill Exp $ d3 1 a3 1 VERSION= 7.1 @ 1.1.2.1 log @Pullup ticket #7024 - requested by taca www/squid7: Security fix Revisions pulled up: - www/squid7/Makefile 1.2 - www/squid7/distinfo 1.2 --- Module Name: pkgsrc Committed By: taca Date: Wed Oct 22 14:38:28 UTC 2025 Modified Files: pkgsrc/www/squid7: Makefile distinfo Log Message: www/squid7: update to 7.2 Squid 7.2 (2025-10-15) - Bug 3390: Proxy auth data visible to scripts - Bug 5504: Document that Squid discards invalid rewrite-url - Bug 5407: Support at least 1000 groups per Kerberos user - Fix parsing of malformed quoted squid.conf strings - Fix off-by-one in helper args count assertion - Fix UDP log module opening and closing code - Fix BodyPipe debugging in handleChunkedRequestBody() - Fix debugging of Eui48::lookup() problems - Fix memory leak when parsing deprecated %rG logformat code - Fix SQUID_YESNO 'syntax error near unexpected token' - DNS: fix RRPack memcpy - DNS: Do not leak RR data upon RR data unpacking errors - FTP: Avoid null dereferences when handling ftp_port traffic - FTP: fix response parsing and error handling memory leaks - HTCP: Check for too-small packed and too-large unpacked fields - HTTP: fix purging of entries by relative [Content-]Location URLs - SNMP: Improve parsing of malformed ASN.1 object identifiers - SNMP: Check for objid memory allocation failures - SNMP: Fix ASN.1 encoding of long OIDs - SNMP: Do not assert when debugging requests with long OIDs - SNMP: Match Var allocation/deallocation methods - digest_edirectory_auth: null-terminate NMAS values array - digest_edirectory_auth: safely return password - ext_ad_group_acl: Fix domain lookup error handling - ext_edirectory_userip_acl: Redact password from stdout - ext_file_userip_acl: harden lookups and memory handling - ext_kerberos_ldap_group_acl: avoid freeing getenv() pointer - ext_kerberos_ldap_group_acl: Improve LDAPMessage freeing - ext_ldap_group_acl: avoid infinite loop on login containing '%s' - negotiate_kerberos_auth: Properly align NDR data - negotiate_sspi_auth: Do not exit on the first request - ntlm_sspi_auth: memcmp not memcpy, send newline, no uninit mem - text_backend: avoid memory leaks when reload/clearing - Reduce UDS/segment name clashes across same-service instances - Reject eui64 ACL addresses with trailing garbage - Validate raw-IPv4 when parsing hostnames - Avoid memory leaks when logging to MS Windows syslog - Flip configure --enable-arch-native default - Support no-digest X509 certificate keys like ML-DSA/EdDSA - Do not allow client_ip_max_connections+1 connections - Remove bundled smblib and librfcnb - ... and several code cleanups - ... and some documentation improvements @ text @d1 1 a1 1 # $NetBSD$ d3 1 a3 1 VERSION= 7.2 @ 1.1.2.2 log @Pullup ticket #7030 - requested by taca www/squid7: Bug fix Revisions pulled up: - www/squid7/DESCR 1.2 - www/squid7/Makefile 1.3-1.4 - www/squid7/distinfo 1.3-1.4 - www/squid7/options.mk 1.2 - www/squid7/patches/patch-src_anyp_Uri.cc deleted --- Module Name: pkgsrc Committed By: taca Date: Tue Oct 28 15:46:38 UTC 2025 Modified Files: pkgsrc/www/squid7: DESCR Makefile distinfo options.mk Added Files: pkgsrc/www/squid7/patches: patch-src_anyp_Uri.cc Log Message: www/squid7: Apply fix for Squid Bug 5520 * Add patch for fix Squid bug 5520. * Reduce pkglint warnings. * There is no scripts/tcp-banger.pl any more. * Use PKG_OPTIONS.squid7 instead of PKG_OPTIONS.squid5. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: taca Date: Wed Oct 29 00:27:09 UTC 2025 Modified Files: pkgsrc/www/squid7: Makefile distinfo Removed Files: pkgsrc/www/squid7/patches: patch-src_anyp_Uri.cc Log Message: www/squid7: update to 7.3 Squid 7.3 (2025-10-28) * Regression Bug 5520: ERR_INVALID_URL for CONNECT host with leading digit * Quit NTLM authenticate() on missing NTLM authorization header * Fix Auth::User::absorb() IP list transfer logic * Fix type mismatch in new/delete of addrinfo::ai_addr * Fix libntlmauth string parsing on big-endian machines * ... and some code cleanups * ... and some CI improvements @ text @d3 1 d5 1 a14 2 VERSION= 7.3 d56 1 a56 1 scripts/icpserver.pl \ @