Automatic conversion of the NetBSD pkgsrc CVS module, use with care
7bfda7c216
Update squid4 to 4.13 (Squid 4.13). Here is release announce: The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-4.13 release! This release is a security release resolving several issues found in the prior Squid releases. The major changes to be aware of: * SQUID-2020:8 HTTP(S) Request Splitting (CVE-2020-15811) This problem is serious because it allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. See the advisory for patches: <https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv> * SQUID-2020:9 Denial of Service processing Cache Digest Response (CVE pending allocation) This problem allows a trusted peer to deliver to perform Denial of Service by consuming all available CPU cycles on the machine running Squid when handling a crafted Cache Digest response message. This attack is limited to Squid using cache_peer with cache digests feature. See the advisory for patches: <https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg> * SQUID-2020:10 HTTP(S) Request Smuggling (CVE-2020-15810) This problem is serious because it allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. See the advisory for patches: <https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m> * Bug 5051: Some collapsed revalidation responses never expire This bug appears as a 4xx or 5xx status response becoming the only response delivered by Squid to a URL when Collapsed Forwarding feature is used. It primarily affects Squid which are caching the 4xx/5xx status object since Bug 5030 fix in Squid-4.11. But may have been occurring for short times on any proxy with Collapsed Forwarding. * SSL-Bump: Support parsing GREASEd (and future) TLS handshakes Chrome Browser intentionally sends random garbage values in the TLS handshake to force TLS implementations to cope with future TLS extensions cleanly. The changes in Squid-4.12 to disable TLS/1.3 caused our parser to be extra strict and reject this TLS garbage. This release adds explicit support for Chrome, or any other TLS agent performing these "GREASE" behaviours. * Honor on_unsupported_protocol for intercepted https_port This behaviour was one of the intended use-cases for unsupported protocol handling, but somehow was not enabled earlier. Squid should now be able to perform the on_unsupported_protocol selected action for any traffic handled by SSL-Bump. All users of Squid are urged to upgrade as soon as possible. See the ChangeLog for the full list of changes in this and earlier releases. Please refer to the release notes at http://www.squid-cache.org/Versions/v4/RELEASENOTES.html when you are ready to make the switch to Squid-4 |
||
|---|---|---|
| archivers | ||
| audio | ||
| benchmarks | ||
| biology | ||
| bootstrap | ||
| cad | ||
| chat | ||
| comms | ||
| converters | ||
| cross | ||
| databases | ||
| devel | ||
| distfiles | ||
| doc | ||
| editors | ||
| emulators | ||
| filesystems | ||
| finance | ||
| fonts | ||
| games | ||
| geography | ||
| graphics | ||
| ham | ||
| inputmethod | ||
| lang | ||
| licenses | ||
| math | ||
| mbone | ||
| meta-pkgs | ||
| misc | ||
| mk | ||
| multimedia | ||
| net | ||
| news | ||
| packages | ||
| parallel | ||
| pkgtools | ||
| regress | ||
| security | ||
| shells | ||
| sysutils | ||
| templates | ||
| textproc | ||
| time | ||
| wm | ||
| www | ||
| x11 | ||
| Makefile | ||
| pkglocate | ||
| README.md | ||
pkgsrc
pkgsrc is a framework for building software for a variety of UNIX-like systems.
It produces binary packages, which can be managed with tools such as pkgin.
Bootstrapping
To use pkgsrc on operating systems other than NetBSD, you first need to bootstrap:
cd pkgsrc/bootstrap
./bootstrap
Note that this is only for the most simple case, using pkgsrc's defaults.
Please consult bootstrap/README and bootstrap/README.OS for detailed
information about bootstrapping.
Building packages
cd pkgsrc/category/package-name
$PREFIX/bin/bmake install
Where $PREFIX is where you've chosen to install packages
(typically /usr/pkg)
On NetBSD, bmake is simply the built-in make tool.
To build packages in bulk, tools such as pkgtools/pbulk and
pkgtools/pkg_comp can be used.
Troubleshooting
- Join the community IRC channel #pkgsrc @ freenode.
- Subscribe to the pkgsrc-users mailing list
- Send bugs and patches via web form (use the
pkgcategory).
Latest sources
To fetch the main CVS repository:
cvs -d anoncvs@anoncvs.NetBSD.org:/cvsroot checkout -P pkgsrc
To work in the Git mirror, which is updated every few hours from CVS:
git clone https://github.com/NetBSD/pkgsrc.git
Additional links
- The pkgsrc guide
- pkgsrc in the NetBSD Wiki
- Searchable index of packages in pkgsrc
- pkgsrc-wip - a project to get more people actively involved with creating packages for pkgsrc
- pkgsrc on Twitter
- pkgsrcCon