Bug 176951
| Summary: | www/squid32 failed to start because of hard-coded acl with ::1 | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Oleg Streejak <oleg> | ||||
| Component: | Individual Port(s) | Assignee: | freebsd-ports-bugs (Nobody) <ports-bugs> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | CC: | marino | ||||
| Priority: | Normal | ||||||
| Version: | Latest | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
Responsible Changed From-To: freebsd-ports-bugs->tmseck Over to maintainer (via the GNATS Auto Assign Tool) p.s. just checked squid-3.2.9: quite the same error & remedy * Oleg Strizhak (oleg@pcbtech.ru): > p.s. just checked squid-3.2.9: quite the same error & remedy Thank you for the report and fix -- could you report this to the Squid folks, too? Best regards, -- Thomas-Martin Seck On 14 ÐаÑÑ 2013 г. 22:44:57, Thomas-Martin Seck wrote: > * Oleg Strizhak (oleg@pcbtech.ru): > >> p.s. just checked squid-3.2.9: quite the same error & remedy > > Thank you for the report and fix -- could you report this to the Squid > folks, too? First of all, it seems to me that the case is quite FreeBSD ports-related, isn't it? And the second, I unfortunately didn't subscribed to any squid maillist. Please, do if you're subscribed. That's quite easy, don't mention it WBR, Oleg Author: tmseck Date: Wed May 1 18:33:28 2013 New Revision: 317041 URL: http://svnweb.freebsd.org/changeset/ports/317041 Log: - Update to 3.2.11 - Add a patch to correct the default "localhost" ACL in squid.conf for IPv4-only systems [1] PR: ports/176951 [1] Submitted by: Oleg Strizhak Approved by: crees (mentor) Added: head/www/squid32/files/extra-patch-src-cf.data.pre.noipv6 (contents, props changed) Deleted: head/www/squid32/files/patch-helpers-basic_auth-LDAP-config.test head/www/squid32/files/patch-helpers-basic_auth-SASL-config.test head/www/squid32/files/patch-helpers-external_acl-LDAP_group-config.test Modified: head/www/squid32/Makefile head/www/squid32/distinfo head/www/squid32/files/squid.in Modified: head/www/squid32/Makefile ============================================================================== --- head/www/squid32/Makefile Wed May 1 18:33:16 2013 (r317040) +++ head/www/squid32/Makefile Wed May 1 18:33:28 2013 (r317041) @@ -76,7 +76,7 @@ LICENSE_FILE= ${WRKSRC}/COPYING LATEST_LINK= squid32 -SQUID_STABLE_VER= 9 +SQUID_STABLE_VER= 11 CONFLICTS_INSTALL= squid-2.[0-9].* squid-3.[!2].* cacheboy-[0-9]* lusca-head-[0-9]* GNU_CONFIGURE= yes @@ -119,7 +119,6 @@ HTCP_DESC= Enable HTCP support ICAP_DESC= Enable the ICAP client ICMP_DESC= Enable ICMP pinging and network measurement IDENT_DESC= Enable Ident lookups (RFC 931) -IPV6_DESC= Enable IPv6 support KQUEUE_DESC= Enable kqueue(2) support LARGEFILE_DESC= Support large (>2GB) cache and log files SNMP_DESC= Enable SNMP support @@ -134,7 +133,7 @@ VIA_DB_DESC= Enable Forward/Via database WCCPV2_DESC= Enable Web Cache Coordination Protocol v2 WCCP_DESC= Enable Web Cache Coordination Protocol -OPTIONS_DEFAULT= AUTH_KERB AUTH_NIS FS_AUFS HTCP IDENT IPV6 KQUEUE \ +OPTIONS_DEFAULT= AUTH_KERB AUTH_NIS FS_AUFS HTCP IDENT KQUEUE \ SNMP WCCP WCCPV2 etc_files= squid/cachemgr.conf.default \ @@ -364,6 +363,7 @@ libexec+= url_fake_rewrite url_fake_rewr .if empty(PORT_OPTIONS:MIPV6) || defined(WITHOUT_IPV6) CONFIGURE_ARGS+= --disable-ipv6 +EXTRA_PATCHES+= ${PATCHDIR}/extra-patch-src-cf.data.pre.noipv6 .endif .if ${PORT_OPTIONS:MDELAY_POOLS} CONFIGURE_ARGS+= --enable-delay-pools Modified: head/www/squid32/distinfo ============================================================================== --- head/www/squid32/distinfo Wed May 1 18:33:16 2013 (r317040) +++ head/www/squid32/distinfo Wed May 1 18:33:28 2013 (r317041) @@ -1,2 +1,2 @@ -SHA256 (squid3.2/squid-3.2.9.tar.bz2) = 82d3d4cecfa4379b5197026198e34870a26977e6f6b175f5257241a3075767e6 -SIZE (squid3.2/squid-3.2.9.tar.bz2) = 2897511 +SHA256 (squid3.2/squid-3.2.11.tar.bz2) = 5d5a140e9b72753e6efe467cfa3c56d4db8ba6a8313beeca25145d34ddcadc49 +SIZE (squid3.2/squid-3.2.11.tar.bz2) = 2897354 Added: head/www/squid32/files/extra-patch-src-cf.data.pre.noipv6 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/squid32/files/extra-patch-src-cf.data.pre.noipv6 Wed May 1 18:33:28 2013 (r317041) @@ -0,0 +1,26 @@ +--- src/cf.data.pre.orig 2013-04-27 05:07:29.000000000 +0200 ++++ src/cf.data.pre 2013-04-28 21:30:23.000000000 +0200 +@@ -733,8 +733,8 @@ + LOC: Config.aclList + DEFAULT: all src all + DEFAULT: manager url_regex -i ^cache_object:// +i ^https?://[^/]+/squid-internal-mgr/ +-DEFAULT: localhost src 127.0.0.1/32 ::1 +-DEFAULT: to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 ++DEFAULT: localhost src 127.0.0.1/32 ++DEFAULT: to_localhost dst 127.0.0.0/8 0.0.0.0/32 + DEFAULT_DOC: ACLs all, manager, localhost, and to_localhost are predefined. + DOC_START + Defining an Access List +--- src/cf.data.pre.orig 2013-04-27 05:07:29.000000000 +0200 ++++ src/cf.data.pre 2013-04-28 21:30:23.000000000 +0200 +@@ -733,8 +733,8 @@ + LOC: Config.aclList + DEFAULT: all src all + DEFAULT: manager url_regex -i ^cache_object:// +i ^https?://[^/]+/squid-internal-mgr/ +-DEFAULT: localhost src 127.0.0.1/32 ::1 +-DEFAULT: to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 ++DEFAULT: localhost src 127.0.0.1/32 ++DEFAULT: to_localhost dst 127.0.0.0/8 0.0.0.0/32 + DEFAULT_DOC: ACLs all, manager, localhost, and to_localhost are predefined. + DOC_START + Defining an Access List Modified: head/www/squid32/files/squid.in ============================================================================== --- head/www/squid32/files/squid.in Wed May 1 18:33:16 2013 (r317040) +++ head/www/squid32/files/squid.in Wed May 1 18:33:28 2013 (r317041) @@ -54,6 +54,11 @@ load_rc_config ${name} : ${squid_user:=squid} command=%%PREFIX%%/sbin/squid + +# Make sure that we invoke squid with "-f ${squid_conf}"; define this +# variable early so reload_cmd and stop_precmd pick it up: + +command_args="-f ${squid_conf}" extra_commands=reload reload_cmd="${command} ${command_args} ${squid_flags} -k reconfigure" start_precmd=squid_setfib @@ -70,10 +75,6 @@ required_dirs=${squid_chdir} required_files=${squid_conf} -# Now make sure that we invoke squid with "-f ${squid_conf}": - -command_args="-f ${squid_conf}" - squid_setfib() { if command -v check_namevarlist > /dev/null 2>&1; then _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org" The maintainer has been reset in all squid ports, throw squid PRs back on heap PR was addressed 1 May 2013 |
lately I discovered a bug in squid 3.2 config, that leads to the following errors if it tries to start: > aclIpParseIpData: Bad host/IP: '::1' in '::1', flags=0 : (8) hostname nor servname provided, or not known > FATAL: Bungled Default Configuration line 6: acl localhost src 127.0.0.1/32 ::1 > Squid Cache (Version 3.2.8): Terminated abnormally. > CPU Usage: 0.036 seconds = 0.036 user + 0.000 sys > Maximum Resident Size: 9964 KB > Page faults with physical i/o: 0 > /usr/local/etc/rc.d/squid: WARNING: failed to start squid I've made a simple patch, and ask you to consider its addition into the official ports tree. The patch file inself (to be placed in files/ dir) + diff for Makefile are attached. Fix: place attached file in /usr/ports/www/squid32/files/ subfolder + patch the Makefile in the following way: --- Makefile 2013-03-14 11:47:37.000000000 +0400 +++ Makefile.orig 2013-03-07 17:01:18.000000000 +0400 @@ -363,7 +363,6 @@ .if empty(PORT_OPTIONS:MIPV6) || defined(WITHOUT_IPV6) CONFIGURE_ARGS+= --disable-ipv6 -EXTRA_PATCHES+= ${PATCHDIR}/extra-patch-src-cf.data.ipv6 .endif .if ${PORT_OPTIONS:MDELAY_POOLS} CONFIGURE_ARGS+= --enable-delay-pools Patch attached with submission follows: How-To-Repeat: just recompile and restart squid on the host with disabled in kernel IPV6. There'are reports that error occured even if IPV6 is not initialized, but I don't know it exactly because I'm usually disabling it in my custom kernels.