diff options
| author |   Alin Năstac <mrness@gentoo.org> | 2005-10-19 18:26:51 +0000 |
|---|---|---|
| committer | Alin Năstac <mrness@gentoo.org> | 2005-10-19 18:26:51 +0000 |
| commit | 2b488f0188f090f81ea31b5139392e01aae89f73 (patch) | |
| tree | a1886fe43f48aa1dc307f2d6a07b0c215ec31451 | |
| parent | Unstable on hppa. (diff) | |
| download | gentoo-2-2b488f0188f090f81ea31b5139392e01aae89f73.tar.gz gentoo-2-2b488f0188f090f81ea31b5139392e01aae89f73.tar.bz2 gentoo-2-2b488f0188f090f81ea31b5139392e01aae89f73.zip | |
Version bump wrt security bug #109827, submitted as stable on x86.
(Portage version: 2.0.51.22-r3)
| -rw-r--r-- | net-proxy/squid/ChangeLog | 7 | ||||
| -rw-r--r-- | net-proxy/squid/Manifest | 14 | ||||
| -rw-r--r-- | net-proxy/squid/files/digest-squid-2.5.11 | 2 | ||||
| -rw-r--r-- | net-proxy/squid/squid-2.5.11.ebuild | 207 |
4 files changed, 218 insertions, 12 deletions
diff --git a/net-proxy/squid/ChangeLog b/net-proxy/squid/ChangeLog index e380858e12da..50483273fe88 100644 --- a/net-proxy/squid/ChangeLog +++ b/net-proxy/squid/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for net-proxy/squid # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.43 2005/10/04 21:19:45 mrness Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.44 2005/10/19 18:26:51 mrness Exp $ + +*squid-2.5.11 (19 Oct 2005) + + 19 Oct 2005; Alin Nastac <mrness@gentoo.org> +squid-2.5.11.ebuild: + Version bump wrt security bug #109827, submitted as stable on x86. 04 Oct 2005; Alin Nastac <mrness@gentoo.org> -squid-2.5.10.ebuild, squid-2.5.10-r2.ebuild, squid-2.5.10-r4.ebuild: diff --git a/net-proxy/squid/Manifest b/net-proxy/squid/Manifest index 137ac78c2c74..428dfbc9caab 100644 --- a/net-proxy/squid/Manifest +++ b/net-proxy/squid/Manifest @@ -1,22 +1,14 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - MD5 5a123cb8aa8308bf12130208cc3d171b squid-2.5.10-r2.ebuild 6351 MD5 f3431002a02349e68cd89f7c1770e21e squid-2.5.10-r4.ebuild 6400 -MD5 b69d3ee3b00e8850ce072daef253ad1c ChangeLog 22456 +MD5 01ead7e32245f95b5a7d4285b409116c ChangeLog 22596 MD5 c2a21a50fca07975a99242ebc54c2f88 metadata.xml 330 +MD5 4e0a1b957e3b42667cb5d0fca2041b3f squid-2.5.11.ebuild 6407 MD5 8e7207b10699502e573d9d60ff0e07a6 files/squid.confd 437 MD5 5cbc9bcecee98115731f5fc4b0f10907 files/squid.initd 1982 MD5 6f30a7f5c48ec35a7044acb189c858c5 files/squid.cron 133 +MD5 9aae33d4872e127be17e8a1bc587c2a7 files/digest-squid-2.5.11 157 MD5 9bc2547e30ed7f253626bd88246c0808 files/digest-squid-2.5.10-r2 157 MD5 6b7e2f22e3d8d628b7f3c0a468f05933 files/digest-squid-2.5.10-r4 157 MD5 40a3fdee0d8db88cb690a6eceb59e45a files/squid.pam 505 MD5 5286e7e73ca5687381fa09ff41dccbd1 files/squid-logrotate 101 MD5 208e20395de910fc529fcfb8031bfb13 files/squid.pam-include 326 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.1 (GNU/Linux) - -iD4DBQFDQvH+NSP4Vda7IdsRAkAqAJ0TMtO61aLXAv47fC5DyXe3a6K6CgCXTwVk -kW/sxWHmL4mxvajsTrWGig== -=+c9c ------END PGP SIGNATURE----- diff --git a/net-proxy/squid/files/digest-squid-2.5.11 b/net-proxy/squid/files/digest-squid-2.5.11 new file mode 100644 index 000000000000..ec7ca46fb194 --- /dev/null +++ b/net-proxy/squid/files/digest-squid-2.5.11 @@ -0,0 +1,2 @@ +MD5 ab2b6f7bf930323b4ebfbcf7233f9af9 squid-2.5.STABLE11.tar.gz 1392629 +MD5 20f5c2d6f430a78ea74fadea7090d3ad squid-2.5.STABLE11-patches-20051019.tar.gz 27204 diff --git a/net-proxy/squid/squid-2.5.11.ebuild b/net-proxy/squid/squid-2.5.11.ebuild new file mode 100644 index 000000000000..98045613e1a7 --- /dev/null +++ b/net-proxy/squid/squid-2.5.11.ebuild @@ -0,0 +1,207 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-2.5.11.ebuild,v 1.1 2005/10/19 18:26:51 mrness Exp $ + +inherit eutils pam toolchain-funcs + +#lame archive versioning scheme.. +S_PV=${PV%.*} +S_PL=${PV##*.} +S_PL=${S_PL/_rc/-RC} +S_PP=${PN}-${S_PV}.STABLE${S_PL} +PATCH_VERSION="20051019" + +DESCRIPTION="A caching web proxy, with advanced features" +HOMEPAGE="http://www.squid-cache.org/" +SRC_URI="http://www.squid-cache.org/Versions/v2/${S_PV}/${S_PP}.tar.gz + mirror://gentoo/${S_PP}-patches-${PATCH_VERSION}.tar.gz" + +S=${WORKDIR}/${S_PP} + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc x86" +IUSE="pam ldap ssl sasl snmp debug selinux underscores logrotate customlog zero-penalty-hit follow-xff" + +RDEPEND="pam? ( virtual/pam ) + ldap? ( >=net-nds/openldap-2.1.26 ) + ssl? ( >=dev-libs/openssl-0.9.6m ) + sasl? ( >=dev-libs/cyrus-sasl-1.5.27 ) + selinux? ( sec-policy/selinux-squid ) + !mips? ( logrotate? ( app-admin/logrotate ) )" +DEPEND="${RDEPEND} dev-lang/perl" + +pkg_setup() { + enewgroup squid 31 + enewuser squid 31 -1 /var/cache/squid squid +} + +src_unpack() { + unpack ${A} || die "unpack failed" + cd ${S} || die "dir ${S} not found" + + # Do bulk patching from squids bug fix list as well as our patches + use customlog || rm ${WORKDIR}/patch/9*customlog* + use zero-penalty-hit || rm ${WORKDIR}/patch/9*ToS_Hit* + use follow-xff || rm ${WORKDIR}/patch/9*follow_xff* + EPATCH_SUFFIX="patch" + epatch ${WORKDIR}/patch + + #hmm #10865 + sed -i -e 's%^\(LINK =.*\)\(-o.*\)%\1\$(XTRA_LIBS) \2%' \ + helpers/external_acl/ldap_group/Makefile.in + + #disable lazy bindings on (some at least) suided basic auth programs + sed -i -e 's:_LDFLAGS[ ]*=:_LDFLAGS = -Wl,-z,now:' \ + helpers/basic_auth/*/Makefile.in + + if ! use debug ; then + sed -i -e 's%LDFLAGS="-g"%LDFLAGS=""%' configure.in + fi + export WANT_AUTOCONF=2.1 + autoconf || die "autoconf failed" +} + +src_compile() { + # Support for uclibc #61175 + if use elibc_uclibc; then + local basic_modules="getpwnam,NCSA,SMB,MSNT,multi-domain-NTLM,winbind" + else + local basic_modules="getpwnam,YP,NCSA,SMB,MSNT,multi-domain-NTLM,winbind" + fi + + use ldap && basic_modules="LDAP,${basic_modules}" + use pam && basic_modules="PAM,${basic_modules}" + use sasl && basic_modules="SASL,${basic_modules}" + # SASL 1 / 2 Supported Natively + + local ext_helpers="ip_user,unix_group,wbinfo_group,winbind_group" + use ldap && ext_helpers="ldap_group,${ext_helpers}" + + local myconf="" + use snmp && myconf="${myconf} --enable-snmp" || myconf="${myconf} --disable-snmp" + use ssl && myconf="${myconf} --enable-ssl" || myconf="${myconf} --disable-ssl" + + use amd64 && myconf="${myconf} --disable-internal-dns " + + if use underscores; then + ewarn "Enabling underscores in domain names will result in dns resolution" + ewarn "failure if your local DNS client (probably bind) is not compatible." + myconf="${myconf} --enable-underscores" + fi + + # Support for uclibc #61175 + if use elibc_uclibc; then + myconf="${myconf} --enable-storeio='ufs,diskd,aufs,null' " + myconf="${myconf} --disable-async-io " + else + myconf="${myconf} --enable-storeio='ufs,diskd,coss,aufs,null' " + myconf="${myconf} --enable-async-io " + fi + + export CC=$(tc-getCC) + + ./configure \ + --prefix=/usr \ + --bindir=/usr/bin \ + --exec-prefix=/usr \ + --sbindir=/usr/sbin \ + --localstatedir=/var \ + --mandir=/usr/share/man \ + --sysconfdir=/etc/squid \ + --libexecdir=/usr/lib/squid \ + --enable-auth="basic,digest,ntlm" \ + --enable-removal-policies="lru,heap" \ + --enable-digest-auth-helpers="password" \ + --enable-basic-auth-helpers=${basic_modules} \ + --enable-external-acl-helpers=${ext_helpers} \ + --enable-ntlm-auth-helpers="SMB,fakeauth,no_check,winbind" \ + --enable-linux-netfilter \ + --enable-ident-lookups \ + --enable-useragent-log \ + --enable-cache-digests \ + --enable-delay-pools \ + --enable-referer-log \ + --enable-truncate \ + --enable-arp-acl \ + --with-pthreads \ + --with-large-files \ + --enable-htcp \ + --enable-carp \ + --enable-poll \ + `use_enable follow-xff follow-x-forwarded-for` \ + --host=${CHOST} ${myconf} || die "bad ./configure" + #--enable-icmp + + sed -i -e "s:^#define SQUID_MAXFD.*:#define SQUID_MAXFD 8192:" \ + include/autoconf.h + +# if [ "${ARCH}" = "hppa" ] +# then +# sed -i -e "s:^#define HAVE_MALLOPT 1:#undef HAVE_MALLOPT:" \ +# include/autoconf.h.orig > include/autoconf.h +# fi + + emake || die "compile problem" +} + +src_install() { + make DESTDIR=${D} install || die + + #--enable-icmp + #make -C src install-pinger libexecdir=${D}/usr/lib/squid || die + #chown root:squid ${D}/usr/lib/squid/pinger + #chmod 4750 ${D}/usr/lib/squid/pinger + + #need suid root for looking into /etc/shadow + chown root:squid ${D}/usr/lib/squid/ncsa_auth + chown root:squid ${D}/usr/lib/squid/pam_auth + chmod 4750 ${D}/usr/lib/squid/ncsa_auth + chmod 4750 ${D}/usr/lib/squid/pam_auth + + #some clean ups + rm -f ${D}/usr/bin/Run* + + #simply switch this symlink to choose the desired language.. + dosym /usr/lib/squid/errors/English /etc/squid/errors + + dodoc CONTRIBUTORS CREDITS ChangeLog QUICKSTART SPONSORS doc/*.txt \ + helpers/ntlm_auth/no_check/README.no_check_ntlm_auth + newdoc helpers/basic_auth/SMB/README README.auth_smb + dohtml helpers/basic_auth/MSNT/README.html RELEASENOTES.html + newdoc helpers/basic_auth/LDAP/README README.auth_ldap + doman helpers/basic_auth/LDAP/*.8 + dodoc helpers/basic_auth/SASL/squid_sasl_auth* + + newpamd "${FILESDIR}/squid.pam-include" squid + newinitd "${FILESDIR}/squid.initd" squid + newconfd "${FILESDIR}/squid.confd" squid + if use logrotate; then + insinto /etc/logrotate.d + newins ${FILESDIR}/squid-logrotate squid + else + exeinto /etc/cron.weekly + newexe ${FILESDIR}/squid.cron squid.cron + fi + + rm -rf ${D}/var + diropts -m0755 -o squid -g squid + dodir /var/cache/squid /var/log/squid +} + +pkg_preinst() { + enewgroup squid 31 + enewuser squid 31 -1 /var/cache/squid squid +} + +pkg_postinst() { + echo + ewarn "Squid authentication helpers have been installed suid root" + ewarn "This allows shadow based authentication, see bug #52977 for more" + echo + einfo "For winbind authentication to work with squid you should change the" + einfo "/var/cache/samba/winbindd_privileged group to the same one you use" + einfo "in the cache_effective_group option on your squid.conf:" + einfo " chgrp squid /var/cache/samba/winbindd_privileged" + echo +} |