diff options
| author |   Andrew Bevitt <cyfred@gentoo.org> | 2004-08-22 18:42:59 +0000 |
|---|---|---|
| committer | Andrew Bevitt <cyfred@gentoo.org> | 2004-08-22 18:42:59 +0000 |
| commit | 4f2c4731fb826a491baee4ef3eced5a277916af9 (patch) | |
| tree | 9820c6933916993e561ee3fba7ea8d3f0e3fd139 /www-proxy | |
| parent | Version bump (4.5.3) fixes #60320 and 56254. Removed old ebuilds. (Manifest r... (diff) | |
| download | gentoo-2-4f2c4731fb826a491baee4ef3eced5a277916af9.tar.gz gentoo-2-4f2c4731fb826a491baee4ef3eced5a277916af9.tar.bz2 gentoo-2-4f2c4731fb826a491baee4ef3eced5a277916af9.zip | |
Security Update: NTML DoS Vunerability see bug #61280
Diffstat (limited to 'www-proxy')
| -rw-r--r-- | www-proxy/squid/ChangeLog | 7 | ||||
| -rw-r--r-- | www-proxy/squid/Manifest | 2 | ||||
| -rw-r--r-- | www-proxy/squid/files/digest-squid-2.5.6-r2 | 2 | ||||
| -rw-r--r-- | www-proxy/squid/squid-2.5.6-r2.ebuild | 186 |
4 files changed, 196 insertions, 1 deletions
diff --git a/www-proxy/squid/ChangeLog b/www-proxy/squid/ChangeLog index b5124d2d4e45..8b02237d0763 100644 --- a/www-proxy/squid/ChangeLog +++ b/www-proxy/squid/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for net-www/squid # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-proxy/squid/ChangeLog,v 1.4 2004/08/22 18:26:35 cyfred Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-proxy/squid/ChangeLog,v 1.5 2004/08/22 18:42:59 cyfred Exp $ + +*squid-2.5.6-r2 (23 Aug 2004) + + 23 Aug 2004; Andrew Bevitt <cyfred@gentoo.org>; +squid-2.5.6-r2.ebuild: + Security Update: NTML DoS Vunerability see bug #61280 23 Aug 2004; Andrew Bevitt <cyfred@gentoo.org>; squid-2.5.6-r1.ebuild: Adding support for uclibc to 2.5 Stable 6 see #61175 diff --git a/www-proxy/squid/Manifest b/www-proxy/squid/Manifest index 8d6e788ba12e..9dc4029b5cee 100644 --- a/www-proxy/squid/Manifest +++ b/www-proxy/squid/Manifest @@ -1,4 +1,5 @@ MD5 650398264a3620304dec77a7dd0c9bc8 squid-2.5.5-r3.ebuild 5375 +MD5 88832c64aec9af69416f207a8f11e0df squid-2.5.6-r2.ebuild 5745 MD5 b5d67f5d2a5b7b7e2906d18ab21eac9f squid-2.5.6.ebuild 5332 MD5 f98ac2e961a1eaaa8437083b278a03d4 squid-2.5.5-r2.ebuild 5804 MD5 dcc877515903d35744496ae08e917271 squid-2.5.6-r1.ebuild 5736 @@ -10,6 +11,7 @@ MD5 a188814c2113dcd28c55672dbe58df8c files/squid-2.5.5-ntml-auth-fix.patch 2354 MD5 80e89eba8200ffbdf4afe8fc3c0dcd0e files/digest-squid-2.5.5-r2 71 MD5 45bf3c4b37515fe4da4ed6d39904132d files/digest-squid-2.5.5-r3 147 MD5 3794efc63eff1b0c9140d2396ca83e4d files/digest-squid-2.5.6-r1 147 +MD5 3f83edef485d5ba24d3819daee026aeb files/digest-squid-2.5.6-r2 156 MD5 6e37fe3047234060fc63d5c16a4b7853 files/squid.confd 437 MD5 1ee97d797645814f5ad77c98ad10eef2 files/squid.cron 41 MD5 0c7867dce4b8bef078a93bf717196b0e files/squid-2.5.3-gentoo.diff 11534 diff --git a/www-proxy/squid/files/digest-squid-2.5.6-r2 b/www-proxy/squid/files/digest-squid-2.5.6-r2 new file mode 100644 index 000000000000..1347e12e5512 --- /dev/null +++ b/www-proxy/squid/files/digest-squid-2.5.6-r2 @@ -0,0 +1,2 @@ +MD5 7fd964ac27b43b613d6b981cc702a29e squid-2.5.STABLE6.tar.bz2 1047199 +MD5 94354eb58c20ec65e8295d24c1b6801a squid-2.5.STABLE6-patches-20040823.tar.gz 16736 diff --git a/www-proxy/squid/squid-2.5.6-r2.ebuild b/www-proxy/squid/squid-2.5.6-r2.ebuild new file mode 100644 index 000000000000..9984a7af4b45 --- /dev/null +++ b/www-proxy/squid/squid-2.5.6-r2.ebuild @@ -0,0 +1,186 @@ +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-proxy/squid/squid-2.5.6-r2.ebuild,v 1.1 2004/08/22 18:42:59 cyfred Exp $ + +inherit eutils + +IUSE="pam ldap ssl sasl snmp debug uclibc" + +#lame archive versioning scheme.. +S_PV=${PV%.*} +S_PL=${PV##*.} +S_PP=${PN}-${S_PV}.STABLE${S_PL} + +DESCRIPTION="A caching web proxy, with advanced features" +HOMEPAGE="http://www.squid-cache.org/" + +S=${WORKDIR}/${S_PP} +SRC_URI="ftp://ftp.squid-cache.org/pub/squid-2/STABLE/${S_PP}.tar.bz2 + http://dev.gentoo.org/~cyfred/distfiles/squid-2.5.STABLE6-patches-20040823.tar.gz" + +RDEPEND="virtual/libc + pam? ( >=sys-libs/pam-0.75 ) + ldap? ( >=net-nds/openldap-2.1.26 ) + ssl? ( >=dev-libs/openssl-0.9.6m ) + sasl? ( >=dev-libs/cyrus-sasl-1.5.27 ) + selinux? ( sec-policy/selinux-squid )" +DEPEND="${RDEPEND} dev-lang/perl" +LICENSE="GPL-2" +KEYWORDS="~x86 ~amd64 ~alpha ppc" +SLOT="0" + +src_unpack() { + unpack ${A} || die + cd ${S} || die + + #do NOT just remove this patch. yes, it's here for a reason. + #woodchip@gentoo.org (07 Nov 2002) + patch -p1 <${FILESDIR}/squid-2.5.3-gentoo.diff || die + + # Do bulk patching from squids bug fix list for stable 6 see #57081 + EPATCH_SUFFIX="patch" epatch ${WORKDIR}/patch + + #hmm #10865 + cd helpers/external_acl/ldap_group + cp Makefile.in Makefile.in.orig + sed -e 's%^\(LINK =.*\)\(-o.*\)%\1\$(XTRA_LIBS) \2%' \ + Makefile.in.orig > Makefile.in + + if ! use debug + then + cd ${S} + mv configure.in configure.in.orig + sed -e 's%LDFLAGS="-g"%LDFLAGS=""%' configure.in.orig > configure.in + export WANT_AUTOCONF=2.1 + autoconf || die + fi +} + +src_compile() { + # Support for uclibc #61175 + if use uclibc; then + local basic_modules="getpwnam,NCSA,SMB,MSNT,multi-domain-NTLM,winbind" + else + local basic_modules="getpwnam,YP,NCSA,SMB,MSNT,multi-domain-NTLM,winbind" + fi + + use ldap && basic_modules="LDAP,${basic_modules}" + use pam && basic_modules="PAM,${basic_modules}" + use sasl && basic_modules="SASL,${basic_modules}" + # SASL 1 / 2 Supported Natively + + local ext_helpers="ip_user,unix_group,wbinfo_group,winbind_group" + use ldap && ext_helpers="ldap_group,${ext_helpers}" + + local myconf="" + use snmp && myconf="${myconf} --enable-snmp" || myconf="${myconf} --disable-snmp" + use ssl && myconf="${myconf} --enable-ssl" || myconf="${myconf} --disable-ssl" + + use amd64 && myconf="${myconf} --disable-internal-dns " + + if use underscores; then + ewarn "Enabling underscores in domain names will result in dns resolution" + ewarn "failure if your local DNS client (probably bind) is not compatible." + myconf="${myconf} --enable-underscores" + fi + + # Support for uclibc #61175 + if use uclibc; then + myconf="${myconf} --enable-storeio='ufs,diskd,aufs,null' " + myconf="${myconf} --disable-async-io " + else + myconf="${myconf} --enable-storeio='ufs,diskd,coss,aufs,null' " + myconf="${myconf} --enable-async-io " + fi + + ./configure \ + --prefix=/usr \ + --bindir=/usr/bin \ + --exec-prefix=/usr \ + --sbindir=/usr/sbin \ + --localstatedir=/var \ + --mandir=/usr/share/man \ + --sysconfdir=/etc/squid \ + --libexecdir=/usr/lib/squid \ + \ + --enable-auth="basic,digest,ntlm" \ + --enable-removal-policies="lru,heap" \ + --enable-digest-auth-helpers="password" \ + --enable-basic-auth-helpers=${basic_modules} \ + --enable-external-acl-helpers=${ext_helpers} \ + --enable-ntlm-auth-helpers="SMB,fakeauth,no_check,winbind" \ + --enable-linux-netfilter \ + --enable-ident-lookups \ + --enable-useragent-log \ + --enable-cache-digests \ + --enable-delay-pools \ + --enable-referer-log \ + --enable-truncate \ + --enable-arp-acl \ + --with-pthreads \ + --enable-htcp \ + --enable-carp \ + --enable-poll \ + --host=${CHOST} ${myconf} || die "bad ./configure" + #--enable-icmp + + mv include/autoconf.h include/autoconf.h.orig + sed -e "s:^#define SQUID_MAXFD.*:#define SQUID_MAXFD 4096:" \ + include/autoconf.h.orig > include/autoconf.h + +# if [ "${ARCH}" = "hppa" ] +# then +# mv include/autoconf.h include/autoconf.h.orig +# sed -e "s:^#define HAVE_MALLOPT 1:#undef HAVE_MALLOPT:" \ +# include/autoconf.h.orig > include/autoconf.h +# fi + + emake || die "compile problem" +} + +src_install() { + make DESTDIR=${D} install || die + + #--enable-icmp + #make -C src install-pinger libexecdir=${D}/usr/lib/squid || die + #chown root:squid ${D}/usr/lib/squid/pinger + #chmod 4750 ${D}/usr/lib/squid/pinger + + #need suid root for looking into /etc/shadow + chown root:squid ${D}/usr/lib/squid/ncsa_auth + chown root:squid ${D}/usr/lib/squid/pam_auth + chmod 4750 ${D}/usr/lib/squid/ncsa_auth + chmod 4750 ${D}/usr/lib/squid/pam_auth + + #some clean ups + rm -rf ${D}/var + mv ${D}/usr/bin/Run* ${D}/usr/lib/squid + + #simply switch this symlink to choose the desired language.. + dosym /usr/lib/squid/errors/English /etc/squid/errors + + dodoc CONTRIBUTORS COPYING COPYRIGHT CREDITS \ + ChangeLog QUICKSTART SPONSORS doc/*.txt \ + helpers/ntlm_auth/no_check/README.no_check_ntlm_auth + newdoc helpers/basic_auth/SMB/README README.auth_smb + dohtml helpers/basic_auth/MSNT/README.html RELEASENOTES.html + newdoc helpers/basic_auth/LDAP/README README.auth_ldap + doman helpers/basic_auth/LDAP/*.8 + dodoc helpers/basic_auth/SASL/squid_sasl_auth* + + insinto /etc/pam.d ; newins ${FILESDIR}/squid.pam squid + exeinto /etc/init.d ; newexe ${FILESDIR}/squid.rc6 squid + insinto /etc/conf.d ; newins ${FILESDIR}/squid.confd squid + exeinto /etc/cron.weekly ; newexe ${FILESDIR}/squid-r1.cron squid.cron +} + +pkg_postinst() { + # empty dirs.. + install -m0755 -o squid -g squid -d ${ROOT}/var/cache/squid + install -m0755 -o squid -g squid -d ${ROOT}/var/log/squid + + echo + ewarn "Squid authentication helpers have been installed suid root" + ewarn "This allows shadow based authentication, see bug #52977 for more" + echo +} |