From ffef92f5b2e66545afbf0f39f0402f2a72931333 Mon Sep 17 00:00:00 2001 From: Alin Năstac Date: Sat, 22 Aug 2009 12:57:20 +0000 Subject: Fix security bug 279380. Add fix for -Wl,--as-needed problem when 3.1.0.13 is compiled with kerberos USE flag enabled. Remove resource consuming PURGE method from the default squid.conf installed by 3.1.0.13 version. (Portage version: 2.1.6.13/cvs/Linux x86_64) --- net-proxy/squid/ChangeLog | 23 +- .../squid/files/squid-2.7.6-cve-2009-2855.patch | 34 +++ .../squid/files/squid-3.0.15-adapted-zph.patch | 202 -------------- .../squid/files/squid-3.0.15-cross-compile.patch | 38 --- net-proxy/squid/files/squid-3.0.15-gcc43.patch | 13 - net-proxy/squid/files/squid-3.0.15-gentoo.patch | 293 ------------------- net-proxy/squid/files/squid-3.0.15-heimdal.patch | 18 -- .../squid/files/squid-3.0.18-cve-2009-2855.patch | 37 +++ .../files/squid-3.1.0.13_beta-cve-2009-2855.patch | 37 +++ .../squid/files/squid-3.1.0.13_beta-gentoo.patch | 51 ++-- .../squid/files/squid-3.1.0.13_beta-qafixes.patch | 39 +++ .../squid/files/squid-3.1.0.9_beta-gentoo.patch | 309 --------------------- .../squid/files/squid-3.1.0.9_beta-invconv.patch | 26 -- net-proxy/squid/squid-2.7.6-r2.ebuild | 190 +++++++++++++ net-proxy/squid/squid-3.0.15.ebuild | 197 ------------- net-proxy/squid/squid-3.0.18-r1.ebuild | 194 +++++++++++++ net-proxy/squid/squid-3.1.0.13_beta-r1.ebuild | 199 +++++++++++++ net-proxy/squid/squid-3.1.0.13_beta.ebuild | 198 ------------- net-proxy/squid/squid-3.1.0.9_beta.ebuild | 199 ------------- 19 files changed, 772 insertions(+), 1525 deletions(-) create mode 100644 net-proxy/squid/files/squid-2.7.6-cve-2009-2855.patch delete mode 100644 net-proxy/squid/files/squid-3.0.15-adapted-zph.patch delete mode 100644 net-proxy/squid/files/squid-3.0.15-cross-compile.patch delete mode 100644 net-proxy/squid/files/squid-3.0.15-gcc43.patch delete mode 100644 net-proxy/squid/files/squid-3.0.15-gentoo.patch delete mode 100644 net-proxy/squid/files/squid-3.0.15-heimdal.patch create mode 100644 net-proxy/squid/files/squid-3.0.18-cve-2009-2855.patch create mode 100644 net-proxy/squid/files/squid-3.1.0.13_beta-cve-2009-2855.patch delete mode 100644 net-proxy/squid/files/squid-3.1.0.9_beta-gentoo.patch delete mode 100644 net-proxy/squid/files/squid-3.1.0.9_beta-invconv.patch create mode 100644 net-proxy/squid/squid-2.7.6-r2.ebuild delete mode 100644 net-proxy/squid/squid-3.0.15.ebuild create mode 100644 net-proxy/squid/squid-3.0.18-r1.ebuild create mode 100644 net-proxy/squid/squid-3.1.0.13_beta-r1.ebuild delete mode 100644 net-proxy/squid/squid-3.1.0.13_beta.ebuild delete mode 100644 net-proxy/squid/squid-3.1.0.9_beta.ebuild (limited to 'net-proxy') diff --git a/net-proxy/squid/ChangeLog b/net-proxy/squid/ChangeLog index c22c8e46cb19..b6f4badee303 100644 --- a/net-proxy/squid/ChangeLog +++ b/net-proxy/squid/ChangeLog @@ -1,6 +1,27 @@ # ChangeLog for net-proxy/squid # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.274 2009/08/16 11:01:46 mrness Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.275 2009/08/22 12:57:20 mrness Exp $ + +*squid-3.1.0.13_beta-r1 (22 Aug 2009) +*squid-3.0.18-r1 (22 Aug 2009) +*squid-2.7.6-r2 (22 Aug 2009) + + 22 Aug 2009; Alin Năstac + +files/squid-2.7.6-cve-2009-2855.patch, + -files/squid-3.0.15-adapted-zph.patch, + -files/squid-3.0.15-cross-compile.patch, -files/squid-3.0.15-gcc43.patch, + -files/squid-3.0.15-gentoo.patch, -files/squid-3.0.15-heimdal.patch, + +files/squid-3.0.18-cve-2009-2855.patch, + -files/squid-3.1.0.9_beta-gentoo.patch, + -files/squid-3.1.0.9_beta-invconv.patch, + +files/squid-3.1.0.13_beta-cve-2009-2855.patch, + files/squid-3.1.0.13_beta-gentoo.patch, + files/squid-3.1.0.13_beta-qafixes.patch, +squid-2.7.6-r2.ebuild, + -squid-3.0.15.ebuild, +squid-3.0.18-r1.ebuild, -squid-3.1.0.9_beta.ebuild, + -squid-3.1.0.13_beta.ebuild, +squid-3.1.0.13_beta-r1.ebuild: + Fix security bug 279380. Add fix for -Wl,--as-needed problem when 3.1.0.13 + is compiled with kerberos USE flag enabled. Remove resource consuming PURGE + method from the default squid.conf installed by 3.1.0.13 version. 16 Aug 2009; Alin Năstac files/squid.initd, files/squid.initd-logrotate, squid-2.7.6-r1.ebuild, squid-3.0.18.ebuild, diff --git a/net-proxy/squid/files/squid-2.7.6-cve-2009-2855.patch b/net-proxy/squid/files/squid-2.7.6-cve-2009-2855.patch new file mode 100644 index 000000000000..8863ffe093fc --- /dev/null +++ b/net-proxy/squid/files/squid-2.7.6-cve-2009-2855.patch @@ -0,0 +1,34 @@ +diff -Nru squid-2.7.STABLE6.orig/src/HttpHeaderTools.c squid-2.7.STABLE6/src/HttpHeaderTools.c +--- squid-2.7.STABLE6.orig/src/HttpHeaderTools.c 2008-04-02 03:00:11.000000000 +0200 ++++ squid-2.7.STABLE6/src/HttpHeaderTools.c 2009-08-22 11:25:43.000000000 +0200 +@@ -239,6 +239,10 @@ + strListGetItem(const String * str, char del, const char **item, int *ilen, const char **pos) + { + size_t len; ++ /* ',' is always enabled as field delimiter as this is required for ++ * processing merged header values properly, even if Cookie normally ++ * uses ';' as delimiter. ++ */ + static char delim[3][8] = + { + "\"?,", +@@ -261,16 +265,15 @@ + /* find next delimiter */ + do { + *pos += strcspn(*pos, delim[quoted]); +- if (**pos == del) +- break; + if (**pos == '"') { + quoted = !quoted; + *pos += 1; +- } +- if (quoted && **pos == '\\') { ++ } else if (quoted && **pos == '\\') { + *pos += 1; + if (**pos) + *pos += 1; ++ } else { ++ break; /* Delimiter found, marking the end of this value */ + } + } while (**pos); + len = *pos - *item; /* *pos points to del or '\0' */ diff --git a/net-proxy/squid/files/squid-3.0.15-adapted-zph.patch b/net-proxy/squid/files/squid-3.0.15-adapted-zph.patch deleted file mode 100644 index 864944a4daf9..000000000000 --- a/net-proxy/squid/files/squid-3.0.15-adapted-zph.patch +++ /dev/null @@ -1,202 +0,0 @@ -diff -Nru squid-3.0.STABLE15.orig/src/cf.data.pre squid-3.0.STABLE15/src/cf.data.pre ---- squid-3.0.STABLE15.orig/src/cf.data.pre 2009-05-09 10:05:05.000000000 +0000 -+++ squid-3.0.STABLE15/src/cf.data.pre 2009-05-09 10:13:39.000000000 +0000 -@@ -1133,6 +1133,60 @@ - making the request. - DOC_END - -+NAME: zph_tos_local -+TYPE: int -+DEFAULT: 0 -+LOC: Config.zph_tos_local -+DOC_START -+ Allows you to select a TOS/Diffserv value to mark local hits. Read above -+ (tcp_outgoing_tos) for details/requirements about TOS. -+ Default: 0 (disabled). -+DOC_END -+ -+NAME: zph_tos_peer -+TYPE: int -+DEFAULT: 0 -+LOC: Config.zph_tos_peer -+DOC_START -+ Allows you to select a TOS/Diffserv value to mark peer hits. Read above -+ (tcp_outgoing_tos) for details/requirements about TOS. -+ Default: 0 (disabled). -+DOC_END -+ -+NAME: zph_tos_parent -+COMMENT: on|off -+TYPE: onoff -+LOC: Config.onoff.zph_tos_parent -+DEFAULT: on -+DOC_START -+ Set this to off if you want only sibling hits to be marked. -+ If set to on (default), parent hits are being marked too. -+DOC_END -+ -+NAME: zph_preserve_miss_tos -+COMMENT: on|off -+TYPE: onoff -+LOC: Config.onoff.zph_preserve_miss_tos -+DEFAULT: on -+DOC_START -+ If set to on (default), any HTTP response towards clients will -+ have the TOS value of the response comming from the remote -+ server masked with the value of zph_preserve_miss_tos_mask. -+ For this to work correctly, you will need to patch your linux -+ kernel with the TOS preserving ZPH patch. -+DOC_END -+ -+NAME: zph_preserve_miss_tos_mask -+TYPE: int -+DEFAULT: 255 -+LOC: Config.zph_preserve_miss_tos_mask -+DOC_START -+ Allows you to mask certain bits in the TOS received from the -+ remote server, before copying the value to the TOS send towards -+ clients. -+ Default: 255 (TOS from server is not changed). -+DOC_END -+ - NAME: tcp_outgoing_address - TYPE: acl_address - DEFAULT: none -diff -Nru squid-3.0.STABLE15.orig/src/client_side_reply.cc squid-3.0.STABLE15/src/client_side_reply.cc ---- squid-3.0.STABLE15.orig/src/client_side_reply.cc 2009-05-06 11:11:41.000000000 +0000 -+++ squid-3.0.STABLE15/src/client_side_reply.cc 2009-05-09 10:13:39.000000000 +0000 -@@ -48,6 +48,7 @@ - #include "ESI.h" - #endif - #include "MemObject.h" -+#include "fde.h" - #include "ACLChecklist.h" - #include "ACL.h" - #if DELAY_POOLS -@@ -1550,6 +1551,11 @@ - /* guarantee nothing has been sent yet! */ - assert(http->out.size == 0); - assert(http->out.offset == 0); -+ if (Config.zph_tos_local) -+ { -+ debugs(33, 1, "ZPH hit hier.code=" << http->request->hier.code <<" TOS="<getConn()->fd,Config.zph_tos_local); -+ } - tempBuffer.offset = reqofs; - tempBuffer.length = getNextNode()->readBuffer.length; - tempBuffer.data = getNextNode()->readBuffer.data; -@@ -1829,6 +1835,24 @@ - char *buf = next()->readBuffer.data; - - char *body_buf = buf; -+ -+ if (reqofs==0 && !logTypeIsATcpHit(http->logType)) -+ { -+ int tos = 0; -+ if (Config.zph_tos_peer && -+ (http->request->hier.code==SIBLING_HIT || -+ (Config.onoff.zph_tos_parent && http->request->hier.code==PARENT_HIT))) -+ { -+ tos = Config.zph_tos_peer; -+ debugs(33, 1, "ZPH: Peer hit, TOS="<_peer)) { - p->stats.fetches++; - request->peer_login = p->login; -diff -Nru squid-3.0.STABLE15.orig/src/structs.h squid-3.0.STABLE15/src/structs.h ---- squid-3.0.STABLE15.orig/src/structs.h 2009-05-09 10:05:06.000000000 +0000 -+++ squid-3.0.STABLE15/src/structs.h 2009-05-09 10:13:39.000000000 +0000 -@@ -553,6 +553,8 @@ - int emailErrData; - int httpd_suppress_version_string; - int global_internal_static; -+ int zph_tos_parent; -+ int zph_preserve_miss_tos; - int debug_override_X; - int WIN32_IpAddrChangeMonitor; - } -@@ -721,6 +723,9 @@ - int sleep_after_fork; /* microseconds */ - time_t minimum_expiry_time; /* seconds */ - external_acl *externalAclHelperList; -+ int zph_tos_local; -+ int zph_tos_peer; -+ int zph_preserve_miss_tos_mask; - #if USE_SSL - - struct diff --git a/net-proxy/squid/files/squid-3.0.15-cross-compile.patch b/net-proxy/squid/files/squid-3.0.15-cross-compile.patch deleted file mode 100644 index 68a3fb55e321..000000000000 --- a/net-proxy/squid/files/squid-3.0.15-cross-compile.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -Nru squid-3.0.STABLE15.orig/configure.in squid-3.0.STABLE15/configure.in ---- squid-3.0.STABLE15.orig/configure.in 2009-05-09 10:02:38.000000000 +0000 -+++ squid-3.0.STABLE15/configure.in 2009-05-09 10:03:20.000000000 +0000 -@@ -1820,6 +1820,10 @@ - ;; - esac - -+dnl Define HOSTCXX -+HOSTCXX="$build-g++" -+AC_SUBST(HOSTCXX) -+ - dnl Check for programs - AC_PROG_CPP - AC_PROG_INSTALL -diff -Nru squid-3.0.STABLE15.orig/src/Makefile.am squid-3.0.STABLE15/src/Makefile.am ---- squid-3.0.STABLE15.orig/src/Makefile.am 2009-05-09 10:02:38.000000000 +0000 -+++ squid-3.0.STABLE15/src/Makefile.am 2009-05-09 10:03:20.000000000 +0000 -@@ -1007,6 +1007,8 @@ - - DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" - -+HOSTCXX ?= @HOSTCXX@ -+ - $(OBJS): $(top_srcdir)/include/version.h ../include/autoconf.h - - snmp_core.o snmp_agent.o: ../snmplib/libsnmp.a $(top_srcdir)/include/cache_snmp.h -@@ -1030,6 +1032,11 @@ - squid.conf.default: cf_parser.h - true - -+cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES) -+ $(HOSTCXX) -o $@ $(srcdir)/cf_gen.cc \ -+ $(top_srcdir)/lib/util.c $(top_srcdir)/lib/assert.c \ -+ -DNDEBUG -DBUILD_HOST_TOOL ${INCLUDES} -+ - cf_parser.h: cf.data cf_gen$(EXEEXT) - ./cf_gen cf.data $(srcdir)/cf.data.depend - diff --git a/net-proxy/squid/files/squid-3.0.15-gcc43.patch b/net-proxy/squid/files/squid-3.0.15-gcc43.patch deleted file mode 100644 index a9d3f1b594f8..000000000000 --- a/net-proxy/squid/files/squid-3.0.15-gcc43.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -Nru squid-3.0.STABLE15.orig/lib/util.c squid-3.0.STABLE15/lib/util.c ---- squid-3.0.STABLE15.orig/lib/util.c 2009-05-06 11:11:38.000000000 +0000 -+++ squid-3.0.STABLE15/lib/util.c 2009-05-09 10:31:41.000000000 +0000 -@@ -751,7 +751,8 @@ - /* copy string, including terminating character */ - sz = strlen(s) + 1; - -- p = memcpy((char *)xmalloc(sz), s, sz); -+ p = (char *)xmalloc(sz); -+ memcpy(p, s, sz); - - PROF_stop(xstrdup); - diff --git a/net-proxy/squid/files/squid-3.0.15-gentoo.patch b/net-proxy/squid/files/squid-3.0.15-gentoo.patch deleted file mode 100644 index 2def7187d6cc..000000000000 --- a/net-proxy/squid/files/squid-3.0.15-gentoo.patch +++ /dev/null @@ -1,293 +0,0 @@ -diff -Nru squid-3.0.STABLE15.orig/acinclude.m4 squid-3.0.STABLE15/acinclude.m4 ---- squid-3.0.STABLE15.orig/acinclude.m4 2009-05-06 11:11:25.000000000 +0000 -+++ squid-3.0.STABLE15/acinclude.m4 2009-05-09 09:54:49.000000000 +0000 -@@ -73,7 +73,7 @@ - AC_MSG_CHECKING([whether compiler accepts -fhuge-objects]) - AC_CACHE_VAL([ac_cv_test_checkforhugeobjects],[ - ac_cv_test_checkforhugeobjects=`echo "int foo;" > conftest.cc --${CXX} -Werror -fhuge-objects -c conftest.cc 2>/dev/null -+${CXX} -fhuge-objects -c conftest.cc 2>/dev/null - res=$? - rm -f conftest.* - echo yes -diff -Nru squid-3.0.STABLE15.orig/configure.in squid-3.0.STABLE15/configure.in ---- squid-3.0.STABLE15.orig/configure.in 2009-05-06 11:11:43.000000000 +0000 -+++ squid-3.0.STABLE15/configure.in 2009-05-09 09:54:49.000000000 +0000 -@@ -15,9 +15,9 @@ - PRESET_LDFLAGS="$LDFLAGS" - - dnl Set default LDFLAGS --if test -z "$LDFLAGS"; then -- LDFLAGS="-g" --fi -+dnl if test -z "$LDFLAGS"; then -+dnl LDFLAGS="-g" -+dnl fi - - dnl Check for GNU cc - AC_PROG_CC -@@ -177,13 +177,13 @@ - dnl TODO: check if the problem will be present in any other newer MinGW release. - case "$host_os" in - mingw|mingw32) -- SQUID_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments" -+ SQUID_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings" - ;; - *) -- SQUID_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments" -+ SQUID_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations" - ;; - esac -- SQUID_CXXFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments" -+ SQUID_CXXFLAGS="-Wall -Wpointer-arith -Wwrite-strings" - else - SQUID_CFLAGS= - SQUID_CXXFLAGS= -diff -Nru squid-3.0.STABLE15.orig/helpers/basic_auth/MSNT/confload.c squid-3.0.STABLE15/helpers/basic_auth/MSNT/confload.c ---- squid-3.0.STABLE15.orig/helpers/basic_auth/MSNT/confload.c 2009-05-06 11:11:32.000000000 +0000 -+++ squid-3.0.STABLE15/helpers/basic_auth/MSNT/confload.c 2009-05-09 09:54:49.000000000 +0000 -@@ -27,7 +27,7 @@ - - /* Path to configuration file */ - #ifndef SYSCONFDIR --#define SYSCONFDIR "/usr/local/squid/etc" -+#define SYSCONFDIR "/etc/squid" - #endif - #define CONFIGFILE SYSCONFDIR "/msntauth.conf" - -diff -Nru squid-3.0.STABLE15.orig/helpers/basic_auth/MSNT/msntauth.conf.default squid-3.0.STABLE15/helpers/basic_auth/MSNT/msntauth.conf.default ---- squid-3.0.STABLE15.orig/helpers/basic_auth/MSNT/msntauth.conf.default 2009-05-06 11:11:32.000000000 +0000 -+++ squid-3.0.STABLE15/helpers/basic_auth/MSNT/msntauth.conf.default 2009-05-09 09:54:49.000000000 +0000 -@@ -8,6 +8,6 @@ - server other_PDC other_BDC otherdomain - - # Denied and allowed users. Comment these if not needed. --#denyusers /usr/local/squid/etc/msntauth.denyusers --#allowusers /usr/local/squid/etc/msntauth.allowusers -+#denyusers /etc/squid/msntauth.denyusers -+#allowusers /etc/squid/msntauth.allowusers - -diff -Nru squid-3.0.STABLE15.orig/helpers/basic_auth/SMB/Makefile.am squid-3.0.STABLE15/helpers/basic_auth/SMB/Makefile.am ---- squid-3.0.STABLE15.orig/helpers/basic_auth/SMB/Makefile.am 2009-05-06 11:11:32.000000000 +0000 -+++ squid-3.0.STABLE15/helpers/basic_auth/SMB/Makefile.am 2009-05-09 09:54:49.000000000 +0000 -@@ -14,7 +14,7 @@ - ## FIXME: autoconf should test for the samba path. - - SMB_AUTH_HELPER = smb_auth.sh --SAMBAPREFIX=/usr/local/samba -+SAMBAPREFIX=/usr - SMB_AUTH_HELPER_PATH = $(libexecdir)/$(SMB_AUTH_HELPER) - - libexec_SCRIPTS = $(SMB_AUTH_HELPER) -diff -Nru squid-3.0.STABLE15.orig/helpers/basic_auth/SMB/smb_auth.sh squid-3.0.STABLE15/helpers/basic_auth/SMB/smb_auth.sh ---- squid-3.0.STABLE15.orig/helpers/basic_auth/SMB/smb_auth.sh 2009-05-06 11:11:32.000000000 +0000 -+++ squid-3.0.STABLE15/helpers/basic_auth/SMB/smb_auth.sh 2009-05-09 09:54:49.000000000 +0000 -@@ -24,7 +24,7 @@ - read AUTHSHARE - read AUTHFILE - read SMBUSER --read SMBPASS -+read -r SMBPASS - - # Find domain controller - echo "Domain name: $DOMAINNAME" -@@ -47,7 +47,7 @@ - addropt="" - fi - echo "Query address options: $addropt" --dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'` -+dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'` - echo "Domain controller IP address: $dcip" - [ -n "$dcip" ] || exit 1 - -diff -Nru squid-3.0.STABLE15.orig/helpers/external_acl/session/squid_session.8 squid-3.0.STABLE15/helpers/external_acl/session/squid_session.8 ---- squid-3.0.STABLE15.orig/helpers/external_acl/session/squid_session.8 2009-05-06 11:11:33.000000000 +0000 -+++ squid-3.0.STABLE15/helpers/external_acl/session/squid_session.8 2009-05-09 09:54:49.000000000 +0000 -@@ -35,7 +35,7 @@ - .P - Configuration example using the default automatic mode - .IP --external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/local/squid/libexec/squid_session -+external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/libexec/squid/squid_session - .IP - acl session external session - .IP -diff -Nru squid-3.0.STABLE15.orig/helpers/external_acl/unix_group/squid_unix_group.8 squid-3.0.STABLE15/helpers/external_acl/unix_group/squid_unix_group.8 ---- squid-3.0.STABLE15.orig/helpers/external_acl/unix_group/squid_unix_group.8 2009-05-06 11:11:33.000000000 +0000 -+++ squid-3.0.STABLE15/helpers/external_acl/unix_group/squid_unix_group.8 2009-05-09 09:54:49.000000000 +0000 -@@ -27,7 +27,7 @@ - This squid.conf example defines two Squid acls. usergroup1 matches users in group1, and usergroup2 - matches users in group2 or group3 - .IP --external_acl_type unix_group %LOGIN /usr/local/squid/libexec/squid_unix_group -p -+external_acl_type unix_group %LOGIN /usr/libexec/squid/squid_unix_group -p - .IP - acl usergroup1 external unix_group group1 - .IP -diff -Nru squid-3.0.STABLE15.orig/helpers/negotiate_auth/squid_kerb_auth/do.sh squid-3.0.STABLE15/helpers/negotiate_auth/squid_kerb_auth/do.sh ---- squid-3.0.STABLE15.orig/helpers/negotiate_auth/squid_kerb_auth/do.sh 2009-05-06 11:11:33.000000000 +0000 -+++ squid-3.0.STABLE15/helpers/negotiate_auth/squid_kerb_auth/do.sh 2009-05-09 09:54:49.000000000 +0000 -@@ -7,7 +7,7 @@ - # - CC=gcc - #CFLAGS="-Wall -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wshadow -O2" --CFLAGS="-Wall -Werror -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wshadow -O2" -+CFLAGS="-Wall -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wshadow -O2" - if [ "$1" = "HEIMDAL" ]; then - DEFINE="-DHEIMDAL -D__LITTLE_ENDIAN__" - INCLUDE="-I/usr/include/heimdal -Ispnegohelp" -diff -Nru squid-3.0.STABLE15.orig/lib/libTrie/acinclude.m4 squid-3.0.STABLE15/lib/libTrie/acinclude.m4 ---- squid-3.0.STABLE15.orig/lib/libTrie/acinclude.m4 2009-05-06 11:11:37.000000000 +0000 -+++ squid-3.0.STABLE15/lib/libTrie/acinclude.m4 2009-05-09 09:54:49.000000000 +0000 -@@ -9,7 +9,7 @@ - AC_MSG_CHECKING([whether compiler accepts -fhuge-objects]) - AC_CACHE_VAL([ac_cv_test_checkforhugeobjects],[ - ac_cv_test_checkforhugeobjects=`echo "int foo;" > conftest.cc --${CXX} -Werror -fhuge-objects -c conftest.cc 2>/dev/null -+${CXX} -fhuge-objects -c conftest.cc 2>/dev/null - res=$? - rm -f conftest.* - echo yes -diff -Nru squid-3.0.STABLE15.orig/lib/libTrie/configure.in squid-3.0.STABLE15/lib/libTrie/configure.in ---- squid-3.0.STABLE15.orig/lib/libTrie/configure.in 2009-05-06 11:11:37.000000000 +0000 -+++ squid-3.0.STABLE15/lib/libTrie/configure.in 2009-05-09 09:54:49.000000000 +0000 -@@ -58,8 +58,8 @@ - - dnl set useful flags - if test "$GCC" = "yes"; then -- TRIE_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments" -- TRIE_CXXFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments" -+ TRIE_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations" -+ TRIE_CXXFLAGS="-Wall -Wpointer-arith -Wwrite-strings" - else - TRIE_CFLAGS= - TRIE_CXXFLAGS= -diff -Nru squid-3.0.STABLE15.orig/src/cf.data.pre squid-3.0.STABLE15/src/cf.data.pre ---- squid-3.0.STABLE15.orig/src/cf.data.pre 2009-05-06 11:11:41.000000000 +0000 -+++ squid-3.0.STABLE15/src/cf.data.pre 2009-05-09 09:54:49.000000000 +0000 -@@ -652,6 +652,8 @@ - acl Safe_ports port 488 # gss-http - acl Safe_ports port 591 # filemaker - acl Safe_ports port 777 # multiling http -+acl Safe_ports port 901 # SWAT -+acl purge method PURGE - acl CONNECT method CONNECT - NOCOMMENT_END - DOC_END -@@ -685,6 +687,9 @@ - # Only allow cachemgr access from localhost - http_access allow manager localhost - http_access deny manager -+# Only allow purge requests from localhost -+http_access allow purge localhost -+http_access deny purge - # Deny requests to unknown ports - http_access deny !Safe_ports - # Deny CONNECT to other than SSL ports -@@ -702,6 +707,9 @@ - # from where browsing should be allowed - http_access allow localnet - -+# Allow the localhost to have access by default -+http_access allow localhost -+ - # And finally deny all other access to this proxy - http_access deny all - NOCOMMENT_END -@@ -3264,11 +3272,11 @@ - - NAME: cache_mgr - TYPE: string --DEFAULT: webmaster -+DEFAULT: root - LOC: Config.adminEmail - DOC_START - Email-address of local cache manager who will receive -- mail if the cache dies. The default is "webmaster." -+ mail if the cache dies. The default is "root". - DOC_END - - NAME: mail_from -@@ -5218,6 +5226,9 @@ - If you disable this, it will appear as - - X-Forwarded-For: unknown -+NOCOMMENT_START -+forwarded_for off -+NOCOMMENT_END - DOC_END - - NAME: cachemgr_passwd -diff -Nru squid-3.0.STABLE15.orig/src/debug.cc squid-3.0.STABLE15/src/debug.cc ---- squid-3.0.STABLE15.orig/src/debug.cc 2009-05-06 11:11:41.000000000 +0000 -+++ squid-3.0.STABLE15/src/debug.cc 2009-05-09 09:54:49.000000000 +0000 -@@ -465,7 +465,7 @@ - #if HAVE_SYSLOG && defined(LOG_LOCAL4) - - if (opt_syslog_enable) -- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, syslog_facility); -+ openlog(appname, LOG_PID | LOG_NDELAY, syslog_facility); - - #endif /* HAVE_SYSLOG */ - -diff -Nru squid-3.0.STABLE15.orig/src/defines.h squid-3.0.STABLE15/src/defines.h ---- squid-3.0.STABLE15.orig/src/defines.h 2009-05-06 11:11:41.000000000 +0000 -+++ squid-3.0.STABLE15/src/defines.h 2009-05-09 09:54:49.000000000 +0000 -@@ -218,7 +218,7 @@ - - /* were to look for errors if config path fails */ - #ifndef DEFAULT_SQUID_ERROR_DIR --#define DEFAULT_SQUID_ERROR_DIR "/usr/local/squid/etc/errors" -+#define DEFAULT_SQUID_ERROR_DIR "/usr/share/squid/errors/English" - #endif - - /* handy to determine the #elements in a static array */ -diff -Nru squid-3.0.STABLE15.orig/src/main.cc squid-3.0.STABLE15/src/main.cc ---- squid-3.0.STABLE15.orig/src/main.cc 2009-05-06 11:11:41.000000000 +0000 -+++ squid-3.0.STABLE15/src/main.cc 2009-05-09 09:54:49.000000000 +0000 -@@ -1490,7 +1490,7 @@ - if (*(argv[0]) == '(') - return; - -- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); -+ openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON); - - if ((pid = fork()) < 0) - syslog(LOG_ALERT, "fork failed: %s", xstrerror()); -@@ -1534,7 +1534,7 @@ - - if ((pid = fork()) == 0) { - /* child */ -- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); -+ openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON); - prog = xstrdup(argv[0]); - argv[0] = xstrdup("(squid)"); - execvp(prog, argv); -@@ -1542,7 +1542,7 @@ - } - - /* parent */ -- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); -+ openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON); - - syslog(LOG_NOTICE, "Squid Parent: child process %d started", pid); - -diff -Nru squid-3.0.STABLE15.orig/src/Makefile.am squid-3.0.STABLE15/src/Makefile.am ---- squid-3.0.STABLE15.orig/src/Makefile.am 2009-05-06 11:11:40.000000000 +0000 -+++ squid-3.0.STABLE15/src/Makefile.am 2009-05-09 09:54:49.000000000 +0000 -@@ -991,12 +991,12 @@ - DEFAULT_CONFIG_FILE = $(sysconfdir)/squid.conf - DEFAULT_MIME_TABLE = $(sysconfdir)/mime.conf - DEFAULT_DNSSERVER = $(libexecdir)/`echo dnsserver | sed '$(transform);s/$$/$(EXEEXT)/'` --DEFAULT_LOG_PREFIX = $(localstatedir)/logs -+DEFAULT_LOG_PREFIX = $(localstatedir)/log/squid - DEFAULT_CACHE_LOG = $(DEFAULT_LOG_PREFIX)/cache.log - DEFAULT_ACCESS_LOG = $(DEFAULT_LOG_PREFIX)/access.log - DEFAULT_STORE_LOG = $(DEFAULT_LOG_PREFIX)/store.log --DEFAULT_PID_FILE = $(DEFAULT_LOG_PREFIX)/squid.pid --DEFAULT_SWAP_DIR = $(localstatedir)/cache -+DEFAULT_PID_FILE = $(localstatedir)/run/squid.pid -+DEFAULT_SWAP_DIR = $(localstatedir)/cache/squid - DEFAULT_PINGER = $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'` - DEFAULT_UNLINKD = $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'` - DEFAULT_DISKD = $(libexecdir)/`echo diskd | sed '$(transform);s/$$/$(EXEEXT)/'` diff --git a/net-proxy/squid/files/squid-3.0.15-heimdal.patch b/net-proxy/squid/files/squid-3.0.15-heimdal.patch deleted file mode 100644 index 56a306e06942..000000000000 --- a/net-proxy/squid/files/squid-3.0.15-heimdal.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -Nru squid-3.0.STABLE15.orig/helpers/negotiate_auth/squid_kerb_auth/Makefile.am squid-3.0.STABLE15/helpers/negotiate_auth/squid_kerb_auth/Makefile.am ---- squid-3.0.STABLE15.orig/helpers/negotiate_auth/squid_kerb_auth/Makefile.am 2009-05-06 11:11:33.000000000 +0000 -+++ squid-3.0.STABLE15/helpers/negotiate_auth/squid_kerb_auth/Makefile.am 2009-05-09 10:14:42.000000000 +0000 -@@ -18,10 +18,10 @@ - #-L$(top_builddir)/lib -lmiscutil $(XTRA_LIBS) - - # HEIMDAL --#KERBINC = -DHEIMDAL -I/usr/include/heimdal --#KERBLIBS = -lgssapi -lkrb5 -lcom_err -lasn1 -lroken -+KERBINC = -DHEIMDAL -I/usr/include/heimdal -+KERBLIBS = -lgssapi -lkrb5 -lcom_err -lasn1 -lroken - - # MIT --KERBINC = --KERBLIBS = -lgssapi_krb5 -lkrb5 -lcom_err -+#KERBINC = -+#KERBLIBS = -lgssapi_krb5 -lkrb5 -lcom_err - diff --git a/net-proxy/squid/files/squid-3.0.18-cve-2009-2855.patch b/net-proxy/squid/files/squid-3.0.18-cve-2009-2855.patch new file mode 100644 index 000000000000..c7ac8c5d3c4e --- /dev/null +++ b/net-proxy/squid/files/squid-3.0.18-cve-2009-2855.patch @@ -0,0 +1,37 @@ +diff -Nru squid-3.0.STABLE18.orig/src/HttpHeaderTools.cc squid-3.0.STABLE18/src/HttpHeaderTools.cc +--- squid-3.0.STABLE18.orig/src/HttpHeaderTools.cc 2009-08-04 13:57:48.000000000 +0200 ++++ squid-3.0.STABLE18/src/HttpHeaderTools.cc 2009-08-22 11:43:40.000000000 +0200 +@@ -246,6 +246,10 @@ + strListGetItem(const String * str, char del, const char **item, int *ilen, const char **pos) + { + size_t len; ++ /* ',' is always enabled as field delimiter as this is required for ++ * processing merged header values properly, even if Cookie normally ++ * uses ';' as delimiter. ++ */ + static char delim[3][8] = { + "\"?,", + "\"\\", +@@ -273,19 +277,16 @@ + do { + *pos += strcspn(*pos, delim[quoted]); + +- if (**pos == del) +- break; +- + if (**pos == '"') { + quoted = !quoted; + *pos += 1; +- } +- +- if (quoted && **pos == '\\') { ++ } else if (quoted && **pos == '\\') { + *pos += 1; + + if (**pos) + *pos += 1; ++ } else { ++ break; /* Delimiter found, marking the end of this value */ + } + } while (**pos); + diff --git a/net-proxy/squid/files/squid-3.1.0.13_beta-cve-2009-2855.patch b/net-proxy/squid/files/squid-3.1.0.13_beta-cve-2009-2855.patch new file mode 100644 index 000000000000..5c3818c5e489 --- /dev/null +++ b/net-proxy/squid/files/squid-3.1.0.13_beta-cve-2009-2855.patch @@ -0,0 +1,37 @@ +diff -Nru squid-3.1.0.13.orig/src/HttpHeaderTools.cc squid-3.1.0.13/src/HttpHeaderTools.cc +--- squid-3.1.0.13.orig/src/HttpHeaderTools.cc 2009-08-04 15:32:12.000000000 +0200 ++++ squid-3.1.0.13/src/HttpHeaderTools.cc 2009-08-22 11:59:17.000000000 +0200 +@@ -229,6 +229,10 @@ + strListGetItem(const String * str, char del, const char **item, int *ilen, const char **pos) + { + size_t len; ++ /* ',' is always enabled as field delimiter as this is required for ++ * processing merged header values properly, even if Cookie normally ++ * uses ';' as delimiter. ++ */ + static char delim[3][8] = { + "\"?,", + "\"\\", +@@ -256,19 +260,16 @@ + do { + *pos += strcspn(*pos, delim[quoted]); + +- if (**pos == del) +- break; +- + if (**pos == '"') { + quoted = !quoted; + *pos += 1; +- } +- +- if (quoted && **pos == '\\') { ++ } else if (quoted && **pos == '\\') { + *pos += 1; + + if (**pos) + *pos += 1; ++ } else { ++ break; /* Delimiter found, marking the end of this value */ + } + } while (**pos); + diff --git a/net-proxy/squid/files/squid-3.1.0.13_beta-gentoo.patch b/net-proxy/squid/files/squid-3.1.0.13_beta-gentoo.patch index 42ba74ac35b4..987665b272b8 100644 --- a/net-proxy/squid/files/squid-3.1.0.13_beta-gentoo.patch +++ b/net-proxy/squid/files/squid-3.1.0.13_beta-gentoo.patch @@ -1,6 +1,6 @@ diff -Nru squid-3.1.0.13.orig/acinclude.m4 squid-3.1.0.13/acinclude.m4 --- squid-3.1.0.13.orig/acinclude.m4 2009-08-04 15:32:06.000000000 +0200 -+++ squid-3.1.0.13/acinclude.m4 2009-08-06 21:10:24.000000000 +0200 ++++ squid-3.1.0.13/acinclude.m4 2009-08-22 12:05:53.000000000 +0200 @@ -73,7 +73,7 @@ AC_MSG_CHECKING([whether compiler accepts -fhuge-objects]) AC_CACHE_VAL([ac_cv_test_checkforhugeobjects],[ @@ -11,8 +11,8 @@ diff -Nru squid-3.1.0.13.orig/acinclude.m4 squid-3.1.0.13/acinclude.m4 rm -f conftest.* echo yes diff -Nru squid-3.1.0.13.orig/configure.in squid-3.1.0.13/configure.in ---- squid-3.1.0.13.orig/configure.in 2009-08-06 21:08:31.000000000 +0200 -+++ squid-3.1.0.13/configure.in 2009-08-06 21:10:24.000000000 +0200 +--- squid-3.1.0.13.orig/configure.in 2009-08-22 12:05:19.000000000 +0200 ++++ squid-3.1.0.13/configure.in 2009-08-22 12:05:53.000000000 +0200 @@ -16,9 +16,9 @@ PRESET_LDFLAGS="$LDFLAGS" @@ -45,7 +45,7 @@ diff -Nru squid-3.1.0.13.orig/configure.in squid-3.1.0.13/configure.in SQUID_CXXFLAGS= diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/MSNT/confload.c squid-3.1.0.13/helpers/basic_auth/MSNT/confload.c --- squid-3.1.0.13.orig/helpers/basic_auth/MSNT/confload.c 2009-08-04 15:32:09.000000000 +0200 -+++ squid-3.1.0.13/helpers/basic_auth/MSNT/confload.c 2009-08-06 21:10:24.000000000 +0200 ++++ squid-3.1.0.13/helpers/basic_auth/MSNT/confload.c 2009-08-22 12:05:53.000000000 +0200 @@ -27,7 +27,7 @@ /* Path to configuration file */ @@ -57,7 +57,7 @@ diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/MSNT/confload.c squid-3.1.0.13/ diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/MSNT/msntauth.conf.default squid-3.1.0.13/helpers/basic_auth/MSNT/msntauth.conf.default --- squid-3.1.0.13.orig/helpers/basic_auth/MSNT/msntauth.conf.default 2009-08-04 15:32:09.000000000 +0200 -+++ squid-3.1.0.13/helpers/basic_auth/MSNT/msntauth.conf.default 2009-08-06 21:10:24.000000000 +0200 ++++ squid-3.1.0.13/helpers/basic_auth/MSNT/msntauth.conf.default 2009-08-22 12:05:53.000000000 +0200 @@ -8,6 +8,6 @@ server other_PDC other_BDC otherdomain @@ -69,7 +69,7 @@ diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/MSNT/msntauth.conf.default squi diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/SMB/Makefile.am squid-3.1.0.13/helpers/basic_auth/SMB/Makefile.am --- squid-3.1.0.13.orig/helpers/basic_auth/SMB/Makefile.am 2009-08-04 15:32:09.000000000 +0200 -+++ squid-3.1.0.13/helpers/basic_auth/SMB/Makefile.am 2009-08-06 21:10:24.000000000 +0200 ++++ squid-3.1.0.13/helpers/basic_auth/SMB/Makefile.am 2009-08-22 12:05:53.000000000 +0200 @@ -16,7 +16,7 @@ ## FIXME: autoconf should test for the samba path. @@ -81,7 +81,7 @@ diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/SMB/Makefile.am squid-3.1.0.13/ libexec_SCRIPTS = $(SMB_AUTH_HELPER) diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/SMB/smb_auth.sh squid-3.1.0.13/helpers/basic_auth/SMB/smb_auth.sh --- squid-3.1.0.13.orig/helpers/basic_auth/SMB/smb_auth.sh 2009-08-04 15:32:09.000000000 +0200 -+++ squid-3.1.0.13/helpers/basic_auth/SMB/smb_auth.sh 2009-08-06 21:10:24.000000000 +0200 ++++ squid-3.1.0.13/helpers/basic_auth/SMB/smb_auth.sh 2009-08-22 12:05:53.000000000 +0200 @@ -24,7 +24,7 @@ read AUTHSHARE read AUTHFILE @@ -102,7 +102,7 @@ diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/SMB/smb_auth.sh squid-3.1.0.13/ diff -Nru squid-3.1.0.13.orig/helpers/external_acl/session/squid_session.8 squid-3.1.0.13/helpers/external_acl/session/squid_session.8 --- squid-3.1.0.13.orig/helpers/external_acl/session/squid_session.8 2009-08-04 15:32:09.000000000 +0200 -+++ squid-3.1.0.13/helpers/external_acl/session/squid_session.8 2009-08-06 21:10:24.000000000 +0200 ++++ squid-3.1.0.13/helpers/external_acl/session/squid_session.8 2009-08-22 12:05:53.000000000 +0200 @@ -35,7 +35,7 @@ .P Configuration example using the default automatic mode @@ -114,7 +114,7 @@ diff -Nru squid-3.1.0.13.orig/helpers/external_acl/session/squid_session.8 squid .IP diff -Nru squid-3.1.0.13.orig/helpers/external_acl/unix_group/squid_unix_group.8 squid-3.1.0.13/helpers/external_acl/unix_group/squid_unix_group.8 --- squid-3.1.0.13.orig/helpers/external_acl/unix_group/squid_unix_group.8 2009-08-04 15:32:10.000000000 +0200 -+++ squid-3.1.0.13/helpers/external_acl/unix_group/squid_unix_group.8 2009-08-06 21:10:24.000000000 +0200 ++++ squid-3.1.0.13/helpers/external_acl/unix_group/squid_unix_group.8 2009-08-22 12:05:53.000000000 +0200 @@ -27,7 +27,7 @@ This squid.conf example defines two Squid acls. usergroup1 matches users in group1, and usergroup2 matches users in group2 or group3 @@ -126,7 +126,7 @@ diff -Nru squid-3.1.0.13.orig/helpers/external_acl/unix_group/squid_unix_group.8 .IP diff -Nru squid-3.1.0.13.orig/helpers/negotiate_auth/squid_kerb_auth/configure.in squid-3.1.0.13/helpers/negotiate_auth/squid_kerb_auth/configure.in --- squid-3.1.0.13.orig/helpers/negotiate_auth/squid_kerb_auth/configure.in 2009-08-04 15:32:10.000000000 +0200 -+++ squid-3.1.0.13/helpers/negotiate_auth/squid_kerb_auth/configure.in 2009-08-06 21:10:24.000000000 +0200 ++++ squid-3.1.0.13/helpers/negotiate_auth/squid_kerb_auth/configure.in 2009-08-22 12:05:53.000000000 +0200 @@ -17,6 +17,7 @@ AC_INIT([squid_kerb_auth],[1.0.5],[markus_moeller@compuserve.com]) @@ -146,7 +146,7 @@ diff -Nru squid-3.1.0.13.orig/helpers/negotiate_auth/squid_kerb_auth/configure.i { diff -Nru squid-3.1.0.13.orig/lib/libTrie/acinclude.m4 squid-3.1.0.13/lib/libTrie/acinclude.m4 --- squid-3.1.0.13.orig/lib/libTrie/acinclude.m4 2009-08-04 15:32:11.000000000 +0200 -+++ squid-3.1.0.13/lib/libTrie/acinclude.m4 2009-08-06 21:10:24.000000000 +0200 ++++ squid-3.1.0.13/lib/libTrie/acinclude.m4 2009-08-22 12:05:53.000000000 +0200 @@ -9,7 +9,7 @@ AC_MSG_CHECKING([whether compiler accepts -fhuge-objects]) AC_CACHE_VAL([ac_cv_test_checkforhugeobjects],[ @@ -158,7 +158,7 @@ diff -Nru squid-3.1.0.13.orig/lib/libTrie/acinclude.m4 squid-3.1.0.13/lib/libTri echo yes diff -Nru squid-3.1.0.13.orig/lib/libTrie/configure.in squid-3.1.0.13/lib/libTrie/configure.in --- squid-3.1.0.13.orig/lib/libTrie/configure.in 2009-08-04 15:32:11.000000000 +0200 -+++ squid-3.1.0.13/lib/libTrie/configure.in 2009-08-06 21:10:24.000000000 +0200 ++++ squid-3.1.0.13/lib/libTrie/configure.in 2009-08-22 12:05:53.000000000 +0200 @@ -59,8 +59,8 @@ dnl set useful flags @@ -172,27 +172,16 @@ diff -Nru squid-3.1.0.13.orig/lib/libTrie/configure.in squid-3.1.0.13/lib/libTri TRIE_CXXFLAGS= diff -Nru squid-3.1.0.13.orig/src/cf.data.pre squid-3.1.0.13/src/cf.data.pre --- squid-3.1.0.13.orig/src/cf.data.pre 2009-08-04 15:32:16.000000000 +0200 -+++ squid-3.1.0.13/src/cf.data.pre 2009-08-06 21:10:24.000000000 +0200 -@@ -708,6 +708,8 @@ ++++ squid-3.1.0.13/src/cf.data.pre 2009-08-22 12:06:21.000000000 +0200 +@@ -708,6 +708,7 @@ acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http +acl Safe_ports port 901 # SWAT -+acl purge method PURGE acl CONNECT method CONNECT NOCOMMENT_END DOC_END -@@ -833,6 +835,9 @@ - # Only allow cachemgr access from localhost - http_access allow manager localhost - http_access deny manager -+# Only allow purge requests from localhost -+http_access allow purge localhost -+http_access deny purge - # Deny requests to unknown ports - http_access deny !Safe_ports - # Deny CONNECT to other than SSL ports -@@ -851,6 +856,9 @@ +@@ -851,6 +852,9 @@ http_access allow localnet http_access allow localhost @@ -202,7 +191,7 @@ diff -Nru squid-3.1.0.13.orig/src/cf.data.pre squid-3.1.0.13/src/cf.data.pre # And finally deny all other access to this proxy http_access deny all NOCOMMENT_END -@@ -3942,11 +3950,11 @@ +@@ -3942,11 +3946,11 @@ NAME: cache_mgr TYPE: string @@ -216,7 +205,7 @@ diff -Nru squid-3.1.0.13.orig/src/cf.data.pre squid-3.1.0.13/src/cf.data.pre DOC_END NAME: mail_from -@@ -6243,7 +6251,7 @@ +@@ -6243,7 +6247,7 @@ NAME: forwarded_for COMMENT: on|off|transparent|truncate|delete TYPE: string @@ -227,7 +216,7 @@ diff -Nru squid-3.1.0.13.orig/src/cf.data.pre squid-3.1.0.13/src/cf.data.pre If set to "on", Squid will append your client's IP address diff -Nru squid-3.1.0.13.orig/src/debug.cc squid-3.1.0.13/src/debug.cc --- squid-3.1.0.13.orig/src/debug.cc 2009-08-04 15:32:16.000000000 +0200 -+++ squid-3.1.0.13/src/debug.cc 2009-08-06 21:10:24.000000000 +0200 ++++ squid-3.1.0.13/src/debug.cc 2009-08-22 12:05:53.000000000 +0200 @@ -452,7 +452,7 @@ #if HAVE_SYSLOG && defined(LOG_LOCAL4) @@ -239,7 +228,7 @@ diff -Nru squid-3.1.0.13.orig/src/debug.cc squid-3.1.0.13/src/debug.cc diff -Nru squid-3.1.0.13.orig/src/main.cc squid-3.1.0.13/src/main.cc --- squid-3.1.0.13.orig/src/main.cc 2009-08-04 15:32:17.000000000 +0200 -+++ squid-3.1.0.13/src/main.cc 2009-08-06 21:10:24.000000000 +0200 ++++ squid-3.1.0.13/src/main.cc 2009-08-22 12:05:53.000000000 +0200 @@ -1533,7 +1533,7 @@ if (*(argv[0]) == '(') return; @@ -269,7 +258,7 @@ diff -Nru squid-3.1.0.13.orig/src/main.cc squid-3.1.0.13/src/main.cc diff -Nru squid-3.1.0.13.orig/src/Makefile.am squid-3.1.0.13/src/Makefile.am --- squid-3.1.0.13.orig/src/Makefile.am 2009-08-04 15:32:13.000000000 +0200 -+++ squid-3.1.0.13/src/Makefile.am 2009-08-06 21:10:24.000000000 +0200 ++++ squid-3.1.0.13/src/Makefile.am 2009-08-22 12:05:53.000000000 +0200 @@ -636,7 +636,6 @@ sysconf_DATA = \ diff --git a/net-proxy/squid/files/squid-3.1.0.13_beta-qafixes.patch b/net-proxy/squid/files/squid-3.1.0.13_beta-qafixes.patch index 510c490f21f8..12f9144018aa 100644 --- a/net-proxy/squid/files/squid-3.1.0.13_beta-qafixes.patch +++ b/net-proxy/squid/files/squid-3.1.0.13_beta-qafixes.patch @@ -41,3 +41,42 @@ diff -Nru squid-3.1.0.13.orig/src/ftp.cc squid-3.1.0.13/src/ftp.cc if (escaped) rfc1738_unescape(user); } +diff -Nru squid-3.1.0.13.orig/helpers/negotiate_auth/squid_kerb_auth/configure.in squid-3.1.0.13/helpers/negotiate_auth/squid_kerb_auth/configure.in +--- squid-3.1.0.13.orig/helpers/negotiate_auth/squid_kerb_auth/configure.in 2009-08-19 19:00:43.000000000 +0200 ++++ squid-3.1.0.13/helpers/negotiate_auth/squid_kerb_auth/configure.in 2009-08-22 12:53:13.000000000 +0200 +@@ -94,7 +94,7 @@ + else + ac_gssapi_libs=`krb5-config --libs gssapi 2>/dev/null` + if test "x$ac_gssapi_libs" != "x" ; then +- LDFLAGS="$LDFLAGS $ac_gssapi_libs" ++ LIBS="$LIBS $ac_gssapi_libs" + else + for lib in $ac_gss_libs; do + AC_CHECK_LIB($lib,main) +@@ -118,7 +118,7 @@ + fi + ac_gssapi_libs=`krb5-config --libs gssapi 2>/dev/null` + if test "x$ac_gssapi_libs" != "x" ; then +- LDFLAGS="$LDFLAGS $ac_gssapi_libs" ++ LIBS="$LIBS $ac_gssapi_libs" + else + for lib in $ac_gss_libs; do + AC_CHECK_LIB($lib,main) +@@ -172,7 +172,7 @@ + ac_libdir=`echo $ac_gssapi_libs | sed -e 's/.*-L//' | sed -e 's/ .*//'` + LDFLAGS="$LDFLAGS $w_flag$ac_libdir$w_flag_2" + fi +- LDFLAGS="$LDFLAGS $ac_gssapi_libs" ++ LIBS="$LIBS $ac_gssapi_libs" + else + for lib in $ac_gss_libs; do + AC_CHECK_LIB($lib,main) +@@ -201,7 +201,7 @@ + ac_libdir=`echo $ac_gssapi_libs | sed -e 's/.*-L//' | sed -e 's/ .*//'` + LDFLAGS="$LDFLAGS $w_flag$ac_libdir$w_flag_2" + fi +- LDFLAGS="$LDFLAGS $ac_gssapi_libs" ++ LIBS="$LIBS $ac_gssapi_libs" + else + for lib in $ac_gss_libs; do + AC_CHECK_LIB($lib,main) diff --git a/net-proxy/squid/files/squid-3.1.0.9_beta-gentoo.patch b/net-proxy/squid/files/squid-3.1.0.9_beta-gentoo.patch deleted file mode 100644 index 9307b26a4cbc..000000000000 --- a/net-proxy/squid/files/squid-3.1.0.9_beta-gentoo.patch +++ /dev/null @@ -1,309 +0,0 @@ -diff -Nru squid-3.1.0.9.orig/acinclude.m4 squid-3.1.0.9/acinclude.m4 ---- squid-3.1.0.9.orig/acinclude.m4 2009-06-26 12:35:27.000000000 +0200 -+++ squid-3.1.0.9/acinclude.m4 2009-07-14 07:49:12.000000000 +0200 -@@ -73,7 +73,7 @@ - AC_MSG_CHECKING([whether compiler accepts -fhuge-objects]) - AC_CACHE_VAL([ac_cv_test_checkforhugeobjects],[ - ac_cv_test_checkforhugeobjects=`echo "int foo;" > conftest.cc --${CXX} -Werror -fhuge-objects -c conftest.cc 2>/dev/null -+${CXX} -fhuge-objects -c conftest.cc 2>/dev/null - res=$? - rm -f conftest.* - echo yes -diff -Nru squid-3.1.0.9.orig/configure.in squid-3.1.0.9/configure.in ---- squid-3.1.0.9.orig/configure.in 2009-07-14 07:47:57.000000000 +0200 -+++ squid-3.1.0.9/configure.in 2009-07-14 07:51:03.000000000 +0200 -@@ -16,9 +16,9 @@ - PRESET_LDFLAGS="$LDFLAGS" - - dnl Set default LDFLAGS --if test -z "$LDFLAGS"; then -- LDFLAGS="-g" --fi -+dnl if test -z "$LDFLAGS"; then -+dnl LDFLAGS="-g" -+dnl fi - - dnl Check for GNU cc - AC_PROG_CC -@@ -259,13 +259,13 @@ - dnl TODO: check if the problem will be present in any other newer MinGW release. - case "$host_os" in - mingw|mingw32) -- SQUID_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wcomments" -+ SQUID_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings" - ;; - *) -- SQUID_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments" -+ SQUID_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations" - ;; - esac -- SQUID_CXXFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments" -+ SQUID_CXXFLAGS="-Wall -Wpointer-arith -Wwrite-strings" - else - SQUID_CFLAGS= - SQUID_CXXFLAGS= -diff -Nru squid-3.1.0.9.orig/helpers/basic_auth/MSNT/confload.c squid-3.1.0.9/helpers/basic_auth/MSNT/confload.c ---- squid-3.1.0.9.orig/helpers/basic_auth/MSNT/confload.c 2009-06-26 12:35:29.000000000 +0200 -+++ squid-3.1.0.9/helpers/basic_auth/MSNT/confload.c 2009-07-14 07:49:12.000000000 +0200 -@@ -27,7 +27,7 @@ - - /* Path to configuration file */ - #ifndef SYSCONFDIR --#define SYSCONFDIR "/usr/local/squid/etc" -+#define SYSCONFDIR "/etc/squid" - #endif - #define CONFIGFILE SYSCONFDIR "/msntauth.conf" - -diff -Nru squid-3.1.0.9.orig/helpers/basic_auth/MSNT/msntauth.conf.default squid-3.1.0.9/helpers/basic_auth/MSNT/msntauth.conf.default ---- squid-3.1.0.9.orig/helpers/basic_auth/MSNT/msntauth.conf.default 2009-06-26 12:35:29.000000000 +0200 -+++ squid-3.1.0.9/helpers/basic_auth/MSNT/msntauth.conf.default 2009-07-14 07:49:12.000000000 +0200 -@@ -8,6 +8,6 @@ - server other_PDC other_BDC otherdomain - - # Denied and allowed users. Comment these if not needed. --#denyusers /usr/local/squid/etc/msntauth.denyusers --#allowusers /usr/local/squid/etc/msntauth.allowusers -+#denyusers /etc/squid/msntauth.denyusers -+#allowusers /etc/squid/msntauth.allowusers - -diff -Nru squid-3.1.0.9.orig/helpers/basic_auth/SMB/Makefile.am squid-3.1.0.9/helpers/basic_auth/SMB/Makefile.am ---- squid-3.1.0.9.orig/helpers/basic_auth/SMB/Makefile.am 2009-06-26 12:35:30.000000000 +0200 -+++ squid-3.1.0.9/helpers/basic_auth/SMB/Makefile.am 2009-07-14 07:49:12.000000000 +0200 -@@ -16,7 +16,7 @@ - ## FIXME: autoconf should test for the samba path. - - SMB_AUTH_HELPER = smb_auth.sh --SAMBAPREFIX=/usr/local/samba -+SAMBAPREFIX=/usr - SMB_AUTH_HELPER_PATH = $(libexecdir)/$(SMB_AUTH_HELPER) - - libexec_SCRIPTS = $(SMB_AUTH_HELPER) -diff -Nru squid-3.1.0.9.orig/helpers/basic_auth/SMB/smb_auth.sh squid-3.1.0.9/helpers/basic_auth/SMB/smb_auth.sh ---- squid-3.1.0.9.orig/helpers/basic_auth/SMB/smb_auth.sh 2009-06-26 12:35:30.000000000 +0200 -+++ squid-3.1.0.9/helpers/basic_auth/SMB/smb_auth.sh 2009-07-14 07:49:12.000000000 +0200 -@@ -24,7 +24,7 @@ - read AUTHSHARE - read AUTHFILE - read SMBUSER --read SMBPASS -+read -r SMBPASS - - # Find domain controller - echo "Domain name: $DOMAINNAME" -@@ -47,7 +47,7 @@ - addropt="" - fi - echo "Query address options: $addropt" --dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'` -+dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'` - echo "Domain controller IP address: $dcip" - [ -n "$dcip" ] || exit 1 - -diff -Nru squid-3.1.0.9.orig/helpers/external_acl/session/squid_session.8 squid-3.1.0.9/helpers/external_acl/session/squid_session.8 ---- squid-3.1.0.9.orig/helpers/external_acl/session/squid_session.8 2009-06-26 12:35:31.000000000 +0200 -+++ squid-3.1.0.9/helpers/external_acl/session/squid_session.8 2009-07-14 07:49:12.000000000 +0200 -@@ -35,7 +35,7 @@ - .P - Configuration example using the default automatic mode - .IP --external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/local/squid/libexec/squid_session -+external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/libexec/squid/squid_session - .IP - acl session external session - .IP -diff -Nru squid-3.1.0.9.orig/helpers/external_acl/unix_group/squid_unix_group.8 squid-3.1.0.9/helpers/external_acl/unix_group/squid_unix_group.8 ---- squid-3.1.0.9.orig/helpers/external_acl/unix_group/squid_unix_group.8 2009-06-26 12:35:31.000000000 +0200 -+++ squid-3.1.0.9/helpers/external_acl/unix_group/squid_unix_group.8 2009-07-14 07:49:12.000000000 +0200 -@@ -27,7 +27,7 @@ - This squid.conf example defines two Squid acls. usergroup1 matches users in group1, and usergroup2 - matches users in group2 or group3 - .IP --external_acl_type unix_group %LOGIN /usr/local/squid/libexec/squid_unix_group -p -+external_acl_type unix_group %LOGIN /usr/libexec/squid/squid_unix_group -p - .IP - acl usergroup1 external unix_group group1 - .IP -diff -Nru squid-3.1.0.9.orig/helpers/negotiate_auth/squid_kerb_auth/configure.in squid-3.1.0.9/helpers/negotiate_auth/squid_kerb_auth/configure.in ---- squid-3.1.0.9.orig/helpers/negotiate_auth/squid_kerb_auth/configure.in 2009-06-26 12:35:31.000000000 +0200 -+++ squid-3.1.0.9/helpers/negotiate_auth/squid_kerb_auth/configure.in 2009-07-14 07:49:12.000000000 +0200 -@@ -17,6 +17,7 @@ - - AC_INIT([squid_kerb_auth],[1.0.5],[markus_moeller@compuserve.com]) - AM_INIT_AUTOMAKE(squid_kerb_auth,1.0.5) -+AM_MAINTAINER_MODE - AC_CONFIG_SRCDIR([squid_kerb_auth.c]) - - AC_PROG_CC -@@ -531,7 +532,7 @@ - dnl set variable for use in automakefile(s) - AM_CONDITIONAL(HAVE_SPNEGO, test x"$ac_cv_have_spnego" = x"yes" ) - --MY_CFLAGS="-Wall -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wshadow" -+MY_CFLAGS="-Wall -Wextra -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wshadow" - for ac_cv_my_cflag in $MY_CFLAGS; do - echo "int main() - { -diff -Nru squid-3.1.0.9.orig/lib/libTrie/acinclude.m4 squid-3.1.0.9/lib/libTrie/acinclude.m4 ---- squid-3.1.0.9.orig/lib/libTrie/acinclude.m4 2009-06-26 12:35:32.000000000 +0200 -+++ squid-3.1.0.9/lib/libTrie/acinclude.m4 2009-07-14 07:49:12.000000000 +0200 -@@ -9,7 +9,7 @@ - AC_MSG_CHECKING([whether compiler accepts -fhuge-objects]) - AC_CACHE_VAL([ac_cv_test_checkforhugeobjects],[ - ac_cv_test_checkforhugeobjects=`echo "int foo;" > conftest.cc --${CXX} -Werror -fhuge-objects -c conftest.cc 2>/dev/null -+${CXX} -fhuge-objects -c conftest.cc 2>/dev/null - res=$? - rm -f conftest.* - echo yes -diff -Nru squid-3.1.0.9.orig/lib/libTrie/configure.in squid-3.1.0.9/lib/libTrie/configure.in ---- squid-3.1.0.9.orig/lib/libTrie/configure.in 2009-06-26 12:35:32.000000000 +0200 -+++ squid-3.1.0.9/lib/libTrie/configure.in 2009-07-14 07:49:12.000000000 +0200 -@@ -59,8 +59,8 @@ - - dnl set useful flags - if test "$GCC" = "yes"; then -- TRIE_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments" -- TRIE_CXXFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments" -+ TRIE_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations" -+ TRIE_CXXFLAGS="-Wall -Wpointer-arith -Wwrite-strings" - else - TRIE_CFLAGS= - TRIE_CXXFLAGS= -diff -Nru squid-3.1.0.9.orig/src/cf.data.pre squid-3.1.0.9/src/cf.data.pre ---- squid-3.1.0.9.orig/src/cf.data.pre 2009-06-26 12:35:37.000000000 +0200 -+++ squid-3.1.0.9/src/cf.data.pre 2009-07-14 07:49:12.000000000 +0200 -@@ -685,6 +685,8 @@ - acl Safe_ports port 488 # gss-http - acl Safe_ports port 591 # filemaker - acl Safe_ports port 777 # multiling http -+acl Safe_ports port 901 # SWAT -+acl purge method PURGE - acl CONNECT method CONNECT - NOCOMMENT_END - DOC_END -@@ -804,6 +806,9 @@ - # Only allow cachemgr access from localhost - http_access allow manager localhost - http_access deny manager -+# Only allow purge requests from localhost -+http_access allow purge localhost -+http_access deny purge - # Deny requests to unknown ports - http_access deny !Safe_ports - # Deny CONNECT to other than SSL ports -@@ -821,6 +826,9 @@ - # from where browsing should be allowed - http_access allow localnet - -+# Allow the localhost to have access by default -+http_access allow localhost -+ - # And finally deny all other access to this proxy - http_access deny all - NOCOMMENT_END -@@ -3690,11 +3698,11 @@ - - NAME: cache_mgr - TYPE: string --DEFAULT: webmaster -+DEFAULT: root - LOC: Config.adminEmail - DOC_START - Email-address of local cache manager who will receive -- mail if the cache dies. The default is "webmaster." -+ mail if the cache dies. The default is "root". - DOC_END - - NAME: mail_from -@@ -5812,7 +5820,7 @@ - NAME: forwarded_for - COMMENT: on|off|transparent|truncate|delete - TYPE: string --DEFAULT: on -+DEFAULT: delete - LOC: opt_forwarded_for - DOC_START - If set to "on", Squid will append your client's IP address -diff -Nru squid-3.1.0.9.orig/src/debug.cc squid-3.1.0.9/src/debug.cc ---- squid-3.1.0.9.orig/src/debug.cc 2009-06-26 12:35:38.000000000 +0200 -+++ squid-3.1.0.9/src/debug.cc 2009-07-14 07:51:54.000000000 +0200 -@@ -452,7 +452,7 @@ - #if HAVE_SYSLOG && defined(LOG_LOCAL4) - - if (Debug::log_syslog) -- openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, syslog_facility); -+ openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, syslog_facility); - - #endif /* HAVE_SYSLOG */ - -diff -Nru squid-3.1.0.9.orig/src/main.cc squid-3.1.0.9/src/main.cc ---- squid-3.1.0.9.orig/src/main.cc 2009-06-26 12:35:39.000000000 +0200 -+++ squid-3.1.0.9/src/main.cc 2009-07-14 07:49:12.000000000 +0200 -@@ -1511,7 +1511,7 @@ - if (*(argv[0]) == '(') - return; - -- openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); -+ openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, LOG_DAEMON); - - if ((pid = fork()) < 0) - syslog(LOG_ALERT, "fork failed: %s", xstrerror()); -@@ -1555,7 +1555,7 @@ - - if ((pid = fork()) == 0) { - /* child */ -- openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); -+ openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, LOG_DAEMON); - prog = xstrdup(argv[0]); - argv[0] = xstrdup("(squid)"); - execvp(prog, argv); -@@ -1563,7 +1563,7 @@ - } - - /* parent */ -- openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); -+ openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, LOG_DAEMON); - - syslog(LOG_NOTICE, "Squid Parent: child process %d started", pid); - -diff -Nru squid-3.1.0.9.orig/src/Makefile.am squid-3.1.0.9/src/Makefile.am ---- squid-3.1.0.9.orig/src/Makefile.am 2009-06-26 12:35:33.000000000 +0200 -+++ squid-3.1.0.9/src/Makefile.am 2009-07-14 07:49:12.000000000 +0200 -@@ -629,7 +629,6 @@ - - sysconf_DATA = \ - squid.conf.default \ -- squid.conf.documented \ - mime.conf.default - - data_DATA = \ -@@ -704,8 +703,8 @@ - DEFAULT_ACCESS_LOG = $(DEFAULT_LOG_PREFIX)/access.log - DEFAULT_STORE_LOG = $(DEFAULT_LOG_PREFIX)/store.log - DEFAULT_PID_FILE = @DEFAULT_PIDFILE@ --DEFAULT_NETDB_FILE = $(DEFAULT_LOG_PREFIX)/netdb.state --DEFAULT_SWAP_DIR = $(localstatedir)/cache -+DEFAULT_NETDB_FILE = $(localstatedir)/run/netdb.state -+DEFAULT_SWAP_DIR = $(localstatedir)/cache/squid - DEFAULT_PINGER = $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'` - DEFAULT_UNLINKD = $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'` - DEFAULT_DISKD = $(libexecdir)/`echo diskd | sed '$(transform);s/$$/$(EXEEXT)/'` -@@ -739,7 +738,7 @@ - true - - squid.conf.default: squid.conf.documented -- $(EGREP) -v "^[#\ ]" squid.conf.documented | $(EGREP) . >squid.conf.default -+ cp squid.conf.documented squid.conf.default - - cf_parser.h: cf.data cf_gen$(EXEEXT) - ./cf_gen cf.data $(srcdir)/cf.data.depend -@@ -793,8 +792,6 @@ - fi - echo "$(INSTALL_DATA) squid.conf.default $(DESTDIR)$(DEFAULT_CONFIG_FILE).default"; \ - $(INSTALL_DATA) squid.conf.default $(DESTDIR)$(DEFAULT_CONFIG_FILE).default; \ -- echo "$(INSTALL_DATA) squid.conf.documented $(DESTDIR)$(DEFAULT_CONFIG_FILE).documented"; \ -- $(INSTALL_DATA) squid.conf.documented $(DESTDIR)$(DEFAULT_CONFIG_FILE).documented; \ - $(mkinstalldirs) $(DESTDIR)$(DEFAULT_LOG_PREFIX) - - uninstall-local: diff --git a/net-proxy/squid/files/squid-3.1.0.9_beta-invconv.patch b/net-proxy/squid/files/squid-3.1.0.9_beta-invconv.patch deleted file mode 100644 index 7d487c73afc6..000000000000 --- a/net-proxy/squid/files/squid-3.1.0.9_beta-invconv.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff -Nru squid-3.1.0.9.orig/src/ftp.cc squid-3.1.0.9/src/ftp.cc ---- squid-3.1.0.9.orig/src/ftp.cc 2009-06-26 12:35:38.000000000 +0200 -+++ squid-3.1.0.9/src/ftp.cc 2009-07-14 08:12:44.000000000 +0200 -@@ -526,16 +526,18 @@ - void - FtpStateData::loginParser(const char *login, int escaped) - { -- char *s = NULL; -+ const char *s = NULL; - debugs(9, 4, HERE << ": login='" << login << "', escaped=" << escaped); - debugs(9, 9, HERE << ": IN : login='" << login << "', escaped=" << escaped << ", user=" << user << ", password=" << password); - - if ((s = strchr(login, ':'))) { -- *s = '\0'; -- - /* if there was a username part */ - if (s > login) { -- xstrncpy(user, login, MAX_URL); -+ int len = s - login; -+ if (len > MAX_URL) -+ len = MAX_URL; -+ xstrncpy(user, login, len); -+ user[len] = '\0'; - if (escaped) - rfc1738_unescape(user); - } diff --git a/net-proxy/squid/squid-2.7.6-r2.ebuild b/net-proxy/squid/squid-2.7.6-r2.ebuild new file mode 100644 index 000000000000..e6e8fa20249d --- /dev/null +++ b/net-proxy/squid/squid-2.7.6-r2.ebuild @@ -0,0 +1,190 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-2.7.6-r2.ebuild,v 1.1 2009/08/22 12:57:20 mrness Exp $ + +EAPI="2" + +inherit eutils pam toolchain-funcs autotools + +#lame archive versioning scheme.. +S_PMV="${PV%%.*}" +S_PV="${PV%.*}" +S_PL="${PV##*.}" +S_PL="${S_PL/_rc/-RC}" +S_PP="${PN}-${S_PV}.STABLE${S_PL}" + +DESCRIPTION="A full-featured web proxy cache" +HOMEPAGE="http://www.squid-cache.org/" +SRC_URI="http://www.squid-cache.org/Versions/v${S_PMV}/${S_PV}/${S_PP}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="caps pam ldap samba sasl kerberos nis ssl snmp selinux logrotate \ + mysql postgres sqlite \ + zero-penalty-hit \ + pf-transparent ipf-transparent kqueue \ + elibc_uclibc kernel_linux +epoll" + +DEPEND="caps? ( >=sys-libs/libcap-2.16 ) + pam? ( virtual/pam ) + ldap? ( net-nds/openldap ) + kerberos? ( || ( app-crypt/mit-krb5 app-crypt/heimdal ) ) + ssl? ( dev-libs/openssl ) + sasl? ( dev-libs/cyrus-sasl ) + selinux? ( sec-policy/selinux-squid ) + !x86-fbsd? ( logrotate? ( app-admin/logrotate ) ) + >=sys-libs/db-4 + dev-lang/perl" +RDEPEND="${DEPEND} + samba? ( net-fs/samba ) + mysql? ( dev-perl/DBD-mysql ) + postgres? ( dev-perl/DBD-Pg ) + sqlite? ( dev-perl/DBD-SQLite )" + +S="${WORKDIR}/${S_PP}" + +pkg_setup() { + if use zero-penalty-hit; then + ewarn "This version supports natively IP TOS/Priority mangling," + ewarn "but it does not support zph_preserve_miss_tos." + ewarn "If you need that, please use >=${CATEGORY}/${PN}-3 ." + fi + enewgroup squid 31 + enewuser squid 31 -1 /var/cache/squid squid +} + +src_prepare() { + epatch "${FILESDIR}"/${PN}-2-capability.patch + epatch "${FILESDIR}"/${P}-cve-2009-2855.patch + epatch "${FILESDIR}"/${P}-gentoo.patch + has_version app-crypt/mit-krb5 || epatch "${FILESDIR}"/${P}-heimdal.patch + eautoreconf +} + +src_configure() { + local basic_modules="getpwnam,NCSA,MSNT" + use samba && basic_modules="SMB,multi-domain-NTLM,${basic_modules}" + use ldap && basic_modules="LDAP,${basic_modules}" + use pam && basic_modules="PAM,${basic_modules}" + use sasl && basic_modules="SASL,${basic_modules}" + use nis && ! use elibc_uclibc && basic_modules="YP,${basic_modules}" + if use mysql || use postgres || use sqlite ; then + basic_modules="DB,${basic_modules}" + fi + + local ext_helpers="ip_user,session,unix_group" + use samba && ext_helpers="wbinfo_group,${ext_helpers}" + use ldap && ext_helpers="ldap_group,${ext_helpers}" + + local ntlm_helpers="fakeauth" + use samba && ntlm_helpers="SMB,${ntlm_helpers}" + + local negotiate_helpers= + use kerberos && local negotiate_helpers="squid_kerb_auth" + + local myconf="" + + # Support for uclibc #61175 + if use elibc_uclibc; then + myconf="${myconf} --enable-storeio=ufs,diskd,aufs,null" + myconf="${myconf} --disable-async-io" + else + myconf="${myconf} --enable-storeio=ufs,diskd,coss,aufs,null" + myconf="${myconf} --enable-async-io" + fi + + if use kernel_linux; then + myconf="${myconf} --enable-linux-netfilter + $(use_enable epoll)" + elif use kernel_FreeBSD || use kernel_OpenBSD || use kernel_NetBSD ; then + myconf="${myconf} $(use_enable kqueue)" + if use pf-transparent; then + myconf="${myconf} --enable-pf-transparent" + elif use ipf-transparent; then + myconf="${myconf} --enable-ipf-transparent" + fi + fi + + export CC=$(tc-getCC) + + econf \ + --sysconfdir=/etc/squid \ + --libexecdir=/usr/libexec/squid \ + --localstatedir=/var \ + --datadir=/usr/share/squid \ + --enable-auth="basic,digest,ntlm,negotiate" \ + --enable-removal-policies="lru,heap" \ + --enable-digest-auth-helpers="password" \ + --enable-basic-auth-helpers="${basic_modules}" \ + --enable-external-acl-helpers="${ext_helpers}" \ + --enable-ntlm-auth-helpers="${ntlm_helpers}" \ + --enable-negotiate-auth-helpers="${negotiate_helpers}" \ + --enable-ident-lookups \ + --enable-useragent-log \ + --enable-cache-digests \ + --enable-delay-pools \ + --enable-referer-log \ + --enable-arp-acl \ + --with-pthreads \ + --with-large-files \ + --enable-htcp \ + --enable-carp \ + --enable-follow-x-forwarded-for \ + --with-maxfd=8192 \ + $(use_enable caps) \ + $(use_enable snmp) \ + $(use_enable ssl) \ + ${myconf} || die "econf failed" +} + +src_install() { + make DESTDIR="${D}" install || die "make install failed" + + # need suid root for looking into /etc/shadow + fowners root:squid /usr/libexec/squid/ncsa_auth + fowners root:squid /usr/libexec/squid/pam_auth + fperms 4750 /usr/libexec/squid/ncsa_auth + fperms 4750 /usr/libexec/squid/pam_auth + + # some cleanups + rm -f "${D}"/usr/bin/Run* + + dodoc CONTRIBUTORS CREDITS ChangeLog QUICKSTART SPONSORS doc/*.txt \ + helpers/ntlm_auth/no_check/README.no_check_ntlm_auth + newdoc helpers/basic_auth/SMB/README README.auth_smb + dohtml helpers/basic_auth/MSNT/README.html RELEASENOTES.html + newdoc helpers/basic_auth/LDAP/README README.auth_ldap + doman helpers/basic_auth/LDAP/*.8 + dodoc helpers/basic_auth/SASL/squid_sasl_auth* + + newpamd "${FILESDIR}/squid.pam" squid + newconfd "${FILESDIR}/squid.confd" squid + if use logrotate; then + newinitd "${FILESDIR}/squid.initd-logrotate" squid + insinto /etc/logrotate.d + newins "${FILESDIR}/squid.logrotate" squid + else + newinitd "${FILESDIR}/squid.initd" squid + exeinto /etc/cron.weekly + newexe "${FILESDIR}/squid.cron" squid.cron + fi + + rm -rf "${D}"/var + diropts -m0755 -o squid -g squid + keepdir /var/cache/squid /var/log/squid +} + +pkg_postinst() { + echo + ewarn "Squid authentication helpers have been installed suid root." + ewarn "This allows shadow based authentication (see bug #52977 for more)." + echo + ewarn "Be careful what type of cache_dir you select!" + ewarn " 'diskd' is optimized for high levels of traffic, but it might seem slow" + ewarn "when there isn't sufficient traffic to keep squid reasonably busy." + ewarn " If your traffic level is low to moderate, use 'aufs' or 'ufs'." + echo + ewarn "Squid can be configured to run in transparent mode like this:" + ewarn " ${HILITE}http_port internal-addr:3128 transparent${NORMAL}" +} diff --git a/net-proxy/squid/squid-3.0.15.ebuild b/net-proxy/squid/squid-3.0.15.ebuild deleted file mode 100644 index 6b82995acf16..000000000000 --- a/net-proxy/squid/squid-3.0.15.ebuild +++ /dev/null @@ -1,197 +0,0 @@ -# Copyright 1999-2009 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-3.0.15.ebuild,v 1.8 2009/07/05 19:49:49 maekke Exp $ - -EAPI="2" - -inherit eutils pam toolchain-funcs autotools linux-info - -# lame archive versioning scheme.. -S_PMV="${PV%%.*}" -S_PV="${PV%.*}" -S_PL="${PV##*.}" -S_PP="${PN}-${S_PV}.STABLE${S_PL}" - -RESTRICT="test" # check if test works in next bump - -DESCRIPTION="A full-featured web proxy cache" -HOMEPAGE="http://www.squid-cache.org/" -SRC_URI="http://www.squid-cache.org/Versions/v${S_PMV}/${S_PV}/${S_PP}.tar.gz - mirror://gentoo/${PN}-3.0.14-chunk-encoding.patch.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 ~mips ~ppc ppc64 sparc x86 ~x86-fbsd" -IUSE="caps pam ldap samba sasl kerberos nis radius ssl snmp selinux icap-client logrotate \ - mysql postgres sqlite \ - zero-penalty-hit \ - pf-transparent ipf-transparent kqueue \ - elibc_uclibc kernel_linux epoll" - -DEPEND="caps? ( >=sys-libs/libcap-2.16 ) - pam? ( virtual/pam ) - ldap? ( net-nds/openldap ) - kerberos? ( || ( app-crypt/mit-krb5 app-crypt/heimdal ) ) - ssl? ( dev-libs/openssl ) - sasl? ( dev-libs/cyrus-sasl ) - selinux? ( sec-policy/selinux-squid ) - !x86-fbsd? ( logrotate? ( app-admin/logrotate ) ) - >=sys-libs/db-4 - dev-lang/perl" -RDEPEND="${DEPEND} - samba? ( net-fs/samba ) - mysql? ( dev-perl/DBD-mysql ) - postgres? ( dev-perl/DBD-Pg ) - sqlite? ( dev-perl/DBD-SQLite )" - -S="${WORKDIR}/${S_PP}" - -pkg_setup() { - if grep -qs '^[[:space:]]*cache_dir[[:space:]]\+coss' "${ROOT}"etc/squid/squid.conf; then - eerror "coss store IO has been disabled by upstream due to stability issues!" - eerror "If you want to install this version, switch the store type to something else" - eerror "before attempting to install this version again." - - die "/etc/squid/squid.conf: cache_dir use a disabled store type" - fi - - enewgroup squid 31 - enewuser squid 31 -1 /var/cache/squid squid -} - -src_prepare() { - epatch "${FILESDIR}"/${PN}-3-capability.patch - epatch "${FILESDIR}"/${P}-gentoo.patch - epatch "${FILESDIR}"/${P}-gcc43.patch - epatch "${FILESDIR}"/${P}-cross-compile.patch - epatch "${WORKDIR}"/${PN}-3.0.14-chunk-encoding.patch - use zero-penalty-hit && epatch "${FILESDIR}"/${P}-adapted-zph.patch - has_version app-crypt/mit-krb5 || epatch "${FILESDIR}"/${P}-heimdal.patch - - eautoreconf -} - -src_configure() { - local basic_modules="getpwnam,NCSA,MSNT" - use samba && basic_modules="SMB,multi-domain-NTLM,${basic_modules}" - use ldap && basic_modules="LDAP,${basic_modules}" - use pam && basic_modules="PAM,${basic_modules}" - use sasl && basic_modules="SASL,${basic_modules}" - use nis && ! use elibc_uclibc && basic_modules="YP,${basic_modules}" - use radius && basic_modules="squid_radius_auth,${basic_modules}" - if use mysql || use postgres || use sqlite ; then - basic_modules="DB,${basic_modules}" - fi - - local ext_helpers="ip_user,session,unix_group" - use samba && ext_helpers="wbinfo_group,${ext_helpers}" - use ldap && ext_helpers="ldap_group,${ext_helpers}" - - local ntlm_helpers="fakeauth" - use samba && ntlm_helpers="SMB,${ntlm_helpers}" - - local negotiate_helpers= - use kerberos && local negotiate_helpers="squid_kerb_auth" - - local myconf="" - - # coss support has been disabled - # If it is re-enabled again, make sure you don't enable it for elibc_uclibc (#61175) - myconf="${myconf} --enable-storeio=ufs,diskd,aufs,null" - - if use kernel_linux; then - myconf="${myconf} --enable-linux-netfilter - $(use_enable epoll)" - elif use kernel_FreeBSD || use kernel_OpenBSD || use kernel_NetBSD ; then - myconf="${myconf} $(use_enable kqueue)" - if use pf-transparent; then - myconf="${myconf} --enable-pf-transparent" - elif use ipf-transparent; then - myconf="${myconf} --enable-ipf-transparent" - fi - fi - - export CC=$(tc-getCC) - - econf \ - --sysconfdir=/etc/squid \ - --libexecdir=/usr/libexec/squid \ - --localstatedir=/var \ - --datadir=/usr/share/squid \ - --with-default-user=squid \ - --enable-auth="basic,digest,negotiate,ntlm" \ - --enable-removal-policies="lru,heap" \ - --enable-digest-auth-helpers="password" \ - --enable-basic-auth-helpers="${basic_modules}" \ - --enable-external-acl-helpers="${ext_helpers}" \ - --enable-ntlm-auth-helpers="${ntlm_helpers}" \ - --enable-negotiate-auth-helpers="${negotiate_helpers}" \ - --enable-useragent-log \ - --enable-cache-digests \ - --enable-delay-pools \ - --enable-referer-log \ - --enable-arp-acl \ - --with-large-files \ - --with-filedescriptors=8192 \ - $(use_enable caps) \ - $(use_enable snmp) \ - $(use_enable ssl) \ - $(use_enable icap-client) \ - ${myconf} || die "econf failed" -} - -src_install() { - emake DESTDIR="${D}" install || die "emake install failed" - - # need suid root for looking into /etc/shadow - fowners root:squid /usr/libexec/squid/ncsa_auth - fowners root:squid /usr/libexec/squid/pam_auth - fperms 4750 /usr/libexec/squid/ncsa_auth - fperms 4750 /usr/libexec/squid/pam_auth - - # some cleanups - rm -f "${D}"/usr/bin/Run* - - dodoc CONTRIBUTORS CREDITS ChangeLog QUICKSTART SPONSORS doc/*.txt \ - helpers/ntlm_auth/no_check/README.no_check_ntlm_auth - newdoc helpers/basic_auth/SMB/README README.auth_smb - dohtml helpers/basic_auth/MSNT/README.html RELEASENOTES.html - newdoc helpers/basic_auth/LDAP/README README.auth_ldap - doman helpers/basic_auth/LDAP/*.8 - dodoc helpers/basic_auth/SASL/squid_sasl_auth* - - newpamd "${FILESDIR}/squid.pam" squid - newconfd "${FILESDIR}/squid.confd" squid - if use logrotate; then - newinitd "${FILESDIR}/squid.initd-logrotate" squid - insinto /etc/logrotate.d - newins "${FILESDIR}/squid.logrotate" squid - else - newinitd "${FILESDIR}/squid.initd" squid - exeinto /etc/cron.weekly - newexe "${FILESDIR}/squid.cron" squid.cron - fi - - rm -rf "${D}"/var - diropts -m0755 -o squid -g squid - keepdir /var/cache/squid /var/log/squid -} - -pkg_postinst() { - echo - ewarn "Squid authentication helpers have been installed suid root." - ewarn "This allows shadow based authentication (see bug #52977 for more)." - echo - ewarn "Be careful what type of cache_dir you select!" - ewarn " 'diskd' is optimized for high levels of traffic, but it might seem slow" - ewarn "when there isn't sufficient traffic to keep squid reasonably busy." - ewarn " If your traffic level is low to moderate, use 'aufs' or 'ufs'." - echo - ewarn "Squid can be configured to run in transparent mode like this:" - ewarn " ${HILITE}http_port internal-addr:3128 transparent${NORMAL}" - if use zero-penalty-hit; then - echo - ewarn "In order for zph_preserve_miss_tos to work, you will have to alter your kernel" - ewarn "with the patch that can be found on http://zph.bratcheda.org site." - fi -} diff --git a/net-proxy/squid/squid-3.0.18-r1.ebuild b/net-proxy/squid/squid-3.0.18-r1.ebuild new file mode 100644 index 000000000000..77d1b9e2e8d5 --- /dev/null +++ b/net-proxy/squid/squid-3.0.18-r1.ebuild @@ -0,0 +1,194 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-3.0.18-r1.ebuild,v 1.1 2009/08/22 12:57:20 mrness Exp $ + +EAPI="2" + +inherit eutils pam toolchain-funcs autotools + +# lame archive versioning scheme.. +S_PMV="${PV%%.*}" +S_PV="${PV%.*}" +S_PL="${PV##*.}" +S_PP="${PN}-${S_PV}.STABLE${S_PL}" + +RESTRICT="test" # check if test works in next bump + +DESCRIPTION="A full-featured web proxy cache" +HOMEPAGE="http://www.squid-cache.org/" +SRC_URI="http://www.squid-cache.org/Versions/v${S_PMV}/${S_PV}/${S_PP}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="caps pam ldap samba sasl kerberos nis radius ssl snmp selinux icap-client logrotate \ + mysql postgres sqlite \ + zero-penalty-hit \ + pf-transparent ipf-transparent kqueue \ + elibc_uclibc kernel_linux +epoll" + +DEPEND="caps? ( >=sys-libs/libcap-2.16 ) + pam? ( virtual/pam ) + ldap? ( net-nds/openldap ) + kerberos? ( || ( app-crypt/mit-krb5 app-crypt/heimdal ) ) + ssl? ( dev-libs/openssl ) + sasl? ( dev-libs/cyrus-sasl ) + selinux? ( sec-policy/selinux-squid ) + !x86-fbsd? ( logrotate? ( app-admin/logrotate ) ) + >=sys-libs/db-4 + dev-lang/perl" +RDEPEND="${DEPEND} + samba? ( net-fs/samba ) + mysql? ( dev-perl/DBD-mysql ) + postgres? ( dev-perl/DBD-Pg ) + sqlite? ( dev-perl/DBD-SQLite )" + +S="${WORKDIR}/${S_PP}" + +pkg_setup() { + if grep -qs '^[[:space:]]*cache_dir[[:space:]]\+coss' "${ROOT}"etc/squid/squid.conf; then + eerror "coss store IO has been disabled by upstream due to stability issues!" + eerror "If you want to install this version, switch the store type to something else" + eerror "before attempting to install this version again." + + die "/etc/squid/squid.conf: cache_dir use a disabled store type" + fi + + enewgroup squid 31 + enewuser squid 31 -1 /var/cache/squid squid +} + +src_prepare() { + epatch "${FILESDIR}"/${PN}-3-capability.patch + epatch "${FILESDIR}"/${P}-cve-2009-2855.patch + epatch "${FILESDIR}"/${P}-gentoo.patch + epatch "${FILESDIR}"/${P}-cross-compile.patch + use zero-penalty-hit && epatch "${FILESDIR}"/${P}-adapted-zph.patch + + eautoreconf +} + +src_configure() { + local basic_modules="getpwnam,NCSA,MSNT" + use samba && basic_modules="SMB,multi-domain-NTLM,${basic_modules}" + use ldap && basic_modules="LDAP,${basic_modules}" + use pam && basic_modules="PAM,${basic_modules}" + use sasl && basic_modules="SASL,${basic_modules}" + use nis && ! use elibc_uclibc && basic_modules="YP,${basic_modules}" + use radius && basic_modules="squid_radius_auth,${basic_modules}" + if use mysql || use postgres || use sqlite ; then + basic_modules="DB,${basic_modules}" + fi + + local ext_helpers="ip_user,session,unix_group" + use samba && ext_helpers="wbinfo_group,${ext_helpers}" + use ldap && ext_helpers="ldap_group,${ext_helpers}" + + local ntlm_helpers="fakeauth" + use samba && ntlm_helpers="SMB,${ntlm_helpers}" + + local negotiate_helpers= + use kerberos && local negotiate_helpers="squid_kerb_auth" + + local myconf="" + + # coss support has been disabled + # If it is re-enabled again, make sure you don't enable it for elibc_uclibc (#61175) + myconf="${myconf} --enable-storeio=ufs,diskd,aufs,null" + + if use kernel_linux; then + myconf="${myconf} --enable-linux-netfilter + $(use_enable epoll)" + elif use kernel_FreeBSD || use kernel_OpenBSD || use kernel_NetBSD ; then + myconf="${myconf} $(use_enable kqueue)" + if use pf-transparent; then + myconf="${myconf} --enable-pf-transparent" + elif use ipf-transparent; then + myconf="${myconf} --enable-ipf-transparent" + fi + fi + + export CC=$(tc-getCC) + + econf \ + --sysconfdir=/etc/squid \ + --libexecdir=/usr/libexec/squid \ + --localstatedir=/var \ + --datadir=/usr/share/squid \ + --with-default-user=squid \ + --enable-auth="basic,digest,negotiate,ntlm" \ + --enable-removal-policies="lru,heap" \ + --enable-digest-auth-helpers="password" \ + --enable-basic-auth-helpers="${basic_modules}" \ + --enable-external-acl-helpers="${ext_helpers}" \ + --enable-ntlm-auth-helpers="${ntlm_helpers}" \ + --enable-negotiate-auth-helpers="${negotiate_helpers}" \ + --enable-useragent-log \ + --enable-cache-digests \ + --enable-delay-pools \ + --enable-referer-log \ + --enable-arp-acl \ + --with-large-files \ + --with-filedescriptors=8192 \ + $(use_enable caps) \ + $(use_enable snmp) \ + $(use_enable ssl) \ + $(use_enable icap-client) \ + ${myconf} || die "econf failed" +} + +src_install() { + emake DESTDIR="${D}" install || die "emake install failed" + + # need suid root for looking into /etc/shadow + fowners root:squid /usr/libexec/squid/ncsa_auth + fowners root:squid /usr/libexec/squid/pam_auth + fperms 4750 /usr/libexec/squid/ncsa_auth + fperms 4750 /usr/libexec/squid/pam_auth + + # some cleanups + rm -f "${D}"/usr/bin/Run* + + dodoc CONTRIBUTORS CREDITS ChangeLog QUICKSTART SPONSORS doc/*.txt \ + helpers/ntlm_auth/no_check/README.no_check_ntlm_auth + newdoc helpers/basic_auth/SMB/README README.auth_smb + dohtml helpers/basic_auth/MSNT/README.html RELEASENOTES.html + newdoc helpers/basic_auth/LDAP/README README.auth_ldap + doman helpers/basic_auth/LDAP/*.8 + dodoc helpers/basic_auth/SASL/squid_sasl_auth* + + newpamd "${FILESDIR}/squid.pam" squid + newconfd "${FILESDIR}/squid.confd" squid + if use logrotate; then + newinitd "${FILESDIR}/squid.initd-logrotate" squid + insinto /etc/logrotate.d + newins "${FILESDIR}/squid.logrotate" squid + else + newinitd "${FILESDIR}/squid.initd" squid + exeinto /etc/cron.weekly + newexe "${FILESDIR}/squid.cron" squid.cron + fi + + rm -rf "${D}"/var + diropts -m0755 -o squid -g squid + keepdir /var/cache/squid /var/log/squid +} + +pkg_postinst() { + echo + ewarn "Squid authentication helpers have been installed suid root." + ewarn "This allows shadow based authentication (see bug #52977 for more)." + echo + ewarn "Be careful what type of cache_dir you select!" + ewarn " 'diskd' is optimized for high levels of traffic, but it might seem slow" + ewarn "when there isn't sufficient traffic to keep squid reasonably busy." + ewarn " If your traffic level is low to moderate, use 'aufs' or 'ufs'." + echo + ewarn "Squid can be configured to run in transparent mode like this:" + ewarn " ${HILITE}http_port internal-addr:3128 transparent${NORMAL}" + if use zero-penalty-hit; then + echo + ewarn "In order for zph_preserve_miss_tos to work, you will have to alter your kernel" + ewarn "with the patch that can be found on http://zph.bratcheda.org site." + fi +} diff --git a/net-proxy/squid/squid-3.1.0.13_beta-r1.ebuild b/net-proxy/squid/squid-3.1.0.13_beta-r1.ebuild new file mode 100644 index 000000000000..4639df2dfb41 --- /dev/null +++ b/net-proxy/squid/squid-3.1.0.13_beta-r1.ebuild @@ -0,0 +1,199 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-3.1.0.13_beta-r1.ebuild,v 1.1 2009/08/22 12:57:20 mrness Exp $ + +EAPI="2" + +inherit eutils pam toolchain-funcs + +DESCRIPTION="A full-featured web proxy cache" +HOMEPAGE="http://www.squid-cache.org/" +SRC_URI="http://www.squid-cache.org/Versions/v3/3.1/${P/_beta}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="caps ipv6 pam ldap samba sasl kerberos nis radius ssl snmp selinux icap-client logrotate test \ + mysql postgres sqlite \ + zero-penalty-hit \ + pf-transparent ipf-transparent kqueue \ + elibc_uclibc kernel_linux +epoll" + +COMMON_DEPEND="caps? ( >=sys-libs/libcap-2.16 ) + pam? ( virtual/pam ) + ldap? ( net-nds/openldap ) + kerberos? ( || ( app-crypt/mit-krb5 app-crypt/heimdal ) ) + ssl? ( dev-libs/openssl ) + sasl? ( dev-libs/cyrus-sasl ) + selinux? ( sec-policy/selinux-squid ) + !x86-fbsd? ( logrotate? ( app-admin/logrotate ) ) + >=sys-libs/db-4 + dev-lang/perl" +DEPEND="${COMMON_DEPEND} + sys-devel/automake + sys-devel/autoconf + sys-devel/libtool + test? ( dev-util/cppunit )" +RDEPEND="${COMMON_DEPEND} + samba? ( net-fs/samba ) + mysql? ( dev-perl/DBD-mysql ) + postgres? ( dev-perl/DBD-Pg ) + sqlite? ( dev-perl/DBD-SQLite )" + +S="${WORKDIR}/${P/_beta}" + +pkg_setup() { + if grep -qs '^[[:space:]]*cache_dir[[:space:]]\+coss' "${ROOT}"etc/squid/squid.conf; then + eerror "coss store IO has been disabled by upstream due to stability issues!" + eerror "If you want to install this version, switch the store type to something else" + eerror "before attempting to install this version again." + + die "/etc/squid/squid.conf: cache_dir use a disabled store type" + fi + + enewgroup squid 31 + enewuser squid 31 -1 /var/cache/squid squid +} + +src_prepare() { + epatch "${FILESDIR}"/${PN}-3-capability.patch + epatch "${FILESDIR}"/${P}-cve-2009-2855.patch + epatch "${FILESDIR}"/${P}-gentoo.patch + epatch "${FILESDIR}"/${P}-qafixes.patch + + # eautoreconf breaks lib/libLtdl/libtool script + ./bootstrap.sh || die "autoreconf failed" +} + +src_configure() { + local myconf="" + + local basic_modules="getpwnam,NCSA,MSNT" + use samba && basic_modules="SMB,multi-domain-NTLM,${basic_modules}" + use ldap && basic_modules="LDAP,${basic_modules}" + use pam && basic_modules="PAM,${basic_modules}" + use sasl && basic_modules="SASL,${basic_modules}" + use nis && ! use elibc_uclibc && basic_modules="YP,${basic_modules}" + use radius && basic_modules="squid_radius_auth,${basic_modules}" + if use mysql || use postgres || use sqlite ; then + basic_modules="DB,${basic_modules}" + fi + + local ext_helpers="ip_user,session,unix_group" + use samba && ext_helpers="wbinfo_group,${ext_helpers}" + use ldap && ext_helpers="ldap_group,${ext_helpers}" + + local ntlm_helpers="fakeauth" + use samba && ntlm_helpers="smb_lm,${ntlm_helpers}" + + local negotiate_helpers= + if use kerberos; then + negotiate_helpers="squid_kerb_auth" + has_version app-crypt/mit-krb5 \ + && myconf="--enable-mit --disable-heimdal" \ + || myconf="--disable-mit --enable-heimdal" + fi + + # coss support has been disabled + # If it is re-enabled again, make sure you don't enable it for elibc_uclibc (#61175) + myconf="${myconf} --enable-storeio=ufs,diskd,aufs" + + if use kernel_linux; then + myconf="${myconf} --enable-linux-netfilter + $(use_enable epoll)" + elif use kernel_FreeBSD || use kernel_OpenBSD || use kernel_NetBSD ; then + myconf="${myconf} $(use_enable kqueue)" + if use pf-transparent; then + myconf="${myconf} --enable-pf-transparent" + elif use ipf-transparent; then + myconf="${myconf} --enable-ipf-transparent" + fi + fi + + export CC=$(tc-getCC) + + econf \ + --sysconfdir=/etc/squid \ + --libexecdir=/usr/libexec/squid \ + --localstatedir=/var \ + --datadir=/usr/share/squid \ + --with-logdir=/var/log/squid \ + --with-default-user=squid \ + --enable-auth="basic,digest,negotiate,ntlm" \ + --enable-removal-policies="lru,heap" \ + --enable-digest-auth-helpers="password" \ + --enable-basic-auth-helpers="${basic_modules}" \ + --enable-external-acl-helpers="${ext_helpers}" \ + --enable-ntlm-auth-helpers="${ntlm_helpers}" \ + --enable-negotiate-auth-helpers="${negotiate_helpers}" \ + --enable-useragent-log \ + --enable-cache-digests \ + --enable-delay-pools \ + --enable-referer-log \ + --enable-arp-acl \ + --with-large-files \ + --with-filedescriptors=8192 \ + $(use_enable caps) \ + $(use_enable ipv6) \ + $(use_enable snmp) \ + $(use_enable ssl) \ + $(use_enable icap-client) \ + $(use_enable zero-penalty-hit zph-qos) \ + ${myconf} || die "econf failed" +} + +src_install() { + emake DESTDIR="${D}" install || die "emake install failed" + + # need suid root for looking into /etc/shadow + fowners root:squid /usr/libexec/squid/ncsa_auth + fowners root:squid /usr/libexec/squid/pam_auth + fperms 4750 /usr/libexec/squid/ncsa_auth + fperms 4750 /usr/libexec/squid/pam_auth + + # some cleanups + rm -f "${D}"/usr/bin/Run* + + dodoc CONTRIBUTORS CREDITS ChangeLog QUICKSTART SPONSORS doc/*.txt \ + helpers/ntlm_auth/no_check/README.no_check_ntlm_auth + newdoc helpers/basic_auth/SMB/README README.auth_smb + dohtml helpers/basic_auth/MSNT/README.html RELEASENOTES.html + newdoc helpers/basic_auth/LDAP/README README.auth_ldap + doman helpers/basic_auth/LDAP/*.8 + dodoc helpers/basic_auth/SASL/squid_sasl_auth* + + newpamd "${FILESDIR}/squid.pam" squid + newconfd "${FILESDIR}/squid.confd" squid + if use logrotate; then + newinitd "${FILESDIR}/squid.initd-logrotate" squid + insinto /etc/logrotate.d + newins "${FILESDIR}/squid.logrotate" squid + else + newinitd "${FILESDIR}/squid.initd" squid + exeinto /etc/cron.weekly + newexe "${FILESDIR}/squid.cron" squid.cron + fi + + rm -rf "${D}"/var + diropts -m0755 -o squid -g squid + keepdir /var/cache/squid /var/log/squid +} + +pkg_postinst() { + echo + ewarn "Squid authentication helpers have been installed suid root." + ewarn "This allows shadow based authentication (see bug #52977 for more)." + echo + ewarn "Be careful what type of cache_dir you select!" + ewarn " 'diskd' is optimized for high levels of traffic, but it might seem slow" + ewarn "when there isn't sufficient traffic to keep squid reasonably busy." + ewarn " If your traffic level is low to moderate, use 'aufs' or 'ufs'." + echo + ewarn "Squid can be configured to run in transparent mode like this:" + ewarn " ${HILITE}http_port internal-addr:3128 transparent${NORMAL}" + if use zero-penalty-hit; then + echo + ewarn "In order for zph_preserve_miss_tos to work, you will have to alter your kernel" + ewarn "with the patch that can be found on http://zph.bratcheda.org site." + fi +} diff --git a/net-proxy/squid/squid-3.1.0.13_beta.ebuild b/net-proxy/squid/squid-3.1.0.13_beta.ebuild deleted file mode 100644 index ce520ae81ce2..000000000000 --- a/net-proxy/squid/squid-3.1.0.13_beta.ebuild +++ /dev/null @@ -1,198 +0,0 @@ -# Copyright 1999-2009 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-3.1.0.13_beta.ebuild,v 1.2 2009/08/16 11:01:46 mrness Exp $ - -EAPI="2" - -inherit eutils pam toolchain-funcs - -DESCRIPTION="A full-featured web proxy cache" -HOMEPAGE="http://www.squid-cache.org/" -SRC_URI="http://www.squid-cache.org/Versions/v3/3.1/${P/_beta}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" -IUSE="caps ipv6 pam ldap samba sasl kerberos nis radius ssl snmp selinux icap-client logrotate test \ - mysql postgres sqlite \ - zero-penalty-hit \ - pf-transparent ipf-transparent kqueue \ - elibc_uclibc kernel_linux +epoll" - -COMMON_DEPEND="caps? ( >=sys-libs/libcap-2.16 ) - pam? ( virtual/pam ) - ldap? ( net-nds/openldap ) - kerberos? ( || ( app-crypt/mit-krb5 app-crypt/heimdal ) ) - ssl? ( dev-libs/openssl ) - sasl? ( dev-libs/cyrus-sasl ) - selinux? ( sec-policy/selinux-squid ) - !x86-fbsd? ( logrotate? ( app-admin/logrotate ) ) - >=sys-libs/db-4 - dev-lang/perl" -DEPEND="${COMMON_DEPEND} - sys-devel/automake - sys-devel/autoconf - sys-devel/libtool - test? ( dev-util/cppunit )" -RDEPEND="${COMMON_DEPEND} - samba? ( net-fs/samba ) - mysql? ( dev-perl/DBD-mysql ) - postgres? ( dev-perl/DBD-Pg ) - sqlite? ( dev-perl/DBD-SQLite )" - -S="${WORKDIR}/${P/_beta}" - -pkg_setup() { - if grep -qs '^[[:space:]]*cache_dir[[:space:]]\+coss' "${ROOT}"etc/squid/squid.conf; then - eerror "coss store IO has been disabled by upstream due to stability issues!" - eerror "If you want to install this version, switch the store type to something else" - eerror "before attempting to install this version again." - - die "/etc/squid/squid.conf: cache_dir use a disabled store type" - fi - - enewgroup squid 31 - enewuser squid 31 -1 /var/cache/squid squid -} - -src_prepare() { - epatch "${FILESDIR}"/${PN}-3-capability.patch - epatch "${FILESDIR}"/${P}-gentoo.patch - epatch "${FILESDIR}"/${P}-qafixes.patch - - # eautoreconf breaks lib/libLtdl/libtool script - ./bootstrap.sh || die "autoreconf failed" -} - -src_configure() { - local myconf="" - - local basic_modules="getpwnam,NCSA,MSNT" - use samba && basic_modules="SMB,multi-domain-NTLM,${basic_modules}" - use ldap && basic_modules="LDAP,${basic_modules}" - use pam && basic_modules="PAM,${basic_modules}" - use sasl && basic_modules="SASL,${basic_modules}" - use nis && ! use elibc_uclibc && basic_modules="YP,${basic_modules}" - use radius && basic_modules="squid_radius_auth,${basic_modules}" - if use mysql || use postgres || use sqlite ; then - basic_modules="DB,${basic_modules}" - fi - - local ext_helpers="ip_user,session,unix_group" - use samba && ext_helpers="wbinfo_group,${ext_helpers}" - use ldap && ext_helpers="ldap_group,${ext_helpers}" - - local ntlm_helpers="fakeauth" - use samba && ntlm_helpers="smb_lm,${ntlm_helpers}" - - local negotiate_helpers= - if use kerberos; then - negotiate_helpers="squid_kerb_auth" - has_version app-crypt/mit-krb5 \ - && myconf="--enable-mit --disable-heimdal" \ - || myconf="--disable-mit --enable-heimdal" - fi - - # coss support has been disabled - # If it is re-enabled again, make sure you don't enable it for elibc_uclibc (#61175) - myconf="${myconf} --enable-storeio=ufs,diskd,aufs" - - if use kernel_linux; then - myconf="${myconf} --enable-linux-netfilter - $(use_enable epoll)" - elif use kernel_FreeBSD || use kernel_OpenBSD || use kernel_NetBSD ; then - myconf="${myconf} $(use_enable kqueue)" - if use pf-transparent; then - myconf="${myconf} --enable-pf-transparent" - elif use ipf-transparent; then - myconf="${myconf} --enable-ipf-transparent" - fi - fi - - export CC=$(tc-getCC) - - econf \ - --sysconfdir=/etc/squid \ - --libexecdir=/usr/libexec/squid \ - --localstatedir=/var \ - --datadir=/usr/share/squid \ - --with-logdir=/var/log/squid \ - --with-default-user=squid \ - --enable-auth="basic,digest,negotiate,ntlm" \ - --enable-removal-policies="lru,heap" \ - --enable-digest-auth-helpers="password" \ - --enable-basic-auth-helpers="${basic_modules}" \ - --enable-external-acl-helpers="${ext_helpers}" \ - --enable-ntlm-auth-helpers="${ntlm_helpers}" \ - --enable-negotiate-auth-helpers="${negotiate_helpers}" \ - --enable-useragent-log \ - --enable-cache-digests \ - --enable-delay-pools \ - --enable-referer-log \ - --enable-arp-acl \ - --with-large-files \ - --with-filedescriptors=8192 \ - $(use_enable caps) \ - $(use_enable ipv6) \ - $(use_enable snmp) \ - $(use_enable ssl) \ - $(use_enable icap-client) \ - $(use_enable zero-penalty-hit zph-qos) \ - ${myconf} || die "econf failed" -} - -src_install() { - emake DESTDIR="${D}" install || die "emake install failed" - - # need suid root for looking into /etc/shadow - fowners root:squid /usr/libexec/squid/ncsa_auth - fowners root:squid /usr/libexec/squid/pam_auth - fperms 4750 /usr/libexec/squid/ncsa_auth - fperms 4750 /usr/libexec/squid/pam_auth - - # some cleanups - rm -f "${D}"/usr/bin/Run* - - dodoc CONTRIBUTORS CREDITS ChangeLog QUICKSTART SPONSORS doc/*.txt \ - helpers/ntlm_auth/no_check/README.no_check_ntlm_auth - newdoc helpers/basic_auth/SMB/README README.auth_smb - dohtml helpers/basic_auth/MSNT/README.html RELEASENOTES.html - newdoc helpers/basic_auth/LDAP/README README.auth_ldap - doman helpers/basic_auth/LDAP/*.8 - dodoc helpers/basic_auth/SASL/squid_sasl_auth* - - newpamd "${FILESDIR}/squid.pam" squid - newconfd "${FILESDIR}/squid.confd" squid - if use logrotate; then - newinitd "${FILESDIR}/squid.initd-logrotate" squid - insinto /etc/logrotate.d - newins "${FILESDIR}/squid.logrotate" squid - else - newinitd "${FILESDIR}/squid.initd" squid - exeinto /etc/cron.weekly - newexe "${FILESDIR}/squid.cron" squid.cron - fi - - rm -rf "${D}"/var - diropts -m0755 -o squid -g squid - keepdir /var/cache/squid /var/log/squid -} - -pkg_postinst() { - echo - ewarn "Squid authentication helpers have been installed suid root." - ewarn "This allows shadow based authentication (see bug #52977 for more)." - echo - ewarn "Be careful what type of cache_dir you select!" - ewarn " 'diskd' is optimized for high levels of traffic, but it might seem slow" - ewarn "when there isn't sufficient traffic to keep squid reasonably busy." - ewarn " If your traffic level is low to moderate, use 'aufs' or 'ufs'." - echo - ewarn "Squid can be configured to run in transparent mode like this:" - ewarn " ${HILITE}http_port internal-addr:3128 transparent${NORMAL}" - if use zero-penalty-hit; then - echo - ewarn "In order for zph_preserve_miss_tos to work, you will have to alter your kernel" - ewarn "with the patch that can be found on http://zph.bratcheda.org site." - fi -} diff --git a/net-proxy/squid/squid-3.1.0.9_beta.ebuild b/net-proxy/squid/squid-3.1.0.9_beta.ebuild deleted file mode 100644 index 0752e4b30fb1..000000000000 --- a/net-proxy/squid/squid-3.1.0.9_beta.ebuild +++ /dev/null @@ -1,199 +0,0 @@ -# Copyright 1999-2009 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-3.1.0.9_beta.ebuild,v 1.2 2009/07/23 06:57:45 mrness Exp $ - -EAPI="2" - -inherit eutils pam toolchain-funcs - -RESTRICT="test" # check if test works in next bump - -DESCRIPTION="A full-featured web proxy cache" -HOMEPAGE="http://www.squid-cache.org/" -SRC_URI="http://www.squid-cache.org/Versions/v3/3.1/${P/_beta}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" -IUSE="caps ipv6 pam ldap samba sasl kerberos nis radius ssl snmp selinux icap-client logrotate \ - mysql postgres sqlite \ - zero-penalty-hit \ - pf-transparent ipf-transparent kqueue \ - elibc_uclibc kernel_linux epoll" - -COMMON_DEPEND="caps? ( >=sys-libs/libcap-2.16 ) - pam? ( virtual/pam ) - ldap? ( net-nds/openldap ) - kerberos? ( || ( app-crypt/mit-krb5 app-crypt/heimdal ) ) - ssl? ( dev-libs/openssl ) - sasl? ( dev-libs/cyrus-sasl ) - selinux? ( sec-policy/selinux-squid ) - !x86-fbsd? ( logrotate? ( app-admin/logrotate ) ) - >=sys-libs/db-4 - dev-lang/perl" -DEPEND="${COMMON_DEPEND} - sys-devel/automake - sys-devel/autoconf - sys-devel/libtool" -RDEPEND="${COMMON_DEPEND} - samba? ( net-fs/samba ) - mysql? ( dev-perl/DBD-mysql ) - postgres? ( dev-perl/DBD-Pg ) - sqlite? ( dev-perl/DBD-SQLite )" - -S="${WORKDIR}/${P/_beta}" - -pkg_setup() { - if grep -qs '^[[:space:]]*cache_dir[[:space:]]\+coss' "${ROOT}"etc/squid/squid.conf; then - eerror "coss store IO has been disabled by upstream due to stability issues!" - eerror "If you want to install this version, switch the store type to something else" - eerror "before attempting to install this version again." - - die "/etc/squid/squid.conf: cache_dir use a disabled store type" - fi - - enewgroup squid 31 - enewuser squid 31 -1 /var/cache/squid squid -} - -src_prepare() { - epatch "${FILESDIR}"/${PN}-3-capability.patch - epatch "${FILESDIR}"/${P}-gentoo.patch - epatch "${FILESDIR}"/${P}-invconv.patch - - # eautoreconf breaks lib/libLtdl/libtool script - ./bootstrap.sh || die "autoreconf failed" -} - -src_configure() { - local myconf="" - - local basic_modules="getpwnam,NCSA,MSNT" - use samba && basic_modules="SMB,multi-domain-NTLM,${basic_modules}" - use ldap && basic_modules="LDAP,${basic_modules}" - use pam && basic_modules="PAM,${basic_modules}" - use sasl && basic_modules="SASL,${basic_modules}" - use nis && ! use elibc_uclibc && basic_modules="YP,${basic_modules}" - use radius && basic_modules="squid_radius_auth,${basic_modules}" - if use mysql || use postgres || use sqlite ; then - basic_modules="DB,${basic_modules}" - fi - - local ext_helpers="ip_user,session,unix_group" - use samba && ext_helpers="wbinfo_group,${ext_helpers}" - use ldap && ext_helpers="ldap_group,${ext_helpers}" - - local ntlm_helpers="fakeauth" - use samba && ntlm_helpers="smb_lm,${ntlm_helpers}" - - local negotiate_helpers= - if use kerberos; then - negotiate_helpers="squid_kerb_auth" - has_version app-crypt/mit-krb5 \ - && myconf="--enable-mit --disable-heimdal" \ - || myconf="--disable-mit --enable-heimdal" - fi - - # coss support has been disabled - # If it is re-enabled again, make sure you don't enable it for elibc_uclibc (#61175) - myconf="${myconf} --enable-storeio=ufs,diskd,aufs" - - if use kernel_linux; then - myconf="${myconf} --enable-linux-netfilter - $(use_enable epoll)" - elif use kernel_FreeBSD || use kernel_OpenBSD || use kernel_NetBSD ; then - myconf="${myconf} $(use_enable kqueue)" - if use pf-transparent; then - myconf="${myconf} --enable-pf-transparent" - elif use ipf-transparent; then - myconf="${myconf} --enable-ipf-transparent" - fi - fi - - export CC=$(tc-getCC) - - econf \ - --sysconfdir=/etc/squid \ - --libexecdir=/usr/libexec/squid \ - --localstatedir=/var \ - --datadir=/usr/share/squid \ - --with-logdir=/var/log/squid \ - --with-default-user=squid \ - --enable-auth="basic,digest,negotiate,ntlm" \ - --enable-removal-policies="lru,heap" \ - --enable-digest-auth-helpers="password" \ - --enable-basic-auth-helpers="${basic_modules}" \ - --enable-external-acl-helpers="${ext_helpers}" \ - --enable-ntlm-auth-helpers="${ntlm_helpers}" \ - --enable-negotiate-auth-helpers="${negotiate_helpers}" \ - --enable-useragent-log \ - --enable-cache-digests \ - --enable-delay-pools \ - --enable-referer-log \ - --enable-arp-acl \ - --with-large-files \ - --with-filedescriptors=8192 \ - $(use_enable caps) \ - $(use_enable ipv6) \ - $(use_enable snmp) \ - $(use_enable ssl) \ - $(use_enable icap-client) \ - $(use_enable zero-penalty-hit zph-qos) \ - ${myconf} || die "econf failed" -} - -src_install() { - emake DESTDIR="${D}" install || die "emake install failed" - - # need suid root for looking into /etc/shadow - fowners root:squid /usr/libexec/squid/ncsa_auth - fowners root:squid /usr/libexec/squid/pam_auth - fperms 4750 /usr/libexec/squid/ncsa_auth - fperms 4750 /usr/libexec/squid/pam_auth - - # some cleanups - rm -f "${D}"/usr/bin/Run* - - dodoc CONTRIBUTORS CREDITS ChangeLog QUICKSTART SPONSORS doc/*.txt \ - helpers/ntlm_auth/no_check/README.no_check_ntlm_auth - newdoc helpers/basic_auth/SMB/README README.auth_smb - dohtml helpers/basic_auth/MSNT/README.html RELEASENOTES.html - newdoc helpers/basic_auth/LDAP/README README.auth_ldap - doman helpers/basic_auth/LDAP/*.8 - dodoc helpers/basic_auth/SASL/squid_sasl_auth* - - newpamd "${FILESDIR}/squid.pam" squid - newconfd "${FILESDIR}/squid.confd" squid - if use logrotate; then - newinitd "${FILESDIR}/squid.initd-logrotate" squid - insinto /etc/logrotate.d - newins "${FILESDIR}/squid.logrotate" squid - else - newinitd "${FILESDIR}/squid.initd" squid - exeinto /etc/cron.weekly - newexe "${FILESDIR}/squid.cron" squid.cron - fi - - rm -rf "${D}"/var - diropts -m0755 -o squid -g squid - keepdir /var/cache/squid /var/log/squid -} - -pkg_postinst() { - echo - ewarn "Squid authentication helpers have been installed suid root." - ewarn "This allows shadow based authentication (see bug #52977 for more)." - echo - ewarn "Be careful what type of cache_dir you select!" - ewarn " 'diskd' is optimized for high levels of traffic, but it might seem slow" - ewarn "when there isn't sufficient traffic to keep squid reasonably busy." - ewarn " If your traffic level is low to moderate, use 'aufs' or 'ufs'." - echo - ewarn "Squid can be configured to run in transparent mode like this:" - ewarn " ${HILITE}http_port internal-addr:3128 transparent${NORMAL}" - if use zero-penalty-hit; then - echo - ewarn "In order for zph_preserve_miss_tos to work, you will have to alter your kernel" - ewarn "with the patch that can be found on http://zph.bratcheda.org site." - fi -} -- cgit v1.2.3-65-gdbad