non-maintainer version bump - security bug #389133

Package-Manager: portage-2.1.10.31/cvs/Linux x86_64
author: Eray Aslan <eras@gentoo.org> 2011-11-01 10:59:29 +0000
committer: Eray Aslan <eras@gentoo.org> 2011-11-01 10:59:29 +0000
commit: e0fb8b6ef40611abb142a831ada924393ee671c7 (patch)
tree: 3de130aa86e8361a846690984a00a30a8288d38c /net-proxy
parent: Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo, Elija... (diff)
download: historical-e0fb8b6ef40611abb142a831ada924393ee671c7.tar.gz
historical-e0fb8b6ef40611abb142a831ada924393ee671c7.tar.bz2
historical-e0fb8b6ef40611abb142a831ada924393ee671c7.zip
3 files changed, 233 insertions, 17 deletions
diff --git a/net-proxy/squid/ChangeLog b/net-proxy/squid/ChangeLog
index 7c3f31dff674..1485d4aafe3c 100644
--- a/net-proxy/squid/ChangeLog
+++ b/net-proxy/squid/ChangeLog
@@ -1,6 +1,11 @@
 # ChangeLog for net-proxy/squid
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.328 2011/10/23 18:45:39 polynomial-c Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.329 2011/11/01 10:59:29 eras Exp $
+
+*squid-3.1.16 (01 Nov 2011)
+
+  01 Nov 2011; Eray Aslan <eras@gentoo.org> +squid-3.1.16.ebuild:
+  non-maintainer version bump - security bug #389133
 
   23 Oct 2011; Lars Wendler <polynomial-c@gentoo.org> files/squid.initd:
   non-maintainer commit: Replaced deprecated opts variable in init script (bug
diff --git a/net-proxy/squid/Manifest b/net-proxy/squid/Manifest
index 61f0b5795418..3899538592ec 100644
--- a/net-proxy/squid/Manifest
+++ b/net-proxy/squid/Manifest
@@ -1,5 +1,5 @@
 -----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA512
+Hash: SHA256
 
 AUX squid-2-heimdal.patch 776 RMD160 2ced12e7682356ee2eb660d877437c3ddad6476e SHA1 3a693c2c975fe4c77ee729d8af8ef28097b11fb6 SHA256 bd0083836321c596db3fc8749152bc77d5a4bd03070d33541b7b489af59e4c25
 AUX squid-2.7.9-gentoo.patch 13118 RMD160 44d2482b9c998c1641ab3e2d5c5701a4f6fb6165 SHA1 b5007d3d2df28c35b88c814b41fd4e182ad34f2b SHA256 981588dc2d599a2b49f550a1ae111e96515b437a03c8d0dccc6f96f078009d11
@@ -12,24 +12,26 @@ AUX squid.logrotate 103 RMD160 e7e4a6bde48e2735632692a6e628955b270f30ad SHA1 6e8
 AUX squid.pam 315 RMD160 afb3f1cc36ba5ef0015c40040b6d5c18485ec828 SHA1 40933fabaaa2a9cb38d57c3acb77857082c82ae5 SHA256 68ef4282f9fb8506df710d0ae16e84e991e9b138c7f1d0af922682219c7a971f
 DIST squid-2.7.STABLE9.tar.gz 1789462 RMD160 59c63348beed9a672612d48f9ef5e7ca81fa9840 SHA1 6d90fe06468b662b2eefd7ffeb47b9a78f0a871d SHA256 d54ca048313c4b64609fcdf9f1934a70fc1702032a5f04073056d7491d3dd781
 DIST squid-3.1.15.tar.gz 3397495 RMD160 cf5910e15ed594cde5f205206d4c1ec65aa445f3 SHA1 c0cfdf54db5ca6ffc23c3f328175ec19f6465d8c SHA256 c56207691ec6ce19f7d19805b290b8f58c63c81e2070d7cd3a824a0b49509b2b
+DIST squid-3.1.16.tar.gz 3399527 RMD160 1a0010354b9417f2f4f7f6ffb8302d59639fe567 SHA1 f77a31d9e4b6092ba43d7f581dbcb7e2a4ddf377 SHA256 87fb621b2dc51b753ecfedc3b2d537b6cbfa8f29b242aeb3c055c547ed80466d
 EBUILD squid-2.7.9.ebuild 6175 RMD160 a235925ac773d7d569a958366923e5a03adcc17c SHA1 0dbb84b76302c265ef4ee193035f5882d46146ed SHA256 587b0f52d2fb973f2686d947893191acf3a1770d467cd8134091fa2c07f01f3d
 EBUILD squid-3.1.15.ebuild 6621 RMD160 c959b10a7905e000bcf49ea296cbb191555ddfa0 SHA1 dde6be2583ce96050a23f964ae1bed8b58170b5b SHA256 911d065d38544a59af7ce6f4299fc282fdf10aa4bd0869503b45b214fdf87bbc
-MISC ChangeLog 69974 RMD160 7259f59ecd331f26e9dc9834f726a0cfd26ebe60 SHA1 96a013dda26184661d83d309e775e35f5a9e75ff SHA256 257f051332c0ba5563103ee6d76b0e935862867dac362d03398a670ad7f7bb79
+EBUILD squid-3.1.16.ebuild 6635 RMD160 214b6edb1777a65202d0976a3d8c1ac3b303f484 SHA1 5008a3ba28eee4dca0c35846989d8c8d7332c7db SHA256 15f057d64d75f942f6d454d18cfe533f5508e91996e16e121697b2986939df77
+MISC ChangeLog 70115 RMD160 77839da3693300af7e8905a31e15604ec83ff2bf SHA1 471e3d48ccf6b45f79af052fbb016547c5182f5e SHA256 c07e6bfa5a1c3ca26fef629a04ae54010a0cb27dc5b1188d9a38e92c982582af
 MISC metadata.xml 1015 RMD160 03ac3fffc7b01e366b173a4c3bf1dc6be1bb9202 SHA1 3c1681981e2a143ee50d0ee5bc901ac81e7c5cc4 SHA256 06d8e8a7909b9140eb2e70193db754b84d864da260d6cdf9bde9fa58442ce34a
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.18 (GNU/Linux)
+Version: GnuPG v2.0.17 (GNU/Linux)
 
-iQIcBAEBCgAGBQJOpGDYAAoJEPiazRVxLXTFtIEQAL6qrJ4TnuYu7D9ZeKDIFhDQ
-c8TU6NhPC6qulURKXmvOH6banmKIlf14OthmFCimINzjT9ioSw8upQulk8Rg7eAQ
-GvtnKuJNubHhFrCDMRkKbEjNKipSx0xhV06HBFM6mWUYfsbCosrGywRVeJE4FMjT
-iwAD2GVuluzt1LqxNEaQ1tAdrQo9YW+kFkptoknJJtaMeMqnnaXMaT6fbejg2XdJ
-LfOVoN+GsOB67SpMViMDqPrjEKVfLGyEx7qe+KALSm53ghTfVgt0aF+ez3/lx3gT
-9LP5130ZcHhx06a9z4vEYh/1Gt0L63L3RSogXWw1CoN+Hu5Lhni1uqAyWYsqoJY4
-CoMzcrOXRbl5luGB8hQttn6wANhI2PZPOEak5s7wglQJoJlambgrIrd+r4yR0b4X
-ExUW42NQXAtaC5AYAJcHpE1hBEK6lDyc4B2WRSUEp1cPs0dgwIl0LKfpNtgK6nBJ
-RPbBkp73yRAHxUdrNCNTaXgWUf7sIrpES83rvK9cHUMXz2A0WRygi2YmKB52LVjS
-KNdSbUHEswVWUVvpm7u5YJMrYg2MASTUTphlF5tMHSh36Fg1szKd0ZjWfRF5vhh+
-QNo6pZdth71i9Afmv8HY6o5H6aMk7kx5tMVE30A5MqkIrG88/fpnU5N8slqGHynG
-sR3DZ3qYLvESEfHlf1GW
-=+qiN
+iQIcBAEBCAAGBQJOr9EfAAoJEHfx8XVYajsfPcYP/1+bg+mhNhKHN85gwnFA1+Sw
+ZmMw5N3Gf0l4fORtS0+qgDwRB02juhc63MVGzOyBth4gJ61144xsR8zzvKoRV983
+XPsgPnKxgtVICT3MUgFbePe19U+CpjfkWbjWqXw7K655ZEEzFeDawveRnXxZf9B/
+O5NPKYESWmUso2oskXPlFcceRQNN6z3C6ofyUzpa7zy4NFVtnU+EFDlS9Cdt5Zw3
+t/KH8vEXcCsUwljcWWE+FuDSRaMhlqQUZjF0NiVSIb8sRx4FgqCUvpokbkYBHle0
+poV/qgu6BAYZOhIiXO4R6UzJJJ70l+dHOd/s90fraFq06KsvsnhR9ztF/89VPZla
+pw76mwc43vuasTPVL2BuFwFOunIIyr0WbMXQVJoOs+kWSkxLUiTvkTLA4Ai82S2D
+kTEbDKezgZqB6FxoYvO9yX1kxuYrqG/1ijBOpCBsSTAXtZ/aH9p3CW0DF2uN9Ph/
+Td28K8YYoQ+tsxsjaOs/y07vUqWnHNWAPSxUeOvqgTevThqx9U22PNwb7FqDEg1u
+D7fWtvqBKoPJysz+Kke4AlxU1Qm7tq3vmez57W0yCzjjR3pAFEMIwC/Qo9cg05BU
+4ncu1hVylw2N7sBzkxIkxOxU/z8+ysbAgZtVpMe8dq+qgH1GqvxRrnUSChzru9sS
+Q7/GTbik/C4yPBmlwu/5
+=m6S6
 -----END PGP SIGNATURE-----
diff --git a/net-proxy/squid/squid-3.1.16.ebuild b/net-proxy/squid/squid-3.1.16.ebuild
new file mode 100644
index 000000000000..b2cd3aac7093
--- /dev/null
+++ b/net-proxy/squid/squid-3.1.16.ebuild
@@ -0,0 +1,209 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-3.1.16.ebuild,v 1.1 2011/11/01 10:59:29 eras Exp $
+
+EAPI=4
+
+inherit eutils pam toolchain-funcs autotools linux-info
+
+DESCRIPTION="A full-featured web proxy cache"
+HOMEPAGE="http://www.squid-cache.org/"
+SRC_URI="http://www.squid-cache.org/Versions/v3/3.1/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="caps ipv6 pam ldap samba sasl kerberos nis radius ssl snmp selinux logrotate test \
+	ecap icap-client \
+	mysql postgres sqlite \
+	zero-penalty-hit \
+	pf-transparent ipf-transparent kqueue \
+	elibc_uclibc kernel_linux +epoll tproxy"
+
+COMMON_DEPEND="caps? ( >=sys-libs/libcap-2.16 )
+	pam? ( virtual/pam )
+	ldap? ( net-nds/openldap )
+	kerberos? ( virtual/krb5 )
+	ssl? ( dev-libs/openssl )
+	sasl? ( dev-libs/cyrus-sasl )
+	ecap? ( net-libs/libecap )
+	selinux? ( sec-policy/selinux-squid )
+	!x86-fbsd? ( logrotate? ( app-admin/logrotate ) )
+	>=sys-libs/db-4
+	dev-lang/perl"
+DEPEND="${COMMON_DEPEND}
+	sys-apps/ed
+	test? ( dev-util/cppunit )"
+RDEPEND="${COMMON_DEPEND}
+	samba? ( net-fs/samba )
+	mysql? ( dev-perl/DBD-mysql )
+	postgres? ( dev-perl/DBD-Pg )
+	sqlite? ( dev-perl/DBD-SQLite )"
+
+REQUIRED_USE="tproxy? ( caps )"
+
+pkg_pretend() {
+	if grep -qs '^[[:space:]]*cache_dir[[:space:]]\+coss' "${ROOT}"etc/squid/squid.conf; then
+		eerror "coss store IO has been disabled by upstream due to stability issues!"
+		eerror "If you want to install this version, switch the store type to something else"
+		eerror "before attempting to install this version again."
+
+		die "/etc/squid/squid.conf: cache_dir uses a disabled store type"
+	fi
+
+	if use tproxy; then
+		echo
+		elog "Checking kernel configuration for full Tproxy4 support"
+		local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_TPROXY ~NETFILTER_XT_MATCH_SOCKET ~NETFILTER_XT_TARGET_TPROXY"
+		linux-info_pkg_setup
+		echo
+	fi
+}
+
+pkg_setup() {
+	enewgroup squid 31
+	enewuser squid 31 -1 /var/cache/squid squid
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/${PN}-3.1.15-gentoo.patch
+	eautoreconf
+}
+
+src_configure() {
+	local myconf=""
+
+	local basic_modules="getpwnam,NCSA,MSNT"
+	use samba && basic_modules="SMB,multi-domain-NTLM,${basic_modules}"
+	use ldap && basic_modules="LDAP,${basic_modules}"
+	use pam && basic_modules="PAM,${basic_modules}"
+	use sasl && basic_modules="SASL,${basic_modules}"
+	use nis && ! use elibc_uclibc && basic_modules="YP,${basic_modules}"
+	use radius && basic_modules="squid_radius_auth,${basic_modules}"
+	if use mysql || use postgres || use sqlite ; then
+		basic_modules="DB,${basic_modules}"
+	fi
+
+	local digest_modules="password"
+	use ldap && digest_modules="ldap,${digest_modules}"
+
+	local ext_helpers="ip_user,session,unix_group"
+	use samba && ext_helpers="wbinfo_group,${ext_helpers}"
+	use ldap && ext_helpers="ldap_group,${ext_helpers}"
+
+	local ntlm_helpers="fakeauth"
+	use samba && ntlm_helpers="smb_lm,${ntlm_helpers}"
+
+	local negotiate_helpers=
+	if use kerberos; then
+		negotiate_helpers="squid_kerb_auth"
+		if has_version app-crypt/mit-krb5; then
+			myconf="--enable-mit --disable-heimdal"
+		elif has_version app-crypt/heimdal; then
+			myconf="--disable-mit --enable-heimdal"
+		fi
+	else
+		myconf="--disable-mit --disable-heimdal"
+	fi
+
+	# coss support has been disabled
+	# If it is re-enabled again, make sure you don't enable it for elibc_uclibc (#61175)
+	myconf="${myconf} --enable-storeio=ufs,diskd,aufs"
+
+	if use kernel_linux; then
+		myconf="${myconf} --enable-linux-netfilter \
+			$(use_enable tproxy linux-tproxy) \
+			$(use_enable epoll)"
+	elif use kernel_FreeBSD || use kernel_OpenBSD || use kernel_NetBSD ; then
+		myconf="${myconf} $(use_enable kqueue)"
+		if use pf-transparent; then
+			myconf="${myconf} --enable-pf-transparent"
+		elif use ipf-transparent; then
+			myconf="${myconf} --enable-ipf-transparent"
+		fi
+	fi
+
+	export CC=$(tc-getCC)
+
+	econf \
+		--sysconfdir=/etc/squid \
+		--libexecdir=/usr/libexec/squid \
+		--localstatedir=/var \
+		--with-pidfile=/var/run/squid.pid \
+		--datadir=/usr/share/squid \
+		--with-logdir=/var/log/squid \
+		--with-default-user=squid \
+		--enable-auth="basic,digest,negotiate,ntlm" \
+		--enable-removal-policies="lru,heap" \
+		--enable-digest-auth-helpers="${digest_modules}" \
+		--enable-basic-auth-helpers="${basic_modules}" \
+		--enable-external-acl-helpers="${ext_helpers}" \
+		--enable-ntlm-auth-helpers="${ntlm_helpers}" \
+		--enable-negotiate-auth-helpers="${negotiate_helpers}" \
+		--enable-useragent-log \
+		--enable-cache-digests \
+		--enable-delay-pools \
+		--enable-referer-log \
+		--enable-arp-acl \
+		--with-large-files \
+		--with-filedescriptors=8192 \
+		--disable-strict-error-checking \
+		$(use_with caps libcap) \
+		$(use_enable ipv6) \
+		$(use_enable snmp) \
+		$(use_enable ssl) \
+		$(use_enable icap-client) \
+		$(use_enable ecap) \
+		$(use_enable zero-penalty-hit zph-qos) \
+		${myconf}
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die "emake install failed"
+
+	# need suid root for looking into /etc/shadow
+	fowners root:squid /usr/libexec/squid/ncsa_auth
+	fperms 4750 /usr/libexec/squid/ncsa_auth
+	if use pam; then
+		fowners root:squid /usr/libexec/squid/pam_auth
+		fperms 4750 /usr/libexec/squid/pam_auth
+	fi
+
+	# some cleanups
+	rm -f "${D}"/usr/bin/Run*
+
+	dodoc CONTRIBUTORS CREDITS ChangeLog QUICKSTART SPONSORS doc/*.txt \
+		helpers/ntlm_auth/no_check/README.no_check_ntlm_auth
+	newdoc helpers/basic_auth/SMB/README README.auth_smb
+	dohtml helpers/basic_auth/MSNT/README.html RELEASENOTES.html
+	newdoc helpers/basic_auth/LDAP/README README.auth_ldap
+	doman helpers/basic_auth/LDAP/*.8
+	dodoc helpers/basic_auth/SASL/squid_sasl_auth*
+
+	newpamd "${FILESDIR}/squid.pam" squid
+	newconfd "${FILESDIR}/squid.confd" squid
+	if use logrotate; then
+		newinitd "${FILESDIR}/squid.initd-logrotate" squid
+		insinto /etc/logrotate.d
+		newins "${FILESDIR}/squid.logrotate" squid
+	else
+		newinitd "${FILESDIR}/squid.initd" squid
+		exeinto /etc/cron.weekly
+		newexe "${FILESDIR}/squid.cron" squid.cron
+	fi
+
+	rm -rf "${D}"/var
+	diropts -m0755 -o squid -g squid
+	keepdir /var/cache/squid /var/log/squid
+}
+
+pkg_postinst() {
+	echo
+	elog "Squid authentication helpers have been installed suid root."
+	elog "This allows shadow based authentication (see bug #52977 for more)."
+	echo
+	elog "Be careful what type of cache_dir you select!"
+	elog "   'diskd' is optimized for high levels of traffic, but it might seem slow"
+	elog "when there isn't sufficient traffic to keep squid reasonably busy."
+	elog "   If your traffic level is low to moderate, use 'aufs' or 'ufs'."
+}
author	Eray Aslan <eras@gentoo.org>	2011-11-01 10:59:29 +0000
committer	Eray Aslan <eras@gentoo.org>	2011-11-01 10:59:29 +0000
commit	e0fb8b6ef40611abb142a831ada924393ee671c7 (patch)
tree	3de130aa86e8361a846690984a00a30a8288d38c /net-proxy
parent	Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo, Elija... (diff)
download	historical-e0fb8b6ef40611abb142a831ada924393ee671c7.tar.gz historical-e0fb8b6ef40611abb142a831ada924393ee671c7.tar.bz2 historical-e0fb8b6ef40611abb142a831ada924393ee671c7.zip