diff options
author | Alin Năstac <mrness@gentoo.org> | 2005-03-03 18:37:02 +0000 |
---|---|---|
committer | Alin Năstac <mrness@gentoo.org> | 2005-03-03 18:37:02 +0000 |
commit | 5b0684f41d1849bb9355c1723302ab3602372250 (patch) | |
tree | a262971ef6a50b79ec231d47561de2b9da785aea /www-proxy/squid | |
parent | recommit manifest. bad epkgmove (diff) | |
download | historical-5b0684f41d1849bb9355c1723302ab3602372250.tar.gz historical-5b0684f41d1849bb9355c1723302ab3602372250.tar.bz2 historical-5b0684f41d1849bb9355c1723302ab3602372250.zip |
security bump (#83955)
Package-Manager: portage-2.0.51-r15
Diffstat (limited to 'www-proxy/squid')
-rw-r--r-- | www-proxy/squid/ChangeLog | 8 | ||||
-rw-r--r-- | www-proxy/squid/Manifest | 21 | ||||
-rw-r--r-- | www-proxy/squid/files/digest-squid-2.5.9 | 2 | ||||
-rw-r--r-- | www-proxy/squid/files/squid-2.5.9-gentoo.diff | 453 | ||||
-rw-r--r-- | www-proxy/squid/squid-2.5.9.ebuild | 198 |
5 files changed, 672 insertions, 10 deletions
diff --git a/www-proxy/squid/ChangeLog b/www-proxy/squid/ChangeLog index 768220cae90c..5703741320d6 100644 --- a/www-proxy/squid/ChangeLog +++ b/www-proxy/squid/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for www-proxy/squid # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-proxy/squid/ChangeLog,v 1.41 2005/02/28 11:18:21 eradicator Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-proxy/squid/ChangeLog,v 1.42 2005/03/03 18:37:02 mrness Exp $ + +*squid-2.5.9 (03 Mar 2005) + + 03 Mar 2005; Alin Nastac <mrness@gentoo.org> + +files/squid-2.5.9-gentoo.diff, +squid-2.5.9.ebuild: + Security bump (#83955). 28 Feb 2005; Jeremy Huddleston <eradicator@gentoo.org> squid-2.5.8-r1.ebuild: diff --git a/www-proxy/squid/Manifest b/www-proxy/squid/Manifest index 0b4a0fb02231..cb0e832e9e4c 100644 --- a/www-proxy/squid/Manifest +++ b/www-proxy/squid/Manifest @@ -1,22 +1,25 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -MD5 d328e3d7b458d5903a153a71308e9dec ChangeLog 14772 -MD5 c0fd2ab16f04e5c691ca42cb5585071a metadata.xml 330 MD5 3a2538e403f25c33ed40b387976acfb9 squid-2.5.8-r1.ebuild 6107 +MD5 e732facd0f62b165ecbe3e07c9677b3c squid-2.5.9.ebuild 6026 MD5 f2881ab9b7a08ed59e6f62d772193dfb squid-2.5.8.ebuild 5893 +MD5 22db25a390a067458cdcb76c3da8259e ChangeLog 14925 +MD5 c0fd2ab16f04e5c691ca42cb5585071a metadata.xml 330 MD5 c2d230465ceefe887175cb8121d0fbc8 files/digest-squid-2.5.8-r1 156 -MD5 5286e7e73ca5687381fa09ff41dccbd1 files/squid-logrotate 101 -MD5 6f30a7f5c48ec35a7044acb189c858c5 files/squid-r1.cron 133 MD5 e4e44e57aa7d93849649c3ceb67a3a65 files/squid.confd 437 +MD5 6f30a7f5c48ec35a7044acb189c858c5 files/squid-r1.cron 133 +MD5 c3048f19a1c725e2c53f86640b752382 files/squid-2.5.8-gentoo.diff 17233 MD5 bea1d2ef8cb2f1590f89bf37f28b9268 files/squid.pam 505 MD5 20bbd41f88ddbcbe57380697c2675862 files/squid.rc6 1980 +MD5 5286e7e73ca5687381fa09ff41dccbd1 files/squid-logrotate 101 +MD5 614800a8c36c2df8967380405cc05aa9 files/squid-2.5.9-gentoo.diff 17233 MD5 b1028824f46381ebe326b5faf0e06d35 files/digest-squid-2.5.8 155 -MD5 c3048f19a1c725e2c53f86640b752382 files/squid-2.5.8-gentoo.diff 17233 +MD5 7aec9f6b933e46cb25a72c56c0993e9e files/digest-squid-2.5.9 156 -----BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.0 (GNU/Linux) +Version: GnuPG v1.2.6 (GNU/Linux) -iD8DBQFCIv4MArHZZzCEUG0RAsnlAJ9WUV5exSGMgw+bNGu2Ph/YgETUggCgiAKA -crAlTkI+293uwysTzC468MQ= -=9hAU +iD8DBQFCJ1lYjiC39V7gKu0RArKwAKCmeeszTnNVPa33e05N4hKPAFUpzwCbBYMI +XeDqk42K8raxUz7SZ8J1YB0= +=oBTz -----END PGP SIGNATURE----- diff --git a/www-proxy/squid/files/digest-squid-2.5.9 b/www-proxy/squid/files/digest-squid-2.5.9 new file mode 100644 index 000000000000..43eeb55a79bf --- /dev/null +++ b/www-proxy/squid/files/digest-squid-2.5.9 @@ -0,0 +1,2 @@ +MD5 5a34a303dcab8851c7ab20e24af69b61 squid-2.5.STABLE9.tar.bz2 1057776 +MD5 51a7419adc3f45cfdd735e4b2e5dcdb9 squid-2.5.STABLE9-patches-20050303.tar.gz 10519 diff --git a/www-proxy/squid/files/squid-2.5.9-gentoo.diff b/www-proxy/squid/files/squid-2.5.9-gentoo.diff new file mode 100644 index 000000000000..9198aa85a9f4 --- /dev/null +++ b/www-proxy/squid/files/squid-2.5.9-gentoo.diff @@ -0,0 +1,453 @@ +diff -Nru squid-2.5.STABLE9.orig/errors/Makefile.in squid-2.5.STABLE9/errors/Makefile.in +--- squid-2.5.STABLE9.orig/errors/Makefile.in 2004-07-10 15:11:41.000000000 +0300 ++++ squid-2.5.STABLE9/errors/Makefile.in 2005-03-03 20:19:24.874936344 +0200 +@@ -118,7 +118,7 @@ + install_sh = @install_sh@ + makesnmplib = @makesnmplib@ + +-errordir = $(datadir)/errors ++errordir = $(libexecdir)/errors + + DEFAULT_ERROR_DIR = $(errordir) + +diff -Nru squid-2.5.STABLE9.orig/helpers/basic_auth/SMB/Makefile.in squid-2.5.STABLE9/helpers/basic_auth/SMB/Makefile.in +--- squid-2.5.STABLE9.orig/helpers/basic_auth/SMB/Makefile.in 2004-07-10 15:11:41.000000000 +0300 ++++ squid-2.5.STABLE9/helpers/basic_auth/SMB/Makefile.in 2005-03-03 20:19:24.875936192 +0200 +@@ -128,7 +128,7 @@ + makesnmplib = @makesnmplib@ + + SMB_AUTH_HELPER = smb_auth.sh +-SAMBAPREFIX = /usr/local/samba ++SAMBAPREFIX = /usr + SMB_AUTH_HELPER_PATH = $(libexecdir)/$(SMB_AUTH_HELPER) + + libexec_SCRIPTS = $(SMB_AUTH_HELPER) +diff -Nru squid-2.5.STABLE9.orig/helpers/basic_auth/SMB/smb_auth.sh squid-2.5.STABLE9/helpers/basic_auth/SMB/smb_auth.sh +--- squid-2.5.STABLE9.orig/helpers/basic_auth/SMB/smb_auth.sh 2001-01-08 01:36:46.000000000 +0200 ++++ squid-2.5.STABLE9/helpers/basic_auth/SMB/smb_auth.sh 2005-03-03 20:19:24.876936040 +0200 +@@ -24,7 +24,7 @@ + read AUTHSHARE + read AUTHFILE + read SMBUSER +-read SMBPASS ++read -r SMBPASS + + # Find domain controller + echo "Domain name: $DOMAINNAME" +@@ -47,7 +47,7 @@ + addropt="" + fi + echo "Query address options: $addropt" +-dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'` ++dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'` + echo "Domain controller IP address: $dcip" + [ -n "$dcip" ] || exit 1 + +diff -Nru squid-2.5.STABLE9.orig/icons/Makefile.in squid-2.5.STABLE9/icons/Makefile.in +--- squid-2.5.STABLE9.orig/icons/Makefile.in 2004-07-10 15:11:47.000000000 +0300 ++++ squid-2.5.STABLE9/icons/Makefile.in 2005-03-03 20:19:24.876936040 +0200 +@@ -146,7 +146,7 @@ + anthony-xpm.gif + + +-icondir = $(datadir)/icons ++icondir = $(libexecdir)/icons + icon_DATA = $(ICON1) $(ICON2) + EXTRA_DIST = $(ICON1) $(ICON2) icons.shar + DISTCLEANFILES = +diff -Nru squid-2.5.STABLE9.orig/snmplib/snmp_api.c squid-2.5.STABLE9/snmplib/snmp_api.c +--- squid-2.5.STABLE9.orig/snmplib/snmp_api.c 2002-02-13 03:43:43.000000000 +0200 ++++ squid-2.5.STABLE9/snmplib/snmp_api.c 2005-03-03 20:19:24.877935888 +0200 +@@ -121,7 +121,7 @@ + } + + /* +- * Parses the packet recieved on the input session, and places the data into ++ * Parses the packet received on the input session, and places the data into + * the input pdu. length is the length of the input packet. If any errors + * are encountered, NULL is returned. If not, the community is. + */ +diff -Nru squid-2.5.STABLE9.orig/src/Makefile.in squid-2.5.STABLE9/src/Makefile.in +--- squid-2.5.STABLE9.orig/src/Makefile.in 2004-09-26 00:37:59.000000000 +0300 ++++ squid-2.5.STABLE9/src/Makefile.in 2005-03-03 20:19:24.878935736 +0200 +@@ -376,18 +376,18 @@ + DEFAULT_CONFIG_FILE = $(sysconfdir)/squid.conf + DEFAULT_MIME_TABLE = $(sysconfdir)/mime.conf + DEFAULT_DNSSERVER = $(libexecdir)/`echo dnsserver | sed '$(transform);s/$$/$(EXEEXT)/'` +-DEFAULT_LOG_PREFIX = $(localstatedir)/logs +-DEFAULT_CACHE_LOG = $(DEFAULT_LOG_PREFIX)/cache.log +-DEFAULT_ACCESS_LOG = $(DEFAULT_LOG_PREFIX)/access.log +-DEFAULT_STORE_LOG = $(DEFAULT_LOG_PREFIX)/store.log +-DEFAULT_PID_FILE = $(DEFAULT_LOG_PREFIX)/squid.pid +-DEFAULT_SWAP_DIR = $(localstatedir)/cache ++DEFAULT_LOG_PREFIX = $(localstatedir)/log ++DEFAULT_CACHE_LOG = $(localstatedir)/log/squid/cache.log ++DEFAULT_ACCESS_LOG = $(localstatedir)/log/squid/access.log ++DEFAULT_STORE_LOG = $(localstatedir)/log/squid/store.log ++DEFAULT_PID_FILE = $(localstatedir)/run/squid.pid ++DEFAULT_SWAP_DIR = $(localstatedir)/cache/squid + DEFAULT_PINGER = $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'` + DEFAULT_UNLINKD = $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'` + DEFAULT_DISKD = $(libexecdir)/`echo diskd | sed '$(transform);s/$$/$(EXEEXT)/'` +-DEFAULT_ICON_DIR = $(datadir)/icons +-DEFAULT_ERROR_DIR = $(datadir)/errors/@ERR_DEFAULT_LANGUAGE@ +-DEFAULT_MIB_PATH = $(datadir)/mib.txt ++DEFAULT_ICON_DIR = $(libexecdir)/icons ++DEFAULT_ERROR_DIR = $(sysconfdir)/errors ++DEFAULT_MIB_PATH = $(libexecdir)/mib.txt + + DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" + +@@ -838,12 +838,12 @@ + uninstall-info-am: + install-dataDATA: $(data_DATA) + @$(NORMAL_INSTALL) +- $(mkinstalldirs) $(DESTDIR)$(datadir) ++ $(mkinstalldirs) $(DESTDIR)$(libexecdir) + @list='$(data_DATA)'; for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + f="`echo $$p | sed -e 's|^.*/||'`"; \ +- echo " $(INSTALL_DATA) $$d$$p $(DESTDIR)$(datadir)/$$f"; \ +- $(INSTALL_DATA) $$d$$p $(DESTDIR)$(datadir)/$$f; \ ++ echo " $(INSTALL_DATA) $$d$$p $(DESTDIR)$(libexecdir)/$$f"; \ ++ $(INSTALL_DATA) $$d$$p $(DESTDIR)$(libexecdir)/$$f; \ + done + + uninstall-dataDATA: +diff -Nru squid-2.5.STABLE9.orig/src/auth/digest/auth_digest.c squid-2.5.STABLE9/src/auth/digest/auth_digest.c +--- squid-2.5.STABLE9.orig/src/auth/digest/auth_digest.c 2004-08-29 01:31:15.000000000 +0300 ++++ squid-2.5.STABLE9/src/auth/digest/auth_digest.c 2005-03-03 20:19:24.879935584 +0200 +@@ -1252,7 +1252,7 @@ + nonce = authenticateDigestNonceFindNonce(digest_request->nonceb64); + if (!nonce) { + /* we couldn't find a matching nonce! */ +- debug(29, 4) ("authenticateDigestDecode: Unexpected or invalid nonce recieved\n"); ++ debug(29, 4) ("authenticateDigestDecode: Unexpected or invalid nonce received\n"); + authDigestLogUsername(auth_user_request, username); + + /* we don't need the scheme specific data anymore */ +@@ -1266,8 +1266,8 @@ + /* check the qop is what we expected. Note that for compatability with + * RFC 2069 we should support a missing qop. Tough. */ + if (!digest_request->qop || strcmp(digest_request->qop, QOP_AUTH)) { +- /* we recieved a qop option we didn't send */ +- debug(29, 4) ("authenticateDigestDecode: Invalid qop option recieved\n"); ++ /* we received a qop option we didn't send */ ++ debug(29, 4) ("authenticateDigestDecode: Invalid qop option received\n"); + authDigestLogUsername(auth_user_request, username); + + /* we don't need the scheme specific data anymore */ +diff -Nru squid-2.5.STABLE9.orig/src/auth/ntlm/auth_ntlm.c squid-2.5.STABLE9/src/auth/ntlm/auth_ntlm.c +--- squid-2.5.STABLE9.orig/src/auth/ntlm/auth_ntlm.c 2005-02-04 01:22:12.000000000 +0200 ++++ squid-2.5.STABLE9/src/auth/ntlm/auth_ntlm.c 2005-03-03 20:19:24.880935432 +0200 +@@ -950,7 +950,7 @@ + } + switch (ntlm_request->auth_state) { + case AUTHENTICATE_STATE_NONE: +- /* we've recieved a negotiate request. pass to a helper */ ++ /* we've received a negotiate request. pass to a helper */ + debug(29, 9) ("authenticateNTLMAuthenticateUser: auth state ntlm none. %s\n", proxy_auth); + ntlm_request->auth_state = AUTHENTICATE_STATE_NEGOTIATE; + ntlm_request->ntlmnegotiate = xstrdup(proxy_auth); +@@ -969,7 +969,7 @@ + return; + break; + case AUTHENTICATE_STATE_CHALLENGE: +- /* we should have recieved a NTLM challenge. pass it to the same ++ /* we should have received a NTLM challenge. pass it to the same + * helper process */ + debug(29, 9) ("authenticateNTLMAuthenticateUser: auth state challenge with header %s.\n", proxy_auth); + /* do a cache lookup here. If it matches it's a successful ntlm +diff -Nru squid-2.5.STABLE9.orig/src/cf.data.pre squid-2.5.STABLE9/src/cf.data.pre +--- squid-2.5.STABLE9.orig/src/cf.data.pre 2005-02-23 02:06:34.000000000 +0200 ++++ squid-2.5.STABLE9/src/cf.data.pre 2005-03-03 20:19:24.883934976 +0200 +@@ -156,12 +156,12 @@ + NAME: htcp_port + IFDEF: USE_HTCP + TYPE: ushort +-DEFAULT: 4827 ++DEFAULT: 0 + LOC: Config.Port.htcp + DOC_START + The port number where Squid sends and receives HTCP queries to +- and from neighbor caches. Default is 4827. To disable use +- "0". ++ and from neighbor caches. To turn it on you want to set it to ++ 4827. By default it is set to "0" (disabled). + DOC_END + + +@@ -2100,7 +2100,7 @@ + # acls. + + acl aclname rep_mime_type mime-type1 ... +- # regex match against the mime type of the reply recieved by ++ # regex match against the mime type of the reply received by + # squid. Can be used to detect file download or some + # types HTTP tunelling requests. + # NOTE: This has no effect in http_access rules. It only has +@@ -2140,6 +2140,8 @@ + acl Safe_ports port 488 # gss-http + acl Safe_ports port 591 # filemaker + acl Safe_ports port 777 # multiling http ++acl Safe_ports port 901 # SWAT ++acl purge method PURGE + acl CONNECT method CONNECT + NOCOMMENT_END + DOC_END +@@ -2173,6 +2175,9 @@ + # Only allow cachemgr access from localhost + http_access allow manager localhost + http_access deny manager ++# Only allow purge requests from localhost ++http_access allow purge localhost ++http_access deny purge + # Deny requests to unknown ports + http_access deny !Safe_ports + # Deny CONNECT to other than SSL ports +@@ -2191,6 +2196,9 @@ + #acl our_networks src 192.168.1.0/24 192.168.2.0/24 + #http_access allow our_networks + ++# Allow the localhost to have access by default ++http_access allow localhost ++ + # And finally deny all other access to this proxy + http_access deny all + NOCOMMENT_END +@@ -2388,7 +2396,7 @@ + DOC_START + This option specifies the maximum size of a reply body in bytes. + It can be used to prevent users from downloading very large files, +- such as MP3's and movies. When the reply headers are recieved, ++ such as MP3's and movies. When the reply headers are received, + the reply_body_max_size lines are processed, and the first line with + a result of "allow" is used as the maximum body size for this reply. + This size is checked twice. First when we get the reply headers, +@@ -2415,7 +2423,7 @@ + + NAME: cache_mgr + TYPE: string +-DEFAULT: webmaster ++DEFAULT: root + LOC: Config.adminEmail + DOC_START + Email-address of local cache manager who will receive +@@ -2425,7 +2433,7 @@ + + NAME: cache_effective_user + TYPE: string +-DEFAULT: nobody ++DEFAULT: squid + LOC: Config.effectiveUser + DOC_START + If you start Squid as root, it will change its effective/real +@@ -2440,7 +2448,7 @@ + + NAME: cache_effective_group + TYPE: string +-DEFAULT: none ++DEFAULT: squid + LOC: Config.effectiveGroup + DOC_START + If you want Squid to run with a specific GID regardless of +@@ -2592,7 +2600,7 @@ + DOC_START + If you are running Squid as an accelerator and have a single backend + server set this to on. This causes Squid to forward the request +- to this server, regardles of what any redirectors or Host headers ++ to this server, regardless of what any redirectors or Host headers + say. + + Leave this at off if you have multiple backend servers, and use a +@@ -3229,7 +3237,11 @@ + If you wish to create your own versions of the default + (English) error files, either to customize them to suit your + language or company copy the template English files to another +- directory and point this tag at them. ++ directory where the error files are read from. ++ /usr/lib/squid/errors contains sets of error files ++ in different languages. The default error directory ++ is /etc/squid/errors, which is a link to one of these ++ error sets. + DOC_END + + NAME: maximum_single_addr_tries +@@ -3263,12 +3275,15 @@ + NAME: snmp_port + TYPE: ushort + LOC: Config.Port.snmp +-DEFAULT: 3401 ++DEFAULT: 0 + IFDEF: SQUID_SNMP + DOC_START + Squid can now serve statistics and status information via SNMP. + By default it listens to port 3401 on the machine. If you don't + wish to use SNMP, set this to "0". ++ ++ Note: on Gentoo Linux, the default is zero - you need to ++ set it to 3401 to enable it. + DOC_END + + NAME: snmp_access +diff -Nru squid-2.5.STABLE9.orig/src/debug.c squid-2.5.STABLE9/src/debug.c +--- squid-2.5.STABLE9.orig/src/debug.c 2001-12-17 20:01:54.000000000 +0200 ++++ squid-2.5.STABLE9/src/debug.c 2005-03-03 20:19:24.884934824 +0200 +@@ -200,9 +200,9 @@ + } + debugOpenLog(logfile); + +-#if HAVE_SYSLOG && defined(LOG_LOCAL4) ++#if HAVE_SYSLOG + if (opt_syslog_enable) +- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); ++ openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON); + #endif /* HAVE_SYSLOG */ + + } +diff -Nru squid-2.5.STABLE9.orig/src/defines.h squid-2.5.STABLE9/src/defines.h +--- squid-2.5.STABLE9.orig/src/defines.h 2002-08-08 23:17:39.000000000 +0300 ++++ squid-2.5.STABLE9/src/defines.h 2005-03-03 20:19:24.884934824 +0200 +@@ -219,7 +219,7 @@ + + /* were to look for errors if config path fails */ + #ifndef DEFAULT_SQUID_ERROR_DIR +-#define DEFAULT_SQUID_ERROR_DIR "/usr/local/squid/etc/errors" ++#define DEFAULT_SQUID_ERROR_DIR "/usr/lib/squid/errors/English" + #endif + + /* gb_type operations */ +diff -Nru squid-2.5.STABLE9.orig/src/delay_pools.c squid-2.5.STABLE9/src/delay_pools.c +--- squid-2.5.STABLE9.orig/src/delay_pools.c 2003-06-19 02:53:35.000000000 +0300 ++++ squid-2.5.STABLE9/src/delay_pools.c 2005-03-03 20:19:24.885934672 +0200 +@@ -609,7 +609,7 @@ + } + + /* +- * this records actual bytes recieved. always recorded, even if the ++ * this records actual bytes received. always recorded, even if the + * class is disabled - it's more efficient to just do it than to do all + * the checks. + */ +diff -Nru squid-2.5.STABLE9.orig/src/main.c squid-2.5.STABLE9/src/main.c +--- squid-2.5.STABLE9.orig/src/main.c 2005-02-21 04:55:04.000000000 +0200 ++++ squid-2.5.STABLE9/src/main.c 2005-03-03 20:19:24.887934368 +0200 +@@ -326,6 +326,21 @@ + asnFreeMemory(); + } + ++#if USE_UNLINKD ++static int ++needUnlinkd(void) ++{ ++ int i; ++ int r = 0; ++ for (i = 0; i < Config.cacheSwap.n_configured; i++) { ++ if (strcmp(Config.cacheSwap.swapDirs[i].type, "ufs") == 0 || ++ strcmp(Config.cacheSwap.swapDirs[i].type, "diskd") == 0) ++ r++; ++ } ++ return r; ++} ++#endif ++ + static void + mainReconfigure(void) + { +@@ -351,6 +366,7 @@ + redirectShutdown(); + authenticateShutdown(); + externalAclShutdown(); ++ unlinkdClose(); + storeDirCloseSwapLogs(); + storeLogClose(); + accessLogClose(); +@@ -381,6 +397,9 @@ + #if USE_WCCP + wccpInit(); + #endif ++#if USE_UNLINKD ++ if (needUnlinkd()) unlinkdInit(); ++#endif + serverConnectionsOpen(); + if (theOutIcpConnection >= 0) { + if (!Config2.Accel.on || Config.onoff.accel_with_proxy) +@@ -525,7 +544,7 @@ + + if (!configured_once) { + #if USE_UNLINKD +- unlinkdInit(); ++ if (needUnlinkd()) unlinkdInit(); + #endif + urlInitialize(); + cachemgrInit(); +@@ -860,7 +879,7 @@ + int nullfd; + if (*(argv[0]) == '(') + return; +- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); ++ openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON); + if ((pid = fork()) < 0) + syslog(LOG_ALERT, "fork failed: %s", xstrerror()); + else if (pid > 0) +@@ -894,14 +913,14 @@ + mainStartScript(argv[0]); + if ((pid = fork()) == 0) { + /* child */ +- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); ++ openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON); + prog = xstrdup(argv[0]); + argv[0] = xstrdup("(squid)"); + execvp(prog, argv); + syslog(LOG_ALERT, "execvp failed: %s", xstrerror()); + } + /* parent */ +- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); ++ openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON); + syslog(LOG_NOTICE, "Squid Parent: child process %d started", pid); + time(&start); + squid_signal(SIGINT, SIG_IGN, SA_RESTART); +diff -Nru squid-2.5.STABLE9.orig/src/mib.txt squid-2.5.STABLE9/src/mib.txt +--- squid-2.5.STABLE9.orig/src/mib.txt 2004-06-01 01:39:00.000000000 +0300 ++++ squid-2.5.STABLE9/src/mib.txt 2005-03-03 20:19:24.887934368 +0200 +@@ -290,7 +290,7 @@ + MAX-ACCESS read-only + STATUS current + DESCRIPTION +- " Number of HTTP KB's recieved " ++ " Number of HTTP KB's received " + ::= { cacheProtoAggregateStats 4 } + + cacheHttpOutKb OBJECT-TYPE +@@ -330,7 +330,7 @@ + MAX-ACCESS read-only + STATUS current + DESCRIPTION +- " Number of ICP KB's recieved " ++ " Number of ICP KB's received " + ::= { cacheProtoAggregateStats 9 } + + cacheServerRequests OBJECT-TYPE +@@ -354,7 +354,7 @@ + MAX-ACCESS read-only + STATUS current + DESCRIPTION +- " KB's of traffic recieved from servers " ++ " KB's of traffic received from servers " + ::= { cacheProtoAggregateStats 12 } + + cacheServerOutKb OBJECT-TYPE +diff -Nru squid-2.5.STABLE9.orig/src/url.c squid-2.5.STABLE9/src/url.c +--- squid-2.5.STABLE9.orig/src/url.c 2003-01-18 16:16:49.000000000 +0200 ++++ squid-2.5.STABLE9/src/url.c 2005-03-03 20:19:24.888934216 +0200 +@@ -312,8 +312,8 @@ + return NULL; + } + #endif +- if (Config.appendDomain && !strchr(host, '.')) +- strncat(host, Config.appendDomain, SQUIDHOSTNAMELEN); ++ if (Config.appendDomain && !strchr(host, '.') && strcasecmp(host, "localhost") != 0) ++ strncat(host, Config.appendDomain, SQUIDHOSTNAMELEN); + /* remove trailing dots from hostnames */ + while ((l = strlen(host)) > 0 && host[--l] == '.') + host[l] = '\0'; diff --git a/www-proxy/squid/squid-2.5.9.ebuild b/www-proxy/squid/squid-2.5.9.ebuild new file mode 100644 index 000000000000..041bcda9345f --- /dev/null +++ b/www-proxy/squid/squid-2.5.9.ebuild @@ -0,0 +1,198 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-proxy/squid/squid-2.5.9.ebuild,v 1.1 2005/03/03 18:37:02 mrness Exp $ + +inherit eutils toolchain-funcs + +#lame archive versioning scheme.. +S_PV=${PV%.*} +S_PL=${PV##*.} +S_PP=${PN}-${S_PV}.STABLE${S_PL} +PATCH_VERSION="20050303" + +DESCRIPTION="A caching web proxy, with advanced features" +HOMEPAGE="http://www.squid-cache.org/" + +S=${WORKDIR}/${S_PP} +SRC_URI="ftp://ftp.squid-cache.org/pub/squid-2/STABLE/${S_PP}.tar.bz2 + mirror://gentoo/${S_PP}-patches-${PATCH_VERSION}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc x86 ~mips" +IUSE="pam ldap ssl sasl snmp debug uclibc selinux underscores logrotate" + +RDEPEND="virtual/libc + pam? ( >=sys-libs/pam-0.75 ) + ldap? ( >=net-nds/openldap-2.1.26 ) + ssl? ( >=dev-libs/openssl-0.9.6m ) + sasl? ( >=dev-libs/cyrus-sasl-1.5.27 ) + selinux? ( sec-policy/selinux-squid ) + !mips? ( logrotate? ( app-admin/logrotate ) )" +DEPEND="${RDEPEND} dev-lang/perl" + +src_unpack() { + unpack ${A} || die "unpack failed" + cd ${S} || die "dir ${S} not found" + + #do NOT just remove this patch. yes, it's here for a reason. + #woodchip@gentoo.org (07 Nov 2002) + patch -p1 <${FILESDIR}/squid-${PV}-gentoo.diff || die "failed to apply squid-{PV}-gentoo.diff" + + # Do bulk patching from squids bug fix list for stable 6 see #57081 + EPATCH_SUFFIX="patch" epatch ${WORKDIR}/patch + + #hmm #10865 + cd helpers/external_acl/ldap_group + cp Makefile.in Makefile.in.orig + sed -e 's%^\(LINK =.*\)\(-o.*\)%\1\$(XTRA_LIBS) \2%' \ + Makefile.in.orig > Makefile.in + + if ! use debug + then + cd ${S} + mv configure.in configure.in.orig + sed -e 's%LDFLAGS="-g"%LDFLAGS=""%' configure.in.orig > configure.in + export WANT_AUTOCONF=2.1 + autoconf || die "autoconf failed" + fi +} + +src_compile() { + # Support for uclibc #61175 + if use uclibc; then + local basic_modules="getpwnam,NCSA,SMB,MSNT,multi-domain-NTLM,winbind" + else + local basic_modules="getpwnam,YP,NCSA,SMB,MSNT,multi-domain-NTLM,winbind" + fi + + use ldap && basic_modules="LDAP,${basic_modules}" + use pam && basic_modules="PAM,${basic_modules}" + use sasl && basic_modules="SASL,${basic_modules}" + # SASL 1 / 2 Supported Natively + + local ext_helpers="ip_user,unix_group,wbinfo_group,winbind_group" + use ldap && ext_helpers="ldap_group,${ext_helpers}" + + local myconf="" + use snmp && myconf="${myconf} --enable-snmp" || myconf="${myconf} --disable-snmp" + use ssl && myconf="${myconf} --enable-ssl" || myconf="${myconf} --disable-ssl" + + use amd64 && myconf="${myconf} --disable-internal-dns " + + if use underscores; then + ewarn "Enabling underscores in domain names will result in dns resolution" + ewarn "failure if your local DNS client (probably bind) is not compatible." + myconf="${myconf} --enable-underscores" + fi + + # Support for uclibc #61175 + if use uclibc; then + myconf="${myconf} --enable-storeio='ufs,diskd,aufs,null' " + myconf="${myconf} --disable-async-io " + else + myconf="${myconf} --enable-storeio='ufs,diskd,coss,aufs,null' " + myconf="${myconf} --enable-async-io " + fi + + export CC=$(tc-getCC) + + ./configure \ + --prefix=/usr \ + --bindir=/usr/bin \ + --exec-prefix=/usr \ + --sbindir=/usr/sbin \ + --localstatedir=/var \ + --mandir=/usr/share/man \ + --sysconfdir=/etc/squid \ + --libexecdir=/usr/lib/squid \ + \ + --enable-auth="basic,digest,ntlm" \ + --enable-removal-policies="lru,heap" \ + --enable-digest-auth-helpers="password" \ + --enable-basic-auth-helpers=${basic_modules} \ + --enable-external-acl-helpers=${ext_helpers} \ + --enable-ntlm-auth-helpers="SMB,fakeauth,no_check,winbind" \ + --enable-linux-netfilter \ + --enable-ident-lookups \ + --enable-useragent-log \ + --enable-cache-digests \ + --enable-delay-pools \ + --enable-referer-log \ + --enable-truncate \ + --enable-arp-acl \ + --with-pthreads \ + --enable-htcp \ + --enable-carp \ + --enable-poll \ + --host=${CHOST} ${myconf} || die "bad ./configure" + #--enable-icmp + + mv include/autoconf.h include/autoconf.h.orig + sed -e "s:^#define SQUID_MAXFD.*:#define SQUID_MAXFD 8192:" \ + include/autoconf.h.orig > include/autoconf.h + +# if [ "${ARCH}" = "hppa" ] +# then +# mv include/autoconf.h include/autoconf.h.orig +# sed -e "s:^#define HAVE_MALLOPT 1:#undef HAVE_MALLOPT:" \ +# include/autoconf.h.orig > include/autoconf.h +# fi + + emake || die "compile problem" +} + +src_install() { + make DESTDIR=${D} install || die + + #--enable-icmp + #make -C src install-pinger libexecdir=${D}/usr/lib/squid || die + #chown root:squid ${D}/usr/lib/squid/pinger + #chmod 4750 ${D}/usr/lib/squid/pinger + + #need suid root for looking into /etc/shadow + chown root:squid ${D}/usr/lib/squid/ncsa_auth + chown root:squid ${D}/usr/lib/squid/pam_auth + chmod 4750 ${D}/usr/lib/squid/ncsa_auth + chmod 4750 ${D}/usr/lib/squid/pam_auth + + #some clean ups + rm -rf ${D}/var + mv ${D}/usr/bin/Run* ${D}/usr/lib/squid + + #simply switch this symlink to choose the desired language.. + dosym /usr/lib/squid/errors/English /etc/squid/errors + + dodoc CONTRIBUTORS COPYING COPYRIGHT CREDITS \ + ChangeLog QUICKSTART SPONSORS doc/*.txt \ + helpers/ntlm_auth/no_check/README.no_check_ntlm_auth + newdoc helpers/basic_auth/SMB/README README.auth_smb + dohtml helpers/basic_auth/MSNT/README.html RELEASENOTES.html + newdoc helpers/basic_auth/LDAP/README README.auth_ldap + doman helpers/basic_auth/LDAP/*.8 + dodoc helpers/basic_auth/SASL/squid_sasl_auth* + + insinto /etc/pam.d + newins ${FILESDIR}/squid.pam squid + exeinto /etc/init.d + newexe ${FILESDIR}/squid.rc6 squid + insinto /etc/conf.d + newins ${FILESDIR}/squid.confd squid + if useq logrotate; then + insinto /etc/logrotate.d + newins ${FILESDIR}/squid-logrotate squid + else + exeinto /etc/cron.weekly + newexe ${FILESDIR}/squid-r1.cron squid.cron + fi + + diropts -m0755 -o squid -g squid + dodir /var/cache/squid /var/log/squid +} + +pkg_postinst() { + echo + ewarn "Squid authentication helpers have been installed suid root" + ewarn "This allows shadow based authentication, see bug #52977 for more" + echo +} |