diff options
Diffstat (limited to 'net-proxy')
| -rw-r--r-- | net-proxy/squid/ChangeLog | 8 | ||||
| -rw-r--r-- | net-proxy/squid/files/squid-3.1.15-gentoo.patch | 289 | ||||
| -rw-r--r-- | net-proxy/squid/squid-3.1.15.ebuild | 209 |
3 files changed, 505 insertions, 1 deletions
diff --git a/net-proxy/squid/ChangeLog b/net-proxy/squid/ChangeLog index 92a9b8835c62..aadf25406b67 100644 --- a/net-proxy/squid/ChangeLog +++ b/net-proxy/squid/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-proxy/squid # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.320 2011/04/30 12:46:52 flameeyes Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.321 2011/08/31 08:10:58 eras Exp $ + +*squid-3.1.15 (31 Aug 2011) + + 31 Aug 2011; Eray Aslan <eras@gentoo.org> +squid-3.1.15.ebuild, + +files/squid-3.1.15-gentoo.patch: + version bump - security bug #381065 30 Apr 2011; Diego E. Pettenò <flameeyes@gentoo.org> squid-3.1.12.ebuild: Fix install with USE=-pam. diff --git a/net-proxy/squid/files/squid-3.1.15-gentoo.patch b/net-proxy/squid/files/squid-3.1.15-gentoo.patch new file mode 100644 index 000000000000..09c9600b6c8e --- /dev/null +++ b/net-proxy/squid/files/squid-3.1.15-gentoo.patch @@ -0,0 +1,289 @@ +diff --git a/configure.ac b/configure.ac +index 23922c0..f359a00 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -16,9 +16,9 @@ PRESET_CFLAGS="$CFLAGS" + PRESET_LDFLAGS="$LDFLAGS" + + dnl Set default LDFLAGS +-if test -z "$LDFLAGS"; then +- LDFLAGS="-g" +-fi ++dnl if test -z "$LDFLAGS"; then ++dnl LDFLAGS="-g" ++dnl fi + + dnl Check for GNU cc + AC_PROG_CC +diff --git a/helpers/basic_auth/MSNT/confload.c b/helpers/basic_auth/MSNT/confload.c +index e04365e..7241b3f 100644 +--- a/helpers/basic_auth/MSNT/confload.c ++++ b/helpers/basic_auth/MSNT/confload.c +@@ -27,7 +27,7 @@ + + /* Path to configuration file */ + #ifndef SYSCONFDIR +-#define SYSCONFDIR "/usr/local/squid/etc" ++#define SYSCONFDIR "/etc/squid" + #endif + #define CONFIGFILE SYSCONFDIR "/msntauth.conf" + +diff --git a/helpers/basic_auth/MSNT/msntauth.conf.default b/helpers/basic_auth/MSNT/msntauth.conf.default +index 323bc1c..c3d7d21 100644 +--- a/helpers/basic_auth/MSNT/msntauth.conf.default ++++ b/helpers/basic_auth/MSNT/msntauth.conf.default +@@ -8,6 +8,6 @@ server my_PDC my_BDC my_NTdomain + server other_PDC other_BDC otherdomain + + # Denied and allowed users. Comment these if not needed. +-#denyusers /usr/local/squid/etc/msntauth.denyusers +-#allowusers /usr/local/squid/etc/msntauth.allowusers ++#denyusers /etc/squid/msntauth.denyusers ++#allowusers /etc/squid/msntauth.allowusers + +diff --git a/helpers/basic_auth/SMB/smb_auth.sh b/helpers/basic_auth/SMB/smb_auth.sh +index 2a1abb3..b3ebb7a 100755 +--- a/helpers/basic_auth/SMB/smb_auth.sh ++++ b/helpers/basic_auth/SMB/smb_auth.sh +@@ -24,7 +24,7 @@ read NMBCAST + read AUTHSHARE + read AUTHFILE + read SMBUSER +-read SMBPASS ++read -r SMBPASS + + # Find domain controller + echo "Domain name: $DOMAINNAME" +@@ -47,7 +47,7 @@ else + addropt="" + fi + echo "Query address options: $addropt" +-dcip=`nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'` ++dcip=`nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'` + echo "Domain controller IP address: $dcip" + [ -n "$dcip" ] || exit 1 + +diff --git a/helpers/external_acl/session/squid_session.8 b/helpers/external_acl/session/squid_session.8 +index 7808f41..d86e320 100644 +--- a/helpers/external_acl/session/squid_session.8 ++++ b/helpers/external_acl/session/squid_session.8 +@@ -35,7 +35,7 @@ the first request. + .P + Configuration example using the default automatic mode + .IP +-external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/local/squid/libexec/squid_session ++external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/libexec/squid/squid_session + .IP + acl session external session + .IP +diff --git a/helpers/external_acl/unix_group/squid_unix_group.8 b/helpers/external_acl/unix_group/squid_unix_group.8 +index 72aa1a3..cde5f20 100644 +--- a/helpers/external_acl/unix_group/squid_unix_group.8 ++++ b/helpers/external_acl/unix_group/squid_unix_group.8 +@@ -27,7 +27,7 @@ Strip NT domain name component from user names (/ or \\ separated) + This squid.conf example defines two Squid acls. usergroup1 matches users in group1, and usergroup2 + matches users in group2 or group3 + .IP +-external_acl_type unix_group %LOGIN /usr/local/squid/libexec/squid_unix_group -p ++external_acl_type unix_group %LOGIN /usr/libexec/squid/squid_unix_group -p + .IP + acl usergroup1 external unix_group group1 + .IP +diff --git a/helpers/negotiate_auth/squid_kerb_auth/configure.ac b/helpers/negotiate_auth/squid_kerb_auth/configure.ac +index e78f61e..ca6c0c2 100644 +--- a/helpers/negotiate_auth/squid_kerb_auth/configure.ac ++++ b/helpers/negotiate_auth/squid_kerb_auth/configure.ac +@@ -17,6 +17,7 @@ dnl Process this file with autoconf to produce a configure script. + + AC_INIT([squid_kerb_auth],[1.0.5],[markus_moeller@compuserve.com]) + AM_INIT_AUTOMAKE(squid_kerb_auth,1.0.5) ++AM_MAINTAINER_MODE + AC_CONFIG_SRCDIR([squid_kerb_auth.c]) + + AC_PROG_CC +diff --git a/src/Makefile.am b/src/Makefile.am +index e1c0be4..423553e 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -639,7 +639,6 @@ BUILT_SOURCES = \ + + sysconf_DATA = \ + squid.conf.default \ +- squid.conf.documented \ + mime.conf.default + + data_DATA = \ +@@ -724,9 +724,9 @@ + DEFAULT_ACCESS_LOG = $(DEFAULT_LOG_PREFIX)/access.log + DEFAULT_STORE_LOG = $(DEFAULT_LOG_PREFIX)/store.log + DEFAULT_PID_FILE = $(DEFAULT_PIDFILE) +-DEFAULT_NETDB_FILE = $(DEFAULT_LOG_PREFIX)/netdb.state +-DEFAULT_SWAP_DIR = $(localstatedir)/cache +-DEFAULT_SSL_DB_DIR = $(localstatedir)/lib/ssl_db ++DEFAULT_NETDB_FILE = $(localstatedir)/run//netdb.state ++DEFAULT_SWAP_DIR = $(localstatedir)/cache/squid ++DEFAULT_SSL_DB_DIR = $(localstatedir)/lib/squid/ssl_db + DEFAULT_PINGER = $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'` + DEFAULT_UNLINKD = $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'` + DEFAULT_DISKD = $(libexecdir)/`echo diskd | sed '$(transform);s/$$/$(EXEEXT)/'` +@@ -802,13 +801,11 @@ install-data-local: install-sysconfDATA install-dataDATA + @if test -f $(DESTDIR)$(DEFAULT_CONFIG_FILE) ; then \ + echo "$@ will not overwrite existing $(DESTDIR)$(DEFAULT_CONFIG_FILE)" ; \ + else \ +- echo "$(INSTALL_DATA) squid.conf.default $(DESTDIR)$(DEFAULT_CONFIG_FILE)"; \ +- $(INSTALL_DATA) squid.conf.default $(DESTDIR)$(DEFAULT_CONFIG_FILE); \ ++ echo "$(INSTALL_DATA) squid.conf.documented $(DESTDIR)$(DEFAULT_CONFIG_FILE)"; \ ++ $(INSTALL_DATA) squid.conf.documented $(DESTDIR)$(DEFAULT_CONFIG_FILE); \ + fi +- echo "$(INSTALL_DATA) squid.conf.default $(DESTDIR)$(DEFAULT_CONFIG_FILE).default"; \ +- $(INSTALL_DATA) squid.conf.default $(DESTDIR)$(DEFAULT_CONFIG_FILE).default; \ +- echo "$(INSTALL_DATA) squid.conf.documented $(DESTDIR)$(DEFAULT_CONFIG_FILE).documented"; \ +- $(INSTALL_DATA) squid.conf.documented $(DESTDIR)$(DEFAULT_CONFIG_FILE).documented; \ ++ echo "$(INSTALL_DATA) squid.conf.documented $(DESTDIR)$(DEFAULT_CONFIG_FILE).default"; \ ++ $(INSTALL_DATA) squid.conf.documented $(DESTDIR)$(DEFAULT_CONFIG_FILE).default; \ + $(mkinstalldirs) $(DESTDIR)$(DEFAULT_LOG_PREFIX); \ + $(mkinstalldirs) $(DESTDIR)$(DEFAULT_SWAP_DIR); \ + $(mkinstalldirs) $(DESTDIR)`dirname $(DEFAULT_PID_FILE)` +diff --git a/src/cf.data.pre b/src/cf.data.pre +index b504918..56928c4 100644 +--- a/src/cf.data.pre ++++ b/src/cf.data.pre +@@ -768,6 +768,7 @@ acl Safe_ports port 280 # http-mgmt + acl Safe_ports port 488 # gss-http + acl Safe_ports port 591 # filemaker + acl Safe_ports port 777 # multiling http ++acl Safe_ports port 901 # SWAT + acl CONNECT method CONNECT + NOCOMMENT_END + DOC_END +@@ -917,6 +918,9 @@ http_access deny CONNECT !SSL_ports + http_access allow localnet + http_access allow localhost + ++# Allow the localhost to have access by default ++http_access allow localhost ++ + # And finally deny all other access to this proxy + http_access deny all + NOCOMMENT_END +@@ -4138,11 +4142,11 @@ COMMENT_END + + NAME: cache_mgr + TYPE: string +-DEFAULT: webmaster ++DEFAULT: root + LOC: Config.adminEmail + DOC_START + Email-address of local cache manager who will receive +- mail if the cache dies. The default is "webmaster." ++ mail if the cache dies. The default is "root." + DOC_END + + NAME: mail_from +@@ -6456,7 +6460,7 @@ DOC_END + NAME: forwarded_for + COMMENT: on|off|transparent|truncate|delete + TYPE: string +-DEFAULT: on ++DEFAULT: delete + LOC: opt_forwarded_for + DOC_START + If set to "on", Squid will append your client's IP address +diff --git a/src/debug.cc b/src/debug.cc +index 32813bf..6de334a 100644 +--- a/src/debug.cc ++++ b/src/debug.cc +@@ -452,7 +452,7 @@ _db_init(const char *logfile, const char *options) + #if HAVE_SYSLOG && defined(LOG_LOCAL4) + + if (Debug::log_syslog) +- openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, syslog_facility); ++ openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, syslog_facility); + + #endif /* HAVE_SYSLOG */ + +diff --git a/src/main.cc b/src/main.cc +index 941126d..71f3c3b 100644 +--- a/src/main.cc ++++ b/src/main.cc +@@ -1555,7 +1555,7 @@ watch_child(char *argv[]) + if (*(argv[0]) == '(') + return; + +- openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); ++ openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, LOG_DAEMON); + + if ((pid = fork()) < 0) + syslog(LOG_ALERT, "fork failed: %s", xstrerror()); +@@ -1599,7 +1599,7 @@ watch_child(char *argv[]) + + if ((pid = fork()) == 0) { + /* child */ +- openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); ++ openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, LOG_DAEMON); + prog = xstrdup(argv[0]); + argv[0] = xstrdup("(squid)"); + execvp(prog, argv); +@@ -1607,7 +1607,7 @@ watch_child(char *argv[]) + } + + /* parent */ +- openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); ++ openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, LOG_DAEMON); + + syslog(LOG_NOTICE, "Squid Parent: child process %d started", pid); + +commit e3f6cc6438869766751556f2d9747669b4c51fe1 +Author: Eray Aslan <eras@gentoo.org> +Date: Fri Apr 29 10:55:17 2011 +0000 + + Do not auto detect kerberos. + + No need for automagic dependencies. We already give the necessary flags + to the configure script. + +diff --git a/helpers/negotiate_auth/squid_kerb_auth/configure.ac b/helpers/negotiate_auth/squid_kerb_auth/configure.ac +index e78f61e..dc739b2 100644 +--- a/helpers/negotiate_auth/squid_kerb_auth/configure.ac ++++ b/helpers/negotiate_auth/squid_kerb_auth/configure.ac +@@ -279,40 +279,6 @@ AC_ARG_ENABLE(seam-64, + check_seam_64 + fi ]) + +-dnl Define system default +-if test "$enable_arg" = "no"; then +- dnl Autodetect system +- dnl Check krb5-config first +- AC_CHECK_PROG(ac_krb5_config,krb5-config,yes,no) +- case $sys in +- Linux) rpm -q heimdal-lib >/dev/null 2>&1 +- if test $? = 0 ; then +- check_heimdal +- else +- check_mit +- fi +- ;; +- AIX) lslpp -L krb5.client.rte >/dev/null 2>&1 +- if test $? = 0 ; then +- check_nas +- else +- check_mit +- fi +- ;; +- SunOS) pkginfo SUNWgss >/dev/null 2>&1 +- if test $? = 0 ; then +- check_seam +- else +- check_mit +- fi +- ;; +- FreeBSD) check_heimdal +- ;; +- *) check_mit +- ;; +- esac +-fi +- + AC_C_BIGENDIAN + + AC_CHECK_HEADERS( \ diff --git a/net-proxy/squid/squid-3.1.15.ebuild b/net-proxy/squid/squid-3.1.15.ebuild new file mode 100644 index 000000000000..fd9571559e1c --- /dev/null +++ b/net-proxy/squid/squid-3.1.15.ebuild @@ -0,0 +1,209 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-3.1.15.ebuild,v 1.1 2011/08/31 08:10:58 eras Exp $ + +EAPI=4 + +inherit eutils pam toolchain-funcs autotools linux-info + +DESCRIPTION="A full-featured web proxy cache" +HOMEPAGE="http://www.squid-cache.org/" +SRC_URI="http://www.squid-cache.org/Versions/v3/3.1/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="caps ipv6 pam ldap samba sasl kerberos nis radius ssl snmp selinux logrotate test \ + ecap icap-client \ + mysql postgres sqlite \ + zero-penalty-hit \ + pf-transparent ipf-transparent kqueue \ + elibc_uclibc kernel_linux +epoll tproxy" + +COMMON_DEPEND="caps? ( >=sys-libs/libcap-2.16 ) + pam? ( virtual/pam ) + ldap? ( net-nds/openldap ) + kerberos? ( virtual/krb5 ) + ssl? ( dev-libs/openssl ) + sasl? ( dev-libs/cyrus-sasl ) + ecap? ( net-libs/libecap ) + selinux? ( sec-policy/selinux-squid ) + !x86-fbsd? ( logrotate? ( app-admin/logrotate ) ) + >=sys-libs/db-4 + dev-lang/perl" +DEPEND="${COMMON_DEPEND} + sys-apps/ed + test? ( dev-util/cppunit )" +RDEPEND="${COMMON_DEPEND} + samba? ( net-fs/samba ) + mysql? ( dev-perl/DBD-mysql ) + postgres? ( dev-perl/DBD-Pg ) + sqlite? ( dev-perl/DBD-SQLite )" + +REQUIRED_USE="tproxy? ( caps )" + +pkg_pretend() { + if grep -qs '^[[:space:]]*cache_dir[[:space:]]\+coss' "${ROOT}"etc/squid/squid.conf; then + eerror "coss store IO has been disabled by upstream due to stability issues!" + eerror "If you want to install this version, switch the store type to something else" + eerror "before attempting to install this version again." + + die "/etc/squid/squid.conf: cache_dir uses a disabled store type" + fi + + if use tproxy; then + echo + elog "Checking kernel configuration for full Tproxy4 support" + local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_TPROXY ~NETFILTER_XT_MATCH_SOCKET ~NETFILTER_XT_TARGET_TPROXY" + linux-info_pkg_setup + echo + fi +} + +pkg_setup() { + enewgroup squid 31 + enewuser squid 31 -1 /var/cache/squid squid +} + +src_prepare() { + epatch "${FILESDIR}"/${P}-gentoo.patch + eautoreconf +} + +src_configure() { + local myconf="" + + local basic_modules="getpwnam,NCSA,MSNT" + use samba && basic_modules="SMB,multi-domain-NTLM,${basic_modules}" + use ldap && basic_modules="LDAP,${basic_modules}" + use pam && basic_modules="PAM,${basic_modules}" + use sasl && basic_modules="SASL,${basic_modules}" + use nis && ! use elibc_uclibc && basic_modules="YP,${basic_modules}" + use radius && basic_modules="squid_radius_auth,${basic_modules}" + if use mysql || use postgres || use sqlite ; then + basic_modules="DB,${basic_modules}" + fi + + local digest_modules="password" + use ldap && digest_modules="ldap,${digest_modules}" + + local ext_helpers="ip_user,session,unix_group" + use samba && ext_helpers="wbinfo_group,${ext_helpers}" + use ldap && ext_helpers="ldap_group,${ext_helpers}" + + local ntlm_helpers="fakeauth" + use samba && ntlm_helpers="smb_lm,${ntlm_helpers}" + + local negotiate_helpers= + if use kerberos; then + negotiate_helpers="squid_kerb_auth" + if has_version app-crypt/mit-krb5; then + myconf="--enable-mit --disable-heimdal" + elif has_version app-crypt/heimdal; then + myconf="--disable-mit --enable-heimdal" + fi + else + myconf="--disable-mit --disable-heimdal" + fi + + # coss support has been disabled + # If it is re-enabled again, make sure you don't enable it for elibc_uclibc (#61175) + myconf="${myconf} --enable-storeio=ufs,diskd,aufs" + + if use kernel_linux; then + myconf="${myconf} --enable-linux-netfilter \ + $(use_enable tproxy linux-tproxy) \ + $(use_enable epoll)" + elif use kernel_FreeBSD || use kernel_OpenBSD || use kernel_NetBSD ; then + myconf="${myconf} $(use_enable kqueue)" + if use pf-transparent; then + myconf="${myconf} --enable-pf-transparent" + elif use ipf-transparent; then + myconf="${myconf} --enable-ipf-transparent" + fi + fi + + export CC=$(tc-getCC) + + econf \ + --sysconfdir=/etc/squid \ + --libexecdir=/usr/libexec/squid \ + --localstatedir=/var \ + --with-pidfile=/var/run/squid.pid \ + --datadir=/usr/share/squid \ + --with-logdir=/var/log/squid \ + --with-default-user=squid \ + --enable-auth="basic,digest,negotiate,ntlm" \ + --enable-removal-policies="lru,heap" \ + --enable-digest-auth-helpers="${digest_modules}" \ + --enable-basic-auth-helpers="${basic_modules}" \ + --enable-external-acl-helpers="${ext_helpers}" \ + --enable-ntlm-auth-helpers="${ntlm_helpers}" \ + --enable-negotiate-auth-helpers="${negotiate_helpers}" \ + --enable-useragent-log \ + --enable-cache-digests \ + --enable-delay-pools \ + --enable-referer-log \ + --enable-arp-acl \ + --with-large-files \ + --with-filedescriptors=8192 \ + --disable-strict-error-checking \ + $(use_with caps libcap) \ + $(use_enable ipv6) \ + $(use_enable snmp) \ + $(use_enable ssl) \ + $(use_enable icap-client) \ + $(use_enable ecap) \ + $(use_enable zero-penalty-hit zph-qos) \ + ${myconf} +} + +src_install() { + emake DESTDIR="${D}" install || die "emake install failed" + + # need suid root for looking into /etc/shadow + fowners root:squid /usr/libexec/squid/ncsa_auth + fperms 4750 /usr/libexec/squid/ncsa_auth + if use pam; then + fowners root:squid /usr/libexec/squid/pam_auth + fperms 4750 /usr/libexec/squid/pam_auth + fi + + # some cleanups + rm -f "${D}"/usr/bin/Run* + + dodoc CONTRIBUTORS CREDITS ChangeLog QUICKSTART SPONSORS doc/*.txt \ + helpers/ntlm_auth/no_check/README.no_check_ntlm_auth + newdoc helpers/basic_auth/SMB/README README.auth_smb + dohtml helpers/basic_auth/MSNT/README.html RELEASENOTES.html + newdoc helpers/basic_auth/LDAP/README README.auth_ldap + doman helpers/basic_auth/LDAP/*.8 + dodoc helpers/basic_auth/SASL/squid_sasl_auth* + + newpamd "${FILESDIR}/squid.pam" squid + newconfd "${FILESDIR}/squid.confd" squid + if use logrotate; then + newinitd "${FILESDIR}/squid.initd-logrotate" squid + insinto /etc/logrotate.d + newins "${FILESDIR}/squid.logrotate" squid + else + newinitd "${FILESDIR}/squid.initd" squid + exeinto /etc/cron.weekly + newexe "${FILESDIR}/squid.cron" squid.cron + fi + + rm -rf "${D}"/var + diropts -m0755 -o squid -g squid + keepdir /var/cache/squid /var/log/squid +} + +pkg_postinst() { + echo + elog "Squid authentication helpers have been installed suid root." + elog "This allows shadow based authentication (see bug #52977 for more)." + echo + elog "Be careful what type of cache_dir you select!" + elog " 'diskd' is optimized for high levels of traffic, but it might seem slow" + elog "when there isn't sufficient traffic to keep squid reasonably busy." + elog " If your traffic level is low to moderate, use 'aufs' or 'ufs'." +} |