diff options
author | Andrew Bevitt <cyfred@gentoo.org> | 2004-10-17 02:26:27 +0000 |
---|---|---|
committer | Andrew Bevitt <cyfred@gentoo.org> | 2004-10-17 02:26:27 +0000 |
commit | 3748d50802c1d21c6e9edc20a831d86d8fc0cc15 (patch) | |
tree | cc3598856e15a59cab00d7fff4728938408bdc85 /www-proxy/squid | |
parent | Fixing digest issues and removing ia64 KEYWORD as per Bug #67836. (diff) | |
download | gentoo-2-3748d50802c1d21c6e9edc20a831d86d8fc0cc15.tar.gz gentoo-2-3748d50802c1d21c6e9edc20a831d86d8fc0cc15.tar.bz2 gentoo-2-3748d50802c1d21c6e9edc20a831d86d8fc0cc15.zip |
Version bump to STABLE7 + bug #67167 DoS fix
Diffstat (limited to 'www-proxy/squid')
-rw-r--r-- | www-proxy/squid/ChangeLog | 8 | ||||
-rw-r--r-- | www-proxy/squid/Manifest | 5 | ||||
-rw-r--r-- | www-proxy/squid/files/digest-squid-2.5.7 | 1 | ||||
-rw-r--r-- | www-proxy/squid/files/squid-2.5.7-gentoo.diff | 327 | ||||
-rw-r--r-- | www-proxy/squid/squid-2.5.7.ebuild | 186 |
5 files changed, 525 insertions, 2 deletions
diff --git a/www-proxy/squid/ChangeLog b/www-proxy/squid/ChangeLog index 7488f24d7910..64cd2de4891c 100644 --- a/www-proxy/squid/ChangeLog +++ b/www-proxy/squid/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for www-proxy/squid # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-proxy/squid/ChangeLog,v 1.13 2004/10/11 23:07:15 cyfred Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-proxy/squid/ChangeLog,v 1.14 2004/10/17 02:26:27 cyfred Exp $ + +*squid-2.5.7 (17 Oct 2004) + + 17 Oct 2004; Andrew Bevitt <cyfred@gentoo.org>; + +files/squid-2.5.7-gentoo.diff, +squid-2.5.7.ebuild: + Version bump to STABLE7 + bug #67167 DoS fix 12 Oct 2004; Andrew Bevitt <cyfred@gentoo.org>; squid-2.4.7.ebuild, -squid-2.5.5-r2.ebuild, squid-2.5.5-r3.ebuild, -squid-2.5.6-r1.ebuild, diff --git a/www-proxy/squid/Manifest b/www-proxy/squid/Manifest index 79043dbb5426..63432f56f810 100644 --- a/www-proxy/squid/Manifest +++ b/www-proxy/squid/Manifest @@ -3,16 +3,19 @@ MD5 30ae77f62cc477f3e340346ba5040170 squid-2.5.6-r2.ebuild 5767 MD5 e4a8135ed447b72a7271fade6c06e9cc squid-2.4.7.ebuild 4000 MD5 f31cfd516560284abf5a9c5d71b4d864 ChangeLog 10600 MD5 d7dd06078d4f3a44b46709294cc7bc21 metadata.xml 249 +MD5 36ec58a5a8414b3dc637ec1528c441aa squid-2.5.7.ebuild 5770 MD5 60b9ab4d53c4485a214baa7c8f9a2cc0 files/squid-2.4.7-gentoo.diff 1828 MD5 a188814c2113dcd28c55672dbe58df8c files/squid-2.5.5-ntml-auth-fix.patch 2354 MD5 45bf3c4b37515fe4da4ed6d39904132d files/digest-squid-2.5.5-r3 147 MD5 3f83edef485d5ba24d3819daee026aeb files/digest-squid-2.5.6-r2 156 MD5 6e37fe3047234060fc63d5c16a4b7853 files/squid.confd 437 MD5 1ee97d797645814f5ad77c98ad10eef2 files/squid.cron 41 -MD5 0c7867dce4b8bef078a93bf717196b0e files/squid-2.5.3-gentoo.diff 11534 +MD5 925b87a7a2faf38870de360f749cc859 files/squid-2.5.7-gentoo.diff 11639 +MD5 d397227514afe2b3fa78223ba6036c22 files/squid-2.5.3-gentoo.diff 11674 MD5 626914d5b07105602773bf8a1534a3ae files/squid-2.4.7-debian.diff 12078 MD5 6f30a7f5c48ec35a7044acb189c858c5 files/squid-r1.cron 133 MD5 bea1d2ef8cb2f1590f89bf37f28b9268 files/squid.pam 505 MD5 1b391c390c547ef3a249aee590e654d8 files/squid.rc6 1980 MD5 26a4ab522a2469f805f746bcdbe0109c files/squid-2.5.6-ufs-no-valid-dir.patch 566 MD5 4995c4c8c3365f121620ea78d6ca8794 files/digest-squid-2.4.7 222 +MD5 c2438c7f5202f2247361c752ba322806 files/digest-squid-2.5.7 71 diff --git a/www-proxy/squid/files/digest-squid-2.5.7 b/www-proxy/squid/files/digest-squid-2.5.7 new file mode 100644 index 000000000000..35271b33ca53 --- /dev/null +++ b/www-proxy/squid/files/digest-squid-2.5.7 @@ -0,0 +1 @@ +MD5 bf63e34906c68d716896eec0351108dc squid-2.5.STABLE7.tar.bz2 1051830 diff --git a/www-proxy/squid/files/squid-2.5.7-gentoo.diff b/www-proxy/squid/files/squid-2.5.7-gentoo.diff new file mode 100644 index 000000000000..2b751a7b198a --- /dev/null +++ b/www-proxy/squid/files/squid-2.5.7-gentoo.diff @@ -0,0 +1,327 @@ +diff -uNr squid-2.5.STABLE7.orig/errors/Makefile.in squid-2.5.STABLE7/errors/Makefile.in +--- squid-2.5.STABLE7.orig/errors/Makefile.in 2003-02-11 21:02:09.000000000 -0500 ++++ squid-2.5.STABLE7/errors/Makefile.in 2003-06-03 01:23:51.000000000 -0400 +@@ -116,7 +116,7 @@ + install_sh = @install_sh@ + makesnmplib = @makesnmplib@ + +-errordir = $(datadir)/errors ++errordir = $(libexecdir)/errors + + DEFAULT_ERROR_DIR = $(errordir) + +diff -uNr squid-2.5.STABLE7.orig/helpers/basic_auth/SMB/Makefile.in squid-2.5.STABLE7/helpers/basic_auth/SMB/Makefile.in +--- squid-2.5.STABLE7.orig/helpers/basic_auth/SMB/Makefile.in 2003-02-11 21:02:25.000000000 -0500 ++++ squid-2.5.STABLE7/helpers/basic_auth/SMB/Makefile.in 2003-06-03 01:23:51.000000000 -0400 +@@ -126,7 +126,7 @@ + makesnmplib = @makesnmplib@ + + SMB_AUTH_HELPER = smb_auth.sh +-SAMBAPREFIX = /usr/local/samba ++SAMBAPREFIX = /usr + SMB_AUTH_HELPER_PATH = $(libexecdir)/$(SMB_AUTH_HELPER) + + libexec_SCRIPTS = $(SMB_AUTH_HELPER) +diff -uNr squid-2.5.STABLE7.orig/helpers/basic_auth/SMB/smb_auth.sh squid-2.5.STABLE7/helpers/basic_auth/SMB/smb_auth.sh +--- squid-2.5.STABLE7.orig/helpers/basic_auth/SMB/smb_auth.sh 2001-01-07 18:36:46.000000000 -0500 ++++ squid-2.5.STABLE7/helpers/basic_auth/SMB/smb_auth.sh 2003-06-03 01:23:51.000000000 -0400 +@@ -24,7 +24,7 @@ + read AUTHSHARE + read AUTHFILE + read SMBUSER +-read SMBPASS ++read -r SMBPASS + + # Find domain controller + echo "Domain name: $DOMAINNAME" +@@ -47,7 +47,7 @@ + addropt="" + fi + echo "Query address options: $addropt" +-dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'` ++dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'` + echo "Domain controller IP address: $dcip" + [ -n "$dcip" ] || exit 1 + +diff -uNr squid-2.5.STABLE7.orig/icons/Makefile.in squid-2.5.STABLE7/icons/Makefile.in +--- squid-2.5.STABLE7.orig/icons/Makefile.in 2003-05-21 20:15:40.000000000 -0400 ++++ squid-2.5.STABLE7/icons/Makefile.in 2003-06-03 01:23:51.000000000 -0400 +@@ -144,7 +144,7 @@ + anthony-xpm.gif + + +-icondir = $(datadir)/icons ++icondir = $(libexecdir)/icons + icon_DATA = $(ICON1) $(ICON2) + EXTRA_DIST = $(ICON1) $(ICON2) icons.shar + DISTCLEANFILES = +diff -uNr squid-2.5.STABLE7.orig/src/Makefile.in squid-2.5.STABLE7/src/Makefile.in +--- squid-2.5.STABLE7.orig/src/Makefile.in 2003-02-11 21:03:14.000000000 -0500 ++++ squid-2.5.STABLE7/src/Makefile.in 2003-06-03 01:23:51.000000000 -0400 +@@ -374,18 +374,18 @@ + DEFAULT_CONFIG_FILE = $(sysconfdir)/squid.conf + DEFAULT_MIME_TABLE = $(sysconfdir)/mime.conf + DEFAULT_DNSSERVER = $(libexecdir)/`echo dnsserver | sed '$(transform);s/$$/$(EXEEXT)/'` +-DEFAULT_LOG_PREFIX = $(localstatedir)/logs +-DEFAULT_CACHE_LOG = $(DEFAULT_LOG_PREFIX)/cache.log +-DEFAULT_ACCESS_LOG = $(DEFAULT_LOG_PREFIX)/access.log +-DEFAULT_STORE_LOG = $(DEFAULT_LOG_PREFIX)/store.log +-DEFAULT_PID_FILE = $(DEFAULT_LOG_PREFIX)/squid.pid +-DEFAULT_SWAP_DIR = $(localstatedir)/cache ++DEFAULT_LOG_PREFIX = $(localstatedir)/log ++DEFAULT_CACHE_LOG = $(localstatedir)/log/squid/cache.log ++DEFAULT_ACCESS_LOG = $(localstatedir)/log/squid/access.log ++DEFAULT_STORE_LOG = $(localstatedir)/log/squid/store.log ++DEFAULT_PID_FILE = $(localstatedir)/run/squid.pid ++DEFAULT_SWAP_DIR = $(localstatedir)/cache/squid + DEFAULT_PINGER = $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'` + DEFAULT_UNLINKD = $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'` + DEFAULT_DISKD = $(libexecdir)/`echo diskd | sed '$(transform);s/$$/$(EXEEXT)/'` +-DEFAULT_ICON_DIR = $(datadir)/icons +-DEFAULT_ERROR_DIR = $(datadir)/errors/@ERR_DEFAULT_LANGUAGE@ +-DEFAULT_MIB_PATH = $(datadir)/mib.txt ++DEFAULT_ICON_DIR = $(libexecdir)/icons ++DEFAULT_ERROR_DIR = $(sysconfdir)/errors ++DEFAULT_MIB_PATH = $(libexecdir)/mib.txt + + DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" + +@@ -836,12 +836,12 @@ + uninstall-info-am: + install-dataDATA: $(data_DATA) + @$(NORMAL_INSTALL) +- $(mkinstalldirs) $(DESTDIR)$(datadir) ++ $(mkinstalldirs) $(DESTDIR)$(libexecdir) + @list='$(data_DATA)'; for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + f="`echo $$p | sed -e 's|^.*/||'`"; \ +- echo " $(INSTALL_DATA) $$d$$p $(DESTDIR)$(datadir)/$$f"; \ +- $(INSTALL_DATA) $$d$$p $(DESTDIR)$(datadir)/$$f; \ ++ echo " $(INSTALL_DATA) $$d$$p $(DESTDIR)$(libexecdir)/$$f"; \ ++ $(INSTALL_DATA) $$d$$p $(DESTDIR)$(libexecdir)/$$f; \ + done + + uninstall-dataDATA: +diff -uNr squid-2.5.STABLE7.orig/src/debug.c squid-2.5.STABLE7/src/debug.c +--- squid-2.5.STABLE7.orig/src/debug.c 2001-12-17 13:01:54.000000000 -0500 ++++ squid-2.5.STABLE7/src/debug.c 2003-06-03 01:23:51.000000000 -0400 +@@ -200,9 +200,9 @@ + } + debugOpenLog(logfile); + +-#if HAVE_SYSLOG && defined(LOG_LOCAL4) ++#if HAVE_SYSLOG + if (opt_syslog_enable) +- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); ++ openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON); + #endif /* HAVE_SYSLOG */ + + } +diff -uNr squid-2.5.STABLE7.orig/src/defines.h squid-2.5.STABLE7/src/defines.h +--- squid-2.5.STABLE7.orig/src/defines.h 2002-08-08 16:17:39.000000000 -0400 ++++ squid-2.5.STABLE7/src/defines.h 2003-06-03 01:23:51.000000000 -0400 +@@ -219,7 +219,7 @@ + + /* were to look for errors if config path fails */ + #ifndef DEFAULT_SQUID_ERROR_DIR +-#define DEFAULT_SQUID_ERROR_DIR "/usr/local/squid/etc/errors" ++#define DEFAULT_SQUID_ERROR_DIR "/usr/lib/squid/errors/English" + #endif + + /* gb_type operations */ +diff -uNr squid-2.5.STABLE7.orig/src/main.c squid-2.5.STABLE7/src/main.c +--- squid-2.5.STABLE7.orig/src/main.c 2003-05-05 20:24:14.000000000 -0400 ++++ squid-2.5.STABLE7/src/main.c 2003-06-03 01:23:51.000000000 -0400 +@@ -326,6 +326,21 @@ + asnFreeMemory(); + } + ++#if USE_UNLINKD ++static int ++needUnlinkd(void) ++{ ++ int i; ++ int r = 0; ++ for (i = 0; i < Config.cacheSwap.n_configured; i++) { ++ if (strcmp(Config.cacheSwap.swapDirs[i].type, "ufs") == 0 || ++ strcmp(Config.cacheSwap.swapDirs[i].type, "diskd") == 0) ++ r++; ++ } ++ return r; ++} ++#endif ++ + static void + mainReconfigure(void) + { +@@ -351,6 +366,7 @@ + redirectShutdown(); + authenticateShutdown(); + externalAclShutdown(); ++ unlinkdClose(); + storeDirCloseSwapLogs(); + storeLogClose(); + accessLogClose(); +@@ -381,6 +397,9 @@ + #if USE_WCCP + wccpInit(); + #endif ++#if USE_UNLINKD ++ if (needUnlinkd()) unlinkdInit(); ++#endif + serverConnectionsOpen(); + if (theOutIcpConnection >= 0) { + if (!Config2.Accel.on || Config.onoff.accel_with_proxy) +@@ -524,7 +543,7 @@ + + if (!configured_once) { + #if USE_UNLINKD +- unlinkdInit(); ++ if (needUnlinkd()) unlinkdInit(); + #endif + urlInitialize(); + cachemgrInit(); +@@ -858,7 +877,7 @@ + int nullfd; + if (*(argv[0]) == '(') + return; +- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); ++ openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON); + if ((pid = fork()) < 0) + syslog(LOG_ALERT, "fork failed: %s", xstrerror()); + else if (pid > 0) +@@ -893,14 +912,14 @@ + mainStartScript(argv[0]); + if ((pid = fork()) == 0) { + /* child */ +- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); ++ openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON); + prog = xstrdup(argv[0]); + argv[0] = xstrdup("(squid)"); + execvp(prog, argv); + syslog(LOG_ALERT, "execvp failed: %s", xstrerror()); + } + /* parent */ +- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); ++ openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON); + syslog(LOG_NOTICE, "Squid Parent: child process %d started", pid); + time(&start); + squid_signal(SIGINT, SIG_IGN, SA_RESTART); +diff -uNr squid-2.5.STABLE7.orig/src/url.c squid-2.5.STABLE7/src/url.c +--- squid-2.5.STABLE7.orig/src/url.c 2003-01-18 09:16:49.000000000 -0500 ++++ squid-2.5.STABLE7/src/url.c 2003-06-03 01:23:51.000000000 -0400 +@@ -312,8 +312,8 @@ + return NULL; + } + #endif +- if (Config.appendDomain && !strchr(host, '.')) +- strncat(host, Config.appendDomain, SQUIDHOSTNAMELEN); ++ if (Config.appendDomain && !strchr(host, '.') && strcasecmp(host, "localhost") != 0) ++ strncat(host, Config.appendDomain, SQUIDHOSTNAMELEN); + /* remove trailing dots from hostnames */ + while ((l = strlen(host)) > 0 && host[--l] == '.') + host[l] = '\0'; +--- squid-2.5.STABLE7.orig/src/cf.data.pre 2004-10-09 03:41:10.000000000 +1000 ++++ squid-2.5.STABLE7/cf.data.pre 2004-10-17 12:19:41.902629720 +1000 +@@ -156,12 +156,12 @@ + NAME: htcp_port + IFDEF: USE_HTCP + TYPE: ushort +-DEFAULT: 4827 ++DEFAULT: 0 + LOC: Config.Port.htcp + DOC_START + The port number where Squid sends and receives HTCP queries to +- and from neighbor caches. Default is 4827. To disable use +- "0". ++ and from neighbor caches. To turn it on you want to set it to ++ 4827. By default it is set to "0" (disabled). + DOC_END + + +@@ -2140,6 +2140,8 @@ + acl Safe_ports port 488 # gss-http + acl Safe_ports port 591 # filemaker + acl Safe_ports port 777 # multiling http ++acl Safe_ports port 901 # SWAT ++acl purge method PURGE + acl CONNECT method CONNECT + NOCOMMENT_END + DOC_END +@@ -2173,6 +2175,9 @@ + # Only allow cachemgr access from localhost + http_access allow manager localhost + http_access deny manager ++# Only allow purge requests from localhost ++http_access allow purge localhost ++http_access deny purge + # Deny requests to unknown ports + http_access deny !Safe_ports + # Deny CONNECT to other than SSL ports +@@ -2191,6 +2196,9 @@ + #acl our_networks src 192.168.1.0/24 192.168.2.0/24 + #http_access allow our_networks + ++# Allow the localhost to have access by default ++http_access allow localhost ++ + # And finally deny all other access to this proxy + http_access deny all + NOCOMMENT_END +@@ -2415,7 +2423,7 @@ + + NAME: cache_mgr + TYPE: string +-DEFAULT: webmaster ++DEFAULT: root + LOC: Config.adminEmail + DOC_START + Email-address of local cache manager who will receive +@@ -2425,7 +2433,7 @@ + + NAME: cache_effective_user + TYPE: string +-DEFAULT: nobody ++DEFAULT: squid + LOC: Config.effectiveUser + DOC_START + If you start Squid as root, it will change its effective/real +@@ -2440,7 +2448,7 @@ + + NAME: cache_effective_group + TYPE: string +-DEFAULT: none ++DEFAULT: squid + LOC: Config.effectiveGroup + DOC_START + If you want Squid to run with a specific GID regardless of +@@ -3214,7 +3222,11 @@ + If you wish to create your own versions of the default + (English) error files, either to customize them to suit your + language or company copy the template English files to another +- directory and point this tag at them. ++ directory where the error files are read from. ++ /usr/lib/squid/errors contains sets of error files ++ in different languages. The default error directory ++ is /etc/squid/errors, which is a link to one of these ++ error sets. + DOC_END + + NAME: maximum_single_addr_tries +@@ -3237,12 +3249,15 @@ + NAME: snmp_port + TYPE: ushort + LOC: Config.Port.snmp +-DEFAULT: 3401 ++DEFAULT: 0 + IFDEF: SQUID_SNMP + DOC_START + Squid can now serve statistics and status information via SNMP. + By default it listens to port 3401 on the machine. If you don't + wish to use SNMP, set this to "0". ++ ++ Note: on Gentoo Linux, the default is zero - you need to ++ set it to 3401 to enable it. + DOC_END + + NAME: snmp_access diff --git a/www-proxy/squid/squid-2.5.7.ebuild b/www-proxy/squid/squid-2.5.7.ebuild new file mode 100644 index 000000000000..898f050298ba --- /dev/null +++ b/www-proxy/squid/squid-2.5.7.ebuild @@ -0,0 +1,186 @@ +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-proxy/squid/squid-2.5.7.ebuild,v 1.1 2004/10/17 02:26:27 cyfred Exp $ + +inherit eutils + +IUSE="pam ldap ssl sasl snmp debug uclibc selinux" + +#lame archive versioning scheme.. +S_PV=${PV%.*} +S_PL=${PV##*.} +S_PP=${PN}-${S_PV}.STABLE${S_PL} + +DESCRIPTION="A caching web proxy, with advanced features" +HOMEPAGE="http://www.squid-cache.org/" + +S=${WORKDIR}/${S_PP} +SRC_URI="ftp://ftp.squid-cache.org/pub/squid-2/STABLE/${S_PP}.tar.bz2" +# http://dev.gentoo.org/~cyfred/distfiles/squid-2.5.STABLE6-patches-20040823.tar.gz" + +RDEPEND="virtual/libc + pam? ( >=sys-libs/pam-0.75 ) + ldap? ( >=net-nds/openldap-2.1.26 ) + ssl? ( >=dev-libs/openssl-0.9.6m ) + sasl? ( >=dev-libs/cyrus-sasl-1.5.27 ) + selinux? ( sec-policy/selinux-squid )" +DEPEND="${RDEPEND} dev-lang/perl" +LICENSE="GPL-2" +KEYWORDS="x86 amd64 alpha ppc sparc hppa ppc64" +SLOT="0" + +src_unpack() { + unpack ${A} || die + cd ${S} || die + + #do NOT just remove this patch. yes, it's here for a reason. + #woodchip@gentoo.org (07 Nov 2002) + patch -p1 <${FILESDIR}/squid-2.5.7-gentoo.diff || die + + # Do bulk patching from squids bug fix list for stable 6 see #57081 + #EPATCH_SUFFIX="patch" epatch ${WORKDIR}/patch + + #hmm #10865 + cd helpers/external_acl/ldap_group + cp Makefile.in Makefile.in.orig + sed -e 's%^\(LINK =.*\)\(-o.*\)%\1\$(XTRA_LIBS) \2%' \ + Makefile.in.orig > Makefile.in + + if ! use debug + then + cd ${S} + mv configure.in configure.in.orig + sed -e 's%LDFLAGS="-g"%LDFLAGS=""%' configure.in.orig > configure.in + export WANT_AUTOCONF=2.1 + autoconf || die + fi +} + +src_compile() { + # Support for uclibc #61175 + if use uclibc; then + local basic_modules="getpwnam,NCSA,SMB,MSNT,multi-domain-NTLM,winbind" + else + local basic_modules="getpwnam,YP,NCSA,SMB,MSNT,multi-domain-NTLM,winbind" + fi + + use ldap && basic_modules="LDAP,${basic_modules}" + use pam && basic_modules="PAM,${basic_modules}" + use sasl && basic_modules="SASL,${basic_modules}" + # SASL 1 / 2 Supported Natively + + local ext_helpers="ip_user,unix_group,wbinfo_group,winbind_group" + use ldap && ext_helpers="ldap_group,${ext_helpers}" + + local myconf="" + use snmp && myconf="${myconf} --enable-snmp" || myconf="${myconf} --disable-snmp" + use ssl && myconf="${myconf} --enable-ssl" || myconf="${myconf} --disable-ssl" + + use amd64 && myconf="${myconf} --disable-internal-dns " + + if use underscores; then + ewarn "Enabling underscores in domain names will result in dns resolution" + ewarn "failure if your local DNS client (probably bind) is not compatible." + myconf="${myconf} --enable-underscores" + fi + + # Support for uclibc #61175 + if use uclibc; then + myconf="${myconf} --enable-storeio='ufs,diskd,aufs,null' " + myconf="${myconf} --disable-async-io " + else + myconf="${myconf} --enable-storeio='ufs,diskd,coss,aufs,null' " + myconf="${myconf} --enable-async-io " + fi + + ./configure \ + --prefix=/usr \ + --bindir=/usr/bin \ + --exec-prefix=/usr \ + --sbindir=/usr/sbin \ + --localstatedir=/var \ + --mandir=/usr/share/man \ + --sysconfdir=/etc/squid \ + --libexecdir=/usr/lib/squid \ + \ + --enable-auth="basic,digest,ntlm" \ + --enable-removal-policies="lru,heap" \ + --enable-digest-auth-helpers="password" \ + --enable-basic-auth-helpers=${basic_modules} \ + --enable-external-acl-helpers=${ext_helpers} \ + --enable-ntlm-auth-helpers="SMB,fakeauth,no_check,winbind" \ + --enable-linux-netfilter \ + --enable-ident-lookups \ + --enable-useragent-log \ + --enable-cache-digests \ + --enable-delay-pools \ + --enable-referer-log \ + --enable-truncate \ + --enable-arp-acl \ + --with-pthreads \ + --enable-htcp \ + --enable-carp \ + --enable-poll \ + --host=${CHOST} ${myconf} || die "bad ./configure" + #--enable-icmp + + mv include/autoconf.h include/autoconf.h.orig + sed -e "s:^#define SQUID_MAXFD.*:#define SQUID_MAXFD 4096:" \ + include/autoconf.h.orig > include/autoconf.h + +# if [ "${ARCH}" = "hppa" ] +# then +# mv include/autoconf.h include/autoconf.h.orig +# sed -e "s:^#define HAVE_MALLOPT 1:#undef HAVE_MALLOPT:" \ +# include/autoconf.h.orig > include/autoconf.h +# fi + + emake || die "compile problem" +} + +src_install() { + make DESTDIR=${D} install || die + + #--enable-icmp + #make -C src install-pinger libexecdir=${D}/usr/lib/squid || die + #chown root:squid ${D}/usr/lib/squid/pinger + #chmod 4750 ${D}/usr/lib/squid/pinger + + #need suid root for looking into /etc/shadow + chown root:squid ${D}/usr/lib/squid/ncsa_auth + chown root:squid ${D}/usr/lib/squid/pam_auth + chmod 4750 ${D}/usr/lib/squid/ncsa_auth + chmod 4750 ${D}/usr/lib/squid/pam_auth + + #some clean ups + rm -rf ${D}/var + mv ${D}/usr/bin/Run* ${D}/usr/lib/squid + + #simply switch this symlink to choose the desired language.. + dosym /usr/lib/squid/errors/English /etc/squid/errors + + dodoc CONTRIBUTORS COPYING COPYRIGHT CREDITS \ + ChangeLog QUICKSTART SPONSORS doc/*.txt \ + helpers/ntlm_auth/no_check/README.no_check_ntlm_auth + newdoc helpers/basic_auth/SMB/README README.auth_smb + dohtml helpers/basic_auth/MSNT/README.html RELEASENOTES.html + newdoc helpers/basic_auth/LDAP/README README.auth_ldap + doman helpers/basic_auth/LDAP/*.8 + dodoc helpers/basic_auth/SASL/squid_sasl_auth* + + insinto /etc/pam.d ; newins ${FILESDIR}/squid.pam squid + exeinto /etc/init.d ; newexe ${FILESDIR}/squid.rc6 squid + insinto /etc/conf.d ; newins ${FILESDIR}/squid.confd squid + exeinto /etc/cron.weekly ; newexe ${FILESDIR}/squid-r1.cron squid.cron +} + +pkg_postinst() { + # empty dirs.. + install -m0755 -o squid -g squid -d ${ROOT}/var/cache/squid + install -m0755 -o squid -g squid -d ${ROOT}/var/log/squid + + echo + ewarn "Squid authentication helpers have been installed suid root" + ewarn "This allows shadow based authentication, see bug #52977 for more" + echo +} |