security bump (#83955)

(Portage version: 2.0.51-r15)
author: Alin Năstac <mrness@gentoo.org> 2005-03-03 18:37:02 +0000
committer: Alin Năstac <mrness@gentoo.org> 2005-03-03 18:37:02 +0000
commit: 57465909d2f090917fbdbb36af2bc311b3df7258 (patch)
tree: 826f6b9e123de94eaa1dbd2d2a77d0ecf3363531 /www-proxy
parent: recommit manifest. bad epkgmove (diff)
download: gentoo-2-57465909d2f090917fbdbb36af2bc311b3df7258.tar.gz
gentoo-2-57465909d2f090917fbdbb36af2bc311b3df7258.tar.bz2
gentoo-2-57465909d2f090917fbdbb36af2bc311b3df7258.zip
5 files changed, 667 insertions, 16 deletions
diff --git a/www-proxy/squid/ChangeLog b/www-proxy/squid/ChangeLog
index 768220cae90c..5703741320d6 100644
--- a/www-proxy/squid/ChangeLog
+++ b/www-proxy/squid/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for www-proxy/squid
 # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-proxy/squid/ChangeLog,v 1.41 2005/02/28 11:18:21 eradicator Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-proxy/squid/ChangeLog,v 1.42 2005/03/03 18:37:02 mrness Exp $
+
+*squid-2.5.9 (03 Mar 2005)
+
+  03 Mar 2005; Alin Nastac <mrness@gentoo.org>
+  +files/squid-2.5.9-gentoo.diff, +squid-2.5.9.ebuild:
+  Security bump (#83955).
 
   28 Feb 2005; Jeremy Huddleston <eradicator@gentoo.org>
   squid-2.5.8-r1.ebuild:
diff --git a/www-proxy/squid/Manifest b/www-proxy/squid/Manifest
index 0b4a0fb02231..f0d563ea310f 100644
--- a/www-proxy/squid/Manifest
+++ b/www-proxy/squid/Manifest
@@ -1,22 +1,14 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-MD5 d328e3d7b458d5903a153a71308e9dec ChangeLog 14772
-MD5 c0fd2ab16f04e5c691ca42cb5585071a metadata.xml 330
 MD5 3a2538e403f25c33ed40b387976acfb9 squid-2.5.8-r1.ebuild 6107
+MD5 0fad2c8625450b5c6b6b1dd1306b595b squid-2.5.9.ebuild 6097
 MD5 f2881ab9b7a08ed59e6f62d772193dfb squid-2.5.8.ebuild 5893
+MD5 d328e3d7b458d5903a153a71308e9dec ChangeLog 14772
+MD5 c0fd2ab16f04e5c691ca42cb5585071a metadata.xml 330
 MD5 c2d230465ceefe887175cb8121d0fbc8 files/digest-squid-2.5.8-r1 156
-MD5 5286e7e73ca5687381fa09ff41dccbd1 files/squid-logrotate 101
-MD5 6f30a7f5c48ec35a7044acb189c858c5 files/squid-r1.cron 133
 MD5 e4e44e57aa7d93849649c3ceb67a3a65 files/squid.confd 437
+MD5 6f30a7f5c48ec35a7044acb189c858c5 files/squid-r1.cron 133
+MD5 c3048f19a1c725e2c53f86640b752382 files/squid-2.5.8-gentoo.diff 17233
 MD5 bea1d2ef8cb2f1590f89bf37f28b9268 files/squid.pam 505
 MD5 20bbd41f88ddbcbe57380697c2675862 files/squid.rc6 1980
+MD5 5286e7e73ca5687381fa09ff41dccbd1 files/squid-logrotate 101
 MD5 b1028824f46381ebe326b5faf0e06d35 files/digest-squid-2.5.8 155
-MD5 c3048f19a1c725e2c53f86640b752382 files/squid-2.5.8-gentoo.diff 17233
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.0 (GNU/Linux)
-
-iD8DBQFCIv4MArHZZzCEUG0RAsnlAJ9WUV5exSGMgw+bNGu2Ph/YgETUggCgiAKA
-crAlTkI+293uwysTzC468MQ=
-=9hAU
------END PGP SIGNATURE-----
+MD5 7aec9f6b933e46cb25a72c56c0993e9e files/digest-squid-2.5.9 156
diff --git a/www-proxy/squid/files/digest-squid-2.5.9 b/www-proxy/squid/files/digest-squid-2.5.9
new file mode 100644
index 000000000000..43eeb55a79bf
--- /dev/null
+++ b/www-proxy/squid/files/digest-squid-2.5.9
@@ -0,0 +1,2 @@
+MD5 5a34a303dcab8851c7ab20e24af69b61 squid-2.5.STABLE9.tar.bz2 1057776
+MD5 51a7419adc3f45cfdd735e4b2e5dcdb9 squid-2.5.STABLE9-patches-20050303.tar.gz 10519
diff --git a/www-proxy/squid/files/squid-2.5.9-gentoo.diff b/www-proxy/squid/files/squid-2.5.9-gentoo.diff
new file mode 100644
index 000000000000..9198aa85a9f4
--- /dev/null
+++ b/www-proxy/squid/files/squid-2.5.9-gentoo.diff
@@ -0,0 +1,453 @@
+diff -Nru squid-2.5.STABLE9.orig/errors/Makefile.in squid-2.5.STABLE9/errors/Makefile.in
+--- squid-2.5.STABLE9.orig/errors/Makefile.in	2004-07-10 15:11:41.000000000 +0300
++++ squid-2.5.STABLE9/errors/Makefile.in	2005-03-03 20:19:24.874936344 +0200
+@@ -118,7 +118,7 @@
+ install_sh = @install_sh@
+ makesnmplib = @makesnmplib@
+ 
+-errordir = $(datadir)/errors
++errordir = $(libexecdir)/errors
+ 
+ DEFAULT_ERROR_DIR = $(errordir)
+ 
+diff -Nru squid-2.5.STABLE9.orig/helpers/basic_auth/SMB/Makefile.in squid-2.5.STABLE9/helpers/basic_auth/SMB/Makefile.in
+--- squid-2.5.STABLE9.orig/helpers/basic_auth/SMB/Makefile.in	2004-07-10 15:11:41.000000000 +0300
++++ squid-2.5.STABLE9/helpers/basic_auth/SMB/Makefile.in	2005-03-03 20:19:24.875936192 +0200
+@@ -128,7 +128,7 @@
+ makesnmplib = @makesnmplib@
+ 
+ SMB_AUTH_HELPER = smb_auth.sh
+-SAMBAPREFIX = /usr/local/samba
++SAMBAPREFIX = /usr
+ SMB_AUTH_HELPER_PATH = $(libexecdir)/$(SMB_AUTH_HELPER)
+ 
+ libexec_SCRIPTS = $(SMB_AUTH_HELPER)
+diff -Nru squid-2.5.STABLE9.orig/helpers/basic_auth/SMB/smb_auth.sh squid-2.5.STABLE9/helpers/basic_auth/SMB/smb_auth.sh
+--- squid-2.5.STABLE9.orig/helpers/basic_auth/SMB/smb_auth.sh	2001-01-08 01:36:46.000000000 +0200
++++ squid-2.5.STABLE9/helpers/basic_auth/SMB/smb_auth.sh	2005-03-03 20:19:24.876936040 +0200
+@@ -24,7 +24,7 @@
+ read AUTHSHARE
+ read AUTHFILE
+ read SMBUSER
+-read SMBPASS
++read -r SMBPASS
+ 
+ # Find domain controller
+ echo "Domain name: $DOMAINNAME"
+@@ -47,7 +47,7 @@
+   addropt=""
+ fi
+ echo "Query address options: $addropt"
+-dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'`
++dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'`
+ echo "Domain controller IP address: $dcip"
+ [ -n "$dcip" ] || exit 1
+ 
+diff -Nru squid-2.5.STABLE9.orig/icons/Makefile.in squid-2.5.STABLE9/icons/Makefile.in
+--- squid-2.5.STABLE9.orig/icons/Makefile.in	2004-07-10 15:11:47.000000000 +0300
++++ squid-2.5.STABLE9/icons/Makefile.in	2005-03-03 20:19:24.876936040 +0200
+@@ -146,7 +146,7 @@
+ 		anthony-xpm.gif
+ 
+ 
+-icondir = $(datadir)/icons
++icondir = $(libexecdir)/icons
+ icon_DATA = $(ICON1) $(ICON2)
+ EXTRA_DIST = $(ICON1) $(ICON2) icons.shar
+ DISTCLEANFILES = 
+diff -Nru squid-2.5.STABLE9.orig/snmplib/snmp_api.c squid-2.5.STABLE9/snmplib/snmp_api.c
+--- squid-2.5.STABLE9.orig/snmplib/snmp_api.c	2002-02-13 03:43:43.000000000 +0200
++++ squid-2.5.STABLE9/snmplib/snmp_api.c	2005-03-03 20:19:24.877935888 +0200
+@@ -121,7 +121,7 @@
+ }
+ 
+ /*
+- * Parses the packet recieved on the input session, and places the data into
++ * Parses the packet received on the input session, and places the data into
+  * the input pdu.  length is the length of the input packet.  If any errors
+  * are encountered, NULL is returned.  If not, the community is.
+  */
+diff -Nru squid-2.5.STABLE9.orig/src/Makefile.in squid-2.5.STABLE9/src/Makefile.in
+--- squid-2.5.STABLE9.orig/src/Makefile.in	2004-09-26 00:37:59.000000000 +0300
++++ squid-2.5.STABLE9/src/Makefile.in	2005-03-03 20:19:24.878935736 +0200
+@@ -376,18 +376,18 @@
+ DEFAULT_CONFIG_FILE = $(sysconfdir)/squid.conf
+ DEFAULT_MIME_TABLE = $(sysconfdir)/mime.conf
+ DEFAULT_DNSSERVER = $(libexecdir)/`echo dnsserver | sed '$(transform);s/$$/$(EXEEXT)/'`
+-DEFAULT_LOG_PREFIX = $(localstatedir)/logs
+-DEFAULT_CACHE_LOG = $(DEFAULT_LOG_PREFIX)/cache.log
+-DEFAULT_ACCESS_LOG = $(DEFAULT_LOG_PREFIX)/access.log
+-DEFAULT_STORE_LOG = $(DEFAULT_LOG_PREFIX)/store.log
+-DEFAULT_PID_FILE = $(DEFAULT_LOG_PREFIX)/squid.pid
+-DEFAULT_SWAP_DIR = $(localstatedir)/cache
++DEFAULT_LOG_PREFIX = $(localstatedir)/log
++DEFAULT_CACHE_LOG = $(localstatedir)/log/squid/cache.log
++DEFAULT_ACCESS_LOG = $(localstatedir)/log/squid/access.log
++DEFAULT_STORE_LOG = $(localstatedir)/log/squid/store.log
++DEFAULT_PID_FILE = $(localstatedir)/run/squid.pid
++DEFAULT_SWAP_DIR = $(localstatedir)/cache/squid
+ DEFAULT_PINGER = $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'`
+ DEFAULT_UNLINKD = $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'`
+ DEFAULT_DISKD = $(libexecdir)/`echo diskd | sed '$(transform);s/$$/$(EXEEXT)/'`
+-DEFAULT_ICON_DIR = $(datadir)/icons
+-DEFAULT_ERROR_DIR = $(datadir)/errors/@ERR_DEFAULT_LANGUAGE@
+-DEFAULT_MIB_PATH = $(datadir)/mib.txt
++DEFAULT_ICON_DIR = $(libexecdir)/icons
++DEFAULT_ERROR_DIR = $(sysconfdir)/errors
++DEFAULT_MIB_PATH = $(libexecdir)/mib.txt
+ 
+ DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\"
+ 
+@@ -838,12 +838,12 @@
+ uninstall-info-am:
+ install-dataDATA: $(data_DATA)
+ 	@$(NORMAL_INSTALL)
+-	$(mkinstalldirs) $(DESTDIR)$(datadir)
++	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
+ 	@list='$(data_DATA)'; for p in $$list; do \
+ 	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ 	  f="`echo $$p | sed -e 's|^.*/||'`"; \
+-	  echo " $(INSTALL_DATA) $$d$$p $(DESTDIR)$(datadir)/$$f"; \
+-	  $(INSTALL_DATA) $$d$$p $(DESTDIR)$(datadir)/$$f; \
++	  echo " $(INSTALL_DATA) $$d$$p $(DESTDIR)$(libexecdir)/$$f"; \
++	  $(INSTALL_DATA) $$d$$p $(DESTDIR)$(libexecdir)/$$f; \
+ 	done
+ 
+ uninstall-dataDATA:
+diff -Nru squid-2.5.STABLE9.orig/src/auth/digest/auth_digest.c squid-2.5.STABLE9/src/auth/digest/auth_digest.c
+--- squid-2.5.STABLE9.orig/src/auth/digest/auth_digest.c	2004-08-29 01:31:15.000000000 +0300
++++ squid-2.5.STABLE9/src/auth/digest/auth_digest.c	2005-03-03 20:19:24.879935584 +0200
+@@ -1252,7 +1252,7 @@
+     nonce = authenticateDigestNonceFindNonce(digest_request->nonceb64);
+     if (!nonce) {
+ 	/* we couldn't find a matching nonce! */
+-	debug(29, 4) ("authenticateDigestDecode: Unexpected or invalid nonce recieved\n");
++	debug(29, 4) ("authenticateDigestDecode: Unexpected or invalid nonce received\n");
+ 	authDigestLogUsername(auth_user_request, username);
+ 
+ 	/* we don't need the scheme specific data anymore */
+@@ -1266,8 +1266,8 @@
+     /* check the qop is what we expected. Note that for compatability with 
+      * RFC 2069 we should support a missing qop. Tough. */
+     if (!digest_request->qop || strcmp(digest_request->qop, QOP_AUTH)) {
+-	/* we recieved a qop option we didn't send */
+-	debug(29, 4) ("authenticateDigestDecode: Invalid qop option recieved\n");
++	/* we received a qop option we didn't send */
++	debug(29, 4) ("authenticateDigestDecode: Invalid qop option received\n");
+ 	authDigestLogUsername(auth_user_request, username);
+ 
+ 	/* we don't need the scheme specific data anymore */
+diff -Nru squid-2.5.STABLE9.orig/src/auth/ntlm/auth_ntlm.c squid-2.5.STABLE9/src/auth/ntlm/auth_ntlm.c
+--- squid-2.5.STABLE9.orig/src/auth/ntlm/auth_ntlm.c	2005-02-04 01:22:12.000000000 +0200
++++ squid-2.5.STABLE9/src/auth/ntlm/auth_ntlm.c	2005-03-03 20:19:24.880935432 +0200
+@@ -950,7 +950,7 @@
+     }
+     switch (ntlm_request->auth_state) {
+     case AUTHENTICATE_STATE_NONE:
+-	/* we've recieved a negotiate request. pass to a helper */
++	/* we've received a negotiate request. pass to a helper */
+ 	debug(29, 9) ("authenticateNTLMAuthenticateUser: auth state ntlm none. %s\n", proxy_auth);
+ 	ntlm_request->auth_state = AUTHENTICATE_STATE_NEGOTIATE;
+ 	ntlm_request->ntlmnegotiate = xstrdup(proxy_auth);
+@@ -969,7 +969,7 @@
+ 	return;
+ 	break;
+     case AUTHENTICATE_STATE_CHALLENGE:
+-	/* we should have recieved a NTLM challenge. pass it to the same 
++	/* we should have received a NTLM challenge. pass it to the same 
+ 	 * helper process */
+ 	debug(29, 9) ("authenticateNTLMAuthenticateUser: auth state challenge with header %s.\n", proxy_auth);
+ 	/* do a cache lookup here. If it matches it's a successful ntlm 
+diff -Nru squid-2.5.STABLE9.orig/src/cf.data.pre squid-2.5.STABLE9/src/cf.data.pre
+--- squid-2.5.STABLE9.orig/src/cf.data.pre	2005-02-23 02:06:34.000000000 +0200
++++ squid-2.5.STABLE9/src/cf.data.pre	2005-03-03 20:19:24.883934976 +0200
+@@ -156,12 +156,12 @@
+ NAME: htcp_port
+ IFDEF: USE_HTCP
+ TYPE: ushort
+-DEFAULT: 4827
++DEFAULT: 0
+ LOC: Config.Port.htcp
+ DOC_START
+ 	The port number where Squid sends and receives HTCP queries to
+-	and from neighbor caches.  Default is 4827.  To disable use
+-	"0".
++	and from neighbor caches.  To turn it on you want to set it to
++	4827.  By default it is set to "0" (disabled).
+ DOC_END
+ 
+ 
+@@ -2100,7 +2100,7 @@
+ 	  # acls.
+ 
+ 	acl aclname rep_mime_type mime-type1 ...
+-	  # regex match against the mime type of the reply recieved by
++	  # regex match against the mime type of the reply received by
+ 	  # squid. Can be used to detect file download or some
+ 	  # types HTTP tunelling requests.
+ 	  # NOTE: This has no effect in http_access rules. It only has
+@@ -2140,6 +2140,8 @@
+ acl Safe_ports port 488		# gss-http
+ acl Safe_ports port 591		# filemaker
+ acl Safe_ports port 777		# multiling http
++acl Safe_ports port 901		# SWAT
++acl purge method PURGE
+ acl CONNECT method CONNECT
+ NOCOMMENT_END
+ DOC_END
+@@ -2173,6 +2175,9 @@
+ # Only allow cachemgr access from localhost
+ http_access allow manager localhost
+ http_access deny manager
++# Only allow purge requests from localhost
++http_access allow purge localhost
++http_access deny purge
+ # Deny requests to unknown ports
+ http_access deny !Safe_ports
+ # Deny CONNECT to other than SSL ports
+@@ -2191,6 +2196,9 @@
+ #acl our_networks src 192.168.1.0/24 192.168.2.0/24
+ #http_access allow our_networks
+ 
++# Allow the localhost to have access by default
++http_access allow localhost
++
+ # And finally deny all other access to this proxy
+ http_access deny all
+ NOCOMMENT_END
+@@ -2388,7 +2396,7 @@
+ DOC_START
+         This option specifies the maximum size of a reply body in bytes.
+ 	It can be used to prevent users from downloading very large files,
+-	such as MP3's and movies. When the reply headers are recieved,
++	such as MP3's and movies. When the reply headers are received,
+ 	the reply_body_max_size lines are processed, and the first line with
+ 	a result of "allow" is used as the maximum body size for this reply.
+ 	This size is checked twice. First when we get the reply headers,
+@@ -2415,7 +2423,7 @@
+ 
+ NAME: cache_mgr
+ TYPE: string
+-DEFAULT: webmaster
++DEFAULT: root
+ LOC: Config.adminEmail
+ DOC_START
+ 	Email-address of local cache manager who will receive
+@@ -2425,7 +2433,7 @@
+ 
+ NAME: cache_effective_user
+ TYPE: string
+-DEFAULT: nobody
++DEFAULT: squid 
+ LOC: Config.effectiveUser
+ DOC_START
+ 	If you start Squid as root, it will change its effective/real
+@@ -2440,7 +2448,7 @@
+ 
+ NAME: cache_effective_group
+ TYPE: string
+-DEFAULT: none
++DEFAULT: squid
+ LOC: Config.effectiveGroup
+ DOC_START
+ 	If you want Squid to run with a specific GID regardless of
+@@ -2592,7 +2600,7 @@
+ DOC_START
+ 	If you are running Squid as an accelerator and have a single backend
+ 	server set this to on. This causes Squid to forward the request
+-	to this server, regardles of what any redirectors or Host headers
++	to this server, regardless of what any redirectors or Host headers
+ 	say.
+ 
+ 	Leave this at off if you have multiple backend servers, and use a
+@@ -3229,7 +3237,11 @@
+ 	If you wish to create your own versions of the default
+ 	(English) error files, either to customize them to suit your
+ 	language or company copy the template English files to another
+-	directory and point this tag at them.
++	directory where the error files are read from.
++	/usr/lib/squid/errors contains sets of error files
++	in different languages. The default error directory
++	is /etc/squid/errors, which is a link to one of these
++	error sets.
+ DOC_END
+ 
+ NAME: maximum_single_addr_tries
+@@ -3263,12 +3275,15 @@
+ NAME: snmp_port
+ TYPE: ushort
+ LOC: Config.Port.snmp
+-DEFAULT: 3401
++DEFAULT: 0
+ IFDEF: SQUID_SNMP
+ DOC_START
+ 	Squid can now serve statistics and status information via SNMP.
+ 	By default it listens to port 3401 on the machine. If you don't
+ 	wish to use SNMP, set this to "0".
++
++	Note: on Gentoo Linux, the default is zero - you need to
++	set it to 3401 to enable it.
+ DOC_END
+ 
+ NAME: snmp_access
+diff -Nru squid-2.5.STABLE9.orig/src/debug.c squid-2.5.STABLE9/src/debug.c
+--- squid-2.5.STABLE9.orig/src/debug.c	2001-12-17 20:01:54.000000000 +0200
++++ squid-2.5.STABLE9/src/debug.c	2005-03-03 20:19:24.884934824 +0200
+@@ -200,9 +200,9 @@
+     }
+     debugOpenLog(logfile);
+ 
+-#if HAVE_SYSLOG && defined(LOG_LOCAL4)
++#if HAVE_SYSLOG
+     if (opt_syslog_enable)
+-	openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
++	openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON);
+ #endif /* HAVE_SYSLOG */
+ 
+ }
+diff -Nru squid-2.5.STABLE9.orig/src/defines.h squid-2.5.STABLE9/src/defines.h
+--- squid-2.5.STABLE9.orig/src/defines.h	2002-08-08 23:17:39.000000000 +0300
++++ squid-2.5.STABLE9/src/defines.h	2005-03-03 20:19:24.884934824 +0200
+@@ -219,7 +219,7 @@
+ 
+ /* were to look for errors if config path fails */
+ #ifndef DEFAULT_SQUID_ERROR_DIR
+-#define DEFAULT_SQUID_ERROR_DIR "/usr/local/squid/etc/errors"
++#define DEFAULT_SQUID_ERROR_DIR "/usr/lib/squid/errors/English"
+ #endif
+ 
+ /* gb_type operations */
+diff -Nru squid-2.5.STABLE9.orig/src/delay_pools.c squid-2.5.STABLE9/src/delay_pools.c
+--- squid-2.5.STABLE9.orig/src/delay_pools.c	2003-06-19 02:53:35.000000000 +0300
++++ squid-2.5.STABLE9/src/delay_pools.c	2005-03-03 20:19:24.885934672 +0200
+@@ -609,7 +609,7 @@
+ }
+ 
+ /*
+- * this records actual bytes recieved.  always recorded, even if the
++ * this records actual bytes received.  always recorded, even if the
+  * class is disabled - it's more efficient to just do it than to do all
+  * the checks.
+  */
+diff -Nru squid-2.5.STABLE9.orig/src/main.c squid-2.5.STABLE9/src/main.c
+--- squid-2.5.STABLE9.orig/src/main.c	2005-02-21 04:55:04.000000000 +0200
++++ squid-2.5.STABLE9/src/main.c	2005-03-03 20:19:24.887934368 +0200
+@@ -326,6 +326,21 @@
+     asnFreeMemory();
+ }
+ 
++#if USE_UNLINKD
++static int
++needUnlinkd(void)
++{
++    int i;
++    int r = 0;
++    for (i = 0; i < Config.cacheSwap.n_configured; i++) {
++       if (strcmp(Config.cacheSwap.swapDirs[i].type, "ufs") == 0 ||
++           strcmp(Config.cacheSwap.swapDirs[i].type, "diskd") == 0)
++          r++;
++    }
++    return r;
++}
++#endif
++
+ static void
+ mainReconfigure(void)
+ {
+@@ -351,6 +366,7 @@
+     redirectShutdown();
+     authenticateShutdown();
+     externalAclShutdown();
++    unlinkdClose();
+     storeDirCloseSwapLogs();
+     storeLogClose();
+     accessLogClose();
+@@ -381,6 +397,9 @@
+ #if USE_WCCP
+     wccpInit();
+ #endif
++#if USE_UNLINKD
++    if (needUnlinkd()) unlinkdInit();
++#endif
+     serverConnectionsOpen();
+     if (theOutIcpConnection >= 0) {
+ 	if (!Config2.Accel.on || Config.onoff.accel_with_proxy)
+@@ -525,7 +544,7 @@
+ 
+     if (!configured_once) {
+ #if USE_UNLINKD
+-	unlinkdInit();
++	if (needUnlinkd()) unlinkdInit();
+ #endif
+ 	urlInitialize();
+ 	cachemgrInit();
+@@ -860,7 +879,7 @@
+     int nullfd;
+     if (*(argv[0]) == '(')
+ 	return;
+-    openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
++    openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON);
+     if ((pid = fork()) < 0)
+ 	syslog(LOG_ALERT, "fork failed: %s", xstrerror());
+     else if (pid > 0)
+@@ -894,14 +913,14 @@
+ 	mainStartScript(argv[0]);
+ 	if ((pid = fork()) == 0) {
+ 	    /* child */
+-	    openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
++	    openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON);
+ 	    prog = xstrdup(argv[0]);
+ 	    argv[0] = xstrdup("(squid)");
+ 	    execvp(prog, argv);
+ 	    syslog(LOG_ALERT, "execvp failed: %s", xstrerror());
+ 	}
+ 	/* parent */
+-	openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
++	openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON);
+ 	syslog(LOG_NOTICE, "Squid Parent: child process %d started", pid);
+ 	time(&start);
+ 	squid_signal(SIGINT, SIG_IGN, SA_RESTART);
+diff -Nru squid-2.5.STABLE9.orig/src/mib.txt squid-2.5.STABLE9/src/mib.txt
+--- squid-2.5.STABLE9.orig/src/mib.txt	2004-06-01 01:39:00.000000000 +0300
++++ squid-2.5.STABLE9/src/mib.txt	2005-03-03 20:19:24.887934368 +0200
+@@ -290,7 +290,7 @@
+                 MAX-ACCESS read-only
+                 STATUS current
+ 		DESCRIPTION
+-			" Number of HTTP KB's recieved "
++			" Number of HTTP KB's received "
+         ::= { cacheProtoAggregateStats 4 }
+ 
+         cacheHttpOutKb OBJECT-TYPE
+@@ -330,7 +330,7 @@
+                 MAX-ACCESS read-only
+                 STATUS current
+ 		DESCRIPTION
+-                        " Number of ICP KB's recieved "
++                        " Number of ICP KB's received "
+         ::= { cacheProtoAggregateStats 9 }
+ 
+         cacheServerRequests OBJECT-TYPE
+@@ -354,7 +354,7 @@
+                 MAX-ACCESS read-only
+                 STATUS current
+ 		DESCRIPTION
+-                        " KB's of traffic recieved from servers "
++                        " KB's of traffic received from servers "
+         ::= { cacheProtoAggregateStats 12 }
+ 
+         cacheServerOutKb OBJECT-TYPE
+diff -Nru squid-2.5.STABLE9.orig/src/url.c squid-2.5.STABLE9/src/url.c
+--- squid-2.5.STABLE9.orig/src/url.c	2003-01-18 16:16:49.000000000 +0200
++++ squid-2.5.STABLE9/src/url.c	2005-03-03 20:19:24.888934216 +0200
+@@ -312,8 +312,8 @@
+ 	return NULL;
+     }
+ #endif
+-    if (Config.appendDomain && !strchr(host, '.'))
+-	strncat(host, Config.appendDomain, SQUIDHOSTNAMELEN);
++    if (Config.appendDomain && !strchr(host, '.') && strcasecmp(host, "localhost") != 0)
++        strncat(host, Config.appendDomain, SQUIDHOSTNAMELEN);
+     /* remove trailing dots from hostnames */
+     while ((l = strlen(host)) > 0 && host[--l] == '.')
+ 	host[l] = '\0';
diff --git a/www-proxy/squid/squid-2.5.9.ebuild b/www-proxy/squid/squid-2.5.9.ebuild
new file mode 100644
index 000000000000..041bcda9345f
--- /dev/null
+++ b/www-proxy/squid/squid-2.5.9.ebuild
@@ -0,0 +1,198 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-proxy/squid/squid-2.5.9.ebuild,v 1.1 2005/03/03 18:37:02 mrness Exp $
+
+inherit eutils toolchain-funcs
+
+#lame archive versioning scheme..
+S_PV=${PV%.*}
+S_PL=${PV##*.}
+S_PP=${PN}-${S_PV}.STABLE${S_PL}
+PATCH_VERSION="20050303"
+
+DESCRIPTION="A caching web proxy, with advanced features"
+HOMEPAGE="http://www.squid-cache.org/"
+
+S=${WORKDIR}/${S_PP}
+SRC_URI="ftp://ftp.squid-cache.org/pub/squid-2/STABLE/${S_PP}.tar.bz2
+	mirror://gentoo/${S_PP}-patches-${PATCH_VERSION}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc x86 ~mips"
+IUSE="pam ldap ssl sasl snmp debug uclibc selinux underscores logrotate"
+
+RDEPEND="virtual/libc
+	pam? ( >=sys-libs/pam-0.75 )
+	ldap? ( >=net-nds/openldap-2.1.26 )
+	ssl? ( >=dev-libs/openssl-0.9.6m )
+	sasl? ( >=dev-libs/cyrus-sasl-1.5.27 )
+	selinux? ( sec-policy/selinux-squid )
+	!mips? ( logrotate? ( app-admin/logrotate ) )"
+DEPEND="${RDEPEND} dev-lang/perl"
+
+src_unpack() {
+	unpack ${A} || die "unpack failed"
+	cd ${S} || die "dir ${S} not found"
+
+	#do NOT just remove this patch.  yes, it's here for a reason.
+	#woodchip@gentoo.org (07 Nov 2002)
+	patch -p1 <${FILESDIR}/squid-${PV}-gentoo.diff || die "failed to apply squid-{PV}-gentoo.diff"
+
+	# Do bulk patching from squids bug fix list for stable 6 see #57081
+	EPATCH_SUFFIX="patch" epatch ${WORKDIR}/patch
+
+	#hmm #10865
+	cd helpers/external_acl/ldap_group
+	cp Makefile.in Makefile.in.orig
+	sed -e 's%^\(LINK =.*\)\(-o.*\)%\1\$(XTRA_LIBS) \2%' \
+		Makefile.in.orig > Makefile.in
+
+	if ! use debug
+	then
+		cd ${S}
+		mv configure.in configure.in.orig
+		sed -e 's%LDFLAGS="-g"%LDFLAGS=""%' configure.in.orig > configure.in
+		export WANT_AUTOCONF=2.1
+		autoconf || die "autoconf failed"
+	fi
+}
+
+src_compile() {
+	# Support for uclibc #61175
+	if use uclibc; then
+		local basic_modules="getpwnam,NCSA,SMB,MSNT,multi-domain-NTLM,winbind"
+	else
+		local basic_modules="getpwnam,YP,NCSA,SMB,MSNT,multi-domain-NTLM,winbind"
+	fi
+
+	use ldap && basic_modules="LDAP,${basic_modules}"
+	use pam && basic_modules="PAM,${basic_modules}"
+	use sasl && basic_modules="SASL,${basic_modules}"
+	# SASL 1 / 2 Supported Natively
+
+	local ext_helpers="ip_user,unix_group,wbinfo_group,winbind_group"
+	use ldap && ext_helpers="ldap_group,${ext_helpers}"
+
+	local myconf=""
+	use snmp && myconf="${myconf} --enable-snmp" || myconf="${myconf} --disable-snmp"
+	use ssl && myconf="${myconf} --enable-ssl" || myconf="${myconf} --disable-ssl"
+
+	use amd64 && myconf="${myconf} --disable-internal-dns "
+
+	if use underscores; then
+		ewarn "Enabling underscores in domain names will result in dns resolution"
+		ewarn "failure if your local DNS client (probably bind) is not compatible."
+		myconf="${myconf} --enable-underscores"
+	fi
+
+	# Support for uclibc #61175
+	if use uclibc; then
+		myconf="${myconf} --enable-storeio='ufs,diskd,aufs,null' "
+		myconf="${myconf} --disable-async-io "
+	else
+		myconf="${myconf} --enable-storeio='ufs,diskd,coss,aufs,null' "
+		myconf="${myconf} --enable-async-io "
+	fi
+
+	export CC=$(tc-getCC)
+
+	./configure \
+		--prefix=/usr \
+		--bindir=/usr/bin \
+		--exec-prefix=/usr \
+		--sbindir=/usr/sbin \
+		--localstatedir=/var \
+		--mandir=/usr/share/man \
+		--sysconfdir=/etc/squid \
+		--libexecdir=/usr/lib/squid \
+		\
+		--enable-auth="basic,digest,ntlm" \
+		--enable-removal-policies="lru,heap" \
+		--enable-digest-auth-helpers="password" \
+		--enable-basic-auth-helpers=${basic_modules} \
+		--enable-external-acl-helpers=${ext_helpers} \
+		--enable-ntlm-auth-helpers="SMB,fakeauth,no_check,winbind" \
+		--enable-linux-netfilter \
+		--enable-ident-lookups \
+		--enable-useragent-log \
+		--enable-cache-digests \
+		--enable-delay-pools \
+		--enable-referer-log \
+		--enable-truncate \
+		--enable-arp-acl \
+		--with-pthreads \
+		--enable-htcp \
+		--enable-carp \
+		--enable-poll \
+		--host=${CHOST} ${myconf} || die "bad ./configure"
+		#--enable-icmp
+
+	mv include/autoconf.h include/autoconf.h.orig
+	sed -e "s:^#define SQUID_MAXFD.*:#define SQUID_MAXFD 8192:" \
+		include/autoconf.h.orig > include/autoconf.h
+
+#	if [ "${ARCH}" = "hppa" ]
+#	then
+#		mv include/autoconf.h include/autoconf.h.orig
+#		sed -e "s:^#define HAVE_MALLOPT 1:#undef HAVE_MALLOPT:" \
+#			include/autoconf.h.orig > include/autoconf.h
+#	fi
+
+	emake || die "compile problem"
+}
+
+src_install() {
+	make DESTDIR=${D} install || die
+
+	#--enable-icmp
+	#make -C src install-pinger libexecdir=${D}/usr/lib/squid || die
+	#chown root:squid ${D}/usr/lib/squid/pinger
+	#chmod 4750 ${D}/usr/lib/squid/pinger
+
+	#need suid root for looking into /etc/shadow
+	chown root:squid ${D}/usr/lib/squid/ncsa_auth
+	chown root:squid ${D}/usr/lib/squid/pam_auth
+	chmod 4750 ${D}/usr/lib/squid/ncsa_auth
+	chmod 4750 ${D}/usr/lib/squid/pam_auth
+
+	#some clean ups
+	rm -rf ${D}/var
+	mv ${D}/usr/bin/Run* ${D}/usr/lib/squid
+
+	#simply switch this symlink to choose the desired language..
+	dosym /usr/lib/squid/errors/English /etc/squid/errors
+
+	dodoc CONTRIBUTORS COPYING COPYRIGHT CREDITS \
+		ChangeLog QUICKSTART SPONSORS doc/*.txt \
+		helpers/ntlm_auth/no_check/README.no_check_ntlm_auth
+	newdoc helpers/basic_auth/SMB/README README.auth_smb
+	dohtml helpers/basic_auth/MSNT/README.html RELEASENOTES.html
+	newdoc helpers/basic_auth/LDAP/README README.auth_ldap
+	doman helpers/basic_auth/LDAP/*.8
+	dodoc helpers/basic_auth/SASL/squid_sasl_auth*
+
+	insinto /etc/pam.d
+	newins ${FILESDIR}/squid.pam squid
+	exeinto /etc/init.d
+	newexe ${FILESDIR}/squid.rc6 squid
+	insinto /etc/conf.d
+	newins ${FILESDIR}/squid.confd squid
+	if useq logrotate; then
+		insinto /etc/logrotate.d
+		newins ${FILESDIR}/squid-logrotate squid
+	else
+		exeinto /etc/cron.weekly
+		newexe ${FILESDIR}/squid-r1.cron squid.cron
+	fi
+
+	diropts -m0755 -o squid -g squid
+	dodir /var/cache/squid /var/log/squid
+}
+
+pkg_postinst() {
+	echo
+	ewarn "Squid authentication helpers have been installed suid root"
+	ewarn "This allows shadow based authentication, see bug #52977 for more"
+	echo
+}
author	Alin Năstac <mrness@gentoo.org>	2005-03-03 18:37:02 +0000
committer	Alin Năstac <mrness@gentoo.org>	2005-03-03 18:37:02 +0000
commit	57465909d2f090917fbdbb36af2bc311b3df7258 (patch)
tree	826f6b9e123de94eaa1dbd2d2a77d0ecf3363531 /www-proxy
parent	recommit manifest. bad epkgmove (diff)
download	gentoo-2-57465909d2f090917fbdbb36af2bc311b3df7258.tar.gz gentoo-2-57465909d2f090917fbdbb36af2bc311b3df7258.tar.bz2 gentoo-2-57465909d2f090917fbdbb36af2bc311b3df7258.zip