diff options
| author |   Alin Năstac <mrness@gentoo.org> | 2009-08-22 12:57:20 +0000 |
|---|---|---|
| committer | Alin Năstac <mrness@gentoo.org> | 2009-08-22 12:57:20 +0000 |
| commit | ffef92f5b2e66545afbf0f39f0402f2a72931333 (patch) | |
| tree | 201d198f239b410895fce7f12bb0c27697991889 /net-proxy/squid | |
| parent | Fix building with media-libs/jpeg-7. (diff) | |
| download | gentoo-2-ffef92f5b2e66545afbf0f39f0402f2a72931333.tar.gz gentoo-2-ffef92f5b2e66545afbf0f39f0402f2a72931333.tar.bz2 gentoo-2-ffef92f5b2e66545afbf0f39f0402f2a72931333.zip | |
Fix security bug 279380.
Add fix for -Wl,--as-needed problem when 3.1.0.13 is compiled with kerberos USE flag enabled.
Remove resource consuming PURGE method from the default squid.conf installed by 3.1.0.13 version.
(Portage version: 2.1.6.13/cvs/Linux x86_64)
Diffstat (limited to 'net-proxy/squid')
16 files changed, 239 insertions, 992 deletions
diff --git a/net-proxy/squid/ChangeLog b/net-proxy/squid/ChangeLog index c22c8e46cb19..b6f4badee303 100644 --- a/net-proxy/squid/ChangeLog +++ b/net-proxy/squid/ChangeLog @@ -1,6 +1,27 @@ # ChangeLog for net-proxy/squid # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.274 2009/08/16 11:01:46 mrness Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.275 2009/08/22 12:57:20 mrness Exp $ + +*squid-3.1.0.13_beta-r1 (22 Aug 2009) +*squid-3.0.18-r1 (22 Aug 2009) +*squid-2.7.6-r2 (22 Aug 2009) + + 22 Aug 2009; Alin Năstac <mrness@gentoo.org> + +files/squid-2.7.6-cve-2009-2855.patch, + -files/squid-3.0.15-adapted-zph.patch, + -files/squid-3.0.15-cross-compile.patch, -files/squid-3.0.15-gcc43.patch, + -files/squid-3.0.15-gentoo.patch, -files/squid-3.0.15-heimdal.patch, + +files/squid-3.0.18-cve-2009-2855.patch, + -files/squid-3.1.0.9_beta-gentoo.patch, + -files/squid-3.1.0.9_beta-invconv.patch, + +files/squid-3.1.0.13_beta-cve-2009-2855.patch, + files/squid-3.1.0.13_beta-gentoo.patch, + files/squid-3.1.0.13_beta-qafixes.patch, +squid-2.7.6-r2.ebuild, + -squid-3.0.15.ebuild, +squid-3.0.18-r1.ebuild, -squid-3.1.0.9_beta.ebuild, + -squid-3.1.0.13_beta.ebuild, +squid-3.1.0.13_beta-r1.ebuild: + Fix security bug 279380. Add fix for -Wl,--as-needed problem when 3.1.0.13 + is compiled with kerberos USE flag enabled. Remove resource consuming PURGE + method from the default squid.conf installed by 3.1.0.13 version. 16 Aug 2009; Alin Năstac <mrness@gentoo.org> files/squid.initd, files/squid.initd-logrotate, squid-2.7.6-r1.ebuild, squid-3.0.18.ebuild, diff --git a/net-proxy/squid/files/squid-2.7.6-cve-2009-2855.patch b/net-proxy/squid/files/squid-2.7.6-cve-2009-2855.patch new file mode 100644 index 000000000000..8863ffe093fc --- /dev/null +++ b/net-proxy/squid/files/squid-2.7.6-cve-2009-2855.patch @@ -0,0 +1,34 @@ +diff -Nru squid-2.7.STABLE6.orig/src/HttpHeaderTools.c squid-2.7.STABLE6/src/HttpHeaderTools.c +--- squid-2.7.STABLE6.orig/src/HttpHeaderTools.c 2008-04-02 03:00:11.000000000 +0200 ++++ squid-2.7.STABLE6/src/HttpHeaderTools.c 2009-08-22 11:25:43.000000000 +0200 +@@ -239,6 +239,10 @@ + strListGetItem(const String * str, char del, const char **item, int *ilen, const char **pos) + { + size_t len; ++ /* ',' is always enabled as field delimiter as this is required for ++ * processing merged header values properly, even if Cookie normally ++ * uses ';' as delimiter. ++ */ + static char delim[3][8] = + { + "\"?,", +@@ -261,16 +265,15 @@ + /* find next delimiter */ + do { + *pos += strcspn(*pos, delim[quoted]); +- if (**pos == del) +- break; + if (**pos == '"') { + quoted = !quoted; + *pos += 1; +- } +- if (quoted && **pos == '\\') { ++ } else if (quoted && **pos == '\\') { + *pos += 1; + if (**pos) + *pos += 1; ++ } else { ++ break; /* Delimiter found, marking the end of this value */ + } + } while (**pos); + len = *pos - *item; /* *pos points to del or '\0' */ diff --git a/net-proxy/squid/files/squid-3.0.15-adapted-zph.patch b/net-proxy/squid/files/squid-3.0.15-adapted-zph.patch deleted file mode 100644 index 864944a4daf9..000000000000 --- a/net-proxy/squid/files/squid-3.0.15-adapted-zph.patch +++ /dev/null @@ -1,202 +0,0 @@ -diff -Nru squid-3.0.STABLE15.orig/src/cf.data.pre squid-3.0.STABLE15/src/cf.data.pre ---- squid-3.0.STABLE15.orig/src/cf.data.pre 2009-05-09 10:05:05.000000000 +0000 -+++ squid-3.0.STABLE15/src/cf.data.pre 2009-05-09 10:13:39.000000000 +0000 -@@ -1133,6 +1133,60 @@ - making the request. - DOC_END - -+NAME: zph_tos_local -+TYPE: int -+DEFAULT: 0 -+LOC: Config.zph_tos_local -+DOC_START -+ Allows you to select a TOS/Diffserv value to mark local hits. Read above -+ (tcp_outgoing_tos) for details/requirements about TOS. -+ Default: 0 (disabled). -+DOC_END -+ -+NAME: zph_tos_peer -+TYPE: int -+DEFAULT: 0 -+LOC: Config.zph_tos_peer -+DOC_START -+ Allows you to select a TOS/Diffserv value to mark peer hits. Read above -+ (tcp_outgoing_tos) for details/requirements about TOS. -+ Default: 0 (disabled). -+DOC_END -+ -+NAME: zph_tos_parent -+COMMENT: on|off -+TYPE: onoff -+LOC: Config.onoff.zph_tos_parent -+DEFAULT: on -+DOC_START -+ Set this to off if you want only sibling hits to be marked. -+ If set to on (default), parent hits are being marked too. -+DOC_END -+ -+NAME: zph_preserve_miss_tos -+COMMENT: on|off -+TYPE: onoff -+LOC: Config.onoff.zph_preserve_miss_tos -+DEFAULT: on -+DOC_START -+ If set to on (default), any HTTP response towards clients will -+ have the TOS value of the response comming from the remote -+ server masked with the value of zph_preserve_miss_tos_mask. -+ For this to work correctly, you will need to patch your linux -+ kernel with the TOS preserving ZPH patch. -+DOC_END -+ -+NAME: zph_preserve_miss_tos_mask -+TYPE: int -+DEFAULT: 255 -+LOC: Config.zph_preserve_miss_tos_mask -+DOC_START -+ Allows you to mask certain bits in the TOS received from the -+ remote server, before copying the value to the TOS send towards -+ clients. -+ Default: 255 (TOS from server is not changed). -+DOC_END -+ - NAME: tcp_outgoing_address - TYPE: acl_address - DEFAULT: none -diff -Nru squid-3.0.STABLE15.orig/src/client_side_reply.cc squid-3.0.STABLE15/src/client_side_reply.cc ---- squid-3.0.STABLE15.orig/src/client_side_reply.cc 2009-05-06 11:11:41.000000000 +0000 -+++ squid-3.0.STABLE15/src/client_side_reply.cc 2009-05-09 10:13:39.000000000 +0000 -@@ -48,6 +48,7 @@ - #include "ESI.h" - #endif - #include "MemObject.h" -+#include "fde.h" - #include "ACLChecklist.h" - #include "ACL.h" - #if DELAY_POOLS -@@ -1550,6 +1551,11 @@ - /* guarantee nothing has been sent yet! */ - assert(http->out.size == 0); - assert(http->out.offset == 0); -+ if (Config.zph_tos_local) -+ { -+ debugs(33, 1, "ZPH hit hier.code=" << http->request->hier.code <<" TOS="<<Config.zph_tos_local); -+ comm_set_tos(http->getConn()->fd,Config.zph_tos_local); -+ } - tempBuffer.offset = reqofs; - tempBuffer.length = getNextNode()->readBuffer.length; - tempBuffer.data = getNextNode()->readBuffer.data; -@@ -1829,6 +1835,24 @@ - char *buf = next()->readBuffer.data; - - char *body_buf = buf; -+ -+ if (reqofs==0 && !logTypeIsATcpHit(http->logType)) -+ { -+ int tos = 0; -+ if (Config.zph_tos_peer && -+ (http->request->hier.code==SIBLING_HIT || -+ (Config.onoff.zph_tos_parent && http->request->hier.code==PARENT_HIT))) -+ { -+ tos = Config.zph_tos_peer; -+ debugs(33, 1, "ZPH: Peer hit, TOS="<<tos<<" hier.code="<<http->request->hier.code); -+ } -+ else if (Config.onoff.zph_preserve_miss_tos && Config.zph_preserve_miss_tos_mask) -+ { -+ tos = fd_table[fd].upstreamTOS & Config.zph_preserve_miss_tos_mask; -+ debugs(33, 1, "ZPH: Preserving TOS on miss, TOS="<<tos); -+ } -+ comm_set_tos(fd,tos); -+ } - - if (buf != result.data) { - /* we've got to copy some data */ -diff -Nru squid-3.0.STABLE15.orig/src/fde.h squid-3.0.STABLE15/src/fde.h ---- squid-3.0.STABLE15.orig/src/fde.h 2009-05-06 11:11:41.000000000 +0000 -+++ squid-3.0.STABLE15/src/fde.h 2009-05-09 10:13:39.000000000 +0000 -@@ -106,7 +106,7 @@ - long handle; - } win32; - #endif -- -+ unsigned char upstreamTOS; /* see FwdState::dispatch() */ - }; - - #endif /* SQUID_FDE_H */ -diff -Nru squid-3.0.STABLE15.orig/src/forward.cc squid-3.0.STABLE15/src/forward.cc ---- squid-3.0.STABLE15.orig/src/forward.cc 2009-05-06 11:11:41.000000000 +0000 -+++ squid-3.0.STABLE15/src/forward.cc 2009-05-09 10:13:39.000000000 +0000 -@@ -965,6 +965,52 @@ - - netdbPingSite(request->host); - -+ /* Retrieves remote server TOS value, and stores it as part of the -+ * original client request FD object. It is later used to forward -+ * remote server's TOS in the response to the client in case of a MISS. -+ */ -+ fde * clientFde = &fd_table[client_fd]; -+ if (clientFde) -+ { -+ int tos = 1; -+ int tos_len = sizeof(tos); -+ clientFde->upstreamTOS = 0; -+ if (setsockopt(server_fd,SOL_IP,IP_RECVTOS,&tos,tos_len)==0) -+ { -+ unsigned char buf[512]; -+ int len = 512; -+ if (getsockopt(server_fd,SOL_IP,IP_PKTOPTIONS,buf,(socklen_t*)&len) == 0) -+ { -+ /* Parse the PKTOPTIONS structure to locate the TOS data message -+ * prepared in the kernel by the ZPH incoming TCP TOS preserving -+ * patch. -+ */ -+ unsigned char * p = buf; -+ while (p-buf < len) -+ { -+ struct cmsghdr *o = (struct cmsghdr*)p; -+ if (o->cmsg_len<=0) -+ break; -+ -+ if (o->cmsg_level == SOL_IP && o->cmsg_type == IP_TOS) -+ { -+ clientFde->upstreamTOS = (unsigned char)(*(int*)CMSG_DATA(o)); -+ break; -+ } -+ p += CMSG_LEN(o->cmsg_len); -+ } -+ } -+ else -+ { -+ debugs(33, 1, "ZPH: error in getsockopt(IP_PKTOPTIONS) on FD "<<server_fd<<" "<<xstrerror()); -+ } -+ } -+ else -+ { -+ debugs(33, 1, "ZPH: error in setsockopt(IP_RECVTOS) on FD "<<server_fd<<" "<<xstrerror()); -+ } -+ } -+ - if (servers && (p = servers->_peer)) { - p->stats.fetches++; - request->peer_login = p->login; -diff -Nru squid-3.0.STABLE15.orig/src/structs.h squid-3.0.STABLE15/src/structs.h ---- squid-3.0.STABLE15.orig/src/structs.h 2009-05-09 10:05:06.000000000 +0000 -+++ squid-3.0.STABLE15/src/structs.h 2009-05-09 10:13:39.000000000 +0000 -@@ -553,6 +553,8 @@ - int emailErrData; - int httpd_suppress_version_string; - int global_internal_static; -+ int zph_tos_parent; -+ int zph_preserve_miss_tos; - int debug_override_X; - int WIN32_IpAddrChangeMonitor; - } -@@ -721,6 +723,9 @@ - int sleep_after_fork; /* microseconds */ - time_t minimum_expiry_time; /* seconds */ - external_acl *externalAclHelperList; -+ int zph_tos_local; -+ int zph_tos_peer; -+ int zph_preserve_miss_tos_mask; - #if USE_SSL - - struct diff --git a/net-proxy/squid/files/squid-3.0.15-cross-compile.patch b/net-proxy/squid/files/squid-3.0.15-cross-compile.patch deleted file mode 100644 index 68a3fb55e321..000000000000 --- a/net-proxy/squid/files/squid-3.0.15-cross-compile.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -Nru squid-3.0.STABLE15.orig/configure.in squid-3.0.STABLE15/configure.in ---- squid-3.0.STABLE15.orig/configure.in 2009-05-09 10:02:38.000000000 +0000 -+++ squid-3.0.STABLE15/configure.in 2009-05-09 10:03:20.000000000 +0000 -@@ -1820,6 +1820,10 @@ - ;; - esac - -+dnl Define HOSTCXX -+HOSTCXX="$build-g++" -+AC_SUBST(HOSTCXX) -+ - dnl Check for programs - AC_PROG_CPP - AC_PROG_INSTALL -diff -Nru squid-3.0.STABLE15.orig/src/Makefile.am squid-3.0.STABLE15/src/Makefile.am ---- squid-3.0.STABLE15.orig/src/Makefile.am 2009-05-09 10:02:38.000000000 +0000 -+++ squid-3.0.STABLE15/src/Makefile.am 2009-05-09 10:03:20.000000000 +0000 -@@ -1007,6 +1007,8 @@ - - DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" - -+HOSTCXX ?= @HOSTCXX@ -+ - $(OBJS): $(top_srcdir)/include/version.h ../include/autoconf.h - - snmp_core.o snmp_agent.o: ../snmplib/libsnmp.a $(top_srcdir)/include/cache_snmp.h -@@ -1030,6 +1032,11 @@ - squid.conf.default: cf_parser.h - true - -+cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES) -+ $(HOSTCXX) -o $@ $(srcdir)/cf_gen.cc \ -+ $(top_srcdir)/lib/util.c $(top_srcdir)/lib/assert.c \ -+ -DNDEBUG -DBUILD_HOST_TOOL ${INCLUDES} -+ - cf_parser.h: cf.data cf_gen$(EXEEXT) - ./cf_gen cf.data $(srcdir)/cf.data.depend - diff --git a/net-proxy/squid/files/squid-3.0.15-gcc43.patch b/net-proxy/squid/files/squid-3.0.15-gcc43.patch deleted file mode 100644 index a9d3f1b594f8..000000000000 --- a/net-proxy/squid/files/squid-3.0.15-gcc43.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -Nru squid-3.0.STABLE15.orig/lib/util.c squid-3.0.STABLE15/lib/util.c ---- squid-3.0.STABLE15.orig/lib/util.c 2009-05-06 11:11:38.000000000 +0000 -+++ squid-3.0.STABLE15/lib/util.c 2009-05-09 10:31:41.000000000 +0000 -@@ -751,7 +751,8 @@ - /* copy string, including terminating character */ - sz = strlen(s) + 1; - -- p = memcpy((char *)xmalloc(sz), s, sz); -+ p = (char *)xmalloc(sz); -+ memcpy(p, s, sz); - - PROF_stop(xstrdup); - diff --git a/net-proxy/squid/files/squid-3.0.15-gentoo.patch b/net-proxy/squid/files/squid-3.0.15-gentoo.patch deleted file mode 100644 index 2def7187d6cc..000000000000 --- a/net-proxy/squid/files/squid-3.0.15-gentoo.patch +++ /dev/null @@ -1,293 +0,0 @@ -diff -Nru squid-3.0.STABLE15.orig/acinclude.m4 squid-3.0.STABLE15/acinclude.m4 ---- squid-3.0.STABLE15.orig/acinclude.m4 2009-05-06 11:11:25.000000000 +0000 -+++ squid-3.0.STABLE15/acinclude.m4 2009-05-09 09:54:49.000000000 +0000 -@@ -73,7 +73,7 @@ - AC_MSG_CHECKING([whether compiler accepts -fhuge-objects]) - AC_CACHE_VAL([ac_cv_test_checkforhugeobjects],[ - ac_cv_test_checkforhugeobjects=`echo "int foo;" > conftest.cc --${CXX} -Werror -fhuge-objects -c conftest.cc 2>/dev/null -+${CXX} -fhuge-objects -c conftest.cc 2>/dev/null - res=$? - rm -f conftest.* - echo yes -diff -Nru squid-3.0.STABLE15.orig/configure.in squid-3.0.STABLE15/configure.in ---- squid-3.0.STABLE15.orig/configure.in 2009-05-06 11:11:43.000000000 +0000 -+++ squid-3.0.STABLE15/configure.in 2009-05-09 09:54:49.000000000 +0000 -@@ -15,9 +15,9 @@ - PRESET_LDFLAGS="$LDFLAGS" - - dnl Set default LDFLAGS --if test -z "$LDFLAGS"; then -- LDFLAGS="-g" --fi -+dnl if test -z "$LDFLAGS"; then -+dnl LDFLAGS="-g" -+dnl fi - - dnl Check for GNU cc - AC_PROG_CC -@@ -177,13 +177,13 @@ - dnl TODO: check if the problem will be present in any other newer MinGW release. - case "$host_os" in - mingw|mingw32) -- SQUID_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments" -+ SQUID_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings" - ;; - *) -- SQUID_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments" -+ SQUID_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations" - ;; - esac -- SQUID_CXXFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments" -+ SQUID_CXXFLAGS="-Wall -Wpointer-arith -Wwrite-strings" - else - SQUID_CFLAGS= - SQUID_CXXFLAGS= -diff -Nru squid-3.0.STABLE15.orig/helpers/basic_auth/MSNT/confload.c squid-3.0.STABLE15/helpers/basic_auth/MSNT/confload.c ---- squid-3.0.STABLE15.orig/helpers/basic_auth/MSNT/confload.c 2009-05-06 11:11:32.000000000 +0000 -+++ squid-3.0.STABLE15/helpers/basic_auth/MSNT/confload.c 2009-05-09 09:54:49.000000000 +0000 -@@ -27,7 +27,7 @@ - - /* Path to configuration file */ - #ifndef SYSCONFDIR --#define SYSCONFDIR "/usr/local/squid/etc" -+#define SYSCONFDIR "/etc/squid" - #endif - #define CONFIGFILE SYSCONFDIR "/msntauth.conf" - -diff -Nru squid-3.0.STABLE15.orig/helpers/basic_auth/MSNT/msntauth.conf.default squid-3.0.STABLE15/helpers/basic_auth/MSNT/msntauth.conf.default ---- squid-3.0.STABLE15.orig/helpers/basic_auth/MSNT/msntauth.conf.default 2009-05-06 11:11:32.000000000 +0000 -+++ squid-3.0.STABLE15/helpers/basic_auth/MSNT/msntauth.conf.default 2009-05-09 09:54:49.000000000 +0000 -@@ -8,6 +8,6 @@ - server other_PDC other_BDC otherdomain - - # Denied and allowed users. Comment these if not needed. --#denyusers /usr/local/squid/etc/msntauth.denyusers --#allowusers /usr/local/squid/etc/msntauth.allowusers -+#denyusers /etc/squid/msntauth.denyusers -+#allowusers /etc/squid/msntauth.allowusers - -diff -Nru squid-3.0.STABLE15.orig/helpers/basic_auth/SMB/Makefile.am squid-3.0.STABLE15/helpers/basic_auth/SMB/Makefile.am ---- squid-3.0.STABLE15.orig/helpers/basic_auth/SMB/Makefile.am 2009-05-06 11:11:32.000000000 +0000 -+++ squid-3.0.STABLE15/helpers/basic_auth/SMB/Makefile.am 2009-05-09 09:54:49.000000000 +0000 -@@ -14,7 +14,7 @@ - ## FIXME: autoconf should test for the samba path. - - SMB_AUTH_HELPER = smb_auth.sh --SAMBAPREFIX=/usr/local/samba -+SAMBAPREFIX=/usr - SMB_AUTH_HELPER_PATH = $(libexecdir)/$(SMB_AUTH_HELPER) - - libexec_SCRIPTS = $(SMB_AUTH_HELPER) -diff -Nru squid-3.0.STABLE15.orig/helpers/basic_auth/SMB/smb_auth.sh squid-3.0.STABLE15/helpers/basic_auth/SMB/smb_auth.sh ---- squid-3.0.STABLE15.orig/helpers/basic_auth/SMB/smb_auth.sh 2009-05-06 11:11:32.000000000 +0000 -+++ squid-3.0.STABLE15/helpers/basic_auth/SMB/smb_auth.sh 2009-05-09 09:54:49.000000000 +0000 -@@ -24,7 +24,7 @@ - read AUTHSHARE - read AUTHFILE - read SMBUSER --read SMBPASS -+read -r SMBPASS - - # Find domain controller - echo "Domain name: $DOMAINNAME" -@@ -47,7 +47,7 @@ - addropt="" - fi - echo "Query address options: $addropt" --dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'` -+dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'` - echo "Domain controller IP address: $dcip" - [ -n "$dcip" ] || exit 1 - -diff -Nru squid-3.0.STABLE15.orig/helpers/external_acl/session/squid_session.8 squid-3.0.STABLE15/helpers/external_acl/session/squid_session.8 ---- squid-3.0.STABLE15.orig/helpers/external_acl/session/squid_session.8 2009-05-06 11:11:33.000000000 +0000 -+++ squid-3.0.STABLE15/helpers/external_acl/session/squid_session.8 2009-05-09 09:54:49.000000000 +0000 -@@ -35,7 +35,7 @@ - .P - Configuration example using the default automatic mode - .IP --external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/local/squid/libexec/squid_session -+external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/libexec/squid/squid_session - .IP - acl session external session - .IP -diff -Nru squid-3.0.STABLE15.orig/helpers/external_acl/unix_group/squid_unix_group.8 squid-3.0.STABLE15/helpers/external_acl/unix_group/squid_unix_group.8 ---- squid-3.0.STABLE15.orig/helpers/external_acl/unix_group/squid_unix_group.8 2009-05-06 11:11:33.000000000 +0000 -+++ squid-3.0.STABLE15/helpers/external_acl/unix_group/squid_unix_group.8 2009-05-09 09:54:49.000000000 +0000 -@@ -27,7 +27,7 @@ - This squid.conf example defines two Squid acls. usergroup1 matches users in group1, and usergroup2 - matches users in group2 or group3 - .IP --external_acl_type unix_group %LOGIN /usr/local/squid/libexec/squid_unix_group -p -+external_acl_type unix_group %LOGIN /usr/libexec/squid/squid_unix_group -p - .IP - acl usergroup1 external unix_group group1 - .IP -diff -Nru squid-3.0.STABLE15.orig/helpers/negotiate_auth/squid_kerb_auth/do.sh squid-3.0.STABLE15/helpers/negotiate_auth/squid_kerb_auth/do.sh ---- squid-3.0.STABLE15.orig/helpers/negotiate_auth/squid_kerb_auth/do.sh 2009-05-06 11:11:33.000000000 +0000 -+++ squid-3.0.STABLE15/helpers/negotiate_auth/squid_kerb_auth/do.sh 2009-05-09 09:54:49.000000000 +0000 -@@ -7,7 +7,7 @@ - # - CC=gcc - #CFLAGS="-Wall -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wshadow -O2" --CFLAGS="-Wall -Werror -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wshadow -O2" -+CFLAGS="-Wall -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wshadow -O2" - if [ "$1" = "HEIMDAL" ]; then - DEFINE="-DHEIMDAL -D__LITTLE_ENDIAN__" - INCLUDE="-I/usr/include/heimdal -Ispnegohelp" -diff -Nru squid-3.0.STABLE15.orig/lib/libTrie/acinclude.m4 squid-3.0.STABLE15/lib/libTrie/acinclude.m4 ---- squid-3.0.STABLE15.orig/lib/libTrie/acinclude.m4 2009-05-06 11:11:37.000000000 +0000 -+++ squid-3.0.STABLE15/lib/libTrie/acinclude.m4 2009-05-09 09:54:49.000000000 +0000 -@@ -9,7 +9,7 @@ - AC_MSG_CHECKING([whether compiler accepts -fhuge-objects]) - AC_CACHE_VAL([ac_cv_test_checkforhugeobjects],[ - ac_cv_test_checkforhugeobjects=`echo "int foo;" > conftest.cc --${CXX} -Werror -fhuge-objects -c conftest.cc 2>/dev/null -+${CXX} -fhuge-objects -c conftest.cc 2>/dev/null - res=$? - rm -f conftest.* - echo yes -diff -Nru squid-3.0.STABLE15.orig/lib/libTrie/configure.in squid-3.0.STABLE15/lib/libTrie/configure.in ---- squid-3.0.STABLE15.orig/lib/libTrie/configure.in 2009-05-06 11:11:37.000000000 +0000 -+++ squid-3.0.STABLE15/lib/libTrie/configure.in 2009-05-09 09:54:49.000000000 +0000 -@@ -58,8 +58,8 @@ - - dnl set useful flags - if test "$GCC" = "yes"; then -- TRIE_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments" -- TRIE_CXXFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments" -+ TRIE_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations" -+ TRIE_CXXFLAGS="-Wall -Wpointer-arith -Wwrite-strings" - else - TRIE_CFLAGS= - TRIE_CXXFLAGS= -diff -Nru squid-3.0.STABLE15.orig/src/cf.data.pre squid-3.0.STABLE15/src/cf.data.pre ---- squid-3.0.STABLE15.orig/src/cf.data.pre 2009-05-06 11:11:41.000000000 +0000 -+++ squid-3.0.STABLE15/src/cf.data.pre 2009-05-09 09:54:49.000000000 +0000 -@@ -652,6 +652,8 @@ - acl Safe_ports port 488 # gss-http - acl Safe_ports port 591 # filemaker - acl Safe_ports port 777 # multiling http -+acl Safe_ports port 901 # SWAT -+acl purge method PURGE - acl CONNECT method CONNECT - NOCOMMENT_END - DOC_END -@@ -685,6 +687,9 @@ - # Only allow cachemgr access from localhost - http_access allow manager localhost - http_access deny manager -+# Only allow purge requests from localhost -+http_access allow purge localhost -+http_access deny purge - # Deny requests to unknown ports - http_access deny !Safe_ports - # Deny CONNECT to other than SSL ports -@@ -702,6 +707,9 @@ - # from where browsing should be allowed - http_access allow localnet - -+# Allow the localhost to have access by default -+http_access allow localhost -+ - # And finally deny all other access to this proxy - http_access deny all - NOCOMMENT_END -@@ -3264,11 +3272,11 @@ - - NAME: cache_mgr - TYPE: string --DEFAULT: webmaster -+DEFAULT: root - LOC: Config.adminEmail - DOC_START - Email-address of local cache manager who will receive -- mail if the cache dies. The default is "webmaster." -+ mail if the cache dies. The default is "root". - DOC_END - - NAME: mail_from -@@ -5218,6 +5226,9 @@ - If you disable this, it will appear as - - X-Forwarded-For: unknown -+NOCOMMENT_START -+forwarded_for off -+NOCOMMENT_END - DOC_END - - NAME: cachemgr_passwd -diff -Nru squid-3.0.STABLE15.orig/src/debug.cc squid-3.0.STABLE15/src/debug.cc ---- squid-3.0.STABLE15.orig/src/debug.cc 2009-05-06 11:11:41.000000000 +0000 -+++ squid-3.0.STABLE15/src/debug.cc 2009-05-09 09:54:49.000000000 +0000 -@@ -465,7 +465,7 @@ - #if HAVE_SYSLOG && defined(LOG_LOCAL4) - - if (opt_syslog_enable) -- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, syslog_facility); -+ openlog(appname, LOG_PID | LOG_NDELAY, syslog_facility); - - #endif /* HAVE_SYSLOG */ - -diff -Nru squid-3.0.STABLE15.orig/src/defines.h squid-3.0.STABLE15/src/defines.h ---- squid-3.0.STABLE15.orig/src/defines.h 2009-05-06 11:11:41.000000000 +0000 -+++ squid-3.0.STABLE15/src/defines.h 2009-05-09 09:54:49.000000000 +0000 -@@ -218,7 +218,7 @@ - - /* were to look for errors if config path fails */ - #ifndef DEFAULT_SQUID_ERROR_DIR --#define DEFAULT_SQUID_ERROR_DIR "/usr/local/squid/etc/errors" -+#define DEFAULT_SQUID_ERROR_DIR "/usr/share/squid/errors/English" - #endif - - /* handy to determine the #elements in a static array */ -diff -Nru squid-3.0.STABLE15.orig/src/main.cc squid-3.0.STABLE15/src/main.cc ---- squid-3.0.STABLE15.orig/src/main.cc 2009-05-06 11:11:41.000000000 +0000 -+++ squid-3.0.STABLE15/src/main.cc 2009-05-09 09:54:49.000000000 +0000 -@@ -1490,7 +1490,7 @@ - if (*(argv[0]) == '(') - return; - -- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); -+ openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON); - - if ((pid = fork()) < 0) - syslog(LOG_ALERT, "fork failed: %s", xstrerror()); -@@ -1534,7 +1534,7 @@ - - if ((pid = fork()) == 0) { - /* child */ -- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); -+ openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON); - prog = xstrdup(argv[0]); - argv[0] = xstrdup("(squid)"); - execvp(prog, argv); -@@ -1542,7 +1542,7 @@ - } - - /* parent */ -- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); -+ openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON); - - syslog(LOG_NOTICE, "Squid Parent: child process %d started", pid); - -diff -Nru squid-3.0.STABLE15.orig/src/Makefile.am squid-3.0.STABLE15/src/Makefile.am ---- squid-3.0.STABLE15.orig/src/Makefile.am 2009-05-06 11:11:40.000000000 +0000 -+++ squid-3.0.STABLE15/src/Makefile.am 2009-05-09 09:54:49.000000000 +0000 -@@ -991,12 +991,12 @@ - DEFAULT_CONFIG_FILE = $(sysconfdir)/squid.conf - DEFAULT_MIME_TABLE = $(sysconfdir)/mime.conf - DEFAULT_DNSSERVER = $(libexecdir)/`echo dnsserver | sed '$(transform);s/$$/$(EXEEXT)/'` --DEFAULT_LOG_PREFIX = $(localstatedir)/logs -+DEFAULT_LOG_PREFIX = $(localstatedir)/log/squid - DEFAULT_CACHE_LOG = $(DEFAULT_LOG_PREFIX)/cache.log - DEFAULT_ACCESS_LOG = $(DEFAULT_LOG_PREFIX)/access.log - DEFAULT_STORE_LOG = $(DEFAULT_LOG_PREFIX)/store.log --DEFAULT_PID_FILE = $(DEFAULT_LOG_PREFIX)/squid.pid --DEFAULT_SWAP_DIR = $(localstatedir)/cache -+DEFAULT_PID_FILE = $(localstatedir)/run/squid.pid -+DEFAULT_SWAP_DIR = $(localstatedir)/cache/squid - DEFAULT_PINGER = $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'` - DEFAULT_UNLINKD = $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'` - DEFAULT_DISKD = $(libexecdir)/`echo diskd | sed '$(transform);s/$$/$(EXEEXT)/'` diff --git a/net-proxy/squid/files/squid-3.0.15-heimdal.patch b/net-proxy/squid/files/squid-3.0.15-heimdal.patch deleted file mode 100644 index 56a306e06942..000000000000 --- a/net-proxy/squid/files/squid-3.0.15-heimdal.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -Nru squid-3.0.STABLE15.orig/helpers/negotiate_auth/squid_kerb_auth/Makefile.am squid-3.0.STABLE15/helpers/negotiate_auth/squid_kerb_auth/Makefile.am ---- squid-3.0.STABLE15.orig/helpers/negotiate_auth/squid_kerb_auth/Makefile.am 2009-05-06 11:11:33.000000000 +0000 -+++ squid-3.0.STABLE15/helpers/negotiate_auth/squid_kerb_auth/Makefile.am 2009-05-09 10:14:42.000000000 +0000 -@@ -18,10 +18,10 @@ - #-L$(top_builddir)/lib -lmiscutil $(XTRA_LIBS) - - # HEIMDAL --#KERBINC = -DHEIMDAL -I/usr/include/heimdal --#KERBLIBS = -lgssapi -lkrb5 -lcom_err -lasn1 -lroken -+KERBINC = -DHEIMDAL -I/usr/include/heimdal -+KERBLIBS = -lgssapi -lkrb5 -lcom_err -lasn1 -lroken - - # MIT --KERBINC = --KERBLIBS = -lgssapi_krb5 -lkrb5 -lcom_err -+#KERBINC = -+#KERBLIBS = -lgssapi_krb5 -lkrb5 -lcom_err - diff --git a/net-proxy/squid/files/squid-3.0.18-cve-2009-2855.patch b/net-proxy/squid/files/squid-3.0.18-cve-2009-2855.patch new file mode 100644 index 000000000000..c7ac8c5d3c4e --- /dev/null +++ b/net-proxy/squid/files/squid-3.0.18-cve-2009-2855.patch @@ -0,0 +1,37 @@ +diff -Nru squid-3.0.STABLE18.orig/src/HttpHeaderTools.cc squid-3.0.STABLE18/src/HttpHeaderTools.cc +--- squid-3.0.STABLE18.orig/src/HttpHeaderTools.cc 2009-08-04 13:57:48.000000000 +0200 ++++ squid-3.0.STABLE18/src/HttpHeaderTools.cc 2009-08-22 11:43:40.000000000 +0200 +@@ -246,6 +246,10 @@ + strListGetItem(const String * str, char del, const char **item, int *ilen, const char **pos) + { + size_t len; ++ /* ',' is always enabled as field delimiter as this is required for ++ * processing merged header values properly, even if Cookie normally ++ * uses ';' as delimiter. ++ */ + static char delim[3][8] = { + "\"?,", + "\"\\", +@@ -273,19 +277,16 @@ + do { + *pos += strcspn(*pos, delim[quoted]); + +- if (**pos == del) +- break; +- + if (**pos == '"') { + quoted = !quoted; + *pos += 1; +- } +- +- if (quoted && **pos == '\\') { ++ } else if (quoted && **pos == '\\') { + *pos += 1; + + if (**pos) + *pos += 1; ++ } else { ++ break; /* Delimiter found, marking the end of this value */ + } + } while (**pos); + diff --git a/net-proxy/squid/files/squid-3.1.0.13_beta-cve-2009-2855.patch b/net-proxy/squid/files/squid-3.1.0.13_beta-cve-2009-2855.patch new file mode 100644 index 000000000000..5c3818c5e489 --- /dev/null +++ b/net-proxy/squid/files/squid-3.1.0.13_beta-cve-2009-2855.patch @@ -0,0 +1,37 @@ +diff -Nru squid-3.1.0.13.orig/src/HttpHeaderTools.cc squid-3.1.0.13/src/HttpHeaderTools.cc +--- squid-3.1.0.13.orig/src/HttpHeaderTools.cc 2009-08-04 15:32:12.000000000 +0200 ++++ squid-3.1.0.13/src/HttpHeaderTools.cc 2009-08-22 11:59:17.000000000 +0200 +@@ -229,6 +229,10 @@ + strListGetItem(const String * str, char del, const char **item, int *ilen, const char **pos) + { + size_t len; ++ /* ',' is always enabled as field delimiter as this is required for ++ * processing merged header values properly, even if Cookie normally ++ * uses ';' as delimiter. ++ */ + static char delim[3][8] = { + "\"?,", + "\"\\", +@@ -256,19 +260,16 @@ + do { + *pos += strcspn(*pos, delim[quoted]); + +- if (**pos == del) +- break; +- + if (**pos == '"') { + quoted = !quoted; + *pos += 1; +- } +- +- if (quoted && **pos == '\\') { ++ } else if (quoted && **pos == '\\') { + *pos += 1; + + if (**pos) + *pos += 1; ++ } else { ++ break; /* Delimiter found, marking the end of this value */ + } + } while (**pos); + diff --git a/net-proxy/squid/files/squid-3.1.0.13_beta-gentoo.patch b/net-proxy/squid/files/squid-3.1.0.13_beta-gentoo.patch index 42ba74ac35b4..987665b272b8 100644 --- a/net-proxy/squid/files/squid-3.1.0.13_beta-gentoo.patch +++ b/net-proxy/squid/files/squid-3.1.0.13_beta-gentoo.patch @@ -1,6 +1,6 @@ diff -Nru squid-3.1.0.13.orig/acinclude.m4 squid-3.1.0.13/acinclude.m4 --- squid-3.1.0.13.orig/acinclude.m4 2009-08-04 15:32:06.000000000 +0200 -+++ squid-3.1.0.13/acinclude.m4 2009-08-06 21:10:24.000000000 +0200 ++++ squid-3.1.0.13/acinclude.m4 2009-08-22 12:05:53.000000000 +0200 @@ -73,7 +73,7 @@ AC_MSG_CHECKING([whether compiler accepts -fhuge-objects]) AC_CACHE_VAL([ac_cv_test_checkforhugeobjects],[ @@ -11,8 +11,8 @@ diff -Nru squid-3.1.0.13.orig/acinclude.m4 squid-3.1.0.13/acinclude.m4 rm -f conftest.* echo yes diff -Nru squid-3.1.0.13.orig/configure.in squid-3.1.0.13/configure.in ---- squid-3.1.0.13.orig/configure.in 2009-08-06 21:08:31.000000000 +0200 -+++ squid-3.1.0.13/configure.in 2009-08-06 21:10:24.000000000 +0200 +--- squid-3.1.0.13.orig/configure.in 2009-08-22 12:05:19.000000000 +0200 ++++ squid-3.1.0.13/configure.in 2009-08-22 12:05:53.000000000 +0200 @@ -16,9 +16,9 @@ PRESET_LDFLAGS="$LDFLAGS" @@ -45,7 +45,7 @@ diff -Nru squid-3.1.0.13.orig/configure.in squid-3.1.0.13/configure.in SQUID_CXXFLAGS= diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/MSNT/confload.c squid-3.1.0.13/helpers/basic_auth/MSNT/confload.c --- squid-3.1.0.13.orig/helpers/basic_auth/MSNT/confload.c 2009-08-04 15:32:09.000000000 +0200 -+++ squid-3.1.0.13/helpers/basic_auth/MSNT/confload.c 2009-08-06 21:10:24.000000000 +0200 ++++ squid-3.1.0.13/helpers/basic_auth/MSNT/confload.c 2009-08-22 12:05:53.000000000 +0200 @@ -27,7 +27,7 @@ /* Path to configuration file */ @@ -57,7 +57,7 @@ diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/MSNT/confload.c squid-3.1.0.13/ diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/MSNT/msntauth.conf.default squid-3.1.0.13/helpers/basic_auth/MSNT/msntauth.conf.default --- squid-3.1.0.13.orig/helpers/basic_auth/MSNT/msntauth.conf.default 2009-08-04 15:32:09.000000000 +0200 -+++ squid-3.1.0.13/helpers/basic_auth/MSNT/msntauth.conf.default 2009-08-06 21:10:24.000000000 +0200 ++++ squid-3.1.0.13/helpers/basic_auth/MSNT/msntauth.conf.default 2009-08-22 12:05:53.000000000 +0200 @@ -8,6 +8,6 @@ server other_PDC other_BDC otherdomain @@ -69,7 +69,7 @@ diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/MSNT/msntauth.conf.default squi diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/SMB/Makefile.am squid-3.1.0.13/helpers/basic_auth/SMB/Makefile.am --- squid-3.1.0.13.orig/helpers/basic_auth/SMB/Makefile.am 2009-08-04 15:32:09.000000000 +0200 -+++ squid-3.1.0.13/helpers/basic_auth/SMB/Makefile.am 2009-08-06 21:10:24.000000000 +0200 ++++ squid-3.1.0.13/helpers/basic_auth/SMB/Makefile.am 2009-08-22 12:05:53.000000000 +0200 @@ -16,7 +16,7 @@ ## FIXME: autoconf should test for the samba path. @@ -81,7 +81,7 @@ diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/SMB/Makefile.am squid-3.1.0.13/ libexec_SCRIPTS = $(SMB_AUTH_HELPER) diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/SMB/smb_auth.sh squid-3.1.0.13/helpers/basic_auth/SMB/smb_auth.sh --- squid-3.1.0.13.orig/helpers/basic_auth/SMB/smb_auth.sh 2009-08-04 15:32:09.000000000 +0200 -+++ squid-3.1.0.13/helpers/basic_auth/SMB/smb_auth.sh 2009-08-06 21:10:24.000000000 +0200 ++++ squid-3.1.0.13/helpers/basic_auth/SMB/smb_auth.sh 2009-08-22 12:05:53.000000000 +0200 @@ -24,7 +24,7 @@ read AUTHSHARE read AUTHFILE @@ -102,7 +102,7 @@ diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/SMB/smb_auth.sh squid-3.1.0.13/ diff -Nru squid-3.1.0.13.orig/helpers/external_acl/session/squid_session.8 squid-3.1.0.13/helpers/external_acl/session/squid_session.8 --- squid-3.1.0.13.orig/helpers/external_acl/session/squid_session.8 2009-08-04 15:32:09.000000000 +0200 -+++ squid-3.1.0.13/helpers/external_acl/session/squid_session.8 2009-08-06 21:10:24.000000000 +0200 ++++ squid-3.1.0.13/helpers/external_acl/session/squid_session.8 2009-08-22 12:05:53.000000000 +0200 @@ -35,7 +35,7 @@ .P Configuration example using the default automatic mode @@ -114,7 +114,7 @@ diff -Nru squid-3.1.0.13.orig/helpers/external_acl/session/squid_session.8 squid .IP diff -Nru squid-3.1.0.13.orig/helpers/external_acl/unix_group/squid_unix_group.8 squid-3.1.0.13/helpers/external_acl/unix_group/squid_unix_group.8 --- squid-3.1.0.13.orig/helpers/external_acl/unix_group/squid_unix_group.8 2009-08-04 15:32:10.000000000 +0200 -+++ squid-3.1.0.13/helpers/external_acl/unix_group/squid_unix_group.8 2009-08-06 21:10:24.000000000 +0200 ++++ squid-3.1.0.13/helpers/external_acl/unix_group/squid_unix_group.8 2009-08-22 12:05:53.000000000 +0200 @@ -27,7 +27,7 @@ This squid.conf example defines two Squid acls. usergroup1 matches users in group1, and usergroup2 matches users in group2 or group3 @@ -126,7 +126,7 @@ diff -Nru squid-3.1.0.13.orig/helpers/external_acl/unix_group/squid_unix_group.8 .IP diff -Nru squid-3.1.0.13.orig/helpers/negotiate_auth/squid_kerb_auth/configure.in squid-3.1.0.13/helpers/negotiate_auth/squid_kerb_auth/configure.in --- squid-3.1.0.13.orig/helpers/negotiate_auth/squid_kerb_auth/configure.in 2009-08-04 15:32:10.000000000 +0200 -+++ squid-3.1.0.13/helpers/negotiate_auth/squid_kerb_auth/configure.in 2009-08-06 21:10:24.000000000 +0200 ++++ squid-3.1.0.13/helpers/negotiate_auth/squid_kerb_auth/configure.in 2009-08-22 12:05:53.000000000 +0200 @@ -17,6 +17,7 @@ AC_INIT([squid_kerb_auth],[1.0.5],[markus_moeller@compuserve.com]) @@ -146,7 +146,7 @@ diff -Nru squid-3.1.0.13.orig/helpers/negotiate_auth/squid_kerb_auth/configure.i { diff -Nru squid-3.1.0.13.orig/lib/libTrie/acinclude.m4 squid-3.1.0.13/lib/libTrie/acinclude.m4 --- squid-3.1.0.13.orig/lib/libTrie/acinclude.m4 2009-08-04 15:32:11.000000000 +0200 -+++ squid-3.1.0.13/lib/libTrie/acinclude.m4 2009-08-06 21:10:24.000000000 +0200 ++++ squid-3.1.0.13/lib/libTrie/acinclude.m4 2009-08-22 12:05:53.000000000 +0200 @@ -9,7 +9,7 @@ AC_MSG_CHECKING([whether compiler accepts -fhuge-objects]) AC_CACHE_VAL([ac_cv_test_checkforhugeobjects],[ @@ -158,7 +158,7 @@ diff -Nru squid-3.1.0.13.orig/lib/libTrie/acinclude.m4 squid-3.1.0.13/lib/libTri echo yes diff -Nru squid-3.1.0.13.orig/lib/libTrie/configure.in squid-3.1.0.13/lib/libTrie/configure.in --- squid-3.1.0.13.orig/lib/libTrie/configure.in 2009-08-04 15:32:11.000000000 +0200 -+++ squid-3.1.0.13/lib/libTrie/configure.in 2009-08-06 21:10:24.000000000 +0200 ++++ squid-3.1.0.13/lib/libTrie/configure.in 2009-08-22 12:05:53.000000000 +0200 @@ -59,8 +59,8 @@ dnl set useful flags @@ -172,27 +172,16 @@ diff -Nru squid-3.1.0.13.orig/lib/libTrie/configure.in squid-3.1.0.13/lib/libTri TRIE_CXXFLAGS= diff -Nru squid-3.1.0.13.orig/src/cf.data.pre squid-3.1.0.13/src/cf.data.pre --- squid-3.1.0.13.orig/src/cf.data.pre 2009-08-04 15:32:16.000000000 +0200 -+++ squid-3.1.0.13/src/cf.data.pre 2009-08-06 21:10:24.000000000 +0200 -@@ -708,6 +708,8 @@ ++++ squid-3.1.0.13/src/cf.data.pre 2009-08-22 12:06:21.000000000 +0200 +@@ -708,6 +708,7 @@ acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http +acl Safe_ports port 901 # SWAT -+acl purge method PURGE acl CONNECT method CONNECT NOCOMMENT_END DOC_END -@@ -833,6 +835,9 @@ - # Only allow cachemgr access from localhost - http_access allow manager localhost - http_access deny manager -+# Only allow purge requests from localhost -+http_access allow purge localhost -+http_access deny purge - # Deny requests to unknown ports - http_access deny !Safe_ports - # Deny CONNECT to other than SSL ports -@@ -851,6 +856,9 @@ +@@ -851,6 +852,9 @@ http_access allow localnet http_access allow localhost @@ -202,7 +191,7 @@ diff -Nru squid-3.1.0.13.orig/src/cf.data.pre squid-3.1.0.13/src/cf.data.pre # And finally deny all other access to this proxy http_access deny all NOCOMMENT_END -@@ -3942,11 +3950,11 @@ +@@ -3942,11 +3946,11 @@ NAME: cache_mgr TYPE: string @@ -216,7 +205,7 @@ diff -Nru squid-3.1.0.13.orig/src/cf.data.pre squid-3.1.0.13/src/cf.data.pre DOC_END NAME: mail_from -@@ -6243,7 +6251,7 @@ +@@ -6243,7 +6247,7 @@ NAME: forwarded_for COMMENT: on|off|transparent|truncate|delete TYPE: string @@ -227,7 +216,7 @@ diff -Nru squid-3.1.0.13.orig/src/cf.data.pre squid-3.1.0.13/src/cf.data.pre If set to "on", Squid will append your client's IP address diff -Nru squid-3.1.0.13.orig/src/debug.cc squid-3.1.0.13/src/debug.cc --- squid-3.1.0.13.orig/src/debug.cc 2009-08-04 15:32:16.000000000 +0200 -+++ squid-3.1.0.13/src/debug.cc 2009-08-06 21:10:24.000000000 +0200 ++++ squid-3.1.0.13/src/debug.cc 2009-08-22 12:05:53.000000000 +0200 @@ -452,7 +452,7 @@ #if HAVE_SYSLOG && defined(LOG_LOCAL4) @@ -239,7 +228,7 @@ diff -Nru squid-3.1.0.13.orig/src/debug.cc squid-3.1.0.13/src/debug.cc diff -Nru squid-3.1.0.13.orig/src/main.cc squid-3.1.0.13/src/main.cc --- squid-3.1.0.13.orig/src/main.cc 2009-08-04 15:32:17.000000000 +0200 -+++ squid-3.1.0.13/src/main.cc 2009-08-06 21:10:24.000000000 +0200 ++++ squid-3.1.0.13/src/main.cc 2009-08-22 12:05:53.000000000 +0200 @@ -1533,7 +1533,7 @@ if (*(argv[0]) == '(') return; @@ -269,7 +258,7 @@ diff -Nru squid-3.1.0.13.orig/src/main.cc squid-3.1.0.13/src/main.cc diff -Nru squid-3.1.0.13.orig/src/Makefile.am squid-3.1.0.13/src/Makefile.am --- squid-3.1.0.13.orig/src/Makefile.am 2009-08-04 15:32:13.000000000 +0200 -+++ squid-3.1.0.13/src/Makefile.am 2009-08-06 21:10:24.000000000 +0200 ++++ squid-3.1.0.13/src/Makefile.am 2009-08-22 12:05:53.000000000 +0200 @@ -636,7 +636,6 @@ sysconf_DATA = \ diff --git a/net-proxy/squid/files/squid-3.1.0.13_beta-qafixes.patch b/net-proxy/squid/files/squid-3.1.0.13_beta-qafixes.patch index 510c490f21f8..12f9144018aa 100644 --- a/net-proxy/squid/files/squid-3.1.0.13_beta-qafixes.patch +++ b/net-proxy/squid/files/squid-3.1.0.13_beta-qafixes.patch @@ -41,3 +41,42 @@ diff -Nru squid-3.1.0.13.orig/src/ftp.cc squid-3.1.0.13/src/ftp.cc if (escaped) rfc1738_unescape(user); } +diff -Nru squid-3.1.0.13.orig/helpers/negotiate_auth/squid_kerb_auth/configure.in squid-3.1.0.13/helpers/negotiate_auth/squid_kerb_auth/configure.in +--- squid-3.1.0.13.orig/helpers/negotiate_auth/squid_kerb_auth/configure.in 2009-08-19 19:00:43.000000000 +0200 ++++ squid-3.1.0.13/helpers/negotiate_auth/squid_kerb_auth/configure.in 2009-08-22 12:53:13.000000000 +0200 +@@ -94,7 +94,7 @@ + else + ac_gssapi_libs=`krb5-config --libs gssapi 2>/dev/null` + if test "x$ac_gssapi_libs" != "x" ; then +- LDFLAGS="$LDFLAGS $ac_gssapi_libs" ++ LIBS="$LIBS $ac_gssapi_libs" + else + for lib in $ac_gss_libs; do + AC_CHECK_LIB($lib,main) +@@ -118,7 +118,7 @@ + fi + ac_gssapi_libs=`krb5-config --libs gssapi 2>/dev/null` + if test "x$ac_gssapi_libs" != "x" ; then +- LDFLAGS="$LDFLAGS $ac_gssapi_libs" ++ LIBS="$LIBS $ac_gssapi_libs" + else + for lib in $ac_gss_libs; do + AC_CHECK_LIB($lib,main) +@@ -172,7 +172,7 @@ + ac_libdir=`echo $ac_gssapi_libs | sed -e 's/.*-L//' | sed -e 's/ .*//'` + LDFLAGS="$LDFLAGS $w_flag$ac_libdir$w_flag_2" + fi +- LDFLAGS="$LDFLAGS $ac_gssapi_libs" ++ LIBS="$LIBS $ac_gssapi_libs" + else + for lib in $ac_gss_libs; do + AC_CHECK_LIB($lib,main) +@@ -201,7 +201,7 @@ + ac_libdir=`echo $ac_gssapi_libs | sed -e 's/.*-L//' | sed -e 's/ .*//'` + LDFLAGS="$LDFLAGS $w_flag$ac_libdir$w_flag_2" + fi +- LDFLAGS="$LDFLAGS $ac_gssapi_libs" ++ LIBS="$LIBS $ac_gssapi_libs" + else + for lib in $ac_gss_libs; do + AC_CHECK_LIB($lib,main) diff --git a/net-proxy/squid/files/squid-3.1.0.9_beta-gentoo.patch b/net-proxy/squid/files/squid-3.1.0.9_beta-gentoo.patch deleted file mode 100644 index 9307b26a4cbc..000000000000 --- a/net-proxy/squid/files/squid-3.1.0.9_beta-gentoo.patch +++ /dev/null @@ -1,309 +0,0 @@ -diff -Nru squid-3.1.0.9.orig/acinclude.m4 squid-3.1.0.9/acinclude.m4 ---- squid-3.1.0.9.orig/acinclude.m4 2009-06-26 12:35:27.000000000 +0200 -+++ squid-3.1.0.9/acinclude.m4 2009-07-14 07:49:12.000000000 +0200 -@@ -73,7 +73,7 @@ - AC_MSG_CHECKING([whether compiler accepts -fhuge-objects]) - AC_CACHE_VAL([ac_cv_test_checkforhugeobjects],[ - ac_cv_test_checkforhugeobjects=`echo "int foo;" > conftest.cc --${CXX} -Werror -fhuge-objects -c conftest.cc 2>/dev/null -+${CXX} -fhuge-objects -c conftest.cc 2>/dev/null - res=$? - rm -f conftest.* - echo yes -diff -Nru squid-3.1.0.9.orig/configure.in squid-3.1.0.9/configure.in ---- squid-3.1.0.9.orig/configure.in 2009-07-14 07:47:57.000000000 +0200 -+++ squid-3.1.0.9/configure.in 2009-07-14 07:51:03.000000000 +0200 -@@ -16,9 +16,9 @@ - PRESET_LDFLAGS="$LDFLAGS" - - dnl Set default LDFLAGS --if test -z "$LDFLAGS"; then -- LDFLAGS="-g" --fi -+dnl if test -z "$LDFLAGS"; then -+dnl LDFLAGS="-g" -+dnl fi - - dnl Check for GNU cc - AC_PROG_CC -@@ -259,13 +259,13 @@ - dnl TODO: check if the problem will be present in any other newer MinGW release. - case "$host_os" in - mingw|mingw32) -- SQUID_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wcomments" -+ SQUID_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings" - ;; - *) -- SQUID_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments" -+ SQUID_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations" - ;; - esac -- SQUID_CXXFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments" -+ SQUID_CXXFLAGS="-Wall -Wpointer-arith -Wwrite-strings" - else - SQUID_CFLAGS= - SQUID_CXXFLAGS= -diff -Nru squid-3.1.0.9.orig/helpers/basic_auth/MSNT/confload.c squid-3.1.0.9/helpers/basic_auth/MSNT/confload.c ---- squid-3.1.0.9.orig/helpers/basic_auth/MSNT/confload.c 2009-06-26 12:35:29.000000000 +0200 -+++ squid-3.1.0.9/helpers/basic_auth/MSNT/confload.c 2009-07-14 07:49:12.000000000 +0200 -@@ -27,7 +27,7 @@ - - /* Path to configuration file */ - #ifndef SYSCONFDIR --#define SYSCONFDIR "/usr/local/squid/etc" -+#define SYSCONFDIR "/etc/squid" - #endif - #define CONFIGFILE SYSCONFDIR "/msntauth.conf" - -diff -Nru squid-3.1.0.9.orig/helpers/basic_auth/MSNT/msntauth.conf.default squid-3.1.0.9/helpers/basic_auth/MSNT/msntauth.conf.default ---- squid-3.1.0.9.orig/helpers/basic_auth/MSNT/msntauth.conf.default 2009-06-26 12:35:29.000000000 +0200 -+++ squid-3.1.0.9/helpers/basic_auth/MSNT/msntauth.conf.default 2009-07-14 07:49:12.000000000 +0200 -@@ -8,6 +8,6 @@ - server other_PDC other_BDC otherdomain - - # Denied and allowed users. Comment these if not needed. --#denyusers /usr/local/squid/etc/msntauth.denyusers --#allowusers /usr/local/squid/etc/msntauth.allowusers -+#denyusers /etc/squid/msntauth.denyusers -+#allowusers /etc/squid/msntauth.allowusers - -diff -Nru squid-3.1.0.9.orig/helpers/basic_auth/SMB/Makefile.am squid-3.1.0.9/helpers/basic_auth/SMB/Makefile.am ---- squid-3.1.0.9.orig/helpers/basic_auth/SMB/Makefile.am 2009-06-26 12:35:30.000000000 +0200 -+++ squid-3.1.0.9/helpers/basic_auth/SMB/Makefile.am 2009-07-14 07:49:12.000000000 +0200 -@@ -16,7 +16,7 @@ - ## FIXME: autoconf should test for the samba path. - - SMB_AUTH_HELPER = smb_auth.sh --SAMBAPREFIX=/usr/local/samba -+SAMBAPREFIX=/usr - SMB_AUTH_HELPER_PATH = $(libexecdir)/$(SMB_AUTH_HELPER) - - libexec_SCRIPTS = $(SMB_AUTH_HELPER) -diff -Nru squid-3.1.0.9.orig/helpers/basic_auth/SMB/smb_auth.sh squid-3.1.0.9/helpers/basic_auth/SMB/smb_auth.sh ---- squid-3.1.0.9.orig/helpers/basic_auth/SMB/smb_auth.sh 2009-06-26 12:35:30.000000000 +0200 -+++ squid-3.1.0.9/helpers/basic_auth/SMB/smb_auth.sh 2009-07-14 07:49:12.000000000 +0200 -@@ -24,7 +24,7 @@ - read AUTHSHARE - read AUTHFILE - read SMBUSER --read SMBPASS -+read -r SMBPASS - - # Find domain controller - echo "Domain name: $DOMAINNAME" -@@ -47,7 +47,7 @@ - addropt="" - fi - echo "Query address options: $addropt" --dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'` -+dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'` - echo "Domain controller IP address: $dcip" - [ -n "$dcip" ] || exit 1 - -diff -Nru squid-3.1.0.9.orig/helpers/external_acl/session/squid_session.8 squid-3.1.0.9/helpers/external_acl/session/squid_session.8 ---- squid-3.1.0.9.orig/helpers/external_acl/session/squid_session.8 2009-06-26 12:35:31.000000000 +0200 -+++ squid-3.1.0.9/helpers/external_acl/session/squid_session.8 2009-07-14 07:49:12.000000000 +0200 -@@ -35,7 +35,7 @@ - .P - Configuration example using the default automatic mode - .IP --external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/local/squid/libexec/squid_session -+external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/libexec/squid/squid_session - .IP - acl session external session - .IP -diff -Nru squid-3.1.0.9.orig/helpers/external_acl/unix_group/squid_unix_group.8 squid-3.1.0.9/helpers/external_acl/unix_group/squid_unix_group.8 ---- squid-3.1.0.9.orig/helpers/external_acl/unix_group/squid_unix_group.8 2009-06-26 12:35:31.000000000 +0200 -+++ squid-3.1.0.9/helpers/external_acl/unix_group/squid_unix_group.8 2009-07-14 07:49:12.000000000 +0200 -@@ -27,7 +27,7 @@ - This squid.conf example defines two Squid acls. usergroup1 matches users in group1, and usergroup2 - matches users in group2 or group3 - .IP --external_acl_type unix_group %LOGIN /usr/local/squid/libexec/squid_unix_group -p -+external_acl_type unix_group %LOGIN /usr/libexec/squid/squid_unix_group -p - .IP - acl usergroup1 external unix_group group1 - .IP -diff -Nru squid-3.1.0.9.orig/helpers/negotiate_auth/squid_kerb_auth/configure.in squid-3.1.0.9/helpers/negotiate_auth/squid_kerb_auth/configure.in ---- squid-3.1.0.9.orig/helpers/negotiate_auth/squid_kerb_auth/configure.in 2009-06-26 12:35:31.000000000 +0200 -+++ squid-3.1.0.9/helpers/negotiate_auth/squid_kerb_auth/configure.in 2009-07-14 07:49:12.000000000 +0200 -@@ -17,6 +17,7 @@ - - AC_INIT([squid_kerb_auth],[1.0.5],[markus_moeller@compuserve.com]) - AM_INIT_AUTOMAKE(squid_kerb_auth,1.0.5) -+AM_MAINTAINER_MODE - AC_CONFIG_SRCDIR([squid_kerb_auth.c]) - - AC_PROG_CC -@@ -531,7 +532,7 @@ - dnl set variable for use in automakefile(s) - AM_CONDITIONAL(HAVE_SPNEGO, test x"$ac_cv_have_spnego" = x"yes" ) - --MY_CFLAGS="-Wall -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wshadow" -+MY_CFLAGS="-Wall -Wextra -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wshadow" - for ac_cv_my_cflag in $MY_CFLAGS; do - echo "int main() - { -diff -Nru squid-3.1.0.9.orig/lib/libTrie/acinclude.m4 squid-3.1.0.9/lib/libTrie/acinclude.m4 ---- squid-3.1.0.9.orig/lib/libTrie/acinclude.m4 2009-06-26 12:35:32.000000000 +0200 -+++ squid-3.1.0.9/lib/libTrie/acinclude.m4 2009-07-14 07:49:12.000000000 +0200 -@@ -9,7 +9,7 @@ - AC_MSG_CHECKING([whether compiler accepts -fhuge-objects]) - AC_CACHE_VAL([ac_cv_test_checkforhugeobjects],[ - ac_cv_test_checkforhugeobjects=`echo "int foo;" > conftest.cc --${CXX} -Werror -fhuge-objects -c conftest.cc 2>/dev/null -+${CXX} -fhuge-objects -c conftest.cc 2>/dev/null - res=$? - rm -f conftest.* - echo yes -diff -Nru squid-3.1.0.9.orig/lib/libTrie/configure.in squid-3.1.0.9/lib/libTrie/configure.in ---- squid-3.1.0.9.orig/lib/libTrie/configure.in 2009-06-26 12:35:32.000000000 +0200 -+++ squid-3.1.0.9/lib/libTrie/configure.in 2009-07-14 07:49:12.000000000 +0200 -@@ -59,8 +59,8 @@ - - dnl set useful flags - if test "$GCC" = "yes"; then -- TRIE_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments" -- TRIE_CXXFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments" -+ TRIE_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations" -+ TRIE_CXXFLAGS="-Wall -Wpointer-arith -Wwrite-strings" - else - TRIE_CFLAGS= - TRIE_CXXFLAGS= -diff -Nru squid-3.1.0.9.orig/src/cf.data.pre squid-3.1.0.9/src/cf.data.pre ---- squid-3.1.0.9.orig/src/cf.data.pre 2009-06-26 12:35:37.000000000 +0200 -+++ squid-3.1.0.9/src/cf.data.pre 2009-07-14 07:49:12.000000000 +0200 -@@ -685,6 +685,8 @@ - acl Safe_ports port 488 # gss-http - acl Safe_ports port 591 # filemaker - acl Safe_ports port 777 # multiling http -+acl Safe_ports port 901 # SWAT -+acl purge method PURGE - acl CONNECT method CONNECT - NOCOMMENT_END - DOC_END -@@ -804,6 +806,9 @@ - # Only allow cachemgr access from localhost - http_access allow manager localhost - http_access deny manager -+# Only allow purge requests from localhost -+http_access allow purge localhost -+http_access deny purge - # Deny requests to unknown ports - http_access deny !Safe_ports - # Deny CONNECT to other than SSL ports -@@ -821,6 +826,9 @@ - # from where browsing should be allowed - http_access allow localnet - -+# Allow the localhost to have access by default -+http_access allow localhost -+ - # And finally deny all other access to this proxy - http_access deny all - NOCOMMENT_END -@@ -3690,11 +3698,11 @@ - - NAME: cache_mgr - TYPE: string --DEFAULT: webmaster -+DEFAULT: root - LOC: Config.adminEmail - DOC_START - Email-address of local cache manager who will receive -- mail if the cache dies. The default is "webmaster." -+ mail if the cache dies. The default is "root". - DOC_END - - NAME: mail_from -@@ -5812,7 +5820,7 @@ - NAME: forwarded_for - COMMENT: on|off|transparent|truncate|delete - TYPE: string --DEFAULT: on -+DEFAULT: delete - LOC: opt_forwarded_for - DOC_START - If set to "on", Squid will append your client's IP address -diff -Nru squid-3.1.0.9.orig/src/debug.cc squid-3.1.0.9/src/debug.cc ---- squid-3.1.0.9.orig/src/debug.cc 2009-06-26 12:35:38.000000000 +0200 -+++ squid-3.1.0.9/src/debug.cc 2009-07-14 07:51:54.000000000 +0200 -@@ -452,7 +452,7 @@ - #if HAVE_SYSLOG && defined(LOG_LOCAL4) - - if (Debug::log_syslog) -- openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, syslog_facility); -+ openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, syslog_facility); - - #endif /* HAVE_SYSLOG */ - -diff -Nru squid-3.1.0.9.orig/src/main.cc squid-3.1.0.9/src/main.cc ---- squid-3.1.0.9.orig/src/main.cc 2009-06-26 12:35:39.000000000 +0200 -+++ squid-3.1.0.9/src/main.cc 2009-07-14 07:49:12.000000000 +0200 -@@ -1511,7 +1511,7 @@ - if (*(argv[0]) == '(') - return; - -- openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); -+ openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, LOG_DAEMON); - - if ((pid = fork()) < 0) - syslog(LOG_ALERT, "fork failed: %s", xstrerror()); -@@ -1555,7 +1555,7 @@ - - if ((pid = fork()) == 0) { - /* child */ -- openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); -+ openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, LOG_DAEMON); - prog = xstrdup(argv[0]); - argv[0] = xstrdup("(squid)"); - execvp(prog, argv); -@@ -1563,7 +1563,7 @@ - } - - /* parent */ -- openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); -+ openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, LOG_DAEMON); - - syslog(LOG_NOTICE, "Squid Parent: child process %d started", pid); - -diff -Nru squid-3.1.0.9.orig/src/Makefile.am squid-3.1.0.9/src/Makefile.am ---- squid-3.1.0.9.orig/src/Makefile.am 2009-06-26 12:35:33.000000000 +0200 -+++ squid-3.1.0.9/src/Makefile.am 2009-07-14 07:49:12.000000000 +0200 -@@ -629,7 +629,6 @@ - - sysconf_DATA = \ - squid.conf.default \ -- squid.conf.documented \ - mime.conf.default - - data_DATA = \ -@@ -704,8 +703,8 @@ - DEFAULT_ACCESS_LOG = $(DEFAULT_LOG_PREFIX)/access.log - DEFAULT_STORE_LOG = $(DEFAULT_LOG_PREFIX)/store.log - DEFAULT_PID_FILE = @DEFAULT_PIDFILE@ --DEFAULT_NETDB_FILE = $(DEFAULT_LOG_PREFIX)/netdb.state --DEFAULT_SWAP_DIR = $(localstatedir)/cache -+DEFAULT_NETDB_FILE = $(localstatedir)/run/netdb.state -+DEFAULT_SWAP_DIR = $(localstatedir)/cache/squid - DEFAULT_PINGER = $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'` - DEFAULT_UNLINKD = $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'` - DEFAULT_DISKD = $(libexecdir)/`echo diskd | sed '$(transform);s/$$/$(EXEEXT)/'` -@@ -739,7 +738,7 @@ - true - - squid.conf.default: squid.conf.documented -- $(EGREP) -v "^[#\ ]" squid.conf.documented | $(EGREP) . >squid.conf.default -+ cp squid.conf.documented squid.conf.default - - cf_parser.h: cf.data cf_gen$(EXEEXT) - ./cf_gen cf.data $(srcdir)/cf.data.depend -@@ -793,8 +792,6 @@ - fi - echo "$(INSTALL_DATA) squid.conf.default $(DESTDIR)$(DEFAULT_CONFIG_FILE).default"; \ - $(INSTALL_DATA) squid.conf.default $(DESTDIR)$(DEFAULT_CONFIG_FILE).default; \ -- echo "$(INSTALL_DATA) squid.conf.documented $(DESTDIR)$(DEFAULT_CONFIG_FILE).documented"; \ -- $(INSTALL_DATA) squid.conf.documented $(DESTDIR)$(DEFAULT_CONFIG_FILE).documented; \ - $(mkinstalldirs) $(DESTDIR)$(DEFAULT_LOG_PREFIX) - - uninstall-local: diff --git a/net-proxy/squid/files/squid-3.1.0.9_beta-invconv.patch b/net-proxy/squid/files/squid-3.1.0.9_beta-invconv.patch deleted file mode 100644 index 7d487c73afc6..000000000000 --- a/net-proxy/squid/files/squid-3.1.0.9_beta-invconv.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff -Nru squid-3.1.0.9.orig/src/ftp.cc squid-3.1.0.9/src/ftp.cc ---- squid-3.1.0.9.orig/src/ftp.cc 2009-06-26 12:35:38.000000000 +0200 -+++ squid-3.1.0.9/src/ftp.cc 2009-07-14 08:12:44.000000000 +0200 -@@ -526,16 +526,18 @@ - void - FtpStateData::loginParser(const char *login, int escaped) - { -- char *s = NULL; -+ const char *s = NULL; - debugs(9, 4, HERE << ": login='" << login << "', escaped=" << escaped); - debugs(9, 9, HERE << ": IN : login='" << login << "', escaped=" << escaped << ", user=" << user << ", password=" << password); - - if ((s = strchr(login, ':'))) { -- *s = '\0'; -- - /* if there was a username part */ - if (s > login) { -- xstrncpy(user, login, MAX_URL); -+ int len = s - login; -+ if (len > MAX_URL) -+ len = MAX_URL; -+ xstrncpy(user, login, len); -+ user[len] = '\0'; - if (escaped) - rfc1738_unescape(user); - } diff --git a/net-proxy/squid/squid-3.1.0.9_beta.ebuild b/net-proxy/squid/squid-2.7.6-r2.ebuild index 0752e4b30fb1..e6e8fa20249d 100644 --- a/net-proxy/squid/squid-3.1.0.9_beta.ebuild +++ b/net-proxy/squid/squid-2.7.6-r2.ebuild @@ -1,27 +1,32 @@ # Copyright 1999-2009 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-3.1.0.9_beta.ebuild,v 1.2 2009/07/23 06:57:45 mrness Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-2.7.6-r2.ebuild,v 1.1 2009/08/22 12:57:20 mrness Exp $ EAPI="2" -inherit eutils pam toolchain-funcs +inherit eutils pam toolchain-funcs autotools -RESTRICT="test" # check if test works in next bump +#lame archive versioning scheme.. +S_PMV="${PV%%.*}" +S_PV="${PV%.*}" +S_PL="${PV##*.}" +S_PL="${S_PL/_rc/-RC}" +S_PP="${PN}-${S_PV}.STABLE${S_PL}" DESCRIPTION="A full-featured web proxy cache" HOMEPAGE="http://www.squid-cache.org/" -SRC_URI="http://www.squid-cache.org/Versions/v3/3.1/${P/_beta}.tar.gz" +SRC_URI="http://www.squid-cache.org/Versions/v${S_PMV}/${S_PV}/${S_PP}.tar.gz" LICENSE="GPL-2" SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" -IUSE="caps ipv6 pam ldap samba sasl kerberos nis radius ssl snmp selinux icap-client logrotate \ +IUSE="caps pam ldap samba sasl kerberos nis ssl snmp selinux logrotate \ mysql postgres sqlite \ zero-penalty-hit \ pf-transparent ipf-transparent kqueue \ - elibc_uclibc kernel_linux epoll" + elibc_uclibc kernel_linux +epoll" -COMMON_DEPEND="caps? ( >=sys-libs/libcap-2.16 ) +DEPEND="caps? ( >=sys-libs/libcap-2.16 ) pam? ( virtual/pam ) ldap? ( net-nds/openldap ) kerberos? ( || ( app-crypt/mit-krb5 app-crypt/heimdal ) ) @@ -31,50 +36,39 @@ COMMON_DEPEND="caps? ( >=sys-libs/libcap-2.16 ) !x86-fbsd? ( logrotate? ( app-admin/logrotate ) ) >=sys-libs/db-4 dev-lang/perl" -DEPEND="${COMMON_DEPEND} - sys-devel/automake - sys-devel/autoconf - sys-devel/libtool" -RDEPEND="${COMMON_DEPEND} +RDEPEND="${DEPEND} samba? ( net-fs/samba ) mysql? ( dev-perl/DBD-mysql ) postgres? ( dev-perl/DBD-Pg ) sqlite? ( dev-perl/DBD-SQLite )" -S="${WORKDIR}/${P/_beta}" +S="${WORKDIR}/${S_PP}" pkg_setup() { - if grep -qs '^[[:space:]]*cache_dir[[:space:]]\+coss' "${ROOT}"etc/squid/squid.conf; then - eerror "coss store IO has been disabled by upstream due to stability issues!" - eerror "If you want to install this version, switch the store type to something else" - eerror "before attempting to install this version again." - - die "/etc/squid/squid.conf: cache_dir use a disabled store type" + if use zero-penalty-hit; then + ewarn "This version supports natively IP TOS/Priority mangling," + ewarn "but it does not support zph_preserve_miss_tos." + ewarn "If you need that, please use >=${CATEGORY}/${PN}-3 ." fi - enewgroup squid 31 enewuser squid 31 -1 /var/cache/squid squid } src_prepare() { - epatch "${FILESDIR}"/${PN}-3-capability.patch + epatch "${FILESDIR}"/${PN}-2-capability.patch + epatch "${FILESDIR}"/${P}-cve-2009-2855.patch epatch "${FILESDIR}"/${P}-gentoo.patch - epatch "${FILESDIR}"/${P}-invconv.patch - - # eautoreconf breaks lib/libLtdl/libtool script - ./bootstrap.sh || die "autoreconf failed" + has_version app-crypt/mit-krb5 || epatch "${FILESDIR}"/${P}-heimdal.patch + eautoreconf } src_configure() { - local myconf="" - local basic_modules="getpwnam,NCSA,MSNT" use samba && basic_modules="SMB,multi-domain-NTLM,${basic_modules}" use ldap && basic_modules="LDAP,${basic_modules}" use pam && basic_modules="PAM,${basic_modules}" use sasl && basic_modules="SASL,${basic_modules}" use nis && ! use elibc_uclibc && basic_modules="YP,${basic_modules}" - use radius && basic_modules="squid_radius_auth,${basic_modules}" if use mysql || use postgres || use sqlite ; then basic_modules="DB,${basic_modules}" fi @@ -84,19 +78,21 @@ src_configure() { use ldap && ext_helpers="ldap_group,${ext_helpers}" local ntlm_helpers="fakeauth" - use samba && ntlm_helpers="smb_lm,${ntlm_helpers}" + use samba && ntlm_helpers="SMB,${ntlm_helpers}" local negotiate_helpers= - if use kerberos; then - negotiate_helpers="squid_kerb_auth" - has_version app-crypt/mit-krb5 \ - && myconf="--enable-mit --disable-heimdal" \ - || myconf="--disable-mit --enable-heimdal" - fi + use kerberos && local negotiate_helpers="squid_kerb_auth" - # coss support has been disabled - # If it is re-enabled again, make sure you don't enable it for elibc_uclibc (#61175) - myconf="${myconf} --enable-storeio=ufs,diskd,aufs" + local myconf="" + + # Support for uclibc #61175 + if use elibc_uclibc; then + myconf="${myconf} --enable-storeio=ufs,diskd,aufs,null" + myconf="${myconf} --disable-async-io" + else + myconf="${myconf} --enable-storeio=ufs,diskd,coss,aufs,null" + myconf="${myconf} --enable-async-io" + fi if use kernel_linux; then myconf="${myconf} --enable-linux-netfilter @@ -117,33 +113,33 @@ src_configure() { --libexecdir=/usr/libexec/squid \ --localstatedir=/var \ --datadir=/usr/share/squid \ - --with-logdir=/var/log/squid \ - --with-default-user=squid \ - --enable-auth="basic,digest,negotiate,ntlm" \ + --enable-auth="basic,digest,ntlm,negotiate" \ --enable-removal-policies="lru,heap" \ --enable-digest-auth-helpers="password" \ --enable-basic-auth-helpers="${basic_modules}" \ --enable-external-acl-helpers="${ext_helpers}" \ --enable-ntlm-auth-helpers="${ntlm_helpers}" \ --enable-negotiate-auth-helpers="${negotiate_helpers}" \ + --enable-ident-lookups \ --enable-useragent-log \ --enable-cache-digests \ --enable-delay-pools \ --enable-referer-log \ --enable-arp-acl \ + --with-pthreads \ --with-large-files \ - --with-filedescriptors=8192 \ + --enable-htcp \ + --enable-carp \ + --enable-follow-x-forwarded-for \ + --with-maxfd=8192 \ $(use_enable caps) \ - $(use_enable ipv6) \ $(use_enable snmp) \ $(use_enable ssl) \ - $(use_enable icap-client) \ - $(use_enable zero-penalty-hit zph-qos) \ ${myconf} || die "econf failed" } src_install() { - emake DESTDIR="${D}" install || die "emake install failed" + make DESTDIR="${D}" install || die "make install failed" # need suid root for looking into /etc/shadow fowners root:squid /usr/libexec/squid/ncsa_auth @@ -191,9 +187,4 @@ pkg_postinst() { echo ewarn "Squid can be configured to run in transparent mode like this:" ewarn " ${HILITE}http_port internal-addr:3128 transparent${NORMAL}" - if use zero-penalty-hit; then - echo - ewarn "In order for zph_preserve_miss_tos to work, you will have to alter your kernel" - ewarn "with the patch that can be found on http://zph.bratcheda.org site." - fi } diff --git a/net-proxy/squid/squid-3.0.15.ebuild b/net-proxy/squid/squid-3.0.18-r1.ebuild index 6b82995acf16..77d1b9e2e8d5 100644 --- a/net-proxy/squid/squid-3.0.15.ebuild +++ b/net-proxy/squid/squid-3.0.18-r1.ebuild @@ -1,10 +1,10 @@ # Copyright 1999-2009 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-3.0.15.ebuild,v 1.8 2009/07/05 19:49:49 maekke Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-3.0.18-r1.ebuild,v 1.1 2009/08/22 12:57:20 mrness Exp $ EAPI="2" -inherit eutils pam toolchain-funcs autotools linux-info +inherit eutils pam toolchain-funcs autotools # lame archive versioning scheme.. S_PMV="${PV%%.*}" @@ -16,17 +16,16 @@ RESTRICT="test" # check if test works in next bump DESCRIPTION="A full-featured web proxy cache" HOMEPAGE="http://www.squid-cache.org/" -SRC_URI="http://www.squid-cache.org/Versions/v${S_PMV}/${S_PV}/${S_PP}.tar.gz - mirror://gentoo/${PN}-3.0.14-chunk-encoding.patch.gz" +SRC_URI="http://www.squid-cache.org/Versions/v${S_PMV}/${S_PV}/${S_PP}.tar.gz" LICENSE="GPL-2" SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 ~mips ~ppc ppc64 sparc x86 ~x86-fbsd" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" IUSE="caps pam ldap samba sasl kerberos nis radius ssl snmp selinux icap-client logrotate \ mysql postgres sqlite \ zero-penalty-hit \ pf-transparent ipf-transparent kqueue \ - elibc_uclibc kernel_linux epoll" + elibc_uclibc kernel_linux +epoll" DEPEND="caps? ( >=sys-libs/libcap-2.16 ) pam? ( virtual/pam ) @@ -61,12 +60,10 @@ pkg_setup() { src_prepare() { epatch "${FILESDIR}"/${PN}-3-capability.patch + epatch "${FILESDIR}"/${P}-cve-2009-2855.patch epatch "${FILESDIR}"/${P}-gentoo.patch - epatch "${FILESDIR}"/${P}-gcc43.patch epatch "${FILESDIR}"/${P}-cross-compile.patch - epatch "${WORKDIR}"/${PN}-3.0.14-chunk-encoding.patch use zero-penalty-hit && epatch "${FILESDIR}"/${P}-adapted-zph.patch - has_version app-crypt/mit-krb5 || epatch "${FILESDIR}"/${P}-heimdal.patch eautoreconf } diff --git a/net-proxy/squid/squid-3.1.0.13_beta.ebuild b/net-proxy/squid/squid-3.1.0.13_beta-r1.ebuild index ce520ae81ce2..4639df2dfb41 100644 --- a/net-proxy/squid/squid-3.1.0.13_beta.ebuild +++ b/net-proxy/squid/squid-3.1.0.13_beta-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2009 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-3.1.0.13_beta.ebuild,v 1.2 2009/08/16 11:01:46 mrness Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-3.1.0.13_beta-r1.ebuild,v 1.1 2009/08/22 12:57:20 mrness Exp $ EAPI="2" @@ -57,6 +57,7 @@ pkg_setup() { src_prepare() { epatch "${FILESDIR}"/${PN}-3-capability.patch + epatch "${FILESDIR}"/${P}-cve-2009-2855.patch epatch "${FILESDIR}"/${P}-gentoo.patch epatch "${FILESDIR}"/${P}-qafixes.patch |