diff options
author | Alin Năstac <mrness@gentoo.org> | 2007-12-04 13:03:52 +0000 |
---|---|---|
committer | Alin Năstac <mrness@gentoo.org> | 2007-12-04 13:03:52 +0000 |
commit | 190b38e28294bbf0fe2be0dc446463de770bfe89 (patch) | |
tree | 561c5001365fba73d2c3cffa7a6a473a464111d4 /net-proxy | |
parent | stable x86, security bug 200909 (diff) | |
download | gentoo-2-190b38e28294bbf0fe2be0dc446463de770bfe89.tar.gz gentoo-2-190b38e28294bbf0fe2be0dc446463de770bfe89.tar.bz2 gentoo-2-190b38e28294bbf0fe2be0dc446463de770bfe89.zip |
Version bump (#201129, #201209).
(Portage version: 2.1.3.19)
Diffstat (limited to 'net-proxy')
-rw-r--r-- | net-proxy/squid/ChangeLog | 10 | ||||
-rw-r--r-- | net-proxy/squid/files/digest-squid-2.6.17 | 3 | ||||
-rw-r--r-- | net-proxy/squid/files/squid-2.6.17-ToS_Hit_ToS_Preserve.patch | 216 | ||||
-rw-r--r-- | net-proxy/squid/files/squid-2.6.17-gentoo.patch | 298 | ||||
-rw-r--r-- | net-proxy/squid/files/squid-2.6.17-qos.patch | 322 | ||||
-rw-r--r-- | net-proxy/squid/squid-2.6.17.ebuild | 184 |
6 files changed, 1032 insertions, 1 deletions
diff --git a/net-proxy/squid/ChangeLog b/net-proxy/squid/ChangeLog index ff7d3602bf81..d7bcfe97d9fe 100644 --- a/net-proxy/squid/ChangeLog +++ b/net-proxy/squid/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for net-proxy/squid # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.165 2007/11/15 08:37:42 mrness Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.166 2007/12/04 13:03:52 mrness Exp $ + +*squid-2.6.17 (04 Dec 2007) + + 04 Dec 2007; Alin Năstac <mrness@gentoo.org> + +files/squid-2.6.17-ToS_Hit_ToS_Preserve.patch, + +files/squid-2.6.17-gentoo.patch, +files/squid-2.6.17-qos.patch, + +squid-2.6.17.ebuild: + Version bump (#201129, #201209). 15 Nov 2007; Alin Năstac <mrness@gentoo.org> squid-2.6.16.ebuild, squid-3.0_rc1.ebuild: diff --git a/net-proxy/squid/files/digest-squid-2.6.17 b/net-proxy/squid/files/digest-squid-2.6.17 new file mode 100644 index 000000000000..462b1dd371fd --- /dev/null +++ b/net-proxy/squid/files/digest-squid-2.6.17 @@ -0,0 +1,3 @@ +MD5 f3e5c7721d9f8d8f25ecb337f6f88b73 squid-2.6.STABLE17.tar.gz 1724676 +RMD160 8fadcf6a78c0f8ce20426ed9a78837e19a0a9af6 squid-2.6.STABLE17.tar.gz 1724676 +SHA256 01231f7eb0a28faff41f3f279b949f32602ae4fce41d26f6190e9812fe2a360c squid-2.6.STABLE17.tar.gz 1724676 diff --git a/net-proxy/squid/files/squid-2.6.17-ToS_Hit_ToS_Preserve.patch b/net-proxy/squid/files/squid-2.6.17-ToS_Hit_ToS_Preserve.patch new file mode 100644 index 000000000000..d2dc25581c15 --- /dev/null +++ b/net-proxy/squid/files/squid-2.6.17-ToS_Hit_ToS_Preserve.patch @@ -0,0 +1,216 @@ +diff -Nru squid-2.6.STABLE17.orig/src/cf.data.pre squid-2.6.STABLE17/src/cf.data.pre +--- squid-2.6.STABLE17.orig/src/cf.data.pre 2007-12-04 14:33:41.000000000 +0200 ++++ squid-2.6.STABLE17/src/cf.data.pre 2007-12-04 14:37:55.000000000 +0200 +@@ -1181,6 +1181,64 @@ + to off when using this directive in such configurations. + DOC_END + ++NAME: zph_tos_local ++TYPE: int ++DEFAULT: 0 ++LOC: Config.zph_tos_local ++DOC_START ++ Allows you to select a TOS/Diffserv value to mark local hits. Read above ++ (tcp_outgoing_tos) for details/requirements about TOS. ++ Default: 0 (disabled). ++DOC_END ++ ++NAME: zph_tos_peer ++TYPE: int ++DEFAULT: 0 ++LOC: Config.zph_tos_peer ++DOC_START ++ Allows you to select a TOS/Diffserv value to mark peer hits. Read above ++ (tcp_outgoing_tos) for details/requirements about TOS. ++ Default: 0 (disabled). ++DOC_END ++ ++NAME: zph_tos_parent ++COMMENT: on|off ++TYPE: onoff ++LOC: Config.onoff.zph_tos_parent ++DEFAULT: on ++DOC_START ++ Set this to off if you want only sibling hits to be marked. ++ If set to on (default), parent hits are being marked too. ++DOC_END ++ ++NAME: zph_preserve_miss_tos ++COMMENT: on|off ++TYPE: onoff ++LOC: Config.onoff.zph_preserve_miss_tos ++DEFAULT: on ++DOC_START ++ If set to on (default), any HTTP response towards clients will ++ have the TOS value of the response comming from the remote ++ server masked with the value of zph_preserve_miss_tos_mask. ++ For this to work correctly, you will need to patch your linux ++ kernel with the TOS preserving ZPH patch. ++ Has no effect under FreeBSD, works only under linux ZPH patched ++ kernels. ++DOC_END ++ ++NAME: zph_preserve_miss_tos_mask ++TYPE: int ++DEFAULT: 255 ++LOC: Config.zph_preserve_miss_tos_mask ++DOC_START ++ Allows you to mask certain bits in the TOS received from the ++ remote server, before copying the value to the TOS send towards ++ clients. ++ See zph_preserve_miss_tos for details. ++ ++ Default: 255 (TOS from server is not changed). ++DOC_END ++ + NAME: tcp_outgoing_address + TYPE: acl_address + DEFAULT: none +diff -Nru squid-2.6.STABLE17.orig/src/client_side.c squid-2.6.STABLE17/src/client_side.c +--- squid-2.6.STABLE17.orig/src/client_side.c 2007-12-04 14:33:41.000000000 +0200 ++++ squid-2.6.STABLE17/src/client_side.c 2007-12-04 14:37:55.000000000 +0200 +@@ -2632,6 +2632,55 @@ + return; + } + assert(http->out.offset == 0); ++ ++ if ( Config.zph_tos_local || Config.zph_tos_peer || ++ (Config.onoff.zph_preserve_miss_tos && Config.zph_preserve_miss_tos_mask) ) ++ { ++ int need_change = 0; ++ int hit = 0; ++ int tos = 0; ++ int tos_old = 0; ++ int tos_len = sizeof(tos_old); ++ int res; ++ ++ if (Config.zph_tos_local && isTcpHit(http->log_type)) { /* local hit */ ++ hit = 1; ++ tos = Config.zph_tos_local; ++ } else if (Config.zph_tos_peer && ++ (http->request->hier.code == SIBLING_HIT || /* sibling hit */ ++ (Config.onoff.zph_tos_parent && ++ http->request->hier.code == PARENT_HIT))) { /* parent hit */ ++ hit = 1; ++ tos = Config.zph_tos_peer; ++ } ++ if (http->request->flags.proxy_keepalive) { ++ if (getsockopt(fd, IPPROTO_IP, IP_TOS, &tos_old, &tos_len) < 0) { ++ debug(33, 1) ("ZPH: getsockopt(IP_TOS) on FD %d: %s\n", fd, xstrerror()); ++ } else if (hit && tos_old != tos) { /* HIT: 1-st request, or previous was MISS, */ ++ need_change = 1; /* or local/parent hit change */ ++ } else if (!hit && (tos_old || /* MISS: previous was HIT */ ++ Config.onoff.zph_preserve_miss_tos)) { /* TOS copying is on */ ++#if defined(_SQUID_LINUX_) ++ if ( Config.onoff.zph_preserve_miss_tos ) { ++ tos = (entry->mem_obj != NULL) ? ++ (entry->mem_obj->recvTOS & Config.zph_preserve_miss_tos_mask):0; ++ } else tos = 0; ++#else ++ tos = 0; ++#endif ++ need_change = 1; ++ } ++ } else if (hit) { /* no keepalive */ ++ need_change = 1; ++ } ++ if (need_change) { ++ if (!hit) enter_suid(); /* Setting TOS bit6-7 is privilleged */ ++ res = setsockopt(fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos)); ++ if (!hit) leave_suid(); /* Setting bit5-7 is privilleged */ ++ if ( res < 0) ++ debug(33, 1) ("ZPH: setsockopt(IP_TOS) on FD %d: %s\n", fd, xstrerror()); ++ } ++ } + rep = http->reply = clientBuildReply(http, buf, size); + if (!rep) { + /* Forward as HTTP/0.9 body with no reply */ +diff -Nru squid-2.6.STABLE17.orig/src/http.c squid-2.6.STABLE17/src/http.c +--- squid-2.6.STABLE17.orig/src/http.c 2007-11-26 13:04:30.000000000 +0200 ++++ squid-2.6.STABLE17/src/http.c 2007-12-04 14:37:55.000000000 +0200 +@@ -1393,6 +1393,53 @@ + peer *p = httpState->peer; + CWCB *sendHeaderDone; + int fd = httpState->fd; ++ ++#if defined(_SQUID_LINUX_) ++/* ZPH patch starts here (M.Stavrev 25-05-2005) ++ * Retrieve connection peer's TOS value (which its SYN_ACK TCP segment ++ * was encapsulated into an IP packet) ++ */ ++ int tos, tos_len; ++ if ( entry && entry->mem_obj ) { // Is this check necessary ? Seems not, but ++ // have no time to investigate further. ++ entry->mem_obj->recvTOS = 0; ++ tos = 1; ++ tos_len = sizeof(tos); ++ if ( setsockopt(fd,SOL_IP, IP_RECVTOS, &tos, tos_len) == 0 ) { ++ unsigned char buf[128]; ++ int len = 128; ++ if (getsockopt(fd, SOL_IP, IP_PKTOPTIONS, buf, &len) == 0) ++ { ++ /* Parse the PKTOPTIONS structure to locate the TOS data message ++ * prepared in the kernel by the ZPH incoming TCP TOS preserving ++ * patch. In 99,99% the TOS should be located at buf[12], but ++ * let's do it the right way. ++ */ ++ unsigned char * p = buf; ++ while ( p-buf < len ) { ++ struct cmsghdr * o = (struct cmsghdr*)p; ++ if ( o->cmsg_len <= 0 || o->cmsg_len > 52 ) ++ break; ++ if ( o->cmsg_level == SOL_IP && o->cmsg_type == IP_TOS ) { ++ entry->mem_obj->recvTOS = (unsigned char)(*(int*) ++ (p + sizeof(struct cmsghdr))); ++ debug(11, 5) ("ZPH: Incomming TOS=%d on FD %d\n", ++ entry->mem_obj->recvTOS, fd ); ++ break; ++ } ++ p += o->cmsg_len; ++ } ++ } else { ++ debug(11, 5) ("ZPH: getsockopt(IP_PKTOPTIONS) on FD %d: %s\n", ++ fd, xstrerror()); ++ } ++ } else { ++ debug(11, 5) ("ZPH: setsockopt(IP_RECVTOS) on FD %d: %s\n", ++ fd, xstrerror()); ++ } ++ } ++/* ZPH patch ends here */ ++#endif + + debug(11, 5) ("httpSendRequest: FD %d: httpState %p.\n", fd, httpState); + +diff -Nru squid-2.6.STABLE17.orig/src/structs.h squid-2.6.STABLE17/src/structs.h +--- squid-2.6.STABLE17.orig/src/structs.h 2007-09-06 00:28:34.000000000 +0300 ++++ squid-2.6.STABLE17/src/structs.h 2007-12-04 14:37:55.000000000 +0200 +@@ -669,6 +669,8 @@ + int relaxed_header_parser; + int accel_no_pmtu_disc; + int global_internal_static; ++ int zph_tos_parent; ++ int zph_preserve_miss_tos; + int httpd_suppress_version_string; + int via; + int check_hostnames; +@@ -793,6 +795,9 @@ + int sleep_after_fork; /* microseconds */ + time_t minimum_expiry_time; /* seconds */ + external_acl *externalAclHelperList; ++ int zph_tos_local; ++ int zph_tos_peer; ++ int zph_preserve_miss_tos_mask; + errormap *errorMapList; + #if USE_SSL + struct { +@@ -1724,6 +1729,9 @@ + const char *vary_encoding; + StoreEntry *ims_entry; + time_t refresh_timestamp; ++#if defined(_SQUID_LINUX_) ++ unsigned char recvTOS; /* ZPH patch - stores remote server's TOS */ ++#endif + }; + + struct _StoreEntry { diff --git a/net-proxy/squid/files/squid-2.6.17-gentoo.patch b/net-proxy/squid/files/squid-2.6.17-gentoo.patch new file mode 100644 index 000000000000..2c30896e3017 --- /dev/null +++ b/net-proxy/squid/files/squid-2.6.17-gentoo.patch @@ -0,0 +1,298 @@ +diff -Nru squid-2.6.STABLE17.orig/helpers/basic_auth/MSNT/confload.c squid-2.6.STABLE17/helpers/basic_auth/MSNT/confload.c +--- squid-2.6.STABLE17.orig/helpers/basic_auth/MSNT/confload.c 2002-06-26 22:09:48.000000000 +0300 ++++ squid-2.6.STABLE17/helpers/basic_auth/MSNT/confload.c 2007-12-04 14:29:27.000000000 +0200 +@@ -24,7 +24,7 @@ + + /* Path to configuration file */ + #ifndef SYSCONFDIR +-#define SYSCONFDIR "/usr/local/squid/etc" ++#define SYSCONFDIR "/etc/squid" + #endif + #define CONFIGFILE SYSCONFDIR "/msntauth.conf" + +diff -Nru squid-2.6.STABLE17.orig/helpers/basic_auth/MSNT/msntauth.conf.default squid-2.6.STABLE17/helpers/basic_auth/MSNT/msntauth.conf.default +--- squid-2.6.STABLE17.orig/helpers/basic_auth/MSNT/msntauth.conf.default 2002-06-26 21:44:28.000000000 +0300 ++++ squid-2.6.STABLE17/helpers/basic_auth/MSNT/msntauth.conf.default 2007-12-04 14:29:27.000000000 +0200 +@@ -8,6 +8,6 @@ + server other_PDC other_BDC otherdomain + + # Denied and allowed users. Comment these if not needed. +-#denyusers /usr/local/squid/etc/msntauth.denyusers +-#allowusers /usr/local/squid/etc/msntauth.allowusers ++#denyusers /etc/squid/msntauth.denyusers ++#allowusers /etc/squid/msntauth.allowusers + +diff -Nru squid-2.6.STABLE17.orig/helpers/basic_auth/SMB/Makefile.am squid-2.6.STABLE17/helpers/basic_auth/SMB/Makefile.am +--- squid-2.6.STABLE17.orig/helpers/basic_auth/SMB/Makefile.am 2005-05-17 19:56:26.000000000 +0300 ++++ squid-2.6.STABLE17/helpers/basic_auth/SMB/Makefile.am 2007-12-04 14:29:27.000000000 +0200 +@@ -14,7 +14,7 @@ + ## FIXME: autoconf should test for the samba path. + + SMB_AUTH_HELPER = smb_auth.sh +-SAMBAPREFIX=/usr/local/samba ++SAMBAPREFIX=/usr + SMB_AUTH_HELPER_PATH = $(libexecdir)/$(SMB_AUTH_HELPER) + + libexec_SCRIPTS = $(SMB_AUTH_HELPER) +diff -Nru squid-2.6.STABLE17.orig/helpers/basic_auth/SMB/smb_auth.sh squid-2.6.STABLE17/helpers/basic_auth/SMB/smb_auth.sh +--- squid-2.6.STABLE17.orig/helpers/basic_auth/SMB/smb_auth.sh 2001-01-08 01:36:46.000000000 +0200 ++++ squid-2.6.STABLE17/helpers/basic_auth/SMB/smb_auth.sh 2007-12-04 14:29:27.000000000 +0200 +@@ -24,7 +24,7 @@ + read AUTHSHARE + read AUTHFILE + read SMBUSER +-read SMBPASS ++read -r SMBPASS + + # Find domain controller + echo "Domain name: $DOMAINNAME" +@@ -47,7 +47,7 @@ + addropt="" + fi + echo "Query address options: $addropt" +-dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'` ++dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'` + echo "Domain controller IP address: $dcip" + [ -n "$dcip" ] || exit 1 + +diff -Nru squid-2.6.STABLE17.orig/helpers/external_acl/session/squid_session.8 squid-2.6.STABLE17/helpers/external_acl/session/squid_session.8 +--- squid-2.6.STABLE17.orig/helpers/external_acl/session/squid_session.8 2007-01-06 19:28:35.000000000 +0200 ++++ squid-2.6.STABLE17/helpers/external_acl/session/squid_session.8 2007-12-04 14:29:27.000000000 +0200 +@@ -35,7 +35,7 @@ + .P + Configuration example using the default automatic mode + .IP +-external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/local/squid/libexec/squid_session ++external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/libexec/squid/squid_session + .IP + acl session external session + .IP +diff -Nru squid-2.6.STABLE17.orig/helpers/external_acl/unix_group/squid_unix_group.8 squid-2.6.STABLE17/helpers/external_acl/unix_group/squid_unix_group.8 +--- squid-2.6.STABLE17.orig/helpers/external_acl/unix_group/squid_unix_group.8 2006-05-14 18:07:24.000000000 +0300 ++++ squid-2.6.STABLE17/helpers/external_acl/unix_group/squid_unix_group.8 2007-12-04 14:29:27.000000000 +0200 +@@ -27,7 +27,7 @@ + This squid.conf example defines two Squid acls. usergroup1 matches users in group1, and usergroup2 + matches users in group2 or group3 + .IP +-external_acl_type unix_group %LOGIN /usr/local/squid/libexec/squid_unix_group -p ++external_acl_type unix_group %LOGIN /usr/libexec/squid/squid_unix_group -p + .IP + acl usergroup1 external unix_group group1 + .IP +diff -Nru squid-2.6.STABLE17.orig/src/access_log.c squid-2.6.STABLE17/src/access_log.c +--- squid-2.6.STABLE17.orig/src/access_log.c 2007-06-03 03:40:32.000000000 +0300 ++++ squid-2.6.STABLE17/src/access_log.c 2007-12-04 14:29:27.000000000 +0200 +@@ -1225,7 +1225,7 @@ + LogfileStatus = LOG_ENABLE; + } + #if HEADERS_LOG +- headerslog = logfileOpen("/usr/local/squid/logs/headers.log", MAX_URL << 1, 0); ++ headerslog = logfileOpen("/var/log/squid/headers.log", MAX_URL << 1, 0); + assert(NULL != headerslog); + #endif + #if FORW_VIA_DB +diff -Nru squid-2.6.STABLE17.orig/src/cf.data.pre squid-2.6.STABLE17/src/cf.data.pre +--- squid-2.6.STABLE17.orig/src/cf.data.pre 2007-11-26 13:03:45.000000000 +0200 ++++ squid-2.6.STABLE17/src/cf.data.pre 2007-12-04 14:29:27.000000000 +0200 +@@ -640,6 +640,8 @@ + acl Safe_ports port 488 # gss-http + acl Safe_ports port 591 # filemaker + acl Safe_ports port 777 # multiling http ++acl Safe_ports port 901 # SWAT ++acl purge method PURGE + acl CONNECT method CONNECT + NOCOMMENT_END + DOC_END +@@ -673,6 +675,9 @@ + # Only allow cachemgr access from localhost + http_access allow manager localhost + http_access deny manager ++# Only allow purge requests from localhost ++http_access allow purge localhost ++http_access deny purge + # Deny requests to unknown ports + http_access deny !Safe_ports + # Deny CONNECT to other than SSL ports +@@ -691,6 +696,9 @@ + #acl our_networks src 192.168.1.0/24 192.168.2.0/24 + #http_access allow our_networks + ++# Allow the localhost to have access by default ++http_access allow localhost ++ + # And finally deny all other access to this proxy + http_access deny all + NOCOMMENT_END +@@ -3356,11 +3364,11 @@ + + NAME: cache_mgr + TYPE: string +-DEFAULT: webmaster ++DEFAULT: root + LOC: Config.adminEmail + DOC_START + Email-address of local cache manager who will receive +- mail if the cache dies. The default is "webmaster". ++ mail if the cache dies. The default is "root". + DOC_END + + NAME: mail_from +@@ -3389,12 +3397,12 @@ + + NAME: cache_effective_user + TYPE: string +-DEFAULT: nobody ++DEFAULT: squid + LOC: Config.effectiveUser + DOC_START + If you start Squid as root, it will change its effective/real + UID/GID to the user specified below. The default is to change +- to UID to nobody. If you define cache_effective_user, but not ++ to UID to squid. If you define cache_effective_user, but not + cache_effective_group, Squid sets the GID to the effective + user's default group ID (taken from the password file) and + supplementary group list from the from groups membership of +@@ -4031,12 +4039,12 @@ + NAME: snmp_port + TYPE: ushort + LOC: Config.Port.snmp +-DEFAULT: 3401 ++DEFAULT: 0 + IFDEF: SQUID_SNMP + DOC_START + Squid can now serve statistics and status information via SNMP. +- By default it listens to port 3401 on the machine. If you don't +- wish to use SNMP, set this to "0". ++ By default snmp_port is disabled. If you wish to use SNMP, ++ set this to "3401" (or any other number you like). + DOC_END + + NAME: snmp_access +@@ -4107,12 +4115,12 @@ + NAME: htcp_port + IFDEF: USE_HTCP + TYPE: ushort +-DEFAULT: 4827 ++DEFAULT: 0 + LOC: Config.Port.htcp + DOC_START + The port number where Squid sends and receives HTCP queries to +- and from neighbor caches. Default is 4827. To disable use +- "0". ++ and from neighbor caches. To turn it on you want to set it to ++ 4827. By default it is set to "0" (disabled). + DOC_END + + NAME: log_icp_queries +@@ -4964,6 +4972,9 @@ + If you disable this, it will appear as + + X-Forwarded-For: unknown ++NOCOMMENT_START ++forwarded_for off ++NOCOMMENT_END + DOC_END + + NAME: cachemgr_passwd +diff -Nru squid-2.6.STABLE17.orig/src/client_side.c squid-2.6.STABLE17/src/client_side.c +--- squid-2.6.STABLE17.orig/src/client_side.c 2007-09-03 16:13:36.000000000 +0300 ++++ squid-2.6.STABLE17/src/client_side.c 2007-12-04 14:29:27.000000000 +0200 +@@ -4597,14 +4597,7 @@ + debug(83, 2) ("clientNegotiateSSL: Session %p reused on FD %d (%s:%d)\n", SSL_get_session(ssl), fd, fd_table[fd].ipaddr, (int) fd_table[fd].remote_port); + } else { + if (do_debug(83, 4)) { +- /* Write out the SSL session details.. actually the call below, but +- * OpenSSL headers do strange typecasts confusing GCC.. */ +- /* PEM_write_SSL_SESSION(debug_log, SSL_get_session(ssl)); */ +-#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x00908000L +- PEM_ASN1_write((i2d_of_void *) i2d_SSL_SESSION, PEM_STRING_SSL_SESSION, debug_log, (char *) SSL_get_session(ssl), NULL, NULL, 0, NULL, NULL); +-#else + PEM_ASN1_write(i2d_SSL_SESSION, PEM_STRING_SSL_SESSION, debug_log, (char *) SSL_get_session(ssl), NULL, NULL, 0, NULL, NULL); +-#endif + /* Note: This does not automatically fflush the log file.. */ + } + debug(83, 2) ("clientNegotiateSSL: New session %p on FD %d (%s:%d)\n", SSL_get_session(ssl), fd, fd_table[fd].ipaddr, (int) fd_table[fd].remote_port); +diff -Nru squid-2.6.STABLE17.orig/src/defines.h squid-2.6.STABLE17/src/defines.h +--- squid-2.6.STABLE17.orig/src/defines.h 2007-02-04 00:58:20.000000000 +0200 ++++ squid-2.6.STABLE17/src/defines.h 2007-12-04 14:29:27.000000000 +0200 +@@ -259,7 +259,7 @@ + + /* were to look for errors if config path fails */ + #ifndef DEFAULT_SQUID_ERROR_DIR +-#define DEFAULT_SQUID_ERROR_DIR "/usr/local/squid/etc/errors" ++#define DEFAULT_SQUID_ERROR_DIR "/usr/share/squid/errors/English" + #endif + + /* gb_type operations */ +diff -Nru squid-2.6.STABLE17.orig/src/main.c squid-2.6.STABLE17/src/main.c +--- squid-2.6.STABLE17.orig/src/main.c 2007-11-26 12:47:23.000000000 +0200 ++++ squid-2.6.STABLE17/src/main.c 2007-12-04 14:29:27.000000000 +0200 +@@ -372,6 +372,22 @@ + asnFreeMemory(); + } + ++#if USE_UNLINKD ++static int ++needUnlinkd(void) ++{ ++ int i; ++ int r = 0; ++ for (i = 0; i < Config.cacheSwap.n_configured; i++) { ++ if (strcmp(Config.cacheSwap.swapDirs[i].type, "ufs") == 0 || ++ strcmp(Config.cacheSwap.swapDirs[i].type, "aufs") == 0 || ++ strcmp(Config.cacheSwap.swapDirs[i].type, "diskd") == 0) ++ r++; ++ } ++ return r; ++} ++#endif ++ + static void + mainReconfigure(void) + { +@@ -395,6 +411,7 @@ + locationRewriteShutdown(); + authenticateShutdown(); + externalAclShutdown(); ++ unlinkdClose(); + storeDirCloseSwapLogs(); + storeLogClose(); + accessLogClose(); +@@ -430,6 +447,9 @@ + #if USE_WCCPv2 + wccp2Init(); + #endif ++#if USE_UNLINKD ++ if (needUnlinkd()) unlinkdInit(); ++#endif + serverConnectionsOpen(); + neighbors_init(); + storeDirOpenSwapLogs(); +@@ -593,7 +613,7 @@ + + if (!configured_once) { + #if USE_UNLINKD +- unlinkdInit(); ++ if (needUnlinkd()) unlinkdInit(); + #endif + urlInitialize(); + cachemgrInit(); +diff -Nru squid-2.6.STABLE17.orig/src/Makefile.am squid-2.6.STABLE17/src/Makefile.am +--- squid-2.6.STABLE17.orig/src/Makefile.am 2007-09-06 00:50:15.000000000 +0300 ++++ squid-2.6.STABLE17/src/Makefile.am 2007-12-04 14:29:27.000000000 +0200 +@@ -325,12 +325,12 @@ + DEFAULT_CONFIG_FILE = $(sysconfdir)/squid.conf + DEFAULT_MIME_TABLE = $(sysconfdir)/mime.conf + DEFAULT_DNSSERVER = $(libexecdir)/`echo dnsserver | sed '$(transform);s/$$/$(EXEEXT)/'` +-DEFAULT_LOG_PREFIX = $(localstatedir)/logs ++DEFAULT_LOG_PREFIX = $(localstatedir)/log/squid + DEFAULT_CACHE_LOG = $(DEFAULT_LOG_PREFIX)/cache.log + DEFAULT_ACCESS_LOG = $(DEFAULT_LOG_PREFIX)/access.log + DEFAULT_STORE_LOG = $(DEFAULT_LOG_PREFIX)/store.log +-DEFAULT_PID_FILE = $(DEFAULT_LOG_PREFIX)/squid.pid +-DEFAULT_SWAP_DIR = $(localstatedir)/cache ++DEFAULT_PID_FILE = $(localstatedir)/run/squid.pid ++DEFAULT_SWAP_DIR = $(localstatedir)/cache/squid + DEFAULT_PINGER = $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'` + DEFAULT_UNLINKD = $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'` + DEFAULT_DISKD = $(libexecdir)/`echo diskd-daemon | sed '$(transform);s/$$/$(EXEEXT)/'` diff --git a/net-proxy/squid/files/squid-2.6.17-qos.patch b/net-proxy/squid/files/squid-2.6.17-qos.patch new file mode 100644 index 000000000000..7afe830db5d9 --- /dev/null +++ b/net-proxy/squid/files/squid-2.6.17-qos.patch @@ -0,0 +1,322 @@ +diff -Nru squid-2.6.STABLE17.orig/src/cache_cf.c squid-2.6.STABLE17/src/cache_cf.c +--- squid-2.6.STABLE17.orig/src/cache_cf.c 2007-08-31 16:49:54.000000000 +0300 ++++ squid-2.6.STABLE17/src/cache_cf.c 2007-12-04 14:38:58.000000000 +0200 +@@ -891,6 +891,65 @@ + } + } + ++CBDATA_TYPE(acl_priority); ++ ++static void ++dump_acl_priority(StoreEntry * entry, const char *name, acl_priority * head) ++{ ++ acl_priority *l; ++ for (l = head; l; l = l->next) { ++ if (l->priority > 0) ++ storeAppendPrintf(entry, "%s %04X:%04X", name, ++ l->priority >> 16, l->priority & 0xFFFF); ++ else ++ storeAppendPrintf(entry, "%s none", name); ++ dump_acl_list(entry, l->acl_list); ++ storeAppendPrintf(entry, "\n"); ++ } ++} ++ ++static void ++freed_acl_priority(void *data) ++{ ++ acl_priority *l = data; ++ aclDestroyAclList(&l->acl_list); ++} ++ ++static void ++parse_acl_priority(acl_priority ** head) ++{ ++ acl_priority *l; ++ acl_priority **tail = head; /* sane name below */ ++ unsigned long priority, t1, t2; ++ char junk; ++ char *token = strtok(NULL, w_space); ++ if (!token) ++ self_destruct(); ++ if (sscanf(token, "%x:%x%c", &t1, &t2, &junk) != 2) ++ self_destruct(); ++ if (t1 < 0 || t1 > 0xFFFF || t2 < 0 || t2 > 0xFFFF) ++ self_destruct(); ++ priority = t1 << 16 | t2; ++ CBDATA_INIT_TYPE_FREECB(acl_priority, freed_acl_priority); ++ l = cbdataAlloc(acl_priority); ++ l->priority = priority; ++ aclParseAclList(&l->acl_list); ++ while (*tail) ++ tail = &(*tail)->next; ++ *tail = l; ++} ++ ++static void ++free_acl_priority(acl_priority ** head) ++{ ++ while (*head) { ++ acl_priority *l = *head; ++ *head = l->next; ++ l->next = NULL; ++ cbdataFree(l); ++ } ++} ++ + #if DELAY_POOLS + + /* do nothing - free_delay_pool_count is the magic free function. +diff -Nru squid-2.6.STABLE17.orig/src/cf.data.depend squid-2.6.STABLE17/src/cf.data.depend +--- squid-2.6.STABLE17.orig/src/cf.data.depend 2007-09-06 00:50:15.000000000 +0300 ++++ squid-2.6.STABLE17/src/cf.data.depend 2007-12-04 14:38:58.000000000 +0200 +@@ -5,6 +5,7 @@ + acl_address acl + acl_b_size_t acl + acl_tos acl ++acl_priority acl + address + authparam + b_int64_t +diff -Nru squid-2.6.STABLE17.orig/src/cf.data.pre squid-2.6.STABLE17/src/cf.data.pre +--- squid-2.6.STABLE17.orig/src/cf.data.pre 2007-12-04 14:38:45.000000000 +0200 ++++ squid-2.6.STABLE17/src/cf.data.pre 2007-12-04 14:38:58.000000000 +0200 +@@ -1239,6 +1239,27 @@ + Default: 255 (TOS from server is not changed). + DOC_END + ++NAME: tcp_outgoing_priority ++TYPE: acl_priority ++DEFAULT: none ++LOC: Config.accessList.outgoing_priority ++DOC_START ++ Allows you to select the priority of the outgoing connection, ++ based on the username or source address making the request. The ++ priority can be used by Linux QoS Qdiscs for classification. ++ ++ tcp_outgoing_priority priority [!]aclname ... ++ ++ Example where requests from special_service_net are assigned ++ priority 10:100 ++ ++ acl special_service_net src 10.0.0.0/255.255.255.0 ++ tcp_outgoing_priority 10:100 special_service_net ++ ++ Processing proceeds in the order specified, and stops at first fully ++ matching line. ++DOC_END ++ + NAME: tcp_outgoing_address + TYPE: acl_address + DEFAULT: none +diff -Nru squid-2.6.STABLE17.orig/src/comm.c squid-2.6.STABLE17/src/comm.c +--- squid-2.6.STABLE17.orig/src/comm.c 2007-04-17 12:39:56.000000000 +0300 ++++ squid-2.6.STABLE17/src/comm.c 2007-12-04 14:38:58.000000000 +0200 +@@ -162,7 +162,7 @@ + int flags, + const char *note) + { +- return comm_openex(sock_type, proto, addr, port, flags, 0, note); ++ return comm_openex(sock_type, proto, addr, port, flags, 0, 0, note); + } + + +@@ -175,10 +175,12 @@ + u_short port, + int flags, + unsigned char TOS, ++ unsigned long PRIORITY, + const char *note) + { + int new_socket; + int tos = 0; ++ unsigned long priority = 0; + fde *F = NULL; + + /* Create socket for accepting new connections. */ +@@ -209,12 +211,25 @@ + debug(5, 0) ("comm_open: setsockopt(IP_TOS) not supported on this platform\n"); + #endif + } ++ if (PRIORITY) { ++#ifdef SO_PRIORITY ++ priority = PRIORITY; ++ enter_suid(); ++ if (setsockopt(new_socket, SOL_SOCKET, SO_PRIORITY, (char *) &priority, sizeof(unsigned long)) < 0) ++ debug(50, 1) ("comm_open: setsockopt(SO_PRIORITY) on FD %d: %s\n", ++ new_socket, xstrerror()); ++ leave_suid(); ++#else ++ debug(50, 0) ("comm_open: setsockopt(SO_PRIORITY) not supported on this platform\n"); ++#endif ++ } + /* update fdstat */ + debug(5, 5) ("comm_open: FD %d is a new socket\n", new_socket); + fd_open(new_socket, FD_SOCKET, note); + F = &fd_table[new_socket]; + F->local_addr = addr; + F->tos = tos; ++ F->priority = priority; + if (!(flags & COMM_NOCLOEXEC)) + commSetCloseOnExec(new_socket); + if ((flags & COMM_REUSEADDR)) +@@ -382,6 +397,15 @@ + debug(5, 1) ("commResetFD: setsockopt(IP_TOS) on FD %d: %s\n", cs->fd, xstrerror()); + } + #endif ++#ifdef SO_PRIORITY ++ if (F->priority) { ++ unsigned long priority = F->priority; ++ enter_suid(); ++ if (setsockopt(cs->fd, SOL_SOCKET, SO_PRIORITY, (char *)&priority, sizeof(unsigned long)) < 0) ++ debug(50, 1) ("commResetFD: setsockopt(SO_PRIORITY) on FD %d: %s\n", cs->fd, xstrerror()); ++ leave_suid(); ++ } ++#endif + if (F->flags.close_on_exec) + commSetCloseOnExec(cs->fd); + if (F->flags.nonblocking) +diff -Nru squid-2.6.STABLE17.orig/src/forward.c squid-2.6.STABLE17/src/forward.c +--- squid-2.6.STABLE17.orig/src/forward.c 2007-09-06 00:28:34.000000000 +0300 ++++ squid-2.6.STABLE17/src/forward.c 2007-12-04 14:38:58.000000000 +0200 +@@ -418,6 +418,17 @@ + return 0; + } + ++static unsigned long ++aclMapPriority(acl_priority * head, aclCheck_t * ch) ++{ ++ acl_priority *l; ++ for (l = head; l; l = l->next) { ++ if (aclMatchAclList(l->acl_list, ch)) ++ return l->priority; ++ } ++ return 0; ++} ++ + struct in_addr + getOutgoingAddr(request_t * request) + { +@@ -446,6 +457,20 @@ + return aclMapTOS(Config.accessList.outgoing_tos, &ch); + } + ++unsigned long ++getOutgoingPriority(request_t * request) ++{ ++ aclCheck_t ch; ++ memset(&ch, '\0', sizeof(aclCheck_t)); ++ if (request) { ++ ch.src_addr = request->client_addr; ++ ch.my_addr = request->my_addr; ++ ch.my_port = request->my_port; ++ ch.request = request; ++ } ++ return aclMapPriority(Config.accessList.outgoing_priority, &ch); ++} ++ + static void + fwdConnectStart(void *data) + { +@@ -462,6 +487,7 @@ + int ftimeout = Config.Timeout.forward - (squid_curtime - fwdState->start); + struct in_addr outgoing; + unsigned short tos; ++ unsigned long priority; + #if LINUX_TPROXY + struct in_tproxy itp; + #endif +@@ -547,15 +573,17 @@ + #endif + outgoing = getOutgoingAddr(fwdState->request); + tos = getOutgoingTOS(fwdState->request); ++ priority = getOutgoingPriority(fwdState->request); + +- debug(17, 3) ("fwdConnectStart: got addr %s, tos %d\n", +- inet_ntoa(outgoing), tos); ++ debug(17, 3) ("fwdConnectStart: got addr %s, tos %d, priority %lu\n", ++ inet_ntoa(outgoing), tos, priority); + fd = comm_openex(SOCK_STREAM, + IPPROTO_TCP, + outgoing, + 0, + COMM_NONBLOCKING, + tos, ++ priority, + url); + if (fd < 0) { + debug(50, 4) ("fwdConnectStart: %s\n", xstrerror()); +diff -Nru squid-2.6.STABLE17.orig/src/protos.h squid-2.6.STABLE17/src/protos.h +--- squid-2.6.STABLE17.orig/src/protos.h 2007-07-15 12:52:17.000000000 +0300 ++++ squid-2.6.STABLE17/src/protos.h 2007-12-04 14:38:58.000000000 +0200 +@@ -160,7 +160,7 @@ + extern void comm_init(void); + extern int comm_listen(int sock); + extern int comm_open(int, int, struct in_addr, u_short port, int, const char *note); +-extern int comm_openex(int, int, struct in_addr, u_short, int, unsigned char TOS, const char *); ++extern int comm_openex(int, int, struct in_addr, u_short, int, unsigned char TOS, unsigned long PRIORITY, const char *); + extern u_short comm_local_port(int fd); + + extern void commDeferFD(int fd); +@@ -735,6 +735,7 @@ + #endif + struct in_addr getOutgoingAddr(request_t * request); + unsigned long getOutgoingTOS(request_t * request); ++unsigned long getOutgoingPriority(request_t * request); + + extern void urnStart(request_t *, StoreEntry *); + +diff -Nru squid-2.6.STABLE17.orig/src/ssl.c squid-2.6.STABLE17/src/ssl.c +--- squid-2.6.STABLE17.orig/src/ssl.c 2007-02-03 23:53:38.000000000 +0200 ++++ squid-2.6.STABLE17/src/ssl.c 2007-12-04 14:38:58.000000000 +0200 +@@ -524,6 +524,7 @@ + 0, + COMM_NONBLOCKING, + getOutgoingTOS(request), +++ getOutgoingPriority(request), + url); + if (sock == COMM_ERROR) { + debug(26, 4) ("sslStart: Failed because we're out of sockets.\n"); +diff -Nru squid-2.6.STABLE17.orig/src/structs.h squid-2.6.STABLE17/src/structs.h +--- squid-2.6.STABLE17.orig/src/structs.h 2007-12-04 14:38:45.000000000 +0200 ++++ squid-2.6.STABLE17/src/structs.h 2007-12-04 14:38:58.000000000 +0200 +@@ -296,6 +296,12 @@ + int tos; + }; + ++struct _acl_priority { ++ acl_priority *next; ++ acl_list *acl_list; ++ unsigned long priority; ++}; ++ + struct _aclCheck_t { + const acl_access *access_list; + struct in_addr src_addr; +@@ -705,6 +711,7 @@ + acl_access *reply; + acl_address *outgoing_address; + acl_tos *outgoing_tos; ++ acl_priority *outgoing_priority; + #if USE_HTCP + acl_access *htcp; + acl_access *htcp_clr; +@@ -876,6 +883,7 @@ + u_short remote_port; + struct in_addr local_addr; + unsigned char tos; ++ unsigned long priority; + char ipaddr[16]; /* dotted decimal address of peer */ + char desc[FD_DESC_SZ]; + struct { +diff -Nru squid-2.6.STABLE17.orig/src/typedefs.h squid-2.6.STABLE17/src/typedefs.h +--- squid-2.6.STABLE17.orig/src/typedefs.h 2006-09-02 17:08:42.000000000 +0300 ++++ squid-2.6.STABLE17/src/typedefs.h 2007-12-04 14:38:58.000000000 +0200 +@@ -102,6 +102,7 @@ + typedef struct _acl_access acl_access; + typedef struct _acl_address acl_address; + typedef struct _acl_tos acl_tos; ++typedef struct _acl_priority acl_priority; + typedef struct _aclCheck_t aclCheck_t; + typedef struct _wordlist wordlist; + typedef struct _intlist intlist; diff --git a/net-proxy/squid/squid-2.6.17.ebuild b/net-proxy/squid/squid-2.6.17.ebuild new file mode 100644 index 000000000000..aa88cafa0255 --- /dev/null +++ b/net-proxy/squid/squid-2.6.17.ebuild @@ -0,0 +1,184 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-2.6.17.ebuild,v 1.1 2007/12/04 13:03:52 mrness Exp $ + +WANT_AUTOCONF="latest" +WANT_AUTOMAKE="latest" + +inherit eutils pam toolchain-funcs flag-o-matic autotools linux-info + +#lame archive versioning scheme.. +S_PMV="${PV%%.*}" +S_PV="${PV%.*}" +S_PL="${PV##*.}" +S_PL="${S_PL/_rc/-RC}" +S_PP="${PN}-${S_PV}.STABLE${S_PL}" + +DESCRIPTION="A full-featured web proxy cache" +HOMEPAGE="http://www.squid-cache.org/" +SRC_URI="http://www.squid-cache.org/Versions/v${S_PMV}/${S_PV}/${S_PP}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="pam ldap samba sasl nis ssl snmp selinux logrotate qos zero-penalty-hit \ + pf-transparent ipf-transparent \ + elibc_uclibc kernel_linux" + +DEPEND="pam? ( virtual/pam ) + ldap? ( >=net-nds/openldap-2.3.35 ) + ssl? ( >=dev-libs/openssl-0.9.8d ) + sasl? ( >=dev-libs/cyrus-sasl-2.1.22 ) + selinux? ( sec-policy/selinux-squid ) + !x86-fbsd? ( logrotate? ( app-admin/logrotate ) ) + >=sys-libs/db-4 + dev-lang/perl" +RDEPEND="${DEPEND} + samba? ( net-fs/samba )" + +S="${WORKDIR}/${S_PP}" + +pkg_setup() { + enewgroup squid 31 + enewuser squid 31 -1 /var/cache/squid squid +} + +src_unpack() { + unpack ${A} || die "unpack failed" + cd "${S}" || die "dir ${S} not found" + + epatch "${FILESDIR}"/${P}-gentoo.patch + use zero-penalty-hit && epatch "${FILESDIR}"/${P}-ToS_Hit_ToS_Preserve.patch + use qos && epatch "${FILESDIR}"/${P}-qos.patch + + sed -i -e 's%LDFLAGS="-g"%LDFLAGS=""%' configure.in + + # disable lazy bindings on (some at least) suided basic auth programs + sed -i -e '$aAM_LDFLAGS = '$(bindnow-flags) \ + helpers/basic_auth/*/Makefile.am + + eautoreconf +} + +src_compile() { + local basic_modules="getpwnam,NCSA,MSNT" + use samba && basic_modules="SMB,multi-domain-NTLM,${basic_modules}" + use ldap && basic_modules="LDAP,${basic_modules}" + use pam && basic_modules="PAM,${basic_modules}" + use sasl && basic_modules="SASL,${basic_modules}" + use nis && ! use elibc_uclibc && basic_modules="YP,${basic_modules}" + + local ext_helpers="ip_user,session,unix_group" + use samba && ext_helpers="wbinfo_group,${ext_helpers}" + use ldap && ext_helpers="ldap_group,${ext_helpers}" + + local ntlm_helpers="fakeauth" + use samba && ntlm_helpers="SMB,${ntlm_helpers}" + + local myconf="" + + # Support for uclibc #61175 + if use elibc_uclibc; then + myconf="${myconf} --enable-storeio=ufs,diskd,aufs,null" + myconf="${myconf} --disable-async-io" + else + myconf="${myconf} --enable-storeio=ufs,diskd,coss,aufs,null" + myconf="${myconf} --enable-async-io" + fi + + if use kernel_linux; then + myconf="${myconf} --enable-linux-netfilter" + if kernel_is ge 2 6 && linux_chkconfig_present EPOLL ; then + myconf="${myconf} --enable-epoll" + fi + elif use kernel_FreeBSD || use kernel_OpenBSD || use kernel_NetBSD ; then + myconf="${myconf} --enable-kqueue" + if use pf-transparent; then + myconf="${myconf} --enable-pf-transparent" + elif use ipf-transparent; then + myconf="${myconf} --enable-ipf-transparent" + fi + fi + + export CC=$(tc-getCC) + + econf \ + --sysconfdir=/etc/squid \ + --libexecdir=/usr/libexec/squid \ + --localstatedir=/var \ + --datadir=/usr/share/squid \ + --enable-auth="basic,digest,ntlm" \ + --enable-removal-policies="lru,heap" \ + --enable-digest-auth-helpers="password" \ + --enable-basic-auth-helpers="${basic_modules}" \ + --enable-external-acl-helpers="${ext_helpers}" \ + --enable-ntlm-auth-helpers="${ntlm_helpers}" \ + --enable-ident-lookups \ + --enable-useragent-log \ + --enable-cache-digests \ + --enable-delay-pools \ + --enable-referer-log \ + --enable-arp-acl \ + --with-pthreads \ + --with-large-files \ + --enable-htcp \ + --enable-carp \ + --enable-follow-x-forwarded-for \ + --with-maxfd=8192 \ + $(use_enable snmp) \ + $(use_enable ssl) \ + ${myconf} || die "econf failed" + + emake || die "emake failed" +} + +src_install() { + make DESTDIR="${D}" install || die "make install failed" + + # need suid root for looking into /etc/shadow + fowners root:squid /usr/libexec/squid/ncsa_auth + fowners root:squid /usr/libexec/squid/pam_auth + fperms 4750 /usr/libexec/squid/ncsa_auth + fperms 4750 /usr/libexec/squid/pam_auth + + # some cleanups + rm -f "${D}"/usr/bin/Run* + + dodoc CONTRIBUTORS CREDITS ChangeLog QUICKSTART SPONSORS doc/*.txt \ + helpers/ntlm_auth/no_check/README.no_check_ntlm_auth + newdoc helpers/basic_auth/SMB/README README.auth_smb + dohtml helpers/basic_auth/MSNT/README.html RELEASENOTES.html + newdoc helpers/basic_auth/LDAP/README README.auth_ldap + doman helpers/basic_auth/LDAP/*.8 + dodoc helpers/basic_auth/SASL/squid_sasl_auth* + + newpamd "${FILESDIR}/squid.pam" squid + newconfd "${FILESDIR}/squid.confd" squid + if use logrotate; then + newinitd "${FILESDIR}/squid.initd-logrotate" squid + insinto /etc/logrotate.d + newins "${FILESDIR}/squid.logrotate" squid + else + newinitd "${FILESDIR}/squid.initd" squid + exeinto /etc/cron.weekly + newexe "${FILESDIR}/squid.cron" squid.cron + fi + + rm -rf "${D}"/var + diropts -m0755 -o squid -g squid + keepdir /var/cache/squid /var/log/squid +} + +pkg_postinst() { + echo + ewarn "Squid authentication helpers have been installed suid root." + ewarn "This allows shadow based authentication (see bug #52977 for more)." + echo + ewarn "Be careful what type of cache_dir you select!" + ewarn " 'diskd' is optimized for high levels of traffic, but it might seem slow" + ewarn "when there isn't sufficient traffic to keep squid reasonably busy." + ewarn " If your traffic level is low to moderate, use 'aufs' or 'ufs'." + echo + ewarn "Squid can be configured to run in transparent mode like this:" + ewarn " ${HILITE}http_port internal-addr:3128 transparent${NORMAL}" +} |