Version bump (#191456).

(Portage version: 2.1.2.12)
author: Alin Năstac <mrness@gentoo.org> 2007-09-08 07:28:04 +0000
committer: Alin Năstac <mrness@gentoo.org> 2007-09-08 07:28:04 +0000
commit: e14b5785e781e8da3e35ac6517b356a2757577ca (patch)
tree: 76f6a00625726f71743184d3c220ca136b6ac213 /net-proxy
parent: Bump for 7.3. (diff)
download: gentoo-2-e14b5785e781e8da3e35ac6517b356a2757577ca.tar.gz
gentoo-2-e14b5785e781e8da3e35ac6517b356a2757577ca.tar.bz2
gentoo-2-e14b5785e781e8da3e35ac6517b356a2757577ca.zip
6 files changed, 1069 insertions, 1 deletions
diff --git a/net-proxy/squid/ChangeLog b/net-proxy/squid/ChangeLog
index 9a43807066e2..47e6eefaa1d0 100644
--- a/net-proxy/squid/ChangeLog
+++ b/net-proxy/squid/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for net-proxy/squid
 # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.151 2007/08/16 17:35:03 mrness Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.152 2007/09/08 07:28:04 mrness Exp $
+
+*squid-2.6.16 (08 Sep 2007)
+
+  08 Sep 2007; Alin Năstac <mrness@gentoo.org>
+  +files/squid-2.6.16-ToS_Hit_ToS_Preserve.patch,
+  +files/squid-2.6.16-gentoo.patch, +files/squid-2.6.16-qos.patch,
+  +squid-2.6.16.ebuild:
+  Version bump (#191456).
 
 *squid-2.6.14 (16 Aug 2007)
 
diff --git a/net-proxy/squid/files/digest-squid-2.6.16 b/net-proxy/squid/files/digest-squid-2.6.16
new file mode 100644
index 000000000000..28943a7d8405
--- /dev/null
+++ b/net-proxy/squid/files/digest-squid-2.6.16
@@ -0,0 +1,3 @@
+MD5 5d910fd30ce8d28916a09410d584e9f3 squid-2.6.STABLE16.tar.gz 1710035
+RMD160 a6a1de36baf28c36916e09a713ca30d33a10054a squid-2.6.STABLE16.tar.gz 1710035
+SHA256 0326bd0bb36d9f19349b5e103f94f675bd4ead225766645035b7bec7452fe72f squid-2.6.STABLE16.tar.gz 1710035
diff --git a/net-proxy/squid/files/squid-2.6.16-ToS_Hit_ToS_Preserve.patch b/net-proxy/squid/files/squid-2.6.16-ToS_Hit_ToS_Preserve.patch
new file mode 100644
index 000000000000..9c7639d8c382
--- /dev/null
+++ b/net-proxy/squid/files/squid-2.6.16-ToS_Hit_ToS_Preserve.patch
@@ -0,0 +1,216 @@
+diff -Nru squid-2.6.STABLE16.orig/src/cf.data.pre squid-2.6.STABLE16/src/cf.data.pre
+--- squid-2.6.STABLE16.orig/src/cf.data.pre	2007-09-08 08:27:44.000000000 +0300
++++ squid-2.6.STABLE16/src/cf.data.pre	2007-09-08 08:30:18.000000000 +0300
+@@ -1190,6 +1190,64 @@
+ 	to off when using this directive in such configurations.
+ DOC_END
+ 
++NAME: zph_tos_local
++TYPE: int
++DEFAULT: 0
++LOC: Config.zph_tos_local
++DOC_START
++	Allows you to select a TOS/Diffserv value to mark local hits. Read above
++	(tcp_outgoing_tos) for details/requirements about TOS.
++	Default: 0 (disabled).
++DOC_END
++
++NAME: zph_tos_peer
++TYPE: int
++DEFAULT: 0
++LOC: Config.zph_tos_peer
++DOC_START
++	Allows you to select a TOS/Diffserv value to mark peer hits. Read above
++	(tcp_outgoing_tos) for details/requirements about TOS.
++	Default: 0 (disabled).
++DOC_END
++
++NAME: zph_tos_parent
++COMMENT: on|off
++TYPE: onoff
++LOC: Config.onoff.zph_tos_parent
++DEFAULT: on
++DOC_START
++	Set this to off if you want only sibling hits to be marked.
++	If set to on (default), parent hits are being marked too.
++DOC_END
++
++NAME: zph_preserve_miss_tos
++COMMENT: on|off
++TYPE: onoff
++LOC: Config.onoff.zph_preserve_miss_tos
++DEFAULT: on
++DOC_START
++	If set to on (default), any HTTP response towards clients will
++	have the TOS value of the response comming from the remote
++	server masked with the value of zph_preserve_miss_tos_mask.
++	For this to work correctly, you will need to patch your linux
++	kernel with the TOS preserving ZPH patch.
++	Has no effect under FreeBSD, works only under linux ZPH patched
++	kernels.
++DOC_END
++
++NAME: zph_preserve_miss_tos_mask
++TYPE: int
++DEFAULT: 255
++LOC: Config.zph_preserve_miss_tos_mask
++DOC_START
++	Allows you to mask certain bits in the TOS received from the
++	remote server, before copying the value to the TOS send towards
++	clients.
++	See zph_preserve_miss_tos for details.
++	
++	Default: 255 (TOS from server is not changed).
++DOC_END
++
+ NAME: tcp_outgoing_address
+ TYPE: acl_address
+ DEFAULT: none
+diff -Nru squid-2.6.STABLE16.orig/src/client_side.c squid-2.6.STABLE16/src/client_side.c
+--- squid-2.6.STABLE16.orig/src/client_side.c	2007-09-08 08:27:44.000000000 +0300
++++ squid-2.6.STABLE16/src/client_side.c	2007-09-08 08:30:18.000000000 +0300
+@@ -2632,6 +2632,55 @@
+ 	return;
+     }
+     assert(http->out.offset == 0);
++	
++	if ( Config.zph_tos_local || Config.zph_tos_peer ||
++         (Config.onoff.zph_preserve_miss_tos && Config.zph_preserve_miss_tos_mask) )
++    {
++       int need_change = 0;
++       int hit = 0;
++       int tos = 0;
++       int tos_old = 0;
++       int tos_len = sizeof(tos_old);
++       int res;
++                   
++       if (Config.zph_tos_local && isTcpHit(http->log_type)) {     /* local hit */
++           hit = 1;
++           tos = Config.zph_tos_local;
++       } else if (Config.zph_tos_peer &&
++           (http->request->hier.code == SIBLING_HIT ||             /* sibling hit */
++           (Config.onoff.zph_tos_parent &&
++           http->request->hier.code == PARENT_HIT))) {             /* parent hit */
++           hit = 1;
++           tos = Config.zph_tos_peer;
++       }
++       if (http->request->flags.proxy_keepalive) {
++           if (getsockopt(fd, IPPROTO_IP, IP_TOS, &tos_old, &tos_len) < 0) {
++               debug(33, 1) ("ZPH: getsockopt(IP_TOS) on FD %d: %s\n", fd, xstrerror());
++           } else if (hit && tos_old != tos) {     /* HIT: 1-st request, or previous was MISS, */
++               need_change = 1;                    /* or local/parent hit change */
++           } else if (!hit && (tos_old ||  /* MISS: previous was HIT */
++                            Config.onoff.zph_preserve_miss_tos)) { /* TOS copying is on */
++#if defined(_SQUID_LINUX_)			    
++                   if ( Config.onoff.zph_preserve_miss_tos ) {
++                     tos = (entry->mem_obj != NULL) ?
++                           (entry->mem_obj->recvTOS & Config.zph_preserve_miss_tos_mask):0;
++                   } else tos = 0;
++#else
++		    tos = 0;
++#endif		   
++               need_change = 1;
++           } 
++       } else if (hit) {                           /* no keepalive */
++           need_change = 1;
++       }
++       if (need_change) {
++           if (!hit) enter_suid(); /* Setting TOS bit6-7 is privilleged */
++           res = setsockopt(fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
++           if (!hit) leave_suid(); /* Setting bit5-7 is privilleged */
++           if ( res < 0)
++               debug(33, 1) ("ZPH: setsockopt(IP_TOS) on FD %d: %s\n", fd, xstrerror());
++       }
++    }
+     rep = http->reply = clientBuildReply(http, buf, size);
+     if (!rep) {
+ 	/* Forward as HTTP/0.9 body with no reply */
+diff -Nru squid-2.6.STABLE16.orig/src/http.c squid-2.6.STABLE16/src/http.c
+--- squid-2.6.STABLE16.orig/src/http.c	2007-07-22 00:05:55.000000000 +0300
++++ squid-2.6.STABLE16/src/http.c	2007-09-08 08:30:18.000000000 +0300
+@@ -1391,6 +1391,53 @@
+     peer *p = httpState->peer;
+     CWCB *sendHeaderDone;
+     int fd = httpState->fd;
++    
++#if defined(_SQUID_LINUX_)    
++/* ZPH patch starts here (M.Stavrev 25-05-2005)
++ * Retrieve connection peer's TOS value (which its SYN_ACK TCP segment
++ * was encapsulated into an IP packet)
++ */
++    int tos, tos_len;
++    if ( entry && entry->mem_obj ) { // Is this check necessary ? Seems not, but
++				 // have no time to investigate further.
++	    entry->mem_obj->recvTOS = 0;
++	    tos = 1;
++	    tos_len = sizeof(tos);
++	 	if ( setsockopt(fd,SOL_IP, IP_RECVTOS, &tos, tos_len) == 0 ) {
++		    unsigned char buf[128];
++		    int len = 128;
++		    if (getsockopt(fd, SOL_IP, IP_PKTOPTIONS, buf, &len) == 0)
++		    {
++		    	/* Parse the PKTOPTIONS structure to locate the TOS data message
++		    	 * prepared in the kernel by the ZPH incoming TCP TOS preserving
++		    	 * patch. In 99,99% the TOS should be located at buf[12], but
++		    	 * let's do it the right way.
++		    	 */
++		    	unsigned char * p = buf;
++		    	while ( p-buf < len ) {
++		    		struct cmsghdr * o = (struct cmsghdr*)p;
++		    		if ( o->cmsg_len <= 0 || o->cmsg_len > 52 )
++		    		   break;
++		    		if ( o->cmsg_level == SOL_IP && o->cmsg_type == IP_TOS ) {
++	    			   entry->mem_obj->recvTOS = (unsigned char)(*(int*)
++			    	   						(p + sizeof(struct cmsghdr)));
++				       debug(11, 5) ("ZPH: Incomming TOS=%d on FD %d\n",
++				       			entry->mem_obj->recvTOS, fd );
++			    	   break;
++		    		}
++		    		p += o->cmsg_len;
++		    	}
++		    } else {
++		    	debug(11, 5) ("ZPH: getsockopt(IP_PKTOPTIONS) on FD %d: %s\n",
++		    				 fd, xstrerror());
++		    }
++		} else {
++	    	debug(11, 5) ("ZPH: setsockopt(IP_RECVTOS) on FD %d: %s\n",
++	    					 fd, xstrerror());
++		}
++    }
++/* ZPH patch ends here */    
++#endif
+ 
+     debug(11, 5) ("httpSendRequest: FD %d: httpState %p.\n", fd, httpState);
+ 
+diff -Nru squid-2.6.STABLE16.orig/src/structs.h squid-2.6.STABLE16/src/structs.h
+--- squid-2.6.STABLE16.orig/src/structs.h	2007-09-06 00:28:34.000000000 +0300
++++ squid-2.6.STABLE16/src/structs.h	2007-09-08 08:30:18.000000000 +0300
+@@ -669,6 +669,8 @@
+ 	int relaxed_header_parser;
+ 	int accel_no_pmtu_disc;
+ 	int global_internal_static;
++	int zph_tos_parent;
++	int zph_preserve_miss_tos;	
+ 	int httpd_suppress_version_string;
+ 	int via;
+ 	int check_hostnames;
+@@ -793,6 +795,9 @@
+     int sleep_after_fork;	/* microseconds */
+     time_t minimum_expiry_time;	/* seconds */
+     external_acl *externalAclHelperList;
++	int zph_tos_local;
++   	int zph_tos_peer;
++	int zph_preserve_miss_tos_mask;    
+     errormap *errorMapList;
+ #if USE_SSL
+     struct {
+@@ -1724,6 +1729,9 @@
+     const char *vary_encoding;
+     StoreEntry *ims_entry;
+     time_t refresh_timestamp;
++#if defined(_SQUID_LINUX_)    
++    unsigned char recvTOS; /* ZPH patch - stores remote server's TOS */
++#endif	
+ };
+ 
+ struct _StoreEntry {
diff --git a/net-proxy/squid/files/squid-2.6.16-gentoo.patch b/net-proxy/squid/files/squid-2.6.16-gentoo.patch
new file mode 100644
index 000000000000..0f1a8ecbabc7
--- /dev/null
+++ b/net-proxy/squid/files/squid-2.6.16-gentoo.patch
@@ -0,0 +1,325 @@
+diff -Nru squid-2.6.STABLE16.orig/helpers/basic_auth/MSNT/confload.c squid-2.6.STABLE16/helpers/basic_auth/MSNT/confload.c
+--- squid-2.6.STABLE16.orig/helpers/basic_auth/MSNT/confload.c	2002-06-26 22:09:48.000000000 +0300
++++ squid-2.6.STABLE16/helpers/basic_auth/MSNT/confload.c	2007-09-08 08:04:09.000000000 +0300
+@@ -24,7 +24,7 @@
+ 
+ /* Path to configuration file */
+ #ifndef SYSCONFDIR
+-#define SYSCONFDIR "/usr/local/squid/etc"
++#define SYSCONFDIR "/etc/squid"
+ #endif
+ #define CONFIGFILE   SYSCONFDIR "/msntauth.conf"
+ 
+diff -Nru squid-2.6.STABLE16.orig/helpers/basic_auth/MSNT/msntauth.conf.default squid-2.6.STABLE16/helpers/basic_auth/MSNT/msntauth.conf.default
+--- squid-2.6.STABLE16.orig/helpers/basic_auth/MSNT/msntauth.conf.default	2002-06-26 21:44:28.000000000 +0300
++++ squid-2.6.STABLE16/helpers/basic_auth/MSNT/msntauth.conf.default	2007-09-08 08:04:09.000000000 +0300
+@@ -8,6 +8,6 @@
+ server other_PDC	other_BDC	otherdomain
+ 
+ # Denied and allowed users. Comment these if not needed.
+-#denyusers	/usr/local/squid/etc/msntauth.denyusers
+-#allowusers	/usr/local/squid/etc/msntauth.allowusers
++#denyusers	/etc/squid/msntauth.denyusers
++#allowusers	/etc/squid/msntauth.allowusers
+ 
+diff -Nru squid-2.6.STABLE16.orig/helpers/basic_auth/SMB/Makefile.am squid-2.6.STABLE16/helpers/basic_auth/SMB/Makefile.am
+--- squid-2.6.STABLE16.orig/helpers/basic_auth/SMB/Makefile.am	2005-05-17 19:56:26.000000000 +0300
++++ squid-2.6.STABLE16/helpers/basic_auth/SMB/Makefile.am	2007-09-08 08:04:09.000000000 +0300
+@@ -14,7 +14,7 @@
+ ## FIXME: autoconf should test for the samba path.
+ 
+ SMB_AUTH_HELPER	= smb_auth.sh
+-SAMBAPREFIX=/usr/local/samba
++SAMBAPREFIX=/usr
+ SMB_AUTH_HELPER_PATH = $(libexecdir)/$(SMB_AUTH_HELPER)
+ 
+ libexec_SCRIPTS	= $(SMB_AUTH_HELPER)
+diff -Nru squid-2.6.STABLE16.orig/helpers/basic_auth/SMB/smb_auth.sh squid-2.6.STABLE16/helpers/basic_auth/SMB/smb_auth.sh
+--- squid-2.6.STABLE16.orig/helpers/basic_auth/SMB/smb_auth.sh	2001-01-08 01:36:46.000000000 +0200
++++ squid-2.6.STABLE16/helpers/basic_auth/SMB/smb_auth.sh	2007-09-08 08:04:09.000000000 +0300
+@@ -24,7 +24,7 @@
+ read AUTHSHARE
+ read AUTHFILE
+ read SMBUSER
+-read SMBPASS
++read -r SMBPASS
+ 
+ # Find domain controller
+ echo "Domain name: $DOMAINNAME"
+@@ -47,7 +47,7 @@
+   addropt=""
+ fi
+ echo "Query address options: $addropt"
+-dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'`
++dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'`
+ echo "Domain controller IP address: $dcip"
+ [ -n "$dcip" ] || exit 1
+ 
+diff -Nru squid-2.6.STABLE16.orig/helpers/external_acl/session/squid_session.8 squid-2.6.STABLE16/helpers/external_acl/session/squid_session.8
+--- squid-2.6.STABLE16.orig/helpers/external_acl/session/squid_session.8	2007-01-06 19:28:35.000000000 +0200
++++ squid-2.6.STABLE16/helpers/external_acl/session/squid_session.8	2007-09-08 08:25:28.000000000 +0300
+@@ -35,7 +35,7 @@
+ .P
+ Configuration example using the default automatic mode
+ .IP
+-external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/local/squid/libexec/squid_session
++external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/libexec/squid/squid_session
+ .IP
+ acl session external session
+ .IP
+diff -Nru squid-2.6.STABLE16.orig/helpers/external_acl/unix_group/squid_unix_group.8 squid-2.6.STABLE16/helpers/external_acl/unix_group/squid_unix_group.8
+--- squid-2.6.STABLE16.orig/helpers/external_acl/unix_group/squid_unix_group.8	2006-05-14 18:07:24.000000000 +0300
++++ squid-2.6.STABLE16/helpers/external_acl/unix_group/squid_unix_group.8	2007-09-08 08:25:45.000000000 +0300
+@@ -27,7 +27,7 @@
+ This squid.conf example defines two Squid acls. usergroup1 matches users in group1, and usergroup2
+ matches users in group2 or group3
+ .IP
+-external_acl_type unix_group %LOGIN /usr/local/squid/libexec/squid_unix_group -p
++external_acl_type unix_group %LOGIN /usr/libexec/squid/squid_unix_group -p
+ .IP
+ acl usergroup1 external unix_group group1
+ .IP
+diff -Nru squid-2.6.STABLE16.orig/src/access_log.c squid-2.6.STABLE16/src/access_log.c
+--- squid-2.6.STABLE16.orig/src/access_log.c	2007-06-03 03:40:32.000000000 +0300
++++ squid-2.6.STABLE16/src/access_log.c	2007-09-08 08:04:28.000000000 +0300
+@@ -1225,7 +1225,7 @@
+ 	LogfileStatus = LOG_ENABLE;
+     }
+ #if HEADERS_LOG
+-    headerslog = logfileOpen("/usr/local/squid/logs/headers.log", MAX_URL << 1, 0);
++    headerslog = logfileOpen("/var/log/squid/headers.log", MAX_URL << 1, 0);
+     assert(NULL != headerslog);
+ #endif
+ #if FORW_VIA_DB
+diff -Nru squid-2.6.STABLE16.orig/src/cf.data.pre squid-2.6.STABLE16/src/cf.data.pre
+--- squid-2.6.STABLE16.orig/src/cf.data.pre	2007-09-06 00:50:15.000000000 +0300
++++ squid-2.6.STABLE16/src/cf.data.pre	2007-09-08 08:19:51.000000000 +0300
+@@ -640,6 +640,8 @@
+ acl Safe_ports port 488		# gss-http
+ acl Safe_ports port 591		# filemaker
+ acl Safe_ports port 777		# multiling http
++acl Safe_ports port 901		# SWAT
++acl purge method PURGE
+ acl CONNECT method CONNECT
+ NOCOMMENT_END
+ DOC_END
+@@ -673,6 +675,9 @@
+ # Only allow cachemgr access from localhost
+ http_access allow manager localhost
+ http_access deny manager
++# Only allow purge requests from localhost
++http_access allow purge localhost
++http_access deny purge
+ # Deny requests to unknown ports
+ http_access deny !Safe_ports
+ # Deny CONNECT to other than SSL ports
+@@ -691,6 +696,9 @@
+ #acl our_networks src 192.168.1.0/24 192.168.2.0/24
+ #http_access allow our_networks
+ 
++# Allow the localhost to have access by default
++http_access allow localhost
++
+ # And finally deny all other access to this proxy
+ http_access deny all
+ NOCOMMENT_END
+@@ -3342,11 +3350,11 @@
+ 
+ NAME: cache_mgr
+ TYPE: string
+-DEFAULT: webmaster
++DEFAULT: root
+ LOC: Config.adminEmail
+ DOC_START
+ 	Email-address of local cache manager who will receive
+-	mail if the cache dies. The default is "webmaster".
++	mail if the cache dies. The default is "root".
+ DOC_END
+ 
+ NAME: mail_from
+@@ -3374,12 +3382,12 @@
+ 
+ NAME: cache_effective_user
+ TYPE: string
+-DEFAULT: nobody
++DEFAULT: squid
+ LOC: Config.effectiveUser
+ DOC_START
+ 	If you start Squid as root, it will change its effective/real
+ 	UID/GID to the user specified below.  The default is to change
+-	to UID to nobody.  If you define cache_effective_user, but not
++	to UID to squid.  If you define cache_effective_user, but not
+ 	cache_effective_group, Squid sets the GID to the effective
+ 	user's default group ID (taken from the password file) and
+ 	supplementary group list from the from groups membership of
+@@ -4018,12 +4026,12 @@
+ NAME: snmp_port
+ TYPE: ushort
+ LOC: Config.Port.snmp
+-DEFAULT: 3401
++DEFAULT: 0
+ IFDEF: SQUID_SNMP
+ DOC_START
+ 	Squid can now serve statistics and status information via SNMP.
+-	By default it listens to port 3401 on the machine. If you don't
+-	wish to use SNMP, set this to "0".
++	By default snmp_port is disabled. If you wish to use SNMP, 
++	set this to "3401" (or any other number you like).
+ DOC_END
+ 
+ NAME: snmp_access
+@@ -4094,12 +4102,12 @@
+ NAME: htcp_port
+ IFDEF: USE_HTCP
+ TYPE: ushort
+-DEFAULT: 4827
++DEFAULT: 0
+ LOC: Config.Port.htcp
+ DOC_START
+ 	The port number where Squid sends and receives HTCP queries to
+-	and from neighbor caches.  Default is 4827.  To disable use
+-	"0".
++	and from neighbor caches.  To turn it on you want to set it to
++	4827.  By default it is set to "0" (disabled).
+ DOC_END
+ 
+ NAME: log_icp_queries
+@@ -4936,6 +4944,9 @@
+ 	If you disable this, it will appear as
+ 
+ 		X-Forwarded-For: unknown
++NOCOMMENT_START
++forwarded_for off
++NOCOMMENT_END
+ DOC_END
+ 
+ NAME: cachemgr_passwd
+diff -Nru squid-2.6.STABLE16.orig/src/client_side.c squid-2.6.STABLE16/src/client_side.c
+--- squid-2.6.STABLE16.orig/src/client_side.c	2007-09-03 16:13:36.000000000 +0300
++++ squid-2.6.STABLE16/src/client_side.c	2007-09-08 08:04:36.000000000 +0300
+@@ -4597,14 +4597,7 @@
+ 	debug(83, 2) ("clientNegotiateSSL: Session %p reused on FD %d (%s:%d)\n", SSL_get_session(ssl), fd, fd_table[fd].ipaddr, (int) fd_table[fd].remote_port);
+     } else {
+ 	if (do_debug(83, 4)) {
+-	    /* Write out the SSL session details.. actually the call below, but
+-	     * OpenSSL headers do strange typecasts confusing GCC.. */
+-	    /* PEM_write_SSL_SESSION(debug_log, SSL_get_session(ssl)); */
+-#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x00908000L
+-	    PEM_ASN1_write((i2d_of_void *) i2d_SSL_SESSION, PEM_STRING_SSL_SESSION, debug_log, (char *) SSL_get_session(ssl), NULL, NULL, 0, NULL, NULL);
+-#else
+ 	    PEM_ASN1_write(i2d_SSL_SESSION, PEM_STRING_SSL_SESSION, debug_log, (char *) SSL_get_session(ssl), NULL, NULL, 0, NULL, NULL);
+-#endif
+ 	    /* Note: This does not automatically fflush the log file.. */
+ 	}
+ 	debug(83, 2) ("clientNegotiateSSL: New session %p on FD %d (%s:%d)\n", SSL_get_session(ssl), fd, fd_table[fd].ipaddr, (int) fd_table[fd].remote_port);
+diff -Nru squid-2.6.STABLE16.orig/src/defines.h squid-2.6.STABLE16/src/defines.h
+--- squid-2.6.STABLE16.orig/src/defines.h	2007-02-04 00:58:20.000000000 +0200
++++ squid-2.6.STABLE16/src/defines.h	2007-09-08 08:04:36.000000000 +0300
+@@ -259,7 +259,7 @@
+ 
+ /* were to look for errors if config path fails */
+ #ifndef DEFAULT_SQUID_ERROR_DIR
+-#define DEFAULT_SQUID_ERROR_DIR "/usr/local/squid/etc/errors"
++#define DEFAULT_SQUID_ERROR_DIR "/usr/share/squid/errors/English"
+ #endif
+ 
+ /* gb_type operations */
+diff -Nru squid-2.6.STABLE16.orig/src/main.c squid-2.6.STABLE16/src/main.c
+--- squid-2.6.STABLE16.orig/src/main.c	2007-08-31 16:52:10.000000000 +0300
++++ squid-2.6.STABLE16/src/main.c	2007-09-08 08:04:43.000000000 +0300
+@@ -372,6 +372,22 @@
+     asnFreeMemory();
+ }
+ 
++#if USE_UNLINKD
++static int
++needUnlinkd(void)
++{
++    int i;
++    int r = 0;
++    for (i = 0; i < Config.cacheSwap.n_configured; i++) {
++       if (strcmp(Config.cacheSwap.swapDirs[i].type, "ufs") == 0 ||
++           strcmp(Config.cacheSwap.swapDirs[i].type, "aufs") == 0 ||
++           strcmp(Config.cacheSwap.swapDirs[i].type, "diskd") == 0)
++          r++;
++    }
++    return r;
++}
++#endif
++
+ static void
+ mainReconfigure(void)
+ {
+@@ -395,6 +411,7 @@
+     locationRewriteShutdown();
+     authenticateShutdown();
+     externalAclShutdown();
++    unlinkdClose();
+     storeDirCloseSwapLogs();
+     storeLogClose();
+     accessLogClose();
+@@ -430,6 +447,9 @@
+ #if USE_WCCPv2
+     wccp2Init();
+ #endif
++#if USE_UNLINKD
++    if (needUnlinkd()) unlinkdInit();
++#endif
+     serverConnectionsOpen();
+     neighbors_init();
+     storeDirOpenSwapLogs();
+@@ -593,7 +613,7 @@
+ 
+     if (!configured_once) {
+ #if USE_UNLINKD
+-	unlinkdInit();
++	if (needUnlinkd()) unlinkdInit();
+ #endif
+ 	urlInitialize();
+ 	cachemgrInit();
+@@ -972,7 +992,7 @@
+     int nullfd;
+     if (*(argv[0]) == '(')
+ 	return;
+-    openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
++    openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON);
+     if ((pid = fork()) < 0)
+ 	syslog(LOG_ALERT, "fork failed: %s", xstrerror());
+     else if (pid > 0)
+@@ -1008,7 +1028,7 @@
+ 	mainStartScript(argv[0]);
+ 	if ((pid = fork()) == 0) {
+ 	    /* child */
+-	    openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
++	    openlog(appname, LOG_PID | LOG_NDELAY, LOG_LOCAL4);
+ 	    prog = xstrdup(argv[0]);
+ 	    argv[0] = xstrdup("(squid)");
+ 	    execvp(prog, argv);
+@@ -1016,7 +1036,7 @@
+ 	    exit(1);
+ 	}
+ 	/* parent */
+-	openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
++	openlog(appname, LOG_PID | LOG_NDELAY, LOG_LOCAL4);
+ 	syslog(LOG_NOTICE, "Squid Parent: child process %d started", pid);
+ 	time(&start);
+ 	squid_signal(SIGINT, SIG_IGN, SA_RESTART);
+diff -Nru squid-2.6.STABLE16.orig/src/Makefile.am squid-2.6.STABLE16/src/Makefile.am
+--- squid-2.6.STABLE16.orig/src/Makefile.am	2007-09-06 00:50:15.000000000 +0300
++++ squid-2.6.STABLE16/src/Makefile.am	2007-09-08 08:04:43.000000000 +0300
+@@ -325,12 +325,12 @@
+ DEFAULT_CONFIG_FILE     = $(sysconfdir)/squid.conf
+ DEFAULT_MIME_TABLE	= $(sysconfdir)/mime.conf
+ DEFAULT_DNSSERVER       = $(libexecdir)/`echo dnsserver | sed '$(transform);s/$$/$(EXEEXT)/'`
+-DEFAULT_LOG_PREFIX	= $(localstatedir)/logs
++DEFAULT_LOG_PREFIX	= $(localstatedir)/log/squid
+ DEFAULT_CACHE_LOG       = $(DEFAULT_LOG_PREFIX)/cache.log
+ DEFAULT_ACCESS_LOG      = $(DEFAULT_LOG_PREFIX)/access.log
+ DEFAULT_STORE_LOG       = $(DEFAULT_LOG_PREFIX)/store.log
+-DEFAULT_PID_FILE        = $(DEFAULT_LOG_PREFIX)/squid.pid
+-DEFAULT_SWAP_DIR        = $(localstatedir)/cache
++DEFAULT_PID_FILE        = $(localstatedir)/run/squid.pid
++DEFAULT_SWAP_DIR        = $(localstatedir)/cache/squid
+ DEFAULT_PINGER		= $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'`
+ DEFAULT_UNLINKD		= $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'`
+ DEFAULT_DISKD		= $(libexecdir)/`echo diskd-daemon | sed '$(transform);s/$$/$(EXEEXT)/'`
diff --git a/net-proxy/squid/files/squid-2.6.16-qos.patch b/net-proxy/squid/files/squid-2.6.16-qos.patch
new file mode 100644
index 000000000000..19338ffc1def
--- /dev/null
+++ b/net-proxy/squid/files/squid-2.6.16-qos.patch
@@ -0,0 +1,322 @@
+diff -Nru squid-2.6.STABLE16.orig/src/cache_cf.c squid-2.6.STABLE16/src/cache_cf.c
+--- squid-2.6.STABLE16.orig/src/cache_cf.c	2007-08-31 16:49:54.000000000 +0300
++++ squid-2.6.STABLE16/src/cache_cf.c	2007-09-08 09:25:35.000000000 +0300
+@@ -891,6 +891,65 @@
+     }
+ }
+ 
++CBDATA_TYPE(acl_priority);
++
++static void
++dump_acl_priority(StoreEntry * entry, const char *name, acl_priority * head)
++{
++    acl_priority *l;
++    for (l = head; l; l = l->next) {
++	if (l->priority > 0)
++	    storeAppendPrintf(entry, "%s %04X:%04X", name,
++	                      l->priority >> 16, l->priority & 0xFFFF);
++	else
++	    storeAppendPrintf(entry, "%s none", name);
++	dump_acl_list(entry, l->acl_list);
++	storeAppendPrintf(entry, "\n");
++    }
++}
++
++static void
++freed_acl_priority(void *data)
++{
++    acl_priority *l = data;
++    aclDestroyAclList(&l->acl_list);
++}
++
++static void
++parse_acl_priority(acl_priority ** head)
++{
++    acl_priority *l;
++    acl_priority **tail = head;	/* sane name below */
++    unsigned long priority, t1, t2;
++    char junk;
++    char *token = strtok(NULL, w_space);
++    if (!token)
++	self_destruct();
++    if (sscanf(token, "%x:%x%c", &t1, &t2, &junk) != 2)
++	self_destruct();
++    if (t1 < 0 || t1 > 0xFFFF || t2 < 0 || t2 > 0xFFFF)
++	self_destruct();
++    priority = t1 << 16 | t2;
++    CBDATA_INIT_TYPE_FREECB(acl_priority, freed_acl_priority);
++    l = cbdataAlloc(acl_priority);
++    l->priority = priority;
++    aclParseAclList(&l->acl_list);
++    while (*tail)
++	tail = &(*tail)->next;
++    *tail = l;
++}
++
++static void
++free_acl_priority(acl_priority ** head)
++{
++    while (*head) {
++	acl_priority *l = *head;
++	*head = l->next;
++	l->next = NULL;
++	cbdataFree(l);
++    }
++}
++
+ #if DELAY_POOLS
+ 
+ /* do nothing - free_delay_pool_count is the magic free function.
+diff -Nru squid-2.6.STABLE16.orig/src/cf.data.depend squid-2.6.STABLE16/src/cf.data.depend
+--- squid-2.6.STABLE16.orig/src/cf.data.depend	2007-09-06 00:50:15.000000000 +0300
++++ squid-2.6.STABLE16/src/cf.data.depend	2007-09-08 09:25:54.000000000 +0300
+@@ -5,6 +5,7 @@
+ acl_address		acl
+ acl_b_size_t		acl
+ acl_tos			acl
++acl_priority	acl
+ address
+ authparam
+ b_int64_t
+diff -Nru squid-2.6.STABLE16.orig/src/cf.data.pre squid-2.6.STABLE16/src/cf.data.pre
+--- squid-2.6.STABLE16.orig/src/cf.data.pre	2007-09-08 09:25:07.000000000 +0300
++++ squid-2.6.STABLE16/src/cf.data.pre	2007-09-08 09:25:35.000000000 +0300
+@@ -1248,6 +1248,27 @@
+ 	Default: 255 (TOS from server is not changed).
+ DOC_END
+ 
++NAME: tcp_outgoing_priority
++TYPE: acl_priority
++DEFAULT: none
++LOC: Config.accessList.outgoing_priority
++DOC_START
++	Allows you to select the priority of the outgoing connection, 
++	based on the username or source address making the request. The
++	priority can be used by Linux QoS Qdiscs for classification.
++
++	tcp_outgoing_priority priority [!]aclname ...
++
++	Example where requests from special_service_net are assigned
++	priority 10:100
++
++	acl special_service_net src 10.0.0.0/255.255.255.0
++	tcp_outgoing_priority 10:100 special_service_net
++
++	Processing proceeds in the order specified, and stops at first fully
++	matching line.
++DOC_END
++
+ NAME: tcp_outgoing_address
+ TYPE: acl_address
+ DEFAULT: none
+diff -Nru squid-2.6.STABLE16.orig/src/comm.c squid-2.6.STABLE16/src/comm.c
+--- squid-2.6.STABLE16.orig/src/comm.c	2007-04-17 12:39:56.000000000 +0300
++++ squid-2.6.STABLE16/src/comm.c	2007-09-08 09:25:35.000000000 +0300
+@@ -162,7 +162,7 @@
+     int flags,
+     const char *note)
+ {
+-    return comm_openex(sock_type, proto, addr, port, flags, 0, note);
++    return comm_openex(sock_type, proto, addr, port, flags, 0, 0, note);
+ }
+ 
+ 
+@@ -175,10 +175,12 @@
+     u_short port,
+     int flags,
+     unsigned char TOS,
++    unsigned long PRIORITY,
+     const char *note)
+ {
+     int new_socket;
+     int tos = 0;
++    unsigned long priority = 0;
+     fde *F = NULL;
+ 
+     /* Create socket for accepting new connections. */
+@@ -209,12 +211,25 @@
+ 	debug(5, 0) ("comm_open: setsockopt(IP_TOS) not supported on this platform\n");
+ #endif
+     }
++    if (PRIORITY) {
++#ifdef SO_PRIORITY
++	priority = PRIORITY;
++        enter_suid();
++	if (setsockopt(new_socket, SOL_SOCKET, SO_PRIORITY, (char *) &priority, sizeof(unsigned long)) < 0)
++		debug(50, 1) ("comm_open: setsockopt(SO_PRIORITY) on FD %d: %s\n",
++		new_socket, xstrerror());
++        leave_suid();
++#else
++	debug(50, 0) ("comm_open: setsockopt(SO_PRIORITY) not supported on this platform\n");
++#endif
++    }
+     /* update fdstat */
+     debug(5, 5) ("comm_open: FD %d is a new socket\n", new_socket);
+     fd_open(new_socket, FD_SOCKET, note);
+     F = &fd_table[new_socket];
+     F->local_addr = addr;
+     F->tos = tos;
++    F->priority = priority;
+     if (!(flags & COMM_NOCLOEXEC))
+ 	commSetCloseOnExec(new_socket);
+     if ((flags & COMM_REUSEADDR))
+@@ -382,6 +397,15 @@
+ 	        debug(5, 1) ("commResetFD: setsockopt(IP_TOS) on FD %d: %s\n", cs->fd, xstrerror());
+     }
+ #endif
++#ifdef SO_PRIORITY
++    if (F->priority) {
++        unsigned long priority = F->priority;
++        enter_suid();
++	if (setsockopt(cs->fd, SOL_SOCKET, SO_PRIORITY, (char *)&priority, sizeof(unsigned long)) < 0)
++		debug(50, 1) ("commResetFD: setsockopt(SO_PRIORITY) on FD %d: %s\n", cs->fd, xstrerror());
++        leave_suid();
++    }
++#endif
+     if (F->flags.close_on_exec)
+ 	commSetCloseOnExec(cs->fd);
+     if (F->flags.nonblocking)
+diff -Nru squid-2.6.STABLE16.orig/src/forward.c squid-2.6.STABLE16/src/forward.c
+--- squid-2.6.STABLE16.orig/src/forward.c	2007-09-06 00:28:34.000000000 +0300
++++ squid-2.6.STABLE16/src/forward.c	2007-09-08 09:25:35.000000000 +0300
+@@ -418,6 +418,17 @@
+     return 0;
+ }
+ 
++static unsigned long
++aclMapPriority(acl_priority * head, aclCheck_t * ch)
++{
++    acl_priority *l;
++    for (l = head; l; l = l->next) {
++        if (aclMatchAclList(l->acl_list, ch))
++            return l->priority;
++    }
++    return 0;
++}
++
+ struct in_addr
+ getOutgoingAddr(request_t * request)
+ {
+@@ -446,6 +457,20 @@
+     return aclMapTOS(Config.accessList.outgoing_tos, &ch);
+ }
+ 
++unsigned long
++getOutgoingPriority(request_t * request)
++{
++    aclCheck_t ch;
++    memset(&ch, '\0', sizeof(aclCheck_t));
++    if (request) {
++        ch.src_addr = request->client_addr;
++	ch.my_addr = request->my_addr;
++	ch.my_port = request->my_port;
++	ch.request = request;
++    }
++    return aclMapPriority(Config.accessList.outgoing_priority, &ch);
++}
++
+ static void
+ fwdConnectStart(void *data)
+ {
+@@ -462,6 +487,7 @@
+     int ftimeout = Config.Timeout.forward - (squid_curtime - fwdState->start);
+     struct in_addr outgoing;
+     unsigned short tos;
++    unsigned long priority;
+ #if LINUX_TPROXY
+     struct in_tproxy itp;
+ #endif
+@@ -547,15 +573,17 @@
+ #endif
+     outgoing = getOutgoingAddr(fwdState->request);
+     tos = getOutgoingTOS(fwdState->request);
++    priority = getOutgoingPriority(fwdState->request);
+ 
+-    debug(17, 3) ("fwdConnectStart: got addr %s, tos %d\n",
+-	inet_ntoa(outgoing), tos);
++    debug(17, 3) ("fwdConnectStart: got addr %s, tos %d, priority %lu\n",
++	inet_ntoa(outgoing), tos, priority);
+     fd = comm_openex(SOCK_STREAM,
+ 	IPPROTO_TCP,
+ 	outgoing,
+ 	0,
+ 	COMM_NONBLOCKING,
+ 	tos,
++	priority,
+ 	url);
+     if (fd < 0) {
+ 	debug(50, 4) ("fwdConnectStart: %s\n", xstrerror());
+diff -Nru squid-2.6.STABLE16.orig/src/protos.h squid-2.6.STABLE16/src/protos.h
+--- squid-2.6.STABLE16.orig/src/protos.h	2007-07-15 12:52:17.000000000 +0300
++++ squid-2.6.STABLE16/src/protos.h	2007-09-08 09:25:35.000000000 +0300
+@@ -160,7 +160,7 @@
+ extern void comm_init(void);
+ extern int comm_listen(int sock);
+ extern int comm_open(int, int, struct in_addr, u_short port, int, const char *note);
+-extern int comm_openex(int, int, struct in_addr, u_short, int, unsigned char TOS, const char *);
++extern int comm_openex(int, int, struct in_addr, u_short, int, unsigned char TOS, unsigned long PRIORITY, const char *);
+ extern u_short comm_local_port(int fd);
+ 
+ extern void commDeferFD(int fd);
+@@ -735,6 +735,7 @@
+ #endif
+ struct in_addr getOutgoingAddr(request_t * request);
+ unsigned long getOutgoingTOS(request_t * request);
++unsigned long getOutgoingPriority(request_t * request);
+ 
+ extern void urnStart(request_t *, StoreEntry *);
+ 
+diff -Nru squid-2.6.STABLE16.orig/src/ssl.c squid-2.6.STABLE16/src/ssl.c
+--- squid-2.6.STABLE16.orig/src/ssl.c	2007-02-03 23:53:38.000000000 +0200
++++ squid-2.6.STABLE16/src/ssl.c	2007-09-08 09:25:35.000000000 +0300
+@@ -524,6 +524,7 @@
+ 	0,
+ 	COMM_NONBLOCKING,
+ 	getOutgoingTOS(request),
+++	getOutgoingPriority(request),
+ 	url);
+     if (sock == COMM_ERROR) {
+ 	debug(26, 4) ("sslStart: Failed because we're out of sockets.\n");
+diff -Nru squid-2.6.STABLE16.orig/src/structs.h squid-2.6.STABLE16/src/structs.h
+--- squid-2.6.STABLE16.orig/src/structs.h	2007-09-08 09:25:07.000000000 +0300
++++ squid-2.6.STABLE16/src/structs.h	2007-09-08 09:25:35.000000000 +0300
+@@ -296,6 +296,12 @@
+     int tos;
+ };
+ 
++struct _acl_priority {
++    acl_priority *next;
++    acl_list *acl_list;
++    unsigned long priority;
++};
++
+ struct _aclCheck_t {
+     const acl_access *access_list;
+     struct in_addr src_addr;
+@@ -705,6 +711,7 @@
+ 	acl_access *reply;
+ 	acl_address *outgoing_address;
+ 	acl_tos *outgoing_tos;
++	acl_priority *outgoing_priority;
+ #if USE_HTCP
+ 	acl_access *htcp;
+ 	acl_access *htcp_clr;
+@@ -876,6 +883,7 @@
+     u_short remote_port;
+     struct in_addr local_addr;
+     unsigned char tos;
++    unsigned long priority;
+     char ipaddr[16];		/* dotted decimal address of peer */
+     char desc[FD_DESC_SZ];
+     struct {
+diff -Nru squid-2.6.STABLE16.orig/src/typedefs.h squid-2.6.STABLE16/src/typedefs.h
+--- squid-2.6.STABLE16.orig/src/typedefs.h	2006-09-02 17:08:42.000000000 +0300
++++ squid-2.6.STABLE16/src/typedefs.h	2007-09-08 09:25:35.000000000 +0300
+@@ -102,6 +102,7 @@
+ typedef struct _acl_access acl_access;
+ typedef struct _acl_address acl_address;
+ typedef struct _acl_tos acl_tos;
++typedef struct _acl_priority acl_priority;
+ typedef struct _aclCheck_t aclCheck_t;
+ typedef struct _wordlist wordlist;
+ typedef struct _intlist intlist;
diff --git a/net-proxy/squid/squid-2.6.16.ebuild b/net-proxy/squid/squid-2.6.16.ebuild
new file mode 100644
index 000000000000..e5928dfe3b82
--- /dev/null
+++ b/net-proxy/squid/squid-2.6.16.ebuild
@@ -0,0 +1,194 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-2.6.16.ebuild,v 1.1 2007/09/08 07:28:04 mrness Exp $
+
+WANT_AUTOCONF="latest"
+WANT_AUTOMAKE="latest"
+
+inherit eutils pam toolchain-funcs flag-o-matic autotools linux-info
+
+#lame archive versioning scheme..
+S_PMV="${PV%%.*}"
+S_PV="${PV%.*}"
+S_PL="${PV##*.}"
+S_PL="${S_PL/_rc/-RC}"
+S_PP="${PN}-${S_PV}.STABLE${S_PL}"
+
+DESCRIPTION="A full-featured web proxy cache"
+HOMEPAGE="http://www.squid-cache.org/"
+SRC_URI="http://www.squid-cache.org/Versions/v${S_PMV}/${S_PV}/${S_PP}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="pam ldap samba sasl nis ssl snmp selinux logrotate qos zero-penalty-hit \
+	pf-transparent ipf-transparent \
+	elibc_uclibc kernel_linux"
+
+DEPEND="pam? ( virtual/pam )
+	ldap? ( >=net-nds/openldap-2.1.26 )
+	ssl? ( >=dev-libs/openssl-0.9.7j )
+	sasl? ( >=dev-libs/cyrus-sasl-2.1.21 )
+	selinux? ( sec-policy/selinux-squid )
+	!x86-fbsd? ( logrotate? ( app-admin/logrotate ) )
+	>=sys-libs/db-4
+	dev-lang/perl"
+RDEPEND="${DEPEND}
+	samba? ( net-fs/samba )"
+
+S="${WORKDIR}/${S_PP}"
+
+pkg_setup() {
+	enewgroup squid 31
+	enewuser squid 31 -1 /var/cache/squid squid
+}
+
+src_unpack() {
+	unpack ${A} || die "unpack failed"
+	cd "${S}" || die "dir ${S} not found"
+
+	epatch "${FILESDIR}"/${P}-gentoo.patch
+	use zero-penalty-hit && epatch "${FILESDIR}"/${P}-ToS_Hit_ToS_Preserve.patch
+	use qos && epatch "${FILESDIR}"/${P}-qos.patch
+
+	sed -i -e 's%LDFLAGS="-g"%LDFLAGS=""%' configure.in
+
+	# disable lazy bindings on (some at least) suided basic auth programs
+	sed -i -e '$aAM_LDFLAGS = '$(bindnow-flags) \
+		helpers/basic_auth/*/Makefile.am
+
+	eautoreconf
+}
+
+src_compile() {
+	local basic_modules="getpwnam,NCSA,MSNT"
+	use samba && basic_modules="SMB,multi-domain-NTLM,${basic_modules}"
+	use ldap && basic_modules="LDAP,${basic_modules}"
+	use pam && basic_modules="PAM,${basic_modules}"
+	use sasl && basic_modules="SASL,${basic_modules}"
+	use nis && ! use elibc_uclibc && basic_modules="YP,${basic_modules}"
+
+	local ext_helpers="ip_user,session,unix_group"
+	use samba && ext_helpers="wbinfo_group,${ext_helpers}"
+	use ldap && ext_helpers="ldap_group,${ext_helpers}"
+
+	local ntlm_helpers="fakeauth"
+	use samba && ntlm_helpers="SMB,${ntlm_helpers}"
+
+	local myconf=""
+
+	# Support for uclibc #61175
+	if use elibc_uclibc; then
+		myconf="${myconf} --enable-storeio=ufs,diskd,aufs,null"
+		myconf="${myconf} --disable-async-io"
+	else
+		myconf="${myconf} --enable-storeio=ufs,diskd,coss,aufs,null"
+		myconf="${myconf} --enable-async-io"
+	fi
+
+	if use kernel_linux; then
+		myconf="${myconf} --enable-linux-netfilter"
+		if kernel_is ge 2 6 && linux_chkconfig_present EPOLL ; then
+			myconf="${myconf} --enable-epoll"
+		fi
+	elif use kernel_FreeBSD || use kernel_OpenBSD || use kernel_NetBSD ; then
+		myconf="${myconf} --enable-kqueue"
+		if use pf-transparent; then
+			myconf="${myconf} --enable-pf-transparent"
+		elif use ipf-transparent; then
+			myconf="${myconf} --enable-ipf-transparent"
+		fi
+	fi
+
+	export CC=$(tc-getCC)
+
+	econf \
+		--sysconfdir=/etc/squid \
+		--libexecdir=/usr/libexec/squid \
+		--localstatedir=/var \
+		--datadir=/usr/share/squid \
+		--enable-auth="basic,digest,ntlm" \
+		--enable-removal-policies="lru,heap" \
+		--enable-digest-auth-helpers="password" \
+		--enable-basic-auth-helpers="${basic_modules}" \
+		--enable-external-acl-helpers="${ext_helpers}" \
+		--enable-ntlm-auth-helpers="${ntlm_helpers}" \
+		--enable-ident-lookups \
+		--enable-useragent-log \
+		--enable-cache-digests \
+		--enable-delay-pools \
+		--enable-referer-log \
+		--enable-arp-acl \
+		--with-pthreads \
+		--with-large-files \
+		--enable-htcp \
+		--enable-carp \
+		--enable-follow-x-forwarded-for \
+		$(use_enable snmp) \
+		$(use_enable ssl) \
+		${myconf} || die "econf failed"
+
+	sed -i -e "s:^#define SQUID_MAXFD.*:#define SQUID_MAXFD 8192:" \
+		include/autoconf.h
+
+	emake || die "emake failed"
+}
+
+src_install() {
+	make DESTDIR="${D}" install || die "make install failed"
+
+	# need suid root for looking into /etc/shadow
+	fowners root:squid /usr/libexec/squid/ncsa_auth
+	fowners root:squid /usr/libexec/squid/pam_auth
+	fperms 4750 /usr/libexec/squid/ncsa_auth
+	fperms 4750 /usr/libexec/squid/pam_auth
+
+	# some cleanups
+	rm -f "${D}"/usr/bin/Run*
+
+	dodoc CONTRIBUTORS CREDITS ChangeLog QUICKSTART SPONSORS doc/*.txt \
+		helpers/ntlm_auth/no_check/README.no_check_ntlm_auth
+	newdoc helpers/basic_auth/SMB/README README.auth_smb
+	dohtml helpers/basic_auth/MSNT/README.html RELEASENOTES.html
+	newdoc helpers/basic_auth/LDAP/README README.auth_ldap
+	doman helpers/basic_auth/LDAP/*.8
+	dodoc helpers/basic_auth/SASL/squid_sasl_auth*
+
+	newpamd "${FILESDIR}/squid.pam.1" squid
+	newconfd "${FILESDIR}/squid.confd" squid
+	if use logrotate; then
+		newinitd "${FILESDIR}/squid.initd-logrotate" squid
+		insinto /etc/logrotate.d
+		newins "${FILESDIR}/squid.logrotate" squid
+	else
+		newinitd "${FILESDIR}/squid.initd" squid
+		exeinto /etc/cron.weekly
+		newexe "${FILESDIR}/squid.cron" squid.cron
+	fi
+
+	rm -rf "${D}"/var
+	diropts -m0755 -o squid -g squid
+	keepdir /var/cache/squid /var/log/squid
+}
+
+pkg_preinst() {
+	enewgroup squid 31
+	enewuser squid 31 -1 /var/cache/squid squid
+}
+
+pkg_postinst() {
+	echo
+	ewarn "Squid authentication helpers have been installed suid root."
+	ewarn "This allows shadow based authentication (see bug #52977 for more)."
+	echo
+	ewarn "Be careful what type of cache_dir you select!"
+	ewarn "   'diskd' is optimized for high levels of traffic, but it might seem slow"
+	ewarn "when there isn't sufficient traffic to keep squid reasonably busy."
+	ewarn "   If your traffic level is low to moderate, use 'aufs' or 'ufs'."
+	echo
+	ewarn "/etc/squid/errors symlink has been removed from your system."
+	ewarn "Error templates can be customized through ${HILITE}error_directory${NORMAL} directive."
+	echo
+	ewarn "Squid can be configured to run in transparent mode like this:"
+	ewarn "   ${HILITE}http_port internal-addr:3128 transparent${NORMAL}"
+}
author	Alin Năstac <mrness@gentoo.org>	2007-09-08 07:28:04 +0000
committer	Alin Năstac <mrness@gentoo.org>	2007-09-08 07:28:04 +0000
commit	e14b5785e781e8da3e35ac6517b356a2757577ca (patch)
tree	76f6a00625726f71743184d3c220ca136b6ac213 /net-proxy
parent	Bump for 7.3. (diff)
download	gentoo-2-e14b5785e781e8da3e35ac6517b356a2757577ca.tar.gz gentoo-2-e14b5785e781e8da3e35ac6517b356a2757577ca.tar.bz2 gentoo-2-e14b5785e781e8da3e35ac6517b356a2757577ca.zip