summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlin Năstac <mrness@gentoo.org>2009-08-06 22:52:30 +0000
committerAlin Năstac <mrness@gentoo.org>2009-08-06 22:52:30 +0000
commitc8e2072bba1a000f936069c02f1693bb09f5cef6 (patch)
tree15fc8c219cbda9937fe5db96a6bdf6ddeccd9a4b /net-proxy
parentstable x86, security bug 280537 (diff)
downloadhistorical-c8e2072bba1a000f936069c02f1693bb09f5cef6.tar.gz
historical-c8e2072bba1a000f936069c02f1693bb09f5cef6.tar.bz2
historical-c8e2072bba1a000f936069c02f1693bb09f5cef6.zip
Security version bumps (#279379, #280441).
Fix zph patch QA issue. Enable test phase on squid-3.1.0.13 (#278648). Package-Manager: portage-2.1.6.13/cvs/Linux x86_64
Diffstat (limited to 'net-proxy')
-rw-r--r--net-proxy/squid/ChangeLog14
-rw-r--r--net-proxy/squid/Manifest17
-rw-r--r--net-proxy/squid/files/squid-3.0.18-adapted-zph.patch207
-rw-r--r--net-proxy/squid/files/squid-3.0.18-cross-compile.patch38
-rw-r--r--net-proxy/squid/files/squid-3.0.18-gentoo.patch293
-rw-r--r--net-proxy/squid/files/squid-3.1.0.13_beta-gentoo.patch309
-rw-r--r--net-proxy/squid/files/squid-3.1.0.13_beta-qafixes.patch43
-rw-r--r--net-proxy/squid/squid-3.0.18.ebuild193
-rw-r--r--net-proxy/squid/squid-3.1.0.13_beta.ebuild198
9 files changed, 1307 insertions, 5 deletions
diff --git a/net-proxy/squid/ChangeLog b/net-proxy/squid/ChangeLog
index aad345781488..61fb1382536f 100644
--- a/net-proxy/squid/ChangeLog
+++ b/net-proxy/squid/ChangeLog
@@ -1,6 +1,18 @@
# ChangeLog for net-proxy/squid
# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.266 2009/07/23 06:57:45 mrness Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.267 2009/08/06 22:52:30 mrness Exp $
+
+*squid-3.1.0.13_beta (06 Aug 2009)
+*squid-3.0.18 (06 Aug 2009)
+
+ 06 Aug 2009; Alin Năstac <mrness@gentoo.org>
+ +files/squid-3.0.18-adapted-zph.patch,
+ +files/squid-3.0.18-cross-compile.patch, +files/squid-3.0.18-gentoo.patch,
+ +files/squid-3.1.0.13_beta-gentoo.patch,
+ +files/squid-3.1.0.13_beta-qafixes.patch, +squid-3.0.18.ebuild,
+ +squid-3.1.0.13_beta.ebuild:
+ Security version bumps (#279379, #280441). Fix zph patch QA issue. Enable
+ test phase on squid-3.1.0.13 (#278648).
23 Jul 2009; Alin Năstac <mrness@gentoo.org>
-files/squid-3.0.14-adapted-zph.patch,
diff --git a/net-proxy/squid/Manifest b/net-proxy/squid/Manifest
index 6743f7cc2bf0..9aaa1a225844 100644
--- a/net-proxy/squid/Manifest
+++ b/net-proxy/squid/Manifest
@@ -13,6 +13,11 @@ AUX squid-3.0.15-heimdal.patch 780 RMD160 29d0867ff851083facaf641c297e823e687790
AUX squid-3.0.16-adapted-zph.patch 6838 RMD160 8a3aeddf48efccae072c6a4515cb188562a5bb91 SHA1 cfc842049aa81adb388e78a3aa5b9efbf6d92642 SHA256 b85e78df0e5f8e51f7da6386e502cc82965e4375d4f1f4e04504d04ad488964a
AUX squid-3.0.16-cross-compile.patch 1234 RMD160 d4420fe001d2aa42b321f1c6d52bec542a23b29f SHA1 fd1a82814c09f77ff1cba4b0abb87be07281c325 SHA256 3ce33f078f120ee30b66f957dcb1ba427360b974f3458db2fc4261458f1f1d15
AUX squid-3.0.16-gentoo.patch 13095 RMD160 b0ca0fad05db493358f426eb014a13c46806af63 SHA1 392cb4aa66ab3bda1f564da5945322a9dfe78e48 SHA256 3d357bfe5b8ab8ac214fed250f669f5fa1c55e091300d98dc5dcec25e328049d
+AUX squid-3.0.18-adapted-zph.patch 6951 RMD160 98fea60cf9f5a59d1c0370d391929c2fddcfdbb9 SHA1 72ee5c76ed8c9f819e9630ad0caf221fa769e1cc SHA256 41474df7c263997dcebfddfe58745eb7861eb53296241319b2f6837134f8204f
+AUX squid-3.0.18-cross-compile.patch 1234 RMD160 a810657fc4d069d2ded4c59fd7a0ca0e1f4d3bdd SHA1 3368c7d88400894ce30c23c68fa026bee4dfa187 SHA256 628193bc75e2e3cda978636cf6ece1e99f07ed825ce66a3064ec1cb99c760758
+AUX squid-3.0.18-gentoo.patch 13095 RMD160 a051aadf18dd2a902d174ac638acb01a12a289b6 SHA1 f30fe36d7e381cc01c3964e1bd743348b90e9717 SHA256 3d4c07d499c1de4895e2a78fb0f90ff4f1d6859d0c2b92300b43a287318b0f74
+AUX squid-3.1.0.13_beta-gentoo.patch 13105 RMD160 4ebc58d130f1b591bc436a1b761362c10c70f234 SHA1 e7818cba5a2ba7f10a8cb9c1caf72a23ff37fa1e SHA256 9b6cd46932a357dab3f7f97cf7ce9d661225fa1101cefdb725e98c8883e7115e
+AUX squid-3.1.0.13_beta-qafixes.patch 1770 RMD160 bb2f7695d3da01ffcda71fe39d4dd05ce87893b4 SHA1 57e85ef56371b04566e70c256d2fded09d61195a SHA256 d0fb6ccecba23f014a4fbefae384fc938be0f7406ece5a4379ed307ff58a5e95
AUX squid-3.1.0.9_beta-gentoo.patch 13057 RMD160 cbe92a5e2ec771e3cf73bdc59dbd644eb5cf795c SHA1 73ff615089db67f009ae5294c8d10e129283a191 SHA256 0f27ae81b045fc138710e32c85031f3c3a33050b8b459750087e952d46ade7ae
AUX squid-3.1.0.9_beta-invconv.patch 936 RMD160 10cd99df146d79ecf87d5c423bce3594d8bb3d96 SHA1 7b31c69c4b80a4c610fdcb8531c58144aca7bf8e SHA256 c224c5bcde28006b1bf39d1407ff7324472d2ac75182c49a68cd0af46583799b
AUX squid.confd 541 RMD160 e248f8fdc3ce732267614652f17bd88472e62b76 SHA1 995df246caffb2a74be2df3072d7ff5fbd024a9d SHA256 982d829f3862c5543af82acd4f7bb123ebe3e9d1c5eff0911f5345262811f2e1
@@ -25,17 +30,21 @@ DIST squid-2.7.STABLE6.tar.gz 1786189 RMD160 ca59583e9d938c3184a306984f034553f76
DIST squid-3.0.14-chunk-encoding.patch.gz 7342 RMD160 c4943c2223858b209a294903917e720a4f328ab5 SHA1 ae2e280e66f44bedce1a3b4e45a62615e8b64eae SHA256 a254c0a9d802daacd159512baab98a6f6c5a3b1d6876141f23b6395e79b5f3ac
DIST squid-3.0.STABLE15.tar.gz 2441793 RMD160 35a8715928ba916a448df9331bfb0c99feb85523 SHA1 31c1eac13c8ca3d98ccbd8f4b04f1aeb26bde433 SHA256 cdf5453dbe62a9250f90fce2770322d6b0d0c50d0a365a018d17e00383d14544
DIST squid-3.0.STABLE16.tar.gz 2449986 RMD160 d9e019ef5c2fb26f0a16a9bfbce5fe0269360ab1 SHA1 3d0ba0e509b7939b9023f1b25cc956e4ac3c0ba1 SHA256 a50c9d1d276f59a2754f13c27468445290930c000cb1457160bfe8898620b615
+DIST squid-3.0.STABLE18.tar.gz 2451806 RMD160 58858b1b8fb2d34ce482a6001b950b0aa5c87a2c SHA1 5855ecaf6f427ec95f52848efd679ea1bdd2c304 SHA256 71e74c48a19b901d1b4dd8fcbfa15c6b510befa524929a63ecef6a9ef5699d85
+DIST squid-3.1.0.13.tar.gz 3247124 RMD160 263a42af1ff2d9a967862f77389f9bd3bd6b9b2e SHA1 bfe7ea82b67d07211ae3221920aad87424444f30 SHA256 f4e7c3933575f86072220863f38a6f8d1923ab4b8954a38e06248fc80a0dec00
DIST squid-3.1.0.9.tar.gz 3205401 RMD160 d1f10d0e1b308c1a930442cc8ab6dcd4c78d2066 SHA1 13e5b096a075c23fff0a56d27023116716c47a71 SHA256 99084bdf18a32fbd9b3095cdbdbd1de78e3e1113ad36c6838b49acf3c799d0aa
EBUILD squid-2.7.6-r1.ebuild 5991 RMD160 00a4a9e9da294b7d79f05c06435c3e7195bb2727 SHA1 7034986b98fc008191a4698ef81e10f1ef2923d3 SHA256 1b73928f0940d8e99c4701563847ae03c6ad819d379e598acd2d22d13644363d
EBUILD squid-3.0.15.ebuild 6622 RMD160 422f8679e5012cc83c5b2ffbc94f2ee4de29eaa9 SHA1 93a19944a05a9afe44472fb1e1d63261b131f2eb SHA256 0e6e8ce7461c9f95d5c9467290101770c8b2f803bbba706c3ded54aac57af51a
EBUILD squid-3.0.16.ebuild 6388 RMD160 5b86c3b092be1d2c562fe80a0a1a7523ed4d0127 SHA1 0ba223321aa91b229f2bc0ecd72612193517bb98 SHA256 d7ed3f17996b1cf3aac97709301d8bc14d07075318893500d497797313fd5f5c
+EBUILD squid-3.0.18.ebuild 6396 RMD160 a9acdaf049b0d2b2d112a5e734de4dfaefebcfc7 SHA1 d7770e0a7a789e0557a84c926aca66fe58998a3c SHA256 65e8b4a5f995e6d7e376526cad7b55434f9b4a2bc09d1424b2642870404c4eb3
+EBUILD squid-3.1.0.13_beta.ebuild 6587 RMD160 e36a008616f9cc194787c467b33b0409302f2e05 SHA1 75359405e371bbf4d2902fb978d6ff444c91ee1b SHA256 caaa44882da6dc7a1591b071cf3a90aeaad131719454ec65aa1c9ddd239d26e9
EBUILD squid-3.1.0.9_beta.ebuild 6605 RMD160 8e14eee3bda2029772024adf0674e2de354f9688 SHA1 e00fd1f1e0eb7ac27d284f64cfb3f11aef1963f3 SHA256 2828e348750027703c42e4127f7940daf12865c658b0550af1362fdfd9f14d88
-MISC ChangeLog 57428 RMD160 18baa5d728339b3ffafd6e58f352e9862346f032 SHA1 f117e6f6fb9a0f10881225cb7bbd174298686a11 SHA256 14de72e7cde5ba3e39cd7f33b409559290aebb6dbe9c07368258a677ee769434
+MISC ChangeLog 57917 RMD160 6685d25e3691c9c593d632dd78f532bb93320b84 SHA1 50d0cda4e55b76b538a849a378103bca822dda81 SHA256 0b8d2d12bbe7e49fe0da017e972dc2f409db9deac9fbf7acc608da016e38b3f3
MISC metadata.xml 815 RMD160 ef81660620d9fa0746bc415a7e6e6cf8a5500b98 SHA1 7a420824358267ae8c85256da092d1fba8727dcd SHA256 943b6f547b43197636ac4ec29ad23423770ec621cdb1b495306d95ab14da09ba
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
-iEYEARECAAYFAkpoCfgACgkQ9A5kJBGSrsuW1QCfSRby9EnGyyWcQ0FH+Fl/+wuS
-8DwAn03vibkiLTSg8Pw3LDHpK+ywXb/J
-=+4aA
+iEYEARECAAYFAkp7XsMACgkQ9A5kJBGSrssyJgCbBAxee76Iad/GCSV01/MnTq/k
+N9UAnRL0S5f1PvUSplZvfMYyBNWR08Ss
+=Zy+v
-----END PGP SIGNATURE-----
diff --git a/net-proxy/squid/files/squid-3.0.18-adapted-zph.patch b/net-proxy/squid/files/squid-3.0.18-adapted-zph.patch
new file mode 100644
index 000000000000..7b7e62cbbd1c
--- /dev/null
+++ b/net-proxy/squid/files/squid-3.0.18-adapted-zph.patch
@@ -0,0 +1,207 @@
+diff -Nru squid-3.0.STABLE18.orig/src/cf.data.pre squid-3.0.STABLE18/src/cf.data.pre
+--- squid-3.0.STABLE18.orig/src/cf.data.pre 2009-08-06 23:21:35.000000000 +0200
++++ squid-3.0.STABLE18/src/cf.data.pre 2009-08-06 23:21:56.000000000 +0200
+@@ -1133,6 +1133,60 @@
+ making the request.
+ DOC_END
+
++NAME: zph_tos_local
++TYPE: int
++DEFAULT: 0
++LOC: Config.zph_tos_local
++DOC_START
++ Allows you to select a TOS/Diffserv value to mark local hits. Read above
++ (tcp_outgoing_tos) for details/requirements about TOS.
++ Default: 0 (disabled).
++DOC_END
++
++NAME: zph_tos_peer
++TYPE: int
++DEFAULT: 0
++LOC: Config.zph_tos_peer
++DOC_START
++ Allows you to select a TOS/Diffserv value to mark peer hits. Read above
++ (tcp_outgoing_tos) for details/requirements about TOS.
++ Default: 0 (disabled).
++DOC_END
++
++NAME: zph_tos_parent
++COMMENT: on|off
++TYPE: onoff
++LOC: Config.onoff.zph_tos_parent
++DEFAULT: on
++DOC_START
++ Set this to off if you want only sibling hits to be marked.
++ If set to on (default), parent hits are being marked too.
++DOC_END
++
++NAME: zph_preserve_miss_tos
++COMMENT: on|off
++TYPE: onoff
++LOC: Config.onoff.zph_preserve_miss_tos
++DEFAULT: on
++DOC_START
++ If set to on (default), any HTTP response towards clients will
++ have the TOS value of the response comming from the remote
++ server masked with the value of zph_preserve_miss_tos_mask.
++ For this to work correctly, you will need to patch your linux
++ kernel with the TOS preserving ZPH patch.
++DOC_END
++
++NAME: zph_preserve_miss_tos_mask
++TYPE: int
++DEFAULT: 255
++LOC: Config.zph_preserve_miss_tos_mask
++DOC_START
++ Allows you to mask certain bits in the TOS received from the
++ remote server, before copying the value to the TOS send towards
++ clients.
++ Default: 255 (TOS from server is not changed).
++DOC_END
++
+ NAME: tcp_outgoing_address
+ TYPE: acl_address
+ DEFAULT: none
+diff -Nru squid-3.0.STABLE18.orig/src/client_side_reply.cc squid-3.0.STABLE18/src/client_side_reply.cc
+--- squid-3.0.STABLE18.orig/src/client_side_reply.cc 2009-08-04 13:57:49.000000000 +0200
++++ squid-3.0.STABLE18/src/client_side_reply.cc 2009-08-06 23:21:57.000000000 +0200
+@@ -48,6 +48,7 @@
+ #include "ESI.h"
+ #endif
+ #include "MemObject.h"
++#include "fde.h"
+ #include "ACLChecklist.h"
+ #include "ACL.h"
+ #if DELAY_POOLS
+@@ -1549,6 +1550,11 @@
+ /* guarantee nothing has been sent yet! */
+ assert(http->out.size == 0);
+ assert(http->out.offset == 0);
++ if (Config.zph_tos_local)
++ {
++ debugs(33, 1, "ZPH hit hier.code=" << http->request->hier.code <<" TOS="<<Config.zph_tos_local);
++ comm_set_tos(http->getConn()->fd,Config.zph_tos_local);
++ }
+ tempBuffer.offset = reqofs;
+ tempBuffer.length = getNextNode()->readBuffer.length;
+ tempBuffer.data = getNextNode()->readBuffer.data;
+@@ -1829,6 +1835,24 @@
+ char *buf = next()->readBuffer.data;
+
+ char *body_buf = buf;
++
++ if (reqofs==0 && !logTypeIsATcpHit(http->logType))
++ {
++ int tos = 0;
++ if (Config.zph_tos_peer &&
++ (http->request->hier.code==SIBLING_HIT ||
++ (Config.onoff.zph_tos_parent && http->request->hier.code==PARENT_HIT)))
++ {
++ tos = Config.zph_tos_peer;
++ debugs(33, 1, "ZPH: Peer hit, TOS="<<tos<<" hier.code="<<http->request->hier.code);
++ }
++ else if (Config.onoff.zph_preserve_miss_tos && Config.zph_preserve_miss_tos_mask)
++ {
++ tos = fd_table[fd].upstreamTOS & Config.zph_preserve_miss_tos_mask;
++ debugs(33, 1, "ZPH: Preserving TOS on miss, TOS="<<tos);
++ }
++ comm_set_tos(fd,tos);
++ }
+
+ if (buf != result.data) {
+ /* we've got to copy some data */
+diff -Nru squid-3.0.STABLE18.orig/src/fde.h squid-3.0.STABLE18/src/fde.h
+--- squid-3.0.STABLE18.orig/src/fde.h 2009-08-04 13:57:49.000000000 +0200
++++ squid-3.0.STABLE18/src/fde.h 2009-08-06 23:21:57.000000000 +0200
+@@ -106,7 +106,7 @@
+ long handle;
+ } win32;
+ #endif
+-
++ unsigned char upstreamTOS; /* see FwdState::dispatch() */
+ };
+
+ #endif /* SQUID_FDE_H */
+diff -Nru squid-3.0.STABLE18.orig/src/forward.cc squid-3.0.STABLE18/src/forward.cc
+--- squid-3.0.STABLE18.orig/src/forward.cc 2009-08-04 13:57:49.000000000 +0200
++++ squid-3.0.STABLE18/src/forward.cc 2009-08-06 23:26:39.000000000 +0200
+@@ -965,6 +965,57 @@
+
+ netdbPingSite(request->host);
+
++ /* Retrieves remote server TOS value, and stores it as part of the
++ * original client request FD object. It is later used to forward
++ * remote server's TOS in the response to the client in case of a MISS.
++ */
++ fde * clientFde = &fd_table[client_fd];
++ if (clientFde)
++ {
++ int tos = 1;
++ int tos_len = sizeof(tos);
++ clientFde->upstreamTOS = 0;
++ if (setsockopt(server_fd,SOL_IP,IP_RECVTOS,&tos,tos_len)==0)
++ {
++ unsigned char buf[512];
++ int len = 512;
++ if (getsockopt(server_fd,SOL_IP,IP_PKTOPTIONS,buf,(socklen_t*)&len) == 0)
++ {
++ /* Parse the PKTOPTIONS structure to locate the TOS data message
++ * prepared in the kernel by the ZPH incoming TCP TOS preserving
++ * patch.
++ */
++ unsigned char * p = buf;
++ while (p-buf < len)
++ {
++ struct cmsghdr *o = (struct cmsghdr*)p;
++ if (o->cmsg_len<=0)
++ break;
++
++ if (o->cmsg_level == SOL_IP && o->cmsg_type == IP_TOS)
++ {
++ union {
++ unsigned char *pchar;
++ int *pint;
++ } data;
++ data.pchar = CMSG_DATA(o);
++ clientFde->upstreamTOS = (unsigned char)*data.pint;
++ break;
++ }
++ p += CMSG_LEN(o->cmsg_len);
++ }
++ }
++ else
++ {
++ debugs(33, 1, "ZPH: error in getsockopt(IP_PKTOPTIONS) on FD "<<server_fd<<" "<<xstrerror());
++ }
++ }
++ else
++ {
++ debugs(33, 1, "ZPH: error in setsockopt(IP_RECVTOS) on FD "<<server_fd<<" "<<xstrerror());
++ }
++ }
++
+ if (servers && (p = servers->_peer)) {
+ p->stats.fetches++;
+ request->peer_login = p->login;
+diff -Nru squid-3.0.STABLE18.orig/src/structs.h squid-3.0.STABLE18/src/structs.h
+--- squid-3.0.STABLE18.orig/src/structs.h 2009-08-04 13:57:50.000000000 +0200
++++ squid-3.0.STABLE18/src/structs.h 2009-08-06 23:21:57.000000000 +0200
+@@ -554,6 +554,8 @@
+ int emailErrData;
+ int httpd_suppress_version_string;
+ int global_internal_static;
++ int zph_tos_parent;
++ int zph_preserve_miss_tos;
+ int debug_override_X;
+ int WIN32_IpAddrChangeMonitor;
+ }
+@@ -722,6 +724,9 @@
+ int sleep_after_fork; /* microseconds */
+ time_t minimum_expiry_time; /* seconds */
+ external_acl *externalAclHelperList;
++ int zph_tos_local;
++ int zph_tos_peer;
++ int zph_preserve_miss_tos_mask;
+ #if USE_SSL
+
+ struct
diff --git a/net-proxy/squid/files/squid-3.0.18-cross-compile.patch b/net-proxy/squid/files/squid-3.0.18-cross-compile.patch
new file mode 100644
index 000000000000..5a91cfe7ce44
--- /dev/null
+++ b/net-proxy/squid/files/squid-3.0.18-cross-compile.patch
@@ -0,0 +1,38 @@
+diff -Nru squid-3.0.STABLE18.orig/configure.in squid-3.0.STABLE18/configure.in
+--- squid-3.0.STABLE18.orig/configure.in 2009-08-05 19:04:24.000000000 +0200
++++ squid-3.0.STABLE18/configure.in 2009-08-05 19:04:51.000000000 +0200
+@@ -1895,6 +1895,10 @@
+ ;;
+ esac
+
++dnl Define HOSTCXX
++HOSTCXX="$build-g++"
++AC_SUBST(HOSTCXX)
++
+ dnl Check for programs
+ AC_PROG_CPP
+ AC_PROG_INSTALL
+diff -Nru squid-3.0.STABLE18.orig/src/Makefile.am squid-3.0.STABLE18/src/Makefile.am
+--- squid-3.0.STABLE18.orig/src/Makefile.am 2009-08-05 19:04:24.000000000 +0200
++++ squid-3.0.STABLE18/src/Makefile.am 2009-08-05 19:04:51.000000000 +0200
+@@ -1011,6 +1011,8 @@
+
+ DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\"
+
++HOSTCXX ?= @HOSTCXX@
++
+ $(OBJS): $(top_srcdir)/include/version.h ../include/autoconf.h
+
+ snmp_core.o snmp_agent.o: ../snmplib/libsnmp.a $(top_srcdir)/include/cache_snmp.h
+@@ -1034,6 +1036,11 @@
+ squid.conf.default: cf_parser.h
+ true
+
++cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES)
++ $(HOSTCXX) -o $@ $(srcdir)/cf_gen.cc \
++ $(top_srcdir)/lib/util.c $(top_srcdir)/lib/assert.c \
++ -DNDEBUG -DBUILD_HOST_TOOL ${INCLUDES}
++
+ cf_parser.h: cf.data cf_gen$(EXEEXT)
+ ./cf_gen cf.data $(srcdir)/cf.data.depend
+
diff --git a/net-proxy/squid/files/squid-3.0.18-gentoo.patch b/net-proxy/squid/files/squid-3.0.18-gentoo.patch
new file mode 100644
index 000000000000..febf32a3ef04
--- /dev/null
+++ b/net-proxy/squid/files/squid-3.0.18-gentoo.patch
@@ -0,0 +1,293 @@
+diff -Nru squid-3.0.STABLE18.orig/acinclude.m4 squid-3.0.STABLE18/acinclude.m4
+--- squid-3.0.STABLE18.orig/acinclude.m4 2009-08-04 13:57:34.000000000 +0200
++++ squid-3.0.STABLE18/acinclude.m4 2009-08-05 19:03:45.000000000 +0200
+@@ -73,7 +73,7 @@
+ AC_MSG_CHECKING([whether compiler accepts -fhuge-objects])
+ AC_CACHE_VAL([ac_cv_test_checkforhugeobjects],[
+ ac_cv_test_checkforhugeobjects=`echo "int foo;" > conftest.cc
+-${CXX} -Werror -fhuge-objects -c conftest.cc 2>/dev/null
++${CXX} -fhuge-objects -c conftest.cc 2>/dev/null
+ res=$?
+ rm -f conftest.*
+ echo yes
+diff -Nru squid-3.0.STABLE18.orig/configure.in squid-3.0.STABLE18/configure.in
+--- squid-3.0.STABLE18.orig/configure.in 2009-08-05 19:02:49.000000000 +0200
++++ squid-3.0.STABLE18/configure.in 2009-08-05 19:03:45.000000000 +0200
+@@ -15,9 +15,9 @@
+ PRESET_LDFLAGS="$LDFLAGS"
+
+ dnl Set default LDFLAGS
+-if test -z "$LDFLAGS"; then
+- LDFLAGS="-g"
+-fi
++dnl if test -z "$LDFLAGS"; then
++dnl LDFLAGS="-g"
++dnl fi
+
+ dnl Check for GNU cc
+ AC_PROG_CC
+@@ -177,13 +177,13 @@
+ dnl TODO: check if the problem will be present in any other newer MinGW release.
+ case "$host_os" in
+ mingw|mingw32)
+- SQUID_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments"
++ SQUID_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings"
+ ;;
+ *)
+- SQUID_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments"
++ SQUID_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations"
+ ;;
+ esac
+- SQUID_CXXFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments"
++ SQUID_CXXFLAGS="-Wall -Wpointer-arith -Wwrite-strings"
+ else
+ SQUID_CFLAGS=
+ SQUID_CXXFLAGS=
+diff -Nru squid-3.0.STABLE18.orig/helpers/basic_auth/MSNT/confload.c squid-3.0.STABLE18/helpers/basic_auth/MSNT/confload.c
+--- squid-3.0.STABLE18.orig/helpers/basic_auth/MSNT/confload.c 2009-08-04 13:57:39.000000000 +0200
++++ squid-3.0.STABLE18/helpers/basic_auth/MSNT/confload.c 2009-08-05 19:03:45.000000000 +0200
+@@ -27,7 +27,7 @@
+
+ /* Path to configuration file */
+ #ifndef SYSCONFDIR
+-#define SYSCONFDIR "/usr/local/squid/etc"
++#define SYSCONFDIR "/etc/squid"
+ #endif
+ #define CONFIGFILE SYSCONFDIR "/msntauth.conf"
+
+diff -Nru squid-3.0.STABLE18.orig/helpers/basic_auth/MSNT/msntauth.conf.default squid-3.0.STABLE18/helpers/basic_auth/MSNT/msntauth.conf.default
+--- squid-3.0.STABLE18.orig/helpers/basic_auth/MSNT/msntauth.conf.default 2009-08-04 13:57:39.000000000 +0200
++++ squid-3.0.STABLE18/helpers/basic_auth/MSNT/msntauth.conf.default 2009-08-05 19:03:45.000000000 +0200
+@@ -8,6 +8,6 @@
+ server other_PDC other_BDC otherdomain
+
+ # Denied and allowed users. Comment these if not needed.
+-#denyusers /usr/local/squid/etc/msntauth.denyusers
+-#allowusers /usr/local/squid/etc/msntauth.allowusers
++#denyusers /etc/squid/msntauth.denyusers
++#allowusers /etc/squid/msntauth.allowusers
+
+diff -Nru squid-3.0.STABLE18.orig/helpers/basic_auth/SMB/Makefile.am squid-3.0.STABLE18/helpers/basic_auth/SMB/Makefile.am
+--- squid-3.0.STABLE18.orig/helpers/basic_auth/SMB/Makefile.am 2009-08-04 13:57:40.000000000 +0200
++++ squid-3.0.STABLE18/helpers/basic_auth/SMB/Makefile.am 2009-08-05 19:03:45.000000000 +0200
+@@ -14,7 +14,7 @@
+ ## FIXME: autoconf should test for the samba path.
+
+ SMB_AUTH_HELPER = smb_auth.sh
+-SAMBAPREFIX=/usr/local/samba
++SAMBAPREFIX=/usr
+ SMB_AUTH_HELPER_PATH = $(libexecdir)/$(SMB_AUTH_HELPER)
+
+ libexec_SCRIPTS = $(SMB_AUTH_HELPER)
+diff -Nru squid-3.0.STABLE18.orig/helpers/basic_auth/SMB/smb_auth.sh squid-3.0.STABLE18/helpers/basic_auth/SMB/smb_auth.sh
+--- squid-3.0.STABLE18.orig/helpers/basic_auth/SMB/smb_auth.sh 2009-08-04 13:57:40.000000000 +0200
++++ squid-3.0.STABLE18/helpers/basic_auth/SMB/smb_auth.sh 2009-08-05 19:03:45.000000000 +0200
+@@ -24,7 +24,7 @@
+ read AUTHSHARE
+ read AUTHFILE
+ read SMBUSER
+-read SMBPASS
++read -r SMBPASS
+
+ # Find domain controller
+ echo "Domain name: $DOMAINNAME"
+@@ -47,7 +47,7 @@
+ addropt=""
+ fi
+ echo "Query address options: $addropt"
+-dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'`
++dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'`
+ echo "Domain controller IP address: $dcip"
+ [ -n "$dcip" ] || exit 1
+
+diff -Nru squid-3.0.STABLE18.orig/helpers/external_acl/session/squid_session.8 squid-3.0.STABLE18/helpers/external_acl/session/squid_session.8
+--- squid-3.0.STABLE18.orig/helpers/external_acl/session/squid_session.8 2009-08-04 13:57:41.000000000 +0200
++++ squid-3.0.STABLE18/helpers/external_acl/session/squid_session.8 2009-08-05 19:03:45.000000000 +0200
+@@ -35,7 +35,7 @@
+ .P
+ Configuration example using the default automatic mode
+ .IP
+-external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/local/squid/libexec/squid_session
++external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/libexec/squid/squid_session
+ .IP
+ acl session external session
+ .IP
+diff -Nru squid-3.0.STABLE18.orig/helpers/external_acl/unix_group/squid_unix_group.8 squid-3.0.STABLE18/helpers/external_acl/unix_group/squid_unix_group.8
+--- squid-3.0.STABLE18.orig/helpers/external_acl/unix_group/squid_unix_group.8 2009-08-04 13:57:41.000000000 +0200
++++ squid-3.0.STABLE18/helpers/external_acl/unix_group/squid_unix_group.8 2009-08-05 19:03:45.000000000 +0200
+@@ -27,7 +27,7 @@
+ This squid.conf example defines two Squid acls. usergroup1 matches users in group1, and usergroup2
+ matches users in group2 or group3
+ .IP
+-external_acl_type unix_group %LOGIN /usr/local/squid/libexec/squid_unix_group -p
++external_acl_type unix_group %LOGIN /usr/libexec/squid/squid_unix_group -p
+ .IP
+ acl usergroup1 external unix_group group1
+ .IP
+diff -Nru squid-3.0.STABLE18.orig/helpers/negotiate_auth/squid_kerb_auth/do.sh squid-3.0.STABLE18/helpers/negotiate_auth/squid_kerb_auth/do.sh
+--- squid-3.0.STABLE18.orig/helpers/negotiate_auth/squid_kerb_auth/do.sh 2009-08-04 13:57:44.000000000 +0200
++++ squid-3.0.STABLE18/helpers/negotiate_auth/squid_kerb_auth/do.sh 2009-08-05 19:03:45.000000000 +0200
+@@ -7,7 +7,7 @@
+ #
+ CC=gcc
+ #CFLAGS="-Wall -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wshadow -O2"
+-CFLAGS="-Wall -Werror -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wshadow -O2"
++CFLAGS="-Wall -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wshadow -O2"
+ if [ "$1" = "HEIMDAL" ]; then
+ DEFINE="-DHEIMDAL -D__LITTLE_ENDIAN__"
+ INCLUDE="-I/usr/include/heimdal -Ispnegohelp"
+diff -Nru squid-3.0.STABLE18.orig/lib/libTrie/acinclude.m4 squid-3.0.STABLE18/lib/libTrie/acinclude.m4
+--- squid-3.0.STABLE18.orig/lib/libTrie/acinclude.m4 2009-08-04 13:57:45.000000000 +0200
++++ squid-3.0.STABLE18/lib/libTrie/acinclude.m4 2009-08-05 19:03:45.000000000 +0200
+@@ -9,7 +9,7 @@
+ AC_MSG_CHECKING([whether compiler accepts -fhuge-objects])
+ AC_CACHE_VAL([ac_cv_test_checkforhugeobjects],[
+ ac_cv_test_checkforhugeobjects=`echo "int foo;" > conftest.cc
+-${CXX} -Werror -fhuge-objects -c conftest.cc 2>/dev/null
++${CXX} -fhuge-objects -c conftest.cc 2>/dev/null
+ res=$?
+ rm -f conftest.*
+ echo yes
+diff -Nru squid-3.0.STABLE18.orig/lib/libTrie/configure.in squid-3.0.STABLE18/lib/libTrie/configure.in
+--- squid-3.0.STABLE18.orig/lib/libTrie/configure.in 2009-08-04 13:57:45.000000000 +0200
++++ squid-3.0.STABLE18/lib/libTrie/configure.in 2009-08-05 19:03:45.000000000 +0200
+@@ -58,8 +58,8 @@
+
+ dnl set useful flags
+ if test "$GCC" = "yes"; then
+- TRIE_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments"
+- TRIE_CXXFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments"
++ TRIE_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations"
++ TRIE_CXXFLAGS="-Wall -Wpointer-arith -Wwrite-strings"
+ else
+ TRIE_CFLAGS=
+ TRIE_CXXFLAGS=
+diff -Nru squid-3.0.STABLE18.orig/src/cf.data.pre squid-3.0.STABLE18/src/cf.data.pre
+--- squid-3.0.STABLE18.orig/src/cf.data.pre 2009-08-04 13:57:49.000000000 +0200
++++ squid-3.0.STABLE18/src/cf.data.pre 2009-08-05 19:03:45.000000000 +0200
+@@ -652,6 +652,8 @@
+ acl Safe_ports port 488 # gss-http
+ acl Safe_ports port 591 # filemaker
+ acl Safe_ports port 777 # multiling http
++acl Safe_ports port 901 # SWAT
++acl purge method PURGE
+ acl CONNECT method CONNECT
+ NOCOMMENT_END
+ DOC_END
+@@ -685,6 +687,9 @@
+ # Only allow cachemgr access from localhost
+ http_access allow manager localhost
+ http_access deny manager
++# Only allow purge requests from localhost
++http_access allow purge localhost
++http_access deny purge
+ # Deny requests to unknown ports
+ http_access deny !Safe_ports
+ # Deny CONNECT to other than SSL ports
+@@ -702,6 +707,9 @@
+ # from where browsing should be allowed
+ http_access allow localnet
+
++# Allow the localhost to have access by default
++http_access allow localhost
++
+ # And finally deny all other access to this proxy
+ http_access deny all
+ NOCOMMENT_END
+@@ -3296,11 +3304,11 @@
+
+ NAME: cache_mgr
+ TYPE: string
+-DEFAULT: webmaster
++DEFAULT: root
+ LOC: Config.adminEmail
+ DOC_START
+ Email-address of local cache manager who will receive
+- mail if the cache dies. The default is "webmaster."
++ mail if the cache dies. The default is "root".
+ DOC_END
+
+ NAME: mail_from
+@@ -5250,6 +5258,9 @@
+ If you disable this, it will appear as
+
+ X-Forwarded-For: unknown
++NOCOMMENT_START
++forwarded_for off
++NOCOMMENT_END
+ DOC_END
+
+ NAME: cachemgr_passwd
+diff -Nru squid-3.0.STABLE18.orig/src/debug.cc squid-3.0.STABLE18/src/debug.cc
+--- squid-3.0.STABLE18.orig/src/debug.cc 2009-08-04 13:57:49.000000000 +0200
++++ squid-3.0.STABLE18/src/debug.cc 2009-08-05 19:03:45.000000000 +0200
+@@ -465,7 +465,7 @@
+ #if HAVE_SYSLOG && defined(LOG_LOCAL4)
+
+ if (opt_syslog_enable)
+- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, syslog_facility);
++ openlog(appname, LOG_PID | LOG_NDELAY, syslog_facility);
+
+ #endif /* HAVE_SYSLOG */
+
+diff -Nru squid-3.0.STABLE18.orig/src/defines.h squid-3.0.STABLE18/src/defines.h
+--- squid-3.0.STABLE18.orig/src/defines.h 2009-08-04 13:57:49.000000000 +0200
++++ squid-3.0.STABLE18/src/defines.h 2009-08-05 19:03:45.000000000 +0200
+@@ -218,7 +218,7 @@
+
+ /* were to look for errors if config path fails */
+ #ifndef DEFAULT_SQUID_ERROR_DIR
+-#define DEFAULT_SQUID_ERROR_DIR "/usr/local/squid/etc/errors"
++#define DEFAULT_SQUID_ERROR_DIR "/usr/share/squid/errors/English"
+ #endif
+
+ /* handy to determine the #elements in a static array */
+diff -Nru squid-3.0.STABLE18.orig/src/main.cc squid-3.0.STABLE18/src/main.cc
+--- squid-3.0.STABLE18.orig/src/main.cc 2009-08-04 13:57:49.000000000 +0200
++++ squid-3.0.STABLE18/src/main.cc 2009-08-05 19:03:45.000000000 +0200
+@@ -1490,7 +1490,7 @@
+ if (*(argv[0]) == '(')
+ return;
+
+- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
++ openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON);
+
+ if ((pid = fork()) < 0)
+ syslog(LOG_ALERT, "fork failed: %s", xstrerror());
+@@ -1534,7 +1534,7 @@
+
+ if ((pid = fork()) == 0) {
+ /* child */
+- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
++ openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON);
+ prog = xstrdup(argv[0]);
+ argv[0] = xstrdup("(squid)");
+ execvp(prog, argv);
+@@ -1542,7 +1542,7 @@
+ }
+
+ /* parent */
+- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
++ openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON);
+
+ syslog(LOG_NOTICE, "Squid Parent: child process %d started", pid);
+
+diff -Nru squid-3.0.STABLE18.orig/src/Makefile.am squid-3.0.STABLE18/src/Makefile.am
+--- squid-3.0.STABLE18.orig/src/Makefile.am 2009-08-04 13:57:48.000000000 +0200
++++ squid-3.0.STABLE18/src/Makefile.am 2009-08-05 19:03:45.000000000 +0200
+@@ -995,12 +995,12 @@
+ DEFAULT_CONFIG_FILE = $(sysconfdir)/squid.conf
+ DEFAULT_MIME_TABLE = $(sysconfdir)/mime.conf
+ DEFAULT_DNSSERVER = $(libexecdir)/`echo dnsserver | sed '$(transform);s/$$/$(EXEEXT)/'`
+-DEFAULT_LOG_PREFIX = $(localstatedir)/logs
++DEFAULT_LOG_PREFIX = $(localstatedir)/log/squid
+ DEFAULT_CACHE_LOG = $(DEFAULT_LOG_PREFIX)/cache.log
+ DEFAULT_ACCESS_LOG = $(DEFAULT_LOG_PREFIX)/access.log
+ DEFAULT_STORE_LOG = $(DEFAULT_LOG_PREFIX)/store.log
+-DEFAULT_PID_FILE = $(DEFAULT_LOG_PREFIX)/squid.pid
+-DEFAULT_SWAP_DIR = $(localstatedir)/cache
++DEFAULT_PID_FILE = $(localstatedir)/run/squid.pid
++DEFAULT_SWAP_DIR = $(localstatedir)/cache/squid
+ DEFAULT_PINGER = $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'`
+ DEFAULT_UNLINKD = $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'`
+ DEFAULT_DISKD = $(libexecdir)/`echo diskd | sed '$(transform);s/$$/$(EXEEXT)/'`
diff --git a/net-proxy/squid/files/squid-3.1.0.13_beta-gentoo.patch b/net-proxy/squid/files/squid-3.1.0.13_beta-gentoo.patch
new file mode 100644
index 000000000000..42ba74ac35b4
--- /dev/null
+++ b/net-proxy/squid/files/squid-3.1.0.13_beta-gentoo.patch
@@ -0,0 +1,309 @@
+diff -Nru squid-3.1.0.13.orig/acinclude.m4 squid-3.1.0.13/acinclude.m4
+--- squid-3.1.0.13.orig/acinclude.m4 2009-08-04 15:32:06.000000000 +0200
++++ squid-3.1.0.13/acinclude.m4 2009-08-06 21:10:24.000000000 +0200
+@@ -73,7 +73,7 @@
+ AC_MSG_CHECKING([whether compiler accepts -fhuge-objects])
+ AC_CACHE_VAL([ac_cv_test_checkforhugeobjects],[
+ ac_cv_test_checkforhugeobjects=`echo "int foo;" > conftest.cc
+-${CXX} -Werror -fhuge-objects -c conftest.cc 2>/dev/null
++${CXX} -fhuge-objects -c conftest.cc 2>/dev/null
+ res=$?
+ rm -f conftest.*
+ echo yes
+diff -Nru squid-3.1.0.13.orig/configure.in squid-3.1.0.13/configure.in
+--- squid-3.1.0.13.orig/configure.in 2009-08-06 21:08:31.000000000 +0200
++++ squid-3.1.0.13/configure.in 2009-08-06 21:10:24.000000000 +0200
+@@ -16,9 +16,9 @@
+ PRESET_LDFLAGS="$LDFLAGS"
+
+ dnl Set default LDFLAGS
+-if test -z "$LDFLAGS"; then
+- LDFLAGS="-g"
+-fi
++dnl if test -z "$LDFLAGS"; then
++dnl LDFLAGS="-g"
++dnl fi
+
+ dnl Check for GNU cc
+ AC_PROG_CC
+@@ -259,13 +259,13 @@
+ dnl TODO: check if the problem will be present in any other newer MinGW release.
+ case "$host_os" in
+ mingw|mingw32)
+- SQUID_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wcomments"
++ SQUID_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings"
+ ;;
+ *)
+- SQUID_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments"
++ SQUID_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations"
+ ;;
+ esac
+- SQUID_CXXFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments"
++ SQUID_CXXFLAGS="-Wall -Wpointer-arith -Wwrite-strings"
+ else
+ SQUID_CFLAGS=
+ SQUID_CXXFLAGS=
+diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/MSNT/confload.c squid-3.1.0.13/helpers/basic_auth/MSNT/confload.c
+--- squid-3.1.0.13.orig/helpers/basic_auth/MSNT/confload.c 2009-08-04 15:32:09.000000000 +0200
++++ squid-3.1.0.13/helpers/basic_auth/MSNT/confload.c 2009-08-06 21:10:24.000000000 +0200
+@@ -27,7 +27,7 @@
+
+ /* Path to configuration file */
+ #ifndef SYSCONFDIR
+-#define SYSCONFDIR "/usr/local/squid/etc"
++#define SYSCONFDIR "/etc/squid"
+ #endif
+ #define CONFIGFILE SYSCONFDIR "/msntauth.conf"
+
+diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/MSNT/msntauth.conf.default squid-3.1.0.13/helpers/basic_auth/MSNT/msntauth.conf.default
+--- squid-3.1.0.13.orig/helpers/basic_auth/MSNT/msntauth.conf.default 2009-08-04 15:32:09.000000000 +0200
++++ squid-3.1.0.13/helpers/basic_auth/MSNT/msntauth.conf.default 2009-08-06 21:10:24.000000000 +0200
+@@ -8,6 +8,6 @@
+ server other_PDC other_BDC otherdomain
+
+ # Denied and allowed users. Comment these if not needed.
+-#denyusers /usr/local/squid/etc/msntauth.denyusers
+-#allowusers /usr/local/squid/etc/msntauth.allowusers
++#denyusers /etc/squid/msntauth.denyusers
++#allowusers /etc/squid/msntauth.allowusers
+
+diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/SMB/Makefile.am squid-3.1.0.13/helpers/basic_auth/SMB/Makefile.am
+--- squid-3.1.0.13.orig/helpers/basic_auth/SMB/Makefile.am 2009-08-04 15:32:09.000000000 +0200
++++ squid-3.1.0.13/helpers/basic_auth/SMB/Makefile.am 2009-08-06 21:10:24.000000000 +0200
+@@ -16,7 +16,7 @@
+ ## FIXME: autoconf should test for the samba path.
+
+ SMB_AUTH_HELPER = smb_auth.sh
+-SAMBAPREFIX=/usr/local/samba
++SAMBAPREFIX=/usr
+ SMB_AUTH_HELPER_PATH = $(libexecdir)/$(SMB_AUTH_HELPER)
+
+ libexec_SCRIPTS = $(SMB_AUTH_HELPER)
+diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/SMB/smb_auth.sh squid-3.1.0.13/helpers/basic_auth/SMB/smb_auth.sh
+--- squid-3.1.0.13.orig/helpers/basic_auth/SMB/smb_auth.sh 2009-08-04 15:32:09.000000000 +0200
++++ squid-3.1.0.13/helpers/basic_auth/SMB/smb_auth.sh 2009-08-06 21:10:24.000000000 +0200
+@@ -24,7 +24,7 @@
+ read AUTHSHARE
+ read AUTHFILE
+ read SMBUSER
+-read SMBPASS
++read -r SMBPASS
+
+ # Find domain controller
+ echo "Domain name: $DOMAINNAME"
+@@ -47,7 +47,7 @@
+ addropt=""
+ fi
+ echo "Query address options: $addropt"
+-dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'`
++dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'`
+ echo "Domain controller IP address: $dcip"
+ [ -n "$dcip" ] || exit 1
+
+diff -Nru squid-3.1.0.13.orig/helpers/external_acl/session/squid_session.8 squid-3.1.0.13/helpers/external_acl/session/squid_session.8
+--- squid-3.1.0.13.orig/helpers/external_acl/session/squid_session.8 2009-08-04 15:32:09.000000000 +0200
++++ squid-3.1.0.13/helpers/external_acl/session/squid_session.8 2009-08-06 21:10:24.000000000 +0200
+@@ -35,7 +35,7 @@
+ .P
+ Configuration example using the default automatic mode
+ .IP
+-external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/local/squid/libexec/squid_session
++external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/libexec/squid/squid_session
+ .IP
+ acl session external session
+ .IP
+diff -Nru squid-3.1.0.13.orig/helpers/external_acl/unix_group/squid_unix_group.8 squid-3.1.0.13/helpers/external_acl/unix_group/squid_unix_group.8
+--- squid-3.1.0.13.orig/helpers/external_acl/unix_group/squid_unix_group.8 2009-08-04 15:32:10.000000000 +0200
++++ squid-3.1.0.13/helpers/external_acl/unix_group/squid_unix_group.8 2009-08-06 21:10:24.000000000 +0200
+@@ -27,7 +27,7 @@
+ This squid.conf example defines two Squid acls. usergroup1 matches users in group1, and usergroup2
+ matches users in group2 or group3
+ .IP
+-external_acl_type unix_group %LOGIN /usr/local/squid/libexec/squid_unix_group -p
++external_acl_type unix_group %LOGIN /usr/libexec/squid/squid_unix_group -p
+ .IP
+ acl usergroup1 external unix_group group1
+ .IP
+diff -Nru squid-3.1.0.13.orig/helpers/negotiate_auth/squid_kerb_auth/configure.in squid-3.1.0.13/helpers/negotiate_auth/squid_kerb_auth/configure.in
+--- squid-3.1.0.13.orig/helpers/negotiate_auth/squid_kerb_auth/configure.in 2009-08-04 15:32:10.000000000 +0200
++++ squid-3.1.0.13/helpers/negotiate_auth/squid_kerb_auth/configure.in 2009-08-06 21:10:24.000000000 +0200
+@@ -17,6 +17,7 @@
+
+ AC_INIT([squid_kerb_auth],[1.0.5],[markus_moeller@compuserve.com])
+ AM_INIT_AUTOMAKE(squid_kerb_auth,1.0.5)
++AM_MAINTAINER_MODE
+ AC_CONFIG_SRCDIR([squid_kerb_auth.c])
+
+ AC_PROG_CC
+@@ -531,7 +532,7 @@
+ dnl set variable for use in automakefile(s)
+ AM_CONDITIONAL(HAVE_SPNEGO, test x"$ac_cv_have_spnego" = x"yes" )
+
+-MY_CFLAGS="-Wall -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wshadow"
++MY_CFLAGS="-Wall -Wextra -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wshadow"
+ for ac_cv_my_cflag in $MY_CFLAGS; do
+ echo "int main()
+ {
+diff -Nru squid-3.1.0.13.orig/lib/libTrie/acinclude.m4 squid-3.1.0.13/lib/libTrie/acinclude.m4
+--- squid-3.1.0.13.orig/lib/libTrie/acinclude.m4 2009-08-04 15:32:11.000000000 +0200
++++ squid-3.1.0.13/lib/libTrie/acinclude.m4 2009-08-06 21:10:24.000000000 +0200
+@@ -9,7 +9,7 @@
+ AC_MSG_CHECKING([whether compiler accepts -fhuge-objects])
+ AC_CACHE_VAL([ac_cv_test_checkforhugeobjects],[
+ ac_cv_test_checkforhugeobjects=`echo "int foo;" > conftest.cc
+-${CXX} -Werror -fhuge-objects -c conftest.cc 2>/dev/null
++${CXX} -fhuge-objects -c conftest.cc 2>/dev/null
+ res=$?
+ rm -f conftest.*
+ echo yes
+diff -Nru squid-3.1.0.13.orig/lib/libTrie/configure.in squid-3.1.0.13/lib/libTrie/configure.in
+--- squid-3.1.0.13.orig/lib/libTrie/configure.in 2009-08-04 15:32:11.000000000 +0200
++++ squid-3.1.0.13/lib/libTrie/configure.in 2009-08-06 21:10:24.000000000 +0200
+@@ -59,8 +59,8 @@
+
+ dnl set useful flags
+ if test "$GCC" = "yes"; then
+- TRIE_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments"
+- TRIE_CXXFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments"
++ TRIE_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations"
++ TRIE_CXXFLAGS="-Wall -Wpointer-arith -Wwrite-strings"
+ else
+ TRIE_CFLAGS=
+ TRIE_CXXFLAGS=
+diff -Nru squid-3.1.0.13.orig/src/cf.data.pre squid-3.1.0.13/src/cf.data.pre
+--- squid-3.1.0.13.orig/src/cf.data.pre 2009-08-04 15:32:16.000000000 +0200
++++ squid-3.1.0.13/src/cf.data.pre 2009-08-06 21:10:24.000000000 +0200
+@@ -708,6 +708,8 @@
+ acl Safe_ports port 488 # gss-http
+ acl Safe_ports port 591 # filemaker
+ acl Safe_ports port 777 # multiling http
++acl Safe_ports port 901 # SWAT
++acl purge method PURGE
+ acl CONNECT method CONNECT
+ NOCOMMENT_END
+ DOC_END
+@@ -833,6 +835,9 @@
+ # Only allow cachemgr access from localhost
+ http_access allow manager localhost
+ http_access deny manager
++# Only allow purge requests from localhost
++http_access allow purge localhost
++http_access deny purge
+ # Deny requests to unknown ports
+ http_access deny !Safe_ports
+ # Deny CONNECT to other than SSL ports
+@@ -851,6 +856,9 @@
+ http_access allow localnet
+ http_access allow localhost
+
++# Allow the localhost to have access by default
++http_access allow localhost
++
+ # And finally deny all other access to this proxy
+ http_access deny all
+ NOCOMMENT_END
+@@ -3942,11 +3950,11 @@
+
+ NAME: cache_mgr
+ TYPE: string
+-DEFAULT: webmaster
++DEFAULT: root
+ LOC: Config.adminEmail
+ DOC_START
+ Email-address of local cache manager who will receive
+- mail if the cache dies. The default is "webmaster."
++ mail if the cache dies. The default is "root".
+ DOC_END
+
+ NAME: mail_from
+@@ -6243,7 +6251,7 @@
+ NAME: forwarded_for
+ COMMENT: on|off|transparent|truncate|delete
+ TYPE: string
+-DEFAULT: on
++DEFAULT: delete
+ LOC: opt_forwarded_for
+ DOC_START
+ If set to "on", Squid will append your client's IP address
+diff -Nru squid-3.1.0.13.orig/src/debug.cc squid-3.1.0.13/src/debug.cc
+--- squid-3.1.0.13.orig/src/debug.cc 2009-08-04 15:32:16.000000000 +0200
++++ squid-3.1.0.13/src/debug.cc 2009-08-06 21:10:24.000000000 +0200
+@@ -452,7 +452,7 @@
+ #if HAVE_SYSLOG && defined(LOG_LOCAL4)
+
+ if (Debug::log_syslog)
+- openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, syslog_facility);
++ openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, syslog_facility);
+
+ #endif /* HAVE_SYSLOG */
+
+diff -Nru squid-3.1.0.13.orig/src/main.cc squid-3.1.0.13/src/main.cc
+--- squid-3.1.0.13.orig/src/main.cc 2009-08-04 15:32:17.000000000 +0200
++++ squid-3.1.0.13/src/main.cc 2009-08-06 21:10:24.000000000 +0200
+@@ -1533,7 +1533,7 @@
+ if (*(argv[0]) == '(')
+ return;
+
+- openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
++ openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, LOG_DAEMON);
+
+ if ((pid = fork()) < 0)
+ syslog(LOG_ALERT, "fork failed: %s", xstrerror());
+@@ -1577,7 +1577,7 @@
+
+ if ((pid = fork()) == 0) {
+ /* child */
+- openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
++ openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, LOG_DAEMON);
+ prog = xstrdup(argv[0]);
+ argv[0] = xstrdup("(squid)");
+ execvp(prog, argv);
+@@ -1585,7 +1585,7 @@
+ }
+
+ /* parent */
+- openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
++ openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, LOG_DAEMON);
+
+ syslog(LOG_NOTICE, "Squid Parent: child process %d started", pid);
+
+diff -Nru squid-3.1.0.13.orig/src/Makefile.am squid-3.1.0.13/src/Makefile.am
+--- squid-3.1.0.13.orig/src/Makefile.am 2009-08-04 15:32:13.000000000 +0200
++++ squid-3.1.0.13/src/Makefile.am 2009-08-06 21:10:24.000000000 +0200
+@@ -636,7 +636,6 @@
+
+ sysconf_DATA = \
+ squid.conf.default \
+- squid.conf.documented \
+ mime.conf.default
+
+ data_DATA = \
+@@ -711,8 +710,8 @@
+ DEFAULT_ACCESS_LOG = $(DEFAULT_LOG_PREFIX)/access.log
+ DEFAULT_STORE_LOG = $(DEFAULT_LOG_PREFIX)/store.log
+ DEFAULT_PID_FILE = @DEFAULT_PIDFILE@
+-DEFAULT_NETDB_FILE = $(DEFAULT_LOG_PREFIX)/netdb.state
+-DEFAULT_SWAP_DIR = $(localstatedir)/cache
++DEFAULT_NETDB_FILE = $(localstatedir)/run/netdb.state
++DEFAULT_SWAP_DIR = $(localstatedir)/cache/squid
+ DEFAULT_PINGER = $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'`
+ DEFAULT_UNLINKD = $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'`
+ DEFAULT_DISKD = $(libexecdir)/`echo diskd | sed '$(transform);s/$$/$(EXEEXT)/'`
+@@ -746,7 +745,7 @@
+ true
+
+ squid.conf.default: squid.conf.documented
+- $(EGREP) -v "^[#\ ]" squid.conf.documented | $(EGREP) . >squid.conf.default
++ cp squid.conf.documented squid.conf.default
+
+ cf_parser.h: cf.data cf_gen$(EXEEXT)
+ ./cf_gen cf.data $(srcdir)/cf.data.depend
+@@ -800,8 +799,6 @@
+ fi
+ echo "$(INSTALL_DATA) squid.conf.default $(DESTDIR)$(DEFAULT_CONFIG_FILE).default"; \
+ $(INSTALL_DATA) squid.conf.default $(DESTDIR)$(DEFAULT_CONFIG_FILE).default; \
+- echo "$(INSTALL_DATA) squid.conf.documented $(DESTDIR)$(DEFAULT_CONFIG_FILE).documented"; \
+- $(INSTALL_DATA) squid.conf.documented $(DESTDIR)$(DEFAULT_CONFIG_FILE).documented; \
+ $(mkinstalldirs) $(DESTDIR)$(DEFAULT_LOG_PREFIX)
+
+ uninstall-local:
diff --git a/net-proxy/squid/files/squid-3.1.0.13_beta-qafixes.patch b/net-proxy/squid/files/squid-3.1.0.13_beta-qafixes.patch
new file mode 100644
index 000000000000..510c490f21f8
--- /dev/null
+++ b/net-proxy/squid/files/squid-3.1.0.13_beta-qafixes.patch
@@ -0,0 +1,43 @@
+diff -Nru squid-3.1.0.13.orig/src/forward.cc squid-3.1.0.13/src/forward.cc
+--- squid-3.1.0.13.orig/src/forward.cc 2009-08-04 15:32:17.000000000 +0200
++++ squid-3.1.0.13/src/forward.cc 2009-08-06 23:34:54.000000000 +0200
+@@ -995,7 +995,12 @@
+ break;
+
+ if (o->cmsg_level == SOL_IP && o->cmsg_type == IP_TOS) {
+- clientFde->upstreamTOS = (unsigned char)(*(int*)CMSG_DATA(o));
++ union {
++ unsigned char *pchar;
++ int *pint;
++ } data;
++ data.pchar = CMSG_DATA(o);
++ clientFde->upstreamTOS = (unsigned char)*data.pint;
+ break;
+ }
+ p += CMSG_LEN(o->cmsg_len);
+diff -Nru squid-3.1.0.13.orig/src/ftp.cc squid-3.1.0.13/src/ftp.cc
+--- squid-3.1.0.13.orig/src/ftp.cc 2009-08-04 15:32:17.000000000 +0200
++++ squid-3.1.0.13/src/ftp.cc 2009-08-06 23:32:39.000000000 +0200
+@@ -534,16 +534,18 @@
+ void
+ FtpStateData::loginParser(const char *login, int escaped)
+ {
+- char *s = NULL;
++ const char *s = NULL;
+ debugs(9, 4, HERE << ": login='" << login << "', escaped=" << escaped);
+ debugs(9, 9, HERE << ": IN : login='" << login << "', escaped=" << escaped << ", user=" << user << ", password=" << password);
+
+ if ((s = strchr(login, ':'))) {
+- *s = '\0';
+-
+ /* if there was a username part */
+ if (s > login) {
+- xstrncpy(user, login, MAX_URL);
++ int len = s - login;
++ if (len > MAX_URL)
++ len = MAX_URL;
++ xstrncpy(user, login, len);
++ user[len] = '\0';
+ if (escaped)
+ rfc1738_unescape(user);
+ }
diff --git a/net-proxy/squid/squid-3.0.18.ebuild b/net-proxy/squid/squid-3.0.18.ebuild
new file mode 100644
index 000000000000..d7465b050549
--- /dev/null
+++ b/net-proxy/squid/squid-3.0.18.ebuild
@@ -0,0 +1,193 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-3.0.18.ebuild,v 1.1 2009/08/06 22:52:30 mrness Exp $
+
+EAPI="2"
+
+inherit eutils pam toolchain-funcs autotools
+
+# lame archive versioning scheme..
+S_PMV="${PV%%.*}"
+S_PV="${PV%.*}"
+S_PL="${PV##*.}"
+S_PP="${PN}-${S_PV}.STABLE${S_PL}"
+
+RESTRICT="test" # check if test works in next bump
+
+DESCRIPTION="A full-featured web proxy cache"
+HOMEPAGE="http://www.squid-cache.org/"
+SRC_URI="http://www.squid-cache.org/Versions/v${S_PMV}/${S_PV}/${S_PP}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="caps pam ldap samba sasl kerberos nis radius ssl snmp selinux icap-client logrotate \
+ mysql postgres sqlite \
+ zero-penalty-hit \
+ pf-transparent ipf-transparent kqueue \
+ elibc_uclibc kernel_linux epoll"
+
+DEPEND="caps? ( >=sys-libs/libcap-2.16 )
+ pam? ( virtual/pam )
+ ldap? ( net-nds/openldap )
+ kerberos? ( || ( app-crypt/mit-krb5 app-crypt/heimdal ) )
+ ssl? ( dev-libs/openssl )
+ sasl? ( dev-libs/cyrus-sasl )
+ selinux? ( sec-policy/selinux-squid )
+ !x86-fbsd? ( logrotate? ( app-admin/logrotate ) )
+ >=sys-libs/db-4
+ dev-lang/perl"
+RDEPEND="${DEPEND}
+ samba? ( net-fs/samba )
+ mysql? ( dev-perl/DBD-mysql )
+ postgres? ( dev-perl/DBD-Pg )
+ sqlite? ( dev-perl/DBD-SQLite )"
+
+S="${WORKDIR}/${S_PP}"
+
+pkg_setup() {
+ if grep -qs '^[[:space:]]*cache_dir[[:space:]]\+coss' "${ROOT}"etc/squid/squid.conf; then
+ eerror "coss store IO has been disabled by upstream due to stability issues!"
+ eerror "If you want to install this version, switch the store type to something else"
+ eerror "before attempting to install this version again."
+
+ die "/etc/squid/squid.conf: cache_dir use a disabled store type"
+ fi
+
+ enewgroup squid 31
+ enewuser squid 31 -1 /var/cache/squid squid
+}
+
+src_prepare() {
+ epatch "${FILESDIR}"/${PN}-3-capability.patch
+ epatch "${FILESDIR}"/${P}-gentoo.patch
+ epatch "${FILESDIR}"/${P}-cross-compile.patch
+ use zero-penalty-hit && epatch "${FILESDIR}"/${P}-adapted-zph.patch
+
+ eautoreconf
+}
+
+src_configure() {
+ local basic_modules="getpwnam,NCSA,MSNT"
+ use samba && basic_modules="SMB,multi-domain-NTLM,${basic_modules}"
+ use ldap && basic_modules="LDAP,${basic_modules}"
+ use pam && basic_modules="PAM,${basic_modules}"
+ use sasl && basic_modules="SASL,${basic_modules}"
+ use nis && ! use elibc_uclibc && basic_modules="YP,${basic_modules}"
+ use radius && basic_modules="squid_radius_auth,${basic_modules}"
+ if use mysql || use postgres || use sqlite ; then
+ basic_modules="DB,${basic_modules}"
+ fi
+
+ local ext_helpers="ip_user,session,unix_group"
+ use samba && ext_helpers="wbinfo_group,${ext_helpers}"
+ use ldap && ext_helpers="ldap_group,${ext_helpers}"
+
+ local ntlm_helpers="fakeauth"
+ use samba && ntlm_helpers="SMB,${ntlm_helpers}"
+
+ local negotiate_helpers=
+ use kerberos && local negotiate_helpers="squid_kerb_auth"
+
+ local myconf=""
+
+ # coss support has been disabled
+ # If it is re-enabled again, make sure you don't enable it for elibc_uclibc (#61175)
+ myconf="${myconf} --enable-storeio=ufs,diskd,aufs,null"
+
+ if use kernel_linux; then
+ myconf="${myconf} --enable-linux-netfilter
+ $(use_enable epoll)"
+ elif use kernel_FreeBSD || use kernel_OpenBSD || use kernel_NetBSD ; then
+ myconf="${myconf} $(use_enable kqueue)"
+ if use pf-transparent; then
+ myconf="${myconf} --enable-pf-transparent"
+ elif use ipf-transparent; then
+ myconf="${myconf} --enable-ipf-transparent"
+ fi
+ fi
+
+ export CC=$(tc-getCC)
+
+ econf \
+ --sysconfdir=/etc/squid \
+ --libexecdir=/usr/libexec/squid \
+ --localstatedir=/var \
+ --datadir=/usr/share/squid \
+ --with-default-user=squid \
+ --enable-auth="basic,digest,negotiate,ntlm" \
+ --enable-removal-policies="lru,heap" \
+ --enable-digest-auth-helpers="password" \
+ --enable-basic-auth-helpers="${basic_modules}" \
+ --enable-external-acl-helpers="${ext_helpers}" \
+ --enable-ntlm-auth-helpers="${ntlm_helpers}" \
+ --enable-negotiate-auth-helpers="${negotiate_helpers}" \
+ --enable-useragent-log \
+ --enable-cache-digests \
+ --enable-delay-pools \
+ --enable-referer-log \
+ --enable-arp-acl \
+ --with-large-files \
+ --with-filedescriptors=8192 \
+ $(use_enable caps) \
+ $(use_enable snmp) \
+ $(use_enable ssl) \
+ $(use_enable icap-client) \
+ ${myconf} || die "econf failed"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die "emake install failed"
+
+ # need suid root for looking into /etc/shadow
+ fowners root:squid /usr/libexec/squid/ncsa_auth
+ fowners root:squid /usr/libexec/squid/pam_auth
+ fperms 4750 /usr/libexec/squid/ncsa_auth
+ fperms 4750 /usr/libexec/squid/pam_auth
+
+ # some cleanups
+ rm -f "${D}"/usr/bin/Run*
+
+ dodoc CONTRIBUTORS CREDITS ChangeLog QUICKSTART SPONSORS doc/*.txt \
+ helpers/ntlm_auth/no_check/README.no_check_ntlm_auth
+ newdoc helpers/basic_auth/SMB/README README.auth_smb
+ dohtml helpers/basic_auth/MSNT/README.html RELEASENOTES.html
+ newdoc helpers/basic_auth/LDAP/README README.auth_ldap
+ doman helpers/basic_auth/LDAP/*.8
+ dodoc helpers/basic_auth/SASL/squid_sasl_auth*
+
+ newpamd "${FILESDIR}/squid.pam" squid
+ newconfd "${FILESDIR}/squid.confd" squid
+ if use logrotate; then
+ newinitd "${FILESDIR}/squid.initd-logrotate" squid
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/squid.logrotate" squid
+ else
+ newinitd "${FILESDIR}/squid.initd" squid
+ exeinto /etc/cron.weekly
+ newexe "${FILESDIR}/squid.cron" squid.cron
+ fi
+
+ rm -rf "${D}"/var
+ diropts -m0755 -o squid -g squid
+ keepdir /var/cache/squid /var/log/squid
+}
+
+pkg_postinst() {
+ echo
+ ewarn "Squid authentication helpers have been installed suid root."
+ ewarn "This allows shadow based authentication (see bug #52977 for more)."
+ echo
+ ewarn "Be careful what type of cache_dir you select!"
+ ewarn " 'diskd' is optimized for high levels of traffic, but it might seem slow"
+ ewarn "when there isn't sufficient traffic to keep squid reasonably busy."
+ ewarn " If your traffic level is low to moderate, use 'aufs' or 'ufs'."
+ echo
+ ewarn "Squid can be configured to run in transparent mode like this:"
+ ewarn " ${HILITE}http_port internal-addr:3128 transparent${NORMAL}"
+ if use zero-penalty-hit; then
+ echo
+ ewarn "In order for zph_preserve_miss_tos to work, you will have to alter your kernel"
+ ewarn "with the patch that can be found on http://zph.bratcheda.org site."
+ fi
+}
diff --git a/net-proxy/squid/squid-3.1.0.13_beta.ebuild b/net-proxy/squid/squid-3.1.0.13_beta.ebuild
new file mode 100644
index 000000000000..54340272a226
--- /dev/null
+++ b/net-proxy/squid/squid-3.1.0.13_beta.ebuild
@@ -0,0 +1,198 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-3.1.0.13_beta.ebuild,v 1.1 2009/08/06 22:52:30 mrness Exp $
+
+EAPI="2"
+
+inherit eutils pam toolchain-funcs
+
+DESCRIPTION="A full-featured web proxy cache"
+HOMEPAGE="http://www.squid-cache.org/"
+SRC_URI="http://www.squid-cache.org/Versions/v3/3.1/${P/_beta}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="caps ipv6 pam ldap samba sasl kerberos nis radius ssl snmp selinux icap-client logrotate test \
+ mysql postgres sqlite \
+ zero-penalty-hit \
+ pf-transparent ipf-transparent kqueue \
+ elibc_uclibc kernel_linux epoll"
+
+COMMON_DEPEND="caps? ( >=sys-libs/libcap-2.16 )
+ pam? ( virtual/pam )
+ ldap? ( net-nds/openldap )
+ kerberos? ( || ( app-crypt/mit-krb5 app-crypt/heimdal ) )
+ ssl? ( dev-libs/openssl )
+ sasl? ( dev-libs/cyrus-sasl )
+ selinux? ( sec-policy/selinux-squid )
+ !x86-fbsd? ( logrotate? ( app-admin/logrotate ) )
+ >=sys-libs/db-4
+ dev-lang/perl"
+DEPEND="${COMMON_DEPEND}
+ sys-devel/automake
+ sys-devel/autoconf
+ sys-devel/libtool
+ test? ( dev-util/cppunit )"
+RDEPEND="${COMMON_DEPEND}
+ samba? ( net-fs/samba )
+ mysql? ( dev-perl/DBD-mysql )
+ postgres? ( dev-perl/DBD-Pg )
+ sqlite? ( dev-perl/DBD-SQLite )"
+
+S="${WORKDIR}/${P/_beta}"
+
+pkg_setup() {
+ if grep -qs '^[[:space:]]*cache_dir[[:space:]]\+coss' "${ROOT}"etc/squid/squid.conf; then
+ eerror "coss store IO has been disabled by upstream due to stability issues!"
+ eerror "If you want to install this version, switch the store type to something else"
+ eerror "before attempting to install this version again."
+
+ die "/etc/squid/squid.conf: cache_dir use a disabled store type"
+ fi
+
+ enewgroup squid 31
+ enewuser squid 31 -1 /var/cache/squid squid
+}
+
+src_prepare() {
+ epatch "${FILESDIR}"/${PN}-3-capability.patch
+ epatch "${FILESDIR}"/${P}-gentoo.patch
+ epatch "${FILESDIR}"/${P}-qafixes.patch
+
+ # eautoreconf breaks lib/libLtdl/libtool script
+ ./bootstrap.sh || die "autoreconf failed"
+}
+
+src_configure() {
+ local myconf=""
+
+ local basic_modules="getpwnam,NCSA,MSNT"
+ use samba && basic_modules="SMB,multi-domain-NTLM,${basic_modules}"
+ use ldap && basic_modules="LDAP,${basic_modules}"
+ use pam && basic_modules="PAM,${basic_modules}"
+ use sasl && basic_modules="SASL,${basic_modules}"
+ use nis && ! use elibc_uclibc && basic_modules="YP,${basic_modules}"
+ use radius && basic_modules="squid_radius_auth,${basic_modules}"
+ if use mysql || use postgres || use sqlite ; then
+ basic_modules="DB,${basic_modules}"
+ fi
+
+ local ext_helpers="ip_user,session,unix_group"
+ use samba && ext_helpers="wbinfo_group,${ext_helpers}"
+ use ldap && ext_helpers="ldap_group,${ext_helpers}"
+
+ local ntlm_helpers="fakeauth"
+ use samba && ntlm_helpers="smb_lm,${ntlm_helpers}"
+
+ local negotiate_helpers=
+ if use kerberos; then
+ negotiate_helpers="squid_kerb_auth"
+ has_version app-crypt/mit-krb5 \
+ && myconf="--enable-mit --disable-heimdal" \
+ || myconf="--disable-mit --enable-heimdal"
+ fi
+
+ # coss support has been disabled
+ # If it is re-enabled again, make sure you don't enable it for elibc_uclibc (#61175)
+ myconf="${myconf} --enable-storeio=ufs,diskd,aufs"
+
+ if use kernel_linux; then
+ myconf="${myconf} --enable-linux-netfilter
+ $(use_enable epoll)"
+ elif use kernel_FreeBSD || use kernel_OpenBSD || use kernel_NetBSD ; then
+ myconf="${myconf} $(use_enable kqueue)"
+ if use pf-transparent; then
+ myconf="${myconf} --enable-pf-transparent"
+ elif use ipf-transparent; then
+ myconf="${myconf} --enable-ipf-transparent"
+ fi
+ fi
+
+ export CC=$(tc-getCC)
+
+ econf \
+ --sysconfdir=/etc/squid \
+ --libexecdir=/usr/libexec/squid \
+ --localstatedir=/var \
+ --datadir=/usr/share/squid \
+ --with-logdir=/var/log/squid \
+ --with-default-user=squid \
+ --enable-auth="basic,digest,negotiate,ntlm" \
+ --enable-removal-policies="lru,heap" \
+ --enable-digest-auth-helpers="password" \
+ --enable-basic-auth-helpers="${basic_modules}" \
+ --enable-external-acl-helpers="${ext_helpers}" \
+ --enable-ntlm-auth-helpers="${ntlm_helpers}" \
+ --enable-negotiate-auth-helpers="${negotiate_helpers}" \
+ --enable-useragent-log \
+ --enable-cache-digests \
+ --enable-delay-pools \
+ --enable-referer-log \
+ --enable-arp-acl \
+ --with-large-files \
+ --with-filedescriptors=8192 \
+ $(use_enable caps) \
+ $(use_enable ipv6) \
+ $(use_enable snmp) \
+ $(use_enable ssl) \
+ $(use_enable icap-client) \
+ $(use_enable zero-penalty-hit zph-qos) \
+ ${myconf} || die "econf failed"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die "emake install failed"
+
+ # need suid root for looking into /etc/shadow
+ fowners root:squid /usr/libexec/squid/ncsa_auth
+ fowners root:squid /usr/libexec/squid/pam_auth
+ fperms 4750 /usr/libexec/squid/ncsa_auth
+ fperms 4750 /usr/libexec/squid/pam_auth
+
+ # some cleanups
+ rm -f "${D}"/usr/bin/Run*
+
+ dodoc CONTRIBUTORS CREDITS ChangeLog QUICKSTART SPONSORS doc/*.txt \
+ helpers/ntlm_auth/no_check/README.no_check_ntlm_auth
+ newdoc helpers/basic_auth/SMB/README README.auth_smb
+ dohtml helpers/basic_auth/MSNT/README.html RELEASENOTES.html
+ newdoc helpers/basic_auth/LDAP/README README.auth_ldap
+ doman helpers/basic_auth/LDAP/*.8
+ dodoc helpers/basic_auth/SASL/squid_sasl_auth*
+
+ newpamd "${FILESDIR}/squid.pam" squid
+ newconfd "${FILESDIR}/squid.confd" squid
+ if use logrotate; then
+ newinitd "${FILESDIR}/squid.initd-logrotate" squid
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/squid.logrotate" squid
+ else
+ newinitd "${FILESDIR}/squid.initd" squid
+ exeinto /etc/cron.weekly
+ newexe "${FILESDIR}/squid.cron" squid.cron
+ fi
+
+ rm -rf "${D}"/var
+ diropts -m0755 -o squid -g squid
+ keepdir /var/cache/squid /var/log/squid
+}
+
+pkg_postinst() {
+ echo
+ ewarn "Squid authentication helpers have been installed suid root."
+ ewarn "This allows shadow based authentication (see bug #52977 for more)."
+ echo
+ ewarn "Be careful what type of cache_dir you select!"
+ ewarn " 'diskd' is optimized for high levels of traffic, but it might seem slow"
+ ewarn "when there isn't sufficient traffic to keep squid reasonably busy."
+ ewarn " If your traffic level is low to moderate, use 'aufs' or 'ufs'."
+ echo
+ ewarn "Squid can be configured to run in transparent mode like this:"
+ ewarn " ${HILITE}http_port internal-addr:3128 transparent${NORMAL}"
+ if use zero-penalty-hit; then
+ echo
+ ewarn "In order for zph_preserve_miss_tos to work, you will have to alter your kernel"
+ ewarn "with the patch that can be found on http://zph.bratcheda.org site."
+ fi
+}