Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mikle Kolyada <zlogene@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-proxy/squid/, net-proxy/squid/files/
Date: Mon, 29 Jun 2020 18:14:04
Message-Id: 1593454428.78173484f6055e32cf33a7c0cf1b703e1c84afc6.zlogene@gentoo
1 commit: 78173484f6055e32cf33a7c0cf1b703e1c84afc6
2 Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
3 AuthorDate: Mon Jun 29 18:13:48 2020 +0000
4 Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
5 CommitDate: Mon Jun 29 18:13:48 2020 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78173484
7
8 net-proxy/squid: Security cleanup
9
10 Package-Manager: Portage-2.3.99, Repoman-2.3.22
11 Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
12
13 net-proxy/squid/Manifest | 1 -
14 .../files/squid-4.11-missing-debug-extra.patch | 31 ---
15 net-proxy/squid/squid-4.11.ebuild | 280 ---------------------
16 3 files changed, 312 deletions(-)
17
18 diff --git a/net-proxy/squid/Manifest b/net-proxy/squid/Manifest
19 index aa209a89667..dac695fdb6a 100644
20 --- a/net-proxy/squid/Manifest
21 +++ b/net-proxy/squid/Manifest
22 @@ -1,2 +1 @@
23 -DIST squid-4.11.tar.xz 2447700 BLAKE2B 9080508caff683bffe3e2eb64a454c95f69ab47c0ca9b1a649e553daf0dde2391aa14c6631aa6ee617687b122beef691cbe9a8e49ac5e5ea8a9737847ece9444 SHA512 02d4bb4d5860124347670615e69b1b92be7ea4fc0131e54091a06cb2e67bd73583d8e6cbe472473f0c59764611a49561d02ab9fe2bf0305ce4652d4ec7714f26
24 DIST squid-4.12.tar.xz 2450564 BLAKE2B 39068d5e999ebf62fbc45ea8faa8811c7b4e6a231f814f2580f54ce3ac499b503b7bc071188b4446a2a94f7eb2f4cfc6369a1b578e637a7b5e37a0ae2aabfb8e SHA512 96fa700a0c28711eb1ec5e44e1d324dc8d3accdddbc675def8babe057e2cc71083bd3817bc37cbd9f3c03772743df578573ee3698bbd6131df68c3580ad31ef4
25
26 diff --git a/net-proxy/squid/files/squid-4.11-missing-debug-extra.patch b/net-proxy/squid/files/squid-4.11-missing-debug-extra.patch
27 deleted file mode 100644
28 index cf4d3ebb9a5..00000000000
29 --- a/net-proxy/squid/files/squid-4.11-missing-debug-extra.patch
30 +++ /dev/null
31 @@ -1,31 +0,0 @@
32 -From 0cbf89e7d266aabacc8651759a8509ebbe0f5c93 Mon Sep 17 00:00:00 2001
33 -From: Alex Rousskov <rousskov@×××××××××××××××××××.com>
34 -Date: Mon, 20 Apr 2020 15:32:48 -0400
35 -Subject: [PATCH] Bug 5041: Missing Debug::Extra breaks build on hosts with
36 - systemd
37 -
38 -Master commit 6fa8c66 (i.e. Bug 5016 fix) relied on Debug::Extra added
39 -by master commit (ccfbe8f) that was not ported to v4. The port of the
40 -former master commit lacked the required piece of the latter commit.
41 -
42 -The problem is invisible on hosts without a systemd package (that Squid
43 -can find/use) and with Squids explicitly ./configured --without-systemd.
44 ----
45 - src/Debug.h | 4 ++++
46 - 1 file changed, 4 insertions(+)
47 -
48 -diff --git a/src/Debug.h b/src/Debug.h
49 -index 6eecd01bf9..ddd9e38f8f 100644
50 ---- a/src/Debug.h
51 -+++ b/src/Debug.h
52 -@@ -99,6 +99,10 @@ class Debug
53 -
54 - /// configures the active debugging context to write syslog ALERT
55 - static void ForceAlert();
56 -+
57 -+ /// prefixes each grouped debugs() line after the first one in the group
58 -+ static std::ostream& Extra(std::ostream &os) { return os << "\n "; }
59 -+
60 - private:
61 - static Context *Current; ///< deepest active context; nil outside debugs()
62 - };
63
64 diff --git a/net-proxy/squid/squid-4.11.ebuild b/net-proxy/squid/squid-4.11.ebuild
65 deleted file mode 100644
66 index d46ef90915e..00000000000
67 --- a/net-proxy/squid/squid-4.11.ebuild
68 +++ /dev/null
69 @@ -1,280 +0,0 @@
70 -# Copyright 1999-2020 Gentoo Authors
71 -# Distributed under the terms of the GNU General Public License v2
72 -
73 -EAPI=7
74 -
75 -WANT_AUTOMAKE="1.15"
76 -
77 -inherit autotools flag-o-matic linux-info pam toolchain-funcs
78 -
79 -DESCRIPTION="A full-featured web proxy cache"
80 -HOMEPAGE="http://www.squid-cache.org/"
81 -
82 -# Upstream patch ID for the most recent bug-fixed update to the formal release.
83 -r=
84 -#r=-20181117-r0022167
85 -if [ -z "$r" ]; then
86 - SRC_URI="http://www.squid-cache.org/Versions/v${PV%.*}/${P}.tar.xz"
87 -else
88 - SRC_URI="http://www.squid-cache.org/Versions/v${PV%.*}/${P}${r}.tar.bz2"
89 - S="${S}${r}"
90 -fi
91 -
92 -LICENSE="GPL-2"
93 -SLOT="0"
94 -KEYWORDS="~alpha amd64 arm ~hppa ~ia64 ~mips ppc ppc64 ~sparc x86"
95 -IUSE="caps gnutls ipv6 pam ldap samba sasl kerberos nis radius ssl snmp selinux logrotate test \
96 - ecap esi ssl-crtd \
97 - mysql postgres sqlite \
98 - perl qos tproxy \
99 - +htcp +wccp +wccpv2 \
100 - pf-transparent ipf-transparent kqueue \
101 - elibc_uclibc kernel_linux"
102 -
103 -RESTRICT="!test? ( test )"
104 -
105 -BDEPEND="dev-lang/perl"
106 -
107 -COMMON_DEPEND="acct-group/squid
108 - acct-user/squid
109 - caps? ( >=sys-libs/libcap-2.16 )
110 - pam? ( sys-libs/pam )
111 - ldap? ( net-nds/openldap )
112 - kerberos? ( virtual/krb5 )
113 - qos? ( net-libs/libnetfilter_conntrack )
114 - ssl? (
115 - !gnutls? ( dev-libs/openssl:0 )
116 - dev-libs/nettle:= )
117 - sasl? ( dev-libs/cyrus-sasl )
118 - ecap? ( net-libs/libecap:1 )
119 - esi? ( dev-libs/expat dev-libs/libxml2 )
120 - gnutls? ( >=net-libs/gnutls-3.1.5 )
121 - logrotate? ( app-admin/logrotate )
122 - >=sys-libs/db-4:*
123 - dev-libs/libltdl:0"
124 -
125 -DEPEND="${COMMON_DEPEND}
126 - ${BDEPEND}
127 - ecap? ( virtual/pkgconfig )
128 - test? ( dev-util/cppunit )"
129 -
130 -RDEPEND="${COMMON_DEPEND}
131 - samba? ( net-fs/samba )
132 - perl? ( dev-lang/perl )
133 - mysql? ( dev-perl/DBD-mysql )
134 - postgres? ( dev-perl/DBD-Pg )
135 - selinux? ( sec-policy/selinux-squid )
136 - sqlite? ( dev-perl/DBD-SQLite )"
137 -
138 -REQUIRED_USE="tproxy? ( caps )
139 - qos? ( caps )"
140 -
141 -pkg_pretend() {
142 - if use tproxy; then
143 - local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_XT_MATCH_SOCKET ~NETFILTER_XT_TARGET_TPROXY"
144 - linux-info_pkg_setup
145 - fi
146 -}
147 -
148 -src_prepare() {
149 - eapply "${FILESDIR}/${PN}-4.3-gentoo.patch"
150 - eapply "${FILESDIR}/${PN}-4.11-missing-debug-extra.patch"
151 - sed -i -e 's:/usr/local/squid/etc:/etc/squid:' \
152 - INSTALL QUICKSTART \
153 - scripts/fileno-to-pathname.pl \
154 - scripts/check_cache.pl \
155 - tools/cachemgr.cgi.8 \
156 - tools/purge/conffile.hh \
157 - tools/purge/purge.1 || die
158 - sed -i -e 's:/usr/local/squid/sbin:/usr/sbin:' \
159 - INSTALL QUICKSTART || die
160 - sed -i -e 's:/usr/local/squid/var/cache:/var/cache/squid:' \
161 - QUICKSTART || die
162 - sed -i -e 's:/usr/local/squid/var/logs:/var/log/squid:' \
163 - QUICKSTART \
164 - src/log/access_log.cc || die
165 - sed -i -e 's:/usr/local/squid/logs:/var/log/squid:' \
166 - src/log/access_log.cc || die
167 - sed -i -e 's:/usr/local/squid/libexec:/usr/libexec/squid:' \
168 - src/acl/external/unix_group/ext_unix_group_acl.8 \
169 - src/acl/external/session/ext_session_acl.8 || die
170 - sed -i -e 's:/usr/local/squid/cache:/var/cache/squid:' \
171 - scripts/check_cache.pl || die
172 - # /var/run/squid to /run/squid
173 - sed -i -e 's:$(localstatedir)::' \
174 - src/ipc/Makefile.am || die
175 - sed -i -e 's:_LTDL_SETUP:LTDL_INIT([installable]):' \
176 - libltdl/configure.ac || die
177 -
178 - eapply_user
179 - eautoreconf
180 -}
181 -
182 -src_configure() {
183 - local basic_modules="NCSA,POP3,getpwnam"
184 - use samba && basic_modules+=",SMB"
185 - use ldap && basic_modules+=",SMB_LM,LDAP"
186 - use pam && basic_modules+=",PAM"
187 - use sasl && basic_modules+=",SASL"
188 - use nis && ! use elibc_uclibc && basic_modules+=",NIS"
189 - use radius && basic_modules+=",RADIUS"
190 - if use mysql || use postgres || use sqlite ; then
191 - basic_modules+=",DB"
192 - fi
193 -
194 - local digest_modules="file"
195 - use ldap && digest_modules+=",LDAP,eDirectory"
196 -
197 - local negotiate_modules="none"
198 - local myconf="--without-mit-krb5 --without-heimdal-krb5"
199 - if use kerberos ; then
200 - negotiate_modules="kerberos,wrapper"
201 - if has_version app-crypt/heimdal ; then
202 - myconf="--without-mit-krb5 --with-heimdal-krb5"
203 - else
204 - myconf="--with-mit-krb5 --without-heimdal-krb5"
205 - fi
206 - fi
207 -
208 - local ntlm_modules="none"
209 - use samba && ntlm_modules="SMB_LM"
210 -
211 - local ext_helpers="file_userip,session,unix_group,delayer,time_quota"
212 - use samba && ext_helpers+=",wbinfo_group"
213 - use ldap && ext_helpers+=",LDAP_group,eDirectory_userip"
214 - use ldap && use kerberos && ext_helpers+=",kerberos_ldap_group"
215 - if use mysql || use postgres || use sqlite ; then
216 - ext_helpers+=",SQL_session"
217 - fi
218 -
219 - local storeio_modules="aufs,diskd,rock,ufs"
220 -
221 - local transparent
222 - if use kernel_linux ; then
223 - transparent+=" --enable-linux-netfilter"
224 - use qos && transparent+=" --enable-zph-qos --with-netfilter-conntrack"
225 - fi
226 -
227 - if use kernel_FreeBSD || use kernel_OpenBSD || use kernel_NetBSD ; then
228 - transparent+=" $(use_enable kqueue)"
229 - if use pf-transparent; then
230 - transparent+=" --enable-pf-transparent"
231 - elif use ipf-transparent; then
232 - transparent+=" --enable-ipf-transparent"
233 - fi
234 - fi
235 -
236 - tc-export_build_env BUILD_CXX
237 - export BUILDCXX=${BUILD_CXX}
238 - export BUILDCXXFLAGS=${BUILD_CXXFLAGS}
239 - tc-export CC AR
240 -
241 - # Should be able to drop this workaround with newer versions.
242 - # https://bugs.squid-cache.org/show_bug.cgi?id=4224
243 - tc-is-cross-compiler && export squid_cv_gnu_atomics=no
244 -
245 - # Bug #719662
246 - (use ppc || use arm || use hppa) && append-libs -latomic
247 -
248 - econf \
249 - --sysconfdir=/etc/squid \
250 - --libexecdir=/usr/libexec/squid \
251 - --localstatedir=/var \
252 - --with-pidfile=/run/squid.pid \
253 - --datadir=/usr/share/squid \
254 - --with-logdir=/var/log/squid \
255 - --with-default-user=squid \
256 - --enable-removal-policies="lru,heap" \
257 - --enable-storeio="${storeio_modules}" \
258 - --enable-disk-io \
259 - --enable-auth-basic="${basic_modules}" \
260 - --enable-auth-digest="${digest_modules}" \
261 - --enable-auth-ntlm="${ntlm_modules}" \
262 - --enable-auth-negotiate="${negotiate_modules}" \
263 - --enable-external-acl-helpers="${ext_helpers}" \
264 - --enable-log-daemon-helpers \
265 - --enable-url-rewrite-helpers \
266 - --enable-cache-digests \
267 - --enable-delay-pools \
268 - --enable-eui \
269 - --enable-icmp \
270 - --enable-follow-x-forwarded-for \
271 - --with-large-files \
272 - --with-build-environment=default \
273 - --disable-strict-error-checking \
274 - --disable-arch-native \
275 - --with-included-ltdl=/usr/include \
276 - --with-ltdl-libdir=/usr/$(get_libdir) \
277 - $(use_with caps libcap) \
278 - $(use_enable ipv6) \
279 - $(use_enable snmp) \
280 - $(use_with ssl openssl) \
281 - $(use_with ssl nettle) \
282 - $(use_with gnutls) \
283 - $(use_enable ssl-crtd) \
284 - $(use_enable ecap) \
285 - $(use_enable esi) \
286 - $(use_enable htcp) \
287 - $(use_enable wccp) \
288 - $(use_enable wccpv2) \
289 - ${transparent} \
290 - ${myconf}
291 -}
292 -
293 -src_install() {
294 - default
295 -
296 - # need suid root for looking into /etc/shadow
297 - fowners root:squid /usr/libexec/squid/basic_ncsa_auth
298 - fperms 4750 /usr/libexec/squid/basic_ncsa_auth
299 - if use pam; then
300 - fowners root:squid /usr/libexec/squid/basic_pam_auth
301 - fperms 4750 /usr/libexec/squid/basic_pam_auth
302 - fi
303 - # pinger needs suid as well
304 - fowners root:squid /usr/libexec/squid/pinger
305 - fperms 4750 /usr/libexec/squid/pinger
306 -
307 - # these scripts depend on perl
308 - if ! use perl; then
309 - for f in basic_pop3_auth \
310 - ext_delayer_acl \
311 - helper-mux \
312 - log_db_daemon \
313 - security_fake_certverify \
314 - storeid_file_rewrite \
315 - url_lfs_rewrite; do
316 - rm "${D}"/usr/libexec/squid/${f} || die
317 - done
318 - fi
319 -
320 - # cleanup
321 - rm -r "${D}"/run "${D}"/var/cache || die
322 -
323 - dodoc CONTRIBUTORS CREDITS ChangeLog INSTALL QUICKSTART README SPONSORS doc/*.txt
324 - newdoc src/auth/negotiate/kerberos/README README.kerberos
325 - newdoc src/auth/basic/RADIUS/README README.RADIUS
326 - newdoc src/acl/external/kerberos_ldap_group/README README.kerberos_ldap_group
327 - dodoc RELEASENOTES.html
328 -
329 - newpamd "${FILESDIR}/squid.pam" squid
330 - newconfd "${FILESDIR}/squid.confd-r2" squid
331 - newinitd "${FILESDIR}/squid.initd-r5" squid
332 - if use logrotate; then
333 - insinto /etc/logrotate.d
334 - newins "${FILESDIR}/squid.logrotate" squid
335 - else
336 - exeinto /etc/cron.weekly
337 - newexe "${FILESDIR}/squid.cron" squid.cron
338 - fi
339 -
340 - diropts -m0750 -o squid -g squid
341 - keepdir /var/log/squid /etc/ssl/squid /var/lib/squid
342 -}
343 -
344 -pkg_postinst() {
345 - elog "A good starting point to debug Squid issues is to use 'squidclient mgr:' commands such as 'squidclient mgr:info'."
346 - if [ ${#r} -gt 0 ]; then
347 - elog "You are using a release with the official ${r} patch! Make sure you mention that, or send the output of 'squidclient mgr:info' when asking for support."
348 - fi
349 -}
Report Message
Find on MARC Find on Google Groups