1 |
commit: 31f3301b77f82cb456811519b87a007f384385f2 |
2 |
Author: Tomáš Mózes <hydrapolic <AT> gmail <DOT> com> |
3 |
AuthorDate: Tue Dec 28 22:18:36 2021 +0000 |
4 |
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Feb 19 10:32:06 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31f3301b |
7 |
|
8 |
net-proxy/squid: bump to 5.4.1 |
9 |
|
10 |
Closes: https://bugs.gentoo.org/814539 |
11 |
Signed-off-by: Tomáš Mózes <hydrapolic <AT> gmail.com> |
12 |
Closes: https://github.com/gentoo/gentoo/pull/23555 |
13 |
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org> |
14 |
|
15 |
net-proxy/squid/Manifest | 1 + |
16 |
net-proxy/squid/files/squid-5.3-gentoo.patch | 87 +++++++++ |
17 |
net-proxy/squid/squid-5.4.1.ebuild | 282 +++++++++++++++++++++++++++ |
18 |
3 files changed, 370 insertions(+) |
19 |
|
20 |
diff --git a/net-proxy/squid/Manifest b/net-proxy/squid/Manifest |
21 |
index 28a4987d88cb..d23055634c98 100644 |
22 |
--- a/net-proxy/squid/Manifest |
23 |
+++ b/net-proxy/squid/Manifest |
24 |
@@ -1,2 +1,3 @@ |
25 |
DIST squid-4.15.tar.xz 2454176 BLAKE2B 3cb08c806f03fcddd7233b05986434d2be3e62a50d006eb3f84bbc5b894ee3641929551d00a1800d6676add62f967067ec62b5b7c41d767766eeab5dfc17980e SHA512 8f0ce6e30dd9173927e8133618211ffb865fb5dde4c63c2fb465e2efccda4a6efb33f2c0846870c9b915340aff5f59461a60171882bcc0c890336b846fe60bd1 |
26 |
DIST squid-4.17.tar.xz 2464204 BLAKE2B e227dfbac846dff66f04c6c72d81d667076107653721d14804f079518cef68efc53f5404fbe3306efb0c775a10638661c300a8e7cd3d7ab43c0e57a344387674 SHA512 cea36de10f128f5beb51bdc89604c16af3a820a5ac27284b2aa181ac87144930489688e1d85ce357fe1ed8a4e96e300277b95034a2475cbf86c9d6923ddf7c0a |
27 |
+DIST squid-5.4.1.tar.xz 2561444 BLAKE2B 3281f592c342b59a1017f4c0829543c857d61c4d1e191461f6e69bda2dc61ff59d5b92a04744dcebb75bd1b5d85c214c1f0bea78a791033a50f29891b6995fb8 SHA512 d53e64e8c44cfc978307f3965c52889d238121735fd201a8286139f974d5db9af41fe886d64e57dfacc87b777f5940cd6123a6e178d12530117cace945a9f6c1 |
28 |
|
29 |
diff --git a/net-proxy/squid/files/squid-5.3-gentoo.patch b/net-proxy/squid/files/squid-5.3-gentoo.patch |
30 |
new file mode 100644 |
31 |
index 000000000000..54c036e14e50 |
32 |
--- /dev/null |
33 |
+++ b/net-proxy/squid/files/squid-5.3-gentoo.patch |
34 |
@@ -0,0 +1,87 @@ |
35 |
+diff --git a/configure.ac b/configure.ac |
36 |
+index 7bd608b..0a0a908 100644 |
37 |
+--- a/configure.ac |
38 |
++++ b/configure.ac |
39 |
+@@ -33,9 +33,9 @@ PRESET_CXXFLAGS="$CXXFLAGS" |
40 |
+ PRESET_LDFLAGS="$LDFLAGS" |
41 |
+ |
42 |
+ dnl Set default LDFLAGS |
43 |
+-if test "x$LDFLAGS" = "x" ; then |
44 |
+- LDFLAGS="-g" |
45 |
+-fi |
46 |
++dnl if test "x$LDFLAGS" = "x" ; then |
47 |
++dnl LDFLAGS="-g" |
48 |
++dnl fi |
49 |
+ |
50 |
+ # Check for GNU cc |
51 |
+ AC_PROG_CC |
52 |
+diff --git a/src/cf.data.pre b/src/cf.data.pre |
53 |
+index 9275219..1e3aca2 100644 |
54 |
+--- a/src/cf.data.pre |
55 |
++++ b/src/cf.data.pre |
56 |
+@@ -1633,6 +1633,7 @@ acl Safe_ports port 280 # http-mgmt |
57 |
+ acl Safe_ports port 488 # gss-http |
58 |
+ acl Safe_ports port 591 # filemaker |
59 |
+ acl Safe_ports port 777 # multiling http |
60 |
++acl Safe_ports port 901 # SWAT |
61 |
+ NOCOMMENT_END |
62 |
+ DOC_END |
63 |
+ |
64 |
+@@ -7200,11 +7201,11 @@ COMMENT_END |
65 |
+ |
66 |
+ NAME: cache_mgr |
67 |
+ TYPE: string |
68 |
+-DEFAULT: webmaster |
69 |
++DEFAULT: root |
70 |
+ LOC: Config.adminEmail |
71 |
+ DOC_START |
72 |
+ Email-address of local cache manager who will receive |
73 |
+- mail if the cache dies. The default is "webmaster". |
74 |
++ mail if the cache dies. The default is "root". |
75 |
+ DOC_END |
76 |
+ |
77 |
+ NAME: mail_from |
78 |
+diff --git a/src/debug.cc b/src/debug.cc |
79 |
+index 59ad1e9..265a9fe 100644 |
80 |
+--- a/src/debug.cc |
81 |
++++ b/src/debug.cc |
82 |
+@@ -496,7 +496,7 @@ _db_init(const char *logfile, const char *options) |
83 |
+ #if HAVE_SYSLOG && defined(LOG_LOCAL4) |
84 |
+ |
85 |
+ if (Debug::log_syslog) |
86 |
+- openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, syslog_facility); |
87 |
++ openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, syslog_facility); |
88 |
+ |
89 |
+ #endif /* HAVE_SYSLOG */ |
90 |
+ |
91 |
+diff --git a/src/main.cc b/src/main.cc |
92 |
+index 4b3988e..5622141 100644 |
93 |
+--- a/src/main.cc |
94 |
++++ b/src/main.cc |
95 |
+@@ -1921,7 +1921,7 @@ watch_child(const CommandLine &masterCommand) |
96 |
+ |
97 |
+ enter_suid(); |
98 |
+ |
99 |
+- openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); |
100 |
++ openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, LOG_LOCAL4); |
101 |
+ |
102 |
+ if (!opt_foreground) |
103 |
+ GoIntoBackground(); |
104 |
+@@ -2013,7 +2013,7 @@ watch_child(const CommandLine &masterCommand) |
105 |
+ |
106 |
+ if ((pid = fork()) == 0) { |
107 |
+ /* child */ |
108 |
+- openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); |
109 |
++ openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, LOG_LOCAL4); |
110 |
+ (void)execvp(masterCommand.arg0(), kidCommand.argv()); |
111 |
+ int xerrno = errno; |
112 |
+ syslog(LOG_ALERT, "execvp failed: %s", xstrerr(xerrno)); |
113 |
+@@ -2025,7 +2025,7 @@ watch_child(const CommandLine &masterCommand) |
114 |
+ } |
115 |
+ |
116 |
+ /* parent */ |
117 |
+- openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); |
118 |
++ openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, LOG_LOCAL4); |
119 |
+ |
120 |
+ // If Squid received a signal while checking for dying kids (below) or |
121 |
+ // starting new kids (above), then do a fast check for a new dying kid |
122 |
|
123 |
diff --git a/net-proxy/squid/squid-5.4.1.ebuild b/net-proxy/squid/squid-5.4.1.ebuild |
124 |
new file mode 100644 |
125 |
index 000000000000..ecbe3c93599e |
126 |
--- /dev/null |
127 |
+++ b/net-proxy/squid/squid-5.4.1.ebuild |
128 |
@@ -0,0 +1,282 @@ |
129 |
+# Copyright 1999-2022 Gentoo Authors |
130 |
+# Distributed under the terms of the GNU General Public License v2 |
131 |
+ |
132 |
+EAPI="8" |
133 |
+ |
134 |
+inherit autotools flag-o-matic linux-info pam systemd toolchain-funcs |
135 |
+ |
136 |
+DESCRIPTION="A full-featured web proxy cache" |
137 |
+HOMEPAGE="http://www.squid-cache.org/" |
138 |
+ |
139 |
+MY_PV_MAJOR=$(ver_cut 1) |
140 |
+# Upstream patch ID for the most recent bug-fixed update to the formal release. |
141 |
+r= |
142 |
+#r=-20181117-r0022167 |
143 |
+if [ -z "$r" ]; then |
144 |
+ SRC_URI="http://www.squid-cache.org/Versions/v${MY_PV_MAJOR}/${P}.tar.xz" |
145 |
+else |
146 |
+ SRC_URI="http://www.squid-cache.org/Versions/v${MY_PV_MAJOR}/${P}${r}.tar.bz2" |
147 |
+ S="${S}${r}" |
148 |
+fi |
149 |
+ |
150 |
+LICENSE="GPL-2" |
151 |
+SLOT="0" |
152 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" |
153 |
+IUSE="caps gnutls ipv6 pam ldap samba sasl kerberos nis radius ssl snmp selinux logrotate test \ |
154 |
+ ecap esi ssl-crtd \ |
155 |
+ mysql postgres sqlite systemd \ |
156 |
+ perl qos tproxy \ |
157 |
+ +htcp +wccp +wccpv2" |
158 |
+ |
159 |
+RESTRICT="!test? ( test )" |
160 |
+ |
161 |
+BDEPEND="dev-lang/perl" |
162 |
+ |
163 |
+COMMON_DEPEND="acct-group/squid |
164 |
+ acct-user/squid |
165 |
+ virtual/libcrypt:= |
166 |
+ caps? ( >=sys-libs/libcap-2.16 ) |
167 |
+ pam? ( sys-libs/pam ) |
168 |
+ ldap? ( net-nds/openldap ) |
169 |
+ kerberos? ( virtual/krb5 ) |
170 |
+ qos? ( net-libs/libnetfilter_conntrack ) |
171 |
+ ssl? ( |
172 |
+ !gnutls? ( |
173 |
+ dev-libs/openssl:0= |
174 |
+ ) |
175 |
+ dev-libs/nettle:= |
176 |
+ ) |
177 |
+ sasl? ( dev-libs/cyrus-sasl ) |
178 |
+ systemd? ( sys-apps/systemd:= ) |
179 |
+ ecap? ( net-libs/libecap:1 ) |
180 |
+ esi? ( dev-libs/expat dev-libs/libxml2 ) |
181 |
+ gnutls? ( >=net-libs/gnutls-3.1.5:= ) |
182 |
+ logrotate? ( app-admin/logrotate ) |
183 |
+ >=sys-libs/db-4:* |
184 |
+ dev-libs/libltdl:0" |
185 |
+ |
186 |
+DEPEND="${COMMON_DEPEND} |
187 |
+ ${BDEPEND} |
188 |
+ ecap? ( virtual/pkgconfig ) |
189 |
+ test? ( dev-util/cppunit )" |
190 |
+ |
191 |
+RDEPEND="!!<net-proxy/squid-5 |
192 |
+ ${COMMON_DEPEND} |
193 |
+ samba? ( net-fs/samba ) |
194 |
+ perl? ( dev-lang/perl ) |
195 |
+ mysql? ( dev-perl/DBD-mysql ) |
196 |
+ postgres? ( dev-perl/DBD-Pg ) |
197 |
+ selinux? ( sec-policy/selinux-squid ) |
198 |
+ sqlite? ( dev-perl/DBD-SQLite )" |
199 |
+ |
200 |
+REQUIRED_USE="tproxy? ( caps ) |
201 |
+ qos? ( caps )" |
202 |
+ |
203 |
+pkg_pretend() { |
204 |
+ if use tproxy; then |
205 |
+ local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_XT_MATCH_SOCKET ~NETFILTER_XT_TARGET_TPROXY" |
206 |
+ linux-info_pkg_setup |
207 |
+ fi |
208 |
+} |
209 |
+ |
210 |
+src_prepare() { |
211 |
+ eapply "${FILESDIR}/${PN}-5.3-gentoo.patch" |
212 |
+ |
213 |
+ sed -i -e 's:/usr/local/squid/etc:/etc/squid:' \ |
214 |
+ INSTALL QUICKSTART \ |
215 |
+ scripts/fileno-to-pathname.pl \ |
216 |
+ scripts/check_cache.pl \ |
217 |
+ tools/cachemgr.cgi.8 \ |
218 |
+ tools/purge/conffile.hh \ |
219 |
+ tools/purge/purge.1 || die |
220 |
+ sed -i -e 's:/usr/local/squid/sbin:/usr/sbin:' \ |
221 |
+ INSTALL QUICKSTART || die |
222 |
+ sed -i -e 's:/usr/local/squid/var/cache:/var/cache/squid:' \ |
223 |
+ QUICKSTART || die |
224 |
+ sed -i -e 's:/usr/local/squid/var/logs:/var/log/squid:' \ |
225 |
+ QUICKSTART \ |
226 |
+ src/log/access_log.cc || die |
227 |
+ sed -i -e 's:/usr/local/squid/logs:/var/log/squid:' \ |
228 |
+ src/log/access_log.cc || die |
229 |
+ sed -i -e 's:/usr/local/squid/libexec:/usr/libexec/squid:' \ |
230 |
+ src/acl/external/unix_group/ext_unix_group_acl.8 \ |
231 |
+ src/acl/external/session/ext_session_acl.8 || die |
232 |
+ sed -i -e 's:/usr/local/squid/cache:/var/cache/squid:' \ |
233 |
+ scripts/check_cache.pl || die |
234 |
+ # /var/run/squid to /run/squid |
235 |
+ sed -i -e 's:$(localstatedir)::' \ |
236 |
+ src/ipc/Makefile.am || die |
237 |
+ sed -i -e 's:_LTDL_SETUP:LTDL_INIT([installable]):' \ |
238 |
+ libltdl/configure.ac || die |
239 |
+ |
240 |
+ sed -i 's:/var/run/:/run/:g' tools/systemd/squid.service || die |
241 |
+ |
242 |
+ eapply_user |
243 |
+ eautoreconf |
244 |
+} |
245 |
+ |
246 |
+src_configure() { |
247 |
+ local basic_modules="NCSA,POP3,getpwnam" |
248 |
+ use samba && basic_modules+=",SMB" |
249 |
+ use ldap && basic_modules+=",SMB_LM,LDAP" |
250 |
+ use pam && basic_modules+=",PAM" |
251 |
+ use sasl && basic_modules+=",SASL" |
252 |
+ use nis && basic_modules+=",NIS" |
253 |
+ use radius && basic_modules+=",RADIUS" |
254 |
+ if use mysql || use postgres || use sqlite ; then |
255 |
+ basic_modules+=",DB" |
256 |
+ fi |
257 |
+ |
258 |
+ local digest_modules="file" |
259 |
+ use ldap && digest_modules+=",LDAP,eDirectory" |
260 |
+ |
261 |
+ local negotiate_modules="none" |
262 |
+ local myconf="--without-mit-krb5 --without-heimdal-krb5" |
263 |
+ if use kerberos ; then |
264 |
+ negotiate_modules="kerberos,wrapper" |
265 |
+ if has_version app-crypt/heimdal ; then |
266 |
+ myconf="--without-mit-krb5 --with-heimdal-krb5" |
267 |
+ else |
268 |
+ myconf="--with-mit-krb5 --without-heimdal-krb5" |
269 |
+ fi |
270 |
+ fi |
271 |
+ |
272 |
+ local ntlm_modules="none" |
273 |
+ use samba && ntlm_modules="SMB_LM" |
274 |
+ |
275 |
+ local ext_helpers="file_userip,session,unix_group,delayer,time_quota" |
276 |
+ use samba && ext_helpers+=",wbinfo_group" |
277 |
+ use ldap && ext_helpers+=",LDAP_group,eDirectory_userip" |
278 |
+ use ldap && use kerberos && ext_helpers+=",kerberos_ldap_group" |
279 |
+ if use mysql || use postgres || use sqlite ; then |
280 |
+ ext_helpers+=",SQL_session" |
281 |
+ fi |
282 |
+ |
283 |
+ local storeio_modules="aufs,diskd,rock,ufs" |
284 |
+ |
285 |
+ local transparent |
286 |
+ if use kernel_linux ; then |
287 |
+ transparent+=" --enable-linux-netfilter" |
288 |
+ use qos && transparent+=" --enable-zph-qos --with-netfilter-conntrack" |
289 |
+ fi |
290 |
+ |
291 |
+ tc-export_build_env BUILD_CXX |
292 |
+ export BUILDCXX=${BUILD_CXX} |
293 |
+ export BUILDCXXFLAGS=${BUILD_CXXFLAGS} |
294 |
+ tc-export CC AR |
295 |
+ |
296 |
+ # Should be able to drop this workaround with newer versions. |
297 |
+ # https://bugs.squid-cache.org/show_bug.cgi?id=4224 |
298 |
+ tc-is-cross-compiler && export squid_cv_gnu_atomics=no |
299 |
+ |
300 |
+ # Bug #719662 |
301 |
+ (use ppc || use arm || use hppa) && append-libs -latomic |
302 |
+ |
303 |
+ econf \ |
304 |
+ --sysconfdir=/etc/squid \ |
305 |
+ --libexecdir=/usr/libexec/squid \ |
306 |
+ --localstatedir=/var \ |
307 |
+ --with-pidfile=/run/squid.pid \ |
308 |
+ --datadir=/usr/share/squid \ |
309 |
+ --with-logdir=/var/log/squid \ |
310 |
+ --with-default-user=squid \ |
311 |
+ --enable-removal-policies="lru,heap" \ |
312 |
+ --enable-storeio="${storeio_modules}" \ |
313 |
+ --enable-disk-io \ |
314 |
+ --enable-auth-basic="${basic_modules}" \ |
315 |
+ --enable-auth-digest="${digest_modules}" \ |
316 |
+ --enable-auth-ntlm="${ntlm_modules}" \ |
317 |
+ --enable-auth-negotiate="${negotiate_modules}" \ |
318 |
+ --enable-external-acl-helpers="${ext_helpers}" \ |
319 |
+ --enable-log-daemon-helpers \ |
320 |
+ --enable-url-rewrite-helpers \ |
321 |
+ --enable-cache-digests \ |
322 |
+ --enable-delay-pools \ |
323 |
+ --enable-eui \ |
324 |
+ --enable-icmp \ |
325 |
+ --enable-follow-x-forwarded-for \ |
326 |
+ --with-large-files \ |
327 |
+ --with-build-environment=default \ |
328 |
+ --disable-strict-error-checking \ |
329 |
+ --disable-arch-native \ |
330 |
+ --with-included-ltdl=/usr/include \ |
331 |
+ --with-ltdl-libdir=/usr/$(get_libdir) \ |
332 |
+ $(use_with caps libcap) \ |
333 |
+ $(use_enable ipv6) \ |
334 |
+ $(use_enable snmp) \ |
335 |
+ $(use_with ssl openssl) \ |
336 |
+ $(use_with ssl nettle) \ |
337 |
+ $(use_with gnutls) \ |
338 |
+ $(use_enable ssl-crtd) \ |
339 |
+ $(use_with systemd) \ |
340 |
+ $(use_enable ecap) \ |
341 |
+ $(use_enable esi) \ |
342 |
+ $(use_enable htcp) \ |
343 |
+ $(use_enable wccp) \ |
344 |
+ $(use_enable wccpv2) \ |
345 |
+ ${transparent} \ |
346 |
+ ${myconf} |
347 |
+} |
348 |
+ |
349 |
+src_install() { |
350 |
+ default |
351 |
+ |
352 |
+ systemd_dounit "tools/systemd/squid.service" |
353 |
+ |
354 |
+ # need suid root for looking into /etc/shadow |
355 |
+ fowners root:squid /usr/libexec/squid/basic_ncsa_auth |
356 |
+ fperms 4750 /usr/libexec/squid/basic_ncsa_auth |
357 |
+ if use pam; then |
358 |
+ fowners root:squid /usr/libexec/squid/basic_pam_auth |
359 |
+ fperms 4750 /usr/libexec/squid/basic_pam_auth |
360 |
+ fi |
361 |
+ # pinger needs suid as well |
362 |
+ fowners root:squid /usr/libexec/squid/pinger |
363 |
+ fperms 4750 /usr/libexec/squid/pinger |
364 |
+ |
365 |
+ # these scripts depend on perl |
366 |
+ if ! use perl; then |
367 |
+ for f in basic_pop3_auth \ |
368 |
+ ext_delayer_acl \ |
369 |
+ helper-mux \ |
370 |
+ log_db_daemon \ |
371 |
+ security_fake_certverify \ |
372 |
+ storeid_file_rewrite \ |
373 |
+ url_lfs_rewrite; do |
374 |
+ rm "${D}"/usr/libexec/squid/${f} || die |
375 |
+ done |
376 |
+ fi |
377 |
+ |
378 |
+ # cleanup |
379 |
+ rm -r "${D}"/run "${D}"/var/cache || die |
380 |
+ |
381 |
+ dodoc CONTRIBUTORS CREDITS ChangeLog INSTALL QUICKSTART README SPONSORS doc/*.txt |
382 |
+ newdoc src/auth/negotiate/kerberos/README README.kerberos |
383 |
+ newdoc src/auth/basic/RADIUS/README README.RADIUS |
384 |
+ newdoc src/acl/external/kerberos_ldap_group/README README.kerberos_ldap_group |
385 |
+ dodoc RELEASENOTES.html |
386 |
+ |
387 |
+ if use pam; then |
388 |
+ newpamd "${FILESDIR}/squid.pam" squid |
389 |
+ fi |
390 |
+ |
391 |
+ newconfd "${FILESDIR}/squid.confd-r2" squid |
392 |
+ newinitd "${FILESDIR}/squid.initd-r5" squid |
393 |
+ if use logrotate; then |
394 |
+ insinto /etc/logrotate.d |
395 |
+ newins "${FILESDIR}/squid.logrotate" squid |
396 |
+ else |
397 |
+ exeinto /etc/cron.weekly |
398 |
+ newexe "${FILESDIR}/squid.cron" squid.cron |
399 |
+ fi |
400 |
+ |
401 |
+ diropts -m0750 -o squid -g squid |
402 |
+ keepdir /var/log/squid /etc/ssl/squid /var/lib/squid |
403 |
+} |
404 |
+ |
405 |
+pkg_postinst() { |
406 |
+ elog "A good starting point to debug Squid issues is to use 'squidclient mgr:' commands such as 'squidclient mgr:info'." |
407 |
+ if [ ${#r} -gt 0 ]; then |
408 |
+ elog "You are using a release with the official ${r} patch! Make sure you mention that, or send the output of 'squidclient mgr:info' when asking for support." |
409 |
+ fi |
410 |
+} |