1 |
commit: 44372f66bf64de1e1ec92b99b5ba6f8953855e69 |
2 |
Author: Eray Aslan <eras <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Aug 29 06:05:04 2018 +0000 |
4 |
Commit: Eray Aslan <eras <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Aug 29 06:05:04 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=44372f66 |
7 |
|
8 |
net-proxy/squid: security bump to 3.5.28 |
9 |
|
10 |
Package-Manager: Portage-2.3.48, Repoman-2.3.10 |
11 |
|
12 |
net-proxy/squid/Manifest | 1 + |
13 |
net-proxy/squid/squid-3.5.28.ebuild | 267 ++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 268 insertions(+) |
15 |
|
16 |
diff --git a/net-proxy/squid/Manifest b/net-proxy/squid/Manifest |
17 |
index a3a041afc37..217180128c0 100644 |
18 |
--- a/net-proxy/squid/Manifest |
19 |
+++ b/net-proxy/squid/Manifest |
20 |
@@ -1 +1,2 @@ |
21 |
DIST squid-3.5.27.tar.xz 2303468 BLAKE2B 448dbb703469bdd38a0e88da8e473510e9652fc7c7ae2e48bf687a4c2e1698f3baa92c212631fd3734ee51bead89980d31af58d64654418a7c4c4a16e1be751e SHA512 4172a053c3b7ffe7a12dfb3febac96942d0fbbe7e98e3f797f22cd75b0a3a89cbbfe7260b5daad099e79d5e9303bb5dfbfee7499cb30a90590aa1bd242ff4817 |
22 |
+DIST squid-3.5.28.tar.xz 2304680 BLAKE2B 9b41a191210ea441ebd2847e9dc2cfacf3ba9fa8ceb81513b4cb449b13f7e81d28e3f3c9c46003db6d3d8a936fbd2275e42e18c23bd9d7667b9bd6890a1627a8 SHA512 da8367d364725c7fd6330e7588b0ff70d32978a17ca0bc5fe58fa6d12c9d2adb42ade0a492c835761bc7fd67c1a55300b4b7402ad939cf2a2aa5104233bbb74b |
23 |
|
24 |
diff --git a/net-proxy/squid/squid-3.5.28.ebuild b/net-proxy/squid/squid-3.5.28.ebuild |
25 |
new file mode 100644 |
26 |
index 00000000000..c0af6b07ce1 |
27 |
--- /dev/null |
28 |
+++ b/net-proxy/squid/squid-3.5.28.ebuild |
29 |
@@ -0,0 +1,267 @@ |
30 |
+# Copyright 1999-2018 Gentoo Foundation |
31 |
+# Distributed under the terms of the GNU General Public License v2 |
32 |
+ |
33 |
+EAPI=7 |
34 |
+inherit autotools linux-info pam toolchain-funcs user |
35 |
+ |
36 |
+DESCRIPTION="A full-featured web proxy cache" |
37 |
+HOMEPAGE="http://www.squid-cache.org/" |
38 |
+SRC_URI="http://www.squid-cache.org/Versions/v3/3.5/${P}.tar.xz" |
39 |
+ |
40 |
+LICENSE="GPL-2" |
41 |
+SLOT="0" |
42 |
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" |
43 |
+IUSE="caps ipv6 pam ldap libressl samba sasl kerberos nis radius ssl snmp selinux logrotate test \ |
44 |
+ ecap esi ssl-crtd \ |
45 |
+ mysql postgres sqlite \ |
46 |
+ perl qos tproxy \ |
47 |
+ +htcp +wccp +wccpv2 \ |
48 |
+ pf-transparent ipf-transparent kqueue \ |
49 |
+ elibc_uclibc kernel_linux" |
50 |
+ |
51 |
+COMMON_DEPEND="caps? ( >=sys-libs/libcap-2.16 ) |
52 |
+ pam? ( virtual/pam ) |
53 |
+ ldap? ( net-nds/openldap ) |
54 |
+ kerberos? ( virtual/krb5 ) |
55 |
+ qos? ( net-libs/libnetfilter_conntrack ) |
56 |
+ ssl? ( |
57 |
+ libressl? ( dev-libs/libressl:0 ) |
58 |
+ !libressl? ( dev-libs/openssl:0 ) |
59 |
+ dev-libs/nettle >=net-libs/gnutls-3.1.5 ) |
60 |
+ sasl? ( dev-libs/cyrus-sasl ) |
61 |
+ ecap? ( net-libs/libecap:1 ) |
62 |
+ esi? ( dev-libs/expat dev-libs/libxml2 ) |
63 |
+ !x86-fbsd? ( logrotate? ( app-admin/logrotate ) ) |
64 |
+ >=sys-libs/db-4:* |
65 |
+ dev-libs/libltdl:0" |
66 |
+DEPEND="${COMMON_DEPEND} |
67 |
+ dev-lang/perl |
68 |
+ ecap? ( virtual/pkgconfig ) |
69 |
+ test? ( dev-util/cppunit )" |
70 |
+RDEPEND="${COMMON_DEPEND} |
71 |
+ samba? ( net-fs/samba ) |
72 |
+ perl? ( dev-lang/perl ) |
73 |
+ mysql? ( dev-perl/DBD-mysql ) |
74 |
+ postgres? ( dev-perl/DBD-Pg ) |
75 |
+ selinux? ( sec-policy/selinux-squid ) |
76 |
+ sqlite? ( dev-perl/DBD-SQLite ) |
77 |
+ !<=sci-biology/meme-4.8.1-r1" |
78 |
+ |
79 |
+REQUIRED_USE="tproxy? ( caps ) |
80 |
+ qos? ( caps )" |
81 |
+ |
82 |
+pkg_pretend() { |
83 |
+ if use tproxy; then |
84 |
+ local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_XT_MATCH_SOCKET ~NETFILTER_XT_TARGET_TPROXY" |
85 |
+ linux-info_pkg_setup |
86 |
+ fi |
87 |
+} |
88 |
+ |
89 |
+pkg_setup() { |
90 |
+ enewgroup squid |
91 |
+ enewuser squid -1 -1 /var/cache/squid squid |
92 |
+} |
93 |
+ |
94 |
+src_prepare() { |
95 |
+ eapply "${FILESDIR}/${PN}-3.5.7-gentoo.patch" |
96 |
+ eapply -p0 "${FILESDIR}/${PN}-cppunit-1.14.patch" |
97 |
+ #eapply "${FILESDIR}/${PN}-2018-1.patch" |
98 |
+ #eapply "${FILESDIR}/${PN}-2018-2.patch" |
99 |
+ sed -i -e 's:/usr/local/squid/etc:/etc/squid:' \ |
100 |
+ INSTALL QUICKSTART \ |
101 |
+ scripts/fileno-to-pathname.pl \ |
102 |
+ scripts/check_cache.pl \ |
103 |
+ tools/cachemgr.cgi.8 \ |
104 |
+ tools/purge/conffile.hh \ |
105 |
+ tools/purge/README || die |
106 |
+ sed -i -e 's:/usr/local/squid/sbin:/usr/sbin:' \ |
107 |
+ INSTALL QUICKSTART || die |
108 |
+ sed -i -e 's:/usr/local/squid/var/cache:/var/cache/squid:' \ |
109 |
+ QUICKSTART || die |
110 |
+ sed -i -e 's:/usr/local/squid/var/logs:/var/log/squid:' \ |
111 |
+ QUICKSTART \ |
112 |
+ src/log/access_log.cc || die |
113 |
+ sed -i -e 's:/usr/local/squid/logs:/var/log/squid:' \ |
114 |
+ src/log/access_log.cc || die |
115 |
+ sed -i -e 's:/usr/local/squid/libexec:/usr/libexec/squid:' \ |
116 |
+ helpers/external_acl/unix_group/ext_unix_group_acl.8 \ |
117 |
+ helpers/external_acl/session/ext_session_acl.8 \ |
118 |
+ src/ssl/ssl_crtd.8 || die |
119 |
+ sed -i -e 's:/usr/local/squid/cache:/var/cache/squid:' \ |
120 |
+ scripts/check_cache.pl || die |
121 |
+ sed -i -e 's:/usr/local/squid/ssl_cert:/etc/ssl/squid:' \ |
122 |
+ src/ssl/ssl_crtd.8 || die |
123 |
+ sed -i -e 's:/usr/local/squid/var/lib/ssl_db:/var/lib/squid/ssl_db:' \ |
124 |
+ src/ssl/ssl_crtd.8 || die |
125 |
+ sed -i -e 's:/var/lib/ssl_db:/var/lib/squid/ssl_db:' \ |
126 |
+ src/ssl/ssl_crtd.8 || die |
127 |
+ # /var/run/squid to /run/squid |
128 |
+ sed -i -e 's:$(localstatedir)::' \ |
129 |
+ src/ipc/Makefile.am || die |
130 |
+ sed -i -e 's:_LTDL_SETUP:LTDL_INIT([installable]):' \ |
131 |
+ libltdl/configure.ac || die |
132 |
+ |
133 |
+ eapply_user |
134 |
+ eautoreconf |
135 |
+} |
136 |
+ |
137 |
+src_configure() { |
138 |
+ local basic_modules="MSNT-multi-domain,NCSA,POP3,getpwnam" |
139 |
+ use samba && basic_modules+=",SMB" |
140 |
+ use ldap && basic_modules+=",LDAP" |
141 |
+ use pam && basic_modules+=",PAM" |
142 |
+ use sasl && basic_modules+=",SASL" |
143 |
+ use nis && ! use elibc_uclibc && basic_modules+=",NIS" |
144 |
+ use radius && basic_modules+=",RADIUS" |
145 |
+ if use mysql || use postgres || use sqlite ; then |
146 |
+ basic_modules+=",DB" |
147 |
+ fi |
148 |
+ |
149 |
+ local digest_modules="file" |
150 |
+ use ldap && digest_modules+=",LDAP,eDirectory" |
151 |
+ |
152 |
+ local negotiate_modules="none" |
153 |
+ local myconf="--without-mit-krb5 --without-heimdal-krb5" |
154 |
+ if use kerberos ; then |
155 |
+ negotiate_modules="kerberos,wrapper" |
156 |
+ if has_version app-crypt/heimdal ; then |
157 |
+ myconf="--without-mit-krb5 --with-heimdal-krb5" |
158 |
+ else |
159 |
+ myconf="--with-mit-krb5 --without-heimdal-krb5" |
160 |
+ fi |
161 |
+ fi |
162 |
+ |
163 |
+ local ntlm_modules="none" |
164 |
+ use samba && ntlm_modules="smb_lm" |
165 |
+ |
166 |
+ local ext_helpers="file_userip,session,unix_group" |
167 |
+ use samba && ext_helpers+=",wbinfo_group" |
168 |
+ use ldap && ext_helpers+=",LDAP_group,eDirectory_userip" |
169 |
+ use ldap && use kerberos && ext_helpers+=",kerberos_ldap_group" |
170 |
+ |
171 |
+ local storeio_modules="aufs,diskd,rock,ufs" |
172 |
+ |
173 |
+ local transparent |
174 |
+ if use kernel_linux ; then |
175 |
+ transparent+=" --enable-linux-netfilter" |
176 |
+ use qos && transparent+=" --enable-zph-qos --with-netfilter-conntrack" |
177 |
+ fi |
178 |
+ |
179 |
+ if use kernel_FreeBSD || use kernel_OpenBSD || use kernel_NetBSD ; then |
180 |
+ transparent+=" $(use_enable kqueue)" |
181 |
+ if use pf-transparent; then |
182 |
+ transparent+=" --enable-pf-transparent" |
183 |
+ elif use ipf-transparent; then |
184 |
+ transparent+=" --enable-ipf-transparent" |
185 |
+ fi |
186 |
+ fi |
187 |
+ |
188 |
+ tc-export_build_env BUILD_CXX |
189 |
+ export BUILDCXX=${BUILD_CXX} |
190 |
+ export BUILDCXXFLAGS=${BUILD_CXXFLAGS} |
191 |
+ tc-export CC AR |
192 |
+ |
193 |
+ # Should be able to drop this workaround with newer versions. |
194 |
+ # https://bugs.squid-cache.org/show_bug.cgi?id=4224 |
195 |
+ tc-is-cross-compiler && export squid_cv_gnu_atomics=no |
196 |
+ |
197 |
+ econf \ |
198 |
+ --sysconfdir=/etc/squid \ |
199 |
+ --libexecdir=/usr/libexec/squid \ |
200 |
+ --localstatedir=/var \ |
201 |
+ --with-pidfile=/run/squid.pid \ |
202 |
+ --datadir=/usr/share/squid \ |
203 |
+ --with-logdir=/var/log/squid \ |
204 |
+ --with-default-user=squid \ |
205 |
+ --enable-removal-policies="lru,heap" \ |
206 |
+ --enable-storeio="${storeio_modules}" \ |
207 |
+ --enable-disk-io \ |
208 |
+ --enable-auth-basic="${basic_modules}" \ |
209 |
+ --enable-auth-digest="${digest_modules}" \ |
210 |
+ --enable-auth-ntlm="${ntlm_modules}" \ |
211 |
+ --enable-auth-negotiate="${negotiate_modules}" \ |
212 |
+ --enable-external-acl-helpers="${ext_helpers}" \ |
213 |
+ --enable-log-daemon-helpers \ |
214 |
+ --enable-url-rewrite-helpers \ |
215 |
+ --enable-cache-digests \ |
216 |
+ --enable-delay-pools \ |
217 |
+ --enable-eui \ |
218 |
+ --enable-icmp \ |
219 |
+ --enable-follow-x-forwarded-for \ |
220 |
+ --with-large-files \ |
221 |
+ --with-build-environment=default \ |
222 |
+ --disable-strict-error-checking \ |
223 |
+ --disable-arch-native \ |
224 |
+ --with-ltdl-includedir=/usr/include \ |
225 |
+ --with-ltdl-libdir=/usr/$(get_libdir) \ |
226 |
+ $(use_with caps libcap) \ |
227 |
+ $(use_enable ipv6) \ |
228 |
+ $(use_enable snmp) \ |
229 |
+ $(use_with ssl openssl) \ |
230 |
+ $(use_with ssl nettle) \ |
231 |
+ $(use_with ssl gnutls) \ |
232 |
+ $(use_enable ssl-crtd) \ |
233 |
+ $(use_enable ecap) \ |
234 |
+ $(use_enable esi) \ |
235 |
+ $(use_enable htcp) \ |
236 |
+ $(use_enable wccp) \ |
237 |
+ $(use_enable wccpv2) \ |
238 |
+ ${transparent} \ |
239 |
+ ${myconf} |
240 |
+} |
241 |
+ |
242 |
+src_install() { |
243 |
+ emake DESTDIR="${D}" install |
244 |
+ |
245 |
+ # need suid root for looking into /etc/shadow |
246 |
+ fowners root:squid /usr/libexec/squid/basic_ncsa_auth |
247 |
+ fperms 4750 /usr/libexec/squid/basic_ncsa_auth |
248 |
+ if use pam; then |
249 |
+ fowners root:squid /usr/libexec/squid/basic_pam_auth |
250 |
+ fperms 4750 /usr/libexec/squid/basic_pam_auth |
251 |
+ fi |
252 |
+ # pinger needs suid as well |
253 |
+ fowners root:squid /usr/libexec/squid/pinger |
254 |
+ fperms 4750 /usr/libexec/squid/pinger |
255 |
+ |
256 |
+ # these scripts depend on perl |
257 |
+ if ! use perl; then |
258 |
+ local f |
259 |
+ local PERL_SCRIPTS=( |
260 |
+ "${D}"/usr/libexec/squid/basic_pop3_auth |
261 |
+ "${D}"/usr/libexec/squid/log_db_daemon |
262 |
+ "${D}"/usr/libexec/squid/basic_msnt_multi_domain_auth |
263 |
+ "${D}"/usr/libexec/squid/storeid_file_rewrite |
264 |
+ "${D}"/usr/libexec/squid/helper-mux.pl |
265 |
+ ) |
266 |
+ for f in "${PERL_SCRIPTS[@]}"; do |
267 |
+ rm -v "${f}" || die |
268 |
+ done |
269 |
+ fi |
270 |
+ |
271 |
+ # cleanup |
272 |
+ rm -f "${D}"/usr/bin/Run* |
273 |
+ rm -rf "${D}"/run/squid "${D}"/var/cache/squid |
274 |
+ |
275 |
+ dodoc CONTRIBUTORS CREDITS ChangeLog INSTALL QUICKSTART README SPONSORS doc/*.txt |
276 |
+ newdoc helpers/negotiate_auth/kerberos/README README.kerberos |
277 |
+ newdoc helpers/basic_auth/RADIUS/README README.RADIUS |
278 |
+ newdoc helpers/external_acl/kerberos_ldap_group/README README.kerberos_ldap_group |
279 |
+ newdoc tools/purge/README README.purge |
280 |
+ newdoc tools/helper-mux.README README.helper-mux |
281 |
+ dodoc RELEASENOTES.html |
282 |
+ |
283 |
+ newpamd "${FILESDIR}/squid.pam" squid |
284 |
+ newconfd "${FILESDIR}/squid.confd-r1" squid |
285 |
+ newinitd "${FILESDIR}/squid.initd-r4" squid |
286 |
+ if use logrotate; then |
287 |
+ insinto /etc/logrotate.d |
288 |
+ newins "${FILESDIR}/squid.logrotate" squid |
289 |
+ else |
290 |
+ exeinto /etc/cron.weekly |
291 |
+ newexe "${FILESDIR}/squid.cron" squid.cron |
292 |
+ fi |
293 |
+ |
294 |
+ diropts -m0750 -o squid -g squid |
295 |
+ keepdir /var/log/squid /etc/ssl/squid /var/lib/squid |
296 |
+} |