Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Eray Aslan <eras@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-proxy/squid/
Date: Wed, 29 Aug 2018 06:05:31
Message-Id: 1535522704.44372f66bf64de1e1ec92b99b5ba6f8953855e69.eras@gentoo
1 commit: 44372f66bf64de1e1ec92b99b5ba6f8953855e69
2 Author: Eray Aslan <eras <AT> gentoo <DOT> org>
3 AuthorDate: Wed Aug 29 06:05:04 2018 +0000
4 Commit: Eray Aslan <eras <AT> gentoo <DOT> org>
5 CommitDate: Wed Aug 29 06:05:04 2018 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=44372f66
7
8 net-proxy/squid: security bump to 3.5.28
9
10 Package-Manager: Portage-2.3.48, Repoman-2.3.10
11
12 net-proxy/squid/Manifest | 1 +
13 net-proxy/squid/squid-3.5.28.ebuild | 267 ++++++++++++++++++++++++++++++++++++
14 2 files changed, 268 insertions(+)
15
16 diff --git a/net-proxy/squid/Manifest b/net-proxy/squid/Manifest
17 index a3a041afc37..217180128c0 100644
18 --- a/net-proxy/squid/Manifest
19 +++ b/net-proxy/squid/Manifest
20 @@ -1 +1,2 @@
21 DIST squid-3.5.27.tar.xz 2303468 BLAKE2B 448dbb703469bdd38a0e88da8e473510e9652fc7c7ae2e48bf687a4c2e1698f3baa92c212631fd3734ee51bead89980d31af58d64654418a7c4c4a16e1be751e SHA512 4172a053c3b7ffe7a12dfb3febac96942d0fbbe7e98e3f797f22cd75b0a3a89cbbfe7260b5daad099e79d5e9303bb5dfbfee7499cb30a90590aa1bd242ff4817
22 +DIST squid-3.5.28.tar.xz 2304680 BLAKE2B 9b41a191210ea441ebd2847e9dc2cfacf3ba9fa8ceb81513b4cb449b13f7e81d28e3f3c9c46003db6d3d8a936fbd2275e42e18c23bd9d7667b9bd6890a1627a8 SHA512 da8367d364725c7fd6330e7588b0ff70d32978a17ca0bc5fe58fa6d12c9d2adb42ade0a492c835761bc7fd67c1a55300b4b7402ad939cf2a2aa5104233bbb74b
23
24 diff --git a/net-proxy/squid/squid-3.5.28.ebuild b/net-proxy/squid/squid-3.5.28.ebuild
25 new file mode 100644
26 index 00000000000..c0af6b07ce1
27 --- /dev/null
28 +++ b/net-proxy/squid/squid-3.5.28.ebuild
29 @@ -0,0 +1,267 @@
30 +# Copyright 1999-2018 Gentoo Foundation
31 +# Distributed under the terms of the GNU General Public License v2
32 +
33 +EAPI=7
34 +inherit autotools linux-info pam toolchain-funcs user
35 +
36 +DESCRIPTION="A full-featured web proxy cache"
37 +HOMEPAGE="http://www.squid-cache.org/"
38 +SRC_URI="http://www.squid-cache.org/Versions/v3/3.5/${P}.tar.xz"
39 +
40 +LICENSE="GPL-2"
41 +SLOT="0"
42 +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
43 +IUSE="caps ipv6 pam ldap libressl samba sasl kerberos nis radius ssl snmp selinux logrotate test \
44 + ecap esi ssl-crtd \
45 + mysql postgres sqlite \
46 + perl qos tproxy \
47 + +htcp +wccp +wccpv2 \
48 + pf-transparent ipf-transparent kqueue \
49 + elibc_uclibc kernel_linux"
50 +
51 +COMMON_DEPEND="caps? ( >=sys-libs/libcap-2.16 )
52 + pam? ( virtual/pam )
53 + ldap? ( net-nds/openldap )
54 + kerberos? ( virtual/krb5 )
55 + qos? ( net-libs/libnetfilter_conntrack )
56 + ssl? (
57 + libressl? ( dev-libs/libressl:0 )
58 + !libressl? ( dev-libs/openssl:0 )
59 + dev-libs/nettle >=net-libs/gnutls-3.1.5 )
60 + sasl? ( dev-libs/cyrus-sasl )
61 + ecap? ( net-libs/libecap:1 )
62 + esi? ( dev-libs/expat dev-libs/libxml2 )
63 + !x86-fbsd? ( logrotate? ( app-admin/logrotate ) )
64 + >=sys-libs/db-4:*
65 + dev-libs/libltdl:0"
66 +DEPEND="${COMMON_DEPEND}
67 + dev-lang/perl
68 + ecap? ( virtual/pkgconfig )
69 + test? ( dev-util/cppunit )"
70 +RDEPEND="${COMMON_DEPEND}
71 + samba? ( net-fs/samba )
72 + perl? ( dev-lang/perl )
73 + mysql? ( dev-perl/DBD-mysql )
74 + postgres? ( dev-perl/DBD-Pg )
75 + selinux? ( sec-policy/selinux-squid )
76 + sqlite? ( dev-perl/DBD-SQLite )
77 + !<=sci-biology/meme-4.8.1-r1"
78 +
79 +REQUIRED_USE="tproxy? ( caps )
80 + qos? ( caps )"
81 +
82 +pkg_pretend() {
83 + if use tproxy; then
84 + local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_XT_MATCH_SOCKET ~NETFILTER_XT_TARGET_TPROXY"
85 + linux-info_pkg_setup
86 + fi
87 +}
88 +
89 +pkg_setup() {
90 + enewgroup squid
91 + enewuser squid -1 -1 /var/cache/squid squid
92 +}
93 +
94 +src_prepare() {
95 + eapply "${FILESDIR}/${PN}-3.5.7-gentoo.patch"
96 + eapply -p0 "${FILESDIR}/${PN}-cppunit-1.14.patch"
97 + #eapply "${FILESDIR}/${PN}-2018-1.patch"
98 + #eapply "${FILESDIR}/${PN}-2018-2.patch"
99 + sed -i -e 's:/usr/local/squid/etc:/etc/squid:' \
100 + INSTALL QUICKSTART \
101 + scripts/fileno-to-pathname.pl \
102 + scripts/check_cache.pl \
103 + tools/cachemgr.cgi.8 \
104 + tools/purge/conffile.hh \
105 + tools/purge/README || die
106 + sed -i -e 's:/usr/local/squid/sbin:/usr/sbin:' \
107 + INSTALL QUICKSTART || die
108 + sed -i -e 's:/usr/local/squid/var/cache:/var/cache/squid:' \
109 + QUICKSTART || die
110 + sed -i -e 's:/usr/local/squid/var/logs:/var/log/squid:' \
111 + QUICKSTART \
112 + src/log/access_log.cc || die
113 + sed -i -e 's:/usr/local/squid/logs:/var/log/squid:' \
114 + src/log/access_log.cc || die
115 + sed -i -e 's:/usr/local/squid/libexec:/usr/libexec/squid:' \
116 + helpers/external_acl/unix_group/ext_unix_group_acl.8 \
117 + helpers/external_acl/session/ext_session_acl.8 \
118 + src/ssl/ssl_crtd.8 || die
119 + sed -i -e 's:/usr/local/squid/cache:/var/cache/squid:' \
120 + scripts/check_cache.pl || die
121 + sed -i -e 's:/usr/local/squid/ssl_cert:/etc/ssl/squid:' \
122 + src/ssl/ssl_crtd.8 || die
123 + sed -i -e 's:/usr/local/squid/var/lib/ssl_db:/var/lib/squid/ssl_db:' \
124 + src/ssl/ssl_crtd.8 || die
125 + sed -i -e 's:/var/lib/ssl_db:/var/lib/squid/ssl_db:' \
126 + src/ssl/ssl_crtd.8 || die
127 + # /var/run/squid to /run/squid
128 + sed -i -e 's:$(localstatedir)::' \
129 + src/ipc/Makefile.am || die
130 + sed -i -e 's:_LTDL_SETUP:LTDL_INIT([installable]):' \
131 + libltdl/configure.ac || die
132 +
133 + eapply_user
134 + eautoreconf
135 +}
136 +
137 +src_configure() {
138 + local basic_modules="MSNT-multi-domain,NCSA,POP3,getpwnam"
139 + use samba && basic_modules+=",SMB"
140 + use ldap && basic_modules+=",LDAP"
141 + use pam && basic_modules+=",PAM"
142 + use sasl && basic_modules+=",SASL"
143 + use nis && ! use elibc_uclibc && basic_modules+=",NIS"
144 + use radius && basic_modules+=",RADIUS"
145 + if use mysql || use postgres || use sqlite ; then
146 + basic_modules+=",DB"
147 + fi
148 +
149 + local digest_modules="file"
150 + use ldap && digest_modules+=",LDAP,eDirectory"
151 +
152 + local negotiate_modules="none"
153 + local myconf="--without-mit-krb5 --without-heimdal-krb5"
154 + if use kerberos ; then
155 + negotiate_modules="kerberos,wrapper"
156 + if has_version app-crypt/heimdal ; then
157 + myconf="--without-mit-krb5 --with-heimdal-krb5"
158 + else
159 + myconf="--with-mit-krb5 --without-heimdal-krb5"
160 + fi
161 + fi
162 +
163 + local ntlm_modules="none"
164 + use samba && ntlm_modules="smb_lm"
165 +
166 + local ext_helpers="file_userip,session,unix_group"
167 + use samba && ext_helpers+=",wbinfo_group"
168 + use ldap && ext_helpers+=",LDAP_group,eDirectory_userip"
169 + use ldap && use kerberos && ext_helpers+=",kerberos_ldap_group"
170 +
171 + local storeio_modules="aufs,diskd,rock,ufs"
172 +
173 + local transparent
174 + if use kernel_linux ; then
175 + transparent+=" --enable-linux-netfilter"
176 + use qos && transparent+=" --enable-zph-qos --with-netfilter-conntrack"
177 + fi
178 +
179 + if use kernel_FreeBSD || use kernel_OpenBSD || use kernel_NetBSD ; then
180 + transparent+=" $(use_enable kqueue)"
181 + if use pf-transparent; then
182 + transparent+=" --enable-pf-transparent"
183 + elif use ipf-transparent; then
184 + transparent+=" --enable-ipf-transparent"
185 + fi
186 + fi
187 +
188 + tc-export_build_env BUILD_CXX
189 + export BUILDCXX=${BUILD_CXX}
190 + export BUILDCXXFLAGS=${BUILD_CXXFLAGS}
191 + tc-export CC AR
192 +
193 + # Should be able to drop this workaround with newer versions.
194 + # https://bugs.squid-cache.org/show_bug.cgi?id=4224
195 + tc-is-cross-compiler && export squid_cv_gnu_atomics=no
196 +
197 + econf \
198 + --sysconfdir=/etc/squid \
199 + --libexecdir=/usr/libexec/squid \
200 + --localstatedir=/var \
201 + --with-pidfile=/run/squid.pid \
202 + --datadir=/usr/share/squid \
203 + --with-logdir=/var/log/squid \
204 + --with-default-user=squid \
205 + --enable-removal-policies="lru,heap" \
206 + --enable-storeio="${storeio_modules}" \
207 + --enable-disk-io \
208 + --enable-auth-basic="${basic_modules}" \
209 + --enable-auth-digest="${digest_modules}" \
210 + --enable-auth-ntlm="${ntlm_modules}" \
211 + --enable-auth-negotiate="${negotiate_modules}" \
212 + --enable-external-acl-helpers="${ext_helpers}" \
213 + --enable-log-daemon-helpers \
214 + --enable-url-rewrite-helpers \
215 + --enable-cache-digests \
216 + --enable-delay-pools \
217 + --enable-eui \
218 + --enable-icmp \
219 + --enable-follow-x-forwarded-for \
220 + --with-large-files \
221 + --with-build-environment=default \
222 + --disable-strict-error-checking \
223 + --disable-arch-native \
224 + --with-ltdl-includedir=/usr/include \
225 + --with-ltdl-libdir=/usr/$(get_libdir) \
226 + $(use_with caps libcap) \
227 + $(use_enable ipv6) \
228 + $(use_enable snmp) \
229 + $(use_with ssl openssl) \
230 + $(use_with ssl nettle) \
231 + $(use_with ssl gnutls) \
232 + $(use_enable ssl-crtd) \
233 + $(use_enable ecap) \
234 + $(use_enable esi) \
235 + $(use_enable htcp) \
236 + $(use_enable wccp) \
237 + $(use_enable wccpv2) \
238 + ${transparent} \
239 + ${myconf}
240 +}
241 +
242 +src_install() {
243 + emake DESTDIR="${D}" install
244 +
245 + # need suid root for looking into /etc/shadow
246 + fowners root:squid /usr/libexec/squid/basic_ncsa_auth
247 + fperms 4750 /usr/libexec/squid/basic_ncsa_auth
248 + if use pam; then
249 + fowners root:squid /usr/libexec/squid/basic_pam_auth
250 + fperms 4750 /usr/libexec/squid/basic_pam_auth
251 + fi
252 + # pinger needs suid as well
253 + fowners root:squid /usr/libexec/squid/pinger
254 + fperms 4750 /usr/libexec/squid/pinger
255 +
256 + # these scripts depend on perl
257 + if ! use perl; then
258 + local f
259 + local PERL_SCRIPTS=(
260 + "${D}"/usr/libexec/squid/basic_pop3_auth
261 + "${D}"/usr/libexec/squid/log_db_daemon
262 + "${D}"/usr/libexec/squid/basic_msnt_multi_domain_auth
263 + "${D}"/usr/libexec/squid/storeid_file_rewrite
264 + "${D}"/usr/libexec/squid/helper-mux.pl
265 + )
266 + for f in "${PERL_SCRIPTS[@]}"; do
267 + rm -v "${f}" || die
268 + done
269 + fi
270 +
271 + # cleanup
272 + rm -f "${D}"/usr/bin/Run*
273 + rm -rf "${D}"/run/squid "${D}"/var/cache/squid
274 +
275 + dodoc CONTRIBUTORS CREDITS ChangeLog INSTALL QUICKSTART README SPONSORS doc/*.txt
276 + newdoc helpers/negotiate_auth/kerberos/README README.kerberos
277 + newdoc helpers/basic_auth/RADIUS/README README.RADIUS
278 + newdoc helpers/external_acl/kerberos_ldap_group/README README.kerberos_ldap_group
279 + newdoc tools/purge/README README.purge
280 + newdoc tools/helper-mux.README README.helper-mux
281 + dodoc RELEASENOTES.html
282 +
283 + newpamd "${FILESDIR}/squid.pam" squid
284 + newconfd "${FILESDIR}/squid.confd-r1" squid
285 + newinitd "${FILESDIR}/squid.initd-r4" squid
286 + if use logrotate; then
287 + insinto /etc/logrotate.d
288 + newins "${FILESDIR}/squid.logrotate" squid
289 + else
290 + exeinto /etc/cron.weekly
291 + newexe "${FILESDIR}/squid.cron" squid.cron
292 + fi
293 +
294 + diropts -m0750 -o squid -g squid
295 + keepdir /var/log/squid /etc/ssl/squid /var/lib/squid
296 +}
Report Message
Find on MARC Find on Google Groups