diff options
| author |   Alin Năstac <mrness@gentoo.org> | 2005-05-11 18:30:55 +0000 |
|---|---|---|
| committer | Alin Năstac <mrness@gentoo.org> | 2005-05-11 18:30:55 +0000 |
| commit | 160626f5a23a7d4afb53da061643cffb4e52fffa (patch) | |
| tree | a2a1fad542f1489e035a839dd9468c6c9658e136 /net-proxy | |
| parent | clean older ebuild (diff) | |
| download | historical-160626f5a23a7d4afb53da061643cffb4e52fffa.tar.gz historical-160626f5a23a7d4afb53da061643cffb4e52fffa.tar.bz2 historical-160626f5a23a7d4afb53da061643cffb4e52fffa.zip | |
security fix #92254
Package-Manager: portage-2.0.51.19
Diffstat (limited to 'net-proxy')
| -rw-r--r-- | net-proxy/squid/ChangeLog | 8 | ||||
| -rw-r--r-- | net-proxy/squid/Manifest | 10 | ||||
| -rw-r--r-- | net-proxy/squid/files/digest-squid-2.5.10_rc3 | 2 | ||||
| -rw-r--r-- | net-proxy/squid/squid-2.5.10_rc3.ebuild | 199 |
4 files changed, 214 insertions, 5 deletions
diff --git a/net-proxy/squid/ChangeLog b/net-proxy/squid/ChangeLog index f35758fe5813..b72371b2581a 100644 --- a/net-proxy/squid/ChangeLog +++ b/net-proxy/squid/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-proxy/squid # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.3 2005/04/24 09:35:13 mrness Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.4 2005/05/11 18:30:54 mrness Exp $ + +*squid-2.5.10_rc3 (11 May 2005) + + 11 May 2005; Alin Nastac <mrness@gentoo.org> +squid-2.5.10_rc3.ebuild: + Version bumped for fixing security issue described in bug #92254. + Stable on x86. *squid-2.5.9-r4 (24 Apr 2005) diff --git a/net-proxy/squid/Manifest b/net-proxy/squid/Manifest index 44eabb140d33..df71ae5361f4 100644 --- a/net-proxy/squid/Manifest +++ b/net-proxy/squid/Manifest @@ -3,15 +3,17 @@ Hash: SHA1 MD5 4772d7df91159e46e702c3a7d3df1c0c squid-2.5.8-r1.ebuild 6103 MD5 7050bdeeb1b696ffe75c7ed1679587d3 squid-2.5.9.ebuild 6019 +MD5 cc251ec12b4444243e4d58b1397ae3e7 squid-2.5.10_rc3.ebuild 6111 MD5 39cf669d7f8a26e86b980dceda028083 squid-2.5.8.ebuild 5891 MD5 733f7886fe1d6e22c8a90a7d820a6590 squid-2.5.9-r4.ebuild 6088 -MD5 3e1fcd333d5c4c24e31851555e5c4769 ChangeLog 17273 +MD5 b3b56410b684e128698ee53748c0624a ChangeLog 17465 MD5 c2a21a50fca07975a99242ebc54c2f88 metadata.xml 330 MD5 1a01fe9aa56449b307571cda5cab3d77 squid-2.5.9-r3.ebuild 5914 MD5 c2d230465ceefe887175cb8121d0fbc8 files/digest-squid-2.5.8-r1 156 MD5 5b59fde3a3fdf6140efd79a82120b5e3 files/digest-squid-2.5.9-r3 156 MD5 d22fa7f06392112cd3aeee3eaadb154d files/digest-squid-2.5.9-r4 156 MD5 8e7207b10699502e573d9d60ff0e07a6 files/squid.confd 437 +MD5 daa5a0fb0b6b042cae9e9cac37319a5b files/digest-squid-2.5.10_rc3 165 MD5 6f30a7f5c48ec35a7044acb189c858c5 files/squid-r1.cron 133 MD5 c3048f19a1c725e2c53f86640b752382 files/squid-2.5.8-gentoo.diff 17233 MD5 40a3fdee0d8db88cb690a6eceb59e45a files/squid.pam 505 @@ -23,7 +25,7 @@ MD5 7aec9f6b933e46cb25a72c56c0993e9e files/digest-squid-2.5.9 156 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) -iD8DBQFCa2hkjiC39V7gKu0RArIFAKDVa5usCVc/Ta5dbLPTcRP2twxnHACfS0jI -GqcKETx8MV85CiW5OzreEQ4= -=Y6fe +iD8DBQFCgk94jiC39V7gKu0RAiN3AJ9ZvMySXIKxIrJFZjxU+x2a2nrWDQCg030w +uRuXGahbw51lI0nsA23wnBw= +=+rhK -----END PGP SIGNATURE----- diff --git a/net-proxy/squid/files/digest-squid-2.5.10_rc3 b/net-proxy/squid/files/digest-squid-2.5.10_rc3 new file mode 100644 index 000000000000..c085eebce713 --- /dev/null +++ b/net-proxy/squid/files/digest-squid-2.5.10_rc3 @@ -0,0 +1,2 @@ +MD5 eb4497d0cabff800b2c47ae121fa7593 squid-2.5.STABLE10-RC3.tar.gz 1383690 +MD5 76f3602a77183f2e13063e03768d82f3 squid-2.5.STABLE10-RC3-patches-20050510.tar.gz 17004 diff --git a/net-proxy/squid/squid-2.5.10_rc3.ebuild b/net-proxy/squid/squid-2.5.10_rc3.ebuild new file mode 100644 index 000000000000..5b6ddcc21602 --- /dev/null +++ b/net-proxy/squid/squid-2.5.10_rc3.ebuild @@ -0,0 +1,199 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-2.5.10_rc3.ebuild,v 1.1 2005/05/11 18:30:54 mrness Exp $ + +inherit eutils toolchain-funcs + +#lame archive versioning scheme.. +S_PV=${PV%.*} +S_PL=${PV##*.} +S_PL=${S_PL/_rc/-RC} +S_PP=${PN}-${S_PV}.STABLE${S_PL} +PATCH_VERSION="20050510" + +DESCRIPTION="A caching web proxy, with advanced features" +HOMEPAGE="http://www.squid-cache.org/" +SRC_URI="http://www.squid-cache.org/Versions/v2/${S_PV}/${S_PP}.tar.gz + mirror://gentoo/${S_PP}-patches-${PATCH_VERSION}.tar.gz" + +S=${WORKDIR}/${S_PP} + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc x86 ~mips" +IUSE="pam ldap ssl sasl snmp debug uclibc selinux underscores logrotate customlog zero-penalty-hit" + +RDEPEND="virtual/libc + pam? ( >=sys-libs/pam-0.75 ) + ldap? ( >=net-nds/openldap-2.1.26 ) + ssl? ( >=dev-libs/openssl-0.9.6m ) + sasl? ( >=dev-libs/cyrus-sasl-1.5.27 ) + selinux? ( sec-policy/selinux-squid ) + !mips? ( logrotate? ( app-admin/logrotate ) )" +DEPEND="${RDEPEND} dev-lang/perl" + +src_unpack() { + unpack ${A} || die "unpack failed" + cd ${S} || die "dir ${S} not found" + + # Do bulk patching from squids bug fix list as well as our patches + use customlog || rm ${WORKDIR}/patch/9*customlog* + use zero-penalty-hit || rm ${WORKDIR}/patch/9*ToS_Hit* + EPATCH_SUFFIX="patch" + epatch ${WORKDIR}/patch + + #hmm #10865 + sed -i -e 's%^\(LINK =.*\)\(-o.*\)%\1\$(XTRA_LIBS) \2%' \ + helpers/external_acl/ldap_group/Makefile.in + + #disable lazy bindings on (some at least) suided basic auth programs + sed -i -e 's:_LDFLAGS[ ]*=:_LDFLAGS = -Wl,-z,now:' \ + helpers/basic_auth/*/Makefile.in + + if ! use debug ; then + mv configure.in configure.in.orig + sed -e 's%LDFLAGS="-g"%LDFLAGS=""%' configure.in.orig > configure.in + export WANT_AUTOCONF=2.1 + autoconf || die "autoconf failed" + fi +} + +src_compile() { + # Support for uclibc #61175 + if use uclibc; then + local basic_modules="getpwnam,NCSA,SMB,MSNT,multi-domain-NTLM,winbind" + else + local basic_modules="getpwnam,YP,NCSA,SMB,MSNT,multi-domain-NTLM,winbind" + fi + + use ldap && basic_modules="LDAP,${basic_modules}" + use pam && basic_modules="PAM,${basic_modules}" + use sasl && basic_modules="SASL,${basic_modules}" + # SASL 1 / 2 Supported Natively + + local ext_helpers="ip_user,unix_group,wbinfo_group,winbind_group" + use ldap && ext_helpers="ldap_group,${ext_helpers}" + + local myconf="" + use snmp && myconf="${myconf} --enable-snmp" || myconf="${myconf} --disable-snmp" + use ssl && myconf="${myconf} --enable-ssl" || myconf="${myconf} --disable-ssl" + + use amd64 && myconf="${myconf} --disable-internal-dns " + + if use underscores; then + ewarn "Enabling underscores in domain names will result in dns resolution" + ewarn "failure if your local DNS client (probably bind) is not compatible." + myconf="${myconf} --enable-underscores" + fi + + # Support for uclibc #61175 + if use uclibc; then + myconf="${myconf} --enable-storeio='ufs,diskd,aufs,null' " + myconf="${myconf} --disable-async-io " + else + myconf="${myconf} --enable-storeio='ufs,diskd,coss,aufs,null' " + myconf="${myconf} --enable-async-io " + fi + + export CC=$(tc-getCC) + + ./configure \ + --prefix=/usr \ + --bindir=/usr/bin \ + --exec-prefix=/usr \ + --sbindir=/usr/sbin \ + --localstatedir=/var \ + --mandir=/usr/share/man \ + --sysconfdir=/etc/squid \ + --libexecdir=/usr/lib/squid \ + \ + --enable-auth="basic,digest,ntlm" \ + --enable-removal-policies="lru,heap" \ + --enable-digest-auth-helpers="password" \ + --enable-basic-auth-helpers=${basic_modules} \ + --enable-external-acl-helpers=${ext_helpers} \ + --enable-ntlm-auth-helpers="SMB,fakeauth,no_check,winbind" \ + --enable-linux-netfilter \ + --enable-ident-lookups \ + --enable-useragent-log \ + --enable-cache-digests \ + --enable-delay-pools \ + --enable-referer-log \ + --enable-truncate \ + --enable-arp-acl \ + --with-pthreads \ + --with-large-files \ + --enable-htcp \ + --enable-carp \ + --enable-poll \ + --host=${CHOST} ${myconf} || die "bad ./configure" + #--enable-icmp + + mv include/autoconf.h include/autoconf.h.orig + sed -e "s:^#define SQUID_MAXFD.*:#define SQUID_MAXFD 8192:" \ + include/autoconf.h.orig > include/autoconf.h + +# if [ "${ARCH}" = "hppa" ] +# then +# mv include/autoconf.h include/autoconf.h.orig +# sed -e "s:^#define HAVE_MALLOPT 1:#undef HAVE_MALLOPT:" \ +# include/autoconf.h.orig > include/autoconf.h +# fi + + emake || die "compile problem" +} + +src_install() { + make DESTDIR=${D} install || die + + #--enable-icmp + #make -C src install-pinger libexecdir=${D}/usr/lib/squid || die + #chown root:squid ${D}/usr/lib/squid/pinger + #chmod 4750 ${D}/usr/lib/squid/pinger + + #need suid root for looking into /etc/shadow + chown root:squid ${D}/usr/lib/squid/ncsa_auth + chown root:squid ${D}/usr/lib/squid/pam_auth + chmod 4750 ${D}/usr/lib/squid/ncsa_auth + chmod 4750 ${D}/usr/lib/squid/pam_auth + + #some clean ups + rm -rf ${D}/var + mv ${D}/usr/bin/Run* ${D}/usr/lib/squid + + #simply switch this symlink to choose the desired language.. + dosym /usr/lib/squid/errors/English /etc/squid/errors + + dodoc CONTRIBUTORS COPYING COPYRIGHT CREDITS \ + ChangeLog QUICKSTART SPONSORS doc/*.txt \ + helpers/ntlm_auth/no_check/README.no_check_ntlm_auth + newdoc helpers/basic_auth/SMB/README README.auth_smb + dohtml helpers/basic_auth/MSNT/README.html RELEASENOTES.html + newdoc helpers/basic_auth/LDAP/README README.auth_ldap + doman helpers/basic_auth/LDAP/*.8 + dodoc helpers/basic_auth/SASL/squid_sasl_auth* + + insinto /etc/pam.d + newins ${FILESDIR}/squid.pam squid + exeinto /etc/init.d + newexe ${FILESDIR}/squid.rc6 squid + insinto /etc/conf.d + newins ${FILESDIR}/squid.confd squid + if use logrotate; then + insinto /etc/logrotate.d + newins ${FILESDIR}/squid-logrotate squid + else + exeinto /etc/cron.weekly + newexe ${FILESDIR}/squid-r1.cron squid.cron + fi + + diropts -m0755 -o squid -g squid + dodir /var/cache/squid /var/log/squid +} + +pkg_postinst() { + echo + ewarn "Squid authentication helpers have been installed suid root" + ewarn "This allows shadow based authentication, see bug #52977 for more" + echo +} |