From 97f255850855d5144097461e8057e238d42d2b4c Mon Sep 17 00:00:00 2001 From: Andrew Bevitt Date: Fri, 21 Jan 2005 11:42:43 +0000 Subject: Security bump for bug #78776 --- www-proxy/squid/ChangeLog | 8 +- www-proxy/squid/Manifest | 6 +- www-proxy/squid/files/digest-squid-2.5.7-r2 | 2 - www-proxy/squid/files/digest-squid-2.5.7-r3 | 2 + www-proxy/squid/squid-2.5.7-r2.ebuild | 187 ---------------------------- www-proxy/squid/squid-2.5.7-r3.ebuild | 187 ++++++++++++++++++++++++++++ 6 files changed, 199 insertions(+), 193 deletions(-) delete mode 100644 www-proxy/squid/files/digest-squid-2.5.7-r2 create mode 100644 www-proxy/squid/files/digest-squid-2.5.7-r3 delete mode 100644 www-proxy/squid/squid-2.5.7-r2.ebuild create mode 100644 www-proxy/squid/squid-2.5.7-r3.ebuild (limited to 'www-proxy') diff --git a/www-proxy/squid/ChangeLog b/www-proxy/squid/ChangeLog index b5a01bdf2ab0..17ff9d23408b 100644 --- a/www-proxy/squid/ChangeLog +++ b/www-proxy/squid/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for www-proxy/squid # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-proxy/squid/ChangeLog,v 1.25 2005/01/14 07:48:09 cyfred Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-proxy/squid/ChangeLog,v 1.26 2005/01/21 11:42:43 cyfred Exp $ + +*squid-2.5.7-r3 (21 Jan 2005) + + 21 Jan 2005; Andrew Bevitt -squid-2.5.7-r2.ebuild, + +squid-2.5.7-r3.ebuild: + Security bump for bug #78776 *squid-2.5.7-r2 (14 Jan 2005) diff --git a/www-proxy/squid/Manifest b/www-proxy/squid/Manifest index 8ac5396e2e22..f6095eb21059 100644 --- a/www-proxy/squid/Manifest +++ b/www-proxy/squid/Manifest @@ -1,12 +1,12 @@ -MD5 dc6adbc414dc07181629705126cd0597 ChangeLog 12441 +MD5 a833a5c09bf68d60e4a4a9bdba5d7618 ChangeLog 12603 MD5 d7dd06078d4f3a44b46709294cc7bc21 metadata.xml 249 MD5 09369b2d9c6744fe160586802c49a8f7 squid-2.4.7.ebuild 4000 MD5 4d6e594d3261b3e09b9db1fab876f19c squid-2.5.5-r3.ebuild 5383 MD5 b46ea7149fc841baaf04b3ce91859024 squid-2.5.6-r3.ebuild 5805 -MD5 4c3e00247e9152259fbf57fe6e80334c squid-2.5.7-r2.ebuild 5817 +MD5 a80e892663fd3eba02a963a7678500f5 squid-2.5.7-r3.ebuild 5817 MD5 45bf3c4b37515fe4da4ed6d39904132d files/digest-squid-2.5.5-r3 147 MD5 c3cb57db464a884a63d0c53ceb38331b files/digest-squid-2.5.6-r3 156 -MD5 e8b19029c1ad5ab91b97792f0f6a6eeb files/digest-squid-2.5.7-r2 156 +MD5 c8a27617c4c79124d5b607e4b15c5b76 files/digest-squid-2.5.7-r3 156 MD5 626914d5b07105602773bf8a1534a3ae files/squid-2.4.7-debian.diff 12078 MD5 60b9ab4d53c4485a214baa7c8f9a2cc0 files/squid-2.4.7-gentoo.diff 1828 MD5 0c7867dce4b8bef078a93bf717196b0e files/squid-2.5.3-gentoo.diff 11534 diff --git a/www-proxy/squid/files/digest-squid-2.5.7-r2 b/www-proxy/squid/files/digest-squid-2.5.7-r2 deleted file mode 100644 index b6c710a00611..000000000000 --- a/www-proxy/squid/files/digest-squid-2.5.7-r2 +++ /dev/null @@ -1,2 +0,0 @@ -MD5 bf63e34906c68d716896eec0351108dc squid-2.5.STABLE7.tar.bz2 1051830 -MD5 cf7f01e2a8da188bb590c431c79a5c85 squid-2.5.STABLE7-patches-20050114.tar.gz 10108 diff --git a/www-proxy/squid/files/digest-squid-2.5.7-r3 b/www-proxy/squid/files/digest-squid-2.5.7-r3 new file mode 100644 index 000000000000..156ab3138db3 --- /dev/null +++ b/www-proxy/squid/files/digest-squid-2.5.7-r3 @@ -0,0 +1,2 @@ +MD5 bf63e34906c68d716896eec0351108dc squid-2.5.STABLE7.tar.bz2 1051830 +MD5 0cb419c238e25e30f9ebe788b5351de1 squid-2.5.STABLE7-patches-20050121.tar.gz 12062 diff --git a/www-proxy/squid/squid-2.5.7-r2.ebuild b/www-proxy/squid/squid-2.5.7-r2.ebuild deleted file mode 100644 index d2b6afb2fd27..000000000000 --- a/www-proxy/squid/squid-2.5.7-r2.ebuild +++ /dev/null @@ -1,187 +0,0 @@ -# Copyright 1999-2005 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/www-proxy/squid/squid-2.5.7-r2.ebuild,v 1.1 2005/01/14 07:48:09 cyfred Exp $ - -inherit eutils - -#lame archive versioning scheme.. -S_PV=${PV%.*} -S_PL=${PV##*.} -S_PP=${PN}-${S_PV}.STABLE${S_PL} -PATCH_VERSION="20050114" - -DESCRIPTION="A caching web proxy, with advanced features" -HOMEPAGE="http://www.squid-cache.org/" - -S=${WORKDIR}/${S_PP} -SRC_URI="ftp://ftp.squid-cache.org/pub/squid-2/STABLE/${S_PP}.tar.bz2 - http://dev.gentoo.org/~cyfred/distfiles/squid-2.5.STABLE7-patches-${PATCH_VERSION}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86" -IUSE="pam ldap ssl sasl snmp debug uclibc selinux underscores" - -RDEPEND="virtual/libc - pam? ( >=sys-libs/pam-0.75 ) - ldap? ( >=net-nds/openldap-2.1.26 ) - ssl? ( >=dev-libs/openssl-0.9.6m ) - sasl? ( >=dev-libs/cyrus-sasl-1.5.27 ) - selinux? ( sec-policy/selinux-squid )" -DEPEND="${RDEPEND} dev-lang/perl" - -src_unpack() { - unpack ${A} || die - cd ${S} || die - - #do NOT just remove this patch. yes, it's here for a reason. - #woodchip@gentoo.org (07 Nov 2002) - patch -p1 <${FILESDIR}/squid-2.5.7-gentoo.diff || die - - # Do bulk patching from squids bug fix list for stable 6 see #57081 - EPATCH_SUFFIX="patch" epatch ${WORKDIR}/patch - - #hmm #10865 - cd helpers/external_acl/ldap_group - cp Makefile.in Makefile.in.orig - sed -e 's%^\(LINK =.*\)\(-o.*\)%\1\$(XTRA_LIBS) \2%' \ - Makefile.in.orig > Makefile.in - - if ! use debug - then - cd ${S} - mv configure.in configure.in.orig - sed -e 's%LDFLAGS="-g"%LDFLAGS=""%' configure.in.orig > configure.in - export WANT_AUTOCONF=2.1 - autoconf || die - fi -} - -src_compile() { - # Support for uclibc #61175 - if use uclibc; then - local basic_modules="getpwnam,NCSA,SMB,MSNT,multi-domain-NTLM,winbind" - else - local basic_modules="getpwnam,YP,NCSA,SMB,MSNT,multi-domain-NTLM,winbind" - fi - - use ldap && basic_modules="LDAP,${basic_modules}" - use pam && basic_modules="PAM,${basic_modules}" - use sasl && basic_modules="SASL,${basic_modules}" - # SASL 1 / 2 Supported Natively - - local ext_helpers="ip_user,unix_group,wbinfo_group,winbind_group" - use ldap && ext_helpers="ldap_group,${ext_helpers}" - - local myconf="" - use snmp && myconf="${myconf} --enable-snmp" || myconf="${myconf} --disable-snmp" - use ssl && myconf="${myconf} --enable-ssl" || myconf="${myconf} --disable-ssl" - - use amd64 && myconf="${myconf} --disable-internal-dns " - - if use underscores; then - ewarn "Enabling underscores in domain names will result in dns resolution" - ewarn "failure if your local DNS client (probably bind) is not compatible." - myconf="${myconf} --enable-underscores" - fi - - # Support for uclibc #61175 - if use uclibc; then - myconf="${myconf} --enable-storeio='ufs,diskd,aufs,null' " - myconf="${myconf} --disable-async-io " - else - myconf="${myconf} --enable-storeio='ufs,diskd,coss,aufs,null' " - myconf="${myconf} --enable-async-io " - fi - - ./configure \ - --prefix=/usr \ - --bindir=/usr/bin \ - --exec-prefix=/usr \ - --sbindir=/usr/sbin \ - --localstatedir=/var \ - --mandir=/usr/share/man \ - --sysconfdir=/etc/squid \ - --libexecdir=/usr/lib/squid \ - \ - --enable-auth="basic,digest,ntlm" \ - --enable-removal-policies="lru,heap" \ - --enable-digest-auth-helpers="password" \ - --enable-basic-auth-helpers=${basic_modules} \ - --enable-external-acl-helpers=${ext_helpers} \ - --enable-ntlm-auth-helpers="SMB,fakeauth,no_check,winbind" \ - --enable-linux-netfilter \ - --enable-ident-lookups \ - --enable-useragent-log \ - --enable-cache-digests \ - --enable-delay-pools \ - --enable-referer-log \ - --enable-truncate \ - --enable-arp-acl \ - --with-pthreads \ - --enable-htcp \ - --enable-carp \ - --enable-poll \ - --host=${CHOST} ${myconf} || die "bad ./configure" - #--enable-icmp - - mv include/autoconf.h include/autoconf.h.orig - sed -e "s:^#define SQUID_MAXFD.*:#define SQUID_MAXFD 8192:" \ - include/autoconf.h.orig > include/autoconf.h - -# if [ "${ARCH}" = "hppa" ] -# then -# mv include/autoconf.h include/autoconf.h.orig -# sed -e "s:^#define HAVE_MALLOPT 1:#undef HAVE_MALLOPT:" \ -# include/autoconf.h.orig > include/autoconf.h -# fi - - emake || die "compile problem" -} - -src_install() { - make DESTDIR=${D} install || die - - #--enable-icmp - #make -C src install-pinger libexecdir=${D}/usr/lib/squid || die - #chown root:squid ${D}/usr/lib/squid/pinger - #chmod 4750 ${D}/usr/lib/squid/pinger - - #need suid root for looking into /etc/shadow - chown root:squid ${D}/usr/lib/squid/ncsa_auth - chown root:squid ${D}/usr/lib/squid/pam_auth - chmod 4750 ${D}/usr/lib/squid/ncsa_auth - chmod 4750 ${D}/usr/lib/squid/pam_auth - - #some clean ups - rm -rf ${D}/var - mv ${D}/usr/bin/Run* ${D}/usr/lib/squid - - #simply switch this symlink to choose the desired language.. - dosym /usr/lib/squid/errors/English /etc/squid/errors - - dodoc CONTRIBUTORS COPYING COPYRIGHT CREDITS \ - ChangeLog QUICKSTART SPONSORS doc/*.txt \ - helpers/ntlm_auth/no_check/README.no_check_ntlm_auth - newdoc helpers/basic_auth/SMB/README README.auth_smb - dohtml helpers/basic_auth/MSNT/README.html RELEASENOTES.html - newdoc helpers/basic_auth/LDAP/README README.auth_ldap - doman helpers/basic_auth/LDAP/*.8 - dodoc helpers/basic_auth/SASL/squid_sasl_auth* - - insinto /etc/pam.d ; newins ${FILESDIR}/squid.pam squid - exeinto /etc/init.d ; newexe ${FILESDIR}/squid.rc6 squid - insinto /etc/conf.d ; newins ${FILESDIR}/squid.confd squid - exeinto /etc/cron.weekly ; newexe ${FILESDIR}/squid-r1.cron squid.cron -} - -pkg_postinst() { - # empty dirs.. - install -m0755 -o squid -g squid -d ${ROOT}/var/cache/squid - install -m0755 -o squid -g squid -d ${ROOT}/var/log/squid - - echo - ewarn "Squid authentication helpers have been installed suid root" - ewarn "This allows shadow based authentication, see bug #52977 for more" - echo -} diff --git a/www-proxy/squid/squid-2.5.7-r3.ebuild b/www-proxy/squid/squid-2.5.7-r3.ebuild new file mode 100644 index 000000000000..2e4401e4aef8 --- /dev/null +++ b/www-proxy/squid/squid-2.5.7-r3.ebuild @@ -0,0 +1,187 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-proxy/squid/squid-2.5.7-r3.ebuild,v 1.1 2005/01/21 11:42:43 cyfred Exp $ + +inherit eutils + +#lame archive versioning scheme.. +S_PV=${PV%.*} +S_PL=${PV##*.} +S_PP=${PN}-${S_PV}.STABLE${S_PL} +PATCH_VERSION="20050121" + +DESCRIPTION="A caching web proxy, with advanced features" +HOMEPAGE="http://www.squid-cache.org/" + +S=${WORKDIR}/${S_PP} +SRC_URI="ftp://ftp.squid-cache.org/pub/squid-2/STABLE/${S_PP}.tar.bz2 + http://dev.gentoo.org/~cyfred/distfiles/squid-2.5.STABLE7-patches-${PATCH_VERSION}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86" +IUSE="pam ldap ssl sasl snmp debug uclibc selinux underscores" + +RDEPEND="virtual/libc + pam? ( >=sys-libs/pam-0.75 ) + ldap? ( >=net-nds/openldap-2.1.26 ) + ssl? ( >=dev-libs/openssl-0.9.6m ) + sasl? ( >=dev-libs/cyrus-sasl-1.5.27 ) + selinux? ( sec-policy/selinux-squid )" +DEPEND="${RDEPEND} dev-lang/perl" + +src_unpack() { + unpack ${A} || die + cd ${S} || die + + #do NOT just remove this patch. yes, it's here for a reason. + #woodchip@gentoo.org (07 Nov 2002) + patch -p1 <${FILESDIR}/squid-2.5.7-gentoo.diff || die + + # Do bulk patching from squids bug fix list for stable 6 see #57081 + EPATCH_SUFFIX="patch" epatch ${WORKDIR}/patch + + #hmm #10865 + cd helpers/external_acl/ldap_group + cp Makefile.in Makefile.in.orig + sed -e 's%^\(LINK =.*\)\(-o.*\)%\1\$(XTRA_LIBS) \2%' \ + Makefile.in.orig > Makefile.in + + if ! use debug + then + cd ${S} + mv configure.in configure.in.orig + sed -e 's%LDFLAGS="-g"%LDFLAGS=""%' configure.in.orig > configure.in + export WANT_AUTOCONF=2.1 + autoconf || die + fi +} + +src_compile() { + # Support for uclibc #61175 + if use uclibc; then + local basic_modules="getpwnam,NCSA,SMB,MSNT,multi-domain-NTLM,winbind" + else + local basic_modules="getpwnam,YP,NCSA,SMB,MSNT,multi-domain-NTLM,winbind" + fi + + use ldap && basic_modules="LDAP,${basic_modules}" + use pam && basic_modules="PAM,${basic_modules}" + use sasl && basic_modules="SASL,${basic_modules}" + # SASL 1 / 2 Supported Natively + + local ext_helpers="ip_user,unix_group,wbinfo_group,winbind_group" + use ldap && ext_helpers="ldap_group,${ext_helpers}" + + local myconf="" + use snmp && myconf="${myconf} --enable-snmp" || myconf="${myconf} --disable-snmp" + use ssl && myconf="${myconf} --enable-ssl" || myconf="${myconf} --disable-ssl" + + use amd64 && myconf="${myconf} --disable-internal-dns " + + if use underscores; then + ewarn "Enabling underscores in domain names will result in dns resolution" + ewarn "failure if your local DNS client (probably bind) is not compatible." + myconf="${myconf} --enable-underscores" + fi + + # Support for uclibc #61175 + if use uclibc; then + myconf="${myconf} --enable-storeio='ufs,diskd,aufs,null' " + myconf="${myconf} --disable-async-io " + else + myconf="${myconf} --enable-storeio='ufs,diskd,coss,aufs,null' " + myconf="${myconf} --enable-async-io " + fi + + ./configure \ + --prefix=/usr \ + --bindir=/usr/bin \ + --exec-prefix=/usr \ + --sbindir=/usr/sbin \ + --localstatedir=/var \ + --mandir=/usr/share/man \ + --sysconfdir=/etc/squid \ + --libexecdir=/usr/lib/squid \ + \ + --enable-auth="basic,digest,ntlm" \ + --enable-removal-policies="lru,heap" \ + --enable-digest-auth-helpers="password" \ + --enable-basic-auth-helpers=${basic_modules} \ + --enable-external-acl-helpers=${ext_helpers} \ + --enable-ntlm-auth-helpers="SMB,fakeauth,no_check,winbind" \ + --enable-linux-netfilter \ + --enable-ident-lookups \ + --enable-useragent-log \ + --enable-cache-digests \ + --enable-delay-pools \ + --enable-referer-log \ + --enable-truncate \ + --enable-arp-acl \ + --with-pthreads \ + --enable-htcp \ + --enable-carp \ + --enable-poll \ + --host=${CHOST} ${myconf} || die "bad ./configure" + #--enable-icmp + + mv include/autoconf.h include/autoconf.h.orig + sed -e "s:^#define SQUID_MAXFD.*:#define SQUID_MAXFD 8192:" \ + include/autoconf.h.orig > include/autoconf.h + +# if [ "${ARCH}" = "hppa" ] +# then +# mv include/autoconf.h include/autoconf.h.orig +# sed -e "s:^#define HAVE_MALLOPT 1:#undef HAVE_MALLOPT:" \ +# include/autoconf.h.orig > include/autoconf.h +# fi + + emake || die "compile problem" +} + +src_install() { + make DESTDIR=${D} install || die + + #--enable-icmp + #make -C src install-pinger libexecdir=${D}/usr/lib/squid || die + #chown root:squid ${D}/usr/lib/squid/pinger + #chmod 4750 ${D}/usr/lib/squid/pinger + + #need suid root for looking into /etc/shadow + chown root:squid ${D}/usr/lib/squid/ncsa_auth + chown root:squid ${D}/usr/lib/squid/pam_auth + chmod 4750 ${D}/usr/lib/squid/ncsa_auth + chmod 4750 ${D}/usr/lib/squid/pam_auth + + #some clean ups + rm -rf ${D}/var + mv ${D}/usr/bin/Run* ${D}/usr/lib/squid + + #simply switch this symlink to choose the desired language.. + dosym /usr/lib/squid/errors/English /etc/squid/errors + + dodoc CONTRIBUTORS COPYING COPYRIGHT CREDITS \ + ChangeLog QUICKSTART SPONSORS doc/*.txt \ + helpers/ntlm_auth/no_check/README.no_check_ntlm_auth + newdoc helpers/basic_auth/SMB/README README.auth_smb + dohtml helpers/basic_auth/MSNT/README.html RELEASENOTES.html + newdoc helpers/basic_auth/LDAP/README README.auth_ldap + doman helpers/basic_auth/LDAP/*.8 + dodoc helpers/basic_auth/SASL/squid_sasl_auth* + + insinto /etc/pam.d ; newins ${FILESDIR}/squid.pam squid + exeinto /etc/init.d ; newexe ${FILESDIR}/squid.rc6 squid + insinto /etc/conf.d ; newins ${FILESDIR}/squid.confd squid + exeinto /etc/cron.weekly ; newexe ${FILESDIR}/squid-r1.cron squid.cron +} + +pkg_postinst() { + # empty dirs.. + install -m0755 -o squid -g squid -d ${ROOT}/var/cache/squid + install -m0755 -o squid -g squid -d ${ROOT}/var/log/squid + + echo + ewarn "Squid authentication helpers have been installed suid root" + ewarn "This allows shadow based authentication, see bug #52977 for more" + echo +} -- cgit v1.2.3-65-gdbad