summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--net-proxy/squid/ChangeLog10
-rw-r--r--net-proxy/squid/files/squid-13211_13210.patch41
-rw-r--r--net-proxy/squid/files/squid-13735_13734.patch41
-rw-r--r--net-proxy/squid/squid-3.4.11-r1.ebuild255
-rw-r--r--net-proxy/squid/squid-3.5.1-r1.ebuild248
5 files changed, 594 insertions, 1 deletions
diff --git a/net-proxy/squid/ChangeLog b/net-proxy/squid/ChangeLog
index 6869b330d5f2..7d4a34509722 100644
--- a/net-proxy/squid/ChangeLog
+++ b/net-proxy/squid/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for net-proxy/squid
# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.507 2015/02/02 07:36:58 eras Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.508 2015/02/04 16:10:18 eras Exp $
+
+*squid-3.4.11-r1 (04 Feb 2015)
+*squid-3.5.1-r1 (04 Feb 2015)
+
+ 04 Feb 2015; Eray Aslan <eras@gentoo.org> +files/squid-13211_13210.patch,
+ +files/squid-13735_13734.patch, +squid-3.4.11-r1.ebuild,
+ +squid-3.5.1-r1.ebuild:
+ Security bump
02 Feb 2015; Eray Aslan <eras@gentoo.org> squid-3.4.11.ebuild,
squid-3.5.1.ebuild:
diff --git a/net-proxy/squid/files/squid-13211_13210.patch b/net-proxy/squid/files/squid-13211_13210.patch
new file mode 100644
index 000000000000..3e747958d8d9
--- /dev/null
+++ b/net-proxy/squid/files/squid-13211_13210.patch
@@ -0,0 +1,41 @@
+=== modified file 'src/auth/digest/UserRequest.cc'
+--- src/auth/digest/UserRequest.cc 2015-01-18 11:02:13 +0000
++++ src/auth/digest/UserRequest.cc 2015-01-19 16:42:41 +0000
+@@ -152,10 +152,14 @@
+ }
+
+ /* check for stale nonce */
+- if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) {
+- debugs(29, 3, "user '" << auth_user->username() << "' validated OK but nonce stale");
+- auth_user->credentials(Auth::Handshake);
+- digest_request->setDenyMessage("Stale nonce");
++ /* check Auth::Pending to avoid loop */
++
++ if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc) && user()->credentials() != Auth::Pending) {
++ debugs(29, 3, auth_user->username() << "' validated OK but nonce stale: " << digest_request->nonceb64);
++ /* Pending prevent banner and makes a ldap control */
++ auth_user->credentials(Auth::Pending);
++ nonce->flags.valid = false;
++ authDigestNoncePurge(nonce);
+ return;
+ }
+
+
+=== modified file 'src/auth/digest/auth_digest.cc'
+--- src/auth/digest/auth_digest.cc 2014-03-05 02:48:25 +0000
++++ src/auth/digest/auth_digest.cc 2015-01-19 16:42:41 +0000
+@@ -1038,12 +1038,7 @@
+ debugs(29, 2, "Username for the nonce does not equal the username for the request");
+ nonce = NULL;
+ }
+- /* check for stale nonce */
+- if (authDigestNonceIsStale(nonce)) {
+- debugs(29, 3, "The received nonce is stale from " << username);
+- digest_request->setDenyMessage("Stale nonce");
+- nonce = NULL;
+- }
++
+ if (!nonce) {
+ /* we couldn't find a matching nonce! */
+ debugs(29, 2, "Unexpected or invalid nonce received from " << username);
+
diff --git a/net-proxy/squid/files/squid-13735_13734.patch b/net-proxy/squid/files/squid-13735_13734.patch
new file mode 100644
index 000000000000..5d76192acd51
--- /dev/null
+++ b/net-proxy/squid/files/squid-13735_13734.patch
@@ -0,0 +1,41 @@
+=== modified file 'src/auth/digest/Config.cc'
+--- src/auth/digest/Config.cc 2015-01-13 09:13:49 +0000
++++ src/auth/digest/Config.cc 2015-01-20 10:36:06 +0000
+@@ -1006,12 +1006,7 @@
+ debugs(29, 2, "Username for the nonce does not equal the username for the request");
+ nonce = NULL;
+ }
+- /* check for stale nonce */
+- if (authDigestNonceIsStale(nonce)) {
+- debugs(29, 3, "The received nonce is stale from " << username);
+- digest_request->setDenyMessage("Stale nonce");
+- nonce = NULL;
+- }
++
+ if (!nonce) {
+ /* we couldn't find a matching nonce! */
+ debugs(29, 2, "Unexpected or invalid nonce received from " << username);
+
+=== modified file 'src/auth/digest/UserRequest.cc'
+--- src/auth/digest/UserRequest.cc 2015-01-18 04:24:51 +0000
++++ src/auth/digest/UserRequest.cc 2015-01-20 10:36:06 +0000
+@@ -173,10 +173,14 @@
+ }
+
+ /* check for stale nonce */
+- if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) {
+- debugs(29, 3, "user '" << auth_user->username() << "' validated OK but nonce stale");
+- auth_user->credentials(Auth::Handshake);
+- digest_request->setDenyMessage("Stale nonce");
++ /* check Auth::Pending to avoid loop */
++
++ if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc) && user()->credentials() != Auth::Pending) {
++ debugs(29, 3, auth_user->username() << "' validated OK but nonce stale: " << digest_request->nonceb64);
++ /* Pending prevent banner and makes a ldap control */
++ auth_user->credentials(Auth::Pending);
++ nonce->flags.valid = false;
++ authDigestNoncePurge(nonce);
+ return;
+ }
+
+
diff --git a/net-proxy/squid/squid-3.4.11-r1.ebuild b/net-proxy/squid/squid-3.4.11-r1.ebuild
new file mode 100644
index 000000000000..262dfcab980e
--- /dev/null
+++ b/net-proxy/squid/squid-3.4.11-r1.ebuild
@@ -0,0 +1,255 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-3.4.11-r1.ebuild,v 1.1 2015/02/04 16:10:18 eras Exp $
+
+EAPI=5
+inherit autotools eutils linux-info pam toolchain-funcs user versionator
+
+DESCRIPTION="A full-featured web proxy cache"
+HOMEPAGE="http://www.squid-cache.org/"
+SRC_URI="http://www.squid-cache.org/Versions/v3/3.4/${P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="caps ipv6 pam ldap samba sasl kerberos nis radius ssl snmp selinux logrotate test \
+ ecap esi icap-client ssl-crtd \
+ mysql postgres sqlite \
+ qos tproxy \
+ +htcp +wccp +wccpv2 \
+ pf-transparent ipf-transparent kqueue \
+ elibc_uclibc kernel_linux"
+
+COMMON_DEPEND="caps? ( >=sys-libs/libcap-2.16 )
+ pam? ( virtual/pam )
+ ldap? ( net-nds/openldap )
+ kerberos? ( virtual/krb5 )
+ qos? ( net-libs/libnetfilter_conntrack )
+ ssl? ( dev-libs/openssl dev-libs/nettle )
+ sasl? ( dev-libs/cyrus-sasl )
+ ecap? ( net-libs/libecap:0.2 )
+ esi? ( dev-libs/expat dev-libs/libxml2 )
+ !x86-fbsd? ( logrotate? ( app-admin/logrotate ) )
+ >=sys-libs/db-4
+ dev-lang/perl
+ dev-libs/libltdl"
+DEPEND="${COMMON_DEPEND}
+ ecap? ( virtual/pkgconfig )
+ sys-apps/ed
+ test? ( dev-util/cppunit )"
+RDEPEND="${COMMON_DEPEND}
+ samba? ( net-fs/samba )
+ mysql? ( dev-perl/DBD-mysql )
+ postgres? ( dev-perl/DBD-Pg )
+ selinux? ( sec-policy/selinux-squid )
+ sqlite? ( dev-perl/DBD-SQLite )
+ !<=sci-biology/meme-4.8.1-r1"
+
+REQUIRED_USE="tproxy? ( caps )
+ qos? ( caps )"
+
+pkg_pretend() {
+ if use tproxy; then
+ local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_TPROXY ~NETFILTER_XT_MATCH_SOCKET ~NETFILTER_XT_TARGET_TPROXY"
+ linux-info_pkg_setup
+ fi
+}
+
+pkg_setup() {
+ enewgroup squid 31
+ enewuser squid 31 -1 /var/cache/squid squid
+}
+
+src_prepare() {
+ epatch "${FILESDIR}/${PN}-3.3.4-gentoo.patch"
+ epatch "${FILESDIR}/${PN}-13211_13210.patch"
+ sed -i -e 's:/usr/local/squid/etc:/etc/squid:' \
+ INSTALL QUICKSTART \
+ helpers/basic_auth/MSNT/README.html \
+ helpers/basic_auth/MSNT/confload.cc \
+ helpers/basic_auth/MSNT/msntauth.conf.default \
+ scripts/fileno-to-pathname.pl \
+ scripts/check_cache.pl \
+ tools/cachemgr.cgi.8 \
+ tools/purge/conffile.hh \
+ tools/purge/README || die
+ sed -i -e 's:/usr/local/squid/sbin:/usr/sbin:' \
+ INSTALL QUICKSTART || die
+ sed -i -e 's:/usr/local/squid/var/cache:/var/cache/squid:' \
+ QUICKSTART || die
+ sed -i -e 's:/usr/local/squid/var/logs:/var/log/squid:' \
+ QUICKSTART \
+ src/log/access_log.cc || die
+ sed -i -e 's:/usr/local/squid/logs:/var/log/squid:' \
+ src/log/access_log.cc || die
+ sed -i -e 's:/usr/local/squid/bin:/usr/bin:' \
+ helpers/basic_auth/MSNT/README.html || die
+ sed -i -e 's:/usr/local/squid/libexec:/usr/libexec/squid:' \
+ helpers/external_acl/unix_group/ext_unix_group_acl.8 \
+ helpers/external_acl/session/ext_session_acl.8 \
+ src/ssl/ssl_crtd.8 || die
+ sed -i -e 's:/usr/local/squid/cache:/var/cache/squid:' \
+ scripts/check_cache.pl || die
+ sed -i -e 's:/usr/local/squid/ssl_cert:/etc/ssl/squid:' \
+ src/ssl/ssl_crtd.8 || die
+ sed -i -e 's:/usr/local/squid/var/lib/ssl_db:/var/lib/squid/ssl_db:' \
+ src/ssl/ssl_crtd.8 || die
+ sed -i -e 's:/var/lib/ssl_db:/var/lib/squid/ssl_db:' \
+ src/ssl/ssl_crtd.8 || die
+ # /var/run/squid to /run/squid
+ sed -i -e 's:$(localstatedir)::' \
+ src/ipc/Makefile.am || die
+ sed -i -e 's:_LTDL_SETUP:LTDL_INIT([installable]):' \
+ libltdl/configure.ac || die
+
+ epatch_user
+
+ eautoreconf
+}
+
+src_configure() {
+ local basic_modules="MSNT,MSNT-multi-domain,NCSA,POP3,getpwnam"
+ use samba && basic_modules+=",SMB"
+ use ldap && basic_modules+=",LDAP"
+ use pam && basic_modules+=",PAM"
+ use sasl && basic_modules+=",SASL"
+ use nis && ! use elibc_uclibc && basic_modules+=",NIS"
+ use radius && basic_modules+=",RADIUS"
+ if use mysql || use postgres || use sqlite ; then
+ basic_modules+=",DB"
+ fi
+
+ local digest_modules="file"
+ use ldap && digest_modules+=",LDAP,eDirectory"
+
+ local negotiate_modules myconf
+ if use kerberos ; then
+ negotiate_modules="kerberos,wrapper"
+ myconf="--with-krb5-config=yes"
+ else
+ negotiate_modules="none"
+ myconf="--with-krb5-config=no"
+ fi
+
+ local ntlm_modules="none"
+ use samba && ntlm_modules="smb_lm"
+
+ local ext_helpers="file_userip,session,unix_group"
+ use samba && ext_helpers+=",wbinfo_group"
+ use ldap && ext_helpers+=",LDAP_group,eDirectory_userip"
+ use ldap && use kerberos && ext_helpers+=",kerberos_ldap_group"
+
+ # uclibc does not have aio support - needed for coss (#61175)
+ local storeio_modules="aufs,diskd,rock,ufs"
+
+ local transparent
+ if use kernel_linux ; then
+ transparent+=" --enable-linux-netfilter"
+ use qos && transparent+=" --enable-zph-qos --with-netfilter-conntrack"
+ fi
+
+ if use kernel_FreeBSD || use kernel_OpenBSD || use kernel_NetBSD ; then
+ transparent+=" $(use_enable kqueue)"
+ if use pf-transparent; then
+ transparent+=" --enable-pf-transparent"
+ elif use ipf-transparent; then
+ transparent+=" --enable-ipf-transparent"
+ fi
+ fi
+
+ tc-export CC AR
+
+ econf \
+ --sysconfdir=/etc/squid \
+ --libexecdir=/usr/libexec/squid \
+ --localstatedir=/var \
+ --with-pidfile=/run/squid.pid \
+ --datadir=/usr/share/squid \
+ --with-logdir=/var/log/squid \
+ --with-default-user=squid \
+ --enable-removal-policies="lru,heap" \
+ --enable-storeio="${storeio_modules}" \
+ --enable-disk-io \
+ --enable-auth \
+ --enable-auth-basic="${basic_modules}" \
+ --enable-auth-digest="${digest_modules}" \
+ --enable-auth-ntlm="${ntlm_modules}" \
+ --enable-auth-negotiate="${negotiate_modules}" \
+ --enable-external-acl-helpers="${ext_helpers}" \
+ --enable-log-daemon-helpers \
+ --enable-url-rewrite-helpers \
+ --enable-cache-digests \
+ --enable-delay-pools \
+ --enable-eui \
+ --enable-icmp \
+ --enable-follow-x-forwarded-for \
+ --with-large-files \
+ --disable-strict-error-checking \
+ --disable-arch-native \
+ $(use_with caps libcap) \
+ $(use_enable ipv6) \
+ $(use_enable snmp) \
+ $(use_enable ssl) \
+ $(use_with ssl nettle) \
+ $(use_enable ssl-crtd) \
+ $(use_enable icap-client) \
+ $(use_enable ecap) \
+ $(use_enable esi) \
+ $(use_enable htcp) \
+ $(use_enable wccp) \
+ $(use_enable wccpv2) \
+ ${transparent} \
+ ${myconf}
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ # need suid root for looking into /etc/shadow
+ fowners root:squid /usr/libexec/squid/basic_ncsa_auth
+ fperms 4750 /usr/libexec/squid/basic_ncsa_auth
+ if use pam; then
+ fowners root:squid /usr/libexec/squid/basic_pam_auth
+ fperms 4750 /usr/libexec/squid/basic_pam_auth
+ fi
+ # pinger needs suid as well
+ fowners root:squid /usr/libexec/squid/pinger
+ fperms 4750 /usr/libexec/squid/pinger
+
+ # cleanup
+ rm -f "${D}"/usr/bin/Run*
+ rm -rf "${D}"/run/squid "${D}"/var/cache/squid
+
+ dodoc CONTRIBUTORS CREDITS ChangeLog INSTALL QUICKSTART README SPONSORS doc/*.txt
+ newdoc helpers/negotiate_auth/kerberos/README README.kerberos
+ newdoc helpers/basic_auth/MSNT-multi-domain/README.txt README.MSNT-multi-domain
+ newdoc helpers/basic_auth/LDAP/README README.LDAP
+ newdoc helpers/basic_auth/RADIUS/README README.RADIUS
+ newdoc helpers/external_acl/kerberos_ldap_group/README README.kerberos_ldap_group
+ newdoc tools/purge/README README.purge
+ newdoc tools/helper-mux.README README.helper-mux
+ dohtml RELEASENOTES.html
+
+ newpamd "${FILESDIR}/squid.pam" squid
+ newconfd "${FILESDIR}/squid.confd-r1" squid
+ newinitd "${FILESDIR}/squid.initd-r4" squid
+ if use logrotate; then
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/squid.logrotate" squid
+ else
+ exeinto /etc/cron.weekly
+ newexe "${FILESDIR}/squid.cron" squid.cron
+ fi
+
+ diropts -m0750 -o squid -g squid
+ keepdir /var/log/squid /etc/ssl/squid /var/lib/squid
+}
+
+pkg_postinst() {
+ if [[ $(get_version_component_range 1 ${REPLACING_VERSIONS}) -lt 3 ]] || \
+ [[ $(get_version_component_range 2 ${REPLACING_VERSIONS}) -lt 4 ]]; then
+ elog "Please read the release notes at:"
+ elog " http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html"
+ echo
+ fi
+}
diff --git a/net-proxy/squid/squid-3.5.1-r1.ebuild b/net-proxy/squid/squid-3.5.1-r1.ebuild
new file mode 100644
index 000000000000..3dd80f436099
--- /dev/null
+++ b/net-proxy/squid/squid-3.5.1-r1.ebuild
@@ -0,0 +1,248 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-3.5.1-r1.ebuild,v 1.1 2015/02/04 16:10:18 eras Exp $
+
+EAPI=5
+inherit autotools eutils linux-info pam toolchain-funcs user versionator
+
+DESCRIPTION="A full-featured web proxy cache"
+HOMEPAGE="http://www.squid-cache.org/"
+SRC_URI="http://www.squid-cache.org/Versions/v3/3.5/${P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="caps ipv6 pam ldap samba sasl kerberos nis radius ssl snmp selinux logrotate test \
+ ecap esi ssl-crtd \
+ mysql postgres sqlite \
+ qos tproxy \
+ +htcp +wccp +wccpv2 \
+ pf-transparent ipf-transparent kqueue \
+ elibc_uclibc kernel_linux"
+
+COMMON_DEPEND="caps? ( >=sys-libs/libcap-2.16 )
+ pam? ( virtual/pam )
+ ldap? ( net-nds/openldap )
+ kerberos? ( virtual/krb5 )
+ qos? ( net-libs/libnetfilter_conntrack )
+ ssl? ( dev-libs/openssl dev-libs/nettle >=net-libs/gnutls-3.1.5 )
+ sasl? ( dev-libs/cyrus-sasl )
+ ecap? ( net-libs/libecap:1 )
+ esi? ( dev-libs/expat dev-libs/libxml2 )
+ !x86-fbsd? ( logrotate? ( app-admin/logrotate ) )
+ >=sys-libs/db-4
+ dev-lang/perl
+ dev-libs/libltdl"
+DEPEND="${COMMON_DEPEND}
+ ecap? ( virtual/pkgconfig )
+ sys-apps/ed
+ test? ( dev-util/cppunit )"
+RDEPEND="${COMMON_DEPEND}
+ samba? ( net-fs/samba )
+ mysql? ( dev-perl/DBD-mysql )
+ postgres? ( dev-perl/DBD-Pg )
+ selinux? ( sec-policy/selinux-squid )
+ sqlite? ( dev-perl/DBD-SQLite )
+ !<=sci-biology/meme-4.8.1-r1"
+
+REQUIRED_USE="tproxy? ( caps )
+ qos? ( caps )"
+
+pkg_pretend() {
+ if use tproxy; then
+ local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_TPROXY ~NETFILTER_XT_MATCH_SOCKET ~NETFILTER_XT_TARGET_TPROXY"
+ linux-info_pkg_setup
+ fi
+}
+
+pkg_setup() {
+ enewgroup squid 31
+ enewuser squid 31 -1 /var/cache/squid squid
+}
+
+src_prepare() {
+ epatch "${FILESDIR}/${PN}-3.3.4-gentoo.patch"
+ epatch "${FILESDIR}/${PN}-13735_13734.patch"
+ sed -i -e 's:/usr/local/squid/etc:/etc/squid:' \
+ INSTALL QUICKSTART \
+ scripts/fileno-to-pathname.pl \
+ scripts/check_cache.pl \
+ tools/cachemgr.cgi.8 \
+ tools/purge/conffile.hh \
+ tools/purge/README || die
+ sed -i -e 's:/usr/local/squid/sbin:/usr/sbin:' \
+ INSTALL QUICKSTART || die
+ sed -i -e 's:/usr/local/squid/var/cache:/var/cache/squid:' \
+ QUICKSTART || die
+ sed -i -e 's:/usr/local/squid/var/logs:/var/log/squid:' \
+ QUICKSTART \
+ src/log/access_log.cc || die
+ sed -i -e 's:/usr/local/squid/logs:/var/log/squid:' \
+ src/log/access_log.cc || die
+ sed -i -e 's:/usr/local/squid/libexec:/usr/libexec/squid:' \
+ helpers/external_acl/unix_group/ext_unix_group_acl.8 \
+ helpers/external_acl/session/ext_session_acl.8 \
+ src/ssl/ssl_crtd.8 || die
+ sed -i -e 's:/usr/local/squid/cache:/var/cache/squid:' \
+ scripts/check_cache.pl || die
+ sed -i -e 's:/usr/local/squid/ssl_cert:/etc/ssl/squid:' \
+ src/ssl/ssl_crtd.8 || die
+ sed -i -e 's:/usr/local/squid/var/lib/ssl_db:/var/lib/squid/ssl_db:' \
+ src/ssl/ssl_crtd.8 || die
+ sed -i -e 's:/var/lib/ssl_db:/var/lib/squid/ssl_db:' \
+ src/ssl/ssl_crtd.8 || die
+ # /var/run/squid to /run/squid
+ sed -i -e 's:$(localstatedir)::' \
+ src/ipc/Makefile.am || die
+ sed -i -e 's:_LTDL_SETUP:LTDL_INIT([installable]):' \
+ libltdl/configure.ac || die
+
+ epatch_user
+
+ eautoreconf
+}
+
+src_configure() {
+ local basic_modules="MSNT-multi-domain,NCSA,POP3,getpwnam"
+ use samba && basic_modules+=",SMB"
+ use ldap && basic_modules+=",LDAP"
+ use pam && basic_modules+=",PAM"
+ use sasl && basic_modules+=",SASL"
+ use nis && ! use elibc_uclibc && basic_modules+=",NIS"
+ use radius && basic_modules+=",RADIUS"
+ if use mysql || use postgres || use sqlite ; then
+ basic_modules+=",DB"
+ fi
+
+ local digest_modules="file"
+ use ldap && digest_modules+=",LDAP,eDirectory"
+
+ local negotiate_modules="none"
+ local myconf="--without-mit-krb5 --without-heimdal-krb5"
+ if use kerberos ; then
+ negotiate_modules="kerberos,wrapper"
+ if has_version app-crypt/heimdal ; then
+ myconf="--without-mit-krb5 --with-heimdal-krb5"
+ else
+ myconf="--with-mit-krb5 --without-heimdal-krb5"
+ fi
+ fi
+
+ local ntlm_modules="none"
+ use samba && ntlm_modules="smb_lm"
+
+ local ext_helpers="file_userip,session,unix_group"
+ use samba && ext_helpers+=",wbinfo_group"
+ use ldap && ext_helpers+=",LDAP_group,eDirectory_userip"
+ use ldap && use kerberos && ext_helpers+=",kerberos_ldap_group"
+
+ local storeio_modules="aufs,diskd,rock,ufs"
+
+ local transparent
+ if use kernel_linux ; then
+ transparent+=" --enable-linux-netfilter"
+ use qos && transparent+=" --enable-zph-qos --with-netfilter-conntrack"
+ fi
+
+ if use kernel_FreeBSD || use kernel_OpenBSD || use kernel_NetBSD ; then
+ transparent+=" $(use_enable kqueue)"
+ if use pf-transparent; then
+ transparent+=" --enable-pf-transparent"
+ elif use ipf-transparent; then
+ transparent+=" --enable-ipf-transparent"
+ fi
+ fi
+
+ tc-export CC AR
+
+ econf \
+ --sysconfdir=/etc/squid \
+ --libexecdir=/usr/libexec/squid \
+ --localstatedir=/var \
+ --with-pidfile=/run/squid.pid \
+ --datadir=/usr/share/squid \
+ --with-logdir=/var/log/squid \
+ --with-default-user=squid \
+ --enable-removal-policies="lru,heap" \
+ --enable-storeio="${storeio_modules}" \
+ --enable-disk-io \
+ --enable-auth-basic="${basic_modules}" \
+ --enable-auth-digest="${digest_modules}" \
+ --enable-auth-ntlm="${ntlm_modules}" \
+ --enable-auth-negotiate="${negotiate_modules}" \
+ --enable-external-acl-helpers="${ext_helpers}" \
+ --enable-log-daemon-helpers \
+ --enable-url-rewrite-helpers \
+ --enable-cache-digests \
+ --enable-delay-pools \
+ --enable-eui \
+ --enable-icmp \
+ --enable-follow-x-forwarded-for \
+ --with-large-files \
+ --disable-strict-error-checking \
+ --disable-arch-native \
+ $(use_with caps libcap) \
+ $(use_enable ipv6) \
+ $(use_enable snmp) \
+ $(use_with ssl openssl) \
+ $(use_with ssl nettle) \
+ $(use_with ssl gnutls) \
+ $(use_enable ssl-crtd) \
+ $(use_enable ecap) \
+ $(use_enable esi) \
+ $(use_enable htcp) \
+ $(use_enable wccp) \
+ $(use_enable wccpv2) \
+ ${transparent} \
+ ${myconf}
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ # need suid root for looking into /etc/shadow
+ fowners root:squid /usr/libexec/squid/basic_ncsa_auth
+ fperms 4750 /usr/libexec/squid/basic_ncsa_auth
+ if use pam; then
+ fowners root:squid /usr/libexec/squid/basic_pam_auth
+ fperms 4750 /usr/libexec/squid/basic_pam_auth
+ fi
+ # pinger needs suid as well
+ fowners root:squid /usr/libexec/squid/pinger
+ fperms 4750 /usr/libexec/squid/pinger
+
+ # cleanup
+ rm -f "${D}"/usr/bin/Run*
+ rm -rf "${D}"/run/squid "${D}"/var/cache/squid
+
+ dodoc CONTRIBUTORS CREDITS ChangeLog INSTALL QUICKSTART README SPONSORS doc/*.txt
+ newdoc helpers/negotiate_auth/kerberos/README README.kerberos
+ newdoc helpers/basic_auth/RADIUS/README README.RADIUS
+ newdoc helpers/external_acl/kerberos_ldap_group/README README.kerberos_ldap_group
+ newdoc tools/purge/README README.purge
+ newdoc tools/helper-mux.README README.helper-mux
+ dohtml RELEASENOTES.html
+
+ newpamd "${FILESDIR}/squid.pam" squid
+ newconfd "${FILESDIR}/squid.confd-r1" squid
+ newinitd "${FILESDIR}/squid.initd-r4" squid
+ if use logrotate; then
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/squid.logrotate" squid
+ else
+ exeinto /etc/cron.weekly
+ newexe "${FILESDIR}/squid.cron" squid.cron
+ fi
+
+ diropts -m0750 -o squid -g squid
+ keepdir /var/log/squid /etc/ssl/squid /var/lib/squid
+}
+
+pkg_postinst() {
+ if [[ $(get_version_component_range 1 ${REPLACING_VERSIONS}) -lt 3 ]] || \
+ [[ $(get_version_component_range 2 ${REPLACING_VERSIONS}) -lt 5 ]]; then
+ elog "Please read the release notes at:"
+ elog " http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html"
+ echo
+ fi
+}