# ChangeLog for net-proxy/squid
# Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.126 2007/03/10 09:39:42 mrness Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.127 2007/03/21 17:51:26 mrness Exp $
+
+*squid-2.6.12 (21 Mar 2007)
+
+ 21 Mar 2007; Alin Năstac <mrness@gentoo.org>
+ +files/squid-2.6.12-ToS_Hit_ToS_Preserve.patch,
+ +files/squid-2.6.12-gentoo.patch, +squid-2.6.12.ebuild:
+ Version bump, wrt security bug #171681.
*squid-2.6.10 (10 Mar 2007)
MD5 d25035c85129f8f083c2d6ada254d41f files/squid-2.6.10-gentoo.patch 13128
RMD160 08b3b0d13151bf46b4037c0fe8cc8a9d0a91a8b7 files/squid-2.6.10-gentoo.patch 13128
SHA256 dc46d7933e7e145b85bde70b0ac394ade8965f450ff9d37160425501aa6ef375 files/squid-2.6.10-gentoo.patch 13128
+AUX squid-2.6.12-ToS_Hit_ToS_Preserve.patch 7810 RMD160 f5c1cf54dca620f540baf842f1e677ec7f325c8c SHA1 8ed0aa5aacdb9cf44644d8259e9fa8186a06841b SHA256 d7b081c72063e3a64d9abb583ba1bc520089fea4e451d646eade30dc81bc44f5
+MD5 35dbafcc1b37d853f836a267b2035756 files/squid-2.6.12-ToS_Hit_ToS_Preserve.patch 7810
+RMD160 f5c1cf54dca620f540baf842f1e677ec7f325c8c files/squid-2.6.12-ToS_Hit_ToS_Preserve.patch 7810
+SHA256 d7b081c72063e3a64d9abb583ba1bc520089fea4e451d646eade30dc81bc44f5 files/squid-2.6.12-ToS_Hit_ToS_Preserve.patch 7810
+AUX squid-2.6.12-gentoo.patch 13104 RMD160 0ef584b87d199401aa4f0003858adc255fe47d28 SHA1 f50a48744a2d8144c406326f3058732528b68d02 SHA256 8e95e00ce6244f2414dbf02c88d70f35a680b71a62a9fcd2539bba4b8b7f5f56
+MD5 7977fabee86c22278b059e9a8eaca6c7 files/squid-2.6.12-gentoo.patch 13104
+RMD160 0ef584b87d199401aa4f0003858adc255fe47d28 files/squid-2.6.12-gentoo.patch 13104
+SHA256 8e95e00ce6244f2414dbf02c88d70f35a680b71a62a9fcd2539bba4b8b7f5f56 files/squid-2.6.12-gentoo.patch 13104
AUX squid-2.6.9-ToS_Hit_ToS_Preserve.patch 7794 RMD160 768c087050681d20d8fa680c1d3e1264ac1863fb SHA1 7e270c59eb25145add5f112a174978cd669419ec SHA256 0ab6611c2cd6fe5f7b57385d7b86b58c6b6aa7158de007d8d56d0546a49892dc
MD5 e310b7604b6d8da5fa03f4ad4973d2a5 files/squid-2.6.9-ToS_Hit_ToS_Preserve.patch 7794
RMD160 768c087050681d20d8fa680c1d3e1264ac1863fb files/squid-2.6.9-ToS_Hit_ToS_Preserve.patch 7794
RMD160 ff8a56fd5e8d4e0fde70853162a757476f3b7893 files/squid.pam 315
SHA256 dec9bd5ea16977fa334db04eb657e0598af411dad7ff279acf86beddcd22a8fd files/squid.pam 315
DIST squid-2.6.STABLE10.tar.gz 1626611 RMD160 470ce18f02a4628f021924fb0bc79a8e600284c5 SHA1 dbc0e816283ed740083e648e9ef679acca5c8be0 SHA256 29b2700786c0e92cfdb733d30edcfa23c600657d8f6dff59f2e7cb77168606a8
+DIST squid-2.6.STABLE12.tar.gz 1626994 RMD160 8e9463969064312b5f2fbe83b039be09646efbed SHA1 06a733cc04ba894cf4f7621278a1145b8e5807f9 SHA256 b4a1dd476371327369894ff73f729e5a24ec76b07f40a823cf04ca5c1210fc42
DIST squid-2.6.STABLE7-patches-20070116.tar.gz 7165 RMD160 4df56f7a82d0462537ed0a9c16943c99df5d3f4b SHA1 3ce0fff6708c2bdec0d286568f4cd279611a1350 SHA256 2ef51e75fc6c01d2613e6db7a2ecc4661718d8239a6d80ff42a510757ef90d1d
DIST squid-2.6.STABLE7.tar.gz 1624607 RMD160 78715604c7dff188f0ee957e97c983ed90a770e6 SHA1 a84d80bc12d812503254f99dc969c6886c0584a0 SHA256 c4e2cdc1c01b33e1c25db01e09e12193f91fc47f74553ef89c369374c2699c61
DIST squid-2.6.STABLE9.tar.gz 1625942 RMD160 293ac5ad2d40f50c42fbee64576f12b72d493c8e SHA1 ba09f5cb4aadc535d63bb0fda564fcacb67b2e4c SHA256 8d68c61eb07c2cdaf82d9b6a4babff3eade3ae864cb1f094b7115086b20d070e
MD5 ab50d8eed92e66727b8456a9e23fb1dd squid-2.6.10.ebuild 6144
RMD160 e5cf2a9a40d819268a9cc030bfbfe004a4e766c1 squid-2.6.10.ebuild 6144
SHA256 cd2381102bc532b03e703839b3194a2c4c0e9e5ee5341254dcbd9c5be6d78fe9 squid-2.6.10.ebuild 6144
+EBUILD squid-2.6.12.ebuild 6144 RMD160 6dfeb28cca6583e148a22028235da1e34f7c5832 SHA1 0f33f2e814b61ba5999799ff5e017500ba0a40b0 SHA256 bb9d5a34b7b033dac248b9b8ba2a9fa8a532e157b181a5899e07d73fa890fbcc
+MD5 8e51bcdf586ccf6d34bf29e1fd8b8125 squid-2.6.12.ebuild 6144
+RMD160 6dfeb28cca6583e148a22028235da1e34f7c5832 squid-2.6.12.ebuild 6144
+SHA256 bb9d5a34b7b033dac248b9b8ba2a9fa8a532e157b181a5899e07d73fa890fbcc squid-2.6.12.ebuild 6144
EBUILD squid-2.6.7.ebuild 6071 RMD160 1c91ed9abdea7f1f06b0211635d4ced136ef7835 SHA1 6cb3c7cfa4775812e3be59bc63ca77a4faa878c4 SHA256 cca9c9eb4a52f5600210198ff6250751de65334e19b17d5fa5c1bf677e008579
MD5 9821afa2318f7a6d9195a6c2e4c92048 squid-2.6.7.ebuild 6071
RMD160 1c91ed9abdea7f1f06b0211635d4ced136ef7835 squid-2.6.7.ebuild 6071
MD5 99774bf2027e55bd250ba2718db71633 squid-2.6.9-r1.ebuild 6146
RMD160 50a61da6d730b1957698594a8f665efe709706d0 squid-2.6.9-r1.ebuild 6146
SHA256 af3437302a20971112487bf2a7c6b6f6df80cdbdfedebeff8005639682c66f5f squid-2.6.9-r1.ebuild 6146
-MISC ChangeLog 33090 RMD160 d8d4a67f384a3f6b6d77b8a06e587562ae6ae4f0 SHA1 3b403a6dae1b5634d29c6fed6a718f46f650bdc6 SHA256 1f80e0a8436b677527c29784f56768c7b7c32be71a9dd10dc9a47cbc7922cf28
-MD5 89c4e28d0928fc86f676019df46f6fbb ChangeLog 33090
-RMD160 d8d4a67f384a3f6b6d77b8a06e587562ae6ae4f0 ChangeLog 33090
-SHA256 1f80e0a8436b677527c29784f56768c7b7c32be71a9dd10dc9a47cbc7922cf28 ChangeLog 33090
+MISC ChangeLog 33318 RMD160 36a486bccd95652f9fdbc2189a84a5bb3262de1f SHA1 ed3efff7f866015b3420665d42dc131e4e72de05 SHA256 4484aa77f18a985e50aa2e8e31212029c8bd38ecf56dce7a1cb306dfd1184492
+MD5 54c187c16cdab426c71df2a90ff34f93 ChangeLog 33318
+RMD160 36a486bccd95652f9fdbc2189a84a5bb3262de1f ChangeLog 33318
+SHA256 4484aa77f18a985e50aa2e8e31212029c8bd38ecf56dce7a1cb306dfd1184492 ChangeLog 33318
MISC metadata.xml 229 RMD160 3017fab68c82b875738f1df5bb414f46480f142f SHA1 975a764b9c2b956a744795d61a702bd3545bbfb9 SHA256 b986c2ccab6337ef434285c558ed764218d7ca79a82cb5ee3d2615cd03360e87
MD5 24a10e76803f4cc98cdc979586096c6f metadata.xml 229
RMD160 3017fab68c82b875738f1df5bb414f46480f142f metadata.xml 229
MD5 944329597da4181599efc6f43877d2f9 files/digest-squid-2.6.10 259
RMD160 7a7bbe1c0453d92362749b89bded87157489747d files/digest-squid-2.6.10 259
SHA256 26b19e1f953b9cab2fab9662e4035adbd8a530babe7f59a984310206e55b878a files/digest-squid-2.6.10 259
+MD5 1c58d840387efb4b97f84ee057e5011d files/digest-squid-2.6.12 259
+RMD160 ce91ceb53561121e1b79405277b23a2a327cbd5b files/digest-squid-2.6.12 259
+SHA256 4c277802753ea30ca9be81361e42899274a072f082d06cc793a352bcf7fec253 files/digest-squid-2.6.12 259
MD5 5a1e44725f0f6da3a63f95721a3fe4e0 files/digest-squid-2.6.7 554
RMD160 be687a353ce0c44ae93e2c4a986af23f0dda7e12 files/digest-squid-2.6.7 554
SHA256 dbfcd684010150818fae13125c64f85b792786a412ac4d58703b8a437468b689 files/digest-squid-2.6.7 554
RMD160 d75f3cc9f3a1889d5d91ce2cc41e9a983955f9e8 files/digest-squid-2.6.9-r1 256
SHA256 9ed721fecb9f6488cf0dc959522f0f515f315e7c1641bd164917cfea2e75d58f files/digest-squid-2.6.9-r1 256
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.2 (GNU/Linux)
+Version: GnuPG v2.0.3 (GNU/Linux)
-iD8DBQFF8n0i/ejvha5XGaMRAvKfAKCUhARaIAsbs9nPhUcXV8CCaP49JgCbBZ1G
-wX3oGyA26bc0cZxzklTqe+w=
-=hjDu
+iD8DBQFGAXCrJnxX6mF440QRArKeAJwKOOJXCDRro/YLADUuJ9LFskdWKgCdEFEt
+VovZ0XiXwIryX/K/hRtqBMg=
+=X/+g
-----END PGP SIGNATURE-----
--- /dev/null
+MD5 442cffe4447b76d732af2b1353e283d5 squid-2.6.STABLE12.tar.gz 1626994
+RMD160 8e9463969064312b5f2fbe83b039be09646efbed squid-2.6.STABLE12.tar.gz 1626994
+SHA256 b4a1dd476371327369894ff73f729e5a24ec76b07f40a823cf04ca5c1210fc42 squid-2.6.STABLE12.tar.gz 1626994
--- /dev/null
+diff -Nru squid-2.6.STABLE12.orig/src/cf.data.pre squid-2.6.STABLE12/src/cf.data.pre
+--- squid-2.6.STABLE12.orig/src/cf.data.pre 2007-03-21 19:43:48.000000000 +0200
++++ squid-2.6.STABLE12/src/cf.data.pre 2007-03-21 19:44:08.000000000 +0200
+@@ -3193,6 +3193,64 @@
+ to off when using this directive in such configurations.
+ DOC_END
+
++NAME: zph_tos_local
++TYPE: int
++DEFAULT: 0
++LOC: Config.zph_tos_local
++DOC_START
++ Allows you to select a TOS/Diffserv value to mark local hits. Read above
++ (tcp_outgoing_tos) for details/requirements about TOS.
++ Default: 0 (disabled).
++DOC_END
++
++NAME: zph_tos_peer
++TYPE: int
++DEFAULT: 0
++LOC: Config.zph_tos_peer
++DOC_START
++ Allows you to select a TOS/Diffserv value to mark peer hits. Read above
++ (tcp_outgoing_tos) for details/requirements about TOS.
++ Default: 0 (disabled).
++DOC_END
++
++NAME: zph_tos_parent
++COMMENT: on|off
++TYPE: onoff
++LOC: Config.onoff.zph_tos_parent
++DEFAULT: on
++DOC_START
++ Set this to off if you want only sibling hits to be marked.
++ If set to on (default), parent hits are being marked too.
++DOC_END
++
++NAME: zph_preserve_miss_tos
++COMMENT: on|off
++TYPE: onoff
++LOC: Config.onoff.zph_preserve_miss_tos
++DEFAULT: on
++DOC_START
++ If set to on (default), any HTTP response towards clients will
++ have the TOS value of the response comming from the remote
++ server masked with the value of zph_preserve_miss_tos_mask.
++ For this to work correctly, you will need to patch your linux
++ kernel with the TOS preserving ZPH patch.
++ Has no effect under FreeBSD, works only under linux ZPH patched
++ kernels.
++DOC_END
++
++NAME: zph_preserve_miss_tos_mask
++TYPE: int
++DEFAULT: 255
++LOC: Config.zph_preserve_miss_tos_mask
++DOC_START
++ Allows you to mask certain bits in the TOS received from the
++ remote server, before copying the value to the TOS send towards
++ clients.
++ See zph_preserve_miss_tos for details.
++
++ Default: 255 (TOS from server is not changed).
++DOC_END
++
+ NAME: tcp_outgoing_address
+ TYPE: acl_address
+ DEFAULT: none
+diff -Nru squid-2.6.STABLE12.orig/src/client_side.c squid-2.6.STABLE12/src/client_side.c
+--- squid-2.6.STABLE12.orig/src/client_side.c 2007-03-21 19:43:48.000000000 +0200
++++ squid-2.6.STABLE12/src/client_side.c 2007-03-21 19:44:08.000000000 +0200
+@@ -2621,6 +2621,55 @@
+ return;
+ }
+ assert(http->out.offset == 0);
++
++ if ( Config.zph_tos_local || Config.zph_tos_peer ||
++ (Config.onoff.zph_preserve_miss_tos && Config.zph_preserve_miss_tos_mask) )
++ {
++ int need_change = 0;
++ int hit = 0;
++ int tos = 0;
++ int tos_old = 0;
++ int tos_len = sizeof(tos_old);
++ int res;
++
++ if (Config.zph_tos_local && isTcpHit(http->log_type)) { /* local hit */
++ hit = 1;
++ tos = Config.zph_tos_local;
++ } else if (Config.zph_tos_peer &&
++ (http->request->hier.code == SIBLING_HIT || /* sibling hit */
++ (Config.onoff.zph_tos_parent &&
++ http->request->hier.code == PARENT_HIT))) { /* parent hit */
++ hit = 1;
++ tos = Config.zph_tos_peer;
++ }
++ if (http->request->flags.proxy_keepalive) {
++ if (getsockopt(fd, IPPROTO_IP, IP_TOS, &tos_old, &tos_len) < 0) {
++ debug(33, 1) ("ZPH: getsockopt(IP_TOS) on FD %d: %s\n", fd, xstrerror());
++ } else if (hit && tos_old != tos) { /* HIT: 1-st request, or previous was MISS, */
++ need_change = 1; /* or local/parent hit change */
++ } else if (!hit && (tos_old || /* MISS: previous was HIT */
++ Config.onoff.zph_preserve_miss_tos)) { /* TOS copying is on */
++#if defined(_SQUID_LINUX_)
++ if ( Config.onoff.zph_preserve_miss_tos ) {
++ tos = (entry->mem_obj != NULL) ?
++ (entry->mem_obj->recvTOS & Config.zph_preserve_miss_tos_mask):0;
++ } else tos = 0;
++#else
++ tos = 0;
++#endif
++ need_change = 1;
++ }
++ } else if (hit) { /* no keepalive */
++ need_change = 1;
++ }
++ if (need_change) {
++ if (!hit) enter_suid(); /* Setting TOS bit6-7 is privilleged */
++ res = setsockopt(fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
++ if (!hit) leave_suid(); /* Setting bit5-7 is privilleged */
++ if ( res < 0)
++ debug(33, 1) ("ZPH: setsockopt(IP_TOS) on FD %d: %s\n", fd, xstrerror());
++ }
++ }
+ rep = http->reply = clientBuildReply(http, buf, size);
+ if (!rep) {
+ /* Forward as HTTP/0.9 body with no reply */
+diff -Nru squid-2.6.STABLE12.orig/src/http.c squid-2.6.STABLE12/src/http.c
+--- squid-2.6.STABLE12.orig/src/http.c 2007-03-13 00:27:09.000000000 +0200
++++ squid-2.6.STABLE12/src/http.c 2007-03-21 19:44:08.000000000 +0200
+@@ -1373,6 +1373,53 @@
+ peer *p = httpState->peer;
+ CWCB *sendHeaderDone;
+ int fd = httpState->fd;
++
++#if defined(_SQUID_LINUX_)
++/* ZPH patch starts here (M.Stavrev 25-05-2005)
++ * Retrieve connection peer's TOS value (which its SYN_ACK TCP segment
++ * was encapsulated into an IP packet)
++ */
++ int tos, tos_len;
++ if ( entry && entry->mem_obj ) { // Is this check necessary ? Seems not, but
++ // have no time to investigate further.
++ entry->mem_obj->recvTOS = 0;
++ tos = 1;
++ tos_len = sizeof(tos);
++ if ( setsockopt(fd,SOL_IP, IP_RECVTOS, &tos, tos_len) == 0 ) {
++ unsigned char buf[128];
++ int len = 128;
++ if (getsockopt(fd, SOL_IP, IP_PKTOPTIONS, buf, &len) == 0)
++ {
++ /* Parse the PKTOPTIONS structure to locate the TOS data message
++ * prepared in the kernel by the ZPH incoming TCP TOS preserving
++ * patch. In 99,99% the TOS should be located at buf[12], but
++ * let's do it the right way.
++ */
++ unsigned char * p = buf;
++ while ( p-buf < len ) {
++ struct cmsghdr * o = (struct cmsghdr*)p;
++ if ( o->cmsg_len <= 0 || o->cmsg_len > 52 )
++ break;
++ if ( o->cmsg_level == SOL_IP && o->cmsg_type == IP_TOS ) {
++ entry->mem_obj->recvTOS = (unsigned char)(*(int*)
++ (p + sizeof(struct cmsghdr)));
++ debug(11, 5) ("ZPH: Incomming TOS=%d on FD %d\n",
++ entry->mem_obj->recvTOS, fd );
++ break;
++ }
++ p += o->cmsg_len;
++ }
++ } else {
++ debug(11, 5) ("ZPH: getsockopt(IP_PKTOPTIONS) on FD %d: %s\n",
++ fd, xstrerror());
++ }
++ } else {
++ debug(11, 5) ("ZPH: setsockopt(IP_RECVTOS) on FD %d: %s\n",
++ fd, xstrerror());
++ }
++ }
++/* ZPH patch ends here */
++#endif
+
+ debug(11, 5) ("httpSendRequest: FD %d: httpState %p.\n", fd, httpState);
+
+diff -Nru squid-2.6.STABLE12.orig/src/structs.h squid-2.6.STABLE12/src/structs.h
+--- squid-2.6.STABLE12.orig/src/structs.h 2007-02-27 03:20:01.000000000 +0200
++++ squid-2.6.STABLE12/src/structs.h 2007-03-21 19:44:08.000000000 +0200
+@@ -669,6 +669,8 @@
+ int relaxed_header_parser;
+ int accel_no_pmtu_disc;
+ int global_internal_static;
++ int zph_tos_parent;
++ int zph_preserve_miss_tos;
+ int httpd_suppress_version_string;
+ int via;
+ int check_hostnames;
+@@ -793,6 +795,9 @@
+ int sleep_after_fork; /* microseconds */
+ time_t minimum_expiry_time; /* seconds */
+ external_acl *externalAclHelperList;
++ int zph_tos_local;
++ int zph_tos_peer;
++ int zph_preserve_miss_tos_mask;
+ errormap *errorMapList;
+ #if USE_SSL
+ struct {
+@@ -1724,6 +1729,9 @@
+ const char *vary_encoding;
+ StoreEntry *ims_entry;
+ time_t refresh_timestamp;
++#if defined(_SQUID_LINUX_)
++ unsigned char recvTOS; /* ZPH patch - stores remote server's TOS */
++#endif
+ };
+
+ struct _StoreEntry {
--- /dev/null
+diff -Nru squid-2.6.STABLE12.orig/helpers/basic_auth/SMB/Makefile.am squid-2.6.STABLE12/helpers/basic_auth/SMB/Makefile.am
+--- squid-2.6.STABLE12.orig/helpers/basic_auth/SMB/Makefile.am 2005-05-17 19:56:26.000000000 +0300
++++ squid-2.6.STABLE12/helpers/basic_auth/SMB/Makefile.am 2007-03-21 19:41:26.000000000 +0200
+@@ -14,7 +14,7 @@
+ ## FIXME: autoconf should test for the samba path.
+
+ SMB_AUTH_HELPER = smb_auth.sh
+-SAMBAPREFIX=/usr/local/samba
++SAMBAPREFIX=/usr
+ SMB_AUTH_HELPER_PATH = $(libexecdir)/$(SMB_AUTH_HELPER)
+
+ libexec_SCRIPTS = $(SMB_AUTH_HELPER)
+diff -Nru squid-2.6.STABLE12.orig/helpers/basic_auth/SMB/smb_auth.sh squid-2.6.STABLE12/helpers/basic_auth/SMB/smb_auth.sh
+--- squid-2.6.STABLE12.orig/helpers/basic_auth/SMB/smb_auth.sh 2001-01-08 01:36:46.000000000 +0200
++++ squid-2.6.STABLE12/helpers/basic_auth/SMB/smb_auth.sh 2007-03-21 19:41:26.000000000 +0200
+@@ -24,7 +24,7 @@
+ read AUTHSHARE
+ read AUTHFILE
+ read SMBUSER
+-read SMBPASS
++read -r SMBPASS
+
+ # Find domain controller
+ echo "Domain name: $DOMAINNAME"
+@@ -47,7 +47,7 @@
+ addropt=""
+ fi
+ echo "Query address options: $addropt"
+-dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'`
++dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'`
+ echo "Domain controller IP address: $dcip"
+ [ -n "$dcip" ] || exit 1
+
+diff -Nru squid-2.6.STABLE12.orig/snmplib/snmp_api.c squid-2.6.STABLE12/snmplib/snmp_api.c
+--- squid-2.6.STABLE12.orig/snmplib/snmp_api.c 2006-06-02 20:32:44.000000000 +0300
++++ squid-2.6.STABLE12/snmplib/snmp_api.c 2007-03-21 19:41:26.000000000 +0200
+@@ -121,7 +121,7 @@
+ }
+
+ /*
+- * Parses the packet recieved on the input session, and places the data into
++ * Parses the packet received on the input session, and places the data into
+ * the input pdu. length is the length of the input packet. If any errors
+ * are encountered, NULL is returned. If not, the community is.
+ */
+diff -Nru squid-2.6.STABLE12.orig/src/auth/digest/auth_digest.c squid-2.6.STABLE12/src/auth/digest/auth_digest.c
+--- squid-2.6.STABLE12.orig/src/auth/digest/auth_digest.c 2006-07-31 02:27:04.000000000 +0300
++++ squid-2.6.STABLE12/src/auth/digest/auth_digest.c 2007-03-21 19:41:26.000000000 +0200
+@@ -1271,7 +1271,7 @@
+ nonce = authenticateDigestNonceFindNonce(digest_request->nonceb64);
+ if (!nonce) {
+ /* we couldn't find a matching nonce! */
+- debug(29, 4) ("authenticateDigestDecode: Unexpected or invalid nonce recieved\n");
++ debug(29, 4) ("authenticateDigestDecode: Unexpected or invalid nonce received\n");
+ authDigestLogUsername(auth_user_request, username);
+
+ /* we don't need the scheme specific data anymore */
+@@ -1285,8 +1285,8 @@
+ /* check the qop is what we expected. Note that for compatability with
+ * RFC 2069 we should support a missing qop. Tough. */
+ if (!digest_request->qop || strcmp(digest_request->qop, QOP_AUTH)) {
+- /* we recieved a qop option we didn't send */
+- debug(29, 4) ("authenticateDigestDecode: Invalid qop option recieved\n");
++ /* we received a qop option we didn't send */
++ debug(29, 4) ("authenticateDigestDecode: Invalid qop option received\n");
+ authDigestLogUsername(auth_user_request, username);
+
+ /* we don't need the scheme specific data anymore */
+diff -Nru squid-2.6.STABLE12.orig/src/cf.data.pre squid-2.6.STABLE12/src/cf.data.pre
+--- squid-2.6.STABLE12.orig/src/cf.data.pre 2007-02-03 23:59:24.000000000 +0200
++++ squid-2.6.STABLE12/src/cf.data.pre 2007-03-21 19:41:26.000000000 +0200
+@@ -344,12 +344,12 @@
+ NAME: htcp_port
+ IFDEF: USE_HTCP
+ TYPE: ushort
+-DEFAULT: 4827
++DEFAULT: 0
+ LOC: Config.Port.htcp
+ DOC_START
+ The port number where Squid sends and receives HTCP queries to
+- and from neighbor caches. Default is 4827. To disable use
+- "0".
++ and from neighbor caches. To turn it on you want to set it to
++ 4827. By default it is set to "0" (disabled).
+ DOC_END
+
+
+@@ -2843,6 +2843,8 @@
+ acl Safe_ports port 488 # gss-http
+ acl Safe_ports port 591 # filemaker
+ acl Safe_ports port 777 # multiling http
++acl Safe_ports port 901 # SWAT
++acl purge method PURGE
+ acl CONNECT method CONNECT
+ NOCOMMENT_END
+ DOC_END
+@@ -2962,6 +2964,9 @@
+ # Only allow cachemgr access from localhost
+ http_access allow manager localhost
+ http_access deny manager
++# Only allow purge requests from localhost
++http_access allow purge localhost
++http_access deny purge
+ # Deny requests to unknown ports
+ http_access deny !Safe_ports
+ # Deny CONNECT to other than SSL ports
+@@ -2980,6 +2985,9 @@
+ #acl our_networks src 192.168.1.0/24 192.168.2.0/24
+ #http_access allow our_networks
+
++# Allow the localhost to have access by default
++http_access allow localhost
++
+ # And finally deny all other access to this proxy
+ http_access deny all
+ NOCOMMENT_END
+@@ -3276,7 +3284,7 @@
+
+ NAME: cache_mgr
+ TYPE: string
+-DEFAULT: webmaster
++DEFAULT: root
+ LOC: Config.adminEmail
+ DOC_START
+ Email-address of local cache manager who will receive
+@@ -3311,7 +3319,7 @@
+
+ NAME: cache_effective_user
+ TYPE: string
+-DEFAULT: nobody
++DEFAULT: squid
+ LOC: Config.effectiveUser
+ DOC_START
+ If you start Squid as root, it will change its effective/real
+@@ -3695,6 +3703,9 @@
+ If you disable this, it will appear as
+
+ X-Forwarded-For: unknown
++NOCOMMENT_START
++forwarded_for off
++NOCOMMENT_END
+ DOC_END
+
+
+@@ -4129,7 +4140,11 @@
+ If you wish to create your own versions of the default
+ (English) error files, either to customize them to suit your
+ language or company copy the template English files to another
+- directory and point this tag at them.
++ directory where the error files are read from.
++ /usr/share/squid/errors contains sets of error files
++ in different languages. The default error directory
++ is /etc/squid/errors, which is a link to one of these
++ error sets.
+ DOC_END
+
+ NAME: maximum_single_addr_tries
+@@ -4163,12 +4178,15 @@
+ NAME: snmp_port
+ TYPE: ushort
+ LOC: Config.Port.snmp
+-DEFAULT: 3401
++DEFAULT: 0
+ IFDEF: SQUID_SNMP
+ DOC_START
+ Squid can now serve statistics and status information via SNMP.
+ By default it listens to port 3401 on the machine. If you don't
+ wish to use SNMP, set this to "0".
++
++ Note: on Gentoo Linux, the default is zero - you need to
++ set it to 3401 to enable it.
+ DOC_END
+
+ NAME: snmp_access
+diff -Nru squid-2.6.STABLE12.orig/src/client_side.c squid-2.6.STABLE12/src/client_side.c
+--- squid-2.6.STABLE12.orig/src/client_side.c 2007-03-20 23:26:34.000000000 +0200
++++ squid-2.6.STABLE12/src/client_side.c 2007-03-21 19:41:26.000000000 +0200
+@@ -4591,14 +4591,7 @@
+ debug(83, 2) ("clientNegotiateSSL: Session %p reused on FD %d (%s:%d)\n", SSL_get_session(ssl), fd, fd_table[fd].ipaddr, (int) fd_table[fd].remote_port);
+ } else {
+ if (do_debug(83, 4)) {
+- /* Write out the SSL session details.. actually the call below, but
+- * OpenSSL headers do strange typecasts confusing GCC.. */
+- /* PEM_write_SSL_SESSION(debug_log, SSL_get_session(ssl)); */
+-#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x00908000L
+- PEM_ASN1_write((i2d_of_void *) i2d_SSL_SESSION, PEM_STRING_SSL_SESSION, debug_log, (char *) SSL_get_session(ssl), NULL, NULL, 0, NULL, NULL);
+-#else
+ PEM_ASN1_write(i2d_SSL_SESSION, PEM_STRING_SSL_SESSION, debug_log, (char *) SSL_get_session(ssl), NULL, NULL, 0, NULL, NULL);
+-#endif
+ /* Note: This does not automatically fflush the log file.. */
+ }
+ debug(83, 2) ("clientNegotiateSSL: New session %p on FD %d (%s:%d)\n", SSL_get_session(ssl), fd, fd_table[fd].ipaddr, (int) fd_table[fd].remote_port);
+diff -Nru squid-2.6.STABLE12.orig/src/defines.h squid-2.6.STABLE12/src/defines.h
+--- squid-2.6.STABLE12.orig/src/defines.h 2007-02-04 00:58:20.000000000 +0200
++++ squid-2.6.STABLE12/src/defines.h 2007-03-21 19:41:26.000000000 +0200
+@@ -259,7 +259,7 @@
+
+ /* were to look for errors if config path fails */
+ #ifndef DEFAULT_SQUID_ERROR_DIR
+-#define DEFAULT_SQUID_ERROR_DIR "/usr/local/squid/etc/errors"
++#define DEFAULT_SQUID_ERROR_DIR "/usr/share/squid/errors/English"
+ #endif
+
+ /* gb_type operations */
+diff -Nru squid-2.6.STABLE12.orig/src/delay_pools.c squid-2.6.STABLE12/src/delay_pools.c
+--- squid-2.6.STABLE12.orig/src/delay_pools.c 2006-10-23 14:22:21.000000000 +0300
++++ squid-2.6.STABLE12/src/delay_pools.c 2007-03-21 19:41:26.000000000 +0200
+@@ -613,7 +613,7 @@
+ }
+
+ /*
+- * this records actual bytes recieved. always recorded, even if the
++ * this records actual bytes received. always recorded, even if the
+ * class is disabled - it's more efficient to just do it than to do all
+ * the checks.
+ */
+diff -Nru squid-2.6.STABLE12.orig/src/main.c squid-2.6.STABLE12/src/main.c
+--- squid-2.6.STABLE12.orig/src/main.c 2007-03-13 00:25:40.000000000 +0200
++++ squid-2.6.STABLE12/src/main.c 2007-03-21 19:42:30.000000000 +0200
+@@ -372,6 +372,22 @@
+ asnFreeMemory();
+ }
+
++#if USE_UNLINKD
++static int
++needUnlinkd(void)
++{
++ int i;
++ int r = 0;
++ for (i = 0; i < Config.cacheSwap.n_configured; i++) {
++ if (strcmp(Config.cacheSwap.swapDirs[i].type, "ufs") == 0 ||
++ strcmp(Config.cacheSwap.swapDirs[i].type, "aufs") == 0 ||
++ strcmp(Config.cacheSwap.swapDirs[i].type, "diskd") == 0)
++ r++;
++ }
++ return r;
++}
++#endif
++
+ static void
+ mainReconfigure(void)
+ {
+@@ -395,6 +411,7 @@
+ locationRewriteShutdown();
+ authenticateShutdown();
+ externalAclShutdown();
++ unlinkdClose();
+ storeDirCloseSwapLogs();
+ storeLogClose();
+ accessLogClose();
+@@ -430,6 +447,9 @@
+ #if USE_WCCPv2
+ wccp2Init();
+ #endif
++#if USE_UNLINKD
++ if (needUnlinkd()) unlinkdInit();
++#endif
+ serverConnectionsOpen();
+ neighbors_init();
+ storeDirOpenSwapLogs();
+@@ -593,7 +613,7 @@
+
+ if (!configured_once) {
+ #if USE_UNLINKD
+- unlinkdInit();
++ if (needUnlinkd()) unlinkdInit();
+ #endif
+ urlInitialize();
+ cachemgrInit();
+@@ -972,7 +992,7 @@
+ int nullfd;
+ if (*(argv[0]) == '(')
+ return;
+- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
++ openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON);
+ if ((pid = fork()) < 0)
+ syslog(LOG_ALERT, "fork failed: %s", xstrerror());
+ else if (pid > 0)
+@@ -1008,7 +1028,7 @@
+ mainStartScript(argv[0]);
+ if ((pid = fork()) == 0) {
+ /* child */
+- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
++ openlog(appname, LOG_PID | LOG_NDELAY, LOG_LOCAL4);
+ prog = xstrdup(argv[0]);
+ argv[0] = xstrdup("(squid)");
+ execvp(prog, argv);
+@@ -1016,7 +1036,7 @@
+ exit(1);
+ }
+ /* parent */
+- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
++ openlog(appname, LOG_PID | LOG_NDELAY, LOG_LOCAL4);
+ syslog(LOG_NOTICE, "Squid Parent: child process %d started", pid);
+ time(&start);
+ squid_signal(SIGINT, SIG_IGN, SA_RESTART);
+diff -Nru squid-2.6.STABLE12.orig/src/Makefile.am squid-2.6.STABLE12/src/Makefile.am
+--- squid-2.6.STABLE12.orig/src/Makefile.am 2006-10-30 02:07:33.000000000 +0200
++++ squid-2.6.STABLE12/src/Makefile.am 2007-03-21 19:41:26.000000000 +0200
+@@ -314,12 +314,12 @@
+ DEFAULT_CONFIG_FILE = $(sysconfdir)/squid.conf
+ DEFAULT_MIME_TABLE = $(sysconfdir)/mime.conf
+ DEFAULT_DNSSERVER = $(libexecdir)/`echo dnsserver | sed '$(transform);s/$$/$(EXEEXT)/'`
+-DEFAULT_LOG_PREFIX = $(localstatedir)/logs
++DEFAULT_LOG_PREFIX = $(localstatedir)/log/squid
+ DEFAULT_CACHE_LOG = $(DEFAULT_LOG_PREFIX)/cache.log
+ DEFAULT_ACCESS_LOG = $(DEFAULT_LOG_PREFIX)/access.log
+ DEFAULT_STORE_LOG = $(DEFAULT_LOG_PREFIX)/store.log
+-DEFAULT_PID_FILE = $(DEFAULT_LOG_PREFIX)/squid.pid
+-DEFAULT_SWAP_DIR = $(localstatedir)/cache
++DEFAULT_PID_FILE = $(localstatedir)/run/squid.pid
++DEFAULT_SWAP_DIR = $(localstatedir)/cache/squid
+ DEFAULT_PINGER = $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'`
+ DEFAULT_UNLINKD = $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'`
+ DEFAULT_DISKD = $(libexecdir)/`echo diskd-daemon | sed '$(transform);s/$$/$(EXEEXT)/'`
+diff -Nru squid-2.6.STABLE12.orig/src/mib.txt squid-2.6.STABLE12/src/mib.txt
+--- squid-2.6.STABLE12.orig/src/mib.txt 2006-09-22 05:49:24.000000000 +0300
++++ squid-2.6.STABLE12/src/mib.txt 2007-03-21 19:41:26.000000000 +0200
+@@ -314,7 +314,7 @@
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+- " Number of HTTP KB's recieved "
++ " Number of HTTP KB's received "
+ ::= { cacheProtoAggregateStats 4 }
+
+ cacheHttpOutKb OBJECT-TYPE
+@@ -354,7 +354,7 @@
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+- " Number of ICP KB's recieved "
++ " Number of ICP KB's received "
+ ::= { cacheProtoAggregateStats 9 }
+
+ cacheServerRequests OBJECT-TYPE
+@@ -378,7 +378,7 @@
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+- " KB's of traffic recieved from servers "
++ " KB's of traffic received from servers "
+ ::= { cacheProtoAggregateStats 12 }
+
+ cacheServerOutKb OBJECT-TYPE
--- /dev/null
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-2.6.12.ebuild,v 1.1 2007/03/21 17:51:26 mrness Exp $
+
+WANT_AUTOCONF="latest"
+WANT_AUTOMAKE="latest"
+
+inherit eutils pam toolchain-funcs flag-o-matic autotools linux-info
+
+#lame archive versioning scheme..
+S_PV="${PV%.*}"
+S_PL="${PV##*.}"
+S_PL="${S_PL/_rc/-RC}"
+S_PP="${PN}-${S_PV}.STABLE${S_PL}"
+
+DESCRIPTION="A full-featured web proxy cache"
+HOMEPAGE="http://www.squid-cache.org/"
+SRC_URI="http://www.squid-cache.org/Versions/v2/${S_PV}/${S_PP}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="pam ldap samba sasl nis ssl snmp selinux logrotate zero-penalty-hit \
+ pf-transparent ipf-transparent \
+ elibc_uclibc kernel_linux"
+
+DEPEND="pam? ( virtual/pam )
+ ldap? ( >=net-nds/openldap-2.1.26 )
+ ssl? ( >=dev-libs/openssl-0.9.7j )
+ sasl? ( >=dev-libs/cyrus-sasl-2.1.21 )
+ selinux? ( sec-policy/selinux-squid )
+ !x86-fbsd? ( logrotate? ( app-admin/logrotate ) )
+ >=sys-libs/db-4
+ dev-lang/perl"
+RDEPEND="${DEPEND}
+ samba? ( net-fs/samba )"
+
+S="${WORKDIR}/${S_PP}"
+
+pkg_setup() {
+ enewgroup squid 31
+ enewuser squid 31 -1 /var/cache/squid squid
+}
+
+src_unpack() {
+ unpack ${A} || die "unpack failed"
+ cd "${S}" || die "dir ${S} not found"
+
+ epatch "${FILESDIR}"/${P}-gentoo.patch
+ use zero-penalty-hit && epatch "${FILESDIR}"/${P}-ToS_Hit_ToS_Preserve.patch
+
+ sed -i -e 's%LDFLAGS="-g"%LDFLAGS=""%' configure.in
+
+ #disable lazy bindings on (some at least) suided basic auth programs
+ sed -i -e '$aAM_LDFLAGS = '$(bindnow-flags) \
+ helpers/basic_auth/*/Makefile.am
+
+ eautoreconf
+}
+
+src_compile() {
+ local basic_modules="getpwnam,NCSA,MSNT"
+ use samba && basic_modules="SMB,multi-domain-NTLM,${basic_modules}"
+ use ldap && basic_modules="LDAP,${basic_modules}"
+ use pam && basic_modules="PAM,${basic_modules}"
+ use sasl && basic_modules="SASL,${basic_modules}"
+ use nis && ! use elibc_uclibc && basic_modules="YP,${basic_modules}"
+
+ local ext_helpers="ip_user,session,unix_group"
+ use samba && ext_helpers="wbinfo_group,${ext_helpers}"
+ use ldap && ext_helpers="ldap_group,${ext_helpers}"
+
+ local ntlm_helpers="fakeauth"
+ use samba && ntlm_helpers="SMB,${ntlm_helpers}"
+
+ local myconf=""
+
+ # Support for uclibc #61175
+ if use elibc_uclibc; then
+ myconf="${myconf} --enable-storeio=ufs,diskd,aufs,null"
+ myconf="${myconf} --disable-async-io"
+ else
+ myconf="${myconf} --enable-storeio=ufs,diskd,coss,aufs,null"
+ myconf="${myconf} --enable-async-io"
+ fi
+
+ if use kernel_linux; then
+ myconf="${myconf} --enable-linux-netfilter"
+ if kernel_is ge 2 6 && linux_chkconfig_present EPOLL ; then
+ myconf="${myconf} --enable-epoll"
+ fi
+ elif use kernel_FreeBSD || use kernel_OpenBSD || use kernel_NetBSD ; then
+ myconf="${myconf} --enable-kqueue"
+ if use pf-transparent; then
+ myconf="${myconf} --enable-pf-transparent"
+ elif use ipf-transparent; then
+ myconf="${myconf} --enable-ipf-transparent"
+ fi
+ fi
+
+ export CC=$(tc-getCC)
+
+ econf \
+ --sysconfdir=/etc/squid \
+ --libexecdir=/usr/libexec/squid \
+ --localstatedir=/var \
+ --datadir=/usr/share/squid \
+ --enable-auth="basic,digest,ntlm" \
+ --enable-removal-policies="lru,heap" \
+ --enable-digest-auth-helpers="password" \
+ --enable-basic-auth-helpers="${basic_modules}" \
+ --enable-external-acl-helpers="${ext_helpers}" \
+ --enable-ntlm-auth-helpers="${ntlm_helpers}" \
+ --enable-ident-lookups \
+ --enable-useragent-log \
+ --enable-cache-digests \
+ --enable-delay-pools \
+ --enable-referer-log \
+ --enable-arp-acl \
+ --with-pthreads \
+ --with-large-files \
+ --enable-htcp \
+ --enable-carp \
+ --enable-follow-x-forwarded-for \
+ $(use_enable snmp) \
+ $(use_enable ssl) \
+ ${myconf} || die "econf failed"
+
+ sed -i -e "s:^#define SQUID_MAXFD.*:#define SQUID_MAXFD 8192:" \
+ include/autoconf.h
+
+ emake || die "emake failed"
+}
+
+src_install() {
+ make DESTDIR="${D}" install || die "make install failed"
+
+ #need suid root for looking into /etc/shadow
+ fowners root:squid /usr/libexec/squid/ncsa_auth
+ fowners root:squid /usr/libexec/squid/pam_auth
+ fperms 4750 /usr/libexec/squid/ncsa_auth
+ fperms 4750 /usr/libexec/squid/pam_auth
+
+ #some cleanups
+ rm -f "${D}"/usr/bin/Run*
+
+ dodoc CONTRIBUTORS CREDITS ChangeLog QUICKSTART SPONSORS doc/*.txt \
+ helpers/ntlm_auth/no_check/README.no_check_ntlm_auth
+ newdoc helpers/basic_auth/SMB/README README.auth_smb
+ dohtml helpers/basic_auth/MSNT/README.html RELEASENOTES.html
+ newdoc helpers/basic_auth/LDAP/README README.auth_ldap
+ doman helpers/basic_auth/LDAP/*.8
+ dodoc helpers/basic_auth/SASL/squid_sasl_auth*
+
+ newpamd "${FILESDIR}/squid.pam" squid
+ newconfd "${FILESDIR}/squid.confd" squid
+ if use logrotate; then
+ newinitd "${FILESDIR}/squid.initd-logrotate" squid
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/squid.logrotate" squid
+ else
+ newinitd "${FILESDIR}/squid.initd" squid
+ exeinto /etc/cron.weekly
+ newexe "${FILESDIR}/squid.cron" squid.cron
+ fi
+
+ rm -rf "${D}"/var
+ diropts -m0755 -o squid -g squid
+ keepdir /var/cache/squid /var/log/squid
+}
+
+pkg_preinst() {
+ enewgroup squid 31
+ enewuser squid 31 -1 /var/cache/squid squid
+
+ #Remove this after all versions prior to 2.6.4 has been removed from the tree
+ if [[ -L "${ROOT}/etc/squid/errors" ]]; then
+ rm "${ROOT}/etc/squid/errors"
+ fi
+}
+
+pkg_postinst() {
+ echo
+ ewarn "Squid authentication helpers have been installed suid root."
+ ewarn "This allows shadow based authentication (see bug #52977 for more)."
+ echo
+ ewarn "Be careful what type of cache_dir you select!"
+ ewarn " 'diskd' is optimized for high levels of traffic, but it might seem slow"
+ ewarn "when there isn't sufficient traffic to keep squid reasonably busy."
+ ewarn " If your traffic level is low to moderate, use 'aufs' or 'ufs'."
+ echo
+ ewarn "/etc/squid/errors symlink has been removed from your system."
+ ewarn "Error templates can be customized through ${HILITE}error_directory${NORMAL} directive."
+ echo
+ ewarn "Squid can be configured to run in transparent mode like this:"
+ ewarn " ${HILITE}http_port internal-addr:3128 transparent${NORMAL}"
+}
projects / gentoo.git / commitdiff