From 6c94a647e75df02ad883ef7d7c82531e59b43967 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Alin=20N=C4=83stac?= Date: Wed, 21 Mar 2007 17:51:26 +0000 Subject: [PATCH] Version bump, wrt security bug #171681. Package-Manager: portage-2.1.2.2 --- net-proxy/squid/ChangeLog | 9 +- net-proxy/squid/Manifest | 32 +- net-proxy/squid/files/digest-squid-2.6.12 | 3 + .../squid-2.6.12-ToS_Hit_ToS_Preserve.patch | 216 +++++++++++ .../squid/files/squid-2.6.12-gentoo.patch | 345 ++++++++++++++++++ net-proxy/squid/squid-2.6.12.ebuild | 197 ++++++++++ 6 files changed, 793 insertions(+), 9 deletions(-) create mode 100644 net-proxy/squid/files/digest-squid-2.6.12 create mode 100644 net-proxy/squid/files/squid-2.6.12-ToS_Hit_ToS_Preserve.patch create mode 100644 net-proxy/squid/files/squid-2.6.12-gentoo.patch create mode 100644 net-proxy/squid/squid-2.6.12.ebuild diff --git a/net-proxy/squid/ChangeLog b/net-proxy/squid/ChangeLog index c80a69a69b18..fb91a3173a11 100644 --- a/net-proxy/squid/ChangeLog +++ b/net-proxy/squid/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-proxy/squid # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.126 2007/03/10 09:39:42 mrness Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.127 2007/03/21 17:51:26 mrness Exp $ + +*squid-2.6.12 (21 Mar 2007) + + 21 Mar 2007; Alin Năstac + +files/squid-2.6.12-ToS_Hit_ToS_Preserve.patch, + +files/squid-2.6.12-gentoo.patch, +squid-2.6.12.ebuild: + Version bump, wrt security bug #171681. *squid-2.6.10 (10 Mar 2007) diff --git a/net-proxy/squid/Manifest b/net-proxy/squid/Manifest index c3f58d957423..6896e17bb1b7 100644 --- a/net-proxy/squid/Manifest +++ b/net-proxy/squid/Manifest @@ -9,6 +9,14 @@ AUX squid-2.6.10-gentoo.patch 13128 RMD160 08b3b0d13151bf46b4037c0fe8cc8a9d0a91a MD5 d25035c85129f8f083c2d6ada254d41f files/squid-2.6.10-gentoo.patch 13128 RMD160 08b3b0d13151bf46b4037c0fe8cc8a9d0a91a8b7 files/squid-2.6.10-gentoo.patch 13128 SHA256 dc46d7933e7e145b85bde70b0ac394ade8965f450ff9d37160425501aa6ef375 files/squid-2.6.10-gentoo.patch 13128 +AUX squid-2.6.12-ToS_Hit_ToS_Preserve.patch 7810 RMD160 f5c1cf54dca620f540baf842f1e677ec7f325c8c SHA1 8ed0aa5aacdb9cf44644d8259e9fa8186a06841b SHA256 d7b081c72063e3a64d9abb583ba1bc520089fea4e451d646eade30dc81bc44f5 +MD5 35dbafcc1b37d853f836a267b2035756 files/squid-2.6.12-ToS_Hit_ToS_Preserve.patch 7810 +RMD160 f5c1cf54dca620f540baf842f1e677ec7f325c8c files/squid-2.6.12-ToS_Hit_ToS_Preserve.patch 7810 +SHA256 d7b081c72063e3a64d9abb583ba1bc520089fea4e451d646eade30dc81bc44f5 files/squid-2.6.12-ToS_Hit_ToS_Preserve.patch 7810 +AUX squid-2.6.12-gentoo.patch 13104 RMD160 0ef584b87d199401aa4f0003858adc255fe47d28 SHA1 f50a48744a2d8144c406326f3058732528b68d02 SHA256 8e95e00ce6244f2414dbf02c88d70f35a680b71a62a9fcd2539bba4b8b7f5f56 +MD5 7977fabee86c22278b059e9a8eaca6c7 files/squid-2.6.12-gentoo.patch 13104 +RMD160 0ef584b87d199401aa4f0003858adc255fe47d28 files/squid-2.6.12-gentoo.patch 13104 +SHA256 8e95e00ce6244f2414dbf02c88d70f35a680b71a62a9fcd2539bba4b8b7f5f56 files/squid-2.6.12-gentoo.patch 13104 AUX squid-2.6.9-ToS_Hit_ToS_Preserve.patch 7794 RMD160 768c087050681d20d8fa680c1d3e1264ac1863fb SHA1 7e270c59eb25145add5f112a174978cd669419ec SHA256 0ab6611c2cd6fe5f7b57385d7b86b58c6b6aa7158de007d8d56d0546a49892dc MD5 e310b7604b6d8da5fa03f4ad4973d2a5 files/squid-2.6.9-ToS_Hit_ToS_Preserve.patch 7794 RMD160 768c087050681d20d8fa680c1d3e1264ac1863fb files/squid-2.6.9-ToS_Hit_ToS_Preserve.patch 7794 @@ -42,6 +50,7 @@ MD5 2957ca0ec8bf84e4af8ed5adef7acb90 files/squid.pam 315 RMD160 ff8a56fd5e8d4e0fde70853162a757476f3b7893 files/squid.pam 315 SHA256 dec9bd5ea16977fa334db04eb657e0598af411dad7ff279acf86beddcd22a8fd files/squid.pam 315 DIST squid-2.6.STABLE10.tar.gz 1626611 RMD160 470ce18f02a4628f021924fb0bc79a8e600284c5 SHA1 dbc0e816283ed740083e648e9ef679acca5c8be0 SHA256 29b2700786c0e92cfdb733d30edcfa23c600657d8f6dff59f2e7cb77168606a8 +DIST squid-2.6.STABLE12.tar.gz 1626994 RMD160 8e9463969064312b5f2fbe83b039be09646efbed SHA1 06a733cc04ba894cf4f7621278a1145b8e5807f9 SHA256 b4a1dd476371327369894ff73f729e5a24ec76b07f40a823cf04ca5c1210fc42 DIST squid-2.6.STABLE7-patches-20070116.tar.gz 7165 RMD160 4df56f7a82d0462537ed0a9c16943c99df5d3f4b SHA1 3ce0fff6708c2bdec0d286568f4cd279611a1350 SHA256 2ef51e75fc6c01d2613e6db7a2ecc4661718d8239a6d80ff42a510757ef90d1d DIST squid-2.6.STABLE7.tar.gz 1624607 RMD160 78715604c7dff188f0ee957e97c983ed90a770e6 SHA1 a84d80bc12d812503254f99dc969c6886c0584a0 SHA256 c4e2cdc1c01b33e1c25db01e09e12193f91fc47f74553ef89c369374c2699c61 DIST squid-2.6.STABLE9.tar.gz 1625942 RMD160 293ac5ad2d40f50c42fbee64576f12b72d493c8e SHA1 ba09f5cb4aadc535d63bb0fda564fcacb67b2e4c SHA256 8d68c61eb07c2cdaf82d9b6a4babff3eade3ae864cb1f094b7115086b20d070e @@ -49,6 +58,10 @@ EBUILD squid-2.6.10.ebuild 6144 RMD160 e5cf2a9a40d819268a9cc030bfbfe004a4e766c1 MD5 ab50d8eed92e66727b8456a9e23fb1dd squid-2.6.10.ebuild 6144 RMD160 e5cf2a9a40d819268a9cc030bfbfe004a4e766c1 squid-2.6.10.ebuild 6144 SHA256 cd2381102bc532b03e703839b3194a2c4c0e9e5ee5341254dcbd9c5be6d78fe9 squid-2.6.10.ebuild 6144 +EBUILD squid-2.6.12.ebuild 6144 RMD160 6dfeb28cca6583e148a22028235da1e34f7c5832 SHA1 0f33f2e814b61ba5999799ff5e017500ba0a40b0 SHA256 bb9d5a34b7b033dac248b9b8ba2a9fa8a532e157b181a5899e07d73fa890fbcc +MD5 8e51bcdf586ccf6d34bf29e1fd8b8125 squid-2.6.12.ebuild 6144 +RMD160 6dfeb28cca6583e148a22028235da1e34f7c5832 squid-2.6.12.ebuild 6144 +SHA256 bb9d5a34b7b033dac248b9b8ba2a9fa8a532e157b181a5899e07d73fa890fbcc squid-2.6.12.ebuild 6144 EBUILD squid-2.6.7.ebuild 6071 RMD160 1c91ed9abdea7f1f06b0211635d4ced136ef7835 SHA1 6cb3c7cfa4775812e3be59bc63ca77a4faa878c4 SHA256 cca9c9eb4a52f5600210198ff6250751de65334e19b17d5fa5c1bf677e008579 MD5 9821afa2318f7a6d9195a6c2e4c92048 squid-2.6.7.ebuild 6071 RMD160 1c91ed9abdea7f1f06b0211635d4ced136ef7835 squid-2.6.7.ebuild 6071 @@ -57,10 +70,10 @@ EBUILD squid-2.6.9-r1.ebuild 6146 RMD160 50a61da6d730b1957698594a8f665efe709706d MD5 99774bf2027e55bd250ba2718db71633 squid-2.6.9-r1.ebuild 6146 RMD160 50a61da6d730b1957698594a8f665efe709706d0 squid-2.6.9-r1.ebuild 6146 SHA256 af3437302a20971112487bf2a7c6b6f6df80cdbdfedebeff8005639682c66f5f squid-2.6.9-r1.ebuild 6146 -MISC ChangeLog 33090 RMD160 d8d4a67f384a3f6b6d77b8a06e587562ae6ae4f0 SHA1 3b403a6dae1b5634d29c6fed6a718f46f650bdc6 SHA256 1f80e0a8436b677527c29784f56768c7b7c32be71a9dd10dc9a47cbc7922cf28 -MD5 89c4e28d0928fc86f676019df46f6fbb ChangeLog 33090 -RMD160 d8d4a67f384a3f6b6d77b8a06e587562ae6ae4f0 ChangeLog 33090 -SHA256 1f80e0a8436b677527c29784f56768c7b7c32be71a9dd10dc9a47cbc7922cf28 ChangeLog 33090 +MISC ChangeLog 33318 RMD160 36a486bccd95652f9fdbc2189a84a5bb3262de1f SHA1 ed3efff7f866015b3420665d42dc131e4e72de05 SHA256 4484aa77f18a985e50aa2e8e31212029c8bd38ecf56dce7a1cb306dfd1184492 +MD5 54c187c16cdab426c71df2a90ff34f93 ChangeLog 33318 +RMD160 36a486bccd95652f9fdbc2189a84a5bb3262de1f ChangeLog 33318 +SHA256 4484aa77f18a985e50aa2e8e31212029c8bd38ecf56dce7a1cb306dfd1184492 ChangeLog 33318 MISC metadata.xml 229 RMD160 3017fab68c82b875738f1df5bb414f46480f142f SHA1 975a764b9c2b956a744795d61a702bd3545bbfb9 SHA256 b986c2ccab6337ef434285c558ed764218d7ca79a82cb5ee3d2615cd03360e87 MD5 24a10e76803f4cc98cdc979586096c6f metadata.xml 229 RMD160 3017fab68c82b875738f1df5bb414f46480f142f metadata.xml 229 @@ -68,6 +81,9 @@ SHA256 b986c2ccab6337ef434285c558ed764218d7ca79a82cb5ee3d2615cd03360e87 metadata MD5 944329597da4181599efc6f43877d2f9 files/digest-squid-2.6.10 259 RMD160 7a7bbe1c0453d92362749b89bded87157489747d files/digest-squid-2.6.10 259 SHA256 26b19e1f953b9cab2fab9662e4035adbd8a530babe7f59a984310206e55b878a files/digest-squid-2.6.10 259 +MD5 1c58d840387efb4b97f84ee057e5011d files/digest-squid-2.6.12 259 +RMD160 ce91ceb53561121e1b79405277b23a2a327cbd5b files/digest-squid-2.6.12 259 +SHA256 4c277802753ea30ca9be81361e42899274a072f082d06cc793a352bcf7fec253 files/digest-squid-2.6.12 259 MD5 5a1e44725f0f6da3a63f95721a3fe4e0 files/digest-squid-2.6.7 554 RMD160 be687a353ce0c44ae93e2c4a986af23f0dda7e12 files/digest-squid-2.6.7 554 SHA256 dbfcd684010150818fae13125c64f85b792786a412ac4d58703b8a437468b689 files/digest-squid-2.6.7 554 @@ -75,9 +91,9 @@ MD5 abce45f2679e15f9efb147ed7492b6bd files/digest-squid-2.6.9-r1 256 RMD160 d75f3cc9f3a1889d5d91ce2cc41e9a983955f9e8 files/digest-squid-2.6.9-r1 256 SHA256 9ed721fecb9f6488cf0dc959522f0f515f315e7c1641bd164917cfea2e75d58f files/digest-squid-2.6.9-r1 256 -----BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.2 (GNU/Linux) +Version: GnuPG v2.0.3 (GNU/Linux) -iD8DBQFF8n0i/ejvha5XGaMRAvKfAKCUhARaIAsbs9nPhUcXV8CCaP49JgCbBZ1G -wX3oGyA26bc0cZxzklTqe+w= -=hjDu +iD8DBQFGAXCrJnxX6mF440QRArKeAJwKOOJXCDRro/YLADUuJ9LFskdWKgCdEFEt +VovZ0XiXwIryX/K/hRtqBMg= +=X/+g -----END PGP SIGNATURE----- diff --git a/net-proxy/squid/files/digest-squid-2.6.12 b/net-proxy/squid/files/digest-squid-2.6.12 new file mode 100644 index 000000000000..9b0f3a59c5ef --- /dev/null +++ b/net-proxy/squid/files/digest-squid-2.6.12 @@ -0,0 +1,3 @@ +MD5 442cffe4447b76d732af2b1353e283d5 squid-2.6.STABLE12.tar.gz 1626994 +RMD160 8e9463969064312b5f2fbe83b039be09646efbed squid-2.6.STABLE12.tar.gz 1626994 +SHA256 b4a1dd476371327369894ff73f729e5a24ec76b07f40a823cf04ca5c1210fc42 squid-2.6.STABLE12.tar.gz 1626994 diff --git a/net-proxy/squid/files/squid-2.6.12-ToS_Hit_ToS_Preserve.patch b/net-proxy/squid/files/squid-2.6.12-ToS_Hit_ToS_Preserve.patch new file mode 100644 index 000000000000..34f83ebcfb80 --- /dev/null +++ b/net-proxy/squid/files/squid-2.6.12-ToS_Hit_ToS_Preserve.patch @@ -0,0 +1,216 @@ +diff -Nru squid-2.6.STABLE12.orig/src/cf.data.pre squid-2.6.STABLE12/src/cf.data.pre +--- squid-2.6.STABLE12.orig/src/cf.data.pre 2007-03-21 19:43:48.000000000 +0200 ++++ squid-2.6.STABLE12/src/cf.data.pre 2007-03-21 19:44:08.000000000 +0200 +@@ -3193,6 +3193,64 @@ + to off when using this directive in such configurations. + DOC_END + ++NAME: zph_tos_local ++TYPE: int ++DEFAULT: 0 ++LOC: Config.zph_tos_local ++DOC_START ++ Allows you to select a TOS/Diffserv value to mark local hits. Read above ++ (tcp_outgoing_tos) for details/requirements about TOS. ++ Default: 0 (disabled). ++DOC_END ++ ++NAME: zph_tos_peer ++TYPE: int ++DEFAULT: 0 ++LOC: Config.zph_tos_peer ++DOC_START ++ Allows you to select a TOS/Diffserv value to mark peer hits. Read above ++ (tcp_outgoing_tos) for details/requirements about TOS. ++ Default: 0 (disabled). ++DOC_END ++ ++NAME: zph_tos_parent ++COMMENT: on|off ++TYPE: onoff ++LOC: Config.onoff.zph_tos_parent ++DEFAULT: on ++DOC_START ++ Set this to off if you want only sibling hits to be marked. ++ If set to on (default), parent hits are being marked too. ++DOC_END ++ ++NAME: zph_preserve_miss_tos ++COMMENT: on|off ++TYPE: onoff ++LOC: Config.onoff.zph_preserve_miss_tos ++DEFAULT: on ++DOC_START ++ If set to on (default), any HTTP response towards clients will ++ have the TOS value of the response comming from the remote ++ server masked with the value of zph_preserve_miss_tos_mask. ++ For this to work correctly, you will need to patch your linux ++ kernel with the TOS preserving ZPH patch. ++ Has no effect under FreeBSD, works only under linux ZPH patched ++ kernels. ++DOC_END ++ ++NAME: zph_preserve_miss_tos_mask ++TYPE: int ++DEFAULT: 255 ++LOC: Config.zph_preserve_miss_tos_mask ++DOC_START ++ Allows you to mask certain bits in the TOS received from the ++ remote server, before copying the value to the TOS send towards ++ clients. ++ See zph_preserve_miss_tos for details. ++ ++ Default: 255 (TOS from server is not changed). ++DOC_END ++ + NAME: tcp_outgoing_address + TYPE: acl_address + DEFAULT: none +diff -Nru squid-2.6.STABLE12.orig/src/client_side.c squid-2.6.STABLE12/src/client_side.c +--- squid-2.6.STABLE12.orig/src/client_side.c 2007-03-21 19:43:48.000000000 +0200 ++++ squid-2.6.STABLE12/src/client_side.c 2007-03-21 19:44:08.000000000 +0200 +@@ -2621,6 +2621,55 @@ + return; + } + assert(http->out.offset == 0); ++ ++ if ( Config.zph_tos_local || Config.zph_tos_peer || ++ (Config.onoff.zph_preserve_miss_tos && Config.zph_preserve_miss_tos_mask) ) ++ { ++ int need_change = 0; ++ int hit = 0; ++ int tos = 0; ++ int tos_old = 0; ++ int tos_len = sizeof(tos_old); ++ int res; ++ ++ if (Config.zph_tos_local && isTcpHit(http->log_type)) { /* local hit */ ++ hit = 1; ++ tos = Config.zph_tos_local; ++ } else if (Config.zph_tos_peer && ++ (http->request->hier.code == SIBLING_HIT || /* sibling hit */ ++ (Config.onoff.zph_tos_parent && ++ http->request->hier.code == PARENT_HIT))) { /* parent hit */ ++ hit = 1; ++ tos = Config.zph_tos_peer; ++ } ++ if (http->request->flags.proxy_keepalive) { ++ if (getsockopt(fd, IPPROTO_IP, IP_TOS, &tos_old, &tos_len) < 0) { ++ debug(33, 1) ("ZPH: getsockopt(IP_TOS) on FD %d: %s\n", fd, xstrerror()); ++ } else if (hit && tos_old != tos) { /* HIT: 1-st request, or previous was MISS, */ ++ need_change = 1; /* or local/parent hit change */ ++ } else if (!hit && (tos_old || /* MISS: previous was HIT */ ++ Config.onoff.zph_preserve_miss_tos)) { /* TOS copying is on */ ++#if defined(_SQUID_LINUX_) ++ if ( Config.onoff.zph_preserve_miss_tos ) { ++ tos = (entry->mem_obj != NULL) ? ++ (entry->mem_obj->recvTOS & Config.zph_preserve_miss_tos_mask):0; ++ } else tos = 0; ++#else ++ tos = 0; ++#endif ++ need_change = 1; ++ } ++ } else if (hit) { /* no keepalive */ ++ need_change = 1; ++ } ++ if (need_change) { ++ if (!hit) enter_suid(); /* Setting TOS bit6-7 is privilleged */ ++ res = setsockopt(fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos)); ++ if (!hit) leave_suid(); /* Setting bit5-7 is privilleged */ ++ if ( res < 0) ++ debug(33, 1) ("ZPH: setsockopt(IP_TOS) on FD %d: %s\n", fd, xstrerror()); ++ } ++ } + rep = http->reply = clientBuildReply(http, buf, size); + if (!rep) { + /* Forward as HTTP/0.9 body with no reply */ +diff -Nru squid-2.6.STABLE12.orig/src/http.c squid-2.6.STABLE12/src/http.c +--- squid-2.6.STABLE12.orig/src/http.c 2007-03-13 00:27:09.000000000 +0200 ++++ squid-2.6.STABLE12/src/http.c 2007-03-21 19:44:08.000000000 +0200 +@@ -1373,6 +1373,53 @@ + peer *p = httpState->peer; + CWCB *sendHeaderDone; + int fd = httpState->fd; ++ ++#if defined(_SQUID_LINUX_) ++/* ZPH patch starts here (M.Stavrev 25-05-2005) ++ * Retrieve connection peer's TOS value (which its SYN_ACK TCP segment ++ * was encapsulated into an IP packet) ++ */ ++ int tos, tos_len; ++ if ( entry && entry->mem_obj ) { // Is this check necessary ? Seems not, but ++ // have no time to investigate further. ++ entry->mem_obj->recvTOS = 0; ++ tos = 1; ++ tos_len = sizeof(tos); ++ if ( setsockopt(fd,SOL_IP, IP_RECVTOS, &tos, tos_len) == 0 ) { ++ unsigned char buf[128]; ++ int len = 128; ++ if (getsockopt(fd, SOL_IP, IP_PKTOPTIONS, buf, &len) == 0) ++ { ++ /* Parse the PKTOPTIONS structure to locate the TOS data message ++ * prepared in the kernel by the ZPH incoming TCP TOS preserving ++ * patch. In 99,99% the TOS should be located at buf[12], but ++ * let's do it the right way. ++ */ ++ unsigned char * p = buf; ++ while ( p-buf < len ) { ++ struct cmsghdr * o = (struct cmsghdr*)p; ++ if ( o->cmsg_len <= 0 || o->cmsg_len > 52 ) ++ break; ++ if ( o->cmsg_level == SOL_IP && o->cmsg_type == IP_TOS ) { ++ entry->mem_obj->recvTOS = (unsigned char)(*(int*) ++ (p + sizeof(struct cmsghdr))); ++ debug(11, 5) ("ZPH: Incomming TOS=%d on FD %d\n", ++ entry->mem_obj->recvTOS, fd ); ++ break; ++ } ++ p += o->cmsg_len; ++ } ++ } else { ++ debug(11, 5) ("ZPH: getsockopt(IP_PKTOPTIONS) on FD %d: %s\n", ++ fd, xstrerror()); ++ } ++ } else { ++ debug(11, 5) ("ZPH: setsockopt(IP_RECVTOS) on FD %d: %s\n", ++ fd, xstrerror()); ++ } ++ } ++/* ZPH patch ends here */ ++#endif + + debug(11, 5) ("httpSendRequest: FD %d: httpState %p.\n", fd, httpState); + +diff -Nru squid-2.6.STABLE12.orig/src/structs.h squid-2.6.STABLE12/src/structs.h +--- squid-2.6.STABLE12.orig/src/structs.h 2007-02-27 03:20:01.000000000 +0200 ++++ squid-2.6.STABLE12/src/structs.h 2007-03-21 19:44:08.000000000 +0200 +@@ -669,6 +669,8 @@ + int relaxed_header_parser; + int accel_no_pmtu_disc; + int global_internal_static; ++ int zph_tos_parent; ++ int zph_preserve_miss_tos; + int httpd_suppress_version_string; + int via; + int check_hostnames; +@@ -793,6 +795,9 @@ + int sleep_after_fork; /* microseconds */ + time_t minimum_expiry_time; /* seconds */ + external_acl *externalAclHelperList; ++ int zph_tos_local; ++ int zph_tos_peer; ++ int zph_preserve_miss_tos_mask; + errormap *errorMapList; + #if USE_SSL + struct { +@@ -1724,6 +1729,9 @@ + const char *vary_encoding; + StoreEntry *ims_entry; + time_t refresh_timestamp; ++#if defined(_SQUID_LINUX_) ++ unsigned char recvTOS; /* ZPH patch - stores remote server's TOS */ ++#endif + }; + + struct _StoreEntry { diff --git a/net-proxy/squid/files/squid-2.6.12-gentoo.patch b/net-proxy/squid/files/squid-2.6.12-gentoo.patch new file mode 100644 index 000000000000..58b16c7b5f03 --- /dev/null +++ b/net-proxy/squid/files/squid-2.6.12-gentoo.patch @@ -0,0 +1,345 @@ +diff -Nru squid-2.6.STABLE12.orig/helpers/basic_auth/SMB/Makefile.am squid-2.6.STABLE12/helpers/basic_auth/SMB/Makefile.am +--- squid-2.6.STABLE12.orig/helpers/basic_auth/SMB/Makefile.am 2005-05-17 19:56:26.000000000 +0300 ++++ squid-2.6.STABLE12/helpers/basic_auth/SMB/Makefile.am 2007-03-21 19:41:26.000000000 +0200 +@@ -14,7 +14,7 @@ + ## FIXME: autoconf should test for the samba path. + + SMB_AUTH_HELPER = smb_auth.sh +-SAMBAPREFIX=/usr/local/samba ++SAMBAPREFIX=/usr + SMB_AUTH_HELPER_PATH = $(libexecdir)/$(SMB_AUTH_HELPER) + + libexec_SCRIPTS = $(SMB_AUTH_HELPER) +diff -Nru squid-2.6.STABLE12.orig/helpers/basic_auth/SMB/smb_auth.sh squid-2.6.STABLE12/helpers/basic_auth/SMB/smb_auth.sh +--- squid-2.6.STABLE12.orig/helpers/basic_auth/SMB/smb_auth.sh 2001-01-08 01:36:46.000000000 +0200 ++++ squid-2.6.STABLE12/helpers/basic_auth/SMB/smb_auth.sh 2007-03-21 19:41:26.000000000 +0200 +@@ -24,7 +24,7 @@ + read AUTHSHARE + read AUTHFILE + read SMBUSER +-read SMBPASS ++read -r SMBPASS + + # Find domain controller + echo "Domain name: $DOMAINNAME" +@@ -47,7 +47,7 @@ + addropt="" + fi + echo "Query address options: $addropt" +-dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'` ++dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'` + echo "Domain controller IP address: $dcip" + [ -n "$dcip" ] || exit 1 + +diff -Nru squid-2.6.STABLE12.orig/snmplib/snmp_api.c squid-2.6.STABLE12/snmplib/snmp_api.c +--- squid-2.6.STABLE12.orig/snmplib/snmp_api.c 2006-06-02 20:32:44.000000000 +0300 ++++ squid-2.6.STABLE12/snmplib/snmp_api.c 2007-03-21 19:41:26.000000000 +0200 +@@ -121,7 +121,7 @@ + } + + /* +- * Parses the packet recieved on the input session, and places the data into ++ * Parses the packet received on the input session, and places the data into + * the input pdu. length is the length of the input packet. If any errors + * are encountered, NULL is returned. If not, the community is. + */ +diff -Nru squid-2.6.STABLE12.orig/src/auth/digest/auth_digest.c squid-2.6.STABLE12/src/auth/digest/auth_digest.c +--- squid-2.6.STABLE12.orig/src/auth/digest/auth_digest.c 2006-07-31 02:27:04.000000000 +0300 ++++ squid-2.6.STABLE12/src/auth/digest/auth_digest.c 2007-03-21 19:41:26.000000000 +0200 +@@ -1271,7 +1271,7 @@ + nonce = authenticateDigestNonceFindNonce(digest_request->nonceb64); + if (!nonce) { + /* we couldn't find a matching nonce! */ +- debug(29, 4) ("authenticateDigestDecode: Unexpected or invalid nonce recieved\n"); ++ debug(29, 4) ("authenticateDigestDecode: Unexpected or invalid nonce received\n"); + authDigestLogUsername(auth_user_request, username); + + /* we don't need the scheme specific data anymore */ +@@ -1285,8 +1285,8 @@ + /* check the qop is what we expected. Note that for compatability with + * RFC 2069 we should support a missing qop. Tough. */ + if (!digest_request->qop || strcmp(digest_request->qop, QOP_AUTH)) { +- /* we recieved a qop option we didn't send */ +- debug(29, 4) ("authenticateDigestDecode: Invalid qop option recieved\n"); ++ /* we received a qop option we didn't send */ ++ debug(29, 4) ("authenticateDigestDecode: Invalid qop option received\n"); + authDigestLogUsername(auth_user_request, username); + + /* we don't need the scheme specific data anymore */ +diff -Nru squid-2.6.STABLE12.orig/src/cf.data.pre squid-2.6.STABLE12/src/cf.data.pre +--- squid-2.6.STABLE12.orig/src/cf.data.pre 2007-02-03 23:59:24.000000000 +0200 ++++ squid-2.6.STABLE12/src/cf.data.pre 2007-03-21 19:41:26.000000000 +0200 +@@ -344,12 +344,12 @@ + NAME: htcp_port + IFDEF: USE_HTCP + TYPE: ushort +-DEFAULT: 4827 ++DEFAULT: 0 + LOC: Config.Port.htcp + DOC_START + The port number where Squid sends and receives HTCP queries to +- and from neighbor caches. Default is 4827. To disable use +- "0". ++ and from neighbor caches. To turn it on you want to set it to ++ 4827. By default it is set to "0" (disabled). + DOC_END + + +@@ -2843,6 +2843,8 @@ + acl Safe_ports port 488 # gss-http + acl Safe_ports port 591 # filemaker + acl Safe_ports port 777 # multiling http ++acl Safe_ports port 901 # SWAT ++acl purge method PURGE + acl CONNECT method CONNECT + NOCOMMENT_END + DOC_END +@@ -2962,6 +2964,9 @@ + # Only allow cachemgr access from localhost + http_access allow manager localhost + http_access deny manager ++# Only allow purge requests from localhost ++http_access allow purge localhost ++http_access deny purge + # Deny requests to unknown ports + http_access deny !Safe_ports + # Deny CONNECT to other than SSL ports +@@ -2980,6 +2985,9 @@ + #acl our_networks src 192.168.1.0/24 192.168.2.0/24 + #http_access allow our_networks + ++# Allow the localhost to have access by default ++http_access allow localhost ++ + # And finally deny all other access to this proxy + http_access deny all + NOCOMMENT_END +@@ -3276,7 +3284,7 @@ + + NAME: cache_mgr + TYPE: string +-DEFAULT: webmaster ++DEFAULT: root + LOC: Config.adminEmail + DOC_START + Email-address of local cache manager who will receive +@@ -3311,7 +3319,7 @@ + + NAME: cache_effective_user + TYPE: string +-DEFAULT: nobody ++DEFAULT: squid + LOC: Config.effectiveUser + DOC_START + If you start Squid as root, it will change its effective/real +@@ -3695,6 +3703,9 @@ + If you disable this, it will appear as + + X-Forwarded-For: unknown ++NOCOMMENT_START ++forwarded_for off ++NOCOMMENT_END + DOC_END + + +@@ -4129,7 +4140,11 @@ + If you wish to create your own versions of the default + (English) error files, either to customize them to suit your + language or company copy the template English files to another +- directory and point this tag at them. ++ directory where the error files are read from. ++ /usr/share/squid/errors contains sets of error files ++ in different languages. The default error directory ++ is /etc/squid/errors, which is a link to one of these ++ error sets. + DOC_END + + NAME: maximum_single_addr_tries +@@ -4163,12 +4178,15 @@ + NAME: snmp_port + TYPE: ushort + LOC: Config.Port.snmp +-DEFAULT: 3401 ++DEFAULT: 0 + IFDEF: SQUID_SNMP + DOC_START + Squid can now serve statistics and status information via SNMP. + By default it listens to port 3401 on the machine. If you don't + wish to use SNMP, set this to "0". ++ ++ Note: on Gentoo Linux, the default is zero - you need to ++ set it to 3401 to enable it. + DOC_END + + NAME: snmp_access +diff -Nru squid-2.6.STABLE12.orig/src/client_side.c squid-2.6.STABLE12/src/client_side.c +--- squid-2.6.STABLE12.orig/src/client_side.c 2007-03-20 23:26:34.000000000 +0200 ++++ squid-2.6.STABLE12/src/client_side.c 2007-03-21 19:41:26.000000000 +0200 +@@ -4591,14 +4591,7 @@ + debug(83, 2) ("clientNegotiateSSL: Session %p reused on FD %d (%s:%d)\n", SSL_get_session(ssl), fd, fd_table[fd].ipaddr, (int) fd_table[fd].remote_port); + } else { + if (do_debug(83, 4)) { +- /* Write out the SSL session details.. actually the call below, but +- * OpenSSL headers do strange typecasts confusing GCC.. */ +- /* PEM_write_SSL_SESSION(debug_log, SSL_get_session(ssl)); */ +-#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x00908000L +- PEM_ASN1_write((i2d_of_void *) i2d_SSL_SESSION, PEM_STRING_SSL_SESSION, debug_log, (char *) SSL_get_session(ssl), NULL, NULL, 0, NULL, NULL); +-#else + PEM_ASN1_write(i2d_SSL_SESSION, PEM_STRING_SSL_SESSION, debug_log, (char *) SSL_get_session(ssl), NULL, NULL, 0, NULL, NULL); +-#endif + /* Note: This does not automatically fflush the log file.. */ + } + debug(83, 2) ("clientNegotiateSSL: New session %p on FD %d (%s:%d)\n", SSL_get_session(ssl), fd, fd_table[fd].ipaddr, (int) fd_table[fd].remote_port); +diff -Nru squid-2.6.STABLE12.orig/src/defines.h squid-2.6.STABLE12/src/defines.h +--- squid-2.6.STABLE12.orig/src/defines.h 2007-02-04 00:58:20.000000000 +0200 ++++ squid-2.6.STABLE12/src/defines.h 2007-03-21 19:41:26.000000000 +0200 +@@ -259,7 +259,7 @@ + + /* were to look for errors if config path fails */ + #ifndef DEFAULT_SQUID_ERROR_DIR +-#define DEFAULT_SQUID_ERROR_DIR "/usr/local/squid/etc/errors" ++#define DEFAULT_SQUID_ERROR_DIR "/usr/share/squid/errors/English" + #endif + + /* gb_type operations */ +diff -Nru squid-2.6.STABLE12.orig/src/delay_pools.c squid-2.6.STABLE12/src/delay_pools.c +--- squid-2.6.STABLE12.orig/src/delay_pools.c 2006-10-23 14:22:21.000000000 +0300 ++++ squid-2.6.STABLE12/src/delay_pools.c 2007-03-21 19:41:26.000000000 +0200 +@@ -613,7 +613,7 @@ + } + + /* +- * this records actual bytes recieved. always recorded, even if the ++ * this records actual bytes received. always recorded, even if the + * class is disabled - it's more efficient to just do it than to do all + * the checks. + */ +diff -Nru squid-2.6.STABLE12.orig/src/main.c squid-2.6.STABLE12/src/main.c +--- squid-2.6.STABLE12.orig/src/main.c 2007-03-13 00:25:40.000000000 +0200 ++++ squid-2.6.STABLE12/src/main.c 2007-03-21 19:42:30.000000000 +0200 +@@ -372,6 +372,22 @@ + asnFreeMemory(); + } + ++#if USE_UNLINKD ++static int ++needUnlinkd(void) ++{ ++ int i; ++ int r = 0; ++ for (i = 0; i < Config.cacheSwap.n_configured; i++) { ++ if (strcmp(Config.cacheSwap.swapDirs[i].type, "ufs") == 0 || ++ strcmp(Config.cacheSwap.swapDirs[i].type, "aufs") == 0 || ++ strcmp(Config.cacheSwap.swapDirs[i].type, "diskd") == 0) ++ r++; ++ } ++ return r; ++} ++#endif ++ + static void + mainReconfigure(void) + { +@@ -395,6 +411,7 @@ + locationRewriteShutdown(); + authenticateShutdown(); + externalAclShutdown(); ++ unlinkdClose(); + storeDirCloseSwapLogs(); + storeLogClose(); + accessLogClose(); +@@ -430,6 +447,9 @@ + #if USE_WCCPv2 + wccp2Init(); + #endif ++#if USE_UNLINKD ++ if (needUnlinkd()) unlinkdInit(); ++#endif + serverConnectionsOpen(); + neighbors_init(); + storeDirOpenSwapLogs(); +@@ -593,7 +613,7 @@ + + if (!configured_once) { + #if USE_UNLINKD +- unlinkdInit(); ++ if (needUnlinkd()) unlinkdInit(); + #endif + urlInitialize(); + cachemgrInit(); +@@ -972,7 +992,7 @@ + int nullfd; + if (*(argv[0]) == '(') + return; +- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); ++ openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON); + if ((pid = fork()) < 0) + syslog(LOG_ALERT, "fork failed: %s", xstrerror()); + else if (pid > 0) +@@ -1008,7 +1028,7 @@ + mainStartScript(argv[0]); + if ((pid = fork()) == 0) { + /* child */ +- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); ++ openlog(appname, LOG_PID | LOG_NDELAY, LOG_LOCAL4); + prog = xstrdup(argv[0]); + argv[0] = xstrdup("(squid)"); + execvp(prog, argv); +@@ -1016,7 +1036,7 @@ + exit(1); + } + /* parent */ +- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); ++ openlog(appname, LOG_PID | LOG_NDELAY, LOG_LOCAL4); + syslog(LOG_NOTICE, "Squid Parent: child process %d started", pid); + time(&start); + squid_signal(SIGINT, SIG_IGN, SA_RESTART); +diff -Nru squid-2.6.STABLE12.orig/src/Makefile.am squid-2.6.STABLE12/src/Makefile.am +--- squid-2.6.STABLE12.orig/src/Makefile.am 2006-10-30 02:07:33.000000000 +0200 ++++ squid-2.6.STABLE12/src/Makefile.am 2007-03-21 19:41:26.000000000 +0200 +@@ -314,12 +314,12 @@ + DEFAULT_CONFIG_FILE = $(sysconfdir)/squid.conf + DEFAULT_MIME_TABLE = $(sysconfdir)/mime.conf + DEFAULT_DNSSERVER = $(libexecdir)/`echo dnsserver | sed '$(transform);s/$$/$(EXEEXT)/'` +-DEFAULT_LOG_PREFIX = $(localstatedir)/logs ++DEFAULT_LOG_PREFIX = $(localstatedir)/log/squid + DEFAULT_CACHE_LOG = $(DEFAULT_LOG_PREFIX)/cache.log + DEFAULT_ACCESS_LOG = $(DEFAULT_LOG_PREFIX)/access.log + DEFAULT_STORE_LOG = $(DEFAULT_LOG_PREFIX)/store.log +-DEFAULT_PID_FILE = $(DEFAULT_LOG_PREFIX)/squid.pid +-DEFAULT_SWAP_DIR = $(localstatedir)/cache ++DEFAULT_PID_FILE = $(localstatedir)/run/squid.pid ++DEFAULT_SWAP_DIR = $(localstatedir)/cache/squid + DEFAULT_PINGER = $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'` + DEFAULT_UNLINKD = $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'` + DEFAULT_DISKD = $(libexecdir)/`echo diskd-daemon | sed '$(transform);s/$$/$(EXEEXT)/'` +diff -Nru squid-2.6.STABLE12.orig/src/mib.txt squid-2.6.STABLE12/src/mib.txt +--- squid-2.6.STABLE12.orig/src/mib.txt 2006-09-22 05:49:24.000000000 +0300 ++++ squid-2.6.STABLE12/src/mib.txt 2007-03-21 19:41:26.000000000 +0200 +@@ -314,7 +314,7 @@ + MAX-ACCESS read-only + STATUS current + DESCRIPTION +- " Number of HTTP KB's recieved " ++ " Number of HTTP KB's received " + ::= { cacheProtoAggregateStats 4 } + + cacheHttpOutKb OBJECT-TYPE +@@ -354,7 +354,7 @@ + MAX-ACCESS read-only + STATUS current + DESCRIPTION +- " Number of ICP KB's recieved " ++ " Number of ICP KB's received " + ::= { cacheProtoAggregateStats 9 } + + cacheServerRequests OBJECT-TYPE +@@ -378,7 +378,7 @@ + MAX-ACCESS read-only + STATUS current + DESCRIPTION +- " KB's of traffic recieved from servers " ++ " KB's of traffic received from servers " + ::= { cacheProtoAggregateStats 12 } + + cacheServerOutKb OBJECT-TYPE diff --git a/net-proxy/squid/squid-2.6.12.ebuild b/net-proxy/squid/squid-2.6.12.ebuild new file mode 100644 index 000000000000..5ad21122b42d --- /dev/null +++ b/net-proxy/squid/squid-2.6.12.ebuild @@ -0,0 +1,197 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-2.6.12.ebuild,v 1.1 2007/03/21 17:51:26 mrness Exp $ + +WANT_AUTOCONF="latest" +WANT_AUTOMAKE="latest" + +inherit eutils pam toolchain-funcs flag-o-matic autotools linux-info + +#lame archive versioning scheme.. +S_PV="${PV%.*}" +S_PL="${PV##*.}" +S_PL="${S_PL/_rc/-RC}" +S_PP="${PN}-${S_PV}.STABLE${S_PL}" + +DESCRIPTION="A full-featured web proxy cache" +HOMEPAGE="http://www.squid-cache.org/" +SRC_URI="http://www.squid-cache.org/Versions/v2/${S_PV}/${S_PP}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="pam ldap samba sasl nis ssl snmp selinux logrotate zero-penalty-hit \ + pf-transparent ipf-transparent \ + elibc_uclibc kernel_linux" + +DEPEND="pam? ( virtual/pam ) + ldap? ( >=net-nds/openldap-2.1.26 ) + ssl? ( >=dev-libs/openssl-0.9.7j ) + sasl? ( >=dev-libs/cyrus-sasl-2.1.21 ) + selinux? ( sec-policy/selinux-squid ) + !x86-fbsd? ( logrotate? ( app-admin/logrotate ) ) + >=sys-libs/db-4 + dev-lang/perl" +RDEPEND="${DEPEND} + samba? ( net-fs/samba )" + +S="${WORKDIR}/${S_PP}" + +pkg_setup() { + enewgroup squid 31 + enewuser squid 31 -1 /var/cache/squid squid +} + +src_unpack() { + unpack ${A} || die "unpack failed" + cd "${S}" || die "dir ${S} not found" + + epatch "${FILESDIR}"/${P}-gentoo.patch + use zero-penalty-hit && epatch "${FILESDIR}"/${P}-ToS_Hit_ToS_Preserve.patch + + sed -i -e 's%LDFLAGS="-g"%LDFLAGS=""%' configure.in + + #disable lazy bindings on (some at least) suided basic auth programs + sed -i -e '$aAM_LDFLAGS = '$(bindnow-flags) \ + helpers/basic_auth/*/Makefile.am + + eautoreconf +} + +src_compile() { + local basic_modules="getpwnam,NCSA,MSNT" + use samba && basic_modules="SMB,multi-domain-NTLM,${basic_modules}" + use ldap && basic_modules="LDAP,${basic_modules}" + use pam && basic_modules="PAM,${basic_modules}" + use sasl && basic_modules="SASL,${basic_modules}" + use nis && ! use elibc_uclibc && basic_modules="YP,${basic_modules}" + + local ext_helpers="ip_user,session,unix_group" + use samba && ext_helpers="wbinfo_group,${ext_helpers}" + use ldap && ext_helpers="ldap_group,${ext_helpers}" + + local ntlm_helpers="fakeauth" + use samba && ntlm_helpers="SMB,${ntlm_helpers}" + + local myconf="" + + # Support for uclibc #61175 + if use elibc_uclibc; then + myconf="${myconf} --enable-storeio=ufs,diskd,aufs,null" + myconf="${myconf} --disable-async-io" + else + myconf="${myconf} --enable-storeio=ufs,diskd,coss,aufs,null" + myconf="${myconf} --enable-async-io" + fi + + if use kernel_linux; then + myconf="${myconf} --enable-linux-netfilter" + if kernel_is ge 2 6 && linux_chkconfig_present EPOLL ; then + myconf="${myconf} --enable-epoll" + fi + elif use kernel_FreeBSD || use kernel_OpenBSD || use kernel_NetBSD ; then + myconf="${myconf} --enable-kqueue" + if use pf-transparent; then + myconf="${myconf} --enable-pf-transparent" + elif use ipf-transparent; then + myconf="${myconf} --enable-ipf-transparent" + fi + fi + + export CC=$(tc-getCC) + + econf \ + --sysconfdir=/etc/squid \ + --libexecdir=/usr/libexec/squid \ + --localstatedir=/var \ + --datadir=/usr/share/squid \ + --enable-auth="basic,digest,ntlm" \ + --enable-removal-policies="lru,heap" \ + --enable-digest-auth-helpers="password" \ + --enable-basic-auth-helpers="${basic_modules}" \ + --enable-external-acl-helpers="${ext_helpers}" \ + --enable-ntlm-auth-helpers="${ntlm_helpers}" \ + --enable-ident-lookups \ + --enable-useragent-log \ + --enable-cache-digests \ + --enable-delay-pools \ + --enable-referer-log \ + --enable-arp-acl \ + --with-pthreads \ + --with-large-files \ + --enable-htcp \ + --enable-carp \ + --enable-follow-x-forwarded-for \ + $(use_enable snmp) \ + $(use_enable ssl) \ + ${myconf} || die "econf failed" + + sed -i -e "s:^#define SQUID_MAXFD.*:#define SQUID_MAXFD 8192:" \ + include/autoconf.h + + emake || die "emake failed" +} + +src_install() { + make DESTDIR="${D}" install || die "make install failed" + + #need suid root for looking into /etc/shadow + fowners root:squid /usr/libexec/squid/ncsa_auth + fowners root:squid /usr/libexec/squid/pam_auth + fperms 4750 /usr/libexec/squid/ncsa_auth + fperms 4750 /usr/libexec/squid/pam_auth + + #some cleanups + rm -f "${D}"/usr/bin/Run* + + dodoc CONTRIBUTORS CREDITS ChangeLog QUICKSTART SPONSORS doc/*.txt \ + helpers/ntlm_auth/no_check/README.no_check_ntlm_auth + newdoc helpers/basic_auth/SMB/README README.auth_smb + dohtml helpers/basic_auth/MSNT/README.html RELEASENOTES.html + newdoc helpers/basic_auth/LDAP/README README.auth_ldap + doman helpers/basic_auth/LDAP/*.8 + dodoc helpers/basic_auth/SASL/squid_sasl_auth* + + newpamd "${FILESDIR}/squid.pam" squid + newconfd "${FILESDIR}/squid.confd" squid + if use logrotate; then + newinitd "${FILESDIR}/squid.initd-logrotate" squid + insinto /etc/logrotate.d + newins "${FILESDIR}/squid.logrotate" squid + else + newinitd "${FILESDIR}/squid.initd" squid + exeinto /etc/cron.weekly + newexe "${FILESDIR}/squid.cron" squid.cron + fi + + rm -rf "${D}"/var + diropts -m0755 -o squid -g squid + keepdir /var/cache/squid /var/log/squid +} + +pkg_preinst() { + enewgroup squid 31 + enewuser squid 31 -1 /var/cache/squid squid + + #Remove this after all versions prior to 2.6.4 has been removed from the tree + if [[ -L "${ROOT}/etc/squid/errors" ]]; then + rm "${ROOT}/etc/squid/errors" + fi +} + +pkg_postinst() { + echo + ewarn "Squid authentication helpers have been installed suid root." + ewarn "This allows shadow based authentication (see bug #52977 for more)." + echo + ewarn "Be careful what type of cache_dir you select!" + ewarn " 'diskd' is optimized for high levels of traffic, but it might seem slow" + ewarn "when there isn't sufficient traffic to keep squid reasonably busy." + ewarn " If your traffic level is low to moderate, use 'aufs' or 'ufs'." + echo + ewarn "/etc/squid/errors symlink has been removed from your system." + ewarn "Error templates can be customized through ${HILITE}error_directory${NORMAL} directive." + echo + ewarn "Squid can be configured to run in transparent mode like this:" + ewarn " ${HILITE}http_port internal-addr:3128 transparent${NORMAL}" +} -- 2.26.2