security fix #92254

(Portage version: 2.0.51.19)

4 files changed, 211 insertions, 12 deletions

diff --git a/net-proxy/squid/ChangeLog b/net-proxy/squid/ChangeLog
index f35758fe5813..b72371b2581a 100644
--- a/net-proxy/squid/ChangeLog
+++ b/net-proxy/squid/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-proxy/squid
 # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.3 2005/04/24 09:35:13 mrness Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.4 2005/05/11 18:30:54 mrness Exp $
+
+*squid-2.5.10_rc3 (11 May 2005)
+
+  11 May 2005; Alin Nastac <mrness@gentoo.org> +squid-2.5.10_rc3.ebuild:
+  Version bumped for fixing security issue described in bug #92254.
+  Stable on x86.
 
 *squid-2.5.9-r4 (24 Apr 2005)
 
diff --git a/net-proxy/squid/Manifest b/net-proxy/squid/Manifest
index 44eabb140d33..c9ea3e2ab58f 100644
--- a/net-proxy/squid/Manifest
+++ b/net-proxy/squid/Manifest
@@ -1,17 +1,16 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
 MD5 4772d7df91159e46e702c3a7d3df1c0c squid-2.5.8-r1.ebuild 6103
 MD5 7050bdeeb1b696ffe75c7ed1679587d3 squid-2.5.9.ebuild 6019
+MD5 8fd29a455fbb3e4b9aa23c0f6a7ba2f8 squid-2.5.10_rc3.ebuild 6110
 MD5 39cf669d7f8a26e86b980dceda028083 squid-2.5.8.ebuild 5891
 MD5 733f7886fe1d6e22c8a90a7d820a6590 squid-2.5.9-r4.ebuild 6088
-MD5 3e1fcd333d5c4c24e31851555e5c4769 ChangeLog 17273
+MD5 e8df0328220b7ee458a3825601a6923d ChangeLog 17448
 MD5 c2a21a50fca07975a99242ebc54c2f88 metadata.xml 330
 MD5 1a01fe9aa56449b307571cda5cab3d77 squid-2.5.9-r3.ebuild 5914
 MD5 c2d230465ceefe887175cb8121d0fbc8 files/digest-squid-2.5.8-r1 156
 MD5 5b59fde3a3fdf6140efd79a82120b5e3 files/digest-squid-2.5.9-r3 156
 MD5 d22fa7f06392112cd3aeee3eaadb154d files/digest-squid-2.5.9-r4 156
 MD5 8e7207b10699502e573d9d60ff0e07a6 files/squid.confd 437
+MD5 daa5a0fb0b6b042cae9e9cac37319a5b files/digest-squid-2.5.10_rc3 165
 MD5 6f30a7f5c48ec35a7044acb189c858c5 files/squid-r1.cron 133
 MD5 c3048f19a1c725e2c53f86640b752382 files/squid-2.5.8-gentoo.diff 17233
 MD5 40a3fdee0d8db88cb690a6eceb59e45a files/squid.pam 505
@@ -20,10 +19,3 @@ MD5 5286e7e73ca5687381fa09ff41dccbd1 files/squid-logrotate 101
 MD5 89952d7cb51de1e4dbe9b5a1992aaf13 files/squid-2.5.9-gentoo.diff 17411
 MD5 b1028824f46381ebe326b5faf0e06d35 files/digest-squid-2.5.8 155
 MD5 7aec9f6b933e46cb25a72c56c0993e9e files/digest-squid-2.5.9 156
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.1 (GNU/Linux)
-
-iD8DBQFCa2hkjiC39V7gKu0RArIFAKDVa5usCVc/Ta5dbLPTcRP2twxnHACfS0jI
-GqcKETx8MV85CiW5OzreEQ4=
-=Y6fe
------END PGP SIGNATURE-----
diff --git a/net-proxy/squid/files/digest-squid-2.5.10_rc3 b/net-proxy/squid/files/digest-squid-2.5.10_rc3
new file mode 100644
index 000000000000..c085eebce713
--- /dev/null
+++ b/net-proxy/squid/files/digest-squid-2.5.10_rc3
@@ -0,0 +1,2 @@
+MD5 eb4497d0cabff800b2c47ae121fa7593 squid-2.5.STABLE10-RC3.tar.gz 1383690
+MD5 76f3602a77183f2e13063e03768d82f3 squid-2.5.STABLE10-RC3-patches-20050510.tar.gz 17004
diff --git a/net-proxy/squid/squid-2.5.10_rc3.ebuild b/net-proxy/squid/squid-2.5.10_rc3.ebuild
new file mode 100644
index 000000000000..5b6ddcc21602
--- /dev/null
+++ b/net-proxy/squid/squid-2.5.10_rc3.ebuild
@@ -0,0 +1,199 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-2.5.10_rc3.ebuild,v 1.1 2005/05/11 18:30:54 mrness Exp $
+
+inherit eutils toolchain-funcs
+
+#lame archive versioning scheme..
+S_PV=${PV%.*}
+S_PL=${PV##*.}
+S_PL=${S_PL/_rc/-RC}
+S_PP=${PN}-${S_PV}.STABLE${S_PL}
+PATCH_VERSION="20050510"
+
+DESCRIPTION="A caching web proxy, with advanced features"
+HOMEPAGE="http://www.squid-cache.org/"
+SRC_URI="http://www.squid-cache.org/Versions/v2/${S_PV}/${S_PP}.tar.gz
+	mirror://gentoo/${S_PP}-patches-${PATCH_VERSION}.tar.gz"
+
+S=${WORKDIR}/${S_PP}
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc x86 ~mips"
+IUSE="pam ldap ssl sasl snmp debug uclibc selinux underscores logrotate customlog zero-penalty-hit"
+
+RDEPEND="virtual/libc
+	pam? ( >=sys-libs/pam-0.75 )
+	ldap? ( >=net-nds/openldap-2.1.26 )
+	ssl? ( >=dev-libs/openssl-0.9.6m )
+	sasl? ( >=dev-libs/cyrus-sasl-1.5.27 )
+	selinux? ( sec-policy/selinux-squid )
+	!mips? ( logrotate? ( app-admin/logrotate ) )"
+DEPEND="${RDEPEND} dev-lang/perl"
+
+src_unpack() {
+	unpack ${A} || die "unpack failed"
+	cd ${S} || die "dir ${S} not found"
+
+	# Do bulk patching from squids bug fix list as well as our patches
+	use customlog || rm ${WORKDIR}/patch/9*customlog*
+	use zero-penalty-hit || rm ${WORKDIR}/patch/9*ToS_Hit*
+	EPATCH_SUFFIX="patch"
+	epatch ${WORKDIR}/patch
+
+	#hmm #10865
+	sed -i -e 's%^\(LINK =.*\)\(-o.*\)%\1\$(XTRA_LIBS) \2%' \
+		helpers/external_acl/ldap_group/Makefile.in
+
+	#disable lazy bindings on (some at least) suided basic auth programs
+	sed -i -e 's:_LDFLAGS[ ]*=:_LDFLAGS = -Wl,-z,now:' \
+		helpers/basic_auth/*/Makefile.in
+
+	if ! use debug ;	then
+		mv configure.in configure.in.orig
+		sed -e 's%LDFLAGS="-g"%LDFLAGS=""%' configure.in.orig > configure.in
+		export WANT_AUTOCONF=2.1
+		autoconf || die "autoconf failed"
+	fi
+}
+
+src_compile() {
+	# Support for uclibc #61175
+	if use uclibc; then
+		local basic_modules="getpwnam,NCSA,SMB,MSNT,multi-domain-NTLM,winbind"
+	else
+		local basic_modules="getpwnam,YP,NCSA,SMB,MSNT,multi-domain-NTLM,winbind"
+	fi
+
+	use ldap && basic_modules="LDAP,${basic_modules}"
+	use pam && basic_modules="PAM,${basic_modules}"
+	use sasl && basic_modules="SASL,${basic_modules}"
+	# SASL 1 / 2 Supported Natively
+
+	local ext_helpers="ip_user,unix_group,wbinfo_group,winbind_group"
+	use ldap && ext_helpers="ldap_group,${ext_helpers}"
+
+	local myconf=""
+	use snmp && myconf="${myconf} --enable-snmp" || myconf="${myconf} --disable-snmp"
+	use ssl && myconf="${myconf} --enable-ssl" || myconf="${myconf} --disable-ssl"
+
+	use amd64 && myconf="${myconf} --disable-internal-dns "
+
+	if use underscores; then
+		ewarn "Enabling underscores in domain names will result in dns resolution"
+		ewarn "failure if your local DNS client (probably bind) is not compatible."
+		myconf="${myconf} --enable-underscores"
+	fi
+
+	# Support for uclibc #61175
+	if use uclibc; then
+		myconf="${myconf} --enable-storeio='ufs,diskd,aufs,null' "
+		myconf="${myconf} --disable-async-io "
+	else
+		myconf="${myconf} --enable-storeio='ufs,diskd,coss,aufs,null' "
+		myconf="${myconf} --enable-async-io "
+	fi
+
+	export CC=$(tc-getCC)
+
+	./configure \
+		--prefix=/usr \
+		--bindir=/usr/bin \
+		--exec-prefix=/usr \
+		--sbindir=/usr/sbin \
+		--localstatedir=/var \
+		--mandir=/usr/share/man \
+		--sysconfdir=/etc/squid \
+		--libexecdir=/usr/lib/squid \
+		\
+		--enable-auth="basic,digest,ntlm" \
+		--enable-removal-policies="lru,heap" \
+		--enable-digest-auth-helpers="password" \
+		--enable-basic-auth-helpers=${basic_modules} \
+		--enable-external-acl-helpers=${ext_helpers} \
+		--enable-ntlm-auth-helpers="SMB,fakeauth,no_check,winbind" \
+		--enable-linux-netfilter \
+		--enable-ident-lookups \
+		--enable-useragent-log \
+		--enable-cache-digests \
+		--enable-delay-pools \
+		--enable-referer-log \
+		--enable-truncate \
+		--enable-arp-acl \
+		--with-pthreads \
+		--with-large-files \
+		--enable-htcp \
+		--enable-carp \
+		--enable-poll \
+		--host=${CHOST} ${myconf} || die "bad ./configure"
+		#--enable-icmp
+
+	mv include/autoconf.h include/autoconf.h.orig
+	sed -e "s:^#define SQUID_MAXFD.*:#define SQUID_MAXFD 8192:" \
+		include/autoconf.h.orig > include/autoconf.h
+
+#	if [ "${ARCH}" = "hppa" ]
+#	then
+#		mv include/autoconf.h include/autoconf.h.orig
+#		sed -e "s:^#define HAVE_MALLOPT 1:#undef HAVE_MALLOPT:" \
+#			include/autoconf.h.orig > include/autoconf.h
+#	fi
+
+	emake || die "compile problem"
+}
+
+src_install() {
+	make DESTDIR=${D} install || die
+
+	#--enable-icmp
+	#make -C src install-pinger libexecdir=${D}/usr/lib/squid || die
+	#chown root:squid ${D}/usr/lib/squid/pinger
+	#chmod 4750 ${D}/usr/lib/squid/pinger
+
+	#need suid root for looking into /etc/shadow
+	chown root:squid ${D}/usr/lib/squid/ncsa_auth
+	chown root:squid ${D}/usr/lib/squid/pam_auth
+	chmod 4750 ${D}/usr/lib/squid/ncsa_auth
+	chmod 4750 ${D}/usr/lib/squid/pam_auth
+
+	#some clean ups
+	rm -rf ${D}/var
+	mv ${D}/usr/bin/Run* ${D}/usr/lib/squid
+
+	#simply switch this symlink to choose the desired language..
+	dosym /usr/lib/squid/errors/English /etc/squid/errors
+
+	dodoc CONTRIBUTORS COPYING COPYRIGHT CREDITS \
+		ChangeLog QUICKSTART SPONSORS doc/*.txt \
+		helpers/ntlm_auth/no_check/README.no_check_ntlm_auth
+	newdoc helpers/basic_auth/SMB/README README.auth_smb
+	dohtml helpers/basic_auth/MSNT/README.html RELEASENOTES.html
+	newdoc helpers/basic_auth/LDAP/README README.auth_ldap
+	doman helpers/basic_auth/LDAP/*.8
+	dodoc helpers/basic_auth/SASL/squid_sasl_auth*
+
+	insinto /etc/pam.d
+	newins ${FILESDIR}/squid.pam squid
+	exeinto /etc/init.d
+	newexe ${FILESDIR}/squid.rc6 squid
+	insinto /etc/conf.d
+	newins ${FILESDIR}/squid.confd squid
+	if use logrotate; then
+		insinto /etc/logrotate.d
+		newins ${FILESDIR}/squid-logrotate squid
+	else
+		exeinto /etc/cron.weekly
+		newexe ${FILESDIR}/squid-r1.cron squid.cron
+	fi
+
+	diropts -m0755 -o squid -g squid
+	dodir /var/cache/squid /var/log/squid
+}
+
+pkg_postinst() {
+	echo
+	ewarn "Squid authentication helpers have been installed suid root"
+	ewarn "This allows shadow based authentication, see bug #52977 for more"
+	echo
+}