mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-27 00:57:50 +00:00
Code Issues Releases Activity

The squid developers have just released 2.6.STABLE1 as the new

Browse Source 
stable Squid release. Because of the large amount changes introduced
in 2.6, we keep 2.5 as www/squid and make www/squid26.

New OPTIONS:
- WITH_/WITHOUT_SQUID_KQUEUE: use kqueue(2) support (defaults to yes)
- WITH_/WITHOUT_SQUID_WCCPV2: enable WCCPv2 support (defaults to no)
- WITH_/WITHOUT_SQUID_REFERER_LOG: enable referer-header logging (default no)
- make WITH_DEBUG a synonym for WITH_SQUID_STACKTRACES

Removed OPTIONS:
- WITH_SQUID_CUSTOM_LOG: the code is now part of mainline squid and can
  be configured via squid.conf
- WITH_/WITHOUT_SQUID_UNDERSCORES: no longer configurable
- WITH_/WITHOUT_SQUID_CHECK_HOSTNAME: no longer configurable
- WITH_/WITHOUT_SQUID_RCNG: the start script is now rc.d only

Changed default:

- CARP support is enabled by default in squid 2.6 and needs to be
  explicitly disabled defining WITHOUT_SQUID_CARP

Port infrastructural changes:
- no longer check for invalid user/group id; this problem should no longer
  be an issue (if it ever was one, but you never know) and remove the
  'changeuser:' target
- use files/squid.in instead of files/squid.sh.in as template
- remove ancient information about Harvest from pkg-descr, tighten COMMENT
- add some HTTP mirror sites taken from
  <http://www.squid-cache.org/Mirrors/http-mirrors.html> as additional
  PATCH_SITES (thanks to Robert Backhaus for the initial submission)
- ICAP support is not yet available, the squid-devel CVS is not synchronized
  with mainline squid as I write this so mark WITH_SQUID_ICAP as IGNORE for
  now. I'll add the necessary patches ASAP.
- spell "squid" as "Squid" when referring to the project as this seems to be
  the spelling the Squid project prefers
- some cosmetic changes in macro definitions

PR:		ports/99750
Submitted by:	Thomas-Martin Seck <tmseck_at_netcologne.de> (squid maintainer)
This commit is contained in:
Sergey Matveychuk 2006-07-09 15:20:10 +00:00
parent 911fc12036
commit eb1c8d1da5
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=167277
27 changed files with 317 additions and 19840 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
www/Makefile
View File

@ -923,6 +923,7 @@
SUBDIR += spreadlogd
SUBDIR += sqstat
SUBDIR += squid
SUBDIR += squid26
SUBDIR += squid_radius_auth
SUBDIR += squidclients
SUBDIR += squidguard

243
www/squid26/Makefile
View File

@ -1,23 +1,19 @@
# New ports collection makefile for: squid24
# Date created: Tue Mar 27 14:56:08 CEST 2001
# Whom: Adrian Chadd <adrian@FreeBSD.org>
# New ports collection makefile for: squid26
# Date created: 2006-06-01
# Whom: Thomas-Martin Seck <tmseck@netcologne.de>
#
# $FreeBSD$
#
# Tunables not (yet) configurable via 'make config':
# SQUID_{U,G}ID
# Which user/group squid should run as (default: squid/squid).
# Which user/group Squid should run as (default: squid/squid).
# The user and group will be created if they do not already exist using
# a uid:gid of 100:100.
# NOTE: before version 2.5.4_6, these settings defaulted to
# nobody/nogroup.
# If you wish to keep these settings, please define SQUID_UID=nobody and
# SQUID_GID=nogroup in your make environment before you start the update.
# NOTE2:
# Before version 2.5.4_11 the numerical id chosen for SQUID_UID (and
# SQUID_GID respectively) was the first free id greater than or equal 3128.
# If you wish to move your squid user to id 100:100, run "make changeuser",
# please see the changeuser target's definition for further information.
# NOTE: older versions of Squid defaulted to nobody/nogroup.
# If you wish to run Squid as "nobody" (which is not recommended), please
# define SQUID_UID=nobody and SQUID_GID=nogroup in your make environment
# before you start the update or installation of this port.
#
# SQUID_LANGUAGES
# A list of languages for which error page files should be installed
# (default: all)
@ -39,7 +35,7 @@
# `make SQUID_CONFIGURE_ARGS="--enable-dlmalloc --enable-truncate" install'
#
# The list below may be incomplete, please see the configure script
# in the squid source distribution for the complete list of additional
# in the Squid source distribution for the complete list of additional
# options.
# Note that you probably do not need to worry about these options in most
# cases, they are included in case you want to experiment with them.
@ -47,11 +43,10 @@
# --enable-dlmalloc
# Compile and use the malloc package from Doug Lea
# --enable-gnuregex
# Compile and use the supplied GNUregex routines instead of BSD regex.
# Compile and use the supplied GNUregex routines instead of BSD regex
# (not recommended).
# --enable-xmalloc-statistics
# Show malloc statistics in status page
# --enable-time-hack
# Optimize time updates to one per second rather than calling gettimeofday()
# --enable-cachemgr-hostname=some.hostname
# Set an explicit hostname in cachemgr.cgi
# --enable-truncate
@ -68,15 +63,23 @@
# of filedescriptors the resulting binary is expected to support.
# --enable-ntlm-fail-open
# Enable NTLM fail open, where a helper that fails one of the
# Authentication steps can allow squid to still authenticate the user
#
# Authentication steps can allow Squid to still authenticate the user
# --enable-x-accelerator-vary
# Enable support for the X-Accelerator-Vary HTTP header. Can be used
# to indicate variance within an accelerator setup. Typically used
# together with other code that adds custom HTTP headers to the
# requests.
# --enable-auth-on-acceleration
# Enable authentication in accelerators.
# --enable-forward-log
# Enable experimental forward_log directive.
# --enable-multicast-miss
# Enable experimental multicast notification of cachemisses.
PORTNAME= squid
PORTVERSION= 2.5.14
PORTREVISION= 1
PORTVERSION= 2.6.1
CATEGORIES= www
MASTER_SITES= \
ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
ftp://archive.progeny.com/squid/%SUBDIR%/ \
ftp://mirrors.24-7-solutions.net/pub/squid/%SUBDIR%/ \
ftp://sunsite.auc.dk/pub/infosystems/squid/%SUBDIR%/ \
@ -86,20 +89,32 @@ MASTER_SITES= \
ftp://ftp.ccs.neu.edu/pub/mirrors/squid.nlanr.net/pub/%SUBDIR%/ \
${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/www/squid/&,}
MASTER_SITE_SUBDIR= squid-2/STABLE
DISTNAME= squid-2.5.STABLE14
DIST_SUBDIR= squid2.5
DISTNAME= squid-2.6.STABLE1
DIST_SUBDIR= squid2.6
PATCH_SITES= http://www.squid-cache.org/Versions/v2/2.5/bugs/
PATCHFILES= squid-2.5.STABLE14-httpReplyDestroy.patch
PATCH_SITES= http://www.squid-cache.org/%SUBDIR%/ \
http://www2.us.squid-cache.org/%SUBDIR%/ \
http://www3.us.squid-cache.org/%SUBDIR%/ \
http://www1.at.squid-cache.org/%SUBDIR%/ \
http://www2.nl.squid-cache.org/%SUBDIR%/ \
http://www1.ru.squid-cache.org/%SUBDIR%/ \
http://www1.uk.squid-cache.org/%SUBDIR%/ \
http://www1.jp.squid-cache.org/%SUBDIR%/ \
http://www1.tw.squid-cache.org/%SUBDIR%/
PATCH_SITE_SUBDIR= Versions/v2/2.6/bugs
PATCHFILES=
PATCH_DIST_STRIP= -p1
MAINTAINER= tmseck@netcologne.de
COMMENT= The successful WWW proxy cache and accelerator
COMMENT= HTTP Caching Proxy
CONFLICTS= squid-2.[^5]*
LATEST_LINK= squid26
CONFLICTS= squid-2.[^6]*
GNU_CONFIGURE= yes
USE_BZIP2= yes
USE_PERL5= yes
USE_RC_SUBR= squid
SQUID_UID?= squid
SQUID_GID?= squid
@ -114,20 +129,19 @@ OPTIONS= SQUID_LDAP_AUTH "Install LDAP authentication helpers" off \
SQUID_SASL_AUTH "Install SASL authentication helpers" off \
SQUID_DELAY_POOLS "Enable delay pools" off \
SQUID_SNMP "Enable SNMP support" off \
SQUID_CARP "Enable CARP support" off \
SQUID_CARP "Enable CARP support" on \
SQUID_SSL "Enable SSL support for reverse proxies" off \
SQUID_PINGER "Install the icmp helper" off \
SQUID_DNS_HELPER "Use the old 'dnsserver' helper" off \
SQUID_HTCP "Enable HTCP support" off \
SQUID_VIA_DB "Enable forward/via database" off \
SQUID_CACHE_DIGESTS "Enable cache digests" off \
SQUID_WCCP "Enable Web Cache Coordination Protocol" on \
SQUID_UNDERSCORES "Allow underscores in hostnames" on \
SQUID_CHECK_HOSTNAME "Do hostname checking" on \
SQUID_WCCP "Enable Web Cache Coordination Prot. v1" on \
SQUID_WCCPV2 "Enable Web Cache Coordination Prot. v2" off \
SQUID_STRICT_HTTP "Be strictly HTTP compliant" off \
SQUID_IDENT "Enable ident (RFC 931) lookups" on \
SQUID_REFERER_LOG "Enable Referer-header logging" off \
SQUID_USERAGENT_LOG "Enable User-Agent-header logging" off \
SQUID_CUSTOM_LOG "Enable custom log format" off \
SQUID_ARP_ACL "Enable ACLs based on ethernet address" off \
SQUID_PF "Enable transparent proxying with PF" off \
SQUID_IPFILTER "Enable transp. proxying with IPFilter" off \
@ -135,9 +149,9 @@ OPTIONS= SQUID_LDAP_AUTH "Install LDAP authentication helpers" off \
SQUID_ICAP "Enable ICAP client functionality" off \
SQUID_AUFS "Enable the aufs storage scheme" off \
SQUID_COSS "Enable the COSS storage scheme" off \
SQUID_KQUEUE "Use kqueue(2) instead of poll(2)" on \
SQUID_LARGEFILE "Support log and cache files >2GB" off \
SQUID_STACKTRACES "Create backtraces on fatal errors" off \
SQUID_RCNG "Install an rc.d style startup script" on
SQUID_STACKTRACES "Create backtraces on fatal errors" off
etc_files= squid/cachemgr.conf.default \
squid/mib.txt squid/mime.conf.default \
@ -165,37 +179,44 @@ error_files= ERR_ACCESS_DENIED ERR_CACHE_ACCESS_DENIED \
ERR_SOCKET_FAILURE ERR_TOO_BIG ERR_UNSUP_REQ \
ERR_URN_RESOLVE ERR_WRITE_ERROR ERR_ZERO_SIZE_OBJECT
libexec= cachemgr.cgi digest_pw_auth diskd ip_user_check \
libexec= cachemgr.cgi digest_pw_auth diskd-daemon ip_user_check \
msnt_auth ncsa_auth ntlm_auth \
pam_auth smb_auth smb_auth.sh squid_unix_group \
wb_auth wb_group wb_ntlmauth wbinfo_group.pl
pam_auth smb_auth smb_auth.sh squid_session squid_unix_group \
wbinfo_group.pl
.if !defined(SQUID_CONFIGURE_ARGS) || ${SQUID_CONFIGURE_ARGS:M*--disable-unlinkd*} == ""
libexec+= unlinkd
.endif
sbin= RunAccel RunCache squidclient squid
sbin= RunCache squidclient squid
CONFIGURE_ARGS= --bindir=${PREFIX}/sbin --sysconfdir=${PREFIX}/etc/squid \
CONFIGURE_ARGS= --bindir=${PREFIX}/sbin \
--sbindir=${PREFIX}/sbin \
--datadir=${PREFIX}/etc/squid \
--libexecdir=${PREFIX}/libexec/squid \
--localstatedir=${PREFIX}/squid \
--enable-removal-policies="lru heap"
--sysconfdir=${PREFIX}/etc/squid \
--enable-removal-policies="lru heap" \
--disable-linux-netfilter \
--disable-linux-tproxy \
--disable-epoll
.include <bsd.port.pre.mk>
# Authentication methods and modules:
basic_auth= NCSA PAM MSNT SMB winbind
external_acl= ip_user unix_group wbinfo_group winbind_group
MAN8+= pam_auth.8 squid_unix_group.8
basic_auth= NCSA PAM MSNT SMB
digest_auth= password
external_acl= ip_user session unix_group wbinfo_group
MAN8+= ncsa_auth.8 pam_auth.8 squid_session.8 squid_unix_group.8
.if defined(WITH_SQUID_LDAP_AUTH)
USE_OPENLDAP= yes
CFLAGS+= -I${LOCALBASE}/include
LDFLAGS+= -L${LOCALBASE}/lib
MAN8+= squid_ldap_auth.8 squid_ldap_group.8
basic_auth+= LDAP
digest_auth+= ldap
external_acl+= ldap_group
libexec+= squid_ldap_auth squid_ldap_group
libexec+= digest_ldap_auth squid_ldap_auth squid_ldap_group
.endif
.if defined(WITH_SQUID_SASL_AUTH)
LIB_DEPENDS+= sasl2.2:${PORTSDIR}/security/cyrus-sasl2
@ -211,11 +232,11 @@ libexec+= yp_auth
.endif
CONFIGURE_ARGS+= --enable-auth="basic ntlm digest" \
--enable-basic-auth-helpers="${basic_auth}" \
--enable-digest-auth-helpers="password" \
--enable-digest-auth-helpers="${digest_auth}" \
--enable-external-acl-helpers="${external_acl}" \
--enable-ntlm-auth-helpers="SMB winbind"
--enable-ntlm-auth-helpers="SMB"
# Selection of storage schemes:
# Storage schemes:
storage_schemes= ufs diskd null
.if defined(WITH_SQUID_AUFS)
@ -227,7 +248,7 @@ CFLAGS+= ${PTHREAD_CFLAGS}
.endif
.if defined(WITH_SQUID_COSS)
storage_schemes+= coss
CONFIGURE_ARGS+= --with-aio
CONFIGURE_ARGS+= --enable-coss-aio-ops
.endif
CONFIGURE_ARGS+= --enable-storeio="${storage_schemes}"
@ -239,13 +260,14 @@ CONFIGURE_ARGS+= --enable-delay-pools
.if defined(WITH_SQUID_SNMP)
CONFIGURE_ARGS+= --enable-snmp
.endif
.if defined(WITH_SQUID_CARP)
CONFIGURE_ARGS+= --enable-carp
.if defined(WITHOUT_SQUID_CARP)
CONFIGURE_ARGS+= --disable-carp
.endif
.if defined(WITH_SQUID_SSL)
# we need to .include bsd.openssl.mk manually here because USE_OPENSSL only
# works when it is defined before bsd.port{.pre}.mk is .included and this is
# not possible when using OPTIONS
# we need to .include bsd.openssl.mk manually here.because USE_OPENSSL only
# works when it is defined before bsd.port{.pre}.mk is .included.
# This makes it currently impossible to combine this macro with OPTIONS to
# conditionally include OpenSSL support.
.include "${PORTSDIR}/Mk/bsd.openssl.mk"
CONFIGURE_ARGS+= --enable-ssl \
--with-openssl="${OPENSSLBASE}"
@ -272,11 +294,8 @@ CONFIGURE_ARGS+= --enable-cache-digests
.if defined(WITHOUT_SQUID_WCCP)
CONFIGURE_ARGS+= --disable-wccp
.endif
.if !defined(WITHOUT_SQUID_UNDERSCORES)
CONFIGURE_ARGS+= --enable-underscores
.endif
.if defined(WITHOUT_SQUID_CHECK_HOSTNAME)
CONFIGURE_ARGS+= --disable-hostname-checks
.if defined(WITH_SQUID_WCCPV2)
CONFIGURE_ARGS+= --enable-wccpv2
.endif
.if defined(WITH_SQUID_STRICT_HTTP)
CONFIGURE_ARGS+= --disable-http-violations
@ -284,12 +303,12 @@ CONFIGURE_ARGS+= --disable-http-violations
.if defined(WITHOUT_SQUID_IDENT)
CONFIGURE_ARGS+= --disable-ident-lookups
.endif
.if defined(WITH_SQUID_REFERER_LOG)
CONFIGURE_ARGS+= --enable-referer-log
.endif
.if defined(WITH_SQUID_USERAGENT_LOG)
CONFIGURE_ARGS+= --enable-useragent-log
.endif
.if defined(WITH_SQUID_CUSTOM_LOG)
EXTRA_PATCHES+= ${PATCHDIR}/customlog-2.5.patch
.endif
.if defined(WITH_SQUID_ARP_ACL)
CONFIGURE_ARGS+= --enable-arp-acl
.endif
@ -313,45 +332,39 @@ CONFIGURE_ARGS+= --enable-ipf-transparent
.endif
.endif
.if defined(WITH_SQUID_FOLLOW_XFF)
EXTRA_PATCHES+= ${PATCHDIR}/follow_xff-2.5.patch \
${PATCHDIR}/follow_xff-configure.patch
CONFIGURE_ARGS+= --enable-follow-x-forwarded-for
.endif
.if defined(WITH_SQUID_ICAP)
EXTRA_PATCHES+= ${PATCHDIR}/icap-2.5-core.patch \
${PATCHDIR}/icap-2.5-bootstrap.patch
CONFIGURE_ARGS+= --enable-icap-support
error_files+= ERR_ICAP_FAILURE
IGNORE= patches for ICAP support are not yet updated
EXTRA_PATCHES+=
#CONFIGURE_ARGS+= --enable-icap-support
#error_files+= ERR_ICAP_FAILURE
.endif
.if !defined(WITHOUT_SQUID_KQUEUE)
CONFIGURE_ARGS+= --enable-kqueue
.else
CONFIGURE_ARGS+= --disable-kqueue
.endif
.if defined(WITH_SQUID_LARGEFILE)
CONFIGURE_ARGS+= --with-large-files --enable-large-cache-files
.endif
.if defined(WITH_SQUID_STACKTRACES)
.if defined(WITH_SQUID_STACKTRACES) || defined(WITH_DEBUG)
CONFIGURE_ARGS+= --enable-stacktraces
CFLAGS+= -g
STRIP= ""
.endif
.if !defined(WITHOUT_SQUID_RCNG)
USE_RC_SUBR= squid.sh
rc_del= rcold
rc_state= rcng
.else
SUB_FILES+= squid.sh
etc_files+= rc.d/squid.sh
rc_del= rcng
rc_state= rcold
.endif
# Languages:
#
# If you do not define SQUID_LANGUAGES yourself, all available language files
# will be installed; the default language will be English.
SQUID_LANGUAGES?= \
Azerbaijani Bulgarian Catalan Czech Danish Dutch English Estonian Finnish \
French German Greek Hebrew Hungarian Italian Japanese Korean Lithuanian \
Polish Portuguese Romanian Russian-1251 Russian-koi8-r Serbian \
Simplify_Chinese Slovak Spanish Swedish Traditional_Chinese Turkish
SQUID_LANGUAGES?= Azerbaijani Bulgarian Catalan Czech Danish Dutch \
English Estonian Finnish French German Greek Hebrew \
Hungarian Italian Japanese Korean Lithuanian \
Polish Portuguese Romanian Russian-1251 Russian-koi8-r \
Serbian Simplify_Chinese Slovak Spanish Swedish \
Traditional_Chinese Turkish
SQUID_DEFAULT_LANG?= English
CONFIGURE_ARGS+= --enable-err-languages="${SQUID_LANGUAGES}" \
--enable-default-err-language=${SQUID_DEFAULT_LANG}
@ -385,31 +398,16 @@ pre-install:
# Prevent installation of .orig files by deleting them.
@${FIND} ${WRKSRC} -name '*.bak' -delete
@${FIND} ${WRKSRC} -name '*.orig' -delete
# create the start script:
@${REINPLACE_CMD} \
-e '/--begin ${rc_del}/,/--end ${rc_del}/d' \
-e '/--.*${rc_state}/d' ${WRKDIR}/squid.sh
# create variable information in pkg-message:
@${REINPLACE_CMD} \
-e '/--begin ${rc_del}/,/--end ${rc_del}/d' \
-e '/--.*${rc_state}/d' ${PKGMESSAGE}
pre-su-install:
@${SETENV} ${SCRIPTS_ENV} PKG_PREFIX=${PREFIX} \
${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
post-install:
# Create cachemgr.conf.default manually since squid's install routine
# unfortunately fails to do so:
${INSTALL_DATA} ${WRKSRC}/src/cachemgr.conf \
${PREFIX}/etc/squid/cachemgr.conf.default
.if defined(WITH_SQUID_PINGER)
${CHMOD} 4510 ${PREFIX}/libexec/squid/pinger; \
${CHGRP} ${SQUID_GID} ${PREFIX}/libexec/squid/pinger
.endif
.if defined(WITHOUT_SQUID_RCNG)
${INSTALL_SCRIPT} ${WRKDIR}/squid.sh ${PREFIX}/etc/rc.d/
.endif
.if !defined(NOPORTDOCS)
@${MKDIR} ${DOCSDIR}
cd ${WRKSRC} && ${INSTALL_DATA} ${docs} ${DOCSDIR}
@ -421,50 +419,5 @@ post-install:
@${ECHO_CMD} ""
@${CAT} ${PKGMESSAGE}
@${ECHO_CMD} ""
changeuser:
# Recover from the problem that earlier versions of this port created the
# squid pseudo-user with an id greater than 999 which is not allowed in
# FreeBSD's ports system. The port now uses id 100:100.
# NOTE:
# This target assumes that SQUID_GID is the primary group of SQUID_UID. If you
# have a different setup, do not run this target!
.if ${SQUID_UID:L} == nobody
@${ECHO_CMD} "'nobody' is a system user, you do not need to execute"; \
${ECHO_CMD} "this target!"
${FALSE}
.endif
@if [ `${ID} -u` -ne 0 ]; \
then ${ECHO_CMD} "Sorry, you must be root to use this target."; ${FALSE}; fi; \
current_uid=`id -u ${SQUID_UID}`; \
current_gid=`pw groupshow ${SQUID_GID}|cut -f 3 -d :`; \
${ECHO_CMD} "I will remove this user:"; \
${ID} -P $${current_uid}; \
${ECHO_CMD} "and this group:"; \
pw groupshow ${SQUID_GID}; \
${ECHO_CMD} "I will then re-create them with a user and group id of 100."; \
${ECHO_CMD} "Then all files and directories under ${PREFIX} and /var that"; \
${ECHO_CMD} "are owned by uid $${current_uid} will be chown(1)'ed."; \
${ECHO_CMD} "After that, all files and directories that were accessible"; \
${ECHO_CMD} "by group $${current_gid} will chgrp(1)'ed respectively."; \
${ECHO_CMD} "Note that this assumes group '${SQUID_GID}' to be the primary"; \
${ECHO_CMD} "group of user '${SQUID_UID}'. If you have a different setup"; \
${ECHO_CMD} "please abort this target now."; \
read -p "Press RETURN to continue or CTRL-C to abort:" dummy ; \
${ECHO_CMD} "OK, here we go:"; \
${ECHO_CMD} "deleting user $${current_uid} and his primary group..."; \
pw userdel -u $${current_uid}; \
${ECHO_CMD} "adding user ${SQUID_UID} with id 100..."; \
pw groupadd -n ${SQUID_GID} -g 100; \
pw useradd -n ${SQUID_UID} -u 100 -c "squid caching-proxy pseudo user" \
-d ${PREFIX}/squid -s /sbin/nologin -h - ; \
${ECHO_CMD} "chown(1)'ing everything under ${PREFIX} from $${current_uid} to 100..."; \
${FIND} -H ${PREFIX} -user $${current_uid} -exec ${CHOWN} 100 {} \; ; \
${ECHO_CMD} "chgrp(1)'ing everything under ${PREFIX} from $${current_gid} to 100..."; \
${FIND} -H ${PREFIX} -group $${current_gid} -exec ${CHOWN} :100 {} \; ; \
${ECHO_CMD} "chown(1)'ing everything under /var from $${current_uid} to 100..."; \
${FIND} -H /var -user $${current_uid} -exec ${CHOWN} 100 {} \; ; \
${ECHO_CMD} "chgrp(1)'ing everything under /var from $${current_gid} to 100..."; \
${FIND} -H /var -group $${current_gid} -exec ${CHOWN} :100 {} \; ; \
${ECHO_CMD} "Finished."
.include <bsd.port.post.mk>

9
www/squid26/distinfo
View File

@ -1,6 +1,3 @@
MD5 (squid2.5/squid-2.5.STABLE14.tar.bz2) = f413e0b887a5f9b2a75350243ed5564c
SHA256 (squid2.5/squid-2.5.STABLE14.tar.bz2) = c4eaee0e5ee42f46060217df9a88d628d244c0a543feab8296e44269e57ec7bd
SIZE (squid2.5/squid-2.5.STABLE14.tar.bz2) = 1073745
MD5 (squid2.5/squid-2.5.STABLE14-httpReplyDestroy.patch) = 1529f8b0170e24b26353578778435bd4
SHA256 (squid2.5/squid-2.5.STABLE14-httpReplyDestroy.patch) = 9e99132b8efb07e3465d5e33749aa450daecfa3acde73755b6a3589d09d19285
SIZE (squid2.5/squid-2.5.STABLE14-httpReplyDestroy.patch) = 1277
MD5 (squid2.6/squid-2.6.STABLE1.tar.bz2) = d6bb23a67b0475cca11d4af8d574d054
SHA256 (squid2.6/squid-2.6.STABLE1.tar.bz2) = a9efea26f1c3966dff69f80c271a73562afed5c65929d69dab713308dd402ba9
SIZE (squid2.6/squid-2.6.STABLE1.tar.bz2) = 1212556

1597
www/squid26/files/customlog-2.5.patch
View File

File diff suppressed because it is too large Load Diff

411
www/squid26/files/follow_xff-2.5.patch
View File

@ -1,411 +0,0 @@
! This is a reduced part of the original follow-XFF patchset from
! devel.squid-cache.org for use with the FreeBSD squid-2.5 port.
Index: src/acl.c
--- src/acl.c 13 May 2003 02:14:12 -0000 1.43.2.16
+++ src/acl.c 23 Nov 2003 14:20:12 -0000
@@ -2001,6 +2001,11 @@
cbdataLock(A);
if (request != NULL) {
checklist->request = requestLink(request);
+#if FOLLOW_X_FORWARDED_FOR
+ if (Config.onoff.acl_uses_indirect_client) {
+ checklist->src_addr = request->indirect_client_addr;
+ } else
+#endif /* FOLLOW_X_FORWARDED_FOR */
checklist->src_addr = request->client_addr;
checklist->my_addr = request->my_addr;
checklist->my_port = request->my_port;
Index: src/cf.data.pre
--- src/cf.data.pre 7 Nov 2003 03:14:30 -0000 1.49.2.46
+++ src/cf.data.pre 23 Nov 2003 14:20:17 -0000
@@ -2065,6 +2065,92 @@
NOCOMMENT_END
DOC_END
+NAME: follow_x_forwarded_for
+TYPE: acl_access
+IFDEF: FOLLOW_X_FORWARDED_FOR
+LOC: Config.accessList.followXFF
+DEFAULT: none
+DEFAULT_IF_NONE: deny all
+DOC_START
+ Allowing or Denying the X-Forwarded-For header to be followed to
+ find the original source of a request.
+
+ Requests may pass through a chain of several other proxies
+ before reaching us. The X-Forwarded-For header will contain a
+ comma-separated list of the IP addresses in the chain, with the
+ rightmost address being the most recent.
+
+ If a request reaches us from a source that is allowed by this
+ configuration item, then we consult the X-Forwarded-For header
+ to see where that host received the request from. If the
+ X-Forwarded-For header contains multiple addresses, and if
+ acl_uses_indirect_client is on, then we continue backtracking
+ until we reach an address for which we are not allowed to
+ follow the X-Forwarded-For header, or until we reach the first
+ address in the list. (If acl_uses_indirect_client is off, then
+ it's impossible to backtrack through more than one level of
+ X-Forwarded-For addresses.)
+
+ The end result of this process is an IP address that we will
+ refer to as the indirect client address. This address may
+ be treated as the client address for access control, delay
+ pools and logging, depending on the acl_uses_indirect_client,
+ delay_pool_uses_indirect_client and log_uses_indirect_client
+ options.
+
+ SECURITY CONSIDERATIONS:
+
+ Any host for which we follow the X-Forwarded-For header
+ can place incorrect information in the header, and Squid
+ will use the incorrect information as if it were the
+ source address of the request. This may enable remote
+ hosts to bypass any access control restrictions that are
+ based on the client's source addresses.
+
+ For example:
+
+ acl localhost src 127.0.0.1
+ acl my_other_proxy srcdomain .proxy.example.com
+ follow_x_forwarded_for allow localhost
+ follow_x_forwarded_for allow my_other_proxy
+DOC_END
+
+NAME: acl_uses_indirect_client
+COMMENT: on|off
+TYPE: onoff
+IFDEF: FOLLOW_X_FORWARDED_FOR
+DEFAULT: on
+LOC: Config.onoff.acl_uses_indirect_client
+DOC_START
+ Controls whether the indirect client address
+ (see follow_x_forwarded_for) is used instead of the
+ direct client address in acl matching.
+DOC_END
+
+NAME: delay_pool_uses_indirect_client
+COMMENT: on|off
+TYPE: onoff
+IFDEF: FOLLOW_X_FORWARDED_FOR && DELAY_POOLS
+DEFAULT: on
+LOC: Config.onoff.delay_pool_uses_indirect_client
+DOC_START
+ Controls whether the indirect client address
+ (see follow_x_forwarded_for) is used instead of the
+ direct client address in delay pools.
+DOC_END
+
+NAME: log_uses_indirect_client
+COMMENT: on|off
+TYPE: onoff
+IFDEF: FOLLOW_X_FORWARDED_FOR
+DEFAULT: on
+LOC: Config.onoff.log_uses_indirect_client
+DOC_START
+ Controls whether the indirect client address
+ (see follow_x_forwarded_for) is used instead of the
+ direct client address in the access log.
+DOC_END
+
NAME: http_access
TYPE: acl_access
LOC: Config.accessList.http
Index: src/client_side.c
--- src/client_side.c 2 Sep 2003 02:13:45 -0000 1.47.2.39
+++ src/client_side.c 23 Nov 2003 14:20:22 -0000
@@ -109,6 +109,11 @@
#if USE_IDENT
static IDCB clientIdentDone;
#endif
+#if FOLLOW_X_FORWARDED_FOR
+static void clientFollowXForwardedForStart(void *data);
+static void clientFollowXForwardedForNext(void *data);
+static void clientFollowXForwardedForDone(int answer, void *data);
+#endif /* FOLLOW_X_FORWARDED_FOR */
static int clientOnlyIfCached(clientHttpRequest * http);
static STCB clientSendMoreData;
static STCB clientCacheHit;
@@ -177,10 +182,179 @@
return ch;
}
+#if FOLLOW_X_FORWARDED_FOR
+/*
+ * clientFollowXForwardedForStart() copies the X-Forwarded-For
+ * header into x_forwarded_for_iterator and passes control to
+ * clientFollowXForwardedForNext().
+ *
+ * clientFollowXForwardedForNext() checks the indirect_client_addr
+ * against the followXFF ACL and passes the result to
+ * clientFollowXForwardedForDone().
+ *
+ * clientFollowXForwardedForDone() either grabs the next address
+ * from the tail of x_forwarded_for_iterator and loops back to
+ * clientFollowXForwardedForNext(), or cleans up and passes control to
+ * clientAccessCheck().
+ */
+
+static void
+clientFollowXForwardedForStart(void *data)
+{
+ clientHttpRequest *http = data;
+ request_t *request = http->request;
+ if (Config.accessList.followXFF
+ && httpHeaderHas(&request->header, HDR_X_FORWARDED_FOR))
+ {
+ request->x_forwarded_for_iterator = httpHeaderGetList(
+ &request->header, HDR_X_FORWARDED_FOR);
+ debug(33, 5) ("clientFollowXForwardedForStart: indirect_client_addr=%s XFF='%s'\n",
+ inet_ntoa(request->indirect_client_addr),
+ strBuf(request->x_forwarded_for_iterator));
+ clientFollowXForwardedForNext(http);
+ } else {
+ /* not configured to follow X-Forwarded-For, or nothing to follow */
+ debug(33, 5) ("clientFollowXForwardedForStart: nothing to do\n");
+ clientFollowXForwardedForDone(-1, http);
+ }
+}
+
+static void
+clientFollowXForwardedForNext(void *data)
+{
+ clientHttpRequest *http = data;
+ request_t *request = http->request;
+ debug(33, 5) ("clientFollowXForwardedForNext: indirect_client_addr=%s XFF='%s'\n",
+ inet_ntoa(request->indirect_client_addr),
+ strBuf(request->x_forwarded_for_iterator));
+ if (strLen(request->x_forwarded_for_iterator) != 0) {
+ /* check the acl to see whether to believe the X-Forwarded-For header */
+ http->acl_checklist = clientAclChecklistCreate(
+ Config.accessList.followXFF, http);
+ aclNBCheck(http->acl_checklist, clientFollowXForwardedForDone, http);
+ } else {
+ /* nothing left to follow */
+ debug(33, 5) ("clientFollowXForwardedForNext: nothing more to do\n");
+ clientFollowXForwardedForDone(-1, http);
+ }
+}
+
+static void
+clientFollowXForwardedForDone(int answer, void *data)
+{
+ clientHttpRequest *http = data;
+ request_t *request = http->request;
+ /*
+ * answer should be be ACCESS_ALLOWED or ACCESS_DENIED if we are
+ * called as a result of ACL checks, or -1 if we are called when
+ * there's nothing left to do.
+ */
+ if (answer == ACCESS_ALLOWED) {
+ /*
+ * The IP address currently in request->indirect_client_addr
+ * is trusted to use X-Forwarded-For. Remove the last
+ * comma-delimited element from x_forwarded_for_iterator and use
+ * it to to replace indirect_client_addr, then repeat the cycle.
+ */
+ const char *p;
+ const char *asciiaddr;
+ int l;
+ struct in_addr addr;
+ debug(33, 5) ("clientFollowXForwardedForDone: indirect_client_addr=%s is trusted\n",
+ inet_ntoa(request->indirect_client_addr));
+ p = strBuf(request->x_forwarded_for_iterator);
+ l = strLen(request->x_forwarded_for_iterator);
+
+ /*
+ * XXX x_forwarded_for_iterator should really be a list of
+ * IP addresses, but it's a String instead. We have to
+ * walk backwards through the String, biting off the last
+ * comma-delimited part each time. As long as the data is in
+ * a String, we should probably implement and use a variant of
+ * strListGetItem() that walks backwards instead of forwards
+ * through a comma-separated list. But we don't even do that;
+ * we just do the work in-line here.
+ */
+ /* skip trailing space and commas */
+ while (l > 0 && (p[l-1] == ',' || xisspace(p[l-1])))
+ l--;
+ strCut(request->x_forwarded_for_iterator, l);
+ /* look for start of last item in list */
+ while (l > 0 && ! (p[l-1] == ',' || xisspace(p[l-1])))
+ l--;
+ asciiaddr = p+l;
+ if (inet_aton(asciiaddr, &addr) == 0) {
+ /* the address is not well formed; do not use it */
+ debug(33, 3) ("clientFollowXForwardedForDone: malformed address '%s'\n",
+ asciiaddr);
+ goto done;
+ }
+ debug(33, 3) ("clientFollowXForwardedForDone: changing indirect_client_addr from %s to '%s'\n",
+ inet_ntoa(request->indirect_client_addr),
+ asciiaddr);
+ request->indirect_client_addr = addr;
+ strCut(request->x_forwarded_for_iterator, l);
+ if (! Config.onoff.acl_uses_indirect_client) {
+ /*
+ * If acl_uses_indirect_client is off, then it's impossible
+ * to follow more than one level of X-Forwarded-For.
+ */
+ goto done;
+ }
+ clientFollowXForwardedForNext(http);
+ return;
+ } else if (answer == ACCESS_DENIED) {
+ debug(33, 5) ("clientFollowXForwardedForDone: indirect_client_addr=%s not trusted\n",
+ inet_ntoa(request->indirect_client_addr));
+ } else {
+ debug(33, 5) ("clientFollowXForwardedForDone: indirect_client_addr=%s nothing more to do\n",
+ inet_ntoa(request->indirect_client_addr));
+ }
+done:
+ /* clean up, and pass control to clientAccessCheck */
+ debug(33, 6) ("clientFollowXForwardedForDone: cleanup\n");
+ if (Config.onoff.log_uses_indirect_client) {
+ /*
+ * Ensure that the access log shows the indirect client
+ * instead of the direct client.
+ */
+ ConnStateData *conn = http->conn;
+ conn->log_addr = request->indirect_client_addr;
+ conn->log_addr.s_addr &= Config.Addrs.client_netmask.s_addr;
+ debug(33, 3) ("clientFollowXForwardedForDone: setting log_addr=%s\n",
+ inet_ntoa(conn->log_addr));
+ }
+ stringClean(&request->x_forwarded_for_iterator);
+ request->flags.done_follow_x_forwarded_for = 1;
+ http->acl_checklist = NULL; /* XXX do we need to aclChecklistFree() ? */
+ clientAccessCheck(http);
+}
+#endif /* FOLLOW_X_FORWARDED_FOR */
+
void
clientAccessCheck(void *data)
{
clientHttpRequest *http = data;
+#if FOLLOW_X_FORWARDED_FOR
+ if (! http->request->flags.done_follow_x_forwarded_for
+ && httpHeaderHas(&http->request->header, HDR_X_FORWARDED_FOR))
+ {
+ /*
+ * There's an X-ForwardedFor header and we haven't yet tried
+ * to follow it to find the indirect_client_addr. Follow it now.
+ * clientFollowXForwardedForDone() will eventually pass control
+ * back to us.
+ *
+ * XXX perhaps our caller should have called
+ * clientFollowXForwardedForStart instead. Then we wouldn't
+ * need to do this little dance transferring control over
+ * there and then back here, and we wouldn't need the
+ * done_follow_x_forwarded_for flag.
+ */
+ clientFollowXForwardedForStart(data);
+ return;
+ }
+#endif /* FOLLOW_X_FORWARDED_FOR */
if (checkAccelOnly(http)) {
/* deny proxy requests in accel_only mode */
debug(33, 1) ("clientAccessCheck: proxy request denied in accel_only mode\n");
@@ -325,6 +499,9 @@
new_request->http_ver = old_request->http_ver;
httpHeaderAppend(&new_request->header, &old_request->header);
new_request->client_addr = old_request->client_addr;
+#if FOLLOW_X_FORWARDED_FOR
+ new_request->indirect_client_addr = old_request->indirect_client_addr;
+#endif /* FOLLOW_X_FORWARDED_FOR */
new_request->my_addr = old_request->my_addr;
new_request->my_port = old_request->my_port;
new_request->flags.redirected = 1;
@@ -3051,6 +3228,9 @@
safe_free(http->log_uri);
http->log_uri = xstrdup(urlCanonicalClean(request));
request->client_addr = conn->peer.sin_addr;
+#if FOLLOW_X_FORWARDED_FOR
+ request->indirect_client_addr = request->client_addr;
+#endif /* FOLLOW_X_FORWARDED_FOR */
request->my_addr = conn->me.sin_addr;
request->my_port = ntohs(conn->me.sin_port);
request->http_ver = http->http_ver;
Index: src/delay_pools.c
--- src/delay_pools.c 19 Jun 2003 02:13:57 -0000 1.5.54.6
+++ src/delay_pools.c 23 Nov 2003 14:20:23 -0000
@@ -318,6 +318,11 @@
r = http->request;
memset(&ch, '\0', sizeof(ch));
+#if FOLLOW_X_FORWARDED_FOR
+ if (Config.onoff.delay_pool_uses_indirect_client) {
+ ch.src_addr = r->indirect_client_addr;
+ } else
+#endif /* FOLLOW_X_FORWARDED_FOR */
ch.src_addr = r->client_addr;
ch.my_addr = r->my_addr;
ch.my_port = r->my_port;
*** src/structs.h.orig Sun Jun 26 12:45:58 2005
--- src/structs.h Sun Jun 26 12:48:45 2005
***************
*** 610,615 ****
--- 610,620 ----
int accel_uses_host_header;
int accel_no_pmtu_disc;
int global_internal_static;
+ #if FOLLOW_X_FORWARDED_FOR
+ int acl_uses_indirect_client;
+ int delay_pool_uses_indirect_client;
+ int log_uses_indirect_client;
+ #endif /* FOLLOW_X_FORWARDED_FOR */
} onoff;
acl *aclList;
struct {
***************
*** 631,636 ****
--- 636,644 ----
acl_access *reply;
acl_address *outgoing_address;
acl_tos *outgoing_tos;
+ #if FOLLOW_X_FORWARDED_FOR
+ acl_access *followXFF;
+ #endif /* FOLLOW_X_FORWARDED_FOR */
} accessList;
acl_deny_info_list *denyInfoList;
struct _authConfig {
***************
*** 1623,1628 ****
--- 1631,1641 ----
unsigned int body_sent:1;
unsigned int reset_tcp:1;
unsigned int must_keepalive:1;
+ #if FOLLOW_X_FORWARDED_FOR
+ /* XXX this flag could be eliminated;
+ * see comments in clientAccessCheck */
+ unsigned int done_follow_x_forwarded_for;
+ #endif /* FOLLOW_X_FORWARDED_FOR */
};
struct _link_list {
***************
*** 1666,1671 ****
--- 1679,1687 ----
int max_forwards;
/* these in_addr's could probably be sockaddr_in's */
struct in_addr client_addr;
+ #if FOLLOW_X_FORWARDED_FOR
+ struct in_addr indirect_client_addr; /* after following X-Forwarded-For */
+ #endif /* FOLLOW_X_FORWARDED_FOR */
struct in_addr my_addr;
unsigned short my_port;
HttpHeader header;
***************
*** 1677,1682 ****
--- 1693,1703 ----
const char *vary_headers; /* Used when varying entities are detected. Changes how the store key is calculated */
BODY_HANDLER *body_reader;
void *body_reader_data;
+ #if FOLLOW_X_FORWARDED_FOR
+ /* XXX a list of IP addresses would be a better data structure
+ * than this String */
+ String x_forwarded_for_iterator;
+ #endif /* FOLLOW_X_FORWARDED_FOR */
};
struct _cachemgr_passwd {

65
www/squid26/files/follow_xff-configure.patch
View File

@ -1,65 +0,0 @@
!Simulate the autotools bootstrap of the follow-x-forwarded-for patchset.
!
!Beware that all line number informations in configure.log greater
!than 2972 are offset by at least -29 (correcting all line numbers would have
!bloated the patch by 92kB!)
--- include/autoconf.h.in.orig Sat Jan 18 02:46:11 2003
+++ include/autoconf.h.in Thu Jun 24 13:19:07 2004
@@ -291,6 +291,12 @@
#define USE_IDENT 1
/*
+ * Compile in support for following X-Forwarded-For headers?
+ * Enabled by default.
+ */
+#define FOLLOW_X_FORWARDED_FOR 1
+
+/*
* If your system has statvfs(), and if it actually works!
*/
#undef HAVE_STATVFS
--- configure.orig Thu Sep 22 10:16:26 2005
+++ configure Thu Sep 22 17:29:01 2005
@@ -249,6 +249,12 @@
if you build as another user who is not privileged
to use the number of filedescriptors you want the
resulting binary to support"
+ac_help="$ac_help
+ --enable-follow-x-forwarded-for
+ Enable support for following the X-Forwarded-For
+ HTTP header to try to find the IP address of the
+ original or indirect client when a request has
+ been forwarded through other proxies."
# Initialize some variables set by options.
# The variables have the same names as the options, with
@@ -3255,6 +3261,29 @@
fi
+
+follow_xff=1
+# Check whether --enable-follow-x-forwarded-for or --disable-follow-x-forwarded-for was given.
+if test "${enable_follow_x_forwarded_for+set}" = set; then
+ enableval="$enable_follow_x_forwarded_for"
+ if test "$enableval" = "yes" ; then
+ echo "follow X-Forwarded-For enabled"
+ follow_xff=1
+ fi
+
+fi
+
+if test $follow_xff = 1; then
+ cat >> confdefs.h <<\EOF
+#define FOLLOW_X_FORWARDED_FOR 1
+EOF
+
+else
+ cat >> confdefs.h <<\EOF
+#define FOLLOW_X_FORWARDED_FOR 0
+EOF
+
+fi
# Force some compilers to use ANSI features
#

422
www/squid26/files/icap-2.5-bootstrap.patch
View File

@ -1,422 +0,0 @@
Patch 2 of 2 to integrate the icap-2_5 branch into the FreeBSD squid port.
Created by Thomas-Martin Seck <tmseck@netcologne.de>.
This patch simulates the autotools bootstrap necessary after applying the
ICAP patchset.
Please see icap-2.5-core.patch for further information.
Patch last updated: 2005-12-17
--- configure.orig Sat Oct 22 11:56:01 2005
+++ configure Sat Dec 17 17:45:21 2005
@@ -70,6 +70,8 @@
ac_help="$ac_help
--enable-delay-pools Enable delay pools to limit bandwidth usage"
ac_help="$ac_help
+ --enable-icap-support Enable iCAP client capability"
+ac_help="$ac_help
--enable-useragent-log Enable logging of User-Agent header"
ac_help="$ac_help
--enable-referer-log Enable logging of Referer header"
@@ -2170,6 +2172,38 @@
+
+if false; then
+ USE_ICAP_TRUE=
+ USE_ICAP_FALSE='#'
+else
+ USE_ICAP_TRUE='#'
+ USE_ICAP_FALSE=
+fi
+# Check whether --enable-icap-support or --disable-icap-support was given.
+if test "${enable_icap_support+set}" = set; then
+ enableval="$enable_icap_support"
+ if test "$enableval" = "yes" ; then
+ echo "ICAP support enabled"
+ cat >> confdefs.h <<\EOF
+#define HS_FEAT_ICAP 1
+EOF
+
+
+
+if true; then
+ USE_ICAP_TRUE=
+ USE_ICAP_FALSE='#'
+else
+ USE_ICAP_TRUE='#'
+ USE_ICAP_FALSE=
+fi
+ fi
+
+fi
+
+
+
# Check whether --enable-useragent-log or --disable-useragent-log was given.
if test "${enable_useragent_log+set}" = set; then
enableval="$enable_useragent_log"
@@ -7428,14 +7462,14 @@
fi
;;
esac
- echo $ac_n "checking for main in -lpthread""... $ac_c" 1>&6
-echo "configure:7433: checking for main in -lpthread" >&5
+ echo $ac_n "checking for main in -pthread""... $ac_c" 1>&6
+echo "configure:7433: checking for main in -pthread" >&5
ac_lib_var=`echo pthread'_'main | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
ac_save_LIBS="$LIBS"
-LIBS="-lpthread $LIBS"
+LIBS="-pthread $LIBS"
cat > conftest.$ac_ext <<EOF
#line 7441 "configure"
#include "confdefs.h"
@@ -7465,7 +7499,7 @@
#define $ac_tr_lib 1
EOF
- LIBS="-lpthread $LIBS"
+ LIBS="-pthread $LIBS"
else
echo "$ac_t""no" 1>&6
@@ -7769,6 +7803,8 @@
srand48 \
srandom \
statfs \
+ strnstr \
+ strcasestr \
strtoll \
sysconf \
syslog \
@@ -7898,6 +7934,50 @@
fi
fi
+
+if false; then
+ NEED_OWN_STRNSTR_TRUE=
+ NEED_OWN_STRNSTR_FALSE='#'
+else
+ NEED_OWN_STRNSTR_TRUE='#'
+ NEED_OWN_STRNSTR_FALSE=
+fi
+if test "$ac_cv_func_strnstr" = "no" || test "$ac_cv_func_vstrnstr" = "no" ; then
+
+
+if true; then
+ NEED_OWN_STRNSTR_TRUE=
+ NEED_OWN_STRNSTR_FALSE='#'
+else
+ NEED_OWN_STRNSTR_TRUE='#'
+ NEED_OWN_STRNSTR_FALSE=
+fi
+fi
+
+
+
+if false; then
+ NEED_OWN_STRCASESTR_TRUE=
+ NEED_OWN_STRCASESTR_FALSE='#'
+else
+ NEED_OWN_STRCASESTR_TRUE='#'
+ NEED_OWN_STRCASESTR_FALSE=
+fi
+if test "$ac_cv_func_strcasestr" = "no" || test "$ac_cv_func_vstrcasestr" = "no"; then
+
+
+if true; then
+ NEED_OWN_STRCASESTR_TRUE=
+ NEED_OWN_STRCASESTR_FALSE='#'
+else
+ NEED_OWN_STRCASESTR_TRUE='#'
+ NEED_OWN_STRCASESTR_FALSE=
+fi
+fi
+
+
+
+
echo $ac_n "checking if va_copy is implemented""... $ac_c" 1>&6
echo "configure:7903: checking if va_copy is implemented" >&5
if eval "test \"`echo '$''{'ac_cv_func_va_copy'+set}'`\" = set"; then
@@ -9072,6 +9152,8 @@
s%@ENABLE_PINGER_FALSE@%$ENABLE_PINGER_FALSE%g
s%@USE_DELAY_POOLS_TRUE@%$USE_DELAY_POOLS_TRUE%g
s%@USE_DELAY_POOLS_FALSE@%$USE_DELAY_POOLS_FALSE%g
+s%@USE_ICAP_TRUE@%$USE_ICAP_TRUE%g
+s%@USE_ICAP_FALSE@%$USE_ICAP_FALSE%g
s%@USE_SNMP_TRUE@%$USE_SNMP_TRUE%g
s%@USE_SNMP_FALSE@%$USE_SNMP_FALSE%g
s%@SNMPLIB@%$SNMPLIB%g
@@ -9118,6 +9200,10 @@
s%@LIB_LBER@%$LIB_LBER%g
s%@NEED_OWN_SNPRINTF_TRUE@%$NEED_OWN_SNPRINTF_TRUE%g
s%@NEED_OWN_SNPRINTF_FALSE@%$NEED_OWN_SNPRINTF_FALSE%g
+s%@NEED_OWN_STRNSTR_TRUE@%$NEED_OWN_STRNSTR_TRUE%g
+s%@NEED_OWN_STRNSTR_FALSE@%$NEED_OWN_STRNSTR_FALSE%g
+s%@NEED_OWN_STRCASESTR_TRUE@%$NEED_OWN_STRCASESTR_TRUE%g
+s%@NEED_OWN_STRCASESTR_FALSE@%$NEED_OWN_STRCASESTR_FALSE%g
s%@REGEXLIB@%$REGEXLIB%g
s%@LIBREGEX@%$LIBREGEX%g
s%@LIBOBJS@%$LIBOBJS%g
--- include/autoconf.h.in.orig Tue Sep 13 02:12:34 2005
+++ include/autoconf.h.in Sat Dec 17 17:45:21 2005
@@ -124,6 +124,11 @@
*/
#undef DELAY_POOLS
+/*
+ * ICAP - Internet Content Adaptation Protocol
+ */
+#undef HS_FEAT_ICAP
+
/*
* If you want to log User-Agent request header values, define this.
* By default, they are written to useragent.log in the Squid log
@@ -574,6 +579,12 @@
/* Define if you have the statfs function. */
#undef HAVE_STATFS
+
+/* Define if you have the strcasestr function. */
+#undef HAVE_STRCASESTR
+
+/* Define if you have the strnstr function. */
+#undef HAVE_STRNSTR
/* Define if you have the strerror function. */
#undef HAVE_STRERROR
--- lib/Makefile.in.orig Wed Sep 28 22:57:20 2005
+++ lib/Makefile.in Sat Dec 17 17:45:21 2005
@@ -123,6 +123,13 @@
@NEED_OWN_SNPRINTF_TRUE@SNPRINTFSOURCE = snprintf.c
@NEED_OWN_SNPRINTF_FALSE@SNPRINTFSOURCE =
+
+@NEED_OWN_STRNSTR_TRUE@STRNSTRSOURCE = strnstr.c
+@NEED_OWN_STRNSTR_FALSE@STRNSTRSOURCE =
+
+@NEED_OWN_STRCASESTR_TRUE@STRCASESTRSOURCE = strcasestr.c
+@NEED_OWN_STRCASESTR_FALSE@STRCASESTRSOURCE =
+
@NEED_OWN_MD5_TRUE@MD5SOURCE = md5.c
@NEED_OWN_MD5_FALSE@MD5SOURCE =
@@ -158,6 +165,8 @@
$(SNPRINTFSOURCE) \
splay.c \
Stack.c \
+ $(STRNSTRSOURCE) \
+ $(STRCASESTRSOURCE) \
stub_memaccount.c \
util.c \
uudecode.c
@@ -196,13 +205,18 @@
@NEED_OWN_MD5_FALSE@am__objects_1 =
@NEED_OWN_SNPRINTF_FALSE@am__objects_2 =
@NEED_OWN_SNPRINTF_TRUE@am__objects_2 = snprintf.$(OBJEXT)
+@NEED_OWN_STRNSTR_FALSE@am__objects_3 =
+@NEED_OWN_STRNSTR_TRUE@am__objects_3 = strnstr.$(OBJEXT)
+@NEED_OWN_STRCASESTR_TRUE@am__objects_4 = strcasestr.$(OBJEXT)
+@NEED_OWN_STRCASESTR_FALSE@am__objects_4 =
am_libmiscutil_a_OBJECTS = Array.$(OBJEXT) base64.$(OBJEXT) \
getfullhostname.$(OBJEXT) hash.$(OBJEXT) heap.$(OBJEXT) \
html_quote.$(OBJEXT) iso3307.$(OBJEXT) $(am__objects_1) \
radix.$(OBJEXT) rfc1035.$(OBJEXT) rfc1123.$(OBJEXT) \
rfc1738.$(OBJEXT) rfc2617.$(OBJEXT) safe_inet_addr.$(OBJEXT) \
$(am__objects_2) splay.$(OBJEXT) Stack.$(OBJEXT) \
- stub_memaccount.$(OBJEXT) util.$(OBJEXT) uudecode.$(OBJEXT)
+ $(am__objects_3) $(am__objects_4) stub_memaccount.$(OBJEXT) \
+ util.$(OBJEXT) uudecode.$(OBJEXT)
libmiscutil_a_OBJECTS = $(am_libmiscutil_a_OBJECTS)
libntlmauth_a_AR = $(AR) cru
libntlmauth_a_DEPENDENCIES = @LIBOBJS@
@@ -224,15 +238,16 @@
@AMDEP_TRUE@ $(DEPDIR)/dlmalloc.Po $(DEPDIR)/drand48.Po \
@AMDEP_TRUE@ $(DEPDIR)/getfullhostname.Po $(DEPDIR)/hash.Po \
@AMDEP_TRUE@ $(DEPDIR)/heap.Po $(DEPDIR)/html_quote.Po \
-@AMDEP_TRUE@ $(DEPDIR)/inet_ntoa.Po $(DEPDIR)/initgroups.Po \
-@AMDEP_TRUE@ $(DEPDIR)/iso3307.Po $(DEPDIR)/md5.Po \
-@AMDEP_TRUE@ $(DEPDIR)/ntlmauth.Po $(DEPDIR)/radix.Po \
-@AMDEP_TRUE@ $(DEPDIR)/rfc1035.Po $(DEPDIR)/rfc1123.Po \
-@AMDEP_TRUE@ $(DEPDIR)/rfc1738.Po $(DEPDIR)/rfc2617.Po \
-@AMDEP_TRUE@ $(DEPDIR)/safe_inet_addr.Po $(DEPDIR)/snprintf.Po \
-@AMDEP_TRUE@ $(DEPDIR)/splay.Po $(DEPDIR)/strerror.Po \
-@AMDEP_TRUE@ $(DEPDIR)/stub_memaccount.Po $(DEPDIR)/tempnam.Po \
-@AMDEP_TRUE@ $(DEPDIR)/util.Po $(DEPDIR)/uudecode.Po
+@AMDEP_TRUE@ $(DEPDIR)/inet_ntoa.Po $(DEPDIR)/iso3307.Po \
+@AMDEP_TRUE@ $(DEPDIR)/md5.Po $(DEPDIR)/ntlmauth.Po \
+@AMDEP_TRUE@ $(DEPDIR)/radix.Po $(DEPDIR)/rfc1035.Po \
+@AMDEP_TRUE@ $(DEPDIR)/rfc1123.Po $(DEPDIR)/rfc1738.Po \
+@AMDEP_TRUE@ $(DEPDIR)/rfc2617.Po $(DEPDIR)/safe_inet_addr.Po \
+@AMDEP_TRUE@ $(DEPDIR)/snprintf.Po $(DEPDIR)/splay.Po \
+@AMDEP_TRUE@ $(DEPDIR)/strcasestr.Po $(DEPDIR)/strerror.Po \
+@AMDEP_TRUE@ $(DEPDIR)/strnstr.Po $(DEPDIR)/stub_memaccount.Po \
+@AMDEP_TRUE@ $(DEPDIR)/tempnam.Po $(DEPDIR)/util.Po \
+@AMDEP_TRUE@ $(DEPDIR)/uudecode.Po
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
CCLD = $(CC)
@@ -241,8 +256,8 @@
DIST_SOURCES = $(libdlmalloc_a_SOURCES) $(libmiscutil_a_SOURCES) \
$(EXTRA_libmiscutil_a_SOURCES) $(libntlmauth_a_SOURCES) \
$(libregex_a_SOURCES)
-DIST_COMMON = Makefile.am Makefile.in drand48.c inet_ntoa.c \
- initgroups.c strerror.c tempnam.c
+DIST_COMMON = Makefile.am Makefile.in drand48.c inet_ntoa.c strerror.c \
+ tempnam.c
SOURCES = $(libdlmalloc_a_SOURCES) $(libmiscutil_a_SOURCES) $(EXTRA_libmiscutil_a_SOURCES) $(libntlmauth_a_SOURCES) $(libregex_a_SOURCES)
all: all-am
@@ -295,7 +310,6 @@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/heap.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/html_quote.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/inet_ntoa.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/initgroups.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/iso3307.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/md5.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/ntlmauth.Po@am__quote@
@@ -307,7 +321,9 @@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/safe_inet_addr.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/snprintf.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/splay.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strcasestr.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strerror.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strnstr.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/stub_memaccount.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/tempnam.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/util.Po@am__quote@
--- src/Makefile.in.orig Wed Sep 28 22:57:21 2005
+++ src/Makefile.in Sat Dec 17 17:45:21 2005
@@ -125,6 +125,9 @@
install_sh = @install_sh@
makesnmplib = @makesnmplib@
+@USE_ICAP_TRUE@ICAPSOURCE = icap_common.c icap_reqmod.c icap_respmod.c icap_opt.c
+@USE_ICAP_FALSE@ICAPSOURCE =
+
@USE_DNSSERVER_TRUE@DNSSOURCE = dns.c
@USE_DNSSERVER_FALSE@DNSSOURCE = dns_internal.c
@USE_DNSSERVER_TRUE@DNSSERVER = dnsserver
@@ -249,6 +252,7 @@
HttpMsg.c \
HttpReply.c \
HttpRequest.c \
+ $(ICAPSOURCE) \
icmp.c \
icp_v2.c \
icp_v3.c \
@@ -468,54 +472,58 @@
pinger_LDADD = $(LDADD)
pinger_DEPENDENCIES =
pinger_LDFLAGS =
-@USE_DELAY_POOLS_TRUE@am__objects_3 = delay_pools.$(OBJEXT)
-@USE_DELAY_POOLS_FALSE@am__objects_3 =
-@USE_DNSSERVER_FALSE@am__objects_4 = dns_internal.$(OBJEXT)
-@USE_DNSSERVER_TRUE@am__objects_4 = dns.$(OBJEXT)
-@ENABLE_HTCP_TRUE@am__objects_5 = htcp.$(OBJEXT)
-@MAKE_LEAKFINDER_FALSE@am__objects_6 =
-@MAKE_LEAKFINDER_TRUE@am__objects_6 = leakfinder.$(OBJEXT)
-@USE_SNMP_TRUE@am__objects_7 = snmp_core.$(OBJEXT) snmp_agent.$(OBJEXT)
-@USE_SNMP_FALSE@am__objects_7 =
-@ENABLE_SSL_TRUE@am__objects_8 = ssl_support.$(OBJEXT)
-@ENABLE_SSL_FALSE@am__objects_8 =
-@ENABLE_UNLINKD_FALSE@am__objects_9 =
-@ENABLE_UNLINKD_TRUE@am__objects_9 = unlinkd.$(OBJEXT)
-@ENABLE_WIN32SPECIFIC_TRUE@am__objects_10 = win32.$(OBJEXT)
-@ENABLE_WIN32SPECIFIC_FALSE@am__objects_10 =
+@USE_DELAY_POOLS_FALSE@am__objects_5 =
+@USE_DELAY_POOLS_TRUE@am__objects_5 = delay_pools.$(OBJEXT)
+@USE_DNSSERVER_FALSE@am__objects_6 = dns_internal.$(OBJEXT)
+@USE_DNSSERVER_TRUE@am__objects_6 = dns.$(OBJEXT)
+@ENABLE_HTCP_TRUE@am__objects_7 = htcp.$(OBJEXT)
+@USE_ICAP_TRUE@am__objects_8 = icap_common.$(OBJEXT) \
+@USE_ICAP_TRUE@ icap_reqmod.$(OBJEXT) icap_respmod.$(OBJEXT) \
+@USE_ICAP_TRUE@ icap_opt.$(OBJEXT)
+@USE_ICAP_FALSE@am__objects_8 =
+@MAKE_LEAKFINDER_TRUE@am__objects_9 = leakfinder.$(OBJEXT)
+@MAKE_LEAKFINDER_FALSE@am__objects_9 =
+@USE_SNMP_TRUE@am__objects_10 = snmp_core.$(OBJEXT) snmp_agent.$(OBJEXT)
+@USE_SNMP_FALSE@am__objects_10 =
+@ENABLE_SSL_FALSE@am__objects_11 =
+@ENABLE_SSL_TRUE@am__objects_11 = ssl_support.$(OBJEXT)
+@ENABLE_UNLINKD_TRUE@am__objects_12 = unlinkd.$(OBJEXT)
+@ENABLE_UNLINKD_FALSE@am__objects_12 =
+@ENABLE_WIN32SPECIFIC_FALSE@am__objects_13 =
+@ENABLE_WIN32SPECIFIC_TRUE@am__objects_13 = win32.$(OBJEXT)
am_squid_OBJECTS = access_log.$(OBJEXT) acl.$(OBJEXT) asn.$(OBJEXT) \
authenticate.$(OBJEXT) cache_cf.$(OBJEXT) CacheDigest.$(OBJEXT) \
cache_manager.$(OBJEXT) carp.$(OBJEXT) cbdata.$(OBJEXT) \
client_db.$(OBJEXT) client_side.$(OBJEXT) comm.$(OBJEXT) \
- comm_select.$(OBJEXT) debug.$(OBJEXT) $(am__objects_3) \
- disk.$(OBJEXT) $(am__objects_4) errorpage.$(OBJEXT) \
+ comm_select.$(OBJEXT) debug.$(OBJEXT) $(am__objects_5) \
+ disk.$(OBJEXT) $(am__objects_6) errorpage.$(OBJEXT) \
ETag.$(OBJEXT) event.$(OBJEXT) external_acl.$(OBJEXT) \
fd.$(OBJEXT) filemap.$(OBJEXT) forward.$(OBJEXT) \
fqdncache.$(OBJEXT) ftp.$(OBJEXT) gopher.$(OBJEXT) \
- helper.$(OBJEXT) $(am__objects_5) http.$(OBJEXT) \
+ helper.$(OBJEXT) $(am__objects_7) http.$(OBJEXT) \
HttpStatusLine.$(OBJEXT) HttpHdrCc.$(OBJEXT) \
HttpHdrRange.$(OBJEXT) HttpHdrContRange.$(OBJEXT) \
HttpHeader.$(OBJEXT) HttpHeaderTools.$(OBJEXT) \
HttpBody.$(OBJEXT) HttpMsg.$(OBJEXT) HttpReply.$(OBJEXT) \
- HttpRequest.$(OBJEXT) icmp.$(OBJEXT) icp_v2.$(OBJEXT) \
- icp_v3.$(OBJEXT) ident.$(OBJEXT) internal.$(OBJEXT) \
- ipc.$(OBJEXT) ipcache.$(OBJEXT) $(am__objects_6) \
- logfile.$(OBJEXT) main.$(OBJEXT) mem.$(OBJEXT) \
+ HttpRequest.$(OBJEXT) $(am__objects_8) icmp.$(OBJEXT) \
+ icp_v2.$(OBJEXT) icp_v3.$(OBJEXT) ident.$(OBJEXT) \
+ internal.$(OBJEXT) ipc.$(OBJEXT) ipcache.$(OBJEXT) \
+ $(am__objects_9) logfile.$(OBJEXT) main.$(OBJEXT) mem.$(OBJEXT) \
MemPool.$(OBJEXT) MemBuf.$(OBJEXT) mime.$(OBJEXT) \
multicast.$(OBJEXT) neighbors.$(OBJEXT) net_db.$(OBJEXT) \
Packer.$(OBJEXT) pconn.$(OBJEXT) peer_digest.$(OBJEXT) \
peer_select.$(OBJEXT) redirect.$(OBJEXT) referer.$(OBJEXT) \
- refresh.$(OBJEXT) send-announce.$(OBJEXT) $(am__objects_7) \
- ssl.$(OBJEXT) $(am__objects_8) stat.$(OBJEXT) \
+ refresh.$(OBJEXT) send-announce.$(OBJEXT) $(am__objects_10) \
+ ssl.$(OBJEXT) $(am__objects_11) stat.$(OBJEXT) \
StatHist.$(OBJEXT) String.$(OBJEXT) stmem.$(OBJEXT) \
store.$(OBJEXT) store_io.$(OBJEXT) store_client.$(OBJEXT) \
store_digest.$(OBJEXT) store_dir.$(OBJEXT) \
store_key_md5.$(OBJEXT) store_log.$(OBJEXT) \
store_rebuild.$(OBJEXT) store_swapin.$(OBJEXT) \
store_swapmeta.$(OBJEXT) store_swapout.$(OBJEXT) \
- tools.$(OBJEXT) $(am__objects_9) url.$(OBJEXT) urn.$(OBJEXT) \
+ tools.$(OBJEXT) $(am__objects_12) url.$(OBJEXT) urn.$(OBJEXT) \
useragent.$(OBJEXT) wais.$(OBJEXT) wccp.$(OBJEXT) \
- whois.$(OBJEXT) $(am__objects_10)
+ whois.$(OBJEXT) $(am__objects_13)
nodist_squid_OBJECTS = repl_modules.$(OBJEXT) auth_modules.$(OBJEXT) \
store_modules.$(OBJEXT) globals.$(OBJEXT) \
string_arrays.$(OBJEXT)
@@ -563,7 +571,9 @@
@AMDEP_TRUE@ $(DEPDIR)/fqdncache.Po $(DEPDIR)/ftp.Po \
@AMDEP_TRUE@ $(DEPDIR)/globals.Po $(DEPDIR)/gopher.Po \
@AMDEP_TRUE@ $(DEPDIR)/helper.Po $(DEPDIR)/htcp.Po \
-@AMDEP_TRUE@ $(DEPDIR)/http.Po $(DEPDIR)/icmp.Po \
+@AMDEP_TRUE@ $(DEPDIR)/http.Po $(DEPDIR)/icap_common.Po \
+@AMDEP_TRUE@ $(DEPDIR)/icap_opt.Po $(DEPDIR)/icap_reqmod.Po \
+@AMDEP_TRUE@ $(DEPDIR)/icap_respmod.Po $(DEPDIR)/icmp.Po \
@AMDEP_TRUE@ $(DEPDIR)/icp_v2.Po $(DEPDIR)/icp_v3.Po \
@AMDEP_TRUE@ $(DEPDIR)/ident.Po $(DEPDIR)/internal.Po \
@AMDEP_TRUE@ $(DEPDIR)/ipc.Po $(DEPDIR)/ipcache.Po \
@@ -777,6 +787,10 @@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/helper.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/htcp.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/http.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/icap_common.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/icap_opt.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/icap_reqmod.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/icap_respmod.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/icmp.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/icp_v2.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/icp_v3.Po@am__quote@

7137
www/squid26/files/icap-2.5-core.patch
View File

File diff suppressed because it is too large Load Diff

11
www/squid26/files/patch-tools-Makefile.in Normal file
View File

@ -0,0 +1,11 @@
--- tools/Makefile.in.orig Sun May 14 18:30:04 2006
+++ tools/Makefile.in Sun May 14 18:31:02 2006
@@ -297,7 +297,7 @@
EXTRA_DIST = \
cachemgr.conf
-DEFAULT_CACHEMGR_CONFIG = $(sysconfdir)/cachemgr.conf
+DEFAULT_CACHEMGR_CONFIG = $(sysconfdir)/cachemgr.conf.default
# Don't automatically uninstall config files
# @if test -f $(DESTDIR)$(DEFAULT_CONFIG_FILE) ; then \

11
www/squid26/files/pkg-deinstall.in
View File

@ -16,20 +16,19 @@ POST-DEINSTALL)
echo "===> post-deinstallation information for $1:"
echo ""
echo " Note:"
echo " squid related user accounts and groups were not removed."
echo " Squid related user accounts and groups were not removed."
echo ""
echo " To remove the '%%SQUID_UID%%' user and the '%%SQUID_GID%%' group which were"
echo " created by a default installation of this package, run"
echo ""
echo " pw userdel -r -n %%SQUID_UID%% -u 100"
echo ""
echo " pw userdel -n %%SQUID_UID%% -u 100"
if [ -d ${PKG_PREFIX}/squid -o -d ${PKG_PREFIX}/etc/squid ] ; then
echo ""
echo " To ease updates, the cache and log directories and"
echo " all configuration files modified by you were preserved."
echo " In order to ease updates the cache and log directories"
echo " and all configuration files modified by you were preserved."
echo ""
echo " Please remove them manually if you do not want to use"
echo " squid any longer."
echo " Squid any longer."
fi
echo ""
;;

61
www/squid26/files/pkg-install.in
View File

@ -16,18 +16,11 @@ squid_user="%%SQUID_UID%%"
squid_group="%%SQUID_GID%%"
squid_gid=100
squid_uid=100
# Try to catch the case where the $squid_user might have been created with an
# id greater than or equal 3128. The valid exception is "nobody".
nobody_uid=65534
nobody_gid=65534
squid_oldgid=3128
squid_olduid=3128
unset wrong_id
case $2 in
PRE-INSTALL)
echo "===> Pre-installation configuration for ${pkgname}"
if ! pw groupshow ${squid_group} -q >/dev/null ; then
echo "There is no group '${squid_group}' on this system, so I will try to create it:"
echo "There is no group '${squid_group}' on this system, so I will try to create it (using group id ${squid_gid}):"
if ! pw groupadd ${squid_group} -g ${squid_gid} -q ; then
echo "Failed to create group \"${squid_group}\"!" >&2
echo "Please create it manually." >&2
@ -37,16 +30,11 @@ PRE-INSTALL)
fi
else
echo "I will use the existing group '${squid_group}':"
current_gid=`pw groupshow ${squid_group}|cut -f 3 -d :`
if [ ${current_gid} -ge ${squid_oldgid} \
-a ${current_gid} -ne ${nobody_gid} ]; then
wrong_id=1
fi
fi
pw groupshow ${squid_group}
if ! pw usershow ${squid_user} -q >/dev/null ; then
echo "There is no account '${squid_user}' on this system, so I will try to create it:"
echo "There is no account '${squid_user}' on this system, so I will try to create it (using user id ${squid_uid}):"
if ! pw useradd -q -n ${squid_user} \
-u ${squid_uid} -g ${squid_group} \
-c "squid caching-proxy pseudo user" \
@ -60,53 +48,8 @@ PRE-INSTALL)
fi
else
echo "I will use the existing user '${squid_user}':"
current_uid=`id -u ${squid_user}`
if [ ${current_uid} -ge ${squid_olduid} \
-a ${current_uid} -ne ${nobody_uid} ];
then
wrong_id=1
fi
fi
pw usershow ${squid_user}
if [ "${wrong_id}" ]; then
echo ""
echo " * NOTICE *"
echo ""
echo "The squid pseudo-user's uid and/or gid have been found"
echo "to be greater than or equal 3128."
echo ""
echo "This is not a problem as such, but violates the FreeBSD"
echo "ports' principle that a ports must not claim a uid greater"
echo "than 999."
echo ""
echo "Since version 2.5.4_11, the squid user is thus created"
echo "with an id of ${squid_uid}:${squid_gid} while earlier versions of this"
echo "port used the first unused uid/gid greater than or"
echo "equal 3128."
echo ""
echo "If you want to change the existing squid user's id, run"
echo "'make changeuser' after the installation has completed."
echo "If you installed this port via a package, issue the"
echo "following commands as root:"
echo ""
echo "pw userdel -u ${current_uid}"
echo "pw groupadd -n ${squid_group} -g ${squid_gid}"
echo "pw useradd -n ${squid_user} -u ${squid_uid} \\"
echo " -c \"squid caching-proxy pseudo user\" \\"
echo " -g ${squid_group} -d ${squid_base} -s /sbin/nologin \\"
echo " -h -"
echo "find -H ${PKG_PREFIX} -user ${current_uid} -exec chown ${squid_user} {} \\;"
echo "find -H ${PKG_PREFIX} -group ${current_gid} -exec chgrp ${squid_group} {} \\;"
echo ""
echo "In case you have installed third party software for squid"
echo "like squidGuard, you should additionally run:"
echo "find -H /var -user ${current_uid} -exec chown ${squid_user} {} \\;"
echo "find -H /var -group ${current_gid} -exec chgrp ${squid_group} {} \\;"
echo ""
if [ -z "${PACKAGE_BUILDING}" -a -z "${BATCH}" ]; then
sleep 30
fi
fi
for dir in cache logs; do
if [ ! -d ${squid_base}/${dir} ]; then
echo "Creating ${squid_base}/${dir}..."

21
www/squid26/files/pkg-message.in
View File

@ -1,9 +1,9 @@
o You can find the configuration files for this package in the
directory %%PREFIX%%/etc/squid.
o A cache directory has been created in %%PREFIX%%/squid/cache.
Log files will be written to %%PREFIX%%/squid/logs.
Note:
You must initialize new cache directories before you can start
squid. Do this by running "squid -z" as 'root' or '%%SQUID_UID%%'.
@ -13,12 +13,19 @@
o The default configuration will deny everyone access to the
proxy service. Edit the "http_access" directives in
%%PREFIX%%/etc/squid.conf to suit your needs.
--begin rcng
Please note that the squid start script is an rc.d style script.
This means that squid will not start automatically at boot time.
Please note that the Squid start script is an rc.d style script.
This means that Squid will not start automatically at boot
time unless it is explicitly enabled.
To enable squid, set squid_enable=yes in either
To enable Squid, set squid_enable=yes in either
/etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/squid
Please see %%PREFIX%%/etc/rc.d/squid(.sh) for further details.
--end rcng
Note:
If you just updated your Squid installation from 2.5 or earlier,
make sure to check your Squid configuration against the 2.6 default
configuration file %%PREFIX%%/etc/squid/squid.conf.default.
Additionally, you should check your configuration by calling
'squid -f /path/to/squid.conf -k parse' before starting Squid.

71
www/squid26/files/squid.sh.in → www/squid26/files/squid.in
View File

@ -2,7 +2,6 @@
#
# $FreeBSD$
#
# --begin rcng
# PROVIDE: squid
# REQUIRE: LOGIN
# KEYWORD: shutdown
@ -14,43 +13,32 @@
#
# Please see squid(8), rc.conf(5) and rc(8) for further details.
#
# --end rcng
name=squid
command=%%PREFIX%%/sbin/squid
# --begin rcng
extra_commands=reload
reload_cmd="${command} -k reconfigure"
# --end rcng
stop_cmd="squid_stop"
squid_chdir=${squid_chdir:-%%PREFIX%%/squid/logs}
# --begin rcng
squid_enable=${squid_enable:-"NO"}
# --end rcng
squid_flags=${squid_flags-"-D"}
squid_user=${squid_user:-%%SQUID_UID%%}
default_config=%%PREFIX%%/etc/squid/squid.conf
# --begin rcold
squid_stop() {
echo -n " ${name}"
${command} -k shutdown
while ps -xcU ${squid_user} | grep -q squid; do
sleep 2
done
}
# --end rcold
# --begin rcng
squid_stop() {
${command} -k shutdown
run_rc_command poll
}
. %%RC_SUBR%%
rcvar=`set_rcvar`
name=squid
rcvar=${name}_enable
command=%%PREFIX%%/sbin/squid
extra_commands=reload
reload_cmd="${command} -k reconfigure"
stop_cmd="squid_stop"
load_rc_config ${name}
squid_chdir=${squid_chdir:-%%PREFIX%%/squid/logs}
squid_enable=${squid_enable:-"NO"}
squid_flags=${squid_flags-"-D"}
squid_user=${squid_user:-%%SQUID_UID%%}
default_config=%%PREFIX%%/etc/squid/squid.conf
required_dirs=${squid_chdir}
# squid(8) will not start if ${default_config} is not present so try
# to catch that beforehand via ${required_files} rather than make
# squid(8) crash.
@ -60,28 +48,5 @@ load_rc_config ${name}
if [ -z "${squid_flags}" ]; then
required_files=${default_config}
fi
required_dirs=${squid_chdir}
run_rc_command "$1"
# --end rcng
# --begin rcold
case $1 in
start)
if [ -x "${command}" -a \
\( -f "${default_config}" -o "${squid_flags}" \) ]; then
echo -n " ${name}"
(cd ${squid_chdir} && exec su -fm ${squid_user} -c \
"${command} ${squid_flags}")
fi
;;
stop)
if [ -x "${command}" ]; then
${stop_cmd}
fi
;;
*)
echo "usage: ${0##*/} {start|stop}" >&2
exit 64
;;
esac
exit 0
# --end rcold

19
www/squid26/pkg-descr
View File

@ -1,15 +1,10 @@
This is the Squid Internet Object Cache developed by the National
Laboratory for Applied Networking Research (NLANR) and Internet
volunteers. This software is freely available for anyone to use.
Squid is a high-performance proxy caching server for web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single, non-blocking,
I/O-driven process.
This software is based on the Harvest Object Cache developed by
the University of Colorado and the University of Southern California.
The Harvest home page is http://harvest.cs.colorado.edu/.
ARPA funding for the Harvest project has ended, the squid project has
continued development of the cache where Harvest finished.
This port provides many configuration options, most of which are
available via 'make config'.
Squid supports SSL, extensive access controls, and full request logging.
By using the lightweight Internet Cache Protocol, Squid caches can be
arranged in a hierarchy or mesh for additional bandwidth savings.
WWW: http://www.squid-cache.org/

243
www/squid27/Makefile
View File

@ -1,23 +1,19 @@
# New ports collection makefile for: squid24
# Date created: Tue Mar 27 14:56:08 CEST 2001
# Whom: Adrian Chadd <adrian@FreeBSD.org>
# New ports collection makefile for: squid26
# Date created: 2006-06-01
# Whom: Thomas-Martin Seck <tmseck@netcologne.de>
#
# $FreeBSD$
#
# Tunables not (yet) configurable via 'make config':
# SQUID_{U,G}ID
# Which user/group squid should run as (default: squid/squid).
# Which user/group Squid should run as (default: squid/squid).
# The user and group will be created if they do not already exist using
# a uid:gid of 100:100.
# NOTE: before version 2.5.4_6, these settings defaulted to
# nobody/nogroup.
# If you wish to keep these settings, please define SQUID_UID=nobody and
# SQUID_GID=nogroup in your make environment before you start the update.
# NOTE2:
# Before version 2.5.4_11 the numerical id chosen for SQUID_UID (and
# SQUID_GID respectively) was the first free id greater than or equal 3128.
# If you wish to move your squid user to id 100:100, run "make changeuser",
# please see the changeuser target's definition for further information.
# NOTE: older versions of Squid defaulted to nobody/nogroup.
# If you wish to run Squid as "nobody" (which is not recommended), please
# define SQUID_UID=nobody and SQUID_GID=nogroup in your make environment
# before you start the update or installation of this port.
#
# SQUID_LANGUAGES
# A list of languages for which error page files should be installed
# (default: all)
@ -39,7 +35,7 @@
# `make SQUID_CONFIGURE_ARGS="--enable-dlmalloc --enable-truncate" install'
#
# The list below may be incomplete, please see the configure script
# in the squid source distribution for the complete list of additional
# in the Squid source distribution for the complete list of additional
# options.
# Note that you probably do not need to worry about these options in most
# cases, they are included in case you want to experiment with them.
@ -47,11 +43,10 @@
# --enable-dlmalloc
# Compile and use the malloc package from Doug Lea
# --enable-gnuregex
# Compile and use the supplied GNUregex routines instead of BSD regex.
# Compile and use the supplied GNUregex routines instead of BSD regex
# (not recommended).
# --enable-xmalloc-statistics
# Show malloc statistics in status page
# --enable-time-hack
# Optimize time updates to one per second rather than calling gettimeofday()
# --enable-cachemgr-hostname=some.hostname
# Set an explicit hostname in cachemgr.cgi
# --enable-truncate
@ -68,15 +63,23 @@
# of filedescriptors the resulting binary is expected to support.
# --enable-ntlm-fail-open
# Enable NTLM fail open, where a helper that fails one of the
# Authentication steps can allow squid to still authenticate the user
#
# Authentication steps can allow Squid to still authenticate the user
# --enable-x-accelerator-vary
# Enable support for the X-Accelerator-Vary HTTP header. Can be used
# to indicate variance within an accelerator setup. Typically used
# together with other code that adds custom HTTP headers to the
# requests.
# --enable-auth-on-acceleration
# Enable authentication in accelerators.
# --enable-forward-log
# Enable experimental forward_log directive.
# --enable-multicast-miss
# Enable experimental multicast notification of cachemisses.
PORTNAME= squid
PORTVERSION= 2.5.14
PORTREVISION= 1
PORTVERSION= 2.6.1
CATEGORIES= www
MASTER_SITES= \
ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
ftp://archive.progeny.com/squid/%SUBDIR%/ \
ftp://mirrors.24-7-solutions.net/pub/squid/%SUBDIR%/ \
ftp://sunsite.auc.dk/pub/infosystems/squid/%SUBDIR%/ \
@ -86,20 +89,32 @@ MASTER_SITES= \
ftp://ftp.ccs.neu.edu/pub/mirrors/squid.nlanr.net/pub/%SUBDIR%/ \
${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/www/squid/&,}
MASTER_SITE_SUBDIR= squid-2/STABLE
DISTNAME= squid-2.5.STABLE14
DIST_SUBDIR= squid2.5
DISTNAME= squid-2.6.STABLE1
DIST_SUBDIR= squid2.6
PATCH_SITES= http://www.squid-cache.org/Versions/v2/2.5/bugs/
PATCHFILES= squid-2.5.STABLE14-httpReplyDestroy.patch
PATCH_SITES= http://www.squid-cache.org/%SUBDIR%/ \
http://www2.us.squid-cache.org/%SUBDIR%/ \
http://www3.us.squid-cache.org/%SUBDIR%/ \
http://www1.at.squid-cache.org/%SUBDIR%/ \
http://www2.nl.squid-cache.org/%SUBDIR%/ \
http://www1.ru.squid-cache.org/%SUBDIR%/ \
http://www1.uk.squid-cache.org/%SUBDIR%/ \
http://www1.jp.squid-cache.org/%SUBDIR%/ \
http://www1.tw.squid-cache.org/%SUBDIR%/
PATCH_SITE_SUBDIR= Versions/v2/2.6/bugs
PATCHFILES=
PATCH_DIST_STRIP= -p1
MAINTAINER= tmseck@netcologne.de
COMMENT= The successful WWW proxy cache and accelerator
COMMENT= HTTP Caching Proxy
CONFLICTS= squid-2.[^5]*
LATEST_LINK= squid26
CONFLICTS= squid-2.[^6]*
GNU_CONFIGURE= yes
USE_BZIP2= yes
USE_PERL5= yes
USE_RC_SUBR= squid
SQUID_UID?= squid
SQUID_GID?= squid
@ -114,20 +129,19 @@ OPTIONS= SQUID_LDAP_AUTH "Install LDAP authentication helpers" off \
SQUID_SASL_AUTH "Install SASL authentication helpers" off \
SQUID_DELAY_POOLS "Enable delay pools" off \
SQUID_SNMP "Enable SNMP support" off \
SQUID_CARP "Enable CARP support" off \
SQUID_CARP "Enable CARP support" on \
SQUID_SSL "Enable SSL support for reverse proxies" off \
SQUID_PINGER "Install the icmp helper" off \
SQUID_DNS_HELPER "Use the old 'dnsserver' helper" off \
SQUID_HTCP "Enable HTCP support" off \
SQUID_VIA_DB "Enable forward/via database" off \
SQUID_CACHE_DIGESTS "Enable cache digests" off \
SQUID_WCCP "Enable Web Cache Coordination Protocol" on \
SQUID_UNDERSCORES "Allow underscores in hostnames" on \
SQUID_CHECK_HOSTNAME "Do hostname checking" on \
SQUID_WCCP "Enable Web Cache Coordination Prot. v1" on \
SQUID_WCCPV2 "Enable Web Cache Coordination Prot. v2" off \
SQUID_STRICT_HTTP "Be strictly HTTP compliant" off \
SQUID_IDENT "Enable ident (RFC 931) lookups" on \
SQUID_REFERER_LOG "Enable Referer-header logging" off \
SQUID_USERAGENT_LOG "Enable User-Agent-header logging" off \
SQUID_CUSTOM_LOG "Enable custom log format" off \
SQUID_ARP_ACL "Enable ACLs based on ethernet address" off \
SQUID_PF "Enable transparent proxying with PF" off \
SQUID_IPFILTER "Enable transp. proxying with IPFilter" off \
@ -135,9 +149,9 @@ OPTIONS= SQUID_LDAP_AUTH "Install LDAP authentication helpers" off \
SQUID_ICAP "Enable ICAP client functionality" off \
SQUID_AUFS "Enable the aufs storage scheme" off \
SQUID_COSS "Enable the COSS storage scheme" off \
SQUID_KQUEUE "Use kqueue(2) instead of poll(2)" on \
SQUID_LARGEFILE "Support log and cache files >2GB" off \
SQUID_STACKTRACES "Create backtraces on fatal errors" off \
SQUID_RCNG "Install an rc.d style startup script" on
SQUID_STACKTRACES "Create backtraces on fatal errors" off
etc_files= squid/cachemgr.conf.default \
squid/mib.txt squid/mime.conf.default \
@ -165,37 +179,44 @@ error_files= ERR_ACCESS_DENIED ERR_CACHE_ACCESS_DENIED \
ERR_SOCKET_FAILURE ERR_TOO_BIG ERR_UNSUP_REQ \
ERR_URN_RESOLVE ERR_WRITE_ERROR ERR_ZERO_SIZE_OBJECT
libexec= cachemgr.cgi digest_pw_auth diskd ip_user_check \
libexec= cachemgr.cgi digest_pw_auth diskd-daemon ip_user_check \
msnt_auth ncsa_auth ntlm_auth \
pam_auth smb_auth smb_auth.sh squid_unix_group \
wb_auth wb_group wb_ntlmauth wbinfo_group.pl
pam_auth smb_auth smb_auth.sh squid_session squid_unix_group \
wbinfo_group.pl
.if !defined(SQUID_CONFIGURE_ARGS) || ${SQUID_CONFIGURE_ARGS:M*--disable-unlinkd*} == ""
libexec+= unlinkd
.endif
sbin= RunAccel RunCache squidclient squid
sbin= RunCache squidclient squid
CONFIGURE_ARGS= --bindir=${PREFIX}/sbin --sysconfdir=${PREFIX}/etc/squid \
CONFIGURE_ARGS= --bindir=${PREFIX}/sbin \
--sbindir=${PREFIX}/sbin \
--datadir=${PREFIX}/etc/squid \
--libexecdir=${PREFIX}/libexec/squid \
--localstatedir=${PREFIX}/squid \
--enable-removal-policies="lru heap"
--sysconfdir=${PREFIX}/etc/squid \
--enable-removal-policies="lru heap" \
--disable-linux-netfilter \
--disable-linux-tproxy \
--disable-epoll
.include <bsd.port.pre.mk>
# Authentication methods and modules:
basic_auth= NCSA PAM MSNT SMB winbind
external_acl= ip_user unix_group wbinfo_group winbind_group
MAN8+= pam_auth.8 squid_unix_group.8
basic_auth= NCSA PAM MSNT SMB
digest_auth= password
external_acl= ip_user session unix_group wbinfo_group
MAN8+= ncsa_auth.8 pam_auth.8 squid_session.8 squid_unix_group.8
.if defined(WITH_SQUID_LDAP_AUTH)
USE_OPENLDAP= yes
CFLAGS+= -I${LOCALBASE}/include
LDFLAGS+= -L${LOCALBASE}/lib
MAN8+= squid_ldap_auth.8 squid_ldap_group.8
basic_auth+= LDAP
digest_auth+= ldap
external_acl+= ldap_group
libexec+= squid_ldap_auth squid_ldap_group
libexec+= digest_ldap_auth squid_ldap_auth squid_ldap_group
.endif
.if defined(WITH_SQUID_SASL_AUTH)
LIB_DEPENDS+= sasl2.2:${PORTSDIR}/security/cyrus-sasl2
@ -211,11 +232,11 @@ libexec+= yp_auth
.endif
CONFIGURE_ARGS+= --enable-auth="basic ntlm digest" \
--enable-basic-auth-helpers="${basic_auth}" \
--enable-digest-auth-helpers="password" \
--enable-digest-auth-helpers="${digest_auth}" \
--enable-external-acl-helpers="${external_acl}" \
--enable-ntlm-auth-helpers="SMB winbind"
--enable-ntlm-auth-helpers="SMB"
# Selection of storage schemes:
# Storage schemes:
storage_schemes= ufs diskd null
.if defined(WITH_SQUID_AUFS)
@ -227,7 +248,7 @@ CFLAGS+= ${PTHREAD_CFLAGS}
.endif
.if defined(WITH_SQUID_COSS)
storage_schemes+= coss
CONFIGURE_ARGS+= --with-aio
CONFIGURE_ARGS+= --enable-coss-aio-ops
.endif
CONFIGURE_ARGS+= --enable-storeio="${storage_schemes}"
@ -239,13 +260,14 @@ CONFIGURE_ARGS+= --enable-delay-pools
.if defined(WITH_SQUID_SNMP)
CONFIGURE_ARGS+= --enable-snmp
.endif
.if defined(WITH_SQUID_CARP)
CONFIGURE_ARGS+= --enable-carp
.if defined(WITHOUT_SQUID_CARP)
CONFIGURE_ARGS+= --disable-carp
.endif
.if defined(WITH_SQUID_SSL)
# we need to .include bsd.openssl.mk manually here because USE_OPENSSL only
# works when it is defined before bsd.port{.pre}.mk is .included and this is
# not possible when using OPTIONS
# we need to .include bsd.openssl.mk manually here.because USE_OPENSSL only
# works when it is defined before bsd.port{.pre}.mk is .included.
# This makes it currently impossible to combine this macro with OPTIONS to
# conditionally include OpenSSL support.
.include "${PORTSDIR}/Mk/bsd.openssl.mk"
CONFIGURE_ARGS+= --enable-ssl \
--with-openssl="${OPENSSLBASE}"
@ -272,11 +294,8 @@ CONFIGURE_ARGS+= --enable-cache-digests
.if defined(WITHOUT_SQUID_WCCP)
CONFIGURE_ARGS+= --disable-wccp
.endif
.if !defined(WITHOUT_SQUID_UNDERSCORES)
CONFIGURE_ARGS+= --enable-underscores
.endif
.if defined(WITHOUT_SQUID_CHECK_HOSTNAME)
CONFIGURE_ARGS+= --disable-hostname-checks
.if defined(WITH_SQUID_WCCPV2)
CONFIGURE_ARGS+= --enable-wccpv2
.endif
.if defined(WITH_SQUID_STRICT_HTTP)
CONFIGURE_ARGS+= --disable-http-violations
@ -284,12 +303,12 @@ CONFIGURE_ARGS+= --disable-http-violations
.if defined(WITHOUT_SQUID_IDENT)
CONFIGURE_ARGS+= --disable-ident-lookups
.endif
.if defined(WITH_SQUID_REFERER_LOG)
CONFIGURE_ARGS+= --enable-referer-log
.endif
.if defined(WITH_SQUID_USERAGENT_LOG)
CONFIGURE_ARGS+= --enable-useragent-log
.endif
.if defined(WITH_SQUID_CUSTOM_LOG)
EXTRA_PATCHES+= ${PATCHDIR}/customlog-2.5.patch
.endif
.if defined(WITH_SQUID_ARP_ACL)
CONFIGURE_ARGS+= --enable-arp-acl
.endif
@ -313,45 +332,39 @@ CONFIGURE_ARGS+= --enable-ipf-transparent
.endif
.endif
.if defined(WITH_SQUID_FOLLOW_XFF)
EXTRA_PATCHES+= ${PATCHDIR}/follow_xff-2.5.patch \
${PATCHDIR}/follow_xff-configure.patch
CONFIGURE_ARGS+= --enable-follow-x-forwarded-for
.endif
.if defined(WITH_SQUID_ICAP)
EXTRA_PATCHES+= ${PATCHDIR}/icap-2.5-core.patch \
${PATCHDIR}/icap-2.5-bootstrap.patch
CONFIGURE_ARGS+= --enable-icap-support
error_files+= ERR_ICAP_FAILURE
IGNORE= patches for ICAP support are not yet updated
EXTRA_PATCHES+=
#CONFIGURE_ARGS+= --enable-icap-support
#error_files+= ERR_ICAP_FAILURE
.endif
.if !defined(WITHOUT_SQUID_KQUEUE)
CONFIGURE_ARGS+= --enable-kqueue
.else
CONFIGURE_ARGS+= --disable-kqueue
.endif
.if defined(WITH_SQUID_LARGEFILE)
CONFIGURE_ARGS+= --with-large-files --enable-large-cache-files
.endif
.if defined(WITH_SQUID_STACKTRACES)
.if defined(WITH_SQUID_STACKTRACES) || defined(WITH_DEBUG)
CONFIGURE_ARGS+= --enable-stacktraces
CFLAGS+= -g
STRIP= ""
.endif
.if !defined(WITHOUT_SQUID_RCNG)
USE_RC_SUBR= squid.sh
rc_del= rcold
rc_state= rcng
.else
SUB_FILES+= squid.sh
etc_files+= rc.d/squid.sh
rc_del= rcng
rc_state= rcold
.endif
# Languages:
#
# If you do not define SQUID_LANGUAGES yourself, all available language files
# will be installed; the default language will be English.
SQUID_LANGUAGES?= \
Azerbaijani Bulgarian Catalan Czech Danish Dutch English Estonian Finnish \
French German Greek Hebrew Hungarian Italian Japanese Korean Lithuanian \
Polish Portuguese Romanian Russian-1251 Russian-koi8-r Serbian \
Simplify_Chinese Slovak Spanish Swedish Traditional_Chinese Turkish
SQUID_LANGUAGES?= Azerbaijani Bulgarian Catalan Czech Danish Dutch \
English Estonian Finnish French German Greek Hebrew \
Hungarian Italian Japanese Korean Lithuanian \
Polish Portuguese Romanian Russian-1251 Russian-koi8-r \
Serbian Simplify_Chinese Slovak Spanish Swedish \
Traditional_Chinese Turkish
SQUID_DEFAULT_LANG?= English
CONFIGURE_ARGS+= --enable-err-languages="${SQUID_LANGUAGES}" \
--enable-default-err-language=${SQUID_DEFAULT_LANG}
@ -385,31 +398,16 @@ pre-install:
# Prevent installation of .orig files by deleting them.
@${FIND} ${WRKSRC} -name '*.bak' -delete
@${FIND} ${WRKSRC} -name '*.orig' -delete
# create the start script:
@${REINPLACE_CMD} \
-e '/--begin ${rc_del}/,/--end ${rc_del}/d' \
-e '/--.*${rc_state}/d' ${WRKDIR}/squid.sh
# create variable information in pkg-message:
@${REINPLACE_CMD} \
-e '/--begin ${rc_del}/,/--end ${rc_del}/d' \
-e '/--.*${rc_state}/d' ${PKGMESSAGE}
pre-su-install:
@${SETENV} ${SCRIPTS_ENV} PKG_PREFIX=${PREFIX} \
${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
post-install:
# Create cachemgr.conf.default manually since squid's install routine
# unfortunately fails to do so:
${INSTALL_DATA} ${WRKSRC}/src/cachemgr.conf \
${PREFIX}/etc/squid/cachemgr.conf.default
.if defined(WITH_SQUID_PINGER)
${CHMOD} 4510 ${PREFIX}/libexec/squid/pinger; \
${CHGRP} ${SQUID_GID} ${PREFIX}/libexec/squid/pinger
.endif
.if defined(WITHOUT_SQUID_RCNG)
${INSTALL_SCRIPT} ${WRKDIR}/squid.sh ${PREFIX}/etc/rc.d/
.endif
.if !defined(NOPORTDOCS)
@${MKDIR} ${DOCSDIR}
cd ${WRKSRC} && ${INSTALL_DATA} ${docs} ${DOCSDIR}
@ -421,50 +419,5 @@ post-install:
@${ECHO_CMD} ""
@${CAT} ${PKGMESSAGE}
@${ECHO_CMD} ""
changeuser:
# Recover from the problem that earlier versions of this port created the
# squid pseudo-user with an id greater than 999 which is not allowed in
# FreeBSD's ports system. The port now uses id 100:100.
# NOTE:
# This target assumes that SQUID_GID is the primary group of SQUID_UID. If you
# have a different setup, do not run this target!
.if ${SQUID_UID:L} == nobody
@${ECHO_CMD} "'nobody' is a system user, you do not need to execute"; \
${ECHO_CMD} "this target!"
${FALSE}
.endif
@if [ `${ID} -u` -ne 0 ]; \
then ${ECHO_CMD} "Sorry, you must be root to use this target."; ${FALSE}; fi; \
current_uid=`id -u ${SQUID_UID}`; \
current_gid=`pw groupshow ${SQUID_GID}|cut -f 3 -d :`; \
${ECHO_CMD} "I will remove this user:"; \
${ID} -P $${current_uid}; \
${ECHO_CMD} "and this group:"; \
pw groupshow ${SQUID_GID}; \
${ECHO_CMD} "I will then re-create them with a user and group id of 100."; \
${ECHO_CMD} "Then all files and directories under ${PREFIX} and /var that"; \
${ECHO_CMD} "are owned by uid $${current_uid} will be chown(1)'ed."; \
${ECHO_CMD} "After that, all files and directories that were accessible"; \
${ECHO_CMD} "by group $${current_gid} will chgrp(1)'ed respectively."; \
${ECHO_CMD} "Note that this assumes group '${SQUID_GID}' to be the primary"; \
${ECHO_CMD} "group of user '${SQUID_UID}'. If you have a different setup"; \
${ECHO_CMD} "please abort this target now."; \
read -p "Press RETURN to continue or CTRL-C to abort:" dummy ; \
${ECHO_CMD} "OK, here we go:"; \
${ECHO_CMD} "deleting user $${current_uid} and his primary group..."; \
pw userdel -u $${current_uid}; \
${ECHO_CMD} "adding user ${SQUID_UID} with id 100..."; \
pw groupadd -n ${SQUID_GID} -g 100; \
pw useradd -n ${SQUID_UID} -u 100 -c "squid caching-proxy pseudo user" \
-d ${PREFIX}/squid -s /sbin/nologin -h - ; \
${ECHO_CMD} "chown(1)'ing everything under ${PREFIX} from $${current_uid} to 100..."; \
${FIND} -H ${PREFIX} -user $${current_uid} -exec ${CHOWN} 100 {} \; ; \
${ECHO_CMD} "chgrp(1)'ing everything under ${PREFIX} from $${current_gid} to 100..."; \
${FIND} -H ${PREFIX} -group $${current_gid} -exec ${CHOWN} :100 {} \; ; \
${ECHO_CMD} "chown(1)'ing everything under /var from $${current_uid} to 100..."; \
${FIND} -H /var -user $${current_uid} -exec ${CHOWN} 100 {} \; ; \
${ECHO_CMD} "chgrp(1)'ing everything under /var from $${current_gid} to 100..."; \
${FIND} -H /var -group $${current_gid} -exec ${CHOWN} :100 {} \; ; \
${ECHO_CMD} "Finished."
.include <bsd.port.post.mk>

9
www/squid27/distinfo
View File

@ -1,6 +1,3 @@
MD5 (squid2.5/squid-2.5.STABLE14.tar.bz2) = f413e0b887a5f9b2a75350243ed5564c
SHA256 (squid2.5/squid-2.5.STABLE14.tar.bz2) = c4eaee0e5ee42f46060217df9a88d628d244c0a543feab8296e44269e57ec7bd
SIZE (squid2.5/squid-2.5.STABLE14.tar.bz2) = 1073745
MD5 (squid2.5/squid-2.5.STABLE14-httpReplyDestroy.patch) = 1529f8b0170e24b26353578778435bd4
SHA256 (squid2.5/squid-2.5.STABLE14-httpReplyDestroy.patch) = 9e99132b8efb07e3465d5e33749aa450daecfa3acde73755b6a3589d09d19285
SIZE (squid2.5/squid-2.5.STABLE14-httpReplyDestroy.patch) = 1277
MD5 (squid2.6/squid-2.6.STABLE1.tar.bz2) = d6bb23a67b0475cca11d4af8d574d054
SHA256 (squid2.6/squid-2.6.STABLE1.tar.bz2) = a9efea26f1c3966dff69f80c271a73562afed5c65929d69dab713308dd402ba9
SIZE (squid2.6/squid-2.6.STABLE1.tar.bz2) = 1212556

1597
www/squid27/files/customlog-2.5.patch
View File

File diff suppressed because it is too large Load Diff

411
www/squid27/files/follow_xff-2.5.patch
View File

@ -1,411 +0,0 @@
! This is a reduced part of the original follow-XFF patchset from
! devel.squid-cache.org for use with the FreeBSD squid-2.5 port.
Index: src/acl.c
--- src/acl.c 13 May 2003 02:14:12 -0000 1.43.2.16
+++ src/acl.c 23 Nov 2003 14:20:12 -0000
@@ -2001,6 +2001,11 @@
cbdataLock(A);
if (request != NULL) {
checklist->request = requestLink(request);
+#if FOLLOW_X_FORWARDED_FOR
+ if (Config.onoff.acl_uses_indirect_client) {
+ checklist->src_addr = request->indirect_client_addr;
+ } else
+#endif /* FOLLOW_X_FORWARDED_FOR */
checklist->src_addr = request->client_addr;
checklist->my_addr = request->my_addr;
checklist->my_port = request->my_port;
Index: src/cf.data.pre
--- src/cf.data.pre 7 Nov 2003 03:14:30 -0000 1.49.2.46
+++ src/cf.data.pre 23 Nov 2003 14:20:17 -0000
@@ -2065,6 +2065,92 @@
NOCOMMENT_END
DOC_END
+NAME: follow_x_forwarded_for
+TYPE: acl_access
+IFDEF: FOLLOW_X_FORWARDED_FOR
+LOC: Config.accessList.followXFF
+DEFAULT: none
+DEFAULT_IF_NONE: deny all
+DOC_START
+ Allowing or Denying the X-Forwarded-For header to be followed to
+ find the original source of a request.
+
+ Requests may pass through a chain of several other proxies
+ before reaching us. The X-Forwarded-For header will contain a
+ comma-separated list of the IP addresses in the chain, with the
+ rightmost address being the most recent.
+
+ If a request reaches us from a source that is allowed by this
+ configuration item, then we consult the X-Forwarded-For header
+ to see where that host received the request from. If the
+ X-Forwarded-For header contains multiple addresses, and if
+ acl_uses_indirect_client is on, then we continue backtracking
+ until we reach an address for which we are not allowed to
+ follow the X-Forwarded-For header, or until we reach the first
+ address in the list. (If acl_uses_indirect_client is off, then
+ it's impossible to backtrack through more than one level of
+ X-Forwarded-For addresses.)
+
+ The end result of this process is an IP address that we will
+ refer to as the indirect client address. This address may
+ be treated as the client address for access control, delay
+ pools and logging, depending on the acl_uses_indirect_client,
+ delay_pool_uses_indirect_client and log_uses_indirect_client
+ options.
+
+ SECURITY CONSIDERATIONS:
+
+ Any host for which we follow the X-Forwarded-For header
+ can place incorrect information in the header, and Squid
+ will use the incorrect information as if it were the
+ source address of the request. This may enable remote
+ hosts to bypass any access control restrictions that are
+ based on the client's source addresses.
+
+ For example:
+
+ acl localhost src 127.0.0.1
+ acl my_other_proxy srcdomain .proxy.example.com
+ follow_x_forwarded_for allow localhost
+ follow_x_forwarded_for allow my_other_proxy
+DOC_END
+
+NAME: acl_uses_indirect_client
+COMMENT: on|off
+TYPE: onoff
+IFDEF: FOLLOW_X_FORWARDED_FOR
+DEFAULT: on
+LOC: Config.onoff.acl_uses_indirect_client
+DOC_START
+ Controls whether the indirect client address
+ (see follow_x_forwarded_for) is used instead of the
+ direct client address in acl matching.
+DOC_END
+
+NAME: delay_pool_uses_indirect_client
+COMMENT: on|off
+TYPE: onoff
+IFDEF: FOLLOW_X_FORWARDED_FOR && DELAY_POOLS
+DEFAULT: on
+LOC: Config.onoff.delay_pool_uses_indirect_client
+DOC_START
+ Controls whether the indirect client address
+ (see follow_x_forwarded_for) is used instead of the
+ direct client address in delay pools.
+DOC_END
+
+NAME: log_uses_indirect_client
+COMMENT: on|off
+TYPE: onoff
+IFDEF: FOLLOW_X_FORWARDED_FOR
+DEFAULT: on
+LOC: Config.onoff.log_uses_indirect_client
+DOC_START
+ Controls whether the indirect client address
+ (see follow_x_forwarded_for) is used instead of the
+ direct client address in the access log.
+DOC_END
+
NAME: http_access
TYPE: acl_access
LOC: Config.accessList.http
Index: src/client_side.c
--- src/client_side.c 2 Sep 2003 02:13:45 -0000 1.47.2.39
+++ src/client_side.c 23 Nov 2003 14:20:22 -0000
@@ -109,6 +109,11 @@
#if USE_IDENT
static IDCB clientIdentDone;
#endif
+#if FOLLOW_X_FORWARDED_FOR
+static void clientFollowXForwardedForStart(void *data);
+static void clientFollowXForwardedForNext(void *data);
+static void clientFollowXForwardedForDone(int answer, void *data);
+#endif /* FOLLOW_X_FORWARDED_FOR */
static int clientOnlyIfCached(clientHttpRequest * http);
static STCB clientSendMoreData;
static STCB clientCacheHit;
@@ -177,10 +182,179 @@
return ch;
}
+#if FOLLOW_X_FORWARDED_FOR
+/*
+ * clientFollowXForwardedForStart() copies the X-Forwarded-For
+ * header into x_forwarded_for_iterator and passes control to
+ * clientFollowXForwardedForNext().
+ *
+ * clientFollowXForwardedForNext() checks the indirect_client_addr
+ * against the followXFF ACL and passes the result to
+ * clientFollowXForwardedForDone().
+ *
+ * clientFollowXForwardedForDone() either grabs the next address
+ * from the tail of x_forwarded_for_iterator and loops back to
+ * clientFollowXForwardedForNext(), or cleans up and passes control to
+ * clientAccessCheck().
+ */
+
+static void
+clientFollowXForwardedForStart(void *data)
+{
+ clientHttpRequest *http = data;
+ request_t *request = http->request;
+ if (Config.accessList.followXFF
+ && httpHeaderHas(&request->header, HDR_X_FORWARDED_FOR))
+ {
+ request->x_forwarded_for_iterator = httpHeaderGetList(
+ &request->header, HDR_X_FORWARDED_FOR);
+ debug(33, 5) ("clientFollowXForwardedForStart: indirect_client_addr=%s XFF='%s'\n",
+ inet_ntoa(request->indirect_client_addr),
+ strBuf(request->x_forwarded_for_iterator));
+ clientFollowXForwardedForNext(http);
+ } else {
+ /* not configured to follow X-Forwarded-For, or nothing to follow */
+ debug(33, 5) ("clientFollowXForwardedForStart: nothing to do\n");
+ clientFollowXForwardedForDone(-1, http);
+ }
+}
+
+static void
+clientFollowXForwardedForNext(void *data)
+{
+ clientHttpRequest *http = data;
+ request_t *request = http->request;
+ debug(33, 5) ("clientFollowXForwardedForNext: indirect_client_addr=%s XFF='%s'\n",
+ inet_ntoa(request->indirect_client_addr),
+ strBuf(request->x_forwarded_for_iterator));
+ if (strLen(request->x_forwarded_for_iterator) != 0) {
+ /* check the acl to see whether to believe the X-Forwarded-For header */
+ http->acl_checklist = clientAclChecklistCreate(
+ Config.accessList.followXFF, http);
+ aclNBCheck(http->acl_checklist, clientFollowXForwardedForDone, http);
+ } else {
+ /* nothing left to follow */
+ debug(33, 5) ("clientFollowXForwardedForNext: nothing more to do\n");
+ clientFollowXForwardedForDone(-1, http);
+ }
+}
+
+static void
+clientFollowXForwardedForDone(int answer, void *data)
+{
+ clientHttpRequest *http = data;
+ request_t *request = http->request;
+ /*
+ * answer should be be ACCESS_ALLOWED or ACCESS_DENIED if we are
+ * called as a result of ACL checks, or -1 if we are called when
+ * there's nothing left to do.
+ */
+ if (answer == ACCESS_ALLOWED) {
+ /*
+ * The IP address currently in request->indirect_client_addr
+ * is trusted to use X-Forwarded-For. Remove the last
+ * comma-delimited element from x_forwarded_for_iterator and use
+ * it to to replace indirect_client_addr, then repeat the cycle.
+ */
+ const char *p;
+ const char *asciiaddr;
+ int l;
+ struct in_addr addr;
+ debug(33, 5) ("clientFollowXForwardedForDone: indirect_client_addr=%s is trusted\n",
+ inet_ntoa(request->indirect_client_addr));
+ p = strBuf(request->x_forwarded_for_iterator);
+ l = strLen(request->x_forwarded_for_iterator);
+
+ /*
+ * XXX x_forwarded_for_iterator should really be a list of
+ * IP addresses, but it's a String instead. We have to
+ * walk backwards through the String, biting off the last
+ * comma-delimited part each time. As long as the data is in
+ * a String, we should probably implement and use a variant of
+ * strListGetItem() that walks backwards instead of forwards
+ * through a comma-separated list. But we don't even do that;
+ * we just do the work in-line here.
+ */
+ /* skip trailing space and commas */
+ while (l > 0 && (p[l-1] == ',' || xisspace(p[l-1])))
+ l--;
+ strCut(request->x_forwarded_for_iterator, l);
+ /* look for start of last item in list */
+ while (l > 0 && ! (p[l-1] == ',' || xisspace(p[l-1])))
+ l--;
+ asciiaddr = p+l;
+ if (inet_aton(asciiaddr, &addr) == 0) {
+ /* the address is not well formed; do not use it */
+ debug(33, 3) ("clientFollowXForwardedForDone: malformed address '%s'\n",
+ asciiaddr);
+ goto done;
+ }
+ debug(33, 3) ("clientFollowXForwardedForDone: changing indirect_client_addr from %s to '%s'\n",
+ inet_ntoa(request->indirect_client_addr),
+ asciiaddr);
+ request->indirect_client_addr = addr;
+ strCut(request->x_forwarded_for_iterator, l);
+ if (! Config.onoff.acl_uses_indirect_client) {
+ /*
+ * If acl_uses_indirect_client is off, then it's impossible
+ * to follow more than one level of X-Forwarded-For.
+ */
+ goto done;
+ }
+ clientFollowXForwardedForNext(http);
+ return;
+ } else if (answer == ACCESS_DENIED) {
+ debug(33, 5) ("clientFollowXForwardedForDone: indirect_client_addr=%s not trusted\n",
+ inet_ntoa(request->indirect_client_addr));
+ } else {
+ debug(33, 5) ("clientFollowXForwardedForDone: indirect_client_addr=%s nothing more to do\n",
+ inet_ntoa(request->indirect_client_addr));
+ }
+done:
+ /* clean up, and pass control to clientAccessCheck */
+ debug(33, 6) ("clientFollowXForwardedForDone: cleanup\n");
+ if (Config.onoff.log_uses_indirect_client) {
+ /*
+ * Ensure that the access log shows the indirect client
+ * instead of the direct client.
+ */
+ ConnStateData *conn = http->conn;
+ conn->log_addr = request->indirect_client_addr;
+ conn->log_addr.s_addr &= Config.Addrs.client_netmask.s_addr;
+ debug(33, 3) ("clientFollowXForwardedForDone: setting log_addr=%s\n",
+ inet_ntoa(conn->log_addr));
+ }
+ stringClean(&request->x_forwarded_for_iterator);
+ request->flags.done_follow_x_forwarded_for = 1;
+ http->acl_checklist = NULL; /* XXX do we need to aclChecklistFree() ? */
+ clientAccessCheck(http);
+}
+#endif /* FOLLOW_X_FORWARDED_FOR */
+
void
clientAccessCheck(void *data)
{
clientHttpRequest *http = data;
+#if FOLLOW_X_FORWARDED_FOR
+ if (! http->request->flags.done_follow_x_forwarded_for
+ && httpHeaderHas(&http->request->header, HDR_X_FORWARDED_FOR))
+ {
+ /*
+ * There's an X-ForwardedFor header and we haven't yet tried
+ * to follow it to find the indirect_client_addr. Follow it now.
+ * clientFollowXForwardedForDone() will eventually pass control
+ * back to us.
+ *
+ * XXX perhaps our caller should have called
+ * clientFollowXForwardedForStart instead. Then we wouldn't
+ * need to do this little dance transferring control over
+ * there and then back here, and we wouldn't need the
+ * done_follow_x_forwarded_for flag.
+ */
+ clientFollowXForwardedForStart(data);
+ return;
+ }
+#endif /* FOLLOW_X_FORWARDED_FOR */
if (checkAccelOnly(http)) {
/* deny proxy requests in accel_only mode */
debug(33, 1) ("clientAccessCheck: proxy request denied in accel_only mode\n");
@@ -325,6 +499,9 @@
new_request->http_ver = old_request->http_ver;
httpHeaderAppend(&new_request->header, &old_request->header);
new_request->client_addr = old_request->client_addr;
+#if FOLLOW_X_FORWARDED_FOR
+ new_request->indirect_client_addr = old_request->indirect_client_addr;
+#endif /* FOLLOW_X_FORWARDED_FOR */
new_request->my_addr = old_request->my_addr;
new_request->my_port = old_request->my_port;
new_request->flags.redirected = 1;
@@ -3051,6 +3228,9 @@
safe_free(http->log_uri);
http->log_uri = xstrdup(urlCanonicalClean(request));
request->client_addr = conn->peer.sin_addr;
+#if FOLLOW_X_FORWARDED_FOR
+ request->indirect_client_addr = request->client_addr;
+#endif /* FOLLOW_X_FORWARDED_FOR */
request->my_addr = conn->me.sin_addr;
request->my_port = ntohs(conn->me.sin_port);
request->http_ver = http->http_ver;
Index: src/delay_pools.c
--- src/delay_pools.c 19 Jun 2003 02:13:57 -0000 1.5.54.6
+++ src/delay_pools.c 23 Nov 2003 14:20:23 -0000
@@ -318,6 +318,11 @@
r = http->request;
memset(&ch, '\0', sizeof(ch));
+#if FOLLOW_X_FORWARDED_FOR
+ if (Config.onoff.delay_pool_uses_indirect_client) {
+ ch.src_addr = r->indirect_client_addr;
+ } else
+#endif /* FOLLOW_X_FORWARDED_FOR */
ch.src_addr = r->client_addr;
ch.my_addr = r->my_addr;
ch.my_port = r->my_port;
*** src/structs.h.orig Sun Jun 26 12:45:58 2005
--- src/structs.h Sun Jun 26 12:48:45 2005
***************
*** 610,615 ****
--- 610,620 ----
int accel_uses_host_header;
int accel_no_pmtu_disc;
int global_internal_static;
+ #if FOLLOW_X_FORWARDED_FOR
+ int acl_uses_indirect_client;
+ int delay_pool_uses_indirect_client;
+ int log_uses_indirect_client;
+ #endif /* FOLLOW_X_FORWARDED_FOR */
} onoff;
acl *aclList;
struct {
***************
*** 631,636 ****
--- 636,644 ----
acl_access *reply;
acl_address *outgoing_address;
acl_tos *outgoing_tos;
+ #if FOLLOW_X_FORWARDED_FOR
+ acl_access *followXFF;
+ #endif /* FOLLOW_X_FORWARDED_FOR */
} accessList;
acl_deny_info_list *denyInfoList;
struct _authConfig {
***************
*** 1623,1628 ****
--- 1631,1641 ----
unsigned int body_sent:1;
unsigned int reset_tcp:1;
unsigned int must_keepalive:1;
+ #if FOLLOW_X_FORWARDED_FOR
+ /* XXX this flag could be eliminated;
+ * see comments in clientAccessCheck */
+ unsigned int done_follow_x_forwarded_for;
+ #endif /* FOLLOW_X_FORWARDED_FOR */
};
struct _link_list {
***************
*** 1666,1671 ****
--- 1679,1687 ----
int max_forwards;
/* these in_addr's could probably be sockaddr_in's */
struct in_addr client_addr;
+ #if FOLLOW_X_FORWARDED_FOR
+ struct in_addr indirect_client_addr; /* after following X-Forwarded-For */
+ #endif /* FOLLOW_X_FORWARDED_FOR */
struct in_addr my_addr;
unsigned short my_port;
HttpHeader header;
***************
*** 1677,1682 ****
--- 1693,1703 ----
const char *vary_headers; /* Used when varying entities are detected. Changes how the store key is calculated */
BODY_HANDLER *body_reader;
void *body_reader_data;
+ #if FOLLOW_X_FORWARDED_FOR
+ /* XXX a list of IP addresses would be a better data structure
+ * than this String */
+ String x_forwarded_for_iterator;
+ #endif /* FOLLOW_X_FORWARDED_FOR */
};
struct _cachemgr_passwd {

65
www/squid27/files/follow_xff-configure.patch
View File

@ -1,65 +0,0 @@
!Simulate the autotools bootstrap of the follow-x-forwarded-for patchset.
!
!Beware that all line number informations in configure.log greater
!than 2972 are offset by at least -29 (correcting all line numbers would have
!bloated the patch by 92kB!)
--- include/autoconf.h.in.orig Sat Jan 18 02:46:11 2003
+++ include/autoconf.h.in Thu Jun 24 13:19:07 2004
@@ -291,6 +291,12 @@
#define USE_IDENT 1
/*
+ * Compile in support for following X-Forwarded-For headers?
+ * Enabled by default.
+ */
+#define FOLLOW_X_FORWARDED_FOR 1
+
+/*
* If your system has statvfs(), and if it actually works!
*/
#undef HAVE_STATVFS
--- configure.orig Thu Sep 22 10:16:26 2005
+++ configure Thu Sep 22 17:29:01 2005
@@ -249,6 +249,12 @@
if you build as another user who is not privileged
to use the number of filedescriptors you want the
resulting binary to support"
+ac_help="$ac_help
+ --enable-follow-x-forwarded-for
+ Enable support for following the X-Forwarded-For
+ HTTP header to try to find the IP address of the
+ original or indirect client when a request has
+ been forwarded through other proxies."
# Initialize some variables set by options.
# The variables have the same names as the options, with
@@ -3255,6 +3261,29 @@
fi
+
+follow_xff=1
+# Check whether --enable-follow-x-forwarded-for or --disable-follow-x-forwarded-for was given.
+if test "${enable_follow_x_forwarded_for+set}" = set; then
+ enableval="$enable_follow_x_forwarded_for"
+ if test "$enableval" = "yes" ; then
+ echo "follow X-Forwarded-For enabled"
+ follow_xff=1
+ fi
+
+fi
+
+if test $follow_xff = 1; then
+ cat >> confdefs.h <<\EOF
+#define FOLLOW_X_FORWARDED_FOR 1
+EOF
+
+else
+ cat >> confdefs.h <<\EOF
+#define FOLLOW_X_FORWARDED_FOR 0
+EOF
+
+fi
# Force some compilers to use ANSI features
#

422
www/squid27/files/icap-2.5-bootstrap.patch
View File

@ -1,422 +0,0 @@
Patch 2 of 2 to integrate the icap-2_5 branch into the FreeBSD squid port.
Created by Thomas-Martin Seck <tmseck@netcologne.de>.
This patch simulates the autotools bootstrap necessary after applying the
ICAP patchset.
Please see icap-2.5-core.patch for further information.
Patch last updated: 2005-12-17
--- configure.orig Sat Oct 22 11:56:01 2005
+++ configure Sat Dec 17 17:45:21 2005
@@ -70,6 +70,8 @@
ac_help="$ac_help
--enable-delay-pools Enable delay pools to limit bandwidth usage"
ac_help="$ac_help
+ --enable-icap-support Enable iCAP client capability"
+ac_help="$ac_help
--enable-useragent-log Enable logging of User-Agent header"
ac_help="$ac_help
--enable-referer-log Enable logging of Referer header"
@@ -2170,6 +2172,38 @@
+
+if false; then
+ USE_ICAP_TRUE=
+ USE_ICAP_FALSE='#'
+else
+ USE_ICAP_TRUE='#'
+ USE_ICAP_FALSE=
+fi
+# Check whether --enable-icap-support or --disable-icap-support was given.
+if test "${enable_icap_support+set}" = set; then
+ enableval="$enable_icap_support"
+ if test "$enableval" = "yes" ; then
+ echo "ICAP support enabled"
+ cat >> confdefs.h <<\EOF
+#define HS_FEAT_ICAP 1
+EOF
+
+
+
+if true; then
+ USE_ICAP_TRUE=
+ USE_ICAP_FALSE='#'
+else
+ USE_ICAP_TRUE='#'
+ USE_ICAP_FALSE=
+fi
+ fi
+
+fi
+
+
+
# Check whether --enable-useragent-log or --disable-useragent-log was given.
if test "${enable_useragent_log+set}" = set; then
enableval="$enable_useragent_log"
@@ -7428,14 +7462,14 @@
fi
;;
esac
- echo $ac_n "checking for main in -lpthread""... $ac_c" 1>&6
-echo "configure:7433: checking for main in -lpthread" >&5
+ echo $ac_n "checking for main in -pthread""... $ac_c" 1>&6
+echo "configure:7433: checking for main in -pthread" >&5
ac_lib_var=`echo pthread'_'main | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
ac_save_LIBS="$LIBS"
-LIBS="-lpthread $LIBS"
+LIBS="-pthread $LIBS"
cat > conftest.$ac_ext <<EOF
#line 7441 "configure"
#include "confdefs.h"
@@ -7465,7 +7499,7 @@
#define $ac_tr_lib 1
EOF
- LIBS="-lpthread $LIBS"
+ LIBS="-pthread $LIBS"
else
echo "$ac_t""no" 1>&6
@@ -7769,6 +7803,8 @@
srand48 \
srandom \
statfs \
+ strnstr \
+ strcasestr \
strtoll \
sysconf \
syslog \
@@ -7898,6 +7934,50 @@
fi
fi
+
+if false; then
+ NEED_OWN_STRNSTR_TRUE=
+ NEED_OWN_STRNSTR_FALSE='#'
+else
+ NEED_OWN_STRNSTR_TRUE='#'
+ NEED_OWN_STRNSTR_FALSE=
+fi
+if test "$ac_cv_func_strnstr" = "no" || test "$ac_cv_func_vstrnstr" = "no" ; then
+
+
+if true; then
+ NEED_OWN_STRNSTR_TRUE=
+ NEED_OWN_STRNSTR_FALSE='#'
+else
+ NEED_OWN_STRNSTR_TRUE='#'
+ NEED_OWN_STRNSTR_FALSE=
+fi
+fi
+
+
+
+if false; then
+ NEED_OWN_STRCASESTR_TRUE=
+ NEED_OWN_STRCASESTR_FALSE='#'
+else
+ NEED_OWN_STRCASESTR_TRUE='#'
+ NEED_OWN_STRCASESTR_FALSE=
+fi
+if test "$ac_cv_func_strcasestr" = "no" || test "$ac_cv_func_vstrcasestr" = "no"; then
+
+
+if true; then
+ NEED_OWN_STRCASESTR_TRUE=
+ NEED_OWN_STRCASESTR_FALSE='#'
+else
+ NEED_OWN_STRCASESTR_TRUE='#'
+ NEED_OWN_STRCASESTR_FALSE=
+fi
+fi
+
+
+
+
echo $ac_n "checking if va_copy is implemented""... $ac_c" 1>&6
echo "configure:7903: checking if va_copy is implemented" >&5
if eval "test \"`echo '$''{'ac_cv_func_va_copy'+set}'`\" = set"; then
@@ -9072,6 +9152,8 @@
s%@ENABLE_PINGER_FALSE@%$ENABLE_PINGER_FALSE%g
s%@USE_DELAY_POOLS_TRUE@%$USE_DELAY_POOLS_TRUE%g
s%@USE_DELAY_POOLS_FALSE@%$USE_DELAY_POOLS_FALSE%g
+s%@USE_ICAP_TRUE@%$USE_ICAP_TRUE%g
+s%@USE_ICAP_FALSE@%$USE_ICAP_FALSE%g
s%@USE_SNMP_TRUE@%$USE_SNMP_TRUE%g
s%@USE_SNMP_FALSE@%$USE_SNMP_FALSE%g
s%@SNMPLIB@%$SNMPLIB%g
@@ -9118,6 +9200,10 @@
s%@LIB_LBER@%$LIB_LBER%g
s%@NEED_OWN_SNPRINTF_TRUE@%$NEED_OWN_SNPRINTF_TRUE%g
s%@NEED_OWN_SNPRINTF_FALSE@%$NEED_OWN_SNPRINTF_FALSE%g
+s%@NEED_OWN_STRNSTR_TRUE@%$NEED_OWN_STRNSTR_TRUE%g
+s%@NEED_OWN_STRNSTR_FALSE@%$NEED_OWN_STRNSTR_FALSE%g
+s%@NEED_OWN_STRCASESTR_TRUE@%$NEED_OWN_STRCASESTR_TRUE%g
+s%@NEED_OWN_STRCASESTR_FALSE@%$NEED_OWN_STRCASESTR_FALSE%g
s%@REGEXLIB@%$REGEXLIB%g
s%@LIBREGEX@%$LIBREGEX%g
s%@LIBOBJS@%$LIBOBJS%g
--- include/autoconf.h.in.orig Tue Sep 13 02:12:34 2005
+++ include/autoconf.h.in Sat Dec 17 17:45:21 2005
@@ -124,6 +124,11 @@
*/
#undef DELAY_POOLS
+/*
+ * ICAP - Internet Content Adaptation Protocol
+ */
+#undef HS_FEAT_ICAP
+
/*
* If you want to log User-Agent request header values, define this.
* By default, they are written to useragent.log in the Squid log
@@ -574,6 +579,12 @@
/* Define if you have the statfs function. */
#undef HAVE_STATFS
+
+/* Define if you have the strcasestr function. */
+#undef HAVE_STRCASESTR
+
+/* Define if you have the strnstr function. */
+#undef HAVE_STRNSTR
/* Define if you have the strerror function. */
#undef HAVE_STRERROR
--- lib/Makefile.in.orig Wed Sep 28 22:57:20 2005
+++ lib/Makefile.in Sat Dec 17 17:45:21 2005
@@ -123,6 +123,13 @@
@NEED_OWN_SNPRINTF_TRUE@SNPRINTFSOURCE = snprintf.c
@NEED_OWN_SNPRINTF_FALSE@SNPRINTFSOURCE =
+
+@NEED_OWN_STRNSTR_TRUE@STRNSTRSOURCE = strnstr.c
+@NEED_OWN_STRNSTR_FALSE@STRNSTRSOURCE =
+
+@NEED_OWN_STRCASESTR_TRUE@STRCASESTRSOURCE = strcasestr.c
+@NEED_OWN_STRCASESTR_FALSE@STRCASESTRSOURCE =
+
@NEED_OWN_MD5_TRUE@MD5SOURCE = md5.c
@NEED_OWN_MD5_FALSE@MD5SOURCE =
@@ -158,6 +165,8 @@
$(SNPRINTFSOURCE) \
splay.c \
Stack.c \
+ $(STRNSTRSOURCE) \
+ $(STRCASESTRSOURCE) \
stub_memaccount.c \
util.c \
uudecode.c
@@ -196,13 +205,18 @@
@NEED_OWN_MD5_FALSE@am__objects_1 =
@NEED_OWN_SNPRINTF_FALSE@am__objects_2 =
@NEED_OWN_SNPRINTF_TRUE@am__objects_2 = snprintf.$(OBJEXT)
+@NEED_OWN_STRNSTR_FALSE@am__objects_3 =
+@NEED_OWN_STRNSTR_TRUE@am__objects_3 = strnstr.$(OBJEXT)
+@NEED_OWN_STRCASESTR_TRUE@am__objects_4 = strcasestr.$(OBJEXT)
+@NEED_OWN_STRCASESTR_FALSE@am__objects_4 =
am_libmiscutil_a_OBJECTS = Array.$(OBJEXT) base64.$(OBJEXT) \
getfullhostname.$(OBJEXT) hash.$(OBJEXT) heap.$(OBJEXT) \
html_quote.$(OBJEXT) iso3307.$(OBJEXT) $(am__objects_1) \
radix.$(OBJEXT) rfc1035.$(OBJEXT) rfc1123.$(OBJEXT) \
rfc1738.$(OBJEXT) rfc2617.$(OBJEXT) safe_inet_addr.$(OBJEXT) \
$(am__objects_2) splay.$(OBJEXT) Stack.$(OBJEXT) \
- stub_memaccount.$(OBJEXT) util.$(OBJEXT) uudecode.$(OBJEXT)
+ $(am__objects_3) $(am__objects_4) stub_memaccount.$(OBJEXT) \
+ util.$(OBJEXT) uudecode.$(OBJEXT)
libmiscutil_a_OBJECTS = $(am_libmiscutil_a_OBJECTS)
libntlmauth_a_AR = $(AR) cru
libntlmauth_a_DEPENDENCIES = @LIBOBJS@
@@ -224,15 +238,16 @@
@AMDEP_TRUE@ $(DEPDIR)/dlmalloc.Po $(DEPDIR)/drand48.Po \
@AMDEP_TRUE@ $(DEPDIR)/getfullhostname.Po $(DEPDIR)/hash.Po \
@AMDEP_TRUE@ $(DEPDIR)/heap.Po $(DEPDIR)/html_quote.Po \
-@AMDEP_TRUE@ $(DEPDIR)/inet_ntoa.Po $(DEPDIR)/initgroups.Po \
-@AMDEP_TRUE@ $(DEPDIR)/iso3307.Po $(DEPDIR)/md5.Po \
-@AMDEP_TRUE@ $(DEPDIR)/ntlmauth.Po $(DEPDIR)/radix.Po \
-@AMDEP_TRUE@ $(DEPDIR)/rfc1035.Po $(DEPDIR)/rfc1123.Po \
-@AMDEP_TRUE@ $(DEPDIR)/rfc1738.Po $(DEPDIR)/rfc2617.Po \
-@AMDEP_TRUE@ $(DEPDIR)/safe_inet_addr.Po $(DEPDIR)/snprintf.Po \
-@AMDEP_TRUE@ $(DEPDIR)/splay.Po $(DEPDIR)/strerror.Po \
-@AMDEP_TRUE@ $(DEPDIR)/stub_memaccount.Po $(DEPDIR)/tempnam.Po \
-@AMDEP_TRUE@ $(DEPDIR)/util.Po $(DEPDIR)/uudecode.Po
+@AMDEP_TRUE@ $(DEPDIR)/inet_ntoa.Po $(DEPDIR)/iso3307.Po \
+@AMDEP_TRUE@ $(DEPDIR)/md5.Po $(DEPDIR)/ntlmauth.Po \
+@AMDEP_TRUE@ $(DEPDIR)/radix.Po $(DEPDIR)/rfc1035.Po \
+@AMDEP_TRUE@ $(DEPDIR)/rfc1123.Po $(DEPDIR)/rfc1738.Po \
+@AMDEP_TRUE@ $(DEPDIR)/rfc2617.Po $(DEPDIR)/safe_inet_addr.Po \
+@AMDEP_TRUE@ $(DEPDIR)/snprintf.Po $(DEPDIR)/splay.Po \
+@AMDEP_TRUE@ $(DEPDIR)/strcasestr.Po $(DEPDIR)/strerror.Po \
+@AMDEP_TRUE@ $(DEPDIR)/strnstr.Po $(DEPDIR)/stub_memaccount.Po \
+@AMDEP_TRUE@ $(DEPDIR)/tempnam.Po $(DEPDIR)/util.Po \
+@AMDEP_TRUE@ $(DEPDIR)/uudecode.Po
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
CCLD = $(CC)
@@ -241,8 +256,8 @@
DIST_SOURCES = $(libdlmalloc_a_SOURCES) $(libmiscutil_a_SOURCES) \
$(EXTRA_libmiscutil_a_SOURCES) $(libntlmauth_a_SOURCES) \
$(libregex_a_SOURCES)
-DIST_COMMON = Makefile.am Makefile.in drand48.c inet_ntoa.c \
- initgroups.c strerror.c tempnam.c
+DIST_COMMON = Makefile.am Makefile.in drand48.c inet_ntoa.c strerror.c \
+ tempnam.c
SOURCES = $(libdlmalloc_a_SOURCES) $(libmiscutil_a_SOURCES) $(EXTRA_libmiscutil_a_SOURCES) $(libntlmauth_a_SOURCES) $(libregex_a_SOURCES)
all: all-am
@@ -295,7 +310,6 @@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/heap.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/html_quote.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/inet_ntoa.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/initgroups.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/iso3307.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/md5.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/ntlmauth.Po@am__quote@
@@ -307,7 +321,9 @@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/safe_inet_addr.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/snprintf.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/splay.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strcasestr.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strerror.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strnstr.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/stub_memaccount.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/tempnam.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/util.Po@am__quote@
--- src/Makefile.in.orig Wed Sep 28 22:57:21 2005
+++ src/Makefile.in Sat Dec 17 17:45:21 2005
@@ -125,6 +125,9 @@
install_sh = @install_sh@
makesnmplib = @makesnmplib@
+@USE_ICAP_TRUE@ICAPSOURCE = icap_common.c icap_reqmod.c icap_respmod.c icap_opt.c
+@USE_ICAP_FALSE@ICAPSOURCE =
+
@USE_DNSSERVER_TRUE@DNSSOURCE = dns.c
@USE_DNSSERVER_FALSE@DNSSOURCE = dns_internal.c
@USE_DNSSERVER_TRUE@DNSSERVER = dnsserver
@@ -249,6 +252,7 @@
HttpMsg.c \
HttpReply.c \
HttpRequest.c \
+ $(ICAPSOURCE) \
icmp.c \
icp_v2.c \
icp_v3.c \
@@ -468,54 +472,58 @@
pinger_LDADD = $(LDADD)
pinger_DEPENDENCIES =
pinger_LDFLAGS =
-@USE_DELAY_POOLS_TRUE@am__objects_3 = delay_pools.$(OBJEXT)
-@USE_DELAY_POOLS_FALSE@am__objects_3 =
-@USE_DNSSERVER_FALSE@am__objects_4 = dns_internal.$(OBJEXT)
-@USE_DNSSERVER_TRUE@am__objects_4 = dns.$(OBJEXT)
-@ENABLE_HTCP_TRUE@am__objects_5 = htcp.$(OBJEXT)
-@MAKE_LEAKFINDER_FALSE@am__objects_6 =
-@MAKE_LEAKFINDER_TRUE@am__objects_6 = leakfinder.$(OBJEXT)
-@USE_SNMP_TRUE@am__objects_7 = snmp_core.$(OBJEXT) snmp_agent.$(OBJEXT)
-@USE_SNMP_FALSE@am__objects_7 =
-@ENABLE_SSL_TRUE@am__objects_8 = ssl_support.$(OBJEXT)
-@ENABLE_SSL_FALSE@am__objects_8 =
-@ENABLE_UNLINKD_FALSE@am__objects_9 =
-@ENABLE_UNLINKD_TRUE@am__objects_9 = unlinkd.$(OBJEXT)
-@ENABLE_WIN32SPECIFIC_TRUE@am__objects_10 = win32.$(OBJEXT)
-@ENABLE_WIN32SPECIFIC_FALSE@am__objects_10 =
+@USE_DELAY_POOLS_FALSE@am__objects_5 =
+@USE_DELAY_POOLS_TRUE@am__objects_5 = delay_pools.$(OBJEXT)
+@USE_DNSSERVER_FALSE@am__objects_6 = dns_internal.$(OBJEXT)
+@USE_DNSSERVER_TRUE@am__objects_6 = dns.$(OBJEXT)
+@ENABLE_HTCP_TRUE@am__objects_7 = htcp.$(OBJEXT)
+@USE_ICAP_TRUE@am__objects_8 = icap_common.$(OBJEXT) \
+@USE_ICAP_TRUE@ icap_reqmod.$(OBJEXT) icap_respmod.$(OBJEXT) \
+@USE_ICAP_TRUE@ icap_opt.$(OBJEXT)
+@USE_ICAP_FALSE@am__objects_8 =
+@MAKE_LEAKFINDER_TRUE@am__objects_9 = leakfinder.$(OBJEXT)
+@MAKE_LEAKFINDER_FALSE@am__objects_9 =
+@USE_SNMP_TRUE@am__objects_10 = snmp_core.$(OBJEXT) snmp_agent.$(OBJEXT)
+@USE_SNMP_FALSE@am__objects_10 =
+@ENABLE_SSL_FALSE@am__objects_11 =
+@ENABLE_SSL_TRUE@am__objects_11 = ssl_support.$(OBJEXT)
+@ENABLE_UNLINKD_TRUE@am__objects_12 = unlinkd.$(OBJEXT)
+@ENABLE_UNLINKD_FALSE@am__objects_12 =
+@ENABLE_WIN32SPECIFIC_FALSE@am__objects_13 =
+@ENABLE_WIN32SPECIFIC_TRUE@am__objects_13 = win32.$(OBJEXT)
am_squid_OBJECTS = access_log.$(OBJEXT) acl.$(OBJEXT) asn.$(OBJEXT) \
authenticate.$(OBJEXT) cache_cf.$(OBJEXT) CacheDigest.$(OBJEXT) \
cache_manager.$(OBJEXT) carp.$(OBJEXT) cbdata.$(OBJEXT) \
client_db.$(OBJEXT) client_side.$(OBJEXT) comm.$(OBJEXT) \
- comm_select.$(OBJEXT) debug.$(OBJEXT) $(am__objects_3) \
- disk.$(OBJEXT) $(am__objects_4) errorpage.$(OBJEXT) \
+ comm_select.$(OBJEXT) debug.$(OBJEXT) $(am__objects_5) \
+ disk.$(OBJEXT) $(am__objects_6) errorpage.$(OBJEXT) \
ETag.$(OBJEXT) event.$(OBJEXT) external_acl.$(OBJEXT) \
fd.$(OBJEXT) filemap.$(OBJEXT) forward.$(OBJEXT) \
fqdncache.$(OBJEXT) ftp.$(OBJEXT) gopher.$(OBJEXT) \
- helper.$(OBJEXT) $(am__objects_5) http.$(OBJEXT) \
+ helper.$(OBJEXT) $(am__objects_7) http.$(OBJEXT) \
HttpStatusLine.$(OBJEXT) HttpHdrCc.$(OBJEXT) \
HttpHdrRange.$(OBJEXT) HttpHdrContRange.$(OBJEXT) \
HttpHeader.$(OBJEXT) HttpHeaderTools.$(OBJEXT) \
HttpBody.$(OBJEXT) HttpMsg.$(OBJEXT) HttpReply.$(OBJEXT) \
- HttpRequest.$(OBJEXT) icmp.$(OBJEXT) icp_v2.$(OBJEXT) \
- icp_v3.$(OBJEXT) ident.$(OBJEXT) internal.$(OBJEXT) \
- ipc.$(OBJEXT) ipcache.$(OBJEXT) $(am__objects_6) \
- logfile.$(OBJEXT) main.$(OBJEXT) mem.$(OBJEXT) \
+ HttpRequest.$(OBJEXT) $(am__objects_8) icmp.$(OBJEXT) \
+ icp_v2.$(OBJEXT) icp_v3.$(OBJEXT) ident.$(OBJEXT) \
+ internal.$(OBJEXT) ipc.$(OBJEXT) ipcache.$(OBJEXT) \
+ $(am__objects_9) logfile.$(OBJEXT) main.$(OBJEXT) mem.$(OBJEXT) \
MemPool.$(OBJEXT) MemBuf.$(OBJEXT) mime.$(OBJEXT) \
multicast.$(OBJEXT) neighbors.$(OBJEXT) net_db.$(OBJEXT) \
Packer.$(OBJEXT) pconn.$(OBJEXT) peer_digest.$(OBJEXT) \
peer_select.$(OBJEXT) redirect.$(OBJEXT) referer.$(OBJEXT) \
- refresh.$(OBJEXT) send-announce.$(OBJEXT) $(am__objects_7) \
- ssl.$(OBJEXT) $(am__objects_8) stat.$(OBJEXT) \
+ refresh.$(OBJEXT) send-announce.$(OBJEXT) $(am__objects_10) \
+ ssl.$(OBJEXT) $(am__objects_11) stat.$(OBJEXT) \
StatHist.$(OBJEXT) String.$(OBJEXT) stmem.$(OBJEXT) \
store.$(OBJEXT) store_io.$(OBJEXT) store_client.$(OBJEXT) \
store_digest.$(OBJEXT) store_dir.$(OBJEXT) \
store_key_md5.$(OBJEXT) store_log.$(OBJEXT) \
store_rebuild.$(OBJEXT) store_swapin.$(OBJEXT) \
store_swapmeta.$(OBJEXT) store_swapout.$(OBJEXT) \
- tools.$(OBJEXT) $(am__objects_9) url.$(OBJEXT) urn.$(OBJEXT) \
+ tools.$(OBJEXT) $(am__objects_12) url.$(OBJEXT) urn.$(OBJEXT) \
useragent.$(OBJEXT) wais.$(OBJEXT) wccp.$(OBJEXT) \
- whois.$(OBJEXT) $(am__objects_10)
+ whois.$(OBJEXT) $(am__objects_13)
nodist_squid_OBJECTS = repl_modules.$(OBJEXT) auth_modules.$(OBJEXT) \
store_modules.$(OBJEXT) globals.$(OBJEXT) \
string_arrays.$(OBJEXT)
@@ -563,7 +571,9 @@
@AMDEP_TRUE@ $(DEPDIR)/fqdncache.Po $(DEPDIR)/ftp.Po \
@AMDEP_TRUE@ $(DEPDIR)/globals.Po $(DEPDIR)/gopher.Po \
@AMDEP_TRUE@ $(DEPDIR)/helper.Po $(DEPDIR)/htcp.Po \
-@AMDEP_TRUE@ $(DEPDIR)/http.Po $(DEPDIR)/icmp.Po \
+@AMDEP_TRUE@ $(DEPDIR)/http.Po $(DEPDIR)/icap_common.Po \
+@AMDEP_TRUE@ $(DEPDIR)/icap_opt.Po $(DEPDIR)/icap_reqmod.Po \
+@AMDEP_TRUE@ $(DEPDIR)/icap_respmod.Po $(DEPDIR)/icmp.Po \
@AMDEP_TRUE@ $(DEPDIR)/icp_v2.Po $(DEPDIR)/icp_v3.Po \
@AMDEP_TRUE@ $(DEPDIR)/ident.Po $(DEPDIR)/internal.Po \
@AMDEP_TRUE@ $(DEPDIR)/ipc.Po $(DEPDIR)/ipcache.Po \
@@ -777,6 +787,10 @@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/helper.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/htcp.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/http.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/icap_common.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/icap_opt.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/icap_reqmod.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/icap_respmod.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/icmp.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/icp_v2.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/icp_v3.Po@am__quote@

7137
www/squid27/files/icap-2.5-core.patch
View File

File diff suppressed because it is too large Load Diff

11
www/squid27/files/patch-tools-Makefile.in Normal file
View File

@ -0,0 +1,11 @@
--- tools/Makefile.in.orig Sun May 14 18:30:04 2006
+++ tools/Makefile.in Sun May 14 18:31:02 2006
@@ -297,7 +297,7 @@
EXTRA_DIST = \
cachemgr.conf
-DEFAULT_CACHEMGR_CONFIG = $(sysconfdir)/cachemgr.conf
+DEFAULT_CACHEMGR_CONFIG = $(sysconfdir)/cachemgr.conf.default
# Don't automatically uninstall config files
# @if test -f $(DESTDIR)$(DEFAULT_CONFIG_FILE) ; then \

11
www/squid27/files/pkg-deinstall.in
View File

@ -16,20 +16,19 @@ POST-DEINSTALL)
echo "===> post-deinstallation information for $1:"
echo ""
echo " Note:"
echo " squid related user accounts and groups were not removed."
echo " Squid related user accounts and groups were not removed."
echo ""
echo " To remove the '%%SQUID_UID%%' user and the '%%SQUID_GID%%' group which were"
echo " created by a default installation of this package, run"
echo ""
echo " pw userdel -r -n %%SQUID_UID%% -u 100"
echo ""
echo " pw userdel -n %%SQUID_UID%% -u 100"
if [ -d ${PKG_PREFIX}/squid -o -d ${PKG_PREFIX}/etc/squid ] ; then
echo ""
echo " To ease updates, the cache and log directories and"
echo " all configuration files modified by you were preserved."
echo " In order to ease updates the cache and log directories"
echo " and all configuration files modified by you were preserved."
echo ""
echo " Please remove them manually if you do not want to use"
echo " squid any longer."
echo " Squid any longer."
fi
echo ""
;;

61
www/squid27/files/pkg-install.in
View File

@ -16,18 +16,11 @@ squid_user="%%SQUID_UID%%"
squid_group="%%SQUID_GID%%"
squid_gid=100
squid_uid=100
# Try to catch the case where the $squid_user might have been created with an
# id greater than or equal 3128. The valid exception is "nobody".
nobody_uid=65534
nobody_gid=65534
squid_oldgid=3128
squid_olduid=3128
unset wrong_id
case $2 in
PRE-INSTALL)
echo "===> Pre-installation configuration for ${pkgname}"
if ! pw groupshow ${squid_group} -q >/dev/null ; then
echo "There is no group '${squid_group}' on this system, so I will try to create it:"
echo "There is no group '${squid_group}' on this system, so I will try to create it (using group id ${squid_gid}):"
if ! pw groupadd ${squid_group} -g ${squid_gid} -q ; then
echo "Failed to create group \"${squid_group}\"!" >&2
echo "Please create it manually." >&2
@ -37,16 +30,11 @@ PRE-INSTALL)
fi
else
echo "I will use the existing group '${squid_group}':"
current_gid=`pw groupshow ${squid_group}|cut -f 3 -d :`
if [ ${current_gid} -ge ${squid_oldgid} \
-a ${current_gid} -ne ${nobody_gid} ]; then
wrong_id=1
fi
fi
pw groupshow ${squid_group}
if ! pw usershow ${squid_user} -q >/dev/null ; then
echo "There is no account '${squid_user}' on this system, so I will try to create it:"
echo "There is no account '${squid_user}' on this system, so I will try to create it (using user id ${squid_uid}):"
if ! pw useradd -q -n ${squid_user} \
-u ${squid_uid} -g ${squid_group} \
-c "squid caching-proxy pseudo user" \
@ -60,53 +48,8 @@ PRE-INSTALL)
fi
else
echo "I will use the existing user '${squid_user}':"
current_uid=`id -u ${squid_user}`
if [ ${current_uid} -ge ${squid_olduid} \
-a ${current_uid} -ne ${nobody_uid} ];
then
wrong_id=1
fi
fi
pw usershow ${squid_user}
if [ "${wrong_id}" ]; then
echo ""
echo " * NOTICE *"
echo ""
echo "The squid pseudo-user's uid and/or gid have been found"
echo "to be greater than or equal 3128."
echo ""
echo "This is not a problem as such, but violates the FreeBSD"
echo "ports' principle that a ports must not claim a uid greater"
echo "than 999."
echo ""
echo "Since version 2.5.4_11, the squid user is thus created"
echo "with an id of ${squid_uid}:${squid_gid} while earlier versions of this"
echo "port used the first unused uid/gid greater than or"
echo "equal 3128."
echo ""
echo "If you want to change the existing squid user's id, run"
echo "'make changeuser' after the installation has completed."
echo "If you installed this port via a package, issue the"
echo "following commands as root:"
echo ""
echo "pw userdel -u ${current_uid}"
echo "pw groupadd -n ${squid_group} -g ${squid_gid}"
echo "pw useradd -n ${squid_user} -u ${squid_uid} \\"
echo " -c \"squid caching-proxy pseudo user\" \\"
echo " -g ${squid_group} -d ${squid_base} -s /sbin/nologin \\"
echo " -h -"
echo "find -H ${PKG_PREFIX} -user ${current_uid} -exec chown ${squid_user} {} \\;"
echo "find -H ${PKG_PREFIX} -group ${current_gid} -exec chgrp ${squid_group} {} \\;"
echo ""
echo "In case you have installed third party software for squid"
echo "like squidGuard, you should additionally run:"
echo "find -H /var -user ${current_uid} -exec chown ${squid_user} {} \\;"
echo "find -H /var -group ${current_gid} -exec chgrp ${squid_group} {} \\;"
echo ""
if [ -z "${PACKAGE_BUILDING}" -a -z "${BATCH}" ]; then
sleep 30
fi
fi
for dir in cache logs; do
if [ ! -d ${squid_base}/${dir} ]; then
echo "Creating ${squid_base}/${dir}..."

21
www/squid27/files/pkg-message.in
View File

@ -1,9 +1,9 @@
o You can find the configuration files for this package in the
directory %%PREFIX%%/etc/squid.
o A cache directory has been created in %%PREFIX%%/squid/cache.
Log files will be written to %%PREFIX%%/squid/logs.
Note:
You must initialize new cache directories before you can start
squid. Do this by running "squid -z" as 'root' or '%%SQUID_UID%%'.
@ -13,12 +13,19 @@
o The default configuration will deny everyone access to the
proxy service. Edit the "http_access" directives in
%%PREFIX%%/etc/squid.conf to suit your needs.
--begin rcng
Please note that the squid start script is an rc.d style script.
This means that squid will not start automatically at boot time.
Please note that the Squid start script is an rc.d style script.
This means that Squid will not start automatically at boot
time unless it is explicitly enabled.
To enable squid, set squid_enable=yes in either
To enable Squid, set squid_enable=yes in either
/etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/squid
Please see %%PREFIX%%/etc/rc.d/squid(.sh) for further details.
--end rcng
Note:
If you just updated your Squid installation from 2.5 or earlier,
make sure to check your Squid configuration against the 2.6 default
configuration file %%PREFIX%%/etc/squid/squid.conf.default.
Additionally, you should check your configuration by calling
'squid -f /path/to/squid.conf -k parse' before starting Squid.

71
www/squid27/files/squid.sh.in → www/squid27/files/squid.in
View File

@ -2,7 +2,6 @@
#
# $FreeBSD$
#
# --begin rcng
# PROVIDE: squid
# REQUIRE: LOGIN
# KEYWORD: shutdown
@ -14,43 +13,32 @@
#
# Please see squid(8), rc.conf(5) and rc(8) for further details.
#
# --end rcng
name=squid
command=%%PREFIX%%/sbin/squid
# --begin rcng
extra_commands=reload
reload_cmd="${command} -k reconfigure"
# --end rcng
stop_cmd="squid_stop"
squid_chdir=${squid_chdir:-%%PREFIX%%/squid/logs}
# --begin rcng
squid_enable=${squid_enable:-"NO"}
# --end rcng
squid_flags=${squid_flags-"-D"}
squid_user=${squid_user:-%%SQUID_UID%%}
default_config=%%PREFIX%%/etc/squid/squid.conf
# --begin rcold
squid_stop() {
echo -n " ${name}"
${command} -k shutdown
while ps -xcU ${squid_user} | grep -q squid; do
sleep 2
done
}
# --end rcold
# --begin rcng
squid_stop() {
${command} -k shutdown
run_rc_command poll
}
. %%RC_SUBR%%
rcvar=`set_rcvar`
name=squid
rcvar=${name}_enable
command=%%PREFIX%%/sbin/squid
extra_commands=reload
reload_cmd="${command} -k reconfigure"
stop_cmd="squid_stop"
load_rc_config ${name}
squid_chdir=${squid_chdir:-%%PREFIX%%/squid/logs}
squid_enable=${squid_enable:-"NO"}
squid_flags=${squid_flags-"-D"}
squid_user=${squid_user:-%%SQUID_UID%%}
default_config=%%PREFIX%%/etc/squid/squid.conf
required_dirs=${squid_chdir}
# squid(8) will not start if ${default_config} is not present so try
# to catch that beforehand via ${required_files} rather than make
# squid(8) crash.
@ -60,28 +48,5 @@ load_rc_config ${name}
if [ -z "${squid_flags}" ]; then
required_files=${default_config}
fi
required_dirs=${squid_chdir}
run_rc_command "$1"
# --end rcng
# --begin rcold
case $1 in
start)
if [ -x "${command}" -a \
\( -f "${default_config}" -o "${squid_flags}" \) ]; then
echo -n " ${name}"
(cd ${squid_chdir} && exec su -fm ${squid_user} -c \
"${command} ${squid_flags}")
fi
;;
stop)
if [ -x "${command}" ]; then
${stop_cmd}
fi
;;
*)
echo "usage: ${0##*/} {start|stop}" >&2
exit 64
;;
esac
exit 0
# --end rcold

19
www/squid27/pkg-descr
View File

@ -1,15 +1,10 @@
This is the Squid Internet Object Cache developed by the National
Laboratory for Applied Networking Research (NLANR) and Internet
volunteers. This software is freely available for anyone to use.
Squid is a high-performance proxy caching server for web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single, non-blocking,
I/O-driven process.
This software is based on the Harvest Object Cache developed by
the University of Colorado and the University of Southern California.
The Harvest home page is http://harvest.cs.colorado.edu/.
ARPA funding for the Harvest project has ended, the squid project has
continued development of the cache where Harvest finished.
This port provides many configuration options, most of which are
available via 'make config'.
Squid supports SSL, extensive access controls, and full request logging.
By using the lightweight Internet Cache Protocol, Squid caches can be
arranged in a hierarchy or mesh for additional bandwidth savings.
WWW: http://www.squid-cache.org/