Security bump - bug #522498

Package-Manager: portage-2.2.14_rc1/cvs/Linux x86_64 Manifest-Sign-Key: 0x77F1F175586A3B1F
author: Eray Aslan <eras@gentoo.org> 2014-09-29 14:11:23 +0000
committer: Eray Aslan <eras@gentoo.org> 2014-09-29 14:11:23 +0000
commit: e592c6584e0c5830d58a14b01740de1e99b0f342 (patch)
tree: 611efd5f71d9d9ddaef151ea1442e5f30089d65b /net-proxy/squid
parent: Add missing dependencies fixing bug 523972 (diff)
download: historical-e592c6584e0c5830d58a14b01740de1e99b0f342.tar.gz
historical-e592c6584e0c5830d58a14b01740de1e99b0f342.tar.bz2
historical-e592c6584e0c5830d58a14b01740de1e99b0f342.zip
6 files changed, 1081 insertions, 15 deletions
diff --git a/net-proxy/squid/ChangeLog b/net-proxy/squid/ChangeLog
index 1a7499ddd613..b554324949c7 100644
--- a/net-proxy/squid/ChangeLog
+++ b/net-proxy/squid/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for net-proxy/squid
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.479 2014/09/19 12:03:13 eras Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.480 2014/09/29 14:11:12 eras Exp $
+
+*squid-3.4.7-r1 (29 Sep 2014)
+*squid-3.3.13-r1 (29 Sep 2014)
+
+  29 Sep 2014; Eray Aslan <eras@gentoo.org> +files/squid-12683_12681.patch,
+  +files/squid-13173_13171.patch, +squid-3.3.13-r1.ebuild,
+  +squid-3.4.7-r1.ebuild:
+  Security bump - bug #522498
 
   19 Sep 2014; Eray Aslan <eras@gentoo.org> -squid-3.3.12.ebuild,
   -squid-3.4.3.ebuild, -squid-3.4.4.ebuild, -squid-3.4.5.ebuild,
diff --git a/net-proxy/squid/Manifest b/net-proxy/squid/Manifest
index 1ae9b1ba2f6d..ff2eafbbbe8e 100644
--- a/net-proxy/squid/Manifest
+++ b/net-proxy/squid/Manifest
@@ -1,6 +1,8 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 
+AUX squid-12683_12681.patch 8985 SHA256 bef94f856ecbdfb88630bf75b8f1177a1efcba40b32b8ccd61ac2414daf40d75 SHA512 7e148cc62fbe0e3efea8731154b762c40d9e97a12978ff521aa0a90c225ff5b09d54388da671b05495c5c4eb9bf30ef492ad659d293f99a73ee2a0230a9c2f91 WHIRLPOOL 9af1913ab70a889d8fd7937910f5670a0f5b4678ed30df37f34b2bcf7a96640241419f43667f24d82ce7fffd0efa59b31e973658ba9bd4662e4581ca8f68dfaf
+AUX squid-13173_13171.patch 8987 SHA256 778b069fbd7c9f462eee5c44082703efaebea82ddca6af874221100cf2b8d6b8 SHA512 da7c16425215b91a8ec88aab5a94f7552761de209325a1037bead059e651f29d704a9cececa907cd17519a9d4d396716450e7754aa6bab45e9704ca7354d4f3e WHIRLPOOL e190608741d3a3de5af273784869ec75907fd2a5fe1ce7d4216e9c3c1eb7ced2c5505868de59fcd20b0574e6aaa8facdbfc7d2fc9620cfba3bbd946d99e8eb95
 AUX squid-3.3.4-gentoo.patch 4358 SHA256 d52c1c89c81540dfd6c464f7c4245857fdd6cc9e45568a03d4f028fe5feb8bb0 SHA512 b1bfb0a1298e30ce30681b8bcaed292a883f8153e3df61861d1dfd691c5f4d5bc4651531ac69932fcbdc74c5896ed4495d54810203d4c0674ceb49b33454f297 WHIRLPOOL 3b98a43c1cc98d20f28dd5eb096344ff80ec5de1e4e17c4a3b8fb5d89044b6090466bfd3a7e24dfb975d9e02009af900372ee8c791991921def12820a191da97
 AUX squid.confd-r1 493 SHA256 214a184495a3384eb452caef435256043bc51e35140a61b1f5fdff32603c8f7e SHA512 3f92645275e077bcf36e4cd2ccb56812540276d9456bc6f68268010aac57214f0d96b0aff74dc57cbc3446705a9fae8a5bb7a07304afeea45615ebf2cf2b7ab0 WHIRLPOOL 080cfb797ddb49f7c59463eaef0db8c3a6ec5e5da949884e9ccdf54d608b22fb81971aec21fab704c832c86a8c8e3d4795a7b09456c273d7c4bbb65692a68870
 AUX squid.cron 143 SHA256 4c9e2afe5b0bba583ce896233ea1f9262beeb1b6cf51b4adb48d5f5c03933b2f SHA512 cec563c20799ffea8b4fb418d5015d6dc437bd38c35e7150ed01bc298dab5214132e10f4e7b8176da1966e16a7f53f423c36e8419642cb16716f5c346c30d749 WHIRLPOOL 029c94d4e4826ee612c7dc12acc088e3100c9d1737baebb74b25b6e7ac2ba78d0bab9f744c12b5de4113c9727892c9a30dd17067409ac8da62afeee552de391e
@@ -9,24 +11,26 @@ AUX squid.logrotate 103 SHA256 e5ddce1c9af851040affa15e1a59e89d8db0f2eea7c461320
 AUX squid.pam 315 SHA256 68ef4282f9fb8506df710d0ae16e84e991e9b138c7f1d0af922682219c7a971f SHA512 a73c98eef2d99bfd871c192195f3c815bff1cd4fa66b87ac185fde891e5cf5fb464fe0ce376c16ac68065c53726784229ad96c24835138244eee2ca2807887c3 WHIRLPOOL e8a6345c634694ce1e21fc4d69ea059d2da9f5d3b7ad34b4a49c570161cddab615fb4ed9e274397ddd4887e4b027aa90339bb8fbb5a71f3bdf506d70cefb99c1
 DIST squid-3.3.13.tar.xz 2187728 SHA256 55d5875709b93f447788526527496956c508832abd1f9c651346e461c9d63221 SHA512 be7ec0ff949f94a4521c6aba2cff87b495ca626c85df5a9650e587c5723f2e52de68e939d8dfed7e8279be7a987c13a773d4f94864308d98d2a67c462b3b2862 WHIRLPOOL faaa5626a97589e486650fa7ff0231487fae65cf7d2ae962f36c7857c97d481c1f82cfd3326bfd0b690543abc01e5581feeaaccd77a8c34ea762abd1ec401f36
 DIST squid-3.4.7.tar.xz 2158672 SHA256 cc40a3cccdcdfc11269ea969e658d99e3ef2202999b78aa01a647a6bc71759ee SHA512 494b5a63d738915038f24b33864998ad4573928f6277637a22c9cf8cd8bf4dc1d5a9501bcae8ac14c5816a0d25c795feca3080b23e74d1cd13bb0674f7114eba WHIRLPOOL e713e77433302c096a37623bb1ee9a69e3d804e98235e4d3151a3bae84b73d519f6784e59cb5b82398038b39f553846d172e39158ba2689054cea9c760c57ed2
+EBUILD squid-3.3.13-r1.ebuild 7930 SHA256 f6169d3b4305296108116dcd44a2b1e85cd042644c05d0f817a8f9c6a90ffc5c SHA512 b550422d1d4d363b3d20c130ce2b814033248bb7bc36c665856a524670804cc8fedfc78068e5a3fd72e44215bea57d21c066e90707e26960f62bf18c26e9edae WHIRLPOOL e22d52012accee3f9819d6ecd72afb42bf95eebff4738cd1d99ac1021317c2558c4bda006393c02b033c9e5777489709d10285f6434d1dd20b2b973e50e04435
 EBUILD squid-3.3.13.ebuild 7872 SHA256 d8841a735f5ed78440f79dea9bb20cf1819dc83307efbf7e784d74a0f9b51c72 SHA512 8904cc2967240442e23d288069302e9bfae1403ad0d284835c6bd7ffe3fe6f26cc3f91238cb749a39dd04826a8a84ad0829a4424f856b6c4bc91a4e00e8af570 WHIRLPOOL 571a60b5d77c76a8134f5aa50fb053d0e28bee7acee13236c198777f8121a646479e2e257b986ff08eb332831fcb0ef3dae713422c4764f67f39c0c3daba1572
+EBUILD squid-3.4.7-r1.ebuild 8079 SHA256 21a99db68c9072aed1ae33ac2fe38f3fb3c0ddb1eb823b86c79c0d82020c43e2 SHA512 f83b61506e54e73803184e488f508ac82470fbeb8227cb90c502e5e6e2d91713f09e5211d6cf3688a30f02520cecee2cf229f2b5104becbfd3c14c3bb1b33680 WHIRLPOOL 0e84966cf62d638110efe4fabff90edf6ff7158e7fb30672aca9c5daffe213d5c8c23b40def060eff5d55e1242441a81767c4a41d080cc02665d7e8b2440bb22
 EBUILD squid-3.4.7.ebuild 8030 SHA256 3b0f07f8f724e98b7ff6efc42baf5c5557108d6ef52941753a7d72da5fb3dc90 SHA512 43670ec1d3d588f553fd06e71af25cd659d4ab526a48e58bfb4c7e73bada1d8c0e2d815f4f84af81a68e06376c0b03eb92a19482d7451c51a3819c596cfbda7c WHIRLPOOL c648b730caf79597c7c0bcca7c327092f7dc66ab694db78ee0726f1afb77331271fceb671ccc3fc711c5cedb625004e66a0ccf85b4fe71d9ae9484d91edad0c0
-MISC ChangeLog 89327 SHA256 80700f913273585ca3a0d110d9d4e20877bc83298aea481f68a996513e643881 SHA512 b627fc5c700e015f32bf45a02897aa96a33e8a584aea9c2485073b1d51cd01cb8875e996d58e2bcc9e44b1d7d718e4aed8e8ada67f22fe218a429097021b66a6 WHIRLPOOL a39f103797702655d8996dcfb766dbbe2f865045247ba2bee7199c4d765bfecdbe7dccac62e44a704456855e0875a59f3971a6d27c1a4eca0d82a2e0120f51ee
+MISC ChangeLog 89581 SHA256 f1253a1c1db73a64be06261766c5d5073f0e2c24aee448c9828d64e962cad576 SHA512 ca85664cd64e07404738e62ff313e50738e9d5b8399d3ff7c7f43d0b5615221a567ff4e9915cfb7f594331a849fe5a9401fb66ef189ed282dc64a07ba4d0c870 WHIRLPOOL 0da5eb7f3e463ff98304a1827856f336aeda5d497450245da11147d158dcb95eb3f6fbff54d20a307f447fa386d7c3ba58ff3be2bc5c753d927e86856d6cbb8b
 MISC metadata.xml 1570 SHA256 7a084172a69649c4565af822f331e3085911a506e422ffc68b8a0082ee07ec6e SHA512 74ee493ede7181e22dd1d6a2889ddf3b4443ab677d3801b0c50b7c728c303f813e0a53dfc0931efbade78b98185401b15079e80e8742358a2a080d5a21f7b7b4 WHIRLPOOL d8239bc47c931b8a0e10ec4f16d91845482c35a029bb1d50914874150ec71b5f1a61def07f566ae4f6b10468426e8426ea8a319c30e41f985f5faf82ab1e6942
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
-iQIcBAEBCAAGBQJUHBuMAAoJEHfx8XVYajsfW7YP/j4sRLzXyTDdNw51I733HVRO
-/pS9qBL6y7mBjnP1OOeDeOJtH74rvGIDkhSISanb2ltZDpCxl5DZRrdJdeEMnMqu
-qdj96WYKh8ba62yZvt6xvkwSZoB2lU/ImIj2pDGqz77i/eywFCw5V9+8Mjq9/lEx
-++hteWapLKSThZr5Z6Dr1R1EOBhfStsBb16OMJSHqqRUZN+Qr3jkjAGbwjImOao+
-ZPQs/JFpecca4y76xwg9cKPTOP3dGIULMQfeW3VPStnkjFapIJAm0FP0b+a9BMYf
-ETsNm8v68NirQZn9NrPtnyL2cS/oJ3YjLa84tZYL0/2djhZXVSyqN2shbFr+zyr8
-tMBXukjX0fZJg2YAuuCkJKh220grN7w/9pO5CJSj/46ka4ey72xm3xF0L5yCoSrR
-RTby9fdwcxY46CKvLXFuy5kRtueyj5qqWa/pmgRbbpB7Cife93HbHlE7cQWoO08S
-wQ+nKtSaJNJqQ2jMtBua6dKndc48zceGXs6SQvVSvN7n6hnLji9gbx7MskyCXJud
-yOyYGWQqXUwTfZeUTfNbS0XAABMXRUrf9ObIuqS0/YwVVZ235rOpxsGPFROTsQmI
-f6StmtivfQ0v0BslgjpkTpH2zzDs1QR9GkPNUl+7C0JSTsioSEHgaZ5ReqEh+/eh
-q+QY+uVZmGj1fGEh91TO
-=nDge
+iQIcBAEBCAAGBQJUKWiCAAoJEHfx8XVYajsf5bIP/29JKpg0h5esqapeDWctFL5G
+PYzbWFdNv0h7FE4td4XO8xsQE++ElYcK8JYJlTGr1PVRxXYjCk6WrY8xhD5vN/6r
+noPBa9mczZtQAMfEFscUsQnETtBVzHHhgNG/lEQ2qRUI+5eVOuuZ3ntLeJs/vinP
+YWtg5w5jnSS7shzz+WW+Qqz8HXFsfrb9hboDc1d8mnPb96psgnSxIJR5GNUrMOEd
+2DIjOpZDfwBBn/tVJ35eBgyukeVOroe7sfM+6NHHD1ZijGe17OKm/iQEbBPMNmRE
+PV4eMv0h45uF5Gw0u5OAbiZfVM7Fq6BhmuW3BFc2b1NxH4H1mObF9Dal87GS3sZr
++es7KLfu5P3JEdb5OSG/SoD65thOWN0Pocq1To71N/hc3K254zbMz41B3QLyzjdS
+cL6MU+/aSjcGmD1frh6ma2y7IGR06XKb+6Yy1r7Rj5kxK98nNrztH5IV7g/cwmj4
+9d8BKWGbz6GM1FjVRElOwsOEFdlYHeFYcjIrw0tYmbfqM7r0qNfOzXRyRo6YsZ9c
+UZz/uG9siPGJRtAYkQGeoAdi/7Nd4K8nRBnUty2GHtA7qFrq3jl0qAkrFhm3NHRi
+cggV+/uJMv9RYiFmxd9pl6z0wQFgPsbkODDmtjqR9kfKXJdqZMcQPqG60t65WNN0
+3DEUmDaXRpbepjA/etjM
+=EUg9
 -----END PGP SIGNATURE-----
diff --git a/net-proxy/squid/files/squid-12683_12681.patch b/net-proxy/squid/files/squid-12683_12681.patch
new file mode 100644
index 000000000000..27847a350289
--- /dev/null
+++ b/net-proxy/squid/files/squid-12683_12681.patch
@@ -0,0 +1,274 @@
+=== modified file 'src/snmp_core.cc'
+--- src/snmp_core.cc	2012-10-16 23:40:01 +0000
++++ src/snmp_core.cc	2014-09-15 04:59:19 +0000
+@@ -362,7 +362,7 @@
+ void
+ snmpHandleUdp(int sock, void *not_used)
+ {
+-    LOCAL_ARRAY(char, buf, SNMP_REQUEST_SIZE);
++    static char buf[SNMP_REQUEST_SIZE];
+     Ip::Address from;
+     SnmpRequest *snmp_rq;
+     int len;
+@@ -371,16 +371,11 @@
+ 
+     Comm::SetSelect(sock, COMM_SELECT_READ, snmpHandleUdp, NULL, 0);
+ 
+-    memset(buf, '\0', SNMP_REQUEST_SIZE);
++    memset(buf, '\0', sizeof(buf));
+ 
+-    len = comm_udp_recvfrom(sock,
+-                            buf,
+-                            SNMP_REQUEST_SIZE,
+-                            0,
+-                            from);
++    len = comm_udp_recvfrom(sock, buf, sizeof(buf)-1, 0, from);
+ 
+     if (len > 0) {
+-        buf[len] = '\0';
+         debugs(49, 3, "snmpHandleUdp: FD " << sock << ": received " << len << " bytes from " << from << ".");
+ 
+         snmp_rq = (SnmpRequest *)xcalloc(1, sizeof(SnmpRequest));
+
+=== modified file 'src/icmp/Icmp4.cc'
+--- src/icmp/Icmp4.cc	2013-01-09 00:19:44 +0000
++++ src/icmp/Icmp4.cc	2014-09-15 05:07:44 +0000
+@@ -41,26 +41,38 @@
+ #include "IcmpPinger.h"
+ #include "Debug.h"
+ 
+-const char *icmpPktStr[] = {
+-    "Echo Reply",
+-    "ICMP 1",
+-    "ICMP 2",
+-    "Destination Unreachable",
+-    "Source Quench",
+-    "Redirect",
+-    "ICMP 6",
+-    "ICMP 7",
+-    "Echo",
+-    "ICMP 9",
+-    "ICMP 10",
+-    "Time Exceeded",
+-    "Parameter Problem",
+-    "Timestamp",
+-    "Timestamp Reply",
+-    "Info Request",
+-    "Info Reply",
+-    "Out of Range Type"
+-};
++static const char *
++IcmpPacketType(uint8_t v)
++{
++    static const char *icmpPktStr[] = {
++        "Echo Reply",
++        "ICMP 1",
++        "ICMP 2",
++        "Destination Unreachable",
++        "Source Quench",
++        "Redirect",
++        "ICMP 6",
++        "ICMP 7",
++        "Echo",
++        "ICMP 9",
++        "ICMP 10",
++        "Time Exceeded",
++        "Parameter Problem",
++        "Timestamp",
++        "Timestamp Reply",
++        "Info Request",
++        "Info Reply",
++        "Out of Range Type"
++    };
++
++    if (v > 17) {
++        static char buf[50];
++        snprintf(buf, sizeof(buf), "ICMP %u (invalid)", v);
++        return buf;
++    }
++
++    return icmpPktStr[v];
++}
+ 
+ Icmp4::Icmp4() : Icmp()
+ {
+@@ -187,6 +199,12 @@
+                  from->ai_addr,
+                  &from->ai_addrlen);
+ 
++    if (n <= 0) {
++        debugs(42, DBG_CRITICAL, HERE << "Error when calling recvfrom() on ICMP socket.");
++        Ip::Address::FreeAddrInfo(from);
++        return;
++    }
++
+     preply.from = *from;
+ 
+ #if GETTIMEOFDAY_NO_TZP
+@@ -243,9 +261,15 @@
+ 
+     preply.psize = n - iphdrlen - (sizeof(icmpEchoData) - MAX_PKT4_SZ);
+ 
++    if (preply.psize < 0) {
++        debugs(42, DBG_CRITICAL, HERE << "Malformed ICMP packet.");
++        Ip::Address::FreeAddrInfo(from);
++        return;
++    }
++
+     control.SendResult(preply, (sizeof(pingerReplyData) - MAX_PKT4_SZ + preply.psize) );
+ 
+-    Log(preply.from, icmp->icmp_type, icmpPktStr[icmp->icmp_type], preply.rtt, preply.hops);
++    Log(preply.from, icmp->icmp_type, IcmpPacketType(icmp->icmp_type), preply.rtt, preply.hops);
+     preply.from.FreeAddrInfo(from);
+ }
+ 
+
+=== modified file 'src/icmp/Icmp6.cc'
+--- src/icmp/Icmp6.cc	2013-01-09 00:19:44 +0000
++++ src/icmp/Icmp6.cc	2014-09-15 05:07:44 +0000
+@@ -50,57 +50,61 @@
+ 
+ // Icmp6 OP-Codes
+ // see http://www.iana.org/assignments/icmpv6-parameters
+-// NP: LowPktStr is for codes 0-127
+-static const char *icmp6LowPktStr[] = {
+-    "ICMP 0",			// 0
+-    "Destination Unreachable",	// 1 - RFC2463
+-    "Packet Too Big", 		// 2 - RFC2463
+-    "Time Exceeded",		// 3 - RFC2463
+-    "Parameter Problem",		// 4 - RFC2463
+-    "ICMP 5",			// 5
+-    "ICMP 6",			// 6
+-    "ICMP 7",			// 7
+-    "ICMP 8",			// 8
+-    "ICMP 9",			// 9
+-    "ICMP 10"			// 10
+-};
+-
+-// NP: HighPktStr is for codes 128-255
+-static const char *icmp6HighPktStr[] = {
+-    "Echo Request",					// 128 - RFC2463
+-    "Echo Reply",					// 129 - RFC2463
+-    "Multicast Listener Query",			// 130 - RFC2710
+-    "Multicast Listener Report",			// 131 - RFC2710
+-    "Multicast Listener Done",			// 132 - RFC2710
+-    "Router Solicitation",				// 133 - RFC4861
+-    "Router Advertisement",				// 134 - RFC4861
+-    "Neighbor Solicitation",			// 135 - RFC4861
+-    "Neighbor Advertisement",			// 136 - RFC4861
+-    "Redirect Message",				// 137 - RFC4861
+-    "Router Renumbering",				// 138 - Crawford
+-    "ICMP Node Information Query",			// 139 - RFC4620
+-    "ICMP Node Information Response",		// 140 - RFC4620
+-    "Inverse Neighbor Discovery Solicitation",	// 141 - RFC3122
+-    "Inverse Neighbor Discovery Advertisement",	// 142 - RFC3122
+-    "Version 2 Multicast Listener Report",		// 143 - RFC3810
+-    "Home Agent Address Discovery Request",		// 144 - RFC3775
+-    "Home Agent Address Discovery Reply",		// 145 - RFC3775
+-    "Mobile Prefix Solicitation",			// 146 - RFC3775
+-    "Mobile Prefix Advertisement",			// 147 - RFC3775
+-    "Certification Path Solicitation",		// 148 - RFC3971
+-    "Certification Path Advertisement",		// 149 - RFC3971
+-    "ICMP Experimental (150)",			// 150 - RFC4065
+-    "Multicast Router Advertisement",		// 151 - RFC4286
+-    "Multicast Router Solicitation",		// 152 - RFC4286
+-    "Multicast Router Termination",			// 153 - [RFC4286]
+-    "ICMP 154",
+-    "ICMP 155",
+-    "ICMP 156",
+-    "ICMP 157",
+-    "ICMP 158",
+-    "ICMP 159",
+-    "ICMP 160"
+-};
++static const char *
++IcmpPacketType(uint8_t v)
++{
++    // NP: LowPktStr is for codes 0-127
++    static const char *icmp6LowPktStr[] = {
++        "ICMPv6 0",			// 0
++        "Destination Unreachable",	// 1 - RFC2463
++        "Packet Too Big", 		// 2 - RFC2463
++        "Time Exceeded",		// 3 - RFC2463
++        "Parameter Problem",		// 4 - RFC2463
++    };
++
++    // low codes 1-4 registered
++    if (0 < v && v < 5)
++        return icmp6LowPktStr[(int)(v&0x7f)];
++
++    // NP: HighPktStr is for codes 128-255
++    static const char *icmp6HighPktStr[] = {
++        "Echo Request",					// 128 - RFC2463
++        "Echo Reply",					// 129 - RFC2463
++        "Multicast Listener Query",			// 130 - RFC2710
++        "Multicast Listener Report",			// 131 - RFC2710
++        "Multicast Listener Done",			// 132 - RFC2710
++        "Router Solicitation",				// 133 - RFC4861
++        "Router Advertisement",				// 134 - RFC4861
++        "Neighbor Solicitation",			// 135 - RFC4861
++        "Neighbor Advertisement",			// 136 - RFC4861
++        "Redirect Message",				// 137 - RFC4861
++        "Router Renumbering",				// 138 - Crawford
++        "ICMP Node Information Query",			// 139 - RFC4620
++        "ICMP Node Information Response",		// 140 - RFC4620
++        "Inverse Neighbor Discovery Solicitation",	// 141 - RFC3122
++        "Inverse Neighbor Discovery Advertisement",	// 142 - RFC3122
++        "Version 2 Multicast Listener Report",		// 143 - RFC3810
++        "Home Agent Address Discovery Request",		// 144 - RFC3775
++        "Home Agent Address Discovery Reply",		// 145 - RFC3775
++        "Mobile Prefix Solicitation",			// 146 - RFC3775
++        "Mobile Prefix Advertisement",			// 147 - RFC3775
++        "Certification Path Solicitation",		// 148 - RFC3971
++        "Certification Path Advertisement",		// 149 - RFC3971
++        "ICMP Experimental (150)",			// 150 - RFC4065
++        "Multicast Router Advertisement",		// 151 - RFC4286
++        "Multicast Router Solicitation",		// 152 - RFC4286
++        "Multicast Router Termination",			// 153 - [RFC4286]
++    };
++
++    // high codes 127-153 registered
++    if (127 < v && v < 154)
++        return icmp6HighPktStr[(int)(v&0x7f)];
++
++    // give all others a generic display
++    static char buf[50];
++    snprintf(buf, sizeof(buf), "ICMPv6 %u", v);
++    return buf;
++}
+ 
+ Icmp6::Icmp6() : Icmp()
+ {
+@@ -236,6 +240,12 @@
+                  from->ai_addr,
+                  &from->ai_addrlen);
+ 
++    if (n <= 0) {
++        debugs(42, DBG_CRITICAL, HERE << "Error when calling recvfrom() on ICMPv6 socket.");
++        Ip::Address::FreeAddrInfo(from);
++        return;
++    }
++
+     preply.from = *from;
+ 
+ #if GETTIMEOFDAY_NO_TZP
+@@ -291,8 +301,7 @@
+ 
+         default:
+             debugs(42, 8, HERE << preply.from << " said: " << icmp6header->icmp6_type << "/" << (int)icmp6header->icmp6_code << " " <<
+-                   ( icmp6header->icmp6_type&0x80 ? icmp6HighPktStr[(int)(icmp6header->icmp6_type&0x7f)] : icmp6LowPktStr[(int)(icmp6header->icmp6_type&0x7f)] )
+-                  );
++                   IcmpPacketType(icmp6header->icmp6_type));
+         }
+         preply.from.FreeAddrInfo(from);
+         return;
+@@ -331,7 +340,7 @@
+ 
+     Log(preply.from,
+         icmp6header->icmp6_type,
+-        ( icmp6header->icmp6_type&0x80 ? icmp6HighPktStr[(int)(icmp6header->icmp6_type&0x7f)] : icmp6LowPktStr[(int)(icmp6header->icmp6_type&0x7f)] ),
++        IcmpPacketType(icmp6header->icmp6_type),
+         preply.rtt,
+         preply.hops);
+ 
+
diff --git a/net-proxy/squid/files/squid-13173_13171.patch b/net-proxy/squid/files/squid-13173_13171.patch
new file mode 100644
index 000000000000..da79daca674c
--- /dev/null
+++ b/net-proxy/squid/files/squid-13173_13171.patch
@@ -0,0 +1,274 @@
+=== modified file 'src/snmp_core.cc'
+--- src/snmp_core.cc	2014-02-18 08:46:49 +0000
++++ src/snmp_core.cc	2014-09-15 04:58:34 +0000
+@@ -362,7 +362,7 @@
+ void
+ snmpHandleUdp(int sock, void *not_used)
+ {
+-    LOCAL_ARRAY(char, buf, SNMP_REQUEST_SIZE);
++    static char buf[SNMP_REQUEST_SIZE];
+     Ip::Address from;
+     SnmpRequest *snmp_rq;
+     int len;
+@@ -371,16 +371,11 @@
+ 
+     Comm::SetSelect(sock, COMM_SELECT_READ, snmpHandleUdp, NULL, 0);
+ 
+-    memset(buf, '\0', SNMP_REQUEST_SIZE);
++    memset(buf, '\0', sizeof(buf));
+ 
+-    len = comm_udp_recvfrom(sock,
+-                            buf,
+-                            SNMP_REQUEST_SIZE,
+-                            0,
+-                            from);
++    len = comm_udp_recvfrom(sock, buf, sizeof(buf)-1, 0, from);
+ 
+     if (len > 0) {
+-        buf[len] = '\0';
+         debugs(49, 3, "snmpHandleUdp: FD " << sock << ": received " << len << " bytes from " << from << ".");
+ 
+         snmp_rq = (SnmpRequest *)xcalloc(1, sizeof(SnmpRequest));
+
+=== modified file 'src/icmp/Icmp4.cc'
+--- src/icmp/Icmp4.cc	2013-06-03 14:05:16 +0000
++++ src/icmp/Icmp4.cc	2014-09-15 05:06:14 +0000
+@@ -41,26 +41,38 @@
+ #include "IcmpPinger.h"
+ #include "Debug.h"
+ 
+-const char *icmpPktStr[] = {
+-    "Echo Reply",
+-    "ICMP 1",
+-    "ICMP 2",
+-    "Destination Unreachable",
+-    "Source Quench",
+-    "Redirect",
+-    "ICMP 6",
+-    "ICMP 7",
+-    "Echo",
+-    "ICMP 9",
+-    "ICMP 10",
+-    "Time Exceeded",
+-    "Parameter Problem",
+-    "Timestamp",
+-    "Timestamp Reply",
+-    "Info Request",
+-    "Info Reply",
+-    "Out of Range Type"
+-};
++static const char *
++IcmpPacketType(uint8_t v)
++{
++    static const char *icmpPktStr[] = {
++        "Echo Reply",
++        "ICMP 1",
++        "ICMP 2",
++        "Destination Unreachable",
++        "Source Quench",
++        "Redirect",
++        "ICMP 6",
++        "ICMP 7",
++        "Echo",
++        "ICMP 9",
++        "ICMP 10",
++        "Time Exceeded",
++        "Parameter Problem",
++        "Timestamp",
++        "Timestamp Reply",
++        "Info Request",
++        "Info Reply",
++        "Out of Range Type"
++    };
++
++    if (v > 17) {
++        static char buf[50];
++        snprintf(buf, sizeof(buf), "ICMP %u (invalid)", v);
++        return buf;
++    }
++
++    return icmpPktStr[v];
++}
+ 
+ Icmp4::Icmp4() : Icmp()
+ {
+@@ -187,6 +199,12 @@
+                  from->ai_addr,
+                  &from->ai_addrlen);
+ 
++    if (n <= 0) {
++        debugs(42, DBG_CRITICAL, HERE << "Error when calling recvfrom() on ICMP socket.");
++        Ip::Address::FreeAddrInfo(from);
++        return;
++    }
++
+     preply.from = *from;
+ 
+ #if GETTIMEOFDAY_NO_TZP
+@@ -243,9 +261,15 @@
+ 
+     preply.psize = n - iphdrlen - (sizeof(icmpEchoData) - MAX_PKT4_SZ);
+ 
++    if (preply.psize < 0) {
++        debugs(42, DBG_CRITICAL, HERE << "Malformed ICMP packet.");
++        Ip::Address::FreeAddrInfo(from);
++        return;
++    }
++
+     control.SendResult(preply, (sizeof(pingerReplyData) - MAX_PKT4_SZ + preply.psize) );
+ 
+-    Log(preply.from, icmp->icmp_type, icmpPktStr[icmp->icmp_type], preply.rtt, preply.hops);
++    Log(preply.from, icmp->icmp_type, IcmpPacketType(icmp->icmp_type), preply.rtt, preply.hops);
+     Ip::Address::FreeAddrInfo(from);
+ }
+ 
+
+=== modified file 'src/icmp/Icmp6.cc'
+--- src/icmp/Icmp6.cc	2013-06-03 14:05:16 +0000
++++ src/icmp/Icmp6.cc	2014-09-15 05:06:14 +0000
+@@ -50,57 +50,61 @@
+ 
+ // Icmp6 OP-Codes
+ // see http://www.iana.org/assignments/icmpv6-parameters
+-// NP: LowPktStr is for codes 0-127
+-static const char *icmp6LowPktStr[] = {
+-    "ICMP 0",			// 0
+-    "Destination Unreachable",	// 1 - RFC2463
+-    "Packet Too Big", 		// 2 - RFC2463
+-    "Time Exceeded",		// 3 - RFC2463
+-    "Parameter Problem",		// 4 - RFC2463
+-    "ICMP 5",			// 5
+-    "ICMP 6",			// 6
+-    "ICMP 7",			// 7
+-    "ICMP 8",			// 8
+-    "ICMP 9",			// 9
+-    "ICMP 10"			// 10
+-};
+-
+-// NP: HighPktStr is for codes 128-255
+-static const char *icmp6HighPktStr[] = {
+-    "Echo Request",					// 128 - RFC2463
+-    "Echo Reply",					// 129 - RFC2463
+-    "Multicast Listener Query",			// 130 - RFC2710
+-    "Multicast Listener Report",			// 131 - RFC2710
+-    "Multicast Listener Done",			// 132 - RFC2710
+-    "Router Solicitation",				// 133 - RFC4861
+-    "Router Advertisement",				// 134 - RFC4861
+-    "Neighbor Solicitation",			// 135 - RFC4861
+-    "Neighbor Advertisement",			// 136 - RFC4861
+-    "Redirect Message",				// 137 - RFC4861
+-    "Router Renumbering",				// 138 - Crawford
+-    "ICMP Node Information Query",			// 139 - RFC4620
+-    "ICMP Node Information Response",		// 140 - RFC4620
+-    "Inverse Neighbor Discovery Solicitation",	// 141 - RFC3122
+-    "Inverse Neighbor Discovery Advertisement",	// 142 - RFC3122
+-    "Version 2 Multicast Listener Report",		// 143 - RFC3810
+-    "Home Agent Address Discovery Request",		// 144 - RFC3775
+-    "Home Agent Address Discovery Reply",		// 145 - RFC3775
+-    "Mobile Prefix Solicitation",			// 146 - RFC3775
+-    "Mobile Prefix Advertisement",			// 147 - RFC3775
+-    "Certification Path Solicitation",		// 148 - RFC3971
+-    "Certification Path Advertisement",		// 149 - RFC3971
+-    "ICMP Experimental (150)",			// 150 - RFC4065
+-    "Multicast Router Advertisement",		// 151 - RFC4286
+-    "Multicast Router Solicitation",		// 152 - RFC4286
+-    "Multicast Router Termination",			// 153 - [RFC4286]
+-    "ICMP 154",
+-    "ICMP 155",
+-    "ICMP 156",
+-    "ICMP 157",
+-    "ICMP 158",
+-    "ICMP 159",
+-    "ICMP 160"
+-};
++static const char *
++IcmpPacketType(uint8_t v)
++{
++    // NP: LowPktStr is for codes 0-127
++    static const char *icmp6LowPktStr[] = {
++        "ICMPv6 0",			// 0
++        "Destination Unreachable",	// 1 - RFC2463
++        "Packet Too Big", 		// 2 - RFC2463
++        "Time Exceeded",		// 3 - RFC2463
++        "Parameter Problem",		// 4 - RFC2463
++    };
++
++    // low codes 1-4 registered
++    if (0 < v && v < 5)
++        return icmp6LowPktStr[(int)(v&0x7f)];
++
++    // NP: HighPktStr is for codes 128-255
++    static const char *icmp6HighPktStr[] = {
++        "Echo Request",					// 128 - RFC2463
++        "Echo Reply",					// 129 - RFC2463
++        "Multicast Listener Query",			// 130 - RFC2710
++        "Multicast Listener Report",			// 131 - RFC2710
++        "Multicast Listener Done",			// 132 - RFC2710
++        "Router Solicitation",				// 133 - RFC4861
++        "Router Advertisement",				// 134 - RFC4861
++        "Neighbor Solicitation",			// 135 - RFC4861
++        "Neighbor Advertisement",			// 136 - RFC4861
++        "Redirect Message",				// 137 - RFC4861
++        "Router Renumbering",				// 138 - Crawford
++        "ICMP Node Information Query",			// 139 - RFC4620
++        "ICMP Node Information Response",		// 140 - RFC4620
++        "Inverse Neighbor Discovery Solicitation",	// 141 - RFC3122
++        "Inverse Neighbor Discovery Advertisement",	// 142 - RFC3122
++        "Version 2 Multicast Listener Report",		// 143 - RFC3810
++        "Home Agent Address Discovery Request",		// 144 - RFC3775
++        "Home Agent Address Discovery Reply",		// 145 - RFC3775
++        "Mobile Prefix Solicitation",			// 146 - RFC3775
++        "Mobile Prefix Advertisement",			// 147 - RFC3775
++        "Certification Path Solicitation",		// 148 - RFC3971
++        "Certification Path Advertisement",		// 149 - RFC3971
++        "ICMP Experimental (150)",			// 150 - RFC4065
++        "Multicast Router Advertisement",		// 151 - RFC4286
++        "Multicast Router Solicitation",		// 152 - RFC4286
++        "Multicast Router Termination",			// 153 - [RFC4286]
++    };
++
++    // high codes 127-153 registered
++    if (127 < v && v < 154)
++        return icmp6HighPktStr[(int)(v&0x7f)];
++
++    // give all others a generic display
++    static char buf[50];
++    snprintf(buf, sizeof(buf), "ICMPv6 %u", v);
++    return buf;
++}
+ 
+ Icmp6::Icmp6() : Icmp()
+ {
+@@ -236,6 +240,12 @@
+                  from->ai_addr,
+                  &from->ai_addrlen);
+ 
++    if (n <= 0) {
++        debugs(42, DBG_CRITICAL, HERE << "Error when calling recvfrom() on ICMPv6 socket.");
++        Ip::Address::FreeAddrInfo(from);
++        return;
++    }
++
+     preply.from = *from;
+ 
+ #if GETTIMEOFDAY_NO_TZP
+@@ -291,8 +301,7 @@
+ 
+         default:
+             debugs(42, 8, HERE << preply.from << " said: " << icmp6header->icmp6_type << "/" << (int)icmp6header->icmp6_code << " " <<
+-                   ( icmp6header->icmp6_type&0x80 ? icmp6HighPktStr[(int)(icmp6header->icmp6_type&0x7f)] : icmp6LowPktStr[(int)(icmp6header->icmp6_type&0x7f)] )
+-                  );
++                   IcmpPacketType(icmp6header->icmp6_type));
+         }
+         Ip::Address::FreeAddrInfo(from);
+         return;
+@@ -331,7 +340,7 @@
+ 
+     Log(preply.from,
+         icmp6header->icmp6_type,
+-        ( icmp6header->icmp6_type&0x80 ? icmp6HighPktStr[(int)(icmp6header->icmp6_type&0x7f)] : icmp6LowPktStr[(int)(icmp6header->icmp6_type&0x7f)] ),
++        IcmpPacketType(icmp6header->icmp6_type),
+         preply.rtt,
+         preply.hops);
+ 
+
diff --git a/net-proxy/squid/squid-3.3.13-r1.ebuild b/net-proxy/squid/squid-3.3.13-r1.ebuild
new file mode 100644
index 000000000000..b924553329d5
--- /dev/null
+++ b/net-proxy/squid/squid-3.3.13-r1.ebuild
@@ -0,0 +1,250 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-3.3.13-r1.ebuild,v 1.1 2014/09/29 14:11:12 eras Exp $
+
+EAPI=5
+inherit autotools eutils linux-info pam toolchain-funcs user versionator
+
+DESCRIPTION="A full-featured web proxy cache"
+HOMEPAGE="http://www.squid-cache.org/"
+SRC_URI="ftp://ftp.squid-cache.org/pub/archive/3.3/${P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="caps ipv6 pam ldap samba sasl kerberos nis radius ssl snmp selinux logrotate test \
+	ecap icap-client ssl-crtd \
+	mysql postgres sqlite \
+	qos tproxy \
+	pf-transparent ipf-transparent kqueue \
+	elibc_uclibc kernel_linux"
+
+COMMON_DEPEND="caps? ( >=sys-libs/libcap-2.16 )
+	pam? ( virtual/pam )
+	ldap? ( net-nds/openldap )
+	kerberos? ( virtual/krb5 )
+	qos? ( net-libs/libnetfilter_conntrack )
+	ssl? ( dev-libs/openssl )
+	sasl? ( dev-libs/cyrus-sasl )
+	ecap? ( net-libs/libecap:0.2 )
+	selinux? ( sec-policy/selinux-squid )
+	!x86-fbsd? ( logrotate? ( app-admin/logrotate ) )
+	>=sys-libs/db-4
+	sys-devel/libtool
+	dev-lang/perl
+	sys-devel/libtool"
+DEPEND="${COMMON_DEPEND}
+	sys-apps/ed
+	test? ( dev-util/cppunit )"
+RDEPEND="${COMMON_DEPEND}
+	samba? ( net-fs/samba )
+	mysql? ( dev-perl/DBD-mysql )
+	postgres? ( dev-perl/DBD-Pg )
+	sqlite? ( dev-perl/DBD-SQLite )
+	!<=sci-biology/meme-4.8.1-r1"
+
+REQUIRED_USE="tproxy? ( caps )
+			qos? ( caps )"
+
+pkg_pretend() {
+	if use tproxy; then
+		local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_TPROXY ~NETFILTER_XT_MATCH_SOCKET ~NETFILTER_XT_TARGET_TPROXY"
+		linux-info_pkg_setup
+	fi
+}
+
+pkg_setup() {
+	enewgroup squid 31
+	enewuser squid 31 -1 /var/cache/squid squid
+}
+
+src_prepare() {
+	epatch "${FILESDIR}/${PN}-3.3.4-gentoo.patch"
+	epatch "${FILESDIR}/${PN}-12683_12681.patch"
+	sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:' \
+		lib/libTrie/configure.ac || die
+	sed -i -e 's:/usr/local/squid/etc:/etc/squid:' \
+		INSTALL QUICKSTART \
+		helpers/basic_auth/MSNT/README.html \
+		helpers/basic_auth/MSNT/confload.cc \
+		helpers/basic_auth/MSNT/msntauth.conf.default \
+		scripts/fileno-to-pathname.pl \
+		scripts/check_cache.pl \
+		tools/cachemgr.cgi.8 \
+		tools/purge/conffile.hh \
+		tools/purge/README  || die
+	sed -i -e 's:/usr/local/squid/sbin:/usr/sbin:' \
+		INSTALL QUICKSTART || die
+	sed -i -e 's:/usr/local/squid/var/cache:/var/cache/squid:' \
+		QUICKSTART || die
+	sed -i -e 's:/usr/local/squid/var/logs:/var/log/squid:' \
+		QUICKSTART \
+		src/log/access_log.cc || die
+	sed -i -e 's:/usr/local/squid/logs:/var/log/squid:' \
+		src/log/access_log.cc || die
+	sed -i -e 's:/usr/local/squid/bin:/usr/bin:' \
+		helpers/basic_auth/MSNT/README.html || die
+	sed -i -e 's:/usr/local/squid/libexec:/usr/libexec/squid:' \
+		helpers/external_acl/unix_group/ext_unix_group_acl.8 \
+		helpers/external_acl/session/ext_session_acl.8 \
+		src/ssl/ssl_crtd.8 || die
+	sed -i -e 's:/usr/local/squid/cache:/var/cache/squid:' \
+		scripts/check_cache.pl || die
+	sed -i -e 's:/usr/local/squid/ssl_cert:/etc/ssl/squid:' \
+		src/ssl/ssl_crtd.8 || die
+	sed -i -e 's:/usr/local/squid/var/lib/ssl_db:/var/lib/squid/ssl_db:' \
+		src/ssl/ssl_crtd.8 || die
+	sed -i -e 's:/var/lib/ssl_db:/var/lib/squid/ssl_db:' \
+		src/ssl/ssl_crtd.8 || die
+	# /var/run/squid to /run/squid
+	sed -i -e 's:$(localstatedir)::' \
+		src/ipc/Makefile.am
+
+	epatch_user
+
+	# Bug #419685 - eautoreconf in src_prepare() fails in libltdl/
+	#               aclocal-1.11: `configure.ac' or `configure.in' is required
+	MAKEOPTS="${MAKEOPTS} -j1" eautoreconf
+}
+
+src_configure() {
+	local basic_modules="MSNT,MSNT-multi-domain,NCSA,POP3,getpwnam"
+	use samba && basic_modules+=",SMB"
+	use ldap && basic_modules+=",LDAP"
+	use pam && basic_modules+=",PAM"
+	use sasl && basic_modules+=",SASL"
+	use nis && ! use elibc_uclibc && basic_modules+=",NIS"
+	use radius && basic_modules+=",RADIUS"
+	if use mysql || use postgres || use sqlite ; then
+		basic_modules+=",DB"
+	fi
+
+	local digest_modules="file"
+	use ldap && digest_modules+=",LDAP,eDirectory"
+
+	local negotiate_modules myconf
+	if use kerberos ; then
+		negotiate_modules="kerberos,wrapper"
+		myconf="--with-krb5-config=yes"
+	else
+		negotiate_modules="none"
+		myconf="--with-krb5-config=no"
+	fi
+
+	local ntlm_modules="none"
+	use samba && ntlm_modules="smb_lm"
+
+	local ext_helpers="file_userip,session,unix_group"
+	use samba && ext_helpers+=",wbinfo_group"
+	use ldap && ext_helpers+=",LDAP_group,eDirectory_userip"
+	use ldap && use kerberos && ext_helpers+=",kerberos_ldap_group"
+
+	# uclibc does not have aio support - needed for coss (#61175)
+	local storeio_modules="aufs,diskd,rock,ufs"
+
+	local transparent
+	if use kernel_linux ; then
+		transparent+=" --enable-linux-netfilter"
+		use qos && transparent+=" --enable-zph-qos --with-netfilter-conntrack"
+	fi
+
+	if use kernel_FreeBSD || use kernel_OpenBSD || use kernel_NetBSD ; then
+		transparent+=" $(use_enable kqueue)"
+		if use pf-transparent; then
+			transparent+=" --enable-pf-transparent"
+		elif use ipf-transparent; then
+			transparent+=" --enable-ipf-transparent"
+		fi
+	fi
+
+	tc-export CC AR
+
+	econf \
+		--sysconfdir=/etc/squid \
+		--libexecdir=/usr/libexec/squid \
+		--localstatedir=/var \
+		--with-pidfile=/run/squid.pid \
+		--datadir=/usr/share/squid \
+		--with-logdir=/var/log/squid \
+		--with-default-user=squid \
+		--enable-removal-policies="lru,heap" \
+		--enable-storeio="${storeio_modules}" \
+		--enable-disk-io \
+		--enable-auth \
+		--enable-auth-basic="${basic_modules}" \
+		--enable-auth-digest="${digest_modules}" \
+		--enable-auth-ntlm="${ntlm_modules}" \
+		--enable-auth-negotiate="${negotiate_modules}" \
+		--enable-external-acl-helpers="${ext_helpers}" \
+		--enable-log-daemon-helpers \
+		--enable-url-rewrite-helpers \
+		--enable-cache-digests \
+		--enable-delay-pools \
+		--enable-eui \
+		--enable-icmp \
+		--enable-follow-x-forwarded-for \
+		--enable-esi \
+		--with-large-files \
+		--disable-strict-error-checking \
+		$(use_with caps libcap) \
+		$(use_enable ipv6) \
+		$(use_enable snmp) \
+		$(use_enable ssl) \
+		$(use_enable ssl-crtd) \
+		$(use_enable icap-client) \
+		$(use_enable ecap) \
+		${transparent} \
+		${myconf}
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	# need suid root for looking into /etc/shadow
+	fowners root:squid /usr/libexec/squid/basic_ncsa_auth
+	fperms 4750 /usr/libexec/squid/basic_ncsa_auth
+	if use pam; then
+		fowners root:squid /usr/libexec/squid/basic_pam_auth
+		fperms 4750 /usr/libexec/squid/basic_pam_auth
+	fi
+	# pinger needs suid as well
+	fowners root:squid /usr/libexec/squid/pinger
+	fperms 4750 /usr/libexec/squid/pinger
+
+	# some cleanups
+	rm -f "${D}"/usr/bin/Run*
+	rm -rf "${D}"/run/squid "${D}"/var/cache/squid
+
+	dodoc CONTRIBUTORS CREDITS ChangeLog INSTALL QUICKSTART README SPONSORS doc/*.txt
+	newdoc helpers/negotiate_auth/kerberos/README README.kerberos
+	newdoc helpers/basic_auth/MSNT-multi-domain/README.txt README.MSNT-multi-domain
+	newdoc helpers/basic_auth/LDAP/README README.LDAP
+	newdoc helpers/basic_auth/RADIUS/README README.RADIUS
+	newdoc helpers/external_acl/kerberos_ldap_group/README README.kerberos_ldap_group
+	newdoc tools/purge/README README.purge
+	newdoc tools/helper-mux.README README.helper-mux
+	dohtml RELEASENOTES.html
+
+	newpamd "${FILESDIR}/squid.pam" squid
+	newconfd "${FILESDIR}/squid.confd-r1" squid
+	newinitd "${FILESDIR}/squid.initd-r4" squid
+	if use logrotate; then
+		insinto /etc/logrotate.d
+		newins "${FILESDIR}/squid.logrotate" squid
+	else
+		exeinto /etc/cron.weekly
+		newexe "${FILESDIR}/squid.cron" squid.cron
+	fi
+
+	diropts -m0750 -o squid -g squid
+	keepdir /var/log/squid /etc/ssl/squid /var/lib/squid
+}
+
+pkg_postinst() {
+	if [[ $(get_version_component_range 1 ${REPLACING_VERSIONS}) -lt 3 ]] || \
+		[[ $(get_version_component_range 2 ${REPLACING_VERSIONS}) -lt 3 ]]; then
+		elog "Please read the release notes at:"
+		elog "  http://www.squid-cache.org/Versions/v3/3.3/RELEASENOTES.html"
+		echo
+	fi
+}
diff --git a/net-proxy/squid/squid-3.4.7-r1.ebuild b/net-proxy/squid/squid-3.4.7-r1.ebuild
new file mode 100644
index 000000000000..d4c3de65269a
--- /dev/null
+++ b/net-proxy/squid/squid-3.4.7-r1.ebuild
@@ -0,0 +1,256 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-3.4.7-r1.ebuild,v 1.1 2014/09/29 14:11:12 eras Exp $
+
+EAPI=5
+inherit autotools eutils linux-info pam toolchain-funcs user versionator
+
+DESCRIPTION="A full-featured web proxy cache"
+HOMEPAGE="http://www.squid-cache.org/"
+SRC_URI="ftp://ftp.squid-cache.org/pub/archive/3.4/${P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="caps ipv6 pam ldap samba sasl kerberos nis radius ssl snmp selinux logrotate test \
+	ecap esi icap-client ssl-crtd \
+	mysql postgres sqlite \
+	qos tproxy \
+	+htcp +wccp +wccpv2 \
+	pf-transparent ipf-transparent kqueue \
+	elibc_uclibc kernel_linux"
+
+COMMON_DEPEND="caps? ( >=sys-libs/libcap-2.16 )
+	pam? ( virtual/pam )
+	ldap? ( net-nds/openldap )
+	kerberos? ( virtual/krb5 )
+	qos? ( net-libs/libnetfilter_conntrack )
+	ssl? ( dev-libs/openssl dev-libs/nettle )
+	sasl? ( dev-libs/cyrus-sasl )
+	ecap? ( net-libs/libecap:0.2 )
+	esi? ( dev-libs/expat dev-libs/libxml2 )
+	selinux? ( sec-policy/selinux-squid )
+	!x86-fbsd? ( logrotate? ( app-admin/logrotate ) )
+	>=sys-libs/db-4
+	sys-devel/libtool
+	dev-lang/perl
+	sys-devel/libtool"
+DEPEND="${COMMON_DEPEND}
+	ecap? ( virtual/pkgconfig )
+	sys-apps/ed
+	test? ( dev-util/cppunit )"
+RDEPEND="${COMMON_DEPEND}
+	samba? ( net-fs/samba )
+	mysql? ( dev-perl/DBD-mysql )
+	postgres? ( dev-perl/DBD-Pg )
+	sqlite? ( dev-perl/DBD-SQLite )
+	!<=sci-biology/meme-4.8.1-r1"
+
+REQUIRED_USE="tproxy? ( caps )
+			qos? ( caps )"
+
+pkg_pretend() {
+	if use tproxy; then
+		local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_TPROXY ~NETFILTER_XT_MATCH_SOCKET ~NETFILTER_XT_TARGET_TPROXY"
+		linux-info_pkg_setup
+	fi
+}
+
+pkg_setup() {
+	enewgroup squid 31
+	enewuser squid 31 -1 /var/cache/squid squid
+}
+
+src_prepare() {
+	epatch "${FILESDIR}/${PN}-3.3.4-gentoo.patch"
+	epatch "${FILESDIR}/${PN}-13173_13171.patch"
+	sed -i -e 's:/usr/local/squid/etc:/etc/squid:' \
+		INSTALL QUICKSTART \
+		helpers/basic_auth/MSNT/README.html \
+		helpers/basic_auth/MSNT/confload.cc \
+		helpers/basic_auth/MSNT/msntauth.conf.default \
+		scripts/fileno-to-pathname.pl \
+		scripts/check_cache.pl \
+		tools/cachemgr.cgi.8 \
+		tools/purge/conffile.hh \
+		tools/purge/README  || die
+	sed -i -e 's:/usr/local/squid/sbin:/usr/sbin:' \
+		INSTALL QUICKSTART || die
+	sed -i -e 's:/usr/local/squid/var/cache:/var/cache/squid:' \
+		QUICKSTART || die
+	sed -i -e 's:/usr/local/squid/var/logs:/var/log/squid:' \
+		QUICKSTART \
+		src/log/access_log.cc || die
+	sed -i -e 's:/usr/local/squid/logs:/var/log/squid:' \
+		src/log/access_log.cc || die
+	sed -i -e 's:/usr/local/squid/bin:/usr/bin:' \
+		helpers/basic_auth/MSNT/README.html || die
+	sed -i -e 's:/usr/local/squid/libexec:/usr/libexec/squid:' \
+		helpers/external_acl/unix_group/ext_unix_group_acl.8 \
+		helpers/external_acl/session/ext_session_acl.8 \
+		src/ssl/ssl_crtd.8 || die
+	sed -i -e 's:/usr/local/squid/cache:/var/cache/squid:' \
+		scripts/check_cache.pl || die
+	sed -i -e 's:/usr/local/squid/ssl_cert:/etc/ssl/squid:' \
+		src/ssl/ssl_crtd.8 || die
+	sed -i -e 's:/usr/local/squid/var/lib/ssl_db:/var/lib/squid/ssl_db:' \
+		src/ssl/ssl_crtd.8 || die
+	sed -i -e 's:/var/lib/ssl_db:/var/lib/squid/ssl_db:' \
+		src/ssl/ssl_crtd.8 || die
+	# /var/run/squid to /run/squid
+	sed -i -e 's:$(localstatedir)::' \
+		src/ipc/Makefile.am
+
+	epatch_user
+
+	# Bug #419685 - eautoreconf in src_prepare() fails in libltdl/
+	#               aclocal-1.11: `configure.ac' or `configure.in' is required
+	MAKEOPTS="${MAKEOPTS} -j1" eautoreconf
+}
+
+src_configure() {
+	local basic_modules="MSNT,MSNT-multi-domain,NCSA,POP3,getpwnam"
+	use samba && basic_modules+=",SMB"
+	use ldap && basic_modules+=",LDAP"
+	use pam && basic_modules+=",PAM"
+	use sasl && basic_modules+=",SASL"
+	use nis && ! use elibc_uclibc && basic_modules+=",NIS"
+	use radius && basic_modules+=",RADIUS"
+	if use mysql || use postgres || use sqlite ; then
+		basic_modules+=",DB"
+	fi
+
+	local digest_modules="file"
+	use ldap && digest_modules+=",LDAP,eDirectory"
+
+	local negotiate_modules myconf
+	if use kerberos ; then
+		negotiate_modules="kerberos,wrapper"
+		myconf="--with-krb5-config=yes"
+	else
+		negotiate_modules="none"
+		myconf="--with-krb5-config=no"
+	fi
+
+	local ntlm_modules="none"
+	use samba && ntlm_modules="smb_lm"
+
+	local ext_helpers="file_userip,session,unix_group"
+	use samba && ext_helpers+=",wbinfo_group"
+	use ldap && ext_helpers+=",LDAP_group,eDirectory_userip"
+	use ldap && use kerberos && ext_helpers+=",kerberos_ldap_group"
+
+	# uclibc does not have aio support - needed for coss (#61175)
+	local storeio_modules="aufs,diskd,rock,ufs"
+
+	local transparent
+	if use kernel_linux ; then
+		transparent+=" --enable-linux-netfilter"
+		use qos && transparent+=" --enable-zph-qos --with-netfilter-conntrack"
+	fi
+
+	if use kernel_FreeBSD || use kernel_OpenBSD || use kernel_NetBSD ; then
+		transparent+=" $(use_enable kqueue)"
+		if use pf-transparent; then
+			transparent+=" --enable-pf-transparent"
+		elif use ipf-transparent; then
+			transparent+=" --enable-ipf-transparent"
+		fi
+	fi
+
+	tc-export CC AR
+
+	econf \
+		--sysconfdir=/etc/squid \
+		--libexecdir=/usr/libexec/squid \
+		--localstatedir=/var \
+		--with-pidfile=/run/squid.pid \
+		--datadir=/usr/share/squid \
+		--with-logdir=/var/log/squid \
+		--with-default-user=squid \
+		--enable-removal-policies="lru,heap" \
+		--enable-storeio="${storeio_modules}" \
+		--enable-disk-io \
+		--enable-auth \
+		--enable-auth-basic="${basic_modules}" \
+		--enable-auth-digest="${digest_modules}" \
+		--enable-auth-ntlm="${ntlm_modules}" \
+		--enable-auth-negotiate="${negotiate_modules}" \
+		--enable-external-acl-helpers="${ext_helpers}" \
+		--enable-log-daemon-helpers \
+		--enable-url-rewrite-helpers \
+		--enable-cache-digests \
+		--enable-delay-pools \
+		--enable-eui \
+		--enable-icmp \
+		--enable-follow-x-forwarded-for \
+		--with-large-files \
+		--disable-strict-error-checking \
+		--disable-arch-native \
+		$(use_with caps libcap) \
+		$(use_enable ipv6) \
+		$(use_enable snmp) \
+		$(use_enable ssl) \
+		$(use_with ssl nettle) \
+		$(use_enable ssl-crtd) \
+		$(use_enable icap-client) \
+		$(use_enable ecap) \
+		$(use_enable esi) \
+		$(use_enable htcp) \
+		$(use_enable wccp) \
+		$(use_enable wccpv2) \
+		${transparent} \
+		${myconf}
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	# need suid root for looking into /etc/shadow
+	fowners root:squid /usr/libexec/squid/basic_ncsa_auth
+	fperms 4750 /usr/libexec/squid/basic_ncsa_auth
+	if use pam; then
+		fowners root:squid /usr/libexec/squid/basic_pam_auth
+		fperms 4750 /usr/libexec/squid/basic_pam_auth
+	fi
+	# pinger needs suid as well
+	fowners root:squid /usr/libexec/squid/pinger
+	fperms 4750 /usr/libexec/squid/pinger
+
+	# cleanup
+	rm -f "${D}"/usr/bin/Run*
+	rm -rf "${D}"/run/squid "${D}"/var/cache/squid
+
+	dodoc CONTRIBUTORS CREDITS ChangeLog INSTALL QUICKSTART README SPONSORS doc/*.txt
+	newdoc helpers/negotiate_auth/kerberos/README README.kerberos
+	newdoc helpers/basic_auth/MSNT-multi-domain/README.txt README.MSNT-multi-domain
+	newdoc helpers/basic_auth/LDAP/README README.LDAP
+	newdoc helpers/basic_auth/RADIUS/README README.RADIUS
+	newdoc helpers/external_acl/kerberos_ldap_group/README README.kerberos_ldap_group
+	newdoc tools/purge/README README.purge
+	newdoc tools/helper-mux.README README.helper-mux
+	dohtml RELEASENOTES.html
+
+	newpamd "${FILESDIR}/squid.pam" squid
+	newconfd "${FILESDIR}/squid.confd-r1" squid
+	newinitd "${FILESDIR}/squid.initd-r4" squid
+	if use logrotate; then
+		insinto /etc/logrotate.d
+		newins "${FILESDIR}/squid.logrotate" squid
+	else
+		exeinto /etc/cron.weekly
+		newexe "${FILESDIR}/squid.cron" squid.cron
+	fi
+
+	diropts -m0750 -o squid -g squid
+	keepdir /var/log/squid /etc/ssl/squid /var/lib/squid
+}
+
+pkg_postinst() {
+	if [[ $(get_version_component_range 1 ${REPLACING_VERSIONS}) -lt 3 ]] || \
+		[[ $(get_version_component_range 2 ${REPLACING_VERSIONS}) -lt 4 ]]; then
+		elog "Please read the release notes at:"
+		elog "  http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html"
+		echo
+	fi
+}
author	Eray Aslan <eras@gentoo.org>	2014-09-29 14:11:23 +0000
committer	Eray Aslan <eras@gentoo.org>	2014-09-29 14:11:23 +0000
commit	e592c6584e0c5830d58a14b01740de1e99b0f342 (patch)
tree	611efd5f71d9d9ddaef151ea1442e5f30089d65b /net-proxy/squid
parent	Add missing dependencies fixing bug 523972 (diff)
download	historical-e592c6584e0c5830d58a14b01740de1e99b0f342.tar.gz historical-e592c6584e0c5830d58a14b01740de1e99b0f342.tar.bz2 historical-e592c6584e0c5830d58a14b01740de1e99b0f342.zip