Gentoo squid patch for 2.7.4 http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-proxy/squid/files/squid-2.7.4-gentoo.patch?view=markup --- squid-2.7.STABLE6/configure.in Wed Feb 4 00:44:06 2009 +++ squid-2.7.STABLE6-patched/configure.in Mon Feb 16 11:56:34 2009 @@ -18,9 +18,9 @@ PRESET_LDFLAGS="$LDFLAGS" dnl Set default LDFLAGS -if test -z "$LDFLAGS"; then - LDFLAGS="-g" -fi +dnl if test -z "$LDFLAGS"; then +dnl LDFLAGS="-g" +dnl fi dnl Check for GNU cc AC_PROG_CC --- squid-2.7.STABLE6/helpers/basic_auth/MSNT/confload.c Wed Jun 26 19:09:48 2002 +++ squid-2.7.STABLE6-patched/helpers/basic_auth/MSNT/confload.c Mon Feb 16 11:56:34 2009 @@ -24,7 +24,7 @@ /* Path to configuration file */ #ifndef SYSCONFDIR -#define SYSCONFDIR "/usr/local/squid/etc" +#define SYSCONFDIR "/etc/squid" #endif #define CONFIGFILE SYSCONFDIR "/msntauth.conf" --- squid-2.7.STABLE6/helpers/basic_auth/MSNT/msntauth.conf.default Wed Jun 26 18:44:28 2002 +++ squid-2.7.STABLE6-patched/helpers/basic_auth/MSNT/msntauth.conf.default Mon Feb 16 11:56:34 2009 @@ -8,6 +8,6 @@ server other_PDC other_BDC otherdomain # Denied and allowed users. Comment these if not needed. -#denyusers /usr/local/squid/etc/msntauth.denyusers -#allowusers /usr/local/squid/etc/msntauth.allowusers +#denyusers /etc/squid/msntauth.denyusers +#allowusers /etc/squid/msntauth.allowusers --- squid-2.7.STABLE6/helpers/basic_auth/SMB/Makefile.am Tue May 17 16:56:26 2005 +++ squid-2.7.STABLE6-patched/helpers/basic_auth/SMB/Makefile.am Mon Feb 16 11:56:34 2009 @@ -14,7 +14,7 @@ ## FIXME: autoconf should test for the samba path. SMB_AUTH_HELPER = smb_auth.sh -SAMBAPREFIX=/usr/local/samba +SAMBAPREFIX=/usr SMB_AUTH_HELPER_PATH = $(libexecdir)/$(SMB_AUTH_HELPER) libexec_SCRIPTS = $(SMB_AUTH_HELPER) --- squid-2.7.STABLE6/helpers/basic_auth/SMB/smb_auth.sh Sun Jan 7 23:36:46 2001 +++ squid-2.7.STABLE6-patched/helpers/basic_auth/SMB/smb_auth.sh Mon Feb 16 11:56:34 2009 @@ -24,7 +24,7 @@ read AUTHSHARE read AUTHFILE read SMBUSER -read SMBPASS +read -r SMBPASS # Find domain controller echo "Domain name: $DOMAINNAME" @@ -47,7 +47,7 @@ addropt="" fi echo "Query address options: $addropt" -dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'` +dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'` echo "Domain controller IP address: $dcip" [ -n "$dcip" ] || exit 1 --- squid-2.7.STABLE6/helpers/external_acl/session/squid_session.8 Sat Jan 6 17:28:35 2007 +++ squid-2.7.STABLE6-patched/helpers/external_acl/session/squid_session.8 Mon Feb 16 11:56:34 2009 @@ -35,7 +35,7 @@ .P Configuration example using the default automatic mode .IP -external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/local/squid/libexec/squid_session +external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/libexec/squid/squid_session .IP acl session external session .IP --- squid-2.7.STABLE6/helpers/external_acl/unix_group/squid_unix_group.8 Sun May 14 15:07:24 2006 +++ squid-2.7.STABLE6-patched/helpers/external_acl/unix_group/squid_unix_group.8 Mon Feb 16 11:56:34 2009 @@ -27,7 +27,7 @@ This squid.conf example defines two Squid acls. usergroup1 matches users in group1, and usergroup2 matches users in group2 or group3 .IP -external_acl_type unix_group %LOGIN /usr/local/squid/libexec/squid_unix_group -p +external_acl_type unix_group %LOGIN /usr/libexec/squid/squid_unix_group -p .IP acl usergroup1 external unix_group group1 .IP --- squid-2.7.STABLE6/src/Makefile.am Wed Jan 2 15:50:39 2008 +++ squid-2.7.STABLE6-patched/src/Makefile.am Mon Feb 16 11:56:34 2009 @@ -340,13 +340,13 @@ DEFAULT_CONFIG_FILE = $(sysconfdir)/squid.conf DEFAULT_MIME_TABLE = $(sysconfdir)/mime.conf DEFAULT_DNSSERVER = $(libexecdir)/`echo dnsserver | sed '$(transform);s/$$/$(EXEEXT)/'` -DEFAULT_LOG_PREFIX = $(localstatedir)/logs +DEFAULT_LOG_PREFIX = $(localstatedir)/log/squid DEFAULT_CACHE_LOG = $(DEFAULT_LOG_PREFIX)/cache.log DEFAULT_ACCESS_LOG = $(DEFAULT_LOG_PREFIX)/access.log DEFAULT_STORE_LOG = $(DEFAULT_LOG_PREFIX)/store.log -DEFAULT_PID_FILE = $(DEFAULT_LOG_PREFIX)/squid.pid +DEFAULT_PID_FILE = $(localstatedir)/run/squid.pid DEFAULT_NETDB_FILE = $(DEFAULT_LOG_PREFIX)/netdb.state -DEFAULT_SWAP_DIR = $(localstatedir)/cache +DEFAULT_SWAP_DIR = $(localstatedir)/cache/squid DEFAULT_PINGER = $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'` DEFAULT_UNLINKD = $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'` DEFAULT_DISKD = $(libexecdir)/`echo diskd-daemon | sed '$(transform);s/$$/$(EXEEXT)/'` --- squid-2.7.STABLE6/src/access_log.c Tue Mar 18 02:48:43 2008 +++ squid-2.7.STABLE6-patched/src/access_log.c Mon Feb 16 11:56:34 2009 @@ -1261,7 +1261,7 @@ LogfileStatus = LOG_ENABLE; } #if HEADERS_LOG - headerslog = logfileOpen("/usr/local/squid/logs/headers.log", MAX_URL << 1, 0); + headerslog = logfileOpen("/var/log/squid/headers.log", MAX_URL << 1, 0); assert(NULL != headerslog); #endif #if FORW_VIA_DB --- squid-2.7.STABLE6/src/cf.data.pre Mon Feb 2 11:28:55 2009 +++ squid-2.7.STABLE6-patched/src/cf.data.pre Mon Feb 16 11:56:34 2009 @@ -678,6 +678,8 @@ acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http +acl Safe_ports port 901 # SWAT +acl purge method PURGE acl CONNECT method CONNECT NOCOMMENT_END DOC_END @@ -711,6 +713,9 @@ # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager +# Only allow purge requests from localhost +http_access allow purge localhost +http_access deny purge # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports @@ -728,6 +733,9 @@ # from where browsing should be allowed http_access allow localnet +# Allow the localhost to have access by default +http_access allow localhost + # And finally deny all other access to this proxy http_access deny all NOCOMMENT_END @@ -3754,11 +3762,11 @@ NAME: cache_mgr TYPE: string -DEFAULT: webmaster +DEFAULT: root LOC: Config.adminEmail DOC_START Email-address of local cache manager who will receive - mail if the cache dies. The default is "webmaster". + mail if the cache dies. The default is "root". DOC_END NAME: mail_from @@ -3787,12 +3795,12 @@ NAME: cache_effective_user TYPE: string -DEFAULT: nobody +DEFAULT: squid LOC: Config.effectiveUser DOC_START If you start Squid as root, it will change its effective/real UID/GID to the user specified below. The default is to change - to UID to nobody. If you define cache_effective_user, but not + to UID to squid. If you define cache_effective_user, but not cache_effective_group, Squid sets the GID to the effective user's default group ID (taken from the password file) and supplementary group list from the from groups membership of @@ -4429,12 +4437,12 @@ NAME: snmp_port TYPE: ushort LOC: Config.Port.snmp -DEFAULT: 3401 +DEFAULT: 0 IFDEF: SQUID_SNMP DOC_START Squid can now serve statistics and status information via SNMP. - By default it listens to port 3401 on the machine. If you don't - wish to use SNMP, set this to "0". + By default snmp_port is disabled. If you wish to use SNMP, + set this to "3401" (or any other number you like). DOC_END NAME: snmp_access @@ -4505,12 +4513,12 @@ NAME: htcp_port IFDEF: USE_HTCP TYPE: ushort -DEFAULT: 4827 +DEFAULT: 0 LOC: Config.Port.htcp DOC_START The port number where Squid sends and receives HTCP queries to - and from neighbor caches. Default is 4827. To disable use - "0". + and from neighbor caches. To turn it on you want to set it to + 4827. By default it is set to "0" (disabled). DOC_END NAME: log_icp_queries @@ -5407,6 +5415,9 @@ If you disable this, it will appear as X-Forwarded-For: unknown +NOCOMMENT_START +forwarded_for off +NOCOMMENT_END DOC_END NAME: cachemgr_passwd --- squid-2.7.STABLE6/src/client_side.c Mon Oct 6 21:27:44 2008 +++ squid-2.7.STABLE6-patched/src/client_side.c Mon Feb 16 11:56:34 2009 @@ -4706,14 +4706,7 @@ debug(83, 2) ("clientNegotiateSSL: Session %p reused on FD %d (%s:%d)\n", SSL_get_session(ssl), fd, fd_table[fd].ipaddr, (int) fd_table[fd].remote_port); } else { if (do_debug(83, 4)) { - /* Write out the SSL session details.. actually the call below, but - * OpenSSL headers do strange typecasts confusing GCC.. */ - /* PEM_write_SSL_SESSION(debug_log, SSL_get_session(ssl)); */ -#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x00908000L - PEM_ASN1_write((i2d_of_void *) i2d_SSL_SESSION, PEM_STRING_SSL_SESSION, debug_log, (char *) SSL_get_session(ssl), NULL, NULL, 0, NULL, NULL); -#else PEM_ASN1_write(i2d_SSL_SESSION, PEM_STRING_SSL_SESSION, debug_log, (char *) SSL_get_session(ssl), NULL, NULL, 0, NULL, NULL); -#endif /* Note: This does not automatically fflush the log file.. */ } debug(83, 2) ("clientNegotiateSSL: New session %p on FD %d (%s:%d)\n", SSL_get_session(ssl), fd, fd_table[fd].ipaddr, (int) fd_table[fd].remote_port); --- squid-2.7.STABLE6/src/defines.h Mon Sep 24 13:31:19 2007 +++ squid-2.7.STABLE6-patched/src/defines.h Mon Feb 16 11:56:34 2009 @@ -259,7 +259,7 @@ /* were to look for errors if config path fails */ #ifndef DEFAULT_SQUID_ERROR_DIR -#define DEFAULT_SQUID_ERROR_DIR "/usr/local/squid/etc/errors" +#define DEFAULT_SQUID_ERROR_DIR "/usr/share/squid/errors/English" #endif /* gb_type operations */ --- squid-2.7.STABLE6/src/main.c Thu Sep 25 02:21:52 2008 +++ squid-2.7.STABLE6-patched/src/main.c Mon Feb 16 11:56:34 2009 @@ -376,6 +376,22 @@ asnFreeMemory(); } +#if USE_UNLINKD +static int +needUnlinkd(void) +{ + int i; + int r = 0; + for (i = 0; i < Config.cacheSwap.n_configured; i++) { + if (strcmp(Config.cacheSwap.swapDirs[i].type, "ufs") == 0 || + strcmp(Config.cacheSwap.swapDirs[i].type, "aufs") == 0 || + strcmp(Config.cacheSwap.swapDirs[i].type, "diskd") == 0) + r++; + } + return r; +} +#endif + static void mainReconfigure(void) { @@ -614,7 +630,7 @@ if (!configured_once) { #if USE_UNLINKD - unlinkdInit(); + if (needUnlinkd()) unlinkdInit(); #endif urlInitialize(); cachemgrInit(); @@ -636,6 +652,9 @@ #endif #if USE_WCCPv2 wccp2Init(); +#endif +#if USE_UNLINKD + if (needUnlinkd()) unlinkdInit(); #endif serverConnectionsOpen(); neighbors_init();