net-proxy/squid: bump to 5.4.1

Closes: https://bugs.gentoo.org/814539
Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/23555
Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>

3 files changed, 370 insertions, 0 deletions

diff --git a/net-proxy/squid/Manifest b/net-proxy/squid/Manifest
index 28a4987d88cb..d23055634c98 100644
--- a/net-proxy/squid/Manifest
+++ b/net-proxy/squid/Manifest
@@ -1,2 +1,3 @@
 DIST squid-4.15.tar.xz 2454176 BLAKE2B 3cb08c806f03fcddd7233b05986434d2be3e62a50d006eb3f84bbc5b894ee3641929551d00a1800d6676add62f967067ec62b5b7c41d767766eeab5dfc17980e SHA512 8f0ce6e30dd9173927e8133618211ffb865fb5dde4c63c2fb465e2efccda4a6efb33f2c0846870c9b915340aff5f59461a60171882bcc0c890336b846fe60bd1
 DIST squid-4.17.tar.xz 2464204 BLAKE2B e227dfbac846dff66f04c6c72d81d667076107653721d14804f079518cef68efc53f5404fbe3306efb0c775a10638661c300a8e7cd3d7ab43c0e57a344387674 SHA512 cea36de10f128f5beb51bdc89604c16af3a820a5ac27284b2aa181ac87144930489688e1d85ce357fe1ed8a4e96e300277b95034a2475cbf86c9d6923ddf7c0a
+DIST squid-5.4.1.tar.xz 2561444 BLAKE2B 3281f592c342b59a1017f4c0829543c857d61c4d1e191461f6e69bda2dc61ff59d5b92a04744dcebb75bd1b5d85c214c1f0bea78a791033a50f29891b6995fb8 SHA512 d53e64e8c44cfc978307f3965c52889d238121735fd201a8286139f974d5db9af41fe886d64e57dfacc87b777f5940cd6123a6e178d12530117cace945a9f6c1
diff --git a/net-proxy/squid/files/squid-5.3-gentoo.patch b/net-proxy/squid/files/squid-5.3-gentoo.patch
new file mode 100644
index 000000000000..54c036e14e50
--- /dev/null
+++ b/net-proxy/squid/files/squid-5.3-gentoo.patch
@@ -0,0 +1,87 @@
+diff --git a/configure.ac b/configure.ac
+index 7bd608b..0a0a908 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -33,9 +33,9 @@ PRESET_CXXFLAGS="$CXXFLAGS"
+ PRESET_LDFLAGS="$LDFLAGS"
+ 
+ dnl Set default LDFLAGS
+-if test "x$LDFLAGS" = "x" ; then
+-  LDFLAGS="-g"
+-fi
++dnl if test "x$LDFLAGS" = "x" ; then
++dnl  LDFLAGS="-g"
++dnl fi
+ 
+ # Check for GNU cc
+ AC_PROG_CC
+diff --git a/src/cf.data.pre b/src/cf.data.pre
+index 9275219..1e3aca2 100644
+--- a/src/cf.data.pre
++++ b/src/cf.data.pre
+@@ -1633,6 +1633,7 @@ acl Safe_ports port 280		# http-mgmt
+ acl Safe_ports port 488		# gss-http
+ acl Safe_ports port 591		# filemaker
+ acl Safe_ports port 777		# multiling http
++acl Safe_ports port 901		# SWAT
+ NOCOMMENT_END
+ DOC_END
+ 
+@@ -7200,11 +7201,11 @@ COMMENT_END
+ 
+ NAME: cache_mgr
+ TYPE: string
+-DEFAULT: webmaster
++DEFAULT: root
+ LOC: Config.adminEmail
+ DOC_START
+ 	Email-address of local cache manager who will receive
+-	mail if the cache dies.  The default is "webmaster".
++	mail if the cache dies.  The default is "root".
+ DOC_END
+ 
+ NAME: mail_from
+diff --git a/src/debug.cc b/src/debug.cc
+index 59ad1e9..265a9fe 100644
+--- a/src/debug.cc
++++ b/src/debug.cc
+@@ -496,7 +496,7 @@ _db_init(const char *logfile, const char *options)
+ #if HAVE_SYSLOG && defined(LOG_LOCAL4)
+ 
+     if (Debug::log_syslog)
+-        openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, syslog_facility);
++        openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, syslog_facility);
+ 
+ #endif /* HAVE_SYSLOG */
+ 
+diff --git a/src/main.cc b/src/main.cc
+index 4b3988e..5622141 100644
+--- a/src/main.cc
++++ b/src/main.cc
+@@ -1921,7 +1921,7 @@ watch_child(const CommandLine &masterCommand)
+ 
+     enter_suid();
+ 
+-    openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
++    openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, LOG_LOCAL4);
+ 
+     if (!opt_foreground)
+         GoIntoBackground();
+@@ -2013,7 +2013,7 @@ watch_child(const CommandLine &masterCommand)
+ 
+             if ((pid = fork()) == 0) {
+                 /* child */
+-                openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
++                openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, LOG_LOCAL4);
+                 (void)execvp(masterCommand.arg0(), kidCommand.argv());
+                 int xerrno = errno;
+                 syslog(LOG_ALERT, "execvp failed: %s", xstrerr(xerrno));
+@@ -2025,7 +2025,7 @@ watch_child(const CommandLine &masterCommand)
+         }
+ 
+         /* parent */
+-        openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
++        openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, LOG_LOCAL4);
+ 
+         // If Squid received a signal while checking for dying kids (below) or
+         // starting new kids (above), then do a fast check for a new dying kid
diff --git a/net-proxy/squid/squid-5.4.1.ebuild b/net-proxy/squid/squid-5.4.1.ebuild
new file mode 100644
index 000000000000..ecbe3c93599e
--- /dev/null
+++ b/net-proxy/squid/squid-5.4.1.ebuild
@@ -0,0 +1,282 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="8"
+
+inherit autotools flag-o-matic linux-info pam systemd toolchain-funcs
+
+DESCRIPTION="A full-featured web proxy cache"
+HOMEPAGE="http://www.squid-cache.org/"
+
+MY_PV_MAJOR=$(ver_cut 1)
+# Upstream patch ID for the most recent bug-fixed update to the formal release.
+r=
+#r=-20181117-r0022167
+if [ -z "$r" ]; then
+	SRC_URI="http://www.squid-cache.org/Versions/v${MY_PV_MAJOR}/${P}.tar.xz"
+else
+	SRC_URI="http://www.squid-cache.org/Versions/v${MY_PV_MAJOR}/${P}${r}.tar.bz2"
+	S="${S}${r}"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+IUSE="caps gnutls ipv6 pam ldap samba sasl kerberos nis radius ssl snmp selinux logrotate test \
+	ecap esi ssl-crtd \
+	mysql postgres sqlite systemd \
+	perl qos tproxy \
+	+htcp +wccp +wccpv2"
+
+RESTRICT="!test? ( test )"
+
+BDEPEND="dev-lang/perl"
+
+COMMON_DEPEND="acct-group/squid
+	acct-user/squid
+	virtual/libcrypt:=
+	caps? ( >=sys-libs/libcap-2.16 )
+	pam? ( sys-libs/pam )
+	ldap? ( net-nds/openldap )
+	kerberos? ( virtual/krb5 )
+	qos? ( net-libs/libnetfilter_conntrack )
+	ssl? (
+		!gnutls? (
+			dev-libs/openssl:0=
+		)
+		dev-libs/nettle:=
+	)
+	sasl? ( dev-libs/cyrus-sasl )
+	systemd? ( sys-apps/systemd:= )
+	ecap? ( net-libs/libecap:1 )
+	esi? ( dev-libs/expat dev-libs/libxml2 )
+	gnutls? ( >=net-libs/gnutls-3.1.5:= )
+	logrotate? ( app-admin/logrotate )
+	>=sys-libs/db-4:*
+	dev-libs/libltdl:0"
+
+DEPEND="${COMMON_DEPEND}
+	${BDEPEND}
+	ecap? ( virtual/pkgconfig )
+	test? ( dev-util/cppunit )"
+
+RDEPEND="!!<net-proxy/squid-5
+	${COMMON_DEPEND}
+	samba? ( net-fs/samba )
+	perl? ( dev-lang/perl )
+	mysql? ( dev-perl/DBD-mysql )
+	postgres? ( dev-perl/DBD-Pg )
+	selinux? ( sec-policy/selinux-squid )
+	sqlite? ( dev-perl/DBD-SQLite )"
+
+REQUIRED_USE="tproxy? ( caps )
+		qos? ( caps )"
+
+pkg_pretend() {
+	if use tproxy; then
+		local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_XT_MATCH_SOCKET ~NETFILTER_XT_TARGET_TPROXY"
+		linux-info_pkg_setup
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-5.3-gentoo.patch"
+
+	sed -i -e 's:/usr/local/squid/etc:/etc/squid:' \
+		INSTALL QUICKSTART \
+		scripts/fileno-to-pathname.pl \
+		scripts/check_cache.pl \
+		tools/cachemgr.cgi.8 \
+		tools/purge/conffile.hh \
+		tools/purge/purge.1  || die
+	sed -i -e 's:/usr/local/squid/sbin:/usr/sbin:' \
+		INSTALL QUICKSTART || die
+	sed -i -e 's:/usr/local/squid/var/cache:/var/cache/squid:' \
+		QUICKSTART || die
+	sed -i -e 's:/usr/local/squid/var/logs:/var/log/squid:' \
+		QUICKSTART \
+		src/log/access_log.cc || die
+	sed -i -e 's:/usr/local/squid/logs:/var/log/squid:' \
+		src/log/access_log.cc || die
+	sed -i -e 's:/usr/local/squid/libexec:/usr/libexec/squid:' \
+		src/acl/external/unix_group/ext_unix_group_acl.8 \
+		src/acl/external/session/ext_session_acl.8 || die
+	sed -i -e 's:/usr/local/squid/cache:/var/cache/squid:' \
+		scripts/check_cache.pl || die
+	# /var/run/squid to /run/squid
+	sed -i -e 's:$(localstatedir)::' \
+		src/ipc/Makefile.am || die
+	sed -i -e 's:_LTDL_SETUP:LTDL_INIT([installable]):' \
+		libltdl/configure.ac || die
+
+	sed -i 's:/var/run/:/run/:g' tools/systemd/squid.service || die
+
+	eapply_user
+	eautoreconf
+}
+
+src_configure() {
+	local basic_modules="NCSA,POP3,getpwnam"
+	use samba && basic_modules+=",SMB"
+	use ldap && basic_modules+=",SMB_LM,LDAP"
+	use pam && basic_modules+=",PAM"
+	use sasl && basic_modules+=",SASL"
+	use nis && basic_modules+=",NIS"
+	use radius && basic_modules+=",RADIUS"
+	if use mysql || use postgres || use sqlite ; then
+		basic_modules+=",DB"
+	fi
+
+	local digest_modules="file"
+	use ldap && digest_modules+=",LDAP,eDirectory"
+
+	local negotiate_modules="none"
+	local myconf="--without-mit-krb5 --without-heimdal-krb5"
+	if use kerberos ; then
+		negotiate_modules="kerberos,wrapper"
+		if has_version app-crypt/heimdal ; then
+			myconf="--without-mit-krb5 --with-heimdal-krb5"
+		else
+			myconf="--with-mit-krb5 --without-heimdal-krb5"
+		fi
+	fi
+
+	local ntlm_modules="none"
+	use samba && ntlm_modules="SMB_LM"
+
+	local ext_helpers="file_userip,session,unix_group,delayer,time_quota"
+	use samba && ext_helpers+=",wbinfo_group"
+	use ldap && ext_helpers+=",LDAP_group,eDirectory_userip"
+	use ldap && use kerberos && ext_helpers+=",kerberos_ldap_group"
+	if use mysql || use postgres || use sqlite ; then
+	    ext_helpers+=",SQL_session"
+	fi
+
+	local storeio_modules="aufs,diskd,rock,ufs"
+
+	local transparent
+	if use kernel_linux ; then
+		transparent+=" --enable-linux-netfilter"
+		use qos && transparent+=" --enable-zph-qos --with-netfilter-conntrack"
+	fi
+
+	tc-export_build_env BUILD_CXX
+	export BUILDCXX=${BUILD_CXX}
+	export BUILDCXXFLAGS=${BUILD_CXXFLAGS}
+	tc-export CC AR
+
+	# Should be able to drop this workaround with newer versions.
+	# https://bugs.squid-cache.org/show_bug.cgi?id=4224
+	tc-is-cross-compiler && export squid_cv_gnu_atomics=no
+
+	# Bug #719662
+	(use ppc || use arm || use hppa) && append-libs -latomic
+
+	econf \
+		--sysconfdir=/etc/squid \
+		--libexecdir=/usr/libexec/squid \
+		--localstatedir=/var \
+		--with-pidfile=/run/squid.pid \
+		--datadir=/usr/share/squid \
+		--with-logdir=/var/log/squid \
+		--with-default-user=squid \
+		--enable-removal-policies="lru,heap" \
+		--enable-storeio="${storeio_modules}" \
+		--enable-disk-io \
+		--enable-auth-basic="${basic_modules}" \
+		--enable-auth-digest="${digest_modules}" \
+		--enable-auth-ntlm="${ntlm_modules}" \
+		--enable-auth-negotiate="${negotiate_modules}" \
+		--enable-external-acl-helpers="${ext_helpers}" \
+		--enable-log-daemon-helpers \
+		--enable-url-rewrite-helpers \
+		--enable-cache-digests \
+		--enable-delay-pools \
+		--enable-eui \
+		--enable-icmp \
+		--enable-follow-x-forwarded-for \
+		--with-large-files \
+		--with-build-environment=default \
+		--disable-strict-error-checking \
+		--disable-arch-native \
+		--with-included-ltdl=/usr/include \
+		--with-ltdl-libdir=/usr/$(get_libdir) \
+		$(use_with caps libcap) \
+		$(use_enable ipv6) \
+		$(use_enable snmp) \
+		$(use_with ssl openssl) \
+		$(use_with ssl nettle) \
+		$(use_with gnutls) \
+		$(use_enable ssl-crtd) \
+		$(use_with systemd) \
+		$(use_enable ecap) \
+		$(use_enable esi) \
+		$(use_enable htcp) \
+		$(use_enable wccp) \
+		$(use_enable wccpv2) \
+		${transparent} \
+		${myconf}
+}
+
+src_install() {
+	default
+
+	systemd_dounit "tools/systemd/squid.service"
+
+	# need suid root for looking into /etc/shadow
+	fowners root:squid /usr/libexec/squid/basic_ncsa_auth
+	fperms 4750 /usr/libexec/squid/basic_ncsa_auth
+	if use pam; then
+		fowners root:squid /usr/libexec/squid/basic_pam_auth
+		fperms 4750 /usr/libexec/squid/basic_pam_auth
+	fi
+	# pinger needs suid as well
+	fowners root:squid /usr/libexec/squid/pinger
+	fperms 4750 /usr/libexec/squid/pinger
+
+	# these scripts depend on perl
+	if ! use perl; then
+		for f in basic_pop3_auth \
+			ext_delayer_acl \
+			helper-mux \
+			log_db_daemon \
+			security_fake_certverify \
+			storeid_file_rewrite \
+			url_lfs_rewrite; do
+				rm "${D}"/usr/libexec/squid/${f} || die
+		done
+	fi
+
+	# cleanup
+	rm -r "${D}"/run "${D}"/var/cache || die
+
+	dodoc CONTRIBUTORS CREDITS ChangeLog INSTALL QUICKSTART README SPONSORS doc/*.txt
+	newdoc src/auth/negotiate/kerberos/README README.kerberos
+	newdoc src/auth/basic/RADIUS/README README.RADIUS
+	newdoc src/acl/external/kerberos_ldap_group/README README.kerberos_ldap_group
+	dodoc RELEASENOTES.html
+
+	if use pam; then
+		newpamd "${FILESDIR}/squid.pam" squid
+	fi
+
+	newconfd "${FILESDIR}/squid.confd-r2" squid
+	newinitd "${FILESDIR}/squid.initd-r5" squid
+	if use logrotate; then
+		insinto /etc/logrotate.d
+		newins "${FILESDIR}/squid.logrotate" squid
+	else
+		exeinto /etc/cron.weekly
+		newexe "${FILESDIR}/squid.cron" squid.cron
+	fi
+
+	diropts -m0750 -o squid -g squid
+	keepdir /var/log/squid /etc/ssl/squid /var/lib/squid
+}
+
+pkg_postinst() {
+	elog "A good starting point to debug Squid issues is to use 'squidclient mgr:' commands such as 'squidclient mgr:info'."
+	if [ ${#r} -gt 0 ]; then
+		elog "You are using a release with the official ${r} patch! Make sure you mention that, or send the output of 'squidclient mgr:info' when asking for support."
+	fi
+}