3 files changed, 405 insertions, 0 deletions
diff --git a/net-proxy/Manifest.gz b/net-proxy/Manifest.gz
index bc21a13f2430..db5f5d0c6e4e 100644
--- a/net-proxy/Manifest.gz
+++ b/net-proxy/Manifest.gz
diff --git a/net-proxy/squid/Manifest b/net-proxy/squid/Manifest
index fec369590fb1..f684a290b672 100644
--- a/net-proxy/squid/Manifest
+++ b/net-proxy/squid/Manifest
@@ -9,6 +9,8 @@ AUX squid.initd-r7 4473 BLAKE2B e5fd96a8bb6492c31c452791dce185fc4d6fa655f0c05d0b
 AUX squid.logrotate 103 BLAKE2B f6d190d1914b76b08d90a2c3b3b07ff9cd332cdb2e595f4849537d1f1d32d8be1386fcdfffb40d073bcdd715a62c1c44727f1e10b75cfaff69c0d042c2a7e904 SHA512 d75a667c3ffa32fdd938ef40df8813a467d9f10b2363107bf915cb0c99834fbe8d0eb502a18a816875b67b0db1b27806ed3caf620c38516040cb644b225f5a55
 AUX squid.logrotate-r1 166 BLAKE2B 62bd821aabd7394e4644e19d2d243775154fca1c09776373d62bd56d1bbfbc3f4ec440ac17d44a29afbe0692e3b4ccb311ad5cd5790b18737ce15f2bfca5de31 SHA512 e26f661d07029c86a82e635c741252f1c5861764e5a695ab980750a238047d9fe74f80f63552f47d0a32960c74b5435d458f2f88d267c7b5950a27e62f0ecb19
 AUX squid.pam 209 BLAKE2B 113fa119ce4fd96ddf34b95c1a1ca958b34aea405564076f89abdbb8d4c6a0248ec9fa1a0f5f1d6136643c9abc4c5f67e8ef75305414b374763e2055272950d5 SHA512 5501e3d9319aea99f0deed98748366d4dfbeccdde96d842474fe144a4584394d8f5563372cd7b2437a389378c49b61b646403cca1be4362c888750d027b2f594
+DIST squid-6.10.tar.xz 2558208 BLAKE2B 608b49c25549e73bc58ee4ec82a4d582f6f28b6dd324261806931eb2e37f0b5d63f6c2f6373a3db43823e805f5d6df56b2a4b5a8324cd6e623c4302d2c4b9421 SHA512 c0b75c3d383b1cd234b30dd02e84e1c5655fc53f63b75704bf4bac9ee0b86ba27e4656116893aff8b95dea19ff1befabcbb9dab3875da52fcb65f1d30f0fe5a9
+DIST squid-6.10.tar.xz.asc 647 BLAKE2B 22c41fae76b5e2efb5adc7d34beac0dce8218af0a4e77268989078acb91b6822a41f9a44cb60796548bb392040ad35317b5cfde9fdc51a37ffae616bbe9faede SHA512 5e9d053db90549760f7a675d9f4703ecde460906cb09dff489f9db5d0f7826fb30487c9b009cc4577f3f061f3c7b3a667418af298f55f882f696884dc536bf53
 DIST squid-6.6.tar.xz 2554824 BLAKE2B 7c3c96f5cd5f819f6f020fb3e63ee8d9bb26b7fb4ff4405d7963a643c6766344e6492505bc1b33f3040ad800b3d7a3ad6a4b067b031ac4d178ddcac04c6e74dc SHA512 4ab261ed85ad674288467500aca9d8a48e3918b55f777635c0ba7a2551f248d35536848a5fbf2c946490a818004727f2aed33144f0a3ebab0be36cc4cffb020c
 DIST squid-6.6.tar.xz.asc 1193 BLAKE2B c37a400c51c30de35c6fe52123389c134d05670a36b1ffae4d67e7d06981bbf94788343daf2fdeafb782d464a977ee31bc601e3b1b92b45cd40ba6a6725b9a16 SHA512 08550569759c403a1a9747d08ea7055751fbf251355691074f6d09baca76a0987c5dff36e1f01b64edd446d568c7244b14124f6f8a1b19ccfc30293eed83a297
 DIST squid-6.7.tar.xz 2427468 BLAKE2B 0cd892213085326d1f4cc065778d95d74c03edaaf98b839b4422397fdcd449716b022e74adcbac636ca98e9d5c45a8f7aa156c3edc9f306fb13fc5cc21125dd6 SHA512 6221437056c600119fe9ff1ceeeaa9955cf9f21df481ad29a3515f8439a41b779d51f37b820b75641d0d4d6de54554f6f924dbd347834bf4a6ad6b5b317084a0
@@ -16,6 +18,7 @@ DIST squid-6.7.tar.xz.asc 646 BLAKE2B 6d4e6075b261f54269577fc31b28e7cb74b835c851
 DIST squid-6.9-memleak_fix.patch 22178 BLAKE2B bf87a98ac3ddcf27b817b7b09a1a7656cb6547c7c157d02a3daf4b337669180718e1df06040b9b4be252a9f60fc767d94ed698014113c072dd9b91ada08a1adc SHA512 38754b1f593dde3e7ab70601bdaaabf8c1c40beea0ae9913684d3de78d76cec4243abac8e315af2009b98e096a3b04c56181940f0528716278aaf7c44ea76dad
 DIST squid-6.9.tar.xz 2557992 BLAKE2B cac10d3a16fe31a9becfcd0fc278413d53c52285cdca9ece897ca4e3a0e50806e186960091f9050243180996382c6b5209360d9fff249d26b20d1e529285a038 SHA512 2666551caca39fa6ca49b56b537645dd043ee0c99b805c433cf714172e6062590fd6ed942043df1a3b543f30c039f3ab701493187dc6a0a4a8311217417c366e
 DIST squid-6.9.tar.xz.asc 646 BLAKE2B fafa49d40af849103d04c0f07e19e5b9007306ba0f85bcabed761b53f94015aefc65ec2035963c95fd938cb04dfdb878363fcf5150a06889b563fa48922ef289 SHA512 ccd053476e91544bf797cf38a7e57acdc1c02c1edb2804230f061d9b24abbbd2e06abbaaa0fe2b209951631c0369510f60f0b7137fe950f3ccf59e8a212bc0fa
+EBUILD squid-6.10.ebuild 10172 BLAKE2B 8abd47831cadd34a63aa1b0c87ad6b30a269e5b66b66843770cae0e052b21c17fe36e393d78138bb5706a3158f32eba4a899ea3a0778839f3b288cf04f74541e SHA512 9a769a942aea2905cbf3e3e69119c31ea39605ac6cac3e05b1fa53bb1d8b9b12d5b7aafe12003ac7dd778466f8b05980ff2bc359e3b7869046e040f43688bf33
 EBUILD squid-6.6.ebuild 9837 BLAKE2B f8b4826ed09f36b6bf1e56d01099b60b371de35fa3c0772dfe49fec939e38de5aad88362ccd2591364abe9a7390811357b9ee5b1a1dc325aff5b4b410ca034b5 SHA512 7d177f1cd2c4fcc8ca4ea630c339a76d715c9c0251668512d95b6e38500b672d6006d953d2a0b5739ef804e15479e75eef4f9902cfc6d821381457bbd500934f
 EBUILD squid-6.7.ebuild 9840 BLAKE2B 02eaff938405892c095b760cfc393eba182b74f0c87949605ee9d47836a48669af4bb4fbd70a03d171442c5a6ef1ea1cbb9f2d4306077e72c2faabf73be90d70 SHA512 717c71669293d9240aaf9ce64d074fc60585000170ec6633b414d2090ef18412b838bfa52384741e2e6462e62430adf0a50321e6e82aadeefdc278dcd52fa916
 EBUILD squid-6.9.ebuild 10172 BLAKE2B 8abd47831cadd34a63aa1b0c87ad6b30a269e5b66b66843770cae0e052b21c17fe36e393d78138bb5706a3158f32eba4a899ea3a0778839f3b288cf04f74541e SHA512 9a769a942aea2905cbf3e3e69119c31ea39605ac6cac3e05b1fa53bb1d8b9b12d5b7aafe12003ac7dd778466f8b05980ff2bc359e3b7869046e040f43688bf33
diff --git a/net-proxy/squid/squid-6.10.ebuild b/net-proxy/squid/squid-6.10.ebuild
new file mode 100644
index 000000000000..266c40c8dce1
--- /dev/null
+++ b/net-proxy/squid/squid-6.10.ebuild
@@ -0,0 +1,402 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/squid.gpg
+inherit autotools flag-o-matic linux-info pam systemd toolchain-funcs verify-sig
+
+DESCRIPTION="Full-featured web proxy cache"
+HOMEPAGE="https://www.squid-cache.org/"
+
+MY_PV_MAJOR=$(ver_cut 1)
+# Upstream patch ID for the most recent bug-fixed update to the formal release.
+#r=-20181117-r0022167
+r=
+if [[ -z ${r} ]]; then
+	SRC_URI="
+		http://static.squid-cache.org/Versions/v${MY_PV_MAJOR}/${P}.tar.xz
+		https://dev.gentoo.org/~juippis/distfiles/squid-6.9-memleak_fix.patch
+		verify-sig? ( http://static.squid-cache.org/Versions/v${MY_PV_MAJOR}/${P}.tar.xz.asc )
+	"
+else
+	SRC_URI="http://static.squid-cache.org/Versions/v${MY_PV_MAJOR}/${P}${r}.tar.bz2
+		https://dev.gentoo.org/~juippis/distfiles/squid-6.9-memleak_fix.patch"
+	S="${S}${r}"
+fi
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
+IUSE="caps gnutls pam ldap samba sasl kerberos nis radius ssl snmp selinux logrotate test ecap"
+IUSE+=" esi ssl-crtd mysql postgres sqlite systemd perl qos tproxy +htcp valgrind +wccp +wccpv2"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="tproxy? ( caps ) qos? ( caps ) ssl-crtd? ( ssl )"
+
+DEPEND="
+	acct-group/squid
+	acct-user/squid
+	dev-libs/libltdl
+	sys-libs/tdb
+	virtual/libcrypt:=
+	caps? ( >=sys-libs/libcap-2.16 )
+	ecap? ( net-libs/libecap:1 )
+	esi? (
+		dev-libs/expat
+		dev-libs/libxml2
+	)
+	ldap? ( net-nds/openldap:= )
+	gnutls? ( >=net-libs/gnutls-3.1.5:= )
+	logrotate? ( app-admin/logrotate )
+	nis? (
+		net-libs/libtirpc:=
+		net-libs/libnsl:=
+	)
+	kerberos? ( virtual/krb5 )
+	pam? ( sys-libs/pam )
+	qos? ( net-libs/libnetfilter_conntrack )
+	ssl? (
+		dev-libs/nettle:=
+		!gnutls? (
+			dev-libs/openssl:=
+		)
+	)
+	sasl? ( dev-libs/cyrus-sasl )
+	systemd? ( sys-apps/systemd:= )
+"
+RDEPEND="
+	${DEPEND}
+	mysql? ( dev-perl/DBD-mysql )
+	postgres? ( dev-perl/DBD-Pg )
+	perl? ( dev-lang/perl )
+	samba? ( net-fs/samba )
+	selinux? ( sec-policy/selinux-squid )
+	sqlite? ( dev-perl/DBD-SQLite )
+"
+DEPEND+=" valgrind? ( dev-debug/valgrind )"
+BDEPEND="
+	dev-lang/perl
+	ecap? ( virtual/pkgconfig )
+	test? ( dev-util/cppunit )
+	verify-sig? ( sec-keys/openpgp-keys-squid )
+"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-6.2-gentoo.patch
+	"${FILESDIR}"/${PN}-4.17-use-system-libltdl.patch
+	"${DISTDIR}"/${PN}-6.9-memleak_fix.patch
+)
+
+pkg_pretend() {
+	if use tproxy; then
+		local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_XT_MATCH_SOCKET ~NETFILTER_XT_TARGET_TPROXY"
+		linux-info_pkg_setup
+	fi
+}
+
+src_unpack() {
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.xz{,.asc}
+	fi
+
+	default
+}
+
+src_prepare() {
+	default
+
+	# Fixup various paths
+	sed -i -e 's:/usr/local/squid/etc:/etc/squid:' \
+		INSTALL QUICKSTART \
+		scripts/fileno-to-pathname.pl \
+		scripts/check_cache.pl \
+		tools/cachemgr.cgi.8 \
+		tools/purge/conffile.hh \
+		tools/purge/purge.1 || die
+	sed -i -e 's:/usr/local/squid/sbin:/usr/sbin:' \
+		INSTALL QUICKSTART || die
+	sed -i -e 's:/usr/local/squid/var/cache:/var/cache/squid:' \
+		QUICKSTART || die
+	sed -i -e 's:/usr/local/squid/var/logs:/var/log/squid:' \
+		QUICKSTART \
+		src/log/access_log.cc || die
+	sed -i -e 's:/usr/local/squid/logs:/var/log/squid:' \
+		src/log/access_log.cc || die
+	sed -i -e 's:/usr/local/squid/libexec:/usr/libexec/squid:' \
+		src/acl/external/unix_group/ext_unix_group_acl.8 \
+		src/acl/external/session/ext_session_acl.8 || die
+	sed -i -e 's:/usr/local/squid/cache:/var/cache/squid:' \
+		scripts/check_cache.pl || die
+	# /var/run/squid to /run/squid
+	sed -i -e 's:$(localstatedir)::' \
+		src/ipc/Makefile.am || die
+	sed -i 's:/var/run/:/run/:g' tools/systemd/squid.service || die
+
+	sed -i -e 's:_LTDL_SETUP:LTDL_INIT([installable]):' \
+		libltdl/configure.ac || die
+
+	eautoreconf
+}
+
+src_configure() {
+	local myeconfargs=(
+		--cache-file="${S}"/config.cache
+
+		--datadir=/usr/share/squid
+		--libexecdir=/usr/libexec/squid
+		--localstatedir=/var
+		--sysconfdir=/etc/squid
+		--with-default-user=squid
+		--with-logdir=/var/log/squid
+		--with-pidfile=/run/squid.pid
+
+		--enable-build-info="Gentoo ${PF} (r: ${r:-NONE})"
+		--enable-log-daemon-helpers
+		--enable-url-rewrite-helpers
+		--enable-cache-digests
+		--enable-delay-pools
+		--enable-disk-io
+		--enable-eui
+		--enable-icmp
+		--enable-ipv6
+		--enable-follow-x-forwarded-for
+		--enable-removal-policies="lru,heap"
+		--disable-strict-error-checking
+		--disable-arch-native
+
+		--with-large-files
+		--with-build-environment=default
+
+		--with-tdb
+
+		--without-included-ltdl
+		--with-ltdl-include="${ESYSROOT}"/usr/include
+		--with-ltdl-lib="${ESYSROOT}"/usr/$(get_libdir)
+
+		$(use_with caps cap)
+		$(use_enable snmp)
+		$(use_with ssl openssl)
+		$(use_with ssl nettle)
+		$(use_with gnutls)
+		$(use_with ldap)
+		$(use_enable ssl-crtd)
+		$(use_with systemd)
+		$(use_with test cppunit)
+		$(use_enable ecap)
+		$(use_enable esi)
+		$(use_enable esi expat)
+		$(use_enable esi xml2)
+		$(use_enable htcp)
+		$(use_with valgrind valgrind-debug)
+		$(use_enable wccp)
+		$(use_enable wccpv2)
+	)
+
+	# Basic modules
+	local basic_modules=(
+		NCSA
+		POP3
+		getpwnam
+
+		$(usev samba 'SMB')
+		$(usev ldap 'SMB_LM LDAP')
+		$(usev pam 'PAM')
+		$(usev sasl 'SASL')
+		$(usev nis 'NIS')
+		$(usev radius 'RADIUS')
+	)
+
+	use nis && append-cppflags "-I${ESYSROOT}/usr/include/tirpc"
+
+	if use mysql || use postgres || use sqlite; then
+		basic_modules+=( DB )
+	fi
+
+	# Digests
+	local digest_modules=(
+		file
+
+		$(usev ldap 'LDAP eDirectory')
+	)
+
+	# Kerberos
+	local negotiate_modules=( none )
+
+	myeconfargs+=( --without-mit-krb5 --without-heimdal-krb5 )
+
+	if use kerberos; then
+		# We intentionally overwrite negotiate_modules here to lose
+		# the 'none'.
+		negotiate_modules=( kerberos wrapper )
+
+		if has_version app-crypt/heimdal; then
+			myeconfargs+=(
+				--without-mit-krb5
+				--with-heimdal-krb5
+			)
+		else
+			myeconfargs+=(
+				--with-mit-krb5
+				--without-heimdal-krb5
+			)
+		fi
+	fi
+
+	# NTLM modules
+	local ntlm_modules=( none )
+
+	if use samba ; then
+		# We intentionally overwrite ntlm_modules here to lose
+		# the 'none'.
+		ntlm_modules=( SMB_LM )
+	fi
+
+	# External helpers
+	local ext_helpers=(
+		file_userip
+		session
+		unix_group
+		delayer
+		time_quota
+
+		$(usev samba 'wbinfo_group')
+		$(usev ldap 'LDAP_group eDirectory_userip')
+	)
+
+	use ldap && use kerberos && ext_helpers+=( kerberos_ldap_group )
+	if use mysql || use postgres || use sqlite; then
+		ext_helpers+=( SQL_session )
+	fi
+
+	# Storage modules
+	local storeio_modules=(
+		aufs
+		diskd
+		rock
+		ufs
+	)
+
+	#
+	local transparent
+	if use kernel_linux; then
+		myeconfargs+=(
+			--enable-linux-netfilter
+			$(usev qos '--enable-zph-qos --with-netfilter-conntrack')
+		)
+	fi
+
+	tc-export_build_env BUILD_CXX
+	export BUILDCXX="${BUILD_CXX}"
+	export BUILDCXXFLAGS="${BUILD_CXXFLAGS}"
+	tc-export CC AR
+
+	# Should be able to drop this workaround with newer versions.
+	# https://bugs.squid-cache.org/show_bug.cgi?id=4224
+	tc-is-cross-compiler && export squid_cv_gnu_atomics=no
+
+	# Bug #719662
+	append-atomic-flags
+
+	print_options_without_comma() {
+		# IFS as ',' will cut off any trailing commas
+		(
+			IFS=','
+			options=( $(printf "%s," "${@}") )
+			echo "${options[*]}"
+		)
+	}
+
+	myeconfargs+=(
+		--enable-storeio=$(print_options_without_comma "${storeio_modules[@]}")
+		--enable-auth-basic=$(print_options_without_comma "${basic_modules[@]}")
+		--enable-auth-digest=$(print_options_without_comma "${digest_modules[@]}")
+		--enable-auth-ntlm=$(print_options_without_comma "${ntlm_modules[@]}")
+		--enable-auth-negotiate=$(print_options_without_comma "${negotiate_modules[@]}")
+		--enable-external-acl-helpers=$(print_options_without_comma "${ext_helpers[@]}")
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	default
+
+	systemd_dounit tools/systemd/squid.service
+
+	# Need suid root for looking into /etc/shadow
+	fowners root:squid /usr/libexec/squid/basic_ncsa_auth
+	fperms 4750 /usr/libexec/squid/basic_ncsa_auth
+
+	if use pam; then
+		fowners root:squid /usr/libexec/squid/basic_pam_auth
+		fperms 4750 /usr/libexec/squid/basic_pam_auth
+	fi
+
+	# Pinger needs suid as well
+	fowners root:squid /usr/libexec/squid/pinger
+	fperms 4750 /usr/libexec/squid/pinger
+
+	# These scripts depend on perl
+	if ! use perl; then
+		local perl_scripts=(
+			basic_pop3_auth ext_delayer_acl helper-mux
+			log_db_daemon security_fake_certverify
+			storeid_file_rewrite url_lfs_rewrite
+		)
+
+		local script
+		for script in "${perl_scripts[@]}"; do
+			rm "${ED}"/usr/libexec/squid/${script} || die
+		done
+	fi
+
+	# Cleanup
+	rm -r "${D}"/run "${D}"/var/cache || die
+
+	dodoc CONTRIBUTORS CREDITS ChangeLog INSTALL QUICKSTART README SPONSORS doc/*.txt
+	newdoc src/auth/negotiate/kerberos/README README.kerberos
+	newdoc src/auth/basic/RADIUS/README README.RADIUS
+	newdoc src/acl/external/kerberos_ldap_group/README README.kerberos_ldap_group
+	dodoc RELEASENOTES.html
+
+	if use pam; then
+		newpamd "${FILESDIR}"/squid.pam squid
+	fi
+
+	newconfd "${FILESDIR}"/squid.confd-r2 squid
+	newinitd "${FILESDIR}"/squid.initd-r7 squid
+
+	if use logrotate ; then
+		insinto /etc/logrotate.d
+		newins "${FILESDIR}"/squid.logrotate-r1 squid
+	else
+		exeinto /etc/cron.weekly
+		newexe "${FILESDIR}"/squid.cron-r1 squid.cron
+	fi
+
+	diropts -m0750 -o squid -g squid
+	keepdir /var/log/squid /etc/ssl/squid /var/lib/squid
+
+	# Hack for bug #834503 (see also bug #664940)
+	# Please keep this for a few years until it's no longer plausible
+	# someone is upgrading from < squid 5.7.
+	mv "${ED}"/usr/share/squid/errors{,.new} || die
+}
+
+pkg_preinst() {
+	# Remove file in EROOT that the directory collides with.
+	rm -rf "${EROOT}"/usr/share/squid/errors || die
+
+	# Following the collision protection check, reverse
+	# src_install's rename in ED.
+	mv "${ED}"/usr/share/squid/errors{.new,} || die
+}
+
+pkg_postinst() {
+	elog "A good starting point to debug Squid issues is to use 'squidclient mgr:' commands such as 'squidclient mgr:info'."
+
+	if [[ ${#r} -gt 0 ]]; then
+		elog "You are using a release with the official ${r} patch! Make sure you mention that, or send the output of 'squidclient mgr:info' when asking for support."
+	fi
+}