2013-06-06 01:53:30 +02:00
|
|
|
################################################################################
|
2009-12-23 13:30:45 +01:00
|
|
|
#
|
|
|
|
# squid
|
|
|
|
#
|
2013-06-06 01:53:30 +02:00
|
|
|
################################################################################
|
2009-12-23 13:30:45 +01:00
|
|
|
|
package/squid: security bump to version 4.8
- Add a patch to fix cross-compilation
- Fix the following CVEs:
- SQUID-2019:6 (CVE-2019-13345), Jul 12, 2019
Fixed from 4.8
Multiple Cross-Site Scripting issues in cachemgr.cgi
- SQUID-2019:5 (CVE-2019-12527), Jul 12, 2019
Fixed from 4.8
Heap Overflow issue in HTTP Basic Authentication processing
- SQUID-2019:3 (CVE-2019-12525), Jul 12, 2019
Fixed from 4.8
Denial of Service in HTTP Digest Authentication processing
- SQUID-2019:2 (CVE-2019-12529), Jul 12, 2019
Fixed from 4.8
Denial of Service in HTTP Basic Authentication processing
- SQUID-2019:1 (CVE-2019-12824), Jul 12, 2019
Fixed from 4.8
Denial of Service issue in cachemgr.cgi
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-20 22:16:45 +02:00
|
|
|
SQUID_VERSION = 4.8
|
2016-04-20 20:38:10 +02:00
|
|
|
SQUID_SOURCE = squid-$(SQUID_VERSION).tar.xz
|
2018-08-19 22:50:20 +02:00
|
|
|
SQUID_SITE = http://www.squid-cache.org/Versions/v4
|
2017-03-30 15:43:32 +02:00
|
|
|
SQUID_LICENSE = GPL-2.0+
|
2012-10-29 11:57:16 +01:00
|
|
|
SQUID_LICENSE_FILES = COPYING
|
2018-08-19 22:50:20 +02:00
|
|
|
SQUID_DEPENDENCIES = libcap host-libcap libxml2 host-pkgconf \
|
2012-10-29 11:57:16 +01:00
|
|
|
$(if $(BR2_PACKAGE_LIBNETFILTER_CONNTRACK),libnetfilter_conntrack)
|
2019-08-21 22:44:42 +02:00
|
|
|
# We're patching acinclude/os-deps.m4
|
package/squid: security bump to version 4.8
- Add a patch to fix cross-compilation
- Fix the following CVEs:
- SQUID-2019:6 (CVE-2019-13345), Jul 12, 2019
Fixed from 4.8
Multiple Cross-Site Scripting issues in cachemgr.cgi
- SQUID-2019:5 (CVE-2019-12527), Jul 12, 2019
Fixed from 4.8
Heap Overflow issue in HTTP Basic Authentication processing
- SQUID-2019:3 (CVE-2019-12525), Jul 12, 2019
Fixed from 4.8
Denial of Service in HTTP Digest Authentication processing
- SQUID-2019:2 (CVE-2019-12529), Jul 12, 2019
Fixed from 4.8
Denial of Service in HTTP Basic Authentication processing
- SQUID-2019:1 (CVE-2019-12824), Jul 12, 2019
Fixed from 4.8
Denial of Service issue in cachemgr.cgi
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-20 22:16:45 +02:00
|
|
|
SQUID_AUTORECONF = YES
|
2014-12-24 08:54:24 +01:00
|
|
|
SQUID_CONF_ENV = \
|
|
|
|
ac_cv_epoll_works=yes \
|
|
|
|
ac_cv_func_setresuid=yes \
|
|
|
|
ac_cv_func_va_copy=yes \
|
|
|
|
ac_cv_func___va_copy=yes \
|
|
|
|
ac_cv_func_strnstr=no \
|
2015-01-08 02:09:27 +01:00
|
|
|
ac_cv_have_squid=yes \
|
2017-08-27 15:43:36 +02:00
|
|
|
BUILDCXX="$(HOSTCXX)" \
|
2015-01-27 21:30:54 +01:00
|
|
|
BUILDCXXFLAGS="$(HOST_CXXFLAGS)"
|
2014-12-24 08:54:24 +01:00
|
|
|
SQUID_CONF_OPTS = \
|
|
|
|
--enable-async-io=8 \
|
2018-10-09 13:49:34 +02:00
|
|
|
--enable-linux-netfilter \
|
2014-12-24 08:54:24 +01:00
|
|
|
--enable-removal-policies="lru,heap" \
|
|
|
|
--with-filedescriptors=1024 \
|
|
|
|
--disable-ident-lookups \
|
|
|
|
--enable-auth-basic="fake getpwnam" \
|
|
|
|
--enable-auth-digest="file" \
|
|
|
|
--enable-auth-negotiate="wrapper" \
|
|
|
|
--enable-auth-ntlm="fake" \
|
|
|
|
--disable-strict-error-checking \
|
|
|
|
--enable-external-acl-helpers="file_userip" \
|
|
|
|
--with-logdir=/var/log/squid/ \
|
|
|
|
--with-pidfile=/var/run/squid.pid \
|
|
|
|
--with-swapdir=/var/cache/squid/ \
|
2015-01-14 20:14:43 +01:00
|
|
|
--with-default-user=squid
|
2010-11-08 17:40:35 +01:00
|
|
|
|
2018-11-24 15:54:50 +01:00
|
|
|
ifeq ($(BR2_TOOLCHAIN_HAS_LIBATOMIC),y)
|
|
|
|
SQUID_CONF_ENV += LIBS=-latomic
|
2015-03-29 16:33:31 +02:00
|
|
|
endif
|
|
|
|
|
2018-03-07 21:15:58 +01:00
|
|
|
ifeq ($(BR2_PACKAGE_LIBKRB5),y)
|
|
|
|
SQUID_CONF_OPTS += --with-mit-krb5
|
|
|
|
SQUID_DEPENDENCIES += libkrb5
|
|
|
|
else
|
|
|
|
SQUID_CONF_OPTS += --without-mit-krb5
|
|
|
|
endif
|
|
|
|
|
2009-12-23 13:30:45 +01:00
|
|
|
ifeq ($(BR2_PACKAGE_OPENSSL),y)
|
2015-07-06 10:02:04 +02:00
|
|
|
SQUID_CONF_OPTS += --with-openssl
|
2015-03-29 16:33:32 +02:00
|
|
|
SQUID_DEPENDENCIES += openssl
|
2015-07-06 17:53:35 +02:00
|
|
|
else
|
|
|
|
SQUID_CONF_OPTS += --without-openssl
|
2009-12-23 13:30:45 +01:00
|
|
|
endif
|
|
|
|
|
2015-07-06 10:02:05 +02:00
|
|
|
ifeq ($(BR2_PACKAGE_GNUTLS),y)
|
|
|
|
SQUID_CONF_OPTS += --with-gnutls
|
|
|
|
SQUID_DEPENDENCIES += gnutls
|
|
|
|
else
|
|
|
|
SQUID_CONF_OPTS += --without-gnutls
|
|
|
|
endif
|
|
|
|
|
2010-09-01 23:08:46 +02:00
|
|
|
define SQUID_CLEANUP_TARGET
|
2009-12-23 13:30:45 +01:00
|
|
|
rm -f $(addprefix $(TARGET_DIR)/usr/bin/, \
|
|
|
|
RunCache RunAccel)
|
|
|
|
rm -f $(addprefix $(TARGET_DIR)/etc/, \
|
|
|
|
cachemgr.conf mime.conf.default squid.conf.default)
|
2010-09-01 23:08:46 +02:00
|
|
|
endef
|
|
|
|
|
|
|
|
SQUID_POST_INSTALL_TARGET_HOOKS += SQUID_CLEANUP_TARGET
|
|
|
|
|
2015-01-14 20:14:43 +01:00
|
|
|
define SQUID_USERS
|
|
|
|
squid -1 squid -1 * - - - Squid proxy cache
|
|
|
|
endef
|
|
|
|
|
2015-01-14 20:14:44 +01:00
|
|
|
define SQUID_INSTALL_INIT_SYSV
|
|
|
|
$(INSTALL) -m 755 -D package/squid/S97squid \
|
|
|
|
$(TARGET_DIR)/etc/init.d/S97squid
|
|
|
|
endef
|
|
|
|
|
2015-05-23 12:07:42 +02:00
|
|
|
define SQUID_INSTALL_INIT_SYSTEMD
|
2015-08-06 11:06:32 +02:00
|
|
|
$(INSTALL) -D -m 0644 $(@D)/tools/systemd/squid.service \
|
2015-05-23 12:07:42 +02:00
|
|
|
$(TARGET_DIR)/usr/lib/systemd/system/squid.service
|
|
|
|
endef
|
|
|
|
|
2012-07-03 00:07:32 +02:00
|
|
|
$(eval $(autotools-package))
|