Ensure /var/ipfire/updatexlrator/updxlrator-lib.pl is not writable by "nobody"

[ipfire-2.x.git] / lfs / squid
diff --git a/lfs/squid b/lfs/squid

index 08583d0b9006f78c2c5f43faa869e52f0ed16632..7a7b775fffd118491cb232feb5ed9fc9de480770 100644 (file)
--- a/lfs/squid
+++ b/lfs/squid
@@ -1,7 +1,7 @@
  ###############################################################################
  #                                                                             #
  # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2017  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
  #                                                                             #
  # This program is free software: you can redistribute it and/or modify        #
  # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
  
  include Config
  
-VER        = 3.5.27
+VER        = 5.7
  
  THISAPP    = squid-$(VER)
  DL_FILE    = $(THISAPP).tar.xz
@@ -32,6 +32,12 @@ DL_FROM    = $(URL_IPFIRE)
  DIR_APP    = $(DIR_SRC)/$(THISAPP)
  TARGET     = $(DIR_INFO)/$(THISAPP)
  
+CXXFLAGS+= -Wno-error=format-truncation
+
+ifeq "$(BUILD_ARCH)" "riscv64"
+       LDFLAGS += -latomic
+endif
+
  ###############################################################################
  # Top-level Rules
  ###############################################################################
@@ -40,7 +46,7 @@ objects = $(DL_FILE)
  
  $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
  
-$(DL_FILE)_MD5 = 39ef8199675d48a314b540f92c00c545
+$(DL_FILE)_BLAKE2 = 4a403ca4f94034356922ea1a4feffd5f5289e2aadbe1585bd04e83ee89712227ce04c53f7e05c10f7c8ac6be67a265a32b47032e7b56e929a172772fa41d5299
  
  install : $(TARGET)
  
@@ -48,10 +54,10 @@ check : $(patsubst %,$(DIR_CHK)/%,$(objects))
  
  download :$(patsubst %,$(DIR_DL)/%,$(objects))
  
-md5 : $(subst %,%_MD5,$(objects))
+b2 : $(subst %,%_BLAKE2,$(objects))
  
  ###############################################################################
-# Downloading, checking, md5sum
+# Downloading, checking, b2sum
  ###############################################################################
  
  $(patsubst %,$(DIR_CHK)/%,$(objects)) :
@@ -60,8 +66,8 @@ $(patsubst %,$(DIR_CHK)/%,$(objects)) :
  $(patsubst %,$(DIR_DL)/%,$(objects)) :
         @$(LOAD)
  
-$(subst %,%_MD5,$(objects)) :
-       @$(MD5)
+$(subst %,%_BLAKE2,$(objects)) :
+       @$(B2SUM)
  
  ###############################################################################
  # Installation Details
@@ -70,12 +76,14 @@ $(subst %,%_MD5,$(objects)) :
  $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
         @$(PREBUILD)
         @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
-       cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.27-fix-max-file-descriptors.patch
+
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squid/01_squid-gcc11.patch
  
         cd $(DIR_APP) && autoreconf -vfi
         cd $(DIR_APP)/libltdl && autoreconf -vfi
  
-       cd $(DIR_APP) && ./configure \
+       cd $(DIR_APP) && CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" \
+               LDFLAGS="$(LDFLAGS)" ./configure \
                 --prefix=/usr \
                 --sysconfdir=/etc/squid \
                 --datadir=/usr/lib/squid \
@@ -89,7 +97,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
                 --disable-kqueue \
                 --disable-esi \
                 --disable-arch-native \
-               --enable-ipv6 \
+               --disable-strict-error-checking \
                 --enable-poll \
                 --enable-ident-lookups \
                 --enable-storeio=aufs,diskd,ufs \
@@ -120,8 +128,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
                 --enable-icap-client \
                 --enable-zph-qos \
                 --with-dl \
-               --with-filedescriptors=$$(( 16384 * 64 )) \
-               --with-large-files
+               --with-large-files \
+               --without-gnutls \
+               --without-netfilter-conntrack
  
         cd $(DIR_APP) && make $(MAKETUNING)
         cd $(DIR_APP) && make install
@@ -138,7 +147,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
         chown -R squid:squid /var/log/squid /var/log/cache /var/log/updatexlrator
  
         cp /usr/lib/squid/cachemgr.cgi /srv/web/ipfire/cgi-bin/cachemgr.cgi
-       chown nobody.nobody /srv/web/ipfire/cgi-bin/cachemgr.cgi
+       chown root:root /srv/web/ipfire/cgi-bin/cachemgr.cgi
  
         cp -f $(DIR_SRC)/config/updxlrator/updxlrator /usr/sbin/updxlrator
         cp -f $(DIR_SRC)/config/updxlrator/checkup /var/ipfire/updatexlrator/bin/checkup
@@ -160,6 +169,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
         ln -fs /bin/false /var/ipfire/updatexlrator/autocheck/cron.weekly
  
         chown -R nobody:nobody /var/ipfire/updatexlrator
+       chown -R root:root /var/ipfire/updatexlrator/bin
+       chown root:root /var/ipfire/updatexlrator/updxlrator-lib.pl
         chown nobody.squid /var/updatecache
         chown nobody.squid /var/updatecache/download
         chown nobody.squid /var/updatecache/metadata
@@ -168,14 +179,14 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
         chmod 775 /var/updatecache/metadata
         chmod 755 /var/log/updatexlrator
         chmod 755 /srv/web/ipfire/html/images/updbooster
-       
+
         chown squid:squid /var/log/squid
         ln -sf /usr/lib/squid /usr/lib/squid/auth
         cp -f $(DIR_SRC)/config/proxy/proxy.pac /srv/web/ipfire/html/proxy.pac
         chown nobody.nobody /srv/web/ipfire/html/proxy.pac
         ln -sf /srv/web/ipfire/html/proxy.pac /srv/web/ipfire/html/wpad.dat
  
-       #Copy stylesheets for the errorpages
+       # Copy stylesheets for the errorpages
         cp -f $(DIR_SRC)/config/proxy/errorpage-ipfire.css /var/ipfire/proxy/
         cp -f /etc/squid/errorpage.css /var/ipfire/proxy/errorpage-squid.css