diff --git a/cntlm-0.35.1-Makefile.patch b/cntlm-0.35.1-Makefile.patch deleted file mode 100644 index b8e1f09..0000000 --- a/cntlm-0.35.1-Makefile.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -ruN cntlm-0.35.1-orig/Makefile cntlm-0.35.1/Makefile ---- cntlm-0.35.1-orig/Makefile 2007-11-21 01:18:24.000000000 +0100 -+++ cntlm-0.35.1/Makefile 2009-05-06 18:09:53.000000000 +0200 -@@ -42,10 +42,10 @@ - install -O root -G system -M 644 -f $(MANDIR)/man1 doc/$(NAME).1; \ - install -O root -G system -M 600 -c $(SYSCONFDIR) doc/$(NAME).conf; \ - else \ -- install -D -o root -g root -m 755 -s $(NAME) $(BINDIR)/$(NAME); \ -- install -D -o root -g root -m 644 doc/$(NAME).1 $(MANDIR)/man1/$(NAME).1; \ -+ install -D -m 755 -s $(NAME) $(BINDIR)/$(NAME); \ -+ install -D -m 644 doc/$(NAME).1 $(MANDIR)/man1/$(NAME).1; \ - [ -f $(SYSCONFDIR)/$(NAME).conf -o -z "$(SYSCONFDIR)" ] \ -- || install -D -o root -g root -m 600 doc/$(NAME).conf $(SYSCONFDIR)/$(NAME).conf; \ -+ || install -D -m 600 doc/$(NAME).conf $(SYSCONFDIR)/$(NAME).conf; \ - fi - @echo; echo "Cntlm will look for configuration in $(SYSCONFDIR)/$(NAME).conf" - -Dateien cntlm-0.35.1-orig/.Makefile.swp und cntlm-0.35.1/.Makefile.swp sind verschieden. diff --git a/cntlm-0.35.1-config.patch b/cntlm-0.35.1-config.patch deleted file mode 100644 index 3fb4185..0000000 --- a/cntlm-0.35.1-config.patch +++ /dev/null @@ -1,35 +0,0 @@ -diff -ruN cntlm-0.35.1-orig/doc/cntlm.conf cntlm-0.35.1/doc/cntlm.conf ---- cntlm-0.35.1-orig/doc/cntlm.conf 2007-11-02 02:07:11.000000000 +0100 -+++ cntlm-0.35.1/doc/cntlm.conf 2009-05-06 16:49:22.000000000 +0200 -@@ -7,8 +7,15 @@ - - Username testuser - Domain corp-uk --Password password # Use hashes instead (-H) --#Workstation netbios_hostname # Should be auto-guessed -+Password password -+# Use hashes instead call "cntlm -H" -+#PassLM 1AD35398BE6565DDB5C4EF70C0593492 -+#PassNT 77B9081511704EE852F94227CF48A793 -+### Only for user 'testuser', domain 'corp-uk' -+#PassNTLMv2 D5826E9C665C37C80B53397D5C07BBCB -+ -+### Should be auto-guessed -+#Workstation netbios_hostname - - Proxy 10.217.112.41:8080 - Proxy 10.217.112.42:8080 -@@ -16,7 +23,12 @@ - # - # This is the port number where Cntlm will listen - # --Listen 3128 -+################################################## -+# consider to change Listen Parameter in -+# /etc/sysconfig/cntlm -+# as a default 127.0.0.1:3128 is used -+# but if defined here it takes precedence over sysconfig -+#Listen 3128 - - # - # If you wish to use the SOCKS5 proxy feature as well, uncomment diff --git a/cntlm-0.35.1.tar.bz2 b/cntlm-0.35.1.tar.bz2 deleted file mode 100644 index 77d3899..0000000 --- a/cntlm-0.35.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3f70729d48250b94e00002035398ebdf3ffb0c58d5b1e0db545210aaf97b251c -size 64798 diff --git a/cntlm-0.92.3-HTTP-1.1-persistent-connections-with-HTTP-1.0-clients.patch b/cntlm-0.92.3-HTTP-1.1-persistent-connections-with-HTTP-1.0-clients.patch new file mode 100644 index 0000000..19185db --- /dev/null +++ b/cntlm-0.92.3-HTTP-1.1-persistent-connections-with-HTTP-1.0-clients.patch @@ -0,0 +1,366 @@ +Index: utils.c +=================================================================== +--- utils.c (revision 305) ++++ utils.c (revision 306) +@@ -508,6 +508,7 @@ + data->body_len = 0; + data->empty = 1; + data->port = 0; ++ data->http_version = -1; + data->headers = NULL; + data->method = NULL; + data->url = NULL; +@@ -535,6 +536,7 @@ + dst->body_len = src->body_len; + dst->empty = src->empty; + dst->port = src->port; ++ dst->http_version = src->http_version; + + if (src->headers) + dst->headers = hlist_dup(src->headers); +@@ -584,6 +586,7 @@ + data->body_len = 0; + data->empty = 1; + data->port = 0; ++ data->http_version = -1; + + if (data->headers) hlist_free(data->headers); + if (data->method) free(data->method); +@@ -623,6 +626,7 @@ + if (data->http) free(data->http); + if (data->msg) free(data->msg); + if (data->body) free(data->body); ++ memset(data, 0, sizeof(struct rr_data_s)); + free(data); + } + +Index: forward.c +=================================================================== +--- forward.c (revision 305) ++++ forward.c (revision 306) +@@ -188,6 +188,7 @@ + + if (debug) { + printf("\nSending PROXY auth request...\n"); ++ printf("HEAD: %s %s %s\n", auth->method, auth->url, auth->http); + hlist_dump(auth->headers); + } + +@@ -316,7 +317,7 @@ + * request is NOT freed + */ + rr_data_t forward_request(void *thread_data, rr_data_t request) { +- int i, w, loop, plugin, retry = 0; ++ int i, loop, plugin, retry = 0; + int *rsocket[2], *wsocket[2]; + rr_data_t data[2], rc = NULL; + hlist_t tl; +@@ -368,7 +369,7 @@ + sd = proxy_connect(tcreds); + if (sd <= 0) { + tmp = gen_502_page(request->http, "Parent proxy unreacheable"); +- w = write(cd, tmp, strlen(tmp)); ++ i = write(cd, tmp, strlen(tmp)); + free(tmp); + rc = (void *)-1; + goto bailout; +@@ -446,7 +447,9 @@ + && strcasecmp(hostname, data[0]->hostname)) { + if (debug) + printf("\n******* F RETURN: %s *******\n", data[0]->url); +- if (authok) ++ if (authok && data[0]->http_version >= 11 ++ && (hlist_subcmp(data[0]->headers, "Proxy-Connection", "keep-alive") ++ || hlist_subcmp(data[0]->headers, "Connection", "keep-alive"))) + proxy_alive = 1; + + rc = dup_rr_data(data[0]); +@@ -465,7 +468,7 @@ + /* + * Modify request headers. + * +- * Try to request keep-alive for every connection. We keep them in a pool ++ * Try to request keep-alive for every client supporting HTTP/1.1+. We keep them in a pool + * for future reuse. + */ + if (loop == 0 && data[0]->req) { +@@ -474,13 +477,14 @@ + */ + if (http_parse_basic(data[loop]->headers, "Proxy-Authorization", tcreds) > 0) { + if (debug) +- printf("NTLM-to-basic: Credentials parsed: %s\\%s at %s\n", tcreds->domain, tcreds->user, tcreds->workstation); ++ printf("NTLM-to-basic: Credentials parsed: %s\\%s at %s\n", ++ tcreds->domain, tcreds->user, tcreds->workstation); + } else if (ntlmbasic) { + if (debug) + printf("NTLM-to-basic: Returning client auth request.\n"); + + tmp = gen_407_page(data[loop]->http); +- w = write(cd, tmp, strlen(tmp)); ++ i = write(cd, tmp, strlen(tmp)); + free(tmp); + + free_rr_data(data[0]); +@@ -499,13 +503,14 @@ + } + + /* +- * Also remove runaway P-A from the client (e.g. Basic from N-t-B), which might +- * cause some ISAs to deny us, even if the connection is already auth'd. ++ * Force proxy keep-alive if the client can handle it (HTTP >= 1.1) + */ +- data[0]->headers = hlist_mod(data[0]->headers, "Proxy-Connection", "keep-alive", 1); ++ if (data[0]->http_version >= 11) ++ data[0]->headers = hlist_mod(data[0]->headers, "Proxy-Connection", "keep-alive", 1); + + /* +- * Remove all Proxy-Authorization headers from client ++ * Also remove runaway P-A from the client (e.g. Basic from N-t-B), which might ++ * cause some ISAs to deny us, even if the connection is already auth'd. + */ + while (hlist_get(data[loop]->headers, "Proxy-Authorization")) { + data[loop]->headers = hlist_del(data[loop]->headers, "Proxy-Authorization"); +@@ -623,8 +628,10 @@ + if (plugin & PLUG_SENDHEAD) { + if (debug) { + printf("Sending headers (%d)...\n", *wsocket[loop]); +- if (loop == 0) ++ if (loop == 0) { ++ printf("HEAD: %s %s %s\n", data[loop]->method, data[loop]->url, data[loop]->http); + hlist_dump(data[loop]->headers); ++ } + } + + /* +@@ -672,8 +679,14 @@ + * This way, we also tell our caller that proxy keep-alive is impossible. + */ + if (loop == 1) { +- proxy_alive = hlist_subcmp(data[loop]->headers, "Proxy-Connection", "keep-alive"); +- if (!proxy_alive) { ++ proxy_alive = hlist_subcmp(data[1]->headers, "Proxy-Connection", "keep-alive") ++ && data[0]->http_version >= 11; ++ if (proxy_alive) { ++ data[1]->headers = hlist_mod(data[1]->headers, "Proxy-Connection", "keep-alive", 1); ++ data[1]->headers = hlist_mod(data[1]->headers, "Connection", "keep-alive", 1); ++ } else { ++ data[1]->headers = hlist_mod(data[1]->headers, "Proxy-Connection", "close", 1); ++ data[1]->headers = hlist_mod(data[1]->headers, "Connection", "close", 1); + if (debug) + printf("PROXY CLOSING CONNECTION\n"); + rc = (void *)-1; +Index: utils.h +=================================================================== +--- utils.h (revision 305) ++++ utils.h (revision 306) +@@ -89,6 +89,7 @@ + int body_len; + int empty; + int port; ++ int http_version; + char *method; + char *url; + char *rel_url; +Index: http.c +=================================================================== +--- http.c (revision 305) ++++ http.c (revision 306) +@@ -84,7 +84,7 @@ + */ + int headers_recv(int fd, rr_data_t data) { + int i, bsize; +- int len; ++ int len, is_http = 0; + char *buf; + char *tok, *s3 = 0; + char *orig = NULL; +@@ -108,12 +108,22 @@ + orig = strdup(buf); + len = strlen(buf); + tok = strtok_r(buf, " ", &s3); +- if (tok && (!strncasecmp(buf, "HTTP/", 5) || !strncasecmp(tok, "ICY", 3))) { ++ if (tok && ((is_http = !strncasecmp(tok, "HTTP/", 5)) || !strncasecmp(tok, "ICY", 3))) { + data->req = 0; + data->empty = 0; + data->http = strdup(tok); + data->msg = NULL; + ++ /* ++ * Let's find out the numeric version of the HTTP version: 09, 10, 11. ++ * Set to -1 if header is misformatted. ++ */ ++ if (is_http && (tok = strchr(data->http, '/')) && strlen(tok) >= 4 && isdigit(tok[1]) && isdigit(tok[3])) { ++ data->http_version = (tok[1] - 0x30) * 10 + (tok[3] - 0x30); ++ } else { ++ data->http_version = -1; ++ } ++ + tok = strtok_r(NULL, " ", &s3); + if (tok) { + ccode = strdup(tok); +@@ -156,6 +166,16 @@ + goto bailout; + } + ++ /* ++ * Let's find out the numeric version of the HTTP version: 09, 10, 11. ++ * Set to -1 if header is misformatted. ++ */ ++ if ((tok = strchr(data->http, '/')) && strlen(tok) >= 4 && isdigit(tok[1]) && isdigit(tok[3])) { ++ data->http_version = (tok[1] - 0x30) * 10 + (tok[3] - 0x30); ++ } else { ++ data->http_version = -1; ++ } ++ + if ((tok = strstr(data->url, "://"))) { + tok += 3; + } else { +@@ -367,7 +387,7 @@ + */ + int chunked_data_send(int dst, int src) { + char *buf; +- int bsize; ++ int bsize, len; + int i, w, csize; + + char *err = NULL; +@@ -408,11 +428,14 @@ + } while (csize != 0); + + /* Take care of possible trailer */ ++ w = len = i = 0; + do { + i = so_recvln(src, &buf, &bsize); +- if (dst >= 0 && i > 0) +- w = write(dst, buf, strlen(buf)); +- } while (i > 0 && buf[0] != '\r' && buf[0] != '\n'); ++ if (dst >= 0 && i > 0) { ++ len = strlen(buf); ++ w = write(dst, buf, len); ++ } ++ } while (w == len && i > 0 && buf[0] != '\r' && buf[0] != '\n'); + + free(buf); + return 1; +Index: direct.c +=================================================================== +--- direct.c (revision 305) ++++ direct.c (revision 306) +@@ -198,6 +198,8 @@ + syslog(LOG_WARNING, "Connection failed for %s:%d (%s)", request->hostname, request->port, strerror(errno)); + tmp = gen_502_page(request->http, strerror(errno)); + w = write(cd, tmp, strlen(tmp)); ++ // We don't really care about the result - shut up GCC warning (unused-but-set-variable) ++ if (!w) w = 1; + free(tmp); + + rc = (void *)-1; +@@ -282,10 +284,21 @@ + data[0]->url = strdup(data[0]->rel_url); + } + +- data[0]->headers = hlist_mod(data[0]->headers, "Connection", "keep-alive", 1); +- data[0]->headers = hlist_del(data[0]->headers, "Proxy-Authorization"); ++ /* ++ * Force proxy keep-alive if the client can handle it (HTTP >= 1.1) ++ */ ++ if (data[0]->http_version >= 11) ++ data[0]->headers = hlist_mod(data[0]->headers, "Connection", "keep-alive", 1); + + /* ++ * Also remove runaway P-A from the client (e.g. Basic from N-t-B), which might ++ * cause some ISAs to deny us, even if the connection is already auth'd. ++ */ ++ while (hlist_get(data[loop]->headers, "Proxy-Authorization")) { ++ data[loop]->headers = hlist_del(data[loop]->headers, "Proxy-Authorization"); ++ } ++ ++ /* + * Try to get auth from client if present + */ + if (http_parse_basic(data[0]->headers, "Authorization", tcreds) > 0 && debug) +@@ -373,18 +386,25 @@ + */ + if (loop == 1) { + conn_alive = !hlist_subcmp(data[1]->headers, "Connection", "close") +- && http_has_body(data[0], data[1]) != -1; ++ && http_has_body(data[0], data[1]) != -1 ++ && data[0]->http_version >= 11; + if (conn_alive) { + data[1]->headers = hlist_mod(data[1]->headers, "Proxy-Connection", "keep-alive", 1); + data[1]->headers = hlist_mod(data[1]->headers, "Connection", "keep-alive", 1); + } else { + data[1]->headers = hlist_mod(data[1]->headers, "Proxy-Connection", "close", 1); ++ data[1]->headers = hlist_mod(data[1]->headers, "Connection", "close", 1); + rc = (void *)-1; + } + } + +- if (debug) ++ if (debug) { + printf("Sending headers (%d)...\n", *wsocket[loop]); ++ if (loop == 0) { ++ printf("HEAD: %s %s %s\n", data[loop]->method, data[loop]->url, data[loop]->http); ++ hlist_dump(data[loop]->headers); ++ } ++ } + + /* + * Send headers +Index: main.c +=================================================================== +--- main.c (revision 305) ++++ main.c (revision 306) +@@ -462,6 +462,8 @@ + bs[0] = 5; + bs[1] = 0xFF; + w = write(cd, bs, 2); ++ // We don't really care about the result - shut up GCC warning (unused-but-set-variable) ++ if (!w) w = 1; + goto bailout; + } else { + bs[0] = 5; +@@ -1400,6 +1402,8 @@ + * If we fail, exit with error. + */ + if (strlen(cpidfile)) { ++ int len; ++ + umask(0); + cd = open(cpidfile, O_WRONLY | O_CREAT | O_TRUNC, 0644); + if (cd < 0) { +@@ -1409,7 +1413,11 @@ + + tmp = new(50); + snprintf(tmp, 50, "%d\n", getpid()); +- w = write(cd, tmp, strlen(tmp)); ++ w = write(cd, tmp, (len = strlen(tmp))); ++ if (w != len) { ++ syslog(LOG_ERR, "Error writing to the PID file\n"); ++ myexit(1); ++ } + free(tmp); + close(cd); + } +@@ -1517,6 +1525,8 @@ + inet_ntoa(caddr.sin_addr), ntohs(caddr.sin_port)); + tmp = gen_denied_page(inet_ntoa(caddr.sin_addr)); + w = write(cd, tmp, strlen(tmp)); ++ // We don't really care about the result - shut up GCC warning (unused-but-set-variable) ++ if (!w) w = 1; + free(tmp); + close(cd); + continue; +Index: scanner.c +=================================================================== +--- scanner.c (revision 305) ++++ scanner.c (revision 306) +@@ -153,6 +153,8 @@ + tmp = new(MINIBUF_SIZE); + snprintf(tmp, MINIBUF_SIZE, "%s 200 OK\r\n", request->http); + w = write(cd, tmp, strlen(tmp)); ++ // We don't really care about the result - shut up GCC warning (unused-but-set-variable) ++ if (!w) w = 1; + free(tmp); + } + diff --git a/cntlm-0.92.3.tar.bz2 b/cntlm-0.92.3.tar.bz2 new file mode 100644 index 0000000..beeaa19 --- /dev/null +++ b/cntlm-0.92.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7b603d6200ab0b26034e9e200fab949cc0a8e5fdd4df2c80b8fc5b1c37e7b930 +size 78198 diff --git a/cntlm-override-CFLAGS-CXXFLAGS-makefile.patch b/cntlm-override-CFLAGS-CXXFLAGS-makefile.patch new file mode 100644 index 0000000..8705879 --- /dev/null +++ b/cntlm-override-CFLAGS-CXXFLAGS-makefile.patch @@ -0,0 +1,35 @@ +--- a/Makefile ++++ b/Makefile +@@ -15,10 +15,8 @@ MANDIR=$(DESTDIR)/usr/share/man + NAME=cntlm + CC=gcc + VER=`cat VERSION` +-CFLAGS+=$(FLAGS) -std=c99 -Wall -Wno-unused-but-set-variable -pedantic -O3 -D__BSD_VISIBLE -D_ALL_SOURCE -D_XOPEN_SOURCE=600 -D_POSIX_C_SOURCE=200112 -D_ISOC99_SOURCE -D_REENTRANT -D_BSD_SOURCE -DVERSION=\"`cat VERSION`\" +-OS=$(shell uname -s) +-OSLDFLAGS=$(shell [ $(OS) = "SunOS" ] && echo "-lrt -lsocket -lnsl") +-LDFLAGS:=-lpthread $(OSLDFLAGS) ++override CFLAGS += -std=c99 -pedantic -D__BSD_VISIBLE -D_ALL_SOURCE -D_XOPEN_SOURCE=600 -D_POSIX_C_SOURCE=200112 -D_ISOC99_SOURCE -D_REENTRANT -D_BSD_SOURCE -DVERSION=\"`cat VERSION`\" ++override LDFLAGS += -lpthread + + ifeq ($(findstring CYGWIN,$(OS)),) + OBJS=utils.o ntlm.o xcrypt.o config.o socket.o acl.o auth.o http.o forward.o direct.o scanner.o pages.o main.o +@@ -45,16 +43,16 @@ main.o: main.c + install: $(NAME) + # Special handling for install(1) + if [ "`uname -s`" = "AIX" ]; then \ +- install -M 755 -S -f $(BINDIR) $(NAME); \ ++ install -M 755 -f $(BINDIR) $(NAME); \ + install -M 644 -f $(MANDIR)/man1 doc/$(NAME).1; \ + install -M 600 -c $(SYSCONFDIR) doc/$(NAME).conf; \ + elif [ "`uname -s`" = "Darwin" ]; then \ +- install -d -m 755 -s $(NAME) $(BINDIR)/$(NAME); \ ++ install -d -m 755 $(NAME) $(BINDIR)/$(NAME); \ + install -d -m 644 doc/$(NAME).1 $(MANDIR)/man1/$(NAME).1; \ + [ -f $(SYSCONFDIR)/$(NAME).conf -o -z "$(SYSCONFDIR)" ] \ + || install -d -m 600 doc/$(NAME).conf $(SYSCONFDIR)/$(NAME).conf; \ + else \ +- install -D -m 755 -s $(NAME) $(BINDIR)/$(NAME); \ ++ install -D -m 755 $(NAME) $(BINDIR)/$(NAME); \ + install -D -m 644 doc/$(NAME).1 $(MANDIR)/man1/$(NAME).1; \ + [ -f $(SYSCONFDIR)/$(NAME).conf -o -z "$(SYSCONFDIR)" ] \ + || install -D -m 600 doc/$(NAME).conf $(SYSCONFDIR)/$(NAME).conf; \ diff --git a/cntlm.changes b/cntlm.changes index 020fa84..5a8c15f 100644 --- a/cntlm.changes +++ b/cntlm.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Sat Oct 26 15:10:39 UTC 2013 - p.drouand@gmail.com + +- Update to version 0.92.3 + + No changelog available +- Improve systemd support for openSUSE >= 12.3 +- Add some forgotten stuff for sysvinit support +- Little specfile cleanup +- Drop obsolete by upstream changes patchs + * cntlm-0.35.1-config.patch + * cntlm-0.35.1-Makefile.patch +- Add patchs + + cntlm-0.92.3-HTTP-1.1-persistent-connections-with-HTTP-1.0-clients.patch + cntlm doesn't handle correctly requests when use HTTP protocol + ------------------------------------------------------------------- Sat Sep 17 23:17:22 UTC 2011 - jengelh@medozas.de diff --git a/cntlm.service b/cntlm.service new file mode 100644 index 0000000..15951ba --- /dev/null +++ b/cntlm.service @@ -0,0 +1,11 @@ +[Unit] +Description=CNTLM HTTP Accelerator For NTLM Secured Proxies Authenticator +After=network.target + +[Service] +Type=forking +EnvironmentFile=-/etc/sysconfig/cntlmd +ExecStart=/usr/sbin/cntlm -c /etc/cntlm.conf -U cntlm -P /run/cntlm/cntlmd.pid + +[Install] +WantedBy=multi-user.target diff --git a/cntlm.spec b/cntlm.spec index 000ba00..7c9ff95 100644 --- a/cntlm.spec +++ b/cntlm.spec @@ -1,7 +1,7 @@ # # spec file for package cntlm # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2007 Scorpio IT, Deidesheim, Germany # # All modifications and additions to the file contributed by third parties @@ -16,11 +16,9 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - - Name: cntlm Summary: Fast NTLM authentication proxy with tunneling -Version: 0.35.1 +Version: 0.92.3 Release: 1 License: GPL-2.0+ Group: Productivity/Networking/Web/Proxy @@ -28,10 +26,23 @@ Url: http://cntlm.sourceforge.net/ Source0: %{name}-%{version}.tar.bz2 Source1: %{name}.init Source2: %{name}.sysconfig -Patch: %{name}-0.35.1-config.patch -Patch1: %{name}-0.35.1-Makefile.patch +Source3: %{name}.service +Source4: %{name}.tmpfiles +# PATCH-FIX-UPSTREAM cntlm-override-CFLAGS-CXXFLAGS-makefile.patch --fix empty debuginfo package +Patch0: cntlm-override-CFLAGS-CXXFLAGS-makefile.patch +# PATCH-FIX-UPSTREAM cntlm-0.92.3-HTTP-1.1-persistent-connections-with-HTTP-1.0-clients.patch --cntlm doesn't handle correctly +# between HTTP-1.0 and HTTP-1.1 +Patch1: cntlm-0.92.3-HTTP-1.1-persistent-connections-with-HTTP-1.0-clients.patch +%if %suse_version < 1230 +Requires(pre): %insserv_prereq %fillup_prereq +%else +Requires(pre): %fillup_prereq +BuildRequires: pkgconfig(systemd) +%{?systemd_requires} +%endif BuildRoot: %{_tmppath}/%{name}-%{version}-build -PreReq: pwdutils grep +Requires(pre): pwdutils +Requires(pre): grep %description Cntlm is a fast and efficient NTLM proxy, with support for TCP/IP tunneling, @@ -42,23 +53,26 @@ contains detailed information. %prep %setup -q -n %{name}-%{version} -%patch -p1 -%patch1 -p1 +%patch0 -p1 +%patch1 -p0 %build -# custom script -./configure -make %{?_smp_mflags} SYSCONFDIR=%{_sysconfdir} \ - BINDIR=%{_sbindir} \ - MANDIR=%{_mandir} +%configure +make %{?_smp_mflags} %install -%makeinstall SYSCONFDIR=%{buildroot}/%{_sysconfdir} \ - BINDIR=%{buildroot}/%{_sbindir} \ - MANDIR=%{buildroot}/%{_mandir} +%makeinstall + +%if %suse_version < 1230 %{__install} -d %{buildroot}/var/run/%{name} %{__install} -D -m 755 %{S:1} %{buildroot}/%{_initrddir}/%{name} %{__ln_s} -f ../..%{_sysconfdir}/init.d/%{name} %{buildroot}/usr/sbin/rc%{name} +%else +# With systemd, use new standard pid directory /run +%{__install} -d %{buildroot}/run/%{name} +%{__install} -D -m 755 %{S:3} %{buildroot}/%{_unitdir}/%{name}.service +%{__install} -D -m 644 %{S:4} %{buildroot}/usr/lib/tmpfiles.d/%{name}.conf +%endif %{__install} -D -m 644 %{S:2} %{buildroot}/var/adm/fillup-templates/sysconfig.%{name} %pre @@ -72,7 +86,11 @@ fi %preun # on `rpm -e` PARAM is 0 +%if %suse_version < 1230 %stop_on_removal cntlm +%else +%service_del_preun %{name}.service +%endif #if [ "$1" -eq 0 ]; then # %{_sbindir}/userdel %{name} 2>/dev/null #fi @@ -80,21 +98,36 @@ fi %post # on `rpm -ivh` PARAM is 1 # on `rpm -Uvh` PARAM is 2 +%if %suse_version < 1230 %{fillup_and_insserv cntlm} +%else +%{fillup_only} +%service_add_post %{name}.service +%endif %postun # on `rpm -e` PARAM is 0 +%if %suse_version < 1230 %restart_on_update cntlm %{insserv_cleanup} +%else +%service_del_postun %{name}.service +%endif %files %defattr(-,root,root,-) %doc COPYRIGHT LICENSE README VERSION %config(noreplace) %{_sysconfdir}/%{name}.conf +%if %suse_version < 1230 %config(noreplace) %{_initrddir}/%{name} +%ghost %dir %attr(755,%{name},root) /var/run/%{name} +%else +%config(noreplace) %{_unitdir}/%{name}.service +%{_libexecdir}/tmpfiles.d/%{name}.conf +%ghost %dir %attr(755,%{name},root) /run/%{name} +%endif %{_sbindir}/* %{_mandir}/man1/%{name}.1* -%ghost %dir %attr(755,%{name},root) /var/run/%{name} /var/adm/fillup-templates/sysconfig.%{name} %changelog diff --git a/cntlm.tmpfiles b/cntlm.tmpfiles new file mode 100644 index 0000000..80c47e5 --- /dev/null +++ b/cntlm.tmpfiles @@ -0,0 +1 @@ +d /run/cntlm 0755 cntlm cntlm