diff --git a/squid-glibc217.patch b/squid-glibc217.patch new file mode 100644 index 0000000..ed53938 --- /dev/null +++ b/squid-glibc217.patch @@ -0,0 +1,49 @@ +Index: squid-3.2.3/src/icmp/pinger.cc +=================================================================== +--- squid-3.2.3.orig/src/icmp/pinger.cc ++++ squid-3.2.3/src/icmp/pinger.cc +@@ -180,8 +180,18 @@ main(int argc, char *argv[]) + } + max_fd = max(max_fd, squid_link); + +- setgid(getgid()); +- setuid(getuid()); ++ if (setgid(getgid()) < 0) { ++ debugs(42, 0, "FATAL: pinger: setgid failed."); ++ icmp4.Close(); ++ icmp6.Close(); ++ exit (1); ++ } ++ if (setuid(getuid()) < 0) { ++ debugs(42, 0, "FATAL: pinger: setuid failed."); ++ icmp4.Close(); ++ icmp6.Close(); ++ exit (1); ++ } + + last_check_time = squid_curtime; + +Index: squid-3.2.3/src/tools.cc +=================================================================== +--- squid-3.2.3.orig/src/tools.cc ++++ squid-3.2.3/src/tools.cc +@@ -757,7 +757,8 @@ enter_suid(void) + debugs(21, 3, "enter_suid: PID " << getpid() << " taking root priveleges"); + #if HAVE_SETRESUID + +- setresuid((uid_t)-1, 0, (uid_t)-1); ++ if (setresuid((uid_t)-1, 0, (uid_t)-1) < 0) ++ debugs (21, 3, "enter_suid: setresuid failed" << xstrerror ()); + #else + + setuid(0); +@@ -782,7 +783,8 @@ no_suid(void) + uid = geteuid(); + debugs(21, 3, "no_suid: PID " << getpid() << " giving up root priveleges forever"); + +- setuid(0); ++ if (setuid(0) < 0) ++ debugs(50, 1, "no_suid: setuid (0): " << xstrerror()); + + if (setuid(uid) < 0) + debugs(50, 1, "no_suid: setuid: " << xstrerror()); diff --git a/squid.changes b/squid.changes index d3c90c4..f205526 100644 --- a/squid.changes +++ b/squid.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Sat Nov 17 09:38:19 UTC 2012 - aj@suse.de + +- Fix build with glibc 2.17 (add patch squid-glibc217.patch). + ------------------------------------------------------------------- Sun Oct 21 14:30:21 UTC 2012 - chris@computersalat.de diff --git a/squid.spec b/squid.spec index 6b91720..c781588 100644 --- a/squid.spec +++ b/squid.spec @@ -60,7 +60,8 @@ Patch101: %{name}-nobuilddates.patch ## File is compiled without RPM_OPT_FLAGS # squid3 no-rpm-opt-flags :./cf_gen.cc Patch102: %{name}-compiled_without_RPM_OPT_FLAGS.patch - +# Handle setuid/setgid failure +Patch103: squid-glibc217.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: %fillup_prereq PreReq: %insserv_prereq @@ -149,6 +150,7 @@ perl -p -i -e 's|/usr/local/bin/perl|/usr/bin/perl|' `find -name "*.pl"` chmod a-x CREDITS %patch101 %patch102 +%patch103 -p1 %build export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"