Accepting request 434591 from server:proxy
1 OBS-URL: https://build.opensuse.org/request/show/434591 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=41
This commit is contained in:
commit
239904fb8a
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:37db73bd33ddd3503fe375bc3f2b47d9fb7309042e439ad3651f21d5dcf2d395
|
||||
size 2319780
|
@ -1,20 +0,0 @@
|
||||
File: squid-3.5.20.tar.xz
|
||||
Date: Fri Jul 1 13:49:42 UTC 2016
|
||||
Size: 2319780
|
||||
MD5 : 48fb18679a30606de98882528beab3a7
|
||||
SHA1: 2bb6d3568e7167c9b99fea092a97287d0e430863
|
||||
Key : 0xFF5CF463 <squid3@treenet.co.nz>
|
||||
fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
|
||||
keyring = http://www.squid-cache.org/pgp.asc
|
||||
keyserver = subkeys.pgp.net
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1
|
||||
|
||||
iQEcBAABAgAGBQJXdnW5AAoJELJo5wb/XPRjqzsH+wXT0yt47aqoGWI8D1YpRaW5
|
||||
KPYvJdos0zPfgIPFWXxngH+ZpJcSPD21QuiEPS8BqISxm+/+By+0QIljITnHWFOV
|
||||
/wo1nwL/IMissmD+9bksyBede+BsZdz1PSwl9V1MzvuGL4vwOC0UZD9RT9RYvMwj
|
||||
Exfw80v/01bAVpV8U3tsBodk4Rz3AWIHhH2Tf9O2EZ/pIAtEHtDbkdLk81rSwNED
|
||||
tL6yV/n+BoWgAPg/+YPVGRK/h5nD4tBkTD6YBCnxp5PJmybhvAjLr/J96PtPpHdC
|
||||
or7Vx1lVpKvkXwZjn936+v4pqv19lsvKs5zLtGKBG2wMmoSIo2bf/bGhhT5kBDc=
|
||||
=znHp
|
||||
-----END PGP SIGNATURE-----
|
3
squid-3.5.22.tar.xz
Normal file
3
squid-3.5.22.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:1ce95b469257abeb2ed8a1c0417812301c1ef5a4cc40ca504167daa470ad9358
|
||||
size 2324164
|
19
squid-3.5.22.tar.xz.asc
Normal file
19
squid-3.5.22.tar.xz.asc
Normal file
@ -0,0 +1,19 @@
|
||||
File: squid-3.5.22.tar.xz
|
||||
Date: Sun Oct 9 23:43:33 UTC 2016
|
||||
Size: 2324164
|
||||
MD5 : afb82d2748c06c95815c171463b4aa14
|
||||
SHA1: 73e9199dd9d2a7f107f78d03454830713a4a571d
|
||||
Key : 0xFF5CF463 <squid3@treenet.co.nz>
|
||||
|
||||
keyring = http://www.squid-cache.org/pgp.asc
|
||||
keyserver = subkeys.pgp.net
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEcBAABCAAGBQJX+tbSAAoJELJo5wb/XPRjl2gH/ReWuyxU88issJB6RDkqpg1z
|
||||
ULCFIGXOZieUB1Ec+kh6gkothXfFSmec4U/3nx42N2e1cFlQby9lRY27e7T47na7
|
||||
rA8ZiXc8gXNrE06GCtFXIR9AvRQrySAJMES6wJT4LigkfbS3wZt3PvUw+RUgGCcz
|
||||
RC14yLwFgzaAR7d9RVgZWBIOXlz4NUvdlb/ri+kiHc2mfT09ikm9NX+t5wJ64MfI
|
||||
S/U2tFJLDeqG0B4Sx/lnl35h7f2mk+c9DPfmTDkZSE1dJScE34GtEpehJQwZcxA9
|
||||
EHgPwIP4BFIReywnCwhDMY17JDkC58gXyOBNjSd6v0PzyvXbSQLAYYJu1MKzKi8=
|
||||
=JCC/
|
||||
-----END PGP SIGNATURE-----
|
@ -18,7 +18,7 @@ Index: helpers/external_acl/kerberos_ldap_group/support_krb5.cc
|
||||
- debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
|
||||
- found = 1;
|
||||
+ if (margs->brokenad == 1) {
|
||||
+ if (!strncmp(principal_name,"HTTP/",strlen("HTTP/"))==0){
|
||||
+ if (strncmp(principal_name,"HTTP/",strlen("HTTP/")) != 0){
|
||||
+ debug((char *) "%s| %s: DEBUG: Found principal without 'HTTP/' service name: %s NOT USING IT\n", LogTime(), PROGRAM, principal_name);
|
||||
+ } else {
|
||||
+ debug((char *) "%s| %s: DEBUG: Found principal with 'HTTP/' service name: %s\n", LogTime(), PROGRAM, principal_name);
|
||||
@ -66,7 +66,7 @@ Index: helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc
|
||||
fprintf(stderr, "-l ldap url\n");
|
||||
fprintf(stderr, "-b ldap bind path\n");
|
||||
fprintf(stderr, "-s use SSL encryption with Kerberos authentication\n");
|
||||
+ fprintf(stderr, "-x force use of HTTP/ principal on ms ad 2008\n");
|
||||
+ fprintf(stderr, "-x force use of HTTP/ principal on MS AD 2008\n");
|
||||
fprintf(stderr, "-a allow SSL without cert verification\n");
|
||||
fprintf(stderr, "-m maximal depth for recursive searches\n");
|
||||
fprintf(stderr, "-h help\n");
|
||||
|
@ -1,3 +1,70 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 12 14:51:59 UTC 2016 - adam.majer@suse.de
|
||||
|
||||
- Update Squid to 3.5.22
|
||||
* HTTP: MUST ignore a [revalidation] response with an older Date
|
||||
header.
|
||||
* Optimized/simplified buffering: Appending nothing is always
|
||||
possible.
|
||||
* Avoid segfaults when debugging section 4 at level 9.
|
||||
* fix #4302 pt2: IPFilter v5 transparent interception
|
||||
* Bug #4471: revalidation doesn't work when expired cached
|
||||
object lacks Last-Modified.
|
||||
* Bug #2833: Collapse internal revalidation requests
|
||||
(SMP-unaware caches)
|
||||
* Bug #3819: "fd >= 0" assertion in file_write() during
|
||||
reconfiguration
|
||||
* Do not leak url_rewrite_extras and store_id_extras on
|
||||
reconfigure/shutdown.
|
||||
* Fix potential ICAP null pointer dereference after rev.14082
|
||||
* Fix logged request size (%http::>st) and other size-related
|
||||
%codes.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 13 15:32:34 UTC 2016 - adam.majer@suse.de
|
||||
|
||||
- Merge changes from SLE12 SP2 so we have identical packages
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 12 09:57:30 UTC 2016 - adam.majer@suse.de
|
||||
|
||||
- Update Squid to 3.5.21
|
||||
* fix assertion failure in xcalloc when using many cache_dir
|
||||
Squid is documented as supporting up to 64 cache directories,
|
||||
but would crash with a memory allocation error if more than
|
||||
a few were actually configured.
|
||||
* fix authentication credentials IP TTL updated incorrectly
|
||||
This bug caused error in max_user_ip ACL accounting to allow
|
||||
clients to shift IP address more times than configured.
|
||||
Fix may have an effect on IPv6 clients using "proviacy adressing"
|
||||
to rotate IPs.
|
||||
* fix mal-formed Cache-Control:stale-if-error header
|
||||
This bug shows up as incorrect stale-if-error values being
|
||||
relayed by Squid breaking the use of this feature in the
|
||||
recipients. Squid now relays the header values correctly.
|
||||
* fix Proxy-Authenticate problem using ICAP server
|
||||
With this change Squid now treats the ICAP REQMOD adaptation
|
||||
point as a part of itself with regards to proxy authentication.
|
||||
The Proxy-Authentication header received from the client is
|
||||
delivered as part of the HTTP request headers in expectation
|
||||
that the ICAP service may authenticate and/or
|
||||
produce 407 response itself.
|
||||
* fix HTTP: MUST always revalidate Cache-Control:no-cache responses
|
||||
This bug shows up as Squid not revalidating some responses until
|
||||
they became stale according to refresh_pattern heuristic rules
|
||||
(specifically the minimum caching age). Squid now revalidates
|
||||
these objects on every request.
|
||||
* fix HTTP: do not allow Proxy-Connection to override Connection
|
||||
* fix SSL CN wildcard must only match a single domain fragment
|
||||
This bug shows up as incorrect matching (or non-matching) of the
|
||||
ss::server_name ACL against TLS certificate values. Squid now
|
||||
treats the certificate CN fields according to X.509 domain
|
||||
matching requirements instead of HTTP domain matching
|
||||
requirements.
|
||||
- squid-brokenad.patch
|
||||
* propertly capitalize option name
|
||||
* make the conditional if() not a riddle
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 18 08:05:42 UTC 2016 - adam.majer@suse.de
|
||||
|
||||
|
10
squid.spec
10
squid.spec
@ -20,7 +20,7 @@
|
||||
%define squidconfdir %{_sysconfdir}/squid
|
||||
|
||||
Name: squid
|
||||
Version: 3.5.20
|
||||
Version: 3.5.22
|
||||
Release: 0
|
||||
Summary: A fully featured HTTP/1.0 proxy
|
||||
License: GPL-2.0+
|
||||
@ -28,7 +28,6 @@ Group: Productivity/Networking/Web/Proxy
|
||||
Url: http://www.squid-cache.org/Versions/v3/3.5
|
||||
Source0: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz
|
||||
Source1: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz.asc
|
||||
|
||||
Source3: squid.init
|
||||
Source4: squid.sysconfig
|
||||
Source5: pam.squid
|
||||
@ -50,6 +49,10 @@ Patch103: squid-brokenad.patch
|
||||
Patch104: squid-old-kerberos.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
# BuildRequires: autoconf
|
||||
# BuildRequires: automake
|
||||
# If you want to run unit tests, these also need mounted /dev/shm and /proc
|
||||
# BuildRequires: cppunit-devel
|
||||
BuildRequires: db-devel
|
||||
# needed by bootstrap.sh
|
||||
BuildRequires: cyrus-sasl-devel
|
||||
@ -131,7 +134,7 @@ The most important of these new features are:
|
||||
%setup -q
|
||||
cp %{SOURCE10} .
|
||||
# upstream patches after RELEASE
|
||||
#
|
||||
|
||||
##### other patches
|
||||
%patch100
|
||||
perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"`
|
||||
@ -140,6 +143,7 @@ chmod a-x CREDITS
|
||||
%patch104
|
||||
|
||||
%build
|
||||
# autoreconf -fi
|
||||
export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
|
||||
export CXXFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
|
||||
export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro,-z,now -pie"
|
||||
|
Loading…
Reference in New Issue
Block a user