Accepting request 434591 from server:proxy
1 OBS-URL: https://build.opensuse.org/request/show/434591 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=41
This commit is contained in:
commit
239904fb8a
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:37db73bd33ddd3503fe375bc3f2b47d9fb7309042e439ad3651f21d5dcf2d395
|
|
||||||
size 2319780
|
|
@ -1,20 +0,0 @@
|
|||||||
File: squid-3.5.20.tar.xz
|
|
||||||
Date: Fri Jul 1 13:49:42 UTC 2016
|
|
||||||
Size: 2319780
|
|
||||||
MD5 : 48fb18679a30606de98882528beab3a7
|
|
||||||
SHA1: 2bb6d3568e7167c9b99fea092a97287d0e430863
|
|
||||||
Key : 0xFF5CF463 <squid3@treenet.co.nz>
|
|
||||||
fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
|
|
||||||
keyring = http://www.squid-cache.org/pgp.asc
|
|
||||||
keyserver = subkeys.pgp.net
|
|
||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
Version: GnuPG v1
|
|
||||||
|
|
||||||
iQEcBAABAgAGBQJXdnW5AAoJELJo5wb/XPRjqzsH+wXT0yt47aqoGWI8D1YpRaW5
|
|
||||||
KPYvJdos0zPfgIPFWXxngH+ZpJcSPD21QuiEPS8BqISxm+/+By+0QIljITnHWFOV
|
|
||||||
/wo1nwL/IMissmD+9bksyBede+BsZdz1PSwl9V1MzvuGL4vwOC0UZD9RT9RYvMwj
|
|
||||||
Exfw80v/01bAVpV8U3tsBodk4Rz3AWIHhH2Tf9O2EZ/pIAtEHtDbkdLk81rSwNED
|
|
||||||
tL6yV/n+BoWgAPg/+YPVGRK/h5nD4tBkTD6YBCnxp5PJmybhvAjLr/J96PtPpHdC
|
|
||||||
or7Vx1lVpKvkXwZjn936+v4pqv19lsvKs5zLtGKBG2wMmoSIo2bf/bGhhT5kBDc=
|
|
||||||
=znHp
|
|
||||||
-----END PGP SIGNATURE-----
|
|
3
squid-3.5.22.tar.xz
Normal file
3
squid-3.5.22.tar.xz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:1ce95b469257abeb2ed8a1c0417812301c1ef5a4cc40ca504167daa470ad9358
|
||||||
|
size 2324164
|
19
squid-3.5.22.tar.xz.asc
Normal file
19
squid-3.5.22.tar.xz.asc
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
File: squid-3.5.22.tar.xz
|
||||||
|
Date: Sun Oct 9 23:43:33 UTC 2016
|
||||||
|
Size: 2324164
|
||||||
|
MD5 : afb82d2748c06c95815c171463b4aa14
|
||||||
|
SHA1: 73e9199dd9d2a7f107f78d03454830713a4a571d
|
||||||
|
Key : 0xFF5CF463 <squid3@treenet.co.nz>
|
||||||
|
|
||||||
|
keyring = http://www.squid-cache.org/pgp.asc
|
||||||
|
keyserver = subkeys.pgp.net
|
||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQEcBAABCAAGBQJX+tbSAAoJELJo5wb/XPRjl2gH/ReWuyxU88issJB6RDkqpg1z
|
||||||
|
ULCFIGXOZieUB1Ec+kh6gkothXfFSmec4U/3nx42N2e1cFlQby9lRY27e7T47na7
|
||||||
|
rA8ZiXc8gXNrE06GCtFXIR9AvRQrySAJMES6wJT4LigkfbS3wZt3PvUw+RUgGCcz
|
||||||
|
RC14yLwFgzaAR7d9RVgZWBIOXlz4NUvdlb/ri+kiHc2mfT09ikm9NX+t5wJ64MfI
|
||||||
|
S/U2tFJLDeqG0B4Sx/lnl35h7f2mk+c9DPfmTDkZSE1dJScE34GtEpehJQwZcxA9
|
||||||
|
EHgPwIP4BFIReywnCwhDMY17JDkC58gXyOBNjSd6v0PzyvXbSQLAYYJu1MKzKi8=
|
||||||
|
=JCC/
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -18,7 +18,7 @@ Index: helpers/external_acl/kerberos_ldap_group/support_krb5.cc
|
|||||||
- debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
|
- debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
|
||||||
- found = 1;
|
- found = 1;
|
||||||
+ if (margs->brokenad == 1) {
|
+ if (margs->brokenad == 1) {
|
||||||
+ if (!strncmp(principal_name,"HTTP/",strlen("HTTP/"))==0){
|
+ if (strncmp(principal_name,"HTTP/",strlen("HTTP/")) != 0){
|
||||||
+ debug((char *) "%s| %s: DEBUG: Found principal without 'HTTP/' service name: %s NOT USING IT\n", LogTime(), PROGRAM, principal_name);
|
+ debug((char *) "%s| %s: DEBUG: Found principal without 'HTTP/' service name: %s NOT USING IT\n", LogTime(), PROGRAM, principal_name);
|
||||||
+ } else {
|
+ } else {
|
||||||
+ debug((char *) "%s| %s: DEBUG: Found principal with 'HTTP/' service name: %s\n", LogTime(), PROGRAM, principal_name);
|
+ debug((char *) "%s| %s: DEBUG: Found principal with 'HTTP/' service name: %s\n", LogTime(), PROGRAM, principal_name);
|
||||||
@ -66,7 +66,7 @@ Index: helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc
|
|||||||
fprintf(stderr, "-l ldap url\n");
|
fprintf(stderr, "-l ldap url\n");
|
||||||
fprintf(stderr, "-b ldap bind path\n");
|
fprintf(stderr, "-b ldap bind path\n");
|
||||||
fprintf(stderr, "-s use SSL encryption with Kerberos authentication\n");
|
fprintf(stderr, "-s use SSL encryption with Kerberos authentication\n");
|
||||||
+ fprintf(stderr, "-x force use of HTTP/ principal on ms ad 2008\n");
|
+ fprintf(stderr, "-x force use of HTTP/ principal on MS AD 2008\n");
|
||||||
fprintf(stderr, "-a allow SSL without cert verification\n");
|
fprintf(stderr, "-a allow SSL without cert verification\n");
|
||||||
fprintf(stderr, "-m maximal depth for recursive searches\n");
|
fprintf(stderr, "-m maximal depth for recursive searches\n");
|
||||||
fprintf(stderr, "-h help\n");
|
fprintf(stderr, "-h help\n");
|
||||||
|
@ -1,3 +1,70 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Oct 12 14:51:59 UTC 2016 - adam.majer@suse.de
|
||||||
|
|
||||||
|
- Update Squid to 3.5.22
|
||||||
|
* HTTP: MUST ignore a [revalidation] response with an older Date
|
||||||
|
header.
|
||||||
|
* Optimized/simplified buffering: Appending nothing is always
|
||||||
|
possible.
|
||||||
|
* Avoid segfaults when debugging section 4 at level 9.
|
||||||
|
* fix #4302 pt2: IPFilter v5 transparent interception
|
||||||
|
* Bug #4471: revalidation doesn't work when expired cached
|
||||||
|
object lacks Last-Modified.
|
||||||
|
* Bug #2833: Collapse internal revalidation requests
|
||||||
|
(SMP-unaware caches)
|
||||||
|
* Bug #3819: "fd >= 0" assertion in file_write() during
|
||||||
|
reconfiguration
|
||||||
|
* Do not leak url_rewrite_extras and store_id_extras on
|
||||||
|
reconfigure/shutdown.
|
||||||
|
* Fix potential ICAP null pointer dereference after rev.14082
|
||||||
|
* Fix logged request size (%http::>st) and other size-related
|
||||||
|
%codes.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Sep 13 15:32:34 UTC 2016 - adam.majer@suse.de
|
||||||
|
|
||||||
|
- Merge changes from SLE12 SP2 so we have identical packages
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Sep 12 09:57:30 UTC 2016 - adam.majer@suse.de
|
||||||
|
|
||||||
|
- Update Squid to 3.5.21
|
||||||
|
* fix assertion failure in xcalloc when using many cache_dir
|
||||||
|
Squid is documented as supporting up to 64 cache directories,
|
||||||
|
but would crash with a memory allocation error if more than
|
||||||
|
a few were actually configured.
|
||||||
|
* fix authentication credentials IP TTL updated incorrectly
|
||||||
|
This bug caused error in max_user_ip ACL accounting to allow
|
||||||
|
clients to shift IP address more times than configured.
|
||||||
|
Fix may have an effect on IPv6 clients using "proviacy adressing"
|
||||||
|
to rotate IPs.
|
||||||
|
* fix mal-formed Cache-Control:stale-if-error header
|
||||||
|
This bug shows up as incorrect stale-if-error values being
|
||||||
|
relayed by Squid breaking the use of this feature in the
|
||||||
|
recipients. Squid now relays the header values correctly.
|
||||||
|
* fix Proxy-Authenticate problem using ICAP server
|
||||||
|
With this change Squid now treats the ICAP REQMOD adaptation
|
||||||
|
point as a part of itself with regards to proxy authentication.
|
||||||
|
The Proxy-Authentication header received from the client is
|
||||||
|
delivered as part of the HTTP request headers in expectation
|
||||||
|
that the ICAP service may authenticate and/or
|
||||||
|
produce 407 response itself.
|
||||||
|
* fix HTTP: MUST always revalidate Cache-Control:no-cache responses
|
||||||
|
This bug shows up as Squid not revalidating some responses until
|
||||||
|
they became stale according to refresh_pattern heuristic rules
|
||||||
|
(specifically the minimum caching age). Squid now revalidates
|
||||||
|
these objects on every request.
|
||||||
|
* fix HTTP: do not allow Proxy-Connection to override Connection
|
||||||
|
* fix SSL CN wildcard must only match a single domain fragment
|
||||||
|
This bug shows up as incorrect matching (or non-matching) of the
|
||||||
|
ss::server_name ACL against TLS certificate values. Squid now
|
||||||
|
treats the certificate CN fields according to X.509 domain
|
||||||
|
matching requirements instead of HTTP domain matching
|
||||||
|
requirements.
|
||||||
|
- squid-brokenad.patch
|
||||||
|
* propertly capitalize option name
|
||||||
|
* make the conditional if() not a riddle
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jul 18 08:05:42 UTC 2016 - adam.majer@suse.de
|
Mon Jul 18 08:05:42 UTC 2016 - adam.majer@suse.de
|
||||||
|
|
||||||
|
10
squid.spec
10
squid.spec
@ -20,7 +20,7 @@
|
|||||||
%define squidconfdir %{_sysconfdir}/squid
|
%define squidconfdir %{_sysconfdir}/squid
|
||||||
|
|
||||||
Name: squid
|
Name: squid
|
||||||
Version: 3.5.20
|
Version: 3.5.22
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: A fully featured HTTP/1.0 proxy
|
Summary: A fully featured HTTP/1.0 proxy
|
||||||
License: GPL-2.0+
|
License: GPL-2.0+
|
||||||
@ -28,7 +28,6 @@ Group: Productivity/Networking/Web/Proxy
|
|||||||
Url: http://www.squid-cache.org/Versions/v3/3.5
|
Url: http://www.squid-cache.org/Versions/v3/3.5
|
||||||
Source0: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz
|
Source0: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz
|
||||||
Source1: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz.asc
|
Source1: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz.asc
|
||||||
|
|
||||||
Source3: squid.init
|
Source3: squid.init
|
||||||
Source4: squid.sysconfig
|
Source4: squid.sysconfig
|
||||||
Source5: pam.squid
|
Source5: pam.squid
|
||||||
@ -50,6 +49,10 @@ Patch103: squid-brokenad.patch
|
|||||||
Patch104: squid-old-kerberos.patch
|
Patch104: squid-old-kerberos.patch
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
|
# BuildRequires: autoconf
|
||||||
|
# BuildRequires: automake
|
||||||
|
# If you want to run unit tests, these also need mounted /dev/shm and /proc
|
||||||
|
# BuildRequires: cppunit-devel
|
||||||
BuildRequires: db-devel
|
BuildRequires: db-devel
|
||||||
# needed by bootstrap.sh
|
# needed by bootstrap.sh
|
||||||
BuildRequires: cyrus-sasl-devel
|
BuildRequires: cyrus-sasl-devel
|
||||||
@ -131,7 +134,7 @@ The most important of these new features are:
|
|||||||
%setup -q
|
%setup -q
|
||||||
cp %{SOURCE10} .
|
cp %{SOURCE10} .
|
||||||
# upstream patches after RELEASE
|
# upstream patches after RELEASE
|
||||||
#
|
|
||||||
##### other patches
|
##### other patches
|
||||||
%patch100
|
%patch100
|
||||||
perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"`
|
perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"`
|
||||||
@ -140,6 +143,7 @@ chmod a-x CREDITS
|
|||||||
%patch104
|
%patch104
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
# autoreconf -fi
|
||||||
export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
|
export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
|
||||||
export CXXFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
|
export CXXFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
|
||||||
export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro,-z,now -pie"
|
export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro,-z,now -pie"
|
||||||
|
Loading…
Reference in New Issue
Block a user