Accepting request 434591 from server:proxy

1

OBS-URL: https://build.opensuse.org/request/show/434591
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=41
This commit is contained in:
Dominique Leuenberger 2016-10-13 09:32:42 +00:00 committed by Git OBS Bridge
commit 239904fb8a
7 changed files with 98 additions and 28 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:37db73bd33ddd3503fe375bc3f2b47d9fb7309042e439ad3651f21d5dcf2d395
size 2319780

View File

@ -1,20 +0,0 @@
File: squid-3.5.20.tar.xz
Date: Fri Jul 1 13:49:42 UTC 2016
Size: 2319780
MD5 : 48fb18679a30606de98882528beab3a7
SHA1: 2bb6d3568e7167c9b99fea092a97287d0e430863
Key : 0xFF5CF463 <squid3@treenet.co.nz>
fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
keyring = http://www.squid-cache.org/pgp.asc
keyserver = subkeys.pgp.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJXdnW5AAoJELJo5wb/XPRjqzsH+wXT0yt47aqoGWI8D1YpRaW5
KPYvJdos0zPfgIPFWXxngH+ZpJcSPD21QuiEPS8BqISxm+/+By+0QIljITnHWFOV
/wo1nwL/IMissmD+9bksyBede+BsZdz1PSwl9V1MzvuGL4vwOC0UZD9RT9RYvMwj
Exfw80v/01bAVpV8U3tsBodk4Rz3AWIHhH2Tf9O2EZ/pIAtEHtDbkdLk81rSwNED
tL6yV/n+BoWgAPg/+YPVGRK/h5nD4tBkTD6YBCnxp5PJmybhvAjLr/J96PtPpHdC
or7Vx1lVpKvkXwZjn936+v4pqv19lsvKs5zLtGKBG2wMmoSIo2bf/bGhhT5kBDc=
=znHp
-----END PGP SIGNATURE-----

3
squid-3.5.22.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1ce95b469257abeb2ed8a1c0417812301c1ef5a4cc40ca504167daa470ad9358
size 2324164

19
squid-3.5.22.tar.xz.asc Normal file
View File

@ -0,0 +1,19 @@
File: squid-3.5.22.tar.xz
Date: Sun Oct 9 23:43:33 UTC 2016
Size: 2324164
MD5 : afb82d2748c06c95815c171463b4aa14
SHA1: 73e9199dd9d2a7f107f78d03454830713a4a571d
Key : 0xFF5CF463 <squid3@treenet.co.nz>
keyring = http://www.squid-cache.org/pgp.asc
keyserver = subkeys.pgp.net
-----BEGIN PGP SIGNATURE-----
iQEcBAABCAAGBQJX+tbSAAoJELJo5wb/XPRjl2gH/ReWuyxU88issJB6RDkqpg1z
ULCFIGXOZieUB1Ec+kh6gkothXfFSmec4U/3nx42N2e1cFlQby9lRY27e7T47na7
rA8ZiXc8gXNrE06GCtFXIR9AvRQrySAJMES6wJT4LigkfbS3wZt3PvUw+RUgGCcz
RC14yLwFgzaAR7d9RVgZWBIOXlz4NUvdlb/ri+kiHc2mfT09ikm9NX+t5wJ64MfI
S/U2tFJLDeqG0B4Sx/lnl35h7f2mk+c9DPfmTDkZSE1dJScE34GtEpehJQwZcxA9
EHgPwIP4BFIReywnCwhDMY17JDkC58gXyOBNjSd6v0PzyvXbSQLAYYJu1MKzKi8=
=JCC/
-----END PGP SIGNATURE-----

View File

@ -18,7 +18,7 @@ Index: helpers/external_acl/kerberos_ldap_group/support_krb5.cc
- debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name); - debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
- found = 1; - found = 1;
+ if (margs->brokenad == 1) { + if (margs->brokenad == 1) {
+ if (!strncmp(principal_name,"HTTP/",strlen("HTTP/"))==0){ + if (strncmp(principal_name,"HTTP/",strlen("HTTP/")) != 0){
+ debug((char *) "%s| %s: DEBUG: Found principal without 'HTTP/' service name: %s NOT USING IT\n", LogTime(), PROGRAM, principal_name); + debug((char *) "%s| %s: DEBUG: Found principal without 'HTTP/' service name: %s NOT USING IT\n", LogTime(), PROGRAM, principal_name);
+ } else { + } else {
+ debug((char *) "%s| %s: DEBUG: Found principal with 'HTTP/' service name: %s\n", LogTime(), PROGRAM, principal_name); + debug((char *) "%s| %s: DEBUG: Found principal with 'HTTP/' service name: %s\n", LogTime(), PROGRAM, principal_name);
@ -66,7 +66,7 @@ Index: helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc
fprintf(stderr, "-l ldap url\n"); fprintf(stderr, "-l ldap url\n");
fprintf(stderr, "-b ldap bind path\n"); fprintf(stderr, "-b ldap bind path\n");
fprintf(stderr, "-s use SSL encryption with Kerberos authentication\n"); fprintf(stderr, "-s use SSL encryption with Kerberos authentication\n");
+ fprintf(stderr, "-x force use of HTTP/ principal on ms ad 2008\n"); + fprintf(stderr, "-x force use of HTTP/ principal on MS AD 2008\n");
fprintf(stderr, "-a allow SSL without cert verification\n"); fprintf(stderr, "-a allow SSL without cert verification\n");
fprintf(stderr, "-m maximal depth for recursive searches\n"); fprintf(stderr, "-m maximal depth for recursive searches\n");
fprintf(stderr, "-h help\n"); fprintf(stderr, "-h help\n");

View File

@ -1,3 +1,70 @@
-------------------------------------------------------------------
Wed Oct 12 14:51:59 UTC 2016 - adam.majer@suse.de
- Update Squid to 3.5.22
* HTTP: MUST ignore a [revalidation] response with an older Date
header.
* Optimized/simplified buffering: Appending nothing is always
possible.
* Avoid segfaults when debugging section 4 at level 9.
* fix #4302 pt2: IPFilter v5 transparent interception
* Bug #4471: revalidation doesn't work when expired cached
object lacks Last-Modified.
* Bug #2833: Collapse internal revalidation requests
(SMP-unaware caches)
* Bug #3819: "fd >= 0" assertion in file_write() during
reconfiguration
* Do not leak url_rewrite_extras and store_id_extras on
reconfigure/shutdown.
* Fix potential ICAP null pointer dereference after rev.14082
* Fix logged request size (%http::>st) and other size-related
%codes.
-------------------------------------------------------------------
Tue Sep 13 15:32:34 UTC 2016 - adam.majer@suse.de
- Merge changes from SLE12 SP2 so we have identical packages
-------------------------------------------------------------------
Mon Sep 12 09:57:30 UTC 2016 - adam.majer@suse.de
- Update Squid to 3.5.21
* fix assertion failure in xcalloc when using many cache_dir
Squid is documented as supporting up to 64 cache directories,
but would crash with a memory allocation error if more than
a few were actually configured.
* fix authentication credentials IP TTL updated incorrectly
This bug caused error in max_user_ip ACL accounting to allow
clients to shift IP address more times than configured.
Fix may have an effect on IPv6 clients using "proviacy adressing"
to rotate IPs.
* fix mal-formed Cache-Control:stale-if-error header
This bug shows up as incorrect stale-if-error values being
relayed by Squid breaking the use of this feature in the
recipients. Squid now relays the header values correctly.
* fix Proxy-Authenticate problem using ICAP server
With this change Squid now treats the ICAP REQMOD adaptation
point as a part of itself with regards to proxy authentication.
The Proxy-Authentication header received from the client is
delivered as part of the HTTP request headers in expectation
that the ICAP service may authenticate and/or
produce 407 response itself.
* fix HTTP: MUST always revalidate Cache-Control:no-cache responses
This bug shows up as Squid not revalidating some responses until
they became stale according to refresh_pattern heuristic rules
(specifically the minimum caching age). Squid now revalidates
these objects on every request.
* fix HTTP: do not allow Proxy-Connection to override Connection
* fix SSL CN wildcard must only match a single domain fragment
This bug shows up as incorrect matching (or non-matching) of the
ss::server_name ACL against TLS certificate values. Squid now
treats the certificate CN fields according to X.509 domain
matching requirements instead of HTTP domain matching
requirements.
- squid-brokenad.patch
* propertly capitalize option name
* make the conditional if() not a riddle
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jul 18 08:05:42 UTC 2016 - adam.majer@suse.de Mon Jul 18 08:05:42 UTC 2016 - adam.majer@suse.de

View File

@ -20,7 +20,7 @@
%define squidconfdir %{_sysconfdir}/squid %define squidconfdir %{_sysconfdir}/squid
Name: squid Name: squid
Version: 3.5.20 Version: 3.5.22
Release: 0 Release: 0
Summary: A fully featured HTTP/1.0 proxy Summary: A fully featured HTTP/1.0 proxy
License: GPL-2.0+ License: GPL-2.0+
@ -28,7 +28,6 @@ Group: Productivity/Networking/Web/Proxy
Url: http://www.squid-cache.org/Versions/v3/3.5 Url: http://www.squid-cache.org/Versions/v3/3.5
Source0: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz Source0: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz
Source1: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz.asc Source1: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz.asc
Source3: squid.init Source3: squid.init
Source4: squid.sysconfig Source4: squid.sysconfig
Source5: pam.squid Source5: pam.squid
@ -50,6 +49,10 @@ Patch103: squid-brokenad.patch
Patch104: squid-old-kerberos.patch Patch104: squid-old-kerberos.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
# BuildRequires: autoconf
# BuildRequires: automake
# If you want to run unit tests, these also need mounted /dev/shm and /proc
# BuildRequires: cppunit-devel
BuildRequires: db-devel BuildRequires: db-devel
# needed by bootstrap.sh # needed by bootstrap.sh
BuildRequires: cyrus-sasl-devel BuildRequires: cyrus-sasl-devel
@ -131,7 +134,7 @@ The most important of these new features are:
%setup -q %setup -q
cp %{SOURCE10} . cp %{SOURCE10} .
# upstream patches after RELEASE # upstream patches after RELEASE
#
##### other patches ##### other patches
%patch100 %patch100
perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"` perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"`
@ -140,6 +143,7 @@ chmod a-x CREDITS
%patch104 %patch104
%build %build
# autoreconf -fi
export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF" export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
export CXXFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF" export CXXFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro,-z,now -pie" export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro,-z,now -pie"