Accepting request 226329 from server:proxy

update to 3.4.4

OBS-URL: https://build.opensuse.org/request/show/226329
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=17
This commit is contained in:
Stephan Kulow 2014-03-18 13:07:03 +00:00 committed by Git OBS Bridge
commit 3784cd6b45
10 changed files with 198 additions and 35 deletions

View File

@ -2,10 +2,10 @@
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.69">
<TITLE>Squid 3.4.2 release notes</TITLE>
<TITLE>Squid 3.4.4 release notes</TITLE>
</HEAD>
<BODY>
<H1>Squid 3.4.2 release notes</H1>
<H1>Squid 3.4.4 release notes</H1>
<H2>Squid Developers</H2>
<HR>
@ -57,7 +57,7 @@ for Applied Network Research and members of the Web Caching community.</EM>
<HR>
<H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
<P>The Squid Team are pleased to announce the release of Squid-3.4.2 for testing.</P>
<P>The Squid Team are pleased to announce the release of Squid-3.4.4 for testing.</P>
<P>This new release is available for download from
<A HREF="http://www.squid-cache.org/Versions/v3/3.4/">http://www.squid-cache.org/Versions/v3/3.4/</A> or the
<A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html">mirrors</A>.</P>
@ -505,6 +505,12 @@ and to silence NAT lookup failure messages on recent BSD.</P>
the getsockname() API in recent PF versions require <EM>--with-nat-devpf</EM>
to re-enable /dev/pf support when using PF firewall.</P>
<DT><B>--disable-translation</B><DD>
<P>Default changed to prevent translating error page templates during build.
Use --enable-translation to explicitly build and install the templates.</P>
<P>The latest pre-translated templates can be downloaded from
<A HREF="http://www.squid-cache.org/Versions/langpack/">http://www.squid-cache.org/Versions/langpack/</A></P>
</DL>
</P>
<H2><A NAME="removedoptions"></A> <A NAME="ss4.3">4.3</A> <A HREF="#toc4.3">Removed options</A>

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:bc1f2c3e2b2d8975bfc3745419a6c5bfcbb4716b6cd04011303610b77b19b454
size 2812777

View File

@ -1,20 +0,0 @@
File: squid-3.4.2.tar.bz2
Date: Mon Dec 30 11:52:11 UTC 2013
Size: 2812777
MD5 : 7ec46965bc58bc927e81869805a25241
SHA1: 0b96ee7502b21c69b5f9bd8d2c113b35dd58ecf0
Key : 0xFF5CF463 <squid3@treenet.co.nz>
fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
keyring = http://www.squid-cache.org/pgp.asc
keyserver = subkeys.pgp.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQEcBAABAgAGBQJSwWThAAoJELJo5wb/XPRjdhgIAIjPMGSUDhylA56CEH5NAXg7
yevT8tC6D3dFhQLtXt8a0sT4ULzMwvXGvH/lYBrEyn8mO8tcU145AJldCAKA3tGS
j1EmB48w5Vu7R4rkfEpwraYS1y4X/hM1nqv0On78yvAOueau6E2Ti5bbkPKCU0xB
oP1YPv+WoLGQtvpgjO9EhX/uVTF+cnCWUwediq9EulAtnkkXAZnJlXgNoJW7cBFv
YhLKpds4Ge/LO0jsPp7j6BsOOhbpvIOmMiELCepZ8hk9Cxm7VeCMrFzI069tUiWs
TQGvblf32oVhlFWRNkVZI4ZPINXmGPPHT2t4f33Lrep0EawQDnFQfoJxOi2VUUM=
=Ugn1
-----END PGP SIGNATURE-----

3
squid-3.4.4.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d15e7cc8b1cb25b1b552d938e622819a9cbf5c5bbb517875709a6088bbd3d1e5
size 2812380

20
squid-3.4.4.tar.bz2.asc Normal file
View File

@ -0,0 +1,20 @@
File: squid-3.4.4.tar.bz2
Date: Sun Mar 9 10:06:07 UTC 2014
Size: 2812380
MD5 : f9c7dd495e45042cc162d89cfbb97cc0
SHA1: 1d5db3970d4a8bd460315d90253c5c20d96abdad
Key : 0xFF5CF463 <squid3@treenet.co.nz>
fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
keyring = http://www.squid-cache.org/pgp.asc
keyserver = subkeys.pgp.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJTHD43AAoJELJo5wb/XPRjD/QH/3GMK+VPmnP5QiMgr995Zp+o
ZHfQoVXO679Mq55Yv53ZSCE8xUGtqwaabm/3pP+U1URrs2kTJV+392fN43RmZ7R+
11zvIXJD3/dGAHAKQlxELMskWNNAdQWCpXGhKaJFU0ghvqlGpq1hLx2M5DqOgJBU
DoFLFUQdKLPU8n1PwnY3SKdT3q3VxpSVbaUx+doQnsNW2Fj2NBj/kb2TQy/1UmyF
FWVpn6Gr3BMCrl4uiw1yiCdHty61Tt6BH6swjA7sQjcenMLWQjNzRzGgM4TfhlvR
czHrrJDbpNZ7Z8NBGvyAYBQmsFRxNm51yIFmpRst+PJBZuNJFW4RB9lek1hWsuk=
=zJQN
-----END PGP SIGNATURE-----

106
squid-brokenad.patch Normal file
View File

@ -0,0 +1,106 @@
Index: helpers/external_acl/kerberos_ldap_group/support_krb5.cc
===================================================================
--- helpers/external_acl/kerberos_ldap_group/support_krb5.cc.orig
+++ helpers/external_acl/kerberos_ldap_group/support_krb5.cc
@@ -52,7 +52,7 @@ krb5_cleanup()
* create Kerberos memory cache
*/
int
-krb5_create_cache(char *domain)
+krb5_create_cache(struct main_args *margs, char *domain)
{
krb5_keytab keytab = 0;
@@ -130,8 +130,17 @@ krb5_create_cache(char *domain)
if (code) {
error((char *) "%s| %s: ERROR: Error while unparsing principal name : %s\n", LogTime(), PROGRAM, error_message(code));
} else {
- debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
- found = 1;
+ if (margs->brokenad == 1) {
+ if (!strncmp(principal_name,"HTTP/",strlen("HTTP/"))==0){
+ debug((char *) "%s| %s: DEBUG: Found principal without 'HTTP/' service name: %s NOT USING IT\n", LogTime(), PROGRAM, principal_name);
+ } else {
+ debug((char *) "%s| %s: DEBUG: Found principal with 'HTTP/' service name: %s\n", LogTime(), PROGRAM, principal_name);
+ found = 1;
+ }
+ } else {
+ debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
+ found = 1;
+ }
}
}
#if defined(HAVE_HEIMDAL_KERBEROS) || ( defined(HAVE_KRB5_KT_FREE_ENTRY) && HAVE_DECL_KRB5_KT_FREE_ENTRY==1)
Index: helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc
===================================================================
--- helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc.orig
+++ helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc
@@ -57,6 +57,7 @@ init_args(struct main_args *margs)
margs->rc_allow = 0;
margs->AD = 0;
margs->mdepth = 5;
+ margs->brokenad = 0;
margs->ddomain = NULL;
margs->groups = NULL;
margs->ndoms = NULL;
@@ -176,7 +177,7 @@ main(int argc, char *const argv[])
init_args(&margs);
- while (-1 != (opt = getopt(argc, argv, "diasg:D:N:S:u:U:t:T:p:l:b:m:h"))) {
+ while (-1 != (opt = getopt(argc, argv, "diasxg:D:N:S:u:U:t:T:p:l:b:m:h"))) {
switch (opt) {
case 'd':
debug_enabled = 1;
@@ -228,6 +229,9 @@ main(int argc, char *const argv[])
case 'S':
margs.llist = xstrdup(optarg);
break;
+ case 'x':
+ margs.brokenad = 1;
+ break;
case 'h':
fprintf(stderr, "Usage: \n");
fprintf(stderr, "squid_kerb_ldap [-d] [-i] -g group list [-D domain] [-N netbios domain map] [-s] [-u ldap user] [-p ldap user password] [-l ldap url] [-b ldap bind path] [-a] [-m max depth] [-h]\n");
@@ -244,6 +248,7 @@ main(int argc, char *const argv[])
fprintf(stderr, "-l ldap url\n");
fprintf(stderr, "-b ldap bind path\n");
fprintf(stderr, "-s use SSL encryption with Kerberos authentication\n");
+ fprintf(stderr, "-x force use of HTTP/ principal on ms ad 2008\n");
fprintf(stderr, "-a allow SSL without cert verification\n");
fprintf(stderr, "-m maximal depth for recursive searches\n");
fprintf(stderr, "-h help\n");
Index: helpers/external_acl/kerberos_ldap_group/support.h
===================================================================
--- helpers/external_acl/kerberos_ldap_group/support.h.orig
+++ helpers/external_acl/kerberos_ldap_group/support.h
@@ -97,6 +97,7 @@ struct main_args {
int rc_allow;
int AD;
int mdepth;
+ int brokenad;
char *ddomain;
struct gdstruct *groups;
struct ndstruct *ndoms;
@@ -156,7 +157,7 @@ int create_nd(struct main_args *margs);
int create_ls(struct main_args *margs);
#ifdef HAVE_KRB5
-int krb5_create_cache(char *domain);
+int krb5_create_cache(struct main_args *margs, char *domain);
void krb5_cleanup(void);
#endif
Index: helpers/external_acl/kerberos_ldap_group/support_ldap.cc
===================================================================
--- helpers/external_acl/kerberos_ldap_group/support_ldap.cc.orig
+++ helpers/external_acl/kerberos_ldap_group/support_ldap.cc
@@ -801,7 +801,7 @@ get_memberof(struct main_args *margs, ch
debug((char *) "%s| %s: DEBUG: Setup Kerberos credential cache\n", LogTime(), PROGRAM);
#ifdef HAVE_KRB5
- kc = krb5_create_cache(domain);
+ kc = krb5_create_cache(margs,domain);
if (kc) {
error((char *) "%s| %s: ERROR: Error during setup of Kerberos credential cache\n", LogTime(), PROGRAM);
}

View File

@ -15,7 +15,7 @@ Index: src/Makefile.in
===================================================================
--- src/Makefile.in.orig
+++ src/Makefile.in
@@ -7294,7 +7294,7 @@ cache_cf.o: cf_parser.cci
@@ -7295,7 +7295,7 @@ cache_cf.o: cf_parser.cci
# cf_gen builds the configuration files.
cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES) cf_gen_defines.cci

View File

@ -2,7 +2,7 @@ Index: helpers/basic_auth/fake/fake.cc
===================================================================
--- helpers/basic_auth/fake/fake.cc.orig
+++ helpers/basic_auth/fake/fake.cc
@@ -74,7 +74,7 @@ main(int argc, char *argv[])
@@ -96,7 +96,7 @@ main(int argc, char *argv[])
process_options(argc, argv);
@ -11,7 +11,7 @@ Index: helpers/basic_auth/fake/fake.cc
while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) {
char *p;
@@ -90,6 +90,6 @@ main(int argc, char *argv[])
@@ -112,6 +112,6 @@ main(int argc, char *argv[])
/* send 'OK' result back to Squid */
SEND_OK("");
}
@ -103,7 +103,7 @@ Index: helpers/url_rewrite/fake/fake.cc
===================================================================
--- helpers/url_rewrite/fake/fake.cc.orig
+++ helpers/url_rewrite/fake/fake.cc
@@ -79,7 +79,7 @@ main(int argc, char *argv[])
@@ -101,7 +101,7 @@ main(int argc, char *argv[])
process_options(argc, argv);
@ -112,7 +112,7 @@ Index: helpers/url_rewrite/fake/fake.cc
while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) {
char *p;
@@ -95,6 +95,6 @@ main(int argc, char *argv[])
@@ -117,6 +117,6 @@ main(int argc, char *argv[])
/* send 'no-change' result back to Squid */
fprintf(stdout,"\n");
}

View File

@ -1,3 +1,51 @@
-------------------------------------------------------------------
Sun Mar 16 08:54:50 UTC 2014 - boris@steki.net
- added patch to force kerberos principalname handling
( http://bugs.squid-cache.org/show_bug.cgi?id=4042 )
* squid-brokenad.patch
-------------------------------------------------------------------
Sat Mar 15 12:11:30 UTC 2014 - chris@computersalat.de
- Changes to squid-3.4.4 (09 Mar 2014):
* Bug 4029: intercepted HTTPS requests bypass caching checks
* Bug 4001: remove use of strsep()
* Bug 3186 and 3628: Digest authentication always sending stale=false for nonce
* Fix stalled concurrent rock store reads
* Fix helper ID number assignment
* Fix build failures from CMSG related definitions
* Fix build failures from libcompat unsafe.h protections
* Copyright: Relicense helpers by Treehouse Networks Ltd.
* ... and all bug fixes from 3.3.12
- fix for bnc#743563
* fix spec(post): remove SLE_10 permissions stuff
- rebased patches:
* squid-compiled_without_RPM_OPT_FLAGS.patch
* squid-nobuilddates.patch
-------------------------------------------------------------------
Fri Mar 14 14:34:27 UTC 2014 - boris@steki.net
- add ssl bump to build config
-------------------------------------------------------------------
Thu Feb 27 13:26:24 UTC 2014 - chris@computersalat.de
- Changes to squid-3.4.3 (02 Feb 2014):
* Bug 4008: HttpHeader warnOnError should be an int not a bool
* Bug 4002: clang 3.4 unable to compile
* Bug 3996: Malformed DNS reply leads to crash
* Bug 3995: compile error on CentOS 5 with GCC 4.1.2
* Bug 3975: atomic detection cross-compilation failure
* Bug 3971: "cannot aggregate mgr:client_list: cmd->profile != NULL" in SMP mode
* Bug 3954: compile failure in CpuAffinity.cc
* Bug 3927: tests/testRock fatal.cc required
* Fix memory leak in peer Cache Digest exchange
* Fix external_acl_type async loop failures
* Fix destination IP address cycling
* ... and a few polishing changes
-------------------------------------------------------------------
Tue Jan 7 19:45:22 UTC 2014 - chris@computersalat.de

View File

@ -24,7 +24,7 @@ Name: squid
Summary: Squid Version 3.3 WWW Proxy Server
License: GPL-2.0+
Group: Productivity/Networking/Web/Proxy
Version: 3.4.2
Version: 3.4.4
Release: 0
Url: http://www.squid-cache.org/Versions/v3/3.4
#Source0: http://www.squid-cache.org/Versions/v3/3.3/%{name}-%{version}%{snap}.tar.bz2
@ -60,6 +60,8 @@ Patch101: %{name}-nobuilddates.patch
## File is compiled without RPM_OPT_FLAGS
# squid3 no-rpm-opt-flags <cmdline>:./cf_gen.cc
Patch102: %{name}-compiled_without_RPM_OPT_FLAGS.patch
# patch fixes kerberos principalname handling (http://bugs.squid-cache.org/show_bug.cgi?id=4042)
Patch103: squid-brokenad.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: %fillup_prereq
PreReq: %insserv_prereq
@ -136,6 +138,7 @@ perl -p -i -e 's|/usr/local/bin/perl|/usr/bin/perl|' `find -name "*.pl"`
chmod a-x CREDITS
%patch101
%patch102
%patch103
%build
export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
@ -162,6 +165,7 @@ export LDFLAGS='-Wl,-z,relro,-z,now -pie'
--enable-kill-parent-hack \
--enable-arp-acl \
--enable-ssl \
--enable-ssl-crtd \
--enable-forw-via-db \
--enable-cache-digests \
--enable-linux-netfilter \
@ -218,6 +222,7 @@ mv %{buildroot}%{_sbindir}/cachemgr.cgi %{buildroot}/%{_libdir}/%{name}
install -d -m 755 doc/contrib
install %{SOURCE6} doc/contrib
install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/%{name}
install -D -m 644 ./helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 %{buildroot}%{_mandir}/man8/ext_kerberos_ldap_group_acl.8
rm -rf %{buildroot}%{squidconfdir}/errors
for i in errors/*; do
@ -261,9 +266,6 @@ fi
%endif
%post
%if 0%{?sles_version} == 10
sed -i -e "s,\(^%{_sbindir}/pam_auth.*\)\(2755\),\14755," /etc/permissions.secure
%endif
%if 0%{?suse_version} >= 1140
%set_permissions %{_localstatedir}/cache/%{name}
%set_permissions %{_localstatedir}/log/%{name}
@ -375,6 +377,7 @@ fi
%{_sbindir}/pinger
%{_sbindir}/rc%{name}
%{_sbindir}/%{name}
%{_sbindir}/ssl_crtd
%{_sbindir}/storeid_file_rewrite
%{_sbindir}/unlinkd
%{_sbindir}/url_fake_rewrite