Accepting request 226329 from server:proxy
update to 3.4.4 OBS-URL: https://build.opensuse.org/request/show/226329 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=17
This commit is contained in:
commit
3784cd6b45
@ -2,10 +2,10 @@
|
||||
<HTML>
|
||||
<HEAD>
|
||||
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.69">
|
||||
<TITLE>Squid 3.4.2 release notes</TITLE>
|
||||
<TITLE>Squid 3.4.4 release notes</TITLE>
|
||||
</HEAD>
|
||||
<BODY>
|
||||
<H1>Squid 3.4.2 release notes</H1>
|
||||
<H1>Squid 3.4.4 release notes</H1>
|
||||
|
||||
<H2>Squid Developers</H2>
|
||||
<HR>
|
||||
@ -57,7 +57,7 @@ for Applied Network Research and members of the Web Caching community.</EM>
|
||||
<HR>
|
||||
<H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
|
||||
|
||||
<P>The Squid Team are pleased to announce the release of Squid-3.4.2 for testing.</P>
|
||||
<P>The Squid Team are pleased to announce the release of Squid-3.4.4 for testing.</P>
|
||||
<P>This new release is available for download from
|
||||
<A HREF="http://www.squid-cache.org/Versions/v3/3.4/">http://www.squid-cache.org/Versions/v3/3.4/</A> or the
|
||||
<A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html">mirrors</A>.</P>
|
||||
@ -505,6 +505,12 @@ and to silence NAT lookup failure messages on recent BSD.</P>
|
||||
the getsockname() API in recent PF versions require <EM>--with-nat-devpf</EM>
|
||||
to re-enable /dev/pf support when using PF firewall.</P>
|
||||
|
||||
<DT><B>--disable-translation</B><DD>
|
||||
<P>Default changed to prevent translating error page templates during build.
|
||||
Use --enable-translation to explicitly build and install the templates.</P>
|
||||
<P>The latest pre-translated templates can be downloaded from
|
||||
<A HREF="http://www.squid-cache.org/Versions/langpack/">http://www.squid-cache.org/Versions/langpack/</A></P>
|
||||
|
||||
</DL>
|
||||
</P>
|
||||
<H2><A NAME="removedoptions"></A> <A NAME="ss4.3">4.3</A> <A HREF="#toc4.3">Removed options</A>
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:bc1f2c3e2b2d8975bfc3745419a6c5bfcbb4716b6cd04011303610b77b19b454
|
||||
size 2812777
|
@ -1,20 +0,0 @@
|
||||
File: squid-3.4.2.tar.bz2
|
||||
Date: Mon Dec 30 11:52:11 UTC 2013
|
||||
Size: 2812777
|
||||
MD5 : 7ec46965bc58bc927e81869805a25241
|
||||
SHA1: 0b96ee7502b21c69b5f9bd8d2c113b35dd58ecf0
|
||||
Key : 0xFF5CF463 <squid3@treenet.co.nz>
|
||||
fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
|
||||
keyring = http://www.squid-cache.org/pgp.asc
|
||||
keyserver = subkeys.pgp.net
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1.4.15 (GNU/Linux)
|
||||
|
||||
iQEcBAABAgAGBQJSwWThAAoJELJo5wb/XPRjdhgIAIjPMGSUDhylA56CEH5NAXg7
|
||||
yevT8tC6D3dFhQLtXt8a0sT4ULzMwvXGvH/lYBrEyn8mO8tcU145AJldCAKA3tGS
|
||||
j1EmB48w5Vu7R4rkfEpwraYS1y4X/hM1nqv0On78yvAOueau6E2Ti5bbkPKCU0xB
|
||||
oP1YPv+WoLGQtvpgjO9EhX/uVTF+cnCWUwediq9EulAtnkkXAZnJlXgNoJW7cBFv
|
||||
YhLKpds4Ge/LO0jsPp7j6BsOOhbpvIOmMiELCepZ8hk9Cxm7VeCMrFzI069tUiWs
|
||||
TQGvblf32oVhlFWRNkVZI4ZPINXmGPPHT2t4f33Lrep0EawQDnFQfoJxOi2VUUM=
|
||||
=Ugn1
|
||||
-----END PGP SIGNATURE-----
|
3
squid-3.4.4.tar.bz2
Normal file
3
squid-3.4.4.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:d15e7cc8b1cb25b1b552d938e622819a9cbf5c5bbb517875709a6088bbd3d1e5
|
||||
size 2812380
|
20
squid-3.4.4.tar.bz2.asc
Normal file
20
squid-3.4.4.tar.bz2.asc
Normal file
@ -0,0 +1,20 @@
|
||||
File: squid-3.4.4.tar.bz2
|
||||
Date: Sun Mar 9 10:06:07 UTC 2014
|
||||
Size: 2812380
|
||||
MD5 : f9c7dd495e45042cc162d89cfbb97cc0
|
||||
SHA1: 1d5db3970d4a8bd460315d90253c5c20d96abdad
|
||||
Key : 0xFF5CF463 <squid3@treenet.co.nz>
|
||||
fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
|
||||
keyring = http://www.squid-cache.org/pgp.asc
|
||||
keyserver = subkeys.pgp.net
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1
|
||||
|
||||
iQEcBAABAgAGBQJTHD43AAoJELJo5wb/XPRjD/QH/3GMK+VPmnP5QiMgr995Zp+o
|
||||
ZHfQoVXO679Mq55Yv53ZSCE8xUGtqwaabm/3pP+U1URrs2kTJV+392fN43RmZ7R+
|
||||
11zvIXJD3/dGAHAKQlxELMskWNNAdQWCpXGhKaJFU0ghvqlGpq1hLx2M5DqOgJBU
|
||||
DoFLFUQdKLPU8n1PwnY3SKdT3q3VxpSVbaUx+doQnsNW2Fj2NBj/kb2TQy/1UmyF
|
||||
FWVpn6Gr3BMCrl4uiw1yiCdHty61Tt6BH6swjA7sQjcenMLWQjNzRzGgM4TfhlvR
|
||||
czHrrJDbpNZ7Z8NBGvyAYBQmsFRxNm51yIFmpRst+PJBZuNJFW4RB9lek1hWsuk=
|
||||
=zJQN
|
||||
-----END PGP SIGNATURE-----
|
106
squid-brokenad.patch
Normal file
106
squid-brokenad.patch
Normal file
@ -0,0 +1,106 @@
|
||||
Index: helpers/external_acl/kerberos_ldap_group/support_krb5.cc
|
||||
===================================================================
|
||||
--- helpers/external_acl/kerberos_ldap_group/support_krb5.cc.orig
|
||||
+++ helpers/external_acl/kerberos_ldap_group/support_krb5.cc
|
||||
@@ -52,7 +52,7 @@ krb5_cleanup()
|
||||
* create Kerberos memory cache
|
||||
*/
|
||||
int
|
||||
-krb5_create_cache(char *domain)
|
||||
+krb5_create_cache(struct main_args *margs, char *domain)
|
||||
{
|
||||
|
||||
krb5_keytab keytab = 0;
|
||||
@@ -130,8 +130,17 @@ krb5_create_cache(char *domain)
|
||||
if (code) {
|
||||
error((char *) "%s| %s: ERROR: Error while unparsing principal name : %s\n", LogTime(), PROGRAM, error_message(code));
|
||||
} else {
|
||||
- debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
|
||||
- found = 1;
|
||||
+ if (margs->brokenad == 1) {
|
||||
+ if (!strncmp(principal_name,"HTTP/",strlen("HTTP/"))==0){
|
||||
+ debug((char *) "%s| %s: DEBUG: Found principal without 'HTTP/' service name: %s NOT USING IT\n", LogTime(), PROGRAM, principal_name);
|
||||
+ } else {
|
||||
+ debug((char *) "%s| %s: DEBUG: Found principal with 'HTTP/' service name: %s\n", LogTime(), PROGRAM, principal_name);
|
||||
+ found = 1;
|
||||
+ }
|
||||
+ } else {
|
||||
+ debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
|
||||
+ found = 1;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
#if defined(HAVE_HEIMDAL_KERBEROS) || ( defined(HAVE_KRB5_KT_FREE_ENTRY) && HAVE_DECL_KRB5_KT_FREE_ENTRY==1)
|
||||
Index: helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc
|
||||
===================================================================
|
||||
--- helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc.orig
|
||||
+++ helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc
|
||||
@@ -57,6 +57,7 @@ init_args(struct main_args *margs)
|
||||
margs->rc_allow = 0;
|
||||
margs->AD = 0;
|
||||
margs->mdepth = 5;
|
||||
+ margs->brokenad = 0;
|
||||
margs->ddomain = NULL;
|
||||
margs->groups = NULL;
|
||||
margs->ndoms = NULL;
|
||||
@@ -176,7 +177,7 @@ main(int argc, char *const argv[])
|
||||
|
||||
init_args(&margs);
|
||||
|
||||
- while (-1 != (opt = getopt(argc, argv, "diasg:D:N:S:u:U:t:T:p:l:b:m:h"))) {
|
||||
+ while (-1 != (opt = getopt(argc, argv, "diasxg:D:N:S:u:U:t:T:p:l:b:m:h"))) {
|
||||
switch (opt) {
|
||||
case 'd':
|
||||
debug_enabled = 1;
|
||||
@@ -228,6 +229,9 @@ main(int argc, char *const argv[])
|
||||
case 'S':
|
||||
margs.llist = xstrdup(optarg);
|
||||
break;
|
||||
+ case 'x':
|
||||
+ margs.brokenad = 1;
|
||||
+ break;
|
||||
case 'h':
|
||||
fprintf(stderr, "Usage: \n");
|
||||
fprintf(stderr, "squid_kerb_ldap [-d] [-i] -g group list [-D domain] [-N netbios domain map] [-s] [-u ldap user] [-p ldap user password] [-l ldap url] [-b ldap bind path] [-a] [-m max depth] [-h]\n");
|
||||
@@ -244,6 +248,7 @@ main(int argc, char *const argv[])
|
||||
fprintf(stderr, "-l ldap url\n");
|
||||
fprintf(stderr, "-b ldap bind path\n");
|
||||
fprintf(stderr, "-s use SSL encryption with Kerberos authentication\n");
|
||||
+ fprintf(stderr, "-x force use of HTTP/ principal on ms ad 2008\n");
|
||||
fprintf(stderr, "-a allow SSL without cert verification\n");
|
||||
fprintf(stderr, "-m maximal depth for recursive searches\n");
|
||||
fprintf(stderr, "-h help\n");
|
||||
Index: helpers/external_acl/kerberos_ldap_group/support.h
|
||||
===================================================================
|
||||
--- helpers/external_acl/kerberos_ldap_group/support.h.orig
|
||||
+++ helpers/external_acl/kerberos_ldap_group/support.h
|
||||
@@ -97,6 +97,7 @@ struct main_args {
|
||||
int rc_allow;
|
||||
int AD;
|
||||
int mdepth;
|
||||
+ int brokenad;
|
||||
char *ddomain;
|
||||
struct gdstruct *groups;
|
||||
struct ndstruct *ndoms;
|
||||
@@ -156,7 +157,7 @@ int create_nd(struct main_args *margs);
|
||||
int create_ls(struct main_args *margs);
|
||||
|
||||
#ifdef HAVE_KRB5
|
||||
-int krb5_create_cache(char *domain);
|
||||
+int krb5_create_cache(struct main_args *margs, char *domain);
|
||||
void krb5_cleanup(void);
|
||||
#endif
|
||||
|
||||
Index: helpers/external_acl/kerberos_ldap_group/support_ldap.cc
|
||||
===================================================================
|
||||
--- helpers/external_acl/kerberos_ldap_group/support_ldap.cc.orig
|
||||
+++ helpers/external_acl/kerberos_ldap_group/support_ldap.cc
|
||||
@@ -801,7 +801,7 @@ get_memberof(struct main_args *margs, ch
|
||||
debug((char *) "%s| %s: DEBUG: Setup Kerberos credential cache\n", LogTime(), PROGRAM);
|
||||
|
||||
#ifdef HAVE_KRB5
|
||||
- kc = krb5_create_cache(domain);
|
||||
+ kc = krb5_create_cache(margs,domain);
|
||||
if (kc) {
|
||||
error((char *) "%s| %s: ERROR: Error during setup of Kerberos credential cache\n", LogTime(), PROGRAM);
|
||||
}
|
@ -15,7 +15,7 @@ Index: src/Makefile.in
|
||||
===================================================================
|
||||
--- src/Makefile.in.orig
|
||||
+++ src/Makefile.in
|
||||
@@ -7294,7 +7294,7 @@ cache_cf.o: cf_parser.cci
|
||||
@@ -7295,7 +7295,7 @@ cache_cf.o: cf_parser.cci
|
||||
|
||||
# cf_gen builds the configuration files.
|
||||
cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES) cf_gen_defines.cci
|
||||
|
@ -2,7 +2,7 @@ Index: helpers/basic_auth/fake/fake.cc
|
||||
===================================================================
|
||||
--- helpers/basic_auth/fake/fake.cc.orig
|
||||
+++ helpers/basic_auth/fake/fake.cc
|
||||
@@ -74,7 +74,7 @@ main(int argc, char *argv[])
|
||||
@@ -96,7 +96,7 @@ main(int argc, char *argv[])
|
||||
|
||||
process_options(argc, argv);
|
||||
|
||||
@ -11,7 +11,7 @@ Index: helpers/basic_auth/fake/fake.cc
|
||||
|
||||
while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) {
|
||||
char *p;
|
||||
@@ -90,6 +90,6 @@ main(int argc, char *argv[])
|
||||
@@ -112,6 +112,6 @@ main(int argc, char *argv[])
|
||||
/* send 'OK' result back to Squid */
|
||||
SEND_OK("");
|
||||
}
|
||||
@ -103,7 +103,7 @@ Index: helpers/url_rewrite/fake/fake.cc
|
||||
===================================================================
|
||||
--- helpers/url_rewrite/fake/fake.cc.orig
|
||||
+++ helpers/url_rewrite/fake/fake.cc
|
||||
@@ -79,7 +79,7 @@ main(int argc, char *argv[])
|
||||
@@ -101,7 +101,7 @@ main(int argc, char *argv[])
|
||||
|
||||
process_options(argc, argv);
|
||||
|
||||
@ -112,7 +112,7 @@ Index: helpers/url_rewrite/fake/fake.cc
|
||||
|
||||
while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) {
|
||||
char *p;
|
||||
@@ -95,6 +95,6 @@ main(int argc, char *argv[])
|
||||
@@ -117,6 +117,6 @@ main(int argc, char *argv[])
|
||||
/* send 'no-change' result back to Squid */
|
||||
fprintf(stdout,"\n");
|
||||
}
|
||||
|
@ -1,3 +1,51 @@
|
||||
-------------------------------------------------------------------
|
||||
Sun Mar 16 08:54:50 UTC 2014 - boris@steki.net
|
||||
|
||||
- added patch to force kerberos principalname handling
|
||||
( http://bugs.squid-cache.org/show_bug.cgi?id=4042 )
|
||||
* squid-brokenad.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Mar 15 12:11:30 UTC 2014 - chris@computersalat.de
|
||||
|
||||
- Changes to squid-3.4.4 (09 Mar 2014):
|
||||
* Bug 4029: intercepted HTTPS requests bypass caching checks
|
||||
* Bug 4001: remove use of strsep()
|
||||
* Bug 3186 and 3628: Digest authentication always sending stale=false for nonce
|
||||
* Fix stalled concurrent rock store reads
|
||||
* Fix helper ID number assignment
|
||||
* Fix build failures from CMSG related definitions
|
||||
* Fix build failures from libcompat unsafe.h protections
|
||||
* Copyright: Relicense helpers by Treehouse Networks Ltd.
|
||||
* ... and all bug fixes from 3.3.12
|
||||
- fix for bnc#743563
|
||||
* fix spec(post): remove SLE_10 permissions stuff
|
||||
- rebased patches:
|
||||
* squid-compiled_without_RPM_OPT_FLAGS.patch
|
||||
* squid-nobuilddates.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 14 14:34:27 UTC 2014 - boris@steki.net
|
||||
|
||||
- add ssl bump to build config
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 27 13:26:24 UTC 2014 - chris@computersalat.de
|
||||
|
||||
- Changes to squid-3.4.3 (02 Feb 2014):
|
||||
* Bug 4008: HttpHeader warnOnError should be an int not a bool
|
||||
* Bug 4002: clang 3.4 unable to compile
|
||||
* Bug 3996: Malformed DNS reply leads to crash
|
||||
* Bug 3995: compile error on CentOS 5 with GCC 4.1.2
|
||||
* Bug 3975: atomic detection cross-compilation failure
|
||||
* Bug 3971: "cannot aggregate mgr:client_list: cmd->profile != NULL" in SMP mode
|
||||
* Bug 3954: compile failure in CpuAffinity.cc
|
||||
* Bug 3927: tests/testRock fatal.cc required
|
||||
* Fix memory leak in peer Cache Digest exchange
|
||||
* Fix external_acl_type async loop failures
|
||||
* Fix destination IP address cycling
|
||||
* ... and a few polishing changes
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 7 19:45:22 UTC 2014 - chris@computersalat.de
|
||||
|
||||
|
11
squid.spec
11
squid.spec
@ -24,7 +24,7 @@ Name: squid
|
||||
Summary: Squid Version 3.3 WWW Proxy Server
|
||||
License: GPL-2.0+
|
||||
Group: Productivity/Networking/Web/Proxy
|
||||
Version: 3.4.2
|
||||
Version: 3.4.4
|
||||
Release: 0
|
||||
Url: http://www.squid-cache.org/Versions/v3/3.4
|
||||
#Source0: http://www.squid-cache.org/Versions/v3/3.3/%{name}-%{version}%{snap}.tar.bz2
|
||||
@ -60,6 +60,8 @@ Patch101: %{name}-nobuilddates.patch
|
||||
## File is compiled without RPM_OPT_FLAGS
|
||||
# squid3 no-rpm-opt-flags <cmdline>:./cf_gen.cc
|
||||
Patch102: %{name}-compiled_without_RPM_OPT_FLAGS.patch
|
||||
# patch fixes kerberos principalname handling (http://bugs.squid-cache.org/show_bug.cgi?id=4042)
|
||||
Patch103: squid-brokenad.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
PreReq: %fillup_prereq
|
||||
PreReq: %insserv_prereq
|
||||
@ -136,6 +138,7 @@ perl -p -i -e 's|/usr/local/bin/perl|/usr/bin/perl|' `find -name "*.pl"`
|
||||
chmod a-x CREDITS
|
||||
%patch101
|
||||
%patch102
|
||||
%patch103
|
||||
|
||||
%build
|
||||
export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
|
||||
@ -162,6 +165,7 @@ export LDFLAGS='-Wl,-z,relro,-z,now -pie'
|
||||
--enable-kill-parent-hack \
|
||||
--enable-arp-acl \
|
||||
--enable-ssl \
|
||||
--enable-ssl-crtd \
|
||||
--enable-forw-via-db \
|
||||
--enable-cache-digests \
|
||||
--enable-linux-netfilter \
|
||||
@ -218,6 +222,7 @@ mv %{buildroot}%{_sbindir}/cachemgr.cgi %{buildroot}/%{_libdir}/%{name}
|
||||
install -d -m 755 doc/contrib
|
||||
install %{SOURCE6} doc/contrib
|
||||
install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/%{name}
|
||||
install -D -m 644 ./helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 %{buildroot}%{_mandir}/man8/ext_kerberos_ldap_group_acl.8
|
||||
|
||||
rm -rf %{buildroot}%{squidconfdir}/errors
|
||||
for i in errors/*; do
|
||||
@ -261,9 +266,6 @@ fi
|
||||
%endif
|
||||
|
||||
%post
|
||||
%if 0%{?sles_version} == 10
|
||||
sed -i -e "s,\(^%{_sbindir}/pam_auth.*\)\(2755\),\14755," /etc/permissions.secure
|
||||
%endif
|
||||
%if 0%{?suse_version} >= 1140
|
||||
%set_permissions %{_localstatedir}/cache/%{name}
|
||||
%set_permissions %{_localstatedir}/log/%{name}
|
||||
@ -375,6 +377,7 @@ fi
|
||||
%{_sbindir}/pinger
|
||||
%{_sbindir}/rc%{name}
|
||||
%{_sbindir}/%{name}
|
||||
%{_sbindir}/ssl_crtd
|
||||
%{_sbindir}/storeid_file_rewrite
|
||||
%{_sbindir}/unlinkd
|
||||
%{_sbindir}/url_fake_rewrite
|
||||
|
Loading…
Reference in New Issue
Block a user