diff --git a/initialize_cache_if_needed.sh b/initialize_cache_if_needed.sh index e762dae..85d4ddd 100644 --- a/initialize_cache_if_needed.sh +++ b/initialize_cache_if_needed.sh @@ -8,6 +8,6 @@ fi if ! test -d $CACHE_DIR; then echo "Initializing cache directories..." - exec /usr/sbin/squid -z -F -N -S -f /etc/squid/squid.conf + exec /usr/sbin/squid -z -F --foreground -S -f /etc/squid/squid.conf fi diff --git a/missing_installs.patch b/missing_installs.patch new file mode 100644 index 0000000..c300944 --- /dev/null +++ b/missing_installs.patch @@ -0,0 +1,16 @@ +Index: squid-4.0.22/src/acl/external/kerberos_ldap_group/Makefile.am +=================================================================== +--- squid-4.0.22.orig/src/acl/external/kerberos_ldap_group/Makefile.am ++++ squid-4.0.22/src/acl/external/kerberos_ldap_group/Makefile.am +@@ -15,9 +15,11 @@ EXTRA_DIST= \ + + AM_CPPFLAGS += -I$(srcdir) + ++ + libexec_SCRIPTS = cert_tool + + libexec_PROGRAMS = ext_kerberos_ldap_group_acl ++man_MANS = ext_kerberos_ldap_group_acl.8 + + ext_kerberos_ldap_group_acl_SOURCES = \ + kerberos_ldap_group.cc \ diff --git a/squid-3.5.27.tar.xz b/squid-3.5.27.tar.xz deleted file mode 100644 index 83d90d7..0000000 --- a/squid-3.5.27.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5ddb4367f2dc635921f9ca7a59d8b87edb0412fa203d1543393ac3c7f9fef0ec -size 2303468 diff --git a/squid-3.5.27.tar.xz.asc b/squid-3.5.27.tar.xz.asc deleted file mode 100644 index 8b53d43..0000000 --- a/squid-3.5.27.tar.xz.asc +++ /dev/null @@ -1,20 +0,0 @@ -File: squid-3.5.27.tar.xz -Date: Sat Aug 19 20:16:51 UTC 2017 -Size: 2303468 -MD5 : 39ef8199675d48a314b540f92c00c545 -SHA1: 1e69c96d13cd49844da3bcf33a0b428fbe7b6f77 -Key : 0xFF5CF463 - EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463 - keyring = http://www.squid-cache.org/pgp.asc - keyserver = subkeys.pgp.net ------BEGIN PGP SIGNATURE----- - -iQEzBAABCAAdFiEE6jHMXpSI5RaNLcxesmjnBv9c9GMFAlmYnLsACgkQsmjnBv9c -9GM1uAf+PeYKQI/hwJZXul020S5+pyxBem8txVVqTba1YZA/khk0vRqj54lBBxrX -C5AsnNbY6yGfsH6S0tQCFn3IkftXgUVMWij5x10yUYhZiXjV0EFe9rBiAOkd4zuT -j/4HOsHaG0I1qNqh1NZmvyV/a40Eq65lphOySt6N2okXeZS0Daoc23HHUXtZrO49 -QqY2LEhKYg9mtxE3k7lnZ7AxWtzZPQrdqNOZLs7pyJikGn7Usv2hzdIjyyaBRV9g -jwUPzEOiCLYleExCeqE/9k5M7JLRIJE7ofnkbkVs9+V57csYkQ5Cqr5vMWhvL1RN -4GGMjSMMS2m7vhiLPTgMn5ebHn6bJw== -=eHYj ------END PGP SIGNATURE----- diff --git a/squid-4.0.22.tar.xz b/squid-4.0.22.tar.xz new file mode 100644 index 0000000..dacbc70 --- /dev/null +++ b/squid-4.0.22.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:51b852f17c21569d53bcd098d2c55a4e0c745e9cac392cff26d92681e911a5a2 +size 2411692 diff --git a/squid-4.0.22.tar.xz.asc b/squid-4.0.22.tar.xz.asc new file mode 100644 index 0000000..0c19f49 --- /dev/null +++ b/squid-4.0.22.tar.xz.asc @@ -0,0 +1,25 @@ +File: squid-4.0.22.tar.xz +Date: Thu Dec 7 18:03:01 UTC 2017 +Size: 2411692 +MD5 : c09dab527ac8ea86833286597d2d633d +SHA1: b3e1cfe1cc1074506a46652946efe175eb69bf8a +Key : CD6DBF8EF3B17D3E + B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E + keyring = http://www.squid-cache.org/pgp.asc + keyserver = pool.sks-keyservers.net +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAlopgl8ACgkQzW2/jvOx +fT55dw/+JlwxV8qTWxITUZ/8IFB5TO6T2Rzy8g4hFulTDoPN8/z4RZz/FNeQT/44 +/csodC7kja1ZxVlzNz07gaIoPz8Ft4ITQRL3kUMJ3+azYSevXlaiTtAy2O3oo2PC +oGw8X5M8USZ578BwaEIsnG/FHJY8qogr6WfX2lPfT9fgnYzXl+hRLqc4oD/605pY +k+D3C6j4cuTjoo30qD867BY/0sf6AdFYnfsLtc/cT4K4B/VHB2pDDk+cDXyjLzT2 +8AZkvG8XHwLFlXO7lHssHGM7uqxM2Sj+w9QJNJrFEh2tfdRAS6eXn3aSy6WeRHty +vOWXFc9U9D+PWPcHV3vE3FpLOBBkfhJnCiSMnz4GabjkXqjpD/7P1MQsTM2sKS4M +g/CpNdfhUshgxeNCmY0tJFu6cl/LFi7qbLBPNXQk0NDKZciiijARh9fFSsvvUHTA +g63LOZw+AyldeO5NMEalDaDsWViKd99CDXX93Y5qWxxuM4WhbStzUBUOXVl9CZ6m +P0B/uC+1IR56NETveklSRth7JrrlG7GkbV8uTkHJzTEHw3t+jAGFi80zV+V/gaAH +mMaXuv74UYosp2Zjdr5Ee5QLlo61kAWjKro9pd2uOyCUyGjijCcuyKa6zaNs1klp +9ehX0hnN1nX9blp/5Qx/fYLcds8vSr9QIpG6GEx5gJ5PCryckys= +=omrg +-----END PGP SIGNATURE----- diff --git a/squid.changes b/squid.changes index 52b9eaf..e3c45f1 100644 --- a/squid.changes +++ b/squid.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Mon Jan 8 12:21:51 UTC 2018 - adam.majer@suse.de + +- Update Squid to 4.0.22 (fate#324583, bnc#1073089) + * re-enable building with default openssl-devel + * Helper changes since 3.5.27: + + basic_msnt_multi_domain_auth removed - basic_smb_lm_auth + helper performs the same functionality + + cert_valid.pl testing helper renamed to + security_fake_certverify + + ssl_crtd renamed to security_file_certgen + For complete set of release notes and changes since squid 3.5 see + http://www.squid-cache.org/Versions/v4/squid-4.0.22-RELEASENOTES.html + +- Updated squid.keyring using current keyring file from upstream +- missing_installs.patch: install manpages for installed helpers + ------------------------------------------------------------------- Mon Dec 4 12:31:44 UTC 2017 - adam.majer@suse.de diff --git a/squid.keyring b/squid.keyring index 56af97d..492730b 100644 Binary files a/squid.keyring and b/squid.keyring differ diff --git a/squid.spec b/squid.spec index 24bc764..a665d5a 100644 --- a/squid.spec +++ b/squid.spec @@ -1,7 +1,7 @@ # # spec file for package squid # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,14 +24,14 @@ %define squidlibdir %{_libdir}/squid %define squidconfdir %{_sysconfdir}/squid Name: squid -Version: 3.5.27 +Version: 4.0.22 Release: 0 Summary: Caching and forwarding HTTP web proxy License: GPL-2.0+ Group: Productivity/Networking/Web/Proxy Url: http://www.squid-cache.org -Source0: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz -Source1: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz.asc +Source0: http://www.squid-cache.org/Versions/v4/4.0/%{name}-%{version}.tar.xz +Source1: http://www.squid-cache.org/Versions/v4/4.0/%{name}-%{version}.tar.xz.asc Source4: squid.sysconfig Source5: pam.squid Source6: unsquid.pl @@ -39,9 +39,11 @@ Source7: %{name}.logrotate Source9: %{name}.permissions Source10: README.kerberos Source11: %{name}.service -Source13: %{name}.keyring +# http://lists.squid-cache.org/pipermail/squid-announce/2016-October/000064.html +Source13: http://www.squid-cache.org/pgp.asc#/squid.keyring Source15: cache_dir.sed Source16: initialize_cache_if_needed.sh +Patch1: missing_installs.patch BuildRequires: cppunit-devel BuildRequires: db-devel BuildRequires: ed @@ -55,11 +57,7 @@ BuildRequires: libnsl-devel %endif BuildRequires: openldap2-devel BuildRequires: opensp-devel -%if 0%{suse_version} >= 1330 -BuildRequires: libopenssl-1_0_0-devel -%else BuildRequires: openssl-devel -%endif BuildRequires: pam-devel BuildRequires: pkgconfig BuildRequires: samba-winbind @@ -92,12 +90,13 @@ accelerator. %prep %setup -q cp %{SOURCE10} . -# upstream patches after RELEASE +# upstream patches after RELEASE perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"` -chmod a-x CREDITS +%patch1 -p1 %build +autoreconf -fi export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF" export CXXFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF" export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro,-z,now -pie" @@ -129,8 +128,8 @@ export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro,-z,now -pie" --with-large-files \ --enable-underscores \ --enable-auth \ - --enable-auth-basic \ - --enable-auth-ntlm \ + --enable-auth-basic="SMB_LM,DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB" \ + --enable-auth-ntlm="SMB_LM,fake" \ --enable-auth-negotiate \ --enable-auth-digest \ --enable-external-acl-helpers=LDAP_group,eDirectory_userip,file_userip,kerberos_ldap_group,session,unix_group,wbinfo_group,time_quota \ @@ -139,7 +138,9 @@ export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro,-z,now -pie" --with-default-user=%{name} \ --disable-ident-lookups \ --enable-follow-x-forwarded-for \ - --disable-arch-native + --disable-arch-native \ + --enable-security-cert-generators \ + --enable-security-cert-validators make SAMBAPREFIX=%{_prefix} %{?_smp_mflags} %install @@ -167,7 +168,6 @@ mv %{buildroot}%{_sbindir}/cachemgr.cgi %{buildroot}/%{_libdir}/%{name} install -dpm 755 doc/contrib install %{SOURCE6} doc/contrib install -Dpm 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/%{name} -install -Dpm 644 ./helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 %{buildroot}%{_mandir}/man8/ext_kerberos_ldap_group_acl.8 rm -rf %{buildroot}%{squidconfdir}/errors for i in errors/*; do @@ -302,7 +302,6 @@ end %{_sbindir}/basic_getpwnam_auth %{_sbindir}/basic_ldap_auth %{_sbindir}/digest_edirectory_auth -%{_sbindir}/basic_msnt_multi_domain_auth %{_sbindir}/basic_ncsa_auth %{_sbindir}/basic_nis_auth %verify(not mode) %attr(2750,root,shadow) %{_sbindir}/basic_pam_auth @@ -313,7 +312,6 @@ end %{_sbindir}/basic_smb_auth.sh %{_sbindir}/basic_smb_lm_auth %{_sbindir}/cert_tool -%{_sbindir}/cert_valid.pl %{_sbindir}/digest_file_auth %{_sbindir}/digest_ldap_auth %{_sbindir}/diskd @@ -324,7 +322,7 @@ end %{_sbindir}/ext_session_acl %{_sbindir}/ext_unix_group_acl %{_sbindir}/ext_wbinfo_group_acl -%{_sbindir}/helper-mux.pl +%{_sbindir}/helper-mux %{_sbindir}/log_db_daemon %{_sbindir}/log_file_daemon %{_sbindir}/negotiate_kerberos_auth @@ -333,12 +331,14 @@ end %{_sbindir}/ntlm_fake_auth %{_sbindir}/ntlm_smb_lm_auth %verify(not user group mode caps) %attr(0750,root,squid) %{_sbindir}/pinger +%{_sbindir}/security_fake_certverify +%{_sbindir}/security_file_certgen %{_sbindir}/%{name} -%{_sbindir}/ssl_crtd %{_sbindir}/storeid_file_rewrite %{_sbindir}/unlinkd %{_sbindir}/url_fake_rewrite %{_sbindir}/url_fake_rewrite.sh +%{_sbindir}/url_lfs_rewrite %{_sbindir}/ext_time_quota_acl %{_sbindir}/rc%{name} %{_fillupdir}/sysconfig.%{name}