Accepting request 146699 from server:proxy

update to 3.2.5 (forwarded request 146698 from computersalat)

OBS-URL: https://build.opensuse.org/request/show/146699
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=3
This commit is contained in:
Andreas Jaeger 2013-01-03 07:44:06 +00:00 committed by Git OBS Bridge
commit 831a772962
9 changed files with 157 additions and 90 deletions

View File

@ -2,10 +2,10 @@
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.66">
<TITLE>Squid 3.2.3 release notes</TITLE>
<TITLE>Squid 3.2.5 release notes</TITLE>
</HEAD>
<BODY>
<H1>Squid 3.2.3 release notes</H1>
<H1>Squid 3.2.5 release notes</H1>
<H2>Squid Developers</H2>
<HR>
@ -72,7 +72,8 @@ for Applied Network Research and members of the Web Caching community.</EM>
<HR>
<H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
<P>The Squid Team are pleased to announce the release of Squid-3.2.3 for testing.</P>
<P>The Squid Team are pleased to announce the release of Squid-3.2.5 for
testing.</P>
<P>This new release is available for download from
<A HREF="http://www.squid-cache.org/Versions/v3/3.2/">http://www.squid-cache.org/Versions/v3/3.2/</A> or the
<A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html">mirrors</A>.</P>
@ -535,9 +536,10 @@ the use of HTTPS security were desired.</P>
<P>The cache manager is available under the path prefix /squid-internal-mgr/. For example
the URL http://example/com/squid-internal-mgr/menu will bring up the manager menu. This
means there are some configuration changes required to lock down manager access.
The <EM>manager</EM> ACL needs changing to:
The <EM>manager</EM> ACL needs changing. A built-in definition is now used, equivalent
to the following regex pattern:
<PRE>
acl manager url_regex -i ^cache_object:// ^https?://[^/]+/squid-internal-mgr/
^(cache_object://|https?://[^/]+/squid-internal-mgr/)
</PRE>
</P>
@ -547,6 +549,14 @@ This template is not supplied with Squid but intended to be supplied by separate
cache manager applications as their front page embedding all scripts, accessors or
redirects required for their initial GUI display.</P>
<P>MGR_INDEX file
<UL>
<LI>should contain a complete HTML page, with optional client-side scripting.</LI>
<LI>must not contain server-side scripting. </LI>
<LI>will have macro substitution performed on it using the same macros as used by the error page tempates.</LI>
</UL>
</P>
<P>Version 3.2 of the CGI cache manager tool now presents XHR scripted probes to detect
proxies presenting these manager index pagess and provides direct HTTP/HTTPS web links
to those managers.</P>
@ -724,15 +734,18 @@ New installs, or installs with no logs configured explicitly will use this modul
<P>New type <EM>random</EM>. Pseudo-randomly match requests based on a configured probability.</P>
<P>Renamed <EM>myip</EM> to <EM>localip</EM>. It matches the IP which the client connected to.</P>
<P>Renamed <EM>myport</EM> to <EM>localport</EM>. It matches the port which the client connected to.</P>
<P>Ported <EM>urllogin</EM> option from Squid 2.7, to match a regex pattern on the URL login field (if any).</P>
<P>The <EM>localip</EM>/<EM>localport</EM> differ from earlier releases where they matched a mix of
of an invalid IP and port 0, the client destination IP/port or the Squid listening IP/port.
This definition is now consistent across all modes of traffic received by Squid.</P>
<P>The <EM>manager</EM> ACL requires adjustment to cover new cache manager access:
<P>The <EM>manager</EM> ACL requires adjustment to cover new cache manager access. So it has now been
built-in as a predefined ACL name matching URLs equivalent to the following regular expression:
<PRE>
acl manager url_regex -i ^cache_object:// ^https?://[^/]+/squid-internal-mgr/
^(cache_object://|https?://[^/]+/squid-internal-mgr/)
</PRE>
</P>
squid.conf containing the old manager definition can expect to see ACL type collisions.</P>
<DT><B>auth_param</B><DD>
<P>New options for Basic, Digest, NTLM, Negotiate <EM>children</EM> settings.
@ -1194,10 +1207,6 @@ An external_acl_type helper may be used to bypass authentication if that is suit
<P>
<DL>
<DT><B>acl</B><DD>
<P><EM>urllogin</EM> option not yet ported from 2.6</P>
<P><EM>urlgroup</EM> option not yet ported from 2.6</P>
<DT><B>broken_vary_encoding</B><DD>
<P>Not yet ported from 2.6</P>

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1741c3ef647f5b0960498b7bb3e44af4a4409c321afe2d141c67d2b5c85ed5a1
size 2891753

View File

@ -1,20 +0,0 @@
File: squid-3.2.3.tar.bz2
Date: Sat Oct 20 12:59:15 UTC 2012
Size: 2891753
MD5 : b26171dfd397defd9ee113d555691b86
SHA1: 41f6cf385d043ee07ef87582dca166303e71cd17
Key : 0xFF5CF463 <squid3@treenet.co.nz>
fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
keyring = http://www.squid-cache.org/pgp.asc
keyserver = subkeys.pgp.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAABAgAGBQJQg0I7AAoJELJo5wb/XPRj4qUIAOPXneXCd/Ww9wWMw6q3nNv8
A8cOH/Cf9pGXjNfAUITpauQiG2PbeTxMlnE3gcGFC9GqCUktx8ksfAfnHhb13YCO
Bz0OMO6MooxPD1YZWdomYJqZxZdL7yZtUTuhpWYibGhPJL2tlrD93Z2OUeXh+jcb
vucKnLHLZuuHbuBCz0KOwOl/1EWDfHjlz9xjYtRGUb8uFfyFCrkd9tAbiz3mZ2xe
SmoqJRiboLrvoVEJscaA5AnmVGXZMLKham3kXqBUA6aXwvgZU9eTOh1FAjMJlVdq
mCiRx5keHj5N5koI4AKzjBa6plUaoQ5nqHGDjnaU448aC8VVhm+mQ3dDr4XxXkA=
=dc1e
-----END PGP SIGNATURE-----

3
squid-3.2.5.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a823de016ca80680f979f3c74ba481775062b4de5924b21d58d1863254283912
size 2893104

20
squid-3.2.5.tar.bz2.asc Normal file
View File

@ -0,0 +1,20 @@
File: squid-3.2.5.tar.bz2
Date: Mon Dec 10 10:16:15 UTC 2012
Size: 2893104
MD5 : ddb329f92056aa58a56db6a2eeea0c02
SHA1: 6b945d41a9c0e993b978186b846035a241e79a7e
Key : 0xFF5CF463 <squid3@treenet.co.nz>
fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
keyring = http://www.squid-cache.org/pgp.asc
keyserver = subkeys.pgp.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAABAgAGBQJQxcSsAAoJELJo5wb/XPRjikEIANGXmlZFreiKJm7GjCf3FIOT
Relj7MfKAY6smt0RqZVFoOSnNRf59NQbkkHkDlXKOkUWwtbWRb0U0YQo5Zi0BHlf
yw4xtkw1kbTLR5TCayLvuViBjMajC0Rjca22YnK0CttijG7qQOmTtX0JVYMZZHBl
WTKv9rckXz9fmeLTCH57TGz1H1ekAzC2gmY/AzYqmlgDvuioZPnhgiQUgfqsnmII
pxwUXNldZ0eK/WOwKGi+ReyWSgR4P/nlko3K28/yomADWYSH/al1xFmVWxeJPdoq
ejzYCA1KYg4jYszscLOuUW/2ajnzXpxl3a2R7oilg6hRir22j+QZiGnbU/DItTo=
=0bG7
-----END PGP SIGNATURE-----

View File

@ -1,49 +0,0 @@
Index: squid-3.2.3/src/icmp/pinger.cc
===================================================================
--- squid-3.2.3.orig/src/icmp/pinger.cc
+++ squid-3.2.3/src/icmp/pinger.cc
@@ -180,8 +180,18 @@ main(int argc, char *argv[])
}
max_fd = max(max_fd, squid_link);
- setgid(getgid());
- setuid(getuid());
+ if (setgid(getgid()) < 0) {
+ debugs(42, 0, "FATAL: pinger: setgid failed.");
+ icmp4.Close();
+ icmp6.Close();
+ exit (1);
+ }
+ if (setuid(getuid()) < 0) {
+ debugs(42, 0, "FATAL: pinger: setuid failed.");
+ icmp4.Close();
+ icmp6.Close();
+ exit (1);
+ }
last_check_time = squid_curtime;
Index: squid-3.2.3/src/tools.cc
===================================================================
--- squid-3.2.3.orig/src/tools.cc
+++ squid-3.2.3/src/tools.cc
@@ -757,7 +757,8 @@ enter_suid(void)
debugs(21, 3, "enter_suid: PID " << getpid() << " taking root priveleges");
#if HAVE_SETRESUID
- setresuid((uid_t)-1, 0, (uid_t)-1);
+ if (setresuid((uid_t)-1, 0, (uid_t)-1) < 0)
+ debugs (21, 3, "enter_suid: setresuid failed" << xstrerror ());
#else
setuid(0);
@@ -782,7 +783,8 @@ no_suid(void)
uid = geteuid();
debugs(21, 3, "no_suid: PID " << getpid() << " giving up root priveleges forever");
- setuid(0);
+ if (setuid(0) < 0)
+ debugs(50, 1, "no_suid: setuid (0): " << xstrerror());
if (setuid(uid) < 0)
debugs(50, 1, "no_suid: setuid: " << xstrerror());

View File

@ -1,3 +1,25 @@
-------------------------------------------------------------------
Sun Dec 30 14:56:38 UTC 2012 - chris@computersalat.de
- Changes to squid-3.2.5 (10 Dec 2012):
- Bug 3698: Add missing include of errno.h
- Changes to squid-3.2.4 (03 Dec 2012):
- Ported: urllogin ACL from squid 2.7
- Bug 3688: Lots of Orphan Comm:Connections to ICAP server
- Bug 3677: Port un-pinning logic changes from squid 3.3
- Bug 3405: ssl_crtd crashes failing to remove certificate
- ... and major bugs fixed in squid 3.1.22
- Fix accept_filter on Linux
- Remove 'Bungled' warning on missing component directives
- ... and many buffer and memory leak issues in the bundled helpers
- ... and a small amount of code polishing
- remove obsolete glibc-217 patch
-------------------------------------------------------------------
Thu Nov 29 19:10:16 CET 2012 - sbrabec@suse.cz
- Verify GPG signature.
-------------------------------------------------------------------
Sat Nov 17 09:38:19 UTC 2012 - aj@suse.de

85
squid.keyring Normal file
View File

@ -0,0 +1,85 @@
pub 2048R/FF5CF463 2008-03-08
uid Amos Jeffries <amos@treenet.co.nz>
uid Amos Jeffries <squid3@treenet.co.nz>
uid Amos Jeffries (Squid 3.0 Release Key) <squid3@treenet.co.nz>
uid Amos Jeffries (Squid 3.1 Release Key) <squid3@treenet.co.nz>
sub 2048R/D0F41EA3 2009-04-08 [expires: 2010-04-08]
sub 2048R/5EF49CEC 2010-05-01 [expires: 2011-05-01]
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.19 (GNU/Linux)
mQENBEfSAIMBCADk3IDpqpCzbLbSliZzXr5Z+K9ytG/qGlGut1be1ZQLcyaMKImi
xKCDwdxYS3N1B8Oj2mHxbEk/8pHZzX/K7l21HQotuj31y0Y9hNz4Sd06SuYm8XUa
ml8dHEtm9OfgRWkvexCp79CtFJQ1H6NL12d+XFosfRlUXxAWX3orLEtMWgdUmIXb
BaQjf+exkGisN1FPh9/ooOOuTu1c0LIRFUhb2kII7HuihaqEpSDdqTEefHWF8AbA
ZDs1+9nNIROJFsY5MX7QNnFnYC94J1aqImVoNbg0knurdPo8iR4hN5ZRUsj/Yjev
cbv0wisZryCtpPrGQ9r/i8bd0UxKql4VW9MXABEBAAG0IkFtb3MgSmVmZnJpZXMg
PGFtb3NAdHJlZW5ldC5jby5uej6JATkEEwECACMCGwMGCwkIBwMCBBUCCAMEFgID
AQIeAQIXgAIZAQUCS9wlXwAKCRCyaOcG/1z0Y9FpB/4sp8CCdb4agK4/EP/olLcN
1em51BS3715Q3A/iOuU9giMTfToqd94qDWiHCbNN+vrx4jjVPYok6QXEzKz5jK6n
VoRSaK+Se72GxdZVhcpcIHsdYcofmR6135RlC3W8aBTYlmX4Uw0FI3Cd9sthsBG0
sVy9tGDbhmUOsLsqzPyY1FIpq/FyZxoNIjUqaZWVqtOmw7+3LLdjp7xCgQ3dkqmX
d4KDhOWemwSMwD+v4eXSZ7KfHxIPG8Ep7nQfU5+0POl7oC5mVjSSUkWxDWAiFKZE
5H705J/8FUrOFmTO6D5esVgZ6BZ6ktXnRYzXmsN+7Yk+TLvP6MtBT09Q/y1IR21Z
tCRBbW9zIEplZmZyaWVzIDxzcXVpZDNAdHJlZW5ldC5jby5uej6JATYEEwECACAC
GwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCS9wlXwAKCRCyaOcG/1z0Y9gACACK
Y9HWgOhXP67v+ha8cSsUmOCtwVRt7cZ1xCs3kFTvgbUL2isBOORiDCuXjLEYBS8W
a9WCkmqznck+zwhwN8nRCZetTnrqa+elihcjM1wk+XaZRvOjV3Hjtr43hhBiQyJD
jWil0LL/R8Ul3l81zsLvUAXTZXSwxrbkscbfDG8HmYfeVT7WbuDAVTnFLVvip8u3
tOAy8GU0Kli0aTnVCBczejddM6Qerqiq4gSyove7y2S0PC0G0Nm7j/mqbngd0Inl
cSrC36+hWq8wU7/1skfLIALqMpvpMP8lqpvzzQyTameMOu79BZMw14FiZcELSAri
cbfFzUFgQ/qPdXS1J2P1tDxBbW9zIEplZmZyaWVzIChTcXVpZCAzLjAgUmVsZWFz
ZSBLZXkpIDxzcXVpZDNAdHJlZW5ldC5jby5uej6JATYEEwECACACGwMGCwkIBwMC
BBUCCAMEFgIDAQIeAQIXgAUCS9wlXwAKCRCyaOcG/1z0Y/UcB/473QtJku9QSHaH
68h+vXi9GU7rWGHcCs+HL20fzSnim+trAyoxv+MPUfPH416fgIIMmM9oZlTulp02
7AwHHUYXZsxzYLA/1bqCKYy7TF6DQ6bLVyuM/SddtAiajZQKUq8UwKILSRcGooJc
p4Iu8J7y4jLm/c+hjoLK6jK92tNUtoKGdLOQQ1JpKRRissihGvFg9nxFoFP+i531
3k6DKj91G1Z5R+bbP7Jf65CjdBENNq7rRNVHMBBscCHG7X332kVSacqEi4WFrjBT
EasduOmQRQ/frdptK2PmYrqw7F4CsQGo0C1WWXv/5q0gJFb1ovptL9QxmhvVHU0I
S0tnKl04tDxBbW9zIEplZmZyaWVzIChTcXVpZCAzLjEgUmVsZWFzZSBLZXkpIDxz
cXVpZDNAdHJlZW5ldC5jby5uej6JATYEEwECACACGwMGCwkIBwMCBBUCCAMEFgID
AQIeAQIXgAUCS9wlXwAKCRCyaOcG/1z0Y6WjB/0fFm7hFYxZxJvfm+GVU2DpWfQ7
5bW4f2WqjWJfKNpCwAILkySoD0B+h+HQRkbAQ/IjifbORdTUGuYqURysaJhCEP5J
eQ26hs9dUw/agpEamvROHE/PltHl1K3XIXs7mB2iwexhgncmpp0D4VH39cQiMkIL
Hixv5xRioXHK5P4JkclHJ+zLL3IbdgmS7UijA3Bg8hIUcpy2s+4hy5So8OrcgxDu
q4KwxKcQsklHYqXfxF9+tiy02FeGTSX3JyCVUuGCLMOMbFO6oWP3YWKQUuE9XpgG
0ykz2zEYHbzh8CG+AT/dA1sbjkQP5yTfR3NpPNilwJ7HK9Kn+2AXstRCuLSBuQEN
BEncrb0BCACtTMCBEd5FgBjNxrb+yzUKQtu8cZy6PmpeEaMlEDtAbs+Sd6wbyJe0
9ZY3OwSDisnA05hPqd3bxmi4CFtxE/2C//jWl1i9xVU7NyK+2CUxEHRoNBY9DAp0
IAvnZ1BNQcf6CYEMoyTR60GjTnCet2kHt+q9F+vVFmGVatPojUtg2irh+rYjvWbr
iiNCoweqeBqvp2beVqZChQDm5bRamgFW7S8bAhSn24tBZmettXQ6j4ZgjdqNIMgy
O80sCA31LTc3Jcd9WEIYEbJ/9aK+zVHdB1Tw43YQq62OosDeVENwSdE1pjh8R48W
dzCT5Rwe73X/ct5DRi0S/0QkcsjAep45ABEBAAGJAkQEGAECAA8FAkncrb0CGwIF
CQHhM4ABKQkQsmjnBv9c9GPAXSAEGQECAAYFAkncrb0ACgkQB4pjqtD0HqNTXwf/
fQcDlC/Nx4n4G2LFBRUNanlg3iAInNOfVPyB5fVWwLHZUVpxNm4qNKSGxw1YjVEl
h6EuMjNfQeE+i7Z4/L2Hbqd17M4vXXO4PxqkkUVmqIcIH/PKWJKI2gLlKjSebo4V
vgzPZXFzbKBeTy4URXyifVxu8p+i0+e1eyFB80+EACaHX1b8S9cl88ZgbEqm7mVg
HT+L28o+Y3MrSRpqkTnqfYA5I+bxMO2LNZShtReeKdDU1YB0XOKOB9Y6jOoOLt5g
GKAjYByFeqFbvCJhwfncDuZZ7Ny8PIXj0a8j8e7zZH9I4iCTrRt5eK/+8KBHwuTU
dliCktqtjYKTevjlaPlPw4qsB/496HNciuFiDHmofLKnuYXoR2N2Uo4b6ErmyuKT
KAXFhDiOj8MoN49mEbm0/FdZe+IL0aG7EEIz2+h3h9y7q15dqRawbchMBX1bu7aK
GdiQenyiWbGsliE7h/crxtLHqDQPg2CimQJI1Msx4ee2ePQ9DMPBHgd1TVN9B75Q
h46mJ612j4cIDYspFnqWKqXx52XRVEgyVL0ZFN0On5WukNoBWINqRnLlTJM0zdw5
jGhRad7B5ubdcPpbbDw9VLfNOOCAPK8jeQNPXMtvFIEoLXeo8wKbVQX33hV2y7kH
GCamA1A05gmJtiVaZBfph5MxAjYx0JdrzlcwrPB+4DNdj1jYuQENBEvcJYoBCADw
e4s2CBQxFf/yenctJYnmiFhppGH3f3RgteKl1rt2mpL3wK79IDrXucfzbxAbwSdA
52wcbaqBbsdguzyOF3bVPJL3c/bVZ/As7m3oOr4HRSpuh2cs5gATesjWRITVMMkO
kHo+69isPAe7vCX6+CgeldPjWSfIcg5sfEo183+V0g8bWiYemGueDKmLqLkwAyCM
gARpDPMKBgShnvRPe1ovG4a/GZilpS5u4QKzyj+3GmLbCHJQOODdDHdt0/AVkbh0
KUrneKZbvGQdWzC2NXyENa+13U1lG+WSyTsuQN09szd3rRCVITQKR+jnmWlIn3Ji
p0LpMazTENxcn4EN1s0tABEBAAGJAkQEGAECAA8FAkvcJYoCGwIFCQHhM4ABKQkQ
smjnBv9c9GPAXSAEGQECAAYFAkvcJYoACgkQ87HMiV70nOwr/QgAsQiZjDV70LrG
eh6GJvKYWpK35w57krCbqwivzZKDD499Et0DvIFUmkdn6xJAUpuFXzxkPHXWuCqn
cCQjRnqSm0sAVC612cQGStBZm73J0htqLbQc/NGqAzbc/5eOW5BxQJG0fhGIvNhu
1JS8Acbti2q0XfnDKuAwnJyZQsZmZBOAqj9kuB4ATwU4KWwPQGkfZ38W6VSlXbCV
NYoP7+PBSjM6gyjoOzC5U+1Tf7lZvlNEZEmR4Ls0V9XteGTnnJrpJLQ6iVB2dr97
ZY36Q3aOBhPMSxg/I6scj1iSgmAuAqTpY53qdSf2X24HEERtxR5AVFwmRVI0YQgx
KTeFJLIJMym+CACttZmyZoSWS1atRNhPb44/NRmtDv4mfFRgtwg2VcXAEL/ipPi5
nMYrfgZ1Zjbzf5e6r6O6qrBTjy7sHCIpT8E/RV0U7Wmh/MqCaJ6TlSFDLaoIYyl8
m5J46VDOd7XFEbU/59LwwP7wcgU4iNbjxNmjZy/zZCwi8zWnKLVGTgkqx51zsurF
5ZIzDS72Atlg2RAHdGhOaCqeNb5cw44Rh3XPdzTklcpoo3NcMXx/aUPHrRc+SBS6
iP6UMH+/IuiwOG6UhV1VxRlrVDb5J3/GTxHWPGtEiHNUjxHuH3EN2lj9oTKPKIhs
SHFot7e7PTf5fJ6rTzeQTL4VOWVOkq4M4xmZ
=k8xm
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -23,7 +23,7 @@ Name: squid
Summary: Squid Version 3.2 WWW Proxy Server
License: GPL-2.0+
Group: Productivity/Networking/Web/Proxy
Version: 3.2.3
Version: 3.2.5
Release: 0
Url: http://www.squid-cache.org/Versions/v3/3.2
Source0: http://www.squid-cache.org/Versions/v3/3.2/%{name}-%{version}.tar.bz2
@ -38,6 +38,7 @@ Source9: %{name}.permissions
Source10: README.kerberos
Source11: %{name}.service
Source12: squid_cache_swap.sh
Source13: %{name}.keyring
#
# the following patches are downloaded directly from the webserver
# don't change the names for easier identification
@ -60,8 +61,6 @@ Patch101: %{name}-nobuilddates.patch
## File is compiled without RPM_OPT_FLAGS
# squid3 no-rpm-opt-flags <cmdline>:./cf_gen.cc
Patch102: %{name}-compiled_without_RPM_OPT_FLAGS.patch
# Handle setuid/setgid failure
Patch103: squid-glibc217.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: %fillup_prereq
PreReq: %insserv_prereq
@ -74,6 +73,7 @@ BuildRequires: cyrus-sasl-devel
BuildRequires: ed
BuildRequires: expat
BuildRequires: gcc-c++
BuildRequires: gpg-offline
BuildRequires: libcap-devel
BuildRequires: libexpat-devel
BuildRequires: libtool
@ -135,10 +135,11 @@ The most important of these new features are:
* Cache Manager access changes
First STABLE release Date: 02 Aug 2010
Latest Release: 3.2.3
Latest Release Date: 20 Oct 2012
Latest Release: 3.2.5
Latest Release Date: 10 Dec 2012
%prep
%gpg_verify %{S:1}
%setup -q -n %{name}-%{version}
cp %{S:10} .
# upstream patches after RELEASE
@ -150,7 +151,6 @@ perl -p -i -e 's|/usr/local/bin/perl|/usr/bin/perl|' `find -name "*.pl"`
chmod a-x CREDITS
%patch101
%patch102
%patch103 -p1
%build
export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"