diff --git a/RELEASENOTES.html b/RELEASENOTES.html index d522ad5..0d726a9 100644 --- a/RELEASENOTES.html +++ b/RELEASENOTES.html @@ -2,10 +2,10 @@ - Squid 3.2.3 release notes + Squid 3.2.5 release notes -

Squid 3.2.3 release notes

+

Squid 3.2.5 release notes

Squid Developers


@@ -72,7 +72,8 @@ for Applied Network Research and members of the Web Caching community.

1. Notice

-

The Squid Team are pleased to announce the release of Squid-3.2.3 for testing.

+

The Squid Team are pleased to announce the release of Squid-3.2.5 for +testing.

This new release is available for download from http://www.squid-cache.org/Versions/v3/3.2/ or the mirrors.

@@ -535,9 +536,10 @@ the use of HTTPS security were desired.

The cache manager is available under the path prefix /squid-internal-mgr/. For example the URL http://example/com/squid-internal-mgr/menu will bring up the manager menu. This means there are some configuration changes required to lock down manager access. -The manager ACL needs changing to: +The manager ACL needs changing. A built-in definition is now used, equivalent +to the following regex pattern:

-        acl manager url_regex -i ^cache_object:// ^https?://[^/]+/squid-internal-mgr/
+        ^(cache_object://|https?://[^/]+/squid-internal-mgr/)
 

@@ -547,6 +549,14 @@ This template is not supplied with Squid but intended to be supplied by separate cache manager applications as their front page embedding all scripts, accessors or redirects required for their initial GUI display.

+

MGR_INDEX file +

+

+

Version 3.2 of the CGI cache manager tool now presents XHR scripted probes to detect proxies presenting these manager index pagess and provides direct HTTP/HTTPS web links to those managers.

@@ -724,15 +734,18 @@ New installs, or installs with no logs configured explicitly will use this modul

New type random. Pseudo-randomly match requests based on a configured probability.

Renamed myip to localip. It matches the IP which the client connected to.

Renamed myport to localport. It matches the port which the client connected to.

+

Ported urllogin option from Squid 2.7, to match a regex pattern on the URL login field (if any).

The localip/localport differ from earlier releases where they matched a mix of of an invalid IP and port 0, the client destination IP/port or the Squid listening IP/port. This definition is now consistent across all modes of traffic received by Squid.

-

The manager ACL requires adjustment to cover new cache manager access: +

The manager ACL requires adjustment to cover new cache manager access. So it has now been +built-in as a predefined ACL name matching URLs equivalent to the following regular expression:

-                acl manager url_regex -i ^cache_object:// ^https?://[^/]+/squid-internal-mgr/
+                ^(cache_object://|https?://[^/]+/squid-internal-mgr/)
         
 
-

+ +squid.conf containing the old manager definition can expect to see ACL type collisions.

auth_param

New options for Basic, Digest, NTLM, Negotiate children settings. @@ -1194,10 +1207,6 @@ An external_acl_type helper may be used to bypass authentication if that is suit

-
acl
-

urllogin option not yet ported from 2.6

-

urlgroup option not yet ported from 2.6

-
broken_vary_encoding

Not yet ported from 2.6

diff --git a/squid-3.2.3.tar.bz2 b/squid-3.2.3.tar.bz2 deleted file mode 100644 index ff166e3..0000000 --- a/squid-3.2.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1741c3ef647f5b0960498b7bb3e44af4a4409c321afe2d141c67d2b5c85ed5a1 -size 2891753 diff --git a/squid-3.2.3.tar.bz2.asc b/squid-3.2.3.tar.bz2.asc deleted file mode 100644 index c89dc15..0000000 --- a/squid-3.2.3.tar.bz2.asc +++ /dev/null @@ -1,20 +0,0 @@ -File: squid-3.2.3.tar.bz2 -Date: Sat Oct 20 12:59:15 UTC 2012 -Size: 2891753 -MD5 : b26171dfd397defd9ee113d555691b86 -SHA1: 41f6cf385d043ee07ef87582dca166303e71cd17 -Key : 0xFF5CF463 - fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463 - keyring = http://www.squid-cache.org/pgp.asc - keyserver = subkeys.pgp.net ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.12 (GNU/Linux) - -iQEcBAABAgAGBQJQg0I7AAoJELJo5wb/XPRj4qUIAOPXneXCd/Ww9wWMw6q3nNv8 -A8cOH/Cf9pGXjNfAUITpauQiG2PbeTxMlnE3gcGFC9GqCUktx8ksfAfnHhb13YCO -Bz0OMO6MooxPD1YZWdomYJqZxZdL7yZtUTuhpWYibGhPJL2tlrD93Z2OUeXh+jcb -vucKnLHLZuuHbuBCz0KOwOl/1EWDfHjlz9xjYtRGUb8uFfyFCrkd9tAbiz3mZ2xe -SmoqJRiboLrvoVEJscaA5AnmVGXZMLKham3kXqBUA6aXwvgZU9eTOh1FAjMJlVdq -mCiRx5keHj5N5koI4AKzjBa6plUaoQ5nqHGDjnaU448aC8VVhm+mQ3dDr4XxXkA= -=dc1e ------END PGP SIGNATURE----- diff --git a/squid-3.2.5.tar.bz2 b/squid-3.2.5.tar.bz2 new file mode 100644 index 0000000..58bc247 --- /dev/null +++ b/squid-3.2.5.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a823de016ca80680f979f3c74ba481775062b4de5924b21d58d1863254283912 +size 2893104 diff --git a/squid-3.2.5.tar.bz2.asc b/squid-3.2.5.tar.bz2.asc new file mode 100644 index 0000000..848369a --- /dev/null +++ b/squid-3.2.5.tar.bz2.asc @@ -0,0 +1,20 @@ +File: squid-3.2.5.tar.bz2 +Date: Mon Dec 10 10:16:15 UTC 2012 +Size: 2893104 +MD5 : ddb329f92056aa58a56db6a2eeea0c02 +SHA1: 6b945d41a9c0e993b978186b846035a241e79a7e +Key : 0xFF5CF463 + fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463 + keyring = http://www.squid-cache.org/pgp.asc + keyserver = subkeys.pgp.net +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.12 (GNU/Linux) + +iQEcBAABAgAGBQJQxcSsAAoJELJo5wb/XPRjikEIANGXmlZFreiKJm7GjCf3FIOT +Relj7MfKAY6smt0RqZVFoOSnNRf59NQbkkHkDlXKOkUWwtbWRb0U0YQo5Zi0BHlf +yw4xtkw1kbTLR5TCayLvuViBjMajC0Rjca22YnK0CttijG7qQOmTtX0JVYMZZHBl +WTKv9rckXz9fmeLTCH57TGz1H1ekAzC2gmY/AzYqmlgDvuioZPnhgiQUgfqsnmII +pxwUXNldZ0eK/WOwKGi+ReyWSgR4P/nlko3K28/yomADWYSH/al1xFmVWxeJPdoq +ejzYCA1KYg4jYszscLOuUW/2ajnzXpxl3a2R7oilg6hRir22j+QZiGnbU/DItTo= +=0bG7 +-----END PGP SIGNATURE----- diff --git a/squid-glibc217.patch b/squid-glibc217.patch deleted file mode 100644 index ed53938..0000000 --- a/squid-glibc217.patch +++ /dev/null @@ -1,49 +0,0 @@ -Index: squid-3.2.3/src/icmp/pinger.cc -=================================================================== ---- squid-3.2.3.orig/src/icmp/pinger.cc -+++ squid-3.2.3/src/icmp/pinger.cc -@@ -180,8 +180,18 @@ main(int argc, char *argv[]) - } - max_fd = max(max_fd, squid_link); - -- setgid(getgid()); -- setuid(getuid()); -+ if (setgid(getgid()) < 0) { -+ debugs(42, 0, "FATAL: pinger: setgid failed."); -+ icmp4.Close(); -+ icmp6.Close(); -+ exit (1); -+ } -+ if (setuid(getuid()) < 0) { -+ debugs(42, 0, "FATAL: pinger: setuid failed."); -+ icmp4.Close(); -+ icmp6.Close(); -+ exit (1); -+ } - - last_check_time = squid_curtime; - -Index: squid-3.2.3/src/tools.cc -=================================================================== ---- squid-3.2.3.orig/src/tools.cc -+++ squid-3.2.3/src/tools.cc -@@ -757,7 +757,8 @@ enter_suid(void) - debugs(21, 3, "enter_suid: PID " << getpid() << " taking root priveleges"); - #if HAVE_SETRESUID - -- setresuid((uid_t)-1, 0, (uid_t)-1); -+ if (setresuid((uid_t)-1, 0, (uid_t)-1) < 0) -+ debugs (21, 3, "enter_suid: setresuid failed" << xstrerror ()); - #else - - setuid(0); -@@ -782,7 +783,8 @@ no_suid(void) - uid = geteuid(); - debugs(21, 3, "no_suid: PID " << getpid() << " giving up root priveleges forever"); - -- setuid(0); -+ if (setuid(0) < 0) -+ debugs(50, 1, "no_suid: setuid (0): " << xstrerror()); - - if (setuid(uid) < 0) - debugs(50, 1, "no_suid: setuid: " << xstrerror()); diff --git a/squid.changes b/squid.changes index f205526..3eb9dbe 100644 --- a/squid.changes +++ b/squid.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Sun Dec 30 14:56:38 UTC 2012 - chris@computersalat.de + +- Changes to squid-3.2.5 (10 Dec 2012): + - Bug 3698: Add missing include of errno.h +- Changes to squid-3.2.4 (03 Dec 2012): + - Ported: urllogin ACL from squid 2.7 + - Bug 3688: Lots of Orphan Comm:Connections to ICAP server + - Bug 3677: Port un-pinning logic changes from squid 3.3 + - Bug 3405: ssl_crtd crashes failing to remove certificate + - ... and major bugs fixed in squid 3.1.22 + - Fix accept_filter on Linux + - Remove 'Bungled' warning on missing component directives + - ... and many buffer and memory leak issues in the bundled helpers + - ... and a small amount of code polishing +- remove obsolete glibc-217 patch + +------------------------------------------------------------------- +Thu Nov 29 19:10:16 CET 2012 - sbrabec@suse.cz + +- Verify GPG signature. + ------------------------------------------------------------------- Sat Nov 17 09:38:19 UTC 2012 - aj@suse.de diff --git a/squid.keyring b/squid.keyring new file mode 100644 index 0000000..56af97d --- /dev/null +++ b/squid.keyring @@ -0,0 +1,85 @@ +pub 2048R/FF5CF463 2008-03-08 +uid Amos Jeffries +uid Amos Jeffries +uid Amos Jeffries (Squid 3.0 Release Key) +uid Amos Jeffries (Squid 3.1 Release Key) +sub 2048R/D0F41EA3 2009-04-08 [expires: 2010-04-08] +sub 2048R/5EF49CEC 2010-05-01 [expires: 2011-05-01] + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2.0.19 (GNU/Linux) + +mQENBEfSAIMBCADk3IDpqpCzbLbSliZzXr5Z+K9ytG/qGlGut1be1ZQLcyaMKImi +xKCDwdxYS3N1B8Oj2mHxbEk/8pHZzX/K7l21HQotuj31y0Y9hNz4Sd06SuYm8XUa +ml8dHEtm9OfgRWkvexCp79CtFJQ1H6NL12d+XFosfRlUXxAWX3orLEtMWgdUmIXb +BaQjf+exkGisN1FPh9/ooOOuTu1c0LIRFUhb2kII7HuihaqEpSDdqTEefHWF8AbA +ZDs1+9nNIROJFsY5MX7QNnFnYC94J1aqImVoNbg0knurdPo8iR4hN5ZRUsj/Yjev +cbv0wisZryCtpPrGQ9r/i8bd0UxKql4VW9MXABEBAAG0IkFtb3MgSmVmZnJpZXMg +PGFtb3NAdHJlZW5ldC5jby5uej6JATkEEwECACMCGwMGCwkIBwMCBBUCCAMEFgID +AQIeAQIXgAIZAQUCS9wlXwAKCRCyaOcG/1z0Y9FpB/4sp8CCdb4agK4/EP/olLcN +1em51BS3715Q3A/iOuU9giMTfToqd94qDWiHCbNN+vrx4jjVPYok6QXEzKz5jK6n +VoRSaK+Se72GxdZVhcpcIHsdYcofmR6135RlC3W8aBTYlmX4Uw0FI3Cd9sthsBG0 +sVy9tGDbhmUOsLsqzPyY1FIpq/FyZxoNIjUqaZWVqtOmw7+3LLdjp7xCgQ3dkqmX +d4KDhOWemwSMwD+v4eXSZ7KfHxIPG8Ep7nQfU5+0POl7oC5mVjSSUkWxDWAiFKZE +5H705J/8FUrOFmTO6D5esVgZ6BZ6ktXnRYzXmsN+7Yk+TLvP6MtBT09Q/y1IR21Z +tCRBbW9zIEplZmZyaWVzIDxzcXVpZDNAdHJlZW5ldC5jby5uej6JATYEEwECACAC +GwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCS9wlXwAKCRCyaOcG/1z0Y9gACACK +Y9HWgOhXP67v+ha8cSsUmOCtwVRt7cZ1xCs3kFTvgbUL2isBOORiDCuXjLEYBS8W +a9WCkmqznck+zwhwN8nRCZetTnrqa+elihcjM1wk+XaZRvOjV3Hjtr43hhBiQyJD +jWil0LL/R8Ul3l81zsLvUAXTZXSwxrbkscbfDG8HmYfeVT7WbuDAVTnFLVvip8u3 +tOAy8GU0Kli0aTnVCBczejddM6Qerqiq4gSyove7y2S0PC0G0Nm7j/mqbngd0Inl +cSrC36+hWq8wU7/1skfLIALqMpvpMP8lqpvzzQyTameMOu79BZMw14FiZcELSAri +cbfFzUFgQ/qPdXS1J2P1tDxBbW9zIEplZmZyaWVzIChTcXVpZCAzLjAgUmVsZWFz +ZSBLZXkpIDxzcXVpZDNAdHJlZW5ldC5jby5uej6JATYEEwECACACGwMGCwkIBwMC +BBUCCAMEFgIDAQIeAQIXgAUCS9wlXwAKCRCyaOcG/1z0Y/UcB/473QtJku9QSHaH +68h+vXi9GU7rWGHcCs+HL20fzSnim+trAyoxv+MPUfPH416fgIIMmM9oZlTulp02 +7AwHHUYXZsxzYLA/1bqCKYy7TF6DQ6bLVyuM/SddtAiajZQKUq8UwKILSRcGooJc +p4Iu8J7y4jLm/c+hjoLK6jK92tNUtoKGdLOQQ1JpKRRissihGvFg9nxFoFP+i531 +3k6DKj91G1Z5R+bbP7Jf65CjdBENNq7rRNVHMBBscCHG7X332kVSacqEi4WFrjBT +EasduOmQRQ/frdptK2PmYrqw7F4CsQGo0C1WWXv/5q0gJFb1ovptL9QxmhvVHU0I +S0tnKl04tDxBbW9zIEplZmZyaWVzIChTcXVpZCAzLjEgUmVsZWFzZSBLZXkpIDxz +cXVpZDNAdHJlZW5ldC5jby5uej6JATYEEwECACACGwMGCwkIBwMCBBUCCAMEFgID +AQIeAQIXgAUCS9wlXwAKCRCyaOcG/1z0Y6WjB/0fFm7hFYxZxJvfm+GVU2DpWfQ7 +5bW4f2WqjWJfKNpCwAILkySoD0B+h+HQRkbAQ/IjifbORdTUGuYqURysaJhCEP5J +eQ26hs9dUw/agpEamvROHE/PltHl1K3XIXs7mB2iwexhgncmpp0D4VH39cQiMkIL +Hixv5xRioXHK5P4JkclHJ+zLL3IbdgmS7UijA3Bg8hIUcpy2s+4hy5So8OrcgxDu +q4KwxKcQsklHYqXfxF9+tiy02FeGTSX3JyCVUuGCLMOMbFO6oWP3YWKQUuE9XpgG +0ykz2zEYHbzh8CG+AT/dA1sbjkQP5yTfR3NpPNilwJ7HK9Kn+2AXstRCuLSBuQEN +BEncrb0BCACtTMCBEd5FgBjNxrb+yzUKQtu8cZy6PmpeEaMlEDtAbs+Sd6wbyJe0 +9ZY3OwSDisnA05hPqd3bxmi4CFtxE/2C//jWl1i9xVU7NyK+2CUxEHRoNBY9DAp0 +IAvnZ1BNQcf6CYEMoyTR60GjTnCet2kHt+q9F+vVFmGVatPojUtg2irh+rYjvWbr +iiNCoweqeBqvp2beVqZChQDm5bRamgFW7S8bAhSn24tBZmettXQ6j4ZgjdqNIMgy +O80sCA31LTc3Jcd9WEIYEbJ/9aK+zVHdB1Tw43YQq62OosDeVENwSdE1pjh8R48W +dzCT5Rwe73X/ct5DRi0S/0QkcsjAep45ABEBAAGJAkQEGAECAA8FAkncrb0CGwIF +CQHhM4ABKQkQsmjnBv9c9GPAXSAEGQECAAYFAkncrb0ACgkQB4pjqtD0HqNTXwf/ +fQcDlC/Nx4n4G2LFBRUNanlg3iAInNOfVPyB5fVWwLHZUVpxNm4qNKSGxw1YjVEl +h6EuMjNfQeE+i7Z4/L2Hbqd17M4vXXO4PxqkkUVmqIcIH/PKWJKI2gLlKjSebo4V +vgzPZXFzbKBeTy4URXyifVxu8p+i0+e1eyFB80+EACaHX1b8S9cl88ZgbEqm7mVg +HT+L28o+Y3MrSRpqkTnqfYA5I+bxMO2LNZShtReeKdDU1YB0XOKOB9Y6jOoOLt5g +GKAjYByFeqFbvCJhwfncDuZZ7Ny8PIXj0a8j8e7zZH9I4iCTrRt5eK/+8KBHwuTU +dliCktqtjYKTevjlaPlPw4qsB/496HNciuFiDHmofLKnuYXoR2N2Uo4b6ErmyuKT +KAXFhDiOj8MoN49mEbm0/FdZe+IL0aG7EEIz2+h3h9y7q15dqRawbchMBX1bu7aK +GdiQenyiWbGsliE7h/crxtLHqDQPg2CimQJI1Msx4ee2ePQ9DMPBHgd1TVN9B75Q +h46mJ612j4cIDYspFnqWKqXx52XRVEgyVL0ZFN0On5WukNoBWINqRnLlTJM0zdw5 +jGhRad7B5ubdcPpbbDw9VLfNOOCAPK8jeQNPXMtvFIEoLXeo8wKbVQX33hV2y7kH +GCamA1A05gmJtiVaZBfph5MxAjYx0JdrzlcwrPB+4DNdj1jYuQENBEvcJYoBCADw +e4s2CBQxFf/yenctJYnmiFhppGH3f3RgteKl1rt2mpL3wK79IDrXucfzbxAbwSdA +52wcbaqBbsdguzyOF3bVPJL3c/bVZ/As7m3oOr4HRSpuh2cs5gATesjWRITVMMkO +kHo+69isPAe7vCX6+CgeldPjWSfIcg5sfEo183+V0g8bWiYemGueDKmLqLkwAyCM +gARpDPMKBgShnvRPe1ovG4a/GZilpS5u4QKzyj+3GmLbCHJQOODdDHdt0/AVkbh0 +KUrneKZbvGQdWzC2NXyENa+13U1lG+WSyTsuQN09szd3rRCVITQKR+jnmWlIn3Ji +p0LpMazTENxcn4EN1s0tABEBAAGJAkQEGAECAA8FAkvcJYoCGwIFCQHhM4ABKQkQ +smjnBv9c9GPAXSAEGQECAAYFAkvcJYoACgkQ87HMiV70nOwr/QgAsQiZjDV70LrG +eh6GJvKYWpK35w57krCbqwivzZKDD499Et0DvIFUmkdn6xJAUpuFXzxkPHXWuCqn +cCQjRnqSm0sAVC612cQGStBZm73J0htqLbQc/NGqAzbc/5eOW5BxQJG0fhGIvNhu +1JS8Acbti2q0XfnDKuAwnJyZQsZmZBOAqj9kuB4ATwU4KWwPQGkfZ38W6VSlXbCV +NYoP7+PBSjM6gyjoOzC5U+1Tf7lZvlNEZEmR4Ls0V9XteGTnnJrpJLQ6iVB2dr97 +ZY36Q3aOBhPMSxg/I6scj1iSgmAuAqTpY53qdSf2X24HEERtxR5AVFwmRVI0YQgx +KTeFJLIJMym+CACttZmyZoSWS1atRNhPb44/NRmtDv4mfFRgtwg2VcXAEL/ipPi5 +nMYrfgZ1Zjbzf5e6r6O6qrBTjy7sHCIpT8E/RV0U7Wmh/MqCaJ6TlSFDLaoIYyl8 +m5J46VDOd7XFEbU/59LwwP7wcgU4iNbjxNmjZy/zZCwi8zWnKLVGTgkqx51zsurF +5ZIzDS72Atlg2RAHdGhOaCqeNb5cw44Rh3XPdzTklcpoo3NcMXx/aUPHrRc+SBS6 +iP6UMH+/IuiwOG6UhV1VxRlrVDb5J3/GTxHWPGtEiHNUjxHuH3EN2lj9oTKPKIhs +SHFot7e7PTf5fJ6rTzeQTL4VOWVOkq4M4xmZ +=k8xm +-----END PGP PUBLIC KEY BLOCK----- diff --git a/squid.spec b/squid.spec index c781588..a268359 100644 --- a/squid.spec +++ b/squid.spec @@ -23,7 +23,7 @@ Name: squid Summary: Squid Version 3.2 WWW Proxy Server License: GPL-2.0+ Group: Productivity/Networking/Web/Proxy -Version: 3.2.3 +Version: 3.2.5 Release: 0 Url: http://www.squid-cache.org/Versions/v3/3.2 Source0: http://www.squid-cache.org/Versions/v3/3.2/%{name}-%{version}.tar.bz2 @@ -38,6 +38,7 @@ Source9: %{name}.permissions Source10: README.kerberos Source11: %{name}.service Source12: squid_cache_swap.sh +Source13: %{name}.keyring # # the following patches are downloaded directly from the webserver # don't change the names for easier identification @@ -60,8 +61,6 @@ Patch101: %{name}-nobuilddates.patch ## File is compiled without RPM_OPT_FLAGS # squid3 no-rpm-opt-flags :./cf_gen.cc Patch102: %{name}-compiled_without_RPM_OPT_FLAGS.patch -# Handle setuid/setgid failure -Patch103: squid-glibc217.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: %fillup_prereq PreReq: %insserv_prereq @@ -74,6 +73,7 @@ BuildRequires: cyrus-sasl-devel BuildRequires: ed BuildRequires: expat BuildRequires: gcc-c++ +BuildRequires: gpg-offline BuildRequires: libcap-devel BuildRequires: libexpat-devel BuildRequires: libtool @@ -135,10 +135,11 @@ The most important of these new features are: * Cache Manager access changes First STABLE release Date: 02 Aug 2010 - Latest Release: 3.2.3 - Latest Release Date: 20 Oct 2012 + Latest Release: 3.2.5 + Latest Release Date: 10 Dec 2012 %prep +%gpg_verify %{S:1} %setup -q -n %{name}-%{version} cp %{S:10} . # upstream patches after RELEASE @@ -150,7 +151,6 @@ perl -p -i -e 's|/usr/local/bin/perl|/usr/bin/perl|' `find -name "*.pl"` chmod a-x CREDITS %patch101 %patch102 -%patch103 -p1 %build export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"