From 71075c2f962ab522c056dcfea95c140eeb6ac7f93aecd77b61fa80d6a13b681d Mon Sep 17 00:00:00 2001
From: Christian Wittmer <chris@computersalat.de>
Date: Sun, 30 Dec 2012 15:34:43 +0000
Subject: [PATCH 1/2] Accepting request 143935 from
 home:sbrabec:gpg-offline-verify

Verify GPG signature: Perform build-time offline GPG verification.
Please verify that included keyring matches your needs.
For manipulation with the offline keyring, please use gpg-offline tool from openSUSE:Factory, devel-tools-building or Base:System.
See the man page and/or /usr/share/doc/packages/gpg-offline/PACKAGING.HOWTO.

If you need to build your package for older products and don't want to mess spec file with ifs, please follow PACKAGING.HOWTO:
you can link or aggregate gpg-offline from
devel:tools:building or use following trick with "osc meta prjconf":

--- Cut here ----
%if 0%{?suse_version} <= 1220
Substitute: gpg-offline
%endif

Macros:
%gpg_verify(dnf) \
%if 0%{?suse_version} > 1220\
echo "WARNING: Using %%gpg_verify macro from prjconf, not from gpg-offline package."\
gpg-offline --directory="%{-d:%{-d*}}%{!-d:%{_sourcedir}}" --package="%{-n:%{-n*}}%{!-n:%{name}}""%{-f: %{-f*}}" --verify %{**}\
%else\
echo "WARNING: Dummy prjconf macro. gpg-offline is not available, skipping %{**} GPG signature verification!"\
%endif\
%nil
-----------------

OBS-URL: https://build.opensuse.org/request/show/143935
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=25
---
 squid.changes |  5 +++
 squid.keyring | 85 +++++++++++++++++++++++++++++++++++++++++++++++++++
 squid.spec    |  3 ++
 3 files changed, 93 insertions(+)
 create mode 100644 squid.keyring

diff --git a/squid.changes b/squid.changes
index f205526..0afc8c2 100644
--- a/squid.changes
+++ b/squid.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Thu Nov 29 19:10:16 CET 2012 - sbrabec@suse.cz
+
+- Verify GPG signature.
+
 -------------------------------------------------------------------
 Sat Nov 17 09:38:19 UTC 2012 - aj@suse.de
 
diff --git a/squid.keyring b/squid.keyring
new file mode 100644
index 0000000..56af97d
--- /dev/null
+++ b/squid.keyring
@@ -0,0 +1,85 @@
+pub   2048R/FF5CF463 2008-03-08
+uid                  Amos Jeffries <amos@treenet.co.nz>
+uid                  Amos Jeffries <squid3@treenet.co.nz>
+uid                  Amos Jeffries (Squid 3.0 Release Key) <squid3@treenet.co.nz>
+uid                  Amos Jeffries (Squid 3.1 Release Key) <squid3@treenet.co.nz>
+sub   2048R/D0F41EA3 2009-04-08 [expires: 2010-04-08]
+sub   2048R/5EF49CEC 2010-05-01 [expires: 2011-05-01]
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.19 (GNU/Linux)
+
+mQENBEfSAIMBCADk3IDpqpCzbLbSliZzXr5Z+K9ytG/qGlGut1be1ZQLcyaMKImi
+xKCDwdxYS3N1B8Oj2mHxbEk/8pHZzX/K7l21HQotuj31y0Y9hNz4Sd06SuYm8XUa
+ml8dHEtm9OfgRWkvexCp79CtFJQ1H6NL12d+XFosfRlUXxAWX3orLEtMWgdUmIXb
+BaQjf+exkGisN1FPh9/ooOOuTu1c0LIRFUhb2kII7HuihaqEpSDdqTEefHWF8AbA
+ZDs1+9nNIROJFsY5MX7QNnFnYC94J1aqImVoNbg0knurdPo8iR4hN5ZRUsj/Yjev
+cbv0wisZryCtpPrGQ9r/i8bd0UxKql4VW9MXABEBAAG0IkFtb3MgSmVmZnJpZXMg
+PGFtb3NAdHJlZW5ldC5jby5uej6JATkEEwECACMCGwMGCwkIBwMCBBUCCAMEFgID
+AQIeAQIXgAIZAQUCS9wlXwAKCRCyaOcG/1z0Y9FpB/4sp8CCdb4agK4/EP/olLcN
+1em51BS3715Q3A/iOuU9giMTfToqd94qDWiHCbNN+vrx4jjVPYok6QXEzKz5jK6n
+VoRSaK+Se72GxdZVhcpcIHsdYcofmR6135RlC3W8aBTYlmX4Uw0FI3Cd9sthsBG0
+sVy9tGDbhmUOsLsqzPyY1FIpq/FyZxoNIjUqaZWVqtOmw7+3LLdjp7xCgQ3dkqmX
+d4KDhOWemwSMwD+v4eXSZ7KfHxIPG8Ep7nQfU5+0POl7oC5mVjSSUkWxDWAiFKZE
+5H705J/8FUrOFmTO6D5esVgZ6BZ6ktXnRYzXmsN+7Yk+TLvP6MtBT09Q/y1IR21Z
+tCRBbW9zIEplZmZyaWVzIDxzcXVpZDNAdHJlZW5ldC5jby5uej6JATYEEwECACAC
+GwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCS9wlXwAKCRCyaOcG/1z0Y9gACACK
+Y9HWgOhXP67v+ha8cSsUmOCtwVRt7cZ1xCs3kFTvgbUL2isBOORiDCuXjLEYBS8W
+a9WCkmqznck+zwhwN8nRCZetTnrqa+elihcjM1wk+XaZRvOjV3Hjtr43hhBiQyJD
+jWil0LL/R8Ul3l81zsLvUAXTZXSwxrbkscbfDG8HmYfeVT7WbuDAVTnFLVvip8u3
+tOAy8GU0Kli0aTnVCBczejddM6Qerqiq4gSyove7y2S0PC0G0Nm7j/mqbngd0Inl
+cSrC36+hWq8wU7/1skfLIALqMpvpMP8lqpvzzQyTameMOu79BZMw14FiZcELSAri
+cbfFzUFgQ/qPdXS1J2P1tDxBbW9zIEplZmZyaWVzIChTcXVpZCAzLjAgUmVsZWFz
+ZSBLZXkpIDxzcXVpZDNAdHJlZW5ldC5jby5uej6JATYEEwECACACGwMGCwkIBwMC
+BBUCCAMEFgIDAQIeAQIXgAUCS9wlXwAKCRCyaOcG/1z0Y/UcB/473QtJku9QSHaH
+68h+vXi9GU7rWGHcCs+HL20fzSnim+trAyoxv+MPUfPH416fgIIMmM9oZlTulp02
+7AwHHUYXZsxzYLA/1bqCKYy7TF6DQ6bLVyuM/SddtAiajZQKUq8UwKILSRcGooJc
+p4Iu8J7y4jLm/c+hjoLK6jK92tNUtoKGdLOQQ1JpKRRissihGvFg9nxFoFP+i531
+3k6DKj91G1Z5R+bbP7Jf65CjdBENNq7rRNVHMBBscCHG7X332kVSacqEi4WFrjBT
+EasduOmQRQ/frdptK2PmYrqw7F4CsQGo0C1WWXv/5q0gJFb1ovptL9QxmhvVHU0I
+S0tnKl04tDxBbW9zIEplZmZyaWVzIChTcXVpZCAzLjEgUmVsZWFzZSBLZXkpIDxz
+cXVpZDNAdHJlZW5ldC5jby5uej6JATYEEwECACACGwMGCwkIBwMCBBUCCAMEFgID
+AQIeAQIXgAUCS9wlXwAKCRCyaOcG/1z0Y6WjB/0fFm7hFYxZxJvfm+GVU2DpWfQ7
+5bW4f2WqjWJfKNpCwAILkySoD0B+h+HQRkbAQ/IjifbORdTUGuYqURysaJhCEP5J
+eQ26hs9dUw/agpEamvROHE/PltHl1K3XIXs7mB2iwexhgncmpp0D4VH39cQiMkIL
+Hixv5xRioXHK5P4JkclHJ+zLL3IbdgmS7UijA3Bg8hIUcpy2s+4hy5So8OrcgxDu
+q4KwxKcQsklHYqXfxF9+tiy02FeGTSX3JyCVUuGCLMOMbFO6oWP3YWKQUuE9XpgG
+0ykz2zEYHbzh8CG+AT/dA1sbjkQP5yTfR3NpPNilwJ7HK9Kn+2AXstRCuLSBuQEN
+BEncrb0BCACtTMCBEd5FgBjNxrb+yzUKQtu8cZy6PmpeEaMlEDtAbs+Sd6wbyJe0
+9ZY3OwSDisnA05hPqd3bxmi4CFtxE/2C//jWl1i9xVU7NyK+2CUxEHRoNBY9DAp0
+IAvnZ1BNQcf6CYEMoyTR60GjTnCet2kHt+q9F+vVFmGVatPojUtg2irh+rYjvWbr
+iiNCoweqeBqvp2beVqZChQDm5bRamgFW7S8bAhSn24tBZmettXQ6j4ZgjdqNIMgy
+O80sCA31LTc3Jcd9WEIYEbJ/9aK+zVHdB1Tw43YQq62OosDeVENwSdE1pjh8R48W
+dzCT5Rwe73X/ct5DRi0S/0QkcsjAep45ABEBAAGJAkQEGAECAA8FAkncrb0CGwIF
+CQHhM4ABKQkQsmjnBv9c9GPAXSAEGQECAAYFAkncrb0ACgkQB4pjqtD0HqNTXwf/
+fQcDlC/Nx4n4G2LFBRUNanlg3iAInNOfVPyB5fVWwLHZUVpxNm4qNKSGxw1YjVEl
+h6EuMjNfQeE+i7Z4/L2Hbqd17M4vXXO4PxqkkUVmqIcIH/PKWJKI2gLlKjSebo4V
+vgzPZXFzbKBeTy4URXyifVxu8p+i0+e1eyFB80+EACaHX1b8S9cl88ZgbEqm7mVg
+HT+L28o+Y3MrSRpqkTnqfYA5I+bxMO2LNZShtReeKdDU1YB0XOKOB9Y6jOoOLt5g
+GKAjYByFeqFbvCJhwfncDuZZ7Ny8PIXj0a8j8e7zZH9I4iCTrRt5eK/+8KBHwuTU
+dliCktqtjYKTevjlaPlPw4qsB/496HNciuFiDHmofLKnuYXoR2N2Uo4b6ErmyuKT
+KAXFhDiOj8MoN49mEbm0/FdZe+IL0aG7EEIz2+h3h9y7q15dqRawbchMBX1bu7aK
+GdiQenyiWbGsliE7h/crxtLHqDQPg2CimQJI1Msx4ee2ePQ9DMPBHgd1TVN9B75Q
+h46mJ612j4cIDYspFnqWKqXx52XRVEgyVL0ZFN0On5WukNoBWINqRnLlTJM0zdw5
+jGhRad7B5ubdcPpbbDw9VLfNOOCAPK8jeQNPXMtvFIEoLXeo8wKbVQX33hV2y7kH
+GCamA1A05gmJtiVaZBfph5MxAjYx0JdrzlcwrPB+4DNdj1jYuQENBEvcJYoBCADw
+e4s2CBQxFf/yenctJYnmiFhppGH3f3RgteKl1rt2mpL3wK79IDrXucfzbxAbwSdA
+52wcbaqBbsdguzyOF3bVPJL3c/bVZ/As7m3oOr4HRSpuh2cs5gATesjWRITVMMkO
+kHo+69isPAe7vCX6+CgeldPjWSfIcg5sfEo183+V0g8bWiYemGueDKmLqLkwAyCM
+gARpDPMKBgShnvRPe1ovG4a/GZilpS5u4QKzyj+3GmLbCHJQOODdDHdt0/AVkbh0
+KUrneKZbvGQdWzC2NXyENa+13U1lG+WSyTsuQN09szd3rRCVITQKR+jnmWlIn3Ji
+p0LpMazTENxcn4EN1s0tABEBAAGJAkQEGAECAA8FAkvcJYoCGwIFCQHhM4ABKQkQ
+smjnBv9c9GPAXSAEGQECAAYFAkvcJYoACgkQ87HMiV70nOwr/QgAsQiZjDV70LrG
+eh6GJvKYWpK35w57krCbqwivzZKDD499Et0DvIFUmkdn6xJAUpuFXzxkPHXWuCqn
+cCQjRnqSm0sAVC612cQGStBZm73J0htqLbQc/NGqAzbc/5eOW5BxQJG0fhGIvNhu
+1JS8Acbti2q0XfnDKuAwnJyZQsZmZBOAqj9kuB4ATwU4KWwPQGkfZ38W6VSlXbCV
+NYoP7+PBSjM6gyjoOzC5U+1Tf7lZvlNEZEmR4Ls0V9XteGTnnJrpJLQ6iVB2dr97
+ZY36Q3aOBhPMSxg/I6scj1iSgmAuAqTpY53qdSf2X24HEERtxR5AVFwmRVI0YQgx
+KTeFJLIJMym+CACttZmyZoSWS1atRNhPb44/NRmtDv4mfFRgtwg2VcXAEL/ipPi5
+nMYrfgZ1Zjbzf5e6r6O6qrBTjy7sHCIpT8E/RV0U7Wmh/MqCaJ6TlSFDLaoIYyl8
+m5J46VDOd7XFEbU/59LwwP7wcgU4iNbjxNmjZy/zZCwi8zWnKLVGTgkqx51zsurF
+5ZIzDS72Atlg2RAHdGhOaCqeNb5cw44Rh3XPdzTklcpoo3NcMXx/aUPHrRc+SBS6
+iP6UMH+/IuiwOG6UhV1VxRlrVDb5J3/GTxHWPGtEiHNUjxHuH3EN2lj9oTKPKIhs
+SHFot7e7PTf5fJ6rTzeQTL4VOWVOkq4M4xmZ
+=k8xm
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/squid.spec b/squid.spec
index c781588..b70e94f 100644
--- a/squid.spec
+++ b/squid.spec
@@ -38,6 +38,7 @@ Source9:        %{name}.permissions
 Source10:       README.kerberos
 Source11:       %{name}.service
 Source12:       squid_cache_swap.sh
+Source13:       %{name}.keyring
 #
 # the following patches are downloaded directly from the webserver
 # don't change the names for easier identification
@@ -74,6 +75,7 @@ BuildRequires:  cyrus-sasl-devel
 BuildRequires:  ed
 BuildRequires:  expat
 BuildRequires:  gcc-c++
+BuildRequires:  gpg-offline
 BuildRequires:  libcap-devel
 BuildRequires:  libexpat-devel
 BuildRequires:  libtool
@@ -139,6 +141,7 @@ The most important of these new features are:
   Latest Release Date: 20 Oct 2012
 
 %prep
+%gpg_verify %{S:1}
 %setup -q -n %{name}-%{version}
 cp %{S:10} .
 # upstream patches after RELEASE

From fba5a0ced5829ef78815811ad392eb29348205b72679a6b1de5063024fcff5a8 Mon Sep 17 00:00:00 2001
From: Christian Wittmer <chris@computersalat.de>
Date: Sun, 30 Dec 2012 19:35:16 +0000
Subject: [PATCH 2/2] Accepting request 146698 from
 home:computersalat:devel:proxy

update to 3.2.5

OBS-URL: https://build.opensuse.org/request/show/146698
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=26
---
 RELEASENOTES.html       | 33 +++++++++++++++++----------
 squid-3.2.3.tar.bz2     |  3 ---
 squid-3.2.3.tar.bz2.asc | 20 -----------------
 squid-3.2.5.tar.bz2     |  3 +++
 squid-3.2.5.tar.bz2.asc | 20 +++++++++++++++++
 squid-glibc217.patch    | 49 -----------------------------------------
 squid.changes           | 17 ++++++++++++++
 squid.spec              |  9 +++-----
 8 files changed, 64 insertions(+), 90 deletions(-)
 delete mode 100644 squid-3.2.3.tar.bz2
 delete mode 100644 squid-3.2.3.tar.bz2.asc
 create mode 100644 squid-3.2.5.tar.bz2
 create mode 100644 squid-3.2.5.tar.bz2.asc
 delete mode 100644 squid-glibc217.patch

diff --git a/RELEASENOTES.html b/RELEASENOTES.html
index d522ad5..0d726a9 100644
--- a/RELEASENOTES.html
+++ b/RELEASENOTES.html
@@ -2,10 +2,10 @@
 <HTML>
 <HEAD>
  <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.66">
- <TITLE>Squid 3.2.3 release notes</TITLE>
+ <TITLE>Squid 3.2.5 release notes</TITLE>
 </HEAD>
 <BODY>
-<H1>Squid 3.2.3 release notes</H1>
+<H1>Squid 3.2.5 release notes</H1>
 
 <H2>Squid Developers</H2>
 <HR>
@@ -72,7 +72,8 @@ for Applied Network Research and members of the Web Caching community.</EM>
 <HR>
 <H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
 
-<P>The Squid Team are pleased to announce the release of Squid-3.2.3 for testing.</P>
+<P>The Squid Team are pleased to announce the release of Squid-3.2.5 for 
+testing.</P>
 <P>This new release is available for download from 
 <A HREF="http://www.squid-cache.org/Versions/v3/3.2/">http://www.squid-cache.org/Versions/v3/3.2/</A> or the 
 <A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html">mirrors</A>.</P>
@@ -535,9 +536,10 @@ the use of HTTPS security were desired.</P>
 <P>The cache manager is available under the path prefix /squid-internal-mgr/. For example
 the URL http://example/com/squid-internal-mgr/menu will bring up the manager menu. This
 means there are some configuration changes required to lock down manager access.
-The <EM>manager</EM> ACL needs changing to:
+The <EM>manager</EM> ACL needs changing. A built-in definition is now used, equivalent
+to the following regex pattern:
 <PRE>
-        acl manager url_regex -i ^cache_object:// ^https?://[^/]+/squid-internal-mgr/
+        ^(cache_object://|https?://[^/]+/squid-internal-mgr/)
 </PRE>
 </P>
 
@@ -547,6 +549,14 @@ This template is not supplied with Squid but intended to be supplied by separate
 cache manager applications as their front page embedding all scripts, accessors or
 redirects required for their initial GUI display.</P>
 
+<P>MGR_INDEX file
+<UL>
+<LI>should contain a complete HTML page, with optional client-side scripting.</LI>
+<LI>must not contain server-side scripting. </LI>
+<LI>will have macro substitution performed on it using the same macros as used by the error page tempates.</LI>
+</UL>
+</P>
+
 <P>Version 3.2 of the CGI cache manager tool now presents XHR scripted probes to detect
 proxies presenting these manager index pagess and provides direct HTTP/HTTPS web links
 to those managers.</P>
@@ -724,15 +734,18 @@ New installs, or installs with no logs configured explicitly will use this modul
 <P>New type <EM>random</EM>. Pseudo-randomly match requests based on a configured probability.</P>
 <P>Renamed <EM>myip</EM> to <EM>localip</EM>. It matches the IP which the client connected to.</P>
 <P>Renamed <EM>myport</EM> to <EM>localport</EM>. It matches the port which the client connected to.</P>
+<P>Ported <EM>urllogin</EM> option from Squid 2.7, to match a regex pattern on the URL login field (if any).</P>
 <P>The <EM>localip</EM>/<EM>localport</EM> differ from earlier releases where they matched a mix of
 of an invalid IP and port 0, the client destination IP/port or the Squid listening IP/port.
 This definition is now consistent across all modes of traffic received by Squid.</P>
-<P>The <EM>manager</EM> ACL requires adjustment to cover new cache manager access:
+<P>The <EM>manager</EM> ACL requires adjustment to cover new cache manager access. So it has now been
+built-in as a predefined ACL name matching URLs equivalent to the following regular expression:
 <PRE>
-                acl manager url_regex -i ^cache_object:// ^https?://[^/]+/squid-internal-mgr/
+                ^(cache_object://|https?://[^/]+/squid-internal-mgr/)
         
 </PRE>
-</P>
+
+squid.conf containing the old manager definition can expect to see ACL type collisions.</P>
 
 <DT><B>auth_param</B><DD>
 <P>New options for Basic, Digest, NTLM, Negotiate <EM>children</EM> settings.
@@ -1194,10 +1207,6 @@ An external_acl_type helper may be used to bypass authentication if that is suit
 
 <P>
 <DL>
-<DT><B>acl</B><DD>
-<P><EM>urllogin</EM> option not yet ported from 2.6</P>
-<P><EM>urlgroup</EM> option not yet ported from 2.6</P>
-
 <DT><B>broken_vary_encoding</B><DD>
 <P>Not yet ported from 2.6</P>
 
diff --git a/squid-3.2.3.tar.bz2 b/squid-3.2.3.tar.bz2
deleted file mode 100644
index ff166e3..0000000
--- a/squid-3.2.3.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1741c3ef647f5b0960498b7bb3e44af4a4409c321afe2d141c67d2b5c85ed5a1
-size 2891753
diff --git a/squid-3.2.3.tar.bz2.asc b/squid-3.2.3.tar.bz2.asc
deleted file mode 100644
index c89dc15..0000000
--- a/squid-3.2.3.tar.bz2.asc
+++ /dev/null
@@ -1,20 +0,0 @@
-File: squid-3.2.3.tar.bz2
-Date: Sat Oct 20 12:59:15 UTC 2012
-Size: 2891753
-MD5 : b26171dfd397defd9ee113d555691b86
-SHA1: 41f6cf385d043ee07ef87582dca166303e71cd17
-Key : 0xFF5CF463 <squid3@treenet.co.nz>
-      fingerprint = EA31 CC5E 9488 E516 8D2D  CC5E B268 E706 FF5C F463
-      keyring = http://www.squid-cache.org/pgp.asc
-      keyserver = subkeys.pgp.net
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.12 (GNU/Linux)
-
-iQEcBAABAgAGBQJQg0I7AAoJELJo5wb/XPRj4qUIAOPXneXCd/Ww9wWMw6q3nNv8
-A8cOH/Cf9pGXjNfAUITpauQiG2PbeTxMlnE3gcGFC9GqCUktx8ksfAfnHhb13YCO
-Bz0OMO6MooxPD1YZWdomYJqZxZdL7yZtUTuhpWYibGhPJL2tlrD93Z2OUeXh+jcb
-vucKnLHLZuuHbuBCz0KOwOl/1EWDfHjlz9xjYtRGUb8uFfyFCrkd9tAbiz3mZ2xe
-SmoqJRiboLrvoVEJscaA5AnmVGXZMLKham3kXqBUA6aXwvgZU9eTOh1FAjMJlVdq
-mCiRx5keHj5N5koI4AKzjBa6plUaoQ5nqHGDjnaU448aC8VVhm+mQ3dDr4XxXkA=
-=dc1e
------END PGP SIGNATURE-----
diff --git a/squid-3.2.5.tar.bz2 b/squid-3.2.5.tar.bz2
new file mode 100644
index 0000000..58bc247
--- /dev/null
+++ b/squid-3.2.5.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a823de016ca80680f979f3c74ba481775062b4de5924b21d58d1863254283912
+size 2893104
diff --git a/squid-3.2.5.tar.bz2.asc b/squid-3.2.5.tar.bz2.asc
new file mode 100644
index 0000000..848369a
--- /dev/null
+++ b/squid-3.2.5.tar.bz2.asc
@@ -0,0 +1,20 @@
+File: squid-3.2.5.tar.bz2
+Date: Mon Dec 10 10:16:15 UTC 2012
+Size: 2893104
+MD5 : ddb329f92056aa58a56db6a2eeea0c02
+SHA1: 6b945d41a9c0e993b978186b846035a241e79a7e
+Key : 0xFF5CF463 <squid3@treenet.co.nz>
+      fingerprint = EA31 CC5E 9488 E516 8D2D  CC5E B268 E706 FF5C F463
+      keyring = http://www.squid-cache.org/pgp.asc
+      keyserver = subkeys.pgp.net
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (GNU/Linux)
+
+iQEcBAABAgAGBQJQxcSsAAoJELJo5wb/XPRjikEIANGXmlZFreiKJm7GjCf3FIOT
+Relj7MfKAY6smt0RqZVFoOSnNRf59NQbkkHkDlXKOkUWwtbWRb0U0YQo5Zi0BHlf
+yw4xtkw1kbTLR5TCayLvuViBjMajC0Rjca22YnK0CttijG7qQOmTtX0JVYMZZHBl
+WTKv9rckXz9fmeLTCH57TGz1H1ekAzC2gmY/AzYqmlgDvuioZPnhgiQUgfqsnmII
+pxwUXNldZ0eK/WOwKGi+ReyWSgR4P/nlko3K28/yomADWYSH/al1xFmVWxeJPdoq
+ejzYCA1KYg4jYszscLOuUW/2ajnzXpxl3a2R7oilg6hRir22j+QZiGnbU/DItTo=
+=0bG7
+-----END PGP SIGNATURE-----
diff --git a/squid-glibc217.patch b/squid-glibc217.patch
deleted file mode 100644
index ed53938..0000000
--- a/squid-glibc217.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-Index: squid-3.2.3/src/icmp/pinger.cc
-===================================================================
---- squid-3.2.3.orig/src/icmp/pinger.cc
-+++ squid-3.2.3/src/icmp/pinger.cc
-@@ -180,8 +180,18 @@ main(int argc, char *argv[])
-     }
-     max_fd = max(max_fd, squid_link);
- 
--    setgid(getgid());
--    setuid(getuid());
-+    if (setgid(getgid()) < 0) {
-+        debugs(42, 0, "FATAL: pinger: setgid failed.");
-+        icmp4.Close();
-+        icmp6.Close();
-+	exit (1);
-+    }
-+    if (setuid(getuid()) < 0) {
-+        debugs(42, 0, "FATAL: pinger: setuid failed.");
-+        icmp4.Close();
-+        icmp6.Close();
-+        exit (1);
-+    }
- 
-     last_check_time = squid_curtime;
- 
-Index: squid-3.2.3/src/tools.cc
-===================================================================
---- squid-3.2.3.orig/src/tools.cc
-+++ squid-3.2.3/src/tools.cc
-@@ -757,7 +757,8 @@ enter_suid(void)
-     debugs(21, 3, "enter_suid: PID " << getpid() << " taking root priveleges");
- #if HAVE_SETRESUID
- 
--    setresuid((uid_t)-1, 0, (uid_t)-1);
-+    if (setresuid((uid_t)-1, 0, (uid_t)-1) < 0)
-+	debugs (21, 3, "enter_suid: setresuid failed" << xstrerror ());
- #else
- 
-     setuid(0);
-@@ -782,7 +783,8 @@ no_suid(void)
-     uid = geteuid();
-     debugs(21, 3, "no_suid: PID " << getpid() << " giving up root priveleges forever");
- 
--    setuid(0);
-+    if (setuid(0) < 0)
-+	debugs(50, 1, "no_suid: setuid (0): " << xstrerror());
- 
-     if (setuid(uid) < 0)
-         debugs(50, 1, "no_suid: setuid: " << xstrerror());
diff --git a/squid.changes b/squid.changes
index 0afc8c2..3eb9dbe 100644
--- a/squid.changes
+++ b/squid.changes
@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Sun Dec 30 14:56:38 UTC 2012 - chris@computersalat.de
+
+- Changes to squid-3.2.5 (10 Dec 2012):
+  - Bug 3698: Add missing include of errno.h
+- Changes to squid-3.2.4 (03 Dec 2012):
+  - Ported: urllogin ACL from squid 2.7
+  - Bug 3688: Lots of Orphan Comm:Connections to ICAP server
+  - Bug 3677: Port un-pinning logic changes from squid 3.3
+  - Bug 3405: ssl_crtd crashes failing to remove certificate
+  - ... and major bugs fixed in squid 3.1.22
+  - Fix accept_filter on Linux
+  - Remove 'Bungled' warning on missing component directives
+  - ... and many buffer and memory leak issues in the bundled helpers
+  - ... and a small amount of code polishing
+- remove obsolete glibc-217 patch
+
 -------------------------------------------------------------------
 Thu Nov 29 19:10:16 CET 2012 - sbrabec@suse.cz
 
diff --git a/squid.spec b/squid.spec
index b70e94f..a268359 100644
--- a/squid.spec
+++ b/squid.spec
@@ -23,7 +23,7 @@ Name:           squid
 Summary:        Squid Version 3.2 WWW Proxy Server
 License:        GPL-2.0+
 Group:          Productivity/Networking/Web/Proxy
-Version:        3.2.3
+Version:        3.2.5
 Release:        0
 Url:            http://www.squid-cache.org/Versions/v3/3.2
 Source0:        http://www.squid-cache.org/Versions/v3/3.2/%{name}-%{version}.tar.bz2
@@ -61,8 +61,6 @@ Patch101:       %{name}-nobuilddates.patch
 ## File is compiled without RPM_OPT_FLAGS
 # squid3 no-rpm-opt-flags <cmdline>:./cf_gen.cc
 Patch102:       %{name}-compiled_without_RPM_OPT_FLAGS.patch
-# Handle setuid/setgid failure
-Patch103:       squid-glibc217.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         %fillup_prereq
 PreReq:         %insserv_prereq
@@ -137,8 +135,8 @@ The most important of these new features are:
  * Cache Manager access changes
 
   First STABLE release Date: 02 Aug 2010
-  Latest Release: 3.2.3
-  Latest Release Date: 20 Oct 2012
+  Latest Release: 3.2.5
+  Latest Release Date: 10 Dec 2012
 
 %prep
 %gpg_verify %{S:1}
@@ -153,7 +151,6 @@ perl -p -i -e 's|/usr/local/bin/perl|/usr/bin/perl|' `find -name "*.pl"`
 chmod a-x CREDITS
 %patch101
 %patch102
-%patch103 -p1
 
 %build
 export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"