diff --git a/RELEASENOTES.html b/RELEASENOTES.html
deleted file mode 100644
index 57b9b85..0000000
--- a/RELEASENOTES.html
+++ /dev/null
@@ -1,594 +0,0 @@
-
-
-
-
- Squid 3.4.4 release notes
-
-
-Squid 3.4.4 release notes
-
-Squid Developers
-
-This document contains the release notes for version 3.4 of Squid.
-Squid is a WWW Cache application developed by the National Laboratory
-for Applied Network Research and members of the Web Caching community.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-The Squid Team are pleased to announce the release of Squid-3.4.4 for testing.
-This new release is available for download from
-http://www.squid-cache.org/Versions/v3/3.4/ or the
-mirrors.
-While this release is not deemed ready for production use, we believe it is ready for wider testing by the community.
-We welcome feedback and bug reports. If you find a bug, please see
-http://wiki.squid-cache.org/SquidFaq/BugReporting
-for how to submit a report with a stack trace.
-
-
-
-Although this release is deemed good enough for use in many setups, please note the existence of
-open bugs against Squid-3.4.
-
-
-
-The 3.4 change history can be
-viewed here.
-
-
-
-
-Squid 3.4 represents a new feature release above 3.3.
-
-The most important of these new features are:
-
-- Helper protocol extensions
-- SSL Server Certificate Validator
-- Store-ID
-- TPROXY Support for OpenBSD 5.1+ and FreeBSD 9+
-- Transaction Annotations
-- Multicast DNS
-
-
-Most user-facing changes are reflected in squid.conf (see below).
-
-
-
-
-Details at
-http://wiki.squid-cache.org/Features/AddonHelpers.
-
-The Squid helper protocol used to communicate with authenticators,
-URL-rewriters, Redirectors, and External ACL helpers has been updated
-and extended.
-
-BH status code is now accepted from all helpers to report
-internal error events separate from ERR rejection code.
-Permitting Squid to perform recovery operations specific to
-helper failure instead of a blanket client rejection.
-
-Arbitrary key-value pairs can be returned from any helper.
-Allowing future helpers to be forward- and backward- compatible
-with this and future versions of Squid.
-
-
-
-
-Details at
-http://wiki.squid-cache.org/Features/SslServerCertValidator.
-
-The helper consulted after the internal OpenSSL validation, regardless of the
-validation results. The helper will receive:
-
-
-- the origin server certificate (chain),
-- the intended domain name, and
-- a list of OpenSSL validation errors (if any).
-
-
-
-If the helper decides to honor an OpenSSL error or report another validation
-error(s), the helper will return:
-
-
-- A list of certificates.
-- A list of items consists the the validation error name (see %err_name
-error page macro and %err_details code for logformat), error reason
-(%ssl_lib_error macro), and the offending certificate.
-
-
-
-The returned information mimics what the internal OpenSSL-based validation code
-collects now. Returned errors, if any, are fed to sslproxy_cert_error,
-triggering the existing SSL error processing code.
-
-The helper invocation controlled by the sslcrtvalidator_program and
-sslcrtvalidator_children configurations options which are similar to the
-ssl_crtd related options.
-
-
-
-
-Details at
-http://wiki.squid-cache.org/Features/StoreID.
-
-This feature is a redesigned equivalent to the Squid-2.7 feature known as StoreURL-rewrite.
-
-Notice that this is not a direct portage of the Squid-2.7 feature so behaviour
-differences do exist. Although the new feature works in similar enough ways that the old
-helper scripts used for Squid-2.7 are expected to work in this and later versions of Squid.
-
-Squid traditionally uses the requested URL as an index key ID to locate objects in cache.
-It is not the only key possible and the Store-ID feature exposes an API for external
-helpers to provide Squid with an alternative key name for any URL.
-
-When any client request is received which requires a cache lookup the URL is passed to
-a helper specified with the store_id_program directive to check for an alternative
-Store ID. This allows the helper to identify URLs which refer to duplicate resources and
-de-duplicate the cache content. store_id_access is provided to allow ACL-based
-tuning of which traffic gets sent to the helper and reduce overheads.
-
-One subtle and noteworthy difference between Squid-2 and Squid-3 which is highlighted by
-this feature is that refresh_pattern applies its regex argument against the Store
-ID key and not the transaction URL. So using the Store-ID feature to alter the value
-affects which refresh_pattern directive will be matched.
-
-Store-ID helpers bundled with Squid can be built with the --enable-storeid-rewrite-helpers
-option which is added in this version. Currently there is a file helper
-provided.
-
-
-
-
-Details at
-http://wiki.squid-cache.org/ConfigExamples/Intercept/OpenBsdPf.
-
-The Packet Filter (PF) firewall in OpenBSD 4.4 and later offers traffic interception
-using several very simple methods. One of which is the divert-to rule type
-which acts as a simple routing diversion instead of performing NAT packet alterations.
-
-The IP Firewall (IPFW) on FreeBSD 9+ contains a port of the Linux Netfilter TPROXY feature.
-
-This version of Squid adds support for these features through the ./configure
-options --enable-pf-transparent and --enable-ipfw-transparent when Squid is built on
-systems with the required support. No special extras are required to enable
-http_port ... tproxy configuration to work.
-
-NOTE: To resolve NAT lookup issues on recent PF firewall versions the code behind
-./configure --enable-pf-transparent has been altered and is expected to
-break on the version of PF firewall shipped with BSD systems such as NetBSD and FreeBSD
-which do not yet support the getsockname() API.
-These systems require --with-nat-devpf to enable /dev/pf support when using PF firewall.
-
-
-
-
-Previously the only annotation methods available were ICAP/eCAP HTTP header insertions
-or external ACL tag= result code. Each of which had only limited possibilities
-for use and little or no correlation.
-
-It is now possible to add annotations to a client transaction from several sources:
-
-- Directly from squid.conf using the note directive with
-ACL-based selection of which annotation is linked to any
-particular transaction.
-
-- By configured helper processes returning a key=value pair.
-The key name becomes the annotation name.
-
-
-
-Annotations on the transaction can be passed to ICAP services or eCAP modules using the
-adaptation_meta directive to send them as headers.
-They can also be logged using the %note log format code in custom logs. With
-the new helper response syntax changes this means all helper response key=value details
-such as URL-rewrite or store-id changes, external ACL tag etc. are now able to be logged.
-
-Annotations which are already assigned to a transaction can be checked using an ACL test
-of the new note ACL type. This can match a particular note by name and value,
-of for any notes with a given name.
-
-NOTE: not all helper interfaces are yet enabled to convert key=value into annotations
-and the external ACL interface does not yet send annotations to the helper.
-
-
-
-
-The internal DNS component of Squid now supports multicast DNS (mDNS) resolution in
-accordance with RFC 6762.
-
-The dns_multicast_local directive must be set to on to enable this
-feature.
-
-The multicast DNS group IP addresses for IPv4 and IPv6 resolving are added to the set
-of available DNS resolvers and used automatically for domain names ending in .local
-and reverse-DNS lookups before attempting a secondary resolution on the configured
-resolvers. Domains without .local are resolved using only the configured resolvers.
-
-Statistics for multicast DNS resolution can be found on the idns cache manager
-report.
-
-NOTE that the external DNS helper interface is now deprecated and has been
-removed from future Squid versions. Any installations still using it for local hostname
-resolution need to upgrade to mDNS resolution with this Squid version.
-
-
-
-
-There have been changes to Squid's configuration file since Squid-3.3.
-
-Squid supports reading configuration option parameters from external
-files using the syntax parameters("/path/filename"). For example:
-
- acl whitelist dstdomain parameters("/etc/squid/whitelist.txt")
-
-
-
-There have also been changes to individual directives in the config file.
-This section gives a thorough account of those changes in three categories:
-
-
-
-
-
-
-
-
-
-- configuration_includes_quoted_values
-
-
Whether Squid supports directive parameters with spaces, quotes, and other
-special characters. Surround such parameters with "double quotes" and
-also set this directive on/off around the relevant squid.conf line(s)
-making use of such quoting.
-
- - dns_multicast_local
-
-
Use multicast DNS for .local domains and reverse-DNS resolution.
-
- - note
-
-
Use ACLs to annotate a transaction with customized annotations
-which can be logged in access.log
-
- - spoof_client_ip
-
-
Access control to determine whether to disable the TPROXY spoofing on upstream traffic.
-
- - sslcrtvalidator_children
-
-
Specifies the settings for how many SSL server certificate
-validator helpers are run and when they are started.
-
- - sslcrtvalidator_program
-
-
Specifies the location of a SSL server certificate validator helper.
-
- - store_id_access
-
-
Whether the URL for a given request is passed to the Store-ID helper process.
-Used to improve StoreID performance by quickly eliminating helper delays using ACL tests.
-Ported equivalent to storeurl_access from 2.7
-
- - store_id_bypass
-
-
Whether the StoreID helper may be bypassed when overloaded.
-
- - store_id_children
-
-
Controls the number of StoreID helper processes.
-Options startup=N, idle=N, concurrency=N
-
-- startup=N allow finer tuning of how many helpers are started initially.
-- idle=N allow fine tuning of how many helper to retain as buffer against sudden traffic loads.
-- concurrency=N was previously called url_rewrite_concurrency as a distinct directive.
-
-
-
- - store_id_rewrite_program
-
-
A helper program to provide cache storage internal key ID value for a request.
-Ported equivalent to storeurl_rewrite_program from 2.7
-
-
-
-
-
-
-
-
-- access_log
-
-
Configuration syntax extended to support name=value options.
-New Syntax: access_log module:place [option ...] [acl ...]
-New option logformat= to specify the logging format name.
-New option buffer-size= to specify how large the log buffer
-for this log is to be when buffered_logs is enabled.
-New option on-error= to specify what handling is to be done
-if the logging module encounters a non-recoverable error writing logs.
-With the value die (the default) Squid halts operation.
-With the value drop Squid drops log lines and continue running.
-
- - acl
-
-
New test type server_cert_fingerprint to match against
-server SSL certificate fingerprint.
-New test type note to match against transaction annotations
-by name and value, or just by name.
-New test type any-of to match if any one of a set of named ACLs.
-New test type all-of to match against all of a set of named ACLs.
-
- - auth_param
-
-
New result code BH to signal helper internal errors
-available in all authentication schemes.
-New key message= for error message details in all authentication schemes.
-New result code OK and key ha1= in Digest authentication.
-New result codes OK, ERR replace result codes AF,
-and NA in NTLM and Negotiate authentication.
-New key token= for NTLM and Negotiate authentication OK responses.
-Details at
-http://wiki.squid-cache.org/Features/AddonHelpers.
-
- - external_acl_type
-
-
Deprecated protocol=3.0 option. No longer necessary.
-New result code BH to signal helper internal errors
-Details at
-http://wiki.squid-cache.org/Features/AddonHelpers.
-
- - http_port
-
-
Support IPv6 for intercept mode. Requires ip6tables support on Linux,
-PF support on OpenBSD and IPFW support on FreeBSD. Squid will no longer complain
-about misconfiguration if IPv6 support is missing, we now rely on the firewall
-tools reporting misconfiguration when the NAT rules are created.
-Support tproxy mode traffic on BSD systems with BINDANY support
-(OpenBSD 5+, FreeBSD 9+ so far).
-Changed build options behind intercept traffic mode handling on BSD.
-see --enable-pf-transparent for more details.
-
- - logformat
-
-
New format code %note to log a transaction annotation linked to the
-transaction by ICAP, eCAP, a helper, or the note squid.conf directive.
-New format code %>qos to log client connection TOS/DSCP value set by Squid.
-New format code %<qos to log server connection TOS/DSCP value set by Squid.
-New format code %>nfmark to log client connection netfilter mark set by Squid.
-New format code %<nfmark to log server connection netfilter mark set by Squid.
-
- - pipeline_prefetch
-
-
Updated to take a numeric count of prefetched pipeline requests instead of ON/OFF.
-
- - refresh_pattern
-
-
NOTE: the regular expression pattern operates on the cache Store-ID value.
-Which by default is identical to the requested URL, but may differ for some
-objects if the Store-ID feature is in use.
-
- - unlinkd_program
-
-
New helper response format utilizing result codes OK and BH,
-to signal helper lookup results. Also, key-value response values to return
-multiple values to Squid.
-Details at
-http://wiki.squid-cache.org/Features/AddonHelpers.
-
- - url_rewrite_program
-
-
New helper response format utilizing result codes OK, ERR,
-and BH to signal helper lookup results. Also, key-value response
-values to return multiple values to Squid.
-Details at
-http://wiki.squid-cache.org/Features/AddonHelpers.
-
-
-
-
-
-
-
-
-- storeurl_access
-
-
Replaced by store_id_access.
-
- - storeurl_rewrite_children
-
-
Replaced by store_id_children.
-
- - storeurl_rewrite_concurrency
-
-
Replaced by store_id_children with concurrency=N option.
-
- - storeurl_rewrite_program
-
-
Replaced by store_id_program.
-
-
-
-
-
-
-
-There have been some changes to Squid's build configuration since Squid-3.3.
-This section gives an account of those changes in three categories:
-
-
-
-
-
-
-
-
-
-- --enable-storeid-rewrite-helpers
-
-
New option to control which Store-ID helpers are built. As with other
-helper options use --disable-* to prevent any helpers building and
-omit to get all helper auto-detected.
-Currenly only a helper using file for backend is provided.
-
- - --disable-arch-native
-
-
New option to disable use of -march=native compiler flag.
-The new flag auto-enables CPU-specific optimizations in GCC and is
-required by Clang++ v3.2 for correct 64-bit environment detection.
-It does not always work well however, so this build option is provided
-to remove it when necessary.
-
- - --with-nat-devpf
-
-
New option to alter the behaviour of http_port ... intercept option
-in squid.conf.
-When this option is used Squid performs the /dev/pf lookups required to
-support PF rdr-to rules. Otherwise Squid will perform perform the
-getsockname() API calls to support PF divert-to rules.
-NOTE: systems such as NetBSD and FreeBSD which do not yet support
-the getsockname() API in recent PF versions require this option.
-
-
-
-
-
-
-
-
-- --enable-pf-transparent
-
-
NAT table support updated to use the getsockname() API provided by the
-latest PF versions divert-to. This allows http_port
-in squid.conf to support both intercept and tproxy traffic
-and to silence NAT lookup failure messages on recent BSD.
-NOTE: systems such as NetBSD and FreeBSD which do not yet support
-the getsockname() API in recent PF versions require --with-nat-devpf
-to re-enable /dev/pf support when using PF firewall.
-
- - --disable-translation
-
-
Default changed to prevent translating error page templates during build.
-Use --enable-translation to explicitly build and install the templates.
-The latest pre-translated templates can be downloaded from
-http://www.squid-cache.org/Versions/langpack/
-
-
-
-
-
-
-
-There are no removed ./configure options in Squid-3.4.
-
-
-
-
-
-
-
-Some squid.conf options which were available in Squid-2.7 are not yet available in Squid-3.4
-
-If you need something to do then porting one of these from Squid-2 to Squid-3 is most welcome.
-
-
-
-
-
-- broken_vary_encoding
-
-
Not yet ported from 2.6
-
- - cache_dir
-
-
COSS storage type is lacking stability fixes from 2.6
-COSS overwrite-percent= option not yet ported from 2.6
-COSS max-stripe-waste= option not yet ported from 2.6
-COSS membufs= option not yet ported from 2.6
-COSS maxfullbufs= option not yet ported from 2.6
-
- - cache_peer
-
-
idle= not yet ported from 2.7
-monitorinterval= not yet ported from 2.6
-monitorsize= not yet ported from 2.6
-monitortimeout= not yet ported from 2.6
-monitorurl= not yet ported from 2.6
-
- - cache_vary
-
-
Not yet ported from 2.6
-
- - collapsed_forwarding
-
-
Not yet ported from 2.6
-
- - error_map
-
-
Not yet ported from 2.6
-
- - external_refresh_check
-
-
Not yet ported from 2.7
-
- - location_rewrite_access
-
-
Not yet ported from 2.6
-
- - location_rewrite_children
-
-
Not yet ported from 2.6
-
- - location_rewrite_concurrency
-
-
Not yet ported from 2.6
-
- - location_rewrite_program
-
-
Not yet ported from 2.6
-
- - refresh_pattern
-
-
stale-while-revalidate= not yet ported from 2.7
-ignore-stale-while-revalidate= not yet ported from 2.7
-negative-ttl= not yet ported from 2.7
-
- - refresh_stale_hit
-
-
Not yet ported from 2.7
-
- - update_headers
-
-
Not yet ported from 2.7
-
-
-
-
-
-
diff --git a/rpmlintrc b/rpmlintrc
deleted file mode 100644
index 3e9ebd3..0000000
--- a/rpmlintrc
+++ /dev/null
@@ -1,3 +0,0 @@
-addFilter("macro-in-comment")
-addFilter("no-manual-page-for-binary")
-addFilter("zero-length")
diff --git a/squid-3.4.10.tar.bz2 b/squid-3.4.10.tar.bz2
new file mode 100644
index 0000000..6a1503e
--- /dev/null
+++ b/squid-3.4.10.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5a971c4f5404113bd0264d13137cd5f326b58ef20c17beae836036668aeabc97
+size 3043193
diff --git a/squid-3.4.10.tar.bz2.asc b/squid-3.4.10.tar.bz2.asc
new file mode 100644
index 0000000..2dcf177
--- /dev/null
+++ b/squid-3.4.10.tar.bz2.asc
@@ -0,0 +1,20 @@
+File: squid-3.4.10.tar.bz2
+Date: Tue Dec 9 17:23:33 UTC 2014
+Size: 3043193
+MD5 : 326283b0c37e7dc9b2f90dc0ecd9a8a4
+SHA1: a04ab50971e1a446fe82514fff830898661c6fad
+Key : 0xFF5CF463
+ fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
+ keyring = http://www.squid-cache.org/pgp.asc
+ keyserver = subkeys.pgp.net
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQEcBAABAgAGBQJUhzBbAAoJELJo5wb/XPRjUCIH/3hfJgMi/iKRZpedeFjQhstf
+twbTxrtW1x+Er6J3pswPUIbLcYARHhsTpfYHAatleE1Ccl9b16FXSMSXobHpmrab
+YR1q/N/W3QwgqH3D2a2m8eUNJTWxTeZ1xYeGzHJK7sgKfaBbt/JlYfs8nh7ekdkV
+GjHzHa3IDuq5VX4Pra6riCW9NjAvUo8oaesU3ZRjV9fECbZ2XMqvrxHq7V7bGOgx
+sU1gsRjlgsAZeFDiEXz+Dww2RBh46/gUwJZwO/uTYmJjPzr4hFb1PLwEVL4+auv2
+uS8lta6K9ZpIXPXaKj0zntG1Z+5X77SoLoTQMq06PpLlGpDjYMDzcs25mCyU1R0=
+=Ooir
+-----END PGP SIGNATURE-----
diff --git a/squid-3.4.4.tar.bz2 b/squid-3.4.4.tar.bz2
deleted file mode 100644
index 1c3999e..0000000
--- a/squid-3.4.4.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d15e7cc8b1cb25b1b552d938e622819a9cbf5c5bbb517875709a6088bbd3d1e5
-size 2812380
diff --git a/squid-3.4.4.tar.bz2.asc b/squid-3.4.4.tar.bz2.asc
deleted file mode 100644
index fbd8fd8..0000000
--- a/squid-3.4.4.tar.bz2.asc
+++ /dev/null
@@ -1,20 +0,0 @@
-File: squid-3.4.4.tar.bz2
-Date: Sun Mar 9 10:06:07 UTC 2014
-Size: 2812380
-MD5 : f9c7dd495e45042cc162d89cfbb97cc0
-SHA1: 1d5db3970d4a8bd460315d90253c5c20d96abdad
-Key : 0xFF5CF463
- fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
- keyring = http://www.squid-cache.org/pgp.asc
- keyserver = subkeys.pgp.net
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQEcBAABAgAGBQJTHD43AAoJELJo5wb/XPRjD/QH/3GMK+VPmnP5QiMgr995Zp+o
-ZHfQoVXO679Mq55Yv53ZSCE8xUGtqwaabm/3pP+U1URrs2kTJV+392fN43RmZ7R+
-11zvIXJD3/dGAHAKQlxELMskWNNAdQWCpXGhKaJFU0ghvqlGpq1hLx2M5DqOgJBU
-DoFLFUQdKLPU8n1PwnY3SKdT3q3VxpSVbaUx+doQnsNW2Fj2NBj/kb2TQy/1UmyF
-FWVpn6Gr3BMCrl4uiw1yiCdHty61Tt6BH6swjA7sQjcenMLWQjNzRzGgM4TfhlvR
-czHrrJDbpNZ7Z8NBGvyAYBQmsFRxNm51yIFmpRst+PJBZuNJFW4RB9lek1hWsuk=
-=zJQN
------END PGP SIGNATURE-----
diff --git a/squid-compiled_without_RPM_OPT_FLAGS.patch b/squid-compiled_without_RPM_OPT_FLAGS.patch
index d7c8b08..d020e79 100644
--- a/squid-compiled_without_RPM_OPT_FLAGS.patch
+++ b/squid-compiled_without_RPM_OPT_FLAGS.patch
@@ -2,7 +2,7 @@ Index: src/Makefile.am
===================================================================
--- src/Makefile.am.orig
+++ src/Makefile.am
-@@ -981,7 +981,7 @@ cache_cf.o: cf_parser.cci
+@@ -983,7 +983,7 @@ cache_cf.o: cf_parser.cci
# cf_gen builds the configuration files.
cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES) cf_gen_defines.cci
@@ -15,7 +15,7 @@ Index: src/Makefile.in
===================================================================
--- src/Makefile.in.orig
+++ src/Makefile.in
-@@ -7295,7 +7295,7 @@ cache_cf.o: cf_parser.cci
+@@ -7742,7 +7742,7 @@ cache_cf.o: cf_parser.cci
# cf_gen builds the configuration files.
cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES) cf_gen_defines.cci
diff --git a/squid-config.patch b/squid-config.patch
index ea08e85..0454fc9 100644
--- a/squid-config.patch
+++ b/squid-config.patch
@@ -2,7 +2,7 @@ Index: src/cf.data.pre
===================================================================
--- src/cf.data.pre.orig
+++ src/cf.data.pre
-@@ -1350,6 +1350,8 @@ http_access deny manager
+@@ -1361,6 +1361,8 @@ http_access deny manager
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
@@ -11,7 +11,7 @@ Index: src/cf.data.pre
http_access allow localhost
# And finally deny all other access to this proxy
-@@ -3361,6 +3363,10 @@ DOC_START
+@@ -3414,6 +3416,10 @@ DOC_START
Instead, if you want Squid to use the entire disk drive,
subtract 20% and use that value.
@@ -22,7 +22,7 @@ Index: src/cf.data.pre
'L1' is the number of first-level subdirectories which
will be created under the 'Directory'. The default is 16.
-@@ -3494,7 +3500,7 @@ DOC_START
+@@ -3547,7 +3553,7 @@ DOC_START
NOCOMMENT_START
# Uncomment and adjust the following to add a disk cache directory.
@@ -31,7 +31,7 @@ Index: src/cf.data.pre
NOCOMMENT_END
DOC_END
-@@ -4147,7 +4153,7 @@ DOC_END
+@@ -4178,7 +4184,7 @@ DOC_END
NAME: logfile_rotate
TYPE: int
diff --git a/squid-nobuilddates.patch b/squid-nobuilddates.patch
index 816e2cb..7ed4f24 100644
--- a/squid-nobuilddates.patch
+++ b/squid-nobuilddates.patch
@@ -44,14 +44,14 @@ Index: helpers/external_acl/LM_group/ext_lm_group_acl.cc
- debug("External ACL win32 group helper build " __DATE__ ", " __TIME__
- " starting up...\n");
+ debug("External ACL win32 group helper build starting up...\n");
- if (use_global)
+ if (use_global) {
debug("Domain Global group mode enabled using '%s' as default domain.\n", DefaultDomain);
- if (use_case_insensitive_compare)
+ }
Index: helpers/negotiate_auth/SSPI/negotiate_sspi_auth.cc
===================================================================
--- helpers/negotiate_auth/SSPI/negotiate_sspi_auth.cc.orig
+++ helpers/negotiate_auth/SSPI/negotiate_sspi_auth.cc
-@@ -272,7 +272,7 @@ main(int argc, char *argv[])
+@@ -274,7 +274,7 @@ main(int argc, char *argv[])
process_options(argc, argv);
@@ -64,7 +64,7 @@ Index: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.cc
===================================================================
--- helpers/ntlm_auth/SSPI/ntlm_sspi_auth.cc.orig
+++ helpers/ntlm_auth/SSPI/ntlm_sspi_auth.cc
-@@ -609,7 +609,7 @@ main(int argc, char *argv[])
+@@ -611,7 +611,7 @@ main(int argc, char *argv[])
process_options(argc, argv);
diff --git a/squid-rpmlintrc b/squid-rpmlintrc
new file mode 100644
index 0000000..1b1ec08
--- /dev/null
+++ b/squid-rpmlintrc
@@ -0,0 +1,5 @@
+addFilter("no-manual-page-for-binary")
+addFilter("zero-length")
+addFilter("incorrect-fsf-address")
+# Temporary solution untill it is moved into factory
+#setBadness('permissions-unauthorized-file', 333)
diff --git a/squid.changes b/squid.changes
index ee18588..5d99c67 100644
--- a/squid.changes
+++ b/squid.changes
@@ -1,3 +1,200 @@
+-------------------------------------------------------------------
+Fri Jan 9 10:19:10 UTC 2015 - tchvatal@suse.com
+
+- Cleanup with spec-cleaner
+- Version bump to 3.4.10:
+ * Fix bootstrap.sh dependency on SPONSORS.list
+ * HTTP/2: Support 421 (Misdirected Request) status code
+ * Alternate-Protocol is a hop-by-hop header
+ * Bug #4148: external_acl_type header format does not accept the new libformat syntax
+ * Bug #4033: Rebuild corrupted ssl_db/size file
+ * Bug #3902: Docs: external_acl_type cache hash key
+ * Bug #4145: squid_endian.h compile errors with OpenBSD 5.6
+ * Fix segmentation fault in ACLUrlPathStrategy::match
+- Remove support for other distros as we build for opensuse anyway
+
+-------------------------------------------------------------------
+Fri Jan 2 16:07:38 UTC 2015 - boris@steki.net
+
+- remove permissions.easy and permissions.paranoid files from package
+ as they are not used any more
+
+-------------------------------------------------------------------
+Tue Dec 9 12:42:48 UTC 2014 - boris@steki.net
+
+- remove setBadness in rpmlintrc as it should be already in Factory
+ permissions package handled
+
+-------------------------------------------------------------------
+Mon Dec 8 15:28:42 UTC 2014 - meissner@suse.com
+
+- %verifyscript is its own section, move out of the %postun section
+
+-------------------------------------------------------------------
+Tue Dec 2 10:27:49 UTC 2014 - dimstar@opensuse.org
+
+- Use URLs to paths that the source validator actually understands
+ and make this acceptable for Tumbleweed.
+
+-------------------------------------------------------------------
+Thu Nov 27 21:18:35 UTC 2014 - chris@computersalat.de
+
+- fix for boo#894636 (squid's logrotate snippet runs init script)
+ * modify squid.logrotate to work on both systemd and SysVinit
+
+-------------------------------------------------------------------
+Thu Nov 27 13:16:58 UTC 2014 - lmuelle@suse.com
+
+- Changes to 3.4.9 (31 Oct 2014):
+ + Regression fix: ext_kerberos_ldap_group_acl typo in 3.4.7 update
+ + Bug 4102: sslbump cert contains only a dot character in key usage extension
+ + Bug 4093: source-maintenance.sh errors and warnings due to wrong
+ tools/options
+ + Bug 4088: memory leak in external_acl_type helper with cache=0 or ttl=0
+ + Bug 4024: Bad host/IP ::1 when using IPv4-only environment
+ + Bug 3803: ident leaks memory on failure
+ + kerberos_ldap_group/cert_tool: Remove ksh dependency;
+ obsoletes squid-cert_tool_use_bash_not_ksh.patch
+ + ... and some automated code style updates
+ + ... and some documentation updates
+- Changes to 3.4.8 (15 Sep 2014):
+ + Fix off by one in SNMP subsystem
+ + pinger: Fix various ICMP handling issues; CVE-2014-7141; CVE-2014-7142;
+ http://www.squid-cache.org/Advisories/SQUID-2014_4.txt; bnc#891268
+ obsoletes squid-icmp-DoS.patch
+
+-------------------------------------------------------------------
+Wed Nov 26 21:45:48 UTC 2014 - lmuelle@suse.com
+
+- Remove dependency on gpg-offline as signature checking is implemented in the
+ source validator.
+
+-------------------------------------------------------------------
+Wed Sep 24 11:49:04 UTC 2014 - chris@computersalat.de
+
+- fix spec and changes file
+
+-------------------------------------------------------------------
+Tue Sep 16 09:31:35 UTC 2014 - boris@steki.net
+
+- update logrotate file
+ * postrotate now defaults to 'systemd'
+
+-------------------------------------------------------------------
+Tue Sep 16 08:35:11 UTC 2014 - boris@steki.net
+
+- fix for icmp pinger DOS bnc#891268
+
+-------------------------------------------------------------------
+Mon Sep 15 11:36:51 UTC 2014 - chris@computersalat.de
+
+- some spec cleanup
+- some systemd/SysVinit fixes
+- fix sysconfig file for ! suse_version
+
+-------------------------------------------------------------------
+Thu Sep 11 15:25:01 UTC 2014 - boris@steki.net
+
+- replaced permissions handling using setuid bit with use of
+ linux capabilities (on supported systems)
+- general cleanup of .spec file and systemd handling
+
+-------------------------------------------------------------------
+Fri Sep 5 15:04:47 UTC 2014 - chris@computersalat.de
+
+- Changes to 3.4.7 (28 Aug 2014):
+ * Regression Fix: Kerberos LDAP authorizing groups with principle subdomain
+ * Bug 4080: worker hangs when client identd is not responding
+ * Bug 3966: Add KeyEncipherment when ssl-bump substitues RSA for EC
+ * HTTP/1.1: Ignore Range headers with unidentifiable byte-range values
+ * SSL-bump: Use v3 for fake certificate if we add _any_ certificate extension
+ * Enable compile-time override for MAXTCPLISTENPORTS
+ * ntlm_sspi_auth: Fix various build errors
+ * negotiate_wrapper: Fix build issues with non-portable vfork()
+ * negotiate_sspi_auth: Portability fixes for MinGW
+ * ext_lm_group_acl: Portability fixes for MinGW
+ * ... and several minor memory leaks
+- fix for bnc#894636
+ * fix postrotate for systemd
+- rebase patches
+ * squid-cert_tool_use_bash_not_ksh.patch
+ * squid-compiled_without_RPM_OPT_FLAGS.patch
+ * squid-nobuilddates.patch
+ * squid-config.patch
+
+-------------------------------------------------------------------
+Thu Sep 4 16:02:45 UTC 2014 - chris@computersalat.de
+
+- fix for bnc#894840
+ * fix logrotate file (sharedscripts)
+
+-------------------------------------------------------------------
+Sun Aug 31 09:32:01 UTC 2014 - boris@steki.net
+
+- add --disable-arch-native configure param as vmware does not
+ emulate all instruction set and squid fails with
+ "Illegal instruction" more info at
+ http://wiki.squid-cache.org/KnowledgeBase/IllegalInstructionError
+
+-------------------------------------------------------------------
+Thu Aug 14 16:42:17 CEST 2014 - draht@suse.de
+
+- squid-cert_tool_use_bash_not_ksh.patch:
+ /usr/sbin/cert_tool should use bash, not ksh. [bnc#891313]
+
+-------------------------------------------------------------------
+Sun Aug 10 21:16:29 UTC 2014 - chris@computersalat.de
+
+- Changes to squid-3.4.6 (25 Jun 2014):
+ * Regression: segmentation fault logging with %tg format specifier
+ * Bug 4065: round-robin neighbor selection with unequal weights
+ * Bug 4056: assertion MemPools[type] from netdbExchangeStart()
+ * Bug 4050: segmentation fault in CommSelectEngine::checkEvents on helper response
+ * Fix segmentation fault setting up server SSL connnection
+ * Fix hanging Non-HTTPS connections on SSL-bump enabled port
+ * Fix Cache Manager actions listed more than once
+ * ... and many minor memory leaks
+ * ... and several portability build issues
+ * ... and some documentation updates
+- Changes to squid-3.4.5 (02 May 2014):
+ * Regression Bug 4051: inverted test on CONNECT payload existence
+ * Regression Fix: order dependency between cache_dir and maximum_object_size
+ * Fix logformat %note display
+ * Resolve 'dying from an unhandled exception: c'
+ * Copyright: Update CONTRIBUTORS list of copyright holders
+- fix deps
+ * libtool >= 2.4
+ * older libtool needs --with-included-ltd
+
+-------------------------------------------------------------------
+Thu Jul 31 14:01:54 UTC 2014 - dimstar@opensuse.org
+
+- Rename rpmlintrc to %{name}-rpmlintrc.
+ Follow the packaging guidelines.
+
+-------------------------------------------------------------------
+Thu Apr 24 20:47:05 UTC 2014 - boris@steki.net
+
+- fix rhel/centos usermod parameter invocation order
+
+-------------------------------------------------------------------
+Wed Apr 9 15:42:06 UTC 2014 - boris@steki.net
+
+- setuid handling for opensuse using permissions updated
+
+-------------------------------------------------------------------
+Mon Apr 7 12:06:41 UTC 2014 - boris@steki.net
+
+- enable build for centos/rhel
+ - add centos/rhel init script
+
+-------------------------------------------------------------------
+Sat Mar 29 16:47:44 UTC 2014 - chris@computersalat.de
+
+- add 'squid' as default group and added suid bit for /usr/sbin/pinger
+ # pinger needs 'root' privileges to be able to ping (cache peer)
+ * attr(4750,root,squid) /usr/sbin/pinger
+
-------------------------------------------------------------------
Fri Mar 28 18:46:44 UTC 2014 - chris@computersalat.de
diff --git a/squid.init b/squid.init
deleted file mode 100644
index cb400db..0000000
--- a/squid.init
+++ /dev/null
@@ -1,201 +0,0 @@
-#!/bin/sh
-# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH
-# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH
-# Copyright (c) 2002 SuSE Linux AG
-#
-# Author: Frank Bodammer, Peter Poeml, Klaus Singvogel
-#
-# /etc/init.d/squid
-# and its symbolic link
-# /(usr/)sbin/rcsquid
-#
-### BEGIN INIT INFO
-# Provides: squid
-# Required-Start: $local_fs $remote_fs $network $time
-# Should-Start: apache $named winbind
-# Required-Stop: $local_fs $remote_fs $network $time
-# Should-Stop: apache $named winbind
-# Default-Start: 3 5
-# Default-Stop: 0 1 2 6
-# Short-Description: Squid web cache
-# Description: Start the Squid web cache, providing
-# HTTP, FTP and other proxy services
-### END INIT INFO
-#
-# Note on runlevels:
-# 0 - halt/poweroff 6 - reboot
-# 1 - single user 2 - multiuser without network exported
-# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm)
-
-
-# Check for missing binaries (stale symlinks should not happen)
-# Note: Special treatment of stop for LSB conformance
-SQUID_BIN=/usr/sbin/squid
-test -x $SQUID_BIN || { echo "$SQUID_BIN not installed";
- if [ "$1" = "stop" ]; then exit 0;
- else exit 5; fi; }
-
-# Check for existence of needed config file and read it
-SQUID_SYSCONFIG=/etc/sysconfig/squid
-test -r $SQUID_SYSCONFIG || { echo "$SQUID_SYSCONFIG not existing";
- if [ "$1" = "stop" ]; then exit 0;
- else exit 6; fi; }
-
-# Read config
-. $SQUID_SYSCONFIG
-
-SQUID_PID=/var/run/squid.pid
-SQUID_CONF=/etc/squid/squid.conf
-SQUID_S_T=${SQUID_SHUTDOWN_TIMEOUT:="60"}
-SQUID_OPTS=${SQUID_START_OPTIONS:="-sY"}
-SQUID_ULIMIT=${SQUID_DEFAULT_ULIMT:="4096"}
-
-# determine which one is the cache_swap directory
-SQUID_CACHE_DIR=$(perl -n -e \
- '/^cache_dir\s+\S+\s+(.*)\s+\d+\s+\d+\s+\d+/ && print "$1"' $SQUID_CONF)
-
-ulimit -n "$SQUID_ULIMIT"
-
-#IN: $SQUID_CACHE_DIR
-setup_squid_cache_dir(){
- for adir in "$1" ; do
- if [ ! -d $adir/00 ]; then # create missing cache directories
- umask 027 # prevent users reading any cache data
- echo -n " ($adir)"
- $SQUID_BIN -z -F > /dev/null 2>&1
- fi
- if [ ! -d $adir/00 ]; then
- echo " - failed while creating cache_dir ! "
- rc_failed
- rc_status -v
- rc_exit
- fi
- done
- sleep 2
-}
-
-# Shell functions sourced from /etc/rc.status:
-# rc_check check and set local and overall rc status
-# rc_status check and set local and overall rc status
-# rc_status -v be verbose in local rc status and clear it afterwards
-# rc_status -v -r ditto and clear both the local and overall rc status
-# rc_status -s display "skipped" and exit with status 3
-# rc_status -u display "unused" and exit with status 3
-# rc_failed set local and overall rc status to failed
-# rc_failed set local and overall rc status to
-# rc_reset clear both the local and overall rc status
-# rc_exit exit appropriate to overall rc status
-# rc_active checks whether a service is activated by symlinks
-. /etc/rc.status
-
-# Reset status of this service
-rc_reset
-
-
-case "$1" in
- start)
- echo -n "Starting WWW-proxy squid "
- if /sbin/checkproc $SQUID_BIN ; then
- echo -n "- Warning: squid already running ! "
- rc_failed
- else
- [ -e $SQUID_PID ] && echo -n "- Warning: $SQUID_PID exists ! "
- if [ -n "$SQUID_CACHE_DIR" -a -d "$SQUID_CACHE_DIR" ]; then
- setup_squid_cache_dir "$SQUID_CACHE_DIR"
- fi
- fi
- startproc -l /var/log/squid/rcsquid.log $SQUID_BIN "$SQUID_OPTS"
-
- # Remember status and be verbose
- rc_status -v
- ;;
- stop)
- echo -n "Shutting down WWW-proxy squid "
- if /sbin/checkproc $SQUID_BIN ; then
- $SQUID_BIN -k shutdown
- sleep 2
- if [ -e $SQUID_PID ] ; then
- echo -n "- wait a minute or two... "
- i="$SQUID_S_T"
- while [ -e $SQUID_PID ] && [ $i -gt 0 ] ; do
- sleep 2
- i=$[$i-1]
- echo -n "."
- [ $i -eq 41 ] && echo
- done
- fi
- if /sbin/checkproc $SQUID_BIN ; then
- killproc -TERM $SQUID_BIN
- echo -n " Warning: squid killed !"
- fi
- else
- echo -n "- Warning: squid not running ! "
- rc_failed 7
- fi
-
- # Remember status and be verbose
- rc_status -v
- ;;
- try-restart)
- $0 status >/dev/null && $0 restart
-
- # Remember status and be quiet
- rc_status
- ;;
- restart)
- $0 stop
- $0 start
-
- # Remember status and be quiet
- rc_status
- ;;
- force-reload)
- $0 reload
-
- # Remember status and be quiet
- rc_status
- ;;
- reload)
- echo -n "Reloading WWW-proxy squid "
- if /sbin/checkproc $SQUID_BIN ; then
- $SQUID_BIN -k rotate
- sleep 2
- $SQUID_BIN -k reconfigure
- rc_status
- else
- echo -n "- Warning: squid not running ! "
- rc_failed 7
- fi
-
- # Remember status and be verbose
- rc_status -v
- ;;
- status)
- echo -n "Checking for WWW-proxy squid "
- ## Check status with checkproc(8), if process is running
- ## checkproc will return with exit status 0.
-
- # Return value is slightly different for the status command:
- # 0 - service up and running
- # 1 - service dead, but /var/run/ pid file exists
- # 2 - service dead, but /var/lock/ lock file exists
- # 3 - service not running (unused)
- # 4 - service status unknown :-(
- # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
-
- # NOTE: checkproc returns LSB compliant status values.
- /sbin/checkproc $SQUID_BIN
-
- # Remember status and be verbose
- rc_status -v
- ;;
- probe)
- test $SQUID_CONF -nt $SQUID_PID && echo reload
- ;;
- *)
- echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
- exit 1
- ;;
-esac
-rc_exit
-
diff --git a/squid.logrotate b/squid.logrotate
index 1c32741..d432dc1 100644
--- a/squid.logrotate
+++ b/squid.logrotate
@@ -1,19 +1,5 @@
-/var/log/squid/cache.log {
- compress
- dateext
- maxage 365
- rotate 99
- size=+1024k
- notifempty
- missingok
- create 640 squid root
- sharedscripts
- postrotate
- /etc/init.d/squid reload
- endscript
-}
-
-/var/log/squid/access.log {
+/var/log/squid/access.log /var/log/squid/store.log /var/log/squid/cache.log {
+ su squid squid
compress
dateext
maxage 365
@@ -24,21 +10,6 @@
create 640 squid root
sharedscripts
postrotate
- /etc/init.d/squid reload
- endscript
-}
-
-/var/log/squid/store.log {
- compress
- dateext
- maxage 365
- rotate 99
- size=+4096k
- notifempty
- missingok
- create 640 squid root
- sharedscripts
- postrotate
- /etc/init.d/squid reload
+ /usr/bin/systemctl -q is-active squid.service && /usr/sbin/squid -k rotate
endscript
}
diff --git a/squid.permissions b/squid.permissions
deleted file mode 100644
index 46b9acf..0000000
--- a/squid.permissions
+++ /dev/null
@@ -1,2 +0,0 @@
-/var/cache/squid/ squid:root 750
-/var/log/squid/ squid:root 750
diff --git a/squid.spec b/squid.spec
index 3b5384b..3238f34 100644
--- a/squid.spec
+++ b/squid.spec
@@ -1,7 +1,7 @@
#
# spec file for package squid
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,42 +17,25 @@
%define squidlibdir %{_libdir}/squid
-%define squidconfdir /etc/squid
-#define snap -20131225-r13064
-
+%define squidconfdir %{_sysconfdir}/squid
Name: squid
-Summary: Squid Version 3.3 WWW Proxy Server
+Version: 3.4.10
+Release: 0
+Summary: A fully featured HTTP/1.0 proxy
License: GPL-2.0+
Group: Productivity/Networking/Web/Proxy
-Version: 3.4.4
-Release: 0
Url: http://www.squid-cache.org/Versions/v3/3.4
-#Source0: http://www.squid-cache.org/Versions/v3/3.3/%{name}-%{version}%{snap}.tar.bz2
Source0: http://www.squid-cache.org/Versions/v3/3.4/%{name}-%{version}.tar.bz2
-Source1: %{name}-%{version}.tar.bz2.asc
-Source2: RELEASENOTES.html
-Source3: squid.init
+Source1: http://www.squid-cache.org/Versions/v3/3.4/%{name}-%{version}.tar.bz2.asc
Source4: squid.sysconfig
Source5: pam.squid
Source6: unsquid.pl
Source7: %{name}.logrotate
-Source9: %{name}.permissions
Source10: README.kerberos
Source11: %{name}.service
Source13: %{name}.keyring
-#
-# the following patches are downloaded directly from the webserver
-# don't change the names for easier identification
-#
-# please read every file if there is interest about what the patch changes
-# or just visit: http://www.squid-cache.org/Versions/v3/3.2/changesets/
-#
-#
-# Upstream patch
-# Patch0:
-
# do not show some rpmlint warnings
-Source99: rpmlintrc
+Source99: squid-rpmlintrc
# some useful defaults for squid
Patch100: %{name}-config.patch
# make build compare happy - remove build dates
@@ -62,79 +45,49 @@ Patch101: %{name}-nobuilddates.patch
Patch102: %{name}-compiled_without_RPM_OPT_FLAGS.patch
# patch fixes kerberos principalname handling (http://bugs.squid-cache.org/show_bug.cgi?id=4042)
Patch103: squid-brokenad.patch
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
-PreReq: %fillup_prereq
-PreReq: %insserv_prereq
-PreReq: /usr/bin/getent
-PreReq: permissions
-PreReq: pwdutils
-BuildRequires: db-devel
-# needed by bootstrap.sh
BuildRequires: cyrus-sasl-devel
+BuildRequires: db-devel
BuildRequires: ed
BuildRequires: expat
BuildRequires: fdupes
BuildRequires: gcc-c++
-BuildRequires: gpg-offline
BuildRequires: krb5-devel
BuildRequires: libcap-devel
BuildRequires: libexpat-devel
-BuildRequires: libtool
+BuildRequires: libtool >= 2.4
BuildRequires: openldap2-devel
BuildRequires: opensp-devel
BuildRequires: openssl-devel
BuildRequires: pam-devel
BuildRequires: pkgconfig
BuildRequires: sharutils
-%if 0%{?suse_version} < 1220
-BuildRequires: libxml2-devel
-%else
-BuildRequires: pkgconfig(libxml-2.0)
-%endif
-
-%if 0%{?suse_version} >= 1210
BuildRequires: systemd
-%{?systemd_requires}
-%define has_systemd 1
-%endif
-
+BuildRequires: pkgconfig(libxml-2.0)
Requires: logrotate
Requires: sed
-Provides: http_proxy
-
-# due to package rename
-# Wed Aug 15 17:40:30 UTC 2012
+Requires(post): %fillup_prereq
+Requires(pre): %insserv_prereq
+Requires(pre): %{_bindir}/getent
+Requires(pre): permissions
+Requires(pre): pwdutils
Provides: %{name}3 = %{version}
+Provides: http_proxy
Obsoletes: %{name}3 < %{version}
+BuildRoot: %{_tmppath}/%{name}-%{version}-build
+%{?systemd_requires}
%description
-Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator.
-
-Squid 3.4 represents a new feature release above 3.3.
-
-The most important of these new features are:
-
- * Helper protocol extensions
- * SSL Server Certificate Validator
- * Store-ID
- * TPROXY Support for OpenBSD 5.1+ and FreeBSD 9+
- * Transaction Annotations
- * Multicast DNS
-
-Most user-facing changes are reflected in squid.conf (see below).
-
- First STABLE release Date: 08 Dec 2013
+Squid is a fully-featured HTTP/1.0 proxy which is almost a fully-featured
+HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging
+environment to develop web proxy and content serving applications.
+Squid offers a rich set of traffic optimization options, most of which are
+enabled by default for simpler installation and high performance.
%prep
-#setup -q -n %{name}-%{version}%{snap}
-%gpg_verify %{S:1}
-%setup -q -n %{name}-%{version}
-cp %{S:10} .
-# upstream patches after RELEASE
-#
-##### other patches
+%setup -q
+cp %{SOURCE10} .
%patch100
-perl -p -i -e 's|/usr/local/bin/perl|/usr/bin/perl|' `find -name "*.pl"`
+perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"`
chmod a-x CREDITS
%patch101
%patch102
@@ -147,15 +100,11 @@ export LDFLAGS='-Wl,-z,relro,-z,now -pie'
%configure \
--disable-strict-error-checking \
--sysconfdir=%{squidconfdir} \
- --libexecdir=/usr/sbin \
- --datadir=/usr/share/squid \
- --sharedstatedir=/var/squid \
- --with-logdir=/var/log/squid \
-%if 0%{?has_systemd}
+ --libexecdir=%{_sbindir} \
+ --datadir=%{_datadir}/squid \
+ --sharedstatedir=%{_localstatedir}/squid \
+ --with-logdir=%{_localstatedir}/log/squid \
--with-pidfile=/run/squid.pid \
-%else
- --with-pidfile=/var/run/squid.pid \
-%endif
--with-dl \
--enable-disk-io \
--enable-storeio \
@@ -186,7 +135,8 @@ export LDFLAGS='-Wl,-z,relro,-z,now -pie'
--enable-x-accelerator-vary \
--with-default-user=%{name} \
--disable-ident-lookups \
- --enable-follow-x-forwarded-for
+ --enable-follow-x-forwarded-for \
+ --disable-arch-native
# overwrite the number of open filedescriptors of configure to 4096
# to be backward compatible, but numbers above should not be overwritten
@@ -199,21 +149,21 @@ fi
make SAMBAPREFIX=/usr %{?_smp_mflags}
%install
-/usr/sbin/useradd -r -o -g nogroup -u 31 -s /bin/false -c "WWW-proxy squid" \
- -d /var/cache/%{name} %{name} 2> /dev/null || :
-install -d %{buildroot}%{_localstatedir}/{cache,log}/%{name}
-chmod 750 %{buildroot}%{_localstatedir}/{cache,log}/%{name}
+%{_sbindir}/groupadd -g 31 -r %{name} 2>/dev/null || :
+%{_sbindir}/useradd -c "WWW-proxy squid" -d %{_localstatedir}/cache/%{name} \
+ -g %{name} -o -u 31 -r -s /bin/false 2> /dev/null || :
+
+install -d -m 750 %{buildroot}%{_localstatedir}/{cache,log}/%{name}
install -d %{buildroot}%{_prefix}/sbin
+
+# make_install
make install DESTDIR=%{buildroot} SAMBAPREFIX=/usr
-mv %{buildroot}{/etc/%{name}/,/usr/share/%{name}/}mime.conf.default
-ln -s /etc/%{name}/mime.conf %{buildroot}%{_datadir}/%{name} # backward compatible
-install -d -m 755 %{buildroot}%{_sysconfdir}/permissions.d
-install -m 644 %{SOURCE9} %{buildroot}%{_sysconfdir}/permissions.d/%{name}
-install -d -m 755 %{buildroot}%{_sysconfdir}/logrotate.d
-install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
-install -D %{SOURCE3} %{buildroot}%{_sysconfdir}/init.d/%{name}
-ln -sf %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rcsquid
-install -D -m644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
+
+mv %{buildroot}{%{_sysconfdir}/%{name}/,%{_datadir}/%{name}/}mime.conf.default
+ln -s %{_sysconfdir}/%{name}/mime.conf %{buildroot}%{_datadir}/%{name} # backward compatible
+
+# install logrotate file
+install -D -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
install -d -m 755 doc/scripts
install scripts/*.pl doc/scripts
@@ -235,75 +185,65 @@ for i in errors/*; do
install -m 644 $i/* %{buildroot}%{_datadir}/%{name}/$i
fi
done
-ln -sf /usr/share/%{name}/errors/de %{buildroot}%{squidconfdir}/errors
+ln -sf %{_datadir}/%{name}/errors/de %{buildroot}%{squidconfdir}/errors
+
+# systemd service
+install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service
+ln -sf service %{buildroot}%{_sbindir}/rc%{name}
+install -D -m644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
# fix file duplicates
-%if 0%{?suse_version} > 1030
%fdupes -s %{buildroot}%{_prefix}
-%endif
-%if 0%{?fedora_version} > 8
-fdupes -q -n -r %{buildroot}%{_prefix}
-%endif
-
-%if 0%{?has_systemd}
-install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service
-%endif
%pre
+# we need this group for /usr/sbin/pinger
+if [ -z "`%{_bindir}/getent group %{name} 2>/dev/null`" ]; then
+ %{_sbindir}/groupadd -g 31 -r %{name} 2>/dev/null
+fi
# we need this group for squid (ntlmauth)
# read access to /var/lib/samba/winbindd_privileged
if [ -z "`%{_bindir}/getent group winbind 2>/dev/null`" ]; then
%{_sbindir}/groupadd -r winbind 2>/dev/null
fi
if [ -z "`%{_bindir}/getent passwd squid 2>/dev/null`" ]; then
- %{_sbindir}/useradd -c "WWW-proxy squid" -d /var/cache/%{name} \
- -G winbind -g nogroup -o -u 31 -r -s /bin/false \
+ %{_sbindir}/useradd -c "WWW-proxy squid" -d %{_localstatedir}/cache/%{name} \
+ -G winbind -g %{name} -o -u 31 -r -s /bin/false \
%{name} 2>/dev/null
fi
# if squid is not member of winbind, add him
if [ `%{_bindir}/id -nG %{name} 2>/dev/null | grep -q winbind >/dev/null; echo $?` -ne 0 ]; then
- %{_sbindir}/groupmod -A %{name} winbind 2>/dev/null
+ %{_sbindir}/usermod -G winbind %{name} 2>/dev/null
fi
-
-%if 0%{?has_systemd}
%service_add_pre %{name}.service
-%endif
%post
-%if 0%{?suse_version} >= 1140
-%set_permissions %{_localstatedir}/cache/%{name}
-%set_permissions %{_localstatedir}/log/%{name}
-%endif
+%set_permissions %{_sbindir}/pinger
+%set_permissions %{_sbindir}/basic_pam_auth
+%set_permissions %{_localstatedir}/cache/squid/
+%set_permissions %{_localstatedir}/log/squid/
# update mode?
if [ "$1" -gt "1" ]; then
if [ -e etc/%{name}.conf -a ! -L etc/%{name}.conf -a ! -e etc/%{name}/%{name}.conf ]; then
- echo "moving /etc/%{name}.conf to /etc/%{name}/%{name}.conf"
+ echo "moving %{_sysconfdir}/%{name}.conf to %{_sysconfdir}/%{name}/%{name}.conf"
mv etc/%{name}.conf etc/%{name}/%{name}.conf
fi
+ # default group changed from nogroup to squid
+ %{_sbindir}/usermod -g %{name} %{name}
fi
-%{fillup_and_insserv -n "squid"}
-
-%if 0%{?has_systemd}
+%fillup_only
%service_add_post squid.service
-%endif
%preun
-%stop_on_removal squid
-
-%if 0%{?has_systemd}
%service_del_preun squid.service
-%endif
+
+%verifyscript
+%verify_permissions -e %{_sbindir}/basic_pam_auth
+%verify_permissions -e %{_sbindir}/pinger
+%verify_permissions -e %{_localstatedir}/cache/squid/
+%verify_permissions -e %{_localstatedir}/log/squid/
%postun
-
-%if 0%{?has_systemd}
%service_del_postun squid.service
-%endif
-
-%restart_on_update squid
-%insserv_cleanup
-%verifyscript
-%verify_permissions -e /usr/sbin/pam_auth
%files
%defattr(-,root,root)
@@ -313,11 +253,9 @@ fi
%doc doc/contrib doc/scripts
%doc doc/debug-sections.txt src/%{name}.conf.default
%doc %{_mandir}/man?/*
-%if 0%{?has_systemd}
%{_unitdir}/%{name}.service
-%endif
-%attr(750,%{name},root) %dir %{_localstatedir}/cache/%{name}/
-%attr(750,%{name},root) %dir %{_localstatedir}/log/%{name}/
+%verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/cache/%{name}/
+%verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/log/%{name}/
%dir %{squidconfdir}
%config(noreplace) %{squidconfdir}/cachemgr.conf
%config(noreplace) %{squidconfdir}/errorpage.css
@@ -332,8 +270,6 @@ fi
%config %{squidconfdir}/%{name}.conf.default
%config %{squidconfdir}/%{name}.conf.documented
%config %{_sysconfdir}/pam.d/%{name}
-%config %{_sysconfdir}/init.d/%{name}
-%config %{_sysconfdir}/permissions.d/%{name}
%dir %{_datadir}/%{name}
%{_datadir}/%{name}/errors
%{_datadir}/%{name}/icons
@@ -350,8 +286,7 @@ fi
%{_sbindir}/basic_msnt_multi_domain_auth
%{_sbindir}/basic_ncsa_auth
%{_sbindir}/basic_nis_auth
-#verify(not mode) %attr(4755,root,shadow) %{_sbindir}/basic_pam_auth
-%{_sbindir}/basic_pam_auth
+%verify(not mode) %attr(2750,root,shadow) %{_sbindir}/basic_pam_auth
%{_sbindir}/basic_pop3_auth
%{_sbindir}/basic_radius_auth
%{_sbindir}/basic_sasl_auth
@@ -359,7 +294,6 @@ fi
%{_sbindir}/basic_smb_auth.sh
%{_sbindir}/cert_tool
%{_sbindir}/cert_valid.pl
-#{_sbindir}/digest_edirectory_auth
%{_sbindir}/digest_file_auth
%{_sbindir}/digest_ldap_auth
%{_sbindir}/diskd
@@ -378,14 +312,14 @@ fi
%{_sbindir}/negotiate_wrapper_auth
%{_sbindir}/ntlm_fake_auth
%{_sbindir}/ntlm_smb_lm_auth
-%{_sbindir}/pinger
-%{_sbindir}/rc%{name}
+%verify(not user group mode caps) %attr(750,root,squid) %{_sbindir}/pinger
%{_sbindir}/%{name}
%{_sbindir}/ssl_crtd
%{_sbindir}/storeid_file_rewrite
%{_sbindir}/unlinkd
%{_sbindir}/url_fake_rewrite
%{_sbindir}/url_fake_rewrite.sh
+%{_sbindir}/rc%{name}
%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
%dir %{_libdir}/%{name}
%{_libdir}/%{name}/cachemgr.cgi