diff --git a/squid-3.5.25.tar.xz b/squid-3.5.25.tar.xz deleted file mode 100644 index 3b3c5a1..0000000 --- a/squid-3.5.25.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:28959254c32b8cd87e9599b6beb97352cf0638524e0f5ac3e1754f08462f3585 -size 2327316 diff --git a/squid-3.5.25.tar.xz.asc b/squid-3.5.25.tar.xz.asc deleted file mode 100644 index 01969f9..0000000 --- a/squid-3.5.25.tar.xz.asc +++ /dev/null @@ -1,20 +0,0 @@ -File: squid-3.5.25.tar.xz -Date: Sun Apr 2 20:29:16 UTC 2017 -Size: 2327316 -MD5 : 6b7dd7b42b1adacf08f3155640ea2782 -SHA1: 63ea00cb918e3106fd91b286ec907f1681e0f0e8 -Key : 0xFF5CF463 - EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463 - keyring = http://www.squid-cache.org/pgp.asc - keyserver = subkeys.pgp.net ------BEGIN PGP SIGNATURE----- - -iQEzBAABCAAdFiEE6jHMXpSI5RaNLcxesmjnBv9c9GMFAljhX8EACgkQsmjnBv9c -9GMjFgf9ED5brd68IQQ1YNx5ecX5ni5A8rggShgE2h2EtBnBicj4c8CRwX82VXwm -0yIGHe/reWzppkDGcBaflgyAWGdmUkQR5EixlkBAmwtLAAlJauxeUBxSunxbzn96 -ysFNmV0GEmzL7ZWJHjFQj4Bd2HnnDRFUbpdK37/lUVJVt2NZ7xtZm+Tcf7cm59Pn -OwKsjrGXui+/DoK3lktvn/U4JYsITjVRIc/OcuBW2CM2GlPYSfmTfswIAOVWfb6+ -btP4pyHSaDaxzw616CSm6HXebL0SHt2CUGrcuCENkSGWj8KiTYBzXpXYDdcblmVp -1VFdZQcBMPkD3LVVoKA/HahRSjQgxw== -=yE6f ------END PGP SIGNATURE----- diff --git a/squid-3.5.26.tar.xz b/squid-3.5.26.tar.xz new file mode 100644 index 0000000..6baa523 --- /dev/null +++ b/squid-3.5.26.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:baa1eecb7d6e18881f4455060d80ee7cb95ae7e2695fdccf7e21ccc8f879a982 +size 2328352 diff --git a/squid-3.5.26.tar.xz.asc b/squid-3.5.26.tar.xz.asc new file mode 100644 index 0000000..947be54 --- /dev/null +++ b/squid-3.5.26.tar.xz.asc @@ -0,0 +1,20 @@ +File: squid-3.5.26.tar.xz +Date: Fri Jun 2 00:43:54 UTC 2017 +Size: 2328352 +MD5 : 510e2c84773879c00d0e7ced997864d9 +SHA1: 51a664217957b35de8b7fae180b9f93a759a4204 +Key : 0xFF5CF463 + EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463 + keyring = http://www.squid-cache.org/pgp.asc + keyserver = subkeys.pgp.net +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEE6jHMXpSI5RaNLcxesmjnBv9c9GMFAlkwtTYACgkQsmjnBv9c +9GPpRAf7B+2gZgh1GGwjDheRvX43odQhVg9KkXB+raufqDBSRs7cyj5E/cC9XBPC +bmhyF2sk03p0a8wgmSbIH7gBFZ01TbQ5np2dUGh0b9sZPI8DJcSDPS8g9I2IT99v +axAttf8IbSzeNTgOk4l/veNMA1RU5fgyY19FnD+G22rVhcmWZFMfD/GBTyw3oc1i +7Hs/ulyCmdOHmzzTinMBEaU787mxwng2K7j2SV0O4W6wnuakAMWLdSCGsrUNBwik +teu5nd/AuAo1Y1KhM8adjHcANwa12s02yPUgkxyIDkVKBgYmbJAGvfSwFpOqRK4q +2uvHSqEAJr47u+n+Y2QampwAXCOEDQ== +=XyzG +-----END PGP SIGNATURE----- diff --git a/squid-brokenad.patch b/squid-brokenad.patch deleted file mode 100644 index 29d4a16..0000000 --- a/squid-brokenad.patch +++ /dev/null @@ -1,106 +0,0 @@ -Index: helpers/external_acl/kerberos_ldap_group/support_krb5.cc -=================================================================== ---- helpers/external_acl/kerberos_ldap_group/support_krb5.cc.orig -+++ helpers/external_acl/kerberos_ldap_group/support_krb5.cc -@@ -81,7 +81,7 @@ k5_error(const char* msg, krb5_error_cod - * create Kerberos memory cache - */ - int --krb5_create_cache(char *domain) -+krb5_create_cache(struct main_args *margs, char *domain) - { - - krb5_keytab keytab = 0; -@@ -178,8 +178,17 @@ krb5_create_cache(char *domain) - if (code) { - k5_error("Error while unparsing principal name",code); - } else { -- debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name); -- found = 1; -+ if (margs->brokenad == 1) { -+ if (strncmp(principal_name,"HTTP/",strlen("HTTP/")) != 0){ -+ debug((char *) "%s| %s: DEBUG: Found principal without 'HTTP/' service name: %s NOT USING IT\n", LogTime(), PROGRAM, principal_name); -+ } else { -+ debug((char *) "%s| %s: DEBUG: Found principal with 'HTTP/' service name: %s\n", LogTime(), PROGRAM, principal_name); -+ found = 1; -+ } -+ } else { -+ debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name); -+ found = 1; -+ } - } - } - #if USE_HEIMDAL_KRB5 || ( HAVE_KRB5_KT_FREE_ENTRY && HAVE_DECL_KRB5_KT_FREE_ENTRY ) -Index: helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc -=================================================================== ---- helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc.orig -+++ helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc -@@ -61,6 +61,7 @@ init_args(struct main_args *margs) - margs->rc_allow = 0; - margs->AD = 0; - margs->mdepth = 5; -+ margs->brokenad = 0; - margs->ddomain = NULL; - margs->groups = NULL; - margs->ndoms = NULL; -@@ -179,7 +180,7 @@ main(int argc, char *const argv[]) - - init_args(&margs); - -- while (-1 != (opt = getopt(argc, argv, "diasg:D:N:S:u:U:t:T:p:l:b:m:h"))) { -+ while (-1 != (opt = getopt(argc, argv, "diasxg:D:N:S:u:U:t:T:p:l:b:m:h"))) { - switch (opt) { - case 'd': - debug_enabled = 1; -@@ -231,6 +232,9 @@ main(int argc, char *const argv[]) - case 'S': - margs.llist = xstrdup(optarg); - break; -+ case 'x': -+ margs.brokenad = 1; -+ break; - case 'h': - fprintf(stderr, "Usage: \n"); - fprintf(stderr, "squid_kerb_ldap [-d] [-i] -g group list [-D domain] [-N netbios domain map] [-s] [-u ldap user] [-p ldap user password] [-l ldap url] [-b ldap bind path] [-a] [-m max depth] [-h]\n"); -@@ -247,6 +251,7 @@ main(int argc, char *const argv[]) - fprintf(stderr, "-l ldap url\n"); - fprintf(stderr, "-b ldap bind path\n"); - fprintf(stderr, "-s use SSL encryption with Kerberos authentication\n"); -+ fprintf(stderr, "-x force use of HTTP/ principal on MS AD 2008\n"); - fprintf(stderr, "-a allow SSL without cert verification\n"); - fprintf(stderr, "-m maximal depth for recursive searches\n"); - fprintf(stderr, "-h help\n"); -Index: helpers/external_acl/kerberos_ldap_group/support.h -=================================================================== ---- helpers/external_acl/kerberos_ldap_group/support.h.orig -+++ helpers/external_acl/kerberos_ldap_group/support.h -@@ -105,6 +105,7 @@ struct main_args { - int rc_allow; - int AD; - int mdepth; -+ int brokenad; - char *ddomain; - struct gdstruct *groups; - struct ndstruct *ndoms; -@@ -164,7 +165,7 @@ int create_nd(struct main_args *margs); - int create_ls(struct main_args *margs); - - #ifdef HAVE_KRB5 --int krb5_create_cache(char *domain); -+int krb5_create_cache(struct main_args *margs, char *domain); - void krb5_cleanup(void); - #endif - -Index: helpers/external_acl/kerberos_ldap_group/support_ldap.cc -=================================================================== ---- helpers/external_acl/kerberos_ldap_group/support_ldap.cc.orig -+++ helpers/external_acl/kerberos_ldap_group/support_ldap.cc -@@ -898,7 +898,7 @@ get_memberof(struct main_args *margs, ch - debug((char *) "%s| %s: DEBUG: Setup Kerberos credential cache\n", LogTime(), PROGRAM); - - #if HAVE_KRB5 -- kc = krb5_create_cache(domain); -+ kc = krb5_create_cache(margs,domain); - if (kc) { - error((char *) "%s| %s: ERROR: Error during setup of Kerberos credential cache\n", LogTime(), PROGRAM); - } diff --git a/squid-config.patch b/squid-config.patch deleted file mode 100644 index 98b48c8..0000000 --- a/squid-config.patch +++ /dev/null @@ -1,42 +0,0 @@ -Index: src/cf.data.pre -=================================================================== ---- src/cf.data.pre.orig -+++ src/cf.data.pre -@@ -1464,6 +1464,8 @@ http_access deny manager - # Adapt localnet in the ACL section to list your (internal) IP networks - # from where browsing should be allowed - http_access allow localnet -+ -+# Allow localhost always proxy functionality - http_access allow localhost - - # And finally deny all other access to this proxy -@@ -3769,6 +3771,10 @@ DOC_START - Instead, if you want Squid to use the entire disk drive, - subtract 20% and use that value. - -+ Note on 'Mbytes': You need to consider the available RAM on the -+ machine versus the approx. 10MB RAM per 1GB of files which the -+ cache_dir index will consume. -+ - 'L1' is the number of first-level subdirectories which - will be created under the 'Directory'. The default is 16. - -@@ -3887,7 +3893,7 @@ DOC_START - NOCOMMENT_START - - # Uncomment and adjust the following to add a disk cache directory. --#cache_dir ufs @DEFAULT_SWAP_DIR@ 100 16 256 -+#cache_dir aufs @DEFAULT_SWAP_DIR@ 100 16 256 - NOCOMMENT_END - DOC_END - -@@ -4584,7 +4590,7 @@ DOC_END - - NAME: logfile_rotate - TYPE: int --DEFAULT: 10 -+DEFAULT: 0 - LOC: Config.Log.rotateNumber - DOC_START - Specifies the number of logfile rotations to make when you diff --git a/squid-old-kerberos.patch b/squid-old-kerberos.patch deleted file mode 100644 index 1a58074..0000000 --- a/squid-old-kerberos.patch +++ /dev/null @@ -1,16 +0,0 @@ -Index: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc -=================================================================== ---- helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc.orig -+++ helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc -@@ -535,7 +535,11 @@ main(int argc, char *const argv[]) - keytab_name_env = getenv("KRB5_KTNAME"); - if (!keytab_name_env) { - ret = krb5_init_context(&context); -+#if HAVE_PAC_SUPPORT || HAVE_KRB5_MEMORY_KEYTAB - if (!check_k5_err(context, "krb5_init_context", ret)) { -+#else -+ if (0 == ret) { // no error continue... -+#endif - krb5_kt_default_name(context, default_keytab, MAXPATHLEN); - } - keytab_name = xstrdup(default_keytab); diff --git a/squid-rpmlintrc b/squid-rpmlintrc deleted file mode 100644 index aa69100..0000000 --- a/squid-rpmlintrc +++ /dev/null @@ -1,6 +0,0 @@ -addFilter("no-manual-page-for-binary") -addFilter("zero-length") -addFilter("incorrect-fsf-address") -# Temporary solution untill it is moved into factory -#setBadness('permissions-unauthorized-file', 333) -#setBadness("permissions-file-setuid-bit", 333) diff --git a/squid.changes b/squid.changes index 5b7f89e..1ee0c60 100644 --- a/squid.changes +++ b/squid.changes @@ -1,3 +1,29 @@ +------------------------------------------------------------------- +Mon Jun 19 08:20:52 UTC 2017 - mpluskal@suse.com + +- Packaging cleanup +- Dropped: + * squid-brokenad.patch + * squid-config.patch + * squid.init squid.init.rh + * squid-old-kerberos.patch + * squid-rpmlintrc +- Update description and url + +------------------------------------------------------------------- +Wed Jun 14 08:54:53 UTC 2017 - adam.majer@suse.de + +- Update Squid to 3.5.26 + * SubjectAlternativeNames missing in some generated certificates + Previous releases of Squid were not able to generate valid + mimic certificates from AltName server certificate field only. + * Fix ignoring http_access deny with client-first bumping mode + * ssl_crtd: now returns non-zero on failure + * Fix FTP directory listings display issues + * OpenSSL support better compliance with license requirements + This release of Squid will now include the required OpenSSL + advertisement on builds -v output where features are displayed. + ------------------------------------------------------------------- Mon Apr 10 09:50:21 UTC 2017 - adam.majer@suse.de diff --git a/squid.init b/squid.init deleted file mode 100644 index cb400db..0000000 --- a/squid.init +++ /dev/null @@ -1,201 +0,0 @@ -#!/bin/sh -# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH -# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH -# Copyright (c) 2002 SuSE Linux AG -# -# Author: Frank Bodammer, Peter Poeml, Klaus Singvogel -# -# /etc/init.d/squid -# and its symbolic link -# /(usr/)sbin/rcsquid -# -### BEGIN INIT INFO -# Provides: squid -# Required-Start: $local_fs $remote_fs $network $time -# Should-Start: apache $named winbind -# Required-Stop: $local_fs $remote_fs $network $time -# Should-Stop: apache $named winbind -# Default-Start: 3 5 -# Default-Stop: 0 1 2 6 -# Short-Description: Squid web cache -# Description: Start the Squid web cache, providing -# HTTP, FTP and other proxy services -### END INIT INFO -# -# Note on runlevels: -# 0 - halt/poweroff 6 - reboot -# 1 - single user 2 - multiuser without network exported -# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm) - - -# Check for missing binaries (stale symlinks should not happen) -# Note: Special treatment of stop for LSB conformance -SQUID_BIN=/usr/sbin/squid -test -x $SQUID_BIN || { echo "$SQUID_BIN not installed"; - if [ "$1" = "stop" ]; then exit 0; - else exit 5; fi; } - -# Check for existence of needed config file and read it -SQUID_SYSCONFIG=/etc/sysconfig/squid -test -r $SQUID_SYSCONFIG || { echo "$SQUID_SYSCONFIG not existing"; - if [ "$1" = "stop" ]; then exit 0; - else exit 6; fi; } - -# Read config -. $SQUID_SYSCONFIG - -SQUID_PID=/var/run/squid.pid -SQUID_CONF=/etc/squid/squid.conf -SQUID_S_T=${SQUID_SHUTDOWN_TIMEOUT:="60"} -SQUID_OPTS=${SQUID_START_OPTIONS:="-sY"} -SQUID_ULIMIT=${SQUID_DEFAULT_ULIMT:="4096"} - -# determine which one is the cache_swap directory -SQUID_CACHE_DIR=$(perl -n -e \ - '/^cache_dir\s+\S+\s+(.*)\s+\d+\s+\d+\s+\d+/ && print "$1"' $SQUID_CONF) - -ulimit -n "$SQUID_ULIMIT" - -#IN: $SQUID_CACHE_DIR -setup_squid_cache_dir(){ - for adir in "$1" ; do - if [ ! -d $adir/00 ]; then # create missing cache directories - umask 027 # prevent users reading any cache data - echo -n " ($adir)" - $SQUID_BIN -z -F > /dev/null 2>&1 - fi - if [ ! -d $adir/00 ]; then - echo " - failed while creating cache_dir ! " - rc_failed - rc_status -v - rc_exit - fi - done - sleep 2 -} - -# Shell functions sourced from /etc/rc.status: -# rc_check check and set local and overall rc status -# rc_status check and set local and overall rc status -# rc_status -v be verbose in local rc status and clear it afterwards -# rc_status -v -r ditto and clear both the local and overall rc status -# rc_status -s display "skipped" and exit with status 3 -# rc_status -u display "unused" and exit with status 3 -# rc_failed set local and overall rc status to failed -# rc_failed set local and overall rc status to -# rc_reset clear both the local and overall rc status -# rc_exit exit appropriate to overall rc status -# rc_active checks whether a service is activated by symlinks -. /etc/rc.status - -# Reset status of this service -rc_reset - - -case "$1" in - start) - echo -n "Starting WWW-proxy squid " - if /sbin/checkproc $SQUID_BIN ; then - echo -n "- Warning: squid already running ! " - rc_failed - else - [ -e $SQUID_PID ] && echo -n "- Warning: $SQUID_PID exists ! " - if [ -n "$SQUID_CACHE_DIR" -a -d "$SQUID_CACHE_DIR" ]; then - setup_squid_cache_dir "$SQUID_CACHE_DIR" - fi - fi - startproc -l /var/log/squid/rcsquid.log $SQUID_BIN "$SQUID_OPTS" - - # Remember status and be verbose - rc_status -v - ;; - stop) - echo -n "Shutting down WWW-proxy squid " - if /sbin/checkproc $SQUID_BIN ; then - $SQUID_BIN -k shutdown - sleep 2 - if [ -e $SQUID_PID ] ; then - echo -n "- wait a minute or two... " - i="$SQUID_S_T" - while [ -e $SQUID_PID ] && [ $i -gt 0 ] ; do - sleep 2 - i=$[$i-1] - echo -n "." - [ $i -eq 41 ] && echo - done - fi - if /sbin/checkproc $SQUID_BIN ; then - killproc -TERM $SQUID_BIN - echo -n " Warning: squid killed !" - fi - else - echo -n "- Warning: squid not running ! " - rc_failed 7 - fi - - # Remember status and be verbose - rc_status -v - ;; - try-restart) - $0 status >/dev/null && $0 restart - - # Remember status and be quiet - rc_status - ;; - restart) - $0 stop - $0 start - - # Remember status and be quiet - rc_status - ;; - force-reload) - $0 reload - - # Remember status and be quiet - rc_status - ;; - reload) - echo -n "Reloading WWW-proxy squid " - if /sbin/checkproc $SQUID_BIN ; then - $SQUID_BIN -k rotate - sleep 2 - $SQUID_BIN -k reconfigure - rc_status - else - echo -n "- Warning: squid not running ! " - rc_failed 7 - fi - - # Remember status and be verbose - rc_status -v - ;; - status) - echo -n "Checking for WWW-proxy squid " - ## Check status with checkproc(8), if process is running - ## checkproc will return with exit status 0. - - # Return value is slightly different for the status command: - # 0 - service up and running - # 1 - service dead, but /var/run/ pid file exists - # 2 - service dead, but /var/lock/ lock file exists - # 3 - service not running (unused) - # 4 - service status unknown :-( - # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) - - # NOTE: checkproc returns LSB compliant status values. - /sbin/checkproc $SQUID_BIN - - # Remember status and be verbose - rc_status -v - ;; - probe) - test $SQUID_CONF -nt $SQUID_PID && echo reload - ;; - *) - echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" - exit 1 - ;; -esac -rc_exit - diff --git a/squid.init.rh b/squid.init.rh deleted file mode 100644 index 15cb5b9..0000000 --- a/squid.init.rh +++ /dev/null @@ -1,187 +0,0 @@ -#!/bin/bash -# chkconfig: - 90 25 -# pidfile: /var/run/squid.pid -# config: /etc/squid/squid.conf -# -### BEGIN INIT INFO -# Provides: squid -# Short-Description: starting and stopping Squid Internet Object Cache -# Description: Squid - Internet Object Cache. Internet object caching is \ -# a way to store requested Internet objects (i.e., data available \ -# via the HTTP, FTP, and gopher protocols) on a system closer to the \ -# requesting site than to the source. Web browsers can then use the \ -# local Squid cache as a proxy HTTP server, reducing access time as \ -# well as bandwidth consumption. -### END INIT INFO - - -PATH=/usr/bin:/sbin:/bin:/usr/sbin -export PATH - -# Source function library. -. /etc/rc.d/init.d/functions - -# Source networking configuration. -. /etc/sysconfig/network - -if [ -f /etc/sysconfig/squid ]; then - . /etc/sysconfig/squid -fi - -# don't raise an error if the config file is incomplete -# set defaults instead: -SQUID_OPTS=${SQUID_OPTS:-""} -SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20} -SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100} -SQUID_CONF=${SQUID_CONF:-"/etc/squid/squid.conf"} -SQUID_PIDFILE_DIR="/var/run/squid" -SQUID_USER="squid" -SQUID_DIR="squid" - -# determine the name of the squid binary -[ -f /usr/sbin/squid ] && SQUID=squid - -prog="$SQUID" - -# determine which one is the cache_swap directory -CACHE_SWAP=`sed -e 's/#.*//g' $SQUID_CONF | \ - grep cache_dir | awk '{ print $3 }'` - -RETVAL=0 - -probe() { - # Check that networking is up. - [ ${NETWORKING} = "no" ] && exit 1 - - [ `id -u` -ne 0 ] && exit 4 - - # check if the squid conf file is present - [ -f $SQUID_CONF ] || exit 6 -} - -start() { - # Check if $SQUID_PIDFILE_DIR exists and if not, lets create it and give squid permissions. - if [ ! -d $SQUID_PIDFILE_DIR ] ; then mkdir $SQUID_PIDFILE_DIR ; chown -R $SQUID_USER.$SQUID_DIR $SQUID_PIDFILE_DIR; fi - probe - - parse=`$SQUID -k parse -f $SQUID_CONF 2>&1` - RETVAL=$? - if [ $RETVAL -ne 0 ]; then - echo -n $"Starting $prog: " - echo_failure - echo - echo "$parse" - return 1 - fi - for adir in $CACHE_SWAP; do - if [ ! -d $adir/00 ]; then - echo -n "init_cache_dir $adir... " - $SQUID -z -F -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1 - fi - done - echo -n $"Starting $prog: " - $SQUID $SQUID_OPTS -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1 - RETVAL=$? - if [ $RETVAL -eq 0 ]; then - timeout=0; - while : ; do - [ ! -f /var/run/squid.pid ] || break - if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then - RETVAL=1 - break - fi - sleep 1 && echo -n "." - timeout=$((timeout+1)) - done - fi - [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$SQUID - [ $RETVAL -eq 0 ] && echo_success - [ $RETVAL -ne 0 ] && echo_failure - echo - return $RETVAL -} - -stop() { - echo -n $"Stopping $prog: " - $SQUID -k check -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1 - RETVAL=$? - if [ $RETVAL -eq 0 ] ; then - $SQUID -k shutdown -f $SQUID_CONF & - rm -f /var/lock/subsys/$SQUID - timeout=0 - while : ; do - [ -f /var/run/squid.pid ] || break - if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then - echo - return 1 - fi - sleep 2 && echo -n "." - timeout=$((timeout+2)) - done - echo_success - echo - else - echo_failure - if [ ! -e /var/lock/subsys/$SQUID ]; then - RETVAL=0 - fi - echo - fi - rm -rf $SQUID_PIDFILE_DIR/* - return $RETVAL -} - -reload() { - $SQUID $SQUID_OPTS -k reconfigure -f $SQUID_CONF -} - -restart() { - stop - rm -rf $SQUID_PIDFILE_DIR/* - start -} - -condrestart() { - [ -e /var/lock/subsys/squid ] && restart || : -} - -rhstatus() { - status $SQUID && $SQUID -k check -f $SQUID_CONF -} - - -case "$1" in -start) - start - ;; - -stop) - stop - ;; - -reload|force-reload) - reload - ;; - -restart) - restart - ;; - -condrestart|try-restart) - condrestart - ;; - -status) - rhstatus - ;; - -probe) - probe - ;; - -*) - echo $"Usage: $0 {start|stop|status|reload|force-reload|restart|try-restart|probe}" - exit 2 -esac - -exit $? diff --git a/squid.spec b/squid.spec index 0203256..e5a100e 100644 --- a/squid.spec +++ b/squid.spec @@ -18,17 +18,15 @@ %define squidlibdir %{_libdir}/squid %define squidconfdir %{_sysconfdir}/squid - Name: squid -Version: 3.5.25 +Version: 3.5.26 Release: 0 Summary: A fully featured HTTP/1.0 proxy License: GPL-2.0+ Group: Productivity/Networking/Web/Proxy -Url: http://www.squid-cache.org/Versions/v3/3.5 +Url: http://www.squid-cache.org Source0: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz Source1: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz.asc -Source3: squid.init Source4: squid.sysconfig Source5: pam.squid Source6: unsquid.pl @@ -37,115 +35,58 @@ Source9: %{name}.permissions Source10: README.kerberos Source11: %{name}.service Source13: %{name}.keyring -Source14: squid.init.rh Source15: cache_dir.sed Source16: initialize_cache_if_needed.sh - -# do not show some rpmlint warnings -Source99: squid-rpmlintrc -# some useful defaults for squid -Patch100: %{name}-config.patch -# patch fixes kerberos principalname handling (http://bugs.squid-cache.org/show_bug.cgi?id=4042) -Patch103: squid-brokenad.patch -#patch fix SLE 11 target... BAD PATCH -Patch104: squid-old-kerberos.patch - -BuildRoot: %{_tmppath}/%{name}-%{version}-build -# BuildRequires: autoconf -# BuildRequires: automake -# If you want to run unit tests, these also need mounted /dev/shm and /proc -# BuildRequires: cppunit-devel +BuildRequires: cppunit-devel BuildRequires: db-devel -# needed by bootstrap.sh -BuildRequires: cyrus-sasl-devel BuildRequires: ed BuildRequires: expat -# BuildRequires: fdupes BuildRequires: gcc-c++ -BuildRequires: krb5-devel BuildRequires: libcap-devel -BuildRequires: libexpat-devel -%if 0%{?suse_version} <= 1140 BuildRequires: libtool -%else -BuildRequires: libtool >= 2.4 -%endif -%if 0%{?suse_version} < 1220 -BuildRequires: libxml2-devel -BuildRequires: xz -%else -BuildRequires: pkgconfig(libxml-2.0) -%endif BuildRequires: openldap2-devel BuildRequires: opensp-devel BuildRequires: openssl-devel BuildRequires: pam-devel BuildRequires: pkgconfig +BuildRequires: samba-winbind BuildRequires: sharutils - -%if 0%{?suse_version} -Requires(post): %fillup_prereq -Requires(pre): %{_bindir}/getent -%if 0%{?suse_version} < 1140 -Requires(pre): permissions -%else -Requires(pre): permissions >= 2014.11 -%endif -Requires(pre): pwdutils -%else -Requires(pre): shadow-utils -Requires(post): /sbin/chkconfig -Requires(preun): /sbin/service /sbin/chkconfig -Requires(postun): /sbin/service -%endif - -%if 0%{?suse_version} > 1210 -BuildRequires: systemd -%{?systemd_requires} -%define has_systemd 1 -%else -Requires(pre): %insserv_prereq -%endif - +BuildRequires: systemd-rpm-macros +BuildRequires: pkgconfig(expat) +BuildRequires: pkgconfig(gssrpc) +BuildRequires: pkgconfig(kdb) +BuildRequires: pkgconfig(krb5) +BuildRequires: pkgconfig(libsasl2) +BuildRequires: pkgconfig(libxml-2.0) Requires: logrotate +Requires(post): %fillup_prereq +Requires(pre): permissions +Requires(pre): shadow Provides: http_proxy - # due to package rename # Wed Aug 15 17:40:30 UTC 2012 Provides: %{name}3 = %{version} Obsoletes: %{name}3 < %{version} +%{?systemd_requires} %description -Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite - we're getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. Squid offers a rich set of traffic optimization options, most of which are enabled by default for simpler installation and high performance. - -Squid 3.5 represents a new feature release above 3.4. - -The most important of these new features are: - - * Support libecap v1.0 - * Authentication helper query extensions - * Support named services - * Upgraded squidclient tool - * Helper support for concurrency channels - * Native FTP Relay - * Receive PROXY protocol, Versions 1 & 2 - * Basic authentication MSNT helper changes +Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite - +we're getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich +access control, authorization and logging environment to develop web proxy +and content serving applications. Squid offers a rich set of traffic +optimization options, most of which are enabled by default for simpler +installation and high performance. %prep %setup -q cp %{SOURCE10} . # upstream patches after RELEASE -##### other patches -%patch100 perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"` chmod a-x CREDITS -%patch103 -%patch104 %build -# autoreconf -fi export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF" export CXXFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF" export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro,-z,now -pie" @@ -156,15 +97,8 @@ export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro,-z,now -pie" --datadir=%{_datadir}/squid \ --sharedstatedir=%{_localstatedir}/squid \ --with-logdir=%{_localstatedir}/log/squid \ -%if 0%{?has_systemd} --with-pidfile=/run/squid.pid \ -%else - --with-pidfile=%{_localstatedir}/run/squid.pid \ -%endif --with-dl \ -%if 0%{?suse_version} <= 1140 - --with-included-ltdl \ -%endif --enable-disk-io \ --enable-storeio \ --enable-removal-policies=heap,lru \ @@ -195,51 +129,34 @@ export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro,-z,now -pie" --disable-ident-lookups \ --enable-follow-x-forwarded-for \ --disable-arch-native - -# overwrite the number of open filedescriptors of configure to 4096 -# to be backward compatible, but numbers above should not be overwritten -if [ `awk '/SQUID_MAXFD/{print $3}' include/autoconf.h` -lt 4096 ]; then - set +x - echo "adapting SQUID_MAXFD to 4096" - set -x - perl -pi -e 's;(\#define SQUID_MAXFD) [0-9]+;$1 4096;' include/autoconf.h -fi -make SAMBAPREFIX=/usr %{?_smp_mflags} +make SAMBAPREFIX=%{_prefix} %{?_smp_mflags} %install -%{_sbindir}/groupadd -g 31 -r %{name} 2>/dev/null || : -%{_sbindir}/useradd -c "WWW-proxy squid" -d %{_localstatedir}/cache/%{name} \ - -g %{name} -o -u 31 -r -s /bin/false 2> /dev/null || : - install -d -m 750 %{buildroot}%{_localstatedir}/{cache,log}/%{name} install -d %{buildroot}%{_prefix}/sbin # make_install -make install DESTDIR=%{buildroot} SAMBAPREFIX=/usr +%make_install SAMBAPREFIX=%{_prefix} mv %{buildroot}{%{_sysconfdir}/%{name}/,%{_datadir}/%{name}/}mime.conf.default ln -s %{_sysconfdir}/%{name}/mime.conf %{buildroot}%{_datadir}/%{name} # backward compatible -%if 0%{?suse_version} < 1140 -# permissions file -install -D -m 644 %{SOURCE9} %{buildroot}%{_sysconfdir}/permissions.d/%{name} -%endif - # install logrotate file -install -D -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} +install -Dpm 644 %{SOURCE7} \ + %{buildroot}%{_sysconfdir}/logrotate.d/%{name} install -d -m 755 doc/scripts install scripts/*.pl doc/scripts cat > doc/scripts/cachemgr.readme <<-EOT cachemgr.cgi will now be found in %{_libdir}/%{name} EOT -install -d -m 755 %{buildroot}/%{_libdir}/%{name} +install -dpm 755 %{buildroot}/%{_libdir}/%{name} mv %{buildroot}%{_sbindir}/cachemgr.cgi %{buildroot}/%{_libdir}/%{name} -install -d -m 755 doc/contrib +install -dpm 755 doc/contrib install %{SOURCE6} doc/contrib -install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/%{name} -install -D -m 644 ./helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 %{buildroot}%{_mandir}/man8/ext_kerberos_ldap_group_acl.8 +install -Dpm 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/%{name} +install -Dpm 644 ./helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 %{buildroot}%{_mandir}/man8/ext_kerberos_ldap_group_acl.8 rm -rf %{buildroot}%{squidconfdir}/errors for i in errors/*; do @@ -251,40 +168,20 @@ done ln -sf %{_datadir}/%{name}/errors/de %{buildroot}%{squidconfdir}/errors # fix file duplicates -%if 0%{?suse_version} > 1030 %fdupes -s %{buildroot}%{_prefix} -%endif -%if 0%{?fedora_version} > 8 -fdupes -q -n -r %{buildroot}%{_prefix} -%endif -# systemd vs SysVinit -%if 0%{?has_systemd} - install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service - install -D -m 755 %{SOURCE15} %{buildroot}%{squidlibdir}/cache_dir.sed - install -D -m 755 %{SOURCE16} %{buildroot}%{squidlibdir}/initialize_cache_if_needed.sh - sed -i -e 's!%%{_libdir}!%{_libdir}!' %{buildroot}%{_unitdir}/%{name}.service - ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} -%else # SysVinit - # fix postrotate script for SysVinit - sed -i -re 's@/usr/bin/systemctl.*@/etc/init.d/squid reload@g' %{buildroot}%{_sysconfdir}/logrotate.d/%{name} - %if 0%{?suse_version} - install -D %{SOURCE3} %{buildroot}%{_sysconfdir}/init.d/%{name} - ln -sf %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rc%{name} - %else # lets just assume other are rh based ones... - install -D %{SOURCE14} %{buildroot}%{_sysconfdir}/init.d/%{name} - %endif -%endif -%if 0%{?suse_version} - install -D -m644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name} -%else - install -D -m644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name} -%endif +# systemd +install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service +install -D -m 755 %{SOURCE15} %{buildroot}%{squidlibdir}/cache_dir.sed +install -D -m 755 %{SOURCE16} %{buildroot}%{squidlibdir}/initialize_cache_if_needed.sh +sed -i -e 's!%%{_libdir}!%{_libdir}!' %{buildroot}%{_unitdir}/%{name}.service +ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} +install -Dpm 644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name} # Move the MIB definition to the proper place (and name) -mkdir -p $RPM_BUILD_ROOT/usr/share/snmp/mibs -mv $RPM_BUILD_ROOT/usr/share/squid/mib.txt \ - $RPM_BUILD_ROOT/usr/share/snmp/mibs/SQUID-MIB.txt +mkdir -p %{buildroot}%{_datadir}/snmp/mibs +mv %{buildroot}%{_datadir}/squid/mib.txt \ + %{buildroot}%{_datadir}/snmp/mibs/SQUID-MIB.txt %pre # we need this group for /usr/sbin/pinger @@ -304,15 +201,12 @@ fi # if default group is not squid, change it if [[ "$(%{_bindir}/id -ng %{name} 2>/dev/null)" != "%{name}" ]]; then %{_sbindir}/usermod -g %{name} %{name} 2>/dev/null -fi +fi # if squid is not member of winbind, add him if [[ $(%{_bindir}/id -nG %{name} 2>/dev/null | grep -q winbind >/dev/null; echo $?) -ne 0 ]]; then %{_sbindir}/usermod -G winbind %{name} 2>/dev/null fi - -%if 0%{?has_systemd} %service_add_pre %{name}.service -%endif # update mode? if [ "$1" -gt "1" ]; then @@ -321,11 +215,6 @@ if [ "$1" -gt "1" ]; then mv %{_sysconfdir}/%{name}.conf %{_sysconfdir}/%{name}/%{name}.conf fi fi -# emulate_httpd_log is gone with 3.2 not 3.5 -### rpmlint is complaining about modifying squid.conf -#if [ -e etc/%{name}/%{name}.conf ]; then -# sed -i '/emulate_httpd_log/d' /etc/%{name}/%{name}.conf -#fi %pretrans -p -- Directory to symlink is not working in RPM so workaround it @@ -343,63 +232,24 @@ for i,f in pairs(bad_ones) do end %post -%if 0%{?suse_version} >= 1140 - %if 0%{?set_permissions:1} %set_permissions %{_sbindir}/basic_pam_auth %set_permissions %{_sbindir}/pinger %set_permissions %{_localstatedir}/cache/squid/ %set_permissions %{_localstatedir}/log/squid/ - %else -%run_permissions - %endif -%endif -%if 0%{?has_systemd} %service_add_post squid.service -%else - %if 0%{?suse_version} -%{fillup_and_insserv -n "squid"} - %else - /sbin/chkconfig --add squid - %endif -%endif %preun -%if 0%{?has_systemd} %service_del_preun squid.service -%else - %if 0%{?suse_version} -%stop_on_removal squid - %else - if [ $1 = 0 ] ; then - service squid stop >/dev/null 2>&1 - rm -f /var/log/squid/* - /sbin/chkconfig --del squid - fi - %endif -%endif -%if 0%{?suse_version} %verifyscript %verify_permissions -e %{_sbindir}/basic_pam_auth %verify_permissions -e %{_sbindir}/pinger %verify_permissions -e %{_localstatedir}/cache/squid/ %verify_permissions -e %{_localstatedir}/log/squid/ -%endif %postun -%if 0%{?has_systemd} %service_del_postun squid.service -%else - %if 0%{?suse_version} -%restart_on_update squid -%insserv_cleanup - %else - if [ "$1" -ge "1" ] ; then - service squid condrestart >/dev/null 2>&1 - fi - %endif -%endif %files %defattr(-,root,root) @@ -408,14 +258,10 @@ end %doc README.kerberos %doc doc/contrib doc/scripts %doc doc/debug-sections.txt src/%{name}.conf.default -%doc %{_mandir}/man?/* -%if 0%{?has_systemd} +%{_mandir}/man?/* %{_unitdir}/%{name}.service %{squidlibdir}/initialize_cache_if_needed.sh %{squidlibdir}/cache_dir.sed -%else -%{_sysconfdir}/init.d/%{name} -%endif %verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/cache/%{name}/ %verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/log/%{name}/ %dir %{squidconfdir} @@ -430,9 +276,6 @@ end %config %{squidconfdir}/%{name}.conf.default %config %{squidconfdir}/%{name}.conf.documented %config %{_sysconfdir}/pam.d/%{name} -%if 0%{?suse_version} < 1140 -%config %{_sysconfdir}/permissions.d/%{name} -%endif %dir %{_datadir}/%{name} %dir %{_datadir}/snmp %dir %{_datadir}/snmp/mibs @@ -448,26 +291,16 @@ end %{_sbindir}/basic_getpwnam_auth %{_sbindir}/basic_ldap_auth %{_sbindir}/digest_edirectory_auth -## will get removed in 3.6 series -# http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html#toc2.8 %{_sbindir}/basic_msnt_multi_domain_auth -## %{_sbindir}/basic_ncsa_auth %{_sbindir}/basic_nis_auth -%if 0%{?suse_version} < 1140 -%{_sbindir}/basic_pam_auth -%else %verify(not mode) %attr(2750,root,shadow) %{_sbindir}/basic_pam_auth -%endif %{_sbindir}/basic_pop3_auth %{_sbindir}/basic_radius_auth %{_sbindir}/basic_sasl_auth %{_sbindir}/basic_smb_auth %{_sbindir}/basic_smb_auth.sh -## basic_msnt_auth has been deprecated and renamed to -# http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html#toc2.8 %{_sbindir}/basic_smb_lm_auth -## %{_sbindir}/cert_tool %{_sbindir}/cert_valid.pl %{_sbindir}/digest_file_auth @@ -488,24 +321,15 @@ end %{_sbindir}/negotiate_wrapper_auth %{_sbindir}/ntlm_fake_auth %{_sbindir}/ntlm_smb_lm_auth -# not working %%caps(cap_net_raw=ep) -%if 0%{?suse_version} < 1140 -%attr(0750,root,squid) %{_sbindir}/pinger -%else %verify(not user group mode caps) %attr(0750,root,squid) %{_sbindir}/pinger -%endif %{_sbindir}/%{name} %{_sbindir}/ssl_crtd %{_sbindir}/storeid_file_rewrite %{_sbindir}/unlinkd %{_sbindir}/url_fake_rewrite %{_sbindir}/url_fake_rewrite.sh -%if 0%{?suse_version} %{_sbindir}/rc%{name} %{_localstatedir}/adm/fillup-templates/sysconfig.%{name} -%else -%{_sysconfdir}/sysconfig/%{name} -%endif %dir %{_libdir}/%{name} %{_libdir}/%{name}/cachemgr.cgi