pool/squid
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 504589 from server:proxy

Browse Source 
- Packaging cleanup
- Dropped:
  * squid-brokenad.patch
  * squid-config.patch
  * squid.init squid.init.rh
  * squid-old-kerberos.patch
  * squid-rpmlintrc
- Update description and url

- Update Squid to 3.5.26
  * SubjectAlternativeNames missing in some generated certificates
    Previous releases of Squid were not able to generate valid
    mimic certificates from AltName server certificate field only.
  * Fix ignoring http_access deny with client-first bumping mode
  * ssl_crtd: now returns non-zero on failure
  * Fix FTP directory listings display issues
  * OpenSSL support better compliance with license requirements
    This release of Squid will now include the required OpenSSL
    advertisement on builds -v output where features are displayed.

OBS-URL: https://build.opensuse.org/request/show/504589
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=46
This commit is contained in:
Dominique Leuenberger 2017-06-21 11:54:33 +00:00 committed by Git OBS Bridge
commit e8fababa76
12 changed files with 90 additions and 798 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
squid-3.5.25.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:28959254c32b8cd87e9599b6beb97352cf0638524e0f5ac3e1754f08462f3585
size 2327316

20
squid-3.5.25.tar.xz.asc
View File

@ -1,20 +0,0 @@
File: squid-3.5.25.tar.xz
Date: Sun Apr 2 20:29:16 UTC 2017
Size: 2327316
MD5 : 6b7dd7b42b1adacf08f3155640ea2782
SHA1: 63ea00cb918e3106fd91b286ec907f1681e0f0e8
Key : 0xFF5CF463 <squid3@treenet.co.nz>
EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
keyring = http://www.squid-cache.org/pgp.asc
keyserver = subkeys.pgp.net
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEE6jHMXpSI5RaNLcxesmjnBv9c9GMFAljhX8EACgkQsmjnBv9c
9GMjFgf9ED5brd68IQQ1YNx5ecX5ni5A8rggShgE2h2EtBnBicj4c8CRwX82VXwm
0yIGHe/reWzppkDGcBaflgyAWGdmUkQR5EixlkBAmwtLAAlJauxeUBxSunxbzn96
ysFNmV0GEmzL7ZWJHjFQj4Bd2HnnDRFUbpdK37/lUVJVt2NZ7xtZm+Tcf7cm59Pn
OwKsjrGXui+/DoK3lktvn/U4JYsITjVRIc/OcuBW2CM2GlPYSfmTfswIAOVWfb6+
btP4pyHSaDaxzw616CSm6HXebL0SHt2CUGrcuCENkSGWj8KiTYBzXpXYDdcblmVp
1VFdZQcBMPkD3LVVoKA/HahRSjQgxw==
=yE6f
-----END PGP SIGNATURE-----

3
squid-3.5.26.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:baa1eecb7d6e18881f4455060d80ee7cb95ae7e2695fdccf7e21ccc8f879a982
size 2328352

20
squid-3.5.26.tar.xz.asc Normal file
View File

@ -0,0 +1,20 @@
File: squid-3.5.26.tar.xz
Date: Fri Jun 2 00:43:54 UTC 2017
Size: 2328352
MD5 : 510e2c84773879c00d0e7ced997864d9
SHA1: 51a664217957b35de8b7fae180b9f93a759a4204
Key : 0xFF5CF463 <squid3@treenet.co.nz>
EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
keyring = http://www.squid-cache.org/pgp.asc
keyserver = subkeys.pgp.net
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEE6jHMXpSI5RaNLcxesmjnBv9c9GMFAlkwtTYACgkQsmjnBv9c
9GPpRAf7B+2gZgh1GGwjDheRvX43odQhVg9KkXB+raufqDBSRs7cyj5E/cC9XBPC
bmhyF2sk03p0a8wgmSbIH7gBFZ01TbQ5np2dUGh0b9sZPI8DJcSDPS8g9I2IT99v
axAttf8IbSzeNTgOk4l/veNMA1RU5fgyY19FnD+G22rVhcmWZFMfD/GBTyw3oc1i
7Hs/ulyCmdOHmzzTinMBEaU787mxwng2K7j2SV0O4W6wnuakAMWLdSCGsrUNBwik
teu5nd/AuAo1Y1KhM8adjHcANwa12s02yPUgkxyIDkVKBgYmbJAGvfSwFpOqRK4q
2uvHSqEAJr47u+n+Y2QampwAXCOEDQ==
=XyzG
-----END PGP SIGNATURE-----

106
squid-brokenad.patch
View File

@ -1,106 +0,0 @@
Index: helpers/external_acl/kerberos_ldap_group/support_krb5.cc
===================================================================
--- helpers/external_acl/kerberos_ldap_group/support_krb5.cc.orig
+++ helpers/external_acl/kerberos_ldap_group/support_krb5.cc
@@ -81,7 +81,7 @@ k5_error(const char* msg, krb5_error_cod
* create Kerberos memory cache
*/
int
-krb5_create_cache(char *domain)
+krb5_create_cache(struct main_args *margs, char *domain)
{
krb5_keytab keytab = 0;
@@ -178,8 +178,17 @@ krb5_create_cache(char *domain)
if (code) {
k5_error("Error while unparsing principal name",code);
} else {
- debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
- found = 1;
+ if (margs->brokenad == 1) {
+ if (strncmp(principal_name,"HTTP/",strlen("HTTP/")) != 0){
+ debug((char *) "%s| %s: DEBUG: Found principal without 'HTTP/' service name: %s NOT USING IT\n", LogTime(), PROGRAM, principal_name);
+ } else {
+ debug((char *) "%s| %s: DEBUG: Found principal with 'HTTP/' service name: %s\n", LogTime(), PROGRAM, principal_name);
+ found = 1;
+ }
+ } else {
+ debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
+ found = 1;
+ }
}
}
#if USE_HEIMDAL_KRB5 || ( HAVE_KRB5_KT_FREE_ENTRY && HAVE_DECL_KRB5_KT_FREE_ENTRY )
Index: helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc
===================================================================
--- helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc.orig
+++ helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc
@@ -61,6 +61,7 @@ init_args(struct main_args *margs)
margs->rc_allow = 0;
margs->AD = 0;
margs->mdepth = 5;
+ margs->brokenad = 0;
margs->ddomain = NULL;
margs->groups = NULL;
margs->ndoms = NULL;
@@ -179,7 +180,7 @@ main(int argc, char *const argv[])
init_args(&margs);
- while (-1 != (opt = getopt(argc, argv, "diasg:D:N:S:u:U:t:T:p:l:b:m:h"))) {
+ while (-1 != (opt = getopt(argc, argv, "diasxg:D:N:S:u:U:t:T:p:l:b:m:h"))) {
switch (opt) {
case 'd':
debug_enabled = 1;
@@ -231,6 +232,9 @@ main(int argc, char *const argv[])
case 'S':
margs.llist = xstrdup(optarg);
break;
+ case 'x':
+ margs.brokenad = 1;
+ break;
case 'h':
fprintf(stderr, "Usage: \n");
fprintf(stderr, "squid_kerb_ldap [-d] [-i] -g group list [-D domain] [-N netbios domain map] [-s] [-u ldap user] [-p ldap user password] [-l ldap url] [-b ldap bind path] [-a] [-m max depth] [-h]\n");
@@ -247,6 +251,7 @@ main(int argc, char *const argv[])
fprintf(stderr, "-l ldap url\n");
fprintf(stderr, "-b ldap bind path\n");
fprintf(stderr, "-s use SSL encryption with Kerberos authentication\n");
+ fprintf(stderr, "-x force use of HTTP/ principal on MS AD 2008\n");
fprintf(stderr, "-a allow SSL without cert verification\n");
fprintf(stderr, "-m maximal depth for recursive searches\n");
fprintf(stderr, "-h help\n");
Index: helpers/external_acl/kerberos_ldap_group/support.h
===================================================================
--- helpers/external_acl/kerberos_ldap_group/support.h.orig
+++ helpers/external_acl/kerberos_ldap_group/support.h
@@ -105,6 +105,7 @@ struct main_args {
int rc_allow;
int AD;
int mdepth;
+ int brokenad;
char *ddomain;
struct gdstruct *groups;
struct ndstruct *ndoms;
@@ -164,7 +165,7 @@ int create_nd(struct main_args *margs);
int create_ls(struct main_args *margs);
#ifdef HAVE_KRB5
-int krb5_create_cache(char *domain);
+int krb5_create_cache(struct main_args *margs, char *domain);
void krb5_cleanup(void);
#endif
Index: helpers/external_acl/kerberos_ldap_group/support_ldap.cc
===================================================================
--- helpers/external_acl/kerberos_ldap_group/support_ldap.cc.orig
+++ helpers/external_acl/kerberos_ldap_group/support_ldap.cc
@@ -898,7 +898,7 @@ get_memberof(struct main_args *margs, ch
debug((char *) "%s| %s: DEBUG: Setup Kerberos credential cache\n", LogTime(), PROGRAM);
#if HAVE_KRB5
- kc = krb5_create_cache(domain);
+ kc = krb5_create_cache(margs,domain);
if (kc) {
error((char *) "%s| %s: ERROR: Error during setup of Kerberos credential cache\n", LogTime(), PROGRAM);
}

42
squid-config.patch
View File

@ -1,42 +0,0 @@
Index: src/cf.data.pre
===================================================================
--- src/cf.data.pre.orig
+++ src/cf.data.pre
@@ -1464,6 +1464,8 @@ http_access deny manager
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
+
+# Allow localhost always proxy functionality
http_access allow localhost
# And finally deny all other access to this proxy
@@ -3769,6 +3771,10 @@ DOC_START
Instead, if you want Squid to use the entire disk drive,
subtract 20% and use that value.
+ Note on 'Mbytes': You need to consider the available RAM on the
+ machine versus the approx. 10MB RAM per 1GB of files which the
+ cache_dir index will consume.
+
'L1' is the number of first-level subdirectories which
will be created under the 'Directory'. The default is 16.
@@ -3887,7 +3893,7 @@ DOC_START
NOCOMMENT_START
# Uncomment and adjust the following to add a disk cache directory.
-#cache_dir ufs @DEFAULT_SWAP_DIR@ 100 16 256
+#cache_dir aufs @DEFAULT_SWAP_DIR@ 100 16 256
NOCOMMENT_END
DOC_END
@@ -4584,7 +4590,7 @@ DOC_END
NAME: logfile_rotate
TYPE: int
-DEFAULT: 10
+DEFAULT: 0
LOC: Config.Log.rotateNumber
DOC_START
Specifies the number of logfile rotations to make when you

16
squid-old-kerberos.patch
View File

@ -1,16 +0,0 @@
Index: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc
===================================================================
--- helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc.orig
+++ helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc
@@ -535,7 +535,11 @@ main(int argc, char *const argv[])
keytab_name_env = getenv("KRB5_KTNAME");
if (!keytab_name_env) {
ret = krb5_init_context(&context);
+#if HAVE_PAC_SUPPORT || HAVE_KRB5_MEMORY_KEYTAB
if (!check_k5_err(context, "krb5_init_context", ret)) {
+#else
+ if (0 == ret) { // no error continue...
+#endif
krb5_kt_default_name(context, default_keytab, MAXPATHLEN);
}
keytab_name = xstrdup(default_keytab);

6
squid-rpmlintrc
View File

@ -1,6 +0,0 @@
addFilter("no-manual-page-for-binary")
addFilter("zero-length")
addFilter("incorrect-fsf-address")
# Temporary solution untill it is moved into factory
#setBadness('permissions-unauthorized-file', 333)
#setBadness("permissions-file-setuid-bit", 333)

26
squid.changes
View File

@ -1,3 +1,29 @@
-------------------------------------------------------------------
Mon Jun 19 08:20:52 UTC 2017 - mpluskal@suse.com
- Packaging cleanup
- Dropped:
* squid-brokenad.patch
* squid-config.patch
* squid.init squid.init.rh
* squid-old-kerberos.patch
* squid-rpmlintrc
- Update description and url
-------------------------------------------------------------------
Wed Jun 14 08:54:53 UTC 2017 - adam.majer@suse.de
- Update Squid to 3.5.26
* SubjectAlternativeNames missing in some generated certificates
Previous releases of Squid were not able to generate valid
mimic certificates from AltName server certificate field only.
* Fix ignoring http_access deny with client-first bumping mode
* ssl_crtd: now returns non-zero on failure
* Fix FTP directory listings display issues
* OpenSSL support better compliance with license requirements
This release of Squid will now include the required OpenSSL
advertisement on builds -v output where features are displayed.
-------------------------------------------------------------------
Mon Apr 10 09:50:21 UTC 2017 - adam.majer@suse.de

201
squid.init
View File

@ -1,201 +0,0 @@
#!/bin/sh
# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH
# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH
# Copyright (c) 2002 SuSE Linux AG
#
# Author: Frank Bodammer, Peter Poeml, Klaus Singvogel <feedback@suse.de>
#
# /etc/init.d/squid
# and its symbolic link
# /(usr/)sbin/rcsquid
#
### BEGIN INIT INFO
# Provides: squid
# Required-Start: $local_fs $remote_fs $network $time
# Should-Start: apache $named winbind
# Required-Stop: $local_fs $remote_fs $network $time
# Should-Stop: apache $named winbind
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: Squid web cache
# Description: Start the Squid web cache, providing
# HTTP, FTP and other proxy services
### END INIT INFO
#
# Note on runlevels:
# 0 - halt/poweroff 6 - reboot
# 1 - single user 2 - multiuser without network exported
# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm)
# Check for missing binaries (stale symlinks should not happen)
# Note: Special treatment of stop for LSB conformance
SQUID_BIN=/usr/sbin/squid
test -x $SQUID_BIN || { echo "$SQUID_BIN not installed";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }
# Check for existence of needed config file and read it
SQUID_SYSCONFIG=/etc/sysconfig/squid
test -r $SQUID_SYSCONFIG || { echo "$SQUID_SYSCONFIG not existing";
if [ "$1" = "stop" ]; then exit 0;
else exit 6; fi; }
# Read config
. $SQUID_SYSCONFIG
SQUID_PID=/var/run/squid.pid
SQUID_CONF=/etc/squid/squid.conf
SQUID_S_T=${SQUID_SHUTDOWN_TIMEOUT:="60"}
SQUID_OPTS=${SQUID_START_OPTIONS:="-sY"}
SQUID_ULIMIT=${SQUID_DEFAULT_ULIMT:="4096"}
# determine which one is the cache_swap directory
SQUID_CACHE_DIR=$(perl -n -e \
'/^cache_dir\s+\S+\s+(.*)\s+\d+\s+\d+\s+\d+/ && print "$1"' $SQUID_CONF)
ulimit -n "$SQUID_ULIMIT"
#IN: $SQUID_CACHE_DIR
setup_squid_cache_dir(){
for adir in "$1" ; do
if [ ! -d $adir/00 ]; then # create missing cache directories
umask 027 # prevent users reading any cache data
echo -n " ($adir)"
$SQUID_BIN -z -F > /dev/null 2>&1
fi
if [ ! -d $adir/00 ]; then
echo " - failed while creating cache_dir ! "
rc_failed
rc_status -v
rc_exit
fi
done
sleep 2
}
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v be verbose in local rc status and clear it afterwards
# rc_status -v -r ditto and clear both the local and overall rc status
# rc_status -s display "skipped" and exit with status 3
# rc_status -u display "unused" and exit with status 3
# rc_failed set local and overall rc status to failed
# rc_failed <num> set local and overall rc status to <num>
# rc_reset clear both the local and overall rc status
# rc_exit exit appropriate to overall rc status
# rc_active checks whether a service is activated by symlinks
. /etc/rc.status
# Reset status of this service
rc_reset
case "$1" in
start)
echo -n "Starting WWW-proxy squid "
if /sbin/checkproc $SQUID_BIN ; then
echo -n "- Warning: squid already running ! "
rc_failed
else
[ -e $SQUID_PID ] && echo -n "- Warning: $SQUID_PID exists ! "
if [ -n "$SQUID_CACHE_DIR" -a -d "$SQUID_CACHE_DIR" ]; then
setup_squid_cache_dir "$SQUID_CACHE_DIR"
fi
fi
startproc -l /var/log/squid/rcsquid.log $SQUID_BIN "$SQUID_OPTS"
# Remember status and be verbose
rc_status -v
;;
stop)
echo -n "Shutting down WWW-proxy squid "
if /sbin/checkproc $SQUID_BIN ; then
$SQUID_BIN -k shutdown
sleep 2
if [ -e $SQUID_PID ] ; then
echo -n "- wait a minute or two... "
i="$SQUID_S_T"
while [ -e $SQUID_PID ] && [ $i -gt 0 ] ; do
sleep 2
i=$[$i-1]
echo -n "."
[ $i -eq 41 ] && echo
done
fi
if /sbin/checkproc $SQUID_BIN ; then
killproc -TERM $SQUID_BIN
echo -n " Warning: squid killed !"
fi
else
echo -n "- Warning: squid not running ! "
rc_failed 7
fi
# Remember status and be verbose
rc_status -v
;;
try-restart)
$0 status >/dev/null && $0 restart
# Remember status and be quiet
rc_status
;;
restart)
$0 stop
$0 start
# Remember status and be quiet
rc_status
;;
force-reload)
$0 reload
# Remember status and be quiet
rc_status
;;
reload)
echo -n "Reloading WWW-proxy squid "
if /sbin/checkproc $SQUID_BIN ; then
$SQUID_BIN -k rotate
sleep 2
$SQUID_BIN -k reconfigure
rc_status
else
echo -n "- Warning: squid not running ! "
rc_failed 7
fi
# Remember status and be verbose
rc_status -v
;;
status)
echo -n "Checking for WWW-proxy squid "
## Check status with checkproc(8), if process is running
## checkproc will return with exit status 0.
# Return value is slightly different for the status command:
# 0 - service up and running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running (unused)
# 4 - service status unknown :-(
# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
# NOTE: checkproc returns LSB compliant status values.
/sbin/checkproc $SQUID_BIN
# Remember status and be verbose
rc_status -v
;;
probe)
test $SQUID_CONF -nt $SQUID_PID && echo reload
;;
*)
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
exit 1
;;
esac
rc_exit

187
squid.init.rh
View File

@ -1,187 +0,0 @@
#!/bin/bash
# chkconfig: - 90 25
# pidfile: /var/run/squid.pid
# config: /etc/squid/squid.conf
#
### BEGIN INIT INFO
# Provides: squid
# Short-Description: starting and stopping Squid Internet Object Cache
# Description: Squid - Internet Object Cache. Internet object caching is \
# a way to store requested Internet objects (i.e., data available \
# via the HTTP, FTP, and gopher protocols) on a system closer to the \
# requesting site than to the source. Web browsers can then use the \
# local Squid cache as a proxy HTTP server, reducing access time as \
# well as bandwidth consumption.
### END INIT INFO
PATH=/usr/bin:/sbin:/bin:/usr/sbin
export PATH
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
if [ -f /etc/sysconfig/squid ]; then
. /etc/sysconfig/squid
fi
# don't raise an error if the config file is incomplete
# set defaults instead:
SQUID_OPTS=${SQUID_OPTS:-""}
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
SQUID_CONF=${SQUID_CONF:-"/etc/squid/squid.conf"}
SQUID_PIDFILE_DIR="/var/run/squid"
SQUID_USER="squid"
SQUID_DIR="squid"
# determine the name of the squid binary
[ -f /usr/sbin/squid ] && SQUID=squid
prog="$SQUID"
# determine which one is the cache_swap directory
CACHE_SWAP=`sed -e 's/#.*//g' $SQUID_CONF | \
grep cache_dir | awk '{ print $3 }'`
RETVAL=0
probe() {
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 1
[ `id -u` -ne 0 ] && exit 4
# check if the squid conf file is present
[ -f $SQUID_CONF ] || exit 6
}
start() {
# Check if $SQUID_PIDFILE_DIR exists and if not, lets create it and give squid permissions.
if [ ! -d $SQUID_PIDFILE_DIR ] ; then mkdir $SQUID_PIDFILE_DIR ; chown -R $SQUID_USER.$SQUID_DIR $SQUID_PIDFILE_DIR; fi
probe
parse=`$SQUID -k parse -f $SQUID_CONF 2>&1`
RETVAL=$?
if [ $RETVAL -ne 0 ]; then
echo -n $"Starting $prog: "
echo_failure
echo
echo "$parse"
return 1
fi
for adir in $CACHE_SWAP; do
if [ ! -d $adir/00 ]; then
echo -n "init_cache_dir $adir... "
$SQUID -z -F -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
fi
done
echo -n $"Starting $prog: "
$SQUID $SQUID_OPTS -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
timeout=0;
while : ; do
[ ! -f /var/run/squid.pid ] || break
if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then
RETVAL=1
break
fi
sleep 1 && echo -n "."
timeout=$((timeout+1))
done
fi
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$SQUID
[ $RETVAL -eq 0 ] && echo_success
[ $RETVAL -ne 0 ] && echo_failure
echo
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
$SQUID -k check -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ] ; then
$SQUID -k shutdown -f $SQUID_CONF &
rm -f /var/lock/subsys/$SQUID
timeout=0
while : ; do
[ -f /var/run/squid.pid ] || break
if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then
echo
return 1
fi
sleep 2 && echo -n "."
timeout=$((timeout+2))
done
echo_success
echo
else
echo_failure
if [ ! -e /var/lock/subsys/$SQUID ]; then
RETVAL=0
fi
echo
fi
rm -rf $SQUID_PIDFILE_DIR/*
return $RETVAL
}
reload() {
$SQUID $SQUID_OPTS -k reconfigure -f $SQUID_CONF
}
restart() {
stop
rm -rf $SQUID_PIDFILE_DIR/*
start
}
condrestart() {
[ -e /var/lock/subsys/squid ] && restart || :
}
rhstatus() {
status $SQUID && $SQUID -k check -f $SQUID_CONF
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload|force-reload)
reload
;;
restart)
restart
;;
condrestart|try-restart)
condrestart
;;
status)
rhstatus
;;
probe)
probe
;;
*)
echo $"Usage: $0 {start|stop|status|reload|force-reload|restart|try-restart|probe}"
exit 2
esac
exit $?

256
squid.spec
View File

@ -18,17 +18,15 @@
%define squidlibdir %{_libdir}/squid
%define squidconfdir %{_sysconfdir}/squid
Name: squid
Version: 3.5.25
Version: 3.5.26
Release: 0
Summary: A fully featured HTTP/1.0 proxy
License: GPL-2.0+
Group: Productivity/Networking/Web/Proxy
Url: http://www.squid-cache.org/Versions/v3/3.5
Url: http://www.squid-cache.org
Source0: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz
Source1: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz.asc
Source3: squid.init
Source4: squid.sysconfig
Source5: pam.squid
Source6: unsquid.pl
@ -37,115 +35,58 @@ Source9: %{name}.permissions
Source10: README.kerberos
Source11: %{name}.service
Source13: %{name}.keyring
Source14: squid.init.rh
Source15: cache_dir.sed
Source16: initialize_cache_if_needed.sh
# do not show some rpmlint warnings
Source99: squid-rpmlintrc
# some useful defaults for squid
Patch100: %{name}-config.patch
# patch fixes kerberos principalname handling (http://bugs.squid-cache.org/show_bug.cgi?id=4042)
Patch103: squid-brokenad.patch
#patch fix SLE 11 target... BAD PATCH
Patch104: squid-old-kerberos.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
# BuildRequires: autoconf
# BuildRequires: automake
# If you want to run unit tests, these also need mounted /dev/shm and /proc
# BuildRequires: cppunit-devel
BuildRequires: cppunit-devel
BuildRequires: db-devel
# needed by bootstrap.sh
BuildRequires: cyrus-sasl-devel
BuildRequires: ed
BuildRequires: expat
#
BuildRequires: fdupes
BuildRequires: gcc-c++
BuildRequires: krb5-devel
BuildRequires: libcap-devel
BuildRequires: libexpat-devel
%if 0%{?suse_version} <= 1140
BuildRequires: libtool
%else
BuildRequires: libtool >= 2.4
%endif
%if 0%{?suse_version} < 1220
BuildRequires: libxml2-devel
BuildRequires: xz
%else
BuildRequires: pkgconfig(libxml-2.0)
%endif
BuildRequires: openldap2-devel
BuildRequires: opensp-devel
BuildRequires: openssl-devel
BuildRequires: pam-devel
BuildRequires: pkgconfig
BuildRequires: samba-winbind
BuildRequires: sharutils
%if 0%{?suse_version}
Requires(post): %fillup_prereq
Requires(pre): %{_bindir}/getent
%if 0%{?suse_version} < 1140
Requires(pre): permissions
%else
Requires(pre): permissions >= 2014.11
%endif
Requires(pre): pwdutils
%else
Requires(pre): shadow-utils
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/service /sbin/chkconfig
Requires(postun): /sbin/service
%endif
%if 0%{?suse_version} > 1210
BuildRequires: systemd
%{?systemd_requires}
%define has_systemd 1
%else
Requires(pre): %insserv_prereq
%endif
BuildRequires: systemd-rpm-macros
BuildRequires: pkgconfig(expat)
BuildRequires: pkgconfig(gssrpc)
BuildRequires: pkgconfig(kdb)
BuildRequires: pkgconfig(krb5)
BuildRequires: pkgconfig(libsasl2)
BuildRequires: pkgconfig(libxml-2.0)
Requires: logrotate
Requires(post): %fillup_prereq
Requires(pre): permissions
Requires(pre): shadow
Provides: http_proxy
# due to package rename
# Wed Aug 15 17:40:30 UTC 2012
Provides: %{name}3 = %{version}
Obsoletes: %{name}3 < %{version}
%{?systemd_requires}
%description
Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite - we're getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. Squid offers a rich set of traffic optimization options, most of which are enabled by default for simpler installation and high performance.
Squid 3.5 represents a new feature release above 3.4.
The most important of these new features are:
* Support libecap v1.0
* Authentication helper query extensions
* Support named services
* Upgraded squidclient tool
* Helper support for concurrency channels
* Native FTP Relay
* Receive PROXY protocol, Versions 1 & 2
* Basic authentication MSNT helper changes
Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite -
we're getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich
access control, authorization and logging environment to develop web proxy
and content serving applications. Squid offers a rich set of traffic
optimization options, most of which are enabled by default for simpler
installation and high performance.
%prep
%setup -q
cp %{SOURCE10} .
# upstream patches after RELEASE
##### other patches
%patch100
perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"`
chmod a-x CREDITS
%patch103
%patch104
%build
# autoreconf -fi
export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
export CXXFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro,-z,now -pie"
@ -156,15 +97,8 @@ export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro,-z,now -pie"
--datadir=%{_datadir}/squid \
--sharedstatedir=%{_localstatedir}/squid \
--with-logdir=%{_localstatedir}/log/squid \
%if 0%{?has_systemd}
--with-pidfile=/run/squid.pid \
%else
--with-pidfile=%{_localstatedir}/run/squid.pid \
%endif
--with-dl \
%if 0%{?suse_version} <= 1140
--with-included-ltdl \
%endif
--enable-disk-io \
--enable-storeio \
--enable-removal-policies=heap,lru \
@ -195,51 +129,34 @@ export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro,-z,now -pie"
--disable-ident-lookups \
--enable-follow-x-forwarded-for \
--disable-arch-native
# overwrite the number of open filedescriptors of configure to 4096
# to be backward compatible, but numbers above should not be overwritten
if [ `awk '/SQUID_MAXFD/{print $3}' include/autoconf.h` -lt 4096 ]; then
set +x
echo "adapting SQUID_MAXFD to 4096"
set -x
perl -pi -e 's;(\#define SQUID_MAXFD) [0-9]+;$1 4096;' include/autoconf.h
fi
make SAMBAPREFIX=/usr %{?_smp_mflags}
make SAMBAPREFIX=%{_prefix} %{?_smp_mflags}
%install
%{_sbindir}/groupadd -g 31 -r %{name} 2>/dev/null || :
%{_sbindir}/useradd -c "WWW-proxy squid" -d %{_localstatedir}/cache/%{name} \
-g %{name} -o -u 31 -r -s /bin/false 2> /dev/null || :
install -d -m 750 %{buildroot}%{_localstatedir}/{cache,log}/%{name}
install -d %{buildroot}%{_prefix}/sbin
# make_install
make install DESTDIR=%{buildroot} SAMBAPREFIX=/usr
%make_install SAMBAPREFIX=%{_prefix}
mv %{buildroot}{%{_sysconfdir}/%{name}/,%{_datadir}/%{name}/}mime.conf.default
ln -s %{_sysconfdir}/%{name}/mime.conf %{buildroot}%{_datadir}/%{name} # backward compatible
%if 0%{?suse_version} < 1140
# permissions file
install -D -m 644 %{SOURCE9} %{buildroot}%{_sysconfdir}/permissions.d/%{name}
%endif
# install logrotate file
install -D -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
install -Dpm 644 %{SOURCE7} \
%{buildroot}%{_sysconfdir}/logrotate.d/%{name}
install -d -m 755 doc/scripts
install scripts/*.pl doc/scripts
cat > doc/scripts/cachemgr.readme <<-EOT
cachemgr.cgi will now be found in %{_libdir}/%{name}
EOT
install -d -m 755 %{buildroot}/%{_libdir}/%{name}
install -dpm 755 %{buildroot}/%{_libdir}/%{name}
mv %{buildroot}%{_sbindir}/cachemgr.cgi %{buildroot}/%{_libdir}/%{name}
install -d -m 755 doc/contrib
install -dpm 755 doc/contrib
install %{SOURCE6} doc/contrib
install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/%{name}
install -D -m 644 ./helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 %{buildroot}%{_mandir}/man8/ext_kerberos_ldap_group_acl.8
install -Dpm 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/%{name}
install -Dpm 644 ./helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 %{buildroot}%{_mandir}/man8/ext_kerberos_ldap_group_acl.8
rm -rf %{buildroot}%{squidconfdir}/errors
for i in errors/*; do
@ -251,40 +168,20 @@ done
ln -sf %{_datadir}/%{name}/errors/de %{buildroot}%{squidconfdir}/errors
# fix file duplicates
%if 0%{?suse_version} > 1030
%fdupes -s %{buildroot}%{_prefix}
%endif
%if 0%{?fedora_version} > 8
fdupes -q -n -r %{buildroot}%{_prefix}
%endif
# systemd vs SysVinit
%if 0%{?has_systemd}
install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service
install -D -m 755 %{SOURCE15} %{buildroot}%{squidlibdir}/cache_dir.sed
install -D -m 755 %{SOURCE16} %{buildroot}%{squidlibdir}/initialize_cache_if_needed.sh
sed -i -e 's!%%{_libdir}!%{_libdir}!' %{buildroot}%{_unitdir}/%{name}.service
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
%else # SysVinit
# fix postrotate script for SysVinit
sed -i -re 's@/usr/bin/systemctl.*@/etc/init.d/squid reload@g' %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
%if 0%{?suse_version}
install -D %{SOURCE3} %{buildroot}%{_sysconfdir}/init.d/%{name}
ln -sf %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rc%{name}
%else # lets just assume other are rh based ones...
install -D %{SOURCE14} %{buildroot}%{_sysconfdir}/init.d/%{name}
%endif
%endif
%if 0%{?suse_version}
install -D -m644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
%else
install -D -m644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
%endif
# systemd
install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service
install -D -m 755 %{SOURCE15} %{buildroot}%{squidlibdir}/cache_dir.sed
install -D -m 755 %{SOURCE16} %{buildroot}%{squidlibdir}/initialize_cache_if_needed.sh
sed -i -e 's!%%{_libdir}!%{_libdir}!' %{buildroot}%{_unitdir}/%{name}.service
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
install -Dpm 644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
# Move the MIB definition to the proper place (and name)
mkdir -p $RPM_BUILD_ROOT/usr/share/snmp/mibs
mv $RPM_BUILD_ROOT/usr/share/squid/mib.txt \
$RPM_BUILD_ROOT/usr/share/snmp/mibs/SQUID-MIB.txt
mkdir -p %{buildroot}%{_datadir}/snmp/mibs
mv %{buildroot}%{_datadir}/squid/mib.txt \
%{buildroot}%{_datadir}/snmp/mibs/SQUID-MIB.txt
%pre
# we need this group for /usr/sbin/pinger
@ -309,10 +206,7 @@ fi
if [[ $(%{_bindir}/id -nG %{name} 2>/dev/null | grep -q winbind >/dev/null; echo $?) -ne 0 ]]; then
%{_sbindir}/usermod -G winbind %{name} 2>/dev/null
fi
%if 0%{?has_systemd}
%service_add_pre %{name}.service
%endif
# update mode?
if [ "$1" -gt "1" ]; then
@ -321,11 +215,6 @@ if [ "$1" -gt "1" ]; then
mv %{_sysconfdir}/%{name}.conf %{_sysconfdir}/%{name}/%{name}.conf
fi
fi
# emulate_httpd_log is gone with 3.2 not 3.5
### rpmlint is complaining about modifying squid.conf
#if [ -e etc/%{name}/%{name}.conf ]; then
# sed -i '/emulate_httpd_log/d' /etc/%{name}/%{name}.conf
#fi
%pretrans -p <lua>
-- Directory to symlink is not working in RPM so workaround it
@ -343,63 +232,24 @@ for i,f in pairs(bad_ones) do
end
%post
%if 0%{?suse_version} >= 1140
%if 0%{?set_permissions:1}
%set_permissions %{_sbindir}/basic_pam_auth
%set_permissions %{_sbindir}/pinger
%set_permissions %{_localstatedir}/cache/squid/
%set_permissions %{_localstatedir}/log/squid/
%else
%run_permissions
%endif
%endif
%if 0%{?has_systemd}
%service_add_post squid.service
%else
%if 0%{?suse_version}
%{fillup_and_insserv -n "squid"}
%else
/sbin/chkconfig --add squid
%endif
%endif
%preun
%if 0%{?has_systemd}
%service_del_preun squid.service
%else
%if 0%{?suse_version}
%stop_on_removal squid
%else
if [ $1 = 0 ] ; then
service squid stop >/dev/null 2>&1
rm -f /var/log/squid/*
/sbin/chkconfig --del squid
fi
%endif
%endif
%if 0%{?suse_version}
%verifyscript
%verify_permissions -e %{_sbindir}/basic_pam_auth
%verify_permissions -e %{_sbindir}/pinger
%verify_permissions -e %{_localstatedir}/cache/squid/
%verify_permissions -e %{_localstatedir}/log/squid/
%endif
%postun
%if 0%{?has_systemd}
%service_del_postun squid.service
%else
%if 0%{?suse_version}
%restart_on_update squid
%insserv_cleanup
%else
if [ "$1" -ge "1" ] ; then
service squid condrestart >/dev/null 2>&1
fi
%endif
%endif
%files
%defattr(-,root,root)
@ -408,14 +258,10 @@ end
%doc README.kerberos
%doc doc/contrib doc/scripts
%doc doc/debug-sections.txt src/%{name}.conf.default
%doc %{_mandir}/man?/*
%if 0%{?has_systemd}
%{_mandir}/man?/*
%{_unitdir}/%{name}.service
%{squidlibdir}/initialize_cache_if_needed.sh
%{squidlibdir}/cache_dir.sed
%else
%{_sysconfdir}/init.d/%{name}
%endif
%verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/cache/%{name}/
%verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/log/%{name}/
%dir %{squidconfdir}
@ -430,9 +276,6 @@ end
%config %{squidconfdir}/%{name}.conf.default
%config %{squidconfdir}/%{name}.conf.documented
%config %{_sysconfdir}/pam.d/%{name}
%if 0%{?suse_version} < 1140
%config %{_sysconfdir}/permissions.d/%{name}
%endif
%dir %{_datadir}/%{name}
%dir %{_datadir}/snmp
%dir %{_datadir}/snmp/mibs
@ -448,26 +291,16 @@ end
%{_sbindir}/basic_getpwnam_auth
%{_sbindir}/basic_ldap_auth
%{_sbindir}/digest_edirectory_auth
## will get removed in 3.6 series
# http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html#toc2.8
%{_sbindir}/basic_msnt_multi_domain_auth
##
%{_sbindir}/basic_ncsa_auth
%{_sbindir}/basic_nis_auth
%if 0%{?suse_version} < 1140
%{_sbindir}/basic_pam_auth
%else
%verify(not mode) %attr(2750,root,shadow) %{_sbindir}/basic_pam_auth
%endif
%{_sbindir}/basic_pop3_auth
%{_sbindir}/basic_radius_auth
%{_sbindir}/basic_sasl_auth
%{_sbindir}/basic_smb_auth
%{_sbindir}/basic_smb_auth.sh
## basic_msnt_auth has been deprecated and renamed to
# http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html#toc2.8
%{_sbindir}/basic_smb_lm_auth
##
%{_sbindir}/cert_tool
%{_sbindir}/cert_valid.pl
%{_sbindir}/digest_file_auth
@ -488,24 +321,15 @@ end
%{_sbindir}/negotiate_wrapper_auth
%{_sbindir}/ntlm_fake_auth
%{_sbindir}/ntlm_smb_lm_auth
# not working %%caps(cap_net_raw=ep)
%if 0%{?suse_version} < 1140
%attr(0750,root,squid) %{_sbindir}/pinger
%else
%verify(not user group mode caps) %attr(0750,root,squid) %{_sbindir}/pinger
%endif
%{_sbindir}/%{name}
%{_sbindir}/ssl_crtd
%{_sbindir}/storeid_file_rewrite
%{_sbindir}/unlinkd
%{_sbindir}/url_fake_rewrite
%{_sbindir}/url_fake_rewrite.sh
%if 0%{?suse_version}
%{_sbindir}/rc%{name}
%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
%else
%{_sysconfdir}/sysconfig/%{name}
%endif
%dir %{_libdir}/%{name}
%{_libdir}/%{name}/cachemgr.cgi