Accepting request 146698 from home:computersalat:devel:proxy

update to 3.2.5 OBS-URL: https://build.opensuse.org/request/show/146698 OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=26
2012-12-30 19:35:16 +00:00 · 2012-12-30 19:35:16 +00:00 · fba5a0ced5
commit fba5a0ced5
parent 71075c2f96
8 changed files with 64 additions and 90 deletions
--- a/RELEASENOTES.html
+++ b/RELEASENOTES.html
@ -2,10 +2,10 @@
 <HTML>
 <HEAD>
 <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.66">
- <TITLE>Squid 3.2.3 release notes</TITLE>
+ <TITLE>Squid 3.2.5 release notes</TITLE>
 </HEAD>
 <BODY>
-<H1>Squid 3.2.3 release notes</H1>
+<H1>Squid 3.2.5 release notes</H1>
 <H2>Squid Developers</H2>
 <HR>
@ -72,7 +72,8 @@ for Applied Network Research and members of the Web Caching community.</EM>
 <HR>
 <H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
-<P>The Squid Team are pleased to announce the release of Squid-3.2.3 for testing.</P>
+<P>The Squid Team are pleased to announce the release of Squid-3.2.5 for 
 testing.</P>
 <P>This new release is available for download from 
 <A HREF="http://www.squid-cache.org/Versions/v3/3.2/">http://www.squid-cache.org/Versions/v3/3.2/</A> or the 
 <A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html">mirrors</A>.</P>
@ -535,9 +536,10 @@ the use of HTTPS security were desired.</P>
 <P>The cache manager is available under the path prefix /squid-internal-mgr/. For example
 the URL http://example/com/squid-internal-mgr/menu will bring up the manager menu. This
 means there are some configuration changes required to lock down manager access.
-The <EM>manager</EM> ACL needs changing to:
+The <EM>manager</EM> ACL needs changing. A built-in definition is now used, equivalent
 to the following regex pattern:
 <PRE>
-        acl manager url_regex -i ^cache_object:// ^https?://[^/]+/squid-internal-mgr/
+        ^(cache_object://|https?://[^/]+/squid-internal-mgr/)
 </PRE>
 </P>
@ -547,6 +549,14 @@ This template is not supplied with Squid but intended to be supplied by separate
 cache manager applications as their front page embedding all scripts, accessors or
 redirects required for their initial GUI display.</P>
 <P>MGR_INDEX file
 <UL>
 <LI>should contain a complete HTML page, with optional client-side scripting.</LI>
 <LI>must not contain server-side scripting. </LI>
 <LI>will have macro substitution performed on it using the same macros as used by the error page tempates.</LI>
 </UL>
 </P>
 <P>Version 3.2 of the CGI cache manager tool now presents XHR scripted probes to detect
 proxies presenting these manager index pagess and provides direct HTTP/HTTPS web links
 to those managers.</P>
@ -724,15 +734,18 @@ New installs, or installs with no logs configured explicitly will use this modul
 <P>New type <EM>random</EM>. Pseudo-randomly match requests based on a configured probability.</P>
 <P>Renamed <EM>myip</EM> to <EM>localip</EM>. It matches the IP which the client connected to.</P>
 <P>Renamed <EM>myport</EM> to <EM>localport</EM>. It matches the port which the client connected to.</P>
 <P>Ported <EM>urllogin</EM> option from Squid 2.7, to match a regex pattern on the URL login field (if any).</P>
 <P>The <EM>localip</EM>/<EM>localport</EM> differ from earlier releases where they matched a mix of
 of an invalid IP and port 0, the client destination IP/port or the Squid listening IP/port.
 This definition is now consistent across all modes of traffic received by Squid.</P>
-<P>The <EM>manager</EM> ACL requires adjustment to cover new cache manager access:
+<P>The <EM>manager</EM> ACL requires adjustment to cover new cache manager access. So it has now been
 built-in as a predefined ACL name matching URLs equivalent to the following regular expression:
 <PRE>
-                acl manager url_regex -i ^cache_object:// ^https?://[^/]+/squid-internal-mgr/
+                ^(cache_object://|https?://[^/]+/squid-internal-mgr/)
 </PRE>
-</P>
+
 squid.conf containing the old manager definition can expect to see ACL type collisions.</P>
 <DT><B>auth_param</B><DD>
 <P>New options for Basic, Digest, NTLM, Negotiate <EM>children</EM> settings.
@ -1194,10 +1207,6 @@ An external_acl_type helper may be used to bypass authentication if that is suit
 <P>
 <DL>
 <DT><B>acl</B><DD>
 <P><EM>urllogin</EM> option not yet ported from 2.6</P>
 <P><EM>urlgroup</EM> option not yet ported from 2.6</P>
 <DT><B>broken_vary_encoding</B><DD>
 <P>Not yet ported from 2.6</P>
--- a/squid-3.2.3.tar.bz2
+++ b/squid-3.2.3.tar.bz2
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:1741c3ef647f5b0960498b7bb3e44af4a4409c321afe2d141c67d2b5c85ed5a1
 size 2891753
--- a/squid-3.2.3.tar.bz2.asc
+++ b/squid-3.2.3.tar.bz2.asc
@ -1,20 +0,0 @@
 File: squid-3.2.3.tar.bz2
 Date: Sat Oct 20 12:59:15 UTC 2012
 Size: 2891753
 MD5 : b26171dfd397defd9ee113d555691b86
 SHA1: 41f6cf385d043ee07ef87582dca166303e71cd17
 Key : 0xFF5CF463 <squid3@treenet.co.nz>
      fingerprint = EA31 CC5E 9488 E516 8D2D  CC5E B268 E706 FF5C F463
      keyring = http://www.squid-cache.org/pgp.asc
      keyserver = subkeys.pgp.net
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 iQEcBAABAgAGBQJQg0I7AAoJELJo5wb/XPRj4qUIAOPXneXCd/Ww9wWMw6q3nNv8
 A8cOH/Cf9pGXjNfAUITpauQiG2PbeTxMlnE3gcGFC9GqCUktx8ksfAfnHhb13YCO
 Bz0OMO6MooxPD1YZWdomYJqZxZdL7yZtUTuhpWYibGhPJL2tlrD93Z2OUeXh+jcb
 vucKnLHLZuuHbuBCz0KOwOl/1EWDfHjlz9xjYtRGUb8uFfyFCrkd9tAbiz3mZ2xe
 SmoqJRiboLrvoVEJscaA5AnmVGXZMLKham3kXqBUA6aXwvgZU9eTOh1FAjMJlVdq
 mCiRx5keHj5N5koI4AKzjBa6plUaoQ5nqHGDjnaU448aC8VVhm+mQ3dDr4XxXkA=
 =dc1e
 -----END PGP SIGNATURE-----
--- a/squid-3.2.5.tar.bz2
+++ b/squid-3.2.5.tar.bz2
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:a823de016ca80680f979f3c74ba481775062b4de5924b21d58d1863254283912
 size 2893104
--- a/squid-3.2.5.tar.bz2.asc
+++ b/squid-3.2.5.tar.bz2.asc
@ -0,0 +1,20 @@
 File: squid-3.2.5.tar.bz2
 Date: Mon Dec 10 10:16:15 UTC 2012
 Size: 2893104
 MD5 : ddb329f92056aa58a56db6a2eeea0c02
 SHA1: 6b945d41a9c0e993b978186b846035a241e79a7e
 Key : 0xFF5CF463 <squid3@treenet.co.nz>
      fingerprint = EA31 CC5E 9488 E516 8D2D  CC5E B268 E706 FF5C F463
      keyring = http://www.squid-cache.org/pgp.asc
      keyserver = subkeys.pgp.net
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 iQEcBAABAgAGBQJQxcSsAAoJELJo5wb/XPRjikEIANGXmlZFreiKJm7GjCf3FIOT
 Relj7MfKAY6smt0RqZVFoOSnNRf59NQbkkHkDlXKOkUWwtbWRb0U0YQo5Zi0BHlf
 yw4xtkw1kbTLR5TCayLvuViBjMajC0Rjca22YnK0CttijG7qQOmTtX0JVYMZZHBl
 WTKv9rckXz9fmeLTCH57TGz1H1ekAzC2gmY/AzYqmlgDvuioZPnhgiQUgfqsnmII
 pxwUXNldZ0eK/WOwKGi+ReyWSgR4P/nlko3K28/yomADWYSH/al1xFmVWxeJPdoq
 ejzYCA1KYg4jYszscLOuUW/2ajnzXpxl3a2R7oilg6hRir22j+QZiGnbU/DItTo=
 =0bG7
 -----END PGP SIGNATURE-----
--- a/squid-glibc217.patch
+++ b/squid-glibc217.patch
@ -1,49 +0,0 @@
 Index: squid-3.2.3/src/icmp/pinger.cc
 ===================================================================
 --- squid-3.2.3.orig/src/icmp/pinger.cc
 +++ squid-3.2.3/src/icmp/pinger.cc
@@ -180,8 +180,18 @@ main(int argc, char *argv[])
     }
     max_fd = max(max_fd, squid_link);
 -    setgid(getgid());
 -    setuid(getuid());
 +    if (setgid(getgid()) < 0) {
 +        debugs(42, 0, "FATAL: pinger: setgid failed.");
 +        icmp4.Close();
 +        icmp6.Close();
 +	exit (1);
 +    }
 +    if (setuid(getuid()) < 0) {
 +        debugs(42, 0, "FATAL: pinger: setuid failed.");
 +        icmp4.Close();
 +        icmp6.Close();
 +        exit (1);
 +    }
     last_check_time = squid_curtime;
 Index: squid-3.2.3/src/tools.cc
 ===================================================================
 --- squid-3.2.3.orig/src/tools.cc
 +++ squid-3.2.3/src/tools.cc
@@ -757,7 +757,8 @@ enter_suid(void)
     debugs(21, 3, "enter_suid: PID " << getpid() << " taking root priveleges");
 #if HAVE_SETRESUID
 -    setresuid((uid_t)-1, 0, (uid_t)-1);
 +    if (setresuid((uid_t)-1, 0, (uid_t)-1) < 0)
 +	debugs (21, 3, "enter_suid: setresuid failed" << xstrerror ());
 #else
     setuid(0);
@@ -782,7 +783,8 @@ no_suid(void)
     uid = geteuid();
     debugs(21, 3, "no_suid: PID " << getpid() << " giving up root priveleges forever");
 -    setuid(0);
 +    if (setuid(0) < 0)
 +	debugs(50, 1, "no_suid: setuid (0): " << xstrerror());
     if (setuid(uid) < 0)
         debugs(50, 1, "no_suid: setuid: " << xstrerror());
--- a/squid.changes
+++ b/squid.changes
@ -1,3 +1,20 @@
 -------------------------------------------------------------------
 Sun Dec 30 14:56:38 UTC 2012 - chris@computersalat.de
 - Changes to squid-3.2.5 (10 Dec 2012):
  - Bug 3698: Add missing include of errno.h
 - Changes to squid-3.2.4 (03 Dec 2012):
  - Ported: urllogin ACL from squid 2.7
  - Bug 3688: Lots of Orphan Comm:Connections to ICAP server
  - Bug 3677: Port un-pinning logic changes from squid 3.3
  - Bug 3405: ssl_crtd crashes failing to remove certificate
  - ... and major bugs fixed in squid 3.1.22
  - Fix accept_filter on Linux
  - Remove 'Bungled' warning on missing component directives
  - ... and many buffer and memory leak issues in the bundled helpers
  - ... and a small amount of code polishing
 - remove obsolete glibc-217 patch
 -------------------------------------------------------------------
 Thu Nov 29 19:10:16 CET 2012 - sbrabec@suse.cz
--- a/squid.spec
+++ b/squid.spec
@ -23,7 +23,7 @@ Name:           squid
 Summary:        Squid Version 3.2 WWW Proxy Server
 License:        GPL-2.0+
 Group:          Productivity/Networking/Web/Proxy
-Version:        3.2.3
+Version:        3.2.5
 Release:        0
 Url:            http://www.squid-cache.org/Versions/v3/3.2
 Source0:        http://www.squid-cache.org/Versions/v3/3.2/%{name}-%{version}.tar.bz2
@ -61,8 +61,6 @@ Patch101:       %{name}-nobuilddates.patch
 ## File is compiled without RPM_OPT_FLAGS
 # squid3 no-rpm-opt-flags <cmdline>:./cf_gen.cc
 Patch102:       %{name}-compiled_without_RPM_OPT_FLAGS.patch
 # Handle setuid/setgid failure
 Patch103:       squid-glibc217.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         %fillup_prereq
 PreReq:         %insserv_prereq
@ -137,8 +135,8 @@ The most important of these new features are:
 * Cache Manager access changes
  First STABLE release Date: 02 Aug 2010
-  Latest Release: 3.2.3
+  Latest Release: 3.2.5
-  Latest Release Date: 20 Oct 2012
+  Latest Release Date: 10 Dec 2012
 %prep
 %gpg_verify %{S:1}
@ -153,7 +151,6 @@ perl -p -i -e 's|/usr/local/bin/perl|/usr/bin/perl|' `find -name "*.pl"`
 chmod a-x CREDITS
 %patch101
 %patch102
 %patch103 -p1
 %build
 export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"