Accepting request 146698 from home:computersalat:devel:proxy

update to 3.2.5

OBS-URL: https://build.opensuse.org/request/show/146698
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=26
This commit is contained in:
Christian Wittmer 2012-12-30 19:35:16 +00:00 committed by Git OBS Bridge
parent 71075c2f96
commit fba5a0ced5
8 changed files with 64 additions and 90 deletions

View File

@ -2,10 +2,10 @@
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.66">
<TITLE>Squid 3.2.3 release notes</TITLE>
<TITLE>Squid 3.2.5 release notes</TITLE>
</HEAD>
<BODY>
<H1>Squid 3.2.3 release notes</H1>
<H1>Squid 3.2.5 release notes</H1>
<H2>Squid Developers</H2>
<HR>
@ -72,7 +72,8 @@ for Applied Network Research and members of the Web Caching community.</EM>
<HR>
<H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
<P>The Squid Team are pleased to announce the release of Squid-3.2.3 for testing.</P>
<P>The Squid Team are pleased to announce the release of Squid-3.2.5 for
testing.</P>
<P>This new release is available for download from
<A HREF="http://www.squid-cache.org/Versions/v3/3.2/">http://www.squid-cache.org/Versions/v3/3.2/</A> or the
<A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html">mirrors</A>.</P>
@ -535,9 +536,10 @@ the use of HTTPS security were desired.</P>
<P>The cache manager is available under the path prefix /squid-internal-mgr/. For example
the URL http://example/com/squid-internal-mgr/menu will bring up the manager menu. This
means there are some configuration changes required to lock down manager access.
The <EM>manager</EM> ACL needs changing to:
The <EM>manager</EM> ACL needs changing. A built-in definition is now used, equivalent
to the following regex pattern:
<PRE>
acl manager url_regex -i ^cache_object:// ^https?://[^/]+/squid-internal-mgr/
^(cache_object://|https?://[^/]+/squid-internal-mgr/)
</PRE>
</P>
@ -547,6 +549,14 @@ This template is not supplied with Squid but intended to be supplied by separate
cache manager applications as their front page embedding all scripts, accessors or
redirects required for their initial GUI display.</P>
<P>MGR_INDEX file
<UL>
<LI>should contain a complete HTML page, with optional client-side scripting.</LI>
<LI>must not contain server-side scripting. </LI>
<LI>will have macro substitution performed on it using the same macros as used by the error page tempates.</LI>
</UL>
</P>
<P>Version 3.2 of the CGI cache manager tool now presents XHR scripted probes to detect
proxies presenting these manager index pagess and provides direct HTTP/HTTPS web links
to those managers.</P>
@ -724,15 +734,18 @@ New installs, or installs with no logs configured explicitly will use this modul
<P>New type <EM>random</EM>. Pseudo-randomly match requests based on a configured probability.</P>
<P>Renamed <EM>myip</EM> to <EM>localip</EM>. It matches the IP which the client connected to.</P>
<P>Renamed <EM>myport</EM> to <EM>localport</EM>. It matches the port which the client connected to.</P>
<P>Ported <EM>urllogin</EM> option from Squid 2.7, to match a regex pattern on the URL login field (if any).</P>
<P>The <EM>localip</EM>/<EM>localport</EM> differ from earlier releases where they matched a mix of
of an invalid IP and port 0, the client destination IP/port or the Squid listening IP/port.
This definition is now consistent across all modes of traffic received by Squid.</P>
<P>The <EM>manager</EM> ACL requires adjustment to cover new cache manager access:
<P>The <EM>manager</EM> ACL requires adjustment to cover new cache manager access. So it has now been
built-in as a predefined ACL name matching URLs equivalent to the following regular expression:
<PRE>
acl manager url_regex -i ^cache_object:// ^https?://[^/]+/squid-internal-mgr/
^(cache_object://|https?://[^/]+/squid-internal-mgr/)
</PRE>
</P>
squid.conf containing the old manager definition can expect to see ACL type collisions.</P>
<DT><B>auth_param</B><DD>
<P>New options for Basic, Digest, NTLM, Negotiate <EM>children</EM> settings.
@ -1194,10 +1207,6 @@ An external_acl_type helper may be used to bypass authentication if that is suit
<P>
<DL>
<DT><B>acl</B><DD>
<P><EM>urllogin</EM> option not yet ported from 2.6</P>
<P><EM>urlgroup</EM> option not yet ported from 2.6</P>
<DT><B>broken_vary_encoding</B><DD>
<P>Not yet ported from 2.6</P>

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1741c3ef647f5b0960498b7bb3e44af4a4409c321afe2d141c67d2b5c85ed5a1
size 2891753

View File

@ -1,20 +0,0 @@
File: squid-3.2.3.tar.bz2
Date: Sat Oct 20 12:59:15 UTC 2012
Size: 2891753
MD5 : b26171dfd397defd9ee113d555691b86
SHA1: 41f6cf385d043ee07ef87582dca166303e71cd17
Key : 0xFF5CF463 <squid3@treenet.co.nz>
fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
keyring = http://www.squid-cache.org/pgp.asc
keyserver = subkeys.pgp.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAABAgAGBQJQg0I7AAoJELJo5wb/XPRj4qUIAOPXneXCd/Ww9wWMw6q3nNv8
A8cOH/Cf9pGXjNfAUITpauQiG2PbeTxMlnE3gcGFC9GqCUktx8ksfAfnHhb13YCO
Bz0OMO6MooxPD1YZWdomYJqZxZdL7yZtUTuhpWYibGhPJL2tlrD93Z2OUeXh+jcb
vucKnLHLZuuHbuBCz0KOwOl/1EWDfHjlz9xjYtRGUb8uFfyFCrkd9tAbiz3mZ2xe
SmoqJRiboLrvoVEJscaA5AnmVGXZMLKham3kXqBUA6aXwvgZU9eTOh1FAjMJlVdq
mCiRx5keHj5N5koI4AKzjBa6plUaoQ5nqHGDjnaU448aC8VVhm+mQ3dDr4XxXkA=
=dc1e
-----END PGP SIGNATURE-----

3
squid-3.2.5.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a823de016ca80680f979f3c74ba481775062b4de5924b21d58d1863254283912
size 2893104

20
squid-3.2.5.tar.bz2.asc Normal file
View File

@ -0,0 +1,20 @@
File: squid-3.2.5.tar.bz2
Date: Mon Dec 10 10:16:15 UTC 2012
Size: 2893104
MD5 : ddb329f92056aa58a56db6a2eeea0c02
SHA1: 6b945d41a9c0e993b978186b846035a241e79a7e
Key : 0xFF5CF463 <squid3@treenet.co.nz>
fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
keyring = http://www.squid-cache.org/pgp.asc
keyserver = subkeys.pgp.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAABAgAGBQJQxcSsAAoJELJo5wb/XPRjikEIANGXmlZFreiKJm7GjCf3FIOT
Relj7MfKAY6smt0RqZVFoOSnNRf59NQbkkHkDlXKOkUWwtbWRb0U0YQo5Zi0BHlf
yw4xtkw1kbTLR5TCayLvuViBjMajC0Rjca22YnK0CttijG7qQOmTtX0JVYMZZHBl
WTKv9rckXz9fmeLTCH57TGz1H1ekAzC2gmY/AzYqmlgDvuioZPnhgiQUgfqsnmII
pxwUXNldZ0eK/WOwKGi+ReyWSgR4P/nlko3K28/yomADWYSH/al1xFmVWxeJPdoq
ejzYCA1KYg4jYszscLOuUW/2ajnzXpxl3a2R7oilg6hRir22j+QZiGnbU/DItTo=
=0bG7
-----END PGP SIGNATURE-----

View File

@ -1,49 +0,0 @@
Index: squid-3.2.3/src/icmp/pinger.cc
===================================================================
--- squid-3.2.3.orig/src/icmp/pinger.cc
+++ squid-3.2.3/src/icmp/pinger.cc
@@ -180,8 +180,18 @@ main(int argc, char *argv[])
}
max_fd = max(max_fd, squid_link);
- setgid(getgid());
- setuid(getuid());
+ if (setgid(getgid()) < 0) {
+ debugs(42, 0, "FATAL: pinger: setgid failed.");
+ icmp4.Close();
+ icmp6.Close();
+ exit (1);
+ }
+ if (setuid(getuid()) < 0) {
+ debugs(42, 0, "FATAL: pinger: setuid failed.");
+ icmp4.Close();
+ icmp6.Close();
+ exit (1);
+ }
last_check_time = squid_curtime;
Index: squid-3.2.3/src/tools.cc
===================================================================
--- squid-3.2.3.orig/src/tools.cc
+++ squid-3.2.3/src/tools.cc
@@ -757,7 +757,8 @@ enter_suid(void)
debugs(21, 3, "enter_suid: PID " << getpid() << " taking root priveleges");
#if HAVE_SETRESUID
- setresuid((uid_t)-1, 0, (uid_t)-1);
+ if (setresuid((uid_t)-1, 0, (uid_t)-1) < 0)
+ debugs (21, 3, "enter_suid: setresuid failed" << xstrerror ());
#else
setuid(0);
@@ -782,7 +783,8 @@ no_suid(void)
uid = geteuid();
debugs(21, 3, "no_suid: PID " << getpid() << " giving up root priveleges forever");
- setuid(0);
+ if (setuid(0) < 0)
+ debugs(50, 1, "no_suid: setuid (0): " << xstrerror());
if (setuid(uid) < 0)
debugs(50, 1, "no_suid: setuid: " << xstrerror());

View File

@ -1,3 +1,20 @@
-------------------------------------------------------------------
Sun Dec 30 14:56:38 UTC 2012 - chris@computersalat.de
- Changes to squid-3.2.5 (10 Dec 2012):
- Bug 3698: Add missing include of errno.h
- Changes to squid-3.2.4 (03 Dec 2012):
- Ported: urllogin ACL from squid 2.7
- Bug 3688: Lots of Orphan Comm:Connections to ICAP server
- Bug 3677: Port un-pinning logic changes from squid 3.3
- Bug 3405: ssl_crtd crashes failing to remove certificate
- ... and major bugs fixed in squid 3.1.22
- Fix accept_filter on Linux
- Remove 'Bungled' warning on missing component directives
- ... and many buffer and memory leak issues in the bundled helpers
- ... and a small amount of code polishing
- remove obsolete glibc-217 patch
-------------------------------------------------------------------
Thu Nov 29 19:10:16 CET 2012 - sbrabec@suse.cz

View File

@ -23,7 +23,7 @@ Name: squid
Summary: Squid Version 3.2 WWW Proxy Server
License: GPL-2.0+
Group: Productivity/Networking/Web/Proxy
Version: 3.2.3
Version: 3.2.5
Release: 0
Url: http://www.squid-cache.org/Versions/v3/3.2
Source0: http://www.squid-cache.org/Versions/v3/3.2/%{name}-%{version}.tar.bz2
@ -61,8 +61,6 @@ Patch101: %{name}-nobuilddates.patch
## File is compiled without RPM_OPT_FLAGS
# squid3 no-rpm-opt-flags <cmdline>:./cf_gen.cc
Patch102: %{name}-compiled_without_RPM_OPT_FLAGS.patch
# Handle setuid/setgid failure
Patch103: squid-glibc217.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: %fillup_prereq
PreReq: %insserv_prereq
@ -137,8 +135,8 @@ The most important of these new features are:
* Cache Manager access changes
First STABLE release Date: 02 Aug 2010
Latest Release: 3.2.3
Latest Release Date: 20 Oct 2012
Latest Release: 3.2.5
Latest Release Date: 10 Dec 2012
%prep
%gpg_verify %{S:1}
@ -153,7 +151,6 @@ perl -p -i -e 's|/usr/local/bin/perl|/usr/bin/perl|' `find -name "*.pl"`
chmod a-x CREDITS
%patch101
%patch102
%patch103 -p1
%build
export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"