Accepting request 146698 from home:computersalat:devel:proxy
update to 3.2.5 OBS-URL: https://build.opensuse.org/request/show/146698 OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=26
This commit is contained in:
parent
71075c2f96
commit
fba5a0ced5
@ -2,10 +2,10 @@
|
||||
<HTML>
|
||||
<HEAD>
|
||||
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.66">
|
||||
<TITLE>Squid 3.2.3 release notes</TITLE>
|
||||
<TITLE>Squid 3.2.5 release notes</TITLE>
|
||||
</HEAD>
|
||||
<BODY>
|
||||
<H1>Squid 3.2.3 release notes</H1>
|
||||
<H1>Squid 3.2.5 release notes</H1>
|
||||
|
||||
<H2>Squid Developers</H2>
|
||||
<HR>
|
||||
@ -72,7 +72,8 @@ for Applied Network Research and members of the Web Caching community.</EM>
|
||||
<HR>
|
||||
<H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
|
||||
|
||||
<P>The Squid Team are pleased to announce the release of Squid-3.2.3 for testing.</P>
|
||||
<P>The Squid Team are pleased to announce the release of Squid-3.2.5 for
|
||||
testing.</P>
|
||||
<P>This new release is available for download from
|
||||
<A HREF="http://www.squid-cache.org/Versions/v3/3.2/">http://www.squid-cache.org/Versions/v3/3.2/</A> or the
|
||||
<A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html">mirrors</A>.</P>
|
||||
@ -535,9 +536,10 @@ the use of HTTPS security were desired.</P>
|
||||
<P>The cache manager is available under the path prefix /squid-internal-mgr/. For example
|
||||
the URL http://example/com/squid-internal-mgr/menu will bring up the manager menu. This
|
||||
means there are some configuration changes required to lock down manager access.
|
||||
The <EM>manager</EM> ACL needs changing to:
|
||||
The <EM>manager</EM> ACL needs changing. A built-in definition is now used, equivalent
|
||||
to the following regex pattern:
|
||||
<PRE>
|
||||
acl manager url_regex -i ^cache_object:// ^https?://[^/]+/squid-internal-mgr/
|
||||
^(cache_object://|https?://[^/]+/squid-internal-mgr/)
|
||||
</PRE>
|
||||
</P>
|
||||
|
||||
@ -547,6 +549,14 @@ This template is not supplied with Squid but intended to be supplied by separate
|
||||
cache manager applications as their front page embedding all scripts, accessors or
|
||||
redirects required for their initial GUI display.</P>
|
||||
|
||||
<P>MGR_INDEX file
|
||||
<UL>
|
||||
<LI>should contain a complete HTML page, with optional client-side scripting.</LI>
|
||||
<LI>must not contain server-side scripting. </LI>
|
||||
<LI>will have macro substitution performed on it using the same macros as used by the error page tempates.</LI>
|
||||
</UL>
|
||||
</P>
|
||||
|
||||
<P>Version 3.2 of the CGI cache manager tool now presents XHR scripted probes to detect
|
||||
proxies presenting these manager index pagess and provides direct HTTP/HTTPS web links
|
||||
to those managers.</P>
|
||||
@ -724,15 +734,18 @@ New installs, or installs with no logs configured explicitly will use this modul
|
||||
<P>New type <EM>random</EM>. Pseudo-randomly match requests based on a configured probability.</P>
|
||||
<P>Renamed <EM>myip</EM> to <EM>localip</EM>. It matches the IP which the client connected to.</P>
|
||||
<P>Renamed <EM>myport</EM> to <EM>localport</EM>. It matches the port which the client connected to.</P>
|
||||
<P>Ported <EM>urllogin</EM> option from Squid 2.7, to match a regex pattern on the URL login field (if any).</P>
|
||||
<P>The <EM>localip</EM>/<EM>localport</EM> differ from earlier releases where they matched a mix of
|
||||
of an invalid IP and port 0, the client destination IP/port or the Squid listening IP/port.
|
||||
This definition is now consistent across all modes of traffic received by Squid.</P>
|
||||
<P>The <EM>manager</EM> ACL requires adjustment to cover new cache manager access:
|
||||
<P>The <EM>manager</EM> ACL requires adjustment to cover new cache manager access. So it has now been
|
||||
built-in as a predefined ACL name matching URLs equivalent to the following regular expression:
|
||||
<PRE>
|
||||
acl manager url_regex -i ^cache_object:// ^https?://[^/]+/squid-internal-mgr/
|
||||
^(cache_object://|https?://[^/]+/squid-internal-mgr/)
|
||||
|
||||
</PRE>
|
||||
</P>
|
||||
|
||||
squid.conf containing the old manager definition can expect to see ACL type collisions.</P>
|
||||
|
||||
<DT><B>auth_param</B><DD>
|
||||
<P>New options for Basic, Digest, NTLM, Negotiate <EM>children</EM> settings.
|
||||
@ -1194,10 +1207,6 @@ An external_acl_type helper may be used to bypass authentication if that is suit
|
||||
|
||||
<P>
|
||||
<DL>
|
||||
<DT><B>acl</B><DD>
|
||||
<P><EM>urllogin</EM> option not yet ported from 2.6</P>
|
||||
<P><EM>urlgroup</EM> option not yet ported from 2.6</P>
|
||||
|
||||
<DT><B>broken_vary_encoding</B><DD>
|
||||
<P>Not yet ported from 2.6</P>
|
||||
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:1741c3ef647f5b0960498b7bb3e44af4a4409c321afe2d141c67d2b5c85ed5a1
|
||||
size 2891753
|
@ -1,20 +0,0 @@
|
||||
File: squid-3.2.3.tar.bz2
|
||||
Date: Sat Oct 20 12:59:15 UTC 2012
|
||||
Size: 2891753
|
||||
MD5 : b26171dfd397defd9ee113d555691b86
|
||||
SHA1: 41f6cf385d043ee07ef87582dca166303e71cd17
|
||||
Key : 0xFF5CF463 <squid3@treenet.co.nz>
|
||||
fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
|
||||
keyring = http://www.squid-cache.org/pgp.asc
|
||||
keyserver = subkeys.pgp.net
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1.4.12 (GNU/Linux)
|
||||
|
||||
iQEcBAABAgAGBQJQg0I7AAoJELJo5wb/XPRj4qUIAOPXneXCd/Ww9wWMw6q3nNv8
|
||||
A8cOH/Cf9pGXjNfAUITpauQiG2PbeTxMlnE3gcGFC9GqCUktx8ksfAfnHhb13YCO
|
||||
Bz0OMO6MooxPD1YZWdomYJqZxZdL7yZtUTuhpWYibGhPJL2tlrD93Z2OUeXh+jcb
|
||||
vucKnLHLZuuHbuBCz0KOwOl/1EWDfHjlz9xjYtRGUb8uFfyFCrkd9tAbiz3mZ2xe
|
||||
SmoqJRiboLrvoVEJscaA5AnmVGXZMLKham3kXqBUA6aXwvgZU9eTOh1FAjMJlVdq
|
||||
mCiRx5keHj5N5koI4AKzjBa6plUaoQ5nqHGDjnaU448aC8VVhm+mQ3dDr4XxXkA=
|
||||
=dc1e
|
||||
-----END PGP SIGNATURE-----
|
3
squid-3.2.5.tar.bz2
Normal file
3
squid-3.2.5.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:a823de016ca80680f979f3c74ba481775062b4de5924b21d58d1863254283912
|
||||
size 2893104
|
20
squid-3.2.5.tar.bz2.asc
Normal file
20
squid-3.2.5.tar.bz2.asc
Normal file
@ -0,0 +1,20 @@
|
||||
File: squid-3.2.5.tar.bz2
|
||||
Date: Mon Dec 10 10:16:15 UTC 2012
|
||||
Size: 2893104
|
||||
MD5 : ddb329f92056aa58a56db6a2eeea0c02
|
||||
SHA1: 6b945d41a9c0e993b978186b846035a241e79a7e
|
||||
Key : 0xFF5CF463 <squid3@treenet.co.nz>
|
||||
fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
|
||||
keyring = http://www.squid-cache.org/pgp.asc
|
||||
keyserver = subkeys.pgp.net
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1.4.12 (GNU/Linux)
|
||||
|
||||
iQEcBAABAgAGBQJQxcSsAAoJELJo5wb/XPRjikEIANGXmlZFreiKJm7GjCf3FIOT
|
||||
Relj7MfKAY6smt0RqZVFoOSnNRf59NQbkkHkDlXKOkUWwtbWRb0U0YQo5Zi0BHlf
|
||||
yw4xtkw1kbTLR5TCayLvuViBjMajC0Rjca22YnK0CttijG7qQOmTtX0JVYMZZHBl
|
||||
WTKv9rckXz9fmeLTCH57TGz1H1ekAzC2gmY/AzYqmlgDvuioZPnhgiQUgfqsnmII
|
||||
pxwUXNldZ0eK/WOwKGi+ReyWSgR4P/nlko3K28/yomADWYSH/al1xFmVWxeJPdoq
|
||||
ejzYCA1KYg4jYszscLOuUW/2ajnzXpxl3a2R7oilg6hRir22j+QZiGnbU/DItTo=
|
||||
=0bG7
|
||||
-----END PGP SIGNATURE-----
|
@ -1,49 +0,0 @@
|
||||
Index: squid-3.2.3/src/icmp/pinger.cc
|
||||
===================================================================
|
||||
--- squid-3.2.3.orig/src/icmp/pinger.cc
|
||||
+++ squid-3.2.3/src/icmp/pinger.cc
|
||||
@@ -180,8 +180,18 @@ main(int argc, char *argv[])
|
||||
}
|
||||
max_fd = max(max_fd, squid_link);
|
||||
|
||||
- setgid(getgid());
|
||||
- setuid(getuid());
|
||||
+ if (setgid(getgid()) < 0) {
|
||||
+ debugs(42, 0, "FATAL: pinger: setgid failed.");
|
||||
+ icmp4.Close();
|
||||
+ icmp6.Close();
|
||||
+ exit (1);
|
||||
+ }
|
||||
+ if (setuid(getuid()) < 0) {
|
||||
+ debugs(42, 0, "FATAL: pinger: setuid failed.");
|
||||
+ icmp4.Close();
|
||||
+ icmp6.Close();
|
||||
+ exit (1);
|
||||
+ }
|
||||
|
||||
last_check_time = squid_curtime;
|
||||
|
||||
Index: squid-3.2.3/src/tools.cc
|
||||
===================================================================
|
||||
--- squid-3.2.3.orig/src/tools.cc
|
||||
+++ squid-3.2.3/src/tools.cc
|
||||
@@ -757,7 +757,8 @@ enter_suid(void)
|
||||
debugs(21, 3, "enter_suid: PID " << getpid() << " taking root priveleges");
|
||||
#if HAVE_SETRESUID
|
||||
|
||||
- setresuid((uid_t)-1, 0, (uid_t)-1);
|
||||
+ if (setresuid((uid_t)-1, 0, (uid_t)-1) < 0)
|
||||
+ debugs (21, 3, "enter_suid: setresuid failed" << xstrerror ());
|
||||
#else
|
||||
|
||||
setuid(0);
|
||||
@@ -782,7 +783,8 @@ no_suid(void)
|
||||
uid = geteuid();
|
||||
debugs(21, 3, "no_suid: PID " << getpid() << " giving up root priveleges forever");
|
||||
|
||||
- setuid(0);
|
||||
+ if (setuid(0) < 0)
|
||||
+ debugs(50, 1, "no_suid: setuid (0): " << xstrerror());
|
||||
|
||||
if (setuid(uid) < 0)
|
||||
debugs(50, 1, "no_suid: setuid: " << xstrerror());
|
@ -1,3 +1,20 @@
|
||||
-------------------------------------------------------------------
|
||||
Sun Dec 30 14:56:38 UTC 2012 - chris@computersalat.de
|
||||
|
||||
- Changes to squid-3.2.5 (10 Dec 2012):
|
||||
- Bug 3698: Add missing include of errno.h
|
||||
- Changes to squid-3.2.4 (03 Dec 2012):
|
||||
- Ported: urllogin ACL from squid 2.7
|
||||
- Bug 3688: Lots of Orphan Comm:Connections to ICAP server
|
||||
- Bug 3677: Port un-pinning logic changes from squid 3.3
|
||||
- Bug 3405: ssl_crtd crashes failing to remove certificate
|
||||
- ... and major bugs fixed in squid 3.1.22
|
||||
- Fix accept_filter on Linux
|
||||
- Remove 'Bungled' warning on missing component directives
|
||||
- ... and many buffer and memory leak issues in the bundled helpers
|
||||
- ... and a small amount of code polishing
|
||||
- remove obsolete glibc-217 patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 29 19:10:16 CET 2012 - sbrabec@suse.cz
|
||||
|
||||
|
@ -23,7 +23,7 @@ Name: squid
|
||||
Summary: Squid Version 3.2 WWW Proxy Server
|
||||
License: GPL-2.0+
|
||||
Group: Productivity/Networking/Web/Proxy
|
||||
Version: 3.2.3
|
||||
Version: 3.2.5
|
||||
Release: 0
|
||||
Url: http://www.squid-cache.org/Versions/v3/3.2
|
||||
Source0: http://www.squid-cache.org/Versions/v3/3.2/%{name}-%{version}.tar.bz2
|
||||
@ -61,8 +61,6 @@ Patch101: %{name}-nobuilddates.patch
|
||||
## File is compiled without RPM_OPT_FLAGS
|
||||
# squid3 no-rpm-opt-flags <cmdline>:./cf_gen.cc
|
||||
Patch102: %{name}-compiled_without_RPM_OPT_FLAGS.patch
|
||||
# Handle setuid/setgid failure
|
||||
Patch103: squid-glibc217.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
PreReq: %fillup_prereq
|
||||
PreReq: %insserv_prereq
|
||||
@ -137,8 +135,8 @@ The most important of these new features are:
|
||||
* Cache Manager access changes
|
||||
|
||||
First STABLE release Date: 02 Aug 2010
|
||||
Latest Release: 3.2.3
|
||||
Latest Release Date: 20 Oct 2012
|
||||
Latest Release: 3.2.5
|
||||
Latest Release Date: 10 Dec 2012
|
||||
|
||||
%prep
|
||||
%gpg_verify %{S:1}
|
||||
@ -153,7 +151,6 @@ perl -p -i -e 's|/usr/local/bin/perl|/usr/bin/perl|' `find -name "*.pl"`
|
||||
chmod a-x CREDITS
|
||||
%patch101
|
||||
%patch102
|
||||
%patch103 -p1
|
||||
|
||||
%build
|
||||
export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
|
||||
|
Loading…
Reference in New Issue
Block a user