- Update Squid to 4.0.23
* fixes DoS caused by incorrect pointer handling when processing
ESI responses. This affects the default custom esi_parser
(libxml2 and expat esi_parsers are unaffected)
(bnc#1077003)
* fixes DoS caused by incorrect pointer handing whien processing
ESI responses or downloading intermediate CA certificates
(bnc#1077006)
* fixes "User names not sent to url_rewrite_program"
* fixes %<Hs, %<pt, %<tt, %<bs calculation bugs for error responses
OBS-URL: https://build.opensuse.org/request/show/568548
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=145
* systemd-service-without-service_add_pre
moved service_add_pre to %pre
* non-etc-or-var-file-marked-as-conffile
moved mib.txt to /usr/share/snmp/mibs/SQUID-MIB.txt
idea taken from Fedora package
* macro-in-comment
removed comment
Other issues are:
- permissions-dir-without-slash
=> opened security audit bug: bsc#950557
- missing-call-to-setgroups-before-setuid
* should be an upstream bug
- binary-or-shlib-calls-gethostbyname
* should be an upstream bug
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=92
* Regression Fix cache_peer login=PASS(THRU) after CVE-2015-5400
* Regression Bug 4326: base64 binary encoder rejects data beginning with nil byte
* Bug 4323: Netfilter broken cross-includes with Linux 4.2
* Bug 4328: %un format code does not work for external ACLs in credentials-fetching rules
* Bug 4208: more than one port in wccp2_service_info line causes error
* Bug 4304: PeerConnector.cc:743 "!callback" assertion.
* Bug 4330: Do not use SSL_METHOD::put_cipher_by_char to determine size of SSL hello ciphers
* Relicense ntlm_fake_auth.pl to GPLv2+
* Relicense smb_lm auth helper to GPLv2+
* Relicense SSPI helper to GPLv2+
* ... and several minor performance optimizations
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=90
* Regression Bug 4306: build portability fix in Kerberos helpers
* Bug 4302: IPFilter v5 transparent interception
* Bug 4301: compile errors with IPFilter interception
* Bug 4285 partial: %us is not supported in access.log
* Bug 4278: Docs: typo in the refresh_pattern freshness algorithm
* Bug 4242: compile errors with eCAP using clang-3.6
* Bug 3696: crash when client delay pools are activated
* Bug 3553: cache_swap_high ignored and maxCapacity used instead
* Regression Fix: FtpServer.cc:1024: "reply != NULL" assertion
* Fix ignore of impossible SSL bumping actions, as intended and documented
* Fix memory leak in Surrogate-Capability header detection
* Fix truncated body length when RESPMOD service aborts
* Reject non-chunked HTTP messages with conflicting Content-Length values
* Support splice for SSLv3 and TLSv1 sessions that start with an SSLv2 Hello
* ... and several portability and compile fixes
* ... and several documentation updates
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=86
- Cleanup with spec-cleaner
- Version bump to 3.4.10:
* Fix bootstrap.sh dependency on SPONSORS.list
* HTTP/2: Support 421 (Misdirected Request) status code
* Alternate-Protocol is a hop-by-hop header
* Bug #4148: external_acl_type header format does not accept the new libformat syntax
* Bug #4033: Rebuild corrupted ssl_db/size file
* Bug #3902: Docs: external_acl_type cache hash key
* Bug #4145: squid_endian.h compile errors with OpenBSD 5.6
* Fix segmentation fault in ACLUrlPathStrategy::match
- Remove support for other distros as we build for opensuse anyway
- remove permissions.easy and permissions.paranoid files from package
as they are not used any more
OBS-URL: https://build.opensuse.org/request/show/280563
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=64
Use URLs to paths that the source validator actually understands
and make this acceptable for Tumbleweed.
The source validatory uses
perl -I/usr/lib/build -MBuild -e Build::show /usr/lib/build/configs/sl13.2.conf squid.spec sources
to find the sources; and this seems to not like the %() parts to expand.
Would be nice to have this fixed in Tumbleweed - after failing for 19 days
OBS-URL: https://build.opensuse.org/request/show/264508
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=62
- Changes for squid 3.2.11 release (29 April 2013)
- Fix enter_suid/leave_suid build errors in ip/Intercept.cc
- GNU Hurd: define MAP_NORESERVE as no-op when missing
- Bug #3833: Option '-k' is not present in squidclient man page
- Bug #3817: Memory leak in SSL cert validate for alt_name peer certs
- Bug #3822: Locate LDAP and SASL headers in /usr/local/include for BSD support
- Bug #3825: basic_ncsa_auth segfaulting with glibc-2.17
- Bug #3774: -k reconfigure drops rock
- Bug #3565: Resuming postponed accept kills Squid
- HTTP/1.1: partial support for no-cache and private controls with parameters
- ssl_crtd: helpers dying during startup on ARM
- Updated copyright for icons/SN.png
- Revert r11810 - tools.h does not exist in 3.2
OBS-URL: https://build.opensuse.org/request/show/173973
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=37
Rework the systemd squid.service to make it able to intialize cache directory (squid -z) fixing bnc#802635
Removing the unneeded bash wrapper
Upgrade to bugfixes upstream release 3.2.9
- New revision for squid.service (using only sed)
handle multiple cache_dir line
Added sed as require
- Packaging : fixed systemd squid.service
- Rework on squid.service ExecStartPre line
remove dependency on unfunctionnal wrapper
- Fix bnc#802635 (creating cache struture fail on first call)
- Fixed Type=forking and remove the use off -N (non daemon flag)
- Fixed missing pid file
- Structural : add all -k to end of Exec/Stop line
- Ulimit : Added LimitNOFile=4096 ( same value as in /etc/sysconfig)
but there's no way to decode dynamically /etc/sysconfig
- Remove syslog.target ( no need anymore : advise from fcrozat )
- Clean up squid_cache_build.sh
- Changes to squid-3.2.9 (12 Mar 2013):
- Regression fix: Accept-Language header parse
- Bug 3673: Silence 'Failed to select source' messages
- Fix authentication headers sent on peer digest requests
- Fix build error on Solaris, OpenIndiana, Omnios
- Changes to squid-3.2.8 (02 Mar 2013):
- Bug 3767: tcp_outgoing_tos/mark ACLs do not obey acl_uses_indirect_client
- Bug 3763: diskd Error: no filename in shm buffer
- Bug 3752: objects that cannot be cached in memory are not cached on disk
- Bug 3753: Removes the domain from the cache_peer server pconn key
- Bug 3749: IDENT lookup using wrong ports to identify the user
- Bug 3723: tcp_outgoing_tos/mark broken for CONNECT requests
- Bug 3686: cache_dir max-size default fails
- Bug 3515: crash in FtpStateData::ftpTimeout
- Bug 3329: Quieten orphan Comm::Connection messages
- Make squid -z for cache_dir rock preserve the rock DB
OBS-URL: https://build.opensuse.org/request/show/159652
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=34
Verify GPG signature: Perform build-time offline GPG verification.
Please verify that included keyring matches your needs.
For manipulation with the offline keyring, please use gpg-offline tool from openSUSE:Factory, devel-tools-building or Base:System.
See the man page and/or /usr/share/doc/packages/gpg-offline/PACKAGING.HOWTO.
If you need to build your package for older products and don't want to mess spec file with ifs, please follow PACKAGING.HOWTO:
you can link or aggregate gpg-offline from
devel:tools:building or use following trick with "osc meta prjconf":
--- Cut here ----
%if 0%{?suse_version} <= 1220
Substitute: gpg-offline
%endif
Macros:
%gpg_verify(dnf) \
%if 0%{?suse_version} > 1220\
echo "WARNING: Using %%gpg_verify macro from prjconf, not from gpg-offline package."\
gpg-offline --directory="%{-d:%{-d*}}%{!-d:%{_sourcedir}}" --package="%{-n:%{-n*}}%{!-n:%{name}}""%{-f: %{-f*}}" --verify %{**}\
%else\
echo "WARNING: Dummy prjconf macro. gpg-offline is not available, skipping %{**} GPG signature verification!"\
%endif\
%nil
-----------------
OBS-URL: https://build.opensuse.org/request/show/143935
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=25