Accepting request 204955 from home:posophe:branches:server:proxy

Possibly fix problem you told me

OBS-URL: https://build.opensuse.org/request/show/204955
OBS-URL: https://build.opensuse.org/package/show/server:proxy/cntlm?expand=0&rev=21

cntlm-0.35.1-Makefile.patch

@@ -1,18 +0,0 @@
-diff -ruN cntlm-0.35.1-orig/Makefile cntlm-0.35.1/Makefile
---- cntlm-0.35.1-orig/Makefile	2007-11-21 01:18:24.000000000 +0100
-+++ cntlm-0.35.1/Makefile	2009-05-06 18:09:53.000000000 +0200
-@@ -42,10 +42,10 @@
- 		install -O root -G system -M 644 -f $(MANDIR)/man1 doc/$(NAME).1; \
- 		install -O root -G system -M 600 -c $(SYSCONFDIR) doc/$(NAME).conf; \
- 	else \
--		install -D -o root -g root -m 755 -s $(NAME) $(BINDIR)/$(NAME); \
--		install -D -o root -g root -m 644 doc/$(NAME).1 $(MANDIR)/man1/$(NAME).1; \
-+		install -D -m 755 -s $(NAME) $(BINDIR)/$(NAME); \
-+		install -D -m 644 doc/$(NAME).1 $(MANDIR)/man1/$(NAME).1; \
- 		[ -f $(SYSCONFDIR)/$(NAME).conf -o -z "$(SYSCONFDIR)" ] \
--			|| install -D -o root -g root -m 600 doc/$(NAME).conf $(SYSCONFDIR)/$(NAME).conf; \
-+			|| install -D -m 600 doc/$(NAME).conf $(SYSCONFDIR)/$(NAME).conf; \
- 	fi
- 	@echo; echo "Cntlm will look for configuration in $(SYSCONFDIR)/$(NAME).conf"
- 
-Dateien cntlm-0.35.1-orig/.Makefile.swp und cntlm-0.35.1/.Makefile.swp sind verschieden.

cntlm-0.35.1-config.patch

@@ -1,35 +0,0 @@
-diff -ruN cntlm-0.35.1-orig/doc/cntlm.conf cntlm-0.35.1/doc/cntlm.conf
---- cntlm-0.35.1-orig/doc/cntlm.conf	2007-11-02 02:07:11.000000000 +0100
-+++ cntlm-0.35.1/doc/cntlm.conf	2009-05-06 16:49:22.000000000 +0200
-@@ -7,8 +7,15 @@
- 
- Username	testuser
- Domain		corp-uk
--Password	password		# Use hashes instead (-H)
--#Workstation	netbios_hostname	# Should be auto-guessed
-+Password	password
-+# Use hashes instead call "cntlm -H"
-+#PassLM          1AD35398BE6565DDB5C4EF70C0593492
-+#PassNT          77B9081511704EE852F94227CF48A793
-+### Only for user 'testuser', domain 'corp-uk'
-+#PassNTLMv2      D5826E9C665C37C80B53397D5C07BBCB
-+
-+### Should be auto-guessed
-+#Workstation	netbios_hostname
- 
- Proxy		10.217.112.41:8080
- Proxy		10.217.112.42:8080
-@@ -16,7 +23,12 @@
- #
- # This is the port number where Cntlm will listen
- #
--Listen		3128
-+##################################################
-+# consider to change Listen Parameter in
-+#  /etc/sysconfig/cntlm
-+# as a default 127.0.0.1:3128 is used
-+# but if defined here it takes precedence over sysconfig
-+#Listen		3128
- 
- #
- # If you wish to use the SOCKS5 proxy feature as well, uncomment

cntlm-0.35.1.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3f70729d48250b94e00002035398ebdf3ffb0c58d5b1e0db545210aaf97b251c
-size 64798

cntlm-0.92.3-HTTP-1.1-persistent-connections-with-HTTP-1.0-clients.patch

@@ -0,0 +1,366 @@
+Index: utils.c
+===================================================================
+--- utils.c	(revision 305)
++++ utils.c	(revision 306)
+@@ -508,6 +508,7 @@
+ 	data->body_len = 0;
+ 	data->empty = 1;
+ 	data->port = 0;
++	data->http_version = -1;
+ 	data->headers = NULL;
+ 	data->method = NULL;
+ 	data->url = NULL;
+@@ -535,6 +536,7 @@
+ 	dst->body_len = src->body_len;
+ 	dst->empty = src->empty;
+ 	dst->port = src->port;
++	dst->http_version = src->http_version;
+ 
+ 	if (src->headers)
+ 		dst->headers = hlist_dup(src->headers);
+@@ -584,6 +586,7 @@
+ 	data->body_len = 0;
+ 	data->empty = 1;
+ 	data->port = 0;
++	data->http_version = -1;
+ 
+ 	if (data->headers) hlist_free(data->headers);
+ 	if (data->method) free(data->method);
+@@ -623,6 +626,7 @@
+ 	if (data->http) free(data->http);
+ 	if (data->msg) free(data->msg);
+ 	if (data->body) free(data->body);
++	memset(data, 0, sizeof(struct rr_data_s));
+ 	free(data);
+ }
+ 
+Index: forward.c
+===================================================================
+--- forward.c	(revision 305)
++++ forward.c	(revision 306)
+@@ -188,6 +188,7 @@
+ 
+ 	if (debug) {
+ 		printf("\nSending PROXY auth request...\n");
++		printf("HEAD: %s %s %s\n", auth->method, auth->url, auth->http);
+ 		hlist_dump(auth->headers);
+ 	}
+ 
+@@ -316,7 +317,7 @@
+  * request is NOT freed
+  */
+ rr_data_t forward_request(void *thread_data, rr_data_t request) {
+-	int i, w, loop, plugin, retry = 0;
++	int i, loop, plugin, retry = 0;
+ 	int *rsocket[2], *wsocket[2];
+ 	rr_data_t data[2], rc = NULL;
+ 	hlist_t tl;
+@@ -368,7 +369,7 @@
+ 		sd = proxy_connect(tcreds);
+ 		if (sd <= 0) {
+ 			tmp = gen_502_page(request->http, "Parent proxy unreacheable");
+-			w = write(cd, tmp, strlen(tmp));
++			i = write(cd, tmp, strlen(tmp));
+ 			free(tmp);
+ 			rc = (void *)-1;
+ 			goto bailout;
+@@ -446,7 +447,9 @@
+ 					&& strcasecmp(hostname, data[0]->hostname)) {
+ 				if (debug)
+ 					printf("\n******* F RETURN: %s *******\n", data[0]->url);
+-				if (authok)
++				if (authok && data[0]->http_version >= 11
++						&& (hlist_subcmp(data[0]->headers, "Proxy-Connection", "keep-alive")
++							|| hlist_subcmp(data[0]->headers, "Connection", "keep-alive")))
+ 					proxy_alive = 1;
+ 
+ 				rc = dup_rr_data(data[0]);
+@@ -465,7 +468,7 @@
+ 			/*
+ 			 * Modify request headers.
+ 			 *
+-			 * Try to request keep-alive for every connection. We keep them in a pool
++			 * Try to request keep-alive for every client supporting HTTP/1.1+. We keep them in a pool
+ 			 * for future reuse.
+ 			 */
+ 			if (loop == 0 && data[0]->req) {
+@@ -474,13 +477,14 @@
+ 				 */
+ 				if (http_parse_basic(data[loop]->headers, "Proxy-Authorization", tcreds) > 0) {
+ 					if (debug)
+-						printf("NTLM-to-basic: Credentials parsed: %s\\%s at %s\n", tcreds->domain, tcreds->user, tcreds->workstation);
++						printf("NTLM-to-basic: Credentials parsed: %s\\%s at %s\n",
++								tcreds->domain, tcreds->user, tcreds->workstation);
+ 				} else if (ntlmbasic) {
+ 					if (debug)
+ 						printf("NTLM-to-basic: Returning client auth request.\n");
+ 
+ 					tmp = gen_407_page(data[loop]->http);
+-					w = write(cd, tmp, strlen(tmp));
++					i = write(cd, tmp, strlen(tmp));
+ 					free(tmp);
+ 
+ 					free_rr_data(data[0]);
+@@ -499,13 +503,14 @@
+ 				}
+ 
+ 				/*
+-				 * Also remove runaway P-A from the client (e.g. Basic from N-t-B), which might 
+-				 * cause some ISAs to deny us, even if the connection is already auth'd.
++				 * Force proxy keep-alive if the client can handle it (HTTP >= 1.1)
+ 				 */
+-				data[0]->headers = hlist_mod(data[0]->headers, "Proxy-Connection", "keep-alive", 1);
++				if (data[0]->http_version >= 11)
++					data[0]->headers = hlist_mod(data[0]->headers, "Proxy-Connection", "keep-alive", 1);
+ 
+ 				/*
+-				 * Remove all Proxy-Authorization headers from client
++				 * Also remove runaway P-A from the client (e.g. Basic from N-t-B), which might 
++				 * cause some ISAs to deny us, even if the connection is already auth'd.
+ 				 */
+ 				while (hlist_get(data[loop]->headers, "Proxy-Authorization")) {
+ 					data[loop]->headers = hlist_del(data[loop]->headers, "Proxy-Authorization");
+@@ -623,8 +628,10 @@
+ 			if (plugin & PLUG_SENDHEAD) {
+ 				if (debug) {
+ 					printf("Sending headers (%d)...\n", *wsocket[loop]);
+-					if (loop == 0)
++					if (loop == 0) {
++						printf("HEAD: %s %s %s\n", data[loop]->method, data[loop]->url, data[loop]->http);
+ 						hlist_dump(data[loop]->headers);
++					}
+ 				}
+ 
+ 				/*
+@@ -672,8 +679,14 @@
+ 			 * This way, we also tell our caller that proxy keep-alive is impossible.
+ 			 */
+ 			if (loop == 1) {
+-				proxy_alive = hlist_subcmp(data[loop]->headers, "Proxy-Connection", "keep-alive");
+-				if (!proxy_alive) {
++				proxy_alive = hlist_subcmp(data[1]->headers, "Proxy-Connection", "keep-alive")
++					&& data[0]->http_version >= 11;
++				if (proxy_alive) {
++					data[1]->headers = hlist_mod(data[1]->headers, "Proxy-Connection", "keep-alive", 1);
++					data[1]->headers = hlist_mod(data[1]->headers, "Connection", "keep-alive", 1);
++				} else {
++					data[1]->headers = hlist_mod(data[1]->headers, "Proxy-Connection", "close", 1);
++					data[1]->headers = hlist_mod(data[1]->headers, "Connection", "close", 1);
+ 					if (debug)
+ 						printf("PROXY CLOSING CONNECTION\n");
+ 					rc = (void *)-1;
+Index: utils.h
+===================================================================
+--- utils.h	(revision 305)
++++ utils.h	(revision 306)
+@@ -89,6 +89,7 @@
+ 	int body_len;
+ 	int empty;
+ 	int port;
++	int http_version;
+ 	char *method;
+ 	char *url;
+ 	char *rel_url;
+Index: http.c
+===================================================================
+--- http.c	(revision 305)
++++ http.c	(revision 306)
+@@ -84,7 +84,7 @@
+  */
+ int headers_recv(int fd, rr_data_t data) {
+ 	int i, bsize;
+-	int len;
++	int len, is_http = 0;
+ 	char *buf;
+ 	char *tok, *s3 = 0;
+ 	char *orig = NULL;
+@@ -108,12 +108,22 @@
+ 	orig = strdup(buf);
+ 	len = strlen(buf);
+ 	tok = strtok_r(buf, " ", &s3);
+-	if (tok && (!strncasecmp(buf, "HTTP/", 5) || !strncasecmp(tok, "ICY", 3))) {
++	if (tok && ((is_http = !strncasecmp(tok, "HTTP/", 5)) || !strncasecmp(tok, "ICY", 3))) {
+ 		data->req = 0;
+ 		data->empty = 0;
+ 		data->http = strdup(tok);
+ 		data->msg = NULL;
+ 
++		/*
++		 * Let's find out the numeric version of the HTTP version: 09, 10, 11.
++		 * Set to -1 if header is misformatted.
++		 */
++		if (is_http && (tok = strchr(data->http, '/')) && strlen(tok) >= 4 && isdigit(tok[1]) && isdigit(tok[3])) {
++			data->http_version = (tok[1] - 0x30) * 10 + (tok[3] - 0x30);
++		} else {
++			data->http_version = -1;
++		}
++
+ 		tok = strtok_r(NULL, " ", &s3);
+ 		if (tok) {
+ 			ccode = strdup(tok);
+@@ -156,6 +166,16 @@
+ 			goto bailout;
+ 		}
+ 
++		/*
++		 * Let's find out the numeric version of the HTTP version: 09, 10, 11.
++		 * Set to -1 if header is misformatted.
++		 */
++		if ((tok = strchr(data->http, '/')) && strlen(tok) >= 4 && isdigit(tok[1]) && isdigit(tok[3])) {
++			data->http_version = (tok[1] - 0x30) * 10 + (tok[3] - 0x30);
++		} else {
++			data->http_version = -1;
++		}
++
+ 		if ((tok = strstr(data->url, "://"))) {
+ 			tok += 3;
+ 		} else {
+@@ -367,7 +387,7 @@
+  */
+ int chunked_data_send(int dst, int src) {
+ 	char *buf;
+-	int bsize;
++	int bsize, len;
+ 	int i, w, csize;
+ 
+ 	char *err = NULL;
+@@ -408,11 +428,14 @@
+ 	} while (csize != 0);
+ 
+ 	/* Take care of possible trailer */
++	w = len = i = 0;
+ 	do {
+ 		i = so_recvln(src, &buf, &bsize);
+-		if (dst >= 0 && i > 0)
+-			w = write(dst, buf, strlen(buf));
+-	} while (i > 0 && buf[0] != '\r' && buf[0] != '\n');
++		if (dst >= 0 && i > 0) {
++			len = strlen(buf);
++			w = write(dst, buf, len);
++		}
++	} while (w == len && i > 0 && buf[0] != '\r' && buf[0] != '\n');
+ 
+ 	free(buf);
+ 	return 1;
+Index: direct.c
+===================================================================
+--- direct.c	(revision 305)
++++ direct.c	(revision 306)
+@@ -198,6 +198,8 @@
+ 		syslog(LOG_WARNING, "Connection failed for %s:%d (%s)", request->hostname, request->port, strerror(errno));
+ 		tmp = gen_502_page(request->http, strerror(errno));
+ 		w = write(cd, tmp, strlen(tmp));
++		// We don't really care about the result - shut up GCC warning (unused-but-set-variable)
++		if (!w) w = 1;
+ 		free(tmp);
+ 
+ 		rc = (void *)-1;
+@@ -282,10 +284,21 @@
+ 					data[0]->url = strdup(data[0]->rel_url);
+ 				}
+ 
+-				data[0]->headers = hlist_mod(data[0]->headers, "Connection", "keep-alive", 1);
+-				data[0]->headers = hlist_del(data[0]->headers, "Proxy-Authorization");
++				/*
++				 * Force proxy keep-alive if the client can handle it (HTTP >= 1.1)
++				 */
++				if (data[0]->http_version >= 11)
++					data[0]->headers = hlist_mod(data[0]->headers, "Connection", "keep-alive", 1);
+ 
+ 				/*
++				 * Also remove runaway P-A from the client (e.g. Basic from N-t-B), which might 
++				 * cause some ISAs to deny us, even if the connection is already auth'd.
++				 */
++				while (hlist_get(data[loop]->headers, "Proxy-Authorization")) {
++					data[loop]->headers = hlist_del(data[loop]->headers, "Proxy-Authorization");
++				}
++
++				/*
+ 				 * Try to get auth from client if present
+ 				 */
+ 				if (http_parse_basic(data[0]->headers, "Authorization", tcreds) > 0 && debug)
+@@ -373,18 +386,25 @@
+ 			 */
+ 			if (loop == 1) {
+ 				conn_alive = !hlist_subcmp(data[1]->headers, "Connection", "close")
+-					&& http_has_body(data[0], data[1]) != -1;
++					&& http_has_body(data[0], data[1]) != -1
++					&& data[0]->http_version >= 11;
+ 				if (conn_alive) {
+ 					data[1]->headers = hlist_mod(data[1]->headers, "Proxy-Connection", "keep-alive", 1);
+ 					data[1]->headers = hlist_mod(data[1]->headers, "Connection", "keep-alive", 1);
+ 				} else {
+ 					data[1]->headers = hlist_mod(data[1]->headers, "Proxy-Connection", "close", 1);
++					data[1]->headers = hlist_mod(data[1]->headers, "Connection", "close", 1);
+ 					rc = (void *)-1;
+ 				}
+ 			}
+ 
+-			if (debug)
++			if (debug) {
+ 				printf("Sending headers (%d)...\n", *wsocket[loop]);
++				if (loop == 0) {
++					printf("HEAD: %s %s %s\n", data[loop]->method, data[loop]->url, data[loop]->http);
++					hlist_dump(data[loop]->headers);
++				}
++			}
+ 
+ 			/*
+ 			 * Send headers
+Index: main.c
+===================================================================
+--- main.c	(revision 305)
++++ main.c	(revision 306)
+@@ -462,6 +462,8 @@
+ 		bs[0] = 5;
+ 		bs[1] = 0xFF;
+ 		w = write(cd, bs, 2);
++		// We don't really care about the result - shut up GCC warning (unused-but-set-variable)
++		if (!w) w = 1;
+ 		goto bailout;
+ 	} else {
+ 		bs[0] = 5;
+@@ -1400,6 +1402,8 @@
+ 	 * If we fail, exit with error.
+ 	 */
+ 	if (strlen(cpidfile)) {
++		int len;
++
+ 		umask(0);
+ 		cd = open(cpidfile, O_WRONLY | O_CREAT | O_TRUNC, 0644);
+ 		if (cd < 0) {
+@@ -1409,7 +1413,11 @@
+ 
+ 		tmp = new(50);
+ 		snprintf(tmp, 50, "%d\n", getpid());
+-		w = write(cd, tmp, strlen(tmp));
++		w = write(cd, tmp, (len = strlen(tmp)));
++		if (w != len) {
++			syslog(LOG_ERR, "Error writing to the PID file\n");
++			myexit(1);
++		}
+ 		free(tmp);
+ 		close(cd);
+ 	}
+@@ -1517,6 +1525,8 @@
+ 						inet_ntoa(caddr.sin_addr), ntohs(caddr.sin_port));
+ 					tmp = gen_denied_page(inet_ntoa(caddr.sin_addr));
+ 					w = write(cd, tmp, strlen(tmp));
++					// We don't really care about the result - shut up GCC warning (unused-but-set-variable)
++					if (!w) w = 1;
+ 					free(tmp);
+ 					close(cd);
+ 					continue;
+Index: scanner.c
+===================================================================
+--- scanner.c	(revision 305)
++++ scanner.c	(revision 306)
+@@ -153,6 +153,8 @@
+ 						tmp = new(MINIBUF_SIZE);
+ 						snprintf(tmp, MINIBUF_SIZE, "%s 200 OK\r\n", request->http);
+ 						w = write(cd, tmp, strlen(tmp));
++						// We don't really care about the result - shut up GCC warning (unused-but-set-variable)
++						if (!w) w = 1;
+ 						free(tmp);
+ 					}
+ 

cntlm-0.92.3.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7b603d6200ab0b26034e9e200fab949cc0a8e5fdd4df2c80b8fc5b1c37e7b930
+size 78198

cntlm-override-CFLAGS-CXXFLAGS-makefile.patch

@@ -0,0 +1,35 @@
+--- a/Makefile
++++ b/Makefile
+@@ -15,10 +15,8 @@ MANDIR=$(DESTDIR)/usr/share/man
+ NAME=cntlm
+ CC=gcc
+ VER=`cat VERSION`
+-CFLAGS+=$(FLAGS) -std=c99 -Wall -Wno-unused-but-set-variable -pedantic -O3 -D__BSD_VISIBLE -D_ALL_SOURCE -D_XOPEN_SOURCE=600 -D_POSIX_C_SOURCE=200112 -D_ISOC99_SOURCE -D_REENTRANT -D_BSD_SOURCE -DVERSION=\"`cat VERSION`\"
+-OS=$(shell uname -s)
+-OSLDFLAGS=$(shell [ $(OS) = "SunOS" ] && echo "-lrt -lsocket -lnsl")
+-LDFLAGS:=-lpthread $(OSLDFLAGS)
++override CFLAGS += -std=c99 -pedantic -D__BSD_VISIBLE -D_ALL_SOURCE -D_XOPEN_SOURCE=600 -D_POSIX_C_SOURCE=200112 -D_ISOC99_SOURCE -D_REENTRANT -D_BSD_SOURCE -DVERSION=\"`cat VERSION`\"
++override LDFLAGS += -lpthread
+ 
+ ifeq ($(findstring CYGWIN,$(OS)),)
+ 	OBJS=utils.o ntlm.o xcrypt.o config.o socket.o acl.o auth.o http.o forward.o direct.o scanner.o pages.o main.o
+@@ -45,16 +43,16 @@ main.o: main.c
+ install: $(NAME)
+ 	# Special handling for install(1)
+ 	if [ "`uname -s`" = "AIX" ]; then \
+-		install -M 755 -S -f $(BINDIR) $(NAME); \
++		install -M 755 -f $(BINDIR) $(NAME); \
+ 		install -M 644 -f $(MANDIR)/man1 doc/$(NAME).1; \
+ 		install -M 600 -c $(SYSCONFDIR) doc/$(NAME).conf; \
+ 	elif [ "`uname -s`" = "Darwin" ]; then \
+-		install -d -m 755 -s $(NAME) $(BINDIR)/$(NAME); \
++		install -d -m 755 $(NAME) $(BINDIR)/$(NAME); \
+ 		install -d -m 644 doc/$(NAME).1 $(MANDIR)/man1/$(NAME).1; \
+ 		[ -f $(SYSCONFDIR)/$(NAME).conf -o -z "$(SYSCONFDIR)" ] \
+ 			|| install -d -m 600 doc/$(NAME).conf $(SYSCONFDIR)/$(NAME).conf; \
+ 	else \
+-		install -D -m 755 -s $(NAME) $(BINDIR)/$(NAME); \
++		install -D -m 755 $(NAME) $(BINDIR)/$(NAME); \
+ 		install -D -m 644 doc/$(NAME).1 $(MANDIR)/man1/$(NAME).1; \
+ 		[ -f $(SYSCONFDIR)/$(NAME).conf -o -z "$(SYSCONFDIR)" ] \
+ 			|| install -D -m 600 doc/$(NAME).conf $(SYSCONFDIR)/$(NAME).conf; \

cntlm.changes

@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Sat Oct 26 15:10:39 UTC 2013 - p.drouand@gmail.com
+
+- Update to version 0.92.3
+  + No changelog available
+- Improve systemd support for openSUSE >= 12.3
+- Add some forgotten stuff for sysvinit support
+- Little specfile cleanup
+- Drop obsolete by upstream changes patchs
+  * cntlm-0.35.1-config.patch
+  * cntlm-0.35.1-Makefile.patch
+- Add patchs
+  + cntlm-0.92.3-HTTP-1.1-persistent-connections-with-HTTP-1.0-clients.patch
+    cntlm doesn't handle correctly requests when use HTTP protocol
+
 -------------------------------------------------------------------
 Sat Sep 17 23:17:22 UTC 2011 - jengelh@medozas.de
 

cntlm.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=CNTLM HTTP Accelerator For NTLM Secured Proxies Authenticator
+After=network.target
+
+[Service]
+Type=forking
+EnvironmentFile=-/etc/sysconfig/cntlmd
+ExecStart=/usr/sbin/cntlm -c /etc/cntlm.conf -U cntlm -P /run/cntlm/cntlmd.pid
+
+[Install]
+WantedBy=multi-user.target

cntlm.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package cntlm
 #
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # Copyright (c) 2007 Scorpio IT, Deidesheim, Germany
 #
 # All modifications and additions to the file contributed by third parties
@@ -16,22 +16,33 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
-
-
 Name:           cntlm
 Summary:        Fast NTLM authentication proxy with tunneling
-Version:        0.35.1
+Version:        0.92.3
 Release:        1
-License:        GPLv2+
+License:        GPL-2.0+
 Group:          Productivity/Networking/Web/Proxy
 Url:            http://cntlm.sourceforge.net/
 Source0:        %{name}-%{version}.tar.bz2
 Source1:        %{name}.init
 Source2:        %{name}.sysconfig
-Patch:          %{name}-0.35.1-config.patch
-Patch1:         %{name}-0.35.1-Makefile.patch
+Source3:        %{name}.service
+Source4:        %{name}.tmpfiles
+# PATCH-FIX-UPSTREAM cntlm-override-CFLAGS-CXXFLAGS-makefile.patch --fix empty debuginfo package
+Patch0:          cntlm-override-CFLAGS-CXXFLAGS-makefile.patch
+# PATCH-FIX-UPSTREAM cntlm-0.92.3-HTTP-1.1-persistent-connections-with-HTTP-1.0-clients.patch --cntlm doesn't handle correctly
+# between HTTP-1.0 and HTTP-1.1
+Patch1:          cntlm-0.92.3-HTTP-1.1-persistent-connections-with-HTTP-1.0-clients.patch
+%if %suse_version < 1230
+Requires(pre): %insserv_prereq %fillup_prereq
+%else
+Requires(pre): %fillup_prereq
+BuildRequires: pkgconfig(systemd)
+%{?systemd_requires}
+%endif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-PreReq:         pwdutils grep
+Requires(pre):  pwdutils
+Requires(pre):  grep
 
 %description
 Cntlm is a fast and efficient NTLM proxy, with support for TCP/IP tunneling,
@@ -42,23 +53,26 @@ contains detailed information.
 
 %prep
 %setup -q -n %{name}-%{version}
-%patch -p1
-%patch1 -p1
+%patch0 -p1
+%patch1 -p0
 
 %build
-# custom script
-./configure
-make %{?_smp_mflags} SYSCONFDIR=%{_sysconfdir} \
-  BINDIR=%{_sbindir} \
-  MANDIR=%{_mandir}
+%configure
+make %{?_smp_mflags}
 
 %install
-%makeinstall SYSCONFDIR=%{buildroot}/%{_sysconfdir} \
-  BINDIR=%{buildroot}/%{_sbindir} \
-  MANDIR=%{buildroot}/%{_mandir}
+%makeinstall
+
+%if %suse_version < 1230
 %{__install} -d %{buildroot}/var/run/%{name}
 %{__install} -D -m 755 %{S:1} %{buildroot}/%{_initrddir}/%{name}
 %{__ln_s} -f ../..%{_sysconfdir}/init.d/%{name} %{buildroot}/usr/sbin/rc%{name}
+%else
+# With systemd, use new standard pid directory /run
+%{__install} -d %{buildroot}/run/%{name}
+%{__install} -D -m 755 %{S:3} %{buildroot}/%{_unitdir}/%{name}.service
+%{__install} -D -m 644 %{S:4} %{buildroot}/usr/lib/tmpfiles.d/%{name}.conf
+%endif
 %{__install} -D -m 644 %{S:2} %{buildroot}/var/adm/fillup-templates/sysconfig.%{name}
 
 %pre
@@ -72,7 +86,11 @@ fi
 
 %preun
 # on `rpm -e` PARAM is 0
+%if %suse_version < 1230
 %stop_on_removal cntlm
+%else
+%service_del_preun %{name}.service
+%endif
 #if [ "$1" -eq 0 ]; then
 #  %{_sbindir}/userdel %{name} 2>/dev/null
 #fi
@@ -80,21 +98,36 @@ fi
 %post
 # on `rpm -ivh` PARAM is 1
 # on `rpm -Uvh` PARAM is 2
+%if %suse_version < 1230
 %{fillup_and_insserv cntlm}
+%else
+%{fillup_only}
+%service_add_post %{name}.service
+%endif
 
 %postun
 # on `rpm -e` PARAM is 0
+%if %suse_version < 1230
 %restart_on_update cntlm
 %{insserv_cleanup}
+%else
+%service_del_postun %{name}.service
+%endif
 
 %files
 %defattr(-,root,root,-)
 %doc COPYRIGHT LICENSE README VERSION
 %config(noreplace) %{_sysconfdir}/%{name}.conf
+%if %suse_version < 1230
 %config(noreplace) %{_initrddir}/%{name}
+%ghost %dir %attr(755,%{name},root) /var/run/%{name}
+%else
+%config(noreplace) %{_unitdir}/%{name}.service
+%{_libexecdir}/tmpfiles.d/%{name}.conf
+%ghost %dir %attr(755,%{name},root) /run/%{name}
+%endif
 %{_sbindir}/*
 %{_mandir}/man1/%{name}.1*
-%ghost %dir %attr(755,%{name},root) /var/run/%{name}
 /var/adm/fillup-templates/sysconfig.%{name}
 
 %changelog

cntlm.tmpfiles

@@ -0,0 +1 @@
+d /run/cntlm 0755 cntlm cntlm