Accepting request 434591 from server:proxy

1 OBS-URL: https://build.opensuse.org/request/show/434591 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=41
2016-10-13 09:32:42 +00:00 · 2016-10-13 09:32:42 +00:00 · 239904fb8a
commit 239904fb8a
parent 44f1a29e41 a6013d0b81
7 changed files with 98 additions and 28 deletions
--- a/squid-3.5.20.tar.xz
+++ b/squid-3.5.20.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:37db73bd33ddd3503fe375bc3f2b47d9fb7309042e439ad3651f21d5dcf2d395
-size 2319780
--- a/squid-3.5.20.tar.xz.asc
+++ b/squid-3.5.20.tar.xz.asc
@ -1,20 +0,0 @@
-File: squid-3.5.20.tar.xz
-Date: Fri Jul  1 13:49:42 UTC 2016
-Size: 2319780
-MD5 : 48fb18679a30606de98882528beab3a7
-SHA1: 2bb6d3568e7167c9b99fea092a97287d0e430863
-Key : 0xFF5CF463 <squid3@treenet.co.nz>
-      fingerprint = EA31 CC5E 9488 E516 8D2D  CC5E B268 E706 FF5C F463
-      keyring = http://www.squid-cache.org/pgp.asc
-      keyserver = subkeys.pgp.net
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQEcBAABAgAGBQJXdnW5AAoJELJo5wb/XPRjqzsH+wXT0yt47aqoGWI8D1YpRaW5
-KPYvJdos0zPfgIPFWXxngH+ZpJcSPD21QuiEPS8BqISxm+/+By+0QIljITnHWFOV
-/wo1nwL/IMissmD+9bksyBede+BsZdz1PSwl9V1MzvuGL4vwOC0UZD9RT9RYvMwj
-Exfw80v/01bAVpV8U3tsBodk4Rz3AWIHhH2Tf9O2EZ/pIAtEHtDbkdLk81rSwNED
-tL6yV/n+BoWgAPg/+YPVGRK/h5nD4tBkTD6YBCnxp5PJmybhvAjLr/J96PtPpHdC
-or7Vx1lVpKvkXwZjn936+v4pqv19lsvKs5zLtGKBG2wMmoSIo2bf/bGhhT5kBDc=
-=znHp
-----END PGP SIGNATURE-----
--- a/squid-3.5.22.tar.xz
+++ b/squid-3.5.22.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1ce95b469257abeb2ed8a1c0417812301c1ef5a4cc40ca504167daa470ad9358
+size 2324164
--- a/squid-3.5.22.tar.xz.asc
+++ b/squid-3.5.22.tar.xz.asc
@ -0,0 +1,19 @@
+File: squid-3.5.22.tar.xz
+Date: Sun Oct  9 23:43:33 UTC 2016
+Size: 2324164
+MD5 : afb82d2748c06c95815c171463b4aa14
+SHA1: 73e9199dd9d2a7f107f78d03454830713a4a571d
+Key : 0xFF5CF463 <squid3@treenet.co.nz>
+      
+      keyring = http://www.squid-cache.org/pgp.asc
+      keyserver = subkeys.pgp.net
+-----BEGIN PGP SIGNATURE-----
+
+iQEcBAABCAAGBQJX+tbSAAoJELJo5wb/XPRjl2gH/ReWuyxU88issJB6RDkqpg1z
+ULCFIGXOZieUB1Ec+kh6gkothXfFSmec4U/3nx42N2e1cFlQby9lRY27e7T47na7
+rA8ZiXc8gXNrE06GCtFXIR9AvRQrySAJMES6wJT4LigkfbS3wZt3PvUw+RUgGCcz
+RC14yLwFgzaAR7d9RVgZWBIOXlz4NUvdlb/ri+kiHc2mfT09ikm9NX+t5wJ64MfI
+S/U2tFJLDeqG0B4Sx/lnl35h7f2mk+c9DPfmTDkZSE1dJScE34GtEpehJQwZcxA9
+EHgPwIP4BFIReywnCwhDMY17JDkC58gXyOBNjSd6v0PzyvXbSQLAYYJu1MKzKi8=
+=JCC/
+-----END PGP SIGNATURE-----
--- a/squid-brokenad.patch
+++ b/squid-brokenad.patch
@ -18,7 +18,7 @@ Index: helpers/external_acl/kerberos_ldap_group/support_krb5.cc
 -                debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
 -                found = 1;
 +		if (margs->brokenad == 1) {
-+                    if (!strncmp(principal_name,"HTTP/",strlen("HTTP/"))==0){
+                    if (strncmp(principal_name,"HTTP/",strlen("HTTP/")) != 0){
 +                        debug((char *) "%s| %s: DEBUG: Found principal without 'HTTP/' service name: %s NOT USING IT\n", LogTime(), PROGRAM, principal_name);
 +                    } else {
 +                        debug((char *) "%s| %s: DEBUG: Found principal with 'HTTP/' service name: %s\n", LogTime(), PROGRAM, principal_name);
@ -66,7 +66,7 @@ Index: helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc
             fprintf(stderr, "-l ldap url\n");
             fprintf(stderr, "-b ldap bind path\n");
             fprintf(stderr, "-s use SSL encryption with Kerberos authentication\n");
-+            fprintf(stderr, "-x force use of HTTP/ principal on ms ad 2008\n");
+            fprintf(stderr, "-x force use of HTTP/ principal on MS AD 2008\n");
             fprintf(stderr, "-a allow SSL without cert verification\n");
             fprintf(stderr, "-m maximal depth for recursive searches\n");
             fprintf(stderr, "-h help\n");
--- a/squid.changes
+++ b/squid.changes
@ -1,3 +1,70 @@
+-------------------------------------------------------------------
+Wed Oct 12 14:51:59 UTC 2016 - adam.majer@suse.de
+
+- Update Squid to 3.5.22
+  * HTTP: MUST ignore a [revalidation] response with an older Date
+    header.
+  * Optimized/simplified buffering: Appending nothing is always
+    possible.
+  * Avoid segfaults when debugging section 4 at level 9.
+  * fix #4302 pt2: IPFilter v5 transparent interception
+  * Bug #4471: revalidation doesn't work when expired cached
+    object lacks Last-Modified.
+  * Bug #2833: Collapse internal revalidation requests
+    (SMP-unaware caches)
+  * Bug #3819: "fd >= 0" assertion in file_write() during
+    reconfiguration
+  * Do not leak url_rewrite_extras and store_id_extras on
+    reconfigure/shutdown.
+  * Fix potential ICAP null pointer dereference after rev.14082
+  * Fix logged request size (%http::>st) and other size-related
+    %codes.
+
+-------------------------------------------------------------------
+Tue Sep 13 15:32:34 UTC 2016 - adam.majer@suse.de
+
+- Merge changes from SLE12 SP2 so we have identical packages
+
+-------------------------------------------------------------------
+Mon Sep 12 09:57:30 UTC 2016 - adam.majer@suse.de
+
+- Update Squid to 3.5.21
+  * fix assertion failure in xcalloc when using many cache_dir
+    Squid is documented as supporting up to 64 cache directories,
+    but would crash with a memory allocation error if more than
+    a few were actually configured.
+  * fix authentication credentials IP TTL updated incorrectly
+    This bug caused error in max_user_ip ACL accounting to allow
+    clients to shift IP address more times than configured.
+    Fix may have an effect on IPv6 clients using "proviacy adressing"
+    to rotate IPs.
+  * fix mal-formed Cache-Control:stale-if-error header
+    This bug shows up as incorrect stale-if-error values being
+    relayed by Squid breaking the use of this feature in the
+    recipients. Squid now relays the header values correctly.
+  * fix Proxy-Authenticate problem using ICAP server
+    With this change Squid now treats the ICAP REQMOD adaptation
+    point as a part of itself with regards to proxy authentication.
+    The Proxy-Authentication header received from the client is
+    delivered as part of the HTTP request headers in expectation
+    that the ICAP service may authenticate and/or
+    produce 407 response itself.
+  * fix HTTP: MUST always revalidate Cache-Control:no-cache responses
+    This bug shows up as Squid not revalidating some responses until
+    they became stale according to refresh_pattern heuristic rules
+    (specifically the minimum caching age). Squid now revalidates
+    these objects on every request.
+  * fix HTTP: do not allow Proxy-Connection to override Connection
+  * fix SSL CN wildcard must only match a single domain fragment
+    This bug shows up as incorrect matching (or non-matching) of the
+    ss::server_name ACL against TLS certificate values. Squid now
+    treats the certificate CN fields according to X.509 domain
+    matching requirements instead of HTTP domain matching
+    requirements.
+- squid-brokenad.patch
+  * propertly capitalize option name
+  * make the conditional if() not a riddle
+
 -------------------------------------------------------------------
 Mon Jul 18 08:05:42 UTC 2016 - adam.majer@suse.de

--- a/squid.spec
+++ b/squid.spec
@ -20,7 +20,7 @@
 %define         squidconfdir %{_sysconfdir}/squid

 Name:           squid
-Version:        3.5.20
+Version:        3.5.22
 Release:        0
 Summary:        A fully featured HTTP/1.0 proxy
 License:        GPL-2.0+
@ -28,7 +28,6 @@ Group:          Productivity/Networking/Web/Proxy
 Url:            http://www.squid-cache.org/Versions/v3/3.5
 Source0:        http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz
 Source1:        http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz.asc
-
 Source3:        squid.init
 Source4:        squid.sysconfig
 Source5:        pam.squid
@ -50,6 +49,10 @@ Patch103:       squid-brokenad.patch
 Patch104:       squid-old-kerberos.patch

 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+# BuildRequires:  autoconf
+# BuildRequires:  automake
+# If you want to run unit tests, these also need mounted /dev/shm and /proc
+# BuildRequires:  cppunit-devel
 BuildRequires:  db-devel
 # needed by bootstrap.sh
 BuildRequires:  cyrus-sasl-devel
@ -131,7 +134,7 @@ The most important of these new features are:
 %setup -q
 cp %{SOURCE10} .
 # upstream patches after RELEASE
-#
+
 ##### other patches
 %patch100
 perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"`
@ -140,6 +143,7 @@ chmod a-x CREDITS
 %patch104

 %build
+# autoreconf -fi
 export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
 export CXXFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
 export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro,-z,now -pie"