Accepting request 308402 from server:proxy:Test

- Update to 3.5.4
- Refresh patches

OBS-URL: https://build.opensuse.org/request/show/308402
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=76

squid-3.5.3.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:73ec65a08384a3ec93ccc17e89ef7a06ba221816551946f2f051cc736c2981c0
-size 2283580

squid-3.5.3.tar.xz.asc

@@ -1,20 +0,0 @@
-File: squid-3.5.3.tar.xz
-Date: Sat Mar 28 11:51:30 UTC 2015
-Size: 2283580
-MD5 : 6cd553300a2253c0913f498beb79ee51
-SHA1: 6919305e16f59387197cf543f525e41f510b4727
-Key : 0xFF5CF463 <squid3@treenet.co.nz>
-      fingerprint = EA31 CC5E 9488 E516 8D2D  CC5E B268 E706 FF5C F463
-      keyring = http://www.squid-cache.org/pgp.asc
-      keyserver = subkeys.pgp.net
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQEcBAABAgAGBQJVFpsoAAoJELJo5wb/XPRj4KYH/RU/x21yI0nI2sI0ilTUbG4K
-W0mFM1YcbjtaRreXU6zgc7kVLPiypRYeXP+GDvADK3uEmXCvjulyT2pBqCdiftsV
-BC2kBQDH4m1XUICE+vxKC2LmDAAPFxH0yOTiNltH1BEjNrjUcAPAlfuforVUz84u
-VbiVcKMHQ3UShCsdLU3ZfM9qt5AUI6IEKDYIrfOJ+zNg8tEdMXlA3vSno1M2LQ32
-v0wKJJ0WtT8KETOI2HAFAXJJFImJczWh480ffQV76vctT1BAmtue2CRpH0IKpNbZ
-8WBIx2wraxzBSu+YAvjinnabLMblyzPfkwuP4U4j0JBGml9A3Us+P/unIlsEGj0=
-=rz1P
------END PGP SIGNATURE-----

squid-3.5.4.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dce615d08e349caf3975fc5d51ce4c3c69b9995fb83f51dc5d55ae873d8bf6a4
+size 2289772

squid-3.5.4.tar.xz.asc

@@ -0,0 +1,20 @@
+File: squid-3.5.4.tar.xz
+Date: Fri May  1 12:25:42 UTC 2015
+Size: 2289772
+MD5 : 5b53d5bb47fa033b76857f7956d0c36b
+SHA1: 71a04a5f7c4c38464a8a08ae1089c47abcea0e49
+Key : 0xFF5CF463 <squid3@treenet.co.nz>
+      fingerprint = EA31 CC5E 9488 E516 8D2D  CC5E B268 E706 FF5C F463
+      keyring = http://www.squid-cache.org/pgp.asc
+      keyserver = subkeys.pgp.net
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQEcBAABAgAGBQJVQ3PPAAoJELJo5wb/XPRjdI8H/3vB73EXjW0nzu9iJr6gN7vs
+PZjle4b6cT/76nbAf0O4R5m/HAeIfuoWLsHoVCysroRMcVqni0su1swqavMj/d27
+ikhSyR/JlXArFFumV0Nj1srZuY11Qz9dohLqVBwX8dzuqzFrqF5jQMvM2bKK1Pm9
+hUF+tFZP4sF/y7NBdHMKkb7pRLLc8Yn75wZtg4FAhLY6HfM58e3Sn5Y3JUJ4Lyt0
+6YqnzDQzNAs6YCrsLnY/AY7TKL8hAXMmvJXP9q1wn31lCmzx5KNz3b9YTq+Ul1aB
+XqyXyP2FptkUrPJ448f0hgAsrDNfs2rpAblq35ueo6fAV4gwgtmlIb81Y5w0eTQ=
+=PwZH
+-----END PGP SIGNATURE-----

squid-brokenad.patch

@@ -74,7 +74,7 @@ Index: helpers/external_acl/kerberos_ldap_group/support.h
 ===================================================================
 --- helpers/external_acl/kerberos_ldap_group/support.h.orig
 +++ helpers/external_acl/kerberos_ldap_group/support.h
-@@ -101,6 +101,7 @@ struct main_args {
+@@ -105,6 +105,7 @@ struct main_args {
      int rc_allow;
      int AD;
      int mdepth;
@@ -82,7 +82,7 @@ Index: helpers/external_acl/kerberos_ldap_group/support.h
      char *ddomain;
      struct gdstruct *groups;
      struct ndstruct *ndoms;
-@@ -160,7 +161,7 @@ int create_nd(struct main_args *margs);
+@@ -164,7 +165,7 @@ int create_nd(struct main_args *margs);
  int create_ls(struct main_args *margs);
  
  #ifdef HAVE_KRB5
@@ -95,7 +95,7 @@ Index: helpers/external_acl/kerberos_ldap_group/support_ldap.cc
 ===================================================================
 --- helpers/external_acl/kerberos_ldap_group/support_ldap.cc.orig
 +++ helpers/external_acl/kerberos_ldap_group/support_ldap.cc
-@@ -888,7 +888,7 @@ get_memberof(struct main_args *margs, ch
+@@ -898,7 +898,7 @@ get_memberof(struct main_args *margs, ch
          debug((char *) "%s| %s: DEBUG: Setup Kerberos credential cache\n", LogTime(), PROGRAM);
  
  #if HAVE_KRB5

squid-config.patch

@@ -2,7 +2,7 @@ Index: src/cf.data.pre
 ===================================================================
 --- src/cf.data.pre.orig
 +++ src/cf.data.pre
-@@ -1397,6 +1397,8 @@ http_access deny manager
+@@ -1409,6 +1409,8 @@ http_access deny manager
  # Adapt localnet in the ACL section to list your (internal) IP networks
  # from where browsing should be allowed
  http_access allow localnet
@@ -11,7 +11,7 @@ Index: src/cf.data.pre
  http_access allow localhost
  
  # And finally deny all other access to this proxy
-@@ -3616,6 +3618,10 @@ DOC_START
+@@ -3637,6 +3639,10 @@ DOC_START
  	Instead, if you want Squid to use the entire disk drive,
  	subtract 20% and use that value.
  
@@ -22,7 +22,7 @@ Index: src/cf.data.pre
  	'L1' is the number of first-level subdirectories which
  	will be created under the 'Directory'.  The default is 16.
  
-@@ -3734,7 +3740,7 @@ DOC_START
+@@ -3755,7 +3761,7 @@ DOC_START
  NOCOMMENT_START
  
  # Uncomment and adjust the following to add a disk cache directory.
@@ -31,7 +31,7 @@ Index: src/cf.data.pre
  NOCOMMENT_END
  DOC_END
  
-@@ -4410,7 +4416,7 @@ DOC_END
+@@ -4431,7 +4437,7 @@ DOC_END
  
  NAME: logfile_rotate
  TYPE: int

squid-nobuilddates.patch

@@ -78,7 +78,7 @@ Index: helpers/ntlm_auth/fake/ntlm_fake_auth.cc
 ===================================================================
 --- helpers/ntlm_auth/fake/ntlm_fake_auth.cc.orig
 +++ helpers/ntlm_auth/fake/ntlm_fake_auth.cc
-@@ -147,7 +147,7 @@ main(int argc, char *argv[])
+@@ -141,7 +141,7 @@ main(int argc, char *argv[])
  
      process_options(argc, argv);
  

squid-old-kerberos.patch

@@ -1,8 +1,8 @@
 Index: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc
 ===================================================================
---- helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc.orig	2015-03-28 11:58:05.000000000 +0100
-+++ helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc	2015-04-01 14:45:11.970927882 +0200
-@@ -537,7 +537,11 @@ main(int argc, char *const argv[])
+--- helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc.orig
++++ helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc
+@@ -535,7 +535,11 @@ main(int argc, char *const argv[])
          keytab_name_env = getenv("KRB5_KTNAME");
          if (!keytab_name_env) {
              ret = krb5_init_context(&context);

squid.changes

@@ -1,3 +1,23 @@
+-------------------------------------------------------------------
+Fri May 22 17:43:50 UTC 2015 - mpluskal@suse.com
+
+- Update to 3.5.4
+  * Bug 4234: comm_connect_addr uses errno incorrectly
+  * Bug 4231: fd_open() not correctly handling UDS socket descriptions
+  * Bug 4226: digest_edirectory_auth: found but cannot be built
+  * Bug 4198: assertion failed: client_side.h:364: "sslServerBump == srvBump"
+  * Bug 3775: Disable HTTP/1.1 pipeline feature for pinned connections
+  * Fix require-proxy-header preventing HTTPS proxying and ssl-bump
+  * Fix Negotiate/Kerberos authentication request size exceeds output buffer size
+  * Fix SQUID_X509_V_ERR_DOMAIN_MISMATCH errors while accessing sites with valid certificates
+  * Add server_name ACL matching server name(s) obtained from various sources
+  * Add Kerberos support for MAC OS X 10.x
+  * Support for resuming TLS sessions
+  * ... and some portability and compile fixes
+  * ... and several documentation updates
+  * ... and all fixes from squid 3.4.13
+- Refresh patches
+
 -------------------------------------------------------------------
 Wed May  6 08:32:28 UTC 2015 - mpluskal@suse.com
 

squid.spec

@@ -20,7 +20,7 @@
 %define         squidconfdir %{_sysconfdir}/squid
 
 Name:           squid
-Version:        3.5.3
+Version:        3.5.4
 Release:        0
 Summary:        A fully featured HTTP/1.0 proxy
 License:        GPL-2.0+
@@ -429,6 +429,7 @@ fi
 %{_sbindir}/basic_fake_auth
 %{_sbindir}/basic_getpwnam_auth
 %{_sbindir}/basic_ldap_auth
+%{_sbindir}/digest_edirectory_auth
 ## will get removed in 3.6 series
 # http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html#toc2.8
 %{_sbindir}/basic_msnt_multi_domain_auth