Accepting request 146699 from server:proxy

update to 3.2.5 (forwarded request 146698 from computersalat) OBS-URL: https://build.opensuse.org/request/show/146699 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=3
2013-01-03 07:44:06 +00:00 · 2013-01-03 07:44:06 +00:00 · 831a772962
commit 831a772962
parent cb730cec77 fba5a0ced5
9 changed files with 157 additions and 90 deletions
--- a/RELEASENOTES.html
+++ b/RELEASENOTES.html
@ -2,10 +2,10 @@
 <HTML>
 <HEAD>
 <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.66">
- <TITLE>Squid 3.2.3 release notes</TITLE>
+ <TITLE>Squid 3.2.5 release notes</TITLE>
 </HEAD>
 <BODY>
-<H1>Squid 3.2.3 release notes</H1>
+<H1>Squid 3.2.5 release notes</H1>

 <H2>Squid Developers</H2>
 <HR>
@ -72,7 +72,8 @@ for Applied Network Research and members of the Web Caching community.</EM>
 <HR>
 <H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>

-<P>The Squid Team are pleased to announce the release of Squid-3.2.3 for testing.</P>
+<P>The Squid Team are pleased to announce the release of Squid-3.2.5 for 
+testing.</P>
 <P>This new release is available for download from 
 <A HREF="http://www.squid-cache.org/Versions/v3/3.2/">http://www.squid-cache.org/Versions/v3/3.2/</A> or the 
 <A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html">mirrors</A>.</P>
@ -535,9 +536,10 @@ the use of HTTPS security were desired.</P>
 <P>The cache manager is available under the path prefix /squid-internal-mgr/. For example
 the URL http://example/com/squid-internal-mgr/menu will bring up the manager menu. This
 means there are some configuration changes required to lock down manager access.
-The <EM>manager</EM> ACL needs changing to:
+The <EM>manager</EM> ACL needs changing. A built-in definition is now used, equivalent
+to the following regex pattern:
 <PRE>
-        acl manager url_regex -i ^cache_object:// ^https?://[^/]+/squid-internal-mgr/
+        ^(cache_object://|https?://[^/]+/squid-internal-mgr/)
 </PRE>
 </P>

@ -547,6 +549,14 @@ This template is not supplied with Squid but intended to be supplied by separate
 cache manager applications as their front page embedding all scripts, accessors or
 redirects required for their initial GUI display.</P>

+<P>MGR_INDEX file
+<UL>
+<LI>should contain a complete HTML page, with optional client-side scripting.</LI>
+<LI>must not contain server-side scripting. </LI>
+<LI>will have macro substitution performed on it using the same macros as used by the error page tempates.</LI>
+</UL>
+</P>
+
 <P>Version 3.2 of the CGI cache manager tool now presents XHR scripted probes to detect
 proxies presenting these manager index pagess and provides direct HTTP/HTTPS web links
 to those managers.</P>
@ -724,15 +734,18 @@ New installs, or installs with no logs configured explicitly will use this modul
 <P>New type <EM>random</EM>. Pseudo-randomly match requests based on a configured probability.</P>
 <P>Renamed <EM>myip</EM> to <EM>localip</EM>. It matches the IP which the client connected to.</P>
 <P>Renamed <EM>myport</EM> to <EM>localport</EM>. It matches the port which the client connected to.</P>
+<P>Ported <EM>urllogin</EM> option from Squid 2.7, to match a regex pattern on the URL login field (if any).</P>
 <P>The <EM>localip</EM>/<EM>localport</EM> differ from earlier releases where they matched a mix of
 of an invalid IP and port 0, the client destination IP/port or the Squid listening IP/port.
 This definition is now consistent across all modes of traffic received by Squid.</P>
-<P>The <EM>manager</EM> ACL requires adjustment to cover new cache manager access:
+<P>The <EM>manager</EM> ACL requires adjustment to cover new cache manager access. So it has now been
+built-in as a predefined ACL name matching URLs equivalent to the following regular expression:
 <PRE>
-                acl manager url_regex -i ^cache_object:// ^https?://[^/]+/squid-internal-mgr/
+                ^(cache_object://|https?://[^/]+/squid-internal-mgr/)
        
 </PRE>
-</P>
+
+squid.conf containing the old manager definition can expect to see ACL type collisions.</P>

 <DT><B>auth_param</B><DD>
 <P>New options for Basic, Digest, NTLM, Negotiate <EM>children</EM> settings.
@ -1194,10 +1207,6 @@ An external_acl_type helper may be used to bypass authentication if that is suit

 <P>
 <DL>
-<DT><B>acl</B><DD>
-<P><EM>urllogin</EM> option not yet ported from 2.6</P>
-<P><EM>urlgroup</EM> option not yet ported from 2.6</P>
-
 <DT><B>broken_vary_encoding</B><DD>
 <P>Not yet ported from 2.6</P>

--- a/squid-3.2.3.tar.bz2
+++ b/squid-3.2.3.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1741c3ef647f5b0960498b7bb3e44af4a4409c321afe2d141c67d2b5c85ed5a1
-size 2891753
--- a/squid-3.2.3.tar.bz2.asc
+++ b/squid-3.2.3.tar.bz2.asc
@ -1,20 +0,0 @@
-File: squid-3.2.3.tar.bz2
-Date: Sat Oct 20 12:59:15 UTC 2012
-Size: 2891753
-MD5 : b26171dfd397defd9ee113d555691b86
-SHA1: 41f6cf385d043ee07ef87582dca166303e71cd17
-Key : 0xFF5CF463 <squid3@treenet.co.nz>
-      fingerprint = EA31 CC5E 9488 E516 8D2D  CC5E B268 E706 FF5C F463
-      keyring = http://www.squid-cache.org/pgp.asc
-      keyserver = subkeys.pgp.net
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.12 (GNU/Linux)
-
-iQEcBAABAgAGBQJQg0I7AAoJELJo5wb/XPRj4qUIAOPXneXCd/Ww9wWMw6q3nNv8
-A8cOH/Cf9pGXjNfAUITpauQiG2PbeTxMlnE3gcGFC9GqCUktx8ksfAfnHhb13YCO
-Bz0OMO6MooxPD1YZWdomYJqZxZdL7yZtUTuhpWYibGhPJL2tlrD93Z2OUeXh+jcb
-vucKnLHLZuuHbuBCz0KOwOl/1EWDfHjlz9xjYtRGUb8uFfyFCrkd9tAbiz3mZ2xe
-SmoqJRiboLrvoVEJscaA5AnmVGXZMLKham3kXqBUA6aXwvgZU9eTOh1FAjMJlVdq
-mCiRx5keHj5N5koI4AKzjBa6plUaoQ5nqHGDjnaU448aC8VVhm+mQ3dDr4XxXkA=
-=dc1e
-----END PGP SIGNATURE-----
--- a/squid-3.2.5.tar.bz2
+++ b/squid-3.2.5.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a823de016ca80680f979f3c74ba481775062b4de5924b21d58d1863254283912
+size 2893104
--- a/squid-3.2.5.tar.bz2.asc
+++ b/squid-3.2.5.tar.bz2.asc
@ -0,0 +1,20 @@
+File: squid-3.2.5.tar.bz2
+Date: Mon Dec 10 10:16:15 UTC 2012
+Size: 2893104
+MD5 : ddb329f92056aa58a56db6a2eeea0c02
+SHA1: 6b945d41a9c0e993b978186b846035a241e79a7e
+Key : 0xFF5CF463 <squid3@treenet.co.nz>
+      fingerprint = EA31 CC5E 9488 E516 8D2D  CC5E B268 E706 FF5C F463
+      keyring = http://www.squid-cache.org/pgp.asc
+      keyserver = subkeys.pgp.net
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (GNU/Linux)
+
+iQEcBAABAgAGBQJQxcSsAAoJELJo5wb/XPRjikEIANGXmlZFreiKJm7GjCf3FIOT
+Relj7MfKAY6smt0RqZVFoOSnNRf59NQbkkHkDlXKOkUWwtbWRb0U0YQo5Zi0BHlf
+yw4xtkw1kbTLR5TCayLvuViBjMajC0Rjca22YnK0CttijG7qQOmTtX0JVYMZZHBl
+WTKv9rckXz9fmeLTCH57TGz1H1ekAzC2gmY/AzYqmlgDvuioZPnhgiQUgfqsnmII
+pxwUXNldZ0eK/WOwKGi+ReyWSgR4P/nlko3K28/yomADWYSH/al1xFmVWxeJPdoq
+ejzYCA1KYg4jYszscLOuUW/2ajnzXpxl3a2R7oilg6hRir22j+QZiGnbU/DItTo=
+=0bG7
+-----END PGP SIGNATURE-----
--- a/squid-glibc217.patch
+++ b/squid-glibc217.patch
@ -1,49 +0,0 @@
-Index: squid-3.2.3/src/icmp/pinger.cc
-===================================================================
--- squid-3.2.3.orig/src/icmp/pinger.cc
-+++ squid-3.2.3/src/icmp/pinger.cc
-@@ -180,8 +180,18 @@ main(int argc, char *argv[])
-     }
-     max_fd = max(max_fd, squid_link);
- 
-    setgid(getgid());
-    setuid(getuid());
-+    if (setgid(getgid()) < 0) {
-+        debugs(42, 0, "FATAL: pinger: setgid failed.");
-+        icmp4.Close();
-+        icmp6.Close();
-+	exit (1);
-+    }
-+    if (setuid(getuid()) < 0) {
-+        debugs(42, 0, "FATAL: pinger: setuid failed.");
-+        icmp4.Close();
-+        icmp6.Close();
-+        exit (1);
-+    }
- 
-     last_check_time = squid_curtime;
- 
-Index: squid-3.2.3/src/tools.cc
-===================================================================
--- squid-3.2.3.orig/src/tools.cc
-+++ squid-3.2.3/src/tools.cc
-@@ -757,7 +757,8 @@ enter_suid(void)
-     debugs(21, 3, "enter_suid: PID " << getpid() << " taking root priveleges");
- #if HAVE_SETRESUID
- 
-    setresuid((uid_t)-1, 0, (uid_t)-1);
-+    if (setresuid((uid_t)-1, 0, (uid_t)-1) < 0)
-+	debugs (21, 3, "enter_suid: setresuid failed" << xstrerror ());
- #else
- 
-     setuid(0);
-@@ -782,7 +783,8 @@ no_suid(void)
-     uid = geteuid();
-     debugs(21, 3, "no_suid: PID " << getpid() << " giving up root priveleges forever");
- 
-    setuid(0);
-+    if (setuid(0) < 0)
-+	debugs(50, 1, "no_suid: setuid (0): " << xstrerror());
- 
-     if (setuid(uid) < 0)
-         debugs(50, 1, "no_suid: setuid: " << xstrerror());
--- a/squid.changes
+++ b/squid.changes
@ -1,3 +1,25 @@
+-------------------------------------------------------------------
+Sun Dec 30 14:56:38 UTC 2012 - chris@computersalat.de
+
+- Changes to squid-3.2.5 (10 Dec 2012):
+  - Bug 3698: Add missing include of errno.h
+- Changes to squid-3.2.4 (03 Dec 2012):
+  - Ported: urllogin ACL from squid 2.7
+  - Bug 3688: Lots of Orphan Comm:Connections to ICAP server
+  - Bug 3677: Port un-pinning logic changes from squid 3.3
+  - Bug 3405: ssl_crtd crashes failing to remove certificate
+  - ... and major bugs fixed in squid 3.1.22
+  - Fix accept_filter on Linux
+  - Remove 'Bungled' warning on missing component directives
+  - ... and many buffer and memory leak issues in the bundled helpers
+  - ... and a small amount of code polishing
+- remove obsolete glibc-217 patch
+
+-------------------------------------------------------------------
+Thu Nov 29 19:10:16 CET 2012 - sbrabec@suse.cz
+
+- Verify GPG signature.
+
 -------------------------------------------------------------------
 Sat Nov 17 09:38:19 UTC 2012 - aj@suse.de

--- a/squid.keyring
+++ b/squid.keyring
@ -0,0 +1,85 @@
+pub   2048R/FF5CF463 2008-03-08
+uid                  Amos Jeffries <amos@treenet.co.nz>
+uid                  Amos Jeffries <squid3@treenet.co.nz>
+uid                  Amos Jeffries (Squid 3.0 Release Key) <squid3@treenet.co.nz>
+uid                  Amos Jeffries (Squid 3.1 Release Key) <squid3@treenet.co.nz>
+sub   2048R/D0F41EA3 2009-04-08 [expires: 2010-04-08]
+sub   2048R/5EF49CEC 2010-05-01 [expires: 2011-05-01]
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.19 (GNU/Linux)
+
+mQENBEfSAIMBCADk3IDpqpCzbLbSliZzXr5Z+K9ytG/qGlGut1be1ZQLcyaMKImi
+xKCDwdxYS3N1B8Oj2mHxbEk/8pHZzX/K7l21HQotuj31y0Y9hNz4Sd06SuYm8XUa
+ml8dHEtm9OfgRWkvexCp79CtFJQ1H6NL12d+XFosfRlUXxAWX3orLEtMWgdUmIXb
+BaQjf+exkGisN1FPh9/ooOOuTu1c0LIRFUhb2kII7HuihaqEpSDdqTEefHWF8AbA
+ZDs1+9nNIROJFsY5MX7QNnFnYC94J1aqImVoNbg0knurdPo8iR4hN5ZRUsj/Yjev
+cbv0wisZryCtpPrGQ9r/i8bd0UxKql4VW9MXABEBAAG0IkFtb3MgSmVmZnJpZXMg
+PGFtb3NAdHJlZW5ldC5jby5uej6JATkEEwECACMCGwMGCwkIBwMCBBUCCAMEFgID
+AQIeAQIXgAIZAQUCS9wlXwAKCRCyaOcG/1z0Y9FpB/4sp8CCdb4agK4/EP/olLcN
+1em51BS3715Q3A/iOuU9giMTfToqd94qDWiHCbNN+vrx4jjVPYok6QXEzKz5jK6n
+VoRSaK+Se72GxdZVhcpcIHsdYcofmR6135RlC3W8aBTYlmX4Uw0FI3Cd9sthsBG0
+sVy9tGDbhmUOsLsqzPyY1FIpq/FyZxoNIjUqaZWVqtOmw7+3LLdjp7xCgQ3dkqmX
+d4KDhOWemwSMwD+v4eXSZ7KfHxIPG8Ep7nQfU5+0POl7oC5mVjSSUkWxDWAiFKZE
+5H705J/8FUrOFmTO6D5esVgZ6BZ6ktXnRYzXmsN+7Yk+TLvP6MtBT09Q/y1IR21Z
+tCRBbW9zIEplZmZyaWVzIDxzcXVpZDNAdHJlZW5ldC5jby5uej6JATYEEwECACAC
+GwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCS9wlXwAKCRCyaOcG/1z0Y9gACACK
+Y9HWgOhXP67v+ha8cSsUmOCtwVRt7cZ1xCs3kFTvgbUL2isBOORiDCuXjLEYBS8W
+a9WCkmqznck+zwhwN8nRCZetTnrqa+elihcjM1wk+XaZRvOjV3Hjtr43hhBiQyJD
+jWil0LL/R8Ul3l81zsLvUAXTZXSwxrbkscbfDG8HmYfeVT7WbuDAVTnFLVvip8u3
+tOAy8GU0Kli0aTnVCBczejddM6Qerqiq4gSyove7y2S0PC0G0Nm7j/mqbngd0Inl
+cSrC36+hWq8wU7/1skfLIALqMpvpMP8lqpvzzQyTameMOu79BZMw14FiZcELSAri
+cbfFzUFgQ/qPdXS1J2P1tDxBbW9zIEplZmZyaWVzIChTcXVpZCAzLjAgUmVsZWFz
+ZSBLZXkpIDxzcXVpZDNAdHJlZW5ldC5jby5uej6JATYEEwECACACGwMGCwkIBwMC
+BBUCCAMEFgIDAQIeAQIXgAUCS9wlXwAKCRCyaOcG/1z0Y/UcB/473QtJku9QSHaH
+68h+vXi9GU7rWGHcCs+HL20fzSnim+trAyoxv+MPUfPH416fgIIMmM9oZlTulp02
+7AwHHUYXZsxzYLA/1bqCKYy7TF6DQ6bLVyuM/SddtAiajZQKUq8UwKILSRcGooJc
+p4Iu8J7y4jLm/c+hjoLK6jK92tNUtoKGdLOQQ1JpKRRissihGvFg9nxFoFP+i531
+3k6DKj91G1Z5R+bbP7Jf65CjdBENNq7rRNVHMBBscCHG7X332kVSacqEi4WFrjBT
+EasduOmQRQ/frdptK2PmYrqw7F4CsQGo0C1WWXv/5q0gJFb1ovptL9QxmhvVHU0I
+S0tnKl04tDxBbW9zIEplZmZyaWVzIChTcXVpZCAzLjEgUmVsZWFzZSBLZXkpIDxz
+cXVpZDNAdHJlZW5ldC5jby5uej6JATYEEwECACACGwMGCwkIBwMCBBUCCAMEFgID
+AQIeAQIXgAUCS9wlXwAKCRCyaOcG/1z0Y6WjB/0fFm7hFYxZxJvfm+GVU2DpWfQ7
+5bW4f2WqjWJfKNpCwAILkySoD0B+h+HQRkbAQ/IjifbORdTUGuYqURysaJhCEP5J
+eQ26hs9dUw/agpEamvROHE/PltHl1K3XIXs7mB2iwexhgncmpp0D4VH39cQiMkIL
+Hixv5xRioXHK5P4JkclHJ+zLL3IbdgmS7UijA3Bg8hIUcpy2s+4hy5So8OrcgxDu
+q4KwxKcQsklHYqXfxF9+tiy02FeGTSX3JyCVUuGCLMOMbFO6oWP3YWKQUuE9XpgG
+0ykz2zEYHbzh8CG+AT/dA1sbjkQP5yTfR3NpPNilwJ7HK9Kn+2AXstRCuLSBuQEN
+BEncrb0BCACtTMCBEd5FgBjNxrb+yzUKQtu8cZy6PmpeEaMlEDtAbs+Sd6wbyJe0
+9ZY3OwSDisnA05hPqd3bxmi4CFtxE/2C//jWl1i9xVU7NyK+2CUxEHRoNBY9DAp0
+IAvnZ1BNQcf6CYEMoyTR60GjTnCet2kHt+q9F+vVFmGVatPojUtg2irh+rYjvWbr
+iiNCoweqeBqvp2beVqZChQDm5bRamgFW7S8bAhSn24tBZmettXQ6j4ZgjdqNIMgy
+O80sCA31LTc3Jcd9WEIYEbJ/9aK+zVHdB1Tw43YQq62OosDeVENwSdE1pjh8R48W
+dzCT5Rwe73X/ct5DRi0S/0QkcsjAep45ABEBAAGJAkQEGAECAA8FAkncrb0CGwIF
+CQHhM4ABKQkQsmjnBv9c9GPAXSAEGQECAAYFAkncrb0ACgkQB4pjqtD0HqNTXwf/
+fQcDlC/Nx4n4G2LFBRUNanlg3iAInNOfVPyB5fVWwLHZUVpxNm4qNKSGxw1YjVEl
+h6EuMjNfQeE+i7Z4/L2Hbqd17M4vXXO4PxqkkUVmqIcIH/PKWJKI2gLlKjSebo4V
+vgzPZXFzbKBeTy4URXyifVxu8p+i0+e1eyFB80+EACaHX1b8S9cl88ZgbEqm7mVg
+HT+L28o+Y3MrSRpqkTnqfYA5I+bxMO2LNZShtReeKdDU1YB0XOKOB9Y6jOoOLt5g
+GKAjYByFeqFbvCJhwfncDuZZ7Ny8PIXj0a8j8e7zZH9I4iCTrRt5eK/+8KBHwuTU
+dliCktqtjYKTevjlaPlPw4qsB/496HNciuFiDHmofLKnuYXoR2N2Uo4b6ErmyuKT
+KAXFhDiOj8MoN49mEbm0/FdZe+IL0aG7EEIz2+h3h9y7q15dqRawbchMBX1bu7aK
+GdiQenyiWbGsliE7h/crxtLHqDQPg2CimQJI1Msx4ee2ePQ9DMPBHgd1TVN9B75Q
+h46mJ612j4cIDYspFnqWKqXx52XRVEgyVL0ZFN0On5WukNoBWINqRnLlTJM0zdw5
+jGhRad7B5ubdcPpbbDw9VLfNOOCAPK8jeQNPXMtvFIEoLXeo8wKbVQX33hV2y7kH
+GCamA1A05gmJtiVaZBfph5MxAjYx0JdrzlcwrPB+4DNdj1jYuQENBEvcJYoBCADw
+e4s2CBQxFf/yenctJYnmiFhppGH3f3RgteKl1rt2mpL3wK79IDrXucfzbxAbwSdA
+52wcbaqBbsdguzyOF3bVPJL3c/bVZ/As7m3oOr4HRSpuh2cs5gATesjWRITVMMkO
+kHo+69isPAe7vCX6+CgeldPjWSfIcg5sfEo183+V0g8bWiYemGueDKmLqLkwAyCM
+gARpDPMKBgShnvRPe1ovG4a/GZilpS5u4QKzyj+3GmLbCHJQOODdDHdt0/AVkbh0
+KUrneKZbvGQdWzC2NXyENa+13U1lG+WSyTsuQN09szd3rRCVITQKR+jnmWlIn3Ji
+p0LpMazTENxcn4EN1s0tABEBAAGJAkQEGAECAA8FAkvcJYoCGwIFCQHhM4ABKQkQ
+smjnBv9c9GPAXSAEGQECAAYFAkvcJYoACgkQ87HMiV70nOwr/QgAsQiZjDV70LrG
+eh6GJvKYWpK35w57krCbqwivzZKDD499Et0DvIFUmkdn6xJAUpuFXzxkPHXWuCqn
+cCQjRnqSm0sAVC612cQGStBZm73J0htqLbQc/NGqAzbc/5eOW5BxQJG0fhGIvNhu
+1JS8Acbti2q0XfnDKuAwnJyZQsZmZBOAqj9kuB4ATwU4KWwPQGkfZ38W6VSlXbCV
+NYoP7+PBSjM6gyjoOzC5U+1Tf7lZvlNEZEmR4Ls0V9XteGTnnJrpJLQ6iVB2dr97
+ZY36Q3aOBhPMSxg/I6scj1iSgmAuAqTpY53qdSf2X24HEERtxR5AVFwmRVI0YQgx
+KTeFJLIJMym+CACttZmyZoSWS1atRNhPb44/NRmtDv4mfFRgtwg2VcXAEL/ipPi5
+nMYrfgZ1Zjbzf5e6r6O6qrBTjy7sHCIpT8E/RV0U7Wmh/MqCaJ6TlSFDLaoIYyl8
+m5J46VDOd7XFEbU/59LwwP7wcgU4iNbjxNmjZy/zZCwi8zWnKLVGTgkqx51zsurF
+5ZIzDS72Atlg2RAHdGhOaCqeNb5cw44Rh3XPdzTklcpoo3NcMXx/aUPHrRc+SBS6
+iP6UMH+/IuiwOG6UhV1VxRlrVDb5J3/GTxHWPGtEiHNUjxHuH3EN2lj9oTKPKIhs
+SHFot7e7PTf5fJ6rTzeQTL4VOWVOkq4M4xmZ
+=k8xm
+-----END PGP PUBLIC KEY BLOCK-----
--- a/squid.spec
+++ b/squid.spec
@ -23,7 +23,7 @@ Name:           squid
 Summary:        Squid Version 3.2 WWW Proxy Server
 License:        GPL-2.0+
 Group:          Productivity/Networking/Web/Proxy
-Version:        3.2.3
+Version:        3.2.5
 Release:        0
 Url:            http://www.squid-cache.org/Versions/v3/3.2
 Source0:        http://www.squid-cache.org/Versions/v3/3.2/%{name}-%{version}.tar.bz2
@ -38,6 +38,7 @@ Source9:        %{name}.permissions
 Source10:       README.kerberos
 Source11:       %{name}.service
 Source12:       squid_cache_swap.sh
+Source13:       %{name}.keyring
 #
 # the following patches are downloaded directly from the webserver
 # don't change the names for easier identification
@ -60,8 +61,6 @@ Patch101:       %{name}-nobuilddates.patch
 ## File is compiled without RPM_OPT_FLAGS
 # squid3 no-rpm-opt-flags <cmdline>:./cf_gen.cc
 Patch102:       %{name}-compiled_without_RPM_OPT_FLAGS.patch
-# Handle setuid/setgid failure
-Patch103:       squid-glibc217.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         %fillup_prereq
 PreReq:         %insserv_prereq
@ -74,6 +73,7 @@ BuildRequires:  cyrus-sasl-devel
 BuildRequires:  ed
 BuildRequires:  expat
 BuildRequires:  gcc-c++
+BuildRequires:  gpg-offline
 BuildRequires:  libcap-devel
 BuildRequires:  libexpat-devel
 BuildRequires:  libtool
@ -135,10 +135,11 @@ The most important of these new features are:
 * Cache Manager access changes

  First STABLE release Date: 02 Aug 2010
-  Latest Release: 3.2.3
-  Latest Release Date: 20 Oct 2012
+  Latest Release: 3.2.5
+  Latest Release Date: 10 Dec 2012

 %prep
+%gpg_verify %{S:1}
 %setup -q -n %{name}-%{version}
 cp %{S:10} .
 # upstream patches after RELEASE
@ -150,7 +151,6 @@ perl -p -i -e 's|/usr/local/bin/perl|/usr/bin/perl|' `find -name "*.pl"`
 chmod a-x CREDITS
 %patch101
 %patch102
-%patch103 -p1

 %build
 export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"