rpm/squid
SHA256
1
0
Fork 0
forked from pool/squid
Code Pull Requests Activity

Accepting request 348038 from server:proxy:Test

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/348038
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=94
This commit is contained in:
Martin Pluskal 2015-12-09 10:01:10 +00:00 committed by Git OBS Bridge
parent f2a6677342
commit 8920b43a0b
8 changed files with 176 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
squid-3.5.10.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:736e69fbddd6e985d2f85c995526f0a2bc4294c46dfb6737c0ccf09274a458b3
size 2297452

20
squid-3.5.10.tar.xz.asc
View File

@ -1,20 +0,0 @@
File: squid-3.5.10.tar.xz
Date: Thu Oct 1 15:37:56 UTC 2015
Size: 2297452
MD5 : 5ddc53bd6ff78234691a7ebbcbc6aa38
SHA1: 804bbf5ef6ccdc277dacde83e086fad30d02da60
Key : 0xFF5CF463 <squid3@treenet.co.nz>
fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
keyring = http://www.squid-cache.org/pgp.asc
keyserver = subkeys.pgp.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJWDVnkAAoJELJo5wb/XPRjC/MIAMUTJEgzajbcbpCJubfxL8+y
gxV/SjysESmgjjgC7LdtEsz6X156zxPXNYbNC05NKZ0qLrMN0cHy1+LG1uIWie2c
vFL0KmFllIRY9wiV2m4Y3uoEYvGFEWYviaW8edRJstZAEBe2ntSSvD+982rRwRgw
mHDnjIUL9MnJGnjqVq+O3jq1M/lxmAYoiiJrDQM/Jkd6yvs73o4spRp5AVg6+Vfq
sL3qP/Xz2IaLmHTgHmjhwOQsa7y5THAkUhBzv9Q+BSbo2Qb/6orQnvBcDuhCFs7j
DRnm602Axmqa4zTOQjfkg9ag6WXB+8AIeKFnJuX+Ynw9LVRVTq2DCJqyNVhZbNw=
=LrXD
-----END PGP SIGNATURE-----

3
squid-4.0.1.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:170ef2db8a8d9416c27389d03ec0bed565b500e9c579ef17ed3308e338984cef
size 2337656

20
squid-4.0.1.tar.xz.asc Normal file
View File

@ -0,0 +1,20 @@
File: squid-4.0.1.tar.xz
Date: Wed Oct 14 07:12:20 UTC 2015
Size: 2337656
MD5 : 95c2e01bd5ff09185fe9c4afa0ce746a
SHA1: da5c117c4431b2a9fb743466078c4d7e1be8a1f4
Key : 0xFF5CF463 <squid3@treenet.co.nz>
fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
keyring = http://www.squid-cache.org/pgp.asc
keyserver = subkeys.pgp.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJWHgUWAAoJELJo5wb/XPRjY8gH/RZNaVmDq64CpxtZDOCfyk3+
ye0ae20GuwJ3Ms19el+KwkRWin4SHs0ESNcrpRXjV+B+ponPQW/yAeqC+3TFqVTq
cDw+IWX52cN4zg9v5BEHvkWYSu7Fa/BjNdxweaR9D7tLYv0r/I1kNFuqK0eqecRi
MKilw8gfbq6V+fdGJqAc+Le87ZUkqx0B9YWsYkn5W0HWLLnT+WzAyrXULTbTCAAI
AMpTlAOz091pXI6gJRTBuKLMzXS5OL05BJn+3jq0J7BABXEsy9Ja7OLUPzBe24gL
4MtvVi5b6oFfFcXz4Plxf5/F9mBKT7AKbJTUYijLQ/FkQzdxx4BbUIfCNa9II+g=
=uXim
-----END PGP SIGNATURE-----

88
squid-brokenad.patch
View File

@ -2,7 +2,7 @@ Index: helpers/external_acl/kerberos_ldap_group/support_krb5.cc
===================================================================
--- helpers/external_acl/kerberos_ldap_group/support_krb5.cc.orig
+++ helpers/external_acl/kerberos_ldap_group/support_krb5.cc
@@ -81,7 +81,7 @@ k5_error(const char* msg, krb5_error_cod
@@ -80,7 +80,7 @@ k5_error(const char* msg, krb5_error_cod
* create Kerberos memory cache
*/
int
@ -10,59 +10,59 @@ Index: helpers/external_acl/kerberos_ldap_group/support_krb5.cc
+krb5_create_cache(struct main_args *margs, char *domain)
{
krb5_keytab keytab = 0;
@@ -178,8 +178,17 @@ krb5_create_cache(char *domain)
if (code) {
k5_error("Error while unparsing principal name",code);
} else {
- debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
- found = 1;
+ if (margs->brokenad == 1) {
+ if (!strncmp(principal_name,"HTTP/",strlen("HTTP/"))==0){
+ debug((char *) "%s| %s: DEBUG: Found principal without 'HTTP/' service name: %s NOT USING IT\n", LogTime(), PROGRAM, principal_name);
krb5_keytab keytab = NULL;
@@ -288,8 +288,17 @@ krb5_create_cache(char *domain)
if (code) {
k5_error("Error while unparsing principal name",code);
} else {
- debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
- found = 1;
+ if (margs->brokenad == 1) {
+ if (!strncmp(principal_name,"HTTP/",strlen("HTTP/"))==0){
+ debug((char *) "%s| %s: DEBUG: Found principal without 'HTTP/' service name: %s NOT USING IT\n", LogTime(), PROGRAM, principal_name);
+ } else {
+ debug((char *) "%s| %s: DEBUG: Found principal with 'HTTP/' service name: %s\n", LogTime(), PROGRAM, principal_name);
+ found = 1;
+ }
+ } else {
+ debug((char *) "%s| %s: DEBUG: Found principal with 'HTTP/' service name: %s\n", LogTime(), PROGRAM, principal_name);
+ debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
+ found = 1;
+ }
+ } else {
+ debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
+ found = 1;
+ }
}
}
}
#if USE_HEIMDAL_KRB5 || ( HAVE_KRB5_KT_FREE_ENTRY && HAVE_DECL_KRB5_KT_FREE_ENTRY )
Index: helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc
===================================================================
--- helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc.orig
+++ helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc
@@ -61,6 +61,7 @@ init_args(struct main_args *margs)
margs->rc_allow = 0;
@@ -66,6 +66,7 @@ init_args(struct main_args *margs)
margs->AD = 0;
margs->mdepth = 5;
margs->nokerberos = 0;
+ margs->brokenad = 0;
margs->ddomain = NULL;
margs->groups = NULL;
margs->ndoms = NULL;
@@ -179,7 +180,7 @@ main(int argc, char *const argv[])
@@ -189,7 +190,7 @@ main(int argc, char *const argv[])
init_args(&margs);
- while (-1 != (opt = getopt(argc, argv, "diasg:D:N:S:u:U:t:T:p:l:b:m:h"))) {
+ while (-1 != (opt = getopt(argc, argv, "diasxg:D:N:S:u:U:t:T:p:l:b:m:h"))) {
- while (-1 != (opt = getopt(argc, argv, "diasng:D:N:S:u:U:t:T:p:l:b:m:h"))) {
+ while (-1 != (opt = getopt(argc, argv, "diasnxg:D:N:S:u:U:t:T:p:l:b:m:h"))) {
switch (opt) {
case 'd':
debug_enabled = 1;
@@ -231,6 +232,9 @@ main(int argc, char *const argv[])
case 'S':
margs.llist = xstrdup(optarg);
@@ -206,6 +207,9 @@ main(int argc, char *const argv[])
case 'n':
margs.nokerberos = 1;
break;
+ case 'x':
+ margs.brokenad = 1;
+ break;
case 'h':
fprintf(stderr, "Usage: \n");
fprintf(stderr, "squid_kerb_ldap [-d] [-i] -g group list [-D domain] [-N netbios domain map] [-s] [-u ldap user] [-p ldap user password] [-l ldap url] [-b ldap bind path] [-a] [-m max depth] [-h]\n");
@@ -247,6 +251,7 @@ main(int argc, char *const argv[])
case 'g':
margs.glist = xstrdup(optarg);
break;
@@ -261,6 +265,7 @@ main(int argc, char *const argv[])
fprintf(stderr, "-l ldap url\n");
fprintf(stderr, "-b ldap bind path\n");
fprintf(stderr, "-s use SSL encryption with Kerberos authentication\n");
@ -74,18 +74,18 @@ Index: helpers/external_acl/kerberos_ldap_group/support.h
===================================================================
--- helpers/external_acl/kerberos_ldap_group/support.h.orig
+++ helpers/external_acl/kerberos_ldap_group/support.h
@@ -105,6 +105,7 @@ struct main_args {
int rc_allow;
@@ -106,6 +106,7 @@ struct main_args {
int AD;
int mdepth;
int nokerberos;
+ int brokenad;
char *ddomain;
struct gdstruct *groups;
struct ndstruct *ndoms;
@@ -164,7 +165,7 @@ int create_nd(struct main_args *margs);
int create_ls(struct main_args *margs);
#ifdef HAVE_KRB5
@@ -181,7 +182,7 @@ struct kstruct {
char* mem_ccache[MAX_DOMAINS];
int ncache;
};
-int krb5_create_cache(char *domain);
+int krb5_create_cache(struct main_args *margs, char *domain);
void krb5_cleanup(void);
@ -95,12 +95,12 @@ Index: helpers/external_acl/kerberos_ldap_group/support_ldap.cc
===================================================================
--- helpers/external_acl/kerberos_ldap_group/support_ldap.cc.orig
+++ helpers/external_acl/kerberos_ldap_group/support_ldap.cc
@@ -898,7 +898,7 @@ get_memberof(struct main_args *margs, ch
debug((char *) "%s| %s: DEBUG: Setup Kerberos credential cache\n", LogTime(), PROGRAM);
#if HAVE_KRB5
- kc = krb5_create_cache(domain);
+ kc = krb5_create_cache(margs,domain);
if (kc) {
error((char *) "%s| %s: ERROR: Error during setup of Kerberos credential cache\n", LogTime(), PROGRAM);
}
@@ -902,7 +902,7 @@ get_memberof(struct main_args *margs, ch
kc = 1;
debug((char *) "%s| %s: DEBUG: Kerberos is disabled. Use username/password with ldap url instead\n", LogTime(), PROGRAM);
} else {
- kc = krb5_create_cache(domain);
+ kc = krb5_create_cache(margs,domain);
if (kc) {
error((char *) "%s| %s: ERROR: Error during setup of Kerberos credential cache\n", LogTime(), PROGRAM);
}

10
squid-config.patch
View File

@ -2,7 +2,7 @@ Index: src/cf.data.pre
===================================================================
--- src/cf.data.pre.orig
+++ src/cf.data.pre
@@ -1460,6 +1460,8 @@ http_access deny manager
@@ -1498,6 +1498,8 @@ http_access deny manager
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
@ -11,7 +11,7 @@ Index: src/cf.data.pre
http_access allow localhost
# And finally deny all other access to this proxy
@@ -3692,6 +3694,10 @@ DOC_START
@@ -3645,6 +3647,10 @@ DOC_START
Instead, if you want Squid to use the entire disk drive,
subtract 20% and use that value.
@ -22,7 +22,7 @@ Index: src/cf.data.pre
'L1' is the number of first-level subdirectories which
will be created under the 'Directory'. The default is 16.
@@ -3810,7 +3816,7 @@ DOC_START
@@ -3763,7 +3769,7 @@ DOC_START
NOCOMMENT_START
# Uncomment and adjust the following to add a disk cache directory.
@ -31,7 +31,7 @@ Index: src/cf.data.pre
NOCOMMENT_END
DOC_END
@@ -4507,7 +4513,7 @@ DOC_END
@@ -4477,7 +4483,7 @@ DOC_END
NAME: logfile_rotate
TYPE: int
@ -39,4 +39,4 @@ Index: src/cf.data.pre
+DEFAULT: 0
LOC: Config.Log.rotateNumber
DOC_START
Specifies the number of logfile rotations to make when you
Specifies the default number of logfile rotations to make when you

65
squid.changes
View File

@ -1,3 +1,68 @@
-------------------------------------------------------------------
Sat Dec 5 00:36:04 UTC 2015 - boris@steki.net
- fixes for boo#956989
- updated pretrans scriptlet so it handles only rpm link vs folders issue
- pre scriptlet updated to not change configuration file without real need
for configuration updates
-------------------------------------------------------------------
Tue Oct 27 17:12:19 UTC 2015 - chris@computersalat.de
- update to 4.0.1
* Bug 4329: GCC 5.2 no known conversion for argument
* Bug 4292: negotiate_wrapper: Unreleased Resources
* Bug 4269: ignore-must-revalidate broken
* Bug 4190: assertion 'hash_remove_link' from Auth::User::cacheCleanup
* Bug 3920: Splay::remove() reference counting inconsistent
* Bug 3069: CONNECT method bytes sent logging
* Bug 2741 partial: libsecurity API for GnuTLS support
* Bug 1961 partial: redesign of URL handling
* Fix crash when parsing invalid squid.conf
* Fix eCAP: Return 'unknown body size' for bodies with unknown body sizes
* Remove unused OS detection: Sun, SysV, Ultrix, BSDi
* Remove cache_peer_domain directive
* RFC 6176 compliance: Remove SSLv2 support
* HTTP/1.1: Remove refresh_pattern ignore-auth and ignore-must-revalidate
* Remove GCC 2.x and 3.x detection and support
* C++11 compiler support is now mandatory
* Enable flexible transport protocol
* Enable long (--foo) command line parameters on squid binary
* Add per-rule refresh_pattern matching statistics
* Replace sslversion=N with tls-min-version=1.N
* Replace sslproxy_* directives with tls_outgoing_options
* Replace GNU atomics and related hacks with C++11 std::atomic
* Replace external_acl_type format %macros with logformat codes
* Support Ephemeral Elliptic Curve Diffie-Hellman (EECDH) key exchange
* Support Secure ICAP services
* Support rotate=N option on access_log
* Support bypass for non-HTTP intercepted traffic (on_unsupported_protocol)
* Support lifetime timeout for persistent connections (pconn_lifetime)
* Support timeout for URL-rewrite helper lookups (url_rewrite_timeout)
* Support logging fast things (nanosecond log resolution)
* Support ICAP/eCAP adaptation for 100-continue responses
* Support configurable helper queue size, with consistent defaults
and better overflow handling.
* Support named service PID file by default (pid_filename)
* url_lfs_rewrite: Add URL-rewriter based on local file existence
* negotiate_kerberos_auth: output group= kv-pair
* helper-mux: add man(8) page
* purge: convert README to man(1) page
* basic_msnt_multi_domain_auth: Superceeded by basic_smb_lm_auth
* basic_sspi_auth: fix MinGW compile errors
* negotiate_sspi_auth: fix various build errors
* Crypto-NG: libnettle Base64 algorithm support
* Parser-NG: HTTP Parser structural redesign
* libltdl: copyright updated to LGPL version 2.1
* ... and several performance optimizations
* ... and many documentation changes
* ... and much code cleanup and polishing
- fix dependency (C++11)
* gcc >= 4.7
- rebase squid-config.patch
- rebase and fix squid-brokenad.patch
-------------------------------------------------------------------
Thu Oct 15 14:57:13 UTC 2015 - jkeil@suse.de

78
squid.spec
View File

@ -20,14 +20,14 @@
%define squidconfdir %{_sysconfdir}/squid
Name: squid
Version: 3.5.10
Version: 4.0.1
Release: 0
Summary: A fully featured HTTP/1.0 proxy
License: GPL-2.0+
Group: Productivity/Networking/Web/Proxy
Url: http://www.squid-cache.org/Versions/v3/3.5
Source0: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz
Source1: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz.asc
Url: http://www.squid-cache.org/Versions/v4
Source0: http://www.squid-cache.org/Versions/v4/%{name}-%{version}.tar.xz
Source1: http://www.squid-cache.org/Versions/v4/%{name}-%{version}.tar.xz.asc
Source3: squid.init
Source4: squid.sysconfig
@ -57,7 +57,7 @@ BuildRequires: ed
BuildRequires: expat
#
BuildRequires: fdupes
BuildRequires: gcc-c++
BuildRequires: gcc-c++ >= 4.7
BuildRequires: krb5-devel
BuildRequires: libcap-devel
BuildRequires: libexpat-devel
@ -106,26 +106,20 @@ Requires(pre): %insserv_prereq
Requires: logrotate
Provides: http_proxy
# due to package rename
# Wed Aug 15 17:40:30 UTC 2012
Provides: %{name}3 = %{version}
Obsoletes: %{name}3 < %{version}
%description
Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite - we're getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. Squid offers a rich set of traffic optimization options, most of which are enabled by default for simpler installation and high performance.
Squis is a fully-featured HTTP/1.0 proxy which is almost (but not quite - we're getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. Squid offers a rich set of traffic optimization options, most of which are enabled by default for simpler installation and high performance.
Squid 3.5 represents a new feature release above 3.4.
Squid 4 represents a new feature release above 3.5.
The most important of these new features are:
* Support libecap v1.0
* Authentication helper query extensions
* Support named services
* Upgraded squidclient tool
* Helper support for concurrency channels
* Native FTP Relay
* Receive PROXY protocol, Versions 1 & 2
* Basic authentication MSNT helper changes
Configurable helper queue size
Helper concurrency channels changes
SSL support removal
MSNT-multi-domain helper removal
Secure ICAP
Elliptic Curve Diffie-Hellman (ECDH)
Improved SMP support
%prep
%setup -q
@ -306,29 +300,34 @@ fi
%service_add_pre %{name}.service
%endif
%pretrans
# Directory to symlink is not working in RPM so workaround it
# Occurs when updating from 3.4 to 3.5
error_dir="%{_datadir}/%{name}/errors"
for i in zh-cn zh-tw; do
if [ -d "$error_dir/$i" ]; then
rm -rf "$error_dir/$i" || true
fi
done
# emulate_httpd_log is gone with 3.5
if [ -e etc/%{name}/%{name}.conf ]; then
sed -i '/emulate_httpd_log/d' /etc/%{name}/%{name}.conf
fi
# update mode?
if [ "$1" -gt "1" ]; then
if [ -e %{_sysconfdir}/%{name}.conf -a ! -L %{_sysconfdir}/%{name}.conf -a ! -e %{_sysconfdir}/%{name}/%{name}.conf ]; then
echo "moving %{_sysconfdir}/%{name}.conf to %{_sysconfdir}/%{name}/%{name}.conf"
mv /%{_sysconfdir}/%{name}.conf /%{_sysconfdir}/%{name}/%{name}.conf
mv %{_sysconfdir}/%{name}.conf %{_sysconfdir}/%{name}/%{name}.conf
fi
# default group changed from nogroup to squid
%{_sbindir}/usermod -g %{name} %{name}
fi
# emulate_httpd_log is gone with 3.5
if [ -e %{_sysconfdir}/%{name}/%{name}.conf ]; then
if [ $(grep -c emulate_httpd_log %{_sysconfdir}/%{name}/%{name}.conf) -gt 0 ];then
sed -i '/emulate_httpd_log/d' %{_sysconfdir}/%{name}/%{name}.conf
fi
fi
%pretrans -p <lua>
-- Directory to symlink is not working in RPM so workaround it
-- Occurs when updating from 3.4 to 3.5
error_dir="%{_datadir}/%{name}/errors/"
bad_ones={"zh-cn","zh-tw"}
print("cleaning up old directories")
for i,f in pairs(bad_ones) do
pstat = posix.stat(error_dir..f)
if pstat and pstat.type == "directory" then
print ("moving away "..error_dir..f.." to "..error_dir..f .. ".rpmmoved")
--posix.rmdir(error_dir..f)
os.rename(error_dir..f, error_dir..f .. ".rpmmoved")
end
end
%post
%if 0%{?suse_version} >= 1140
@ -436,7 +435,7 @@ fi
%{_sbindir}/digest_edirectory_auth
## will get removed in 3.6 series
# http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html#toc2.8
%{_sbindir}/basic_msnt_multi_domain_auth
#%%{_sbindir}/basic_msnt_multi_domain_auth
##
%{_sbindir}/basic_ncsa_auth
%{_sbindir}/basic_nis_auth
@ -466,7 +465,7 @@ fi
%{_sbindir}/ext_session_acl
%{_sbindir}/ext_unix_group_acl
%{_sbindir}/ext_wbinfo_group_acl
%{_sbindir}/helper-mux.pl
%{_sbindir}/helper-mux
%{_sbindir}/log_db_daemon
%{_sbindir}/log_file_daemon
%{_sbindir}/negotiate_kerberos_auth
@ -486,6 +485,7 @@ fi
%{_sbindir}/unlinkd
%{_sbindir}/url_fake_rewrite
%{_sbindir}/url_fake_rewrite.sh
%{_sbindir}/url_lfs_rewrite
%if 0%{?suse_version}
%{_sbindir}/rc%{name}
%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}