Accepting request 355597 from server:proxy:Test

squid 4 is Beta, revert to 3.5.x, update to 3.5.13

OBS-URL: https://build.opensuse.org/request/show/355597
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=97

squid-3.5.13.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e75d94671895270272883187296f17e26954bf00a090c97bfea8a4fc264a5b40
+size 2379460

squid-3.5.13.tar.xz.asc

@@ -0,0 +1,20 @@
+File: squid-3.5.13.tar.xz
+Date: Thu Jan  7 04:33:15 UTC 2016
+Size: 2379460
+MD5 : 7a22503cfc99e1f89cb309b5facfbbc3
+SHA1: 3c45f8a8522c67c633c85c65dbfe63ccaf6df0e8
+Key : 0xFF5CF463 <squid3@treenet.co.nz>
+      fingerprint = EA31 CC5E 9488 E516 8D2D  CC5E B268 E706 FF5C F463
+      keyring = http://www.squid-cache.org/pgp.asc
+      keyserver = subkeys.pgp.net
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQEcBAABAgAGBQJWkOegAAoJELJo5wb/XPRjWIcIAK0RQqBz4QcEE6bZba5qLK+l
+T/hoKPMNi2QTjpR4WGIWhuw2YoX9HrWUceP8BZ0HsA9HssAG8Te5du0hjjOHNbxy
+3jMdSchM3KVLw7xlotDsp3CWRzFgYp3UE5Czcvy4vakggGNTPJ7NddgX1dda3ChG
+tl4yDlzOw6hkab4wEGbT0V8/WUbNEWtGFtZNCFdhL1hdtfKBXqtLwSo3/vLxqFJT
+85aQNU5C6bOAiz4LBLhIv7uY81vwIK73zFgGsiY3RBXe0ekC7Q9TvAh5wkejLM/b
+mp4xVXk6ZJXFBggbeUzBVR+OGEl4GhqEwI+6MULTc6DXVE4m5PvpF6wcn5yf9yg=
+=U8vk
+-----END PGP SIGNATURE-----

squid-4.0.3.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:81986fe42f2ee1423452799a9e9b3e0d575543e945fa922175ecbb80c9827947
-size 2341200

squid-4.0.3.tar.xz.asc

@@ -1,20 +0,0 @@
-File: squid-4.0.3.tar.xz
-Date: Sat Nov 28 16:16:30 UTC 2015
-Size: 2341200
-MD5 : 1b2c7e775d494993ea260ba959515162
-SHA1: 039396491f13c2da8f20252cce16509ce31ccaf3
-Key : 0xFF5CF463 <squid3@treenet.co.nz>
-      fingerprint = EA31 CC5E 9488 E516 8D2D  CC5E B268 E706 FF5C F463
-      keyring = http://www.squid-cache.org/pgp.asc
-      keyserver = subkeys.pgp.net
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQEcBAABAgAGBQJWWdSjAAoJELJo5wb/XPRjxtQIAMmFTrgiFwNo0gioSaUG7m8l
-7VlewDor+dRzhJ+KYPt0VhLbO8V6KjgoDmp1ISDpnQ3PgQaFP1v0tLLh5pfGRuUf
-rO8OQEowrmxIu/oe9/8Reh3ci1nsT/xXFC1DBWxhVwzy1I081xzmuEDS5s0OqhtE
-PlcyOPmWhT5fYiNfzmdIuJC+3NWW8k82nOtbFlR4vWdjtHWaIaZjgb3MCW3Y2mgb
-1dPSEUDLbB7V70qN8iE9pwh923eRMo7Y6u9ejImxbYzwZVA3kn/bnqyPFCAbYVmg
-D6fPumqfh5wab2Et1csNNK2daxpEelaAFTFX7eEUBLfRWCepDYU1U5KKtUxNaeg=
-=eU8K
------END PGP SIGNATURE-----

squid-brokenad.patch

@@ -2,7 +2,7 @@ Index: helpers/external_acl/kerberos_ldap_group/support_krb5.cc
 ===================================================================
 --- helpers/external_acl/kerberos_ldap_group/support_krb5.cc.orig
 +++ helpers/external_acl/kerberos_ldap_group/support_krb5.cc
-@@ -80,7 +80,7 @@ k5_error(const char* msg, krb5_error_cod
+@@ -81,7 +81,7 @@ k5_error(const char* msg, krb5_error_cod
   * create Kerberos memory cache
   */
  int
@@ -10,59 +10,59 @@ Index: helpers/external_acl/kerberos_ldap_group/support_krb5.cc
 +krb5_create_cache(struct main_args *margs, char *domain)
  {
  
-     krb5_keytab keytab = NULL;
-@@ -288,8 +288,17 @@ krb5_create_cache(char *domain)
-                 if (code) {
-                     k5_error("Error while unparsing principal name",code);
-                 } else {
--                    debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
--                    found = 1;
-+                    if (margs->brokenad == 1) {
-+                        if (!strncmp(principal_name,"HTTP/",strlen("HTTP/"))==0){
-+                            debug((char *) "%s| %s: DEBUG: Found principal without 'HTTP/' service name: %s NOT USING IT\n", LogTime(), PROGRAM, principal_name);
-+                        } else {
-+                            debug((char *) "%s| %s: DEBUG: Found principal with 'HTTP/' service name: %s\n", LogTime(), PROGRAM, principal_name);
-+                            found = 1;
-+                        }
+     krb5_keytab keytab = 0;
+@@ -178,8 +178,17 @@ krb5_create_cache(char *domain)
+             if (code) {
+                 k5_error("Error while unparsing principal name",code);
+             } else {
+-                debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
+-                found = 1;
++		if (margs->brokenad == 1) {
++                    if (!strncmp(principal_name,"HTTP/",strlen("HTTP/"))==0){
++                        debug((char *) "%s| %s: DEBUG: Found principal without 'HTTP/' service name: %s NOT USING IT\n", LogTime(), PROGRAM, principal_name);
 +                    } else {
-+                        debug((char *) "%s| %s: DEBUG: Found principal  name: %s\n", LogTime(), PROGRAM, principal_name);
++                        debug((char *) "%s| %s: DEBUG: Found principal with 'HTTP/' service name: %s\n", LogTime(), PROGRAM, principal_name);
 +                        found = 1;
 +                    }
-                 }
++                } else {
++                    debug((char *) "%s| %s: DEBUG: Found principal  name: %s\n", LogTime(), PROGRAM, principal_name);
++                    found = 1;
++                }
              }
+         }
  #if USE_HEIMDAL_KRB5 || ( HAVE_KRB5_KT_FREE_ENTRY && HAVE_DECL_KRB5_KT_FREE_ENTRY )
 Index: helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc
 ===================================================================
 --- helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc.orig
 +++ helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc
-@@ -79,6 +79,7 @@ init_args(struct main_args *margs)
+@@ -61,6 +61,7 @@ init_args(struct main_args *margs)
+     margs->rc_allow = 0;
      margs->AD = 0;
      margs->mdepth = 5;
-     margs->nokerberos = 0;
 +    margs->brokenad = 0;
      margs->ddomain = NULL;
      margs->groups = NULL;
      margs->ndoms = NULL;
-@@ -202,7 +203,7 @@ main(int argc, char *const argv[])
+@@ -179,7 +180,7 @@ main(int argc, char *const argv[])
  
      init_args(&margs);
  
--    while (-1 != (opt = getopt(argc, argv, "diasng:D:N:S:u:U:t:T:p:l:b:m:h"))) {
-+    while (-1 != (opt = getopt(argc, argv, "diasnxg:D:N:S:u:U:t:T:p:l:b:m:h"))) {
+-    while (-1 != (opt = getopt(argc, argv, "diasg:D:N:S:u:U:t:T:p:l:b:m:h"))) {
++    while (-1 != (opt = getopt(argc, argv, "diasxg:D:N:S:u:U:t:T:p:l:b:m:h"))) {
          switch (opt) {
          case 'd':
              debug_enabled = 1;
-@@ -219,6 +220,9 @@ main(int argc, char *const argv[])
-         case 'n':
-             margs.nokerberos = 1;
+@@ -231,6 +232,9 @@ main(int argc, char *const argv[])
+         case 'S':
+             margs.llist = xstrdup(optarg);
              break;
 +        case 'x':
 +            margs.brokenad = 1;
 +            break;
-         case 'g':
-             margs.glist = xstrdup(optarg);
-             break;
-@@ -274,6 +278,7 @@ main(int argc, char *const argv[])
+         case 'h':
+             fprintf(stderr, "Usage: \n");
+             fprintf(stderr, "squid_kerb_ldap [-d] [-i] -g group list [-D domain] [-N netbios domain map] [-s] [-u ldap user] [-p ldap user password] [-l ldap url] [-b ldap bind path] [-a] [-m max depth] [-h]\n");
+@@ -247,6 +251,7 @@ main(int argc, char *const argv[])
              fprintf(stderr, "-l ldap url\n");
              fprintf(stderr, "-b ldap bind path\n");
              fprintf(stderr, "-s use SSL encryption with Kerberos authentication\n");
@@ -74,18 +74,18 @@ Index: helpers/external_acl/kerberos_ldap_group/support.h
 ===================================================================
 --- helpers/external_acl/kerberos_ldap_group/support.h.orig
 +++ helpers/external_acl/kerberos_ldap_group/support.h
-@@ -106,6 +106,7 @@ struct main_args {
+@@ -105,6 +105,7 @@ struct main_args {
+     int rc_allow;
      int AD;
      int mdepth;
-     int nokerberos;
 +    int brokenad;
      char *ddomain;
      struct gdstruct *groups;
      struct ndstruct *ndoms;
-@@ -181,7 +182,7 @@ struct kstruct {
-     char* mem_ccache[MAX_DOMAINS];
-     int ncache;
- };
+@@ -164,7 +165,7 @@ int create_nd(struct main_args *margs);
+ int create_ls(struct main_args *margs);
+ 
+ #ifdef HAVE_KRB5
 -int krb5_create_cache(char *domain);
 +int krb5_create_cache(struct main_args *margs, char *domain);
  void krb5_cleanup(void);
@@ -95,12 +95,12 @@ Index: helpers/external_acl/kerberos_ldap_group/support_ldap.cc
 ===================================================================
 --- helpers/external_acl/kerberos_ldap_group/support_ldap.cc.orig
 +++ helpers/external_acl/kerberos_ldap_group/support_ldap.cc
-@@ -902,7 +902,7 @@ get_memberof(struct main_args *margs, ch
-             kc = 1;
-             debug((char *) "%s| %s: DEBUG: Kerberos is disabled. Use username/password with ldap url instead\n", LogTime(), PROGRAM);
-         } else {
--            kc = krb5_create_cache(domain);
-+            kc = krb5_create_cache(margs,domain);
-             if (kc) {
-                 error((char *) "%s| %s: ERROR: Error during setup of Kerberos credential cache\n", LogTime(), PROGRAM);
-             }
+@@ -898,7 +898,7 @@ get_memberof(struct main_args *margs, ch
+         debug((char *) "%s| %s: DEBUG: Setup Kerberos credential cache\n", LogTime(), PROGRAM);
+ 
+ #if HAVE_KRB5
+-        kc = krb5_create_cache(domain);
++        kc = krb5_create_cache(margs,domain);
+         if (kc) {
+             error((char *) "%s| %s: ERROR: Error during setup of Kerberos credential cache\n", LogTime(), PROGRAM);
+         }

squid-config.patch

@@ -2,7 +2,7 @@ Index: src/cf.data.pre
 ===================================================================
 --- src/cf.data.pre.orig
 +++ src/cf.data.pre
-@@ -1498,6 +1498,8 @@ http_access deny manager
+@@ -1464,6 +1464,8 @@ http_access deny manager
  # Adapt localnet in the ACL section to list your (internal) IP networks
  # from where browsing should be allowed
  http_access allow localnet
@@ -11,7 +11,7 @@ Index: src/cf.data.pre
  http_access allow localhost
  
  # And finally deny all other access to this proxy
-@@ -3672,6 +3674,10 @@ DOC_START
+@@ -3761,6 +3763,10 @@ DOC_START
  	Instead, if you want Squid to use the entire disk drive,
  	subtract 20% and use that value.
  
@@ -22,7 +22,7 @@ Index: src/cf.data.pre
  	'L1' is the number of first-level subdirectories which
  	will be created under the 'Directory'.  The default is 16.
  
-@@ -3790,7 +3796,7 @@ DOC_START
+@@ -3879,7 +3885,7 @@ DOC_START
  NOCOMMENT_START
  
  # Uncomment and adjust the following to add a disk cache directory.
@@ -31,7 +31,7 @@ Index: src/cf.data.pre
  NOCOMMENT_END
  DOC_END
  
-@@ -4504,7 +4510,7 @@ DOC_END
+@@ -4576,7 +4582,7 @@ DOC_END
  
  NAME: logfile_rotate
  TYPE: int
@@ -39,4 +39,4 @@ Index: src/cf.data.pre
 +DEFAULT: 0
  LOC: Config.Log.rotateNumber
  DOC_START
- 	Specifies the default number of logfile rotations to make when you
+ 	Specifies the number of logfile rotations to make when you

squid.changes

@@ -1,33 +1,38 @@
 -------------------------------------------------------------------
-Wed Dec  9 10:11:36 UTC 2015 - mpluskal@suse.com
+Sun Jan 24 18:28:45 UTC 2016 - chris@computersalat.de
 
-- Update to 4.0.3
-  * Bug 4372: missing template files
-  * Bug 4371: compile errors: no such file or directory: 
-		DiskIO/*/*DiskIOModule.o
-  * Bug 4368: A simpler and more robust HTTP request line parser
-  * Fix compile erorr on clang undefined reference to 
-		'__atomic_load_8'
-  * ext_kerberos_ldap_group_acl: Add missing workarounds for 
-		Heimdal Kerberos
-  * ext_ldap_group_acl: Allow unlimited LDAP search filter
-  * ext_unix_group_acl: Support -r parameter to strip @REALM from 
-		usernames
-  * ... and much code cleanup and polishing
-  * ... and all fixes from squid 3.5.11
--	Changes for squid-4.0.2
-  * Regression Bug 4351: compile errors when authentication modules 
-		disabled
-  * Regression fix: HTTP/1.1 Transfer-Encoding:chunked parsing
-  * Bug 4359: assertion failure 'Comm::IsConnOpen(conn)' within 
-		ConnStateData::requestTimeout
-  * Bug 4356: segmentation fault using proxy_auth ACL
-  * Bug 4352: compile errors in OS X 10.11
-  * Bug 4021: ext_user_regex does exact match
-  * Bug 3574: avoid crashes, prohibit reconfiguration during 
-		shutdown
-  * Support re-assigning delay pools based on HTTP reply details
- 	* ... and all fixes from squid 3.5.11
+- Changes to squid-3.5.13 (06 Jan 2016):
+  * Bug 4397: DragonFly BSD, POSIX shared memory is implemented as filepath
+  * Bug 4387: Kerberos build errors on Solaris
+  * TLS: Support Ephemeral Elliptic Curve Diffie-Hellman (EECDH) key exchange
+  * TLS: Complete certificate chains using external intermediate certificates
+  * Avoid memory leaks when an X.509 certificate validator is used with SslBump
+  * Fix connection retry and fallback after failed server TLS connections
+  * Fix GnuTLS detection via pkg-config
+  * Fix startup crash with a misconfigured (too-small) shared memory cache
+  * ... and some documentation updates
+- Changes to squid-3.5.12 (28 Nov 2015):
+  * Bug 4374: refresh_pattern config parser (%)
+  * Bug 4373: assertion 'calloutContext->redirect_state == REDIRECT_NONE'
+  * Bug 4228: links with krb5 libs despite --without options
+  * Fix SSL_get_certificate() problem detection
+  * Fix TLS handshake problem during Renegotiation
+  * Fix cache_peer forceddomain= in CONNECT
+  * Fix status code-based HTTP reason phrase for eCAP-generated messages
+  * Fix build errors in cpuafinity.cc
+  * ... and several documentation updates
+- Changes to squid-3.5.11 (01 Nov 2015):
+  * Bug 3574: crashes on reconfigure and startup
+  * Bug 4347: compile errors with LibreSSL 2.3
+  * Bug 4281: copy-paste typos in src/tools.cc
+  * Bug 4279: No response from proxy for FTP-download of non-existing file
+  * Bug 4188: Bumping intercepted SSL connections does not work on Solaris
+  * Fix incorrect authentication headers on cache digest requests
+  * Fix connection stats, including %<lp, missing for persistent connections
+  * Fix invalid memory access issues in SBuf
+  * Avoid errors when parsing manager ACL in old squid.conf
+- rebase squid-config.patch
+- disable pre scriptlet (sed -i '/emulate_httpd_log/d' /etc/{name}/{name}.conf)
 
 -------------------------------------------------------------------
 Sat Dec  5 00:36:04 UTC 2015 - boris@steki.net
@@ -37,63 +42,6 @@ Sat Dec  5 00:36:04 UTC 2015 - boris@steki.net
   - pre scriptlet updated to not change configuration file without real need
     for configuration updates
 
-
--------------------------------------------------------------------
-Tue Oct 27 17:12:19 UTC 2015 - chris@computersalat.de
-
-- update to 4.0.1
-  * Bug 4329: GCC 5.2 no known conversion for argument
-  * Bug 4292: negotiate_wrapper: Unreleased Resources
-  * Bug 4269: ignore-must-revalidate broken
-  * Bug 4190: assertion 'hash_remove_link' from Auth::User::cacheCleanup
-  * Bug 3920: Splay::remove() reference counting inconsistent
-  * Bug 3069: CONNECT method bytes sent logging
-  * Bug 2741 partial: libsecurity API for GnuTLS support
-  * Bug 1961 partial: redesign of URL handling
-  * Fix crash when parsing invalid squid.conf
-  * Fix eCAP: Return 'unknown body size' for bodies with unknown body sizes
-  * Remove unused OS detection: Sun, SysV, Ultrix, BSDi
-  * Remove cache_peer_domain directive
-  * RFC 6176 compliance: Remove SSLv2 support
-  * HTTP/1.1: Remove refresh_pattern ignore-auth and ignore-must-revalidate
-  * Remove GCC 2.x and 3.x detection and support
-  * C++11 compiler support is now mandatory
-  * Enable flexible transport protocol
-  * Enable long (--foo) command line parameters on squid binary
-  * Add per-rule refresh_pattern matching statistics
-  * Replace sslversion=N with tls-min-version=1.N
-  * Replace sslproxy_* directives with tls_outgoing_options
-  * Replace GNU atomics and related hacks with C++11 std::atomic
-  * Replace external_acl_type format %macros with logformat codes
-  * Support Ephemeral Elliptic Curve Diffie-Hellman (EECDH) key exchange
-  * Support Secure ICAP services
-  * Support rotate=N option on access_log
-  * Support bypass for non-HTTP intercepted traffic (on_unsupported_protocol)
-  * Support lifetime timeout for persistent connections (pconn_lifetime)
-  * Support timeout for URL-rewrite helper lookups (url_rewrite_timeout)
-  * Support logging fast things (nanosecond log resolution)
-  * Support ICAP/eCAP adaptation for 100-continue responses
-  * Support configurable helper queue size, with consistent defaults
-    and better overflow handling.
-  * Support named service PID file by default (pid_filename)
-  * url_lfs_rewrite: Add URL-rewriter based on local file existence
-  * negotiate_kerberos_auth: output group= kv-pair
-  * helper-mux: add man(8) page
-  * purge: convert README to man(1) page
-  * basic_msnt_multi_domain_auth: Superceeded by basic_smb_lm_auth
-  * basic_sspi_auth: fix MinGW compile errors
-  * negotiate_sspi_auth: fix various build errors
-  * Crypto-NG: libnettle Base64 algorithm support
-  * Parser-NG: HTTP Parser structural redesign
-  * libltdl: copyright updated to LGPL version 2.1
-  * ... and several performance optimizations
-  * ... and many documentation changes
-  * ... and much code cleanup and polishing
-- fix dependency (C++11)
-  * gcc >= 4.7
-- rebase squid-config.patch
-- rebase and fix squid-brokenad.patch
-
 -------------------------------------------------------------------
 Thu Oct 15 14:57:13 UTC 2015 - jkeil@suse.de
 

squid.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package squid
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -20,14 +20,14 @@
 %define         squidconfdir %{_sysconfdir}/squid
 
 Name:           squid
-Version:        4.0.3
+Version:        3.5.13
 Release:        0
 Summary:        A fully featured HTTP/1.0 proxy
 License:        GPL-2.0+
 Group:          Productivity/Networking/Web/Proxy
-Url:            http://www.squid-cache.org/Versions/v4
-Source0:        http://www.squid-cache.org/Versions/v4/%{name}-%{version}.tar.xz
-Source1:        http://www.squid-cache.org/Versions/v4/%{name}-%{version}.tar.xz.asc
+Url:            http://www.squid-cache.org/Versions/v3/3.5
+Source0:        http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz
+Source1:        http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz.asc
 
 Source3:        squid.init
 Source4:        squid.sysconfig
@@ -57,7 +57,7 @@ BuildRequires:  ed
 BuildRequires:  expat
 #
 BuildRequires:  fdupes
-BuildRequires:  gcc-c++ >= 4.7
+BuildRequires:  gcc-c++
 BuildRequires:  krb5-devel
 BuildRequires:  libcap-devel
 BuildRequires:  libexpat-devel
@@ -106,20 +106,26 @@ Requires(pre):  %insserv_prereq
 Requires:       logrotate
 Provides:       http_proxy
 
-%description
-Squis is a fully-featured HTTP/1.0 proxy which is almost (but not quite - we're getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. Squid offers a rich set of traffic optimization options, most of which are enabled by default for simpler installation and high performance. 
+# due to package rename
+# Wed Aug 15 17:40:30 UTC 2012
+Provides:       %{name}3 = %{version}
+Obsoletes:      %{name}3 < %{version}
 
-Squid 4 represents a new feature release above 3.5.
+%description
+Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite - we're getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. Squid offers a rich set of traffic optimization options, most of which are enabled by default for simpler installation and high performance. 
+
+Squid 3.5 represents a new feature release above 3.4.
 
 The most important of these new features are:
 
-    Configurable helper queue size
-    Helper concurrency channels changes
-    SSL support removal
-    MSNT-multi-domain helper removal
-    Secure ICAP
-    Elliptic Curve Diffie-Hellman (ECDH)
-    Improved SMP support
+  * Support libecap v1.0
+  * Authentication helper query extensions
+  * Support named services
+  * Upgraded squidclient tool
+  * Helper support for concurrency channels
+  * Native FTP Relay
+  * Receive PROXY protocol, Versions 1 & 2
+  * Basic authentication MSNT helper changes
 
 %prep
 %setup -q
@@ -307,12 +313,11 @@ if [ "$1" -gt "1" ]; then
     mv %{_sysconfdir}/%{name}.conf %{_sysconfdir}/%{name}/%{name}.conf
   fi
 fi
-# emulate_httpd_log is gone with 3.5
-if [ -e %{_sysconfdir}/%{name}/%{name}.conf ]; then
-  if [ $(grep -c emulate_httpd_log %{_sysconfdir}/%{name}/%{name}.conf) -gt 0 ];then
-     sed -i '/emulate_httpd_log/d' %{_sysconfdir}/%{name}/%{name}.conf
-  fi
-fi
+# emulate_httpd_log is gone with 3.2 not 3.5
+### rpmlint is complaining about modifying squid.conf
+#if [ -e etc/%{name}/%{name}.conf ]; then
+#  sed -i '/emulate_httpd_log/d' /etc/%{name}/%{name}.conf
+#fi
 
 %pretrans -p <lua>
 -- Directory to symlink is not working in RPM so workaround it
@@ -435,7 +440,7 @@ end
 %{_sbindir}/digest_edirectory_auth
 ## will get removed in 3.6 series
 # http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html#toc2.8
-#%%{_sbindir}/basic_msnt_multi_domain_auth
+%{_sbindir}/basic_msnt_multi_domain_auth
 ##
 %{_sbindir}/basic_ncsa_auth
 %{_sbindir}/basic_nis_auth
@@ -465,7 +470,7 @@ end
 %{_sbindir}/ext_session_acl
 %{_sbindir}/ext_unix_group_acl
 %{_sbindir}/ext_wbinfo_group_acl
-%{_sbindir}/helper-mux
+%{_sbindir}/helper-mux.pl
 %{_sbindir}/log_db_daemon
 %{_sbindir}/log_file_daemon
 %{_sbindir}/negotiate_kerberos_auth
@@ -485,7 +490,6 @@ end
 %{_sbindir}/unlinkd
 %{_sbindir}/url_fake_rewrite
 %{_sbindir}/url_fake_rewrite.sh
-%{_sbindir}/url_lfs_rewrite
 %if 0%{?suse_version}
 %{_sbindir}/rc%{name}
 %{_localstatedir}/adm/fillup-templates/sysconfig.%{name}