Accepting request 348054 from server:proxy

1

OBS-URL: https://build.opensuse.org/request/show/348054
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=34

squid-3.5.10.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:736e69fbddd6e985d2f85c995526f0a2bc4294c46dfb6737c0ccf09274a458b3
-size 2297452

squid-3.5.10.tar.xz.asc

@@ -1,20 +0,0 @@
-File: squid-3.5.10.tar.xz
-Date: Thu Oct  1 15:37:56 UTC 2015
-Size: 2297452
-MD5 : 5ddc53bd6ff78234691a7ebbcbc6aa38
-SHA1: 804bbf5ef6ccdc277dacde83e086fad30d02da60
-Key : 0xFF5CF463 <squid3@treenet.co.nz>
-      fingerprint = EA31 CC5E 9488 E516 8D2D  CC5E B268 E706 FF5C F463
-      keyring = http://www.squid-cache.org/pgp.asc
-      keyserver = subkeys.pgp.net
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQEcBAABAgAGBQJWDVnkAAoJELJo5wb/XPRjC/MIAMUTJEgzajbcbpCJubfxL8+y
-gxV/SjysESmgjjgC7LdtEsz6X156zxPXNYbNC05NKZ0qLrMN0cHy1+LG1uIWie2c
-vFL0KmFllIRY9wiV2m4Y3uoEYvGFEWYviaW8edRJstZAEBe2ntSSvD+982rRwRgw
-mHDnjIUL9MnJGnjqVq+O3jq1M/lxmAYoiiJrDQM/Jkd6yvs73o4spRp5AVg6+Vfq
-sL3qP/Xz2IaLmHTgHmjhwOQsa7y5THAkUhBzv9Q+BSbo2Qb/6orQnvBcDuhCFs7j
-DRnm602Axmqa4zTOQjfkg9ag6WXB+8AIeKFnJuX+Ynw9LVRVTq2DCJqyNVhZbNw=
-=LrXD
------END PGP SIGNATURE-----

squid-4.0.3.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:81986fe42f2ee1423452799a9e9b3e0d575543e945fa922175ecbb80c9827947
+size 2341200

squid-4.0.3.tar.xz.asc

@@ -0,0 +1,20 @@
+File: squid-4.0.3.tar.xz
+Date: Sat Nov 28 16:16:30 UTC 2015
+Size: 2341200
+MD5 : 1b2c7e775d494993ea260ba959515162
+SHA1: 039396491f13c2da8f20252cce16509ce31ccaf3
+Key : 0xFF5CF463 <squid3@treenet.co.nz>
+      fingerprint = EA31 CC5E 9488 E516 8D2D  CC5E B268 E706 FF5C F463
+      keyring = http://www.squid-cache.org/pgp.asc
+      keyserver = subkeys.pgp.net
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQEcBAABAgAGBQJWWdSjAAoJELJo5wb/XPRjxtQIAMmFTrgiFwNo0gioSaUG7m8l
+7VlewDor+dRzhJ+KYPt0VhLbO8V6KjgoDmp1ISDpnQ3PgQaFP1v0tLLh5pfGRuUf
+rO8OQEowrmxIu/oe9/8Reh3ci1nsT/xXFC1DBWxhVwzy1I081xzmuEDS5s0OqhtE
+PlcyOPmWhT5fYiNfzmdIuJC+3NWW8k82nOtbFlR4vWdjtHWaIaZjgb3MCW3Y2mgb
+1dPSEUDLbB7V70qN8iE9pwh923eRMo7Y6u9ejImxbYzwZVA3kn/bnqyPFCAbYVmg
+D6fPumqfh5wab2Et1csNNK2daxpEelaAFTFX7eEUBLfRWCepDYU1U5KKtUxNaeg=
+=eU8K
+-----END PGP SIGNATURE-----

squid-brokenad.patch

@@ -2,7 +2,7 @@ Index: helpers/external_acl/kerberos_ldap_group/support_krb5.cc
 ===================================================================
 --- helpers/external_acl/kerberos_ldap_group/support_krb5.cc.orig
 +++ helpers/external_acl/kerberos_ldap_group/support_krb5.cc
-@@ -81,7 +81,7 @@ k5_error(const char* msg, krb5_error_cod
+@@ -80,7 +80,7 @@ k5_error(const char* msg, krb5_error_cod
   * create Kerberos memory cache
   */
  int
@@ -10,59 +10,59 @@ Index: helpers/external_acl/kerberos_ldap_group/support_krb5.cc
 +krb5_create_cache(struct main_args *margs, char *domain)
  {
  
-     krb5_keytab keytab = 0;
-@@ -178,8 +178,17 @@ krb5_create_cache(char *domain)
-             if (code) {
-                 k5_error("Error while unparsing principal name",code);
-             } else {
--                debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
--                found = 1;
-+		if (margs->brokenad == 1) {
-+                    if (!strncmp(principal_name,"HTTP/",strlen("HTTP/"))==0){
-+                        debug((char *) "%s| %s: DEBUG: Found principal without 'HTTP/' service name: %s NOT USING IT\n", LogTime(), PROGRAM, principal_name);
+     krb5_keytab keytab = NULL;
+@@ -288,8 +288,17 @@ krb5_create_cache(char *domain)
+                 if (code) {
+                     k5_error("Error while unparsing principal name",code);
+                 } else {
+-                    debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
+-                    found = 1;
++                    if (margs->brokenad == 1) {
++                        if (!strncmp(principal_name,"HTTP/",strlen("HTTP/"))==0){
++                            debug((char *) "%s| %s: DEBUG: Found principal without 'HTTP/' service name: %s NOT USING IT\n", LogTime(), PROGRAM, principal_name);
++                        } else {
++                            debug((char *) "%s| %s: DEBUG: Found principal with 'HTTP/' service name: %s\n", LogTime(), PROGRAM, principal_name);
++                            found = 1;
++                        }
 +                    } else {
-+                        debug((char *) "%s| %s: DEBUG: Found principal with 'HTTP/' service name: %s\n", LogTime(), PROGRAM, principal_name);
++                        debug((char *) "%s| %s: DEBUG: Found principal  name: %s\n", LogTime(), PROGRAM, principal_name);
 +                        found = 1;
 +                    }
-+                } else {
-+                    debug((char *) "%s| %s: DEBUG: Found principal  name: %s\n", LogTime(), PROGRAM, principal_name);
-+                    found = 1;
-+                }
+                 }
              }
-         }
  #if USE_HEIMDAL_KRB5 || ( HAVE_KRB5_KT_FREE_ENTRY && HAVE_DECL_KRB5_KT_FREE_ENTRY )
 Index: helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc
 ===================================================================
 --- helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc.orig
 +++ helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc
-@@ -61,6 +61,7 @@ init_args(struct main_args *margs)
-     margs->rc_allow = 0;
+@@ -79,6 +79,7 @@ init_args(struct main_args *margs)
      margs->AD = 0;
      margs->mdepth = 5;
+     margs->nokerberos = 0;
 +    margs->brokenad = 0;
      margs->ddomain = NULL;
      margs->groups = NULL;
      margs->ndoms = NULL;
-@@ -179,7 +180,7 @@ main(int argc, char *const argv[])
+@@ -202,7 +203,7 @@ main(int argc, char *const argv[])
  
      init_args(&margs);
  
--    while (-1 != (opt = getopt(argc, argv, "diasg:D:N:S:u:U:t:T:p:l:b:m:h"))) {
-+    while (-1 != (opt = getopt(argc, argv, "diasxg:D:N:S:u:U:t:T:p:l:b:m:h"))) {
+-    while (-1 != (opt = getopt(argc, argv, "diasng:D:N:S:u:U:t:T:p:l:b:m:h"))) {
++    while (-1 != (opt = getopt(argc, argv, "diasnxg:D:N:S:u:U:t:T:p:l:b:m:h"))) {
          switch (opt) {
          case 'd':
              debug_enabled = 1;
-@@ -231,6 +232,9 @@ main(int argc, char *const argv[])
-         case 'S':
-             margs.llist = xstrdup(optarg);
+@@ -219,6 +220,9 @@ main(int argc, char *const argv[])
+         case 'n':
+             margs.nokerberos = 1;
              break;
 +        case 'x':
 +            margs.brokenad = 1;
 +            break;
-         case 'h':
-             fprintf(stderr, "Usage: \n");
-             fprintf(stderr, "squid_kerb_ldap [-d] [-i] -g group list [-D domain] [-N netbios domain map] [-s] [-u ldap user] [-p ldap user password] [-l ldap url] [-b ldap bind path] [-a] [-m max depth] [-h]\n");
-@@ -247,6 +251,7 @@ main(int argc, char *const argv[])
+         case 'g':
+             margs.glist = xstrdup(optarg);
+             break;
+@@ -274,6 +278,7 @@ main(int argc, char *const argv[])
              fprintf(stderr, "-l ldap url\n");
              fprintf(stderr, "-b ldap bind path\n");
              fprintf(stderr, "-s use SSL encryption with Kerberos authentication\n");
@@ -74,18 +74,18 @@ Index: helpers/external_acl/kerberos_ldap_group/support.h
 ===================================================================
 --- helpers/external_acl/kerberos_ldap_group/support.h.orig
 +++ helpers/external_acl/kerberos_ldap_group/support.h
-@@ -105,6 +105,7 @@ struct main_args {
-     int rc_allow;
+@@ -106,6 +106,7 @@ struct main_args {
      int AD;
      int mdepth;
+     int nokerberos;
 +    int brokenad;
      char *ddomain;
      struct gdstruct *groups;
      struct ndstruct *ndoms;
-@@ -164,7 +165,7 @@ int create_nd(struct main_args *margs);
- int create_ls(struct main_args *margs);
- 
- #ifdef HAVE_KRB5
+@@ -181,7 +182,7 @@ struct kstruct {
+     char* mem_ccache[MAX_DOMAINS];
+     int ncache;
+ };
 -int krb5_create_cache(char *domain);
 +int krb5_create_cache(struct main_args *margs, char *domain);
  void krb5_cleanup(void);
@@ -95,12 +95,12 @@ Index: helpers/external_acl/kerberos_ldap_group/support_ldap.cc
 ===================================================================
 --- helpers/external_acl/kerberos_ldap_group/support_ldap.cc.orig
 +++ helpers/external_acl/kerberos_ldap_group/support_ldap.cc
-@@ -898,7 +898,7 @@ get_memberof(struct main_args *margs, ch
-         debug((char *) "%s| %s: DEBUG: Setup Kerberos credential cache\n", LogTime(), PROGRAM);
- 
- #if HAVE_KRB5
--        kc = krb5_create_cache(domain);
-+        kc = krb5_create_cache(margs,domain);
-         if (kc) {
-             error((char *) "%s| %s: ERROR: Error during setup of Kerberos credential cache\n", LogTime(), PROGRAM);
-         }
+@@ -902,7 +902,7 @@ get_memberof(struct main_args *margs, ch
+             kc = 1;
+             debug((char *) "%s| %s: DEBUG: Kerberos is disabled. Use username/password with ldap url instead\n", LogTime(), PROGRAM);
+         } else {
+-            kc = krb5_create_cache(domain);
++            kc = krb5_create_cache(margs,domain);
+             if (kc) {
+                 error((char *) "%s| %s: ERROR: Error during setup of Kerberos credential cache\n", LogTime(), PROGRAM);
+             }

squid-config.patch

@@ -2,7 +2,7 @@ Index: src/cf.data.pre
 ===================================================================
 --- src/cf.data.pre.orig
 +++ src/cf.data.pre
-@@ -1460,6 +1460,8 @@ http_access deny manager
+@@ -1498,6 +1498,8 @@ http_access deny manager
  # Adapt localnet in the ACL section to list your (internal) IP networks
  # from where browsing should be allowed
  http_access allow localnet
@@ -11,7 +11,7 @@ Index: src/cf.data.pre
  http_access allow localhost
  
  # And finally deny all other access to this proxy
-@@ -3692,6 +3694,10 @@ DOC_START
+@@ -3672,6 +3674,10 @@ DOC_START
  	Instead, if you want Squid to use the entire disk drive,
  	subtract 20% and use that value.
  
@@ -22,7 +22,7 @@ Index: src/cf.data.pre
  	'L1' is the number of first-level subdirectories which
  	will be created under the 'Directory'.  The default is 16.
  
-@@ -3810,7 +3816,7 @@ DOC_START
+@@ -3790,7 +3796,7 @@ DOC_START
  NOCOMMENT_START
  
  # Uncomment and adjust the following to add a disk cache directory.
@@ -31,7 +31,7 @@ Index: src/cf.data.pre
  NOCOMMENT_END
  DOC_END
  
-@@ -4507,7 +4513,7 @@ DOC_END
+@@ -4504,7 +4510,7 @@ DOC_END
  
  NAME: logfile_rotate
  TYPE: int
@@ -39,4 +39,4 @@ Index: src/cf.data.pre
 +DEFAULT: 0
  LOC: Config.Log.rotateNumber
  DOC_START
- 	Specifies the number of logfile rotations to make when you
+ 	Specifies the default number of logfile rotations to make when you

squid.changes

@@ -1,3 +1,99 @@
+-------------------------------------------------------------------
+Wed Dec  9 10:11:36 UTC 2015 - mpluskal@suse.com
+
+- Update to 4.0.3
+  * Bug 4372: missing template files
+  * Bug 4371: compile errors: no such file or directory: 
+		DiskIO/*/*DiskIOModule.o
+  * Bug 4368: A simpler and more robust HTTP request line parser
+  * Fix compile erorr on clang undefined reference to 
+		'__atomic_load_8'
+  * ext_kerberos_ldap_group_acl: Add missing workarounds for 
+		Heimdal Kerberos
+  * ext_ldap_group_acl: Allow unlimited LDAP search filter
+  * ext_unix_group_acl: Support -r parameter to strip @REALM from 
+		usernames
+  * ... and much code cleanup and polishing
+  * ... and all fixes from squid 3.5.11
+-	Changes for squid-4.0.2
+  * Regression Bug 4351: compile errors when authentication modules 
+		disabled
+  * Regression fix: HTTP/1.1 Transfer-Encoding:chunked parsing
+  * Bug 4359: assertion failure 'Comm::IsConnOpen(conn)' within 
+		ConnStateData::requestTimeout
+  * Bug 4356: segmentation fault using proxy_auth ACL
+  * Bug 4352: compile errors in OS X 10.11
+  * Bug 4021: ext_user_regex does exact match
+  * Bug 3574: avoid crashes, prohibit reconfiguration during 
+		shutdown
+  * Support re-assigning delay pools based on HTTP reply details
+ 	* ... and all fixes from squid 3.5.11
+
+-------------------------------------------------------------------
+Sat Dec  5 00:36:04 UTC 2015 - boris@steki.net
+
+- fixes for boo#956989
+  - updated pretrans scriptlet so it handles only rpm link vs folders issue
+  - pre scriptlet updated to not change configuration file without real need
+    for configuration updates
+
+
+-------------------------------------------------------------------
+Tue Oct 27 17:12:19 UTC 2015 - chris@computersalat.de
+
+- update to 4.0.1
+  * Bug 4329: GCC 5.2 no known conversion for argument
+  * Bug 4292: negotiate_wrapper: Unreleased Resources
+  * Bug 4269: ignore-must-revalidate broken
+  * Bug 4190: assertion 'hash_remove_link' from Auth::User::cacheCleanup
+  * Bug 3920: Splay::remove() reference counting inconsistent
+  * Bug 3069: CONNECT method bytes sent logging
+  * Bug 2741 partial: libsecurity API for GnuTLS support
+  * Bug 1961 partial: redesign of URL handling
+  * Fix crash when parsing invalid squid.conf
+  * Fix eCAP: Return 'unknown body size' for bodies with unknown body sizes
+  * Remove unused OS detection: Sun, SysV, Ultrix, BSDi
+  * Remove cache_peer_domain directive
+  * RFC 6176 compliance: Remove SSLv2 support
+  * HTTP/1.1: Remove refresh_pattern ignore-auth and ignore-must-revalidate
+  * Remove GCC 2.x and 3.x detection and support
+  * C++11 compiler support is now mandatory
+  * Enable flexible transport protocol
+  * Enable long (--foo) command line parameters on squid binary
+  * Add per-rule refresh_pattern matching statistics
+  * Replace sslversion=N with tls-min-version=1.N
+  * Replace sslproxy_* directives with tls_outgoing_options
+  * Replace GNU atomics and related hacks with C++11 std::atomic
+  * Replace external_acl_type format %macros with logformat codes
+  * Support Ephemeral Elliptic Curve Diffie-Hellman (EECDH) key exchange
+  * Support Secure ICAP services
+  * Support rotate=N option on access_log
+  * Support bypass for non-HTTP intercepted traffic (on_unsupported_protocol)
+  * Support lifetime timeout for persistent connections (pconn_lifetime)
+  * Support timeout for URL-rewrite helper lookups (url_rewrite_timeout)
+  * Support logging fast things (nanosecond log resolution)
+  * Support ICAP/eCAP adaptation for 100-continue responses
+  * Support configurable helper queue size, with consistent defaults
+    and better overflow handling.
+  * Support named service PID file by default (pid_filename)
+  * url_lfs_rewrite: Add URL-rewriter based on local file existence
+  * negotiate_kerberos_auth: output group= kv-pair
+  * helper-mux: add man(8) page
+  * purge: convert README to man(1) page
+  * basic_msnt_multi_domain_auth: Superceeded by basic_smb_lm_auth
+  * basic_sspi_auth: fix MinGW compile errors
+  * negotiate_sspi_auth: fix various build errors
+  * Crypto-NG: libnettle Base64 algorithm support
+  * Parser-NG: HTTP Parser structural redesign
+  * libltdl: copyright updated to LGPL version 2.1
+  * ... and several performance optimizations
+  * ... and many documentation changes
+  * ... and much code cleanup and polishing
+- fix dependency (C++11)
+  * gcc >= 4.7
+- rebase squid-config.patch
+- rebase and fix squid-brokenad.patch
+
 -------------------------------------------------------------------
 Thu Oct 15 14:57:13 UTC 2015 - jkeil@suse.de
 

squid.spec

@@ -20,14 +20,14 @@
 %define         squidconfdir %{_sysconfdir}/squid
 
 Name:           squid
-Version:        3.5.10
+Version:        4.0.3
 Release:        0
 Summary:        A fully featured HTTP/1.0 proxy
 License:        GPL-2.0+
 Group:          Productivity/Networking/Web/Proxy
-Url:            http://www.squid-cache.org/Versions/v3/3.5
-Source0:        http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz
-Source1:        http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz.asc
+Url:            http://www.squid-cache.org/Versions/v4
+Source0:        http://www.squid-cache.org/Versions/v4/%{name}-%{version}.tar.xz
+Source1:        http://www.squid-cache.org/Versions/v4/%{name}-%{version}.tar.xz.asc
 
 Source3:        squid.init
 Source4:        squid.sysconfig
@@ -57,7 +57,7 @@ BuildRequires:  ed
 BuildRequires:  expat
 #
 BuildRequires:  fdupes
-BuildRequires:  gcc-c++
+BuildRequires:  gcc-c++ >= 4.7
 BuildRequires:  krb5-devel
 BuildRequires:  libcap-devel
 BuildRequires:  libexpat-devel
@@ -106,26 +106,20 @@ Requires(pre):  %insserv_prereq
 Requires:       logrotate
 Provides:       http_proxy
 
-# due to package rename
-# Wed Aug 15 17:40:30 UTC 2012
-Provides:       %{name}3 = %{version}
-Obsoletes:      %{name}3 < %{version}
-
 %description
-Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite - we're getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. Squid offers a rich set of traffic optimization options, most of which are enabled by default for simpler installation and high performance. 
+Squis is a fully-featured HTTP/1.0 proxy which is almost (but not quite - we're getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. Squid offers a rich set of traffic optimization options, most of which are enabled by default for simpler installation and high performance. 
 
-Squid 3.5 represents a new feature release above 3.4.
+Squid 4 represents a new feature release above 3.5.
 
 The most important of these new features are:
 
-  * Support libecap v1.0
-  * Authentication helper query extensions
-  * Support named services
-  * Upgraded squidclient tool
-  * Helper support for concurrency channels
-  * Native FTP Relay
-  * Receive PROXY protocol, Versions 1 & 2
-  * Basic authentication MSNT helper changes
+    Configurable helper queue size
+    Helper concurrency channels changes
+    SSL support removal
+    MSNT-multi-domain helper removal
+    Secure ICAP
+    Elliptic Curve Diffie-Hellman (ECDH)
+    Improved SMP support
 
 %prep
 %setup -q
@@ -306,29 +300,34 @@ fi
 %service_add_pre %{name}.service
 %endif
 
-%pretrans
-# Directory to symlink is not working in RPM so workaround it
-# Occurs when updating from 3.4 to 3.5
-error_dir="%{_datadir}/%{name}/errors"
-for i in zh-cn zh-tw; do
-  if [ -d "$error_dir/$i" ]; then
-	rm -rf "$error_dir/$i" || true
-  fi
-done
-# emulate_httpd_log is gone with 3.5
-if [ -e etc/%{name}/%{name}.conf ]; then
-  sed -i '/emulate_httpd_log/d' /etc/%{name}/%{name}.conf
-fi
-
 # update mode?
 if [ "$1" -gt "1" ]; then
   if [ -e %{_sysconfdir}/%{name}.conf -a ! -L %{_sysconfdir}/%{name}.conf -a ! -e %{_sysconfdir}/%{name}/%{name}.conf ]; then
     echo "moving %{_sysconfdir}/%{name}.conf to %{_sysconfdir}/%{name}/%{name}.conf"
-    mv /%{_sysconfdir}/%{name}.conf /%{_sysconfdir}/%{name}/%{name}.conf
+    mv %{_sysconfdir}/%{name}.conf %{_sysconfdir}/%{name}/%{name}.conf
   fi
-  # default group changed from nogroup to squid
-  %{_sbindir}/usermod -g %{name} %{name}
 fi
+# emulate_httpd_log is gone with 3.5
+if [ -e %{_sysconfdir}/%{name}/%{name}.conf ]; then
+  if [ $(grep -c emulate_httpd_log %{_sysconfdir}/%{name}/%{name}.conf) -gt 0 ];then
+     sed -i '/emulate_httpd_log/d' %{_sysconfdir}/%{name}/%{name}.conf
+  fi
+fi
+
+%pretrans -p <lua>
+-- Directory to symlink is not working in RPM so workaround it
+-- Occurs when updating from 3.4 to 3.5
+error_dir="%{_datadir}/%{name}/errors/"
+bad_ones={"zh-cn","zh-tw"}
+print("cleaning up old directories")
+for i,f in pairs(bad_ones) do
+  pstat = posix.stat(error_dir..f)
+  if pstat and pstat.type == "directory" then
+     print ("moving away "..error_dir..f.." to "..error_dir..f .. ".rpmmoved")
+     --posix.rmdir(error_dir..f)
+     os.rename(error_dir..f, error_dir..f .. ".rpmmoved")
+  end
+end
 
 %post
 %if 0%{?suse_version} >= 1140
@@ -436,7 +435,7 @@ fi
 %{_sbindir}/digest_edirectory_auth
 ## will get removed in 3.6 series
 # http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html#toc2.8
-%{_sbindir}/basic_msnt_multi_domain_auth
+#%%{_sbindir}/basic_msnt_multi_domain_auth
 ##
 %{_sbindir}/basic_ncsa_auth
 %{_sbindir}/basic_nis_auth
@@ -466,7 +465,7 @@ fi
 %{_sbindir}/ext_session_acl
 %{_sbindir}/ext_unix_group_acl
 %{_sbindir}/ext_wbinfo_group_acl
-%{_sbindir}/helper-mux.pl
+%{_sbindir}/helper-mux
 %{_sbindir}/log_db_daemon
 %{_sbindir}/log_file_daemon
 %{_sbindir}/negotiate_kerberos_auth
@@ -486,6 +485,7 @@ fi
 %{_sbindir}/unlinkd
 %{_sbindir}/url_fake_rewrite
 %{_sbindir}/url_fake_rewrite.sh
+%{_sbindir}/url_lfs_rewrite
 %if 0%{?suse_version}
 %{_sbindir}/rc%{name}
 %{_localstatedir}/adm/fillup-templates/sysconfig.%{name}