forked from pool/squid
Adam Majer
fcd32b7814
- update to 6.2:
* Major UI changes:
- Remove 8K limit for single access.log line
- Add tls_key_log to report TLS communication secrets
* Minor UI changes:
- Add %transport::>connection_id logformat code
- Add paranoid_hit_validation directive
- Report SMP store queues state (mgr:store_queues)
- Addcache_log_message directive
* Developer Interest changes:
- Replaced X-Cache and X-Cache-Lookup headers with Cache-Status
- Reject HTTP/1.0 requests with unusual framing
- codespell check added to source maintenance enforcement
- Streamlined ./configure handling of optional libraries
- Add –progress option to test-builds.sh
- Remove layer-00-bootstrap from test script
- Convert LRU map into a CLP map
- Remove legacy context-based debugging in favor of CodeContext
* Removed features:
- Remove unused cache_diff binary
- Remove obsolete membanger test
- Remove deprecated leakfinder (–enable-leakfinder)
OBS-URL: https://build.opensuse.org/request/show/1103093
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=277
24 lines
777 B
Diff
24 lines
777 B
Diff
Index: squid-6.2/tools/systemd/squid.service
|
|
===================================================================
|
|
--- squid-6.2.orig/tools/systemd/squid.service
|
|
+++ squid-6.2/tools/systemd/squid.service
|
|
@@ -11,6 +11,18 @@ Documentation=man:squid(8)
|
|
After=network.target network-online.target nss-lookup.target
|
|
|
|
[Service]
|
|
+# added automatically, for details please see
|
|
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
+ProtectSystem=full
|
|
+PrivateDevices=true
|
|
+ProtectHostname=true
|
|
+ProtectClock=true
|
|
+ProtectKernelTunables=true
|
|
+ProtectKernelModules=true
|
|
+ProtectKernelLogs=true
|
|
+ProtectControlGroups=true
|
|
+RestrictRealtime=true
|
|
+# end of automatic additions
|
|
Type=notify
|
|
PIDFile=/var/run/squid.pid
|
|
ExecStartPre=/usr/sbin/squid --foreground -z
|