Hello community,
here is the log from the commit of package squid for openSUSE:Factory checked in at 2016-01-28 17:23:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/squid (Old)
and /work/SRC/openSUSE:Factory/.squid.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "squid"
Changes:
--------
--- /work/SRC/openSUSE:Factory/squid/squid.changes 2015-12-09 22:34:26.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.squid.new/squid.changes 2016-01-28 17:23:58.000000000 +0100
@@ -2 +2 @@
-Wed Dec 9 10:11:36 UTC 2015 - mpluskal@suse.com
+Sun Jan 24 18:28:45 UTC 2016 - chris@computersalat.de
@@ -4,27 +4,37 @@
-- Update to 4.0.3
- * Bug 4372: missing template files
- * Bug 4371: compile errors: no such file or directory:
- DiskIO/*/*DiskIOModule.o
- * Bug 4368: A simpler and more robust HTTP request line parser
- * Fix compile erorr on clang undefined reference to
- '__atomic_load_8'
- * ext_kerberos_ldap_group_acl: Add missing workarounds for
- Heimdal Kerberos
- * ext_ldap_group_acl: Allow unlimited LDAP search filter
- * ext_unix_group_acl: Support -r parameter to strip @REALM from
- usernames
- * ... and much code cleanup and polishing
- * ... and all fixes from squid 3.5.11
-- Changes for squid-4.0.2
- * Regression Bug 4351: compile errors when authentication modules
- disabled
- * Regression fix: HTTP/1.1 Transfer-Encoding:chunked parsing
- * Bug 4359: assertion failure 'Comm::IsConnOpen(conn)' within
- ConnStateData::requestTimeout
- * Bug 4356: segmentation fault using proxy_auth ACL
- * Bug 4352: compile errors in OS X 10.11
- * Bug 4021: ext_user_regex does exact match
- * Bug 3574: avoid crashes, prohibit reconfiguration during
- shutdown
- * Support re-assigning delay pools based on HTTP reply details
- * ... and all fixes from squid 3.5.11
+- Changes to squid-3.5.13 (06 Jan 2016):
+ * Bug 4397: DragonFly BSD, POSIX shared memory is implemented as filepath
+ * Bug 4387: Kerberos build errors on Solaris
+ * TLS: Support Ephemeral Elliptic Curve Diffie-Hellman (EECDH) key exchange
+ * TLS: Complete certificate chains using external intermediate certificates
+ * Avoid memory leaks when an X.509 certificate validator is used with SslBump
+ * Fix connection retry and fallback after failed server TLS connections
+ * Fix GnuTLS detection via pkg-config
+ * Fix startup crash with a misconfigured (too-small) shared memory cache
+ * ... and some documentation updates
+- Changes to squid-3.5.12 (28 Nov 2015):
+ * Bug 4374: refresh_pattern config parser (%)
+ * Bug 4373: assertion 'calloutContext->redirect_state == REDIRECT_NONE'
+ * Bug 4228: links with krb5 libs despite --without options
+ * Fix SSL_get_certificate() problem detection
+ * Fix TLS handshake problem during Renegotiation
+ * Fix cache_peer forceddomain= in CONNECT
+ * Fix status code-based HTTP reason phrase for eCAP-generated messages
+ * Fix build errors in cpuafinity.cc
+ * ... and several documentation updates
+- Changes to squid-3.5.11 (01 Nov 2015):
+ * Bug 3574: crashes on reconfigure and startup
+ * Bug 4347: compile errors with LibreSSL 2.3
+ * Bug 4281: copy-paste typos in src/tools.cc
+ * Bug 4279: No response from proxy for FTP-download of non-existing file
+ * Bug 4188: Bumping intercepted SSL connections does not work on Solaris
+ * Fix incorrect authentication headers on cache digest requests
+ * Fix connection stats, including %= 4.7
-- rebase squid-config.patch
-- rebase and fix squid-brokenad.patch
Old:
----
squid-4.0.3.tar.xz
squid-4.0.3.tar.xz.asc
New:
----
squid-3.5.13.tar.xz
squid-3.5.13.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ squid.spec ++++++
--- /var/tmp/diff_new_pack.xkZAQU/_old 2016-01-28 17:23:59.000000000 +0100
+++ /var/tmp/diff_new_pack.xkZAQU/_new 2016-01-28 17:23:59.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package squid
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -20,14 +20,14 @@
%define squidconfdir %{_sysconfdir}/squid
Name: squid
-Version: 4.0.3
+Version: 3.5.13
Release: 0
Summary: A fully featured HTTP/1.0 proxy
License: GPL-2.0+
Group: Productivity/Networking/Web/Proxy
-Url: http://www.squid-cache.org/Versions/v4
-Source0: http://www.squid-cache.org/Versions/v4/%{name}-%{version}.tar.xz
-Source1: http://www.squid-cache.org/Versions/v4/%{name}-%{version}.tar.xz.asc
+Url: http://www.squid-cache.org/Versions/v3/3.5
+Source0: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz
+Source1: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz.asc
Source3: squid.init
Source4: squid.sysconfig
@@ -57,7 +57,7 @@
BuildRequires: expat
#
BuildRequires: fdupes
-BuildRequires: gcc-c++ >= 4.7
+BuildRequires: gcc-c++
BuildRequires: krb5-devel
BuildRequires: libcap-devel
BuildRequires: libexpat-devel
@@ -106,20 +106,26 @@
Requires: logrotate
Provides: http_proxy
+# due to package rename
+# Wed Aug 15 17:40:30 UTC 2012
+Provides: %{name}3 = %{version}
+Obsoletes: %{name}3 < %{version}
+
%description
-Squis is a fully-featured HTTP/1.0 proxy which is almost (but not quite - we're getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. Squid offers a rich set of traffic optimization options, most of which are enabled by default for simpler installation and high performance.
+Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite - we're getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. Squid offers a rich set of traffic optimization options, most of which are enabled by default for simpler installation and high performance.
-Squid 4 represents a new feature release above 3.5.
+Squid 3.5 represents a new feature release above 3.4.
The most important of these new features are:
- Configurable helper queue size
- Helper concurrency channels changes
- SSL support removal
- MSNT-multi-domain helper removal
- Secure ICAP
- Elliptic Curve Diffie-Hellman (ECDH)
- Improved SMP support
+ * Support libecap v1.0
+ * Authentication helper query extensions
+ * Support named services
+ * Upgraded squidclient tool
+ * Helper support for concurrency channels
+ * Native FTP Relay
+ * Receive PROXY protocol, Versions 1 & 2
+ * Basic authentication MSNT helper changes
%prep
%setup -q
@@ -307,12 +313,11 @@
mv %{_sysconfdir}/%{name}.conf %{_sysconfdir}/%{name}/%{name}.conf
fi
fi
-# emulate_httpd_log is gone with 3.5
-if [ -e %{_sysconfdir}/%{name}/%{name}.conf ]; then
- if [ $(grep -c emulate_httpd_log %{_sysconfdir}/%{name}/%{name}.conf) -gt 0 ];then
- sed -i '/emulate_httpd_log/d' %{_sysconfdir}/%{name}/%{name}.conf
- fi
-fi
+# emulate_httpd_log is gone with 3.2 not 3.5
+### rpmlint is complaining about modifying squid.conf
+#if [ -e etc/%{name}/%{name}.conf ]; then
+# sed -i '/emulate_httpd_log/d' /etc/%{name}/%{name}.conf
+#fi
%pretrans -p <lua>
-- Directory to symlink is not working in RPM so workaround it
@@ -435,7 +440,7 @@
%{_sbindir}/digest_edirectory_auth
## will get removed in 3.6 series
# http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html#toc2.8
-#%%{_sbindir}/basic_msnt_multi_domain_auth
+%{_sbindir}/basic_msnt_multi_domain_auth
##
%{_sbindir}/basic_ncsa_auth
%{_sbindir}/basic_nis_auth
@@ -465,7 +470,7 @@
%{_sbindir}/ext_session_acl
%{_sbindir}/ext_unix_group_acl
%{_sbindir}/ext_wbinfo_group_acl
-%{_sbindir}/helper-mux
+%{_sbindir}/helper-mux.pl
%{_sbindir}/log_db_daemon
%{_sbindir}/log_file_daemon
%{_sbindir}/negotiate_kerberos_auth
@@ -485,7 +490,6 @@
%{_sbindir}/unlinkd
%{_sbindir}/url_fake_rewrite
%{_sbindir}/url_fake_rewrite.sh
-%{_sbindir}/url_lfs_rewrite
%if 0%{?suse_version}
%{_sbindir}/rc%{name}
%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
++++++ squid-4.0.3.tar.xz -> squid-3.5.13.tar.xz ++++++
++++ 165399 lines of diff (skipped)
++++++ squid-4.0.3.tar.xz.asc -> squid-3.5.13.tar.xz.asc ++++++
--- /work/SRC/openSUSE:Factory/squid/squid-4.0.3.tar.xz.asc 2015-12-09 22:34:26.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.squid.new/squid-3.5.13.tar.xz.asc 2016-01-28 17:23:58.000000000 +0100
@@ -1,8 +1,8 @@
-File: squid-4.0.3.tar.xz
-Date: Sat Nov 28 16:16:30 UTC 2015
-Size: 2341200
-MD5 : 1b2c7e775d494993ea260ba959515162
-SHA1: 039396491f13c2da8f20252cce16509ce31ccaf3
+File: squid-3.5.13.tar.xz
+Date: Thu Jan 7 04:33:15 UTC 2016
+Size: 2379460
+MD5 : 7a22503cfc99e1f89cb309b5facfbbc3
+SHA1: 3c45f8a8522c67c633c85c65dbfe63ccaf6df0e8
Key : 0xFF5CF463
fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
keyring = http://www.squid-cache.org/pgp.asc
@@ -10,11 +10,11 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-iQEcBAABAgAGBQJWWdSjAAoJELJo5wb/XPRjxtQIAMmFTrgiFwNo0gioSaUG7m8l
-7VlewDor+dRzhJ+KYPt0VhLbO8V6KjgoDmp1ISDpnQ3PgQaFP1v0tLLh5pfGRuUf
-rO8OQEowrmxIu/oe9/8Reh3ci1nsT/xXFC1DBWxhVwzy1I081xzmuEDS5s0OqhtE
-PlcyOPmWhT5fYiNfzmdIuJC+3NWW8k82nOtbFlR4vWdjtHWaIaZjgb3MCW3Y2mgb
-1dPSEUDLbB7V70qN8iE9pwh923eRMo7Y6u9ejImxbYzwZVA3kn/bnqyPFCAbYVmg
-D6fPumqfh5wab2Et1csNNK2daxpEelaAFTFX7eEUBLfRWCepDYU1U5KKtUxNaeg=
-=eU8K
+iQEcBAABAgAGBQJWkOegAAoJELJo5wb/XPRjWIcIAK0RQqBz4QcEE6bZba5qLK+l
+T/hoKPMNi2QTjpR4WGIWhuw2YoX9HrWUceP8BZ0HsA9HssAG8Te5du0hjjOHNbxy
+3jMdSchM3KVLw7xlotDsp3CWRzFgYp3UE5Czcvy4vakggGNTPJ7NddgX1dda3ChG
+tl4yDlzOw6hkab4wEGbT0V8/WUbNEWtGFtZNCFdhL1hdtfKBXqtLwSo3/vLxqFJT
+85aQNU5C6bOAiz4LBLhIv7uY81vwIK73zFgGsiY3RBXe0ekC7Q9TvAh5wkejLM/b
+mp4xVXk6ZJXFBggbeUzBVR+OGEl4GhqEwI+6MULTc6DXVE4m5PvpF6wcn5yf9yg=
+=U8vk
-----END PGP SIGNATURE-----
++++++ squid-brokenad.patch ++++++
--- /var/tmp/diff_new_pack.xkZAQU/_old 2016-01-28 17:24:01.000000000 +0100
+++ /var/tmp/diff_new_pack.xkZAQU/_new 2016-01-28 17:24:01.000000000 +0100
@@ -2,7 +2,7 @@
===================================================================
--- helpers/external_acl/kerberos_ldap_group/support_krb5.cc.orig
+++ helpers/external_acl/kerberos_ldap_group/support_krb5.cc
-@@ -80,7 +80,7 @@ k5_error(const char* msg, krb5_error_cod
+@@ -81,7 +81,7 @@ k5_error(const char* msg, krb5_error_cod
* create Kerberos memory cache
*/
int
@@ -10,59 +10,59 @@
+krb5_create_cache(struct main_args *margs, char *domain)
{
- krb5_keytab keytab = NULL;
-@@ -288,8 +288,17 @@ krb5_create_cache(char *domain)
- if (code) {
- k5_error("Error while unparsing principal name",code);
- } else {
-- debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
-- found = 1;
-+ if (margs->brokenad == 1) {
-+ if (!strncmp(principal_name,"HTTP/",strlen("HTTP/"))==0){
-+ debug((char *) "%s| %s: DEBUG: Found principal without 'HTTP/' service name: %s NOT USING IT\n", LogTime(), PROGRAM, principal_name);
-+ } else {
-+ debug((char *) "%s| %s: DEBUG: Found principal with 'HTTP/' service name: %s\n", LogTime(), PROGRAM, principal_name);
-+ found = 1;
-+ }
+ krb5_keytab keytab = 0;
+@@ -178,8 +178,17 @@ krb5_create_cache(char *domain)
+ if (code) {
+ k5_error("Error while unparsing principal name",code);
+ } else {
+- debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
+- found = 1;
++ if (margs->brokenad == 1) {
++ if (!strncmp(principal_name,"HTTP/",strlen("HTTP/"))==0){
++ debug((char *) "%s| %s: DEBUG: Found principal without 'HTTP/' service name: %s NOT USING IT\n", LogTime(), PROGRAM, principal_name);
+ } else {
-+ debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
++ debug((char *) "%s| %s: DEBUG: Found principal with 'HTTP/' service name: %s\n", LogTime(), PROGRAM, principal_name);
+ found = 1;
+ }
- }
++ } else {
++ debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
++ found = 1;
++ }
}
+ }
#if USE_HEIMDAL_KRB5 || ( HAVE_KRB5_KT_FREE_ENTRY && HAVE_DECL_KRB5_KT_FREE_ENTRY )
Index: helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc
===================================================================
--- helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc.orig
+++ helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc
-@@ -79,6 +79,7 @@ init_args(struct main_args *margs)
+@@ -61,6 +61,7 @@ init_args(struct main_args *margs)
+ margs->rc_allow = 0;
margs->AD = 0;
margs->mdepth = 5;
- margs->nokerberos = 0;
+ margs->brokenad = 0;
margs->ddomain = NULL;
margs->groups = NULL;
margs->ndoms = NULL;
-@@ -202,7 +203,7 @@ main(int argc, char *const argv[])
+@@ -179,7 +180,7 @@ main(int argc, char *const argv[])
init_args(&margs);
-- while (-1 != (opt = getopt(argc, argv, "diasng:D:N:S:u:U:t:T:p:l:b:m:h"))) {
-+ while (-1 != (opt = getopt(argc, argv, "diasnxg:D:N:S:u:U:t:T:p:l:b:m:h"))) {
+- while (-1 != (opt = getopt(argc, argv, "diasg:D:N:S:u:U:t:T:p:l:b:m:h"))) {
++ while (-1 != (opt = getopt(argc, argv, "diasxg:D:N:S:u:U:t:T:p:l:b:m:h"))) {
switch (opt) {
case 'd':
debug_enabled = 1;
-@@ -219,6 +220,9 @@ main(int argc, char *const argv[])
- case 'n':
- margs.nokerberos = 1;
+@@ -231,6 +232,9 @@ main(int argc, char *const argv[])
+ case 'S':
+ margs.llist = xstrdup(optarg);
break;
+ case 'x':
+ margs.brokenad = 1;
+ break;
- case 'g':
- margs.glist = xstrdup(optarg);
- break;
-@@ -274,6 +278,7 @@ main(int argc, char *const argv[])
+ case 'h':
+ fprintf(stderr, "Usage: \n");
+ fprintf(stderr, "squid_kerb_ldap [-d] [-i] -g group list [-D domain] [-N netbios domain map] [-s] [-u ldap user] [-p ldap user password] [-l ldap url] [-b ldap bind path] [-a] [-m max depth] [-h]\n");
+@@ -247,6 +251,7 @@ main(int argc, char *const argv[])
fprintf(stderr, "-l ldap url\n");
fprintf(stderr, "-b ldap bind path\n");
fprintf(stderr, "-s use SSL encryption with Kerberos authentication\n");
@@ -74,18 +74,18 @@
===================================================================
--- helpers/external_acl/kerberos_ldap_group/support.h.orig
+++ helpers/external_acl/kerberos_ldap_group/support.h
-@@ -106,6 +106,7 @@ struct main_args {
+@@ -105,6 +105,7 @@ struct main_args {
+ int rc_allow;
int AD;
int mdepth;
- int nokerberos;
+ int brokenad;
char *ddomain;
struct gdstruct *groups;
struct ndstruct *ndoms;
-@@ -181,7 +182,7 @@ struct kstruct {
- char* mem_ccache[MAX_DOMAINS];
- int ncache;
- };
+@@ -164,7 +165,7 @@ int create_nd(struct main_args *margs);
+ int create_ls(struct main_args *margs);
+
+ #ifdef HAVE_KRB5
-int krb5_create_cache(char *domain);
+int krb5_create_cache(struct main_args *margs, char *domain);
void krb5_cleanup(void);
@@ -95,12 +95,12 @@
===================================================================
--- helpers/external_acl/kerberos_ldap_group/support_ldap.cc.orig
+++ helpers/external_acl/kerberos_ldap_group/support_ldap.cc
-@@ -902,7 +902,7 @@ get_memberof(struct main_args *margs, ch
- kc = 1;
- debug((char *) "%s| %s: DEBUG: Kerberos is disabled. Use username/password with ldap url instead\n", LogTime(), PROGRAM);
- } else {
-- kc = krb5_create_cache(domain);
-+ kc = krb5_create_cache(margs,domain);
- if (kc) {
- error((char *) "%s| %s: ERROR: Error during setup of Kerberos credential cache\n", LogTime(), PROGRAM);
- }
+@@ -898,7 +898,7 @@ get_memberof(struct main_args *margs, ch
+ debug((char *) "%s| %s: DEBUG: Setup Kerberos credential cache\n", LogTime(), PROGRAM);
+
+ #if HAVE_KRB5
+- kc = krb5_create_cache(domain);
++ kc = krb5_create_cache(margs,domain);
+ if (kc) {
+ error((char *) "%s| %s: ERROR: Error during setup of Kerberos credential cache\n", LogTime(), PROGRAM);
+ }
++++++ squid-config.patch ++++++
--- /var/tmp/diff_new_pack.xkZAQU/_old 2016-01-28 17:24:01.000000000 +0100
+++ /var/tmp/diff_new_pack.xkZAQU/_new 2016-01-28 17:24:01.000000000 +0100
@@ -2,7 +2,7 @@
===================================================================
--- src/cf.data.pre.orig
+++ src/cf.data.pre
-@@ -1498,6 +1498,8 @@ http_access deny manager
+@@ -1464,6 +1464,8 @@ http_access deny manager
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
@@ -11,7 +11,7 @@
http_access allow localhost
# And finally deny all other access to this proxy
-@@ -3672,6 +3674,10 @@ DOC_START
+@@ -3761,6 +3763,10 @@ DOC_START
Instead, if you want Squid to use the entire disk drive,
subtract 20% and use that value.
@@ -22,7 +22,7 @@
'L1' is the number of first-level subdirectories which
will be created under the 'Directory'. The default is 16.
-@@ -3790,7 +3796,7 @@ DOC_START
+@@ -3879,7 +3885,7 @@ DOC_START
NOCOMMENT_START
# Uncomment and adjust the following to add a disk cache directory.
@@ -31,7 +31,7 @@
NOCOMMENT_END
DOC_END
-@@ -4504,7 +4510,7 @@ DOC_END
+@@ -4576,7 +4582,7 @@ DOC_END
NAME: logfile_rotate
TYPE: int
@@ -39,4 +39,4 @@
+DEFAULT: 0
LOC: Config.Log.rotateNumber
DOC_START
- Specifies the default number of logfile rotations to make when you
+ Specifies the number of logfile rotations to make when you