Hello community,
here is the log from the commit of package squid.1661 for openSUSE:12.3:Update checked in at 2013-05-14 17:04:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.3:Update/squid.1661 (Old)
and /work/SRC/openSUSE:12.3:Update/.squid.1661.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "squid.1661"
Changes:
--------
New Changes file:
--- /dev/null 2013-05-09 10:40:33.472011256 +0200
+++ /work/SRC/openSUSE:12.3:Update/.squid.1661.new/squid.changes 2013-05-14 17:04:59.000000000 +0200
@@ -0,0 +1,1500 @@
+-------------------------------------------------------------------
+Thu May 2 11:41:47 UTC 2013 - bruno@ioda-net.ch
+
+- Packaging : fixed systemd squid.service
+ - Removed commented patch lines
+ - Rework on squid.service ExecStartPre line
+ remove dependency on unfunctionnal wrapper squid_cache_build.sh
+ New revision for squid.service (using only sed)
+ handle multiple cache_dir line
+ Added sed as require
+
+ - Fix bnc#802635 (creating cache struture fail on first call)
+ - Fixed Type=forking and remove the use off -N (non daemon flag)
+ - Fixed missing pid file
+ - Structural : add all -k to end of Exec/Stop line
+ - Ulimit : Added LimitNOFile=4096 ( same value as in /etc/sysconfig)
+ but there's no way to decode dynamically /etc/sysconfig
+ - Remove syslog.target ( no need anymore : advise from fcrozat )
+
+- Changes for squid 3.2.11 & 3.2.10 release (29 April 2013)
+ - Fix enter_suid/leave_suid build errors in ip/Intercept.cc
+ - GNU Hurd: define MAP_NORESERVE as no-op when missing
+ - Bug #3833: Option '-k' is not present in squidclient man page
+ - Bug #3817: Memory leak in SSL cert validate for alt_name peer certs
+ - Bug #3822: Locate LDAP and SASL headers in /usr/local/include for BSD support
+ - Bug #3825: basic_ncsa_auth segfaulting with glibc-2.17
+ - Bug #3774: -k reconfigure drops rock
+ - Bug #3565: Resuming postponed accept kills Squid
+ - HTTP/1.1: partial support for no-cache and private controls with parameters
+ - ssl_crtd: helpers dying during startup on ARM
+ - Updated copyright for icons/SN.png squid-3.2-11813.patch
+ - Revert r11810 - tools.h does not exist in 3.2 squid-3.2-11812.patch
+
+- Changes to squid-3.2.9 (12 Mar 2013):
+ - Regression fix: Accept-Language header parse
+ - Bug 3673: Silence 'Failed to select source' messages
+ - Fix authentication headers sent on peer digest requests
+ - Fix build error on Solaris, OpenIndiana, Omnios
+
+- Changes to squid-3.2.8 (02 Mar 2013):
+
+ - Bug 3767: tcp_outgoing_tos/mark ACLs do not obey acl_uses_indirect_client
+ - Bug 3763: diskd Error: no filename in shm buffer
+ - Bug 3752: objects that cannot be cached in memory are not cached on disk
+ - Bug 3753: Removes the domain from the cache_peer server pconn key
+ - Bug 3749: IDENT lookup using wrong ports to identify the user
+ - Bug 3723: tcp_outgoing_tos/mark broken for CONNECT requests
+ - Bug 3686: cache_dir max-size default fails
+ - Bug 3515: crash in FtpStateData::ftpTimeout
+ - Bug 3329: Quieten orphan Comm::Connection messages
+ - Make squid -z for cache_dir rock preserve the rock DB
+ - Fixed several server connect problems
+ - ... and some build issues on Solaris, OpenIndiana, MacOS X
+ - ... and some documentation and debugs polishing
+
+-------------------------------------------------------------------
+Sun Jan 13 20:09:22 UTC 2013 - chris@computersalat.de
+
+- Changes to squid-3.2.6 (09 Jan 2013):
+ fix for bnc#794954, CVE-2012-5643, SQUID:2012-1
+ - Regression Bug 3731: TOS setsockopt() requires int value
+ - Regression Bug 3712: Rotating logs overwrites the previous log
+ - Bug 3727: LLVM compile errors in kerberos_ldap_group
+ - Bug 3650: Negotiate auth missing challenge token
+ - Additional fixes for CVE-2012-5643 / SQUID:2012-1
+ * http://www.squid-cache.org/Advisories/SQUID-2012_1.txt
+ * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5643
+- rebase nobuilddates, config patches
+
+-------------------------------------------------------------------
+Sun Dec 30 14:56:38 UTC 2012 - chris@computersalat.de
+
+- Changes to squid-3.2.5 (10 Dec 2012):
+ - Bug 3698: Add missing include of errno.h
+- Changes to squid-3.2.4 (03 Dec 2012):
+ - Ported: urllogin ACL from squid 2.7
+ - Bug 3688: Lots of Orphan Comm:Connections to ICAP server
+ - Bug 3677: Port un-pinning logic changes from squid 3.3
+ - Bug 3405: ssl_crtd crashes failing to remove certificate
+ - ... and major bugs fixed in squid 3.1.22
+ - Fix accept_filter on Linux
+ - Remove 'Bungled' warning on missing component directives
+ - ... and many buffer and memory leak issues in the bundled helpers
+ - ... and a small amount of code polishing
+- remove obsolete glibc-217 patch
+
+-------------------------------------------------------------------
+Thu Nov 29 19:10:16 CET 2012 - sbrabec@suse.cz
+
+- Verify GPG signature.
+
+-------------------------------------------------------------------
+Sat Nov 17 09:38:19 UTC 2012 - aj@suse.de
+
+- Fix build with glibc 2.17 (add patch squid-glibc217.patch).
+
+-------------------------------------------------------------------
+Sun Oct 21 14:30:21 UTC 2012 - chris@computersalat.de
+
+- update to 3.2.3 (21 Oct 2012):
+ - Regression: SMP crashes on startup with workers > 1
+ - Bug 3655: pinning failure breaks NTLM and Negotiate authentication
+ - SMP: Allow a UFS cache_dir entry to coexist with a shared memory cache entry
+ - HTTP/1.1: honour Cache-Control before Pragma:no-cache
+ - HTTP/1.1: Cache-Control compliance upgrade
+ - Remove obsoleted refresh_pattern ignore-no-cache option
+ - Fix IPv6 enabled squidclient
+ - ... and several compile fixes
+
+-------------------------------------------------------------------
+Sat Oct 20 11:52:33 UTC 2012 - chris@computersalat.de
+
+- update to 3.2.2 (06 Oct 2012):
+ - Regression: Make login=PASS send no credentials when none available
+ - Regression: Handle dstdomain duplicates and overlapping names better
+ - Bug 3661: Segmentation fault when using more than 1 worker
+ - Bug 3660: ACLFilledChecklist::fd set with wrong fd for sslproxy_cert_error
+ - Bug 3658: ERR_ZERO_SIZE_OBJECT propagates out even after successful retry
+ - Bug 3648: polish String class files
+ - Bug 3647: parsing hier_code acl fails
+ - Bug 3626: forwarding loops on intercepted traffic
+ - Bug 3616: retrieve client connection for ACL checks from the related HttpRequest object
+ - Bug 3609: several RADIUS helper improvements
+ - Bug 3605: memory leak in Negotiate authentication
+ - Fix small memory leak in src ACL parse
+ - Fix maximum_single_addr_tries upgrade
+ - Fix chunked encoding on responses carrying a Content-Range header.
+ - Do not reuse persistent connections for PUTs to avoid ERR_ZERO_SIZE_OBJECT
+ - ... and several compile errors
+- fix deps
+ * add missing Obsoletes/Provides for squid3
+
+-------------------------------------------------------------------
+Wed Aug 15 17:40:30 UTC 2012 - chris@computersalat.de
+
+- package rename from squid3 back to squid
+ * old 'squid' (2.7STABLE9) now obsolete
+ * only one "stable" squid available >= 3.2
+
+-------------------------------------------------------------------
+Wed Aug 15 11:46:11 UTC 2012 - chris@computersalat.de
+
+- update to 3.2.1 (15 Aug 2012):
+ - Bug 3605: memory leak in peer selection
+ - Bug 3478: better default handling without -DSTRICT_ORIGINAL_DST
+ - ... and some documentation updates
+- rebase squid-config patch
+
+-------------------------------------------------------------------
+Fri Aug 3 11:27:00 UTC 2012 - chris@computersalat.de
+
+- update to 3.2.0.19 (02 Aug 2012)
+ - Regression Bug 3580: IDENT request makes squid crash
+ - Regression Bug 3577: File Descriptors not properly closed
+ - Regression Bug 3478: Allow peer selection and connection auth on intercepted traffic
+ - Regression Fix: Restore memory caching ability
+ - Bug 3556 Workaround: epoll assertion failed: comm.cc:1093: isOpen(fd)
+ - Bug 3551: store_rebuild.cc:116: "store_errors == 0" assertion
+ - Bug 3525: Do not resend nibbled PUTs and avoid "mustAutoConsume" assertion.
+ - Avoid bogus "Disk space over limit" warnings when rebuidling dirty ufs index
+ - Support custom headers in [request|reply]_header_* manglers
+ - ... and much code polishing
+- remove upstream patches
+ * 3.2-11611 - 3.2-11638
+- rebase config, nobuilddates, compiled_without_RPM_OPT_FLAGS patches
+
+-------------------------------------------------------------------
+Mon Jul 30 23:52:17 UTC 2012 - chris@computersalat.de
+
+- add upstream patches
+ * 3.2-11631 - 3.2-11638
+
+-------------------------------------------------------------------
+Fri Jul 27 13:11:15 UTC 2012 - chris@computersalat.de
+
+- update to 3.2.0.18 (29 Jun 2012)
+ - Bug 3576: ICY streams being Transfer-Encoding:chunked
+ - Bug 3537: statistics histogram leaks memory
+ - Bug 3526: digest authentication crash
+ - Bug 3484: Docs: sslproxy_cert_error example flawed
+ - Bug 3462: Delay Pools and ICAP
+ - Bug 3405: ssl_crtd crashes failing to remove certificate
+ - Bug 3380: Mac OSX compile errors with CMSG_SPACE
+ - Bug 3258: Requests hang when Host forgery verify fails
+ - Bug 3186: Digest auth caches failed state without revalidating
+ - Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring
+ - Bug 2885: AIX: check and set required compiler flags
+ - Fix ssl_crtd compile issues with libsslutil
+ - Fix build with GCC 4.7 (and probably other C++11 compilers).
+ - Fix double-escape of %R on deny_info redirect responses
+ - Support status 308 Permanent Redirect
+ - Support for TLSv1.1 and TLSv1.2 options and methods
+ - Support passing external_acl_type credentials on ICAP
+ - Language Updates: fr, hy, pt_BR
+ - ... and many compile issues on Windows
+ - ... and some minor code polish
+ for more info please see ChangeLog
++++ 1303 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:12.3:Update/.squid.1661.new/squid.changes
New:
----
README.kerberos
RELEASENOTES.html
pam.squid
rpmlintrc
squid-3.2.11.tar.bz2
squid-3.2.11.tar.bz2.asc
squid-compiled_without_RPM_OPT_FLAGS.patch
squid-config.patch
squid-nobuilddates.patch
squid.changes
squid.init
squid.keyring
squid.logrotate
squid.permissions
squid.service
squid.spec
squid.sysconfig
unsquid.pl
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ squid.spec ++++++
#
# spec file for package squid
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%define squidlibdir %{_libdir}/squid
%define squidconfdir /etc/squid
Name: squid
Summary: Squid Version 3.2 WWW Proxy Server
License: GPL-2.0+
Group: Productivity/Networking/Web/Proxy
Version: 3.2.11
Release: 0
Url: http://www.squid-cache.org/Versions/v3/3.2
Source0: http://www.squid-cache.org/Versions/v3/3.2/%{name}-%{version}.tar.bz2
Source1: %{name}-%{version}.tar.bz2.asc
Source2: RELEASENOTES.html
Source3: squid.init
Source4: squid.sysconfig
Source5: pam.squid
Source6: unsquid.pl
Source7: %{name}.logrotate
Source9: %{name}.permissions
Source10: README.kerberos
Source11: %{name}.service
Source13: %{name}.keyring
#
# the following patches are downloaded directly from the webserver
# don't change the names for easier identification
#
# please read every file if there is interest about what the patch changes
# or just visit: http://www.squid-cache.org/Versions/v3/3.2/changesets/
#
#
# Upstream patch
# Patch0:
# do not show some rpmlint warnings
Source99: rpmlintrc
# some useful defaults for squid
Patch100: %{name}-config.patch
# make build compare happy - remove build dates
Patch101: %{name}-nobuilddates.patch
## File is compiled without RPM_OPT_FLAGS
# squid3 no-rpm-opt-flags <cmdline>:./cf_gen.cc
Patch102: %{name}-compiled_without_RPM_OPT_FLAGS.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: %fillup_prereq
PreReq: %insserv_prereq
PreReq: /usr/bin/getent
PreReq: permissions
PreReq: pwdutils
BuildRequires: db-devel
# needed by bootstrap.sh
BuildRequires: cyrus-sasl-devel
BuildRequires: ed
BuildRequires: expat
BuildRequires: gcc-c++
BuildRequires: gpg-offline
BuildRequires: libcap-devel
BuildRequires: libexpat-devel
BuildRequires: libtool
BuildRequires: openldap2-devel
BuildRequires: opensp-devel
BuildRequires: openssl-devel
BuildRequires: pam-devel
BuildRequires: pkgconfig
BuildRequires: sharutils
#
%if 0%{?sles_version} == 9
BuildRequires: heimdal-devel
%else
BuildRequires: krb5-devel
%endif
#
%if 0%{?suse_version} > 1030 || 0%{?fedora_version} > 8
BuildRequires: fdupes
%endif
#
%if 0%{?suse_version} >= 1130
BuildRequires: pkgconfig(libxml-2.0)
%else
BuildRequires: libxml2-devel
%endif
%if 0%{?suse_version} > 1140
BuildRequires: systemd
%{?systemd_requires}
%define has_systemd 1
%endif
Requires: logrotate
Requires: sed
Provides: http_proxy
# due to package rename
# Wed Aug 15 17:40:30 UTC 2012
Provides: %{name}3 = %{version}
Obsoletes: %{name}3 < %{version}
%description
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator.
Squid 3.2 represents a new feature release above 3.1.
The most important of these new features are:
* CVE-2009-0801 : NAT interception vulnerability to malicious clients.
* NCSA helper DES algorithm password limits
* SMP scalability
* Helper Multiplexer and On-Demand
* Helper Name Changes
* Multi-Lingual manuals
* Solaris 10 pthreads Support
* Surrogate/1.0 protocol extensions to HTTP
* Logging Infrastructure Updated
* Client Bandwidth Limits
* Better eCAP support
* Cache Manager access changes
First STABLE release Date: 02 Aug 2010
Latest Release: 3.2.9
Latest Release Date: 12 Mar 2013
%prep
%gpg_verify %{S:1}
%setup -q -n %{name}-%{version}
cp %{S:10} .
# upstream patches after RELEASE
#
##### other patches
%patch100
perl -p -i -e 's|/usr/local/bin/perl|/usr/bin/perl|' `find -name "*.pl"`
chmod a-x CREDITS
%patch101
%patch102
%build
export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
export CXXFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
export LDFLAGS='-Wl,-z,relro,-z,now -pie'
./configure --prefix=/usr \
--sysconfdir=%{squidconfdir} \
--bindir=/usr/sbin \
--sbindir=/usr/sbin \
--localstatedir=/var \
--libexecdir=/usr/sbin \
--datadir=/usr/share/squid \
--mandir=%{_mandir} \
--libdir=%{_libdir} \
--sharedstatedir=/var/squid \
--with-logdir=/var/log/squid \
--with-pidfile=/var/run/squid.pid \
--with-dl \
--enable-disk-io \
--enable-storeio \
--enable-removal-policies=heap,lru \
--enable-icmp \
--enable-delay-pools \
--enable-esi \
--enable-icap-client \
--enable-useragent-log \
--enable-referer-log \
--enable-kill-parent-hack \
--enable-arp-acl \
--enable-ssl \
--enable-forw-via-db \
--enable-cache-digests \
--enable-linux-netfilter \
--with-large-files \
--enable-underscores \
--enable-auth \
--enable-auth-basic \
--enable-auth-ntlm \
--enable-auth-negotiate \
--enable-auth-digest \
--enable-external-acl-helpers=LDAP_group,eDirectory_userip,file_userip,kerberos_ldap_group,session,unix_group,wbinfo_group \
--enable-ntlm-fail-open \
--enable-stacktraces \
--enable-x-accelerator-vary \
--with-default-user=%{name} \
--disable-ident-lookups \
--enable-follow-x-forwarded-for
# overwrite the number of open filedescriptors of configure to 4096
# to be backward compatible, but numbers above should not be overwritten
if [ `awk '/SQUID_MAXFD/{print $3}' include/autoconf.h` -lt 4096 ]; then
set +x
echo "adapting SQUID_MAXFD to 4096"
set -x
perl -pi -e 's;(\#define SQUID_MAXFD) [0-9]+;$1 4096;' include/autoconf.h
fi
make SAMBAPREFIX=/usr %{?_smp_mflags}
%install
/usr/sbin/useradd -r -o -g nogroup -u 31 -s /bin/false -c "WWW-proxy squid" \
-d /var/cache/%{name} %{name} 2> /dev/null || :
install -d %{buildroot}%{_localstatedir}/{cache,log}/%{name}
chmod 750 %{buildroot}%{_localstatedir}/{cache,log}/%{name}
install -d %{buildroot}%{_prefix}/sbin
make install DESTDIR=%{buildroot} SAMBAPREFIX=/usr
mv %{buildroot}{/etc/%{name}/,/usr/share/%{name}/}mime.conf.default
ln -s /etc/%{name}/mime.conf %{buildroot}%{_datadir}/%{name} # backward compatible
install -d -m 755 %{buildroot}%{_sysconfdir}/permissions.d
install -m 644 %{SOURCE9} %{buildroot}%{_sysconfdir}/permissions.d/%{name}
install -d -m 755 %{buildroot}%{_sysconfdir}/logrotate.d
install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
install -D %{SOURCE3} %{buildroot}%{_sysconfdir}/init.d/%{name}
ln -sf %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rcsquid
install -D -m644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
install -d -m 755 doc/scripts
install scripts/*.pl doc/scripts
cat > doc/scripts/cachemgr.readme <<-EOT
cachemgr.cgi will now be found in %{_libdir}/%{name}
EOT
install -d -m 755 %{buildroot}/%{_libdir}/%{name}
mv %{buildroot}%{_sbindir}/cachemgr.cgi %{buildroot}/%{_libdir}/%{name}
install -d -m 755 doc/contrib
install %{SOURCE6} doc/contrib
install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/%{name}
rm -rf %{buildroot}%{squidconfdir}/errors
for i in errors/*; do
if [ -d $i ]; then
mkdir -p %{buildroot}%{_datadir}/%{name}/$i
install -m 644 $i/* %{buildroot}%{_datadir}/%{name}/$i
fi
done
ln -sf /usr/share/%{name}/errors/de %{buildroot}%{squidconfdir}/errors
# fix file duplicates
%if 0%{?suse_version} > 1030
%fdupes -s %{buildroot}%{_prefix}
%endif
%if 0%{?fedora_version} > 8
fdupes -q -n -r %{buildroot}%{_prefix}
%endif
%if 0%{?has_systemd}
install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service
%endif
%pre
# we need this group for squid (ntlmauth)
# read access to /var/lib/samba/winbindd_privileged
if [ -z "`%{_bindir}/getent group winbind 2>/dev/null`" ]; then
%{_sbindir}/groupadd -r winbind 2>/dev/null
fi
if [ -z "`%{_bindir}/getent passwd squid 2>/dev/null`" ]; then
%{_sbindir}/useradd -c "WWW-proxy squid" -d /var/cache/%{name} \
-G winbind -g nogroup -o -u 31 -r -s /bin/false \
%{name} 2>/dev/null
fi
# if squid is not member of winbind, add him
if [ `%{_bindir}/id -nG %{name} 2>/dev/null | grep -q winbind >/dev/null; echo $?` -ne 0 ]; then
%{_sbindir}/groupmod -A %{name} winbind 2>/dev/null
fi
%if 0%{?has_systemd}
%service_add_pre %{name}.service
%endif
%post
%if 0%{?sles_version} == 10
sed -i -e "s,\(^%{_sbindir}/pam_auth.*\)\(2755\),\14755," /etc/permissions.secure
%endif
%if 0%{?suse_version} >= 1140
%set_permissions %{_localstatedir}/cache/%{name}
%set_permissions %{_localstatedir}/log/%{name}
%endif
# update mode?
if [ "$1" -gt "1" ]; then
if [ -e etc/%{name}.conf -a ! -L etc/%{name}.conf -a ! -e etc/%{name}/%{name}.conf ]; then
echo "moving /etc/%{name}.conf to /etc/%{name}/%{name}.conf"
mv etc/%{name}.conf etc/%{name}/%{name}.conf
fi
fi
%{fillup_and_insserv -n "squid"}
%if 0%{?has_systemd}
%service_add_post squid.service
%endif
%preun
%stop_on_removal squid
%if 0%{?has_systemd}
%service_del_preun squid.service
%endif
%postun
%if 0%{?has_systemd}
%service_del_postun squid.service
%endif
%restart_on_update squid
%insserv_cleanup
%verifyscript
%verify_permissions -e /usr/sbin/pam_auth
%clean
rm -rf %{buildroot}
%files
%defattr(-,root,root)
%doc CONTRIBUTORS COPYING COPYRIGHT CREDITS ChangeLog
%doc QUICKSTART README RELEASENOTES.html SPONSORS*
%doc README.kerberos
%doc doc/contrib doc/scripts
%doc doc/debug-sections.txt src/%{name}.conf.default
%doc %{_mandir}/man?/*
%if 0%{?has_systemd}
%{_unitdir}/%{name}.service
%endif
%attr(750,%{name},root) %dir %{_localstatedir}/cache/%{name}/
%attr(750,%{name},root) %dir %{_localstatedir}/log/%{name}/
%dir %{squidconfdir}
%config(noreplace) %{squidconfdir}/cachemgr.conf
%config(noreplace) %{squidconfdir}/errorpage.css
%config(noreplace) %{squidconfdir}/errors
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%config(noreplace) %{squidconfdir}/mime.conf
%config(noreplace) %{squidconfdir}/msntauth.conf
%config(noreplace) %{squidconfdir}/%{name}.conf
%config %{squidconfdir}/cachemgr.conf.default
%config %{squidconfdir}/errorpage.css.default
%config %{squidconfdir}/msntauth.conf.default
%config %{squidconfdir}/%{name}.conf.default
%config %{squidconfdir}/%{name}.conf.documented
%config %{_sysconfdir}/pam.d/%{name}
%config %{_sysconfdir}/init.d/%{name}
%config %{_sysconfdir}/permissions.d/%{name}
%dir %{_datadir}/%{name}
%{_datadir}/%{name}/errors
%{_datadir}/%{name}/icons
%config %{_datadir}/%{name}/mib.txt
%{_datadir}/%{name}/mime.conf
%{_datadir}/%{name}/mime.conf.default
%{_sbindir}/basic_db_auth
%{_sbindir}/basic_fake_auth
%{_sbindir}/basic_getpwnam_auth
%{_sbindir}/basic_ldap_auth
%{_sbindir}/basic_msnt_auth
%{_sbindir}/basic_msnt_multi_domain_auth
%{_sbindir}/basic_ncsa_auth
%{_sbindir}/basic_nis_auth
#verify(not mode) %attr(4755,root,shadow) %{_sbindir}/basic_pam_auth
%{_sbindir}/basic_pam_auth
%{_sbindir}/basic_pop3_auth
%{_sbindir}/basic_radius_auth
%{_sbindir}/basic_sasl_auth
%{_sbindir}/basic_smb_auth
%{_sbindir}/basic_smb_auth.sh
%{_sbindir}/cert_tool
%{_sbindir}/digest_edirectory_auth
%{_sbindir}/digest_file_auth
%{_sbindir}/digest_ldap_auth
%{_sbindir}/diskd
%{_sbindir}/ext_edirectory_userip_acl
%{_sbindir}/ext_file_userip_acl
%{_sbindir}/ext_kerberos_ldap_group_acl
%{_sbindir}/ext_ldap_group_acl
%{_sbindir}/ext_unix_group_acl
%{_sbindir}/ext_wbinfo_group_acl
%{_sbindir}/helper-mux.pl
%{_sbindir}/log_file_daemon
%{_sbindir}/negotiate_kerberos_auth
%{_sbindir}/negotiate_kerberos_auth_test
%{_sbindir}/negotiate_wrapper_auth
%{_sbindir}/ntlm_fake_auth
%{_sbindir}/ntlm_smb_lm_auth
%{_sbindir}/pinger
%{_sbindir}/purge
%{_sbindir}/rc%{name}
%{_sbindir}/%{name}
%{_sbindir}/squidclient
%{_sbindir}/unlinkd
%{_sbindir}/url_fake_rewrite
%{_sbindir}/url_fake_rewrite.sh
%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
%dir %{_libdir}/%{name}
%{_libdir}/%{name}/cachemgr.cgi
%changelog
++++++ README.kerberos ++++++
This is the README.kerberos file
to have squid negotiate/authenticate via kerberos
any addons are very welcome
comments could be posted to
1) you need to add a "USER" inside your "Domain-Computers" Container
called "squid". Yes a "USER" and not a Computer.
You may use another name, but why ?
2) After having successfully created the user, you need to create a
keytab file on your WIN box.
Example: !! This is all in one line !!
ktpass -princ HTTP/squid@DOMAIN.REALM -pType KRB5_NT_PRINCIPAL \
-mapuser squid -pass * -out HTTP.keytab
3) copy over HTTP.keytab to /etc/squid/ on your linux box
4) you have to tell your browsers to negotiate via kerberos
Have a look at:
a) Internet Explorer does not support Kerberos authentication with proxy servers
http://support.microsoft.com/?scid=kb%3Ben-us%3B321728&x=19&y=14
This limitation was removed in Windows Internet Explorer 7.
If Integrated Windows Authentication is turned on in Internet Explorer
for Windows 2000 and Windows XP, you can complete Kerberos authentication
with Web servers either directly or through a proxy server. However,
Internet Explorer cannot use Kerberos to authenticate with the proxy
server itself.
b) Unable to negotiate Kerberos authentication after upgrading to Internet Explorer 6
http://support.microsoft.com/kb/299838/EN-US/
To resolve this issue, enable Internet Explorer 6 to respond to
a negotiate challenge and perform Kerberos authentication:
1. In Internet Explorer, click Internet Options on the Tools menu.
2. Click the Advanced tab, click to select the Enable
Integrated Windows Authentication (requires restart) check box
in the Security section, and then click OK.
3. Restart Internet Explorer.
Administrators can enable Integrated Windows Authentication by
setting the EnableNegotiate DWORD value to 1 in the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Note Internet Explorer 6, when used with Microsoft Windows 98,
Microsoft Windows 98 Second Edition, Microsoft Windows Millennium Edition,
and Microsoft Windows NT 4.0 does not respond to a negotiate challenge and
default to NTLM (or Windows NT Challenge/Response) authentication even if
the Enable Integrated Windows Authentication (requires restart) check
box is selected because Kerberos authentication is not available on
these operating systems.
++++++ RELEASENOTES.html ++++++
++++ 1284 lines (skipped)
++++++ pam.squid ++++++
#%PAM-1.0
auth include common-auth
account include common-account
password include common-password
session include common-session
++++++ rpmlintrc ++++++
addFilter("macro-in-comment")
addFilter("no-manual-page-for-binary")
++++++ squid-3.2.11.tar.bz2.asc ++++++
File: squid-3.2.11.tar.bz2
Date: Tue Apr 30 05:08:44 UTC 2013
Size: 2897354
MD5 : cdd3612bed27e8d513b713004c78bf5b
SHA1: 124c0af704f88afb2feb5054b36f253544173a4b
Key : 0xFF5CF463
fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
keyring = http://www.squid-cache.org/pgp.asc
keyserver = subkeys.pgp.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAABAgAGBQJRf1OIAAoJELJo5wb/XPRjwg4H/iNZaKfeqRLVtpFOXT0RKY+l
4+FVq1ptu6VLXRtkJWAj5RZfk6hmO9G+ZwZTnZWLf46c6kUvB/4Nlt0LD98FB9ng
ZtWfcTSked7idj3pInjMvNNa7j0qeOy4tvjUvxKtPAg2ZiRJXoPOKkS6TXnyyGvf
zlSWqmFUNvBsVULGALk9stq03jxqzf2CamNho8g2Tly//suJr8aHj38E8oMoCHWX
SCjo9yVTRdZjaGa6RKkyMGYpPpM9Wh4qIixAGT6Ih94YxzXg/mcWpcl6A6Pwc8CT
lrkKV2mDuGMoL1gGWYo8pUCEjvzKjRtoevu1wjzX/mqYbpilfLNnGg3vqZu7pfM=
=mQwq
-----END PGP SIGNATURE-----
++++++ squid-compiled_without_RPM_OPT_FLAGS.patch ++++++
Index: src/Makefile.am
===================================================================
--- src/Makefile.am.orig
+++ src/Makefile.am
@@ -917,7 +917,7 @@ cache_cf.o: cf_parser.cci
# cf_gen builds the configuration files.
cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES)
- $(HOSTCXX) -o $@ $(srcdir)/cf_gen.cc -I$(srcdir) -I$(top_builddir)/include/ -I$(top_builddir)/src
+ $(HOSTCXX) $(CXXFLAGS) -o $@ $(srcdir)/cf_gen.cc -I$(srcdir) -I$(top_builddir)/include/ -I$(top_builddir)/src
# squid.conf.default is built by cf_gen when making cf_parser.cci
squid.conf.default squid.conf.documented: cf_parser.cci
Index: src/Makefile.in
===================================================================
--- src/Makefile.in.orig
+++ src/Makefile.in
@@ -6573,7 +6573,7 @@ cache_cf.o: cf_parser.cci
# cf_gen builds the configuration files.
cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES)
- $(HOSTCXX) -o $@ $(srcdir)/cf_gen.cc -I$(srcdir) -I$(top_builddir)/include/ -I$(top_builddir)/src
+ $(HOSTCXX) $(CXXFLAGS) -o $@ $(srcdir)/cf_gen.cc -I$(srcdir) -I$(top_builddir)/include/ -I$(top_builddir)/src
# squid.conf.default is built by cf_gen when making cf_parser.cci
squid.conf.default squid.conf.documented: cf_parser.cci
++++++ squid-config.patch ++++++
Index: src/cf.data.pre
===================================================================
--- src/cf.data.pre.orig
+++ src/cf.data.pre
@@ -1081,6 +1081,8 @@ http_access deny CONNECT !SSL_ports
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
+
+# Allow localhost always proxy functionality
http_access allow localhost
# And finally deny all other access to this proxy
@@ -2782,6 +2784,10 @@ DOC_START
Instead, if you want Squid to use the entire disk drive,
subtract 20% and use that value.
+ Note on 'Mbytes': You need to consider the available RAM on the
+ machine versus the approx. 10MB RAM per 1GB of files which the
+ cache_dir index will consume.
+
'L1' is the number of first-level subdirectories which
will be created under the 'Directory'. The default is 16.
@@ -2896,7 +2902,7 @@ DOC_START
NOCOMMENT_START
# Uncomment and adjust the following to add a disk cache directory.
-#cache_dir ufs @DEFAULT_SWAP_DIR@ 100 16 256
+#cache_dir aufs @DEFAULT_SWAP_DIR@ 100 16 256
NOCOMMENT_END
DOC_END
@@ -3407,7 +3413,7 @@ DOC_END
NAME: logfile_rotate
TYPE: int
-DEFAULT: 10
+DEFAULT: 0
LOC: Config.Log.rotateNumber
DOC_START
Specifies the number of logfile rotations to make when you
++++++ squid-nobuilddates.patch ++++++
Index: helpers/basic_auth/fake/fake.cc
===================================================================
--- helpers/basic_auth/fake/fake.cc.orig
+++ helpers/basic_auth/fake/fake.cc
@@ -74,7 +74,7 @@ main(int argc, char *argv[])
process_options(argc, argv);
- debug("%s build " __DATE__ ", " __TIME__ " starting up...\n", program_name);
+ debug("%s starting up...\n", program_name);
while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) {
char *p;
@@ -90,6 +90,6 @@ main(int argc, char *argv[])
/* send 'OK' result back to Squid */
SEND_OK("");
}
- debug("%s build " __DATE__ ", " __TIME__ " shutting down...\n", program_name);
+ debug("%s shutting down...\n", program_name);
exit(0);
}
Index: helpers/external_acl/AD_group/ext_ad_group_acl.cc
===================================================================
--- helpers/external_acl/AD_group/ext_ad_group_acl.cc.orig
+++ helpers/external_acl/AD_group/ext_ad_group_acl.cc
@@ -815,8 +815,7 @@ main(int argc, char *argv[])
if (!DefaultDomain)
DefaultDomain = xstrdup(machinedomain);
}
- debug("External ACL win32 group helper build " __DATE__ ", " __TIME__
- " starting up...\n");
+ debug("External ACL win32 group helper build starting up...\n");
if (use_global)
debug("Domain Global group mode enabled using '%s' as default domain.\n", DefaultDomain);
if (use_case_insensitive_compare)
Index: helpers/external_acl/LM_group/ext_lm_group_acl.cc
===================================================================
--- helpers/external_acl/LM_group/ext_lm_group_acl.cc.orig
+++ helpers/external_acl/LM_group/ext_lm_group_acl.cc
@@ -546,8 +546,7 @@ main(int argc, char *argv[])
if (!DefaultDomain)
DefaultDomain = xstrdup(machinedomain);
}
- debug("External ACL win32 group helper build " __DATE__ ", " __TIME__
- " starting up...\n");
+ debug("External ACL win32 group helper build starting up...\n");
if (use_global)
debug("Domain Global group mode enabled using '%s' as default domain.\n", DefaultDomain);
if (use_case_insensitive_compare)
Index: helpers/negotiate_auth/SSPI/negotiate_sspi_auth.cc
===================================================================
--- helpers/negotiate_auth/SSPI/negotiate_sspi_auth.cc.orig
+++ helpers/negotiate_auth/SSPI/negotiate_sspi_auth.cc
@@ -272,7 +272,7 @@ main(int argc, char *argv[])
process_options(argc, argv);
- debug("%s build " __DATE__ ", " __TIME__ " starting up...\n", my_program_name);
+ debug("%s starting up...\n", my_program_name);
if (LoadSecurityDll(SSP_NTLM, NEGOTIATE_PACKAGE_NAME) == NULL) {
fprintf(stderr, "FATAL: %s: can't initialize SSPI, exiting.\n", argv[0]);
Index: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.cc
===================================================================
--- helpers/ntlm_auth/SSPI/ntlm_sspi_auth.cc.orig
+++ helpers/ntlm_auth/SSPI/ntlm_sspi_auth.cc
@@ -612,7 +612,7 @@ main(int argc, char *argv[])
process_options(argc, argv);
- debug("%s build " __DATE__ ", " __TIME__ " starting up...\n", my_program_name);
+ debug("%s starting up...\n", my_program_name);
if (LoadSecurityDll(SSP_NTLM, NTLM_PACKAGE_NAME) == NULL) {
fprintf(stderr, "FATAL, can't initialize SSPI, exiting.\n");
Index: helpers/ntlm_auth/fake/ntlm_fake_auth.cc
===================================================================
--- helpers/ntlm_auth/fake/ntlm_fake_auth.cc.orig
+++ helpers/ntlm_auth/fake/ntlm_fake_auth.cc
@@ -175,7 +175,7 @@ main(int argc, char *argv[])
process_options(argc, argv);
- debug("%s build " __DATE__ ", " __TIME__ " starting up...\n", my_program_name);
+ debug("%s starting up...\n", my_program_name);
while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) {
user[0] = '\0'; /*no user code */
Index: helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
===================================================================
--- helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc.orig
+++ helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
@@ -683,7 +683,7 @@ manage_request()
int
main(int argc, char *argv[])
{
- debug("ntlm_auth build " __DATE__ ", " __TIME__ " starting up...\n");
+ debug("ntlm_auth build starting up...\n");
my_program_name = argv[0];
process_options(argc, argv);
Index: helpers/url_rewrite/fake/fake.cc
===================================================================
--- helpers/url_rewrite/fake/fake.cc.orig
+++ helpers/url_rewrite/fake/fake.cc
@@ -79,7 +79,7 @@ main(int argc, char *argv[])
process_options(argc, argv);
- debug("%s build " __DATE__ ", " __TIME__ " starting up...\n", my_program_name);
+ debug("%s starting up...\n", my_program_name);
while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) {
char *p;
@@ -95,6 +95,6 @@ main(int argc, char *argv[])
/* send 'no-change' result back to Squid */
fprintf(stdout,"\n");
}
- debug("%s build " __DATE__ ", " __TIME__ " shutting down...\n", my_program_name);
+ debug("%s shutting down...\n", my_program_name);
exit(0);
}
++++++ squid.init ++++++
#!/bin/sh
# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH
# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH
# Copyright (c) 2002 SuSE Linux AG
#
# Author: Frank Bodammer, Peter Poeml, Klaus Singvogel
#
# /etc/init.d/squid
# and its symbolic link
# /(usr/)sbin/rcsquid
#
### BEGIN INIT INFO
# Provides: squid
# Required-Start: $local_fs $remote_fs $network $time
# Should-Start: apache $named winbind
# Required-Stop: $local_fs $remote_fs $network $time
# Should-Stop: apache $named winbind
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: Squid web cache
# Description: Start the Squid web cache, providing
# HTTP, FTP and other proxy services
### END INIT INFO
#
# Note on runlevels:
# 0 - halt/poweroff 6 - reboot
# 1 - single user 2 - multiuser without network exported
# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm)
# Check for missing binaries (stale symlinks should not happen)
# Note: Special treatment of stop for LSB conformance
SQUID_BIN=/usr/sbin/squid
test -x $SQUID_BIN || { echo "$SQUID_BIN not installed";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }
# Check for existence of needed config file and read it
SQUID_SYSCONFIG=/etc/sysconfig/squid
test -r $SQUID_SYSCONFIG || { echo "$SQUID_SYSCONFIG not existing";
if [ "$1" = "stop" ]; then exit 0;
else exit 6; fi; }
# Read config
. $SQUID_SYSCONFIG
SQUID_PID=/var/run/squid.pid
SQUID_CONF=/etc/squid/squid.conf
SQUID_S_T=${SQUID_SHUTDOWN_TIMEOUT:="60"}
SQUID_OPTS=${SQUID_START_OPTIONS:="-sY"}
SQUID_ULIMIT=${SQUID_DEFAULT_ULIMT:="4096"}
# determine which one is the cache_swap directory
SQUID_CACHE_DIR=$(perl -n -e \
'/^cache_dir\s+\S+\s+(.*)\s+\d+\s+\d+\s+\d+/ && print "$1"' $SQUID_CONF)
ulimit -n "$SQUID_ULIMIT"
#IN: $SQUID_CACHE_DIR
setup_squid_cache_dir(){
for adir in "$1" ; do
if [ ! -d $adir/00 ]; then # create missing cache directories
umask 027 # prevent users reading any cache data
echo -n " ($adir)"
$SQUID_BIN -z -F > /dev/null 2>&1
fi
if [ ! -d $adir/00 ]; then
echo " - failed while creating cache_dir ! "
rc_failed
rc_status -v
rc_exit
fi
done
sleep 2
}
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v be verbose in local rc status and clear it afterwards
# rc_status -v -r ditto and clear both the local and overall rc status
# rc_status -s display "skipped" and exit with status 3
# rc_status -u display "unused" and exit with status 3
# rc_failed set local and overall rc status to failed
# rc_failed <num> set local and overall rc status to <num>
# rc_reset clear both the local and overall rc status
# rc_exit exit appropriate to overall rc status
# rc_active checks whether a service is activated by symlinks
. /etc/rc.status
# Reset status of this service
rc_reset
case "$1" in
start)
echo -n "Starting WWW-proxy squid "
if /sbin/checkproc $SQUID_BIN ; then
echo -n "- Warning: squid already running ! "
rc_failed
else
[ -e $SQUID_PID ] && echo -n "- Warning: $SQUID_PID exists ! "
if [ -n "$SQUID_CACHE_DIR" -a -d "$SQUID_CACHE_DIR" ]; then
setup_squid_cache_dir "$SQUID_CACHE_DIR"
fi
fi
startproc -l /var/log/squid/rcsquid.log $SQUID_BIN "$SQUID_OPTS"
# Remember status and be verbose
rc_status -v
;;
stop)
echo -n "Shutting down WWW-proxy squid "
if /sbin/checkproc $SQUID_BIN ; then
$SQUID_BIN -k shutdown
sleep 2
if [ -e $SQUID_PID ] ; then
echo -n "- wait a minute or two... "
i="$SQUID_S_T"
while [ -e $SQUID_PID ] && [ $i -gt 0 ] ; do
sleep 2
i=$[$i-1]
echo -n "."
[ $i -eq 41 ] && echo
done
fi
if /sbin/checkproc $SQUID_BIN ; then
killproc -TERM $SQUID_BIN
echo -n " Warning: squid killed !"
fi
else
echo -n "- Warning: squid not running ! "
rc_failed 7
fi
# Remember status and be verbose
rc_status -v
;;
try-restart)
$0 status >/dev/null && $0 restart
# Remember status and be quiet
rc_status
;;
restart)
$0 stop
$0 start
# Remember status and be quiet
rc_status
;;
force-reload)
$0 reload
# Remember status and be quiet
rc_status
;;
reload)
echo -n "Reloading WWW-proxy squid "
if /sbin/checkproc $SQUID_BIN ; then
$SQUID_BIN -k rotate
sleep 2
$SQUID_BIN -k reconfigure
rc_status
else
echo -n "- Warning: squid not running ! "
rc_failed 7
fi
# Remember status and be verbose
rc_status -v
;;
status)
echo -n "Checking for WWW-proxy squid "
## Check status with checkproc(8), if process is running
## checkproc will return with exit status 0.
# Return value is slightly different for the status command:
# 0 - service up and running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running (unused)
# 4 - service status unknown :-(
# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
# NOTE: checkproc returns LSB compliant status values.
/sbin/checkproc $SQUID_BIN
# Remember status and be verbose
rc_status -v
;;
probe)
test $SQUID_CONF -nt $SQUID_PID && echo reload
;;
*)
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
exit 1
;;
esac
rc_exit
++++++ squid.keyring ++++++
pub 2048R/FF5CF463 2008-03-08
uid Amos Jeffries
uid Amos Jeffries
uid Amos Jeffries (Squid 3.0 Release Key)
uid Amos Jeffries (Squid 3.1 Release Key)
sub 2048R/D0F41EA3 2009-04-08 [expires: 2010-04-08]
sub 2048R/5EF49CEC 2010-05-01 [expires: 2011-05-01]
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.19 (GNU/Linux)
mQENBEfSAIMBCADk3IDpqpCzbLbSliZzXr5Z+K9ytG/qGlGut1be1ZQLcyaMKImi
xKCDwdxYS3N1B8Oj2mHxbEk/8pHZzX/K7l21HQotuj31y0Y9hNz4Sd06SuYm8XUa
ml8dHEtm9OfgRWkvexCp79CtFJQ1H6NL12d+XFosfRlUXxAWX3orLEtMWgdUmIXb
BaQjf+exkGisN1FPh9/ooOOuTu1c0LIRFUhb2kII7HuihaqEpSDdqTEefHWF8AbA
ZDs1+9nNIROJFsY5MX7QNnFnYC94J1aqImVoNbg0knurdPo8iR4hN5ZRUsj/Yjev
cbv0wisZryCtpPrGQ9r/i8bd0UxKql4VW9MXABEBAAG0IkFtb3MgSmVmZnJpZXMg
PGFtb3NAdHJlZW5ldC5jby5uej6JATkEEwECACMCGwMGCwkIBwMCBBUCCAMEFgID
AQIeAQIXgAIZAQUCS9wlXwAKCRCyaOcG/1z0Y9FpB/4sp8CCdb4agK4/EP/olLcN
1em51BS3715Q3A/iOuU9giMTfToqd94qDWiHCbNN+vrx4jjVPYok6QXEzKz5jK6n
VoRSaK+Se72GxdZVhcpcIHsdYcofmR6135RlC3W8aBTYlmX4Uw0FI3Cd9sthsBG0
sVy9tGDbhmUOsLsqzPyY1FIpq/FyZxoNIjUqaZWVqtOmw7+3LLdjp7xCgQ3dkqmX
d4KDhOWemwSMwD+v4eXSZ7KfHxIPG8Ep7nQfU5+0POl7oC5mVjSSUkWxDWAiFKZE
5H705J/8FUrOFmTO6D5esVgZ6BZ6ktXnRYzXmsN+7Yk+TLvP6MtBT09Q/y1IR21Z
tCRBbW9zIEplZmZyaWVzIDxzcXVpZDNAdHJlZW5ldC5jby5uej6JATYEEwECACAC
GwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCS9wlXwAKCRCyaOcG/1z0Y9gACACK
Y9HWgOhXP67v+ha8cSsUmOCtwVRt7cZ1xCs3kFTvgbUL2isBOORiDCuXjLEYBS8W
a9WCkmqznck+zwhwN8nRCZetTnrqa+elihcjM1wk+XaZRvOjV3Hjtr43hhBiQyJD
jWil0LL/R8Ul3l81zsLvUAXTZXSwxrbkscbfDG8HmYfeVT7WbuDAVTnFLVvip8u3
tOAy8GU0Kli0aTnVCBczejddM6Qerqiq4gSyove7y2S0PC0G0Nm7j/mqbngd0Inl
cSrC36+hWq8wU7/1skfLIALqMpvpMP8lqpvzzQyTameMOu79BZMw14FiZcELSAri
cbfFzUFgQ/qPdXS1J2P1tDxBbW9zIEplZmZyaWVzIChTcXVpZCAzLjAgUmVsZWFz
ZSBLZXkpIDxzcXVpZDNAdHJlZW5ldC5jby5uej6JATYEEwECACACGwMGCwkIBwMC
BBUCCAMEFgIDAQIeAQIXgAUCS9wlXwAKCRCyaOcG/1z0Y/UcB/473QtJku9QSHaH
68h+vXi9GU7rWGHcCs+HL20fzSnim+trAyoxv+MPUfPH416fgIIMmM9oZlTulp02
7AwHHUYXZsxzYLA/1bqCKYy7TF6DQ6bLVyuM/SddtAiajZQKUq8UwKILSRcGooJc
p4Iu8J7y4jLm/c+hjoLK6jK92tNUtoKGdLOQQ1JpKRRissihGvFg9nxFoFP+i531
3k6DKj91G1Z5R+bbP7Jf65CjdBENNq7rRNVHMBBscCHG7X332kVSacqEi4WFrjBT
EasduOmQRQ/frdptK2PmYrqw7F4CsQGo0C1WWXv/5q0gJFb1ovptL9QxmhvVHU0I
S0tnKl04tDxBbW9zIEplZmZyaWVzIChTcXVpZCAzLjEgUmVsZWFzZSBLZXkpIDxz
cXVpZDNAdHJlZW5ldC5jby5uej6JATYEEwECACACGwMGCwkIBwMCBBUCCAMEFgID
AQIeAQIXgAUCS9wlXwAKCRCyaOcG/1z0Y6WjB/0fFm7hFYxZxJvfm+GVU2DpWfQ7
5bW4f2WqjWJfKNpCwAILkySoD0B+h+HQRkbAQ/IjifbORdTUGuYqURysaJhCEP5J
eQ26hs9dUw/agpEamvROHE/PltHl1K3XIXs7mB2iwexhgncmpp0D4VH39cQiMkIL
Hixv5xRioXHK5P4JkclHJ+zLL3IbdgmS7UijA3Bg8hIUcpy2s+4hy5So8OrcgxDu
q4KwxKcQsklHYqXfxF9+tiy02FeGTSX3JyCVUuGCLMOMbFO6oWP3YWKQUuE9XpgG
0ykz2zEYHbzh8CG+AT/dA1sbjkQP5yTfR3NpPNilwJ7HK9Kn+2AXstRCuLSBuQEN
BEncrb0BCACtTMCBEd5FgBjNxrb+yzUKQtu8cZy6PmpeEaMlEDtAbs+Sd6wbyJe0
9ZY3OwSDisnA05hPqd3bxmi4CFtxE/2C//jWl1i9xVU7NyK+2CUxEHRoNBY9DAp0
IAvnZ1BNQcf6CYEMoyTR60GjTnCet2kHt+q9F+vVFmGVatPojUtg2irh+rYjvWbr
iiNCoweqeBqvp2beVqZChQDm5bRamgFW7S8bAhSn24tBZmettXQ6j4ZgjdqNIMgy
O80sCA31LTc3Jcd9WEIYEbJ/9aK+zVHdB1Tw43YQq62OosDeVENwSdE1pjh8R48W
dzCT5Rwe73X/ct5DRi0S/0QkcsjAep45ABEBAAGJAkQEGAECAA8FAkncrb0CGwIF
CQHhM4ABKQkQsmjnBv9c9GPAXSAEGQECAAYFAkncrb0ACgkQB4pjqtD0HqNTXwf/
fQcDlC/Nx4n4G2LFBRUNanlg3iAInNOfVPyB5fVWwLHZUVpxNm4qNKSGxw1YjVEl
h6EuMjNfQeE+i7Z4/L2Hbqd17M4vXXO4PxqkkUVmqIcIH/PKWJKI2gLlKjSebo4V
vgzPZXFzbKBeTy4URXyifVxu8p+i0+e1eyFB80+EACaHX1b8S9cl88ZgbEqm7mVg
HT+L28o+Y3MrSRpqkTnqfYA5I+bxMO2LNZShtReeKdDU1YB0XOKOB9Y6jOoOLt5g
GKAjYByFeqFbvCJhwfncDuZZ7Ny8PIXj0a8j8e7zZH9I4iCTrRt5eK/+8KBHwuTU
dliCktqtjYKTevjlaPlPw4qsB/496HNciuFiDHmofLKnuYXoR2N2Uo4b6ErmyuKT
KAXFhDiOj8MoN49mEbm0/FdZe+IL0aG7EEIz2+h3h9y7q15dqRawbchMBX1bu7aK
GdiQenyiWbGsliE7h/crxtLHqDQPg2CimQJI1Msx4ee2ePQ9DMPBHgd1TVN9B75Q
h46mJ612j4cIDYspFnqWKqXx52XRVEgyVL0ZFN0On5WukNoBWINqRnLlTJM0zdw5
jGhRad7B5ubdcPpbbDw9VLfNOOCAPK8jeQNPXMtvFIEoLXeo8wKbVQX33hV2y7kH
GCamA1A05gmJtiVaZBfph5MxAjYx0JdrzlcwrPB+4DNdj1jYuQENBEvcJYoBCADw
e4s2CBQxFf/yenctJYnmiFhppGH3f3RgteKl1rt2mpL3wK79IDrXucfzbxAbwSdA
52wcbaqBbsdguzyOF3bVPJL3c/bVZ/As7m3oOr4HRSpuh2cs5gATesjWRITVMMkO
kHo+69isPAe7vCX6+CgeldPjWSfIcg5sfEo183+V0g8bWiYemGueDKmLqLkwAyCM
gARpDPMKBgShnvRPe1ovG4a/GZilpS5u4QKzyj+3GmLbCHJQOODdDHdt0/AVkbh0
KUrneKZbvGQdWzC2NXyENa+13U1lG+WSyTsuQN09szd3rRCVITQKR+jnmWlIn3Ji
p0LpMazTENxcn4EN1s0tABEBAAGJAkQEGAECAA8FAkvcJYoCGwIFCQHhM4ABKQkQ
smjnBv9c9GPAXSAEGQECAAYFAkvcJYoACgkQ87HMiV70nOwr/QgAsQiZjDV70LrG
eh6GJvKYWpK35w57krCbqwivzZKDD499Et0DvIFUmkdn6xJAUpuFXzxkPHXWuCqn
cCQjRnqSm0sAVC612cQGStBZm73J0htqLbQc/NGqAzbc/5eOW5BxQJG0fhGIvNhu
1JS8Acbti2q0XfnDKuAwnJyZQsZmZBOAqj9kuB4ATwU4KWwPQGkfZ38W6VSlXbCV
NYoP7+PBSjM6gyjoOzC5U+1Tf7lZvlNEZEmR4Ls0V9XteGTnnJrpJLQ6iVB2dr97
ZY36Q3aOBhPMSxg/I6scj1iSgmAuAqTpY53qdSf2X24HEERtxR5AVFwmRVI0YQgx
KTeFJLIJMym+CACttZmyZoSWS1atRNhPb44/NRmtDv4mfFRgtwg2VcXAEL/ipPi5
nMYrfgZ1Zjbzf5e6r6O6qrBTjy7sHCIpT8E/RV0U7Wmh/MqCaJ6TlSFDLaoIYyl8
m5J46VDOd7XFEbU/59LwwP7wcgU4iNbjxNmjZy/zZCwi8zWnKLVGTgkqx51zsurF
5ZIzDS72Atlg2RAHdGhOaCqeNb5cw44Rh3XPdzTklcpoo3NcMXx/aUPHrRc+SBS6
iP6UMH+/IuiwOG6UhV1VxRlrVDb5J3/GTxHWPGtEiHNUjxHuH3EN2lj9oTKPKIhs
SHFot7e7PTf5fJ6rTzeQTL4VOWVOkq4M4xmZ
=k8xm
-----END PGP PUBLIC KEY BLOCK-----
++++++ squid.logrotate ++++++
/var/log/squid/cache.log {
compress
dateext
maxage 365
rotate 99
size=+1024k
notifempty
missingok
create 640 squid root
sharedscripts
postrotate
/etc/init.d/squid reload
endscript
}
/var/log/squid/access.log {
compress
dateext
maxage 365
rotate 99
size=+4096k
notifempty
missingok
create 640 squid root
sharedscripts
postrotate
/etc/init.d/squid reload
endscript
}
/var/log/squid/store.log {
compress
dateext
maxage 365
rotate 99
size=+4096k
notifempty
missingok
create 640 squid root
sharedscripts
postrotate
/etc/init.d/squid reload
endscript
}
++++++ squid.permissions ++++++
/var/cache/squid/ squid:root 750
/var/log/squid/ squid:root 750
++++++ squid.service ++++++
[Unit]
Description=Squid caching proxy
After=network.target named.service nss-lookup.service
[Service]
Type=forking
EnvironmentFile=-/etc/sysconfig/squid
ExecStartPre=/bin/sh -c "test -d \"`sed -n 's/^cache_dir\s\+[[:alnum:]]\+\s\+\([[:graph:]\/]\+\)\s.*/\1/p' /etc/squid/squid.conf | sed '1 q'`/00\" || /usr/sbin/squid -z -F -N -S -f /etc/squid/squid.conf"
ExecStart=/usr/sbin/squid -F $SQUID_START_OPTIONS -f /etc/squid/squid.conf
ExecReload=/usr/sbin/squid -F $SQUID_START_OPTIONS -f /etc/squid/squid.conf -k reconfigure
ExecStop=/usr/sbin/squid -F -f /etc/squid/squid.conf -k shutdown
LimitNOFILE=4096
PIDFile=/var/run/squid.pid
[Install]
WantedBy=multi-user.target
++++++ squid.sysconfig ++++++
## Path: Network/WWW/Proxy/squid
## Description: squid webproxy options
## Type: integer(1:)
## Default: "60"
#
# kill squid after this timeout in double-seconds with SIGTERM
#
SQUID_SHUTDOWN_TIMEOUT="60"
## Type: text
## Default: "-sY"
#
# squid daemon start options
#
SQUID_START_OPTIONS="-sY"
## Type: integer(1:)
## Default: "4096"
#
# default ulimit to set
#
SQUID_DEFAULT_ULIMT="4096"
++++++ unsquid.pl ++++++
#!/usr/bin/perl -w
#
# unsquid v0.2 -- Squid object dumper.
# Copyright (C) 2000 Avatar .
#
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, 51 Franklin Street, Suite 500, Boston, MA 02110-1335, USA
#
# $Id: unsquid,v 1.4 2000/03/11 17:31:06 avatar Exp $
=pod
=head1 NAME
unsquid - dump Squid objects
=head1 SYNOPSIS
B<unsquid> S<[ B<-d>I<dir> ]>
S<[ B<-t>I<type> ]>
S<[ B<-fv> ]>
S<[ B<-Vh> ]>
=head1 DESCRIPTION
unsquid dumps Squid cache files specified on the command line into
directories reflecting their original URLs, hence preserving the
original site layouts for off-line browsing.
Typically usage is
find /usr/local/squid/cache/??/ -type f -print | \
xargs unsquid -t 'image/.*' -d /tmp
The command line options are explained below.
=over
=item B<-t>I<type> S I<dir>>
Dump only files matching the MIME type regex I<type>.
=item B<-f> B<--force>
Overwrite existing files. For security reason, this option is disabled
when run as root.
=item B<-v> B<--verbose>
Print the URLs of dumped objects.
=item B<-d>I<dir> S I<dir>>
Dump the files inside I<dir>.
=item B<-V> B<--version>
Print the version number.
=item B<-h> B<--help>
Print a summary of command line options.
=back
=head1 AUTHOR
Avatar >
=cut
use POSIX;
use Getopt::Long;
use strict;
my $help = < \$destdir,
"type=s" => \$type,
"verbose|v+" => \$verbose,
"force!" => \$force,
"version|V" => \$showver,
"help" => \$showhelp);
if ($showver) {
print <.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE,
to the extent permitted by law.
EOT
exit;
}
if ($#ARGV < 0 or $showhelp) {
print $help;
exit;
}
if ($force and $< == 0) {
die "$0: root is not allowed to use the force option";
}
for (@ARGV) {
my ($url, $urllen);
# read 4 bytes from offset 56 as the length of the url
open(INFILE, "<$_") or die "$0: cannot open file $_ for reading: $!";
seek(INFILE, 56, SEEK_SET) or die "$0: cannot seek 56 bytes: $!";
read(INFILE, $urllen, 4) or die "$0: cannot read 4 bytes: $!";
$urllen = ord($urllen) - 1; # kill the last NUL
# read the url
read(INFILE, $url, $urllen);
# expand index urls
$url =~ s-/$-/$defaultindex-m;
# scan the contents
my ($seenheader);
while (<INFILE>) {
if ($seenheader) {
print OUTFILE;
next;
}
# if type is specified, do matching
if (/^Content-Type: /i and defined $type) {
m-[^:]*: (\w+/\w+)-;
last if $1 !~ /$type/;
next;
}
# at this point we must have matched the type
if (/^\r$/) {
$seenheader = 1;
makedir($url);
if (! defined $force and -e "$destdir/$url") {
warn "$0: file $destdir/$url exists, skipped";
last;
}
open(OUTFILE, ">$destdir/$url")
or die "$0: cannot open file $destdir/$url for writing: $!";
print "$url\n" if $verbose;
}
}
close(INFILE);
close(OUTFILE);
}
sub makedir {
my ($basename) = @_;
my $path = $destdir;
if (! -d $destdir) {
warn "$0: destination directory $destdir does not exist, making it";
mkdir $destdir, 0777 or die "$0: cannot mkdir $destdir: $!";
}
while( $basename =~ m-^([^/]*)/- ) {
$path .= "/".$1;
if (! -d $path) {
if (! mkdir $path, 0777) {
if (-f $path) {
# move the file in
open FILE, $path
or die "$0: cannot open $path for reading: $!";
undef $/;
my $buf = <FILE>;
$/ = "\n";
close FILE;
unlink $path;
mkdir $path, 0777
or die "$0: cannot make directory $path: $!";
open FILE, ">$path-redirect"
or die "$0: cannot open $path/$defaultindex for writing: $!";
print FILE $buf;
close FILE;
} else {
die "d$0: cannot mkdir $path: $!";
}
}
}
$basename = $';
}
}
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org