Hello community, here is the log from the commit of package squid for openSUSE:Factory checked in at 2014-03-18 14:07:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/squid (Old) and /work/SRC/openSUSE:Factory/.squid.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "squid" Changes: -------- --- /work/SRC/openSUSE:Factory/squid/squid.changes 2014-01-23 15:56:49.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.squid.new/squid.changes 2014-03-18 14:07:04.000000000 +0100 @@ -1,0 +2,48 @@ +Sun Mar 16 08:54:50 UTC 2014 - [email protected] + +- added patch to force kerberos principalname handling + ( http://bugs.squid-cache.org/show_bug.cgi?id=4042 ) + * squid-brokenad.patch + +------------------------------------------------------------------- +Sat Mar 15 12:11:30 UTC 2014 - [email protected] + +- Changes to squid-3.4.4 (09 Mar 2014): + * Bug 4029: intercepted HTTPS requests bypass caching checks + * Bug 4001: remove use of strsep() + * Bug 3186 and 3628: Digest authentication always sending stale=false for nonce + * Fix stalled concurrent rock store reads + * Fix helper ID number assignment + * Fix build failures from CMSG related definitions + * Fix build failures from libcompat unsafe.h protections + * Copyright: Relicense helpers by Treehouse Networks Ltd. + * ... and all bug fixes from 3.3.12 +- fix for bnc#743563 + * fix spec(post): remove SLE_10 permissions stuff +- rebased patches: + * squid-compiled_without_RPM_OPT_FLAGS.patch + * squid-nobuilddates.patch + +------------------------------------------------------------------- +Fri Mar 14 14:34:27 UTC 2014 - [email protected] + +- add ssl bump to build config + +------------------------------------------------------------------- +Thu Feb 27 13:26:24 UTC 2014 - [email protected] + +- Changes to squid-3.4.3 (02 Feb 2014): + * Bug 4008: HttpHeader warnOnError should be an int not a bool + * Bug 4002: clang 3.4 unable to compile + * Bug 3996: Malformed DNS reply leads to crash + * Bug 3995: compile error on CentOS 5 with GCC 4.1.2 + * Bug 3975: atomic detection cross-compilation failure + * Bug 3971: "cannot aggregate mgr:client_list: cmd->profile != NULL" in SMP mode + * Bug 3954: compile failure in CpuAffinity.cc + * Bug 3927: tests/testRock fatal.cc required + * Fix memory leak in peer Cache Digest exchange + * Fix external_acl_type async loop failures + * Fix destination IP address cycling + * ... and a few polishing changes + +------------------------------------------------------------------- Old: ---- squid-3.4.2.tar.bz2 squid-3.4.2.tar.bz2.asc New: ---- squid-3.4.4.tar.bz2 squid-3.4.4.tar.bz2.asc squid-brokenad.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ squid.spec ++++++ --- /var/tmp/diff_new_pack.PJjK2v/_old 2014-03-18 14:07:05.000000000 +0100 +++ /var/tmp/diff_new_pack.PJjK2v/_new 2014-03-18 14:07:05.000000000 +0100 @@ -24,7 +24,7 @@ Summary: Squid Version 3.3 WWW Proxy Server License: GPL-2.0+ Group: Productivity/Networking/Web/Proxy -Version: 3.4.2 +Version: 3.4.4 Release: 0 Url: http://www.squid-cache.org/Versions/v3/3.4 #Source0: http://www.squid-cache.org/Versions/v3/3.3/%{name}-%{version}%{snap}.tar.bz2 @@ -60,6 +60,8 @@ ## File is compiled without RPM_OPT_FLAGS # squid3 no-rpm-opt-flags <cmdline>:./cf_gen.cc Patch102: %{name}-compiled_without_RPM_OPT_FLAGS.patch +# patch fixes kerberos principalname handling (http://bugs.squid-cache.org/show_bug.cgi?id=4042) +Patch103: squid-brokenad.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: %fillup_prereq PreReq: %insserv_prereq @@ -136,6 +138,7 @@ chmod a-x CREDITS %patch101 %patch102 +%patch103 %build export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF" @@ -162,6 +165,7 @@ --enable-kill-parent-hack \ --enable-arp-acl \ --enable-ssl \ + --enable-ssl-crtd \ --enable-forw-via-db \ --enable-cache-digests \ --enable-linux-netfilter \ @@ -218,6 +222,7 @@ install -d -m 755 doc/contrib install %{SOURCE6} doc/contrib install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/%{name} +install -D -m 644 ./helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 %{buildroot}%{_mandir}/man8/ext_kerberos_ldap_group_acl.8 rm -rf %{buildroot}%{squidconfdir}/errors for i in errors/*; do @@ -261,9 +266,6 @@ %endif %post -%if 0%{?sles_version} == 10 -sed -i -e "s,\(^%{_sbindir}/pam_auth.*\)\(2755\),\14755," /etc/permissions.secure -%endif %if 0%{?suse_version} >= 1140 %set_permissions %{_localstatedir}/cache/%{name} %set_permissions %{_localstatedir}/log/%{name} @@ -375,6 +377,7 @@ %{_sbindir}/pinger %{_sbindir}/rc%{name} %{_sbindir}/%{name} +%{_sbindir}/ssl_crtd %{_sbindir}/storeid_file_rewrite %{_sbindir}/unlinkd %{_sbindir}/url_fake_rewrite ++++++ RELEASENOTES.html ++++++ --- /var/tmp/diff_new_pack.PJjK2v/_old 2014-03-18 14:07:05.000000000 +0100 +++ /var/tmp/diff_new_pack.PJjK2v/_new 2014-03-18 14:07:05.000000000 +0100 @@ -2,10 +2,10 @@ <HTML> <HEAD> <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.69"> - <TITLE>Squid 3.4.2 release notes</TITLE> + <TITLE>Squid 3.4.4 release notes</TITLE> </HEAD> <BODY> -<H1>Squid 3.4.2 release notes</H1> +<H1>Squid 3.4.4 release notes</H1> <H2>Squid Developers</H2> <HR> @@ -57,7 +57,7 @@ <HR> <H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2> -<P>The Squid Team are pleased to announce the release of Squid-3.4.2 for testing.</P> +<P>The Squid Team are pleased to announce the release of Squid-3.4.4 for testing.</P> <P>This new release is available for download from <A HREF="http://www.squid-cache.org/Versions/v3/3.4/";>http://www.squid-cache.org/Versions/v3/3.4/</A> or the <A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html";>mirrors</A>.</P> @@ -505,6 +505,12 @@ the getsockname() API in recent PF versions require <EM>--with-nat-devpf</EM> to re-enable /dev/pf support when using PF firewall.</P> +<DT><B>--disable-translation</B><DD> +<P>Default changed to prevent translating error page templates during build. +Use --enable-translation to explicitly build and install the templates.</P> +<P>The latest pre-translated templates can be downloaded from +<A HREF="http://www.squid-cache.org/Versions/langpack/";>http://www.squid-cache.org/Versions/langpack/</A></P> + </DL> </P> <H2><A NAME="removedoptions"></A> <A NAME="ss4.3">4.3</A> <A HREF="#toc4.3">Removed options</A> ++++++ squid-3.4.2.tar.bz2 -> squid-3.4.4.tar.bz2 ++++++ ++++ 3209 lines of diff (skipped) ++++++ squid-3.4.2.tar.bz2.asc -> squid-3.4.4.tar.bz2.asc ++++++ --- /work/SRC/openSUSE:Factory/squid/squid-3.4.2.tar.bz2.asc 2014-01-23 15:56:49.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.squid.new/squid-3.4.4.tar.bz2.asc 2014-03-18 14:07:04.000000000 +0100 @@ -1,20 +1,20 @@ -File: squid-3.4.2.tar.bz2 -Date: Mon Dec 30 11:52:11 UTC 2013 -Size: 2812777 -MD5 : 7ec46965bc58bc927e81869805a25241 -SHA1: 0b96ee7502b21c69b5f9bd8d2c113b35dd58ecf0 +File: squid-3.4.4.tar.bz2 +Date: Sun Mar 9 10:06:07 UTC 2014 +Size: 2812380 +MD5 : f9c7dd495e45042cc162d89cfbb97cc0 +SHA1: 1d5db3970d4a8bd460315d90253c5c20d96abdad Key : 0xFF5CF463 <[email protected]> fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463 keyring = http://www.squid-cache.org/pgp.asc keyserver = subkeys.pgp.net -----BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.15 (GNU/Linux) +Version: GnuPG v1 -iQEcBAABAgAGBQJSwWThAAoJELJo5wb/XPRjdhgIAIjPMGSUDhylA56CEH5NAXg7 -yevT8tC6D3dFhQLtXt8a0sT4ULzMwvXGvH/lYBrEyn8mO8tcU145AJldCAKA3tGS -j1EmB48w5Vu7R4rkfEpwraYS1y4X/hM1nqv0On78yvAOueau6E2Ti5bbkPKCU0xB -oP1YPv+WoLGQtvpgjO9EhX/uVTF+cnCWUwediq9EulAtnkkXAZnJlXgNoJW7cBFv -YhLKpds4Ge/LO0jsPp7j6BsOOhbpvIOmMiELCepZ8hk9Cxm7VeCMrFzI069tUiWs -TQGvblf32oVhlFWRNkVZI4ZPINXmGPPHT2t4f33Lrep0EawQDnFQfoJxOi2VUUM= -=Ugn1 +iQEcBAABAgAGBQJTHD43AAoJELJo5wb/XPRjD/QH/3GMK+VPmnP5QiMgr995Zp+o +ZHfQoVXO679Mq55Yv53ZSCE8xUGtqwaabm/3pP+U1URrs2kTJV+392fN43RmZ7R+ +11zvIXJD3/dGAHAKQlxELMskWNNAdQWCpXGhKaJFU0ghvqlGpq1hLx2M5DqOgJBU +DoFLFUQdKLPU8n1PwnY3SKdT3q3VxpSVbaUx+doQnsNW2Fj2NBj/kb2TQy/1UmyF +FWVpn6Gr3BMCrl4uiw1yiCdHty61Tt6BH6swjA7sQjcenMLWQjNzRzGgM4TfhlvR +czHrrJDbpNZ7Z8NBGvyAYBQmsFRxNm51yIFmpRst+PJBZuNJFW4RB9lek1hWsuk= +=zJQN -----END PGP SIGNATURE----- ++++++ squid-brokenad.patch ++++++ Index: helpers/external_acl/kerberos_ldap_group/support_krb5.cc =================================================================== --- helpers/external_acl/kerberos_ldap_group/support_krb5.cc.orig +++ helpers/external_acl/kerberos_ldap_group/support_krb5.cc @@ -52,7 +52,7 @@ krb5_cleanup() * create Kerberos memory cache */ int -krb5_create_cache(char *domain) +krb5_create_cache(struct main_args *margs, char *domain) { krb5_keytab keytab = 0; @@ -130,8 +130,17 @@ krb5_create_cache(char *domain) if (code) { error((char *) "%s| %s: ERROR: Error while unparsing principal name : %s\n", LogTime(), PROGRAM, error_message(code)); } else { - debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name); - found = 1; + if (margs->brokenad == 1) { + if (!strncmp(principal_name,"HTTP/",strlen("HTTP/"))==0){ + debug((char *) "%s| %s: DEBUG: Found principal without 'HTTP/' service name: %s NOT USING IT\n", LogTime(), PROGRAM, principal_name); + } else { + debug((char *) "%s| %s: DEBUG: Found principal with 'HTTP/' service name: %s\n", LogTime(), PROGRAM, principal_name); + found = 1; + } + } else { + debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name); + found = 1; + } } } #if defined(HAVE_HEIMDAL_KERBEROS) || ( defined(HAVE_KRB5_KT_FREE_ENTRY) && HAVE_DECL_KRB5_KT_FREE_ENTRY==1) Index: helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc =================================================================== --- helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc.orig +++ helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc @@ -57,6 +57,7 @@ init_args(struct main_args *margs) margs->rc_allow = 0; margs->AD = 0; margs->mdepth = 5; + margs->brokenad = 0; margs->ddomain = NULL; margs->groups = NULL; margs->ndoms = NULL; @@ -176,7 +177,7 @@ main(int argc, char *const argv[]) init_args(&margs); - while (-1 != (opt = getopt(argc, argv, "diasg:D:N:S:u:U:t:T:p:l:b:m:h"))) { + while (-1 != (opt = getopt(argc, argv, "diasxg:D:N:S:u:U:t:T:p:l:b:m:h"))) { switch (opt) { case 'd': debug_enabled = 1; @@ -228,6 +229,9 @@ main(int argc, char *const argv[]) case 'S': margs.llist = xstrdup(optarg); break; + case 'x': + margs.brokenad = 1; + break; case 'h': fprintf(stderr, "Usage: \n"); fprintf(stderr, "squid_kerb_ldap [-d] [-i] -g group list [-D domain] [-N netbios domain map] [-s] [-u ldap user] [-p ldap user password] [-l ldap url] [-b ldap bind path] [-a] [-m max depth] [-h]\n"); @@ -244,6 +248,7 @@ main(int argc, char *const argv[]) fprintf(stderr, "-l ldap url\n"); fprintf(stderr, "-b ldap bind path\n"); fprintf(stderr, "-s use SSL encryption with Kerberos authentication\n"); + fprintf(stderr, "-x force use of HTTP/ principal on ms ad 2008\n"); fprintf(stderr, "-a allow SSL without cert verification\n"); fprintf(stderr, "-m maximal depth for recursive searches\n"); fprintf(stderr, "-h help\n"); Index: helpers/external_acl/kerberos_ldap_group/support.h =================================================================== --- helpers/external_acl/kerberos_ldap_group/support.h.orig +++ helpers/external_acl/kerberos_ldap_group/support.h @@ -97,6 +97,7 @@ struct main_args { int rc_allow; int AD; int mdepth; + int brokenad; char *ddomain; struct gdstruct *groups; struct ndstruct *ndoms; @@ -156,7 +157,7 @@ int create_nd(struct main_args *margs); int create_ls(struct main_args *margs); #ifdef HAVE_KRB5 -int krb5_create_cache(char *domain); +int krb5_create_cache(struct main_args *margs, char *domain); void krb5_cleanup(void); #endif Index: helpers/external_acl/kerberos_ldap_group/support_ldap.cc =================================================================== --- helpers/external_acl/kerberos_ldap_group/support_ldap.cc.orig +++ helpers/external_acl/kerberos_ldap_group/support_ldap.cc @@ -801,7 +801,7 @@ get_memberof(struct main_args *margs, ch debug((char *) "%s| %s: DEBUG: Setup Kerberos credential cache\n", LogTime(), PROGRAM); #ifdef HAVE_KRB5 - kc = krb5_create_cache(domain); + kc = krb5_create_cache(margs,domain); if (kc) { error((char *) "%s| %s: ERROR: Error during setup of Kerberos credential cache\n", LogTime(), PROGRAM); } ++++++ squid-compiled_without_RPM_OPT_FLAGS.patch ++++++ --- /var/tmp/diff_new_pack.PJjK2v/_old 2014-03-18 14:07:08.000000000 +0100 +++ /var/tmp/diff_new_pack.PJjK2v/_new 2014-03-18 14:07:08.000000000 +0100 @@ -15,7 +15,7 @@ =================================================================== --- src/Makefile.in.orig +++ src/Makefile.in -@@ -7294,7 +7294,7 @@ cache_cf.o: cf_parser.cci +@@ -7295,7 +7295,7 @@ cache_cf.o: cf_parser.cci # cf_gen builds the configuration files. cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES) cf_gen_defines.cci ++++++ squid-nobuilddates.patch ++++++ --- /var/tmp/diff_new_pack.PJjK2v/_old 2014-03-18 14:07:08.000000000 +0100 +++ /var/tmp/diff_new_pack.PJjK2v/_new 2014-03-18 14:07:08.000000000 +0100 @@ -2,7 +2,7 @@ =================================================================== --- helpers/basic_auth/fake/fake.cc.orig +++ helpers/basic_auth/fake/fake.cc -@@ -74,7 +74,7 @@ main(int argc, char *argv[]) +@@ -96,7 +96,7 @@ main(int argc, char *argv[]) process_options(argc, argv); @@ -11,7 +11,7 @@ while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) { char *p; -@@ -90,6 +90,6 @@ main(int argc, char *argv[]) +@@ -112,6 +112,6 @@ main(int argc, char *argv[]) /* send 'OK' result back to Squid */ SEND_OK(""); } @@ -103,7 +103,7 @@ =================================================================== --- helpers/url_rewrite/fake/fake.cc.orig +++ helpers/url_rewrite/fake/fake.cc -@@ -79,7 +79,7 @@ main(int argc, char *argv[]) +@@ -101,7 +101,7 @@ main(int argc, char *argv[]) process_options(argc, argv); @@ -112,7 +112,7 @@ while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) { char *p; -@@ -95,6 +95,6 @@ main(int argc, char *argv[]) +@@ -117,6 +117,6 @@ main(int argc, char *argv[]) /* send 'no-change' result back to Squid */ fprintf(stdout,"\n"); } -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
