Hello community, here is the log from the commit of package squid for openSUSE:Factory checked in at 2015-12-09 19:54:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/squid (Old) and /work/SRC/openSUSE:Factory/.squid.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "squid" Changes: -------- --- /work/SRC/openSUSE:Factory/squid/squid.changes 2015-10-20 00:05:47.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.squid.new/squid.changes 2015-12-09 22:34:26.000000000 +0100 @@ -1,0 +2,96 @@ +Wed Dec 9 10:11:36 UTC 2015 - [email protected] + +- Update to 4.0.3 + * Bug 4372: missing template files + * Bug 4371: compile errors: no such file or directory: + DiskIO/*/*DiskIOModule.o + * Bug 4368: A simpler and more robust HTTP request line parser + * Fix compile erorr on clang undefined reference to + '__atomic_load_8' + * ext_kerberos_ldap_group_acl: Add missing workarounds for + Heimdal Kerberos + * ext_ldap_group_acl: Allow unlimited LDAP search filter + * ext_unix_group_acl: Support -r parameter to strip @REALM from + usernames + * ... and much code cleanup and polishing + * ... and all fixes from squid 3.5.11 +- Changes for squid-4.0.2 + * Regression Bug 4351: compile errors when authentication modules + disabled + * Regression fix: HTTP/1.1 Transfer-Encoding:chunked parsing + * Bug 4359: assertion failure 'Comm::IsConnOpen(conn)' within + ConnStateData::requestTimeout + * Bug 4356: segmentation fault using proxy_auth ACL + * Bug 4352: compile errors in OS X 10.11 + * Bug 4021: ext_user_regex does exact match + * Bug 3574: avoid crashes, prohibit reconfiguration during + shutdown + * Support re-assigning delay pools based on HTTP reply details + * ... and all fixes from squid 3.5.11 + +------------------------------------------------------------------- +Sat Dec 5 00:36:04 UTC 2015 - [email protected] + +- fixes for boo#956989 + - updated pretrans scriptlet so it handles only rpm link vs folders issue + - pre scriptlet updated to not change configuration file without real need + for configuration updates + + +------------------------------------------------------------------- +Tue Oct 27 17:12:19 UTC 2015 - [email protected] + +- update to 4.0.1 + * Bug 4329: GCC 5.2 no known conversion for argument + * Bug 4292: negotiate_wrapper: Unreleased Resources + * Bug 4269: ignore-must-revalidate broken + * Bug 4190: assertion 'hash_remove_link' from Auth::User::cacheCleanup + * Bug 3920: Splay::remove() reference counting inconsistent + * Bug 3069: CONNECT method bytes sent logging + * Bug 2741 partial: libsecurity API for GnuTLS support + * Bug 1961 partial: redesign of URL handling + * Fix crash when parsing invalid squid.conf + * Fix eCAP: Return 'unknown body size' for bodies with unknown body sizes + * Remove unused OS detection: Sun, SysV, Ultrix, BSDi + * Remove cache_peer_domain directive + * RFC 6176 compliance: Remove SSLv2 support + * HTTP/1.1: Remove refresh_pattern ignore-auth and ignore-must-revalidate + * Remove GCC 2.x and 3.x detection and support + * C++11 compiler support is now mandatory + * Enable flexible transport protocol + * Enable long (--foo) command line parameters on squid binary + * Add per-rule refresh_pattern matching statistics + * Replace sslversion=N with tls-min-version=1.N + * Replace sslproxy_* directives with tls_outgoing_options + * Replace GNU atomics and related hacks with C++11 std::atomic + * Replace external_acl_type format %macros with logformat codes + * Support Ephemeral Elliptic Curve Diffie-Hellman (EECDH) key exchange + * Support Secure ICAP services + * Support rotate=N option on access_log + * Support bypass for non-HTTP intercepted traffic (on_unsupported_protocol) + * Support lifetime timeout for persistent connections (pconn_lifetime) + * Support timeout for URL-rewrite helper lookups (url_rewrite_timeout) + * Support logging fast things (nanosecond log resolution) + * Support ICAP/eCAP adaptation for 100-continue responses + * Support configurable helper queue size, with consistent defaults + and better overflow handling. + * Support named service PID file by default (pid_filename) + * url_lfs_rewrite: Add URL-rewriter based on local file existence + * negotiate_kerberos_auth: output group= kv-pair + * helper-mux: add man(8) page + * purge: convert README to man(1) page + * basic_msnt_multi_domain_auth: Superceeded by basic_smb_lm_auth + * basic_sspi_auth: fix MinGW compile errors + * negotiate_sspi_auth: fix various build errors + * Crypto-NG: libnettle Base64 algorithm support + * Parser-NG: HTTP Parser structural redesign + * libltdl: copyright updated to LGPL version 2.1 + * ... and several performance optimizations + * ... and many documentation changes + * ... and much code cleanup and polishing +- fix dependency (C++11) + * gcc >= 4.7 +- rebase squid-config.patch +- rebase and fix squid-brokenad.patch + +------------------------------------------------------------------- Old: ---- squid-3.5.10.tar.xz squid-3.5.10.tar.xz.asc New: ---- squid-4.0.3.tar.xz squid-4.0.3.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ squid.spec ++++++ --- /var/tmp/diff_new_pack.08f9Gd/_old 2015-12-09 22:34:28.000000000 +0100 +++ /var/tmp/diff_new_pack.08f9Gd/_new 2015-12-09 22:34:28.000000000 +0100 @@ -20,14 +20,14 @@ %define squidconfdir %{_sysconfdir}/squid Name: squid -Version: 3.5.10 +Version: 4.0.3 Release: 0 Summary: A fully featured HTTP/1.0 proxy License: GPL-2.0+ Group: Productivity/Networking/Web/Proxy -Url: http://www.squid-cache.org/Versions/v3/3.5 -Source0: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz -Source1: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz.asc +Url: http://www.squid-cache.org/Versions/v4 +Source0: http://www.squid-cache.org/Versions/v4/%{name}-%{version}.tar.xz +Source1: http://www.squid-cache.org/Versions/v4/%{name}-%{version}.tar.xz.asc Source3: squid.init Source4: squid.sysconfig @@ -57,7 +57,7 @@ BuildRequires: expat # BuildRequires: fdupes -BuildRequires: gcc-c++ +BuildRequires: gcc-c++ >= 4.7 BuildRequires: krb5-devel BuildRequires: libcap-devel BuildRequires: libexpat-devel @@ -106,26 +106,20 @@ Requires: logrotate Provides: http_proxy -# due to package rename -# Wed Aug 15 17:40:30 UTC 2012 -Provides: %{name}3 = %{version} -Obsoletes: %{name}3 < %{version} - %description -Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite - we're getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. Squid offers a rich set of traffic optimization options, most of which are enabled by default for simpler installation and high performance. +Squis is a fully-featured HTTP/1.0 proxy which is almost (but not quite - we're getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. Squid offers a rich set of traffic optimization options, most of which are enabled by default for simpler installation and high performance. -Squid 3.5 represents a new feature release above 3.4. +Squid 4 represents a new feature release above 3.5. The most important of these new features are: - * Support libecap v1.0 - * Authentication helper query extensions - * Support named services - * Upgraded squidclient tool - * Helper support for concurrency channels - * Native FTP Relay - * Receive PROXY protocol, Versions 1 & 2 - * Basic authentication MSNT helper changes + Configurable helper queue size + Helper concurrency channels changes + SSL support removal + MSNT-multi-domain helper removal + Secure ICAP + Elliptic Curve Diffie-Hellman (ECDH) + Improved SMP support %prep %setup -q @@ -306,29 +300,34 @@ %service_add_pre %{name}.service %endif -%pretrans -# Directory to symlink is not working in RPM so workaround it -# Occurs when updating from 3.4 to 3.5 -error_dir="%{_datadir}/%{name}/errors" -for i in zh-cn zh-tw; do - if [ -d "$error_dir/$i" ]; then - rm -rf "$error_dir/$i" || true - fi -done -# emulate_httpd_log is gone with 3.5 -if [ -e etc/%{name}/%{name}.conf ]; then - sed -i '/emulate_httpd_log/d' /etc/%{name}/%{name}.conf -fi - # update mode? if [ "$1" -gt "1" ]; then if [ -e %{_sysconfdir}/%{name}.conf -a ! -L %{_sysconfdir}/%{name}.conf -a ! -e %{_sysconfdir}/%{name}/%{name}.conf ]; then echo "moving %{_sysconfdir}/%{name}.conf to %{_sysconfdir}/%{name}/%{name}.conf" - mv /%{_sysconfdir}/%{name}.conf /%{_sysconfdir}/%{name}/%{name}.conf + mv %{_sysconfdir}/%{name}.conf %{_sysconfdir}/%{name}/%{name}.conf fi - # default group changed from nogroup to squid - %{_sbindir}/usermod -g %{name} %{name} fi +# emulate_httpd_log is gone with 3.5 +if [ -e %{_sysconfdir}/%{name}/%{name}.conf ]; then + if [ $(grep -c emulate_httpd_log %{_sysconfdir}/%{name}/%{name}.conf) -gt 0 ];then + sed -i '/emulate_httpd_log/d' %{_sysconfdir}/%{name}/%{name}.conf + fi +fi + +%pretrans -p <lua> +-- Directory to symlink is not working in RPM so workaround it +-- Occurs when updating from 3.4 to 3.5 +error_dir="%{_datadir}/%{name}/errors/" +bad_ones={"zh-cn","zh-tw"} +print("cleaning up old directories") +for i,f in pairs(bad_ones) do + pstat = posix.stat(error_dir..f) + if pstat and pstat.type == "directory" then + print ("moving away "..error_dir..f.." to "..error_dir..f .. ".rpmmoved") + --posix.rmdir(error_dir..f) + os.rename(error_dir..f, error_dir..f .. ".rpmmoved") + end +end %post %if 0%{?suse_version} >= 1140 @@ -436,7 +435,7 @@ %{_sbindir}/digest_edirectory_auth ## will get removed in 3.6 series # http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html#toc2.8 -%{_sbindir}/basic_msnt_multi_domain_auth +#%%{_sbindir}/basic_msnt_multi_domain_auth ## %{_sbindir}/basic_ncsa_auth %{_sbindir}/basic_nis_auth @@ -466,7 +465,7 @@ %{_sbindir}/ext_session_acl %{_sbindir}/ext_unix_group_acl %{_sbindir}/ext_wbinfo_group_acl -%{_sbindir}/helper-mux.pl +%{_sbindir}/helper-mux %{_sbindir}/log_db_daemon %{_sbindir}/log_file_daemon %{_sbindir}/negotiate_kerberos_auth @@ -486,6 +485,7 @@ %{_sbindir}/unlinkd %{_sbindir}/url_fake_rewrite %{_sbindir}/url_fake_rewrite.sh +%{_sbindir}/url_lfs_rewrite %if 0%{?suse_version} %{_sbindir}/rc%{name} %{_localstatedir}/adm/fillup-templates/sysconfig.%{name} ++++++ squid-3.5.10.tar.xz -> squid-4.0.3.tar.xz ++++++ ++++ 130222 lines of diff (skipped) ++++++ squid-3.5.10.tar.xz.asc -> squid-4.0.3.tar.xz.asc ++++++ --- /work/SRC/openSUSE:Factory/squid/squid-3.5.10.tar.xz.asc 2015-10-12 10:02:30.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.squid.new/squid-4.0.3.tar.xz.asc 2015-12-09 22:34:26.000000000 +0100 @@ -1,8 +1,8 @@ -File: squid-3.5.10.tar.xz -Date: Thu Oct 1 15:37:56 UTC 2015 -Size: 2297452 -MD5 : 5ddc53bd6ff78234691a7ebbcbc6aa38 -SHA1: 804bbf5ef6ccdc277dacde83e086fad30d02da60 +File: squid-4.0.3.tar.xz +Date: Sat Nov 28 16:16:30 UTC 2015 +Size: 2341200 +MD5 : 1b2c7e775d494993ea260ba959515162 +SHA1: 039396491f13c2da8f20252cce16509ce31ccaf3 Key : 0xFF5CF463 <[email protected]> fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463 keyring = http://www.squid-cache.org/pgp.asc @@ -10,11 +10,11 @@ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 -iQEcBAABAgAGBQJWDVnkAAoJELJo5wb/XPRjC/MIAMUTJEgzajbcbpCJubfxL8+y -gxV/SjysESmgjjgC7LdtEsz6X156zxPXNYbNC05NKZ0qLrMN0cHy1+LG1uIWie2c -vFL0KmFllIRY9wiV2m4Y3uoEYvGFEWYviaW8edRJstZAEBe2ntSSvD+982rRwRgw -mHDnjIUL9MnJGnjqVq+O3jq1M/lxmAYoiiJrDQM/Jkd6yvs73o4spRp5AVg6+Vfq -sL3qP/Xz2IaLmHTgHmjhwOQsa7y5THAkUhBzv9Q+BSbo2Qb/6orQnvBcDuhCFs7j -DRnm602Axmqa4zTOQjfkg9ag6WXB+8AIeKFnJuX+Ynw9LVRVTq2DCJqyNVhZbNw= -=LrXD +iQEcBAABAgAGBQJWWdSjAAoJELJo5wb/XPRjxtQIAMmFTrgiFwNo0gioSaUG7m8l +7VlewDor+dRzhJ+KYPt0VhLbO8V6KjgoDmp1ISDpnQ3PgQaFP1v0tLLh5pfGRuUf +rO8OQEowrmxIu/oe9/8Reh3ci1nsT/xXFC1DBWxhVwzy1I081xzmuEDS5s0OqhtE +PlcyOPmWhT5fYiNfzmdIuJC+3NWW8k82nOtbFlR4vWdjtHWaIaZjgb3MCW3Y2mgb +1dPSEUDLbB7V70qN8iE9pwh923eRMo7Y6u9ejImxbYzwZVA3kn/bnqyPFCAbYVmg +D6fPumqfh5wab2Et1csNNK2daxpEelaAFTFX7eEUBLfRWCepDYU1U5KKtUxNaeg= +=eU8K -----END PGP SIGNATURE----- ++++++ squid-brokenad.patch ++++++ --- /var/tmp/diff_new_pack.08f9Gd/_old 2015-12-09 22:34:31.000000000 +0100 +++ /var/tmp/diff_new_pack.08f9Gd/_new 2015-12-09 22:34:31.000000000 +0100 @@ -2,7 +2,7 @@ =================================================================== --- helpers/external_acl/kerberos_ldap_group/support_krb5.cc.orig +++ helpers/external_acl/kerberos_ldap_group/support_krb5.cc -@@ -81,7 +81,7 @@ k5_error(const char* msg, krb5_error_cod +@@ -80,7 +80,7 @@ k5_error(const char* msg, krb5_error_cod * create Kerberos memory cache */ int @@ -10,59 +10,59 @@ +krb5_create_cache(struct main_args *margs, char *domain) { - krb5_keytab keytab = 0; -@@ -178,8 +178,17 @@ krb5_create_cache(char *domain) - if (code) { - k5_error("Error while unparsing principal name",code); - } else { -- debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name); -- found = 1; -+ if (margs->brokenad == 1) { -+ if (!strncmp(principal_name,"HTTP/",strlen("HTTP/"))==0){ -+ debug((char *) "%s| %s: DEBUG: Found principal without 'HTTP/' service name: %s NOT USING IT\n", LogTime(), PROGRAM, principal_name); + krb5_keytab keytab = NULL; +@@ -288,8 +288,17 @@ krb5_create_cache(char *domain) + if (code) { + k5_error("Error while unparsing principal name",code); + } else { +- debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name); +- found = 1; ++ if (margs->brokenad == 1) { ++ if (!strncmp(principal_name,"HTTP/",strlen("HTTP/"))==0){ ++ debug((char *) "%s| %s: DEBUG: Found principal without 'HTTP/' service name: %s NOT USING IT\n", LogTime(), PROGRAM, principal_name); ++ } else { ++ debug((char *) "%s| %s: DEBUG: Found principal with 'HTTP/' service name: %s\n", LogTime(), PROGRAM, principal_name); ++ found = 1; ++ } + } else { -+ debug((char *) "%s| %s: DEBUG: Found principal with 'HTTP/' service name: %s\n", LogTime(), PROGRAM, principal_name); ++ debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name); + found = 1; + } -+ } else { -+ debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name); -+ found = 1; -+ } + } } - } #if USE_HEIMDAL_KRB5 || ( HAVE_KRB5_KT_FREE_ENTRY && HAVE_DECL_KRB5_KT_FREE_ENTRY ) Index: helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc =================================================================== --- helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc.orig +++ helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc -@@ -61,6 +61,7 @@ init_args(struct main_args *margs) - margs->rc_allow = 0; +@@ -79,6 +79,7 @@ init_args(struct main_args *margs) margs->AD = 0; margs->mdepth = 5; + margs->nokerberos = 0; + margs->brokenad = 0; margs->ddomain = NULL; margs->groups = NULL; margs->ndoms = NULL; -@@ -179,7 +180,7 @@ main(int argc, char *const argv[]) +@@ -202,7 +203,7 @@ main(int argc, char *const argv[]) init_args(&margs); -- while (-1 != (opt = getopt(argc, argv, "diasg:D:N:S:u:U:t:T:p:l:b:m:h"))) { -+ while (-1 != (opt = getopt(argc, argv, "diasxg:D:N:S:u:U:t:T:p:l:b:m:h"))) { +- while (-1 != (opt = getopt(argc, argv, "diasng:D:N:S:u:U:t:T:p:l:b:m:h"))) { ++ while (-1 != (opt = getopt(argc, argv, "diasnxg:D:N:S:u:U:t:T:p:l:b:m:h"))) { switch (opt) { case 'd': debug_enabled = 1; -@@ -231,6 +232,9 @@ main(int argc, char *const argv[]) - case 'S': - margs.llist = xstrdup(optarg); +@@ -219,6 +220,9 @@ main(int argc, char *const argv[]) + case 'n': + margs.nokerberos = 1; break; + case 'x': + margs.brokenad = 1; + break; - case 'h': - fprintf(stderr, "Usage: \n"); - fprintf(stderr, "squid_kerb_ldap [-d] [-i] -g group list [-D domain] [-N netbios domain map] [-s] [-u ldap user] [-p ldap user password] [-l ldap url] [-b ldap bind path] [-a] [-m max depth] [-h]\n"); -@@ -247,6 +251,7 @@ main(int argc, char *const argv[]) + case 'g': + margs.glist = xstrdup(optarg); + break; +@@ -274,6 +278,7 @@ main(int argc, char *const argv[]) fprintf(stderr, "-l ldap url\n"); fprintf(stderr, "-b ldap bind path\n"); fprintf(stderr, "-s use SSL encryption with Kerberos authentication\n"); @@ -74,18 +74,18 @@ =================================================================== --- helpers/external_acl/kerberos_ldap_group/support.h.orig +++ helpers/external_acl/kerberos_ldap_group/support.h -@@ -105,6 +105,7 @@ struct main_args { - int rc_allow; +@@ -106,6 +106,7 @@ struct main_args { int AD; int mdepth; + int nokerberos; + int brokenad; char *ddomain; struct gdstruct *groups; struct ndstruct *ndoms; -@@ -164,7 +165,7 @@ int create_nd(struct main_args *margs); - int create_ls(struct main_args *margs); - - #ifdef HAVE_KRB5 +@@ -181,7 +182,7 @@ struct kstruct { + char* mem_ccache[MAX_DOMAINS]; + int ncache; + }; -int krb5_create_cache(char *domain); +int krb5_create_cache(struct main_args *margs, char *domain); void krb5_cleanup(void); @@ -95,12 +95,12 @@ =================================================================== --- helpers/external_acl/kerberos_ldap_group/support_ldap.cc.orig +++ helpers/external_acl/kerberos_ldap_group/support_ldap.cc -@@ -898,7 +898,7 @@ get_memberof(struct main_args *margs, ch - debug((char *) "%s| %s: DEBUG: Setup Kerberos credential cache\n", LogTime(), PROGRAM); - - #if HAVE_KRB5 -- kc = krb5_create_cache(domain); -+ kc = krb5_create_cache(margs,domain); - if (kc) { - error((char *) "%s| %s: ERROR: Error during setup of Kerberos credential cache\n", LogTime(), PROGRAM); - } +@@ -902,7 +902,7 @@ get_memberof(struct main_args *margs, ch + kc = 1; + debug((char *) "%s| %s: DEBUG: Kerberos is disabled. Use username/password with ldap url instead\n", LogTime(), PROGRAM); + } else { +- kc = krb5_create_cache(domain); ++ kc = krb5_create_cache(margs,domain); + if (kc) { + error((char *) "%s| %s: ERROR: Error during setup of Kerberos credential cache\n", LogTime(), PROGRAM); + } ++++++ squid-config.patch ++++++ --- /var/tmp/diff_new_pack.08f9Gd/_old 2015-12-09 22:34:31.000000000 +0100 +++ /var/tmp/diff_new_pack.08f9Gd/_new 2015-12-09 22:34:31.000000000 +0100 @@ -2,7 +2,7 @@ =================================================================== --- src/cf.data.pre.orig +++ src/cf.data.pre -@@ -1460,6 +1460,8 @@ http_access deny manager +@@ -1498,6 +1498,8 @@ http_access deny manager # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow localnet @@ -11,7 +11,7 @@ http_access allow localhost # And finally deny all other access to this proxy -@@ -3692,6 +3694,10 @@ DOC_START +@@ -3672,6 +3674,10 @@ DOC_START Instead, if you want Squid to use the entire disk drive, subtract 20% and use that value. @@ -22,7 +22,7 @@ 'L1' is the number of first-level subdirectories which will be created under the 'Directory'. The default is 16. -@@ -3810,7 +3816,7 @@ DOC_START +@@ -3790,7 +3796,7 @@ DOC_START NOCOMMENT_START # Uncomment and adjust the following to add a disk cache directory. @@ -31,7 +31,7 @@ NOCOMMENT_END DOC_END -@@ -4507,7 +4513,7 @@ DOC_END +@@ -4504,7 +4510,7 @@ DOC_END NAME: logfile_rotate TYPE: int @@ -39,4 +39,4 @@ +DEFAULT: 0 LOC: Config.Log.rotateNumber DOC_START - Specifies the number of logfile rotations to make when you + Specifies the default number of logfile rotations to make when you
