Hello community,
here is the log from the commit of package squid for openSUSE:Factory checked
in at 2015-04-27 13:05:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/squid (Old)
and /work/SRC/openSUSE:Factory/.squid.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "squid"
Changes:
--------
--- /work/SRC/openSUSE:Factory/squid/squid.changes 2015-03-11
09:56:45.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.squid.new/squid.changes 2015-04-27
13:05:13.000000000 +0200
@@ -1,0 +2,63 @@
+Sun Apr 26 11:18:42 UTC 2015 - mplus...@suse.com
+
+- fix SLE 11 build with older kerberos libraries
+ * squid-old-kerberos.patch
+
+-------------------------------------------------------------------
+Wed Apr 1 06:55:04 UTC 2015 - mplus...@suse.com
+
+- Update to 3.5.3
+ * Regression Bug 4213: negotiate_kerberos_auth: freeing non-dynamic memory
+ * Regression Bug 4206: Incorrect connection close on expect:100-continue
+ * Bug 4204: ./configure does not abort when required helpers cannot be built
+ * Bug 3805: support shared memory on MacOS X in Mem::IPC::Segment
+ * Bug 2907: high CPU usage on CONNECT when using delay pools
+ * basic_getpwnam_auth: fail authentication on crypt() failures
+ * basic_nis_auth: fail authentication on crypt() failures
+ * ext_kerberos_ldap_group_acl: Heimdal support improvements
+ * ext_wbinfo_group_acl: Perl 5.20 support
+ * ... and several compile issues
+
+-------------------------------------------------------------------
+Sat Mar 21 13:16:42 UTC 2015 - mplus...@suse.com
+
+- Use xz compressed source
+- Update to 3.5.2
+ * Regression Bug 4176: Digest auth too many helper lookups
+ * Regression Bug 4180: not-fully-initialized data member in
+ ACLUserData
+ * Bug 4172: Solaris broken krb5-config
+ * Bug 4073: Cygwin compile errors
+ * Bug 3919: remove several never-true / never-false comparisons
+ * HTTPS: Add missing root CAs when validating chains that passed
+ internal checks
+ * Fix some cbdataFree related memory leaks
+ * Quieten CBDATA 'leak' messages
+ * Set SNI information in transparent bumping mode
+ * negotiate_kerberos_auth: fix krb5.conf backward compatibility
+ * Fix memory leaks in cachemgr.cgi URL parser
+ * Fix sslproxy_options in peek-and-splice mode
+ * ... and fix several portability and build issues
+ * ... and some documentation updates
+ * ... and all fixes from squid 3.4.11
+
+-------------------------------------------------------------------
+Thu Feb 19 01:09:38 UTC 2015 - ch...@computersalat.de
+
+- Update to 3.5.1 (13 Jan 2015):
+ * Fix handling of invalid SSL server certificates when splicing connections
+ * basic_smb_lm_auth: Simplified MSNT basic auth helper
+ * squidclient: Fix -A and -P options
+ * ... and several portability fixes
+ * ... and all fixes from squid 3.4.11
+ * ... and a lot of documentation updates
+- removed obsolete patch
+ * squid-compiled_without_RPM_OPT_FLAGS.patch
+- rebased patches
+ * squid-config.patch
+ * squid-nobuilddates.patch
+ * squid-brokenad.patch
+- replace configure option
+ * --enable-ssl > --with-openssl
+
+-------------------------------------------------------------------
Old:
----
squid-3.4.11.tar.bz2
squid-3.4.11.tar.bz2.asc
squid-compiled_without_RPM_OPT_FLAGS.patch
New:
----
squid-3.5.3.tar.xz
squid-3.5.3.tar.xz.asc
squid-old-kerberos.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ squid.spec ++++++
--- /var/tmp/diff_new_pack.6TE7zT/_old 2015-04-27 13:05:14.000000000 +0200
+++ /var/tmp/diff_new_pack.6TE7zT/_new 2015-04-27 13:05:14.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package squid
#
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -20,14 +20,14 @@
%define squidconfdir %{_sysconfdir}/squid
Name: squid
-Version: 3.4.11
+Version: 3.5.3
Release: 0
Summary: A fully featured HTTP/1.0 proxy
License: GPL-2.0+
Group: Productivity/Networking/Web/Proxy
-Url: http://www.squid-cache.org/Versions/v3/3.4
-Source0:
http://www.squid-cache.org/Versions/v3/3.4/%{name}-%{version}.tar.bz2
-Source1:
http://www.squid-cache.org/Versions/v3/3.4/%{name}-%{version}.tar.bz2.asc
+Url: http://www.squid-cache.org/Versions/v3/3.5
+Source0:
http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz
+Source1:
http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz.asc
Source3: squid.init
Source4: squid.sysconfig
@@ -46,11 +46,10 @@
Patch100: %{name}-config.patch
# make build compare happy - remove build dates
Patch101: %{name}-nobuilddates.patch
-## File is compiled without RPM_OPT_FLAGS
-# squid3 no-rpm-opt-flags <cmdline>:./cf_gen.cc
-Patch102: %{name}-compiled_without_RPM_OPT_FLAGS.patch
# patch fixes kerberos principalname handling
(http://bugs.squid-cache.org/show_bug.cgi?id=4042)
Patch103: squid-brokenad.patch
+#patch fix SLE 11 target... BAD PATCH
+Patch104: squid-old-kerberos.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: db-devel
@@ -71,6 +70,7 @@
%endif
%if 0%{?suse_version} < 1220
BuildRequires: libxml2-devel
+BuildRequires: xz
%else
BuildRequires: pkgconfig(libxml-2.0)
%endif
@@ -116,16 +116,18 @@
%description
Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite -
we're getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich
access control, authorization and logging environment to develop web proxy and
content serving applications. Squid offers a rich set of traffic optimization
options, most of which are enabled by default for simpler installation and high
performance.
-Squid 3.4 represents a new feature release above 3.3.
+Squid 3.5 represents a new feature release above 3.4.
The most important of these new features are:
- * Helper protocol extensions
- * SSL Server Certificate Validator
- * Store-ID
- * TPROXY Support for OpenBSD 5.1+ and FreeBSD 9+
- * Transaction Annotations
- * Multicast DNS
+ * Support libecap v1.0
+ * Authentication helper query extensions
+ * Support named services
+ * Upgraded squidclient tool
+ * Helper support for concurrency channels
+ * Native FTP Relay
+ * Receive PROXY protocol, Versions 1 & 2
+ * Basic authentication MSNT helper changes
%prep
#setup -q -n %{name}-%{version}%{snap}
@@ -138,8 +140,8 @@
perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name
"*.pl"`
chmod a-x CREDITS
%patch101
-%patch102
%patch103
+%patch104
%build
export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
@@ -172,8 +174,8 @@
--enable-referer-log \
--enable-kill-parent-hack \
--enable-arp-acl \
- --enable-ssl \
--enable-ssl-crtd \
+ --with-openssl \
--enable-forw-via-db \
--enable-cache-digests \
--enable-linux-netfilter \
@@ -373,7 +375,7 @@
%files
%defattr(-,root,root)
-%doc CONTRIBUTORS COPYING COPYRIGHT CREDITS ChangeLog
+%doc ChangeLog CONTRIBUTORS COPYING CREDITS
%doc QUICKSTART README RELEASENOTES.html SPONSORS*
%doc README.kerberos
%doc doc/contrib doc/scripts
@@ -392,11 +394,9 @@
%config(noreplace) %{squidconfdir}/errors
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%config(noreplace) %{squidconfdir}/mime.conf
-%config(noreplace) %{squidconfdir}/msntauth.conf
%config(noreplace) %{squidconfdir}/%{name}.conf
%config %{squidconfdir}/cachemgr.conf.default
%config %{squidconfdir}/errorpage.css.default
-%config %{squidconfdir}/msntauth.conf.default
%config %{squidconfdir}/%{name}.conf.default
%config %{squidconfdir}/%{name}.conf.documented
%config %{_sysconfdir}/pam.d/%{name}
@@ -415,8 +415,10 @@
%{_sbindir}/basic_fake_auth
%{_sbindir}/basic_getpwnam_auth
%{_sbindir}/basic_ldap_auth
-%{_sbindir}/basic_msnt_auth
+## will get removed in 3.6 series
+# http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html#toc2.8
%{_sbindir}/basic_msnt_multi_domain_auth
+##
%{_sbindir}/basic_ncsa_auth
%{_sbindir}/basic_nis_auth
%if 0%{?suse_version} < 1140
@@ -429,9 +431,12 @@
%{_sbindir}/basic_sasl_auth
%{_sbindir}/basic_smb_auth
%{_sbindir}/basic_smb_auth.sh
+## basic_msnt_auth has been deprecated and renamed to
+# http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html#toc2.8
+%{_sbindir}/basic_smb_lm_auth
+##
%{_sbindir}/cert_tool
%{_sbindir}/cert_valid.pl
-#{_sbindir}/digest_edirectory_auth
%{_sbindir}/digest_file_auth
%{_sbindir}/digest_ldap_auth
%{_sbindir}/diskd
++++++ squid-3.5.3.tar.xz.asc ++++++
File: squid-3.5.3.tar.xz
Date: Sat Mar 28 11:51:30 UTC 2015
Size: 2283580
MD5 : 6cd553300a2253c0913f498beb79ee51
SHA1: 6919305e16f59387197cf543f525e41f510b4727
Key : 0xFF5CF463 <squ...@treenet.co.nz>
fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
keyring = http://www.squid-cache.org/pgp.asc
keyserver = subkeys.pgp.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJVFpsoAAoJELJo5wb/XPRj4KYH/RU/x21yI0nI2sI0ilTUbG4K
W0mFM1YcbjtaRreXU6zgc7kVLPiypRYeXP+GDvADK3uEmXCvjulyT2pBqCdiftsV
BC2kBQDH4m1XUICE+vxKC2LmDAAPFxH0yOTiNltH1BEjNrjUcAPAlfuforVUz84u
VbiVcKMHQ3UShCsdLU3ZfM9qt5AUI6IEKDYIrfOJ+zNg8tEdMXlA3vSno1M2LQ32
v0wKJJ0WtT8KETOI2HAFAXJJFImJczWh480ffQV76vctT1BAmtue2CRpH0IKpNbZ
8WBIx2wraxzBSu+YAvjinnabLMblyzPfkwuP4U4j0JBGml9A3Us+P/unIlsEGj0=
=rz1P
-----END PGP SIGNATURE-----
++++++ squid-brokenad.patch ++++++
--- /var/tmp/diff_new_pack.6TE7zT/_old 2015-04-27 13:05:14.000000000 +0200
+++ /var/tmp/diff_new_pack.6TE7zT/_new 2015-04-27 13:05:14.000000000 +0200
@@ -2,7 +2,7 @@
===================================================================
--- helpers/external_acl/kerberos_ldap_group/support_krb5.cc.orig
+++ helpers/external_acl/kerberos_ldap_group/support_krb5.cc
-@@ -52,7 +52,7 @@ krb5_cleanup()
+@@ -81,7 +81,7 @@ k5_error(const char* msg, krb5_error_cod
* create Kerberos memory cache
*/
int
@@ -11,9 +11,9 @@
{
krb5_keytab keytab = 0;
-@@ -130,8 +130,17 @@ krb5_create_cache(char *domain)
+@@ -178,8 +178,17 @@ krb5_create_cache(char *domain)
if (code) {
- error((char *) "%s| %s: ERROR: Error while unparsing
principal name : %s\n", LogTime(), PROGRAM, error_message(code));
+ k5_error("Error while unparsing principal name",code);
} else {
- debug((char *) "%s| %s: DEBUG: Found principal name: %s\n",
LogTime(), PROGRAM, principal_name);
- found = 1;
@@ -30,12 +30,12 @@
+ }
}
}
- #if defined(HAVE_HEIMDAL_KERBEROS) || ( defined(HAVE_KRB5_KT_FREE_ENTRY) &&
HAVE_DECL_KRB5_KT_FREE_ENTRY==1)
+ #if USE_HEIMDAL_KRB5 || ( HAVE_KRB5_KT_FREE_ENTRY &&
HAVE_DECL_KRB5_KT_FREE_ENTRY )
Index: helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc
===================================================================
--- helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc.orig
+++ helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc
-@@ -57,6 +57,7 @@ init_args(struct main_args *margs)
+@@ -61,6 +61,7 @@ init_args(struct main_args *margs)
margs->rc_allow = 0;
margs->AD = 0;
margs->mdepth = 5;
@@ -43,7 +43,7 @@
margs->ddomain = NULL;
margs->groups = NULL;
margs->ndoms = NULL;
-@@ -176,7 +177,7 @@ main(int argc, char *const argv[])
+@@ -179,7 +180,7 @@ main(int argc, char *const argv[])
init_args(&margs);
@@ -52,7 +52,7 @@
switch (opt) {
case 'd':
debug_enabled = 1;
-@@ -228,6 +229,9 @@ main(int argc, char *const argv[])
+@@ -231,6 +232,9 @@ main(int argc, char *const argv[])
case 'S':
margs.llist = xstrdup(optarg);
break;
@@ -62,7 +62,7 @@
case 'h':
fprintf(stderr, "Usage: \n");
fprintf(stderr, "squid_kerb_ldap [-d] [-i] -g group list [-D
domain] [-N netbios domain map] [-s] [-u ldap user] [-p ldap user password] [-l
ldap url] [-b ldap bind path] [-a] [-m max depth] [-h]\n");
-@@ -244,6 +248,7 @@ main(int argc, char *const argv[])
+@@ -247,6 +251,7 @@ main(int argc, char *const argv[])
fprintf(stderr, "-l ldap url\n");
fprintf(stderr, "-b ldap bind path\n");
fprintf(stderr, "-s use SSL encryption with Kerberos
authentication\n");
@@ -74,7 +74,7 @@
===================================================================
--- helpers/external_acl/kerberos_ldap_group/support.h.orig
+++ helpers/external_acl/kerberos_ldap_group/support.h
-@@ -97,6 +97,7 @@ struct main_args {
+@@ -101,6 +101,7 @@ struct main_args {
int rc_allow;
int AD;
int mdepth;
@@ -82,7 +82,7 @@
char *ddomain;
struct gdstruct *groups;
struct ndstruct *ndoms;
-@@ -156,7 +157,7 @@ int create_nd(struct main_args *margs);
+@@ -160,7 +161,7 @@ int create_nd(struct main_args *margs);
int create_ls(struct main_args *margs);
#ifdef HAVE_KRB5
@@ -95,10 +95,10 @@
===================================================================
--- helpers/external_acl/kerberos_ldap_group/support_ldap.cc.orig
+++ helpers/external_acl/kerberos_ldap_group/support_ldap.cc
-@@ -801,7 +801,7 @@ get_memberof(struct main_args *margs, ch
+@@ -888,7 +888,7 @@ get_memberof(struct main_args *margs, ch
debug((char *) "%s| %s: DEBUG: Setup Kerberos credential cache\n",
LogTime(), PROGRAM);
- #ifdef HAVE_KRB5
+ #if HAVE_KRB5
- kc = krb5_create_cache(domain);
+ kc = krb5_create_cache(margs,domain);
if (kc) {
++++++ squid-config.patch ++++++
--- /var/tmp/diff_new_pack.6TE7zT/_old 2015-04-27 13:05:14.000000000 +0200
+++ /var/tmp/diff_new_pack.6TE7zT/_new 2015-04-27 13:05:14.000000000 +0200
@@ -2,7 +2,7 @@
===================================================================
--- src/cf.data.pre.orig
+++ src/cf.data.pre
-@@ -1361,6 +1361,8 @@ http_access deny manager
+@@ -1397,6 +1397,8 @@ http_access deny manager
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
@@ -11,7 +11,7 @@
http_access allow localhost
# And finally deny all other access to this proxy
-@@ -3414,6 +3416,10 @@ DOC_START
+@@ -3616,6 +3618,10 @@ DOC_START
Instead, if you want Squid to use the entire disk drive,
subtract 20% and use that value.
@@ -22,7 +22,7 @@
'L1' is the number of first-level subdirectories which
will be created under the 'Directory'. The default is 16.
-@@ -3547,7 +3553,7 @@ DOC_START
+@@ -3734,7 +3740,7 @@ DOC_START
NOCOMMENT_START
# Uncomment and adjust the following to add a disk cache directory.
@@ -31,7 +31,7 @@
NOCOMMENT_END
DOC_END
-@@ -4178,7 +4184,7 @@ DOC_END
+@@ -4410,7 +4416,7 @@ DOC_END
NAME: logfile_rotate
TYPE: int
++++++ squid-nobuilddates.patch ++++++
--- /var/tmp/diff_new_pack.6TE7zT/_old 2015-04-27 13:05:14.000000000 +0200
+++ /var/tmp/diff_new_pack.6TE7zT/_new 2015-04-27 13:05:14.000000000 +0200
@@ -2,7 +2,7 @@
===================================================================
--- helpers/basic_auth/fake/fake.cc.orig
+++ helpers/basic_auth/fake/fake.cc
-@@ -96,7 +96,7 @@ main(int argc, char *argv[])
+@@ -99,7 +99,7 @@ main(int argc, char *argv[])
process_options(argc, argv);
@@ -11,7 +11,7 @@
while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) {
char *p;
-@@ -112,6 +112,6 @@ main(int argc, char *argv[])
+@@ -115,7 +115,7 @@ main(int argc, char *argv[])
/* send 'OK' result back to Squid */
SEND_OK("");
}
@@ -19,11 +19,12 @@
+ debug("%s shutting down...\n", program_name);
exit(0);
}
+
Index: helpers/external_acl/AD_group/ext_ad_group_acl.cc
===================================================================
--- helpers/external_acl/AD_group/ext_ad_group_acl.cc.orig
+++ helpers/external_acl/AD_group/ext_ad_group_acl.cc
-@@ -800,8 +800,7 @@ main(int argc, char *argv[])
+@@ -801,8 +801,7 @@ main(int argc, char *argv[])
if (!DefaultDomain)
DefaultDomain = xstrdup(machinedomain);
}
@@ -37,7 +38,7 @@
===================================================================
--- helpers/external_acl/LM_group/ext_lm_group_acl.cc.orig
+++ helpers/external_acl/LM_group/ext_lm_group_acl.cc
-@@ -539,8 +539,7 @@ main(int argc, char *argv[])
+@@ -540,8 +540,7 @@ main(int argc, char *argv[])
if (!DefaultDomain)
DefaultDomain = xstrdup(machinedomain);
}
@@ -51,7 +52,7 @@
===================================================================
--- helpers/negotiate_auth/SSPI/negotiate_sspi_auth.cc.orig
+++ helpers/negotiate_auth/SSPI/negotiate_sspi_auth.cc
-@@ -274,7 +274,7 @@ main(int argc, char *argv[])
+@@ -281,7 +281,7 @@ main(int argc, char *argv[])
process_options(argc, argv);
@@ -64,7 +65,7 @@
===================================================================
--- helpers/ntlm_auth/SSPI/ntlm_sspi_auth.cc.orig
+++ helpers/ntlm_auth/SSPI/ntlm_sspi_auth.cc
-@@ -611,7 +611,7 @@ main(int argc, char *argv[])
+@@ -619,7 +619,7 @@ main(int argc, char *argv[])
process_options(argc, argv);
@@ -77,7 +78,7 @@
===================================================================
--- helpers/ntlm_auth/fake/ntlm_fake_auth.cc.orig
+++ helpers/ntlm_auth/fake/ntlm_fake_auth.cc
-@@ -173,7 +173,7 @@ main(int argc, char *argv[])
+@@ -147,7 +147,7 @@ main(int argc, char *argv[])
process_options(argc, argv);
@@ -85,12 +86,12 @@
+ debug("%s starting up...\n", my_program_name);
while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) {
- user[0] = '\0'; /*no user code */
+ user[0] = '\0'; /*no user code */
Index: helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
===================================================================
--- helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc.orig
+++ helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
-@@ -632,7 +632,7 @@ manage_request()
+@@ -622,7 +622,7 @@ manage_request()
int
main(int argc, char *argv[])
{
@@ -103,7 +104,7 @@
===================================================================
--- helpers/url_rewrite/fake/fake.cc.orig
+++ helpers/url_rewrite/fake/fake.cc
-@@ -101,7 +101,7 @@ main(int argc, char *argv[])
+@@ -104,7 +104,7 @@ main(int argc, char *argv[])
process_options(argc, argv);
@@ -112,11 +113,12 @@
while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) {
char *p;
-@@ -117,6 +117,6 @@ main(int argc, char *argv[])
- /* send 'no-change' result back to Squid */
- fprintf(stdout,"\n");
+@@ -127,7 +127,7 @@ main(int argc, char *argv[])
+ fprintf(stdout, "%" PRId64 " ERR\n", channelId);
+ }
}
- debug("%s build " __DATE__ ", " __TIME__ " shutting down...\n",
my_program_name);
+ debug("%s shutting down...\n", my_program_name);
- exit(0);
+ return 0;
}
+
++++++ squid-old-kerberos.patch ++++++
Index: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc
===================================================================
--- helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc.orig
2015-03-28 11:58:05.000000000 +0100
+++ helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc 2015-04-01
14:45:11.970927882 +0200
@@ -537,7 +537,11 @@ main(int argc, char *const argv[])
keytab_name_env = getenv("KRB5_KTNAME");
if (!keytab_name_env) {
ret = krb5_init_context(&context);
+#if HAVE_PAC_SUPPORT || HAVE_KRB5_MEMORY_KEYTAB
if (!check_k5_err(context, "krb5_init_context", ret)) {
+#else
+ if (0 == ret) { // no error continue...
+#endif
krb5_kt_default_name(context, default_keytab, MAXPATHLEN);
}
keytab_name = xstrdup(default_keytab);
