From 56779b2ba5c708fcc31e1997a83e1b5833d8e122 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 27 Jul 2017 19:12:34 +0000 Subject: [PATCH 001/124] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild --- squid.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index 455da9e..b77aa9a 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.0.20 -Release: 2%{?dist} +Release: 3%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -299,6 +299,9 @@ fi %changelog +* Thu Jul 27 2017 Fedora Release Engineering - 7:4.0.20-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + * Mon Jun 05 2017 Luboš Uhliarik - 7:4.0.20-2 - related: new version 4.0.20 From 42b784ae44c382cb51e29659758cdee42c7a80a1 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 3 Aug 2017 08:48:26 +0000 Subject: [PATCH 002/124] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild --- squid.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index b77aa9a..c122e02 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.0.20 -Release: 3%{?dist} +Release: 4%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -299,6 +299,9 @@ fi %changelog +* Thu Aug 03 2017 Fedora Release Engineering - 7:4.0.20-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + * Thu Jul 27 2017 Fedora Release Engineering - 7:4.0.20-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild From 2393173d2b75a9d97e491811d547c4c6d5fde05e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Mon, 7 Aug 2017 15:33:20 +0200 Subject: [PATCH 003/124] new version 4.0.21 --- sources | 4 ++-- squid.spec | 7 +++++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/sources b/sources index f39bd64..b192828 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (squid-4.0.20.tar.xz) = 8599afb8819cf856ca60c1d292407a4cb172086d971355bec7269f2fa753fcb3d5d2d2e2ec488f273b4131b7eb78c807f6c03ff9124d69b56507044cdbc5e034 -SHA512 (squid-4.0.20.tar.xz.asc) = edca4000a9091a772bdd494cba79e8893f46a14370f97a652634aee91f2d97af4f2898ae16486cec25d8d54ed235b35785eb93d6665291e2b3074194fa08e2cc +fd88e62a3b6b7e9de37fc11ce1cd6ef7 squid-4.0.21.tar.xz +cd4b969c4f04b1447a14daefb15dd688 squid-4.0.21.tar.xz.asc diff --git a/squid.spec b/squid.spec index c122e02..7a60b77 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 4.0.20 -Release: 4%{?dist} +Version: 4.0.21 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -299,6 +299,9 @@ fi %changelog +* Mon Aug 07 2017 Luboš Uhliarik - 7:4.0.21-1 +- new version 4.0.21 + * Thu Aug 03 2017 Fedora Release Engineering - 7:4.0.20-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild From 41ed30d1713e8ce3858301b667658c0f905b1975 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Mon, 7 Aug 2017 15:36:56 +0200 Subject: [PATCH 004/124] Updated sources file --- sources | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index b192828..c0f17ad 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -fd88e62a3b6b7e9de37fc11ce1cd6ef7 squid-4.0.21.tar.xz -cd4b969c4f04b1447a14daefb15dd688 squid-4.0.21.tar.xz.asc +SHA512 (squid-4.0.21.tar.xz) = eb0cf99c4a2abb48a2edfbfbd18c963816da28c0cb050a5825d8fea1ce4f4d932ba2c737b47dc34bfbb62bf83ba1e9589b67c3bac1fd8413de81e074fe5d7b7e +SHA512 (squid-4.0.21.tar.xz.asc) = 314bab337ecbf73abb1f0f9df0681b85e48c45122f03771169bcf3227daba4e942635a5b058d642a1dbd86153e442c71b5d7c5bbc1be19d198853bc9d6deea90 From 5c4767b58eece39e12e4378bb3ffca1e63c90aa2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Wed, 17 Jan 2018 12:07:53 +0100 Subject: [PATCH 005/124] new version 4.0.22 --- sources | 4 ++-- squid.spec | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/sources b/sources index c0f17ad..d91bda4 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (squid-4.0.21.tar.xz) = eb0cf99c4a2abb48a2edfbfbd18c963816da28c0cb050a5825d8fea1ce4f4d932ba2c737b47dc34bfbb62bf83ba1e9589b67c3bac1fd8413de81e074fe5d7b7e -SHA512 (squid-4.0.21.tar.xz.asc) = 314bab337ecbf73abb1f0f9df0681b85e48c45122f03771169bcf3227daba4e942635a5b058d642a1dbd86153e442c71b5d7c5bbc1be19d198853bc9d6deea90 +SHA512 (squid-4.0.22.tar.xz) = 2a12af0168f5695a6e6f3e6bdb8c5126de5860450b19ec3b31e5e6b88ef560aaf0270309fbb368aadc17bd39eb4f752e007e8871ef02106003c1f6701c368318 +SHA512 (squid-4.0.22.tar.xz.asc) = 1c99ea9aca28feae882172f4828b9cc2cc427c78da42fb5be676125747172080efb69f8ced919f988861159fbc67a8ccb98d18ec169f4c8df38dbcc895368f05 diff --git a/squid.spec b/squid.spec index 7a60b77..24345cf 100644 --- a/squid.spec +++ b/squid.spec @@ -1,7 +1,7 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 4.0.21 +Version: 4.0.22 Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 @@ -299,6 +299,9 @@ fi %changelog +* Wed Jan 17 2018 Luboš Uhliarik - 7:4.0.22-1 +- new version 4.0.22 + * Mon Aug 07 2017 Luboš Uhliarik - 7:4.0.21-1 - new version 4.0.21 From e54d925b138e32edb85708fccbe3b4c141721ff6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Wed, 17 Jan 2018 15:29:07 +0100 Subject: [PATCH 006/124] new version 4.0.22 Removed NIS helper (#1531540) --- squid.spec | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/squid.spec b/squid.spec index 24345cf..7e836f7 100644 --- a/squid.spec +++ b/squid.spec @@ -60,7 +60,6 @@ BuildRequires: libcap-devel BuildRequires: libecap-devel #ip_user helper requires BuildRequires: gcc-c++ -# BuildRequires: libtool libtool-ltdl-devel BuildRequires: perl-generators # For test suite @@ -101,6 +100,8 @@ CXXFLAGS="$RPM_OPT_FLAGS -fPIC" CFLAGS="$RPM_OPT_FLAGS -fPIC" LDFLAGS="$RPM_LD_FLAGS -pie -Wl,-z,relro -Wl,-z,now -Wl,--warn-shared-textrel" +# NIS helper has been removed because of the following bug +# https://bugzilla.redhat.com/show_bug.cgi?id=1531540 %configure \ --exec_prefix=%{_prefix} \ --libexecdir=%{_libdir}/squid \ @@ -113,7 +114,7 @@ LDFLAGS="$RPM_LD_FLAGS -pie -Wl,-z,relro -Wl,-z,now -Wl,--warn-shared-textrel" --enable-eui \ --enable-follow-x-forwarded-for \ --enable-auth \ - --enable-auth-basic="DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,SMB_LM" \ + --enable-auth-basic="DB,fake,getpwnam,LDAP,NCSA,PAM,POP3,RADIUS,SASL,SMB,SMB_LM" \ --enable-auth-ntlm="SMB_LM,fake" \ --enable-auth-digest="file,LDAP" \ --enable-auth-negotiate="kerberos" \ @@ -301,6 +302,7 @@ fi %changelog * Wed Jan 17 2018 Luboš Uhliarik - 7:4.0.22-1 - new version 4.0.22 +- Removed NIS helper (#1531540) * Mon Aug 07 2017 Luboš Uhliarik - 7:4.0.21-1 - new version 4.0.21 From 7ad00beff6b05475e700f312856327f35dd03486 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= Date: Sat, 20 Jan 2018 23:08:35 +0100 Subject: [PATCH 007/124] Rebuilt for switch to libxcrypt --- squid.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index 7e836f7..b19f17c 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.0.22 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -300,6 +300,9 @@ fi %changelog +* Sat Jan 20 2018 Björn Esser - 7:4.0.22-2 +- Rebuilt for switch to libxcrypt + * Wed Jan 17 2018 Luboš Uhliarik - 7:4.0.22-1 - new version 4.0.22 - Removed NIS helper (#1531540) From e5ea919d45cb8f979a1d75d61df70b02d2b4a111 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Tue, 23 Jan 2018 16:32:11 +0100 Subject: [PATCH 008/124] new version 4.0.23 --- sources | 4 ++-- squid.spec | 7 +++++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/sources b/sources index d91bda4..15e2a74 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (squid-4.0.22.tar.xz) = 2a12af0168f5695a6e6f3e6bdb8c5126de5860450b19ec3b31e5e6b88ef560aaf0270309fbb368aadc17bd39eb4f752e007e8871ef02106003c1f6701c368318 -SHA512 (squid-4.0.22.tar.xz.asc) = 1c99ea9aca28feae882172f4828b9cc2cc427c78da42fb5be676125747172080efb69f8ced919f988861159fbc67a8ccb98d18ec169f4c8df38dbcc895368f05 +SHA512 (squid-4.0.23.tar.xz) = 30d59f7ec8effae53603d7e33536baa27a523b34f8865463cb4d7c8496f485e53dd21d1cb40cda52963d29cffad70dc95f314c6c204085beb7f3a91266b3c72a +SHA512 (squid-4.0.23.tar.xz.asc) = c6e524221dd2e4987cd35c23e0a28ee1736e5fffb8f7edd0d2b3ddec8dcd8a330c34ea798ae77356bb8c5c16a7a9942775612e9d3b37cd880fbd9ead67ccdd10 diff --git a/squid.spec b/squid.spec index b19f17c..6bf1e68 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 4.0.22 -Release: 2%{?dist} +Version: 4.0.23 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -300,6 +300,9 @@ fi %changelog +* Tue Jan 23 2018 Luboš Uhliarik - 7:4.0.23-1 +- new version 4.0.23 + * Sat Jan 20 2018 Björn Esser - 7:4.0.22-2 - Rebuilt for switch to libxcrypt From 0502e696542c71711447fd114a9405de5a43e374 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Tue, 23 Jan 2018 16:34:46 +0100 Subject: [PATCH 009/124] Adjusted patch --- squid-3.0.STABLE1-perlpath.patch | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/squid-3.0.STABLE1-perlpath.patch b/squid-3.0.STABLE1-perlpath.patch index dda0d33..052b8d7 100644 --- a/squid-3.0.STABLE1-perlpath.patch +++ b/squid-3.0.STABLE1-perlpath.patch @@ -1,9 +1,10 @@ -diff -up squid-3.0.STABLE1/contrib/url-normalizer.pl.perlpath squid-3.0.STABLE1/contrib/url-normalizer.pl ---- squid-3.0.STABLE1/contrib/url-normalizer.pl.perlpath 1996-12-06 18:54:31.000000000 +0100 -+++ squid-3.0.STABLE1/contrib/url-normalizer.pl 2008-01-23 12:07:50.000000000 +0100 +diff --git a/contrib/url-normalizer.pl b/contrib/url-normalizer.pl +index 90ac6a4..8dbed90 100755 +--- a/contrib/url-normalizer.pl ++++ b/contrib/url-normalizer.pl @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl -Tw +#!/usr/bin/perl -Tw # - # * Copyright (C) 1996-2017 The Squid Software Foundation and contributors + # * Copyright (C) 1996-2018 The Squid Software Foundation and contributors # * From 32d2a7a6bb3e61588af11a4451b72c1021833c3d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Tue, 23 Jan 2018 16:50:07 +0100 Subject: [PATCH 010/124] Resolves: #1481195 - squid loses some REs when optimising ACLs --- squid-4.0.21-large-acl.patch | 178 +++++++++++++++++++++++++++++++++++ squid.spec | 7 +- 2 files changed, 184 insertions(+), 1 deletion(-) create mode 100644 squid-4.0.21-large-acl.patch diff --git a/squid-4.0.21-large-acl.patch b/squid-4.0.21-large-acl.patch new file mode 100644 index 0000000..8aacf38 --- /dev/null +++ b/squid-4.0.21-large-acl.patch @@ -0,0 +1,178 @@ +diff --git a/src/acl/RegexData.cc b/src/acl/RegexData.cc +index 01a4c12..b5c1679 100644 +--- a/src/acl/RegexData.cc ++++ b/src/acl/RegexData.cc +@@ -22,6 +22,7 @@ + #include "ConfigParser.h" + #include "Debug.h" + #include "sbuf/List.h" ++#include "sbuf/Algorithms.h" + + ACLRegexData::~ACLRegexData() + { +@@ -129,6 +130,18 @@ compileRE(std::list &curlist, const char * RE, int flags) + return true; + } + ++static bool ++compileRE(std::list &curlist, const SBufList &RE, int flags) ++{ ++ if (RE.empty()) ++ return curlist.empty(); // XXX: old code did this. It looks wrong. ++ SBuf regexp; ++ static const SBuf openparen("("), closeparen(")"), separator(")|("); ++ JoinContainerIntoSBuf(regexp, RE.begin(), RE.end(), separator, openparen, ++ closeparen); ++ return compileRE(curlist, regexp.c_str(), flags); ++} ++ + /** Compose and compile one large RE from a set of (small) REs. + * The ultimate goal is to have only one RE per ACL so that match() is + * called only once per ACL. +@@ -137,16 +150,11 @@ static int + compileOptimisedREs(std::list &curlist, const SBufList &sl) + { + std::list newlist; +- int numREs = 0; ++ SBufList accumulatedRE; ++ int numREs = 0, reSize = 0; + int flags = REG_EXTENDED | REG_NOSUB; +- int largeREindex = 0; +- char largeRE[BUFSIZ]; +- *largeRE = 0; + + for (const SBuf & configurationLineWord : sl) { +- int RElen; +- RElen = configurationLineWord.length(); +- + static const SBuf minus_i("-i"); + static const SBuf plus_i("+i"); + if (configurationLineWord == minus_i) { +@@ -155,10 +163,11 @@ compileOptimisedREs(std::list &curlist, const SBufList &sl) + debugs(28, 2, "optimisation of -i ... -i" ); + } else { + debugs(28, 2, "-i" ); +- if (!compileRE(newlist, largeRE, flags)) ++ if (!compileRE(newlist, accumulatedRE, flags)) + return 0; + flags |= REG_ICASE; +- largeRE[largeREindex=0] = '\0'; ++ accumulatedRE.clear(); ++ reSize = 0; + } + } else if (configurationLineWord == plus_i) { + if ((flags & REG_ICASE) == 0) { +@@ -166,37 +175,34 @@ compileOptimisedREs(std::list &curlist, const SBufList &sl) + debugs(28, 2, "optimisation of +i ... +i"); + } else { + debugs(28, 2, "+i"); +- if (!compileRE(newlist, largeRE, flags)) ++ if (!compileRE(newlist, accumulatedRE, flags)) + return 0; + flags &= ~REG_ICASE; +- largeRE[largeREindex=0] = '\0'; ++ accumulatedRE.clear(); ++ reSize = 0; + } +- } else if (RElen + largeREindex + 3 < BUFSIZ-1) { ++ } else if (reSize < 1024) { + debugs(28, 2, "adding RE '" << configurationLineWord << "'"); +- if (largeREindex > 0) { +- largeRE[largeREindex] = '|'; +- ++largeREindex; +- } +- largeRE[largeREindex] = '('; +- ++largeREindex; +- configurationLineWord.copy(largeRE+largeREindex, BUFSIZ-largeREindex); +- largeREindex += configurationLineWord.length(); +- largeRE[largeREindex] = ')'; +- ++largeREindex; +- largeRE[largeREindex] = '\0'; ++ accumulatedRE.push_back(configurationLineWord); + ++numREs; ++ reSize += configurationLineWord.length(); + } else { + debugs(28, 2, "buffer full, generating new optimised RE..." ); +- if (!compileRE(newlist, largeRE, flags)) ++ accumulatedRE.push_back(configurationLineWord); ++ if (!compileRE(newlist, accumulatedRE, flags)) + return 0; +- largeRE[largeREindex=0] = '\0'; ++ accumulatedRE.clear(); ++ reSize = 0; + continue; /* do the loop again to add the RE to largeRE */ + } + } + +- if (!compileRE(newlist, largeRE, flags)) ++ if (!compileRE(newlist, accumulatedRE, flags)) + return 0; + ++ accumulatedRE.clear(); ++ reSize = 0; ++ + /* all was successful, so put the new list at the tail */ + curlist.splice(curlist.end(), newlist); + +diff --git a/src/sbuf/Algorithms.h b/src/sbuf/Algorithms.h +index 21ee889..338e9c0 100644 +--- a/src/sbuf/Algorithms.h ++++ b/src/sbuf/Algorithms.h +@@ -81,6 +81,57 @@ SBufContainerJoin(const Container &items, const SBuf& separator) + return rv; + } + ++/** Join container of SBufs and append to supplied target ++ * ++ * append to the target SBuf all elements in the [begin,end) range from ++ * an iterable container, prefixed by prefix, separated by separator and ++ * followed by suffix. Prefix and suffix are added also in case of empty ++ * iterable ++ * ++ * \return the modified dest ++ */ ++template ++SBuf& ++JoinContainerIntoSBuf(SBuf &dest, const ContainerIterator &begin, ++ const ContainerIterator &end, const SBuf& separator, ++ const SBuf& prefix = SBuf(), const SBuf& suffix = SBuf()) ++{ ++ if (begin == end) { ++ dest.append(prefix).append(suffix); ++ return dest; ++ } ++ ++ // optimization: pre-calculate needed storage ++ const SBuf::size_type totalContainerSize = ++ std::accumulate(begin, end, 0, SBufAddLength(separator)) + ++ dest.length() + prefix.length() + suffix.length(); ++ SBufReservationRequirements req; ++ req.minSpace = totalContainerSize; ++ dest.reserve(req); ++ ++ auto i = begin; ++ dest.append(prefix); ++ dest.append(*i); ++ ++i; ++ for (; i != end; ++i) ++ dest.append(separator).append(*i); ++ dest.append(suffix); ++ return dest; ++} ++ ++ ++/// convenience wrapper of JoinContainerIntoSBuf with no caller-supplied SBuf ++template ++SBuf ++JoinContainerToSBuf(const ContainerIterator &begin, ++ const ContainerIterator &end, const SBuf& separator, ++ const SBuf& prefix = SBuf(), const SBuf& suffix = SBuf()) ++{ ++ SBuf rv; ++ return JoinContainerIntoSBuf(rv, begin, end, separator, prefix, suffix); ++} ++ ++ + namespace std { + /// default hash functor to support std::unordered_map + template <> diff --git a/squid.spec b/squid.spec index 6bf1e68..5d1c317 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.0.23 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -31,6 +31,7 @@ Patch201: squid-4.0.11-config.patch Patch202: squid-3.1.0.9-location.patch Patch203: squid-3.0.STABLE1-perlpath.patch Patch204: squid-3.5.9-include-guards.patch +Patch205: squid-4.0.21-large-acl.patch Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: bash >= 2.0 @@ -90,6 +91,7 @@ lookup program (dnsserver), a program for retrieving FTP data %patch202 -p1 -b .location %patch203 -p1 -b .perlpath %patch204 -p0 -b .include-guards +%patch205 -p1 -b .large_acl %build # cppunit-config patch changes configure.ac @@ -300,6 +302,9 @@ fi %changelog +* Tue Jan 23 2018 Luboš Uhliarik - 7:4.0.23-2 +- Resolves: #1481195 - squid loses some REs when optimising ACLs + * Tue Jan 23 2018 Luboš Uhliarik - 7:4.0.23-1 - new version 4.0.23 From abc5aa8f2f97865d852ca3307d91922a86d98dd8 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 9 Feb 2018 17:33:28 +0000 Subject: [PATCH 011/124] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- squid.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index 5d1c317..242dcab 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.0.23 -Release: 2%{?dist} +Release: 3%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -302,6 +302,9 @@ fi %changelog +* Fri Feb 09 2018 Fedora Release Engineering - 7:4.0.23-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + * Tue Jan 23 2018 Luboš Uhliarik - 7:4.0.23-2 - Resolves: #1481195 - squid loses some REs when optimising ACLs From c85956c5db53b09756cdeca4005bd255af3c6fd3 Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Wed, 14 Feb 2018 08:51:31 +0100 Subject: [PATCH 012/124] Remove %clean section None of currently supported distributions need that. Last one was EL5 which is EOL for a while. Signed-off-by: Igor Gnatenko --- squid.spec | 3 --- 1 file changed, 3 deletions(-) diff --git a/squid.spec b/squid.spec index 242dcab..2160413 100644 --- a/squid.spec +++ b/squid.spec @@ -220,9 +220,6 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/squid/squid.conf.documented rm -f $RPM_BUILD_ROOT%{_bindir}/{RunAccel,RunCache} rm -f $RPM_BUILD_ROOT/squid.httpd.tmp -%clean -rm -rf $RPM_BUILD_ROOT - %files %defattr(-,root,root,-) %license COPYING From bd55ea6590f320f3d4050f4af1b9aaab17c5c1a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Thu, 8 Mar 2018 13:14:25 +0100 Subject: [PATCH 013/124] new version 4.0.24 --- sources | 4 ++-- squid.spec | 7 +++++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/sources b/sources index 15e2a74..3ab3445 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (squid-4.0.23.tar.xz) = 30d59f7ec8effae53603d7e33536baa27a523b34f8865463cb4d7c8496f485e53dd21d1cb40cda52963d29cffad70dc95f314c6c204085beb7f3a91266b3c72a -SHA512 (squid-4.0.23.tar.xz.asc) = c6e524221dd2e4987cd35c23e0a28ee1736e5fffb8f7edd0d2b3ddec8dcd8a330c34ea798ae77356bb8c5c16a7a9942775612e9d3b37cd880fbd9ead67ccdd10 +SHA512 (squid-4.0.24.tar.xz) = 6941e0aed4d93f12b269668242336ff6e277bb89182c5adadd2db6dd54c51c2de3b41e916408fca5d20ae43856679a56ddaf2b3de3fb4b8ac8133816ee1d4c7e +SHA512 (squid-4.0.24.tar.xz.asc) = 43520c9bb46dd4eeccd43f0bb5a95a5c5ba04864253a4169f464e1f5ac0a26895c2fea85ea8248429a0f7eed805f3ed007f5122feb5353c7122f865f4df6699f diff --git a/squid.spec b/squid.spec index 2160413..e03ad45 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 4.0.23 -Release: 3%{?dist} +Version: 4.0.24 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -299,6 +299,9 @@ fi %changelog +* Thu Mar 08 2018 Luboš Uhliarik - 7:4.0.24-1 +- new version 4.0.24 + * Fri Feb 09 2018 Fedora Release Engineering - 7:4.0.23-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild From d56ef84b7f29ad8ad3fdd4d8b89afbd0b78e6a90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Thu, 8 Mar 2018 14:59:31 +0100 Subject: [PATCH 014/124] new version 4.0.24 disabled strict checking (removed -Werror) --- squid.spec | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/squid.spec b/squid.spec index e03ad45..5032434 100644 --- a/squid.spec +++ b/squid.spec @@ -131,9 +131,7 @@ LDFLAGS="$RPM_LD_FLAGS -pie -Wl,-z,relro -Wl,-z,now -Wl,--warn-shared-textrel" %ifnarch %{power64} ia64 x86_64 s390x aarch64 --with-large-files \ %endif - %ifarch %{arm} --disable-strict-error-checking \ - %endif --enable-linux-netfilter \ --enable-removal-policies="heap,lru" \ --enable-snmp \ @@ -301,6 +299,7 @@ fi %changelog * Thu Mar 08 2018 Luboš Uhliarik - 7:4.0.24-1 - new version 4.0.24 +- disabled strict checking (removed -Werror) * Fri Feb 09 2018 Fedora Release Engineering - 7:4.0.23-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild From d46c4e3cfb279ecdb2f05a0df30273b25a2da551 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Mon, 4 Jun 2018 15:09:48 +0200 Subject: [PATCH 015/124] removed obsolete BuildRequires (libdb4-devel) --- squid.spec | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/squid.spec b/squid.spec index 5032434..d230f33 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.0.24 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -49,8 +49,6 @@ BuildRequires: pam-devel BuildRequires: openssl-devel # squid_kerb_aut requires Kerberos development libs BuildRequires: krb5-devel -# squid_session_auth requires DB4 -BuildRequires: libdb4-devel # time_quota requires DB BuildRequires: libdb-devel # ESI support requires Expat & libxml2 @@ -297,6 +295,9 @@ fi %changelog +* Mon Jun 04 2018 Luboš Uhliarik - 7:4.0.24-2 +- removed obsolete BuildRequires (libdb4-devel) + * Thu Mar 08 2018 Luboš Uhliarik - 7:4.0.24-1 - new version 4.0.24 - disabled strict checking (removed -Werror) From cae651cd530666ad3ab0a76a6b2224996b243533 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Thu, 28 Jun 2018 12:00:27 +0200 Subject: [PATCH 016/124] new version 4.0.25 --- sources | 4 ++-- squid.spec | 7 +++++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/sources b/sources index 3ab3445..f080678 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (squid-4.0.24.tar.xz) = 6941e0aed4d93f12b269668242336ff6e277bb89182c5adadd2db6dd54c51c2de3b41e916408fca5d20ae43856679a56ddaf2b3de3fb4b8ac8133816ee1d4c7e -SHA512 (squid-4.0.24.tar.xz.asc) = 43520c9bb46dd4eeccd43f0bb5a95a5c5ba04864253a4169f464e1f5ac0a26895c2fea85ea8248429a0f7eed805f3ed007f5122feb5353c7122f865f4df6699f +SHA512 (squid-4.0.25.tar.xz) = 5b67ae913017ca93e6381eaac4cc74cf4f37c7b0f54ad881e3fcbf0a0d53aca66f89eacab09353a2f4060062e1344b14f4deb3012ecdd861b93e21bd7500bfb9 +SHA512 (squid-4.0.25.tar.xz.asc) = 1cdf82e98d1d4768c401e8dd2335cf588ca49315b307f3c7a1d976825cfc676ea23edd836be841fb5632cda46a33cc1cec4e9a241bb5beae36991ca9ed58e4f4 diff --git a/squid.spec b/squid.spec index d230f33..97bc2d3 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 4.0.24 -Release: 2%{?dist} +Version: 4.0.25 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -295,6 +295,9 @@ fi %changelog +* Thu Jun 28 2018 Luboš Uhliarik - 7:4.0.25-1 +- new version 4.0.25 + * Mon Jun 04 2018 Luboš Uhliarik - 7:4.0.24-2 - removed obsolete BuildRequires (libdb4-devel) From 776e236d0d00810eb20d662057a56f8b4cb84da5 Mon Sep 17 00:00:00 2001 From: Jason Tibbitts Date: Tue, 10 Jul 2018 01:27:02 -0500 Subject: [PATCH 017/124] Remove needless use of %defattr --- squid.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/squid.spec b/squid.spec index 97bc2d3..4e703ef 100644 --- a/squid.spec +++ b/squid.spec @@ -217,7 +217,6 @@ rm -f $RPM_BUILD_ROOT%{_bindir}/{RunAccel,RunCache} rm -f $RPM_BUILD_ROOT/squid.httpd.tmp %files -%defattr(-,root,root,-) %license COPYING %doc CONTRIBUTORS README ChangeLog QUICKSTART src/squid.conf.documented %doc contrib/url-normalizer.pl contrib/user-agents.pl From 903d223934e2cb0444413b1fd1cf506f96c9faf2 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 14 Jul 2018 06:39:13 +0000 Subject: [PATCH 018/124] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- squid.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index 4e703ef..d3d3f01 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.0.25 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -294,6 +294,9 @@ fi %changelog +* Sat Jul 14 2018 Fedora Release Engineering - 7:4.0.25-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + * Thu Jun 28 2018 Luboš Uhliarik - 7:4.0.25-1 - new version 4.0.25 From 07dae2df82b3718d5765ab65e683d97d58d2e5dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Wed, 1 Aug 2018 22:08:29 +0200 Subject: [PATCH 019/124] new version 4.1 --- sources | 4 ++-- squid.spec | 7 +++++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/sources b/sources index f080678..da01a01 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (squid-4.0.25.tar.xz) = 5b67ae913017ca93e6381eaac4cc74cf4f37c7b0f54ad881e3fcbf0a0d53aca66f89eacab09353a2f4060062e1344b14f4deb3012ecdd861b93e21bd7500bfb9 -SHA512 (squid-4.0.25.tar.xz.asc) = 1cdf82e98d1d4768c401e8dd2335cf588ca49315b307f3c7a1d976825cfc676ea23edd836be841fb5632cda46a33cc1cec4e9a241bb5beae36991ca9ed58e4f4 +SHA512 (squid-4.1.tar.xz) = f8f6b71beeec345ef5c18d42f99e93d05d22b228bf2e3adbb41e15e7223c75b31140f4af6efac94fab78b3d053fc1e9b8946674504b2e58caefa079a34fd00d4 +SHA512 (squid-4.1.tar.xz.asc) = 649530e7f7aee84153a59ca4c0683f8d96fa60b133b1654b23c3610ff0370e9b285da8be22293174f62d312913409d3410147214e55eabb7b62ad0d25051e327 diff --git a/squid.spec b/squid.spec index d3d3f01..ed0f5ff 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 4.0.25 -Release: 2%{?dist} +Version: 4.1 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -294,6 +294,9 @@ fi %changelog +* Wed Aug 01 2018 Luboš Uhliarik - 7:4.1-1 +- new version 4.1 + * Sat Jul 14 2018 Fedora Release Engineering - 7:4.0.25-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild From 300aaee6fe984f5555a1d6c0e03529ee7263b6d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Mon, 6 Aug 2018 12:25:54 +0200 Subject: [PATCH 020/124] new version 4.2 --- sources | 4 ++-- squid.spec | 8 ++++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/sources b/sources index da01a01..8f5b68f 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (squid-4.1.tar.xz) = f8f6b71beeec345ef5c18d42f99e93d05d22b228bf2e3adbb41e15e7223c75b31140f4af6efac94fab78b3d053fc1e9b8946674504b2e58caefa079a34fd00d4 -SHA512 (squid-4.1.tar.xz.asc) = 649530e7f7aee84153a59ca4c0683f8d96fa60b133b1654b23c3610ff0370e9b285da8be22293174f62d312913409d3410147214e55eabb7b62ad0d25051e327 +SHA512 (squid-4.2.tar.xz) = bd22e0ed646e14f3bf776b84fa8e78066a889216a5afa1f0a854070aeca67ffa88b25712d4ab3b147ab59343d3dc12a0e5d78c592d509134e05f8e301e0a95a9 +SHA512 (squid-4.2.tar.xz.asc) = d0ee7e7b7bc5f612223e6b1151d10f986f5b86e14ea835bc1a9122db66ffc64f1991f08ef65aaafa84c7f4bc36f2ca056f8224d9c487f7872c99a609bc6c4d5e diff --git a/squid.spec b/squid.spec index ed0f5ff..f3e64d0 100644 --- a/squid.spec +++ b/squid.spec @@ -1,7 +1,7 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 4.1 +Version: 4.2 Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 @@ -146,7 +146,8 @@ LDFLAGS="$RPM_LD_FLAGS -pie -Wl,-z,relro -Wl,-z,now -Wl,--warn-shared-textrel" --with-openssl \ --with-pthreads \ --disable-arch-native \ - --with-pic + --with-pic \ + --disable-security-cert-validators make \ DEFAULT_SWAP_DIR=%{_localstatedir}/spool/squid \ @@ -294,6 +295,9 @@ fi %changelog +* Mon Aug 06 2018 Luboš Uhliarik - 7:4.2-1 +- new version 4.2 + * Wed Aug 01 2018 Luboš Uhliarik - 7:4.1-1 - new version 4.1 From 65ab116690fdfc3a247e3085b0dc41ce900b4f49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Mon, 6 Aug 2018 12:27:00 +0200 Subject: [PATCH 021/124] Enable back strict error checking --- squid.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index f3e64d0..bdf8eb0 100644 --- a/squid.spec +++ b/squid.spec @@ -129,7 +129,6 @@ LDFLAGS="$RPM_LD_FLAGS -pie -Wl,-z,relro -Wl,-z,now -Wl,--warn-shared-textrel" %ifnarch %{power64} ia64 x86_64 s390x aarch64 --with-large-files \ %endif - --disable-strict-error-checking \ --enable-linux-netfilter \ --enable-removal-policies="heap,lru" \ --enable-snmp \ @@ -297,6 +296,7 @@ fi %changelog * Mon Aug 06 2018 Luboš Uhliarik - 7:4.2-1 - new version 4.2 +- enable back strict error checking * Wed Aug 01 2018 Luboš Uhliarik - 7:4.1-1 - new version 4.1 From a9d6d1f079e12c2099991ea8a565aaea71a38b98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Mon, 20 Aug 2018 17:09:46 +0200 Subject: [PATCH 022/124] Resolves: #1618790 - SELinux 'dac_override' denial for cache_swap.sh --- squid.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/squid.spec b/squid.spec index bdf8eb0..a23bdc1 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.2 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -226,7 +226,7 @@ rm -f $RPM_BUILD_ROOT/squid.httpd.tmp %attr(755,root,root) %{_libexecdir}/squid/cache_swap.sh %attr(755,root,root) %dir %{_sysconfdir}/squid %attr(755,root,root) %dir %{_libdir}/squid -%attr(750,squid,squid) %dir %{_localstatedir}/log/squid +%attr(770,squid,root) %dir %{_localstatedir}/log/squid %attr(750,squid,squid) %dir %{_localstatedir}/spool/squid %attr(755,squid,squid) %dir %{_localstatedir}/run/squid @@ -294,6 +294,9 @@ fi %changelog +* Mon Aug 20 2018 Luboš Uhliarik - 7:4.2-2 +- Resolves: #1618790 - SELinux 'dac_override' denial for cache_swap.sh + * Mon Aug 06 2018 Luboš Uhliarik - 7:4.2-1 - new version 4.2 - enable back strict error checking From 5dcaec0b66b9f0ab00ab2519da19b8e530bc7d4c Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Sun, 14 Oct 2018 23:05:28 +0100 Subject: [PATCH 023/124] Drop obsolete legacy sys-v remanents Signed-off-by: Peter Robinson --- .gitignore | 2 - ...nfig-no-longer-exists-use-pkg-config.patch | 49 ------------------- squid.spec | 12 ++--- 3 files changed, 5 insertions(+), 58 deletions(-) delete mode 100644 0001-cppunit-config-no-longer-exists-use-pkg-config.patch diff --git a/.gitignore b/.gitignore index 865c742..c2dc451 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,2 @@ /*.asc /*.xz -/squid-3.3-12542.patch -/squid-3.4.4-1.fc21.src.rpm diff --git a/0001-cppunit-config-no-longer-exists-use-pkg-config.patch b/0001-cppunit-config-no-longer-exists-use-pkg-config.patch deleted file mode 100644 index c979ff4..0000000 --- a/0001-cppunit-config-no-longer-exists-use-pkg-config.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 9c35377eaeebf366b3fbc65ddf19cce50551ad68 Mon Sep 17 00:00:00 2001 -From: David Tardon -Date: Mon, 15 Feb 2016 18:39:45 +0100 -Subject: [PATCH] cppunit-config no longer exists, use pkg-config - ---- - configure.ac | 12 +++++------- - 1 file changed, 5 insertions(+), 7 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 981337d..2e663de 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -123,7 +123,6 @@ AC_PATH_PROG(LN, ln, cp) - AC_PATH_PROG(CHMOD, chmod, $FALSE) - AC_PATH_PROG(TR, tr, $FALSE) - AC_PATH_PROG(RM, rm, $FALSE) --AC_PATH_PROG(CPPUNITCONFIG, cppunit-config, false) - dnl Libtool 2.2.6 requires: rm -f - RM="$RM -f" - -@@ -2728,19 +2727,18 @@ SQUID_DEFINE_BOOL(X_ACCELERATOR_VARY,${enable_x_accelerator_vary:=no}, - AC_MSG_NOTICE([X-Accelerator-Vary support enabled: $enable_x_accelerator_vary]) - - --if $CPPUNITCONFIG --help >/dev/null; then -- squid_cv_cppunit_version="`$CPPUNITCONFIG --version`" -+PKG_CHECK_MODULES([SQUID_CPPUNIT], [cppunit], [ -+ squid_cv_cppunit_version="`$PKG_CONFIG --modversion cppunit`" - AC_MSG_NOTICE([using system installed cppunit version $squid_cv_cppunit_version]) - unset squid_cv_cppunit_version -- SQUID_CPPUNIT_LIBS="`$CPPUNITCONFIG --libs`" - SQUID_CPPUNIT_LA='' -- SQUID_CPPUNIT_INC="`$CPPUNITCONFIG --cflags`" --else -+ SQUID_CPPUNIT_INC="$SQUID_CPPUNIT_CFLAGS" -+], [ - AC_MSG_WARN([cppunit does not appear to be installed. squid does not require this, but code testing with 'make check' will fail.]) - SQUID_CPPUNIT_LA='' - SQUID_CPPUNIT_LIBS='' - SQUID_CPPUNIT_INC='' --fi -+]) - - AC_ARG_WITH(cppunit-basedir, - AS_HELP_STRING([--with-cppunit-basedir=PATH], --- -2.5.0 - diff --git a/squid.spec b/squid.spec index a23bdc1..2b2e41b 100644 --- a/squid.spec +++ b/squid.spec @@ -2,13 +2,13 @@ Name: squid Version: 4.2 -Release: 2%{?dist} +Release: 3%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code License: GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain) -Group: System Environment/Daemons URL: http://www.squid-cache.org + Source0: http://www.squid-cache.org/Versions/v4/squid-%{version}.tar.xz Source1: http://www.squid-cache.org/Versions/v4/squid-%{version}.tar.xz.asc Source2: squid.logrotate @@ -33,11 +33,8 @@ Patch203: squid-3.0.STABLE1-perlpath.patch Patch204: squid-3.5.9-include-guards.patch Patch205: squid-4.0.21-large-acl.patch -Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: bash >= 2.0 Requires(pre): shadow-utils -Requires(post): /sbin/chkconfig -Requires(preun): /sbin/chkconfig Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -156,7 +153,6 @@ make \ make check %install -rm -rf $RPM_BUILD_ROOT make \ DESTDIR=$RPM_BUILD_ROOT \ install @@ -175,7 +171,6 @@ ScriptAlias /Squid/cgi-bin/cachemgr.cgi %{_libdir}/squid/cachemgr.cgi " > $RPM_BUILD_ROOT/squid.httpd.tmp -mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pam.d @@ -294,6 +289,9 @@ fi %changelog +* Sun Oct 14 2018 Peter Robinson 7:4.2-3 +- Drop obsolete legacy sys-v remanents + * Mon Aug 20 2018 Luboš Uhliarik - 7:4.2-2 - Resolves: #1618790 - SELinux 'dac_override' denial for cache_swap.sh From 7e4c98fb3c25ab452cfeb527f25ed7385f669f69 Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Mon, 10 Dec 2018 16:24:40 +0000 Subject: [PATCH 024/124] new version 4.4 --- squid.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/squid.spec b/squid.spec index 2b2e41b..a621de9 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 4.2 -Release: 3%{?dist} +Version: 4.4 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -289,6 +289,9 @@ fi %changelog +* Mon Dec 10 2018 Lubos Uhliarik - 7:4.4-1 +- new version 4.4 + * Sun Oct 14 2018 Peter Robinson 7:4.2-3 - Drop obsolete legacy sys-v remanents From 85760ccf80d2c50df407095c4b3e74e1bf17b83b Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Tue, 11 Dec 2018 10:18:27 +0000 Subject: [PATCH 025/124] updated sources file --- sources | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 8f5b68f..06662ee 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (squid-4.2.tar.xz) = bd22e0ed646e14f3bf776b84fa8e78066a889216a5afa1f0a854070aeca67ffa88b25712d4ab3b147ab59343d3dc12a0e5d78c592d509134e05f8e301e0a95a9 -SHA512 (squid-4.2.tar.xz.asc) = d0ee7e7b7bc5f612223e6b1151d10f986f5b86e14ea835bc1a9122db66ffc64f1991f08ef65aaafa84c7f4bc36f2ca056f8224d9c487f7872c99a609bc6c4d5e +SHA512 (squid-4.4.tar.xz) = 8ed45abc65febf2955db11bafd49e940914a58230a8945afab9ea4926c4bafd538474a0836665b4131e23a23d6389d512a40bbe53368b8206ba4765fd71fb21f +SHA512 (squid-4.4.tar.xz.asc) = 4fd50f376b5ff9a249f702e17cc648ad34b37ad4df7548346a92d4dfca3bbd077c0a7138d7cef66539e29352fbf65b8ccf389ad1bcd8fe1bdb84770c8c778481 From 62a8519732544d308b1f2e40260253354f846dd3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= Date: Mon, 14 Jan 2019 19:17:19 +0100 Subject: [PATCH 026/124] Rebuilt for libcrypt.so.2 (#1666033) --- squid.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index a621de9..d85c7ac 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.4 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -289,6 +289,9 @@ fi %changelog +* Mon Jan 14 2019 Björn Esser - 7:4.4-2 +- Rebuilt for libcrypt.so.2 (#1666033) + * Mon Dec 10 2018 Lubos Uhliarik - 7:4.4-1 - new version 4.4 From 4a4c014c5f96c1adbb4306a89c8e298cf5fa70df Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sun, 3 Feb 2019 08:29:10 +0000 Subject: [PATCH 027/124] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- squid.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index d85c7ac..82c1f62 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.4 -Release: 2%{?dist} +Release: 3%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -289,6 +289,9 @@ fi %changelog +* Sun Feb 03 2019 Fedora Release Engineering - 7:4.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + * Mon Jan 14 2019 Björn Esser - 7:4.4-2 - Rebuilt for libcrypt.so.2 (#1666033) From a942cf4117a578d7521afefb3bb05bab358ce1ba Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Wed, 24 Apr 2019 15:59:18 +0000 Subject: [PATCH 028/124] new version 4.6 disabled strict checking due to gcc warnings --- sources | 4 ++-- squid-3.0.STABLE1-perlpath.patch | 4 ++-- squid.spec | 11 ++++++++--- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/sources b/sources index 06662ee..ed90053 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (squid-4.4.tar.xz) = 8ed45abc65febf2955db11bafd49e940914a58230a8945afab9ea4926c4bafd538474a0836665b4131e23a23d6389d512a40bbe53368b8206ba4765fd71fb21f -SHA512 (squid-4.4.tar.xz.asc) = 4fd50f376b5ff9a249f702e17cc648ad34b37ad4df7548346a92d4dfca3bbd077c0a7138d7cef66539e29352fbf65b8ccf389ad1bcd8fe1bdb84770c8c778481 +SHA512 (squid-4.6.tar.xz) = dbe2b02b83d53d67459e22a19e71cbf99b66d74a2ddc4bc69310f03a0a6092e5840766ad699fc43893516e97ef89799ef2147dd40f76b0bd688c1e271fd20d06 +SHA512 (squid-4.6.tar.xz.asc) = 2fa9d396857ed8d6e12f0eab63d1f896ebee8e24ca84715f8ed5229cacbb0ea7b2b227bf0623112e0ad76d557491f14733073d661e9d20370c1da84be3dcf10b diff --git a/squid-3.0.STABLE1-perlpath.patch b/squid-3.0.STABLE1-perlpath.patch index 052b8d7..0805fd0 100644 --- a/squid-3.0.STABLE1-perlpath.patch +++ b/squid-3.0.STABLE1-perlpath.patch @@ -1,10 +1,10 @@ diff --git a/contrib/url-normalizer.pl b/contrib/url-normalizer.pl -index 90ac6a4..8dbed90 100755 +index 4cb0480..4b89910 100755 --- a/contrib/url-normalizer.pl +++ b/contrib/url-normalizer.pl @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl -Tw +#!/usr/bin/perl -Tw # - # * Copyright (C) 1996-2018 The Squid Software Foundation and contributors + # * Copyright (C) 1996-2019 The Squid Software Foundation and contributors # * diff --git a/squid.spec b/squid.spec index 82c1f62..0d18221 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 4.4 -Release: 3%{?dist} +Version: 4.6 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -143,7 +143,8 @@ LDFLAGS="$RPM_LD_FLAGS -pie -Wl,-z,relro -Wl,-z,now -Wl,--warn-shared-textrel" --with-pthreads \ --disable-arch-native \ --with-pic \ - --disable-security-cert-validators + --disable-security-cert-validators \ + --disable-strict-error-checking make \ DEFAULT_SWAP_DIR=%{_localstatedir}/spool/squid \ @@ -289,6 +290,10 @@ fi %changelog +* Wed Apr 24 2019 Lubos Uhliarik - 7:4.6-1 +- new version 4.6 +- disabled strict checking due to gcc warnings + * Sun Feb 03 2019 Fedora Release Engineering - 7:4.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild From 22cf01808027242b7e8beee3f1c8d4d64a25af2a Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Mon, 29 Apr 2019 10:07:21 +0000 Subject: [PATCH 029/124] Resolves: #1599074 - squid: 3 coredumps every day --- squid-4.6-swapout-failure.patch | 194 ++++++++++++++++++++++++++++++++ squid.spec | 7 +- 2 files changed, 200 insertions(+), 1 deletion(-) create mode 100644 squid-4.6-swapout-failure.patch diff --git a/squid-4.6-swapout-failure.patch b/squid-4.6-swapout-failure.patch new file mode 100644 index 0000000..03abe53 --- /dev/null +++ b/squid-4.6-swapout-failure.patch @@ -0,0 +1,194 @@ +diff --git a/src/Store.h b/src/Store.h +index 552695d..84b384a 100644 +--- a/src/Store.h ++++ b/src/Store.h +@@ -119,6 +119,8 @@ public: + bool swappingOut() const { return swap_status == SWAPOUT_WRITING; } + /// whether the entire entry is now on disk (possibly marked for deletion) + bool swappedOut() const { return swap_status == SWAPOUT_DONE; } ++ /// whether we failed to write this entry to disk ++ bool swapoutFailed() const { return swap_status == SWAPOUT_FAILED; } + void swapOutFileClose(int how); + const char *url() const; + /// Satisfies cachability requirements shared among disk and RAM caches. +diff --git a/src/enums.h b/src/enums.h +index 6931def..daf626d 100644 +--- a/src/enums.h ++++ b/src/enums.h +@@ -57,7 +57,11 @@ typedef enum { + SWAPOUT_WRITING, + /// StoreEntry is associated with a complete (i.e., fully swapped out) disk store entry. + /// Guarantees the disk store entry existence. +- SWAPOUT_DONE ++ SWAPOUT_DONE, ++ /// StoreEntry is associated with an unusable disk store entry. ++ /// Swapout attempt has failed. The entry should be marked for eventual deletion. ++ /// Guarantees the disk store entry existence. ++ SWAPOUT_FAILED + } swap_status_t; + + typedef enum { +diff --git a/src/fs/ufs/UFSSwapDir.cc b/src/fs/ufs/UFSSwapDir.cc +index 3efefe1..9651252 100644 +--- a/src/fs/ufs/UFSSwapDir.cc ++++ b/src/fs/ufs/UFSSwapDir.cc +@@ -1181,6 +1181,8 @@ Fs::Ufs::UFSSwapDir::evictCached(StoreEntry & e) + if (!e.hasDisk()) + return; // see evictIfFound() + ++ // Since these fields grow only after swap out ends successfully, ++ // do not decrement them for e.swappingOut() and e.swapoutFailed(). + if (e.swappedOut()) { + cur_size -= fs.blksize * sizeInBlocks(e.swap_file_sz); + --n_disk_objects; +@@ -1270,7 +1272,7 @@ void + Fs::Ufs::UFSSwapDir::finalizeSwapoutFailure(StoreEntry &entry) + { + debugs(47, 5, entry); +- // rely on the expected subsequent StoreEntry::release(), evictCached(), or ++ // rely on the expected eventual StoreEntry::release(), evictCached(), or + // a similar call to call unlink(), detachFromDisk(), etc. for the entry. + } + +diff --git a/src/store.cc b/src/store.cc +index 0a4748c..699dbf8 100644 +--- a/src/store.cc ++++ b/src/store.cc +@@ -83,7 +83,8 @@ const char *storeStatusStr[] = { + const char *swapStatusStr[] = { + "SWAPOUT_NONE", + "SWAPOUT_WRITING", +- "SWAPOUT_DONE" ++ "SWAPOUT_DONE", ++ "SWAPOUT_FAILED" + }; + + /* +@@ -257,6 +258,8 @@ StoreEntry::setNoDelay(bool const newValue) + // XXX: Type names mislead. STORE_DISK_CLIENT actually means that we should + // open swapin file, aggressively trim memory, and ignore read-ahead gap. + // It does not mean we will read from disk exclusively (or at all!). ++// STORE_MEM_CLIENT covers all other cases, including in-memory entries, ++// newly created entries, and entries not backed by disk or memory cache. + // XXX: May create STORE_DISK_CLIENT with no disk caching configured. + // XXX: Collapsed clients cannot predict their type. + store_client_t +@@ -279,6 +282,9 @@ StoreEntry::storeClientType() const + return STORE_MEM_CLIENT; + } + ++ if (swapoutFailed()) ++ return STORE_MEM_CLIENT; ++ + if (store_status == STORE_OK) { + /* the object has completed. */ + +@@ -2044,13 +2050,23 @@ StoreEntry::detachFromDisk() + void + StoreEntry::checkDisk() const + { +- const bool ok = (swap_dirn < 0) == (swap_filen < 0) && +- (swap_dirn < 0) == (swap_status == SWAPOUT_NONE) && +- (swap_dirn < 0 || swap_dirn < Config.cacheSwap.n_configured); +- +- if (!ok) { +- debugs(88, DBG_IMPORTANT, "ERROR: inconsistent disk entry state " << *this); +- throw std::runtime_error("inconsistent disk entry state "); ++ try { ++ if (swap_dirn < 0) { ++ Must(swap_filen < 0); ++ Must(swap_status == SWAPOUT_NONE); ++ } else { ++ Must(swap_filen >= 0); ++ Must(swap_dirn < Config.cacheSwap.n_configured); ++ if (swapoutFailed()) { ++ Must(EBIT_TEST(flags, RELEASE_REQUEST)); ++ } else { ++ Must(swappingOut() || swappedOut()); ++ } ++ } ++ } catch (...) { ++ debugs(88, DBG_IMPORTANT, "ERROR: inconsistent disk entry state " << ++ *this << "; problem: " << CurrentException); ++ throw; + } + } + +diff --git a/src/store_client.cc b/src/store_client.cc +index c372b63..49f9d32 100644 +--- a/src/store_client.cc ++++ b/src/store_client.cc +@@ -162,7 +162,7 @@ store_client::store_client(StoreEntry *e) : + if (getType() == STORE_DISK_CLIENT) { + /* assert we'll be able to get the data we want */ + /* maybe we should open swapin_sio here */ +- assert(entry->hasDisk() || entry->swappingOut()); ++ assert(entry->hasDisk() && !entry->swapoutFailed()); + } + } + +@@ -662,7 +662,8 @@ storeUnregister(store_client * sc, StoreEntry * e, void *data) + dlinkDelete(&sc->node, &mem->clients); + -- mem->nclients; + +- if (e->store_status == STORE_OK && !e->swappedOut()) ++ const auto swapoutFinished = e->swappedOut() || e->swapoutFailed(); ++ if (e->store_status == STORE_OK && !swapoutFinished) + e->swapOut(); + + if (sc->swapin_sio != NULL) { +diff --git a/src/store_swapin.cc b/src/store_swapin.cc +index 4f3d7f6..0cff0d0 100644 +--- a/src/store_swapin.cc ++++ b/src/store_swapin.cc +@@ -38,6 +38,11 @@ storeSwapInStart(store_client * sc) + return; + } + ++ if (e->swapoutFailed()) { ++ debugs(20, DBG_IMPORTANT, "BUG: Attempt to swap in a failed-to-store entry " << *e << ". Salvaged."); ++ return; ++ } ++ + assert(e->mem_obj != NULL); + sc->swapin_sio = storeOpen(e, storeSwapInFileNotify, storeSwapInFileClosed, sc); + } +diff --git a/src/store_swapout.cc b/src/store_swapout.cc +index ad71993..5761198 100644 +--- a/src/store_swapout.cc ++++ b/src/store_swapout.cc +@@ -88,19 +88,9 @@ storeSwapOutStart(StoreEntry * e) + + /// XXX: unused, see a related StoreIOState::file_callback + static void +-storeSwapOutFileNotify(void *data, int errflag, StoreIOState::Pointer self) ++storeSwapOutFileNotify(void *, int, StoreIOState::Pointer) + { +- StoreEntry *e; +- static_cast(data)->unwrap(&e); +- +- MemObject *mem = e->mem_obj; +- assert(e->swappingOut()); +- assert(mem); +- assert(mem->swapout.sio == self); +- assert(errflag == 0); +- assert(!e->hasDisk()); // if this fails, call SwapDir::disconnect(e) +- e->swap_filen = mem->swapout.sio->swap_filen; +- e->swap_dirn = mem->swapout.sio->swap_dirn; ++ assert(false); + } + + static bool +@@ -304,8 +294,11 @@ storeSwapOutFileClosed(void *data, int errflag, StoreIOState::Pointer self) + storeConfigure(); + } + ++ // mark the locked entry for deletion ++ // TODO: Keep the memory entry (if any) ++ e->releaseRequest(); ++ e->swap_status = SWAPOUT_FAILED; + e->disk().finalizeSwapoutFailure(*e); +- e->releaseRequest(); // TODO: Keep the memory entry (if any) + } else { + /* swapping complete */ + debugs(20, 3, "storeSwapOutFileClosed: SwapOut complete: '" << e->url() << "' to " << diff --git a/squid.spec b/squid.spec index 0d18221..793a28b 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.6 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -32,6 +32,7 @@ Patch202: squid-3.1.0.9-location.patch Patch203: squid-3.0.STABLE1-perlpath.patch Patch204: squid-3.5.9-include-guards.patch Patch205: squid-4.0.21-large-acl.patch +Patch206: squid-4.6-swapout-failure.patch Requires: bash >= 2.0 Requires(pre): shadow-utils @@ -87,6 +88,7 @@ lookup program (dnsserver), a program for retrieving FTP data %patch203 -p1 -b .perlpath %patch204 -p0 -b .include-guards %patch205 -p1 -b .large_acl +%patch206 -p1 -b .swapout-failure %build # cppunit-config patch changes configure.ac @@ -290,6 +292,9 @@ fi %changelog +* Mon Apr 29 2019 Lubos Uhliarik - 7:4.6-2 +- Resolves: #1599074 - squid: 3 coredumps every day + * Wed Apr 24 2019 Lubos Uhliarik - 7:4.6-1 - new version 4.6 - disabled strict checking due to gcc warnings From 9ea8eeaf0bae8392edd980b90c82ce65a4814f51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Fri, 17 May 2019 14:58:26 +0200 Subject: [PATCH 030/124] Resolves: #1709299 - Use upstream squid.service --- squid.service | 3 ++- squid.spec | 22 +++++++++------------- squid.sysconfig | 4 ---- 3 files changed, 11 insertions(+), 18 deletions(-) diff --git a/squid.service b/squid.service index da1c0ea..f49d7db 100644 --- a/squid.service +++ b/squid.service @@ -1,6 +1,7 @@ [Unit] Description=Squid caching proxy -After=network.target nss-lookup.target +Documentation=man:squid(8) +After=network.target network-online.target nss-lookup.target [Service] Type=forking diff --git a/squid.spec b/squid.spec index 793a28b..0beaf88 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.6 -Release: 2%{?dist} +Release: 3%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -94,11 +94,6 @@ lookup program (dnsserver), a program for retrieving FTP data # cppunit-config patch changes configure.ac autoconf -# libtool fails somewhat on -fpie. PIC also works for -pie -CXXFLAGS="$RPM_OPT_FLAGS -fPIC" -CFLAGS="$RPM_OPT_FLAGS -fPIC" -LDFLAGS="$RPM_LD_FLAGS -pie -Wl,-z,relro -Wl,-z,now -Wl,--warn-shared-textrel" - # NIS helper has been removed because of the following bug # https://bugzilla.redhat.com/show_bug.cgi?id=1531540 %configure \ @@ -146,19 +141,17 @@ LDFLAGS="$RPM_LD_FLAGS -pie -Wl,-z,relro -Wl,-z,now -Wl,--warn-shared-textrel" --disable-arch-native \ --with-pic \ --disable-security-cert-validators \ - --disable-strict-error-checking + --disable-strict-error-checking \ + --with-swapdir=%{_localstatedir}/spool/squid -make \ - DEFAULT_SWAP_DIR=%{_localstatedir}/spool/squid \ - %{?_smp_mflags} +%make_build %check make check %install -make \ - DESTDIR=$RPM_BUILD_ROOT \ - install +%make_install + echo " # # This is %{_sysconfdir}/httpd/conf.d/squid.conf @@ -292,6 +285,9 @@ fi %changelog +* Fri May 17 2019 Luboš Uhliarik - 7:4.6-3 +- Resolves: #1709299 - Use upstream squid.service + * Mon Apr 29 2019 Lubos Uhliarik - 7:4.6-2 - Resolves: #1599074 - squid: 3 coredumps every day diff --git a/squid.sysconfig b/squid.sysconfig index 3864bd8..f01b6e3 100644 --- a/squid.sysconfig +++ b/squid.sysconfig @@ -1,9 +1,5 @@ # default squid options SQUID_OPTS="" -# Time to wait for Squid to shut down when asked. Should not be necessary -# most of the time. -SQUID_SHUTDOWN_TIMEOUT=100 - # default squid conf file SQUID_CONF="/etc/squid/squid.conf" From f109435113d7d0acc5dfbb5551d70f57543c1585 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Fri, 17 May 2019 15:27:54 +0200 Subject: [PATCH 031/124] new version 4.7 --- sources | 4 +- squid-4.6-swapout-failure.patch | 194 -------------------------------- squid.spec | 9 +- 3 files changed, 7 insertions(+), 200 deletions(-) delete mode 100644 squid-4.6-swapout-failure.patch diff --git a/sources b/sources index ed90053..19c650f 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (squid-4.6.tar.xz) = dbe2b02b83d53d67459e22a19e71cbf99b66d74a2ddc4bc69310f03a0a6092e5840766ad699fc43893516e97ef89799ef2147dd40f76b0bd688c1e271fd20d06 -SHA512 (squid-4.6.tar.xz.asc) = 2fa9d396857ed8d6e12f0eab63d1f896ebee8e24ca84715f8ed5229cacbb0ea7b2b227bf0623112e0ad76d557491f14733073d661e9d20370c1da84be3dcf10b +SHA512 (squid-4.7.tar.xz) = fa6b483c7563f5e9c40a4d8a3e306e90a5baaca408e98e1a5165767f6c22db2fc6c98ba6f8d60f2373f68da7bcd271ec2f924eb9ecb35c97711db57feaaf8585 +SHA512 (squid-4.7.tar.xz.asc) = a256ea157b47176246289047db5e2a39921e435943777c7b109571b266f5a2dcb118e57a14107ad08ad258d47f39ff8b32c21fbf3e65e08fe160b5a1d54ae719 diff --git a/squid-4.6-swapout-failure.patch b/squid-4.6-swapout-failure.patch deleted file mode 100644 index 03abe53..0000000 --- a/squid-4.6-swapout-failure.patch +++ /dev/null @@ -1,194 +0,0 @@ -diff --git a/src/Store.h b/src/Store.h -index 552695d..84b384a 100644 ---- a/src/Store.h -+++ b/src/Store.h -@@ -119,6 +119,8 @@ public: - bool swappingOut() const { return swap_status == SWAPOUT_WRITING; } - /// whether the entire entry is now on disk (possibly marked for deletion) - bool swappedOut() const { return swap_status == SWAPOUT_DONE; } -+ /// whether we failed to write this entry to disk -+ bool swapoutFailed() const { return swap_status == SWAPOUT_FAILED; } - void swapOutFileClose(int how); - const char *url() const; - /// Satisfies cachability requirements shared among disk and RAM caches. -diff --git a/src/enums.h b/src/enums.h -index 6931def..daf626d 100644 ---- a/src/enums.h -+++ b/src/enums.h -@@ -57,7 +57,11 @@ typedef enum { - SWAPOUT_WRITING, - /// StoreEntry is associated with a complete (i.e., fully swapped out) disk store entry. - /// Guarantees the disk store entry existence. -- SWAPOUT_DONE -+ SWAPOUT_DONE, -+ /// StoreEntry is associated with an unusable disk store entry. -+ /// Swapout attempt has failed. The entry should be marked for eventual deletion. -+ /// Guarantees the disk store entry existence. -+ SWAPOUT_FAILED - } swap_status_t; - - typedef enum { -diff --git a/src/fs/ufs/UFSSwapDir.cc b/src/fs/ufs/UFSSwapDir.cc -index 3efefe1..9651252 100644 ---- a/src/fs/ufs/UFSSwapDir.cc -+++ b/src/fs/ufs/UFSSwapDir.cc -@@ -1181,6 +1181,8 @@ Fs::Ufs::UFSSwapDir::evictCached(StoreEntry & e) - if (!e.hasDisk()) - return; // see evictIfFound() - -+ // Since these fields grow only after swap out ends successfully, -+ // do not decrement them for e.swappingOut() and e.swapoutFailed(). - if (e.swappedOut()) { - cur_size -= fs.blksize * sizeInBlocks(e.swap_file_sz); - --n_disk_objects; -@@ -1270,7 +1272,7 @@ void - Fs::Ufs::UFSSwapDir::finalizeSwapoutFailure(StoreEntry &entry) - { - debugs(47, 5, entry); -- // rely on the expected subsequent StoreEntry::release(), evictCached(), or -+ // rely on the expected eventual StoreEntry::release(), evictCached(), or - // a similar call to call unlink(), detachFromDisk(), etc. for the entry. - } - -diff --git a/src/store.cc b/src/store.cc -index 0a4748c..699dbf8 100644 ---- a/src/store.cc -+++ b/src/store.cc -@@ -83,7 +83,8 @@ const char *storeStatusStr[] = { - const char *swapStatusStr[] = { - "SWAPOUT_NONE", - "SWAPOUT_WRITING", -- "SWAPOUT_DONE" -+ "SWAPOUT_DONE", -+ "SWAPOUT_FAILED" - }; - - /* -@@ -257,6 +258,8 @@ StoreEntry::setNoDelay(bool const newValue) - // XXX: Type names mislead. STORE_DISK_CLIENT actually means that we should - // open swapin file, aggressively trim memory, and ignore read-ahead gap. - // It does not mean we will read from disk exclusively (or at all!). -+// STORE_MEM_CLIENT covers all other cases, including in-memory entries, -+// newly created entries, and entries not backed by disk or memory cache. - // XXX: May create STORE_DISK_CLIENT with no disk caching configured. - // XXX: Collapsed clients cannot predict their type. - store_client_t -@@ -279,6 +282,9 @@ StoreEntry::storeClientType() const - return STORE_MEM_CLIENT; - } - -+ if (swapoutFailed()) -+ return STORE_MEM_CLIENT; -+ - if (store_status == STORE_OK) { - /* the object has completed. */ - -@@ -2044,13 +2050,23 @@ StoreEntry::detachFromDisk() - void - StoreEntry::checkDisk() const - { -- const bool ok = (swap_dirn < 0) == (swap_filen < 0) && -- (swap_dirn < 0) == (swap_status == SWAPOUT_NONE) && -- (swap_dirn < 0 || swap_dirn < Config.cacheSwap.n_configured); -- -- if (!ok) { -- debugs(88, DBG_IMPORTANT, "ERROR: inconsistent disk entry state " << *this); -- throw std::runtime_error("inconsistent disk entry state "); -+ try { -+ if (swap_dirn < 0) { -+ Must(swap_filen < 0); -+ Must(swap_status == SWAPOUT_NONE); -+ } else { -+ Must(swap_filen >= 0); -+ Must(swap_dirn < Config.cacheSwap.n_configured); -+ if (swapoutFailed()) { -+ Must(EBIT_TEST(flags, RELEASE_REQUEST)); -+ } else { -+ Must(swappingOut() || swappedOut()); -+ } -+ } -+ } catch (...) { -+ debugs(88, DBG_IMPORTANT, "ERROR: inconsistent disk entry state " << -+ *this << "; problem: " << CurrentException); -+ throw; - } - } - -diff --git a/src/store_client.cc b/src/store_client.cc -index c372b63..49f9d32 100644 ---- a/src/store_client.cc -+++ b/src/store_client.cc -@@ -162,7 +162,7 @@ store_client::store_client(StoreEntry *e) : - if (getType() == STORE_DISK_CLIENT) { - /* assert we'll be able to get the data we want */ - /* maybe we should open swapin_sio here */ -- assert(entry->hasDisk() || entry->swappingOut()); -+ assert(entry->hasDisk() && !entry->swapoutFailed()); - } - } - -@@ -662,7 +662,8 @@ storeUnregister(store_client * sc, StoreEntry * e, void *data) - dlinkDelete(&sc->node, &mem->clients); - -- mem->nclients; - -- if (e->store_status == STORE_OK && !e->swappedOut()) -+ const auto swapoutFinished = e->swappedOut() || e->swapoutFailed(); -+ if (e->store_status == STORE_OK && !swapoutFinished) - e->swapOut(); - - if (sc->swapin_sio != NULL) { -diff --git a/src/store_swapin.cc b/src/store_swapin.cc -index 4f3d7f6..0cff0d0 100644 ---- a/src/store_swapin.cc -+++ b/src/store_swapin.cc -@@ -38,6 +38,11 @@ storeSwapInStart(store_client * sc) - return; - } - -+ if (e->swapoutFailed()) { -+ debugs(20, DBG_IMPORTANT, "BUG: Attempt to swap in a failed-to-store entry " << *e << ". Salvaged."); -+ return; -+ } -+ - assert(e->mem_obj != NULL); - sc->swapin_sio = storeOpen(e, storeSwapInFileNotify, storeSwapInFileClosed, sc); - } -diff --git a/src/store_swapout.cc b/src/store_swapout.cc -index ad71993..5761198 100644 ---- a/src/store_swapout.cc -+++ b/src/store_swapout.cc -@@ -88,19 +88,9 @@ storeSwapOutStart(StoreEntry * e) - - /// XXX: unused, see a related StoreIOState::file_callback - static void --storeSwapOutFileNotify(void *data, int errflag, StoreIOState::Pointer self) -+storeSwapOutFileNotify(void *, int, StoreIOState::Pointer) - { -- StoreEntry *e; -- static_cast(data)->unwrap(&e); -- -- MemObject *mem = e->mem_obj; -- assert(e->swappingOut()); -- assert(mem); -- assert(mem->swapout.sio == self); -- assert(errflag == 0); -- assert(!e->hasDisk()); // if this fails, call SwapDir::disconnect(e) -- e->swap_filen = mem->swapout.sio->swap_filen; -- e->swap_dirn = mem->swapout.sio->swap_dirn; -+ assert(false); - } - - static bool -@@ -304,8 +294,11 @@ storeSwapOutFileClosed(void *data, int errflag, StoreIOState::Pointer self) - storeConfigure(); - } - -+ // mark the locked entry for deletion -+ // TODO: Keep the memory entry (if any) -+ e->releaseRequest(); -+ e->swap_status = SWAPOUT_FAILED; - e->disk().finalizeSwapoutFailure(*e); -- e->releaseRequest(); // TODO: Keep the memory entry (if any) - } else { - /* swapping complete */ - debugs(20, 3, "storeSwapOutFileClosed: SwapOut complete: '" << e->url() << "' to " << diff --git a/squid.spec b/squid.spec index 0beaf88..c375291 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 4.6 -Release: 3%{?dist} +Version: 4.7 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -32,7 +32,6 @@ Patch202: squid-3.1.0.9-location.patch Patch203: squid-3.0.STABLE1-perlpath.patch Patch204: squid-3.5.9-include-guards.patch Patch205: squid-4.0.21-large-acl.patch -Patch206: squid-4.6-swapout-failure.patch Requires: bash >= 2.0 Requires(pre): shadow-utils @@ -88,7 +87,6 @@ lookup program (dnsserver), a program for retrieving FTP data %patch203 -p1 -b .perlpath %patch204 -p0 -b .include-guards %patch205 -p1 -b .large_acl -%patch206 -p1 -b .swapout-failure %build # cppunit-config patch changes configure.ac @@ -285,6 +283,9 @@ fi %changelog +* Fri May 17 2019 Luboš Uhliarik - 7:4.7-1 +- new version 4.7 + * Fri May 17 2019 Luboš Uhliarik - 7:4.6-3 - Resolves: #1709299 - Use upstream squid.service From e795ebc437680fdd234566c2a62df6fb5837be52 Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Tue, 21 May 2019 17:08:18 +0200 Subject: [PATCH 032/124] Related: #1709299 - Use upstream squid.service --- cache_swap.sh | 7 ++++++- squid.service | 6 +++--- squid.spec | 6 ++++-- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/cache_swap.sh b/cache_swap.sh index 5e94072..e464aa9 100644 --- a/cache_swap.sh +++ b/cache_swap.sh @@ -8,9 +8,14 @@ SQUID_CONF=${SQUID_CONF:-"/etc/squid/squid.conf"} CACHE_SWAP=`sed -e 's/#.*//g' $SQUID_CONF | \ grep cache_dir | awk '{ print $3 }'` +init_cache_dirs=0 for adir in $CACHE_SWAP; do if [ ! -d $adir/00 ]; then echo -n "init_cache_dir $adir... " - squid -N -z -F -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1 + init_cache_dirs=1 fi done + +if [ $init_cache_dirs -ne 0 ]; then + squid --foreground -z -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1 +fi diff --git a/squid.service b/squid.service index f49d7db..5322847 100644 --- a/squid.service +++ b/squid.service @@ -6,12 +6,12 @@ After=network.target network-online.target nss-lookup.target [Service] Type=forking LimitNOFILE=16384 +PIDFile=/var/run/squid.pid EnvironmentFile=/etc/sysconfig/squid ExecStartPre=/usr/libexec/squid/cache_swap.sh ExecStart=/usr/sbin/squid $SQUID_OPTS -f $SQUID_CONF -ExecReload=/usr/sbin/squid $SQUID_OPTS -k reconfigure -f $SQUID_CONF -ExecStop=/usr/sbin/squid -k shutdown -f $SQUID_CONF -TimeoutSec=0 +ExecReload=/bin/kill -HUP $MAINPID +KillMode=mixed [Install] WantedBy=multi-user.target diff --git a/squid.spec b/squid.spec index c375291..4b0cca5 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.7 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -137,7 +137,6 @@ autoconf --with-openssl \ --with-pthreads \ --disable-arch-native \ - --with-pic \ --disable-security-cert-validators \ --disable-strict-error-checking \ --with-swapdir=%{_localstatedir}/spool/squid @@ -283,6 +282,9 @@ fi %changelog +* Tue May 21 2019 Lubos Uhliarik - 7:4.7-2 +- Related: #1709299 - Use upstream squid.service + * Fri May 17 2019 Luboš Uhliarik - 7:4.7-1 - new version 4.7 From 54aaa04d4905f3565e85018cab0a3540d7c1d0da Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Wed, 22 May 2019 17:26:03 +0200 Subject: [PATCH 033/124] Related: #1709299 - Use upstream squid.service --- cache_swap.sh | 1 + squid.spec | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/cache_swap.sh b/cache_swap.sh index e464aa9..24844e8 100644 --- a/cache_swap.sh +++ b/cache_swap.sh @@ -17,5 +17,6 @@ for adir in $CACHE_SWAP; do done if [ $init_cache_dirs -ne 0 ]; then + echo "" squid --foreground -z -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1 fi diff --git a/squid.spec b/squid.spec index 4b0cca5..44ab605 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.7 -Release: 2%{?dist} +Release: 3%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -282,7 +282,7 @@ fi %changelog -* Tue May 21 2019 Lubos Uhliarik - 7:4.7-2 +* Wed May 22 2019 Lubos Uhliarik - 7:4.7-3 - Related: #1709299 - Use upstream squid.service * Fri May 17 2019 Luboš Uhliarik - 7:4.7-1 From c5efa8f9fdad558f14d47ca728826806accaee46 Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Mon, 27 May 2019 13:34:32 +0200 Subject: [PATCH 034/124] Related: #1709299 - Use upstream squid.service - fixed wrong paths to run dir + kill binary --- squid.service | 4 ++-- squid.spec | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/squid.service b/squid.service index 5322847..724f35c 100644 --- a/squid.service +++ b/squid.service @@ -6,11 +6,11 @@ After=network.target network-online.target nss-lookup.target [Service] Type=forking LimitNOFILE=16384 -PIDFile=/var/run/squid.pid +PIDFile=/run/squid.pid EnvironmentFile=/etc/sysconfig/squid ExecStartPre=/usr/libexec/squid/cache_swap.sh ExecStart=/usr/sbin/squid $SQUID_OPTS -f $SQUID_CONF -ExecReload=/bin/kill -HUP $MAINPID +ExecReload=/usr/bin/kill -HUP $MAINPID KillMode=mixed [Install] diff --git a/squid.spec b/squid.spec index 44ab605..f8cc758 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.7 -Release: 3%{?dist} +Release: 4%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -282,7 +282,7 @@ fi %changelog -* Wed May 22 2019 Lubos Uhliarik - 7:4.7-3 +* Wed May 22 2019 Lubos Uhliarik - 7:4.7-4 - Related: #1709299 - Use upstream squid.service * Fri May 17 2019 Luboš Uhliarik - 7:4.7-1 From 6b1c743e9fe37e53fc237e71421655cb72f0a37d Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Wed, 5 Jun 2019 14:55:18 +0200 Subject: [PATCH 035/124] Remove redundant config options. --- squid.spec | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/squid.spec b/squid.spec index f8cc758..e5ac057 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.7 -Release: 4%{?dist} +Release: 5%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -95,9 +95,7 @@ autoconf # NIS helper has been removed because of the following bug # https://bugzilla.redhat.com/show_bug.cgi?id=1531540 %configure \ - --exec_prefix=%{_prefix} \ --libexecdir=%{_libdir}/squid \ - --localstatedir=%{_localstatedir} \ --datadir=%{_datadir}/squid \ --sysconfdir=%{_sysconfdir}/squid \ --with-logdir='%{_localstatedir}/log/squid' \ @@ -282,7 +280,7 @@ fi %changelog -* Wed May 22 2019 Lubos Uhliarik - 7:4.7-4 +* Wed May 22 2019 Lubos Uhliarik - 7:4.7-5 - Related: #1709299 - Use upstream squid.service * Fri May 17 2019 Luboš Uhliarik - 7:4.7-1 From f208681ff9bb0f45fcc7b87518de39b457c23f0d Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Tue, 2 Jul 2019 14:36:26 +0200 Subject: [PATCH 036/124] fix filepath to squid.conf.documented in squid's manpage fix path to systemctl in nm script --- squid.nm | 2 +- squid.spec | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/squid.nm b/squid.nm index 5e40f76..1f317da 100755 --- a/squid.nm +++ b/squid.nm @@ -2,6 +2,6 @@ case "$2" in up|down|vpn-up|vpn-down) - /bin/systemctl -q reload squid.service || : + /usr/bin/systemctl -q reload squid.service || : ;; esac diff --git a/squid.spec b/squid.spec index e5ac057..ae103e9 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.7 -Release: 5%{?dist} +Release: 6%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -88,6 +88,10 @@ lookup program (dnsserver), a program for retrieving FTP data %patch204 -p0 -b .include-guards %patch205 -p1 -b .large_acl +# https://bugzilla.redhat.com/show_bug.cgi?id=1679526 +# Patch in the vendor documentation and used different location for documentation +sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented|' src/squid.8.in + %build # cppunit-config patch changes configure.ac autoconf @@ -280,6 +284,10 @@ fi %changelog +* Tue Jul 02 2019 Lubos Uhliarik - 7:4.7-6 +- fix filepath to squid.conf.documented in squid's manpage +- fix path to systemctl in nm script + * Wed May 22 2019 Lubos Uhliarik - 7:4.7-5 - Related: #1709299 - Use upstream squid.service From d8ef9250ca7650f4ce77f1ed8e67eb6fc0459c6a Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Wed, 10 Jul 2019 10:39:16 +0200 Subject: [PATCH 037/124] new version 4.8 Resolves: #1727745 - squid: CVe-2019-13345 squid: XSS via user_name or auth parameter in cachemgr.cgi --- sources | 4 ++-- squid.spec | 9 +++++++-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/sources b/sources index 19c650f..1a8ede5 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (squid-4.7.tar.xz) = fa6b483c7563f5e9c40a4d8a3e306e90a5baaca408e98e1a5165767f6c22db2fc6c98ba6f8d60f2373f68da7bcd271ec2f924eb9ecb35c97711db57feaaf8585 -SHA512 (squid-4.7.tar.xz.asc) = a256ea157b47176246289047db5e2a39921e435943777c7b109571b266f5a2dcb118e57a14107ad08ad258d47f39ff8b32c21fbf3e65e08fe160b5a1d54ae719 +SHA512 (squid-4.8.tar.xz) = 2223f299950ded074faca6e3d09c15bc26e8644c3019b36a612f5d424e25b02a528c4b3c8a9463864f71edc29f17c5662f16ffda18c76317405cb97657e5e823 +SHA512 (squid-4.8.tar.xz.asc) = ddc9b5cf414691ad7794f2fe9871a3e3f06078030e1a8cf54bcc05896ce4dd62da7a5612f143a445521228772406c8c80f2ea4e61271a0507bf02e67fd3cf368 diff --git a/squid.spec b/squid.spec index ae103e9..b18e3c0 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 4.7 -Release: 6%{?dist} +Version: 4.8 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -284,6 +284,11 @@ fi %changelog +* Wed Jul 10 2019 Lubos Uhliarik - 7:4.8-1 +- new version 4.8 +- Resolves: #1727745 - squid: CVe-2019-13345 squid: XSS via user_name or auth + parameter in cachemgr.cgi + * Tue Jul 02 2019 Lubos Uhliarik - 7:4.7-6 - fix filepath to squid.conf.documented in squid's manpage - fix path to systemctl in nm script From a3924d326b4905a0089ffa054905d66097781cb0 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 27 Jul 2019 00:03:48 +0000 Subject: [PATCH 038/124] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- squid.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index b18e3c0..6e9378b 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.8 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -284,6 +284,9 @@ fi %changelog +* Sat Jul 27 2019 Fedora Release Engineering - 7:4.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + * Wed Jul 10 2019 Lubos Uhliarik - 7:4.8-1 - new version 4.8 - Resolves: #1727745 - squid: CVe-2019-13345 squid: XSS via user_name or auth From 4f7d5c0f1ed1e1db8d7a2ce830aca8c32ae972ab Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Mon, 5 Aug 2019 14:03:37 +0200 Subject: [PATCH 039/124] Resolves: #1737030 - depend on httpd-filesystem --- squid.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index 6e9378b..edb3c82 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.8 -Release: 2%{?dist} +Release: 3%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -34,6 +34,8 @@ Patch204: squid-3.5.9-include-guards.patch Patch205: squid-4.0.21-large-acl.patch Requires: bash >= 2.0 +# for httpd conf file - cachemgr script alias +Requires: httpd-filesystem Requires(pre): shadow-utils Requires(post): systemd Requires(preun): systemd @@ -284,6 +286,9 @@ fi %changelog +* Mon Aug 05 2019 Lubos Uhliarik - 7:4.8-3 +- Resolves: #1737030 - depend on httpd-filesystem + * Sat Jul 27 2019 Fedora Release Engineering - 7:4.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild From 0b6b88f2d67d7958b8a5aa0ae48b6b5381518ba8 Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Thu, 22 Aug 2019 17:48:38 +0200 Subject: [PATCH 040/124] Move the NetworkManager dispatcher script out of /etc It's not user configuration and shouldn't ever have been there. Except for that it used to be the only location NetworkManager looked into. With NetworkManager 1.20 that is no longer the case and the dispatcher scripts can be moved to /usr/lib. --- squid.spec | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/squid.spec b/squid.spec index edb3c82..c51e782 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.8 -Release: 3%{?dist} +Release: 4%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -64,6 +64,9 @@ BuildRequires: perl-generators BuildRequires: pkgconfig(cppunit) BuildRequires: autoconf +# Old NetworkManager expects the dispatcher scripts in a different place +Conflicts: NetworkManager < 1.20 + %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional @@ -172,7 +175,7 @@ mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pam.d mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/ -mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d +mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/NetworkManager/dispatcher.d mkdir -p $RPM_BUILD_ROOT%{_unitdir} mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/squid install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/squid @@ -181,7 +184,7 @@ install -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/squid install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_unitdir} install -m 755 %{SOURCE7} $RPM_BUILD_ROOT%{_libexecdir}/squid install -m 644 $RPM_BUILD_ROOT/squid.httpd.tmp $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/squid.conf -install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d/20-squid +install -m 755 %{SOURCE5} $RPM_BUILD_ROOT%{_prefix}/lib/NetworkManager/dispatcher.d/20-squid mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/squid mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/spool/squid mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/squid @@ -238,7 +241,7 @@ rm -f $RPM_BUILD_ROOT/squid.httpd.tmp %dir %{_datadir}/squid %attr(-,root,root) %{_datadir}/squid/errors -%attr(755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/20-squid +%{_prefix}/lib/NetworkManager %{_datadir}/squid/icons %{_sbindir}/squid %{_bindir}/squidclient @@ -286,6 +289,9 @@ fi %changelog +* Thu Aug 22 2019 Lubomir Rintel - 7:4.8-4 +- Move the NetworkManager dispatcher script out of /etc + * Mon Aug 05 2019 Lubos Uhliarik - 7:4.8-3 - Resolves: #1737030 - depend on httpd-filesystem From fe7ff71e5654ce4a0b089d7826f54a77380c97cb Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Tue, 8 Oct 2019 13:40:20 +0200 Subject: [PATCH 041/124] Resolves: #1716950 - Drop "sleep 1" from logrotate fragment --- squid.logrotate | 3 +-- squid.spec | 5 ++++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/squid.logrotate b/squid.logrotate index 4a0406f..c88da04 100644 --- a/squid.logrotate +++ b/squid.logrotate @@ -2,6 +2,7 @@ weekly rotate 5 compress + delaycompress notifempty missingok nocreate @@ -10,7 +11,5 @@ # Asks squid to reopen its logs. (logfile_rotate 0 is set in squid.conf) # errors redirected to make it silent if squid is not running /usr/sbin/squid -k rotate 2>/dev/null - # Wait a little to allow Squid to catch up before the logs is compressed - sleep 1 endscript } diff --git a/squid.spec b/squid.spec index c51e782..b289ed4 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.8 -Release: 4%{?dist} +Release: 5%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -289,6 +289,9 @@ fi %changelog +* Tue Oct 08 2019 Lubos Uhliarik - 7:4.8-5 +- Resolves: #1716950 - Drop "sleep 1" from logrotate fragment + * Thu Aug 22 2019 Lubomir Rintel - 7:4.8-4 - Move the NetworkManager dispatcher script out of /etc From 5caa9c3f2f1253f95bc2f71cb3bf7d2283e75947 Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Tue, 8 Oct 2019 15:15:50 +0200 Subject: [PATCH 042/124] Resolves: #1741342 - Do not call autoconf at build time --- squid.spec | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/squid.spec b/squid.spec index b289ed4..8fbacc7 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.8 -Release: 5%{?dist} +Release: 6%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -62,7 +62,6 @@ BuildRequires: libtool libtool-ltdl-devel BuildRequires: perl-generators # For test suite BuildRequires: pkgconfig(cppunit) -BuildRequires: autoconf # Old NetworkManager expects the dispatcher scripts in a different place Conflicts: NetworkManager < 1.20 @@ -98,8 +97,6 @@ lookup program (dnsserver), a program for retrieving FTP data sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented|' src/squid.8.in %build -# cppunit-config patch changes configure.ac -autoconf # NIS helper has been removed because of the following bug # https://bugzilla.redhat.com/show_bug.cgi?id=1531540 @@ -289,6 +286,9 @@ fi %changelog +* Tue Oct 08 2019 Lubos Uhliarik - 7:4.8-6 +- Resolves: #1741342 - Do not call autoconf at build time + * Tue Oct 08 2019 Lubos Uhliarik - 7:4.8-5 - Resolves: #1716950 - Drop "sleep 1" from logrotate fragment From 64746cd6c60606104f8a4744960030c5bc61b63d Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Mon, 11 Nov 2019 15:46:54 +0100 Subject: [PATCH 043/124] new version 4.9 verify src taball signature by default in prep section --- pgp.asc | Bin 0 -> 95203 bytes sources | 5 +++-- squid.spec | 37 +++++++++++++++++++++++-------------- 3 files changed, 26 insertions(+), 16 deletions(-) create mode 100644 pgp.asc diff --git a/pgp.asc b/pgp.asc new file mode 100644 index 0000000000000000000000000000000000000000..2f745739ac76e5e140365206287b1de8b3feeb0b GIT binary patch literal 95203 zcmd41bx_@1mWKPoU4vV2cXxLP?(Px@1b24}5+GPOxVr?m1PiXg3GSBQev5Qx!q;C< z&z-8dRrfEbQ>UI<`#o#zz1F*TDi{)^)C3R&1`BK~`tO#+)!KfVNTzf$XxF}~bgZ-A z!&9zk&{&>ML~x>vrjE$z&I;;U)RJ>@f%%dM-Y*4B`d4+Kbmk= zI<%a9ro*iyF3-E^6`OyI>RlR_mn|{C)Sbiz(7*t&I#Q80_D;mI<`x!?*5*#c{KjwW zorIko&CTu1of%E-8SOj;BfxkdUx0xFWZ?J^&M#Hgz(jv+l z@1{T?*$W?DTDN6dB&#sE+E+I>Ki0UX1tQ6Jp}L34uA?goHG);FDigfgLVLcchYaWu zdl4EByi6sk|DI@$;L>V^F`I0DrHTYa_V(k&pm7yiUA10YozX(5IdWAC?a*DylnPDh z4@XNpBvKAq>!hTT$$~E(4fGABg{`6iNJ|ODAKU_if;ThMA)`BmDpxlrENeh7(NXZb zXpWp;s)FkHcfGP0Ei~8@R3xgAj7TvG#5a7;Hb8fnvLje#BRhfy)mpeaSe^;f+Y-?; zXo8KkA&Xh(nv{nCyG93KJ-4q|^X=)X}A3S4HfJQExj?74z> zGBA&ZYe6Wk^_O2<`t%211>tS>j@!nMds7=9C!0hqU30okeM8@ld2cy0<7Qkkgv|S; z0BU5}U2Uk&AF=@a$dg-307uiaUh!V)Fi!S;aO@&kTTYiOSt%L{2&|FqzJ<(IUgIFT zV4K-mmvRmItzP=Jd*wNXLzoly+uDWv9k6+v^75|^0R}#++xl%vf=74*G>#~wTGMRZ zJ-D-K)--SSNv1YFLAr=3D3ZXMgPRrY2`fXi^6Q3l-R(wmLppHJZYqtE(2fbiHLG~T z)F1L?i(3R8jsv{pM#NV=TO}rNzRpCSQ%OjT-`bnFNs+sJ!U%h*<)@TwUv4k@6GcpN zqmKWt8A`3{;9_k?%*Mz}tYU6!ZtP@EENAXPL(K2=^f}w#a+mX${>1-%?*2V-&k0~2 z_?8f45{{LmUBmYKecRmIa258oj2GcY!-o@#ZZwo!-o!QK30)B;BmNHgN8u*?NpfE2OXs4e6<)ny0OA z&QQuvcdzMKxgbJIQ6t#+XX8D;1dL;GhX)(@Vc|oPbOy;;B31SW3yFxuv4DrY{!CM0 z+ZMHq-d}!cWYJ!yBV*tBgAbY;UH}!|@c_a~1~crK#GT7o!rZ>OiD(QMg+7T|$BCX| z=7#KSU=JpbF-(&DVb4rEa*SuB3{k4@pZeD{kmkM3wp=jaLEyCyEj zdj4<3cxqne)X~D)~U76??#4DdEpSs7kn-9H!7>78fnEC=$=EoZaFD z6f^drPr*r$b#BpZSOf)!Y}wZ^b25Zdf1_C(F7B1=lL}%_Geex{_CU^SO_$rH?nWKj zL>ey*>I@YQODupC6+2dM#Fbay6&Jw&5p(PN zgKFxQ4hR!plDApJAP7^q#Iqg9la-HV+O|&pRFqOE{Fyg?MZ96CJ}b<5TSs$zWp9 z$=+fR>QQN6Rd*q3jf|8@{`YP}-%s>)vzno=C@!gplT=m%>AytVsy1hvUK*RksjLbZ zq(D#7ur09Q5Vo$KkhFsdEkWqwzY|B zG;;r+&aCHI`@$3!nB>&YB8=$KBugyy!qMi{sjRnqPY9w`^WdvMb?T;!5KAJFCH2}< zDNsT@m&RcE@n9Yh=S_1u`_M|LK3SvF0D;* zPH9>BD1oe@B^2T2mgi6$B$y-^#`chAi|;6tzeoI!D=%i$KAg<1j^av>cX{;R298AIcRx_iVQFBeBWY^vJJW zQzcJxH67MJwR44{nuw8##aQK!)jUe|P%ImAjC?*;f|@jUuIl}?QQi9;(HY*}6K zo83yMI!_OS?ponsL){ANi8(v1R-HA^G%PloCzn239#KV6$r@x$&SlG>SsgzE^w?ZW z>~)EqJKATF26ea1W!-(%+TSoI9-9x=+o(V89 z??RA~^l^C!KADLorUw0v37ZGH zm4y&wtvxA)Qta$PL=yQ0V%(5E`mA0{Ey&lFqcsm9$f{Zq?A6)!4BV$vA!eahJ2QfL z(T(FoL3bg`Hu4eJc#r`Hq3H10CWnyT4*3x2_%u$C_Y*VZv(-0>kf<9yGWV_RCVrmS zhwqw>;6!j`p;NdLkMswNg-Q2{YQY)6v0L`X6Ya_}Tz1mjabf*lskztqi~aL*02Y7awF$xEo&rF_QqfZ35I3x}jIDqnN zvugv#2Z#FA;egTn8DTp0i6L>pzyaugeCKJygNZaP89O7&RW*cp^nrm$WE$>^xWYH- zfx<+3?P0V`44W|tQo9S-JlE)~o>SIw;IyM<&kOBC(uz^02+L+2K(}KKr1199(j(2; z6h~rqJ$5F|*wnPYv)>@2>*JMV zKaNh#{G`{2-RplN2j_lUJ+IwoKo?z~Gv0tdUVlB{`>h3hPz19%Mvs+L_*%o%(!WLUf z4fKn#s^0X=L;2{oe2T=Kjq~)*(XK8_CgBUar0bpND`H0pGRjE>m!2AAS>68RekOqU zrHcs0<&~-rOuJIpy8^0m*Vr&vq$nCJ&t%&CAKT{RYSOG~ZMYaq$e^T(xOp(Gpx2U) zoAU43hZlLGt(2{oySBEL-rnfi@(ZXn40Ese^H-92Kq%@B+G7MzGq@FQav2Vdee4@}X!`=;h&jQZLGWNk{M3cGf#CL^FKUQn@sjTD{DI&pOffKJN zPFM^U%*UUeZVVI=Tj5&PdB&H1&PMfX`QKVx(-JN_EAEMTXPWv>?NRZ&sD!s|3Eq?h z*!3B;@V~=$o#s!tbh?f;ieA(i-s;9vU(`^Gwl8 zhY3Hl12-iZmSugF7qc2?_iF~ z`lVOq_?rn|`51+l1Zuh5%2AU@*x{viwo|R8L5?PcqPr|*lc6wr&2dFXD&viq~j%la2eVxF6%}_^h zH(mn4x%l|uoo<|iaD1IFT6pWM-Be;LSnpxf>pK1GFSIMn85yafy%uIK{7Zz)8i@c! zC~g{C6k+R^mVQ{fYWezANgRhMljJ$aPPJqxWKb zTP+!;wdzrc_aY*)$hVG~6Tp*QcC#G8nytbcYYS;P$A>1ndz4%J5-oYFySaflGNanD z@tr)lk+#iSw1(ewNjS&|D&(z5UWM98j|?|H#oWeTA>>wAR${3zFrgU47=OyO1FLcH z1<3mHIVl&s@TUn$Ldl{{qkciuTV^MSM{%5pzMrql)D!GU;Jcg^Ti6grL3~mzvbK*p zm&G+Oix+}HeJ?oIhzdMrNb~&)z2Mh?{lf>tf~mV$%84uW;1fLO37Bu2;OJP0_cX~u z*ZAjnOd+Cl72zH7MeMH*J(Rbbmip%mXnZ`FWohtRT&K;<$&uBYV?PJ-6(CyR%|Sfc z9KV#i0uiHJyku*NYPf`28YP7BC|fWmpwxqfgPn&9xfmghC)i4|i=R+R^xr&QEMap* zTzGE)bfrdmdoe)gmoVsESLQYi!E)J9%J@4CUbKdl?cV{xdwqPusKi~2?aYZa&7GXgZJmhu-Tv{9@Gmch!PMB) z%AC>O(NZwn0`dhK_>-CN^qcTvxonQ|7&Ck^j5?==sxWt4pW z1eD|ZQh%bayrH@BsmMY%JovC;c^jDU5*!7kMB;=E+MZ^GS4yLhk9=*ypV`AWa7K8Y zt(J{yvX{?ndJdsILS)167Fe}hVz5k+H{Qw9<6)8;W9>crcT5V{ByV@Br4jk zZbquKT>eR&ZSRzBblAOPS7{*29~#Sz9@{ewdB!L5fHy)s5t%C<$SQ>IA;acsI{Kh) zK2~6jf11cR@7Dy5^s6{gVSz%0h9;<*h9Jf3q)aS$ftHVmJUlW>*$Nw{EG#dEC9aqi zQG_+7*P27FzxpAAEq%2%r|E{^Ah6sd6Laf~Y-z`wu;+abt2-5{wB1kLb-g8#vz0L% zn?D-AOkC#G?k^Fp<0A+V-;1H{w>T$?q|4>0RR= zf(KuZ9hqa38C8KR*vOVvjw=v5kG=-^0!v5nf171M5O5)bMjO+HgY+ScIKfrNYmM_ifwe z=R3<92KTX6HK^vTPZ{pw%}U<1bY{wEir%g0rdQ4wz9nf`*NO#4xsY*OGl+9S;%yZK znj;^n8Q$D!FYIE0eq<}&bI?uo=n^)`FNTRTqA%HK6FD!~(|MLOPuVcHeSI&Ej{-S= zF0rpcK!i8?f zQsKCTnq1Z*Rs=1P)aH#$ab+FL`1IS5OQ{xaP?Cw;!Z zdPEM6?6ulv;G8X$L!*kE8be3dKLE$eKQ?y57sigjf z4j=3{&De=b_5%`V$D8s8)eUgcW-GQU;6kXUiF(h+9RKvWZvB3XQoC;-B#5A#vI#}6 z0V(`oe?z7r-(eTAx=w0Uwr>!Z(~;Fzp3AmS=6NzcYARZTmRwNlIAW2I`&ikN=n@+L zVLA?-=8zunL7)HOa3|oprOFU2_^NPawF91y7+c-|J|%Q05U*=j9TdX z(K9RmWqixcGbuMkLlek~Sm##Pu|T)K5V_{;8?NYq7O!FtH~qzVx{dnB<pmZ^ZOrAWy={YCD1PP#TR`HC;) zgS07-0LUT4Tbov;D*TWRWY@5!5CL&q{plG;b8P5|Q|ZkoUv&`q(kdRv3LPJPsK6B; zw7r_RZc3+bxnTjf2C{6UksLPfU*DKNT~l5c;Xx&S2}RI`BQ{S z0$B-s$&LZ#P4Y^d4Os<(fu_axFQkEVXiS}tjMqw2+zCZ^D2xHERkOh%&p4X;jZd5( z&GJO!{mrqc5&%f-Lx~K7`9N%~C*VziulIG>nj{ebnI$*mWP(KO$$B1PnBNZgeI()l@v6yUb<1ZQodM`4P6^Z|mh0Il+)NLUmCqI|#MsYR^}&`Uqr&i)Z`YRMJxFE1vg$e*g=k6{r;gvSQ3X zqV@MR<`lsTnQnF{8^=>F2k=u_mk*YvpGaqAJQl!&@ypT>VShdH@MCR z)n8!kwCGixrH~Ucf}3*TXt)RQ){qggz=|P_-pmn211s}|2y_;c+crKKLDa2jvHKi0 zl~8u0)xi1)Z?8M%6-{35)tJ?Y&t`s=yb(7dLK{@L0%QV?1h*^~j-GpCdR8kxQe}U* z`X??5DIo&APDhr0%4e%If*pQZW$;N)H+xXYi=|`$PykomK?`zKnj?DY2QJMPoUqA335qcf!ubb>}A7p zS~d(QhM?rCx9`)~u($ova=omuXtahS)IJ)pFKE1p&QI;IFT0qcaQ8NBoZg+`PLVw!eN3Kgy?w zx9N8>B=mb_sS+n)T5FG>b2MOoEV%k}Ije0EJ&?l%ndwNX+MRA)+J2s*6X%CVx3;I{ zoOjnM#Zo82?I(UFrtfphVjl*oMqUk6LPuRvHadw`ozD9Wo80w4>wlklCi8YK=t&*@ z{9bkDv#3X88X&7?PKRhFp>S{83zD4Rvh*g=dyOE|0jG4R|z4m z{xi-F7||0)H>MyArOL69ER5pbQz1W~I{_e1 z_}O^{NiP^HaRjRXH#gMyFzTS^oQ9?+&MLAe+%}WP&15D3k}`t!vP*UMM{ze~VxS|g zwlq%D13-!2E8i~(1dI%g(oWl+xG|HdkjSbQONXc+@Pq?Ua zIzD|<6Lfc^2uWin4P*+5)rSh3sI{e0LBrT%63}E=@CZNS=m!)(aYCSVwWk@z3sL<5 zkX`3;HtonnM<{GYN&Z0EQS!=GF_4u`XNzkF3ypL~x~KVLT(@^ZC8PWq$GCvviKFCx zuUyuw)HlKjWEHlVG9r_Hd$EPIBSDmHG?!Z2=>uf4v#_y{34LExlhV&3E?+F-e#Lw6 zjAQ*C@rkpPapzIZ3L$e~31lE#gkR$7q?{KI)-QQ1;cEA3BhLdM>rTNoGdh!m#B5`- zEXKS*R<`qw=bS{==bSJx0OS~lS=MgQX-$q><*Auq!oL6q-UMU{rs@dw{M4YYg7p*7 z`GFSDEi#Su=a7^#SZnyD&u6O5d`<43ZjV4#6vOI`gu=UAS-}! z;NA^cj^AR84Tnyb-FALNNIAUq_YokaZ%F&ZIm{tStT%VCKb?kr;Ar>JyZ2b%da>vF zaMmD7x8nCoHKb4>!N+~q#kQJyJ?qijLU^%h4vT;EsIDO}HXZ3zz$IDKAsDx`A0kRj z)4~vZ^qF)FmM2L?&dC=g1P==tLT98$`Q%rhvjcV(RT!1UL|++B`ZZ&#(nV?%x86z~ z%aJEuO)5t+SI?C%W&qb7oe(chAwqT2oplrD_oUK+;IRXydo&L~DxC4uzK-(Ww7+)t zfA>EAtM3)*N04}0Cl`H;x<%tHHmK+ z3fd0T$G?VZ$3EwvQ9W^Z_YdrPEu`-kHvy38Im7Vw1^o+N?x@6z9V?TplH^k$EA#Fp zyip%iz+I-6{cXt&oxWtxL%9C0qn+?SHP63Js^6VSI1P{iZ(6=M;J{CFTpV|dFa^-Q4zxgmNI01woikFD74#YPwu)icB27yR!rP8AnFw*9nXc{UbNwKJ7vq z1^}58b0EWLG$A*roe1AKSp8(`+P2x}Y5v-nBcH6j283n-kUpOmI@o0E< zU(EBpn&;&OvLYK+(b-IxA7n{}$Hm^v5gxNzV*#MIiM3pbKC%^WXmXfjZG%}~WO4gG z8Wt7c*S-U?f}MjFa;$k_UsGHd zAa*u%8+6)#{KFAfOw)Mc{GKda@PMqGPx}zL2{^&!i)>)-@l=l_VdWM;8h9?J-3J_@ z`PG>4o^-tEe)e2Qw7+nio;bfJiz_++6RiWG7J!1F=0MgEk zV2xotkfG3U)~^0+I!4D-hyI5nq5hNiiSv81=-2{4a*P;ioHMrm$(B*?<3&m7yoTs5 zflMkB%&M<3$=1&HltSGO#Ig@}xn9pWn))qIoZpiL8!?box(@VZ*nfQdhCfN(Vi3yC z)tm?eWJQ#&h=x;;i(zYJo)nrNa{Ip1vG~K0)EN+c;{2WnA|-&V&C#o6*-y=4Q*df& zr;|mcUt6SRfGmHzL@Gq^_nPGNC2gzDJU>Tw_MZ-?C+iX#3S8{fclRew#vRcMZaPzJ zbrJxi$&jZRoongOlxcoK>g;Z8v!(tK0NGX>OVxkZccQ)FgROQks$TgRi~NW4uam{N z001&j?{VC2i3{cC2;!$@ny&}Td8rG4EVu{YUlwd5pDes~Bp*s7OD|uUh!M=P=y@AfKLvaut|%_5O&nJJY_Qr3UyqasZ_9ZOI_ToDVB1 zr8VYM3**wVP7>_DrjvXiJPLnKR-Ux$y zGm(<=4cT|5so-Z3Z%srNIZtQz(o}4El7~e&+s~|n$VLpaA@-I7KTq&1*4TRO^vuiq z$D-6BTi*$SeSB8=8}3LwrO)_rXK;G-OrcG3Hd&(sviNc}dbKg5u)c_5qM_G0Qm2I) z2Rh*aGn+FJV5GlJQbZ_l(MY#%P!IsR3-A==2h_&&0nKvnSyWh{$j&C`lN@U^OWmc2 z$3Byh`@Mi+?a5GsXolW<;+--B(xbZ#chKEjk3oN5#r!)S{48R1g(F{oda8qNGi4c7 zy97bFuh7^C`w<8cuMsdAy~8qO!NZ_*%Dlp^u10iZWbjSA9F&kdM;9CwcX!Eda(}k=oz+% ziIBkI!or*GD6yV@*(yiA)g0(a8=(xR2sfI?M22lF-3oS;uKK2$mR?iB{w` zV!_?$NOV>=U0U-QO|PPLBoauS+)j2@EO5sJ;4UE))_(Ok!+n3N@>%+7W4;%OIKt}E zBdjU@m>7P4W`!uKC-<8=$I`&NIqECkJnDhNeHH8Mx>V&K?(bdZDBhVoCWpAnFm$B; zcngvQ#I-x*9Vb77YLgst;U?E{QLdwTcY+6uFF(_81hA0-o@$++$Y6*}2 zE>Z~z%%e>7kPhX~S1}bGg0xr7V6jfBq@X<$OVO-bls>)EShi-!SeHXT$%Lc}VO)49 zJnqf%7^-(c=e@P5v)=j=Lv`?JWSfZ-m25Uge$~WK%}APy;2Z)yofhbZVsI`9ocRMt z15BTn=GRuizIfP)G<%ODyi|Sx%_6(%-OxSFKOZ*Bxa8wyP0V{OXVP%vi_)G)$$q;G zM@tQApBv}3TWCwaD&5`aXn0f!XjD2RCfw{l%sJA~hg?yi02v3n5-8$qSF>6`EQfq~ z`NBXK?q$|4pVHP3!nM~q(Y8#V?2r&w2rfbmdTcQsKENKP6-`OHPiLU%^2`qGh1Yt< zZ0ajN7pX6X{_i4{O2FKsF<#epJk+2-skMhE8m4AVexhuM^`0r094m09LLw&2aSuJ1 zKpf}!af^=)9et0bdU(CxDBbP8TTo(po`)Ou!+v`am0GGO>F6fHI`6&aJe?ZRGOo4$ za`+gobm>4GV5AYCy!NP_0uncA+Y`P}SdKY7z5n2RYqGp)6`R~9WlJ_8ydvMzI9OnY9jap7H zQK&MRTKS>mk)=m2o{O|_XZm-MCLLfNrKG|ikU)#Wv>C%hxv82L^hf7+EdstB8#An! z*7QCf-F!cRlofsKHZaK**E=+hFHQJ2SIM%!tMPs~56Z#RH>VZqx%T;PHw`0}ir?A4 zN@jHDa*qyp%gt`fO(UK;6`}^~esn4PqHo81S=28`9_%}45fw!;kUA^)R&4QrHKp7m ze$b$Iv%|L6qW;i03H@`br*3M{Ahc_fn80Rj#}bPELU68UOH;*<1K!BbM#6r3|A@4Y$(R_VkNiYiWc;&4QVP{iPZ zRt9;Levi0UiZBb`lGr^My2k8_7yJq?7YsIGB7oS+5jXR0|DLlIjMnABeKJ$4Twx-1c>qQROY3)PcSVm_rxOQ70$A~68 z-nYq*);Mdsncg{uj(0y>FPiZ8jn0^rLwI%vsIV##Tkqhvl@TYGpLT6D9EHz*tpG$Qs(=IXCjHgj;8)yB;_?& zAQQ)buWD*G-|93at=BM{g1V7tDqQ@vJ<38> z4n(8hvgqXrPmsm$as$yckdnF$?mr#0aJygn%6#5v&Co^3%?)bOkd(|8EP_g|?|Jp! zebJr=11ANeK)ULt?sel!9O+c${lQ4HIDTjXkv{5WIU9fa$B1Dn()%4vpD^_4aV>mX zis8AuQ|%p=#f|7~7PjoLuUZO_R=wW3uN))1fU0DS04kg7}%%dzXsahC@?c}<}TO?ITF|K=Mtt~~B9OoGP1%|s9yi;Pi-0<&E z^MEI_W){zH6*rfC!>r2~BOEMV6g7eBWxTE~Exr+z!-$m1b7BisqaLf(jq)p`4aQOr zq(dbfeVh8QdE^olBW~tUP?)W@eaDA~59ov11&7#`M)_=6921X&_7(SZIAfbDW0fJE zt7PB#yC6o7Om@y?mOdvYS<#I%ft&j?UiKbkNijrYy_ zq9#A%{EPL?hYf(#%#2znR($0(EhHtG+Z&h0`6TK9khg`AB3PCGrW=84pA4bRsVMKE}qiVbQ(?#TTvu>@~h2Te-UtdnuY zQitm>fBunKOqQ|w>F4@weJ_FmnT*^x-N=N7QM4|P6&Y#Nn43@)?m$-2S5kraBem5m zj(C`d9f@J>(~_z`9LXIpk|)k@>-!Blkd*|wql0+lp9-S<1eq|}#%L~q?+Jk9qYc}c zATt|G?7@30NYE}6-?9JI`nG=J{IU#xHAeIRRjM2c>xE6`Oy#1?HSJb`@fHEJA? z4g;H2JKW&W2AH&d)z@FL7vZ9M=DJDg2mG3Ie_P)ufk0MC=yk4>DIf9$%@0%Dp_PCa zapGnGNRi&=a#{x!&5J;fc_O2TL$WV; zD*yikFKNlg5?U(GkdW(a>@HJA8QrvG$b{?%&E2mrD&aN{dx6TNM}B3P`&NJ?8A zAQL_UY2ff;g8c1KM;OZR1(-99yUf;8TK~P(tcwl#s70*&CcrUX3d#X5Z4LR2hE9rY zN>`gIrTkoY{t+JH;Q|$noKt)mvf#SSTT=6{9Ftdy%nU==%>u8f12hIJ+Hj4q6FBED zf2PFC;tZ-3Gg9$PR)5cn)$S^chch~!Whi9S4MVkrLh&gn ze>=?@9zX`7%yb{aZN`C6bjeqz#^R+DRm9Z(9%q;L2I7Yofh zbs>*+{HXrI*?8joHi@gl0Fc5|iAzyqx$h_|n+aAbdBA=4WpB4L} zUFYBS!i65$sl6@#59j~TB>u}Y7CKu1WUKF6|3u1;}Lc9S{z^ zCxKPbMPyL)`|$P^Ml9!F;`zTZn-%~19OjGy$jWo3^GAz{by<059i47r_N^&6ehJ7* zN^#$@K(>l%gsr~)s6Ql0{pGmvSv>zoruDx*t4XW?GT<#p0~R`7RF**Kw2Ol!EAlg7 zN&z6v!i3Vj?(drQyEQ(x{n`R(w~s4-;`!HSHKqpuNSx_(9haezAhj}p=P{rSrmjJ6 z7|05eoj>J)>eeG!*cea?71YLOm)?BF`4{tB)C(lQaHl|Ac1p@QT6pPsS&^P#7t&H(;XKL0kqVTpmPsuyK!sX96@|79{N6&YP3|_ z(J~=MW#No5)+Ic*=(Jp?&T$fZ9rJSzTgyTfy#(cr4Z^RTKKeAesER7qWrS*+XpW7R zIOp~ji@_(Yk?(pfut3k{TUXzWWh+-}q9`d-^30S#Ll-b&C$V%i*~aThzJE5N{d+4L z0vzU1*JOOA-8`CVK6CF8^ zqQ(&_#5mXm@dE*wJfQ^`b}EnjAeWtun4R)LE|;#j_+>aghyGD1yoKu&QHjoHK@fxo z&U2Cet(9%&3-joko}VtDEVNWmpgSa@PS(x54M+tq1MX5K4I5ehe5UVea78Q#-(E#H z0u|)hT@XJBZ3_FnFz0AlQrKe<>vl7a>%WkbabYsN{H!zGR`dx^p4Pj1!Ume@)k*Qn z_N}@x08XFh%W|y})Dn(Rx>Y>N^*&Q_uHXz2VP+IfIxQQX7-D;zrXhv;9YfdH!xX9g zz%{P=k)2oy(pnD3xSQ)8@`tX2CF-`#qF#kg+D$+m3}A!e!XBk^M1 z*S~fDQ5wMVT%><%Wfxw;0-#9AvNaCMErCxlcn;rVMXmI$31(Do>Ak{=CbV>N46%n+ zH0WCWdu#6BBRG_lou`rn)0CJ!GLj=X(_FwT&QFG=1X95kwox2QZ*?l3n<6Zc)0TAV zw6E#ybXgC*^qMZtblZvM>QXg`-ZkR#U9Un?91MOW>r1IfE8K6C^_D-A`zFu5ulKVc zcRFwK3cuk*K1A%~vMJX&&sJ-wFOi{j)fXa6O)+k$o_+ciG6HO;+gg`zHUhgopCJO= zk!39c1?J|G8N^u0Ed;nhp83Pic-S>G>Lw2s*}(C%9Su0K_s8ezyC#P3kf<#1eIV&r zbLiq7>WLVT;|83C5(L)Tj}hGDyAT%CyRCZ#4nX-|cP#jcd)u1NVJ}We4Itt;e>lGJ z`j|e1kkc@FxbwX-@}usD-gI>&Owk_=wC@&3f$deAM7=T#wnFu+nTdqeXw0}A@Tt-P zN&h}cF|?WtSV`+>*|2Y?@Mtb*=xEPH`nOj0P8!Suw_)&Ect4D#%GGHL(dR(0(bq^) zUwZYTINZz4jHHDZw$t*R9j4zB6>Pj?vS68^tH!wInI=dLA8(8pLZ$f|6q#*p7zj@-mc6#h;eaB?8S~ zto}4_*j&XniM|k(heiED=nO+TAv81BDT$#>#}yCX&cHx6|9*&Etz{3Zs;fn^6u&? zO;9J(&Lx_dWBKg9{zA$wLX16r#%Y%ohCQ@2V5TjE^x)gL$J{X$>8l#SUf6B1KIKIhzmy7fyK{Zwt%lVilAKe`91sspPw(o8_lj zQ=eZfLH(Xl+mA$U^BqFh;#X8KN^L^xx%zmvq|ZVm%C3jpW62Li7m-uN7Kwo~?n?HD zE$a6YAG2g|>WNI%--{%%0-o54Iv zoR$xYN?P}&Qc+!w><{2am^+e=GW}fKcJtnz^HlJKsM+!SgfoY2=8l7uOB9?(F55|- zo>${o=u&?;>h%&*FG_4V$@S358}^NF0L15FCGH@re8v4u47Q=;*IUyE_LKIdM)SL5 zD-=CCuxk?xKLZVnI0uqrnc_l@-xLm~9^9a;iH3yTn;u~}Tg-hT_ma zf`qv%sKcFiHa0saZhs}FT&?6kvc}qY3by^(R+5y4HFzC6h}OV)yg*dFjb@zcRm4xBMMbH2LfR*9BYvb1HVcu$+LUteYN1KSiVRF(~@HVmi+M{q@1d$^XOI zTL;y(Hrc})m*5sO5Zv9}-3jjQ?!lel4#CdBJvadpG`MRZK>`GK32tBI&fE%@x$n$Z zzrQG;YSB;AXYYPiukJolX%a5>G0PG%MW)lco@1A7Ul>B#c=vf;yfettT-1Nd*meDb zwg6>dO@8L%?0K?|B78YI?!2;g@q)to5DN>d~69b}$nUt!o!_ z)2gH&APr#Y@7PfiCpDT3TcE0WiBPYXZs<8rLZj>>fUoD|W)UHWjJ8IoND1qsCOwaq zW1%GQ++zsVh0t>*NBELO>ttSDt1PV3Z*QlUi-h}Pz4ww|*{&8id0^w$}2@NRSlviKJ@W~<%zE@`x=JOLXO&|X9Qd&~DvoFqXy<@rCIB*6mr zXok4HCJ(PzO!7j)^T!Vch(mMH%q%^vn&nv}bz#K}1q<@hyjHPU7W7pRs^;wm(c^cX zF%>I`mi*VR+gC-gvFz?GzM(7AhT>tJHwwMMwf?NQp9M<=)oT&W&!fJ9Gn_#XU2IFp z(Hl3#<+=eQTk;^>d+y#M-4l^-d&pOYB?w=ld2oUJn$YHgU9bP}2L-hdxfX5%7fKw- zc~j{tBYERKu9`s6AfDIsWMRq8(V0U`j&{t<`Sk+;5@)|Z>wb$MoVD-?E!^We&1%+j^nWQA zEMCAp3d`>&1l7Nc%)fq^2xD7~u=*rgq-Pusi(^Db6Xh~|OXq-f&r(+w3R?<&falC6 z&nr6G1X=HkKixWO`N1D~P$; z)T@pZUKhC>E>MVX*1^ig9?9p|TuP@NuV?|o#KgPJAgfR8%vkx<)-Zvj;_-pU1kQuq zkAK`OCd>HO*p9!;1%y=q$U`Dkl85|j>fEo?xC~NU3=W@Z70rUfJwsE7jOq+G+*ktyrqXo?Gvh3TnBDIk;Bud|e_Nh})IwjdF$0ENd zZ+@Cvp>eSzt2mtbzHWQH4pRHoM#8{oC%}dw%`ASm+o%E=xy~({IH_^D&;qeTj$$AA zN%&%*o`O;!xd8>V8R*C1Cy zJYO9hNr`ufm_L?Itdo}u8<_s3T<~9wnHI+O)^;}L4h(;KGoKd@jDHhfe-{ook%8RT zNTpE7)jyakJGXhX*HD9mDS3+kkj8RJf3#msw@7=-7<)9XiR{@7%>PT_;EEi`A>=$v zl}enw>tvliu}z$g5?$M}2f&e>ols=A6!z+D^Kthm_8Xo3yGefn<$2-Y7#GNX(QNR7 zGURw0IrbNGkf6`V_Q+*A01~6Rc6v3Mqf2fZ8vs2|S$z!IF7O2BS>Yhk006n&6Pgz5 zBAQ`2F;eo}5Zfq{Hn;%bM89mam`ajFt7$JTFmkbA!V)EaQnhb zGsAnQQG`0Nj!(QC3C4-B8n;9Nw`h!_i90JM{N}C?x zFG4M9odP;2Iv@dX4oplL2CXi56CEDC)B9!IE$)TYKXCrhw^TUFyf9T@~ zZGwvXe`MC=;sZIa?sYy_29B4n2xn9AXrZfntjJZJta5H7ybM{4Ro5p5;U z(z`4nf7QWy1%T7;ZdgUW>ZXuJm`cG(H++wvCwubVd`_^3p8_Dequ5koYi$N?+w_aK zr2RQeG*i+5$l#G&FYQDZbBk5f$oZXth`_*$#y|EvC)l?k0B~gK3%vmeJu+~-r1#Ec zvd#%DjUkYYvjKYs`0vTEDVrQA&W z7158Sn(6ep8??F$0Xf9xs_tLjFGf?$I9$xuC~kj(3nBZ1^PCtTSp{-wsu!V8EWg=0 z((gzy>?zJXY9>MfxdLCHkNOjSY8`In`J6EE51fg9+I~WePxHM0zlm{B5s=G}7Ku~D z>_8Q?ZzHtl^E142ygvv430tXW&(o$zeZH_G4OlLeWKel&{hz7lVkW2uYR!1oVF=|Q zCAlOys3eEA&f+b_FH(;AOeGfqWD9f_&FRw$j5Trob5UF#WAaUTWc_GisI)>Y#BE)g zOJy}y?TzcqDW$#bn9VJt8lm=$UwF)W3k_0wG-2jHH+RrH&IZ(T+to94PsrTw*m-2o7&UDLZSC-yo2%+w=dY;@+FW`w})NK1SZ zLBlee723(fy{8}oa_4ay*?;##Z^GyDtrUF4`P-xUpNN-p>GvMCVULLCq+89h-oMIC zg=?(S^LAe)l1O;5gLKc{5kTLh*4{E5Jay8)QqQ{EaF32-o>s_LY(?!{>vhLCZBg3U zZO)dHv`Xf~-$x{!Q^y_a=FJYJ*No;nhG8~DW*oD3K+Cl*uc6V2yM^P1S?Y&AUO`DB z^Oq1m^tj`Y9qbR9+}8#m4iv>X)w~b6@@82{s=?PJbW_#Sh}FbELz{g~n(JI{e>R3| zd>j=3_2{>&U-@0rq=q}HE__qbz7kEzOFKPs2K17YaItc`nVPp?{O2$`m+c1k>~Uz& z?px0FmkO$AZ!{?L156)}d6zAg13L9%27Yp?2I4?@ub{w!%PKyMF2JIVg{N*iznl5c zZDX~RHo<{#N4#-Im+EW%7z2s+s}MUQdC{K|*1L;C zU!`xov*!l2dQoy*U%$nDF)Zk`y?di%-T4+XMb&s`PUdPZ^%iE~sgwSddcL`W2Ws)5 z)F|gauG7obKt{a`A~B)faxkwojjff>>EoDUJD@2dSx?Y;-3UEjo`5$P!ok7QD0d}V zOTu6M%i8AhoV&iF6N03NyE)$v#ioH%HOi#n%AHDmQTsZ#DDNY5455%z7eO?gjuHxv z)Y&Ur@sknwIoMh&ukR|5HZ6)ow~Y31C5U;=N>E0ha5 zJZ88D8mxfqaU$22H4R3kqAyz}NWl^;HK5j^O-fF}W1<#(lddBh(O$5SY!TDIkF0y1iGvl*Zy>huHM%7aPA6`A&7uk&kGC*J(dKov z$0NKQV?DB%eY@1J?|rCHCz3d~llbWV;m+mDT(g7UJLEXMOGOdXkQPz!elj1sH?j1j zJay8)QqPsBaF3FgYb;?SA?;I+g}&!Id}Rf=+aG!_Z;a>O`>beF6+QT{wlG9q3YeAb zwch)=B527)BQM92pq$Jht@C}G*48_at;LLIrNC?#6GAL^SUbh(3y&O zJ`FD$7S3sh(JphMLC7$d@lz=L91pb9Hf7 zSy_@_Y>AsPChxehkYlvYIB!zB5;qIR(rd|%qp|=})1UJW9V6IBztnY(UbEWAC?rQ& zZSofE;kd}`>l*j1vc2R1mdXrcqcv}M!dFnFyHz8%p!x;R9goBXe3oAl_7o1v)`cGi zik+w_FFOwhYp@CLdvgrCVudl(OkNi2`b1o67{2Jy-~0N4P*7SPF^h#-8#({8g{o3m zn8oOK8*Xnu{2w8YR`fDvwbmU%JE%VmzrD0C*5&rlp2v}u03nSH@xf%lTNPF>Y^E`O zjzM@kyO3}{lrg&A&?WUGlK!1~M)ik#p#72z~%*ixZy-xqHgFaRz^EV}vb3dna;oorDGxrZTK*sycU+W>T z7P_Cg^U>hc!XRS_^HijlUBAJ?-DE72M$s+wQu9_yr&qlS>*QOIe{Wf4gn=z?b?KI6 zbY#1F;s#mkR>ls(K<1rR-+Vh!&n^-i@m2J5tD~rhn3kRS3&n<_Bz_o^3^nvhnZ|&2LyO2QQpV~Q^;#uLZi;4=?2>aV>^0HoEPNI{{ zWmiLi@D97Avyh-73W~5*0vcbiW_mq!(!WyALmY4q%(m&4@&45XKQ<$@9+sqR;+54K5OSj7aGQkEbb` zLv^J+bb{q08{gN2xBBc=&c!tDku*#mz6W-8^9$neUA!N!xX){Y-R~Up%wj4o`L-|y z20-zNv(XE=SlS|s$e~J93=taHUl1GzXwqrS(-yb+$oQNbF=gCF^wq=1(Fa#dX{TL% z>L0W^iFqr0`Ac`JW?~V@i-7+hau9^faR`3e=c=fZMVt z$HW6WYc-(=tl%yd)L@jr#RB8L3&U( zNe^CaRN>xr{Qh@4UsBAJ-UwliuJ^#GF3VkEe8)j|KK}8RX&U~_D%i`pjP_SpE0S+% z%IC?~8K><n$?K-)eV^EF_+q6PAiUfvf zNIOuc>m&B0>@Jl9WPvTMGY_5z5$nwvJ)ac54`xPu)z`RyZh7LQf2W=W8{r<9mMus2 z#2t0m=xCv)oLJBy?r?oR!i^{(WL@DC3i!VBg8pJddeh@H75XY+LFzXD6x9)ti*1HO zk$=YUhdkEtyX=LojvTgM(_B_BcHA}9mgUv^MTq}oOi@NGUihAQ27^;b6}u-Emk9q&Q>ndXgE1Nt zq<|$6s*z5sKx<>JBkJA(JB1cRFMG87&7JewMMIKEmvzNpc-IYYMS&q03|-wqD6eEsT>5??uKKya>bAlbq9ss}NOqC1AFf@rcE!$A@47Ko%ARWZnU2V$`hBH8e-a z8=RKZPyoo8d&C+pcF56;{c&7L-Q|Q~P@L}%&U1nt>Hq-eX$>C`EHsq8fbGNua4h%x z4EP2CaNk<`o36U-F6LDI@wz3LA=#aclczZUB-l4_0Pwr)scYM96651y&jvPqvPe$| z1wjBDf*Gf;P<$koKFrK?g)^Wgl;_&;1m_vSZu|qtAr9r`exHy>=5>xxuWm12?-GRh z764~DqRd^kJG~oEIz(MaupK=c=Xt{CN$Cfj{pN@MCfKRs0r1z9E6DOsHwXOt6$9X! z{toQ2JZ%7ExFIOngzaImnXrJAwgc;QDunt(aQ&QM=a>O za|f%ffE)sJTwN+Pc9J_zb_L~}O?Qoa*54CE{{z8p$P0iBEhz%DGfknmh*_Owt!M%- z=h}$?aIN~)_ZU#YkP2Ln?gV81~05DH>$s5NNTl)Vm7SndSv3| zy>t`xP-Z7%CdquY#Dc1AlEgzwP(+~H9`Kow>|lAc8*bhvF!hVorY}#xSp0-gI`o!5 zk&NLm+ji4Zhs6%&HEP8Vr!8x}9WikPB$lP?IcPZ&A9Re%Wx5auG~rv=t+No|a`}od z*zvRm8m%M@CLjUBW!;BaHn7r9XAhb4yB@n*1eqgLYzX5(1O0y_*q={6e9o?GJ!RLk z8Uc{-M=8IF;EmRXZ!@XJMq~zMhVuOYIH|UQsojN-shO0QdGdBvBWEKL<^P3UPkIgH z;7#{+yXSm7KkW-HpJ~6DmdXjz13>2YRPtAq8Amm`OsJB+d8af>QqF&(_Bngp1OOoa z;54Kotfs9;_#|ma^B_4?tQUCzxa2eHC8Bc9SR%~l;o_>`d8rb`?8QP5lS|8y z^Yjo}_*^AAF5&GKLT0Y%_SSYd0P13|LX>`8IG1a1Q^-#zZBg8iKUkcO3z9N*p{1fLE@Xzv@(`tL9hp--j>#?1WxnkJ|Z z0pt)1@MT)NvY4iFBCo__5se5zM$P~r(U>2EEpyd7#*#0K7*DH;<7{O<{YgEZ&-yDu zgnA%@2{(fH_7#ud+vmPz>ig*9Q=E;o328eyF67mKAXL#8;T0V%fo?-0lYGqI)TvV~eC7MoT>@_=f|gO#-qw@7C6a@sEJuVS zSPe}6rL>7dFk~-9G$u{+@~lwvb09+tOAls-49NkrIXzU!)QfKvm%O|_+wRavLDxyx z#yRJpIPm2sVz?)#e3oE+)&@Xwu9v0cPy_Nz(Ke*)L1aVnCgNcLNVJ;*l(J|Vop2apDZPN(-!43VwbLBT(@z>pv-H&JZwE$sxT{>U+>X$ zFvJ2y=+Q&nM@ZCg8UZV7GW6419Q_v`Us5RkLpiZwiDdRpkwAX#!6{2(arG>V1$0^2 zT(OL@vKj_iW4K$szv`lULdMPvc0)i^DeP4CBZF98-y5-`7BdDJWAKU-^yk?fdwSYR zrsxT`%9rE*NU<-cVHs-GY!OEVMdph4Z*;A~9W3{z=&s|9QvkG=rukYOsgAl(<6sVw zdOx}Bw^RbO(x&T?5`TAaJWn73`GJg&*(jTII-KD6L6tA?WmR7V#czR3DAc*?b1&){ zE=a!ECe)9PVP7kr)~U7%3V%Oo{uV+6Wda~`;EU+Q{mn(%rxV7FLQ)s;?C1<2mz-0i zecr}2gaht~EI_2}S2-WblPBo&Jgqt#0Ec9aTnJ(_!%u@24nZI@31FbPgmIQ%Yy@g0dVHZTWa_q zw*Bf)4IJ04U&ztGzE7h0dEaF2C;;-%lnr*FQdOG$>RnZ6%hsvvG~U zA`%-J7ZzG)J&KDb=Xxe!5H1G5V_v5Fv#+IYc6QuZ$i>wU1NURt0PsFL%2v+mb{{J^$!QBQ;1qx|A$nx$eI`nnPc^}=N^dEK$^@J%iL7b>Y}h{xskISnR3 zSd1A#lj_0g0-4DR1Q;jkr6xrs_HiyX4%V`YO zpsl>OWrQ76Ao{52=~Lk`VU_mM>00$ajn=a_b}@GKc6BqicV#qnwEt(rquSHViiI1< zC5?+__?Xg-{{oMg+#yPTW8@2<2ILC7(d_h!KtG8EZgI5Ta~9QOq93YnK|#iz2=jx{S#x)H48D( zK=z9|NBpz4BTbpkE)+~vsvoKu(P}^@-%7s;);5^eTaHaye z3?3OFM1JrXCY*+rf^0DMRUS49KrYoDYr?1Z5QPJ5oJ{ekN?n1bVXA*{o@brF7XTbO z{Mx5DqM(|!^-Cx;ksh_zdf)G{lpmXi(?lJ(2fJu2-IHYu>Iti!jLCf7TqwB)fYi0FF~yY1!*g zAP?%c15L8gNmmqZ#{wWl<4xkle%O=iR8j#L+u@`h(Fo5!_WX~mQxgE!9Ukrl^Qvh1 zD%j{txy1_wuVyR*;I=`yWKo9n(FuiUr6Lr_!(27KkAH9^b%vOpW}TMj02sso_j*JA zfb@AeSQBj&J8JgV`jG1PxA*4WzAb68|5Z=h>@iBmgo@_|@2u z_YSnIpd4tcB<`l@lEVmOzpz)PFdk4^vrb2az|Y8}0(UKzqJ3h1$MJ_P)#&K0Bmi->iqA(KLb zY^uRfiJ#{URrE94&aWIwxN+$wAWCvnHv2VE+t;2~-7{ssTZ~_FJ-&QTm ztdI4&Fu9??d-Dg;QjO>9NZO}76k@=$U$Delt#A%>;2n$3*;NerL`9;UHydi1M^6_v zFfop+N=opmi!`rY-oE#Ib%XgXXwW^O8}alPcSj`4cpz(ba1oQHpqJ8aGj4K|nd=YK z0`-K@Uu_VMP*qYI2=O7j`;IPi7L{~*P0LT6^slOd3_G|7X65-C1ytvPjt?R=5L5=* zDh^T1(rvp<5eWSU{rD0;Ex9k%-k8<<%3bZ$&F8;O_xQbHG9>dEKmJKKlt3#91$faC}C7^~lVVbyrN{$4V;Xc5b3kpc(3&+~Sz60E#0 z@F3Zx%Cxi*8T!Rwgp7n*C*vADM=~z!3YS*VMi}b`&jhsnUT9T*|D$J5YoH^-&(yGO z!byM>YLZRu6u!uZ5+)c`)e&DV$$&PC2m=E_3Qc51+Wx7N{#8|w!U*@kwnAd**d)G< zIbDWtba8m$@^UEUN~K!ot@vyk#a-?;V+d=T3wMVKGKEF_F2$rOud!&Xx3EwC#8jFs za!OOEt1lp|ZQE^T&}&eFm*yn{ni&X0o}u>kUxcOZr6HuQj*iGY6hGG17MYb|dKC#8=4rSXv)N9j z--@3Nhm2^a&O;$f(jpy{{WOG?!@)V#NU=O)s=5kJEo^mfxkALd3&sz@Vm%p2CzFQ} zzdKuKTfneQKNQ6oW_W?oKF<(Isp+uAu3ZN;W{IsM;X)df(Itkw`_xJQsw&8Agu6qk zG|P8TkNJWz0nM#!Lcfyd%~TLKk_~?>d?~~7_A^FL|H`|#_cL0#HQdLkbG!+#w58j* zHP@$IWn#Q#r?i?el$Rk2WsAlT%7#M|4rb^-Xm&iE`t~bBeuSRBFA>dBC)=iBm@PRQ z-}g!)4AZPNzN1v~@kp>h>1hFWGpp1g*wx7K6hI`3l74kf_Hj{LwY>?_QonE(#g1FW z`mCEijP)C4h#pkgzVkiCmh}`VRe{Ga3R;b^5Hm{7rrbA+0VlG2#xG^HIaNT7bjGtJ zVXmNRGUc4U-%wky5;1;5ed*ZFBSJNkks1BFT5Z6sh+ad}XVc(!SCbxY4F_$A_Rl_?6H(b+BD?fSR<#L|W&gK)5L9 z_^xUMC0~6pIXW6q-MA3SIhW6a-e%BU%p~1WBqdge~MTI zxu9^a&|>&OgVDJ05F%4fmYtq^v0UEDgfK-JdlZ9;x*~4W(y5-P;O7(@4_-@=x(Wvk zlQs)&)^Xr|&cLy<^?m)TN5-%qw~x16@|wtWl${3@kQkHs?(4QzLp6Oa96n?;Ur%&$ zpnlMn-e0VWO-Q|FA0u(`@Xy*LaS`E|oGK9zDDJ}8)%&Oea)b~zreoHqwd0m7RWaJj zmpH?gzWqkDCa0i2UQE#$ct*hNdKU>Q?;slblyK3`AQYdGJ=P-Gwru(4&F0*c@y$vI zYSlryNiBwg9vJ&+B>k(ZfG`vuC}9-aKRfN-tYEJ$i*m^Typ(5H@IY)VnpOHxx) z>+X>}8U)pnU%`bu0tht#l#UtE?S7sF_gU9UW-nwg)JVyUde{$7sajz}e5L3Fh{L#L z!>raI81HY#z3(2!^kwa^3vCZ(MT8JOWD@W(YRp@TBIp@H&LOn^Xt(XROq@6zrIJD7 z;wy9Ov*GfWiSCzcTt9Bipjti9Rba9xutQq)sQt;5i({ZEQ%o7$V*)iR6Cp5(&*9?6 z-gIv?{P8Qf0D!$JAO2BSj(>x2apJ8r5s2^OV4$s;b=D6%E`wE#^?}<(xH(L>hp`ic zYsdmW-R`=nmmx^vWf9@<{7;7W7=8i(=qhJ;uiEo9lE zPUXNu19)S2Q*OGVqkl-v@sw-@Z|q7$N|4B;CbJ|ad=w#0WpRy)D(HP!?x(;_tcZXk z=JXpZ7H1JG?$Q0N#)X3EXQDbV7<++K0?n={A&g6hz~7oO`omjK9Q?aiH#kQkU5`?*8??3CdsKXx(5T%_=zk7 z=X#GYk{Se_)sQZ5XzL3McLq?2)f6Uzjt9c!brgVW?5>w8bw8Zv&;$#`0ovLoA*=}J zmp9tj*Qp6vUEN1}_4(mSm`jPVAMoZJPc5WCN)aB+n7U4r_|q_Z18T&M-EXoUncP8_ z(eFXNeHFjTzee`b97fmkFm$-y-muan%y67HyFT3j@r=P z8Osbw(Mj8YnWXU(oM%*J7cT%#Ikhg+sVbo=BHMj@eL~hJxRxvqfaK!(x#1q7kaHnk z2^+LYT4y~Xru~zuT>5=;`g<)&FfQCZdbbR2PVY%oh3)w==LGj$4Ve-eY~&GCVbbb3 zca)pvgT4C@@+vm@p*@ZMp)*y30DD+Zfr$vQ5Vasl>0EG`d`;PYa3yPDN?a_+9WsPg z`_pXhmWD2L4?tlT|6ah@XQ8{~tg52AT!x)!1^z4)*@6F}gy%~q{n0FcrpF%wv1IUg?dSjOs7qCrhWM+N{# zqEBw#Q@i1cV|_@UbCp5rl_Ly%^6z>!n{5gj$mR3Yd8LcMVE#GrHFxG`b)AsJluZC6 z?2dY<4_-t~EM^-P#ji+!J0t1;gY%qYL=FQ$0THCMgkh@l=hxrWcQk89#k@_M0dUO> zYUhpN_9$EY4J>}TK{+fHt@Klzf7XJB(tupSi6cmYpX8?LCo9$`I{=iTU#Tnr5>?nK zDMT1Q-ul=agRMg=AS;CRWJuL>Di;X{$b{kzAdwxaPVbIR+1XoxT}VqwJ_K@bO9!Pp zDpGj@w@43Sxi3HG1|13kkbZMj#k(Vs52n8q1k+uR6+gcyumC{HjXWOF z0dI&^l~^9WHB$TFZxZQ0G*VPR0J$V1m{Odt4rDkXkn@pTqYF0DaBl%{kO%N- zANF-$EuFrPx64uj5vfzeKd8X+|CaTK(40%WP1??d9fq`#L%iwwXUp+N)LIZmfCO`~qP!eF?1MX>>TDPl3@=nCgK z5W&`xdn3oI8$hjmxxO`H*l`K3nSWPFc;*(Dy)Z|S1OuN_y&+FBbSC^}n%Qn_TYhbN z{UG>mh{58VDcx*WW(1=OCTjJiW|K75Fy!}j>hdl3IOcanB)pRL4^6RfS1ZwQxLxA_ z6b#e@gS*`L7d^SmO^)mj(AFb%G~&}x#nY7??uy57O_H_Wn_FsxmvGYAU($01vMGBx z(yYt|t6##yRFC>z{z9ytqFvTthZz^?>ur|z#;J%Ig%04>Ai!O#2W7fvuS5e{G00oDX12V^&KJE%zeN6Z8IsrG&bXSIpYEquEC^ky?_?@w7$cP8H|^69&8+i6-m z&=43&$n?imj=jVZ1Hjv-VbT5fGdScS(WEjYq~(~Axgt;xOa}U^?`igL>e2>^qsVtY z1Uo8?>%dTCsv}JmjJwE>oa{ra4o2Yx_J&<81i!hUosN)GqKU4g#%ro9J!50i--AYjm~MW+0BVEq+RFp%Pkk#2yh z6bUrmf9>)RSB!N0{jh<{RO6)O)U11-1?1B15ED&#F?!HxTCcdo9t0RGRb&F-)Mj$c z$__~#LQaP&>bo&(=4N^&w;mq z8SrPByCm2w-Z=)&ejLnk;ABgwH~D`(c!|?!TU1GB`$i ziDEuW7?#wV^oW8HXbHw=zz!@_suDIIg-j@>kI;tu;Xp}oCxof9#^2|q5n9A{FJop`1oqQ?55`+h83;q`m=og*4!)X*NLUCqlF|T#w+h{{rlJZo+ zu=lS;SD?~7<32{Lid>_j9Gt^pK}~f!⋙2%uZ5im0+CtphC1|_(WSD<#~!G3?M zQ2ZjC`tZ<-XYajJygwjM=oIDzJ9{l8`Rh!)K{nQ^Xe0cT>^*h2f+xmnYgU`g;9X)p zVOC5IP|!ePT!@YdG4s3 z=@h(|h0Z3>>$oF=KHpX(?kt59FSVy|Md6RhSsig9=VwJ(-YTTdn5>AdJFkni7%`E8 zcI>zd^=`mi*!F7r-sQ4zP&wZ|*hC$?OdJ+8e_Mt|Az^%9(1iXb1A>~CNvf#c4V&xr zR1Jc`{bs6^2`VoNo(x9Hyxp4!$wfUw+XE0Lc3jtRAK!>8mYKOIJuc zc7^WwZ4w}tvRlZ8Y?$AcN+%0fjaa^P^*m*!ITl(%D4 zu{-#Z-d{?zDtA4R6M|MZX{GAr=bN&8H;!oOh1v%d#SrpYhYlZI+d{f~Jc=H}a+wTq z3TS9ZhX^W5uP1ie4rO-5)OFSN2w5?d#J!vc6mj=onb~ zv6_u2$7F54g)RcnApnTTt-p?i00a5kDo6rIp!CltCWizX@4q&5|NiCgGm9ySC1v&Z z>)7c*J=z*e5b{*LNLwm8Q+;T?!eG4H6|hhuDPwlbxXaHUCot>2a`h1Uq%TbhwuBPo z?58@An#x;?qe-(?(f{dy+%HBeD9%Sq9Mq-E*mquVA+2}|ExpxUi`#_mCsK{D`Owz$ z;S)x5z)NRwHiZZ)EN{m={vrF62_23u=d6}*;=EC`Kn}KTAI_N==Edoc-IiYsd(q=) z)ujM90o9xRQO~cm)!Un1Q~dh}`RWDdzx@742muWgCCDLILA-NAPYb88d9&C{m|S)X zIwllZmB?bJ&moqjk`;+t?Q!WW`37g`jvZ=l{CX<}(_m=0f#x*na3;xn3aLYcNSK4d zu#o-d2R4a|kbYNee!`|K)e-KYo8Cge3TDRovgNQW8WU2Tf#65{&gY5C$2tz8bz0z~W(7^UcK*Z?P|kM= zX+pOZaIKoa~TWrcnKav9;|HnT}D*VOo zFEQOb%9&1dBUN>F6995wx*W5VaCxIVO`hCvV(*2xCCUKgQZctw4by?*0`F~`G$|6ZckJDcY&Ax5`OjT(M2xi6tO|(u(SfK697^>vZy;a z#x5A6!9T>rE@G0To_JDb6`53V`2B!O(7JKhV;ht7^8vsWarh?e7aDLd9||1;)a8ll z`}2cJP9in7{gY89Af>UTH>D9JgL>I81NgMH1M{rzeSyY z;~>TTHG*Ad2hWaZg+7@K)Mw-BZ;rM;6=FG@EcYq4R_-HGB z%l=SJeI;b`1PA-4_-}hiaR*+-`9eKXF$3V3C5n7)jG%xJX&+yIk?>X9HB?O?msR>D zPHzv7!Isv<^LuRjKlOq`@DNh}Y{bafT-W zkOMJA#aEbsuUfSfl|e2iJH+=jrcZFbXOjQ6rx>NC;eNS^{)Zj_9uttc`R7lCyqokr@oiF{ZpinoaD1Nsd{C%$Fns097|2}V-}0HmR1>~{)v=J@>% z2mO2iX5LOf=J!I!|7I|RQRNeU+ru;C_S5?0NYjZD0D1WOZncG!aUJ*!eDX1$SBCT? zGzW6IdsKBm*j%5;Zp3y~FN6vi&4!-HDumG+|ME|irE@mJHdTFJ8jwp`rMao5Fb*rZ zKcaDa8PEHPUCSNFWsmfKx!ggWF*a#8oT`LA$)&$Rv<$DCIA zH;!E)zNc98*8%LGKrU&o|DfAAtrY(^c9{Xl+N{0?3O)eblCY&59bbp0g!4L4tm@dn zQ{-~@363WN*KeFcL3=8U;D~L$bRbuV@dru*l02cO$=Ev8_=pwT+y9TX^Zv&&{QLi5 zlRdL%gvdx{_6pf6o9ygOlD$_{w(C48Bs1B2CNj!OM2b?`B_#2ET-{xFSJ(ad-jDAO z-+$oscpv9Dj`MsykJtN{7zYTBu}|G?X0#j?(m6OMbFC7+V}t7GIu#m79gcO~H!)St z?n_+&A?!k<{q#E>gRn@P(AZxjKKU2l^_KDhZa!C9F8Y+>1(v~{j}G2ltsT(!EOco08W0Z%=zrs^;c}4LusNv zb$x&WhB!5r}0XT|bLv!3z=T_PIs7`*mtljH4Oq>95i5;sy zUTNdJnd7W;1Rcx6)HE|>k9Jf&!EIznosqXI`KL||owaHQ2od|HZ-URAp3RRH?4CZW zz%YKDnhoUR-{#7Z3Xf-V40`r{7sjI}QcXq9&nTU!@=2tQGUKI<;#U)y$GxC{+|(yL zJrQSDMA^XFof1h^BfFIu9U4$(J%G1&O{> zR$m|3$t0w4=)EIBtEV^j4pIlJ-cM|43X#iu8+m?nPKUS8T`{2~ixBILVjE`4mWu$g zh@86fRu1xW7*t;89c<7pi<@6T(-|5|M(X$!o!BxRERsW>pn$wua+%U)(U$UMfmn~v zvMT8$qdY)})mSuhb06bGTsM)Fbj-b#UjrkfMyUHWqV#+I+239z7Y;MoK=guwQ)?Qe z$Q3$7_7bp`uxy&T1rP#jx{ajXY1o05WeEhjuf+v)QjiDJqI6#W*LuO`s?w`3 zRW_Pz0uVgeR5V^UDyX~$s$Yv+^j(!@36BKORpAkxvSzEJe7zNgF>=X@H+6o<5D7|W z>BjFf+&Oez6!mTL{cpSk&@IP(4-S*yI2K=*&A6VklTxDD769`3_Bd7?cdPI7O^K$% z4K>^A=LT+|>Aa_qv3LUos1X&xw0kus*ziMWyOB0kwx`YAYa!w9l!}Qzup*h|7di)!JD1<^236oG9UW5 zip}Sc^(aAD7DVpalj8XR&dO=RzpaREYM~wIsUt&L^z-CrKS0RvQ0S~+RhsG-5!(50 zc?%f~^wgo%(^lny)DhF$(3coNm6$W@}Y1 zSmy?a3s{`crd`R~5GK4K+2OHkj4tcQ)>D7(yW%s_G^7sdyzFZl0De2-Q}Np5=?L*q zz~E7#-(nw@wFrQ04RJ;(*oXHH3;%LhM-3b;xRwI;dZ2Xd4tVZhcHyC_bY( zB0#GcOe~ z^Iwzqed7TTLSu~zvA2VsvXhcp{nAq|CCcJj25{M($t{lZp(_I$tHImdUugEt7|)^A z^S$Bs!OsRELN&R;HF0a-0o+o(+E+X;E0kUMkwV3__MFb(DN%c#!p!;D4N2(AG<^hXMRD>&yNbk;ccIM)qQ#wP-H51|8)9xY(go zqmslE$5+?p{bzc-2^$!l38Z> z>YIJOg|T-4$U&sGuKdC1JB^lX+Wgwg`|VEQ(Fq#Ab%^k=726l2unB%oiJE1f7uI!N0Xh0XEC5f$3rppeH4je)*)r4&)NShJ6)pXhQVJFg z{v*|Vm&~I))D`yS1%=(uO{4q zbIoR7B-s6~iUXSo=g+akIJDR}ICR)p|8;0F9=4K<9tSo97INUI?tAvF0KV57f;EEc zJ5sD4d%kDBRQywsejJm8pG9nuj3UI0a%UM$h?iEJrRGbjh zt9|1Tl+eNjMfB;5ZqD2@l)StXPP{pizcQv2mA~QR)g&qtF{`eboyRR%!%`|2sRS=i zbGqG=nyC!XSQ2;5brby(w4Gwg$(-2cPCQH!y0zTu$=GG1zVDrW?mFS^jq&O=u8^-4 zaZO3o-vqepD;OnJCw0qkEg83CiJUX}(_1QtBhG*Fmi+rWtI$spkE{-N;j&wuj=+8j z0FdUCV_1Gg@BQ+zCcN=)K^70I6p*hqshZ};w^x!llYBU_Z6J8h6U=LPmcgR)AApF*IJE%r>pM^jS8g$P0Eo!BF*`FvtV0QcYqM$*59 zb@mJj3gq?+&xm%sSo~X$O4Q>bqz+Tx789&lOd$IMz%h)EY74hiQaQwb91MhpG<-f& z-U}eFIUK);Q&Vvz?pP;2{O#q%vZ9~<(Rq*5amhNWuEb{&RiFm&ccbW_Mp&!+gAZCQrk*zT*X5BIfl%xQKtOqhn z59{z797(0i2R^zV+ES5G0EFC!w|Eb|E|*vw<_b)&WyTz;pGHpSf3CAihQx2%AccFA zoV2@X#?lQyUhy5qQ$1oT_G=R&Snxf84VLXp0D10zxVCmJk1x;8bI4tdV)T)vQ~F;W zRq4%7$a?tYf+ljD#l{5b0D_zAw!ugFgU`Y1@^;B&V(`}G)71dJy^HUeSa+LKFU(lv z$iFa=IwI5d@AROeF!x_AT`#SMPwNt@8`gt793PJ{(;D-h`Na8Joey7}m%oKpfI?P2 zyoD+p*N(JbHkJHIPmL{WG|@hnR1)!yk@Z+S`Oa{aE`(860>JlU2H>7r(NOB2;;eZ% z%K4&0p`oCVHZ3FagnQuA{)qtFh!%Us!-|*re>0Qv?r)Ht^8Vv%jnqfI&B`mF@U%yo zm8R}p{AEK;a*OYxm#Nq;c>@Gj4inL5k(1z(V(8*s`$W(ls|TZ9w}GnP({uG%xpgSrLE~v1Xqn(Qrh5G&`EL34p(5I}xP#xPHf>o(RYYMQd{ZG+VNeeIx-_L{o9OvZ(uLt^4x7pGq< z_v-Tf`ezditc4UpZGzeMB?J%8*V}pvWNm!4SjmdXBOZTF20e))Z?!(tW@#w#8G1$& zL{IT#d1=QhMrCFtm3b)^tuXWV14}c6dn_5RanI^zb+Tf$9c(w5@qCdUAijwZ;|BP)3q`Z) zw1p~dI&D9V*_wTnpPe1k)R9Q93$2{o3H`XTKgM!dHsXEyt*e)UlwN+UiNj`X@DVD4 z@oWi6{Tut4E-ued-1l&!r|Z+a(Xt+18=F|W6~q0Wam;F#_i3Cr6?V<)1&v=H`K2FJ z^=poNqqYl`Xg#<-ltj@}lV8vIpB+nufNKGs{sE}C5^C!5%!F4I3xj_CrfD4*0-AvLS)(Ouqs=P_)(buAV9(mZ`-<5I~se@W6w>|+0$gi$KMxm6JAXTLs44%l7J%FheD;qQ=p-Lqa=%g0$*{PFOCJE>q$dlno=5R7 zZOrh|mihE6^IsH14`N*>c!{hB_2s?73m~tKgj+AKWf;sVS%0Sdpr<;oy!R78+P@CL zj~V74Ka(|BmQRU9Vka#W{~g!=$0eu)Sr2LnqLu;(p**rJC4X-5Cl7J?vA>b?TDb}@ z07!%EdCn~@>I>4JaNd8f8rCz;IgR`iKu!5kkG~*wP)m@wB!D{%ivS^Z?XvCnokr;R z(D~z~wJELpFGBMHWPIzAw(KqImPp=}?1*MSIODEn=S=#wn<>)S1RZF?W=cEX(P>~F_o40fL zi9T)C3rjpMlR6{GQ5KnvSC;G)cvc0cpZsIaz34UOAAMCK$fdci zg|!wzVephu^-WFUj!M?v_)SJX^*b4&HTMg;N3SKnV_xR1I%3Oh_UOFsO4`(Vs_IaG zQ7XpRQoNVEp8J0+HP`+CF$Mb&=O9;4jMYZ|YC#wBZt!(lak~66f>HzkLgv%g$&540 zj@7f;csCWyj>@W1HUJbdn5en8vh47Mz4ah&%YTYQS_Ao?_~&iL|VpJ2+kJDPsrm1c4bE*uc`y@Gkbujr_W$GZB=m@XX-BBnIhW%s(_}0!Plr9K_P9Q(7yS-@2~i= z-WWWQ3e5kIr*|8`@!NrBX9^g<{bWmU_~uhxV3tQi&?VP6(B@LE5h5hJ$}hPHEY{rqhZOJKHvZdK3As9xN^x*Ek#zX zE8*5J2*aKrPqzNUS>!F6f1i+jiR40?$~lYA#Weu3u)HRtN@IHdF8My0Ch5!QhXnvmg(9Lgzhh*M89rM)O$S+6~jCyUBV0Qd(v- zoxJRoV)X*+=+fMTECZ_n4`{mj>Z0Cb&y`D55sP(T=zq-SGPB(8h9M(t^yjrOXD$$gNIyZPYF z)dto0QY-L?P-@_fwT%ISGhr(EQ4Le&bliuXHtLG~4Fgqn09{`H2AEHX zy%M+bsn|HKJ!QCZu?(Ct zONO@{y9mz3I@5PtlKq9IgTWv1UIF-(;L1UHdv5B5xF4V74xa>SCIztoc)I?a#J5HN z{VgnF82>TebJj=4$g^<&d`-xUE&SfsdfFoWU1!@J`LMG99=?5}hTDSDf^VJYm#xWV zNb3jVB7jUTG}12Yy*tR-KTY9Ma{Mqf_$4x~{@*(9e*4m#Pqu3lyC%P1*aVRB(;>dA0~j$K+HBavsY+(;ap` z*`=B35<5??Fu0yj> z@oEhu-~Uq&CZDxj0+2oJwmsWUEt{kt^S#`8)hvUOTQ320oy+U=faxGlN1=_lcmV6} z%FrF;ehicj2A?JD2KfZ%7Gw2Jn3@+KFpdt6)UoEooyh}mq0H0rU%5PPE@>Z%gU0Yg zR-L|@q3K}o+39V7IQyEZg<$AQm19W8nOo162jsd#gh4(*%x3a%_fw97?2-?as_!0G z%*3M|9e~Mahot}7z|QXXxV4se$kGv92q1S{U~x)y^;n%@PN1(JZ{byL zDjG+?OD|mRaUzV) zAA>5Ck%RFC%fz9&WzrB5Kp(D)ZEW139xDUw1(p<6KE*u(Cd3?)| za?XqtIJe-a|@mVw-3_hF01|aj)8sgLbN)U)l35*+!XdI+>I|mSgxsaxAJx%paSn(5G9=Ua{ zS)EvPoqzdk(ExzkX2rJ>w@BLW$XL!dRlPeW)RYknAm?oF(^r!59d{U)*!6nI5_^b` zkZCQ{^}*n?CL{oE#s9d$>s@bimtOk0g3I@z;;VrJ04~V-+_&$1G5f2ITbZT9;prVM z7-=}7bTIhrneU*0Fm>X>GgTb1;&?4}t=2%?hEU?S0P_5l8|86);V#L5T_|N8DH9i5 zhWtB6>0t2LEq4I1JrYBj={`JU*HS?X&tRu$j`3Pvwq5zSRKr^ zeZ0+u##u1=?7Sd=G+m#*nC1U`?iZFKJi6YJDd5_$3?OGK(Q7OYw75EBCr5`#-n!Wl zo1AF%VDQ$QCGg9=ll8qA+s2D?nz%R-sq!XE(+F>f^ref z5i}hPKHF{wAmj2MKW6KGbh4^HdaZD>?uP#(lm{SqB1~H6i%r_Cst>L=#VwCf(}88@B!x zBw+Y+-xV?V?8hbmM{nJ@m^qefS*n9|=iV3b8?DI!4*{HnmqudZoo?a9{LH3&>3r4@ z1G^EL4hB~h+6It!0p2gVtHe?ztMucOA6)XjJqkDjV955GBVHKiqqg8mf13oxLjt~^ z$nRcMJs4b77Z1RnR4c&8u8X139S`#QI$H*CUQXBnC~ye7Ovt44gJ)UbQ9$vV$ zq-bu|Y-CdxhQpB`M~di88zc+~jlLg8?1G|X3pt@e%G>={p5be^%%0)&Kzb8q=} zeaZLZeP_=>E2W|Dy;f-BdS+CL)Io98NgROS{|Zm|jJj>$v+Qh|rb)dz*_~?v(2Zg` z5B*aDGwj$(KPN{@$rz~kk>BB{>x02nAKwIU%%ag+BjOk9lsJA8lpwzDtD4CL;N0m; z3f+R)hx(tqc0bFl(>(0PLvwc&zc=(F>p^kVGX?-&k(_b(pj_Bz*wTVO806Z}Emh|N z;0{AGhpWvon%ZYi2hZ1SI6ff{Is97>CRgQk1_+VltzGJ)E@@tVQT3IMgFWM(w?+U8 z?Y#Ec;+_q^bF56z#!EZ@_pItFXgVSPy2S_a0J<(gihBcJ2*)oW-duU;`weF9^gmIH(5O$0jU1+ z7Xn9hJ#~PEbyN@FJnkFtqK^;l_ALjG60Ql@{DT}5C?KQr@t%Hv4?Y)Xk-0$5<5ApV zJe>&c;owoo+yAt3aPkI6cyq2;Soy*@Kk;;}`f%ijx=OQaXztoN_3t?88`lU-tPNO; z`#3XwFk0Q2DW~O2OJDTy_85_0G3Az1OC>4{lbW_~XZCKtqR!NX`{axs%NFC5Mnwu$ zmv)#&!(LR>?WZ#zBKa)?tuN`<517Kto7RSOT1!z{x^;cY>iU<5ld9T%hThICu0j9M zUVh|bhN8W9@8g1=l-|67-C=}u)5_@>`~--ew9Ipv!{IjZ2ulzFT~6o2x7IOkO3#VL zXMR(fJQ+}4?DX`n}s!&z9K@&TCbH0QZ-~UtGj_Lfw6?1&|=dbH$Gx z({fUf_%AuPzY(i&W5OZh3)NmWaxw57^hpxToz+s%j>~zJ_t#v(q`h{I0A64YkSEQa zKg;`7&M`LreF2Wo6=wjK$>?#C8L7PC?4ztn;pXFcT6aqDuMVbVPjDN+)5f&C7Yt&> z*XgQk+%$w|NCETUdr6=~K=SuGLG+jP#( z6U8@Q3b(G)H`&z}EKUQ2j5Kx`SID?=Y8*3Z9%ozhS#N{oe{}w_$RG3oIP$EG;JwWD zm?rk8gJ0ME;F*$3a{zH}w}^ZZ-ko~vfkvZTA- zfI_O#Y{~b%ZG}wK6=9SgM(CZ5TS5VXXU!rSOXi7l&Zulx#vKt6tQ0S_zRs9dvO)?# za4R`&OyroDMGU;u-v3@~dq@B3X#j;y6;vu@%q)B5)%o^y^$AhD2xR*^*no zjuj!8GH|Rybj04#Q4Dvr{m2u>lW25M@wEE2RiJsRWvVPUUd0(a0os$;?&W48-U{Qb zlnBS_xedV981%9-!<65)N{jbO9A z+*svi=lGtqwQ9LC#M1U<0_UMO!X~o~*~$p97o%5m!mZ3&BRyD^PMwU_%yoT5q#3fF zzEN*`K_sGY>8WgqsL5`3^{t$%MuD{VRrY<;?s_dAm@Lk5Afw zlZi_CKUm4Xa~2BrcAj3IuJ(5B7*;Z-Rr>7~fU9Hi`1Icg@BZT6lvN80hGkf9doN8#FAWFV6zqf#+wh9>-19-+VsMKbZSwtg`C;s!GnBIMd zN(6w{5dGAX_L4=0Bsa{9t_R-An&&N(cpv?*n|c7w z33#z9cvg7TH*x;HwOzMt(l)2wKP>g~{|igCI0q2&8Zyj`GO;X`BdvzX_uWe)o8wXe zjKB)-%0BA=MZ0`F#yQoab6nTO@%M#LD)s-Jnm{p71wjC}w0z20T4Ws`Ct}Hr{m_5P zO@fgXK$jyzh2~AaQBP%I`8VxE{s6Z((YDWEPN+YVKrU9kOvU1dyLx-H1*1}%Cf_CR zI&%U@{p%WGt7ptDy}pR2>`{aAi;MxtU3!0BP)r8eO#~qQCzo4vhdZe!7QGEd>ARIq zswCC{T$uIp$WBo*?Pdi_JB3ED)U7D;$iF(66LVD*fOPhTTLZa5k{V5IKfR;8_W0hm zN)v$ZkIs{*{0hdq=9q`&GQ|9ts^dGFn~%vZ32y-Sl{{%HHZNCZ`FK;nPtMteX|{=1 z03IUp5-46%d+Sk{!1g7Tt5S_u6!~?FS|~8s<#{^**1qdm9wbZq{QvDH`T0f*MsuwS_c%B20 zS#>{4S%Y)cmza%`cw>E&oB@C2!H%ej5MzRuIR&7=8*Ex&qEm->fMuzgDe_uV!2_B0BAViIEI3y}2?eIPbD#d0!CSL2FA_s87 zhr87h)r*;iyIj67U+>+-^g%MTabd7Rkq&?mbPV7HVN>&#xiSqJmp)OJr)eWwu2TJE ze_Y}M`%aiV&sBMMASSP({J%`_pYsSoQBI)#m#ehyt6s9%M*e!*-aO$$y6pN_Jt>}C zsp$hLriz*4J-d3&?c?9N1D=^YA^%GI;wOLC$xYiBbyJQ0WoOd2@h6jM*2)y~zBeZ_ z2y&abXNQ!&yyuzhnp8_IkbSke@==uFrm>W#3roULDdOtR4SRWM~h9Hv7QULo{+e1SDWh?f7LU*1-`e#nwqi(q)SgJ4U^ zaGFee*uP_{@%uCHdp++3iYbK>1CKNX>(BmAR_Kp{g)UzH9(JyOrg+u=cG)rLK}8gR zBh$jw^sfs%b-1u=pMdlDXTN^~A;|d|A<}mWzj0ae{>S*cpNuL32++<+mz5%6LoT;o zY7$;Z%?RpeVb^uP(Bb#I>(CqT{ zYk!L~N_{%I9sO~|grEil0P+`4x<@R!Prdniovc~j`U8ayUnzhbQdY&Tb^atu)G(V5 z>xs+W#eaqj5BzzZF(D{B13<`(Taq>(jm(uQ-=3xOwNu^k+JFIqYw~>IPj&)k+t1R` zy^o6O8YlbFz8^6msHz2k{I+R4d*sY&v!>p+UAgj^kuqV_8o-D%g;RUBft6~<65bP6 zL$7T*O(S8(pL#G?cFpquA*>Q$fo`Ud52ju5#(W$Z+BTcJ*diAC4L#P z-FZ(BpA8va`U7d?vgje?eMdpiVIF{x%Vg@qSxLKF2+ZZ%Deq1PO}J131jn%uE&ZX~ zD!Bn0X~`-@hyKq`NR$1K4kiTccK`+Cp5q$MmnAz=e4!_9TkoXZ#>m0}oIT#5iCA&J zW>4U}|8gRKX||C>f;lu zlTxQ(IxIyk3tnW{3{?*XbkuVPg%qjR=TifuD!$MKw7S0-jnvfAt_E-s(_@~e;UX^2 za&HO@+L>fm-X(vFrh@?;KN17DqavbvtuJKc+9r{2BXE#A_gV-SKqe#vJtbW)*#vFH z@uWU+t2Xo$BSS2xdN82l8)PVSa`BuAS&m_0jSQ_(`AKd6?sXaf7qG>IKlZ0HI!Y0X zVofO;c3g2lhM-V77|>Ds4S?(ms9sgK)D-|wsJ)PG{5{r@_sk^3 z0+l4LGrHvzXgV0s5$iU9Oq0%Co$vg)eZ`7d;AWs?NX5N3b)fKcWw7#YnZgvMmWaiZ zP&Xk}W-8vlp8@h>3s%VY9R(dTZvX_B@vbai1L^9rFm}@9wDSyU=Rp?8!=Vz+uM}Cb z2-u(GTi42j3whGeOj3EVcfVZ>6m$%P07Cv?cCeO}%t1GXaa-q#(GeHkBXIyjK5WlO zY`FcP;o^Z74T;5LnC;LUE8n5IU54}n+0GZq6D89yx z)3l#t4Pl+5kvHH|?B%r}|H%z-51|M(B29i3tPL{7>WZR4GSycDUm%|{IuM9 z)2lWw7UfsaLN%Ds@zW}RAp;A;-k&Ys6FioLCe~_FUGz4H077WOY}3a`36~&2!7hlv z+3?3f{5Q0EFreeiHh>#}Fa=+gj@irQdcmrgZ?y>zT<8IO@0mdy17lv-*_-venS>*% zSPd*QXgV07P~QUpKTXzqj`KZkqzIFR5imldQiy7kzG{4l$0B4(U*RSs$-)u z-%TD}=ie}=Hxnoz9*>*vFHFo4jow(D%A=}NOtH=da4ze`jq;?615rllMp_8^QG(*9 z=+_wo779WD(%BR*eSP{R(ZIBT!n^7KcFi1We}E7y6PbM0cC=k(Hi-Y~ybw;&_bcdO zMGVOItrkGnW(gI{IrfKsT)p%xaa|5isq2;@fMZyHRi!0o`#1^`YsL~kbSO6YgxvIi zy6+F=e}}+d#z%uyCatt!6@XwLcaS_)H)XfXQ}=alBdwfM`b8XoZg9M6KDC;7?>a^N z`Tn6>r;~qa`l9Jzz(UO^0GF9M(yhrJU-jlz-xmqqH7K`S)Bp%^DIw|X8bx=mL0<76 z%wy8*u_4&#I{(5#-#~!iHVc67n0-HCrM&RSGX0DE$CG0s0BLxz3iGdiQHphc=F68d z)R+}xjSidJvU8F1&r|9*pXJzXD}y!wWWGhvz8C(Cg0cF}rmyFX1AC)n2Y?Xqo@w;) ztTnRbL>SiFuu}nWZRz(igxv zLPL1_^uJn7>^B+Cb7wuF2-`)Q4>93o?F4{pwp8WFjyzvs|J2BsK-!_N44?IbL&;E)SXx26POw1_%jr`PDsk{~CqJ&@tXN-^^uI9t41{UDt_} zQhZE3FdT3y7|&22A$Sc9W?(|chUy9A=cK4cIBPbW;YTJPs?2d2(cIIbQgYj zbSRfqbLu@>ke#KHN1ls=8W#q199jYhF^!MHSE6`a1Eqf^PT#rnf#bVa1%Ts9y)R6C zF;h`e`aI)mvDS*$(1C2$@J9y|I(mITHd)~L9=Vq#O#h<*k7`@we61o*9Dr;etDb7D zwmVBBMazv}GvYXKl7u`L=f8FS4TX+=1ckH?1MKu&$%m_2N^;tGQWG}sj;jEq@umvV zdX_NHFE2)iH^a`nXF|GD-O~d!*o+As<=v10H^{A^Zu+OrIrdwbJ3o1@eCy8y2q`_vn;*q< ziO%Q*?-6G^9O7tl~wS~&e3`D4?^P&LU9@!%r7~!IK zE~lLDa!|8oN|Y6HD>!Og7;vtq13>DI`C7KkC!Js1UfUOAo9i|1eRv2UFC2A~4Xh~* zQJN%~5LxklmE;F2ExS#J^?X{&VZr zyX6fZBQ!WCg{$!Y1n0DrK_N|gJK}rH{%Xp*(%@&G%TChQd!GQv=GH|K5^ddTzGS*M z6Bn`V880m6{{-h+-s2qeGN*3pQPI#$m{>ua zOxdpC29|FFL7u_$8!--3qpQ}TdQq(icv32!x<={yI${NXI!37DEF14r9d(8r<%_PL zse8VdKi5xvWFYJi-jt(fHoAdF!a!K+_MJk|lv}TItD)RaHzR0x`0sDELO)3?a#=xz z9qGjZbopsoTHg_8UBlNsiUOSn`?oJv41vPa#AS1D!}5zC2?>pcR5LDAeF{c?CjI$6 z$8>A6h5!^sM;d{jvwT2#ulvi)(zml#vPnw-@(vhgnvHqmX8sHJ?Dntt+PWb{k-s{a zF6+8CC?NXz`P$tU{*RVUU&ihQlDhMXWHp0)+yxI&m6Ok=Leg~jd>52@pS~nOPUC;- z!E{-#69PE#*c?lI;#auGPIXT4O!@xyU1n8~kE^TFB5xYwC;Ttn5w zAZCudKB$C5jJ10=V$h!6*NbZlZ3<{5k4hA1BD-heHA6^9s>AaL&wd=zUI#yS5y`7kJ_~tHN)%hO8^w~;ilRTtVfn~7ZXgm+q3Id!h6s% z%qof2zmq1YB!%7)fWi*bwI@S*LJWo-#-|$_%-1IPm;j9EC!5fYJ)l3}=1#zRe4hGi ztrYsWFx*i|e*j(g{xsdK|9#b!w^@i{naCKu`9v z=M>cz3*p20S%l{3@q<+A$F%~CieCMTUtcWu-hIL9uIi~wOzSEW9ijOu-|?Bwz+0bS z>V$5qhA!TEUQBn?-POs_-Owa~`%u00c+O%gbuBi{xKlkWop{<8d4K zsUR(-KlLc|ll)HUq2{V-RsauBGk;^}ZnebMf@$k)zDIv~-S) zry+M%1|USwv}KyxJ7^B85F2shrdd|e_RjsM#e&uk=Oi>pzQVr4-~Nh%#L>!p|GE=o11h!P8)qaIoac*mQ#FB8-{1H6HeG@S%P`&S{xkqxDfWN&v+`)X8+ZNl z!>`|pm&lCFKpxIAZsps2;o}!qi8ySSB^QqrPLOWWpK)Qj*$(UgA<}TLsKV&cGvgn= z{cuiS?E6emC4g+2NZ8)Vhu0RpUcuueDXzpn+kiZP;Q#U{rT z8xPAXHonwX0=S0f+owlPdj+x-F8<(^>Cmg=9OUwi(!q%I$YX;-mSI~;v9TJlQ!b}0 z3tGAlY6FOlK>_(2Ci|+JQ7=8sy`ng74zDD$>mxrWP&yc{xcm%&6e+i!)_Bgue=M)M zNcZ_Nu}WKQ04O}|7)Sz9k4;#sy;B-`#Q(s;&Jw-#9)>IamSG#5o zdfhr|A9i#C$XvMWQ@!6(+L6RXW-h3Gg!Gml^7QvV^448TLGs`=fGZbSh)= zDaSg-3L;qsP)Hwz;;~0m)JfIbO5hOTxbpS@8KC}eoqr=ej}HMtAlZu8nx1SwIEb~+ zC^zP6>`NCO04e`+sEsNbn~-O}*u&fPjAOKIQy5JL!(9(%00o4UbfG?6o!S{%)gAs@ zgx0oeAwK~^T0g$;!`XqST<3=bxKAh1Yz{ggqb8_&Fx>T9695W-c;WB^XTUGzS);zC zW8Vfj62Dgfp8C}tzk|EyQICTcVRmjTR%SL-3QY&YT^A+>h%>U!{rTf3OU;bRn|-qm z2fF5tgaLwAXHa>)c55nVDP_e^)P(=rc{*ed4^%xE?z%1~K%BE<+8TNFIk&Jge1_lf zONDn*BpE2A2~90hRnflF`;OA0Gn4($R+S%lf(1$k!(F$u2Ze0Ru|6F%(wUXnKRy*D zIO>#=C|3i>JWiFhZE7o(JNf9v3spMRf=?`Ht-&xOJ<}ZkapA$Q*vgx%{<}l1_nyyp zDcO7$rveC>8D~d5YZcND5;xRR7@n2;`+1`M?aE_BdT`eOoXo(LU|YQ`A!0hELvzm5 z^~=p)ToN4gAwVGdJ7@ldJKKy-r4>=&celB0U)o0i-GQr7iwr01?%dx{i9QJnf5Lj)DMW zekJB6FEA>!l1{^xy=-FjGs6u@Xa2YxnC|+e0{~|gnil0|Hb}Eq-{uk$E3B0h=`910 zeWy2VP~GaquiFA*;+JQ>>9Q=(q3K|_>r&SN+;hwm^kVJY?cxriNx6^hMKZ!#IG~W3 zJUeE(IcY7-a9rh-V@i}tlMXVviK+*~T_?an9yjEiRp*!;ciT)euxrF?JLq&RqIssg3p+#dQYD;ot%^fxn7mr_ePhAnf z5wUmuBoz<&YQJh5ye?55Rz6>c?nYv`^wg&TWKl=_DWgkeq~qeV15f6=8zggYUxEVS z1`#2xBe}RGY7@yT;92|NkSQ|a_}}CDH_{{h3>2~sgitaYOBtoYySNo;u5)T*<*Wd* zeA%hQSr~eM@R;e1+Rdlpgb%FH_Ms^RxBfzo3l-_%wg&}-dS}i)knr(*B5*frr&Mq7 z)sKiUfZ$7Ye|;@2Z;^%IJ?{IM;W!@tw=QV)V7UF+ivYU0Mpqj1w5OV(({<8Vub!YR zKCBx+nnAIYuF*fwex+z!QSHen%skvEMbp7>>2JRQh>P}ihiXkKuTCHCC}&@z5+!jz zs|Mf%AACI;^YFg9Un6RYAvNRShBGDTI{&)#R$Bm4N+;oL_t|t7J_;-z*WbL_WT`d- z;D^-({-Wge4(AM}qZ02cifS0MC86v5>xv6{0ysC}R!nG9y7@)h?T0S*EWXV#Tz3G1 zzv+&MX-)!P;8@Sf?5IBPtgh7m66wjt0+8~p^a9dp2~k{vq7Tt)>3*9ehcf_9sSLYI zZ|HaYl6N5Gf!c*@k0L4Gqt$~E=?N%D?%owBKX|oKD|iSl%#}u6S4wH=)X;!*9O zewDho_{Wd4n;OVUQ)|(5Fj_7?JqrpM_kzSqI`6gSY<4y5>XTZ^QmGJw0>lKlQA3iW6LXUD`xa<9!0CIodE6yU9elDb9vdLkcs2QPiwF*GKJ(ne)2fwGB znId6XOH8IlPRu6`|E-VhgIfxEN)JY1dyJ~foFmA({Bto zs;6njl)cP~QqUu67?B=RaZt$MT$Jaw;+g!WOAw+rFR0AZ0-oNCWtsKy2}E@1qIeCrLtY`*eYUS z+E4=z6V4E16#37%Fx~aWJY?ukB{@_vtl&K9l>p;c4_}a|FNXohf-}}LtmRIl4tV=+ zzJI;>c+42B2NkBfzA6UbRj0@oVutAtLTAZHUKE-<{*^P03*cou-}ci)n?!ND(^Mbc zxX*sjc!$;+RdI0Ux7~z_^bjxt$fC^cp*u&dP+vj40B<{OqqU(u4uD6ZBn~$DM8D!^ z@k^EJuChcARNO=x7iO!(GXS1X9${$sJKrr9E@LO-+-hqW}syR2E-K5l>Ew95hb`}zLmuoxThWzNm^2Bw0Cd=D6q4aoI_)2nWDjZQFl zy|pBBBKRWr3XRHPQUmO30Dgb!9hKVAmlmIfDC;0PPrIzqW>Nqd<-Hp=EN+||->#Ap z>>j7`n5#yM7-3R_nsNZ&-_7ui9$gzU6n|Ot;x$XTe%#|`fVfyob%bp->Os-BpetRp zsm2}+BYWxn85brsU}Xf5shT8CWZ9I9@elz=s)OD0b7Or$0RF0n>xorYc`CSx;_9=n z3LcN?U+@35`u_tp;9vxB0^=cDiY7B&Cx}t8F3}bz-*EN^kSW)ZG(QJWuxIx&UR&ZE>+$IOA6BslQ8jN*fZ!D#Ybgj$-K|>x z%#^W1<|Lif#POeuARQH4fDl0Ro87r67;{FdqEvS;j#P$+azMf9K|=)9nOAL@wSKvz zs*E&os>A9(@iyjme|S4j8Jtl5AIjc3tg5bU_a1BYjS@&i!-ltL} zS;%)jO5xEi*8E^x=~P}fN-dz#^^k^+=ibkZH1`~vor0!cmAuM#9mG?;LFEeRpDp>^6^3lwsm6`wq=`DGYXD{?F>J{Z{P@OX{ z>G&d#2A?o%8V=6@g65isNNnS7pgMVkdOCfr)j~oX4nVSmMrRtgop;2RGY71x!3puH zxJ78=!Ki7R?*ni);%%oHL>T`#56RJW*6>LLLWlt%E*zNap6Qcqx*POZ*<8jKSJK8) z^N$W@P2*A$Kr)U@*ApEd4u55+prZ^Di_(7^8wQ~34@va+>K@+~&^fe8K_s2=mOMgF zb;3x8nllAR9XcdKd{FL(p0VUNMs3&ytItqsU z-fS=(-*(FY$)&`g-zLsj)^de!L|9v{#sT}nns;8$U7VAW!M%gIjK%XyG;UK4629BJqAdQ?4eI~bF~@048FwdlarJ-ILuf7 zrKU0VfdD*74J^enveoDcc>=rXB-Z)# zSM!84euhb+OJst#%x5>tc?EwwSNOuv!;N=qa=d*rnkX+ju;LZj(@>JzFV`ZTk}#69 zUCR$S%ja*~g*)Z3#fAOL#p(PdTmp_u;v|HGq0eIK9<8j%X&ToLM17n7#xY%af6Q=) zI9$T=k-e~P9moGz(=ao0xAZo1clb|H<3B5ciIam-4JGg2vUaQ(vritY%_gy?lpDzL zu?BerU+P0YE&UjV>-W8fDH6z=`>$pG(ZR&YuKfVAKaPKZ+w^5eHtP^inE5K!tKsE& zfV@WPl1(tez|Ql5MmK0$!xPsz8FkY6_Z@j`fV=Bw+&Fz6_FdQ&8Z(zo?<6Aihy;*& zl15%61CzAutIx$}euZVFKv5`j$8RiziGkUS0G#}-hNX-__}tf|z}VZ*+YzL~j!6JP z-eY{|4kAqHUvql}ylJ#Z+~BrE)4{;NZd3rt{C&>mJ!9P7{Wm+RgQj5?$8L=&08SlN zXi~dc{%Dl{`sepuewS#hv1rhAFfi~9EdV)>M>fVULmBvOUQ39cJjw*q+#dkCVR2g0 zNUzS|1J!zy^e~Cu;c2Sxe{?W0@MtiA?oPdy^}}f*JF2DzsOYdU(% zcQRh{>M{fw&g1Rhmqx?nm>AfK1;C+)ZI;xJiHkfH-|?;7C#*SeUZ((XLECsd^`+4J zZ)LOSQpO8UuSjz5pp6Fu184jMNG9RAv(dr|nzs;#OG52316GDOF#yThp*>g9W+mVss#Y6Bu*u#mjFb&D(@r zj=lD|GvAKQ0c|`O7?{HYKzB8hrb`UP4%=;&XyVEkd>_xPrGq>|mQo!&mB;`$(ZC*G zmYAi*gAr6i+Y_vafq}hwK^~#-tC?r_mNpibjHN$ni`+Ro9yUqq1UQE2KOw z+mCg&v4#)zx%nTRzcDalHGuqL+@9UujKMw>a(sjRD=fOJSb!fu>V#J+=oq=TZxj;Z zh?CDec+V__GE1K5U|`@iB!KIW;w8y6%gh(9HLMTMUYJrH9w7j5)z6Y5`p-it4|lkd zJKMGDY!HN~gq9N>3=FIn3gGs|dAF1+&J^OZFVlVm4WYXGUHN~-oNTZb3uR5Y?CO|csBQqckg!^@9ds(RnPG}~yu zJmR?`!V_IgjHZKufzQkWxIMyUzTsEfWS8wr1y(CuodLF;djRrtnokLES-G2R8ms-4 zmLw?JSgt-F>k4r z6hX(X7$)m-69D%)?%;c?jl{j(?*ClEH$bd-c@YM17OyzFIQypQ#iG4(x5ovY<_RTe zN%)u;SVjUsLGl)Ds>dmfQx|_s2a4^Igs8JN03>s2d89&gnwn-tbDAT4kfwi;0D7_t z1_pk)0-&1`zG?P&Ue>ygbz5TzvBRj=?z;iV^nO;igv7@z`%KDH9HVpWJ@W(T=5dV9 zJIFQwN0AAvy~y23IIZfKaq7ba!CN&xS%y3F#CmUCL!?MB5u}=A>$fg_C%^|e$U|?6d1c2nA zf8QH{BRr_DD_tM6A=zGc-5UT%WoBHt;>O2aC-X<_?^9;6iA}}OKI>&Luxlg(fLny0 z#A(WsS~^(#@DVg^8|czpKL_A&H~)@xC4;fxs7V7y*>1Ul;hb(c@FtCP86sw$CLHKz^-4y0Fp;Bp*BH>!OM403WQ~DK<;?+-Nx&TkOO5o( z(|6+UOgQ~}=T_p(K<=q@Hy3(pMXVlvSEVCgp|RWV-lAi23|vZ#vYWquVc*ZS+a5w7 z)NV8{<05Iqq6;9W^%kc<6Ia5vp$3!9k<+Xi3HoSBFPONr7z@Dnb==&4l-!Y%J~xr6 zDeY;Xj~j6bu8$R8l^CJU-UL zUB28(I7KbF3J~XS-mg5Q`Vxg0PcJ6h5897O$40rve(PX%sPPp8kd^1F)cx8p! zk-)gDzmI+MGJp%DFN$b$2Cd(jS6VB%7}n*b>g#&ndrz`g&mciWfy zIe*NZr@W2;3P@=g)XUmd>0{&((x;`Xy+?Tl&8&@yOUq6Hcry~`0;vtsN| z^8|PtdH|&Hq(g6rV}JyXYagY>uk*8gB^rk|FN_4FBzu6o^5yw)+0p`E{|={i&8C|+ ztvtnN05=UZAIml1Nv(gz|M>3IPhb#SU_?_3aI4Xvof&oKZZK zAqo*^Jhf8`ko$PD(eO4VE)|CXJlds@hHpV>a8B>S&}SJD zbvxI)dH~7z+0MveKJ_vGX|FhQCvr~OyJIN(%*lGa*8Qim%n9aH=mU@u4)V%AO)Cq> z>8l5)-ED0{6k;?0f|TKAdLb!~@h6S(?2$9%IOH^|D`+|xm@|_QAg_LAZ2Nh5*Gf$P zdI(NaRY!oT005AZ#jd((xOw3v8`)*97_IvaT_UKK7$@Vw=m;~m1|WZG!_Z-ZiQ18p z@tYMn0W=$iY{dXx>I)^ho@{WL>;8=zfquLQhG-GgA>iLSn3yx>GJpa~aEK~zzS;A% ze0kNWILQ5u_FNHw-z+blOV7ZgRTj0r9Q+`@sisCs1x*Jdxk%X%NmJJ zTT-&hLw>xs{1!mo-tKuu!ww;0!_s3e6jX>V`ka5qoTMoL@_7>JaSvyc>UlTiwn09!LLce~D^G%Go9fFenCi;xbfP z0+1Ec{zevCKEJng8l##IOT>aQdk26Y)Fr*={hn2ZC1mu`_-bO?m5iA4|BZ33Y@Pxc zXIfou&URdoz%4hfYkDdbd>l4%G?$O~6_!A-pp!QflkDH9d6`-2J&VWdA3T@b?l{Ob z6{L$@u1;-e;LV_z(LLLL3B0fhmTM`|Kw4HhT_p&>i}6aHS#e%_N0l9=a-lrIK2_i7 zmRIsIYw_stxrD%EoGYKj^NlSpli9|@f4dFCQS&=-8y4~d$ZrovU|N@J&9{Q_<*#Um zfenHF?*J*xHN^!U?j?868mYNo&~b_9!A7&fVfGe~a0YN_nuqDq7Il6;p^Eqw-A@Fy zOlQmi94cm$V@YyhE|ZRvi+bwm5*6PU)NkznfksZH0(hiEytuzGR@{msM4fOtIO_A^ zfdqi=amkR~{>iql-|A1^m&iYCxk>02t$3n?N&mKaK-P|(&0=+}Z$oJt)zTSs*fV%$-&UFZ$x8H>&R;o2I%NQ|0qJF=kKdTxs>{XVO#4ylS{vsB zkbK3j6KNu4c_yb$cS!YgeE@P#&?5LTVWbKpfU}PR`!=_#!|p7uKW_6nzT}rg(F5Sv zsU<5u<~1suk4#m>O51tYy@sy-d6Y3>vko*gbl$ryOk>-2GRIx{~nRj{~2a4uVv5xs>1IXpdhGkxh zTm z2#1}jqEO7}-P;t^;D3RUlW_##i|JUVNq$jCZfWAhv|iik^6~tJ5=;v)W^}xyP+G=Q_n;7#;+;8>n>vWQSI!a2% zBiLUjH^N}u{py}gL}T`MZA9DI=;Y`2GwY#;1ys0KTGF;!^^9yEeGl_acPr5FlYJw6 zzIpte_^`#!gR%IlpUoEtYA4<713UNC`g;9rSE}!yuIa!XBy_S0z1n4KJ(4bg9DdK- z=9(4y>YCj1@3emNZ4u*yY89no+9Nk|+$}Y)w}yOC;F57snG_w3NUG@U$8u#{(awC+ z9V_Z{(4|-$3omyo5h09>Axs#_I1J#T3lcea zySW9owKEWj7Tb&L|te@|v@bw$cXh$6|VdTOvfSmBN5?VZq z=O!k0y!g(2C1_O%8Us*}(RM{5!9vu`Vf$keTX#hk8$r}b#s2|DK7#?|p32`_8qeFK z?i17(XwUWDR<8O!fK->~`JvV~-)~`e-5U?M!^Eb!hQjbCIv8>F9w=|C*)o?C)=Gt$ zfQ2|4r@J>ynvD z`YqzYI>lMhH+nAv_{~nt_K(W@jtno-zFfJjPZ_x-rTqs^V8X~QEdZAcgvGwdE2hy) za%2<;RV}VMEhq}$2Q$m&a?>PU)ETeTyU6(Zl^!UCqv>G4$O}OLZmRn&5a%!Z(dw)qRT=iLfp&m3H3>ZnX4j|7EedkFN`nAM+^Ht)_ zO7i{O4}Af2T{`Yzka(wTp)+|5jl;I3PUL&^Sa%FhDnA~8)2*GTUKP4Ue3)tx%<;Dx z*tnv`4dCV-_YH&70J#119QF!C!afG0W~+PpKP{fIiX{70Yg#Juv; z^at>V^NfZ0JCo-E_k0~?@Fj9RSAlY?pUn81#E$Feo%UR+Syu%6oiUIH( z$0M=Enk1DTF1pXjS~CPQolPhY)`<=Vj7%{Cc_jV?7n9}h8qObO@4KcD)i>=?NdP#M z>e!X@jHCmHnt0J4yB za~rY8ck})lwh=stb;-?OrVUL814e#h25`NnI6=w>W68Iz*hJSqEk#g`SdjvFO@j4j ze(ev%Gf#y*XjYvjpl7epJS&(m(x3&vUq$)3cclauDaWPnEj;t*0B~v|fZVzHH1F7i zDF|NEytwtrB_U5p9JT-a{y4ydk>x=E9@BbQ<{m1jGufqQBfcDiH{!Il4Paz2)8qLG z$?`aRooaJMvf?|HnW**xCps7~^42JTUofva9da?8Bqz$av0OU{5M%(y~ zJElH=hRb-(n|tvLG1^H^Oc;rz1aNAco#sGlO~H=w*M!^MnWxOky%_*f&|8&6s}J`g z8EZ2q>w#={%v}+b_xJaBFk$4Z0Dx|P7Rxv~yRhzbiMoAcV}g{NZQdF{dMVW*#|pfP zCb8`TqX?P;eivG_k0(qR+4KlN%C`i21N@RZdnYawAILk91>U3C0Z2i!8)b|G0SY5u zo-94DxBo#{FNG?zpNt0sM*hqMkenukIbL3OS7^yJvx}_{W!}!S=K#99aP3#==b&=m zyRSk{NlgB#7JH3$oiSnLGA%$#rttv+hkSuNl#tKq+G5ypk z8iGT|x3Jui=rPzBp49w!0H@jnb?*)E#zITI`UV699Mxvm{Q-g@sa{aex3hd^bk<{b zo<;WCHHLJwd11gv)(-%(e(-4Q3$tZRAYI&0q{tIqejfTx02h)3D|QpD3zmj#|)AijI?t>#OsCasW& zdv#~fWB4&(ik9f0I{b+0r!S5f9672~7!m{VVVMG5(VJVIqI@w|bZQQg4y`(}+)QUrL) zsQ2l~x?{k|h(Um4%_9C}V{ke~K^yC$%tuPKarK|q0P^ZKR9x+>&gy8I=vlU;Js?$u zZG^7#w+Hl@9e|_93khw1Mn2|Lrl*Xx>=LWc;DSLmR?dnEk`BI1@(D35Kq#G#4N;+a zo-ko#YbAgJ=wfe#6d{yr;k{ePv)|$^z*lmBlyogvd)X$o{c*3H@p9RU#p}FSR1(w4 zyfBgx4q^f1xsrQ^{QCa%cL`IiUb307ODz}o08-GDo897WW@|@X>ta$G-LE6&;k#%$ z7%-Bl8^C4p6bPeN>9(JVKE^^raG-WWh!}uw6W;oUY8bAEDdB#TKXuJ42{36;uC-Rj3#xow#k?K4 z+^Z_g_L5?i`}m`9dW%Q`@W$Hi00h<88;f(if#ZozB{+y8hZF@8ew%_Qt^S2kjc#_f98b=Bl{HqoSUH( zLP%s^UQ>AC4HIWZoO`XiEyz2|l~2QN`o{39SMLjHn}a!8^%zNXoxhV2cuW8sm00Z7 zC}y`vNjASL%8LwoZDKG2kUR|TCJe+%m9cGDt)5o;lDGuBI%ql=$q3TV0OFj75G0#t z+5gaQw}YK7wX9H{{R7CsK9a#HWFxMMzx(LPXkhfiq3J7V_aP>XtfK+&bT9d}f&d5d zwYN4B;*X)swWoHZ06|SgDsZohdER{|n-=fK&fScpFtj%5m=Mu38sy+){Sqob7|}N) zYzrx$7#KFYMKb~fg9U?=wS?DPjJ@qB3#o#gllm4asp|K0feHWGtO4SJ#HgUSg(m)3 zQsZ(I-9ae#5X1=(G*$SevbK-plIF>&W+=-T6^#W@zZ3rG{M8QHsT)A1>d9(l%FWc~ zLQA5)gIEOFXWkNlywg8VE#43zKkpht*>twEt2j8d8m(;$Cj4WQ2atn?!>{IN7tUh& z_)=_V*X&#%%r^t@ca1S;p%tq}y%}|!<2vfFYH1|eb;g8$hlT*&WqQ^uC8c4UHI=xm zv0!ZxFw#y6pqu@juS5vqRXHXPL1? zc&pmKTzzi))~Nz|1w)s& zbAkvRr9wd-p}2keoewKIY^koV2j!Pfb1WW)|A~v07Syi#-^9fVo&pH!=E+phpCuYF~^_)Hbe3ap0v;&z8f!$m=Xp?QL|R<>`OX=|FdGGth2rCd5?-n?6x zlF%(K@Q9^*^Nw*@p(Kv+nT1{IG)u^7sYmAZh&5sbd{T*P7mwabKCYPZzzFA};_jIz&9YK25@vH=JGKpzp9e@zvAI>G zWzy7^kICHKKpa~q65p~vI+!NHS2_T?D~e6KZ`*yAkCyb5_Jw0)sysOoz~S)?Wo=id za}>7TJoKbwkJp!GJ@})8$=jHI0R)-T;&bzS@xxZxsXWugK(S9XTxkHF8)&cGA8nF) zGFQtJZj!`Fy`P85&;G;h{^D(oGXRq9em%=wuh`J2^F<#Ss|Q=ylqLYk$NfIydHs@x z7s0L9umhptG`lal4u**kvIfX2B^T$DQ@t#%;Oc9`2Ctl295(ST^hNikf;@sADl)m8W-5+dkJgb7 zb$I?TW$(Z6w#Y>S@FbnxdA>gs%ekSy%3Rj%wafzl*QSfkM=bbM$hX_x+$C?KJ~_OR zelUZKXkGKOo+=V2_O}{}(b85aP;Us8JbLbOUGAZcZ0-}gvt!=`=lTeqv{gj57rALU zyOEz;Bs4r_?9PfUNY-Hyx>CxF!@}}fXxBPF%kUx(ZeuV4i>4s2rPJ~B2-dr`TldvA zod^;sZmya0&xB<4Pit!UHIColnly5ib*0s)Xm*Lq+iQ#0B{cNmw@-fe9P(loyx>UH zJ+smg`Dtj)5sH(%zM%H7g^k@z&Wupz|4#!zwXjEJ^;AtvFo*BRbM^+_B?&w^@VqLni9SM$T54> ze{SWx;gEZ_EY)nvchO^+>wk7>Id{U<|IIE<*AE~MPTREI8cuuHMmJ@DU3DLyACVt#L2rZaDk}K%H#ZyvNmY0~f&0 zN2?r!bwnB~R7zwzYJTikhpRID84qTtcXug(tmn$vo5JU7#rD%?gl_g-yWVPY3&5`e z%az|dh+gWF&+i`Z*VFgI-9#BQ{_KW-H6;Gg3Luv-TmAE9Iws{AY$^u!l@H29=FhFxvNsy1Ejbn;juSpl_r`zo@NMMwImAcxCjszt+!-* z4SRlCTwY9RuNh+~=~G9`JHXsk`Q!kkF<@2EEpI|3lhW$5$(!A0H4oSUg5C|^X|`}^ z`!#7-Z=!A&?@r$n**}jA=B`>m1)v~H#vy!hV-cub&l>-InInr}?*Twc4_}m;d^D_Y zF3@(LxbZO}h5jxob@%t9hiT2mjRcTlK(J`s)N%U9fa})xChhj#XlAGYI8KC7(e?&j zcd3WlVB%KvIj+ov*MHUvb9c_v2YILY$4g9$Ka#KN1hpf3n@R?(AE~0MPEMcqIE`e3 z@g^bh%F44kpJg!`_x{yw;e8na_*6{uUAkRVHn*}ZE@<#Bv0qd7tawrP(dFLW|6Zd;3<^3UtI-{Q#F@v_;+>C|-#gu5&;XEgQZZ3Xf?qO*s6Zd14k z6+h}E6Y+Eg~%DR#+?kuNl=7tgG?A5-xLTR2;1Oevn}mxGvFylYRa0*iH299aYg4ahuY( z{(!>86=wFdbd!7hzcfg3KJ5mKsKp#MXTLA&(%J2**omtu(54LiFga1ZcQ3zThHND{ z(lq{YsHd)7;k06UqrCM~pLe!47scwh{~x>a-vyEXR1`6RKT{IOnn=caJe3kfUtPbV zBg;I*>)dGxva$M3KgM^!@nc+x2@&O3MB0^WFh?t%+#{GA=(-?)W42y)z0_`ICz(5- z)}G5|pV<+T0a;%X6F&vr#pmD2W9olani5YLk5+HREUWMe0tBi4?V4uE31$$VcRow$W<86N(w<*4 zzjjHSEFU1*&k|W|bJDxMk2qQ=eG-#D39q5$$77aNOsD{oufeIT@|^K!sh#UPS!VB> zaC~vs0a7~hjs?*NauU1}UCo!u4$5AK0_efI7-a+aCx8?QTe6Dynl-H#ej(xa9J!K6 zj;jDN{ME#xojDWw{fv_`VI#hlk!>9c+nwNAjDTnLL;&3hC04w<753nCP-W;)MpOz9NWT+c*)tRIrYk> z-d;e09PEZ8_N4e-z{4Qyjo37v>yg+)dF@VgFuK#)1OO;#uZDesr&=cALC7adXCJD& zjQXAcUbc-Q!OGe7C2r5kpS<3;F51|IDoFoF=kF*B(@uaCwxTp{DMFrI4Y?c;TTQ|1 zLuf_>AcqJBQVW3(dr^vXA4}>Q)mT;4P^m{JIv8aG!uJ5uvD&dcQ$2Xf5^I4pX-%8& zImzR308byh|D68w+r7Zl&$n<`$B*`xlnBvv{`N4Fpb97h4rE*X7PQ<#tHsbwuR(T{!Zfi>3N*L;b4-D>DwL=2DaQ#t@$XOb+dNFO=My*%|u+ga|0 z?Iq!F0J2sv6i#fZ7vGc|)f%O%Xujynh}JC*6N?Am1PJW zE3pbss7ARghr`v?CT@KeM#EB=IQz~Hfc$6LWt1jTRLuSO1UB-#FV%7(l_ttlitO9|VNTICRz9<6lMyGU5Rw7v&({py802 zO-;$3oh!pRks3|ZPxk-l{2gg52LYCjog{E@S{&?GB>tPJsr$yiig zh?4fY=DxSBJob2le*a+L>?h3tQdAN_6ow-iJVPE3z8K}xy^*gL1>l^~c!{q2IhAJ& zKShv?Yhqd6<9JZZ?0;BM9k`nQJ(2{#?NYVKC0F^QPw-(X1)i1u&Tl@;($pvsk9Wz5if&jbVy?0g> zXWDTupR+`LLY!P544j=#fC{STEFCH^^}XERGlWciJIwLp$5VhH6=m2aVf<13aYe~s z|Hr*v0yb>aPtp?|j3@$Q9{~9!me}$HR?iSs;+J=CpWf58xHFG* z-&0!ykfD{GFmX2iIRGg#WM)FT2fBLK60Upp?)XWh?cV{A{#ZG~3&{${#0sdO98?!_xxK@iyZVboy_+Ac7Gp0?kEUq?NFCIhRNZKBt!Qy0Hg$#ueNN(-aaGV@V2iePFzfUE&6yc zA_Q6<1GrcRy!A9~)2_dD#JR8bMbNd3*BL;L#qnJ!VgVsGT=^Hd0u)ReyQBZc&^f60 zmxD(>9;dmqdvgYW!|pHDtVl00Q&-dLifHFCQ;%r$?3Q8-X7 z3%wgGhL?3z6d*2i^6(Iq^V_in^Ad~Xek0{gVwwSv3gc;#NN&81!Nyy8H}tNqUyH{@ zi>|?>8`Kj3p3f4wb^$lsvwC)I{PpQV4M{%a2LL&#$-TiDZ~Rpq*+GGa%VI@Hl!j`w z^80?qq#F|D0L~AH_ceNA+Z0h3_YH^rLgse`+ywyn4#q#xJnb7MZ_2dLrYCmudC!LW zAG+~haCSX6fGeh4!zV+(vHgq)85$-tw&Y86Q3r6y1nXn%q@rPs1Le!5ScUjfOs`h| zNc|U_-E$p4{zi_ua~vv)uyXvHfmf%Z`yLvK0Qk9}sH+BFG){pf)d;T>Rv(F>@!}s) zBJEBZ^S=QlL0JG&Wjl7f&fjbyqi2se6HORd)8wQK5Tt&een$43Q6I0>`5|oVT_ zjn)QIrt8c&=N{S}Ui2$B14w~R&7X%d#5guz9bcxl zNc&x0*+*+DhzUxfX#wOtxIcntVEkriNQDFn>V_f$EN-TlB#V%4h7;k83t2oUt-RHpJ2JBKf6BicKIN12vx zCZd9We(PWYj$1MSjzIe31?CA}K^Sr>1zTr?JY^tP12D{!daQJ7l|XE`bAgb9P z7i?_)kpT3O9hL1d9ugiP*S`}KG;)gFS1B3k{o&ppd7Pl{5_lsy{7U0nx2}sBdLf-d zUu}|^B}G+{laJhYhpU1ed3nj3>>`c=2h%IKHTi?~Ve;!40y=WLxATlE+oKdsB%{`; ze|$Xh!U(gtsxe#q0Q3T>Zs8;Uz;^#hi0pDEUih1Oi)e!V7GEn0y` zn^#GsW1LjOFu}Rk0jOqmka_upcy{Uxj@Lc6bw1Lbo_@Y;bIU(>?CZ_!9{#lv)_H;Aj84pRLAYV+YJ*cAYKC`hvsU>osF6O z=WawhA_{~?`K>#u018y2dvuPdOhsq*VZ2n$`Yf#3UgbVw5WP|hAbp|JoKLT0Zx>C94!u>C z!qXejZw5%=>l#+MYFDY^TXc&Qc&G+F&E`-aD<|VIYIuv%kvMbZg#wq+QeriLl;W{J zF%oYqQdW-?#7q0yi;5OB0LY)56mltL?!ECw-2<9!<$Jk)ao~@R%;^XJL>G5F@;lt_ z*4A%Y0Z0*~*LlGO&xV-399)$F7sb*Q5@i4<@f=%}5o6OA*VWs#nCV#>JhwpaVs$3r zpS&T%C0fVx^P6@BmjHsUU*vMARW{xQpU$Uqu4-FKR2jAaDV!KHDE5&&;8cwXow|lV zNHx_a>c{5E$2SJNary{ggaUH}mDATGop$a)_Vevd$thLQ01C3TuKht{@Iv3Obc4k_qP%1$^XmLXfzs*mWIL!0yOIz=d7CYvI?ts6f{tpXGw0~arrM)(5i!d0Govn9 z=sC9IITuhmB_xmPjwYUQGv5XXDlhwFa(3&AzAjg>>z4N7=X$&(@3)Cg)EBIHls(SzgJX zYos*_T8F&l8mX%WNoe!hj7&l4On!gC%+@s0YLN_(d`HV?{O`R;WH)W=m5@Sq@a%MF z0=OlJZN;PV!iHIU+}P7OCk2r)2{h;;E%Z4QrPErBg*S{laD4hTK+x8f4`02$%{ZwX!1-*t}8OW?BR5=d{=TxHQbz*u@uP&mxFiw{*+SeKe{~AJe z|8mXQS4o}(Q1GYdn%$wpsN9jdflT`8{=Omm^M8JxV0uu^Z2^Lk*6YeuR)}ivz54E} z^+@&6c&9}G_xn_iKNQ5%puAD4dKB<5k$Tbq?Et8>{^@^UTP|x`AaAT~^YupnQV%~= zo2V^fd!i5#wWG`_cJ&Bf96%oVIy9e!B!v|r+KAij>^Z{u8fczRX;(us)b*LVY&hZ# z-mEDu0=S^wMBZ8FgKcUW5PIHB9~;zcrUKynl1F1VUvit*O_|**-KHJU3FJe|DU%^m z_=VDuuy`X4KUs`bxB?L8zt-2&ls`Ar(duS4FldRO)t5B{aAFtvGm7b1{JW|je%!}7 zo{t=>MfVV%y%C4f5qs}BYqzmx;35woS8STjjC#8Vc8H@h0-IwW@J+`zF`08;q=`&TbKdp>TlH>o<*D?Q1j zA|nUz1E&1s=k(oc`QfJ}3ZQ1ooZC0i+B3*d-rq!x$9pYqG3xQ)Q_9x>ZmNEHzV1rO z$nM?&nbD4vU(f0C3V;;EmROT0PQRzh{q+%V}O#S}gOBi**x?vm2ld6Z%W*Yy$JWxnJd2H@d=@seS(@8bo7+x*na5wF~n zAEM_i`aJw+-w5aa&B( zcdDj2$0{;V3?L<rFw;%2K&Y%KRPS$;lgBUfhi*^bfT4JUBIGq3~^kbQf)X>s4@;Mzt&gjvX zJ>?`xkawC4rJqANOY+!iUGKVr$bn3;COr9|Gi6{jGzKHid#EBvR1#mLCuN>=aSo7boLc zc*>6&&(iTv^NS_lY+u|0aQNAyD6+Nc(K7>$L|a;s&TDa%mfkqAAP;Qn?B|5F!$ll@v&Pw%z$6~{ip^}R=9 zL82BB3m}=RO1jR8!V9|P^xxgo$?3nREumauC-W*W{Aa!7AS@$7NA-8_z5>WsiT=_u z=aQr{R?Rm$9f2+R$f&s_%#s+oY z_oBm~4*_b5mePTup8w zhS&LFuk3NyAAoe*+i=5!7BhbFTIQVkZstFx@Ve{|v6F53 zB8ZI-P(xDfOg$(VvJ<(#4B%9W*5P`J@~pnApC^?DcW=0QUugyKheR8$46-Zjvi%lD zaxTO14t875{z&~7_;=w2KuRuEJxlyNy51eBJikgPg2yD^vjN~rmzmTo829M3|6$eI z$28-jkIg;NhX2ft?*B^a#Ko2tVhY2i#X=49{~TjSHF^R_QAd)ej9#h&=G4=|eMiT` zPrl-|fIOmoz11Hb#ZQM1zwJG>|EzeHc#h^jS)fGtr*TfSWal80ElxA`4Ynt$yJ{=d_QbbZ|b`7dawf+DU&B=H+bX2muqo1 z^?cqcPUus}{l_S4U}^0N4splru&};fJOvUvtn0%_jX!$Dat7$1rMad>dG6Wv7iK(a zZT}Z)vEE4%1#>0lQ{0Ok^s`nu^nGpo@Y?*y?A^fE(J|^2emA)%SOx2z&nA6XNQ}=B z?u^G>lJ&@bRcyqfXLgysb>g_4*|qE53U&N^ZEep$-S>&Fi_(4g3>oP_g>0lRad4yI z4?>XXI^&DFfG5Orl>W`zZrR}e3Q0zVwQ`yAh#)p(f<LJ|U7 z>0xSgu77kei6{F{04b+E9KP*SX#^iWr2kvV&!^Pk6h9d@;6go=Hy^Q{XH;}DvvXuLv$S-#^6+4Ec42gM zakjB?XSDWmw(zubaW->ApNP#UfD{hwr|DFLqLj+JFPzP2D~7>@$7%uOBM{-FQ#A;sgZ3J&&sD;Q*6?)zX~}p+J{Wrwpc`pY zL>=&IY{bEw@?V&+>Nou3fPiBx!u{H_ZjEN|&SR15C5}hi=Uwts;nue(m0o#+#gblM zA8q!f%k$x`grMXv;(5*pd{e!2zMru(Vb#4+Hab@&`M^!G%Gl^^-E|Bmd|BO(QQpki#o5ln%<-QEJy~E5MogQr#mV1c9PP)% zp~etEP|Di4QVcI~!pl!c8kMoMtElYdb|LRcyV*% zC(S~Qs`va=35bRDD9Ljez|mRhxYF?hB}-Jq><$f&NtFt}|2!$6{ZFN{e_nT&&>tG^ z5&&5uOaY%oyif|ML{D%!uI+`UZ9I^RdrpP%8g5j$g{y(-CC%*R6ftXqKMxJ2(|A_| zz?}y)VsGwXjdrtNlwIYxpph9u!3MIiu<*Ozmal4EYT6wfCY-*Vc;y()NsIY95t9H& zmUjbwbF6SS%L?LoxXBYI*CT5+0NM9vw2JF&s)XkRz8f-9K?vJ>qB_C+-gf2f@dr@z zIw2J}EC9YwLFgb~Y8evOw|F)6=k{Z6-vTWFKMB`#37-9Kpa0Wh(lVFQAtl2bt(hL? zYiamCfIqn!jlZ@H#!)hZGpcG0}LQBbcb{|2oghs ziXhS*(kYF!ba%%LE!`>IQi4b;AfS{W-EkkjbH01Lo^$SBGqdM;)-!vrwSH@_{q9){ z$fo81>*hIe?~;Ec|Jms2Y}`z-E%%$8Kf=<05|D{9sLti|(^A(~`s~2j(w|rrC3^%& zN1Cty8u$!pHUw$@L|x{`BKKOf@xSE!8J0Y&0k{pO`KOp4>5(ZxxDqC-=}^1X&{F_W z%Vt+^+YX4ue9)QuV4b4y-6j3&zjmH~hNX>GAe%ZG1uW=D>wYO1Jm)a$RM6J^_%Q&N zd`=ZA_;h)?Qx@5!eI#{kD@A7GH#y;`pnHA&-Pm$!5P&QG)KzEV45Jb#5TeLmmF~90 zmx}_jAQBTJwSt;aO>YaXS`b&*2t!HE-{$oPynTWJxOtuoA6v@VE%mwo2+8*H0**^# z1_0My`5tSo4l5M}?d{M92B=%mzMTDk;ElBd0lI67B@~ji1WCcdfpYRAzl@wxP8DIl zC^^oOh=whn(wQAogjBDZwwmrbai-)eb$jfr?(POYBm3mV8m+&1B08H5#8A5HDLmZx z>M3f^^{jQwT`_y*CQ=1v`GpL9p$jr$*9^%ids>;y@ASFnd@9;Juuh4b`DiKFn-Vs! z{DX7~S#`=4zZvn+O`yU38@<|(FFwvu#W)4woIqt1xvq?F-4TL!MJZIe4Mrv zFBTj@MtuIil3%8*MDNtqh+VAr-QZt9evHf$TX0w)G4!dSKj55=fb05yb&K-K{R$@g zh%jo(0V&At$~Lllhx0!&>87M#4P^)vA+4>K{uADRe3mgYu`;&*H-MYMUj6mOAKeE3 z^mS!oAe)Gbe3dj<)iCThxRLI)$FLE8wFH1zWiPJe*HL+(&+RmP8YJ0*c5*({=TzSaN}i&rD2jGr0Em$D4=5KmR7p!!i2gnJ zC*~F6rTl-H)Sn1gN&yfvnI*6Xt5t*ZE5`L!R~v~z-l!%3;uH4Vpz!t>>zvwz_cEne zCtEesZ?q%lG6L5(E${L!r_tuY=_4gs}OQHWNnF zF#l?v^EXQVK)@sefJl00g(d@zESv6hj&El90;He_o&Y%ya~!SX5&35iHP;_W{2ZTb znvwXe8n#Tl&|l3xq8RpYu)3ONX!8NMPFQLT0iE~lbmBfiM*11QxMUF(fXMd6^(`JE zlpjqVKb(7KEmL|Ke}6;lpTFl%l)N4U;Jzy|9c>lzEhC;JvuNODG}!EjA^)IlR9i;E#Ip8rwk5qdZrU&NyD!CES`dcgG@7IhCjg$VB5mkQQsp z6+IZYe~h30>_gT*KizL~{y@os;eE3jo;XG%O&eOm06c6g6|MRKsS*IL_3gp)}+v!Hwdb0Rr?xijlV&hI90Jz+D%m&lC*ZsRc zCKMB5-#J57k8A%QlprD@K-NV@J$Y!e=krW*6fg`+#z+kEYwvXK(mo)K^fRhuX6jGT zbEG|u{ZK~uhMcTqsqGeStW>awK5}TF303QnlO9gG1c~=`3RhkgG%f3J+GTH!!=Gx+fn!}{n7Pnm6uaI|Bv?}{urBgJ zYZ$FUBji&x^`PW_pvoBvtpL=6wL!Fl{qc;og%^;?yRq{EQ#%LEUn5rwT)wL$c|G5# zFH&>GY7U79eYDjkSZYDS0*eVlByhn%y-So}b;=GW*Q#D@dFC8;qGxS{hLDrIXwr##;7J*shqL8|u&Ie?6c zd`mZlY7P>P`IrN5fkh$zxZXupSNcYH$EhcZNsHtKZF$PQ$#^+^neZ%lk@J1Kl#xat zD_elJ;Vp$!l6I3%NTA153WFva!qe({#c54oYYMyGDG)C0?P`9V!8|hJq*dX`V(ds9 zZnO>M$S!W1Se~p4YJ(1!=RHtEJ!o*MlnPS=lR!bhgTLC-N}!-4_gDb`sU?X_B9Kk= zO+^XQ{4-QWM@ni2Kp_iwgo5kf62V4x{J5;byi zqzesqn!GOhuK(g_-NB2D>bcjZNLYk)smHrcMazOFTs;N(S<_Mi5MyTZLd#5=>*J@7 zC~9|yvcAW}#p)U1^%ce><_1X-Bbg{{&GZi#JRYfc-TFD}OPS@Cqmn1A;e@0ZQ|!Ir0lGI&pTF+U3L z+TDKNZ}Tg$6NYT_Wdl&M!l%q)+3Vb2`W`&r#g}%OyoD>p7}ZcREvbWpaM$B<4OeMd zl^+In_@Z@SW|YXIW{f*#G&Js>0Y3^oX97}|bxz&r4XRRjE~l2LU?f4k|3~%1|6TPT zA^^Ba@9nvT+bMNHN%s3zSTx$nT*wOm?l_U63ST6yrg2VAz)p32t@@)?^Ir9^tI`c9 z7}!s-EZbZO>t5ka#eF=~7t@fZIahoA*gMsCuflDdh#$wa)oVTJqnrMSyu8A(3?(KPoFvtG~tqI3tL>B1&QW&jn)1_N{L zoF0Zl?+b0J!jW=noF4V2512QUF#GRstJkaRy(3i_Cc$}>2&?aeoIk zJYR+7WFr%mBr(ttxFJgSwO2QN+-29U%`yXHV(sGVM zMpM@;hlSk5iVtrf9To}?6F>7wRis-|p*pDS`92|V@l4cdpmvf;85S-~z1n>^9H#k~ z*W;jo?o|aM2ce*&RG(0+TvyU3VYjQ2H{ zXjf6z9CfVx((QGIcp{gPKGB0*8;%4D?z!K}8AvqJBpFUV89KdH9O0r1nZNdJnMA(6 zE-7>=Pb%ViGCcp9+tu%q=7exdT054*7kUCc5SGF~LOI>GASW8(NfwIS6UvG#YKz`S z`xw7dAr?-~Pkd~wWr(K1^?1wd7}E=jC#0D@chyV3saQC9Hh174K%piE z1*LVHI-wBbPO}x@uz8e1xbR|R zXa1^8At?FGBn1U;?sT@D@CZOgLA&Lus`13b)O`c>8%-ZufAqC8r&pw+2bau?^5Qym zu>Ds6;kz=E(%RRC0#$|OMZ<$|wGZ->YG2r(WMiKbr6^N>SP7UI3E_PFCP3EVbLRY)y)CYPFuRS9D8Gb;=^ z4(%vh)>G1pk7#T7ei)%g8xYUOod^kj4}L0Fq}k5M`C?&PodEX=iwiLn^95^+R8-qI z5~mn8!TgzaoMz4ET&~f>ZaXsVfmn)0#cDlz_J-bc;hh-H=^DeYgw9X{4ll36-MZoo zfy-YsAMqv&wWQL%zKwCZ?iNE3bh2wXc6Ds`_655tW5N74qAYx-1uze;+ zPGjkKfi83dU4_NCL>T;HlxK$hAlm}}tb9KfgF>&iK3syQ-9PbhGS=wn=OqBm@kd6>v`_Y7T3i*aijN6N-LJoA0}#A-QmFB(C<( zXDO&ea5k}>)uAch@@87PHJusfk-%QzRUWh)B6Kp>gP-nV?^e@>4g5fm$U&yWxmiuT zRO>ln-lVwhnF%b)P)-&#pSVq%6pRq^iBPWGraEhF(%swFof*fsrs^4C7iDVTqy5{D zjVk3&w!&Y>qR>rrXW&FpQgJ3i780r=9BN2a7T&=QnhA6X8Ap^}-o@$_xEveN)SDF2 z-zJzqYTS#dh@~KwJG5E15llAhcri4q0kN^RLZ6sJ%QfvE9Lwzo9S1y(ifz{EbE`Tj zwCy0{N~b>hRYaM)oy1f4s#Fe69M#g9SQ8h=@!ig*x?$#dr=@igC;l8^nQis)HnVhE zt&jehY79%NL_bn}@tif?ce6K_4~~Pr4E01I=jG~WXkHcYUoNQYP!-HHD;0E{{a7h@ z0obI3E}F;8Pw0;x>50ebFj`>zD*kzSPlLiWM%9i@(2GNWY2s7M2rqG zzpB1o)^f%OAM$%o;!iYbs6aNAe-5MVd}e2S6K#>9r5Bgx-h0V(q&%?X5ZWvh4Akv? z^@s9}48a}1WS?ZjRDYqY_{8J1!A=?1FfwMM!4evTb=?i-sLjlcu5vsNqlL*%n4_t1 zH=}IIJ)~YYF}rPc{VbO+v=DEpnzNqSxdyPMzhaePYfPH-CcSq<U?uP^NzZMsS5zDlEoI71kgv6x+Bh<1VlvEy3onzGqlSZHe4v{_R((h?W_beZk$fF zt#|GC1sAkG0c~AEWxC;B$af}Y8C6ZVdkkE56!|C5RYlQ;wc2aD3MZCJePkAbN%wdo z9|AH2{=?$Z3c?GVoBUCwqG~K1H{@UXaI+~wR6GVDJpCfrcDLte$Sn)czox%1EH|-e z#;a#LxIGEhpvgC27{Lpe!d{cB1-0OdoHX=dkOYimU#YX0{a%=DjQoK}Bb^8NcE^ANP}K0V(si0cv_5@^x=@3=!R+<#=pD`*WyH>oVcLJmAw>b*o5z1CaxJp+ z(|*8Q;RdD!AVPhW7#&_Ihr@q5OODCVf_~_XlLF~Tn4Lze5j7oHMu#>u6M7$`I^Nv; zE0vTS5~BS51mSK0fXnd;KEZQ8vEoOaLbpu2bxiFh$^>$FF({PG<~sXr!`W|?R+Odn z*FQ4VbN+{AVYacdx3Mx~p%MMZ8`wWy{#u&1En7*h2nnseb$9evKwySq{EfT1hhFrYv}SrUhqr?99$go3>b?ug~)e?>O{O^>}=KXFMKvTNqvu{s0!@kBWud$DM|6E?y%{in)X zpkN?UCy9kc=yjiUlAv^aoP9*f&x@AEcXjUYxRrb&U`IKSAm2Xu`Qb~+iXlw;y?6Ls zm8qF`6N4EKyhQU@c4)^EFXWXd^5_Rp#oF7gdN zHDg@hfueiDr$#MC=nz9}@~jVpr|Ixh#hzLo^(3Cb*P!ymjb}Y>vc9z~Z*`^dNbbsv z%HIca_$S%jE-GcYp}V=AdA`-yZhn+sZ#Repni~3<9%B-~*XZ4wpo#Z%O@t1;#%%#B zh$2A55Y>A~i$W8+SGpLB05S9`XLOSw-!k{rm>gd1A7dbpqA28%Zn4^?Je1ZS}<@2TnZ*E3Tn0^8)zju=s^P$-C-Bw1j@Lh;tp?JipuW2_=*j z*6@~09x8};#{^HFq^**!$T#j#HEI0t_vJ!4{YW}BE<}(bF2iiI_+;fQSWDE}BlQ2M zyyf3j9&iL8vRyepG+P&yVG}wGl2gcIO?Xd10Yv*xkz>72>w&uyDH^PX=9UVYix!hPG{^?9E4&Z3t?5^k6!7@&-&~G~J5nK;{wP|^O6Q)~N_Mz0WNy)_3~8q9rdz7Pa^pU8r} znH9C7@Zd<%qNMiByyFVGcWPHi&+}Nn)aQnzSkWU&297~RP>a$da>0BVwH?xiYyDHq zqweh>jt$fem9&9}Z-<$tuE5o*Mm&jMV$L;dEfD;QtopAjOJ+3VzR(F?pG}%tOlIue zJA2zLHYR0gbP?LssY%j?qM7koi(WZP2gLRk!@#;4B~&0F~%n*;y|O;1$vp zeaL-1())8I)cY_Ak^dbfa6$n7iq(}t!{2rZXeMJ9i^LjD)07Sa;IL!4HL5m>Dxl|J zJ#Eoybtz!*#r=7m<}pp@6k>k-AFvtSWGR%fzg2RFG4Npa?_P_^`R`tfdjHRZcf|s}-G-sTxJ0NVdRHWQi~LX^ z3wxZ6;F6Gzq&|Ff%E?IoZQ;?&^>h#xSPSQQKN2p`F)=Y;F3Q}`Xz}%tLv#J|c1nU2k`QN?Ko>09pQEKk8OWZ9nyW_UQK9+$!%rasI{?;~ngaj^_G-jMSS z9-W0o_0r2!JeP=mGH&n)F^#blaO(M7Ea>Gkxp)WrR>?;OF4%L@Sp?j;RjD^i&PV;q zsGPApQ&ZDvM?66;Oa8(iF{KbDI88z5r!C3!eK)MRncR29Ox|V}-(FThEGu|p6quiJ zG$4yK64X`4@y%}6DRIG%*^g-UaCZIMZ_qp1r^4WorA43I+NU&I!IS@jcS2Th_K@}0yN7D0T?KKK(=$EL zPeCNFi=$r6@xFG>P|tkTEFJFUfK|vwje@IA41SjqH~oV}qH(A`HmO!#l?9t_sw+Y9 z%L4f949|Na8cT|Koj!#FOBh<~n|!xK#ZJ@FDz}uUL&9id0V%5s2fUKl4tt6Vh4-5% zmy4d65D|!77fG{U^=XAHV3;i*)LEj8LG*r=9jNs ztzOZ*w6d_bvbUglYUas8BkFuV#s_n8GBdL`yRXH@Y5zt%93%wBM}h#fD4=_T0+A!5 zV4_3NK&XTebPP-omUPh9F}u!~qZ%J^eh-}6M;h%!IXo@gw8f%GJlQmU zbvqS1)YD`3Dl`fUpX^-rqmm(|C|FWoOJ>@hwyex+1k1@_=!~+=Tk^F1oJ7JY{Z6Fo zxm)U3RIUH&N1iFyVWAFp_lcGt`(Y?#r2U$tJYw#PuouZFVKcX>`1yGK16tHKI_>zG z{#7qW6POReFjY+{he5l>ezURJL}OiQJ~`oST8a9>aqLQ?OB~8pwxDld-)Gj;vS|@h zp?+2xWZI!C>Rr5v@Znbn_M{&CZyQSm^TIuUP(rvuY1f&vNm-gcF!AalX;Oc9LbSIz zKqTXZ8a3RHJc11O6`^x3kQo!&?53h6Vd9SW91U0&R`S}1or}dk*1wZt;!+QRs^eKv zhAaKDo)e03I(KJ??oJZ8(oUVG|DfQGYm1iHG$zjV0>8G)YYaLbBVXQ;w@ zuq8@O7fbo8_Ixlk{PQ>TTI0OUw2}pvUPNlyS%c|69#}!{LxmQOF2TKd)LL$!-sv5i zz79mYv)%+gj0-FNuZzX%4Dn0!r za2qS&jr9|LiSqZ6Ongyj;`QBDyYYKNosLbpJZCz$2bq-iXtTS|LEY+SrJ)r3uA;P| zPvU_9Y5vMa^@locVi?l3HT~(6>ikY}OyPv{i6P;y5>o2Rw&}``9-NfgnLaj9zslIC zeH+d2)o2#Cgf|Cl(E2lB21-Ylv66R|?^s-@dM1OcWG!Fy)X%5x3yXpjQ HsKEaK^B( - 7:4.9-1 +- new version 4.9 +- verify src taball signature by default in prep section + * Tue Oct 08 2019 Lubos Uhliarik - 7:4.8-6 - Resolves: #1741342 - Do not call autoconf at build time From 251ebfccea35b2e268e2a3c75b6b541b391be792 Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Mon, 11 Nov 2019 15:49:11 +0100 Subject: [PATCH 044/124] Remove pgp.asc from sources file and fixed typo in comment --- sources | 1 - squid.spec | 6 +++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/sources b/sources index fec68be..71240e8 100644 --- a/sources +++ b/sources @@ -1,3 +1,2 @@ SHA512 (squid-4.9.tar.xz) = ca3db39379ea0582ff28297dde21899d02916ea499fb9c0f86aa60301829b7c601bb21ee274f841555047bc911e878717b38670b8796e5d717862b7a285ef84f SHA512 (squid-4.9.tar.xz.asc) = f5639adab0724ef47fbcf65bfaf7c35607f2d7d0565fb872af82aa0d11a272a72477e4f951ed52f8fc3a0636ad82b500e4b2bc84680b87b01607502809c70747 -SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 diff --git a/squid.spec b/squid.spec index 829148b..05feae4 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.9 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -63,7 +63,7 @@ BuildRequires: libtool libtool-ltdl-devel BuildRequires: perl-generators # For test suite BuildRequires: pkgconfig(cppunit) -# For verifying downladed src tarball +# For verifying downloded src tarball BuildRequires: gnupg2 @@ -291,7 +291,7 @@ fi %changelog -* Mon Nov 11 2019 Lubos Uhliarik - 7:4.9-1 +* Mon Nov 11 2019 Lubos Uhliarik - 7:4.9-2 - new version 4.9 - verify src taball signature by default in prep section From f2f206eb6246ff7be2d7bf6a36bf8fef8557cc30 Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Tue, 17 Dec 2019 14:28:48 +0100 Subject: [PATCH 045/124] Various spec file tweaks and cache_swap script optimization Resolves: #1784383 - Add BuildRequires: systemd-rpm-macros Resolves: #1783757 - Build with ./configure --with-pidfile=/run/squid.pid Resolves: #1783768 - Optimize cache_swap.sh cache_dir search --- cache_swap.sh | 3 +-- squid.spec | 19 ++++++++++++++----- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/cache_swap.sh b/cache_swap.sh index 24844e8..2bc5ace 100644 --- a/cache_swap.sh +++ b/cache_swap.sh @@ -5,8 +5,7 @@ fi SQUID_CONF=${SQUID_CONF:-"/etc/squid/squid.conf"} -CACHE_SWAP=`sed -e 's/#.*//g' $SQUID_CONF | \ - grep cache_dir | awk '{ print $3 }'` +CACHE_SWAP=`grep '^[[:blank:]]*cache_dir' $SQUID_CONF | awk '{ print $3 }'` init_cache_dirs=0 for adir in $CACHE_SWAP; do diff --git a/squid.spec b/squid.spec index 05feae4..49c0ce9 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.9 -Release: 2%{?dist} +Release: 3%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -34,7 +34,8 @@ Patch203: squid-3.0.STABLE1-perlpath.patch Patch204: squid-3.5.9-include-guards.patch Patch205: squid-4.0.21-large-acl.patch -Requires: bash >= 2.0 +# cache_swap.sh +Requires: bash grep gawk # for httpd conf file - cachemgr script alias Requires: httpd-filesystem Requires(pre): shadow-utils @@ -65,6 +66,9 @@ BuildRequires: perl-generators BuildRequires: pkgconfig(cppunit) # For verifying downloded src tarball BuildRequires: gnupg2 +# for _tmpfilesdir and _unitdir macro +# see https://docs.fedoraproject.org/en-US/packaging-guidelines/Systemd/#_packaging +BuildRequires: systemd-rpm-macros # Old NetworkManager expects the dispatcher scripts in a different place @@ -110,7 +114,7 @@ sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented --datadir=%{_datadir}/squid \ --sysconfdir=%{_sysconfdir}/squid \ --with-logdir='%{_localstatedir}/log/squid' \ - --with-pidfile='%{_localstatedir}/run/squid.pid' \ + --with-pidfile='/run/squid.pid' \ --disable-dependency-tracking \ --enable-eui \ --enable-follow-x-forwarded-for \ @@ -189,7 +193,7 @@ install -m 644 $RPM_BUILD_ROOT/squid.httpd.tmp $RPM_BUILD_ROOT%{_sysconfdir}/htt install -m 755 %{SOURCE6} $RPM_BUILD_ROOT%{_prefix}/lib/NetworkManager/dispatcher.d/20-squid mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/squid mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/spool/squid -mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/squid +mkdir -p $RPM_BUILD_ROOT/run/squid chmod 644 contrib/url-normalizer.pl contrib/user-agents.pl iconv -f ISO88591 -t UTF8 ChangeLog -o ChangeLog.tmp mv -f ChangeLog.tmp ChangeLog @@ -225,7 +229,7 @@ rm -f $RPM_BUILD_ROOT/squid.httpd.tmp %attr(755,root,root) %dir %{_libdir}/squid %attr(770,squid,root) %dir %{_localstatedir}/log/squid %attr(750,squid,squid) %dir %{_localstatedir}/spool/squid -%attr(755,squid,squid) %dir %{_localstatedir}/run/squid +%attr(755,squid,squid) %dir /run/squid %config(noreplace) %attr(644,root,root) %{_sysconfdir}/httpd/conf.d/squid.conf %config(noreplace) %attr(640,root,squid) %{_sysconfdir}/squid/squid.conf @@ -291,6 +295,11 @@ fi %changelog +* Tue Dec 17 2019 Lubos Uhliarik - 7:4.9-3 +- Resolves: #1784383 - Add BuildRequires: systemd-rpm-macros +- Resolves: #1783757 - Build with ./configure --with-pidfile=/run/squid.pid +- Resolves: #1783768 - Optimize cache_swap.sh cache_dir search + * Mon Nov 11 2019 Lubos Uhliarik - 7:4.9-2 - new version 4.9 - verify src taball signature by default in prep section From 5437623b5ee8edda1a7bb847d822323c104c2c28 Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Tue, 28 Jan 2020 17:05:45 +0100 Subject: [PATCH 046/124] new version 4.10 --- squid-3.0.STABLE1-perlpath.patch | 2 +- squid.spec | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/squid-3.0.STABLE1-perlpath.patch b/squid-3.0.STABLE1-perlpath.patch index 0805fd0..087469d 100644 --- a/squid-3.0.STABLE1-perlpath.patch +++ b/squid-3.0.STABLE1-perlpath.patch @@ -6,5 +6,5 @@ index 4cb0480..4b89910 100755 -#!/usr/local/bin/perl -Tw +#!/usr/bin/perl -Tw # - # * Copyright (C) 1996-2019 The Squid Software Foundation and contributors + # * Copyright (C) 1996-2020 The Squid Software Foundation and contributors # * diff --git a/squid.spec b/squid.spec index 49c0ce9..ad01a2b 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 4.9 -Release: 3%{?dist} +Version: 4.10 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -295,6 +295,9 @@ fi %changelog +* Tue Jan 28 2020 Lubos Uhliarik - 7:4.10-1 +- new version 4.10 + * Tue Dec 17 2019 Lubos Uhliarik - 7:4.9-3 - Resolves: #1784383 - Add BuildRequires: systemd-rpm-macros - Resolves: #1783757 - Build with ./configure --with-pidfile=/run/squid.pid From e8453476a95038350f33c6de83556e43c46fb818 Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Tue, 28 Jan 2020 17:09:53 +0100 Subject: [PATCH 047/124] Forgot to upload source tar.gz. --- sources | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 71240e8..ea4ca30 100644 --- a/sources +++ b/sources @@ -1,2 +1,3 @@ -SHA512 (squid-4.9.tar.xz) = ca3db39379ea0582ff28297dde21899d02916ea499fb9c0f86aa60301829b7c601bb21ee274f841555047bc911e878717b38670b8796e5d717862b7a285ef84f -SHA512 (squid-4.9.tar.xz.asc) = f5639adab0724ef47fbcf65bfaf7c35607f2d7d0565fb872af82aa0d11a272a72477e4f951ed52f8fc3a0636ad82b500e4b2bc84680b87b01607502809c70747 +SHA512 (squid-4.10.tar.xz) = 033891f84789fe23a23fabcfb6f51a5b044c16892600f94380b5f0bcbceaef67b95c7047154d940511146248ca9846a949f00a609c6ed27f9af8829325eb08e0 +SHA512 (squid-4.10.tar.xz.asc) = 9a319a001275fcf1c3831bc59cbfd910a2d2d81e45fb0e47995ce723e99bc9bc69ad532871095944bb15709e175491dd70aaec25435b6e97ffd7a3a82fd900c7 +SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 From af7f6a39b73ad54acdbb82803e62e0be1816213c Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Wed, 25 Mar 2020 13:29:43 +0100 Subject: [PATCH 048/124] Resolves: #1786485 - squid.service: use ${SQUID_CONF} rather than $SQUID_CONF --- squid.service | 2 +- squid.spec | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/squid.service b/squid.service index 724f35c..1252756 100644 --- a/squid.service +++ b/squid.service @@ -9,7 +9,7 @@ LimitNOFILE=16384 PIDFile=/run/squid.pid EnvironmentFile=/etc/sysconfig/squid ExecStartPre=/usr/libexec/squid/cache_swap.sh -ExecStart=/usr/sbin/squid $SQUID_OPTS -f $SQUID_CONF +ExecStart=/usr/sbin/squid $SQUID_OPTS -f ${SQUID_CONF} ExecReload=/usr/bin/kill -HUP $MAINPID KillMode=mixed diff --git a/squid.spec b/squid.spec index ad01a2b..12771e6 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.10 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -295,6 +295,9 @@ fi %changelog +* Wed Mar 25 2020 Lubos Uhliarik - 7:4.10-2 +- Resolves: #1786485 - squid.service: use ${SQUID_CONF} rather than $SQUID_CONF + * Tue Jan 28 2020 Lubos Uhliarik - 7:4.10-1 - new version 4.10 From ca868d658e8b67a5eba5c76aeb7c47619c409407 Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Wed, 25 Mar 2020 14:42:03 +0100 Subject: [PATCH 049/124] Added to changelog which security issues are beeing fixed by rebase. --- squid.spec | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/squid.spec b/squid.spec index 12771e6..0b9814d 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.10 -Release: 2%{?dist} +Release: 3%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -295,8 +295,14 @@ fi %changelog -* Wed Mar 25 2020 Lubos Uhliarik - 7:4.10-2 +* Wed Mar 25 2020 Lubos Uhliarik - 7:4.10-3 - Resolves: #1786485 - squid.service: use ${SQUID_CONF} rather than $SQUID_CONF +- Resolves: #1798535 - CVE-2019-12528 squid: Information Disclosure issue in + FTP Gateway +- Resolves: #1798554 - CVE-2020-8450 squid: Buffer overflow in a Squid acting + as reverse-proxy +- Resolves: #1798541 - CVE-2020-8449 squid: Improper input validation issues + in HTTP Request processing * Tue Jan 28 2020 Lubos Uhliarik - 7:4.10-1 - new version 4.10 From c684998ac27c87674c5af627695023d0693d7f63 Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Thu, 26 Mar 2020 10:19:34 +0100 Subject: [PATCH 050/124] - removed grep dependency, substituted with awk - quote bash variables, so it supports spaces - polish squid.spec and remove obsolet commands --- cache_swap.sh | 5 +++-- squid.spec | 10 +++++----- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/cache_swap.sh b/cache_swap.sh index 2bc5ace..877b6c7 100644 --- a/cache_swap.sh +++ b/cache_swap.sh @@ -5,7 +5,8 @@ fi SQUID_CONF=${SQUID_CONF:-"/etc/squid/squid.conf"} -CACHE_SWAP=`grep '^[[:blank:]]*cache_dir' $SQUID_CONF | awk '{ print $3 }'` +CACHE_SWAP=`awk '/^[[:blank:]]*cache_dir/ { print $3 }' "$SQUID_CONF"` + init_cache_dirs=0 for adir in $CACHE_SWAP; do @@ -17,5 +18,5 @@ done if [ $init_cache_dirs -ne 0 ]; then echo "" - squid --foreground -z -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1 + squid --foreground -z -f "$SQUID_CONF" >> /var/log/squid/squid.out 2>&1 fi diff --git a/squid.spec b/squid.spec index 0b9814d..c51c0fa 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.10 -Release: 3%{?dist} +Release: 4%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -35,7 +35,7 @@ Patch204: squid-3.5.9-include-guards.patch Patch205: squid-4.0.21-large-acl.patch # cache_swap.sh -Requires: bash grep gawk +Requires: bash gawk # for httpd conf file - cachemgr script alias Requires: httpd-filesystem Requires(pre): shadow-utils @@ -195,8 +195,6 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/squid mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/spool/squid mkdir -p $RPM_BUILD_ROOT/run/squid chmod 644 contrib/url-normalizer.pl contrib/user-agents.pl -iconv -f ISO88591 -t UTF8 ChangeLog -o ChangeLog.tmp -mv -f ChangeLog.tmp ChangeLog # install /usr/lib/tmpfiles.d/squid.conf mkdir -p ${RPM_BUILD_ROOT}%{_tmpfilesdir} @@ -214,7 +212,6 @@ mv $RPM_BUILD_ROOT/usr/share/squid/mib.txt $RPM_BUILD_ROOT/usr/share/snmp/mibs/S rm -f $RPM_BUILD_ROOT%{_sysconfdir}/squid/squid.conf.documented # remove unpackaged files from the buildroot -rm -f $RPM_BUILD_ROOT%{_bindir}/{RunAccel,RunCache} rm -f $RPM_BUILD_ROOT/squid.httpd.tmp %files @@ -295,6 +292,9 @@ fi %changelog +* Thu Mar 26 2020 Lubos Uhliarik - 7:4.10-4 +- Resolves: #1817208 - More cache_swap.sh optimizations + * Wed Mar 25 2020 Lubos Uhliarik - 7:4.10-3 - Resolves: #1786485 - squid.service: use ${SQUID_CONF} rather than $SQUID_CONF - Resolves: #1798535 - CVE-2019-12528 squid: Information Disclosure issue in From 929622f85f7849d109b50685e45bdccdb9a3651a Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Thu, 7 May 2020 12:54:34 +0200 Subject: [PATCH 051/124] new version 4.11 libsystemd integration Resolves: #1827564 - CVE-2020-11945 squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution --- sources | 4 ++-- squid-4.11-systemd.patch | 27 +++++++++++++++++++++++++++ squid.service | 5 +++-- squid.spec | 16 +++++++++++++--- 4 files changed, 45 insertions(+), 7 deletions(-) create mode 100644 squid-4.11-systemd.patch diff --git a/sources b/sources index ea4ca30..91c4319 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-4.10.tar.xz) = 033891f84789fe23a23fabcfb6f51a5b044c16892600f94380b5f0bcbceaef67b95c7047154d940511146248ca9846a949f00a609c6ed27f9af8829325eb08e0 -SHA512 (squid-4.10.tar.xz.asc) = 9a319a001275fcf1c3831bc59cbfd910a2d2d81e45fb0e47995ce723e99bc9bc69ad532871095944bb15709e175491dd70aaec25435b6e97ffd7a3a82fd900c7 +SHA512 (squid-4.11.tar.xz) = 02d4bb4d5860124347670615e69b1b92be7ea4fc0131e54091a06cb2e67bd73583d8e6cbe472473f0c59764611a49561d02ab9fe2bf0305ce4652d4ec7714f26 +SHA512 (squid-4.11.tar.xz.asc) = df90af48cf32b4bd8ad3803c363180048fadacd0b1dbee4b74bf7fe2ce9ef2a4fda1790ceb4a4e1ec7c1bf66b323e3975c05a7f6dcb697c445186f577cfb16e9 SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 diff --git a/squid-4.11-systemd.patch b/squid-4.11-systemd.patch new file mode 100644 index 0000000..0ee7fd7 --- /dev/null +++ b/squid-4.11-systemd.patch @@ -0,0 +1,27 @@ +diff --git a/configure b/configure +index 17b2ebf..9530f6b 100755 +--- a/configure ++++ b/configure +@@ -33915,6 +33915,7 @@ done + fi + if test "x$SYSTEMD_LIBS" != "x" ; then + CXXFLAGS="$SYSTEMD_CFLAGS $CXXFLAGS" ++ LDFLAGS="$SYSTEMD_LIBS $LDFLAGS" + + $as_echo "#define USE_SYSTEMD 1" >>confdefs.h + +diff --git a/src/Debug.h b/src/Debug.h +index 6eecd01..ddd9e38 100644 +--- a/src/Debug.h ++++ b/src/Debug.h +@@ -99,6 +99,10 @@ public: + + /// configures the active debugging context to write syslog ALERT + static void ForceAlert(); ++ ++ /// prefixes each grouped debugs() line after the first one in the group ++ static std::ostream& Extra(std::ostream &os) { return os << "\n "; } ++ + private: + static Context *Current; ///< deepest active context; nil outside debugs() + }; diff --git a/squid.service b/squid.service index 1252756..6978032 100644 --- a/squid.service +++ b/squid.service @@ -4,14 +4,15 @@ Documentation=man:squid(8) After=network.target network-online.target nss-lookup.target [Service] -Type=forking +Type=notify LimitNOFILE=16384 PIDFile=/run/squid.pid EnvironmentFile=/etc/sysconfig/squid ExecStartPre=/usr/libexec/squid/cache_swap.sh -ExecStart=/usr/sbin/squid $SQUID_OPTS -f ${SQUID_CONF} +ExecStart=/usr/sbin/squid --foreground $SQUID_OPTS -f ${SQUID_CONF} ExecReload=/usr/bin/kill -HUP $MAINPID KillMode=mixed +NotifyAccess=all [Install] WantedBy=multi-user.target diff --git a/squid.spec b/squid.spec index c51c0fa..b59ea45 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 4.10 -Release: 4%{?dist} +Version: 4.11 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -33,6 +33,7 @@ Patch202: squid-3.1.0.9-location.patch Patch203: squid-3.0.STABLE1-perlpath.patch Patch204: squid-3.5.9-include-guards.patch Patch205: squid-4.0.21-large-acl.patch +Patch206: squid-4.11-systemd.patch # cache_swap.sh Requires: bash gawk @@ -69,6 +70,8 @@ BuildRequires: gnupg2 # for _tmpfilesdir and _unitdir macro # see https://docs.fedoraproject.org/en-US/packaging-guidelines/Systemd/#_packaging BuildRequires: systemd-rpm-macros +# systemd notify +BuildRequires: systemd-devel # Old NetworkManager expects the dispatcher scripts in a different place @@ -100,6 +103,7 @@ lookup program (dnsserver), a program for retrieving FTP data %patch203 -p1 -b .perlpath %patch204 -p0 -b .include-guards %patch205 -p1 -b .large_acl +%patch206 -p1 -b .systemd # https://bugzilla.redhat.com/show_bug.cgi?id=1679526 # Patch in the vendor documentation and used different location for documentation @@ -158,7 +162,7 @@ sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented %check make check - + %install %make_install @@ -292,6 +296,12 @@ fi %changelog +* Thu May 07 2020 Lubos Uhliarik - 7:4.11-1 +- new version 4.11 +- libsystemd integration +- Resolves: #1827564 - CVE-2020-11945 squid: improper access restriction upon + Digest Authentication nonce replay could lead to remote code execution + * Thu Mar 26 2020 Lubos Uhliarik - 7:4.10-4 - Resolves: #1817208 - More cache_swap.sh optimizations From 6baf8d4fc061c45c223499eaa79252a8e374c63a Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Mon, 15 Jun 2020 16:54:59 +0200 Subject: [PATCH 052/124] new version 4.12 --- sources | 4 ++-- squid-4.11-systemd.patch | 27 --------------------------- squid.spec | 5 ++++- 3 files changed, 6 insertions(+), 30 deletions(-) delete mode 100644 squid-4.11-systemd.patch diff --git a/sources b/sources index 91c4319..82f0b74 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-4.11.tar.xz) = 02d4bb4d5860124347670615e69b1b92be7ea4fc0131e54091a06cb2e67bd73583d8e6cbe472473f0c59764611a49561d02ab9fe2bf0305ce4652d4ec7714f26 -SHA512 (squid-4.11.tar.xz.asc) = df90af48cf32b4bd8ad3803c363180048fadacd0b1dbee4b74bf7fe2ce9ef2a4fda1790ceb4a4e1ec7c1bf66b323e3975c05a7f6dcb697c445186f577cfb16e9 +SHA512 (squid-4.12.tar.xz) = 96fa700a0c28711eb1ec5e44e1d324dc8d3accdddbc675def8babe057e2cc71083bd3817bc37cbd9f3c03772743df578573ee3698bbd6131df68c3580ad31ef4 +SHA512 (squid-4.12.tar.xz.asc) = 3283912319f5a027b4c9302f3ed26082d7f22e3797b39edd7eaa3df10904fb170352745a0dc1eda50c4c669b2037d9c596a8163f827f5060ec3ecfe0d6b22b27 SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 diff --git a/squid-4.11-systemd.patch b/squid-4.11-systemd.patch deleted file mode 100644 index 0ee7fd7..0000000 --- a/squid-4.11-systemd.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff --git a/configure b/configure -index 17b2ebf..9530f6b 100755 ---- a/configure -+++ b/configure -@@ -33915,6 +33915,7 @@ done - fi - if test "x$SYSTEMD_LIBS" != "x" ; then - CXXFLAGS="$SYSTEMD_CFLAGS $CXXFLAGS" -+ LDFLAGS="$SYSTEMD_LIBS $LDFLAGS" - - $as_echo "#define USE_SYSTEMD 1" >>confdefs.h - -diff --git a/src/Debug.h b/src/Debug.h -index 6eecd01..ddd9e38 100644 ---- a/src/Debug.h -+++ b/src/Debug.h -@@ -99,6 +99,10 @@ public: - - /// configures the active debugging context to write syslog ALERT - static void ForceAlert(); -+ -+ /// prefixes each grouped debugs() line after the first one in the group -+ static std::ostream& Extra(std::ostream &os) { return os << "\n "; } -+ - private: - static Context *Current; ///< deepest active context; nil outside debugs() - }; diff --git a/squid.spec b/squid.spec index b59ea45..82f07bb 100644 --- a/squid.spec +++ b/squid.spec @@ -1,7 +1,7 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 4.11 +Version: 4.12 Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 @@ -296,6 +296,9 @@ fi %changelog +* Mon Jun 15 2020 Lubos Uhliarik - 7:4.12-1 +- new version 4.12 + * Thu May 07 2020 Lubos Uhliarik - 7:4.11-1 - new version 4.11 - libsystemd integration From ea1251d6a4da3660f8419cefaebac63ee20b6c19 Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Mon, 15 Jun 2020 21:44:05 +0200 Subject: [PATCH 053/124] new version 4.12 --- cache_swap.sh | 1 - squid.spec | 2 -- 2 files changed, 3 deletions(-) diff --git a/cache_swap.sh b/cache_swap.sh index 877b6c7..77d06ac 100644 --- a/cache_swap.sh +++ b/cache_swap.sh @@ -7,7 +7,6 @@ SQUID_CONF=${SQUID_CONF:-"/etc/squid/squid.conf"} CACHE_SWAP=`awk '/^[[:blank:]]*cache_dir/ { print $3 }' "$SQUID_CONF"` - init_cache_dirs=0 for adir in $CACHE_SWAP; do if [ ! -d $adir/00 ]; then diff --git a/squid.spec b/squid.spec index 82f07bb..ffffe6d 100644 --- a/squid.spec +++ b/squid.spec @@ -33,7 +33,6 @@ Patch202: squid-3.1.0.9-location.patch Patch203: squid-3.0.STABLE1-perlpath.patch Patch204: squid-3.5.9-include-guards.patch Patch205: squid-4.0.21-large-acl.patch -Patch206: squid-4.11-systemd.patch # cache_swap.sh Requires: bash gawk @@ -103,7 +102,6 @@ lookup program (dnsserver), a program for retrieving FTP data %patch203 -p1 -b .perlpath %patch204 -p0 -b .include-guards %patch205 -p1 -b .large_acl -%patch206 -p1 -b .systemd # https://bugzilla.redhat.com/show_bug.cgi?id=1679526 # Patch in the vendor documentation and used different location for documentation From e5508b1e4f558fe8097fbc0f853e6a04f8fd0b90 Mon Sep 17 00:00:00 2001 From: Jeff Law Date: Sun, 19 Jul 2020 11:23:41 -0600 Subject: [PATCH 054/124] Drop pgp.asc from sources file as its in the git repo --- sources | 1 - 1 file changed, 1 deletion(-) diff --git a/sources b/sources index 82f0b74..1f508a5 100644 --- a/sources +++ b/sources @@ -1,3 +1,2 @@ SHA512 (squid-4.12.tar.xz) = 96fa700a0c28711eb1ec5e44e1d324dc8d3accdddbc675def8babe057e2cc71083bd3817bc37cbd9f3c03772743df578573ee3698bbd6131df68c3580ad31ef4 SHA512 (squid-4.12.tar.xz.asc) = 3283912319f5a027b4c9302f3ed26082d7f22e3797b39edd7eaa3df10904fb170352745a0dc1eda50c4c669b2037d9c596a8163f827f5060ec3ecfe0d6b22b27 -SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 From 404b587597239f4655ff1129b93372e7320eb2ef Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 29 Jul 2020 11:22:33 +0000 Subject: [PATCH 055/124] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- squid.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index ffffe6d..dfddac5 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.12 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -294,6 +294,9 @@ fi %changelog +* Wed Jul 29 2020 Fedora Release Engineering - 7:4.12-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + * Mon Jun 15 2020 Lubos Uhliarik - 7:4.12-1 - new version 4.12 From 10c78ac9e5d4d3d2f1b9432a489dc8a630cb0e5d Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 1 Aug 2020 09:09:23 +0000 Subject: [PATCH 056/124] - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- squid.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index dfddac5..8a99ea2 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.12 -Release: 2%{?dist} +Release: 3%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -294,6 +294,10 @@ fi %changelog +* Sat Aug 01 2020 Fedora Release Engineering - 7:4.12-3 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + * Wed Jul 29 2020 Fedora Release Engineering - 7:4.12-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild From 3563803dd347dcd835e3dafd73c77768de1c70c2 Mon Sep 17 00:00:00 2001 From: Jeff Law Date: Fri, 7 Aug 2020 16:39:46 -0600 Subject: [PATCH 057/124] Disable LTO --- squid.spec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index 8a99ea2..f6cfa30 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.12 -Release: 3%{?dist} +Release: 4%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -108,6 +108,9 @@ lookup program (dnsserver), a program for retrieving FTP data sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented|' src/squid.8.in %build +# This package fails its testsuite when LTO is enabled. This needs further +# investigation +%define _lto_cflags %{nil} # NIS helper has been removed because of the following bug # https://bugzilla.redhat.com/show_bug.cgi?id=1531540 @@ -294,6 +297,9 @@ fi %changelog +* Fri Aug 07 2020 Jeff law - 7:4.12-4 +- Disable LTO + * Sat Aug 01 2020 Fedora Release Engineering - 7:4.12-3 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild From 84255a49f400d0ceda5b5b81eb6ba33f6122e152 Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Tue, 25 Aug 2020 23:25:44 +0200 Subject: [PATCH 058/124] new version 4.13 --- squid.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/squid.spec b/squid.spec index f6cfa30..ad8cf9a 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 4.12 -Release: 4%{?dist} +Version: 4.13 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -297,6 +297,9 @@ fi %changelog +* Tue Aug 25 2020 Lubos Uhliarik - 7:4.13-1 +- new version 4.13 + * Fri Aug 07 2020 Jeff law - 7:4.12-4 - Disable LTO From ba95f2afcc5b37405b84f48782bff8b4c112ee4c Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Tue, 25 Aug 2020 23:49:54 +0200 Subject: [PATCH 059/124] remove pgp.asc from git and add it to lookaside cache --- pgp.asc | Bin 95203 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 pgp.asc diff --git a/pgp.asc b/pgp.asc deleted file mode 100644 index 2f745739ac76e5e140365206287b1de8b3feeb0b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 95203 zcmd41bx_@1mWKPoU4vV2cXxLP?(Px@1b24}5+GPOxVr?m1PiXg3GSBQev5Qx!q;C< z&z-8dRrfEbQ>UI<`#o#zz1F*TDi{)^)C3R&1`BK~`tO#+)!KfVNTzf$XxF}~bgZ-A z!&9zk&{&>ML~x>vrjE$z&I;;U)RJ>@f%%dM-Y*4B`d4+Kbmk= zI<%a9ro*iyF3-E^6`OyI>RlR_mn|{C)Sbiz(7*t&I#Q80_D;mI<`x!?*5*#c{KjwW zorIko&CTu1of%E-8SOj;BfxkdUx0xFWZ?J^&M#Hgz(jv+l z@1{T?*$W?DTDN6dB&#sE+E+I>Ki0UX1tQ6Jp}L34uA?goHG);FDigfgLVLcchYaWu zdl4EByi6sk|DI@$;L>V^F`I0DrHTYa_V(k&pm7yiUA10YozX(5IdWAC?a*DylnPDh z4@XNpBvKAq>!hTT$$~E(4fGABg{`6iNJ|ODAKU_if;ThMA)`BmDpxlrENeh7(NXZb zXpWp;s)FkHcfGP0Ei~8@R3xgAj7TvG#5a7;Hb8fnvLje#BRhfy)mpeaSe^;f+Y-?; zXo8KkA&Xh(nv{nCyG93KJ-4q|^X=)X}A3S4HfJQExj?74z> zGBA&ZYe6Wk^_O2<`t%211>tS>j@!nMds7=9C!0hqU30okeM8@ld2cy0<7Qkkgv|S; z0BU5}U2Uk&AF=@a$dg-307uiaUh!V)Fi!S;aO@&kTTYiOSt%L{2&|FqzJ<(IUgIFT zV4K-mmvRmItzP=Jd*wNXLzoly+uDWv9k6+v^75|^0R}#++xl%vf=74*G>#~wTGMRZ zJ-D-K)--SSNv1YFLAr=3D3ZXMgPRrY2`fXi^6Q3l-R(wmLppHJZYqtE(2fbiHLG~T z)F1L?i(3R8jsv{pM#NV=TO}rNzRpCSQ%OjT-`bnFNs+sJ!U%h*<)@TwUv4k@6GcpN zqmKWt8A`3{;9_k?%*Mz}tYU6!ZtP@EENAXPL(K2=^f}w#a+mX${>1-%?*2V-&k0~2 z_?8f45{{LmUBmYKecRmIa258oj2GcY!-o@#ZZwo!-o!QK30)B;BmNHgN8u*?NpfE2OXs4e6<)ny0OA z&QQuvcdzMKxgbJIQ6t#+XX8D;1dL;GhX)(@Vc|oPbOy;;B31SW3yFxuv4DrY{!CM0 z+ZMHq-d}!cWYJ!yBV*tBgAbY;UH}!|@c_a~1~crK#GT7o!rZ>OiD(QMg+7T|$BCX| z=7#KSU=JpbF-(&DVb4rEa*SuB3{k4@pZeD{kmkM3wp=jaLEyCyEj zdj4<3cxqne)X~D)~U76??#4DdEpSs7kn-9H!7>78fnEC=$=EoZaFD z6f^drPr*r$b#BpZSOf)!Y}wZ^b25Zdf1_C(F7B1=lL}%_Geex{_CU^SO_$rH?nWKj zL>ey*>I@YQODupC6+2dM#Fbay6&Jw&5p(PN zgKFxQ4hR!plDApJAP7^q#Iqg9la-HV+O|&pRFqOE{Fyg?MZ96CJ}b<5TSs$zWp9 z$=+fR>QQN6Rd*q3jf|8@{`YP}-%s>)vzno=C@!gplT=m%>AytVsy1hvUK*RksjLbZ zq(D#7ur09Q5Vo$KkhFsdEkWqwzY|B zG;;r+&aCHI`@$3!nB>&YB8=$KBugyy!qMi{sjRnqPY9w`^WdvMb?T;!5KAJFCH2}< zDNsT@m&RcE@n9Yh=S_1u`_M|LK3SvF0D;* zPH9>BD1oe@B^2T2mgi6$B$y-^#`chAi|;6tzeoI!D=%i$KAg<1j^av>cX{;R298AIcRx_iVQFBeBWY^vJJW zQzcJxH67MJwR44{nuw8##aQK!)jUe|P%ImAjC?*;f|@jUuIl}?QQi9;(HY*}6K zo83yMI!_OS?ponsL){ANi8(v1R-HA^G%PloCzn239#KV6$r@x$&SlG>SsgzE^w?ZW z>~)EqJKATF26ea1W!-(%+TSoI9-9x=+o(V89 z??RA~^l^C!KADLorUw0v37ZGH zm4y&wtvxA)Qta$PL=yQ0V%(5E`mA0{Ey&lFqcsm9$f{Zq?A6)!4BV$vA!eahJ2QfL z(T(FoL3bg`Hu4eJc#r`Hq3H10CWnyT4*3x2_%u$C_Y*VZv(-0>kf<9yGWV_RCVrmS zhwqw>;6!j`p;NdLkMswNg-Q2{YQY)6v0L`X6Ya_}Tz1mjabf*lskztqi~aL*02Y7awF$xEo&rF_QqfZ35I3x}jIDqnN zvugv#2Z#FA;egTn8DTp0i6L>pzyaugeCKJygNZaP89O7&RW*cp^nrm$WE$>^xWYH- zfx<+3?P0V`44W|tQo9S-JlE)~o>SIw;IyM<&kOBC(uz^02+L+2K(}KKr1199(j(2; z6h~rqJ$5F|*wnPYv)>@2>*JMV zKaNh#{G`{2-RplN2j_lUJ+IwoKo?z~Gv0tdUVlB{`>h3hPz19%Mvs+L_*%o%(!WLUf z4fKn#s^0X=L;2{oe2T=Kjq~)*(XK8_CgBUar0bpND`H0pGRjE>m!2AAS>68RekOqU zrHcs0<&~-rOuJIpy8^0m*Vr&vq$nCJ&t%&CAKT{RYSOG~ZMYaq$e^T(xOp(Gpx2U) zoAU43hZlLGt(2{oySBEL-rnfi@(ZXn40Ese^H-92Kq%@B+G7MzGq@FQav2Vdee4@}X!`=;h&jQZLGWNk{M3cGf#CL^FKUQn@sjTD{DI&pOffKJN zPFM^U%*UUeZVVI=Tj5&PdB&H1&PMfX`QKVx(-JN_EAEMTXPWv>?NRZ&sD!s|3Eq?h z*!3B;@V~=$o#s!tbh?f;ieA(i-s;9vU(`^Gwl8 zhY3Hl12-iZmSugF7qc2?_iF~ z`lVOq_?rn|`51+l1Zuh5%2AU@*x{viwo|R8L5?PcqPr|*lc6wr&2dFXD&viq~j%la2eVxF6%}_^h zH(mn4x%l|uoo<|iaD1IFT6pWM-Be;LSnpxf>pK1GFSIMn85yafy%uIK{7Zz)8i@c! zC~g{C6k+R^mVQ{fYWezANgRhMljJ$aPPJqxWKb zTP+!;wdzrc_aY*)$hVG~6Tp*QcC#G8nytbcYYS;P$A>1ndz4%J5-oYFySaflGNanD z@tr)lk+#iSw1(ewNjS&|D&(z5UWM98j|?|H#oWeTA>>wAR${3zFrgU47=OyO1FLcH z1<3mHIVl&s@TUn$Ldl{{qkciuTV^MSM{%5pzMrql)D!GU;Jcg^Ti6grL3~mzvbK*p zm&G+Oix+}HeJ?oIhzdMrNb~&)z2Mh?{lf>tf~mV$%84uW;1fLO37Bu2;OJP0_cX~u z*ZAjnOd+Cl72zH7MeMH*J(Rbbmip%mXnZ`FWohtRT&K;<$&uBYV?PJ-6(CyR%|Sfc z9KV#i0uiHJyku*NYPf`28YP7BC|fWmpwxqfgPn&9xfmghC)i4|i=R+R^xr&QEMap* zTzGE)bfrdmdoe)gmoVsESLQYi!E)J9%J@4CUbKdl?cV{xdwqPusKi~2?aYZa&7GXgZJmhu-Tv{9@Gmch!PMB) z%AC>O(NZwn0`dhK_>-CN^qcTvxonQ|7&Ck^j5?==sxWt4pW z1eD|ZQh%bayrH@BsmMY%JovC;c^jDU5*!7kMB;=E+MZ^GS4yLhk9=*ypV`AWa7K8Y zt(J{yvX{?ndJdsILS)167Fe}hVz5k+H{Qw9<6)8;W9>crcT5V{ByV@Br4jk zZbquKT>eR&ZSRzBblAOPS7{*29~#Sz9@{ewdB!L5fHy)s5t%C<$SQ>IA;acsI{Kh) zK2~6jf11cR@7Dy5^s6{gVSz%0h9;<*h9Jf3q)aS$ftHVmJUlW>*$Nw{EG#dEC9aqi zQG_+7*P27FzxpAAEq%2%r|E{^Ah6sd6Laf~Y-z`wu;+abt2-5{wB1kLb-g8#vz0L% zn?D-AOkC#G?k^Fp<0A+V-;1H{w>T$?q|4>0RR= zf(KuZ9hqa38C8KR*vOVvjw=v5kG=-^0!v5nf171M5O5)bMjO+HgY+ScIKfrNYmM_ifwe z=R3<92KTX6HK^vTPZ{pw%}U<1bY{wEir%g0rdQ4wz9nf`*NO#4xsY*OGl+9S;%yZK znj;^n8Q$D!FYIE0eq<}&bI?uo=n^)`FNTRTqA%HK6FD!~(|MLOPuVcHeSI&Ej{-S= zF0rpcK!i8?f zQsKCTnq1Z*Rs=1P)aH#$ab+FL`1IS5OQ{xaP?Cw;!Z zdPEM6?6ulv;G8X$L!*kE8be3dKLE$eKQ?y57sigjf z4j=3{&De=b_5%`V$D8s8)eUgcW-GQU;6kXUiF(h+9RKvWZvB3XQoC;-B#5A#vI#}6 z0V(`oe?z7r-(eTAx=w0Uwr>!Z(~;Fzp3AmS=6NzcYARZTmRwNlIAW2I`&ikN=n@+L zVLA?-=8zunL7)HOa3|oprOFU2_^NPawF91y7+c-|J|%Q05U*=j9TdX z(K9RmWqixcGbuMkLlek~Sm##Pu|T)K5V_{;8?NYq7O!FtH~qzVx{dnB<pmZ^ZOrAWy={YCD1PP#TR`HC;) zgS07-0LUT4Tbov;D*TWRWY@5!5CL&q{plG;b8P5|Q|ZkoUv&`q(kdRv3LPJPsK6B; zw7r_RZc3+bxnTjf2C{6UksLPfU*DKNT~l5c;Xx&S2}RI`BQ{S z0$B-s$&LZ#P4Y^d4Os<(fu_axFQkEVXiS}tjMqw2+zCZ^D2xHERkOh%&p4X;jZd5( z&GJO!{mrqc5&%f-Lx~K7`9N%~C*VziulIG>nj{ebnI$*mWP(KO$$B1PnBNZgeI()l@v6yUb<1ZQodM`4P6^Z|mh0Il+)NLUmCqI|#MsYR^}&`Uqr&i)Z`YRMJxFE1vg$e*g=k6{r;gvSQ3X zqV@MR<`lsTnQnF{8^=>F2k=u_mk*YvpGaqAJQl!&@ypT>VShdH@MCR z)n8!kwCGixrH~Ucf}3*TXt)RQ){qggz=|P_-pmn211s}|2y_;c+crKKLDa2jvHKi0 zl~8u0)xi1)Z?8M%6-{35)tJ?Y&t`s=yb(7dLK{@L0%QV?1h*^~j-GpCdR8kxQe}U* z`X??5DIo&APDhr0%4e%If*pQZW$;N)H+xXYi=|`$PykomK?`zKnj?DY2QJMPoUqA335qcf!ubb>}A7p zS~d(QhM?rCx9`)~u($ova=omuXtahS)IJ)pFKE1p&QI;IFT0qcaQ8NBoZg+`PLVw!eN3Kgy?w zx9N8>B=mb_sS+n)T5FG>b2MOoEV%k}Ije0EJ&?l%ndwNX+MRA)+J2s*6X%CVx3;I{ zoOjnM#Zo82?I(UFrtfphVjl*oMqUk6LPuRvHadw`ozD9Wo80w4>wlklCi8YK=t&*@ z{9bkDv#3X88X&7?PKRhFp>S{83zD4Rvh*g=dyOE|0jG4R|z4m z{xi-F7||0)H>MyArOL69ER5pbQz1W~I{_e1 z_}O^{NiP^HaRjRXH#gMyFzTS^oQ9?+&MLAe+%}WP&15D3k}`t!vP*UMM{ze~VxS|g zwlq%D13-!2E8i~(1dI%g(oWl+xG|HdkjSbQONXc+@Pq?Ua zIzD|<6Lfc^2uWin4P*+5)rSh3sI{e0LBrT%63}E=@CZNS=m!)(aYCSVwWk@z3sL<5 zkX`3;HtonnM<{GYN&Z0EQS!=GF_4u`XNzkF3ypL~x~KVLT(@^ZC8PWq$GCvviKFCx zuUyuw)HlKjWEHlVG9r_Hd$EPIBSDmHG?!Z2=>uf4v#_y{34LExlhV&3E?+F-e#Lw6 zjAQ*C@rkpPapzIZ3L$e~31lE#gkR$7q?{KI)-QQ1;cEA3BhLdM>rTNoGdh!m#B5`- zEXKS*R<`qw=bS{==bSJx0OS~lS=MgQX-$q><*Auq!oL6q-UMU{rs@dw{M4YYg7p*7 z`GFSDEi#Su=a7^#SZnyD&u6O5d`<43ZjV4#6vOI`gu=UAS-}! z;NA^cj^AR84Tnyb-FALNNIAUq_YokaZ%F&ZIm{tStT%VCKb?kr;Ar>JyZ2b%da>vF zaMmD7x8nCoHKb4>!N+~q#kQJyJ?qijLU^%h4vT;EsIDO}HXZ3zz$IDKAsDx`A0kRj z)4~vZ^qF)FmM2L?&dC=g1P==tLT98$`Q%rhvjcV(RT!1UL|++B`ZZ&#(nV?%x86z~ z%aJEuO)5t+SI?C%W&qb7oe(chAwqT2oplrD_oUK+;IRXydo&L~DxC4uzK-(Ww7+)t zfA>EAtM3)*N04}0Cl`H;x<%tHHmK+ z3fd0T$G?VZ$3EwvQ9W^Z_YdrPEu`-kHvy38Im7Vw1^o+N?x@6z9V?TplH^k$EA#Fp zyip%iz+I-6{cXt&oxWtxL%9C0qn+?SHP63Js^6VSI1P{iZ(6=M;J{CFTpV|dFa^-Q4zxgmNI01woikFD74#YPwu)icB27yR!rP8AnFw*9nXc{UbNwKJ7vq z1^}58b0EWLG$A*roe1AKSp8(`+P2x}Y5v-nBcH6j283n-kUpOmI@o0E< zU(EBpn&;&OvLYK+(b-IxA7n{}$Hm^v5gxNzV*#MIiM3pbKC%^WXmXfjZG%}~WO4gG z8Wt7c*S-U?f}MjFa;$k_UsGHd zAa*u%8+6)#{KFAfOw)Mc{GKda@PMqGPx}zL2{^&!i)>)-@l=l_VdWM;8h9?J-3J_@ z`PG>4o^-tEe)e2Qw7+nio;bfJiz_++6RiWG7J!1F=0MgEk zV2xotkfG3U)~^0+I!4D-hyI5nq5hNiiSv81=-2{4a*P;ioHMrm$(B*?<3&m7yoTs5 zflMkB%&M<3$=1&HltSGO#Ig@}xn9pWn))qIoZpiL8!?box(@VZ*nfQdhCfN(Vi3yC z)tm?eWJQ#&h=x;;i(zYJo)nrNa{Ip1vG~K0)EN+c;{2WnA|-&V&C#o6*-y=4Q*df& zr;|mcUt6SRfGmHzL@Gq^_nPGNC2gzDJU>Tw_MZ-?C+iX#3S8{fclRew#vRcMZaPzJ zbrJxi$&jZRoongOlxcoK>g;Z8v!(tK0NGX>OVxkZccQ)FgROQks$TgRi~NW4uam{N z001&j?{VC2i3{cC2;!$@ny&}Td8rG4EVu{YUlwd5pDes~Bp*s7OD|uUh!M=P=y@AfKLvaut|%_5O&nJJY_Qr3UyqasZ_9ZOI_ToDVB1 zr8VYM3**wVP7>_DrjvXiJPLnKR-Ux$y zGm(<=4cT|5so-Z3Z%srNIZtQz(o}4El7~e&+s~|n$VLpaA@-I7KTq&1*4TRO^vuiq z$D-6BTi*$SeSB8=8}3LwrO)_rXK;G-OrcG3Hd&(sviNc}dbKg5u)c_5qM_G0Qm2I) z2Rh*aGn+FJV5GlJQbZ_l(MY#%P!IsR3-A==2h_&&0nKvnSyWh{$j&C`lN@U^OWmc2 z$3Byh`@Mi+?a5GsXolW<;+--B(xbZ#chKEjk3oN5#r!)S{48R1g(F{oda8qNGi4c7 zy97bFuh7^C`w<8cuMsdAy~8qO!NZ_*%Dlp^u10iZWbjSA9F&kdM;9CwcX!Eda(}k=oz+% ziIBkI!or*GD6yV@*(yiA)g0(a8=(xR2sfI?M22lF-3oS;uKK2$mR?iB{w` zV!_?$NOV>=U0U-QO|PPLBoauS+)j2@EO5sJ;4UE))_(Ok!+n3N@>%+7W4;%OIKt}E zBdjU@m>7P4W`!uKC-<8=$I`&NIqECkJnDhNeHH8Mx>V&K?(bdZDBhVoCWpAnFm$B; zcngvQ#I-x*9Vb77YLgst;U?E{QLdwTcY+6uFF(_81hA0-o@$++$Y6*}2 zE>Z~z%%e>7kPhX~S1}bGg0xr7V6jfBq@X<$OVO-bls>)EShi-!SeHXT$%Lc}VO)49 zJnqf%7^-(c=e@P5v)=j=Lv`?JWSfZ-m25Uge$~WK%}APy;2Z)yofhbZVsI`9ocRMt z15BTn=GRuizIfP)G<%ODyi|Sx%_6(%-OxSFKOZ*Bxa8wyP0V{OXVP%vi_)G)$$q;G zM@tQApBv}3TWCwaD&5`aXn0f!XjD2RCfw{l%sJA~hg?yi02v3n5-8$qSF>6`EQfq~ z`NBXK?q$|4pVHP3!nM~q(Y8#V?2r&w2rfbmdTcQsKENKP6-`OHPiLU%^2`qGh1Yt< zZ0ajN7pX6X{_i4{O2FKsF<#epJk+2-skMhE8m4AVexhuM^`0r094m09LLw&2aSuJ1 zKpf}!af^=)9et0bdU(CxDBbP8TTo(po`)Ou!+v`am0GGO>F6fHI`6&aJe?ZRGOo4$ za`+gobm>4GV5AYCy!NP_0uncA+Y`P}SdKY7z5n2RYqGp)6`R~9WlJ_8ydvMzI9OnY9jap7H zQK&MRTKS>mk)=m2o{O|_XZm-MCLLfNrKG|ikU)#Wv>C%hxv82L^hf7+EdstB8#An! z*7QCf-F!cRlofsKHZaK**E=+hFHQJ2SIM%!tMPs~56Z#RH>VZqx%T;PHw`0}ir?A4 zN@jHDa*qyp%gt`fO(UK;6`}^~esn4PqHo81S=28`9_%}45fw!;kUA^)R&4QrHKp7m ze$b$Iv%|L6qW;i03H@`br*3M{Ahc_fn80Rj#}bPELU68UOH;*<1K!BbM#6r3|A@4Y$(R_VkNiYiWc;&4QVP{iPZ zRt9;Levi0UiZBb`lGr^My2k8_7yJq?7YsIGB7oS+5jXR0|DLlIjMnABeKJ$4Twx-1c>qQROY3)PcSVm_rxOQ70$A~68 z-nYq*);Mdsncg{uj(0y>FPiZ8jn0^rLwI%vsIV##Tkqhvl@TYGpLT6D9EHz*tpG$Qs(=IXCjHgj;8)yB;_?& zAQQ)buWD*G-|93at=BM{g1V7tDqQ@vJ<38> z4n(8hvgqXrPmsm$as$yckdnF$?mr#0aJygn%6#5v&Co^3%?)bOkd(|8EP_g|?|Jp! zebJr=11ANeK)ULt?sel!9O+c${lQ4HIDTjXkv{5WIU9fa$B1Dn()%4vpD^_4aV>mX zis8AuQ|%p=#f|7~7PjoLuUZO_R=wW3uN))1fU0DS04kg7}%%dzXsahC@?c}<}TO?ITF|K=Mtt~~B9OoGP1%|s9yi;Pi-0<&E z^MEI_W){zH6*rfC!>r2~BOEMV6g7eBWxTE~Exr+z!-$m1b7BisqaLf(jq)p`4aQOr zq(dbfeVh8QdE^olBW~tUP?)W@eaDA~59ov11&7#`M)_=6921X&_7(SZIAfbDW0fJE zt7PB#yC6o7Om@y?mOdvYS<#I%ft&j?UiKbkNijrYy_ zq9#A%{EPL?hYf(#%#2znR($0(EhHtG+Z&h0`6TK9khg`AB3PCGrW=84pA4bRsVMKE}qiVbQ(?#TTvu>@~h2Te-UtdnuY zQitm>fBunKOqQ|w>F4@weJ_FmnT*^x-N=N7QM4|P6&Y#Nn43@)?m$-2S5kraBem5m zj(C`d9f@J>(~_z`9LXIpk|)k@>-!Blkd*|wql0+lp9-S<1eq|}#%L~q?+Jk9qYc}c zATt|G?7@30NYE}6-?9JI`nG=J{IU#xHAeIRRjM2c>xE6`Oy#1?HSJb`@fHEJA? z4g;H2JKW&W2AH&d)z@FL7vZ9M=DJDg2mG3Ie_P)ufk0MC=yk4>DIf9$%@0%Dp_PCa zapGnGNRi&=a#{x!&5J;fc_O2TL$WV; zD*yikFKNlg5?U(GkdW(a>@HJA8QrvG$b{?%&E2mrD&aN{dx6TNM}B3P`&NJ?8A zAQL_UY2ff;g8c1KM;OZR1(-99yUf;8TK~P(tcwl#s70*&CcrUX3d#X5Z4LR2hE9rY zN>`gIrTkoY{t+JH;Q|$noKt)mvf#SSTT=6{9Ftdy%nU==%>u8f12hIJ+Hj4q6FBED zf2PFC;tZ-3Gg9$PR)5cn)$S^chch~!Whi9S4MVkrLh&gn ze>=?@9zX`7%yb{aZN`C6bjeqz#^R+DRm9Z(9%q;L2I7Yofh zbs>*+{HXrI*?8joHi@gl0Fc5|iAzyqx$h_|n+aAbdBA=4WpB4L} zUFYBS!i65$sl6@#59j~TB>u}Y7CKu1WUKF6|3u1;}Lc9S{z^ zCxKPbMPyL)`|$P^Ml9!F;`zTZn-%~19OjGy$jWo3^GAz{by<059i47r_N^&6ehJ7* zN^#$@K(>l%gsr~)s6Ql0{pGmvSv>zoruDx*t4XW?GT<#p0~R`7RF**Kw2Ol!EAlg7 zN&z6v!i3Vj?(drQyEQ(x{n`R(w~s4-;`!HSHKqpuNSx_(9haezAhj}p=P{rSrmjJ6 z7|05eoj>J)>eeG!*cea?71YLOm)?BF`4{tB)C(lQaHl|Ac1p@QT6pPsS&^P#7t&H(;XKL0kqVTpmPsuyK!sX96@|79{N6&YP3|_ z(J~=MW#No5)+Ic*=(Jp?&T$fZ9rJSzTgyTfy#(cr4Z^RTKKeAesER7qWrS*+XpW7R zIOp~ji@_(Yk?(pfut3k{TUXzWWh+-}q9`d-^30S#Ll-b&C$V%i*~aThzJE5N{d+4L z0vzU1*JOOA-8`CVK6CF8^ zqQ(&_#5mXm@dE*wJfQ^`b}EnjAeWtun4R)LE|;#j_+>aghyGD1yoKu&QHjoHK@fxo z&U2Cet(9%&3-joko}VtDEVNWmpgSa@PS(x54M+tq1MX5K4I5ehe5UVea78Q#-(E#H z0u|)hT@XJBZ3_FnFz0AlQrKe<>vl7a>%WkbabYsN{H!zGR`dx^p4Pj1!Ume@)k*Qn z_N}@x08XFh%W|y})Dn(Rx>Y>N^*&Q_uHXz2VP+IfIxQQX7-D;zrXhv;9YfdH!xX9g zz%{P=k)2oy(pnD3xSQ)8@`tX2CF-`#qF#kg+D$+m3}A!e!XBk^M1 z*S~fDQ5wMVT%><%Wfxw;0-#9AvNaCMErCxlcn;rVMXmI$31(Do>Ak{=CbV>N46%n+ zH0WCWdu#6BBRG_lou`rn)0CJ!GLj=X(_FwT&QFG=1X95kwox2QZ*?l3n<6Zc)0TAV zw6E#ybXgC*^qMZtblZvM>QXg`-ZkR#U9Un?91MOW>r1IfE8K6C^_D-A`zFu5ulKVc zcRFwK3cuk*K1A%~vMJX&&sJ-wFOi{j)fXa6O)+k$o_+ciG6HO;+gg`zHUhgopCJO= zk!39c1?J|G8N^u0Ed;nhp83Pic-S>G>Lw2s*}(C%9Su0K_s8ezyC#P3kf<#1eIV&r zbLiq7>WLVT;|83C5(L)Tj}hGDyAT%CyRCZ#4nX-|cP#jcd)u1NVJ}We4Itt;e>lGJ z`j|e1kkc@FxbwX-@}usD-gI>&Owk_=wC@&3f$deAM7=T#wnFu+nTdqeXw0}A@Tt-P zN&h}cF|?WtSV`+>*|2Y?@Mtb*=xEPH`nOj0P8!Suw_)&Ect4D#%GGHL(dR(0(bq^) zUwZYTINZz4jHHDZw$t*R9j4zB6>Pj?vS68^tH!wInI=dLA8(8pLZ$f|6q#*p7zj@-mc6#h;eaB?8S~ zto}4_*j&XniM|k(heiED=nO+TAv81BDT$#>#}yCX&cHx6|9*&Etz{3Zs;fn^6u&? zO;9J(&Lx_dWBKg9{zA$wLX16r#%Y%ohCQ@2V5TjE^x)gL$J{X$>8l#SUf6B1KIKIhzmy7fyK{Zwt%lVilAKe`91sspPw(o8_lj zQ=eZfLH(Xl+mA$U^BqFh;#X8KN^L^xx%zmvq|ZVm%C3jpW62Li7m-uN7Kwo~?n?HD zE$a6YAG2g|>WNI%--{%%0-o54Iv zoR$xYN?P}&Qc+!w><{2am^+e=GW}fKcJtnz^HlJKsM+!SgfoY2=8l7uOB9?(F55|- zo>${o=u&?;>h%&*FG_4V$@S358}^NF0L15FCGH@re8v4u47Q=;*IUyE_LKIdM)SL5 zD-=CCuxk?xKLZVnI0uqrnc_l@-xLm~9^9a;iH3yTn;u~}Tg-hT_ma zf`qv%sKcFiHa0saZhs}FT&?6kvc}qY3by^(R+5y4HFzC6h}OV)yg*dFjb@zcRm4xBMMbH2LfR*9BYvb1HVcu$+LUteYN1KSiVRF(~@HVmi+M{q@1d$^XOI zTL;y(Hrc})m*5sO5Zv9}-3jjQ?!lel4#CdBJvadpG`MRZK>`GK32tBI&fE%@x$n$Z zzrQG;YSB;AXYYPiukJolX%a5>G0PG%MW)lco@1A7Ul>B#c=vf;yfettT-1Nd*meDb zwg6>dO@8L%?0K?|B78YI?!2;g@q)to5DN>d~69b}$nUt!o!_ z)2gH&APr#Y@7PfiCpDT3TcE0WiBPYXZs<8rLZj>>fUoD|W)UHWjJ8IoND1qsCOwaq zW1%GQ++zsVh0t>*NBELO>ttSDt1PV3Z*QlUi-h}Pz4ww|*{&8id0^w$}2@NRSlviKJ@W~<%zE@`x=JOLXO&|X9Qd&~DvoFqXy<@rCIB*6mr zXok4HCJ(PzO!7j)^T!Vch(mMH%q%^vn&nv}bz#K}1q<@hyjHPU7W7pRs^;wm(c^cX zF%>I`mi*VR+gC-gvFz?GzM(7AhT>tJHwwMMwf?NQp9M<=)oT&W&!fJ9Gn_#XU2IFp z(Hl3#<+=eQTk;^>d+y#M-4l^-d&pOYB?w=ld2oUJn$YHgU9bP}2L-hdxfX5%7fKw- zc~j{tBYERKu9`s6AfDIsWMRq8(V0U`j&{t<`Sk+;5@)|Z>wb$MoVD-?E!^We&1%+j^nWQA zEMCAp3d`>&1l7Nc%)fq^2xD7~u=*rgq-Pusi(^Db6Xh~|OXq-f&r(+w3R?<&falC6 z&nr6G1X=HkKixWO`N1D~P$; z)T@pZUKhC>E>MVX*1^ig9?9p|TuP@NuV?|o#KgPJAgfR8%vkx<)-Zvj;_-pU1kQuq zkAK`OCd>HO*p9!;1%y=q$U`Dkl85|j>fEo?xC~NU3=W@Z70rUfJwsE7jOq+G+*ktyrqXo?Gvh3TnBDIk;Bud|e_Nh})IwjdF$0ENd zZ+@Cvp>eSzt2mtbzHWQH4pRHoM#8{oC%}dw%`ASm+o%E=xy~({IH_^D&;qeTj$$AA zN%&%*o`O;!xd8>V8R*C1Cy zJYO9hNr`ufm_L?Itdo}u8<_s3T<~9wnHI+O)^;}L4h(;KGoKd@jDHhfe-{ook%8RT zNTpE7)jyakJGXhX*HD9mDS3+kkj8RJf3#msw@7=-7<)9XiR{@7%>PT_;EEi`A>=$v zl}enw>tvliu}z$g5?$M}2f&e>ols=A6!z+D^Kthm_8Xo3yGefn<$2-Y7#GNX(QNR7 zGURw0IrbNGkf6`V_Q+*A01~6Rc6v3Mqf2fZ8vs2|S$z!IF7O2BS>Yhk006n&6Pgz5 zBAQ`2F;eo}5Zfq{Hn;%bM89mam`ajFt7$JTFmkbA!V)EaQnhb zGsAnQQG`0Nj!(QC3C4-B8n;9Nw`h!_i90JM{N}C?x zFG4M9odP;2Iv@dX4oplL2CXi56CEDC)B9!IE$)TYKXCrhw^TUFyf9T@~ zZGwvXe`MC=;sZIa?sYy_29B4n2xn9AXrZfntjJZJta5H7ybM{4Ro5p5;U z(z`4nf7QWy1%T7;ZdgUW>ZXuJm`cG(H++wvCwubVd`_^3p8_Dequ5koYi$N?+w_aK zr2RQeG*i+5$l#G&FYQDZbBk5f$oZXth`_*$#y|EvC)l?k0B~gK3%vmeJu+~-r1#Ec zvd#%DjUkYYvjKYs`0vTEDVrQA&W z7158Sn(6ep8??F$0Xf9xs_tLjFGf?$I9$xuC~kj(3nBZ1^PCtTSp{-wsu!V8EWg=0 z((gzy>?zJXY9>MfxdLCHkNOjSY8`In`J6EE51fg9+I~WePxHM0zlm{B5s=G}7Ku~D z>_8Q?ZzHtl^E142ygvv430tXW&(o$zeZH_G4OlLeWKel&{hz7lVkW2uYR!1oVF=|Q zCAlOys3eEA&f+b_FH(;AOeGfqWD9f_&FRw$j5Trob5UF#WAaUTWc_GisI)>Y#BE)g zOJy}y?TzcqDW$#bn9VJt8lm=$UwF)W3k_0wG-2jHH+RrH&IZ(T+to94PsrTw*m-2o7&UDLZSC-yo2%+w=dY;@+FW`w})NK1SZ zLBlee723(fy{8}oa_4ay*?;##Z^GyDtrUF4`P-xUpNN-p>GvMCVULLCq+89h-oMIC zg=?(S^LAe)l1O;5gLKc{5kTLh*4{E5Jay8)QqQ{EaF32-o>s_LY(?!{>vhLCZBg3U zZO)dHv`Xf~-$x{!Q^y_a=FJYJ*No;nhG8~DW*oD3K+Cl*uc6V2yM^P1S?Y&AUO`DB z^Oq1m^tj`Y9qbR9+}8#m4iv>X)w~b6@@82{s=?PJbW_#Sh}FbELz{g~n(JI{e>R3| zd>j=3_2{>&U-@0rq=q}HE__qbz7kEzOFKPs2K17YaItc`nVPp?{O2$`m+c1k>~Uz& z?px0FmkO$AZ!{?L156)}d6zAg13L9%27Yp?2I4?@ub{w!%PKyMF2JIVg{N*iznl5c zZDX~RHo<{#N4#-Im+EW%7z2s+s}MUQdC{K|*1L;C zU!`xov*!l2dQoy*U%$nDF)Zk`y?di%-T4+XMb&s`PUdPZ^%iE~sgwSddcL`W2Ws)5 z)F|gauG7obKt{a`A~B)faxkwojjff>>EoDUJD@2dSx?Y;-3UEjo`5$P!ok7QD0d}V zOTu6M%i8AhoV&iF6N03NyE)$v#ioH%HOi#n%AHDmQTsZ#DDNY5455%z7eO?gjuHxv z)Y&Ur@sknwIoMh&ukR|5HZ6)ow~Y31C5U;=N>E0ha5 zJZ88D8mxfqaU$22H4R3kqAyz}NWl^;HK5j^O-fF}W1<#(lddBh(O$5SY!TDIkF0y1iGvl*Zy>huHM%7aPA6`A&7uk&kGC*J(dKov z$0NKQV?DB%eY@1J?|rCHCz3d~llbWV;m+mDT(g7UJLEXMOGOdXkQPz!elj1sH?j1j zJay8)QqPsBaF3FgYb;?SA?;I+g}&!Id}Rf=+aG!_Z;a>O`>beF6+QT{wlG9q3YeAb zwch)=B527)BQM92pq$Jht@C}G*48_at;LLIrNC?#6GAL^SUbh(3y&O zJ`FD$7S3sh(JphMLC7$d@lz=L91pb9Hf7 zSy_@_Y>AsPChxehkYlvYIB!zB5;qIR(rd|%qp|=})1UJW9V6IBztnY(UbEWAC?rQ& zZSofE;kd}`>l*j1vc2R1mdXrcqcv}M!dFnFyHz8%p!x;R9goBXe3oAl_7o1v)`cGi zik+w_FFOwhYp@CLdvgrCVudl(OkNi2`b1o67{2Jy-~0N4P*7SPF^h#-8#({8g{o3m zn8oOK8*Xnu{2w8YR`fDvwbmU%JE%VmzrD0C*5&rlp2v}u03nSH@xf%lTNPF>Y^E`O zjzM@kyO3}{lrg&A&?WUGlK!1~M)ik#p#72z~%*ixZy-xqHgFaRz^EV}vb3dna;oorDGxrZTK*sycU+W>T z7P_Cg^U>hc!XRS_^HijlUBAJ?-DE72M$s+wQu9_yr&qlS>*QOIe{Wf4gn=z?b?KI6 zbY#1F;s#mkR>ls(K<1rR-+Vh!&n^-i@m2J5tD~rhn3kRS3&n<_Bz_o^3^nvhnZ|&2LyO2QQpV~Q^;#uLZi;4=?2>aV>^0HoEPNI{{ zWmiLi@D97Avyh-73W~5*0vcbiW_mq!(!WyALmY4q%(m&4@&45XKQ<$@9+sqR;+54K5OSj7aGQkEbb` zLv^J+bb{q08{gN2xBBc=&c!tDku*#mz6W-8^9$neUA!N!xX){Y-R~Up%wj4o`L-|y z20-zNv(XE=SlS|s$e~J93=taHUl1GzXwqrS(-yb+$oQNbF=gCF^wq=1(Fa#dX{TL% z>L0W^iFqr0`Ac`JW?~V@i-7+hau9^faR`3e=c=fZMVt z$HW6WYc-(=tl%yd)L@jr#RB8L3&U( zNe^CaRN>xr{Qh@4UsBAJ-UwliuJ^#GF3VkEe8)j|KK}8RX&U~_D%i`pjP_SpE0S+% z%IC?~8K><n$?K-)eV^EF_+q6PAiUfvf zNIOuc>m&B0>@Jl9WPvTMGY_5z5$nwvJ)ac54`xPu)z`RyZh7LQf2W=W8{r<9mMus2 z#2t0m=xCv)oLJBy?r?oR!i^{(WL@DC3i!VBg8pJddeh@H75XY+LFzXD6x9)ti*1HO zk$=YUhdkEtyX=LojvTgM(_B_BcHA}9mgUv^MTq}oOi@NGUihAQ27^;b6}u-Emk9q&Q>ndXgE1Nt zq<|$6s*z5sKx<>JBkJA(JB1cRFMG87&7JewMMIKEmvzNpc-IYYMS&q03|-wqD6eEsT>5??uKKya>bAlbq9ss}NOqC1AFf@rcE!$A@47Ko%ARWZnU2V$`hBH8e-a z8=RKZPyoo8d&C+pcF56;{c&7L-Q|Q~P@L}%&U1nt>Hq-eX$>C`EHsq8fbGNua4h%x z4EP2CaNk<`o36U-F6LDI@wz3LA=#aclczZUB-l4_0Pwr)scYM96651y&jvPqvPe$| z1wjBDf*Gf;P<$koKFrK?g)^Wgl;_&;1m_vSZu|qtAr9r`exHy>=5>xxuWm12?-GRh z764~DqRd^kJG~oEIz(MaupK=c=Xt{CN$Cfj{pN@MCfKRs0r1z9E6DOsHwXOt6$9X! z{toQ2JZ%7ExFIOngzaImnXrJAwgc;QDunt(aQ&QM=a>O za|f%ffE)sJTwN+Pc9J_zb_L~}O?Qoa*54CE{{z8p$P0iBEhz%DGfknmh*_Owt!M%- z=h}$?aIN~)_ZU#YkP2Ln?gV81~05DH>$s5NNTl)Vm7SndSv3| zy>t`xP-Z7%CdquY#Dc1AlEgzwP(+~H9`Kow>|lAc8*bhvF!hVorY}#xSp0-gI`o!5 zk&NLm+ji4Zhs6%&HEP8Vr!8x}9WikPB$lP?IcPZ&A9Re%Wx5auG~rv=t+No|a`}od z*zvRm8m%M@CLjUBW!;BaHn7r9XAhb4yB@n*1eqgLYzX5(1O0y_*q={6e9o?GJ!RLk z8Uc{-M=8IF;EmRXZ!@XJMq~zMhVuOYIH|UQsojN-shO0QdGdBvBWEKL<^P3UPkIgH z;7#{+yXSm7KkW-HpJ~6DmdXjz13>2YRPtAq8Amm`OsJB+d8af>QqF&(_Bngp1OOoa z;54Kotfs9;_#|ma^B_4?tQUCzxa2eHC8Bc9SR%~l;o_>`d8rb`?8QP5lS|8y z^Yjo}_*^AAF5&GKLT0Y%_SSYd0P13|LX>`8IG1a1Q^-#zZBg8iKUkcO3z9N*p{1fLE@Xzv@(`tL9hp--j>#?1WxnkJ|Z z0pt)1@MT)NvY4iFBCo__5se5zM$P~r(U>2EEpyd7#*#0K7*DH;<7{O<{YgEZ&-yDu zgnA%@2{(fH_7#ud+vmPz>ig*9Q=E;o328eyF67mKAXL#8;T0V%fo?-0lYGqI)TvV~eC7MoT>@_=f|gO#-qw@7C6a@sEJuVS zSPe}6rL>7dFk~-9G$u{+@~lwvb09+tOAls-49NkrIXzU!)QfKvm%O|_+wRavLDxyx z#yRJpIPm2sVz?)#e3oE+)&@Xwu9v0cPy_Nz(Ke*)L1aVnCgNcLNVJ;*l(J|Vop2apDZPN(-!43VwbLBT(@z>pv-H&JZwE$sxT{>U+>X$ zFvJ2y=+Q&nM@ZCg8UZV7GW6419Q_v`Us5RkLpiZwiDdRpkwAX#!6{2(arG>V1$0^2 zT(OL@vKj_iW4K$szv`lULdMPvc0)i^DeP4CBZF98-y5-`7BdDJWAKU-^yk?fdwSYR zrsxT`%9rE*NU<-cVHs-GY!OEVMdph4Z*;A~9W3{z=&s|9QvkG=rukYOsgAl(<6sVw zdOx}Bw^RbO(x&T?5`TAaJWn73`GJg&*(jTII-KD6L6tA?WmR7V#czR3DAc*?b1&){ zE=a!ECe)9PVP7kr)~U7%3V%Oo{uV+6Wda~`;EU+Q{mn(%rxV7FLQ)s;?C1<2mz-0i zecr}2gaht~EI_2}S2-WblPBo&Jgqt#0Ec9aTnJ(_!%u@24nZI@31FbPgmIQ%Yy@g0dVHZTWa_q zw*Bf)4IJ04U&ztGzE7h0dEaF2C;;-%lnr*FQdOG$>RnZ6%hsvvG~U zA`%-J7ZzG)J&KDb=Xxe!5H1G5V_v5Fv#+IYc6QuZ$i>wU1NURt0PsFL%2v+mb{{J^$!QBQ;1qx|A$nx$eI`nnPc^}=N^dEK$^@J%iL7b>Y}h{xskISnR3 zSd1A#lj_0g0-4DR1Q;jkr6xrs_HiyX4%V`YO zpsl>OWrQ76Ao{52=~Lk`VU_mM>00$ajn=a_b}@GKc6BqicV#qnwEt(rquSHViiI1< zC5?+__?Xg-{{oMg+#yPTW8@2<2ILC7(d_h!KtG8EZgI5Ta~9QOq93YnK|#iz2=jx{S#x)H48D( zK=z9|NBpz4BTbpkE)+~vsvoKu(P}^@-%7s;);5^eTaHaye z3?3OFM1JrXCY*+rf^0DMRUS49KrYoDYr?1Z5QPJ5oJ{ekN?n1bVXA*{o@brF7XTbO z{Mx5DqM(|!^-Cx;ksh_zdf)G{lpmXi(?lJ(2fJu2-IHYu>Iti!jLCf7TqwB)fYi0FF~yY1!*g zAP?%c15L8gNmmqZ#{wWl<4xkle%O=iR8j#L+u@`h(Fo5!_WX~mQxgE!9Ukrl^Qvh1 zD%j{txy1_wuVyR*;I=`yWKo9n(FuiUr6Lr_!(27KkAH9^b%vOpW}TMj02sso_j*JA zfb@AeSQBj&J8JgV`jG1PxA*4WzAb68|5Z=h>@iBmgo@_|@2u z_YSnIpd4tcB<`l@lEVmOzpz)PFdk4^vrb2az|Y8}0(UKzqJ3h1$MJ_P)#&K0Bmi->iqA(KLb zY^uRfiJ#{URrE94&aWIwxN+$wAWCvnHv2VE+t;2~-7{ssTZ~_FJ-&QTm ztdI4&Fu9??d-Dg;QjO>9NZO}76k@=$U$Delt#A%>;2n$3*;NerL`9;UHydi1M^6_v zFfop+N=opmi!`rY-oE#Ib%XgXXwW^O8}alPcSj`4cpz(ba1oQHpqJ8aGj4K|nd=YK z0`-K@Uu_VMP*qYI2=O7j`;IPi7L{~*P0LT6^slOd3_G|7X65-C1ytvPjt?R=5L5=* zDh^T1(rvp<5eWSU{rD0;Ex9k%-k8<<%3bZ$&F8;O_xQbHG9>dEKmJKKlt3#91$faC}C7^~lVVbyrN{$4V;Xc5b3kpc(3&+~Sz60E#0 z@F3Zx%Cxi*8T!Rwgp7n*C*vADM=~z!3YS*VMi}b`&jhsnUT9T*|D$J5YoH^-&(yGO z!byM>YLZRu6u!uZ5+)c`)e&DV$$&PC2m=E_3Qc51+Wx7N{#8|w!U*@kwnAd**d)G< zIbDWtba8m$@^UEUN~K!ot@vyk#a-?;V+d=T3wMVKGKEF_F2$rOud!&Xx3EwC#8jFs za!OOEt1lp|ZQE^T&}&eFm*yn{ni&X0o}u>kUxcOZr6HuQj*iGY6hGG17MYb|dKC#8=4rSXv)N9j z--@3Nhm2^a&O;$f(jpy{{WOG?!@)V#NU=O)s=5kJEo^mfxkALd3&sz@Vm%p2CzFQ} zzdKuKTfneQKNQ6oW_W?oKF<(Isp+uAu3ZN;W{IsM;X)df(Itkw`_xJQsw&8Agu6qk zG|P8TkNJWz0nM#!Lcfyd%~TLKk_~?>d?~~7_A^FL|H`|#_cL0#HQdLkbG!+#w58j* zHP@$IWn#Q#r?i?el$Rk2WsAlT%7#M|4rb^-Xm&iE`t~bBeuSRBFA>dBC)=iBm@PRQ z-}g!)4AZPNzN1v~@kp>h>1hFWGpp1g*wx7K6hI`3l74kf_Hj{LwY>?_QonE(#g1FW z`mCEijP)C4h#pkgzVkiCmh}`VRe{Ga3R;b^5Hm{7rrbA+0VlG2#xG^HIaNT7bjGtJ zVXmNRGUc4U-%wky5;1;5ed*ZFBSJNkks1BFT5Z6sh+ad}XVc(!SCbxY4F_$A_Rl_?6H(b+BD?fSR<#L|W&gK)5L9 z_^xUMC0~6pIXW6q-MA3SIhW6a-e%BU%p~1WBqdge~MTI zxu9^a&|>&OgVDJ05F%4fmYtq^v0UEDgfK-JdlZ9;x*~4W(y5-P;O7(@4_-@=x(Wvk zlQs)&)^Xr|&cLy<^?m)TN5-%qw~x16@|wtWl${3@kQkHs?(4QzLp6Oa96n?;Ur%&$ zpnlMn-e0VWO-Q|FA0u(`@Xy*LaS`E|oGK9zDDJ}8)%&Oea)b~zreoHqwd0m7RWaJj zmpH?gzWqkDCa0i2UQE#$ct*hNdKU>Q?;slblyK3`AQYdGJ=P-Gwru(4&F0*c@y$vI zYSlryNiBwg9vJ&+B>k(ZfG`vuC}9-aKRfN-tYEJ$i*m^Typ(5H@IY)VnpOHxx) z>+X>}8U)pnU%`bu0tht#l#UtE?S7sF_gU9UW-nwg)JVyUde{$7sajz}e5L3Fh{L#L z!>raI81HY#z3(2!^kwa^3vCZ(MT8JOWD@W(YRp@TBIp@H&LOn^Xt(XROq@6zrIJD7 z;wy9Ov*GfWiSCzcTt9Bipjti9Rba9xutQq)sQt;5i({ZEQ%o7$V*)iR6Cp5(&*9?6 z-gIv?{P8Qf0D!$JAO2BSj(>x2apJ8r5s2^OV4$s;b=D6%E`wE#^?}<(xH(L>hp`ic zYsdmW-R`=nmmx^vWf9@<{7;7W7=8i(=qhJ;uiEo9lE zPUXNu19)S2Q*OGVqkl-v@sw-@Z|q7$N|4B;CbJ|ad=w#0WpRy)D(HP!?x(;_tcZXk z=JXpZ7H1JG?$Q0N#)X3EXQDbV7<++K0?n={A&g6hz~7oO`omjK9Q?aiH#kQkU5`?*8??3CdsKXx(5T%_=zk7 z=X#GYk{Se_)sQZ5XzL3McLq?2)f6Uzjt9c!brgVW?5>w8bw8Zv&;$#`0ovLoA*=}J zmp9tj*Qp6vUEN1}_4(mSm`jPVAMoZJPc5WCN)aB+n7U4r_|q_Z18T&M-EXoUncP8_ z(eFXNeHFjTzee`b97fmkFm$-y-muan%y67HyFT3j@r=P z8Osbw(Mj8YnWXU(oM%*J7cT%#Ikhg+sVbo=BHMj@eL~hJxRxvqfaK!(x#1q7kaHnk z2^+LYT4y~Xru~zuT>5=;`g<)&FfQCZdbbR2PVY%oh3)w==LGj$4Ve-eY~&GCVbbb3 zca)pvgT4C@@+vm@p*@ZMp)*y30DD+Zfr$vQ5Vasl>0EG`d`;PYa3yPDN?a_+9WsPg z`_pXhmWD2L4?tlT|6ah@XQ8{~tg52AT!x)!1^z4)*@6F}gy%~q{n0FcrpF%wv1IUg?dSjOs7qCrhWM+N{# zqEBw#Q@i1cV|_@UbCp5rl_Ly%^6z>!n{5gj$mR3Yd8LcMVE#GrHFxG`b)AsJluZC6 z?2dY<4_-t~EM^-P#ji+!J0t1;gY%qYL=FQ$0THCMgkh@l=hxrWcQk89#k@_M0dUO> zYUhpN_9$EY4J>}TK{+fHt@Klzf7XJB(tupSi6cmYpX8?LCo9$`I{=iTU#Tnr5>?nK zDMT1Q-ul=agRMg=AS;CRWJuL>Di;X{$b{kzAdwxaPVbIR+1XoxT}VqwJ_K@bO9!Pp zDpGj@w@43Sxi3HG1|13kkbZMj#k(Vs52n8q1k+uR6+gcyumC{HjXWOF z0dI&^l~^9WHB$TFZxZQ0G*VPR0J$V1m{Odt4rDkXkn@pTqYF0DaBl%{kO%N- zANF-$EuFrPx64uj5vfzeKd8X+|CaTK(40%WP1??d9fq`#L%iwwXUp+N)LIZmfCO`~qP!eF?1MX>>TDPl3@=nCgK z5W&`xdn3oI8$hjmxxO`H*l`K3nSWPFc;*(Dy)Z|S1OuN_y&+FBbSC^}n%Qn_TYhbN z{UG>mh{58VDcx*WW(1=OCTjJiW|K75Fy!}j>hdl3IOcanB)pRL4^6RfS1ZwQxLxA_ z6b#e@gS*`L7d^SmO^)mj(AFb%G~&}x#nY7??uy57O_H_Wn_FsxmvGYAU($01vMGBx z(yYt|t6##yRFC>z{z9ytqFvTthZz^?>ur|z#;J%Ig%04>Ai!O#2W7fvuS5e{G00oDX12V^&KJE%zeN6Z8IsrG&bXSIpYEquEC^ky?_?@w7$cP8H|^69&8+i6-m z&=43&$n?imj=jVZ1Hjv-VbT5fGdScS(WEjYq~(~Axgt;xOa}U^?`igL>e2>^qsVtY z1Uo8?>%dTCsv}JmjJwE>oa{ra4o2Yx_J&<81i!hUosN)GqKU4g#%ro9J!50i--AYjm~MW+0BVEq+RFp%Pkk#2yh z6bUrmf9>)RSB!N0{jh<{RO6)O)U11-1?1B15ED&#F?!HxTCcdo9t0RGRb&F-)Mj$c z$__~#LQaP&>bo&(=4N^&w;mq z8SrPByCm2w-Z=)&ejLnk;ABgwH~D`(c!|?!TU1GB`$i ziDEuW7?#wV^oW8HXbHw=zz!@_suDIIg-j@>kI;tu;Xp}oCxof9#^2|q5n9A{FJop`1oqQ?55`+h83;q`m=og*4!)X*NLUCqlF|T#w+h{{rlJZo+ zu=lS;SD?~7<32{Lid>_j9Gt^pK}~f!⋙2%uZ5im0+CtphC1|_(WSD<#~!G3?M zQ2ZjC`tZ<-XYajJygwjM=oIDzJ9{l8`Rh!)K{nQ^Xe0cT>^*h2f+xmnYgU`g;9X)p zVOC5IP|!ePT!@YdG4s3 z=@h(|h0Z3>>$oF=KHpX(?kt59FSVy|Md6RhSsig9=VwJ(-YTTdn5>AdJFkni7%`E8 zcI>zd^=`mi*!F7r-sQ4zP&wZ|*hC$?OdJ+8e_Mt|Az^%9(1iXb1A>~CNvf#c4V&xr zR1Jc`{bs6^2`VoNo(x9Hyxp4!$wfUw+XE0Lc3jtRAK!>8mYKOIJuc zc7^WwZ4w}tvRlZ8Y?$AcN+%0fjaa^P^*m*!ITl(%D4 zu{-#Z-d{?zDtA4R6M|MZX{GAr=bN&8H;!oOh1v%d#SrpYhYlZI+d{f~Jc=H}a+wTq z3TS9ZhX^W5uP1ie4rO-5)OFSN2w5?d#J!vc6mj=onb~ zv6_u2$7F54g)RcnApnTTt-p?i00a5kDo6rIp!CltCWizX@4q&5|NiCgGm9ySC1v&Z z>)7c*J=z*e5b{*LNLwm8Q+;T?!eG4H6|hhuDPwlbxXaHUCot>2a`h1Uq%TbhwuBPo z?58@An#x;?qe-(?(f{dy+%HBeD9%Sq9Mq-E*mquVA+2}|ExpxUi`#_mCsK{D`Owz$ z;S)x5z)NRwHiZZ)EN{m={vrF62_23u=d6}*;=EC`Kn}KTAI_N==Edoc-IiYsd(q=) z)ujM90o9xRQO~cm)!Un1Q~dh}`RWDdzx@742muWgCCDLILA-NAPYb88d9&C{m|S)X zIwllZmB?bJ&moqjk`;+t?Q!WW`37g`jvZ=l{CX<}(_m=0f#x*na3;xn3aLYcNSK4d zu#o-d2R4a|kbYNee!`|K)e-KYo8Cge3TDRovgNQW8WU2Tf#65{&gY5C$2tz8bz0z~W(7^UcK*Z?P|kM= zX+pOZaIKoa~TWrcnKav9;|HnT}D*VOo zFEQOb%9&1dBUN>F6995wx*W5VaCxIVO`hCvV(*2xCCUKgQZctw4by?*0`F~`G$|6ZckJDcY&Ax5`OjT(M2xi6tO|(u(SfK697^>vZy;a z#x5A6!9T>rE@G0To_JDb6`53V`2B!O(7JKhV;ht7^8vsWarh?e7aDLd9||1;)a8ll z`}2cJP9in7{gY89Af>UTH>D9JgL>I81NgMH1M{rzeSyY z;~>TTHG*Ad2hWaZg+7@K)Mw-BZ;rM;6=FG@EcYq4R_-HGB z%l=SJeI;b`1PA-4_-}hiaR*+-`9eKXF$3V3C5n7)jG%xJX&+yIk?>X9HB?O?msR>D zPHzv7!Isv<^LuRjKlOq`@DNh}Y{bafT-W zkOMJA#aEbsuUfSfl|e2iJH+=jrcZFbXOjQ6rx>NC;eNS^{)Zj_9uttc`R7lCyqokr@oiF{ZpinoaD1Nsd{C%$Fns097|2}V-}0HmR1>~{)v=J@>% z2mO2iX5LOf=J!I!|7I|RQRNeU+ru;C_S5?0NYjZD0D1WOZncG!aUJ*!eDX1$SBCT? zGzW6IdsKBm*j%5;Zp3y~FN6vi&4!-HDumG+|ME|irE@mJHdTFJ8jwp`rMao5Fb*rZ zKcaDa8PEHPUCSNFWsmfKx!ggWF*a#8oT`LA$)&$Rv<$DCIA zH;!E)zNc98*8%LGKrU&o|DfAAtrY(^c9{Xl+N{0?3O)eblCY&59bbp0g!4L4tm@dn zQ{-~@363WN*KeFcL3=8U;D~L$bRbuV@dru*l02cO$=Ev8_=pwT+y9TX^Zv&&{QLi5 zlRdL%gvdx{_6pf6o9ygOlD$_{w(C48Bs1B2CNj!OM2b?`B_#2ET-{xFSJ(ad-jDAO z-+$oscpv9Dj`MsykJtN{7zYTBu}|G?X0#j?(m6OMbFC7+V}t7GIu#m79gcO~H!)St z?n_+&A?!k<{q#E>gRn@P(AZxjKKU2l^_KDhZa!C9F8Y+>1(v~{j}G2ltsT(!EOco08W0Z%=zrs^;c}4LusNv zb$x&WhB!5r}0XT|bLv!3z=T_PIs7`*mtljH4Oq>95i5;sy zUTNdJnd7W;1Rcx6)HE|>k9Jf&!EIznosqXI`KL||owaHQ2od|HZ-URAp3RRH?4CZW zz%YKDnhoUR-{#7Z3Xf-V40`r{7sjI}QcXq9&nTU!@=2tQGUKI<;#U)y$GxC{+|(yL zJrQSDMA^XFof1h^BfFIu9U4$(J%G1&O{> zR$m|3$t0w4=)EIBtEV^j4pIlJ-cM|43X#iu8+m?nPKUS8T`{2~ixBILVjE`4mWu$g zh@86fRu1xW7*t;89c<7pi<@6T(-|5|M(X$!o!BxRERsW>pn$wua+%U)(U$UMfmn~v zvMT8$qdY)})mSuhb06bGTsM)Fbj-b#UjrkfMyUHWqV#+I+239z7Y;MoK=guwQ)?Qe z$Q3$7_7bp`uxy&T1rP#jx{ajXY1o05WeEhjuf+v)QjiDJqI6#W*LuO`s?w`3 zRW_Pz0uVgeR5V^UDyX~$s$Yv+^j(!@36BKORpAkxvSzEJe7zNgF>=X@H+6o<5D7|W z>BjFf+&Oez6!mTL{cpSk&@IP(4-S*yI2K=*&A6VklTxDD769`3_Bd7?cdPI7O^K$% z4K>^A=LT+|>Aa_qv3LUos1X&xw0kus*ziMWyOB0kwx`YAYa!w9l!}Qzup*h|7di)!JD1<^236oG9UW5 zip}Sc^(aAD7DVpalj8XR&dO=RzpaREYM~wIsUt&L^z-CrKS0RvQ0S~+RhsG-5!(50 zc?%f~^wgo%(^lny)DhF$(3coNm6$W@}Y1 zSmy?a3s{`crd`R~5GK4K+2OHkj4tcQ)>D7(yW%s_G^7sdyzFZl0De2-Q}Np5=?L*q zz~E7#-(nw@wFrQ04RJ;(*oXHH3;%LhM-3b;xRwI;dZ2Xd4tVZhcHyC_bY( zB0#GcOe~ z^Iwzqed7TTLSu~zvA2VsvXhcp{nAq|CCcJj25{M($t{lZp(_I$tHImdUugEt7|)^A z^S$Bs!OsRELN&R;HF0a-0o+o(+E+X;E0kUMkwV3__MFb(DN%c#!p!;D4N2(AG<^hXMRD>&yNbk;ccIM)qQ#wP-H51|8)9xY(go zqmslE$5+?p{bzc-2^$!l38Z> z>YIJOg|T-4$U&sGuKdC1JB^lX+Wgwg`|VEQ(Fq#Ab%^k=726l2unB%oiJE1f7uI!N0Xh0XEC5f$3rppeH4je)*)r4&)NShJ6)pXhQVJFg z{v*|Vm&~I))D`yS1%=(uO{4q zbIoR7B-s6~iUXSo=g+akIJDR}ICR)p|8;0F9=4K<9tSo97INUI?tAvF0KV57f;EEc zJ5sD4d%kDBRQywsejJm8pG9nuj3UI0a%UM$h?iEJrRGbjh zt9|1Tl+eNjMfB;5ZqD2@l)StXPP{pizcQv2mA~QR)g&qtF{`eboyRR%!%`|2sRS=i zbGqG=nyC!XSQ2;5brby(w4Gwg$(-2cPCQH!y0zTu$=GG1zVDrW?mFS^jq&O=u8^-4 zaZO3o-vqepD;OnJCw0qkEg83CiJUX}(_1QtBhG*Fmi+rWtI$spkE{-N;j&wuj=+8j z0FdUCV_1Gg@BQ+zCcN=)K^70I6p*hqshZ};w^x!llYBU_Z6J8h6U=LPmcgR)AApF*IJE%r>pM^jS8g$P0Eo!BF*`FvtV0QcYqM$*59 zb@mJj3gq?+&xm%sSo~X$O4Q>bqz+Tx789&lOd$IMz%h)EY74hiQaQwb91MhpG<-f& z-U}eFIUK);Q&Vvz?pP;2{O#q%vZ9~<(Rq*5amhNWuEb{&RiFm&ccbW_Mp&!+gAZCQrk*zT*X5BIfl%xQKtOqhn z59{z797(0i2R^zV+ES5G0EFC!w|Eb|E|*vw<_b)&WyTz;pGHpSf3CAihQx2%AccFA zoV2@X#?lQyUhy5qQ$1oT_G=R&Snxf84VLXp0D10zxVCmJk1x;8bI4tdV)T)vQ~F;W zRq4%7$a?tYf+ljD#l{5b0D_zAw!ugFgU`Y1@^;B&V(`}G)71dJy^HUeSa+LKFU(lv z$iFa=IwI5d@AROeF!x_AT`#SMPwNt@8`gt793PJ{(;D-h`Na8Joey7}m%oKpfI?P2 zyoD+p*N(JbHkJHIPmL{WG|@hnR1)!yk@Z+S`Oa{aE`(860>JlU2H>7r(NOB2;;eZ% z%K4&0p`oCVHZ3FagnQuA{)qtFh!%Us!-|*re>0Qv?r)Ht^8Vv%jnqfI&B`mF@U%yo zm8R}p{AEK;a*OYxm#Nq;c>@Gj4inL5k(1z(V(8*s`$W(ls|TZ9w}GnP({uG%xpgSrLE~v1Xqn(Qrh5G&`EL34p(5I}xP#xPHf>o(RYYMQd{ZG+VNeeIx-_L{o9OvZ(uLt^4x7pGq< z_v-Tf`ezditc4UpZGzeMB?J%8*V}pvWNm!4SjmdXBOZTF20e))Z?!(tW@#w#8G1$& zL{IT#d1=QhMrCFtm3b)^tuXWV14}c6dn_5RanI^zb+Tf$9c(w5@qCdUAijwZ;|BP)3q`Z) zw1p~dI&D9V*_wTnpPe1k)R9Q93$2{o3H`XTKgM!dHsXEyt*e)UlwN+UiNj`X@DVD4 z@oWi6{Tut4E-ued-1l&!r|Z+a(Xt+18=F|W6~q0Wam;F#_i3Cr6?V<)1&v=H`K2FJ z^=poNqqYl`Xg#<-ltj@}lV8vIpB+nufNKGs{sE}C5^C!5%!F4I3xj_CrfD4*0-AvLS)(Ouqs=P_)(buAV9(mZ`-<5I~se@W6w>|+0$gi$KMxm6JAXTLs44%l7J%FheD;qQ=p-Lqa=%g0$*{PFOCJE>q$dlno=5R7 zZOrh|mihE6^IsH14`N*>c!{hB_2s?73m~tKgj+AKWf;sVS%0Sdpr<;oy!R78+P@CL zj~V74Ka(|BmQRU9Vka#W{~g!=$0eu)Sr2LnqLu;(p**rJC4X-5Cl7J?vA>b?TDb}@ z07!%EdCn~@>I>4JaNd8f8rCz;IgR`iKu!5kkG~*wP)m@wB!D{%ivS^Z?XvCnokr;R z(D~z~wJELpFGBMHWPIzAw(KqImPp=}?1*MSIODEn=S=#wn<>)S1RZF?W=cEX(P>~F_o40fL zi9T)C3rjpMlR6{GQ5KnvSC;G)cvc0cpZsIaz34UOAAMCK$fdci zg|!wzVephu^-WFUj!M?v_)SJX^*b4&HTMg;N3SKnV_xR1I%3Oh_UOFsO4`(Vs_IaG zQ7XpRQoNVEp8J0+HP`+CF$Mb&=O9;4jMYZ|YC#wBZt!(lak~66f>HzkLgv%g$&540 zj@7f;csCWyj>@W1HUJbdn5en8vh47Mz4ah&%YTYQS_Ao?_~&iL|VpJ2+kJDPsrm1c4bE*uc`y@Gkbujr_W$GZB=m@XX-BBnIhW%s(_}0!Plr9K_P9Q(7yS-@2~i= z-WWWQ3e5kIr*|8`@!NrBX9^g<{bWmU_~uhxV3tQi&?VP6(B@LE5h5hJ$}hPHEY{rqhZOJKHvZdK3As9xN^x*Ek#zX zE8*5J2*aKrPqzNUS>!F6f1i+jiR40?$~lYA#Weu3u)HRtN@IHdF8My0Ch5!QhXnvmg(9Lgzhh*M89rM)O$S+6~jCyUBV0Qd(v- zoxJRoV)X*+=+fMTECZ_n4`{mj>Z0Cb&y`D55sP(T=zq-SGPB(8h9M(t^yjrOXD$$gNIyZPYF z)dto0QY-L?P-@_fwT%ISGhr(EQ4Le&bliuXHtLG~4Fgqn09{`H2AEHX zy%M+bsn|HKJ!QCZu?(Ct zONO@{y9mz3I@5PtlKq9IgTWv1UIF-(;L1UHdv5B5xF4V74xa>SCIztoc)I?a#J5HN z{VgnF82>TebJj=4$g^<&d`-xUE&SfsdfFoWU1!@J`LMG99=?5}hTDSDf^VJYm#xWV zNb3jVB7jUTG}12Yy*tR-KTY9Ma{Mqf_$4x~{@*(9e*4m#Pqu3lyC%P1*aVRB(;>dA0~j$K+HBavsY+(;ap` z*`=B35<5??Fu0yj> z@oEhu-~Uq&CZDxj0+2oJwmsWUEt{kt^S#`8)hvUOTQ320oy+U=faxGlN1=_lcmV6} z%FrF;ehicj2A?JD2KfZ%7Gw2Jn3@+KFpdt6)UoEooyh}mq0H0rU%5PPE@>Z%gU0Yg zR-L|@q3K}o+39V7IQyEZg<$AQm19W8nOo162jsd#gh4(*%x3a%_fw97?2-?as_!0G z%*3M|9e~Mahot}7z|QXXxV4se$kGv92q1S{U~x)y^;n%@PN1(JZ{byL zDjG+?OD|mRaUzV) zAA>5Ck%RFC%fz9&WzrB5Kp(D)ZEW139xDUw1(p<6KE*u(Cd3?)| za?XqtIJe-a|@mVw-3_hF01|aj)8sgLbN)U)l35*+!XdI+>I|mSgxsaxAJx%paSn(5G9=Ua{ zS)EvPoqzdk(ExzkX2rJ>w@BLW$XL!dRlPeW)RYknAm?oF(^r!59d{U)*!6nI5_^b` zkZCQ{^}*n?CL{oE#s9d$>s@bimtOk0g3I@z;;VrJ04~V-+_&$1G5f2ITbZT9;prVM z7-=}7bTIhrneU*0Fm>X>GgTb1;&?4}t=2%?hEU?S0P_5l8|86);V#L5T_|N8DH9i5 zhWtB6>0t2LEq4I1JrYBj={`JU*HS?X&tRu$j`3Pvwq5zSRKr^ zeZ0+u##u1=?7Sd=G+m#*nC1U`?iZFKJi6YJDd5_$3?OGK(Q7OYw75EBCr5`#-n!Wl zo1AF%VDQ$QCGg9=ll8qA+s2D?nz%R-sq!XE(+F>f^ref z5i}hPKHF{wAmj2MKW6KGbh4^HdaZD>?uP#(lm{SqB1~H6i%r_Cst>L=#VwCf(}88@B!x zBw+Y+-xV?V?8hbmM{nJ@m^qefS*n9|=iV3b8?DI!4*{HnmqudZoo?a9{LH3&>3r4@ z1G^EL4hB~h+6It!0p2gVtHe?ztMucOA6)XjJqkDjV955GBVHKiqqg8mf13oxLjt~^ z$nRcMJs4b77Z1RnR4c&8u8X139S`#QI$H*CUQXBnC~ye7Ovt44gJ)UbQ9$vV$ zq-bu|Y-CdxhQpB`M~di88zc+~jlLg8?1G|X3pt@e%G>={p5be^%%0)&Kzb8q=} zeaZLZeP_=>E2W|Dy;f-BdS+CL)Io98NgROS{|Zm|jJj>$v+Qh|rb)dz*_~?v(2Zg` z5B*aDGwj$(KPN{@$rz~kk>BB{>x02nAKwIU%%ag+BjOk9lsJA8lpwzDtD4CL;N0m; z3f+R)hx(tqc0bFl(>(0PLvwc&zc=(F>p^kVGX?-&k(_b(pj_Bz*wTVO806Z}Emh|N z;0{AGhpWvon%ZYi2hZ1SI6ff{Is97>CRgQk1_+VltzGJ)E@@tVQT3IMgFWM(w?+U8 z?Y#Ec;+_q^bF56z#!EZ@_pItFXgVSPy2S_a0J<(gihBcJ2*)oW-duU;`weF9^gmIH(5O$0jU1+ z7Xn9hJ#~PEbyN@FJnkFtqK^;l_ALjG60Ql@{DT}5C?KQr@t%Hv4?Y)Xk-0$5<5ApV zJe>&c;owoo+yAt3aPkI6cyq2;Soy*@Kk;;}`f%ijx=OQaXztoN_3t?88`lU-tPNO; z`#3XwFk0Q2DW~O2OJDTy_85_0G3Az1OC>4{lbW_~XZCKtqR!NX`{axs%NFC5Mnwu$ zmv)#&!(LR>?WZ#zBKa)?tuN`<517Kto7RSOT1!z{x^;cY>iU<5ld9T%hThICu0j9M zUVh|bhN8W9@8g1=l-|67-C=}u)5_@>`~--ew9Ipv!{IjZ2ulzFT~6o2x7IOkO3#VL zXMR(fJQ+}4?DX`n}s!&z9K@&TCbH0QZ-~UtGj_Lfw6?1&|=dbH$Gx z({fUf_%AuPzY(i&W5OZh3)NmWaxw57^hpxToz+s%j>~zJ_t#v(q`h{I0A64YkSEQa zKg;`7&M`LreF2Wo6=wjK$>?#C8L7PC?4ztn;pXFcT6aqDuMVbVPjDN+)5f&C7Yt&> z*XgQk+%$w|NCETUdr6=~K=SuGLG+jP#( z6U8@Q3b(G)H`&z}EKUQ2j5Kx`SID?=Y8*3Z9%ozhS#N{oe{}w_$RG3oIP$EG;JwWD zm?rk8gJ0ME;F*$3a{zH}w}^ZZ-ko~vfkvZTA- zfI_O#Y{~b%ZG}wK6=9SgM(CZ5TS5VXXU!rSOXi7l&Zulx#vKt6tQ0S_zRs9dvO)?# za4R`&OyroDMGU;u-v3@~dq@B3X#j;y6;vu@%q)B5)%o^y^$AhD2xR*^*no zjuj!8GH|Rybj04#Q4Dvr{m2u>lW25M@wEE2RiJsRWvVPUUd0(a0os$;?&W48-U{Qb zlnBS_xedV981%9-!<65)N{jbO9A z+*svi=lGtqwQ9LC#M1U<0_UMO!X~o~*~$p97o%5m!mZ3&BRyD^PMwU_%yoT5q#3fF zzEN*`K_sGY>8WgqsL5`3^{t$%MuD{VRrY<;?s_dAm@Lk5Afw zlZi_CKUm4Xa~2BrcAj3IuJ(5B7*;Z-Rr>7~fU9Hi`1Icg@BZT6lvN80hGkf9doN8#FAWFV6zqf#+wh9>-19-+VsMKbZSwtg`C;s!GnBIMd zN(6w{5dGAX_L4=0Bsa{9t_R-An&&N(cpv?*n|c7w z33#z9cvg7TH*x;HwOzMt(l)2wKP>g~{|igCI0q2&8Zyj`GO;X`BdvzX_uWe)o8wXe zjKB)-%0BA=MZ0`F#yQoab6nTO@%M#LD)s-Jnm{p71wjC}w0z20T4Ws`Ct}Hr{m_5P zO@fgXK$jyzh2~AaQBP%I`8VxE{s6Z((YDWEPN+YVKrU9kOvU1dyLx-H1*1}%Cf_CR zI&%U@{p%WGt7ptDy}pR2>`{aAi;MxtU3!0BP)r8eO#~qQCzo4vhdZe!7QGEd>ARIq zswCC{T$uIp$WBo*?Pdi_JB3ED)U7D;$iF(66LVD*fOPhTTLZa5k{V5IKfR;8_W0hm zN)v$ZkIs{*{0hdq=9q`&GQ|9ts^dGFn~%vZ32y-Sl{{%HHZNCZ`FK;nPtMteX|{=1 z03IUp5-46%d+Sk{!1g7Tt5S_u6!~?FS|~8s<#{^**1qdm9wbZq{QvDH`T0f*MsuwS_c%B20 zS#>{4S%Y)cmza%`cw>E&oB@C2!H%ej5MzRuIR&7=8*Ex&qEm->fMuzgDe_uV!2_B0BAViIEI3y}2?eIPbD#d0!CSL2FA_s87 zhr87h)r*;iyIj67U+>+-^g%MTabd7Rkq&?mbPV7HVN>&#xiSqJmp)OJr)eWwu2TJE ze_Y}M`%aiV&sBMMASSP({J%`_pYsSoQBI)#m#ehyt6s9%M*e!*-aO$$y6pN_Jt>}C zsp$hLriz*4J-d3&?c?9N1D=^YA^%GI;wOLC$xYiBbyJQ0WoOd2@h6jM*2)y~zBeZ_ z2y&abXNQ!&yyuzhnp8_IkbSke@==uFrm>W#3roULDdOtR4SRWM~h9Hv7QULo{+e1SDWh?f7LU*1-`e#nwqi(q)SgJ4U^ zaGFee*uP_{@%uCHdp++3iYbK>1CKNX>(BmAR_Kp{g)UzH9(JyOrg+u=cG)rLK}8gR zBh$jw^sfs%b-1u=pMdlDXTN^~A;|d|A<}mWzj0ae{>S*cpNuL32++<+mz5%6LoT;o zY7$;Z%?RpeVb^uP(Bb#I>(CqT{ zYk!L~N_{%I9sO~|grEil0P+`4x<@R!Prdniovc~j`U8ayUnzhbQdY&Tb^atu)G(V5 z>xs+W#eaqj5BzzZF(D{B13<`(Taq>(jm(uQ-=3xOwNu^k+JFIqYw~>IPj&)k+t1R` zy^o6O8YlbFz8^6msHz2k{I+R4d*sY&v!>p+UAgj^kuqV_8o-D%g;RUBft6~<65bP6 zL$7T*O(S8(pL#G?cFpquA*>Q$fo`Ud52ju5#(W$Z+BTcJ*diAC4L#P z-FZ(BpA8va`U7d?vgje?eMdpiVIF{x%Vg@qSxLKF2+ZZ%Deq1PO}J131jn%uE&ZX~ zD!Bn0X~`-@hyKq`NR$1K4kiTccK`+Cp5q$MmnAz=e4!_9TkoXZ#>m0}oIT#5iCA&J zW>4U}|8gRKX||C>f;lu zlTxQ(IxIyk3tnW{3{?*XbkuVPg%qjR=TifuD!$MKw7S0-jnvfAt_E-s(_@~e;UX^2 za&HO@+L>fm-X(vFrh@?;KN17DqavbvtuJKc+9r{2BXE#A_gV-SKqe#vJtbW)*#vFH z@uWU+t2Xo$BSS2xdN82l8)PVSa`BuAS&m_0jSQ_(`AKd6?sXaf7qG>IKlZ0HI!Y0X zVofO;c3g2lhM-V77|>Ds4S?(ms9sgK)D-|wsJ)PG{5{r@_sk^3 z0+l4LGrHvzXgV0s5$iU9Oq0%Co$vg)eZ`7d;AWs?NX5N3b)fKcWw7#YnZgvMmWaiZ zP&Xk}W-8vlp8@h>3s%VY9R(dTZvX_B@vbai1L^9rFm}@9wDSyU=Rp?8!=Vz+uM}Cb z2-u(GTi42j3whGeOj3EVcfVZ>6m$%P07Cv?cCeO}%t1GXaa-q#(GeHkBXIyjK5WlO zY`FcP;o^Z74T;5LnC;LUE8n5IU54}n+0GZq6D89yx z)3l#t4Pl+5kvHH|?B%r}|H%z-51|M(B29i3tPL{7>WZR4GSycDUm%|{IuM9 z)2lWw7UfsaLN%Ds@zW}RAp;A;-k&Ys6FioLCe~_FUGz4H077WOY}3a`36~&2!7hlv z+3?3f{5Q0EFreeiHh>#}Fa=+gj@irQdcmrgZ?y>zT<8IO@0mdy17lv-*_-venS>*% zSPd*QXgV07P~QUpKTXzqj`KZkqzIFR5imldQiy7kzG{4l$0B4(U*RSs$-)u z-%TD}=ie}=Hxnoz9*>*vFHFo4jow(D%A=}NOtH=da4ze`jq;?615rllMp_8^QG(*9 z=+_wo779WD(%BR*eSP{R(ZIBT!n^7KcFi1We}E7y6PbM0cC=k(Hi-Y~ybw;&_bcdO zMGVOItrkGnW(gI{IrfKsT)p%xaa|5isq2;@fMZyHRi!0o`#1^`YsL~kbSO6YgxvIi zy6+F=e}}+d#z%uyCatt!6@XwLcaS_)H)XfXQ}=alBdwfM`b8XoZg9M6KDC;7?>a^N z`Tn6>r;~qa`l9Jzz(UO^0GF9M(yhrJU-jlz-xmqqH7K`S)Bp%^DIw|X8bx=mL0<76 z%wy8*u_4&#I{(5#-#~!iHVc67n0-HCrM&RSGX0DE$CG0s0BLxz3iGdiQHphc=F68d z)R+}xjSidJvU8F1&r|9*pXJzXD}y!wWWGhvz8C(Cg0cF}rmyFX1AC)n2Y?Xqo@w;) ztTnRbL>SiFuu}nWZRz(igxv zLPL1_^uJn7>^B+Cb7wuF2-`)Q4>93o?F4{pwp8WFjyzvs|J2BsK-!_N44?IbL&;E)SXx26POw1_%jr`PDsk{~CqJ&@tXN-^^uI9t41{UDt_} zQhZE3FdT3y7|&22A$Sc9W?(|chUy9A=cK4cIBPbW;YTJPs?2d2(cIIbQgYj zbSRfqbLu@>ke#KHN1ls=8W#q199jYhF^!MHSE6`a1Eqf^PT#rnf#bVa1%Ts9y)R6C zF;h`e`aI)mvDS*$(1C2$@J9y|I(mITHd)~L9=Vq#O#h<*k7`@we61o*9Dr;etDb7D zwmVBBMazv}GvYXKl7u`L=f8FS4TX+=1ckH?1MKu&$%m_2N^;tGQWG}sj;jEq@umvV zdX_NHFE2)iH^a`nXF|GD-O~d!*o+As<=v10H^{A^Zu+OrIrdwbJ3o1@eCy8y2q`_vn;*q< ziO%Q*?-6G^9O7tl~wS~&e3`D4?^P&LU9@!%r7~!IK zE~lLDa!|8oN|Y6HD>!Og7;vtq13>DI`C7KkC!Js1UfUOAo9i|1eRv2UFC2A~4Xh~* zQJN%~5LxklmE;F2ExS#J^?X{&VZr zyX6fZBQ!WCg{$!Y1n0DrK_N|gJK}rH{%Xp*(%@&G%TChQd!GQv=GH|K5^ddTzGS*M z6Bn`V880m6{{-h+-s2qeGN*3pQPI#$m{>ua zOxdpC29|FFL7u_$8!--3qpQ}TdQq(icv32!x<={yI${NXI!37DEF14r9d(8r<%_PL zse8VdKi5xvWFYJi-jt(fHoAdF!a!K+_MJk|lv}TItD)RaHzR0x`0sDELO)3?a#=xz z9qGjZbopsoTHg_8UBlNsiUOSn`?oJv41vPa#AS1D!}5zC2?>pcR5LDAeF{c?CjI$6 z$8>A6h5!^sM;d{jvwT2#ulvi)(zml#vPnw-@(vhgnvHqmX8sHJ?Dntt+PWb{k-s{a zF6+8CC?NXz`P$tU{*RVUU&ihQlDhMXWHp0)+yxI&m6Ok=Leg~jd>52@pS~nOPUC;- z!E{-#69PE#*c?lI;#auGPIXT4O!@xyU1n8~kE^TFB5xYwC;Ttn5w zAZCudKB$C5jJ10=V$h!6*NbZlZ3<{5k4hA1BD-heHA6^9s>AaL&wd=zUI#yS5y`7kJ_~tHN)%hO8^w~;ilRTtVfn~7ZXgm+q3Id!h6s% z%qof2zmq1YB!%7)fWi*bwI@S*LJWo-#-|$_%-1IPm;j9EC!5fYJ)l3}=1#zRe4hGi ztrYsWFx*i|e*j(g{xsdK|9#b!w^@i{naCKu`9v z=M>cz3*p20S%l{3@q<+A$F%~CieCMTUtcWu-hIL9uIi~wOzSEW9ijOu-|?Bwz+0bS z>V$5qhA!TEUQBn?-POs_-Owa~`%u00c+O%gbuBi{xKlkWop{<8d4K zsUR(-KlLc|ll)HUq2{V-RsauBGk;^}ZnebMf@$k)zDIv~-S) zry+M%1|USwv}KyxJ7^B85F2shrdd|e_RjsM#e&uk=Oi>pzQVr4-~Nh%#L>!p|GE=o11h!P8)qaIoac*mQ#FB8-{1H6HeG@S%P`&S{xkqxDfWN&v+`)X8+ZNl z!>`|pm&lCFKpxIAZsps2;o}!qi8ySSB^QqrPLOWWpK)Qj*$(UgA<}TLsKV&cGvgn= z{cuiS?E6emC4g+2NZ8)Vhu0RpUcuueDXzpn+kiZP;Q#U{rT z8xPAXHonwX0=S0f+owlPdj+x-F8<(^>Cmg=9OUwi(!q%I$YX;-mSI~;v9TJlQ!b}0 z3tGAlY6FOlK>_(2Ci|+JQ7=8sy`ng74zDD$>mxrWP&yc{xcm%&6e+i!)_Bgue=M)M zNcZ_Nu}WKQ04O}|7)Sz9k4;#sy;B-`#Q(s;&Jw-#9)>IamSG#5o zdfhr|A9i#C$XvMWQ@!6(+L6RXW-h3Gg!Gml^7QvV^448TLGs`=fGZbSh)= zDaSg-3L;qsP)Hwz;;~0m)JfIbO5hOTxbpS@8KC}eoqr=ej}HMtAlZu8nx1SwIEb~+ zC^zP6>`NCO04e`+sEsNbn~-O}*u&fPjAOKIQy5JL!(9(%00o4UbfG?6o!S{%)gAs@ zgx0oeAwK~^T0g$;!`XqST<3=bxKAh1Yz{ggqb8_&Fx>T9695W-c;WB^XTUGzS);zC zW8Vfj62Dgfp8C}tzk|EyQICTcVRmjTR%SL-3QY&YT^A+>h%>U!{rTf3OU;bRn|-qm z2fF5tgaLwAXHa>)c55nVDP_e^)P(=rc{*ed4^%xE?z%1~K%BE<+8TNFIk&Jge1_lf zONDn*BpE2A2~90hRnflF`;OA0Gn4($R+S%lf(1$k!(F$u2Ze0Ru|6F%(wUXnKRy*D zIO>#=C|3i>JWiFhZE7o(JNf9v3spMRf=?`Ht-&xOJ<}ZkapA$Q*vgx%{<}l1_nyyp zDcO7$rveC>8D~d5YZcND5;xRR7@n2;`+1`M?aE_BdT`eOoXo(LU|YQ`A!0hELvzm5 z^~=p)ToN4gAwVGdJ7@ldJKKy-r4>=&celB0U)o0i-GQr7iwr01?%dx{i9QJnf5Lj)DMW zekJB6FEA>!l1{^xy=-FjGs6u@Xa2YxnC|+e0{~|gnil0|Hb}Eq-{uk$E3B0h=`910 zeWy2VP~GaquiFA*;+JQ>>9Q=(q3K|_>r&SN+;hwm^kVJY?cxriNx6^hMKZ!#IG~W3 zJUeE(IcY7-a9rh-V@i}tlMXVviK+*~T_?an9yjEiRp*!;ciT)euxrF?JLq&RqIssg3p+#dQYD;ot%^fxn7mr_ePhAnf z5wUmuBoz<&YQJh5ye?55Rz6>c?nYv`^wg&TWKl=_DWgkeq~qeV15f6=8zggYUxEVS z1`#2xBe}RGY7@yT;92|NkSQ|a_}}CDH_{{h3>2~sgitaYOBtoYySNo;u5)T*<*Wd* zeA%hQSr~eM@R;e1+Rdlpgb%FH_Ms^RxBfzo3l-_%wg&}-dS}i)knr(*B5*frr&Mq7 z)sKiUfZ$7Ye|;@2Z;^%IJ?{IM;W!@tw=QV)V7UF+ivYU0Mpqj1w5OV(({<8Vub!YR zKCBx+nnAIYuF*fwex+z!QSHen%skvEMbp7>>2JRQh>P}ihiXkKuTCHCC}&@z5+!jz zs|Mf%AACI;^YFg9Un6RYAvNRShBGDTI{&)#R$Bm4N+;oL_t|t7J_;-z*WbL_WT`d- z;D^-({-Wge4(AM}qZ02cifS0MC86v5>xv6{0ysC}R!nG9y7@)h?T0S*EWXV#Tz3G1 zzv+&MX-)!P;8@Sf?5IBPtgh7m66wjt0+8~p^a9dp2~k{vq7Tt)>3*9ehcf_9sSLYI zZ|HaYl6N5Gf!c*@k0L4Gqt$~E=?N%D?%owBKX|oKD|iSl%#}u6S4wH=)X;!*9O zewDho_{Wd4n;OVUQ)|(5Fj_7?JqrpM_kzSqI`6gSY<4y5>XTZ^QmGJw0>lKlQA3iW6LXUD`xa<9!0CIodE6yU9elDb9vdLkcs2QPiwF*GKJ(ne)2fwGB znId6XOH8IlPRu6`|E-VhgIfxEN)JY1dyJ~foFmA({Bto zs;6njl)cP~QqUu67?B=RaZt$MT$Jaw;+g!WOAw+rFR0AZ0-oNCWtsKy2}E@1qIeCrLtY`*eYUS z+E4=z6V4E16#37%Fx~aWJY?ukB{@_vtl&K9l>p;c4_}a|FNXohf-}}LtmRIl4tV=+ zzJI;>c+42B2NkBfzA6UbRj0@oVutAtLTAZHUKE-<{*^P03*cou-}ci)n?!ND(^Mbc zxX*sjc!$;+RdI0Ux7~z_^bjxt$fC^cp*u&dP+vj40B<{OqqU(u4uD6ZBn~$DM8D!^ z@k^EJuChcARNO=x7iO!(GXS1X9${$sJKrr9E@LO-+-hqW}syR2E-K5l>Ew95hb`}zLmuoxThWzNm^2Bw0Cd=D6q4aoI_)2nWDjZQFl zy|pBBBKRWr3XRHPQUmO30Dgb!9hKVAmlmIfDC;0PPrIzqW>Nqd<-Hp=EN+||->#Ap z>>j7`n5#yM7-3R_nsNZ&-_7ui9$gzU6n|Ot;x$XTe%#|`fVfyob%bp->Os-BpetRp zsm2}+BYWxn85brsU}Xf5shT8CWZ9I9@elz=s)OD0b7Or$0RF0n>xorYc`CSx;_9=n z3LcN?U+@35`u_tp;9vxB0^=cDiY7B&Cx}t8F3}bz-*EN^kSW)ZG(QJWuxIx&UR&ZE>+$IOA6BslQ8jN*fZ!D#Ybgj$-K|>x z%#^W1<|Lif#POeuARQH4fDl0Ro87r67;{FdqEvS;j#P$+azMf9K|=)9nOAL@wSKvz zs*E&os>A9(@iyjme|S4j8Jtl5AIjc3tg5bU_a1BYjS@&i!-ltL} zS;%)jO5xEi*8E^x=~P}fN-dz#^^k^+=ibkZH1`~vor0!cmAuM#9mG?;LFEeRpDp>^6^3lwsm6`wq=`DGYXD{?F>J{Z{P@OX{ z>G&d#2A?o%8V=6@g65isNNnS7pgMVkdOCfr)j~oX4nVSmMrRtgop;2RGY71x!3puH zxJ78=!Ki7R?*ni);%%oHL>T`#56RJW*6>LLLWlt%E*zNap6Qcqx*POZ*<8jKSJK8) z^N$W@P2*A$Kr)U@*ApEd4u55+prZ^Di_(7^8wQ~34@va+>K@+~&^fe8K_s2=mOMgF zb;3x8nllAR9XcdKd{FL(p0VUNMs3&ytItqsU z-fS=(-*(FY$)&`g-zLsj)^de!L|9v{#sT}nns;8$U7VAW!M%gIjK%XyG;UK4629BJqAdQ?4eI~bF~@048FwdlarJ-ILuf7 zrKU0VfdD*74J^enveoDcc>=rXB-Z)# zSM!84euhb+OJst#%x5>tc?EwwSNOuv!;N=qa=d*rnkX+ju;LZj(@>JzFV`ZTk}#69 zUCR$S%ja*~g*)Z3#fAOL#p(PdTmp_u;v|HGq0eIK9<8j%X&ToLM17n7#xY%af6Q=) zI9$T=k-e~P9moGz(=ao0xAZo1clb|H<3B5ciIam-4JGg2vUaQ(vritY%_gy?lpDzL zu?BerU+P0YE&UjV>-W8fDH6z=`>$pG(ZR&YuKfVAKaPKZ+w^5eHtP^inE5K!tKsE& zfV@WPl1(tez|Ql5MmK0$!xPsz8FkY6_Z@j`fV=Bw+&Fz6_FdQ&8Z(zo?<6Aihy;*& zl15%61CzAutIx$}euZVFKv5`j$8RiziGkUS0G#}-hNX-__}tf|z}VZ*+YzL~j!6JP z-eY{|4kAqHUvql}ylJ#Z+~BrE)4{;NZd3rt{C&>mJ!9P7{Wm+RgQj5?$8L=&08SlN zXi~dc{%Dl{`sepuewS#hv1rhAFfi~9EdV)>M>fVULmBvOUQ39cJjw*q+#dkCVR2g0 zNUzS|1J!zy^e~Cu;c2Sxe{?W0@MtiA?oPdy^}}f*JF2DzsOYdU(% zcQRh{>M{fw&g1Rhmqx?nm>AfK1;C+)ZI;xJiHkfH-|?;7C#*SeUZ((XLECsd^`+4J zZ)LOSQpO8UuSjz5pp6Fu184jMNG9RAv(dr|nzs;#OG52316GDOF#yThp*>g9W+mVss#Y6Bu*u#mjFb&D(@r zj=lD|GvAKQ0c|`O7?{HYKzB8hrb`UP4%=;&XyVEkd>_xPrGq>|mQo!&mB;`$(ZC*G zmYAi*gAr6i+Y_vafq}hwK^~#-tC?r_mNpibjHN$ni`+Ro9yUqq1UQE2KOw z+mCg&v4#)zx%nTRzcDalHGuqL+@9UujKMw>a(sjRD=fOJSb!fu>V#J+=oq=TZxj;Z zh?CDec+V__GE1K5U|`@iB!KIW;w8y6%gh(9HLMTMUYJrH9w7j5)z6Y5`p-it4|lkd zJKMGDY!HN~gq9N>3=FIn3gGs|dAF1+&J^OZFVlVm4WYXGUHN~-oNTZb3uR5Y?CO|csBQqckg!^@9ds(RnPG}~yu zJmR?`!V_IgjHZKufzQkWxIMyUzTsEfWS8wr1y(CuodLF;djRrtnokLES-G2R8ms-4 zmLw?JSgt-F>k4r z6hX(X7$)m-69D%)?%;c?jl{j(?*ClEH$bd-c@YM17OyzFIQypQ#iG4(x5ovY<_RTe zN%)u;SVjUsLGl)Ds>dmfQx|_s2a4^Igs8JN03>s2d89&gnwn-tbDAT4kfwi;0D7_t z1_pk)0-&1`zG?P&Ue>ygbz5TzvBRj=?z;iV^nO;igv7@z`%KDH9HVpWJ@W(T=5dV9 zJIFQwN0AAvy~y23IIZfKaq7ba!CN&xS%y3F#CmUCL!?MB5u}=A>$fg_C%^|e$U|?6d1c2nA zf8QH{BRr_DD_tM6A=zGc-5UT%WoBHt;>O2aC-X<_?^9;6iA}}OKI>&Luxlg(fLny0 z#A(WsS~^(#@DVg^8|czpKL_A&H~)@xC4;fxs7V7y*>1Ul;hb(c@FtCP86sw$CLHKz^-4y0Fp;Bp*BH>!OM403WQ~DK<;?+-Nx&TkOO5o( z(|6+UOgQ~}=T_p(K<=q@Hy3(pMXVlvSEVCgp|RWV-lAi23|vZ#vYWquVc*ZS+a5w7 z)NV8{<05Iqq6;9W^%kc<6Ia5vp$3!9k<+Xi3HoSBFPONr7z@Dnb==&4l-!Y%J~xr6 zDeY;Xj~j6bu8$R8l^CJU-UL zUB28(I7KbF3J~XS-mg5Q`Vxg0PcJ6h5897O$40rve(PX%sPPp8kd^1F)cx8p! zk-)gDzmI+MGJp%DFN$b$2Cd(jS6VB%7}n*b>g#&ndrz`g&mciWfy zIe*NZr@W2;3P@=g)XUmd>0{&((x;`Xy+?Tl&8&@yOUq6Hcry~`0;vtsN| z^8|PtdH|&Hq(g6rV}JyXYagY>uk*8gB^rk|FN_4FBzu6o^5yw)+0p`E{|={i&8C|+ ztvtnN05=UZAIml1Nv(gz|M>3IPhb#SU_?_3aI4Xvof&oKZZK zAqo*^Jhf8`ko$PD(eO4VE)|CXJlds@hHpV>a8B>S&}SJD zbvxI)dH~7z+0MveKJ_vGX|FhQCvr~OyJIN(%*lGa*8Qim%n9aH=mU@u4)V%AO)Cq> z>8l5)-ED0{6k;?0f|TKAdLb!~@h6S(?2$9%IOH^|D`+|xm@|_QAg_LAZ2Nh5*Gf$P zdI(NaRY!oT005AZ#jd((xOw3v8`)*97_IvaT_UKK7$@Vw=m;~m1|WZG!_Z-ZiQ18p z@tYMn0W=$iY{dXx>I)^ho@{WL>;8=zfquLQhG-GgA>iLSn3yx>GJpa~aEK~zzS;A% ze0kNWILQ5u_FNHw-z+blOV7ZgRTj0r9Q+`@sisCs1x*Jdxk%X%NmJJ zTT-&hLw>xs{1!mo-tKuu!ww;0!_s3e6jX>V`ka5qoTMoL@_7>JaSvyc>UlTiwn09!LLce~D^G%Go9fFenCi;xbfP z0+1Ec{zevCKEJng8l##IOT>aQdk26Y)Fr*={hn2ZC1mu`_-bO?m5iA4|BZ33Y@Pxc zXIfou&URdoz%4hfYkDdbd>l4%G?$O~6_!A-pp!QflkDH9d6`-2J&VWdA3T@b?l{Ob z6{L$@u1;-e;LV_z(LLLL3B0fhmTM`|Kw4HhT_p&>i}6aHS#e%_N0l9=a-lrIK2_i7 zmRIsIYw_stxrD%EoGYKj^NlSpli9|@f4dFCQS&=-8y4~d$ZrovU|N@J&9{Q_<*#Um zfenHF?*J*xHN^!U?j?868mYNo&~b_9!A7&fVfGe~a0YN_nuqDq7Il6;p^Eqw-A@Fy zOlQmi94cm$V@YyhE|ZRvi+bwm5*6PU)NkznfksZH0(hiEytuzGR@{msM4fOtIO_A^ zfdqi=amkR~{>iql-|A1^m&iYCxk>02t$3n?N&mKaK-P|(&0=+}Z$oJt)zTSs*fV%$-&UFZ$x8H>&R;o2I%NQ|0qJF=kKdTxs>{XVO#4ylS{vsB zkbK3j6KNu4c_yb$cS!YgeE@P#&?5LTVWbKpfU}PR`!=_#!|p7uKW_6nzT}rg(F5Sv zsU<5u<~1suk4#m>O51tYy@sy-d6Y3>vko*gbl$ryOk>-2GRIx{~nRj{~2a4uVv5xs>1IXpdhGkxh zTm z2#1}jqEO7}-P;t^;D3RUlW_##i|JUVNq$jCZfWAhv|iik^6~tJ5=;v)W^}xyP+G=Q_n;7#;+;8>n>vWQSI!a2% zBiLUjH^N}u{py}gL}T`MZA9DI=;Y`2GwY#;1ys0KTGF;!^^9yEeGl_acPr5FlYJw6 zzIpte_^`#!gR%IlpUoEtYA4<713UNC`g;9rSE}!yuIa!XBy_S0z1n4KJ(4bg9DdK- z=9(4y>YCj1@3emNZ4u*yY89no+9Nk|+$}Y)w}yOC;F57snG_w3NUG@U$8u#{(awC+ z9V_Z{(4|-$3omyo5h09>Axs#_I1J#T3lcea zySW9owKEWj7Tb&L|te@|v@bw$cXh$6|VdTOvfSmBN5?VZq z=O!k0y!g(2C1_O%8Us*}(RM{5!9vu`Vf$keTX#hk8$r}b#s2|DK7#?|p32`_8qeFK z?i17(XwUWDR<8O!fK->~`JvV~-)~`e-5U?M!^Eb!hQjbCIv8>F9w=|C*)o?C)=Gt$ zfQ2|4r@J>ynvD z`YqzYI>lMhH+nAv_{~nt_K(W@jtno-zFfJjPZ_x-rTqs^V8X~QEdZAcgvGwdE2hy) za%2<;RV}VMEhq}$2Q$m&a?>PU)ETeTyU6(Zl^!UCqv>G4$O}OLZmRn&5a%!Z(dw)qRT=iLfp&m3H3>ZnX4j|7EedkFN`nAM+^Ht)_ zO7i{O4}Af2T{`Yzka(wTp)+|5jl;I3PUL&^Sa%FhDnA~8)2*GTUKP4Ue3)tx%<;Dx z*tnv`4dCV-_YH&70J#119QF!C!afG0W~+PpKP{fIiX{70Yg#Juv; z^at>V^NfZ0JCo-E_k0~?@Fj9RSAlY?pUn81#E$Feo%UR+Syu%6oiUIH( z$0M=Enk1DTF1pXjS~CPQolPhY)`<=Vj7%{Cc_jV?7n9}h8qObO@4KcD)i>=?NdP#M z>e!X@jHCmHnt0J4yB za~rY8ck})lwh=stb;-?OrVUL814e#h25`NnI6=w>W68Iz*hJSqEk#g`SdjvFO@j4j ze(ev%Gf#y*XjYvjpl7epJS&(m(x3&vUq$)3cclauDaWPnEj;t*0B~v|fZVzHH1F7i zDF|NEytwtrB_U5p9JT-a{y4ydk>x=E9@BbQ<{m1jGufqQBfcDiH{!Il4Paz2)8qLG z$?`aRooaJMvf?|HnW**xCps7~^42JTUofva9da?8Bqz$av0OU{5M%(y~ zJElH=hRb-(n|tvLG1^H^Oc;rz1aNAco#sGlO~H=w*M!^MnWxOky%_*f&|8&6s}J`g z8EZ2q>w#={%v}+b_xJaBFk$4Z0Dx|P7Rxv~yRhzbiMoAcV}g{NZQdF{dMVW*#|pfP zCb8`TqX?P;eivG_k0(qR+4KlN%C`i21N@RZdnYawAILk91>U3C0Z2i!8)b|G0SY5u zo-94DxBo#{FNG?zpNt0sM*hqMkenukIbL3OS7^yJvx}_{W!}!S=K#99aP3#==b&=m zyRSk{NlgB#7JH3$oiSnLGA%$#rttv+hkSuNl#tKq+G5ypk z8iGT|x3Jui=rPzBp49w!0H@jnb?*)E#zITI`UV699Mxvm{Q-g@sa{aex3hd^bk<{b zo<;WCHHLJwd11gv)(-%(e(-4Q3$tZRAYI&0q{tIqejfTx02h)3D|QpD3zmj#|)AijI?t>#OsCasW& zdv#~fWB4&(ik9f0I{b+0r!S5f9672~7!m{VVVMG5(VJVIqI@w|bZQQg4y`(}+)QUrL) zsQ2l~x?{k|h(Um4%_9C}V{ke~K^yC$%tuPKarK|q0P^ZKR9x+>&gy8I=vlU;Js?$u zZG^7#w+Hl@9e|_93khw1Mn2|Lrl*Xx>=LWc;DSLmR?dnEk`BI1@(D35Kq#G#4N;+a zo-ko#YbAgJ=wfe#6d{yr;k{ePv)|$^z*lmBlyogvd)X$o{c*3H@p9RU#p}FSR1(w4 zyfBgx4q^f1xsrQ^{QCa%cL`IiUb307ODz}o08-GDo897WW@|@X>ta$G-LE6&;k#%$ z7%-Bl8^C4p6bPeN>9(JVKE^^raG-WWh!}uw6W;oUY8bAEDdB#TKXuJ42{36;uC-Rj3#xow#k?K4 z+^Z_g_L5?i`}m`9dW%Q`@W$Hi00h<88;f(if#ZozB{+y8hZF@8ew%_Qt^S2kjc#_f98b=Bl{HqoSUH( zLP%s^UQ>AC4HIWZoO`XiEyz2|l~2QN`o{39SMLjHn}a!8^%zNXoxhV2cuW8sm00Z7 zC}y`vNjASL%8LwoZDKG2kUR|TCJe+%m9cGDt)5o;lDGuBI%ql=$q3TV0OFj75G0#t z+5gaQw}YK7wX9H{{R7CsK9a#HWFxMMzx(LPXkhfiq3J7V_aP>XtfK+&bT9d}f&d5d zwYN4B;*X)swWoHZ06|SgDsZohdER{|n-=fK&fScpFtj%5m=Mu38sy+){Sqob7|}N) zYzrx$7#KFYMKb~fg9U?=wS?DPjJ@qB3#o#gllm4asp|K0feHWGtO4SJ#HgUSg(m)3 zQsZ(I-9ae#5X1=(G*$SevbK-plIF>&W+=-T6^#W@zZ3rG{M8QHsT)A1>d9(l%FWc~ zLQA5)gIEOFXWkNlywg8VE#43zKkpht*>twEt2j8d8m(;$Cj4WQ2atn?!>{IN7tUh& z_)=_V*X&#%%r^t@ca1S;p%tq}y%}|!<2vfFYH1|eb;g8$hlT*&WqQ^uC8c4UHI=xm zv0!ZxFw#y6pqu@juS5vqRXHXPL1? zc&pmKTzzi))~Nz|1w)s& zbAkvRr9wd-p}2keoewKIY^koV2j!Pfb1WW)|A~v07Syi#-^9fVo&pH!=E+phpCuYF~^_)Hbe3ap0v;&z8f!$m=Xp?QL|R<>`OX=|FdGGth2rCd5?-n?6x zlF%(K@Q9^*^Nw*@p(Kv+nT1{IG)u^7sYmAZh&5sbd{T*P7mwabKCYPZzzFA};_jIz&9YK25@vH=JGKpzp9e@zvAI>G zWzy7^kICHKKpa~q65p~vI+!NHS2_T?D~e6KZ`*yAkCyb5_Jw0)sysOoz~S)?Wo=id za}>7TJoKbwkJp!GJ@})8$=jHI0R)-T;&bzS@xxZxsXWugK(S9XTxkHF8)&cGA8nF) zGFQtJZj!`Fy`P85&;G;h{^D(oGXRq9em%=wuh`J2^F<#Ss|Q=ylqLYk$NfIydHs@x z7s0L9umhptG`lal4u**kvIfX2B^T$DQ@t#%;Oc9`2Ctl295(ST^hNikf;@sADl)m8W-5+dkJgb7 zb$I?TW$(Z6w#Y>S@FbnxdA>gs%ekSy%3Rj%wafzl*QSfkM=bbM$hX_x+$C?KJ~_OR zelUZKXkGKOo+=V2_O}{}(b85aP;Us8JbLbOUGAZcZ0-}gvt!=`=lTeqv{gj57rALU zyOEz;Bs4r_?9PfUNY-Hyx>CxF!@}}fXxBPF%kUx(ZeuV4i>4s2rPJ~B2-dr`TldvA zod^;sZmya0&xB<4Pit!UHIColnly5ib*0s)Xm*Lq+iQ#0B{cNmw@-fe9P(loyx>UH zJ+smg`Dtj)5sH(%zM%H7g^k@z&Wupz|4#!zwXjEJ^;AtvFo*BRbM^+_B?&w^@VqLni9SM$T54> ze{SWx;gEZ_EY)nvchO^+>wk7>Id{U<|IIE<*AE~MPTREI8cuuHMmJ@DU3DLyACVt#L2rZaDk}K%H#ZyvNmY0~f&0 zN2?r!bwnB~R7zwzYJTikhpRID84qTtcXug(tmn$vo5JU7#rD%?gl_g-yWVPY3&5`e z%az|dh+gWF&+i`Z*VFgI-9#BQ{_KW-H6;Gg3Luv-TmAE9Iws{AY$^u!l@H29=FhFxvNsy1Ejbn;juSpl_r`zo@NMMwImAcxCjszt+!-* z4SRlCTwY9RuNh+~=~G9`JHXsk`Q!kkF<@2EEpI|3lhW$5$(!A0H4oSUg5C|^X|`}^ z`!#7-Z=!A&?@r$n**}jA=B`>m1)v~H#vy!hV-cub&l>-InInr}?*Twc4_}m;d^D_Y zF3@(LxbZO}h5jxob@%t9hiT2mjRcTlK(J`s)N%U9fa})xChhj#XlAGYI8KC7(e?&j zcd3WlVB%KvIj+ov*MHUvb9c_v2YILY$4g9$Ka#KN1hpf3n@R?(AE~0MPEMcqIE`e3 z@g^bh%F44kpJg!`_x{yw;e8na_*6{uUAkRVHn*}ZE@<#Bv0qd7tawrP(dFLW|6Zd;3<^3UtI-{Q#F@v_;+>C|-#gu5&;XEgQZZ3Xf?qO*s6Zd14k z6+h}E6Y+Eg~%DR#+?kuNl=7tgG?A5-xLTR2;1Oevn}mxGvFylYRa0*iH299aYg4ahuY( z{(!>86=wFdbd!7hzcfg3KJ5mKsKp#MXTLA&(%J2**omtu(54LiFga1ZcQ3zThHND{ z(lq{YsHd)7;k06UqrCM~pLe!47scwh{~x>a-vyEXR1`6RKT{IOnn=caJe3kfUtPbV zBg;I*>)dGxva$M3KgM^!@nc+x2@&O3MB0^WFh?t%+#{GA=(-?)W42y)z0_`ICz(5- z)}G5|pV<+T0a;%X6F&vr#pmD2W9olani5YLk5+HREUWMe0tBi4?V4uE31$$VcRow$W<86N(w<*4 zzjjHSEFU1*&k|W|bJDxMk2qQ=eG-#D39q5$$77aNOsD{oufeIT@|^K!sh#UPS!VB> zaC~vs0a7~hjs?*NauU1}UCo!u4$5AK0_efI7-a+aCx8?QTe6Dynl-H#ej(xa9J!K6 zj;jDN{ME#xojDWw{fv_`VI#hlk!>9c+nwNAjDTnLL;&3hC04w<753nCP-W;)MpOz9NWT+c*)tRIrYk> z-d;e09PEZ8_N4e-z{4Qyjo37v>yg+)dF@VgFuK#)1OO;#uZDesr&=cALC7adXCJD& zjQXAcUbc-Q!OGe7C2r5kpS<3;F51|IDoFoF=kF*B(@uaCwxTp{DMFrI4Y?c;TTQ|1 zLuf_>AcqJBQVW3(dr^vXA4}>Q)mT;4P^m{JIv8aG!uJ5uvD&dcQ$2Xf5^I4pX-%8& zImzR308byh|D68w+r7Zl&$n<`$B*`xlnBvv{`N4Fpb97h4rE*X7PQ<#tHsbwuR(T{!Zfi>3N*L;b4-D>DwL=2DaQ#t@$XOb+dNFO=My*%|u+ga|0 z?Iq!F0J2sv6i#fZ7vGc|)f%O%Xujynh}JC*6N?Am1PJW zE3pbss7ARghr`v?CT@KeM#EB=IQz~Hfc$6LWt1jTRLuSO1UB-#FV%7(l_ttlitO9|VNTICRz9<6lMyGU5Rw7v&({py802 zO-;$3oh!pRks3|ZPxk-l{2gg52LYCjog{E@S{&?GB>tPJsr$yiig zh?4fY=DxSBJob2le*a+L>?h3tQdAN_6ow-iJVPE3z8K}xy^*gL1>l^~c!{q2IhAJ& zKShv?Yhqd6<9JZZ?0;BM9k`nQJ(2{#?NYVKC0F^QPw-(X1)i1u&Tl@;($pvsk9Wz5if&jbVy?0g> zXWDTupR+`LLY!P544j=#fC{STEFCH^^}XERGlWciJIwLp$5VhH6=m2aVf<13aYe~s z|Hr*v0yb>aPtp?|j3@$Q9{~9!me}$HR?iSs;+J=CpWf58xHFG* z-&0!ykfD{GFmX2iIRGg#WM)FT2fBLK60Upp?)XWh?cV{A{#ZG~3&{${#0sdO98?!_xxK@iyZVboy_+Ac7Gp0?kEUq?NFCIhRNZKBt!Qy0Hg$#ueNN(-aaGV@V2iePFzfUE&6yc zA_Q6<1GrcRy!A9~)2_dD#JR8bMbNd3*BL;L#qnJ!VgVsGT=^Hd0u)ReyQBZc&^f60 zmxD(>9;dmqdvgYW!|pHDtVl00Q&-dLifHFCQ;%r$?3Q8-X7 z3%wgGhL?3z6d*2i^6(Iq^V_in^Ad~Xek0{gVwwSv3gc;#NN&81!Nyy8H}tNqUyH{@ zi>|?>8`Kj3p3f4wb^$lsvwC)I{PpQV4M{%a2LL&#$-TiDZ~Rpq*+GGa%VI@Hl!j`w z^80?qq#F|D0L~AH_ceNA+Z0h3_YH^rLgse`+ywyn4#q#xJnb7MZ_2dLrYCmudC!LW zAG+~haCSX6fGeh4!zV+(vHgq)85$-tw&Y86Q3r6y1nXn%q@rPs1Le!5ScUjfOs`h| zNc|U_-E$p4{zi_ua~vv)uyXvHfmf%Z`yLvK0Qk9}sH+BFG){pf)d;T>Rv(F>@!}s) zBJEBZ^S=QlL0JG&Wjl7f&fjbyqi2se6HORd)8wQK5Tt&een$43Q6I0>`5|oVT_ zjn)QIrt8c&=N{S}Ui2$B14w~R&7X%d#5guz9bcxl zNc&x0*+*+DhzUxfX#wOtxIcntVEkriNQDFn>V_f$EN-TlB#V%4h7;k83t2oUt-RHpJ2JBKf6BicKIN12vx zCZd9We(PWYj$1MSjzIe31?CA}K^Sr>1zTr?JY^tP12D{!daQJ7l|XE`bAgb9P z7i?_)kpT3O9hL1d9ugiP*S`}KG;)gFS1B3k{o&ppd7Pl{5_lsy{7U0nx2}sBdLf-d zUu}|^B}G+{laJhYhpU1ed3nj3>>`c=2h%IKHTi?~Ve;!40y=WLxATlE+oKdsB%{`; ze|$Xh!U(gtsxe#q0Q3T>Zs8;Uz;^#hi0pDEUih1Oi)e!V7GEn0y` zn^#GsW1LjOFu}Rk0jOqmka_upcy{Uxj@Lc6bw1Lbo_@Y;bIU(>?CZ_!9{#lv)_H;Aj84pRLAYV+YJ*cAYKC`hvsU>osF6O z=WawhA_{~?`K>#u018y2dvuPdOhsq*VZ2n$`Yf#3UgbVw5WP|hAbp|JoKLT0Zx>C94!u>C z!qXejZw5%=>l#+MYFDY^TXc&Qc&G+F&E`-aD<|VIYIuv%kvMbZg#wq+QeriLl;W{J zF%oYqQdW-?#7q0yi;5OB0LY)56mltL?!ECw-2<9!<$Jk)ao~@R%;^XJL>G5F@;lt_ z*4A%Y0Z0*~*LlGO&xV-399)$F7sb*Q5@i4<@f=%}5o6OA*VWs#nCV#>JhwpaVs$3r zpS&T%C0fVx^P6@BmjHsUU*vMARW{xQpU$Uqu4-FKR2jAaDV!KHDE5&&;8cwXow|lV zNHx_a>c{5E$2SJNary{ggaUH}mDATGop$a)_Vevd$thLQ01C3TuKht{@Iv3Obc4k_qP%1$^XmLXfzs*mWIL!0yOIz=d7CYvI?ts6f{tpXGw0~arrM)(5i!d0Govn9 z=sC9IITuhmB_xmPjwYUQGv5XXDlhwFa(3&AzAjg>>z4N7=X$&(@3)Cg)EBIHls(SzgJX zYos*_T8F&l8mX%WNoe!hj7&l4On!gC%+@s0YLN_(d`HV?{O`R;WH)W=m5@Sq@a%MF z0=OlJZN;PV!iHIU+}P7OCk2r)2{h;;E%Z4QrPErBg*S{laD4hTK+x8f4`02$%{ZwX!1-*t}8OW?BR5=d{=TxHQbz*u@uP&mxFiw{*+SeKe{~AJe z|8mXQS4o}(Q1GYdn%$wpsN9jdflT`8{=Omm^M8JxV0uu^Z2^Lk*6YeuR)}ivz54E} z^+@&6c&9}G_xn_iKNQ5%puAD4dKB<5k$Tbq?Et8>{^@^UTP|x`AaAT~^YupnQV%~= zo2V^fd!i5#wWG`_cJ&Bf96%oVIy9e!B!v|r+KAij>^Z{u8fczRX;(us)b*LVY&hZ# z-mEDu0=S^wMBZ8FgKcUW5PIHB9~;zcrUKynl1F1VUvit*O_|**-KHJU3FJe|DU%^m z_=VDuuy`X4KUs`bxB?L8zt-2&ls`Ar(duS4FldRO)t5B{aAFtvGm7b1{JW|je%!}7 zo{t=>MfVV%y%C4f5qs}BYqzmx;35woS8STjjC#8Vc8H@h0-IwW@J+`zF`08;q=`&TbKdp>TlH>o<*D?Q1j zA|nUz1E&1s=k(oc`QfJ}3ZQ1ooZC0i+B3*d-rq!x$9pYqG3xQ)Q_9x>ZmNEHzV1rO z$nM?&nbD4vU(f0C3V;;EmROT0PQRzh{q+%V}O#S}gOBi**x?vm2ld6Z%W*Yy$JWxnJd2H@d=@seS(@8bo7+x*na5wF~n zAEM_i`aJw+-w5aa&B( zcdDj2$0{;V3?L<rFw;%2K&Y%KRPS$;lgBUfhi*^bfT4JUBIGq3~^kbQf)X>s4@;Mzt&gjvX zJ>?`xkawC4rJqANOY+!iUGKVr$bn3;COr9|Gi6{jGzKHid#EBvR1#mLCuN>=aSo7boLc zc*>6&&(iTv^NS_lY+u|0aQNAyD6+Nc(K7>$L|a;s&TDa%mfkqAAP;Qn?B|5F!$ll@v&Pw%z$6~{ip^}R=9 zL82BB3m}=RO1jR8!V9|P^xxgo$?3nREumauC-W*W{Aa!7AS@$7NA-8_z5>WsiT=_u z=aQr{R?Rm$9f2+R$f&s_%#s+oY z_oBm~4*_b5mePTup8w zhS&LFuk3NyAAoe*+i=5!7BhbFTIQVkZstFx@Ve{|v6F53 zB8ZI-P(xDfOg$(VvJ<(#4B%9W*5P`J@~pnApC^?DcW=0QUugyKheR8$46-Zjvi%lD zaxTO14t875{z&~7_;=w2KuRuEJxlyNy51eBJikgPg2yD^vjN~rmzmTo829M3|6$eI z$28-jkIg;NhX2ft?*B^a#Ko2tVhY2i#X=49{~TjSHF^R_QAd)ej9#h&=G4=|eMiT` zPrl-|fIOmoz11Hb#ZQM1zwJG>|EzeHc#h^jS)fGtr*TfSWal80ElxA`4Ynt$yJ{=d_QbbZ|b`7dawf+DU&B=H+bX2muqo1 z^?cqcPUus}{l_S4U}^0N4splru&};fJOvUvtn0%_jX!$Dat7$1rMad>dG6Wv7iK(a zZT}Z)vEE4%1#>0lQ{0Ok^s`nu^nGpo@Y?*y?A^fE(J|^2emA)%SOx2z&nA6XNQ}=B z?u^G>lJ&@bRcyqfXLgysb>g_4*|qE53U&N^ZEep$-S>&Fi_(4g3>oP_g>0lRad4yI z4?>XXI^&DFfG5Orl>W`zZrR}e3Q0zVwQ`yAh#)p(f<LJ|U7 z>0xSgu77kei6{F{04b+E9KP*SX#^iWr2kvV&!^Pk6h9d@;6go=Hy^Q{XH;}DvvXuLv$S-#^6+4Ec42gM zakjB?XSDWmw(zubaW->ApNP#UfD{hwr|DFLqLj+JFPzP2D~7>@$7%uOBM{-FQ#A;sgZ3J&&sD;Q*6?)zX~}p+J{Wrwpc`pY zL>=&IY{bEw@?V&+>Nou3fPiBx!u{H_ZjEN|&SR15C5}hi=Uwts;nue(m0o#+#gblM zA8q!f%k$x`grMXv;(5*pd{e!2zMru(Vb#4+Hab@&`M^!G%Gl^^-E|Bmd|BO(QQpki#o5ln%<-QEJy~E5MogQr#mV1c9PP)% zp~etEP|Di4QVcI~!pl!c8kMoMtElYdb|LRcyV*% zC(S~Qs`va=35bRDD9Ljez|mRhxYF?hB}-Jq><$f&NtFt}|2!$6{ZFN{e_nT&&>tG^ z5&&5uOaY%oyif|ML{D%!uI+`UZ9I^RdrpP%8g5j$g{y(-CC%*R6ftXqKMxJ2(|A_| zz?}y)VsGwXjdrtNlwIYxpph9u!3MIiu<*Ozmal4EYT6wfCY-*Vc;y()NsIY95t9H& zmUjbwbF6SS%L?LoxXBYI*CT5+0NM9vw2JF&s)XkRz8f-9K?vJ>qB_C+-gf2f@dr@z zIw2J}EC9YwLFgb~Y8evOw|F)6=k{Z6-vTWFKMB`#37-9Kpa0Wh(lVFQAtl2bt(hL? zYiamCfIqn!jlZ@H#!)hZGpcG0}LQBbcb{|2oghs ziXhS*(kYF!ba%%LE!`>IQi4b;AfS{W-EkkjbH01Lo^$SBGqdM;)-!vrwSH@_{q9){ z$fo81>*hIe?~;Ec|Jms2Y}`z-E%%$8Kf=<05|D{9sLti|(^A(~`s~2j(w|rrC3^%& zN1Cty8u$!pHUw$@L|x{`BKKOf@xSE!8J0Y&0k{pO`KOp4>5(ZxxDqC-=}^1X&{F_W z%Vt+^+YX4ue9)QuV4b4y-6j3&zjmH~hNX>GAe%ZG1uW=D>wYO1Jm)a$RM6J^_%Q&N zd`=ZA_;h)?Qx@5!eI#{kD@A7GH#y;`pnHA&-Pm$!5P&QG)KzEV45Jb#5TeLmmF~90 zmx}_jAQBTJwSt;aO>YaXS`b&*2t!HE-{$oPynTWJxOtuoA6v@VE%mwo2+8*H0**^# z1_0My`5tSo4l5M}?d{M92B=%mzMTDk;ElBd0lI67B@~ji1WCcdfpYRAzl@wxP8DIl zC^^oOh=whn(wQAogjBDZwwmrbai-)eb$jfr?(POYBm3mV8m+&1B08H5#8A5HDLmZx z>M3f^^{jQwT`_y*CQ=1v`GpL9p$jr$*9^%ids>;y@ASFnd@9;Juuh4b`DiKFn-Vs! z{DX7~S#`=4zZvn+O`yU38@<|(FFwvu#W)4woIqt1xvq?F-4TL!MJZIe4Mrv zFBTj@MtuIil3%8*MDNtqh+VAr-QZt9evHf$TX0w)G4!dSKj55=fb05yb&K-K{R$@g zh%jo(0V&At$~Lllhx0!&>87M#4P^)vA+4>K{uADRe3mgYu`;&*H-MYMUj6mOAKeE3 z^mS!oAe)Gbe3dj<)iCThxRLI)$FLE8wFH1zWiPJe*HL+(&+RmP8YJ0*c5*({=TzSaN}i&rD2jGr0Em$D4=5KmR7p!!i2gnJ zC*~F6rTl-H)Sn1gN&yfvnI*6Xt5t*ZE5`L!R~v~z-l!%3;uH4Vpz!t>>zvwz_cEne zCtEesZ?q%lG6L5(E${L!r_tuY=_4gs}OQHWNnF zF#l?v^EXQVK)@sefJl00g(d@zESv6hj&El90;He_o&Y%ya~!SX5&35iHP;_W{2ZTb znvwXe8n#Tl&|l3xq8RpYu)3ONX!8NMPFQLT0iE~lbmBfiM*11QxMUF(fXMd6^(`JE zlpjqVKb(7KEmL|Ke}6;lpTFl%l)N4U;Jzy|9c>lzEhC;JvuNODG}!EjA^)IlR9i;E#Ip8rwk5qdZrU&NyD!CES`dcgG@7IhCjg$VB5mkQQsp z6+IZYe~h30>_gT*KizL~{y@os;eE3jo;XG%O&eOm06c6g6|MRKsS*IL_3gp)}+v!Hwdb0Rr?xijlV&hI90Jz+D%m&lC*ZsRc zCKMB5-#J57k8A%QlprD@K-NV@J$Y!e=krW*6fg`+#z+kEYwvXK(mo)K^fRhuX6jGT zbEG|u{ZK~uhMcTqsqGeStW>awK5}TF303QnlO9gG1c~=`3RhkgG%f3J+GTH!!=Gx+fn!}{n7Pnm6uaI|Bv?}{urBgJ zYZ$FUBji&x^`PW_pvoBvtpL=6wL!Fl{qc;og%^;?yRq{EQ#%LEUn5rwT)wL$c|G5# zFH&>GY7U79eYDjkSZYDS0*eVlByhn%y-So}b;=GW*Q#D@dFC8;qGxS{hLDrIXwr##;7J*shqL8|u&Ie?6c zd`mZlY7P>P`IrN5fkh$zxZXupSNcYH$EhcZNsHtKZF$PQ$#^+^neZ%lk@J1Kl#xat zD_elJ;Vp$!l6I3%NTA153WFva!qe({#c54oYYMyGDG)C0?P`9V!8|hJq*dX`V(ds9 zZnO>M$S!W1Se~p4YJ(1!=RHtEJ!o*MlnPS=lR!bhgTLC-N}!-4_gDb`sU?X_B9Kk= zO+^XQ{4-QWM@ni2Kp_iwgo5kf62V4x{J5;byi zqzesqn!GOhuK(g_-NB2D>bcjZNLYk)smHrcMazOFTs;N(S<_Mi5MyTZLd#5=>*J@7 zC~9|yvcAW}#p)U1^%ce><_1X-Bbg{{&GZi#JRYfc-TFD}OPS@Cqmn1A;e@0ZQ|!Ir0lGI&pTF+U3L z+TDKNZ}Tg$6NYT_Wdl&M!l%q)+3Vb2`W`&r#g}%OyoD>p7}ZcREvbWpaM$B<4OeMd zl^+In_@Z@SW|YXIW{f*#G&Js>0Y3^oX97}|bxz&r4XRRjE~l2LU?f4k|3~%1|6TPT zA^^Ba@9nvT+bMNHN%s3zSTx$nT*wOm?l_U63ST6yrg2VAz)p32t@@)?^Ir9^tI`c9 z7}!s-EZbZO>t5ka#eF=~7t@fZIahoA*gMsCuflDdh#$wa)oVTJqnrMSyu8A(3?(KPoFvtG~tqI3tL>B1&QW&jn)1_N{L zoF0Zl?+b0J!jW=noF4V2512QUF#GRstJkaRy(3i_Cc$}>2&?aeoIk zJYR+7WFr%mBr(ttxFJgSwO2QN+-29U%`yXHV(sGVM zMpM@;hlSk5iVtrf9To}?6F>7wRis-|p*pDS`92|V@l4cdpmvf;85S-~z1n>^9H#k~ z*W;jo?o|aM2ce*&RG(0+TvyU3VYjQ2H{ zXjf6z9CfVx((QGIcp{gPKGB0*8;%4D?z!K}8AvqJBpFUV89KdH9O0r1nZNdJnMA(6 zE-7>=Pb%ViGCcp9+tu%q=7exdT054*7kUCc5SGF~LOI>GASW8(NfwIS6UvG#YKz`S z`xw7dAr?-~Pkd~wWr(K1^?1wd7}E=jC#0D@chyV3saQC9Hh174K%piE z1*LVHI-wBbPO}x@uz8e1xbR|R zXa1^8At?FGBn1U;?sT@D@CZOgLA&Lus`13b)O`c>8%-ZufAqC8r&pw+2bau?^5Qym zu>Ds6;kz=E(%RRC0#$|OMZ<$|wGZ->YG2r(WMiKbr6^N>SP7UI3E_PFCP3EVbLRY)y)CYPFuRS9D8Gb;=^ z4(%vh)>G1pk7#T7ei)%g8xYUOod^kj4}L0Fq}k5M`C?&PodEX=iwiLn^95^+R8-qI z5~mn8!TgzaoMz4ET&~f>ZaXsVfmn)0#cDlz_J-bc;hh-H=^DeYgw9X{4ll36-MZoo zfy-YsAMqv&wWQL%zKwCZ?iNE3bh2wXc6Ds`_655tW5N74qAYx-1uze;+ zPGjkKfi83dU4_NCL>T;HlxK$hAlm}}tb9KfgF>&iK3syQ-9PbhGS=wn=OqBm@kd6>v`_Y7T3i*aijN6N-LJoA0}#A-QmFB(C<( zXDO&ea5k}>)uAch@@87PHJusfk-%QzRUWh)B6Kp>gP-nV?^e@>4g5fm$U&yWxmiuT zRO>ln-lVwhnF%b)P)-&#pSVq%6pRq^iBPWGraEhF(%swFof*fsrs^4C7iDVTqy5{D zjVk3&w!&Y>qR>rrXW&FpQgJ3i780r=9BN2a7T&=QnhA6X8Ap^}-o@$_xEveN)SDF2 z-zJzqYTS#dh@~KwJG5E15llAhcri4q0kN^RLZ6sJ%QfvE9Lwzo9S1y(ifz{EbE`Tj zwCy0{N~b>hRYaM)oy1f4s#Fe69M#g9SQ8h=@!ig*x?$#dr=@igC;l8^nQis)HnVhE zt&jehY79%NL_bn}@tif?ce6K_4~~Pr4E01I=jG~WXkHcYUoNQYP!-HHD;0E{{a7h@ z0obI3E}F;8Pw0;x>50ebFj`>zD*kzSPlLiWM%9i@(2GNWY2s7M2rqG zzpB1o)^f%OAM$%o;!iYbs6aNAe-5MVd}e2S6K#>9r5Bgx-h0V(q&%?X5ZWvh4Akv? z^@s9}48a}1WS?ZjRDYqY_{8J1!A=?1FfwMM!4evTb=?i-sLjlcu5vsNqlL*%n4_t1 zH=}IIJ)~YYF}rPc{VbO+v=DEpnzNqSxdyPMzhaePYfPH-CcSq<U?uP^NzZMsS5zDlEoI71kgv6x+Bh<1VlvEy3onzGqlSZHe4v{_R((h?W_beZk$fF zt#|GC1sAkG0c~AEWxC;B$af}Y8C6ZVdkkE56!|C5RYlQ;wc2aD3MZCJePkAbN%wdo z9|AH2{=?$Z3c?GVoBUCwqG~K1H{@UXaI+~wR6GVDJpCfrcDLte$Sn)czox%1EH|-e z#;a#LxIGEhpvgC27{Lpe!d{cB1-0OdoHX=dkOYimU#YX0{a%=DjQoK}Bb^8NcE^ANP}K0V(si0cv_5@^x=@3=!R+<#=pD`*WyH>oVcLJmAw>b*o5z1CaxJp+ z(|*8Q;RdD!AVPhW7#&_Ihr@q5OODCVf_~_XlLF~Tn4Lze5j7oHMu#>u6M7$`I^Nv; zE0vTS5~BS51mSK0fXnd;KEZQ8vEoOaLbpu2bxiFh$^>$FF({PG<~sXr!`W|?R+Odn z*FQ4VbN+{AVYacdx3Mx~p%MMZ8`wWy{#u&1En7*h2nnseb$9evKwySq{EfT1hhFrYv}SrUhqr?99$go3>b?ug~)e?>O{O^>}=KXFMKvTNqvu{s0!@kBWud$DM|6E?y%{in)X zpkN?UCy9kc=yjiUlAv^aoP9*f&x@AEcXjUYxRrb&U`IKSAm2Xu`Qb~+iXlw;y?6Ls zm8qF`6N4EKyhQU@c4)^EFXWXd^5_Rp#oF7gdN zHDg@hfueiDr$#MC=nz9}@~jVpr|Ixh#hzLo^(3Cb*P!ymjb}Y>vc9z~Z*`^dNbbsv z%HIca_$S%jE-GcYp}V=AdA`-yZhn+sZ#Repni~3<9%B-~*XZ4wpo#Z%O@t1;#%%#B zh$2A55Y>A~i$W8+SGpLB05S9`XLOSw-!k{rm>gd1A7dbpqA28%Zn4^?Je1ZS}<@2TnZ*E3Tn0^8)zju=s^P$-C-Bw1j@Lh;tp?JipuW2_=*j z*6@~09x8};#{^HFq^**!$T#j#HEI0t_vJ!4{YW}BE<}(bF2iiI_+;fQSWDE}BlQ2M zyyf3j9&iL8vRyepG+P&yVG}wGl2gcIO?Xd10Yv*xkz>72>w&uyDH^PX=9UVYix!hPG{^?9E4&Z3t?5^k6!7@&-&~G~J5nK;{wP|^O6Q)~N_Mz0WNy)_3~8q9rdz7Pa^pU8r} znH9C7@Zd<%qNMiByyFVGcWPHi&+}Nn)aQnzSkWU&297~RP>a$da>0BVwH?xiYyDHq zqweh>jt$fem9&9}Z-<$tuE5o*Mm&jMV$L;dEfD;QtopAjOJ+3VzR(F?pG}%tOlIue zJA2zLHYR0gbP?LssY%j?qM7koi(WZP2gLRk!@#;4B~&0F~%n*;y|O;1$vp zeaL-1())8I)cY_Ak^dbfa6$n7iq(}t!{2rZXeMJ9i^LjD)07Sa;IL!4HL5m>Dxl|J zJ#Eoybtz!*#r=7m<}pp@6k>k-AFvtSWGR%fzg2RFG4Npa?_P_^`R`tfdjHRZcf|s}-G-sTxJ0NVdRHWQi~LX^ z3wxZ6;F6Gzq&|Ff%E?IoZQ;?&^>h#xSPSQQKN2p`F)=Y;F3Q}`Xz}%tLv#J|c1nU2k`QN?Ko>09pQEKk8OWZ9nyW_UQK9+$!%rasI{?;~ngaj^_G-jMSS z9-W0o_0r2!JeP=mGH&n)F^#blaO(M7Ea>Gkxp)WrR>?;OF4%L@Sp?j;RjD^i&PV;q zsGPApQ&ZDvM?66;Oa8(iF{KbDI88z5r!C3!eK)MRncR29Ox|V}-(FThEGu|p6quiJ zG$4yK64X`4@y%}6DRIG%*^g-UaCZIMZ_qp1r^4WorA43I+NU&I!IS@jcS2Th_K@}0yN7D0T?KKK(=$EL zPeCNFi=$r6@xFG>P|tkTEFJFUfK|vwje@IA41SjqH~oV}qH(A`HmO!#l?9t_sw+Y9 z%L4f949|Na8cT|Koj!#FOBh<~n|!xK#ZJ@FDz}uUL&9id0V%5s2fUKl4tt6Vh4-5% zmy4d65D|!77fG{U^=XAHV3;i*)LEj8LG*r=9jNs ztzOZ*w6d_bvbUglYUas8BkFuV#s_n8GBdL`yRXH@Y5zt%93%wBM}h#fD4=_T0+A!5 zV4_3NK&XTebPP-omUPh9F}u!~qZ%J^eh-}6M;h%!IXo@gw8f%GJlQmU zbvqS1)YD`3Dl`fUpX^-rqmm(|C|FWoOJ>@hwyex+1k1@_=!~+=Tk^F1oJ7JY{Z6Fo zxm)U3RIUH&N1iFyVWAFp_lcGt`(Y?#r2U$tJYw#PuouZFVKcX>`1yGK16tHKI_>zG z{#7qW6POReFjY+{he5l>ezURJL}OiQJ~`oST8a9>aqLQ?OB~8pwxDld-)Gj;vS|@h zp?+2xWZI!C>Rr5v@Znbn_M{&CZyQSm^TIuUP(rvuY1f&vNm-gcF!AalX;Oc9LbSIz zKqTXZ8a3RHJc11O6`^x3kQo!&?53h6Vd9SW91U0&R`S}1or}dk*1wZt;!+QRs^eKv zhAaKDo)e03I(KJ??oJZ8(oUVG|DfQGYm1iHG$zjV0>8G)YYaLbBVXQ;w@ zuq8@O7fbo8_Ixlk{PQ>TTI0OUw2}pvUPNlyS%c|69#}!{LxmQOF2TKd)LL$!-sv5i zz79mYv)%+gj0-FNuZzX%4Dn0!r za2qS&jr9|LiSqZ6Ongyj;`QBDyYYKNosLbpJZCz$2bq-iXtTS|LEY+SrJ)r3uA;P| zPvU_9Y5vMa^@locVi?l3HT~(6>ikY}OyPv{i6P;y5>o2Rw&}``9-NfgnLaj9zslIC zeH+d2)o2#Cgf|Cl(E2lB21-Ylv66R|?^s-@dM1OcWG!Fy)X%5x3yXpjQ HsKEaK^B( Date: Tue, 25 Aug 2020 23:50:53 +0200 Subject: [PATCH 060/124] added pgp.asc to lookaside cache --- sources | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 1f508a5..b026e38 100644 --- a/sources +++ b/sources @@ -1,2 +1,3 @@ -SHA512 (squid-4.12.tar.xz) = 96fa700a0c28711eb1ec5e44e1d324dc8d3accdddbc675def8babe057e2cc71083bd3817bc37cbd9f3c03772743df578573ee3698bbd6131df68c3580ad31ef4 -SHA512 (squid-4.12.tar.xz.asc) = 3283912319f5a027b4c9302f3ed26082d7f22e3797b39edd7eaa3df10904fb170352745a0dc1eda50c4c669b2037d9c596a8163f827f5060ec3ecfe0d6b22b27 +SHA512 (squid-4.13.tar.xz) = 06807f82ed01e12afe2dd843aa0a94f69c351765b1889c4c5c3da1cf2ecb06ac3a4be6a24a62f04397299c8fc0df5397f76f64df5422ff78b37a9382d5fdf7fc +SHA512 (squid-4.13.tar.xz.asc) = be1265376927dcb3c96ea0c8c1b0f1d6bd7e3deb0fdd38ff80030c31f53f77345a8b8564c6b8cc79d7449aa361d4bdf1ba10d02f5f08af245ee35b484977b93a +SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 From ed458c36ef6f8eb873e8a65c8a1005e05ad6def1 Mon Sep 17 00:00:00 2001 From: Jeff Law Date: Sat, 17 Oct 2020 09:27:01 -0600 Subject: [PATCH 061/124] Fix missing #includes for gcc-11 --- squid-gcc11.patch | 24 ++++++++++++++++++++++++ squid.spec | 7 ++++++- 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 squid-gcc11.patch diff --git a/squid-gcc11.patch b/squid-gcc11.patch new file mode 100644 index 0000000..c87ade5 --- /dev/null +++ b/squid-gcc11.patch @@ -0,0 +1,24 @@ +diff --git a/src/acl/ConnMark.cc b/src/acl/ConnMark.cc +index 1fdae0c..213cf39 100644 +--- a/src/acl/ConnMark.cc ++++ b/src/acl/ConnMark.cc +@@ -15,6 +15,7 @@ + #include "Debug.h" + #include "http/Stream.h" + #include "sbuf/Stream.h" ++#include + + bool + Acl::ConnMark::empty() const +diff --git a/src/security/ServerOptions.cc b/src/security/ServerOptions.cc +index 5cd81ab..3f73892 100644 +--- a/src/security/ServerOptions.cc ++++ b/src/security/ServerOptions.cc +@@ -6,6 +6,7 @@ + * Please see the COPYING and CONTRIBUTORS files for details. + */ + ++#include + #include "squid.h" + #include "anyp/PortCfg.h" + #include "base/Packable.h" diff --git a/squid.spec b/squid.spec index ad8cf9a..af5875f 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.13 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -33,6 +33,7 @@ Patch202: squid-3.1.0.9-location.patch Patch203: squid-3.0.STABLE1-perlpath.patch Patch204: squid-3.5.9-include-guards.patch Patch205: squid-4.0.21-large-acl.patch +Patch206: squid-gcc11.patch # cache_swap.sh Requires: bash gawk @@ -102,6 +103,7 @@ lookup program (dnsserver), a program for retrieving FTP data %patch203 -p1 -b .perlpath %patch204 -p0 -b .include-guards %patch205 -p1 -b .large_acl +%patch206 -p1 -b .gcc11 # https://bugzilla.redhat.com/show_bug.cgi?id=1679526 # Patch in the vendor documentation and used different location for documentation @@ -297,6 +299,9 @@ fi %changelog +* Sat Oct 17 2020 Jeff Law - 7:4.13-2 +- Fix missing #includes for gcc-11 + * Tue Aug 25 2020 Lubos Uhliarik - 7:4.13-1 - new version 4.13 From 3282e06751b073f4225cc8cb6647b3cd031a8fa1 Mon Sep 17 00:00:00 2001 From: Tom Stellard Date: Fri, 8 Jan 2021 21:54:52 +0000 Subject: [PATCH 062/124] Add BuildRequires: make https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot --- squid.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/squid.spec b/squid.spec index af5875f..8047893 100644 --- a/squid.spec +++ b/squid.spec @@ -44,6 +44,7 @@ Requires(post): systemd Requires(preun): systemd Requires(postun): systemd # squid_ldap_auth and other LDAP helpers require OpenLDAP +BuildRequires: make BuildRequires: openldap-devel # squid_pam_auth requires PAM development libs BuildRequires: pam-devel From 04e0b1693c17e805efd9bf2255d3f60ef78c3a05 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 27 Jan 2021 20:57:57 +0000 Subject: [PATCH 063/124] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- squid.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index 8047893..140ad3f 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.13 -Release: 2%{?dist} +Release: 3%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -300,6 +300,9 @@ fi %changelog +* Wed Jan 27 2021 Fedora Release Engineering - 7:4.13-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + * Sat Oct 17 2020 Jeff Law - 7:4.13-2 - Fix missing #includes for gcc-11 From 5fc2c3b43cfb2f153bad68eb741d05773db18878 Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Fri, 12 Feb 2021 04:22:45 +0100 Subject: [PATCH 064/124] new version 5.0.5 --- sources | 4 +- squid-3.0.STABLE1-perlpath.patch | 2 +- squid-4.0.21-large-acl.patch | 178 ------------------------------- squid-5.0.5-build-errors.patch | 116 ++++++++++++++++++++ squid-gcc11.patch | 24 ----- squid.spec | 26 +++-- 6 files changed, 135 insertions(+), 215 deletions(-) delete mode 100644 squid-4.0.21-large-acl.patch create mode 100644 squid-5.0.5-build-errors.patch delete mode 100644 squid-gcc11.patch diff --git a/sources b/sources index b026e38..cf080d9 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-4.13.tar.xz) = 06807f82ed01e12afe2dd843aa0a94f69c351765b1889c4c5c3da1cf2ecb06ac3a4be6a24a62f04397299c8fc0df5397f76f64df5422ff78b37a9382d5fdf7fc -SHA512 (squid-4.13.tar.xz.asc) = be1265376927dcb3c96ea0c8c1b0f1d6bd7e3deb0fdd38ff80030c31f53f77345a8b8564c6b8cc79d7449aa361d4bdf1ba10d02f5f08af245ee35b484977b93a +SHA512 (squid-5.0.5.tar.xz) = e0f816296d9d32fc97b98249dde077b321651dac70c212fe8eb9566003ce04f13a83665e387531e06bffbab1ec21277e3e0549a16caee426b6a749e18bf77991 +SHA512 (squid-5.0.5.tar.xz.asc) = ca1b170bef9cca5afe1108e8a439282f3a19bea48d2dba42847acd1cf039d38ccc8c714e27fc9e49fe9e3027963f64e9ab19e6a358e6e038c78f85cc77657a3b SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 diff --git a/squid-3.0.STABLE1-perlpath.patch b/squid-3.0.STABLE1-perlpath.patch index 087469d..9cb5e81 100644 --- a/squid-3.0.STABLE1-perlpath.patch +++ b/squid-3.0.STABLE1-perlpath.patch @@ -6,5 +6,5 @@ index 4cb0480..4b89910 100755 -#!/usr/local/bin/perl -Tw +#!/usr/bin/perl -Tw # - # * Copyright (C) 1996-2020 The Squid Software Foundation and contributors + # * Copyright (C) 1996-2021 The Squid Software Foundation and contributors # * diff --git a/squid-4.0.21-large-acl.patch b/squid-4.0.21-large-acl.patch deleted file mode 100644 index 8aacf38..0000000 --- a/squid-4.0.21-large-acl.patch +++ /dev/null @@ -1,178 +0,0 @@ -diff --git a/src/acl/RegexData.cc b/src/acl/RegexData.cc -index 01a4c12..b5c1679 100644 ---- a/src/acl/RegexData.cc -+++ b/src/acl/RegexData.cc -@@ -22,6 +22,7 @@ - #include "ConfigParser.h" - #include "Debug.h" - #include "sbuf/List.h" -+#include "sbuf/Algorithms.h" - - ACLRegexData::~ACLRegexData() - { -@@ -129,6 +130,18 @@ compileRE(std::list &curlist, const char * RE, int flags) - return true; - } - -+static bool -+compileRE(std::list &curlist, const SBufList &RE, int flags) -+{ -+ if (RE.empty()) -+ return curlist.empty(); // XXX: old code did this. It looks wrong. -+ SBuf regexp; -+ static const SBuf openparen("("), closeparen(")"), separator(")|("); -+ JoinContainerIntoSBuf(regexp, RE.begin(), RE.end(), separator, openparen, -+ closeparen); -+ return compileRE(curlist, regexp.c_str(), flags); -+} -+ - /** Compose and compile one large RE from a set of (small) REs. - * The ultimate goal is to have only one RE per ACL so that match() is - * called only once per ACL. -@@ -137,16 +150,11 @@ static int - compileOptimisedREs(std::list &curlist, const SBufList &sl) - { - std::list newlist; -- int numREs = 0; -+ SBufList accumulatedRE; -+ int numREs = 0, reSize = 0; - int flags = REG_EXTENDED | REG_NOSUB; -- int largeREindex = 0; -- char largeRE[BUFSIZ]; -- *largeRE = 0; - - for (const SBuf & configurationLineWord : sl) { -- int RElen; -- RElen = configurationLineWord.length(); -- - static const SBuf minus_i("-i"); - static const SBuf plus_i("+i"); - if (configurationLineWord == minus_i) { -@@ -155,10 +163,11 @@ compileOptimisedREs(std::list &curlist, const SBufList &sl) - debugs(28, 2, "optimisation of -i ... -i" ); - } else { - debugs(28, 2, "-i" ); -- if (!compileRE(newlist, largeRE, flags)) -+ if (!compileRE(newlist, accumulatedRE, flags)) - return 0; - flags |= REG_ICASE; -- largeRE[largeREindex=0] = '\0'; -+ accumulatedRE.clear(); -+ reSize = 0; - } - } else if (configurationLineWord == plus_i) { - if ((flags & REG_ICASE) == 0) { -@@ -166,37 +175,34 @@ compileOptimisedREs(std::list &curlist, const SBufList &sl) - debugs(28, 2, "optimisation of +i ... +i"); - } else { - debugs(28, 2, "+i"); -- if (!compileRE(newlist, largeRE, flags)) -+ if (!compileRE(newlist, accumulatedRE, flags)) - return 0; - flags &= ~REG_ICASE; -- largeRE[largeREindex=0] = '\0'; -+ accumulatedRE.clear(); -+ reSize = 0; - } -- } else if (RElen + largeREindex + 3 < BUFSIZ-1) { -+ } else if (reSize < 1024) { - debugs(28, 2, "adding RE '" << configurationLineWord << "'"); -- if (largeREindex > 0) { -- largeRE[largeREindex] = '|'; -- ++largeREindex; -- } -- largeRE[largeREindex] = '('; -- ++largeREindex; -- configurationLineWord.copy(largeRE+largeREindex, BUFSIZ-largeREindex); -- largeREindex += configurationLineWord.length(); -- largeRE[largeREindex] = ')'; -- ++largeREindex; -- largeRE[largeREindex] = '\0'; -+ accumulatedRE.push_back(configurationLineWord); - ++numREs; -+ reSize += configurationLineWord.length(); - } else { - debugs(28, 2, "buffer full, generating new optimised RE..." ); -- if (!compileRE(newlist, largeRE, flags)) -+ accumulatedRE.push_back(configurationLineWord); -+ if (!compileRE(newlist, accumulatedRE, flags)) - return 0; -- largeRE[largeREindex=0] = '\0'; -+ accumulatedRE.clear(); -+ reSize = 0; - continue; /* do the loop again to add the RE to largeRE */ - } - } - -- if (!compileRE(newlist, largeRE, flags)) -+ if (!compileRE(newlist, accumulatedRE, flags)) - return 0; - -+ accumulatedRE.clear(); -+ reSize = 0; -+ - /* all was successful, so put the new list at the tail */ - curlist.splice(curlist.end(), newlist); - -diff --git a/src/sbuf/Algorithms.h b/src/sbuf/Algorithms.h -index 21ee889..338e9c0 100644 ---- a/src/sbuf/Algorithms.h -+++ b/src/sbuf/Algorithms.h -@@ -81,6 +81,57 @@ SBufContainerJoin(const Container &items, const SBuf& separator) - return rv; - } - -+/** Join container of SBufs and append to supplied target -+ * -+ * append to the target SBuf all elements in the [begin,end) range from -+ * an iterable container, prefixed by prefix, separated by separator and -+ * followed by suffix. Prefix and suffix are added also in case of empty -+ * iterable -+ * -+ * \return the modified dest -+ */ -+template -+SBuf& -+JoinContainerIntoSBuf(SBuf &dest, const ContainerIterator &begin, -+ const ContainerIterator &end, const SBuf& separator, -+ const SBuf& prefix = SBuf(), const SBuf& suffix = SBuf()) -+{ -+ if (begin == end) { -+ dest.append(prefix).append(suffix); -+ return dest; -+ } -+ -+ // optimization: pre-calculate needed storage -+ const SBuf::size_type totalContainerSize = -+ std::accumulate(begin, end, 0, SBufAddLength(separator)) + -+ dest.length() + prefix.length() + suffix.length(); -+ SBufReservationRequirements req; -+ req.minSpace = totalContainerSize; -+ dest.reserve(req); -+ -+ auto i = begin; -+ dest.append(prefix); -+ dest.append(*i); -+ ++i; -+ for (; i != end; ++i) -+ dest.append(separator).append(*i); -+ dest.append(suffix); -+ return dest; -+} -+ -+ -+/// convenience wrapper of JoinContainerIntoSBuf with no caller-supplied SBuf -+template -+SBuf -+JoinContainerToSBuf(const ContainerIterator &begin, -+ const ContainerIterator &end, const SBuf& separator, -+ const SBuf& prefix = SBuf(), const SBuf& suffix = SBuf()) -+{ -+ SBuf rv; -+ return JoinContainerIntoSBuf(rv, begin, end, separator, prefix, suffix); -+} -+ -+ - namespace std { - /// default hash functor to support std::unordered_map - template <> diff --git a/squid-5.0.5-build-errors.patch b/squid-5.0.5-build-errors.patch new file mode 100644 index 0000000..4293d67 --- /dev/null +++ b/squid-5.0.5-build-errors.patch @@ -0,0 +1,116 @@ +diff --git a/src/Makefile.am b/src/Makefile.am +index 81403a7..5e2a493 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -2477,6 +2477,7 @@ tests_testHttpRequest_LDADD = \ + $(SSLLIB) \ + $(KRB5LIBS) \ + $(LIBCPPUNIT_LIBS) \ ++ $(SYSTEMD_LIBS) \ + $(COMPAT_LIB) \ + $(XTRA_LIBS) + tests_testHttpRequest_LDFLAGS = $(LIBADD_DL) +@@ -2781,6 +2782,7 @@ tests_testCacheManager_LDADD = \ + $(SSLLIB) \ + $(KRB5LIBS) \ + $(LIBCPPUNIT_LIBS) \ ++ $(SYSTEMD_LIBS) \ + $(COMPAT_LIB) \ + $(XTRA_LIBS) + tests_testCacheManager_LDFLAGS = $(LIBADD_DL) +@@ -3101,6 +3103,7 @@ tests_testEvent_LDADD = \ + $(SSLLIB) \ + $(KRB5LIBS) \ + $(LIBCPPUNIT_LIBS) \ ++ $(SYSTEMD_LIBS) \ + $(COMPAT_LIB) \ + $(XTRA_LIBS) + tests_testEvent_LDFLAGS = $(LIBADD_DL) +@@ -3339,6 +3342,7 @@ tests_testEventLoop_LDADD = \ + $(SSLLIB) \ + $(KRB5LIBS) \ + $(LIBCPPUNIT_LIBS) \ ++ $(SYSTEMD_LIBS) \ + $(COMPAT_LIB) \ + $(XTRA_LIBS) + tests_testEventLoop_LDFLAGS = $(LIBADD_DL) +diff --git a/src/Makefile.in b/src/Makefile.in +index fda6de6..4e047cc 100644 +--- a/src/Makefile.in ++++ b/src/Makefile.in +@@ -4581,6 +4581,7 @@ tests_test_http_range_LDADD = \ + $(SSLLIB) \ + $(KRB5LIBS) \ + $(LIBCPPUNIT_LIBS) \ ++ $(SYSTEMD_LIBS) \ + $(COMPAT_LIB) \ + $(XTRA_LIBS) + +@@ -4972,6 +4973,7 @@ tests_testHttpRequest_LDADD = \ + $(SSLLIB) \ + $(KRB5LIBS) \ + $(LIBCPPUNIT_LIBS) \ ++ $(SYSTEMD_LIBS) \ + $(COMPAT_LIB) \ + $(XTRA_LIBS) + +@@ -5274,6 +5276,7 @@ tests_testCacheManager_LDADD = \ + $(SSLLIB) \ + $(KRB5LIBS) \ + $(LIBCPPUNIT_LIBS) \ ++ $(SYSTEMD_LIBS) \ + $(COMPAT_LIB) \ + $(XTRA_LIBS) + +@@ -5593,6 +5596,7 @@ tests_testEvent_LDADD = \ + $(SSLLIB) \ + $(KRB5LIBS) \ + $(LIBCPPUNIT_LIBS) \ ++ $(SYSTEMD_LIBS) \ + $(COMPAT_LIB) \ + $(XTRA_LIBS) + +@@ -5832,6 +5836,7 @@ tests_testEventLoop_LDADD = \ + $(SSLLIB) \ + $(KRB5LIBS) \ + $(LIBCPPUNIT_LIBS) \ ++ $(SYSTEMD_LIBS) \ + $(COMPAT_LIB) \ + $(XTRA_LIBS) + +diff --git a/src/proxyp/Parser.cc b/src/proxyp/Parser.cc +index 328d207..2f358a7 100644 +--- a/src/proxyp/Parser.cc ++++ b/src/proxyp/Parser.cc +@@ -15,6 +15,7 @@ + #include "sbuf/Stream.h" + + #include ++#include + + #if HAVE_SYS_SOCKET_H + #include +diff --git a/src/security/ServerOptions.cc b/src/security/ServerOptions.cc +index e114ed8..22bce84 100644 +--- a/src/security/ServerOptions.cc ++++ b/src/security/ServerOptions.cc +@@ -18,6 +18,7 @@ + #if USE_OPENSSL + #include "compat/openssl.h" + #include "ssl/support.h" ++#include + + #if HAVE_OPENSSL_ERR_H + #include +diff --git a/src/acl/ConnMark.cc b/src/acl/ConnMark.cc +index 1fdae0c..213cf39 100644 +--- a/src/acl/ConnMark.cc ++++ b/src/acl/ConnMark.cc +@@ -15,6 +15,7 @@ + #include "Debug.h" + #include "http/Stream.h" + #include "sbuf/Stream.h" ++#include + + bool + Acl::ConnMark::empty() const diff --git a/squid-gcc11.patch b/squid-gcc11.patch deleted file mode 100644 index c87ade5..0000000 --- a/squid-gcc11.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff --git a/src/acl/ConnMark.cc b/src/acl/ConnMark.cc -index 1fdae0c..213cf39 100644 ---- a/src/acl/ConnMark.cc -+++ b/src/acl/ConnMark.cc -@@ -15,6 +15,7 @@ - #include "Debug.h" - #include "http/Stream.h" - #include "sbuf/Stream.h" -+#include - - bool - Acl::ConnMark::empty() const -diff --git a/src/security/ServerOptions.cc b/src/security/ServerOptions.cc -index 5cd81ab..3f73892 100644 ---- a/src/security/ServerOptions.cc -+++ b/src/security/ServerOptions.cc -@@ -6,6 +6,7 @@ - * Please see the COPYING and CONTRIBUTORS files for details. - */ - -+#include - #include "squid.h" - #include "anyp/PortCfg.h" - #include "base/Packable.h" diff --git a/squid.spec b/squid.spec index 140ad3f..8267755 100644 --- a/squid.spec +++ b/squid.spec @@ -1,16 +1,16 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 4.13 -Release: 3%{?dist} +Version: 5.0.5 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code License: GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain) URL: http://www.squid-cache.org -Source0: http://www.squid-cache.org/Versions/v4/squid-%{version}.tar.xz -Source1: http://www.squid-cache.org/Versions/v4/squid-%{version}.tar.xz.asc +Source0: http://www.squid-cache.org/Versions/v5/squid-%{version}.tar.xz +Source1: http://www.squid-cache.org/Versions/v5/squid-%{version}.tar.xz.asc Source2: http://www.squid-cache.org/pgp.asc Source3: squid.logrotate Source4: squid.sysconfig @@ -32,8 +32,7 @@ Patch201: squid-4.0.11-config.patch Patch202: squid-3.1.0.9-location.patch Patch203: squid-3.0.STABLE1-perlpath.patch Patch204: squid-3.5.9-include-guards.patch -Patch205: squid-4.0.21-large-acl.patch -Patch206: squid-gcc11.patch +Patch205: squid-5.0.5-build-errors.patch # cache_swap.sh Requires: bash gawk @@ -52,8 +51,8 @@ BuildRequires: pam-devel BuildRequires: openssl-devel # squid_kerb_aut requires Kerberos development libs BuildRequires: krb5-devel -# time_quota requires DB -BuildRequires: libdb-devel +# time_quota requires TrivialDB +BuildRequires: libtdb-devel # ESI support requires Expat & libxml2 BuildRequires: expat-devel libxml2-devel # TPROXY requires libcap, and also increases security somewhat @@ -103,8 +102,7 @@ lookup program (dnsserver), a program for retrieving FTP data %patch202 -p1 -b .location %patch203 -p1 -b .perlpath %patch204 -p0 -b .include-guards -%patch205 -p1 -b .large_acl -%patch206 -p1 -b .gcc11 +%patch205 -p1 -b .build-errors # https://bugzilla.redhat.com/show_bug.cgi?id=1679526 # Patch in the vendor documentation and used different location for documentation @@ -162,6 +160,11 @@ sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented --disable-strict-error-checking \ --with-swapdir=%{_localstatedir}/spool/squid +# workaround to build squid v5 +mkdir -p src/icmp/tests +mkdir -p tools/squidclient/tests +mkdir -p tools/tests + %make_build %check @@ -300,6 +303,9 @@ fi %changelog +* Wed Feb 10 2021 Lubos Uhliarik - 7:5.0.5-1 +- new version 5.0.5 + * Wed Jan 27 2021 Fedora Release Engineering - 7:4.13-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild From c0914fb70e161c1d9a540c9a6a484bbb44c0e435 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 2 Mar 2021 16:12:16 +0100 Subject: [PATCH 065/124] Rebuilt for updated systemd-rpm-macros See https://pagure.io/fesco/issue/2583. --- squid.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index 8267755..fd92e86 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 5.0.5 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -303,6 +303,10 @@ fi %changelog +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 7:5.0.5-2 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + * Wed Feb 10 2021 Lubos Uhliarik - 7:5.0.5-1 - new version 5.0.5 From c1eca09b2428a6d0241e00f99c1b7a0b7f7da342 Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Mon, 8 Mar 2021 13:25:55 +0100 Subject: [PATCH 066/124] new version 5.0.5 --- squid.spec | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index fd92e86..7747c55 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 5.0.5 -Release: 2%{?dist} +Release: 3%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -225,6 +225,7 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/squid/squid.conf.documented # remove unpackaged files from the buildroot rm -f $RPM_BUILD_ROOT/squid.httpd.tmp + %files %license COPYING %doc CONTRIBUTORS README ChangeLog QUICKSTART src/squid.conf.documented @@ -285,6 +286,36 @@ done exit 0 +%pretrans -p +-- previously /usr/share/squid/errors/es-mx was symlink, now it is directory since squid v5 +-- see https://docs.fedoraproject.org/en-US/packaging-guidelines/Directory_Replacement/ +-- Define the path to the symlink being replaced below. +path = "/usr/share/squid/errors/es-mx" +st = posix.stat(path) +if st and st.type == "link" then + os.remove(path) +end + +-- Due to a bug #447156 +paths = {"/usr/share/squid/errors/zh-cn", "/usr/share/squid/errors/zh-tw"} +for key,path in ipairs(paths) +do + st = posix.stat(path) + if st and st.type == "directory" then + status = os.rename(path, path .. ".rpmmoved") + if not status then + suffix = 0 + while not status do + suffix = suffix + 1 + status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix) + end + os.rename(path, path .. ".rpmmoved") + end + end +end + + + %post %systemd_post squid.service @@ -303,6 +334,9 @@ fi %changelog +* Fri Mar 05 2021 Lubos Uhliarik - 7:5.0.5-3 +- Resolves: #1934919 - squid update attempts fail with file conflicts + * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 7:5.0.5-2 - Rebuilt for updated systemd-rpm-macros See https://pagure.io/fesco/issue/2583. From 3f98a4414b8b7a825d846e8987b9af59526b0bc9 Mon Sep 17 00:00:00 2001 From: Iveta Cesalova Date: Tue, 9 Mar 2021 10:51:40 +0100 Subject: [PATCH 067/124] add fmf plan --- plans/all.fmf | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 plans/all.fmf diff --git a/plans/all.fmf b/plans/all.fmf new file mode 100644 index 0000000..cdfc481 --- /dev/null +++ b/plans/all.fmf @@ -0,0 +1,6 @@ +summary: Test plan with all beakerlib tests +discover: + how: fmf + url: https://src.fedoraproject.org/tests/squid.git +execute: + how: tmt From e841b1b13912e32632fed18180b4d939f3fb0844 Mon Sep 17 00:00:00 2001 From: Iveta Cesalova Date: Tue, 9 Mar 2021 11:17:15 +0100 Subject: [PATCH 068/124] fmf metadata added --- .fmf/version | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 .fmf/version diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..e69de29 From 606d4437da26076eefdf39530653c8cb0b5fd61d Mon Sep 17 00:00:00 2001 From: Iveta Cesalova Date: Tue, 9 Mar 2021 16:37:11 +0100 Subject: [PATCH 069/124] fix version --- .fmf/version | 1 + 1 file changed, 1 insertion(+) diff --git a/.fmf/version b/.fmf/version index e69de29..d00491f 100644 --- a/.fmf/version +++ b/.fmf/version @@ -0,0 +1 @@ +1 From fc2d4c0be126a5b9da59ca7caa79b0e0102ddbf1 Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Fri, 23 Apr 2021 14:21:07 +0200 Subject: [PATCH 070/124] Related: #1934919 - squid update attempts fail with file conflicts --- squid-5.0.5-symlink-lang-err.patch | 80 ++++++++++++++++++++++++++++++ squid.spec | 22 +++++--- 2 files changed, 96 insertions(+), 6 deletions(-) create mode 100644 squid-5.0.5-symlink-lang-err.patch diff --git a/squid-5.0.5-symlink-lang-err.patch b/squid-5.0.5-symlink-lang-err.patch new file mode 100644 index 0000000..29b5e2c --- /dev/null +++ b/squid-5.0.5-symlink-lang-err.patch @@ -0,0 +1,80 @@ +From fc01451000eaa5592cd5afbd6aee14e53f7dd2c3 Mon Sep 17 00:00:00 2001 +From: Amos Jeffries +Date: Sun, 18 Oct 2020 20:23:10 +1300 +Subject: [PATCH] Update translations integration + +* Add credits for es-mx translation moderator +* Use es-mx for default of all Spanish (Central America) texts +* Update translation related .am files +--- + doc/manuals/language.am | 2 +- + errors/TRANSLATORS | 1 + + errors/aliases | 3 ++- + errors/language.am | 3 ++- + errors/template.am | 2 +- + 5 files changed, 7 insertions(+), 4 deletions(-) + +diff --git a/doc/manuals/language.am b/doc/manuals/language.am +index 7670c88380c..f03c4cf71b4 100644 +--- a/doc/manuals/language.am ++++ b/doc/manuals/language.am +@@ -18,4 +18,4 @@ TRANSLATE_LANGUAGES = \ + oc.lang \ + pt.lang \ + ro.lang \ +- ru.lang ++ ru.lang +diff --git a/errors/TRANSLATORS b/errors/TRANSLATORS +index e29bf707678..6ee2df637ad 100644 +--- a/errors/TRANSLATORS ++++ b/errors/TRANSLATORS +@@ -21,6 +21,7 @@ and ideas to make Squid available as multi-langual software. + George Machitidze + Henrik Nordström + Ivan Masár ++ Javier Pacheco + John 'Profic' Ustiuzhanin + Leandro Cesar Nardini Frasson + liuyongbing +diff --git a/errors/aliases b/errors/aliases +index 36f17f4b80f..cf0116f297d 100644 +--- a/errors/aliases ++++ b/errors/aliases +@@ -14,7 +14,8 @@ da da-dk + de de-at de-ch de-de de-li de-lu + el el-gr + en en-au en-bz en-ca en-cn en-gb en-ie en-in en-jm en-nz en-ph en-sg en-tt en-uk en-us en-za en-zw +-es es-ar es-bo es-cl es-co es-cr es-do es-ec es-es es-gt es-hn es-mx es-ni es-pa es-pe es-pr es-py es-sv es-us es-uy es-ve es-xl ++es es-ar es-bo es-cl es-cu es-co es-do es-ec es-es es-pe es-pr es-py es-us es-uy es-ve es-xl spq ++es-mx es-bz es-cr es-gt es-hn es-ni es-pa es-sv + et et-ee + fa fa-fa fa-ir + fi fi-fi +diff --git a/errors/language.am b/errors/language.am +index 12b1b2b3b43..029e8c1eb2f 100644 +--- a/errors/language.am ++++ b/errors/language.am +@@ -17,6 +17,7 @@ TRANSLATE_LANGUAGES = \ + de.lang \ + el.lang \ + en.lang \ ++ es-mx.lang \ + es.lang \ + et.lang \ + fa.lang \ +@@ -51,4 +52,4 @@ TRANSLATE_LANGUAGES = \ + uz.lang \ + vi.lang \ + zh-hans.lang \ +- zh-hant.lang ++ zh-hant.lang +diff --git a/errors/template.am b/errors/template.am +index 6c12781e6f4..715c65aa22b 100644 +--- a/errors/template.am ++++ b/errors/template.am +@@ -48,4 +48,4 @@ ERROR_TEMPLATES = \ + templates/ERR_UNSUP_REQ \ + templates/ERR_URN_RESOLVE \ + templates/ERR_WRITE_ERROR \ +- templates/ERR_ZERO_SIZE_OBJECT ++ templates/ERR_ZERO_SIZE_OBJECT diff --git a/squid.spec b/squid.spec index 7747c55..261681b 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 5.0.5 -Release: 3%{?dist} +Release: 4%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -33,6 +33,9 @@ Patch202: squid-3.1.0.9-location.patch Patch203: squid-3.0.STABLE1-perlpath.patch Patch204: squid-3.5.9-include-guards.patch Patch205: squid-5.0.5-build-errors.patch +# revert this upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=1936422 +# workaround for #1934919 +Patch206: squid-5.0.5-symlink-lang-err.patch # cache_swap.sh Requires: bash gawk @@ -103,6 +106,7 @@ lookup program (dnsserver), a program for retrieving FTP data %patch203 -p1 -b .perlpath %patch204 -p0 -b .include-guards %patch205 -p1 -b .build-errors +%patch206 -p1 -R -b .symlink-lang-err # https://bugzilla.redhat.com/show_bug.cgi?id=1679526 # Patch in the vendor documentation and used different location for documentation @@ -287,14 +291,17 @@ done exit 0 %pretrans -p +-- temporarilly commented until https://bugzilla.redhat.com/show_bug.cgi?id=1936422 is resolved +-- -- previously /usr/share/squid/errors/es-mx was symlink, now it is directory since squid v5 -- see https://docs.fedoraproject.org/en-US/packaging-guidelines/Directory_Replacement/ -- Define the path to the symlink being replaced below. -path = "/usr/share/squid/errors/es-mx" -st = posix.stat(path) -if st and st.type == "link" then - os.remove(path) -end +-- +-- path = "/usr/share/squid/errors/es-mx" +-- st = posix.stat(path) +-- if st and st.type == "link" then +-- os.remove(path) +-- end -- Due to a bug #447156 paths = {"/usr/share/squid/errors/zh-cn", "/usr/share/squid/errors/zh-tw"} @@ -334,6 +341,9 @@ fi %changelog +* Fri Apr 23 2021 Lubos Uhliarik - 7:5.0.5-4 +- Related: #1934919 - squid update attempts fail with file conflicts + * Fri Mar 05 2021 Lubos Uhliarik - 7:5.0.5-3 - Resolves: #1934919 - squid update attempts fail with file conflicts From 7836ba99c11169208960592771012b99c5f67ec0 Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Mon, 17 May 2021 16:52:49 +0200 Subject: [PATCH 071/124] new version 5.0.6 --- sources | 4 ++-- squid.spec | 13 +++++++------ 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/sources b/sources index cf080d9..95161c1 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-5.0.5.tar.xz) = e0f816296d9d32fc97b98249dde077b321651dac70c212fe8eb9566003ce04f13a83665e387531e06bffbab1ec21277e3e0549a16caee426b6a749e18bf77991 -SHA512 (squid-5.0.5.tar.xz.asc) = ca1b170bef9cca5afe1108e8a439282f3a19bea48d2dba42847acd1cf039d38ccc8c714e27fc9e49fe9e3027963f64e9ab19e6a358e6e038c78f85cc77657a3b +SHA512 (squid-5.0.6.tar.xz) = 97300844145ea5488a88a531fc0fbbf3c96051169eb20f8b95ba9a4c37f73edfbbedb69ee446e81f45b663e5c7c9a82e2978239c2613da7e5da2365fdaeceb6e +SHA512 (squid-5.0.6.tar.xz.asc) = 5caafb63926356813a0409f3c6a303c70e938f71cdd4cbc8bbbbbbb4a858b1aa91d59edcca4b63e1452ca95c18da46963c43b9e8f63f2e459342e447a02f2107 SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 diff --git a/squid.spec b/squid.spec index 261681b..0d69483 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 5.0.5 -Release: 4%{?dist} +Version: 5.0.6 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -32,10 +32,9 @@ Patch201: squid-4.0.11-config.patch Patch202: squid-3.1.0.9-location.patch Patch203: squid-3.0.STABLE1-perlpath.patch Patch204: squid-3.5.9-include-guards.patch -Patch205: squid-5.0.5-build-errors.patch # revert this upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=1936422 # workaround for #1934919 -Patch206: squid-5.0.5-symlink-lang-err.patch +Patch205: squid-5.0.5-symlink-lang-err.patch # cache_swap.sh Requires: bash gawk @@ -105,8 +104,7 @@ lookup program (dnsserver), a program for retrieving FTP data %patch202 -p1 -b .location %patch203 -p1 -b .perlpath %patch204 -p0 -b .include-guards -%patch205 -p1 -b .build-errors -%patch206 -p1 -R -b .symlink-lang-err +%patch205 -p1 -R -b .symlink-lang-err # https://bugzilla.redhat.com/show_bug.cgi?id=1679526 # Patch in the vendor documentation and used different location for documentation @@ -341,6 +339,9 @@ fi %changelog +* Mon May 17 2021 Lubos Uhliarik - 7:5.0.6-1 +- new version 5.0.6 + * Fri Apr 23 2021 Lubos Uhliarik - 7:5.0.5-4 - Related: #1934919 - squid update attempts fail with file conflicts From c2c7db535e9b6eead38c019c800a5ea8d06b8f4e Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 23 Jul 2021 18:11:38 +0000 Subject: [PATCH 072/124] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- squid.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index 0d69483..85dc517 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 5.0.6 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -339,6 +339,9 @@ fi %changelog +* Fri Jul 23 2021 Fedora Release Engineering - 7:5.0.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + * Mon May 17 2021 Lubos Uhliarik - 7:5.0.6-1 - new version 5.0.6 From f7fef10385c1ddb7e100cb988e428389661d4e00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Thu, 5 Aug 2021 17:00:09 +0200 Subject: [PATCH 073/124] new version 5.1 --- sources | 4 ++-- squid.spec | 7 +++++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/sources b/sources index 95161c1..cadf4d7 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-5.0.6.tar.xz) = 97300844145ea5488a88a531fc0fbbf3c96051169eb20f8b95ba9a4c37f73edfbbedb69ee446e81f45b663e5c7c9a82e2978239c2613da7e5da2365fdaeceb6e -SHA512 (squid-5.0.6.tar.xz.asc) = 5caafb63926356813a0409f3c6a303c70e938f71cdd4cbc8bbbbbbb4a858b1aa91d59edcca4b63e1452ca95c18da46963c43b9e8f63f2e459342e447a02f2107 +SHA512 (squid-5.1.tar.xz) = 55792ab268e360132336f074b1e674a11931bf2f89745775aa047d85bfc4fd7bd9c97e9d1358a46e599def1173fefa4f1886dd3f0ba35e6c80da5241cf5bf581 +SHA512 (squid-5.1.tar.xz.asc) = cb1b7ca9a29ccecc7bdf39433f448a8e6022ae3610110653c16e57c642bd8c415ad4ad78c8d6e09a93ebb4787725b6ea147a865dcb27f840dd7af0af61195f07 SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 diff --git a/squid.spec b/squid.spec index 85dc517..b7b89fa 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 5.0.6 -Release: 2%{?dist} +Version: 5.1 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -339,6 +339,9 @@ fi %changelog +* Thu Aug 05 2021 Luboš Uhliarik - 7:5.1-1 +- new version 5.1 + * Fri Jul 23 2021 Fedora Release Engineering - 7:5.0.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild From 1f442bae8a43380cbb7760764738a75599596711 Mon Sep 17 00:00:00 2001 From: Sahana Prasad Date: Tue, 14 Sep 2021 19:15:33 +0200 Subject: [PATCH 074/124] Rebuilt with OpenSSL 3.0.0 --- squid.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index b7b89fa..dec81a3 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 5.1 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -339,6 +339,9 @@ fi %changelog +* Tue Sep 14 2021 Sahana Prasad - 7:5.1-2 +- Rebuilt with OpenSSL 3.0.0 + * Thu Aug 05 2021 Luboš Uhliarik - 7:5.1-1 - new version 5.1 From c5a28774577b32ddc6267f5b1e01c595a3e968d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Tue, 5 Oct 2021 13:08:18 +0200 Subject: [PATCH 075/124] new version 5.2 (#2010109) Resolves: #1934559 - squid: out-of-bounds read in WCCP protocol --- sources | 4 ++-- squid.spec | 17 ++++++++++++----- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/sources b/sources index cadf4d7..0f57160 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-5.1.tar.xz) = 55792ab268e360132336f074b1e674a11931bf2f89745775aa047d85bfc4fd7bd9c97e9d1358a46e599def1173fefa4f1886dd3f0ba35e6c80da5241cf5bf581 -SHA512 (squid-5.1.tar.xz.asc) = cb1b7ca9a29ccecc7bdf39433f448a8e6022ae3610110653c16e57c642bd8c415ad4ad78c8d6e09a93ebb4787725b6ea147a865dcb27f840dd7af0af61195f07 +SHA512 (squid-5.2.tar.xz) = 0e5d57baf50a9a35ac4b28fee86d736311c7736ee460de8a7e739534aa4b24f8697836797c33da5c4899763672275af03ffabf4f811c7b833ba569e977c1a7e5 +SHA512 (squid-5.2.tar.xz.asc) = 0af0c51186b0533fd2670b62111438ca5d8de33343996fd254129ad1bf96ff8c0f9dfeeaefa1426bcd9802ae0b5503785cdfe7c1dc185224a2234d4fcf8c67b3 SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 diff --git a/squid.spec b/squid.spec index dec81a3..02c62df 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 5.1 -Release: 2%{?dist} +Version: 5.2 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -35,6 +35,10 @@ Patch204: squid-3.5.9-include-guards.patch # revert this upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=1936422 # workaround for #1934919 Patch205: squid-5.0.5-symlink-lang-err.patch +# fix openssl3 build failures +Patch206: squid-5.2-openssl3.patch +# fix -lto build failure +Patch207: squid-5.2-test-store-cppsuite.patch # cache_swap.sh Requires: bash gawk @@ -105,15 +109,14 @@ lookup program (dnsserver), a program for retrieving FTP data %patch203 -p1 -b .perlpath %patch204 -p0 -b .include-guards %patch205 -p1 -R -b .symlink-lang-err +%patch206 -p1 -b .openssl3 +%patch207 -p1 -b .flto # https://bugzilla.redhat.com/show_bug.cgi?id=1679526 # Patch in the vendor documentation and used different location for documentation sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented|' src/squid.8.in %build -# This package fails its testsuite when LTO is enabled. This needs further -# investigation -%define _lto_cflags %{nil} # NIS helper has been removed because of the following bug # https://bugzilla.redhat.com/show_bug.cgi?id=1531540 @@ -339,6 +342,10 @@ fi %changelog +* Tue Oct 05 2021 Luboš Uhliarik - 7:5.2-1 +- new version 5.2 (#2010109) +- Resolves: #1934559 - squid: out-of-bounds read in WCCP protocol + * Tue Sep 14 2021 Sahana Prasad - 7:5.1-2 - Rebuilt with OpenSSL 3.0.0 From ed2947e56b61a1b40f01474d534664fb0be25dc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Tue, 5 Oct 2021 13:20:38 +0200 Subject: [PATCH 076/124] Add missing patch file fixing openssl3 build. --- squid-5.2-openssl3.patch | 185 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 185 insertions(+) create mode 100644 squid-5.2-openssl3.patch diff --git a/squid-5.2-openssl3.patch b/squid-5.2-openssl3.patch new file mode 100644 index 0000000..32ff6ee --- /dev/null +++ b/squid-5.2-openssl3.patch @@ -0,0 +1,185 @@ +diff --git a/src/ssl/support.cc b/src/ssl/support.cc +index 3ad135d..73912ce 100644 +--- a/src/ssl/support.cc ++++ b/src/ssl/support.cc +@@ -557,7 +557,11 @@ Ssl::VerifyCallbackParameters::At(Security::Connection &sconn) + } + + // "dup" function for SSL_get_ex_new_index("cert_err_check") +-#if SQUID_USE_CONST_CRYPTO_EX_DATA_DUP ++#if OPENSSL_VERSION_MAJOR >= 3 ++static int ++ssl_dupAclChecklist(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void **, ++ int, long, void *) ++#elif SQUID_USE_CONST_CRYPTO_EX_DATA_DUP + static int + ssl_dupAclChecklist(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void *, + int, long, void *) +diff --git a/src/security/PeerOptions.cc b/src/security/PeerOptions.cc +index cf1d4ba..4346ba5 100644 +--- a/src/security/PeerOptions.cc ++++ b/src/security/PeerOptions.cc +@@ -297,130 +297,130 @@ static struct ssl_option { + + } ssl_options[] = { + +-#if SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG ++#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG + { + "NETSCAPE_REUSE_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG + }, + #endif +-#if SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG ++#ifdef SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG + { + "SSLREF2_REUSE_CERT_TYPE_BUG", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG + }, + #endif +-#if SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER ++#ifdef SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER + { + "MICROSOFT_BIG_SSLV3_BUFFER", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER + }, + #endif +-#if SSL_OP_SSLEAY_080_CLIENT_DH_BUG ++#ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG + { + "SSLEAY_080_CLIENT_DH_BUG", SSL_OP_SSLEAY_080_CLIENT_DH_BUG + }, + #endif +-#if SSL_OP_TLS_D5_BUG ++#ifdef SSL_OP_TLS_D5_BUG + { + "TLS_D5_BUG", SSL_OP_TLS_D5_BUG + }, + #endif +-#if SSL_OP_TLS_BLOCK_PADDING_BUG ++#ifdef SSL_OP_TLS_BLOCK_PADDING_BUG + { + "TLS_BLOCK_PADDING_BUG", SSL_OP_TLS_BLOCK_PADDING_BUG + }, + #endif +-#if SSL_OP_TLS_ROLLBACK_BUG ++#ifdef SSL_OP_TLS_ROLLBACK_BUG + { + "TLS_ROLLBACK_BUG", SSL_OP_TLS_ROLLBACK_BUG + }, + #endif +-#if SSL_OP_ALL ++#ifdef SSL_OP_ALL + { + "ALL", (long)SSL_OP_ALL + }, + #endif +-#if SSL_OP_SINGLE_DH_USE ++#ifdef SSL_OP_SINGLE_DH_USE + { + "SINGLE_DH_USE", SSL_OP_SINGLE_DH_USE + }, + #endif +-#if SSL_OP_EPHEMERAL_RSA ++#ifdef SSL_OP_EPHEMERAL_RSA + { + "EPHEMERAL_RSA", SSL_OP_EPHEMERAL_RSA + }, + #endif +-#if SSL_OP_PKCS1_CHECK_1 ++#ifdef SSL_OP_PKCS1_CHECK_1 + { + "PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1 + }, + #endif +-#if SSL_OP_PKCS1_CHECK_2 ++#ifdef SSL_OP_PKCS1_CHECK_2 + { + "PKCS1_CHECK_2", SSL_OP_PKCS1_CHECK_2 + }, + #endif +-#if SSL_OP_NETSCAPE_CA_DN_BUG ++#ifdef SSL_OP_NETSCAPE_CA_DN_BUG + { + "NETSCAPE_CA_DN_BUG", SSL_OP_NETSCAPE_CA_DN_BUG + }, + #endif +-#if SSL_OP_NON_EXPORT_FIRST ++#ifdef SSL_OP_NON_EXPORT_FIRST + { + "NON_EXPORT_FIRST", SSL_OP_NON_EXPORT_FIRST + }, + #endif +-#if SSL_OP_CIPHER_SERVER_PREFERENCE ++#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE + { + "CIPHER_SERVER_PREFERENCE", SSL_OP_CIPHER_SERVER_PREFERENCE + }, + #endif +-#if SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG ++#ifdef SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG + { + "NETSCAPE_DEMO_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG + }, + #endif +-#if SSL_OP_NO_SSLv3 ++#ifdef SSL_OP_NO_SSLv3 + { + "NO_SSLv3", SSL_OP_NO_SSLv3 + }, + #endif +-#if SSL_OP_NO_TLSv1 ++#ifdef SSL_OP_NO_TLSv1 + { + "NO_TLSv1", SSL_OP_NO_TLSv1 + }, + #else + { "NO_TLSv1", 0 }, + #endif +-#if SSL_OP_NO_TLSv1_1 ++#ifdef SSL_OP_NO_TLSv1_1 + { + "NO_TLSv1_1", SSL_OP_NO_TLSv1_1 + }, + #else + { "NO_TLSv1_1", 0 }, + #endif +-#if SSL_OP_NO_TLSv1_2 ++#ifdef SSL_OP_NO_TLSv1_2 + { + "NO_TLSv1_2", SSL_OP_NO_TLSv1_2 + }, + #else + { "NO_TLSv1_2", 0 }, + #endif +-#if SSL_OP_NO_TLSv1_3 ++#ifdef SSL_OP_NO_TLSv1_3 + { + "NO_TLSv1_3", SSL_OP_NO_TLSv1_3 + }, + #else + { "NO_TLSv1_3", 0 }, + #endif +-#if SSL_OP_NO_COMPRESSION ++#ifdef SSL_OP_NO_COMPRESSION + { + "No_Compression", SSL_OP_NO_COMPRESSION + }, + #endif +-#if SSL_OP_NO_TICKET ++#ifdef SSL_OP_NO_TICKET + { + "NO_TICKET", SSL_OP_NO_TICKET + }, + #endif +-#if SSL_OP_SINGLE_ECDH_USE ++#ifdef SSL_OP_SINGLE_ECDH_USE + { + "SINGLE_ECDH_USE", SSL_OP_SINGLE_ECDH_USE + }, +@@ -512,7 +512,7 @@ Security::PeerOptions::parseOptions() + + } + +-#if SSL_OP_NO_SSLv2 ++#ifdef SSL_OP_NO_SSLv2 + // compliance with RFC 6176: Prohibiting Secure Sockets Layer (SSL) Version 2.0 + op = op | SSL_OP_NO_SSLv2; + #endif From d1a0600227fdb02763656a5b93b6875ac30cc8b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Tue, 5 Oct 2021 13:28:35 +0200 Subject: [PATCH 077/124] CI: Add gating.yaml file --- gating.yaml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 gating.yaml diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..0c1cc35 --- /dev/null +++ b/gating.yaml @@ -0,0 +1,7 @@ +--- !Policy +product_versions: + - fedora-* +decision_contexts: [bodhi_update_push_stable] +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} From 16f685d837dd97bca2dbc0295eaa400fec9c110c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Tue, 5 Oct 2021 13:44:36 +0200 Subject: [PATCH 078/124] Add another missing patch... --- squid-5.2-test-store-cppsuite.patch | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 squid-5.2-test-store-cppsuite.patch diff --git a/squid-5.2-test-store-cppsuite.patch b/squid-5.2-test-store-cppsuite.patch new file mode 100644 index 0000000..d7c52be --- /dev/null +++ b/squid-5.2-test-store-cppsuite.patch @@ -0,0 +1,24 @@ +diff --git a/src/tests/testStoreHashIndex.cc b/src/tests/testStoreHashIndex.cc +index 0564380..fcd60b9 100644 +--- a/src/tests/testStoreHashIndex.cc ++++ b/src/tests/testStoreHashIndex.cc +@@ -102,6 +102,8 @@ void commonInit() + if (inited) + return; + ++ inited = true; ++ + Mem::Init(); + + Config.Store.avgObjectSize = 1024; +@@ -109,6 +111,10 @@ void commonInit() + Config.Store.objectsPerBucket = 20; + + Config.Store.maxObjectSize = 2048; ++ ++ Config.memShared.defaultTo(false); ++ ++ Config.store_dir_select_algorithm = xstrdup("round-robin"); + } + + /* TODO make this a cbdata class */ From b6515114b288c559b053a7c52552a027be1a92c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Branislav=20N=C3=A1ter?= Date: Wed, 10 Nov 2021 14:18:37 +0100 Subject: [PATCH 079/124] Adding 'testing' decision context --- gating.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/gating.yaml b/gating.yaml index 0c1cc35..d2f0c2e 100644 --- a/gating.yaml +++ b/gating.yaml @@ -1,4 +1,13 @@ --- !Policy +product_versions: + - fedora-* +decision_contexts: [bodhi_update_push_testing] +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + +#gating rawhide +--- !Policy product_versions: - fedora-* decision_contexts: [bodhi_update_push_stable] From 7628dce7d8930e752d6288c15811e6d340f30911 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 22 Jan 2022 01:34:00 +0000 Subject: [PATCH 080/124] - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- squid.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index 02c62df..f3a41f0 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 5.2 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -342,6 +342,9 @@ fi %changelog +* Sat Jan 22 2022 Fedora Release Engineering - 7:5.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + * Tue Oct 05 2021 Luboš Uhliarik - 7:5.2-1 - new version 5.2 (#2010109) - Resolves: #1934559 - squid: out-of-bounds read in WCCP protocol From 1cd94f5079ab808de5003d36ecf0fc46b7aacc0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Wed, 9 Feb 2022 03:10:23 +0100 Subject: [PATCH 081/124] new version 5.4 --- sources | 4 ++-- squid-3.0.STABLE1-perlpath.patch | 2 +- squid-5.0.5-symlink-lang-err.patch | 12 ------------ squid.spec | 7 +++++-- 4 files changed, 8 insertions(+), 17 deletions(-) diff --git a/sources b/sources index 0f57160..273cc3a 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-5.2.tar.xz) = 0e5d57baf50a9a35ac4b28fee86d736311c7736ee460de8a7e739534aa4b24f8697836797c33da5c4899763672275af03ffabf4f811c7b833ba569e977c1a7e5 -SHA512 (squid-5.2.tar.xz.asc) = 0af0c51186b0533fd2670b62111438ca5d8de33343996fd254129ad1bf96ff8c0f9dfeeaefa1426bcd9802ae0b5503785cdfe7c1dc185224a2234d4fcf8c67b3 +SHA512 (squid-5.4.tar.xz) = db0a4de8cd21199c12fad95c53b622f1334994f831f950a7f8d7383d1ea3c931545912faa03ca955bb736eebb89493c0b195f0aede1fecc54f28f6dfc11fe8af +SHA512 (squid-5.4.tar.xz.asc) = bc3a6eee5e7b11b619f1181458908fe728cf9a5a12f045238098b360c577ac70f914cefff6db3a8f1b28dea65b1fa70c0f6f122c0e12ada01630a1970f8f34c4 SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 diff --git a/squid-3.0.STABLE1-perlpath.patch b/squid-3.0.STABLE1-perlpath.patch index 9cb5e81..d927e43 100644 --- a/squid-3.0.STABLE1-perlpath.patch +++ b/squid-3.0.STABLE1-perlpath.patch @@ -6,5 +6,5 @@ index 4cb0480..4b89910 100755 -#!/usr/local/bin/perl -Tw +#!/usr/bin/perl -Tw # - # * Copyright (C) 1996-2021 The Squid Software Foundation and contributors + # * Copyright (C) 1996-2022 The Squid Software Foundation and contributors # * diff --git a/squid-5.0.5-symlink-lang-err.patch b/squid-5.0.5-symlink-lang-err.patch index 29b5e2c..45d6fe9 100644 --- a/squid-5.0.5-symlink-lang-err.patch +++ b/squid-5.0.5-symlink-lang-err.patch @@ -24,18 +24,6 @@ index 7670c88380c..f03c4cf71b4 100644 ro.lang \ - ru.lang + ru.lang -diff --git a/errors/TRANSLATORS b/errors/TRANSLATORS -index e29bf707678..6ee2df637ad 100644 ---- a/errors/TRANSLATORS -+++ b/errors/TRANSLATORS -@@ -21,6 +21,7 @@ and ideas to make Squid available as multi-langual software. - George Machitidze - Henrik Nordström - Ivan Masár -+ Javier Pacheco - John 'Profic' Ustiuzhanin - Leandro Cesar Nardini Frasson - liuyongbing diff --git a/errors/aliases b/errors/aliases index 36f17f4b80f..cf0116f297d 100644 --- a/errors/aliases diff --git a/squid.spec b/squid.spec index f3a41f0..f838ba8 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 5.2 -Release: 2%{?dist} +Version: 5.4 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -342,6 +342,9 @@ fi %changelog +* Wed Feb 09 2022 Luboš Uhliarik - 7:5.4-1 +- new version 5.4 + * Sat Jan 22 2022 Fedora Release Engineering - 7:5.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild From 87b80ce965f88776e4dfde892c8f84661a02ad5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Wed, 20 Apr 2022 09:34:04 +0200 Subject: [PATCH 082/124] new version 5.5 Resolves: #2053799 - squid-5.5 is available --- sources | 4 ++-- squid.spec | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/sources b/sources index 273cc3a..994fe87 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-5.4.tar.xz) = db0a4de8cd21199c12fad95c53b622f1334994f831f950a7f8d7383d1ea3c931545912faa03ca955bb736eebb89493c0b195f0aede1fecc54f28f6dfc11fe8af -SHA512 (squid-5.4.tar.xz.asc) = bc3a6eee5e7b11b619f1181458908fe728cf9a5a12f045238098b360c577ac70f914cefff6db3a8f1b28dea65b1fa70c0f6f122c0e12ada01630a1970f8f34c4 +SHA512 (squid-5.5.tar.xz) = f506f8cc01d59e36432d08eebd68332ef002c931425d6f95bbae7ed35281bbca453db85aba3d765913ce5d38160c48a328c322b31a1bcdcfc7f0a821d420d2c0 +SHA512 (squid-5.5.tar.xz.asc) = 57d5d5b6f714fc26e427a3756756296ecba3e61a48b4dcbfff2da2330f036f3c6c1bc7f05acf59fc33c855972e57bc0a4d8fb2c3bdd82fb1487eb5a6d4518a8f SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 diff --git a/squid.spec b/squid.spec index f838ba8..c71c6c6 100644 --- a/squid.spec +++ b/squid.spec @@ -1,7 +1,7 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 5.4 +Version: 5.5 Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 @@ -342,6 +342,10 @@ fi %changelog +* Wed Apr 20 2022 Luboš Uhliarik - 7:5.5-1 +- new version 5.5 +- Resolves: #2053799 - squid-5.5 is available + * Wed Feb 09 2022 Luboš Uhliarik - 7:5.4-1 - new version 5.4 From 0f548f718dcb3fb5db886164010b07fc0c37b2b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Mon, 27 Jun 2022 14:15:40 +0200 Subject: [PATCH 083/124] new version 5.6 --- sources | 4 ++-- squid.spec | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/sources b/sources index 994fe87..523d744 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-5.5.tar.xz) = f506f8cc01d59e36432d08eebd68332ef002c931425d6f95bbae7ed35281bbca453db85aba3d765913ce5d38160c48a328c322b31a1bcdcfc7f0a821d420d2c0 -SHA512 (squid-5.5.tar.xz.asc) = 57d5d5b6f714fc26e427a3756756296ecba3e61a48b4dcbfff2da2330f036f3c6c1bc7f05acf59fc33c855972e57bc0a4d8fb2c3bdd82fb1487eb5a6d4518a8f +SHA512 (squid-5.6.tar.xz) = 940a4d21ea8e3384642951d80c501a192178d1220f06a59a7bc54ce86d49caea0a86b6e789e28bcb7125ffa2a564ca1aca886a96cccf6356314121a81f38221a +SHA512 (squid-5.6.tar.xz.asc) = dcb3c33c098200a5bb289fcefe0cb8d69c8d65c99dfc536c0b9d1b2ef51427e5e05e987b3e31eab33b2c1e48885d5cfa2ec33a50cf6b3685306fd16a35a4d0bf SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 diff --git a/squid.spec b/squid.spec index c71c6c6..efddac7 100644 --- a/squid.spec +++ b/squid.spec @@ -1,7 +1,7 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 5.5 +Version: 5.6 Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 @@ -342,6 +342,9 @@ fi %changelog +* Mon Jun 27 2022 Luboš Uhliarik - 7:5.6-1 +- new version 5.6 + * Wed Apr 20 2022 Luboš Uhliarik - 7:5.5-1 - new version 5.5 - Resolves: #2053799 - squid-5.5 is available From 429921391fa5689f85412949f71eaa205ad55290 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 23 Jul 2022 09:19:10 +0000 Subject: [PATCH 084/124] Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- squid.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index efddac7..449f18b 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 5.6 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -342,6 +342,9 @@ fi %changelog +* Sat Jul 23 2022 Fedora Release Engineering - 7:5.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + * Mon Jun 27 2022 Luboš Uhliarik - 7:5.6-1 - new version 5.6 From b6675637de95c4685a687111375aa85c7b937cf3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Tue, 6 Sep 2022 09:17:41 +0200 Subject: [PATCH 085/124] - new version 5.7 - remove openssl3 patch - already in upstream - remove -lfto patch which is also alrady in upstream --- sources | 4 +- squid-5.2-openssl3.patch | 185 ---------------------------- squid-5.2-test-store-cppsuite.patch | 24 ---- squid.spec | 13 +- 4 files changed, 7 insertions(+), 219 deletions(-) delete mode 100644 squid-5.2-openssl3.patch delete mode 100644 squid-5.2-test-store-cppsuite.patch diff --git a/sources b/sources index 523d744..5bea984 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-5.6.tar.xz) = 940a4d21ea8e3384642951d80c501a192178d1220f06a59a7bc54ce86d49caea0a86b6e789e28bcb7125ffa2a564ca1aca886a96cccf6356314121a81f38221a -SHA512 (squid-5.6.tar.xz.asc) = dcb3c33c098200a5bb289fcefe0cb8d69c8d65c99dfc536c0b9d1b2ef51427e5e05e987b3e31eab33b2c1e48885d5cfa2ec33a50cf6b3685306fd16a35a4d0bf +SHA512 (squid-5.7.tar.xz) = 624a39041a6ceda6c470dc0937616f1aa67200f3db02b4d74095d8d706ed31d6df5e0417dcacde45f6be40b617bee018849793d52c96a626aab32a2b182972aa +SHA512 (squid-5.7.tar.xz.asc) = e8578d3dc0ecff0cb4a0d53375564f782b51c218276413a1b3b924396846a2cbca1f3ff8d53b247d210e4f63e553d89795a5b8b6972b7712d87c33b556076238 SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 diff --git a/squid-5.2-openssl3.patch b/squid-5.2-openssl3.patch deleted file mode 100644 index 32ff6ee..0000000 --- a/squid-5.2-openssl3.patch +++ /dev/null @@ -1,185 +0,0 @@ -diff --git a/src/ssl/support.cc b/src/ssl/support.cc -index 3ad135d..73912ce 100644 ---- a/src/ssl/support.cc -+++ b/src/ssl/support.cc -@@ -557,7 +557,11 @@ Ssl::VerifyCallbackParameters::At(Security::Connection &sconn) - } - - // "dup" function for SSL_get_ex_new_index("cert_err_check") --#if SQUID_USE_CONST_CRYPTO_EX_DATA_DUP -+#if OPENSSL_VERSION_MAJOR >= 3 -+static int -+ssl_dupAclChecklist(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void **, -+ int, long, void *) -+#elif SQUID_USE_CONST_CRYPTO_EX_DATA_DUP - static int - ssl_dupAclChecklist(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void *, - int, long, void *) -diff --git a/src/security/PeerOptions.cc b/src/security/PeerOptions.cc -index cf1d4ba..4346ba5 100644 ---- a/src/security/PeerOptions.cc -+++ b/src/security/PeerOptions.cc -@@ -297,130 +297,130 @@ static struct ssl_option { - - } ssl_options[] = { - --#if SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG -+#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - { - "NETSCAPE_REUSE_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - }, - #endif --#if SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG -+#ifdef SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG - { - "SSLREF2_REUSE_CERT_TYPE_BUG", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG - }, - #endif --#if SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER -+#ifdef SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER - { - "MICROSOFT_BIG_SSLV3_BUFFER", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER - }, - #endif --#if SSL_OP_SSLEAY_080_CLIENT_DH_BUG -+#ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG - { - "SSLEAY_080_CLIENT_DH_BUG", SSL_OP_SSLEAY_080_CLIENT_DH_BUG - }, - #endif --#if SSL_OP_TLS_D5_BUG -+#ifdef SSL_OP_TLS_D5_BUG - { - "TLS_D5_BUG", SSL_OP_TLS_D5_BUG - }, - #endif --#if SSL_OP_TLS_BLOCK_PADDING_BUG -+#ifdef SSL_OP_TLS_BLOCK_PADDING_BUG - { - "TLS_BLOCK_PADDING_BUG", SSL_OP_TLS_BLOCK_PADDING_BUG - }, - #endif --#if SSL_OP_TLS_ROLLBACK_BUG -+#ifdef SSL_OP_TLS_ROLLBACK_BUG - { - "TLS_ROLLBACK_BUG", SSL_OP_TLS_ROLLBACK_BUG - }, - #endif --#if SSL_OP_ALL -+#ifdef SSL_OP_ALL - { - "ALL", (long)SSL_OP_ALL - }, - #endif --#if SSL_OP_SINGLE_DH_USE -+#ifdef SSL_OP_SINGLE_DH_USE - { - "SINGLE_DH_USE", SSL_OP_SINGLE_DH_USE - }, - #endif --#if SSL_OP_EPHEMERAL_RSA -+#ifdef SSL_OP_EPHEMERAL_RSA - { - "EPHEMERAL_RSA", SSL_OP_EPHEMERAL_RSA - }, - #endif --#if SSL_OP_PKCS1_CHECK_1 -+#ifdef SSL_OP_PKCS1_CHECK_1 - { - "PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1 - }, - #endif --#if SSL_OP_PKCS1_CHECK_2 -+#ifdef SSL_OP_PKCS1_CHECK_2 - { - "PKCS1_CHECK_2", SSL_OP_PKCS1_CHECK_2 - }, - #endif --#if SSL_OP_NETSCAPE_CA_DN_BUG -+#ifdef SSL_OP_NETSCAPE_CA_DN_BUG - { - "NETSCAPE_CA_DN_BUG", SSL_OP_NETSCAPE_CA_DN_BUG - }, - #endif --#if SSL_OP_NON_EXPORT_FIRST -+#ifdef SSL_OP_NON_EXPORT_FIRST - { - "NON_EXPORT_FIRST", SSL_OP_NON_EXPORT_FIRST - }, - #endif --#if SSL_OP_CIPHER_SERVER_PREFERENCE -+#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE - { - "CIPHER_SERVER_PREFERENCE", SSL_OP_CIPHER_SERVER_PREFERENCE - }, - #endif --#if SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG -+#ifdef SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG - { - "NETSCAPE_DEMO_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG - }, - #endif --#if SSL_OP_NO_SSLv3 -+#ifdef SSL_OP_NO_SSLv3 - { - "NO_SSLv3", SSL_OP_NO_SSLv3 - }, - #endif --#if SSL_OP_NO_TLSv1 -+#ifdef SSL_OP_NO_TLSv1 - { - "NO_TLSv1", SSL_OP_NO_TLSv1 - }, - #else - { "NO_TLSv1", 0 }, - #endif --#if SSL_OP_NO_TLSv1_1 -+#ifdef SSL_OP_NO_TLSv1_1 - { - "NO_TLSv1_1", SSL_OP_NO_TLSv1_1 - }, - #else - { "NO_TLSv1_1", 0 }, - #endif --#if SSL_OP_NO_TLSv1_2 -+#ifdef SSL_OP_NO_TLSv1_2 - { - "NO_TLSv1_2", SSL_OP_NO_TLSv1_2 - }, - #else - { "NO_TLSv1_2", 0 }, - #endif --#if SSL_OP_NO_TLSv1_3 -+#ifdef SSL_OP_NO_TLSv1_3 - { - "NO_TLSv1_3", SSL_OP_NO_TLSv1_3 - }, - #else - { "NO_TLSv1_3", 0 }, - #endif --#if SSL_OP_NO_COMPRESSION -+#ifdef SSL_OP_NO_COMPRESSION - { - "No_Compression", SSL_OP_NO_COMPRESSION - }, - #endif --#if SSL_OP_NO_TICKET -+#ifdef SSL_OP_NO_TICKET - { - "NO_TICKET", SSL_OP_NO_TICKET - }, - #endif --#if SSL_OP_SINGLE_ECDH_USE -+#ifdef SSL_OP_SINGLE_ECDH_USE - { - "SINGLE_ECDH_USE", SSL_OP_SINGLE_ECDH_USE - }, -@@ -512,7 +512,7 @@ Security::PeerOptions::parseOptions() - - } - --#if SSL_OP_NO_SSLv2 -+#ifdef SSL_OP_NO_SSLv2 - // compliance with RFC 6176: Prohibiting Secure Sockets Layer (SSL) Version 2.0 - op = op | SSL_OP_NO_SSLv2; - #endif diff --git a/squid-5.2-test-store-cppsuite.patch b/squid-5.2-test-store-cppsuite.patch deleted file mode 100644 index d7c52be..0000000 --- a/squid-5.2-test-store-cppsuite.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff --git a/src/tests/testStoreHashIndex.cc b/src/tests/testStoreHashIndex.cc -index 0564380..fcd60b9 100644 ---- a/src/tests/testStoreHashIndex.cc -+++ b/src/tests/testStoreHashIndex.cc -@@ -102,6 +102,8 @@ void commonInit() - if (inited) - return; - -+ inited = true; -+ - Mem::Init(); - - Config.Store.avgObjectSize = 1024; -@@ -109,6 +111,10 @@ void commonInit() - Config.Store.objectsPerBucket = 20; - - Config.Store.maxObjectSize = 2048; -+ -+ Config.memShared.defaultTo(false); -+ -+ Config.store_dir_select_algorithm = xstrdup("round-robin"); - } - - /* TODO make this a cbdata class */ diff --git a/squid.spec b/squid.spec index 449f18b..40a161f 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 5.6 -Release: 2%{?dist} +Version: 5.7 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -35,10 +35,6 @@ Patch204: squid-3.5.9-include-guards.patch # revert this upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=1936422 # workaround for #1934919 Patch205: squid-5.0.5-symlink-lang-err.patch -# fix openssl3 build failures -Patch206: squid-5.2-openssl3.patch -# fix -lto build failure -Patch207: squid-5.2-test-store-cppsuite.patch # cache_swap.sh Requires: bash gawk @@ -109,8 +105,6 @@ lookup program (dnsserver), a program for retrieving FTP data %patch203 -p1 -b .perlpath %patch204 -p0 -b .include-guards %patch205 -p1 -R -b .symlink-lang-err -%patch206 -p1 -b .openssl3 -%patch207 -p1 -b .flto # https://bugzilla.redhat.com/show_bug.cgi?id=1679526 # Patch in the vendor documentation and used different location for documentation @@ -342,6 +336,9 @@ fi %changelog +* Tue Sep 06 2022 Luboš Uhliarik - 7:5.7-1 +- new version 5.7 + * Sat Jul 23 2022 Fedora Release Engineering - 7:5.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild From 1e6d0f7e8cb8ddfe44e177bd22bd2b0d23abf10e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Wed, 12 Oct 2022 13:46:39 +0200 Subject: [PATCH 086/124] Provide a sysusers.d file to get user() and group() provides (#2134071) --- squid.spec | 26 +++++++++++++------------- squid.sysusers | 2 ++ 2 files changed, 15 insertions(+), 13 deletions(-) create mode 100644 squid.sysusers diff --git a/squid.spec b/squid.spec index 40a161f..c660e3e 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 5.7 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -18,6 +18,7 @@ Source5: squid.pam Source6: squid.nm Source7: squid.service Source8: cache_swap.sh +Source9: squid.sysusers Source98: perl-requires-squid.sh @@ -41,9 +42,10 @@ Requires: bash gawk # for httpd conf file - cachemgr script alias Requires: httpd-filesystem Requires(pre): shadow-utils -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd + +%systemd_requires +%{?sysusers_requires_compat} + # squid_ldap_auth and other LDAP helpers require OpenLDAP BuildRequires: make BuildRequires: openldap-devel @@ -224,6 +226,8 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/squid/squid.conf.documented # remove unpackaged files from the buildroot rm -f $RPM_BUILD_ROOT/squid.httpd.tmp +# sysusers.d +install -p -D -m 0644 %{SOURCE9} %{buildroot}%{_sysusersdir}/squid.conf %files %license COPYING @@ -265,15 +269,10 @@ rm -f $RPM_BUILD_ROOT/squid.httpd.tmp %{_libdir}/squid/* %{_datadir}/snmp/mibs/SQUID-MIB.txt %{_tmpfilesdir}/squid.conf +%{_sysusersdir}/squid.conf %pre -if ! getent group squid >/dev/null 2>&1; then - /usr/sbin/groupadd -g 23 squid -fi - -if ! getent passwd squid >/dev/null 2>&1 ; then - /usr/sbin/useradd -g 23 -u 23 -d /var/spool/squid -r -s /sbin/nologin squid >/dev/null 2>&1 || exit 1 -fi +%sysusers_create_compat %{SOURCE9} for i in /var/log/squid /var/spool/squid ; do if [ -d $i ] ; then @@ -316,8 +315,6 @@ do end end - - %post %systemd_post squid.service @@ -336,6 +333,9 @@ fi %changelog +* Wed Oct 12 2022 Luboš Uhliarik - 7:5.7-2 +- Provide a sysusers.d file to get user() and group() provides (#2134071) + * Tue Sep 06 2022 Luboš Uhliarik - 7:5.7-1 - new version 5.7 diff --git a/squid.sysusers b/squid.sysusers new file mode 100644 index 0000000..f9cc56b --- /dev/null +++ b/squid.sysusers @@ -0,0 +1,2 @@ +g squid 23 - +u squid 23 "Squid proxy user" /var/spool/squid /sbin/nologin From 3d9c5a32eb74cbf49edacb29be7b8c9ed77b1641 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Wed, 12 Oct 2022 14:55:57 +0200 Subject: [PATCH 087/124] Fix spec file & build --- squid.spec | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/squid.spec b/squid.spec index c660e3e..2cf01e6 100644 --- a/squid.spec +++ b/squid.spec @@ -41,10 +41,6 @@ Patch205: squid-5.0.5-symlink-lang-err.patch Requires: bash gawk # for httpd conf file - cachemgr script alias Requires: httpd-filesystem -Requires(pre): shadow-utils - -%systemd_requires -%{?sysusers_requires_compat} # squid_ldap_auth and other LDAP helpers require OpenLDAP BuildRequires: make @@ -77,6 +73,8 @@ BuildRequires: systemd-rpm-macros # systemd notify BuildRequires: systemd-devel +%{?systemd_requires} +%{?sysusers_requires_compat} # Old NetworkManager expects the dispatcher scripts in a different place Conflicts: NetworkManager < 1.20 From d298212c7742da5c42bb97431d940eec9d50efc4 Mon Sep 17 00:00:00 2001 From: Tomas Korbar Date: Mon, 5 Dec 2022 15:07:20 +0100 Subject: [PATCH 088/124] Backport adding IP_BIND_ADDRESS_NO_PORT flag to outgoing connections --- squid-5.7-ip-bind-address-no-port.patch | 156 ++++++++++++++++++++++++ squid.spec | 7 +- 2 files changed, 162 insertions(+), 1 deletion(-) create mode 100644 squid-5.7-ip-bind-address-no-port.patch diff --git a/squid-5.7-ip-bind-address-no-port.patch b/squid-5.7-ip-bind-address-no-port.patch new file mode 100644 index 0000000..55d9597 --- /dev/null +++ b/squid-5.7-ip-bind-address-no-port.patch @@ -0,0 +1,156 @@ +commit c54122584d175cf1d292b239a5b70f2d1aa77c3a +Author: Tomas Korbar +Date: Mon Dec 5 15:03:07 2022 +0100 + + Backport adding IP_BIND_ADDRESS_NO_PORT flag to outgoing connections + +diff --git a/src/comm.cc b/src/comm.cc +index b4818f3..b18d175 100644 +--- a/src/comm.cc ++++ b/src/comm.cc +@@ -59,6 +59,7 @@ + */ + + static IOCB commHalfClosedReader; ++static int comm_openex(int sock_type, int proto, Ip::Address &, int flags, const char *note); + static void comm_init_opened(const Comm::ConnectionPointer &conn, const char *note, struct addrinfo *AI); + static int comm_apply_flags(int new_socket, Ip::Address &addr, int flags, struct addrinfo *AI); + +@@ -76,6 +77,7 @@ static EVH commHalfClosedCheck; + static void commPlanHalfClosedCheck(); + + static Comm::Flag commBind(int s, struct addrinfo &); ++static void commSetBindAddressNoPort(int); + static void commSetReuseAddr(int); + static void commSetNoLinger(int); + #ifdef TCP_NODELAY +@@ -202,6 +204,22 @@ comm_local_port(int fd) + return F->local_addr.port(); + } + ++/// sets the IP_BIND_ADDRESS_NO_PORT socket option to optimize ephemeral port ++/// reuse by outgoing TCP connections that must bind(2) to a source IP address ++static void ++commSetBindAddressNoPort(const int fd) ++{ ++#if defined(IP_BIND_ADDRESS_NO_PORT) ++ int flag = 1; ++ if (setsockopt(fd, IPPROTO_IP, IP_BIND_ADDRESS_NO_PORT, reinterpret_cast(&flag), sizeof(flag)) < 0) { ++ const auto savedErrno = errno; ++ debugs(50, DBG_IMPORTANT, "ERROR: setsockopt(IP_BIND_ADDRESS_NO_PORT) failure: " << xstrerr(savedErrno)); ++ } ++#else ++ (void)fd; ++#endif ++} ++ + static Comm::Flag + commBind(int s, struct addrinfo &inaddr) + { +@@ -228,6 +246,10 @@ comm_open(int sock_type, + int flags, + const char *note) + { ++ // assume zero-port callers do not need to know the assigned port right away ++ if (sock_type == SOCK_STREAM && addr.port() == 0 && ((flags & COMM_DOBIND) || !addr.isAnyAddr())) ++ flags |= COMM_DOBIND_PORT_LATER; ++ + return comm_openex(sock_type, proto, addr, flags, note); + } + +@@ -329,7 +351,7 @@ comm_set_transparent(int fd) + * Create a socket. Default is blocking, stream (TCP) socket. IO_TYPE + * is OR of flags specified in defines.h:COMM_* + */ +-int ++static int + comm_openex(int sock_type, + int proto, + Ip::Address &addr, +@@ -488,6 +510,9 @@ comm_apply_flags(int new_socket, + } + } + #endif ++ if ((flags & COMM_DOBIND_PORT_LATER)) ++ commSetBindAddressNoPort(new_socket); ++ + if (commBind(new_socket, *AI) != Comm::OK) { + comm_close(new_socket); + return -1; +diff --git a/src/comm.h b/src/comm.h +index 5a1a7c2..a9f33db 100644 +--- a/src/comm.h ++++ b/src/comm.h +@@ -43,7 +43,6 @@ void comm_import_opened(const Comm::ConnectionPointer &, const char *note, struc + + /** + * Open a port specially bound for listening or sending through a specific port. +- * This is a wrapper providing IPv4/IPv6 failover around comm_openex(). + * Please use for all listening sockets and bind() outbound sockets. + * + * It will open a socket bound for: +@@ -59,7 +58,6 @@ void comm_import_opened(const Comm::ConnectionPointer &, const char *note, struc + int comm_open_listener(int sock_type, int proto, Ip::Address &addr, int flags, const char *note); + void comm_open_listener(int sock_type, int proto, Comm::ConnectionPointer &conn, const char *note); + +-int comm_openex(int, int, Ip::Address &, int, const char *); + unsigned short comm_local_port(int fd); + + int comm_udp_sendto(int sock, const Ip::Address &to, const void *buf, int buflen); +diff --git a/src/comm/ConnOpener.cc b/src/comm/ConnOpener.cc +index 19c1237..79fa2ed 100644 +--- a/src/comm/ConnOpener.cc ++++ b/src/comm/ConnOpener.cc +@@ -285,7 +285,7 @@ Comm::ConnOpener::createFd() + if (callback_ == NULL || callback_->canceled()) + return false; + +- temporaryFd_ = comm_openex(SOCK_STREAM, IPPROTO_TCP, conn_->local, conn_->flags, host_); ++ temporaryFd_ = comm_open(SOCK_STREAM, IPPROTO_TCP, conn_->local, conn_->flags, host_); + if (temporaryFd_ < 0) { + sendAnswer(Comm::ERR_CONNECT, 0, "Comm::ConnOpener::createFd"); + return false; +diff --git a/src/comm/Connection.h b/src/comm/Connection.h +index 40c2249..2641f4e 100644 +--- a/src/comm/Connection.h ++++ b/src/comm/Connection.h +@@ -52,6 +52,8 @@ namespace Comm + #define COMM_REUSEPORT 0x40 //< needs SO_REUSEPORT + /// not registered with Comm and not owned by any connection-closing code + #define COMM_ORPHANED 0x40 ++/// Internal Comm optimization: Keep the source port unassigned until connect(2) ++#define COMM_DOBIND_PORT_LATER 0x100 + + /** + * Store data about the physical and logical attributes of a connection. +diff --git a/src/ipc.cc b/src/ipc.cc +index 45cab52..42e11e6 100644 +--- a/src/ipc.cc ++++ b/src/ipc.cc +@@ -95,12 +95,12 @@ ipcCreate(int type, const char *prog, const char *const args[], const char *name + } else void(0) + + if (type == IPC_TCP_SOCKET) { +- crfd = cwfd = comm_open(SOCK_STREAM, ++ crfd = cwfd = comm_open_listener(SOCK_STREAM, + 0, + local_addr, + COMM_NOCLOEXEC, + name); +- prfd = pwfd = comm_open(SOCK_STREAM, ++ prfd = pwfd = comm_open_listener(SOCK_STREAM, + 0, /* protocol */ + local_addr, + 0, /* blocking */ +diff --git a/src/tests/stub_comm.cc b/src/tests/stub_comm.cc +index a1d33d6..bf4bea6 100644 +--- a/src/tests/stub_comm.cc ++++ b/src/tests/stub_comm.cc +@@ -48,7 +48,6 @@ int comm_open_uds(int sock_type, int proto, struct sockaddr_un* addr, int flags) + void comm_import_opened(const Comm::ConnectionPointer &, const char *note, struct addrinfo *AI) STUB + int comm_open_listener(int sock_type, int proto, Ip::Address &addr, int flags, const char *note) STUB_RETVAL(-1) + void comm_open_listener(int sock_type, int proto, Comm::ConnectionPointer &conn, const char *note) STUB +-int comm_openex(int, int, Ip::Address &, int, tos_t tos, nfmark_t nfmark, const char *) STUB_RETVAL(-1) + unsigned short comm_local_port(int fd) STUB_RETVAL(0) + int comm_udp_sendto(int sock, const Ip::Address &to, const void *buf, int buflen) STUB_RETVAL(-1) + void commCallCloseHandlers(int fd) STUB diff --git a/squid.spec b/squid.spec index 2cf01e6..68cb116 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 5.7 -Release: 2%{?dist} +Release: 3%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -25,6 +25,7 @@ Source98: perl-requires-squid.sh # Upstream patches # Backported patches +Patch101: squid-5.7-ip-bind-address-no-port.patch # Local patches # Applying upstream patches first makes it less likely that local patches @@ -98,6 +99,7 @@ lookup program (dnsserver), a program for retrieving FTP data # Upstream patches # Backported patches +%patch101 -p1 -b .ip-bind-address-no-port # Local patches %patch201 -p1 -b .config @@ -331,6 +333,9 @@ fi %changelog +* Mon Dec 05 2022 Tomas Korbar - 7:5.7-3 +- Backport adding IP_BIND_ADDRESS_NO_PORT flag to outgoing connections + * Wed Oct 12 2022 Luboš Uhliarik - 7:5.7-2 - Provide a sysusers.d file to get user() and group() provides (#2134071) From e59f77ea78ea664f764e448f14b157f717b207f3 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 21 Jan 2023 03:57:27 +0000 Subject: [PATCH 089/124] Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- squid.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index 68cb116..aeb4b7e 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 5.7 -Release: 3%{?dist} +Release: 4%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -333,6 +333,9 @@ fi %changelog +* Sat Jan 21 2023 Fedora Release Engineering - 7:5.7-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + * Mon Dec 05 2022 Tomas Korbar - 7:5.7-3 - Backport adding IP_BIND_ADDRESS_NO_PORT flag to outgoing connections From c4d9b668ca2a9caf3f357c3f7afd66af5061262c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Tue, 28 Feb 2023 18:28:13 +0100 Subject: [PATCH 090/124] new version 5.8 --- sources | 4 ++-- squid-3.0.STABLE1-perlpath.patch | 2 +- squid.spec | 7 +++++-- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/sources b/sources index 5bea984..01b250d 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-5.7.tar.xz) = 624a39041a6ceda6c470dc0937616f1aa67200f3db02b4d74095d8d706ed31d6df5e0417dcacde45f6be40b617bee018849793d52c96a626aab32a2b182972aa -SHA512 (squid-5.7.tar.xz.asc) = e8578d3dc0ecff0cb4a0d53375564f782b51c218276413a1b3b924396846a2cbca1f3ff8d53b247d210e4f63e553d89795a5b8b6972b7712d87c33b556076238 +SHA512 (squid-5.8.tar.xz) = 81a9a7d1dfcb58476369e08e99feb76411dd3242a3374feb175408fa0dc8161545a9a903603219c6fa2bcfb615461901e093428e97ac74cf4c596a7065d3247d +SHA512 (squid-5.8.tar.xz.asc) = d1cbadb6c0abb4bea7261818e5ed6558d2ea6a51f6249e222647fb68138b84730e10676bca8a75c8162f73fe8b6133b91df0182e682f04a32ffa98020eaeaba6 SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 diff --git a/squid-3.0.STABLE1-perlpath.patch b/squid-3.0.STABLE1-perlpath.patch index d927e43..5ab22a0 100644 --- a/squid-3.0.STABLE1-perlpath.patch +++ b/squid-3.0.STABLE1-perlpath.patch @@ -6,5 +6,5 @@ index 4cb0480..4b89910 100755 -#!/usr/local/bin/perl -Tw +#!/usr/bin/perl -Tw # - # * Copyright (C) 1996-2022 The Squid Software Foundation and contributors + # * Copyright (C) 1996-2023 The Squid Software Foundation and contributors # * diff --git a/squid.spec b/squid.spec index aeb4b7e..53c3bcc 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 5.7 -Release: 4%{?dist} +Version: 5.8 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -333,6 +333,9 @@ fi %changelog +* Tue Feb 28 2023 Luboš Uhliarik - 7:5.8-1 +- new version 5.8 + * Sat Jan 21 2023 Fedora Release Engineering - 7:5.7-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild From e8590f9b27a483a79b621507bf44d6e3610279c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Tue, 9 May 2023 11:48:39 +0200 Subject: [PATCH 091/124] new version 5.9 --- sources | 4 ++-- squid.spec | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/sources b/sources index 01b250d..65abcc4 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-5.8.tar.xz) = 81a9a7d1dfcb58476369e08e99feb76411dd3242a3374feb175408fa0dc8161545a9a903603219c6fa2bcfb615461901e093428e97ac74cf4c596a7065d3247d -SHA512 (squid-5.8.tar.xz.asc) = d1cbadb6c0abb4bea7261818e5ed6558d2ea6a51f6249e222647fb68138b84730e10676bca8a75c8162f73fe8b6133b91df0182e682f04a32ffa98020eaeaba6 +SHA512 (squid-5.9.tar.xz) = 7dc366ef6b2a397ca6adec993c05876949de5f5e72a8a4409c9c9c52c42a8a4b37f58e85a171eebd36a166951f6c764176cfebec30019b299abe34a5adc4e5ac +SHA512 (squid-5.9.tar.xz.asc) = e2852d45645effc1a94f3ff13471a6dfc0721b42c9c162c06d7ac8613a46e4e3e580ec2dd8371b93ef68d2d197008398926003c35c4e8468cae2871d740491a0 SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 diff --git a/squid.spec b/squid.spec index 53c3bcc..7db39f3 100644 --- a/squid.spec +++ b/squid.spec @@ -1,7 +1,7 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 5.8 +Version: 5.9 Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 @@ -333,6 +333,9 @@ fi %changelog +* Tue May 09 2023 Luboš Uhliarik - 7:5.9-1 +- new version 5.9 + * Tue Feb 28 2023 Luboš Uhliarik - 7:5.8-1 - new version 5.8 From d682c6288b2fa2b6dedab71063bae911f42bd853 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Tue, 11 Jul 2023 20:23:30 +0200 Subject: [PATCH 092/124] new version 6.1 --- .gitignore | 2 +- sources | 5 +- squid-3.5.9-include-guards.patch | 95 ----------- squid-5.0.5-build-errors.patch | 116 ------------- squid-5.0.5-symlink-lang-err.patch | 68 -------- squid-5.7-ip-bind-address-no-port.patch | 156 ------------------ ....11-config.patch => squid-6.1-config.patch | 11 +- ...location.patch => squid-6.1-location.patch | 0 ...perlpath.patch => squid-6.1-perlpath.patch | 2 +- squid-6.1-symlink-lang-err.patch | 26 +++ squid.spec | 34 ++-- 11 files changed, 55 insertions(+), 460 deletions(-) delete mode 100644 squid-3.5.9-include-guards.patch delete mode 100644 squid-5.0.5-build-errors.patch delete mode 100644 squid-5.0.5-symlink-lang-err.patch delete mode 100644 squid-5.7-ip-bind-address-no-port.patch rename squid-4.0.11-config.patch => squid-6.1-config.patch (61%) rename squid-3.1.0.9-location.patch => squid-6.1-location.patch (100%) rename squid-3.0.STABLE1-perlpath.patch => squid-6.1-perlpath.patch (90%) create mode 100644 squid-6.1-symlink-lang-err.patch diff --git a/.gitignore b/.gitignore index c2dc451..e16a3d0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ /*.asc -/*.xz +/*.xz \ No newline at end of file diff --git a/sources b/sources index 65abcc4..8ab4e23 100644 --- a/sources +++ b/sources @@ -1,3 +1,4 @@ -SHA512 (squid-5.9.tar.xz) = 7dc366ef6b2a397ca6adec993c05876949de5f5e72a8a4409c9c9c52c42a8a4b37f58e85a171eebd36a166951f6c764176cfebec30019b299abe34a5adc4e5ac -SHA512 (squid-5.9.tar.xz.asc) = e2852d45645effc1a94f3ff13471a6dfc0721b42c9c162c06d7ac8613a46e4e3e580ec2dd8371b93ef68d2d197008398926003c35c4e8468cae2871d740491a0 +SHA512 (squid-6.1.tar.xz) = 1e3d5b4cf40d84f94fa108ac7fcd592b55e477a12bb7bca68dd5d58e6614b4f8918d05ca9200ae13b6c4632bdb66e088656fb4efa2cfb6b66fca6bb9c2f91247 +SHA512 (squid-6.1.tar.xz.asc) = 4243e2c547dc7383fce58e5b463a0ef198a9591cfe22b01c5b3b8f79b26bff2e7968a87e900bbbbbbc7abea4863d6aa55e624fcf30ab533fc41b0ad52cf3fc8e SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 + diff --git a/squid-3.5.9-include-guards.patch b/squid-3.5.9-include-guards.patch deleted file mode 100644 index e2d4ff9..0000000 --- a/squid-3.5.9-include-guards.patch +++ /dev/null @@ -1,95 +0,0 @@ ------------------------------------------------------------- -revno: 14311 -revision-id: squid3@treenet.co.nz-20150924130537-lqwzd1z99a3l9gt4 -parent: squid3@treenet.co.nz-20150924032241-6cx3g6hwz9xfoybr ------------------------------------------------------------- -revno: 14311 -revision-id: squid3@treenet.co.nz-20150924130537-lqwzd1z99a3l9gt4 -parent: squid3@treenet.co.nz-20150924032241-6cx3g6hwz9xfoybr -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4323 -author: Francesco Chemolli -committer: Amos Jeffries -branch nick: trunk -timestamp: Thu 2015-09-24 06:05:37 -0700 -message: - Bug 4323: Netfilter broken cross-includes with Linux 4.2 ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20150924130537-lqwzd1z99a3l9gt4 -# target_branch: http://bzr.squid-cache.org/bzr/squid3/trunk/ -# testament_sha1: c67cfca81040f3845d7c4caf2f40518511f14d0b -# timestamp: 2015-09-24 13:06:33 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/trunk -# base_revision_id: squid3@treenet.co.nz-20150924032241-\ -# 6cx3g6hwz9xfoybr -# -# Begin patch -=== modified file 'compat/os/linux.h' ---- compat/os/linux.h 2015-01-13 07:25:36 +0000 -+++ compat/os/linux.h 2015-09-24 13:05:37 +0000 -@@ -30,6 +30,21 @@ - #endif - - /* -+ * Netfilter header madness. (see Bug 4323) -+ * -+ * Netfilter have a history of defining their own versions of network protocol -+ * primitives without sufficient protection against the POSIX defines which are -+ * aways present in Linux. -+ * -+ * netinet/in.h must be included before any other sys header in order to properly -+ * activate include guards in the kernel maintainers added -+ * to workaround it. -+ */ -+#if HAVE_NETINET_IN_H -+#include -+#endif -+ -+/* - * sys/capability.h is only needed in Linux apparently. - * - * HACK: LIBCAP_BROKEN Ugly glue to get around linux header madness colliding with glibc -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4323 -author: Francesco Chemolli -committer: Amos Jeffries -branch nick: trunk -timestamp: Thu 2015-09-24 06:05:37 -0700 -message: - Bug 4323: Netfilter broken cross-includes with Linux 4.2 ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20150924130537-lqwzd1z99a3l9gt4 -# target_branch: http://bzr.squid-cache.org/bzr/squid3/trunk/ -# testament_sha1: c67cfca81040f3845d7c4caf2f40518511f14d0b -# timestamp: 2015-09-24 13:06:33 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/trunk -# base_revision_id: squid3@treenet.co.nz-20150924032241-\ -# 6cx3g6hwz9xfoybr -# -# Begin patch -=== modified file 'compat/os/linux.h' ---- compat/os/linux.h 2015-01-13 07:25:36 +0000 -+++ compat/os/linux.h 2015-09-24 13:05:37 +0000 -@@ -30,6 +30,21 @@ - #endif - - /* -+ * Netfilter header madness. (see Bug 4323) -+ * -+ * Netfilter have a history of defining their own versions of network protocol -+ * primitives without sufficient protection against the POSIX defines which are -+ * aways present in Linux. -+ * -+ * netinet/in.h must be included before any other sys header in order to properly -+ * activate include guards in the kernel maintainers added -+ * to workaround it. -+ */ -+#if HAVE_NETINET_IN_H -+#include -+#endif -+ -+/* - * sys/capability.h is only needed in Linux apparently. - * - * HACK: LIBCAP_BROKEN Ugly glue to get around linux header madness colliding with glibc - diff --git a/squid-5.0.5-build-errors.patch b/squid-5.0.5-build-errors.patch deleted file mode 100644 index 4293d67..0000000 --- a/squid-5.0.5-build-errors.patch +++ /dev/null @@ -1,116 +0,0 @@ -diff --git a/src/Makefile.am b/src/Makefile.am -index 81403a7..5e2a493 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -2477,6 +2477,7 @@ tests_testHttpRequest_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - tests_testHttpRequest_LDFLAGS = $(LIBADD_DL) -@@ -2781,6 +2782,7 @@ tests_testCacheManager_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - tests_testCacheManager_LDFLAGS = $(LIBADD_DL) -@@ -3101,6 +3103,7 @@ tests_testEvent_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - tests_testEvent_LDFLAGS = $(LIBADD_DL) -@@ -3339,6 +3342,7 @@ tests_testEventLoop_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - tests_testEventLoop_LDFLAGS = $(LIBADD_DL) -diff --git a/src/Makefile.in b/src/Makefile.in -index fda6de6..4e047cc 100644 ---- a/src/Makefile.in -+++ b/src/Makefile.in -@@ -4581,6 +4581,7 @@ tests_test_http_range_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - -@@ -4972,6 +4973,7 @@ tests_testHttpRequest_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - -@@ -5274,6 +5276,7 @@ tests_testCacheManager_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - -@@ -5593,6 +5596,7 @@ tests_testEvent_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - -@@ -5832,6 +5836,7 @@ tests_testEventLoop_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - -diff --git a/src/proxyp/Parser.cc b/src/proxyp/Parser.cc -index 328d207..2f358a7 100644 ---- a/src/proxyp/Parser.cc -+++ b/src/proxyp/Parser.cc -@@ -15,6 +15,7 @@ - #include "sbuf/Stream.h" - - #include -+#include - - #if HAVE_SYS_SOCKET_H - #include -diff --git a/src/security/ServerOptions.cc b/src/security/ServerOptions.cc -index e114ed8..22bce84 100644 ---- a/src/security/ServerOptions.cc -+++ b/src/security/ServerOptions.cc -@@ -18,6 +18,7 @@ - #if USE_OPENSSL - #include "compat/openssl.h" - #include "ssl/support.h" -+#include - - #if HAVE_OPENSSL_ERR_H - #include -diff --git a/src/acl/ConnMark.cc b/src/acl/ConnMark.cc -index 1fdae0c..213cf39 100644 ---- a/src/acl/ConnMark.cc -+++ b/src/acl/ConnMark.cc -@@ -15,6 +15,7 @@ - #include "Debug.h" - #include "http/Stream.h" - #include "sbuf/Stream.h" -+#include - - bool - Acl::ConnMark::empty() const diff --git a/squid-5.0.5-symlink-lang-err.patch b/squid-5.0.5-symlink-lang-err.patch deleted file mode 100644 index 45d6fe9..0000000 --- a/squid-5.0.5-symlink-lang-err.patch +++ /dev/null @@ -1,68 +0,0 @@ -From fc01451000eaa5592cd5afbd6aee14e53f7dd2c3 Mon Sep 17 00:00:00 2001 -From: Amos Jeffries -Date: Sun, 18 Oct 2020 20:23:10 +1300 -Subject: [PATCH] Update translations integration - -* Add credits for es-mx translation moderator -* Use es-mx for default of all Spanish (Central America) texts -* Update translation related .am files ---- - doc/manuals/language.am | 2 +- - errors/TRANSLATORS | 1 + - errors/aliases | 3 ++- - errors/language.am | 3 ++- - errors/template.am | 2 +- - 5 files changed, 7 insertions(+), 4 deletions(-) - -diff --git a/doc/manuals/language.am b/doc/manuals/language.am -index 7670c88380c..f03c4cf71b4 100644 ---- a/doc/manuals/language.am -+++ b/doc/manuals/language.am -@@ -18,4 +18,4 @@ TRANSLATE_LANGUAGES = \ - oc.lang \ - pt.lang \ - ro.lang \ -- ru.lang -+ ru.lang -diff --git a/errors/aliases b/errors/aliases -index 36f17f4b80f..cf0116f297d 100644 ---- a/errors/aliases -+++ b/errors/aliases -@@ -14,7 +14,8 @@ da da-dk - de de-at de-ch de-de de-li de-lu - el el-gr - en en-au en-bz en-ca en-cn en-gb en-ie en-in en-jm en-nz en-ph en-sg en-tt en-uk en-us en-za en-zw --es es-ar es-bo es-cl es-co es-cr es-do es-ec es-es es-gt es-hn es-mx es-ni es-pa es-pe es-pr es-py es-sv es-us es-uy es-ve es-xl -+es es-ar es-bo es-cl es-cu es-co es-do es-ec es-es es-pe es-pr es-py es-us es-uy es-ve es-xl spq -+es-mx es-bz es-cr es-gt es-hn es-ni es-pa es-sv - et et-ee - fa fa-fa fa-ir - fi fi-fi -diff --git a/errors/language.am b/errors/language.am -index 12b1b2b3b43..029e8c1eb2f 100644 ---- a/errors/language.am -+++ b/errors/language.am -@@ -17,6 +17,7 @@ TRANSLATE_LANGUAGES = \ - de.lang \ - el.lang \ - en.lang \ -+ es-mx.lang \ - es.lang \ - et.lang \ - fa.lang \ -@@ -51,4 +52,4 @@ TRANSLATE_LANGUAGES = \ - uz.lang \ - vi.lang \ - zh-hans.lang \ -- zh-hant.lang -+ zh-hant.lang -diff --git a/errors/template.am b/errors/template.am -index 6c12781e6f4..715c65aa22b 100644 ---- a/errors/template.am -+++ b/errors/template.am -@@ -48,4 +48,4 @@ ERROR_TEMPLATES = \ - templates/ERR_UNSUP_REQ \ - templates/ERR_URN_RESOLVE \ - templates/ERR_WRITE_ERROR \ -- templates/ERR_ZERO_SIZE_OBJECT -+ templates/ERR_ZERO_SIZE_OBJECT diff --git a/squid-5.7-ip-bind-address-no-port.patch b/squid-5.7-ip-bind-address-no-port.patch deleted file mode 100644 index 55d9597..0000000 --- a/squid-5.7-ip-bind-address-no-port.patch +++ /dev/null @@ -1,156 +0,0 @@ -commit c54122584d175cf1d292b239a5b70f2d1aa77c3a -Author: Tomas Korbar -Date: Mon Dec 5 15:03:07 2022 +0100 - - Backport adding IP_BIND_ADDRESS_NO_PORT flag to outgoing connections - -diff --git a/src/comm.cc b/src/comm.cc -index b4818f3..b18d175 100644 ---- a/src/comm.cc -+++ b/src/comm.cc -@@ -59,6 +59,7 @@ - */ - - static IOCB commHalfClosedReader; -+static int comm_openex(int sock_type, int proto, Ip::Address &, int flags, const char *note); - static void comm_init_opened(const Comm::ConnectionPointer &conn, const char *note, struct addrinfo *AI); - static int comm_apply_flags(int new_socket, Ip::Address &addr, int flags, struct addrinfo *AI); - -@@ -76,6 +77,7 @@ static EVH commHalfClosedCheck; - static void commPlanHalfClosedCheck(); - - static Comm::Flag commBind(int s, struct addrinfo &); -+static void commSetBindAddressNoPort(int); - static void commSetReuseAddr(int); - static void commSetNoLinger(int); - #ifdef TCP_NODELAY -@@ -202,6 +204,22 @@ comm_local_port(int fd) - return F->local_addr.port(); - } - -+/// sets the IP_BIND_ADDRESS_NO_PORT socket option to optimize ephemeral port -+/// reuse by outgoing TCP connections that must bind(2) to a source IP address -+static void -+commSetBindAddressNoPort(const int fd) -+{ -+#if defined(IP_BIND_ADDRESS_NO_PORT) -+ int flag = 1; -+ if (setsockopt(fd, IPPROTO_IP, IP_BIND_ADDRESS_NO_PORT, reinterpret_cast(&flag), sizeof(flag)) < 0) { -+ const auto savedErrno = errno; -+ debugs(50, DBG_IMPORTANT, "ERROR: setsockopt(IP_BIND_ADDRESS_NO_PORT) failure: " << xstrerr(savedErrno)); -+ } -+#else -+ (void)fd; -+#endif -+} -+ - static Comm::Flag - commBind(int s, struct addrinfo &inaddr) - { -@@ -228,6 +246,10 @@ comm_open(int sock_type, - int flags, - const char *note) - { -+ // assume zero-port callers do not need to know the assigned port right away -+ if (sock_type == SOCK_STREAM && addr.port() == 0 && ((flags & COMM_DOBIND) || !addr.isAnyAddr())) -+ flags |= COMM_DOBIND_PORT_LATER; -+ - return comm_openex(sock_type, proto, addr, flags, note); - } - -@@ -329,7 +351,7 @@ comm_set_transparent(int fd) - * Create a socket. Default is blocking, stream (TCP) socket. IO_TYPE - * is OR of flags specified in defines.h:COMM_* - */ --int -+static int - comm_openex(int sock_type, - int proto, - Ip::Address &addr, -@@ -488,6 +510,9 @@ comm_apply_flags(int new_socket, - } - } - #endif -+ if ((flags & COMM_DOBIND_PORT_LATER)) -+ commSetBindAddressNoPort(new_socket); -+ - if (commBind(new_socket, *AI) != Comm::OK) { - comm_close(new_socket); - return -1; -diff --git a/src/comm.h b/src/comm.h -index 5a1a7c2..a9f33db 100644 ---- a/src/comm.h -+++ b/src/comm.h -@@ -43,7 +43,6 @@ void comm_import_opened(const Comm::ConnectionPointer &, const char *note, struc - - /** - * Open a port specially bound for listening or sending through a specific port. -- * This is a wrapper providing IPv4/IPv6 failover around comm_openex(). - * Please use for all listening sockets and bind() outbound sockets. - * - * It will open a socket bound for: -@@ -59,7 +58,6 @@ void comm_import_opened(const Comm::ConnectionPointer &, const char *note, struc - int comm_open_listener(int sock_type, int proto, Ip::Address &addr, int flags, const char *note); - void comm_open_listener(int sock_type, int proto, Comm::ConnectionPointer &conn, const char *note); - --int comm_openex(int, int, Ip::Address &, int, const char *); - unsigned short comm_local_port(int fd); - - int comm_udp_sendto(int sock, const Ip::Address &to, const void *buf, int buflen); -diff --git a/src/comm/ConnOpener.cc b/src/comm/ConnOpener.cc -index 19c1237..79fa2ed 100644 ---- a/src/comm/ConnOpener.cc -+++ b/src/comm/ConnOpener.cc -@@ -285,7 +285,7 @@ Comm::ConnOpener::createFd() - if (callback_ == NULL || callback_->canceled()) - return false; - -- temporaryFd_ = comm_openex(SOCK_STREAM, IPPROTO_TCP, conn_->local, conn_->flags, host_); -+ temporaryFd_ = comm_open(SOCK_STREAM, IPPROTO_TCP, conn_->local, conn_->flags, host_); - if (temporaryFd_ < 0) { - sendAnswer(Comm::ERR_CONNECT, 0, "Comm::ConnOpener::createFd"); - return false; -diff --git a/src/comm/Connection.h b/src/comm/Connection.h -index 40c2249..2641f4e 100644 ---- a/src/comm/Connection.h -+++ b/src/comm/Connection.h -@@ -52,6 +52,8 @@ namespace Comm - #define COMM_REUSEPORT 0x40 //< needs SO_REUSEPORT - /// not registered with Comm and not owned by any connection-closing code - #define COMM_ORPHANED 0x40 -+/// Internal Comm optimization: Keep the source port unassigned until connect(2) -+#define COMM_DOBIND_PORT_LATER 0x100 - - /** - * Store data about the physical and logical attributes of a connection. -diff --git a/src/ipc.cc b/src/ipc.cc -index 45cab52..42e11e6 100644 ---- a/src/ipc.cc -+++ b/src/ipc.cc -@@ -95,12 +95,12 @@ ipcCreate(int type, const char *prog, const char *const args[], const char *name - } else void(0) - - if (type == IPC_TCP_SOCKET) { -- crfd = cwfd = comm_open(SOCK_STREAM, -+ crfd = cwfd = comm_open_listener(SOCK_STREAM, - 0, - local_addr, - COMM_NOCLOEXEC, - name); -- prfd = pwfd = comm_open(SOCK_STREAM, -+ prfd = pwfd = comm_open_listener(SOCK_STREAM, - 0, /* protocol */ - local_addr, - 0, /* blocking */ -diff --git a/src/tests/stub_comm.cc b/src/tests/stub_comm.cc -index a1d33d6..bf4bea6 100644 ---- a/src/tests/stub_comm.cc -+++ b/src/tests/stub_comm.cc -@@ -48,7 +48,6 @@ int comm_open_uds(int sock_type, int proto, struct sockaddr_un* addr, int flags) - void comm_import_opened(const Comm::ConnectionPointer &, const char *note, struct addrinfo *AI) STUB - int comm_open_listener(int sock_type, int proto, Ip::Address &addr, int flags, const char *note) STUB_RETVAL(-1) - void comm_open_listener(int sock_type, int proto, Comm::ConnectionPointer &conn, const char *note) STUB --int comm_openex(int, int, Ip::Address &, int, tos_t tos, nfmark_t nfmark, const char *) STUB_RETVAL(-1) - unsigned short comm_local_port(int fd) STUB_RETVAL(0) - int comm_udp_sendto(int sock, const Ip::Address &to, const void *buf, int buflen) STUB_RETVAL(-1) - void commCallCloseHandlers(int fd) STUB diff --git a/squid-4.0.11-config.patch b/squid-6.1-config.patch similarity index 61% rename from squid-4.0.11-config.patch rename to squid-6.1-config.patch index a4faae8..9d2b192 100644 --- a/squid-4.0.11-config.patch +++ b/squid-6.1-config.patch @@ -1,7 +1,8 @@ -diff -up squid-4.0.11/src/cf.data.pre.config squid-4.0.11/src/cf.data.pre ---- squid-4.0.11/src/cf.data.pre.config 2016-06-09 22:32:57.000000000 +0200 -+++ squid-4.0.11/src/cf.data.pre 2016-07-11 21:08:35.090976840 +0200 -@@ -4658,7 +4658,7 @@ DOC_END +diff --git a/src/cf.data.pre b/src/cf.data.pre +index 44aa34d..12225bc 100644 +--- a/src/cf.data.pre ++++ b/src/cf.data.pre +@@ -5453,7 +5453,7 @@ DOC_END NAME: logfile_rotate TYPE: int @@ -10,7 +11,7 @@ diff -up squid-4.0.11/src/cf.data.pre.config squid-4.0.11/src/cf.data.pre LOC: Config.Log.rotateNumber DOC_START Specifies the default number of logfile rotations to make when you -@@ -6444,11 +6444,11 @@ COMMENT_END +@@ -7447,11 +7447,11 @@ COMMENT_END NAME: cache_mgr TYPE: string diff --git a/squid-3.1.0.9-location.patch b/squid-6.1-location.patch similarity index 100% rename from squid-3.1.0.9-location.patch rename to squid-6.1-location.patch diff --git a/squid-3.0.STABLE1-perlpath.patch b/squid-6.1-perlpath.patch similarity index 90% rename from squid-3.0.STABLE1-perlpath.patch rename to squid-6.1-perlpath.patch index 5ab22a0..fe37759 100644 --- a/squid-3.0.STABLE1-perlpath.patch +++ b/squid-6.1-perlpath.patch @@ -1,5 +1,5 @@ diff --git a/contrib/url-normalizer.pl b/contrib/url-normalizer.pl -index 4cb0480..4b89910 100755 +index e965e9e..ed5ffcb 100755 --- a/contrib/url-normalizer.pl +++ b/contrib/url-normalizer.pl @@ -1,4 +1,4 @@ diff --git a/squid-6.1-symlink-lang-err.patch b/squid-6.1-symlink-lang-err.patch new file mode 100644 index 0000000..a29274b --- /dev/null +++ b/squid-6.1-symlink-lang-err.patch @@ -0,0 +1,26 @@ +diff --git a/errors/aliases b/errors/aliases +index c256106..38c123a 100644 +--- a/errors/aliases ++++ b/errors/aliases +@@ -14,8 +14,7 @@ da da-dk + de de-at de-ch de-de de-li de-lu + el el-gr + en en-au en-bz en-ca en-cn en-gb en-ie en-in en-jm en-nz en-ph en-sg en-tt en-uk en-us en-za en-zw +-es es-ar es-bo es-cl es-cu es-co es-do es-ec es-es es-pe es-pr es-py es-us es-uy es-ve es-xl spq +-es-mx es-bz es-cr es-gt es-hn es-ni es-pa es-sv ++es es-ar es-bo es-cl es-co es-cr es-do es-ec es-es es-gt es-hn es-mx es-ni es-pa es-pe es-pr es-py es-sv es-us es-uy es-ve es-xl + et et-ee + fa fa-fa fa-ir + fi fi-fi +diff --git a/errors/language.am b/errors/language.am +index a437d17..f2fe463 100644 +--- a/errors/language.am ++++ b/errors/language.am +@@ -19,7 +19,6 @@ LANGUAGE_FILES = \ + de.lang \ + el.lang \ + en.lang \ +- es-mx.lang \ + es.lang \ + et.lang \ + fa.lang \ diff --git a/squid.spec b/squid.spec index 7db39f3..e5accda 100644 --- a/squid.spec +++ b/squid.spec @@ -1,7 +1,7 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 5.9 +Version: 6.1 Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 @@ -9,8 +9,8 @@ Epoch: 7 License: GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain) URL: http://www.squid-cache.org -Source0: http://www.squid-cache.org/Versions/v5/squid-%{version}.tar.xz -Source1: http://www.squid-cache.org/Versions/v5/squid-%{version}.tar.xz.asc +Source0: http://www.squid-cache.org/Versions/v6/squid-%{version}.tar.xz +Source1: http://www.squid-cache.org/Versions/v6/squid-%{version}.tar.xz.asc Source2: http://www.squid-cache.org/pgp.asc Source3: squid.logrotate Source4: squid.sysconfig @@ -25,18 +25,17 @@ Source98: perl-requires-squid.sh # Upstream patches # Backported patches -Patch101: squid-5.7-ip-bind-address-no-port.patch +# Patch101: patch # Local patches # Applying upstream patches first makes it less likely that local patches # will break upstream ones. -Patch201: squid-4.0.11-config.patch -Patch202: squid-3.1.0.9-location.patch -Patch203: squid-3.0.STABLE1-perlpath.patch -Patch204: squid-3.5.9-include-guards.patch +Patch201: squid-6.1-config.patch +Patch202: squid-6.1-location.patch +Patch203: squid-6.1-perlpath.patch # revert this upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=1936422 # workaround for #1934919 -Patch205: squid-5.0.5-symlink-lang-err.patch +Patch204: squid-6.1-symlink-lang-err.patch # cache_swap.sh Requires: bash gawk @@ -99,14 +98,13 @@ lookup program (dnsserver), a program for retrieving FTP data # Upstream patches # Backported patches -%patch101 -p1 -b .ip-bind-address-no-port +# %patch101 -p1 -b .patch # Local patches -%patch201 -p1 -b .config -%patch202 -p1 -b .location -%patch203 -p1 -b .perlpath -%patch204 -p0 -b .include-guards -%patch205 -p1 -R -b .symlink-lang-err +%patch -P 201 -p1 -b .config +%patch -P 202 -p1 -b .location +%patch -P 203 -p1 -b .perlpath +%patch -P 204 -p1 -b .symlink-lang-err # https://bugzilla.redhat.com/show_bug.cgi?id=1679526 # Patch in the vendor documentation and used different location for documentation @@ -159,7 +157,8 @@ sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented --disable-arch-native \ --disable-security-cert-validators \ --disable-strict-error-checking \ - --with-swapdir=%{_localstatedir}/spool/squid + --with-swapdir=%{_localstatedir}/spool/squid \ + --enable-translation # workaround to build squid v5 mkdir -p src/icmp/tests @@ -333,6 +332,9 @@ fi %changelog +* Tue Jul 11 2023 Luboš Uhliarik - 7:6.1-1 +- new version 6.1 + * Tue May 09 2023 Luboš Uhliarik - 7:5.9-1 - new version 5.9 From 45aa5f8be15879d8b532e024e0babb4f02613250 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 22 Jul 2023 02:24:49 +0000 Subject: [PATCH 093/124] Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- squid.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index e5accda..94cf540 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 6.1 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -332,6 +332,9 @@ fi %changelog +* Sat Jul 22 2023 Fedora Release Engineering - 7:6.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + * Tue Jul 11 2023 Luboš Uhliarik - 7:6.1-1 - new version 6.1 From fb5d65bd298a33525db7a189eb2c7d8be58cb057 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Tue, 8 Aug 2023 16:53:27 +0200 Subject: [PATCH 094/124] Fix "!commHasHalfClosedMonitor(fd)" assertion --- squid-6.1-crash-half-closed.patch | 158 ++++++++++++++++++++++++++++++ squid.spec | 8 +- 2 files changed, 165 insertions(+), 1 deletion(-) create mode 100644 squid-6.1-crash-half-closed.patch diff --git a/squid-6.1-crash-half-closed.patch b/squid-6.1-crash-half-closed.patch new file mode 100644 index 0000000..901ece2 --- /dev/null +++ b/squid-6.1-crash-half-closed.patch @@ -0,0 +1,158 @@ +diff --git a/src/client_side.cc b/src/client_side.cc +index f488fc4..69586df 100644 +--- a/src/client_side.cc ++++ b/src/client_side.cc +@@ -932,7 +932,7 @@ ConnStateData::kick() + * We are done with the response, and we are either still receiving request + * body (early response!) or have already stopped receiving anything. + * +- * If we are still receiving, then clientParseRequest() below will fail. ++ * If we are still receiving, then parseRequests() below will fail. + * (XXX: but then we will call readNextRequest() which may succeed and + * execute a smuggled request as we are not done with the current request). + * +@@ -952,28 +952,12 @@ ConnStateData::kick() + * Attempt to parse a request from the request buffer. + * If we've been fed a pipelined request it may already + * be in our read buffer. +- * +- \par +- * This needs to fall through - if we're unlucky and parse the _last_ request +- * from our read buffer we may never re-register for another client read. + */ + +- if (clientParseRequests()) { +- debugs(33, 3, clientConnection << ": parsed next request from buffer"); +- } ++ parseRequests(); + +- /** \par +- * Either we need to kick-start another read or, if we have +- * a half-closed connection, kill it after the last request. +- * This saves waiting for half-closed connections to finished being +- * half-closed _AND_ then, sometimes, spending "Timeout" time in +- * the keepalive "Waiting for next request" state. +- */ +- if (commIsHalfClosed(clientConnection->fd) && pipeline.empty()) { +- debugs(33, 3, "half-closed client with no pending requests, closing"); +- clientConnection->close(); ++ if (!isOpen()) + return; +- } + + /** \par + * At this point we either have a parsed request (which we've +@@ -1893,16 +1877,11 @@ ConnStateData::receivedFirstByte() + resetReadTimeout(Config.Timeout.request); + } + +-/** +- * Attempt to parse one or more requests from the input buffer. +- * Returns true after completing parsing of at least one request [header]. That +- * includes cases where parsing ended with an error (e.g., a huge request). +- */ +-bool +-ConnStateData::clientParseRequests() ++/// Attempt to parse one or more requests from the input buffer. ++/// May close the connection. ++void ++ConnStateData::parseRequests() + { +- bool parsed_req = false; +- + debugs(33, 5, clientConnection << ": attempting to parse"); + + // Loop while we have read bytes that are not needed for producing the body +@@ -1947,8 +1926,6 @@ ConnStateData::clientParseRequests() + + processParsedRequest(context); + +- parsed_req = true; // XXX: do we really need to parse everything right NOW ? +- + if (context->mayUseConnection()) { + debugs(33, 3, "Not parsing new requests, as this request may need the connection"); + break; +@@ -1961,8 +1938,19 @@ ConnStateData::clientParseRequests() + } + } + +- /* XXX where to 'finish' the parsing pass? */ +- return parsed_req; ++ debugs(33, 7, "buffered leftovers: " << inBuf.length()); ++ ++ if (isOpen() && commIsHalfClosed(clientConnection->fd)) { ++ if (pipeline.empty()) { ++ // we processed what we could parse, and no more data is coming ++ debugs(33, 5, "closing half-closed without parsed requests: " << clientConnection); ++ clientConnection->close(); ++ } else { ++ // we parsed what we could, and no more data is coming ++ debugs(33, 5, "monitoring half-closed while processing parsed requests: " << clientConnection); ++ flags.readMore = false; // may already be false ++ } ++ } + } + + void +@@ -1979,18 +1967,7 @@ ConnStateData::afterClientRead() + if (pipeline.empty()) + fd_note(clientConnection->fd, "Reading next request"); + +- if (!clientParseRequests()) { +- if (!isOpen()) +- return; +- // We may get here if the client half-closed after sending a partial +- // request. See doClientRead() and shouldCloseOnEof(). +- // XXX: This partially duplicates ConnStateData::kick(). +- if (pipeline.empty() && commIsHalfClosed(clientConnection->fd)) { +- debugs(33, 5, clientConnection << ": half-closed connection, no completed request parsed, connection closing."); +- clientConnection->close(); +- return; +- } +- } ++ parseRequests(); + + if (!isOpen()) + return; +@@ -3775,7 +3752,7 @@ ConnStateData::notePinnedConnectionBecameIdle(PinnedIdleContext pic) + startPinnedConnectionMonitoring(); + + if (pipeline.empty()) +- kick(); // in case clientParseRequests() was blocked by a busy pic.connection ++ kick(); // in case parseRequests() was blocked by a busy pic.connection + } + + /// Forward future client requests using the given server connection. +diff --git a/src/client_side.h b/src/client_side.h +index 6027b31..60b99b1 100644 +--- a/src/client_side.h ++++ b/src/client_side.h +@@ -98,7 +98,6 @@ public: + void doneWithControlMsg() override; + + /// Traffic parsing +- bool clientParseRequests(); + void readNextRequest(); + + /// try to make progress on a transaction or read more I/O +@@ -443,6 +442,7 @@ private: + + void checkLogging(); + ++ void parseRequests(); + void clientAfterReadingRequests(); + bool concurrentRequestQueueFilled() const; + +diff --git a/src/tests/stub_client_side.cc b/src/tests/stub_client_side.cc +index 8c160e5..f49d5dc 100644 +--- a/src/tests/stub_client_side.cc ++++ b/src/tests/stub_client_side.cc +@@ -14,7 +14,7 @@ + #include "tests/STUB.h" + + #include "client_side.h" +-bool ConnStateData::clientParseRequests() STUB_RETVAL(false) ++void ConnStateData::parseRequests() STUB + void ConnStateData::readNextRequest() STUB + bool ConnStateData::isOpen() const STUB_RETVAL(false) + void ConnStateData::kick() STUB diff --git a/squid.spec b/squid.spec index 94cf540..51f5852 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 6.1 -Release: 2%{?dist} +Release: 3%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -36,6 +36,8 @@ Patch203: squid-6.1-perlpath.patch # revert this upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=1936422 # workaround for #1934919 Patch204: squid-6.1-symlink-lang-err.patch +# Upstream PR: https://github.com/squid-cache/squid/pull/1442 +Patch205: squid-6.1-crash-half-closed.patch # cache_swap.sh Requires: bash gawk @@ -105,6 +107,7 @@ lookup program (dnsserver), a program for retrieving FTP data %patch -P 202 -p1 -b .location %patch -P 203 -p1 -b .perlpath %patch -P 204 -p1 -b .symlink-lang-err +%patch -P 205 -p1 -b .crash-half-closed # https://bugzilla.redhat.com/show_bug.cgi?id=1679526 # Patch in the vendor documentation and used different location for documentation @@ -332,6 +335,9 @@ fi %changelog +* Fri Aug 04 2023 Luboš Uhliarik - 7:6.1-3 +- Fix "!commHasHalfClosedMonitor(fd)" assertion + * Sat Jul 22 2023 Fedora Release Engineering - 7:6.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild From b5e1d7b9e6a78ea63b7cedae3f381a77ec9c4f3d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Wed, 16 Aug 2023 17:31:00 +0200 Subject: [PATCH 095/124] new version 6.2 --- sources | 5 ++--- squid.spec | 7 +++++-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/sources b/sources index 8ab4e23..bab2980 100644 --- a/sources +++ b/sources @@ -1,4 +1,3 @@ -SHA512 (squid-6.1.tar.xz) = 1e3d5b4cf40d84f94fa108ac7fcd592b55e477a12bb7bca68dd5d58e6614b4f8918d05ca9200ae13b6c4632bdb66e088656fb4efa2cfb6b66fca6bb9c2f91247 -SHA512 (squid-6.1.tar.xz.asc) = 4243e2c547dc7383fce58e5b463a0ef198a9591cfe22b01c5b3b8f79b26bff2e7968a87e900bbbbbbc7abea4863d6aa55e624fcf30ab533fc41b0ad52cf3fc8e +SHA512 (squid-6.2.tar.xz) = a2f3ad666b88708ddc52958e610222778e4f64c2ac097b821867ae4022ca35dcbe225f2c5bba42a69fa56f89feebf63764d1a936444e4debce7e55e87b7366db +SHA512 (squid-6.2.tar.xz.asc) = d178eb1d89e8dbe03033378125038be1a4b153846efa53aff396405e7cbadd985842098ab16b68f68d2d23bf3cfca609c535b97ef67df903ee4998d6f0406656 SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 - diff --git a/squid.spec b/squid.spec index 51f5852..2528d8c 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 6.1 -Release: 3%{?dist} +Version: 6.2 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -335,6 +335,9 @@ fi %changelog +* Wed Aug 16 2023 Luboš Uhliarik - 7:6.2-1 +- new version 6.2 + * Fri Aug 04 2023 Luboš Uhliarik - 7:6.1-3 - Fix "!commHasHalfClosedMonitor(fd)" assertion From 986386af0e951f6ea82e2bd5cc6a476438d88187 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Tue, 5 Sep 2023 14:08:40 +0200 Subject: [PATCH 096/124] new version 6.3 --- sources | 4 ++-- squid.spec | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/sources b/sources index bab2980..9585a3a 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-6.2.tar.xz) = a2f3ad666b88708ddc52958e610222778e4f64c2ac097b821867ae4022ca35dcbe225f2c5bba42a69fa56f89feebf63764d1a936444e4debce7e55e87b7366db -SHA512 (squid-6.2.tar.xz.asc) = d178eb1d89e8dbe03033378125038be1a4b153846efa53aff396405e7cbadd985842098ab16b68f68d2d23bf3cfca609c535b97ef67df903ee4998d6f0406656 +SHA512 (squid-6.3.tar.xz) = add8718895ceccc130d31e6cbf9fbdb7fd45a778a617e9f02bf310babe72106e1dc14ac8b3dc81d31e1f4cace66d9d72176dd82f1652d7248a478fa10ffb6b87 +SHA512 (squid-6.3.tar.xz.asc) = 39a4a1b426e06cf990cca1afc64f78623954e32079fb9562154518eeec4124b3b19f28f6c6cb998117aae176be707b25185fe66f98acb205f660396de59bd829 SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 diff --git a/squid.spec b/squid.spec index 2528d8c..1730441 100644 --- a/squid.spec +++ b/squid.spec @@ -1,7 +1,7 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 6.2 +Version: 6.3 Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 @@ -335,6 +335,9 @@ fi %changelog +* Tue Sep 05 2023 Luboš Uhliarik - 7:6.3-1 +- new version 6.3 + * Wed Aug 16 2023 Luboš Uhliarik - 7:6.2-1 - new version 6.2 From 92b68088588ad74f1e9634c204a350d94887942a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Thu, 14 Sep 2023 14:36:09 +0200 Subject: [PATCH 097/124] SPDX migration --- squid.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/squid.spec b/squid.spec index 1730441..a529327 100644 --- a/squid.spec +++ b/squid.spec @@ -2,11 +2,11 @@ Name: squid Version: 6.3 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code -License: GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain) +License: GPL-2.0-or-later AND (LGPL-2.0-or-later AND MIT AND BSD-2-Clause AND BSD-3-Clause AND BSD-4-Clause AND BSD-4-Clause-UC AND LicenseRef-Fedora-Public-Domain AND Beerware) URL: http://www.squid-cache.org Source0: http://www.squid-cache.org/Versions/v6/squid-%{version}.tar.xz @@ -335,6 +335,9 @@ fi %changelog +* Thu Sep 14 2023 Luboš Uhliarik - 7:6.3-2 +- SPDX migration + * Tue Sep 05 2023 Luboš Uhliarik - 7:6.3-1 - new version 6.3 From 32a0233ae79b27d44b12389ce6dd38fb30396e76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Tue, 24 Oct 2023 22:39:39 +0200 Subject: [PATCH 098/124] new version 6.4 --- sources | 4 ++-- squid.spec | 7 +++++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/sources b/sources index 9585a3a..975ec82 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-6.3.tar.xz) = add8718895ceccc130d31e6cbf9fbdb7fd45a778a617e9f02bf310babe72106e1dc14ac8b3dc81d31e1f4cace66d9d72176dd82f1652d7248a478fa10ffb6b87 -SHA512 (squid-6.3.tar.xz.asc) = 39a4a1b426e06cf990cca1afc64f78623954e32079fb9562154518eeec4124b3b19f28f6c6cb998117aae176be707b25185fe66f98acb205f660396de59bd829 +SHA512 (squid-6.4.tar.xz) = 7bbf759841448874090a145699ee01f67696c19da147e433b1ecc80a856095cbfae611ef910bc4f2c44218101d89f2ee13796f5b7ada2e21e95638d4dae077ab +SHA512 (squid-6.4.tar.xz.asc) = e61ea2f81a73ead4f6a8553410822ba51f0910546c7cbfb93e26f73f862f0a526fcb5c26308109f49e9f0fd0fbce702804a919fe8234b085a32251d62c891803 SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 diff --git a/squid.spec b/squid.spec index a529327..c1fffcf 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 6.3 -Release: 2%{?dist} +Version: 6.4 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -335,6 +335,9 @@ fi %changelog +* Tue Oct 24 2023 Luboš Uhliarik - 7:6.4-1 +- new version 6.4 + * Thu Sep 14 2023 Luboš Uhliarik - 7:6.3-2 - SPDX migration From 014ff8bb7a1d9f2f3d3ab300bd7b6bfdf8728137 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Tue, 7 Nov 2023 21:24:03 +0100 Subject: [PATCH 099/124] new version 6.5 --- sources | 4 ++-- squid.spec | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/sources b/sources index 975ec82..24c2ba7 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-6.4.tar.xz) = 7bbf759841448874090a145699ee01f67696c19da147e433b1ecc80a856095cbfae611ef910bc4f2c44218101d89f2ee13796f5b7ada2e21e95638d4dae077ab -SHA512 (squid-6.4.tar.xz.asc) = e61ea2f81a73ead4f6a8553410822ba51f0910546c7cbfb93e26f73f862f0a526fcb5c26308109f49e9f0fd0fbce702804a919fe8234b085a32251d62c891803 +SHA512 (squid-6.5.tar.xz) = d3a40f5f390f0042a8e981ca28755a90dd520230a06b4246ba7bec0c98025ce1cdc7426797a666f769addd60238e28e1f04d2c701ea2ef2d7329dbe87b830d70 +SHA512 (squid-6.5.tar.xz.asc) = bf6ab7128a6261ac63115f402925311be5f59ad9085d19813f842cfac4b385b47eb07c9398c85654896ef04f6678a4ea645edcbed503f4ac18a3920b6a03ed04 SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 diff --git a/squid.spec b/squid.spec index c1fffcf..a3f6dba 100644 --- a/squid.spec +++ b/squid.spec @@ -1,7 +1,7 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 6.4 +Version: 6.5 Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 @@ -335,6 +335,9 @@ fi %changelog +* Tue Nov 07 2023 Luboš Uhliarik - 7:6.5-1 +- new version 6.5 + * Tue Oct 24 2023 Luboš Uhliarik - 7:6.4-1 - new version 6.4 From 5580eab2d9db7b0f14a66cd8e8c17fa905490a51 Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Tue, 12 Dec 2023 22:32:30 -0500 Subject: [PATCH 100/124] new version 6.6 --- sources | 4 ++-- squid.spec | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/sources b/sources index 24c2ba7..6823720 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-6.5.tar.xz) = d3a40f5f390f0042a8e981ca28755a90dd520230a06b4246ba7bec0c98025ce1cdc7426797a666f769addd60238e28e1f04d2c701ea2ef2d7329dbe87b830d70 -SHA512 (squid-6.5.tar.xz.asc) = bf6ab7128a6261ac63115f402925311be5f59ad9085d19813f842cfac4b385b47eb07c9398c85654896ef04f6678a4ea645edcbed503f4ac18a3920b6a03ed04 +SHA512 (squid-6.6.tar.xz) = 4ab261ed85ad674288467500aca9d8a48e3918b55f777635c0ba7a2551f248d35536848a5fbf2c946490a818004727f2aed33144f0a3ebab0be36cc4cffb020c +SHA512 (squid-6.6.tar.xz.asc) = 08550569759c403a1a9747d08ea7055751fbf251355691074f6d09baca76a0987c5dff36e1f01b64edd446d568c7244b14124f6f8a1b19ccfc30293eed83a297 SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 diff --git a/squid.spec b/squid.spec index a3f6dba..8938081 100644 --- a/squid.spec +++ b/squid.spec @@ -1,7 +1,7 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 6.5 +Version: 6.6 Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 @@ -335,6 +335,9 @@ fi %changelog +* Wed Dec 13 2023 Yaakov Selkowitz - 7:6.6-1 +- new version 6.6 + * Tue Nov 07 2023 Luboš Uhliarik - 7:6.5-1 - new version 6.5 From ded59a53104e787986fdd65b98a0e3f599b67d4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Wed, 20 Dec 2023 14:54:02 +0100 Subject: [PATCH 101/124] Remove gopher mention from SPEC file, since gopher support has been removed --- squid.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index 8938081..ba852f7 100644 --- a/squid.spec +++ b/squid.spec @@ -83,7 +83,7 @@ Conflicts: NetworkManager < 1.20 %description Squid is a high-performance proxy caching server for Web clients, -supporting FTP, gopher, and HTTP data objects. Unlike traditional +supporting FTP and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking From 2af86284bc59404eec4b917537854c9e1d021fd0 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 27 Jan 2024 04:14:57 +0000 Subject: [PATCH 102/124] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --- squid.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index ba852f7..e34a531 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 6.6 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -335,6 +335,9 @@ fi %changelog +* Sat Jan 27 2024 Fedora Release Engineering - 7:6.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + * Wed Dec 13 2023 Yaakov Selkowitz - 7:6.6-1 - new version 6.6 From 24c56d185eaafd4fb39fc1d3094b74ee9acd0a33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Wed, 14 Feb 2024 00:34:23 +0100 Subject: [PATCH 103/124] new version 6.7 switch to autosetup fix FTBFS when using gcc14 --- sources | 6 +- squid-6.7-gcc-14.patch | 123 +++++++++++++++++++++++++++++++++++++++++ squid.spec | 24 ++++---- 3 files changed, 136 insertions(+), 17 deletions(-) create mode 100644 squid-6.7-gcc-14.patch diff --git a/sources b/sources index 6823720..d17889d 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-6.6.tar.xz) = 4ab261ed85ad674288467500aca9d8a48e3918b55f777635c0ba7a2551f248d35536848a5fbf2c946490a818004727f2aed33144f0a3ebab0be36cc4cffb020c -SHA512 (squid-6.6.tar.xz.asc) = 08550569759c403a1a9747d08ea7055751fbf251355691074f6d09baca76a0987c5dff36e1f01b64edd446d568c7244b14124f6f8a1b19ccfc30293eed83a297 -SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 +SHA512 (squid-6.7.tar.xz) = 6221437056c600119fe9ff1ceeeaa9955cf9f21df481ad29a3515f8439a41b779d51f37b820b75641d0d4d6de54554f6f924dbd347834bf4a6ad6b5b317084a0 +SHA512 (squid-6.7.tar.xz.asc) = 4a1f9d123ce6b5a600d9d2dd3af95a7ce98bfe28ba42d1281ab1f3d7f220f8738a4320afb85eeba1bf9d31e722ffaccd2d89cbefcd11e6b6ea31fe237ccf9a8c +SHA512 (pgp.asc) = b1e1dd5ead34711f064a12a324b2f156ad4835330d861eae4032926b8a6cd07c0eacc76f52518d47ed5a8ead4695f5abd02f2b4190af8e7833bd3ea31453569d diff --git a/squid-6.7-gcc-14.patch b/squid-6.7-gcc-14.patch new file mode 100644 index 0000000..283f5ec --- /dev/null +++ b/squid-6.7-gcc-14.patch @@ -0,0 +1,123 @@ +From 7080c9ea3c761f4ac67e3341bbc371383e4e739b Mon Sep 17 00:00:00 2001 +From: Amos Jeffries +Date: Wed, 14 Feb 2024 03:07:20 +1300 +Subject: [PATCH 1/4] Fix undefined std::find + +--- + src/helper/Reply.cc | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/helper/Reply.cc b/src/helper/Reply.cc +index 93cd5c84322..2e5e92aa2be 100644 +--- a/src/helper/Reply.cc ++++ b/src/helper/Reply.cc +@@ -17,6 +17,8 @@ + #include "rfc1738.h" + #include "SquidString.h" + ++#include ++ + Helper::Reply::Reply() : + result(Helper::Unknown) + { + +From 906884bf2565025cbc5b322c47425defa07f1f8e Mon Sep 17 00:00:00 2001 +From: Amos Jeffries +Date: Wed, 14 Feb 2024 03:51:17 +1300 +Subject: [PATCH 2/4] Fix error: 'InstanceId<...>::InstanceId(const + InstanceId<...> &)' is private within this context + +--- + src/base/InstanceId.h | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff --git a/src/base/InstanceId.h b/src/base/InstanceId.h +index a48be882cc4..c4dd4090b00 100644 +--- a/src/base/InstanceId.h ++++ b/src/base/InstanceId.h +@@ -49,6 +49,7 @@ class InstanceId + typedef ValueType Value; ///< id storage type + + InstanceId() {change();} ++ InstanceId(const InstanceId &); ///< no copying; IDs are unique + + operator Value() const { return value; } + bool operator ==(const InstanceId &o) const { return value == o.value; } +@@ -67,10 +68,6 @@ class InstanceId + + public: + Value value = Value(); ///< instance identifier +- +-private: +- InstanceId(const InstanceId &); ///< not implemented; IDs are unique +- InstanceId& operator=(const InstanceId &); ///< not implemented + }; + + /// An InstanceIdDefinitions() helper. Avoid direct use. + +From 2631e20bf8adc2102ba039baf86c1c64c158431f Mon Sep 17 00:00:00 2001 +From: Amos Jeffries +Date: Wed, 14 Feb 2024 03:58:47 +1300 +Subject: [PATCH 3/4] =?UTF-8?q?Fix=20error:=20=E2=80=98void*=20calloc(size?= + =?UTF-8?q?=5Ft,=20size=5Ft)=E2=80=99=20sizes?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +... specified with ‘sizeof’ in the earlier argument +and not in the later argument [-Werror=calloc-transposed-args] +--- + src/auth/basic/LDAP/basic_ldap_auth.cc | 2 +- + src/auth/digest/eDirectory/edir_ldapext.cc | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/auth/basic/LDAP/basic_ldap_auth.cc b/src/auth/basic/LDAP/basic_ldap_auth.cc +index 4d9a78574cb..f79a5b88984 100644 +--- a/src/auth/basic/LDAP/basic_ldap_auth.cc ++++ b/src/auth/basic/LDAP/basic_ldap_auth.cc +@@ -795,7 +795,7 @@ readSecret(const char *filename) + if ((e = strrchr(buf, '\r'))) + *e = 0; + +- passwd = (char *) calloc(sizeof(char), strlen(buf) + 1); ++ passwd = static_cast(calloc(strlen(buf) + 1, sizeof(char))); + if (!passwd) { + fprintf(stderr, PROGRAM_NAME " ERROR: can not allocate memory\n"); + exit(EXIT_FAILURE); +diff --git a/src/auth/digest/eDirectory/edir_ldapext.cc b/src/auth/digest/eDirectory/edir_ldapext.cc +index f34341c912c..13e7daca67b 100644 +--- a/src/auth/digest/eDirectory/edir_ldapext.cc ++++ b/src/auth/digest/eDirectory/edir_ldapext.cc +@@ -69,7 +69,7 @@ + + #define NMAS_LDAP_EXT_VERSION 1 + +-#define SMB_MALLOC_ARRAY(type, nelem) calloc(sizeof(type), nelem) ++#define SMB_MALLOC_ARRAY(type, nelem) calloc(nelem, sizeof(type)) + #define DEBUG(level, args) + + /********************************************************************** + +From 535606d99e04f3479af07c471768af688ff790cb Mon Sep 17 00:00:00 2001 +From: Amos Jeffries +Date: Wed, 14 Feb 2024 05:52:05 +1300 +Subject: [PATCH 4/4] Update src/base/InstanceId.h + +Co-authored-by: Alex Rousskov +--- + src/base/InstanceId.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/base/InstanceId.h b/src/base/InstanceId.h +index c4dd4090b00..d3e2ebb2b2e 100644 +--- a/src/base/InstanceId.h ++++ b/src/base/InstanceId.h +@@ -49,7 +49,7 @@ class InstanceId + typedef ValueType Value; ///< id storage type + + InstanceId() {change();} +- InstanceId(const InstanceId &); ///< no copying; IDs are unique ++ InstanceId(InstanceId &&) = delete; // no copying/moving of any kind + + operator Value() const { return value; } + bool operator ==(const InstanceId &o) const { return value == o.value; } diff --git a/squid.spec b/squid.spec index e34a531..490653c 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 6.6 -Release: 2%{?dist} +Version: 6.7 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -38,6 +38,8 @@ Patch203: squid-6.1-perlpath.patch Patch204: squid-6.1-symlink-lang-err.patch # Upstream PR: https://github.com/squid-cache/squid/pull/1442 Patch205: squid-6.1-crash-half-closed.patch +# https://github.com/squid-cache/squid/pull/1673 +Patch206: squid-6.7-gcc-14.patch # cache_swap.sh Requires: bash gawk @@ -95,19 +97,8 @@ lookup program (dnsserver), a program for retrieving FTP data %prep %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' -%setup -q -# Upstream patches - -# Backported patches -# %patch101 -p1 -b .patch - -# Local patches -%patch -P 201 -p1 -b .config -%patch -P 202 -p1 -b .location -%patch -P 203 -p1 -b .perlpath -%patch -P 204 -p1 -b .symlink-lang-err -%patch -P 205 -p1 -b .crash-half-closed +%autosetup -p1 # https://bugzilla.redhat.com/show_bug.cgi?id=1679526 # Patch in the vendor documentation and used different location for documentation @@ -335,6 +326,11 @@ fi %changelog +* Mon Feb 12 2024 Luboš Uhliarik - 7:6.7-1 +- new version 6.7 +- switch to autosetup +- fix FTBFS when using gcc14 + * Sat Jan 27 2024 Fedora Release Engineering - 7:6.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild From 5c7c3985cfee87f8be71b06ad85957ce4483c247 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Sat, 9 Mar 2024 04:10:00 +0100 Subject: [PATCH 104/124] new version 6.8 --- sources | 4 +- squid-6.7-gcc-14.patch | 123 ----------------------------------------- squid.spec | 7 ++- 3 files changed, 6 insertions(+), 128 deletions(-) delete mode 100644 squid-6.7-gcc-14.patch diff --git a/sources b/sources index d17889d..8d6d769 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-6.7.tar.xz) = 6221437056c600119fe9ff1ceeeaa9955cf9f21df481ad29a3515f8439a41b779d51f37b820b75641d0d4d6de54554f6f924dbd347834bf4a6ad6b5b317084a0 -SHA512 (squid-6.7.tar.xz.asc) = 4a1f9d123ce6b5a600d9d2dd3af95a7ce98bfe28ba42d1281ab1f3d7f220f8738a4320afb85eeba1bf9d31e722ffaccd2d89cbefcd11e6b6ea31fe237ccf9a8c +SHA512 (squid-6.8.tar.xz) = 25509662de0b16af763a7aca090937b16c9ae15cb29ae1275634db9091eba511de33e9119ef8552fda936b7a7cfd1b7e51f6082c039c8e9e9f7da64d5efac992 +SHA512 (squid-6.8.tar.xz.asc) = 118c6b2022ee0b62c83484742a6ae3ee6402ddb06d5f8e953b67185499070e5b1b04cb97953d4f73e91c420e86956f73787ea2208609e451ec2c24a7701a9f24 SHA512 (pgp.asc) = b1e1dd5ead34711f064a12a324b2f156ad4835330d861eae4032926b8a6cd07c0eacc76f52518d47ed5a8ead4695f5abd02f2b4190af8e7833bd3ea31453569d diff --git a/squid-6.7-gcc-14.patch b/squid-6.7-gcc-14.patch deleted file mode 100644 index 283f5ec..0000000 --- a/squid-6.7-gcc-14.patch +++ /dev/null @@ -1,123 +0,0 @@ -From 7080c9ea3c761f4ac67e3341bbc371383e4e739b Mon Sep 17 00:00:00 2001 -From: Amos Jeffries -Date: Wed, 14 Feb 2024 03:07:20 +1300 -Subject: [PATCH 1/4] Fix undefined std::find - ---- - src/helper/Reply.cc | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/helper/Reply.cc b/src/helper/Reply.cc -index 93cd5c84322..2e5e92aa2be 100644 ---- a/src/helper/Reply.cc -+++ b/src/helper/Reply.cc -@@ -17,6 +17,8 @@ - #include "rfc1738.h" - #include "SquidString.h" - -+#include -+ - Helper::Reply::Reply() : - result(Helper::Unknown) - { - -From 906884bf2565025cbc5b322c47425defa07f1f8e Mon Sep 17 00:00:00 2001 -From: Amos Jeffries -Date: Wed, 14 Feb 2024 03:51:17 +1300 -Subject: [PATCH 2/4] Fix error: 'InstanceId<...>::InstanceId(const - InstanceId<...> &)' is private within this context - ---- - src/base/InstanceId.h | 5 +---- - 1 file changed, 1 insertion(+), 4 deletions(-) - -diff --git a/src/base/InstanceId.h b/src/base/InstanceId.h -index a48be882cc4..c4dd4090b00 100644 ---- a/src/base/InstanceId.h -+++ b/src/base/InstanceId.h -@@ -49,6 +49,7 @@ class InstanceId - typedef ValueType Value; ///< id storage type - - InstanceId() {change();} -+ InstanceId(const InstanceId &); ///< no copying; IDs are unique - - operator Value() const { return value; } - bool operator ==(const InstanceId &o) const { return value == o.value; } -@@ -67,10 +68,6 @@ class InstanceId - - public: - Value value = Value(); ///< instance identifier -- --private: -- InstanceId(const InstanceId &); ///< not implemented; IDs are unique -- InstanceId& operator=(const InstanceId &); ///< not implemented - }; - - /// An InstanceIdDefinitions() helper. Avoid direct use. - -From 2631e20bf8adc2102ba039baf86c1c64c158431f Mon Sep 17 00:00:00 2001 -From: Amos Jeffries -Date: Wed, 14 Feb 2024 03:58:47 +1300 -Subject: [PATCH 3/4] =?UTF-8?q?Fix=20error:=20=E2=80=98void*=20calloc(size?= - =?UTF-8?q?=5Ft,=20size=5Ft)=E2=80=99=20sizes?= -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -... specified with ‘sizeof’ in the earlier argument -and not in the later argument [-Werror=calloc-transposed-args] ---- - src/auth/basic/LDAP/basic_ldap_auth.cc | 2 +- - src/auth/digest/eDirectory/edir_ldapext.cc | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/auth/basic/LDAP/basic_ldap_auth.cc b/src/auth/basic/LDAP/basic_ldap_auth.cc -index 4d9a78574cb..f79a5b88984 100644 ---- a/src/auth/basic/LDAP/basic_ldap_auth.cc -+++ b/src/auth/basic/LDAP/basic_ldap_auth.cc -@@ -795,7 +795,7 @@ readSecret(const char *filename) - if ((e = strrchr(buf, '\r'))) - *e = 0; - -- passwd = (char *) calloc(sizeof(char), strlen(buf) + 1); -+ passwd = static_cast(calloc(strlen(buf) + 1, sizeof(char))); - if (!passwd) { - fprintf(stderr, PROGRAM_NAME " ERROR: can not allocate memory\n"); - exit(EXIT_FAILURE); -diff --git a/src/auth/digest/eDirectory/edir_ldapext.cc b/src/auth/digest/eDirectory/edir_ldapext.cc -index f34341c912c..13e7daca67b 100644 ---- a/src/auth/digest/eDirectory/edir_ldapext.cc -+++ b/src/auth/digest/eDirectory/edir_ldapext.cc -@@ -69,7 +69,7 @@ - - #define NMAS_LDAP_EXT_VERSION 1 - --#define SMB_MALLOC_ARRAY(type, nelem) calloc(sizeof(type), nelem) -+#define SMB_MALLOC_ARRAY(type, nelem) calloc(nelem, sizeof(type)) - #define DEBUG(level, args) - - /********************************************************************** - -From 535606d99e04f3479af07c471768af688ff790cb Mon Sep 17 00:00:00 2001 -From: Amos Jeffries -Date: Wed, 14 Feb 2024 05:52:05 +1300 -Subject: [PATCH 4/4] Update src/base/InstanceId.h - -Co-authored-by: Alex Rousskov ---- - src/base/InstanceId.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/base/InstanceId.h b/src/base/InstanceId.h -index c4dd4090b00..d3e2ebb2b2e 100644 ---- a/src/base/InstanceId.h -+++ b/src/base/InstanceId.h -@@ -49,7 +49,7 @@ class InstanceId - typedef ValueType Value; ///< id storage type - - InstanceId() {change();} -- InstanceId(const InstanceId &); ///< no copying; IDs are unique -+ InstanceId(InstanceId &&) = delete; // no copying/moving of any kind - - operator Value() const { return value; } - bool operator ==(const InstanceId &o) const { return value == o.value; } diff --git a/squid.spec b/squid.spec index 490653c..94a138d 100644 --- a/squid.spec +++ b/squid.spec @@ -1,7 +1,7 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 6.7 +Version: 6.8 Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 @@ -38,8 +38,6 @@ Patch203: squid-6.1-perlpath.patch Patch204: squid-6.1-symlink-lang-err.patch # Upstream PR: https://github.com/squid-cache/squid/pull/1442 Patch205: squid-6.1-crash-half-closed.patch -# https://github.com/squid-cache/squid/pull/1673 -Patch206: squid-6.7-gcc-14.patch # cache_swap.sh Requires: bash gawk @@ -326,6 +324,9 @@ fi %changelog +* Sat Mar 09 2024 Luboš Uhliarik - 7:6.8-1 +- new version 6.8 + * Mon Feb 12 2024 Luboš Uhliarik - 7:6.7-1 - new version 6.7 - switch to autosetup From 8f425c9ec24cef71e2cca266d6e2906ab6c7a21a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Wed, 17 Apr 2024 01:26:51 +0200 Subject: [PATCH 105/124] Resolves: #2262715 - squid-6.9 is available --- sources | 4 ++-- squid.spec | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/sources b/sources index 8d6d769..a42cd14 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-6.8.tar.xz) = 25509662de0b16af763a7aca090937b16c9ae15cb29ae1275634db9091eba511de33e9119ef8552fda936b7a7cfd1b7e51f6082c039c8e9e9f7da64d5efac992 -SHA512 (squid-6.8.tar.xz.asc) = 118c6b2022ee0b62c83484742a6ae3ee6402ddb06d5f8e953b67185499070e5b1b04cb97953d4f73e91c420e86956f73787ea2208609e451ec2c24a7701a9f24 +SHA512 (squid-6.9.tar.xz) = 2666551caca39fa6ca49b56b537645dd043ee0c99b805c433cf714172e6062590fd6ed942043df1a3b543f30c039f3ab701493187dc6a0a4a8311217417c366e +SHA512 (squid-6.9.tar.xz.asc) = ccd053476e91544bf797cf38a7e57acdc1c02c1edb2804230f061d9b24abbbd2e06abbaaa0fe2b209951631c0369510f60f0b7137fe950f3ccf59e8a212bc0fa SHA512 (pgp.asc) = b1e1dd5ead34711f064a12a324b2f156ad4835330d861eae4032926b8a6cd07c0eacc76f52518d47ed5a8ead4695f5abd02f2b4190af8e7833bd3ea31453569d diff --git a/squid.spec b/squid.spec index 94a138d..6e8a194 100644 --- a/squid.spec +++ b/squid.spec @@ -1,7 +1,7 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 6.8 +Version: 6.9 Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 @@ -324,6 +324,9 @@ fi %changelog +* Tue Apr 16 2024 Luboš Uhliarik - 7:6.9-1 +- Resolves: #2262715 - squid-6.9 is available + * Sat Mar 09 2024 Luboš Uhliarik - 7:6.8-1 - new version 6.8 From 71d404cc388ccce1a343081da6ee97a4a3aaf069 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Mon, 1 Jul 2024 11:20:18 +0200 Subject: [PATCH 106/124] new version 6.10 Resolves: #2294354 - CVE-2024-37894 squid: Out-of-bounds write error may lead to Denial of Service --- sources | 4 ++-- squid.spec | 7 ++++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/sources b/sources index a42cd14..38903ce 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-6.9.tar.xz) = 2666551caca39fa6ca49b56b537645dd043ee0c99b805c433cf714172e6062590fd6ed942043df1a3b543f30c039f3ab701493187dc6a0a4a8311217417c366e -SHA512 (squid-6.9.tar.xz.asc) = ccd053476e91544bf797cf38a7e57acdc1c02c1edb2804230f061d9b24abbbd2e06abbaaa0fe2b209951631c0369510f60f0b7137fe950f3ccf59e8a212bc0fa +SHA512 (squid-6.10.tar.xz) = c0b75c3d383b1cd234b30dd02e84e1c5655fc53f63b75704bf4bac9ee0b86ba27e4656116893aff8b95dea19ff1befabcbb9dab3875da52fcb65f1d30f0fe5a9 +SHA512 (squid-6.10.tar.xz.asc) = 5e9d053db90549760f7a675d9f4703ecde460906cb09dff489f9db5d0f7826fb30487c9b009cc4577f3f061f3c7b3a667418af298f55f882f696884dc536bf53 SHA512 (pgp.asc) = b1e1dd5ead34711f064a12a324b2f156ad4835330d861eae4032926b8a6cd07c0eacc76f52518d47ed5a8ead4695f5abd02f2b4190af8e7833bd3ea31453569d diff --git a/squid.spec b/squid.spec index 6e8a194..8d0f9e2 100644 --- a/squid.spec +++ b/squid.spec @@ -1,7 +1,7 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 6.9 +Version: 6.10 Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 @@ -324,6 +324,11 @@ fi %changelog +* Mon Jul 01 2024 Luboš Uhliarik - 7:6.10-1 +- new version 6.10 +- Resolves: #2294354 - CVE-2024-37894 squid: Out-of-bounds write error may + lead to Denial of Service + * Tue Apr 16 2024 Luboš Uhliarik - 7:6.9-1 - Resolves: #2262715 - squid-6.9 is available From bc07278a7c3b6e94716a0b71bb92f443ecffd70e Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 20 Jul 2024 06:20:17 +0000 Subject: [PATCH 107/124] Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild --- squid.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index 8d0f9e2..c02c88b 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 6.10 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -324,6 +324,9 @@ fi %changelog +* Sat Jul 20 2024 Fedora Release Engineering - 7:6.10-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + * Mon Jul 01 2024 Luboš Uhliarik - 7:6.10-1 - new version 6.10 - Resolves: #2294354 - CVE-2024-37894 squid: Out-of-bounds write error may From 259e6f50ca2a8f1bceb11ecc23318c4947c5adca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Wed, 25 Sep 2024 15:38:12 +0200 Subject: [PATCH 108/124] new version 6.11 --- sources | 4 ++-- squid-6.1-perlpath.patch | 2 +- squid.spec | 7 +++++-- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/sources b/sources index 38903ce..469e7e0 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-6.10.tar.xz) = c0b75c3d383b1cd234b30dd02e84e1c5655fc53f63b75704bf4bac9ee0b86ba27e4656116893aff8b95dea19ff1befabcbb9dab3875da52fcb65f1d30f0fe5a9 -SHA512 (squid-6.10.tar.xz.asc) = 5e9d053db90549760f7a675d9f4703ecde460906cb09dff489f9db5d0f7826fb30487c9b009cc4577f3f061f3c7b3a667418af298f55f882f696884dc536bf53 +SHA512 (squid-6.11.tar.xz) = 669f658b0a58514f98c2b33df874706d40b9ed0837e1f32e08e274c79617063e06e706932011a34b115dcc96d43125f9cea30fba459cd31a88e3afd9b6076d7a +SHA512 (squid-6.11.tar.xz.asc) = e4bf8a77fe431eb6ba7ff9c10511d987692438d66c4aa72739b4fedf73aa6e6704e4da756ffcfeb82b9d76be9a3e4bb963dd523132cda732077898785cc6bbb9 SHA512 (pgp.asc) = b1e1dd5ead34711f064a12a324b2f156ad4835330d861eae4032926b8a6cd07c0eacc76f52518d47ed5a8ead4695f5abd02f2b4190af8e7833bd3ea31453569d diff --git a/squid-6.1-perlpath.patch b/squid-6.1-perlpath.patch index fe37759..7539001 100644 --- a/squid-6.1-perlpath.patch +++ b/squid-6.1-perlpath.patch @@ -6,5 +6,5 @@ index e965e9e..ed5ffcb 100755 -#!/usr/local/bin/perl -Tw +#!/usr/bin/perl -Tw # - # * Copyright (C) 1996-2023 The Squid Software Foundation and contributors + # * Copyright (C) 1996-2024 The Squid Software Foundation and contributors # * diff --git a/squid.spec b/squid.spec index c02c88b..f4fd37a 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 6.10 -Release: 2%{?dist} +Version: 6.11 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -324,6 +324,9 @@ fi %changelog +* Wed Sep 25 2024 Luboš Uhliarik - 7:6.11-1 +- new version 6.11 + * Sat Jul 20 2024 Fedora Release Engineering - 7:6.10-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild From 8504f8d8faa18c410053b85036e2522d738b3d03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Fri, 11 Oct 2024 20:22:16 +0200 Subject: [PATCH 109/124] ignore SP and HTAB chars after chunk-size --- squid-6.11-ignore-wsp-after-chunk-size.patch | 367 +++++++++++++++++++ squid.spec | 7 +- 2 files changed, 373 insertions(+), 1 deletion(-) create mode 100644 squid-6.11-ignore-wsp-after-chunk-size.patch diff --git a/squid-6.11-ignore-wsp-after-chunk-size.patch b/squid-6.11-ignore-wsp-after-chunk-size.patch new file mode 100644 index 0000000..ea4025f --- /dev/null +++ b/squid-6.11-ignore-wsp-after-chunk-size.patch @@ -0,0 +1,367 @@ +From 8d0ee420a4d91ac7fd97316338f1e28b4b060cbf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= +Date: Thu, 10 Oct 2024 19:26:27 +0200 +Subject: [PATCH 1/6] Ignore whitespace chars after chunk-size + +Previously (before #1498 change), squid was accepting TE-chunked replies +with whitespaces after chunk-size and missing chunk-ext data. After + +It turned out that replies with such whitespace chars are pretty +common and other webservers which can act as forward proxies (e.g. +nginx, httpd...) are accepting them. + +This change will allow to proxy chunked responses from origin server, +which had whitespaces inbetween chunk-size and CRLF. +--- + src/http/one/TeChunkedParser.cc | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/http/one/TeChunkedParser.cc b/src/http/one/TeChunkedParser.cc +index 9cce10fdc91..04753395e16 100644 +--- a/src/http/one/TeChunkedParser.cc ++++ b/src/http/one/TeChunkedParser.cc +@@ -125,6 +125,7 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok) + // Code becomes much simpler when incremental parsing functions throw on + // bad or insufficient input, like in the code below. TODO: Expand up. + try { ++ tok.skipAll(CharacterSet::WSP); // Some servers send SP/TAB after chunk-size + parseChunkExtensions(tok); // a possibly empty chunk-ext list + tok.skipRequired("CRLF after [chunk-ext]", Http1::CrLf()); + buf_ = tok.remaining(); + +From 9c8d35f899035fa06021ab3fe6919f892c2f0c6b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= +Date: Fri, 11 Oct 2024 02:06:31 +0200 +Subject: [PATCH 2/6] Added new argument to Http::One::ParseBws() + +Depending on new wsp_only argument in ParseBws() it will be decided +which set of whitespaces characters will be parsed. If wsp_only is set +to true, only SP and HTAB chars will be parsed. + +Also optimized number of ParseBws calls. +--- + src/http/one/Parser.cc | 4 ++-- + src/http/one/Parser.h | 3 ++- + src/http/one/TeChunkedParser.cc | 13 +++++++++---- + src/http/one/TeChunkedParser.h | 2 +- + 4 files changed, 14 insertions(+), 8 deletions(-) + +diff --git a/src/http/one/Parser.cc b/src/http/one/Parser.cc +index b1908316a0b..01d7e3bc0e8 100644 +--- a/src/http/one/Parser.cc ++++ b/src/http/one/Parser.cc +@@ -273,9 +273,9 @@ Http::One::ErrorLevel() + + // BWS = *( SP / HTAB ) ; WhitespaceCharacters() may relax this RFC 7230 rule + void +-Http::One::ParseBws(Parser::Tokenizer &tok) ++Http::One::ParseBws(Parser::Tokenizer &tok, const bool wsp_only) + { +- const auto count = tok.skipAll(Parser::WhitespaceCharacters()); ++ const auto count = tok.skipAll(wsp_only ? CharacterSet::WSP : Parser::WhitespaceCharacters()); + + if (tok.atEnd()) + throw InsufficientInput(); // even if count is positive +diff --git a/src/http/one/Parser.h b/src/http/one/Parser.h +index d9a0ac8c273..08200371cd6 100644 +--- a/src/http/one/Parser.h ++++ b/src/http/one/Parser.h +@@ -163,8 +163,9 @@ class Parser : public RefCountable + }; + + /// skips and, if needed, warns about RFC 7230 BWS ("bad" whitespace) ++/// \param wsp_only force skipping of whitespaces only, don't consider skipping relaxed delimeter chars + /// \throws InsufficientInput when the end of BWS cannot be confirmed +-void ParseBws(Parser::Tokenizer &); ++void ParseBws(Parser::Tokenizer &, const bool wsp_only = false); + + /// the right debugs() level for logging HTTP violation messages + int ErrorLevel(); +diff --git a/src/http/one/TeChunkedParser.cc b/src/http/one/TeChunkedParser.cc +index 04753395e16..41e1e5ddaea 100644 +--- a/src/http/one/TeChunkedParser.cc ++++ b/src/http/one/TeChunkedParser.cc +@@ -125,8 +125,11 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok) + // Code becomes much simpler when incremental parsing functions throw on + // bad or insufficient input, like in the code below. TODO: Expand up. + try { +- tok.skipAll(CharacterSet::WSP); // Some servers send SP/TAB after chunk-size +- parseChunkExtensions(tok); // a possibly empty chunk-ext list ++ // A possibly empty chunk-ext list. If no chunk-ext has been found, ++ // try to skip trailing BWS, because some servers send "chunk-size BWS CRLF". ++ if (!parseChunkExtensions(tok)) ++ ParseBws(tok, true); ++ + tok.skipRequired("CRLF after [chunk-ext]", Http1::CrLf()); + buf_ = tok.remaining(); + parsingStage_ = theChunkSize ? Http1::HTTP_PARSE_CHUNK : Http1::HTTP_PARSE_MIME; +@@ -140,20 +143,22 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok) + + /// Parses the chunk-ext list (RFC 9112 section 7.1.1: + /// chunk-ext = *( BWS ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] ) +-void ++bool + Http::One::TeChunkedParser::parseChunkExtensions(Tokenizer &callerTok) + { ++ bool foundChunkExt = false; + do { + auto tok = callerTok; + + ParseBws(tok); // Bug 4492: IBM_HTTP_Server sends SP after chunk-size + + if (!tok.skip(';')) +- return; // reached the end of extensions (if any) ++ return foundChunkExt; // reached the end of extensions (if any) + + parseOneChunkExtension(tok); + buf_ = tok.remaining(); // got one extension + callerTok = tok; ++ foundChunkExt = true; + } while (true); + } + +diff --git a/src/http/one/TeChunkedParser.h b/src/http/one/TeChunkedParser.h +index 02eacd1bb89..8c5d4bb4cba 100644 +--- a/src/http/one/TeChunkedParser.h ++++ b/src/http/one/TeChunkedParser.h +@@ -71,7 +71,7 @@ class TeChunkedParser : public Http1::Parser + private: + bool parseChunkSize(Tokenizer &tok); + bool parseChunkMetadataSuffix(Tokenizer &); +- void parseChunkExtensions(Tokenizer &); ++ bool parseChunkExtensions(Tokenizer &); + void parseOneChunkExtension(Tokenizer &); + bool parseChunkBody(Tokenizer &tok); + bool parseChunkEnd(Tokenizer &tok); + +From 81e67f97f9c386bdd0bb4a5e182395c46adb70ad Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= +Date: Fri, 11 Oct 2024 02:44:33 +0200 +Subject: [PATCH 3/6] Fix typo in Parser.h + +--- + src/http/one/Parser.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/http/one/Parser.h b/src/http/one/Parser.h +index 08200371cd6..3ef4c5f7752 100644 +--- a/src/http/one/Parser.h ++++ b/src/http/one/Parser.h +@@ -163,7 +163,7 @@ class Parser : public RefCountable + }; + + /// skips and, if needed, warns about RFC 7230 BWS ("bad" whitespace) +-/// \param wsp_only force skipping of whitespaces only, don't consider skipping relaxed delimeter chars ++/// \param wsp_only force skipping of whitespaces only, don't consider skipping relaxed delimiter chars + /// \throws InsufficientInput when the end of BWS cannot be confirmed + void ParseBws(Parser::Tokenizer &, const bool wsp_only = false); + + +From a0d4fe1794e605f8299a5c118c758a807453f016 Mon Sep 17 00:00:00 2001 +From: Alex Rousskov +Date: Thu, 10 Oct 2024 22:39:42 -0400 +Subject: [PATCH 4/6] Bug 5449 is a regression of Bug 4492! + +Both bugs deal with "chunk-size SP+ CRLF" use cases. Bug 4492 had _two_ +spaces after chunk-size, which answers one of the PR review questions: +Should we skip just one space? No, we should not. + +The lines moved around in many commits, but I believe this regression +was introduced in commit 951013d0 because that commit stopped consuming +partially parsed chunk-ext sequences. That consumption was wrong, but it +had a positive side effect -- fixing Bug 4492... +--- + src/http/one/TeChunkedParser.cc | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/http/one/TeChunkedParser.cc b/src/http/one/TeChunkedParser.cc +index 41e1e5ddaea..aa4a840fdcf 100644 +--- a/src/http/one/TeChunkedParser.cc ++++ b/src/http/one/TeChunkedParser.cc +@@ -125,10 +125,10 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok) + // Code becomes much simpler when incremental parsing functions throw on + // bad or insufficient input, like in the code below. TODO: Expand up. + try { +- // A possibly empty chunk-ext list. If no chunk-ext has been found, +- // try to skip trailing BWS, because some servers send "chunk-size BWS CRLF". +- if (!parseChunkExtensions(tok)) +- ParseBws(tok, true); ++ // Bug 4492: IBM_HTTP_Server sends SP after chunk-size ++ ParseBws(tok, true); ++ ++ parseChunkExtensions(tok); + + tok.skipRequired("CRLF after [chunk-ext]", Http1::CrLf()); + buf_ = tok.remaining(); +@@ -150,7 +150,7 @@ Http::One::TeChunkedParser::parseChunkExtensions(Tokenizer &callerTok) + do { + auto tok = callerTok; + +- ParseBws(tok); // Bug 4492: IBM_HTTP_Server sends SP after chunk-size ++ ParseBws(tok); + + if (!tok.skip(';')) + return foundChunkExt; // reached the end of extensions (if any) + +From f837f5ff61301a17008f16ce1fb793c2abf19786 Mon Sep 17 00:00:00 2001 +From: Alex Rousskov +Date: Thu, 10 Oct 2024 23:06:42 -0400 +Subject: [PATCH 5/6] fixup: Fewer conditionals/ifs and more explicit spelling + +... to draw code reader attention when something unusual is going on. +--- + src/http/one/Parser.cc | 22 ++++++++++++++++++---- + src/http/one/Parser.h | 10 ++++++++-- + src/http/one/TeChunkedParser.cc | 14 ++++++-------- + src/http/one/TeChunkedParser.h | 2 +- + 4 files changed, 33 insertions(+), 15 deletions(-) + +diff --git a/src/http/one/Parser.cc b/src/http/one/Parser.cc +index 01d7e3bc0e8..d3937e5e96b 100644 +--- a/src/http/one/Parser.cc ++++ b/src/http/one/Parser.cc +@@ -271,11 +271,12 @@ Http::One::ErrorLevel() + return Config.onoff.relaxed_header_parser < 0 ? DBG_IMPORTANT : 5; + } + +-// BWS = *( SP / HTAB ) ; WhitespaceCharacters() may relax this RFC 7230 rule +-void +-Http::One::ParseBws(Parser::Tokenizer &tok, const bool wsp_only) ++/// common part of ParseBws() and ParseStrctBws() ++namespace Http::One { ++static void ++ParseBws_(Parser::Tokenizer &tok, const CharacterSet &bwsChars) + { +- const auto count = tok.skipAll(wsp_only ? CharacterSet::WSP : Parser::WhitespaceCharacters()); ++ const auto count = tok.skipAll(bwsChars); + + if (tok.atEnd()) + throw InsufficientInput(); // even if count is positive +@@ -290,4 +291,17 @@ Http::One::ParseBws(Parser::Tokenizer &tok, const bool wsp_only) + + // success: no more BWS characters expected + } ++} // namespace Http::One ++ ++void ++Http::One::ParseBws(Parser::Tokenizer &tok) ++{ ++ ParseBws_(tok, CharacterSet::WSP); ++} ++ ++void ++Http::One::ParseStrictBws(Parser::Tokenizer &tok) ++{ ++ ParseBws_(tok, Parser::WhitespaceCharacters()); ++} + +diff --git a/src/http/one/Parser.h b/src/http/one/Parser.h +index 3ef4c5f7752..49e399de546 100644 +--- a/src/http/one/Parser.h ++++ b/src/http/one/Parser.h +@@ -163,9 +163,15 @@ class Parser : public RefCountable + }; + + /// skips and, if needed, warns about RFC 7230 BWS ("bad" whitespace) +-/// \param wsp_only force skipping of whitespaces only, don't consider skipping relaxed delimiter chars + /// \throws InsufficientInput when the end of BWS cannot be confirmed +-void ParseBws(Parser::Tokenizer &, const bool wsp_only = false); ++/// \sa WhitespaceCharacters() for the definition of BWS characters ++/// \sa ParseStrictBws() that avoids WhitespaceCharacters() uncertainties ++void ParseBws(Parser::Tokenizer &); ++ ++/// Like ParseBws() but only skips CharacterSet::WSP characters. This variation ++/// must be used if the next element may start with CR or any other character ++/// from RelaxedDelimiterCharacters(). ++void ParseStrictBws(Parser::Tokenizer &); + + /// the right debugs() level for logging HTTP violation messages + int ErrorLevel(); +diff --git a/src/http/one/TeChunkedParser.cc b/src/http/one/TeChunkedParser.cc +index aa4a840fdcf..859471b8c77 100644 +--- a/src/http/one/TeChunkedParser.cc ++++ b/src/http/one/TeChunkedParser.cc +@@ -125,11 +125,11 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok) + // Code becomes much simpler when incremental parsing functions throw on + // bad or insufficient input, like in the code below. TODO: Expand up. + try { +- // Bug 4492: IBM_HTTP_Server sends SP after chunk-size +- ParseBws(tok, true); +- +- parseChunkExtensions(tok); ++ // Bug 4492: IBM_HTTP_Server sends SP after chunk-size. ++ // No ParseBws() here because it may consume CR required further below. ++ ParseStrictBws(tok); + ++ parseChunkExtensions(tok); // a possibly empty chunk-ext list + tok.skipRequired("CRLF after [chunk-ext]", Http1::CrLf()); + buf_ = tok.remaining(); + parsingStage_ = theChunkSize ? Http1::HTTP_PARSE_CHUNK : Http1::HTTP_PARSE_MIME; +@@ -143,22 +143,20 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok) + + /// Parses the chunk-ext list (RFC 9112 section 7.1.1: + /// chunk-ext = *( BWS ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] ) +-bool ++void + Http::One::TeChunkedParser::parseChunkExtensions(Tokenizer &callerTok) + { +- bool foundChunkExt = false; + do { + auto tok = callerTok; + + ParseBws(tok); + + if (!tok.skip(';')) +- return foundChunkExt; // reached the end of extensions (if any) ++ return; // reached the end of extensions (if any) + + parseOneChunkExtension(tok); + buf_ = tok.remaining(); // got one extension + callerTok = tok; +- foundChunkExt = true; + } while (true); + } + +diff --git a/src/http/one/TeChunkedParser.h b/src/http/one/TeChunkedParser.h +index 8c5d4bb4cba..02eacd1bb89 100644 +--- a/src/http/one/TeChunkedParser.h ++++ b/src/http/one/TeChunkedParser.h +@@ -71,7 +71,7 @@ class TeChunkedParser : public Http1::Parser + private: + bool parseChunkSize(Tokenizer &tok); + bool parseChunkMetadataSuffix(Tokenizer &); +- bool parseChunkExtensions(Tokenizer &); ++ void parseChunkExtensions(Tokenizer &); + void parseOneChunkExtension(Tokenizer &); + bool parseChunkBody(Tokenizer &tok); + bool parseChunkEnd(Tokenizer &tok); + +From f79936a234e722adb2dd08f31cf6019d81ee712c Mon Sep 17 00:00:00 2001 +From: Alex Rousskov +Date: Thu, 10 Oct 2024 23:31:08 -0400 +Subject: [PATCH 6/6] fixup: Deadly typo + +--- + src/http/one/Parser.cc | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/http/one/Parser.cc b/src/http/one/Parser.cc +index d3937e5e96b..7403a9163a2 100644 +--- a/src/http/one/Parser.cc ++++ b/src/http/one/Parser.cc +@@ -296,12 +296,12 @@ ParseBws_(Parser::Tokenizer &tok, const CharacterSet &bwsChars) + void + Http::One::ParseBws(Parser::Tokenizer &tok) + { +- ParseBws_(tok, CharacterSet::WSP); ++ ParseBws_(tok, Parser::WhitespaceCharacters()); + } + + void + Http::One::ParseStrictBws(Parser::Tokenizer &tok) + { +- ParseBws_(tok, Parser::WhitespaceCharacters()); ++ ParseBws_(tok, CharacterSet::WSP); + } + + diff --git a/squid.spec b/squid.spec index f4fd37a..bfed799 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 6.11 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -38,6 +38,8 @@ Patch203: squid-6.1-perlpath.patch Patch204: squid-6.1-symlink-lang-err.patch # Upstream PR: https://github.com/squid-cache/squid/pull/1442 Patch205: squid-6.1-crash-half-closed.patch +# Upstream PR: https://github.com/squid-cache/squid/pull/1914 +Patch206: squid-6.11-ignore-wsp-after-chunk-size.patch # cache_swap.sh Requires: bash gawk @@ -324,6 +326,9 @@ fi %changelog +* Fri Oct 11 2024 Luboš Uhliarik - 7:6.11-2 +- ignore SP and HTAB chars after chunk-size + * Wed Sep 25 2024 Luboš Uhliarik - 7:6.11-1 - new version 6.11 From 9e3214a7297593a7cf0ea6a40bd892d351137976 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Wed, 23 Oct 2024 21:35:04 +0200 Subject: [PATCH 110/124] new version 6.12 Fix TCP_MISS_ABORTED/100 erros when uploading --- sources | 4 +- squid-6.12-large-upload-buffer-dies.patch | 117 ++++++++++++++++++++++ squid.spec | 10 +- 3 files changed, 127 insertions(+), 4 deletions(-) create mode 100644 squid-6.12-large-upload-buffer-dies.patch diff --git a/sources b/sources index 469e7e0..f79692e 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-6.11.tar.xz) = 669f658b0a58514f98c2b33df874706d40b9ed0837e1f32e08e274c79617063e06e706932011a34b115dcc96d43125f9cea30fba459cd31a88e3afd9b6076d7a -SHA512 (squid-6.11.tar.xz.asc) = e4bf8a77fe431eb6ba7ff9c10511d987692438d66c4aa72739b4fedf73aa6e6704e4da756ffcfeb82b9d76be9a3e4bb963dd523132cda732077898785cc6bbb9 +SHA512 (squid-6.12.tar.xz) = 7ab61f19416426fb8284de7bddc1ea9a5a7b3148fc54c018a243071ba5854610ef38a248f6a22634a2acb7d3ea408b582af1f48818dfe698ade0b7b8c00fd183 +SHA512 (squid-6.12.tar.xz.asc) = 34cd6e9f6f908626184ea6995bcb340a939c00b6254f4427967282fb6e4b89e5cf9c02f8df9f61f2ae9ea08a4ec3796840eeb327e123299e26683a5ecb9b9a0f SHA512 (pgp.asc) = b1e1dd5ead34711f064a12a324b2f156ad4835330d861eae4032926b8a6cd07c0eacc76f52518d47ed5a8ead4695f5abd02f2b4190af8e7833bd3ea31453569d diff --git a/squid-6.12-large-upload-buffer-dies.patch b/squid-6.12-large-upload-buffer-dies.patch new file mode 100644 index 0000000..459d528 --- /dev/null +++ b/squid-6.12-large-upload-buffer-dies.patch @@ -0,0 +1,117 @@ +From 4d6dd3ddba5e850a42c86d8233735165a371c31c Mon Sep 17 00:00:00 2001 +From: Alex Rousskov +Date: Sun, 1 Sep 2024 00:39:34 +0000 +Subject: [PATCH] Bug 5405: Large uploads fill request buffer and die (#1887) + + maybeMakeSpaceAvailable: request buffer full + ReadNow: ... size 0, retval 0, errno 0 + terminateAll: 1/1 after ERR_CLIENT_GONE/WITH_CLIENT + %Ss=TCP_MISS_ABORTED + +This bug is triggered by a combination of the following two conditions: + +* HTTP client upload fills Squid request buffer faster than it is + drained by an origin server, cache_peer, or REQMOD service. The buffer + accumulates 576 KB (default 512 KB client_request_buffer_max_size + 64 + KB internal "pipe" buffer). + +* The affected server or service consumes a few bytes after the critical + accumulation is reached. In other words, the bug cannot be triggered + if nothing is consumed after the first condition above is met. + +Comm::ReadNow() must not be called with a full buffer: Related +FD_READ_METHOD() code cannot distinguish "received EOF" from "had no +buffer space" outcomes. Server::readSomeData() tried to prevent such +calls, but the corresponding check had two problems: + +* The check had an unsigned integer underflow bug[^1] that made it + ineffective when inBuf length exceeded Config.maxRequestBufferSize. + That length could exceed the limit due to reconfiguration and when + inBuf space size first grew outside of maybeMakeSpaceAvailable() + protections (e.g., during an inBuf.c_str() call) and then got filled + with newly read data. That growth started happening after 2020 commit + 1dfbca06 optimized SBuf::cow() to merge leading and trailing space. + Prior to that commit, Bug 5405 could probably only affect Squid + reconfigurations that lower client_request_buffer_max_size. + +* The check was separated from the ReadNow() call it was meant to + protect. While ConnStateData was waiting for the socket to become + ready for reading, various asynchronous events could alter inBuf or + Config.maxRequestBufferSize. + +This change fixes both problems. + +This change also fixes Squid Bug 5214. + +[^1]: That underflow bug was probably introduced in 2015 commit 4d1376d7 +while trying to emulate the original "do not read less than two bytes" +ConnStateData::In::maybeMakeSpaceAvailable() condition. That condition +itself looks like a leftover from manual zero-terminated input buffer +days that ended with 2014 commit e7287625. It is now removed. +--- + +diff --git a/src/servers/Server.cc b/src/servers/Server.cc +index 70fd10b..dd20619 100644 +--- a/src/servers/Server.cc ++++ b/src/servers/Server.cc +@@ -83,16 +83,25 @@ Server::maybeMakeSpaceAvailable() + debugs(33, 4, "request buffer full: client_request_buffer_max_size=" << Config.maxRequestBufferSize); + } + ++bool ++Server::mayBufferMoreRequestBytes() const ++{ ++ // TODO: Account for bodyPipe buffering as well. ++ if (inBuf.length() >= Config.maxRequestBufferSize) { ++ debugs(33, 4, "no: " << inBuf.length() << '-' << Config.maxRequestBufferSize << '=' << (inBuf.length() - Config.maxRequestBufferSize)); ++ return false; ++ } ++ debugs(33, 7, "yes: " << Config.maxRequestBufferSize << '-' << inBuf.length() << '=' << (Config.maxRequestBufferSize - inBuf.length())); ++ return true; ++} ++ + void + Server::readSomeData() + { + if (reading()) + return; + +- debugs(33, 4, clientConnection << ": reading request..."); +- +- // we can only read if there is more than 1 byte of space free +- if (Config.maxRequestBufferSize - inBuf.length() < 2) ++ if (!mayBufferMoreRequestBytes()) + return; + + typedef CommCbMemFunT Dialer; +@@ -123,7 +132,16 @@ Server::doClientRead(const CommIoCbParams &io) + * Plus, it breaks our lame *HalfClosed() detection + */ + ++ // mayBufferMoreRequestBytes() was true during readSomeData(), but variables ++ // like Config.maxRequestBufferSize may have changed since that check ++ if (!mayBufferMoreRequestBytes()) { ++ // XXX: If we avoid Comm::ReadNow(), we should not Comm::Read() again ++ // when the wait is over; resume these doClientRead() checks instead. ++ return; // wait for noteMoreBodySpaceAvailable() or a similar inBuf draining event ++ } + maybeMakeSpaceAvailable(); ++ Assure(inBuf.spaceSize()); ++ + CommIoCbParams rd(this); // will be expanded with ReadNow results + rd.conn = io.conn; + switch (Comm::ReadNow(rd, inBuf)) { +diff --git a/src/servers/Server.h b/src/servers/Server.h +index ef105f5..6e549b3 100644 +--- a/src/servers/Server.h ++++ b/src/servers/Server.h +@@ -119,6 +119,9 @@ protected: + /// abort any pending transactions and prevent new ones (by closing) + virtual void terminateAll(const Error &, const LogTagsErrors &) = 0; + ++ /// whether client_request_buffer_max_size allows inBuf.length() increase ++ bool mayBufferMoreRequestBytes() const; ++ + void doClientRead(const CommIoCbParams &io); + void clientWriteDone(const CommIoCbParams &io); + diff --git a/squid.spec b/squid.spec index bfed799..2ee61da 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 6.11 -Release: 2%{?dist} +Version: 6.12 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -40,6 +40,8 @@ Patch204: squid-6.1-symlink-lang-err.patch Patch205: squid-6.1-crash-half-closed.patch # Upstream PR: https://github.com/squid-cache/squid/pull/1914 Patch206: squid-6.11-ignore-wsp-after-chunk-size.patch +# https://bugs.squid-cache.org/show_bug.cgi?id=5214 +Patch207: squid-6.12-large-upload-buffer-dies.patch # cache_swap.sh Requires: bash gawk @@ -326,6 +328,10 @@ fi %changelog +* Wed Oct 23 2024 Luboš Uhliarik - 7:6.12-1 +- new version 6.12 +- Fix TCP_MISS_ABORTED/100 erros when uploading + * Fri Oct 11 2024 Luboš Uhliarik - 7:6.11-2 - ignore SP and HTAB chars after chunk-size From e91b352f108c5c8897982cbb51d468ce421d61b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Fri, 1 Nov 2024 16:39:14 +0100 Subject: [PATCH 111/124] Disable ESI support since ESI support has been also removed from squid 7 Resolves: CVE-2024-45802 squid: Denial of Service processing ESI response content --- squid.spec | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/squid.spec b/squid.spec index 2ee61da..0631e68 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 6.12 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -59,8 +59,6 @@ BuildRequires: openssl-devel BuildRequires: krb5-devel # time_quota requires TrivialDB BuildRequires: libtdb-devel -# ESI support requires Expat & libxml2 -BuildRequires: expat-devel libxml2-devel # TPROXY requires libcap, and also increases security somewhat BuildRequires: libcap-devel # eCAP support @@ -143,7 +141,7 @@ sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented --enable-storeio="aufs,diskd,ufs,rock" \ --enable-diskio \ --enable-wccpv2 \ - --enable-esi \ + --disable-esi \ --enable-ecap \ --with-aio \ --with-default-user="squid" \ @@ -328,6 +326,11 @@ fi %changelog +* Fri Nov 01 2024 Luboš Uhliarik - 7:6.12-2 +- Disable ESI support since ESI support has been also removed from squid 7 +- Resolves: CVE-2024-45802 squid: Denial of Service processing ESI + response content + * Wed Oct 23 2024 Luboš Uhliarik - 7:6.12-1 - new version 6.12 - Fix TCP_MISS_ABORTED/100 erros when uploading From 789f7c9b18f6158643a288de505436f575b8f1c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Fri, 1 Nov 2024 21:44:15 +0100 Subject: [PATCH 112/124] better error handling in cache_swap.sh added RuntimeDirectory to systemd service file --- cache_swap.sh | 5 ++++- squid.service | 9 ++++++--- squid.spec | 19 ++++++------------- 3 files changed, 16 insertions(+), 17 deletions(-) diff --git a/cache_swap.sh b/cache_swap.sh index 77d06ac..89f3478 100644 --- a/cache_swap.sh +++ b/cache_swap.sh @@ -17,5 +17,8 @@ done if [ $init_cache_dirs -ne 0 ]; then echo "" - squid --foreground -z -f "$SQUID_CONF" >> /var/log/squid/squid.out 2>&1 + if ! squid --foreground -z -f "$SQUID_CONF" >> /var/log/squid/squid.out 2>&1; then + echo "init_cache_dir failed, see /var/log/squid/squid.out for more information" + exit 1 + fi fi diff --git a/squid.service b/squid.service index 6978032..09c68cc 100644 --- a/squid.service +++ b/squid.service @@ -8,11 +8,14 @@ Type=notify LimitNOFILE=16384 PIDFile=/run/squid.pid EnvironmentFile=/etc/sysconfig/squid -ExecStartPre=/usr/libexec/squid/cache_swap.sh -ExecStart=/usr/sbin/squid --foreground $SQUID_OPTS -f ${SQUID_CONF} -ExecReload=/usr/bin/kill -HUP $MAINPID +ExecStartPre=!/usr/libexec/squid/cache_swap.sh +ExecStart=!/usr/sbin/squid --foreground $SQUID_OPTS -f ${SQUID_CONF} +ExecReload=!/usr/bin/kill -HUP $MAINPID KillMode=mixed NotifyAccess=all +User=squid +Group=squid +RuntimeDirectory=squid [Install] WantedBy=multi-user.target diff --git a/squid.spec b/squid.spec index 0631e68..5cbe6b9 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 6.12 -Release: 2%{?dist} +Release: 3%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -71,7 +71,7 @@ BuildRequires: perl-generators BuildRequires: pkgconfig(cppunit) # For verifying downloded src tarball BuildRequires: gnupg2 -# for _tmpfilesdir and _unitdir macro +# for _unitdir macro # see https://docs.fedoraproject.org/en-US/packaging-guidelines/Systemd/#_packaging BuildRequires: systemd-rpm-macros # systemd notify @@ -198,17 +198,8 @@ install -m 644 $RPM_BUILD_ROOT/squid.httpd.tmp $RPM_BUILD_ROOT%{_sysconfdir}/htt install -m 755 %{SOURCE6} $RPM_BUILD_ROOT%{_prefix}/lib/NetworkManager/dispatcher.d/20-squid mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/squid mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/spool/squid -mkdir -p $RPM_BUILD_ROOT/run/squid chmod 644 contrib/url-normalizer.pl contrib/user-agents.pl -# install /usr/lib/tmpfiles.d/squid.conf -mkdir -p ${RPM_BUILD_ROOT}%{_tmpfilesdir} -cat > ${RPM_BUILD_ROOT}%{_tmpfilesdir}/squid.conf < - 7:6.12-3 +- better error handling in cache_swap.sh +- added RuntimeDirectory to systemd service file + * Fri Nov 01 2024 Luboš Uhliarik - 7:6.12-2 - Disable ESI support since ESI support has been also removed from squid 7 - Resolves: CVE-2024-45802 squid: Denial of Service processing ESI From d3ada053730bd30c73f430ff270c4b92b86ef5ca Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sun, 19 Jan 2025 11:31:35 +0000 Subject: [PATCH 113/124] Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild --- squid.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index 5cbe6b9..22786ee 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 6.12 -Release: 3%{?dist} +Release: 4%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -315,6 +315,9 @@ fi %changelog +* Sun Jan 19 2025 Fedora Release Engineering - 7:6.12-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + * Fri Nov 01 2024 Luboš Uhliarik - 7:6.12-3 - better error handling in cache_swap.sh - added RuntimeDirectory to systemd service file From 5403d2498221ec36a496d79a1797054f64e78fa4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= Date: Sat, 1 Feb 2025 19:57:33 +0100 Subject: [PATCH 114/124] Add explicit BR: libxcrypt-devel MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Björn Esser --- squid.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index 22786ee..ff41802 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 6.12 -Release: 4%{?dist} +Release: 5%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -66,6 +66,7 @@ BuildRequires: libecap-devel #ip_user helper requires BuildRequires: gcc-c++ BuildRequires: libtool libtool-ltdl-devel +BuildRequires: libxcrypt-devel BuildRequires: perl-generators # For test suite BuildRequires: pkgconfig(cppunit) @@ -315,6 +316,9 @@ fi %changelog +* Sat Feb 01 2025 Björn Esser - 7:6.12-5 +- Add explicit BR: libxcrypt-devel + * Sun Jan 19 2025 Fedora Release Engineering - 7:6.12-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild From 9c651e4fe8d7da27226525e8fc3c7c84f7d724bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Tue, 4 Feb 2025 18:38:52 +0100 Subject: [PATCH 115/124] new version 6.13 --- sources | 4 +- squid-6.12-large-upload-buffer-dies.patch | 117 ---------------------- squid.spec | 9 +- 3 files changed, 7 insertions(+), 123 deletions(-) delete mode 100644 squid-6.12-large-upload-buffer-dies.patch diff --git a/sources b/sources index f79692e..83d969f 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-6.12.tar.xz) = 7ab61f19416426fb8284de7bddc1ea9a5a7b3148fc54c018a243071ba5854610ef38a248f6a22634a2acb7d3ea408b582af1f48818dfe698ade0b7b8c00fd183 -SHA512 (squid-6.12.tar.xz.asc) = 34cd6e9f6f908626184ea6995bcb340a939c00b6254f4427967282fb6e4b89e5cf9c02f8df9f61f2ae9ea08a4ec3796840eeb327e123299e26683a5ecb9b9a0f +SHA512 (squid-6.13.tar.xz) = a67276a7eb38d00271962b67bff7f08e760db73bc6b0f94ab71297d520405033df65ebb0b38ee5db02bd6c00d81cd600b60d918fe7fff64e06255deaf78f00c1 +SHA512 (squid-6.13.tar.xz.asc) = 66d8d657793ca3bd20e4a728dc0d3568fac078334d57f3105bb67f1c6fbc5e89e21b757f38048f2361b670938ff350d1afd956ba3dfa5d55dfb54d13e4620fc9 SHA512 (pgp.asc) = b1e1dd5ead34711f064a12a324b2f156ad4835330d861eae4032926b8a6cd07c0eacc76f52518d47ed5a8ead4695f5abd02f2b4190af8e7833bd3ea31453569d diff --git a/squid-6.12-large-upload-buffer-dies.patch b/squid-6.12-large-upload-buffer-dies.patch deleted file mode 100644 index 459d528..0000000 --- a/squid-6.12-large-upload-buffer-dies.patch +++ /dev/null @@ -1,117 +0,0 @@ -From 4d6dd3ddba5e850a42c86d8233735165a371c31c Mon Sep 17 00:00:00 2001 -From: Alex Rousskov -Date: Sun, 1 Sep 2024 00:39:34 +0000 -Subject: [PATCH] Bug 5405: Large uploads fill request buffer and die (#1887) - - maybeMakeSpaceAvailable: request buffer full - ReadNow: ... size 0, retval 0, errno 0 - terminateAll: 1/1 after ERR_CLIENT_GONE/WITH_CLIENT - %Ss=TCP_MISS_ABORTED - -This bug is triggered by a combination of the following two conditions: - -* HTTP client upload fills Squid request buffer faster than it is - drained by an origin server, cache_peer, or REQMOD service. The buffer - accumulates 576 KB (default 512 KB client_request_buffer_max_size + 64 - KB internal "pipe" buffer). - -* The affected server or service consumes a few bytes after the critical - accumulation is reached. In other words, the bug cannot be triggered - if nothing is consumed after the first condition above is met. - -Comm::ReadNow() must not be called with a full buffer: Related -FD_READ_METHOD() code cannot distinguish "received EOF" from "had no -buffer space" outcomes. Server::readSomeData() tried to prevent such -calls, but the corresponding check had two problems: - -* The check had an unsigned integer underflow bug[^1] that made it - ineffective when inBuf length exceeded Config.maxRequestBufferSize. - That length could exceed the limit due to reconfiguration and when - inBuf space size first grew outside of maybeMakeSpaceAvailable() - protections (e.g., during an inBuf.c_str() call) and then got filled - with newly read data. That growth started happening after 2020 commit - 1dfbca06 optimized SBuf::cow() to merge leading and trailing space. - Prior to that commit, Bug 5405 could probably only affect Squid - reconfigurations that lower client_request_buffer_max_size. - -* The check was separated from the ReadNow() call it was meant to - protect. While ConnStateData was waiting for the socket to become - ready for reading, various asynchronous events could alter inBuf or - Config.maxRequestBufferSize. - -This change fixes both problems. - -This change also fixes Squid Bug 5214. - -[^1]: That underflow bug was probably introduced in 2015 commit 4d1376d7 -while trying to emulate the original "do not read less than two bytes" -ConnStateData::In::maybeMakeSpaceAvailable() condition. That condition -itself looks like a leftover from manual zero-terminated input buffer -days that ended with 2014 commit e7287625. It is now removed. ---- - -diff --git a/src/servers/Server.cc b/src/servers/Server.cc -index 70fd10b..dd20619 100644 ---- a/src/servers/Server.cc -+++ b/src/servers/Server.cc -@@ -83,16 +83,25 @@ Server::maybeMakeSpaceAvailable() - debugs(33, 4, "request buffer full: client_request_buffer_max_size=" << Config.maxRequestBufferSize); - } - -+bool -+Server::mayBufferMoreRequestBytes() const -+{ -+ // TODO: Account for bodyPipe buffering as well. -+ if (inBuf.length() >= Config.maxRequestBufferSize) { -+ debugs(33, 4, "no: " << inBuf.length() << '-' << Config.maxRequestBufferSize << '=' << (inBuf.length() - Config.maxRequestBufferSize)); -+ return false; -+ } -+ debugs(33, 7, "yes: " << Config.maxRequestBufferSize << '-' << inBuf.length() << '=' << (Config.maxRequestBufferSize - inBuf.length())); -+ return true; -+} -+ - void - Server::readSomeData() - { - if (reading()) - return; - -- debugs(33, 4, clientConnection << ": reading request..."); -- -- // we can only read if there is more than 1 byte of space free -- if (Config.maxRequestBufferSize - inBuf.length() < 2) -+ if (!mayBufferMoreRequestBytes()) - return; - - typedef CommCbMemFunT Dialer; -@@ -123,7 +132,16 @@ Server::doClientRead(const CommIoCbParams &io) - * Plus, it breaks our lame *HalfClosed() detection - */ - -+ // mayBufferMoreRequestBytes() was true during readSomeData(), but variables -+ // like Config.maxRequestBufferSize may have changed since that check -+ if (!mayBufferMoreRequestBytes()) { -+ // XXX: If we avoid Comm::ReadNow(), we should not Comm::Read() again -+ // when the wait is over; resume these doClientRead() checks instead. -+ return; // wait for noteMoreBodySpaceAvailable() or a similar inBuf draining event -+ } - maybeMakeSpaceAvailable(); -+ Assure(inBuf.spaceSize()); -+ - CommIoCbParams rd(this); // will be expanded with ReadNow results - rd.conn = io.conn; - switch (Comm::ReadNow(rd, inBuf)) { -diff --git a/src/servers/Server.h b/src/servers/Server.h -index ef105f5..6e549b3 100644 ---- a/src/servers/Server.h -+++ b/src/servers/Server.h -@@ -119,6 +119,9 @@ protected: - /// abort any pending transactions and prevent new ones (by closing) - virtual void terminateAll(const Error &, const LogTagsErrors &) = 0; - -+ /// whether client_request_buffer_max_size allows inBuf.length() increase -+ bool mayBufferMoreRequestBytes() const; -+ - void doClientRead(const CommIoCbParams &io); - void clientWriteDone(const CommIoCbParams &io); - diff --git a/squid.spec b/squid.spec index ff41802..d73d7be 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 6.12 -Release: 5%{?dist} +Version: 6.13 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -40,8 +40,6 @@ Patch204: squid-6.1-symlink-lang-err.patch Patch205: squid-6.1-crash-half-closed.patch # Upstream PR: https://github.com/squid-cache/squid/pull/1914 Patch206: squid-6.11-ignore-wsp-after-chunk-size.patch -# https://bugs.squid-cache.org/show_bug.cgi?id=5214 -Patch207: squid-6.12-large-upload-buffer-dies.patch # cache_swap.sh Requires: bash gawk @@ -316,6 +314,9 @@ fi %changelog +* Tue Feb 04 2025 Luboš Uhliarik - 7:6.13-1 +- new version 6.13 + * Sat Feb 01 2025 Björn Esser - 7:6.12-5 - Add explicit BR: libxcrypt-devel From 22a11a4a8b6f73f9ba9abe9490f09f5628b42b6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Wed, 5 Feb 2025 18:12:27 +0100 Subject: [PATCH 116/124] Source URL change Use the GitHub URL as the source URL instead of the obsolete one. --- squid.spec | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/squid.spec b/squid.spec index d73d7be..dbdcc3a 100644 --- a/squid.spec +++ b/squid.spec @@ -1,4 +1,5 @@ %define __perl_requires %{SOURCE98} +%define version_underscore %(echo %{version} | tr '.' '_') Name: squid Version: 6.13 @@ -9,8 +10,8 @@ Epoch: 7 License: GPL-2.0-or-later AND (LGPL-2.0-or-later AND MIT AND BSD-2-Clause AND BSD-3-Clause AND BSD-4-Clause AND BSD-4-Clause-UC AND LicenseRef-Fedora-Public-Domain AND Beerware) URL: http://www.squid-cache.org -Source0: http://www.squid-cache.org/Versions/v6/squid-%{version}.tar.xz -Source1: http://www.squid-cache.org/Versions/v6/squid-%{version}.tar.xz.asc +Source0: https://github.com/squid-cache/squid/releases/download/SQUID_%{version_underscore}/squid-%{version}.tar.xz +Source1: https://github.com/squid-cache/squid/releases/download/SQUID_%{version_underscore}/squid-%{version}.tar.xz.asc Source2: http://www.squid-cache.org/pgp.asc Source3: squid.logrotate Source4: squid.sysconfig From 3f92dc8816e1639138e4fcb01ac2d293dc49ff8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Thu, 10 Apr 2025 14:34:13 +0200 Subject: [PATCH 117/124] Do not blame cache_peer for 4xx CONNECT responses --- squid-6.13-cache-peer-connect-errors.patch | 287 +++++++++++++++++++++ squid.spec | 16 +- 2 files changed, 297 insertions(+), 6 deletions(-) create mode 100644 squid-6.13-cache-peer-connect-errors.patch diff --git a/squid-6.13-cache-peer-connect-errors.patch b/squid-6.13-cache-peer-connect-errors.patch new file mode 100644 index 0000000..339d9ec --- /dev/null +++ b/squid-6.13-cache-peer-connect-errors.patch @@ -0,0 +1,287 @@ +From 2e7dea3cedd3ef2f071dee82867c4147f17376dd Mon Sep 17 00:00:00 2001 +From: Alex Rousskov +Date: Tue, 2 Apr 2024 20:37:31 +0000 +Subject: [PATCH] Do not blame cache_peer for CONNECT errors (#1772) + + ERROR: Connection to [such-and-such-cache_peer] failed + TCP_TUNNEL/503 CONNECT nxdomain.test:443 FIRSTUP_PARENT + +Squid does not alert an admin about (and decrease health level of) a +cache_peer that responded with an error to a GET request. Just like GET +responses from a cache_peer, CONNECT responses may (and often do!) +reflect client or origin server failures. We should not penalize +cache_peers (and alert admins) until we can distinguish these frequent +client/origin failures from (relatively rare) cache_peer problems. This +change absolves cache_peers of CONNECT problems, restoring parity with +GETs and restoring v4 behavior changed (probably by accident) in v5. + +Also removed Http::StatusCode parameter from failure notification +functions because it became essentially unused after the primary +Http::Tunneler changes. Tunneler was the only source of status code +information that (in some cases) used received HTTP response to compute +that status code. All other cases extracted that status code from +Squid-generated errors. Those errors were arguably never meant to supply +status code information for "this failure is not our fault" decision, +and they do not supply 4xx status codes driving that decision. + +### Problem evolution + +2019 commit f5e1794 effectively started blaming cache_peer for all +FwdState CONNECT errors. That functionality change was probably +accidental, likely influenced by the names of noteConnectFailure() and +peerConnectFailed() functions that abbreviated "Connection", making the +functions look as applicable to CONNECT failures. Prior to that commit, +the functions were never used for CONNECT errors. After it, FwdState +started calling peerConnectFailed() for all CONNECT failures. + +In 2020 commit 25b0ce4, TunnelStateData started blaming cache_peers as +well (by moving that FwdState-only error handling code into Tunneler). +The same "accidental functionality change" speculations apply here. + +In 2022 commit 022dbab, we made an exception for 4xx CONNECT errors as +folks deploying newer code started complaining about cache_peers getting +blamed for client-caused errors (e.g., HTTP 403 Forbidden replies). We +did not realize that the blaming code itself was an unwanted accident. + +Now we are getting complaints about cache_peers getting blamed for 502 +and 503 CONNECT errors caused by, for example, domain names without IPs: +As these CONNECT error responses are propagated from parent to child +caches, every child cache in the chain logs ERRORs and every cache_peer +in the chain gets its health counter decreased! +--- + src/CachePeer.cc | 11 +---------- + src/CachePeer.h | 12 +++++------- + src/HappyConnOpener.cc | 2 +- + src/PeerPoolMgr.cc | 2 +- + src/clients/HttpTunneler.cc | 10 ++++++---- + src/clients/HttpTunneler.h | 2 +- + src/neighbors.cc | 2 +- + src/security/BlindPeerConnector.cc | 2 +- + src/security/PeerConnector.cc | 8 ++++---- + src/security/PeerConnector.h | 2 +- + src/tests/stub_libsecurity.cc | 2 +- + 11 files changed, 23 insertions(+), 32 deletions(-) + +diff --git a/src/CachePeer.cc b/src/CachePeer.cc +index a5c3adf..91045ef 100644 +--- a/src/CachePeer.cc ++++ b/src/CachePeer.cc +@@ -68,20 +68,11 @@ CachePeer::noteSuccess() + } + } + +-void +-CachePeer::noteFailure(const Http::StatusCode code) +-{ +- if (Http::Is4xx(code)) +- return; // this failure is not our fault +- +- countFailure(); +-} +- + // TODO: Require callers to detail failures instead of using one (and often + // misleading!) "connection failed" phrase for all of them. + /// noteFailure() helper for handling failures attributed to this peer + void +-CachePeer::countFailure() ++CachePeer::noteFailure() + { + stats.last_connect_failure = squid_curtime; + if (tcp_up > 0) +diff --git a/src/CachePeer.h b/src/CachePeer.h +index 5b13e29..14e40ff 100644 +--- a/src/CachePeer.h ++++ b/src/CachePeer.h +@@ -38,9 +38,8 @@ public: + /// reacts to a successful establishment of a connection to this cache_peer + void noteSuccess(); + +- /// reacts to a failure on a connection to this cache_peer +- /// \param code a received response status code, if any +- void noteFailure(Http::StatusCode code); ++ /// reacts to a failed attempt to establish a connection to this cache_peer ++ void noteFailure(); + + /// (re)configure cache_peer name=value + void rename(const char *); +@@ -238,14 +237,13 @@ NoteOutgoingConnectionSuccess(CachePeer * const peer) + peer->noteSuccess(); + } + +-/// reacts to a failure on a connection to an origin server or cache_peer ++/// reacts to a failed attempt to establish a connection to an origin server or cache_peer + /// \param peer nil if the connection is to an origin server +-/// \param code a received response status code, if any + inline void +-NoteOutgoingConnectionFailure(CachePeer * const peer, const Http::StatusCode code) ++NoteOutgoingConnectionFailure(CachePeer * const peer) + { + if (peer) +- peer->noteFailure(code); ++ peer->noteFailure(); + } + + /// identify the given cache peer in cache.log messages and such +diff --git a/src/HappyConnOpener.cc b/src/HappyConnOpener.cc +index 5ab9294..5e17a76 100644 +--- a/src/HappyConnOpener.cc ++++ b/src/HappyConnOpener.cc +@@ -638,7 +638,7 @@ HappyConnOpener::handleConnOpenerAnswer(Attempt &attempt, const CommConnectCbPar + lastError = makeError(ERR_CONNECT_FAIL); + lastError->xerrno = params.xerrno; + +- NoteOutgoingConnectionFailure(params.conn->getPeer(), lastError->httpStatus); ++ NoteOutgoingConnectionFailure(params.conn->getPeer()); + + if (spareWaiting) + updateSpareWaitAfterPrimeFailure(); +diff --git a/src/PeerPoolMgr.cc b/src/PeerPoolMgr.cc +index 9cb038e..6fb5b09 100644 +--- a/src/PeerPoolMgr.cc ++++ b/src/PeerPoolMgr.cc +@@ -86,7 +86,7 @@ PeerPoolMgr::handleOpenedConnection(const CommConnectCbParams ¶ms) + } + + if (params.flag != Comm::OK) { +- NoteOutgoingConnectionFailure(peer, Http::scNone); ++ NoteOutgoingConnectionFailure(peer); + checkpoint("conn opening failure"); // may retry + return; + } +diff --git a/src/clients/HttpTunneler.cc b/src/clients/HttpTunneler.cc +index 2fbc3fb..a6e49db 100644 +--- a/src/clients/HttpTunneler.cc ++++ b/src/clients/HttpTunneler.cc +@@ -90,7 +90,7 @@ Http::Tunneler::handleConnectionClosure(const CommCloseCbParams &) + { + closer = nullptr; + if (connection) { +- countFailingConnection(nullptr); ++ countFailingConnection(); + connection->noteClosure(); + connection = nullptr; + } +@@ -355,7 +355,7 @@ Http::Tunneler::bailWith(ErrorState *error) + + if (const auto failingConnection = connection) { + // TODO: Reuse to-peer connections after a CONNECT error response. +- countFailingConnection(error); ++ countFailingConnection(); + disconnect(); + failingConnection->close(); + } +@@ -374,10 +374,12 @@ Http::Tunneler::sendSuccess() + } + + void +-Http::Tunneler::countFailingConnection(const ErrorState * const error) ++Http::Tunneler::countFailingConnection() + { + assert(connection); +- NoteOutgoingConnectionFailure(connection->getPeer(), error ? error->httpStatus : Http::scNone); ++ // No NoteOutgoingConnectionFailure(connection->getPeer()) call here because ++ // we do not blame cache_peer for CONNECT failures (on top of a successfully ++ // established connection to that cache_peer). + if (noteFwdPconnUse && connection->isOpen()) + fwdPconnPool->noteUses(fd_table[connection->fd].pconn.uses); + } +diff --git a/src/clients/HttpTunneler.h b/src/clients/HttpTunneler.h +index 7886f09..596efcf 100644 +--- a/src/clients/HttpTunneler.h ++++ b/src/clients/HttpTunneler.h +@@ -80,7 +80,7 @@ private: + void disconnect(); + + /// updates connection usage history before the connection is closed +- void countFailingConnection(const ErrorState *); ++ void countFailingConnection(); + + AsyncCall::Pointer writer; ///< called when the request has been written + AsyncCall::Pointer reader; ///< called when the response should be read +diff --git a/src/neighbors.cc b/src/neighbors.cc +index 04b69c1..75f56c9 100644 +--- a/src/neighbors.cc ++++ b/src/neighbors.cc +@@ -1320,7 +1320,7 @@ peerProbeConnectDone(const Comm::ConnectionPointer &conn, Comm::Flag status, int + if (status == Comm::OK) + p->noteSuccess(); + else +- p->noteFailure(Http::scNone); ++ p->noteFailure(); + + -- p->testing_now; + conn->close(); +diff --git a/src/security/BlindPeerConnector.cc b/src/security/BlindPeerConnector.cc +index b9e5659..4c37f34 100644 +--- a/src/security/BlindPeerConnector.cc ++++ b/src/security/BlindPeerConnector.cc +@@ -76,7 +76,7 @@ Security::BlindPeerConnector::noteNegotiationDone(ErrorState *error) + // based on TCP results, SSL results, or both. And the code is probably not + // consistent in this aspect across tunnelling and forwarding modules. + if (peer && peer->secure.encryptTransport) +- peer->noteFailure(error->httpStatus); ++ peer->noteFailure(); + return; + } + +diff --git a/src/security/PeerConnector.cc b/src/security/PeerConnector.cc +index d458f99..d0131a1 100644 +--- a/src/security/PeerConnector.cc ++++ b/src/security/PeerConnector.cc +@@ -115,7 +115,7 @@ Security::PeerConnector::commCloseHandler(const CommCloseCbParams ¶ms) + err->detailError(d); + + if (serverConn) { +- countFailingConnection(err); ++ countFailingConnection(); + serverConn->noteClosure(); + serverConn = nullptr; + } +@@ -507,7 +507,7 @@ Security::PeerConnector::bail(ErrorState *error) + answer().error = error; + + if (const auto failingConnection = serverConn) { +- countFailingConnection(error); ++ countFailingConnection(); + disconnect(); + failingConnection->close(); + } +@@ -525,10 +525,10 @@ Security::PeerConnector::sendSuccess() + } + + void +-Security::PeerConnector::countFailingConnection(const ErrorState * const error) ++Security::PeerConnector::countFailingConnection() + { + assert(serverConn); +- NoteOutgoingConnectionFailure(serverConn->getPeer(), error ? error->httpStatus : Http::scNone); ++ NoteOutgoingConnectionFailure(serverConn->getPeer()); + // TODO: Calling PconnPool::noteUses() should not be our responsibility. + if (noteFwdPconnUse && serverConn->isOpen()) + fwdPconnPool->noteUses(fd_table[serverConn->fd].pconn.uses); +diff --git a/src/security/PeerConnector.h b/src/security/PeerConnector.h +index a1d5ef9..401df06 100644 +--- a/src/security/PeerConnector.h ++++ b/src/security/PeerConnector.h +@@ -150,7 +150,7 @@ protected: + void disconnect(); + + /// updates connection usage history before the connection is closed +- void countFailingConnection(const ErrorState *); ++ void countFailingConnection(); + + /// If called the certificates validator will not used + void bypassCertValidator() {useCertValidator_ = false;} +diff --git a/src/tests/stub_libsecurity.cc b/src/tests/stub_libsecurity.cc +index 6bd6204..b513a22 100644 +--- a/src/tests/stub_libsecurity.cc ++++ b/src/tests/stub_libsecurity.cc +@@ -97,7 +97,7 @@ void PeerConnector::bail(ErrorState *) STUB + void PeerConnector::sendSuccess() STUB + void PeerConnector::callBack() STUB + void PeerConnector::disconnect() STUB +-void PeerConnector::countFailingConnection(const ErrorState *) STUB ++void PeerConnector::countFailingConnection() STUB + void PeerConnector::recordNegotiationDetails() STUB + EncryptorAnswer &PeerConnector::answer() STUB_RETREF(EncryptorAnswer) + } diff --git a/squid.spec b/squid.spec index dbdcc3a..fea08a9 100644 --- a/squid.spec +++ b/squid.spec @@ -3,7 +3,7 @@ Name: squid Version: 6.13 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -26,7 +26,12 @@ Source98: perl-requires-squid.sh # Upstream patches # Backported patches -# Patch101: patch +# Upstream PR: https://github.com/squid-cache/squid/pull/1442 +Patch101: squid-6.1-crash-half-closed.patch +# Upstream PR: https://github.com/squid-cache/squid/pull/1914 +Patch102: squid-6.11-ignore-wsp-after-chunk-size.patch +# Upstream commit: https://github.com/squid-cache/squid/commit/022dbabd89249f839d1861aa87c1ab9e1a008a47 +Patch103: squid-6.13-cache-peer-connect-errors.patch # Local patches # Applying upstream patches first makes it less likely that local patches @@ -37,10 +42,6 @@ Patch203: squid-6.1-perlpath.patch # revert this upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=1936422 # workaround for #1934919 Patch204: squid-6.1-symlink-lang-err.patch -# Upstream PR: https://github.com/squid-cache/squid/pull/1442 -Patch205: squid-6.1-crash-half-closed.patch -# Upstream PR: https://github.com/squid-cache/squid/pull/1914 -Patch206: squid-6.11-ignore-wsp-after-chunk-size.patch # cache_swap.sh Requires: bash gawk @@ -315,6 +316,9 @@ fi %changelog +* Wed Mar 12 2025 Luboš Uhliarik - 7:6.13-2 +- Do not blame cache_peer for 4xx CONNECT responses + * Tue Feb 04 2025 Luboš Uhliarik - 7:6.13-1 - new version 6.13 From 383c43dd7bcf46924ab261bf4a0937745a2e356e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Mon, 21 Jul 2025 19:36:11 +0200 Subject: [PATCH 118/124] new version 6.14 --- sources | 4 ++-- squid-6.1-perlpath.patch | 2 +- squid.spec | 7 +++++-- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/sources b/sources index 83d969f..02e8a81 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-6.13.tar.xz) = a67276a7eb38d00271962b67bff7f08e760db73bc6b0f94ab71297d520405033df65ebb0b38ee5db02bd6c00d81cd600b60d918fe7fff64e06255deaf78f00c1 -SHA512 (squid-6.13.tar.xz.asc) = 66d8d657793ca3bd20e4a728dc0d3568fac078334d57f3105bb67f1c6fbc5e89e21b757f38048f2361b670938ff350d1afd956ba3dfa5d55dfb54d13e4620fc9 +SHA512 (squid-6.14.tar.xz) = 5905060ae8d70128516c26cf379ed5b434c02525efe0e17ac56d4e060af7542b4a7a41ac3eca5ba5a00867791aed18ed5ed0e247b18a376e1ae7bc13039782f5 +SHA512 (squid-6.14.tar.xz.asc) = 5cc102787796db1cf4c71e9e21d3462becdd869eb72cd69a5c4ca74f60628a98a5543aabe7a0d0bc74c99a62bae0678d3ae6eab9dfe0e4dfb9c063678005f2e3 SHA512 (pgp.asc) = b1e1dd5ead34711f064a12a324b2f156ad4835330d861eae4032926b8a6cd07c0eacc76f52518d47ed5a8ead4695f5abd02f2b4190af8e7833bd3ea31453569d diff --git a/squid-6.1-perlpath.patch b/squid-6.1-perlpath.patch index 7539001..8bfdbdf 100644 --- a/squid-6.1-perlpath.patch +++ b/squid-6.1-perlpath.patch @@ -6,5 +6,5 @@ index e965e9e..ed5ffcb 100755 -#!/usr/local/bin/perl -Tw +#!/usr/bin/perl -Tw # - # * Copyright (C) 1996-2024 The Squid Software Foundation and contributors + # * Copyright (C) 1996-2025 The Squid Software Foundation and contributors # * diff --git a/squid.spec b/squid.spec index fea08a9..5c4ee42 100644 --- a/squid.spec +++ b/squid.spec @@ -2,8 +2,8 @@ %define version_underscore %(echo %{version} | tr '.' '_') Name: squid -Version: 6.13 -Release: 2%{?dist} +Version: 6.14 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -316,6 +316,9 @@ fi %changelog +* Mon Jul 21 2025 Luboš Uhliarik - 7:6.14-1 +- new version 6.14 + * Wed Mar 12 2025 Luboš Uhliarik - 7:6.13-2 - Do not blame cache_peer for 4xx CONNECT responses From fea9e4c688052db60dc2833d2786c511f44d6b29 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 25 Jul 2025 18:41:07 +0000 Subject: [PATCH 119/124] Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild --- squid.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/squid.spec b/squid.spec index 5c4ee42..352f5a2 100644 --- a/squid.spec +++ b/squid.spec @@ -3,7 +3,7 @@ Name: squid Version: 6.14 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -316,6 +316,9 @@ fi %changelog +* Fri Jul 25 2025 Fedora Release Engineering - 7:6.14-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + * Mon Jul 21 2025 Luboš Uhliarik - 7:6.14-1 - new version 6.14 From 6e12cc940ee289ffca223c00616510350e50c89f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Thu, 14 Aug 2025 22:29:23 +0200 Subject: [PATCH 120/124] new version 7.1 removed squidclient removed purge removed cachemgr.cgi removed basic_smb_lm_auth and ntlm_smb_lm_auth helpers --- sources | 4 +- squid-6.1-crash-half-closed.patch | 158 -------- squid-6.11-ignore-wsp-after-chunk-size.patch | 367 ------------------- squid-6.13-cache-peer-connect-errors.patch | 287 --------------- squid.spec | 33 +- 5 files changed, 17 insertions(+), 832 deletions(-) delete mode 100644 squid-6.1-crash-half-closed.patch delete mode 100644 squid-6.11-ignore-wsp-after-chunk-size.patch delete mode 100644 squid-6.13-cache-peer-connect-errors.patch diff --git a/sources b/sources index 02e8a81..700eafd 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-6.14.tar.xz) = 5905060ae8d70128516c26cf379ed5b434c02525efe0e17ac56d4e060af7542b4a7a41ac3eca5ba5a00867791aed18ed5ed0e247b18a376e1ae7bc13039782f5 -SHA512 (squid-6.14.tar.xz.asc) = 5cc102787796db1cf4c71e9e21d3462becdd869eb72cd69a5c4ca74f60628a98a5543aabe7a0d0bc74c99a62bae0678d3ae6eab9dfe0e4dfb9c063678005f2e3 +SHA512 (squid-7.1.tar.xz) = f12d4cac78576eecf19193cbb88f374b2d1bf3f480e684008a562bdda55eedae643b1a5766846c04673030ad1e89a608a62f52078312a80a3664fdccfc5f44df +SHA512 (squid-7.1.tar.xz.asc) = 4c7be2b32b7ce6cd1a99fe49c397fcd4d294817f96c4aaf5e66ad8c2de0c51b9debb4c85cf877efce87b1c44c2ebbb795a170859ca38124389b050e9fbaa1ff6 SHA512 (pgp.asc) = b1e1dd5ead34711f064a12a324b2f156ad4835330d861eae4032926b8a6cd07c0eacc76f52518d47ed5a8ead4695f5abd02f2b4190af8e7833bd3ea31453569d diff --git a/squid-6.1-crash-half-closed.patch b/squid-6.1-crash-half-closed.patch deleted file mode 100644 index 901ece2..0000000 --- a/squid-6.1-crash-half-closed.patch +++ /dev/null @@ -1,158 +0,0 @@ -diff --git a/src/client_side.cc b/src/client_side.cc -index f488fc4..69586df 100644 ---- a/src/client_side.cc -+++ b/src/client_side.cc -@@ -932,7 +932,7 @@ ConnStateData::kick() - * We are done with the response, and we are either still receiving request - * body (early response!) or have already stopped receiving anything. - * -- * If we are still receiving, then clientParseRequest() below will fail. -+ * If we are still receiving, then parseRequests() below will fail. - * (XXX: but then we will call readNextRequest() which may succeed and - * execute a smuggled request as we are not done with the current request). - * -@@ -952,28 +952,12 @@ ConnStateData::kick() - * Attempt to parse a request from the request buffer. - * If we've been fed a pipelined request it may already - * be in our read buffer. -- * -- \par -- * This needs to fall through - if we're unlucky and parse the _last_ request -- * from our read buffer we may never re-register for another client read. - */ - -- if (clientParseRequests()) { -- debugs(33, 3, clientConnection << ": parsed next request from buffer"); -- } -+ parseRequests(); - -- /** \par -- * Either we need to kick-start another read or, if we have -- * a half-closed connection, kill it after the last request. -- * This saves waiting for half-closed connections to finished being -- * half-closed _AND_ then, sometimes, spending "Timeout" time in -- * the keepalive "Waiting for next request" state. -- */ -- if (commIsHalfClosed(clientConnection->fd) && pipeline.empty()) { -- debugs(33, 3, "half-closed client with no pending requests, closing"); -- clientConnection->close(); -+ if (!isOpen()) - return; -- } - - /** \par - * At this point we either have a parsed request (which we've -@@ -1893,16 +1877,11 @@ ConnStateData::receivedFirstByte() - resetReadTimeout(Config.Timeout.request); - } - --/** -- * Attempt to parse one or more requests from the input buffer. -- * Returns true after completing parsing of at least one request [header]. That -- * includes cases where parsing ended with an error (e.g., a huge request). -- */ --bool --ConnStateData::clientParseRequests() -+/// Attempt to parse one or more requests from the input buffer. -+/// May close the connection. -+void -+ConnStateData::parseRequests() - { -- bool parsed_req = false; -- - debugs(33, 5, clientConnection << ": attempting to parse"); - - // Loop while we have read bytes that are not needed for producing the body -@@ -1947,8 +1926,6 @@ ConnStateData::clientParseRequests() - - processParsedRequest(context); - -- parsed_req = true; // XXX: do we really need to parse everything right NOW ? -- - if (context->mayUseConnection()) { - debugs(33, 3, "Not parsing new requests, as this request may need the connection"); - break; -@@ -1961,8 +1938,19 @@ ConnStateData::clientParseRequests() - } - } - -- /* XXX where to 'finish' the parsing pass? */ -- return parsed_req; -+ debugs(33, 7, "buffered leftovers: " << inBuf.length()); -+ -+ if (isOpen() && commIsHalfClosed(clientConnection->fd)) { -+ if (pipeline.empty()) { -+ // we processed what we could parse, and no more data is coming -+ debugs(33, 5, "closing half-closed without parsed requests: " << clientConnection); -+ clientConnection->close(); -+ } else { -+ // we parsed what we could, and no more data is coming -+ debugs(33, 5, "monitoring half-closed while processing parsed requests: " << clientConnection); -+ flags.readMore = false; // may already be false -+ } -+ } - } - - void -@@ -1979,18 +1967,7 @@ ConnStateData::afterClientRead() - if (pipeline.empty()) - fd_note(clientConnection->fd, "Reading next request"); - -- if (!clientParseRequests()) { -- if (!isOpen()) -- return; -- // We may get here if the client half-closed after sending a partial -- // request. See doClientRead() and shouldCloseOnEof(). -- // XXX: This partially duplicates ConnStateData::kick(). -- if (pipeline.empty() && commIsHalfClosed(clientConnection->fd)) { -- debugs(33, 5, clientConnection << ": half-closed connection, no completed request parsed, connection closing."); -- clientConnection->close(); -- return; -- } -- } -+ parseRequests(); - - if (!isOpen()) - return; -@@ -3775,7 +3752,7 @@ ConnStateData::notePinnedConnectionBecameIdle(PinnedIdleContext pic) - startPinnedConnectionMonitoring(); - - if (pipeline.empty()) -- kick(); // in case clientParseRequests() was blocked by a busy pic.connection -+ kick(); // in case parseRequests() was blocked by a busy pic.connection - } - - /// Forward future client requests using the given server connection. -diff --git a/src/client_side.h b/src/client_side.h -index 6027b31..60b99b1 100644 ---- a/src/client_side.h -+++ b/src/client_side.h -@@ -98,7 +98,6 @@ public: - void doneWithControlMsg() override; - - /// Traffic parsing -- bool clientParseRequests(); - void readNextRequest(); - - /// try to make progress on a transaction or read more I/O -@@ -443,6 +442,7 @@ private: - - void checkLogging(); - -+ void parseRequests(); - void clientAfterReadingRequests(); - bool concurrentRequestQueueFilled() const; - -diff --git a/src/tests/stub_client_side.cc b/src/tests/stub_client_side.cc -index 8c160e5..f49d5dc 100644 ---- a/src/tests/stub_client_side.cc -+++ b/src/tests/stub_client_side.cc -@@ -14,7 +14,7 @@ - #include "tests/STUB.h" - - #include "client_side.h" --bool ConnStateData::clientParseRequests() STUB_RETVAL(false) -+void ConnStateData::parseRequests() STUB - void ConnStateData::readNextRequest() STUB - bool ConnStateData::isOpen() const STUB_RETVAL(false) - void ConnStateData::kick() STUB diff --git a/squid-6.11-ignore-wsp-after-chunk-size.patch b/squid-6.11-ignore-wsp-after-chunk-size.patch deleted file mode 100644 index ea4025f..0000000 --- a/squid-6.11-ignore-wsp-after-chunk-size.patch +++ /dev/null @@ -1,367 +0,0 @@ -From 8d0ee420a4d91ac7fd97316338f1e28b4b060cbf Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= -Date: Thu, 10 Oct 2024 19:26:27 +0200 -Subject: [PATCH 1/6] Ignore whitespace chars after chunk-size - -Previously (before #1498 change), squid was accepting TE-chunked replies -with whitespaces after chunk-size and missing chunk-ext data. After - -It turned out that replies with such whitespace chars are pretty -common and other webservers which can act as forward proxies (e.g. -nginx, httpd...) are accepting them. - -This change will allow to proxy chunked responses from origin server, -which had whitespaces inbetween chunk-size and CRLF. ---- - src/http/one/TeChunkedParser.cc | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/http/one/TeChunkedParser.cc b/src/http/one/TeChunkedParser.cc -index 9cce10fdc91..04753395e16 100644 ---- a/src/http/one/TeChunkedParser.cc -+++ b/src/http/one/TeChunkedParser.cc -@@ -125,6 +125,7 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok) - // Code becomes much simpler when incremental parsing functions throw on - // bad or insufficient input, like in the code below. TODO: Expand up. - try { -+ tok.skipAll(CharacterSet::WSP); // Some servers send SP/TAB after chunk-size - parseChunkExtensions(tok); // a possibly empty chunk-ext list - tok.skipRequired("CRLF after [chunk-ext]", Http1::CrLf()); - buf_ = tok.remaining(); - -From 9c8d35f899035fa06021ab3fe6919f892c2f0c6b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= -Date: Fri, 11 Oct 2024 02:06:31 +0200 -Subject: [PATCH 2/6] Added new argument to Http::One::ParseBws() - -Depending on new wsp_only argument in ParseBws() it will be decided -which set of whitespaces characters will be parsed. If wsp_only is set -to true, only SP and HTAB chars will be parsed. - -Also optimized number of ParseBws calls. ---- - src/http/one/Parser.cc | 4 ++-- - src/http/one/Parser.h | 3 ++- - src/http/one/TeChunkedParser.cc | 13 +++++++++---- - src/http/one/TeChunkedParser.h | 2 +- - 4 files changed, 14 insertions(+), 8 deletions(-) - -diff --git a/src/http/one/Parser.cc b/src/http/one/Parser.cc -index b1908316a0b..01d7e3bc0e8 100644 ---- a/src/http/one/Parser.cc -+++ b/src/http/one/Parser.cc -@@ -273,9 +273,9 @@ Http::One::ErrorLevel() - - // BWS = *( SP / HTAB ) ; WhitespaceCharacters() may relax this RFC 7230 rule - void --Http::One::ParseBws(Parser::Tokenizer &tok) -+Http::One::ParseBws(Parser::Tokenizer &tok, const bool wsp_only) - { -- const auto count = tok.skipAll(Parser::WhitespaceCharacters()); -+ const auto count = tok.skipAll(wsp_only ? CharacterSet::WSP : Parser::WhitespaceCharacters()); - - if (tok.atEnd()) - throw InsufficientInput(); // even if count is positive -diff --git a/src/http/one/Parser.h b/src/http/one/Parser.h -index d9a0ac8c273..08200371cd6 100644 ---- a/src/http/one/Parser.h -+++ b/src/http/one/Parser.h -@@ -163,8 +163,9 @@ class Parser : public RefCountable - }; - - /// skips and, if needed, warns about RFC 7230 BWS ("bad" whitespace) -+/// \param wsp_only force skipping of whitespaces only, don't consider skipping relaxed delimeter chars - /// \throws InsufficientInput when the end of BWS cannot be confirmed --void ParseBws(Parser::Tokenizer &); -+void ParseBws(Parser::Tokenizer &, const bool wsp_only = false); - - /// the right debugs() level for logging HTTP violation messages - int ErrorLevel(); -diff --git a/src/http/one/TeChunkedParser.cc b/src/http/one/TeChunkedParser.cc -index 04753395e16..41e1e5ddaea 100644 ---- a/src/http/one/TeChunkedParser.cc -+++ b/src/http/one/TeChunkedParser.cc -@@ -125,8 +125,11 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok) - // Code becomes much simpler when incremental parsing functions throw on - // bad or insufficient input, like in the code below. TODO: Expand up. - try { -- tok.skipAll(CharacterSet::WSP); // Some servers send SP/TAB after chunk-size -- parseChunkExtensions(tok); // a possibly empty chunk-ext list -+ // A possibly empty chunk-ext list. If no chunk-ext has been found, -+ // try to skip trailing BWS, because some servers send "chunk-size BWS CRLF". -+ if (!parseChunkExtensions(tok)) -+ ParseBws(tok, true); -+ - tok.skipRequired("CRLF after [chunk-ext]", Http1::CrLf()); - buf_ = tok.remaining(); - parsingStage_ = theChunkSize ? Http1::HTTP_PARSE_CHUNK : Http1::HTTP_PARSE_MIME; -@@ -140,20 +143,22 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok) - - /// Parses the chunk-ext list (RFC 9112 section 7.1.1: - /// chunk-ext = *( BWS ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] ) --void -+bool - Http::One::TeChunkedParser::parseChunkExtensions(Tokenizer &callerTok) - { -+ bool foundChunkExt = false; - do { - auto tok = callerTok; - - ParseBws(tok); // Bug 4492: IBM_HTTP_Server sends SP after chunk-size - - if (!tok.skip(';')) -- return; // reached the end of extensions (if any) -+ return foundChunkExt; // reached the end of extensions (if any) - - parseOneChunkExtension(tok); - buf_ = tok.remaining(); // got one extension - callerTok = tok; -+ foundChunkExt = true; - } while (true); - } - -diff --git a/src/http/one/TeChunkedParser.h b/src/http/one/TeChunkedParser.h -index 02eacd1bb89..8c5d4bb4cba 100644 ---- a/src/http/one/TeChunkedParser.h -+++ b/src/http/one/TeChunkedParser.h -@@ -71,7 +71,7 @@ class TeChunkedParser : public Http1::Parser - private: - bool parseChunkSize(Tokenizer &tok); - bool parseChunkMetadataSuffix(Tokenizer &); -- void parseChunkExtensions(Tokenizer &); -+ bool parseChunkExtensions(Tokenizer &); - void parseOneChunkExtension(Tokenizer &); - bool parseChunkBody(Tokenizer &tok); - bool parseChunkEnd(Tokenizer &tok); - -From 81e67f97f9c386bdd0bb4a5e182395c46adb70ad Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= -Date: Fri, 11 Oct 2024 02:44:33 +0200 -Subject: [PATCH 3/6] Fix typo in Parser.h - ---- - src/http/one/Parser.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/http/one/Parser.h b/src/http/one/Parser.h -index 08200371cd6..3ef4c5f7752 100644 ---- a/src/http/one/Parser.h -+++ b/src/http/one/Parser.h -@@ -163,7 +163,7 @@ class Parser : public RefCountable - }; - - /// skips and, if needed, warns about RFC 7230 BWS ("bad" whitespace) --/// \param wsp_only force skipping of whitespaces only, don't consider skipping relaxed delimeter chars -+/// \param wsp_only force skipping of whitespaces only, don't consider skipping relaxed delimiter chars - /// \throws InsufficientInput when the end of BWS cannot be confirmed - void ParseBws(Parser::Tokenizer &, const bool wsp_only = false); - - -From a0d4fe1794e605f8299a5c118c758a807453f016 Mon Sep 17 00:00:00 2001 -From: Alex Rousskov -Date: Thu, 10 Oct 2024 22:39:42 -0400 -Subject: [PATCH 4/6] Bug 5449 is a regression of Bug 4492! - -Both bugs deal with "chunk-size SP+ CRLF" use cases. Bug 4492 had _two_ -spaces after chunk-size, which answers one of the PR review questions: -Should we skip just one space? No, we should not. - -The lines moved around in many commits, but I believe this regression -was introduced in commit 951013d0 because that commit stopped consuming -partially parsed chunk-ext sequences. That consumption was wrong, but it -had a positive side effect -- fixing Bug 4492... ---- - src/http/one/TeChunkedParser.cc | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/http/one/TeChunkedParser.cc b/src/http/one/TeChunkedParser.cc -index 41e1e5ddaea..aa4a840fdcf 100644 ---- a/src/http/one/TeChunkedParser.cc -+++ b/src/http/one/TeChunkedParser.cc -@@ -125,10 +125,10 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok) - // Code becomes much simpler when incremental parsing functions throw on - // bad or insufficient input, like in the code below. TODO: Expand up. - try { -- // A possibly empty chunk-ext list. If no chunk-ext has been found, -- // try to skip trailing BWS, because some servers send "chunk-size BWS CRLF". -- if (!parseChunkExtensions(tok)) -- ParseBws(tok, true); -+ // Bug 4492: IBM_HTTP_Server sends SP after chunk-size -+ ParseBws(tok, true); -+ -+ parseChunkExtensions(tok); - - tok.skipRequired("CRLF after [chunk-ext]", Http1::CrLf()); - buf_ = tok.remaining(); -@@ -150,7 +150,7 @@ Http::One::TeChunkedParser::parseChunkExtensions(Tokenizer &callerTok) - do { - auto tok = callerTok; - -- ParseBws(tok); // Bug 4492: IBM_HTTP_Server sends SP after chunk-size -+ ParseBws(tok); - - if (!tok.skip(';')) - return foundChunkExt; // reached the end of extensions (if any) - -From f837f5ff61301a17008f16ce1fb793c2abf19786 Mon Sep 17 00:00:00 2001 -From: Alex Rousskov -Date: Thu, 10 Oct 2024 23:06:42 -0400 -Subject: [PATCH 5/6] fixup: Fewer conditionals/ifs and more explicit spelling - -... to draw code reader attention when something unusual is going on. ---- - src/http/one/Parser.cc | 22 ++++++++++++++++++---- - src/http/one/Parser.h | 10 ++++++++-- - src/http/one/TeChunkedParser.cc | 14 ++++++-------- - src/http/one/TeChunkedParser.h | 2 +- - 4 files changed, 33 insertions(+), 15 deletions(-) - -diff --git a/src/http/one/Parser.cc b/src/http/one/Parser.cc -index 01d7e3bc0e8..d3937e5e96b 100644 ---- a/src/http/one/Parser.cc -+++ b/src/http/one/Parser.cc -@@ -271,11 +271,12 @@ Http::One::ErrorLevel() - return Config.onoff.relaxed_header_parser < 0 ? DBG_IMPORTANT : 5; - } - --// BWS = *( SP / HTAB ) ; WhitespaceCharacters() may relax this RFC 7230 rule --void --Http::One::ParseBws(Parser::Tokenizer &tok, const bool wsp_only) -+/// common part of ParseBws() and ParseStrctBws() -+namespace Http::One { -+static void -+ParseBws_(Parser::Tokenizer &tok, const CharacterSet &bwsChars) - { -- const auto count = tok.skipAll(wsp_only ? CharacterSet::WSP : Parser::WhitespaceCharacters()); -+ const auto count = tok.skipAll(bwsChars); - - if (tok.atEnd()) - throw InsufficientInput(); // even if count is positive -@@ -290,4 +291,17 @@ Http::One::ParseBws(Parser::Tokenizer &tok, const bool wsp_only) - - // success: no more BWS characters expected - } -+} // namespace Http::One -+ -+void -+Http::One::ParseBws(Parser::Tokenizer &tok) -+{ -+ ParseBws_(tok, CharacterSet::WSP); -+} -+ -+void -+Http::One::ParseStrictBws(Parser::Tokenizer &tok) -+{ -+ ParseBws_(tok, Parser::WhitespaceCharacters()); -+} - -diff --git a/src/http/one/Parser.h b/src/http/one/Parser.h -index 3ef4c5f7752..49e399de546 100644 ---- a/src/http/one/Parser.h -+++ b/src/http/one/Parser.h -@@ -163,9 +163,15 @@ class Parser : public RefCountable - }; - - /// skips and, if needed, warns about RFC 7230 BWS ("bad" whitespace) --/// \param wsp_only force skipping of whitespaces only, don't consider skipping relaxed delimiter chars - /// \throws InsufficientInput when the end of BWS cannot be confirmed --void ParseBws(Parser::Tokenizer &, const bool wsp_only = false); -+/// \sa WhitespaceCharacters() for the definition of BWS characters -+/// \sa ParseStrictBws() that avoids WhitespaceCharacters() uncertainties -+void ParseBws(Parser::Tokenizer &); -+ -+/// Like ParseBws() but only skips CharacterSet::WSP characters. This variation -+/// must be used if the next element may start with CR or any other character -+/// from RelaxedDelimiterCharacters(). -+void ParseStrictBws(Parser::Tokenizer &); - - /// the right debugs() level for logging HTTP violation messages - int ErrorLevel(); -diff --git a/src/http/one/TeChunkedParser.cc b/src/http/one/TeChunkedParser.cc -index aa4a840fdcf..859471b8c77 100644 ---- a/src/http/one/TeChunkedParser.cc -+++ b/src/http/one/TeChunkedParser.cc -@@ -125,11 +125,11 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok) - // Code becomes much simpler when incremental parsing functions throw on - // bad or insufficient input, like in the code below. TODO: Expand up. - try { -- // Bug 4492: IBM_HTTP_Server sends SP after chunk-size -- ParseBws(tok, true); -- -- parseChunkExtensions(tok); -+ // Bug 4492: IBM_HTTP_Server sends SP after chunk-size. -+ // No ParseBws() here because it may consume CR required further below. -+ ParseStrictBws(tok); - -+ parseChunkExtensions(tok); // a possibly empty chunk-ext list - tok.skipRequired("CRLF after [chunk-ext]", Http1::CrLf()); - buf_ = tok.remaining(); - parsingStage_ = theChunkSize ? Http1::HTTP_PARSE_CHUNK : Http1::HTTP_PARSE_MIME; -@@ -143,22 +143,20 @@ Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok) - - /// Parses the chunk-ext list (RFC 9112 section 7.1.1: - /// chunk-ext = *( BWS ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] ) --bool -+void - Http::One::TeChunkedParser::parseChunkExtensions(Tokenizer &callerTok) - { -- bool foundChunkExt = false; - do { - auto tok = callerTok; - - ParseBws(tok); - - if (!tok.skip(';')) -- return foundChunkExt; // reached the end of extensions (if any) -+ return; // reached the end of extensions (if any) - - parseOneChunkExtension(tok); - buf_ = tok.remaining(); // got one extension - callerTok = tok; -- foundChunkExt = true; - } while (true); - } - -diff --git a/src/http/one/TeChunkedParser.h b/src/http/one/TeChunkedParser.h -index 8c5d4bb4cba..02eacd1bb89 100644 ---- a/src/http/one/TeChunkedParser.h -+++ b/src/http/one/TeChunkedParser.h -@@ -71,7 +71,7 @@ class TeChunkedParser : public Http1::Parser - private: - bool parseChunkSize(Tokenizer &tok); - bool parseChunkMetadataSuffix(Tokenizer &); -- bool parseChunkExtensions(Tokenizer &); -+ void parseChunkExtensions(Tokenizer &); - void parseOneChunkExtension(Tokenizer &); - bool parseChunkBody(Tokenizer &tok); - bool parseChunkEnd(Tokenizer &tok); - -From f79936a234e722adb2dd08f31cf6019d81ee712c Mon Sep 17 00:00:00 2001 -From: Alex Rousskov -Date: Thu, 10 Oct 2024 23:31:08 -0400 -Subject: [PATCH 6/6] fixup: Deadly typo - ---- - src/http/one/Parser.cc | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/http/one/Parser.cc b/src/http/one/Parser.cc -index d3937e5e96b..7403a9163a2 100644 ---- a/src/http/one/Parser.cc -+++ b/src/http/one/Parser.cc -@@ -296,12 +296,12 @@ ParseBws_(Parser::Tokenizer &tok, const CharacterSet &bwsChars) - void - Http::One::ParseBws(Parser::Tokenizer &tok) - { -- ParseBws_(tok, CharacterSet::WSP); -+ ParseBws_(tok, Parser::WhitespaceCharacters()); - } - - void - Http::One::ParseStrictBws(Parser::Tokenizer &tok) - { -- ParseBws_(tok, Parser::WhitespaceCharacters()); -+ ParseBws_(tok, CharacterSet::WSP); - } - - diff --git a/squid-6.13-cache-peer-connect-errors.patch b/squid-6.13-cache-peer-connect-errors.patch deleted file mode 100644 index 339d9ec..0000000 --- a/squid-6.13-cache-peer-connect-errors.patch +++ /dev/null @@ -1,287 +0,0 @@ -From 2e7dea3cedd3ef2f071dee82867c4147f17376dd Mon Sep 17 00:00:00 2001 -From: Alex Rousskov -Date: Tue, 2 Apr 2024 20:37:31 +0000 -Subject: [PATCH] Do not blame cache_peer for CONNECT errors (#1772) - - ERROR: Connection to [such-and-such-cache_peer] failed - TCP_TUNNEL/503 CONNECT nxdomain.test:443 FIRSTUP_PARENT - -Squid does not alert an admin about (and decrease health level of) a -cache_peer that responded with an error to a GET request. Just like GET -responses from a cache_peer, CONNECT responses may (and often do!) -reflect client or origin server failures. We should not penalize -cache_peers (and alert admins) until we can distinguish these frequent -client/origin failures from (relatively rare) cache_peer problems. This -change absolves cache_peers of CONNECT problems, restoring parity with -GETs and restoring v4 behavior changed (probably by accident) in v5. - -Also removed Http::StatusCode parameter from failure notification -functions because it became essentially unused after the primary -Http::Tunneler changes. Tunneler was the only source of status code -information that (in some cases) used received HTTP response to compute -that status code. All other cases extracted that status code from -Squid-generated errors. Those errors were arguably never meant to supply -status code information for "this failure is not our fault" decision, -and they do not supply 4xx status codes driving that decision. - -### Problem evolution - -2019 commit f5e1794 effectively started blaming cache_peer for all -FwdState CONNECT errors. That functionality change was probably -accidental, likely influenced by the names of noteConnectFailure() and -peerConnectFailed() functions that abbreviated "Connection", making the -functions look as applicable to CONNECT failures. Prior to that commit, -the functions were never used for CONNECT errors. After it, FwdState -started calling peerConnectFailed() for all CONNECT failures. - -In 2020 commit 25b0ce4, TunnelStateData started blaming cache_peers as -well (by moving that FwdState-only error handling code into Tunneler). -The same "accidental functionality change" speculations apply here. - -In 2022 commit 022dbab, we made an exception for 4xx CONNECT errors as -folks deploying newer code started complaining about cache_peers getting -blamed for client-caused errors (e.g., HTTP 403 Forbidden replies). We -did not realize that the blaming code itself was an unwanted accident. - -Now we are getting complaints about cache_peers getting blamed for 502 -and 503 CONNECT errors caused by, for example, domain names without IPs: -As these CONNECT error responses are propagated from parent to child -caches, every child cache in the chain logs ERRORs and every cache_peer -in the chain gets its health counter decreased! ---- - src/CachePeer.cc | 11 +---------- - src/CachePeer.h | 12 +++++------- - src/HappyConnOpener.cc | 2 +- - src/PeerPoolMgr.cc | 2 +- - src/clients/HttpTunneler.cc | 10 ++++++---- - src/clients/HttpTunneler.h | 2 +- - src/neighbors.cc | 2 +- - src/security/BlindPeerConnector.cc | 2 +- - src/security/PeerConnector.cc | 8 ++++---- - src/security/PeerConnector.h | 2 +- - src/tests/stub_libsecurity.cc | 2 +- - 11 files changed, 23 insertions(+), 32 deletions(-) - -diff --git a/src/CachePeer.cc b/src/CachePeer.cc -index a5c3adf..91045ef 100644 ---- a/src/CachePeer.cc -+++ b/src/CachePeer.cc -@@ -68,20 +68,11 @@ CachePeer::noteSuccess() - } - } - --void --CachePeer::noteFailure(const Http::StatusCode code) --{ -- if (Http::Is4xx(code)) -- return; // this failure is not our fault -- -- countFailure(); --} -- - // TODO: Require callers to detail failures instead of using one (and often - // misleading!) "connection failed" phrase for all of them. - /// noteFailure() helper for handling failures attributed to this peer - void --CachePeer::countFailure() -+CachePeer::noteFailure() - { - stats.last_connect_failure = squid_curtime; - if (tcp_up > 0) -diff --git a/src/CachePeer.h b/src/CachePeer.h -index 5b13e29..14e40ff 100644 ---- a/src/CachePeer.h -+++ b/src/CachePeer.h -@@ -38,9 +38,8 @@ public: - /// reacts to a successful establishment of a connection to this cache_peer - void noteSuccess(); - -- /// reacts to a failure on a connection to this cache_peer -- /// \param code a received response status code, if any -- void noteFailure(Http::StatusCode code); -+ /// reacts to a failed attempt to establish a connection to this cache_peer -+ void noteFailure(); - - /// (re)configure cache_peer name=value - void rename(const char *); -@@ -238,14 +237,13 @@ NoteOutgoingConnectionSuccess(CachePeer * const peer) - peer->noteSuccess(); - } - --/// reacts to a failure on a connection to an origin server or cache_peer -+/// reacts to a failed attempt to establish a connection to an origin server or cache_peer - /// \param peer nil if the connection is to an origin server --/// \param code a received response status code, if any - inline void --NoteOutgoingConnectionFailure(CachePeer * const peer, const Http::StatusCode code) -+NoteOutgoingConnectionFailure(CachePeer * const peer) - { - if (peer) -- peer->noteFailure(code); -+ peer->noteFailure(); - } - - /// identify the given cache peer in cache.log messages and such -diff --git a/src/HappyConnOpener.cc b/src/HappyConnOpener.cc -index 5ab9294..5e17a76 100644 ---- a/src/HappyConnOpener.cc -+++ b/src/HappyConnOpener.cc -@@ -638,7 +638,7 @@ HappyConnOpener::handleConnOpenerAnswer(Attempt &attempt, const CommConnectCbPar - lastError = makeError(ERR_CONNECT_FAIL); - lastError->xerrno = params.xerrno; - -- NoteOutgoingConnectionFailure(params.conn->getPeer(), lastError->httpStatus); -+ NoteOutgoingConnectionFailure(params.conn->getPeer()); - - if (spareWaiting) - updateSpareWaitAfterPrimeFailure(); -diff --git a/src/PeerPoolMgr.cc b/src/PeerPoolMgr.cc -index 9cb038e..6fb5b09 100644 ---- a/src/PeerPoolMgr.cc -+++ b/src/PeerPoolMgr.cc -@@ -86,7 +86,7 @@ PeerPoolMgr::handleOpenedConnection(const CommConnectCbParams ¶ms) - } - - if (params.flag != Comm::OK) { -- NoteOutgoingConnectionFailure(peer, Http::scNone); -+ NoteOutgoingConnectionFailure(peer); - checkpoint("conn opening failure"); // may retry - return; - } -diff --git a/src/clients/HttpTunneler.cc b/src/clients/HttpTunneler.cc -index 2fbc3fb..a6e49db 100644 ---- a/src/clients/HttpTunneler.cc -+++ b/src/clients/HttpTunneler.cc -@@ -90,7 +90,7 @@ Http::Tunneler::handleConnectionClosure(const CommCloseCbParams &) - { - closer = nullptr; - if (connection) { -- countFailingConnection(nullptr); -+ countFailingConnection(); - connection->noteClosure(); - connection = nullptr; - } -@@ -355,7 +355,7 @@ Http::Tunneler::bailWith(ErrorState *error) - - if (const auto failingConnection = connection) { - // TODO: Reuse to-peer connections after a CONNECT error response. -- countFailingConnection(error); -+ countFailingConnection(); - disconnect(); - failingConnection->close(); - } -@@ -374,10 +374,12 @@ Http::Tunneler::sendSuccess() - } - - void --Http::Tunneler::countFailingConnection(const ErrorState * const error) -+Http::Tunneler::countFailingConnection() - { - assert(connection); -- NoteOutgoingConnectionFailure(connection->getPeer(), error ? error->httpStatus : Http::scNone); -+ // No NoteOutgoingConnectionFailure(connection->getPeer()) call here because -+ // we do not blame cache_peer for CONNECT failures (on top of a successfully -+ // established connection to that cache_peer). - if (noteFwdPconnUse && connection->isOpen()) - fwdPconnPool->noteUses(fd_table[connection->fd].pconn.uses); - } -diff --git a/src/clients/HttpTunneler.h b/src/clients/HttpTunneler.h -index 7886f09..596efcf 100644 ---- a/src/clients/HttpTunneler.h -+++ b/src/clients/HttpTunneler.h -@@ -80,7 +80,7 @@ private: - void disconnect(); - - /// updates connection usage history before the connection is closed -- void countFailingConnection(const ErrorState *); -+ void countFailingConnection(); - - AsyncCall::Pointer writer; ///< called when the request has been written - AsyncCall::Pointer reader; ///< called when the response should be read -diff --git a/src/neighbors.cc b/src/neighbors.cc -index 04b69c1..75f56c9 100644 ---- a/src/neighbors.cc -+++ b/src/neighbors.cc -@@ -1320,7 +1320,7 @@ peerProbeConnectDone(const Comm::ConnectionPointer &conn, Comm::Flag status, int - if (status == Comm::OK) - p->noteSuccess(); - else -- p->noteFailure(Http::scNone); -+ p->noteFailure(); - - -- p->testing_now; - conn->close(); -diff --git a/src/security/BlindPeerConnector.cc b/src/security/BlindPeerConnector.cc -index b9e5659..4c37f34 100644 ---- a/src/security/BlindPeerConnector.cc -+++ b/src/security/BlindPeerConnector.cc -@@ -76,7 +76,7 @@ Security::BlindPeerConnector::noteNegotiationDone(ErrorState *error) - // based on TCP results, SSL results, or both. And the code is probably not - // consistent in this aspect across tunnelling and forwarding modules. - if (peer && peer->secure.encryptTransport) -- peer->noteFailure(error->httpStatus); -+ peer->noteFailure(); - return; - } - -diff --git a/src/security/PeerConnector.cc b/src/security/PeerConnector.cc -index d458f99..d0131a1 100644 ---- a/src/security/PeerConnector.cc -+++ b/src/security/PeerConnector.cc -@@ -115,7 +115,7 @@ Security::PeerConnector::commCloseHandler(const CommCloseCbParams ¶ms) - err->detailError(d); - - if (serverConn) { -- countFailingConnection(err); -+ countFailingConnection(); - serverConn->noteClosure(); - serverConn = nullptr; - } -@@ -507,7 +507,7 @@ Security::PeerConnector::bail(ErrorState *error) - answer().error = error; - - if (const auto failingConnection = serverConn) { -- countFailingConnection(error); -+ countFailingConnection(); - disconnect(); - failingConnection->close(); - } -@@ -525,10 +525,10 @@ Security::PeerConnector::sendSuccess() - } - - void --Security::PeerConnector::countFailingConnection(const ErrorState * const error) -+Security::PeerConnector::countFailingConnection() - { - assert(serverConn); -- NoteOutgoingConnectionFailure(serverConn->getPeer(), error ? error->httpStatus : Http::scNone); -+ NoteOutgoingConnectionFailure(serverConn->getPeer()); - // TODO: Calling PconnPool::noteUses() should not be our responsibility. - if (noteFwdPconnUse && serverConn->isOpen()) - fwdPconnPool->noteUses(fd_table[serverConn->fd].pconn.uses); -diff --git a/src/security/PeerConnector.h b/src/security/PeerConnector.h -index a1d5ef9..401df06 100644 ---- a/src/security/PeerConnector.h -+++ b/src/security/PeerConnector.h -@@ -150,7 +150,7 @@ protected: - void disconnect(); - - /// updates connection usage history before the connection is closed -- void countFailingConnection(const ErrorState *); -+ void countFailingConnection(); - - /// If called the certificates validator will not used - void bypassCertValidator() {useCertValidator_ = false;} -diff --git a/src/tests/stub_libsecurity.cc b/src/tests/stub_libsecurity.cc -index 6bd6204..b513a22 100644 ---- a/src/tests/stub_libsecurity.cc -+++ b/src/tests/stub_libsecurity.cc -@@ -97,7 +97,7 @@ void PeerConnector::bail(ErrorState *) STUB - void PeerConnector::sendSuccess() STUB - void PeerConnector::callBack() STUB - void PeerConnector::disconnect() STUB --void PeerConnector::countFailingConnection(const ErrorState *) STUB -+void PeerConnector::countFailingConnection() STUB - void PeerConnector::recordNegotiationDetails() STUB - EncryptorAnswer &PeerConnector::answer() STUB_RETREF(EncryptorAnswer) - } diff --git a/squid.spec b/squid.spec index 352f5a2..bf7b2f2 100644 --- a/squid.spec +++ b/squid.spec @@ -2,8 +2,8 @@ %define version_underscore %(echo %{version} | tr '.' '_') Name: squid -Version: 6.14 -Release: 2%{?dist} +Version: 7.1 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -26,12 +26,7 @@ Source98: perl-requires-squid.sh # Upstream patches # Backported patches -# Upstream PR: https://github.com/squid-cache/squid/pull/1442 -Patch101: squid-6.1-crash-half-closed.patch -# Upstream PR: https://github.com/squid-cache/squid/pull/1914 -Patch102: squid-6.11-ignore-wsp-after-chunk-size.patch -# Upstream commit: https://github.com/squid-cache/squid/commit/022dbabd89249f839d1861aa87c1ab9e1a008a47 -Patch103: squid-6.13-cache-peer-connect-errors.patch +# Patch101: squid-7.1-.....patch # Local patches # Applying upstream patches first makes it less likely that local patches @@ -119,8 +114,8 @@ sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented --enable-eui \ --enable-follow-x-forwarded-for \ --enable-auth \ - --enable-auth-basic="DB,fake,getpwnam,LDAP,NCSA,PAM,POP3,RADIUS,SASL,SMB,SMB_LM" \ - --enable-auth-ntlm="SMB_LM,fake" \ + --enable-auth-basic="DB,fake,getpwnam,LDAP,NCSA,PAM,POP3,RADIUS,SASL,SMB" \ + --enable-auth-ntlm="fake" \ --enable-auth-digest="file,LDAP" \ --enable-auth-negotiate="kerberos" \ --enable-external-acl-helpers="LDAP_group,time_quota,session,unix_group,wbinfo_group,kerberos_ldap_group" \ @@ -156,9 +151,9 @@ sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented --enable-translation # workaround to build squid v5 -mkdir -p src/icmp/tests -mkdir -p tools/squidclient/tests -mkdir -p tools/tests +#mkdir -p src/icmp/tests +#mkdir -p tools/squidclient/tests +#mkdir -p tools/tests %make_build @@ -229,7 +224,6 @@ install -p -D -m 0644 %{SOURCE9} %{buildroot}%{_sysusersdir}/squid.conf %config(noreplace) %attr(644,root,root) %{_sysconfdir}/httpd/conf.d/squid.conf %config(noreplace) %attr(640,root,squid) %{_sysconfdir}/squid/squid.conf -%config(noreplace) %attr(644,root,squid) %{_sysconfdir}/squid/cachemgr.conf %config(noreplace) %{_sysconfdir}/squid/mime.conf %config(noreplace) %{_sysconfdir}/squid/errorpage.css %config(noreplace) %{_sysconfdir}/sysconfig/squid @@ -237,7 +231,6 @@ install -p -D -m 0644 %{SOURCE9} %{buildroot}%{_sysusersdir}/squid.conf %config %{_sysconfdir}/squid/squid.conf.default %config %{_sysconfdir}/squid/mime.conf.default %config %{_sysconfdir}/squid/errorpage.css.default -%config %{_sysconfdir}/squid/cachemgr.conf.default %config(noreplace) %{_sysconfdir}/pam.d/squid %config(noreplace) %{_sysconfdir}/logrotate.d/squid @@ -246,10 +239,7 @@ install -p -D -m 0644 %{SOURCE9} %{buildroot}%{_sysusersdir}/squid.conf %{_prefix}/lib/NetworkManager %{_datadir}/squid/icons %{_sbindir}/squid -%{_bindir}/squidclient -%{_bindir}/purge %{_mandir}/man8/* -%{_mandir}/man1/* %{_libdir}/squid/* %{_datadir}/snmp/mibs/SQUID-MIB.txt %{_sysusersdir}/squid.conf @@ -316,6 +306,13 @@ fi %changelog +* Thu Aug 14 2025 Luboš Uhliarik - 7:7.1-1 +- new version 7.1 +- removed squidclient +- removed purge +- removed cachemgr.cgi +- removed basic_smb_lm_auth and ntlm_smb_lm_auth helpers + * Fri Jul 25 2025 Fedora Release Engineering - 7:6.14-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild From 3b10dff1195943f7da91454604681981c150b47e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Fri, 12 Sep 2025 01:25:20 +0200 Subject: [PATCH 121/124] Support provider keys that require NULL digest --- squid-7.1-provider-keys-digest.patch | 36 ++++++++++++++++++++++++++++ squid.spec | 6 ++++- 2 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 squid-7.1-provider-keys-digest.patch diff --git a/squid-7.1-provider-keys-digest.patch b/squid-7.1-provider-keys-digest.patch new file mode 100644 index 0000000..bd62ea1 --- /dev/null +++ b/squid-7.1-provider-keys-digest.patch @@ -0,0 +1,36 @@ +diff --git a/src/ssl/gadgets.cc b/src/ssl/gadgets.cc +index 09bad6d..59171b7 100644 +--- a/src/ssl/gadgets.cc ++++ b/src/ssl/gadgets.cc +@@ -15,6 +15,19 @@ + #include "security/Io.h" + #include "ssl/gadgets.h" + ++/// whether the given key requires a digest when signing ++static bool ++keyNeedsDigest(const EVP_PKEY * const pkey) { ++ if (EVP_PKEY_is_a(pkey, "ML-DSA-44") || ++ EVP_PKEY_is_a(pkey, "ML-DSA-65") || ++ EVP_PKEY_is_a(pkey, "ML-DSA-87") || ++ EVP_PKEY_is_a(pkey, "ED25519") || ++ EVP_PKEY_is_a(pkey, "ED448")) ++ return false; // no digest needed ++ ++ return true; // require a digest for all other types ++} ++ + void + Ssl::ForgetErrors() + { +@@ -677,9 +690,9 @@ static bool generateFakeSslCertificate(Security::CertPointer & certToStore, Secu + assert(hash); + /*Now sign the request */ + if (properties.signAlgorithm != Ssl::algSignSelf && properties.signWithPkey.get()) +- ret = X509_sign(cert.get(), properties.signWithPkey.get(), hash); ++ ret = X509_sign(cert.get(), properties.signWithPkey.get(), keyNeedsDigest(properties.signWithPkey.get()) ? hash : nullptr); + else //else sign with self key (self signed request) +- ret = X509_sign(cert.get(), pkey.get(), hash); ++ ret = X509_sign(cert.get(), pkey.get(), keyNeedsDigest(pkey.get()) ? hash : nullptr); + + if (!ret) + return false; diff --git a/squid.spec b/squid.spec index bf7b2f2..ec105a4 100644 --- a/squid.spec +++ b/squid.spec @@ -3,7 +3,7 @@ Name: squid Version: 7.1 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -37,6 +37,7 @@ Patch203: squid-6.1-perlpath.patch # revert this upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=1936422 # workaround for #1934919 Patch204: squid-6.1-symlink-lang-err.patch +Patch205: squid-7.1-provider-keys-digest.patch # cache_swap.sh Requires: bash gawk @@ -306,6 +307,9 @@ fi %changelog +* Thu Sep 11 2025 Luboš Uhliarik - 7:7.1-2 +- Support provider keys that require NULL digest + * Thu Aug 14 2025 Luboš Uhliarik - 7:7.1-1 - new version 7.1 - removed squidclient From a70045fc305bb0ab6afd4178e67b35ed38d041b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Wed, 24 Sep 2025 10:05:39 +0200 Subject: [PATCH 122/124] Support provider keys that require NULL digest - use upstream patch --- squid-7.1-provider-keys-digest.patch | 51 ++++++++++++++++++++-------- squid.spec | 4 +-- 2 files changed, 39 insertions(+), 16 deletions(-) diff --git a/squid-7.1-provider-keys-digest.patch b/squid-7.1-provider-keys-digest.patch index bd62ea1..961a506 100644 --- a/squid-7.1-provider-keys-digest.patch +++ b/squid-7.1-provider-keys-digest.patch @@ -1,36 +1,59 @@ diff --git a/src/ssl/gadgets.cc b/src/ssl/gadgets.cc -index 09bad6d..59171b7 100644 +index 1f8ac9d..3f54e3d 100644 --- a/src/ssl/gadgets.cc +++ b/src/ssl/gadgets.cc -@@ -15,6 +15,19 @@ +@@ -13,6 +13,42 @@ #include "security/Io.h" #include "ssl/gadgets.h" -+/// whether the given key requires a digest when signing ++/// whether to supply a digest algorithm name when calling X509_sign() with the given key +static bool -+keyNeedsDigest(const EVP_PKEY * const pkey) { -+ if (EVP_PKEY_is_a(pkey, "ML-DSA-44") || -+ EVP_PKEY_is_a(pkey, "ML-DSA-65") || -+ EVP_PKEY_is_a(pkey, "ML-DSA-87") || -+ EVP_PKEY_is_a(pkey, "ED25519") || -+ EVP_PKEY_is_a(pkey, "ED448")) -+ return false; // no digest needed ++signWithDigest(const Security::PrivateKeyPointer &key) { ++ Assure(key); // TODO: Add and use Security::PrivateKey (here and in caller). ++ const auto pkey = key.get(); + -+ return true; // require a digest for all other types ++ // OpenSSL does not define a maximum name size, but does terminate longer ++ // names without returning an error to the caller. Many similar callers in ++ // OpenSSL sources use 80-byte buffers. ++ char defaultDigestName[80] = ""; ++ const auto nameGetterResult = EVP_PKEY_get_default_digest_name(pkey, defaultDigestName, sizeof(defaultDigestName)); ++ debugs(83, 3, "nameGetterResult=" << nameGetterResult << " defaultDigestName=" << defaultDigestName); ++ if (nameGetterResult <= 0) { ++ debugs(83, 3, "ERROR: EVP_PKEY_get_default_digest_name() failure: " << Ssl::ReportAndForgetErrors); ++ // Backward compatibility: On error, assume digest should be used. ++ // TODO: Return false for -2 nameGetterResult as it "indicates the ++ // operation is not supported by the public key algorithm"? ++ return true; ++ } ++ ++ // The name "UNDEF" signifies that a digest must (for return value 2) or may ++ // (for return value 1) be left unspecified. ++ if (nameGetterResult == 2 && strcmp(defaultDigestName, "UNDEF") == 0) ++ return false; ++ ++ // Defined mandatory algorithms and "may be left unspecified" cases mentioned above. ++ return true; ++} ++ ++/// OpenSSL X509_sign() wrapper ++static auto ++Sign(Security::Certificate &cert, const Security::PrivateKeyPointer &key, const EVP_MD &availableDigest) { ++ const auto digestOrNil = signWithDigest(key) ? &availableDigest : nullptr; ++ return X509_sign(&cert, key.get(), digestOrNil); +} + void Ssl::ForgetErrors() { -@@ -677,9 +690,9 @@ static bool generateFakeSslCertificate(Security::CertPointer & certToStore, Secu +@@ -618,9 +654,9 @@ static bool generateFakeSslCertificate(Security::CertPointer & certToStore, Secu assert(hash); /*Now sign the request */ if (properties.signAlgorithm != Ssl::algSignSelf && properties.signWithPkey.get()) - ret = X509_sign(cert.get(), properties.signWithPkey.get(), hash); -+ ret = X509_sign(cert.get(), properties.signWithPkey.get(), keyNeedsDigest(properties.signWithPkey.get()) ? hash : nullptr); ++ ret = Sign(*cert, properties.signWithPkey, *hash); else //else sign with self key (self signed request) - ret = X509_sign(cert.get(), pkey.get(), hash); -+ ret = X509_sign(cert.get(), pkey.get(), keyNeedsDigest(pkey.get()) ? hash : nullptr); ++ ret = Sign(*cert, pkey, *hash); if (!ret) return false; diff --git a/squid.spec b/squid.spec index ec105a4..1a32214 100644 --- a/squid.spec +++ b/squid.spec @@ -3,7 +3,7 @@ Name: squid Version: 7.1 -Release: 2%{?dist} +Release: 3%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -307,7 +307,7 @@ fi %changelog -* Thu Sep 11 2025 Luboš Uhliarik - 7:7.1-2 +* Thu Sep 11 2025 Luboš Uhliarik - 7:7.1-3 - Support provider keys that require NULL digest * Thu Aug 14 2025 Luboš Uhliarik - 7:7.1-1 From 8c77c2eb9851b794b03226cccaedf594ad0d3615 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Fri, 17 Oct 2025 10:53:46 +0200 Subject: [PATCH 123/124] new version 7.2 --- sources | 4 +- squid-7.1-provider-keys-digest.patch | 59 ---------------------------- squid.spec | 8 ++-- 3 files changed, 7 insertions(+), 64 deletions(-) delete mode 100644 squid-7.1-provider-keys-digest.patch diff --git a/sources b/sources index 700eafd..1a01cad 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-7.1.tar.xz) = f12d4cac78576eecf19193cbb88f374b2d1bf3f480e684008a562bdda55eedae643b1a5766846c04673030ad1e89a608a62f52078312a80a3664fdccfc5f44df -SHA512 (squid-7.1.tar.xz.asc) = 4c7be2b32b7ce6cd1a99fe49c397fcd4d294817f96c4aaf5e66ad8c2de0c51b9debb4c85cf877efce87b1c44c2ebbb795a170859ca38124389b050e9fbaa1ff6 +SHA512 (squid-7.2.tar.xz) = 424c425dde7b399531c9ed5a700ef84bf8e828b1896f0bd037da121e9b4c8ad0fb0c2b8daad1a0a5308269cc5ffbda42e4c1815421c0bdd6a4046d92dcb56fa7 +SHA512 (squid-7.2.tar.xz.asc) = 688dac65470fa27551579046061130c6a4a623070fda56fdb873ca1c6008afbf2c5fe328f2a93135bec3645444b9636137b9ec32fb2c041fdad8924dc91ccf5f SHA512 (pgp.asc) = b1e1dd5ead34711f064a12a324b2f156ad4835330d861eae4032926b8a6cd07c0eacc76f52518d47ed5a8ead4695f5abd02f2b4190af8e7833bd3ea31453569d diff --git a/squid-7.1-provider-keys-digest.patch b/squid-7.1-provider-keys-digest.patch deleted file mode 100644 index 961a506..0000000 --- a/squid-7.1-provider-keys-digest.patch +++ /dev/null @@ -1,59 +0,0 @@ -diff --git a/src/ssl/gadgets.cc b/src/ssl/gadgets.cc -index 1f8ac9d..3f54e3d 100644 ---- a/src/ssl/gadgets.cc -+++ b/src/ssl/gadgets.cc -@@ -13,6 +13,42 @@ - #include "security/Io.h" - #include "ssl/gadgets.h" - -+/// whether to supply a digest algorithm name when calling X509_sign() with the given key -+static bool -+signWithDigest(const Security::PrivateKeyPointer &key) { -+ Assure(key); // TODO: Add and use Security::PrivateKey (here and in caller). -+ const auto pkey = key.get(); -+ -+ // OpenSSL does not define a maximum name size, but does terminate longer -+ // names without returning an error to the caller. Many similar callers in -+ // OpenSSL sources use 80-byte buffers. -+ char defaultDigestName[80] = ""; -+ const auto nameGetterResult = EVP_PKEY_get_default_digest_name(pkey, defaultDigestName, sizeof(defaultDigestName)); -+ debugs(83, 3, "nameGetterResult=" << nameGetterResult << " defaultDigestName=" << defaultDigestName); -+ if (nameGetterResult <= 0) { -+ debugs(83, 3, "ERROR: EVP_PKEY_get_default_digest_name() failure: " << Ssl::ReportAndForgetErrors); -+ // Backward compatibility: On error, assume digest should be used. -+ // TODO: Return false for -2 nameGetterResult as it "indicates the -+ // operation is not supported by the public key algorithm"? -+ return true; -+ } -+ -+ // The name "UNDEF" signifies that a digest must (for return value 2) or may -+ // (for return value 1) be left unspecified. -+ if (nameGetterResult == 2 && strcmp(defaultDigestName, "UNDEF") == 0) -+ return false; -+ -+ // Defined mandatory algorithms and "may be left unspecified" cases mentioned above. -+ return true; -+} -+ -+/// OpenSSL X509_sign() wrapper -+static auto -+Sign(Security::Certificate &cert, const Security::PrivateKeyPointer &key, const EVP_MD &availableDigest) { -+ const auto digestOrNil = signWithDigest(key) ? &availableDigest : nullptr; -+ return X509_sign(&cert, key.get(), digestOrNil); -+} -+ - void - Ssl::ForgetErrors() - { -@@ -618,9 +654,9 @@ static bool generateFakeSslCertificate(Security::CertPointer & certToStore, Secu - assert(hash); - /*Now sign the request */ - if (properties.signAlgorithm != Ssl::algSignSelf && properties.signWithPkey.get()) -- ret = X509_sign(cert.get(), properties.signWithPkey.get(), hash); -+ ret = Sign(*cert, properties.signWithPkey, *hash); - else //else sign with self key (self signed request) -- ret = X509_sign(cert.get(), pkey.get(), hash); -+ ret = Sign(*cert, pkey, *hash); - - if (!ret) - return false; diff --git a/squid.spec b/squid.spec index 1a32214..5d3f86e 100644 --- a/squid.spec +++ b/squid.spec @@ -2,8 +2,8 @@ %define version_underscore %(echo %{version} | tr '.' '_') Name: squid -Version: 7.1 -Release: 3%{?dist} +Version: 7.2 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -37,7 +37,6 @@ Patch203: squid-6.1-perlpath.patch # revert this upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=1936422 # workaround for #1934919 Patch204: squid-6.1-symlink-lang-err.patch -Patch205: squid-7.1-provider-keys-digest.patch # cache_swap.sh Requires: bash gawk @@ -307,6 +306,9 @@ fi %changelog +* Fri Oct 17 2025 Luboš Uhliarik - 7:7.2-1 +- new version 7.2 + * Thu Sep 11 2025 Luboš Uhliarik - 7:7.1-3 - Support provider keys that require NULL digest From d9e38f92158f83eef6f4a9cf9ddad9931d703413 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Wed, 29 Oct 2025 11:01:53 +0100 Subject: [PATCH 124/124] new version 7.3 --- sources | 4 ++-- squid.spec | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/sources b/sources index 1a01cad..304c790 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-7.2.tar.xz) = 424c425dde7b399531c9ed5a700ef84bf8e828b1896f0bd037da121e9b4c8ad0fb0c2b8daad1a0a5308269cc5ffbda42e4c1815421c0bdd6a4046d92dcb56fa7 -SHA512 (squid-7.2.tar.xz.asc) = 688dac65470fa27551579046061130c6a4a623070fda56fdb873ca1c6008afbf2c5fe328f2a93135bec3645444b9636137b9ec32fb2c041fdad8924dc91ccf5f +SHA512 (squid-7.3.tar.xz) = ad6bbe518d79d079f7fe5d1ee9ae7a3f49b28ba75afdb1f0db16675e1e4127be2bc30dd246b00576f29e987c08c41dbff50c8227166ae3955c460ff837a89e2b +SHA512 (squid-7.3.tar.xz.asc) = c6774627e0408d1feed5a00489ca95467f001261b201b82c3ab9c450856fe5ad27e50d43db7a2afe2aaff88930981f783315a1b764cac5619543852e93338273 SHA512 (pgp.asc) = b1e1dd5ead34711f064a12a324b2f156ad4835330d861eae4032926b8a6cd07c0eacc76f52518d47ed5a8ead4695f5abd02f2b4190af8e7833bd3ea31453569d diff --git a/squid.spec b/squid.spec index 5d3f86e..84d079b 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ %define version_underscore %(echo %{version} | tr '.' '_') Name: squid -Version: 7.2 +Version: 7.3 Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 @@ -306,6 +306,9 @@ fi %changelog +* Wed Oct 29 2025 Luboš Uhliarik - 7:7.3-1 +- new version 7.3 + * Fri Oct 17 2025 Luboš Uhliarik - 7:7.2-1 - new version 7.2