diff --git a/.fmf/version b/.fmf/version deleted file mode 100644 index d00491f..0000000 --- a/.fmf/version +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/.gitignore b/.gitignore index e16a3d0..c2dc451 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ /*.asc -/*.xz \ No newline at end of file +/*.xz diff --git a/cache_swap.sh b/cache_swap.sh index 89f3478..77d06ac 100644 --- a/cache_swap.sh +++ b/cache_swap.sh @@ -17,8 +17,5 @@ done if [ $init_cache_dirs -ne 0 ]; then echo "" - if ! squid --foreground -z -f "$SQUID_CONF" >> /var/log/squid/squid.out 2>&1; then - echo "init_cache_dir failed, see /var/log/squid/squid.out for more information" - exit 1 - fi + squid --foreground -z -f "$SQUID_CONF" >> /var/log/squid/squid.out 2>&1 fi diff --git a/gating.yaml b/gating.yaml deleted file mode 100644 index d2f0c2e..0000000 --- a/gating.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- !Policy -product_versions: - - fedora-* -decision_contexts: [bodhi_update_push_testing] -subject_type: koji_build -rules: - - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} - -#gating rawhide ---- !Policy -product_versions: - - fedora-* -decision_contexts: [bodhi_update_push_stable] -subject_type: koji_build -rules: - - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} diff --git a/plans/all.fmf b/plans/all.fmf deleted file mode 100644 index cdfc481..0000000 --- a/plans/all.fmf +++ /dev/null @@ -1,6 +0,0 @@ -summary: Test plan with all beakerlib tests -discover: - how: fmf - url: https://src.fedoraproject.org/tests/squid.git -execute: - how: tmt diff --git a/sources b/sources index 304c790..44e9f71 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-7.3.tar.xz) = ad6bbe518d79d079f7fe5d1ee9ae7a3f49b28ba75afdb1f0db16675e1e4127be2bc30dd246b00576f29e987c08c41dbff50c8227166ae3955c460ff837a89e2b -SHA512 (squid-7.3.tar.xz.asc) = c6774627e0408d1feed5a00489ca95467f001261b201b82c3ab9c450856fe5ad27e50d43db7a2afe2aaff88930981f783315a1b764cac5619543852e93338273 -SHA512 (pgp.asc) = b1e1dd5ead34711f064a12a324b2f156ad4835330d861eae4032926b8a6cd07c0eacc76f52518d47ed5a8ead4695f5abd02f2b4190af8e7833bd3ea31453569d +SHA512 (squid-4.14.tar.xz) = 3509caea9e10ea54547eeb769a21f0ca4d37e39a063953821fc51d588b22facfa183d0a48be9ab15831ee646e031079b515c75162515b8a4e7c708df2d41958b +SHA512 (squid-4.14.tar.xz.asc) = a556e5f20e25e598375e3a6d8a300a1e35b29c89b8125f31d3fb16f1f59f538548f7f2e7424f06fc957e330cca8f16e0efe534a4772699454cd1778a82d4647d +SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 diff --git a/squid-6.1-perlpath.patch b/squid-3.0.STABLE1-perlpath.patch similarity index 69% rename from squid-6.1-perlpath.patch rename to squid-3.0.STABLE1-perlpath.patch index 8bfdbdf..9cb5e81 100644 --- a/squid-6.1-perlpath.patch +++ b/squid-3.0.STABLE1-perlpath.patch @@ -1,10 +1,10 @@ diff --git a/contrib/url-normalizer.pl b/contrib/url-normalizer.pl -index e965e9e..ed5ffcb 100755 +index 4cb0480..4b89910 100755 --- a/contrib/url-normalizer.pl +++ b/contrib/url-normalizer.pl @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl -Tw +#!/usr/bin/perl -Tw # - # * Copyright (C) 1996-2025 The Squid Software Foundation and contributors + # * Copyright (C) 1996-2021 The Squid Software Foundation and contributors # * diff --git a/squid-6.1-location.patch b/squid-3.1.0.9-location.patch similarity index 100% rename from squid-6.1-location.patch rename to squid-3.1.0.9-location.patch diff --git a/squid-3.5.9-include-guards.patch b/squid-3.5.9-include-guards.patch new file mode 100644 index 0000000..e2d4ff9 --- /dev/null +++ b/squid-3.5.9-include-guards.patch @@ -0,0 +1,95 @@ +------------------------------------------------------------ +revno: 14311 +revision-id: squid3@treenet.co.nz-20150924130537-lqwzd1z99a3l9gt4 +parent: squid3@treenet.co.nz-20150924032241-6cx3g6hwz9xfoybr +------------------------------------------------------------ +revno: 14311 +revision-id: squid3@treenet.co.nz-20150924130537-lqwzd1z99a3l9gt4 +parent: squid3@treenet.co.nz-20150924032241-6cx3g6hwz9xfoybr +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4323 +author: Francesco Chemolli +committer: Amos Jeffries +branch nick: trunk +timestamp: Thu 2015-09-24 06:05:37 -0700 +message: + Bug 4323: Netfilter broken cross-includes with Linux 4.2 +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20150924130537-lqwzd1z99a3l9gt4 +# target_branch: http://bzr.squid-cache.org/bzr/squid3/trunk/ +# testament_sha1: c67cfca81040f3845d7c4caf2f40518511f14d0b +# timestamp: 2015-09-24 13:06:33 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/trunk +# base_revision_id: squid3@treenet.co.nz-20150924032241-\ +# 6cx3g6hwz9xfoybr +# +# Begin patch +=== modified file 'compat/os/linux.h' +--- compat/os/linux.h 2015-01-13 07:25:36 +0000 ++++ compat/os/linux.h 2015-09-24 13:05:37 +0000 +@@ -30,6 +30,21 @@ + #endif + + /* ++ * Netfilter header madness. (see Bug 4323) ++ * ++ * Netfilter have a history of defining their own versions of network protocol ++ * primitives without sufficient protection against the POSIX defines which are ++ * aways present in Linux. ++ * ++ * netinet/in.h must be included before any other sys header in order to properly ++ * activate include guards in the kernel maintainers added ++ * to workaround it. ++ */ ++#if HAVE_NETINET_IN_H ++#include ++#endif ++ ++/* + * sys/capability.h is only needed in Linux apparently. + * + * HACK: LIBCAP_BROKEN Ugly glue to get around linux header madness colliding with glibc +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4323 +author: Francesco Chemolli +committer: Amos Jeffries +branch nick: trunk +timestamp: Thu 2015-09-24 06:05:37 -0700 +message: + Bug 4323: Netfilter broken cross-includes with Linux 4.2 +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20150924130537-lqwzd1z99a3l9gt4 +# target_branch: http://bzr.squid-cache.org/bzr/squid3/trunk/ +# testament_sha1: c67cfca81040f3845d7c4caf2f40518511f14d0b +# timestamp: 2015-09-24 13:06:33 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/trunk +# base_revision_id: squid3@treenet.co.nz-20150924032241-\ +# 6cx3g6hwz9xfoybr +# +# Begin patch +=== modified file 'compat/os/linux.h' +--- compat/os/linux.h 2015-01-13 07:25:36 +0000 ++++ compat/os/linux.h 2015-09-24 13:05:37 +0000 +@@ -30,6 +30,21 @@ + #endif + + /* ++ * Netfilter header madness. (see Bug 4323) ++ * ++ * Netfilter have a history of defining their own versions of network protocol ++ * primitives without sufficient protection against the POSIX defines which are ++ * aways present in Linux. ++ * ++ * netinet/in.h must be included before any other sys header in order to properly ++ * activate include guards in the kernel maintainers added ++ * to workaround it. ++ */ ++#if HAVE_NETINET_IN_H ++#include ++#endif ++ ++/* + * sys/capability.h is only needed in Linux apparently. + * + * HACK: LIBCAP_BROKEN Ugly glue to get around linux header madness colliding with glibc + diff --git a/squid-6.1-config.patch b/squid-4.0.11-config.patch similarity index 61% rename from squid-6.1-config.patch rename to squid-4.0.11-config.patch index 9d2b192..a4faae8 100644 --- a/squid-6.1-config.patch +++ b/squid-4.0.11-config.patch @@ -1,8 +1,7 @@ -diff --git a/src/cf.data.pre b/src/cf.data.pre -index 44aa34d..12225bc 100644 ---- a/src/cf.data.pre -+++ b/src/cf.data.pre -@@ -5453,7 +5453,7 @@ DOC_END +diff -up squid-4.0.11/src/cf.data.pre.config squid-4.0.11/src/cf.data.pre +--- squid-4.0.11/src/cf.data.pre.config 2016-06-09 22:32:57.000000000 +0200 ++++ squid-4.0.11/src/cf.data.pre 2016-07-11 21:08:35.090976840 +0200 +@@ -4658,7 +4658,7 @@ DOC_END NAME: logfile_rotate TYPE: int @@ -11,7 +10,7 @@ index 44aa34d..12225bc 100644 LOC: Config.Log.rotateNumber DOC_START Specifies the default number of logfile rotations to make when you -@@ -7447,11 +7447,11 @@ COMMENT_END +@@ -6444,11 +6444,11 @@ COMMENT_END NAME: cache_mgr TYPE: string diff --git a/squid-4.0.21-large-acl.patch b/squid-4.0.21-large-acl.patch new file mode 100644 index 0000000..8aacf38 --- /dev/null +++ b/squid-4.0.21-large-acl.patch @@ -0,0 +1,178 @@ +diff --git a/src/acl/RegexData.cc b/src/acl/RegexData.cc +index 01a4c12..b5c1679 100644 +--- a/src/acl/RegexData.cc ++++ b/src/acl/RegexData.cc +@@ -22,6 +22,7 @@ + #include "ConfigParser.h" + #include "Debug.h" + #include "sbuf/List.h" ++#include "sbuf/Algorithms.h" + + ACLRegexData::~ACLRegexData() + { +@@ -129,6 +130,18 @@ compileRE(std::list &curlist, const char * RE, int flags) + return true; + } + ++static bool ++compileRE(std::list &curlist, const SBufList &RE, int flags) ++{ ++ if (RE.empty()) ++ return curlist.empty(); // XXX: old code did this. It looks wrong. ++ SBuf regexp; ++ static const SBuf openparen("("), closeparen(")"), separator(")|("); ++ JoinContainerIntoSBuf(regexp, RE.begin(), RE.end(), separator, openparen, ++ closeparen); ++ return compileRE(curlist, regexp.c_str(), flags); ++} ++ + /** Compose and compile one large RE from a set of (small) REs. + * The ultimate goal is to have only one RE per ACL so that match() is + * called only once per ACL. +@@ -137,16 +150,11 @@ static int + compileOptimisedREs(std::list &curlist, const SBufList &sl) + { + std::list newlist; +- int numREs = 0; ++ SBufList accumulatedRE; ++ int numREs = 0, reSize = 0; + int flags = REG_EXTENDED | REG_NOSUB; +- int largeREindex = 0; +- char largeRE[BUFSIZ]; +- *largeRE = 0; + + for (const SBuf & configurationLineWord : sl) { +- int RElen; +- RElen = configurationLineWord.length(); +- + static const SBuf minus_i("-i"); + static const SBuf plus_i("+i"); + if (configurationLineWord == minus_i) { +@@ -155,10 +163,11 @@ compileOptimisedREs(std::list &curlist, const SBufList &sl) + debugs(28, 2, "optimisation of -i ... -i" ); + } else { + debugs(28, 2, "-i" ); +- if (!compileRE(newlist, largeRE, flags)) ++ if (!compileRE(newlist, accumulatedRE, flags)) + return 0; + flags |= REG_ICASE; +- largeRE[largeREindex=0] = '\0'; ++ accumulatedRE.clear(); ++ reSize = 0; + } + } else if (configurationLineWord == plus_i) { + if ((flags & REG_ICASE) == 0) { +@@ -166,37 +175,34 @@ compileOptimisedREs(std::list &curlist, const SBufList &sl) + debugs(28, 2, "optimisation of +i ... +i"); + } else { + debugs(28, 2, "+i"); +- if (!compileRE(newlist, largeRE, flags)) ++ if (!compileRE(newlist, accumulatedRE, flags)) + return 0; + flags &= ~REG_ICASE; +- largeRE[largeREindex=0] = '\0'; ++ accumulatedRE.clear(); ++ reSize = 0; + } +- } else if (RElen + largeREindex + 3 < BUFSIZ-1) { ++ } else if (reSize < 1024) { + debugs(28, 2, "adding RE '" << configurationLineWord << "'"); +- if (largeREindex > 0) { +- largeRE[largeREindex] = '|'; +- ++largeREindex; +- } +- largeRE[largeREindex] = '('; +- ++largeREindex; +- configurationLineWord.copy(largeRE+largeREindex, BUFSIZ-largeREindex); +- largeREindex += configurationLineWord.length(); +- largeRE[largeREindex] = ')'; +- ++largeREindex; +- largeRE[largeREindex] = '\0'; ++ accumulatedRE.push_back(configurationLineWord); + ++numREs; ++ reSize += configurationLineWord.length(); + } else { + debugs(28, 2, "buffer full, generating new optimised RE..." ); +- if (!compileRE(newlist, largeRE, flags)) ++ accumulatedRE.push_back(configurationLineWord); ++ if (!compileRE(newlist, accumulatedRE, flags)) + return 0; +- largeRE[largeREindex=0] = '\0'; ++ accumulatedRE.clear(); ++ reSize = 0; + continue; /* do the loop again to add the RE to largeRE */ + } + } + +- if (!compileRE(newlist, largeRE, flags)) ++ if (!compileRE(newlist, accumulatedRE, flags)) + return 0; + ++ accumulatedRE.clear(); ++ reSize = 0; ++ + /* all was successful, so put the new list at the tail */ + curlist.splice(curlist.end(), newlist); + +diff --git a/src/sbuf/Algorithms.h b/src/sbuf/Algorithms.h +index 21ee889..338e9c0 100644 +--- a/src/sbuf/Algorithms.h ++++ b/src/sbuf/Algorithms.h +@@ -81,6 +81,57 @@ SBufContainerJoin(const Container &items, const SBuf& separator) + return rv; + } + ++/** Join container of SBufs and append to supplied target ++ * ++ * append to the target SBuf all elements in the [begin,end) range from ++ * an iterable container, prefixed by prefix, separated by separator and ++ * followed by suffix. Prefix and suffix are added also in case of empty ++ * iterable ++ * ++ * \return the modified dest ++ */ ++template ++SBuf& ++JoinContainerIntoSBuf(SBuf &dest, const ContainerIterator &begin, ++ const ContainerIterator &end, const SBuf& separator, ++ const SBuf& prefix = SBuf(), const SBuf& suffix = SBuf()) ++{ ++ if (begin == end) { ++ dest.append(prefix).append(suffix); ++ return dest; ++ } ++ ++ // optimization: pre-calculate needed storage ++ const SBuf::size_type totalContainerSize = ++ std::accumulate(begin, end, 0, SBufAddLength(separator)) + ++ dest.length() + prefix.length() + suffix.length(); ++ SBufReservationRequirements req; ++ req.minSpace = totalContainerSize; ++ dest.reserve(req); ++ ++ auto i = begin; ++ dest.append(prefix); ++ dest.append(*i); ++ ++i; ++ for (; i != end; ++i) ++ dest.append(separator).append(*i); ++ dest.append(suffix); ++ return dest; ++} ++ ++ ++/// convenience wrapper of JoinContainerIntoSBuf with no caller-supplied SBuf ++template ++SBuf ++JoinContainerToSBuf(const ContainerIterator &begin, ++ const ContainerIterator &end, const SBuf& separator, ++ const SBuf& prefix = SBuf(), const SBuf& suffix = SBuf()) ++{ ++ SBuf rv; ++ return JoinContainerIntoSBuf(rv, begin, end, separator, prefix, suffix); ++} ++ ++ + namespace std { + /// default hash functor to support std::unordered_map + template <> diff --git a/squid-6.1-symlink-lang-err.patch b/squid-6.1-symlink-lang-err.patch deleted file mode 100644 index a29274b..0000000 --- a/squid-6.1-symlink-lang-err.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff --git a/errors/aliases b/errors/aliases -index c256106..38c123a 100644 ---- a/errors/aliases -+++ b/errors/aliases -@@ -14,8 +14,7 @@ da da-dk - de de-at de-ch de-de de-li de-lu - el el-gr - en en-au en-bz en-ca en-cn en-gb en-ie en-in en-jm en-nz en-ph en-sg en-tt en-uk en-us en-za en-zw --es es-ar es-bo es-cl es-cu es-co es-do es-ec es-es es-pe es-pr es-py es-us es-uy es-ve es-xl spq --es-mx es-bz es-cr es-gt es-hn es-ni es-pa es-sv -+es es-ar es-bo es-cl es-co es-cr es-do es-ec es-es es-gt es-hn es-mx es-ni es-pa es-pe es-pr es-py es-sv es-us es-uy es-ve es-xl - et et-ee - fa fa-fa fa-ir - fi fi-fi -diff --git a/errors/language.am b/errors/language.am -index a437d17..f2fe463 100644 ---- a/errors/language.am -+++ b/errors/language.am -@@ -19,7 +19,6 @@ LANGUAGE_FILES = \ - de.lang \ - el.lang \ - en.lang \ -- es-mx.lang \ - es.lang \ - et.lang \ - fa.lang \ diff --git a/squid-gcc11.patch b/squid-gcc11.patch new file mode 100644 index 0000000..c87ade5 --- /dev/null +++ b/squid-gcc11.patch @@ -0,0 +1,24 @@ +diff --git a/src/acl/ConnMark.cc b/src/acl/ConnMark.cc +index 1fdae0c..213cf39 100644 +--- a/src/acl/ConnMark.cc ++++ b/src/acl/ConnMark.cc +@@ -15,6 +15,7 @@ + #include "Debug.h" + #include "http/Stream.h" + #include "sbuf/Stream.h" ++#include + + bool + Acl::ConnMark::empty() const +diff --git a/src/security/ServerOptions.cc b/src/security/ServerOptions.cc +index 5cd81ab..3f73892 100644 +--- a/src/security/ServerOptions.cc ++++ b/src/security/ServerOptions.cc +@@ -6,6 +6,7 @@ + * Please see the COPYING and CONTRIBUTORS files for details. + */ + ++#include + #include "squid.h" + #include "anyp/PortCfg.h" + #include "base/Packable.h" diff --git a/squid.service b/squid.service index 09c68cc..6978032 100644 --- a/squid.service +++ b/squid.service @@ -8,14 +8,11 @@ Type=notify LimitNOFILE=16384 PIDFile=/run/squid.pid EnvironmentFile=/etc/sysconfig/squid -ExecStartPre=!/usr/libexec/squid/cache_swap.sh -ExecStart=!/usr/sbin/squid --foreground $SQUID_OPTS -f ${SQUID_CONF} -ExecReload=!/usr/bin/kill -HUP $MAINPID +ExecStartPre=/usr/libexec/squid/cache_swap.sh +ExecStart=/usr/sbin/squid --foreground $SQUID_OPTS -f ${SQUID_CONF} +ExecReload=/usr/bin/kill -HUP $MAINPID KillMode=mixed NotifyAccess=all -User=squid -Group=squid -RuntimeDirectory=squid [Install] WantedBy=multi-user.target diff --git a/squid.spec b/squid.spec index 84d079b..1e48fd8 100644 --- a/squid.spec +++ b/squid.spec @@ -1,17 +1,16 @@ %define __perl_requires %{SOURCE98} -%define version_underscore %(echo %{version} | tr '.' '_') Name: squid -Version: 7.3 +Version: 4.14 Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code -License: GPL-2.0-or-later AND (LGPL-2.0-or-later AND MIT AND BSD-2-Clause AND BSD-3-Clause AND BSD-4-Clause AND BSD-4-Clause-UC AND LicenseRef-Fedora-Public-Domain AND Beerware) +License: GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain) URL: http://www.squid-cache.org -Source0: https://github.com/squid-cache/squid/releases/download/SQUID_%{version_underscore}/squid-%{version}.tar.xz -Source1: https://github.com/squid-cache/squid/releases/download/SQUID_%{version_underscore}/squid-%{version}.tar.xz.asc +Source0: http://www.squid-cache.org/Versions/v4/squid-%{version}.tar.xz +Source1: http://www.squid-cache.org/Versions/v4/squid-%{version}.tar.xz.asc Source2: http://www.squid-cache.org/pgp.asc Source3: squid.logrotate Source4: squid.sysconfig @@ -19,30 +18,31 @@ Source5: squid.pam Source6: squid.nm Source7: squid.service Source8: cache_swap.sh -Source9: squid.sysusers Source98: perl-requires-squid.sh # Upstream patches # Backported patches -# Patch101: squid-7.1-.....patch # Local patches # Applying upstream patches first makes it less likely that local patches # will break upstream ones. -Patch201: squid-6.1-config.patch -Patch202: squid-6.1-location.patch -Patch203: squid-6.1-perlpath.patch -# revert this upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=1936422 -# workaround for #1934919 -Patch204: squid-6.1-symlink-lang-err.patch +Patch201: squid-4.0.11-config.patch +Patch202: squid-3.1.0.9-location.patch +Patch203: squid-3.0.STABLE1-perlpath.patch +Patch204: squid-3.5.9-include-guards.patch +Patch205: squid-4.0.21-large-acl.patch +Patch206: squid-gcc11.patch # cache_swap.sh Requires: bash gawk # for httpd conf file - cachemgr script alias Requires: httpd-filesystem - +Requires(pre): shadow-utils +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd # squid_ldap_auth and other LDAP helpers require OpenLDAP BuildRequires: make BuildRequires: openldap-devel @@ -52,8 +52,10 @@ BuildRequires: pam-devel BuildRequires: openssl-devel # squid_kerb_aut requires Kerberos development libs BuildRequires: krb5-devel -# time_quota requires TrivialDB -BuildRequires: libtdb-devel +# time_quota requires DB +BuildRequires: libdb-devel +# ESI support requires Expat & libxml2 +BuildRequires: expat-devel libxml2-devel # TPROXY requires libcap, and also increases security somewhat BuildRequires: libcap-devel # eCAP support @@ -61,27 +63,24 @@ BuildRequires: libecap-devel #ip_user helper requires BuildRequires: gcc-c++ BuildRequires: libtool libtool-ltdl-devel -BuildRequires: libxcrypt-devel BuildRequires: perl-generators # For test suite BuildRequires: pkgconfig(cppunit) # For verifying downloded src tarball BuildRequires: gnupg2 -# for _unitdir macro +# for _tmpfilesdir and _unitdir macro # see https://docs.fedoraproject.org/en-US/packaging-guidelines/Systemd/#_packaging BuildRequires: systemd-rpm-macros # systemd notify BuildRequires: systemd-devel -%{?systemd_requires} -%{?sysusers_requires_compat} # Old NetworkManager expects the dispatcher scripts in a different place Conflicts: NetworkManager < 1.20 %description Squid is a high-performance proxy caching server for Web clients, -supporting FTP and HTTP data objects. Unlike traditional +supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking @@ -93,14 +92,28 @@ lookup program (dnsserver), a program for retrieving FTP data %prep %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' +%setup -q -%autosetup -p1 +# Upstream patches + +# Backported patches + +# Local patches +%patch201 -p1 -b .config +%patch202 -p1 -b .location +%patch203 -p1 -b .perlpath +%patch204 -p0 -b .include-guards +%patch205 -p1 -b .large_acl +%patch206 -p1 -b .gcc11 # https://bugzilla.redhat.com/show_bug.cgi?id=1679526 # Patch in the vendor documentation and used different location for documentation sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented|' src/squid.8.in %build +# This package fails its testsuite when LTO is enabled. This needs further +# investigation +%define _lto_cflags %{nil} # NIS helper has been removed because of the following bug # https://bugzilla.redhat.com/show_bug.cgi?id=1531540 @@ -114,8 +127,8 @@ sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented --enable-eui \ --enable-follow-x-forwarded-for \ --enable-auth \ - --enable-auth-basic="DB,fake,getpwnam,LDAP,NCSA,PAM,POP3,RADIUS,SASL,SMB" \ - --enable-auth-ntlm="fake" \ + --enable-auth-basic="DB,fake,getpwnam,LDAP,NCSA,PAM,POP3,RADIUS,SASL,SMB,SMB_LM" \ + --enable-auth-ntlm="SMB_LM,fake" \ --enable-auth-digest="file,LDAP" \ --enable-auth-negotiate="kerberos" \ --enable-external-acl-helpers="LDAP_group,time_quota,session,unix_group,wbinfo_group,kerberos_ldap_group" \ @@ -137,7 +150,7 @@ sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented --enable-storeio="aufs,diskd,ufs,rock" \ --enable-diskio \ --enable-wccpv2 \ - --disable-esi \ + --enable-esi \ --enable-ecap \ --with-aio \ --with-default-user="squid" \ @@ -147,13 +160,7 @@ sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented --disable-arch-native \ --disable-security-cert-validators \ --disable-strict-error-checking \ - --with-swapdir=%{_localstatedir}/spool/squid \ - --enable-translation - -# workaround to build squid v5 -#mkdir -p src/icmp/tests -#mkdir -p tools/squidclient/tests -#mkdir -p tools/tests + --with-swapdir=%{_localstatedir}/spool/squid %make_build @@ -194,8 +201,17 @@ install -m 644 $RPM_BUILD_ROOT/squid.httpd.tmp $RPM_BUILD_ROOT%{_sysconfdir}/htt install -m 755 %{SOURCE6} $RPM_BUILD_ROOT%{_prefix}/lib/NetworkManager/dispatcher.d/20-squid mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/squid mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/spool/squid +mkdir -p $RPM_BUILD_ROOT/run/squid chmod 644 contrib/url-normalizer.pl contrib/user-agents.pl +# install /usr/lib/tmpfiles.d/squid.conf +mkdir -p ${RPM_BUILD_ROOT}%{_tmpfilesdir} +cat > ${RPM_BUILD_ROOT}%{_tmpfilesdir}/squid.conf </dev/null 2>&1; then + /usr/sbin/groupadd -g 23 squid +fi + +if ! getent passwd squid >/dev/null 2>&1 ; then + /usr/sbin/useradd -g 23 -u 23 -d /var/spool/squid -r -s /sbin/nologin squid >/dev/null 2>&1 || exit 1 +fi for i in /var/log/squid /var/spool/squid ; do if [ -d $i ] ; then @@ -257,37 +282,6 @@ done exit 0 -%pretrans -p --- temporarilly commented until https://bugzilla.redhat.com/show_bug.cgi?id=1936422 is resolved --- --- previously /usr/share/squid/errors/es-mx was symlink, now it is directory since squid v5 --- see https://docs.fedoraproject.org/en-US/packaging-guidelines/Directory_Replacement/ --- Define the path to the symlink being replaced below. --- --- path = "/usr/share/squid/errors/es-mx" --- st = posix.stat(path) --- if st and st.type == "link" then --- os.remove(path) --- end - --- Due to a bug #447156 -paths = {"/usr/share/squid/errors/zh-cn", "/usr/share/squid/errors/zh-tw"} -for key,path in ipairs(paths) -do - st = posix.stat(path) - if st and st.type == "directory" then - status = os.rename(path, path .. ".rpmmoved") - if not status then - suffix = 0 - while not status do - suffix = suffix + 1 - status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix) - end - os.rename(path, path .. ".rpmmoved") - end - end -end - %post %systemd_post squid.service @@ -306,170 +300,10 @@ fi %changelog -* Wed Oct 29 2025 Luboš Uhliarik - 7:7.3-1 -- new version 7.3 - -* Fri Oct 17 2025 Luboš Uhliarik - 7:7.2-1 -- new version 7.2 - -* Thu Sep 11 2025 Luboš Uhliarik - 7:7.1-3 -- Support provider keys that require NULL digest - -* Thu Aug 14 2025 Luboš Uhliarik - 7:7.1-1 -- new version 7.1 -- removed squidclient -- removed purge -- removed cachemgr.cgi -- removed basic_smb_lm_auth and ntlm_smb_lm_auth helpers - -* Fri Jul 25 2025 Fedora Release Engineering - 7:6.14-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild - -* Mon Jul 21 2025 Luboš Uhliarik - 7:6.14-1 -- new version 6.14 - -* Wed Mar 12 2025 Luboš Uhliarik - 7:6.13-2 -- Do not blame cache_peer for 4xx CONNECT responses - -* Tue Feb 04 2025 Luboš Uhliarik - 7:6.13-1 -- new version 6.13 - -* Sat Feb 01 2025 Björn Esser - 7:6.12-5 -- Add explicit BR: libxcrypt-devel - -* Sun Jan 19 2025 Fedora Release Engineering - 7:6.12-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild - -* Fri Nov 01 2024 Luboš Uhliarik - 7:6.12-3 -- better error handling in cache_swap.sh -- added RuntimeDirectory to systemd service file - -* Fri Nov 01 2024 Luboš Uhliarik - 7:6.12-2 -- Disable ESI support since ESI support has been also removed from squid 7 -- Resolves: CVE-2024-45802 squid: Denial of Service processing ESI - response content - -* Wed Oct 23 2024 Luboš Uhliarik - 7:6.12-1 -- new version 6.12 -- Fix TCP_MISS_ABORTED/100 erros when uploading - -* Fri Oct 11 2024 Luboš Uhliarik - 7:6.11-2 -- ignore SP and HTAB chars after chunk-size - -* Wed Sep 25 2024 Luboš Uhliarik - 7:6.11-1 -- new version 6.11 - -* Sat Jul 20 2024 Fedora Release Engineering - 7:6.10-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild - -* Mon Jul 01 2024 Luboš Uhliarik - 7:6.10-1 -- new version 6.10 -- Resolves: #2294354 - CVE-2024-37894 squid: Out-of-bounds write error may - lead to Denial of Service - -* Tue Apr 16 2024 Luboš Uhliarik - 7:6.9-1 -- Resolves: #2262715 - squid-6.9 is available - -* Sat Mar 09 2024 Luboš Uhliarik - 7:6.8-1 -- new version 6.8 - -* Mon Feb 12 2024 Luboš Uhliarik - 7:6.7-1 -- new version 6.7 -- switch to autosetup -- fix FTBFS when using gcc14 - -* Sat Jan 27 2024 Fedora Release Engineering - 7:6.6-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Wed Dec 13 2023 Yaakov Selkowitz - 7:6.6-1 -- new version 6.6 - -* Tue Nov 07 2023 Luboš Uhliarik - 7:6.5-1 -- new version 6.5 - -* Tue Oct 24 2023 Luboš Uhliarik - 7:6.4-1 -- new version 6.4 - -* Thu Sep 14 2023 Luboš Uhliarik - 7:6.3-2 -- SPDX migration - -* Tue Sep 05 2023 Luboš Uhliarik - 7:6.3-1 -- new version 6.3 - -* Wed Aug 16 2023 Luboš Uhliarik - 7:6.2-1 -- new version 6.2 - -* Fri Aug 04 2023 Luboš Uhliarik - 7:6.1-3 -- Fix "!commHasHalfClosedMonitor(fd)" assertion - -* Sat Jul 22 2023 Fedora Release Engineering - 7:6.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - -* Tue Jul 11 2023 Luboš Uhliarik - 7:6.1-1 -- new version 6.1 - -* Tue May 09 2023 Luboš Uhliarik - 7:5.9-1 -- new version 5.9 - -* Tue Feb 28 2023 Luboš Uhliarik - 7:5.8-1 -- new version 5.8 - -* Sat Jan 21 2023 Fedora Release Engineering - 7:5.7-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild - -* Mon Dec 05 2022 Tomas Korbar - 7:5.7-3 -- Backport adding IP_BIND_ADDRESS_NO_PORT flag to outgoing connections - -* Wed Oct 12 2022 Luboš Uhliarik - 7:5.7-2 -- Provide a sysusers.d file to get user() and group() provides (#2134071) - -* Tue Sep 06 2022 Luboš Uhliarik - 7:5.7-1 -- new version 5.7 - -* Sat Jul 23 2022 Fedora Release Engineering - 7:5.6-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild - -* Mon Jun 27 2022 Luboš Uhliarik - 7:5.6-1 -- new version 5.6 - -* Wed Apr 20 2022 Luboš Uhliarik - 7:5.5-1 -- new version 5.5 -- Resolves: #2053799 - squid-5.5 is available - -* Wed Feb 09 2022 Luboš Uhliarik - 7:5.4-1 -- new version 5.4 - -* Sat Jan 22 2022 Fedora Release Engineering - 7:5.2-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild - -* Tue Oct 05 2021 Luboš Uhliarik - 7:5.2-1 -- new version 5.2 (#2010109) -- Resolves: #1934559 - squid: out-of-bounds read in WCCP protocol - -* Tue Sep 14 2021 Sahana Prasad - 7:5.1-2 -- Rebuilt with OpenSSL 3.0.0 - -* Thu Aug 05 2021 Luboš Uhliarik - 7:5.1-1 -- new version 5.1 - -* Fri Jul 23 2021 Fedora Release Engineering - 7:5.0.6-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - -* Mon May 17 2021 Lubos Uhliarik - 7:5.0.6-1 -- new version 5.0.6 - -* Fri Apr 23 2021 Lubos Uhliarik - 7:5.0.5-4 -- Related: #1934919 - squid update attempts fail with file conflicts - -* Fri Mar 05 2021 Lubos Uhliarik - 7:5.0.5-3 -- Resolves: #1934919 - squid update attempts fail with file conflicts - -* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 7:5.0.5-2 -- Rebuilt for updated systemd-rpm-macros - See https://pagure.io/fesco/issue/2583. - -* Wed Feb 10 2021 Lubos Uhliarik - 7:5.0.5-1 -- new version 5.0.5 +* Wed Mar 31 2021 Lubos Uhliarik - 7:4.14-1 +- new version 4.14 +- Resolves: #1939927 - CVE-2020-25097 squid: improper input validation may allow + a trusted client to perform HTTP Request Smuggling * Wed Jan 27 2021 Fedora Release Engineering - 7:4.13-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild diff --git a/squid.sysusers b/squid.sysusers deleted file mode 100644 index f9cc56b..0000000 --- a/squid.sysusers +++ /dev/null @@ -1,2 +0,0 @@ -g squid 23 - -u squid 23 "Squid proxy user" /var/spool/squid /sbin/nologin