diff --git a/.gitignore b/.gitignore index c2dc451..e16a3d0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ /*.asc -/*.xz +/*.xz \ No newline at end of file diff --git a/cache_swap.sh b/cache_swap.sh index 77d06ac..89f3478 100644 --- a/cache_swap.sh +++ b/cache_swap.sh @@ -17,5 +17,8 @@ done if [ $init_cache_dirs -ne 0 ]; then echo "" - squid --foreground -z -f "$SQUID_CONF" >> /var/log/squid/squid.out 2>&1 + if ! squid --foreground -z -f "$SQUID_CONF" >> /var/log/squid/squid.out 2>&1; then + echo "init_cache_dir failed, see /var/log/squid/squid.out for more information" + exit 1 + fi fi diff --git a/sources b/sources index 65abcc4..304c790 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-5.9.tar.xz) = 7dc366ef6b2a397ca6adec993c05876949de5f5e72a8a4409c9c9c52c42a8a4b37f58e85a171eebd36a166951f6c764176cfebec30019b299abe34a5adc4e5ac -SHA512 (squid-5.9.tar.xz.asc) = e2852d45645effc1a94f3ff13471a6dfc0721b42c9c162c06d7ac8613a46e4e3e580ec2dd8371b93ef68d2d197008398926003c35c4e8468cae2871d740491a0 -SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 +SHA512 (squid-7.3.tar.xz) = ad6bbe518d79d079f7fe5d1ee9ae7a3f49b28ba75afdb1f0db16675e1e4127be2bc30dd246b00576f29e987c08c41dbff50c8227166ae3955c460ff837a89e2b +SHA512 (squid-7.3.tar.xz.asc) = c6774627e0408d1feed5a00489ca95467f001261b201b82c3ab9c450856fe5ad27e50d43db7a2afe2aaff88930981f783315a1b764cac5619543852e93338273 +SHA512 (pgp.asc) = b1e1dd5ead34711f064a12a324b2f156ad4835330d861eae4032926b8a6cd07c0eacc76f52518d47ed5a8ead4695f5abd02f2b4190af8e7833bd3ea31453569d diff --git a/squid-3.5.9-include-guards.patch b/squid-3.5.9-include-guards.patch deleted file mode 100644 index e2d4ff9..0000000 --- a/squid-3.5.9-include-guards.patch +++ /dev/null @@ -1,95 +0,0 @@ ------------------------------------------------------------- -revno: 14311 -revision-id: squid3@treenet.co.nz-20150924130537-lqwzd1z99a3l9gt4 -parent: squid3@treenet.co.nz-20150924032241-6cx3g6hwz9xfoybr ------------------------------------------------------------- -revno: 14311 -revision-id: squid3@treenet.co.nz-20150924130537-lqwzd1z99a3l9gt4 -parent: squid3@treenet.co.nz-20150924032241-6cx3g6hwz9xfoybr -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4323 -author: Francesco Chemolli -committer: Amos Jeffries -branch nick: trunk -timestamp: Thu 2015-09-24 06:05:37 -0700 -message: - Bug 4323: Netfilter broken cross-includes with Linux 4.2 ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20150924130537-lqwzd1z99a3l9gt4 -# target_branch: http://bzr.squid-cache.org/bzr/squid3/trunk/ -# testament_sha1: c67cfca81040f3845d7c4caf2f40518511f14d0b -# timestamp: 2015-09-24 13:06:33 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/trunk -# base_revision_id: squid3@treenet.co.nz-20150924032241-\ -# 6cx3g6hwz9xfoybr -# -# Begin patch -=== modified file 'compat/os/linux.h' ---- compat/os/linux.h 2015-01-13 07:25:36 +0000 -+++ compat/os/linux.h 2015-09-24 13:05:37 +0000 -@@ -30,6 +30,21 @@ - #endif - - /* -+ * Netfilter header madness. (see Bug 4323) -+ * -+ * Netfilter have a history of defining their own versions of network protocol -+ * primitives without sufficient protection against the POSIX defines which are -+ * aways present in Linux. -+ * -+ * netinet/in.h must be included before any other sys header in order to properly -+ * activate include guards in the kernel maintainers added -+ * to workaround it. -+ */ -+#if HAVE_NETINET_IN_H -+#include -+#endif -+ -+/* - * sys/capability.h is only needed in Linux apparently. - * - * HACK: LIBCAP_BROKEN Ugly glue to get around linux header madness colliding with glibc -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4323 -author: Francesco Chemolli -committer: Amos Jeffries -branch nick: trunk -timestamp: Thu 2015-09-24 06:05:37 -0700 -message: - Bug 4323: Netfilter broken cross-includes with Linux 4.2 ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20150924130537-lqwzd1z99a3l9gt4 -# target_branch: http://bzr.squid-cache.org/bzr/squid3/trunk/ -# testament_sha1: c67cfca81040f3845d7c4caf2f40518511f14d0b -# timestamp: 2015-09-24 13:06:33 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/trunk -# base_revision_id: squid3@treenet.co.nz-20150924032241-\ -# 6cx3g6hwz9xfoybr -# -# Begin patch -=== modified file 'compat/os/linux.h' ---- compat/os/linux.h 2015-01-13 07:25:36 +0000 -+++ compat/os/linux.h 2015-09-24 13:05:37 +0000 -@@ -30,6 +30,21 @@ - #endif - - /* -+ * Netfilter header madness. (see Bug 4323) -+ * -+ * Netfilter have a history of defining their own versions of network protocol -+ * primitives without sufficient protection against the POSIX defines which are -+ * aways present in Linux. -+ * -+ * netinet/in.h must be included before any other sys header in order to properly -+ * activate include guards in the kernel maintainers added -+ * to workaround it. -+ */ -+#if HAVE_NETINET_IN_H -+#include -+#endif -+ -+/* - * sys/capability.h is only needed in Linux apparently. - * - * HACK: LIBCAP_BROKEN Ugly glue to get around linux header madness colliding with glibc - diff --git a/squid-5.0.5-build-errors.patch b/squid-5.0.5-build-errors.patch deleted file mode 100644 index 4293d67..0000000 --- a/squid-5.0.5-build-errors.patch +++ /dev/null @@ -1,116 +0,0 @@ -diff --git a/src/Makefile.am b/src/Makefile.am -index 81403a7..5e2a493 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -2477,6 +2477,7 @@ tests_testHttpRequest_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - tests_testHttpRequest_LDFLAGS = $(LIBADD_DL) -@@ -2781,6 +2782,7 @@ tests_testCacheManager_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - tests_testCacheManager_LDFLAGS = $(LIBADD_DL) -@@ -3101,6 +3103,7 @@ tests_testEvent_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - tests_testEvent_LDFLAGS = $(LIBADD_DL) -@@ -3339,6 +3342,7 @@ tests_testEventLoop_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - tests_testEventLoop_LDFLAGS = $(LIBADD_DL) -diff --git a/src/Makefile.in b/src/Makefile.in -index fda6de6..4e047cc 100644 ---- a/src/Makefile.in -+++ b/src/Makefile.in -@@ -4581,6 +4581,7 @@ tests_test_http_range_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - -@@ -4972,6 +4973,7 @@ tests_testHttpRequest_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - -@@ -5274,6 +5276,7 @@ tests_testCacheManager_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - -@@ -5593,6 +5596,7 @@ tests_testEvent_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - -@@ -5832,6 +5836,7 @@ tests_testEventLoop_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - -diff --git a/src/proxyp/Parser.cc b/src/proxyp/Parser.cc -index 328d207..2f358a7 100644 ---- a/src/proxyp/Parser.cc -+++ b/src/proxyp/Parser.cc -@@ -15,6 +15,7 @@ - #include "sbuf/Stream.h" - - #include -+#include - - #if HAVE_SYS_SOCKET_H - #include -diff --git a/src/security/ServerOptions.cc b/src/security/ServerOptions.cc -index e114ed8..22bce84 100644 ---- a/src/security/ServerOptions.cc -+++ b/src/security/ServerOptions.cc -@@ -18,6 +18,7 @@ - #if USE_OPENSSL - #include "compat/openssl.h" - #include "ssl/support.h" -+#include - - #if HAVE_OPENSSL_ERR_H - #include -diff --git a/src/acl/ConnMark.cc b/src/acl/ConnMark.cc -index 1fdae0c..213cf39 100644 ---- a/src/acl/ConnMark.cc -+++ b/src/acl/ConnMark.cc -@@ -15,6 +15,7 @@ - #include "Debug.h" - #include "http/Stream.h" - #include "sbuf/Stream.h" -+#include - - bool - Acl::ConnMark::empty() const diff --git a/squid-5.0.5-symlink-lang-err.patch b/squid-5.0.5-symlink-lang-err.patch deleted file mode 100644 index 45d6fe9..0000000 --- a/squid-5.0.5-symlink-lang-err.patch +++ /dev/null @@ -1,68 +0,0 @@ -From fc01451000eaa5592cd5afbd6aee14e53f7dd2c3 Mon Sep 17 00:00:00 2001 -From: Amos Jeffries -Date: Sun, 18 Oct 2020 20:23:10 +1300 -Subject: [PATCH] Update translations integration - -* Add credits for es-mx translation moderator -* Use es-mx for default of all Spanish (Central America) texts -* Update translation related .am files ---- - doc/manuals/language.am | 2 +- - errors/TRANSLATORS | 1 + - errors/aliases | 3 ++- - errors/language.am | 3 ++- - errors/template.am | 2 +- - 5 files changed, 7 insertions(+), 4 deletions(-) - -diff --git a/doc/manuals/language.am b/doc/manuals/language.am -index 7670c88380c..f03c4cf71b4 100644 ---- a/doc/manuals/language.am -+++ b/doc/manuals/language.am -@@ -18,4 +18,4 @@ TRANSLATE_LANGUAGES = \ - oc.lang \ - pt.lang \ - ro.lang \ -- ru.lang -+ ru.lang -diff --git a/errors/aliases b/errors/aliases -index 36f17f4b80f..cf0116f297d 100644 ---- a/errors/aliases -+++ b/errors/aliases -@@ -14,7 +14,8 @@ da da-dk - de de-at de-ch de-de de-li de-lu - el el-gr - en en-au en-bz en-ca en-cn en-gb en-ie en-in en-jm en-nz en-ph en-sg en-tt en-uk en-us en-za en-zw --es es-ar es-bo es-cl es-co es-cr es-do es-ec es-es es-gt es-hn es-mx es-ni es-pa es-pe es-pr es-py es-sv es-us es-uy es-ve es-xl -+es es-ar es-bo es-cl es-cu es-co es-do es-ec es-es es-pe es-pr es-py es-us es-uy es-ve es-xl spq -+es-mx es-bz es-cr es-gt es-hn es-ni es-pa es-sv - et et-ee - fa fa-fa fa-ir - fi fi-fi -diff --git a/errors/language.am b/errors/language.am -index 12b1b2b3b43..029e8c1eb2f 100644 ---- a/errors/language.am -+++ b/errors/language.am -@@ -17,6 +17,7 @@ TRANSLATE_LANGUAGES = \ - de.lang \ - el.lang \ - en.lang \ -+ es-mx.lang \ - es.lang \ - et.lang \ - fa.lang \ -@@ -51,4 +52,4 @@ TRANSLATE_LANGUAGES = \ - uz.lang \ - vi.lang \ - zh-hans.lang \ -- zh-hant.lang -+ zh-hant.lang -diff --git a/errors/template.am b/errors/template.am -index 6c12781e6f4..715c65aa22b 100644 ---- a/errors/template.am -+++ b/errors/template.am -@@ -48,4 +48,4 @@ ERROR_TEMPLATES = \ - templates/ERR_UNSUP_REQ \ - templates/ERR_URN_RESOLVE \ - templates/ERR_WRITE_ERROR \ -- templates/ERR_ZERO_SIZE_OBJECT -+ templates/ERR_ZERO_SIZE_OBJECT diff --git a/squid-5.7-ip-bind-address-no-port.patch b/squid-5.7-ip-bind-address-no-port.patch deleted file mode 100644 index 55d9597..0000000 --- a/squid-5.7-ip-bind-address-no-port.patch +++ /dev/null @@ -1,156 +0,0 @@ -commit c54122584d175cf1d292b239a5b70f2d1aa77c3a -Author: Tomas Korbar -Date: Mon Dec 5 15:03:07 2022 +0100 - - Backport adding IP_BIND_ADDRESS_NO_PORT flag to outgoing connections - -diff --git a/src/comm.cc b/src/comm.cc -index b4818f3..b18d175 100644 ---- a/src/comm.cc -+++ b/src/comm.cc -@@ -59,6 +59,7 @@ - */ - - static IOCB commHalfClosedReader; -+static int comm_openex(int sock_type, int proto, Ip::Address &, int flags, const char *note); - static void comm_init_opened(const Comm::ConnectionPointer &conn, const char *note, struct addrinfo *AI); - static int comm_apply_flags(int new_socket, Ip::Address &addr, int flags, struct addrinfo *AI); - -@@ -76,6 +77,7 @@ static EVH commHalfClosedCheck; - static void commPlanHalfClosedCheck(); - - static Comm::Flag commBind(int s, struct addrinfo &); -+static void commSetBindAddressNoPort(int); - static void commSetReuseAddr(int); - static void commSetNoLinger(int); - #ifdef TCP_NODELAY -@@ -202,6 +204,22 @@ comm_local_port(int fd) - return F->local_addr.port(); - } - -+/// sets the IP_BIND_ADDRESS_NO_PORT socket option to optimize ephemeral port -+/// reuse by outgoing TCP connections that must bind(2) to a source IP address -+static void -+commSetBindAddressNoPort(const int fd) -+{ -+#if defined(IP_BIND_ADDRESS_NO_PORT) -+ int flag = 1; -+ if (setsockopt(fd, IPPROTO_IP, IP_BIND_ADDRESS_NO_PORT, reinterpret_cast(&flag), sizeof(flag)) < 0) { -+ const auto savedErrno = errno; -+ debugs(50, DBG_IMPORTANT, "ERROR: setsockopt(IP_BIND_ADDRESS_NO_PORT) failure: " << xstrerr(savedErrno)); -+ } -+#else -+ (void)fd; -+#endif -+} -+ - static Comm::Flag - commBind(int s, struct addrinfo &inaddr) - { -@@ -228,6 +246,10 @@ comm_open(int sock_type, - int flags, - const char *note) - { -+ // assume zero-port callers do not need to know the assigned port right away -+ if (sock_type == SOCK_STREAM && addr.port() == 0 && ((flags & COMM_DOBIND) || !addr.isAnyAddr())) -+ flags |= COMM_DOBIND_PORT_LATER; -+ - return comm_openex(sock_type, proto, addr, flags, note); - } - -@@ -329,7 +351,7 @@ comm_set_transparent(int fd) - * Create a socket. Default is blocking, stream (TCP) socket. IO_TYPE - * is OR of flags specified in defines.h:COMM_* - */ --int -+static int - comm_openex(int sock_type, - int proto, - Ip::Address &addr, -@@ -488,6 +510,9 @@ comm_apply_flags(int new_socket, - } - } - #endif -+ if ((flags & COMM_DOBIND_PORT_LATER)) -+ commSetBindAddressNoPort(new_socket); -+ - if (commBind(new_socket, *AI) != Comm::OK) { - comm_close(new_socket); - return -1; -diff --git a/src/comm.h b/src/comm.h -index 5a1a7c2..a9f33db 100644 ---- a/src/comm.h -+++ b/src/comm.h -@@ -43,7 +43,6 @@ void comm_import_opened(const Comm::ConnectionPointer &, const char *note, struc - - /** - * Open a port specially bound for listening or sending through a specific port. -- * This is a wrapper providing IPv4/IPv6 failover around comm_openex(). - * Please use for all listening sockets and bind() outbound sockets. - * - * It will open a socket bound for: -@@ -59,7 +58,6 @@ void comm_import_opened(const Comm::ConnectionPointer &, const char *note, struc - int comm_open_listener(int sock_type, int proto, Ip::Address &addr, int flags, const char *note); - void comm_open_listener(int sock_type, int proto, Comm::ConnectionPointer &conn, const char *note); - --int comm_openex(int, int, Ip::Address &, int, const char *); - unsigned short comm_local_port(int fd); - - int comm_udp_sendto(int sock, const Ip::Address &to, const void *buf, int buflen); -diff --git a/src/comm/ConnOpener.cc b/src/comm/ConnOpener.cc -index 19c1237..79fa2ed 100644 ---- a/src/comm/ConnOpener.cc -+++ b/src/comm/ConnOpener.cc -@@ -285,7 +285,7 @@ Comm::ConnOpener::createFd() - if (callback_ == NULL || callback_->canceled()) - return false; - -- temporaryFd_ = comm_openex(SOCK_STREAM, IPPROTO_TCP, conn_->local, conn_->flags, host_); -+ temporaryFd_ = comm_open(SOCK_STREAM, IPPROTO_TCP, conn_->local, conn_->flags, host_); - if (temporaryFd_ < 0) { - sendAnswer(Comm::ERR_CONNECT, 0, "Comm::ConnOpener::createFd"); - return false; -diff --git a/src/comm/Connection.h b/src/comm/Connection.h -index 40c2249..2641f4e 100644 ---- a/src/comm/Connection.h -+++ b/src/comm/Connection.h -@@ -52,6 +52,8 @@ namespace Comm - #define COMM_REUSEPORT 0x40 //< needs SO_REUSEPORT - /// not registered with Comm and not owned by any connection-closing code - #define COMM_ORPHANED 0x40 -+/// Internal Comm optimization: Keep the source port unassigned until connect(2) -+#define COMM_DOBIND_PORT_LATER 0x100 - - /** - * Store data about the physical and logical attributes of a connection. -diff --git a/src/ipc.cc b/src/ipc.cc -index 45cab52..42e11e6 100644 ---- a/src/ipc.cc -+++ b/src/ipc.cc -@@ -95,12 +95,12 @@ ipcCreate(int type, const char *prog, const char *const args[], const char *name - } else void(0) - - if (type == IPC_TCP_SOCKET) { -- crfd = cwfd = comm_open(SOCK_STREAM, -+ crfd = cwfd = comm_open_listener(SOCK_STREAM, - 0, - local_addr, - COMM_NOCLOEXEC, - name); -- prfd = pwfd = comm_open(SOCK_STREAM, -+ prfd = pwfd = comm_open_listener(SOCK_STREAM, - 0, /* protocol */ - local_addr, - 0, /* blocking */ -diff --git a/src/tests/stub_comm.cc b/src/tests/stub_comm.cc -index a1d33d6..bf4bea6 100644 ---- a/src/tests/stub_comm.cc -+++ b/src/tests/stub_comm.cc -@@ -48,7 +48,6 @@ int comm_open_uds(int sock_type, int proto, struct sockaddr_un* addr, int flags) - void comm_import_opened(const Comm::ConnectionPointer &, const char *note, struct addrinfo *AI) STUB - int comm_open_listener(int sock_type, int proto, Ip::Address &addr, int flags, const char *note) STUB_RETVAL(-1) - void comm_open_listener(int sock_type, int proto, Comm::ConnectionPointer &conn, const char *note) STUB --int comm_openex(int, int, Ip::Address &, int, tos_t tos, nfmark_t nfmark, const char *) STUB_RETVAL(-1) - unsigned short comm_local_port(int fd) STUB_RETVAL(0) - int comm_udp_sendto(int sock, const Ip::Address &to, const void *buf, int buflen) STUB_RETVAL(-1) - void commCallCloseHandlers(int fd) STUB diff --git a/squid-4.0.11-config.patch b/squid-6.1-config.patch similarity index 61% rename from squid-4.0.11-config.patch rename to squid-6.1-config.patch index a4faae8..9d2b192 100644 --- a/squid-4.0.11-config.patch +++ b/squid-6.1-config.patch @@ -1,7 +1,8 @@ -diff -up squid-4.0.11/src/cf.data.pre.config squid-4.0.11/src/cf.data.pre ---- squid-4.0.11/src/cf.data.pre.config 2016-06-09 22:32:57.000000000 +0200 -+++ squid-4.0.11/src/cf.data.pre 2016-07-11 21:08:35.090976840 +0200 -@@ -4658,7 +4658,7 @@ DOC_END +diff --git a/src/cf.data.pre b/src/cf.data.pre +index 44aa34d..12225bc 100644 +--- a/src/cf.data.pre ++++ b/src/cf.data.pre +@@ -5453,7 +5453,7 @@ DOC_END NAME: logfile_rotate TYPE: int @@ -10,7 +11,7 @@ diff -up squid-4.0.11/src/cf.data.pre.config squid-4.0.11/src/cf.data.pre LOC: Config.Log.rotateNumber DOC_START Specifies the default number of logfile rotations to make when you -@@ -6444,11 +6444,11 @@ COMMENT_END +@@ -7447,11 +7447,11 @@ COMMENT_END NAME: cache_mgr TYPE: string diff --git a/squid-3.1.0.9-location.patch b/squid-6.1-location.patch similarity index 100% rename from squid-3.1.0.9-location.patch rename to squid-6.1-location.patch diff --git a/squid-3.0.STABLE1-perlpath.patch b/squid-6.1-perlpath.patch similarity index 69% rename from squid-3.0.STABLE1-perlpath.patch rename to squid-6.1-perlpath.patch index 5ab22a0..8bfdbdf 100644 --- a/squid-3.0.STABLE1-perlpath.patch +++ b/squid-6.1-perlpath.patch @@ -1,10 +1,10 @@ diff --git a/contrib/url-normalizer.pl b/contrib/url-normalizer.pl -index 4cb0480..4b89910 100755 +index e965e9e..ed5ffcb 100755 --- a/contrib/url-normalizer.pl +++ b/contrib/url-normalizer.pl @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl -Tw +#!/usr/bin/perl -Tw # - # * Copyright (C) 1996-2023 The Squid Software Foundation and contributors + # * Copyright (C) 1996-2025 The Squid Software Foundation and contributors # * diff --git a/squid-6.1-symlink-lang-err.patch b/squid-6.1-symlink-lang-err.patch new file mode 100644 index 0000000..a29274b --- /dev/null +++ b/squid-6.1-symlink-lang-err.patch @@ -0,0 +1,26 @@ +diff --git a/errors/aliases b/errors/aliases +index c256106..38c123a 100644 +--- a/errors/aliases ++++ b/errors/aliases +@@ -14,8 +14,7 @@ da da-dk + de de-at de-ch de-de de-li de-lu + el el-gr + en en-au en-bz en-ca en-cn en-gb en-ie en-in en-jm en-nz en-ph en-sg en-tt en-uk en-us en-za en-zw +-es es-ar es-bo es-cl es-cu es-co es-do es-ec es-es es-pe es-pr es-py es-us es-uy es-ve es-xl spq +-es-mx es-bz es-cr es-gt es-hn es-ni es-pa es-sv ++es es-ar es-bo es-cl es-co es-cr es-do es-ec es-es es-gt es-hn es-mx es-ni es-pa es-pe es-pr es-py es-sv es-us es-uy es-ve es-xl + et et-ee + fa fa-fa fa-ir + fi fi-fi +diff --git a/errors/language.am b/errors/language.am +index a437d17..f2fe463 100644 +--- a/errors/language.am ++++ b/errors/language.am +@@ -19,7 +19,6 @@ LANGUAGE_FILES = \ + de.lang \ + el.lang \ + en.lang \ +- es-mx.lang \ + es.lang \ + et.lang \ + fa.lang \ diff --git a/squid.service b/squid.service index 6978032..09c68cc 100644 --- a/squid.service +++ b/squid.service @@ -8,11 +8,14 @@ Type=notify LimitNOFILE=16384 PIDFile=/run/squid.pid EnvironmentFile=/etc/sysconfig/squid -ExecStartPre=/usr/libexec/squid/cache_swap.sh -ExecStart=/usr/sbin/squid --foreground $SQUID_OPTS -f ${SQUID_CONF} -ExecReload=/usr/bin/kill -HUP $MAINPID +ExecStartPre=!/usr/libexec/squid/cache_swap.sh +ExecStart=!/usr/sbin/squid --foreground $SQUID_OPTS -f ${SQUID_CONF} +ExecReload=!/usr/bin/kill -HUP $MAINPID KillMode=mixed NotifyAccess=all +User=squid +Group=squid +RuntimeDirectory=squid [Install] WantedBy=multi-user.target diff --git a/squid.spec b/squid.spec index 7db39f3..84d079b 100644 --- a/squid.spec +++ b/squid.spec @@ -1,16 +1,17 @@ %define __perl_requires %{SOURCE98} +%define version_underscore %(echo %{version} | tr '.' '_') Name: squid -Version: 5.9 +Version: 7.3 Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code -License: GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain) +License: GPL-2.0-or-later AND (LGPL-2.0-or-later AND MIT AND BSD-2-Clause AND BSD-3-Clause AND BSD-4-Clause AND BSD-4-Clause-UC AND LicenseRef-Fedora-Public-Domain AND Beerware) URL: http://www.squid-cache.org -Source0: http://www.squid-cache.org/Versions/v5/squid-%{version}.tar.xz -Source1: http://www.squid-cache.org/Versions/v5/squid-%{version}.tar.xz.asc +Source0: https://github.com/squid-cache/squid/releases/download/SQUID_%{version_underscore}/squid-%{version}.tar.xz +Source1: https://github.com/squid-cache/squid/releases/download/SQUID_%{version_underscore}/squid-%{version}.tar.xz.asc Source2: http://www.squid-cache.org/pgp.asc Source3: squid.logrotate Source4: squid.sysconfig @@ -25,18 +26,17 @@ Source98: perl-requires-squid.sh # Upstream patches # Backported patches -Patch101: squid-5.7-ip-bind-address-no-port.patch +# Patch101: squid-7.1-.....patch # Local patches # Applying upstream patches first makes it less likely that local patches # will break upstream ones. -Patch201: squid-4.0.11-config.patch -Patch202: squid-3.1.0.9-location.patch -Patch203: squid-3.0.STABLE1-perlpath.patch -Patch204: squid-3.5.9-include-guards.patch +Patch201: squid-6.1-config.patch +Patch202: squid-6.1-location.patch +Patch203: squid-6.1-perlpath.patch # revert this upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=1936422 # workaround for #1934919 -Patch205: squid-5.0.5-symlink-lang-err.patch +Patch204: squid-6.1-symlink-lang-err.patch # cache_swap.sh Requires: bash gawk @@ -54,8 +54,6 @@ BuildRequires: openssl-devel BuildRequires: krb5-devel # time_quota requires TrivialDB BuildRequires: libtdb-devel -# ESI support requires Expat & libxml2 -BuildRequires: expat-devel libxml2-devel # TPROXY requires libcap, and also increases security somewhat BuildRequires: libcap-devel # eCAP support @@ -63,12 +61,13 @@ BuildRequires: libecap-devel #ip_user helper requires BuildRequires: gcc-c++ BuildRequires: libtool libtool-ltdl-devel +BuildRequires: libxcrypt-devel BuildRequires: perl-generators # For test suite BuildRequires: pkgconfig(cppunit) # For verifying downloded src tarball BuildRequires: gnupg2 -# for _tmpfilesdir and _unitdir macro +# for _unitdir macro # see https://docs.fedoraproject.org/en-US/packaging-guidelines/Systemd/#_packaging BuildRequires: systemd-rpm-macros # systemd notify @@ -82,7 +81,7 @@ Conflicts: NetworkManager < 1.20 %description Squid is a high-performance proxy caching server for Web clients, -supporting FTP, gopher, and HTTP data objects. Unlike traditional +supporting FTP and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking @@ -94,19 +93,8 @@ lookup program (dnsserver), a program for retrieving FTP data %prep %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' -%setup -q -# Upstream patches - -# Backported patches -%patch101 -p1 -b .ip-bind-address-no-port - -# Local patches -%patch201 -p1 -b .config -%patch202 -p1 -b .location -%patch203 -p1 -b .perlpath -%patch204 -p0 -b .include-guards -%patch205 -p1 -R -b .symlink-lang-err +%autosetup -p1 # https://bugzilla.redhat.com/show_bug.cgi?id=1679526 # Patch in the vendor documentation and used different location for documentation @@ -126,8 +114,8 @@ sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented --enable-eui \ --enable-follow-x-forwarded-for \ --enable-auth \ - --enable-auth-basic="DB,fake,getpwnam,LDAP,NCSA,PAM,POP3,RADIUS,SASL,SMB,SMB_LM" \ - --enable-auth-ntlm="SMB_LM,fake" \ + --enable-auth-basic="DB,fake,getpwnam,LDAP,NCSA,PAM,POP3,RADIUS,SASL,SMB" \ + --enable-auth-ntlm="fake" \ --enable-auth-digest="file,LDAP" \ --enable-auth-negotiate="kerberos" \ --enable-external-acl-helpers="LDAP_group,time_quota,session,unix_group,wbinfo_group,kerberos_ldap_group" \ @@ -149,7 +137,7 @@ sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented --enable-storeio="aufs,diskd,ufs,rock" \ --enable-diskio \ --enable-wccpv2 \ - --enable-esi \ + --disable-esi \ --enable-ecap \ --with-aio \ --with-default-user="squid" \ @@ -159,12 +147,13 @@ sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented --disable-arch-native \ --disable-security-cert-validators \ --disable-strict-error-checking \ - --with-swapdir=%{_localstatedir}/spool/squid + --with-swapdir=%{_localstatedir}/spool/squid \ + --enable-translation # workaround to build squid v5 -mkdir -p src/icmp/tests -mkdir -p tools/squidclient/tests -mkdir -p tools/tests +#mkdir -p src/icmp/tests +#mkdir -p tools/squidclient/tests +#mkdir -p tools/tests %make_build @@ -205,17 +194,8 @@ install -m 644 $RPM_BUILD_ROOT/squid.httpd.tmp $RPM_BUILD_ROOT%{_sysconfdir}/htt install -m 755 %{SOURCE6} $RPM_BUILD_ROOT%{_prefix}/lib/NetworkManager/dispatcher.d/20-squid mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/squid mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/spool/squid -mkdir -p $RPM_BUILD_ROOT/run/squid chmod 644 contrib/url-normalizer.pl contrib/user-agents.pl -# install /usr/lib/tmpfiles.d/squid.conf -mkdir -p ${RPM_BUILD_ROOT}%{_tmpfilesdir} -cat > ${RPM_BUILD_ROOT}%{_tmpfilesdir}/squid.conf < - 7:7.3-1 +- new version 7.3 + +* Fri Oct 17 2025 Luboš Uhliarik - 7:7.2-1 +- new version 7.2 + +* Thu Sep 11 2025 Luboš Uhliarik - 7:7.1-3 +- Support provider keys that require NULL digest + +* Thu Aug 14 2025 Luboš Uhliarik - 7:7.1-1 +- new version 7.1 +- removed squidclient +- removed purge +- removed cachemgr.cgi +- removed basic_smb_lm_auth and ntlm_smb_lm_auth helpers + +* Fri Jul 25 2025 Fedora Release Engineering - 7:6.14-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + +* Mon Jul 21 2025 Luboš Uhliarik - 7:6.14-1 +- new version 6.14 + +* Wed Mar 12 2025 Luboš Uhliarik - 7:6.13-2 +- Do not blame cache_peer for 4xx CONNECT responses + +* Tue Feb 04 2025 Luboš Uhliarik - 7:6.13-1 +- new version 6.13 + +* Sat Feb 01 2025 Björn Esser - 7:6.12-5 +- Add explicit BR: libxcrypt-devel + +* Sun Jan 19 2025 Fedora Release Engineering - 7:6.12-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + +* Fri Nov 01 2024 Luboš Uhliarik - 7:6.12-3 +- better error handling in cache_swap.sh +- added RuntimeDirectory to systemd service file + +* Fri Nov 01 2024 Luboš Uhliarik - 7:6.12-2 +- Disable ESI support since ESI support has been also removed from squid 7 +- Resolves: CVE-2024-45802 squid: Denial of Service processing ESI + response content + +* Wed Oct 23 2024 Luboš Uhliarik - 7:6.12-1 +- new version 6.12 +- Fix TCP_MISS_ABORTED/100 erros when uploading + +* Fri Oct 11 2024 Luboš Uhliarik - 7:6.11-2 +- ignore SP and HTAB chars after chunk-size + +* Wed Sep 25 2024 Luboš Uhliarik - 7:6.11-1 +- new version 6.11 + +* Sat Jul 20 2024 Fedora Release Engineering - 7:6.10-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Mon Jul 01 2024 Luboš Uhliarik - 7:6.10-1 +- new version 6.10 +- Resolves: #2294354 - CVE-2024-37894 squid: Out-of-bounds write error may + lead to Denial of Service + +* Tue Apr 16 2024 Luboš Uhliarik - 7:6.9-1 +- Resolves: #2262715 - squid-6.9 is available + +* Sat Mar 09 2024 Luboš Uhliarik - 7:6.8-1 +- new version 6.8 + +* Mon Feb 12 2024 Luboš Uhliarik - 7:6.7-1 +- new version 6.7 +- switch to autosetup +- fix FTBFS when using gcc14 + +* Sat Jan 27 2024 Fedora Release Engineering - 7:6.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Wed Dec 13 2023 Yaakov Selkowitz - 7:6.6-1 +- new version 6.6 + +* Tue Nov 07 2023 Luboš Uhliarik - 7:6.5-1 +- new version 6.5 + +* Tue Oct 24 2023 Luboš Uhliarik - 7:6.4-1 +- new version 6.4 + +* Thu Sep 14 2023 Luboš Uhliarik - 7:6.3-2 +- SPDX migration + +* Tue Sep 05 2023 Luboš Uhliarik - 7:6.3-1 +- new version 6.3 + +* Wed Aug 16 2023 Luboš Uhliarik - 7:6.2-1 +- new version 6.2 + +* Fri Aug 04 2023 Luboš Uhliarik - 7:6.1-3 +- Fix "!commHasHalfClosedMonitor(fd)" assertion + +* Sat Jul 22 2023 Fedora Release Engineering - 7:6.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Tue Jul 11 2023 Luboš Uhliarik - 7:6.1-1 +- new version 6.1 + * Tue May 09 2023 Luboš Uhliarik - 7:5.9-1 - new version 5.9