new version 7.3

- use upstream patch

.gitignore

@@ -1,2 +1,2 @@
 /*.asc
-/*.xz
+/*.xz

cache_swap.sh

@@ -17,5 +17,8 @@ done
 
 if [ $init_cache_dirs -ne 0 ]; then
 	echo ""
-	squid --foreground -z -f "$SQUID_CONF" >> /var/log/squid/squid.out 2>&1
+	if ! squid --foreground -z -f "$SQUID_CONF" >> /var/log/squid/squid.out 2>&1; then
+		echo "init_cache_dir failed, see /var/log/squid/squid.out for more information"
+		exit 1
+	fi
 fi

sources

@@ -1,3 +1,3 @@
-SHA512 (squid-5.9.tar.xz) = 7dc366ef6b2a397ca6adec993c05876949de5f5e72a8a4409c9c9c52c42a8a4b37f58e85a171eebd36a166951f6c764176cfebec30019b299abe34a5adc4e5ac
-SHA512 (squid-5.9.tar.xz.asc) = e2852d45645effc1a94f3ff13471a6dfc0721b42c9c162c06d7ac8613a46e4e3e580ec2dd8371b93ef68d2d197008398926003c35c4e8468cae2871d740491a0
-SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2
+SHA512 (squid-7.3.tar.xz) = ad6bbe518d79d079f7fe5d1ee9ae7a3f49b28ba75afdb1f0db16675e1e4127be2bc30dd246b00576f29e987c08c41dbff50c8227166ae3955c460ff837a89e2b
+SHA512 (squid-7.3.tar.xz.asc) = c6774627e0408d1feed5a00489ca95467f001261b201b82c3ab9c450856fe5ad27e50d43db7a2afe2aaff88930981f783315a1b764cac5619543852e93338273
+SHA512 (pgp.asc) = b1e1dd5ead34711f064a12a324b2f156ad4835330d861eae4032926b8a6cd07c0eacc76f52518d47ed5a8ead4695f5abd02f2b4190af8e7833bd3ea31453569d

squid-3.5.9-include-guards.patch

@@ -1,95 +0,0 @@
-------------------------------------------------------------
-revno: 14311
-revision-id: squid3@treenet.co.nz-20150924130537-lqwzd1z99a3l9gt4
-parent: squid3@treenet.co.nz-20150924032241-6cx3g6hwz9xfoybr
-------------------------------------------------------------
-revno: 14311
-revision-id: squid3@treenet.co.nz-20150924130537-lqwzd1z99a3l9gt4
-parent: squid3@treenet.co.nz-20150924032241-6cx3g6hwz9xfoybr
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4323
-author: Francesco Chemolli <kinkie@squid-cache.org>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: trunk
-timestamp: Thu 2015-09-24 06:05:37 -0700
-message:
-  Bug 4323: Netfilter broken cross-includes with Linux 4.2
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20150924130537-lqwzd1z99a3l9gt4
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/trunk/
-# testament_sha1: c67cfca81040f3845d7c4caf2f40518511f14d0b
-# timestamp: 2015-09-24 13:06:33 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/trunk
-# base_revision_id: squid3@treenet.co.nz-20150924032241-\
-#   6cx3g6hwz9xfoybr
-# 
-# Begin patch
-=== modified file 'compat/os/linux.h'
---- compat/os/linux.h	2015-01-13 07:25:36 +0000
-+++ compat/os/linux.h	2015-09-24 13:05:37 +0000
-@@ -30,6 +30,21 @@
- #endif
- 
- /*
-+ * Netfilter header madness. (see Bug 4323)
-+ *
-+ * Netfilter have a history of defining their own versions of network protocol
-+ * primitives without sufficient protection against the POSIX defines which are
-+ * aways present in Linux.
-+ *
-+ * netinet/in.h must be included before any other sys header in order to properly
-+ * activate include guards in <linux/libc-compat.h> the kernel maintainers added
-+ * to workaround it.
-+ */
-+#if HAVE_NETINET_IN_H
-+#include <netinet/in.h>
-+#endif
-+
-+/*
-  * sys/capability.h is only needed in Linux apparently.
-  *
-  * HACK: LIBCAP_BROKEN Ugly glue to get around linux header madness colliding with glibc
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4323
-author: Francesco Chemolli <kinkie@squid-cache.org>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: trunk
-timestamp: Thu 2015-09-24 06:05:37 -0700
-message:
-  Bug 4323: Netfilter broken cross-includes with Linux 4.2
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20150924130537-lqwzd1z99a3l9gt4
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/trunk/
-# testament_sha1: c67cfca81040f3845d7c4caf2f40518511f14d0b
-# timestamp: 2015-09-24 13:06:33 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/trunk
-# base_revision_id: squid3@treenet.co.nz-20150924032241-\
-#   6cx3g6hwz9xfoybr
-# 
-# Begin patch
-=== modified file 'compat/os/linux.h'
---- compat/os/linux.h	2015-01-13 07:25:36 +0000
-+++ compat/os/linux.h	2015-09-24 13:05:37 +0000
-@@ -30,6 +30,21 @@
- #endif
- 
- /*
-+ * Netfilter header madness. (see Bug 4323)
-+ *
-+ * Netfilter have a history of defining their own versions of network protocol
-+ * primitives without sufficient protection against the POSIX defines which are
-+ * aways present in Linux.
-+ *
-+ * netinet/in.h must be included before any other sys header in order to properly
-+ * activate include guards in <linux/libc-compat.h> the kernel maintainers added
-+ * to workaround it.
-+ */
-+#if HAVE_NETINET_IN_H
-+#include <netinet/in.h>
-+#endif
-+
-+/*
-  * sys/capability.h is only needed in Linux apparently.
-  *
-  * HACK: LIBCAP_BROKEN Ugly glue to get around linux header madness colliding with glibc
-

squid-5.0.5-build-errors.patch

@@ -1,116 +0,0 @@
-diff --git a/src/Makefile.am b/src/Makefile.am
-index 81403a7..5e2a493 100644
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -2477,6 +2477,7 @@ tests_testHttpRequest_LDADD = \
- 	$(SSLLIB) \
- 	$(KRB5LIBS) \
- 	$(LIBCPPUNIT_LIBS) \
-+	$(SYSTEMD_LIBS) \
- 	$(COMPAT_LIB) \
- 	$(XTRA_LIBS)
- tests_testHttpRequest_LDFLAGS = $(LIBADD_DL)
-@@ -2781,6 +2782,7 @@ tests_testCacheManager_LDADD = \
- 	$(SSLLIB) \
- 	$(KRB5LIBS) \
- 	$(LIBCPPUNIT_LIBS) \
-+	$(SYSTEMD_LIBS) \
- 	$(COMPAT_LIB) \
- 	$(XTRA_LIBS)
- tests_testCacheManager_LDFLAGS = $(LIBADD_DL)
-@@ -3101,6 +3103,7 @@ tests_testEvent_LDADD = \
- 	$(SSLLIB) \
- 	$(KRB5LIBS) \
- 	$(LIBCPPUNIT_LIBS) \
-+	$(SYSTEMD_LIBS) \
- 	$(COMPAT_LIB) \
- 	$(XTRA_LIBS)
- tests_testEvent_LDFLAGS = $(LIBADD_DL)
-@@ -3339,6 +3342,7 @@ tests_testEventLoop_LDADD = \
- 	$(SSLLIB) \
- 	$(KRB5LIBS) \
- 	$(LIBCPPUNIT_LIBS) \
-+	$(SYSTEMD_LIBS) \
- 	$(COMPAT_LIB) \
- 	$(XTRA_LIBS)
- tests_testEventLoop_LDFLAGS = $(LIBADD_DL)
-diff --git a/src/Makefile.in b/src/Makefile.in
-index fda6de6..4e047cc 100644
---- a/src/Makefile.in
-+++ b/src/Makefile.in
-@@ -4581,6 +4581,7 @@ tests_test_http_range_LDADD = \
- 	$(SSLLIB) \
- 	$(KRB5LIBS) \
- 	$(LIBCPPUNIT_LIBS) \
-+	$(SYSTEMD_LIBS) \
- 	$(COMPAT_LIB) \
- 	$(XTRA_LIBS)
- 
-@@ -4972,6 +4973,7 @@ tests_testHttpRequest_LDADD = \
- 	$(SSLLIB) \
- 	$(KRB5LIBS) \
- 	$(LIBCPPUNIT_LIBS) \
-+	$(SYSTEMD_LIBS) \
- 	$(COMPAT_LIB) \
- 	$(XTRA_LIBS)
- 
-@@ -5274,6 +5276,7 @@ tests_testCacheManager_LDADD = \
- 	$(SSLLIB) \
- 	$(KRB5LIBS) \
- 	$(LIBCPPUNIT_LIBS) \
-+	$(SYSTEMD_LIBS) \
- 	$(COMPAT_LIB) \
- 	$(XTRA_LIBS)
- 
-@@ -5593,6 +5596,7 @@ tests_testEvent_LDADD = \
- 	$(SSLLIB) \
- 	$(KRB5LIBS) \
- 	$(LIBCPPUNIT_LIBS) \
-+	$(SYSTEMD_LIBS) \
- 	$(COMPAT_LIB) \
- 	$(XTRA_LIBS)
- 
-@@ -5832,6 +5836,7 @@ tests_testEventLoop_LDADD = \
- 	$(SSLLIB) \
- 	$(KRB5LIBS) \
- 	$(LIBCPPUNIT_LIBS) \
-+	$(SYSTEMD_LIBS) \
- 	$(COMPAT_LIB) \
- 	$(XTRA_LIBS)
- 
-diff --git a/src/proxyp/Parser.cc b/src/proxyp/Parser.cc
-index 328d207..2f358a7 100644
---- a/src/proxyp/Parser.cc
-+++ b/src/proxyp/Parser.cc
-@@ -15,6 +15,7 @@
- #include "sbuf/Stream.h"
- 
- #include <algorithm>
-+#include <limits>
- 
- #if HAVE_SYS_SOCKET_H
- #include <sys/socket.h>
-diff --git a/src/security/ServerOptions.cc b/src/security/ServerOptions.cc
-index e114ed8..22bce84 100644
---- a/src/security/ServerOptions.cc
-+++ b/src/security/ServerOptions.cc
-@@ -18,6 +18,7 @@
- #if USE_OPENSSL
- #include "compat/openssl.h"
- #include "ssl/support.h"
-+#include <limits>
- 
- #if HAVE_OPENSSL_ERR_H
- #include <openssl/err.h>
-diff --git a/src/acl/ConnMark.cc b/src/acl/ConnMark.cc
-index 1fdae0c..213cf39 100644
---- a/src/acl/ConnMark.cc
-+++ b/src/acl/ConnMark.cc
-@@ -15,6 +15,7 @@
- #include "Debug.h"
- #include "http/Stream.h"
- #include "sbuf/Stream.h"
-+#include <limits>
- 
- bool
- Acl::ConnMark::empty() const

squid-5.0.5-symlink-lang-err.patch

@@ -1,68 +0,0 @@
-From fc01451000eaa5592cd5afbd6aee14e53f7dd2c3 Mon Sep 17 00:00:00 2001
-From: Amos Jeffries <amosjeffries@squid-cache.org>
-Date: Sun, 18 Oct 2020 20:23:10 +1300
-Subject: [PATCH] Update translations integration
-
-* Add credits for es-mx translation moderator
-* Use es-mx for default of all Spanish (Central America) texts
-* Update translation related .am files
----
- doc/manuals/language.am | 2 +-
- errors/TRANSLATORS      | 1 +
- errors/aliases          | 3 ++-
- errors/language.am      | 3 ++-
- errors/template.am      | 2 +-
- 5 files changed, 7 insertions(+), 4 deletions(-)
-
-diff --git a/doc/manuals/language.am b/doc/manuals/language.am
-index 7670c88380c..f03c4cf71b4 100644
---- a/doc/manuals/language.am
-+++ b/doc/manuals/language.am
-@@ -18,4 +18,4 @@ TRANSLATE_LANGUAGES = \
-     oc.lang \
-     pt.lang \
-     ro.lang \
--    ru.lang 
-+    ru.lang
-diff --git a/errors/aliases b/errors/aliases
-index 36f17f4b80f..cf0116f297d 100644
---- a/errors/aliases
-+++ b/errors/aliases
-@@ -14,7 +14,8 @@ da	da-dk
- de	de-at de-ch de-de de-li de-lu
- el	el-gr
- en	en-au en-bz en-ca en-cn en-gb en-ie en-in en-jm en-nz en-ph en-sg en-tt en-uk en-us en-za en-zw
--es	es-ar es-bo es-cl es-co es-cr es-do es-ec es-es es-gt es-hn es-mx es-ni es-pa es-pe es-pr es-py es-sv es-us es-uy es-ve es-xl
-+es	es-ar es-bo es-cl es-cu es-co es-do es-ec es-es es-pe es-pr es-py es-us es-uy es-ve es-xl spq
-+es-mx	es-bz es-cr es-gt es-hn es-ni es-pa es-sv
- et	et-ee
- fa	fa-fa fa-ir
- fi	fi-fi
-diff --git a/errors/language.am b/errors/language.am
-index 12b1b2b3b43..029e8c1eb2f 100644
---- a/errors/language.am
-+++ b/errors/language.am
-@@ -17,6 +17,7 @@ TRANSLATE_LANGUAGES = \
-     de.lang \
-     el.lang \
-     en.lang \
-+    es-mx.lang \
-     es.lang \
-     et.lang \
-     fa.lang \
-@@ -51,4 +52,4 @@ TRANSLATE_LANGUAGES = \
-     uz.lang \
-     vi.lang \
-     zh-hans.lang \
--    zh-hant.lang 
-+    zh-hant.lang
-diff --git a/errors/template.am b/errors/template.am
-index 6c12781e6f4..715c65aa22b 100644
---- a/errors/template.am
-+++ b/errors/template.am
-@@ -48,4 +48,4 @@ ERROR_TEMPLATES = \
-     templates/ERR_UNSUP_REQ \
-     templates/ERR_URN_RESOLVE \
-     templates/ERR_WRITE_ERROR \
--    templates/ERR_ZERO_SIZE_OBJECT 
-+    templates/ERR_ZERO_SIZE_OBJECT

squid-5.7-ip-bind-address-no-port.patch

@@ -1,156 +0,0 @@
-commit c54122584d175cf1d292b239a5b70f2d1aa77c3a
-Author: Tomas Korbar <tkorbar@redhat.com>
-Date:   Mon Dec 5 15:03:07 2022 +0100
-
-    Backport adding IP_BIND_ADDRESS_NO_PORT flag to outgoing connections
-
-diff --git a/src/comm.cc b/src/comm.cc
-index b4818f3..b18d175 100644
---- a/src/comm.cc
-+++ b/src/comm.cc
-@@ -59,6 +59,7 @@
-  */
- 
- static IOCB commHalfClosedReader;
-+static int comm_openex(int sock_type, int proto, Ip::Address &, int flags, const char *note);
- static void comm_init_opened(const Comm::ConnectionPointer &conn, const char *note, struct addrinfo *AI);
- static int comm_apply_flags(int new_socket, Ip::Address &addr, int flags, struct addrinfo *AI);
- 
-@@ -76,6 +77,7 @@ static EVH commHalfClosedCheck;
- static void commPlanHalfClosedCheck();
- 
- static Comm::Flag commBind(int s, struct addrinfo &);
-+static void commSetBindAddressNoPort(int);
- static void commSetReuseAddr(int);
- static void commSetNoLinger(int);
- #ifdef TCP_NODELAY
-@@ -202,6 +204,22 @@ comm_local_port(int fd)
-     return F->local_addr.port();
- }
- 
-+/// sets the IP_BIND_ADDRESS_NO_PORT socket option to optimize ephemeral port
-+/// reuse by outgoing TCP connections that must bind(2) to a source IP address
-+static void
-+commSetBindAddressNoPort(const int fd)
-+{
-+#if defined(IP_BIND_ADDRESS_NO_PORT)
-+    int flag = 1;
-+    if (setsockopt(fd, IPPROTO_IP, IP_BIND_ADDRESS_NO_PORT, reinterpret_cast<char*>(&flag), sizeof(flag)) < 0) {
-+        const auto savedErrno = errno;
-+        debugs(50, DBG_IMPORTANT, "ERROR: setsockopt(IP_BIND_ADDRESS_NO_PORT) failure: " << xstrerr(savedErrno));
-+    }
-+#else
-+    (void)fd;
-+#endif
-+}
-+
- static Comm::Flag
- commBind(int s, struct addrinfo &inaddr)
- {
-@@ -228,6 +246,10 @@ comm_open(int sock_type,
-           int flags,
-           const char *note)
- {
-+        // assume zero-port callers do not need to know the assigned port right away
-+    if (sock_type == SOCK_STREAM && addr.port() == 0 && ((flags & COMM_DOBIND) || !addr.isAnyAddr()))
-+        flags |= COMM_DOBIND_PORT_LATER;
-+
-     return comm_openex(sock_type, proto, addr, flags, note);
- }
- 
-@@ -329,7 +351,7 @@ comm_set_transparent(int fd)
-  * Create a socket. Default is blocking, stream (TCP) socket.  IO_TYPE
-  * is OR of flags specified in defines.h:COMM_*
-  */
--int
-+static int
- comm_openex(int sock_type,
-             int proto,
-             Ip::Address &addr,
-@@ -488,6 +510,9 @@ comm_apply_flags(int new_socket,
-             }
-         }
- #endif
-+        if ((flags & COMM_DOBIND_PORT_LATER))
-+            commSetBindAddressNoPort(new_socket);
-+
-         if (commBind(new_socket, *AI) != Comm::OK) {
-             comm_close(new_socket);
-             return -1;
-diff --git a/src/comm.h b/src/comm.h
-index 5a1a7c2..a9f33db 100644
---- a/src/comm.h
-+++ b/src/comm.h
-@@ -43,7 +43,6 @@ void comm_import_opened(const Comm::ConnectionPointer &, const char *note, struc
- 
- /**
-  * Open a port specially bound for listening or sending through a specific port.
-- * This is a wrapper providing IPv4/IPv6 failover around comm_openex().
-  * Please use for all listening sockets and bind() outbound sockets.
-  *
-  * It will open a socket bound for:
-@@ -59,7 +58,6 @@ void comm_import_opened(const Comm::ConnectionPointer &, const char *note, struc
- int comm_open_listener(int sock_type, int proto, Ip::Address &addr, int flags, const char *note);
- void comm_open_listener(int sock_type, int proto, Comm::ConnectionPointer &conn, const char *note);
- 
--int comm_openex(int, int, Ip::Address &, int, const char *);
- unsigned short comm_local_port(int fd);
- 
- int comm_udp_sendto(int sock, const Ip::Address &to, const void *buf, int buflen);
-diff --git a/src/comm/ConnOpener.cc b/src/comm/ConnOpener.cc
-index 19c1237..79fa2ed 100644
---- a/src/comm/ConnOpener.cc
-+++ b/src/comm/ConnOpener.cc
-@@ -285,7 +285,7 @@ Comm::ConnOpener::createFd()
-     if (callback_ == NULL || callback_->canceled())
-         return false;
- 
--    temporaryFd_ = comm_openex(SOCK_STREAM, IPPROTO_TCP, conn_->local, conn_->flags, host_);
-+    temporaryFd_ = comm_open(SOCK_STREAM, IPPROTO_TCP, conn_->local, conn_->flags, host_);
-     if (temporaryFd_ < 0) {
-         sendAnswer(Comm::ERR_CONNECT, 0, "Comm::ConnOpener::createFd");
-         return false;
-diff --git a/src/comm/Connection.h b/src/comm/Connection.h
-index 40c2249..2641f4e 100644
---- a/src/comm/Connection.h
-+++ b/src/comm/Connection.h
-@@ -52,6 +52,8 @@ namespace Comm
- #define COMM_REUSEPORT          0x40 //< needs SO_REUSEPORT
- /// not registered with Comm and not owned by any connection-closing code
- #define COMM_ORPHANED           0x40
-+/// Internal Comm optimization: Keep the source port unassigned until connect(2)
-+#define COMM_DOBIND_PORT_LATER 0x100
- 
- /**
-  * Store data about the physical and logical attributes of a connection.
-diff --git a/src/ipc.cc b/src/ipc.cc
-index 45cab52..42e11e6 100644
---- a/src/ipc.cc
-+++ b/src/ipc.cc
-@@ -95,12 +95,12 @@ ipcCreate(int type, const char *prog, const char *const args[], const char *name
-     } else void(0)
- 
-     if (type == IPC_TCP_SOCKET) {
--        crfd = cwfd = comm_open(SOCK_STREAM,
-+        crfd = cwfd = comm_open_listener(SOCK_STREAM,
-                                 0,
-                                 local_addr,
-                                 COMM_NOCLOEXEC,
-                                 name);
--        prfd = pwfd = comm_open(SOCK_STREAM,
-+        prfd = pwfd = comm_open_listener(SOCK_STREAM,
-                                 0,          /* protocol */
-                                 local_addr,
-                                 0,          /* blocking */
-diff --git a/src/tests/stub_comm.cc b/src/tests/stub_comm.cc
-index a1d33d6..bf4bea6 100644
---- a/src/tests/stub_comm.cc
-+++ b/src/tests/stub_comm.cc
-@@ -48,7 +48,6 @@ int comm_open_uds(int sock_type, int proto, struct sockaddr_un* addr, int flags)
- void comm_import_opened(const Comm::ConnectionPointer &, const char *note, struct addrinfo *AI) STUB
- int comm_open_listener(int sock_type, int proto, Ip::Address &addr, int flags, const char *note) STUB_RETVAL(-1)
- void comm_open_listener(int sock_type, int proto, Comm::ConnectionPointer &conn, const char *note) STUB
--int comm_openex(int, int, Ip::Address &, int, tos_t tos, nfmark_t nfmark, const char *) STUB_RETVAL(-1)
- unsigned short comm_local_port(int fd) STUB_RETVAL(0)
- int comm_udp_sendto(int sock, const Ip::Address &to, const void *buf, int buflen) STUB_RETVAL(-1)
- void commCallCloseHandlers(int fd) STUB

squid-6.1-config.patch

@@ -1,7 +1,8 @@
-diff -up squid-4.0.11/src/cf.data.pre.config squid-4.0.11/src/cf.data.pre
---- squid-4.0.11/src/cf.data.pre.config	2016-06-09 22:32:57.000000000 +0200
-+++ squid-4.0.11/src/cf.data.pre	2016-07-11 21:08:35.090976840 +0200
-@@ -4658,7 +4658,7 @@ DOC_END
+diff --git a/src/cf.data.pre b/src/cf.data.pre
+index 44aa34d..12225bc 100644
+--- a/src/cf.data.pre
++++ b/src/cf.data.pre
+@@ -5453,7 +5453,7 @@ DOC_END
  
  NAME: logfile_rotate
  TYPE: int
@@ -10,7 +11,7 @@ diff -up squid-4.0.11/src/cf.data.pre.config squid-4.0.11/src/cf.data.pre
  LOC: Config.Log.rotateNumber
  DOC_START
  	Specifies the default number of logfile rotations to make when you
-@@ -6444,11 +6444,11 @@ COMMENT_END
+@@ -7447,11 +7447,11 @@ COMMENT_END
  
  NAME: cache_mgr
  TYPE: string

squid-6.1-perlpath.patch

@@ -1,10 +1,10 @@
 diff --git a/contrib/url-normalizer.pl b/contrib/url-normalizer.pl
-index 4cb0480..4b89910 100755
+index e965e9e..ed5ffcb 100755
 --- a/contrib/url-normalizer.pl
 +++ b/contrib/url-normalizer.pl
 @@ -1,4 +1,4 @@
 -#!/usr/local/bin/perl -Tw
 +#!/usr/bin/perl -Tw
  #
- # * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
+ # * Copyright (C) 1996-2025 The Squid Software Foundation and contributors
  # *

squid-6.1-symlink-lang-err.patch

@@ -0,0 +1,26 @@
+diff --git a/errors/aliases b/errors/aliases
+index c256106..38c123a 100644
+--- a/errors/aliases
++++ b/errors/aliases
+@@ -14,8 +14,7 @@ da	da-dk
+ de	de-at de-ch de-de de-li de-lu
+ el	el-gr
+ en	en-au en-bz en-ca en-cn en-gb en-ie en-in en-jm en-nz en-ph en-sg en-tt en-uk en-us en-za en-zw
+-es	es-ar es-bo es-cl es-cu es-co es-do es-ec es-es es-pe es-pr es-py es-us es-uy es-ve es-xl spq
+-es-mx	es-bz es-cr es-gt es-hn es-ni es-pa es-sv
++es	es-ar es-bo es-cl es-co es-cr es-do es-ec es-es es-gt es-hn es-mx es-ni es-pa es-pe es-pr es-py es-sv es-us es-uy es-ve es-xl
+ et	et-ee
+ fa	fa-fa fa-ir
+ fi	fi-fi
+diff --git a/errors/language.am b/errors/language.am
+index a437d17..f2fe463 100644
+--- a/errors/language.am
++++ b/errors/language.am
+@@ -19,7 +19,6 @@ LANGUAGE_FILES = \
+ 	de.lang \
+ 	el.lang \
+ 	en.lang \
+-	es-mx.lang \
+ 	es.lang \
+ 	et.lang \
+ 	fa.lang \

squid.service

@@ -8,11 +8,14 @@ Type=notify
 LimitNOFILE=16384
 PIDFile=/run/squid.pid
 EnvironmentFile=/etc/sysconfig/squid
-ExecStartPre=/usr/libexec/squid/cache_swap.sh
-ExecStart=/usr/sbin/squid --foreground $SQUID_OPTS -f ${SQUID_CONF}
-ExecReload=/usr/bin/kill -HUP $MAINPID
+ExecStartPre=!/usr/libexec/squid/cache_swap.sh
+ExecStart=!/usr/sbin/squid --foreground $SQUID_OPTS -f ${SQUID_CONF}
+ExecReload=!/usr/bin/kill -HUP $MAINPID
 KillMode=mixed
 NotifyAccess=all
+User=squid
+Group=squid
+RuntimeDirectory=squid
 
 [Install]
 WantedBy=multi-user.target

squid.spec

@@ -1,16 +1,17 @@
 %define __perl_requires %{SOURCE98}
+%define version_underscore %(echo %{version} | tr '.' '_')
 
 Name:     squid
-Version:  5.9
+Version:  7.3
 Release:  1%{?dist}
 Summary:  The Squid proxy caching server
 Epoch:    7
 # See CREDITS for breakdown of non GPLv2+ code
-License:  GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain)
+License:  GPL-2.0-or-later AND (LGPL-2.0-or-later AND MIT AND BSD-2-Clause AND BSD-3-Clause AND BSD-4-Clause AND BSD-4-Clause-UC AND LicenseRef-Fedora-Public-Domain AND Beerware)
 URL:      http://www.squid-cache.org
 
-Source0:  http://www.squid-cache.org/Versions/v5/squid-%{version}.tar.xz
-Source1:  http://www.squid-cache.org/Versions/v5/squid-%{version}.tar.xz.asc
+Source0:  https://github.com/squid-cache/squid/releases/download/SQUID_%{version_underscore}/squid-%{version}.tar.xz
+Source1:  https://github.com/squid-cache/squid/releases/download/SQUID_%{version_underscore}/squid-%{version}.tar.xz.asc
 Source2:  http://www.squid-cache.org/pgp.asc
 Source3:  squid.logrotate
 Source4:  squid.sysconfig
@@ -25,18 +26,17 @@ Source98: perl-requires-squid.sh
 # Upstream patches
 
 # Backported patches
-Patch101: squid-5.7-ip-bind-address-no-port.patch
+# Patch101: squid-7.1-.....patch
 
 # Local patches
 # Applying upstream patches first makes it less likely that local patches
 # will break upstream ones.
-Patch201: squid-4.0.11-config.patch
-Patch202: squid-3.1.0.9-location.patch
-Patch203: squid-3.0.STABLE1-perlpath.patch
-Patch204: squid-3.5.9-include-guards.patch
+Patch201: squid-6.1-config.patch
+Patch202: squid-6.1-location.patch
+Patch203: squid-6.1-perlpath.patch
 # revert this upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=1936422
 # workaround for #1934919
-Patch205: squid-5.0.5-symlink-lang-err.patch
+Patch204: squid-6.1-symlink-lang-err.patch
 
 # cache_swap.sh
 Requires: bash gawk
@@ -54,8 +54,6 @@ BuildRequires: openssl-devel
 BuildRequires: krb5-devel
 # time_quota requires TrivialDB
 BuildRequires: libtdb-devel
-# ESI support requires Expat & libxml2
-BuildRequires: expat-devel libxml2-devel
 # TPROXY requires libcap, and also increases security somewhat
 BuildRequires: libcap-devel
 # eCAP support
@@ -63,12 +61,13 @@ BuildRequires: libecap-devel
 #ip_user helper requires
 BuildRequires: gcc-c++
 BuildRequires: libtool libtool-ltdl-devel
+BuildRequires: libxcrypt-devel
 BuildRequires: perl-generators
 # For test suite
 BuildRequires: pkgconfig(cppunit)
 # For verifying downloded src tarball
 BuildRequires: gnupg2
-# for _tmpfilesdir and _unitdir macro
+# for _unitdir macro
 # see https://docs.fedoraproject.org/en-US/packaging-guidelines/Systemd/#_packaging
 BuildRequires: systemd-rpm-macros
 # systemd notify
@@ -82,7 +81,7 @@ Conflicts: NetworkManager < 1.20
 
 %description
 Squid is a high-performance proxy caching server for Web clients,
-supporting FTP, gopher, and HTTP data objects. Unlike traditional
+supporting FTP and HTTP data objects. Unlike traditional
 caching software, Squid handles all requests in a single,
 non-blocking, I/O-driven process. Squid keeps meta data and especially
 hot objects cached in RAM, caches DNS lookups, supports non-blocking
@@ -94,19 +93,8 @@ lookup program (dnsserver), a program for retrieving FTP data
 
 %prep
 %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
-%setup -q
 
-# Upstream patches
-
-# Backported patches
-%patch101 -p1 -b .ip-bind-address-no-port
-
-# Local patches
-%patch201 -p1 -b .config
-%patch202 -p1 -b .location
-%patch203 -p1 -b .perlpath
-%patch204 -p0 -b .include-guards
-%patch205 -p1 -R -b .symlink-lang-err
+%autosetup -p1
 
 # https://bugzilla.redhat.com/show_bug.cgi?id=1679526
 # Patch in the vendor documentation and used different location for documentation
@@ -126,8 +114,8 @@ sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented
    --enable-eui \
    --enable-follow-x-forwarded-for \
    --enable-auth \
-   --enable-auth-basic="DB,fake,getpwnam,LDAP,NCSA,PAM,POP3,RADIUS,SASL,SMB,SMB_LM" \
-   --enable-auth-ntlm="SMB_LM,fake" \
+   --enable-auth-basic="DB,fake,getpwnam,LDAP,NCSA,PAM,POP3,RADIUS,SASL,SMB" \
+   --enable-auth-ntlm="fake" \
    --enable-auth-digest="file,LDAP" \
    --enable-auth-negotiate="kerberos" \
    --enable-external-acl-helpers="LDAP_group,time_quota,session,unix_group,wbinfo_group,kerberos_ldap_group" \
@@ -149,7 +137,7 @@ sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented
    --enable-storeio="aufs,diskd,ufs,rock" \
    --enable-diskio \
    --enable-wccpv2 \
-   --enable-esi \
+   --disable-esi \
    --enable-ecap \
    --with-aio \
    --with-default-user="squid" \
@@ -159,12 +147,13 @@ sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented
    --disable-arch-native \
    --disable-security-cert-validators \
    --disable-strict-error-checking \
-   --with-swapdir=%{_localstatedir}/spool/squid
+   --with-swapdir=%{_localstatedir}/spool/squid \
+   --enable-translation
 
 # workaround to build squid v5
-mkdir -p src/icmp/tests
-mkdir -p tools/squidclient/tests
-mkdir -p tools/tests
+#mkdir -p src/icmp/tests
+#mkdir -p tools/squidclient/tests
+#mkdir -p tools/tests
 
 %make_build
 
@@ -205,17 +194,8 @@ install -m 644 $RPM_BUILD_ROOT/squid.httpd.tmp $RPM_BUILD_ROOT%{_sysconfdir}/htt
 install -m 755 %{SOURCE6} $RPM_BUILD_ROOT%{_prefix}/lib/NetworkManager/dispatcher.d/20-squid
 mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/squid
 mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/spool/squid
-mkdir -p $RPM_BUILD_ROOT/run/squid
 chmod 644 contrib/url-normalizer.pl contrib/user-agents.pl
 
-# install /usr/lib/tmpfiles.d/squid.conf
-mkdir -p ${RPM_BUILD_ROOT}%{_tmpfilesdir}
-cat > ${RPM_BUILD_ROOT}%{_tmpfilesdir}/squid.conf <<EOF
-# See tmpfiles.d(5) for details
-
-d /run/squid 0755 squid squid - -
-EOF
-
 # Move the MIB definition to the proper place (and name)
 mkdir -p $RPM_BUILD_ROOT/usr/share/snmp/mibs
 mv $RPM_BUILD_ROOT/usr/share/squid/mib.txt $RPM_BUILD_ROOT/usr/share/snmp/mibs/SQUID-MIB.txt
@@ -241,11 +221,9 @@ install -p -D -m 0644 %{SOURCE9} %{buildroot}%{_sysusersdir}/squid.conf
 %attr(755,root,root) %dir %{_libdir}/squid
 %attr(770,squid,root) %dir %{_localstatedir}/log/squid
 %attr(750,squid,squid) %dir %{_localstatedir}/spool/squid
-%attr(755,squid,squid) %dir /run/squid
 
 %config(noreplace) %attr(644,root,root) %{_sysconfdir}/httpd/conf.d/squid.conf
 %config(noreplace) %attr(640,root,squid) %{_sysconfdir}/squid/squid.conf
-%config(noreplace) %attr(644,root,squid) %{_sysconfdir}/squid/cachemgr.conf
 %config(noreplace) %{_sysconfdir}/squid/mime.conf
 %config(noreplace) %{_sysconfdir}/squid/errorpage.css
 %config(noreplace) %{_sysconfdir}/sysconfig/squid
@@ -253,7 +231,6 @@ install -p -D -m 0644 %{SOURCE9} %{buildroot}%{_sysusersdir}/squid.conf
 %config %{_sysconfdir}/squid/squid.conf.default
 %config %{_sysconfdir}/squid/mime.conf.default
 %config %{_sysconfdir}/squid/errorpage.css.default
-%config %{_sysconfdir}/squid/cachemgr.conf.default
 %config(noreplace) %{_sysconfdir}/pam.d/squid
 %config(noreplace) %{_sysconfdir}/logrotate.d/squid
 
@@ -262,13 +239,9 @@ install -p -D -m 0644 %{SOURCE9} %{buildroot}%{_sysusersdir}/squid.conf
 %{_prefix}/lib/NetworkManager
 %{_datadir}/squid/icons
 %{_sbindir}/squid
-%{_bindir}/squidclient
-%{_bindir}/purge
 %{_mandir}/man8/*
-%{_mandir}/man1/*
 %{_libdir}/squid/*
 %{_datadir}/snmp/mibs/SQUID-MIB.txt
-%{_tmpfilesdir}/squid.conf
 %{_sysusersdir}/squid.conf
 
 %pre
@@ -333,6 +306,108 @@ fi
 
 
 %changelog
+* Wed Oct 29 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:7.3-1
+- new version 7.3
+
+* Fri Oct 17 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:7.2-1
+- new version 7.2
+
+* Thu Sep 11 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:7.1-3
+- Support provider keys that require NULL digest
+
+* Thu Aug 14 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:7.1-1
+- new version 7.1
+- removed squidclient
+- removed purge
+- removed cachemgr.cgi
+- removed basic_smb_lm_auth and ntlm_smb_lm_auth helpers
+
+* Fri Jul 25 2025 Fedora Release Engineering <releng@fedoraproject.org> - 7:6.14-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
+
+* Mon Jul 21 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:6.14-1
+- new version 6.14
+
+* Wed Mar 12 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:6.13-2
+- Do not blame cache_peer for 4xx CONNECT responses
+
+* Tue Feb 04 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:6.13-1
+- new version 6.13
+
+* Sat Feb 01 2025 Björn Esser <besser82@fedoraproject.org> - 7:6.12-5
+- Add explicit BR: libxcrypt-devel
+
+* Sun Jan 19 2025 Fedora Release Engineering <releng@fedoraproject.org> - 7:6.12-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
+
+* Fri Nov 01 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:6.12-3
+- better error handling in cache_swap.sh
+- added RuntimeDirectory to systemd service file
+
+* Fri Nov 01 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:6.12-2
+- Disable ESI support since ESI support has been also removed from squid 7
+- Resolves: CVE-2024-45802 squid: Denial of Service processing ESI
+  response content
+
+* Wed Oct 23 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:6.12-1
+- new version 6.12
+- Fix TCP_MISS_ABORTED/100 erros when uploading
+
+* Fri Oct 11 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:6.11-2
+- ignore SP and HTAB chars after chunk-size
+
+* Wed Sep 25 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:6.11-1
+- new version 6.11
+
+* Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 7:6.10-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Mon Jul 01 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:6.10-1
+- new version 6.10
+- Resolves: #2294354 - CVE-2024-37894 squid: Out-of-bounds write error may
+  lead to Denial of Service
+
+* Tue Apr 16 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:6.9-1
+- Resolves: #2262715 - squid-6.9 is available
+
+* Sat Mar 09 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:6.8-1
+- new version 6.8
+
+* Mon Feb 12 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:6.7-1
+- new version 6.7
+- switch to autosetup
+- fix FTBFS when using gcc14
+
+* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 7:6.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Wed Dec 13 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 7:6.6-1
+- new version 6.6
+
+* Tue Nov 07 2023 Luboš Uhliarik <luhliari@redhat.com> - 7:6.5-1
+- new version 6.5
+
+* Tue Oct 24 2023 Luboš Uhliarik <luhliari@redhat.com> - 7:6.4-1
+- new version 6.4
+
+* Thu Sep 14 2023 Luboš Uhliarik <luhliari@redhat.com> - 7:6.3-2
+- SPDX migration
+
+* Tue Sep 05 2023 Luboš Uhliarik <luhliari@redhat.com> - 7:6.3-1
+- new version 6.3
+
+* Wed Aug 16 2023 Luboš Uhliarik <luhliari@redhat.com> - 7:6.2-1
+- new version 6.2
+
+* Fri Aug 04 2023 Luboš Uhliarik <luhliari@redhat.com> - 7:6.1-3
+- Fix "!commHasHalfClosedMonitor(fd)" assertion
+
+* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 7:6.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Tue Jul 11 2023 Luboš Uhliarik <luhliari@redhat.com> - 7:6.1-1
+- new version 6.1
+
 * Tue May 09 2023 Luboš Uhliarik <luhliari@redhat.com> - 7:5.9-1
 - new version 5.9