Compare commits

..

4 commits

Author SHA1 Message Date
Luboš Uhliarik
1951e3cb10 new version 4.0.23 2018-01-23 17:00:16 +01:00
Luboš Uhliarik
3080fc6d6f Resolves: #1481195 - squid loses some REs when optimising ACLs 2017-11-20 17:36:52 +01:00
Luboš Uhliarik
7075baab17 Resolves: #1481195 - squid loses some REs when optimising ACLs 2017-11-20 17:04:52 +01:00
Luboš Uhliarik
d9355799d7 new version 4.0.21 2017-08-08 10:09:14 +02:00
19 changed files with 461 additions and 511 deletions

View file

@ -1 +0,0 @@
1

4
.gitignore vendored
View file

@ -1,2 +1,4 @@
/*.asc
/*.xz
/*.xz
/squid-3.3-12542.patch
/squid-3.4.4-1.fc21.src.rpm

View file

@ -0,0 +1,49 @@
From 9c35377eaeebf366b3fbc65ddf19cce50551ad68 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Mon, 15 Feb 2016 18:39:45 +0100
Subject: [PATCH] cppunit-config no longer exists, use pkg-config
---
configure.ac | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/configure.ac b/configure.ac
index 981337d..2e663de 100644
--- a/configure.ac
+++ b/configure.ac
@@ -123,7 +123,6 @@ AC_PATH_PROG(LN, ln, cp)
AC_PATH_PROG(CHMOD, chmod, $FALSE)
AC_PATH_PROG(TR, tr, $FALSE)
AC_PATH_PROG(RM, rm, $FALSE)
-AC_PATH_PROG(CPPUNITCONFIG, cppunit-config, false)
dnl Libtool 2.2.6 requires: rm -f
RM="$RM -f"
@@ -2728,19 +2727,18 @@ SQUID_DEFINE_BOOL(X_ACCELERATOR_VARY,${enable_x_accelerator_vary:=no},
AC_MSG_NOTICE([X-Accelerator-Vary support enabled: $enable_x_accelerator_vary])
-if $CPPUNITCONFIG --help >/dev/null; then
- squid_cv_cppunit_version="`$CPPUNITCONFIG --version`"
+PKG_CHECK_MODULES([SQUID_CPPUNIT], [cppunit], [
+ squid_cv_cppunit_version="`$PKG_CONFIG --modversion cppunit`"
AC_MSG_NOTICE([using system installed cppunit version $squid_cv_cppunit_version])
unset squid_cv_cppunit_version
- SQUID_CPPUNIT_LIBS="`$CPPUNITCONFIG --libs`"
SQUID_CPPUNIT_LA=''
- SQUID_CPPUNIT_INC="`$CPPUNITCONFIG --cflags`"
-else
+ SQUID_CPPUNIT_INC="$SQUID_CPPUNIT_CFLAGS"
+], [
AC_MSG_WARN([cppunit does not appear to be installed. squid does not require this, but code testing with 'make check' will fail.])
SQUID_CPPUNIT_LA=''
SQUID_CPPUNIT_LIBS=''
SQUID_CPPUNIT_INC=''
-fi
+])
AC_ARG_WITH(cppunit-basedir,
AS_HELP_STRING([--with-cppunit-basedir=PATH],
--
2.5.0

View file

@ -5,20 +5,12 @@ fi
SQUID_CONF=${SQUID_CONF:-"/etc/squid/squid.conf"}
CACHE_SWAP=`awk '/^[[:blank:]]*cache_dir/ { print $3 }' "$SQUID_CONF"`
CACHE_SWAP=`sed -e 's/#.*//g' $SQUID_CONF | \
grep cache_dir | awk '{ print $3 }'`
init_cache_dirs=0
for adir in $CACHE_SWAP; do
if [ ! -d $adir/00 ]; then
echo -n "init_cache_dir $adir... "
init_cache_dirs=1
squid -N -z -F -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
fi
done
if [ $init_cache_dirs -ne 0 ]; then
echo ""
if ! squid --foreground -z -f "$SQUID_CONF" >> /var/log/squid/squid.out 2>&1; then
echo "init_cache_dir failed, see /var/log/squid/squid.out for more information"
exit 1
fi
fi

View file

@ -1,16 +0,0 @@
--- !Policy
product_versions:
- fedora-*
decision_contexts: [bodhi_update_push_testing]
subject_type: koji_build
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
#gating rawhide
--- !Policy
product_versions:
- fedora-*
decision_contexts: [bodhi_update_push_stable]
subject_type: koji_build
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}

View file

@ -1,6 +0,0 @@
summary: Test plan with all beakerlib tests
discover:
how: fmf
url: https://src.fedoraproject.org/tests/squid.git
execute:
how: tmt

View file

@ -1,3 +1,2 @@
SHA512 (squid-7.3.tar.xz) = ad6bbe518d79d079f7fe5d1ee9ae7a3f49b28ba75afdb1f0db16675e1e4127be2bc30dd246b00576f29e987c08c41dbff50c8227166ae3955c460ff837a89e2b
SHA512 (squid-7.3.tar.xz.asc) = c6774627e0408d1feed5a00489ca95467f001261b201b82c3ab9c450856fe5ad27e50d43db7a2afe2aaff88930981f783315a1b764cac5619543852e93338273
SHA512 (pgp.asc) = b1e1dd5ead34711f064a12a324b2f156ad4835330d861eae4032926b8a6cd07c0eacc76f52518d47ed5a8ead4695f5abd02f2b4190af8e7833bd3ea31453569d
SHA512 (squid-4.0.23.tar.xz) = 30d59f7ec8effae53603d7e33536baa27a523b34f8865463cb4d7c8496f485e53dd21d1cb40cda52963d29cffad70dc95f314c6c204085beb7f3a91266b3c72a
SHA512 (squid-4.0.23.tar.xz.asc) = c6e524221dd2e4987cd35c23e0a28ee1736e5fffb8f7edd0d2b3ddec8dcd8a330c34ea798ae77356bb8c5c16a7a9942775612e9d3b37cd880fbd9ead67ccdd10

View file

@ -1,10 +1,10 @@
diff --git a/contrib/url-normalizer.pl b/contrib/url-normalizer.pl
index e965e9e..ed5ffcb 100755
index 90ac6a4..8dbed90 100755
--- a/contrib/url-normalizer.pl
+++ b/contrib/url-normalizer.pl
@@ -1,4 +1,4 @@
-#!/usr/local/bin/perl -Tw
+#!/usr/bin/perl -Tw
#
# * Copyright (C) 1996-2025 The Squid Software Foundation and contributors
# * Copyright (C) 1996-2018 The Squid Software Foundation and contributors
# *

View file

@ -0,0 +1,95 @@
------------------------------------------------------------
revno: 14311
revision-id: squid3@treenet.co.nz-20150924130537-lqwzd1z99a3l9gt4
parent: squid3@treenet.co.nz-20150924032241-6cx3g6hwz9xfoybr
------------------------------------------------------------
revno: 14311
revision-id: squid3@treenet.co.nz-20150924130537-lqwzd1z99a3l9gt4
parent: squid3@treenet.co.nz-20150924032241-6cx3g6hwz9xfoybr
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4323
author: Francesco Chemolli <kinkie@squid-cache.org>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: trunk
timestamp: Thu 2015-09-24 06:05:37 -0700
message:
Bug 4323: Netfilter broken cross-includes with Linux 4.2
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20150924130537-lqwzd1z99a3l9gt4
# target_branch: http://bzr.squid-cache.org/bzr/squid3/trunk/
# testament_sha1: c67cfca81040f3845d7c4caf2f40518511f14d0b
# timestamp: 2015-09-24 13:06:33 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/trunk
# base_revision_id: squid3@treenet.co.nz-20150924032241-\
# 6cx3g6hwz9xfoybr
#
# Begin patch
=== modified file 'compat/os/linux.h'
--- compat/os/linux.h 2015-01-13 07:25:36 +0000
+++ compat/os/linux.h 2015-09-24 13:05:37 +0000
@@ -30,6 +30,21 @@
#endif
/*
+ * Netfilter header madness. (see Bug 4323)
+ *
+ * Netfilter have a history of defining their own versions of network protocol
+ * primitives without sufficient protection against the POSIX defines which are
+ * aways present in Linux.
+ *
+ * netinet/in.h must be included before any other sys header in order to properly
+ * activate include guards in <linux/libc-compat.h> the kernel maintainers added
+ * to workaround it.
+ */
+#if HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+/*
* sys/capability.h is only needed in Linux apparently.
*
* HACK: LIBCAP_BROKEN Ugly glue to get around linux header madness colliding with glibc
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4323
author: Francesco Chemolli <kinkie@squid-cache.org>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: trunk
timestamp: Thu 2015-09-24 06:05:37 -0700
message:
Bug 4323: Netfilter broken cross-includes with Linux 4.2
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20150924130537-lqwzd1z99a3l9gt4
# target_branch: http://bzr.squid-cache.org/bzr/squid3/trunk/
# testament_sha1: c67cfca81040f3845d7c4caf2f40518511f14d0b
# timestamp: 2015-09-24 13:06:33 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/trunk
# base_revision_id: squid3@treenet.co.nz-20150924032241-\
# 6cx3g6hwz9xfoybr
#
# Begin patch
=== modified file 'compat/os/linux.h'
--- compat/os/linux.h 2015-01-13 07:25:36 +0000
+++ compat/os/linux.h 2015-09-24 13:05:37 +0000
@@ -30,6 +30,21 @@
#endif
/*
+ * Netfilter header madness. (see Bug 4323)
+ *
+ * Netfilter have a history of defining their own versions of network protocol
+ * primitives without sufficient protection against the POSIX defines which are
+ * aways present in Linux.
+ *
+ * netinet/in.h must be included before any other sys header in order to properly
+ * activate include guards in <linux/libc-compat.h> the kernel maintainers added
+ * to workaround it.
+ */
+#if HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+/*
* sys/capability.h is only needed in Linux apparently.
*
* HACK: LIBCAP_BROKEN Ugly glue to get around linux header madness colliding with glibc

View file

@ -1,8 +1,7 @@
diff --git a/src/cf.data.pre b/src/cf.data.pre
index 44aa34d..12225bc 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -5453,7 +5453,7 @@ DOC_END
diff -up squid-4.0.11/src/cf.data.pre.config squid-4.0.11/src/cf.data.pre
--- squid-4.0.11/src/cf.data.pre.config 2016-06-09 22:32:57.000000000 +0200
+++ squid-4.0.11/src/cf.data.pre 2016-07-11 21:08:35.090976840 +0200
@@ -4658,7 +4658,7 @@ DOC_END
NAME: logfile_rotate
TYPE: int
@ -11,7 +10,7 @@ index 44aa34d..12225bc 100644
LOC: Config.Log.rotateNumber
DOC_START
Specifies the default number of logfile rotations to make when you
@@ -7447,11 +7447,11 @@ COMMENT_END
@@ -6444,11 +6444,11 @@ COMMENT_END
NAME: cache_mgr
TYPE: string

View file

@ -0,0 +1,178 @@
diff --git a/src/acl/RegexData.cc b/src/acl/RegexData.cc
index 01a4c12..b5c1679 100644
--- a/src/acl/RegexData.cc
+++ b/src/acl/RegexData.cc
@@ -22,6 +22,7 @@
#include "ConfigParser.h"
#include "Debug.h"
#include "sbuf/List.h"
+#include "sbuf/Algorithms.h"
ACLRegexData::~ACLRegexData()
{
@@ -129,6 +130,18 @@ compileRE(std::list<RegexPattern> &curlist, const char * RE, int flags)
return true;
}
+static bool
+compileRE(std::list<RegexPattern> &curlist, const SBufList &RE, int flags)
+{
+ if (RE.empty())
+ return curlist.empty(); // XXX: old code did this. It looks wrong.
+ SBuf regexp;
+ static const SBuf openparen("("), closeparen(")"), separator(")|(");
+ JoinContainerIntoSBuf(regexp, RE.begin(), RE.end(), separator, openparen,
+ closeparen);
+ return compileRE(curlist, regexp.c_str(), flags);
+}
+
/** Compose and compile one large RE from a set of (small) REs.
* The ultimate goal is to have only one RE per ACL so that match() is
* called only once per ACL.
@@ -137,16 +150,11 @@ static int
compileOptimisedREs(std::list<RegexPattern> &curlist, const SBufList &sl)
{
std::list<RegexPattern> newlist;
- int numREs = 0;
+ SBufList accumulatedRE;
+ int numREs = 0, reSize = 0;
int flags = REG_EXTENDED | REG_NOSUB;
- int largeREindex = 0;
- char largeRE[BUFSIZ];
- *largeRE = 0;
for (const SBuf & configurationLineWord : sl) {
- int RElen;
- RElen = configurationLineWord.length();
-
static const SBuf minus_i("-i");
static const SBuf plus_i("+i");
if (configurationLineWord == minus_i) {
@@ -155,10 +163,11 @@ compileOptimisedREs(std::list<RegexPattern> &curlist, const SBufList &sl)
debugs(28, 2, "optimisation of -i ... -i" );
} else {
debugs(28, 2, "-i" );
- if (!compileRE(newlist, largeRE, flags))
+ if (!compileRE(newlist, accumulatedRE, flags))
return 0;
flags |= REG_ICASE;
- largeRE[largeREindex=0] = '\0';
+ accumulatedRE.clear();
+ reSize = 0;
}
} else if (configurationLineWord == plus_i) {
if ((flags & REG_ICASE) == 0) {
@@ -166,37 +175,34 @@ compileOptimisedREs(std::list<RegexPattern> &curlist, const SBufList &sl)
debugs(28, 2, "optimisation of +i ... +i");
} else {
debugs(28, 2, "+i");
- if (!compileRE(newlist, largeRE, flags))
+ if (!compileRE(newlist, accumulatedRE, flags))
return 0;
flags &= ~REG_ICASE;
- largeRE[largeREindex=0] = '\0';
+ accumulatedRE.clear();
+ reSize = 0;
}
- } else if (RElen + largeREindex + 3 < BUFSIZ-1) {
+ } else if (reSize < 1024) {
debugs(28, 2, "adding RE '" << configurationLineWord << "'");
- if (largeREindex > 0) {
- largeRE[largeREindex] = '|';
- ++largeREindex;
- }
- largeRE[largeREindex] = '(';
- ++largeREindex;
- configurationLineWord.copy(largeRE+largeREindex, BUFSIZ-largeREindex);
- largeREindex += configurationLineWord.length();
- largeRE[largeREindex] = ')';
- ++largeREindex;
- largeRE[largeREindex] = '\0';
+ accumulatedRE.push_back(configurationLineWord);
++numREs;
+ reSize += configurationLineWord.length();
} else {
debugs(28, 2, "buffer full, generating new optimised RE..." );
- if (!compileRE(newlist, largeRE, flags))
+ accumulatedRE.push_back(configurationLineWord);
+ if (!compileRE(newlist, accumulatedRE, flags))
return 0;
- largeRE[largeREindex=0] = '\0';
+ accumulatedRE.clear();
+ reSize = 0;
continue; /* do the loop again to add the RE to largeRE */
}
}
- if (!compileRE(newlist, largeRE, flags))
+ if (!compileRE(newlist, accumulatedRE, flags))
return 0;
+ accumulatedRE.clear();
+ reSize = 0;
+
/* all was successful, so put the new list at the tail */
curlist.splice(curlist.end(), newlist);
diff --git a/src/sbuf/Algorithms.h b/src/sbuf/Algorithms.h
index 21ee889..338e9c0 100644
--- a/src/sbuf/Algorithms.h
+++ b/src/sbuf/Algorithms.h
@@ -81,6 +81,57 @@ SBufContainerJoin(const Container &items, const SBuf& separator)
return rv;
}
+/** Join container of SBufs and append to supplied target
+ *
+ * append to the target SBuf all elements in the [begin,end) range from
+ * an iterable container, prefixed by prefix, separated by separator and
+ * followed by suffix. Prefix and suffix are added also in case of empty
+ * iterable
+ *
+ * \return the modified dest
+ */
+template <class ContainerIterator>
+SBuf&
+JoinContainerIntoSBuf(SBuf &dest, const ContainerIterator &begin,
+ const ContainerIterator &end, const SBuf& separator,
+ const SBuf& prefix = SBuf(), const SBuf& suffix = SBuf())
+{
+ if (begin == end) {
+ dest.append(prefix).append(suffix);
+ return dest;
+ }
+
+ // optimization: pre-calculate needed storage
+ const SBuf::size_type totalContainerSize =
+ std::accumulate(begin, end, 0, SBufAddLength(separator)) +
+ dest.length() + prefix.length() + suffix.length();
+ SBufReservationRequirements req;
+ req.minSpace = totalContainerSize;
+ dest.reserve(req);
+
+ auto i = begin;
+ dest.append(prefix);
+ dest.append(*i);
+ ++i;
+ for (; i != end; ++i)
+ dest.append(separator).append(*i);
+ dest.append(suffix);
+ return dest;
+}
+
+
+/// convenience wrapper of JoinContainerIntoSBuf with no caller-supplied SBuf
+template <class ContainerIterator>
+SBuf
+JoinContainerToSBuf(const ContainerIterator &begin,
+ const ContainerIterator &end, const SBuf& separator,
+ const SBuf& prefix = SBuf(), const SBuf& suffix = SBuf())
+{
+ SBuf rv;
+ return JoinContainerIntoSBuf(rv, begin, end, separator, prefix, suffix);
+}
+
+
namespace std {
/// default hash functor to support std::unordered_map<SBuf,*>
template <>

View file

@ -1,26 +0,0 @@
diff --git a/errors/aliases b/errors/aliases
index c256106..38c123a 100644
--- a/errors/aliases
+++ b/errors/aliases
@@ -14,8 +14,7 @@ da da-dk
de de-at de-ch de-de de-li de-lu
el el-gr
en en-au en-bz en-ca en-cn en-gb en-ie en-in en-jm en-nz en-ph en-sg en-tt en-uk en-us en-za en-zw
-es es-ar es-bo es-cl es-cu es-co es-do es-ec es-es es-pe es-pr es-py es-us es-uy es-ve es-xl spq
-es-mx es-bz es-cr es-gt es-hn es-ni es-pa es-sv
+es es-ar es-bo es-cl es-co es-cr es-do es-ec es-es es-gt es-hn es-mx es-ni es-pa es-pe es-pr es-py es-sv es-us es-uy es-ve es-xl
et et-ee
fa fa-fa fa-ir
fi fi-fi
diff --git a/errors/language.am b/errors/language.am
index a437d17..f2fe463 100644
--- a/errors/language.am
+++ b/errors/language.am
@@ -19,7 +19,6 @@ LANGUAGE_FILES = \
de.lang \
el.lang \
en.lang \
- es-mx.lang \
es.lang \
et.lang \
fa.lang \

View file

@ -2,7 +2,6 @@
weekly
rotate 5
compress
delaycompress
notifempty
missingok
nocreate
@ -11,5 +10,7 @@
# Asks squid to reopen its logs. (logfile_rotate 0 is set in squid.conf)
# errors redirected to make it silent if squid is not running
/usr/sbin/squid -k rotate 2>/dev/null
# Wait a little to allow Squid to catch up before the logs is compressed
sleep 1
endscript
}

View file

@ -2,6 +2,6 @@
case "$2" in
up|down|vpn-up|vpn-down)
/usr/bin/systemctl -q reload squid.service || :
/bin/systemctl -q reload squid.service || :
;;
esac

View file

@ -1,21 +1,16 @@
[Unit]
Description=Squid caching proxy
Documentation=man:squid(8)
After=network.target network-online.target nss-lookup.target
After=network.target nss-lookup.target
[Service]
Type=notify
Type=forking
LimitNOFILE=16384
PIDFile=/run/squid.pid
EnvironmentFile=/etc/sysconfig/squid
ExecStartPre=!/usr/libexec/squid/cache_swap.sh
ExecStart=!/usr/sbin/squid --foreground $SQUID_OPTS -f ${SQUID_CONF}
ExecReload=!/usr/bin/kill -HUP $MAINPID
KillMode=mixed
NotifyAccess=all
User=squid
Group=squid
RuntimeDirectory=squid
ExecStartPre=/usr/libexec/squid/cache_swap.sh
ExecStart=/usr/sbin/squid $SQUID_OPTS -f $SQUID_CONF
ExecReload=/usr/sbin/squid $SQUID_OPTS -k reconfigure -f $SQUID_CONF
ExecStop=/usr/sbin/squid -k shutdown -f $SQUID_CONF
TimeoutSec=0
[Install]
WantedBy=multi-user.target

View file

@ -1,50 +1,47 @@
%define __perl_requires %{SOURCE98}
%define version_underscore %(echo %{version} | tr '.' '_')
Name: squid
Version: 7.3
Version: 4.0.23
Release: 1%{?dist}
Summary: The Squid proxy caching server
Epoch: 7
# See CREDITS for breakdown of non GPLv2+ code
License: GPL-2.0-or-later AND (LGPL-2.0-or-later AND MIT AND BSD-2-Clause AND BSD-3-Clause AND BSD-4-Clause AND BSD-4-Clause-UC AND LicenseRef-Fedora-Public-Domain AND Beerware)
License: GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain)
Group: System Environment/Daemons
URL: http://www.squid-cache.org
Source0: https://github.com/squid-cache/squid/releases/download/SQUID_%{version_underscore}/squid-%{version}.tar.xz
Source1: https://github.com/squid-cache/squid/releases/download/SQUID_%{version_underscore}/squid-%{version}.tar.xz.asc
Source2: http://www.squid-cache.org/pgp.asc
Source3: squid.logrotate
Source4: squid.sysconfig
Source5: squid.pam
Source6: squid.nm
Source7: squid.service
Source8: cache_swap.sh
Source9: squid.sysusers
Source0: http://www.squid-cache.org/Versions/v4/squid-%{version}.tar.xz
Source1: http://www.squid-cache.org/Versions/v4/squid-%{version}.tar.xz.asc
Source2: squid.logrotate
Source3: squid.sysconfig
Source4: squid.pam
Source5: squid.nm
Source6: squid.service
Source7: cache_swap.sh
Source98: perl-requires-squid.sh
# Upstream patches
# Backported patches
# Patch101: squid-7.1-.....patch
# Local patches
# Applying upstream patches first makes it less likely that local patches
# will break upstream ones.
Patch201: squid-6.1-config.patch
Patch202: squid-6.1-location.patch
Patch203: squid-6.1-perlpath.patch
# revert this upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=1936422
# workaround for #1934919
Patch204: squid-6.1-symlink-lang-err.patch
# cache_swap.sh
Requires: bash gawk
# for httpd conf file - cachemgr script alias
Requires: httpd-filesystem
Patch201: squid-4.0.11-config.patch
Patch202: squid-3.1.0.9-location.patch
Patch203: squid-3.0.STABLE1-perlpath.patch
Patch204: squid-3.5.9-include-guards.patch
Patch205: squid-4.0.21-large-acl.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: bash >= 2.0
Requires(pre): shadow-utils
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
# squid_ldap_auth and other LDAP helpers require OpenLDAP
BuildRequires: make
BuildRequires: openldap-devel
# squid_pam_auth requires PAM development libs
BuildRequires: pam-devel
@ -52,36 +49,28 @@ BuildRequires: pam-devel
BuildRequires: openssl-devel
# squid_kerb_aut requires Kerberos development libs
BuildRequires: krb5-devel
# time_quota requires TrivialDB
BuildRequires: libtdb-devel
# squid_session_auth requires DB4
BuildRequires: libdb4-devel
# time_quota requires DB
BuildRequires: libdb-devel
# ESI support requires Expat & libxml2
BuildRequires: expat-devel libxml2-devel
# TPROXY requires libcap, and also increases security somewhat
BuildRequires: libcap-devel
# eCAP support
BuildRequires: libecap-devel
#ip_user helper requires
BuildRequires: gcc-c++
#
BuildRequires: libtool libtool-ltdl-devel
BuildRequires: libxcrypt-devel
BuildRequires: perl-generators
# For test suite
BuildRequires: pkgconfig(cppunit)
# For verifying downloded src tarball
BuildRequires: gnupg2
# for _unitdir macro
# see https://docs.fedoraproject.org/en-US/packaging-guidelines/Systemd/#_packaging
BuildRequires: systemd-rpm-macros
# systemd notify
BuildRequires: systemd-devel
%{?systemd_requires}
%{?sysusers_requires_compat}
# Old NetworkManager expects the dispatcher scripts in a different place
Conflicts: NetworkManager < 1.20
BuildRequires: autoconf
%description
Squid is a high-performance proxy caching server for Web clients,
supporting FTP and HTTP data objects. Unlike traditional
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
@ -92,30 +81,42 @@ lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.
%prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%setup -q
%autosetup -p1
# Upstream patches
# https://bugzilla.redhat.com/show_bug.cgi?id=1679526
# Patch in the vendor documentation and used different location for documentation
sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented|' src/squid.8.in
# Backported patches
# Local patches
%patch201 -p1 -b .config
%patch202 -p1 -b .location
%patch203 -p1 -b .perlpath
%patch204 -p0 -b .include-guards
%patch205 -p1 -b .large_acl
%build
# cppunit-config patch changes configure.ac
autoconf
# libtool fails somewhat on -fpie. PIC also works for -pie
CXXFLAGS="$RPM_OPT_FLAGS -fPIC"
CFLAGS="$RPM_OPT_FLAGS -fPIC"
LDFLAGS="$RPM_LD_FLAGS -pie -Wl,-z,relro -Wl,-z,now -Wl,--warn-shared-textrel"
# NIS helper has been removed because of the following bug
# https://bugzilla.redhat.com/show_bug.cgi?id=1531540
%configure \
--exec_prefix=%{_prefix} \
--libexecdir=%{_libdir}/squid \
--localstatedir=%{_localstatedir} \
--datadir=%{_datadir}/squid \
--sysconfdir=%{_sysconfdir}/squid \
--with-logdir='%{_localstatedir}/log/squid' \
--with-pidfile='/run/squid.pid' \
--with-pidfile='%{_localstatedir}/run/squid.pid' \
--disable-dependency-tracking \
--enable-eui \
--enable-follow-x-forwarded-for \
--enable-auth \
--enable-auth-basic="DB,fake,getpwnam,LDAP,NCSA,PAM,POP3,RADIUS,SASL,SMB" \
--enable-auth-ntlm="fake" \
--enable-auth-basic="DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,SMB_LM" \
--enable-auth-ntlm="SMB_LM,fake" \
--enable-auth-digest="file,LDAP" \
--enable-auth-negotiate="kerberos" \
--enable-external-acl-helpers="LDAP_group,time_quota,session,unix_group,wbinfo_group,kerberos_ldap_group" \
@ -129,6 +130,9 @@ sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented
%ifnarch %{power64} ia64 x86_64 s390x aarch64
--with-large-files \
%endif
%ifarch %{arm}
--disable-strict-error-checking \
%endif
--enable-linux-netfilter \
--enable-removal-policies="heap,lru" \
--enable-snmp \
@ -137,7 +141,7 @@ sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented
--enable-storeio="aufs,diskd,ufs,rock" \
--enable-diskio \
--enable-wccpv2 \
--disable-esi \
--enable-esi \
--enable-ecap \
--with-aio \
--with-default-user="squid" \
@ -145,24 +149,20 @@ sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented
--with-openssl \
--with-pthreads \
--disable-arch-native \
--disable-security-cert-validators \
--disable-strict-error-checking \
--with-swapdir=%{_localstatedir}/spool/squid \
--enable-translation
--with-pic
# workaround to build squid v5
#mkdir -p src/icmp/tests
#mkdir -p tools/squidclient/tests
#mkdir -p tools/tests
%make_build
make \
DEFAULT_SWAP_DIR=%{_localstatedir}/spool/squid \
%{?_smp_mflags}
%check
make check
%install
%make_install
rm -rf $RPM_BUILD_ROOT
make \
DESTDIR=$RPM_BUILD_ROOT \
install
echo "
#
# This is %{_sysconfdir}/httpd/conf.d/squid.conf
@ -178,23 +178,35 @@ ScriptAlias /Squid/cgi-bin/cachemgr.cgi %{_libdir}/squid/cachemgr.cgi
</Location>" > $RPM_BUILD_ROOT/squid.httpd.tmp
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pam.d
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/
mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/NetworkManager/dispatcher.d
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d
mkdir -p $RPM_BUILD_ROOT%{_unitdir}
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/squid
install -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/squid
install -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/squid
install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/squid
install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_unitdir}
install -m 755 %{SOURCE8} $RPM_BUILD_ROOT%{_libexecdir}/squid
install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/squid
install -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/squid
install -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/squid
install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_unitdir}
install -m 755 %{SOURCE7} $RPM_BUILD_ROOT%{_libexecdir}/squid
install -m 644 $RPM_BUILD_ROOT/squid.httpd.tmp $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/squid.conf
install -m 755 %{SOURCE6} $RPM_BUILD_ROOT%{_prefix}/lib/NetworkManager/dispatcher.d/20-squid
install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d/20-squid
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/squid
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/spool/squid
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/squid
chmod 644 contrib/url-normalizer.pl contrib/user-agents.pl
iconv -f ISO88591 -t UTF8 ChangeLog -o ChangeLog.tmp
mv -f ChangeLog.tmp ChangeLog
# install /usr/lib/tmpfiles.d/squid.conf
mkdir -p ${RPM_BUILD_ROOT}%{_tmpfilesdir}
cat > ${RPM_BUILD_ROOT}%{_tmpfilesdir}/squid.conf <<EOF
# See tmpfiles.d(5) for details
d /run/squid 0755 squid squid - -
EOF
# Move the MIB definition to the proper place (and name)
mkdir -p $RPM_BUILD_ROOT/usr/share/snmp/mibs
@ -204,12 +216,14 @@ mv $RPM_BUILD_ROOT/usr/share/squid/mib.txt $RPM_BUILD_ROOT/usr/share/snmp/mibs/S
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/squid/squid.conf.documented
# remove unpackaged files from the buildroot
rm -f $RPM_BUILD_ROOT%{_bindir}/{RunAccel,RunCache}
rm -f $RPM_BUILD_ROOT/squid.httpd.tmp
# sysusers.d
install -p -D -m 0644 %{SOURCE9} %{buildroot}%{_sysusersdir}/squid.conf
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root,-)
%license COPYING
%doc CONTRIBUTORS README ChangeLog QUICKSTART src/squid.conf.documented
%doc contrib/url-normalizer.pl contrib/user-agents.pl
@ -219,11 +233,13 @@ install -p -D -m 0644 %{SOURCE9} %{buildroot}%{_sysusersdir}/squid.conf
%attr(755,root,root) %{_libexecdir}/squid/cache_swap.sh
%attr(755,root,root) %dir %{_sysconfdir}/squid
%attr(755,root,root) %dir %{_libdir}/squid
%attr(770,squid,root) %dir %{_localstatedir}/log/squid
%attr(750,squid,squid) %dir %{_localstatedir}/log/squid
%attr(750,squid,squid) %dir %{_localstatedir}/spool/squid
%attr(755,squid,squid) %dir %{_localstatedir}/run/squid
%config(noreplace) %attr(644,root,root) %{_sysconfdir}/httpd/conf.d/squid.conf
%config(noreplace) %attr(640,root,squid) %{_sysconfdir}/squid/squid.conf
%config(noreplace) %attr(644,root,squid) %{_sysconfdir}/squid/cachemgr.conf
%config(noreplace) %{_sysconfdir}/squid/mime.conf
%config(noreplace) %{_sysconfdir}/squid/errorpage.css
%config(noreplace) %{_sysconfdir}/sysconfig/squid
@ -231,21 +247,31 @@ install -p -D -m 0644 %{SOURCE9} %{buildroot}%{_sysusersdir}/squid.conf
%config %{_sysconfdir}/squid/squid.conf.default
%config %{_sysconfdir}/squid/mime.conf.default
%config %{_sysconfdir}/squid/errorpage.css.default
%config %{_sysconfdir}/squid/cachemgr.conf.default
%config(noreplace) %{_sysconfdir}/pam.d/squid
%config(noreplace) %{_sysconfdir}/logrotate.d/squid
%dir %{_datadir}/squid
%attr(-,root,root) %{_datadir}/squid/errors
%{_prefix}/lib/NetworkManager
%attr(755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/20-squid
%{_datadir}/squid/icons
%{_sbindir}/squid
%{_bindir}/squidclient
%{_bindir}/purge
%{_mandir}/man8/*
%{_mandir}/man1/*
%{_libdir}/squid/*
%{_datadir}/snmp/mibs/SQUID-MIB.txt
%{_sysusersdir}/squid.conf
%{_tmpfilesdir}/squid.conf
%pre
%sysusers_create_compat %{SOURCE9}
if ! getent group squid >/dev/null 2>&1; then
/usr/sbin/groupadd -g 23 squid
fi
if ! getent passwd squid >/dev/null 2>&1 ; then
/usr/sbin/useradd -g 23 -u 23 -d /var/spool/squid -r -s /sbin/nologin squid >/dev/null 2>&1 || exit 1
fi
for i in /var/log/squid /var/spool/squid ; do
if [ -d $i ] ; then
@ -257,37 +283,6 @@ done
exit 0
%pretrans -p <lua>
-- temporarilly commented until https://bugzilla.redhat.com/show_bug.cgi?id=1936422 is resolved
--
-- previously /usr/share/squid/errors/es-mx was symlink, now it is directory since squid v5
-- see https://docs.fedoraproject.org/en-US/packaging-guidelines/Directory_Replacement/
-- Define the path to the symlink being replaced below.
--
-- path = "/usr/share/squid/errors/es-mx"
-- st = posix.stat(path)
-- if st and st.type == "link" then
-- os.remove(path)
-- end
-- Due to a bug #447156
paths = {"/usr/share/squid/errors/zh-cn", "/usr/share/squid/errors/zh-tw"}
for key,path in ipairs(paths)
do
st = posix.stat(path)
if st and st.type == "directory" then
status = os.rename(path, path .. ".rpmmoved")
if not status then
suffix = 0
while not status do
suffix = suffix + 1
status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
end
os.rename(path, path .. ".rpmmoved")
end
end
end
%post
%systemd_post squid.service
@ -306,323 +301,15 @@ fi
%changelog
* Wed Oct 29 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:7.3-1
- new version 7.3
* Fri Oct 17 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:7.2-1
- new version 7.2
* Thu Sep 11 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:7.1-3
- Support provider keys that require NULL digest
* Thu Aug 14 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:7.1-1
- new version 7.1
- removed squidclient
- removed purge
- removed cachemgr.cgi
- removed basic_smb_lm_auth and ntlm_smb_lm_auth helpers
* Fri Jul 25 2025 Fedora Release Engineering <releng@fedoraproject.org> - 7:6.14-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Mon Jul 21 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:6.14-1
- new version 6.14
* Wed Mar 12 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:6.13-2
- Do not blame cache_peer for 4xx CONNECT responses
* Tue Feb 04 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:6.13-1
- new version 6.13
* Sat Feb 01 2025 Björn Esser <besser82@fedoraproject.org> - 7:6.12-5
- Add explicit BR: libxcrypt-devel
* Sun Jan 19 2025 Fedora Release Engineering <releng@fedoraproject.org> - 7:6.12-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Nov 01 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:6.12-3
- better error handling in cache_swap.sh
- added RuntimeDirectory to systemd service file
* Fri Nov 01 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:6.12-2
- Disable ESI support since ESI support has been also removed from squid 7
- Resolves: CVE-2024-45802 squid: Denial of Service processing ESI
response content
* Wed Oct 23 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:6.12-1
- new version 6.12
- Fix TCP_MISS_ABORTED/100 erros when uploading
* Fri Oct 11 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:6.11-2
- ignore SP and HTAB chars after chunk-size
* Wed Sep 25 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:6.11-1
- new version 6.11
* Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 7:6.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Mon Jul 01 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:6.10-1
- new version 6.10
- Resolves: #2294354 - CVE-2024-37894 squid: Out-of-bounds write error may
lead to Denial of Service
* Tue Apr 16 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:6.9-1
- Resolves: #2262715 - squid-6.9 is available
* Sat Mar 09 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:6.8-1
- new version 6.8
* Mon Feb 12 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:6.7-1
- new version 6.7
- switch to autosetup
- fix FTBFS when using gcc14
* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 7:6.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Dec 13 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 7:6.6-1
- new version 6.6
* Tue Nov 07 2023 Luboš Uhliarik <luhliari@redhat.com> - 7:6.5-1
- new version 6.5
* Tue Oct 24 2023 Luboš Uhliarik <luhliari@redhat.com> - 7:6.4-1
- new version 6.4
* Thu Sep 14 2023 Luboš Uhliarik <luhliari@redhat.com> - 7:6.3-2
- SPDX migration
* Tue Sep 05 2023 Luboš Uhliarik <luhliari@redhat.com> - 7:6.3-1
- new version 6.3
* Wed Aug 16 2023 Luboš Uhliarik <luhliari@redhat.com> - 7:6.2-1
- new version 6.2
* Fri Aug 04 2023 Luboš Uhliarik <luhliari@redhat.com> - 7:6.1-3
- Fix "!commHasHalfClosedMonitor(fd)" assertion
* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 7:6.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jul 11 2023 Luboš Uhliarik <luhliari@redhat.com> - 7:6.1-1
- new version 6.1
* Tue May 09 2023 Luboš Uhliarik <luhliari@redhat.com> - 7:5.9-1
- new version 5.9
* Tue Feb 28 2023 Luboš Uhliarik <luhliari@redhat.com> - 7:5.8-1
- new version 5.8
* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 7:5.7-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Dec 05 2022 Tomas Korbar <tkorbar@redhat.com> - 7:5.7-3
- Backport adding IP_BIND_ADDRESS_NO_PORT flag to outgoing connections
* Wed Oct 12 2022 Luboš Uhliarik <luhliari@redhat.com> - 7:5.7-2
- Provide a sysusers.d file to get user() and group() provides (#2134071)
* Tue Sep 06 2022 Luboš Uhliarik <luhliari@redhat.com> - 7:5.7-1
- new version 5.7
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 7:5.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 27 2022 Luboš Uhliarik <luhliari@redhat.com> - 7:5.6-1
- new version 5.6
* Wed Apr 20 2022 Luboš Uhliarik <luhliari@redhat.com> - 7:5.5-1
- new version 5.5
- Resolves: #2053799 - squid-5.5 is available
* Wed Feb 09 2022 Luboš Uhliarik <luhliari@redhat.com> - 7:5.4-1
- new version 5.4
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 7:5.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Oct 05 2021 Luboš Uhliarik <luhliari@redhat.com> - 7:5.2-1
- new version 5.2 (#2010109)
- Resolves: #1934559 - squid: out-of-bounds read in WCCP protocol
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 7:5.1-2
- Rebuilt with OpenSSL 3.0.0
* Thu Aug 05 2021 Luboš Uhliarik <luhliari@redhat.com> - 7:5.1-1
- new version 5.1
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7:5.0.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Mon May 17 2021 Lubos Uhliarik <luhliari@redhat.com> - 7:5.0.6-1
- new version 5.0.6
* Fri Apr 23 2021 Lubos Uhliarik <luhliari@redhat.com> - 7:5.0.5-4
- Related: #1934919 - squid update attempts fail with file conflicts
* Fri Mar 05 2021 Lubos Uhliarik <luhliari@redhat.com> - 7:5.0.5-3
- Resolves: #1934919 - squid update attempts fail with file conflicts
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 7:5.0.5-2
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Wed Feb 10 2021 Lubos Uhliarik <luhliari@redhat.com> - 7:5.0.5-1
- new version 5.0.5
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7:4.13-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sat Oct 17 2020 Jeff Law <law@redhat.com> - 7:4.13-2
- Fix missing #includes for gcc-11
* Tue Aug 25 2020 Lubos Uhliarik <luhliari@redhat.com> - 7:4.13-1
- new version 4.13
* Fri Aug 07 2020 Jeff law <law@redhat.com> - 7:4.12-4
- Disable LTO
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7:4.12-3
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7:4.12-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jun 15 2020 Lubos Uhliarik <luhliari@redhat.com> - 7:4.12-1
- new version 4.12
* Thu May 07 2020 Lubos Uhliarik <luhliari@redhat.com> - 7:4.11-1
- new version 4.11
- libsystemd integration
- Resolves: #1827564 - CVE-2020-11945 squid: improper access restriction upon
Digest Authentication nonce replay could lead to remote code execution
* Thu Mar 26 2020 Lubos Uhliarik <luhliari@redhat.com> - 7:4.10-4
- Resolves: #1817208 - More cache_swap.sh optimizations
* Wed Mar 25 2020 Lubos Uhliarik <luhliari@redhat.com> - 7:4.10-3
- Resolves: #1786485 - squid.service: use ${SQUID_CONF} rather than $SQUID_CONF
- Resolves: #1798535 - CVE-2019-12528 squid: Information Disclosure issue in
FTP Gateway
- Resolves: #1798554 - CVE-2020-8450 squid: Buffer overflow in a Squid acting
as reverse-proxy
- Resolves: #1798541 - CVE-2020-8449 squid: Improper input validation issues
in HTTP Request processing
* Tue Jan 28 2020 Lubos Uhliarik <luhliari@redhat.com> - 7:4.10-1
- new version 4.10
* Tue Dec 17 2019 Lubos Uhliarik <luhliari@redhat.com> - 7:4.9-3
- Resolves: #1784383 - Add BuildRequires: systemd-rpm-macros
- Resolves: #1783757 - Build with ./configure --with-pidfile=/run/squid.pid
- Resolves: #1783768 - Optimize cache_swap.sh cache_dir search
* Mon Nov 11 2019 Lubos Uhliarik <luhliari@redhat.com> - 7:4.9-2
- new version 4.9
- verify src taball signature by default in prep section
* Tue Oct 08 2019 Lubos Uhliarik <luhliari@redhat.com> - 7:4.8-6
- Resolves: #1741342 - Do not call autoconf at build time
* Tue Oct 08 2019 Lubos Uhliarik <luhliari@redhat.com> - 7:4.8-5
- Resolves: #1716950 - Drop "sleep 1" from logrotate fragment
* Thu Aug 22 2019 Lubomir Rintel <lkundrak@v3.sk> - 7:4.8-4
- Move the NetworkManager dispatcher script out of /etc
* Mon Aug 05 2019 Lubos Uhliarik <luhliari@redhat.com> - 7:4.8-3
- Resolves: #1737030 - depend on httpd-filesystem
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7:4.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Wed Jul 10 2019 Lubos Uhliarik <luhliari@redhat.com> - 7:4.8-1
- new version 4.8
- Resolves: #1727745 - squid: CVe-2019-13345 squid: XSS via user_name or auth
parameter in cachemgr.cgi
* Tue Jul 02 2019 Lubos Uhliarik <luhliari@redhat.com> - 7:4.7-6
- fix filepath to squid.conf.documented in squid's manpage
- fix path to systemctl in nm script
* Wed May 22 2019 Lubos Uhliarik <luhliari@redhat.com> - 7:4.7-5
- Related: #1709299 - Use upstream squid.service
* Fri May 17 2019 Luboš Uhliarik <luhliari@redhat.com> - 7:4.7-1
- new version 4.7
* Fri May 17 2019 Luboš Uhliarik <luhliari@redhat.com> - 7:4.6-3
- Resolves: #1709299 - Use upstream squid.service
* Mon Apr 29 2019 Lubos Uhliarik <luhliari@redhat.com> - 7:4.6-2
- Resolves: #1599074 - squid: 3 coredumps every day
* Wed Apr 24 2019 Lubos Uhliarik <luhliari@redhat.com> - 7:4.6-1
- new version 4.6
- disabled strict checking due to gcc warnings
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7:4.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 7:4.4-2
- Rebuilt for libcrypt.so.2 (#1666033)
* Mon Dec 10 2018 Lubos Uhliarik <luhliari@redhat.com> - 7:4.4-1
- new version 4.4
* Sun Oct 14 2018 Peter Robinson <pbrobinson@fedoraproject.org> 7:4.2-3
- Drop obsolete legacy sys-v remanents
* Mon Aug 20 2018 Luboš Uhliarik <luhliari@redhat.com> - 7:4.2-2
- Resolves: #1618790 - SELinux 'dac_override' denial for cache_swap.sh
* Mon Aug 06 2018 Luboš Uhliarik <luhliari@redhat.com> - 7:4.2-1
- new version 4.2
- enable back strict error checking
* Wed Aug 01 2018 Luboš Uhliarik <luhliari@redhat.com> - 7:4.1-1
- new version 4.1
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 7:4.0.25-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Jun 28 2018 Luboš Uhliarik <luhliari@redhat.com> - 7:4.0.25-1
- new version 4.0.25
* Mon Jun 04 2018 Luboš Uhliarik <luhliari@redhat.com> - 7:4.0.24-2
- removed obsolete BuildRequires (libdb4-devel)
* Thu Mar 08 2018 Luboš Uhliarik <luhliari@redhat.com> - 7:4.0.24-1
- new version 4.0.24
- disabled strict checking (removed -Werror)
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 7:4.0.23-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Tue Jan 23 2018 Luboš Uhliarik <luhliari@redhat.com> - 7:4.0.23-2
- Resolves: #1481195 - squid loses some REs when optimising ACLs
* Tue Jan 23 2018 Luboš Uhliarik <luhliari@redhat.com> - 7:4.0.23-1
- new version 4.0.23
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 7:4.0.22-2
- Rebuilt for switch to libxcrypt
* Mon Nov 20 2017 Luboš Uhliarik <luhliari@redhat.com> - 7:4.0.21-2
- Resolves: #1481195 - squid loses some REs when optimising ACLs
* Wed Jan 17 2018 Luboš Uhliarik <luhliari@redhat.com> - 7:4.0.22-1
- new version 4.0.22
- Removed NIS helper (#1531540)
* Mon Aug 07 2017 Luboš Uhliarik <luhliari@redhat.com> - 7:4.0.21-1
* Tue Aug 08 2017 Luboš Uhliarik <luhliari@redhat.com> - 7:4.0.21-1
- new version 4.0.21
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 7:4.0.20-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 7:4.0.20-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Mon Jun 05 2017 Luboš Uhliarik <luhliari@redhat.com> - 7:4.0.20-2
- related: new version 4.0.20

View file

@ -1,5 +1,9 @@
# default squid options
SQUID_OPTS=""
# Time to wait for Squid to shut down when asked. Should not be necessary
# most of the time.
SQUID_SHUTDOWN_TIMEOUT=100
# default squid conf file
SQUID_CONF="/etc/squid/squid.conf"

View file

@ -1,2 +0,0 @@
g squid 23 -
u squid 23 "Squid proxy user" /var/spool/squid /sbin/nologin