Resolves: #2095468 - [RFE] squid use systemd-sysusers

This commit is contained in:
Luboš Uhliarik 2022-11-07 19:19:09 +01:00
parent 15d476e3f5
commit 377018129f
2 changed files with 14 additions and 14 deletions

View File

@ -2,7 +2,7 @@
Name: squid Name: squid
Version: 5.5 Version: 5.5
Release: 3%{?dist} Release: 4%{?dist}
Summary: The Squid proxy caching server Summary: The Squid proxy caching server
Epoch: 7 Epoch: 7
# See CREDITS for breakdown of non GPLv2+ code # See CREDITS for breakdown of non GPLv2+ code
@ -18,6 +18,7 @@ Source5: squid.pam
Source6: squid.nm Source6: squid.nm
Source7: squid.service Source7: squid.service
Source8: cache_swap.sh Source8: cache_swap.sh
Source9: squid.sysusers
Source98: perl-requires-squid.sh Source98: perl-requires-squid.sh
@ -52,10 +53,7 @@ Patch502: squid-5.5-CVE-2022-41318.patch
Requires: bash gawk Requires: bash gawk
# for httpd conf file - cachemgr script alias # for httpd conf file - cachemgr script alias
Requires: httpd-filesystem Requires: httpd-filesystem
Requires(pre): shadow-utils
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
# squid_ldap_auth and other LDAP helpers require OpenLDAP # squid_ldap_auth and other LDAP helpers require OpenLDAP
BuildRequires: make BuildRequires: make
BuildRequires: openldap-devel BuildRequires: openldap-devel
@ -87,6 +85,8 @@ BuildRequires: systemd-rpm-macros
# systemd notify # systemd notify
BuildRequires: systemd-devel BuildRequires: systemd-devel
%{?systemd_requires}
%{?sysusers_requires_compat}
# Old NetworkManager expects the dispatcher scripts in a different place # Old NetworkManager expects the dispatcher scripts in a different place
Conflicts: NetworkManager < 1.20 Conflicts: NetworkManager < 1.20
@ -242,6 +242,8 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/squid/squid.conf.documented
# remove unpackaged files from the buildroot # remove unpackaged files from the buildroot
rm -f $RPM_BUILD_ROOT/squid.httpd.tmp rm -f $RPM_BUILD_ROOT/squid.httpd.tmp
# sysusers.d
install -p -D -m 0644 %{SOURCE9} %{buildroot}%{_sysusersdir}/squid.conf
%files %files
%license COPYING %license COPYING
@ -283,15 +285,10 @@ rm -f $RPM_BUILD_ROOT/squid.httpd.tmp
%{_libdir}/squid/* %{_libdir}/squid/*
%{_datadir}/snmp/mibs/SQUID-MIB.txt %{_datadir}/snmp/mibs/SQUID-MIB.txt
%{_tmpfilesdir}/squid.conf %{_tmpfilesdir}/squid.conf
%{_sysusersdir}/squid.conf
%pre %pre
if ! getent group squid >/dev/null 2>&1; then %sysusers_create_compat %{SOURCE9}
/usr/sbin/groupadd -g 23 squid
fi
if ! getent passwd squid >/dev/null 2>&1 ; then
/usr/sbin/useradd -g 23 -u 23 -d /var/spool/squid -r -s /sbin/nologin squid >/dev/null 2>&1 || exit 1
fi
for i in /var/log/squid /var/spool/squid ; do for i in /var/log/squid /var/spool/squid ; do
if [ -d $i ] ; then if [ -d $i ] ; then
@ -334,8 +331,6 @@ do
end end
end end
%post %post
%systemd_post squid.service %systemd_post squid.service
@ -354,6 +349,9 @@ fi
%changelog %changelog
* Mon Nov 07 2022 Luboš Uhliarik <luhliari@redhat.com> - 7:5.5-4
- Resolves: #2095468 - [RFE] squid use systemd-sysusers
* Mon Nov 07 2022 Luboš Uhliarik <luhliari@redhat.com> - 7:5.5-3 * Mon Nov 07 2022 Luboš Uhliarik <luhliari@redhat.com> - 7:5.5-3
- Resolves: #2130253 - CVE-2022-41318 squid: buffer-over-read in SSPI and SMB - Resolves: #2130253 - CVE-2022-41318 squid: buffer-over-read in SSPI and SMB
authentication authentication

2
squid.sysusers Normal file
View File

@ -0,0 +1,2 @@
g squid 23 -
u squid 23 "Squid proxy user" /var/spool/squid /sbin/nologin