%define __perl_requires %{SOURCE98} Name: squid Version: 4.15 Release: 10%{?dist}.1 Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code License: GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain) URL: http://www.squid-cache.org Source0: http://www.squid-cache.org/Versions/v4/squid-%{version}.tar.xz Source1: http://www.squid-cache.org/Versions/v4/squid-%{version}.tar.xz.asc Source2: squid.logrotate Source3: squid.sysconfig Source4: squid.pam Source5: squid.nm Source6: squid.service Source7: cache_swap.sh Source98: perl-requires-squid.sh # Upstream patches # Backported patches Patch101: squid-4.15-ip-bind-address-no-port.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2072988 # Local patches # Applying upstream patches first makes it less likely that local patches # will break upstream ones. Patch201: squid-4.11-config.patch Patch202: squid-4.11-location.patch Patch203: squid-4.11-perlpath.patch Patch204: squid-4.11-include-guards.patch Patch205: squid-4.11-large-acl.patch # https://bugzilla.redhat.com/show_bug.cgi?id=980511 Patch206: squid-4.11-active-ftp.patch Patch208: squid-4.11-convert-ipv4.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2006121 Patch209: squid-4.15-ftp-filename-extraction.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2076717 Patch210: squid-4.15-halfclosed.patch # Security fixes # https://bugzilla.redhat.com/show_bug.cgi?id=1941506 Patch300: squid-4.15-CVE-2021-28116.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2100721 Patch301: squid-4.15-CVE-2021-46784.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2129771 Patch302: squid-4.15-CVE-2022-41318.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2245910 # +backported: https://github.com/squid-cache/squid/commit/417da4006cf5c97d44e74431b816fc58fec9e270 Patch303: squid-4.15-CVE-2023-46846.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2245916 Patch304: squid-4.15-CVE-2023-46847.patch # https://issues.redhat.com/browse/RHEL-14792 Patch305: squid-4.15-CVE-2023-5824.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2248521 Patch306: squid-4.15-CVE-2023-46728.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2247567 Patch307: squid-4.15-CVE-2023-46724.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2252926 Patch308: squid-4.15-CVE-2023-49285.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2252923 Patch309: squid-4.15-CVE-2023-49286.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2254663 Patch310: squid-4.15-CVE-2023-50269.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2264309 Patch311: squid-4.15-CVE-2024-25617.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2268366 Patch312: squid-4.15-CVE-2024-25111.patch # Regression caused by squid-4.15-CVE-2023-46846.patch # Upstream PR: https://github.com/squid-cache/squid/pull/1914 Patch313: squid-4.15-ignore-wsp-after-chunk-size.patch Requires: bash >= 2.0 Requires(pre): shadow-utils Requires(post): systemd Requires(preun): systemd Requires(postun): systemd # squid_ldap_auth and other LDAP helpers require OpenLDAP BuildRequires: openldap-devel # squid_pam_auth requires PAM development libs BuildRequires: pam-devel # SSL support requires OpenSSL BuildRequires: openssl-devel # squid_kerb_aut requires Kerberos development libs BuildRequires: krb5-devel # time_quota requires DB BuildRequires: libdb-devel # ESI support requires Expat & libxml2 BuildRequires: expat-devel libxml2-devel # TPROXY requires libcap, and also increases security somewhat BuildRequires: libcap-devel # eCAP support BuildRequires: libecap-devel #ip_user helper requires BuildRequires: gcc-c++ BuildRequires: libtool libtool-ltdl-devel BuildRequires: perl-generators # For test suite BuildRequires: pkgconfig(cppunit) BuildRequires: autoconf # systemd notify BuildRequires: systemd-devel %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. %prep %setup -q # Upstream patches # Backported patches %patch101 -p1 -b .ip-bind-address-no-port # Local patches %patch201 -p1 -b .config %patch202 -p1 -b .location %patch203 -p1 -b .perlpath %patch204 -p1 -b .include-guards %patch205 -p1 -b .large_acl %patch206 -p1 -b .active-ftp %patch208 -p1 -b .convert-ipv4 %patch209 -p1 -b .ftp-fn-extraction %patch210 -p1 -b .halfclosed # Security patches %patch300 -p1 -b .CVE-2021-28116 %patch301 -p1 -b .CVE-2021-46784 %patch302 -p1 -b .CVE-2022-41318 %patch303 -p1 -b .CVE-2023-46846 %patch304 -p1 -b .CVE-2023-46847 %patch305 -p1 -b .CVE-2023-5824 %patch306 -p1 -b .CVE-2023-46728 %patch307 -p1 -b .CVE-2023-46724 %patch308 -p1 -b .CVE-2023-49285 %patch309 -p1 -b .CVE-2023-49286 %patch310 -p1 -b .CVE-2023-50269 %patch311 -p1 -b .CVE-2024-25617 %patch312 -p1 -b .CVE-2024-25111 %patch313 -p1 -b .ignore-wsp-chunk-sz # https://bugzilla.redhat.com/show_bug.cgi?id=1679526 # Patch in the vendor documentation and used different location for documentation sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented|' src/squid.8.in %build # cppunit-config patch changes configure.ac autoconf # NIS helper has been removed because of the following bug # https://bugzilla.redhat.com/show_bug.cgi?id=1531540 %configure \ --libexecdir=%{_libdir}/squid \ --datadir=%{_datadir}/squid \ --sysconfdir=%{_sysconfdir}/squid \ --with-logdir='%{_localstatedir}/log/squid' \ --with-pidfile='%{_localstatedir}/run/squid.pid' \ --disable-dependency-tracking \ --enable-eui \ --enable-follow-x-forwarded-for \ --enable-auth \ --enable-auth-basic="DB,fake,getpwnam,LDAP,NCSA,PAM,POP3,RADIUS,SASL,SMB,SMB_LM" \ --enable-auth-ntlm="SMB_LM,fake" \ --enable-auth-digest="file,LDAP" \ --enable-auth-negotiate="kerberos" \ --enable-external-acl-helpers="LDAP_group,time_quota,session,unix_group,wbinfo_group,kerberos_ldap_group" \ --enable-storeid-rewrite-helpers="file" \ --enable-cache-digests \ --enable-cachemgr-hostname=localhost \ --enable-delay-pools \ --enable-epoll \ --enable-icap-client \ --enable-ident-lookups \ %ifnarch %{power64} ia64 x86_64 s390x aarch64 --with-large-files \ %endif --enable-linux-netfilter \ --enable-removal-policies="heap,lru" \ --enable-snmp \ --enable-ssl \ --enable-ssl-crtd \ --enable-storeio="aufs,diskd,ufs,rock" \ --enable-diskio \ --enable-wccpv2 \ --enable-esi \ --enable-ecap \ --with-aio \ --with-default-user="squid" \ --with-dl \ --with-openssl \ --with-pthreads \ --disable-arch-native \ --disable-security-cert-validators \ --with-swapdir=%{_localstatedir}/spool/squid %make_build %check make check %install %make_install echo " # # This is %{_sysconfdir}/httpd/conf.d/squid.conf # ScriptAlias /Squid/cgi-bin/cachemgr.cgi %{_libdir}/squid/cachemgr.cgi # Only allow access from localhost by default Require local # Add additional allowed hosts as needed # Require host example.com " > $RPM_BUILD_ROOT/squid.httpd.tmp mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pam.d mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/ mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d mkdir -p $RPM_BUILD_ROOT%{_unitdir} mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/squid install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/squid install -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/squid install -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/squid install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_unitdir} install -m 755 %{SOURCE7} $RPM_BUILD_ROOT%{_libexecdir}/squid install -m 644 $RPM_BUILD_ROOT/squid.httpd.tmp $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/squid.conf install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d/20-squid mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/squid mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/spool/squid mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/squid chmod 644 contrib/url-normalizer.pl contrib/user-agents.pl iconv -f ISO88591 -t UTF8 ChangeLog -o ChangeLog.tmp mv -f ChangeLog.tmp ChangeLog # install /usr/lib/tmpfiles.d/squid.conf mkdir -p ${RPM_BUILD_ROOT}%{_tmpfilesdir} cat > ${RPM_BUILD_ROOT}%{_tmpfilesdir}/squid.conf </dev/null 2>&1; then /usr/sbin/groupadd -g 23 squid fi if ! getent passwd squid >/dev/null 2>&1 ; then /usr/sbin/useradd -g 23 -u 23 -d /var/spool/squid -r -s /sbin/nologin squid >/dev/null 2>&1 || exit 1 fi for i in /var/log/squid /var/spool/squid ; do if [ -d $i ] ; then for adir in `find $i -maxdepth 0 \! -user squid`; do chown -R squid:squid $adir done fi done exit 0 %pretrans -p -- Due to a bug #447156 paths = {"/usr/share/squid/errors/zh-cn", "/usr/share/squid/errors/zh-tw"} for key,path in ipairs(paths) do st = posix.stat(path) if st and st.type == "directory" then status = os.rename(path, path .. ".rpmmoved") if not status then suffix = 0 while not status do suffix = suffix + 1 status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix) end os.rename(path, path .. ".rpmmoved") end end end %post %systemd_post squid.service %preun %systemd_preun squid.service %postun %systemd_postun_with_restart squid.service %triggerin -- samba-common if ! getent group wbpriv >/dev/null 2>&1 ; then /usr/sbin/groupadd -g 88 wbpriv >/dev/null 2>&1 || : fi /usr/sbin/usermod -a -G wbpriv squid >/dev/null 2>&1 || \ chgrp squid /var/cache/samba/winbindd_privileged >/dev/null 2>&1 || : %changelog * Mon Oct 14 2024 Luboš Uhliarik - 7:4.15-10.1 - Resolves: RHEL-56024 - (Regression) Transfer-encoding:chunked data is not sent to the client in its complementary * Tue Mar 19 2024 Luboš Uhliarik - 7:4.15-10 - Resolves: RHEL-28529 - squid:4/squid: Denial of Service in HTTP Chunked Decoding (CVE-2024-25111) - Resolves: RHEL-26088 - squid:4/squid: denial of service in HTTP header parser (CVE-2024-25617) * Fri Feb 02 2024 Luboš Uhliarik - 7:4.15-9 - Resolves: RHEL-19552 - squid:4/squid: denial of service in HTTP request parsing (CVE-2023-50269) * Fri Feb 02 2024 Luboš Uhliarik - 7:4.15-8 - Resolves: RHEL-18351 - squid:4/squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285) - Resolves: RHEL-18342 - squid:4/squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286) - Resolves: RHEL-18230 - squid:4/squid: Denial of Service in SSL Certificate validation (CVE-2023-46724) - Resolves: RHEL-15911 - squid:4/squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728) - Resolves: RHEL-18251 - squid crashes in assertion when a parent peer exists - Resolves: RHEL-14794 - squid: squid multiple issues in HTTP response caching (CVE-2023-5824) - Resolves: RHEL-14803 - squid: squid: Denial of Service in HTTP Digest Authentication (CVE-2023-46847) - Resolves: RHEL-14777 - squid: squid: Request/Response smuggling in HTTP/1.1 and ICAP (CVE-2023-46846) * Wed Aug 16 2023 Luboš Uhliarik - 7:4.15-7 - Resolves: #2076717 - Crash with half_closed_client on * Thu Dec 08 2022 Tomas Korbar - 4.15-6 - Resolves: #2072988 - [RFE] Add the "IP_BIND_ADDRESS_NO_PORT" flag to sockets created for outgoing connections in the squid source code. * Wed Sep 28 2022 Luboš Uhliarik - 7:4.15-5 - Resolves: #2130260 - CVE-2022-41318 squid:4/squid: buffer-over-read in SSPI and SMB authentication * Tue Jun 28 2022 Luboš Uhliarik - 7:4.15-4 - Resolves: #2100783 - CVE-2021-46784 squid:4/squid: DoS when processing gopher server responses * Wed Feb 09 2022 Luboš Uhliarik - 7:4.15-3 - Resolves: #1941506 - CVE-2021-28116 squid:4/squid: out-of-bounds read in WCCP protocol data may lead to information disclosure * Tue Jan 25 2022 Luboš Uhliarik - 7:4.15-2 - Resolves: #2006121 - SQUID shortens FTP Link wrong that contains a semi-colon and as a result is not able to download zip file.CODE 404 TO CLIENT) * Fri Jun 18 2021 Luboš Uhliarik - 7:4.15-1 - new version 4.15 - Resolves: #1964384 - squid:4 rebase to 4.15 * Wed Mar 31 2021 Lubos Uhliarik - 7:4.11-5 - Resolves: #1944261 - CVE-2020-25097 squid:4/squid: improper input validation may allow a trusted client to perform HTTP Request Smuggling * Mon Oct 26 2020 Lubos Uhliarik - 7:4.11-4 - Resolves: #1890606 - Fix for CVE 2019-13345 breaks authentication in cachemgr.cgi * Wed Aug 26 2020 Lubos Uhliarik - 7:4.11-3 - Resolves: #1871705 - CVE-2020-24606 squid: Improper Input Validation could result in a DoS - Resolves: #1871702 - CVE-2020-15811 squid: HTTP Request Splitting could result in cache poisoning - Resolves: #1871700 - CVE-2020-15810 squid: HTTP Request Smuggling could result in cache poisoning * Thu Jul 02 2020 Lubos Uhliarik - 7:4.11-2 - Resolves: #1853130 - CVE-2020-15049 squid:4/squid: request smuggling and poisoning attack against the HTTP cache - Resolves: #1853136 - CVE-2020-14058 squid:4/squid: DoS in TLS handshake * Thu May 07 2020 Lubos Uhliarik - 7:4.11-1 - new version 4.11 - libsystemd integration - Resolves: #1829467 - squid:4 rebase - Resolves: #1828378 - CVE-2019-12521 squid:4/squid: off-by-one error in addStackElement allows for a heap buffer overflow and a crash - Resolves: #1828377 - CVE-2019-12520 squid:4/squid: improper input validation in request allows for proxy manipulation - Resolves: #1828375 - CVE-2019-12524 squid:4/squid: improper access restriction in url_regex may lead to security bypass - Resolves: #1820664 - CVE-2019-18860 squid: mishandles HTML in the host parameter to cachemgr.cgi which could result in squid behaving in unsecure way - Resolves: #1802514 - CVE-2020-8449 squid:4/squid: Improper input validation issues in HTTP Request processing - Resolves: #1802513 - CVE-2020-8450 squid:4/squid: Buffer overflow in a Squid acting as reverse-proxy - Resolves: #1802512 - CVE-2019-12528 squid:4/squid: Information Disclosure issue in FTP Gateway - Resolves: #1771288 - CVE-2019-18678 squid:4/squid: HTTP Request Splitting issue in HTTP message processing - Resolves: #1771283 - CVE-2019-18679 squid:4/squid: Information Disclosure issue in HTTP Digest Authentication - Resolves: #1771280 - CVE-2019-18677 squid:4/squid: Cross-Site Request Forgery issue in HTTP Request processing - Resolves: #1771275 - CVE-2019-12523 squid:4/squid: Improper input validation in URI processor - Resolves: #1771272 - CVE-2019-18676 squid:4/squid: Buffer overflow in URI processor - Resolves: #1771264 - CVE-2019-12526 squid:4/squid: Heap overflow issue in URN processing - Resolves: #1738581 - CVE-2019-12529 squid: OOB read in Proxy-Authorization header causes DoS * Tue Apr 28 2020 Lubos Uhliarik - 7:4.4-9 - Resolves: #1738583 - CVE-2019-12525 squid:4/squid: parsing of header Proxy-Authentication leads to memory corruption - Resolves: #1828369 - CVE-2020-11945 squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution - Resolves: #1828370 - CVE-2019-12519 squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow * Fri Aug 23 2019 Lubos Uhliarik - 7:4.4-8 - Resolves: # 1738485 - CVE-2019-12527 squid:4/squid: heap-based buffer overflow in HttpHeader::getAuth * Wed Jul 31 2019 Lubos Uhliarik - 7:4.4-7 - Resolves: #1729436 - CVE-2019-13345 squid: XSS via user_name or auth parameter in cachemgr.cgi * Fri Jun 21 2019 Lubos Uhliarik - 7:4.4-6 - Resolves: #1679526 - Missing detailed configuration file - Resolves: #1703117 - RHEL 7 to 8 fails with squid installed because dirs changed to symlinks - Resolves: #1691741 - Squid cache_peer DNS lookup failed when not all lower case - Resolves: #1683527 - "Reloading" message on a fresh reboot after enabling squid * Tue Dec 11 2018 Lubos Uhliarik - 7:4.4-4 - Resolves: #1612524 - Man page scan results for squid * Tue Dec 11 2018 Lubos Uhliarik - 7:4.4-3 - Resolves: #1642384 - squid doesn't work with active ftp * Tue Dec 11 2018 Lubos Uhliarik - 7:4.4-2 - Resolves: #1657847 - Unable to start Squid in Selinux Enforcing mode * Mon Dec 10 2018 Lubos Uhliarik - 7:4.4-1 - Resolves: #1656871 - squid rebase to 4.4 - Resolves: #1645148 - CVE-2018-19131 squid: Cross-Site Scripting when generating HTTPS response messages about TLS errors - Resolves: #1645156 - CVE-2018-19132 squid: Memory leak in SNMP query rejection code * Mon Aug 06 2018 Lubos Uhliarik - 7:4.2-1 - new version 4.2 - enable back strict error checking * Wed Aug 01 2018 Luboš Uhliarik - 7:4.1-1 - new version 4.1 * Mon Jun 04 2018 Luboš Uhliarik - 7:4.0.23-5 - Resolves: #1585617 - Build against libdb only instead of libdb4 - disabled strict checking for now (squid can not be built with GCC8) * Mon Apr 16 2018 Luboš Uhliarik - 7:4.0.23-4 - Resolves: #1566055 - module squid cannot be installed due to missing perl(Crypt::OpenSSL::X509) * Fri Feb 09 2018 Fedora Release Engineering - 7:4.0.23-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Tue Jan 23 2018 Luboš Uhliarik - 7:4.0.23-2 - Resolves: #1481195 - squid loses some REs when optimising ACLs * Tue Jan 23 2018 Luboš Uhliarik - 7:4.0.23-1 - new version 4.0.23 * Sat Jan 20 2018 Björn Esser - 7:4.0.22-2 - Rebuilt for switch to libxcrypt * Wed Jan 17 2018 Luboš Uhliarik - 7:4.0.22-1 - new version 4.0.22 - Removed NIS helper (#1531540) * Mon Aug 07 2017 Luboš Uhliarik - 7:4.0.21-1 - new version 4.0.21 * Thu Aug 03 2017 Fedora Release Engineering - 7:4.0.20-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Thu Jul 27 2017 Fedora Release Engineering - 7:4.0.20-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Mon Jun 05 2017 Luboš Uhliarik - 7:4.0.20-2 - related: new version 4.0.20 * Mon Jun 05 2017 Luboš Uhliarik - 7:4.0.20-1 - new version 4.0.20 * Tue Apr 25 2017 Luboš Uhliarik - 7:4.0.19-4 - Related: #1445255 - Squid SMP Mode Fails * Tue Apr 25 2017 Luboš Uhliarik - 7:4.0.19-3 - Resolves: #1445255 - Squid SMP Mode Fails * Tue Apr 18 2017 Luboš Uhliarik - 7:4.0.19-2 - Resolves: #1442375 - squid helper squid_kerb_ldap not included in package * Mon Apr 03 2017 Luboš Uhliarik - 7:4.0.19-1 - new version 4.0.19 * Thu Mar 30 2017 Luboš Uhliarik - 7:4.0.18-1 - new version 4.0.18 * Sat Feb 11 2017 Fedora Release Engineering - 7:4.0.17-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Mon Dec 19 2016 Luboš Uhliarik - 7:4.0.17-1 - new version 4.0.17 * Mon Oct 31 2016 Luboš Uhliarik - 7:4.0.16-1 - new version 4.0.16 * Mon Oct 10 2016 Luboš Uhliarik - 7:4.0.15-1 - new version 4.0.15 * Mon Sep 12 2016 Luboš Uhliarik - 7:4.0.14-1 - new version 4.0.14 * Tue Aug 09 2016 Luboš Uhliarik - 7:4.0.13-1 - new version 4.0.13 * Mon Jul 11 2016 Henrik Nordstrom - 7:4.0.11-1 - new version 4.0.11 * Wed May 18 2016 Luboš Uhliarik - 7:3.5.19-2 - Resolves: #1336993 - Mistyped command in dirname /etc/NetworkManager/dispatcher.d/20-squid * Tue May 10 2016 Luboš Uhliarik - 7:3.5.19-1 - new version 3.5.19 * Thu May 05 2016 Luboš Uhliarik - 7:3.5.17-1 - new version 3.5.17 * Tue Apr 05 2016 Luboš Uhliarik - 7:3.5.16-1 - new version 3.5.16 * Tue Mar 01 2016 Luboš Uhliarik - 7:3.5.15-1 - new version 3.5.15 - Resolves: #1311585 - squid: Multiple Denial of Service issues in HTTP Response processing - Resolves: #1312267 - squid: SQUID-2016_2 advisory, multiple DoS issues * Tue Mar 01 2016 Luboš Uhliarik - 7:3.5.13-3 - Resolves: #1308866 - CVE-2016-2390 squid: incorrect server error handling resulting in denial of service * Fri Feb 05 2016 Fedora Release Engineering - 7:3.5.13-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Fri Jan 08 2016 Luboš Uhliarik - 7:3.5.13-1 - new version 3.5.13 * Thu Dec 03 2015 Luboš Uhliarik - 7:3.5.12-2 - new version 3.5.12 * Fri Sep 25 2015 Luboš Uhliarik - 7:3.5.9-3 - Resolves: #1231992 * Fri Sep 25 2015 Luboš Uhliarik - 7:3.5.9-2 - Resolves: #1230501 * Thu Sep 24 2015 Luboš Uhliarik - 7:3.5.9-1 - new version 3.5.9 - added Patch, which fixes problem with include guards * Fri Jun 19 2015 Fedora Release Engineering - 7:3.5.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Sat May 02 2015 Kalev Lember - 7:3.5.3-4 - Rebuilt for GCC 5 C++11 ABI change * Tue Mar 31 2015 Pavel Šimerda - 7:3.5.3-3 - Fix build by removing eDirectory support * Tue Mar 31 2015 Pavel Šimerda - 7:3.5.3-2 - clean up defunct patches * Tue Mar 31 2015 Pavel Šimerda - 7:3.5.3-1 - new version 3.5.3 * Mon Mar 23 2015 Pavel Šimerda - 7:3.5.2-4 - Resolves: #1145235, #1173488, #1176318 – revert a couple of recent changes * Sun Mar 15 2015 Henrik Nordstrom - 7:3.5.2-3 - Correct execmod build issue caused by libtool confusion on required compiler flags * Sun Mar 15 2015 Henrik Nordstrom - 7:3.5.2-2 - Update to latest upstream version 3.5.2 - Remove deprecated (and renamed) squid_msnt_auth basic auth helper. Only performs LM authentication and not considered useful in todays networks. * Wed Feb 25 2015 Henrik Nordstrom - 7:3.4.12-1 - Update to latest upstream version 3.4.12 - bug #1173946: Disable -march=native compile time optimization, use Fedora defaults. * Tue Nov 18 2014 Henrik Nordstrom - 7:3.4.9-3 - Update to latest upstream version 3.4.9 * Sun Oct 19 2014 Peter Robinson 7:3.4.7-3 - Update ppc64 macro to cover little endian too * Thu Sep 11 2014 Michal Luscon - 7:3.4.7-2 - Fixed: CVE-2014-6270 * Thu Aug 28 2014 Michal Luscon - 7:3.4.7-1 - Update to latest upstream version - Fixed: CVE-2014-3609 * Thu Aug 21 2014 Kevin Fenzi - 7:3.4.6-3 - Rebuild for rpm bug 1131960 * Mon Aug 18 2014 Fedora Release Engineering - 7:3.4.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Wed Jul 2 2014 Michal Luscon - 7:3.4.6-1 - Update to latest upstream version 3.4.6 * Fri Jun 13 2014 Michal Luscon - 7:3.4.5-6 - Fixed #855111: set unlimited start and shutdown timeout * Sun Jun 08 2014 Michal Luscon - 7:3.4.5-5 - Run squid under user and group squid * Sun Jun 08 2014 Fedora Release Engineering - 7:3.4.5-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Tue May 27 2014 Michal Luscon - 7:3.4.5-3 - Remove sysvinit subpackage - Enable rock store * Fri May 23 2014 Michal Luscon - 7:3.4.5-2 - Fixed #1099970: missing /var/run/squid folder - Reverted #1038160: breaks SMP mode * Tue May 6 2014 Michal Luscon - 7:3.4.5-1 - Update to latest upstream version 3.4.5 * Fri Apr 25 2014 Michal Luscon - 7:3.4.4.2-1 - Update to latest upstream version 3.4.4.2 * Thu Mar 13 2014 Pavel Šimerda - 7:3.4.4-1 - bump to 3.4.4 * Tue Feb 04 2014 Henrik Nordstrom - 7:3.4.3-1 - Update to latest upstream bugfix version 3.4.3 * Mon Jan 06 2014 Pavel Šimerda - 7:3.4.1-2 - Resolves: #1038160 - avoid running squid's own supervisor process * Mon Dec 30 2013 Michal Luscon - 7:3.4.1-1 - Rebase to latest stable upstream release 3.4.1 - Fixed #1034306: fails to build for AArch64 - Fixed: active ftp * Tue Dec 03 2013 Henrik Nordstrom - 7:3.3.11-1 - Update to latest upstream bugfix version 3.3.11 * Fri Sep 13 2013 Michal Luscon - 7:3.3.9-1 - Update to latest upstream version 3.3.9 - Fixed #976815: file descriptors are hard coded to 16384 - Fixed: active ftp crashing - Fixed: offset of patches * Thu Aug 08 2013 Michal Luscon - 7:3.3.8-3 - Fixed #994814: enable time_quota helper * Sun Aug 04 2013 Fedora Release Engineering - 7:3.3.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Mon Jul 22 2013 Michal Luscon - 7:3.3.8-1 - Update to latest upstream version 3.3.8 - Fixed: CVE-2013-4123 - Fixed: CVE-2013-4115 * Wed Jul 17 2013 Petr Pisar - 7:3.3.4-3 - Perl 5.18 rebuild * Wed May 8 2013 Ville Skyttä - 7:3.3.4-2 - Fix basic auth and log daemon DB helper builds. - Use xz compressed tarball, fix source URLs. - Fix bogus dates in %%changelog. * Fri May 3 2013 Michal Luscon - 7:3.3.4-1 - Rebase to latest upstream version 3.3.4 * Tue Apr 23 2013 Michal Luscon - 7:3.2.9-3 - Option '-k' is not stated in squidclient man - Remove pid from service file(#913262) * Fri Apr 19 2013 Michal Luscon - 7:3.2.9-2 - Enable full RELRO (-Wl,-z,relro -Wl,-z,now) * Tue Mar 19 2013 Michal Luscon - 7:3.2.9-1 - Update to latest upstream version 3.2.9 - Fixed: CVE-2013-1839 - Removed: makefile-patch (+make check) * Mon Mar 11 2013 Michal Luscon - 7:3.2.8-3 - Resolved: /usr move - squid service file * Sat Mar 09 2013 Michal Luscon - 7:3.2.8-2 - Resolved: #896127 - basic_ncsa_auth does not work * Fri Mar 08 2013 Michal Luscon - 7:3.2.8-1 - Update to latest upstream version 3.2.8 - Fixed rawhide build issues (-make check) * Thu Feb 07 2013 Michal Luscon - 7:3.2.7-1 - Update to latest upstream version 3.2.7 * Thu Jan 24 2013 Michal Luscon - 7:3.2.5-2 - CVE-2013-0189: Incomplete fix for the CVE-2012-5643 * Mon Dec 17 2012 Michal Luscon - 7:3.2.5-1 - Update to latest upstream version 3.2.5 * Mon Nov 05 2012 Michal Luscon - 7:3.2.3-3 - Resolved: #71483 - httpd 2.4 requires new configuration directives * Fri Oct 26 2012 Michal Luscon - 7:3.2.3-2 - Resolved: #854356 - squid.service use PIDFile - Resolved: #859393 - Improve cache_swap script - Resolved: #791129 - disk space warning - Resolved: #862252 - reload on VPN or network up/down - Resolved: #867531 - run test suite during build - Resolved: #832684 - missing after dependency nss-lookup.target - Removed obsolete configure options * Mon Oct 22 2012 Tomas Hozza - 7:3.2.3-1 - Update to latest upstream version 3.2.3 * Tue Oct 16 2012 Tomas Hozza - 7:3.2.2-1 - Update to latest upstream version 3.2.2 * Fri Oct 05 2012 Tomas Hozza - 7:3.2.1-2 - Introduced new systemd-rpm macros in squid spec file. (#850326) * Wed Aug 29 2012 Michal Luscon - 7:3.2.1-1 - Update to latest upstream 3.2.1 * Sat Jul 21 2012 Fedora Release Engineering - 7:3.2.0.16-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Mon Apr 02 2012 Henrik Nordstrom - 7:3.2.0.16-2 - Enable SSL CRTD for ssl bump * Wed Mar 07 2012 Henrik Nordstrom - 7:3.2.0.16-1 - Upstream 3.2.0.16 bugfix release * Tue Feb 28 2012 Fedora Release Engineering - 7:3.2.0.15-2 - Rebuilt for c++ ABI breakage * Mon Feb 06 2012 Henrik Nordstrom - 7:3.2.0.15-1 - Upstream 3.2.0.15 bugfix release * Wed Feb 01 2012 Henrik Nordstrom - 7:3.2.0.14-7 - update with upstreamed patch versions * Tue Jan 17 2012 Henrik Nordstrom - 7:3.2.0.14-6 - upstream gcc-4.7 patch - fix for bug #772483 running out of memory, mem_node growing out of bounds * Mon Jan 16 2012 Jiri Skala - 7:3.2.0.14-5 - fixes FTBFS due to gcc-4.7 * Fri Jan 13 2012 Jiri Skala - 7:3.2.0.14-4 - fixes #772481 - Low number of open files for squid process - fixes FTBFS due to gcc4.7 * Thu Jan 05 2012 Henrik Nordstrom - 3.2.0.14-3 - rebuild for gcc-4.7.0 * Mon Dec 19 2011 Jiri Skala - 7:3.2.0.14-2 - fixes #768586 - Please enable eCAP support again * Wed Dec 14 2011 Jiri Skala - 7:3.2.0.14-1 - update to latest upstream 3.2.0.14 * Mon Nov 07 2011 Jiri Skala - 7:3.2.0.13-5 - fixes #751679 - host_strict_verify setting inverted in squid.conf * Thu Nov 03 2011 Jiri Skala - 7:3.2.0.13-4 - fixes #750550 - Squid might depend on named * Wed Oct 26 2011 Jiri Skala - 7:3.2.0.13-3 - added upstream fix for #747125 * Wed Oct 26 2011 Jiri Skala - 7:3.2.0.13-2 - fixes #747103 - squid does not start if /var/spool/squid is empty - fixes #747110 - squid does not start adding "memory_pools off" * Mon Oct 17 2011 Jiri Skala - 7:3.2.0.13-1 - update to latest upstream 3.2.0.13 * Tue Sep 20 2011 Jiri Skala - 7:3.2.0.12-1 - update to latest upstream 3.2.0.12 * Mon Aug 29 2011 Henrik Nordstrom - 7:3.2.0.11-3 - update to latest upstream 3.2.0.11 * Sat Aug 27 2011 Henrik Nordstrom - 7:3.2.0.10-3 - Fix for SQUID-2011:3 Gopher vulnerability * Thu Aug 18 2011 Jiri Skala - 7:3.2.0.10-2 - rebuild for rpm * Mon Aug 01 2011 Jiri Skala - 7:3.2.0.10-1 - update to latest upsteam 3.2.0.10 * Mon Aug 01 2011 Jiri Skala - 7:3.2.0.9-2 - rebuild for libcap * Tue Jun 07 2011 Jiri Skala - 7:3.2.0.9-1 - upgrade to squid-3.2 - fixes #720445 - Provide native systemd unit file - SysV initscript moved to subpackage - temproary disabled eCap * Wed May 18 2011 Jiri Skala - 7:3.1.12-3 - enabled eCAP support * Wed May 04 2011 Jiri Skala - 7:3.1.12-2 - applied corrections of unused patch (Ismail Dönmez) * Fri Apr 15 2011 Jiri Skala - 7:3.1.12-1 - Update to 3.1.12 upstream release * Thu Feb 10 2011 Jiri Skala - 7:3.1.11-1 - Update to 3.1.11 upstream release - fixes issue with unused variale after mass rebuild (gcc-4.6) * Wed Feb 09 2011 Fedora Release Engineering - 7:3.1.10-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Thu Jan 06 2011 Jiri Skala - 7:3.1.10-1 - Update to 3.1.10 upstream release * Fri Nov 05 2010 Jiri Skala - 7:3.1.9-5 - rebuild for libxml2 * Mon Nov 01 2010 Jiri Skala - 7:3.1.9-4 - fixes #647967 - build with -fPIE option back and dropped proper libltdl usage * Sat Oct 30 2010 Henrik Nordstrom - 7:3.1.9-3 - Bug #647967 - License clarification & spec-file cleanup * Mon Oct 25 2010 Henrik Nordstrom 7:3.1.9-2 - Upstream 3.1.9 bugfix release * Wed Oct 13 2010 Jiri Skala - 7:3.1.8-2 - fixes #584161 - squid userid not added to wbpriv group * Sun Sep 05 2010 Henrik Nordstrom - 7:3.1.8-1 - Bug #630445: SQUID-2010:3 Denial of service issue * Tue Aug 24 2010 Henrik Nordstrom - 7:3.1.7-1 - Upstream 3.1.7 bugfix release * Fri Aug 20 2010 Henrik Nordstrom - 7:3.1.6-1 - Upstream 3.1.6 bugfix release - Build with system libtool-ltdl * Thu Jul 15 2010 Henrik Nordstrom - 7:3.1.5-2 - Upstream 3.1.5 bugfix release - Upstream patch for Bug #614665: Squid crashes with ident auth - Upstream patches for various memory leaks * Mon May 31 2010 Henrik Nordstrom - 7:3.1.4-2 - Correct case-insensitiveness in HTTP list header parsing * Sun May 30 2010 Henrik Nordstrom - 7:3.1.4-1 - Upstream 3.1.4 bugfix release, issues relating to IPv6, TPROXY, Memory management, follow_x_forwarded_for, and stability fixes * Fri May 14 2010 Henrik Nordstrom - 7:3.1.3-2 - Fully fix #548903 - "comm_open: socket failure: (97) Address family not supported by protocol" if IPv6 disabled - Various IPv6 related issues fixed, making tcp_outgoing_address behave as expected and no commResetFD warnings when using tproxy setups. * Sun May 02 2010 Henrik Nordstrom - 7:3.1.3-1 - Update to 3.1.3 Upstream bugfix release, fixing WCCPv1 * Mon Apr 19 2010 Henrik Nordstrom - 7:3.1.1-4 - Bug #583489: Adjust logrotate script to changes in logrotate package. * Mon Apr 19 2010 Jiri Skala - fixes #548903 - "comm_open: socket failure: (97) Address family not supported by protocol" if IPv6 disabled * Tue Mar 30 2010 Henrik Nordstrom - 7:3.1.1-2 - Update to 3.1.1 Squid bug #2827 crash with assertion failed: FilledChecklist.cc:90: "conn() != NULL" under high load. * Mon Mar 15 2010 Henrik Nordstrom - 7:3.1.0.18-1 - Upgrade to 3.1.0.18 fixing Digest authentication and improved HTTP/1.1 support * Sun Feb 28 2010 Henrik Nordstrom - 7:3.1.0.17-3 - Bug 569120, fails to open unbound ipv4 listening sockets * Thu Feb 25 2010 Henrik Nordstrom - 7:3.1.0.17-2 - Upgrade to 3.1.0.17 * Thu Feb 18 2010 Henrik Nordstrom - 7:3.1.0.16-7 - Workaround for Fedora-13 build failure * Sun Feb 14 2010 Henrik Nordstrom - 7:3.1.0.16-6 - Patch for Squid security advisory SQUID-2010:2, denial of service issue in HTCP processing (CVE-2010-0639) * Sun Feb 07 2010 Henrik Nordstrom - 7:3.1.0.16-5 - Rebuild 3.1.0.16 with corrected upstream release. * Wed Feb 03 2010 Jiri Skala - 7:3.1.0.16-4 - spec file modified to be fedora packaging guidline compliant - little shifting lines in init script header due to rpmlint complaint - fixes assertion during start up * Mon Feb 01 2010 Henrik Nordstrom 7:3.1.0.16-3 - Upgrade to 3.1.0.16 for DNS related DoS fix (Squid-2010:1) * Sat Jan 09 2010 Henrik Nordstrom - 7:3.1.0.15-3 - fixed #551302 PROXY needs libcap. Also increases security a little. - merged relevant upstream bugfixes waiting for next 3.1 release * Mon Nov 23 2009 Henrik Nordstrom - 7:3.1.0.15-2 - Update to 3.1.0.15 with a number of bugfixes and a workaround for ICEcast/SHOUTcast streams. * Mon Nov 23 2009 Jiri Skala 7:3.1.0.14-2 - fixed #532930 Syntactic error in /etc/init.d/squid - fixed #528453 cannot initialize cache_dir with user specified config file * Sun Sep 27 2009 Henrik Nordstrom - 7:3.1.0.14-1 - Update to 3.1.0.14 * Sat Sep 26 2009 Henrik Nordstrom - 7:3.1.0.13-7 - Include upstream patches fixing important operational issues - Enable ESI support now that it does not conflict with normal operation * Fri Sep 18 2009 Henrik Nordstrom - 7:3.1.0.13-6 - Rotate store.log if enabled * Wed Sep 16 2009 Tomas Mraz - 7:3.1.0.13-5 - Use password-auth common PAM configuration instead of system-auth * Tue Sep 15 2009 Jiri Skala - 7:3.1.0.13-4 - fixed #521596 - wrong return code of init script * Tue Sep 08 2009 Henrik Nordstrom - 7:3.1.0.13-3 - Enable squid_kerb_auth * Mon Sep 07 2009 Henrik Nordstrom - 7:3.1.0.13-2 - Cleaned up packaging to ease future maintenance * Fri Sep 04 2009 Henrik Nordstrom - 7:3.1.0.13-1 - Upgrade to next upstream release 3.1.0.13 with many new features * IPv6 support * NTLM-passthru * Kerberos/Negotiate authentication scheme support * Localized error pages based on browser language preferences * Follow X-Forwarded-For capability * and more.. * Mon Aug 31 2009 Henrik Nordstrom - 3.0.STABLE18-3 - Bug #520445 silence logrotate when Squid is not running * Fri Aug 21 2009 Tomas Mraz - 7:3.0.STABLE18-2 - rebuilt with new openssl * Tue Aug 04 2009 Henrik Nordstrom - 7:3.0.STABLE18-1 - Update to 3.0.STABLE18 * Sat Aug 01 2009 Henrik Nordstrom - 7:3.0.STABLE17-3 - Squid Bug #2728: regression: assertion failed: http.cc:705: "!eof" * Mon Jul 27 2009 Henrik Nordstrom - 7:3.0.STABLE17-2 - Bug #514014, update to 3.0.STABLE17 fixing the denial of service issues mentioned in Squid security advisory SQUID-2009_2. * Sun Jul 26 2009 Fedora Release Engineering - 7:3.0.STABLE16-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Wed Jul 01 2009 Jiri Skala 7:3.0.STABLE16-2 - fixed patch parameter of bXXX patches * Mon Jun 29 2009 Henrik Nordstrom - 7:3.0.STABLE16-1 - Upgrade to 3.0.STABLE16 * Sat May 23 2009 Henrik Nordstrom - 7:3.0.STABLE15-2 - Bug #453304 - Squid requires restart after Network Manager connection setup * Sat May 09 2009 Henrik Nordstrom - 7:3.0.STABLE15-1 - Upgrade to 3.0.STABLE15 * Tue Apr 28 2009 Jiri Skala - 7:3.0.STABLE14-3 - fixed ambiguous condition in the init script (exit 4) * Mon Apr 20 2009 Henrik Nordstrom - 7:3.0.STABLE14-2 - Squid bug #2635: assertion failed: HttpHeader.cc:1196: "Headers[id].type == ftInt64" * Sun Apr 19 2009 Henrik Nordstrom - 7:3.0.STABLE14-1 - Upgrade to 3.0.STABLE14 * Fri Mar 06 2009 Henrik Nordstrom - 7:3.0.STABLE13-2 - backported logfile.cc syslog parameters patch from 3.1 (b9443.patch) - GCC-4.4 workaround in src/wccp2.cc * Wed Feb 25 2009 Fedora Release Engineering - 7:3.0.STABLE13-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Thu Feb 5 2009 Jonathan Steffan - 7:3.0.STABLE13-1 - upgrade to latest upstream * Tue Jan 27 2009 Henrik Nordstrom - 7:3.0.STABLE12-1 - upgrade to latest upstream * Sun Jan 18 2009 Tomas Mraz - 7:3.0.STABLE10-4 - rebuild with new openssl * Fri Dec 19 2008 Henrik Nordstrom - 7:3.0.STABLE10-3 - actually include the upstream bugfixes in the build * Fri Dec 19 2008 Henrik Nordstrom - 7:3.0.STABLE10-2 - upstream bugfixes for cache corruption and access.log response size errors * Fri Oct 24 2008 Henrik Nordstrom - 7:3.0.STABLE10-1 - upgrade to latest upstream * Sun Oct 19 2008 Henrik Nordstrom - 7:3.0.STABLE9-2 - disable coss support, not officially supported in 3.0 * Sun Oct 19 2008 Henrik Nordstrom - 7:3.0.STABLE9-1 - update to latest upstream * Thu Oct 09 2008 Henrik Nordstrom - 7:3.0.STABLE7-4 - change logrotate to move instead of copytruncate * Wed Oct 08 2008 Jiri Skala - 7:3.0.STABLE7-3 - fix #465052 - FTBFS squid-3.0.STABLE7-1.fc10 * Thu Aug 14 2008 Jiri Skala - 7:3.0.STABLE7-2 - used ncsa_auth.8 from man-pages. there will be this file removed due to conflict - fix #458593 noisy initscript - fix #463129 init script tests wrong conf file - fix #450352 - build.patch patches only generated files * Wed Jul 02 2008 Jiri Skala - 7:3.0.STABLE7-1 - update to latest upstream - fix #453214 * Mon May 26 2008 Martin Nagy - 7:3.0.STABLE6-2 - fix bad allocation * Wed May 21 2008 Martin Nagy - 7:3.0.STABLE6-1 - upgrade to latest upstream - fix bad allocation * Fri May 09 2008 Martin Nagy - 7:3.0.STABLE5-2 - fix configure detection of netfilter kernel headers (#435499), patch by aoliva@redhat.com - add support for negotiate authentication (#445337) * Fri May 02 2008 Martin Nagy - 7:3.0.STABLE5-1 - upgrade to latest upstream * Tue Apr 08 2008 Martin Nagy - 7:3.0.STABLE4-1 - upgrade to latest upstream * Thu Apr 03 2008 Martin Nagy - 7:3.0.STABLE2-2 - add %%{optflags} to make - remove warnings about unused return values * Thu Mar 13 2008 Martin Nagy - 7:3.0.STABLE2-1 - upgrade to latest upstream 3.0.STABLE2 - check config file before starting (#428998) - whitespace unification of init script - some minor path changes in the QUICKSTART file - configure with the --with-filedescriptors=16384 option * Tue Feb 26 2008 Martin Nagy - 7:3.0.STABLE1-3 - change the cache_effective_group default back to none * Mon Feb 11 2008 Martin Nagy - 7:3.0.STABLE1-2 - rebuild for 4.3 * Wed Jan 23 2008 Martin Nagy - 7:3.0.STABLE1-1 - upgrade to latest upstream 3.0.STABLE1 * Tue Dec 04 2007 Martin Bacovsky - 2.6.STABLE17-1 - upgrade to latest upstream 2.6.STABLE17 * Wed Oct 31 2007 Martin Bacovsky - 7:2.6.STABLE16-3 - arp-acl was enabled * Tue Sep 25 2007 Martin Bacovsky - 7:2.6.STABLE16-2 - our fd_config patch was replaced by upstream's version - Source1 (FAQ.sgml) points to local source (upstream's moved to wiki) * Fri Sep 14 2007 Martin Bacovsky - 7:2.6.STABLE16-1 - upgrade to latest upstream 2.6.STABLE16 * Wed Aug 29 2007 Fedora Release Engineering - 7:2.6.STABLE14-2 - Rebuild for selinux ppc32 issue. * Thu Jul 19 2007 Martin Bacovsky - 7:2.6.STABLE14-1 - update to latest upstream 2.6.STABLE14 - resolves: #247064: Initscript Review * Tue Mar 27 2007 Martin Bacovsky - 7:2.6.STABLE12-1 - update to latest upstream 2.6.STABLE12 - Resolves: #233913: squid: unowned directory * Mon Feb 19 2007 Martin Bacovsky - 7:2.6.STABLE9-2 - Resolves: #226431: Merge Review: squid * Mon Jan 29 2007 Martin Bacovsky - 7:2.6.STABLE9-1 - update to the latest upstream * Sun Jan 14 2007 Martin Stransky - 7:2.6.STABLE7-1 - update to the latest upstream * Tue Dec 12 2006 Martin Stransky - 7:2.6.STABLE6-1 - update to the latest upstream * Mon Nov 6 2006 Martin Stransky - 7:2.6.STABLE5-1 - update to the latest upstream * Thu Oct 26 2006 Martin Stransky - 7:2.6.STABLE4-4 - added fix for #205568 - marked cachemgr.conf as world readable * Wed Oct 25 2006 Martin Stransky - 7:2.6.STABLE4-3 - added fix for #183869 - squid can abort when getting status - added upstream fixes: * Bug #1796: Assertion error HttpHeader.c:914: "str" * Bug #1779: Delay pools fairness, correction to first patch * Bug #1802: Crash on exit in certain conditions where cache.log is not writeable * Bug #1779: Delay pools fairness when multiple connections compete for bandwidth * Clarify the select/poll/kqueue/epoll configure --enable/disable options - reworked fd patch for STABLE4 * Tue Oct 17 2006 Martin Stransky - 7:2.6.STABLE4-2 - upstream fixes: * Accept 00:00-24:00 as a valid time specification (upstream BZ #1794) * aioDone() could be called twice * Squid reconfiguration (upstream BZ #1800) * Mon Oct 2 2006 Martin Stransky - 7:2.6.STABLE4-1 - new upstream - fixes from upstream bugzilla, items #1782,#1780,#1785,#1719,#1784,#1776 * Tue Sep 5 2006 Martin Stransky - 7:2.6.STABLE3-2 - added upstream patches for ACL * Mon Aug 21 2006 Martin Stransky - 7:2.6.STABLE3-1 - the latest stable upstream * Thu Aug 10 2006 Karsten Hopp 7:2.6.STABLE2-3 - added some requirements for pre/post install scripts * Fri Aug 04 2006 Martin Stransky - 7:2.6.STABLE2-2 - added patch for #198253 - squid: don't chgrp another pkg's files/directory * Mon Jul 31 2006 Martin Stransky - 7:2.6.STABLE2-1 - the latest stable upstream - reworked fd config patch * Tue Jul 25 2006 Martin Stransky - 7:2.6.STABLE1-3 - the latest CVS upstream snapshot * Wed Jul 19 2006 Martin Stransky - 7:2.6.STABLE1-2 - the latest CVS snapshot * Tue Jul 18 2006 Martin Stransky - 7:2.6.STABLE1-1 - new upstream + the latest CVS snapshot from 2006/07/18 - updated fd config patch - enabled epoll - fixed release format (#197405) - enabled WCCPv2 support (#198642) * Wed Jul 12 2006 Jesse Keating - 7:2.5.STABLE14-2.1 - rebuild * Thu Jun 8 2006 Martin Stransky - 7:2.5.STABLE14-2 - fix for squid BZ#1511 - assertion failed: HttpReply.c:105: "rep" * Tue May 30 2006 Martin Stransky - 7:2.5.STABLE14-1 - update to new upstream * Sun May 28 2006 Martin Stransky - 7:2.5.STABLE13-5 - fixed libbind patch (#193298) * Wed May 3 2006 Martin Stransky - 7:2.5.STABLE13-4 - added extra group check (#190544) * Wed Mar 29 2006 Martin Stransky - 7:2.5.STABLE13-3 - improved pre script (#187217) - added group switch * Thu Mar 23 2006 Martin Stransky - 7:2.5.STABLE13-2 - removed "--with-large-files" on 64bit arches * Mon Mar 13 2006 Martin Stransky - 7:2.5.STABLE13-1 - update to new upstream * Fri Feb 10 2006 Jesse Keating - 7:2.5.STABLE12-5.1 - bump again for double-long bug on ppc(64) * Tue Feb 07 2006 Martin Stransky - 7:2.5.STABLE12-5 - new upstream patches * Tue Feb 07 2006 Jesse Keating - 7:2.5.STABLE12-4.1 - rebuilt for new gcc4.1 snapshot and glibc changes * Wed Dec 28 2005 Martin Stransky 7:2.5.STABLE12-4 - added follow-xff patch (#176055) - samba path fix (#176659) * Mon Dec 19 2005 Martin Stransky 7:2.5.STABLE12-3 - fd-config.patch clean-up - SMB_BadFetch patch from upstream * Fri Dec 09 2005 Jesse Keating - rebuilt * Mon Nov 28 2005 Martin Stransky 7:2.5.STABLE12-2 - rewriten patch squid-2.5.STABLE10-64bit.patch, it works with "--with-large-files" option now - fix for #72896 - squid does not support > 1024 file descriptors, new "--enable-fd-config" option for it. * Wed Nov 9 2005 Martin Stransky 7:2.5.STABLE12-1 - update to STABLE12 - setenv patch * Mon Oct 24 2005 Martin Stransky 7:2.5.STABLE11-6 - fix for delay pool from upstream * Thu Oct 20 2005 Martin Stransky 7:2.5.STABLE11-5 - fix for #171213 - CVE-2005-3258 Squid crash due to malformed FTP response - more fixes from upstream * Fri Oct 14 2005 Martin Stransky 7:2.5.STABLE11-4 - enabled support for large files (#167503) * Thu Oct 13 2005 Tomas Mraz 7:2.5.STABLE11-3 - use include instead of pam_stack in pam config * Thu Sep 29 2005 Martin Stransky 7:2.5.STABLE11-2 - added patch for delay pools and some minor fixes * Fri Sep 23 2005 Martin Stransky 7:2.5.STABLE11-1 - update to STABLE11 * Mon Sep 5 2005 Martin Stransky 7:2.5.STABLE10-4 - Three upstream patches for #167414 - Spanish and Greek messages - patch for -D_FORTIFY_SOURCE=2 * Tue Aug 30 2005 Martin Stransky 7:2.5.STABLE10-3 - removed "--enable-truncate" option (#165948) - added "--enable-cache-digests" option (#102134) - added "--enable-ident-lookups" option (#161640) - some clean up (#165949) * Fri Jul 15 2005 Martin Stransky 7:2.5.STABLE10-2 - pam_auth and ncsa_auth have setuid (#162660) * Thu Jul 7 2005 Martin Stransky 7:2.5.STABLE10-1 - new upstream version - enabled fakeauth utility (#154020) - enabled digest authentication scheme (#155882) - all error pages marked as config (#127836) - patch for 64bit statvfs interface (#153274) - added httpd config file for cachemgr.cgi (#112725) * Mon May 16 2005 Jay Fenlason 7:2.5.STABLE9-7 - Upgrade the upstream -dns_query patch from -4 to -5 * Wed May 11 2005 Jay Fenlason 7:2.5.STABLE9-6 - More upstream patches, including a fix for bz#157456 CAN-2005-1519 DNS lookups unreliable on untrusted networks * Tue Apr 26 2005 Jay Fenlason 7:2.5.STABLE9-5 - more upstream patches, including a fix for CVE-1999-0710 cachemgr malicious use * Fri Apr 22 2005 Jay Fenlason 7:2.5.STABLE9-4 - More upstream patches, including the fixed 2GB patch. - include the -libbind patch, which prevents squid from using the optional -lbind library, even if it's installed. * Tue Mar 15 2005 Jay Fenlason 7:2.5.STABLE9-2 - New upstream version, with 14 upstream patches. * Wed Feb 16 2005 Jay Fenlason 7:2.5.STABLE8-2 - new upstream version with 4 upstream patches. - Reorganize spec file to apply upstream patches first * Tue Feb 1 2005 Jay Fenlason 7:2.5.STABLE7-4 - Include two more upstream patches for security vulns: bz#146783 Correct handling of oversized reply headers bz#146778 CAN-2005-0211 Buffer overflow in WCCP recvfrom() call * Tue Jan 25 2005 Jay Fenlason 7:2.5.STABLE7-3 - Include more upstream patches, including two for security holes. * Tue Jan 18 2005 Jay Fenlason 7:2.5.STABLE7-2 - Add a triggerin on samba-common to make /var/cache/samba/winbindd_privileged accessable so that ntlm_auth will work. It needs to be in this rpm, because the Samba RPM can't assume the squid user exists. Note that this will only work if the Samba RPM is recent enough to create that directory at install time instead of at winbindd startup time. That should be samba-common-3.0.0-15 or later. This fixes bugzilla #103726 - Clean up extra whitespace in this spec file. - Add additional upstream patches. (Now 18 upstream patches). - patch #112 closes CAN-2005-0096 and CAN-2005-0097, remote DOS security holes. - patch #113 closes CAN-2005-0094, a remote buffer-overflow DOS security hole. - patch #114 closes CAN-2005-0095, a remote DOS security hole. - Remove the -nonbl (replaced by #104) and -close (replaced by #111) patches, since they're now fixed by upstream patches. * Mon Oct 25 2004 Jay Fenlason 7:2.5.STABLE7-1 - new upstream version, with 3 upstream patches. Updated the -build and -config patches - Include patch from Ulrich Drepper to more intelligently close all file descriptors. * Mon Oct 18 2004 Jay Fenlason 7:2.5.STABLE6-3 - include patch from Ulrich Drepper to stop problems with O_NONBLOCK. This closes #136049 * Tue Oct 12 2004 Jay Fenlason 7:2.5.STABLE6-2 - Include fix for CAN-2004-0918 * Tue Sep 28 2004 Jay Fenlason 7:2.5.STABLE6-1 - New upstream version, with 32 upstream patches. This closes #133970, #133931, #131728, #128143, #126726 - Change the permissions on /etc/squid/squid.conf to 640. This closes bugzilla #125007 * Mon Jun 28 2004 Jay Fenlason 7:2.5STABLE5-5 - Merge current upstream patches. - Fix the -pipe patch to have the correct name of the winbind pipe. * Tue Jun 15 2004 Elliot Lee - rebuilt * Mon Apr 5 2004 Jay Fenlason 7:2.5.STABLE5-2 - Include the first 10 upstream patches - Add a patch for the correct location of the winbindd pipe. This closes bugzilla #107561 - Remove the change to ssl_support.c from squid-2.5.STABLE3-build patch This closes #117851 - Include /etc/pam.d/squid . This closes #113404 - Include a patch to close #111254 (assignment in assert) - Change squid.init to put output messages in /var/log/squid/squid.out This closes #104697 - Only useradd the squid user if it doesn't already exist, and error out if the useradd fails. This closes #118718. * Tue Mar 2 2004 Jay Fenlason 7:2.5.STABLE5-1 - New upstream version, obsoletes many patches. - Fix --datadir passed to configure. Configure automatically adds /squid so we shouldn't. - Remove the problematic triggerpostun trigger, since is's broken, and FC2 never shipped with that old version. - add %%{?_smp_mflags} to make line. * Tue Mar 02 2004 Elliot Lee - rebuilt * Mon Feb 23 2004 Tim Waugh - Use ':' instead of '.' as separator for chown. * Fri Feb 20 2004 Jay Fenlason 7:2.5.STABLE4-3 - Clean up the spec file to work on 64-bit platforms (use %%{_libdir} instead of /usr/lib, etc) - Make the release number in the changelog section agree with reality. - use -fPIE rather than -fpie. s390 fails with just -fpie * Fri Feb 13 2004 Elliot Lee - rebuilt * Thu Feb 5 2004 Jay Fenlason - Incorporate many upstream patches - Include many spec file changes from D.Johnson * Tue Sep 23 2003 Jay Fenlason 7:2.5.STABLE4-1 - New upstream version. - Fix the Source: line in this spec file to point to the correct URL. - redo the -location patch to work with the new upstream version. * Mon Jun 30 2003 Jay Fenlason 7:2.5.STABLE3-0 - Spec file change to enable the nul storage module. bugzilla #74654 - Upgrade to 2.5STABLE3 with current official patches. - Added --enable-auth="basic,ntlm": closes bugzilla #90145 - Added --with-winbind-auth-challenge: closes bugzilla #78691 - Added --enable-useragent-log and --enable-referer-log, closes - bugzilla #91884 # - Changed configure line to enable pie # (Disabled due to broken compilers on ia64 build machines) #- Patched to increase the maximum number of file descriptors #72896 #- (disabled for now--needs more testing) * Wed Jun 04 2003 Elliot Lee - rebuilt * Wed Jan 22 2003 Tim Powers - rebuilt * Wed Jan 15 2003 Bill Nottingham 7:2.5.STABLE1-1 - update to 2.5.STABLE1 * Wed Nov 27 2002 Tim Powers 7:2.4.STABLE7-5 - remove unpackaged files from the buildroot * Tue Aug 27 2002 Nalin Dahyabhai 2.4.STABLE7-4 - rebuild * Wed Jul 31 2002 Karsten Hopp - don't raise an error if the config file is incomplete set defaults instead (#69322, #70065) * Thu Jul 18 2002 Bill Nottingham 2.4.STABLE7-2 - don't strip binaries * Mon Jul 8 2002 Bill Nottingham - update to 2.4.STABLE7 - fix restart (#53761) * Tue Jun 25 2002 Bill Nottingham - add various upstream bugfix patches * Fri Jun 21 2002 Tim Powers - automated rebuild * Thu May 23 2002 Tim Powers - automated rebuild * Fri Mar 22 2002 Bill Nottingham - 2.4.STABLE6 - turn off carp * Mon Feb 18 2002 Bill Nottingham - 2.4.STABLE3 + patches - turn off HTCP at request of maintainers - leave SNMP enabled in the build, but disabled in the default config * Fri Jan 25 2002 Tim Powers - rebuild against new libssl * Wed Jan 09 2002 Tim Powers - automated rebuild * Mon Jan 07 2002 Florian La Roche - require linuxdoc-tools instead of sgml-tools * Tue Sep 25 2001 Bill Nottingham - update to 2.4.STABLE2 * Mon Sep 24 2001 Bill Nottingham - add patch to fix FTP crash * Mon Aug 6 2001 Bill Nottingham - fix uninstall (#50411) * Mon Jul 23 2001 Bill Nottingham - add some buildprereqs (#49705) * Sun Jul 22 2001 Bill Nottingham - update FAQ * Tue Jul 17 2001 Bill Nottingham - own /etc/squid, /usr/lib/squid * Tue Jun 12 2001 Nalin Dahyabhai - rebuild in new environment - s/Copyright:/License:/ * Tue Apr 24 2001 Bill Nottingham - update to 2.4.STABLE1 + patches - enable some more configure options (#24981) - oops, ship /etc/sysconfig/squid * Fri Mar 2 2001 Nalin Dahyabhai - rebuild in new environment * Tue Feb 6 2001 Trond Eivind Glomsrød - improve i18n - make the initscript use the standard OK/FAILED * Tue Jan 23 2001 Bill Nottingham - change i18n mechanism * Fri Jan 19 2001 Bill Nottingham - fix path references in QUICKSTART (#15114) - fix initscript translations (#24086) - fix shutdown logic (#24234), patch from - add /etc/sysconfig/squid for daemon options & shutdown timeouts - three more bugfixes from the Squid people - update FAQ.sgml - build and ship auth modules (#23611) * Thu Jan 11 2001 Bill Nottingham - initscripts translations * Mon Jan 8 2001 Bill Nottingham - add patch to use mkstemp (greg@wirex.com) * Fri Dec 01 2000 Bill Nottingham - rebuild because of broken fileutils * Sat Nov 11 2000 Bill Nottingham - fix the acl matching cases (only need the second patch) * Tue Nov 7 2000 Bill Nottingham - add two patches to fix domain ACLs - add 2 bugfix patches from the squid people * Fri Jul 28 2000 Bill Nottingham - clean up init script; fix condrestart - update to STABLE4, more bugfixes - update FAQ * Tue Jul 18 2000 Nalin Dahyabhai - fix syntax error in init script - finish adding condrestart support * Fri Jul 14 2000 Bill Nottingham - move initscript back * Wed Jul 12 2000 Prospector - automatic rebuild * Thu Jul 6 2000 Bill Nottingham - prereq /etc/init.d - add bugfix patch - update FAQ * Thu Jun 29 2000 Bill Nottingham - fix init script * Tue Jun 27 2000 Bill Nottingham - don't prereq new initscripts * Mon Jun 26 2000 Bill Nottingham - initscript munging * Sat Jun 10 2000 Bill Nottingham - rebuild for exciting FHS stuff * Wed May 31 2000 Bill Nottingham - fix init script again (#11699) - add --enable-delay-pools (#11695) - update to STABLE3 - update FAQ * Fri Apr 28 2000 Bill Nottingham - fix init script (#11087) * Fri Apr 7 2000 Bill Nottingham - three more bugfix patches from the squid people - buildprereq jade, sgmltools * Sun Mar 26 2000 Florian La Roche - make %%pre more portable * Thu Mar 16 2000 Bill Nottingham - bugfix patches - fix dependency on /usr/local/bin/perl * Sat Mar 4 2000 Bill Nottingham - 2.3.STABLE2 * Mon Feb 14 2000 Bill Nottingham - Yet More Bugfix Patches * Tue Feb 8 2000 Bill Nottingham - add more bugfix patches - --enable-heap-replacement * Mon Jan 31 2000 Cristian Gafton - rebuild to fix dependencies * Fri Jan 28 2000 Bill Nottingham - grab some bugfix patches * Mon Jan 10 2000 Bill Nottingham - 2.3.STABLE1 (whee, another serial number) * Tue Dec 21 1999 Bernhard Rosenkraenzer - Fix compliance with ftp RFCs (http://www.wu-ftpd.org/broken-clients.html) - Work around a bug in some versions of autoconf - BuildPrereq sgml-tools - we're using sgml2html * Mon Oct 18 1999 Bill Nottingham - add a couple of bugfix patches * Wed Oct 13 1999 Bill Nottingham - update to 2.2.STABLE5. - update FAQ, fix URLs. * Sat Sep 11 1999 Cristian Gafton - transform restart in reload and add restart to the init script * Tue Aug 31 1999 Bill Nottingham - add squid user as user 23. * Mon Aug 16 1999 Bill Nottingham - initscript munging - fix conflict between logrotate & squid -k (#4562) * Wed Jul 28 1999 Bill Nottingham - put cachemgr.cgi back in /usr/lib/squid * Wed Jul 14 1999 Bill Nottingham - add webdav bugfix patch (#4027) * Mon Jul 12 1999 Bill Nottingham - fix path to config in squid.init (confuses linuxconf) * Wed Jul 7 1999 Bill Nottingham - 2.2.STABLE4 * Wed Jun 9 1999 Dale Lovelace - logrotate changes - errors from find when /var/spool/squid or - /var/log/squid didn't exist * Thu May 20 1999 Bill Nottingham - 2.2.STABLE3 * Thu Apr 22 1999 Bill Nottingham - update to 2.2.STABLE.2 * Sun Apr 18 1999 Bill Nottingham - update to 2.2.STABLE1 * Thu Apr 15 1999 Bill Nottingham - don't need to run groupdel on remove - fix useradd * Mon Apr 12 1999 Bill Nottingham - fix effective_user (bug #2124) * Mon Apr 5 1999 Bill Nottingham - strip binaries * Thu Apr 1 1999 Bill Nottingham - duh. adduser does require a user name. - add a serial number * Tue Mar 30 1999 Bill Nottingham - add an adduser in %%pre, too * Thu Mar 25 1999 Bill Nottingham - oog. chkconfig must be in %%preun, not %%postun * Wed Mar 24 1999 Bill Nottingham - switch to using group squid - turn off icmp (insecure) - update to 2.2.DEVEL3 - build FAQ docs from source * Tue Mar 23 1999 Bill Nottingham - logrotate changes * Sun Mar 21 1999 Cristian Gafton - auto rebuild in the new build environment (release 4) * Wed Feb 10 1999 Bill Nottingham - update to 2.2.PRE2 * Wed Dec 30 1998 Bill Nottingham - cache & log dirs shouldn't be world readable - remove preun script (leave logs & cache @ uninstall) * Tue Dec 29 1998 Bill Nottingham - fix initscript to get cache_dir correct * Fri Dec 18 1998 Bill Nottingham - update to 2.1.PATCH2 - merge in some changes from RHCN version * Sat Oct 10 1998 Cristian Gafton - strip binaries - version 1.1.22 * Sun May 10 1998 Cristian Gafton - don't make packages conflict with each other... * Sat May 02 1998 Cristian Gafton - added a proxy auth patch from Alex deVries - fixed initscripts * Thu Apr 09 1998 Cristian Gafton - rebuilt for Manhattan * Fri Mar 20 1998 Cristian Gafton - upgraded to 1.1.21/1.NOVM.21 * Mon Mar 02 1998 Cristian Gafton - updated the init script to use reconfigure option to restart squid instead of shutdown/restart (both safer and quicker) * Sat Feb 07 1998 Cristian Gafton - upgraded to 1.1.20 - added the NOVM package and tryied to reduce the mess in the spec file * Wed Jan 7 1998 Cristian Gafton - first build against glibc - patched out the use of setresuid(), which is available only on kernels 2.1.44 and later