File squid3.spec of Package squid3.import5582

# spec file for package squid3
# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via

# norootforbuild

%define		squidlibdir %{_libdir}/squid
%define		squidconfdir /etc/squid

Name:           squid3
Summary:        Squid Version 3 WWW Proxy Server
Version:        3.1.11
Release:        4.<RELEASE9>
License:        GPLv2+
Group:          Productivity/Networking/Web/Proxy
PreReq:         permissions
Conflicts:      squid squid2 squid23 squid-beta
Obsoletes:      squid-beta squid2
AutoReqProv:    on
PreReq:         %insserv_prereq %fillup_prereq
PreReq:         pwdutils /usr/bin/getent
#%define       squid_ldapauth_version 1.3
#Source1:      squid_ldapauth-%{squid_ldapauth_version}.tar.bz2
Source2:        rc.squid
Source3:        RELEASENOTES.html
Source5:        pam.squid
Source7:        squid.logrotate
Source9:        squid.permissions
Source10:       squid.sysconfig
Source11:       README.kerberos
# the following patches are downloaded directly from the webserver
# don't change the names for easier identification
# please read every file if there is interest about what the patch changes
# or just visit:
# FIX-UPSTREAM: Bug #2976: invalid URL on intercepted requests during reconfigure
Patch100:       squid-3.1.4-config.patch
Patch101:       squid-3.1.10-swapdir.patch
Patch102:       squid-3.1.12-bnc715171-CVE-2011-3205.patch
Patch103:       squid-3.1.11-bnc727492-CVE-2011-4096_invalid_free_CNAME.diff

BuildRoot:      %{_tmppath}/%{name}-%{version}-build
# needed by
BuildRequires:  ed
BuildRequires:  db-devel expat gcc-c++
%if 0%{?sles_version} == 9
BuildRequires:  heimdal-devel
BuildRequires:  krb5-devel
BuildRequires:  libcap-devel libexpat-devel libxml2-devel
BuildRequires:  openldap2-devel opensp-devel pam-devel sharutils
%if 0%{?suse_version} > 1030 || 0%{?fedora_version} > 8
BuildRequires:  fdupes
Requires:       logrotate
Provides:       http_proxy

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and
more. It reduces bandwidth and improves response times by caching and
reusing frequently-requested web pages. Squid has extensive access
controls and makes a great server accelerator.

Squid 3.0 represents a major rewrite of Squid and has a number of new

The most important of these are: - Code converted to C++, with
   significant internal restructuring and rewrites.

- ICAP implementation (RFC 3507 and

- Edge Side Includes (ESI) implementation (

Most user-facing changes are reflected in squid.conf.

    Duane Wessels <>
    Henrik Nordstrom <>

%setup -q -n squid-%{version}
%{__cp} %{S:11} .
# upstream patches after RELEASE
%patch0 -p0
##### other patches
%patch100 -p1
%if 0%{suse_version} > 1010
%patch101 -p1
perl -p -i -e 's|/usr/local/bin/perl|/usr/bin/perl|' `find -name "*.pl"`
chmod a-x CREDITS

%if 0%{suse_version} > 1010
export CFLAGS="$RPM_OPT_FLAGS -fPIE -fPIC -fno-strict-aliasing"
export CXXFLAGS="$RPM_OPT_FLAGS -fPIC -fno-strict-aliasing"
autoreconf -fiv
export CFLAGS="$RPM_OPT_FLAGS -fPIE -fPIC -fno-strict-aliasing"
export CXXFLAGS="$RPM_OPT_FLAGS -fPIC -fno-strict-aliasing"
export LDFLAGS='-pie'
./configure --prefix=/usr \
	--sysconfdir=%{squidconfdir} \
	--bindir=/usr/sbin \
	--sbindir=/usr/sbin \
	--localstatedir=/var \
	--libexecdir=/usr/sbin \
	--datadir=/usr/share/squid \
	--mandir=%{_mandir} \
	--libdir=%{_libdir} \
	--sharedstatedir=/var/squid \
	--with-logdir=/var/log/squid \
%if 0%{suse_version} > 1010
	--with-swapdir=/var/cache/squid \
	--with-pidfile=/var/run/ \
	--with-dl \
	--enable-storeio \
	--enable-disk-io=AIO,Blocking,DiskDaemon,DiskThreads \
	--enable-removal-policies=heap,lru \
	--enable-icmp \
	--enable-delay-pools \
	--enable-esi \
	--enable-icap-client \
	--enable-useragent-log \
	--enable-referer-log \
	--enable-kill-parent-hack \
	--enable-arp-acl \
	--enable-ssl \
	--enable-forw-via-db \
	--enable-cache-digests \
	--enable-linux-netfilter \
	--with-large-files \
	--enable-underscores \
	--enable-auth=basic,digest,ntlm,negotiate \
	--enable-basic-auth-helpers=DB,LDAP,MSNT,NCSA,PAM,POP3,SASL,SMB,YP,getpwnam,multi-domain-NTLM,squid_radius_auth \
	--enable-ntlm-auth-helpers=fakeauth,no_check,smb_lm \
	--enable-negotiate-auth-helpers=squid_kerb_auth \
	--enable-digest-auth-helpers=eDirectory,ldap,password \
	--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group \
	--enable-ntlm-fail-open \
	--enable-stacktraces \
	--enable-x-accelerator-vary \
## Deprecated
# --enable-poll \
#  Deprecated. Automatic checks will enable best I/O loop method available.
## changed to default, use --deisable-* to build without	
# --enable-htcp \
# --enable-snmp \
# problematic options
#	--enable-truncate \
# overwrite the number of open filedescriptors of configure to 4096
# to be backward compatible, but numbers above should not be overwritten
if [ `awk '/SQUID_MAXFD/{print $3}' include/autoconf.h` -lt 4096 ]; then
     set +x
     echo "adapting SQUID_MAXFD to 4096"
     set -x
     perl -pi -e 's;(\#define SQUID_MAXFD) [0-9]+;$1 4096;' include/autoconf.h
%{__make} SAMBAPREFIX=/usr %{?_smp_mflags}
#make 	DEFAULT_LOG_PREFIX=/var/log/squid \
#	  DEFAULT_SWAP_DIR=/var/cache/squid \
#	  DEFAULT_PID_FILE=/var/run/ \

/usr/sbin/useradd -r -o -g nogroup -u 31 -s /bin/false -c "WWW-proxy squid" \
	-d /var/cache/squid squid 2> /dev/null || :
mkdir -p $RPM_BUILD_ROOT/var/{cache,log}/squid
mkdir -p $RPM_BUILD_ROOT/usr/sbin
mv $RPM_BUILD_ROOT{/etc/squid/,/usr/share/squid/}mime.conf.default
ln -s /etc/squid/mime.conf $RPM_BUILD_ROOT/usr/share/squid # backward compatible
install -d -m 755 $RPM_BUILD_ROOT/etc/permissions.d
install -m 644 %{SOURCE9} $RPM_BUILD_ROOT/etc/permissions.d/squid
install -d -m 755 $RPM_BUILD_ROOT/etc/logrotate.d
install -m 644 %{SOURCE7} $RPM_BUILD_ROOT/etc/logrotate.d/squid
install -d %{buildroot}%{_mandir}/man8/
#chown squid:root -R $RPM_BUILD_ROOT/var/{cache,log}/squid
chmod 750 $RPM_BUILD_ROOT/var/{cache,log}/squid
install -D %{SOURCE2} $RPM_BUILD_ROOT/etc/init.d/squid
ln -sf /etc/init.d/squid $RPM_BUILD_ROOT/usr/sbin/rcsquid
mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man8/
install -m 644 doc/squid.8 $RPM_BUILD_ROOT/%{_mandir}/man8/
install -m 644 helpers/basic_auth/LDAP/squid_ldap_auth.8 $RPM_BUILD_ROOT/%{_mandir}/man8/
install -m 644 helpers/basic_auth/LDAP/squid_ldap_auth.8 $RPM_BUILD_ROOT/%{_mandir}/man8/
install -m 644 helpers/basic_auth/PAM/pam_auth.8 $RPM_BUILD_ROOT/%{_mandir}/man8/
install -m 644 helpers/external_acl/ldap_group/squid_ldap_group.8 $RPM_BUILD_ROOT/%{_mandir}/man8/
gzip -9 $RPM_BUILD_ROOT/%{_mandir}/man8/*.8
install -d -m 755 doc/scripts
install scripts/*.pl doc/scripts
cat > doc/scripts/cachemgr.readme <<-EOT
	cachemgr.cgi will now be found in %{_libdir}/squid
install -d -m 755 $RPM_BUILD_ROOT/%{_libdir}/squid
mv $RPM_BUILD_ROOT/usr/sbin/cachemgr.cgi $RPM_BUILD_ROOT/%{_libdir}/squid
install -d -m 755 doc/contrib
install %{SOURCE6} doc/contrib
install -D -m 644 %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/squid
#chown squid:shadow $RPM_BUILD_ROOT/usr/sbin/pam_auth
chmod g+s $RPM_BUILD_ROOT/usr/sbin/pam_auth
#rm %{buildroot}/usr/sbin/Run*
rm -rf %{buildroot}%{squidconfdir}/errors
for i in errors/*; do
	if [ -d $i ]; then
		mkdir -p %{buildroot}/usr/share/squid/$i
		install -m 644 $i/* %{buildroot}/usr/share/squid/$i
ln -fs /usr/share/squid/errors/de %{buildroot}%{squidconfdir}/errors
install -d -m 755 $RPM_BUILD_ROOT/var/adm/fillup-templates
install -m 644 %{SOURCE10} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.squid
# remove unpackaged files
rm -f $RPM_BUILD_ROOT/usr/man/man8/*.8
# fix file duplicates
%if 0%{?suse_version} > 1030
%fdupes -s $RPM_BUILD_ROOT
%if 0%{?fedora_version} > 8
fdupes -q -n -r $RPM_BUILD_ROOT

# we need this group for squid (ntlmauth)
# read access to /var/lib/samba/winbindd_privileged
if [ -z "`%{_bindir}/getent group winbind 2>/dev/null`" ]; then
  %{_sbindir}/groupadd -r winbind 2>/dev/null
if [ -z "`%{_bindir}/getent passwd squid 2>/dev/null`" ]; then
/usr/sbin/useradd -c "WWW-proxy squid" -d /var/cache/squid \
        -G winbind -g nogroup -o -u 31 -r -s /bin/false \
        squid 2>/dev/null
# if squid is not member of winbind, add him
if [ `%{_bindir}/id -nG squid 2>/dev/null | %{__grep} -q winbind >/dev/null; echo $?` -ne 0 ]; then
  %{_sbindir}/groupmod -A squid winbind 2>/dev/null

%if 0%{?sles_version} == 10
%{__sed} -i -e "s,\(^%{_sbindir}/pam_auth.*\)\(2755\),\14755," /etc/
# update mode?
if [ "$1" -gt "1" ]; then
	if [ -e etc/squid.conf -a ! -L etc/squid.conf -a ! -e etc/squid/squid.conf ]; then
		echo "moving /etc/squid.conf to /etc/squid/squid.conf"
		mv etc/squid.conf etc/squid/squid.conf
%{fillup_and_insserv -n "squid"}

%stop_on_removal squid

%restart_on_update squid
%verify_permissions -e /usr/sbin/pam_auth

%{__rm} -rf $RPM_BUILD_ROOT

%attr(750,squid,root) %dir /var/cache/squid/
%attr(750,squid,root) %dir /var/log/squid/
%dir %{squidconfdir}
%config(noreplace) %{squidconfdir}/cachemgr.conf
%config(noreplace) %{squidconfdir}/errorpage.css
%config(noreplace) %{squidconfdir}/errors
%config(noreplace) /etc/logrotate.d/squid
%config(noreplace) %{squidconfdir}/mime.conf
%config(noreplace) %{squidconfdir}/msntauth.conf
%config(noreplace) %{squidconfdir}/squid.conf
%config %{squidconfdir}/cachemgr.conf.default
%config %{squidconfdir}/errorpage.css.default
%config %{squidconfdir}/msntauth.conf.default
%config %{squidconfdir}/squid.conf.default
%config %{squidconfdir}/squid.conf.documented
%config /etc/pam.d/squid
%config /etc/init.d/squid
%config /etc/permissions.d/squid
%dir /usr/share/squid
%config /usr/share/squid/mib.txt
%verify(not mode) %attr(4755,root,shadow) %_sbindir/pam_auth
%dir %{_libdir}/squid
%doc %{_mandir}/man?/*
%doc README.kerberos
%doc doc/contrib doc/scripts 
%doc doc/debug-sections.txt src/squid.conf.default
#%doc README.squid_ldapauth CREDITS.squid_ldapauth
#%doc squid_ldapauth.conf