Please sync Squid 3.5 latest from Debian

Bug #1644538 reported by Amos Jeffries on 2016-11-24
26
This bug affects 3 people
Affects Status Importance Assigned to Milestone
squid3 (Ubuntu)
Undecided
Robie Basak

Bug Description

Debian has a newer squid version (3.5.22) than Ubuntu that fixes several of the open bugs.

Amos Jeffries (yadi) wrote :

Pretty sure it fixes bug #1585828. It should also fix bug #1572715 and bug #1589567

Hans Joachim Desserud (hjd) wrote :

Thanks for taking your time to report this issue and help making Ubuntu better.

I briefly looked at this package, and it looks like it has quite a few Ubuntu-specific patches. So most likely this will need to be merged to get the latest version from Debian with the remaining Ubuntu-only changes which still needs to be applied.

tags: added: needs-debian-merge upgrade-software-version

Hi,
IIRC there is a merge of latest squid in progress for Zesty by Robie Basak.

Subscribing him here, so he can decide to close this as a dup to whatever merge bug he already has - or to use this one for it if no one exists so far.

Robie Basak (racb) wrote :

Yes, I've been working on this. Thanks.

Changed in squid3 (Ubuntu):
status: New → In Progress
assignee: nobody → Robie Basak (racb)
Amos Jeffries (yadi) wrote :

Any progress? I'm getting pings upstream about newer Ubuntu versions.

Robie Basak (racb) wrote :

You can see my progress at https://git.launchpad.net/~racb/ubuntu/+source/squid3/refs/

The "debian" branch is things I intend to send to Debian. The "merge" branch is the current state of the merge (still untested). I will be rebasing both branches before they are ready, but feel free to pick anything into Debian that you think is appropriate directly - it'll save me sending it up.

The previous delta that I have distilled is at https://git.launchpad.net/~racb/ubuntu/+source/squid3/log/?id=logical/3.5.12-1ubuntu8

Amos, I think we spoke about https://git.launchpad.net/~racb/ubuntu/+source/squid3/commit/?id=873ae5aef1b845eb683b2886c819ed5d4be4c5cf but I can't find any reference to it. Do you recall where it might have been? I think that's a bug that's still outstanding in Debian.

Amos Jeffries (yadi) wrote :

Thanks.

Yes, I recall a discussion about that change in the early 'installation script failure' bug reports, the one where others in the Ubuntu team got involved and the squid.maintscript got added. But I too can't find which one right now.
 - We have not had any repots of similar behaviour from Debian users, but did have several reports about the issue the lack of that init script line caused. So in balance I am procrastinating on taking it until Debian has a documented need/bug. The issue should disappear entirely with the upcoming 4.x package.

I'm pulling in the adduser and Vcs-Browser patches. Though please note there was some discussion in debian-devel recently about these URLs that concluded the /cgit/ path segment should be /git/ so as not to depend on the cgit tool specifically. The web server now handles redirection itself from the generic URL syntax.

I still dont think the snakeoil patch in its current form is correct for squid/3.x packages. The code to use those certs is not even compiled so at the very least a Depends relationship is bogus. The squidclient/3.x could Recommend since it supports HTTPS, but that is a separate package. And the documentation note I suspect has fooled at least some people into thinking they can use the HTTPS config options already.

The rest it will need some testing. I hope to have some time for that this week to try to further minimize the diff, but no guarantees.

Robie Basak (racb) wrote :

Thanks for looking into these. Everything you've said sounds reasonable. I'm going to leave the snakeoil patch as-is in Ubuntu for now for the sake of making progress, but I will make a note to look at this again when we next merge.

Robie Basak (racb) wrote :

I think this is ready. Merge proposal in https://code.launchpad.net/~racb/ubuntu/+source/squid3/+git/squid3/+merge/316496. I'll upload in a week if nobody finds the time to review.

Robie Basak (racb) on 2017-02-10
Changed in squid3 (Ubuntu):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (5.7 KiB)

This bug was fixed in the package squid3 - 3.5.23-1ubuntu1

---------------
squid3 (3.5.23-1ubuntu1) zesty; urgency=medium

  * Merge from Debian (LP: #1644538). Remaining changes:
    - Add additional dep8 tests.
    - Use snakeoil certificates.
    - Add an example refresh pattern for debs.
    - Add disabled by default AppArmor profile.
    - Revert "Set pidfile for systemd's sysv-generator" from Debian.
    - Drop wrong short-circuiting of various invocations; we always want to
      call the debhelper block.
    - Add missing Pre-Depends on adduser.
    - Enable autoreconf. This is no longer required for the security updates,
      but is needed for the seddery of test-suite/Makefile.am in
      d/t/upstream-test-suite.
  * Drop changes (adopted in Debian):
    - Run sarg-reports if present before rotating logs.
    - Add lsb-release build dep.
  * Drop changes that no longer make a functional difference in Ubuntu, but may
    still be relevant to send to Debian:
    - d/squid3.postinst: don't try to stop squid3 again.
    - d/squid3.postrm: don't rm -f conffiles in purge.
    - Drop squid3 dependencies on ${shlib:Depends} and lsb-base.
    - Drop creation of /etc/squid.
  * Drop unnecessary changes:
    - Add executable bits to d/squid.preinst.
  * Drop changes relating to the upgrade path from prior to Xenial, so no
    longer required:
    - /var/spool/squid3 upgrade path handling.
    - Conffile upgrade path handling.
    - Remove redundant version-guarded restart code from squid postinst.
    - Clean up apparmor links for usr.sbin.squid3 on upgrade.
    - Attempt to migrate /var/log/squid3 -> /var/log/squid on upgrade.
    - Add Breaks on older ufw to fix upgrade path.
    - Use Breaks instead of Conflicts. Instead, drop the Conflicts/Replaces
      entirely (see below).
  * Drop security fixes: all included in 3.5.23 upstream.
  * Drop Conflicts/Replaces of squid against squid3. In Ubuntu, the migration
    happened in Xenial, so no upgrade path still requires this code. This
    reduces upgrade ordering difficulty.
  * Fix failing autopkgtests:
    - Adjust Python module dependencies.
    - Correctly handle the squid3 -> squid rename.
    - Adjust seddery for upstream test squid binary location.
  * Drop dependency on init-system-helpers. This was introduced in LP 1432683.
    Since we no longer ship an upstart job, it is no longer required.
  * Correct attribution and add explanatory note in d/NEWS.debian.

squid3 (3.5.23-1) unstable; urgency=high

  [ Amos Jeffries <email address hidden> ]
  * New Upstream Release (Closes: #793473, #822952)
    - Fixes security issue SQUID-2016:10 (CVE-2016-10003) (Closes: #848491)
    - Fixes security issue SQUID-2016:11 (CVE-2016-10002) (Closes: #848493)

  * debian/patches/
    - Remove patch included upstream

  * debian/tests/
    - Use package build-deps when testing so the make commands will work

squid3 (3.5.22-1) unstable; urgency=medium

  [ Amos Jeffries <email address hidden> ]
  * New Upstream Release

  * debian/patches
    - Add upstream patch to fix adaptation crashes

  * debian/{control, rules, squid.postinst}
    - Accept patch to remove setuid from pinger (Clo...

Read more...

Changed in squid3 (Ubuntu):
status: Fix Committed → Fix Released
Erik Berggren (erbe03) wrote :

Hi,
Could you please release Squid 3.5.23-1ubuntu1 to Xenial aswell?

On Mon, Feb 13, 2017 at 01:47:12PM -0000, Erik Berggren wrote:
> Could you please release Squid 3.5.23-1ubuntu1 to Xenial aswell?

I'm afraid not. Something may be possible though if you can specify why
you need this. Please see https://wiki.ubuntu.com/StableReleaseUpdates
for the policy and rationale, and details of what is acceptable. Please
then file a separate bug with details of what you actually need fixing.

Erik Berggren (erbe03) wrote :

When we used the current 3.5.12 in Xenial, we got very poor upload speeds ranging from 30-50mbit/s, after we upgraded to 3.5.23 we got the full upload speed.
Is this bug sufficent enough to change the 3.5.12 -> 3.5.23 in Xenial?

Best Regards

Robie Basak (racb) wrote :

If the bug is valid it's certainly sufficient for an SRU. Please file it with detailed information. Whether we backport a fix or update wholesale to 3.5.23 depends on whether all the other changes qualify.

Erik Berggren (erbe03) wrote :

Hi Robie, please head over to this new bug report i created: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/1665292

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers