Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: sq...@packages.debian.org
Control: affects -1 + src:squid
Please unblock package squid
squid on testing has several bugs which were fixed on version 5.8
of upstream, however 5.8 would not be allowed on bookworm when it
was released, so upstream for squid has sugested us to ship two
patches on top of 5.7, the suggested patches are the only changes
done to the package and can be seen here:
https://salsa.debian.org/squid-team/squid/-/commit/7ffc938c1456033ce4772bec067c6c90584bc348
https://salsa.debian.org/squid-team/squid/-/commit/cdd9134b05ac6587b4391a407061a426d283b840
[ Reason ]
The new package version solves a couple of nasty bugs.
[ Impact ]
Bugs introduced by the version now in testing and not present on stable
[ Tests ]
piuparts and autopkgtest passed, the code has also been tested on production
machines.
[ Risks ]
None identified, patches are from upstream, really small, apply cleanly and
work Ok.
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
[ Other info ]
unblock squid/5.7-2
diff -Nru squid-5.7/debian/changelog squid-5.7/debian/changelog
--- squid-5.7/debian/changelog 2022-10-04 11:04:20.000000000 +0200
+++ squid-5.7/debian/changelog 2023-04-28 08:35:27.000000000 +0200
@@ -1,3 +1,10 @@
+squid (5.7-2) unstable; urgency=medium
+
+ * Add a couple of upstream picked patches to fix some issues on 5.7
+ that upstream has fixed on 5.8.
+
+ -- Santiago Garcia Mantinan <ma...@debian.org> Fri, 28 Apr 2023 08:35:27
+0200
+
squid (5.7-1) unstable; urgency=medium
* Urgency high due to security fixes
diff -Nru
squid-5.7/debian/patches/1f13f721263a4cc75e4b798a230022561047899c.patch
squid-5.7/debian/patches/1f13f721263a4cc75e4b798a230022561047899c.patch
--- squid-5.7/debian/patches/1f13f721263a4cc75e4b798a230022561047899c.patch
1970-01-01 01:00:00.000000000 +0100
+++ squid-5.7/debian/patches/1f13f721263a4cc75e4b798a230022561047899c.patch
2023-04-28 08:35:27.000000000 +0200
@@ -0,0 +1,42 @@
+From 1f13f721263a4cc75e4b798a230022561047899c Mon Sep 17 00:00:00 2001
+From: Eduard Bagdasaryan <eduard.bagdasar...@measurement-factory.com>
+Date: Thu, 1 Dec 2022 18:50:37 +0000
+Subject: [PATCH] Bug 5162: mgr:index URL do not produce MGR_INDEX template
+ (#1191)
+
+Satisfy mgr:index requests using
+
+* a 200 OK response with a body derived from the MGR_INDEX template (if
+ that template file was found during (re)configuration) or
+* a 404 (Not Found) error response (otherwise).
+
+Broken in 2019 commit 7e6eabb, when Squid started replying using a 200
+OK response with a hard-coded "mgr_index" text as a body, ignoring any
+configured MGR_INDEX template.
+---
+ src/errorpage.cc | 5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+diff --git a/src/errorpage.cc b/src/errorpage.cc
+index 6fbedbe1dba..f74e6e554e2 100644
+--- a/src/errorpage.cc
++++ b/src/errorpage.cc
+@@ -154,6 +154,7 @@ static const struct {
+ const char *text;
+ }
+
++/// error messages that cannot be configured/customized externally
+ error_hard_text[] = {
+
+ {
+@@ -180,10 +181,6 @@ error_hard_text[] = {
+ {
+ ERR_REQUEST_START_TIMEOUT,
+ "request start timedout"
+- },
+- {
+- MGR_INDEX,
+- "mgr_index"
+ }
+ };
+
diff -Nru
squid-5.7/debian/patches/edad3f150de8af0aeb2f629508be3219b83369b9.patch
squid-5.7/debian/patches/edad3f150de8af0aeb2f629508be3219b83369b9.patch
--- squid-5.7/debian/patches/edad3f150de8af0aeb2f629508be3219b83369b9.patch
1970-01-01 01:00:00.000000000 +0100
+++ squid-5.7/debian/patches/edad3f150de8af0aeb2f629508be3219b83369b9.patch
2023-04-28 08:35:27.000000000 +0200
@@ -0,0 +1,31 @@
+From edad3f150de8af0aeb2f629508be3219b83369b9 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <aboko...@redhat.com>
+Date: Sat, 10 Dec 2022 11:50:27 +0000
+Subject: [PATCH] ext_kerberos_ldap_group_acl: Support -b with -D (#1207)
+
+When both '-b' (i.e. bind DN) and '-D' (i.e. Kerberos domain) options
+are specified, '-b' is ignored completely. This breaks the helper when a
+search subtree has to be limited (e.g., when using FreeIPA).
+
+Fix it to take '-b' into account if it was specified with '-D'.
+---
+ src/acl/external/kerberos_ldap_group/support_ldap.cc | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/acl/external/kerberos_ldap_group/support_ldap.cc
b/src/acl/external/kerberos_ldap_group/support_ldap.cc
+index 3608148a388..c713215a85c 100644
+--- a/src/acl/external/kerberos_ldap_group/support_ldap.cc
++++ b/src/acl/external/kerberos_ldap_group/support_ldap.cc
+@@ -1114,7 +1114,11 @@ get_memberof(struct main_args *margs, char *user, char
*domain, char *group)
+ "%s| %s: DEBUG: Error during initialisation of ldap
connection: %s\n",
+ LogTime(), PROGRAM, strerror(errno));
+ }
+- bindp = convert_domain_to_bind_path(domain);
++ if (margs->lbind) {
++ bindp = xstrdup(margs->lbind);
++ } else {
++ bindp = convert_domain_to_bind_path(domain);
++ }
+ }
+ if ((!domain || !ld) && margs->lurl && strstr(margs->lurl, "://")) {
+ char *hostname;
diff -Nru squid-5.7/debian/patches/series squid-5.7/debian/patches/series
--- squid-5.7/debian/patches/series 2022-10-04 11:04:20.000000000 +0200
+++ squid-5.7/debian/patches/series 2023-04-28 08:35:27.000000000 +0200
@@ -1,3 +1,5 @@
+1f13f721263a4cc75e4b798a230022561047899c.patch
+edad3f150de8af0aeb2f629508be3219b83369b9.patch
0001-Default-configuration-file-for-debian.patch
0002-Change-default-file-locations-for-debian.patch
0003-installed-binary-for-debian-ci.patch
