Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock X-Debbugs-Cc: sq...@packages.debian.org Control: affects -1 + src:squid
Please unblock package squid squid on testing has several bugs which were fixed on version 5.8 of upstream, however 5.8 would not be allowed on bookworm when it was released, so upstream for squid has sugested us to ship two patches on top of 5.7, the suggested patches are the only changes done to the package and can be seen here: https://salsa.debian.org/squid-team/squid/-/commit/7ffc938c1456033ce4772bec067c6c90584bc348 https://salsa.debian.org/squid-team/squid/-/commit/cdd9134b05ac6587b4391a407061a426d283b840 [ Reason ] The new package version solves a couple of nasty bugs. [ Impact ] Bugs introduced by the version now in testing and not present on stable [ Tests ] piuparts and autopkgtest passed, the code has also been tested on production machines. [ Risks ] None identified, patches are from upstream, really small, apply cleanly and work Ok. [ Checklist ] [X] all changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in testing [ Other info ] unblock squid/5.7-2
diff -Nru squid-5.7/debian/changelog squid-5.7/debian/changelog --- squid-5.7/debian/changelog 2022-10-04 11:04:20.000000000 +0200 +++ squid-5.7/debian/changelog 2023-04-28 08:35:27.000000000 +0200 @@ -1,3 +1,10 @@ +squid (5.7-2) unstable; urgency=medium + + * Add a couple of upstream picked patches to fix some issues on 5.7 + that upstream has fixed on 5.8. + + -- Santiago Garcia Mantinan <ma...@debian.org> Fri, 28 Apr 2023 08:35:27 +0200 + squid (5.7-1) unstable; urgency=medium * Urgency high due to security fixes diff -Nru squid-5.7/debian/patches/1f13f721263a4cc75e4b798a230022561047899c.patch squid-5.7/debian/patches/1f13f721263a4cc75e4b798a230022561047899c.patch --- squid-5.7/debian/patches/1f13f721263a4cc75e4b798a230022561047899c.patch 1970-01-01 01:00:00.000000000 +0100 +++ squid-5.7/debian/patches/1f13f721263a4cc75e4b798a230022561047899c.patch 2023-04-28 08:35:27.000000000 +0200 @@ -0,0 +1,42 @@ +From 1f13f721263a4cc75e4b798a230022561047899c Mon Sep 17 00:00:00 2001 +From: Eduard Bagdasaryan <eduard.bagdasar...@measurement-factory.com> +Date: Thu, 1 Dec 2022 18:50:37 +0000 +Subject: [PATCH] Bug 5162: mgr:index URL do not produce MGR_INDEX template + (#1191) + +Satisfy mgr:index requests using + +* a 200 OK response with a body derived from the MGR_INDEX template (if + that template file was found during (re)configuration) or +* a 404 (Not Found) error response (otherwise). + +Broken in 2019 commit 7e6eabb, when Squid started replying using a 200 +OK response with a hard-coded "mgr_index" text as a body, ignoring any +configured MGR_INDEX template. +--- + src/errorpage.cc | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff --git a/src/errorpage.cc b/src/errorpage.cc +index 6fbedbe1dba..f74e6e554e2 100644 +--- a/src/errorpage.cc ++++ b/src/errorpage.cc +@@ -154,6 +154,7 @@ static const struct { + const char *text; + } + ++/// error messages that cannot be configured/customized externally + error_hard_text[] = { + + { +@@ -180,10 +181,6 @@ error_hard_text[] = { + { + ERR_REQUEST_START_TIMEOUT, + "request start timedout" +- }, +- { +- MGR_INDEX, +- "mgr_index" + } + }; + diff -Nru squid-5.7/debian/patches/edad3f150de8af0aeb2f629508be3219b83369b9.patch squid-5.7/debian/patches/edad3f150de8af0aeb2f629508be3219b83369b9.patch --- squid-5.7/debian/patches/edad3f150de8af0aeb2f629508be3219b83369b9.patch 1970-01-01 01:00:00.000000000 +0100 +++ squid-5.7/debian/patches/edad3f150de8af0aeb2f629508be3219b83369b9.patch 2023-04-28 08:35:27.000000000 +0200 @@ -0,0 +1,31 @@ +From edad3f150de8af0aeb2f629508be3219b83369b9 Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy <aboko...@redhat.com> +Date: Sat, 10 Dec 2022 11:50:27 +0000 +Subject: [PATCH] ext_kerberos_ldap_group_acl: Support -b with -D (#1207) + +When both '-b' (i.e. bind DN) and '-D' (i.e. Kerberos domain) options +are specified, '-b' is ignored completely. This breaks the helper when a +search subtree has to be limited (e.g., when using FreeIPA). + +Fix it to take '-b' into account if it was specified with '-D'. +--- + src/acl/external/kerberos_ldap_group/support_ldap.cc | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/acl/external/kerberos_ldap_group/support_ldap.cc b/src/acl/external/kerberos_ldap_group/support_ldap.cc +index 3608148a388..c713215a85c 100644 +--- a/src/acl/external/kerberos_ldap_group/support_ldap.cc ++++ b/src/acl/external/kerberos_ldap_group/support_ldap.cc +@@ -1114,7 +1114,11 @@ get_memberof(struct main_args *margs, char *user, char *domain, char *group) + "%s| %s: DEBUG: Error during initialisation of ldap connection: %s\n", + LogTime(), PROGRAM, strerror(errno)); + } +- bindp = convert_domain_to_bind_path(domain); ++ if (margs->lbind) { ++ bindp = xstrdup(margs->lbind); ++ } else { ++ bindp = convert_domain_to_bind_path(domain); ++ } + } + if ((!domain || !ld) && margs->lurl && strstr(margs->lurl, "://")) { + char *hostname; diff -Nru squid-5.7/debian/patches/series squid-5.7/debian/patches/series --- squid-5.7/debian/patches/series 2022-10-04 11:04:20.000000000 +0200 +++ squid-5.7/debian/patches/series 2023-04-28 08:35:27.000000000 +0200 @@ -1,3 +1,5 @@ +1f13f721263a4cc75e4b798a230022561047899c.patch +edad3f150de8af0aeb2f629508be3219b83369b9.patch 0001-Default-configuration-file-for-debian.patch 0002-Change-default-file-locations-for-debian.patch 0003-installed-binary-for-debian-ci.patch