Univention Bugzilla – Full Text Bug Listing |
Summary: | squid3: Regression Erratum 346 built without SSL | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Security updates | Assignee: | Arvid Requate <requate> |
Status: | CLOSED FIXED | QA Contact: | Daniel Tröder <troeder> |
Severity: | normal | ||
Priority: | P2 | CC: | gohmann, grandjean, requate |
Version: | UCS 4.1 | Flags: | requate:
Patch_Available+
|
Target Milestone: | UCS 4.1-4-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=53005 | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: | |||
Bug Depends on: | 40834 | ||
Bug Blocks: | 42563 |
Description
Arvid Requate
2017-01-24 15:41:08 CET
The package has been rebuilt with the missing patch. Advisory: squid3.yaml OK: patch was applied in build: ------------------------------------------------------------------ dtroeder@ladda:~$ bzgrep -i -A5 ssl.patch /var/univention/buildsystem2/logs/ucs_4.1-0-0-errata4.1-4/squid3_3.1.20-2.2.24.201701241545.log.bz2 A 3.1.20-2.2+deb7u6-errata4.1-4/001-enable-ssl.patch Exportiert, Revision 17064. dpkg-source: Warnung: Patches noch nicht angewandt, werden jetzt angewendet (verwenden Sie --no-preparation zum Aufheben) dpkg-source: Information: 01-cf.data.debian.patch wird angewandt dpkg-source: Information: 02-makefile-defaults.patch wird angewandt dpkg-source: Information: 15-cachemgr-default-config.patch wird angewandt -- 001-enable-ssl.patch Applying patch 001-enable-ssl.patch using -p1 Output of the patch process: patching file debian/control patching file debian/rules OK ------------------------------------------------------------------ OK: advisory OK: automatic tests: ucs-test -E dangerous -s proxy Some tests failed though - those failed before too, so I guess it is a problem of my VM or the tests 00 and 02 must be reworked. OK: manual test: root@slave45:~# DEBIAN_FRONTEND=noninteractive apt-get install --reinstall squid3 root@slave45:~# dpkg -l squid3 ii squid3 3.1.20-2.2.24.201 root@slave45:~# /etc/init.d/apache2 stop root@slave45:~# cp /etc/squid3/local.conf /etc/squid3/local.conf.backup root@slave45:~# vi /etc/squid3/local.conf ------------------------------------------------------------------ https_port 443 cert=/etc/univention/ssl/slave45.uni.dtr/cert.pem key=/etc/univention/ssl/slave45.uni.dtr/private.key defaultsite=www.debian.org vhost cache_peer 130.89.148.14 parent 443 0 no-query proxy-only originserver ssl sslflags=DONT_VERIFY_PEER name=myHost acl myNetwork src 10.200.3.0/24 http_access allow myNetwork cache_peer_access myHost allow myNetwork ------------------------------------------------------------------ root@slave45:~# ucr set squid/allowfrom=10.200.3.0/24 root@slave45:~# service squid3 restart root@master43:~# wget --no-check-certificate -q https://10.200.3.45 -O - | grep '<title>' <title>Debian -- The Universal Operating System </title> |