Univention Bugzilla – Bug 43408
squid3: Regression Erratum 346 built without SSL
Last modified: 2021-03-29 18:01:31 CEST
The squid3 Erratum 346 for UCS 4.1 has been built without SSL support, this breaks http://wiki.univention.de/index.php?title=Cool_Solution_-_Squid_as_Reverse_SSL_Proxy The 001-enable-ssl.patch simply has not been merged from errata4.0-3.
The package has been rebuilt with the missing patch. Advisory: squid3.yaml
OK: patch was applied in build: ------------------------------------------------------------------ dtroeder@ladda:~$ bzgrep -i -A5 ssl.patch /var/univention/buildsystem2/logs/ucs_4.1-0-0-errata4.1-4/squid3_3.1.20-2.2.24.201701241545.log.bz2 A 3.1.20-2.2+deb7u6-errata4.1-4/001-enable-ssl.patch Exportiert, Revision 17064. dpkg-source: Warnung: Patches noch nicht angewandt, werden jetzt angewendet (verwenden Sie --no-preparation zum Aufheben) dpkg-source: Information: 01-cf.data.debian.patch wird angewandt dpkg-source: Information: 02-makefile-defaults.patch wird angewandt dpkg-source: Information: 15-cachemgr-default-config.patch wird angewandt -- 001-enable-ssl.patch Applying patch 001-enable-ssl.patch using -p1 Output of the patch process: patching file debian/control patching file debian/rules OK ------------------------------------------------------------------ OK: advisory OK: automatic tests: ucs-test -E dangerous -s proxy Some tests failed though - those failed before too, so I guess it is a problem of my VM or the tests 00 and 02 must be reworked. OK: manual test: root@slave45:~# DEBIAN_FRONTEND=noninteractive apt-get install --reinstall squid3 root@slave45:~# dpkg -l squid3 ii squid3 3.1.20-2.2.24.201 root@slave45:~# /etc/init.d/apache2 stop root@slave45:~# cp /etc/squid3/local.conf /etc/squid3/local.conf.backup root@slave45:~# vi /etc/squid3/local.conf ------------------------------------------------------------------ https_port 443 cert=/etc/univention/ssl/slave45.uni.dtr/cert.pem key=/etc/univention/ssl/slave45.uni.dtr/private.key defaultsite=www.debian.org vhost cache_peer 130.89.148.14 parent 443 0 no-query proxy-only originserver ssl sslflags=DONT_VERIFY_PEER name=myHost acl myNetwork src 10.200.3.0/24 http_access allow myNetwork cache_peer_access myHost allow myNetwork ------------------------------------------------------------------ root@slave45:~# ucr set squid/allowfrom=10.200.3.0/24 root@slave45:~# service squid3 restart root@master43:~# wget --no-check-certificate -q https://10.200.3.45 -O - | grep '<title>' <title>Debian -- The Universal Operating System </title>
<http://errata.software-univention.de/ucs/4.1/380.html>