Bug 29524

4.16 and 4.17 changes:
https://github.com/squid-cache/squid/commit/3896e584d7eeb321d7becbcedec872ffa868dd87
https://github.com/squid-cache/squid/commit/874e8b4ca0342a1c399ddadc1cf6998590fa46a6

Status comment: (none) => Fixed upstream in 4.17

The issue is also fixed in 5.2, which doesn't build in Cauldron due to an issue with openssl 3.0.0:
http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20211004150607.luigiwalser.duvel.23396/log/squid-5.2-1.mga9/build.x86_64.0.20211004150713.log

Whiteboard: (none) => MGA8TOO
Version: 8 => Cauldron

Assigning to the registered maintainer.

CC: (none) => marja11
Assignee: bugsquad => bruno

Joseph fixed the build in Cauldron.

Version: Cauldron => 8
Whiteboard: MGA8TOO => (none)

fixed in mga8

src:
    - squid-4.15-1.1.mga8

Assignee: bruno => qa-bugs
CC: (none) => bruno, mageia

Updating again to squid-4.17-1.mga8, building now.

Status comment: Fixed upstream in 4.17 => (none)

RPMS:
squid-4.17-1.mga8
squid-cachemgr-4.17-1.mga8

Hello, friends. :)
Sorry to interfere with your "squid" update process. Since squid-4.17 is in your testing, I did not create a separate topic. Especially since all squids (4.13-4.17) work fine, including in HTTPS filtering mode, but there is such a thing in packages:

urpme squid

deleted squid-4.17-1.mga8.x86_64
error reading information about the service squid: No such file or directory
error: %preun(squid-4.17-1.mga8.x86_64) scriptlet failed, exit status 1
ERROR: 'script' failed for squid-4.17-1.mga8.x86_64
error: squid-4.17-1.mga8.x86_64: erasing failed

You can only delete a package using the "Marquis de Sade" method: rpm -e --noscripts squid

The reason is here:
---
%preun
%_preun_service squid
if [ $1 = 0 ] ; then
	rm -f %{_logdir}/squid/*
#        /sbin/chkconfig --del squid # The package is not being deleted because of this line!
fi

Could you additionally fix the package removal process? And one more question, if possible: why is there no "sarg" in the repositories? Thanks.

Sincerely,
Alex

CC: (none) => alex_q_2000

Thanks, line removed from SPEC in SVN, will be fixed by the next update.

sarg is a long-since dead project and has been replaced by squidanalyzer.

Hi, David. I haven't set up squid for a long time, probably since sarg was relevant. )) But I have an urgent job for tomorrow, so I was at a loss with the choice of a log analyzer. Now I'll try to screw squidanalyzer. Thanks a lot for the advice.

Sincerely,
Alex

Created attachment 12944 [details]
SquidAnalyzer-6.6

@David Walser
squidanalyzer...

Very, very good! I think that the client will be delighted: a large pile of graphs, tables by users. It is similar to Sarg, but feels a little cooler (screenshot in attachment). Possible, in squidanalyzer is clearly missing a file:

/etc/httpd/conf/conf.d/squidanalyzer.conf

Alias /squidreport /var/www/html/squidanalyzer
        <Directory /var/www/html/squidanalyzer>
            Options Indexes FollowSymLinks
            AllowOverride None
            Order deny,allow
            Deny from all
            Allow from 127.0.0.1
        </Directory>

Sarg had an initial node config, but these are small things. Thanks again, David. :)

Best regards,
Alex

Yeah it's more modern and efficient than sarg.  Your extra file is completely unnecessary.

Mageia Gnome X64

No installation issues.

# squid --v
Squid Cache: Version 4.17
Service Name: squid

#systemctl start squid
#systemctl status squid
● squid.service - Squid Web Proxy Server
     Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; vendor pr>
     Active: active (running) since Tue 2021-10-12 12:01:28 CEST; 6s ago
       Docs: man:squid(8)
    Process: 11793 ExecStartPre=/usr/sbin/squid --foreground -z -F (code=exited>
   Main PID: 11796 (squid)
      Tasks: 4 (limit: 2320)
     Memory: 12.6M


# tail -f /var/log/squid/access.log
1634033569.280     68 192.168.1.30 TCP_MISS/200 1753 GET http://www.squid-cache.org/favicon.ico - HIER_DIRECT/2001:4310:f1::70 image/x-icon
1634033806.598     15 192.168.1.30 TCP_MISS/200 928 POST http://ocsp.digicert.com/ - HIER_DIRECT/93.184.220.29 application/ocsp-response

All seems to ok.

CC: (none) => hdetavernier

MGA8-64 Plasma on Lenovo B50
No installation issues.
Ref bug 26884 Comment 4 for testing.
Hmmm, something fishy with the  default installation.
# systemctl start squid
[root@mach5 ~]# systemctl status squid
● squid.service - Squid Web Proxy Server
     Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; vendor preset: disabled)
     Active: active (running) since Tue 2021-10-12 15:12:33 CEST; 2s ago
       Docs: man:squid(8)
    Process: 8509 ExecStartPre=/usr/sbin/squid --foreground -z -F (code=exited, status=0/SUCCESS)
   Main PID: 8512 (squid)
      Tasks: 4 (limit: 9402)
     Memory: 12.4M
        CPU: 97ms
     CGroup: /system.slice/squid.service
             ├─8512 /usr/sbin/squid --foreground -sYC
             ├─8514 (squid-1) --kid squid-1 --foreground -sYC
             ├─8515 (logfile-daemon) /var/log/squid/access.log
             └─8516 (pinger)

okt 12 15:12:33 mach5.hviaene.thuis squid[8514]: Using Least Load store dir selection
okt 12 15:12:33 mach5.hviaene.thuis squid[8514]: Set Current Directory to /var/spool/squid
okt 12 15:12:33 mach5.hviaene.thuis squid[8514]: Finished loading MIME types and icons.
okt 12 15:12:33 mach5.hviaene.thuis squid[8514]: HTCP Disabled.
okt 12 15:12:33 mach5.hviaene.thuis squid[8514]: Pinger socket opened on FD 14
okt 12 15:12:33 mach5.hviaene.thuis squid[8514]: Squid plugin modules loaded: 0
okt 12 15:12:33 mach5.hviaene.thuis squid[8514]: Adaptation support is off.
okt 12 15:12:33 mach5.hviaene.thuis systemd[1]: Started Squid Web Proxy Server.
okt 12 15:12:33 mach5.hviaene.thuis squid[8514]: Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 12 flags=9
okt 12 15:12:34 mach5.hviaene.thuis squid[8514]: storeLateRelease: released 0 objects
When I now set localhost port 3128 as proxy in Firefox and restart Firefox, I don't get the Google page as default, instead I get the message "Firefox connects to a proxy which refuses connetions". And more: I have on Firefox a second home page which is http://madb.mageia.org/tools/updates, and that one displays OK. But as soon as I try to open one of the bugs, I get the same message as above.

CC: (none) => herman.viaene

Herman,

have you tried to set IP address instead of localhost?
I don't have problems with IP Address.

The update to 5.2 in Cauldron also fixed CVE-2021-41611:
https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NKHYAMRG2EX7U76GWKARKB3SN2MXVY5X/

Is there still something preventing the release of 4.17 ?

Someone in QA needs to validate it.

Wasn't comment 13 enough ?

(In reply to Bruno Cornec from comment #19)
> Wasn't comment 13 enough ?

In my opinion, yes, I agree with you.

@David Walser
By the way, squid-5.2-1.mga9.x86_64.rpm (Mageia-9) works fine. I made a "Bastion" on it for myself - an gateway-filter: https://github.com/AKotov-dev/bastion And an installation flash drive (IceWM-M9), so as not to waste time on deployment: https://drive.google.com/drive/folders/16xwTUpQzTASXkzXvCFaoQqByXgvP1XaE?usp=sharing 

I'll leave them here, maybe it will be useful to someone for experiments or squids testing.

p.s. I wonder how soon black smoke will come out of the server if 500+ users are connected through it. ))

With best wishes,
Alex

(In reply to David Walser from comment #20)
> (In reply to Bruno Cornec from comment #19)
> > Wasn't comment 13 enough ?
> 
> In my opinion, yes, I agree with you.

Comment 14 makes me uneasy, but sending this on, based on this opinion.

Validating. Needs an advisory.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA8-64-OK
CC: (none) => andrewsfarm, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0499.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED