Squid has issued an advisory on October 3: https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82 The issue is fixed upstream in 4.17.
4.16 and 4.17 changes: https://github.com/squid-cache/squid/commit/3896e584d7eeb321d7becbcedec872ffa868dd87 https://github.com/squid-cache/squid/commit/874e8b4ca0342a1c399ddadc1cf6998590fa46a6
Status comment: (none) => Fixed upstream in 4.17
The issue is also fixed in 5.2, which doesn't build in Cauldron due to an issue with openssl 3.0.0: http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20211004150607.luigiwalser.duvel.23396/log/squid-5.2-1.mga9/build.x86_64.0.20211004150713.log
Whiteboard: (none) => MGA8TOOVersion: 8 => Cauldron
Assigning to the registered maintainer.
CC: (none) => marja11Assignee: bugsquad => bruno
Joseph fixed the build in Cauldron.
Version: Cauldron => 8Whiteboard: MGA8TOO => (none)
fixed in mga8 src: - squid-4.15-1.1.mga8
Assignee: bruno => qa-bugsCC: (none) => bruno, mageia
Updating again to squid-4.17-1.mga8, building now.
Status comment: Fixed upstream in 4.17 => (none)
RPMS: squid-4.17-1.mga8 squid-cachemgr-4.17-1.mga8
Hello, friends. :) Sorry to interfere with your "squid" update process. Since squid-4.17 is in your testing, I did not create a separate topic. Especially since all squids (4.13-4.17) work fine, including in HTTPS filtering mode, but there is such a thing in packages: urpme squid deleted squid-4.17-1.mga8.x86_64 error reading information about the service squid: No such file or directory error: %preun(squid-4.17-1.mga8.x86_64) scriptlet failed, exit status 1 ERROR: 'script' failed for squid-4.17-1.mga8.x86_64 error: squid-4.17-1.mga8.x86_64: erasing failed You can only delete a package using the "Marquis de Sade" method: rpm -e --noscripts squid The reason is here: --- %preun %_preun_service squid if [ $1 = 0 ] ; then rm -f %{_logdir}/squid/* # /sbin/chkconfig --del squid # The package is not being deleted because of this line! fi Could you additionally fix the package removal process? And one more question, if possible: why is there no "sarg" in the repositories? Thanks. Sincerely, Alex
CC: (none) => alex_q_2000
Thanks, line removed from SPEC in SVN, will be fixed by the next update. sarg is a long-since dead project and has been replaced by squidanalyzer.
Hi, David. I haven't set up squid for a long time, probably since sarg was relevant. )) But I have an urgent job for tomorrow, so I was at a loss with the choice of a log analyzer. Now I'll try to screw squidanalyzer. Thanks a lot for the advice. Sincerely, Alex
Created attachment 12944 [details] SquidAnalyzer-6.6 @David Walser squidanalyzer... Very, very good! I think that the client will be delighted: a large pile of graphs, tables by users. It is similar to Sarg, but feels a little cooler (screenshot in attachment). Possible, in squidanalyzer is clearly missing a file: /etc/httpd/conf/conf.d/squidanalyzer.conf Alias /squidreport /var/www/html/squidanalyzer <Directory /var/www/html/squidanalyzer> Options Indexes FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.1 </Directory> Sarg had an initial node config, but these are small things. Thanks again, David. :) Best regards, Alex
Yeah it's more modern and efficient than sarg. Your extra file is completely unnecessary.
Mageia Gnome X64 No installation issues. # squid --v Squid Cache: Version 4.17 Service Name: squid #systemctl start squid #systemctl status squid ● squid.service - Squid Web Proxy Server Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; vendor pr> Active: active (running) since Tue 2021-10-12 12:01:28 CEST; 6s ago Docs: man:squid(8) Process: 11793 ExecStartPre=/usr/sbin/squid --foreground -z -F (code=exited> Main PID: 11796 (squid) Tasks: 4 (limit: 2320) Memory: 12.6M # tail -f /var/log/squid/access.log 1634033569.280 68 192.168.1.30 TCP_MISS/200 1753 GET http://www.squid-cache.org/favicon.ico - HIER_DIRECT/2001:4310:f1::70 image/x-icon 1634033806.598 15 192.168.1.30 TCP_MISS/200 928 POST http://ocsp.digicert.com/ - HIER_DIRECT/93.184.220.29 application/ocsp-response All seems to ok.
CC: (none) => hdetavernier
MGA8-64 Plasma on Lenovo B50 No installation issues. Ref bug 26884 Comment 4 for testing. Hmmm, something fishy with the default installation. # systemctl start squid [root@mach5 ~]# systemctl status squid ● squid.service - Squid Web Proxy Server Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; vendor preset: disabled) Active: active (running) since Tue 2021-10-12 15:12:33 CEST; 2s ago Docs: man:squid(8) Process: 8509 ExecStartPre=/usr/sbin/squid --foreground -z -F (code=exited, status=0/SUCCESS) Main PID: 8512 (squid) Tasks: 4 (limit: 9402) Memory: 12.4M CPU: 97ms CGroup: /system.slice/squid.service ├─8512 /usr/sbin/squid --foreground -sYC ├─8514 (squid-1) --kid squid-1 --foreground -sYC ├─8515 (logfile-daemon) /var/log/squid/access.log └─8516 (pinger) okt 12 15:12:33 mach5.hviaene.thuis squid[8514]: Using Least Load store dir selection okt 12 15:12:33 mach5.hviaene.thuis squid[8514]: Set Current Directory to /var/spool/squid okt 12 15:12:33 mach5.hviaene.thuis squid[8514]: Finished loading MIME types and icons. okt 12 15:12:33 mach5.hviaene.thuis squid[8514]: HTCP Disabled. okt 12 15:12:33 mach5.hviaene.thuis squid[8514]: Pinger socket opened on FD 14 okt 12 15:12:33 mach5.hviaene.thuis squid[8514]: Squid plugin modules loaded: 0 okt 12 15:12:33 mach5.hviaene.thuis squid[8514]: Adaptation support is off. okt 12 15:12:33 mach5.hviaene.thuis systemd[1]: Started Squid Web Proxy Server. okt 12 15:12:33 mach5.hviaene.thuis squid[8514]: Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 12 flags=9 okt 12 15:12:34 mach5.hviaene.thuis squid[8514]: storeLateRelease: released 0 objects When I now set localhost port 3128 as proxy in Firefox and restart Firefox, I don't get the Google page as default, instead I get the message "Firefox connects to a proxy which refuses connetions". And more: I have on Firefox a second home page which is http://madb.mageia.org/tools/updates, and that one displays OK. But as soon as I try to open one of the bugs, I get the same message as above.
CC: (none) => herman.viaene
Herman, have you tried to set IP address instead of localhost? I don't have problems with IP Address.
The update to 5.2 in Cauldron also fixed CVE-2021-41611: https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NKHYAMRG2EX7U76GWKARKB3SN2MXVY5X/
Is there still something preventing the release of 4.17 ?
Someone in QA needs to validate it.
Wasn't comment 13 enough ?
(In reply to Bruno Cornec from comment #19) > Wasn't comment 13 enough ? In my opinion, yes, I agree with you.
@David Walser By the way, squid-5.2-1.mga9.x86_64.rpm (Mageia-9) works fine. I made a "Bastion" on it for myself - an gateway-filter: https://github.com/AKotov-dev/bastion And an installation flash drive (IceWM-M9), so as not to waste time on deployment: https://drive.google.com/drive/folders/16xwTUpQzTASXkzXvCFaoQqByXgvP1XaE?usp=sharing I'll leave them here, maybe it will be useful to someone for experiments or squids testing. p.s. I wonder how soon black smoke will come out of the server if 500+ users are connected through it. )) With best wishes, Alex
(In reply to David Walser from comment #20) > (In reply to Bruno Cornec from comment #19) > > Wasn't comment 13 enough ? > > In my opinion, yes, I agree with you. Comment 14 makes me uneasy, but sending this on, based on this opinion. Validating. Needs an advisory.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA8-64-OKCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0499.html
Status: NEW => RESOLVEDResolution: (none) => FIXED