Merge ~sergiodj/ubuntu/+source/squid:merge-5.7-1-lunar into ubuntu/+source/squid:debian/sid

Proposed by Sergio Durigan Junior
Status: Merged
Merge reported by: git-ubuntu bot
Merged at revision: d405b36b389057b7ae45de8921ca988991a7acf7
Proposed branch: ~sergiodj/ubuntu/+source/squid:merge-5.7-1-lunar
Merge into: ubuntu/+source/squid:debian/sid
Diff against target: 1212 lines (+1039/-2)
9 files modified
debian/NEWS (+7/-0)
debian/changelog (+794/-0)
debian/control (+3/-2)
debian/patches/0009-Fix-Werror-alloc-size-larger-than-on-GCC-12.patch (+65/-0)
debian/patches/90-cf.data.ubuntu.patch (+22/-0)
debian/patches/99-ubuntu-ssl-cert-snakeoil.patch (+28/-0)
debian/patches/fix-max-pkt-sz-for-icmpEchoData-padding.patch (+89/-0)
debian/patches/series (+4/-0)
debian/usr.sbin.squid (+27/-0)
Reviewer Review Type Date Requested Status
Bryce Harrington (community) Approve
Canonical Server Reporter Pending
Review via email: mp+435095@code.staging.launchpad.net

Description of the change

This is the merge of squid 5.7-1 from Debian unstable.

This new version implements support for OpenSSL 3 natively, which means that we're able to finally drop the ugly patch that we'd been carrying for a while.

Aside from that, two CVE fixes have been incorporated upstream and are also being dropped, along with a small hack (export DEB_*_MAINT_APPEND inside d/t/upstream-test-suite) that was necessary because of the OpenSSL 3 patch.

There's a PPA with the proposed changes here:

https://launchpad.net/~sergiodj/+archive/ubuntu/squid/+packages

autopkgtest results:

Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-sergiodj-squid/?format=plain)
  squid @ amd64:
    04.01.23 01:08:59 Log 🗒️ ✅ Triggers: squid/5.7-1ubuntu1~ppa1
  squid @ arm64:
    04.01.23 01:39:40 Log 🗒️ ✅ Triggers: squid/5.7-1ubuntu1~ppa1
  squid @ ppc64el:
    04.01.23 01:15:07 Log 🗒️ ✅ Triggers: squid/5.7-1ubuntu1~ppa1
  squid @ s390x:
    04.01.23 01:22:31 Log 🗒️ ✅ Triggers: squid/5.7-1ubuntu1~ppa1

The armhf test failed but that's a known flaky test. I resubmitted it and will post its results later.

To post a comment you must log in.
Revision history for this message
Bryce Harrington (bryce) wrote :

99-ubuntu-ssl-cert-snakeoil.patch ought to have DEP3 metadata by now. It's been around forever and looks like it'll stay with us permanently so would be worth formalizing it.

I'd also suggest along with that, to revise that change's changelog entry to match your standard style, i.e.:

     - d/p/99-ubuntu-ssl-cert-snakeoil.patch: Use snakeoil certificates
        via ssl-cert, and add a note about ssl to the default config file.

The GCC 11 FTBFS changelog entry could be similarly revised to match style of other entries.

https://github.com/squid-cache/squid/pull/887 looks like it was more or less agreed to and approved but still seems to be in process for over a year; might be worth a ping?

https://github.com/squid-cache/squid/pull/1118 looks like you've had an amicable interaction with upstream, but they're pushing back requesting more extensive refactoring work. I imagine it's not something you want to take time to tackle right now with the merge, but if you don't have anything too urgent on your plate this might be a good time in the cycle. Those kinds of data type refactorings tend not to be too hard but can require a few review roundtrips, so I'd not hold this merge for that work.

The changelog's version number needs fixed - it's 5.7-1ubuntu1~ppa1 but should be just 5.7-1ubuntu1.

review: Needs Fixing
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

On Wednesday, January 04 2023, Bryce Harrington wrote:

Thanks for the review, Bryce.

> 99-ubuntu-ssl-cert-snakeoil.patch ought to have DEP3 metadata by now. It's been around forever and looks like it'll stay with us permanently so would be worth formalizing it.
>
> I'd also suggest along with that, to revise that change's changelog entry to match your standard style, i.e.:
>
> - d/p/99-ubuntu-ssl-cert-snakeoil.patch: Use snakeoil certificates
> via ssl-cert, and add a note about ssl to the default config file.

ACK.

> The GCC 11 FTBFS changelog entry could be similarly revised to match style of other entries.

ACK.

> https://github.com/squid-cache/squid/pull/887 looks like it was more or less agreed to and approved but still seems to be in process for over a year; might be worth a ping?

The patch has been accepted and will be included in the next major
release, but upstream won't backport it to the v5 series. Therefore, we
will keep carrying it until (a) Debian is affected by the same bug, in
which case we'd be able to forward the patch to them, or (b) upstream
release v6 and we update our squid.

> https://github.com/squid-cache/squid/pull/1118 looks like you've had an amicable interaction with upstream, but they're pushing back requesting more extensive refactoring work. I imagine it's not something you want to take time to tackle right now with the merge, but if you don't have anything too urgent on your plate this might be a good time in the cycle. Those kinds of data type refactorings tend not to be too hard but can require a few review roundtrips, so I'd not hold this merge for that work.

Unfortunately I don't have the time right now to continue that work.
I've been juggling between many tasks that are more pressing, and the
patch we're carrying it correct (although it's not the best way to fix
the problem), so I think it's OK to keep it for now. I hope to have
more time after 23.04 is out, and this PR is on my TODO list.

> The changelog's version number needs fixed - it's 5.7-1ubuntu1~ppa1 but should be just 5.7-1ubuntu1.

Bummer. Thanks for catching this.

I'll let you know when I address your comments.

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

- DEP-3 added to 99-ubuntu-ssl-cert-snakeoil.patch.

- Version number fixed.

- d/changelog entry for the GCC 11 rewritten.

- I thought a bit more about your suggestion to rewrite the changelog entries for the snakeoil change, and I decided to leave it as is. I actually like the fact that it's verbose and has details regarding which files are modified.

This is ready for a re-review now. Thanks.

Revision history for this message
Bryce Harrington (bryce) wrote :

Did you want to update the changelog entry for the snakeoil certs?
Otherwise, all looks good now, +1.

review: Approve
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

On Thursday, January 05 2023, Bryce Harrington wrote:

> Review: Approve
>
> Did you want to update the changelog entry for the snakeoil certs?
> Otherwise, all looks good now, +1.

Thanks, Bryce.

I decided to leave the snakeoil entry as is; I think it looks fine.

Uploaded:

$ dput squid_5.7-1ubuntu1_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/squid/squid_5.7-1ubuntu1_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/squid/squid_5.7-1ubuntu1.dsc: Valid signature from 106DA1C8C3CBBF14
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading squid_5.7-1ubuntu1.dsc: done.
  Uploading squid_5.7.orig.tar.xz: done.
  Uploading squid_5.7.orig.tar.xz.asc: done.
  Uploading squid_5.7-1ubuntu1.debian.tar.xz: done.
  Uploading squid_5.7-1ubuntu1_source.buildinfo: done.
  Uploading squid_5.7-1ubuntu1_source.changes: done.
Successfully uploaded packages.

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

There was an error fetching revisions from git servers. Please try again in a few minutes. If the problem persists, contact Launchpad support.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches