Merge squid from Debian unstable for l-series
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
squid (Ubuntu) |
Fix Released
|
Undecided
|
Sergio Durigan Junior |
Bug Description
Scheduled-For: ubuntu-23.01
Upstream: tbd
Debian: 5.7-1
Ubuntu: 5.6-1ubuntu3
### New Debian Changes ###
squid (5.7-1) unstable; urgency=medium
* Urgency high due to security fixes
[ Luigi Gangitano <email address hidden> ]
* New upstream version 5.7
* Exposure of Sensitive Information in Cache Manager (CVE-2022-41317)
(Closes: #1020587)
* Buffer Over Read in SSPI and SMB Authentication (CVE-2022-41318)
(Closes: #1020586)
* debian/patches/
- Removed 0006-Fix-
* debian/control
- Bumped Standards-Version to 4.6.1, no change needed
* Using new DH level format. Consequently:
- debian/compat: removed.
- debian/control:
- Changed from 'debhelper' to 'debhelper-compat' in Build-Depends
field and bumped level to 13.
- debian/rules:
- Disable dh_missing
- Dropped unnecessary dependencies in Build-Depends field.
* debian/salsa-ci.yml
- Added to provide CI tests for Salsa
* debian/
- Created upstream metadata file
* debian/
- Strip extra signatures from upstream key
-- Luigi Gangitano <email address hidden> Tue, 4 Oct 2022 11:04:20 +0200
squid (5.6-1) unstable; urgency=high
* Urgency high due to security fixes
[ Amos Jeffries <email address hidden> ]
* New Upstream Release
Fixes: CVE-2021-46784. Denial of Service in Gopher Processing
-- Luigi Gangitano <email address hidden> Sun, 19 Jun 2022 13:39:54 +0200
squid (5.5-1.1) unstable; urgency=medium
* Non-maintainer upload.
[ Nicholas Guriev ]
* Fixing build against OpenSSL 3.0 (Closes: #1005650, LP: #1946205)
* debian/rules
- Do not fail on errors about deprecated declarations from OpenSSL.
- Remove -Wall in CFLAGS from the debian/rules file since upstream build
scripts already pass this flag.
* debian/patches/
- New 0006-Fix-
[ Simon Deziel ]
* apparmor: allow reading /etc/ssl/
-- Nicholas Guriev <email address hidden> Tue, 31 May 2022 23:13:38 +0300
squid (5.5-1) unstable; urgency=medium
[ Amos Jeffries <email address hidden> ]
* New Upstream Release
* debian/patches/
- remove upstreamed 0004-Change-
-- Luigi Gangitano <email address hidden> Fri, 15 Apr 2022 14:39:54 +0200
squid (5.2-1) unstable; urgency=medium
[ Amos Jeffries <email address hidden> ]
* New Upstream Release (Closes: #986804, #976131)
Fixes: CVE-2021-28116. Out-Of-Bounds memory access in WCCPv2
Fixes: CVE-2021-41611. Improper Certificate Validation of TLS server
certificates
[ L.P.H. van Belle <email address hidden> ]
* debian/rules
- polish override_
* debian/NEWS
- bump version number to make Lintian happy
-- Luigi Gangitano <email address hidden> Sat, 9 Oct 2021 17:03:54 +0200
squid (5.1-2) unstable; urgency=medium
[ Amos Jeffries <email address hidden> ]
* New Upstream Release (Closes: #984351, #943692)
### Old Ubuntu Delta ###
squid (5.6-1ubuntu3) kinetic; urgency=medium
* SECURITY UPDATE: Exposure of Sensitive Information in Cache Manager
- debian/
src/
- CVE-2022-41317
* SECURITY UPDATE: Buffer Over Read in SSPI and SMB Authentication
- debian/
lib/
- CVE-2022-41318
-- Marc Deslauriers <email address hidden> Fri, 23 Sep 2022 08:02:41 -0400
squid (5.6-1ubuntu2) kinetic; urgency=medium
* d/t/upstream-
here. (LP: #1988217)
-- Sergio Durigan Junior <email address hidden> Tue, 30 Aug 2022 19:32:59 -0400
squid (5.6-1ubuntu1) kinetic; urgency=medium
* Merge with Debian unstable (LP: #1971325). Remaining changes:
- d/usr.sbin.squid: Add sections for squid-deb-proxy and
squidguard
- d/p/90-
packaging
- Use snakeoil certificates:
+ d/control: add ssl-cert to dependencies
+ d/p/99-
to the default config file
- d/rules, d/NEWS: drop the NIS basic auth helper (LP #1895694)
- Fix FTBFS with GCC 11 (LP #1939352)
+ d/p/fix-
* Drop changes:
- Fix FTBFS with OpenSSL 3.0 (LP #1946205). The following new
patches have been added:
+ d/p/openssl3-
+ d/p/openssl3-
+ d/p/openssl3-
+ d/p/openssl3-
+ d/p/openssl3-
+ d/p/openssl3-
+ d/p/openssl3-
+ d/p/openssl3-
+ d/p/openssl3-
+ d/p/openssl3-
+ d/p/openssl3-
+ d/p/openssl3-
[ Incorporated by Debian. ]
- SECURITY UPDATE: Denial of Service in Gopher Processing
+ debian/
responses in src/gopher.cc.
[ Incorporated by upstream. ]
- Fix FTBFS with GCC 11 (LP #1939352)
+ d/p/workaround-
GCC 11 -Wstringop-overread bug.
[ Not needed anymore. ]
* Add changes:
- d/p/0009-
Fix FTBFS due to -Werror=
[ Forwarded upstream ]
-- Sergio Durigan Junior <email address hidden> Thu, 11 Aug 2022 17:13:45 -0400
Related branches
- Bryce Harrington (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 1212 lines (+1039/-2)9 files modifieddebian/NEWS (+7/-0)
debian/changelog (+794/-0)
debian/control (+3/-2)
debian/patches/0009-Fix-Werror-alloc-size-larger-than-on-GCC-12.patch (+65/-0)
debian/patches/90-cf.data.ubuntu.patch (+22/-0)
debian/patches/99-ubuntu-ssl-cert-snakeoil.patch (+28/-0)
debian/patches/fix-max-pkt-sz-for-icmpEchoData-padding.patch (+89/-0)
debian/patches/series (+4/-0)
debian/usr.sbin.squid (+27/-0)
CVE References
Changed in squid (Ubuntu): | |
assignee: | nobody → Sergio Durigan Junior (sergiodj) |
Changed in squid (Ubuntu): | |
status: | New → In Progress |
This bug was fixed in the package squid - 5.7-1ubuntu1
---------------
squid (5.7-1ubuntu1) lunar; urgency=medium
* Merge with Debian unstable (LP: #1993446). Remaining changes: cf.data. ubuntu. patch: Add refresh patterns for deb ubuntu- ssl-cert- snakeoil. patch: add a note about ssl max-pkt- sz-for- icmpEchoData- padding. patch: Adjust PKT{4,6} _SZ to account for icmpEchoData padding, fixing FTBFS Fix-Werror- alloc-size- larger- than-on- GCC-12. patch: alloc-size- larger- than on GCC 12. test-suite: Also export DEB_*_MAINT_APPEND variables patches/ CVE-2022- 41317.patch: fix typo in ACL in
src/cf. data.pre. patches/ CVE-2022- 41318.patch: improve checks in
lib/ntlmauth/ ntlmauth. cc.
- d/usr.sbin.squid: Add sections for squid-deb-proxy and
squidguard
- d/p/90-
packaging
- Use snakeoil certificates:
+ d/control: add ssl-cert to dependencies
+ d/p/99-
to the default config file
- d/rules, d/NEWS: drop the NIS basic auth helper (LP #1895694)
- d/p/fix-
MAX_
with GCC 11 (LP #1939352).
- d/p/0009-
Fix FTBFS due to -Werror=
* Drop changes:
- d/t/upstream-
here. (LP #1988217)
[ Not necessary anymore. ]
- SECURITY UPDATE: Exposure of Sensitive Information in Cache Manager
- debian/
- CVE-2022-41317
[ Incorporated upstream. ]
- SECURITY UPDATE: Buffer Over Read in SSPI and SMB Authentication
- debian/
[ Incorporated upstream. ]
-- Sergio Durigan Junior <email address hidden> Tue, 03 Jan 2023 17:39:52 -0500