Merge squid from Debian unstable for mantic

Scheduled-For: Backlog
Upstream: tbd
Debian: 5.7-1
Ubuntu: 5.7-1ubuntu3

There is nothing yet to merge for squid currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle.

If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired.

### New Debian Changes ###

squid (5.7-1) unstable; urgency=medium

  * Urgency high due to security fixes

  [ Luigi Gangitano <email address hidden> ]
  * New upstream version 5.7

  * Exposure of Sensitive Information in Cache Manager (CVE-2022-41317)
    (Closes: #1020587)
  * Buffer Over Read in SSPI and SMB Authentication (CVE-2022-41318)
    (Closes: #1020586)

  * debian/patches/
    - Removed 0006-Fix-build-against-OpenSSL-3-0.patch integrated upstream

  * debian/control
    - Bumped Standards-Version to 4.6.1, no change needed

  * Using new DH level format. Consequently:
      - debian/compat: removed.
      - debian/control:
          - Changed from 'debhelper' to 'debhelper-compat' in Build-Depends
            field and bumped level to 13.
      - debian/rules:
          - Disable dh_missing
      - Dropped unnecessary dependencies in Build-Depends field.

  * debian/salsa-ci.yml
      - Added to provide CI tests for Salsa

  * debian/upstream/metadata
    - Created upstream metadata file

  * debian/upstream/signing-key.asc
    - Strip extra signatures from upstream key

 -- Luigi Gangitano <email address hidden> Tue, 4 Oct 2022 11:04:20 +0200

squid (5.6-1) unstable; urgency=high

  * Urgency high due to security fixes

  [ Amos Jeffries <email address hidden> ]
  * New Upstream Release
    Fixes: CVE-2021-46784. Denial of Service in Gopher Processing

 -- Luigi Gangitano <email address hidden> Sun, 19 Jun 2022 13:39:54 +0200

squid (5.5-1.1) unstable; urgency=medium

  * Non-maintainer upload.

  [ Nicholas Guriev ]
  * Fixing build against OpenSSL 3.0 (Closes: #1005650, LP: #1946205)

  * debian/rules
    - Do not fail on errors about deprecated declarations from OpenSSL.
    - Remove -Wall in CFLAGS from the debian/rules file since upstream build
      scripts already pass this flag.

  * debian/patches/
    - New 0006-Fix-build-against-OpenSSL-3-0.patch

  [ Simon Deziel ]
  * apparmor: allow reading /etc/ssl/openssl.cnf

 -- Nicholas Guriev <email address hidden> Tue, 31 May 2022 23:13:38 +0300

squid (5.5-1) unstable; urgency=medium

  [ Amos Jeffries <email address hidden> ]
  * New Upstream Release

  * debian/patches/
    - remove upstreamed 0004-Change-default-Makefiles-for-debian.patch

 -- Luigi Gangitano <email address hidden> Fri, 15 Apr 2022 14:39:54 +0200

squid (5.2-1) unstable; urgency=medium

  [ Amos Jeffries <email address hidden> ]
  * New Upstream Release (Closes: #986804, #976131)
    Fixes: CVE-2021-28116. Out-Of-Bounds memory access in WCCPv2
    Fixes: CVE-2021-41611. Improper Certificate Validation of TLS server
    certificates

  [ L.P.H. van Belle <email address hidden> ]
  * debian/rules
    - polish override_dh_installsystemd action to match other sequences

  * debian/NEWS
    - bump version number to make Lintian happy

 -- Luigi Gangitano <email address hidden> Sat, 9 Oct 2021 17:03:54 +0200

squid (5.1-2) unstable; urgency=medium

  [ Amos Jeffries <email address hidden> ]
  * New Upstream Release (Closes: #984351, #943692)

### Old Ubuntu Delta ###

squid (5.7-1ubuntu3) lunar; urgency=medium

  * d/rules:
    - Re-enable LTO for s390x builds. (LP: #2011494)
    - Disable LTO related compilation errors for s390x builds.

 -- Athos Ribeiro <email address hidden> Mon, 13 Mar 2023 21:54:07 -0300

squid (5.7-1ubuntu2) lunar; urgency=medium

  * Make builds fail when upstream test suite fails (LP: #2004050):
    - d/p/series: do not rely on installed binaries for build time tests.
    - d/rules: halt build upon test failures.
    - d/rules: do not include additional configuration files during
      build time tests. This would lead to test failures due to missing
      paths.
    - d/t/upstream-test-suite: use installed squid binary for
      autopkgtest config file checks.
    - d/rules: disable LTO for s390x builds.

 -- Athos Ribeiro <email address hidden> Fri, 27 Jan 2023 11:06:05 -0300

squid (5.7-1ubuntu1) lunar; urgency=medium

  * Merge with Debian unstable (LP: #1993446). Remaining changes:
    - d/usr.sbin.squid: Add sections for squid-deb-proxy and
      squidguard
    - d/p/90-cf.data.ubuntu.patch: Add refresh patterns for deb
      packaging
    - Use snakeoil certificates:
      + d/control: add ssl-cert to dependencies
      + d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
        to the default config file
    - d/rules, d/NEWS: drop the NIS basic auth helper (LP #1895694)
    - d/p/fix-max-pkt-sz-for-icmpEchoData-padding.patch: Adjust
      MAX_PKT{4,6}_SZ to account for icmpEchoData padding, fixing FTBFS
      with GCC 11 (LP #1939352).
    - d/p/0009-Fix-Werror-alloc-size-larger-than-on-GCC-12.patch:
      Fix FTBFS due to -Werror=alloc-size-larger-than on GCC 12.
  * Drop changes:
    - d/t/upstream-test-suite: Also export DEB_*_MAINT_APPEND variables
      here. (LP #1988217)
      [ Not necessary anymore. ]
    - SECURITY UPDATE: Exposure of Sensitive Information in Cache Manager
      - debian/patches/CVE-2022-41317.patch: fix typo in ACL in
        src/cf.data.pre.
      - CVE-2022-41317
      [ Incorporated upstream. ]
    - SECURITY UPDATE: Buffer Over Read in SSPI and SMB Authentication
      - debian/patches/CVE-2022-41318.patch: improve checks in
        lib/ntlmauth/ntlmauth.cc.
      [ Incorporated upstream. ]

 -- Sergio Durigan Junior <email address hidden> Tue, 03 Jan 2023 17:39:52 -0500