2021-10-19 04:37:12 |
Bryce Harrington |
description |
Scheduled-For: 23.01
Upstream: tbd
Debian: 5.2-1
Ubuntu: 4.13-10ubuntu5
Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.
### New Debian Changes ###
squid (5.2-1) unstable; urgency=medium
[ Amos Jeffries <amosjeffries@squid-cache.org> ]
* New Upstream Release (Closes: #986804, #976131)
Fixes: CVE-2021-28116. Out-Of-Bounds memory access in WCCPv2
Fixes: CVE-2021-41611. Improper Certificate Validation of TLS server
certificates
[ L.P.H. van Belle <belle@bazuin.nl> ]
* debian/rules
- polish override_dh_installsystemd action to match other sequences
* debian/NEWS
- bump version number to make Lintian happy
-- Luigi Gangitano <luigi@debian.org> Sat, 9 Oct 2021 17:03:54 +0200
squid (5.1-2) unstable; urgency=medium
[ Amos Jeffries <amosjeffries@squid-cache.org> ]
* New Upstream Release (Closes: #984351, #943692)
* debian/control
- switch build-dep to libtdb-dev. libdb is deprecated
- Bumped Standards-Version to 4.6.0, no change needed
* debian/patches/
- refresh patches for new version
- fix 0001-Default-configuration-file-for-debian.patch (Closes: #970025)
- add 0004-Change-default-Makefiles-for-debian.patch
to fix FTBFS 'cp: cannot create regular file tests/stub_*.cc'
* debian/rules
- remove basic_nis_auth helper
* Drop squid3 upgrade compatibility. Debian has not contained
a squid3 package for at least two full release cycles.
-- Luigi Gangitano <luigi@debian.org> Fri, 17 Sep 2021 09:27:54 +0200
squid (4.13-10) unstable; urgency=medium
[ Francisco Vilmar Cardoso Ruviaro ]
* Add debian/patches/0007-CVE-2021-28651.patch to fix a Denial
of Service in URN processing. (Closes: #988893, CVE-2021-28651)
[ Santiago Garcia Mantinan ]
* Add patch to fix a Denial of Service in HTTP Response Processing.
Fixes: CVE-2021-28662. Closes: #988891.
* Add patch to fix a Denial of Service issue in Cache Manager.
Fixes: CVE-2021-28652. Closes: #988892.
* Add patch to fix Multiple Issues in HTTP Range header.
Fixes: CVE-2021-31806 CVE-2021-31807 CVE-2021-31808. Closes: #989043.
* Add patch to fix a Denial of Service in HTTP Response processing.
Fixes: GHSA-572g-rvwr-6c7f.
-- Santiago Garcia Mantinan <manty@debian.org> Fri, 28 May 2021 12:28:20 +0200
squid (4.13-9) unstable; urgency=medium
* Clarify on NEWS and scripts that we no longer remove logs on purge.
* Clarify on postrm script that the debhelper code was put manually.
* Add README.Debian to squid-openssl.
-- Santiago Garcia Mantinan <manty@debian.org> Tue, 23 Mar 2021 00:18:11 +0100
squid (4.13-8) unstable; urgency=medium
* Add SQUID-2020_11.patch to fix HTTP Request Smuggling.
Fixes: CVE-2020-25097. Closes: #985068.
-- Santiago Garcia Mantinan <manty@debian.org> Sun, 21 Mar 2021 00:58:29 +0100
squid (4.13-7) unstable; urgency=medium
* Add full postrm scripts while we don't solve #984897 on debhelper.
Closes: #984880.
-- Santiago Garcia Mantinan <manty@debian.org> Wed, 10 Mar 2021 09:19:32 +0100
squid (4.13-6) unstable; urgency=medium
* Stop removing cache and config file on postrm. Closes: #984510.
* Increase debhelper build dependency to 12.8 as we need that from -5.
* Add NEWS note on the problem with purge on previous versions.
-- Santiago Garcia Mantinan <manty@debian.org> Thu, 04 Mar 2021 14:45:00 +0100
squid (4.13-5) unstable; urgency=high
* Have a deeper look and change all dpkg-buildpackage commands
for similar dh ones. At least at home it works now.
-- Santiago Garcia Mantinan <manty@debian.org> Mon, 08 Feb 2021 21:35:48 +0100
squid (4.13-4) unstable; urgency=high
* Remove pre-build from upstream-test-suite.
-- Santiago Garcia Mantinan <manty@debian.org> Mon, 08 Feb 2021 09:26:25 +0100
### Old Ubuntu Delta ###
squid (4.13-10ubuntu5) impish; urgency=medium
* SECURITY UPDATE: information disclosure via OOB read in WCCP protocol
- debian/patches/CVE-2021-28116.patch: validate packets better in
src/wccp2.cc.
- CVE-2021-28116
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 04 Oct 2021 08:20:07 -0400
squid (4.13-10ubuntu4) impish; urgency=medium
* Fix FTBFS with GCC 11 (LP: #1939352)
- d/p/add-missing-limits-include-connmark.patch: Add missing
<limits> include to src/acl/ConnMark.cc.
- d/p/fix-max-pkt-sz-for-icmpEchoData-padding.patch.patch: Expand
MAX_PKT{4,6}_SZ to accomodate for icmp{,6_}hdr.
- d/p/replace-cbdata-offset-hack-with-offsetof.patch: Replace
cbdata::Offset hack with offsetof().
- d/p/workaround-gcc11-wstringop-overread-bug.patch: Workaround
GCC 11 -Wstringop-overread bug.
-- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 20 Aug 2021 00:19:41 -0400
squid (4.13-10ubuntu3) impish; urgency=medium
* Fix failure to build on RISC-V (LP: #1934891)
-- Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Wed, 07 Jul 2021 14:11:51 +0200
squid (4.13-10ubuntu2) impish; urgency=medium
* No-change rebuild due to OpenLDAP soname bump.
-- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 21 Jun 2021 18:09:05 -0400
squid (4.13-10ubuntu1) impish; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/usr.sbin.squid: Add sections for squid-deb-proxy and
squidguard
- d/p/90-cf.data.ubuntu.patch: Add refresh patterns for deb
packaging
- Use snakeoil certificates:
+ d/control: add ssl-cert to dependencies
+ d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
to the default config file
- d/rules, d/NEWS: drop the NIS basic auth helper (LP: #1895694)
- d/p/0008-Fix-free-nonheap-object-warning-error-on-snmp_core.c.patch:
Fix call to free on nonheap-object in snmpCreateOidFromStr
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 04 Jun 2021 12:49:43 -0400
|
Upstream: tbd
Debian: 5.2-1
Ubuntu: 4.13-10ubuntu5
Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.
### New Debian Changes ###
squid (5.2-1) unstable; urgency=medium
[ Amos Jeffries <amosjeffries@squid-cache.org> ]
* New Upstream Release (Closes: #986804, #976131)
Fixes: CVE-2021-28116. Out-Of-Bounds memory access in WCCPv2
Fixes: CVE-2021-41611. Improper Certificate Validation of TLS server
certificates
[ L.P.H. van Belle <belle@bazuin.nl> ]
* debian/rules
- polish override_dh_installsystemd action to match other sequences
* debian/NEWS
- bump version number to make Lintian happy
-- Luigi Gangitano <luigi@debian.org> Sat, 9 Oct 2021 17:03:54 +0200
squid (5.1-2) unstable; urgency=medium
[ Amos Jeffries <amosjeffries@squid-cache.org> ]
* New Upstream Release (Closes: #984351, #943692)
* debian/control
- switch build-dep to libtdb-dev. libdb is deprecated
- Bumped Standards-Version to 4.6.0, no change needed
* debian/patches/
- refresh patches for new version
- fix 0001-Default-configuration-file-for-debian.patch (Closes: #970025)
- add 0004-Change-default-Makefiles-for-debian.patch
to fix FTBFS 'cp: cannot create regular file tests/stub_*.cc'
* debian/rules
- remove basic_nis_auth helper
* Drop squid3 upgrade compatibility. Debian has not contained
a squid3 package for at least two full release cycles.
-- Luigi Gangitano <luigi@debian.org> Fri, 17 Sep 2021 09:27:54 +0200
squid (4.13-10) unstable; urgency=medium
[ Francisco Vilmar Cardoso Ruviaro ]
* Add debian/patches/0007-CVE-2021-28651.patch to fix a Denial
of Service in URN processing. (Closes: #988893, CVE-2021-28651)
[ Santiago Garcia Mantinan ]
* Add patch to fix a Denial of Service in HTTP Response Processing.
Fixes: CVE-2021-28662. Closes: #988891.
* Add patch to fix a Denial of Service issue in Cache Manager.
Fixes: CVE-2021-28652. Closes: #988892.
* Add patch to fix Multiple Issues in HTTP Range header.
Fixes: CVE-2021-31806 CVE-2021-31807 CVE-2021-31808. Closes: #989043.
* Add patch to fix a Denial of Service in HTTP Response processing.
Fixes: GHSA-572g-rvwr-6c7f.
-- Santiago Garcia Mantinan <manty@debian.org> Fri, 28 May 2021 12:28:20 +0200
squid (4.13-9) unstable; urgency=medium
* Clarify on NEWS and scripts that we no longer remove logs on purge.
* Clarify on postrm script that the debhelper code was put manually.
* Add README.Debian to squid-openssl.
-- Santiago Garcia Mantinan <manty@debian.org> Tue, 23 Mar 2021 00:18:11 +0100
squid (4.13-8) unstable; urgency=medium
* Add SQUID-2020_11.patch to fix HTTP Request Smuggling.
Fixes: CVE-2020-25097. Closes: #985068.
-- Santiago Garcia Mantinan <manty@debian.org> Sun, 21 Mar 2021 00:58:29 +0100
squid (4.13-7) unstable; urgency=medium
* Add full postrm scripts while we don't solve #984897 on debhelper.
Closes: #984880.
-- Santiago Garcia Mantinan <manty@debian.org> Wed, 10 Mar 2021 09:19:32 +0100
squid (4.13-6) unstable; urgency=medium
* Stop removing cache and config file on postrm. Closes: #984510.
* Increase debhelper build dependency to 12.8 as we need that from -5.
* Add NEWS note on the problem with purge on previous versions.
-- Santiago Garcia Mantinan <manty@debian.org> Thu, 04 Mar 2021 14:45:00 +0100
squid (4.13-5) unstable; urgency=high
* Have a deeper look and change all dpkg-buildpackage commands
for similar dh ones. At least at home it works now.
-- Santiago Garcia Mantinan <manty@debian.org> Mon, 08 Feb 2021 21:35:48 +0100
squid (4.13-4) unstable; urgency=high
* Remove pre-build from upstream-test-suite.
-- Santiago Garcia Mantinan <manty@debian.org> Mon, 08 Feb 2021 09:26:25 +0100
### Old Ubuntu Delta ###
squid (4.13-10ubuntu5) impish; urgency=medium
* SECURITY UPDATE: information disclosure via OOB read in WCCP protocol
- debian/patches/CVE-2021-28116.patch: validate packets better in
src/wccp2.cc.
- CVE-2021-28116
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 04 Oct 2021 08:20:07 -0400
squid (4.13-10ubuntu4) impish; urgency=medium
* Fix FTBFS with GCC 11 (LP: #1939352)
- d/p/add-missing-limits-include-connmark.patch: Add missing
<limits> include to src/acl/ConnMark.cc.
- d/p/fix-max-pkt-sz-for-icmpEchoData-padding.patch.patch: Expand
MAX_PKT{4,6}_SZ to accomodate for icmp{,6_}hdr.
- d/p/replace-cbdata-offset-hack-with-offsetof.patch: Replace
cbdata::Offset hack with offsetof().
- d/p/workaround-gcc11-wstringop-overread-bug.patch: Workaround
GCC 11 -Wstringop-overread bug.
-- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 20 Aug 2021 00:19:41 -0400
squid (4.13-10ubuntu3) impish; urgency=medium
* Fix failure to build on RISC-V (LP: #1934891)
-- Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Wed, 07 Jul 2021 14:11:51 +0200
squid (4.13-10ubuntu2) impish; urgency=medium
* No-change rebuild due to OpenLDAP soname bump.
-- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 21 Jun 2021 18:09:05 -0400
squid (4.13-10ubuntu1) impish; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/usr.sbin.squid: Add sections for squid-deb-proxy and
squidguard
- d/p/90-cf.data.ubuntu.patch: Add refresh patterns for deb
packaging
- Use snakeoil certificates:
+ d/control: add ssl-cert to dependencies
+ d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
to the default config file
- d/rules, d/NEWS: drop the NIS basic auth helper (LP: #1895694)
- d/p/0008-Fix-free-nonheap-object-warning-error-on-snmp_core.c.patch:
Fix call to free on nonheap-object in snmpCreateOidFromStr
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 04 Jun 2021 12:49:43 -0400 |
|
2021-12-01 20:03:19 |
Sergio Durigan Junior |
description |
Upstream: tbd
Debian: 5.2-1
Ubuntu: 4.13-10ubuntu5
Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.
### New Debian Changes ###
squid (5.2-1) unstable; urgency=medium
[ Amos Jeffries <amosjeffries@squid-cache.org> ]
* New Upstream Release (Closes: #986804, #976131)
Fixes: CVE-2021-28116. Out-Of-Bounds memory access in WCCPv2
Fixes: CVE-2021-41611. Improper Certificate Validation of TLS server
certificates
[ L.P.H. van Belle <belle@bazuin.nl> ]
* debian/rules
- polish override_dh_installsystemd action to match other sequences
* debian/NEWS
- bump version number to make Lintian happy
-- Luigi Gangitano <luigi@debian.org> Sat, 9 Oct 2021 17:03:54 +0200
squid (5.1-2) unstable; urgency=medium
[ Amos Jeffries <amosjeffries@squid-cache.org> ]
* New Upstream Release (Closes: #984351, #943692)
* debian/control
- switch build-dep to libtdb-dev. libdb is deprecated
- Bumped Standards-Version to 4.6.0, no change needed
* debian/patches/
- refresh patches for new version
- fix 0001-Default-configuration-file-for-debian.patch (Closes: #970025)
- add 0004-Change-default-Makefiles-for-debian.patch
to fix FTBFS 'cp: cannot create regular file tests/stub_*.cc'
* debian/rules
- remove basic_nis_auth helper
* Drop squid3 upgrade compatibility. Debian has not contained
a squid3 package for at least two full release cycles.
-- Luigi Gangitano <luigi@debian.org> Fri, 17 Sep 2021 09:27:54 +0200
squid (4.13-10) unstable; urgency=medium
[ Francisco Vilmar Cardoso Ruviaro ]
* Add debian/patches/0007-CVE-2021-28651.patch to fix a Denial
of Service in URN processing. (Closes: #988893, CVE-2021-28651)
[ Santiago Garcia Mantinan ]
* Add patch to fix a Denial of Service in HTTP Response Processing.
Fixes: CVE-2021-28662. Closes: #988891.
* Add patch to fix a Denial of Service issue in Cache Manager.
Fixes: CVE-2021-28652. Closes: #988892.
* Add patch to fix Multiple Issues in HTTP Range header.
Fixes: CVE-2021-31806 CVE-2021-31807 CVE-2021-31808. Closes: #989043.
* Add patch to fix a Denial of Service in HTTP Response processing.
Fixes: GHSA-572g-rvwr-6c7f.
-- Santiago Garcia Mantinan <manty@debian.org> Fri, 28 May 2021 12:28:20 +0200
squid (4.13-9) unstable; urgency=medium
* Clarify on NEWS and scripts that we no longer remove logs on purge.
* Clarify on postrm script that the debhelper code was put manually.
* Add README.Debian to squid-openssl.
-- Santiago Garcia Mantinan <manty@debian.org> Tue, 23 Mar 2021 00:18:11 +0100
squid (4.13-8) unstable; urgency=medium
* Add SQUID-2020_11.patch to fix HTTP Request Smuggling.
Fixes: CVE-2020-25097. Closes: #985068.
-- Santiago Garcia Mantinan <manty@debian.org> Sun, 21 Mar 2021 00:58:29 +0100
squid (4.13-7) unstable; urgency=medium
* Add full postrm scripts while we don't solve #984897 on debhelper.
Closes: #984880.
-- Santiago Garcia Mantinan <manty@debian.org> Wed, 10 Mar 2021 09:19:32 +0100
squid (4.13-6) unstable; urgency=medium
* Stop removing cache and config file on postrm. Closes: #984510.
* Increase debhelper build dependency to 12.8 as we need that from -5.
* Add NEWS note on the problem with purge on previous versions.
-- Santiago Garcia Mantinan <manty@debian.org> Thu, 04 Mar 2021 14:45:00 +0100
squid (4.13-5) unstable; urgency=high
* Have a deeper look and change all dpkg-buildpackage commands
for similar dh ones. At least at home it works now.
-- Santiago Garcia Mantinan <manty@debian.org> Mon, 08 Feb 2021 21:35:48 +0100
squid (4.13-4) unstable; urgency=high
* Remove pre-build from upstream-test-suite.
-- Santiago Garcia Mantinan <manty@debian.org> Mon, 08 Feb 2021 09:26:25 +0100
### Old Ubuntu Delta ###
squid (4.13-10ubuntu5) impish; urgency=medium
* SECURITY UPDATE: information disclosure via OOB read in WCCP protocol
- debian/patches/CVE-2021-28116.patch: validate packets better in
src/wccp2.cc.
- CVE-2021-28116
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 04 Oct 2021 08:20:07 -0400
squid (4.13-10ubuntu4) impish; urgency=medium
* Fix FTBFS with GCC 11 (LP: #1939352)
- d/p/add-missing-limits-include-connmark.patch: Add missing
<limits> include to src/acl/ConnMark.cc.
- d/p/fix-max-pkt-sz-for-icmpEchoData-padding.patch.patch: Expand
MAX_PKT{4,6}_SZ to accomodate for icmp{,6_}hdr.
- d/p/replace-cbdata-offset-hack-with-offsetof.patch: Replace
cbdata::Offset hack with offsetof().
- d/p/workaround-gcc11-wstringop-overread-bug.patch: Workaround
GCC 11 -Wstringop-overread bug.
-- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 20 Aug 2021 00:19:41 -0400
squid (4.13-10ubuntu3) impish; urgency=medium
* Fix failure to build on RISC-V (LP: #1934891)
-- Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Wed, 07 Jul 2021 14:11:51 +0200
squid (4.13-10ubuntu2) impish; urgency=medium
* No-change rebuild due to OpenLDAP soname bump.
-- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 21 Jun 2021 18:09:05 -0400
squid (4.13-10ubuntu1) impish; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/usr.sbin.squid: Add sections for squid-deb-proxy and
squidguard
- d/p/90-cf.data.ubuntu.patch: Add refresh patterns for deb
packaging
- Use snakeoil certificates:
+ d/control: add ssl-cert to dependencies
+ d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
to the default config file
- d/rules, d/NEWS: drop the NIS basic auth helper (LP: #1895694)
- d/p/0008-Fix-free-nonheap-object-warning-error-on-snmp_core.c.patch:
Fix call to free on nonheap-object in snmpCreateOidFromStr
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 04 Jun 2021 12:49:43 -0400 |
Upstream: tbd
Debian: 5.2-1
Ubuntu: 5.2-1ubuntu1
Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.
### Old Ubuntu Delta ###
squid (5.2-1ubuntu1) jammy; urgency=medium
* Merge with Debian unstable (LP: #1946903). Remaining changes:
- d/usr.sbin.squid: Add sections for squid-deb-proxy and
squidguard
- d/p/90-cf.data.ubuntu.patch: Add refresh patterns for deb
packaging
- Use snakeoil certificates:
+ d/control: add ssl-cert to dependencies
+ d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
to the default config file
- d/rules, d/NEWS: drop the NIS basic auth helper (LP #1895694)
- Fix FTBFS with GCC 11 (LP #1939352)
+ d/p/expand-max-pkt-sz-accomodate-icmphdr.patch: Expand
MAX_PKT{4,6}_SZ to accomodate for icmp{,6_}hdr.
+ d/p/workaround-gcc11-wstringop-overread-bug.patch: Workaround
GCC 11 -Wstringop-overread bug.
* Dropped changes:
- d/p/0008-Fix-free-nonheap-object-warning-error-on-snmp_core.c.patch:
Fix call to free on nonheap-object in snmpCreateOidFromStr
[ Incorporated by upstream. ]
- Fix failure to build on RISC-V (LP #1934891)
[ Incorporated by upstream. ]
- SECURITY UPDATE: information disclosure via OOB read in WCCP protocol
+ debian/patches/CVE-2021-28116.patch: validate packets better in
src/wccp2.cc.
+ CVE-2021-28116
[ Incorporated by upstream. ]
- Fix FTBFS with GCC 11 (LP #1939352)
+ d/p/replace-cbdata-offset-hack-with-offsetof.patch: Replace
cbdata::Offset hack with offsetof().
+ d/p/add-missing-limits-include-connmark.patch: Add missing
<limits> include to src/acl/ConnMark.cc.
[ Incorporated by upstream. This is a partial drop; the other
two patches that compose this fix are still present in this
release. ]
-- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 01 Nov 2021 18:19:59 -0400 |
|