* Merge with Debian unstable (LP: #1946903). Remaining changes:
- d/usr.sbin.squid: Add sections for squid-deb-proxy and
squidguard
- d/p/90-cf.data.ubuntu.patch: Add refresh patterns for deb
packaging
- Use snakeoil certificates:
+ d/control: add ssl-cert to dependencies
+ d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
to the default config file
- d/rules, d/NEWS: drop the NIS basic auth helper (LP #1895694)
- Fix FTBFS with GCC 11 (LP #1939352)
+ d/p/expand-max-pkt-sz-accomodate-icmphdr.patch: Expand MAX_PKT{4,6}_SZ to accomodate for icmp{,6_}hdr.
+ d/p/workaround-gcc11-wstringop-overread-bug.patch: Workaround
GCC 11 -Wstringop-overread bug.
* Dropped changes:
- d/p/0008-Fix-free-nonheap-object-warning-error-on-snmp_core.c.patch:
Fix call to free on nonheap-object in snmpCreateOidFromStr
[ Incorporated by upstream. ]
- Fix failure to build on RISC-V (LP #1934891)
[ Incorporated by upstream. ]
- SECURITY UPDATE: information disclosure via OOB read in WCCP protocol
+ debian/patches/CVE-2021-28116.patch: validate packets better in src/wccp2.cc.
+ CVE-2021-28116
[ Incorporated by upstream. ]
- Fix FTBFS with GCC 11 (LP #1939352)
+ d/p/replace-cbdata-offset-hack-with-offsetof.patch: Replace cbdata::Offset hack with offsetof().
+ d/p/add-missing-limits-include-connmark.patch: Add missing
<limits> include to src/acl/ConnMark.cc.
[ Incorporated by upstream. This is a partial drop; the other
two patches that compose this fix are still present in this
release. ]
This bug was fixed in the package squid - 5.2-1ubuntu1
---------------
squid (5.2-1ubuntu1) jammy; urgency=medium
* Merge with Debian unstable (LP: #1946903). Remaining changes: cf.data. ubuntu. patch: Add refresh patterns for deb ubuntu- ssl-cert- snakeoil. patch: add a note about ssl max-pkt- sz-accomodate- icmphdr. patch: Expand
MAX_PKT{ 4,6}_SZ to accomodate for icmp{,6_}hdr. gcc11-wstringop -overread- bug.patch: Workaround Fix-free- nonheap- object- warning- error-on- snmp_core. c.patch: omStr patches/ CVE-2021- 28116.patch: validate packets better in
src/wccp2. cc. cbdata- offset- hack-with- offsetof. patch: Replace
cbdata: :Offset hack with offsetof(). missing- limits- include- connmark. patch: Add missing ConnMark. cc.
- d/usr.sbin.squid: Add sections for squid-deb-proxy and
squidguard
- d/p/90-
packaging
- Use snakeoil certificates:
+ d/control: add ssl-cert to dependencies
+ d/p/99-
to the default config file
- d/rules, d/NEWS: drop the NIS basic auth helper (LP #1895694)
- Fix FTBFS with GCC 11 (LP #1939352)
+ d/p/expand-
+ d/p/workaround-
GCC 11 -Wstringop-overread bug.
* Dropped changes:
- d/p/0008-
Fix call to free on nonheap-object in snmpCreateOidFr
[ Incorporated by upstream. ]
- Fix failure to build on RISC-V (LP #1934891)
[ Incorporated by upstream. ]
- SECURITY UPDATE: information disclosure via OOB read in WCCP protocol
+ debian/
+ CVE-2021-28116
[ Incorporated by upstream. ]
- Fix FTBFS with GCC 11 (LP #1939352)
+ d/p/replace-
+ d/p/add-
<limits> include to src/acl/
[ Incorporated by upstream. This is a partial drop; the other
two patches that compose this fix are still present in this
release. ]
-- Sergio Durigan Junior <email address hidden> Mon, 01 Nov 2021 18:19:59 -0400