Ubuntu
squid package

Merge squid from Debian unstable for noble

Bug #2040426 reported by Bryce Harrington
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
squid (Ubuntu)
Fix Released
Undecided
Athos Ribeiro
Ubuntu ubuntu-23.12

Bug Description

Upstream: tbd
Debian: 6.3-1
Ubuntu: 6.1-2ubuntu1

Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.

If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired.

### New Debian Changes ###

squid (6.3-1) unstable; urgency=medium

  [ Amos Jeffries <email address hidden> ]
  * New Upstream version 6.3 (Closes: #1049926, #1043505)

  * debian/patches/
    - remove 0007-ftbfs-gnu-hurd.patch integrated upstream

 -- Luigi Gangitano <email address hidden> Thu, 28 Sep 2023 16:04:20 +0200

squid (6.1-2) unstable; urgency=low

  [ Amos Jeffries <email address hidden> ]
  * debian/patches/
   - add 0007-ftbfs-gnu-hurd.patch to fix GNU/Hurd build

 -- Luigi Gangitano <email address hidden> Thu, 13 Jul 2023 13:04:20 +0200

squid (6.1-1) unstable; urgency=medium

  [ Amos Jeffries <email address hidden> ]
  * debian/{control,watch}
    - New Upstream Release

  * debian/patches/
    - refresh for new upstream version
    - add 0006-upstream-807ae4df2164defbb5f59b99282e24010b4a0b85.patch
    - remove 0003-installed-binary-for-debian-ci.patch integrated upstream
    - remove 1f13f721263a4cc75e4b798a230022561047899c.patch integrated upstream
    - remove edad3f150de8af0aeb2f629508be3219b83369b9.patch integrated upstream

  [ Luigi Gangitano <email address hidden> ]
  * debian/patches/
    - add Fordwarded tag

  * debian/control
    - Bumped Standards-Version to 4.6.2, no change needed

 -- Luigi Gangitano <email address hidden> Mon, 10 Jul 2023 11:04:20 +0200

squid (5.7-2) unstable; urgency=medium

  * Add a couple of upstream picked patches to fix some issues on 5.7
    that upstream has fixed on 5.8.

 -- Santiago Garcia Mantinan <email address hidden> Fri, 28 Apr 2023 08:35:27 +0200

squid (5.7-1) unstable; urgency=medium

  * Urgency high due to security fixes

  [ Luigi Gangitano <email address hidden> ]
  * New upstream version 5.7

  * Exposure of Sensitive Information in Cache Manager (CVE-2022-41317)
    (Closes: #1020587)

  * Buffer Over Read in SSPI and SMB Authentication (CVE-2022-41318)
    (Closes: #1020586)

  * debian/patches/
    - Removed 0006-Fix-build-against-OpenSSL-3-0.patch integrated upstream

  * debian/control
    - Bumped Standards-Version to 4.6.1, no change needed

  * Using new DH level format. Consequently:
      - debian/compat: removed.
      - debian/control:
          - Changed from 'debhelper' to 'debhelper-compat' in Build-Depends
            field and bumped level to 13.
      - debian/rules:
          - Disable dh_missing
      - Dropped unnecessary dependencies in Build-Depends field.

  * debian/salsa-ci.yml
      - Added to provide CI tests for Salsa

  * debian/upstream/metadata
    - Created upstream metadata file

  * debian/upstream/signing-key.asc
    - Strip extra signatures from upstream key

 -- Luigi Gangitano <email address hidden> Tue, 4 Oct 2022 11:04:20 +0200

squid (5.6-1) unstable; urgency=high

  * Urgency high due to security fixes

  [ Amos Jeffries <email address hidden> ]
  * New Upstream Release
    Fixes: CVE-2021-46784. Denial of Service in Gopher Processing

 -- Luigi Gangitano <email address hidden> Sun, 19 Jun 2022 13:39:54 +0200

squid (5.5-1.1) unstable; urgency=medium

  * Non-maintainer upload.

### Old Ubuntu Delta ###

squid (6.1-2ubuntu1) mantic; urgency=medium

  * Merge with Debian unstable (LP: #2018110). Remaining changes:
    - d/usr.sbin.squid: Add sections for squid-deb-proxy and
      squidguard
    - d/p/90-cf.data.ubuntu.patch: Add refresh patterns for deb
      packaging
    - Use snakeoil certificates:
      + d/control: add ssl-cert to dependencies
      + d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
        to the default config file
    - d/rules, d/NEWS: drop the NIS basic auth helper (LP #1895694)
    - d/p/0009-Fix-Werror-alloc-size-larger-than-on-GCC-12.patch:
      Fix FTBFS due to -Werror=alloc-size-larger-than on GCC 12.
    - d/rules: halt build upon test failures.
    - d/rules: do not include additional configuration files during
      build time tests. This would lead to test failures due to missing
      paths.
    - d/t/upstream-test-suite: use installed squid binary for
      autopkgtest config file checks.
  * Drop changes:
    - d/p/fix-max-pkt-sz-for-icmpEchoData-padding.patch: Adjust
      MAX_PKT{4,6}_SZ to account for icmpEchoData padding, fixing FTBFS
      with GCC 11 (LP #1939352).
      [ Applied upstream in 6.0.1 ]
    - d/p/series: do not rely on installed binaries for build time tests.
      [ Applied in 6.1-1 ]
    - d/rules: disable LTO related compilation errors for s390x builds.
      [ Fixed in 6.1-1 ]
  * New changes:
    - d/p/0010-Fix-Werror-sign-compare-on-GCC-13.patch: fix comparison
      between signed and unsigned values.
    - d/p/0011-Fix-ftp-support.patch: Fix pure virtual call in
      Ftp::Client constructor leading to problems in FTP support.
    - d/rules: disable LTO related compilation errors for ppc64el builds.
    - d/t/upstream-test-suite: make missing targets for squid 6.

 -- Athos Ribeiro <email address hidden> Tue, 15 Aug 2023 21:51:44 -0300

Related branches

~athos-ribeiro/ubuntu/+source/squid:merge-lp2040426-noble
git-ubuntu bot: Approve
Andreas Hasenack: Approve
Canonical Server Reporter: Pending requested
Diff: 1353 lines (+1134/-4)
11 files modified
debian/NEWS (+7/-0)
debian/changelog (+936/-0)
debian/control (+3/-2)
debian/patches/0009-Fix-Werror-alloc-size-larger-than-on-GCC-12.patch (+65/-0)
debian/patches/0010-Fix-Werror-sign-compare-on-GCC-13.patch (+24/-0)
debian/patches/90-cf.data.ubuntu.patch (+21/-0)
debian/patches/99-ubuntu-ssl-cert-snakeoil.patch (+28/-0)
debian/patches/series (+4/-0)
debian/rules (+15/-2)
debian/tests/upstream-test-suite (+4/-0)
debian/usr.sbin.squid (+27/-0)

CVE References

Bryce Harrington (bryce)
Changed in squid (Ubuntu):
milestone: none → ubuntu-24.01
Athos Ribeiro (athos-ribeiro)
Changed in squid (Ubuntu):
assignee: nobody → Athos Ribeiro (athos-ribeiro)
Revision history for this message
Amos Jeffries (yadi) wrote :

Please sync the 6.5-1 or later version from Debian. Prior versions have numerous security issues.

Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

This is likely being handled in LP: #2041837 (and perhaps that will be enough to close this bug if 6.5 is indeed sync'd from debian as a solution).

Athos Ribeiro (athos-ribeiro)
Changed in squid (Ubuntu):
milestone: ubuntu-24.01 → ubuntu-23.12
Athos Ribeiro (athos-ribeiro)
Changed in squid (Ubuntu):
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package squid - 6.5-1ubuntu1

---------------
squid (6.5-1ubuntu1) noble; urgency=medium

  * Merge with Debian unstable (LP: #2040426). Remaining changes:
    - d/usr.sbin.squid: Add sections for squid-deb-proxy and
      squidguard
    - d/p/90-cf.data.ubuntu.patch: Add refresh patterns for deb
      packaging
    - Use snakeoil certificates:
      + d/control: add ssl-cert to dependencies
      + d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
        to the default config file
    - d/NEWS: drop the NIS basic auth helper (LP #1895694)
    - d/p/0009-Fix-Werror-alloc-size-larger-than-on-GCC-12.patch:
      Fix FTBFS due to -Werror=alloc-size-larger-than on GCC 12.
    - d/rules: halt build upon test failures.
    - d/rules: do not include additional configuration files during
      build time tests. This would lead to test failures due to missing
      paths.
    - d/t/upstream-test-suite: use installed squid binary for
      autopkgtest config file checks.
    - d/p/0010-Fix-Werror-sign-compare-on-GCC-13.patch: fix comparison
      between signed and unsigned values.
    - d/rules: disable LTO related compilation errors for ppc64el builds.
  * Dropped changes:
    - d/t/upstream-test-suite: make missing targets for squid 6.
      [ Fixed in Debian in 6.5-1 ]
    - d/p/0011-Fix-ftp-support.patch: Fix pure virtual call in
      Ftp::Client constructor leading to problems in FTP support.
      [ Fixed upstream in 6.2 ]
    - SECURITY UPDATE: DoS against certificate validation
      + debian/patches/CVE-2023-46724.patch: fix validation of certificates
        with CN=* in src/anyp/Uri.cc.
      + CVE-2023-46724
      [ Fixed in Debian in 6.5-1 ]
    - SECURITY UPDATE: HTTP request smuggling, caused by chunked decoder
      lenience
      + debian/patches/CVE-2023-46846.patch: improve HTTP chunked encoding
        compliance in src/http/one/Parser.cc, src/http/one/Parser.h,
        src/http/one/TeChunkedParser.cc, src/parser/Tokenizer.cc,
        src/parser/Tokenizer.h.
      + CVE-2023-46846
      [ Fixed in Debian in 6.5-1 ]
    - SECURITY UPDATE: DoS via HTTP Digest Authentication
      + debian/patches/CVE-2023-46847.patch: fix stack buffer overflow when
        parsing Digest Authorization in src/auth/digest/Config.cc.
      + CVE-2023-46847
      [ Fixed in Debian in 6.5-1 ]
    - SECURITY UPDATE: DoS via ftp:// URLs
      + debian/patches/CVE-2023-46848.patch: fix userinfo percent-encoding in
        src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.cc,
        src/anyp/Uri.cc.
      + CVE-2023-46848
      [ Fixed in Debian in 6.5-1 ]

 -- Athos Ribeiro <email address hidden> Tue, 12 Dec 2023 12:05:40 -0300

Changed in squid (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.