squid 4.8-1ubuntu1 source package in Ubuntu
Changelog
squid (4.8-1ubuntu1) eoan; urgency=medium * Merge with Debian unstable. Remaining changes: - Use snakeoil certificates. - Add an example refresh pattern for debs. - d/usr.sbin.squid: Add sections for maas-proxy, squid-deb-proxy, squidguard - d/rules: Add -Wno-format-truncation to CXXFLAGS as a workaround if building for ppc64el. On that arch, dpkg-buildflags sets -O3 instead of -O2 and that triggers a format-truncation error on pcon.cc. See See https://bugs.squid-cache.org/show_bug.cgi?id=4875 - d/rules: Only use -latomic with the intended architectures, instead of all of them. This matches what was suggested in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907106#5 - d/NEWS.debian: rename d/NEWS.debian to d/NEWS so that dh_installchangelogs can pick it up. dh_installchangelogs handles d/NEWS or d/<package>.NEWS, but not NEWS.debian. - debian/patches/more-gcc-9-fixes.patch: switch to xstrncpy in lib/smblib/smblib-util.c. (LP #1835831) * Dropped: - d/p/fix-rotate-assertion.patch: Fix assertion error when rotating logs. Thanks to Vitaly Lavrov <email address hidden>. (LP #1794553) [Fixed upstream] - debian/patches/413.patch: Fix gcc-9 build issues with upstream merged patch [Fixed upstream] - SECURITY UPDATE: incorrect digest auth parameter parsing + debian/patches/CVE-2019-12525.patch: check length in src/auth/digest/Config.cc. + CVE-2019-12525 [Fixed upstream] - SECURITY UPDATE: buffer overflow in basic auth decoding + debian/patches/CVE-2019-12527.patch: switch to SBuf in src/HttpHeader.cc, src/HttpHeader.h, src/cache_manager.cc, src/clients/FtpGateway.cc. + CVE-2019-12527 [Fixed upstream] - SECURITY UPDATE: basic auth uudecode length issue + debian/patches/CVE-2019-12529.patch: replace uudecode with libnettle base64 decoder in lib/Makefile.*, src/auth/basic/Config.cc, include/uudecode.h, lib/uudecode.c. + CVE-2019-12529 [Fixed upstream] - SECURITY UPDATE: XSS issues in cachemgr.cgi + debian/patches/CVE-2019-13345.patch: properly escape values in tools/cachemgr.cc. + CVE-2019-13345 [Fixed upstream] * Added: - d/t/test-squid.py: test_zz_apparmor(): bail early if securityfs isn't mounted squid (4.8-1) unstable; urgency=high [ Amos Jeffries <email address hidden> ] * New Upstream Release - Fixes security issue SQUID-2019:1 (CVE-2019-12824) - Fixes security issue SQUID-2019:2 (CVE-2019-12529) - Fixes security issue SQUID-2019:3 (CVE-2019-12525) - Fixes security issue SQUID-2019:5 (CVE-2019-12527) - Fixes security issue SQUID-2019:6 (CVE-2019-13345) (Closes: #931478) * debian/control - Bumped Standards-Version to 4.4.0, no change needed * debian/tests/test-squid.py - Skip Apparmor tests when profile not installed -- Andreas Hasenack <email address hidden> Wed, 24 Jul 2019 16:38:59 -0300
Upload details
- Uploaded by:
- Andreas Hasenack
- Uploaded to:
- Eoan
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- web
- Urgency:
- Very Urgent
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
squid_4.8.orig.tar.gz | 4.9 MiB | f8b78efc196b84f08f1b2c21eb832dafc170e4be44d5167586a036fde5956870 |
squid_4.8-1ubuntu1.debian.tar.xz | 40.8 KiB | 6d0d14835bbbdf89fe1cf18a72229b62e47bf2252a0ec1f902c7a2ac32411400 |
squid_4.8-1ubuntu1.dsc | 2.7 KiB | 253f6de9657b055c1b9fbaa37b1a6c5a3347c05f82abf09edcb20fd696aad0e6 |
Available diffs
- diff from 4.6-2ubuntu4 to 4.8-1ubuntu1 (38.9 KiB)
Binary packages built by this source
- squid: No summary available for squid in ubuntu eoan.
No description available for squid in ubuntu eoan.
- squid-cgi: No summary available for squid-cgi in ubuntu eoan.
No description available for squid-cgi in ubuntu eoan.
- squid-cgi-dbgsym: No summary available for squid-cgi-dbgsym in ubuntu eoan.
No description available for squid-cgi-dbgsym in ubuntu eoan.
- squid-common: No summary available for squid-common in ubuntu eoan.
No description available for squid-common in ubuntu eoan.
- squid-dbgsym: No summary available for squid-dbgsym in ubuntu eoan.
No description available for squid-dbgsym in ubuntu eoan.
- squid-purge: No summary available for squid-purge in ubuntu eoan.
No description available for squid-purge in ubuntu eoan.
- squid-purge-dbgsym: No summary available for squid-purge-dbgsym in ubuntu eoan.
No description available for squid-purge-dbgsym in ubuntu eoan.
- squid3: No summary available for squid3 in ubuntu eoan.
No description available for squid3 in ubuntu eoan.
- squidclient: No summary available for squidclient in ubuntu eoan.
No description available for squidclient in ubuntu eoan.
- squidclient-dbgsym: No summary available for squidclient-dbgsym in ubuntu eoan.
No description available for squidclient-dbgsym in ubuntu eoan.