Dropped squid transitional package blocks -proposed migration

Bug #1211942 reported by Robie Basak on 2013-08-13
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
squid3 (Ubuntu)
High
Unassigned
Saucy
High
Unassigned

Bug Description

From the changelog for 3.3.4-1ubuntu1:

  * Dropped:
[...]
    - debian/control: Dropped transitional packages from squid, no
      longer required.

Doing this makes sqcwa and squid-prefetch uninstallable in saucy, since they depend on "squid". This is preventing migration of 3.3.4-1ubuntu1 to saucy. See: http://people.canonical.com/~ubuntu-archive/proposed-migration/update_output.txt

It seems to me that we still need the "squid" transitional package, and am not sure of the reasoning that it is no longer required.

CVE References

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package squid3 - 3.3.8-1ubuntu1

---------------
squid3 (3.3.8-1ubuntu1) saucy; urgency=low

  * Merge from Debian unstable, remaining changes:
    + debian/control:
      - Update maintainer.
      - Suggests apparmor (>= 2.3)
      - Depends on ssl-cert ((>= 1.0-11ubuntu1), autopkgtests
    + debian/squid3.upstart
      - Move ulimit command to script section so that it applies
        to the started squid daemon. Thanks to Timur Irmatov (LP: 986159)
      - Work around squid not handling SIGHUP by adding respawn to
        upstart job. (LP: 978356)
    + debian/NEWS.Debian: Rename NEWS.debian, add note regarding squid3
      transition in 12.04 (LP: 924739)
    + debian/rules
      - Re-enable all hardening options lost in the squid->squid3
        transition (LP: 986314)
    + squid3.resolvconf, debian/squid3.postinst, debian/squid3.postrm,
      debian/squid3.preinst, debian/squid3.prerm:
      - Convert init script to upstart
    + debian/patches/99-ubuntu-ssl-cert-snakeoil:
      - Use snakeoil certificates.
    + debian/logrotate
      - Use sar-reports rather than sarg-maint. (LP: 26616)
    + debian/patches/90-cf.data.ubuntu.dpatch:
      - Add an example refresh pattern for debs.
        (foundations-lucid-local-report spec)
    + Add disabled by default AppArmor profile (LP: 497790)
      - debian/squid3.upstart: load profile in pre-start stanza
      - add debian/usr.sbin.squid3 profile
      - debian/rules:
        + install debian/usr.sbin.squid3, etc/apparmor.d/force-complain and
          etc/apparmor.d/disable into $(INSTALLDIR)
        + use dh_apparmor
      - debian/squid3.install: install etc/apparmor.d/disable, force-complain
        and usr.sbin.squid3
      - debian/squid3.preinst: disable profile on clean install or upgrades
        from earlier than when we shipped the profile
    + debian/tests:
      - Add autopkgtests.
  * d/control: Add dependency package for squid -> squid3 (LP: #1211942).
  * d/control: Add dh-apparmor to BD's.

squid3 (3.3.8-1) unstable; urgency=high

  * Urgency high due to security fixes

  * New upstream release
    - Fixes security issues (Closes: #716743)
      + Buffer overflow in HTTP request handling (Ref: SQUID-2013:2,
        CVE-2013-4115)
      + DoS in request processing (Ref: SQUID-2013:3, CVE-2013-4123)
    - Includes PNG image used in error pages, with new copyright assignement
      (Closes: #683255)

  * Added /var/run/squid3 dir to host sockets in SMP configuration
    (Closes: #710126)

  * debian/control
    - Bumped Standard-Version to 3.9.4, no change needed
 -- James Page <email address hidden> Wed, 14 Aug 2013 09:03:55 +0100

Changed in squid3 (Ubuntu Saucy):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers