[ubuntu/bionic-proposed] squid3 3.5.27-1ubuntu1 (Accepted)
Andreas Hasenack
andreas at canonical.com
Tue Feb 27 15:15:20 UTC 2018
squid3 (3.5.27-1ubuntu1) bionic; urgency=medium
* Merge with Debian unstable (LP: #1751286). Remaining changes:
- Add additional dep8 tests.
- Use snakeoil certificates.
- Add an example refresh pattern for debs.
- Add disabled by default AppArmor profile.
- Enable autoreconf. This is no longer required for the security updates,
but is needed for the seddery of test-suite/Makefile.am in
d/t/upstream-test-suite.
- Correct attribution and add explanatory note in d/NEWS.debian.
- Drop Conflicts/Replaces of squid against squid3. In Ubuntu, the migration
happened in Xenial, so no upgrade path still requires this code. This
reduces upgrade ordering difficulty.
- Adjust seddery for upstream test squid binary location.
- Revert "Set pidfile for systemd's sysv-generator" from Debian.
- Drop wrong short-circuiting of various invocations; we always want to
call the debhelper block.
- GCC7 FTBFS fixes (LP #1712668):
+ d/rules: don't error when hitting the "deprecated" and
"format-truncation" gcc7 warnings. Upstream 3.5.27 has fixes for these,
but one in Format.cc that affects 32bit builds was deemed too intrusive
for the 3.5 stable series and is only in squid 4.x
* Dropped changes:
- debian/patches/gcc7-squidpurge-4695.patch: GCC 7 build errors.
Thanks to Lubos Uhliarik <luhliari at redhat.com>.
[Already applied upstream]
- debian/patches/gcc7-assert-wants-boolean.patch: assert() takes a
boolean. Thanks to Amos Jeffries <squid3 at treenet.co.nz>
[Already applied upstream]
- SECURITY UPDATE: denial of service in ESI Response processing
+ debian/patches/CVE-2018-1000024.patch: make sure endofName never
exceeds tagEnd in src/esi/CustomParser.cc.
+ CVE-2018-1000024
[Added in 3.5.27-1]
- SECURITY UPDATE: denial of service in in HTTP Message processing
+ debian/patches/CVE-2018-1000027.patch: fix indirect IP logging for
transactions without a client connection in
src/client_side_request.cc.
+ CVE-2018-1000027
[Included in 3.5.27-1]
* Added changes:
- Do not force gcc-6
squid3 (3.5.27-1) unstable; urgency=high
[ Amos Jeffries <amosjeffries at squid-cache.org> ]
* New Upstream Release
* debian/{control,rules}
- Add temporary dependency on gcc-6 and g++-6 to workaround FTBFS in
unstable
* debian/patches/
- Fix security issue SQUID-2018:1 (CVE-2016-1000024) (Closes: #888719)
- Fix security issue SQUID-2018:2 (CVE-2016-1000027) (Closes: #888720)
[ Luigi Gangitano <luigi at debian.org> ]
* debian/control
- Changed priority to optional for squid3 and squid-dbg
- Removed unneeded Build-Dep on autotools-dev
* debian/rules
- Include dpkg-architecture Makefile instead of invoking the binary at
build time
* debian/squid.postinst
- Remove recursive chown calls
Date: Tue, 27 Feb 2018 08:09:21 -0300
Changed-By: Andreas Hasenack <andreas at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/squid3/3.5.27-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 27 Feb 2018 08:09:21 -0300
Source: squid3
Binary: squid3 squid squid-dbg squid-common squidclient squid-cgi squid-purge
Architecture: source
Version: 3.5.27-1ubuntu1
Distribution: bionic
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Andreas Hasenack <andreas at canonical.com>
Description:
squid - Full featured Web Proxy cache (HTTP proxy)
squid-cgi - Full featured Web Proxy cache (HTTP proxy) - control CGI
squid-common - Full featured Web Proxy cache (HTTP proxy) - common files
squid-dbg - Full featured Web Proxy cache (HTTP proxy) - Debug symbols
squid-purge - Full featured Web Proxy cache (HTTP proxy) - control utility
squid3 - Transitional package
squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility
Closes: 888719 888720
Launchpad-Bugs-Fixed: 1751286
Changes:
squid3 (3.5.27-1ubuntu1) bionic; urgency=medium
.
* Merge with Debian unstable (LP: #1751286). Remaining changes:
- Add additional dep8 tests.
- Use snakeoil certificates.
- Add an example refresh pattern for debs.
- Add disabled by default AppArmor profile.
- Enable autoreconf. This is no longer required for the security updates,
but is needed for the seddery of test-suite/Makefile.am in
d/t/upstream-test-suite.
- Correct attribution and add explanatory note in d/NEWS.debian.
- Drop Conflicts/Replaces of squid against squid3. In Ubuntu, the migration
happened in Xenial, so no upgrade path still requires this code. This
reduces upgrade ordering difficulty.
- Adjust seddery for upstream test squid binary location.
- Revert "Set pidfile for systemd's sysv-generator" from Debian.
- Drop wrong short-circuiting of various invocations; we always want to
call the debhelper block.
- GCC7 FTBFS fixes (LP #1712668):
+ d/rules: don't error when hitting the "deprecated" and
"format-truncation" gcc7 warnings. Upstream 3.5.27 has fixes for these,
but one in Format.cc that affects 32bit builds was deemed too intrusive
for the 3.5 stable series and is only in squid 4.x
* Dropped changes:
- debian/patches/gcc7-squidpurge-4695.patch: GCC 7 build errors.
Thanks to Lubos Uhliarik <luhliari at redhat.com>.
[Already applied upstream]
- debian/patches/gcc7-assert-wants-boolean.patch: assert() takes a
boolean. Thanks to Amos Jeffries <squid3 at treenet.co.nz>
[Already applied upstream]
- SECURITY UPDATE: denial of service in ESI Response processing
+ debian/patches/CVE-2018-1000024.patch: make sure endofName never
exceeds tagEnd in src/esi/CustomParser.cc.
+ CVE-2018-1000024
[Added in 3.5.27-1]
- SECURITY UPDATE: denial of service in in HTTP Message processing
+ debian/patches/CVE-2018-1000027.patch: fix indirect IP logging for
transactions without a client connection in
src/client_side_request.cc.
+ CVE-2018-1000027
[Included in 3.5.27-1]
* Added changes:
- Do not force gcc-6
.
squid3 (3.5.27-1) unstable; urgency=high
.
[ Amos Jeffries <amosjeffries at squid-cache.org> ]
* New Upstream Release
.
* debian/{control,rules}
- Add temporary dependency on gcc-6 and g++-6 to workaround FTBFS in
unstable
.
* debian/patches/
- Fix security issue SQUID-2018:1 (CVE-2016-1000024) (Closes: #888719)
- Fix security issue SQUID-2018:2 (CVE-2016-1000027) (Closes: #888720)
.
[ Luigi Gangitano <luigi at debian.org> ]
* debian/control
- Changed priority to optional for squid3 and squid-dbg
- Removed unneeded Build-Dep on autotools-dev
.
* debian/rules
- Include dpkg-architecture Makefile instead of invoking the binary at
build time
.
* debian/squid.postinst
- Remove recursive chown calls
Checksums-Sha1:
7625d76d090e660e651d0724a994368baa0274d9 2091 squid3_3.5.27-1ubuntu1.dsc
0cebb9b7ca832994a1b2b440a5ae653a74bc3084 4837850 squid3_3.5.27.orig.tar.gz
fdea96f5981dd0aab8602fe75df4e4c26d37f75d 48676 squid3_3.5.27-1ubuntu1.debian.tar.xz
1d3378566a8b1d6bfad6107c5429290d88adf2dc 9503 squid3_3.5.27-1ubuntu1_source.buildinfo
Checksums-Sha256:
d7ca4bae4f0ceee50ce840a43a8bac2d34b66dbe8c1cbcac896c4e89a5844927 2091 squid3_3.5.27-1ubuntu1.dsc
f6a5f1272000b1c6365652b35f950fd77d091c14076d61812aecac4e90c73b39 4837850 squid3_3.5.27.orig.tar.gz
2a112f832794917c0b51156b5667e309c4ec82915f335f8b877cc810bd335ac9 48676 squid3_3.5.27-1ubuntu1.debian.tar.xz
bd8179dc2cb9ceb73a38b1bb42b7f82835f7efe10b8aff7e16ec1ea2fff671de 9503 squid3_3.5.27-1ubuntu1_source.buildinfo
Files:
257fa15ad15fc995895ea332f619c802 2091 web optional squid3_3.5.27-1ubuntu1.dsc
97b1407772a53e2670274ac3b5f1d6c8 4837850 web optional squid3_3.5.27.orig.tar.gz
3cc65e0e349d4d2223eee62238441511 48676 web optional squid3_3.5.27-1ubuntu1.debian.tar.xz
69e9a8643bd049fb3e76e10d0f947d23 9503 web optional squid3_3.5.27-1ubuntu1_source.buildinfo
Original-Maintainer: Luigi Gangitano <luigi at debian.org>
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0FAlqVdakWHGFuZHJlYXNAY2Fub25pY2FsLmNvbQAKCRB4Qlmz893C
kDsFAKDvcLlYQmCjko7WHEo9zPjbE8SUBwCgjR1N0U3+0Axdltt3wKrH2hnfwmU=
=mlJ0
-----END PGP SIGNATURE-----
More information about the Bionic-changes
mailing list