[ubuntu/groovy-proposed] squid 4.12-1ubuntu1 (Accepted)

Sergio Durigan Junior sergio.durigan at canonical.com
Wed Aug 12 17:13:11 UTC 2020 

squid (4.12-1ubuntu1) groovy; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/usr.sbin.squid: Add sections for maas-proxy, squid-deb-proxy
      squidguard
    - d/p/90-cf.data.ubuntu.patch: Add an example refresh pattern
      for debs.
    - Use snakeoil certificates:
      + d/control: add ssl-cert to dependencies
      + d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
        to the default config file
  * Dropped changes, not needed anymore:
    - d/rules: Add -Wno-format-truncation to CXXFLAGS as a workaround
      if building for ppc64el. On that arch, dpkg-buildflags sets -O3
      instead of -O2 and that triggers a format-truncation error on
      pcon.cc. See https://bugs.squid-cache.org/show_bug.cgi?id=4875.
      [ Dropped because the build now passes on ppc64el ]
  * Dropped changes, incorporated by Debian:
    - Don't restart squid by hand on postinst script
      + d/squid.postinst: When installing/upgrading squid, the service
        is being restarted manually in the postinst script, which can
        break installations that have the squid apparmor enabled because
        it will try to restart the service before reloading the apparmor
        profile.  There is no reason to restart squid manually, since the
        restart will be automatically performed later.
    - Drop conffile check for squid < 2.7
      + d/squid.postinst: squid 2.7 is long, long gone, so it should be
        safe to drop the postinst code to make sure that
        /etc/squid/squid.conf was properly upgraded.
    - d/tests/test-squid.py: Adjust 'pidfile' variable to reflect fact
      that we now store the pidfile under '/run/squid/'.
  * Added changes:
    - d/p/0007-WCCP-Fix-GCC-10-Wstringop-truncation-failures.patch:
      Fix GCC-10 build failure due to -Wstringop-truncation warning.

squid (4.12-1) unstable; urgency=high

  * Urgency high due to security fixes

  [ Sergio Durigan Junior <sergiodj at debian.org> ]
  * Don't restart squid by hand on postinst script.
    When installing/upgrading squid, the service is being restarted
    manually in the postinst script, which can break installations that
    have the squid apparmor enabled because it will try to restart the
    service before reloading the apparmor profile.
    There is no reason to restart squid manually, since the restart will
    be automatically performed later.

  * Drop conffile check for squid < 2.7
    squid 2.7 is long, long gone, so it should be safe to drop the
    postinst code to make sure that /etc/squid/squid.conf was properly
    upgraded.

  * Fix 'pidfile' on d/t/tests-squid.py.
    The pidfile lives under '/run/squid/', not '/run/'. (Closes: #960327)

  [ Juri Grabowski <debian at jugra.de> ]
  * add gbp.conf for squid

  * New upstream version 4.12
    - Fixes security issue SQUID-2020:5 (CVE-2020-14059)
    - Fixes security issue SQUID-2020:6 (CVE-2020-14058)
    - Fixes security issue SQUID-2020:7 (CVE-2020-15049)

  * remove 0004-upstream-bug5041.patch - Fixed in upstream

  [ Luigi Gangitano <luigi at debian.org> ]

  * Move PID file to /run (Closes: #960819)

Date: Mon, 10 Aug 2020 11:20:46 -0400
Changed-By: Sergio Durigan Junior <sergio.durigan at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Andreas Hasenack <andreas at canonical.com>
https://launchpad.net/ubuntu/+source/squid/4.12-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 10 Aug 2020 11:20:46 -0400
Source: squid
Architecture: source
Version: 4.12-1ubuntu1
Distribution: groovy
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Sergio Durigan Junior <sergio.durigan at canonical.com>
Closes: 960327 960819
Changes:
 squid (4.12-1ubuntu1) groovy; urgency=medium
 .
   * Merge with Debian unstable. Remaining changes:
     - d/usr.sbin.squid: Add sections for maas-proxy, squid-deb-proxy
       squidguard
     - d/p/90-cf.data.ubuntu.patch: Add an example refresh pattern
       for debs.
     - Use snakeoil certificates:
       + d/control: add ssl-cert to dependencies
       + d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
         to the default config file
   * Dropped changes, not needed anymore:
     - d/rules: Add -Wno-format-truncation to CXXFLAGS as a workaround
       if building for ppc64el. On that arch, dpkg-buildflags sets -O3
       instead of -O2 and that triggers a format-truncation error on
       pcon.cc. See https://bugs.squid-cache.org/show_bug.cgi?id=4875.
       [ Dropped because the build now passes on ppc64el ]
   * Dropped changes, incorporated by Debian:
     - Don't restart squid by hand on postinst script
       + d/squid.postinst: When installing/upgrading squid, the service
         is being restarted manually in the postinst script, which can
         break installations that have the squid apparmor enabled because
         it will try to restart the service before reloading the apparmor
         profile.  There is no reason to restart squid manually, since the
         restart will be automatically performed later.
     - Drop conffile check for squid < 2.7
       + d/squid.postinst: squid 2.7 is long, long gone, so it should be
         safe to drop the postinst code to make sure that
         /etc/squid/squid.conf was properly upgraded.
     - d/tests/test-squid.py: Adjust 'pidfile' variable to reflect fact
       that we now store the pidfile under '/run/squid/'.
   * Added changes:
     - d/p/0007-WCCP-Fix-GCC-10-Wstringop-truncation-failures.patch:
       Fix GCC-10 build failure due to -Wstringop-truncation warning.
 .
 squid (4.12-1) unstable; urgency=high
 .
   * Urgency high due to security fixes
 .
   [ Sergio Durigan Junior <sergiodj at debian.org> ]
   * Don't restart squid by hand on postinst script.
     When installing/upgrading squid, the service is being restarted
     manually in the postinst script, which can break installations that
     have the squid apparmor enabled because it will try to restart the
     service before reloading the apparmor profile.
     There is no reason to restart squid manually, since the restart will
     be automatically performed later.
 .
   * Drop conffile check for squid < 2.7
     squid 2.7 is long, long gone, so it should be safe to drop the
     postinst code to make sure that /etc/squid/squid.conf was properly
     upgraded.
 .
   * Fix 'pidfile' on d/t/tests-squid.py.
     The pidfile lives under '/run/squid/', not '/run/'. (Closes: #960327)
 .
   [ Juri Grabowski <debian at jugra.de> ]
   * add gbp.conf for squid
 .
   * New upstream version 4.12
     - Fixes security issue SQUID-2020:5 (CVE-2020-14059)
     - Fixes security issue SQUID-2020:6 (CVE-2020-14058)
     - Fixes security issue SQUID-2020:7 (CVE-2020-15049)
 .
   * remove 0004-upstream-bug5041.patch - Fixed in upstream
 .
   [ Luigi Gangitano <luigi at debian.org> ]
 .
   * Move PID file to /run (Closes: #960819)
Checksums-Sha1:
 aeab1d55d803a851c219af4fef611d9fda5ab6e2 2757 squid_4.12-1ubuntu1.dsc
 316b8a343aa542b5e7469d33b9d726bee00679c6 2450564 squid_4.12.orig.tar.xz
 e95492c089bf24f5aaa0ca9593a8d76e5aabf5b1 45972 squid_4.12-1ubuntu1.debian.tar.xz
 338caa6d75362c1d805a13d86c904be5da3177df 8163 squid_4.12-1ubuntu1_source.buildinfo
Checksums-Sha256:
 004f7284fcdf4dbd3749955f09acd6dcfde901a46517e9f524ccacefa23bbb17 2757 squid_4.12-1ubuntu1.dsc
 f42a03c8b3dc020722c88bf1a87da8cb0c087b2f66b41d8256c77ee1b527e317 2450564 squid_4.12.orig.tar.xz
 68646729d9edf307760a80857d58dbc13094b1bfb3b2c5653277b8bba8de2d86 45972 squid_4.12-1ubuntu1.debian.tar.xz
 5bbaa160f771d8f2b1bf023571535e344ebfca05cb496a9942a32b17bc67bdd3 8163 squid_4.12-1ubuntu1_source.buildinfo
Files:
 8b2d17932b6b0f37380c6c61245e32eb 2757 web optional squid_4.12-1ubuntu1.dsc
 ad7a4a8a0031cae3435717a759173829 2450564 web optional squid_4.12.orig.tar.xz
 4f321c4489348b31005ba0bf95f77f53 45972 web optional squid_4.12-1ubuntu1.debian.tar.xz
 051116ca2b1d1a3437e96c31a948a094 8163 web optional squid_4.12-1ubuntu1_source.buildinfo
Original-Maintainer: Luigi Gangitano <luigi at debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEiGZB1jWM2kalbBxyrJg+tb9ry6kFAl80IwYACgkQrJg+tb9r
y6msRw/7B7TG87y57/wcSKKXJl+6LxND2MbN4jpqEiBFdn6Gu9qufQ3vMlbba4pe
j8BajW5Tj3kck9XeDm5kcUp3E0xzgbzqr0wQ1bRKPXrV0wYmwIppAUkvNjFsvuNs
sfSZ78ztYEdkYm6/2XdXNcxrERt6ankjiJesR1TQc9NrsjZROhlRwHzJKgyM2wi5
qm7dCD1yQ266CcZ3WNunc9P3zT7qXnkrCnCqQjWBFDHmkBchbqpuKzuhKsNRMJBA
/YaTQWD2z/pgAPln+JhwRLxldUUQ3MAZPPHGtTWFdZeoQJL8CdhcuugQl5SMQcat
Kbzt0+byMeqVS5avJq94iYy6pz6DrwczH7GVTf50FCmzLPWreARaFfLoR4djCVyX
MzsGcQtaKnulMuBIw0uVO/bolt8WexB9d20Wqu91DjVw9s1q0iafismR2UW29bJ8
a7j0qgy0mvg3EHuq3TeAEVAR6qnOFKTDC7D0Q2xZ7Vdq436sfTAMdvINUJpAMWa7
RclNuAa6V8AVxXDiCpkJHXoaS7fPJ/JAqOaHPNEbsVx96HjJHN40vb+ZIr5dW0wN
3wWXkKZh6r0YF96B2Pt7bd0utTqNUjmo2tuC/6XYMzjgHCEjyJ6RD6U3wi06PmfF
WJotKegCfByXW79A1P7Y6wAzls87S0lh0ZgJPijQU3AsbBnCTIc=
=5iQD
-----END PGP SIGNATURE-----

More information about the Groovy-changes mailing list