[ubuntu/noble-proposed] squid 6.5-1ubuntu1 (Accepted)

Athos Ribeiro athos.ribeiro at canonical.com
Wed Dec 13 20:25:11 UTC 2023 

squid (6.5-1ubuntu1) noble; urgency=medium

  * Merge with Debian unstable (LP: #2040426). Remaining changes:
    - d/usr.sbin.squid: Add sections for squid-deb-proxy and
      squidguard
    - d/p/90-cf.data.ubuntu.patch: Add refresh patterns for deb
      packaging
    - Use snakeoil certificates:
      + d/control: add ssl-cert to dependencies
      + d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
        to the default config file
    - d/NEWS: drop the NIS basic auth helper (LP #1895694)
    - d/p/0009-Fix-Werror-alloc-size-larger-than-on-GCC-12.patch:
      Fix FTBFS due to -Werror=alloc-size-larger-than on GCC 12.
    - d/rules: halt build upon test failures.
    - d/rules: do not include additional configuration files during
      build time tests. This would lead to test failures due to missing
      paths.
    - d/t/upstream-test-suite: use installed squid binary for
      autopkgtest config file checks.
    - d/p/0010-Fix-Werror-sign-compare-on-GCC-13.patch: fix comparison
      between signed and unsigned values.
    - d/rules: disable LTO related compilation errors for ppc64el builds.
  * Dropped changes:
    - d/t/upstream-test-suite: make missing targets for squid 6.
      [ Fixed in Debian in 6.5-1 ]
    - d/p/0011-Fix-ftp-support.patch: Fix pure virtual call in
      Ftp::Client constructor leading to problems in FTP support.
      [ Fixed upstream in 6.2 ]
    - SECURITY UPDATE: DoS against certificate validation
      + debian/patches/CVE-2023-46724.patch: fix validation of certificates
        with CN=* in src/anyp/Uri.cc.
      + CVE-2023-46724
      [ Fixed in Debian in 6.5-1 ]
    - SECURITY UPDATE: HTTP request smuggling, caused by chunked decoder
      lenience
      + debian/patches/CVE-2023-46846.patch: improve HTTP chunked encoding
        compliance in src/http/one/Parser.cc, src/http/one/Parser.h,
        src/http/one/TeChunkedParser.cc, src/parser/Tokenizer.cc,
        src/parser/Tokenizer.h.
      + CVE-2023-46846
      [ Fixed in Debian in 6.5-1 ]
    - SECURITY UPDATE: DoS via HTTP Digest Authentication
      + debian/patches/CVE-2023-46847.patch: fix stack buffer overflow when
        parsing Digest Authorization in src/auth/digest/Config.cc.
      + CVE-2023-46847
      [ Fixed in Debian in 6.5-1 ]
    - SECURITY UPDATE: DoS via ftp:// URLs
      + debian/patches/CVE-2023-46848.patch: fix userinfo percent-encoding in
        src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.cc,
        src/anyp/Uri.cc.
      + CVE-2023-46848
      [ Fixed in Debian in 6.5-1 ]

Date: Tue, 12 Dec 2023 12:05:40 -0300
Changed-By: Athos Ribeiro <athos.ribeiro at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/squid/6.5-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 12 Dec 2023 12:05:40 -0300
Source: squid
Built-For-Profiles: noudeb
Architecture: source
Version: 6.5-1ubuntu1
Distribution: noble
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Athos Ribeiro <athos.ribeiro at canonical.com>
Launchpad-Bugs-Fixed: 2040426
Changes:
 squid (6.5-1ubuntu1) noble; urgency=medium
 .
   * Merge with Debian unstable (LP: #2040426). Remaining changes:
     - d/usr.sbin.squid: Add sections for squid-deb-proxy and
       squidguard
     - d/p/90-cf.data.ubuntu.patch: Add refresh patterns for deb
       packaging
     - Use snakeoil certificates:
       + d/control: add ssl-cert to dependencies
       + d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
         to the default config file
     - d/NEWS: drop the NIS basic auth helper (LP #1895694)
     - d/p/0009-Fix-Werror-alloc-size-larger-than-on-GCC-12.patch:
       Fix FTBFS due to -Werror=alloc-size-larger-than on GCC 12.
     - d/rules: halt build upon test failures.
     - d/rules: do not include additional configuration files during
       build time tests. This would lead to test failures due to missing
       paths.
     - d/t/upstream-test-suite: use installed squid binary for
       autopkgtest config file checks.
     - d/p/0010-Fix-Werror-sign-compare-on-GCC-13.patch: fix comparison
       between signed and unsigned values.
     - d/rules: disable LTO related compilation errors for ppc64el builds.
   * Dropped changes:
     - d/t/upstream-test-suite: make missing targets for squid 6.
       [ Fixed in Debian in 6.5-1 ]
     - d/p/0011-Fix-ftp-support.patch: Fix pure virtual call in
       Ftp::Client constructor leading to problems in FTP support.
       [ Fixed upstream in 6.2 ]
     - SECURITY UPDATE: DoS against certificate validation
       + debian/patches/CVE-2023-46724.patch: fix validation of certificates
         with CN=* in src/anyp/Uri.cc.
       + CVE-2023-46724
       [ Fixed in Debian in 6.5-1 ]
     - SECURITY UPDATE: HTTP request smuggling, caused by chunked decoder
       lenience
       + debian/patches/CVE-2023-46846.patch: improve HTTP chunked encoding
         compliance in src/http/one/Parser.cc, src/http/one/Parser.h,
         src/http/one/TeChunkedParser.cc, src/parser/Tokenizer.cc,
         src/parser/Tokenizer.h.
       + CVE-2023-46846
       [ Fixed in Debian in 6.5-1 ]
     - SECURITY UPDATE: DoS via HTTP Digest Authentication
       + debian/patches/CVE-2023-46847.patch: fix stack buffer overflow when
         parsing Digest Authorization in src/auth/digest/Config.cc.
       + CVE-2023-46847
       [ Fixed in Debian in 6.5-1 ]
     - SECURITY UPDATE: DoS via ftp:// URLs
       + debian/patches/CVE-2023-46848.patch: fix userinfo percent-encoding in
         src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.cc,
         src/anyp/Uri.cc.
       + CVE-2023-46848
       [ Fixed in Debian in 6.5-1 ]
Checksums-Sha1:
 93fdcd910130e3bea0d0166a7b229e60ebe1bbe7 3067 squid_6.5-1ubuntu1.dsc
 07a08394625948750264778c82e19cf24ea7cb1f 2554492 squid_6.5.orig.tar.xz
 f63fc50c12097db110213552d011d65927e20fa7 1193 squid_6.5.orig.tar.xz.asc
 700fd563c4f40b564eaae28f8734b5f9296185d4 51220 squid_6.5-1ubuntu1.debian.tar.xz
 5529027e857abed190e36aa33e573c7faed509bf 7900 squid_6.5-1ubuntu1_source.buildinfo
Checksums-Sha256:
 4822f31a3cf0aa7cccc4023d60905d26ea9eba701c35db257d0e833d39276139 3067 squid_6.5-1ubuntu1.dsc
 5070f8a3ae6666870c8fc716326befb0a1abe8b5ff3a6f3932cbc5543d7c8549 2554492 squid_6.5.orig.tar.xz
 a6b2da4f95c3d968a17dc567273835b2300fff0acd71d339f6eb52e0da3d6b17 1193 squid_6.5.orig.tar.xz.asc
 e45e8535fa0ae06a19326fceaa6f47df45bf8c8ff1616923a77f58456545ab8a 51220 squid_6.5-1ubuntu1.debian.tar.xz
 e27639c434b753726ae7c2b1884a29e760eae3ddaabc1de549f259f603c3f088 7900 squid_6.5-1ubuntu1_source.buildinfo
Files:
 8b408eae02cd00c5eca81f2bbe214757 3067 web optional squid_6.5-1ubuntu1.dsc
 da2797d899cf538fab7f504fdf3c18bf 2554492 web optional squid_6.5.orig.tar.xz
 ed2de0539e6859f67d5388b6fff63f1a 1193 web optional squid_6.5.orig.tar.xz.asc
 ed92ccc11316285c440d4a9aceef3a06 51220 web optional squid_6.5-1ubuntu1.debian.tar.xz
 6111fc8136415f98d3f32f344ac14975 7900 web optional squid_6.5-1ubuntu1_source.buildinfo
Original-Maintainer: Luigi Gangitano <luigi at debian.org>
Vcs-Git: https://git.launchpad.net/~athos-ribeiro/ubuntu/+source/squid
Vcs-Git-Commit: 947b36b6397935ec323a778f5eace4aec547197d
Vcs-Git-Ref: refs/heads/merge-lp2040426-noble

More information about the noble-changes mailing list