[ubuntu/xenial-proposed] squid3 3.5.12-1ubuntu2 (Accepted)
Ryan Harper
ryan.harper at canonical.com
Wed Mar 30 02:22:01 UTC 2016
squid3 (3.5.12-1ubuntu2) xenial; urgency=medium
* debian/squid.postinst: Fix dist-upgrade of squid by detecting service
name (/etc/init.d/squid vs. squid3).
squid3 (3.5.12-1ubuntu1) xenial; urgency=medium
* Merge from Debian (LP: #1473691). Remaining changes:
- Add dep8 tests.
- Use snakeoil certificates.
- Run sarg-reports if present before rotating logs
- debian/patches/90-cf.data.ubuntu.dpatch: add an example refresh
pattern for debs.
- Add disabled by default AppArmor profile. Versioned dependency on
init-system-helpers (>> 1.22ubuntu5) to ensure we have the
apparmor-profile-load script at boot time.
* Drop changes:
- No longer needed:
+ Upstart job.
+ Dependency package for squid -> squid3: depcrecated; the transitional package now runs the other way.
+ Fix perl & pod2man config.tests.
+ fix-logical-not-parentheses-warning.patch.
+ fix-pod2name-pipe-failure.patch.
+ --disable-strict-error-checking to fix FTBFS.
- NEWS.Debian: no longer relevant.
- Hardening options: deprecated.
- Add patch to show distribution: fixed in Debian (but see
lsb-release B-D).
- Enable parallel build: makes no difference to build time.
- Force -O2 to work around build failure with -O3: presumed no
longer needed.
- Fixed upstream:
+ CVE-2014-3609.patch: confirmed fixed since 3.4.7 from upstream
advisory.
+ Fix various ICMP handling issues in Squid pinger: confirmed
fixed since 3.4.7 from upstream advisory.
+ fix-caching-vary-header.patch.
+ netfilter_fix.patch.
* Drop Testsuite: header from dep8 tests: no longer required since
dpkg-source >= 1.17.11 does it.
* Revert "Set pidfile for systemd's sysv-generator" from Debian.
systemd races the squid daemon for pidfile creation, causing systemd
to consider the service start to have failed. Work around for now by
not telling systemd to use the pidfile.
* Add lsb-release build dep. This is required for the
--enable-build-info line in debian/rules to work correctly.
* Correctly rename conffiles migrated by Debian from squid3 to squid.
* Remove conffile for old upstart job Ubuntu delta.
* Rename Apparmor profile conffile.
* Drop old transitional Apparmor code no longer required.
* Adjust AppArmor profile for squid3->squid rename.
* Drop versioned AppArmor dependency (transitional; no longer
required).
squid3 (3.5.12-1) unstable; urgency=medium
[ Amos Jeffries <amosjeffries at squid-cache.org> ]
* New Upstream Release
* debian/squid.postinst
- remove unneeded config edits for manager ACL (Closes: #801564)
* debian/patches/
- add upstream patch to cleanup FATAL log messages
[ Mathieu Parent ]
* Fix FATAL parsing before start/reload/restart (Closes: #800341)
* Set pidfile for systemd's sysv-generator (Closes: #800341)
squid3 (3.5.10-1) unstable; urgency=high
[ Amos Jeffries <amosjeffries at squid-cache.org> ]
* New Upstream Release (Closes: #799923, #800876)
* debian/squid.rc
- Grok pid_filename from squid.conf (Closes: #520736)
- Update SELinux context when creating directories (Closes: #798827)
[ Luigi Gangitano <luigi at debian.org> ]
- Urgency high due to regression fix for CVE-2015-5400.
squid3 (3.5.7-1) unstable; urgency=medium
[ Amos Jeffries <amosjeffries at squid-cache.org> ]
* New upstream release (Closes: #789602, #793400, #253777)
* debian/rules
- Add BUILDCXXFLAGS to use hardening flags during build
* debian/squid.links
- Add symlink for squid3.8 man(8) page to resolve lintian issue
* debian/squid.postinst
- Remove unnecessary 'squid -z' (Closes: #794639)
[ Luigi Gangitano <luigi at debian.org> ]
* Rebuild using GCC-5 (Closes: #794536)
* debian/squid.postinst
- Check for squid3 initscript before we try to execute it
* debian/squid.rc
- Set working directory to /var/run/squid
squid3 (3.5.6-1) unstable; urgency=medium
[ Amos Jeffries <amosjeffries at squid-cache.org> ]
* New upstream release (Closes: #760303)
- Fixed upstream macro issue that fail to pass reproducible builds test
- Fixes CVE-2015-5400: Improper Protection of Alternate Path
(Closes: #793128)
* Removed deprecated MSNT and MSNT-multi-domain authentication helpers
* Transition squid3 to squid
- Renamed squid3 package to squid (Closes: #521053, #565555, #672156)
(Closes: #294431, #569575, #714334, #279840, #576423, #779127)
- Renamed squid3-common package to squid-common
- Renamed squid3-dbg package to squid-dbg
- Add dummy transitional package squid3
* debian/patches/
- Removed patches included upstream and refresh others
* debian/squid3-cgi.dirs
- Removed old unused packaging file
* debian/control
- Add dependency on libgnutls28-dev for squidclient HTTPS support
[ Luigi Gangitano <luigi at debian.org> ]
* debian/control
- Changed dependency on libecap3-dev (Closes: #789774)
- Made squid-common conflict and replace squid3-common
- Fixed dependencies and sections of transitional packages
* {NEWS,README}.Debian
- Added information on package name migration
squid3 (3.4.8-6) unstable; urgency=medium
[ Luigi Gangitano <luigi at debian.org> ]
* debian/patches/31-squid-3.4-13199.patch
- Added upstream patch fixing excessive CPU usage (Closes: #776461)
* debian/patches/32-squid-3.4-13210.patch
- Added upstream patch fixing excessive CPU and memory usage in
NTLM and Negotiate authentication helpers (Closes: #776463)
* debian/patches/33-squid-3.4-13211.patch
- Added upstream patch fixing a possible replay vulnerability on Digest
authentication (Closes: #776464)
* debian/patches/34-squid-3.4-13213.patch
- Added upstream patch fixing incorrect security permissions for
TOS/DiffServ packet marking (Closes: #776468)
* debian/patches/35-squid-3.4-13203.patch
- Added upstream patch fixing squidclient unable to connect to host with
both IPv4 and IPv6 addresses (Closes: #742425)
squid3 (3.4.8-5) unstable; urgency=medium
[ Luigi Gangitano <luigi at debian.org> ]
* debian/squid3.{pre,post}inst
- Moved ACL manager fix to postinst (Closes: #773032)
squid3 (3.4.8-4) unstable; urgency=medium
[ Luigi Gangitano <luigi at debian.org> ]
* debian/squid3.preinst
- Revert changes on abort-upgrade
squid3 (3.4.8-3) unstable; urgency=medium
[ Amos Jeffries <amosjeffries at squid-cache.org> ]
* debian/squid3.preinst
- Remove obsolete manager ACL definition from squid.conf
when upgrading squid3 package (Closes: #768170)
[ Luigi Gangitano <luigi at debian.org> ]
* debian/squid3.preinst
- Fix configuration file only if needed and match any uncommented line
squid3 (3.4.8-2) unstable; urgency=medium
[ Santiago Garcia Mantinan <manty at debian.org> ]
* Add patch to remove bashisms from cert_tool
* Add manual page for squid-purge
* Create run_dir needed for SMP with several workers to run. This
fixes #710126 (Closes: #732183, #760400)
* Use CONFIG instead of sq (Closes: #763867)
* Remove find_cache_type and use grepconf (both functions were =).
* Allow find_cache_dir and grepconf to have whitespace in the beginning
(Closes: #761209)
* Add config check before reload/restart, thanks Freddy (Closes: #728222)
[ Amos Jeffries <amosjeffries at squid-cache.org> ]
* debian/squid3.postinst
- update grepconf to support SMP macros and sub-config files
when locating cache_dir and effective user/group
* debian/squid3.rc
- remove special handling for obsolete COSS cache type
- change grepconf to support SMP macros and sub-config files
* debian/rules
- add distribution details to squid -v display output
this obsoletes the Ubuntu fix-distribution.patch
* debian/control
- bumped libecap dependency version to 0.2.0-2
* debian/squid3.resolvconf
- added check on /usr availability before squid3 restart (Closes: #765476)
[ Luigi Gangitano <luigi at debian.org> ]
* debian/squid3.rc
- Change config check to config parse on start/reload/restart
* debian/control
- Fixed XS-Vcs-Git Header pointing anonscm.debian.org
squid3 (3.4.8-1) unstable; urgency=high
* Urgency high due to security fixes
[ Amos Jeffries <amosjeffries at squid-cache.org> ]
* New upstream release (Closes: #737008)
- Fixes CVE-2014-6270: off by one in snmp subsystem (Closes: #761002)
- Fixes CVE-2014-CVE-2014-7141 and CVE-214-7142 (Closes: #760999)
+ pinger remote DoS vulnerabilities
- Fixes CVE-2014-0128: Denial of Service in SSL-Bump (Closes: #741312)
* debian/patches/
- remove CVE-2014-3609.patch included upstream
- remove 17-pod2man-check.patch obsoleted by new version
- add upstream patch 21-squid-3.4-13176-memoryleak.patch:
memory leak in external_acl_type helper with cache=0 or ttl=0
* debian/rules
- add --disable-arch-native to build with portable CPU support
* debian/control
- libecap API support is specific to version 0.2.0
- use nettle for crypto library
* debian/watch
- updated watch pattern for upstream major series
* debian/rules
- Remove obsolete --enable-underscores (Closes: #693905)
[ Luigi Gangitano <luigi at debian.org> ]
* debian/patches/
- refreshed all patches to match 3.4.8
* debian/control
- Added dependency for missing intepreter ksh
- Bumped Standard-Version to 3.9.6, no change needed
- Added XS-Vcs-Git Header pointing to Alioth repository
squid3 (3.3.8-1.2) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Add CVE-2014-3609.patch patch.
CVE-2014-3609: Denial of Service in Range header processing.
Ignore Range headers with unidentifiable byte-range values. If squid is
unable to determine the byte value for ranges, treat the header as
invalid. (Closes: #759509)
squid3 (3.3.8-1.1) unstable; urgency=low
* Non-maintainer upload.
* Fix "FTBFS: cp: cannot stat
'/«PKGBUILDDIR»/debian/tmp/usr/share/man/man8/basic_db_auth.8': No
such file or directory":
new patch 17-pod2man-check.patch:
fix config.test files' check for perl and pod2man
(Closes: #725599)
Date: Mon, 28 Mar 2016 11:20:35 -0500
Changed-By: Ryan Harper <ryan.harper at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Serge Hallyn <serge.hallyn at ubuntu.com>
https://launchpad.net/ubuntu/+source/squid3/3.5.12-1ubuntu2
-------------- next part --------------
Format: 1.8
Date: Mon, 28 Mar 2016 11:20:35 -0500
Source: squid3
Binary: squid3 squid squid-dbg squid-common squidclient squid-cgi squid-purge
Architecture: source
Version: 3.5.12-1ubuntu2
Distribution: xenial
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Ryan Harper <ryan.harper at canonical.com>
Description:
squid - Full featured Web Proxy cache (HTTP proxy)
squid-cgi - Full featured Web Proxy cache (HTTP proxy) - control CGI
squid-common - Full featured Web Proxy cache (HTTP proxy) - common files
squid-dbg - Full featured Web Proxy cache (HTTP proxy) - Debug symbols
squid-purge - Full featured Web Proxy cache (HTTP proxy) - control utility
squid3 - Dummy transitional package.
squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility
Closes: 253777 279840 294431 520736 521053 565555 569575 576423 672156 693905 714334 725599 728222 732183 737008 741312 742425 759509 760303 760400 760999 761002 761209 763867 765476 768170 773032 776461 776463 776464 776468 779127 789602 789774 793128 793400 794536 794639 798827 799923 800341 800876 801564
Launchpad-Bugs-Fixed: 1473691
Changes:
squid3 (3.5.12-1ubuntu2) xenial; urgency=medium
.
* debian/squid.postinst: Fix dist-upgrade of squid by detecting service
name (/etc/init.d/squid vs. squid3).
.
squid3 (3.5.12-1ubuntu1) xenial; urgency=medium
.
* Merge from Debian (LP: #1473691). Remaining changes:
- Add dep8 tests.
- Use snakeoil certificates.
- Run sarg-reports if present before rotating logs
- debian/patches/90-cf.data.ubuntu.dpatch: add an example refresh
pattern for debs.
- Add disabled by default AppArmor profile. Versioned dependency on
init-system-helpers (>> 1.22ubuntu5) to ensure we have the
apparmor-profile-load script at boot time.
* Drop changes:
- No longer needed:
+ Upstart job.
+ Dependency package for squid -> squid3: depcrecated; the transitional package now runs the other way.
+ Fix perl & pod2man config.tests.
+ fix-logical-not-parentheses-warning.patch.
+ fix-pod2name-pipe-failure.patch.
+ --disable-strict-error-checking to fix FTBFS.
- NEWS.Debian: no longer relevant.
- Hardening options: deprecated.
- Add patch to show distribution: fixed in Debian (but see
lsb-release B-D).
- Enable parallel build: makes no difference to build time.
- Force -O2 to work around build failure with -O3: presumed no
longer needed.
- Fixed upstream:
+ CVE-2014-3609.patch: confirmed fixed since 3.4.7 from upstream
advisory.
+ Fix various ICMP handling issues in Squid pinger: confirmed
fixed since 3.4.7 from upstream advisory.
+ fix-caching-vary-header.patch.
+ netfilter_fix.patch.
* Drop Testsuite: header from dep8 tests: no longer required since
dpkg-source >= 1.17.11 does it.
* Revert "Set pidfile for systemd's sysv-generator" from Debian.
systemd races the squid daemon for pidfile creation, causing systemd
to consider the service start to have failed. Work around for now by
not telling systemd to use the pidfile.
* Add lsb-release build dep. This is required for the
--enable-build-info line in debian/rules to work correctly.
* Correctly rename conffiles migrated by Debian from squid3 to squid.
* Remove conffile for old upstart job Ubuntu delta.
* Rename Apparmor profile conffile.
* Drop old transitional Apparmor code no longer required.
* Adjust AppArmor profile for squid3->squid rename.
* Drop versioned AppArmor dependency (transitional; no longer
required).
.
squid3 (3.5.12-1) unstable; urgency=medium
.
[ Amos Jeffries <amosjeffries at squid-cache.org> ]
* New Upstream Release
.
* debian/squid.postinst
- remove unneeded config edits for manager ACL (Closes: #801564)
.
* debian/patches/
- add upstream patch to cleanup FATAL log messages
.
[ Mathieu Parent ]
* Fix FATAL parsing before start/reload/restart (Closes: #800341)
* Set pidfile for systemd's sysv-generator (Closes: #800341)
.
squid3 (3.5.10-1) unstable; urgency=high
.
[ Amos Jeffries <amosjeffries at squid-cache.org> ]
* New Upstream Release (Closes: #799923, #800876)
.
* debian/squid.rc
- Grok pid_filename from squid.conf (Closes: #520736)
- Update SELinux context when creating directories (Closes: #798827)
.
[ Luigi Gangitano <luigi at debian.org> ]
- Urgency high due to regression fix for CVE-2015-5400.
.
squid3 (3.5.7-1) unstable; urgency=medium
.
[ Amos Jeffries <amosjeffries at squid-cache.org> ]
* New upstream release (Closes: #789602, #793400, #253777)
.
* debian/rules
- Add BUILDCXXFLAGS to use hardening flags during build
.
* debian/squid.links
- Add symlink for squid3.8 man(8) page to resolve lintian issue
.
* debian/squid.postinst
- Remove unnecessary 'squid -z' (Closes: #794639)
.
[ Luigi Gangitano <luigi at debian.org> ]
* Rebuild using GCC-5 (Closes: #794536)
.
* debian/squid.postinst
- Check for squid3 initscript before we try to execute it
.
* debian/squid.rc
- Set working directory to /var/run/squid
.
squid3 (3.5.6-1) unstable; urgency=medium
.
[ Amos Jeffries <amosjeffries at squid-cache.org> ]
* New upstream release (Closes: #760303)
- Fixed upstream macro issue that fail to pass reproducible builds test
- Fixes CVE-2015-5400: Improper Protection of Alternate Path
(Closes: #793128)
.
* Removed deprecated MSNT and MSNT-multi-domain authentication helpers
.
* Transition squid3 to squid
- Renamed squid3 package to squid (Closes: #521053, #565555, #672156)
(Closes: #294431, #569575, #714334, #279840, #576423, #779127)
- Renamed squid3-common package to squid-common
- Renamed squid3-dbg package to squid-dbg
- Add dummy transitional package squid3
.
* debian/patches/
- Removed patches included upstream and refresh others
.
* debian/squid3-cgi.dirs
- Removed old unused packaging file
.
* debian/control
- Add dependency on libgnutls28-dev for squidclient HTTPS support
.
[ Luigi Gangitano <luigi at debian.org> ]
* debian/control
- Changed dependency on libecap3-dev (Closes: #789774)
- Made squid-common conflict and replace squid3-common
- Fixed dependencies and sections of transitional packages
.
* {NEWS,README}.Debian
- Added information on package name migration
.
squid3 (3.4.8-6) unstable; urgency=medium
.
[ Luigi Gangitano <luigi at debian.org> ]
* debian/patches/31-squid-3.4-13199.patch
- Added upstream patch fixing excessive CPU usage (Closes: #776461)
.
* debian/patches/32-squid-3.4-13210.patch
- Added upstream patch fixing excessive CPU and memory usage in
NTLM and Negotiate authentication helpers (Closes: #776463)
.
* debian/patches/33-squid-3.4-13211.patch
- Added upstream patch fixing a possible replay vulnerability on Digest
authentication (Closes: #776464)
.
* debian/patches/34-squid-3.4-13213.patch
- Added upstream patch fixing incorrect security permissions for
TOS/DiffServ packet marking (Closes: #776468)
.
* debian/patches/35-squid-3.4-13203.patch
- Added upstream patch fixing squidclient unable to connect to host with
both IPv4 and IPv6 addresses (Closes: #742425)
.
squid3 (3.4.8-5) unstable; urgency=medium
.
[ Luigi Gangitano <luigi at debian.org> ]
* debian/squid3.{pre,post}inst
- Moved ACL manager fix to postinst (Closes: #773032)
.
squid3 (3.4.8-4) unstable; urgency=medium
.
[ Luigi Gangitano <luigi at debian.org> ]
* debian/squid3.preinst
- Revert changes on abort-upgrade
.
squid3 (3.4.8-3) unstable; urgency=medium
.
[ Amos Jeffries <amosjeffries at squid-cache.org> ]
* debian/squid3.preinst
- Remove obsolete manager ACL definition from squid.conf
when upgrading squid3 package (Closes: #768170)
.
.
[ Luigi Gangitano <luigi at debian.org> ]
* debian/squid3.preinst
- Fix configuration file only if needed and match any uncommented line
.
squid3 (3.4.8-2) unstable; urgency=medium
.
[ Santiago Garcia Mantinan <manty at debian.org> ]
* Add patch to remove bashisms from cert_tool
* Add manual page for squid-purge
* Create run_dir needed for SMP with several workers to run. This
fixes #710126 (Closes: #732183, #760400)
* Use CONFIG instead of sq (Closes: #763867)
* Remove find_cache_type and use grepconf (both functions were =).
* Allow find_cache_dir and grepconf to have whitespace in the beginning
(Closes: #761209)
* Add config check before reload/restart, thanks Freddy (Closes: #728222)
.
[ Amos Jeffries <amosjeffries at squid-cache.org> ]
* debian/squid3.postinst
- update grepconf to support SMP macros and sub-config files
when locating cache_dir and effective user/group
.
* debian/squid3.rc
- remove special handling for obsolete COSS cache type
- change grepconf to support SMP macros and sub-config files
.
* debian/rules
- add distribution details to squid -v display output
this obsoletes the Ubuntu fix-distribution.patch
.
* debian/control
- bumped libecap dependency version to 0.2.0-2
.
* debian/squid3.resolvconf
- added check on /usr availability before squid3 restart (Closes: #765476)
.
[ Luigi Gangitano <luigi at debian.org> ]
* debian/squid3.rc
- Change config check to config parse on start/reload/restart
.
* debian/control
- Fixed XS-Vcs-Git Header pointing anonscm.debian.org
.
squid3 (3.4.8-1) unstable; urgency=high
.
* Urgency high due to security fixes
.
[ Amos Jeffries <amosjeffries at squid-cache.org> ]
* New upstream release (Closes: #737008)
- Fixes CVE-2014-6270: off by one in snmp subsystem (Closes: #761002)
- Fixes CVE-2014-CVE-2014-7141 and CVE-214-7142 (Closes: #760999)
+ pinger remote DoS vulnerabilities
- Fixes CVE-2014-0128: Denial of Service in SSL-Bump (Closes: #741312)
.
* debian/patches/
- remove CVE-2014-3609.patch included upstream
- remove 17-pod2man-check.patch obsoleted by new version
- add upstream patch 21-squid-3.4-13176-memoryleak.patch:
memory leak in external_acl_type helper with cache=0 or ttl=0
.
* debian/rules
- add --disable-arch-native to build with portable CPU support
.
* debian/control
- libecap API support is specific to version 0.2.0
- use nettle for crypto library
.
* debian/watch
- updated watch pattern for upstream major series
.
* debian/rules
- Remove obsolete --enable-underscores (Closes: #693905)
.
[ Luigi Gangitano <luigi at debian.org> ]
* debian/patches/
- refreshed all patches to match 3.4.8
.
* debian/control
- Added dependency for missing intepreter ksh
- Bumped Standard-Version to 3.9.6, no change needed
- Added XS-Vcs-Git Header pointing to Alioth repository
.
squid3 (3.3.8-1.2) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Add CVE-2014-3609.patch patch.
CVE-2014-3609: Denial of Service in Range header processing.
Ignore Range headers with unidentifiable byte-range values. If squid is
unable to determine the byte value for ranges, treat the header as
invalid. (Closes: #759509)
.
squid3 (3.3.8-1.1) unstable; urgency=low
.
* Non-maintainer upload.
* Fix "FTBFS: cp: cannot stat
'/«PKGBUILDDIR»/debian/tmp/usr/share/man/man8/basic_db_auth.8': No
such file or directory":
new patch 17-pod2man-check.patch:
fix config.test files' check for perl and pod2man
(Closes: #725599)
Checksums-Sha1:
4ba7f5927c576735670369e33ce0ba5bd09d7947 2159 squid3_3.5.12-1ubuntu2.dsc
51a217a1c0a7da7739c69cbb1ccd2bcb4a406147 43496 squid3_3.5.12-1ubuntu2.debian.tar.xz
Checksums-Sha256:
d41e745b5158de74e0136e68199afff6349c4611d9dd57b2315da8980509a54f 2159 squid3_3.5.12-1ubuntu2.dsc
be7410e61c4d81fc7b87fd770762f7f427788aa24acd1ef4a8598dd01f6bfc6d 43496 squid3_3.5.12-1ubuntu2.debian.tar.xz
Files:
f2e06b5c0dcdd6ac1cddd191f1fd299e 2159 web optional squid3_3.5.12-1ubuntu2.dsc
2608e72b38b97fa8d8cadca9287da96d 43496 web optional squid3_3.5.12-1ubuntu2.debian.tar.xz
Original-Maintainer: Luigi Gangitano <luigi at debian.org>
More information about the Xenial-changes
mailing list