enterprise-support team mailing list archive

Thread
Date
[Bug 1971325] [NEW] Merge squid from Debian unstable for kinetic

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Bryce Harrington <1971325@xxxxxxxxxxxxxxxxxx>
Date: Tue, 03 May 2022 07:05:55 -0000
Reply-to: Bug 1971325 <1971325@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
Public bug reported:

Upstream: tbd
Debian:   5.5-1    
Ubuntu:   5.2-1ubuntu4


Debian does new releases regularly, so it's likely there will be newer
versions available before FF that we can pick up if this merge is done
later in the cycle.


### New Debian Changes ###

squid (5.5-1) unstable; urgency=medium

  [ Amos Jeffries <amosjeffries@xxxxxxxxxxxxxxx> ]
  * New Upstream Release

  * debian/patches/
    - remove upstreamed 0004-Change-default-Makefiles-for-debian.patch

 -- Luigi Gangitano <luigi@xxxxxxxxxx>  Fri, 15 Apr 2022 14:39:54 +0200

squid (5.2-1) unstable; urgency=medium

  [ Amos Jeffries <amosjeffries@xxxxxxxxxxxxxxx> ]
  * New Upstream Release (Closes: #986804, #976131)
    Fixes: CVE-2021-28116. Out-Of-Bounds memory access in WCCPv2
    Fixes: CVE-2021-41611. Improper Certificate Validation of TLS server
    certificates

  [ L.P.H. van Belle <belle@xxxxxxxxx> ]
  * debian/rules
    - polish override_dh_installsystemd action to match other sequences

  * debian/NEWS
    - bump version number to make Lintian happy

 -- Luigi Gangitano <luigi@xxxxxxxxxx>  Sat,  9 Oct 2021 17:03:54 +0200

squid (5.1-2) unstable; urgency=medium

  [ Amos Jeffries <amosjeffries@xxxxxxxxxxxxxxx> ]
  * New Upstream Release (Closes: #984351, #943692)

  * debian/control
    - switch build-dep to libtdb-dev. libdb is deprecated
    - Bumped Standards-Version to 4.6.0, no change needed

  * debian/patches/
    - refresh patches for new version
    - fix 0001-Default-configuration-file-for-debian.patch (Closes: #970025)
    - add 0004-Change-default-Makefiles-for-debian.patch
      to fix FTBFS 'cp: cannot create regular file tests/stub_*.cc'

  * debian/rules
    - remove basic_nis_auth helper

  * Drop squid3 upgrade compatibility. Debian has not contained
    a squid3 package for at least two full release cycles.

 -- Luigi Gangitano <luigi@xxxxxxxxxx>  Fri, 17 Sep 2021 09:27:54 +0200

squid (4.13-10) unstable; urgency=medium

  [ Francisco Vilmar Cardoso Ruviaro ]
  * Add debian/patches/0007-CVE-2021-28651.patch to fix a Denial
    of Service in URN processing. (Closes: #988893, CVE-2021-28651)

  [ Santiago Garcia Mantinan ]
  * Add patch to fix a Denial of Service in HTTP Response Processing.
    Fixes: CVE-2021-28662. Closes: #988891.
  * Add patch to fix a Denial of Service issue in Cache Manager.
    Fixes: CVE-2021-28652. Closes: #988892.
  * Add patch to fix Multiple Issues in HTTP Range header.
    Fixes: CVE-2021-31806 CVE-2021-31807 CVE-2021-31808. Closes: #989043.
  * Add patch to fix a Denial of Service in HTTP Response processing.
    Fixes: GHSA-572g-rvwr-6c7f.

 -- Santiago Garcia Mantinan <manty@xxxxxxxxxx>  Fri, 28 May 2021
12:28:20 +0200

squid (4.13-9) unstable; urgency=medium

  * Clarify on NEWS and scripts that we no longer remove logs on purge.
  * Clarify on postrm script that the debhelper code was put manually.
  * Add README.Debian to squid-openssl.

 -- Santiago Garcia Mantinan <manty@xxxxxxxxxx>  Tue, 23 Mar 2021
00:18:11 +0100

squid (4.13-8) unstable; urgency=medium

  * Add SQUID-2020_11.patch to fix HTTP Request Smuggling.
    Fixes: CVE-2020-25097. Closes: #985068.

 -- Santiago Garcia Mantinan <manty@xxxxxxxxxx>  Sun, 21 Mar 2021
00:58:29 +0100

squid (4.13-7) unstable; urgency=medium

  * Add full postrm scripts while we don't solve #984897 on debhelper.
    Closes: #984880.

 -- Santiago Garcia Mantinan <manty@xxxxxxxxxx>  Wed, 10 Mar 2021
09:19:32 +0100

squid (4.13-6) unstable; urgency=medium

  * Stop removing cache and config file on postrm. Closes: #984510.
  * Increase debhelper build dependency to 12.8 as we need that from -5.
  * Add NEWS note on the problem with purge on previous versions.

 -- Santiago Garcia Mantinan <manty@xxxxxxxxxx>  Thu, 04 Mar 2021
14:45:00 +0100

squid (4.13-5) unstable; urgency=high


### Old Ubuntu Delta ###

squid (5.2-1ubuntu4) jammy; urgency=medium

  * Do not enable openssl as a default. This hinders packaging since we ship
    squid in two different flavours (gnutls and openssl). Drop
    d/p/openssl3-Detect-and-default-enable-OpenSSL-3.patch. (LP: #1968200)

 -- Athos Ribeiro <athos.ribeiro@xxxxxxxxxxxxx>  Tue, 12 Apr 2022
23:41:41 -0300

squid (5.2-1ubuntu3) jammy; urgency=medium

  * Fix FTBFS with OpenSSL 3.0 (LP: #1946205).  The following new
    patches have been added:
    - d/p/openssl3-Declaration-of-CRYPTO_EX_dup-changed-again-in-3.0.patch.
    - d/p/openssl3-Detect-and-default-enable-OpenSSL-3.patch.
    - d/p/openssl3-Fix-EVP_PKEY_get0_RSA-is-deprecated.patch.
    - d/p/openssl3-Initial-DH-conversion-to-EVP_PKEY.patch.
    - d/p/openssl3-Refactor-Ssl-createSslPrivateKey.patch.
    - d/p/openssl3-Remove-stale-TODO-and-comment.patch.
    - d/p/openssl3-SSL_OP_-macro-definitions-changed-in-3.0.patch.
    - d/p/openssl3-Switch-to-BN_rand.patch.
    - d/p/openssl3-TODO-Upgrade-API-calls-verifying-loaded-DH-params-fi.patch.
    - d/p/openssl3-Tweak-RSA-key-generator.patch.
    - d/p/openssl3-Update-ECDH-key-settings.patch.
    - d/p/openssl3-Update-license-disclaimer.patch.

 -- Sergio Durigan Junior <sergio.durigan@xxxxxxxxxxxxx>  Tue, 08 Feb
2022 17:15:20 -0500

squid (5.2-1ubuntu2) jammy; urgency=medium

  * No-change rebuild against libssl3

 -- Steve Langasek <steve.langasek@xxxxxxxxxx>  Thu, 09 Dec 2021
00:19:10 +0000

squid (5.2-1ubuntu1) jammy; urgency=medium

  * Merge with Debian unstable (LP: #1946903). Remaining changes:
    - d/usr.sbin.squid: Add sections for squid-deb-proxy and
      squidguard
    - d/p/90-cf.data.ubuntu.patch: Add refresh patterns for deb
      packaging
    - Use snakeoil certificates:
      + d/control: add ssl-cert to dependencies
      + d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
        to the default config file
    - d/rules, d/NEWS: drop the NIS basic auth helper (LP #1895694)
    - Fix FTBFS with GCC 11 (LP #1939352)
      + d/p/expand-max-pkt-sz-accomodate-icmphdr.patch: Expand
        MAX_PKT{4,6}_SZ to accomodate for icmp{,6_}hdr.
      + d/p/workaround-gcc11-wstringop-overread-bug.patch: Workaround
        GCC 11 -Wstringop-overread bug.
  * Dropped changes:
    - d/p/0008-Fix-free-nonheap-object-warning-error-on-snmp_core.c.patch:
      Fix call to free on nonheap-object in snmpCreateOidFromStr
      [ Incorporated by upstream. ]
    - Fix failure to build on RISC-V (LP #1934891)
      [ Incorporated by upstream. ]
    - SECURITY UPDATE: information disclosure via OOB read in WCCP protocol
      + debian/patches/CVE-2021-28116.patch: validate packets better in
        src/wccp2.cc.
      + CVE-2021-28116
      [ Incorporated by upstream. ]
    - Fix FTBFS with GCC 11 (LP #1939352)
      + d/p/replace-cbdata-offset-hack-with-offsetof.patch: Replace
        cbdata::Offset hack with offsetof().
      + d/p/add-missing-limits-include-connmark.patch: Add missing
        <limits> include to src/acl/ConnMark.cc.
      [ Incorporated by upstream.  This is a partial drop; the other
        two patches that compose this fix are still present in this
        release. ]

 -- Sergio Durigan Junior <sergio.durigan@xxxxxxxxxxxxx>  Mon, 01 Nov
2021 18:19:59 -0400

** Affects: squid (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: needs-merge upgrade-software-version

** Changed in: squid (Ubuntu)
    Milestone: None => ubuntu-22.07

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to squid in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1971325

Title:
  Merge squid from Debian unstable for kinetic

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squid/+bug/1971325/+subscriptions
Follow ups

[Bug 1971325] Re: Merge squid from Debian unstable for kinetic
From: Launchpad Bug Tracker, 2022-08-12