enterprise-support team mailing list archive

Thread
Date

[Bug 1971325] Re: Merge squid from Debian unstable for kinetic

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1971325@xxxxxxxxxxxxxxxxxx>
Date: Fri, 12 Aug 2022 11:10:45 -0000
Reply-to: Bug 1971325 <1971325@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

This bug was fixed in the package squid - 5.6-1ubuntu1

---------------
squid (5.6-1ubuntu1) kinetic; urgency=medium

  * Merge with Debian unstable (LP: #1971325). Remaining changes:
    - d/usr.sbin.squid: Add sections for squid-deb-proxy and
      squidguard
    - d/p/90-cf.data.ubuntu.patch: Add refresh patterns for deb
      packaging
    - Use snakeoil certificates:
      + d/control: add ssl-cert to dependencies
      + d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
        to the default config file
    - d/rules, d/NEWS: drop the NIS basic auth helper (LP #1895694)
    - Fix FTBFS with GCC 11 (LP #1939352)
      + d/p/fix-max-pkt-sz-for-icmpEchoData-padding.patch: Fix
        MAX_PKT{4,6}_SZ to account for icmpEchoData padding.
  * Drop changes:
    - Fix FTBFS with OpenSSL 3.0 (LP #1946205).  The following new
      patches have been added:
      + d/p/openssl3-Declaration-of-CRYPTO_EX_dup-changed-again-in-3.0.patch.
      + d/p/openssl3-Detect-and-default-enable-OpenSSL-3.patch.
      + d/p/openssl3-Fix-EVP_PKEY_get0_RSA-is-deprecated.patch.
      + d/p/openssl3-Initial-DH-conversion-to-EVP_PKEY.patch.
      + d/p/openssl3-Refactor-Ssl-createSslPrivateKey.patch.
      + d/p/openssl3-Remove-stale-TODO-and-comment.patch.
      + d/p/openssl3-SSL_OP_-macro-definitions-changed-in-3.0.patch.
      + d/p/openssl3-Switch-to-BN_rand.patch.
      + d/p/openssl3-TODO-Upgrade-API-calls-verifying-loaded-DH-params-fi.patch.
      + d/p/openssl3-Tweak-RSA-key-generator.patch.
      + d/p/openssl3-Update-ECDH-key-settings.patch.
      + d/p/openssl3-Update-license-disclaimer.patch.
      [ Incorporated by Debian. ]
    - SECURITY UPDATE: Denial of Service in Gopher Processing
      + debian/patches/CVE-2021-46784.patch: improve handling of Gopher
        responses in src/gopher.cc.
      [ Incorporated by upstream. ]
    - Fix FTBFS with GCC 11 (LP #1939352)
      + d/p/workaround-gcc11-wstringop-overread-bug.patch: Workaround
        GCC 11 -Wstringop-overread bug.
      [ Not needed anymore. ]
  * Add changes:
    - d/p/0009-Fix-Werror-alloc-size-larger-than-on-GCC-12.patch:
      Fix FTBFS due to -Werror=alloc-size-larger-than on GCC 12.
      [ Forwarded upstream ]

 -- Sergio Durigan Junior <sergio.durigan@xxxxxxxxxxxxx>  Thu, 11 Aug
2022 17:13:45 -0400

** Changed in: squid (Ubuntu)
       Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-46784

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to squid in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1971325

Title:
  Merge squid from Debian unstable for kinetic

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squid/+bug/1971325/+subscriptions

References

[Bug 1971325] [NEW] Merge squid from Debian unstable for kinetic
From: Bryce Harrington, 2022-05-03