enterprise-support team mailing list archive

Thread
Date
[Bug 2064466] [NEW] Merge squid from Debian unstable for oracular

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Bryce Harrington <2064466@xxxxxxxxxxxxxxxxxx>
Date: Wed, 01 May 2024 06:21:44 -0000
Reply-to: Bug 2064466 <2064466@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
Public bug reported:

Upstream: tbd
Debian:   6.9-1    
Ubuntu:   6.6-1ubuntu5


Debian does new releases regularly, so it's likely there will be newer
versions available before FF that we can pick up if this merge is done
later in the cycle.

If it turns out this needs a sync rather than a merge, please change the
tag 'needs-merge' to 'needs-sync', and (optionally) update the title as
desired.

If this merge pulls in a new upstream version, also consider adding an
entry to the Oracular Release Notes:
https://discourse.ubuntu.com/c/release/38


### New Debian Changes ###

squid (6.9-1) unstable; urgency=medium

  [ Amos Jeffries <amosjeffries@xxxxxxxxxxxxxxx> ]
  * New Upstream Release 6.9

 -- Luigi Gangitano <luigi@xxxxxxxxxx>  Tue,  9 Apr 2024 15:04:20 +0200

squid (6.8-1) unstable; urgency=high

  [ Amos Jeffries <amosjeffries@xxxxxxxxxxxxxxx> ]
  * New Upstream Release 6.8
    Fixes: CVE-2024-25111. SQUID-2024:1

  [ Luigi Gangitano <luigi@xxxxxxxxxx> ]
  * debian/control
    - Migrate from pkg-config to pkgconf

 -- Luigi Gangitano <luigi@xxxxxxxxxx>  Mon,  4 Mar 2024 18:04:20 +0100

squid (6.6-1) unstable; urgency=high

  [ Amos Jeffries <amosjeffries@xxxxxxxxxxxxxxx> ]
  * New Upstream Release 6.6
    Fixes: CVE-2023-50269. SQUID-2023:10 (Closes: #1058721)
    Fixes: CVE-2024-23638. SQUID-2023:11

  [ Luigi Gangitano <luigi@xxxxxxxxxx> ]
  * debian/patches/
    - Refreshed patches

  * debian/squid-openssl.dirs
    - Stop creating empty /lib/systemd/system directory (Closes: #1058860)

  * debian/changelog
    - Fixed typo in CVE reference

 -- Luigi Gangitano <luigi@xxxxxxxxxx>  Thu, 18 Jan 2024 13:04:20 +0100

squid (6.5-1) unstable; urgency=high

  [ Amos Jeffries <amosjeffries@xxxxxxxxxxxxxxx> ]
  * New Upstream Release 6.5
    Fixes: CVE-2023-46846. SQUID-2023:1 (Closes: #1054537)
    Fixes: CVE-2023-5824. SQUID-2023:2 (Closes: #1055249)
    Fixes: CVE-2023-46847. SQUID-2023:3 (Closes: #1055250)
    Fixes: CVE-2023-46724. SQUID-2023:4 (Closes: #1055252)
    Fixes: CVE-2023-46848. SQUID-2023:5 (Closes: #1055251)
    Fixes: CVE-2019-18860. SQUID-2023:6
    Fixes: CVE-2023-49285. SQUID-2023:7
    Fixes: CVE-2023-49286. SQUID-2023:8
    Fixes: CVE-2024-25617. SQUID-2024:2

  * Update debian/tests/upstream-test-suite for new version (Closes:
#1053557)

 -- Luigi Gangitano <luigi@xxxxxxxxxx>  Thu,  9 Nov 2023 15:04:20 +0100

squid (6.3-1) unstable; urgency=medium

  [ Amos Jeffries <amosjeffries@xxxxxxxxxxxxxxx> ]
  * New Upstream version 6.3 (Closes: #1049926, #1043505)

  * debian/patches/
    - remove 0007-ftbfs-gnu-hurd.patch integrated upstream

 -- Luigi Gangitano <luigi@xxxxxxxxxx>  Thu, 28 Sep 2023 16:04:20 +0200

squid (6.1-2) unstable; urgency=low

  [ Amos Jeffries <amosjeffries@xxxxxxxxxxxxxxx> ]
  * debian/patches/
   - add 0007-ftbfs-gnu-hurd.patch to fix GNU/Hurd build

 -- Luigi Gangitano <luigi@xxxxxxxxxx>  Thu, 13 Jul 2023 13:04:20 +0200

squid (6.1-1) unstable; urgency=medium

  [ Amos Jeffries <amosjeffries@xxxxxxxxxxxxxxx> ]
  * debian/{control,watch}
    - New Upstream Release

  * debian/patches/
    - refresh for new upstream version
    - add 0006-upstream-807ae4df2164defbb5f59b99282e24010b4a0b85.patch
    - remove 0003-installed-binary-for-debian-ci.patch integrated upstream
    - remove 1f13f721263a4cc75e4b798a230022561047899c.patch integrated upstream
    - remove edad3f150de8af0aeb2f629508be3219b83369b9.patch integrated upstream

  [ Luigi Gangitano <luigi@xxxxxxxxxx> ]
  * debian/patches/
    - add Fordwarded tag

  * debian/control
    - Bumped Standards-Version to 4.6.2, no change needed

 -- Luigi Gangitano <luigi@xxxxxxxxxx>  Mon, 10 Jul 2023 11:04:20 +0200

squid (5.7-2) unstable; urgency=medium

  * Add a couple of upstream picked patches to fix some issues on 5.7
    that upstream has fixed on 5.8.


### Old Ubuntu Delta ###

squid (6.6-1ubuntu5) noble; urgency=medium

  * No-change rebuild for CVE-2024-3094

 -- William Grant <wgrant@xxxxxxxxxx>  Mon, 01 Apr 2024 19:03:50 +1100

squid (6.6-1ubuntu4) noble; urgency=medium

  * SECURITY UPDATE: DoS via chunked decoder uncontrolled recursion bug
    - debian/patches/CVE-2024-25111.patch: fix infinite recursion in
      src/http.cc, src/http.h.
    - CVE-2024-25111

 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Thu, 14 Mar 2024
10:36:04 -0400

squid (6.6-1ubuntu3) noble; urgency=medium

  * No-change rebuild against libcom-err2

 -- Steve Langasek <steve.langasek@xxxxxxxxxx>  Tue, 12 Mar 2024
20:34:17 +0000

squid (6.6-1ubuntu2) noble; urgency=medium

  * No-change rebuild against libssl3t64

 -- Steve Langasek <steve.langasek@xxxxxxxxxx>  Mon, 04 Mar 2024
21:25:34 +0000

squid (6.6-1ubuntu1) noble; urgency=medium

  * Merge with Debian unstable (LP: #2055179). Remaining changes:
    - d/usr.sbin.squid: Add sections for squid-deb-proxy and
      squidguard
    - d/p/90-cf.data.ubuntu.patch: Add refresh patterns for deb
      packaging
    - Use snakeoil certificates:
      + d/control: add ssl-cert to dependencies
      + d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
        to the default config file
    - d/NEWS: drop the NIS basic auth helper (LP #1895694)
    - d/p/0009-Fix-Werror-alloc-size-larger-than-on-GCC-12.patch:
      Fix FTBFS due to -Werror=alloc-size-larger-than on GCC 12.
    - d/rules: halt build upon test failures.
    - d/rules: do not include additional configuration files during
      build time tests. This would lead to test failures due to missing
      paths.
    - d/t/upstream-test-suite: use installed squid binary for
      autopkgtest config file checks.
    - d/p/0010-Fix-Werror-sign-compare-on-GCC-13.patch: fix comparison
      between signed and unsigned values.
    - d/rules: disable LTO related compilation errors for ppc64el builds.
    - d/source_squid.py, d/squid-common.install: Add apport hook
      (LP #676141)
  * Dropped changes:
    - SECURITY UPDATE: denial of service in HTTP request parsing
      - debian/patches/CVE-2023-50269.patch: limit x-forwarded-for hops and log
        limit as error when exceeded in src/ClientRequestContext.h,
        src/client_side_request.cc.
      - CVE-2023-50269
      [ Fixed upstream in 6.6 ]

 -- Athos Ribeiro <athos.ribeiro@xxxxxxxxxxxxx>  Tue, 27 Feb 2024
12:25:05 -0300

** Affects: squid (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: needs-merge upgrade-software-version

** Changed in: squid (Ubuntu)
    Milestone: None => ubuntu-24.07

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to squid in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/2064466

Title:
  Merge squid from Debian unstable for oracular

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squid/+bug/2064466/+subscriptions
Follow ups

[Bug 2064466] Re: Merge squid from Debian unstable for oracular
From: Launchpad Bug Tracker, 2024-07-06