Merge squid from Debian unstable for mantic

Bug #2018110 reported by Bryce Harrington
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
squid (Ubuntu)
Fix Released
Undecided
Athos Ribeiro

Bug Description

Scheduled-For: Backlog
Upstream: tbd
Debian: 5.7-1
Ubuntu: 5.7-1ubuntu3

There is nothing yet to merge for squid currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle.

If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired.

### New Debian Changes ###

squid (5.7-1) unstable; urgency=medium

  * Urgency high due to security fixes

  [ Luigi Gangitano <email address hidden> ]
  * New upstream version 5.7

  * Exposure of Sensitive Information in Cache Manager (CVE-2022-41317)
    (Closes: #1020587)
  * Buffer Over Read in SSPI and SMB Authentication (CVE-2022-41318)
    (Closes: #1020586)

  * debian/patches/
    - Removed 0006-Fix-build-against-OpenSSL-3-0.patch integrated upstream

  * debian/control
    - Bumped Standards-Version to 4.6.1, no change needed

  * Using new DH level format. Consequently:
      - debian/compat: removed.
      - debian/control:
          - Changed from 'debhelper' to 'debhelper-compat' in Build-Depends
            field and bumped level to 13.
      - debian/rules:
          - Disable dh_missing
      - Dropped unnecessary dependencies in Build-Depends field.

  * debian/salsa-ci.yml
      - Added to provide CI tests for Salsa

  * debian/upstream/metadata
    - Created upstream metadata file

  * debian/upstream/signing-key.asc
    - Strip extra signatures from upstream key

 -- Luigi Gangitano <email address hidden> Tue, 4 Oct 2022 11:04:20 +0200

squid (5.6-1) unstable; urgency=high

  * Urgency high due to security fixes

  [ Amos Jeffries <email address hidden> ]
  * New Upstream Release
    Fixes: CVE-2021-46784. Denial of Service in Gopher Processing

 -- Luigi Gangitano <email address hidden> Sun, 19 Jun 2022 13:39:54 +0200

squid (5.5-1.1) unstable; urgency=medium

  * Non-maintainer upload.

  [ Nicholas Guriev ]
  * Fixing build against OpenSSL 3.0 (Closes: #1005650, LP: #1946205)

  * debian/rules
    - Do not fail on errors about deprecated declarations from OpenSSL.
    - Remove -Wall in CFLAGS from the debian/rules file since upstream build
      scripts already pass this flag.

  * debian/patches/
    - New 0006-Fix-build-against-OpenSSL-3-0.patch

  [ Simon Deziel ]
  * apparmor: allow reading /etc/ssl/openssl.cnf

 -- Nicholas Guriev <email address hidden> Tue, 31 May 2022 23:13:38 +0300

squid (5.5-1) unstable; urgency=medium

  [ Amos Jeffries <email address hidden> ]
  * New Upstream Release

  * debian/patches/
    - remove upstreamed 0004-Change-default-Makefiles-for-debian.patch

 -- Luigi Gangitano <email address hidden> Fri, 15 Apr 2022 14:39:54 +0200

squid (5.2-1) unstable; urgency=medium

  [ Amos Jeffries <email address hidden> ]
  * New Upstream Release (Closes: #986804, #976131)
    Fixes: CVE-2021-28116. Out-Of-Bounds memory access in WCCPv2
    Fixes: CVE-2021-41611. Improper Certificate Validation of TLS server
    certificates

  [ L.P.H. van Belle <email address hidden> ]
  * debian/rules
    - polish override_dh_installsystemd action to match other sequences

  * debian/NEWS
    - bump version number to make Lintian happy

 -- Luigi Gangitano <email address hidden> Sat, 9 Oct 2021 17:03:54 +0200

squid (5.1-2) unstable; urgency=medium

  [ Amos Jeffries <email address hidden> ]
  * New Upstream Release (Closes: #984351, #943692)

### Old Ubuntu Delta ###

squid (5.7-1ubuntu3) lunar; urgency=medium

  * d/rules:
    - Re-enable LTO for s390x builds. (LP: #2011494)
    - Disable LTO related compilation errors for s390x builds.

 -- Athos Ribeiro <email address hidden> Mon, 13 Mar 2023 21:54:07 -0300

squid (5.7-1ubuntu2) lunar; urgency=medium

  * Make builds fail when upstream test suite fails (LP: #2004050):
    - d/p/series: do not rely on installed binaries for build time tests.
    - d/rules: halt build upon test failures.
    - d/rules: do not include additional configuration files during
      build time tests. This would lead to test failures due to missing
      paths.
    - d/t/upstream-test-suite: use installed squid binary for
      autopkgtest config file checks.
    - d/rules: disable LTO for s390x builds.

 -- Athos Ribeiro <email address hidden> Fri, 27 Jan 2023 11:06:05 -0300

squid (5.7-1ubuntu1) lunar; urgency=medium

  * Merge with Debian unstable (LP: #1993446). Remaining changes:
    - d/usr.sbin.squid: Add sections for squid-deb-proxy and
      squidguard
    - d/p/90-cf.data.ubuntu.patch: Add refresh patterns for deb
      packaging
    - Use snakeoil certificates:
      + d/control: add ssl-cert to dependencies
      + d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
        to the default config file
    - d/rules, d/NEWS: drop the NIS basic auth helper (LP #1895694)
    - d/p/fix-max-pkt-sz-for-icmpEchoData-padding.patch: Adjust
      MAX_PKT{4,6}_SZ to account for icmpEchoData padding, fixing FTBFS
      with GCC 11 (LP #1939352).
    - d/p/0009-Fix-Werror-alloc-size-larger-than-on-GCC-12.patch:
      Fix FTBFS due to -Werror=alloc-size-larger-than on GCC 12.
  * Drop changes:
    - d/t/upstream-test-suite: Also export DEB_*_MAINT_APPEND variables
      here. (LP #1988217)
      [ Not necessary anymore. ]
    - SECURITY UPDATE: Exposure of Sensitive Information in Cache Manager
      - debian/patches/CVE-2022-41317.patch: fix typo in ACL in
        src/cf.data.pre.
      - CVE-2022-41317
      [ Incorporated upstream. ]
    - SECURITY UPDATE: Buffer Over Read in SSPI and SMB Authentication
      - debian/patches/CVE-2022-41318.patch: improve checks in
        lib/ntlmauth/ntlmauth.cc.
      [ Incorporated upstream. ]

 -- Sergio Durigan Junior <email address hidden> Tue, 03 Jan 2023 17:39:52 -0500

Related branches

Bryce Harrington (bryce)
Changed in squid (Ubuntu):
status: New → Incomplete
Changed in squid (Ubuntu):
assignee: nobody → Athos Ribeiro (athos-ribeiro)
Revision history for this message
Bryce Harrington (bryce) wrote :

squid | 5.7-2 | sid
squid | 5.7-1ubuntu3 | mantic

squid (5.7-2) unstable; urgency=medium

  * Add a couple of upstream picked patches to fix some issues on 5.7
    that upstream has fixed on 5.8.

 -- Santiago Garcia Mantinan <email address hidden> Fri, 28 Apr 2023 08:35:27 +0200

Looks like there's a merge available for squid worth looking at.

Changed in squid (Ubuntu):
status: Incomplete → New
Changed in squid (Ubuntu):
milestone: none → ubuntu-23.08
Revision history for this message
Bryce Harrington (bryce) wrote :

squid | 5.7-2 | trixie
squid | 6.1-2 | sid

squid | 5.7-1ubuntu3 | lunar
squid | 5.7-1ubuntu3 | mantic

Btw, I have a fix for LP: #676141 I'd like to get in. I'll try to get an MP up for it soonish.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in squid (Ubuntu):
status: New → Confirmed
Changed in squid (Ubuntu):
status: Confirmed → In Progress
Changed in squid (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package squid - 6.1-2ubuntu1

---------------
squid (6.1-2ubuntu1) mantic; urgency=medium

  * Merge with Debian unstable (LP: #2018110). Remaining changes:
    - d/usr.sbin.squid: Add sections for squid-deb-proxy and
      squidguard
    - d/p/90-cf.data.ubuntu.patch: Add refresh patterns for deb
      packaging
    - Use snakeoil certificates:
      + d/control: add ssl-cert to dependencies
      + d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
        to the default config file
    - d/rules, d/NEWS: drop the NIS basic auth helper (LP #1895694)
    - d/p/0009-Fix-Werror-alloc-size-larger-than-on-GCC-12.patch:
      Fix FTBFS due to -Werror=alloc-size-larger-than on GCC 12.
    - d/rules: halt build upon test failures.
    - d/rules: do not include additional configuration files during
      build time tests. This would lead to test failures due to missing
      paths.
    - d/t/upstream-test-suite: use installed squid binary for
      autopkgtest config file checks.
  * Drop changes:
    - d/p/fix-max-pkt-sz-for-icmpEchoData-padding.patch: Adjust
      MAX_PKT{4,6}_SZ to account for icmpEchoData padding, fixing FTBFS
      with GCC 11 (LP #1939352).
      [ Applied upstream in 6.0.1 ]
    - d/p/series: do not rely on installed binaries for build time tests.
      [ Applied in 6.1-1 ]
    - d/rules: disable LTO related compilation errors for s390x builds.
      [ Fixed in 6.1-1 ]
  * New changes:
    - d/p/0010-Fix-Werror-sign-compare-on-GCC-13.patch: fix comparison
      between signed and unsigned values.
    - d/p/0011-Fix-ftp-support.patch: Fix pure virtual call in
      Ftp::Client constructor leading to problems in FTP support.
    - d/rules: disable LTO related compilation errors for ppc64el builds.
    - d/t/upstream-test-suite: make missing targets for squid 6.

 -- Athos Ribeiro <email address hidden> Tue, 15 Aug 2023 21:51:44 -0300

Changed in squid (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.