Public bug reported: Scheduled-For: ubuntu-23.01 Upstream: tbd Debian: 5.7-1 Ubuntu: 5.6-1ubuntu3
### New Debian Changes ### squid (5.7-1) unstable; urgency=medium * Urgency high due to security fixes [ Luigi Gangitano <[email protected]> ] * New upstream version 5.7 * Exposure of Sensitive Information in Cache Manager (CVE-2022-41317) (Closes: #1020587) * Buffer Over Read in SSPI and SMB Authentication (CVE-2022-41318) (Closes: #1020586) * debian/patches/ - Removed 0006-Fix-build-against-OpenSSL-3-0.patch integrated upstream * debian/control - Bumped Standards-Version to 4.6.1, no change needed * Using new DH level format. Consequently: - debian/compat: removed. - debian/control: - Changed from 'debhelper' to 'debhelper-compat' in Build-Depends field and bumped level to 13. - debian/rules: - Disable dh_missing - Dropped unnecessary dependencies in Build-Depends field. * debian/salsa-ci.yml - Added to provide CI tests for Salsa * debian/upstream/metadata - Created upstream metadata file * debian/upstream/signing-key.asc - Strip extra signatures from upstream key -- Luigi Gangitano <[email protected]> Tue, 4 Oct 2022 11:04:20 +0200 squid (5.6-1) unstable; urgency=high * Urgency high due to security fixes [ Amos Jeffries <[email protected]> ] * New Upstream Release Fixes: CVE-2021-46784. Denial of Service in Gopher Processing -- Luigi Gangitano <[email protected]> Sun, 19 Jun 2022 13:39:54 +0200 squid (5.5-1.1) unstable; urgency=medium * Non-maintainer upload. [ Nicholas Guriev ] * Fixing build against OpenSSL 3.0 (Closes: #1005650, LP: #1946205) * debian/rules - Do not fail on errors about deprecated declarations from OpenSSL. - Remove -Wall in CFLAGS from the debian/rules file since upstream build scripts already pass this flag. * debian/patches/ - New 0006-Fix-build-against-OpenSSL-3-0.patch [ Simon Deziel ] * apparmor: allow reading /etc/ssl/openssl.cnf -- Nicholas Guriev <[email protected]> Tue, 31 May 2022 23:13:38 +0300 squid (5.5-1) unstable; urgency=medium [ Amos Jeffries <[email protected]> ] * New Upstream Release * debian/patches/ - remove upstreamed 0004-Change-default-Makefiles-for-debian.patch -- Luigi Gangitano <[email protected]> Fri, 15 Apr 2022 14:39:54 +0200 squid (5.2-1) unstable; urgency=medium [ Amos Jeffries <[email protected]> ] * New Upstream Release (Closes: #986804, #976131) Fixes: CVE-2021-28116. Out-Of-Bounds memory access in WCCPv2 Fixes: CVE-2021-41611. Improper Certificate Validation of TLS server certificates [ L.P.H. van Belle <[email protected]> ] * debian/rules - polish override_dh_installsystemd action to match other sequences * debian/NEWS - bump version number to make Lintian happy -- Luigi Gangitano <[email protected]> Sat, 9 Oct 2021 17:03:54 +0200 squid (5.1-2) unstable; urgency=medium [ Amos Jeffries <[email protected]> ] * New Upstream Release (Closes: #984351, #943692) ### Old Ubuntu Delta ### squid (5.6-1ubuntu3) kinetic; urgency=medium * SECURITY UPDATE: Exposure of Sensitive Information in Cache Manager - debian/patches/CVE-2022-41317.patch: fix typo in ACL in src/cf.data.pre. - CVE-2022-41317 * SECURITY UPDATE: Buffer Over Read in SSPI and SMB Authentication - debian/patches/CVE-2022-41318.patch: improve checks in lib/ntlmauth/ntlmauth.cc. - CVE-2022-41318 -- Marc Deslauriers <[email protected]> Fri, 23 Sep 2022 08:02:41 -0400 squid (5.6-1ubuntu2) kinetic; urgency=medium * d/t/upstream-test-suite: Also export DEB_*_MAINT_APPEND variables here. (LP: #1988217) -- Sergio Durigan Junior <[email protected]> Tue, 30 Aug 2022 19:32:59 -0400 squid (5.6-1ubuntu1) kinetic; urgency=medium * Merge with Debian unstable (LP: #1971325). Remaining changes: - d/usr.sbin.squid: Add sections for squid-deb-proxy and squidguard - d/p/90-cf.data.ubuntu.patch: Add refresh patterns for deb packaging - Use snakeoil certificates: + d/control: add ssl-cert to dependencies + d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl to the default config file - d/rules, d/NEWS: drop the NIS basic auth helper (LP #1895694) - Fix FTBFS with GCC 11 (LP #1939352) + d/p/fix-max-pkt-sz-for-icmpEchoData-padding.patch: Fix MAX_PKT{4,6}_SZ to account for icmpEchoData padding. * Drop changes: - Fix FTBFS with OpenSSL 3.0 (LP #1946205). The following new patches have been added: + d/p/openssl3-Declaration-of-CRYPTO_EX_dup-changed-again-in-3.0.patch. + d/p/openssl3-Detect-and-default-enable-OpenSSL-3.patch. + d/p/openssl3-Fix-EVP_PKEY_get0_RSA-is-deprecated.patch. + d/p/openssl3-Initial-DH-conversion-to-EVP_PKEY.patch. + d/p/openssl3-Refactor-Ssl-createSslPrivateKey.patch. + d/p/openssl3-Remove-stale-TODO-and-comment.patch. + d/p/openssl3-SSL_OP_-macro-definitions-changed-in-3.0.patch. + d/p/openssl3-Switch-to-BN_rand.patch. + d/p/openssl3-TODO-Upgrade-API-calls-verifying-loaded-DH-params-fi.patch. + d/p/openssl3-Tweak-RSA-key-generator.patch. + d/p/openssl3-Update-ECDH-key-settings.patch. + d/p/openssl3-Update-license-disclaimer.patch. [ Incorporated by Debian. ] - SECURITY UPDATE: Denial of Service in Gopher Processing + debian/patches/CVE-2021-46784.patch: improve handling of Gopher responses in src/gopher.cc. [ Incorporated by upstream. ] - Fix FTBFS with GCC 11 (LP #1939352) + d/p/workaround-gcc11-wstringop-overread-bug.patch: Workaround GCC 11 -Wstringop-overread bug. [ Not needed anymore. ] * Add changes: - d/p/0009-Fix-Werror-alloc-size-larger-than-on-GCC-12.patch: Fix FTBFS due to -Werror=alloc-size-larger-than on GCC 12. [ Forwarded upstream ] -- Sergio Durigan Junior <[email protected]> Thu, 11 Aug 2022 17:13:45 -0400 ** Affects: squid (Ubuntu) Importance: Undecided Status: New ** Tags: needs-merge upgrade-software-version -- You received this bug notification because you are a member of Ubuntu Server/Client Support Team, which is subscribed to squid in Ubuntu. Matching subscriptions: Ubuntu Server/Client Support Team https://bugs.launchpad.net/bugs/1993446 Title: Merge squid from Debian unstable for l-series To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid/+bug/1993446/+subscriptions -- Mailing list: https://launchpad.net/~enterprise-support Post to : [email protected] Unsubscribe : https://launchpad.net/~enterprise-support More help : https://help.launchpad.net/ListHelp
