[ubuntu/eoan-proposed] squid 4.8-1ubuntu1 (Accepted)
Andreas Hasenack
andreas at canonical.com
Thu Aug 1 12:16:13 UTC 2019
squid (4.8-1ubuntu1) eoan; urgency=medium
* Merge with Debian unstable. Remaining changes:
- Use snakeoil certificates.
- Add an example refresh pattern for debs.
- d/usr.sbin.squid: Add sections for maas-proxy, squid-deb-proxy,
squidguard
- d/rules: Add -Wno-format-truncation to CXXFLAGS as a workaround if
building for ppc64el. On that arch, dpkg-buildflags sets -O3 instead of
-O2 and that triggers a format-truncation error on pcon.cc. See
See https://bugs.squid-cache.org/show_bug.cgi?id=4875
- d/rules: Only use -latomic with the intended architectures, instead of
all of them. This matches what was suggested in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907106#5
- d/NEWS.debian: rename d/NEWS.debian to d/NEWS so that
dh_installchangelogs can pick it up. dh_installchangelogs handles
d/NEWS or d/<package>.NEWS, but not NEWS.debian.
- debian/patches/more-gcc-9-fixes.patch: switch to xstrncpy in
lib/smblib/smblib-util.c. (LP #1835831)
* Dropped:
- d/p/fix-rotate-assertion.patch: Fix assertion error when rotating logs.
Thanks to Vitaly Lavrov <vel21ripn at gmail.com>. (LP #1794553)
[Fixed upstream]
- debian/patches/413.patch: Fix gcc-9 build issues with upstream merged
patch
[Fixed upstream]
- SECURITY UPDATE: incorrect digest auth parameter parsing
+ debian/patches/CVE-2019-12525.patch: check length in
src/auth/digest/Config.cc.
+ CVE-2019-12525
[Fixed upstream]
- SECURITY UPDATE: buffer overflow in basic auth decoding
+ debian/patches/CVE-2019-12527.patch: switch to SBuf in
src/HttpHeader.cc, src/HttpHeader.h, src/cache_manager.cc,
src/clients/FtpGateway.cc.
+ CVE-2019-12527
[Fixed upstream]
- SECURITY UPDATE: basic auth uudecode length issue
+ debian/patches/CVE-2019-12529.patch: replace uudecode with libnettle
base64 decoder in lib/Makefile.*, src/auth/basic/Config.cc,
include/uudecode.h, lib/uudecode.c.
+ CVE-2019-12529
[Fixed upstream]
- SECURITY UPDATE: XSS issues in cachemgr.cgi
+ debian/patches/CVE-2019-13345.patch: properly escape values in
tools/cachemgr.cc.
+ CVE-2019-13345
[Fixed upstream]
* Added:
- d/t/test-squid.py: test_zz_apparmor(): bail early if securityfs isn't
mounted
squid (4.8-1) unstable; urgency=high
[ Amos Jeffries <amosjeffries at squid-cache.org> ]
* New Upstream Release
- Fixes security issue SQUID-2019:1 (CVE-2019-12824)
- Fixes security issue SQUID-2019:2 (CVE-2019-12529)
- Fixes security issue SQUID-2019:3 (CVE-2019-12525)
- Fixes security issue SQUID-2019:5 (CVE-2019-12527)
- Fixes security issue SQUID-2019:6 (CVE-2019-13345) (Closes: #931478)
* debian/control
- Bumped Standards-Version to 4.4.0, no change needed
* debian/tests/test-squid.py
- Skip Apparmor tests when profile not installed
Date: Wed, 24 Jul 2019 16:38:59 -0300
Changed-By: Andreas Hasenack <andreas at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/squid/4.8-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 24 Jul 2019 16:38:59 -0300
Source: squid
Architecture: source
Version: 4.8-1ubuntu1
Distribution: eoan
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Andreas Hasenack <andreas at canonical.com>
Closes: 931478
Changes:
squid (4.8-1ubuntu1) eoan; urgency=medium
.
* Merge with Debian unstable. Remaining changes:
- Use snakeoil certificates.
- Add an example refresh pattern for debs.
- d/usr.sbin.squid: Add sections for maas-proxy, squid-deb-proxy,
squidguard
- d/rules: Add -Wno-format-truncation to CXXFLAGS as a workaround if
building for ppc64el. On that arch, dpkg-buildflags sets -O3 instead of
-O2 and that triggers a format-truncation error on pcon.cc. See
See https://bugs.squid-cache.org/show_bug.cgi?id=4875
- d/rules: Only use -latomic with the intended architectures, instead of
all of them. This matches what was suggested in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907106#5
- d/NEWS.debian: rename d/NEWS.debian to d/NEWS so that
dh_installchangelogs can pick it up. dh_installchangelogs handles
d/NEWS or d/<package>.NEWS, but not NEWS.debian.
- debian/patches/more-gcc-9-fixes.patch: switch to xstrncpy in
lib/smblib/smblib-util.c. (LP #1835831)
* Dropped:
- d/p/fix-rotate-assertion.patch: Fix assertion error when rotating logs.
Thanks to Vitaly Lavrov <vel21ripn at gmail.com>. (LP #1794553)
[Fixed upstream]
- debian/patches/413.patch: Fix gcc-9 build issues with upstream merged
patch
[Fixed upstream]
- SECURITY UPDATE: incorrect digest auth parameter parsing
+ debian/patches/CVE-2019-12525.patch: check length in
src/auth/digest/Config.cc.
+ CVE-2019-12525
[Fixed upstream]
- SECURITY UPDATE: buffer overflow in basic auth decoding
+ debian/patches/CVE-2019-12527.patch: switch to SBuf in
src/HttpHeader.cc, src/HttpHeader.h, src/cache_manager.cc,
src/clients/FtpGateway.cc.
+ CVE-2019-12527
[Fixed upstream]
- SECURITY UPDATE: basic auth uudecode length issue
+ debian/patches/CVE-2019-12529.patch: replace uudecode with libnettle
base64 decoder in lib/Makefile.*, src/auth/basic/Config.cc,
include/uudecode.h, lib/uudecode.c.
+ CVE-2019-12529
[Fixed upstream]
- SECURITY UPDATE: XSS issues in cachemgr.cgi
+ debian/patches/CVE-2019-13345.patch: properly escape values in
tools/cachemgr.cc.
+ CVE-2019-13345
[Fixed upstream]
* Added:
- d/t/test-squid.py: test_zz_apparmor(): bail early if securityfs isn't
mounted
.
squid (4.8-1) unstable; urgency=high
.
[ Amos Jeffries <amosjeffries at squid-cache.org> ]
* New Upstream Release
- Fixes security issue SQUID-2019:1 (CVE-2019-12824)
- Fixes security issue SQUID-2019:2 (CVE-2019-12529)
- Fixes security issue SQUID-2019:3 (CVE-2019-12525)
- Fixes security issue SQUID-2019:5 (CVE-2019-12527)
- Fixes security issue SQUID-2019:6 (CVE-2019-13345) (Closes: #931478)
.
* debian/control
- Bumped Standards-Version to 4.4.0, no change needed
.
* debian/tests/test-squid.py
- Skip Apparmor tests when profile not installed
Checksums-Sha1:
6c1b9490cdd066a9d0784b5600c57b4374cb341c 2762 squid_4.8-1ubuntu1.dsc
221d63cdabe043e633ff3afefb17db6ace55d10b 5176673 squid_4.8.orig.tar.gz
c209ee9b2cbf9a337d773e260cfb9dfee131d771 41764 squid_4.8-1ubuntu1.debian.tar.xz
141a626194b4d8577e04af158082b16ce3e997e1 8568 squid_4.8-1ubuntu1_source.buildinfo
Checksums-Sha256:
253f6de9657b055c1b9fbaa37b1a6c5a3347c05f82abf09edcb20fd696aad0e6 2762 squid_4.8-1ubuntu1.dsc
f8b78efc196b84f08f1b2c21eb832dafc170e4be44d5167586a036fde5956870 5176673 squid_4.8.orig.tar.gz
6d0d14835bbbdf89fe1cf18a72229b62e47bf2252a0ec1f902c7a2ac32411400 41764 squid_4.8-1ubuntu1.debian.tar.xz
7fd784912eff4aa78e84045ae3d57c92a8572edb1cfcff93d332a869fefb5e56 8568 squid_4.8-1ubuntu1_source.buildinfo
Files:
12229acede0995c25e9f7b658ca9aa41 2762 web optional squid_4.8-1ubuntu1.dsc
46005af2d8f09bf32cf99fee529718dd 5176673 web optional squid_4.8.orig.tar.gz
074c1b3a352e01e832d037fb6149d808 41764 web optional squid_4.8-1ubuntu1.debian.tar.xz
d68dd975d77b2ca5c0a24113c98ffaa7 8568 web optional squid_4.8-1ubuntu1_source.buildinfo
Original-Maintainer: Luigi Gangitano <luigi at debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEiGZB1jWM2kalbBxyrJg+tb9ry6kFAl1C16MACgkQrJg+tb9r
y6lU2Q/8DGjTbeytXCM1aBNPjqqNcHn5BYrTLxL41yIjSY0cw40965mfFU3OKtUf
UMYVXkZmNsGhgXjazmtaPAQZFnJ7+rA7dPr1z8ZazDowGglEWol8gfntuVAeVykb
v5smIHU2PcyKBH1cWkDO4EHuNzXOmEAuIj377SrXEM2OEW3p1sUfUEaU7MWYk1YG
C6Oo9QRFUkJ7q3TaV3c/0qTt7q2soThaHat7FRO4N/WiaWVKKBOtYv1zBttb1zej
8arhsjwVibzRDOAHG2XQeDG6pQIQ1arDgBKyh6Q7Nsn1xtj8t21XVZ3LZ0FVz16b
dyK27AKP2cj5/0uPJGjVxxpMlxy2Nj5FtqMjuPSrJk7QEkNd9xNrTs1vKm2xRLNE
j+I3oL41nD57dpgMDbBNYNuWTCmfYVMZPlkbSeK6VZHx3DWHTt5GEN8ZXv92NX4G
trP27je2kVGQiEFeORa64Xjt2pOcSWYHD0vgUAhpYms+wknV8PLmQMqIVMnsNaFv
L5PVGXlXKkf0P41fWJZwWVxnKZk8twfiCb1RhTWiWULGyoCMskTqiV0dv2RABlT2
UWVXgCW+Kfba+s/Mm3MwxV8+JR/8VeXh6gfawG2jCIqCdeUXk69o7lPGhJOW/Jvd
aSjVT02634cDOjfHVVPjjrJSm8JJuk/q1KvhyHveeAwfUIkpKtI=
=4ToY
-----END PGP SIGNATURE-----
More information about the Eoan-changes
mailing list