[ubuntu/focal-proposed] squid 4.10-1ubuntu1 (Accepted)

[Andreas Hasenack]

squid (4.10-1ubuntu1) focal; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/usr.sbin.squid: Add sections for maas-proxy, squid-deb-proxy,
      squidguard
    - d/p/90-cf.data.ubuntu.patch: Add an example refresh pattern for debs.
    - Use snakeoil certificates:
      + d/control: add ssl-cert to dependencies
      + d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
        to the default config file
    - d/rules: Add -Wno-format-truncation to CXXFLAGS as a workaround if
      building for ppc64el. On that arch, dpkg-buildflags sets -O3 instead of
      -O2 and that triggers a format-truncation error on pcon.cc. See
      See https://bugs.squid-cache.org/show_bug.cgi?id=4875
    - d/p/drop-sysctl_h.patch: no longer include sysctl.h as it was
      deprecated in glibc 2.30 (LP #1843325)
  * Dropped:
    - d/t/control, d/t/test-squid.py: remove gopher tests, as pygopherd is
      no longer available in Focal (LP: #1858827)
      [In 4.10-1, undocumented]
    - d/t/test-squid.py, d/t/squid: switch to python3
      [In 4.10-1, undocumented]
    - d/t/control: depend on python3-minimal
      [In 4.10-1, undocumented]
    - SECURITY UPDATE: info disclosure via FTP server
      + debian/patches/CVE-2019-12528.patch: fix FTP buffers handling in
        src/clients/FtpGateway.cc.
      + CVE-2019-12528
      [Fixed upstream]
    - SECURITY UPDATE: incorrect input validation and buffer management
      + debian/patches/CVE-2020-84xx.patch: fix request URL generation in
        reverse proxy configurations in src/client_side.cc.
      + CVE-2020-8449
      + CVE-2020-8450
      [Fixed upstream]
    - SECURITY UPDATE: DoS in NTLM authentication
      + debian/patches/CVE-2020-8517.patch: improved username handling in
        src/acl/external/LM_group/ext_lm_group_acl.cc.
      + CVE-2020-8517
      [Fixed upstream]

squid (4.10-1) unstable; urgency=high

  [ Amos Jeffries <amosjeffries at squid-cache.org> ]
  * New Upstream Release (Closes: #950641)
    - Fixes security issue SQUID-2020:1 (CVE-2020-8449) (CVE-2020-8450)
      (Closes: #950802)
    - Fixes security issue SQUID-2020:2 (CVE-2019-12528) (Closes: #950925)
    - Fixes security issue SQUID-2020:3 (CVE-2020-8517)

  * debian/NEWS
    - Fix syntax to make lintian happier

  * debian/control
    - Bumped Standards-Version to 4.5.0, no change needed

  [ Luigi Gangitano <luigi at debian.org> ]
  * debian/control
    - Drop squid3 transitional package (Closes: #940785)

Date: Tue, 25 Feb 2020 15:37:55 -0300
Changed-By: Andreas Hasenack <andreas at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/squid/4.10-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 25 Feb 2020 15:37:55 -0300
Source: squid
Architecture: source
Version: 4.10-1ubuntu1
Distribution: focal
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Andreas Hasenack <andreas at canonical.com>
Closes: 940785 950641 950802 950925
Launchpad-Bugs-Fixed: 1858827
Changes:
 squid (4.10-1ubuntu1) focal; urgency=medium
 .
   * Merge with Debian unstable. Remaining changes:
     - d/usr.sbin.squid: Add sections for maas-proxy, squid-deb-proxy,
       squidguard
     - d/p/90-cf.data.ubuntu.patch: Add an example refresh pattern for debs.
     - Use snakeoil certificates:
       + d/control: add ssl-cert to dependencies
       + d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
         to the default config file
     - d/rules: Add -Wno-format-truncation to CXXFLAGS as a workaround if
       building for ppc64el. On that arch, dpkg-buildflags sets -O3 instead of
       -O2 and that triggers a format-truncation error on pcon.cc. See
       See https://bugs.squid-cache.org/show_bug.cgi?id=4875
     - d/p/drop-sysctl_h.patch: no longer include sysctl.h as it was
       deprecated in glibc 2.30 (LP #1843325)
   * Dropped:
     - d/t/control, d/t/test-squid.py: remove gopher tests, as pygopherd is
       no longer available in Focal (LP: #1858827)
       [In 4.10-1, undocumented]
     - d/t/test-squid.py, d/t/squid: switch to python3
       [In 4.10-1, undocumented]
     - d/t/control: depend on python3-minimal
       [In 4.10-1, undocumented]
     - SECURITY UPDATE: info disclosure via FTP server
       + debian/patches/CVE-2019-12528.patch: fix FTP buffers handling in
         src/clients/FtpGateway.cc.
       + CVE-2019-12528
       [Fixed upstream]
     - SECURITY UPDATE: incorrect input validation and buffer management
       + debian/patches/CVE-2020-84xx.patch: fix request URL generation in
         reverse proxy configurations in src/client_side.cc.
       + CVE-2020-8449
       + CVE-2020-8450
       [Fixed upstream]
     - SECURITY UPDATE: DoS in NTLM authentication
       + debian/patches/CVE-2020-8517.patch: improved username handling in
         src/acl/external/LM_group/ext_lm_group_acl.cc.
       + CVE-2020-8517
       [Fixed upstream]
 .
 squid (4.10-1) unstable; urgency=high
 .
   [ Amos Jeffries <amosjeffries at squid-cache.org> ]
   * New Upstream Release (Closes: #950641)
     - Fixes security issue SQUID-2020:1 (CVE-2020-8449) (CVE-2020-8450)
       (Closes: #950802)
     - Fixes security issue SQUID-2020:2 (CVE-2019-12528) (Closes: #950925)
     - Fixes security issue SQUID-2020:3 (CVE-2020-8517)
 .
   * debian/NEWS
     - Fix syntax to make lintian happier
 .
   * debian/control
     - Bumped Standards-Version to 4.5.0, no change needed
 .
   [ Luigi Gangitano <luigi at debian.org> ]
   * debian/control
     - Drop squid3 transitional package (Closes: #940785)
Checksums-Sha1:
 b0bf08f36d8ab79d1aac39480a4901d118bea7da 2729 squid_4.10-1ubuntu1.dsc
 b8b267771550bb8c7f2b2968b305118090e7217a 2445848 squid_4.10.orig.tar.xz
 15d038de77eb37cddf7e5b96910d6f39caba339d 43736 squid_4.10-1ubuntu1.debian.tar.xz
 8e9d8e25de8a39fb47f06c008d304ed54f8e2203 8884 squid_4.10-1ubuntu1_source.buildinfo
Checksums-Sha256:
 0017a4f5dd925a4ae6f0db5028f98d57bd676f33fa334fa4b793d9f8bda37fc9 2729 squid_4.10-1ubuntu1.dsc
 98f0100afd8a42ea5f6b81eb98b0e4b36d7a54beab1c73d2f1705ab49b025f1f 2445848 squid_4.10.orig.tar.xz
 9d3f10364389ccf6ce14b36051969ebbe74433dc3ef39c3e5b5897e78bcb1c59 43736 squid_4.10-1ubuntu1.debian.tar.xz
 4f637e796836ba92e20bc44577f4eefc17160f09a1d4c9b3655965ec197125ff 8884 squid_4.10-1ubuntu1_source.buildinfo
Files:
 e5819c15fc3567992fedf418e89b9eef 2729 web optional squid_4.10-1ubuntu1.dsc
 af7ac6e70f9bd03ae4fcec0c9b99c38a 2445848 web optional squid_4.10.orig.tar.xz
 f4b794c25d68c1a4a0660156273ac294 43736 web optional squid_4.10-1ubuntu1.debian.tar.xz
 62dfcd2ac06b8a3933050e1ed8b278da 8884 web optional squid_4.10-1ubuntu1_source.buildinfo
Original-Maintainer: Luigi Gangitano <luigi at debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEiGZB1jWM2kalbBxyrJg+tb9ry6kFAl5WYcoACgkQrJg+tb9r
y6nLsBAAzR7+omRo3DJYh1t0HsG9/QS5kWBXy5C2RG7Ss+lSrXjR8Tgn+Ti7pJPo
/o9DOhdpFEcPJqF287C3dMU99ymgUEWsaXsu2XfR54joMy4Ds0c1ElcngrK0jZRj
5N6fakBpvut3l12E1C0E0UY+t1swBnFV43KcpP14cvnaQaAbULjNqfQUXA/IrjZW
vQfNwF0sFRxyv7uLgBQ8LJ/PzHqAD/r1/ljJiXLg5u4+llZT/vhtemFEAbIh/3kq
VUrcezFUamHuUQv9JrQREq496JC6ACQcVmwtaWB2iXRAGWjScTiVfkJUHy4alFoJ
o6KgPvS6IRYZU8DJ5FmuD9RhmS0XbT7KPuEy/JkM6b3+JMSw5t7dtXcZwA52QG53
+8a4u0kQB59QCAk5tI1FhwfPzhl/BJJNuYNCjrm+G4PHsuVd58JTHaThW2yyLe4t
vkRzz4P9sBfBdax/OGakjjC1+3V9EXft8jgw7OG6167aZ1cIjBoWl++ANrVXcI1r
oEeYM88zyHQmIVhF2e2bk07yh+xeY5clL7UNa5TEoNWxuhA6/C8PIicdqThQzehu
rddetfLF2oJR6tL/+IlTsMQSdqhOiSM2dfsuHVXn6r8N53aVVIgGUY3/MgUMAgkQ
oOnPMVQjQmBVdTJAJ6FFw5z+h28wX4LyiNzAP/XUu0nIAKFGaQQ=
=ZV6Z
-----END PGP SIGNATURE-----