squid3 (3.5.12-1ubuntu2) xenial; urgency=medium * debian/squid.postinst: Fix dist-upgrade of squid by detecting service name (/etc/init.d/squid vs. squid3).
squid3 (3.5.12-1ubuntu1) xenial; urgency=medium * Merge from Debian (LP: #1473691). Remaining changes: - Add dep8 tests. - Use snakeoil certificates. - Run sarg-reports if present before rotating logs - debian/patches/90-cf.data.ubuntu.dpatch: add an example refresh pattern for debs. - Add disabled by default AppArmor profile. Versioned dependency on init-system-helpers (>> 1.22ubuntu5) to ensure we have the apparmor-profile-load script at boot time. * Drop changes: - No longer needed: + Upstart job. + Dependency package for squid -> squid3: depcrecated; the transitional package now runs the other way. + Fix perl & pod2man config.tests. + fix-logical-not-parentheses-warning.patch. + fix-pod2name-pipe-failure.patch. + --disable-strict-error-checking to fix FTBFS. - NEWS.Debian: no longer relevant. - Hardening options: deprecated. - Add patch to show distribution: fixed in Debian (but see lsb-release B-D). - Enable parallel build: makes no difference to build time. - Force -O2 to work around build failure with -O3: presumed no longer needed. - Fixed upstream: + CVE-2014-3609.patch: confirmed fixed since 3.4.7 from upstream advisory. + Fix various ICMP handling issues in Squid pinger: confirmed fixed since 3.4.7 from upstream advisory. + fix-caching-vary-header.patch. + netfilter_fix.patch. * Drop Testsuite: header from dep8 tests: no longer required since dpkg-source >= 1.17.11 does it. * Revert "Set pidfile for systemd's sysv-generator" from Debian. systemd races the squid daemon for pidfile creation, causing systemd to consider the service start to have failed. Work around for now by not telling systemd to use the pidfile. * Add lsb-release build dep. This is required for the --enable-build-info line in debian/rules to work correctly. * Correctly rename conffiles migrated by Debian from squid3 to squid. * Remove conffile for old upstart job Ubuntu delta. * Rename Apparmor profile conffile. * Drop old transitional Apparmor code no longer required. * Adjust AppArmor profile for squid3->squid rename. * Drop versioned AppArmor dependency (transitional; no longer required). squid3 (3.5.12-1) unstable; urgency=medium [ Amos Jeffries <amosjeffr...@squid-cache.org> ] * New Upstream Release * debian/squid.postinst - remove unneeded config edits for manager ACL (Closes: #801564) * debian/patches/ - add upstream patch to cleanup FATAL log messages [ Mathieu Parent ] * Fix FATAL parsing before start/reload/restart (Closes: #800341) * Set pidfile for systemd's sysv-generator (Closes: #800341) squid3 (3.5.10-1) unstable; urgency=high [ Amos Jeffries <amosjeffr...@squid-cache.org> ] * New Upstream Release (Closes: #799923, #800876) * debian/squid.rc - Grok pid_filename from squid.conf (Closes: #520736) - Update SELinux context when creating directories (Closes: #798827) [ Luigi Gangitano <lu...@debian.org> ] - Urgency high due to regression fix for CVE-2015-5400. squid3 (3.5.7-1) unstable; urgency=medium [ Amos Jeffries <amosjeffr...@squid-cache.org> ] * New upstream release (Closes: #789602, #793400, #253777) * debian/rules - Add BUILDCXXFLAGS to use hardening flags during build * debian/squid.links - Add symlink for squid3.8 man(8) page to resolve lintian issue * debian/squid.postinst - Remove unnecessary 'squid -z' (Closes: #794639) [ Luigi Gangitano <lu...@debian.org> ] * Rebuild using GCC-5 (Closes: #794536) * debian/squid.postinst - Check for squid3 initscript before we try to execute it * debian/squid.rc - Set working directory to /var/run/squid squid3 (3.5.6-1) unstable; urgency=medium [ Amos Jeffries <amosjeffr...@squid-cache.org> ] * New upstream release (Closes: #760303) - Fixed upstream macro issue that fail to pass reproducible builds test - Fixes CVE-2015-5400: Improper Protection of Alternate Path (Closes: #793128) * Removed deprecated MSNT and MSNT-multi-domain authentication helpers * Transition squid3 to squid - Renamed squid3 package to squid (Closes: #521053, #565555, #672156) (Closes: #294431, #569575, #714334, #279840, #576423, #779127) - Renamed squid3-common package to squid-common - Renamed squid3-dbg package to squid-dbg - Add dummy transitional package squid3 * debian/patches/ - Removed patches included upstream and refresh others * debian/squid3-cgi.dirs - Removed old unused packaging file * debian/control - Add dependency on libgnutls28-dev for squidclient HTTPS support [ Luigi Gangitano <lu...@debian.org> ] * debian/control - Changed dependency on libecap3-dev (Closes: #789774) - Made squid-common conflict and replace squid3-common - Fixed dependencies and sections of transitional packages * {NEWS,README}.Debian - Added information on package name migration squid3 (3.4.8-6) unstable; urgency=medium [ Luigi Gangitano <lu...@debian.org> ] * debian/patches/31-squid-3.4-13199.patch - Added upstream patch fixing excessive CPU usage (Closes: #776461) * debian/patches/32-squid-3.4-13210.patch - Added upstream patch fixing excessive CPU and memory usage in NTLM and Negotiate authentication helpers (Closes: #776463) * debian/patches/33-squid-3.4-13211.patch - Added upstream patch fixing a possible replay vulnerability on Digest authentication (Closes: #776464) * debian/patches/34-squid-3.4-13213.patch - Added upstream patch fixing incorrect security permissions for TOS/DiffServ packet marking (Closes: #776468) * debian/patches/35-squid-3.4-13203.patch - Added upstream patch fixing squidclient unable to connect to host with both IPv4 and IPv6 addresses (Closes: #742425) squid3 (3.4.8-5) unstable; urgency=medium [ Luigi Gangitano <lu...@debian.org> ] * debian/squid3.{pre,post}inst - Moved ACL manager fix to postinst (Closes: #773032) squid3 (3.4.8-4) unstable; urgency=medium [ Luigi Gangitano <lu...@debian.org> ] * debian/squid3.preinst - Revert changes on abort-upgrade squid3 (3.4.8-3) unstable; urgency=medium [ Amos Jeffries <amosjeffr...@squid-cache.org> ] * debian/squid3.preinst - Remove obsolete manager ACL definition from squid.conf when upgrading squid3 package (Closes: #768170) [ Luigi Gangitano <lu...@debian.org> ] * debian/squid3.preinst - Fix configuration file only if needed and match any uncommented line squid3 (3.4.8-2) unstable; urgency=medium [ Santiago Garcia Mantinan <ma...@debian.org> ] * Add patch to remove bashisms from cert_tool * Add manual page for squid-purge * Create run_dir needed for SMP with several workers to run. This fixes #710126 (Closes: #732183, #760400) * Use CONFIG instead of sq (Closes: #763867) * Remove find_cache_type and use grepconf (both functions were =). * Allow find_cache_dir and grepconf to have whitespace in the beginning (Closes: #761209) * Add config check before reload/restart, thanks Freddy (Closes: #728222) [ Amos Jeffries <amosjeffr...@squid-cache.org> ] * debian/squid3.postinst - update grepconf to support SMP macros and sub-config files when locating cache_dir and effective user/group * debian/squid3.rc - remove special handling for obsolete COSS cache type - change grepconf to support SMP macros and sub-config files * debian/rules - add distribution details to squid -v display output this obsoletes the Ubuntu fix-distribution.patch * debian/control - bumped libecap dependency version to 0.2.0-2 * debian/squid3.resolvconf - added check on /usr availability before squid3 restart (Closes: #765476) [ Luigi Gangitano <lu...@debian.org> ] * debian/squid3.rc - Change config check to config parse on start/reload/restart * debian/control - Fixed XS-Vcs-Git Header pointing anonscm.debian.org squid3 (3.4.8-1) unstable; urgency=high * Urgency high due to security fixes [ Amos Jeffries <amosjeffr...@squid-cache.org> ] * New upstream release (Closes: #737008) - Fixes CVE-2014-6270: off by one in snmp subsystem (Closes: #761002) - Fixes CVE-2014-CVE-2014-7141 and CVE-214-7142 (Closes: #760999) + pinger remote DoS vulnerabilities - Fixes CVE-2014-0128: Denial of Service in SSL-Bump (Closes: #741312) * debian/patches/ - remove CVE-2014-3609.patch included upstream - remove 17-pod2man-check.patch obsoleted by new version - add upstream patch 21-squid-3.4-13176-memoryleak.patch: memory leak in external_acl_type helper with cache=0 or ttl=0 * debian/rules - add --disable-arch-native to build with portable CPU support * debian/control - libecap API support is specific to version 0.2.0 - use nettle for crypto library * debian/watch - updated watch pattern for upstream major series * debian/rules - Remove obsolete --enable-underscores (Closes: #693905) [ Luigi Gangitano <lu...@debian.org> ] * debian/patches/ - refreshed all patches to match 3.4.8 * debian/control - Added dependency for missing intepreter ksh - Bumped Standard-Version to 3.9.6, no change needed - Added XS-Vcs-Git Header pointing to Alioth repository squid3 (3.3.8-1.2) unstable; urgency=high * Non-maintainer upload by the Security Team. * Add CVE-2014-3609.patch patch. CVE-2014-3609: Denial of Service in Range header processing. Ignore Range headers with unidentifiable byte-range values. If squid is unable to determine the byte value for ranges, treat the header as invalid. (Closes: #759509) squid3 (3.3.8-1.1) unstable; urgency=low * Non-maintainer upload. * Fix "FTBFS: cp: cannot stat '/«PKGBUILDDIR»/debian/tmp/usr/share/man/man8/basic_db_auth.8': No such file or directory": new patch 17-pod2man-check.patch: fix config.test files' check for perl and pod2man (Closes: #725599) Date: Mon, 28 Mar 2016 11:20:35 -0500 Changed-By: Ryan Harper <ryan.har...@canonical.com> Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> Signed-By: Serge Hallyn <serge.hal...@ubuntu.com> https://launchpad.net/ubuntu/+source/squid3/3.5.12-1ubuntu2
Format: 1.8 Date: Mon, 28 Mar 2016 11:20:35 -0500 Source: squid3 Binary: squid3 squid squid-dbg squid-common squidclient squid-cgi squid-purge Architecture: source Version: 3.5.12-1ubuntu2 Distribution: xenial Urgency: high Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> Changed-By: Ryan Harper <ryan.har...@canonical.com> Description: squid - Full featured Web Proxy cache (HTTP proxy) squid-cgi - Full featured Web Proxy cache (HTTP proxy) - control CGI squid-common - Full featured Web Proxy cache (HTTP proxy) - common files squid-dbg - Full featured Web Proxy cache (HTTP proxy) - Debug symbols squid-purge - Full featured Web Proxy cache (HTTP proxy) - control utility squid3 - Dummy transitional package. squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility Closes: 253777 279840 294431 520736 521053 565555 569575 576423 672156 693905 714334 725599 728222 732183 737008 741312 742425 759509 760303 760400 760999 761002 761209 763867 765476 768170 773032 776461 776463 776464 776468 779127 789602 789774 793128 793400 794536 794639 798827 799923 800341 800876 801564 Launchpad-Bugs-Fixed: 1473691 Changes: squid3 (3.5.12-1ubuntu2) xenial; urgency=medium . * debian/squid.postinst: Fix dist-upgrade of squid by detecting service name (/etc/init.d/squid vs. squid3). . squid3 (3.5.12-1ubuntu1) xenial; urgency=medium . * Merge from Debian (LP: #1473691). Remaining changes: - Add dep8 tests. - Use snakeoil certificates. - Run sarg-reports if present before rotating logs - debian/patches/90-cf.data.ubuntu.dpatch: add an example refresh pattern for debs. - Add disabled by default AppArmor profile. Versioned dependency on init-system-helpers (>> 1.22ubuntu5) to ensure we have the apparmor-profile-load script at boot time. * Drop changes: - No longer needed: + Upstart job. + Dependency package for squid -> squid3: depcrecated; the transitional package now runs the other way. + Fix perl & pod2man config.tests. + fix-logical-not-parentheses-warning.patch. + fix-pod2name-pipe-failure.patch. + --disable-strict-error-checking to fix FTBFS. - NEWS.Debian: no longer relevant. - Hardening options: deprecated. - Add patch to show distribution: fixed in Debian (but see lsb-release B-D). - Enable parallel build: makes no difference to build time. - Force -O2 to work around build failure with -O3: presumed no longer needed. - Fixed upstream: + CVE-2014-3609.patch: confirmed fixed since 3.4.7 from upstream advisory. + Fix various ICMP handling issues in Squid pinger: confirmed fixed since 3.4.7 from upstream advisory. + fix-caching-vary-header.patch. + netfilter_fix.patch. * Drop Testsuite: header from dep8 tests: no longer required since dpkg-source >= 1.17.11 does it. * Revert "Set pidfile for systemd's sysv-generator" from Debian. systemd races the squid daemon for pidfile creation, causing systemd to consider the service start to have failed. Work around for now by not telling systemd to use the pidfile. * Add lsb-release build dep. This is required for the --enable-build-info line in debian/rules to work correctly. * Correctly rename conffiles migrated by Debian from squid3 to squid. * Remove conffile for old upstart job Ubuntu delta. * Rename Apparmor profile conffile. * Drop old transitional Apparmor code no longer required. * Adjust AppArmor profile for squid3->squid rename. * Drop versioned AppArmor dependency (transitional; no longer required). . squid3 (3.5.12-1) unstable; urgency=medium . [ Amos Jeffries <amosjeffr...@squid-cache.org> ] * New Upstream Release . * debian/squid.postinst - remove unneeded config edits for manager ACL (Closes: #801564) . * debian/patches/ - add upstream patch to cleanup FATAL log messages . [ Mathieu Parent ] * Fix FATAL parsing before start/reload/restart (Closes: #800341) * Set pidfile for systemd's sysv-generator (Closes: #800341) . squid3 (3.5.10-1) unstable; urgency=high . [ Amos Jeffries <amosjeffr...@squid-cache.org> ] * New Upstream Release (Closes: #799923, #800876) . * debian/squid.rc - Grok pid_filename from squid.conf (Closes: #520736) - Update SELinux context when creating directories (Closes: #798827) . [ Luigi Gangitano <lu...@debian.org> ] - Urgency high due to regression fix for CVE-2015-5400. . squid3 (3.5.7-1) unstable; urgency=medium . [ Amos Jeffries <amosjeffr...@squid-cache.org> ] * New upstream release (Closes: #789602, #793400, #253777) . * debian/rules - Add BUILDCXXFLAGS to use hardening flags during build . * debian/squid.links - Add symlink for squid3.8 man(8) page to resolve lintian issue . * debian/squid.postinst - Remove unnecessary 'squid -z' (Closes: #794639) . [ Luigi Gangitano <lu...@debian.org> ] * Rebuild using GCC-5 (Closes: #794536) . * debian/squid.postinst - Check for squid3 initscript before we try to execute it . * debian/squid.rc - Set working directory to /var/run/squid . squid3 (3.5.6-1) unstable; urgency=medium . [ Amos Jeffries <amosjeffr...@squid-cache.org> ] * New upstream release (Closes: #760303) - Fixed upstream macro issue that fail to pass reproducible builds test - Fixes CVE-2015-5400: Improper Protection of Alternate Path (Closes: #793128) . * Removed deprecated MSNT and MSNT-multi-domain authentication helpers . * Transition squid3 to squid - Renamed squid3 package to squid (Closes: #521053, #565555, #672156) (Closes: #294431, #569575, #714334, #279840, #576423, #779127) - Renamed squid3-common package to squid-common - Renamed squid3-dbg package to squid-dbg - Add dummy transitional package squid3 . * debian/patches/ - Removed patches included upstream and refresh others . * debian/squid3-cgi.dirs - Removed old unused packaging file . * debian/control - Add dependency on libgnutls28-dev for squidclient HTTPS support . [ Luigi Gangitano <lu...@debian.org> ] * debian/control - Changed dependency on libecap3-dev (Closes: #789774) - Made squid-common conflict and replace squid3-common - Fixed dependencies and sections of transitional packages . * {NEWS,README}.Debian - Added information on package name migration . squid3 (3.4.8-6) unstable; urgency=medium . [ Luigi Gangitano <lu...@debian.org> ] * debian/patches/31-squid-3.4-13199.patch - Added upstream patch fixing excessive CPU usage (Closes: #776461) . * debian/patches/32-squid-3.4-13210.patch - Added upstream patch fixing excessive CPU and memory usage in NTLM and Negotiate authentication helpers (Closes: #776463) . * debian/patches/33-squid-3.4-13211.patch - Added upstream patch fixing a possible replay vulnerability on Digest authentication (Closes: #776464) . * debian/patches/34-squid-3.4-13213.patch - Added upstream patch fixing incorrect security permissions for TOS/DiffServ packet marking (Closes: #776468) . * debian/patches/35-squid-3.4-13203.patch - Added upstream patch fixing squidclient unable to connect to host with both IPv4 and IPv6 addresses (Closes: #742425) . squid3 (3.4.8-5) unstable; urgency=medium . [ Luigi Gangitano <lu...@debian.org> ] * debian/squid3.{pre,post}inst - Moved ACL manager fix to postinst (Closes: #773032) . squid3 (3.4.8-4) unstable; urgency=medium . [ Luigi Gangitano <lu...@debian.org> ] * debian/squid3.preinst - Revert changes on abort-upgrade . squid3 (3.4.8-3) unstable; urgency=medium . [ Amos Jeffries <amosjeffr...@squid-cache.org> ] * debian/squid3.preinst - Remove obsolete manager ACL definition from squid.conf when upgrading squid3 package (Closes: #768170) . . [ Luigi Gangitano <lu...@debian.org> ] * debian/squid3.preinst - Fix configuration file only if needed and match any uncommented line . squid3 (3.4.8-2) unstable; urgency=medium . [ Santiago Garcia Mantinan <ma...@debian.org> ] * Add patch to remove bashisms from cert_tool * Add manual page for squid-purge * Create run_dir needed for SMP with several workers to run. This fixes #710126 (Closes: #732183, #760400) * Use CONFIG instead of sq (Closes: #763867) * Remove find_cache_type and use grepconf (both functions were =). * Allow find_cache_dir and grepconf to have whitespace in the beginning (Closes: #761209) * Add config check before reload/restart, thanks Freddy (Closes: #728222) . [ Amos Jeffries <amosjeffr...@squid-cache.org> ] * debian/squid3.postinst - update grepconf to support SMP macros and sub-config files when locating cache_dir and effective user/group . * debian/squid3.rc - remove special handling for obsolete COSS cache type - change grepconf to support SMP macros and sub-config files . * debian/rules - add distribution details to squid -v display output this obsoletes the Ubuntu fix-distribution.patch . * debian/control - bumped libecap dependency version to 0.2.0-2 . * debian/squid3.resolvconf - added check on /usr availability before squid3 restart (Closes: #765476) . [ Luigi Gangitano <lu...@debian.org> ] * debian/squid3.rc - Change config check to config parse on start/reload/restart . * debian/control - Fixed XS-Vcs-Git Header pointing anonscm.debian.org . squid3 (3.4.8-1) unstable; urgency=high . * Urgency high due to security fixes . [ Amos Jeffries <amosjeffr...@squid-cache.org> ] * New upstream release (Closes: #737008) - Fixes CVE-2014-6270: off by one in snmp subsystem (Closes: #761002) - Fixes CVE-2014-CVE-2014-7141 and CVE-214-7142 (Closes: #760999) + pinger remote DoS vulnerabilities - Fixes CVE-2014-0128: Denial of Service in SSL-Bump (Closes: #741312) . * debian/patches/ - remove CVE-2014-3609.patch included upstream - remove 17-pod2man-check.patch obsoleted by new version - add upstream patch 21-squid-3.4-13176-memoryleak.patch: memory leak in external_acl_type helper with cache=0 or ttl=0 . * debian/rules - add --disable-arch-native to build with portable CPU support . * debian/control - libecap API support is specific to version 0.2.0 - use nettle for crypto library . * debian/watch - updated watch pattern for upstream major series . * debian/rules - Remove obsolete --enable-underscores (Closes: #693905) . [ Luigi Gangitano <lu...@debian.org> ] * debian/patches/ - refreshed all patches to match 3.4.8 . * debian/control - Added dependency for missing intepreter ksh - Bumped Standard-Version to 3.9.6, no change needed - Added XS-Vcs-Git Header pointing to Alioth repository . squid3 (3.3.8-1.2) unstable; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2014-3609.patch patch. CVE-2014-3609: Denial of Service in Range header processing. Ignore Range headers with unidentifiable byte-range values. If squid is unable to determine the byte value for ranges, treat the header as invalid. (Closes: #759509) . squid3 (3.3.8-1.1) unstable; urgency=low . * Non-maintainer upload. * Fix "FTBFS: cp: cannot stat '/«PKGBUILDDIR»/debian/tmp/usr/share/man/man8/basic_db_auth.8': No such file or directory": new patch 17-pod2man-check.patch: fix config.test files' check for perl and pod2man (Closes: #725599) Checksums-Sha1: 4ba7f5927c576735670369e33ce0ba5bd09d7947 2159 squid3_3.5.12-1ubuntu2.dsc 51a217a1c0a7da7739c69cbb1ccd2bcb4a406147 43496 squid3_3.5.12-1ubuntu2.debian.tar.xz Checksums-Sha256: d41e745b5158de74e0136e68199afff6349c4611d9dd57b2315da8980509a54f 2159 squid3_3.5.12-1ubuntu2.dsc be7410e61c4d81fc7b87fd770762f7f427788aa24acd1ef4a8598dd01f6bfc6d 43496 squid3_3.5.12-1ubuntu2.debian.tar.xz Files: f2e06b5c0dcdd6ac1cddd191f1fd299e 2159 web optional squid3_3.5.12-1ubuntu2.dsc 2608e72b38b97fa8d8cadca9287da96d 43496 web optional squid3_3.5.12-1ubuntu2.debian.tar.xz Original-Maintainer: Luigi Gangitano <lu...@debian.org>
-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes