-
squid (4.13-10ubuntu5.1) impish-security; urgency=medium
* SECURITY UPDATE: Denial of Service in Gopher Processing
- debian/patches/CVE-2021-46784.patch: improve handling of Gopher
responses in src/gopher.cc.
- CVE-2021-46784
-- Marc Deslauriers <email address hidden> Tue, 21 Jun 2022 13:43:49 -0400
-
squid (4.13-10ubuntu5) impish; urgency=medium
* SECURITY UPDATE: information disclosure via OOB read in WCCP protocol
- debian/patches/CVE-2021-28116.patch: validate packets better in
src/wccp2.cc.
- CVE-2021-28116
-- Marc Deslauriers <email address hidden> Mon, 04 Oct 2021 08:20:07 -0400
-
squid (4.13-10ubuntu4) impish; urgency=medium
* Fix FTBFS with GCC 11 (LP: #1939352)
- d/p/add-missing-limits-include-connmark.patch: Add missing
<limits> include to src/acl/ConnMark.cc.
- d/p/fix-max-pkt-sz-for-icmpEchoData-padding.patch.patch: Expand
MAX_PKT{4,6}_SZ to accomodate for icmp{,6_}hdr.
- d/p/replace-cbdata-offset-hack-with-offsetof.patch: Replace
cbdata::Offset hack with offsetof().
- d/p/workaround-gcc11-wstringop-overread-bug.patch: Workaround
GCC 11 -Wstringop-overread bug.
-- Sergio Durigan Junior <email address hidden> Fri, 20 Aug 2021 00:19:41 -0400
-
squid (4.13-10ubuntu3) impish; urgency=medium
* Fix failure to build on RISC-V (LP: #1934891)
-- Heinrich Schuchardt <email address hidden> Wed, 07 Jul 2021 14:11:51 +0200
-
squid (4.13-10ubuntu2) impish; urgency=medium
* No-change rebuild due to OpenLDAP soname bump.
-- Sergio Durigan Junior <email address hidden> Mon, 21 Jun 2021 18:09:05 -0400
-
squid (4.13-10ubuntu1) impish; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/usr.sbin.squid: Add sections for squid-deb-proxy and
squidguard
- d/p/90-cf.data.ubuntu.patch: Add refresh patterns for deb
packaging
- Use snakeoil certificates:
+ d/control: add ssl-cert to dependencies
+ d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
to the default config file
- d/rules, d/NEWS: drop the NIS basic auth helper (LP: #1895694)
- d/p/0008-Fix-free-nonheap-object-warning-error-on-snmp_core.c.patch:
Fix call to free on nonheap-object in snmpCreateOidFromStr
squid (4.13-10) unstable; urgency=medium
[ Francisco Vilmar Cardoso Ruviaro ]
* Add debian/patches/0007-CVE-2021-28651.patch to fix a Denial
of Service in URN processing. (Closes: #988893, CVE-2021-28651)
[ Santiago Garcia Mantinan ]
* Add patch to fix a Denial of Service in HTTP Response Processing.
Fixes: CVE-2021-28662. Closes: #988891.
* Add patch to fix a Denial of Service issue in Cache Manager.
Fixes: CVE-2021-28652. Closes: #988892.
* Add patch to fix Multiple Issues in HTTP Range header.
Fixes: CVE-2021-31806 CVE-2021-31807 CVE-2021-31808. Closes: #989043.
* Add patch to fix a Denial of Service in HTTP Response processing.
Fixes: GHSA-572g-rvwr-6c7f.
-- Marc Deslauriers <email address hidden> Fri, 04 Jun 2021 12:49:43 -0400
-
squid (4.13-9ubuntu1) impish; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/usr.sbin.squid: Add sections for squid-deb-proxy and
squidguard
- d/p/90-cf.data.ubuntu.patch: Add refresh patterns for deb
packaging
- Use snakeoil certificates:
+ d/control: add ssl-cert to dependencies
+ d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
to the default config file
- d/rules, d/NEWS: drop the NIS basic auth helper (LP: #1895694)
- d/p/0008-Fix-free-nonheap-object-warning-error-on-snmp_core.c.patch:
Fix call to free on nonheap-object in snmpCreateOidFromStr
* Drop changes:
- debian/patches/CVE-2020-25097.patch: Add slash prefix to path-
rootless or path-noscheme URLs in src/anyp/Uri.cc.
[Included in 4.13-8]
- d/usr.sbin.squid: Add section for maas-proxy
[maas-proxy is no longer shipped as a deb package]
squid (4.13-9) unstable; urgency=medium
* Clarify on NEWS and scripts that we no longer remove logs on purge.
* Clarify on postrm script that the debhelper code was put manually.
* Add README.Debian to squid-openssl.
squid (4.13-8) unstable; urgency=medium
* Add SQUID-2020_11.patch to fix HTTP Request Smuggling.
Fixes: CVE-2020-25097. Closes: #985068.
squid (4.13-7) unstable; urgency=medium
* Add full postrm scripts while we don't solve #984897 on debhelper.
Closes: #984880.
squid (4.13-6) unstable; urgency=medium
* Stop removing cache and config file on postrm. Closes: #984510.
* Increase debhelper build dependency to 12.8 as we need that from -5.
* Add NEWS note on the problem with purge on previous versions.
squid (4.13-5) unstable; urgency=high
* Have a deeper look and change all dpkg-buildpackage commands
for similar dh ones. At least at home it works now.
squid (4.13-4) unstable; urgency=high
* Remove pre-build from upstream-test-suite.
squid (4.13-3) unstable; urgency=high
* Source only upload to allow migration to testing.
* At 4.13-2 we also enabled --enable-ssl-crtd. (Closes: #898307)
* Fix build dependencies.
squid (4.13-2) unstable; urgency=high
* Add a new brand, the new squid-openssl package compiled
with openssl. (Closes: #966395)
* Change rules to allow double building the two brands.
* Update Standandards-Version.
-- Athos Ribeiro <email address hidden> Tue, 18 May 2021 10:51:16 -0300
-
squid (4.13-1ubuntu4) hirsute; urgency=medium
* d/p/0008-Fix-free-nonheap-object-warning-error-on-snmp_core.c.patch:
Fix FTBFS on Hirsute s390x when compiling with GCC 10.2.0.
-- Sergio Durigan Junior <email address hidden> Mon, 05 Apr 2021 12:00:02 -0400
