squid 4.11-5ubuntu1 source package in Ubuntu

Changelog

squid (4.11-5ubuntu1) groovy; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/usr.sbin.squid: Add sections for maas-proxy, squid-deb-proxy,
      squidguard
    - d/p/90-cf.data.ubuntu.patch: Add an example refresh pattern for
      debs.
    - Use snakeoil certificates:
      + d/control: add ssl-cert to dependencies
      + d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl to the
        default config file
    - d/rules: Add -Wno-format-truncation to CXXFLAGS as a workaround if
      building for ppc64el. On that arch, dpkg-buildflags sets -O3 instead
      of -O2 and that triggers a format-truncation error on pcon.cc. See See
      https://bugs.squid-cache.org/show_bug.cgi?id=4875
  * Dropped:
    - d/p/drop-sysctl_h.patch: no longer include sysctl.h as it was
      deprecated in glibc 2.30 (LP #1843325)
      [ In 4.11-4 ]
    - SECURITY UPDATE: multiple ESI issues
      + debian/patches/CVE-2019-12519_12521.patch: convert parse exceptions
        into 500 status response in src/esi/Context.h, src/esi/Esi.cc,
        src/esi/Esi.h, src/esi/Expression.cc.
      + CVE-2019-12519
      [ In 4.11-4 ]
    - SECURITY UPDATE: Digest Authentication nonce replay issue
      + debian/patches/CVE-2020-11945.patch: fix auth digest refcount integer
        overflow in src/auth/digest/Config.cc.
      [ In 4.11-4 ]
  * Added:
    - Don't restart squid by hand on postinst script
      + d/squid.postinst: When installing/upgrading squid, the service
        is being restarted manually in the postinst script, which can
        break installations that have the squid apparmor enabled because
        it will try to restart the service before reloading the apparmor
        profile.  There is no reason to restart squid manually, since the
        restart will be automatically performed later.
    - Drop conffile check for squid < 2.7
      + d/squid.postinst: squid 2.7 is long, long gone, so it should be
        safe to drop the postinst code to make sure that
        /etc/squid/squid.conf was properly upgraded.

squid (4.11-5) unstable; urgency=medium

  [ Sergio Durigan Junior <email address hidden> ]
  * Don't install /run/squid (use systemd's RuntimeDirectory instead).
    Debian Policy states that /run is normally cleared at boot time, and
    therefore packages must not install files/directories under /run.
    Init scripts should be taught to dynamically handle /run instead.
    This change uses systemd's RuntimeDirectory and RuntimeDirectoryMode
    directives when starting the squid service in order to guarantee that
    /run/squid/ will be created with the correct permission.  This has the
    added benefit of deleting the directory when the service is stopped.
    (Closes: #960327)
  * Allow /run/system/notify to be accessed by squid.
    When apparmor is enabled and the squid profile is enforced, we must
    make sure that the daemon will be able to access the
    /run/system/notify file (because squid's systemd service file type is
    "notify").

  [ Luigi Gangitano <email address hidden> ]
  * debian/NEWS
    - Fix unknown version of latest entry

squid (4.11-4) unstable; urgency=medium

  [ Amos Jeffries <email address hidden> ]
  * Fix permissions on /run/squid

squid (4.11-3) unstable; urgency=low

  [ Amos Jeffries <email address hidden> ]
  * Move PID file into /run/squid (Closes: #932593)

  * Mark squid-common package Multi-Arch:foreign

squid (4.11-2) unstable; urgency=high

  [ Amos Jeffries <email address hidden> ]
  * Add libsystemd-dev dependency on Linux (Closes: 958708)
    - fixes systemd timeout failure during install

  [ Luigi Gangitano <email address hidden> ]
  * debian/rules
    - Removed --as-needed flag

squid (4.11-1) unstable; urgency=high

  * Urgency high due to security fixes

  [ Amos Jeffries <email address hidden> ]
  * New Upstream Release (Closes: #957840, #929574, #910337)
    - Fixes security issue SQUID-2019:12 (CVE-2019-12519, CVE-2019-12521)
    - Fixes security issue SQUID-2020:4 (CVE-2020-11945)

  * debian/squid3.{maintscript,postinst,postrm,preinst,rc}
    - Remove unused and obsolete scripts

  * debian/squid.{postrm,preinst}
    - Remove obsolete script logic

  * debian/squid-common.postinst
    - Remove obsolete script

  * debian/changelog
    - Add missing historic CVE references

  * debian/patches/
    - Add upstream fix for missing Debug::Extra in systemd builds

 -- Sergio Durigan Junior <email address hidden>  Tue, 19 May 2020 14:43:04 -0400

Upload details

Uploaded by:
Sergio Durigan Junior
Sponsored by:
Andreas Hasenack
Uploaded to:
Groovy
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
web
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
squid_4.11.orig.tar.xz 2.3 MiB 4ed947612410263f57ad0e39bfd087e60fb714f028d7d3b0e469943efd34287d
squid_4.11-5ubuntu1.debian.tar.xz 43.4 KiB 69c76fa3327f2876668ad24e763333ed707385fbfec23c2270a7de0c937f08a7
squid_4.11-5ubuntu1.dsc 2.7 KiB 387d6cebe1835d1fa155ac6a579856be5bdbda3780ed081329fa5445b4491c9c

Available diffs

View changes file

Binary packages built by this source

squid: Full featured Web Proxy cache (HTTP proxy)

 Squid is a high-performance proxy caching server for web clients, supporting
 FTP, gopher, ICY and HTTP data objects.

squid-cgi: Full featured Web Proxy cache (HTTP proxy) - control CGI

 Squid is a high-performance proxy caching server for web clients, supporting
 FTP, gopher, ICY and HTTP data objects.
 .
 This package contains a CGI program that can be used to query and administrate
 a `squid' proxy cache through a web browser.

squid-cgi-dbgsym: debug symbols for squid-cgi
squid-common: Full featured Web Proxy cache (HTTP proxy) - common files

 Squid is a high-performance proxy caching server for web clients, supporting
 FTP, gopher, ICY and HTTP data objects.
 .
 This package contains common files (MIB and icons)

squid-dbgsym: debug symbols for squid
squid-purge: Full featured Web Proxy cache (HTTP proxy) - cache management utility

 Squid is a high-performance proxy caching server for web clients, supporting
 FTP, gopher, ICY and HTTP data objects.
 .
 This package contains a small utility that can be used to manage the disk cache
 from the command line.

squid-purge-dbgsym: debug symbols for squid-purge
squidclient: Full featured Web Proxy cache (HTTP proxy) - HTTP(S) message utility

 Squid is a high-performance proxy caching server for web clients, supporting
 FTP, gopher, ICY and HTTP data objects.
 .
 This package contains a small utility that can be used to get URLs from the
 command line.

squidclient-dbgsym: debug symbols for squidclient