squid3 (3.5.27-1ubuntu1) bionic; urgency=medium * Merge with Debian unstable (LP: #1751286). Remaining changes: - Add additional dep8 tests. - Use snakeoil certificates. - Add an example refresh pattern for debs. - Add disabled by default AppArmor profile. - Enable autoreconf. This is no longer required for the security updates, but is needed for the seddery of test-suite/Makefile.am in d/t/upstream-test-suite. - Correct attribution and add explanatory note in d/NEWS.debian. - Drop Conflicts/Replaces of squid against squid3. In Ubuntu, the migration happened in Xenial, so no upgrade path still requires this code. This reduces upgrade ordering difficulty. - Adjust seddery for upstream test squid binary location. - Revert "Set pidfile for systemd's sysv-generator" from Debian. - Drop wrong short-circuiting of various invocations; we always want to call the debhelper block. - GCC7 FTBFS fixes (LP #1712668): + d/rules: don't error when hitting the "deprecated" and "format-truncation" gcc7 warnings. Upstream 3.5.27 has fixes for these, but one in Format.cc that affects 32bit builds was deemed too intrusive for the 3.5 stable series and is only in squid 4.x * Dropped changes: - debian/patches/gcc7-squidpurge-4695.patch: GCC 7 build errors. Thanks to Lubos Uhliarik . [Already applied upstream] - debian/patches/gcc7-assert-wants-boolean.patch: assert() takes a boolean. Thanks to Amos Jeffries [Already applied upstream] - SECURITY UPDATE: denial of service in ESI Response processing + debian/patches/CVE-2018-1000024.patch: make sure endofName never exceeds tagEnd in src/esi/CustomParser.cc. + CVE-2018-1000024 [Added in 3.5.27-1] - SECURITY UPDATE: denial of service in in HTTP Message processing + debian/patches/CVE-2018-1000027.patch: fix indirect IP logging for transactions without a client connection in src/client_side_request.cc. + CVE-2018-1000027 [Included in 3.5.27-1] * Added changes: - Do not force gcc-6 -- Andreas Hasenack Tue, 27 Feb 2018 08:09:21 -0300 squid3 (3.5.27-1) unstable; urgency=high [ Amos Jeffries ] * New Upstream Release * debian/{control,rules} - Add temporary dependency on gcc-6 and g++-6 to workaround FTBFS in unstable * debian/patches/ - Fix security issue SQUID-2018:1 (CVE-2016-1000024) (Closes: #888719) - Fix security issue SQUID-2018:2 (CVE-2016-1000027) (Closes: #888720) [ Luigi Gangitano ] * debian/control - Changed priority to optional for squid3 and squid-dbg - Removed unneeded Build-Dep on autotools-dev * debian/rules - Include dpkg-architecture Makefile instead of invoking the binary at build time * debian/squid.postinst - Remove recursive chown calls -- Luigi Gangitano Tue, 13 Feb 2018 15:31:24 +0100 squid3 (3.5.23-5ubuntu2) bionic; urgency=medium * SECURITY UPDATE: denial of service in ESI Response processing - debian/patches/CVE-2018-1000024.patch: make sure endofName never exceeds tagEnd in src/esi/CustomParser.cc. - CVE-2018-1000024 * SECURITY UPDATE: denial of service in in HTTP Message processing - debian/patches/CVE-2018-1000027.patch: fix indirect IP logging for transactions without a client connection in src/client_side_request.cc. - CVE-2018-1000027 -- Marc Deslauriers Thu, 01 Feb 2018 10:08:51 -0500 squid3 (3.5.23-5ubuntu1) artful; urgency=medium * Merge with Debian unstable (LP: #1712653). Remaining changes: - Add additional dep8 tests. - Use snakeoil certificates. - Add an example refresh pattern for debs. - Add disabled by default AppArmor profile. - Enable autoreconf. This is no longer required for the security updates, but is needed for the seddery of test-suite/Makefile.am in d/t/upstream-test-suite. - Correct attribution and add explanatory note in d/NEWS.debian. - Drop Conflicts/Replaces of squid against squid3. In Ubuntu, the migration happened in Xenial, so no upgrade path still requires this code. This reduces upgrade ordering difficulty. - Adjust seddery for upstream test squid binary location. - Revert "Set pidfile for systemd's sysv-generator" from Debian. - Drop wrong short-circuiting of various invocations; we always want to call the debhelper block. * Drop: - Add missing Pre-Depends on adduser. [Fixed in Debian 3.5.23-2] * GCC7 FTBFS fixes (LP: #1712668): - d/rules: don't error when hitting the "deprecated" and "format-truncation" gcc7 warnings. Upstream 3.5.27 has fixes for these, but one in Format.cc that affects 32bit builds was deemed too intrusive for the 3.5 stable series and is only in squid 4.x - debian/patches/gcc7-squidpurge-4695.patch: GCC 7 build errors. Thanks to Lubos Uhliarik . - debian/patches/gcc7-assert-wants-boolean.patch: assert() takes a boolean. Thanks to Amos Jeffries -- Andreas Hasenack Thu, 24 Aug 2017 16:04:35 -0300 squid3 (3.5.23-5) unstable; urgency=medium * Reload squid so that it uses modified config, not default one. -- Santiago Garcia Mantinan Sat, 03 Jun 2017 00:36:55 +0200 squid3 (3.5.23-4) unstable; urgency=medium [ Andreas Beckmann ] * debian/squid.postinst - Fix another upgrade edge case from 2.7 default install (Closes: #801564) [ Amos Jeffries ] * debian/squid.logrotate - Add missing piece of fix for sarg daily reports (LP: #1414754) -- Santiago Garcia Mantinan Fri, 02 Jun 2017 00:19:55 +0200 squid3 (3.5.23-3) unstable; urgency=medium [ Amos Jeffries ] * debian/squid.preinst - Fix upgrade sequence from jesse squid3 package (Closes: #858556) [ Santiago Garcia Mantinan ] * debian/squid.{preinst,postinst,postrm} - Fix problems with empty squid3 dir and squid 2.7 installed (use the right logic with better checks). - Avoid install abortion by stopping squid3 only when it runs. [ Eric Veiras Galisson ] * debian/squid.rc - Fix returncode is wrong with conf file with errors (Closes: #857137) -- Santiago Garcia Mantinan Sat, 08 Apr 2017 02:52:28 +0200 squid3 (3.5.23-2) unstable; urgency=medium [ Santiago Garcia Mantinan ] * debian/squid.{preinst,postinst,postrm} - Fix upgrade sequence from 2.7 packages (Closes: #801564) [ Amos Jeffries ] * debian/control - Relax dependency between squid and squid-common packages (Closes: #399489) - Add squidclient Recommends on ssl-cert [ Robie Basak ] * debian/control - Add missing pre-depends on adduser - Add Vcs-Browser URL -- Santiago Garcia Mantinan Sun, 19 Mar 2017 23:23:57 +0100 squid3 (3.5.23-1ubuntu1) zesty; urgency=medium * Merge from Debian (LP: #1644538). Remaining changes: - Add additional dep8 tests. - Use snakeoil certificates. - Add an example refresh pattern for debs. - Add disabled by default AppArmor profile. - Revert "Set pidfile for systemd's sysv-generator" from Debian. - Drop wrong short-circuiting of various invocations; we always want to call the debhelper block. - Add missing Pre-Depends on adduser. - Enable autoreconf. This is no longer required for the security updates, but is needed for the seddery of test-suite/Makefile.am in d/t/upstream-test-suite. * Drop changes (adopted in Debian): - Run sarg-reports if present before rotating logs. - Add lsb-release build dep. * Drop changes that no longer make a functional difference in Ubuntu, but may still be relevant to send to Debian: - d/squid3.postinst: don't try to stop squid3 again. - d/squid3.postrm: don't rm -f conffiles in purge. - Drop squid3 dependencies on ${shlib:Depends} and lsb-base. - Drop creation of /etc/squid. * Drop unnecessary changes: - Add executable bits to d/squid.preinst. * Drop changes relating to the upgrade path from prior to Xenial, so no longer required: - /var/spool/squid3 upgrade path handling. - Conffile upgrade path handling. - Remove redundant version-guarded restart code from squid postinst. - Clean up apparmor links for usr.sbin.squid3 on upgrade. - Attempt to migrate /var/log/squid3 -> /var/log/squid on upgrade. - Add Breaks on older ufw to fix upgrade path. - Use Breaks instead of Conflicts. Instead, drop the Conflicts/Replaces entirely (see below). * Drop security fixes: all included in 3.5.23 upstream. * Drop Conflicts/Replaces of squid against squid3. In Ubuntu, the migration happened in Xenial, so no upgrade path still requires this code. This reduces upgrade ordering difficulty. * Fix failing autopkgtests: - Adjust Python module dependencies. - Correctly handle the squid3 -> squid rename. - Adjust seddery for upstream test squid binary location. * Drop dependency on init-system-helpers. This was introduced in LP 1432683. Since we no longer ship an upstart job, it is no longer required. * Correct attribution and add explanatory note in d/NEWS.debian. -- Robie Basak Tue, 24 Jan 2017 15:47:44 +0000 squid3 (3.5.23-1) unstable; urgency=high [ Amos Jeffries ] * New Upstream Release (Closes: #793473, #822952) - Fixes security issue SQUID-2016:10 (CVE-2016-10003) (Closes: #848491) - Fixes security issue SQUID-2016:11 (CVE-2016-10002) (Closes: #848493) * debian/patches/ - Remove patch included upstream * debian/tests/ - Use package build-deps when testing so the make commands will work -- Luigi Gangitano Sun, 18 Dec 2016 23:39:24 +0200 squid3 (3.5.22-1) unstable; urgency=medium [ Amos Jeffries ] * New Upstream Release * debian/patches - Add upstream patch to fix adaptation crashes * debian/{control, rules, squid.postinst} - Accept patch to remove setuid from pinger (Closes: #822992) [ Luigi Gangitano ] * debian/compat - Bump to debhelper compatibility level 10 * debian/{control,tests/} - Add DEP-8 autopkgtest for upstream test suite, thanks to Santiago Ruano Rincan (Closes: #829141) * debian/rules - Avoid linking with unneeded libraries, thanks to Yuriy M. Kaminskiyi (Closes: #822998) -- Luigi Gangitano Sat, 29 Oct 2016 23:13:00 +0200 squid3 (3.5.19-1) unstable; urgency=high [ Amos Jeffries ] * New Upstream Release (Closes: #823968) - Fixes security issue SQUID-2016:7 (CVE-2016-4553) - Fixes security issue SQUID-2016:8 (CVE-2016-4554) - Fixes security issue SQUID-2016:9 (CVE-2016-4555, CVE-2016-4556) * debian/control - Bumped Standards-Version to 3.9.8, no change needed * debian/rules - Send hardening CPPFLAGS to custom build tools -- Luigi Gangitano Tue, 10 May 2016 23:43:00 +0200 squid3 (3.5.17-1) unstable; urgency=high [ Amos Jeffries ] * New Upstream Release - Fixes security issue SQUID-2016:5 (CVE-2016-4051) - Fixes security issue SQUID-2016:6 (CVE-2016-4052, CVE-2016-4053, CVE-2016-4054) -- Luigi Gangitano Fri, 22 Apr 2016 14:43:00 +0200 squid3 (3.5.16-1) unstable; urgency=high [ Amos Jeffries ] * New Upstream Release - Fixes security issue SQUID-2016:3 (CVE-2016-3947) (Closes: #819783) - Fixes security issue SQUID-2016:4 (CVE-2016-3948) (Closes: #819784) * debian/patches/ - Remove patch included upstream -- Luigi Gangitano Sun, 03 Apr 2016 19:57:00 +0200 squid3 (3.5.15-1) unstable; urgency=high [ Amos Jeffries ] * New Upstream Release - Fixes security issues SQUID-2016:2 (CVE-2016-2569, CVE-2016-2570, CVE-2016-2571) (Closes: #816011) * debian/patches/03-upstream-bug4447.patch - add upstream patch for their bug #4447 [ Robie Basak ] * debian/control - Add lsb-release build dep. This is required for the --enable-build-info line in debian/rules to work correctly. * debian/squid.logrotate - Run sarg-reports if present before rotating logs. [ Luigi Gangitano ] * debian/control - Bumped Standards-Version to 3.9.7, no change needed -- Luigi Gangitano Tue, 01 Mar 2016 19:39:00 +0100 squid3 (3.5.14-1) unstable; urgency=medium [ Amos Jeffries ] * New Upstream Release (Closes: #812038) * debian/control - add Depends libdbi-perl (Closes: #807512) - Fixed lintian complaint about squid3 package description - Fixed Vcs-Git Header pointing anonscm.debian.org * debian/rules - build ext_time_quota_acl helper (LP: #1391159) * debian/squid.install - add missing helper man pages -- Luigi Gangitano Tue, 16 Feb 2016 23:14:00 +0100 squid3 (3.5.12-1ubuntu9) zesty; urgency=medium * SECURITY UPDATE: cookie data leak via If-Not-Modified HTTP conditional - debian/patches/CVE-2016-10002.patch: properly handle combination of If-Match and a Cache Hit in src/LogTags.h, src/client_side.cc, src/client_side_reply.cc, src/client_side_reply.h. - CVE-2016-10002 * SECURITY UPDATE: incorrect HTTP Request header comparison - debian/patches/CVE-2016-10003.patch: don't share private responses with collapsed client in src/client_side_reply.cc. - CVE-2016-10003 -- Marc Deslauriers Fri, 03 Feb 2017 13:07:31 -0500 squid3 (3.5.12-1ubuntu8) yakkety; urgency=medium * SECURITY UPDATE: denial of service via pinger and ICMPv6 packet - debian/patches/CVE-2016-3947.patch: fix sizes in src/icmp/Icmp6.cc. - CVE-2016-3947 * SECURITY UPDATE: denial of service and possible code execution via seeding manager reporter with crafted data - debian/patches/CVE-2016-4051.patch: use dynamic MemBuf for internal content generation in tools/cachemgr.cc, src/tests/stub_cbdata.cc, src/tests/stub_mem.cc, tools/Makefile.am. - CVE-2016-4051 * SECURITY UPDATE: denial of service or arbitrary code execution via crafted ESI responses - debian/patches/CVE-2016-4052.patch: perform bounds checking and remove asserts in src/esi/Esi.cc. - CVE-2016-4052 - CVE-2016-4053 - CVE-2016-4054 * SECURITY UPDATE: cache-poisoning attacks via an HTTP request with an absolute-URI - debian/patches/CVE-2016-4553.patch: properly handle condition in src/client_side.cc - CVE-2016-4553 * SECURITY UPDATE: same-origin bypass and cache-poisoning attack via crafted HTTP host header - debian/patches/CVE-2016-4554.patch: properly handle whitespace in src/mime_header.cc. - CVE-2016-4554 * SECURITY UPDATE: denial of service via ESI responses - debian/patches/CVE-2016-4555.patch: fix segfaults in src/client_side_request.cc, src/esi/Context.h, src/esi/Esi.cc. - CVE-2016-4555 - CVE-2016-4556 * debian/rules: include autoreconf.mk. * debian/control: add dh-autoreconf to BuildDepends. -- Marc Deslauriers Wed, 08 Jun 2016 08:05:32 -0400 squid3 (3.5.12-1ubuntu7.1) xenial; urgency=medium * Add Breaks on older ufw to fix upgrade path (LP: #1571174). -- Robie Basak Thu, 12 May 2016 11:03:06 +0000 squid3 (3.5.12-1ubuntu7) xenial; urgency=medium * Update apparmor profile to be correct for maas-proxy. -- LaMont Jones Tue, 12 Apr 2016 13:05:00 -0600 squid3 (3.5.12-1ubuntu6) xenial; urgency=medium * Attempt to migrate /var/log/squid3 -> /var/log/squid on upgrade. * Update apparmor profile for s/squid3/squid/ and /dev/shm access. -- Adam Conrad Sun, 03 Apr 2016 21:34:50 -0600 squid3 (3.5.12-1ubuntu5) xenial; urgency=medium * Use versioned Breaks/Replaces instead of an unversioned Conflicts, to further clean up the upgrade ordering. -- Steve Langasek Fri, 01 Apr 2016 21:05:38 +0000 squid3 (3.5.12-1ubuntu4) xenial; urgency=medium * Remove redundant version-guarded restart code from squid postinst, which doesn't do the right thing on Ubuntu upgrades. * Remove duplicated conffile handling from the squid3 dummy package with extreme prejudice. The conffile moving absolutely *must* be done exclusively in the squid package; trying to do it in the squid3 package causes pristine conffiles to be silently overwritten with any locally-modified version from the squid3 package, with hilarious effect. * Adjust squid.{pre,post}inst to trick dpkg-maintscript-helper into believing we had a previously installed version of this package even if we did not, which appears to be a requirement for mv_conffile to DTRT. This is certainly a dpkg bug that needs to be filed. * Move all Ubuntu-specific dpkg-maintscript-helper delta into debian/squid.maintscript for clarity/sanity. Among other things, this uncovers a bug where we're trying to call both mv_conffile and rm_conffile for /etc/init.d/squid3. * debian/squid3.{pre,post}inst: drop wrong short-circuiting of various invocations; we always want to call the debhelper block. * debian/squid3.postinst: don't try to stop squid3 again, this is redundant. * debian/squid3.postrm: don't rm -f conffiles in purge when dpkg already handles these. * Add missing pre-depends on adduser * Anchor the Conflicts/Replaces to the version of the package that introduced the name change in Ubuntu, to avoid upgrade ordering problems later. * Include upgrade migration handling for /var/spool/squid3 -> /var/spool/squid. This won't work if /var/spool/squid3 is a mount point, so fail gracefully, but leaving two full squid cache directories around after upgrade is a nuisance. * Remove empty /etc/squid3 dir on upgrade. * Clean up apparmor links for usr.sbin.squid3 on upgrade. We don't migrate these apparmor settings over, so at least don't leave stale links behind. -- Steve Langasek Thu, 31 Mar 2016 19:01:47 -0700 squid3 (3.5.12-1ubuntu3) xenial; urgency=medium * Revert last postinst change as it's buggy. * Remove /etc/init.d/squid3 from preinst on upgrade. -- Stéphane Graber Tue, 29 Mar 2016 22:46:16 -0400 squid3 (3.5.12-1ubuntu2) xenial; urgency=medium * debian/squid.postinst: Fix dist-upgrade of squid by detecting service name (/etc/init.d/squid vs. squid3). -- Ryan Harper Mon, 28 Mar 2016 11:20:35 -0500 squid3 (3.5.12-1ubuntu1) xenial; urgency=medium * Merge from Debian (LP: #1473691). Remaining changes: - Add dep8 tests. - Use snakeoil certificates. - Run sarg-reports if present before rotating logs - debian/patches/90-cf.data.ubuntu.dpatch: add an example refresh pattern for debs. - Add disabled by default AppArmor profile. Versioned dependency on init-system-helpers (>> 1.22ubuntu5) to ensure we have the apparmor-profile-load script at boot time. * Drop changes: - No longer needed: + Upstart job. + Dependency package for squid -> squid3: depcrecated; the transitional package now runs the other way. + Fix perl & pod2man config.tests. + fix-logical-not-parentheses-warning.patch. + fix-pod2name-pipe-failure.patch. + --disable-strict-error-checking to fix FTBFS. - NEWS.Debian: no longer relevant. - Hardening options: deprecated. - Add patch to show distribution: fixed in Debian (but see lsb-release B-D). - Enable parallel build: makes no difference to build time. - Force -O2 to work around build failure with -O3: presumed no longer needed. - Fixed upstream: + CVE-2014-3609.patch: confirmed fixed since 3.4.7 from upstream advisory. + Fix various ICMP handling issues in Squid pinger: confirmed fixed since 3.4.7 from upstream advisory. + fix-caching-vary-header.patch. + netfilter_fix.patch. * Drop Testsuite: header from dep8 tests: no longer required since dpkg-source >= 1.17.11 does it. * Revert "Set pidfile for systemd's sysv-generator" from Debian. systemd races the squid daemon for pidfile creation, causing systemd to consider the service start to have failed. Work around for now by not telling systemd to use the pidfile. * Add lsb-release build dep. This is required for the --enable-build-info line in debian/rules to work correctly. * Correctly rename conffiles migrated by Debian from squid3 to squid. * Remove conffile for old upstart job Ubuntu delta. * Rename Apparmor profile conffile. * Drop old transitional Apparmor code no longer required. * Adjust AppArmor profile for squid3->squid rename. * Drop versioned AppArmor dependency (transitional; no longer required). -- Robie Basak Thu, 25 Feb 2016 11:42:03 +0000 squid3 (3.5.12-1) unstable; urgency=medium [ Amos Jeffries ] * New Upstream Release * debian/squid.postinst - remove unneeded config edits for manager ACL (Closes: #801564) * debian/patches/ - add upstream patch to cleanup FATAL log messages [ Mathieu Parent ] * Fix FATAL parsing before start/reload/restart (Closes: #800341) * Set pidfile for systemd's sysv-generator (Closes: #800341) -- Luigi Gangitano Wed, 09 Dec 2015 19:03:47 +0100 squid3 (3.5.10-1) unstable; urgency=high [ Amos Jeffries ] * New Upstream Release (Closes: #799923, #800876) * debian/squid.rc - Grok pid_filename from squid.conf (Closes: #520736) - Update SELinux context when creating directories (Closes: #798827) [ Luigi Gangitano ] - Urgency high due to regression fix for CVE-2015-5400. -- Luigi Gangitano Mon, 05 Oct 2015 23:28:00 +0200 squid3 (3.5.7-1) unstable; urgency=medium [ Amos Jeffries ] * New upstream release (Closes: #789602, #793400, #253777) * debian/rules - Add BUILDCXXFLAGS to use hardening flags during build * debian/squid.links - Add symlink for squid3.8 man(8) page to resolve lintian issue * debian/squid.postinst - Remove unnecessary 'squid -z' (Closes: #794639) [ Luigi Gangitano ] * Rebuild using GCC-5 (Closes: #794536) * debian/squid.postinst - Check for squid3 initscript before we try to execute it * debian/squid.rc - Set working directory to /var/run/squid -- Luigi Gangitano Thu, 6 Aug 2015 01:14:00 +0200 squid3 (3.5.6-1) unstable; urgency=medium [ Amos Jeffries ] * New upstream release (Closes: #760303) - Fixed upstream macro issue that fail to pass reproducible builds test - Fixes CVE-2015-5400: Improper Protection of Alternate Path (Closes: #793128) * Removed deprecated MSNT and MSNT-multi-domain authentication helpers * Transition squid3 to squid - Renamed squid3 package to squid (Closes: #521053, #565555, #672156) (Closes: #294431, #569575, #714334, #279840, #576423, #779127) - Renamed squid3-common package to squid-common - Renamed squid3-dbg package to squid-dbg - Add dummy transitional package squid3 * debian/patches/ - Removed patches included upstream and refresh others * debian/squid3-cgi.dirs - Removed old unused packaging file * debian/control - Add dependency on libgnutls28-dev for squidclient HTTPS support [ Luigi Gangitano ] * debian/control - Changed dependency on libecap3-dev (Closes: #789774) - Made squid-common conflict and replace squid3-common - Fixed dependencies and sections of transitional packages * {NEWS,README}.Debian - Added information on package name migration -- Luigi Gangitano Wed, 22 Jul 2015 23:24:00 +0200 squid3 (3.4.8-6) unstable; urgency=medium [ Luigi Gangitano ] * debian/patches/31-squid-3.4-13199.patch - Added upstream patch fixing excessive CPU usage (Closes: #776461) * debian/patches/32-squid-3.4-13210.patch - Added upstream patch fixing excessive CPU and memory usage in NTLM and Negotiate authentication helpers (Closes: #776463) * debian/patches/33-squid-3.4-13211.patch - Added upstream patch fixing a possible replay vulnerability on Digest authentication (Closes: #776464) * debian/patches/34-squid-3.4-13213.patch - Added upstream patch fixing incorrect security permissions for TOS/DiffServ packet marking (Closes: #776468) * debian/patches/35-squid-3.4-13203.patch - Added upstream patch fixing squidclient unable to connect to host with both IPv4 and IPv6 addresses (Closes: #742425) -- Luigi Gangitano Wed, 28 Jan 2015 12:34:42 +0100 squid3 (3.4.8-5) unstable; urgency=medium [ Luigi Gangitano ] * debian/squid3.{pre,post}inst - Moved ACL manager fix to postinst (Closes: #773032) -- Luigi Gangitano Tue, 16 Dec 2014 13:43:03 +0100 squid3 (3.4.8-4) unstable; urgency=medium [ Luigi Gangitano ] * debian/squid3.preinst - Revert changes on abort-upgrade -- Luigi Gangitano Fri, 05 Dec 2014 10:44:02 +0100 squid3 (3.4.8-3) unstable; urgency=medium [ Amos Jeffries ] * debian/squid3.preinst - Remove obsolete manager ACL definition from squid.conf when upgrading squid3 package (Closes: #768170) [ Luigi Gangitano ] * debian/squid3.preinst - Fix configuration file only if needed and match any uncommented line -- Luigi Gangitano Fri, 5 Dec 2014 01:27:51 +0100 squid3 (3.4.8-2) unstable; urgency=medium [ Santiago Garcia Mantinan ] * Add patch to remove bashisms from cert_tool * Add manual page for squid-purge * Create run_dir needed for SMP with several workers to run. This fixes #710126 (Closes: #732183, #760400) * Use CONFIG instead of sq (Closes: #763867) * Remove find_cache_type and use grepconf (both functions were =). * Allow find_cache_dir and grepconf to have whitespace in the beginning (Closes: #761209) * Add config check before reload/restart, thanks Freddy (Closes: #728222) [ Amos Jeffries ] * debian/squid3.postinst - update grepconf to support SMP macros and sub-config files when locating cache_dir and effective user/group * debian/squid3.rc - remove special handling for obsolete COSS cache type - change grepconf to support SMP macros and sub-config files * debian/rules - add distribution details to squid -v display output this obsoletes the Ubuntu fix-distribution.patch * debian/control - bumped libecap dependency version to 0.2.0-2 * debian/squid3.resolvconf - added check on /usr availability before squid3 restart (Closes: #765476) [ Luigi Gangitano ] * debian/squid3.rc - Change config check to config parse on start/reload/restart * debian/control - Fixed XS-Vcs-Git Header pointing anonscm.debian.org -- Luigi Gangitano Wed, 29 Oct 2014 15:50:51 +0100 squid3 (3.4.8-1) unstable; urgency=high * Urgency high due to security fixes [ Amos Jeffries ] * New upstream release (Closes: #737008) - Fixes CVE-2014-6270: off by one in snmp subsystem (Closes: #761002) - Fixes CVE-2014-CVE-2014-7141 and CVE-214-7142 (Closes: #760999) + pinger remote DoS vulnerabilities - Fixes CVE-2014-0128: Denial of Service in SSL-Bump (Closes: #741312) * debian/patches/ - remove CVE-2014-3609.patch included upstream - remove 17-pod2man-check.patch obsoleted by new version - add upstream patch 21-squid-3.4-13176-memoryleak.patch: memory leak in external_acl_type helper with cache=0 or ttl=0 * debian/rules - add --disable-arch-native to build with portable CPU support * debian/control - libecap API support is specific to version 0.2.0 - use nettle for crypto library * debian/watch - updated watch pattern for upstream major series * debian/rules - Remove obsolete --enable-underscores (Closes: #693905) [ Luigi Gangitano ] * debian/patches/ - refreshed all patches to match 3.4.8 * debian/control - Added dependency for missing intepreter ksh - Bumped Standard-Version to 3.9.6, no change needed - Added XS-Vcs-Git Header pointing to Alioth repository -- Luigi Gangitano Fri, 17 Oct 2014 00:10:00 +1300 squid3 (3.3.8-1.2) unstable; urgency=high * Non-maintainer upload by the Security Team. * Add CVE-2014-3609.patch patch. CVE-2014-3609: Denial of Service in Range header processing. Ignore Range headers with unidentifiable byte-range values. If squid is unable to determine the byte value for ranges, treat the header as invalid. (Closes: #759509) -- Salvatore Bonaccorso Thu, 28 Aug 2014 18:03:47 +0200 squid3 (3.3.8-1.1) unstable; urgency=low * Non-maintainer upload. * Fix "FTBFS: cp: cannot stat '/«PKGBUILDDIR»/debian/tmp/usr/share/man/man8/basic_db_auth.8': No such file or directory": new patch 17-pod2man-check.patch: fix config.test files' check for perl and pod2man (Closes: #725599) -- gregor herrmann Sat, 23 Nov 2013 21:05:10 +0100 squid3 (3.3.8-1ubuntu17) xenial; urgency=medium * --disable-strict-error-checking to fix FTBFS due to auto_ptr defined in unique pointer headers. (LP: #1521234). -- Dimitri John Ledkov Mon, 30 Nov 2015 15:32:14 +0000 squid3 (3.3.8-1ubuntu16) wily; urgency=medium [ Tiago Stürmer Daitx ] * d/patches/fix-logical-not-parentheses-warning.patch: Fix warning for logical-not-parentheses which caused squid to FTBFS. (LP: #1496924) * d/patches/netfilter_fix.patch: Backported from Squid Bug #4323. (LP: #1496223) * d/patches/fix-pod2name-pipe-failure.patch: Add --name parameter to pod2man (LP: #1501566) * roll back build-dependency to libecap2-dev, this version of squid3 is not compatible with libecap3 and libecap3 transition has been rolled back for wily. -- Steve Langasek Fri, 09 Oct 2015 00:29:47 +0000 squid3 (3.3.8-1ubuntu15) wily; urgency=medium * Build-depend on libecap3-dev instead of libecap2-dev. -- Matthias Klose Wed, 02 Sep 2015 12:16:29 +0200 squid3 (3.3.8-1ubuntu14) vivid; urgency=medium * Add versioned dependency on init-system-helpers (>> 1.22ubuntu5) to ensure we have the apparmor-profile-load script at boot time. (LP: #1432683) -- Serge Hallyn Thu, 02 Apr 2015 11:12:27 -0500 squid3 (3.3.8-1ubuntu13) vivid; urgency=medium * d/squid3.prerm: Removed redundant upstart-only code. Equivalent operations are carried out by debhelper-generated code in a more generic manner. (LP: #1424508) -- Oleg Strikov Thu, 05 Mar 2015 14:24:33 +0300 squid3 (3.3.8-1ubuntu12) vivid; urgency=medium * debian/tests/testlib_httpd.py: Use "service" command instead of upstart specific ones, and simplify the logic. * debian/tests/testlib.py, check_exe(): Check /proc/pid/exe symlink instead of parsing cmdline; the latter has "(squid-1)" with the init.d script, and it's not really what we are interested in. -- Martin Pitt Fri, 06 Mar 2015 12:10:59 +0100 squid3 (3.3.8-1ubuntu11) vivid; urgency=medium * d/patches/fix-caching-vary-header.patch: Added upstream patch for the bug which prevented squid from caching responses with Vary header. (LP: #1336742) -- Oleg Strikov Wed, 04 Mar 2015 15:08:54 +0300 squid3 (3.3.8-1ubuntu10) vivid; urgency=medium [Jacek Nykis] * d/usr.sbin.squid3: Apparmor profile has been changed to allow child processes to run execvp(argv[0], [kidname, ...]). (LP: #1416039) -- Oleg Strikov Tue, 03 Mar 2015 18:18:20 +0300 squid3 (3.3.8-1ubuntu9) vivid; urgency=medium * Fix various ICMP handling issues in Squid pinger. (LP: #1384943) -- Jorge Niedbalski Tue, 18 Nov 2014 14:47:33 -0300 squid3 (3.3.8-1ubuntu8) utopic; urgency=medium * SECURITY UPDATE: Ignore Range headers with unidentifiable byte-range values - debian/patches/CVE-2014-3609.patch: adjust src/HttpHdrRange.cc to return an error if unable to determine the byte value for ranges - CVE-2014-3609 -- Jamie Strandboge Tue, 26 Aug 2014 13:51:07 -0500 squid3 (3.3.8-1ubuntu7) utopic; urgency=medium * Put back the init.d script, for compatibility with insserv. (LP: #1323274) -- Martin Pitt Mon, 26 May 2014 23:27:57 +0200 squid3 (3.3.8-1ubuntu6) trusty; urgency=medium * debian/rules: Force -O2 to work around build failure with -O3. -- Adam Conrad Mon, 17 Feb 2014 20:13:30 -0700 squid3 (3.3.8-1ubuntu5) trusty; urgency=low [ Yolanda Robla ] * debian/control: added lsb-release dependency * debian/patches/fix-distribution.patch: added patch to show distribution [ Dimitri John Ledkov ] * Enable parallel build -- Yolanda Robla Wed, 11 Dec 2013 10:51:45 +0000 squid3 (3.3.8-1ubuntu4) trusty; urgency=low * Fix perl & pod2man config.tests. -- Dmitrijs Ledkovs Mon, 04 Nov 2013 02:17:30 +0000 squid3 (3.3.8-1ubuntu3) saucy; urgency=low * d/tests/squid: Disable seccomp sandboxing in vsftpd until it works reliably (http://pad.lv/1219857), restart vsftpd using service command. -- James Page Mon, 02 Sep 2013 15:50:41 +0100 squid3 (3.3.8-1ubuntu2) saucy; urgency=low * d/usr.sbin.squid3: Update apparmor profile to allow pinger process to create and use ICMP ports for ipv4/ipv6. -- James Page Mon, 02 Sep 2013 11:06:54 +0100 squid3 (3.3.8-1ubuntu1) saucy; urgency=low * Merge from Debian unstable, remaining changes: + debian/control: - Update maintainer. - Suggests apparmor (>= 2.3) - Depends on ssl-cert ((>= 1.0-11ubuntu1), autopkgtests + debian/squid3.upstart - Move ulimit command to script section so that it applies to the started squid daemon. Thanks to Timur Irmatov (LP: 986159) - Work around squid not handling SIGHUP by adding respawn to upstart job. (LP: 978356) + debian/NEWS.Debian: Rename NEWS.debian, add note regarding squid3 transition in 12.04 (LP: 924739) + debian/rules - Re-enable all hardening options lost in the squid->squid3 transition (LP: 986314) + squid3.resolvconf, debian/squid3.postinst, debian/squid3.postrm, debian/squid3.preinst, debian/squid3.prerm: - Convert init script to upstart + debian/patches/99-ubuntu-ssl-cert-snakeoil: - Use snakeoil certificates. + debian/logrotate - Use sar-reports rather than sarg-maint. (LP: 26616) + debian/patches/90-cf.data.ubuntu.dpatch: - Add an example refresh pattern for debs. (foundations-lucid-local-report spec) + Add disabled by default AppArmor profile (LP: 497790) - debian/squid3.upstart: load profile in pre-start stanza - add debian/usr.sbin.squid3 profile - debian/rules: + install debian/usr.sbin.squid3, etc/apparmor.d/force-complain and etc/apparmor.d/disable into $(INSTALLDIR) + use dh_apparmor - debian/squid3.install: install etc/apparmor.d/disable, force-complain and usr.sbin.squid3 - debian/squid3.preinst: disable profile on clean install or upgrades from earlier than when we shipped the profile + debian/tests: - Add autopkgtests. * d/control: Add dependency package for squid -> squid3 (LP: #1211942). * d/control: Add dh-apparmor to BD's. -- James Page Wed, 14 Aug 2013 09:03:55 +0100 squid3 (3.3.8-1) unstable; urgency=high * Urgency high due to security fixes * New upstream release - Fixes security issues (Closes: #716743) + Buffer overflow in HTTP request handling (Ref: SQUID-2013:2, CVE-2013-4115) + DoS in request processing (Ref: SQUID-2013:3, CVE-2013-4123) - Includes PNG image used in error pages, with new copyright assignement (Closes: #683255) * Added /var/run/squid3 dir to host sockets in SMP configuration (Closes: #710126) * debian/control - Bumped Standard-Version to 3.9.4, no change needed -- Luigi Gangitano Sun, 21 Jul 2013 18:28:36 +0200 squid3 (3.3.4-1ubuntu1) saucy; urgency=low * Merge from Debian unstable (LP: #1199883). Remaining changes: + debian/control: - Update maintainer. - Suggests apparmor (>= 2.3) - Depends on ssl-cert ((>= 1.0-11ubuntu1), autopkgtests + debian/squid3.upstart - Move ulimit command to script section so that it applies to the started squid daemon. Thanks to Timur Irmatov (LP: 986159) - Work around squid not handling SIGHUP by adding respawn to upstart job. (LP: 978356) + debian/NEWS.Debian: Rename NEWS.debian, add note regarding squid3 transition in 12.04 (LP: 924739) + debian/rules - Re-enable all hardening options lost in the squid->squid3 transition (LP: 986314) + squid3.resolvconf, debian/squid3.postinst, debian/squid3.postrm, debian/squid3.preinst, debian/squid3.prerm: - Convert init script to upstart + debian/patches/99-ubuntu-ssl-cert-snakeoil: - Use snakeoil certificates. + debian/logrotate - Use sar-reports rather than sarg-maint. (LP: 26616) + debian/patches/90-cf.data.ubuntu.dpatch: - Add an example refresh pattern for debs. (foundations-lucid-local-report spec) + Add disabled by default AppArmor profile (LP: 497790) - debian/squid3.upstart: load profile in pre-start stanza - add debian/usr.sbin.squid3 profile - debian/rules: + install debian/usr.sbin.squid3, etc/apparmor.d/force-complain and etc/apparmor.d/disable into $(INSTALLDIR) + use dh_apparmor - debian/squid3.install: install etc/apparmor.d/disable, force-complain and usr.sbin.squid3 - debian/squid3.preinst: disable profile on clean install or upgrades from earlier than when we shipped the profile + debian/tests: - Add autopkgtests. * Dropped: - debian/patches: dropped patches, superseded by new release: + 98-CVE-2012-5643.patch + 99-lp1117517_r12473.patch - debian/rules: fix FTBFS, removed --with-cppunit-basedir flag, included in Debian. - debian/control: Dropped transitional packages from squid, no longer required. * Refreshed patches: - 01-cf.data.debian.patch - 02-makefile-defaults.patch - 15-cachemgr-default-config.patch * debian/tests/test-squid.py: fixed case problem with ftp test -- Yolanda Robla Wed, 10 Jul 2013 17:12:42 +0200 squid3 (3.3.4-1) unstable; urgency=low * New upstream release - Added support for SHA passwords in ncsa_auth (Closes: #652010) * debian/squid3.lintian-overrides - Added override for pinger setuid bin * debian/watch - Fixed pattern to skip the last dot * debian/rules - Removed reference to cppunit-basedir -- Luigi Gangitano Mon, 06 May 2013 16:46:33 +0200 squid3 (3.3.3-2) unstable; urgency=low I would like to thank Amos Jeffries for his help with this release. * debian/control - Added Build-Depend on pkg-config to solve FTBFS when ecap is enabled (Closes: #706025) - Fixed package descriptions - Added Build-Depend on libnetfilter-conntrack-dev - Added Suggests on winbindd for NTLM authentication * debian/patches/01-cf.data.debian.patch - Removed change to visible_hostname defaut value (Closes: #705983) - Fixed path of ntlm_auth helper in example * debian/rules - Removed --enable-arp-acl options obsoleted by --enable-eui - Fixed FTBFS on hurd due to missing netfilter support - Enabled Rock store type support - Added SETUID bit to pinger program * debian/watch - Fixed pattern to match all the released versions of 3.3 -- Luigi Gangitano Tue, 23 Apr 2013 15:38:39 +0200 squid3 (3.3.3-1) unstable; urgency=low * New upstream release (Closes: #694633, #701799, #702540) - Removed upstream patches + debian/patches/20-ipv6-fix + debian/patches/30-CVE-2012-5643-CVE-2013-0189.patch + debian/patches/fix-701123-regression-in-cachemgr.patch - Includes upstream fix for CVE-2009-0801 (Closes: #521052) - Includes upstream fix for rejection of benign request containing variants of double CR (Closes: #669148) * debian/control - Added dependency on libecap2-dev - Added squid-purge package * debian/source - Enabled ECAP support - Fixed configure invocation to match new syntax - Removed unneeded rename of helper man pages - Fixed list of helpers to build, adding fake agents (Closes: #644280) and negotiate wrapper (Closes: #656304) * debian/watch - Updated for 3.3 * debian/squid3.logrotate - Added check for existing binary in logrotate script (Closes: #703954) -- Luigi Gangitano Sun, 21 Apr 2013 23:51:11 +0200 squid3 (3.1.20-2.2) unstable; urgency=low * Non-maintainer upload. * Add fix-701123-regression-in-cachemgr.patch patch. Fix missing bits in the fix for CVE-2012-5643 and CVE-2013-0189 causing cachemgr.cgi crashing when authentication credentials are supplied. Thanks to Amos Jeffries (Closes: #701123) -- Salvatore Bonaccorso Sat, 23 Feb 2013 13:44:48 +0100 squid3 (3.1.20-2.1) unstable; urgency=high * Non-maintainer upload * Urgency high due to security fixes * debian/patches/30-CVE-2012-5643-CVE-2013-0189.patch - Added upstream fix for squid-cgi (cachemgr) memory leaks and denial of service vulnerability (Closes: #696187) -- Michael Stapelberg Tue, 05 Feb 2013 23:16:27 +0100 squid3 (3.1.20-2) unstable; urgency=low * debian/patches/20-ipv6-fix - Added upstream fix for squid not working when IPv6 is not loaded (Closes: #660489) -- Luigi Gangitano Thu, 06 Dec 2012 20:02:56 +0100 squid3 (3.1.20-1ubuntu7) saucy; urgency=low * debian/tests: Run ftp tests against local vsftpd instead of ftp.ubuntu.com. -- Yolanda Robla Mon, 17 Jun 2013 11:00:17 +0200 squid3 (3.1.20-1ubuntu6) saucy; urgency=low * debian/tests: Fix start/stop of squid3. -- Yolanda Robla Mon, 10 Jun 2013 10:30:33 +0200 squid3 (3.1.20-1ubuntu5) saucy; urgency=low * debian/rules: fix FTBFS, removed --with-cppunit-basedir flag -- Yolanda Robla Mon, 27 May 2013 14:50:11 +0200 squid3 (3.1.20-1ubuntu4) saucy; urgency=low * debian/tests: Add autopkgtest. -- Yolanda Mon, 27 May 2013 11:24:35 +0200 squid3 (3.1.20-1ubuntu3) raring-proposed; urgency=low * fix FTBFS with newer glibc (LP: #1117517) -- Jamie Strandboge Wed, 06 Feb 2013 11:37:29 -0600 squid3 (3.1.20-1ubuntu2) raring-proposed; urgency=low [ Seth Arnold ] * SECURITY UPDATE: denial of service via cachemgr.cgi insufficient input validation - debian/patches/98-CVE-2012-5643.patch: modify cachemgr.cc to properly free memory and handle input in chunks - Based on http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2012_1.patch - CVE-2012-5643 - CVE-2013-0189 -- Jamie Strandboge Wed, 06 Feb 2013 09:56:53 -0600 squid3 (3.1.20-1ubuntu1) quantal; urgency=low * Merge from Debian testing (LP: #1016560). Remaining changes: + debian/control: - Update maintainer. - Suggests apparmor (>= 2.3) - Depends on ssl-cert ((>= 1.0-11ubuntu1) - Add transitional dummy packages + debian/squid3.upstart - Move ulimit command to script section so that it applies to the started squid daemon. Thanks to Timur Irmatov (LP: 986159) - Work around squid not handling SIGHUP by adding respawn to upstart job. (LP: 978356) + debian/NEWS.Debian: Rename NEWS.debian, add note regarding squid3 transition in 12.04 (LP: 924739) + debian/rules - Re-enable all hardening options lost in the squid->squid3 transition (LP: 986314) + squid3.resolvconf, debian/squid3.postinst, debian/squid3.postrm, debian/squid3.preinst, debian/squid3.prerm: - Convert init script to upstart + debian/patches/99-ubuntu-ssl-cert-snakeoil: - Use snakeoil certificates. + debian/logrotate - Use sar-reports rather than sarg-maint. (LP: 26616) + debian/patches/90-cf.data.ubuntu.dpatch: - Add an example refresh pattern for debs. (foundations-lucid-local-report spec) + Add disabled by default AppArmor profile (LP: 497790) - debian/squid3.upstart: load profile in pre-start stanza - add debian/usr.sbin.squid3 profile - debian/rules: + install debian/usr.sbin.squid3, etc/apparmor.d/force-complain and etc/apparmor.d/disable into $(INSTALLDIR) + use dh_apparmor - debian/squid3.install: install etc/apparmor.d/disable, force-complain and usr.sbin.squid3 - debian/squid3.preinst: disable profile on clean install or upgrades from earlier than when we shipped the profile -- Stefan Bader Fri, 22 Jun 2012 14:18:00 +0200 squid3 (3.1.20-1) unstable; urgency=low * New upstream release * debian/control - Bumped Standard-Version to 3.9.3, no change needed - Added missing dependency on dpkg-dev (>= 1.16.1~) * debian/rules - Enabled hardening options (Closes: #669684) * debian/patches/01-cf.data.debian.patch - Fixed minor typos in configuration file (Closes: #670832, #673350) -- Luigi Gangitano Mon, 18 Jun 2012 14:20:53 +0200 squid3 (3.1.19-1ubuntu5) quantal; urgency=low * d/squid3.upstart: Work around squid not handling SIGHUP by adding respawn to upstart job. (LP: #978356) -- Clint Byrum Tue, 19 Jun 2012 15:35:19 -0700 squid3 (3.1.19-1ubuntu4) quantal; urgency=low * Add disabled by default AppArmor profile (LP: #497790) - debian/squid3.upstart: load profile in pre-start stanza - add debian/usr.sbin.squid3 profile - debian/rules: + install debian/usr.sbin.squid3, etc/apparmor.d/force-complain and etc/apparmor.d/disable into $(INSTALLDIR) + use dh_apparmor - debian/control: suggests apparmor (>= 2.3) - debian/squid3.install: install etc/apparmor.d/disable, force-complain and usr.sbin.squid3 - debian/squid3.preinst: disable profile on clean install or upgrades from earlier than when we shipped the profile -- Jamie Strandboge Wed, 13 Jun 2012 11:32:14 -0500 squid3 (3.1.19-1ubuntu3.1) quantal; urgency=low * debian/rules: re-enable all hardening options lost in the squid->squid3 transition (LP: #986314) * debian/squid3.upstart: move ulimit command to script section so that it applies to the started squid daemon. Thanks to Timur Irmatov (LP: #986159) -- Jamie Strandboge Wed, 13 Jun 2012 09:06:51 -0500 squid3 (3.1.19-1ubuntu2) precise; urgency=low * debian/NEWS.Debian: Rename NEWS.debian, add note regarding squid3 transition in 12.04 (LP: #924739) -- Adam Gandelman Thu, 12 Apr 2012 13:46:10 -0700 squid3 (3.1.19-1ubuntu1) precise; urgency=low * Merge from Debian testing. Remaining changes: + debian/control: - Update maintainer. + debian/squid3.upstart, debian/rules, squid3.resolvconf, debian/squid3.postinst, debian/squid3.postrm, debian/squid3.preinst, debian/squid3.prerm: Convert init script to upstart + debian/control, debian/patches/99-ubuntu-ssl-cert-snakeoil: Use snakeoil certificates. + debian/logrotate: Use sar-reports rather than sarg-maint. (LP: 26616) + debian/patches/90-cf.data.ubuntu.dpatch: Add an example refresh pattern for debs. (foundations-lucid-local-report spec) + Add transitional dummy packages * New upstream bugfix release fixes swap.state corruption, so squid will now start after a reboot. (LP: #930252) -- Christopher James Halse Rogers Tue, 21 Feb 2012 18:51:26 +1100 squid3 (3.1.19-1) unstable; urgency=low * New upstream release - Removed patch integrated upstream + 19-adaptation-compile * debian/rules - Enabled WCCPv2 support (Closes: #654877) -- Luigi Gangitano Tue, 07 Feb 2012 16:19:12 +0100 squid3 (3.1.18-1ubuntu1) precise; urgency=low [ Ubuntu Merge-o-Matic ] * Merge from Debian testing. Remaining changes: + debian/control: - Update maintainer. + debian/squid3.upstart, debian/rules, squid3.resolvconf, debian/squid3.postinst, debian/squid3.postrm, debian/squid3.preinst, debian/squid3.prerm: Convert init script to upstart + debian/control, debian/patches/99-ubuntu-ssl-cert-snakeoil: Use snakeoil certificates. + debian/logrotate: Use sar-reports rather than sarg-maint. (LP: #26616) + debian/patches/90-cf.data.ubuntu.dpatch: Add an example refresh pattern for debs. (foundations-lucid-local-report spec) + Add transitional dummy packages -- Chuck Short Mon, 30 Jan 2012 10:24:33 -0500 squid3 (3.1.18-1) unstable; urgency=low * New upstream release * debian/patches/19-adaptation-compile.patch - Added upstream patch to fix compile failure -- Luigi Gangitano Mon, 26 Dec 2011 22:04:28 +0100 squid3 (3.1.16-1ubuntu1) precise; urgency=low * Merge from Debian testing. Remaining changes: + debian/control: - Update maintainer. + debian/squid3.upstart, debian/rules, squid3.resolvconf, debian/squid3.postinst, debian/squid3.postrm, debian/squid3.preinst, debian/squid3.prerm: Convert init script to upstart + debian/control, debian/patches/99-ubuntu-ssl-cert-snakeoil: Use snakeoil certificates. + debian/logrotate: Use sar-reports rather than sarg-maint. (LP: #26616) + debian/patches/90-cf.data.ubuntu.dpatch: Add an example refresh pattern for debs. (foundations-lucid-local-report spec) + Add transitional dummy packages -- Chuck Short Mon, 19 Dec 2011 21:35:43 +0000 squid3 (3.1.16-1) unstable; urgency=low * New upstream release * Changed source format to 3.0 (quilt) * debian/squid3.rc - Added LSB compliant option to init script (Closes: #645780) Thanks to Fredrik Eriksson -- Luigi Gangitano Thu, 3 Nov 2011 13:37:17 +0100 squid3 (3.1.15-1ubuntu3) precise; urgency=low * debian/squid3.upstart: Properly return 0 from maxfds() if $SQUID_MAXFD is unset, else pre-start will fail as well. Also fix paths to config file. (LP: #891445) * debian/squid3.upstart: Modify to better reflect functionality of Debian's squid3.rc * debian/rules: Fix permissions on upstart job -- Adam Gandelman Wed, 16 Nov 2011 18:26:25 -0800 squid3 (3.1.15-1ubuntu2) precise; urgency=low * Fix spelling of squid-common transitional package name. * Remove meaningless self-conflicts. -- Colin Watson Fri, 11 Nov 2011 10:33:44 +0000 squid3 (3.1.15-1ubuntu1) precise; urgency=low * debian/control: + Update maintainer. * debian/squid3.upstart, debian/rules, squid3.resolvconf, debian/squid3.postinst, debian/squid3.postrm, debian/squid3.preinst, debian/squid3.prerm: Convert init script to upstart * debian/control, debian/patches/99-ubuntu-ssl-cert-snakeoil: Use snakeoil certificates. * debian/logrotate: Use sar-reports rather than sarg-maint. (LP: #26616) * debian/patches/90-cf.data.ubuntu.dpatch: Add an example refresh pattern for debs. (foundations-lucid-local-report spec) * Add transitional dummy packages. -- Chuck Short Thu, 10 Nov 2011 08:59:31 -0500 squid3 (3.1.15-1) unstable; urgency=high * Urgency high due to security fixes * New upstream release - Fixes DoS issue in Gopher client (Closes: #639755) (Ref: CVE-2011-3205, SQUID-2011:3) * debian/control - Removed hardcoded list of non-Linux architectures (Closes: #634765) -- Luigi Gangitano Fri, 02 Sep 2011 13:33:41 +0200 squid3 (3.1.14-1) unstable; urgency=low * New upstream release - Fixes FTBFS with GCC 4.6 (Closes: #625405) - Fixes issue with IPv4/IPv6 DNS resolution (Closes: #604566) - Fixes issue with IPv6 resolution in access.log (Closes: #604832) * debian/control - Bumped Standard-Version to 3.9.2, no change needed * debian/squid.rc - Fixed init script preventing alterate cache dir from being created (Closes: #623935) -- Luigi Gangitano Sat, 09 Jul 2011 17:58:46 +0200 squid3 (3.1.12-1) unstable; urgency=low * New upstream release - Removed patch integrated upstream + 18-gcc-4.5-fix - Rebuild against libdb5.1 (Closes: #621453) * debian/control - Remove article at start of synopsis, to make lintian happy -- Luigi Gangitano Mon, 11 Apr 2011 18:47:02 +0200 squid3 (3.1.11-1) unstable; urgency=low * New upstream release * debian/patches/18-gcc-4.5-fix - Added upstream fix for gcc 4.5 building (Closes: #613153) -- Luigi Gangitano Tue, 15 Feb 2011 01:46:19 +0100 squid3 (3.1.10-1) unstable; urgency=low * New upstream release (Closes: #609881) - Removed patches integrated upstream + 16-CVE-2010-3072 + 17-CVE-2010-2951 - Fixes TCP DNS lookups failure on IPv6-disabled systems (Closes: #607379) - Fixes HTTPS not working if IPv6 is disabled (Closes: #594713) * debian/rules - Enable ZPH feature (Closes: #597687) * debian/squid3.ufw.profile - Added UFW profile, thanks to Alessio Treglia (Closes: #605088) * debian/control - Added versioned dependency on squid-langpack -- Luigi Gangitano Fri, 21 Jan 2011 18:43:56 +0100 squid3 (3.1.6-1.2) unstable; urgency=low * Non-maintainer upload. * Fix DoS while processing large DNS replies with no IPv6 resolver present (CVE-2010-2951) (Closes: #599709) -- Ben Hutchings Sat, 30 Oct 2010 17:00:55 +0200 squid3 (3.1.6-1.1) unstable; urgency=high * Non-maintainer upload by the security team * Fix DoS due to wrong string handling (Closes: #596086) Fixes: CVE-2010-3072 -- Steffen Joeris Mon, 13 Sep 2010 17:07:51 +1000 squid3 (3.1.6-1) unstable; urgency=low * New upstream release * debian/rules - Removed now-default --enable-ipv6 option * debian/control - Bumped Standard-Version to 3.9.1, no change needed * debian/patches/01-cf.data.pre - Updated to match new upstream default IPv6 configuration -- Luigi Gangitano Mon, 09 Aug 2010 00:59:26 +0200 squid3 (3.1.5-2) unstable; urgency=low * debian/control - Added build dependency on libltdl-dev fixing FTBFS on most archs -- Luigi Gangitano Wed, 07 Jul 2010 15:21:06 +0200 squid3 (3.1.5-1) unstable; urgency=low * New upstream release * debian/control - Bumped Standard-Version to 3.9.0 -- Luigi Gangitano Tue, 06 Jul 2010 23:26:26 +0200 squid3 (3.1.4-1) unstable; urgency=low * New upstream release - Fixes several issues with IPv6 socket handling (Closes: #581901, #584223) - Fixes assertion in comm.cc (Closes: #572368) -- Luigi Gangitano Fri, 04 Jun 2010 14:49:32 +0200 squid3 (3.1.3-2) unstable; urgency=low * debian/rules - Actually enable IPv6 (how did I miss this?) -- Luigi Gangitano Tue, 04 May 2010 11:15:49 +0200 squid3 (3.1.3-1) unstable; urgency=low * New upstream release - Fix incorrect behaviour of --enable-ipv6 (Closes: #578047) - Removed patches integrated upstream + 14-kfreebsd-compile -- Luigi Gangitano Sun, 02 May 2010 19:31:38 +0200 squid3 (3.1.1-3) unstable; urgency=low * debian/{squid3.install,rules} - Install documented version of squid.conf as file, not directory (Closes: #577615) -- Luigi Gangitano Thu, 15 Apr 2010 11:14:08 +0200 squid3 (3.1.1-2) unstable; urgency=low * debian/watch - Updated pattern to match 3.1 releases * debian/control - Excluded dependency on libcap2-dev on kfreebsd * debian/patches/14-kfreebsd-compile - Added patch to enable kfreebsd compilato, thanks to Petr Salinger (Closes: #576952) * debian/{rules,control,squid-cgi.install} - Rename squid3-cgi package to squid-cgi (Closes: #489061) * debian/patches/15-cachemgr-default-config - Fix squid-cgi default configuration file path * debian/source/format - Added format specification file, still with 1.0 version -- Luigi Gangitano Mon, 12 Apr 2010 11:49:01 +0200 squid3 (3.1.1-1) unstable; urgency=low * New upstream release * debian/control - Bumped Standard-Version to 3.8.4, no change needed -- Luigi Gangitano Thu, 01 Apr 2010 00:33:21 +0200 squid3 (3.1.0.18-1) UNRELEASED; urgency=low * New upstream release * debian/rules - Fix wrong resolvconf directory (Closes: #565652) -- Luigi Gangitano Mon, 15 Mar 2010 19:35:50 +0100 squid3 (3.1.0.17-1) UNRELEASED; urgency=low * New upstream release, fixes - Remote Denial of Service issue in HTCP (Closes: #572554) (Ref: SQUID-2010:2 CVE-2010-0639) -- Luigi Gangitano Fri, 12 Mar 2010 15:41:00 +0100 squid3 (3.1.0.16-1) experimental; urgency=low * New upstream release - Adds client_ip_max_connection to avoid DoS under Slowloris attack (Ref: TEMP-0533661-009115 Closes: #533664) - Handle DNS header-only packets as invalid (Ref: SQUID-2010:1 CVE-2010-0308) - Fixes memory filling during file download (Closes: #562012) -- Luigi Gangitano Wed, 10 Feb 2010 18:53:36 +0100 squid3 (3.1.0.15-1) experimental; urgency=low * New upstream release - Fixes assertion failures on malformed Content-Range response headers (Closes: #541032) * debian/README.Debian - Fixed reference to RELEASENOTES.html (Closes: #561007) * debian/README.source - Added directions on source handling * debian/control - Remove duplicated informations that can be inherited from source stanza - Added autotools-dev build-dependency to enable cdbs fix for ancient helper files -- Luigi Gangitano Thu, 14 Jan 2010 22:44:13 +0100 squid3 (3.1.0.14-2) experimental; urgency=low * debian/rules - Enable ESI support (Closes: #506241) * debian/control - Add Build-Dep on libexpat1-dev and libxml2-dev, needed by ESI support -- Luigi Gangitano Tue, 29 Sep 2009 19:55:23 +0200 squid3 (3.1.0.14-1) experimental; urgency=low * New upstream release - Fixes FTBFS in GNU/kFreeBSD (Closes: #545965) - Fixes incorrect handling of IMS (Closes: #499379) * debian/patches/01-cf.data.debian - Updated to match new upstream -- Luigi Gangitano Tue, 29 Sep 2009 19:31:16 +0200 squid3 (3.1.0.13-2) experimental; urgency=low * debian/rules - Disable language files generation - Do not clean libcppunit that is not shipped with squid anymore * debian/control - Removed dependency on sharutils - Added dependency on libcap2, will enable TPROXY support (Closes: 398970) - Fixed squid3-common description, no more error pages * debian/squidclient.1 - Removed man page integrated upstream * debian/squid3.rc - Removed obsolete -D option * debian/patches/01-cf.data.debian - Added ::1 to localhost definition in ACLs -- Luigi Gangitano Fri, 25 Sep 2009 23:02:40 +0200 squid3 (3.1.0.13-1) experimental; urgency=low * Upload to experimental * New upstream release - Fixes Follow-X-Forwarded-For support (Closes: #523943) - Adds IPv6 support (Closes: #432351) * debian/rules - Removed obsolete configuration options - Enable db and radius basic authentication modules * debian/patches/01-cf.data.debian - Adapted to new upstream version * debian/patches/02-makefile-defaults - Adapted to new upstream version * debian/{squid.postinst,squid.rc,README.Debian,watch} - Updated references to squid 3.1 * debian/squid3.install - Install CSS file for error pages - Install manual pages for new authentication modules * debian/squid3-common.install - Install documented version of configuration file in /usr/share/doc/squid3 -- Luigi Gangitano Thu, 24 Sep 2009 14:51:06 +0200 squid3 (3.0.STABLE19-1) unstable; urgency=low * New upstream release - Fixes DoS in exthernal auth header parser (Ref: CVE-2009-2855) * debian/squid.rc - Fixed dependencies in init.d script, thanks to Petter Reinholdtsen (Closes: #546362) * debian/control - Bumped Standard-Version to 3.8.3, no change needed -- Luigi Gangitano Sun, 20 Sep 2009 01:33:00 +0200 squid3 (3.0.STABLE18-1) unstable; urgency=high * New upstream release - Removed patches integrated upstream + 12-gcc44-fixes + 13-signed-unsigned-fixes + SQUID-2009-2 * debian/rules - Enable ARP ACLs (Closes: #538023) - Enable SNMP support (Closes: #537187) * debian/control - Fix dependency for squid3-dbg on squid3 =${binary:Version} - Added dependency of squid3-dbg on ${misc:Depends} * debian/squid3-common.postinst - Added DEBHELPER placeholder -- Luigi Gangitano Sun, 09 Aug 2009 00:28:56 +0200 squid3 (3.0.STABLE16-2.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix multiple possible denial of service vectors in the processing of requests or responses (SQUID-2009-2; CVE-2009-2622; CVE-2009-2621; 12-SQUID-2009_2.dpatch). -- Nico Golde Tue, 04 Aug 2009 21:56:36 +0200 squid3 (3.0.STABLE16-2) unstable; urgency=low * debian/patches/13-signed-unsigned-fixes - Added upstream patch fixing build errors on 64-bit archs (Closes: #536588) * debian/README.Debian - Removed instability notice of development version * debian/control - Fixed squid3-dbg section and priority to match archive override -- Luigi Gangitano Sat, 11 Jul 2009 13:46:45 +0200 squid3 (3.0.STABLE16-1) unstable; urgency=low * New upstream release * debian/patches/12-gcc44-fixes - Added upstream patch fixing build erros with GCC 4.4 (Closes: #526672) * debian/control - Bumped Standard-Version to 3.8.2, no change needed * debian/NEWS.Debian - Fixed format of NEWS.Debian (double space at start) -- Luigi Gangitano Tue, 07 Jul 2009 18:56:41 +0200 squid3 (3.0.STABLE15-1) unstable; urgency=low * New upstream release - Fixes wrong reference to digest_pw_auth (Closes: #517528) * debian/{control,squid3-common.{install,postinst,links},NEWS.Debian} - Added dependency on squid-langpack, linked error directory to /usr/share/squid-langpack (Closes: #497283) - Added a notice in NEWS.Debian on customized error_directory settings * debian/patches/01-cf.data.debian - Adapted to new upstream version * debian/control - Added debug package to help bug reports - Added dependency on libkrb5-dev and comerr-dev * debian/squid3.resolvconf - Use invoke-rc.d instead of directly calling init script * debian/rules - Added missing --with-large-files configure option (Closes: #534888) - Enabled Kerberos Negotiate Auth support (Closes: #532064) * debian/copyright - Fixed copyright to reflect current sources, thanks to Amos Jeffries (Closes: #524601) * debian/squid3.rc - Added reference to config file at startup (Closes: #517529) * debian/squid3.postinst - Removed path from command invocation and make lintian happy -- Luigi Gangitano Mon, 6 May 2009 13:29:10 +0200 squid3 (3.0.STABLE13-1) unstable; urgency=low * New upstream release - Removed patches integrated upstream + 10-mgr_active_requests + 11-SQUID-2009-1 * debian/patches/02-makefile-defaults - Removed cachemgr configuration file fix integrated upstream * debian/rules - Disable support for coss witch is marked as unstable upstream -- Luigi Gangitano Mon, 16 Feb 2009 16:18:30 +0100 squid3 (3.0.STABLE8-3) unstable; urgency=high * Urgency high due to security fixes * debian/patches/11-SQUID-2009-1 - Added upstream patch fixing Denial of Service in request processing (Ref: SQUID-2009-1, CVE: TBA) -- Luigi Gangitano Fri, 06 Feb 2009 20:23:57 +0100 squid3 (3.0.STABLE8-2) unstable; urgency=low * debian/squid3.postinst - Fixed non-POSIX option to chown (Closes: #491701) * debian/rules - Removed obsoleted configure options (Closes: 511272) - Added --enable-follow-x-forwarded-for configure option * debian/control - Added dependency on ${misc:Depends} to make lintian happy * debian/squid3.postinst - Removed path from squid3 invocation to make lintian happy * debian/control - Bumped Standard-Version to 3.8.0, no change needed -- Luigi Gangitano Fri, 9 Jan 2009 00:02:48 +0200 squid3 (3.0.STABLE8-1) unstable; urgency=high * Urgency high to meet freeze deadline * New upstream release * debian/patches/10-mgr_active_requests - Added upstream patch fixing delay_pool reporting in cachemgr.cgi -- Luigi Gangitano Mon, 21 Jul 2008 09:20:31 +0200 squid3 (3.0.STABLE7-1) unstable; urgency=low * New upstream release -- Luigi Gangitano Sat, 05 Jul 2008 21:24:36 +0200 squid3 (3.0.STABLE6-2) unstable; urgency=low * debian/control - Fixed suggestion on squidclient package -- Luigi Gangitano Sun, 01 Jun 2008 05:48:22 +0200 squid3 (3.0.STABLE6-1) unstable; urgency=low * New upstream release (Closes: #478695) * debian/squid3.rc - Added automatic coss file creation (Closes: #478108) - Removed default blocking logging to syslog - Added parsing of /etc/default/squid3 for SQUID_ARGS override * debian/{rules,control,squidclient.install,squidclient.1} - Rename squid3-client package to squidclient (Closes: #473876) - Added squidclient man page from old squid package -- Luigi Gangitano Sun, 01 Jun 2008 02:43:42 +0200 squid3 (3.0.STABLE5-1) UNRELEASED; urgency=low * New upstream release (Closes: #478695) -- Luigi Gangitano Sat, 03 May 2008 18:39:36 +0200 squid3 (3.0.STABLE4-1) unstable; urgency=low * New upstream release -- Luigi Gangitano Thu, 03 Apr 2008 01:34:07 +0200 squid3 (3.0.STABLE2-1) unstable; urgency=low * New upstream release (Closes: #470641) * debian/rules - Fixed bashism (Closes: #468567) * debian/control - Fixed description, remove instability notice (Closes: #463347) * debian/squid.rc - Raise max open filedescriptor limit to match build time limit at 65535 (Closes: #470605, #470607) -- Luigi Gangitano Wed, 12 Mar 2008 13:52:21 +0100 squid3 (3.0.STABLE1-2) unstable; urgency=low * debian/rules - Fixed --with-large-files option to ./configure (Closes: #459306) - Added null storio option (Closes: #456889) -- Luigi Gangitano Tue, 11 Jan 2008 14:09:45 +0100 squid3 (3.0.STABLE1-1) unstable; urgency=low * New upstream release - Updated debian/watch (Closes: #456470) - Removed patches integrated upstream + 08-resume-http + 09-dos-cache-update * debian/control - Bumped Standard-Version to 3.7.3 (no change needed) - Added Homepage field * debian/patches/01-cf.data.debian - Adapted to new upstream version (remove default accesso to RFC1918 addresses) * debian/squid3.{preinst,postinst,prerm,postrm} - Added debhelper token -- Luigi Gangitano Mon, 17 Dec 2007 11:36:57 +0100 squid3 (3.0.RC1-3) unstable; urgency=high * Urgency high due to security fixes * debian/patches/09-dos-cache-update - Added upstream patch fixing DoS in cache update reply processing (Ref: CVE-2007-6239, SQUID-2007:2) -- Luigi Gangitano Fri, 7 Dec 2007 16:30:39 +0100 squid3 (3.0.RC1-2) unstable; urgency=low * debian/patches/08-resume-http.dpatch - Added upstream patch fixing failure to resume downloads -- Luigi Gangitano Mon, 15 Oct 2007 02:43:44 +0200 squid3 (3.0.RC1-1) unstable; urgency=low * New upstream release - Updated debian watch * debian/patches/01-cf.data.debian - Updated to match upstream changes * debian/control - Updated Build-Depends to libdb 4.6 - Removed dependency on essential package coreutils - Fixed dependency on virtual package httpd -- Luigi Gangitano Sun, 14 Oct 2007 16:07:28 +0200 squid3 (3.0.PRE7-1) unstable; urgency=low * New upstream release - Fixed assertion failure when receiving TCP_RESET (Closes: #435887) - Removed patches integrated upstream: + debian/patches/05-helpers-typo + debian/patches/06-mem-obj-reference + debian/patches/07-close-icap-connections * debian/patches/01-cf.data.debian - Removed upstream-integrated patches * debian/rules - Enabled build time default user configuration -- Luigi Gangitano Fri, 31 Aug 2007 18:05:13 +0200 squid3 (3.0.PRE6-2) unstable; urgency=low * debian/control - Make package binNMU safe (Closes: #432981) * debian/rules - Enabled diskd (Closes: #434621) - Removed --enable-diskio option (Closes: #435230) -- Luigi Gangitano Sun, 13 May 2007 19:13:03 +0200 squid3 (3.0.PRE6-1) unstable; urgency=low * New upstream release - Removed patches integrated upsteam: + 04-m68k-ftbfs * debian/rules - Enable delay pools (Closes: #410785) - Enable cache digests (Closes: #416631) - Enable ICAP client - Raised Max Filedescriptor limit to 65536 * debian/control - Added real package dependency for httpd in squid3-cgi * debian/patches/02-makefile-defaults - Fix default configuration file for cachemgr.cgi (Closes: #416630) * debian/squid3.postinst - Fixed bashish in postinst (Closes: #411797) * debian/patches/05-helpers-typo - Added upstream patch fixing compilation error in src/helpers.cc * debian/patches/06-mem-obj-reference - Added upstream patch fixing a mem_obj reference in src/store.cc * debian/patches/07-close-icap-connections - Added upstream patch fixing icap connection starvation * debian/squid3.rc - Added LSB-compliant description to rc script -- Luigi Gangitano Sun, 13 May 2007 16:03:16 +0200 squid3 (3.0.PRE5-5) unstable; urgency=low * debian/control - Revert dependency on libsasl2-2-dev to libsasl2-dev (Closes: #401292) -- Luigi Gangitano Thu, 30 Nov 2006 16:27:26 +0100 squid3 (3.0.PRE5-4) unstable; urgency=low * debian/{rules,squid3-client.install} - Fix path for squid3client (Closes: #400893) -- Luigi Gangitano Thu, 30 Nov 2006 15:32:53 +0100 squid3 (3.0.PRE5-3) unstable; urgency=low * debian/rules - Use the right patch for specific options on GNU/kFreeBSD (Closes: #397829) -- Luigi Gangitano Sat, 11 Nov 2006 10:32:06 +0100 squid3 (3.0.PRE5-2) unstable; urgency=low * debian/rules - Added architecture specific configure options to fix FTBFS on GNU/KFreeBSD (Closes: #397829) * debian/control - Updated Build-Depend to libsasl2-2-dev -- Luigi Gangitano Sat, 11 Nov 2006 00:33:31 +0100 squid3 (3.0.PRE5-1) unstable; urgency=low * New upstream release - Includes fix for FTBFS with GCC 4.2 (Closes: #379969) - Removed upstream-integrated patches: + 03-upstream-md5-byteswap * debian/patches/04-m68k-ftbfs.dpathc - Added patch to fix FTBFS on m68k due to missing parenthesis (Closes: #394220) * debian/control - Added Build-Dep on libcppunit-dev - Updated Build-Dep to libdb4.4-dev * debian/rules - Added usage of already compiled libcppunit, reducing build time -- Luigi Gangitano Thu, 9 Nov 2006 15:42:43 +0100 squid3 (3.0.PRE4-5) unstable; urgency=low * debian/rules - Fixed typo in configure options (--with-filedescriptors) - Added missing transparent proxy options -- Luigi Gangitano Thu, 20 Jul 2006 15:03:07 +0200 squid3 (3.0.PRE4-4) unstable; urgency=low * debian/control - Removed dependency on webmin-squid for squid-cgi * debian/rules - Removed bashism (Closes: #377952) -- Luigi Gangitano Wed, 12 Jul 2006 15:56:01 +0200 squid3 (3.0.PRE4-3) unstable; urgency=low * debian/patches/03-upstream-md5-byteswap.dpatch - Added upstream patch to fix FTBFS on BIGENDIAN architectures (Closes: #377596) -- Luigi Gangitano Mon, 10 Jul 2006 18:06:06 +0200 squid3 (3.0.PRE4-2) unstable; urgency=low * debian/copyright - Added text from CREDITS with copyright and licences for all the components included in squid -- Luigi Gangitano Mon, 10 Jul 2006 00:46:10 +0200 squid3 (3.0.PRE4-1) unstable; urgency=low * New upstream release * debian/rules - Revorked to build packages that can be installed side-by-side with the squid 2.x packages. * debian/control - Added dependency on dpatch -- Luigi Gangitano Mon, 3 Jul 2006 16:47:43 +0200 squid3 (3.0.PRE3.20060422-2) unstable; urgency=low * debian/control - Added missing Build-Depends on libsasl2-dev -- Luigi Gangitano Wed, 14 Jun 2006 15:31:34 +0200 squid3 (3.0.PRE3.20060422-1) unstable; urgency=low * First package attempt -- Luigi Gangitano Sat, 22 Apr 2006 01:19:36 +0200