Accepted squid3 3.4.8-4~bpo70+1 (source all i386) into wheezy-backports->backports-policy, wheezy-backports
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 12 Dec 2014 17:37:26 +0100
Source: squid3
Binary: squid3 squid3-dbg squid3-common squidclient squid-cgi squid-purge
Architecture: source all i386
Version: 3.4.8-4~bpo70+1
Distribution: wheezy-backports
Urgency: high
Maintainer: Luigi Gangitano <luigi@debian.org>
Changed-By: Luigi Gangitano <luigi@debian.org>
Description:
squid-cgi - Full featured Web Proxy cache (HTTP proxy) - control CGI
squid-purge - Full featured Web Proxy cache (HTTP proxy) - control utility
squid3 - Full featured Web Proxy cache (HTTP proxy)
squid3-common - Full featured Web Proxy cache (HTTP proxy) - common files
squid3-dbg - Full featured Web Proxy cache (HTTP proxy) - Debug symbols
squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility
Closes: 521052 644280 652010 656304 669148 683255 693905 694633 701799 702540 703954 705983 706025 710126 716743 725599 728222 732183 737008 741312 759509 760400 760999 761002 761209 763867 765476 768170
Changes:
squid3 (3.4.8-4~bpo70+1) wheezy-backports; urgency=medium
.
* Rebuild for wheezy-backports.
.
squid3 (3.4.8-4) unstable; urgency=medium
.
[ Luigi Gangitano <luigi@debian.org> ]
* debian/squid3.preinst
- Revert changes on abort-upgrade
.
squid3 (3.4.8-3) unstable; urgency=medium
.
[ Amos Jeffries <amosjeffries@squid-cache.org> ]
* debian/squid3.preinst
- Remove obsolete manager ACL definition from squid.conf
when upgrading squid3 package (Closes: #768170)
.
.
[ Luigi Gangitano <luigi@debian.org> ]
* debian/squid3.preinst
- Fix configuration file only if needed and match any uncommented line
.
squid3 (3.4.8-2) unstable; urgency=medium
.
[ Santiago Garcia Mantinan <manty@debian.org> ]
* Add patch to remove bashisms from cert_tool
* Add manual page for squid-purge
* Create run_dir needed for SMP with several workers to run. This
fixes #710126 (Closes: #732183, #760400)
* Use CONFIG instead of sq (Closes: #763867)
* Remove find_cache_type and use grepconf (both functions were =).
* Allow find_cache_dir and grepconf to have whitespace in the beginning
(Closes: #761209)
* Add config check before reload/restart, thanks Freddy (Closes: #728222)
.
[ Amos Jeffries <amosjeffries@squid-cache.org> ]
* debian/squid3.postinst
- update grepconf to support SMP macros and sub-config files
when locating cache_dir and effective user/group
.
* debian/squid3.rc
- remove special handling for obsolete COSS cache type
- change grepconf to support SMP macros and sub-config files
.
* debian/rules
- add distribution details to squid -v display output
this obsoletes the Ubuntu fix-distribution.patch
.
* debian/control
- bumped libecap dependency version to 0.2.0-2
.
* debian/squid3.resolvconf
- added check on /usr availability before squid3 restart (Closes: #765476)
.
[ Luigi Gangitano <luigi@debian.org> ]
* debian/squid3.rc
- Change config check to config parse on start/reload/restart
.
* debian/control
- Fixed XS-Vcs-Git Header pointing anonscm.debian.org
.
squid3 (3.4.8-1) unstable; urgency=high
.
* Urgency high due to security fixes
.
[ Amos Jeffries <amosjeffries@squid-cache.org> ]
* New upstream release (Closes: #737008)
- Fixes CVE-2014-6270: off by one in snmp subsystem (Closes: #761002)
- Fixes CVE-2014-CVE-2014-7141 and CVE-214-7142 (Closes: #760999)
+ pinger remote DoS vulnerabilities
- Fixes CVE-2014-0128: Denial of Service in SSL-Bump (Closes: #741312)
.
* debian/patches/
- remove CVE-2014-3609.patch included upstream
- remove 17-pod2man-check.patch obsoleted by new version
- add upstream patch 21-squid-3.4-13176-memoryleak.patch:
memory leak in external_acl_type helper with cache=0 or ttl=0
.
* debian/rules
- add --disable-arch-native to build with portable CPU support
.
* debian/control
- libecap API support is specific to version 0.2.0
- use nettle for crypto library
.
* debian/watch
- updated watch pattern for upstream major series
.
* debian/rules
- Remove obsolete --enable-underscores (Closes: #693905)
.
[ Luigi Gangitano <luigi@debian.org> ]
* debian/patches/
- refreshed all patches to match 3.4.8
.
* debian/control
- Added dependency for missing intepreter ksh
- Bumped Standard-Version to 3.9.6, no change needed
- Added XS-Vcs-Git Header pointing to Alioth repository
.
squid3 (3.3.8-1.2) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Add CVE-2014-3609.patch patch.
CVE-2014-3609: Denial of Service in Range header processing.
Ignore Range headers with unidentifiable byte-range values. If squid is
unable to determine the byte value for ranges, treat the header as
invalid. (Closes: #759509)
.
squid3 (3.3.8-1.1) unstable; urgency=low
.
* Non-maintainer upload.
* Fix "FTBFS: cp: cannot stat
'/«PKGBUILDDIR»/debian/tmp/usr/share/man/man8/basic_db_auth.8': No
such file or directory":
new patch 17-pod2man-check.patch:
fix config.test files' check for perl and pod2man
(Closes: #725599)
.
squid3 (3.3.8-1) unstable; urgency=high
.
* Urgency high due to security fixes
.
* New upstream release
- Fixes security issues (Closes: #716743)
+ Buffer overflow in HTTP request handling (Ref: SQUID-2013:2,
CVE-2013-4115)
+ DoS in request processing (Ref: SQUID-2013:3, CVE-2013-4123)
- Includes PNG image used in error pages, with new copyright assignement
(Closes: #683255)
.
* Added /var/run/squid3 dir to host sockets in SMP configuration
(Closes: #710126)
.
* debian/control
- Bumped Standard-Version to 3.9.4, no change needed
.
squid3 (3.3.4-1) unstable; urgency=low
.
* New upstream release
- Added support for SHA passwords in ncsa_auth (Closes: #652010)
.
* debian/squid3.lintian-overrides
- Added override for pinger setuid bin
.
* debian/watch
- Fixed pattern to skip the last dot
.
* debian/rules
- Removed reference to cppunit-basedir
.
squid3 (3.3.3-2) unstable; urgency=low
.
I would like to thank Amos Jeffries <squid3@treenet.co.nz> for his help
with this release.
.
* debian/control
- Added Build-Depend on pkg-config to solve FTBFS when ecap is enabled
(Closes: #706025)
- Fixed package descriptions
- Added Build-Depend on libnetfilter-conntrack-dev
- Added Suggests on winbindd for NTLM authentication
.
* debian/patches/01-cf.data.debian.patch
- Removed change to visible_hostname defaut value (Closes: #705983)
- Fixed path of ntlm_auth helper in example
.
* debian/rules
- Removed --enable-arp-acl options obsoleted by --enable-eui
- Fixed FTBFS on hurd due to missing netfilter support
- Enabled Rock store type support
- Added SETUID bit to pinger program
.
* debian/watch
- Fixed pattern to match all the released versions of 3.3
.
squid3 (3.3.3-1) unstable; urgency=low
.
* New upstream release (Closes: #694633, #701799, #702540)
- Removed upstream patches
+ debian/patches/20-ipv6-fix
+ debian/patches/30-CVE-2012-5643-CVE-2013-0189.patch
+ debian/patches/fix-701123-regression-in-cachemgr.patch
- Includes upstream fix for CVE-2009-0801 (Closes: #521052)
- Includes upstream fix for rejection of benign request containing variants
of double CR (Closes: #669148)
.
* debian/control
- Added dependency on libecap2-dev
- Added squid-purge package
.
* debian/source
- Enabled ECAP support
- Fixed configure invocation to match new syntax
- Removed unneeded rename of helper man pages
- Fixed list of helpers to build, adding fake agents (Closes: #644280)
and negotiate wrapper (Closes: #656304)
.
* debian/watch
- Updated for 3.3
.
* debian/squid3.logrotate
- Added check for existing binary in logrotate script (Closes: #703954)
Checksums-Sha1:
e98f54b761b1c996e4a2e72f64667bd969be9344 2271 squid3_3.4.8-4~bpo70+1.dsc
4a5fec155d91f3d9eedf16ea474970e293699cc9 3042254 squid3_3.4.8.orig.tar.bz2
7026239bad77a9ea225317da7c55f7bb694e2da4 30648 squid3_3.4.8-4~bpo70+1.debian.tar.gz
bde010ee89ff60c348c26988609c0ad2d305b263 262158 squid3-common_3.4.8-4~bpo70+1_all.deb
c8f11d55e72c4fe25c576f02f2f9804786aa61c6 2644420 squid3_3.4.8-4~bpo70+1_i386.deb
127635eb175e7e6b1dcaa60735bad4d1dce6b492 15034524 squid3-dbg_3.4.8-4~bpo70+1_i386.deb
a57d09610c413dbabac160cadc74985d4a3f0525 133480 squidclient_3.4.8-4~bpo70+1_i386.deb
5ca8ee328b6c6cbdbf5ddcae74322c84e6ba55b5 137144 squid-cgi_3.4.8-4~bpo70+1_i386.deb
63c3a4fa8e8faf947bd50555f71a23f79f170666 129874 squid-purge_3.4.8-4~bpo70+1_i386.deb
Checksums-Sha256:
949b0fab4163bfd5e16c8c0b0947797e891785de069c9135e31e55d94eafc0c5 2271 squid3_3.4.8-4~bpo70+1.dsc
d0534c1cb6ad7de9e2c9f3fc192df92d4c454e3e4c5e00c5086997709153c455 3042254 squid3_3.4.8.orig.tar.bz2
bafe37018e071387ecb8769d506f1c6f8517e9d16c0d7560f6432ad96096d714 30648 squid3_3.4.8-4~bpo70+1.debian.tar.gz
84b8c14148abdb194f323eb69070e294bd0b7619c3437ec2a7632660f146a600 262158 squid3-common_3.4.8-4~bpo70+1_all.deb
fd8326be0ab1f27433a02c054124e3377a090801fd2e548d4cf7a5fc6b6b9c1d 2644420 squid3_3.4.8-4~bpo70+1_i386.deb
58fd6abc8883807a06f60d35ea670a432779f0d4549382d9da09490af6f1def7 15034524 squid3-dbg_3.4.8-4~bpo70+1_i386.deb
a6796a0b876748e7132599b930b84e642c91495954831e42528cd256b4fbba2b 133480 squidclient_3.4.8-4~bpo70+1_i386.deb
3c58b019a2bf1eb8fbf55c21b6e39fcc056a3472c97f519746a4fa2177500f30 137144 squid-cgi_3.4.8-4~bpo70+1_i386.deb
abc996235d0159164cbd6a7d11e376fbdaec7ead53df1efc4ac15da08a073254 129874 squid-purge_3.4.8-4~bpo70+1_i386.deb
Files:
e9f37224ab27322a9e61ad805a5f076c 2271 web optional squid3_3.4.8-4~bpo70+1.dsc
094bd5f974d13485d51d02e93ec6027b 3042254 web optional squid3_3.4.8.orig.tar.bz2
408b97ffc9e64d01976d6651456cd512 30648 web optional squid3_3.4.8-4~bpo70+1.debian.tar.gz
26e21c6e917f1b375c8e4616bef1ce4b 262158 web optional squid3-common_3.4.8-4~bpo70+1_all.deb
65eab1d6426beab7aefcb3c6aa462464 2644420 web optional squid3_3.4.8-4~bpo70+1_i386.deb
7ff8f3a26069bb05cdce134739c2d4e8 15034524 debug extra squid3-dbg_3.4.8-4~bpo70+1_i386.deb
e05d684da4551ab81e3b949b2ff0ce4f 133480 web optional squidclient_3.4.8-4~bpo70+1_i386.deb
cf4b1751d039dd84b83a26ae1666b709 137144 web optional squid-cgi_3.4.8-4~bpo70+1_i386.deb
9ffca8fcdb282dfe283ed3bb3951b219 129874 web optional squid-purge_3.4.8-4~bpo70+1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUiybwAAoJEAKE8gwrqXztWNYP/287JoZGvVuEfQx27FeO5OMD
qBsPu9WJqVcEQLQnJzjJpBersJiI/bcwqKikBxorhyCNUGJAcirW0SeBTiDiB2Vt
M0FmA6xskbfO0U525AHOL7L+vZxkYbSlTNCyzuKLIJ20ixddFUBVAtFxcJzKM3Ws
uF9G29rjEpV3QSAul3yWL4bGXJkQy5qIS8IJYBv2Ew8V30feSppgp1O5jZq85sv/
Ly2+WEGePsfEBBf+G56e7wujCxgWUDlet8EDP3SAKCkb3Xwq8YSNQOwAYpksYHXq
sxcHAoeGBx0bCO3PIwZMhL49PbmlfxGxZUWDQMXwyc1zo4Dp6oIe49bNC50ShKuM
qLx3PJoifPTS5lPVlJPJXL+l2KpsxfKq6Ar7GXETwSFqmWqCLo+7em/PdNnsco+z
q4CXJk7lt9naRebfhcUtdmLAZJ6dQzZpIzJrybJtvSTy9+n3XX0ypym3NR8mbksH
IDjYm6Cd3TTm9mQilh4zVE+abotWtquz2kFEaVd+ORHiym/UB7HiEBWIAH0Te7tu
7TOrDrCOJIrnnSUe1zOEfcinnN3pTruwReP7HA5nEqXdkiT+uLBGRqSKZOgrfd0k
MBU2rYw8EprWBDE4dMNROi+NUaC7DTdTlll7xm4+ZVOik0854ouvit2Ve5dawLTQ
5aWE7I9+qEG02F2tAncX
=J73O
-----END PGP SIGNATURE-----
Reply to: