View Bazaar branches
Get this repository:
git clone https://git.launchpad.net/ubuntu/+source/squid
Members of Ubuntu Server Dev import team can upload to this repository. Log in for directions.

Branches

Name Last Modified Last Commit
ubuntu/dapper-devel 2010-02-16 15:05:24 UTC 2010-02-16
Import patches-unapplied version 2.5.12-4ubuntu2.5 to ubuntu/dapper-security

Author: Marc Deslauriers
Author Date: 2010-02-12 18:07:54 UTC

Import patches-unapplied version 2.5.12-4ubuntu2.5 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 67641d307429d2fcf2d6e4c23c6b6cdffbae7d3d

New changelog entries:
  * SECURITY UPDATE: denial of service via crafted DNS packet
    - debian/patches/SECURITY_CVE-2010-0308.dpatch: don't abort on error in
      lib/rfc1035.c.
    - CVE-2010-0308

ubuntu/dapper-security 2010-02-16 15:05:24 UTC 2010-02-16
Import patches-unapplied version 2.5.12-4ubuntu2.5 to ubuntu/dapper-security

Author: Marc Deslauriers
Author Date: 2010-02-12 18:07:54 UTC

Import patches-unapplied version 2.5.12-4ubuntu2.5 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 67641d307429d2fcf2d6e4c23c6b6cdffbae7d3d

New changelog entries:
  * SECURITY UPDATE: denial of service via crafted DNS packet
    - debian/patches/SECURITY_CVE-2010-0308.dpatch: don't abort on error in
      lib/rfc1035.c.
    - CVE-2010-0308

ubuntu/dapper-updates 2010-02-16 15:05:24 UTC 2010-02-16
Import patches-unapplied version 2.5.12-4ubuntu2.5 to ubuntu/dapper-security

Author: Marc Deslauriers
Author Date: 2010-02-12 18:07:54 UTC

Import patches-unapplied version 2.5.12-4ubuntu2.5 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 67641d307429d2fcf2d6e4c23c6b6cdffbae7d3d

New changelog entries:
  * SECURITY UPDATE: denial of service via crafted DNS packet
    - debian/patches/SECURITY_CVE-2010-0308.dpatch: don't abort on error in
      lib/rfc1035.c.
    - CVE-2010-0308

applied/ubuntu/dapper-updates 2010-02-16 15:05:24 UTC 2010-02-16
Import patches-applied version 2.5.12-4ubuntu2.5 to applied/ubuntu/dapper-sec...

Author: Marc Deslauriers
Author Date: 2010-02-12 18:07:54 UTC

Import patches-applied version 2.5.12-4ubuntu2.5 to applied/ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 4863066068626a6949b25584ad11715e78772f25
Unapplied parent: 64ad61e8f947e8c3b3ae1cdaacfaac98f7a3379d

New changelog entries:
  * SECURITY UPDATE: denial of service via crafted DNS packet
    - debian/patches/SECURITY_CVE-2010-0308.dpatch: don't abort on error in
      lib/rfc1035.c.
    - CVE-2010-0308

ubuntu/karmic 2009-08-21 02:04:52 UTC 2009-08-21
Import patches-unapplied version 2.7.STABLE6-2ubuntu2 to ubuntu/karmic

Author: Kees Cook
Author Date: 2009-08-21 00:25:42 UTC

Import patches-unapplied version 2.7.STABLE6-2ubuntu2 to ubuntu/karmic

Imported using git-ubuntu import.

Changelog parent: 59b9910812c60350300b249281b3468bd5a3f70e

New changelog entries:
  * debian/{control,rules}: add and enable hardened build for PIE
    (Debian bug 542723).

applied/ubuntu/karmic 2009-08-21 02:04:52 UTC 2009-08-21
Import patches-applied version 2.7.STABLE6-2ubuntu2 to applied/ubuntu/karmic

Author: Kees Cook
Author Date: 2009-08-21 00:25:42 UTC

Import patches-applied version 2.7.STABLE6-2ubuntu2 to applied/ubuntu/karmic

Imported using git-ubuntu import.

Changelog parent: b120429031e6ae9986f3221fc2b03a1767072acc
Unapplied parent: 80697df64c60a832c3985e5b2c43f42874824c97

New changelog entries:
  * debian/{control,rules}: add and enable hardened build for PIE
    (Debian bug 542723).

applied/ubuntu/jaunty 2009-02-10 17:04:41 UTC 2009-02-10
Import patches-applied version 2.7.STABLE3-4.1ubuntu1 to applied/ubuntu/jaunty

Author: Bhavani Shankar
Author Date: 2009-02-07 12:38:10 UTC

Import patches-applied version 2.7.STABLE3-4.1ubuntu1 to applied/ubuntu/jaunty

Imported using git-ubuntu import.

Changelog parent: 5a03dfb8f6f6d023461fffa0f8493a8423a18edb
Unapplied parent: 0643dcfbd47611c3f98e9138ab12f36525a4fc46

New changelog entries:
  * Merge from debian unstable, remaining changes: LP: #326547
    - 99-ubuntu-ssl-cert-snakeoil:
      + src/cf.data.pre:
        * Add refrence to snakepil /etc/ssl
    - debian/control:
      + Add ssl-cert to Depends to bring in snakeoil certificates.
    - debian/logrotate: use sarg-reports rather than sarg-maint.
      (LP: #268816)
    - Only pass -j$(NUMJOBS) to "$(MAKE) all" and not in MAKEFLAGS as
      debian/rules isn't -j safe; see Debian #512512.

ubuntu/jaunty 2009-02-10 17:04:41 UTC 2009-02-10
Import patches-unapplied version 2.7.STABLE3-4.1ubuntu1 to ubuntu/jaunty

Author: Bhavani Shankar
Author Date: 2009-02-07 12:38:10 UTC

Import patches-unapplied version 2.7.STABLE3-4.1ubuntu1 to ubuntu/jaunty

Imported using git-ubuntu import.

Changelog parent: df6446793f0f72c532b044d4140c49da7a318e8c

New changelog entries:
  * Merge from debian unstable, remaining changes: LP: #326547
    - 99-ubuntu-ssl-cert-snakeoil:
      + src/cf.data.pre:
        * Add refrence to snakepil /etc/ssl
    - debian/control:
      + Add ssl-cert to Depends to bring in snakeoil certificates.
    - debian/logrotate: use sarg-reports rather than sarg-maint.
      (LP: #268816)
    - Only pass -j$(NUMJOBS) to "$(MAKE) all" and not in MAKEFLAGS as
      debian/rules isn't -j safe; see Debian #512512.

ubuntu/intrepid 2008-09-22 20:04:30 UTC 2008-09-22
Import patches-unapplied version 2.7.STABLE3-1ubuntu2 to ubuntu/intrepid

Author: Chuck Short
Author Date: 2008-09-22 19:31:01 UTC

Import patches-unapplied version 2.7.STABLE3-1ubuntu2 to ubuntu/intrepid

Imported using git-ubuntu import.

Changelog parent: c7f87ecfe02550b11e349122b76fd88541473b9f

New changelog entries:
  * debian/logrotate: use sarg-reports rather than sarg-maint.
    (LP: #268816)

applied/ubuntu/intrepid 2008-09-22 20:04:30 UTC 2008-09-22
Import patches-applied version 2.7.STABLE3-1ubuntu2 to applied/ubuntu/intrepid

Author: Chuck Short
Author Date: 2008-09-22 19:31:01 UTC

Import patches-applied version 2.7.STABLE3-1ubuntu2 to applied/ubuntu/intrepid

Imported using git-ubuntu import.

Changelog parent: d8f57ea664e176f236c4a201c5c3b67381c149b7
Unapplied parent: 5ea04eaf90ba6c5d59e80869071da9d8903c88a5

New changelog entries:
  * debian/logrotate: use sarg-reports rather than sarg-maint.
    (LP: #268816)

applied/ubuntu/edgy-updates 2008-04-14 15:04:43 UTC 2008-04-14
Import patches-applied version 2.6.1-3ubuntu1.7 to applied/ubuntu/edgy-security

Author: Jamie Strandboge
Author Date: 2008-04-11 15:08:51 UTC

Import patches-applied version 2.6.1-3ubuntu1.7 to applied/ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 87b4cf75a8dd3a6e78bfc2e4f14f74a83f4ef6c5
Unapplied parent: b94c20953937b5798d2988e87604a849c09dc4b4

New changelog entries:
  * SECURITY UPDATE: off by one assertion could cause a denial of service
  * debian/patches/SECURITY_CVE-2008-1612.dpatch: fix arrayShrink() in
    lib/Array.c to properly check a->capacity

applied/ubuntu/gutsy-updates 2008-04-14 15:04:43 UTC 2008-04-14
Import patches-applied version 2.6.14-1ubuntu2.2 to applied/ubuntu/gutsy-secu...

Author: Jamie Strandboge
Author Date: 2008-04-11 14:55:51 UTC

Import patches-applied version 2.6.14-1ubuntu2.2 to applied/ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: eb098f853947af3e5a2f070e5350987391b8ff30
Unapplied parent: 80c6fb77582e477dbc8168a47c1a48fcda9f90e0

New changelog entries:
  * SECURITY UPDATE: off by one assertion could cause a denial of service
  * debian/patches/SECURITY_CVE-2008-1612.dpatch: fix arrayShrink() in
    lib/Array.c to properly check a->capacity

applied/ubuntu/gutsy-security 2008-04-14 15:04:43 UTC 2008-04-14
Import patches-applied version 2.6.14-1ubuntu2.2 to applied/ubuntu/gutsy-secu...

Author: Jamie Strandboge
Author Date: 2008-04-11 14:55:51 UTC

Import patches-applied version 2.6.14-1ubuntu2.2 to applied/ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: eb098f853947af3e5a2f070e5350987391b8ff30
Unapplied parent: 80c6fb77582e477dbc8168a47c1a48fcda9f90e0

New changelog entries:
  * SECURITY UPDATE: off by one assertion could cause a denial of service
  * debian/patches/SECURITY_CVE-2008-1612.dpatch: fix arrayShrink() in
    lib/Array.c to properly check a->capacity

applied/ubuntu/gutsy-devel 2008-04-14 15:04:43 UTC 2008-04-14
Import patches-applied version 2.6.14-1ubuntu2.2 to applied/ubuntu/gutsy-secu...

Author: Jamie Strandboge
Author Date: 2008-04-11 14:55:51 UTC

Import patches-applied version 2.6.14-1ubuntu2.2 to applied/ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: eb098f853947af3e5a2f070e5350987391b8ff30
Unapplied parent: 80c6fb77582e477dbc8168a47c1a48fcda9f90e0

New changelog entries:
  * SECURITY UPDATE: off by one assertion could cause a denial of service
  * debian/patches/SECURITY_CVE-2008-1612.dpatch: fix arrayShrink() in
    lib/Array.c to properly check a->capacity

applied/ubuntu/feisty-updates 2008-04-14 15:04:43 UTC 2008-04-14
Import patches-applied version 2.6.5-4ubuntu2.2 to applied/ubuntu/feisty-secu...

Author: Jamie Strandboge
Author Date: 2008-04-11 15:07:40 UTC

Import patches-applied version 2.6.5-4ubuntu2.2 to applied/ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: 1fc6285904a4ef8a813513ef0e0a52b1e9ae48b7
Unapplied parent: e49062a1b7045b5e43f5da8b7e0ff3900747e39c

New changelog entries:
  * SECURITY UPDATE: off by one assertion could cause a denial of service
  * debian/patches/SECURITY_CVE-2008-1612.dpatch: fix arrayShrink() in
    lib/Array.c to properly check a->capacity

applied/ubuntu/feisty-security 2008-04-14 15:04:43 UTC 2008-04-14
Import patches-applied version 2.6.5-4ubuntu2.2 to applied/ubuntu/feisty-secu...

Author: Jamie Strandboge
Author Date: 2008-04-11 15:07:40 UTC

Import patches-applied version 2.6.5-4ubuntu2.2 to applied/ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: 1fc6285904a4ef8a813513ef0e0a52b1e9ae48b7
Unapplied parent: e49062a1b7045b5e43f5da8b7e0ff3900747e39c

New changelog entries:
  * SECURITY UPDATE: off by one assertion could cause a denial of service
  * debian/patches/SECURITY_CVE-2008-1612.dpatch: fix arrayShrink() in
    lib/Array.c to properly check a->capacity

applied/ubuntu/feisty-devel 2008-04-14 15:04:43 UTC 2008-04-14
Import patches-applied version 2.6.5-4ubuntu2.2 to applied/ubuntu/feisty-secu...

Author: Jamie Strandboge
Author Date: 2008-04-11 15:07:40 UTC

Import patches-applied version 2.6.5-4ubuntu2.2 to applied/ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: 1fc6285904a4ef8a813513ef0e0a52b1e9ae48b7
Unapplied parent: e49062a1b7045b5e43f5da8b7e0ff3900747e39c

New changelog entries:
  * SECURITY UPDATE: off by one assertion could cause a denial of service
  * debian/patches/SECURITY_CVE-2008-1612.dpatch: fix arrayShrink() in
    lib/Array.c to properly check a->capacity

applied/ubuntu/edgy-security 2008-04-14 15:04:43 UTC 2008-04-14
Import patches-applied version 2.6.1-3ubuntu1.7 to applied/ubuntu/edgy-security

Author: Jamie Strandboge
Author Date: 2008-04-11 15:08:51 UTC

Import patches-applied version 2.6.1-3ubuntu1.7 to applied/ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 87b4cf75a8dd3a6e78bfc2e4f14f74a83f4ef6c5
Unapplied parent: b94c20953937b5798d2988e87604a849c09dc4b4

New changelog entries:
  * SECURITY UPDATE: off by one assertion could cause a denial of service
  * debian/patches/SECURITY_CVE-2008-1612.dpatch: fix arrayShrink() in
    lib/Array.c to properly check a->capacity

applied/ubuntu/edgy-devel 2008-04-14 15:04:43 UTC 2008-04-14
Import patches-applied version 2.6.1-3ubuntu1.7 to applied/ubuntu/edgy-security

Author: Jamie Strandboge
Author Date: 2008-04-11 15:08:51 UTC

Import patches-applied version 2.6.1-3ubuntu1.7 to applied/ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 87b4cf75a8dd3a6e78bfc2e4f14f74a83f4ef6c5
Unapplied parent: b94c20953937b5798d2988e87604a849c09dc4b4

New changelog entries:
  * SECURITY UPDATE: off by one assertion could cause a denial of service
  * debian/patches/SECURITY_CVE-2008-1612.dpatch: fix arrayShrink() in
    lib/Array.c to properly check a->capacity

ubuntu/edgy-devel 2008-04-14 15:04:43 UTC 2008-04-14
Import patches-unapplied version 2.6.1-3ubuntu1.7 to ubuntu/edgy-security

Author: Jamie Strandboge
Author Date: 2008-04-11 15:08:51 UTC

Import patches-unapplied version 2.6.1-3ubuntu1.7 to ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 5175a839dd431826d5acfa9cf00e7acb1387f5ec

New changelog entries:
  * SECURITY UPDATE: off by one assertion could cause a denial of service
  * debian/patches/SECURITY_CVE-2008-1612.dpatch: fix arrayShrink() in
    lib/Array.c to properly check a->capacity

ubuntu/edgy-security 2008-04-14 15:04:43 UTC 2008-04-14
Import patches-unapplied version 2.6.1-3ubuntu1.7 to ubuntu/edgy-security

Author: Jamie Strandboge
Author Date: 2008-04-11 15:08:51 UTC

Import patches-unapplied version 2.6.1-3ubuntu1.7 to ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 5175a839dd431826d5acfa9cf00e7acb1387f5ec

New changelog entries:
  * SECURITY UPDATE: off by one assertion could cause a denial of service
  * debian/patches/SECURITY_CVE-2008-1612.dpatch: fix arrayShrink() in
    lib/Array.c to properly check a->capacity

ubuntu/edgy-updates 2008-04-14 15:04:43 UTC 2008-04-14
Import patches-unapplied version 2.6.1-3ubuntu1.7 to ubuntu/edgy-security

Author: Jamie Strandboge
Author Date: 2008-04-11 15:08:51 UTC

Import patches-unapplied version 2.6.1-3ubuntu1.7 to ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 5175a839dd431826d5acfa9cf00e7acb1387f5ec

New changelog entries:
  * SECURITY UPDATE: off by one assertion could cause a denial of service
  * debian/patches/SECURITY_CVE-2008-1612.dpatch: fix arrayShrink() in
    lib/Array.c to properly check a->capacity

ubuntu/feisty-devel 2008-04-14 15:04:43 UTC 2008-04-14
Import patches-unapplied version 2.6.5-4ubuntu2.2 to ubuntu/feisty-security

Author: Jamie Strandboge
Author Date: 2008-04-11 15:07:40 UTC

Import patches-unapplied version 2.6.5-4ubuntu2.2 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: b6371ee52fb27cf614e72142e5670584a54c775d

New changelog entries:
  * SECURITY UPDATE: off by one assertion could cause a denial of service
  * debian/patches/SECURITY_CVE-2008-1612.dpatch: fix arrayShrink() in
    lib/Array.c to properly check a->capacity

ubuntu/feisty-security 2008-04-14 15:04:43 UTC 2008-04-14
Import patches-unapplied version 2.6.5-4ubuntu2.2 to ubuntu/feisty-security

Author: Jamie Strandboge
Author Date: 2008-04-11 15:07:40 UTC

Import patches-unapplied version 2.6.5-4ubuntu2.2 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: b6371ee52fb27cf614e72142e5670584a54c775d

New changelog entries:
  * SECURITY UPDATE: off by one assertion could cause a denial of service
  * debian/patches/SECURITY_CVE-2008-1612.dpatch: fix arrayShrink() in
    lib/Array.c to properly check a->capacity

ubuntu/feisty-updates 2008-04-14 15:04:43 UTC 2008-04-14
Import patches-unapplied version 2.6.5-4ubuntu2.2 to ubuntu/feisty-security

Author: Jamie Strandboge
Author Date: 2008-04-11 15:07:40 UTC

Import patches-unapplied version 2.6.5-4ubuntu2.2 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: b6371ee52fb27cf614e72142e5670584a54c775d

New changelog entries:
  * SECURITY UPDATE: off by one assertion could cause a denial of service
  * debian/patches/SECURITY_CVE-2008-1612.dpatch: fix arrayShrink() in
    lib/Array.c to properly check a->capacity

ubuntu/gutsy-devel 2008-04-14 15:04:43 UTC 2008-04-14
Import patches-unapplied version 2.6.14-1ubuntu2.2 to ubuntu/gutsy-security

Author: Jamie Strandboge
Author Date: 2008-04-11 14:55:51 UTC

Import patches-unapplied version 2.6.14-1ubuntu2.2 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: e7ac3d5e16d61f98280f432e2b3fa67240a5099d

New changelog entries:
  * SECURITY UPDATE: off by one assertion could cause a denial of service
  * debian/patches/SECURITY_CVE-2008-1612.dpatch: fix arrayShrink() in
    lib/Array.c to properly check a->capacity

ubuntu/gutsy-security 2008-04-14 15:04:43 UTC 2008-04-14
Import patches-unapplied version 2.6.14-1ubuntu2.2 to ubuntu/gutsy-security

Author: Jamie Strandboge
Author Date: 2008-04-11 14:55:51 UTC

Import patches-unapplied version 2.6.14-1ubuntu2.2 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: e7ac3d5e16d61f98280f432e2b3fa67240a5099d

New changelog entries:
  * SECURITY UPDATE: off by one assertion could cause a denial of service
  * debian/patches/SECURITY_CVE-2008-1612.dpatch: fix arrayShrink() in
    lib/Array.c to properly check a->capacity

ubuntu/gutsy-updates 2008-04-14 15:04:43 UTC 2008-04-14
Import patches-unapplied version 2.6.14-1ubuntu2.2 to ubuntu/gutsy-security

Author: Jamie Strandboge
Author Date: 2008-04-11 14:55:51 UTC

Import patches-unapplied version 2.6.14-1ubuntu2.2 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: e7ac3d5e16d61f98280f432e2b3fa67240a5099d

New changelog entries:
  * SECURITY UPDATE: off by one assertion could cause a denial of service
  * debian/patches/SECURITY_CVE-2008-1612.dpatch: fix arrayShrink() in
    lib/Array.c to properly check a->capacity

applied/ubuntu/hardy 2008-04-09 19:05:10 UTC 2008-04-09
Import patches-applied version 2.6.18-1ubuntu3 to applied/ubuntu/hardy

Author: Chuck Short
Author Date: 2008-04-09 18:48:49 UTC

Import patches-applied version 2.6.18-1ubuntu3 to applied/ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: 551a62ee4e510e8616ca0a55a0fb024bf7052a32
Unapplied parent: c966ef87d357374d0d05e6d9d437c66c916d8b8d

New changelog entries:
  * debian/squid.rc
    - Use squid -k reconfigure to reload the squid configuration.
     (LP: #204474).

ubuntu/hardy 2008-04-09 19:05:10 UTC 2008-04-09
Import patches-unapplied version 2.6.18-1ubuntu3 to ubuntu/hardy

Author: Chuck Short
Author Date: 2008-04-09 18:48:49 UTC

Import patches-unapplied version 2.6.18-1ubuntu3 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: 3eb539afb40ba673b704b80c4460e2874a6b69a0

New changelog entries:
  * debian/squid.rc
    - Use squid -k reconfigure to reload the squid configuration.
     (LP: #204474).

ubuntu/edgy-proposed 2008-01-11 14:04:39 UTC 2008-01-11
Import patches-unapplied version 2.6.1-3ubuntu1.6 to ubuntu/edgy-proposed

Author: Martin Pitt
Author Date: 2008-01-11 12:35:04 UTC

Import patches-unapplied version 2.6.1-3ubuntu1.6 to ubuntu/edgy-proposed

Imported using git-ubuntu import.

Changelog parent: 7ccdfbaa410b64314ba56bbe5e759e18b737515f

New changelog entries:
  * Fix transparent proxies (LP: #68818).

applied/ubuntu/edgy-proposed 2008-01-11 14:04:39 UTC 2008-01-11
Import patches-applied version 2.6.1-3ubuntu1.6 to applied/ubuntu/edgy-proposed

Author: Martin Pitt
Author Date: 2008-01-11 12:35:04 UTC

Import patches-applied version 2.6.1-3ubuntu1.6 to applied/ubuntu/edgy-proposed

Imported using git-ubuntu import.

Changelog parent: b504e8b69d96fa0bf1b8630671853effce5c06ae
Unapplied parent: 5175a839dd431826d5acfa9cf00e7acb1387f5ec

New changelog entries:
  * Fix transparent proxies (LP: #68818).

ubuntu/gutsy 2007-10-04 20:03:47 UTC 2007-10-04
Import patches-unapplied version 2.6.14-1ubuntu2 to ubuntu/gutsy

Author: LaMont Jones
Author Date: 2007-10-04 18:24:29 UTC

Import patches-unapplied version 2.6.14-1ubuntu2 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: da6719ed0a1dcb289c96f5cf6e3d270a81f961c1

New changelog entries:
  * Trigger rebuild for hppa

applied/ubuntu/gutsy 2007-10-04 20:03:47 UTC 2007-10-04
Import patches-applied version 2.6.14-1ubuntu2 to applied/ubuntu/gutsy

Author: LaMont Jones
Author Date: 2007-10-04 18:24:29 UTC

Import patches-applied version 2.6.14-1ubuntu2 to applied/ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 2ac8b9669888d6d44f6a4fda10bdb9c0cfe9ebdd
Unapplied parent: c1d60ede6fe3b4bdd03f284d0e5af48ed8de0934

New changelog entries:
  * Trigger rebuild for hppa

ubuntu/feisty 2007-03-24 15:03:36 UTC 2007-03-24
Import patches-unapplied version 2.6.5-4ubuntu2 to ubuntu/feisty

Author: Kees Cook
Author Date: 2007-03-22 23:22:28 UTC

Import patches-unapplied version 2.6.5-4ubuntu2 to ubuntu/feisty

Imported using git-ubuntu import.

Changelog parent: dc5bb43657ac679eeff6dc830d849e724923db38

New changelog entries:
  * SECURITY UPDATE: remote denial of service via TRACE method.
  * debian/patches/57-external-trace-crash.dpatch: upstream fix.
  * References
    http://www.squid-cache.org/Versions/v2/2.6/changesets/11349.patch
    CVE-2007-1560

applied/ubuntu/feisty 2007-03-24 15:03:36 UTC 2007-03-24
Import patches-applied version 2.6.5-4ubuntu2 to applied/ubuntu/feisty

Author: Kees Cook
Author Date: 2007-03-22 23:22:28 UTC

Import patches-applied version 2.6.5-4ubuntu2 to applied/ubuntu/feisty

Imported using git-ubuntu import.

Changelog parent: 24c900c79b1abd311acee3559faa61d3b9448f3c
Unapplied parent: 954b36f4705817db0e771cbb901572294380987e

New changelog entries:
  * SECURITY UPDATE: remote denial of service via TRACE method.
  * debian/patches/57-external-trace-crash.dpatch: upstream fix.
  * References
    http://www.squid-cache.org/Versions/v2/2.6/changesets/11349.patch
    CVE-2007-1560

applied/ubuntu/edgy 2006-07-13 08:07:45 UTC 2006-07-13
Import patches-applied version 2.6.1-3ubuntu1 to applied/ubuntu/edgy

Author: Anibal Monsalve Salazar
Author Date: 2006-07-12 23:21:43 UTC

Import patches-applied version 2.6.1-3ubuntu1 to applied/ubuntu/edgy

Imported using git-ubuntu import.

Changelog parent: 02635d58b262c80127fd29f092d6c1258866c94e
Unapplied parent: 6d90e0c6dbaab39402c6a1807a501f61561db188

New changelog entries:
  * Resynchronise with Debian.
  * debian/rules
    - Removed debian/po/*.po~
  * debian/patches/48-kfreebsd-kqueue
    - Added user interface for kqueue() on GNU/kFreeBSD (Thanks to Petr
      Salinger) (Closes: #377873)
  * debian/rules
    - Disabled IPF support on GNU/kFreeBSD
    - Install RELEASENOTES.html in /usr/share/doc
  * debian/NEWS.Debian
    - Added notice on changes to configuration file and reference to the
      RELEASENOTES.html file (Closes: #377950)
  * debian/control
    - Added missing Build-Depends on libdb4.3-dev (Closes: #377473)

ubuntu/edgy 2006-07-13 08:07:45 UTC 2006-07-13
Import patches-unapplied version 2.6.1-3ubuntu1 to ubuntu/edgy

Author: Anibal Monsalve Salazar
Author Date: 2006-07-12 23:21:43 UTC

Import patches-unapplied version 2.6.1-3ubuntu1 to ubuntu/edgy

Imported using git-ubuntu import.

Changelog parent: 145446f7596f335b564f39f68bacee1b5e78bc8c

New changelog entries:
  * Resynchronise with Debian.
  * debian/rules
    - Removed debian/po/*.po~
  * debian/patches/48-kfreebsd-kqueue
    - Added user interface for kqueue() on GNU/kFreeBSD (Thanks to Petr
      Salinger) (Closes: #377873)
  * debian/rules
    - Disabled IPF support on GNU/kFreeBSD
    - Install RELEASENOTES.html in /usr/share/doc
  * debian/NEWS.Debian
    - Added notice on changes to configuration file and reference to the
      RELEASENOTES.html file (Closes: #377950)
  * debian/control
    - Added missing Build-Depends on libdb4.3-dev (Closes: #377473)

applied/ubuntu/dapper 2006-02-22 11:02:19 UTC 2006-02-22
Import patches-applied version 2.5.12-4ubuntu2 to applied/ubuntu/dapper

Author: Adam Conrad
Author Date: 2006-02-22 10:21:56 UTC

Import patches-applied version 2.5.12-4ubuntu2 to applied/ubuntu/dapper

Imported using git-ubuntu import.

Changelog parent: 09dee9d6409545325e780a5788a0a2304d472cb7
Unapplied parent: 24707ac7e58153429384a94d131646298f7538ac

New changelog entries:
  * Add 99-ubuntu-wbinfo_group.dpatch, to make wbinfo_group.pl work properly
    with Samba >= 3.0.21, which is in dapper (Closes: launchpad.net/29228)

ubuntu/dapper 2006-02-22 11:02:19 UTC 2006-02-22
Import patches-unapplied version 2.5.12-4ubuntu2 to ubuntu/dapper

Author: Adam Conrad
Author Date: 2006-02-22 10:21:56 UTC

Import patches-unapplied version 2.5.12-4ubuntu2 to ubuntu/dapper

Imported using git-ubuntu import.

Changelog parent: d1b29c6f2199810ed5f038f6b337affc5dcf29c7

New changelog entries:
  * Add 99-ubuntu-wbinfo_group.dpatch, to make wbinfo_group.pl work properly
    with Samba >= 3.0.21, which is in dapper (Closes: launchpad.net/29228)

applied/ubuntu/breezy-devel 2005-12-21 05:58:32 UTC 2005-12-21
Import patches-applied version 2.5.10-6 to applied/ubuntu/breezy

Author: Luigi Gangitano
Author Date: 2005-09-17 19:44:53 UTC

Import patches-applied version 2.5.10-6 to applied/ubuntu/breezy

Imported using git-ubuntu import.

Changelog parent: 3558ed2e9d4793a5f3f74a9cd3baeb77bf7123df
Unapplied parent: 469542ed85d354dbc513af0149d76ca36f9ed296

New changelog entries:
  * debian/patches/46-ntlm-scheme-assert
    - Added upstream patch to fix potential DoS in NTLM authentication
      (Ref: CAN-2005-2917)
  * debian/control
    - Fixed typo in squid-cgi description (Closes: #327810)
  * debian/patches/
    - Removed patch files integrated upstream
  * debian/control
    - Added dependency on debconf-2.0
  * debian/patches/44-sslconnect-segfault
    - Added upstream patch to fix security issue in ssl connection handling
      potentially causing DoS. (Ref. CAN-2005-2796)
  * debian/patches/45-store-assert
    - Added upstream patch to fix security issue in store.c potentially
      causing DoS (Ref. CAN-2005-2794)
  * debian/changelog
    - Fixed typos in various lines that caused lintian to scream
  * debian/rules
    - Dropped use of DEBIAN_HOST_GNU_{CPU,SYSTEM} since the dpkg transition
      has broken them, preventing the MAXFD limit correction to 4096. Use
      Used DEBIAN_ARCH_{OS,CPU} instead. (Closes: #322526)
  * debian/po/cs.po
    - Added Czech debconf translation thanks to Miroslav Kure
      (Closes: #320369)
  * debian/patches/43-stathist-assert
    - Added patch to fix assertion failure in StatHist.c
      (Closes: #310642)
  * debian/po/vi.po
    - Added Vietnamese debconf translation thanks to Clytie Siddall
      (Closes: #318705)
  * debian/po/de.po
    - Fixed path in German translation
      (Closes: #313152)
  * New upstream release
    - removed patches that have been integrated upstream:
      debian/patches/05-syslog
      debian/patches/09-enable-large-files
      debian/patches/22-cachemgr-acl
      debian/patches/38-aufs-fixes
      debian/patches/39-notinmemory
      debian/patches/40-acl-error
      debian/patches/41-2GB-assert
      debian/patches/42-dns-query
  * debian/config
    - Fixed check on cache_dir permissions when it is symlinked
      (Closes: #312253)
  * debian/squid.rc
    - Removed unused functions in rc script
  * debian/postinst
    - Added check for statovverrides on log directory
      (Closes: #309634)
  * Urgency high to get the translation fix in sarge

  * debian/po/ru.po
    - Updated Russian debconf translation (thanks to Yuriy Talakan)
      (Closes: #310038)
  * Urgency high due to security fixes

  * debian/patches/41-2GB-assert
    - Added upstream patch to fix assertion failure
      store_client.c:343: "storeSwapOutObjectBytesOnDisk(mem) > sc->copy_offset"
  * debian/patches/42-dns-query
    - Added upstream patch to fix security issue with DNS response spoofing
  * Urgency medium due to upstream fixes that should go into sarge
  * debian/patches/39-notinmemory
    - Updated upstream patch
  * debian/patches/39-notinmemory
    - Added upstream patch to fix assertion failure
      store_swapin.c:45: "e->mem_status == NOT_IN_MEMORY
      (Closes: #306072)
  * debian/patches/40-acl-error
    - Added upstream patch fixing minor security issue in parsing acls
      (Ref: CAN-2005-1345)
  * debian/patches/22-cachemgr-acl
    - Updated to the upstream patch
  * debian/rules
   - Install upstream cachemgr.conf instead of the old local one
  * debian/cachemgr.conf
    - Removed local version not used anymore
  * debian/po/ja.po
    - Updated debconf translation (thanks to Kenshi Muto)
      (Closes: #306939)
  * Urgency still medium due to upstream fixes that should go into sarge
  * debian/patches/09-enable-large-files
    - Updated again upstream patch, fixing failed assertion
      store_swapout.c:232: "mem->inmem_lo == 0"
      (Closes: #305387)
  * Urgency still medium due to upstream fixes that should go into sarge
  * debian/patches/09-enable-large-files
    - Updated upstream patch, fixing race condition causing segfault
      (Closes: #305387)
  * Urgency still medium due to upstream fixes that should go into sarge
  * debian/patches/09-enable-large-files
    - Updated upstream patch, fixing crashes with diskd (Closes: #302634)
  * debian/patches/00list
    - Reworked patch order
  * Urgency medium due to upstream fixes that should go into sarge

  * debian/patches/09-enable-large-files
    - Substituded with official upstream patch for large file support.
      This patch is definetly better than the one previously used.
  * debian/rules
    - Changed configure option --enable-large-files to --with-large-files
  * debian/patches/38-aufs-fixes
    - Added upstream patch fixing small issues with aufs and enhancing
      performance

  * Urgency medium due to small security fix
  * debian/patches/37-setcookie.dpatch
    - Added upstream patchto fix race condition with Set-Cookie headers
      (Closes: #298053)

  * debian/watch
    - Re-Updated watch file, this should really work
  * New upstream release
    - removed patches that have been integrated upstream:
      debian/patches/30-amd64-gcc40-compile
      debian/patches/36-dns-assert
  * debian/watch
    - Updated watch file, this should work
  * Urgency high due security fixes
  * debian/patches/36-dns-assert.dpatch
    - Added upstream patch to fix DoS in DNS reply parsing
      (Ref: CAN-2005-0446)
  * debian/squid.rc
    - Added db_stop call before invoke-rc.d (Closes: #294866)
  * New upstream release
    - removed patches that have been integrated upstream:
      debian/patches/23-deny-internal-object-purge
      debian/patches/24-gopher-html-parsing
      debian/patches/25-wccp-dos
      debian/patches/26-dns-memleak
      debian/patches/27-ldap-spaces
      debian/patches/28-fakeauth-memleak
      debian/patches/29-fqdn-truncated
      debian/patches/31-wccp-buffer-overflow
      debian/patches/32-response-splitting
      debian/patches/33-header-parsing
      debian/patches/34-oversize-reply-header
      debian/patches/35-empty-acl
    - Fixed 100% CPU usage on half closed PUT/POST requests
      (Closes: #294551)
  * debian/squid.rc
    - Applied patch from Thomas Hood to improve initscript output
      (Closes: #294465)
  * Urgency high due security fixes, previous version not yet in sarge and
    this version makes just a litte change to dependencies

  * debian/control
    - Added versioned depends on the same version of squid-common
      (Closes: #293552, #293626)
  * Urgency high due security fixes
  * debian/patches/34-oversize-reply-header.dpatch
    - Added upstream patch to correct HTTP protocol mismatch introduced
      by the header-parsing patch
      (Ref: CAN-2005-0241)
  * debian/patches/35-empty-acl.dpatch
    - Added upstream patch to fix minor security issues with 'empty' acls
      (Ref: CAN-2005-0194)
  * Urgency high due security fixes
  * debian/patches/01-cf.data.pre
    - Explicitly set hosts_file to /etc/hosts (Closes: #185555)
  * debian/patches/31-wccp-buffer-overflow.dpatch
    - Added upstream patch that fixes BoF in WCCP recvfrom()
      (Ref: CAN-2005-0211)
  * debian/patches/32-response-splitting.dpatch
    - Added upstream patch that fixes HTTP response splitting cache pollution
      (Ref: CAN-2005-0175)
  * debian/patches/33-header-parsing.dpatch
    - Added upstream patch to reject malformed HTTP requests and responses
      (Ref: CAN-2005-0174)
  * Urgency high due security fixes
  * Updated references in changelog to CAN advisories
  * "A round of upstream patches" release
  * debian/patches/24-gopher-html-parsing
    - Added upstream patch that fixes BoF in gopherToHTML()
      (Ref: CAN-2005-0094)

  * debian/patches/25-wccp-dos
    - Added upstream patch that fixes DoS in WCCP message handling
      (Ref: CAN-2005-0095)
  * debian/patches/26-dns-memleak
    - Added upstream patch that fixes memory leak in internal DNS resolver
  * debian/patches/27-ldap-spaces
    - Added upstream patch that fixes minor security issues in LDAP account
      handling
      (Ref: CAN-2005-0173)
  * debian/patches/28-fakeauth-memleak
    - Added upstream patch that fixes memory leak in fakeauth NTLM helper
  * debian/patches/29-fqdn-truncated
    - Added upstream patch that fixes name truncation in compressed DNS
      responses
  * debian/patches/30-amd64-gcc40-compile
    - Added patch to compile squid on AMD64 with GCC-4.0 (Closes: #288542)

  * debian/patches/07-manpage
    - Removed, since now the config file is in /etc/squid
      (Closes: #284791)
  * debian/patches/23-deny-internal-object-purge
    - Added upstream patch that fixes internal object expiry
      (Closes: #75468)
  * debian/po/de.po
    - Updated German debconf translation (thanks to Jens Nachtigall)
      (Closes: #283848)

  * debian/po/nl.po
    - Updated Dutch debconf translation (thanks to Luk Claes)
      (Closes: #281563)
  * debian/watch
    - Added debian watch file
  * debian/po/fr.po
    - Updated French debconf translation (thanks to Christian Perrier)
      (Closes: #279304)
  * debian/rules
    - Added wbinfo_group external acl (Closes: #280895)
  * Urgency medium due to security issues

  * New upstream release
    - removed patches that have been integrated upstream:
      debian/patches/17-head
      debian/patches/18-no-valid-dir
      debian/patches/19-heap-segfault
      debian/patches/20-ntlm-fetch-string
      debian/patches/21-ntlm-noreuse-leak

    - Fixes Denial of Service in SNMP asn_parse_header module
      (Ref: CAN-2004-0918)

  * debian/po/nl.po
    - Updated Dutch debconf translation (Thanks to Luk Claes)
      (Closes: #277763)
  * Urgency still medium due to RC bug fix in squid-cgi
  * debian/templates
    - Applied patch to fix typos (thanks to Jens Nachtingal)
      (Closes: #275524)

  * debian/po/de.po
    - Updated german debconf translation (thanks to Jens Nachtingall)
      (Closes: #275523)
  * debian/control
    - Fix versioned build-depend on dpatch to fix FTBFS on alpha and sparc
  * Urgency medium due to RC bug fix in squid-cgi
  * debian/patches/22-cachemgr-acl
    - Reworked code flow (thanks to Martin Schulze)
  * debian/cachemgr.conf
    - Added comments at the start (again, thanks to Martin Schulze)
  * debian/control
    - Add version to build-depend on dpatch to fix FTBFS on alpha and sparc
  * Urgency medium due to RC bug fix in squid-cgi
  * debian/patches/22-cachemgr-acl
    - Added config file (/etc/squid/cachemgr.conf) checking to cachemgr.cgi
      (Closes for sid/sarge: #133131)
      Ref: CAN-2004-0913

  * debian/cachemgr.conf
    - Added default configuration file for squid-cgi
  * debian/templates
    - Modified squid-cgi template with informations on the new config
      file format

  * debian/po/it.po
    - Updated italian debconf translation
  * Urgency medium due to DoS fix in ntlm_auth (this should really make it
    into sarge)
  * debian/po/fr.po
    Updated French translation (Closes: #267577)
  * debian/po/pt_BR.po
    Updated Brazilian Portuguese translation (Closes: #267187)
  * debian/patches/20-ntlm-fetch-string
    Added upstream patch that fixes DoS in ntlm authentication
    (http://www.squid-cache.org/bugs/show_bug.cgi?id=1045)
    Ref: CAN-2004-0832
  * debian/patches/21-ntlm-noreuse-leak
    Added upstream patch that fixes memory leak in ntlm authentication
    with challenge reuse disabled
  * I should have checked upstream patches before -6 upload
  * Still urgency medium because of grave bug and upcoming sarge freeze.
  * debian/patches/19-heap-segfault
    - Added upstream patches to fix segfaults with heap replacement policy
  * Urgency medium because of grave bug and upcoming sarge freeze.
  * debian/config
    - Fix access to config file if config file does not exist
      (Closes: #264595)
  * debian/patches/18-no-valid-dir
    - Added upstream patch to fix invalid store with ufs
  * debian/{templates,postinst,config,squid.rc}
    - Added debconf question asking user to confirm before changing
      owner/group of cache_dir (Closes: #259541)
    - Removed permission fix from rc script. Will check only on upgrades
      to avoid messing up filesystem when administrator selects wrong
      values for cache_dir (See #259541 for an example)
  * debian/squid.rc
    - Added support for CHUID in start-stop-daemon (Closes: #137122). Beware
      of /etc/squid/squid.conf permissions if you use it!
  * debian/po/it.po
    - Added italian debconf translation
  * debian/patches/17-head
    - Added upstream patch to fix stale informations returned on HEAD request
      (Closes: #222499)
  * debian/patches/09-enable-large-files
    - Re-enable upstream support for logfiles bigger than 2GB. If no side
      effect shows up in a short time I'll close the bug (229327).
  * debian/preinst
    - Removed warning for logfiles bigger than 2GB.
  * debian/control
    - Added dependency on coreutils to be abel to use /usr/bin/stat in postinst
  * debian/postinst
    - chown directories only if actual owernship doesn't match configfile
    (Closes: #259217)
  * New Upstream Release
    - removed patches that have been integrated upstream:
      debian/patches/16-range-offset-limit
      debian/patches/15-dns-localhost
      debian/patches/14-proxy-abuse
      debian/patches/13-ntlm-overflow
      debian/patches/12-post-assert
      debian/patches/11-digest-blank
      debian/patches/10-ntlm-assert
  * debian/patches/13-ntlm-overflow
    - Updated to officially released upstrem patch (Closes: #256666)

ubuntu/breezy-devel 2005-12-21 05:58:32 UTC 2005-12-21
Import patches-unapplied version 2.5.10-6 to ubuntu/breezy

Author: Luigi Gangitano
Author Date: 2005-09-17 19:44:53 UTC

Import patches-unapplied version 2.5.10-6 to ubuntu/breezy

Imported using git-ubuntu import.

Changelog parent: 6ee4ae76352c4b83aeff42f8ad1072c15fdf5b1c

New changelog entries:
  * debian/patches/46-ntlm-scheme-assert
    - Added upstream patch to fix potential DoS in NTLM authentication
      (Ref: CAN-2005-2917)
  * debian/control
    - Fixed typo in squid-cgi description (Closes: #327810)
  * debian/patches/
    - Removed patch files integrated upstream
  * debian/control
    - Added dependency on debconf-2.0
  * debian/patches/44-sslconnect-segfault
    - Added upstream patch to fix security issue in ssl connection handling
      potentially causing DoS. (Ref. CAN-2005-2796)
  * debian/patches/45-store-assert
    - Added upstream patch to fix security issue in store.c potentially
      causing DoS (Ref. CAN-2005-2794)
  * debian/changelog
    - Fixed typos in various lines that caused lintian to scream
  * debian/rules
    - Dropped use of DEBIAN_HOST_GNU_{CPU,SYSTEM} since the dpkg transition
      has broken them, preventing the MAXFD limit correction to 4096. Use
      Used DEBIAN_ARCH_{OS,CPU} instead. (Closes: #322526)
  * debian/po/cs.po
    - Added Czech debconf translation thanks to Miroslav Kure
      (Closes: #320369)
  * debian/patches/43-stathist-assert
    - Added patch to fix assertion failure in StatHist.c
      (Closes: #310642)
  * debian/po/vi.po
    - Added Vietnamese debconf translation thanks to Clytie Siddall
      (Closes: #318705)
  * debian/po/de.po
    - Fixed path in German translation
      (Closes: #313152)
  * New upstream release
    - removed patches that have been integrated upstream:
      debian/patches/05-syslog
      debian/patches/09-enable-large-files
      debian/patches/22-cachemgr-acl
      debian/patches/38-aufs-fixes
      debian/patches/39-notinmemory
      debian/patches/40-acl-error
      debian/patches/41-2GB-assert
      debian/patches/42-dns-query
  * debian/config
    - Fixed check on cache_dir permissions when it is symlinked
      (Closes: #312253)
  * debian/squid.rc
    - Removed unused functions in rc script
  * debian/postinst
    - Added check for statovverrides on log directory
      (Closes: #309634)
  * Urgency high to get the translation fix in sarge

  * debian/po/ru.po
    - Updated Russian debconf translation (thanks to Yuriy Talakan)
      (Closes: #310038)
  * Urgency high due to security fixes

  * debian/patches/41-2GB-assert
    - Added upstream patch to fix assertion failure
      store_client.c:343: "storeSwapOutObjectBytesOnDisk(mem) > sc->copy_offset"
  * debian/patches/42-dns-query
    - Added upstream patch to fix security issue with DNS response spoofing
  * Urgency medium due to upstream fixes that should go into sarge
  * debian/patches/39-notinmemory
    - Updated upstream patch
  * debian/patches/39-notinmemory
    - Added upstream patch to fix assertion failure
      store_swapin.c:45: "e->mem_status == NOT_IN_MEMORY
      (Closes: #306072)
  * debian/patches/40-acl-error
    - Added upstream patch fixing minor security issue in parsing acls
      (Ref: CAN-2005-1345)
  * debian/patches/22-cachemgr-acl
    - Updated to the upstream patch
  * debian/rules
   - Install upstream cachemgr.conf instead of the old local one
  * debian/cachemgr.conf
    - Removed local version not used anymore
  * debian/po/ja.po
    - Updated debconf translation (thanks to Kenshi Muto)
      (Closes: #306939)
  * Urgency still medium due to upstream fixes that should go into sarge
  * debian/patches/09-enable-large-files
    - Updated again upstream patch, fixing failed assertion
      store_swapout.c:232: "mem->inmem_lo == 0"
      (Closes: #305387)
  * Urgency still medium due to upstream fixes that should go into sarge
  * debian/patches/09-enable-large-files
    - Updated upstream patch, fixing race condition causing segfault
      (Closes: #305387)
  * Urgency still medium due to upstream fixes that should go into sarge
  * debian/patches/09-enable-large-files
    - Updated upstream patch, fixing crashes with diskd (Closes: #302634)
  * debian/patches/00list
    - Reworked patch order
  * Urgency medium due to upstream fixes that should go into sarge

  * debian/patches/09-enable-large-files
    - Substituded with official upstream patch for large file support.
      This patch is definetly better than the one previously used.
  * debian/rules
    - Changed configure option --enable-large-files to --with-large-files
  * debian/patches/38-aufs-fixes
    - Added upstream patch fixing small issues with aufs and enhancing
      performance

  * Urgency medium due to small security fix
  * debian/patches/37-setcookie.dpatch
    - Added upstream patchto fix race condition with Set-Cookie headers
      (Closes: #298053)

  * debian/watch
    - Re-Updated watch file, this should really work
  * New upstream release
    - removed patches that have been integrated upstream:
      debian/patches/30-amd64-gcc40-compile
      debian/patches/36-dns-assert
  * debian/watch
    - Updated watch file, this should work
  * Urgency high due security fixes
  * debian/patches/36-dns-assert.dpatch
    - Added upstream patch to fix DoS in DNS reply parsing
      (Ref: CAN-2005-0446)
  * debian/squid.rc
    - Added db_stop call before invoke-rc.d (Closes: #294866)
  * New upstream release
    - removed patches that have been integrated upstream:
      debian/patches/23-deny-internal-object-purge
      debian/patches/24-gopher-html-parsing
      debian/patches/25-wccp-dos
      debian/patches/26-dns-memleak
      debian/patches/27-ldap-spaces
      debian/patches/28-fakeauth-memleak
      debian/patches/29-fqdn-truncated
      debian/patches/31-wccp-buffer-overflow
      debian/patches/32-response-splitting
      debian/patches/33-header-parsing
      debian/patches/34-oversize-reply-header
      debian/patches/35-empty-acl
    - Fixed 100% CPU usage on half closed PUT/POST requests
      (Closes: #294551)
  * debian/squid.rc
    - Applied patch from Thomas Hood to improve initscript output
      (Closes: #294465)
  * Urgency high due security fixes, previous version not yet in sarge and
    this version makes just a litte change to dependencies

  * debian/control
    - Added versioned depends on the same version of squid-common
      (Closes: #293552, #293626)
  * Urgency high due security fixes
  * debian/patches/34-oversize-reply-header.dpatch
    - Added upstream patch to correct HTTP protocol mismatch introduced
      by the header-parsing patch
      (Ref: CAN-2005-0241)
  * debian/patches/35-empty-acl.dpatch
    - Added upstream patch to fix minor security issues with 'empty' acls
      (Ref: CAN-2005-0194)
  * Urgency high due security fixes
  * debian/patches/01-cf.data.pre
    - Explicitly set hosts_file to /etc/hosts (Closes: #185555)
  * debian/patches/31-wccp-buffer-overflow.dpatch
    - Added upstream patch that fixes BoF in WCCP recvfrom()
      (Ref: CAN-2005-0211)
  * debian/patches/32-response-splitting.dpatch
    - Added upstream patch that fixes HTTP response splitting cache pollution
      (Ref: CAN-2005-0175)
  * debian/patches/33-header-parsing.dpatch
    - Added upstream patch to reject malformed HTTP requests and responses
      (Ref: CAN-2005-0174)
  * Urgency high due security fixes
  * Updated references in changelog to CAN advisories
  * "A round of upstream patches" release
  * debian/patches/24-gopher-html-parsing
    - Added upstream patch that fixes BoF in gopherToHTML()
      (Ref: CAN-2005-0094)

  * debian/patches/25-wccp-dos
    - Added upstream patch that fixes DoS in WCCP message handling
      (Ref: CAN-2005-0095)
  * debian/patches/26-dns-memleak
    - Added upstream patch that fixes memory leak in internal DNS resolver
  * debian/patches/27-ldap-spaces
    - Added upstream patch that fixes minor security issues in LDAP account
      handling
      (Ref: CAN-2005-0173)
  * debian/patches/28-fakeauth-memleak
    - Added upstream patch that fixes memory leak in fakeauth NTLM helper
  * debian/patches/29-fqdn-truncated
    - Added upstream patch that fixes name truncation in compressed DNS
      responses
  * debian/patches/30-amd64-gcc40-compile
    - Added patch to compile squid on AMD64 with GCC-4.0 (Closes: #288542)

  * debian/patches/07-manpage
    - Removed, since now the config file is in /etc/squid
      (Closes: #284791)
  * debian/patches/23-deny-internal-object-purge
    - Added upstream patch that fixes internal object expiry
      (Closes: #75468)
  * debian/po/de.po
    - Updated German debconf translation (thanks to Jens Nachtigall)
      (Closes: #283848)

  * debian/po/nl.po
    - Updated Dutch debconf translation (thanks to Luk Claes)
      (Closes: #281563)
  * debian/watch
    - Added debian watch file
  * debian/po/fr.po
    - Updated French debconf translation (thanks to Christian Perrier)
      (Closes: #279304)
  * debian/rules
    - Added wbinfo_group external acl (Closes: #280895)
  * Urgency medium due to security issues

  * New upstream release
    - removed patches that have been integrated upstream:
      debian/patches/17-head
      debian/patches/18-no-valid-dir
      debian/patches/19-heap-segfault
      debian/patches/20-ntlm-fetch-string
      debian/patches/21-ntlm-noreuse-leak

    - Fixes Denial of Service in SNMP asn_parse_header module
      (Ref: CAN-2004-0918)

  * debian/po/nl.po
    - Updated Dutch debconf translation (Thanks to Luk Claes)
      (Closes: #277763)
  * Urgency still medium due to RC bug fix in squid-cgi
  * debian/templates
    - Applied patch to fix typos (thanks to Jens Nachtingal)
      (Closes: #275524)

  * debian/po/de.po
    - Updated german debconf translation (thanks to Jens Nachtingall)
      (Closes: #275523)
  * debian/control
    - Fix versioned build-depend on dpatch to fix FTBFS on alpha and sparc
  * Urgency medium due to RC bug fix in squid-cgi
  * debian/patches/22-cachemgr-acl
    - Reworked code flow (thanks to Martin Schulze)
  * debian/cachemgr.conf
    - Added comments at the start (again, thanks to Martin Schulze)
  * debian/control
    - Add version to build-depend on dpatch to fix FTBFS on alpha and sparc
  * Urgency medium due to RC bug fix in squid-cgi
  * debian/patches/22-cachemgr-acl
    - Added config file (/etc/squid/cachemgr.conf) checking to cachemgr.cgi
      (Closes for sid/sarge: #133131)
      Ref: CAN-2004-0913

  * debian/cachemgr.conf
    - Added default configuration file for squid-cgi
  * debian/templates
    - Modified squid-cgi template with informations on the new config
      file format

  * debian/po/it.po
    - Updated italian debconf translation
  * Urgency medium due to DoS fix in ntlm_auth (this should really make it
    into sarge)
  * debian/po/fr.po
    Updated French translation (Closes: #267577)
  * debian/po/pt_BR.po
    Updated Brazilian Portuguese translation (Closes: #267187)
  * debian/patches/20-ntlm-fetch-string
    Added upstream patch that fixes DoS in ntlm authentication
    (http://www.squid-cache.org/bugs/show_bug.cgi?id=1045)
    Ref: CAN-2004-0832
  * debian/patches/21-ntlm-noreuse-leak
    Added upstream patch that fixes memory leak in ntlm authentication
    with challenge reuse disabled
  * I should have checked upstream patches before -6 upload
  * Still urgency medium because of grave bug and upcoming sarge freeze.
  * debian/patches/19-heap-segfault
    - Added upstream patches to fix segfaults with heap replacement policy
  * Urgency medium because of grave bug and upcoming sarge freeze.
  * debian/config
    - Fix access to config file if config file does not exist
      (Closes: #264595)
  * debian/patches/18-no-valid-dir
    - Added upstream patch to fix invalid store with ufs
  * debian/{templates,postinst,config,squid.rc}
    - Added debconf question asking user to confirm before changing
      owner/group of cache_dir (Closes: #259541)
    - Removed permission fix from rc script. Will check only on upgrades
      to avoid messing up filesystem when administrator selects wrong
      values for cache_dir (See #259541 for an example)
  * debian/squid.rc
    - Added support for CHUID in start-stop-daemon (Closes: #137122). Beware
      of /etc/squid/squid.conf permissions if you use it!
  * debian/po/it.po
    - Added italian debconf translation
  * debian/patches/17-head
    - Added upstream patch to fix stale informations returned on HEAD request
      (Closes: #222499)
  * debian/patches/09-enable-large-files
    - Re-enable upstream support for logfiles bigger than 2GB. If no side
      effect shows up in a short time I'll close the bug (229327).
  * debian/preinst
    - Removed warning for logfiles bigger than 2GB.
  * debian/control
    - Added dependency on coreutils to be abel to use /usr/bin/stat in postinst
  * debian/postinst
    - chown directories only if actual owernship doesn't match configfile
    (Closes: #259217)
  * New Upstream Release
    - removed patches that have been integrated upstream:
      debian/patches/16-range-offset-limit
      debian/patches/15-dns-localhost
      debian/patches/14-proxy-abuse
      debian/patches/13-ntlm-overflow
      debian/patches/12-post-assert
      debian/patches/11-digest-blank
      debian/patches/10-ntlm-assert
  * debian/patches/13-ntlm-overflow
    - Updated to officially released upstrem patch (Closes: #256666)

ubuntu/breezy 2005-12-21 05:58:32 UTC 2005-12-21
Import patches-unapplied version 2.5.10-6 to ubuntu/breezy

Author: Luigi Gangitano
Author Date: 2005-09-17 19:44:53 UTC

Import patches-unapplied version 2.5.10-6 to ubuntu/breezy

Imported using git-ubuntu import.

Changelog parent: 6ee4ae76352c4b83aeff42f8ad1072c15fdf5b1c

New changelog entries:
  * debian/patches/46-ntlm-scheme-assert
    - Added upstream patch to fix potential DoS in NTLM authentication
      (Ref: CAN-2005-2917)
  * debian/control
    - Fixed typo in squid-cgi description (Closes: #327810)
  * debian/patches/
    - Removed patch files integrated upstream
  * debian/control
    - Added dependency on debconf-2.0
  * debian/patches/44-sslconnect-segfault
    - Added upstream patch to fix security issue in ssl connection handling
      potentially causing DoS. (Ref. CAN-2005-2796)
  * debian/patches/45-store-assert
    - Added upstream patch to fix security issue in store.c potentially
      causing DoS (Ref. CAN-2005-2794)
  * debian/changelog
    - Fixed typos in various lines that caused lintian to scream
  * debian/rules
    - Dropped use of DEBIAN_HOST_GNU_{CPU,SYSTEM} since the dpkg transition
      has broken them, preventing the MAXFD limit correction to 4096. Use
      Used DEBIAN_ARCH_{OS,CPU} instead. (Closes: #322526)
  * debian/po/cs.po
    - Added Czech debconf translation thanks to Miroslav Kure
      (Closes: #320369)
  * debian/patches/43-stathist-assert
    - Added patch to fix assertion failure in StatHist.c
      (Closes: #310642)
  * debian/po/vi.po
    - Added Vietnamese debconf translation thanks to Clytie Siddall
      (Closes: #318705)
  * debian/po/de.po
    - Fixed path in German translation
      (Closes: #313152)
  * New upstream release
    - removed patches that have been integrated upstream:
      debian/patches/05-syslog
      debian/patches/09-enable-large-files
      debian/patches/22-cachemgr-acl
      debian/patches/38-aufs-fixes
      debian/patches/39-notinmemory
      debian/patches/40-acl-error
      debian/patches/41-2GB-assert
      debian/patches/42-dns-query
  * debian/config
    - Fixed check on cache_dir permissions when it is symlinked
      (Closes: #312253)
  * debian/squid.rc
    - Removed unused functions in rc script
  * debian/postinst
    - Added check for statovverrides on log directory
      (Closes: #309634)
  * Urgency high to get the translation fix in sarge

  * debian/po/ru.po
    - Updated Russian debconf translation (thanks to Yuriy Talakan)
      (Closes: #310038)
  * Urgency high due to security fixes

  * debian/patches/41-2GB-assert
    - Added upstream patch to fix assertion failure
      store_client.c:343: "storeSwapOutObjectBytesOnDisk(mem) > sc->copy_offset"
  * debian/patches/42-dns-query
    - Added upstream patch to fix security issue with DNS response spoofing
  * Urgency medium due to upstream fixes that should go into sarge
  * debian/patches/39-notinmemory
    - Updated upstream patch
  * debian/patches/39-notinmemory
    - Added upstream patch to fix assertion failure
      store_swapin.c:45: "e->mem_status == NOT_IN_MEMORY
      (Closes: #306072)
  * debian/patches/40-acl-error
    - Added upstream patch fixing minor security issue in parsing acls
      (Ref: CAN-2005-1345)
  * debian/patches/22-cachemgr-acl
    - Updated to the upstream patch
  * debian/rules
   - Install upstream cachemgr.conf instead of the old local one
  * debian/cachemgr.conf
    - Removed local version not used anymore
  * debian/po/ja.po
    - Updated debconf translation (thanks to Kenshi Muto)
      (Closes: #306939)
  * Urgency still medium due to upstream fixes that should go into sarge
  * debian/patches/09-enable-large-files
    - Updated again upstream patch, fixing failed assertion
      store_swapout.c:232: "mem->inmem_lo == 0"
      (Closes: #305387)
  * Urgency still medium due to upstream fixes that should go into sarge
  * debian/patches/09-enable-large-files
    - Updated upstream patch, fixing race condition causing segfault
      (Closes: #305387)
  * Urgency still medium due to upstream fixes that should go into sarge
  * debian/patches/09-enable-large-files
    - Updated upstream patch, fixing crashes with diskd (Closes: #302634)
  * debian/patches/00list
    - Reworked patch order
  * Urgency medium due to upstream fixes that should go into sarge

  * debian/patches/09-enable-large-files
    - Substituded with official upstream patch for large file support.
      This patch is definetly better than the one previously used.
  * debian/rules
    - Changed configure option --enable-large-files to --with-large-files
  * debian/patches/38-aufs-fixes
    - Added upstream patch fixing small issues with aufs and enhancing
      performance

  * Urgency medium due to small security fix
  * debian/patches/37-setcookie.dpatch
    - Added upstream patchto fix race condition with Set-Cookie headers
      (Closes: #298053)

  * debian/watch
    - Re-Updated watch file, this should really work
  * New upstream release
    - removed patches that have been integrated upstream:
      debian/patches/30-amd64-gcc40-compile
      debian/patches/36-dns-assert
  * debian/watch
    - Updated watch file, this should work
  * Urgency high due security fixes
  * debian/patches/36-dns-assert.dpatch
    - Added upstream patch to fix DoS in DNS reply parsing
      (Ref: CAN-2005-0446)
  * debian/squid.rc
    - Added db_stop call before invoke-rc.d (Closes: #294866)
  * New upstream release
    - removed patches that have been integrated upstream:
      debian/patches/23-deny-internal-object-purge
      debian/patches/24-gopher-html-parsing
      debian/patches/25-wccp-dos
      debian/patches/26-dns-memleak
      debian/patches/27-ldap-spaces
      debian/patches/28-fakeauth-memleak
      debian/patches/29-fqdn-truncated
      debian/patches/31-wccp-buffer-overflow
      debian/patches/32-response-splitting
      debian/patches/33-header-parsing
      debian/patches/34-oversize-reply-header
      debian/patches/35-empty-acl
    - Fixed 100% CPU usage on half closed PUT/POST requests
      (Closes: #294551)
  * debian/squid.rc
    - Applied patch from Thomas Hood to improve initscript output
      (Closes: #294465)
  * Urgency high due security fixes, previous version not yet in sarge and
    this version makes just a litte change to dependencies

  * debian/control
    - Added versioned depends on the same version of squid-common
      (Closes: #293552, #293626)
  * Urgency high due security fixes
  * debian/patches/34-oversize-reply-header.dpatch
    - Added upstream patch to correct HTTP protocol mismatch introduced
      by the header-parsing patch
      (Ref: CAN-2005-0241)
  * debian/patches/35-empty-acl.dpatch
    - Added upstream patch to fix minor security issues with 'empty' acls
      (Ref: CAN-2005-0194)
  * Urgency high due security fixes
  * debian/patches/01-cf.data.pre
    - Explicitly set hosts_file to /etc/hosts (Closes: #185555)
  * debian/patches/31-wccp-buffer-overflow.dpatch
    - Added upstream patch that fixes BoF in WCCP recvfrom()
      (Ref: CAN-2005-0211)
  * debian/patches/32-response-splitting.dpatch
    - Added upstream patch that fixes HTTP response splitting cache pollution
      (Ref: CAN-2005-0175)
  * debian/patches/33-header-parsing.dpatch
    - Added upstream patch to reject malformed HTTP requests and responses
      (Ref: CAN-2005-0174)
  * Urgency high due security fixes
  * Updated references in changelog to CAN advisories
  * "A round of upstream patches" release
  * debian/patches/24-gopher-html-parsing
    - Added upstream patch that fixes BoF in gopherToHTML()
      (Ref: CAN-2005-0094)

  * debian/patches/25-wccp-dos
    - Added upstream patch that fixes DoS in WCCP message handling
      (Ref: CAN-2005-0095)
  * debian/patches/26-dns-memleak
    - Added upstream patch that fixes memory leak in internal DNS resolver
  * debian/patches/27-ldap-spaces
    - Added upstream patch that fixes minor security issues in LDAP account
      handling
      (Ref: CAN-2005-0173)
  * debian/patches/28-fakeauth-memleak
    - Added upstream patch that fixes memory leak in fakeauth NTLM helper
  * debian/patches/29-fqdn-truncated
    - Added upstream patch that fixes name truncation in compressed DNS
      responses
  * debian/patches/30-amd64-gcc40-compile
    - Added patch to compile squid on AMD64 with GCC-4.0 (Closes: #288542)

  * debian/patches/07-manpage
    - Removed, since now the config file is in /etc/squid
      (Closes: #284791)
  * debian/patches/23-deny-internal-object-purge
    - Added upstream patch that fixes internal object expiry
      (Closes: #75468)
  * debian/po/de.po
    - Updated German debconf translation (thanks to Jens Nachtigall)
      (Closes: #283848)

  * debian/po/nl.po
    - Updated Dutch debconf translation (thanks to Luk Claes)
      (Closes: #281563)
  * debian/watch
    - Added debian watch file
  * debian/po/fr.po
    - Updated French debconf translation (thanks to Christian Perrier)
      (Closes: #279304)
  * debian/rules
    - Added wbinfo_group external acl (Closes: #280895)
  * Urgency medium due to security issues

  * New upstream release
    - removed patches that have been integrated upstream:
      debian/patches/17-head
      debian/patches/18-no-valid-dir
      debian/patches/19-heap-segfault
      debian/patches/20-ntlm-fetch-string
      debian/patches/21-ntlm-noreuse-leak

    - Fixes Denial of Service in SNMP asn_parse_header module
      (Ref: CAN-2004-0918)

  * debian/po/nl.po
    - Updated Dutch debconf translation (Thanks to Luk Claes)
      (Closes: #277763)
  * Urgency still medium due to RC bug fix in squid-cgi
  * debian/templates
    - Applied patch to fix typos (thanks to Jens Nachtingal)
      (Closes: #275524)

  * debian/po/de.po
    - Updated german debconf translation (thanks to Jens Nachtingall)
      (Closes: #275523)
  * debian/control
    - Fix versioned build-depend on dpatch to fix FTBFS on alpha and sparc
  * Urgency medium due to RC bug fix in squid-cgi
  * debian/patches/22-cachemgr-acl
    - Reworked code flow (thanks to Martin Schulze)
  * debian/cachemgr.conf
    - Added comments at the start (again, thanks to Martin Schulze)
  * debian/control
    - Add version to build-depend on dpatch to fix FTBFS on alpha and sparc
  * Urgency medium due to RC bug fix in squid-cgi
  * debian/patches/22-cachemgr-acl
    - Added config file (/etc/squid/cachemgr.conf) checking to cachemgr.cgi
      (Closes for sid/sarge: #133131)
      Ref: CAN-2004-0913

  * debian/cachemgr.conf
    - Added default configuration file for squid-cgi
  * debian/templates
    - Modified squid-cgi template with informations on the new config
      file format

  * debian/po/it.po
    - Updated italian debconf translation
  * Urgency medium due to DoS fix in ntlm_auth (this should really make it
    into sarge)
  * debian/po/fr.po
    Updated French translation (Closes: #267577)
  * debian/po/pt_BR.po
    Updated Brazilian Portuguese translation (Closes: #267187)
  * debian/patches/20-ntlm-fetch-string
    Added upstream patch that fixes DoS in ntlm authentication
    (http://www.squid-cache.org/bugs/show_bug.cgi?id=1045)
    Ref: CAN-2004-0832
  * debian/patches/21-ntlm-noreuse-leak
    Added upstream patch that fixes memory leak in ntlm authentication
    with challenge reuse disabled
  * I should have checked upstream patches before -6 upload
  * Still urgency medium because of grave bug and upcoming sarge freeze.
  * debian/patches/19-heap-segfault
    - Added upstream patches to fix segfaults with heap replacement policy
  * Urgency medium because of grave bug and upcoming sarge freeze.
  * debian/config
    - Fix access to config file if config file does not exist
      (Closes: #264595)
  * debian/patches/18-no-valid-dir
    - Added upstream patch to fix invalid store with ufs
  * debian/{templates,postinst,config,squid.rc}
    - Added debconf question asking user to confirm before changing
      owner/group of cache_dir (Closes: #259541)
    - Removed permission fix from rc script. Will check only on upgrades
      to avoid messing up filesystem when administrator selects wrong
      values for cache_dir (See #259541 for an example)
  * debian/squid.rc
    - Added support for CHUID in start-stop-daemon (Closes: #137122). Beware
      of /etc/squid/squid.conf permissions if you use it!
  * debian/po/it.po
    - Added italian debconf translation
  * debian/patches/17-head
    - Added upstream patch to fix stale informations returned on HEAD request
      (Closes: #222499)
  * debian/patches/09-enable-large-files
    - Re-enable upstream support for logfiles bigger than 2GB. If no side
      effect shows up in a short time I'll close the bug (229327).
  * debian/preinst
    - Removed warning for logfiles bigger than 2GB.
  * debian/control
    - Added dependency on coreutils to be abel to use /usr/bin/stat in postinst
  * debian/postinst
    - chown directories only if actual owernship doesn't match configfile
    (Closes: #259217)
  * New Upstream Release
    - removed patches that have been integrated upstream:
      debian/patches/16-range-offset-limit
      debian/patches/15-dns-localhost
      debian/patches/14-proxy-abuse
      debian/patches/13-ntlm-overflow
      debian/patches/12-post-assert
      debian/patches/11-digest-blank
      debian/patches/10-ntlm-assert
  * debian/patches/13-ntlm-overflow
    - Updated to officially released upstrem patch (Closes: #256666)

applied/ubuntu/breezy 2005-12-21 05:58:32 UTC 2005-12-21
Import patches-applied version 2.5.10-6 to applied/ubuntu/breezy

Author: Luigi Gangitano
Author Date: 2005-09-17 19:44:53 UTC

Import patches-applied version 2.5.10-6 to applied/ubuntu/breezy

Imported using git-ubuntu import.

Changelog parent: 3558ed2e9d4793a5f3f74a9cd3baeb77bf7123df
Unapplied parent: 469542ed85d354dbc513af0149d76ca36f9ed296

New changelog entries:
  * debian/patches/46-ntlm-scheme-assert
    - Added upstream patch to fix potential DoS in NTLM authentication
      (Ref: CAN-2005-2917)
  * debian/control
    - Fixed typo in squid-cgi description (Closes: #327810)
  * debian/patches/
    - Removed patch files integrated upstream
  * debian/control
    - Added dependency on debconf-2.0
  * debian/patches/44-sslconnect-segfault
    - Added upstream patch to fix security issue in ssl connection handling
      potentially causing DoS. (Ref. CAN-2005-2796)
  * debian/patches/45-store-assert
    - Added upstream patch to fix security issue in store.c potentially
      causing DoS (Ref. CAN-2005-2794)
  * debian/changelog
    - Fixed typos in various lines that caused lintian to scream
  * debian/rules
    - Dropped use of DEBIAN_HOST_GNU_{CPU,SYSTEM} since the dpkg transition
      has broken them, preventing the MAXFD limit correction to 4096. Use
      Used DEBIAN_ARCH_{OS,CPU} instead. (Closes: #322526)
  * debian/po/cs.po
    - Added Czech debconf translation thanks to Miroslav Kure
      (Closes: #320369)
  * debian/patches/43-stathist-assert
    - Added patch to fix assertion failure in StatHist.c
      (Closes: #310642)
  * debian/po/vi.po
    - Added Vietnamese debconf translation thanks to Clytie Siddall
      (Closes: #318705)
  * debian/po/de.po
    - Fixed path in German translation
      (Closes: #313152)
  * New upstream release
    - removed patches that have been integrated upstream:
      debian/patches/05-syslog
      debian/patches/09-enable-large-files
      debian/patches/22-cachemgr-acl
      debian/patches/38-aufs-fixes
      debian/patches/39-notinmemory
      debian/patches/40-acl-error
      debian/patches/41-2GB-assert
      debian/patches/42-dns-query
  * debian/config
    - Fixed check on cache_dir permissions when it is symlinked
      (Closes: #312253)
  * debian/squid.rc
    - Removed unused functions in rc script
  * debian/postinst
    - Added check for statovverrides on log directory
      (Closes: #309634)
  * Urgency high to get the translation fix in sarge

  * debian/po/ru.po
    - Updated Russian debconf translation (thanks to Yuriy Talakan)
      (Closes: #310038)
  * Urgency high due to security fixes

  * debian/patches/41-2GB-assert
    - Added upstream patch to fix assertion failure
      store_client.c:343: "storeSwapOutObjectBytesOnDisk(mem) > sc->copy_offset"
  * debian/patches/42-dns-query
    - Added upstream patch to fix security issue with DNS response spoofing
  * Urgency medium due to upstream fixes that should go into sarge
  * debian/patches/39-notinmemory
    - Updated upstream patch
  * debian/patches/39-notinmemory
    - Added upstream patch to fix assertion failure
      store_swapin.c:45: "e->mem_status == NOT_IN_MEMORY
      (Closes: #306072)
  * debian/patches/40-acl-error
    - Added upstream patch fixing minor security issue in parsing acls
      (Ref: CAN-2005-1345)
  * debian/patches/22-cachemgr-acl
    - Updated to the upstream patch
  * debian/rules
   - Install upstream cachemgr.conf instead of the old local one
  * debian/cachemgr.conf
    - Removed local version not used anymore
  * debian/po/ja.po
    - Updated debconf translation (thanks to Kenshi Muto)
      (Closes: #306939)
  * Urgency still medium due to upstream fixes that should go into sarge
  * debian/patches/09-enable-large-files
    - Updated again upstream patch, fixing failed assertion
      store_swapout.c:232: "mem->inmem_lo == 0"
      (Closes: #305387)
  * Urgency still medium due to upstream fixes that should go into sarge
  * debian/patches/09-enable-large-files
    - Updated upstream patch, fixing race condition causing segfault
      (Closes: #305387)
  * Urgency still medium due to upstream fixes that should go into sarge
  * debian/patches/09-enable-large-files
    - Updated upstream patch, fixing crashes with diskd (Closes: #302634)
  * debian/patches/00list
    - Reworked patch order
  * Urgency medium due to upstream fixes that should go into sarge

  * debian/patches/09-enable-large-files
    - Substituded with official upstream patch for large file support.
      This patch is definetly better than the one previously used.
  * debian/rules
    - Changed configure option --enable-large-files to --with-large-files
  * debian/patches/38-aufs-fixes
    - Added upstream patch fixing small issues with aufs and enhancing
      performance

  * Urgency medium due to small security fix
  * debian/patches/37-setcookie.dpatch
    - Added upstream patchto fix race condition with Set-Cookie headers
      (Closes: #298053)

  * debian/watch
    - Re-Updated watch file, this should really work
  * New upstream release
    - removed patches that have been integrated upstream:
      debian/patches/30-amd64-gcc40-compile
      debian/patches/36-dns-assert
  * debian/watch
    - Updated watch file, this should work
  * Urgency high due security fixes
  * debian/patches/36-dns-assert.dpatch
    - Added upstream patch to fix DoS in DNS reply parsing
      (Ref: CAN-2005-0446)
  * debian/squid.rc
    - Added db_stop call before invoke-rc.d (Closes: #294866)
  * New upstream release
    - removed patches that have been integrated upstream:
      debian/patches/23-deny-internal-object-purge
      debian/patches/24-gopher-html-parsing
      debian/patches/25-wccp-dos
      debian/patches/26-dns-memleak
      debian/patches/27-ldap-spaces
      debian/patches/28-fakeauth-memleak
      debian/patches/29-fqdn-truncated
      debian/patches/31-wccp-buffer-overflow
      debian/patches/32-response-splitting
      debian/patches/33-header-parsing
      debian/patches/34-oversize-reply-header
      debian/patches/35-empty-acl
    - Fixed 100% CPU usage on half closed PUT/POST requests
      (Closes: #294551)
  * debian/squid.rc
    - Applied patch from Thomas Hood to improve initscript output
      (Closes: #294465)
  * Urgency high due security fixes, previous version not yet in sarge and
    this version makes just a litte change to dependencies

  * debian/control
    - Added versioned depends on the same version of squid-common
      (Closes: #293552, #293626)
  * Urgency high due security fixes
  * debian/patches/34-oversize-reply-header.dpatch
    - Added upstream patch to correct HTTP protocol mismatch introduced
      by the header-parsing patch
      (Ref: CAN-2005-0241)
  * debian/patches/35-empty-acl.dpatch
    - Added upstream patch to fix minor security issues with 'empty' acls
      (Ref: CAN-2005-0194)
  * Urgency high due security fixes
  * debian/patches/01-cf.data.pre
    - Explicitly set hosts_file to /etc/hosts (Closes: #185555)
  * debian/patches/31-wccp-buffer-overflow.dpatch
    - Added upstream patch that fixes BoF in WCCP recvfrom()
      (Ref: CAN-2005-0211)
  * debian/patches/32-response-splitting.dpatch
    - Added upstream patch that fixes HTTP response splitting cache pollution
      (Ref: CAN-2005-0175)
  * debian/patches/33-header-parsing.dpatch
    - Added upstream patch to reject malformed HTTP requests and responses
      (Ref: CAN-2005-0174)
  * Urgency high due security fixes
  * Updated references in changelog to CAN advisories
  * "A round of upstream patches" release
  * debian/patches/24-gopher-html-parsing
    - Added upstream patch that fixes BoF in gopherToHTML()
      (Ref: CAN-2005-0094)

  * debian/patches/25-wccp-dos
    - Added upstream patch that fixes DoS in WCCP message handling
      (Ref: CAN-2005-0095)
  * debian/patches/26-dns-memleak
    - Added upstream patch that fixes memory leak in internal DNS resolver
  * debian/patches/27-ldap-spaces
    - Added upstream patch that fixes minor security issues in LDAP account
      handling
      (Ref: CAN-2005-0173)
  * debian/patches/28-fakeauth-memleak
    - Added upstream patch that fixes memory leak in fakeauth NTLM helper
  * debian/patches/29-fqdn-truncated
    - Added upstream patch that fixes name truncation in compressed DNS
      responses
  * debian/patches/30-amd64-gcc40-compile
    - Added patch to compile squid on AMD64 with GCC-4.0 (Closes: #288542)

  * debian/patches/07-manpage
    - Removed, since now the config file is in /etc/squid
      (Closes: #284791)
  * debian/patches/23-deny-internal-object-purge
    - Added upstream patch that fixes internal object expiry
      (Closes: #75468)
  * debian/po/de.po
    - Updated German debconf translation (thanks to Jens Nachtigall)
      (Closes: #283848)

  * debian/po/nl.po
    - Updated Dutch debconf translation (thanks to Luk Claes)
      (Closes: #281563)
  * debian/watch
    - Added debian watch file
  * debian/po/fr.po
    - Updated French debconf translation (thanks to Christian Perrier)
      (Closes: #279304)
  * debian/rules
    - Added wbinfo_group external acl (Closes: #280895)
  * Urgency medium due to security issues

  * New upstream release
    - removed patches that have been integrated upstream:
      debian/patches/17-head
      debian/patches/18-no-valid-dir
      debian/patches/19-heap-segfault
      debian/patches/20-ntlm-fetch-string
      debian/patches/21-ntlm-noreuse-leak

    - Fixes Denial of Service in SNMP asn_parse_header module
      (Ref: CAN-2004-0918)

  * debian/po/nl.po
    - Updated Dutch debconf translation (Thanks to Luk Claes)
      (Closes: #277763)
  * Urgency still medium due to RC bug fix in squid-cgi
  * debian/templates
    - Applied patch to fix typos (thanks to Jens Nachtingal)
      (Closes: #275524)

  * debian/po/de.po
    - Updated german debconf translation (thanks to Jens Nachtingall)
      (Closes: #275523)
  * debian/control
    - Fix versioned build-depend on dpatch to fix FTBFS on alpha and sparc
  * Urgency medium due to RC bug fix in squid-cgi
  * debian/patches/22-cachemgr-acl
    - Reworked code flow (thanks to Martin Schulze)
  * debian/cachemgr.conf
    - Added comments at the start (again, thanks to Martin Schulze)
  * debian/control
    - Add version to build-depend on dpatch to fix FTBFS on alpha and sparc
  * Urgency medium due to RC bug fix in squid-cgi
  * debian/patches/22-cachemgr-acl
    - Added config file (/etc/squid/cachemgr.conf) checking to cachemgr.cgi
      (Closes for sid/sarge: #133131)
      Ref: CAN-2004-0913

  * debian/cachemgr.conf
    - Added default configuration file for squid-cgi
  * debian/templates
    - Modified squid-cgi template with informations on the new config
      file format

  * debian/po/it.po
    - Updated italian debconf translation
  * Urgency medium due to DoS fix in ntlm_auth (this should really make it
    into sarge)
  * debian/po/fr.po
    Updated French translation (Closes: #267577)
  * debian/po/pt_BR.po
    Updated Brazilian Portuguese translation (Closes: #267187)
  * debian/patches/20-ntlm-fetch-string
    Added upstream patch that fixes DoS in ntlm authentication
    (http://www.squid-cache.org/bugs/show_bug.cgi?id=1045)
    Ref: CAN-2004-0832
  * debian/patches/21-ntlm-noreuse-leak
    Added upstream patch that fixes memory leak in ntlm authentication
    with challenge reuse disabled
  * I should have checked upstream patches before -6 upload
  * Still urgency medium because of grave bug and upcoming sarge freeze.
  * debian/patches/19-heap-segfault
    - Added upstream patches to fix segfaults with heap replacement policy
  * Urgency medium because of grave bug and upcoming sarge freeze.
  * debian/config
    - Fix access to config file if config file does not exist
      (Closes: #264595)
  * debian/patches/18-no-valid-dir
    - Added upstream patch to fix invalid store with ufs
  * debian/{templates,postinst,config,squid.rc}
    - Added debconf question asking user to confirm before changing
      owner/group of cache_dir (Closes: #259541)
    - Removed permission fix from rc script. Will check only on upgrades
      to avoid messing up filesystem when administrator selects wrong
      values for cache_dir (See #259541 for an example)
  * debian/squid.rc
    - Added support for CHUID in start-stop-daemon (Closes: #137122). Beware
      of /etc/squid/squid.conf permissions if you use it!
  * debian/po/it.po
    - Added italian debconf translation
  * debian/patches/17-head
    - Added upstream patch to fix stale informations returned on HEAD request
      (Closes: #222499)
  * debian/patches/09-enable-large-files
    - Re-enable upstream support for logfiles bigger than 2GB. If no side
      effect shows up in a short time I'll close the bug (229327).
  * debian/preinst
    - Removed warning for logfiles bigger than 2GB.
  * debian/control
    - Added dependency on coreutils to be abel to use /usr/bin/stat in postinst
  * debian/postinst
    - chown directories only if actual owernship doesn't match configfile
    (Closes: #259217)
  * New Upstream Release
    - removed patches that have been integrated upstream:
      debian/patches/16-range-offset-limit
      debian/patches/15-dns-localhost
      debian/patches/14-proxy-abuse
      debian/patches/13-ntlm-overflow
      debian/patches/12-post-assert
      debian/patches/11-digest-blank
      debian/patches/10-ntlm-assert
  * debian/patches/13-ntlm-overflow
    - Updated to officially released upstrem patch (Closes: #256666)

ubuntu/hoary-security 2005-12-21 03:58:26 UTC 2005-12-21
Import patches-unapplied version 2.5.8-3ubuntu1.4 to ubuntu/hoary-security

Author: Martin Pitt
Author Date: 2005-09-30 13:30:53 UTC

Import patches-unapplied version 2.5.8-3ubuntu1.4 to ubuntu/hoary-security

Imported using git-ubuntu import.

Changelog parent: c9cb4303000bb9b8fd6e11f9ff0f53825fe8a7ca

New changelog entries:
  * SECURITY UPDATE: Fix remote DoS.
  * Add debian/patches/44-NTLM-scheme-assert.dpatch:
    - Fix crash when receiving specially crafted NTLM authentication requests.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-NTLM-scheme_assert
    - CAN-2005-2917
  * SECURITY UPDATE: Fix several DoS vulnerabilities.
  * Add debian/patches/42-ssl-connection-timeout.dpatch:
    - After certain slightly odd requests Squid crashes with a segmentation
      fault in sslConnectTimeout.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout
    - CAN-2005-2796
  * Add debian/patches/43-store-pending-assert.dpatch:
    - Squid crashes with an assertion failure in certain conditions involving
      aborted requests.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING
    - CAN-2005-2794
  * SECURITY UPDATE: Fix DNS spoofing.
  * Added debian/patches/41-dns-query.dpatch:
    - Properly verify DNS query answers to defend against DNS spoof attacks.
  * References:
    - CAN-2005-1519
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query
  * SECURITY UPDATE: Fix possible unsafe ACL configuration.
  * Added debian/patches/40-acl-error:
    - On configuration errors involving wrongly defined or missing acls the
      http_access results may be different than expected, possibly allowing more
      access than intended. This patch makes such configuration errors a fatal
      error, preventing the service from starting until the access control
      configuration errors have been corrected.
    - Stolen from Debian package.
  * References:
    - CAN-2005-1345
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error

applied/ubuntu/hoary-security 2005-12-21 03:58:26 UTC 2005-12-21
Import patches-applied version 2.5.8-3ubuntu1.4 to applied/ubuntu/hoary-security

Author: Martin Pitt
Author Date: 2005-09-30 13:30:53 UTC

Import patches-applied version 2.5.8-3ubuntu1.4 to applied/ubuntu/hoary-security

Imported using git-ubuntu import.

Changelog parent: 1511727f2143ac85d691c8b1303c943f5c599303
Unapplied parent: 07629fb259ea3999b118b48b4822d361917e40c1

New changelog entries:
  * SECURITY UPDATE: Fix remote DoS.
  * Add debian/patches/44-NTLM-scheme-assert.dpatch:
    - Fix crash when receiving specially crafted NTLM authentication requests.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-NTLM-scheme_assert
    - CAN-2005-2917
  * SECURITY UPDATE: Fix several DoS vulnerabilities.
  * Add debian/patches/42-ssl-connection-timeout.dpatch:
    - After certain slightly odd requests Squid crashes with a segmentation
      fault in sslConnectTimeout.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout
    - CAN-2005-2796
  * Add debian/patches/43-store-pending-assert.dpatch:
    - Squid crashes with an assertion failure in certain conditions involving
      aborted requests.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING
    - CAN-2005-2794
  * SECURITY UPDATE: Fix DNS spoofing.
  * Added debian/patches/41-dns-query.dpatch:
    - Properly verify DNS query answers to defend against DNS spoof attacks.
  * References:
    - CAN-2005-1519
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query
  * SECURITY UPDATE: Fix possible unsafe ACL configuration.
  * Added debian/patches/40-acl-error:
    - On configuration errors involving wrongly defined or missing acls the
      http_access results may be different than expected, possibly allowing more
      access than intended. This patch makes such configuration errors a fatal
      error, preventing the service from starting until the access control
      configuration errors have been corrected.
    - Stolen from Debian package.
  * References:
    - CAN-2005-1345
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error

ubuntu/hoary-devel 2005-12-21 03:58:26 UTC 2005-12-21
Import patches-unapplied version 2.5.8-3ubuntu1.4 to ubuntu/hoary-security

Author: Martin Pitt
Author Date: 2005-09-30 13:30:53 UTC

Import patches-unapplied version 2.5.8-3ubuntu1.4 to ubuntu/hoary-security

Imported using git-ubuntu import.

Changelog parent: c9cb4303000bb9b8fd6e11f9ff0f53825fe8a7ca

New changelog entries:
  * SECURITY UPDATE: Fix remote DoS.
  * Add debian/patches/44-NTLM-scheme-assert.dpatch:
    - Fix crash when receiving specially crafted NTLM authentication requests.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-NTLM-scheme_assert
    - CAN-2005-2917
  * SECURITY UPDATE: Fix several DoS vulnerabilities.
  * Add debian/patches/42-ssl-connection-timeout.dpatch:
    - After certain slightly odd requests Squid crashes with a segmentation
      fault in sslConnectTimeout.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout
    - CAN-2005-2796
  * Add debian/patches/43-store-pending-assert.dpatch:
    - Squid crashes with an assertion failure in certain conditions involving
      aborted requests.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING
    - CAN-2005-2794
  * SECURITY UPDATE: Fix DNS spoofing.
  * Added debian/patches/41-dns-query.dpatch:
    - Properly verify DNS query answers to defend against DNS spoof attacks.
  * References:
    - CAN-2005-1519
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query
  * SECURITY UPDATE: Fix possible unsafe ACL configuration.
  * Added debian/patches/40-acl-error:
    - On configuration errors involving wrongly defined or missing acls the
      http_access results may be different than expected, possibly allowing more
      access than intended. This patch makes such configuration errors a fatal
      error, preventing the service from starting until the access control
      configuration errors have been corrected.
    - Stolen from Debian package.
  * References:
    - CAN-2005-1345
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error

applied/ubuntu/hoary-devel 2005-12-21 03:58:26 UTC 2005-12-21
Import patches-applied version 2.5.8-3ubuntu1.4 to applied/ubuntu/hoary-security

Author: Martin Pitt
Author Date: 2005-09-30 13:30:53 UTC

Import patches-applied version 2.5.8-3ubuntu1.4 to applied/ubuntu/hoary-security

Imported using git-ubuntu import.

Changelog parent: 1511727f2143ac85d691c8b1303c943f5c599303
Unapplied parent: 07629fb259ea3999b118b48b4822d361917e40c1

New changelog entries:
  * SECURITY UPDATE: Fix remote DoS.
  * Add debian/patches/44-NTLM-scheme-assert.dpatch:
    - Fix crash when receiving specially crafted NTLM authentication requests.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-NTLM-scheme_assert
    - CAN-2005-2917
  * SECURITY UPDATE: Fix several DoS vulnerabilities.
  * Add debian/patches/42-ssl-connection-timeout.dpatch:
    - After certain slightly odd requests Squid crashes with a segmentation
      fault in sslConnectTimeout.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout
    - CAN-2005-2796
  * Add debian/patches/43-store-pending-assert.dpatch:
    - Squid crashes with an assertion failure in certain conditions involving
      aborted requests.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING
    - CAN-2005-2794
  * SECURITY UPDATE: Fix DNS spoofing.
  * Added debian/patches/41-dns-query.dpatch:
    - Properly verify DNS query answers to defend against DNS spoof attacks.
  * References:
    - CAN-2005-1519
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query
  * SECURITY UPDATE: Fix possible unsafe ACL configuration.
  * Added debian/patches/40-acl-error:
    - On configuration errors involving wrongly defined or missing acls the
      http_access results may be different than expected, possibly allowing more
      access than intended. This patch makes such configuration errors a fatal
      error, preventing the service from starting until the access control
      configuration errors have been corrected.
    - Stolen from Debian package.
  * References:
    - CAN-2005-1345
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error

applied/ubuntu/hoary 2005-12-20 21:49:24 UTC 2005-12-20
Import patches-applied version 2.5.8-3ubuntu1 to applied/ubuntu/hoary

Author: Martin Pitt
Author Date: 2005-03-08 09:36:14 UTC

Import patches-applied version 2.5.8-3ubuntu1 to applied/ubuntu/hoary

Imported using git-ubuntu import.

Changelog parent: 3558ed2e9d4793a5f3f74a9cd3baeb77bf7123df
Unapplied parent: c9cb4303000bb9b8fd6e11f9ff0f53825fe8a7ca

New changelog entries:
  * SECURITY UPDATE: Fix cookie information disclosure.
  * Added debian/patches/37-setcookie.dpatch (upstream patch, taken from
    Debian package): Fix race condition of Set-Cookie headers when using the
    old Netscape protocol.
  * References:
    CAN-2005-0626
    http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie
  * Urgency high due security fixes
  * debian/patches/36-dns-assert.dpatch
    - Added upstream patch to fix DoS in DNS reply parsing
      (Ref: CAN-2005-0446)
  * debian/squid.rc
    - Added db_stop call before invoke-rc.d (Closes: #294866)
  * New upstream release
    - removed patches that have been integrated upstream:
      debian/patches/23-deny-internal-object-purge
      debian/patches/24-gopher-html-parsing
      debian/patches/25-wccp-dos
      debian/patches/26-dns-memleak
      debian/patches/27-ldap-spaces
      debian/patches/28-fakeauth-memleak
      debian/patches/29-fqdn-truncated
      debian/patches/31-wccp-buffer-overflow
      debian/patches/32-response-splitting
      debian/patches/33-header-parsing
      debian/patches/34-oversize-reply-header
      debian/patches/35-empty-acl
    - Fixed 100% CPU usage on half closed PUT/POST requests
      (Closes: #294551)
  * debian/squid.rc
    - Applied patch from Thomas Hood to improve initscript output
      (Closes: #294465)
  * Urgency high due security fixes, previous version not yet in sarge and
    this version makes just a litte change to dependencies

  * debian/control
    - Added versioned depends on the same version of squid-common
      (Closes: #293552, #293626)
  * Urgency high due security fixes
  * debian/patches/34-oversize-reply-header.dpatch
    - Added upstream patch to correct HTTP protocol mismatch introduced
      by the header-parsing patch
      (Ref: CAN-2005-0241)
  * debian/patches/35-empty-acl.dpatch
    - Added upstream patch to fix minor security issues with 'empty' acls
      (Ref: CAN-2005-0194)
  * Urgency high due security fixes
  * debian/patches/01-cf.data.pre
    - Explicitly set hosts_file to /etc/hosts (Closes: #185555)
  * debian/patches/31-wccp-buffer-overflow.dpatch
    - Added upstream patch that fixes BoF in WCCP recvfrom()
      (Ref: CAN-2005-0211)
  * debian/patches/32-response-splitting.dpatch
    - Added upstream patch that fixes HTTP response splitting cache pollution
      (Ref: CAN-2005-0175)
  * debian/patches/33-header-parsing.dpatch
    - Added upstream patch to reject malformed HTTP requests and responses
      (Ref: CAN-2005-0174)
  * Urgency high due security fixes
  * Updated references in changelog to CAN advisories
  * "A round of upstream patches" release
  * debian/patches/24-gopher-html-parsing
    - Added upstream patch that fixes BoF in gopherToHTML()
      (Ref: CAN-2005-0094)

  * debian/patches/25-wccp-dos
    - Added upstream patch that fixes DoS in WCCP message handling
      (Ref: CAN-2005-0095)
  * debian/patches/26-dns-memleak
    - Added upstream patch that fixes memory leak in internal DNS resolver
  * debian/patches/27-ldap-spaces
    - Added upstream patch that fixes minor security issues in LDAP account
      handling
      (Ref: CAN-2005-0173)
  * debian/patches/28-fakeauth-memleak
    - Added upstream patch that fixes memory leak in fakeauth NTLM helper
  * debian/patches/29-fqdn-truncated
    - Added upstream patch that fixes name truncation in compressed DNS
      responses
  * debian/patches/29-fqdn-truncated
    - Added patch to compile squid on AMD64 with GCC-4.0 (Closes: #288542)

  * debian/patches/07-manpage
    - Removed, since now the config file is in /etc/squid
      (Closes: #284791)
  * debian/patches/23-deny-internal-object-purge
    - Added upstream patch that fixes internal object expiry
      (Closes: #75468)
  * debian/po/de.po
    - Updated German debconf translation (thanks to Jens Nachtigall)
      (Closes: #283848)

  * debian/po/nl.po
    - Updated Dutch debconf translation (thanks to Luk Claes)
      (Closes: #281563)
  * debian/watch
    - Added debian watch file
  * debian/po/fr.po
    - Updated French debconf translation (thanks to Christian Perrier)
      (Closes: #279304)
  * debian/rules
    - Added wbinfo_group external acl (Closes: #280895)
  * Urgency medium due to security issues

  * New upstream release
    - removed patches that have been integrated upstream:
      debian/patches/17-head
      debian/patches/18-no-valid-dir
      debian/patches/19-heap-segfault
      debian/patches/20-ntlm-fetch-string
      debian/patches/21-ntlm-noreuse-leak

    - Fixes Denial of Service in SNMP asn_parse_header module
      (Ref: CAN-2004-0918)

  * debian/po/nl.po
    - Updated Dutch debconf translation (Thanks to Luk Claes)
      (Closes: #277763)
  * Urgency still medium due to RC bug fix in squid-cgi
  * debian/templates
    - Applied patch to fix typos (thanks to Jens Nachtingal)
      (Closes: #275524)

  * debian/po/de.po
    - Updated german debconf translation (thanks to Jens Nachtingall)
      (Closes: #275523)
  * debian/control
    - Fix versioned build-depend on dpatch to fix FTBFS on alpha and sparc
  * Urgency medium due to RC bug fix in squid-cgi
  * debian/patches/22-cachemgr-acl
    - Reworked code flow (thanks to Martin Schulze)
  * debian/cachemgr.conf
    - Added comments at the start (again, thanks to Martin Schulze)
  * debian/control
    - Add version to build-depend on dpatch to fix FTBFS on alpha and sparc
  * Urgency medium due to RC bug fix in squid-cgi
  * debian/patches/22-cachemgr-acl
    - Added config file (/etc/squid/cachemgr.conf) checking to cachemgr.cgi
      (Closes for sid/sarge: #133131)
      Ref: CAN-2004-0913

  * debian/cachemgr.conf
    - Added default configuration file for squid-cgi
  * debian/templates
    - Modified squid-cgi template with informations on the new config
      file format

  * debian/po/it.po
    - Updated italian debconf translation
  * Urgency medium due to DoS fix in ntlm_auth (this should really make it
    into sarge)
  * debian/po/fr.po
    Updated French translation (Closes: #267577)
  * debian/po/pt_BR.po
    Updated Brazilian Portuguese translation (Closes: #267187)
  * debian/patches/20-ntlm-fetch-string
    Added upstream patch that fixes DoS in ntlm authentication
    (http://www.squid-cache.org/bugs/show_bug.cgi?id=1045)
    Ref: CAN-2004-0832
  * debian/patches/21-ntlm-noreuse-leak
    Added upstream patch that fixes memory leak in ntlm authentication
    with challenge reuse disabled
  * I should have checked upstream patches before -6 upload
  * Still urgency medium because of grave bug and upcoming sarge freeze.
  * debian/patches/19-heap-segfault
    - Added upstream patches to fix segfaults with heap replacement policy
  * Urgency medium because of grave bug and upcoming sarge freeze.
  * debian/config
    - Fix access to config file if config file does not exist
      (Closes: #264595)
  * debian/patches/18-no-valid-dir
    - Added upstream patch to fix invalid store with ufs
  * debian/{templates,postinst,config,squid.rc}
    - Added debconf question asking user to confirm before changing
      owner/group of cache_dir (Closes: #259541)
    - Removed permission fix from rc script. Will check only on upgrades
      to avoid messing up filesystem when administrator selects wrong
      values for cache_dir (See #259541 for an example)
  * debian/squid.rc
    - Added support for CHUID in start-stop-daemon (Closes: #137122). Beware
      of /etc/squid/squid.conf permissions if you use it!
  * debian/po/it.po
    - Added italian debconf translation
  * debian/patches/17-head
    - Added upstream patch to fix stale informations returned on HEAD request
      (Closes: #222499)
  * debian/patches/09-enable-large-files
    - Re-enable upstream support for logfiles bigger than 2GB. If no side
      effect shows up in a short time I'll close the bug (229327).
  * debian/preinst
    - Removed warning for logfiles bigger than 2GB.
  * debian/control
    - Added dependency on coreutils to be abel to use /usr/bin/stat in postinst
  * debian/postinst
    - chown directories only if actual owernship doesn't match configfile
    (Closes: #259217)
  * New Upstream Release
    - removed patches that have been integrated upstream:
      debian/patches/16-range-offset-limit
      debian/patches/15-dns-localhost
      debian/patches/14-proxy-abuse
      debian/patches/13-ntlm-overflow
      debian/patches/12-post-assert
      debian/patches/11-digest-blank
      debian/patches/10-ntlm-assert
  * debian/patches/13-ntlm-overflow
    - Updated to officially released upstrem patch (Closes: #256666)

ubuntu/hoary 2005-12-20 21:49:24 UTC 2005-12-20
Import patches-unapplied version 2.5.8-3ubuntu1 to ubuntu/hoary

Author: Martin Pitt
Author Date: 2005-03-08 09:36:14 UTC

Import patches-unapplied version 2.5.8-3ubuntu1 to ubuntu/hoary

Imported using git-ubuntu import.

Changelog parent: 6ee4ae76352c4b83aeff42f8ad1072c15fdf5b1c

New changelog entries:
  * SECURITY UPDATE: Fix cookie information disclosure.
  * Added debian/patches/37-setcookie.dpatch (upstream patch, taken from
    Debian package): Fix race condition of Set-Cookie headers when using the
    old Netscape protocol.
  * References:
    CAN-2005-0626
    http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie
  * Urgency high due security fixes
  * debian/patches/36-dns-assert.dpatch
    - Added upstream patch to fix DoS in DNS reply parsing
      (Ref: CAN-2005-0446)
  * debian/squid.rc
    - Added db_stop call before invoke-rc.d (Closes: #294866)
  * New upstream release
    - removed patches that have been integrated upstream:
      debian/patches/23-deny-internal-object-purge
      debian/patches/24-gopher-html-parsing
      debian/patches/25-wccp-dos
      debian/patches/26-dns-memleak
      debian/patches/27-ldap-spaces
      debian/patches/28-fakeauth-memleak
      debian/patches/29-fqdn-truncated
      debian/patches/31-wccp-buffer-overflow
      debian/patches/32-response-splitting
      debian/patches/33-header-parsing
      debian/patches/34-oversize-reply-header
      debian/patches/35-empty-acl
    - Fixed 100% CPU usage on half closed PUT/POST requests
      (Closes: #294551)
  * debian/squid.rc
    - Applied patch from Thomas Hood to improve initscript output
      (Closes: #294465)
  * Urgency high due security fixes, previous version not yet in sarge and
    this version makes just a litte change to dependencies

  * debian/control
    - Added versioned depends on the same version of squid-common
      (Closes: #293552, #293626)
  * Urgency high due security fixes
  * debian/patches/34-oversize-reply-header.dpatch
    - Added upstream patch to correct HTTP protocol mismatch introduced
      by the header-parsing patch
      (Ref: CAN-2005-0241)
  * debian/patches/35-empty-acl.dpatch
    - Added upstream patch to fix minor security issues with 'empty' acls
      (Ref: CAN-2005-0194)
  * Urgency high due security fixes
  * debian/patches/01-cf.data.pre
    - Explicitly set hosts_file to /etc/hosts (Closes: #185555)
  * debian/patches/31-wccp-buffer-overflow.dpatch
    - Added upstream patch that fixes BoF in WCCP recvfrom()
      (Ref: CAN-2005-0211)
  * debian/patches/32-response-splitting.dpatch
    - Added upstream patch that fixes HTTP response splitting cache pollution
      (Ref: CAN-2005-0175)
  * debian/patches/33-header-parsing.dpatch
    - Added upstream patch to reject malformed HTTP requests and responses
      (Ref: CAN-2005-0174)
  * Urgency high due security fixes
  * Updated references in changelog to CAN advisories
  * "A round of upstream patches" release
  * debian/patches/24-gopher-html-parsing
    - Added upstream patch that fixes BoF in gopherToHTML()
      (Ref: CAN-2005-0094)

  * debian/patches/25-wccp-dos
    - Added upstream patch that fixes DoS in WCCP message handling
      (Ref: CAN-2005-0095)
  * debian/patches/26-dns-memleak
    - Added upstream patch that fixes memory leak in internal DNS resolver
  * debian/patches/27-ldap-spaces
    - Added upstream patch that fixes minor security issues in LDAP account
      handling
      (Ref: CAN-2005-0173)
  * debian/patches/28-fakeauth-memleak
    - Added upstream patch that fixes memory leak in fakeauth NTLM helper
  * debian/patches/29-fqdn-truncated
    - Added upstream patch that fixes name truncation in compressed DNS
      responses
  * debian/patches/29-fqdn-truncated
    - Added patch to compile squid on AMD64 with GCC-4.0 (Closes: #288542)

  * debian/patches/07-manpage
    - Removed, since now the config file is in /etc/squid
      (Closes: #284791)
  * debian/patches/23-deny-internal-object-purge
    - Added upstream patch that fixes internal object expiry
      (Closes: #75468)
  * debian/po/de.po
    - Updated German debconf translation (thanks to Jens Nachtigall)
      (Closes: #283848)

  * debian/po/nl.po
    - Updated Dutch debconf translation (thanks to Luk Claes)
      (Closes: #281563)
  * debian/watch
    - Added debian watch file
  * debian/po/fr.po
    - Updated French debconf translation (thanks to Christian Perrier)
      (Closes: #279304)
  * debian/rules
    - Added wbinfo_group external acl (Closes: #280895)
  * Urgency medium due to security issues

  * New upstream release
    - removed patches that have been integrated upstream:
      debian/patches/17-head
      debian/patches/18-no-valid-dir
      debian/patches/19-heap-segfault
      debian/patches/20-ntlm-fetch-string
      debian/patches/21-ntlm-noreuse-leak

    - Fixes Denial of Service in SNMP asn_parse_header module
      (Ref: CAN-2004-0918)

  * debian/po/nl.po
    - Updated Dutch debconf translation (Thanks to Luk Claes)
      (Closes: #277763)
  * Urgency still medium due to RC bug fix in squid-cgi
  * debian/templates
    - Applied patch to fix typos (thanks to Jens Nachtingal)
      (Closes: #275524)

  * debian/po/de.po
    - Updated german debconf translation (thanks to Jens Nachtingall)
      (Closes: #275523)
  * debian/control
    - Fix versioned build-depend on dpatch to fix FTBFS on alpha and sparc
  * Urgency medium due to RC bug fix in squid-cgi
  * debian/patches/22-cachemgr-acl
    - Reworked code flow (thanks to Martin Schulze)
  * debian/cachemgr.conf
    - Added comments at the start (again, thanks to Martin Schulze)
  * debian/control
    - Add version to build-depend on dpatch to fix FTBFS on alpha and sparc
  * Urgency medium due to RC bug fix in squid-cgi
  * debian/patches/22-cachemgr-acl
    - Added config file (/etc/squid/cachemgr.conf) checking to cachemgr.cgi
      (Closes for sid/sarge: #133131)
      Ref: CAN-2004-0913

  * debian/cachemgr.conf
    - Added default configuration file for squid-cgi
  * debian/templates
    - Modified squid-cgi template with informations on the new config
      file format

  * debian/po/it.po
    - Updated italian debconf translation
  * Urgency medium due to DoS fix in ntlm_auth (this should really make it
    into sarge)
  * debian/po/fr.po
    Updated French translation (Closes: #267577)
  * debian/po/pt_BR.po
    Updated Brazilian Portuguese translation (Closes: #267187)
  * debian/patches/20-ntlm-fetch-string
    Added upstream patch that fixes DoS in ntlm authentication
    (http://www.squid-cache.org/bugs/show_bug.cgi?id=1045)
    Ref: CAN-2004-0832
  * debian/patches/21-ntlm-noreuse-leak
    Added upstream patch that fixes memory leak in ntlm authentication
    with challenge reuse disabled
  * I should have checked upstream patches before -6 upload
  * Still urgency medium because of grave bug and upcoming sarge freeze.
  * debian/patches/19-heap-segfault
    - Added upstream patches to fix segfaults with heap replacement policy
  * Urgency medium because of grave bug and upcoming sarge freeze.
  * debian/config
    - Fix access to config file if config file does not exist
      (Closes: #264595)
  * debian/patches/18-no-valid-dir
    - Added upstream patch to fix invalid store with ufs
  * debian/{templates,postinst,config,squid.rc}
    - Added debconf question asking user to confirm before changing
      owner/group of cache_dir (Closes: #259541)
    - Removed permission fix from rc script. Will check only on upgrades
      to avoid messing up filesystem when administrator selects wrong
      values for cache_dir (See #259541 for an example)
  * debian/squid.rc
    - Added support for CHUID in start-stop-daemon (Closes: #137122). Beware
      of /etc/squid/squid.conf permissions if you use it!
  * debian/po/it.po
    - Added italian debconf translation
  * debian/patches/17-head
    - Added upstream patch to fix stale informations returned on HEAD request
      (Closes: #222499)
  * debian/patches/09-enable-large-files
    - Re-enable upstream support for logfiles bigger than 2GB. If no side
      effect shows up in a short time I'll close the bug (229327).
  * debian/preinst
    - Removed warning for logfiles bigger than 2GB.
  * debian/control
    - Added dependency on coreutils to be abel to use /usr/bin/stat in postinst
  * debian/postinst
    - chown directories only if actual owernship doesn't match configfile
    (Closes: #259217)
  * New Upstream Release
    - removed patches that have been integrated upstream:
      debian/patches/16-range-offset-limit
      debian/patches/15-dns-localhost
      debian/patches/14-proxy-abuse
      debian/patches/13-ntlm-overflow
      debian/patches/12-post-assert
      debian/patches/11-digest-blank
      debian/patches/10-ntlm-assert
  * debian/patches/13-ntlm-overflow
    - Updated to officially released upstrem patch (Closes: #256666)

applied/ubuntu/warty-security 2005-12-20 20:16:18 UTC 2005-12-20
Import patches-applied version 2.5.5-6ubuntu0.11 to applied/ubuntu/warty-secu...

Author: Martin Pitt
Author Date: 2005-09-30 13:36:00 UTC

Import patches-applied version 2.5.5-6ubuntu0.11 to applied/ubuntu/warty-security

Imported using git-ubuntu import.

Changelog parent: 3558ed2e9d4793a5f3f74a9cd3baeb77bf7123df
Unapplied parent: 845247c94f236a2789f8439ac91f80982cbc589d

New changelog entries:
  * SECURITY UPDATE: Fix remote DoS.
  * Add debian/patches/38-NTLM-scheme-assert.dpatch:
    - Fix crash when receiving specially crafted NTLM authentication requests.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-NTLM-scheme_assert
    - CAN-2005-2917
  * SECURITY UPDATE: Fix several DoS vulnerabilities.
  * Add debian/patches/36-ssl-connect-timeout.dpatch:
    - After certain slightly odd requests Squid crashes with a segmentation
      fault in sslConnectTimeout.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout
    - CAN-2005-2796
  * Add debian/patches/37-store-pending-assert.dpatch:
    - Squid crashes with an assertion failure in certain conditions involving
      aborted requests.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING
    - CAN-2005-2794
  * SECURITY UPDATE: Fix DNS spoofing.
  * Added debian/patches/35-dns-query.dpatch:
    - Properly verify DNS query answers to defend against DNS spoof attacks.
  * References:
    - CAN-2005-1519
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query
  * SECURITY UPDATE: Fix possible unsafe ACL configuration.
  * Added debian/patches/34-acl-error:
    - On configuration errors involving wrongly defined or missing acls the
      http_access results may be different than expected, possibly allowing more
      access than intended. This patch makes such configuration errors a fatal
      error, preventing the service from starting until the access control
      configuration errors have been corrected.
  * References:
    - CAN-2005-1345
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error
  * SECURITY UPDATE: Fix remote Denial of Service.
  * Added debian/patches/33-putpost.dpatch: Protect from double free() when a
    PUT or POST connection is closed by the remote end.
  * References:
    CAN-2005-0718
    http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post
  * SECURITY UPDATE: Fix cookie information disclosure.
  * Added debian/patches/32-setcookie.dpatch (upstream patch, taken from
    Debian package): Fix race condition of Set-Cookie headers when using the
    old Netscape protocol.
  * References:
    CAN-2005-0626
    http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie
  * SECURITY UPDATE: fix remote Denial of Service
  * Added debian/patches/30-dns-assert.dpatch:
    - Do not abort with an assertion failure if a malicious DNS server
      responds with a malformed IP address.
    - References:
      CAN-2005-0446
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert
  * Added debian/patches/31-empty-acls.dpatch:
    - The meaning of the access controls becomes somewhat confusing if any of
      the referenced ACLs is declared empty, without any members.
    - References:
      CAN-2005-0194
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls
  * SECURITY UPDATE: fix several vulnerabilities
  * debian/patches/26-ldap-spaces.dpatch:
    - Ignore leading/trailing whitespace in login names when using LDAP
      authentication.
    - References:
      CAN-2005-0173
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces
  * debian/patches/27-http-header-parsing.dpatch:
    - Reject malformed HTTP requests and responses that conflict with the HTTP
      specifications. This avoids cache pollution.
    - References:
      CAN-2005-0174
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing
  * debian/patches/28-response-splitting.dpatch:
    - Strengthen Squid from HTTP response splitting cache pollution attack.
    - References:
      CAN-2005-0175
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting
  * debian/patches/29-wcpp-buffer-overflow.dpatch:
    - Fix buffer overflow in src/wccp.c triggered by overly long WCCP packets.
    - References:
      CAN-2005-0211
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow
  * SECURITY UPDATE: Fix several DoS vulnerabilities found by infamous41md.
    Fixes based on upstream supplied patches, but these changed lots of
    irrelevant stuff, so they were trimmed down.
  * debian/patches/22-gopher_html_parsing.dpatch:
    - Avoid buffer overflow if a malicious Gopher server sends a line bigger
      than 4096 characters.
    - References:
      CAN-2005-0094
      http://www.squid-cache.org/Advisories/SQUID-2005_1.txt
  * debian/patches/23-wccp-denial-of-service.dpatch:
    - Fix crash when receiving malformed WCCP packages with spoofed source
      addresses.
    - References:
      CAN-2005-0095
      http://www.squid-cache.org/Advisories/SQUID-2005_2.txt
  * debian/patches/24-fakeauth_auth-crash.dpatch:
    - Check for NULL return value of ntlmGetString() (which happens on
      malformed NTLM type 3 packages) before using the pointer.
    - References:
      http://secunia.com/advisories/13789
      CAN-2005-0097
  * debian/patches/debian/patches/25-fakeauth_auth-memleak.dpatch:
    - Free cleartext buffer after using it to fix memory leak.
    - References:
      CAN-2005-0096
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth
  * rebuilt debian/patches/21-asn-negative-length.dpatch with the Warty
    version of dpatch; the Hoary version messed it up
  * SECURITY UPDATE to fix several DoS vulnerabilities.
  * debian/patches/20-ntlm-fetch-string.dpatch:
    - The ntlm_fetch_string and ntlm_get_string functions, with NTLM
      authentication enabled, allowed remote attackers to cause a denial of
      service (application crash) via an NTLMSSP packet that causes a negative
      value to be passed to memcpy.
    - Patch taken from Debian package version 2.5.6-8, also at
      http://www.squid-cache.org/bugs/show_bug.cgi?id=1045
    - CAN-2004-0832
  * debian/patches/21-asn-negative-length.dpatch:
    - The asn_parse_header function (asn1.c) in the SNMP module allowed remote
      attackers to cause a denial of service (server restart with dropping
      all open connections) via certain SNMP packets with negative length
      fields that causes a memory allocation error.
    - Patch backported from stable release 2.5.7.
    - CAN-2004-0918

ubuntu/warty-security 2005-12-20 20:16:18 UTC 2005-12-20
Import patches-unapplied version 2.5.5-6ubuntu0.11 to ubuntu/warty-security

Author: Martin Pitt
Author Date: 2005-09-30 13:36:00 UTC

Import patches-unapplied version 2.5.5-6ubuntu0.11 to ubuntu/warty-security

Imported using git-ubuntu import.

Changelog parent: 6ee4ae76352c4b83aeff42f8ad1072c15fdf5b1c

New changelog entries:
  * SECURITY UPDATE: Fix remote DoS.
  * Add debian/patches/38-NTLM-scheme-assert.dpatch:
    - Fix crash when receiving specially crafted NTLM authentication requests.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-NTLM-scheme_assert
    - CAN-2005-2917
  * SECURITY UPDATE: Fix several DoS vulnerabilities.
  * Add debian/patches/36-ssl-connect-timeout.dpatch:
    - After certain slightly odd requests Squid crashes with a segmentation
      fault in sslConnectTimeout.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout
    - CAN-2005-2796
  * Add debian/patches/37-store-pending-assert.dpatch:
    - Squid crashes with an assertion failure in certain conditions involving
      aborted requests.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING
    - CAN-2005-2794
  * SECURITY UPDATE: Fix DNS spoofing.
  * Added debian/patches/35-dns-query.dpatch:
    - Properly verify DNS query answers to defend against DNS spoof attacks.
  * References:
    - CAN-2005-1519
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query
  * SECURITY UPDATE: Fix possible unsafe ACL configuration.
  * Added debian/patches/34-acl-error:
    - On configuration errors involving wrongly defined or missing acls the
      http_access results may be different than expected, possibly allowing more
      access than intended. This patch makes such configuration errors a fatal
      error, preventing the service from starting until the access control
      configuration errors have been corrected.
  * References:
    - CAN-2005-1345
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error
  * SECURITY UPDATE: Fix remote Denial of Service.
  * Added debian/patches/33-putpost.dpatch: Protect from double free() when a
    PUT or POST connection is closed by the remote end.
  * References:
    CAN-2005-0718
    http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post
  * SECURITY UPDATE: Fix cookie information disclosure.
  * Added debian/patches/32-setcookie.dpatch (upstream patch, taken from
    Debian package): Fix race condition of Set-Cookie headers when using the
    old Netscape protocol.
  * References:
    CAN-2005-0626
    http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie
  * SECURITY UPDATE: fix remote Denial of Service
  * Added debian/patches/30-dns-assert.dpatch:
    - Do not abort with an assertion failure if a malicious DNS server
      responds with a malformed IP address.
    - References:
      CAN-2005-0446
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert
  * Added debian/patches/31-empty-acls.dpatch:
    - The meaning of the access controls becomes somewhat confusing if any of
      the referenced ACLs is declared empty, without any members.
    - References:
      CAN-2005-0194
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls
  * SECURITY UPDATE: fix several vulnerabilities
  * debian/patches/26-ldap-spaces.dpatch:
    - Ignore leading/trailing whitespace in login names when using LDAP
      authentication.
    - References:
      CAN-2005-0173
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces
  * debian/patches/27-http-header-parsing.dpatch:
    - Reject malformed HTTP requests and responses that conflict with the HTTP
      specifications. This avoids cache pollution.
    - References:
      CAN-2005-0174
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing
  * debian/patches/28-response-splitting.dpatch:
    - Strengthen Squid from HTTP response splitting cache pollution attack.
    - References:
      CAN-2005-0175
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting
  * debian/patches/29-wcpp-buffer-overflow.dpatch:
    - Fix buffer overflow in src/wccp.c triggered by overly long WCCP packets.
    - References:
      CAN-2005-0211
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow
  * SECURITY UPDATE: Fix several DoS vulnerabilities found by infamous41md.
    Fixes based on upstream supplied patches, but these changed lots of
    irrelevant stuff, so they were trimmed down.
  * debian/patches/22-gopher_html_parsing.dpatch:
    - Avoid buffer overflow if a malicious Gopher server sends a line bigger
      than 4096 characters.
    - References:
      CAN-2005-0094
      http://www.squid-cache.org/Advisories/SQUID-2005_1.txt
  * debian/patches/23-wccp-denial-of-service.dpatch:
    - Fix crash when receiving malformed WCCP packages with spoofed source
      addresses.
    - References:
      CAN-2005-0095
      http://www.squid-cache.org/Advisories/SQUID-2005_2.txt
  * debian/patches/24-fakeauth_auth-crash.dpatch:
    - Check for NULL return value of ntlmGetString() (which happens on
      malformed NTLM type 3 packages) before using the pointer.
    - References:
      http://secunia.com/advisories/13789
      CAN-2005-0097
  * debian/patches/debian/patches/25-fakeauth_auth-memleak.dpatch:
    - Free cleartext buffer after using it to fix memory leak.
    - References:
      CAN-2005-0096
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth
  * rebuilt debian/patches/21-asn-negative-length.dpatch with the Warty
    version of dpatch; the Hoary version messed it up
  * SECURITY UPDATE to fix several DoS vulnerabilities.
  * debian/patches/20-ntlm-fetch-string.dpatch:
    - The ntlm_fetch_string and ntlm_get_string functions, with NTLM
      authentication enabled, allowed remote attackers to cause a denial of
      service (application crash) via an NTLMSSP packet that causes a negative
      value to be passed to memcpy.
    - Patch taken from Debian package version 2.5.6-8, also at
      http://www.squid-cache.org/bugs/show_bug.cgi?id=1045
    - CAN-2004-0832
  * debian/patches/21-asn-negative-length.dpatch:
    - The asn_parse_header function (asn1.c) in the SNMP module allowed remote
      attackers to cause a denial of service (server restart with dropping
      all open connections) via certain SNMP packets with negative length
      fields that causes a memory allocation error.
    - Patch backported from stable release 2.5.7.
    - CAN-2004-0918

applied/ubuntu/warty-devel 2005-12-20 20:16:18 UTC 2005-12-20
Import patches-applied version 2.5.5-6ubuntu0.11 to applied/ubuntu/warty-secu...

Author: Martin Pitt
Author Date: 2005-09-30 13:36:00 UTC

Import patches-applied version 2.5.5-6ubuntu0.11 to applied/ubuntu/warty-security

Imported using git-ubuntu import.

Changelog parent: 3558ed2e9d4793a5f3f74a9cd3baeb77bf7123df
Unapplied parent: 845247c94f236a2789f8439ac91f80982cbc589d

New changelog entries:
  * SECURITY UPDATE: Fix remote DoS.
  * Add debian/patches/38-NTLM-scheme-assert.dpatch:
    - Fix crash when receiving specially crafted NTLM authentication requests.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-NTLM-scheme_assert
    - CAN-2005-2917
  * SECURITY UPDATE: Fix several DoS vulnerabilities.
  * Add debian/patches/36-ssl-connect-timeout.dpatch:
    - After certain slightly odd requests Squid crashes with a segmentation
      fault in sslConnectTimeout.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout
    - CAN-2005-2796
  * Add debian/patches/37-store-pending-assert.dpatch:
    - Squid crashes with an assertion failure in certain conditions involving
      aborted requests.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING
    - CAN-2005-2794
  * SECURITY UPDATE: Fix DNS spoofing.
  * Added debian/patches/35-dns-query.dpatch:
    - Properly verify DNS query answers to defend against DNS spoof attacks.
  * References:
    - CAN-2005-1519
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query
  * SECURITY UPDATE: Fix possible unsafe ACL configuration.
  * Added debian/patches/34-acl-error:
    - On configuration errors involving wrongly defined or missing acls the
      http_access results may be different than expected, possibly allowing more
      access than intended. This patch makes such configuration errors a fatal
      error, preventing the service from starting until the access control
      configuration errors have been corrected.
  * References:
    - CAN-2005-1345
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error
  * SECURITY UPDATE: Fix remote Denial of Service.
  * Added debian/patches/33-putpost.dpatch: Protect from double free() when a
    PUT or POST connection is closed by the remote end.
  * References:
    CAN-2005-0718
    http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post
  * SECURITY UPDATE: Fix cookie information disclosure.
  * Added debian/patches/32-setcookie.dpatch (upstream patch, taken from
    Debian package): Fix race condition of Set-Cookie headers when using the
    old Netscape protocol.
  * References:
    CAN-2005-0626
    http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie
  * SECURITY UPDATE: fix remote Denial of Service
  * Added debian/patches/30-dns-assert.dpatch:
    - Do not abort with an assertion failure if a malicious DNS server
      responds with a malformed IP address.
    - References:
      CAN-2005-0446
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert
  * Added debian/patches/31-empty-acls.dpatch:
    - The meaning of the access controls becomes somewhat confusing if any of
      the referenced ACLs is declared empty, without any members.
    - References:
      CAN-2005-0194
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls
  * SECURITY UPDATE: fix several vulnerabilities
  * debian/patches/26-ldap-spaces.dpatch:
    - Ignore leading/trailing whitespace in login names when using LDAP
      authentication.
    - References:
      CAN-2005-0173
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces
  * debian/patches/27-http-header-parsing.dpatch:
    - Reject malformed HTTP requests and responses that conflict with the HTTP
      specifications. This avoids cache pollution.
    - References:
      CAN-2005-0174
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing
  * debian/patches/28-response-splitting.dpatch:
    - Strengthen Squid from HTTP response splitting cache pollution attack.
    - References:
      CAN-2005-0175
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting
  * debian/patches/29-wcpp-buffer-overflow.dpatch:
    - Fix buffer overflow in src/wccp.c triggered by overly long WCCP packets.
    - References:
      CAN-2005-0211
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow
  * SECURITY UPDATE: Fix several DoS vulnerabilities found by infamous41md.
    Fixes based on upstream supplied patches, but these changed lots of
    irrelevant stuff, so they were trimmed down.
  * debian/patches/22-gopher_html_parsing.dpatch:
    - Avoid buffer overflow if a malicious Gopher server sends a line bigger
      than 4096 characters.
    - References:
      CAN-2005-0094
      http://www.squid-cache.org/Advisories/SQUID-2005_1.txt
  * debian/patches/23-wccp-denial-of-service.dpatch:
    - Fix crash when receiving malformed WCCP packages with spoofed source
      addresses.
    - References:
      CAN-2005-0095
      http://www.squid-cache.org/Advisories/SQUID-2005_2.txt
  * debian/patches/24-fakeauth_auth-crash.dpatch:
    - Check for NULL return value of ntlmGetString() (which happens on
      malformed NTLM type 3 packages) before using the pointer.
    - References:
      http://secunia.com/advisories/13789
      CAN-2005-0097
  * debian/patches/debian/patches/25-fakeauth_auth-memleak.dpatch:
    - Free cleartext buffer after using it to fix memory leak.
    - References:
      CAN-2005-0096
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth
  * rebuilt debian/patches/21-asn-negative-length.dpatch with the Warty
    version of dpatch; the Hoary version messed it up
  * SECURITY UPDATE to fix several DoS vulnerabilities.
  * debian/patches/20-ntlm-fetch-string.dpatch:
    - The ntlm_fetch_string and ntlm_get_string functions, with NTLM
      authentication enabled, allowed remote attackers to cause a denial of
      service (application crash) via an NTLMSSP packet that causes a negative
      value to be passed to memcpy.
    - Patch taken from Debian package version 2.5.6-8, also at
      http://www.squid-cache.org/bugs/show_bug.cgi?id=1045
    - CAN-2004-0832
  * debian/patches/21-asn-negative-length.dpatch:
    - The asn_parse_header function (asn1.c) in the SNMP module allowed remote
      attackers to cause a denial of service (server restart with dropping
      all open connections) via certain SNMP packets with negative length
      fields that causes a memory allocation error.
    - Patch backported from stable release 2.5.7.
    - CAN-2004-0918

ubuntu/warty-devel 2005-12-20 20:16:18 UTC 2005-12-20
Import patches-unapplied version 2.5.5-6ubuntu0.11 to ubuntu/warty-security

Author: Martin Pitt
Author Date: 2005-09-30 13:36:00 UTC

Import patches-unapplied version 2.5.5-6ubuntu0.11 to ubuntu/warty-security

Imported using git-ubuntu import.

Changelog parent: 6ee4ae76352c4b83aeff42f8ad1072c15fdf5b1c

New changelog entries:
  * SECURITY UPDATE: Fix remote DoS.
  * Add debian/patches/38-NTLM-scheme-assert.dpatch:
    - Fix crash when receiving specially crafted NTLM authentication requests.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-NTLM-scheme_assert
    - CAN-2005-2917
  * SECURITY UPDATE: Fix several DoS vulnerabilities.
  * Add debian/patches/36-ssl-connect-timeout.dpatch:
    - After certain slightly odd requests Squid crashes with a segmentation
      fault in sslConnectTimeout.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout
    - CAN-2005-2796
  * Add debian/patches/37-store-pending-assert.dpatch:
    - Squid crashes with an assertion failure in certain conditions involving
      aborted requests.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING
    - CAN-2005-2794
  * SECURITY UPDATE: Fix DNS spoofing.
  * Added debian/patches/35-dns-query.dpatch:
    - Properly verify DNS query answers to defend against DNS spoof attacks.
  * References:
    - CAN-2005-1519
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query
  * SECURITY UPDATE: Fix possible unsafe ACL configuration.
  * Added debian/patches/34-acl-error:
    - On configuration errors involving wrongly defined or missing acls the
      http_access results may be different than expected, possibly allowing more
      access than intended. This patch makes such configuration errors a fatal
      error, preventing the service from starting until the access control
      configuration errors have been corrected.
  * References:
    - CAN-2005-1345
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error
  * SECURITY UPDATE: Fix remote Denial of Service.
  * Added debian/patches/33-putpost.dpatch: Protect from double free() when a
    PUT or POST connection is closed by the remote end.
  * References:
    CAN-2005-0718
    http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post
  * SECURITY UPDATE: Fix cookie information disclosure.
  * Added debian/patches/32-setcookie.dpatch (upstream patch, taken from
    Debian package): Fix race condition of Set-Cookie headers when using the
    old Netscape protocol.
  * References:
    CAN-2005-0626
    http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie
  * SECURITY UPDATE: fix remote Denial of Service
  * Added debian/patches/30-dns-assert.dpatch:
    - Do not abort with an assertion failure if a malicious DNS server
      responds with a malformed IP address.
    - References:
      CAN-2005-0446
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert
  * Added debian/patches/31-empty-acls.dpatch:
    - The meaning of the access controls becomes somewhat confusing if any of
      the referenced ACLs is declared empty, without any members.
    - References:
      CAN-2005-0194
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls
  * SECURITY UPDATE: fix several vulnerabilities
  * debian/patches/26-ldap-spaces.dpatch:
    - Ignore leading/trailing whitespace in login names when using LDAP
      authentication.
    - References:
      CAN-2005-0173
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces
  * debian/patches/27-http-header-parsing.dpatch:
    - Reject malformed HTTP requests and responses that conflict with the HTTP
      specifications. This avoids cache pollution.
    - References:
      CAN-2005-0174
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing
  * debian/patches/28-response-splitting.dpatch:
    - Strengthen Squid from HTTP response splitting cache pollution attack.
    - References:
      CAN-2005-0175
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting
  * debian/patches/29-wcpp-buffer-overflow.dpatch:
    - Fix buffer overflow in src/wccp.c triggered by overly long WCCP packets.
    - References:
      CAN-2005-0211
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow
  * SECURITY UPDATE: Fix several DoS vulnerabilities found by infamous41md.
    Fixes based on upstream supplied patches, but these changed lots of
    irrelevant stuff, so they were trimmed down.
  * debian/patches/22-gopher_html_parsing.dpatch:
    - Avoid buffer overflow if a malicious Gopher server sends a line bigger
      than 4096 characters.
    - References:
      CAN-2005-0094
      http://www.squid-cache.org/Advisories/SQUID-2005_1.txt
  * debian/patches/23-wccp-denial-of-service.dpatch:
    - Fix crash when receiving malformed WCCP packages with spoofed source
      addresses.
    - References:
      CAN-2005-0095
      http://www.squid-cache.org/Advisories/SQUID-2005_2.txt
  * debian/patches/24-fakeauth_auth-crash.dpatch:
    - Check for NULL return value of ntlmGetString() (which happens on
      malformed NTLM type 3 packages) before using the pointer.
    - References:
      http://secunia.com/advisories/13789
      CAN-2005-0097
  * debian/patches/debian/patches/25-fakeauth_auth-memleak.dpatch:
    - Free cleartext buffer after using it to fix memory leak.
    - References:
      CAN-2005-0096
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth
  * rebuilt debian/patches/21-asn-negative-length.dpatch with the Warty
    version of dpatch; the Hoary version messed it up
  * SECURITY UPDATE to fix several DoS vulnerabilities.
  * debian/patches/20-ntlm-fetch-string.dpatch:
    - The ntlm_fetch_string and ntlm_get_string functions, with NTLM
      authentication enabled, allowed remote attackers to cause a denial of
      service (application crash) via an NTLMSSP packet that causes a negative
      value to be passed to memcpy.
    - Patch taken from Debian package version 2.5.6-8, also at
      http://www.squid-cache.org/bugs/show_bug.cgi?id=1045
    - CAN-2004-0832
  * debian/patches/21-asn-negative-length.dpatch:
    - The asn_parse_header function (asn1.c) in the SNMP module allowed remote
      attackers to cause a denial of service (server restart with dropping
      all open connections) via certain SNMP packets with negative length
      fields that causes a memory allocation error.
    - Patch backported from stable release 2.5.7.
    - CAN-2004-0918

applied/ubuntu/warty 2005-12-20 15:52:23 UTC 2005-12-20
Import patches-applied version 2.5.5-6 to applied/ubuntu/warty

Author: Luigi Gangitano
Author Date: 2004-06-18 16:30:33 UTC

Import patches-applied version 2.5.5-6 to applied/ubuntu/warty

Imported using git-ubuntu import.

Unapplied parent: 6ee4ae76352c4b83aeff42f8ad1072c15fdf5b1c

ubuntu/warty 2005-12-20 15:52:23 UTC 2005-12-20
Import patches-unapplied version 2.5.5-6 to ubuntu/warty

Author: Luigi Gangitano
Author Date: 2004-06-18 16:30:33 UTC

Import patches-unapplied version 2.5.5-6 to ubuntu/warty

Imported using git-ubuntu import.

101156 of 156 results

Other repositories

Name Last Modified
lp:ubuntu/+source/squid 2019-07-19
lp:~ahasenack/ubuntu/+source/squid 2019-07-18
lp:~racb/ubuntu/+source/squid 2018-11-27
13 of 3 results
You can't create new repositories for squid in Ubuntu.