Author: Tiago Stürmer Daitx
Revision Date: 2015-10-14 02:54:20 UTC

d/squid3.upstart: Use SIGINT to terminate squid and wait at most 40
seconds for it to finish. (LP: #1073478)

Author: Tiago Stürmer Daitx
Revision Date: 2015-10-14 02:54:20 UTC

d/squid3.upstart: Use SIGINT to terminate squid and wait at most 40
seconds for it to finish. (LP: #1073478)

Author: Steve Langasek
Revision Date: 2015-10-09 00:29:47 UTC

[ Tiago Stürmer Daitx ]
* d/patches/fix-logical-not-parentheses-warning.patch: Fix warning for
  logical-not-parentheses which caused squid to FTBFS. (LP: #1496924)
* d/patches/netfilter_fix.patch: Backported from Squid Bug #4323.
  (LP: #1496223)
* d/patches/fix-pod2name-pipe-failure.patch: Add --name parameter to
  pod2man (LP: #1501566)
* roll back build-dependency to libecap2-dev, this version of squid3 is not
  compatible with libecap3 and libecap3 transition has been rolled back for
  wily.

Author: Steve Langasek
Revision Date: 2015-10-09 00:29:47 UTC

[ Tiago Stürmer Daitx ]
* d/patches/fix-logical-not-parentheses-warning.patch: Fix warning for
  logical-not-parentheses which caused squid to FTBFS. (LP: #1496924)
* d/patches/netfilter_fix.patch: Backported from Squid Bug #4323.
  (LP: #1496223)
* d/patches/fix-pod2name-pipe-failure.patch: Add --name parameter to
  pod2man (LP: #1501566)
* roll back build-dependency to libecap2-dev, this version of squid3 is not
  compatible with libecap3 and libecap3 transition has been rolled back for
  wily.

Author: Rolf Leggewie
Revision Date: 2015-07-01 15:25:59 UTC

d/patches/fix-caching-vary-header.patch: Added upstream patch
for the bug which prevented squid from caching responses with
Vary header. (LP: #1336742) Based on work by Oleg Strikov.

Author: Serge Hallyn
Revision Date: 2015-04-02 11:12:27 UTC

Add versioned dependency on init-system-helpers (>> 1.22ubuntu5) to ensure
we have the apparmor-profile-load script at boot time. (LP: #1432683)

Author: Serge Hallyn
Revision Date: 2015-04-02 11:12:27 UTC

Add versioned dependency on init-system-helpers (>> 1.22ubuntu5) to ensure
we have the apparmor-profile-load script at boot time. (LP: #1432683)

Author: Jorge Niedbalski
Revision Date: 2014-11-18 14:47:33 UTC

* SECURITY UPDATE: Fix various ICMP handling issues in Squid pinger.
  (LP: #1384943)
  - CVE-2014-7141
  - CVE-2014-7142

Author: Jorge Niedbalski
Revision Date: 2014-11-18 14:47:33 UTC

* SECURITY UPDATE: Fix various ICMP handling issues in Squid pinger.
  (LP: #1384943)
  - CVE-2014-7141
  - CVE-2014-7142

Author: Jorge Niedbalski
Revision Date: 2014-11-18 15:03:54 UTC

* SECURITY UPDATE: Fix various ICMP handling issues in Squid pinger.
  (LP: #1384943)
  - CVE-2014-7141
  - CVE-2014-7142

Author: Jorge Niedbalski
Revision Date: 2014-11-18 17:48:11 UTC

[changelog] Fix various ICMP handling issues in Squid pinger.

Author: Jamie Strandboge
Revision Date: 2014-08-26 13:55:57 UTC

* SECURITY UPDATE: Ignore Range headers with unidentifiable byte-range
  values
  - debian/patches/CVE-2014-3609.patch: adjust src/HttpHdrRange.cc to
    return an error if unable to determine the byte value for ranges
  - CVE-2014-3609

Author: Jamie Strandboge
Revision Date: 2014-08-26 13:55:57 UTC

* SECURITY UPDATE: Ignore Range headers with unidentifiable byte-range
  values
  - debian/patches/CVE-2014-3609.patch: adjust src/HttpHdrRange.cc to
    return an error if unable to determine the byte value for ranges
  - CVE-2014-3609

Author: Jamie Strandboge
Revision Date: 2014-08-26 13:51:07 UTC

* SECURITY UPDATE: Ignore Range headers with unidentifiable byte-range
  values
  - debian/patches/CVE-2014-3609.patch: adjust src/HttpHdrRange.cc to
    return an error if unable to determine the byte value for ranges
  - CVE-2014-3609

Author: Jamie Strandboge
Revision Date: 2014-08-26 13:51:07 UTC

* SECURITY UPDATE: Ignore Range headers with unidentifiable byte-range
  values
  - debian/patches/CVE-2014-3609.patch: adjust src/HttpHdrRange.cc to
    return an error if unable to determine the byte value for ranges
  - CVE-2014-3609

Author: Michael Nelson
Revision Date: 2014-07-03 13:12:46 UTC

Apply patch for squid bug #3806 which doesn't land upstream until 3.3.12 (LP: #1336742)

Author: Adam Conrad
Revision Date: 2014-02-17 20:13:30 UTC

debian/rules: Force -O2 to work around build failure with -O3.

Author: Dimitri John Ledkov
Revision Date: 2013-12-11 10:57:33 UTC

Enable parallel build

Author: Yolanda Robla
Revision Date: 2013-11-11 09:06:19 UTC

patching configure.ac file

Author: James Page
Revision Date: 2013-09-02 15:50:41 UTC

d/tests/squid: Disable seccomp sandboxing in vsftpd until it works
reliably (http://pad.lv/1219857), restart vsftpd using service
command.

Author: James Page
Revision Date: 2013-09-02 15:50:41 UTC

d/tests/squid: Disable seccomp sandboxing in vsftpd until it works
reliably (http://pad.lv/1219857), restart vsftpd using service
command.

Author: Yolanda Robla
Revision Date: 2013-07-16 12:22:06 UTC

debian/tests/test-squid.py: fixed case problem with ftp test

Author: Yolanda Robla
Revision Date: 2013-06-14 15:49:48 UTC

debian/tests: updated ftp tests

Author: Yolanda Robla
Revision Date: 2013-06-07 09:41:47 UTC

fixes in start/stop

Author: Yolanda Robla
Revision Date: 2013-05-27 12:10:48 UTC

* debian/rules: fix FTBFS, removed --with-cppunit-basedir flag
* debian/tests: autopkgtests

Author: Jamie Strandboge
Revision Date: 2013-02-06 11:37:29 UTC

fix FTBFS with newer glibc (LP: #1117517)

Author: Jamie Strandboge
Revision Date: 2013-02-06 11:37:29 UTC

fix FTBFS with newer glibc (LP: #1117517)

Author: Seth Arnold
Revision Date: 2013-01-28 17:44:23 UTC

* SECURITY UPDATE: denial of service via cachemgr.cgi insufficient input
  validation
  - debian/patches/98-CVE-2012-5643.patch: modify cachemgr.cc to properly
    free memory and handle input in chunks
  - Based on
    http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2012_1.patch
  - CVE-2012-5643
  - CVE-2013-0189

Author: Seth Arnold
Revision Date: 2013-01-28 17:44:23 UTC

* SECURITY UPDATE: denial of service via cachemgr.cgi insufficient input
  validation
  - debian/patches/98-CVE-2012-5643.patch: modify cachemgr.cc to properly
    free memory and handle input in chunks
  - Based on
    http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2012_1.patch
  - CVE-2012-5643
  - CVE-2013-0189

Author: Seth Arnold
Revision Date: 2013-01-30 10:45:17 UTC

* SECURITY UPDATE: denial of service via cachemgr.cgi insufficient input
  validation
  - debian/patches/98-CVE-2012-5643.dpatch: modify cachemgr.cc to properly
    free memory and handle input in chunks
  - Based on
    http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2012_1.patch
  - CVE-2012-5643
  - CVE-2013-0189

Author: Seth Arnold
Revision Date: 2013-01-30 10:45:17 UTC

* SECURITY UPDATE: denial of service via cachemgr.cgi insufficient input
  validation
  - debian/patches/98-CVE-2012-5643.dpatch: modify cachemgr.cc to properly
    free memory and handle input in chunks
  - Based on
    http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2012_1.patch
  - CVE-2012-5643
  - CVE-2013-0189

Author: Stefan Bader
Revision Date: 2012-06-22 14:18:00 UTC

* Merge from Debian testing (LP: #1016560). Remaining changes:
  + debian/control:
    - Update maintainer.
    - Suggests apparmor (>= 2.3)
    - Depends on ssl-cert ((>= 1.0-11ubuntu1)
    - Add transitional dummy packages
  + debian/squid3.upstart
    - Move ulimit command to script section so that it applies
      to the started squid daemon. Thanks to Timur Irmatov (LP: 986159)
    - Work around squid not handling SIGHUP by adding respawn to
      upstart job. (LP: 978356)
  + debian/NEWS.Debian: Rename NEWS.debian, add note regarding squid3
    transition in 12.04 (LP: 924739)
  + debian/rules
    - Re-enable all hardening options lost in the squid->squid3
      transition (LP: 986314)
  + squid3.resolvconf, debian/squid3.postinst, debian/squid3.postrm,
    debian/squid3.preinst, debian/squid3.prerm:
    - Convert init script to upstart
  + debian/patches/99-ubuntu-ssl-cert-snakeoil:
    - Use snakeoil certificates.
  + debian/logrotate
    - Use sar-reports rather than sarg-maint. (LP: 26616)
  + debian/patches/90-cf.data.ubuntu.dpatch:
    - Add an example refresh pattern for debs.
      (foundations-lucid-local-report spec)
  + Add disabled by default AppArmor profile (LP: 497790)
    - debian/squid3.upstart: load profile in pre-start stanza
    - add debian/usr.sbin.squid3 profile
    - debian/rules:
      + install debian/usr.sbin.squid3, etc/apparmor.d/force-complain and
        etc/apparmor.d/disable into $(INSTALLDIR)
      + use dh_apparmor
    - debian/squid3.install: install etc/apparmor.d/disable, force-complain
      and usr.sbin.squid3
    - debian/squid3.preinst: disable profile on clean install or upgrades
      from earlier than when we shipped the profile

Author: Steve Beattie
Revision Date: 2012-04-20 11:09:46 UTC

* debian/rules: re-enable all hardening options lost in the
  squid->squid3 transition (LP: #986314)
* debian/squid3.upstart: move ulimit command to script section
  so that it applies to the started squid daemon. Thanks to Timur
  Irmatov (LP: #986159)

Author: Clint Byrum
Revision Date: 2012-04-20 23:13:11 UTC

d/p/ignore-sighup-early.patch: Ignore SIGHUP while initializing so
resolvconf doesn't actually kill squid when network is initialized.
(LP: #978356)

Author: Adam Gandelman
Revision Date: 2012-04-12 20:59:00 UTC

debian/NEWS.Debian: Rename NEWS.debian, add note regarding squid3
transition in 12.04 (LP: #924739)

Author: Bryce Harrington
Revision Date: 2012-03-22 16:09:42 UTC

Add 16-skip-read-if-closed.dpatch: Check if connection is still open
and bail out if not before attempting to read more data. Fixes crash
in squid proxy with message, assertion failed: comm.cc:349:
"!fd_table[fd].closing()". Patch is a cherrypick of an upstream
patch to fix Squid Bug 3131.
(LP: #955883)

Author: Mahyuddin Susanto
Revision Date: 2012-01-18 12:46:59 UTC

* SECURITY UPDATE: Fix DoS (assertion failure) via a crafted DNS packet
  that only contains header. (LP: #907686)
  - debian/patches/CVE-2010-0308.dpatch: patch derived from upstream.
  - CVE-2010-0308
* SECURITY UDPATE: Fix DoS (NULL pointer dereference and daemon crash) via
  crafted packets to the HTCP port. (LP: #907690)
  - debian/patches/CVE-2010-0639.dpatch: patch derived from upstream.
  - CVE-2010-0639
* SECURITY UPDATE: Fix DoS (memory corruption and daemon restart) or possibly
  have unspecified other impact via a long line in a response by remote
  Gopher servers. (LP: #907687)
  - debian/patches/CVE-2011-3205.dpatch: patch derived from upstream.
  - CVE-2011-3205

Author: Mahyuddin Susanto
Revision Date: 2012-01-18 12:46:59 UTC

* SECURITY UPDATE: Fix DoS (assertion failure) via a crafted DNS packet
  that only contains header. (LP: #907686)
  - debian/patches/CVE-2010-0308.dpatch: patch derived from upstream.
  - CVE-2010-0308
* SECURITY UDPATE: Fix DoS (NULL pointer dereference and daemon crash) via
  crafted packets to the HTCP port. (LP: #907690)
  - debian/patches/CVE-2010-0639.dpatch: patch derived from upstream.
  - CVE-2010-0639
* SECURITY UPDATE: Fix DoS (memory corruption and daemon restart) or possibly
  have unspecified other impact via a long line in a response by remote
  Gopher servers. (LP: #907687)
  - debian/patches/CVE-2011-3205.dpatch: patch derived from upstream.
  - CVE-2011-3205

Author: Mahyuddin Susanto
Revision Date: 2011-12-22 21:54:02 UTC

* SECURITY UPDATE: Fix DoS (memory corruption and daemon restart) or possibly
  have unspecified other impact via a long line in a response by remote
  Gopher servers. (LP: #907687)
  - debian/patches/CVE-2011-3205.dpatch: patch derived from upstream.
  - CVE-2011-3205
* SECURITY UPDATE: Fix DoS (daemon abort) via DNS reply containing a CNAME
  record that references another CNAME record that contains an empty A record.
  - debian/patches/CVE-2011-4096.dpatch
  - CVE-2011-4096

Author: Mahyuddin Susanto
Revision Date: 2011-12-22 21:55:40 UTC

* SECURITY UPDATE: Fix DoS (memory corruption and daemon restart) or possibly
  have unspecified other impact via a long line in a response by remote
  Gopher servers. (LP: #907687)
  - debian/patches/CVE-2011-3205.dpatch: patch derived from upstream.
  - CVE-2011-3205
* SECURITY UPDATE: Fix DoS (daemon abort) via DNS reply containing a CNAME
  record that references another CNAME record that contains an empty A record.
  - debian/patches/CVE-2011-4096.dpatch
  - CVE-2011-4096

Author: Mahyuddin Susanto
Revision Date: 2011-12-22 21:54:02 UTC

* SECURITY UPDATE: Fix DoS (memory corruption and daemon restart) or possibly
  have unspecified other impact via a long line in a response by remote
  Gopher servers. (LP: #907687)
  - debian/patches/CVE-2011-3205.dpatch: patch derived from upstream.
  - CVE-2011-3205
* SECURITY UPDATE: Fix DoS (daemon abort) via DNS reply containing a CNAME
  record that references another CNAME record that contains an empty A record.
  - debian/patches/CVE-2011-4096.dpatch
  - CVE-2011-4096

Author: Mahyuddin Susanto
Revision Date: 2011-12-22 21:55:40 UTC

* SECURITY UPDATE: Fix DoS (memory corruption and daemon restart) or possibly
  have unspecified other impact via a long line in a response by remote
  Gopher servers. (LP: #907687)
  - debian/patches/CVE-2011-3205.dpatch: patch derived from upstream.
  - CVE-2011-3205
* SECURITY UPDATE: Fix DoS (daemon abort) via DNS reply containing a CNAME
  record that references another CNAME record that contains an empty A record.
  - debian/patches/CVE-2011-4096.dpatch
  - CVE-2011-4096

Author: Ben Howard
Revision Date: 2011-12-06 15:18:49 UTC

[ Ben Howard ]
  * Synced from Debian. (LP: #891433)
[ Luigi Gangitano <luigi@debian.org> ]
  * New upstream release
  * Changed source format to 3.0 (quilt)
  * debian/squid3.rc
    - Added LSB compliant option to init script (Closes: #645780)
     Thanks to Fredrik Eriksson

Author: Adam Gandelman
Revision Date: 2011-11-17 22:16:27 UTC

* debian/squid3.upstart: Modify to better reflect functionality of Debian's
  squid3.rc
* debian/rules: Fix permissions on upstart job

Author: Luigi Gangitano
Revision Date: 2011-07-09 17:58:46 UTC

* New upstream release
  - Fixes FTBFS with GCC 4.6 (Closes: #625405)
  - Fixes issue with IPv4/IPv6 DNS resolution (Closes: #604566)
  - Fixes issue with IPv6 resolution in access.log (Closes: #604832)

* debian/control
  - Bumped Standard-Version to 3.9.2, no change needed

* debian/squid.rc
  - Fixed init script preventing alterate cache dir from being created
    (Closes: #623935)

Author: Luigi Gangitano
Revision Date: 2011-02-15 01:46:19 UTC

* New upstream release

* debian/patches/18-gcc-4.5-fix
  - Added upstream fix for gcc 4.5 building (Closes: #613153)

Author: Jamie Strandboge
Revision Date: 2010-10-04 14:48:04 UTC

fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2010-10-04 14:48:04 UTC

fake sync from Debian

Author: Alessio Treglia
Revision Date: 2010-09-20 15:53:45 UTC

* Merge with Debian unstable, Ubuntu remaining changes:
  - Provide ufw profile.

Author: Luigi Gangitano
Revision Date: 2009-02-06 20:23:57 UTC

* Urgency high due to security fixes

* debian/patches/11-SQUID-2009-1
  - Added upstream patch fixing Denial of Service in request processing
    (Ref: SQUID-2009-1, CVE: TBA)

Author: Michael Bienia
Revision Date: 2008-07-15 11:26:02 UTC

* Apply upstream patch to fix errors about unused return values
  (fixes a FTBFS; LP: #248318).
  Thanks to Amos Jeffries for providing the patch.
* debian/control:
  + Modify Maintainer value to match DebianMaintainerField spec.

Author: Loïc Minier
Revision Date: 2008-02-29 16:36:55 UTC

Fix bashism in rules.

Author: Luigi Gangitano
Revision Date: 2007-05-13 16:03:16 UTC

* New upstream release
  - Removed patches integrated upsteam:
    + 04-m68k-ftbfs

* debian/rules
  - Enable delay pools (Closes: #410785)
  - Enable cache digests (Closes: #416631)
  - Enable ICAP client
  - Raised Max Filedescriptor limit to 65536

* debian/control
  - Added real package dependency for httpd in squid3-cgi

* debian/patches/02-makefile-defaults
  - Fix default configuration file for cachemgr.cgi (Closes: #416630)

* debian/squid3.postinst
  - Fixed bashish in postinst (Closes: #411797)

* debian/patches/05-helpers-typo
  - Added upstream patch fixing compilation error in src/helpers.cc

* debian/patches/06-mem-obj-reference
  - Added upstream patch fixing a mem_obj reference in src/store.cc

* debian/patches/07-close-icap-connections
  - Added upstream patch fixing icap connection starvation

* debian/squid3.rc
  - Added LSB-compliant description to rc script

Author: Luigi Gangitano
Revision Date: 2006-11-30 16:27:26 UTC

* debian/control
  - Revert dependency on libsasl2-2-dev to libsasl2-dev (Closes: #401292)

Author: Luigi Gangitano
Revision Date: 2009-09-20 01:33:00 UTC

* New upstream release
  - Fixes DoS in exthernal auth header parser (Ref: CVE-2009-2855)

* debian/squid.rc
  - Fixed dependencies in init.d script, thanks to Petter Reinholdtsen
    (Closes: #546362)

* debian/control
 - Bumped Standard-Version to 3.8.3, no change needed

Author: Luigi Gangitano
Revision Date: 2009-08-09 00:28:56 UTC

* New upstream release
  - Removed patches integrated upstream
    + 12-gcc44-fixes
    + 13-signed-unsigned-fixes
    + SQUID-2009-2

* debian/rules
  - Enable ARP ACLs (Closes: #538023)
  - Enable SNMP support (Closes: #537187)

* debian/control
  - Fix dependency for squid3-dbg on squid3 =${binary:Version}
  - Added dependency of squid3-dbg on ${misc:Depends}

* debian/squid3-common.postinst
  - Added DEBHELPER placeholder

Author: Jamie Strandboge
Revision Date: 2008-02-01 17:36:16 UTC

[ Chuck Short ]
* SECURITY UPDATE: Clean up squid cache correctly.
* Add CVE-2007-6239.dpatch
* References:
  CVE-2007-6239

[ Jamie Strandboge ]
* Modify Maintainer value to match the DebianMaintainerField
  specification.

Author: Jamie Strandboge
Revision Date: 2008-02-01 17:36:16 UTC

[ Chuck Short ]
* SECURITY UPDATE: Clean up squid cache correctly.
* Add CVE-2007-6239.dpatch
* References:
  CVE-2007-6239

[ Jamie Strandboge ]
* Modify Maintainer value to match the DebianMaintainerField
  specification.

Author: Jamie Strandboge
Revision Date: 2008-02-01 17:37:35 UTC

[ Chuck Short ]
* SECURITY UPDATE: Clean up squid cache correctly.
* Add CVE-2007-6239.dpatch
* References:
  CVE-2007-6239

[ Jamie Strandboge ]
* Modify Maintainer value to match the DebianMaintainerField
  specification.

Author: Jamie Strandboge
Revision Date: 2008-02-01 17:37:35 UTC

[ Chuck Short ]
* SECURITY UPDATE: Clean up squid cache correctly.
* Add CVE-2007-6239.dpatch
* References:
  CVE-2007-6239

[ Jamie Strandboge ]
* Modify Maintainer value to match the DebianMaintainerField
  specification.