~paelzer/ubuntu/+source/squid3:lp-1792728-squid-apparmor-bionic

Branch merges

Propose for merging

Merged into ubuntu/+source/squid3:ubuntu/bionic-devel at revision 3523747c73a128e18d6c5ad2401a4f5666259649

Andreas Hasenack: Approve on 2018-09-28

Canonical Server: Pending requested 2018-09-28

git-ubuntu developers: Pending requested 2018-09-28

Diff: 29 lines (+9/-1)

2 files modified

debian/changelog (+8/-0)
debian/usr.sbin.squid (+1/-1)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

3523747... by Christian Ehrhardt  on 2018-09-28

changelog: Update apparmor profile to grant read access to squid binary (LP: #1792728)

Signed-off-by: Christian Ehrhardt <email address hidden>

5e5a73e... by Simon Déziel on 2018-09-15

* Update apparmor profile to grant read access to squid binary (LP: #1792728)

25e9cf3... by Andreas Hasenack on 2018-02-27

Import patches-unapplied version 3.5.27-1ubuntu1 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 9660b56a2b6dafa47ee96889d714b56e3fa2c4b0
Upload parent: d34e93acdd3c7d98a3c76e536d15ee625266f6c5

New changelog entries:
  * Merge with Debian unstable (LP: #1751286). Remaining changes:
    - Add additional dep8 tests.
    - Use snakeoil certificates.
    - Add an example refresh pattern for debs.
    - Add disabled by default AppArmor profile.
    - Enable autoreconf. This is no longer required for the security updates,
      but is needed for the seddery of test-suite/Makefile.am in
      d/t/upstream-test-suite.
    - Correct attribution and add explanatory note in d/NEWS.debian.
    - Drop Conflicts/Replaces of squid against squid3. In Ubuntu, the migration
      happened in Xenial, so no upgrade path still requires this code. This
      reduces upgrade ordering difficulty.
    - Adjust seddery for upstream test squid binary location.
    - Revert "Set pidfile for systemd's sysv-generator" from Debian.
    - Drop wrong short-circuiting of various invocations; we always want to
      call the debhelper block.
    - GCC7 FTBFS fixes (LP #1712668):
      + d/rules: don't error when hitting the "deprecated" and
       "format-truncation" gcc7 warnings. Upstream 3.5.27 has fixes for these,
       but one in Format.cc that affects 32bit builds was deemed too intrusive
       for the 3.5 stable series and is only in squid 4.x
  * Dropped changes:
    - debian/patches/gcc7-squidpurge-4695.patch: GCC 7 build errors.
      Thanks to Lubos Uhliarik <email address hidden>.
      [Already applied upstream]
    - debian/patches/gcc7-assert-wants-boolean.patch: assert() takes a
      boolean. Thanks to Amos Jeffries <email address hidden>
      [Already applied upstream]
    - SECURITY UPDATE: denial of service in ESI Response processing
      + debian/patches/CVE-2018-1000024.patch: make sure endofName never
        exceeds tagEnd in src/esi/CustomParser.cc.
      + CVE-2018-1000024
        [Added in 3.5.27-1]
    - SECURITY UPDATE: denial of service in in HTTP Message processing
      + debian/patches/CVE-2018-1000027.patch: fix indirect IP logging for
        transactions without a client connection in
        src/client_side_request.cc.
      + CVE-2018-1000027
        [Included in 3.5.27-1]
  * Added changes:
    - Do not force gcc-6

d34e93a... by Andreas Hasenack on 2018-02-27

update-maintainer

2def68f... by Andreas Hasenack on 2018-02-27

reconstruct-changelog

777e35b... by Andreas Hasenack on 2018-02-27

merge-changelogs

22428ae... by Andreas Hasenack on 2018-02-23

  * Added changes:
    - Do not force gcc-6

a99ef04... by Andreas Hasenack on 2018-02-23

    - SECURITY UPDATE: denial of service in in HTTP Message processing
      + debian/patches/CVE-2018-1000027.patch: fix indirect IP logging for
        transactions without a client connection in
        src/client_side_request.cc.
      + CVE-2018-1000027
        [Included in 3.5.27-1]

896fc44... by Andreas Hasenack on 2018-02-23

    - SECURITY UPDATE: denial of service in ESI Response processing
      + debian/patches/CVE-2018-1000024.patch: make sure endofName never
        exceeds tagEnd in src/esi/CustomParser.cc.
      + CVE-2018-1000024
        [Added in 3.5.27-1]

c0c1345... by Andreas Hasenack on 2018-02-23

    - debian/patches/gcc7-assert-wants-boolean.patch: assert() takes a
      boolean. Thanks to Amos Jeffries <email address hidden>
      [Already applied upstream]