~sdeziel/ubuntu/+source/squid3:apparmor-lp1792728

Last commit made on 2018-09-15
Get this branch:
git clone -b apparmor-lp1792728 https://git.launchpad.net/~sdeziel/ubuntu/+source/squid3
Only Simon Déziel can upload to this branch. If you are Simon Déziel please log in for upload directions.

Branch merges

Branch information

Name:
apparmor-lp1792728
Repository:
lp:~sdeziel/ubuntu/+source/squid3

Recent commits

756e69a... by Simon Déziel on 2018-09-15

changelog

38c970f... by Simon Déziel on 2018-09-15

* Update apparmor profile to grant read access to squid binary (LP: #1792728)

25e9cf3... by Andreas Hasenack on 2018-02-27

Import patches-unapplied version 3.5.27-1ubuntu1 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 9660b56a2b6dafa47ee96889d714b56e3fa2c4b0
Upload parent: d34e93acdd3c7d98a3c76e536d15ee625266f6c5

New changelog entries:
  * Merge with Debian unstable (LP: #1751286). Remaining changes:
    - Add additional dep8 tests.
    - Use snakeoil certificates.
    - Add an example refresh pattern for debs.
    - Add disabled by default AppArmor profile.
    - Enable autoreconf. This is no longer required for the security updates,
      but is needed for the seddery of test-suite/Makefile.am in
      d/t/upstream-test-suite.
    - Correct attribution and add explanatory note in d/NEWS.debian.
    - Drop Conflicts/Replaces of squid against squid3. In Ubuntu, the migration
      happened in Xenial, so no upgrade path still requires this code. This
      reduces upgrade ordering difficulty.
    - Adjust seddery for upstream test squid binary location.
    - Revert "Set pidfile for systemd's sysv-generator" from Debian.
    - Drop wrong short-circuiting of various invocations; we always want to
      call the debhelper block.
    - GCC7 FTBFS fixes (LP #1712668):
      + d/rules: don't error when hitting the "deprecated" and
       "format-truncation" gcc7 warnings. Upstream 3.5.27 has fixes for these,
       but one in Format.cc that affects 32bit builds was deemed too intrusive
       for the 3.5 stable series and is only in squid 4.x
  * Dropped changes:
    - debian/patches/gcc7-squidpurge-4695.patch: GCC 7 build errors.
      Thanks to Lubos Uhliarik <email address hidden>.
      [Already applied upstream]
    - debian/patches/gcc7-assert-wants-boolean.patch: assert() takes a
      boolean. Thanks to Amos Jeffries <email address hidden>
      [Already applied upstream]
    - SECURITY UPDATE: denial of service in ESI Response processing
      + debian/patches/CVE-2018-1000024.patch: make sure endofName never
        exceeds tagEnd in src/esi/CustomParser.cc.
      + CVE-2018-1000024
        [Added in 3.5.27-1]
    - SECURITY UPDATE: denial of service in in HTTP Message processing
      + debian/patches/CVE-2018-1000027.patch: fix indirect IP logging for
        transactions without a client connection in
        src/client_side_request.cc.
      + CVE-2018-1000027
        [Included in 3.5.27-1]
  * Added changes:
    - Do not force gcc-6

d34e93a... by Andreas Hasenack on 2018-02-27

update-maintainer

2def68f... by Andreas Hasenack on 2018-02-27

reconstruct-changelog

777e35b... by Andreas Hasenack on 2018-02-27

merge-changelogs

22428ae... by Andreas Hasenack on 2018-02-23

  * Added changes:
    - Do not force gcc-6

a99ef04... by Andreas Hasenack on 2018-02-23

    - SECURITY UPDATE: denial of service in in HTTP Message processing
      + debian/patches/CVE-2018-1000027.patch: fix indirect IP logging for
        transactions without a client connection in
        src/client_side_request.cc.
      + CVE-2018-1000027
        [Included in 3.5.27-1]

896fc44... by Andreas Hasenack on 2018-02-23

    - SECURITY UPDATE: denial of service in ESI Response processing
      + debian/patches/CVE-2018-1000024.patch: make sure endofName never
        exceeds tagEnd in src/esi/CustomParser.cc.
      + CVE-2018-1000024
        [Added in 3.5.27-1]

c0c1345... by Andreas Hasenack on 2018-02-23

    - debian/patches/gcc7-assert-wants-boolean.patch: assert() takes a
      boolean. Thanks to Amos Jeffries <email address hidden>
      [Already applied upstream]