Ubuntu
squid package

Merge ~sergiodj/ubuntu/+source/squid:squid-merge-4.12-1 into ubuntu/+source/squid:debian/sid

  1. Git
  2. lp:~sergiodj/ubuntu/+source/squid
  3. squid-merge-4.12-1
  4. Merge into debian/sid
Proposed by Sergio Durigan Junior
Status: Merged
Approved by: Andreas Hasenack
Approved revision: db0be8a903e911be4fa27b1fe29ad5c57590291b
Merge reported by: Sergio Durigan Junior
Merged at revision: db0be8a903e911be4fa27b1fe29ad5c57590291b
Proposed branch: ~sergiodj/ubuntu/+source/squid:squid-merge-4.12-1
Merge into: ubuntu/+source/squid:debian/sid
Diff against target: 802 lines (+688/-2)
7 files modified
debian/changelog (+493/-0)
debian/control (+3/-2)
debian/patches/0007-WCCP-Fix-GCC-10-Wstringop-truncation-failures.patch (+112/-0)
debian/patches/90-cf.data.ubuntu.patch (+22/-0)
debian/patches/99-ubuntu-ssl-cert-snakeoil.patch (+22/-0)
debian/patches/series (+3/-0)
debian/usr.sbin.squid (+33/-0)
Reviewer Review Type Date Requested Status
Andreas Hasenack Approve
Canonical Server Pending
Review via email: mp+389025@code.launchpad.net

Description of the change

This is the merge of squid 4.12.1 from Debian.

We're still keeping some of our existing delta. I'm taking a closer look at the patches we're carrying and checking which ones can be proposed upstream or to Debian.

As for the good news, we can drop a number of local modifications:

- No need to add -Wno-format-truncation to CXXFLAGS anymore; the build works normally on ppc64el on groovy now.

- Dropped 2 patches accepted by Debian which simplify and fix the postinst script.

- Dropped 1 patch acccepted by Debian which adjusts the 'test-squid.py' dep8 test.

I'm adding a patch needed to make the build pass on s390x; there's a GCC-10 FTBFS that happens there. This patch has already been proposed and accepted upstream:

  https://github.com/squid-cache/squid/pull/708/

autopkgtest is still happy:

autopkgtest [15:11:15]: @@@@@@@@@@@@@@@@@@@@ summary
upstream-test-suite PASS
squid PASS

To post a comment you must log in.
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

grabbing this

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Looks good, +1. You said you would still add a DEP3 header to d/p/90-cf.data.ubuntu.patch because you forwarded it to debian, right? Feel free to do that and commit, and then ping here when ready for sponsoring.

review: Approve
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

On Tuesday, August 11 2020, Andreas Hasenack wrote:

> Looks good, +1. You said you would still add a DEP3 header to
> d/p/90-cf.data.ubuntu.patch because you forwarded it to debian, right?
> Feel free to do that and commit, and then ping here when ready for
> sponsoring.

Thanks for the review, Andreas.

I have force-pushed the branch with the DEP3 header update now, so it's
ready for sponsorship.

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Tagging and uploading db0be8a903e911be4fa27b1fe29ad5c57590291b

$ git push pkg upload/4.12-1ubuntu1
Enumerating objects: 43, done.
Counting objects: 100% (43/43), done.
Delta compression using up to 4 threads
Compressing objects: 100% (32/32), done.
Writing objects: 100% (36/36), 11.59 KiB | 565.00 KiB/s, done.
Total 36 (delta 25), reused 7 (delta 4)
To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/squid
 * [new tag] upload/4.12-1ubuntu1 -> upload/4.12-1ubuntu1

$ dput ubuntu ../squid_4.12-1ubuntu1_source.changes
Checking signature on .changes
gpg: ../squid_4.12-1ubuntu1_source.changes: Valid signature from AC983EB5BF6BCBA9
Checking signature on .dsc
gpg: ../squid_4.12-1ubuntu1.dsc: Valid signature from AC983EB5BF6BCBA9
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading squid_4.12-1ubuntu1.dsc: done.
  Uploading squid_4.12.orig.tar.xz: done.
  Uploading squid_4.12-1ubuntu1.debian.tar.xz: done.
  Uploading squid_4.12-1ubuntu1_source.buildinfo: done.
  Uploading squid_4.12-1ubuntu1_source.changes: done.
Successfully uploaded packages.

Please follow its migration.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

This has migrated.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 345a140..c1c8b6b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,40 @@
1squid (4.12-1ubuntu1) groovy; urgency=medium
2
3 * Merge with Debian unstable. Remaining changes:
4 - d/usr.sbin.squid: Add sections for maas-proxy, squid-deb-proxy
5 squidguard
6 - d/p/90-cf.data.ubuntu.patch: Add an example refresh pattern
7 for debs.
8 - Use snakeoil certificates:
9 + d/control: add ssl-cert to dependencies
10 + d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
11 to the default config file
12 * Dropped changes, not needed anymore:
13 - d/rules: Add -Wno-format-truncation to CXXFLAGS as a workaround
14 if building for ppc64el. On that arch, dpkg-buildflags sets -O3
15 instead of -O2 and that triggers a format-truncation error on
16 pcon.cc. See https://bugs.squid-cache.org/show_bug.cgi?id=4875.
17 [ Dropped because the build now passes on ppc64el ]
18 * Dropped changes, incorporated by Debian:
19 - Don't restart squid by hand on postinst script
20 + d/squid.postinst: When installing/upgrading squid, the service
21 is being restarted manually in the postinst script, which can
22 break installations that have the squid apparmor enabled because
23 it will try to restart the service before reloading the apparmor
24 profile. There is no reason to restart squid manually, since the
25 restart will be automatically performed later.
26 - Drop conffile check for squid < 2.7
27 + d/squid.postinst: squid 2.7 is long, long gone, so it should be
28 safe to drop the postinst code to make sure that
29 /etc/squid/squid.conf was properly upgraded.
30 - d/tests/test-squid.py: Adjust 'pidfile' variable to reflect fact
31 that we now store the pidfile under '/run/squid/'.
32 * Added changes:
33 - d/p/0007-WCCP-Fix-GCC-10-Wstringop-truncation-failures.patch:
34 Fix GCC-10 build failure due to -Wstringop-truncation warning.
35
36 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 10 Aug 2020 11:20:46 -0400
37
1squid (4.12-1) unstable; urgency=high38squid (4.12-1) unstable; urgency=high
239
3 * Urgency high due to security fixes40 * Urgency high due to security fixes
@@ -35,6 +72,63 @@ squid (4.12-1) unstable; urgency=high
3572
36 -- Luigi Gangitano <luigi@debian.org> Wed, 1 Jul 2020 10:52:54 +020073 -- Luigi Gangitano <luigi@debian.org> Wed, 1 Jul 2020 10:52:54 +0200
3774
75squid (4.11-5ubuntu3) groovy; urgency=medium
76
77 * No change rebuild against new libnettle8 and libhogweed6 ABI.
78
79 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 29 Jun 2020 22:38:13 +0100
80
81squid (4.11-5ubuntu2) groovy; urgency=medium
82
83 * d/tests/test-squid.py: Adjust 'pidfile' variable to reflect fact
84 that we now store the pidfile under '/run/squid/'.
85
86 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 20 May 2020 10:32:32 -0400
87
88squid (4.11-5ubuntu1) groovy; urgency=medium
89
90 * Merge with Debian unstable. Remaining changes:
91 - d/usr.sbin.squid: Add sections for maas-proxy, squid-deb-proxy,
92 squidguard
93 - d/p/90-cf.data.ubuntu.patch: Add an example refresh pattern for
94 debs.
95 - Use snakeoil certificates:
96 + d/control: add ssl-cert to dependencies
97 + d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl to the
98 default config file
99 - d/rules: Add -Wno-format-truncation to CXXFLAGS as a workaround if
100 building for ppc64el. On that arch, dpkg-buildflags sets -O3 instead
101 of -O2 and that triggers a format-truncation error on pcon.cc. See See
102 https://bugs.squid-cache.org/show_bug.cgi?id=4875
103 * Dropped:
104 - d/p/drop-sysctl_h.patch: no longer include sysctl.h as it was
105 deprecated in glibc 2.30 (LP #1843325)
106 [ In 4.11-4 ]
107 - SECURITY UPDATE: multiple ESI issues
108 + debian/patches/CVE-2019-12519_12521.patch: convert parse exceptions
109 into 500 status response in src/esi/Context.h, src/esi/Esi.cc,
110 src/esi/Esi.h, src/esi/Expression.cc.
111 + CVE-2019-12519
112 [ In 4.11-4 ]
113 - SECURITY UPDATE: Digest Authentication nonce replay issue
114 + debian/patches/CVE-2020-11945.patch: fix auth digest refcount integer
115 overflow in src/auth/digest/Config.cc.
116 [ In 4.11-4 ]
117 * Added:
118 - Don't restart squid by hand on postinst script
119 + d/squid.postinst: When installing/upgrading squid, the service
120 is being restarted manually in the postinst script, which can
121 break installations that have the squid apparmor enabled because
122 it will try to restart the service before reloading the apparmor
123 profile. There is no reason to restart squid manually, since the
124 restart will be automatically performed later.
125 - Drop conffile check for squid < 2.7
126 + d/squid.postinst: squid 2.7 is long, long gone, so it should be
127 safe to drop the postinst code to make sure that
128 /etc/squid/squid.conf was properly upgraded.
129
130 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 19 May 2020 14:43:04 -0400
131
38squid (4.11-5) unstable; urgency=medium132squid (4.11-5) unstable; urgency=medium
39133
40 [ Sergio Durigan Junior <sergiodj@debian.org> ]134 [ Sergio Durigan Junior <sergiodj@debian.org> ]
@@ -113,6 +207,64 @@ squid (4.11-1) unstable; urgency=high
113207
114 -- Luigi Gangitano <luigi@debian.org> Thu, 23 Apr 2020 19:34:54 +0200208 -- Luigi Gangitano <luigi@debian.org> Thu, 23 Apr 2020 19:34:54 +0200
115209
210squid (4.10-1ubuntu2) groovy; urgency=medium
211
212 * SECURITY UPDATE: multiple ESI issues
213 - debian/patches/CVE-2019-12519_12521.patch: convert parse exceptions
214 into 500 status response in src/esi/Context.h, src/esi/Esi.cc,
215 src/esi/Esi.h, src/esi/Expression.cc.
216 - CVE-2019-12519
217 - CVE-2019-12521
218 * SECURITY UPDATE: Digest Authentication nonce replay issue
219 - debian/patches/CVE-2020-11945.patch: fix auth digest refcount integer
220 overflow in src/auth/digest/Config.cc.
221 - CVE-2020-11945
222
223 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 13 May 2020 09:51:10 -0400
224
225squid (4.10-1ubuntu1) focal; urgency=medium
226
227 * Merge with Debian unstable. Remaining changes:
228 - d/usr.sbin.squid: Add sections for maas-proxy, squid-deb-proxy,
229 squidguard
230 - d/p/90-cf.data.ubuntu.patch: Add an example refresh pattern for debs.
231 - Use snakeoil certificates:
232 + d/control: add ssl-cert to dependencies
233 + d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
234 to the default config file
235 - d/rules: Add -Wno-format-truncation to CXXFLAGS as a workaround if
236 building for ppc64el. On that arch, dpkg-buildflags sets -O3 instead of
237 -O2 and that triggers a format-truncation error on pcon.cc. See
238 See https://bugs.squid-cache.org/show_bug.cgi?id=4875
239 - d/p/drop-sysctl_h.patch: no longer include sysctl.h as it was
240 deprecated in glibc 2.30 (LP #1843325)
241 * Dropped:
242 - d/t/control, d/t/test-squid.py: remove gopher tests, as pygopherd is
243 no longer available in Focal (LP: #1858827)
244 [In 4.10-1, undocumented]
245 - d/t/test-squid.py, d/t/squid: switch to python3
246 [In 4.10-1, undocumented]
247 - d/t/control: depend on python3-minimal
248 [In 4.10-1, undocumented]
249 - SECURITY UPDATE: info disclosure via FTP server
250 + debian/patches/CVE-2019-12528.patch: fix FTP buffers handling in
251 src/clients/FtpGateway.cc.
252 + CVE-2019-12528
253 [Fixed upstream]
254 - SECURITY UPDATE: incorrect input validation and buffer management
255 + debian/patches/CVE-2020-84xx.patch: fix request URL generation in
256 reverse proxy configurations in src/client_side.cc.
257 + CVE-2020-8449
258 + CVE-2020-8450
259 [Fixed upstream]
260 - SECURITY UPDATE: DoS in NTLM authentication
261 + debian/patches/CVE-2020-8517.patch: improved username handling in
262 src/acl/external/LM_group/ext_lm_group_acl.cc.
263 + CVE-2020-8517
264 [Fixed upstream]
265
266 -- Andreas Hasenack <andreas@canonical.com> Tue, 25 Feb 2020 15:37:55 -0300
267
116squid (4.10-1) unstable; urgency=high268squid (4.10-1) unstable; urgency=high
117269
118 [ Amos Jeffries <amosjeffries@squid-cache.org> ]270 [ Amos Jeffries <amosjeffries@squid-cache.org> ]
@@ -134,6 +286,70 @@ squid (4.10-1) unstable; urgency=high
134286
135 -- Luigi Gangitano <luigi@debian.org> Tue, 10 Feb 2020 14:12:54 +0100287 -- Luigi Gangitano <luigi@debian.org> Tue, 10 Feb 2020 14:12:54 +0100
136288
289squid (4.9-2ubuntu4) focal; urgency=medium
290
291 * SECURITY UPDATE: info disclosure via FTP server
292 - debian/patches/CVE-2019-12528.patch: fix FTP buffers handling in
293 src/clients/FtpGateway.cc.
294 - CVE-2019-12528
295 * SECURITY UPDATE: incorrect input validation and buffer management
296 - debian/patches/CVE-2020-84xx.patch: fix request URL generation in
297 reverse proxy configurations in src/client_side.cc.
298 - CVE-2020-8449
299 - CVE-2020-8450
300 * SECURITY UPDATE: DoS in NTLM authentication
301 - debian/patches/CVE-2020-8517.patch: improved username handling in
302 src/acl/external/LM_group/ext_lm_group_acl.cc.
303 - CVE-2020-8517
304
305 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 19 Feb 2020 12:43:05 -0500
306
307squid (4.9-2ubuntu3) focal; urgency=medium
308
309 * No-change rebuild with fixed binutils on arm64.
310
311 -- Matthias Klose <doko@ubuntu.com> Sat, 08 Feb 2020 11:20:19 +0000
312
313squid (4.9-2ubuntu2) focal; urgency=medium
314
315 * d/t/control, d/t/test-squid.py: remove gopher tests, as pygopherd is
316 no longer available in Focal (LP: #1858827)
317 * d/t/test-squid.py, d/t/squid: switch to python3
318 * d/t/control: depend on python3-minimal
319
320 -- Andreas Hasenack <andreas@canonical.com> Wed, 08 Jan 2020 15:52:32 -0300
321
322squid (4.9-2ubuntu1) focal; urgency=medium
323
324 * Merge with Debian unstable. Remaining changes:
325 - Use snakeoil certificates.
326 - Add an example refresh pattern for debs.
327 - d/usr.sbin.squid: Add sections for maas-proxy, squid-deb-proxy,
328 squidguard
329 - d/rules: Add -Wno-format-truncation to CXXFLAGS as a workaround if
330 building for ppc64el. On that arch, dpkg-buildflags sets -O3 instead of
331 -O2 and that triggers a format-truncation error on pcon.cc. See
332 See https://bugs.squid-cache.org/show_bug.cgi?id=4875
333 - d/p/drop-sysctl_h.patch: no longer include sysctl.h as it was
334 deprecated in glibc 2.30 (LP #1843325)
335 * Dropped:
336 - d/rules: Only use -latomic with the intended architectures, instead of
337 all of them. This matches what was suggested in
338 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907106#5
339 [Fixed upstream]
340 - d/NEWS.debian: rename d/NEWS.debian to d/NEWS so that
341 dh_installchangelogs can pick it up. dh_installchangelogs handles
342 d/NEWS or d/<package>.NEWS, but not NEWS.debian.
343 [Fixed upstream]
344 - debian/patches/more-gcc-9-fixes.patch: switch to xstrncpy in
345 lib/smblib/smblib-util.c. (LP #1835831)
346 [Fixed upstream]
347 - d/t/test-squid.py: test_zz_apparmor(): bail early if securityfs isn't
348 mounted
349 [Fixed upstream]
350
351 -- Lucas Kanashiro <lucas.kanashiro@canonical.com> Thu, 14 Nov 2019 16:33:10 -0300
352
137squid (4.9-2) unstable; urgency=medium353squid (4.9-2) unstable; urgency=medium
138354
139 [ Andreas Hasenack <andreas@canonical.com> ]355 [ Andreas Hasenack <andreas@canonical.com> ]
@@ -190,6 +406,73 @@ squid (4.9-1) unstable; urgency=high
190406
191 -- Luigi Gangitano <luigi@debian.org> Sun, 10 Nov 2019 20:28:15 +0100407 -- Luigi Gangitano <luigi@debian.org> Sun, 10 Nov 2019 20:28:15 +0100
192408
409squid (4.8-1ubuntu3) focal; urgency=medium
410
411 * No-change rebuild against libnettle7
412
413 -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 31 Oct 2019 22:15:39 +0000
414
415squid (4.8-1ubuntu2) eoan; urgency=medium
416
417 * d/p/drop-sysctl_h.patch: no longer include sysctl.h as it was
418 deprecated in glibc 2.30 (LP: #1843325)
419
420 -- Andreas Hasenack <andreas@canonical.com> Mon, 09 Sep 2019 17:31:45 -0300
421
422squid (4.8-1ubuntu1) eoan; urgency=medium
423
424 * Merge with Debian unstable. Remaining changes:
425 - Use snakeoil certificates.
426 - Add an example refresh pattern for debs.
427 - d/usr.sbin.squid: Add sections for maas-proxy, squid-deb-proxy,
428 squidguard
429 - d/rules: Add -Wno-format-truncation to CXXFLAGS as a workaround if
430 building for ppc64el. On that arch, dpkg-buildflags sets -O3 instead of
431 -O2 and that triggers a format-truncation error on pcon.cc. See
432 See https://bugs.squid-cache.org/show_bug.cgi?id=4875
433 - d/rules: Only use -latomic with the intended architectures, instead of
434 all of them. This matches what was suggested in
435 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907106#5
436 - d/NEWS.debian: rename d/NEWS.debian to d/NEWS so that
437 dh_installchangelogs can pick it up. dh_installchangelogs handles
438 d/NEWS or d/<package>.NEWS, but not NEWS.debian.
439 - debian/patches/more-gcc-9-fixes.patch: switch to xstrncpy in
440 lib/smblib/smblib-util.c. (LP #1835831)
441 * Dropped:
442 - d/p/fix-rotate-assertion.patch: Fix assertion error when rotating logs.
443 Thanks to Vitaly Lavrov <vel21ripn@gmail.com>. (LP #1794553)
444 [Fixed upstream]
445 - debian/patches/413.patch: Fix gcc-9 build issues with upstream merged
446 patch
447 [Fixed upstream]
448 - SECURITY UPDATE: incorrect digest auth parameter parsing
449 + debian/patches/CVE-2019-12525.patch: check length in
450 src/auth/digest/Config.cc.
451 + CVE-2019-12525
452 [Fixed upstream]
453 - SECURITY UPDATE: buffer overflow in basic auth decoding
454 + debian/patches/CVE-2019-12527.patch: switch to SBuf in
455 src/HttpHeader.cc, src/HttpHeader.h, src/cache_manager.cc,
456 src/clients/FtpGateway.cc.
457 + CVE-2019-12527
458 [Fixed upstream]
459 - SECURITY UPDATE: basic auth uudecode length issue
460 + debian/patches/CVE-2019-12529.patch: replace uudecode with libnettle
461 base64 decoder in lib/Makefile.*, src/auth/basic/Config.cc,
462 include/uudecode.h, lib/uudecode.c.
463 + CVE-2019-12529
464 [Fixed upstream]
465 - SECURITY UPDATE: XSS issues in cachemgr.cgi
466 + debian/patches/CVE-2019-13345.patch: properly escape values in
467 tools/cachemgr.cc.
468 + CVE-2019-13345
469 [Fixed upstream]
470 * Added:
471 - d/t/test-squid.py: test_zz_apparmor(): bail early if securityfs isn't
472 mounted
473
474 -- Andreas Hasenack <andreas@canonical.com> Wed, 24 Jul 2019 16:38:59 -0300
475
193squid (4.8-1) unstable; urgency=high476squid (4.8-1) unstable; urgency=high
194477
195 [ Amos Jeffries <amosjeffries@squid-cache.org> ]478 [ Amos Jeffries <amosjeffries@squid-cache.org> ]
@@ -208,6 +491,86 @@ squid (4.8-1) unstable; urgency=high
208491
209 -- Luigi Gangitano <luigi@debian.org> Thu, 18 Jul 2019 22:28:15 +0200492 -- Luigi Gangitano <luigi@debian.org> Thu, 18 Jul 2019 22:28:15 +0200
210493
494squid (4.6-2ubuntu4) eoan; urgency=medium
495
496 * Fix gcc-9 issues (LP: #1835831)
497 - Remove -Wno-sizeof-pointer-memaccess -Wno-stringop-truncation
498 - debian/patches/more-gcc-9-fixes.patch: switch to xstrncpy in
499 lib/smblib/smblib-util.c.
500 * SECURITY UPDATE: incorrect digest auth parameter parsing
501 - debian/patches/CVE-2019-12525.patch: check length in
502 src/auth/digest/Config.cc.
503 - CVE-2019-12525
504 * SECURITY UPDATE: buffer overflow in basic auth decoding
505 - debian/patches/CVE-2019-12527.patch: switch to SBuf in
506 src/HttpHeader.cc, src/HttpHeader.h, src/cache_manager.cc,
507 src/clients/FtpGateway.cc.
508 - CVE-2019-12527
509 * SECURITY UPDATE: basic auth uudecode length issue
510 - debian/patches/CVE-2019-12529.patch: replace uudecode with libnettle
511 base64 decoder in lib/Makefile.*, src/auth/basic/Config.cc,
512 include/uudecode.h, lib/uudecode.c.
513 - CVE-2019-12529
514 * SECURITY UPDATE: XSS issues in cachemgr.cgi
515 - debian/patches/CVE-2019-13345.patch: properly escape values in
516 tools/cachemgr.cc.
517 - CVE-2019-13345
518
519 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 19 Jul 2019 08:01:58 -0400
520
521squid (4.6-2ubuntu3) eoan; urgency=medium
522
523 * Override newly added gcc-9 flags:
524 -Wno-sizeof-pointer-memaccess -Wno-stringop-truncation
525 NOTE: Overriding those flags is a possible security
526 asked for info on the gcc-9 issue bug tracker:
527 https://github.com/squid-cache/squid/pull/413#issuecomment-511314076
528
529 -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 15 Jul 2019 10:21:47 +0200
530
531squid (4.6-2ubuntu2) eoan; urgency=medium
532
533 * Fix gcc-9 build issues with upstream merged patch
534
535 -- Gianfranco Costamagna <locutusofborg@debian.org> Sun, 14 Jul 2019 14:41:16 +0200
536
537squid (4.6-2ubuntu1) eoan; urgency=medium
538
539 * Merge with Debian unstable. Remaining changes:
540 - Use snakeoil certificates.
541 - Add an example refresh pattern for debs.
542 - d/usr.sbin.squid: Add sections for maas-proxy, squid-deb-proxy,
543 squidguard
544 - d/rules: Add -Wno-format-truncation to CXXFLAGS as a workaround if
545 building for ppc64el. On that arch, dpkg-buildflags sets -O3 instead of
546 -O2 and that triggers a format-truncation error on pcon.cc. See
547 See https://bugs.squid-cache.org/show_bug.cgi?id=4875
548 - d/p/fix-rotate-assertion.patch: Fix assertion error when rotating logs.
549 Thanks to Vitaly Lavrov <vel21ripn@gmail.com>. (LP #1794553)
550 [Added Applied-Upstream header]
551 - d/rules: Only use -latomic with the intended architectures, instead of
552 all of them. This matches what was suggested in
553 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907106#5
554 - d/NEWS.debian: rename d/NEWS.debian to d/NEWS so that
555 dh_installchangelogs can pick it up. dh_installchangelogs handles
556 d/NEWS or d/<package>.NEWS, but not NEWS.debian.
557 * Dropped:
558 - d/squid.tmpfile: add tmpfiles configuration to handle /var/run/squid
559 at boot. Thanks to Luigi Gangitano <luigi@debian.org> (LP #1816006)
560 [Fixed in 4.5-2]
561 - d/p/fix-uninitialized-var.patch: Workaround gcc's maybe-unitialized
562 error in parse_time_t, triggered on ppc64el due to the build using -O3
563 in that architecture.
564 [Fixed upstream]
565 - Add disabled by default AppArmor profile.
566 [Added by Debian in 4.6-2]
567 - d/usr.sbin.squid: fix the apparmor profile (LP #1796189):
568 + allow net_admin capability
569 + add attach_disconnected flag
570 [Fixed in 4.6-2]
571
572 -- Andreas Hasenack <andreas@canonical.com> Sat, 18 May 2019 14:39:09 -0300
573
211squid (4.6-2) unstable; urgency=high574squid (4.6-2) unstable; urgency=high
212575
213 [ Andreas Hasenack <andreas@canonical.com> ]576 [ Andreas Hasenack <andreas@canonical.com> ]
@@ -268,6 +631,57 @@ squid (4.5-1) unstable; urgency=medium
268631
269 -- Luigi Gangitano <luigi@debian.org> Wed, 20 Feb 2019 11:57:15 +0100632 -- Luigi Gangitano <luigi@debian.org> Wed, 20 Feb 2019 11:57:15 +0100
270633
634squid (4.4-1ubuntu2) disco; urgency=medium
635
636 * d/squid.tmpfile: add tmpfiles configuration to handle /var/run/squid
637 at boot. Thanks to Luigi Gangitano <luigi@debian.org> (LP: #1816006)
638
639 -- Andreas Hasenack <andreas@canonical.com> Wed, 27 Feb 2019 08:54:45 -0300
640
641squid (4.4-1ubuntu1) disco; urgency=medium
642
643 * Merge with Debian unstable. Remaining changes:
644 - Use snakeoil certificates.
645 - Add an example refresh pattern for debs.
646 - Add disabled by default AppArmor profile.
647 - d/p/fix-uninitialized-var.patch: Workaround gcc's maybe-unitialized
648 error in parse_time_t, triggered on ppc64el due to the build using -O3
649 in that architecture.
650 - d/rules: Add -Wno-format-truncation to CXXFLAGS as a workaround if
651 building for ppc64el. On that arch, dpkg-buildflags sets -O3 instead of
652 -O2 and that triggers a format-truncation error on pcon.cc. See
653 See https://bugs.squid-cache.org/show_bug.cgi?id=4875
654 - d/p/fix-rotate-assertion.patch: Fix assertion error when rotating logs.
655 Thanks to Vitaly Lavrov <vel21ripn@gmail.com>. (LP #1794553)
656 * Drop:
657 - d/rules: enable cdbs parallel build
658 [Fixed in 4.2-1]
659 - d/t/test-squid.py: fix apparmor profile filename
660 [Fixed in 4.2-1]
661 - d/t/test-squid.py: fix the process name. The PID points at the parent.
662 [Fixed in 4.2-1]
663 - d/t/upstream-test-suite: also make libmem.la, needed by the tests.
664 [Fixed in 4.2-1]
665 - d/t/0003-installed-binary-for-debian-ci.patch: use the squid
666 binary from the system, instead of the one from the source tree.
667 [Fixed in 4.2-1]
668 - d/t/upstream-test-suite: drop the sed line, since patch
669 0003-installed-binary-for-debian-ci.patch is doing this work now.
670 (https://salsa.debian.org/squid-team/squid/commit/ad4372b444ba8b1587839)
671 [Fixed in 4.2-1]
672 * Added changes:
673 - d/rules: Only use -latomic with the intended architectures, instead of
674 all of them. This matches what was suggested in
675 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907106#5
676 - d/NEWS.debian: rename d/NEWS.debian to d/NEWS so that
677 dh_installchangelogs can pick it up. dh_installchangelogs handles
678 d/NEWS or d/<package>.NEWS, but not NEWS.debian.
679 - d/usr.sbin.squid: fix the apparmor profile (LP: #1796189):
680 + allow net_admin capability
681 + add attach_disconnected flag
682
683 -- Andreas Hasenack <andreas@canonical.com> Mon, 19 Nov 2018 10:51:18 -0200
684
271squid (4.4-1) unstable; urgency=high685squid (4.4-1) unstable; urgency=high
272686
273 * Urgency high due to security fixes687 * Urgency high due to security fixes
@@ -332,6 +746,85 @@ squid (4.2-1) unstable; urgency=high
332746
333 -- Luigi Gangitano <luigi@debian.org> Wed, 22 Aug 2018 13:57:15 +0200747 -- Luigi Gangitano <luigi@debian.org> Wed, 22 Aug 2018 13:57:15 +0200
334748
749squid (4.1-1ubuntu3) cosmic; urgency=medium
750
751 * d/p/fix-rotate-assertion.patch: Fix assertion error when rotating logs.
752 Thanks to Vitaly Lavrov <vel21ripn@gmail.com>. (LP: #1794553)
753
754 -- Andreas Hasenack <andreas@canonical.com> Tue, 09 Oct 2018 14:00:36 -0300
755
756squid (4.1-1ubuntu2) cosmic; urgency=medium
757
758 * d/usr.sbin.squid: Update apparmor profile to grant read access to squid
759 binary (LP: #1792728)
760
761 -- Simon Deziel <simon@sdeziel.info> Sat, 15 Sep 2018 13:55:32 -0400
762
763squid (4.1-1ubuntu1) cosmic; urgency=medium
764
765 * Merged with Debian unstable (LP: #1780944, LP: #1097032, LP: #16669).
766 Remaining changes:
767 - Use snakeoil certificates.
768 [Updated to use the correct config setting names]
769 - Add an example refresh pattern for debs.
770 [Improved the refresh patterns based on the configuration from
771 squid-deb-proxy package]
772 - Add disabled by default AppArmor profile.
773 [Updated to include the ssl_certs abstraction and suggestions on how to
774 deal with the snakeoil private key and other keys in /etc/ssl.]
775 * Dropped changes:
776 - Add additional dep8 tests.
777 [Adopted in 4.0.21-1~exp5, albeit a stripped down version]
778 - Correct attribution and add explanatory note in d/NEWS.debian.
779 [That particular upgrade path has happened long ago.]
780 - Drop wrong short-circuiting of various invocations; we always want to
781 call the debhelper block.
782 [This was for the transitional squid3 package, and that transition has
783 already happened.]
784 - Revert "Set pidfile for systemd's sysv-generator" from Debian.
785 [Not needed anymore since we have a native systemd service file
786 and no longer rely on the generator.]
787 - Enable autoreconf. This is no longer required for the security updates,
788 but is needed for the seddery of test-suite/Makefile.am in
789 d/t/upstream-test-suite.
790 [Replaced by patch 0003-installed-binary-for-debian-ci.patch]
791 - Adjust seddery for upstream test squid binary location.
792 [sed no longer necessary since patch,
793 0003-installed-binary-for-debian-ci.patch, will be dropped
794 entirely.]
795 - Drop Conflicts/Replaces of squid against squid3. In Ubuntu, the migration
796 happened in Xenial, so no upgrade path still requires this code. This
797 reduces upgrade ordering difficulty.
798 [Again we have a migration, but this time from squid3 to squid, so we
799 need this].
800 - GCC7 FTBFS fixes (LP: #1712668):
801 + d/rules: don't error when hitting the "deprecated" and
802 "format-truncation" gcc7 warnings. Upstream 3.5.27 has fixes for these,
803 but one in Format.cc that affects 32bit builds was deemed too intrusive
804 for the 3.5 stable series and is only in squid 4.x
805 [No longer needed with squid 4.x]
806 - Do not force gcc-6
807 [It was a temporary workaround in Debian that got dropped]
808 * Added changes:
809 - d/rules: enable cdbs parallel build
810 - d/t/test-squid.py: fix apparmor profile filename
811 - d/t/test-squid.py: fix the process name. The PID points at the parent.
812 - d/t/upstream-test-suite: also make libmem.la, needed by the tests.
813 - d/t/0003-installed-binary-for-debian-ci.patch: use the squid
814 binary from the system, instead of the one from the source tree.
815 - d/p/fix-uninitialized-var.patch: Workaround gcc's maybe-unitialized
816 error in parse_time_t, triggered on ppc64el due to the build using -O3
817 in that architecture.
818 - d/rules: Add -Wno-format-truncation to CXXFLAGS as a workaround if
819 building for ppc64el. On that arch, dpkg-buildflags sets -O3 instead of
820 -O2 and that triggers a format-truncation error on pcon.cc. See
821 See https://bugs.squid-cache.org/show_bug.cgi?id=4875
822 - d/t/upstream-test-suite: drop the sed line, since patch
823 0003-installed-binary-for-debian-ci.patch is doing this work now.
824 (https://salsa.debian.org/squid-team/squid/commit/ad4372b444ba8b1587839)
825
826 -- Andreas Hasenack <andreas@canonical.com> Thu, 16 Aug 2018 12:33:17 -0300
827
335squid (4.1-1) unstable; urgency=high828squid (4.1-1) unstable; urgency=high
336829
337 * New Upstream Release (Closes: #896120)830 * New Upstream Release (Closes: #896120)
diff --git a/debian/control b/debian/control
index 9645a8d..a567c91 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,8 @@
1Source: squid1Source: squid
2Section: web2Section: web
3Priority: optional3Priority: optional
4Maintainer: Luigi Gangitano <luigi@debian.org>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Luigi Gangitano <luigi@debian.org>
5Uploaders: Santiago Garcia Mantinan <manty@debian.org>6Uploaders: Santiago Garcia Mantinan <manty@debian.org>
6Homepage: http://www.squid-cache.org7Homepage: http://www.squid-cache.org
7Standards-Version: 4.5.08Standards-Version: 4.5.0
@@ -31,7 +32,7 @@ Build-Depends: ed, libltdl-dev, pkg-config
31Package: squid32Package: squid
32Architecture: any33Architecture: any
33Pre-Depends: adduser34Pre-Depends: adduser
34Depends: ${shlibs:Depends}, ${misc:Depends}, netbase, logrotate (>= 3.5.4-1), squid-common (>= ${source:Version}), lsb-base, libdbi-perl35Depends: ${shlibs:Depends}, ${misc:Depends}, netbase, logrotate (>= 3.5.4-1), squid-common (>= ${source:Version}), lsb-base, libdbi-perl, ssl-cert
35Suggests: squidclient, squid-cgi, squid-purge, resolvconf (>= 0.40), smbclient, ufw, winbind, apparmor36Suggests: squidclient, squid-cgi, squid-purge, resolvconf (>= 0.40), smbclient, ufw, winbind, apparmor
36Recommends: libcap2-bin [linux-any], ca-certificates37Recommends: libcap2-bin [linux-any], ca-certificates
37Provides: squid338Provides: squid3
diff --git a/debian/patches/0007-WCCP-Fix-GCC-10-Wstringop-truncation-failures.patch b/debian/patches/0007-WCCP-Fix-GCC-10-Wstringop-truncation-failures.patch
38new file mode 10064439new file mode 100644
index 0000000..8de4e08
--- /dev/null
+++ b/debian/patches/0007-WCCP-Fix-GCC-10-Wstringop-truncation-failures.patch
@@ -0,0 +1,112 @@
1From: Sergio Durigan Junior <sergiodj@sergiodj.net>
2Date: Fri, 7 Aug 2020 00:00:30 -0400
3Subject: WCCP: Fix GCC-10 -Wstringop-truncation failures
4MIME-Version: 1.0
5Content-Type: text/plain; charset="utf-8"
6Content-Transfer-Encoding: 8bit
7
8When building squid using GCC10, I'm seeing a few failures related to
9the -Wstringop-truncation option:
10
11In file included from /usr/include/string.h:495,
12 from ../compat/xstring.h:13,
13 from ../compat/compat_shared.h:225,
14 from ../compat/compat.h:87,
15 from ../include/squid.h:43,
16 from wccp2.cc:11:
17In function ‘char* strncpy(char*, const char*, size_t)’,
18 inlined from ‘void wccp2_add_service_list(int, int, int, int, int, int*, int, char*)’ at wccp2.cc:523:12,
19 inlined from ‘void parse_wccp2_service(void*)’ at wccp2.cc:2140:27:
20/usr/include/s390x-linux-gnu/bits/string_fortified.h:106:34: error: ‘char* __builtin_strncpy(char*, const char*, long unsigned int)’ output may be truncated copying 8 bytes from a string of length 8 [-Werror=stringop-truncation]
21 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
22 | ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
23cc1plus: all warnings being treated as errors
24
25The curious thing is that I can only trigger these failures when I
26compile on s390x.
27
28The fix here is simple and inspired by
2902fc37ca9112cd2afd7d9f3acea06c53b900453a: use xstrncpy instead of
30strncpy. I confirmed that this fixes the problem by recompiling, and
31doesn't introduce any other issues.
32
33Signed-off-by: Sergio Durigan Junior <sergiodj@debian.org>
34
35Author: Sergio Durigan Junior <sergiodj@debian.org>
36Last-Updated: 2020-08-10
37Forwarded: https://github.com/squid-cache/squid/pull/708/
38---
39 src/wccp2.cc | 18 ++++++++----------
40 1 file changed, 8 insertions(+), 10 deletions(-)
41
42diff --git a/src/wccp2.cc b/src/wccp2.cc
43index 70a2796..05dfc6e 100644
44--- a/src/wccp2.cc
45+++ b/src/wccp2.cc
46@@ -49,7 +49,7 @@ static EVH wccp2AssignBuckets;
47
48 /* Useful defines */
49 #define WCCP2_NUMPORTS 8
50-#define WCCP2_PASSWORD_LEN 8
51+#define WCCP2_PASSWORD_LEN 8 + 1 /* + 1 for C-string NUL terminator */
52
53 /* WCCPv2 Pakcet format structures */
54 /* Defined in draft-wilson-wccp-v2-12-oct-2001.txt */
55@@ -451,7 +451,7 @@ struct wccp2_service_list_t {
56 size_t wccp_packet_size;
57
58 struct wccp2_service_list_t *next;
59- char wccp_password[WCCP2_PASSWORD_LEN + 1]; /* hold the trailing C-string NUL */
60+ char wccp_password[WCCP2_PASSWORD_LEN]; /* hold the trailing C-string NUL */
61 uint32_t wccp2_security_type;
62 };
63
64@@ -519,8 +519,8 @@ wccp2_add_service_list(int service, int service_id, int service_priority,
65 wccp2_update_service(wccp2_service_list_ptr, service, service_id,
66 service_priority, service_proto, service_flags, ports);
67 wccp2_service_list_ptr->wccp2_security_type = security_type;
68- memset(wccp2_service_list_ptr->wccp_password, 0, WCCP2_PASSWORD_LEN + 1);
69- strncpy(wccp2_service_list_ptr->wccp_password, password, WCCP2_PASSWORD_LEN);
70+ memset(wccp2_service_list_ptr->wccp_password, 0, WCCP2_PASSWORD_LEN);
71+ xstrncpy(wccp2_service_list_ptr->wccp_password, password, WCCP2_PASSWORD_LEN);
72 /* add to linked list - XXX this should use the Squid dlink* routines! */
73 wccp2_service_list_ptr->next = wccp2_service_list_head;
74 wccp2_service_list_head = wccp2_service_list_ptr;
75@@ -562,8 +562,7 @@ wccp2_update_md5_security(char *password, char *ptr, char *packet, int len)
76
77 /* The password field, for the MD5 hash, needs to be 8 bytes and NUL padded. */
78 memset(pwd, 0, sizeof(pwd));
79- strncpy(pwd, password, sizeof(pwd));
80- pwd[sizeof(pwd) - 1] = '\0';
81+ xstrncpy(pwd, password, sizeof(pwd));
82
83 ws = (struct wccp2_security_md5_t *) ptr;
84 assert(ntohs(ws->security_type) == WCCP2_SECURITY_INFO);
85@@ -630,8 +629,7 @@ wccp2_check_security(struct wccp2_service_list_t *srv, char *security, char *pac
86
87 /* The password field, for the MD5 hash, needs to be 8 bytes and NUL padded. */
88 memset(pwd, 0, sizeof(pwd));
89- strncpy(pwd, srv->wccp_password, sizeof(pwd));
90- pwd[sizeof(pwd) - 1] = '\0';
91+ xstrncpy(pwd, srv->wccp_password, sizeof(pwd));
92
93 /* Take a copy of the challenge: we need to NUL it before comparing */
94 memcpy(md5_challenge, ws->security_implementation, sizeof(md5_challenge));
95@@ -2096,7 +2094,7 @@ parse_wccp2_service(void *)
96 int service = 0;
97 int service_id = 0;
98 int security_type = WCCP2_NO_SECURITY;
99- char wccp_password[WCCP2_PASSWORD_LEN + 1];
100+ char wccp_password[WCCP2_PASSWORD_LEN];
101
102 if (wccp2_connected == 1) {
103 debugs(80, DBG_IMPORTANT, "WCCPv2: Somehow reparsing the configuration without having shut down WCCP! Try reloading squid again.");
104@@ -2132,7 +2130,7 @@ parse_wccp2_service(void *)
105 if ((t = ConfigParser::NextToken()) != NULL) {
106 if (strncmp(t, "password=", 9) == 0) {
107 security_type = WCCP2_MD5_SECURITY;
108- strncpy(wccp_password, t + 9, WCCP2_PASSWORD_LEN);
109+ xstrncpy(wccp_password, t + 9, sizeof(wccp_password));
110 }
111 }
112
diff --git a/debian/patches/90-cf.data.ubuntu.patch b/debian/patches/90-cf.data.ubuntu.patch
0new file mode 100644113new file mode 100644
index 0000000..2c15c53
--- /dev/null
+++ b/debian/patches/90-cf.data.ubuntu.patch
@@ -0,0 +1,22 @@
1Description: Add an example refresh pattern for .debs
2
3Reviewed-By: Sergio Durigan Junior <sergio.durigan@canonical.com>
4Last-Updated: 2020-08-12
5Forwarded: https://salsa.debian.org/squid-team/squid/-/merge_requests/15
6
7--- a/src/cf.data.pre
8+++ b/src/cf.data.pre
9@@ -5859,6 +5862,12 @@ NOCOMMENT_START
10 refresh_pattern ^ftp: 1440 20% 10080
11 refresh_pattern ^gopher: 1440 0% 1440
12 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
13+refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
14+refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
15+refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
16+refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
17+# example pattern for deb packages
18+#refresh_pattern (\.deb|\.udeb)$ 129600 100% 129600
19 refresh_pattern . 0 20% 4320
20 NOCOMMENT_END
21 DOC_END
22
diff --git a/debian/patches/99-ubuntu-ssl-cert-snakeoil.patch b/debian/patches/99-ubuntu-ssl-cert-snakeoil.patch
0new file mode 10064423new file mode 100644
index 0000000..40b5306
--- /dev/null
+++ b/debian/patches/99-ubuntu-ssl-cert-snakeoil.patch
@@ -0,0 +1,22 @@
1--- a/src/cf.data.pre
2+++ b/src/cf.data.pre
3@@ -3516,6 +3516,19 @@
4 reference a PEM file containing both the certificate
5 and private key.
6
7+ Notes:
8+
9+ On Debian/Ubuntu systems a default snakeoil certificate is
10+ available in /etc/ssl and users can set:
11+
12+ sslcert=/etc/ssl/certs/ssl-cert-snakeoil.pem
13+
14+ and
15+
16+ sslkey=/etc/ssl/private/ssl-cert-snakeoil.key
17+
18+ for testing.
19+
20 sslcipher=... The list of valid SSL ciphers to use when connecting
21 to this peer.
22
diff --git a/debian/patches/series b/debian/patches/series
index 6561436..d481df0 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,3 +3,6 @@
30003-installed-binary-for-debian-ci.patch30003-installed-binary-for-debian-ci.patch
4#0004-upstream-bug5041.patch4#0004-upstream-bug5041.patch
50005-Use-RuntimeDirectory-to-create-run-squid.patch50005-Use-RuntimeDirectory-to-create-run-squid.patch
690-cf.data.ubuntu.patch
799-ubuntu-ssl-cert-snakeoil.patch
80007-WCCP-Fix-GCC-10-Wstringop-truncation-failures.patch
diff --git a/debian/usr.sbin.squid b/debian/usr.sbin.squid
index bc1f987..232b59f 100644
--- a/debian/usr.sbin.squid
+++ b/debian/usr.sbin.squid
@@ -50,6 +50,39 @@
50 # squid-langpack50 # squid-langpack
51 /usr/share/squid-langpack/** r,51 /usr/share/squid-langpack/** r,
5252
53 # maas-proxy
54 /var/lib/maas/maas-proxy.conf r,
55 /var/log/maas/proxy/** rw,
56 /var/spool/maas-proxy/ r,
57 /var/spool/maas-proxy/** rwk,
58
59 # squid-deb-proxy
60 /etc/squid-deb-proxy/** r,
61 /{,var/}run/squid-deb-proxy.pid rwk,
62 /var/cache/squid-deb-proxy/ r,
63 /var/cache/squid-deb-proxy/** rwk,
64 /var/log/squid-deb-proxy/* rw,
65
66 # squidguard
67 /usr/bin/squidGuard Cx -> squidguard,
68 profile squidguard {
69 #include <abstractions/base>
70
71 /etc/squid/squidGuard.conf r,
72 /var/log/squid{,3}/squidGuard.log w,
73 /var/lib/squidguard/** rw,
74
75 # squidguard by default uses /var/log/squid as its logdir, however, we
76 # don't want it to access squid's logs, only its own. Explicitly deny
77 # access to squid's files but allow all others since the user may specify
78 # anything for the squidGurad 'log' directive.
79 /var/log/squid{,3}/* rw,
80 audit deny /var/log/squid{,3}/{access,cache,store}.log* rw,
81
82 # Site-specific additions and overrides. See local/README for details.
83 #include <local/usr.sbin.squid>
84 }
85
53 # Site-specific additions and overrides. See local/README for details.86 # Site-specific additions and overrides. See local/README for details.
54 #include <local/usr.sbin.squid>87 #include <local/usr.sbin.squid>
55}88}

Subscribers

People subscribed via source and target branches