ubuntu/+source/squid3:ubuntu/bionic-security

Last commit made on 2020-02-20
Get this branch:
git clone -b ubuntu/bionic-security https://git.launchpad.net/ubuntu/+source/squid3
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/bionic-security
Repository:
lp:ubuntu/+source/squid3

Recent commits

930f5a2... by Marc Deslauriers on 2020-02-19

Import patches-unapplied version 3.5.27-1ubuntu1.5 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 3145f48f221e2a263b67f529e7a9d68e8aa5ccfe

New changelog entries:
  * SECURITY UPDATE: info disclosure via FTP server
    - debian/patches/CVE-2019-12528.patch: fix FTP buffers handling in
      src/clients/FtpGateway.cc.
    - CVE-2019-12528
  * SECURITY UPDATE: incorrect input validation and buffer management
    - debian/patches/CVE-2020-84xx-1.patch: ignore malformed Host header in
      intercept and reverse proxy mode in src/client_side.cc.
    - debian/patches/CVE-2020-84xx-2.patch: fix request URL generation in
      reverse proxy configurations in src/client_side.cc.
    - debian/patches/CVE-2020-84xx-3.patch: fix security patch in
      src/client_side.cc.
    - CVE-2020-8449
    - CVE-2020-8450
  * SECURITY UPDATE: DoS in NTLM authentication
    - debian/patches/CVE-2020-8517.patch: improved username handling in
      helpers/external_acl/LM_group/ext_lm_group_acl.cc.
    - CVE-2020-8517

3145f48... by Marc Deslauriers on 2019-11-19

Import patches-unapplied version 3.5.27-1ubuntu1.4 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 6c0cae7fbb12433bcec3947adf1fc6652c8b0df5

New changelog entries:
  * SECURITY UPDATE: Heap Overflow issue in URN processing
    - debian/patches/CVE-2019-12526.patch: fix URN response handling in
      src/urn.cc.
    - CVE-2019-12526
  * SECURITY UPDATE: CSRF issue in HTTP Request processing
    - debian/patches/CVE-2019-18677.patch: prevent truncation for large
      origin-relative domains in src/URL.h, src/internal.cc, src/url.cc.
    - CVE-2019-18677
  * SECURITY UPDATE: HTTP Request Splitting in HTTP message processing
    - debian/patches/CVE-2019-18678.patch: server MUST reject messages with
      BWS after field-name in src/HttpHeader.cc, src/HttpHeader.h.
    - CVE-2019-18678
    - CVE-2019-18679

6c0cae7... by Marc Deslauriers on 2019-07-16

Import patches-unapplied version 3.5.27-1ubuntu1.3 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 44b1c6305db821a5cefa050a6834b1b087113baf

New changelog entries:
  * SECURITY UPDATE: incorrect digest auth parameter parsing
    - debian/patches/CVE-2019-12525.patch: check length in
      src/auth/digest/Config.cc.
    - CVE-2019-12525
  * SECURITY UPDATE: basic auth uudecode length issue
    - debian/patches/CVE-2019-12529.patch: replace uudecode with libnettle
      base64 decoder in lib/Makefile.*, src/auth/basic/Config.cc,
      include/uudecode.h, lib/uudecode.c.
    - CVE-2019-12529

44b1c63... by Marc Deslauriers on 2019-07-11

Import patches-unapplied version 3.5.27-1ubuntu1.2 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 683e329b3779f1c075d65f91473ecf86d72c36c7

New changelog entries:
  * SECURITY UPDATE: DoS via SNMP memory leak
    - debian/patches/CVE-2018-19132.patch: fix leak in src/snmp_core.cc.
    - CVE-2018-19132
  * SECURITY UPDATE: XSS issues in cachemgr.cgi
    - debian/patches/CVE-2019-13345.patch: properly escape values in
      tools/cachemgr.cc.
    - CVE-2019-13345

683e329... by Christian Ehrhardt  on 2018-09-28

Import patches-unapplied version 3.5.27-1ubuntu1.1 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Upload parent: 3523747c73a128e18d6c5ad2401a4f5666259649

3523747... by Christian Ehrhardt  on 2018-09-28

changelog: Update apparmor profile to grant read access to squid binary (LP: #1792728)

Signed-off-by: Christian Ehrhardt <email address hidden>

5e5a73e... by Simon Déziel on 2018-09-15

* Update apparmor profile to grant read access to squid binary (LP: #1792728)

25e9cf3... by Andreas Hasenack on 2018-02-27

Import patches-unapplied version 3.5.27-1ubuntu1 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 9660b56a2b6dafa47ee96889d714b56e3fa2c4b0
Upload parent: d34e93acdd3c7d98a3c76e536d15ee625266f6c5

New changelog entries:
  * Merge with Debian unstable (LP: #1751286). Remaining changes:
    - Add additional dep8 tests.
    - Use snakeoil certificates.
    - Add an example refresh pattern for debs.
    - Add disabled by default AppArmor profile.
    - Enable autoreconf. This is no longer required for the security updates,
      but is needed for the seddery of test-suite/Makefile.am in
      d/t/upstream-test-suite.
    - Correct attribution and add explanatory note in d/NEWS.debian.
    - Drop Conflicts/Replaces of squid against squid3. In Ubuntu, the migration
      happened in Xenial, so no upgrade path still requires this code. This
      reduces upgrade ordering difficulty.
    - Adjust seddery for upstream test squid binary location.
    - Revert "Set pidfile for systemd's sysv-generator" from Debian.
    - Drop wrong short-circuiting of various invocations; we always want to
      call the debhelper block.
    - GCC7 FTBFS fixes (LP #1712668):
      + d/rules: don't error when hitting the "deprecated" and
       "format-truncation" gcc7 warnings. Upstream 3.5.27 has fixes for these,
       but one in Format.cc that affects 32bit builds was deemed too intrusive
       for the 3.5 stable series and is only in squid 4.x
  * Dropped changes:
    - debian/patches/gcc7-squidpurge-4695.patch: GCC 7 build errors.
      Thanks to Lubos Uhliarik <email address hidden>.
      [Already applied upstream]
    - debian/patches/gcc7-assert-wants-boolean.patch: assert() takes a
      boolean. Thanks to Amos Jeffries <email address hidden>
      [Already applied upstream]
    - SECURITY UPDATE: denial of service in ESI Response processing
      + debian/patches/CVE-2018-1000024.patch: make sure endofName never
        exceeds tagEnd in src/esi/CustomParser.cc.
      + CVE-2018-1000024
        [Added in 3.5.27-1]
    - SECURITY UPDATE: denial of service in in HTTP Message processing
      + debian/patches/CVE-2018-1000027.patch: fix indirect IP logging for
        transactions without a client connection in
        src/client_side_request.cc.
      + CVE-2018-1000027
        [Included in 3.5.27-1]
  * Added changes:
    - Do not force gcc-6

d34e93a... by Andreas Hasenack on 2018-02-27

update-maintainer

2def68f... by Andreas Hasenack on 2018-02-27

reconstruct-changelog