Last commit made on 2017-02-06
Get this branch:
git clone -b ubuntu/yakkety-devel https://git.launchpad.net/ubuntu/+source/squid3
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

b4c78f7... by Marc Deslauriers on 2017-02-03

Import patches-unapplied version 3.5.12-1ubuntu8.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 246ae5cd1a0cc319738b919dd8d209b0a6a3a9e2

New changelog entries:
  * SECURITY UPDATE: cookie data leak via If-Not-Modified HTTP conditional
    - debian/patches/CVE-2016-10002.patch: properly handle combination of
      If-Match and a Cache Hit in src/LogTags.h, src/client_side.cc,
      src/client_side_reply.cc, src/client_side_reply.h.
    - CVE-2016-10002
  * SECURITY UPDATE: incorrect HTTP Request header comparison
    - debian/patches/CVE-2016-10003.patch: don't share private responses
      with collapsed client in src/client_side_reply.cc.
    - CVE-2016-10003

246ae5c... by Marc Deslauriers on 2016-06-08

Import patches-unapplied version 3.5.12-1ubuntu8 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: a78cf6b97c716dc6dd9d55ce14861dcd1b0e47ba

New changelog entries:
  * SECURITY UPDATE: denial of service via pinger and ICMPv6 packet
    - debian/patches/CVE-2016-3947.patch: fix sizes in src/icmp/Icmp6.cc.
    - CVE-2016-3947
  * SECURITY UPDATE: denial of service and possible code execution via
    seeding manager reporter with crafted data
    - debian/patches/CVE-2016-4051.patch: use dynamic MemBuf for internal
      content generation in tools/cachemgr.cc, src/tests/stub_cbdata.cc,
      src/tests/stub_mem.cc, tools/Makefile.am.
    - CVE-2016-4051
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    crafted ESI responses
    - debian/patches/CVE-2016-4052.patch: perform bounds checking and
      remove asserts in src/esi/Esi.cc.
    - CVE-2016-4052
    - CVE-2016-4053
    - CVE-2016-4054
  * SECURITY UPDATE: cache-poisoning attacks via an HTTP request with an
    - debian/patches/CVE-2016-4553.patch: properly handle condition in
    - CVE-2016-4553
  * SECURITY UPDATE: same-origin bypass and cache-poisoning attack via
    crafted HTTP host header
    - debian/patches/CVE-2016-4554.patch: properly handle whitespace in
    - CVE-2016-4554
  * SECURITY UPDATE: denial of service via ESI responses
    - debian/patches/CVE-2016-4555.patch: fix segfaults in
      src/client_side_request.cc, src/esi/Context.h, src/esi/Esi.cc.
    - CVE-2016-4555
    - CVE-2016-4556
  * debian/rules: include autoreconf.mk.
  * debian/control: add dh-autoreconf to BuildDepends.

a78cf6b... by Robie Basak on 2016-05-12

Import patches-unapplied version 3.5.12-1ubuntu7.1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 39c9d059fab9d3fe5b812c230e19436a4b9c642b

New changelog entries:
  * Add Breaks on older ufw to fix upgrade path (LP: #1571174).

39c9d05... by LaMont Jones on 2016-04-12

Import patches-unapplied version 3.5.12-1ubuntu7 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: ecea56bcf2239bc31ffca28f0059528f4506e8f0

New changelog entries:
  * Update apparmor profile to be correct for maas-proxy.

ecea56b... by Adam Conrad on 2016-04-04

Import patches-unapplied version 3.5.12-1ubuntu6 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: ccde2f4b3d7323806e0d178bb60548e28c59810a

New changelog entries:
  * Attempt to migrate /var/log/squid3 -> /var/log/squid on upgrade.
  * Update apparmor profile for s/squid3/squid/ and /dev/shm access.

ccde2f4... by Steve Langasek on 2016-04-01

Import patches-unapplied version 3.5.12-1ubuntu5 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 6b606d328d6f2068cc57537f3909e1d494c259b6

New changelog entries:
  * Use versioned Breaks/Replaces instead of an unversioned Conflicts, to
    further clean up the upgrade ordering.

6b606d3... by Steve Langasek on 2016-04-01

Import patches-unapplied version 3.5.12-1ubuntu4 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 341ff93d9c910e4255bd1552b6cbc5dd778917e2

New changelog entries:
  * Remove redundant version-guarded restart code from squid postinst, which
    doesn't do the right thing on Ubuntu upgrades.
  * Remove duplicated conffile handling from the squid3 dummy package with
    extreme prejudice. The conffile moving absolutely *must* be done
    exclusively in the squid package; trying to do it in the squid3 package
    causes pristine conffiles to be silently overwritten with any
    locally-modified version from the squid3 package, with hilarious effect.
  * Adjust squid.{pre,post}inst to trick dpkg-maintscript-helper into
    believing we had a previously installed version of this package even if
    we did not, which appears to be a requirement for mv_conffile to DTRT.
    This is certainly a dpkg bug that needs to be filed.
  * Move all Ubuntu-specific dpkg-maintscript-helper delta into
    debian/squid.maintscript for clarity/sanity. Among other things,
    this uncovers a bug where we're trying to call both mv_conffile and
    rm_conffile for /etc/init.d/squid3.
  * debian/squid3.{pre,post}inst: drop wrong short-circuiting of various
    invocations; we always want to call the debhelper block.
  * debian/squid3.postinst: don't try to stop squid3 again, this is
  * debian/squid3.postrm: don't rm -f conffiles in purge when dpkg already
    handles these.
  * Add missing pre-depends on adduser
  * Anchor the Conflicts/Replaces to the version of the package that
    introduced the name change in Ubuntu, to avoid upgrade ordering problems
  * Include upgrade migration handling for /var/spool/squid3 ->
    /var/spool/squid. This won't work if /var/spool/squid3 is a mount point,
    so fail gracefully, but leaving two full squid cache directories around
    after upgrade is a nuisance.
  * Remove empty /etc/squid3 dir on upgrade.
  * Clean up apparmor links for usr.sbin.squid3 on upgrade. We don't migrate
    these apparmor settings over, so at least don't leave stale links behind.

341ff93... by St├ęphane Graber on 2016-03-30

Import patches-unapplied version 3.5.12-1ubuntu3 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 11282d35efe07cd10fd90624d1c7a84cd6d8fa0f

New changelog entries:
  * Revert last postinst change as it's buggy.
  * Remove /etc/init.d/squid3 from preinst on upgrade.

11282d3... by Ryan Harper on 2016-03-28

Import patches-unapplied version 3.5.12-1ubuntu2 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: e12f070bbd3c4c9351b457f5500f7e3d38251998

New changelog entries:
  * debian/squid.postinst: Fix dist-upgrade of squid by detecting service
    name (/etc/init.d/squid vs. squid3).

e12f070... by Robie Basak on 2016-02-25

Import patches-unapplied version 3.5.12-1ubuntu1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: c23d96e9a5181d370a05895fac0c843faeb74fe6

New changelog entries:
  * Merge from Debian (LP: #1473691). Remaining changes:
    - Add dep8 tests.
    - Use snakeoil certificates.
    - Run sarg-reports if present before rotating logs
    - debian/patches/90-cf.data.ubuntu.dpatch: add an example refresh
      pattern for debs.
    - Add disabled by default AppArmor profile. Versioned dependency on
      init-system-helpers (>> 1.22ubuntu5) to ensure we have the
      apparmor-profile-load script at boot time.
  * Drop changes:
    - No longer needed:
      + Upstart job.
      + Dependency package for squid -> squid3: depcrecated; the transitional package now runs the other way.
      + Fix perl & pod2man config.tests.
      + fix-logical-not-parentheses-warning.patch.
      + fix-pod2name-pipe-failure.patch.
      + --disable-strict-error-checking to fix FTBFS.
    - NEWS.Debian: no longer relevant.
    - Hardening options: deprecated.
    - Add patch to show distribution: fixed in Debian (but see
      lsb-release B-D).
    - Enable parallel build: makes no difference to build time.
    - Force -O2 to work around build failure with -O3: presumed no
      longer needed.
    - Fixed upstream:
      + CVE-2014-3609.patch: confirmed fixed since 3.4.7 from upstream
      + Fix various ICMP handling issues in Squid pinger: confirmed
        fixed since 3.4.7 from upstream advisory.
      + fix-caching-vary-header.patch.
      + netfilter_fix.patch.
  * Drop Testsuite: header from dep8 tests: no longer required since
    dpkg-source >= 1.17.11 does it.
  * Revert "Set pidfile for systemd's sysv-generator" from Debian.
    systemd races the squid daemon for pidfile creation, causing systemd
    to consider the service start to have failed. Work around for now by
    not telling systemd to use the pidfile.
  * Add lsb-release build dep. This is required for the
    --enable-build-info line in debian/rules to work correctly.
  * Correctly rename conffiles migrated by Debian from squid3 to squid.
  * Remove conffile for old upstart job Ubuntu delta.
  * Rename Apparmor profile conffile.
  * Drop old transitional Apparmor code no longer required.
  * Adjust AppArmor profile for squid3->squid rename.
  * Drop versioned AppArmor dependency (transitional; no longer