diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2022-41317.patch b/meta-networking/recipes-daemons/squid/files/CVE-2022-41317.patch new file mode 100644 index 0000000000..a77f73aead --- /dev/null +++ b/meta-networking/recipes-daemons/squid/files/CVE-2022-41317.patch @@ -0,0 +1,26 @@ +From 745d5d5a6d10731656adfc2b1b4d16ef208dd073 Mon Sep 17 00:00:00 2001 +From: Amos Jeffries +Date: Wed, 17 Aug 2022 23:32:43 +0000 +Subject: [PATCH] Fix typo in manager ACL (#1113) + +CVE: CVE-2022-41317 +Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/2c5d2de9bdcd25d1127987f8f76c986ab5bfb6da] + +Signed-off-by: Gyorgy Sarvari +--- + src/cf.data.pre | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/cf.data.pre b/src/cf.data.pre +index 4aef432..f15d56b 100644 +--- a/src/cf.data.pre ++++ b/src/cf.data.pre +@@ -1001,7 +1001,7 @@ DEFAULT: ssl::certUntrusted ssl_error X509_V_ERR_INVALID_CA X509_V_ERR_SELF_SIGN + DEFAULT: ssl::certSelfSigned ssl_error X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT + ENDIF + DEFAULT: all src all +-DEFAULT: manager url_regex -i ^cache_object:// +i ^https?://[^/]+/squid-internal-mgr/ ++DEFAULT: manager url_regex -i ^cache_object:// +i ^[^:]+://[^/]+/squid-internal-mgr/ + DEFAULT: localhost src 127.0.0.1/32 ::1 + DEFAULT: to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1/128 ::/128 + DEFAULT_DOC: ACLs all, manager, localhost, and to_localhost are predefined. diff --git a/meta-networking/recipes-daemons/squid/squid_4.15.bb b/meta-networking/recipes-daemons/squid/squid_4.15.bb index b79f632508..4cb21187fc 100644 --- a/meta-networking/recipes-daemons/squid/squid_4.15.bb +++ b/meta-networking/recipes-daemons/squid/squid_4.15.bb @@ -34,6 +34,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.bz2 file://CVE-2023-50269.patch \ file://CVE-2023-5824.patch \ file://CVE-2021-46784.patch \ + file://CVE-2022-41317.patch \ " SRC_URI:remove:toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch"