diff --git a/meta-networking/recipes-daemons/squid/files/0001-ESI-Drop-incorrect-and-unnecessary-xmlSetFeature-cal.patch b/meta-networking/recipes-daemons/squid/files/0001-ESI-Drop-incorrect-and-unnecessary-xmlSetFeature-cal.patch new file mode 100644 index 0000000000..6f467258b9 --- /dev/null +++ b/meta-networking/recipes-daemons/squid/files/0001-ESI-Drop-incorrect-and-unnecessary-xmlSetFeature-cal.patch @@ -0,0 +1,35 @@ +From c312f7fa80371cc6db583590258381ebc7cd18f6 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Sun, 20 Feb 2022 19:42:40 +0000 +Subject: [PATCH] ESI: Drop incorrect and unnecessary xmlSetFeature() call + (#988) + +xmlSetFeature() has been deprecated for 10+ years and will eventually be +removed from libxml2. Squid calls xmlSetFeature() with the wrong +argument: a nil `value` pointer instead of a pointer to a zero value. +When called with a nil `value`, the function does nothing but returning +an error. Squid does not check whether xmlSetFeature() call is +successful, and the bug went unnoticed since libxml2 support was added +in commit 964b44c. + +Since libxml2 does not substitute entities by default, the call can be +removed to achieve the intended effect. + +Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/5db4df2c6f83b5c26357f4439d28b92ef7071cd5] +Signed-off-by: Gyorgy Sarvari +--- + src/esi/Libxml2Parser.cc | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/esi/Libxml2Parser.cc b/src/esi/Libxml2Parser.cc +index 2b9ba0a..0301b77 100644 +--- a/src/esi/Libxml2Parser.cc ++++ b/src/esi/Libxml2Parser.cc +@@ -91,7 +91,6 @@ ESILibxml2Parser::ESILibxml2Parser(ESIParserClient *aClient) : theClient (aClien + + /* TODO: grab the document encoding from the headers */ + parser = xmlCreatePushParserCtxt(&sax, static_cast(this), NULL, 0, NULL); +- xmlSetFeature(parser, "substitute entities", 0); + + if (entity_doc == NULL) + entity_doc = htmlNewDoc(NULL, NULL); diff --git a/meta-networking/recipes-daemons/squid/squid_4.15.bb b/meta-networking/recipes-daemons/squid/squid_4.15.bb index ae3b66c7af..575ad76ad3 100644 --- a/meta-networking/recipes-daemons/squid/squid_4.15.bb +++ b/meta-networking/recipes-daemons/squid/squid_4.15.bb @@ -38,6 +38,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.bz2 file://CVE-2022-41318.patch \ file://CVE-2023-46724.patch \ file://CVE-2025-59362.patch \ + file://0001-ESI-Drop-incorrect-and-unnecessary-xmlSetFeature-cal.patch \ " SRC_URI:remove:toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch"