71 Commits

Author SHA1 Message Date
Khem Raj ed02dad69f squid: upgrade 7.5 -> 7.6
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-28 00:59:11 -07:00
Peter Marko 2735729989 squid: upgrade 7.4 -> 7.5
License-Update: updated to latest GPLv2 text version [1]

Changelog [2]
- Bug 5501: Squid may exit when ACLs decode an invalid URI
- ICP: Fix HttpRequest lifetime for ICP v3 queries
- ICP: Fix validation of packet sizes and URLs
- Do not escape malformed URI twice when sending ICP errors
- ... and some code, CI, and documentation cleanups

[1] https://github.com/squid-cache/squid/commit/765c7f4e7fa45ce87134b4a38ad175db4bda06dd
[2] https://github.com/squid-cache/squid/releases/tag/SQUID_7_5

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2026-03-18 14:33:30 -07:00
Peter Marko a28c68436e squid: fix UPSTREAM_CHECK_REGEX
Squid tags are in form SQUID_<MAJ>_<MIN>.
This can also be seen in SRC_URI download link.

This change will make "devtool latest-version squid" correctly show 7.5

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2026-03-18 14:33:30 -07:00
Andrej Kozemcak 3cd347cb2a squid: upgrade 7.3 -> 7.4
License-Update: update GPLv2 COPYING document
  Some terminology and FSF address changes since the GPLv2
  https://github.com/squid-cache/squid/commit/4c5fbc7e8db25352722de4ebe7fe1cab904b62b6

Remove lines from patch, which modify not exist code.

Changelog:
  https://github.com/squid-cache/squid/releases/tag/SQUID_7_4

Changes:
- Do not create world-readable directories
- digest_edirectory_auth: Fix LDAPS memory leaks
- snmplib: Improve handling of zero-length ASN OCTET STRINGs
- Debug tls_read_method()/tls_write_method() errors
- ICMP: Harden echo paths, fix overflows, UB, and leaks
- Set SSL_OP_LEGACY_SERVER_CONNECT when peeking at servers
- security_file_certgen: Fix OPENSSL_malloc()/free(3) mismatch
- Detect FreeBSD ports Heimdal package
- Remove SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H macro
- Remove SQUID_CHECK_KRB5_SOLARIS_BROKEN_KRB5_H macro
- ext_kerberos_ldap_group_acl: Do not prohibit all LDFLAGS
- negotiate_sspi_auth: Respond with ERR when FormatMessage() fails
- ... and some code cleanups
- ... and some CI improvements

Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2026-03-17 13:25:19 -07:00
Peter Marko 20b87d90ed squid: upgrade 7.2 -> 7.3
* https://github.com/squid-cache/squid/releases/tag/SQUID_7_3
- Regression Bug 5520: ERR_INVALID_URL for CONNECT host with leading digit
- Quit NTLM authenticate() on missing NTLM authorization header
- Fix Auth::User::absorb() IP list transfer logic
- Fix type mismatch in new/delete of addrinfo::ai_addr
- Fix libntlmauth string parsing on big-endian machines
- ... and some code cleanups
- ... and some CI improvements

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-11-01 16:45:17 -07:00
Peter Marko c1c5a5ade4 squid: upgrade 7.1 -> 7.2
Handles CVE-2025-62168.

Remove CVE patch included in this release.
Refresh remaining patches.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-10-29 21:02:20 -07:00
Peter Marko 9619695788 squid: patch CVE-2025-59362
Pick patch from PR ]1] mentioned in NVD report [2].

[1] https://github.com/squid-cache/squid/pull/2149
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-59362

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-10-09 16:15:49 -07:00
Peter Marko 66b553130b squid: upgrade 6.12 -> 7.1
Refresh all patches.
ptest patches needed larger rework for new test testHeader.

License-Update: copyright years refreshed

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-10-09 16:15:49 -07:00
Peter Marko f088e1e1f9 squid: download from github
Devtool could not find latest versions before.

Download page [1] shows message
"Squid sources are released through GitHub. Please refer to the Releases
Page to find all released versions."

Note that also squid security advisories were moved to Github.

[1] https://www.squid-cache.org/Versions/

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-10-09 16:15:49 -07:00
Richard Purdie eac1f5b9c0 recipes: Fix variable assignment whitespace
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-03-20 08:46:56 -07:00
Peter Marko 508a2e6b94 squid: handle CVE-2024-45802
According to [1] the ESI implementation in squid feature is vulnerable
without any fix available.

NVD says it's fixed in 6.10, however the change in this release only
disables ESI by default (which we always did via PACKAGECONFIG).
This means CVE report would say Patched even if the vulnerability is
still present if someone adapts squid PACKAGECONFIG.

Commit in master branch related to this CVE is [2].
Title is "Remove Edge Side Include (ESI) protocol" and it's also what it
does. So there will never be a fix for these ESI vulnerabilities.
Based on this, remove vulnerable ESI PACKAGECONFIG already now.

[1] https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj
[2] https://github.com/squid-cache/squid/commit/5eb89ef3d828caa5fc43cd8064f958010dbc8158

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-11-19 13:50:56 -08:00
Peter Marko 928ef34ead squid: upgrade 6.10 -> 6.12
License-Update: copyright year updated

Add patch to fix new build failure from release tarball.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-11-19 13:50:56 -08:00
Peter Marko c393973c85 squid: Upgrade to 6.10
Solves CVE-2024-37894

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-08-04 19:42:34 -07:00
Khem Raj ffc64e9c6f recipes: Start WORKDIR -> UNPACKDIR transition
Replace references of WORKDIR with UNPACKDIR where it makes sense to do
so in preparation for changing the default value of UNPACKDIR.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-05-23 08:44:44 -07:00
Yoann Congal 1429a784c7 squid: workaround a build failure with native gcc10
When build on Debian 11 (gcc10), squid fails to build[0] because of a
bug[1] in the configure step (it mixes options between old native compiler
and recent target compiler: the former needs the std=c++17 option, the latter
doesn't).

The workaround is to force the "-std=c++17" option for the native build.

NB: Our Buildroot friends have the same workaround[2].

[0]: https://autobuilder.yoctoproject.org/typhoon/#/builders/155/builds/23/steps/28/logs/stdio
[1]: https://bugs.squid-cache.org/show_bug.cgi?id=5376
     Bug closed as invalid by upstream
[2]: https://github.com/buildroot/buildroot/blob/932b52fad87d79d9f26a343edafe2981079de16e/package/squid/squid.mk#L24

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Reviewed-by: Alexandre Truong <alexandre.truong@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-05-19 08:28:01 -07:00
Wang Mingyu 8c1aa2b8ae squid: upgrade 6.8 -> 6.9
Changelog:
==========
- Regression Bug 5349: basic_nis_auth build error: unterminated #ifndef
- Bug 5069: Keep listening after getsockname() error
- Bug 5360: FwdState::noteDestinationsEnd() assertion "err"
- Reduce stale errno usage
- Plug memory leak in handling cache manager requests
- Fix error: template-id not allowed for constructor in C++20
- Improve release packaging automation

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-04-17 23:47:28 -07:00
Khem Raj dafd02adc5 squid: Upgrade to 6.8
Drop a patch which was needed for older gcc

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-03-08 10:07:26 -08:00
Khem Raj 2b416eb0d6 squid: Add missing bash dependency for ptest package
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-02-26 08:13:21 -08:00
Wang Mingyu a178f67d97 squid: upgrade 6.6 -> 6.7
Changelog:
===========
- Bug 5337: workaround for crash on startup if -a option is used
- Bug 5274: Successful tunnels logged as TCP_TUNNEL/500
- Fix crash when NTLM and Negotiate helpers are queried with no HTTP request
- Fix SslBump memory leak when mimicking certificates with Authority Key Identifier
- Fix memory leak on SslBump certificates with Authority Key Identifier extension
- Fix a possible integer overflow in FTP Gateway
- Extend cache_log_message to Bug 5187 and job invalidation BUGs
- Remove incorrect beta version warning
- MS Windows portability improvements and some documentation improvements

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-02-09 09:52:09 -08:00
Wang Mingyu 0fae40f44c squid: upgrade 6.5 -> 6.6
Changelog:
===========
- Bug 5328: Fix ESI build with libxml2 v2.12.0
- Bug 5319: QOS Netfilter MARK preservation is always disabled
- Bug 5318: peer_digest.cc:399: "fetch->pd && receivedData.data"
- Bug 5317: FATAL attempt to read data from memory
- Bug 5154: Do not open IPv6 sockets when IPv6 is disabled
- FTP: Ignore credentials with a NUL-prefixed username
- log_db_daemon: Fix DSN construction
- Limit the number of allowed X-Forwarded-For hops
- Do not update StoreEntry expiration after errorAppendEntry()
- improve handling of response sending errors

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-01-02 00:35:51 -08:00
Patrick Wicki 501e5aa4b5 squid: add systemd service
Integrate the upstream unit file into the recipe.

Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-11-29 22:25:05 -08:00
Patrick Wicki a7275d4c1e squid: add url-rewrite-helpers packageconfig
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-11-29 22:25:05 -08:00
Patrick Wicki 10ac056fc0 squid: move configs to sub package
Move the config files to a separate squid-conf package. This allows
shipping new configs via a custom conf package.

Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-11-29 22:25:05 -08:00
Patrick Wicki fa560acfdb squid: add auth packageconfig
Introduce PACKAGECONFIG[auth] and pin the dependencies to it. This
allows building squid without authentication support and all its related
dependencies.

Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-11-29 22:25:05 -08:00
Patrick Wicki a5f13e6231 squid: add nm dispatcher reload hook
This enables the networkmanager dispatcher to reload squid automatically
on network changes. This idea is from the Fedora package where they do
the same:
https://src.fedoraproject.org/rpms/squid/blob/rawhide/f/squid.spec#_207

Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-11-29 22:25:05 -08:00
Patrick Wicki f497274945 squid: update from v5.7 to v6.5
Refresh patches and clean up ones that are no longer needed:

* dlopen test was removed in b65d2165c5c250242764ed7cdac4540fba813dec
* libxml2 variables were removed in
  866a092dad01e58986a6e9ecb84ac89037a63e9a
* squid-conf-tests no longer run at build time since
  cd3dc147bf8abc0225237ced865c6660fffcb63a

Fix squid-conf-tests to allow running on target device.

License change: Update year

The version update eliminates the following CVEs:

* CVE-2023-5824  (affected: <6.4)
* CVE-2023-46724 (affected: >=3.3.0.1, <6.4)
* CVE-2023-46728 (affected: <6.0.1)
* CVE-2023-46846 (affected: >=2.6, <6.4)
* CVE-2023-46847 (affected: >=3.2.0.1, <6.4)
* CVE-2023-46848 (affected: >=5.0.3, <6.4)

Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-11-29 22:25:04 -08:00
Martin Jansa be8c765c7c *.patch: add Upstream-Status to all patches
There is new patch-status QA check in oe-core:
https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a

This is temporary work around just to hide _many_ warnings from
optional patch-status (if you add it to WARN_QA).

This just added
Upstream-Status: Pending
everywhere without actually investigating what's the proper status.

This is just to hide current QA warnings and to catch new .patch files being
added without Upstream-Status, but the number of Pending patches is now terrible:

5 (26%) 	meta-xfce
6 (50%) 	meta-perl
15 (42%)        meta-webserver
21 (36%)        meta-gnome
25 (57%)        meta-filesystems
26 (43%)        meta-initramfs
45 (45%)        meta-python
47 (55%)        meta-multimedia
312 (63%)       meta-networking
756 (61%)       meta-oe

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-06-21 09:15:20 -07:00
Khem Raj 35bef1eae0 squid: Remove buildpaths from generated binaries
Compiler invocation and flags are added to SQUID_CONFIGURE_OPTIONS which
is added via generated autoconf.h during configure step. Since OE
encodes sysroot and buildpaths for cross compile, they end up in squid
binary, this patch removes from workdir from them so avoid encoding
build workspace path

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-05-14 15:28:06 -07:00
Andrej Kozemcak 1dc95cae90 squid: upgrade 4.15 -> 5.7
- drop included patches
- refresh remaining patches
- update to new ptest

Licence change: update year

Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-09-22 16:45:05 -07:00
Khem Raj 7d8a0e840d recipes: Update LICENSE variable to use SPDX license identifiers
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-03-04 17:41:45 -08:00
Martin Jansa c61dc077bb Convert to new override syntax
This is the result of automated script (0.9.1) conversion:

oe-core/scripts/contrib/convert-overrides.py .

converting the metadata to use ":" as the override character instead of "_".

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2021-08-03 10:21:25 -07:00
Andrej Kozemcak 77e6147545 squid: upgrade 4.14 -> 4.15
Changes are found at: http://www.squid-cache.org/Versions/v4/changesets

Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-05-21 06:47:58 -07:00
Khem Raj c481ee79a2 squid: Include <limits> for using std::numeric_limits
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-03-03 11:08:29 -08:00
Andrej Valek c449e8a8b7 squid: upgrade 4.12 -> 4.13
Changes are found at: http://www.squid-cache.org/Versions/v4/changesets

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-08-25 11:24:58 -07:00
Andreas Müller 63a4a54500 squid: upgrade 4.9 -> 4.12
License checksum was changed by change of copyright year

Changes are found at [1-3]

[1] http://www.squid-cache.org/Versions/v4/changesets/SQUID_4_12.html
[2] http://www.squid-cache.org/Versions/v4/changesets/SQUID_4_11.html
[3] http://www.squid-cache.org/Versions/v4/changesets/SQUID_4_10.html

Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-06-19 12:42:55 -07:00
Khem Raj 626209aabb squid: Link with libatomic on riscv
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-01-28 13:55:35 -08:00
Martin Balik 4ac3c692f8 squid: upgrade 4.6 -> 4.9
Signed-off-by: Martin Balik <martin.balik@siemens.com>
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-11-15 17:59:35 -08:00
Khem Raj 29e17f9c0a squid: Link with libatomic on mips/ppc
The atomics are not supported as builtins on these arches

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-27 10:13:07 -07:00
Andrej Valek d219ba7a28 squid: upgrade squid 3.5.28 -> 4.6
- refresh and remove obsolete patches
 - add openssl and esi as package options
 - add missing header for std::bind implementation

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-09 21:31:36 -07:00
Pascal Bach b42de097dd squid: upgrade 3.5.27 -> 3.5.28
Copyright year has changed in COPYRIGHTS file, thus the hash change.

Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-03-11 21:15:46 -07:00
Khem Raj 3ef9acf484 squid: Fix build with gcc8
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2018-06-24 23:04:04 -07:00
Khem Raj 309963b2f1 squid: Upgrade to 3.5.27
Drop upstreamed/backported patches

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2018-05-17 08:32:26 -07:00
Armin Kuster 68c8fe1aba squid: refresh patches
ARNING:
Some of the context lines in patches were ignored. This can lead to incorrectly applied patches.
The context lines in the patches can be updated with devtool:

    devtool modify <recipe>
    devtool finish --force-patch-refresh <recipe> <layer_path>

Then the updated patches and the source tree (in devtool's workspace)
should be reviewed to make sure the patches apply in the correct place
and don't introduce duplicate lines (which can, and does happen
when some of the context is ignored). Further information:
http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.html
https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450
Details:
checking file configure.ac
Hunk #1 succeeded at 27 with fuzz 1 (offset 8 lines).

and others

Signed-off-by: Armin Kuster <akuster808@gmail.com>
2018-04-13 12:43:40 -07:00
Khem Raj 2179687c99 squid: Fix QA errors about wrong perl interpreter
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-09-12 10:55:05 -04:00
Khem Raj 112d30cc6a squid: Disable format-truncation warning only with gcc
Clang does not support this option

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-09-12 10:55:05 -04:00
Khem Raj e04ca3cc55 squid: Add missing dependencies on openssl expat and libxml2
inherit classes needed for pkgconfig and perl
NIS is not buildable with gold linker, disable it

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-09-12 10:37:18 -04:00
Khem Raj 841bb94ce8 squid: Fix build with hardening
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-06-28 10:29:39 -04:00
Khem Raj 325e3ebf42 squid: Upgrade to 3.5.26
Fix build errors with gcc7 along the way

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-06-28 10:29:16 -04:00
Khem Raj 52db0e6c05 squid: Upgrade to 3.5.25
Add patch to fix throw() errors with gcc7
Update copyright year to 2017

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 16:10:55 -04:00
Khem Raj d9dc6b2d4c squid: Update to 3.5.23
Disable NIS on musl, it doesnt yet build

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:35 -04:00