Commit Graph

549 Commits

Author SHA1 Message Date
Ankur Tyagi a742dae3f2 postfix: upgrade 3.8.16 -> 3.8.17
https://www.postfix.org/announcements/postfix-3.11.3.html

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-06-09 11:37:19 +05:30
Ankur Tyagi c756576c1c postfix: upgrade 3.8.12 -> 3.8.16
3.8.13
http://www.postfix.org/announcements/postfix-3.10.6.html

3.8.14
http://www.postfix.org/announcements/postfix-3.10.7.html

3.8.15
http://www.postfix.org/announcements/postfix-3.10.8.html

3.8.16
http://www.postfix.org/announcements/postfix-3.11.2.html

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-05-21 08:57:47 +05:30
Aviv Daum 4439caa199 lldpd: fix xml PACKAGECONFIG dependency
The xml PACKAGECONFIG entry uses libxm2, which is a typo and not a
valid dependency in OE.

Replace it with libxml2 so enabling PACKAGECONFIG:xml pulls in the
correct provider.

Signed-off-by: Aviv Daum <aviv.daum@gmail.com>
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit cec3e0fd96)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-03-24 15:48:20 +05:30
Gyorgy Sarvari a0a3169b2b keepalived: patch CVE-2024-41184
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-41184

Backport the patches referenced by upstream in the bug
mentioned by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-03-24 08:52:01 +05:30
Gyorgy Sarvari d691a39655 proftpd: ignore CVE-2021-47865
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-47865

This CVE was opened based on a 5 years old Github issue[1], and has been made
public recently. The CVE wasn't officially disputed (yet?), but based on
the description and the given PoC the application is working as expected.

The vulnerability description and the PoC basically configures proftpd to
accept maximum x connections, and then when the user tries to open x + 1
concurrent connections, it refuses new connections over the configured limit.

See also discussion in the Github issue.

It seems that it won't be fixed, because there is nothing to fix.

[1]: https://github.com/proftpd/proftpd/issues/1298

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-02-12 13:38:12 +05:30
Ankur Tyagi bfd8dda3ba proftpd: patch CVE-2024-48651
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-48651

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-01-12 07:52:00 +05:30
Vijay Anusuri b4812b18ee proftpd: Fix CVE-2023-48795
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/bcec15efe6c53dac40420731013f1cd2fd54123b

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 6c8ae54fc3)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-11 08:02:03 +05:30
Peter Marko 23c3bdefbe squid: patch CVE-2025-62168
Pick commit mentioned in NVD CVE report.

Conflict in src/errorpage.cc resolved per patch from Debian bookworm.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-17 11:50:20 +05:30
Peter Marko 1a6b962e47 proftpd: set status of CVE-2001-0027
This ancient CVE [1] is unversioned ("*") in NVD DB.
"mod_sqlpw module in ProFTPD does not reset a cached password..."

Looking at history and changelog, the module was removed [2] around
the time when this CVE was published, likely as reaction to this CVE.
"mod_sqlpw.c, mod_mysql.c and mod_pgsql.c have been REMOVED from the
distribution. They are currently unmaintained and have numerous bugs."

Note: It was later re-introduced as mod_sql when it got fixed under
new maintainer.

[1] https://nvd.nist.gov/vuln/detail/CVE-2001-0027
[2] https://github.com/proftpd/proftpd/blob/v1.3.8b/NEWS#L3362

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 03a1b56bc7)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-17 11:50:20 +05:30
Gyorgy Sarvari bb36ace700 ncftp: fix SRC_URI
The downloaded tarball was moved to a new folder, causing
fetching failures.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:32:47 +05:30
Ankur Tyagi f029d98026 squid: upgrade 6.12 -> 6.14
License-Update: copyright years updated

Changelog:
https://github.com/squid-cache/squid/releases/tag/SQUID_6_13
https://github.com/squid-cache/squid/releases/tag/SQUID_6_14

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:28:45 +05:30
Peter Marko 64eecac264 squid: download from github
Devtool could not find latest versions before.

Download page [1] shows message
"Squid sources are released through GitHub. Please refer to the Releases
Page to find all released versions."

Note that also squid security advisories were moved to Github.

[1] https://www.squid-cache.org/Versions/

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f088e1e1f9)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:28:45 +05:30
Peter Marko 817253bd45 squid: upgrade 6.10 -> 6.12
License-Update: copyright year updated

Add patch to fix new build failure from release tarball.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 928ef34ead)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:28:45 +05:30
Peter Marko 42e51b1e59 squid: Upgrade to 6.10
Solves CVE-2024-37894

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c393973c85)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:28:45 +05:30
Ankur Tyagi 2020ebf1f9 iscsi-initiator-utils: upgrade 2.1.8 -> 2.1.9
This release sees more bug fixes, and no major functional changes.
Several memory issues were addressed in iscsiuio, making it more reliable.

Changelog:
https://github.com/open-iscsi/open-iscsi/blob/2.1.9/Changelog

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:14:57 +05:30
Ankur Tyagi 90fa6fc6e8 proftpd: upgrade 1.3.7c -> 1.3.7f
https://github.com/proftpd/proftpd/blob/1.3.7/NEWS

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:14:57 +05:30
Ross Burton 1598b0778f pureftp: fix autoreconf
autoreconf needs to be told where to find macros as the Makefile.am does
not do this.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 76a756989a)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:14:57 +05:30
Wang Mingyu 5366dd804c pure-ftpd: upgrade 1.0.51 -> 1.0.52
nostrip.patch
refreshed for 1.0.52

License-Update: Copyright year updated to 2024

Changelog:
==========
 - The QUIT command is now accepted during a transfer.
 - The server can be built with --with-minimal again.
 - Fixed an out of bounds read in the MLSD command.
 - Larger mmap()ed pages are used on aarch64.
 - Improved compatibility with HPUX
 - Improved OpenSSL API compatibility
 - Improved compatibility with OpenWall Linux
 - Improved compatibility with Netfilter

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit fac6357f60)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:14:57 +05:30
Ankur Tyagi 7632025d8a postfix: upgrade 3.8.9 -> 3.8.12
Release Notes:
http://ftp.porcupine.org/mirrors/postfix-release/official/postfix-3.8.12.RELEASE_NOTES

Dropped 0006-postfix-add-preliminary-setting.patch as changes are now part
of current version 3.8.12 (20250919)
http://ftp.porcupine.org/mirrors/postfix-release/official/postfix-3.8.12.HISTORY

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:14:57 +05:30
Yi Zhao cab0df9423 postfix: upgrade 3.8.6 -> 3.8.9
ChangeLog:
http://ftp.porcupine.org/mirrors/postfix-release/official/postfix-3.8.9.HISTORY

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9e656e3ac2)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:14:57 +05:30
Peter Marko 08ee2e37ba squid: patch CVE-2025-59362
Pick commit from PR mentioned in NVD report.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-10-30 15:13:15 +08:00
Jinfeng Wang fb6424156a postfix: fix rootfs file difference
Rootfs file differs with the same project configure, add preliminary
setting to avoid this.

Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-08-02 13:13:14 -04:00
Vijay Anusuri 1e80bb4b03 proftpd: Fix CVE-2023-51713
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/97bbe68363ccf2de0c07f67170ec64a8b4d62592

Link: https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone&id=730e44900a0a86265bad93a16b5a5ff344a07266

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-08-02 13:13:06 -04:00
Vijay Anusuri 491671faee proftpd: Fix CVE-2024-57392
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/981a37916fdb7b73435c6d5cdb01428b2269427d

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-05-21 09:17:27 -04:00
Khem Raj a627269b8a keepalived: Make build reproducible
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
2025-04-16 20:30:23 -04:00
Peter Marko 98e1f972bd squid: conditionally set status of CVE-2024-45802
According to [1] the ESI feature implementation in squid is vulnerable
without any fix available.
NVD says it's fixed in 6.10, however the change in this release only
disables ESI by default (which we always did via PACKAGECONFIG).

Commit in master branch related to this CVE is [2].
Title is "Remove Edge Side Include (ESI) protocol" and it's also what it
does. So there will never be a fix for these ESI vulnerabilities.

We should not break features in LTS branch and cannot fix this problem.
So ignrore this CVE based on set PACKAGECONFIG which should remove it
from reports for most users. Thos who need ESI need to assess the risk
themselves.

[1] https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj
[2] https://github.com/squid-cache/squid/commit/5eb89ef3d828caa5fc43cd8064f958010dbc8158

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-11-09 14:44:28 -05:00
Peter Marko be2127dce5 squid: patch CVE-2024-37894
Reference: https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-08-21 16:45:29 -04:00
Yoann Congal 5b010b412b squid: workaround a build failure with native gcc10
When build on Debian 11 (gcc10), squid fails to build[0] because of a
bug[1] in the configure step (it mixes options between old native compiler
and recent target compiler: the former needs the std=c++17 option, the latter
doesn't).

The workaround is to force the "-std=c++17" option for the native build.

NB: Our Buildroot friends have the same workaround[2].

[0]: https://autobuilder.yoctoproject.org/typhoon/#/builders/155/builds/23/steps/28/logs/stdio
[1]: https://bugs.squid-cache.org/show_bug.cgi?id=5376
     Bug closed as invalid by upstream
[2]: https://github.com/buildroot/buildroot/blob/932b52fad87d79d9f26a343edafe2981079de16e/package/squid/squid.mk#L24

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Reviewed-by: Alexandre Truong <alexandre.truong@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-06-02 14:57:06 -04:00
maffan d8ba3e4400 networkd-dispatcher: Add dependency on python3-json
networkd-dispatcher imports json. Add it as a RDEPENDS.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-04-30 11:00:34 -07:00
Wang Mingyu 697f0b5e9a squid: upgrade 6.8 -> 6.9
Changelog:
==========
- Regression Bug 5349: basic_nis_auth build error: unterminated #ifndef
- Bug 5069: Keep listening after getsockname() error
- Bug 5360: FwdState::noteDestinationsEnd() assertion "err"
- Reduce stale errno usage
- Plug memory leak in handling cache manager requests
- Fix error: template-id not allowed for constructor in C++20
- Improve release packaging automation

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-04-21 10:52:48 -07:00
Randy MacLeod 6fe48daa6d postfix: switch SRC_URI to http
Switch the SRC_URI to http since the postfix site does not yet use https.

Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-04-14 08:38:39 -07:00
Randy MacLeod 7227c83e80 ncftp: Upgrade to 3.2.7
Switch the SRC_URI from "ftp:" to "https:". Drop the obsolete SRC_URI[md5sum].
Drop ncftp-3.2.5-gcc10.patch since we're using gcc13 and upstream has fixed the build
to work by adding an extern to sh_util/gpshare.c for example.

Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-04-14 08:38:39 -07:00
Khem Raj f952769a37 autofs: Fix build with musl >= 1.2.5
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-03-25 12:50:39 -07:00
Wang Mingyu 0bfe8ae432 networkd-dispatcher: upgrade 2.1 -> 2.2.4
Changelog:
==========
- Improve performance when getting interface status
- update project URL
- Add environment variables to manpage.
- Don't start the daemon if there's nothing to do
- _interface_scan: fix wrong index into iface map
- _interface_scan: force handle_state for new interfaces
- Add missing administrative state 'initialized'
- use os.path.dirname instead of os.path.basename
- make sure scripts are not writeable by non-root users
- don't allow unknown operational/admin states (CVE-2022-29799, CVE-2022-29800)
- Fix missing word in exception message
- fix some new linting issues from pylint
- manpage: fix missing slash in "configured.d" directory name
- Normalize parsed IP address value
- Drop support for Python 3.4
- Add testing for Python 3.10
- README.md: fix code formatting

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-03-20 09:28:06 -07:00
Khem Raj dafd02adc5 squid: Upgrade to 6.8
Drop a patch which was needed for older gcc

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-03-08 10:07:26 -08:00
Yi Zhao 297c8b2031 postfix: upgrade 3.8.5 -> 3.8.6
ChangeLog:
https://www.postfix.org/announcements/postfix-3.8.6.html

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-03-08 10:07:25 -08:00
Yi Zhao a326451eb6 postfix: upgrade 3.7.3 -> 3.8.5
ChangeLog:
https://www.postfix.org/announcements/postfix-3.8.0.html
https://www.postfix.org/announcements/postfix-3.8.1.html
https://www.postfix.org/announcements/postfix-3.8.2.html
https://www.postfix.org/announcements/postfix-3.8.3.html
https://www.postfix.org/announcements/postfix-3.8.4.html
https://www.postfix.org/announcements/postfix-3.8.5.html

* Drop 0006-makedefs-Account-for-linux-6.x-version.patch as the issue
  has been fixed upstream.
* Merge inc file into single recipe

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-03-01 16:37:55 -08:00
Khem Raj 2b416eb0d6 squid: Add missing bash dependency for ptest package
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-02-26 08:13:21 -08:00
Khem Raj c9844a43e0 openhpi: Fix ptest run time failures
It needs make and build tools in order to run

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-02-26 08:13:21 -08:00
Wang Mingyu a178f67d97 squid: upgrade 6.6 -> 6.7
Changelog:
===========
- Bug 5337: workaround for crash on startup if -a option is used
- Bug 5274: Successful tunnels logged as TCP_TUNNEL/500
- Fix crash when NTLM and Negotiate helpers are queried with no HTTP request
- Fix SslBump memory leak when mimicking certificates with Authority Key Identifier
- Fix memory leak on SslBump certificates with Authority Key Identifier extension
- Fix a possible integer overflow in FTP Gateway
- Extend cache_log_message to Bug 5187 and job invalidation BUGs
- Remove incorrect beta version warning
- MS Windows portability improvements and some documentation improvements

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-02-09 09:52:09 -08:00
Li Wang 1008d54e1f radvd: add '--shell /sbin/nologin' to /etc/passwd
the default setting USERADD_PARAM of yocto:
-s /bin/sh

follow redhat policy:
radvd/redhat/systemd/radvd.spec
  useradd ... -s /sbin/nologin ...

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-01-27 09:48:31 -08:00
Wang Mingyu f8058e2efb lldpd: upgrade 1.0.17 -> 1.0.18
Changelog:
===========
- Fix memory leaks in EDP/FDP decoding when receiving some TLVs twice.
- Do not set interface description continuously.
- Use a different Netlink socket for changes and queries.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-01-22 18:02:28 -08:00
Jordan Crouse 231c8bd264 keepalived: Move the sample configuration files to a separate package
By default keepalived installs a bunch of sample configurations to
/etc/keepalived/samples. These are good demonstrations but will almost
certainly not apply to any real world situation.

Move the sample files to a separate package.

Signed-off-by: Jordan Crouse <jorcrous@amazon.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-01-02 11:08:36 -08:00
Wang Mingyu 0fae40f44c squid: upgrade 6.5 -> 6.6
Changelog:
===========
- Bug 5328: Fix ESI build with libxml2 v2.12.0
- Bug 5319: QOS Netfilter MARK preservation is always disabled
- Bug 5318: peer_digest.cc:399: "fetch->pd && receivedData.data"
- Bug 5317: FATAL attempt to read data from memory
- Bug 5154: Do not open IPv6 sockets when IPv6 is disabled
- FTP: Ignore credentials with a NUL-prefixed username
- log_db_daemon: Fix DSN construction
- Limit the number of allowed X-Forwarded-For hops
- Do not update StoreEntry expiration after errorAppendEntry()
- improve handling of response sending errors

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-01-02 00:35:51 -08:00
Patrick Wicki 501e5aa4b5 squid: add systemd service
Integrate the upstream unit file into the recipe.

Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-11-29 22:25:05 -08:00
Patrick Wicki a7275d4c1e squid: add url-rewrite-helpers packageconfig
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-11-29 22:25:05 -08:00
Patrick Wicki 10ac056fc0 squid: move configs to sub package
Move the config files to a separate squid-conf package. This allows
shipping new configs via a custom conf package.

Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-11-29 22:25:05 -08:00
Patrick Wicki fa560acfdb squid: add auth packageconfig
Introduce PACKAGECONFIG[auth] and pin the dependencies to it. This
allows building squid without authentication support and all its related
dependencies.

Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-11-29 22:25:05 -08:00
Patrick Wicki a5f13e6231 squid: add nm dispatcher reload hook
This enables the networkmanager dispatcher to reload squid automatically
on network changes. This idea is from the Fedora package where they do
the same:
https://src.fedoraproject.org/rpms/squid/blob/rawhide/f/squid.spec#_207

Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-11-29 22:25:05 -08:00
Patrick Wicki f497274945 squid: update from v5.7 to v6.5
Refresh patches and clean up ones that are no longer needed:

* dlopen test was removed in b65d2165c5c250242764ed7cdac4540fba813dec
* libxml2 variables were removed in
  866a092dad01e58986a6e9ecb84ac89037a63e9a
* squid-conf-tests no longer run at build time since
  cd3dc147bf8abc0225237ced865c6660fffcb63a

Fix squid-conf-tests to allow running on target device.

License change: Update year

The version update eliminates the following CVEs:

* CVE-2023-5824  (affected: <6.4)
* CVE-2023-46724 (affected: >=3.3.0.1, <6.4)
* CVE-2023-46728 (affected: <6.0.1)
* CVE-2023-46846 (affected: >=2.6, <6.4)
* CVE-2023-46847 (affected: >=3.2.0.1, <6.4)
* CVE-2023-46848 (affected: >=5.0.3, <6.4)

Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-11-29 22:25:04 -08:00