Commit Graph

26 Commits

Author SHA1 Message Date
Peter Marko c393973c85 squid: Upgrade to 6.10
Solves CVE-2024-37894

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-08-04 19:42:34 -07:00
Khem Raj dafd02adc5 squid: Upgrade to 6.8
Drop a patch which was needed for older gcc

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-03-08 10:07:26 -08:00
Patrick Wicki a5f13e6231 squid: add nm dispatcher reload hook
This enables the networkmanager dispatcher to reload squid automatically
on network changes. This idea is from the Fedora package where they do
the same:
https://src.fedoraproject.org/rpms/squid/blob/rawhide/f/squid.spec#_207

Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-11-29 22:25:05 -08:00
Patrick Wicki f497274945 squid: update from v5.7 to v6.5
Refresh patches and clean up ones that are no longer needed:

* dlopen test was removed in b65d2165c5c250242764ed7cdac4540fba813dec
* libxml2 variables were removed in
  866a092dad01e58986a6e9ecb84ac89037a63e9a
* squid-conf-tests no longer run at build time since
  cd3dc147bf8abc0225237ced865c6660fffcb63a

Fix squid-conf-tests to allow running on target device.

License change: Update year

The version update eliminates the following CVEs:

* CVE-2023-5824  (affected: <6.4)
* CVE-2023-46724 (affected: >=3.3.0.1, <6.4)
* CVE-2023-46728 (affected: <6.0.1)
* CVE-2023-46846 (affected: >=2.6, <6.4)
* CVE-2023-46847 (affected: >=3.2.0.1, <6.4)
* CVE-2023-46848 (affected: >=5.0.3, <6.4)

Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-11-29 22:25:04 -08:00
Martin Jansa be8c765c7c *.patch: add Upstream-Status to all patches
There is new patch-status QA check in oe-core:
https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a

This is temporary work around just to hide _many_ warnings from
optional patch-status (if you add it to WARN_QA).

This just added
Upstream-Status: Pending
everywhere without actually investigating what's the proper status.

This is just to hide current QA warnings and to catch new .patch files being
added without Upstream-Status, but the number of Pending patches is now terrible:

5 (26%) 	meta-xfce
6 (50%) 	meta-perl
15 (42%)        meta-webserver
21 (36%)        meta-gnome
25 (57%)        meta-filesystems
26 (43%)        meta-initramfs
45 (45%)        meta-python
47 (55%)        meta-multimedia
312 (63%)       meta-networking
756 (61%)       meta-oe

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-06-21 09:15:20 -07:00
Andrej Kozemcak 1dc95cae90 squid: upgrade 4.15 -> 5.7
- drop included patches
- refresh remaining patches
- update to new ptest

Licence change: update year

Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-09-22 16:45:05 -07:00
Andrej Kozemcak 77e6147545 squid: upgrade 4.14 -> 4.15
Changes are found at: http://www.squid-cache.org/Versions/v4/changesets

Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-05-21 06:47:58 -07:00
Khem Raj c481ee79a2 squid: Include <limits> for using std::numeric_limits
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-03-03 11:08:29 -08:00
Andrej Valek d219ba7a28 squid: upgrade squid 3.5.28 -> 4.6
- refresh and remove obsolete patches
 - add openssl and esi as package options
 - add missing header for std::bind implementation

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-09 21:31:36 -07:00
Khem Raj 3ef9acf484 squid: Fix build with gcc8
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2018-06-24 23:04:04 -07:00
Khem Raj 309963b2f1 squid: Upgrade to 3.5.27
Drop upstreamed/backported patches

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2018-05-17 08:32:26 -07:00
Armin Kuster 68c8fe1aba squid: refresh patches
ARNING:
Some of the context lines in patches were ignored. This can lead to incorrectly applied patches.
The context lines in the patches can be updated with devtool:

    devtool modify <recipe>
    devtool finish --force-patch-refresh <recipe> <layer_path>

Then the updated patches and the source tree (in devtool's workspace)
should be reviewed to make sure the patches apply in the correct place
and don't introduce duplicate lines (which can, and does happen
when some of the context is ignored). Further information:
http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.html
https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450
Details:
checking file configure.ac
Hunk #1 succeeded at 27 with fuzz 1 (offset 8 lines).

and others

Signed-off-by: Armin Kuster <akuster808@gmail.com>
2018-04-13 12:43:40 -07:00
Khem Raj 841bb94ce8 squid: Fix build with hardening
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-06-28 10:29:39 -04:00
Khem Raj 325e3ebf42 squid: Upgrade to 3.5.26
Fix build errors with gcc7 along the way

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-06-28 10:29:16 -04:00
Khem Raj 52db0e6c05 squid: Upgrade to 3.5.25
Add patch to fix throw() errors with gcc7
Update copyright year to 2017

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 16:10:55 -04:00
Oleksandr Kravchuk 4b4a62ec07 recipes: delete obsolete patches
Deleted bunch of patches which are not used anymore by any recipe.

Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2017-03-16 23:34:32 +01:00
Yi Zhao 6f54f29b70 squid: specify sysconfdir and logdir
The default sysconfdir is /etc and logdir is /var/logs. Set sysconfdir
and logdir when configure, replace them with /etc/squid and
/var/log/squid.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2016-10-20 11:16:49 -04:00
Jackie Huang 3143193223 squid: don't do squid-conf-tests at build time
* squid-conf-tests is a test to run "squid -k parse -f"
  to perse the config files, which should not be run
  at build time since we are cross compiling, so remove
  it when compiling test-suite

* Fix the directories of the conf files for squid-conf-tests
  so that it can run on the target and add it for ptest

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2016-09-05 13:34:12 -04:00
Yi Zhao c7e8da3819 squid: add missing patch header
Add upstream-status and signed-off-by line to the patch to obey the
recommendations:
http://openembedded.org/wiki/Commit_Patch_Message_Guidelines#Patch_Header_Recommendations

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2016-09-05 13:34:11 -04:00
Yue Tao 4307c6a746 squid: fix configure host contamination
When configuring squid with --enable-esi option,
the following error was observed:
[snip]
checking libxml/parser.h usability... no
checking libxml/parser.h presence... no
checking for libxml/parser.h... no
configure: Failed to find libxml2 header file libxml/parser.h
[snip]
ERROR: This autoconf log indicates errors, it looked at host include
and/or library paths while determining system capabilities.
[snip]

It tried to search libxml header file in host path. Set the SYSROOT
to avoid this host contamination.

Signed-off-by: Yue Tao <yue.tao@windriver.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2016-08-16 21:26:10 -04:00
Jackie Huang 03b76ca4b0 squid: upgrade to 3.5.20
* Remove the blacklist since the issue is gone with new version
* Remove two CVE patches which have been fixed:
  - CVE-2016-3947 and CVE-2016-4553
* Rebased the patch for ptest.

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2016-08-05 09:06:50 -04:00
Catalin Enache d46c89ae44 squid: CVE-2016-4553
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10
does not properly ignore the Host header when absolute-URI
is provided, which allows remote attackers to conduct
cache-poisoning attacks via an HTTP request.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4553

Backported upstream patch:
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch

Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2016-06-01 19:35:50 -04:00
Catalin Enache f79a851b64 squid: CVE-2016-3947
Heap-based buffer overflow in the Icmp6::Recv function in
icmp/Icmp6.cc in the pinger in Squid before 3.5.16 and 4.x
before 4.0.8 allows remote servers to cause a denial of
service (performance degradation or transition failures)
or write sensitive information to log files via an ICMPv6
packet.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3947

Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2016-05-05 11:41:29 -04:00
Roy Li 7d13944f65 squid: upgrade to 3.5.7
1. Remove the squid-change-ksh-referen*.patch which is not needed, since
   3.5.7 did not use ksh by default.
2. Update the checksum of COPYING,since the date in it has been changed.
3. Define BUILDCXXFLAGS, otherwise the target gcc options -std=c++11 will
   add into it, and lead to building failure since host gcc maybe not
   support "-std=c++11"
4. Assume to support GNU atomic operations by default, the running check
   on cross-compile setup does not work
5. enable basic auth by checking the DISTRO_FEATURE, and the default
   dependency on db, opensasl and openldap nis have been set, so enable
   them by default.

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2015-09-11 13:33:54 -04:00
Chong Lu 22119569b9 squid: change ksh reference in krb ldap helper to sh
This solves the following warning:

squid-3.4.7: squid requires /bin/bash, /usr/bin/perl, but no providers in its
RDEPENDS [file-rdeps]

Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2014-11-04 16:02:44 -05:00
Jackie Huang b310b1daf8 squid: add new recipe
squid is a fully-featured http proxy and web-cache daemon for Linux.

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2014-10-16 07:00:59 +02:00