| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Reference: https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
Drop a patch which was needed for older gcc
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This enables the networkmanager dispatcher to reload squid automatically
on network changes. This idea is from the Fedora package where they do
the same:
https://src.fedoraproject.org/rpms/squid/blob/rawhide/f/squid.spec#_207
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refresh patches and clean up ones that are no longer needed:
* dlopen test was removed in b65d2165c5c250242764ed7cdac4540fba813dec
* libxml2 variables were removed in
866a092dad01e58986a6e9ecb84ac89037a63e9a
* squid-conf-tests no longer run at build time since
cd3dc147bf8abc0225237ced865c6660fffcb63a
Fix squid-conf-tests to allow running on target device.
License change: Update year
The version update eliminates the following CVEs:
* CVE-2023-5824 (affected: <6.4)
* CVE-2023-46724 (affected: >=3.3.0.1, <6.4)
* CVE-2023-46728 (affected: <6.0.1)
* CVE-2023-46846 (affected: >=2.6, <6.4)
* CVE-2023-46847 (affected: >=3.2.0.1, <6.4)
* CVE-2023-46848 (affected: >=5.0.3, <6.4)
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is new patch-status QA check in oe-core:
https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a
This is temporary work around just to hide _many_ warnings from
optional patch-status (if you add it to WARN_QA).
This just added
Upstream-Status: Pending
everywhere without actually investigating what's the proper status.
This is just to hide current QA warnings and to catch new .patch files being
added without Upstream-Status, but the number of Pending patches is now terrible:
5 (26%) meta-xfce
6 (50%) meta-perl
15 (42%) meta-webserver
21 (36%) meta-gnome
25 (57%) meta-filesystems
26 (43%) meta-initramfs
45 (45%) meta-python
47 (55%) meta-multimedia
312 (63%) meta-networking
756 (61%) meta-oe
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
- drop included patches
- refresh remaining patches
- update to new ptest
Licence change: update year
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Changes are found at: http://www.squid-cache.org/Versions/v4/changesets
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
- refresh and remove obsolete patches
- add openssl and esi as package options
- add missing header for std::bind implementation
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Drop upstreamed/backported patches
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ARNING:
Some of the context lines in patches were ignored. This can lead to incorrectly applied patches.
The context lines in the patches can be updated with devtool:
devtool modify <recipe>
devtool finish --force-patch-refresh <recipe> <layer_path>
Then the updated patches and the source tree (in devtool's workspace)
should be reviewed to make sure the patches apply in the correct place
and don't introduce duplicate lines (which can, and does happen
when some of the context is ignored). Further information:
http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.html
https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450
Details:
checking file configure.ac
Hunk #1 succeeded at 27 with fuzz 1 (offset 8 lines).
and others
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
| |
Fix build errors with gcc7 along the way
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
| |
Add patch to fix throw() errors with gcc7
Update copyright year to 2017
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
| |
Deleted bunch of patches which are not used anymore by any recipe.
Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
The default sysconfdir is /etc and logdir is /var/logs. Set sysconfdir
and logdir when configure, replace them with /etc/squid and
/var/log/squid.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* squid-conf-tests is a test to run "squid -k parse -f"
to perse the config files, which should not be run
at build time since we are cross compiling, so remove
it when compiling test-suite
* Fix the directories of the conf files for squid-conf-tests
so that it can run on the target and add it for ptest
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add upstream-status and signed-off-by line to the patch to obey the
recommendations:
http://openembedded.org/wiki/Commit_Patch_Message_Guidelines#Patch_Header_Recommendations
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When configuring squid with --enable-esi option,
the following error was observed:
[snip]
checking libxml/parser.h usability... no
checking libxml/parser.h presence... no
checking for libxml/parser.h... no
configure: Failed to find libxml2 header file libxml/parser.h
[snip]
ERROR: This autoconf log indicates errors, it looked at host include
and/or library paths while determining system capabilities.
[snip]
It tried to search libxml header file in host path. Set the SYSROOT
to avoid this host contamination.
Signed-off-by: Yue Tao <yue.tao@windriver.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* Remove the blacklist since the issue is gone with new version
* Remove two CVE patches which have been fixed:
- CVE-2016-3947 and CVE-2016-4553
* Rebased the patch for ptest.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10
does not properly ignore the Host header when absolute-URI
is provided, which allows remote attackers to conduct
cache-poisoning attacks via an HTTP request.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4553
Backported upstream patch:
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Heap-based buffer overflow in the Icmp6::Recv function in
icmp/Icmp6.cc in the pinger in Squid before 3.5.16 and 4.x
before 4.0.8 allows remote servers to cause a denial of
service (performance degradation or transition failures)
or write sensitive information to log files via an ICMPv6
packet.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3947
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Remove the squid-change-ksh-referen*.patch which is not needed, since
3.5.7 did not use ksh by default.
2. Update the checksum of COPYING,since the date in it has been changed.
3. Define BUILDCXXFLAGS, otherwise the target gcc options -std=c++11 will
add into it, and lead to building failure since host gcc maybe not
support "-std=c++11"
4. Assume to support GNU atomic operations by default, the running check
on cross-compile setup does not work
5. enable basic auth by checking the DISTRO_FEATURE, and the default
dependency on db, opensasl and openldap nis have been set, so enable
them by default.
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
| |
This solves the following warning:
squid-3.4.7: squid requires /bin/bash, /usr/bin/perl, but no providers in its
RDEPENDS [file-rdeps]
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
squid is a fully-featured http proxy and web-cache daemon for Linux.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
