summaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-daemons/squid
Commit message (Collapse)AuthorAgeFilesLines
* squid: conditionally set status of CVE-2024-45802Peter Marko2024-11-091-0/+6
| | | | | | | | | | | | | | | | | | | | | | According to [1] the ESI feature implementation in squid is vulnerable without any fix available. NVD says it's fixed in 6.10, however the change in this release only disables ESI by default (which we always did via PACKAGECONFIG). Commit in master branch related to this CVE is [2]. Title is "Remove Edge Side Include (ESI) protocol" and it's also what it does. So there will never be a fix for these ESI vulnerabilities. We should not break features in LTS branch and cannot fix this problem. So ignrore this CVE based on set PACKAGECONFIG which should remove it from reports for most users. Thos who need ESI need to assess the risk themselves. [1] https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj [2] https://github.com/squid-cache/squid/commit/5eb89ef3d828caa5fc43cd8064f958010dbc8158 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* squid: patch CVE-2024-37894Peter Marko2024-08-212-0/+37
| | | | | | | Reference: https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* squid: workaround a build failure with native gcc10Yoann Congal2024-06-021-0/+5
| | | | | | | | | | | | | | | | | | | | | When build on Debian 11 (gcc10), squid fails to build[0] because of a bug[1] in the configure step (it mixes options between old native compiler and recent target compiler: the former needs the std=c++17 option, the latter doesn't). The workaround is to force the "-std=c++17" option for the native build. NB: Our Buildroot friends have the same workaround[2]. [0]: https://autobuilder.yoctoproject.org/typhoon/#/builders/155/builds/23/steps/28/logs/stdio [1]: https://bugs.squid-cache.org/show_bug.cgi?id=5376 Bug closed as invalid by upstream [2]: https://github.com/buildroot/buildroot/blob/932b52fad87d79d9f26a343edafe2981079de16e/package/squid/squid.mk#L24 Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Reviewed-by: Alexandre Truong <alexandre.truong@smile.fr> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* squid: upgrade 6.8 -> 6.9Wang Mingyu2024-04-211-1/+1
| | | | | | | | | | | | | | | Changelog: ========== - Regression Bug 5349: basic_nis_auth build error: unterminated #ifndef - Bug 5069: Keep listening after getsockname() error - Bug 5360: FwdState::noteDestinationsEnd() assertion "err" - Reduce stale errno usage - Plug memory leak in handling cache manager requests - Fix error: template-id not allowed for constructor in C++20 - Improve release packaging automation Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: Upgrade to 6.8Khem Raj2024-03-086-138/+3
| | | | | | Drop a patch which was needed for older gcc Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: Add missing bash dependency for ptest packageKhem Raj2024-02-261-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: upgrade 6.6 -> 6.7Wang Mingyu2024-02-091-1/+1
| | | | | | | | | | | | | | | | | Changelog: =========== - Bug 5337: workaround for crash on startup if -a option is used - Bug 5274: Successful tunnels logged as TCP_TUNNEL/500 - Fix crash when NTLM and Negotiate helpers are queried with no HTTP request - Fix SslBump memory leak when mimicking certificates with Authority Key Identifier - Fix memory leak on SslBump certificates with Authority Key Identifier extension - Fix a possible integer overflow in FTP Gateway - Extend cache_log_message to Bug 5187 and job invalidation BUGs - Remove incorrect beta version warning - MS Windows portability improvements and some documentation improvements Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: upgrade 6.5 -> 6.6Wang Mingyu2024-01-021-1/+1
| | | | | | | | | | | | | | | | | | Changelog: =========== - Bug 5328: Fix ESI build with libxml2 v2.12.0 - Bug 5319: QOS Netfilter MARK preservation is always disabled - Bug 5318: peer_digest.cc:399: "fetch->pd && receivedData.data" - Bug 5317: FATAL attempt to read data from memory - Bug 5154: Do not open IPv6 sockets when IPv6 is disabled - FTP: Ignore credentials with a NUL-prefixed username - log_db_daemon: Fix DSN construction - Limit the number of allowed X-Forwarded-For hops - Do not update StoreEntry expiration after errorAppendEntry() - improve handling of response sending errors Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: add systemd servicePatrick Wicki2023-11-291-1/+12
| | | | | | | Integrate the upstream unit file into the recipe. Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: add url-rewrite-helpers packageconfigPatrick Wicki2023-11-291-1/+2
| | | | | Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: move configs to sub packagePatrick Wicki2023-11-291-2/+6
| | | | | | | | Move the config files to a separate squid-conf package. This allows shipping new configs via a custom conf package. Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: add auth packageconfigPatrick Wicki2023-11-291-4/+7
| | | | | | | | | Introduce PACKAGECONFIG[auth] and pin the dependencies to it. This allows building squid without authentication support and all its related dependencies. Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: add nm dispatcher reload hookPatrick Wicki2023-11-292-0/+15
| | | | | | | | | | This enables the networkmanager dispatcher to reload squid automatically on network changes. This idea is from the Fedora package where they do the same: https://src.fedoraproject.org/rpms/squid/blob/rawhide/f/squid.spec#_207 Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: update from v5.7 to v6.5Patrick Wicki2023-11-299-187/+110
| | | | | | | | | | | | | | | | | | | | | | | | | | Refresh patches and clean up ones that are no longer needed: * dlopen test was removed in b65d2165c5c250242764ed7cdac4540fba813dec * libxml2 variables were removed in 866a092dad01e58986a6e9ecb84ac89037a63e9a * squid-conf-tests no longer run at build time since cd3dc147bf8abc0225237ced865c6660fffcb63a Fix squid-conf-tests to allow running on target device. License change: Update year The version update eliminates the following CVEs: * CVE-2023-5824 (affected: <6.4) * CVE-2023-46724 (affected: >=3.3.0.1, <6.4) * CVE-2023-46728 (affected: <6.0.1) * CVE-2023-46846 (affected: >=2.6, <6.4) * CVE-2023-46847 (affected: >=3.2.0.1, <6.4) * CVE-2023-46848 (affected: >=5.0.3, <6.4) Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* *.patch: add Upstream-Status to all patchesMartin Jansa2023-06-213-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is new patch-status QA check in oe-core: https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a This is temporary work around just to hide _many_ warnings from optional patch-status (if you add it to WARN_QA). This just added Upstream-Status: Pending everywhere without actually investigating what's the proper status. This is just to hide current QA warnings and to catch new .patch files being added without Upstream-Status, but the number of Pending patches is now terrible: 5 (26%) meta-xfce 6 (50%) meta-perl 15 (42%) meta-webserver 21 (36%) meta-gnome 25 (57%) meta-filesystems 26 (43%) meta-initramfs 45 (45%) meta-python 47 (55%) meta-multimedia 312 (63%) meta-networking 756 (61%) meta-oe Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: Remove buildpaths from generated binariesKhem Raj2023-05-141-0/+4
| | | | | | | | | | Compiler invocation and flags are added to SQUID_CONFIGURE_OPTIONS which is added via generated autoconf.h during configure step. Since OE encodes sysroot and buildpaths for cross compile, they end up in squid binary, this patch removes from workdir from them so avoid encoding build workspace path Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: upgrade 4.15 -> 5.7Andrej Kozemcak2022-09-227-166/+27
| | | | | | | | | | | - drop included patches - refresh remaining patches - update to new ptest Licence change: update year Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* recipes: Update LICENSE variable to use SPDX license identifiersKhem Raj2022-03-041-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Convert to new override syntaxMartin Jansa2021-08-031-13/+13
| | | | | | | | | | This is the result of automated script (0.9.1) conversion: oe-core/scripts/contrib/convert-overrides.py . converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* squid: upgrade 4.14 -> 4.15Andrej Kozemcak2021-05-212-25/+2
| | | | | | | Changes are found at: http://www.squid-cache.org/Versions/v4/changesets Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: Include <limits> for using std::numeric_limitsKhem Raj2021-03-032-3/+108
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: upgrade 4.12 -> 4.13Andrej Valek2020-08-251-2/+2
| | | | | | | Changes are found at: http://www.squid-cache.org/Versions/v4/changesets Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: upgrade 4.9 -> 4.12Andreas Müller2020-06-191-3/+3
| | | | | | | | | | | | | License checksum was changed by change of copyright year Changes are found at [1-3] [1] http://www.squid-cache.org/Versions/v4/changesets/SQUID_4_12.html [2] http://www.squid-cache.org/Versions/v4/changesets/SQUID_4_11.html [3] http://www.squid-cache.org/Versions/v4/changesets/SQUID_4_10.html Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: Link with libatomic on riscvKhem Raj2020-01-281-0/+2
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: upgrade 4.6 -> 4.9Martin Balik2019-11-151-2/+2
| | | | | | Signed-off-by: Martin Balik <martin.balik@siemens.com> Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: Link with libatomic on mips/ppcKhem Raj2019-04-271-5/+4
| | | | | | The atomics are not supported as builtins on these arches Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: upgrade squid 3.5.28 -> 4.6Andrej Valek2019-04-099-605/+92
| | | | | | | | | - refresh and remove obsolete patches - add openssl and esi as package options - add missing header for std::bind implementation Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: upgrade 3.5.27 -> 3.5.28Pascal Bach2019-03-111-3/+3
| | | | | | | Copyright year has changed in COPYRIGHTS file, thus the hash change. Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: Fix build with gcc8Khem Raj2018-06-243-0/+548
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: Upgrade to 3.5.27Khem Raj2018-05-173-76/+2
| | | | | | | Drop upstreamed/backported patches Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* squid: refresh patchesArmin Kuster2018-04-1310-96/+102
| | | | | | | | | | | | | | | | | | | | | | | ARNING: Some of the context lines in patches were ignored. This can lead to incorrectly applied patches. The context lines in the patches can be updated with devtool: devtool modify <recipe> devtool finish --force-patch-refresh <recipe> <layer_path> Then the updated patches and the source tree (in devtool's workspace) should be reviewed to make sure the patches apply in the correct place and don't introduce duplicate lines (which can, and does happen when some of the context is ignored). Further information: http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.html https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450 Details: checking file configure.ac Hunk #1 succeeded at 27 with fuzz 1 (offset 8 lines). and others Signed-off-by: Armin Kuster <akuster808@gmail.com>
* squid: Fix QA errors about wrong perl interpreterKhem Raj2017-09-121-1/+4
| | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* squid: Disable format-truncation warning only with gccKhem Raj2017-09-121-0/+3
| | | | | | | | Clang does not support this option Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* squid: Add missing dependencies on openssl expat and libxml2Khem Raj2017-09-121-3/+2
| | | | | | | | | inherit classes needed for pkgconfig and perl NIS is not buildable with gold linker, disable it Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* squid: Fix build with hardeningKhem Raj2017-06-282-0/+37
| | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* squid: Upgrade to 3.5.26Khem Raj2017-06-283-2/+137
| | | | | | | | Fix build errors with gcc7 along the way Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* squid: Upgrade to 3.5.25Khem Raj2017-04-252-4/+53
| | | | | | | | | Add patch to fix throw() errors with gcc7 Update copyright year to 2017 Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* squid: Update to 3.5.23Khem Raj2017-04-251-4/+5
| | | | | | | Disable NIS on musl, it doesnt yet build Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* recipes: delete obsolete patchesOleksandr Kravchuk2017-03-161-31/+0
| | | | | | | Deleted bunch of patches which are not used anymore by any recipe. Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* Make use of the new bb.utils.filter() functionPeter Kjellerstedt2017-03-071-1/+1
| | | | | Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* squid: disable gnu atomic operations for mipselJackie Huang2016-12-141-0/+1
| | | | | | | | | | | | | | Disable GNU atomic operations for mipsel since it's not supported. Refer to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=56300: There is no hardware support for 8 bytes atomic operations on 32-bit MIPS targets. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* squid: fix ptest failureYi Zhao2016-10-201-0/+3
| | | | | | | | | | | | Fix error when run ptest on target: cp: cannot stat '/usr/bin/true': No such file or directory make: *** [Makefile:1120: squid-conf-tests] Error 1 The correct path should be /bin/true on target. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* squid: specify sysconfdir and logdirYi Zhao2016-10-203-5/+17
| | | | | | | | | | The default sysconfdir is /etc and logdir is /var/logs. Set sysconfdir and logdir when configure, replace them with /etc/squid and /var/log/squid. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* squid: don't do squid-conf-tests at build timeJackie Huang2016-09-052-0/+69
| | | | | | | | | | | | | | * squid-conf-tests is a test to run "squid -k parse -f" to perse the config files, which should not be run at build time since we are cross compiling, so remove it when compiling test-suite * Fix the directories of the conf files for squid-conf-tests so that it can run on the target and add it for ptest Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* squid: control ipv6 support based on DISTRO_FEATURESJackie Huang2016-09-051-0/+2
| | | | | | | | | Add PACKAGECONFIG for ipv6 and control it based on DISTRO_FEATURES. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* squid: add missing patch headerYi Zhao2016-09-051-0/+7
| | | | | | | | | | Add upstream-status and signed-off-by line to the patch to obey the recommendations: http://openembedded.org/wiki/Commit_Patch_Message_Guidelines#Patch_Header_Recommendations Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* meta-oe: fix indentationMartin Jansa2016-08-221-4/+4
| | | | | | | | * remove tabs which sneaked in since last cleanup * meta-oe layers are using consistent indentation with 4 spaces, see http://www.openembedded.org/wiki/Styleguide Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* squid: fix configure host contaminationYue Tao2016-08-162-0/+32
| | | | | | | | | | | | | | | | | | | | | | When configuring squid with --enable-esi option, the following error was observed: [snip] checking libxml/parser.h usability... no checking libxml/parser.h presence... no checking for libxml/parser.h... no configure: Failed to find libxml2 header file libxml/parser.h [snip] ERROR: This autoconf log indicates errors, it looked at host include and/or library paths while determining system capabilities. [snip] It tried to search libxml header file in host path. Set the SYSROOT to avoid this host contamination. Signed-off-by: Yue Tao <yue.tao@windriver.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* squid: upgrade to 3.5.20Jackie Huang2016-08-054-116/+12
| | | | | | | | | | | * Remove the blacklist since the issue is gone with new version * Remove two CVE patches which have been fixed: - CVE-2016-3947 and CVE-2016-4553 * Rebased the patch for ptest. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* squid: CVE-2016-4553Catalin Enache2016-06-012-0/+52
| | | | | | | | | | | | | | | | client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4553 Backported upstream patch: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-23 23:25:00 +0000