From c393973c8516d56d547297902ef27c02d16a54b1 Mon Sep 17 00:00:00 2001 From: Peter Marko Date: Sun, 4 Aug 2024 22:03:36 +0200 Subject: squid: Upgrade to 6.10 Solves CVE-2024-37894 Signed-off-by: Peter Marko Signed-off-by: Khem Raj --- .../squid/files/Skip-AC_RUN_IFELSE-tests.patch | 2 +- .../recipes-daemons/squid/squid_6.10.bb | 148 +++++++++++++++++++++ meta-networking/recipes-daemons/squid/squid_6.9.bb | 148 --------------------- 3 files changed, 149 insertions(+), 149 deletions(-) create mode 100644 meta-networking/recipes-daemons/squid/squid_6.10.bb delete mode 100644 meta-networking/recipes-daemons/squid/squid_6.9.bb (limited to 'meta-networking') diff --git a/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch b/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch index e0d002c68c..489850e3bd 100644 --- a/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch +++ b/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch @@ -37,7 +37,7 @@ Signed-off-by: Jackie Huang ]) --- a/acinclude/lib-checks.m4 +++ b/acinclude/lib-checks.m4 -@@ -205,7 +205,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_ +@@ -205,7 +205,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[ [ AC_MSG_RESULT([no]) ], diff --git a/meta-networking/recipes-daemons/squid/squid_6.10.bb b/meta-networking/recipes-daemons/squid/squid_6.10.bb new file mode 100644 index 0000000000..984209ad21 --- /dev/null +++ b/meta-networking/recipes-daemons/squid/squid_6.10.bb @@ -0,0 +1,148 @@ +SUMMARY = "A fully-featured http proxy and web-cache daemon for Linux" +DESCRIPTION = "A fully-featured http proxy and web-cache daemon for Linux. \ +Squid offers a rich access control, authorization and logging environment to \ +develop web proxy and content serving applications. \ +Squid offers a rich set of traffic optimization options, most of which are \ +enabled by default for simpler installation and high performance. \ +" +HOMEPAGE = "http://www.squid-cache.org" +SECTION = "web" +LICENSE = "GPL-2.0-or-later" + +MAJ_VER = "${@oe.utils.trim_version("${PV}", 1)}" +MIN_VER = "${@oe.utils.trim_version("${PV}", 2)}" + +SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.xz \ + file://Set-up-for-cross-compilation.patch \ + file://Skip-AC_RUN_IFELSE-tests.patch \ + file://squid-use-serial-tests-config-needed-by-ptest.patch \ + file://run-ptest \ + file://volatiles.03_squid \ + file://0002-squid-make-squid-conf-tests-run-on-target-device.patch \ + file://squid.nm \ + " + +SRC_URI[sha256sum] = "0b07b187e723f04770dd25beb89aec12030a158696aa8892d87c8b26853408a7" + +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://errors/COPYRIGHT;md5=d324bc1f9447d1d1588d75b22a678dc4 \ + " +DEPENDS = "libtool" + +inherit autotools pkgconfig useradd ptest perlnative systemd + +LDFLAGS:append:mipsarch = " -latomic" +LDFLAGS:append:powerpc = " -latomic" +LDFLAGS:append:riscv64 = " -latomic" +LDFLAGS:append:riscv32 = " -latomic" + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM:${PN} = "--system --no-create-home --home-dir /var/run/squid --shell /bin/false --user-group squid" + +PACKAGECONFIG ??= "auth url-rewrite-helpers \ + ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ + ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ +" + +PACKAGECONFIG[libnetfilter-conntrack] = "--with-netfilter-conntrack=${includedir}, --without-netfilter-conntrack, libnetfilter-conntrack" +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," +PACKAGECONFIG[werror] = "--enable-strict-error-checking,--disable-strict-error-checking," +PACKAGECONFIG[esi] = "--enable-esi,--disable-esi,expat libxml2" +PACKAGECONFIG[ssl] = "--with-openssl=yes,--with-openssl=no,openssl" +PACKAGECONFIG[auth] = "--enable-auth-basic='${BASIC_AUTH}',--disable-auth --disable-auth-basic,krb5 openldap db cyrus-sasl" +PACKAGECONFIG[url-rewrite-helpers] = "--enable-url-rewrite-helpers,--disable-url-rewrite-helpers," +PACKAGECONFIG[systemd] = "--with-systemd,--without-systemd,systemd" + +PACKAGES =+ " \ + ${PN}-conf \ + ${PN}-networkmanager \ +" + +BASIC_AUTH = "DB SASL LDAP" + +DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" +BASIC_AUTH += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'PAM', '', d)}" + +EXTRA_OECONF += "--with-default-user=squid \ + --sysconfdir=${sysconfdir}/${BPN} \ + --with-logdir=${localstatedir}/log/${BPN} \ + 'PERL=${USRBINPATH}/env perl'" + +# Workaround a build failure when using a native compiler that need -std=c++17 +# with a cross-compiler that doesn't. +# Upstream issue closed as invalid : https://bugs.squid-cache.org/show_bug.cgi?id=5376 +BUILD_CXXFLAGS += "-std=c++17" + +export BUILDCXXFLAGS="${BUILD_CXXFLAGS}" + +TESTDIR = "test-suite" + +do_configure:prepend() { + export SYSROOT=$PKG_CONFIG_SYSROOT_DIR +} + +do_configure:append() { + sed -i -e 's|${WORKDIR}||g' ${B}/include/autoconf.h +} + +do_compile_ptest() { + oe_runmake -C ${TESTDIR} buildtest-TESTS +} + +do_install_ptest() { + cp -rf ${B}/${TESTDIR} ${D}${PTEST_PATH} + cp -rf ${S}/${TESTDIR} ${D}${PTEST_PATH} + + # Install default config + install -d ${D}${PTEST_PATH}/src + install -m 0644 ${B}/src/squid.conf.default ${D}${PTEST_PATH}/src + + # autoconf.h is needed during squid-conf-tests + install -d ${D}${PTEST_PATH}/include + install -m 0644 ${B}/include/autoconf.h ${D}${PTEST_PATH}/include + + # do NOT need to rebuild Makefile itself + sed -i 's/^Makefile:.*$/Makefile:/' ${D}${PTEST_PATH}/${TESTDIR}/Makefile + + # Ensure the path for command true is correct + sed -i 's:^TRUE = .*$:TRUE = /bin/true:' ${D}${PTEST_PATH}/${TESTDIR}/Makefile +} + +do_install:append() { + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + # Install service unit file + install -d ${D}/${systemd_unitdir}/system + install ${S}/tools/systemd/squid.service ${D}/${systemd_unitdir}/system + sed -i 's:/var/run/:/run/:g' ${D}/${systemd_unitdir}/system/squid.service + + # Configure tmpfiles.d + install -d ${D}${sysconfdir}/tmpfiles.d + echo "d ${localstatedir}/run/${BPN} 0755 squid squid -" >> ${D}${sysconfdir}/tmpfiles.d/${BPN}.conf + echo "d ${localstatedir}/log/${BPN} 0750 squid squid -" >> ${D}${sysconfdir}/tmpfiles.d/${BPN}.conf + fi + + install -d ${D}${sysconfdir}/default/volatiles + install -m 0644 ${UNPACKDIR}/volatiles.03_squid ${D}${sysconfdir}/default/volatiles/03_squid + + rmdir "${D}${localstatedir}/run/${BPN}" + rmdir --ignore-fail-on-non-empty "${D}${localstatedir}/run" + + rmdir "${D}${localstatedir}/log/${BPN}" + rmdir --ignore-fail-on-non-empty "${D}${localstatedir}/log" + + # Install NetworkManager dispatcher reload hooks + install -d ${D}${libdir}/NetworkManager/dispatcher.d + install -m 0755 ${UNPACKDIR}/squid.nm ${D}${libdir}/NetworkManager/dispatcher.d/20-squid +} + +SYSTEMD_AUTO_ENABLE = "disable" +SYSTEMD_SERVICE:${PN} = "squid.service" + +FILES:${PN} += "${libdir} ${datadir}/errors ${datadir}/icons" +FILES:${PN}-dbg += "/usr/src/debug" +FILES:${PN}-doc += "${datadir}/*.txt" +FILES:${PN}-conf += "${sysconfdir}/squid" +FILES:${PN}-networkmanager = "${libdir}/NetworkManager/dispatcher.d" + +RDEPENDS:${PN} += "perl ${PN}-conf" +RDEPENDS:${PN}-ptest += "perl make bash" diff --git a/meta-networking/recipes-daemons/squid/squid_6.9.bb b/meta-networking/recipes-daemons/squid/squid_6.9.bb deleted file mode 100644 index f670a776eb..0000000000 --- a/meta-networking/recipes-daemons/squid/squid_6.9.bb +++ /dev/null @@ -1,148 +0,0 @@ -SUMMARY = "A fully-featured http proxy and web-cache daemon for Linux" -DESCRIPTION = "A fully-featured http proxy and web-cache daemon for Linux. \ -Squid offers a rich access control, authorization and logging environment to \ -develop web proxy and content serving applications. \ -Squid offers a rich set of traffic optimization options, most of which are \ -enabled by default for simpler installation and high performance. \ -" -HOMEPAGE = "http://www.squid-cache.org" -SECTION = "web" -LICENSE = "GPL-2.0-or-later" - -MAJ_VER = "${@oe.utils.trim_version("${PV}", 1)}" -MIN_VER = "${@oe.utils.trim_version("${PV}", 2)}" - -SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.xz \ - file://Set-up-for-cross-compilation.patch \ - file://Skip-AC_RUN_IFELSE-tests.patch \ - file://squid-use-serial-tests-config-needed-by-ptest.patch \ - file://run-ptest \ - file://volatiles.03_squid \ - file://0002-squid-make-squid-conf-tests-run-on-target-device.patch \ - file://squid.nm \ - " - -SRC_URI[sha256sum] = "1ad72d46e1cb556e9561214f0fb181adb87c7c47927ef69bc8acd68a03f61882" - -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://errors/COPYRIGHT;md5=d324bc1f9447d1d1588d75b22a678dc4 \ - " -DEPENDS = "libtool" - -inherit autotools pkgconfig useradd ptest perlnative systemd - -LDFLAGS:append:mipsarch = " -latomic" -LDFLAGS:append:powerpc = " -latomic" -LDFLAGS:append:riscv64 = " -latomic" -LDFLAGS:append:riscv32 = " -latomic" - -USERADD_PACKAGES = "${PN}" -USERADD_PARAM:${PN} = "--system --no-create-home --home-dir /var/run/squid --shell /bin/false --user-group squid" - -PACKAGECONFIG ??= "auth url-rewrite-helpers \ - ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ - ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ -" - -PACKAGECONFIG[libnetfilter-conntrack] = "--with-netfilter-conntrack=${includedir}, --without-netfilter-conntrack, libnetfilter-conntrack" -PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," -PACKAGECONFIG[werror] = "--enable-strict-error-checking,--disable-strict-error-checking," -PACKAGECONFIG[esi] = "--enable-esi,--disable-esi,expat libxml2" -PACKAGECONFIG[ssl] = "--with-openssl=yes,--with-openssl=no,openssl" -PACKAGECONFIG[auth] = "--enable-auth-basic='${BASIC_AUTH}',--disable-auth --disable-auth-basic,krb5 openldap db cyrus-sasl" -PACKAGECONFIG[url-rewrite-helpers] = "--enable-url-rewrite-helpers,--disable-url-rewrite-helpers," -PACKAGECONFIG[systemd] = "--with-systemd,--without-systemd,systemd" - -PACKAGES =+ " \ - ${PN}-conf \ - ${PN}-networkmanager \ -" - -BASIC_AUTH = "DB SASL LDAP" - -DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" -BASIC_AUTH += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'PAM', '', d)}" - -EXTRA_OECONF += "--with-default-user=squid \ - --sysconfdir=${sysconfdir}/${BPN} \ - --with-logdir=${localstatedir}/log/${BPN} \ - 'PERL=${USRBINPATH}/env perl'" - -# Workaround a build failure when using a native compiler that need -std=c++17 -# with a cross-compiler that doesn't. -# Upstream issue closed as invalid : https://bugs.squid-cache.org/show_bug.cgi?id=5376 -BUILD_CXXFLAGS += "-std=c++17" - -export BUILDCXXFLAGS="${BUILD_CXXFLAGS}" - -TESTDIR = "test-suite" - -do_configure:prepend() { - export SYSROOT=$PKG_CONFIG_SYSROOT_DIR -} - -do_configure:append() { - sed -i -e 's|${WORKDIR}||g' ${B}/include/autoconf.h -} - -do_compile_ptest() { - oe_runmake -C ${TESTDIR} buildtest-TESTS -} - -do_install_ptest() { - cp -rf ${B}/${TESTDIR} ${D}${PTEST_PATH} - cp -rf ${S}/${TESTDIR} ${D}${PTEST_PATH} - - # Install default config - install -d ${D}${PTEST_PATH}/src - install -m 0644 ${B}/src/squid.conf.default ${D}${PTEST_PATH}/src - - # autoconf.h is needed during squid-conf-tests - install -d ${D}${PTEST_PATH}/include - install -m 0644 ${B}/include/autoconf.h ${D}${PTEST_PATH}/include - - # do NOT need to rebuild Makefile itself - sed -i 's/^Makefile:.*$/Makefile:/' ${D}${PTEST_PATH}/${TESTDIR}/Makefile - - # Ensure the path for command true is correct - sed -i 's:^TRUE = .*$:TRUE = /bin/true:' ${D}${PTEST_PATH}/${TESTDIR}/Makefile -} - -do_install:append() { - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - # Install service unit file - install -d ${D}/${systemd_unitdir}/system - install ${S}/tools/systemd/squid.service ${D}/${systemd_unitdir}/system - sed -i 's:/var/run/:/run/:g' ${D}/${systemd_unitdir}/system/squid.service - - # Configure tmpfiles.d - install -d ${D}${sysconfdir}/tmpfiles.d - echo "d ${localstatedir}/run/${BPN} 0755 squid squid -" >> ${D}${sysconfdir}/tmpfiles.d/${BPN}.conf - echo "d ${localstatedir}/log/${BPN} 0750 squid squid -" >> ${D}${sysconfdir}/tmpfiles.d/${BPN}.conf - fi - - install -d ${D}${sysconfdir}/default/volatiles - install -m 0644 ${UNPACKDIR}/volatiles.03_squid ${D}${sysconfdir}/default/volatiles/03_squid - - rmdir "${D}${localstatedir}/run/${BPN}" - rmdir --ignore-fail-on-non-empty "${D}${localstatedir}/run" - - rmdir "${D}${localstatedir}/log/${BPN}" - rmdir --ignore-fail-on-non-empty "${D}${localstatedir}/log" - - # Install NetworkManager dispatcher reload hooks - install -d ${D}${libdir}/NetworkManager/dispatcher.d - install -m 0755 ${UNPACKDIR}/squid.nm ${D}${libdir}/NetworkManager/dispatcher.d/20-squid -} - -SYSTEMD_AUTO_ENABLE = "disable" -SYSTEMD_SERVICE:${PN} = "squid.service" - -FILES:${PN} += "${libdir} ${datadir}/errors ${datadir}/icons" -FILES:${PN}-dbg += "/usr/src/debug" -FILES:${PN}-doc += "${datadir}/*.txt" -FILES:${PN}-conf += "${sysconfdir}/squid" -FILES:${PN}-networkmanager = "${libdir}/NetworkManager/dispatcher.d" - -RDEPENDS:${PN} += "perl ${PN}-conf" -RDEPENDS:${PN}-ptest += "perl make bash" -- cgit v1.2.3-54-g00ecf