summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPeter Marko <peter.marko@siemens.com>2025-10-30 00:05:24 +0100
committerKhem Raj <raj.khem@gmail.com>2025-10-29 21:02:20 -0700
commitc1c5a5ade4bf565ae9d50d9ecff2d754eb0159d5 (patch)
tree385efda143382f2ce08d94718d1abcc5dea72597
parent57def3bce52707e31be10639d1d402391cfda7a7 (diff)
downloadmeta-openembedded-c1c5a5ade4bf565ae9d50d9ecff2d754eb0159d5.tar.gz
squid: upgrade 7.1 -> 7.2
Handles CVE-2025-62168. Remove CVE patch included in this release. Refresh remaining patches. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat
-rw-r--r--meta-networking/recipes-daemons/squid/files/CVE-2025-59362.patch52
-rw-r--r--meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch4
-rw-r--r--meta-networking/recipes-daemons/squid/squid_7.2.bb (renamed from meta-networking/recipes-daemons/squid/squid_7.1.bb)3
3 files changed, 3 insertions, 56 deletions
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2025-59362.patch b/meta-networking/recipes-daemons/squid/files/CVE-2025-59362.patch
deleted file mode 100644
index 26a3896625..0000000000
--- a/meta-networking/recipes-daemons/squid/files/CVE-2025-59362.patch
+++ /dev/null
@@ -1,52 +0,0 @@
1From 0d89165ee6da10e6fa50c44998b3cd16d59400e9 Mon Sep 17 00:00:00 2001
2From: Alex Rousskov <rousskov@measurement-factory.com>
3Date: Sat, 30 Aug 2025 06:49:36 +0000
4Subject: [PATCH] Fix ASN.1 encoding of long SNMP OIDs (#2149)
5
6CVE: CVE-2025-59362
7Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/0d89165ee6da10e6fa50c44998b3cd16d59400e9]
8Signed-off-by: Peter Marko <peter.marko@siemens.com>
9---
10 lib/snmplib/asn1.c | 13 +++++++++++++
11 1 file changed, 13 insertions(+)
12
13diff --git a/lib/snmplib/asn1.c b/lib/snmplib/asn1.c
14index 81f2051fb..2852c26b2 100644
15--- a/lib/snmplib/asn1.c
16+++ b/lib/snmplib/asn1.c
17@@ -735,6 +735,7 @@ asn_build_objid(u_char * data, int *datalength,
18 * lastbyte ::= 0 7bitvalue
19 */
20 u_char buf[MAX_OID_LEN];
21+ u_char *bufEnd = buf + sizeof(buf);
22 u_char *bp = buf;
23 oid *op = objid;
24 int asnlength;
25@@ -753,6 +754,10 @@ asn_build_objid(u_char * data, int *datalength,
26 while (objidlength-- > 0) {
27 subid = *op++;
28 if (subid < 127) { /* off by one? */
29+ if (bp >= bufEnd) {
30+ snmp_set_api_error(SNMPERR_ASN_ENCODE);
31+ return (NULL);
32+ }
33 *bp++ = subid;
34 } else {
35 mask = 0x7F; /* handle subid == 0 case */
36@@ -770,8 +775,16 @@ asn_build_objid(u_char * data, int *datalength,
37 /* fix a mask that got truncated above */
38 if (mask == 0x1E00000)
39 mask = 0xFE00000;
40+ if (bp >= bufEnd) {
41+ snmp_set_api_error(SNMPERR_ASN_ENCODE);
42+ return (NULL);
43+ }
44 *bp++ = (u_char) (((subid & mask) >> bits) | ASN_BIT8);
45 }
46+ if (bp >= bufEnd) {
47+ snmp_set_api_error(SNMPERR_ASN_ENCODE);
48+ return (NULL);
49+ }
50 *bp++ = (u_char) (subid & mask);
51 }
52 }
diff --git a/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch b/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch
index 8522a299c1..3aa08f84da 100644
--- a/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch
+++ b/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch
@@ -41,7 +41,7 @@ diff --git a/acinclude/lib-checks.m4 b/acinclude/lib-checks.m4
41index 9793b9a..4f2dc83 100644 41index 9793b9a..4f2dc83 100644
42--- a/acinclude/lib-checks.m4 42--- a/acinclude/lib-checks.m4
43+++ b/acinclude/lib-checks.m4 43+++ b/acinclude/lib-checks.m4
44@@ -205,7 +205,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[ 44@@ -207,7 +207,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
45 [ 45 [
46 AC_MSG_RESULT([no]) 46 AC_MSG_RESULT([no])
47 ], 47 ],
@@ -52,7 +52,7 @@ index 9793b9a..4f2dc83 100644
52 52
53 SQUID_STATE_ROLLBACK(check_const_SSL_METHOD) 53 SQUID_STATE_ROLLBACK(check_const_SSL_METHOD)
54 ]) 54 ])
55@@ -347,7 +349,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[ 55@@ -349,7 +351,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
56 ],[ 56 ],[
57 AC_MSG_RESULT([yes]) 57 AC_MSG_RESULT([yes])
58 AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1) 58 AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1)
diff --git a/meta-networking/recipes-daemons/squid/squid_7.1.bb b/meta-networking/recipes-daemons/squid/squid_7.2.bb
index bba26cc5fa..0891d2208d 100644
--- a/meta-networking/recipes-daemons/squid/squid_7.1.bb
+++ b/meta-networking/recipes-daemons/squid/squid_7.2.bb
@@ -20,10 +20,9 @@ SRC_URI = "https://github.com/squid-cache/${BPN}/releases/download/SQUID_${PV_U}
20 file://0002-squid-make-squid-conf-tests-run-on-target-device.patch \ 20 file://0002-squid-make-squid-conf-tests-run-on-target-device.patch \
21 file://0001-libltdl-remove-reference-to-nonexisting-directory.patch \ 21 file://0001-libltdl-remove-reference-to-nonexisting-directory.patch \
22 file://squid.nm \ 22 file://squid.nm \
23 file://CVE-2025-59362.patch \
24 " 23 "
25 24
26SRC_URI[sha256sum] = "763b5a78561cedc4e47634fa42b8e6b8d46c87c949a151b4e7ac2396d2f97dea" 25SRC_URI[sha256sum] = "5e077be1d83a9e696ce8d0d9e723b1273152207a091404be68a4b9a9e18c7003"
27 26
28LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ 27LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
29 file://errors/COPYRIGHT;md5=c2a0e15750d3a9743af9109fecc05622 \ 28 file://errors/COPYRIGHT;md5=c2a0e15750d3a9743af9109fecc05622 \
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-11-01 05:15:49 +0000