diff options
| author | Andrej Valek <andrej.valek@siemens.com> | 2019-04-09 10:46:21 +0200 |
|---|---|---|
| committer | Khem Raj <raj.khem@gmail.com> | 2019-04-09 21:31:36 -0700 |
| commit | d219ba7a28e0f906df7ff5de20d8185fce31ed67 (patch) | |
| tree | 1e3dfe045273a1da88dbb5f48c3a9be75966a298 /meta-networking/recipes-daemons | |
| parent | 4bc2badedb34da3bb5d1fda2c513c0a04ee83ffa (diff) | |
| download | meta-openembedded-d219ba7a28e0f906df7ff5de20d8185fce31ed67.tar.gz | |
squid: upgrade squid 3.5.28 -> 4.6
- refresh and remove obsolete patches
- add openssl and esi as package options
- add missing header for std::bind implementation
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-networking/recipes-daemons')
9 files changed, 92 insertions, 605 deletions
diff --git a/meta-networking/recipes-daemons/squid/files/0001-Bug-4843-pt1-ext_edirectory_userip_acl-refactoring-f.patch b/meta-networking/recipes-daemons/squid/files/0001-Bug-4843-pt1-ext_edirectory_userip_acl-refactoring-f.patch deleted file mode 100644 index 001d9e906..000000000 --- a/meta-networking/recipes-daemons/squid/files/0001-Bug-4843-pt1-ext_edirectory_userip_acl-refactoring-f.patch +++ /dev/null | |||
| @@ -1,506 +0,0 @@ | |||
| 1 | From 01a44c96dbd04936e9cb2501745a834a0b09d504 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Amos Jeffries <yadij@users.noreply.github.com> | ||
| 3 | Date: Sun, 13 May 2018 06:57:41 +0000 | ||
| 4 | Subject: [PATCH] Bug 4843 pt1: ext_edirectory_userip_acl refactoring for GCC-8 | ||
| 5 | (#204) | ||
| 6 | |||
| 7 | Proposed changes to this helper to fix strcat / strncat buffer | ||
| 8 | overread / overflow issues. | ||
| 9 | |||
| 10 | The approach takes three parts: | ||
| 11 | |||
| 12 | * adds a makeHexString function to replace many for-loops | ||
| 13 | catenating bits of strings together with hex conversion into a | ||
| 14 | second buffer. Replacing with a snprintf() and buffer overflow | ||
| 15 | handling. | ||
| 16 | |||
| 17 | * a copy of Ip::Address::lookupHostIp to convert the input | ||
| 18 | string into IP address binary format, then generate the hex | ||
| 19 | string using the above new hex function instead of looped | ||
| 20 | sub-string concatenations across several buffers. | ||
| 21 | This removes all the "00" and "0000" strncat() calls and | ||
| 22 | allows far simpler code even with added buffer overflow | ||
| 23 | handling. | ||
| 24 | |||
| 25 | * replace multiple string part concatenations with a few simpler | ||
| 26 | calls to snprintf() for all the search_ip buffer constructions. | ||
| 27 | Adding buffer overflow handling as needed for the new calls. | ||
| 28 | --- | ||
| 29 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
| 30 | Upstream-Status: Backport | ||
| 31 | |||
| 32 | .../ext_edirectory_userip_acl.cc | 376 ++++++------------ | ||
| 33 | 1 file changed, 120 insertions(+), 256 deletions(-) | ||
| 34 | |||
| 35 | diff --git a/helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.cc b/helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.cc | ||
| 36 | index 63609e4..ad16bfd 100644 | ||
| 37 | --- a/helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.cc | ||
| 38 | +++ b/helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.cc | ||
| 39 | @@ -67,6 +67,9 @@ | ||
| 40 | #ifdef HAVE_LDAP_H | ||
| 41 | #include <ldap.h> | ||
| 42 | #endif | ||
| 43 | +#ifdef HAVE_NETDB_H | ||
| 44 | +#include <netdb.h> | ||
| 45 | +#endif | ||
| 46 | |||
| 47 | #ifdef HELPER_INPUT_BUFFER | ||
| 48 | #define EDUI_MAXLEN HELPER_INPUT_BUFFER | ||
| 49 | @@ -714,11 +717,14 @@ BindLDAP(edui_ldap_t *l, char *dn, char *pw, unsigned int t) | ||
| 50 | |||
| 51 | /* Copy details - dn and pw CAN be NULL for anonymous and/or TLS */ | ||
| 52 | if (dn != NULL) { | ||
| 53 | + if (strlen(dn) >= sizeof(l->dn)) | ||
| 54 | + return LDAP_ERR_OOB; /* DN too large */ | ||
| 55 | + | ||
| 56 | if ((l->basedn[0] != '\0') && (strstr(dn, l->basedn) == NULL)) { | ||
| 57 | /* We got a basedn, but it's not part of dn */ | ||
| 58 | - xstrncpy(l->dn, dn, sizeof(l->dn)); | ||
| 59 | - strncat(l->dn, ",", 1); | ||
| 60 | - strncat(l->dn, l->basedn, strlen(l->basedn)); | ||
| 61 | + const int x = snprintf(l->dn, sizeof(l->dn)-1, "%s,%s", dn, l->basedn); | ||
| 62 | + if (x < 0 || static_cast<size_t>(x) >= sizeof(l->dn)) | ||
| 63 | + return LDAP_ERR_OOB; /* DN too large */ | ||
| 64 | } else | ||
| 65 | xstrncpy(l->dn, dn, sizeof(l->dn)); | ||
| 66 | } | ||
| 67 | @@ -778,24 +784,73 @@ BindLDAP(edui_ldap_t *l, char *dn, char *pw, unsigned int t) | ||
| 68 | } | ||
| 69 | } | ||
| 70 | |||
| 71 | +// XXX: duplicate (partial) of Ip::Address::lookupHostIp | ||
| 72 | +/** | ||
| 73 | + * Convert the IP address string representation in src to | ||
| 74 | + * its binary representation. | ||
| 75 | + * | ||
| 76 | + * \return binary representation of the src IP address. | ||
| 77 | + * Must be free'd using freeaddrinfo(). | ||
| 78 | + */ | ||
| 79 | +static struct addrinfo * | ||
| 80 | +makeIpBinary(const char *src) | ||
| 81 | +{ | ||
| 82 | + struct addrinfo want; | ||
| 83 | + memset(&want, 0, sizeof(want)); | ||
| 84 | + want.ai_flags = AI_NUMERICHOST; // prevent actual DNS lookups! | ||
| 85 | + | ||
| 86 | + struct addrinfo *dst = nullptr; | ||
| 87 | + if (getaddrinfo(src, nullptr, &want, &dst) != 0) { | ||
| 88 | + // not an IP address | ||
| 89 | + /* free any memory getaddrinfo() dynamically allocated. */ | ||
| 90 | + if (dst) | ||
| 91 | + freeaddrinfo(dst); | ||
| 92 | + return nullptr; | ||
| 93 | + } | ||
| 94 | + | ||
| 95 | + return dst; | ||
| 96 | +} | ||
| 97 | + | ||
| 98 | +/** | ||
| 99 | + * Convert srcLen bytes from src into HEX and store into dst, which | ||
| 100 | + * has a maximum content size of dstSize including c-string terminator. | ||
| 101 | + * The dst value produced will be a 0-terminated c-string. | ||
| 102 | + * | ||
| 103 | + * \retval N length of dst written (excluding c-string terminator) | ||
| 104 | + * \retval -11 (LDAP_ERR_OOB) buffer overflow detected | ||
| 105 | + */ | ||
| 106 | +static int | ||
| 107 | +makeHexString(char *dst, const int dstSize, const char *src, const int srcLen) | ||
| 108 | +{ | ||
| 109 | + // HEX encoding doubles the amount of bytes/octets copied | ||
| 110 | + if ((srcLen*2) >= dstSize) | ||
| 111 | + return LDAP_ERR_OOB; // cannot copy that many | ||
| 112 | + | ||
| 113 | + *dst = 0; | ||
| 114 | + | ||
| 115 | + for (int k = 0; k < srcLen; ++k) { | ||
| 116 | + int c = static_cast<int>(src[k]); | ||
| 117 | + if (c < 0) | ||
| 118 | + c = c + 256; | ||
| 119 | + char hexc[4]; | ||
| 120 | + const int hlen = snprintf(hexc, sizeof(hexc), "%02X", c); | ||
| 121 | + if (hlen < 0 || static_cast<size_t>(hlen) > sizeof(hexc)) // should be impossible | ||
| 122 | + return LDAP_ERR_OOB; | ||
| 123 | + strcat(dst, hexc); | ||
| 124 | + } | ||
| 125 | + return strlen(dst); | ||
| 126 | +} | ||
| 127 | + | ||
| 128 | /* | ||
| 129 | * ConvertIP() - <edui_ldap_t> <ip> | ||
| 130 | * | ||
| 131 | * Take an IPv4 address in dot-decimal or IPv6 notation, and convert to 2-digit HEX stored in l->search_ip | ||
| 132 | * This is the networkAddress that we search LDAP for. | ||
| 133 | - * | ||
| 134 | - * PENDING -- CHANGE OVER TO inet*_pton, but inet6_pton does not provide the correct syntax | ||
| 135 | - * | ||
| 136 | */ | ||
| 137 | static int | ||
| 138 | ConvertIP(edui_ldap_t *l, char *ip) | ||
| 139 | { | ||
| 140 | - char bufa[EDUI_MAXLEN], bufb[EDUI_MAXLEN], obj[EDUI_MAXLEN]; | ||
| 141 | - char hexc[4], *p; | ||
| 142 | void *y, *z; | ||
| 143 | - size_t s; | ||
| 144 | - long x; | ||
| 145 | - int i, j, t, swi; /* IPv6 "::" cut over toggle */ | ||
| 146 | if (l == NULL) return LDAP_ERR_NULL; | ||
| 147 | if (ip == NULL) return LDAP_ERR_PARAM; | ||
| 148 | if (!(l->status & LDAP_INIT_S)) return LDAP_ERR_INIT; /* Not initalized */ | ||
| 149 | @@ -831,183 +886,22 @@ ConvertIP(edui_ldap_t *l, char *ip) | ||
| 150 | l->status |= (LDAP_IPV4_S); | ||
| 151 | z = NULL; | ||
| 152 | } | ||
| 153 | - s = strlen(ip); | ||
| 154 | - *(bufa) = '\0'; | ||
| 155 | - *(bufb) = '\0'; | ||
| 156 | - *(obj) = '\0'; | ||
| 157 | - /* StringSplit() will zero out bufa & obj at each call */ | ||
| 158 | - memset(l->search_ip, '\0', sizeof(l->search_ip)); | ||
| 159 | - xstrncpy(bufa, ip, sizeof(bufa)); /* To avoid segfaults, use bufa instead of ip */ | ||
| 160 | - swi = 0; | ||
| 161 | - if (l->status & LDAP_IPV6_S) { | ||
| 162 | - /* Search for :: in string */ | ||
| 163 | - if ((bufa[0] == ':') && (bufa[1] == ':')) { | ||
| 164 | - /* bufa starts with a ::, so just copy and clear */ | ||
| 165 | - xstrncpy(bufb, bufa, sizeof(bufb)); | ||
| 166 | - *(bufa) = '\0'; | ||
| 167 | - ++swi; /* Indicates that there is a bufb */ | ||
| 168 | - } else if ((bufa[0] == ':') && (bufa[1] != ':')) { | ||
| 169 | - /* bufa starts with a :, a typo so just fill in a ':', cat and clear */ | ||
| 170 | - bufb[0] = ':'; | ||
| 171 | - strncat(bufb, bufa, strlen(bufa)); | ||
| 172 | - *(bufa) = '\0'; | ||
| 173 | - ++swi; /* Indicates that there is a bufb */ | ||
| 174 | - } else { | ||
| 175 | - p = strstr(bufa, "::"); | ||
| 176 | - if (p != NULL) { | ||
| 177 | - /* Found it, break bufa down and split into bufb here */ | ||
| 178 | - *(bufb) = '\0'; | ||
| 179 | - i = strlen(p); | ||
| 180 | - memcpy(bufb, p, i); | ||
| 181 | - *p = '\0'; | ||
| 182 | - bufb[i] = '\0'; | ||
| 183 | - ++swi; /* Indicates that there is a bufb */ | ||
| 184 | - } | ||
| 185 | - } | ||
| 186 | - } | ||
| 187 | - s = strlen(bufa); | ||
| 188 | - if (s < 1) | ||
| 189 | - s = strlen(bufb); | ||
| 190 | - while (s > 0) { | ||
| 191 | - if ((l->status & LDAP_IPV4_S) && (swi == 0)) { | ||
| 192 | - /* Break down IPv4 address */ | ||
| 193 | - t = StringSplit(bufa, '.', obj, sizeof(obj)); | ||
| 194 | - if (t > 0) { | ||
| 195 | - errno = 0; | ||
| 196 | - x = strtol(obj, (char **)NULL, 10); | ||
| 197 | - if (((x < 0) || (x > 255)) || ((errno != 0) && (x == 0)) || ((obj[0] != '0') && (x == 0))) | ||
| 198 | - return LDAP_ERR_OOB; /* Out of bounds -- Invalid address */ | ||
| 199 | - memset(hexc, '\0', sizeof(hexc)); | ||
| 200 | - int hlen = snprintf(hexc, sizeof(hexc), "%02X", (int)x); | ||
| 201 | - strncat(l->search_ip, hexc, hlen); | ||
| 202 | - } else | ||
| 203 | - break; /* reached end of octet */ | ||
| 204 | - } else if (l->status & LDAP_IPV6_S) { | ||
| 205 | - /* Break down IPv6 address */ | ||
| 206 | - if (swi > 1) | ||
| 207 | - t = StringSplit(bufb, ':', obj, sizeof(obj)); /* After "::" */ | ||
| 208 | - else | ||
| 209 | - t = StringSplit(bufa, ':', obj, sizeof(obj)); /* Before "::" */ | ||
| 210 | - /* Convert octet by size (t) - and fill 0's */ | ||
| 211 | - switch (t) { /* IPv6 is already in HEX, copy contents */ | ||
| 212 | - case 4: | ||
| 213 | - hexc[0] = (char) toupper((int)obj[0]); | ||
| 214 | - i = (int)hexc[0]; | ||
| 215 | - if (!isxdigit(i)) | ||
| 216 | - return LDAP_ERR_OOB; /* Out of bounds */ | ||
| 217 | - hexc[1] = (char) toupper((int)obj[1]); | ||
| 218 | - i = (int)hexc[1]; | ||
| 219 | - if (!isxdigit(i)) | ||
| 220 | - return LDAP_ERR_OOB; /* Out of bounds */ | ||
| 221 | - hexc[2] = '\0'; | ||
| 222 | - strncat(l->search_ip, hexc, 2); | ||
| 223 | - hexc[0] = (char) toupper((int)obj[2]); | ||
| 224 | - i = (int)hexc[0]; | ||
| 225 | - if (!isxdigit(i)) | ||
| 226 | - return LDAP_ERR_OOB; /* Out of bounds */ | ||
| 227 | - hexc[1] = (char) toupper((int)obj[3]); | ||
| 228 | - i = (int)hexc[1]; | ||
| 229 | - if (!isxdigit(i)) | ||
| 230 | - return LDAP_ERR_OOB; /* Out of bounds */ | ||
| 231 | - hexc[2] = '\0'; | ||
| 232 | - strncat(l->search_ip, hexc, 2); | ||
| 233 | - break; | ||
| 234 | - case 3: | ||
| 235 | - hexc[0] = '0'; | ||
| 236 | - hexc[1] = (char) toupper((int)obj[0]); | ||
| 237 | - i = (int)hexc[1]; | ||
| 238 | - if (!isxdigit(i)) | ||
| 239 | - return LDAP_ERR_OOB; /* Out of bounds */ | ||
| 240 | - hexc[2] = '\0'; | ||
| 241 | - strncat(l->search_ip, hexc, 2); | ||
| 242 | - hexc[0] = (char) toupper((int)obj[1]); | ||
| 243 | - i = (int)hexc[0]; | ||
| 244 | - if (!isxdigit(i)) | ||
| 245 | - return LDAP_ERR_OOB; /* Out of bounds */ | ||
| 246 | - hexc[1] = (char) toupper((int)obj[2]); | ||
| 247 | - i = (int)hexc[1]; | ||
| 248 | - if (!isxdigit(i)) | ||
| 249 | - return LDAP_ERR_OOB; /* Out of bounds */ | ||
| 250 | - hexc[2] = '\0'; | ||
| 251 | - strncat(l->search_ip, hexc, 2); | ||
| 252 | - break; | ||
| 253 | - case 2: | ||
| 254 | - strncat(l->search_ip, "00", 2); | ||
| 255 | - hexc[0] = (char) toupper((int)obj[0]); | ||
| 256 | - i = (int)hexc[0]; | ||
| 257 | - if (!isxdigit(i)) | ||
| 258 | - return LDAP_ERR_OOB; /* Out of bounds */ | ||
| 259 | - hexc[1] = (char) toupper((int)obj[1]); | ||
| 260 | - i = (int)hexc[1]; | ||
| 261 | - if (!isxdigit(i)) | ||
| 262 | - return LDAP_ERR_OOB; /* Out of bounds */ | ||
| 263 | - hexc[2] = '\0'; | ||
| 264 | - strncat(l->search_ip, hexc, 2); | ||
| 265 | - break; | ||
| 266 | - case 1: | ||
| 267 | - strncat(l->search_ip, "00", 2); | ||
| 268 | - hexc[0] = '0'; | ||
| 269 | - hexc[1] = (char) toupper((int)obj[0]); | ||
| 270 | - i = (int)hexc[1]; | ||
| 271 | - if (!isxdigit(i)) | ||
| 272 | - return LDAP_ERR_OOB; /* Out of bounds */ | ||
| 273 | - hexc[2] = '\0'; | ||
| 274 | - strncat(l->search_ip, hexc, 2); | ||
| 275 | - break; | ||
| 276 | - default: | ||
| 277 | - if (t > 4) | ||
| 278 | - return LDAP_ERR_OOB; | ||
| 279 | - break; | ||
| 280 | - } | ||
| 281 | - /* Code to pad the address with 0's between a '::' */ | ||
| 282 | - if ((strlen(bufa) == 0) && (swi == 1)) { | ||
| 283 | - /* We are *AT* the split, pad in some 0000 */ | ||
| 284 | - t = strlen(bufb); | ||
| 285 | - /* How many ':' exist in bufb ? */ | ||
| 286 | - j = 0; | ||
| 287 | - for (i = 0; i < t; ++i) { | ||
| 288 | - if (bufb[i] == ':') | ||
| 289 | - ++j; | ||
| 290 | - } | ||
| 291 | - --j; /* Preceding "::" doesn't count */ | ||
| 292 | - t = 8 - (strlen(l->search_ip) / 4) - j; /* Remainder */ | ||
| 293 | - if (t > 0) { | ||
| 294 | - for (i = 0; i < t; ++i) | ||
| 295 | - strncat(l->search_ip, "0000", 4); | ||
| 296 | - } | ||
| 297 | - } | ||
| 298 | - } | ||
| 299 | - if ((bufa[0] == '\0') && (swi > 0)) { | ||
| 300 | - s = strlen(bufb); | ||
| 301 | - ++swi; | ||
| 302 | - } else | ||
| 303 | - s = strlen(bufa); | ||
| 304 | - } | ||
| 305 | - s = strlen(l->search_ip); | ||
| 306 | |||
| 307 | - /* CHECK sizes of address, truncate or pad */ | ||
| 308 | - /* if "::" is at end of ip, then pad another block or two */ | ||
| 309 | - while ((l->status & LDAP_IPV6_S) && (s < 32)) { | ||
| 310 | - strncat(l->search_ip, "0000", 4); | ||
| 311 | - s = strlen(l->search_ip); | ||
| 312 | - } | ||
| 313 | - if ((l->status & LDAP_IPV6_S) && (s > 32)) { | ||
| 314 | - /* Too long, truncate */ | ||
| 315 | - l->search_ip[32] = '\0'; | ||
| 316 | - s = strlen(l->search_ip); | ||
| 317 | - } | ||
| 318 | - /* If at end of ip, and its not long enough, then pad another block or two */ | ||
| 319 | - while ((l->status & LDAP_IPV4_S) && (s < 8)) { | ||
| 320 | - strncat(l->search_ip, "00", 2); | ||
| 321 | - s = strlen(l->search_ip); | ||
| 322 | - } | ||
| 323 | - if ((l->status & LDAP_IPV4_S) && (s > 8)) { | ||
| 324 | - /* Too long, truncate */ | ||
| 325 | - l->search_ip[8] = '\0'; | ||
| 326 | - s = strlen(l->search_ip); | ||
| 327 | + size_t s = LDAP_ERR_INVALID; | ||
| 328 | + if (struct addrinfo *dst = makeIpBinary(ip)) { | ||
| 329 | + if (dst->ai_family == AF_INET6) { | ||
| 330 | + struct sockaddr_in6 *sia = reinterpret_cast<struct sockaddr_in6 *>(dst->ai_addr); | ||
| 331 | + const char *ia = reinterpret_cast<const char *>(sia->sin6_addr.s6_addr); | ||
| 332 | + s = makeHexString(l->search_ip, sizeof(l->search_ip), ia, 16); // IPv6 = 16-byte address | ||
| 333 | + | ||
| 334 | + } else if (dst->ai_family == AF_INET) { | ||
| 335 | + struct sockaddr_in *sia = reinterpret_cast<struct sockaddr_in *>(dst->ai_addr); | ||
| 336 | + const char *ia = reinterpret_cast<const char *>(&(sia->sin_addr)); | ||
| 337 | + s = makeHexString(l->search_ip, sizeof(l->search_ip), ia, 4); // IPv4 = 4-byte address | ||
| 338 | + } // else leave s with LDAP_ERR_INVALID value | ||
| 339 | + freeaddrinfo(dst); | ||
| 340 | } | ||
| 341 | |||
| 342 | - /* Completed, s is length of address in HEX */ | ||
| 343 | return s; | ||
| 344 | } | ||
| 345 | |||
| 346 | @@ -1099,48 +993,42 @@ SearchFilterLDAP(edui_ldap_t *l, char *group) | ||
| 347 | } | ||
| 348 | if (group == NULL) { | ||
| 349 | /* No groupMembership= to add, yay! */ | ||
| 350 | - xstrncpy(bufa, "(&", sizeof(bufa)); | ||
| 351 | - strncat(bufa, edui_conf.search_filter, strlen(edui_conf.search_filter)); | ||
| 352 | /* networkAddress */ | ||
| 353 | - snprintf(bufb, sizeof(bufb), "(|(networkAddress=1\\23%s)", bufc); | ||
| 354 | if (l->status & LDAP_IPV4_S) { | ||
| 355 | - int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=8\\23\\00\\00%s)(networkAddress=9\\23\\00\\00%s))", \ | ||
| 356 | - bufc, bufc); | ||
| 357 | - strncat(bufb, bufd, ln); | ||
| 358 | + const int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=8\\23\\00\\00%s)(networkAddress=9\\23\\00\\00%s)", bufc, bufc); | ||
| 359 | + if (ln < 0 || static_cast<size_t>(ln) >= sizeof(bufd)) | ||
| 360 | + return LDAP_ERR_OOB; | ||
| 361 | + | ||
| 362 | } else if (l->status & LDAP_IPV6_S) { | ||
| 363 | - int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=10\\23\\00\\00%s)(networkAddress=11\\23\\00\\00%s))", \ | ||
| 364 | - bufc, bufc); | ||
| 365 | - strncat(bufb, bufd, ln); | ||
| 366 | - } else | ||
| 367 | - strncat(bufb, ")", 1); | ||
| 368 | - strncat(bufa, bufb, strlen(bufb)); | ||
| 369 | - strncat(bufa, ")", 1); | ||
| 370 | + const int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=10\\23\\00\\00%s)(networkAddress=11\\23\\00\\00%s)", bufc, bufc); | ||
| 371 | + if (ln < 0 || static_cast<size_t>(ln) >= sizeof(bufd)) | ||
| 372 | + return LDAP_ERR_OOB; | ||
| 373 | + } | ||
| 374 | + const int x = snprintf(bufa, sizeof(bufa), "(&%s(|(networkAddress=1\\23%s)%s))", edui_conf.search_filter, bufc, bufd); | ||
| 375 | + if (x < 0 || static_cast<size_t>(x) >= sizeof(bufa)) | ||
| 376 | + return LDAP_ERR_OOB; | ||
| 377 | + | ||
| 378 | } else { | ||
| 379 | /* Needs groupMembership= to add... */ | ||
| 380 | - xstrncpy(bufa, "(&(&", sizeof(bufa)); | ||
| 381 | - strncat(bufa, edui_conf.search_filter, strlen(edui_conf.search_filter)); | ||
| 382 | /* groupMembership -- NOTE: Squid *MUST* provide "cn=" from squid.conf */ | ||
| 383 | - snprintf(bufg, sizeof(bufg), "(groupMembership=%s", group); | ||
| 384 | if ((l->basedn[0] != '\0') && (strstr(group, l->basedn) == NULL)) { | ||
| 385 | - strncat(bufg, ",", 1); | ||
| 386 | - strncat(bufg, l->basedn, strlen(l->basedn)); | ||
| 387 | + const int ln = snprintf(bufg, sizeof(bufg), ",%s", l->basedn); | ||
| 388 | + if (ln < 0 || static_cast<size_t>(ln) >= sizeof(bufd)) | ||
| 389 | + return LDAP_ERR_OOB; | ||
| 390 | } | ||
| 391 | - strncat(bufg, ")", 1); | ||
| 392 | - strncat(bufa, bufg, strlen(bufg)); | ||
| 393 | /* networkAddress */ | ||
| 394 | - snprintf(bufb, sizeof(bufb), "(|(networkAddress=1\\23%s)", bufc); | ||
| 395 | if (l->status & LDAP_IPV4_S) { | ||
| 396 | - int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=8\\23\\00\\00%s)(networkAddress=9\\23\\00\\00%s))", \ | ||
| 397 | - bufc, bufc); | ||
| 398 | - strncat(bufb, bufd, ln); | ||
| 399 | + const int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=8\\23\\00\\00%s)(networkAddress=9\\23\\00\\00%s)", bufc, bufc); | ||
| 400 | + if (ln < 0 || static_cast<size_t>(ln) >= sizeof(bufd)) | ||
| 401 | + return LDAP_ERR_OOB; | ||
| 402 | } else if (l->status & LDAP_IPV6_S) { | ||
| 403 | - int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=10\\23\\00\\00%s)(networkAddress=11\\23\\00\\00%s))", \ | ||
| 404 | - bufc, bufc); | ||
| 405 | - strncat(bufb, bufd, ln); | ||
| 406 | - } else | ||
| 407 | - strncat(bufb, ")", 1); | ||
| 408 | - strncat(bufa, bufb, strlen(bufb)); | ||
| 409 | - strncat(bufa, "))", 2); | ||
| 410 | + const int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=10\\23\\00\\00%s)(networkAddress=11\\23\\00\\00%s)", bufc, bufc); | ||
| 411 | + if (ln < 0 || static_cast<size_t>(ln) >= sizeof(bufd)) | ||
| 412 | + return LDAP_ERR_OOB; | ||
| 413 | + } | ||
| 414 | + const int x = snprintf(bufa, sizeof(bufa), "(&(&%s(groupMembership=%s%s)(|(networkAddress=1\\23%s)%s)))", edui_conf.search_filter, group, bufg, bufc, bufd); | ||
| 415 | + if (x < 0 || static_cast<size_t>(x) >= sizeof(bufa)) | ||
| 416 | + return LDAP_ERR_OOB; | ||
| 417 | } | ||
| 418 | s = strlen(bufa); | ||
| 419 | xstrncpy(l->search_filter, bufa, sizeof(l->search_filter)); | ||
| 420 | @@ -1212,10 +1100,10 @@ static int | ||
| 421 | SearchIPLDAP(edui_ldap_t *l) | ||
| 422 | { | ||
| 423 | ber_len_t i, x; | ||
| 424 | - ber_len_t j, k; | ||
| 425 | - ber_len_t y, z; | ||
| 426 | - int c; | ||
| 427 | - char bufa[EDUI_MAXLEN], bufb[EDUI_MAXLEN], hexc[4]; | ||
| 428 | + ber_len_t j; | ||
| 429 | + ber_len_t z; | ||
| 430 | + char bufa[EDUI_MAXLEN]; | ||
| 431 | + char bufb[EDUI_MAXLEN]; | ||
| 432 | LDAPMessage *ent; | ||
| 433 | if (l == NULL) return LDAP_ERR_NULL; | ||
| 434 | if (l->lp == NULL) return LDAP_ERR_POINTER; | ||
| 435 | @@ -1273,19 +1161,11 @@ SearchIPLDAP(edui_ldap_t *l) | ||
| 436 | /* bufa is the address, just compare it */ | ||
| 437 | if (!(l->status & LDAP_IPV4_S) || (l->status & LDAP_IPV6_S)) | ||
| 438 | break; /* Not looking for IPv4 */ | ||
| 439 | - for (k = 0; k < z; ++k) { | ||
| 440 | - c = (int) bufa[k]; | ||
| 441 | - if (c < 0) | ||
| 442 | - c = c + 256; | ||
| 443 | - int hlen = snprintf(hexc, sizeof(hexc), "%02X", c); | ||
| 444 | - if (k == 0) | ||
| 445 | - xstrncpy(bufb, hexc, sizeof(bufb)); | ||
| 446 | - else | ||
| 447 | - strncat(bufb, hexc, hlen); | ||
| 448 | - } | ||
| 449 | - y = strlen(bufb); | ||
| 450 | + const int blen = makeHexString(bufb, sizeof(bufb), bufa, z); | ||
| 451 | + if (blen < 0) | ||
| 452 | + return blen; | ||
| 453 | /* Compare value with IP */ | ||
| 454 | - if (memcmp(l->search_ip, bufb, y) == 0) { | ||
| 455 | + if (memcmp(l->search_ip, bufb, blen) == 0) { | ||
| 456 | /* We got a match! - Scan 'ber' for 'cn' values */ | ||
| 457 | z = ldap_count_values_len(ber); | ||
| 458 | for (j = 0; j < z; ++j) { | ||
| 459 | @@ -1308,19 +1188,11 @@ SearchIPLDAP(edui_ldap_t *l) | ||
| 460 | /* bufa + 2 is the address (skip 2 digit port) */ | ||
| 461 | if (!(l->status & LDAP_IPV4_S) || (l->status & LDAP_IPV6_S)) | ||
| 462 | break; /* Not looking for IPv4 */ | ||
| 463 | - for (k = 2; k < z; ++k) { | ||
| 464 | - c = (int) bufa[k]; | ||
| 465 | - if (c < 0) | ||
| 466 | - c = c + 256; | ||
| 467 | - int hlen = snprintf(hexc, sizeof(hexc), "%02X", c); | ||
| 468 | - if (k == 2) | ||
| 469 | - xstrncpy(bufb, hexc, sizeof(bufb)); | ||
| 470 | - else | ||
| 471 | - strncat(bufb, hexc, hlen); | ||
| 472 | - } | ||
| 473 | - y = strlen(bufb); | ||
| 474 | + const int blen = makeHexString(bufb, sizeof(bufb), &bufa[2], z); | ||
| 475 | + if (blen < 0) | ||
| 476 | + return blen; | ||
| 477 | /* Compare value with IP */ | ||
| 478 | - if (memcmp(l->search_ip, bufb, y) == 0) { | ||
| 479 | + if (memcmp(l->search_ip, bufb, blen) == 0) { | ||
| 480 | /* We got a match! - Scan 'ber' for 'cn' values */ | ||
| 481 | z = ldap_count_values_len(ber); | ||
| 482 | for (j = 0; j < z; ++j) { | ||
| 483 | @@ -1343,19 +1215,11 @@ SearchIPLDAP(edui_ldap_t *l) | ||
| 484 | /* bufa + 2 is the address (skip 2 digit port) */ | ||
| 485 | if (!(l->status & LDAP_IPV6_S)) | ||
| 486 | break; /* Not looking for IPv6 */ | ||
| 487 | - for (k = 2; k < z; ++k) { | ||
| 488 | - c = (int) bufa[k]; | ||
| 489 | - if (c < 0) | ||
| 490 | - c = c + 256; | ||
| 491 | - int hlen = snprintf(hexc, sizeof(hexc), "%02X", c); | ||
| 492 | - if (k == 2) | ||
| 493 | - xstrncpy(bufb, hexc, sizeof(bufb)); | ||
| 494 | - else | ||
| 495 | - strncat(bufb, hexc, hlen); | ||
| 496 | - } | ||
| 497 | - y = strlen(bufb); | ||
| 498 | + const int blen = makeHexString(bufb, sizeof(bufb), &bufa[2], z); | ||
| 499 | + if (blen < 0) | ||
| 500 | + return blen; | ||
| 501 | /* Compare value with IP */ | ||
| 502 | - if (memcmp(l->search_ip, bufb, y) == 0) { | ||
| 503 | + if (memcmp(l->search_ip, bufb, blen) == 0) { | ||
| 504 | /* We got a match! - Scan 'ber' for 'cn' values */ | ||
| 505 | z = ldap_count_values_len(ber); | ||
| 506 | for (j = 0; j < z; ++j) { | ||
diff --git a/meta-networking/recipes-daemons/squid/files/0001-splay.cc-fix-bind-is-not-a-member-of-std.patch b/meta-networking/recipes-daemons/squid/files/0001-splay.cc-fix-bind-is-not-a-member-of-std.patch new file mode 100644 index 000000000..fbbad1597 --- /dev/null +++ b/meta-networking/recipes-daemons/squid/files/0001-splay.cc-fix-bind-is-not-a-member-of-std.patch | |||
| @@ -0,0 +1,31 @@ | |||
| 1 | From 1def5b4278d97f197520d23c1dce52f93a1b2f46 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Andrej Valek <andrej.valek@siemens.com> | ||
| 3 | Date: Tue, 9 Apr 2019 09:40:30 +0200 | ||
| 4 | Subject: [PATCH] splay.cc: fix bind is not a member of std | ||
| 5 | |||
| 6 | fix | ||
| 7 | | ../../squid-4.6/test-suite/splay.cc:134:28: error: 'bind' is not a member of 'std' | ||
| 8 | | auto nextRandom = std::bind (distribution, generator); | ||
| 9 | | ^~~~ | ||
| 10 | | ../../squid-4.6/test-suite/splay.cc:134:28: note: 'std::bind' is defined in header '<functional>'; did you forget to '#include <functional>'? | ||
| 11 | |||
| 12 | Signed-off-by: Andrej Valek <andrej.valek@siemens.com> | ||
| 13 | --- | ||
| 14 | test-suite/splay.cc | 1 + | ||
| 15 | 1 file changed, 1 insertion(+) | ||
| 16 | |||
| 17 | diff --git a/test-suite/splay.cc b/test-suite/splay.cc | ||
| 18 | index f71b337..4e21adc 100644 | ||
| 19 | --- a/test-suite/splay.cc | ||
| 20 | +++ b/test-suite/splay.cc | ||
| 21 | @@ -20,6 +20,7 @@ | ||
| 22 | #include <unistd.h> | ||
| 23 | #endif | ||
| 24 | #include <random> | ||
| 25 | +#include <functional> | ||
| 26 | |||
| 27 | class intnode | ||
| 28 | { | ||
| 29 | -- | ||
| 30 | 2.11.0 | ||
| 31 | |||
diff --git a/meta-networking/recipes-daemons/squid/files/0001-tools.cc-fixed-unused-result-warning.patch b/meta-networking/recipes-daemons/squid/files/0001-tools.cc-fixed-unused-result-warning.patch index 8ea55d0e1..f267875ed 100644 --- a/meta-networking/recipes-daemons/squid/files/0001-tools.cc-fixed-unused-result-warning.patch +++ b/meta-networking/recipes-daemons/squid/files/0001-tools.cc-fixed-unused-result-warning.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From faaa796a138cbd5033b1e53f33faac0cf4162bf5 Mon Sep 17 00:00:00 2001 | 1 | From 86dae8010310d13bd2a2beb006b4085d06ae1556 Mon Sep 17 00:00:00 2001 |
| 2 | From: Khem Raj <raj.khem@gmail.com> | 2 | From: Khem Raj <raj.khem@gmail.com> |
| 3 | Date: Sun, 25 Jun 2017 00:59:24 -0700 | 3 | Date: Sun, 25 Jun 2017 00:59:24 -0700 |
| 4 | Subject: [PATCH] tools.cc: fixed unused-result warning | 4 | Subject: [PATCH] tools.cc: fixed unused-result warning |
| @@ -12,21 +12,23 @@ fix | |||
| 12 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | 12 | Signed-off-by: Khem Raj <raj.khem@gmail.com> |
| 13 | 13 | ||
| 14 | --- | 14 | --- |
| 15 | src/tools.cc | 4 ++-- | 15 | src/tools.cc | 5 +++-- |
| 16 | 1 file changed, 2 insertions(+), 2 deletions(-) | 16 | 1 file changed, 3 insertions(+), 2 deletions(-) |
| 17 | 17 | ||
| 18 | diff --git a/src/tools.cc b/src/tools.cc | 18 | diff --git a/src/tools.cc b/src/tools.cc |
| 19 | index 8137a03..843e266 100644 | 19 | index 5829574..19f0836 100644 |
| 20 | --- a/src/tools.cc | 20 | --- a/src/tools.cc |
| 21 | +++ b/src/tools.cc | 21 | +++ b/src/tools.cc |
| 22 | @@ -612,8 +612,8 @@ enter_suid(void) | 22 | @@ -581,8 +581,10 @@ enter_suid(void) |
| 23 | if (setresuid((uid_t)-1, 0, (uid_t)-1) < 0) | 23 | debugs (21, 3, "enter_suid: setresuid failed: " << xstrerr(xerrno)); |
| 24 | debugs (21, 3, "enter_suid: setresuid failed: " << xstrerror ()); | 24 | } |
| 25 | #else | 25 | #else |
| 26 | - | 26 | - |
| 27 | - setuid(0); | 27 | - setuid(0); |
| 28 | + if (setuid(0) < 0) | 28 | + if (setuid(0) < 0) { |
| 29 | + debugs(50, DBG_IMPORTANT, "WARNING: no_suid: setuid(0): " << xstrerror()); | 29 | + const auto xerrno = errno; |
| 30 | + debugs(50, DBG_IMPORTANT, "WARNING: no_suid: setuid(0): " << xstrerr(xerrno)); | ||
| 31 | + } | ||
| 30 | #endif | 32 | #endif |
| 31 | #if HAVE_PRCTL && defined(PR_SET_DUMPABLE) | 33 | #if HAVE_PRCTL && defined(PR_SET_DUMPABLE) |
| 32 | /* Set Linux DUMPABLE flag */ | 34 | /* Set Linux DUMPABLE flag */ |
diff --git a/meta-networking/recipes-daemons/squid/files/0002-smblib-fix-buffer-over-read.patch b/meta-networking/recipes-daemons/squid/files/0002-smblib-fix-buffer-over-read.patch deleted file mode 100644 index c8f0c47bd..000000000 --- a/meta-networking/recipes-daemons/squid/files/0002-smblib-fix-buffer-over-read.patch +++ /dev/null | |||
| @@ -1,39 +0,0 @@ | |||
| 1 | From a6b1e0fd14311587186e40d09bff5c8c3aada2e4 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Amos Jeffries <squid3@treenet.co.nz> | ||
| 3 | Date: Sat, 25 Jul 2015 05:53:16 -0700 | ||
| 4 | Subject: [PATCH] smblib: fix buffer over-read | ||
| 5 | |||
| 6 | When parsing SMB LanManager packets with invalid protocol ID and the | ||
| 7 | default set of Squid supported protocols. It may access memory outside | ||
| 8 | the buffer storing protocol names. | ||
| 9 | |||
| 10 | smblib is only used by already deprecated helpers which are deprecated | ||
| 11 | due to far more significant NTLM protocol issues. It will also only | ||
| 12 | result in packets being rejected later with invalid protocol names. So | ||
| 13 | this is a minor bug rather than a vulnerability. | ||
| 14 | |||
| 15 | Detected by Coverity Scan. Issue 1256165 | ||
| 16 | --- | ||
| 17 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
| 18 | Upstream-Status: Backport | ||
| 19 | |||
| 20 | lib/smblib/smblib-util.c | 6 +++++- | ||
| 21 | 1 file changed, 5 insertions(+), 1 deletion(-) | ||
| 22 | |||
| 23 | diff --git a/lib/smblib/smblib-util.c b/lib/smblib/smblib-util.c | ||
| 24 | index 6139ae2..e722cbb 100644 | ||
| 25 | --- a/lib/smblib/smblib-util.c | ||
| 26 | +++ b/lib/smblib/smblib-util.c | ||
| 27 | @@ -204,7 +204,11 @@ int SMB_Figure_Protocol(const char *dialects[], int prot_index) | ||
| 28 | { | ||
| 29 | int i; | ||
| 30 | |||
| 31 | - if (dialects == SMB_Prots) { /* The jobs is easy, just index into table */ | ||
| 32 | + // prot_index may be a value outside the table SMB_Types[] | ||
| 33 | + // which holds data at offsets 0 to 11 | ||
| 34 | + int ourType = (prot_index < 0 || prot_index > 11); | ||
| 35 | + | ||
| 36 | + if (ourType && dialects == SMB_Prots) { /* The jobs is easy, just index into table */ | ||
| 37 | |||
| 38 | return(SMB_Types[prot_index]); | ||
| 39 | } else { /* Search through SMB_Prots looking for a match */ | ||
diff --git a/meta-networking/recipes-daemons/squid/files/Fix-flawed-dynamic-ldb-link-test-in-configure.patch b/meta-networking/recipes-daemons/squid/files/Fix-flawed-dynamic-ldb-link-test-in-configure.patch index 25f68aff8..1516bb014 100644 --- a/meta-networking/recipes-daemons/squid/files/Fix-flawed-dynamic-ldb-link-test-in-configure.patch +++ b/meta-networking/recipes-daemons/squid/files/Fix-flawed-dynamic-ldb-link-test-in-configure.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From b4943594654cd340b95aabdc2f3750a4705cc0de Mon Sep 17 00:00:00 2001 | 1 | From b73b802282bf95d214c86ba943c5765ba6930bc1 Mon Sep 17 00:00:00 2001 |
| 2 | From: Jim Somerville <Jim.Somerville@windriver.com> | 2 | From: Jim Somerville <Jim.Somerville@windriver.com> |
| 3 | Date: Mon, 21 Oct 2013 12:50:44 -0400 | 3 | Date: Mon, 21 Oct 2013 12:50:44 -0400 |
| 4 | Subject: [PATCH] Fix flawed dynamic -ldb link test in configure | 4 | Subject: [PATCH] Fix flawed dynamic -ldb link test in configure |
| @@ -12,19 +12,17 @@ about why and setting the need for -ldb incorrectly. | |||
| 12 | Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com> | 12 | Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com> |
| 13 | 13 | ||
| 14 | --- | 14 | --- |
| 15 | configure.ac | 12 ++++++++++-- | 15 | configure.ac | 10 ++++++++++ |
| 16 | 1 file changed, 10 insertions(+), 2 deletions(-) | 16 | 1 file changed, 10 insertions(+) |
| 17 | 17 | ||
| 18 | diff --git a/configure.ac b/configure.ac | 18 | diff --git a/configure.ac b/configure.ac |
| 19 | index 57cd1ac..3827222 100644 | 19 | index d2f7feb..c7ae568 100644 |
| 20 | --- a/configure.ac | 20 | --- a/configure.ac |
| 21 | +++ b/configure.ac | 21 | +++ b/configure.ac |
| 22 | @@ -3229,8 +3229,16 @@ AC_CHECK_DECL(dbopen,,,[ | 22 | @@ -3235,6 +3235,16 @@ case "$host" in |
| 23 | #include <db.h> | 23 | ;; |
| 24 | #endif]) | 24 | esac |
| 25 | 25 | ||
| 26 | -dnl 1.85 | ||
| 27 | -SQUID_CHECK_DBOPEN_NEEDS_LIBDB | ||
| 28 | +if test "x$ac_cv_have_decl_dbopen" = "xyes"; then | 26 | +if test "x$ac_cv_have_decl_dbopen" = "xyes"; then |
| 29 | + dnl 1.85 | 27 | + dnl 1.85 |
| 30 | + SQUID_CHECK_DBOPEN_NEEDS_LIBDB | 28 | + SQUID_CHECK_DBOPEN_NEEDS_LIBDB |
| @@ -35,6 +33,6 @@ index 57cd1ac..3827222 100644 | |||
| 35 | + # dynamic compile/link test. | 33 | + # dynamic compile/link test. |
| 36 | + ac_cv_dbopen_libdb="yes" | 34 | + ac_cv_dbopen_libdb="yes" |
| 37 | +fi | 35 | +fi |
| 38 | if test "x$ac_cv_dbopen_libdb" = "xyes"; then | 36 | dnl System-specific library modifications |
| 39 | LIB_DB="-ldb" | 37 | dnl |
| 40 | fi | 38 | case "$host" in |
diff --git a/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch b/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch index 6a3352548..dd83b62e6 100644 --- a/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch +++ b/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From a85311965707ba2fa78f7ce044e6f61e65e66fd0 Mon Sep 17 00:00:00 2001 | 1 | From e4778299a3e49a634d2c7fe4fd9ac77777e829e3 Mon Sep 17 00:00:00 2001 |
| 2 | From: Jim Somerville <Jim.Somerville@windriver.com> | 2 | From: Jim Somerville <Jim.Somerville@windriver.com> |
| 3 | Date: Tue, 14 Oct 2014 02:56:08 -0400 | 3 | Date: Tue, 14 Oct 2014 02:56:08 -0400 |
| 4 | Subject: [PATCH] Skip AC_RUN_IFELSE tests | 4 | Subject: [PATCH] Skip AC_RUN_IFELSE tests |
| @@ -17,7 +17,7 @@ Signed-off-by: Jackie Huang <jackie.huang@windriver.com> | |||
| 17 | 2 files changed, 15 insertions(+), 3 deletions(-) | 17 | 2 files changed, 15 insertions(+), 3 deletions(-) |
| 18 | 18 | ||
| 19 | diff --git a/acinclude/krb5.m4 b/acinclude/krb5.m4 | 19 | diff --git a/acinclude/krb5.m4 b/acinclude/krb5.m4 |
| 20 | index 5c83d88..c264118 100644 | 20 | index ad0ba60..4477446 100644 |
| 21 | --- a/acinclude/krb5.m4 | 21 | --- a/acinclude/krb5.m4 |
| 22 | +++ b/acinclude/krb5.m4 | 22 | +++ b/acinclude/krb5.m4 |
| 23 | @@ -61,7 +61,15 @@ main(void) | 23 | @@ -61,7 +61,15 @@ main(void) |
| @@ -38,10 +38,10 @@ index 5c83d88..c264118 100644 | |||
| 38 | ]) | 38 | ]) |
| 39 | ]) dnl SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H | 39 | ]) dnl SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H |
| 40 | diff --git a/acinclude/lib-checks.m4 b/acinclude/lib-checks.m4 | 40 | diff --git a/acinclude/lib-checks.m4 b/acinclude/lib-checks.m4 |
| 41 | index c4874da..ba72982 100644 | 41 | index 7624b56..b449c5a 100644 |
| 42 | --- a/acinclude/lib-checks.m4 | 42 | --- a/acinclude/lib-checks.m4 |
| 43 | +++ b/acinclude/lib-checks.m4 | 43 | +++ b/acinclude/lib-checks.m4 |
| 44 | @@ -177,7 +177,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[ | 44 | @@ -217,7 +217,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[ |
| 45 | [ | 45 | [ |
| 46 | AC_MSG_RESULT([no]) | 46 | AC_MSG_RESULT([no]) |
| 47 | ], | 47 | ], |
| @@ -51,8 +51,8 @@ index c4874da..ba72982 100644 | |||
| 51 | + ]) | 51 | + ]) |
| 52 | 52 | ||
| 53 | SQUID_STATE_ROLLBACK(check_const_SSL_METHOD) | 53 | SQUID_STATE_ROLLBACK(check_const_SSL_METHOD) |
| 54 | ] | 54 | ]) |
| 55 | @@ -265,7 +267,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[ | 55 | @@ -377,7 +379,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[ |
| 56 | AC_MSG_RESULT([yes]) | 56 | AC_MSG_RESULT([yes]) |
| 57 | AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1) | 57 | AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1) |
| 58 | ], | 58 | ], |
diff --git a/meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch b/meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch index e990480a6..124e04490 100644 --- a/meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch +++ b/meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch | |||
| @@ -17,25 +17,25 @@ diff --git a/configure.ac b/configure.ac | |||
| 17 | index 504a844..ff4688c 100644 | 17 | index 504a844..ff4688c 100644 |
| 18 | --- a/configure.ac | 18 | --- a/configure.ac |
| 19 | +++ b/configure.ac | 19 | +++ b/configure.ac |
| 20 | @@ -974,15 +974,15 @@ if test "x$squid_opt_use_esi" = "xyes" -a "x$with_libxml2" != "xno" ; then | 20 | @@ -931,15 +931,15 @@ if test "x$squid_opt_use_esi" = "xyes" -a "x$with_libxml2" != "xno" ; then |
| 21 | dnl Find the main header and include path... | 21 | dnl Find the main header and include path... |
| 22 | AC_CACHE_CHECK([location of libxml2 include files], [ac_cv_libxml2_include], [ | 22 | AC_CACHE_CHECK([location of libxml2 include files], [ac_cv_libxml2_include], [ |
| 23 | AC_CHECK_HEADERS([libxml/parser.h], [], [ | 23 | AC_CHECK_HEADERS([libxml/parser.h], [], [ |
| 24 | - AC_MSG_NOTICE([Testing in /usr/include/libxml2]) | 24 | - AC_MSG_NOTICE([Testing in /usr/include/libxml2]) |
| 25 | + AC_MSG_NOTICE([Testing in $SYSROOT/usr/include/libxml2]) | 25 | + AC_MSG_NOTICE([Testing in $SYSROOT/usr/include/libxml2]) |
| 26 | SAVED_CPPFLAGS="$CPPFLAGS" | 26 | SAVED_CPPFLAGS="$CPPFLAGS" |
| 27 | - CPPFLAGS="-I/usr/include/libxml2 $CPPFLAGS" | 27 | - CPPFLAGS="-I/usr/include/libxml2 $CPPFLAGS" |
| 28 | + CPPFLAGS="-I$SYSROOT/usr/include/libxml2 $CPPFLAGS" | 28 | + CPPFLAGS="-I$SYSROOT/usr/include/libxml2 $CPPFLAGS" |
| 29 | unset ac_cv_header_libxml_parser_h | ||
| 30 | - AC_CHECK_HEADERS([libxml/parser.h], [ac_cv_libxml2_include="-I/usr/include/libxml2"], [ | ||
| 31 | - AC_MSG_NOTICE([Testing in /usr/local/include/libxml2]) | ||
| 32 | - CPPFLAGS="-I/usr/local/include/libxml2 $SAVED_CPPFLAGS" | ||
| 33 | + AC_CHECK_HEADERS([libxml/parser.h], [ac_cv_libxml2_include="-I$SYSROOT/usr/include/libxml2"], [ | ||
| 34 | + AC_MSG_NOTICE([Testing in $SYSROOT/usr/local/include/libxml2]) | ||
| 35 | + CPPFLAGS="-I$SYSROOT/usr/local/include/libxml2 $SAVED_CPPFLAGS" | ||
| 36 | unset ac_cv_header_libxml_parser_h | 29 | unset ac_cv_header_libxml_parser_h |
| 37 | - AC_CHECK_HEADERS([libxml/parser.h], [ac_cv_libxml2_include="-I/usr/local/include/libxml2"], [ | 30 | - AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I/usr/include/libxml2"], [ |
| 38 | + AC_CHECK_HEADERS([libxml/parser.h], [ac_cv_libxml2_include="-I$SYSROOT/usr/local/include/libxml2"], [ | 31 | - AC_MSG_NOTICE([Testing in /usr/local/include/libxml2]) |
| 39 | AC_MSG_NOTICE([Failed to find libxml2 header file libxml/parser.h]) | 32 | - CPPFLAGS="-I/usr/local/include/libxml2 $SAVED_CPPFLAGS" |
| 33 | + AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I$SYSROOT/usr/include/libxml2"], [ | ||
| 34 | + AC_MSG_NOTICE([Testing in $SYSROOT/usr/local/include/libxml2]) | ||
| 35 | + CPPFLAGS="-I$SYSROOT/usr/local/include/libxml2 $SAVED_CPPFLAGS" | ||
| 36 | unset ac_cv_header_libxml_parser_h | ||
| 37 | - AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I/usr/local/include/libxml2"], [ | ||
| 38 | + AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I$SYSROOT/usr/local/include/libxml2"], [ | ||
| 39 | AC_MSG_NOTICE([Failed to find libxml2 header file libxml/parser.h]) | ||
| 40 | ]) | ||
| 40 | ]) | 41 | ]) |
| 41 | ]) | ||
diff --git a/meta-networking/recipes-daemons/squid/files/squid-use-serial-tests-config-needed-by-ptest.patch b/meta-networking/recipes-daemons/squid/files/squid-use-serial-tests-config-needed-by-ptest.patch index 9c75f17e7..732cf17f7 100644 --- a/meta-networking/recipes-daemons/squid/files/squid-use-serial-tests-config-needed-by-ptest.patch +++ b/meta-networking/recipes-daemons/squid/files/squid-use-serial-tests-config-needed-by-ptest.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 9bcec221a2bb438d8a9ed59aed846ffe3be9cffa Mon Sep 17 00:00:00 2001 | 1 | From 3d881c112bba765731d581194aae95651819b715 Mon Sep 17 00:00:00 2001 |
| 2 | From: Jackie Huang <jackie.huang@windriver.com> | 2 | From: Jackie Huang <jackie.huang@windriver.com> |
| 3 | Date: Tue, 19 Jul 2016 01:56:23 -0400 | 3 | Date: Tue, 19 Jul 2016 01:56:23 -0400 |
| 4 | Subject: [PATCH] squid: use serial-tests config needed by ptest | 4 | Subject: [PATCH] squid: use serial-tests config needed by ptest |
| @@ -15,15 +15,15 @@ Signed-off-by: Jackie Huang <jackie.huang@windriver.com> | |||
| 15 | 1 file changed, 1 insertion(+), 1 deletion(-) | 15 | 1 file changed, 1 insertion(+), 1 deletion(-) |
| 16 | 16 | ||
| 17 | diff --git a/configure.ac b/configure.ac | 17 | diff --git a/configure.ac b/configure.ac |
| 18 | index 3827222..504a844 100644 | 18 | index c7ae568..5e1454e 100644 |
| 19 | --- a/configure.ac | 19 | --- a/configure.ac |
| 20 | +++ b/configure.ac | 20 | +++ b/configure.ac |
| 21 | @@ -10,7 +10,7 @@ AC_PREREQ(2.61) | 21 | @@ -10,7 +10,7 @@ AC_PREREQ(2.61) |
| 22 | AC_CONFIG_HEADERS([include/autoconf.h]) | 22 | AC_CONFIG_HEADERS([include/autoconf.h]) |
| 23 | AC_CONFIG_AUX_DIR(cfgaux) | 23 | AC_CONFIG_AUX_DIR(cfgaux) |
| 24 | AC_CONFIG_SRCDIR([src/main.cc]) | 24 | AC_CONFIG_SRCDIR([src/main.cc]) |
| 25 | -AM_INIT_AUTOMAKE([tar-ustar nostdinc subdir-objects]) | 25 | -AM_INIT_AUTOMAKE([tar-ustar nostdinc subdir-objects dist-xz]) |
| 26 | +AM_INIT_AUTOMAKE([tar-ustar nostdinc subdir-objects serial-tests]) | 26 | +AM_INIT_AUTOMAKE([tar-ustar nostdinc subdir-objects dist-xz serial-tests]) |
| 27 | AC_REVISION($Revision$)dnl | 27 | AC_REVISION($Revision$)dnl |
| 28 | AC_PREFIX_DEFAULT(/usr/local/squid) | 28 | AC_PREFIX_DEFAULT(/usr/local/squid) |
| 29 | AM_MAINTAINER_MODE | 29 | AM_MAINTAINER_MODE |
diff --git a/meta-networking/recipes-daemons/squid/squid_3.5.28.bb b/meta-networking/recipes-daemons/squid/squid_4.6.bb index e33c1b7cc..56e4e0bab 100644 --- a/meta-networking/recipes-daemons/squid/squid_3.5.28.bb +++ b/meta-networking/recipes-daemons/squid/squid_4.6.bb | |||
| @@ -12,7 +12,7 @@ LICENSE = "GPLv2+" | |||
| 12 | MAJ_VER = "${@oe.utils.trim_version("${PV}", 1)}" | 12 | MAJ_VER = "${@oe.utils.trim_version("${PV}", 1)}" |
| 13 | MIN_VER = "${@oe.utils.trim_version("${PV}", 2)}" | 13 | MIN_VER = "${@oe.utils.trim_version("${PV}", 2)}" |
| 14 | 14 | ||
| 15 | SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${MIN_VER}/${BPN}-${PV}.tar.bz2 \ | 15 | SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.bz2 \ |
| 16 | file://Set-up-for-cross-compilation.patch \ | 16 | file://Set-up-for-cross-compilation.patch \ |
| 17 | file://Skip-AC_RUN_IFELSE-tests.patch \ | 17 | file://Skip-AC_RUN_IFELSE-tests.patch \ |
| 18 | file://Fix-flawed-dynamic-ldb-link-test-in-configure.patch \ | 18 | file://Fix-flawed-dynamic-ldb-link-test-in-configure.patch \ |
| @@ -23,19 +23,18 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${MIN_VER}/${BPN}-${P | |||
| 23 | file://squid-don-t-do-squid-conf-tests-at-build-time.patch \ | 23 | file://squid-don-t-do-squid-conf-tests-at-build-time.patch \ |
| 24 | file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch \ | 24 | file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch \ |
| 25 | file://0001-tools.cc-fixed-unused-result-warning.patch \ | 25 | file://0001-tools.cc-fixed-unused-result-warning.patch \ |
| 26 | file://0001-Bug-4843-pt1-ext_edirectory_userip_acl-refactoring-f.patch \ | 26 | file://0001-splay.cc-fix-bind-is-not-a-member-of-std.patch \ |
| 27 | file://0002-smblib-fix-buffer-over-read.patch \ | ||
| 28 | " | 27 | " |
| 29 | 28 | ||
| 30 | SRC_URI_remove_toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch" | 29 | SRC_URI_remove_toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch" |
| 31 | 30 | ||
| 32 | SRC_URI[md5sum] = "4ae3f6277b3aa6386cb5ad2d954179c2" | 31 | SRC_URI[md5sum] = "6fb9f2be772b9bcaf2b3322d9e16ee1e" |
| 33 | SRC_URI[sha256sum] = "11971bfe3c13f438e42569ea551206caf68ecaa968305c30f7b422b556ebc7ac" | 32 | SRC_URI[sha256sum] = "73c1970467618db194057f6c43c80019a4dc47847579fc404796ff2dcd215f05" |
| 34 | 33 | ||
| 35 | LIC_FILES_CHKSUM = "file://COPYING;md5=c492e2d6d32ec5c1aad0e0609a141ce9 \ | 34 | LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ |
| 36 | file://errors/COPYRIGHT;md5=1c0781e2ecd3051c765d525572defbc7 \ | 35 | file://errors/COPYRIGHT;md5=19cc4dd146f397e72f3ff6f9f58fbfbe \ |
| 37 | " | 36 | " |
| 38 | DEPENDS = "libtool krb5 openldap db cyrus-sasl openssl expat libxml2" | 37 | DEPENDS = "libtool krb5 openldap db cyrus-sasl" |
| 39 | 38 | ||
| 40 | inherit autotools pkgconfig useradd ptest perlnative | 39 | inherit autotools pkgconfig useradd ptest perlnative |
| 41 | 40 | ||
| @@ -51,6 +50,8 @@ PACKAGECONFIG[libnetfilter-conntrack] = "--with-netfilter-conntrack=${includedir | |||
| 51 | PACKAGECONFIG[noatomics] = "squid_cv_gnu_atomics=no,squid_cv_gnu_atomics=yes,," | 50 | PACKAGECONFIG[noatomics] = "squid_cv_gnu_atomics=no,squid_cv_gnu_atomics=yes,," |
| 52 | PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," | 51 | PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," |
| 53 | PACKAGECONFIG[werror] = "--enable-strict-error-checking,--disable-strict-error-checking," | 52 | PACKAGECONFIG[werror] = "--enable-strict-error-checking,--disable-strict-error-checking," |
| 53 | PACKAGECONFIG[esi] = "--enable-esi,--disable-esi,expat libxml2" | ||
| 54 | PACKAGECONFIG[ssl] = "--with-openssl=yes,--with-openssl=no,openssl" | ||
| 54 | 55 | ||
| 55 | BASIC_AUTH = "DB SASL LDAP" | 56 | BASIC_AUTH = "DB SASL LDAP" |
| 56 | 57 | ||