diff options
Diffstat (limited to 'meta-networking/recipes-daemons')
9 files changed, 92 insertions, 605 deletions
diff --git a/meta-networking/recipes-daemons/squid/files/0001-Bug-4843-pt1-ext_edirectory_userip_acl-refactoring-f.patch b/meta-networking/recipes-daemons/squid/files/0001-Bug-4843-pt1-ext_edirectory_userip_acl-refactoring-f.patch deleted file mode 100644 index 001d9e906..000000000 --- a/meta-networking/recipes-daemons/squid/files/0001-Bug-4843-pt1-ext_edirectory_userip_acl-refactoring-f.patch +++ /dev/null | |||
@@ -1,506 +0,0 @@ | |||
1 | From 01a44c96dbd04936e9cb2501745a834a0b09d504 Mon Sep 17 00:00:00 2001 | ||
2 | From: Amos Jeffries <yadij@users.noreply.github.com> | ||
3 | Date: Sun, 13 May 2018 06:57:41 +0000 | ||
4 | Subject: [PATCH] Bug 4843 pt1: ext_edirectory_userip_acl refactoring for GCC-8 | ||
5 | (#204) | ||
6 | |||
7 | Proposed changes to this helper to fix strcat / strncat buffer | ||
8 | overread / overflow issues. | ||
9 | |||
10 | The approach takes three parts: | ||
11 | |||
12 | * adds a makeHexString function to replace many for-loops | ||
13 | catenating bits of strings together with hex conversion into a | ||
14 | second buffer. Replacing with a snprintf() and buffer overflow | ||
15 | handling. | ||
16 | |||
17 | * a copy of Ip::Address::lookupHostIp to convert the input | ||
18 | string into IP address binary format, then generate the hex | ||
19 | string using the above new hex function instead of looped | ||
20 | sub-string concatenations across several buffers. | ||
21 | This removes all the "00" and "0000" strncat() calls and | ||
22 | allows far simpler code even with added buffer overflow | ||
23 | handling. | ||
24 | |||
25 | * replace multiple string part concatenations with a few simpler | ||
26 | calls to snprintf() for all the search_ip buffer constructions. | ||
27 | Adding buffer overflow handling as needed for the new calls. | ||
28 | --- | ||
29 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
30 | Upstream-Status: Backport | ||
31 | |||
32 | .../ext_edirectory_userip_acl.cc | 376 ++++++------------ | ||
33 | 1 file changed, 120 insertions(+), 256 deletions(-) | ||
34 | |||
35 | diff --git a/helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.cc b/helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.cc | ||
36 | index 63609e4..ad16bfd 100644 | ||
37 | --- a/helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.cc | ||
38 | +++ b/helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.cc | ||
39 | @@ -67,6 +67,9 @@ | ||
40 | #ifdef HAVE_LDAP_H | ||
41 | #include <ldap.h> | ||
42 | #endif | ||
43 | +#ifdef HAVE_NETDB_H | ||
44 | +#include <netdb.h> | ||
45 | +#endif | ||
46 | |||
47 | #ifdef HELPER_INPUT_BUFFER | ||
48 | #define EDUI_MAXLEN HELPER_INPUT_BUFFER | ||
49 | @@ -714,11 +717,14 @@ BindLDAP(edui_ldap_t *l, char *dn, char *pw, unsigned int t) | ||
50 | |||
51 | /* Copy details - dn and pw CAN be NULL for anonymous and/or TLS */ | ||
52 | if (dn != NULL) { | ||
53 | + if (strlen(dn) >= sizeof(l->dn)) | ||
54 | + return LDAP_ERR_OOB; /* DN too large */ | ||
55 | + | ||
56 | if ((l->basedn[0] != '\0') && (strstr(dn, l->basedn) == NULL)) { | ||
57 | /* We got a basedn, but it's not part of dn */ | ||
58 | - xstrncpy(l->dn, dn, sizeof(l->dn)); | ||
59 | - strncat(l->dn, ",", 1); | ||
60 | - strncat(l->dn, l->basedn, strlen(l->basedn)); | ||
61 | + const int x = snprintf(l->dn, sizeof(l->dn)-1, "%s,%s", dn, l->basedn); | ||
62 | + if (x < 0 || static_cast<size_t>(x) >= sizeof(l->dn)) | ||
63 | + return LDAP_ERR_OOB; /* DN too large */ | ||
64 | } else | ||
65 | xstrncpy(l->dn, dn, sizeof(l->dn)); | ||
66 | } | ||
67 | @@ -778,24 +784,73 @@ BindLDAP(edui_ldap_t *l, char *dn, char *pw, unsigned int t) | ||
68 | } | ||
69 | } | ||
70 | |||
71 | +// XXX: duplicate (partial) of Ip::Address::lookupHostIp | ||
72 | +/** | ||
73 | + * Convert the IP address string representation in src to | ||
74 | + * its binary representation. | ||
75 | + * | ||
76 | + * \return binary representation of the src IP address. | ||
77 | + * Must be free'd using freeaddrinfo(). | ||
78 | + */ | ||
79 | +static struct addrinfo * | ||
80 | +makeIpBinary(const char *src) | ||
81 | +{ | ||
82 | + struct addrinfo want; | ||
83 | + memset(&want, 0, sizeof(want)); | ||
84 | + want.ai_flags = AI_NUMERICHOST; // prevent actual DNS lookups! | ||
85 | + | ||
86 | + struct addrinfo *dst = nullptr; | ||
87 | + if (getaddrinfo(src, nullptr, &want, &dst) != 0) { | ||
88 | + // not an IP address | ||
89 | + /* free any memory getaddrinfo() dynamically allocated. */ | ||
90 | + if (dst) | ||
91 | + freeaddrinfo(dst); | ||
92 | + return nullptr; | ||
93 | + } | ||
94 | + | ||
95 | + return dst; | ||
96 | +} | ||
97 | + | ||
98 | +/** | ||
99 | + * Convert srcLen bytes from src into HEX and store into dst, which | ||
100 | + * has a maximum content size of dstSize including c-string terminator. | ||
101 | + * The dst value produced will be a 0-terminated c-string. | ||
102 | + * | ||
103 | + * \retval N length of dst written (excluding c-string terminator) | ||
104 | + * \retval -11 (LDAP_ERR_OOB) buffer overflow detected | ||
105 | + */ | ||
106 | +static int | ||
107 | +makeHexString(char *dst, const int dstSize, const char *src, const int srcLen) | ||
108 | +{ | ||
109 | + // HEX encoding doubles the amount of bytes/octets copied | ||
110 | + if ((srcLen*2) >= dstSize) | ||
111 | + return LDAP_ERR_OOB; // cannot copy that many | ||
112 | + | ||
113 | + *dst = 0; | ||
114 | + | ||
115 | + for (int k = 0; k < srcLen; ++k) { | ||
116 | + int c = static_cast<int>(src[k]); | ||
117 | + if (c < 0) | ||
118 | + c = c + 256; | ||
119 | + char hexc[4]; | ||
120 | + const int hlen = snprintf(hexc, sizeof(hexc), "%02X", c); | ||
121 | + if (hlen < 0 || static_cast<size_t>(hlen) > sizeof(hexc)) // should be impossible | ||
122 | + return LDAP_ERR_OOB; | ||
123 | + strcat(dst, hexc); | ||
124 | + } | ||
125 | + return strlen(dst); | ||
126 | +} | ||
127 | + | ||
128 | /* | ||
129 | * ConvertIP() - <edui_ldap_t> <ip> | ||
130 | * | ||
131 | * Take an IPv4 address in dot-decimal or IPv6 notation, and convert to 2-digit HEX stored in l->search_ip | ||
132 | * This is the networkAddress that we search LDAP for. | ||
133 | - * | ||
134 | - * PENDING -- CHANGE OVER TO inet*_pton, but inet6_pton does not provide the correct syntax | ||
135 | - * | ||
136 | */ | ||
137 | static int | ||
138 | ConvertIP(edui_ldap_t *l, char *ip) | ||
139 | { | ||
140 | - char bufa[EDUI_MAXLEN], bufb[EDUI_MAXLEN], obj[EDUI_MAXLEN]; | ||
141 | - char hexc[4], *p; | ||
142 | void *y, *z; | ||
143 | - size_t s; | ||
144 | - long x; | ||
145 | - int i, j, t, swi; /* IPv6 "::" cut over toggle */ | ||
146 | if (l == NULL) return LDAP_ERR_NULL; | ||
147 | if (ip == NULL) return LDAP_ERR_PARAM; | ||
148 | if (!(l->status & LDAP_INIT_S)) return LDAP_ERR_INIT; /* Not initalized */ | ||
149 | @@ -831,183 +886,22 @@ ConvertIP(edui_ldap_t *l, char *ip) | ||
150 | l->status |= (LDAP_IPV4_S); | ||
151 | z = NULL; | ||
152 | } | ||
153 | - s = strlen(ip); | ||
154 | - *(bufa) = '\0'; | ||
155 | - *(bufb) = '\0'; | ||
156 | - *(obj) = '\0'; | ||
157 | - /* StringSplit() will zero out bufa & obj at each call */ | ||
158 | - memset(l->search_ip, '\0', sizeof(l->search_ip)); | ||
159 | - xstrncpy(bufa, ip, sizeof(bufa)); /* To avoid segfaults, use bufa instead of ip */ | ||
160 | - swi = 0; | ||
161 | - if (l->status & LDAP_IPV6_S) { | ||
162 | - /* Search for :: in string */ | ||
163 | - if ((bufa[0] == ':') && (bufa[1] == ':')) { | ||
164 | - /* bufa starts with a ::, so just copy and clear */ | ||
165 | - xstrncpy(bufb, bufa, sizeof(bufb)); | ||
166 | - *(bufa) = '\0'; | ||
167 | - ++swi; /* Indicates that there is a bufb */ | ||
168 | - } else if ((bufa[0] == ':') && (bufa[1] != ':')) { | ||
169 | - /* bufa starts with a :, a typo so just fill in a ':', cat and clear */ | ||
170 | - bufb[0] = ':'; | ||
171 | - strncat(bufb, bufa, strlen(bufa)); | ||
172 | - *(bufa) = '\0'; | ||
173 | - ++swi; /* Indicates that there is a bufb */ | ||
174 | - } else { | ||
175 | - p = strstr(bufa, "::"); | ||
176 | - if (p != NULL) { | ||
177 | - /* Found it, break bufa down and split into bufb here */ | ||
178 | - *(bufb) = '\0'; | ||
179 | - i = strlen(p); | ||
180 | - memcpy(bufb, p, i); | ||
181 | - *p = '\0'; | ||
182 | - bufb[i] = '\0'; | ||
183 | - ++swi; /* Indicates that there is a bufb */ | ||
184 | - } | ||
185 | - } | ||
186 | - } | ||
187 | - s = strlen(bufa); | ||
188 | - if (s < 1) | ||
189 | - s = strlen(bufb); | ||
190 | - while (s > 0) { | ||
191 | - if ((l->status & LDAP_IPV4_S) && (swi == 0)) { | ||
192 | - /* Break down IPv4 address */ | ||
193 | - t = StringSplit(bufa, '.', obj, sizeof(obj)); | ||
194 | - if (t > 0) { | ||
195 | - errno = 0; | ||
196 | - x = strtol(obj, (char **)NULL, 10); | ||
197 | - if (((x < 0) || (x > 255)) || ((errno != 0) && (x == 0)) || ((obj[0] != '0') && (x == 0))) | ||
198 | - return LDAP_ERR_OOB; /* Out of bounds -- Invalid address */ | ||
199 | - memset(hexc, '\0', sizeof(hexc)); | ||
200 | - int hlen = snprintf(hexc, sizeof(hexc), "%02X", (int)x); | ||
201 | - strncat(l->search_ip, hexc, hlen); | ||
202 | - } else | ||
203 | - break; /* reached end of octet */ | ||
204 | - } else if (l->status & LDAP_IPV6_S) { | ||
205 | - /* Break down IPv6 address */ | ||
206 | - if (swi > 1) | ||
207 | - t = StringSplit(bufb, ':', obj, sizeof(obj)); /* After "::" */ | ||
208 | - else | ||
209 | - t = StringSplit(bufa, ':', obj, sizeof(obj)); /* Before "::" */ | ||
210 | - /* Convert octet by size (t) - and fill 0's */ | ||
211 | - switch (t) { /* IPv6 is already in HEX, copy contents */ | ||
212 | - case 4: | ||
213 | - hexc[0] = (char) toupper((int)obj[0]); | ||
214 | - i = (int)hexc[0]; | ||
215 | - if (!isxdigit(i)) | ||
216 | - return LDAP_ERR_OOB; /* Out of bounds */ | ||
217 | - hexc[1] = (char) toupper((int)obj[1]); | ||
218 | - i = (int)hexc[1]; | ||
219 | - if (!isxdigit(i)) | ||
220 | - return LDAP_ERR_OOB; /* Out of bounds */ | ||
221 | - hexc[2] = '\0'; | ||
222 | - strncat(l->search_ip, hexc, 2); | ||
223 | - hexc[0] = (char) toupper((int)obj[2]); | ||
224 | - i = (int)hexc[0]; | ||
225 | - if (!isxdigit(i)) | ||
226 | - return LDAP_ERR_OOB; /* Out of bounds */ | ||
227 | - hexc[1] = (char) toupper((int)obj[3]); | ||
228 | - i = (int)hexc[1]; | ||
229 | - if (!isxdigit(i)) | ||
230 | - return LDAP_ERR_OOB; /* Out of bounds */ | ||
231 | - hexc[2] = '\0'; | ||
232 | - strncat(l->search_ip, hexc, 2); | ||
233 | - break; | ||
234 | - case 3: | ||
235 | - hexc[0] = '0'; | ||
236 | - hexc[1] = (char) toupper((int)obj[0]); | ||
237 | - i = (int)hexc[1]; | ||
238 | - if (!isxdigit(i)) | ||
239 | - return LDAP_ERR_OOB; /* Out of bounds */ | ||
240 | - hexc[2] = '\0'; | ||
241 | - strncat(l->search_ip, hexc, 2); | ||
242 | - hexc[0] = (char) toupper((int)obj[1]); | ||
243 | - i = (int)hexc[0]; | ||
244 | - if (!isxdigit(i)) | ||
245 | - return LDAP_ERR_OOB; /* Out of bounds */ | ||
246 | - hexc[1] = (char) toupper((int)obj[2]); | ||
247 | - i = (int)hexc[1]; | ||
248 | - if (!isxdigit(i)) | ||
249 | - return LDAP_ERR_OOB; /* Out of bounds */ | ||
250 | - hexc[2] = '\0'; | ||
251 | - strncat(l->search_ip, hexc, 2); | ||
252 | - break; | ||
253 | - case 2: | ||
254 | - strncat(l->search_ip, "00", 2); | ||
255 | - hexc[0] = (char) toupper((int)obj[0]); | ||
256 | - i = (int)hexc[0]; | ||
257 | - if (!isxdigit(i)) | ||
258 | - return LDAP_ERR_OOB; /* Out of bounds */ | ||
259 | - hexc[1] = (char) toupper((int)obj[1]); | ||
260 | - i = (int)hexc[1]; | ||
261 | - if (!isxdigit(i)) | ||
262 | - return LDAP_ERR_OOB; /* Out of bounds */ | ||
263 | - hexc[2] = '\0'; | ||
264 | - strncat(l->search_ip, hexc, 2); | ||
265 | - break; | ||
266 | - case 1: | ||
267 | - strncat(l->search_ip, "00", 2); | ||
268 | - hexc[0] = '0'; | ||
269 | - hexc[1] = (char) toupper((int)obj[0]); | ||
270 | - i = (int)hexc[1]; | ||
271 | - if (!isxdigit(i)) | ||
272 | - return LDAP_ERR_OOB; /* Out of bounds */ | ||
273 | - hexc[2] = '\0'; | ||
274 | - strncat(l->search_ip, hexc, 2); | ||
275 | - break; | ||
276 | - default: | ||
277 | - if (t > 4) | ||
278 | - return LDAP_ERR_OOB; | ||
279 | - break; | ||
280 | - } | ||
281 | - /* Code to pad the address with 0's between a '::' */ | ||
282 | - if ((strlen(bufa) == 0) && (swi == 1)) { | ||
283 | - /* We are *AT* the split, pad in some 0000 */ | ||
284 | - t = strlen(bufb); | ||
285 | - /* How many ':' exist in bufb ? */ | ||
286 | - j = 0; | ||
287 | - for (i = 0; i < t; ++i) { | ||
288 | - if (bufb[i] == ':') | ||
289 | - ++j; | ||
290 | - } | ||
291 | - --j; /* Preceding "::" doesn't count */ | ||
292 | - t = 8 - (strlen(l->search_ip) / 4) - j; /* Remainder */ | ||
293 | - if (t > 0) { | ||
294 | - for (i = 0; i < t; ++i) | ||
295 | - strncat(l->search_ip, "0000", 4); | ||
296 | - } | ||
297 | - } | ||
298 | - } | ||
299 | - if ((bufa[0] == '\0') && (swi > 0)) { | ||
300 | - s = strlen(bufb); | ||
301 | - ++swi; | ||
302 | - } else | ||
303 | - s = strlen(bufa); | ||
304 | - } | ||
305 | - s = strlen(l->search_ip); | ||
306 | |||
307 | - /* CHECK sizes of address, truncate or pad */ | ||
308 | - /* if "::" is at end of ip, then pad another block or two */ | ||
309 | - while ((l->status & LDAP_IPV6_S) && (s < 32)) { | ||
310 | - strncat(l->search_ip, "0000", 4); | ||
311 | - s = strlen(l->search_ip); | ||
312 | - } | ||
313 | - if ((l->status & LDAP_IPV6_S) && (s > 32)) { | ||
314 | - /* Too long, truncate */ | ||
315 | - l->search_ip[32] = '\0'; | ||
316 | - s = strlen(l->search_ip); | ||
317 | - } | ||
318 | - /* If at end of ip, and its not long enough, then pad another block or two */ | ||
319 | - while ((l->status & LDAP_IPV4_S) && (s < 8)) { | ||
320 | - strncat(l->search_ip, "00", 2); | ||
321 | - s = strlen(l->search_ip); | ||
322 | - } | ||
323 | - if ((l->status & LDAP_IPV4_S) && (s > 8)) { | ||
324 | - /* Too long, truncate */ | ||
325 | - l->search_ip[8] = '\0'; | ||
326 | - s = strlen(l->search_ip); | ||
327 | + size_t s = LDAP_ERR_INVALID; | ||
328 | + if (struct addrinfo *dst = makeIpBinary(ip)) { | ||
329 | + if (dst->ai_family == AF_INET6) { | ||
330 | + struct sockaddr_in6 *sia = reinterpret_cast<struct sockaddr_in6 *>(dst->ai_addr); | ||
331 | + const char *ia = reinterpret_cast<const char *>(sia->sin6_addr.s6_addr); | ||
332 | + s = makeHexString(l->search_ip, sizeof(l->search_ip), ia, 16); // IPv6 = 16-byte address | ||
333 | + | ||
334 | + } else if (dst->ai_family == AF_INET) { | ||
335 | + struct sockaddr_in *sia = reinterpret_cast<struct sockaddr_in *>(dst->ai_addr); | ||
336 | + const char *ia = reinterpret_cast<const char *>(&(sia->sin_addr)); | ||
337 | + s = makeHexString(l->search_ip, sizeof(l->search_ip), ia, 4); // IPv4 = 4-byte address | ||
338 | + } // else leave s with LDAP_ERR_INVALID value | ||
339 | + freeaddrinfo(dst); | ||
340 | } | ||
341 | |||
342 | - /* Completed, s is length of address in HEX */ | ||
343 | return s; | ||
344 | } | ||
345 | |||
346 | @@ -1099,48 +993,42 @@ SearchFilterLDAP(edui_ldap_t *l, char *group) | ||
347 | } | ||
348 | if (group == NULL) { | ||
349 | /* No groupMembership= to add, yay! */ | ||
350 | - xstrncpy(bufa, "(&", sizeof(bufa)); | ||
351 | - strncat(bufa, edui_conf.search_filter, strlen(edui_conf.search_filter)); | ||
352 | /* networkAddress */ | ||
353 | - snprintf(bufb, sizeof(bufb), "(|(networkAddress=1\\23%s)", bufc); | ||
354 | if (l->status & LDAP_IPV4_S) { | ||
355 | - int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=8\\23\\00\\00%s)(networkAddress=9\\23\\00\\00%s))", \ | ||
356 | - bufc, bufc); | ||
357 | - strncat(bufb, bufd, ln); | ||
358 | + const int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=8\\23\\00\\00%s)(networkAddress=9\\23\\00\\00%s)", bufc, bufc); | ||
359 | + if (ln < 0 || static_cast<size_t>(ln) >= sizeof(bufd)) | ||
360 | + return LDAP_ERR_OOB; | ||
361 | + | ||
362 | } else if (l->status & LDAP_IPV6_S) { | ||
363 | - int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=10\\23\\00\\00%s)(networkAddress=11\\23\\00\\00%s))", \ | ||
364 | - bufc, bufc); | ||
365 | - strncat(bufb, bufd, ln); | ||
366 | - } else | ||
367 | - strncat(bufb, ")", 1); | ||
368 | - strncat(bufa, bufb, strlen(bufb)); | ||
369 | - strncat(bufa, ")", 1); | ||
370 | + const int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=10\\23\\00\\00%s)(networkAddress=11\\23\\00\\00%s)", bufc, bufc); | ||
371 | + if (ln < 0 || static_cast<size_t>(ln) >= sizeof(bufd)) | ||
372 | + return LDAP_ERR_OOB; | ||
373 | + } | ||
374 | + const int x = snprintf(bufa, sizeof(bufa), "(&%s(|(networkAddress=1\\23%s)%s))", edui_conf.search_filter, bufc, bufd); | ||
375 | + if (x < 0 || static_cast<size_t>(x) >= sizeof(bufa)) | ||
376 | + return LDAP_ERR_OOB; | ||
377 | + | ||
378 | } else { | ||
379 | /* Needs groupMembership= to add... */ | ||
380 | - xstrncpy(bufa, "(&(&", sizeof(bufa)); | ||
381 | - strncat(bufa, edui_conf.search_filter, strlen(edui_conf.search_filter)); | ||
382 | /* groupMembership -- NOTE: Squid *MUST* provide "cn=" from squid.conf */ | ||
383 | - snprintf(bufg, sizeof(bufg), "(groupMembership=%s", group); | ||
384 | if ((l->basedn[0] != '\0') && (strstr(group, l->basedn) == NULL)) { | ||
385 | - strncat(bufg, ",", 1); | ||
386 | - strncat(bufg, l->basedn, strlen(l->basedn)); | ||
387 | + const int ln = snprintf(bufg, sizeof(bufg), ",%s", l->basedn); | ||
388 | + if (ln < 0 || static_cast<size_t>(ln) >= sizeof(bufd)) | ||
389 | + return LDAP_ERR_OOB; | ||
390 | } | ||
391 | - strncat(bufg, ")", 1); | ||
392 | - strncat(bufa, bufg, strlen(bufg)); | ||
393 | /* networkAddress */ | ||
394 | - snprintf(bufb, sizeof(bufb), "(|(networkAddress=1\\23%s)", bufc); | ||
395 | if (l->status & LDAP_IPV4_S) { | ||
396 | - int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=8\\23\\00\\00%s)(networkAddress=9\\23\\00\\00%s))", \ | ||
397 | - bufc, bufc); | ||
398 | - strncat(bufb, bufd, ln); | ||
399 | + const int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=8\\23\\00\\00%s)(networkAddress=9\\23\\00\\00%s)", bufc, bufc); | ||
400 | + if (ln < 0 || static_cast<size_t>(ln) >= sizeof(bufd)) | ||
401 | + return LDAP_ERR_OOB; | ||
402 | } else if (l->status & LDAP_IPV6_S) { | ||
403 | - int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=10\\23\\00\\00%s)(networkAddress=11\\23\\00\\00%s))", \ | ||
404 | - bufc, bufc); | ||
405 | - strncat(bufb, bufd, ln); | ||
406 | - } else | ||
407 | - strncat(bufb, ")", 1); | ||
408 | - strncat(bufa, bufb, strlen(bufb)); | ||
409 | - strncat(bufa, "))", 2); | ||
410 | + const int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=10\\23\\00\\00%s)(networkAddress=11\\23\\00\\00%s)", bufc, bufc); | ||
411 | + if (ln < 0 || static_cast<size_t>(ln) >= sizeof(bufd)) | ||
412 | + return LDAP_ERR_OOB; | ||
413 | + } | ||
414 | + const int x = snprintf(bufa, sizeof(bufa), "(&(&%s(groupMembership=%s%s)(|(networkAddress=1\\23%s)%s)))", edui_conf.search_filter, group, bufg, bufc, bufd); | ||
415 | + if (x < 0 || static_cast<size_t>(x) >= sizeof(bufa)) | ||
416 | + return LDAP_ERR_OOB; | ||
417 | } | ||
418 | s = strlen(bufa); | ||
419 | xstrncpy(l->search_filter, bufa, sizeof(l->search_filter)); | ||
420 | @@ -1212,10 +1100,10 @@ static int | ||
421 | SearchIPLDAP(edui_ldap_t *l) | ||
422 | { | ||
423 | ber_len_t i, x; | ||
424 | - ber_len_t j, k; | ||
425 | - ber_len_t y, z; | ||
426 | - int c; | ||
427 | - char bufa[EDUI_MAXLEN], bufb[EDUI_MAXLEN], hexc[4]; | ||
428 | + ber_len_t j; | ||
429 | + ber_len_t z; | ||
430 | + char bufa[EDUI_MAXLEN]; | ||
431 | + char bufb[EDUI_MAXLEN]; | ||
432 | LDAPMessage *ent; | ||
433 | if (l == NULL) return LDAP_ERR_NULL; | ||
434 | if (l->lp == NULL) return LDAP_ERR_POINTER; | ||
435 | @@ -1273,19 +1161,11 @@ SearchIPLDAP(edui_ldap_t *l) | ||
436 | /* bufa is the address, just compare it */ | ||
437 | if (!(l->status & LDAP_IPV4_S) || (l->status & LDAP_IPV6_S)) | ||
438 | break; /* Not looking for IPv4 */ | ||
439 | - for (k = 0; k < z; ++k) { | ||
440 | - c = (int) bufa[k]; | ||
441 | - if (c < 0) | ||
442 | - c = c + 256; | ||
443 | - int hlen = snprintf(hexc, sizeof(hexc), "%02X", c); | ||
444 | - if (k == 0) | ||
445 | - xstrncpy(bufb, hexc, sizeof(bufb)); | ||
446 | - else | ||
447 | - strncat(bufb, hexc, hlen); | ||
448 | - } | ||
449 | - y = strlen(bufb); | ||
450 | + const int blen = makeHexString(bufb, sizeof(bufb), bufa, z); | ||
451 | + if (blen < 0) | ||
452 | + return blen; | ||
453 | /* Compare value with IP */ | ||
454 | - if (memcmp(l->search_ip, bufb, y) == 0) { | ||
455 | + if (memcmp(l->search_ip, bufb, blen) == 0) { | ||
456 | /* We got a match! - Scan 'ber' for 'cn' values */ | ||
457 | z = ldap_count_values_len(ber); | ||
458 | for (j = 0; j < z; ++j) { | ||
459 | @@ -1308,19 +1188,11 @@ SearchIPLDAP(edui_ldap_t *l) | ||
460 | /* bufa + 2 is the address (skip 2 digit port) */ | ||
461 | if (!(l->status & LDAP_IPV4_S) || (l->status & LDAP_IPV6_S)) | ||
462 | break; /* Not looking for IPv4 */ | ||
463 | - for (k = 2; k < z; ++k) { | ||
464 | - c = (int) bufa[k]; | ||
465 | - if (c < 0) | ||
466 | - c = c + 256; | ||
467 | - int hlen = snprintf(hexc, sizeof(hexc), "%02X", c); | ||
468 | - if (k == 2) | ||
469 | - xstrncpy(bufb, hexc, sizeof(bufb)); | ||
470 | - else | ||
471 | - strncat(bufb, hexc, hlen); | ||
472 | - } | ||
473 | - y = strlen(bufb); | ||
474 | + const int blen = makeHexString(bufb, sizeof(bufb), &bufa[2], z); | ||
475 | + if (blen < 0) | ||
476 | + return blen; | ||
477 | /* Compare value with IP */ | ||
478 | - if (memcmp(l->search_ip, bufb, y) == 0) { | ||
479 | + if (memcmp(l->search_ip, bufb, blen) == 0) { | ||
480 | /* We got a match! - Scan 'ber' for 'cn' values */ | ||
481 | z = ldap_count_values_len(ber); | ||
482 | for (j = 0; j < z; ++j) { | ||
483 | @@ -1343,19 +1215,11 @@ SearchIPLDAP(edui_ldap_t *l) | ||
484 | /* bufa + 2 is the address (skip 2 digit port) */ | ||
485 | if (!(l->status & LDAP_IPV6_S)) | ||
486 | break; /* Not looking for IPv6 */ | ||
487 | - for (k = 2; k < z; ++k) { | ||
488 | - c = (int) bufa[k]; | ||
489 | - if (c < 0) | ||
490 | - c = c + 256; | ||
491 | - int hlen = snprintf(hexc, sizeof(hexc), "%02X", c); | ||
492 | - if (k == 2) | ||
493 | - xstrncpy(bufb, hexc, sizeof(bufb)); | ||
494 | - else | ||
495 | - strncat(bufb, hexc, hlen); | ||
496 | - } | ||
497 | - y = strlen(bufb); | ||
498 | + const int blen = makeHexString(bufb, sizeof(bufb), &bufa[2], z); | ||
499 | + if (blen < 0) | ||
500 | + return blen; | ||
501 | /* Compare value with IP */ | ||
502 | - if (memcmp(l->search_ip, bufb, y) == 0) { | ||
503 | + if (memcmp(l->search_ip, bufb, blen) == 0) { | ||
504 | /* We got a match! - Scan 'ber' for 'cn' values */ | ||
505 | z = ldap_count_values_len(ber); | ||
506 | for (j = 0; j < z; ++j) { | ||
diff --git a/meta-networking/recipes-daemons/squid/files/0001-splay.cc-fix-bind-is-not-a-member-of-std.patch b/meta-networking/recipes-daemons/squid/files/0001-splay.cc-fix-bind-is-not-a-member-of-std.patch new file mode 100644 index 000000000..fbbad1597 --- /dev/null +++ b/meta-networking/recipes-daemons/squid/files/0001-splay.cc-fix-bind-is-not-a-member-of-std.patch | |||
@@ -0,0 +1,31 @@ | |||
1 | From 1def5b4278d97f197520d23c1dce52f93a1b2f46 Mon Sep 17 00:00:00 2001 | ||
2 | From: Andrej Valek <andrej.valek@siemens.com> | ||
3 | Date: Tue, 9 Apr 2019 09:40:30 +0200 | ||
4 | Subject: [PATCH] splay.cc: fix bind is not a member of std | ||
5 | |||
6 | fix | ||
7 | | ../../squid-4.6/test-suite/splay.cc:134:28: error: 'bind' is not a member of 'std' | ||
8 | | auto nextRandom = std::bind (distribution, generator); | ||
9 | | ^~~~ | ||
10 | | ../../squid-4.6/test-suite/splay.cc:134:28: note: 'std::bind' is defined in header '<functional>'; did you forget to '#include <functional>'? | ||
11 | |||
12 | Signed-off-by: Andrej Valek <andrej.valek@siemens.com> | ||
13 | --- | ||
14 | test-suite/splay.cc | 1 + | ||
15 | 1 file changed, 1 insertion(+) | ||
16 | |||
17 | diff --git a/test-suite/splay.cc b/test-suite/splay.cc | ||
18 | index f71b337..4e21adc 100644 | ||
19 | --- a/test-suite/splay.cc | ||
20 | +++ b/test-suite/splay.cc | ||
21 | @@ -20,6 +20,7 @@ | ||
22 | #include <unistd.h> | ||
23 | #endif | ||
24 | #include <random> | ||
25 | +#include <functional> | ||
26 | |||
27 | class intnode | ||
28 | { | ||
29 | -- | ||
30 | 2.11.0 | ||
31 | |||
diff --git a/meta-networking/recipes-daemons/squid/files/0001-tools.cc-fixed-unused-result-warning.patch b/meta-networking/recipes-daemons/squid/files/0001-tools.cc-fixed-unused-result-warning.patch index 8ea55d0e1..f267875ed 100644 --- a/meta-networking/recipes-daemons/squid/files/0001-tools.cc-fixed-unused-result-warning.patch +++ b/meta-networking/recipes-daemons/squid/files/0001-tools.cc-fixed-unused-result-warning.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From faaa796a138cbd5033b1e53f33faac0cf4162bf5 Mon Sep 17 00:00:00 2001 | 1 | From 86dae8010310d13bd2a2beb006b4085d06ae1556 Mon Sep 17 00:00:00 2001 |
2 | From: Khem Raj <raj.khem@gmail.com> | 2 | From: Khem Raj <raj.khem@gmail.com> |
3 | Date: Sun, 25 Jun 2017 00:59:24 -0700 | 3 | Date: Sun, 25 Jun 2017 00:59:24 -0700 |
4 | Subject: [PATCH] tools.cc: fixed unused-result warning | 4 | Subject: [PATCH] tools.cc: fixed unused-result warning |
@@ -12,21 +12,23 @@ fix | |||
12 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | 12 | Signed-off-by: Khem Raj <raj.khem@gmail.com> |
13 | 13 | ||
14 | --- | 14 | --- |
15 | src/tools.cc | 4 ++-- | 15 | src/tools.cc | 5 +++-- |
16 | 1 file changed, 2 insertions(+), 2 deletions(-) | 16 | 1 file changed, 3 insertions(+), 2 deletions(-) |
17 | 17 | ||
18 | diff --git a/src/tools.cc b/src/tools.cc | 18 | diff --git a/src/tools.cc b/src/tools.cc |
19 | index 8137a03..843e266 100644 | 19 | index 5829574..19f0836 100644 |
20 | --- a/src/tools.cc | 20 | --- a/src/tools.cc |
21 | +++ b/src/tools.cc | 21 | +++ b/src/tools.cc |
22 | @@ -612,8 +612,8 @@ enter_suid(void) | 22 | @@ -581,8 +581,10 @@ enter_suid(void) |
23 | if (setresuid((uid_t)-1, 0, (uid_t)-1) < 0) | 23 | debugs (21, 3, "enter_suid: setresuid failed: " << xstrerr(xerrno)); |
24 | debugs (21, 3, "enter_suid: setresuid failed: " << xstrerror ()); | 24 | } |
25 | #else | 25 | #else |
26 | - | 26 | - |
27 | - setuid(0); | 27 | - setuid(0); |
28 | + if (setuid(0) < 0) | 28 | + if (setuid(0) < 0) { |
29 | + debugs(50, DBG_IMPORTANT, "WARNING: no_suid: setuid(0): " << xstrerror()); | 29 | + const auto xerrno = errno; |
30 | + debugs(50, DBG_IMPORTANT, "WARNING: no_suid: setuid(0): " << xstrerr(xerrno)); | ||
31 | + } | ||
30 | #endif | 32 | #endif |
31 | #if HAVE_PRCTL && defined(PR_SET_DUMPABLE) | 33 | #if HAVE_PRCTL && defined(PR_SET_DUMPABLE) |
32 | /* Set Linux DUMPABLE flag */ | 34 | /* Set Linux DUMPABLE flag */ |
diff --git a/meta-networking/recipes-daemons/squid/files/0002-smblib-fix-buffer-over-read.patch b/meta-networking/recipes-daemons/squid/files/0002-smblib-fix-buffer-over-read.patch deleted file mode 100644 index c8f0c47bd..000000000 --- a/meta-networking/recipes-daemons/squid/files/0002-smblib-fix-buffer-over-read.patch +++ /dev/null | |||
@@ -1,39 +0,0 @@ | |||
1 | From a6b1e0fd14311587186e40d09bff5c8c3aada2e4 Mon Sep 17 00:00:00 2001 | ||
2 | From: Amos Jeffries <squid3@treenet.co.nz> | ||
3 | Date: Sat, 25 Jul 2015 05:53:16 -0700 | ||
4 | Subject: [PATCH] smblib: fix buffer over-read | ||
5 | |||
6 | When parsing SMB LanManager packets with invalid protocol ID and the | ||
7 | default set of Squid supported protocols. It may access memory outside | ||
8 | the buffer storing protocol names. | ||
9 | |||
10 | smblib is only used by already deprecated helpers which are deprecated | ||
11 | due to far more significant NTLM protocol issues. It will also only | ||
12 | result in packets being rejected later with invalid protocol names. So | ||
13 | this is a minor bug rather than a vulnerability. | ||
14 | |||
15 | Detected by Coverity Scan. Issue 1256165 | ||
16 | --- | ||
17 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
18 | Upstream-Status: Backport | ||
19 | |||
20 | lib/smblib/smblib-util.c | 6 +++++- | ||
21 | 1 file changed, 5 insertions(+), 1 deletion(-) | ||
22 | |||
23 | diff --git a/lib/smblib/smblib-util.c b/lib/smblib/smblib-util.c | ||
24 | index 6139ae2..e722cbb 100644 | ||
25 | --- a/lib/smblib/smblib-util.c | ||
26 | +++ b/lib/smblib/smblib-util.c | ||
27 | @@ -204,7 +204,11 @@ int SMB_Figure_Protocol(const char *dialects[], int prot_index) | ||
28 | { | ||
29 | int i; | ||
30 | |||
31 | - if (dialects == SMB_Prots) { /* The jobs is easy, just index into table */ | ||
32 | + // prot_index may be a value outside the table SMB_Types[] | ||
33 | + // which holds data at offsets 0 to 11 | ||
34 | + int ourType = (prot_index < 0 || prot_index > 11); | ||
35 | + | ||
36 | + if (ourType && dialects == SMB_Prots) { /* The jobs is easy, just index into table */ | ||
37 | |||
38 | return(SMB_Types[prot_index]); | ||
39 | } else { /* Search through SMB_Prots looking for a match */ | ||
diff --git a/meta-networking/recipes-daemons/squid/files/Fix-flawed-dynamic-ldb-link-test-in-configure.patch b/meta-networking/recipes-daemons/squid/files/Fix-flawed-dynamic-ldb-link-test-in-configure.patch index 25f68aff8..1516bb014 100644 --- a/meta-networking/recipes-daemons/squid/files/Fix-flawed-dynamic-ldb-link-test-in-configure.patch +++ b/meta-networking/recipes-daemons/squid/files/Fix-flawed-dynamic-ldb-link-test-in-configure.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From b4943594654cd340b95aabdc2f3750a4705cc0de Mon Sep 17 00:00:00 2001 | 1 | From b73b802282bf95d214c86ba943c5765ba6930bc1 Mon Sep 17 00:00:00 2001 |
2 | From: Jim Somerville <Jim.Somerville@windriver.com> | 2 | From: Jim Somerville <Jim.Somerville@windriver.com> |
3 | Date: Mon, 21 Oct 2013 12:50:44 -0400 | 3 | Date: Mon, 21 Oct 2013 12:50:44 -0400 |
4 | Subject: [PATCH] Fix flawed dynamic -ldb link test in configure | 4 | Subject: [PATCH] Fix flawed dynamic -ldb link test in configure |
@@ -12,19 +12,17 @@ about why and setting the need for -ldb incorrectly. | |||
12 | Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com> | 12 | Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com> |
13 | 13 | ||
14 | --- | 14 | --- |
15 | configure.ac | 12 ++++++++++-- | 15 | configure.ac | 10 ++++++++++ |
16 | 1 file changed, 10 insertions(+), 2 deletions(-) | 16 | 1 file changed, 10 insertions(+) |
17 | 17 | ||
18 | diff --git a/configure.ac b/configure.ac | 18 | diff --git a/configure.ac b/configure.ac |
19 | index 57cd1ac..3827222 100644 | 19 | index d2f7feb..c7ae568 100644 |
20 | --- a/configure.ac | 20 | --- a/configure.ac |
21 | +++ b/configure.ac | 21 | +++ b/configure.ac |
22 | @@ -3229,8 +3229,16 @@ AC_CHECK_DECL(dbopen,,,[ | 22 | @@ -3235,6 +3235,16 @@ case "$host" in |
23 | #include <db.h> | 23 | ;; |
24 | #endif]) | 24 | esac |
25 | 25 | ||
26 | -dnl 1.85 | ||
27 | -SQUID_CHECK_DBOPEN_NEEDS_LIBDB | ||
28 | +if test "x$ac_cv_have_decl_dbopen" = "xyes"; then | 26 | +if test "x$ac_cv_have_decl_dbopen" = "xyes"; then |
29 | + dnl 1.85 | 27 | + dnl 1.85 |
30 | + SQUID_CHECK_DBOPEN_NEEDS_LIBDB | 28 | + SQUID_CHECK_DBOPEN_NEEDS_LIBDB |
@@ -35,6 +33,6 @@ index 57cd1ac..3827222 100644 | |||
35 | + # dynamic compile/link test. | 33 | + # dynamic compile/link test. |
36 | + ac_cv_dbopen_libdb="yes" | 34 | + ac_cv_dbopen_libdb="yes" |
37 | +fi | 35 | +fi |
38 | if test "x$ac_cv_dbopen_libdb" = "xyes"; then | 36 | dnl System-specific library modifications |
39 | LIB_DB="-ldb" | 37 | dnl |
40 | fi | 38 | case "$host" in |
diff --git a/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch b/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch index 6a3352548..dd83b62e6 100644 --- a/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch +++ b/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From a85311965707ba2fa78f7ce044e6f61e65e66fd0 Mon Sep 17 00:00:00 2001 | 1 | From e4778299a3e49a634d2c7fe4fd9ac77777e829e3 Mon Sep 17 00:00:00 2001 |
2 | From: Jim Somerville <Jim.Somerville@windriver.com> | 2 | From: Jim Somerville <Jim.Somerville@windriver.com> |
3 | Date: Tue, 14 Oct 2014 02:56:08 -0400 | 3 | Date: Tue, 14 Oct 2014 02:56:08 -0400 |
4 | Subject: [PATCH] Skip AC_RUN_IFELSE tests | 4 | Subject: [PATCH] Skip AC_RUN_IFELSE tests |
@@ -17,7 +17,7 @@ Signed-off-by: Jackie Huang <jackie.huang@windriver.com> | |||
17 | 2 files changed, 15 insertions(+), 3 deletions(-) | 17 | 2 files changed, 15 insertions(+), 3 deletions(-) |
18 | 18 | ||
19 | diff --git a/acinclude/krb5.m4 b/acinclude/krb5.m4 | 19 | diff --git a/acinclude/krb5.m4 b/acinclude/krb5.m4 |
20 | index 5c83d88..c264118 100644 | 20 | index ad0ba60..4477446 100644 |
21 | --- a/acinclude/krb5.m4 | 21 | --- a/acinclude/krb5.m4 |
22 | +++ b/acinclude/krb5.m4 | 22 | +++ b/acinclude/krb5.m4 |
23 | @@ -61,7 +61,15 @@ main(void) | 23 | @@ -61,7 +61,15 @@ main(void) |
@@ -38,10 +38,10 @@ index 5c83d88..c264118 100644 | |||
38 | ]) | 38 | ]) |
39 | ]) dnl SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H | 39 | ]) dnl SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H |
40 | diff --git a/acinclude/lib-checks.m4 b/acinclude/lib-checks.m4 | 40 | diff --git a/acinclude/lib-checks.m4 b/acinclude/lib-checks.m4 |
41 | index c4874da..ba72982 100644 | 41 | index 7624b56..b449c5a 100644 |
42 | --- a/acinclude/lib-checks.m4 | 42 | --- a/acinclude/lib-checks.m4 |
43 | +++ b/acinclude/lib-checks.m4 | 43 | +++ b/acinclude/lib-checks.m4 |
44 | @@ -177,7 +177,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[ | 44 | @@ -217,7 +217,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[ |
45 | [ | 45 | [ |
46 | AC_MSG_RESULT([no]) | 46 | AC_MSG_RESULT([no]) |
47 | ], | 47 | ], |
@@ -51,8 +51,8 @@ index c4874da..ba72982 100644 | |||
51 | + ]) | 51 | + ]) |
52 | 52 | ||
53 | SQUID_STATE_ROLLBACK(check_const_SSL_METHOD) | 53 | SQUID_STATE_ROLLBACK(check_const_SSL_METHOD) |
54 | ] | 54 | ]) |
55 | @@ -265,7 +267,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[ | 55 | @@ -377,7 +379,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[ |
56 | AC_MSG_RESULT([yes]) | 56 | AC_MSG_RESULT([yes]) |
57 | AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1) | 57 | AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1) |
58 | ], | 58 | ], |
diff --git a/meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch b/meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch index e990480a6..124e04490 100644 --- a/meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch +++ b/meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch | |||
@@ -17,25 +17,25 @@ diff --git a/configure.ac b/configure.ac | |||
17 | index 504a844..ff4688c 100644 | 17 | index 504a844..ff4688c 100644 |
18 | --- a/configure.ac | 18 | --- a/configure.ac |
19 | +++ b/configure.ac | 19 | +++ b/configure.ac |
20 | @@ -974,15 +974,15 @@ if test "x$squid_opt_use_esi" = "xyes" -a "x$with_libxml2" != "xno" ; then | 20 | @@ -931,15 +931,15 @@ if test "x$squid_opt_use_esi" = "xyes" -a "x$with_libxml2" != "xno" ; then |
21 | dnl Find the main header and include path... | 21 | dnl Find the main header and include path... |
22 | AC_CACHE_CHECK([location of libxml2 include files], [ac_cv_libxml2_include], [ | 22 | AC_CACHE_CHECK([location of libxml2 include files], [ac_cv_libxml2_include], [ |
23 | AC_CHECK_HEADERS([libxml/parser.h], [], [ | 23 | AC_CHECK_HEADERS([libxml/parser.h], [], [ |
24 | - AC_MSG_NOTICE([Testing in /usr/include/libxml2]) | 24 | - AC_MSG_NOTICE([Testing in /usr/include/libxml2]) |
25 | + AC_MSG_NOTICE([Testing in $SYSROOT/usr/include/libxml2]) | 25 | + AC_MSG_NOTICE([Testing in $SYSROOT/usr/include/libxml2]) |
26 | SAVED_CPPFLAGS="$CPPFLAGS" | 26 | SAVED_CPPFLAGS="$CPPFLAGS" |
27 | - CPPFLAGS="-I/usr/include/libxml2 $CPPFLAGS" | 27 | - CPPFLAGS="-I/usr/include/libxml2 $CPPFLAGS" |
28 | + CPPFLAGS="-I$SYSROOT/usr/include/libxml2 $CPPFLAGS" | 28 | + CPPFLAGS="-I$SYSROOT/usr/include/libxml2 $CPPFLAGS" |
29 | unset ac_cv_header_libxml_parser_h | ||
30 | - AC_CHECK_HEADERS([libxml/parser.h], [ac_cv_libxml2_include="-I/usr/include/libxml2"], [ | ||
31 | - AC_MSG_NOTICE([Testing in /usr/local/include/libxml2]) | ||
32 | - CPPFLAGS="-I/usr/local/include/libxml2 $SAVED_CPPFLAGS" | ||
33 | + AC_CHECK_HEADERS([libxml/parser.h], [ac_cv_libxml2_include="-I$SYSROOT/usr/include/libxml2"], [ | ||
34 | + AC_MSG_NOTICE([Testing in $SYSROOT/usr/local/include/libxml2]) | ||
35 | + CPPFLAGS="-I$SYSROOT/usr/local/include/libxml2 $SAVED_CPPFLAGS" | ||
36 | unset ac_cv_header_libxml_parser_h | 29 | unset ac_cv_header_libxml_parser_h |
37 | - AC_CHECK_HEADERS([libxml/parser.h], [ac_cv_libxml2_include="-I/usr/local/include/libxml2"], [ | 30 | - AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I/usr/include/libxml2"], [ |
38 | + AC_CHECK_HEADERS([libxml/parser.h], [ac_cv_libxml2_include="-I$SYSROOT/usr/local/include/libxml2"], [ | 31 | - AC_MSG_NOTICE([Testing in /usr/local/include/libxml2]) |
39 | AC_MSG_NOTICE([Failed to find libxml2 header file libxml/parser.h]) | 32 | - CPPFLAGS="-I/usr/local/include/libxml2 $SAVED_CPPFLAGS" |
33 | + AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I$SYSROOT/usr/include/libxml2"], [ | ||
34 | + AC_MSG_NOTICE([Testing in $SYSROOT/usr/local/include/libxml2]) | ||
35 | + CPPFLAGS="-I$SYSROOT/usr/local/include/libxml2 $SAVED_CPPFLAGS" | ||
36 | unset ac_cv_header_libxml_parser_h | ||
37 | - AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I/usr/local/include/libxml2"], [ | ||
38 | + AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I$SYSROOT/usr/local/include/libxml2"], [ | ||
39 | AC_MSG_NOTICE([Failed to find libxml2 header file libxml/parser.h]) | ||
40 | ]) | ||
40 | ]) | 41 | ]) |
41 | ]) | ||
diff --git a/meta-networking/recipes-daemons/squid/files/squid-use-serial-tests-config-needed-by-ptest.patch b/meta-networking/recipes-daemons/squid/files/squid-use-serial-tests-config-needed-by-ptest.patch index 9c75f17e7..732cf17f7 100644 --- a/meta-networking/recipes-daemons/squid/files/squid-use-serial-tests-config-needed-by-ptest.patch +++ b/meta-networking/recipes-daemons/squid/files/squid-use-serial-tests-config-needed-by-ptest.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 9bcec221a2bb438d8a9ed59aed846ffe3be9cffa Mon Sep 17 00:00:00 2001 | 1 | From 3d881c112bba765731d581194aae95651819b715 Mon Sep 17 00:00:00 2001 |
2 | From: Jackie Huang <jackie.huang@windriver.com> | 2 | From: Jackie Huang <jackie.huang@windriver.com> |
3 | Date: Tue, 19 Jul 2016 01:56:23 -0400 | 3 | Date: Tue, 19 Jul 2016 01:56:23 -0400 |
4 | Subject: [PATCH] squid: use serial-tests config needed by ptest | 4 | Subject: [PATCH] squid: use serial-tests config needed by ptest |
@@ -15,15 +15,15 @@ Signed-off-by: Jackie Huang <jackie.huang@windriver.com> | |||
15 | 1 file changed, 1 insertion(+), 1 deletion(-) | 15 | 1 file changed, 1 insertion(+), 1 deletion(-) |
16 | 16 | ||
17 | diff --git a/configure.ac b/configure.ac | 17 | diff --git a/configure.ac b/configure.ac |
18 | index 3827222..504a844 100644 | 18 | index c7ae568..5e1454e 100644 |
19 | --- a/configure.ac | 19 | --- a/configure.ac |
20 | +++ b/configure.ac | 20 | +++ b/configure.ac |
21 | @@ -10,7 +10,7 @@ AC_PREREQ(2.61) | 21 | @@ -10,7 +10,7 @@ AC_PREREQ(2.61) |
22 | AC_CONFIG_HEADERS([include/autoconf.h]) | 22 | AC_CONFIG_HEADERS([include/autoconf.h]) |
23 | AC_CONFIG_AUX_DIR(cfgaux) | 23 | AC_CONFIG_AUX_DIR(cfgaux) |
24 | AC_CONFIG_SRCDIR([src/main.cc]) | 24 | AC_CONFIG_SRCDIR([src/main.cc]) |
25 | -AM_INIT_AUTOMAKE([tar-ustar nostdinc subdir-objects]) | 25 | -AM_INIT_AUTOMAKE([tar-ustar nostdinc subdir-objects dist-xz]) |
26 | +AM_INIT_AUTOMAKE([tar-ustar nostdinc subdir-objects serial-tests]) | 26 | +AM_INIT_AUTOMAKE([tar-ustar nostdinc subdir-objects dist-xz serial-tests]) |
27 | AC_REVISION($Revision$)dnl | 27 | AC_REVISION($Revision$)dnl |
28 | AC_PREFIX_DEFAULT(/usr/local/squid) | 28 | AC_PREFIX_DEFAULT(/usr/local/squid) |
29 | AM_MAINTAINER_MODE | 29 | AM_MAINTAINER_MODE |
diff --git a/meta-networking/recipes-daemons/squid/squid_3.5.28.bb b/meta-networking/recipes-daemons/squid/squid_4.6.bb index e33c1b7cc..56e4e0bab 100644 --- a/meta-networking/recipes-daemons/squid/squid_3.5.28.bb +++ b/meta-networking/recipes-daemons/squid/squid_4.6.bb | |||
@@ -12,7 +12,7 @@ LICENSE = "GPLv2+" | |||
12 | MAJ_VER = "${@oe.utils.trim_version("${PV}", 1)}" | 12 | MAJ_VER = "${@oe.utils.trim_version("${PV}", 1)}" |
13 | MIN_VER = "${@oe.utils.trim_version("${PV}", 2)}" | 13 | MIN_VER = "${@oe.utils.trim_version("${PV}", 2)}" |
14 | 14 | ||
15 | SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${MIN_VER}/${BPN}-${PV}.tar.bz2 \ | 15 | SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.bz2 \ |
16 | file://Set-up-for-cross-compilation.patch \ | 16 | file://Set-up-for-cross-compilation.patch \ |
17 | file://Skip-AC_RUN_IFELSE-tests.patch \ | 17 | file://Skip-AC_RUN_IFELSE-tests.patch \ |
18 | file://Fix-flawed-dynamic-ldb-link-test-in-configure.patch \ | 18 | file://Fix-flawed-dynamic-ldb-link-test-in-configure.patch \ |
@@ -23,19 +23,18 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${MIN_VER}/${BPN}-${P | |||
23 | file://squid-don-t-do-squid-conf-tests-at-build-time.patch \ | 23 | file://squid-don-t-do-squid-conf-tests-at-build-time.patch \ |
24 | file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch \ | 24 | file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch \ |
25 | file://0001-tools.cc-fixed-unused-result-warning.patch \ | 25 | file://0001-tools.cc-fixed-unused-result-warning.patch \ |
26 | file://0001-Bug-4843-pt1-ext_edirectory_userip_acl-refactoring-f.patch \ | 26 | file://0001-splay.cc-fix-bind-is-not-a-member-of-std.patch \ |
27 | file://0002-smblib-fix-buffer-over-read.patch \ | ||
28 | " | 27 | " |
29 | 28 | ||
30 | SRC_URI_remove_toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch" | 29 | SRC_URI_remove_toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch" |
31 | 30 | ||
32 | SRC_URI[md5sum] = "4ae3f6277b3aa6386cb5ad2d954179c2" | 31 | SRC_URI[md5sum] = "6fb9f2be772b9bcaf2b3322d9e16ee1e" |
33 | SRC_URI[sha256sum] = "11971bfe3c13f438e42569ea551206caf68ecaa968305c30f7b422b556ebc7ac" | 32 | SRC_URI[sha256sum] = "73c1970467618db194057f6c43c80019a4dc47847579fc404796ff2dcd215f05" |
34 | 33 | ||
35 | LIC_FILES_CHKSUM = "file://COPYING;md5=c492e2d6d32ec5c1aad0e0609a141ce9 \ | 34 | LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ |
36 | file://errors/COPYRIGHT;md5=1c0781e2ecd3051c765d525572defbc7 \ | 35 | file://errors/COPYRIGHT;md5=19cc4dd146f397e72f3ff6f9f58fbfbe \ |
37 | " | 36 | " |
38 | DEPENDS = "libtool krb5 openldap db cyrus-sasl openssl expat libxml2" | 37 | DEPENDS = "libtool krb5 openldap db cyrus-sasl" |
39 | 38 | ||
40 | inherit autotools pkgconfig useradd ptest perlnative | 39 | inherit autotools pkgconfig useradd ptest perlnative |
41 | 40 | ||
@@ -51,6 +50,8 @@ PACKAGECONFIG[libnetfilter-conntrack] = "--with-netfilter-conntrack=${includedir | |||
51 | PACKAGECONFIG[noatomics] = "squid_cv_gnu_atomics=no,squid_cv_gnu_atomics=yes,," | 50 | PACKAGECONFIG[noatomics] = "squid_cv_gnu_atomics=no,squid_cv_gnu_atomics=yes,," |
52 | PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," | 51 | PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," |
53 | PACKAGECONFIG[werror] = "--enable-strict-error-checking,--disable-strict-error-checking," | 52 | PACKAGECONFIG[werror] = "--enable-strict-error-checking,--disable-strict-error-checking," |
53 | PACKAGECONFIG[esi] = "--enable-esi,--disable-esi,expat libxml2" | ||
54 | PACKAGECONFIG[ssl] = "--with-openssl=yes,--with-openssl=no,openssl" | ||
54 | 55 | ||
55 | BASIC_AUTH = "DB SASL LDAP" | 56 | BASIC_AUTH = "DB SASL LDAP" |
56 | 57 | ||