From f4972749457329dfe4f01f26116720401b6df0da Mon Sep 17 00:00:00 2001 From: Patrick Wicki Date: Thu, 30 Nov 2023 03:55:24 +0100 Subject: squid: update from v5.7 to v6.5 Refresh patches and clean up ones that are no longer needed: * dlopen test was removed in b65d2165c5c250242764ed7cdac4540fba813dec * libxml2 variables were removed in 866a092dad01e58986a6e9ecb84ac89037a63e9a * squid-conf-tests no longer run at build time since cd3dc147bf8abc0225237ced865c6660fffcb63a Fix squid-conf-tests to allow running on target device. License change: Update year The version update eliminates the following CVEs: * CVE-2023-5824 (affected: <6.4) * CVE-2023-46724 (affected: >=3.3.0.1, <6.4) * CVE-2023-46728 (affected: <6.0.1) * CVE-2023-46846 (affected: >=2.6, <6.4) * CVE-2023-46847 (affected: >=3.2.0.1, <6.4) * CVE-2023-46848 (affected: >=5.0.3, <6.4) Signed-off-by: Patrick Wicki Signed-off-by: Khem Raj --- ...heck-for-Wno-error-format-truncation-comp.patch | 18 +++--- ...ake-squid-conf-tests-run-on-target-device.patch | 74 ++++++++++++++++++++++ ...flawed-dynamic-ldb-link-test-in-configure.patch | 40 ------------ .../squid/files/Set-up-for-cross-compilation.patch | 10 +-- .../squid/files/Skip-AC_RUN_IFELSE-tests.patch | 25 ++++---- .../recipes-daemons/squid/files/run-ptest | 1 + .../squid/files/set_sysroot_patch.patch | 41 ------------ ...d-don-t-do-squid-conf-tests-at-build-time.patch | 61 ------------------ 8 files changed, 101 insertions(+), 169 deletions(-) create mode 100644 meta-networking/recipes-daemons/squid/files/0002-squid-make-squid-conf-tests-run-on-target-device.patch delete mode 100644 meta-networking/recipes-daemons/squid/files/Fix-flawed-dynamic-ldb-link-test-in-configure.patch delete mode 100644 meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch delete mode 100644 meta-networking/recipes-daemons/squid/files/squid-don-t-do-squid-conf-tests-at-build-time.patch (limited to 'meta-networking/recipes-daemons/squid/files') diff --git a/meta-networking/recipes-daemons/squid/files/0001-configure-Check-for-Wno-error-format-truncation-comp.patch b/meta-networking/recipes-daemons/squid/files/0001-configure-Check-for-Wno-error-format-truncation-comp.patch index acebd6dce..a478dcd80 100644 --- a/meta-networking/recipes-daemons/squid/files/0001-configure-Check-for-Wno-error-format-truncation-comp.patch +++ b/meta-networking/recipes-daemons/squid/files/0001-configure-Check-for-Wno-error-format-truncation-comp.patch @@ -1,4 +1,4 @@ -From c21adbb0b230ffba97cf5d059e2bd024e13a37df Mon Sep 17 00:00:00 2001 +From 38e7e90cc2075952c1b74f5fca826f9c6cadb2f0 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Sat, 22 Apr 2017 11:54:57 -0700 Subject: [PATCH] configure: Check for -Wno-error=format-truncation compiler @@ -13,8 +13,8 @@ Signed-off-by: Khem Raj --- Upstream-Status: Pending - acinclude/ax_check_compile_flag.m4 | 74 ++++++++++++++++++++++++++++++++++++++ - configure.ac | 2 ++ + acinclude/ax_check_compile_flag.m4 | 74 ++++++++++++++++++++++++++++++ + configure.ac | 2 + 2 files changed, 76 insertions(+) create mode 100644 acinclude/ax_check_compile_flag.m4 @@ -99,20 +99,20 @@ index 0000000..dcabb92 +AS_VAR_POPDEF([CACHEVAR])dnl +])dnl AX_CHECK_COMPILE_FLAGS diff --git a/configure.ac b/configure.ac -index ff4688c..9382fdf 100644 +index 2543676..4635474 100644 --- a/configure.ac +++ b/configure.ac -@@ -26,6 +26,7 @@ m4_include([acinclude/pkg.m4]) +@@ -28,6 +28,7 @@ m4_include([acinclude/pkg.m4]) + m4_include([acinclude/tdb.m4]) m4_include([acinclude/lib-checks.m4]) - m4_include([acinclude/ax_cxx_compile_stdcxx_11.m4]) - m4_include([acinclude/ax_cxx_0x_types.m4]) + m4_include([acinclude/ax_cxx_compile_stdcxx.m4]) +m4_include([acinclude/ax_check_compile_flag.m4]) HOSTCXX="$BUILD_CXX" PRESET_CFLAGS="$CFLAGS" -@@ -44,6 +45,7 @@ AC_PROG_CXX +@@ -59,6 +60,7 @@ AC_USE_SYSTEM_EXTENSIONS + AC_LANG([C++]) - AC_CANONICAL_HOST +AX_CHECK_COMPILE_FLAG([-Werror=format-truncation],[CFLAGS="$CFLAGS -Wno-error=format-truncation" CXXFLAGS="$CXXFLAGS -Wno-error=format-truncation"]) # Clang 3.2 on some CPUs requires -march-native to detect correctly. diff --git a/meta-networking/recipes-daemons/squid/files/0002-squid-make-squid-conf-tests-run-on-target-device.patch b/meta-networking/recipes-daemons/squid/files/0002-squid-make-squid-conf-tests-run-on-target-device.patch new file mode 100644 index 000000000..56c91de3c --- /dev/null +++ b/meta-networking/recipes-daemons/squid/files/0002-squid-make-squid-conf-tests-run-on-target-device.patch @@ -0,0 +1,74 @@ +From cd8bf8a4bf881f84c23a5fc1f48bb716efa51512 Mon Sep 17 00:00:00 2001 +From: Patrick Wicki +Date: Wed, 22 Nov 2023 15:35:44 +0100 +Subject: [PATCH] squid: make squid-conf-tests run on target device + +* Fix paths to allow tests to run outside the original builddir +* Allow the tests to run on read-only root + * Don't overwrite tests with true on success + * Change logfile path to /var/log + +Upstream-Status: Inappropriate [cross compile specific] + +Signed-off-by: Patrick Wicki + +--- + test-suite/Makefile.am | 16 ++++++++-------- + test-suite/test-squid-conf.sh | 2 +- + 2 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/test-suite/Makefile.am b/test-suite/Makefile.am +index 8becdbc..eccd49c 100644 +--- a/test-suite/Makefile.am ++++ b/test-suite/Makefile.am +@@ -21,7 +21,7 @@ LDADD = \ + EXTRA_PROGRAMS = mem_node_test splay + + EXTRA_DIST = \ +- $(srcdir)/squidconf/* \ ++ squidconf/* \ + test-functionality.sh \ + test-sources.sh \ + test-squid-conf.sh \ +@@ -134,21 +134,21 @@ VirtualDeleteOperator_SOURCES = \ + + installcheck-local: squid-conf-tests + +-squid-conf-tests: $(srcdir)/test-squid-conf.sh $(top_builddir)/src/squid.conf.default $(srcdir)/squidconf/* +- @failed=0; cfglist="$(top_builddir)/src/squid.conf.default $(srcdir)/squidconf/*.conf"; rm -f $@ || $(TRUE); \ ++squid-conf-tests: test-squid-conf.sh $(top_builddir)/src/squid.conf.default squidconf/* ++ @failed=0; cfglist="$(top_builddir)/src/squid.conf.default squidconf/*.conf"; rm -f $@ || $(TRUE); \ + for cfg in $$cfglist ; do \ +- $(srcdir)/test-squid-conf.sh $(top_builddir) $(sbindir) $$cfg || \ ++ ./test-squid-conf.sh $(top_builddir) $(sbindir) $$cfg || \ + { echo "FAIL: squid.conf test: $$cfg" | \ + sed s%$(top_builddir)/src/%% | \ +- sed s%$(srcdir)/squidconf/%% ; \ ++ sed s%squidconf/%% ; \ + failed=1; break; \ + }; \ + if test "$$failed" -eq 0; then \ + echo "PASS: squid.conf test: $$cfg" | \ + sed s%$(top_builddir)/src/%% | \ +- sed s%$(srcdir)/squidconf/%% ; \ ++ sed s%squidconf/%% ; \ + else break; fi; \ + done; \ +- if test "$$failed" -eq 0; then cp $(TRUE) $@ ; else exit 1; fi ++ exit "$$failed" + +-CLEANFILES += squid-conf-tests squid-stderr.log ++CLEANFILES += squid-conf-tests /var/log/squid-stderr.log +diff --git a/test-suite/test-squid-conf.sh b/test-suite/test-squid-conf.sh +index 05fcaf3..a5a8a5a 100755 +--- a/test-suite/test-squid-conf.sh ++++ b/test-suite/test-squid-conf.sh +@@ -111,7 +111,7 @@ then + done < $instructionsFile + fi + +-errorLog="squid-stderr.log" ++errorLog="/var/log/squid-stderr.log" + + $sbindir/squid -k parse -f $configFile 2> $errorLog + result=$? diff --git a/meta-networking/recipes-daemons/squid/files/Fix-flawed-dynamic-ldb-link-test-in-configure.patch b/meta-networking/recipes-daemons/squid/files/Fix-flawed-dynamic-ldb-link-test-in-configure.patch deleted file mode 100644 index 738e609c0..000000000 --- a/meta-networking/recipes-daemons/squid/files/Fix-flawed-dynamic-ldb-link-test-in-configure.patch +++ /dev/null @@ -1,40 +0,0 @@ -From b73b802282bf95d214c86ba943c5765ba6930bc1 Mon Sep 17 00:00:00 2001 -From: Jim Somerville -Date: Mon, 21 Oct 2013 12:50:44 -0400 -Subject: [PATCH] Fix flawed dynamic -ldb link test in configure - -The test uses dbopen, but just ignores the fact -that this function may not exist in the db version -used. This leads to the dynamic link test failing -and the configure script just making assumptions -about why and setting the need for -ldb incorrectly. - -Signed-off-by: Jim Somerville - ---- -Upstream-Status: Pending - - configure.ac | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/configure.ac b/configure.ac -index d2f7feb..c7ae568 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -3268,6 +3268,16 @@ case "$host" in - ;; - esac - -+if test "x$ac_cv_have_decl_dbopen" = "xyes"; then -+ dnl 1.85 -+ SQUID_CHECK_DBOPEN_NEEDS_LIBDB -+else -+ # dbopen isn't there. So instead of running a compile/link test that -+ # uses it and is thus guaranteed to fail, we just assume that we will -+ # need to link in the db library, rather than fabricate some other -+ # dynamic compile/link test. -+ ac_cv_dbopen_libdb="yes" -+fi - dnl System-specific library modifications - dnl - case "$host" in diff --git a/meta-networking/recipes-daemons/squid/files/Set-up-for-cross-compilation.patch b/meta-networking/recipes-daemons/squid/files/Set-up-for-cross-compilation.patch index ffb737164..ae8706df7 100644 --- a/meta-networking/recipes-daemons/squid/files/Set-up-for-cross-compilation.patch +++ b/meta-networking/recipes-daemons/squid/files/Set-up-for-cross-compilation.patch @@ -1,4 +1,4 @@ -From 995aaf30799fa972441354b6feb45f0621968929 Mon Sep 17 00:00:00 2001 +From c0be3192f608037682464bcb728e97f9d9b543aa Mon Sep 17 00:00:00 2001 From: Jim Somerville Date: Wed, 16 Oct 2013 16:41:03 -0400 Subject: [PATCH] Set up for cross compilation @@ -17,12 +17,12 @@ Upstream-Status: Pending 1 file changed, 1 insertion(+) diff --git a/configure.ac b/configure.ac -index fe80ee0..57cd1ac 100644 +index ca0bc79..c222851 100644 --- a/configure.ac +++ b/configure.ac -@@ -27,6 +27,7 @@ m4_include([acinclude/lib-checks.m4]) - m4_include([acinclude/ax_cxx_compile_stdcxx_11.m4]) - m4_include([acinclude/ax_cxx_0x_types.m4]) +@@ -29,6 +29,7 @@ m4_include([acinclude/tdb.m4]) + m4_include([acinclude/lib-checks.m4]) + m4_include([acinclude/ax_cxx_compile_stdcxx.m4]) +HOSTCXX="$BUILD_CXX" PRESET_CFLAGS="$CFLAGS" diff --git a/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch b/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch index 10853333e..5bb30bfcb 100644 --- a/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch +++ b/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch @@ -1,4 +1,4 @@ -From e4778299a3e49a634d2c7fe4fd9ac77777e829e3 Mon Sep 17 00:00:00 2001 +From 050f8ab275a7a5f3d94045da6b15a2b63dfbeb3f Mon Sep 17 00:00:00 2001 From: Jim Somerville Date: Tue, 14 Oct 2014 02:56:08 -0400 Subject: [PATCH] Skip AC_RUN_IFELSE tests @@ -17,10 +17,10 @@ Signed-off-by: Jackie Huang 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/acinclude/krb5.m4 b/acinclude/krb5.m4 -index ad0ba60..4477446 100644 +index 2c4e340..64648e3 100644 --- a/acinclude/krb5.m4 +++ b/acinclude/krb5.m4 -@@ -61,7 +61,15 @@ main(void) +@@ -57,7 +57,15 @@ main(void) return 0; } @@ -35,13 +35,13 @@ index ad0ba60..4477446 100644 + dnl Can't test in cross compiled env - so assume good + squid_cv_broken_heimdal_krb5_h=no ]) + SQUID_STATE_ROLLBACK(squid_krb5_heimdal_test) ]) - ]) dnl SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H diff --git a/acinclude/lib-checks.m4 b/acinclude/lib-checks.m4 -index 1e9333527c..2d42787029 100644 +index 53847a8..850322a 100644 --- a/acinclude/lib-checks.m4 +++ b/acinclude/lib-checks.m4 -@@ -227,7 +227,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[ +@@ -205,7 +205,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[ [ AC_MSG_RESULT([no]) ], @@ -52,15 +52,14 @@ index 1e9333527c..2d42787029 100644 SQUID_STATE_ROLLBACK(check_const_SSL_METHOD) ]) -@@ -386,8 +386,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[ - [ - AC_MSG_RESULT([yes]) - AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1) -- ], --[]) +@@ -347,7 +349,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[ + ],[ + AC_MSG_RESULT([yes]) + AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1) +- ],[]) + ],[ + AC_MSG_RESULT([skipped - can't test in cross-compiled env]) + ]) - SQUID_STATE_ROLLBACK(check_TXTDB) + SQUID_STATE_ROLLBACK(check_TXTDB) ]) diff --git a/meta-networking/recipes-daemons/squid/files/run-ptest b/meta-networking/recipes-daemons/squid/files/run-ptest index de79a293c..8f8e28f92 100644 --- a/meta-networking/recipes-daemons/squid/files/run-ptest +++ b/meta-networking/recipes-daemons/squid/files/run-ptest @@ -1,3 +1,4 @@ #!/bin/sh # +make -C test-suite -k squid-conf-tests make -C test-suite -k runtest-TESTS diff --git a/meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch b/meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch deleted file mode 100644 index 124e04490..000000000 --- a/meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 702bd881b66dc034e711c0ff47805f2da40b6e0d Mon Sep 17 00:00:00 2001 -From: Yue Tao -Date: Mon, 8 Aug 2016 16:04:33 +0800 -Subject: [PATCH] Set the SYSROOT for libxml2 header file to avoid host - contamination. - -Upstream-Status: Inappropriate [embedded specific] - -Signed-off-by: Yue Tao -Signed-off-by: Yi Zhao - ---- - configure.ac | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 504a844..ff4688c 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -931,15 +931,15 @@ if test "x$squid_opt_use_esi" = "xyes" -a "x$with_libxml2" != "xno" ; then - dnl Find the main header and include path... - AC_CACHE_CHECK([location of libxml2 include files], [ac_cv_libxml2_include], [ - AC_CHECK_HEADERS([libxml/parser.h], [], [ -- AC_MSG_NOTICE([Testing in /usr/include/libxml2]) -+ AC_MSG_NOTICE([Testing in $SYSROOT/usr/include/libxml2]) - SAVED_CPPFLAGS="$CPPFLAGS" -- CPPFLAGS="-I/usr/include/libxml2 $CPPFLAGS" -+ CPPFLAGS="-I$SYSROOT/usr/include/libxml2 $CPPFLAGS" - unset ac_cv_header_libxml_parser_h -- AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I/usr/include/libxml2"], [ -- AC_MSG_NOTICE([Testing in /usr/local/include/libxml2]) -- CPPFLAGS="-I/usr/local/include/libxml2 $SAVED_CPPFLAGS" -+ AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I$SYSROOT/usr/include/libxml2"], [ -+ AC_MSG_NOTICE([Testing in $SYSROOT/usr/local/include/libxml2]) -+ CPPFLAGS="-I$SYSROOT/usr/local/include/libxml2 $SAVED_CPPFLAGS" - unset ac_cv_header_libxml_parser_h -- AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I/usr/local/include/libxml2"], [ -+ AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I$SYSROOT/usr/local/include/libxml2"], [ - AC_MSG_NOTICE([Failed to find libxml2 header file libxml/parser.h]) - ]) - ]) diff --git a/meta-networking/recipes-daemons/squid/files/squid-don-t-do-squid-conf-tests-at-build-time.patch b/meta-networking/recipes-daemons/squid/files/squid-don-t-do-squid-conf-tests-at-build-time.patch deleted file mode 100644 index ea27285e0..000000000 --- a/meta-networking/recipes-daemons/squid/files/squid-don-t-do-squid-conf-tests-at-build-time.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 8786b91488dae3f6dfeadd686e80d2ffc5c29320 Mon Sep 17 00:00:00 2001 -From: Jackie Huang -Date: Thu, 25 Aug 2016 15:22:57 +0800 -Subject: [PATCH] squid: don't do squid-conf-tests at build time - -* squid-conf-tests is a test to run "squid -k parse -f" - to perse the config files, which should not be run - at build time since we are cross compiling, so remove - it but it will be added back for the runtime ptest. - -* Fix the directories of the conf files for squid-conf-tests - so that it can run on the target board. - -Upstream-Status: Inappropriate [cross compile specific] - -Signed-off-by: Jackie Huang - ---- - test-suite/Makefile.am | 15 +++++++-------- - 1 file changed, 7 insertions(+), 8 deletions(-) - -diff --git a/test-suite/Makefile.am b/test-suite/Makefile.am -index 0233c0e..e0021b6 100644 ---- a/test-suite/Makefile.am -+++ b/test-suite/Makefile.am -@@ -40,8 +40,7 @@ TESTS += debug \ - splay\ - mem_node_test\ - mem_hdr_test\ -- $(ESI_TESTS) \ -- squid-conf-tests -+ $(ESI_TESTS) - - ## Sort by alpha - any build failures are significant. - check_PROGRAMS += debug \ -@@ -159,19 +158,19 @@ VirtualDeleteOperator_SOURCES = \ - ##$(TARGLIB): $(LIBOBJS) - ## $(AR_R) $(TARGLIB) $(LIBOBJS) - --squid-conf-tests: $(top_builddir)/src/squid.conf.default $(srcdir)/squidconf/* -+squid-conf-tests: $(sysconfdir)/squid.conf.default squidconf/* - @failed=0; cfglist="$?"; rm -f $@ || $(TRUE); \ - for cfg in $$cfglist ; do \ -- $(top_builddir)/src/squid -k parse -f $$cfg || \ -+ squid -k parse -f $$cfg || \ - { echo "FAIL: squid.conf test: $$cfg" | \ -- sed s%$(top_builddir)/src/%% | \ -- sed s%$(srcdir)/squidconf/%% ; \ -+ sed s%$(sysconfdir)/%% | \ -+ sed s%squidconf/%% ; \ - failed=1; break; \ - }; \ - if test "$$failed" -eq 0; then \ - echo "PASS: squid.conf test: $$cfg" | \ -- sed s%$(top_builddir)/src/%% | \ -- sed s%$(srcdir)/squidconf/%% ; \ -+ sed s%$(sysconfdir)/%% | \ -+ sed s%squidconf/%% ; \ - else break; fi; \ - done; \ - if test "$$failed" -eq 0; then cp $(TRUE) $@ ; fi -- cgit v1.2.3-54-g00ecf