<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-networking/recipes-daemons/squid, branch master</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=master</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=master'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2026-03-18T21:33:30+00:00</updated>
<entry>
<title>squid: upgrade 7.4 -&gt; 7.5</title>
<updated>2026-03-18T21:33:30+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2026-03-16T23:06:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=2735729989328f319915f5de237b5eb3ac6e9586'/>
<id>urn:sha1:2735729989328f319915f5de237b5eb3ac6e9586</id>
<content type='text'>
License-Update: updated to latest GPLv2 text version [1]

Changelog [2]
- Bug 5501: Squid may exit when ACLs decode an invalid URI
- ICP: Fix HttpRequest lifetime for ICP v3 queries
- ICP: Fix validation of packet sizes and URLs
- Do not escape malformed URI twice when sending ICP errors
- ... and some code, CI, and documentation cleanups

[1] https://github.com/squid-cache/squid/commit/765c7f4e7fa45ce87134b4a38ad175db4bda06dd
[2] https://github.com/squid-cache/squid/releases/tag/SQUID_7_5

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>squid: fix UPSTREAM_CHECK_REGEX</title>
<updated>2026-03-18T21:33:30+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2026-03-16T23:06:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=a28c68436e5a7e78f2b76116f638adbbe709549f'/>
<id>urn:sha1:a28c68436e5a7e78f2b76116f638adbbe709549f</id>
<content type='text'>
Squid tags are in form SQUID_&lt;MAJ&gt;_&lt;MIN&gt;.
This can also be seen in SRC_URI download link.

This change will make "devtool latest-version squid" correctly show 7.5

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>squid: upgrade 7.3 -&gt; 7.4</title>
<updated>2026-03-17T20:25:19+00:00</updated>
<author>
<name>Andrej Kozemcak</name>
<email>andrej.kozemcak@siemens.com</email>
</author>
<published>2026-03-09T10:06:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=3cd347cb2ac09e896f90354c33df42307c9acc72'/>
<id>urn:sha1:3cd347cb2ac09e896f90354c33df42307c9acc72</id>
<content type='text'>
License-Update: update GPLv2 COPYING document
  Some terminology and FSF address changes since the GPLv2
  https://github.com/squid-cache/squid/commit/4c5fbc7e8db25352722de4ebe7fe1cab904b62b6

Remove lines from patch, which modify not exist code.

Changelog:
  https://github.com/squid-cache/squid/releases/tag/SQUID_7_4

Changes:
- Do not create world-readable directories
- digest_edirectory_auth: Fix LDAPS memory leaks
- snmplib: Improve handling of zero-length ASN OCTET STRINGs
- Debug tls_read_method()/tls_write_method() errors
- ICMP: Harden echo paths, fix overflows, UB, and leaks
- Set SSL_OP_LEGACY_SERVER_CONNECT when peeking at servers
- security_file_certgen: Fix OPENSSL_malloc()/free(3) mismatch
- Detect FreeBSD ports Heimdal package
- Remove SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H macro
- Remove SQUID_CHECK_KRB5_SOLARIS_BROKEN_KRB5_H macro
- ext_kerberos_ldap_group_acl: Do not prohibit all LDFLAGS
- negotiate_sspi_auth: Respond with ERR when FormatMessage() fails
- ... and some code cleanups
- ... and some CI improvements

Signed-off-by: Andrej Kozemcak &lt;andrej.kozemcak@siemens.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>squid: upgrade 7.2 -&gt; 7.3</title>
<updated>2025-11-01T23:45:17+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-11-01T23:01:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=20b87d90ed6fb0755c187eeb9d516daffa673fef'/>
<id>urn:sha1:20b87d90ed6fb0755c187eeb9d516daffa673fef</id>
<content type='text'>
* https://github.com/squid-cache/squid/releases/tag/SQUID_7_3
- Regression Bug 5520: ERR_INVALID_URL for CONNECT host with leading digit
- Quit NTLM authenticate() on missing NTLM authorization header
- Fix Auth::User::absorb() IP list transfer logic
- Fix type mismatch in new/delete of addrinfo::ai_addr
- Fix libntlmauth string parsing on big-endian machines
- ... and some code cleanups
- ... and some CI improvements

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>squid: upgrade 7.1 -&gt; 7.2</title>
<updated>2025-10-30T04:02:20+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-10-29T23:05:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=c1c5a5ade4bf565ae9d50d9ecff2d754eb0159d5'/>
<id>urn:sha1:c1c5a5ade4bf565ae9d50d9ecff2d754eb0159d5</id>
<content type='text'>
Handles CVE-2025-62168.

Remove CVE patch included in this release.
Refresh remaining patches.

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>squid: patch CVE-2025-59362</title>
<updated>2025-10-09T23:15:49+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-10-09T21:41:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=9619695788163b71df8d631ccdd8b1d37f2c0f89'/>
<id>urn:sha1:9619695788163b71df8d631ccdd8b1d37f2c0f89</id>
<content type='text'>
Pick patch from PR ]1] mentioned in NVD report [2].

[1] https://github.com/squid-cache/squid/pull/2149
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-59362

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>squid: upgrade 6.12 -&gt; 7.1</title>
<updated>2025-10-09T23:15:49+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-10-09T21:41:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=66b553130b62bf688cf7b2dbb3e620ae17620300'/>
<id>urn:sha1:66b553130b62bf688cf7b2dbb3e620ae17620300</id>
<content type='text'>
Refresh all patches.
ptest patches needed larger rework for new test testHeader.

License-Update: copyright years refreshed

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>squid: download from github</title>
<updated>2025-10-09T23:15:49+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-10-09T21:41:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=f088e1e1f93e6bd15358f921624159ab279953ab'/>
<id>urn:sha1:f088e1e1f93e6bd15358f921624159ab279953ab</id>
<content type='text'>
Devtool could not find latest versions before.

Download page [1] shows message
"Squid sources are released through GitHub. Please refer to the Releases
Page to find all released versions."

Note that also squid security advisories were moved to Github.

[1] https://www.squid-cache.org/Versions/

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>recipes: Fix variable assignment whitespace</title>
<updated>2025-03-20T15:46:56+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2025-03-19T20:07:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=eac1f5b9c0b1b81aa24827be94e4a1a91cd49eee'/>
<id>urn:sha1:eac1f5b9c0b1b81aa24827be94e4a1a91cd49eee</id>
<content type='text'>
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>squid: handle CVE-2024-45802</title>
<updated>2024-11-19T21:50:56+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2024-11-07T21:58:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=508a2e6b942d4ff16ec23cc808464fcd9506ddc4'/>
<id>urn:sha1:508a2e6b942d4ff16ec23cc808464fcd9506ddc4</id>
<content type='text'>
According to [1] the ESI implementation in squid feature is vulnerable
without any fix available.

NVD says it's fixed in 6.10, however the change in this release only
disables ESI by default (which we always did via PACKAGECONFIG).
This means CVE report would say Patched even if the vulnerability is
still present if someone adapts squid PACKAGECONFIG.

Commit in master branch related to this CVE is [2].
Title is "Remove Edge Side Include (ESI) protocol" and it's also what it
does. So there will never be a fix for these ESI vulnerabilities.
Based on this, remove vulnerable ESI PACKAGECONFIG already now.

[1] https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj
[2] https://github.com/squid-cache/squid/commit/5eb89ef3d828caa5fc43cd8064f958010dbc8158

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
</feed>
