squid: patch CVE-2025-59362

Pick commit from PR mentioned in NVD report. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
author: Peter Marko <peter.marko@siemens.com> 2025-10-22 20:28:53 +0200
committer: Anuj Mittal <anuj.mittal@intel.com> 2025-10-30 15:13:15 +0800
commit: 08ee2e37ba8fc3635f830d9038d5d06a2637bf15 (patch)
tree: 11bb1d922f16e1fdcc4498c7ef71cddb5ab8611c
parent: 30f6c5ae79407dbbe82f0992c355bd0f9b69a2ad (diff)
download: meta-openembedded-08ee2e37ba8fc3635f830d9038d5d06a2637bf15.tar.gz
2 files changed, 53 insertions, 0 deletions
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2025-59362.patch b/meta-networking/recipes-daemons/squid/files/CVE-2025-59362.patch
new file mode 100644
index 0000000000..26a3896625
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2025-59362.patch
@@ -0,0 +1,52 @@
+From 0d89165ee6da10e6fa50c44998b3cd16d59400e9 Mon Sep 17 00:00:00 2001
+From: Alex Rousskov <rousskov@measurement-factory.com>
+Date: Sat, 30 Aug 2025 06:49:36 +0000
+Subject: [PATCH] Fix ASN.1 encoding of long SNMP OIDs (#2149)
+CVE: CVE-2025-59362
+Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/0d89165ee6da10e6fa50c44998b3cd16d59400e9]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/snmplib/asn1.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+diff --git a/lib/snmplib/asn1.c b/lib/snmplib/asn1.c
+index 81f2051fb..2852c26b2 100644
+--- a/lib/snmplib/asn1.c
+++ b/lib/snmplib/asn1.c
+@@ -735,6 +735,7 @@ asn_build_objid(u_char * data, int *datalength,
+      * lastbyte ::= 0 7bitvalue
+      */
+     u_char buf[MAX_OID_LEN];
+    u_char *bufEnd = buf + sizeof(buf);
+     u_char *bp = buf;
+     oid *op = objid;
+     int asnlength;
+@@ -753,6 +754,10 @@ asn_build_objid(u_char * data, int *datalength,
+     while (objidlength-- > 0) {
+         subid = *op++;
+         if (subid < 127) {  /* off by one? */
+            if (bp >= bufEnd) {
+                snmp_set_api_error(SNMPERR_ASN_ENCODE);
+                return (NULL);
+            }
+             *bp++ = subid;
+         } else {
+             mask = 0x7F;    /* handle subid == 0 case */
+@@ -770,8 +775,16 @@ asn_build_objid(u_char * data, int *datalength,
+                 /* fix a mask that got truncated above */
+                 if (mask == 0x1E00000)
+                     mask = 0xFE00000;
+                if (bp >= bufEnd) {
+                    snmp_set_api_error(SNMPERR_ASN_ENCODE);
+                    return (NULL);
+                }
+                 *bp++ = (u_char) (((subid & mask) >> bits) | ASN_BIT8);
+             }
+            if (bp >= bufEnd) {
+                snmp_set_api_error(SNMPERR_ASN_ENCODE);
+                return (NULL);
+            }
+             *bp++ = (u_char) (subid & mask);
+         }
+     }
diff --git a/meta-networking/recipes-daemons/squid/squid_6.9.bb b/meta-networking/recipes-daemons/squid/squid_6.9.bb
index f6312521d9..490a5401c3 100644
--- a/meta-networking/recipes-daemons/squid/squid_6.9.bb
+++ b/meta-networking/recipes-daemons/squid/squid_6.9.bb
@@ -21,6 +21,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.xz \
           file://0002-squid-make-squid-conf-tests-run-on-target-device.patch \
           file://squid.nm \
           file://CVE-2024-37894.patch \
+           file://CVE-2025-59362.patch \
           "
 SRC_URI[sha256sum] = "1ad72d46e1cb556e9561214f0fb181adb87c7c47927ef69bc8acd68a03f61882"
author	Peter Marko <peter.marko@siemens.com>	2025-10-22 20:28:53 +0200
committer	Anuj Mittal <anuj.mittal@intel.com>	2025-10-30 15:13:15 +0800
commit	08ee2e37ba8fc3635f830d9038d5d06a2637bf15 (patch)
tree	11bb1d922f16e1fdcc4498c7ef71cddb5ab8611c
parent	30f6c5ae79407dbbe82f0992c355bd0f9b69a2ad (diff)
download	meta-openembedded-08ee2e37ba8fc3635f830d9038d5d06a2637bf15.tar.gz

diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2025-59362.patch b/meta-networking/recipes-daemons/squid/files/CVE-2025-59362.patch new file mode 100644 index 0000000000..26a3896625 --- /dev/null +++ b/meta-networking/recipes-daemons/squid/files/CVE-2025-59362.patch
@@ -0,0 +1,52 @@
		1	From 0d89165ee6da10e6fa50c44998b3cd16d59400e9 Mon Sep 17 00:00:00 2001
		2	From: Alex Rousskov <rousskov@measurement-factory.com>
		3	Date: Sat, 30 Aug 2025 06:49:36 +0000
		4	Subject: [PATCH] Fix ASN.1 encoding of long SNMP OIDs (#2149)
		5
		6	CVE: CVE-2025-59362
		7	Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/0d89165ee6da10e6fa50c44998b3cd16d59400e9]
		8	Signed-off-by: Peter Marko <peter.marko@siemens.com>
		9	---
		10	lib/snmplib/asn1.c \| 13 +++++++++++++
		11	1 file changed, 13 insertions(+)
		12
		13	diff --git a/lib/snmplib/asn1.c b/lib/snmplib/asn1.c
		14	index 81f2051fb..2852c26b2 100644
		15	--- a/lib/snmplib/asn1.c
		16	+++ b/lib/snmplib/asn1.c
		17	@@ -735,6 +735,7 @@ asn_build_objid(u_char * data, int *datalength,
		18	* lastbyte ::= 0 7bitvalue
		19	*/
		20	u_char buf[MAX_OID_LEN];
		21	+ u_char *bufEnd = buf + sizeof(buf);
		22	u_char *bp = buf;
		23	oid *op = objid;
		24	int asnlength;
		25	@@ -753,6 +754,10 @@ asn_build_objid(u_char * data, int *datalength,
		26	while (objidlength-- > 0) {
		27	subid = *op++;
		28	if (subid < 127) { /* off by one? */
		29	+ if (bp >= bufEnd) {
		30	+ snmp_set_api_error(SNMPERR_ASN_ENCODE);
		31	+ return (NULL);
		32	+ }
		33	*bp++ = subid;
		34	} else {
		35	mask = 0x7F; /* handle subid == 0 case */
		36	@@ -770,8 +775,16 @@ asn_build_objid(u_char * data, int *datalength,
		37	/* fix a mask that got truncated above */
		38	if (mask == 0x1E00000)
		39	mask = 0xFE00000;
		40	+ if (bp >= bufEnd) {
		41	+ snmp_set_api_error(SNMPERR_ASN_ENCODE);
		42	+ return (NULL);
		43	+ }
		44	*bp++ = (u_char) (((subid & mask) >> bits) \| ASN_BIT8);
		45	}
		46	+ if (bp >= bufEnd) {
		47	+ snmp_set_api_error(SNMPERR_ASN_ENCODE);
		48	+ return (NULL);
		49	+ }
		50	*bp++ = (u_char) (subid & mask);
		51	}
		52	}


diff --git a/meta-networking/recipes-daemons/squid/squid_6.9.bb b/meta-networking/recipes-daemons/squid/squid_6.9.bb index f6312521d9..490a5401c3 100644 --- a/meta-networking/recipes-daemons/squid/squid_6.9.bb +++ b/meta-networking/recipes-daemons/squid/squid_6.9.bb
@@ -21,6 +21,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.xz \
21	file://0002-squid-make-squid-conf-tests-run-on-target-device.patch \	21	file://0002-squid-make-squid-conf-tests-run-on-target-device.patch \
22	file://squid.nm \	22	file://squid.nm \
23	file://CVE-2024-37894.patch \	23	file://CVE-2024-37894.patch \
		24	file://CVE-2025-59362.patch \
24	"	25	"
25		26
26	SRC_URI[sha256sum] = "1ad72d46e1cb556e9561214f0fb181adb87c7c47927ef69bc8acd68a03f61882"	27	SRC_URI[sha256sum] = "1ad72d46e1cb556e9561214f0fb181adb87c7c47927ef69bc8acd68a03f61882"