summaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-daemons/squid
Commit message (Collapse)AuthorAgeFilesLines
* squid: upgrade 7.2 -> 7.3Peter Marko2025-11-011-1/+1
| | | | | | | | | | | | | | * https://github.com/squid-cache/squid/releases/tag/SQUID_7_3 - Regression Bug 5520: ERR_INVALID_URL for CONNECT host with leading digit - Quit NTLM authenticate() on missing NTLM authorization header - Fix Auth::User::absorb() IP list transfer logic - Fix type mismatch in new/delete of addrinfo::ai_addr - Fix libntlmauth string parsing on big-endian machines - ... and some code cleanups - ... and some CI improvements Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: upgrade 7.1 -> 7.2Peter Marko2025-10-293-56/+3
| | | | | | | | | | Handles CVE-2025-62168. Remove CVE patch included in this release. Refresh remaining patches. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: patch CVE-2025-59362Peter Marko2025-10-092-0/+53
| | | | | | | | | | Pick patch from PR ]1] mentioned in NVD report [2]. [1] https://github.com/squid-cache/squid/pull/2149 [2] https://nvd.nist.gov/vuln/detail/CVE-2025-59362 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: upgrade 6.12 -> 7.1Peter Marko2025-10-095-18/+84
| | | | | | | | | | Refresh all patches. ptest patches needed larger rework for new test testHeader. License-Update: copyright years refreshed Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: download from githubPeter Marko2025-10-091-3/+6
| | | | | | | | | | | | | | | Devtool could not find latest versions before. Download page [1] shows message "Squid sources are released through GitHub. Please refer to the Releases Page to find all released versions." Note that also squid security advisories were moved to Github. [1] https://www.squid-cache.org/Versions/ Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* recipes: Fix variable assignment whitespaceRichard Purdie2025-03-201-1/+1
| | | | | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: handle CVE-2024-45802Peter Marko2024-11-191-2/+3
| | | | | | | | | | | | | | | | | | | | | According to [1] the ESI implementation in squid feature is vulnerable without any fix available. NVD says it's fixed in 6.10, however the change in this release only disables ESI by default (which we always did via PACKAGECONFIG). This means CVE report would say Patched even if the vulnerability is still present if someone adapts squid PACKAGECONFIG. Commit in master branch related to this CVE is [2]. Title is "Remove Edge Side Include (ESI) protocol" and it's also what it does. So there will never be a fix for these ESI vulnerabilities. Based on this, remove vulnerable ESI PACKAGECONFIG already now. [1] https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj [2] https://github.com/squid-cache/squid/commit/5eb89ef3d828caa5fc43cd8064f958010dbc8158 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: upgrade 6.10 -> 6.12Peter Marko2024-11-192-2/+58
| | | | | | | | | License-Update: copyright year updated Add patch to fix new build failure from release tarball. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: Upgrade to 6.10Peter Marko2024-08-042-2/+2
| | | | | | | Solves CVE-2024-37894 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* recipes: Start WORKDIR -> UNPACKDIR transitionKhem Raj2024-05-231-2/+2
| | | | | | | Replace references of WORKDIR with UNPACKDIR where it makes sense to do so in preparation for changing the default value of UNPACKDIR. Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: workaround a build failure with native gcc10Yoann Congal2024-05-191-0/+5
| | | | | | | | | | | | | | | | | | | | When build on Debian 11 (gcc10), squid fails to build[0] because of a bug[1] in the configure step (it mixes options between old native compiler and recent target compiler: the former needs the std=c++17 option, the latter doesn't). The workaround is to force the "-std=c++17" option for the native build. NB: Our Buildroot friends have the same workaround[2]. [0]: https://autobuilder.yoctoproject.org/typhoon/#/builders/155/builds/23/steps/28/logs/stdio [1]: https://bugs.squid-cache.org/show_bug.cgi?id=5376 Bug closed as invalid by upstream [2]: https://github.com/buildroot/buildroot/blob/932b52fad87d79d9f26a343edafe2981079de16e/package/squid/squid.mk#L24 Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Reviewed-by: Alexandre Truong <alexandre.truong@smile.fr> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: upgrade 6.8 -> 6.9Wang Mingyu2024-04-171-1/+1
| | | | | | | | | | | | | | | Changelog: ========== - Regression Bug 5349: basic_nis_auth build error: unterminated #ifndef - Bug 5069: Keep listening after getsockname() error - Bug 5360: FwdState::noteDestinationsEnd() assertion "err" - Reduce stale errno usage - Plug memory leak in handling cache manager requests - Fix error: template-id not allowed for constructor in C++20 - Improve release packaging automation Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: Upgrade to 6.8Khem Raj2024-03-086-138/+3
| | | | | | Drop a patch which was needed for older gcc Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: Add missing bash dependency for ptest packageKhem Raj2024-02-261-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: upgrade 6.6 -> 6.7Wang Mingyu2024-02-091-1/+1
| | | | | | | | | | | | | | | | | Changelog: =========== - Bug 5337: workaround for crash on startup if -a option is used - Bug 5274: Successful tunnels logged as TCP_TUNNEL/500 - Fix crash when NTLM and Negotiate helpers are queried with no HTTP request - Fix SslBump memory leak when mimicking certificates with Authority Key Identifier - Fix memory leak on SslBump certificates with Authority Key Identifier extension - Fix a possible integer overflow in FTP Gateway - Extend cache_log_message to Bug 5187 and job invalidation BUGs - Remove incorrect beta version warning - MS Windows portability improvements and some documentation improvements Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: upgrade 6.5 -> 6.6Wang Mingyu2024-01-021-1/+1
| | | | | | | | | | | | | | | | | | Changelog: =========== - Bug 5328: Fix ESI build with libxml2 v2.12.0 - Bug 5319: QOS Netfilter MARK preservation is always disabled - Bug 5318: peer_digest.cc:399: "fetch->pd && receivedData.data" - Bug 5317: FATAL attempt to read data from memory - Bug 5154: Do not open IPv6 sockets when IPv6 is disabled - FTP: Ignore credentials with a NUL-prefixed username - log_db_daemon: Fix DSN construction - Limit the number of allowed X-Forwarded-For hops - Do not update StoreEntry expiration after errorAppendEntry() - improve handling of response sending errors Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: add systemd servicePatrick Wicki2023-11-291-1/+12
| | | | | | | Integrate the upstream unit file into the recipe. Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: add url-rewrite-helpers packageconfigPatrick Wicki2023-11-291-1/+2
| | | | | Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: move configs to sub packagePatrick Wicki2023-11-291-2/+6
| | | | | | | | Move the config files to a separate squid-conf package. This allows shipping new configs via a custom conf package. Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: add auth packageconfigPatrick Wicki2023-11-291-4/+7
| | | | | | | | | Introduce PACKAGECONFIG[auth] and pin the dependencies to it. This allows building squid without authentication support and all its related dependencies. Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: add nm dispatcher reload hookPatrick Wicki2023-11-292-0/+15
| | | | | | | | | | This enables the networkmanager dispatcher to reload squid automatically on network changes. This idea is from the Fedora package where they do the same: https://src.fedoraproject.org/rpms/squid/blob/rawhide/f/squid.spec#_207 Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: update from v5.7 to v6.5Patrick Wicki2023-11-299-187/+110
| | | | | | | | | | | | | | | | | | | | | | | | | | Refresh patches and clean up ones that are no longer needed: * dlopen test was removed in b65d2165c5c250242764ed7cdac4540fba813dec * libxml2 variables were removed in 866a092dad01e58986a6e9ecb84ac89037a63e9a * squid-conf-tests no longer run at build time since cd3dc147bf8abc0225237ced865c6660fffcb63a Fix squid-conf-tests to allow running on target device. License change: Update year The version update eliminates the following CVEs: * CVE-2023-5824 (affected: <6.4) * CVE-2023-46724 (affected: >=3.3.0.1, <6.4) * CVE-2023-46728 (affected: <6.0.1) * CVE-2023-46846 (affected: >=2.6, <6.4) * CVE-2023-46847 (affected: >=3.2.0.1, <6.4) * CVE-2023-46848 (affected: >=5.0.3, <6.4) Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* *.patch: add Upstream-Status to all patchesMartin Jansa2023-06-213-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is new patch-status QA check in oe-core: https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a This is temporary work around just to hide _many_ warnings from optional patch-status (if you add it to WARN_QA). This just added Upstream-Status: Pending everywhere without actually investigating what's the proper status. This is just to hide current QA warnings and to catch new .patch files being added without Upstream-Status, but the number of Pending patches is now terrible: 5 (26%) meta-xfce 6 (50%) meta-perl 15 (42%) meta-webserver 21 (36%) meta-gnome 25 (57%) meta-filesystems 26 (43%) meta-initramfs 45 (45%) meta-python 47 (55%) meta-multimedia 312 (63%) meta-networking 756 (61%) meta-oe Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: Remove buildpaths from generated binariesKhem Raj2023-05-141-0/+4
| | | | | | | | | | Compiler invocation and flags are added to SQUID_CONFIGURE_OPTIONS which is added via generated autoconf.h during configure step. Since OE encodes sysroot and buildpaths for cross compile, they end up in squid binary, this patch removes from workdir from them so avoid encoding build workspace path Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: upgrade 4.15 -> 5.7Andrej Kozemcak2022-09-227-166/+27
| | | | | | | | | | | - drop included patches - refresh remaining patches - update to new ptest Licence change: update year Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* recipes: Update LICENSE variable to use SPDX license identifiersKhem Raj2022-03-041-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Convert to new override syntaxMartin Jansa2021-08-031-13/+13
| | | | | | | | | | This is the result of automated script (0.9.1) conversion: oe-core/scripts/contrib/convert-overrides.py . converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* squid: upgrade 4.14 -> 4.15Andrej Kozemcak2021-05-212-25/+2
| | | | | | | Changes are found at: http://www.squid-cache.org/Versions/v4/changesets Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: Include <limits> for using std::numeric_limitsKhem Raj2021-03-032-3/+108
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: upgrade 4.12 -> 4.13Andrej Valek2020-08-251-2/+2
| | | | | | | Changes are found at: http://www.squid-cache.org/Versions/v4/changesets Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: upgrade 4.9 -> 4.12Andreas Müller2020-06-191-3/+3
| | | | | | | | | | | | | License checksum was changed by change of copyright year Changes are found at [1-3] [1] http://www.squid-cache.org/Versions/v4/changesets/SQUID_4_12.html [2] http://www.squid-cache.org/Versions/v4/changesets/SQUID_4_11.html [3] http://www.squid-cache.org/Versions/v4/changesets/SQUID_4_10.html Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: Link with libatomic on riscvKhem Raj2020-01-281-0/+2
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: upgrade 4.6 -> 4.9Martin Balik2019-11-151-2/+2
| | | | | | Signed-off-by: Martin Balik <martin.balik@siemens.com> Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: Link with libatomic on mips/ppcKhem Raj2019-04-271-5/+4
| | | | | | The atomics are not supported as builtins on these arches Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: upgrade squid 3.5.28 -> 4.6Andrej Valek2019-04-099-605/+92
| | | | | | | | | - refresh and remove obsolete patches - add openssl and esi as package options - add missing header for std::bind implementation Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: upgrade 3.5.27 -> 3.5.28Pascal Bach2019-03-111-3/+3
| | | | | | | Copyright year has changed in COPYRIGHTS file, thus the hash change. Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: Fix build with gcc8Khem Raj2018-06-243-0/+548
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squid: Upgrade to 3.5.27Khem Raj2018-05-173-76/+2
| | | | | | | Drop upstreamed/backported patches Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* squid: refresh patchesArmin Kuster2018-04-1310-96/+102
| | | | | | | | | | | | | | | | | | | | | | | ARNING: Some of the context lines in patches were ignored. This can lead to incorrectly applied patches. The context lines in the patches can be updated with devtool: devtool modify <recipe> devtool finish --force-patch-refresh <recipe> <layer_path> Then the updated patches and the source tree (in devtool's workspace) should be reviewed to make sure the patches apply in the correct place and don't introduce duplicate lines (which can, and does happen when some of the context is ignored). Further information: http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.html https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450 Details: checking file configure.ac Hunk #1 succeeded at 27 with fuzz 1 (offset 8 lines). and others Signed-off-by: Armin Kuster <akuster808@gmail.com>
* squid: Fix QA errors about wrong perl interpreterKhem Raj2017-09-121-1/+4
| | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* squid: Disable format-truncation warning only with gccKhem Raj2017-09-121-0/+3
| | | | | | | | Clang does not support this option Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* squid: Add missing dependencies on openssl expat and libxml2Khem Raj2017-09-121-3/+2
| | | | | | | | | inherit classes needed for pkgconfig and perl NIS is not buildable with gold linker, disable it Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* squid: Fix build with hardeningKhem Raj2017-06-282-0/+37
| | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* squid: Upgrade to 3.5.26Khem Raj2017-06-283-2/+137
| | | | | | | | Fix build errors with gcc7 along the way Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* squid: Upgrade to 3.5.25Khem Raj2017-04-252-4/+53
| | | | | | | | | Add patch to fix throw() errors with gcc7 Update copyright year to 2017 Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* squid: Update to 3.5.23Khem Raj2017-04-251-4/+5
| | | | | | | Disable NIS on musl, it doesnt yet build Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* recipes: delete obsolete patchesOleksandr Kravchuk2017-03-161-31/+0
| | | | | | | Deleted bunch of patches which are not used anymore by any recipe. Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* Make use of the new bb.utils.filter() functionPeter Kjellerstedt2017-03-071-1/+1
| | | | | Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* squid: disable gnu atomic operations for mipselJackie Huang2016-12-141-0/+1
| | | | | | | | | | | | | | Disable GNU atomic operations for mipsel since it's not supported. Refer to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=56300: There is no hardware support for 8 bytes atomic operations on 32-bit MIPS targets. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* squid: fix ptest failureYi Zhao2016-10-201-0/+3
| | | | | | | | | | | | Fix error when run ptest on target: cp: cannot stat '/usr/bin/true': No such file or directory make: *** [Makefile:1120: squid-conf-tests] Error 1 The correct path should be /bin/true on target. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-01-10 14:49:52 +0000