squid: patch CVE-2025-59362

Pick patch from PR ]1] mentioned in NVD report [2]. [1] https://github.com/squid-cache/squid/pull/2149 [2] https://nvd.nist.gov/vuln/detail/CVE-2025-59362 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-10-22 06:53:16 +02:00 · 2025-10-09 23:41:32 +02:00 · 2025-10-09 23:41:32 +02:00 · 9619695788
commit 9619695788
parent 66b553130b
2 changed files with 53 additions and 0 deletions
--- a/meta-networking/recipes-daemons/squid/files/CVE-2025-59362.patch
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2025-59362.patch
@ -0,0 +1,52 @@
+From 0d89165ee6da10e6fa50c44998b3cd16d59400e9 Mon Sep 17 00:00:00 2001
+From: Alex Rousskov <rousskov@measurement-factory.com>
+Date: Sat, 30 Aug 2025 06:49:36 +0000
+Subject: [PATCH] Fix ASN.1 encoding of long SNMP OIDs (#2149)
+
+CVE: CVE-2025-59362
+Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/0d89165ee6da10e6fa50c44998b3cd16d59400e9]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/snmplib/asn1.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/lib/snmplib/asn1.c b/lib/snmplib/asn1.c
+index 81f2051fb..2852c26b2 100644
+--- a/lib/snmplib/asn1.c
+++ b/lib/snmplib/asn1.c
+@@ -735,6 +735,7 @@ asn_build_objid(u_char * data, int *datalength,
+      * lastbyte ::= 0 7bitvalue
+      */
+     u_char buf[MAX_OID_LEN];
+    u_char *bufEnd = buf + sizeof(buf);
+     u_char *bp = buf;
+     oid *op = objid;
+     int asnlength;
+@@ -753,6 +754,10 @@ asn_build_objid(u_char * data, int *datalength,
+     while (objidlength-- > 0) {
+         subid = *op++;
+         if (subid < 127) {  /* off by one? */
+            if (bp >= bufEnd) {
+                snmp_set_api_error(SNMPERR_ASN_ENCODE);
+                return (NULL);
+            }
+             *bp++ = subid;
+         } else {
+             mask = 0x7F;    /* handle subid == 0 case */
+@@ -770,8 +775,16 @@ asn_build_objid(u_char * data, int *datalength,
+                 /* fix a mask that got truncated above */
+                 if (mask == 0x1E00000)
+                     mask = 0xFE00000;
+                if (bp >= bufEnd) {
+                    snmp_set_api_error(SNMPERR_ASN_ENCODE);
+                    return (NULL);
+                }
+                 *bp++ = (u_char) (((subid & mask) >> bits) | ASN_BIT8);
+             }
+            if (bp >= bufEnd) {
+                snmp_set_api_error(SNMPERR_ASN_ENCODE);
+                return (NULL);
+            }
+             *bp++ = (u_char) (subid & mask);
+         }
+     }
--- a/meta-networking/recipes-daemons/squid/squid_7.1.bb
+++ b/meta-networking/recipes-daemons/squid/squid_7.1.bb
@ -20,6 +20,7 @@ SRC_URI = "https://github.com/squid-cache/${BPN}/releases/download/SQUID_${PV_U}
           file://0002-squid-make-squid-conf-tests-run-on-target-device.patch \
           file://0001-libltdl-remove-reference-to-nonexisting-directory.patch \
           file://squid.nm \
+           file://CVE-2025-59362.patch \
           "

 SRC_URI[sha256sum] = "763b5a78561cedc4e47634fa42b8e6b8d46c87c949a151b4e7ac2396d2f97dea"