MIRRORS/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2025-12-14 22:35:25 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

squid: upgrade 7.1 -> 7.2

Browse Source 
Handles CVE-2025-62168.

Remove CVE patch included in this release.
Refresh remaining patches.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Peter Marko 2025-10-30 00:05:24 +01:00 committed by Khem Raj
parent 57def3bce5
commit c1c5a5ade4
3 changed files with 3 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
meta-networking/recipes-daemons/squid/files/CVE-2025-59362.patch
View File

@ -1,52 +0,0 @@
From 0d89165ee6da10e6fa50c44998b3cd16d59400e9 Mon Sep 17 00:00:00 2001
From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Sat, 30 Aug 2025 06:49:36 +0000
Subject: [PATCH] Fix ASN.1 encoding of long SNMP OIDs (#2149)
CVE: CVE-2025-59362
Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/0d89165ee6da10e6fa50c44998b3cd16d59400e9]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
lib/snmplib/asn1.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/lib/snmplib/asn1.c b/lib/snmplib/asn1.c
index 81f2051fb..2852c26b2 100644
--- a/lib/snmplib/asn1.c
+++ b/lib/snmplib/asn1.c
@@ -735,6 +735,7 @@ asn_build_objid(u_char * data, int *datalength,
* lastbyte ::= 0 7bitvalue
*/
u_char buf[MAX_OID_LEN];
+ u_char *bufEnd = buf + sizeof(buf);
u_char *bp = buf;
oid *op = objid;
int asnlength;
@@ -753,6 +754,10 @@ asn_build_objid(u_char * data, int *datalength,
while (objidlength-- > 0) {
subid = *op++;
if (subid < 127) { /* off by one? */
+ if (bp >= bufEnd) {
+ snmp_set_api_error(SNMPERR_ASN_ENCODE);
+ return (NULL);
+ }
*bp++ = subid;
} else {
mask = 0x7F; /* handle subid == 0 case */
@@ -770,8 +775,16 @@ asn_build_objid(u_char * data, int *datalength,
/* fix a mask that got truncated above */
if (mask == 0x1E00000)
mask = 0xFE00000;
+ if (bp >= bufEnd) {
+ snmp_set_api_error(SNMPERR_ASN_ENCODE);
+ return (NULL);
+ }
*bp++ = (u_char) (((subid & mask) >> bits) | ASN_BIT8);
}
+ if (bp >= bufEnd) {
+ snmp_set_api_error(SNMPERR_ASN_ENCODE);
+ return (NULL);
+ }
*bp++ = (u_char) (subid & mask);
}
}

4
meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch
View File

@ -41,7 +41,7 @@ diff --git a/acinclude/lib-checks.m4 b/acinclude/lib-checks.m4
index 9793b9a..4f2dc83 100644
--- a/acinclude/lib-checks.m4
+++ b/acinclude/lib-checks.m4
@@ -205,7 +205,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
@@ -207,7 +207,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
[
AC_MSG_RESULT([no])
],
@ -52,7 +52,7 @@ index 9793b9a..4f2dc83 100644
SQUID_STATE_ROLLBACK(check_const_SSL_METHOD)
])
@@ -347,7 +349,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
@@ -349,7 +351,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
],[
AC_MSG_RESULT([yes])
AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1)

3
meta-networking/recipes-daemons/squid/squid_7.1.bb → meta-networking/recipes-daemons/squid/squid_7.2.bb
View File

@ -20,10 +20,9 @@ SRC_URI = "https://github.com/squid-cache/${BPN}/releases/download/SQUID_${PV_U}
file://0002-squid-make-squid-conf-tests-run-on-target-device.patch \
file://0001-libltdl-remove-reference-to-nonexisting-directory.patch \
file://squid.nm \
file://CVE-2025-59362.patch \
"
SRC_URI[sha256sum] = "763b5a78561cedc4e47634fa42b8e6b8d46c87c949a151b4e7ac2396d2f97dea"
SRC_URI[sha256sum] = "5e077be1d83a9e696ce8d0d9e723b1273152207a091404be68a4b9a9e18c7003"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://errors/COPYRIGHT;md5=c2a0e15750d3a9743af9109fecc05622 \