From b0f0b3ab87cf85c76498b57f8300539d133efa6f Mon Sep 17 00:00:00 2001 From: Roman I Khimov Date: Wed, 25 Aug 2010 14:01:45 +0400 Subject: squid: update 3.1.6 to 3.1.7 * fixes DoS vulnerability * fixes lots of bugs, most notable is HTTP/1.1 compliance bugs * considered as safe upgrade Signed-off-by: Roman I Khimov --- .../squid/squid-3.1.6/fix-runs-in-configure.patch | 80 ---------------------- .../squid/squid-3.1.6/squidv3-build-cf_gen.patch | 33 --------- .../squid/squid-3.1.7/fix-runs-in-configure.patch | 80 ++++++++++++++++++++++ .../squid/squid-3.1.7/squidv3-build-cf_gen.patch | 33 +++++++++ recipes/squid/squid_3.1.6.bb | 28 -------- recipes/squid/squid_3.1.7.bb | 29 ++++++++ 6 files changed, 142 insertions(+), 141 deletions(-) delete mode 100644 recipes/squid/squid-3.1.6/fix-runs-in-configure.patch delete mode 100644 recipes/squid/squid-3.1.6/squidv3-build-cf_gen.patch create mode 100644 recipes/squid/squid-3.1.7/fix-runs-in-configure.patch create mode 100644 recipes/squid/squid-3.1.7/squidv3-build-cf_gen.patch delete mode 100644 recipes/squid/squid_3.1.6.bb create mode 100644 recipes/squid/squid_3.1.7.bb diff --git a/recipes/squid/squid-3.1.6/fix-runs-in-configure.patch b/recipes/squid/squid-3.1.6/fix-runs-in-configure.patch deleted file mode 100644 index 3ae771f3f5..0000000000 --- a/recipes/squid/squid-3.1.6/fix-runs-in-configure.patch +++ /dev/null @@ -1,80 +0,0 @@ -Index: squid-3.1.6/configure.in -=================================================================== ---- squid-3.1.6.orig/configure.in 2010-08-19 23:19:52.000000000 +0400 -+++ squid-3.1.6/configure.in 2010-08-19 23:22:44.000000000 +0400 -@@ -364,10 +364,6 @@ - fi - ]) - --dnl Nasty hack to get autoconf 2.64 on Linux to run. --dnl all other uses of RUN_IFELSE are wrapped inside CACHE_CHECK which breaks on 2.64 --AC_RUN_IFELSE([AC_LANG_SOURCE([[ int main(int argc, char **argv) { return 0; } ]])],[],[],[]) -- - dnl This is a developer only option.. developers know how to set defines - dnl - dnl AC_ARG_ENABLE(xmalloc-debug, -@@ -1318,7 +1314,7 @@ - dnl Verify that epoll really works - if test $ac_cv_func_epoll_ctl = yes; then - AC_CACHE_CHECK(if epoll works, ac_cv_epoll_works, -- AC_RUN_IFELSE([AC_LANG_SOURCE([[ -+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ - #include - #include - #include -@@ -3070,7 +3066,7 @@ - dnl setresuid() but doesn't implement it. - dnl - AC_CACHE_CHECK(if setresuid is implemented, ac_cv_func_setresuid, -- AC_RUN_IFELSE([AC_LANG_SOURCE([[ -+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ - #include - int main(int argc, char **argv) { - if(setresuid(-1,-1,-1)) { -@@ -3090,7 +3086,7 @@ - dnl copy that crashes with a buffer over-run! - dnl - AC_CACHE_CHECK(if strnstr is well implemented, ac_cv_func_strnstr, -- AC_RUN_IFELSE([AC_LANG_SOURCE([[ -+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ - #include - #include - #include -@@ -3116,7 +3112,7 @@ - dnl Test for va_copy - dnl - AC_CACHE_CHECK(if va_copy is implemented, ac_cv_func_va_copy, -- AC_RUN_IFELSE([AC_LANG_SOURCE([[ -+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ - #include - #include - int f (int i, ...) { -@@ -3139,7 +3135,7 @@ - dnl Some systems support __va_copy - dnl - AC_CACHE_CHECK(if __va_copy is implemented, ac_cv_func___va_copy, -- AC_RUN_IFELSE([AC_LANG_SOURCE([[ -+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ - #include - #include - int f (int i, ...) { -Index: squid-3.1.6/helpers/negotiate_auth/squid_kerb_auth/configure.in -=================================================================== ---- squid-3.1.6.orig/helpers/negotiate_auth/squid_kerb_auth/configure.in 2010-08-01 18:01:38.000000000 +0400 -+++ squid-3.1.6/helpers/negotiate_auth/squid_kerb_auth/configure.in 2010-08-19 23:20:34.000000000 +0400 -@@ -367,13 +367,13 @@ - - CPPFLAGS="$CPPFLAGS -I../../../ -I../../../include/ -I$squid_dir/include -I$squid_dir/src -I$squid_dir" - AC_CACHE_CHECK([for SQUID at '$squid_dir' ],ac_cv_have_squid,[ --AC_TRY_RUN([ -+AC_TRY_COMPILE([ - #include - int main(int argc, char *argv[]) { - #ifdef SQUID_CONFIG_H - return 0; - #else --return 1; -+boom! - #endif - }], - ac_cv_have_squid=yes, diff --git a/recipes/squid/squid-3.1.6/squidv3-build-cf_gen.patch b/recipes/squid/squid-3.1.6/squidv3-build-cf_gen.patch deleted file mode 100644 index 955acf8007..0000000000 --- a/recipes/squid/squid-3.1.6/squidv3-build-cf_gen.patch +++ /dev/null @@ -1,33 +0,0 @@ -Index: squid-3.1.4/configure.in -=================================================================== ---- squid-3.1.4.orig/configure.in 2010-05-30 17:21:49.000000000 +0400 -+++ squid-3.1.4/configure.in 2010-07-06 15:41:52.000000000 +0400 -@@ -2116,6 +2116,10 @@ - ;; - esac - -+dnl Define BUILD_CXX -+BUILD_CXX="$BUILD_CXX" -+AC_SUBST(BUILD_CXX) -+ - dnl Check for programs - AC_PROG_CPP - AC_PROG_INSTALL -Index: squid-3.1.4/src/Makefile.am -=================================================================== ---- squid-3.1.4.orig/src/Makefile.am 2010-05-30 17:21:11.000000000 +0400 -+++ squid-3.1.4/src/Makefile.am 2010-07-06 15:42:29.000000000 +0400 -@@ -751,6 +751,13 @@ - squid.conf.default squid.conf.documented: cf_parser.cci - true - -+BUILD_CXX ?= @BUILD_CXX@ -+ -+cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES) -+ $(BUILD_CXX) -o $@ $(srcdir)/cf_gen.cc \ -+ $(top_srcdir)/lib/util.c $(top_srcdir)/compat/assert.cc \ -+ -DNDEBUG -DBUILD_HOST_TOOL ${INCLUDES} -+ - cf_parser.cci: cf.data cf_gen$(EXEEXT) - ./cf_gen cf.data $(srcdir)/cf.data.depend - diff --git a/recipes/squid/squid-3.1.7/fix-runs-in-configure.patch b/recipes/squid/squid-3.1.7/fix-runs-in-configure.patch new file mode 100644 index 0000000000..3ae771f3f5 --- /dev/null +++ b/recipes/squid/squid-3.1.7/fix-runs-in-configure.patch @@ -0,0 +1,80 @@ +Index: squid-3.1.6/configure.in +=================================================================== +--- squid-3.1.6.orig/configure.in 2010-08-19 23:19:52.000000000 +0400 ++++ squid-3.1.6/configure.in 2010-08-19 23:22:44.000000000 +0400 +@@ -364,10 +364,6 @@ + fi + ]) + +-dnl Nasty hack to get autoconf 2.64 on Linux to run. +-dnl all other uses of RUN_IFELSE are wrapped inside CACHE_CHECK which breaks on 2.64 +-AC_RUN_IFELSE([AC_LANG_SOURCE([[ int main(int argc, char **argv) { return 0; } ]])],[],[],[]) +- + dnl This is a developer only option.. developers know how to set defines + dnl + dnl AC_ARG_ENABLE(xmalloc-debug, +@@ -1318,7 +1314,7 @@ + dnl Verify that epoll really works + if test $ac_cv_func_epoll_ctl = yes; then + AC_CACHE_CHECK(if epoll works, ac_cv_epoll_works, +- AC_RUN_IFELSE([AC_LANG_SOURCE([[ ++ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + #include + #include +@@ -3070,7 +3066,7 @@ + dnl setresuid() but doesn't implement it. + dnl + AC_CACHE_CHECK(if setresuid is implemented, ac_cv_func_setresuid, +- AC_RUN_IFELSE([AC_LANG_SOURCE([[ ++ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + int main(int argc, char **argv) { + if(setresuid(-1,-1,-1)) { +@@ -3090,7 +3086,7 @@ + dnl copy that crashes with a buffer over-run! + dnl + AC_CACHE_CHECK(if strnstr is well implemented, ac_cv_func_strnstr, +- AC_RUN_IFELSE([AC_LANG_SOURCE([[ ++ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + #include + #include +@@ -3116,7 +3112,7 @@ + dnl Test for va_copy + dnl + AC_CACHE_CHECK(if va_copy is implemented, ac_cv_func_va_copy, +- AC_RUN_IFELSE([AC_LANG_SOURCE([[ ++ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + #include + int f (int i, ...) { +@@ -3139,7 +3135,7 @@ + dnl Some systems support __va_copy + dnl + AC_CACHE_CHECK(if __va_copy is implemented, ac_cv_func___va_copy, +- AC_RUN_IFELSE([AC_LANG_SOURCE([[ ++ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + #include + int f (int i, ...) { +Index: squid-3.1.6/helpers/negotiate_auth/squid_kerb_auth/configure.in +=================================================================== +--- squid-3.1.6.orig/helpers/negotiate_auth/squid_kerb_auth/configure.in 2010-08-01 18:01:38.000000000 +0400 ++++ squid-3.1.6/helpers/negotiate_auth/squid_kerb_auth/configure.in 2010-08-19 23:20:34.000000000 +0400 +@@ -367,13 +367,13 @@ + + CPPFLAGS="$CPPFLAGS -I../../../ -I../../../include/ -I$squid_dir/include -I$squid_dir/src -I$squid_dir" + AC_CACHE_CHECK([for SQUID at '$squid_dir' ],ac_cv_have_squid,[ +-AC_TRY_RUN([ ++AC_TRY_COMPILE([ + #include + int main(int argc, char *argv[]) { + #ifdef SQUID_CONFIG_H + return 0; + #else +-return 1; ++boom! + #endif + }], + ac_cv_have_squid=yes, diff --git a/recipes/squid/squid-3.1.7/squidv3-build-cf_gen.patch b/recipes/squid/squid-3.1.7/squidv3-build-cf_gen.patch new file mode 100644 index 0000000000..955acf8007 --- /dev/null +++ b/recipes/squid/squid-3.1.7/squidv3-build-cf_gen.patch @@ -0,0 +1,33 @@ +Index: squid-3.1.4/configure.in +=================================================================== +--- squid-3.1.4.orig/configure.in 2010-05-30 17:21:49.000000000 +0400 ++++ squid-3.1.4/configure.in 2010-07-06 15:41:52.000000000 +0400 +@@ -2116,6 +2116,10 @@ + ;; + esac + ++dnl Define BUILD_CXX ++BUILD_CXX="$BUILD_CXX" ++AC_SUBST(BUILD_CXX) ++ + dnl Check for programs + AC_PROG_CPP + AC_PROG_INSTALL +Index: squid-3.1.4/src/Makefile.am +=================================================================== +--- squid-3.1.4.orig/src/Makefile.am 2010-05-30 17:21:11.000000000 +0400 ++++ squid-3.1.4/src/Makefile.am 2010-07-06 15:42:29.000000000 +0400 +@@ -751,6 +751,13 @@ + squid.conf.default squid.conf.documented: cf_parser.cci + true + ++BUILD_CXX ?= @BUILD_CXX@ ++ ++cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES) ++ $(BUILD_CXX) -o $@ $(srcdir)/cf_gen.cc \ ++ $(top_srcdir)/lib/util.c $(top_srcdir)/compat/assert.cc \ ++ -DNDEBUG -DBUILD_HOST_TOOL ${INCLUDES} ++ + cf_parser.cci: cf.data cf_gen$(EXEEXT) + ./cf_gen cf.data $(srcdir)/cf.data.depend + diff --git a/recipes/squid/squid_3.1.6.bb b/recipes/squid/squid_3.1.6.bb deleted file mode 100644 index 1949f7751f..0000000000 --- a/recipes/squid/squid_3.1.6.bb +++ /dev/null @@ -1,28 +0,0 @@ -PR = "${INC_PR}.0" - -include squid.inc - -# GPLv2+ since 2.6.STABLE18 -LICENSE = "GPL" - -EXTRA_OECONF += "--enable-epoll --enable-icap-client --with-dl --enable-linux-netfilter" - -EXTRA_OEMAKE += "DEFAULT_STYLESHEET=${sysconfdir}/squid/errorpage.css DEFAULT_CONFIG_DIR=${sysconfdir}/squid" - -SRC_URI += " \ - file://squidv3-build-cf_gen.patch \ - file://fix-runs-in-configure.patch \ - " - -SRC_URI[squid-3.1.6.md5sum] = "e9e2e9a9b5a305ba717be93ebb85f245" -SRC_URI[squid-3.1.6.sha256sum] = "e1de72d85a1b607e7dd477e29c4582b34f844af675211cb273421c920073f4fa" - -do_configure_prepend() { - export ac_cv_epoll_ctl=yes - export ac_cv_epoll_works=yes - export ac_cv_func_setresuid=yes -} - -do_install_append() { - mv ${D}${sysconfdir}/squid.conf.documented ${D}${sysconfdir}/squid/ -} diff --git a/recipes/squid/squid_3.1.7.bb b/recipes/squid/squid_3.1.7.bb new file mode 100644 index 0000000000..de0ddcd0d6 --- /dev/null +++ b/recipes/squid/squid_3.1.7.bb @@ -0,0 +1,29 @@ +PR = "${INC_PR}.0" + +include squid.inc + +# GPLv2+ since 2.6.STABLE18 +LICENSE = "GPL" + +EXTRA_OECONF += "--enable-epoll --enable-icap-client --with-dl --enable-linux-netfilter" + +EXTRA_OEMAKE += "DEFAULT_STYLESHEET=${sysconfdir}/squid/errorpage.css DEFAULT_CONFIG_DIR=${sysconfdir}/squid" + +SRC_URI += " \ + file://squidv3-build-cf_gen.patch \ + file://fix-runs-in-configure.patch \ + " + +SRC_URI[squid-3.1.7.md5sum] = "83e7aabc1b5bb5b7c83f6dc2f32ca418" +SRC_URI[squid-3.1.7.sha256sum] = "5252180a262bdd2cc4ab8afe40c1989c21035bdfe4eaa0bcb19589e3d316d4ac" + + +do_configure_prepend() { + export ac_cv_epoll_ctl=yes + export ac_cv_epoll_works=yes + export ac_cv_func_setresuid=yes +} + +do_install_append() { + mv ${D}${sysconfdir}/squid.conf.documented ${D}${sysconfdir}/squid/ +} -- cgit 1.2.3-korg