From 5b80bfd7bffd4c20d80b7c70a7130529e9a755dd Mon Sep 17 00:00:00 2001 From: ToshikazuOhiwa Date: Mon, 30 Mar 2020 09:24:26 +0900 Subject: agl-basesystem --- ...1-ext_edirectory_userip_acl-refactoring-f.patch | 506 +++++++++++++++++++++ ...heck-for-Wno-error-format-truncation-comp.patch | 118 +++++ ...0001-tools.cc-fixed-unused-result-warning.patch | 32 ++ .../files/0002-smblib-fix-buffer-over-read.patch | 39 ++ ...flawed-dynamic-ldb-link-test-in-configure.patch | 40 ++ .../squid/files/Set-up-for-cross-compilation.patch | 28 ++ .../squid/files/Skip-AC_RUN_IFELSE-tests.patch | 65 +++ .../recipes-daemons/squid/files/run-ptest | 3 + .../squid/files/set_sysroot_patch.patch | 41 ++ ...d-don-t-do-squid-conf-tests-at-build-time.patch | 61 +++ ...d-use-serial-tests-config-needed-by-ptest.patch | 29 ++ .../recipes-daemons/squid/files/volatiles.03_squid | 3 + 12 files changed, 965 insertions(+) create mode 100644 external/meta-openembedded/meta-networking/recipes-daemons/squid/files/0001-Bug-4843-pt1-ext_edirectory_userip_acl-refactoring-f.patch create mode 100644 external/meta-openembedded/meta-networking/recipes-daemons/squid/files/0001-configure-Check-for-Wno-error-format-truncation-comp.patch create mode 100644 external/meta-openembedded/meta-networking/recipes-daemons/squid/files/0001-tools.cc-fixed-unused-result-warning.patch create mode 100644 external/meta-openembedded/meta-networking/recipes-daemons/squid/files/0002-smblib-fix-buffer-over-read.patch create mode 100644 external/meta-openembedded/meta-networking/recipes-daemons/squid/files/Fix-flawed-dynamic-ldb-link-test-in-configure.patch create mode 100644 external/meta-openembedded/meta-networking/recipes-daemons/squid/files/Set-up-for-cross-compilation.patch create mode 100644 external/meta-openembedded/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch create mode 100644 external/meta-openembedded/meta-networking/recipes-daemons/squid/files/run-ptest create mode 100644 external/meta-openembedded/meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch create mode 100644 external/meta-openembedded/meta-networking/recipes-daemons/squid/files/squid-don-t-do-squid-conf-tests-at-build-time.patch create mode 100644 external/meta-openembedded/meta-networking/recipes-daemons/squid/files/squid-use-serial-tests-config-needed-by-ptest.patch create mode 100644 external/meta-openembedded/meta-networking/recipes-daemons/squid/files/volatiles.03_squid (limited to 'external/meta-openembedded/meta-networking/recipes-daemons/squid/files') diff --git a/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/0001-Bug-4843-pt1-ext_edirectory_userip_acl-refactoring-f.patch b/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/0001-Bug-4843-pt1-ext_edirectory_userip_acl-refactoring-f.patch new file mode 100644 index 00000000..001d9e90 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/0001-Bug-4843-pt1-ext_edirectory_userip_acl-refactoring-f.patch @@ -0,0 +1,506 @@ +From 01a44c96dbd04936e9cb2501745a834a0b09d504 Mon Sep 17 00:00:00 2001 +From: Amos Jeffries +Date: Sun, 13 May 2018 06:57:41 +0000 +Subject: [PATCH] Bug 4843 pt1: ext_edirectory_userip_acl refactoring for GCC-8 + (#204) + +Proposed changes to this helper to fix strcat / strncat buffer +overread / overflow issues. + +The approach takes three parts: + +* adds a makeHexString function to replace many for-loops + catenating bits of strings together with hex conversion into a + second buffer. Replacing with a snprintf() and buffer overflow + handling. + +* a copy of Ip::Address::lookupHostIp to convert the input + string into IP address binary format, then generate the hex + string using the above new hex function instead of looped + sub-string concatenations across several buffers. + This removes all the "00" and "0000" strncat() calls and + allows far simpler code even with added buffer overflow + handling. + +* replace multiple string part concatenations with a few simpler + calls to snprintf() for all the search_ip buffer constructions. + Adding buffer overflow handling as needed for the new calls. +--- +Signed-off-by: Khem Raj +Upstream-Status: Backport + + .../ext_edirectory_userip_acl.cc | 376 ++++++------------ + 1 file changed, 120 insertions(+), 256 deletions(-) + +diff --git a/helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.cc b/helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.cc +index 63609e4..ad16bfd 100644 +--- a/helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.cc ++++ b/helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.cc +@@ -67,6 +67,9 @@ + #ifdef HAVE_LDAP_H + #include + #endif ++#ifdef HAVE_NETDB_H ++#include ++#endif + + #ifdef HELPER_INPUT_BUFFER + #define EDUI_MAXLEN HELPER_INPUT_BUFFER +@@ -714,11 +717,14 @@ BindLDAP(edui_ldap_t *l, char *dn, char *pw, unsigned int t) + + /* Copy details - dn and pw CAN be NULL for anonymous and/or TLS */ + if (dn != NULL) { ++ if (strlen(dn) >= sizeof(l->dn)) ++ return LDAP_ERR_OOB; /* DN too large */ ++ + if ((l->basedn[0] != '\0') && (strstr(dn, l->basedn) == NULL)) { + /* We got a basedn, but it's not part of dn */ +- xstrncpy(l->dn, dn, sizeof(l->dn)); +- strncat(l->dn, ",", 1); +- strncat(l->dn, l->basedn, strlen(l->basedn)); ++ const int x = snprintf(l->dn, sizeof(l->dn)-1, "%s,%s", dn, l->basedn); ++ if (x < 0 || static_cast(x) >= sizeof(l->dn)) ++ return LDAP_ERR_OOB; /* DN too large */ + } else + xstrncpy(l->dn, dn, sizeof(l->dn)); + } +@@ -778,24 +784,73 @@ BindLDAP(edui_ldap_t *l, char *dn, char *pw, unsigned int t) + } + } + ++// XXX: duplicate (partial) of Ip::Address::lookupHostIp ++/** ++ * Convert the IP address string representation in src to ++ * its binary representation. ++ * ++ * \return binary representation of the src IP address. ++ * Must be free'd using freeaddrinfo(). ++ */ ++static struct addrinfo * ++makeIpBinary(const char *src) ++{ ++ struct addrinfo want; ++ memset(&want, 0, sizeof(want)); ++ want.ai_flags = AI_NUMERICHOST; // prevent actual DNS lookups! ++ ++ struct addrinfo *dst = nullptr; ++ if (getaddrinfo(src, nullptr, &want, &dst) != 0) { ++ // not an IP address ++ /* free any memory getaddrinfo() dynamically allocated. */ ++ if (dst) ++ freeaddrinfo(dst); ++ return nullptr; ++ } ++ ++ return dst; ++} ++ ++/** ++ * Convert srcLen bytes from src into HEX and store into dst, which ++ * has a maximum content size of dstSize including c-string terminator. ++ * The dst value produced will be a 0-terminated c-string. ++ * ++ * \retval N length of dst written (excluding c-string terminator) ++ * \retval -11 (LDAP_ERR_OOB) buffer overflow detected ++ */ ++static int ++makeHexString(char *dst, const int dstSize, const char *src, const int srcLen) ++{ ++ // HEX encoding doubles the amount of bytes/octets copied ++ if ((srcLen*2) >= dstSize) ++ return LDAP_ERR_OOB; // cannot copy that many ++ ++ *dst = 0; ++ ++ for (int k = 0; k < srcLen; ++k) { ++ int c = static_cast(src[k]); ++ if (c < 0) ++ c = c + 256; ++ char hexc[4]; ++ const int hlen = snprintf(hexc, sizeof(hexc), "%02X", c); ++ if (hlen < 0 || static_cast(hlen) > sizeof(hexc)) // should be impossible ++ return LDAP_ERR_OOB; ++ strcat(dst, hexc); ++ } ++ return strlen(dst); ++} ++ + /* + * ConvertIP() - + * + * Take an IPv4 address in dot-decimal or IPv6 notation, and convert to 2-digit HEX stored in l->search_ip + * This is the networkAddress that we search LDAP for. +- * +- * PENDING -- CHANGE OVER TO inet*_pton, but inet6_pton does not provide the correct syntax +- * + */ + static int + ConvertIP(edui_ldap_t *l, char *ip) + { +- char bufa[EDUI_MAXLEN], bufb[EDUI_MAXLEN], obj[EDUI_MAXLEN]; +- char hexc[4], *p; + void *y, *z; +- size_t s; +- long x; +- int i, j, t, swi; /* IPv6 "::" cut over toggle */ + if (l == NULL) return LDAP_ERR_NULL; + if (ip == NULL) return LDAP_ERR_PARAM; + if (!(l->status & LDAP_INIT_S)) return LDAP_ERR_INIT; /* Not initalized */ +@@ -831,183 +886,22 @@ ConvertIP(edui_ldap_t *l, char *ip) + l->status |= (LDAP_IPV4_S); + z = NULL; + } +- s = strlen(ip); +- *(bufa) = '\0'; +- *(bufb) = '\0'; +- *(obj) = '\0'; +- /* StringSplit() will zero out bufa & obj at each call */ +- memset(l->search_ip, '\0', sizeof(l->search_ip)); +- xstrncpy(bufa, ip, sizeof(bufa)); /* To avoid segfaults, use bufa instead of ip */ +- swi = 0; +- if (l->status & LDAP_IPV6_S) { +- /* Search for :: in string */ +- if ((bufa[0] == ':') && (bufa[1] == ':')) { +- /* bufa starts with a ::, so just copy and clear */ +- xstrncpy(bufb, bufa, sizeof(bufb)); +- *(bufa) = '\0'; +- ++swi; /* Indicates that there is a bufb */ +- } else if ((bufa[0] == ':') && (bufa[1] != ':')) { +- /* bufa starts with a :, a typo so just fill in a ':', cat and clear */ +- bufb[0] = ':'; +- strncat(bufb, bufa, strlen(bufa)); +- *(bufa) = '\0'; +- ++swi; /* Indicates that there is a bufb */ +- } else { +- p = strstr(bufa, "::"); +- if (p != NULL) { +- /* Found it, break bufa down and split into bufb here */ +- *(bufb) = '\0'; +- i = strlen(p); +- memcpy(bufb, p, i); +- *p = '\0'; +- bufb[i] = '\0'; +- ++swi; /* Indicates that there is a bufb */ +- } +- } +- } +- s = strlen(bufa); +- if (s < 1) +- s = strlen(bufb); +- while (s > 0) { +- if ((l->status & LDAP_IPV4_S) && (swi == 0)) { +- /* Break down IPv4 address */ +- t = StringSplit(bufa, '.', obj, sizeof(obj)); +- if (t > 0) { +- errno = 0; +- x = strtol(obj, (char **)NULL, 10); +- if (((x < 0) || (x > 255)) || ((errno != 0) && (x == 0)) || ((obj[0] != '0') && (x == 0))) +- return LDAP_ERR_OOB; /* Out of bounds -- Invalid address */ +- memset(hexc, '\0', sizeof(hexc)); +- int hlen = snprintf(hexc, sizeof(hexc), "%02X", (int)x); +- strncat(l->search_ip, hexc, hlen); +- } else +- break; /* reached end of octet */ +- } else if (l->status & LDAP_IPV6_S) { +- /* Break down IPv6 address */ +- if (swi > 1) +- t = StringSplit(bufb, ':', obj, sizeof(obj)); /* After "::" */ +- else +- t = StringSplit(bufa, ':', obj, sizeof(obj)); /* Before "::" */ +- /* Convert octet by size (t) - and fill 0's */ +- switch (t) { /* IPv6 is already in HEX, copy contents */ +- case 4: +- hexc[0] = (char) toupper((int)obj[0]); +- i = (int)hexc[0]; +- if (!isxdigit(i)) +- return LDAP_ERR_OOB; /* Out of bounds */ +- hexc[1] = (char) toupper((int)obj[1]); +- i = (int)hexc[1]; +- if (!isxdigit(i)) +- return LDAP_ERR_OOB; /* Out of bounds */ +- hexc[2] = '\0'; +- strncat(l->search_ip, hexc, 2); +- hexc[0] = (char) toupper((int)obj[2]); +- i = (int)hexc[0]; +- if (!isxdigit(i)) +- return LDAP_ERR_OOB; /* Out of bounds */ +- hexc[1] = (char) toupper((int)obj[3]); +- i = (int)hexc[1]; +- if (!isxdigit(i)) +- return LDAP_ERR_OOB; /* Out of bounds */ +- hexc[2] = '\0'; +- strncat(l->search_ip, hexc, 2); +- break; +- case 3: +- hexc[0] = '0'; +- hexc[1] = (char) toupper((int)obj[0]); +- i = (int)hexc[1]; +- if (!isxdigit(i)) +- return LDAP_ERR_OOB; /* Out of bounds */ +- hexc[2] = '\0'; +- strncat(l->search_ip, hexc, 2); +- hexc[0] = (char) toupper((int)obj[1]); +- i = (int)hexc[0]; +- if (!isxdigit(i)) +- return LDAP_ERR_OOB; /* Out of bounds */ +- hexc[1] = (char) toupper((int)obj[2]); +- i = (int)hexc[1]; +- if (!isxdigit(i)) +- return LDAP_ERR_OOB; /* Out of bounds */ +- hexc[2] = '\0'; +- strncat(l->search_ip, hexc, 2); +- break; +- case 2: +- strncat(l->search_ip, "00", 2); +- hexc[0] = (char) toupper((int)obj[0]); +- i = (int)hexc[0]; +- if (!isxdigit(i)) +- return LDAP_ERR_OOB; /* Out of bounds */ +- hexc[1] = (char) toupper((int)obj[1]); +- i = (int)hexc[1]; +- if (!isxdigit(i)) +- return LDAP_ERR_OOB; /* Out of bounds */ +- hexc[2] = '\0'; +- strncat(l->search_ip, hexc, 2); +- break; +- case 1: +- strncat(l->search_ip, "00", 2); +- hexc[0] = '0'; +- hexc[1] = (char) toupper((int)obj[0]); +- i = (int)hexc[1]; +- if (!isxdigit(i)) +- return LDAP_ERR_OOB; /* Out of bounds */ +- hexc[2] = '\0'; +- strncat(l->search_ip, hexc, 2); +- break; +- default: +- if (t > 4) +- return LDAP_ERR_OOB; +- break; +- } +- /* Code to pad the address with 0's between a '::' */ +- if ((strlen(bufa) == 0) && (swi == 1)) { +- /* We are *AT* the split, pad in some 0000 */ +- t = strlen(bufb); +- /* How many ':' exist in bufb ? */ +- j = 0; +- for (i = 0; i < t; ++i) { +- if (bufb[i] == ':') +- ++j; +- } +- --j; /* Preceding "::" doesn't count */ +- t = 8 - (strlen(l->search_ip) / 4) - j; /* Remainder */ +- if (t > 0) { +- for (i = 0; i < t; ++i) +- strncat(l->search_ip, "0000", 4); +- } +- } +- } +- if ((bufa[0] == '\0') && (swi > 0)) { +- s = strlen(bufb); +- ++swi; +- } else +- s = strlen(bufa); +- } +- s = strlen(l->search_ip); + +- /* CHECK sizes of address, truncate or pad */ +- /* if "::" is at end of ip, then pad another block or two */ +- while ((l->status & LDAP_IPV6_S) && (s < 32)) { +- strncat(l->search_ip, "0000", 4); +- s = strlen(l->search_ip); +- } +- if ((l->status & LDAP_IPV6_S) && (s > 32)) { +- /* Too long, truncate */ +- l->search_ip[32] = '\0'; +- s = strlen(l->search_ip); +- } +- /* If at end of ip, and its not long enough, then pad another block or two */ +- while ((l->status & LDAP_IPV4_S) && (s < 8)) { +- strncat(l->search_ip, "00", 2); +- s = strlen(l->search_ip); +- } +- if ((l->status & LDAP_IPV4_S) && (s > 8)) { +- /* Too long, truncate */ +- l->search_ip[8] = '\0'; +- s = strlen(l->search_ip); ++ size_t s = LDAP_ERR_INVALID; ++ if (struct addrinfo *dst = makeIpBinary(ip)) { ++ if (dst->ai_family == AF_INET6) { ++ struct sockaddr_in6 *sia = reinterpret_cast(dst->ai_addr); ++ const char *ia = reinterpret_cast(sia->sin6_addr.s6_addr); ++ s = makeHexString(l->search_ip, sizeof(l->search_ip), ia, 16); // IPv6 = 16-byte address ++ ++ } else if (dst->ai_family == AF_INET) { ++ struct sockaddr_in *sia = reinterpret_cast(dst->ai_addr); ++ const char *ia = reinterpret_cast(&(sia->sin_addr)); ++ s = makeHexString(l->search_ip, sizeof(l->search_ip), ia, 4); // IPv4 = 4-byte address ++ } // else leave s with LDAP_ERR_INVALID value ++ freeaddrinfo(dst); + } + +- /* Completed, s is length of address in HEX */ + return s; + } + +@@ -1099,48 +993,42 @@ SearchFilterLDAP(edui_ldap_t *l, char *group) + } + if (group == NULL) { + /* No groupMembership= to add, yay! */ +- xstrncpy(bufa, "(&", sizeof(bufa)); +- strncat(bufa, edui_conf.search_filter, strlen(edui_conf.search_filter)); + /* networkAddress */ +- snprintf(bufb, sizeof(bufb), "(|(networkAddress=1\\23%s)", bufc); + if (l->status & LDAP_IPV4_S) { +- int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=8\\23\\00\\00%s)(networkAddress=9\\23\\00\\00%s))", \ +- bufc, bufc); +- strncat(bufb, bufd, ln); ++ const int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=8\\23\\00\\00%s)(networkAddress=9\\23\\00\\00%s)", bufc, bufc); ++ if (ln < 0 || static_cast(ln) >= sizeof(bufd)) ++ return LDAP_ERR_OOB; ++ + } else if (l->status & LDAP_IPV6_S) { +- int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=10\\23\\00\\00%s)(networkAddress=11\\23\\00\\00%s))", \ +- bufc, bufc); +- strncat(bufb, bufd, ln); +- } else +- strncat(bufb, ")", 1); +- strncat(bufa, bufb, strlen(bufb)); +- strncat(bufa, ")", 1); ++ const int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=10\\23\\00\\00%s)(networkAddress=11\\23\\00\\00%s)", bufc, bufc); ++ if (ln < 0 || static_cast(ln) >= sizeof(bufd)) ++ return LDAP_ERR_OOB; ++ } ++ const int x = snprintf(bufa, sizeof(bufa), "(&%s(|(networkAddress=1\\23%s)%s))", edui_conf.search_filter, bufc, bufd); ++ if (x < 0 || static_cast(x) >= sizeof(bufa)) ++ return LDAP_ERR_OOB; ++ + } else { + /* Needs groupMembership= to add... */ +- xstrncpy(bufa, "(&(&", sizeof(bufa)); +- strncat(bufa, edui_conf.search_filter, strlen(edui_conf.search_filter)); + /* groupMembership -- NOTE: Squid *MUST* provide "cn=" from squid.conf */ +- snprintf(bufg, sizeof(bufg), "(groupMembership=%s", group); + if ((l->basedn[0] != '\0') && (strstr(group, l->basedn) == NULL)) { +- strncat(bufg, ",", 1); +- strncat(bufg, l->basedn, strlen(l->basedn)); ++ const int ln = snprintf(bufg, sizeof(bufg), ",%s", l->basedn); ++ if (ln < 0 || static_cast(ln) >= sizeof(bufd)) ++ return LDAP_ERR_OOB; + } +- strncat(bufg, ")", 1); +- strncat(bufa, bufg, strlen(bufg)); + /* networkAddress */ +- snprintf(bufb, sizeof(bufb), "(|(networkAddress=1\\23%s)", bufc); + if (l->status & LDAP_IPV4_S) { +- int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=8\\23\\00\\00%s)(networkAddress=9\\23\\00\\00%s))", \ +- bufc, bufc); +- strncat(bufb, bufd, ln); ++ const int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=8\\23\\00\\00%s)(networkAddress=9\\23\\00\\00%s)", bufc, bufc); ++ if (ln < 0 || static_cast(ln) >= sizeof(bufd)) ++ return LDAP_ERR_OOB; + } else if (l->status & LDAP_IPV6_S) { +- int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=10\\23\\00\\00%s)(networkAddress=11\\23\\00\\00%s))", \ +- bufc, bufc); +- strncat(bufb, bufd, ln); +- } else +- strncat(bufb, ")", 1); +- strncat(bufa, bufb, strlen(bufb)); +- strncat(bufa, "))", 2); ++ const int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=10\\23\\00\\00%s)(networkAddress=11\\23\\00\\00%s)", bufc, bufc); ++ if (ln < 0 || static_cast(ln) >= sizeof(bufd)) ++ return LDAP_ERR_OOB; ++ } ++ const int x = snprintf(bufa, sizeof(bufa), "(&(&%s(groupMembership=%s%s)(|(networkAddress=1\\23%s)%s)))", edui_conf.search_filter, group, bufg, bufc, bufd); ++ if (x < 0 || static_cast(x) >= sizeof(bufa)) ++ return LDAP_ERR_OOB; + } + s = strlen(bufa); + xstrncpy(l->search_filter, bufa, sizeof(l->search_filter)); +@@ -1212,10 +1100,10 @@ static int + SearchIPLDAP(edui_ldap_t *l) + { + ber_len_t i, x; +- ber_len_t j, k; +- ber_len_t y, z; +- int c; +- char bufa[EDUI_MAXLEN], bufb[EDUI_MAXLEN], hexc[4]; ++ ber_len_t j; ++ ber_len_t z; ++ char bufa[EDUI_MAXLEN]; ++ char bufb[EDUI_MAXLEN]; + LDAPMessage *ent; + if (l == NULL) return LDAP_ERR_NULL; + if (l->lp == NULL) return LDAP_ERR_POINTER; +@@ -1273,19 +1161,11 @@ SearchIPLDAP(edui_ldap_t *l) + /* bufa is the address, just compare it */ + if (!(l->status & LDAP_IPV4_S) || (l->status & LDAP_IPV6_S)) + break; /* Not looking for IPv4 */ +- for (k = 0; k < z; ++k) { +- c = (int) bufa[k]; +- if (c < 0) +- c = c + 256; +- int hlen = snprintf(hexc, sizeof(hexc), "%02X", c); +- if (k == 0) +- xstrncpy(bufb, hexc, sizeof(bufb)); +- else +- strncat(bufb, hexc, hlen); +- } +- y = strlen(bufb); ++ const int blen = makeHexString(bufb, sizeof(bufb), bufa, z); ++ if (blen < 0) ++ return blen; + /* Compare value with IP */ +- if (memcmp(l->search_ip, bufb, y) == 0) { ++ if (memcmp(l->search_ip, bufb, blen) == 0) { + /* We got a match! - Scan 'ber' for 'cn' values */ + z = ldap_count_values_len(ber); + for (j = 0; j < z; ++j) { +@@ -1308,19 +1188,11 @@ SearchIPLDAP(edui_ldap_t *l) + /* bufa + 2 is the address (skip 2 digit port) */ + if (!(l->status & LDAP_IPV4_S) || (l->status & LDAP_IPV6_S)) + break; /* Not looking for IPv4 */ +- for (k = 2; k < z; ++k) { +- c = (int) bufa[k]; +- if (c < 0) +- c = c + 256; +- int hlen = snprintf(hexc, sizeof(hexc), "%02X", c); +- if (k == 2) +- xstrncpy(bufb, hexc, sizeof(bufb)); +- else +- strncat(bufb, hexc, hlen); +- } +- y = strlen(bufb); ++ const int blen = makeHexString(bufb, sizeof(bufb), &bufa[2], z); ++ if (blen < 0) ++ return blen; + /* Compare value with IP */ +- if (memcmp(l->search_ip, bufb, y) == 0) { ++ if (memcmp(l->search_ip, bufb, blen) == 0) { + /* We got a match! - Scan 'ber' for 'cn' values */ + z = ldap_count_values_len(ber); + for (j = 0; j < z; ++j) { +@@ -1343,19 +1215,11 @@ SearchIPLDAP(edui_ldap_t *l) + /* bufa + 2 is the address (skip 2 digit port) */ + if (!(l->status & LDAP_IPV6_S)) + break; /* Not looking for IPv6 */ +- for (k = 2; k < z; ++k) { +- c = (int) bufa[k]; +- if (c < 0) +- c = c + 256; +- int hlen = snprintf(hexc, sizeof(hexc), "%02X", c); +- if (k == 2) +- xstrncpy(bufb, hexc, sizeof(bufb)); +- else +- strncat(bufb, hexc, hlen); +- } +- y = strlen(bufb); ++ const int blen = makeHexString(bufb, sizeof(bufb), &bufa[2], z); ++ if (blen < 0) ++ return blen; + /* Compare value with IP */ +- if (memcmp(l->search_ip, bufb, y) == 0) { ++ if (memcmp(l->search_ip, bufb, blen) == 0) { + /* We got a match! - Scan 'ber' for 'cn' values */ + z = ldap_count_values_len(ber); + for (j = 0; j < z; ++j) { diff --git a/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/0001-configure-Check-for-Wno-error-format-truncation-comp.patch b/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/0001-configure-Check-for-Wno-error-format-truncation-comp.patch new file mode 100644 index 00000000..302136a0 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/0001-configure-Check-for-Wno-error-format-truncation-comp.patch @@ -0,0 +1,118 @@ +From c21adbb0b230ffba97cf5d059e2bd024e13a37df Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Sat, 22 Apr 2017 11:54:57 -0700 +Subject: [PATCH] configure: Check for -Wno-error=format-truncation compiler + option + +If this option is supported by compiler then disable it ( gcc7+) +Fixes +client.c:834:23: error: '%s' directive output may be truncated writing up to 1023 bytes into a region of size 1010 [-Werror=format-truncation=] + +Signed-off-by: Khem Raj + +--- + acinclude/ax_check_compile_flag.m4 | 74 ++++++++++++++++++++++++++++++++++++++ + configure.ac | 2 ++ + 2 files changed, 76 insertions(+) + create mode 100644 acinclude/ax_check_compile_flag.m4 + +diff --git a/acinclude/ax_check_compile_flag.m4 b/acinclude/ax_check_compile_flag.m4 +new file mode 100644 +index 0000000..dcabb92 +--- /dev/null ++++ b/acinclude/ax_check_compile_flag.m4 +@@ -0,0 +1,74 @@ ++# =========================================================================== ++# https://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html ++# =========================================================================== ++# ++# SYNOPSIS ++# ++# AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT]) ++# ++# DESCRIPTION ++# ++# Check whether the given FLAG works with the current language's compiler ++# or gives an error. (Warnings, however, are ignored) ++# ++# ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on ++# success/failure. ++# ++# If EXTRA-FLAGS is defined, it is added to the current language's default ++# flags (e.g. CFLAGS) when the check is done. The check is thus made with ++# the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to ++# force the compiler to issue an error when a bad flag is given. ++# ++# INPUT gives an alternative input source to AC_COMPILE_IFELSE. ++# ++# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this ++# macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG. ++# ++# LICENSE ++# ++# Copyright (c) 2008 Guido U. Draheim ++# Copyright (c) 2011 Maarten Bosmans ++# ++# This program is free software: you can redistribute it and/or modify it ++# under the terms of the GNU General Public License as published by the ++# Free Software Foundation, either version 3 of the License, or (at your ++# option) any later version. ++# ++# This program is distributed in the hope that it will be useful, but ++# WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General ++# Public License for more details. ++# ++# You should have received a copy of the GNU General Public License along ++# with this program. If not, see . ++# ++# As a special exception, the respective Autoconf Macro's copyright owner ++# gives unlimited permission to copy, distribute and modify the configure ++# scripts that are the output of Autoconf when processing the Macro. You ++# need not follow the terms of the GNU General Public License when using ++# or distributing such scripts, even though portions of the text of the ++# Macro appear in them. The GNU General Public License (GPL) does govern ++# all other use of the material that constitutes the Autoconf Macro. ++# ++# This special exception to the GPL applies to versions of the Autoconf ++# Macro released by the Autoconf Archive. When you make and distribute a ++# modified version of the Autoconf Macro, you may extend this special ++# exception to the GPL to apply to your modified version as well. ++ ++#serial 5 ++ ++AC_DEFUN([AX_CHECK_COMPILE_FLAG], ++[AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF ++AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl ++AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [ ++ ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS ++ _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1" ++ AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])], ++ [AS_VAR_SET(CACHEVAR,[yes])], ++ [AS_VAR_SET(CACHEVAR,[no])]) ++ _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags]) ++AS_VAR_IF(CACHEVAR,yes, ++ [m4_default([$2], :)], ++ [m4_default([$3], :)]) ++AS_VAR_POPDEF([CACHEVAR])dnl ++])dnl AX_CHECK_COMPILE_FLAGS +diff --git a/configure.ac b/configure.ac +index ff4688c..9382fdf 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -26,6 +26,7 @@ m4_include([acinclude/pkg.m4]) + m4_include([acinclude/lib-checks.m4]) + m4_include([acinclude/ax_cxx_compile_stdcxx_11.m4]) + m4_include([acinclude/ax_cxx_0x_types.m4]) ++m4_include([acinclude/ax_check_compile_flag.m4]) + + HOSTCXX="$BUILD_CXX" + PRESET_CFLAGS="$CFLAGS" +@@ -44,6 +45,7 @@ AC_PROG_CXX + AC_LANG([C++]) + AC_CANONICAL_HOST + ++AX_CHECK_COMPILE_FLAG([-Werror=format-truncation],[CFLAGS="$CFLAGS -Wno-error=format-truncation" CXXFLAGS="$CXXFLAGS -Wno-error=format-truncation"]) + # Clang 3.2 on some CPUs requires -march-native to detect correctly. + # GCC 4.3+ can also produce faster executables when its used. + # But building inside a virtual machine environment has been found to diff --git a/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/0001-tools.cc-fixed-unused-result-warning.patch b/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/0001-tools.cc-fixed-unused-result-warning.patch new file mode 100644 index 00000000..8ea55d0e --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/0001-tools.cc-fixed-unused-result-warning.patch @@ -0,0 +1,32 @@ +From faaa796a138cbd5033b1e53f33faac0cf4162bf5 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Sun, 25 Jun 2017 00:59:24 -0700 +Subject: [PATCH] tools.cc: fixed unused-result warning + +fix +| ../../squid-3.5.26/src/tools.cc: In function 'void enter_suid()': +| ../../squid-3.5.26/src/tools.cc:616:11: error: ignoring return value of 'int setuid(__uid_t)', declared with attribute warn_unused_result [-Werror=unused-result] +| setuid(0); +| ~~~~~~^~~ + +Signed-off-by: Khem Raj + +--- + src/tools.cc | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/tools.cc b/src/tools.cc +index 8137a03..843e266 100644 +--- a/src/tools.cc ++++ b/src/tools.cc +@@ -612,8 +612,8 @@ enter_suid(void) + if (setresuid((uid_t)-1, 0, (uid_t)-1) < 0) + debugs (21, 3, "enter_suid: setresuid failed: " << xstrerror ()); + #else +- +- setuid(0); ++ if (setuid(0) < 0) ++ debugs(50, DBG_IMPORTANT, "WARNING: no_suid: setuid(0): " << xstrerror()); + #endif + #if HAVE_PRCTL && defined(PR_SET_DUMPABLE) + /* Set Linux DUMPABLE flag */ diff --git a/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/0002-smblib-fix-buffer-over-read.patch b/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/0002-smblib-fix-buffer-over-read.patch new file mode 100644 index 00000000..c8f0c47b --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/0002-smblib-fix-buffer-over-read.patch @@ -0,0 +1,39 @@ +From a6b1e0fd14311587186e40d09bff5c8c3aada2e4 Mon Sep 17 00:00:00 2001 +From: Amos Jeffries +Date: Sat, 25 Jul 2015 05:53:16 -0700 +Subject: [PATCH] smblib: fix buffer over-read + +When parsing SMB LanManager packets with invalid protocol ID and the +default set of Squid supported protocols. It may access memory outside +the buffer storing protocol names. + +smblib is only used by already deprecated helpers which are deprecated +due to far more significant NTLM protocol issues. It will also only +result in packets being rejected later with invalid protocol names. So +this is a minor bug rather than a vulnerability. + + Detected by Coverity Scan. Issue 1256165 +--- +Signed-off-by: Khem Raj +Upstream-Status: Backport + + lib/smblib/smblib-util.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/lib/smblib/smblib-util.c b/lib/smblib/smblib-util.c +index 6139ae2..e722cbb 100644 +--- a/lib/smblib/smblib-util.c ++++ b/lib/smblib/smblib-util.c +@@ -204,7 +204,11 @@ int SMB_Figure_Protocol(const char *dialects[], int prot_index) + { + int i; + +- if (dialects == SMB_Prots) { /* The jobs is easy, just index into table */ ++ // prot_index may be a value outside the table SMB_Types[] ++ // which holds data at offsets 0 to 11 ++ int ourType = (prot_index < 0 || prot_index > 11); ++ ++ if (ourType && dialects == SMB_Prots) { /* The jobs is easy, just index into table */ + + return(SMB_Types[prot_index]); + } else { /* Search through SMB_Prots looking for a match */ diff --git a/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/Fix-flawed-dynamic-ldb-link-test-in-configure.patch b/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/Fix-flawed-dynamic-ldb-link-test-in-configure.patch new file mode 100644 index 00000000..25f68aff --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/Fix-flawed-dynamic-ldb-link-test-in-configure.patch @@ -0,0 +1,40 @@ +From b4943594654cd340b95aabdc2f3750a4705cc0de Mon Sep 17 00:00:00 2001 +From: Jim Somerville +Date: Mon, 21 Oct 2013 12:50:44 -0400 +Subject: [PATCH] Fix flawed dynamic -ldb link test in configure + +The test uses dbopen, but just ignores the fact +that this function may not exist in the db version +used. This leads to the dynamic link test failing +and the configure script just making assumptions +about why and setting the need for -ldb incorrectly. + +Signed-off-by: Jim Somerville + +--- + configure.ac | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 57cd1ac..3827222 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -3229,8 +3229,16 @@ AC_CHECK_DECL(dbopen,,,[ + #include + #endif]) + +-dnl 1.85 +-SQUID_CHECK_DBOPEN_NEEDS_LIBDB ++if test "x$ac_cv_have_decl_dbopen" = "xyes"; then ++ dnl 1.85 ++ SQUID_CHECK_DBOPEN_NEEDS_LIBDB ++else ++ # dbopen isn't there. So instead of running a compile/link test that ++ # uses it and is thus guaranteed to fail, we just assume that we will ++ # need to link in the db library, rather than fabricate some other ++ # dynamic compile/link test. ++ ac_cv_dbopen_libdb="yes" ++fi + if test "x$ac_cv_dbopen_libdb" = "xyes"; then + LIB_DB="-ldb" + fi diff --git a/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/Set-up-for-cross-compilation.patch b/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/Set-up-for-cross-compilation.patch new file mode 100644 index 00000000..3852f7c2 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/Set-up-for-cross-compilation.patch @@ -0,0 +1,28 @@ +From 995aaf30799fa972441354b6feb45f0621968929 Mon Sep 17 00:00:00 2001 +From: Jim Somerville +Date: Wed, 16 Oct 2013 16:41:03 -0400 +Subject: [PATCH] Set up for cross compilation + +Message-Id: <17e5a28667f667859c48bee25e575a072d39ee1b.1381956170.git.Jim.Somerville@windriver.com> + +Set the host compiler to BUILD_CXX so +proper cross compilation can occur. + +Signed-off-by: Jim Somerville + +--- + configure.ac | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/configure.ac b/configure.ac +index fe80ee0..57cd1ac 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -27,6 +27,7 @@ m4_include([acinclude/lib-checks.m4]) + m4_include([acinclude/ax_cxx_compile_stdcxx_11.m4]) + m4_include([acinclude/ax_cxx_0x_types.m4]) + ++HOSTCXX="$BUILD_CXX" + PRESET_CFLAGS="$CFLAGS" + PRESET_CXXFLAGS="$CXXFLAGS" + PRESET_LDFLAGS="$LDFLAGS" diff --git a/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch b/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch new file mode 100644 index 00000000..6a335254 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch @@ -0,0 +1,65 @@ +From a85311965707ba2fa78f7ce044e6f61e65e66fd0 Mon Sep 17 00:00:00 2001 +From: Jim Somerville +Date: Tue, 14 Oct 2014 02:56:08 -0400 +Subject: [PATCH] Skip AC_RUN_IFELSE tests + +Upstream-Status: Inappropriate [cross compiling specific] + +Such tests are not supported in a cross compile +environment. Choose sane defaults. + +Signed-off-by: Jim Somerville +Signed-off-by: Jackie Huang + +--- + acinclude/krb5.m4 | 10 +++++++++- + acinclude/lib-checks.m4 | 8 ++++++-- + 2 files changed, 15 insertions(+), 3 deletions(-) + +diff --git a/acinclude/krb5.m4 b/acinclude/krb5.m4 +index 5c83d88..c264118 100644 +--- a/acinclude/krb5.m4 ++++ b/acinclude/krb5.m4 +@@ -61,7 +61,15 @@ main(void) + + return 0; + } +-]])], [ squid_cv_broken_heimdal_krb5_h=yes ], [ squid_cv_broken_heimdal_krb5_h=no ]) ++]])], [ squid_cv_broken_heimdal_krb5_h=yes ], [ squid_cv_broken_heimdal_krb5_h=no ], ++[ ++ dnl Can't test in cross compiled env - so assume good ++ squid_cv_broken_heimdal_krb5_h=no ++]) ++ ], ++ [ ++ dnl Can't test in cross compiled env - so assume good ++ squid_cv_broken_heimdal_krb5_h=no + ]) + ]) + ]) dnl SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H +diff --git a/acinclude/lib-checks.m4 b/acinclude/lib-checks.m4 +index c4874da..ba72982 100644 +--- a/acinclude/lib-checks.m4 ++++ b/acinclude/lib-checks.m4 +@@ -177,7 +177,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[ + [ + AC_MSG_RESULT([no]) + ], +- []) ++ [ ++ AC_MSG_RESULT([skipped - can't test in cross-compiled env]) ++ ]) + + SQUID_STATE_ROLLBACK(check_const_SSL_METHOD) + ] +@@ -265,7 +267,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[ + AC_MSG_RESULT([yes]) + AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1) + ], +-[]) ++[ ++ AC_MSG_RESULT([skipped - can't test in cross-compiled env]) ++]) + + SQUID_STATE_ROLLBACK(check_TXTDB) + ]) diff --git a/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/run-ptest b/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/run-ptest new file mode 100644 index 00000000..de79a293 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/run-ptest @@ -0,0 +1,3 @@ +#!/bin/sh +# +make -C test-suite -k runtest-TESTS diff --git a/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch b/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch new file mode 100644 index 00000000..e990480a --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch @@ -0,0 +1,41 @@ +From 702bd881b66dc034e711c0ff47805f2da40b6e0d Mon Sep 17 00:00:00 2001 +From: Yue Tao +Date: Mon, 8 Aug 2016 16:04:33 +0800 +Subject: [PATCH] Set the SYSROOT for libxml2 header file to avoid host + contamination. + +Upstream-Status: Inappropriate [embedded specific] + +Signed-off-by: Yue Tao +Signed-off-by: Yi Zhao + +--- + configure.ac | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 504a844..ff4688c 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -974,15 +974,15 @@ if test "x$squid_opt_use_esi" = "xyes" -a "x$with_libxml2" != "xno" ; then + dnl Find the main header and include path... + AC_CACHE_CHECK([location of libxml2 include files], [ac_cv_libxml2_include], [ + AC_CHECK_HEADERS([libxml/parser.h], [], [ +- AC_MSG_NOTICE([Testing in /usr/include/libxml2]) ++ AC_MSG_NOTICE([Testing in $SYSROOT/usr/include/libxml2]) + SAVED_CPPFLAGS="$CPPFLAGS" +- CPPFLAGS="-I/usr/include/libxml2 $CPPFLAGS" ++ CPPFLAGS="-I$SYSROOT/usr/include/libxml2 $CPPFLAGS" + unset ac_cv_header_libxml_parser_h +- AC_CHECK_HEADERS([libxml/parser.h], [ac_cv_libxml2_include="-I/usr/include/libxml2"], [ +- AC_MSG_NOTICE([Testing in /usr/local/include/libxml2]) +- CPPFLAGS="-I/usr/local/include/libxml2 $SAVED_CPPFLAGS" ++ AC_CHECK_HEADERS([libxml/parser.h], [ac_cv_libxml2_include="-I$SYSROOT/usr/include/libxml2"], [ ++ AC_MSG_NOTICE([Testing in $SYSROOT/usr/local/include/libxml2]) ++ CPPFLAGS="-I$SYSROOT/usr/local/include/libxml2 $SAVED_CPPFLAGS" + unset ac_cv_header_libxml_parser_h +- AC_CHECK_HEADERS([libxml/parser.h], [ac_cv_libxml2_include="-I/usr/local/include/libxml2"], [ ++ AC_CHECK_HEADERS([libxml/parser.h], [ac_cv_libxml2_include="-I$SYSROOT/usr/local/include/libxml2"], [ + AC_MSG_NOTICE([Failed to find libxml2 header file libxml/parser.h]) + ]) + ]) diff --git a/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/squid-don-t-do-squid-conf-tests-at-build-time.patch b/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/squid-don-t-do-squid-conf-tests-at-build-time.patch new file mode 100644 index 00000000..e5267ea2 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/squid-don-t-do-squid-conf-tests-at-build-time.patch @@ -0,0 +1,61 @@ +From 8786b91488dae3f6dfeadd686e80d2ffc5c29320 Mon Sep 17 00:00:00 2001 +From: Jackie Huang +Date: Thu, 25 Aug 2016 15:22:57 +0800 +Subject: [PATCH] squid: don't do squid-conf-tests at build time + +* squid-conf-tests is a test to run "squid -k parse -f" + to perse the config files, which should not be run + at build time since we are cross compiling, so remove + it but it will be added back for the runtime ptest. + +* Fix the directories of the conf files for squid-conf-tests + so that it can run on the target board. + +Upstream-Status: Inappropriate [cross compile specific] + +Signed-off-by: Jackie Huang + +--- + test-suite/Makefile.am | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) + +diff --git a/test-suite/Makefile.am b/test-suite/Makefile.am +index 061a463..350dfb2 100644 +--- a/test-suite/Makefile.am ++++ b/test-suite/Makefile.am +@@ -41,8 +41,7 @@ TESTS += debug \ + MemPoolTest\ + mem_node_test\ + mem_hdr_test\ +- $(ESI_TESTS) \ +- squid-conf-tests ++ $(ESI_TESTS) + + ## Sort by alpha - any build failures are significant. + check_PROGRAMS += debug \ +@@ -125,19 +124,19 @@ VirtualDeleteOperator_SOURCES = VirtualDeleteOperator.cc $(DEBUG_SOURCE) + ##$(TARGLIB): $(LIBOBJS) + ## $(AR_R) $(TARGLIB) $(LIBOBJS) + +-squid-conf-tests: $(top_builddir)/src/squid.conf.default $(srcdir)/squidconf/* ++squid-conf-tests: $(sysconfdir)/squid.conf.default squidconf/* + @failed=0; cfglist="$?"; rm -f $@ || $(TRUE); \ + for cfg in $$cfglist ; do \ +- $(top_builddir)/src/squid -k parse -f $$cfg || \ ++ squid -k parse -f $$cfg || \ + { echo "FAIL: squid.conf test: $$cfg" | \ +- sed s%$(top_builddir)/src/%% | \ +- sed s%$(srcdir)/squidconf/%% ; \ ++ sed s%$(sysconfdir)/%% | \ ++ sed s%squidconf/%% ; \ + failed=1; break; \ + }; \ + if test "$$failed" -eq 0; then \ + echo "PASS: squid.conf test: $$cfg" | \ +- sed s%$(top_builddir)/src/%% | \ +- sed s%$(srcdir)/squidconf/%% ; \ ++ sed s%$(sysconfdir)/%% | \ ++ sed s%squidconf/%% ; \ + else break; fi; \ + done; \ + if test "$$failed" -eq 0; then cp $(TRUE) $@ ; fi diff --git a/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/squid-use-serial-tests-config-needed-by-ptest.patch b/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/squid-use-serial-tests-config-needed-by-ptest.patch new file mode 100644 index 00000000..9c75f17e --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/squid-use-serial-tests-config-needed-by-ptest.patch @@ -0,0 +1,29 @@ +From 9bcec221a2bb438d8a9ed59aed846ffe3be9cffa Mon Sep 17 00:00:00 2001 +From: Jackie Huang +Date: Tue, 19 Jul 2016 01:56:23 -0400 +Subject: [PATCH] squid: use serial-tests config needed by ptest + +ptest needs buildtest-TESTS and runtest-TESTS targets. +serial-tests is required to generate those targets. + +Upstream-Status: Inappropriate [default automake behavior incompatible with ptest] + +Signed-off-by: Jackie Huang + +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 3827222..504a844 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -10,7 +10,7 @@ AC_PREREQ(2.61) + AC_CONFIG_HEADERS([include/autoconf.h]) + AC_CONFIG_AUX_DIR(cfgaux) + AC_CONFIG_SRCDIR([src/main.cc]) +-AM_INIT_AUTOMAKE([tar-ustar nostdinc subdir-objects]) ++AM_INIT_AUTOMAKE([tar-ustar nostdinc subdir-objects serial-tests]) + AC_REVISION($Revision$)dnl + AC_PREFIX_DEFAULT(/usr/local/squid) + AM_MAINTAINER_MODE diff --git a/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/volatiles.03_squid b/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/volatiles.03_squid new file mode 100644 index 00000000..83e1f8b7 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-daemons/squid/files/volatiles.03_squid @@ -0,0 +1,3 @@ +# +d squid squid 0755 /var/run/squid none +d squid squid 0750 /var/log/squid none -- cgit 1.2.3-korg