[oe] [meta-networking][PATCH] squid: upgrade squid 3.5.28 -> 4.6
Andrej Valek
andrej.valek at siemens.com
Tue Apr 9 08:55:35 UTC 2019
Reasons for license checksum change:
- changed year
- changed address
- minor rewording
On 4/9/19 10:46 AM, Andrej Valek wrote:
> - refresh and remove obsolete patches
> - add openssl and esi as package options
> - add missing header for std::bind implementation
>
> Signed-off-by: Andrej Valek <andrej.valek at siemens.com>
> ---
> ...1-ext_edirectory_userip_acl-refactoring-f.patch | 506 ---------------------
> ...-splay.cc-fix-bind-is-not-a-member-of-std.patch | 31 ++
> ...0001-tools.cc-fixed-unused-result-warning.patch | 20 +-
> .../files/0002-smblib-fix-buffer-over-read.patch | 39 --
> ...flawed-dynamic-ldb-link-test-in-configure.patch | 22 +-
> .../squid/files/Skip-AC_RUN_IFELSE-tests.patch | 12 +-
> .../squid/files/set_sysroot_patch.patch | 40 +-
> ...d-use-serial-tests-config-needed-by-ptest.patch | 8 +-
> .../squid/{squid_3.5.28.bb => squid_4.6.bb} | 19 +-
> 9 files changed, 92 insertions(+), 605 deletions(-)
> delete mode 100644 meta-networking/recipes-daemons/squid/files/0001-Bug-4843-pt1-ext_edirectory_userip_acl-refactoring-f.patch
> create mode 100644 meta-networking/recipes-daemons/squid/files/0001-splay.cc-fix-bind-is-not-a-member-of-std.patch
> delete mode 100644 meta-networking/recipes-daemons/squid/files/0002-smblib-fix-buffer-over-read.patch
> rename meta-networking/recipes-daemons/squid/{squid_3.5.28.bb => squid_4.6.bb} (87%)
>
> diff --git a/meta-networking/recipes-daemons/squid/files/0001-Bug-4843-pt1-ext_edirectory_userip_acl-refactoring-f.patch b/meta-networking/recipes-daemons/squid/files/0001-Bug-4843-pt1-ext_edirectory_userip_acl-refactoring-f.patch
> deleted file mode 100644
> index 001d9e906..000000000
> --- a/meta-networking/recipes-daemons/squid/files/0001-Bug-4843-pt1-ext_edirectory_userip_acl-refactoring-f.patch
> +++ /dev/null
> @@ -1,506 +0,0 @@
> -From 01a44c96dbd04936e9cb2501745a834a0b09d504 Mon Sep 17 00:00:00 2001
> -From: Amos Jeffries <yadij at users.noreply.github.com>
> -Date: Sun, 13 May 2018 06:57:41 +0000
> -Subject: [PATCH] Bug 4843 pt1: ext_edirectory_userip_acl refactoring for GCC-8
> - (#204)
> -
> -Proposed changes to this helper to fix strcat / strncat buffer
> -overread / overflow issues.
> -
> -The approach takes three parts:
> -
> -* adds a makeHexString function to replace many for-loops
> - catenating bits of strings together with hex conversion into a
> - second buffer. Replacing with a snprintf() and buffer overflow
> - handling.
> -
> -* a copy of Ip::Address::lookupHostIp to convert the input
> - string into IP address binary format, then generate the hex
> - string using the above new hex function instead of looped
> - sub-string concatenations across several buffers.
> - This removes all the "00" and "0000" strncat() calls and
> - allows far simpler code even with added buffer overflow
> - handling.
> -
> -* replace multiple string part concatenations with a few simpler
> - calls to snprintf() for all the search_ip buffer constructions.
> - Adding buffer overflow handling as needed for the new calls.
> ----
> -Signed-off-by: Khem Raj <raj.khem at gmail.com>
> -Upstream-Status: Backport
> -
> - .../ext_edirectory_userip_acl.cc | 376 ++++++------------
> - 1 file changed, 120 insertions(+), 256 deletions(-)
> -
> -diff --git a/helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.cc b/helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.cc
> -index 63609e4..ad16bfd 100644
> ---- a/helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.cc
> -+++ b/helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.cc
> -@@ -67,6 +67,9 @@
> - #ifdef HAVE_LDAP_H
> - #include <ldap.h>
> - #endif
> -+#ifdef HAVE_NETDB_H
> -+#include <netdb.h>
> -+#endif
> -
> - #ifdef HELPER_INPUT_BUFFER
> - #define EDUI_MAXLEN HELPER_INPUT_BUFFER
> -@@ -714,11 +717,14 @@ BindLDAP(edui_ldap_t *l, char *dn, char *pw, unsigned int t)
> -
> - /* Copy details - dn and pw CAN be NULL for anonymous and/or TLS */
> - if (dn != NULL) {
> -+ if (strlen(dn) >= sizeof(l->dn))
> -+ return LDAP_ERR_OOB; /* DN too large */
> -+
> - if ((l->basedn[0] != '\0') && (strstr(dn, l->basedn) == NULL)) {
> - /* We got a basedn, but it's not part of dn */
> -- xstrncpy(l->dn, dn, sizeof(l->dn));
> -- strncat(l->dn, ",", 1);
> -- strncat(l->dn, l->basedn, strlen(l->basedn));
> -+ const int x = snprintf(l->dn, sizeof(l->dn)-1, "%s,%s", dn, l->basedn);
> -+ if (x < 0 || static_cast<size_t>(x) >= sizeof(l->dn))
> -+ return LDAP_ERR_OOB; /* DN too large */
> - } else
> - xstrncpy(l->dn, dn, sizeof(l->dn));
> - }
> -@@ -778,24 +784,73 @@ BindLDAP(edui_ldap_t *l, char *dn, char *pw, unsigned int t)
> - }
> - }
> -
> -+// XXX: duplicate (partial) of Ip::Address::lookupHostIp
> -+/**
> -+ * Convert the IP address string representation in src to
> -+ * its binary representation.
> -+ *
> -+ * \return binary representation of the src IP address.
> -+ * Must be free'd using freeaddrinfo().
> -+ */
> -+static struct addrinfo *
> -+makeIpBinary(const char *src)
> -+{
> -+ struct addrinfo want;
> -+ memset(&want, 0, sizeof(want));
> -+ want.ai_flags = AI_NUMERICHOST; // prevent actual DNS lookups!
> -+
> -+ struct addrinfo *dst = nullptr;
> -+ if (getaddrinfo(src, nullptr, &want, &dst) != 0) {
> -+ // not an IP address
> -+ /* free any memory getaddrinfo() dynamically allocated. */
> -+ if (dst)
> -+ freeaddrinfo(dst);
> -+ return nullptr;
> -+ }
> -+
> -+ return dst;
> -+}
> -+
> -+/**
> -+ * Convert srcLen bytes from src into HEX and store into dst, which
> -+ * has a maximum content size of dstSize including c-string terminator.
> -+ * The dst value produced will be a 0-terminated c-string.
> -+ *
> -+ * \retval N length of dst written (excluding c-string terminator)
> -+ * \retval -11 (LDAP_ERR_OOB) buffer overflow detected
> -+ */
> -+static int
> -+makeHexString(char *dst, const int dstSize, const char *src, const int srcLen)
> -+{
> -+ // HEX encoding doubles the amount of bytes/octets copied
> -+ if ((srcLen*2) >= dstSize)
> -+ return LDAP_ERR_OOB; // cannot copy that many
> -+
> -+ *dst = 0;
> -+
> -+ for (int k = 0; k < srcLen; ++k) {
> -+ int c = static_cast<int>(src[k]);
> -+ if (c < 0)
> -+ c = c + 256;
> -+ char hexc[4];
> -+ const int hlen = snprintf(hexc, sizeof(hexc), "%02X", c);
> -+ if (hlen < 0 || static_cast<size_t>(hlen) > sizeof(hexc)) // should be impossible
> -+ return LDAP_ERR_OOB;
> -+ strcat(dst, hexc);
> -+ }
> -+ return strlen(dst);
> -+}
> -+
> - /*
> - * ConvertIP() - <edui_ldap_t> <ip>
> - *
> - * Take an IPv4 address in dot-decimal or IPv6 notation, and convert to 2-digit HEX stored in l->search_ip
> - * This is the networkAddress that we search LDAP for.
> -- *
> -- * PENDING -- CHANGE OVER TO inet*_pton, but inet6_pton does not provide the correct syntax
> -- *
> - */
> - static int
> - ConvertIP(edui_ldap_t *l, char *ip)
> - {
> -- char bufa[EDUI_MAXLEN], bufb[EDUI_MAXLEN], obj[EDUI_MAXLEN];
> -- char hexc[4], *p;
> - void *y, *z;
> -- size_t s;
> -- long x;
> -- int i, j, t, swi; /* IPv6 "::" cut over toggle */
> - if (l == NULL) return LDAP_ERR_NULL;
> - if (ip == NULL) return LDAP_ERR_PARAM;
> - if (!(l->status & LDAP_INIT_S)) return LDAP_ERR_INIT; /* Not initalized */
> -@@ -831,183 +886,22 @@ ConvertIP(edui_ldap_t *l, char *ip)
> - l->status |= (LDAP_IPV4_S);
> - z = NULL;
> - }
> -- s = strlen(ip);
> -- *(bufa) = '\0';
> -- *(bufb) = '\0';
> -- *(obj) = '\0';
> -- /* StringSplit() will zero out bufa & obj at each call */
> -- memset(l->search_ip, '\0', sizeof(l->search_ip));
> -- xstrncpy(bufa, ip, sizeof(bufa)); /* To avoid segfaults, use bufa instead of ip */
> -- swi = 0;
> -- if (l->status & LDAP_IPV6_S) {
> -- /* Search for :: in string */
> -- if ((bufa[0] == ':') && (bufa[1] == ':')) {
> -- /* bufa starts with a ::, so just copy and clear */
> -- xstrncpy(bufb, bufa, sizeof(bufb));
> -- *(bufa) = '\0';
> -- ++swi; /* Indicates that there is a bufb */
> -- } else if ((bufa[0] == ':') && (bufa[1] != ':')) {
> -- /* bufa starts with a :, a typo so just fill in a ':', cat and clear */
> -- bufb[0] = ':';
> -- strncat(bufb, bufa, strlen(bufa));
> -- *(bufa) = '\0';
> -- ++swi; /* Indicates that there is a bufb */
> -- } else {
> -- p = strstr(bufa, "::");
> -- if (p != NULL) {
> -- /* Found it, break bufa down and split into bufb here */
> -- *(bufb) = '\0';
> -- i = strlen(p);
> -- memcpy(bufb, p, i);
> -- *p = '\0';
> -- bufb[i] = '\0';
> -- ++swi; /* Indicates that there is a bufb */
> -- }
> -- }
> -- }
> -- s = strlen(bufa);
> -- if (s < 1)
> -- s = strlen(bufb);
> -- while (s > 0) {
> -- if ((l->status & LDAP_IPV4_S) && (swi == 0)) {
> -- /* Break down IPv4 address */
> -- t = StringSplit(bufa, '.', obj, sizeof(obj));
> -- if (t > 0) {
> -- errno = 0;
> -- x = strtol(obj, (char **)NULL, 10);
> -- if (((x < 0) || (x > 255)) || ((errno != 0) && (x == 0)) || ((obj[0] != '0') && (x == 0)))
> -- return LDAP_ERR_OOB; /* Out of bounds -- Invalid address */
> -- memset(hexc, '\0', sizeof(hexc));
> -- int hlen = snprintf(hexc, sizeof(hexc), "%02X", (int)x);
> -- strncat(l->search_ip, hexc, hlen);
> -- } else
> -- break; /* reached end of octet */
> -- } else if (l->status & LDAP_IPV6_S) {
> -- /* Break down IPv6 address */
> -- if (swi > 1)
> -- t = StringSplit(bufb, ':', obj, sizeof(obj)); /* After "::" */
> -- else
> -- t = StringSplit(bufa, ':', obj, sizeof(obj)); /* Before "::" */
> -- /* Convert octet by size (t) - and fill 0's */
> -- switch (t) { /* IPv6 is already in HEX, copy contents */
> -- case 4:
> -- hexc[0] = (char) toupper((int)obj[0]);
> -- i = (int)hexc[0];
> -- if (!isxdigit(i))
> -- return LDAP_ERR_OOB; /* Out of bounds */
> -- hexc[1] = (char) toupper((int)obj[1]);
> -- i = (int)hexc[1];
> -- if (!isxdigit(i))
> -- return LDAP_ERR_OOB; /* Out of bounds */
> -- hexc[2] = '\0';
> -- strncat(l->search_ip, hexc, 2);
> -- hexc[0] = (char) toupper((int)obj[2]);
> -- i = (int)hexc[0];
> -- if (!isxdigit(i))
> -- return LDAP_ERR_OOB; /* Out of bounds */
> -- hexc[1] = (char) toupper((int)obj[3]);
> -- i = (int)hexc[1];
> -- if (!isxdigit(i))
> -- return LDAP_ERR_OOB; /* Out of bounds */
> -- hexc[2] = '\0';
> -- strncat(l->search_ip, hexc, 2);
> -- break;
> -- case 3:
> -- hexc[0] = '0';
> -- hexc[1] = (char) toupper((int)obj[0]);
> -- i = (int)hexc[1];
> -- if (!isxdigit(i))
> -- return LDAP_ERR_OOB; /* Out of bounds */
> -- hexc[2] = '\0';
> -- strncat(l->search_ip, hexc, 2);
> -- hexc[0] = (char) toupper((int)obj[1]);
> -- i = (int)hexc[0];
> -- if (!isxdigit(i))
> -- return LDAP_ERR_OOB; /* Out of bounds */
> -- hexc[1] = (char) toupper((int)obj[2]);
> -- i = (int)hexc[1];
> -- if (!isxdigit(i))
> -- return LDAP_ERR_OOB; /* Out of bounds */
> -- hexc[2] = '\0';
> -- strncat(l->search_ip, hexc, 2);
> -- break;
> -- case 2:
> -- strncat(l->search_ip, "00", 2);
> -- hexc[0] = (char) toupper((int)obj[0]);
> -- i = (int)hexc[0];
> -- if (!isxdigit(i))
> -- return LDAP_ERR_OOB; /* Out of bounds */
> -- hexc[1] = (char) toupper((int)obj[1]);
> -- i = (int)hexc[1];
> -- if (!isxdigit(i))
> -- return LDAP_ERR_OOB; /* Out of bounds */
> -- hexc[2] = '\0';
> -- strncat(l->search_ip, hexc, 2);
> -- break;
> -- case 1:
> -- strncat(l->search_ip, "00", 2);
> -- hexc[0] = '0';
> -- hexc[1] = (char) toupper((int)obj[0]);
> -- i = (int)hexc[1];
> -- if (!isxdigit(i))
> -- return LDAP_ERR_OOB; /* Out of bounds */
> -- hexc[2] = '\0';
> -- strncat(l->search_ip, hexc, 2);
> -- break;
> -- default:
> -- if (t > 4)
> -- return LDAP_ERR_OOB;
> -- break;
> -- }
> -- /* Code to pad the address with 0's between a '::' */
> -- if ((strlen(bufa) == 0) && (swi == 1)) {
> -- /* We are *AT* the split, pad in some 0000 */
> -- t = strlen(bufb);
> -- /* How many ':' exist in bufb ? */
> -- j = 0;
> -- for (i = 0; i < t; ++i) {
> -- if (bufb[i] == ':')
> -- ++j;
> -- }
> -- --j; /* Preceding "::" doesn't count */
> -- t = 8 - (strlen(l->search_ip) / 4) - j; /* Remainder */
> -- if (t > 0) {
> -- for (i = 0; i < t; ++i)
> -- strncat(l->search_ip, "0000", 4);
> -- }
> -- }
> -- }
> -- if ((bufa[0] == '\0') && (swi > 0)) {
> -- s = strlen(bufb);
> -- ++swi;
> -- } else
> -- s = strlen(bufa);
> -- }
> -- s = strlen(l->search_ip);
> -
> -- /* CHECK sizes of address, truncate or pad */
> -- /* if "::" is at end of ip, then pad another block or two */
> -- while ((l->status & LDAP_IPV6_S) && (s < 32)) {
> -- strncat(l->search_ip, "0000", 4);
> -- s = strlen(l->search_ip);
> -- }
> -- if ((l->status & LDAP_IPV6_S) && (s > 32)) {
> -- /* Too long, truncate */
> -- l->search_ip[32] = '\0';
> -- s = strlen(l->search_ip);
> -- }
> -- /* If at end of ip, and its not long enough, then pad another block or two */
> -- while ((l->status & LDAP_IPV4_S) && (s < 8)) {
> -- strncat(l->search_ip, "00", 2);
> -- s = strlen(l->search_ip);
> -- }
> -- if ((l->status & LDAP_IPV4_S) && (s > 8)) {
> -- /* Too long, truncate */
> -- l->search_ip[8] = '\0';
> -- s = strlen(l->search_ip);
> -+ size_t s = LDAP_ERR_INVALID;
> -+ if (struct addrinfo *dst = makeIpBinary(ip)) {
> -+ if (dst->ai_family == AF_INET6) {
> -+ struct sockaddr_in6 *sia = reinterpret_cast<struct sockaddr_in6 *>(dst->ai_addr);
> -+ const char *ia = reinterpret_cast<const char *>(sia->sin6_addr.s6_addr);
> -+ s = makeHexString(l->search_ip, sizeof(l->search_ip), ia, 16); // IPv6 = 16-byte address
> -+
> -+ } else if (dst->ai_family == AF_INET) {
> -+ struct sockaddr_in *sia = reinterpret_cast<struct sockaddr_in *>(dst->ai_addr);
> -+ const char *ia = reinterpret_cast<const char *>(&(sia->sin_addr));
> -+ s = makeHexString(l->search_ip, sizeof(l->search_ip), ia, 4); // IPv4 = 4-byte address
> -+ } // else leave s with LDAP_ERR_INVALID value
> -+ freeaddrinfo(dst);
> - }
> -
> -- /* Completed, s is length of address in HEX */
> - return s;
> - }
> -
> -@@ -1099,48 +993,42 @@ SearchFilterLDAP(edui_ldap_t *l, char *group)
> - }
> - if (group == NULL) {
> - /* No groupMembership= to add, yay! */
> -- xstrncpy(bufa, "(&", sizeof(bufa));
> -- strncat(bufa, edui_conf.search_filter, strlen(edui_conf.search_filter));
> - /* networkAddress */
> -- snprintf(bufb, sizeof(bufb), "(|(networkAddress=1\\23%s)", bufc);
> - if (l->status & LDAP_IPV4_S) {
> -- int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=8\\23\\00\\00%s)(networkAddress=9\\23\\00\\00%s))", \
> -- bufc, bufc);
> -- strncat(bufb, bufd, ln);
> -+ const int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=8\\23\\00\\00%s)(networkAddress=9\\23\\00\\00%s)", bufc, bufc);
> -+ if (ln < 0 || static_cast<size_t>(ln) >= sizeof(bufd))
> -+ return LDAP_ERR_OOB;
> -+
> - } else if (l->status & LDAP_IPV6_S) {
> -- int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=10\\23\\00\\00%s)(networkAddress=11\\23\\00\\00%s))", \
> -- bufc, bufc);
> -- strncat(bufb, bufd, ln);
> -- } else
> -- strncat(bufb, ")", 1);
> -- strncat(bufa, bufb, strlen(bufb));
> -- strncat(bufa, ")", 1);
> -+ const int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=10\\23\\00\\00%s)(networkAddress=11\\23\\00\\00%s)", bufc, bufc);
> -+ if (ln < 0 || static_cast<size_t>(ln) >= sizeof(bufd))
> -+ return LDAP_ERR_OOB;
> -+ }
> -+ const int x = snprintf(bufa, sizeof(bufa), "(&%s(|(networkAddress=1\\23%s)%s))", edui_conf.search_filter, bufc, bufd);
> -+ if (x < 0 || static_cast<size_t>(x) >= sizeof(bufa))
> -+ return LDAP_ERR_OOB;
> -+
> - } else {
> - /* Needs groupMembership= to add... */
> -- xstrncpy(bufa, "(&(&", sizeof(bufa));
> -- strncat(bufa, edui_conf.search_filter, strlen(edui_conf.search_filter));
> - /* groupMembership -- NOTE: Squid *MUST* provide "cn=" from squid.conf */
> -- snprintf(bufg, sizeof(bufg), "(groupMembership=%s", group);
> - if ((l->basedn[0] != '\0') && (strstr(group, l->basedn) == NULL)) {
> -- strncat(bufg, ",", 1);
> -- strncat(bufg, l->basedn, strlen(l->basedn));
> -+ const int ln = snprintf(bufg, sizeof(bufg), ",%s", l->basedn);
> -+ if (ln < 0 || static_cast<size_t>(ln) >= sizeof(bufd))
> -+ return LDAP_ERR_OOB;
> - }
> -- strncat(bufg, ")", 1);
> -- strncat(bufa, bufg, strlen(bufg));
> - /* networkAddress */
> -- snprintf(bufb, sizeof(bufb), "(|(networkAddress=1\\23%s)", bufc);
> - if (l->status & LDAP_IPV4_S) {
> -- int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=8\\23\\00\\00%s)(networkAddress=9\\23\\00\\00%s))", \
> -- bufc, bufc);
> -- strncat(bufb, bufd, ln);
> -+ const int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=8\\23\\00\\00%s)(networkAddress=9\\23\\00\\00%s)", bufc, bufc);
> -+ if (ln < 0 || static_cast<size_t>(ln) >= sizeof(bufd))
> -+ return LDAP_ERR_OOB;
> - } else if (l->status & LDAP_IPV6_S) {
> -- int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=10\\23\\00\\00%s)(networkAddress=11\\23\\00\\00%s))", \
> -- bufc, bufc);
> -- strncat(bufb, bufd, ln);
> -- } else
> -- strncat(bufb, ")", 1);
> -- strncat(bufa, bufb, strlen(bufb));
> -- strncat(bufa, "))", 2);
> -+ const int ln = snprintf(bufd, sizeof(bufd), "(networkAddress=10\\23\\00\\00%s)(networkAddress=11\\23\\00\\00%s)", bufc, bufc);
> -+ if (ln < 0 || static_cast<size_t>(ln) >= sizeof(bufd))
> -+ return LDAP_ERR_OOB;
> -+ }
> -+ const int x = snprintf(bufa, sizeof(bufa), "(&(&%s(groupMembership=%s%s)(|(networkAddress=1\\23%s)%s)))", edui_conf.search_filter, group, bufg, bufc, bufd);
> -+ if (x < 0 || static_cast<size_t>(x) >= sizeof(bufa))
> -+ return LDAP_ERR_OOB;
> - }
> - s = strlen(bufa);
> - xstrncpy(l->search_filter, bufa, sizeof(l->search_filter));
> -@@ -1212,10 +1100,10 @@ static int
> - SearchIPLDAP(edui_ldap_t *l)
> - {
> - ber_len_t i, x;
> -- ber_len_t j, k;
> -- ber_len_t y, z;
> -- int c;
> -- char bufa[EDUI_MAXLEN], bufb[EDUI_MAXLEN], hexc[4];
> -+ ber_len_t j;
> -+ ber_len_t z;
> -+ char bufa[EDUI_MAXLEN];
> -+ char bufb[EDUI_MAXLEN];
> - LDAPMessage *ent;
> - if (l == NULL) return LDAP_ERR_NULL;
> - if (l->lp == NULL) return LDAP_ERR_POINTER;
> -@@ -1273,19 +1161,11 @@ SearchIPLDAP(edui_ldap_t *l)
> - /* bufa is the address, just compare it */
> - if (!(l->status & LDAP_IPV4_S) || (l->status & LDAP_IPV6_S))
> - break; /* Not looking for IPv4 */
> -- for (k = 0; k < z; ++k) {
> -- c = (int) bufa[k];
> -- if (c < 0)
> -- c = c + 256;
> -- int hlen = snprintf(hexc, sizeof(hexc), "%02X", c);
> -- if (k == 0)
> -- xstrncpy(bufb, hexc, sizeof(bufb));
> -- else
> -- strncat(bufb, hexc, hlen);
> -- }
> -- y = strlen(bufb);
> -+ const int blen = makeHexString(bufb, sizeof(bufb), bufa, z);
> -+ if (blen < 0)
> -+ return blen;
> - /* Compare value with IP */
> -- if (memcmp(l->search_ip, bufb, y) == 0) {
> -+ if (memcmp(l->search_ip, bufb, blen) == 0) {
> - /* We got a match! - Scan 'ber' for 'cn' values */
> - z = ldap_count_values_len(ber);
> - for (j = 0; j < z; ++j) {
> -@@ -1308,19 +1188,11 @@ SearchIPLDAP(edui_ldap_t *l)
> - /* bufa + 2 is the address (skip 2 digit port) */
> - if (!(l->status & LDAP_IPV4_S) || (l->status & LDAP_IPV6_S))
> - break; /* Not looking for IPv4 */
> -- for (k = 2; k < z; ++k) {
> -- c = (int) bufa[k];
> -- if (c < 0)
> -- c = c + 256;
> -- int hlen = snprintf(hexc, sizeof(hexc), "%02X", c);
> -- if (k == 2)
> -- xstrncpy(bufb, hexc, sizeof(bufb));
> -- else
> -- strncat(bufb, hexc, hlen);
> -- }
> -- y = strlen(bufb);
> -+ const int blen = makeHexString(bufb, sizeof(bufb), &bufa[2], z);
> -+ if (blen < 0)
> -+ return blen;
> - /* Compare value with IP */
> -- if (memcmp(l->search_ip, bufb, y) == 0) {
> -+ if (memcmp(l->search_ip, bufb, blen) == 0) {
> - /* We got a match! - Scan 'ber' for 'cn' values */
> - z = ldap_count_values_len(ber);
> - for (j = 0; j < z; ++j) {
> -@@ -1343,19 +1215,11 @@ SearchIPLDAP(edui_ldap_t *l)
> - /* bufa + 2 is the address (skip 2 digit port) */
> - if (!(l->status & LDAP_IPV6_S))
> - break; /* Not looking for IPv6 */
> -- for (k = 2; k < z; ++k) {
> -- c = (int) bufa[k];
> -- if (c < 0)
> -- c = c + 256;
> -- int hlen = snprintf(hexc, sizeof(hexc), "%02X", c);
> -- if (k == 2)
> -- xstrncpy(bufb, hexc, sizeof(bufb));
> -- else
> -- strncat(bufb, hexc, hlen);
> -- }
> -- y = strlen(bufb);
> -+ const int blen = makeHexString(bufb, sizeof(bufb), &bufa[2], z);
> -+ if (blen < 0)
> -+ return blen;
> - /* Compare value with IP */
> -- if (memcmp(l->search_ip, bufb, y) == 0) {
> -+ if (memcmp(l->search_ip, bufb, blen) == 0) {
> - /* We got a match! - Scan 'ber' for 'cn' values */
> - z = ldap_count_values_len(ber);
> - for (j = 0; j < z; ++j) {
> diff --git a/meta-networking/recipes-daemons/squid/files/0001-splay.cc-fix-bind-is-not-a-member-of-std.patch b/meta-networking/recipes-daemons/squid/files/0001-splay.cc-fix-bind-is-not-a-member-of-std.patch
> new file mode 100644
> index 000000000..fbbad1597
> --- /dev/null
> +++ b/meta-networking/recipes-daemons/squid/files/0001-splay.cc-fix-bind-is-not-a-member-of-std.patch
> @@ -0,0 +1,31 @@
> +From 1def5b4278d97f197520d23c1dce52f93a1b2f46 Mon Sep 17 00:00:00 2001
> +From: Andrej Valek <andrej.valek at siemens.com>
> +Date: Tue, 9 Apr 2019 09:40:30 +0200
> +Subject: [PATCH] splay.cc: fix bind is not a member of std
> +
> +fix
> +| ../../squid-4.6/test-suite/splay.cc:134:28: error: 'bind' is not a member of 'std'
> +| auto nextRandom = std::bind (distribution, generator);
> +| ^~~~
> +| ../../squid-4.6/test-suite/splay.cc:134:28: note: 'std::bind' is defined in header '<functional>'; did you forget to '#include <functional>'?
> +
> +Signed-off-by: Andrej Valek <andrej.valek at siemens.com>
> +---
> + test-suite/splay.cc | 1 +
> + 1 file changed, 1 insertion(+)
> +
> +diff --git a/test-suite/splay.cc b/test-suite/splay.cc
> +index f71b337..4e21adc 100644
> +--- a/test-suite/splay.cc
> ++++ b/test-suite/splay.cc
> +@@ -20,6 +20,7 @@
> + #include <unistd.h>
> + #endif
> + #include <random>
> ++#include <functional>
> +
> + class intnode
> + {
> +--
> +2.11.0
> +
> diff --git a/meta-networking/recipes-daemons/squid/files/0001-tools.cc-fixed-unused-result-warning.patch b/meta-networking/recipes-daemons/squid/files/0001-tools.cc-fixed-unused-result-warning.patch
> index 8ea55d0e1..f267875ed 100644
> --- a/meta-networking/recipes-daemons/squid/files/0001-tools.cc-fixed-unused-result-warning.patch
> +++ b/meta-networking/recipes-daemons/squid/files/0001-tools.cc-fixed-unused-result-warning.patch
> @@ -1,4 +1,4 @@
> -From faaa796a138cbd5033b1e53f33faac0cf4162bf5 Mon Sep 17 00:00:00 2001
> +From 86dae8010310d13bd2a2beb006b4085d06ae1556 Mon Sep 17 00:00:00 2001
> From: Khem Raj <raj.khem at gmail.com>
> Date: Sun, 25 Jun 2017 00:59:24 -0700
> Subject: [PATCH] tools.cc: fixed unused-result warning
> @@ -12,21 +12,23 @@ fix
> Signed-off-by: Khem Raj <raj.khem at gmail.com>
>
> ---
> - src/tools.cc | 4 ++--
> - 1 file changed, 2 insertions(+), 2 deletions(-)
> + src/tools.cc | 5 +++--
> + 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/src/tools.cc b/src/tools.cc
> -index 8137a03..843e266 100644
> +index 5829574..19f0836 100644
> --- a/src/tools.cc
> +++ b/src/tools.cc
> -@@ -612,8 +612,8 @@ enter_suid(void)
> - if (setresuid((uid_t)-1, 0, (uid_t)-1) < 0)
> - debugs (21, 3, "enter_suid: setresuid failed: " << xstrerror ());
> +@@ -581,8 +581,10 @@ enter_suid(void)
> + debugs (21, 3, "enter_suid: setresuid failed: " << xstrerr(xerrno));
> + }
> #else
> -
> - setuid(0);
> -+ if (setuid(0) < 0)
> -+ debugs(50, DBG_IMPORTANT, "WARNING: no_suid: setuid(0): " << xstrerror());
> ++ if (setuid(0) < 0) {
> ++ const auto xerrno = errno;
> ++ debugs(50, DBG_IMPORTANT, "WARNING: no_suid: setuid(0): " << xstrerr(xerrno));
> ++ }
> #endif
> #if HAVE_PRCTL && defined(PR_SET_DUMPABLE)
> /* Set Linux DUMPABLE flag */
> diff --git a/meta-networking/recipes-daemons/squid/files/0002-smblib-fix-buffer-over-read.patch b/meta-networking/recipes-daemons/squid/files/0002-smblib-fix-buffer-over-read.patch
> deleted file mode 100644
> index c8f0c47bd..000000000
> --- a/meta-networking/recipes-daemons/squid/files/0002-smblib-fix-buffer-over-read.patch
> +++ /dev/null
> @@ -1,39 +0,0 @@
> -From a6b1e0fd14311587186e40d09bff5c8c3aada2e4 Mon Sep 17 00:00:00 2001
> -From: Amos Jeffries <squid3 at treenet.co.nz>
> -Date: Sat, 25 Jul 2015 05:53:16 -0700
> -Subject: [PATCH] smblib: fix buffer over-read
> -
> -When parsing SMB LanManager packets with invalid protocol ID and the
> -default set of Squid supported protocols. It may access memory outside
> -the buffer storing protocol names.
> -
> -smblib is only used by already deprecated helpers which are deprecated
> -due to far more significant NTLM protocol issues. It will also only
> -result in packets being rejected later with invalid protocol names. So
> -this is a minor bug rather than a vulnerability.
> -
> - Detected by Coverity Scan. Issue 1256165
> ----
> -Signed-off-by: Khem Raj <raj.khem at gmail.com>
> -Upstream-Status: Backport
> -
> - lib/smblib/smblib-util.c | 6 +++++-
> - 1 file changed, 5 insertions(+), 1 deletion(-)
> -
> -diff --git a/lib/smblib/smblib-util.c b/lib/smblib/smblib-util.c
> -index 6139ae2..e722cbb 100644
> ---- a/lib/smblib/smblib-util.c
> -+++ b/lib/smblib/smblib-util.c
> -@@ -204,7 +204,11 @@ int SMB_Figure_Protocol(const char *dialects[], int prot_index)
> - {
> - int i;
> -
> -- if (dialects == SMB_Prots) { /* The jobs is easy, just index into table */
> -+ // prot_index may be a value outside the table SMB_Types[]
> -+ // which holds data at offsets 0 to 11
> -+ int ourType = (prot_index < 0 || prot_index > 11);
> -+
> -+ if (ourType && dialects == SMB_Prots) { /* The jobs is easy, just index into table */
> -
> - return(SMB_Types[prot_index]);
> - } else { /* Search through SMB_Prots looking for a match */
> diff --git a/meta-networking/recipes-daemons/squid/files/Fix-flawed-dynamic-ldb-link-test-in-configure.patch b/meta-networking/recipes-daemons/squid/files/Fix-flawed-dynamic-ldb-link-test-in-configure.patch
> index 25f68aff8..1516bb014 100644
> --- a/meta-networking/recipes-daemons/squid/files/Fix-flawed-dynamic-ldb-link-test-in-configure.patch
> +++ b/meta-networking/recipes-daemons/squid/files/Fix-flawed-dynamic-ldb-link-test-in-configure.patch
> @@ -1,4 +1,4 @@
> -From b4943594654cd340b95aabdc2f3750a4705cc0de Mon Sep 17 00:00:00 2001
> +From b73b802282bf95d214c86ba943c5765ba6930bc1 Mon Sep 17 00:00:00 2001
> From: Jim Somerville <Jim.Somerville at windriver.com>
> Date: Mon, 21 Oct 2013 12:50:44 -0400
> Subject: [PATCH] Fix flawed dynamic -ldb link test in configure
> @@ -12,19 +12,17 @@ about why and setting the need for -ldb incorrectly.
> Signed-off-by: Jim Somerville <Jim.Somerville at windriver.com>
>
> ---
> - configure.ac | 12 ++++++++++--
> - 1 file changed, 10 insertions(+), 2 deletions(-)
> + configure.ac | 10 ++++++++++
> + 1 file changed, 10 insertions(+)
>
> diff --git a/configure.ac b/configure.ac
> -index 57cd1ac..3827222 100644
> +index d2f7feb..c7ae568 100644
> --- a/configure.ac
> +++ b/configure.ac
> -@@ -3229,8 +3229,16 @@ AC_CHECK_DECL(dbopen,,,[
> - #include <db.h>
> - #endif])
> +@@ -3235,6 +3235,16 @@ case "$host" in
> + ;;
> + esac
>
> --dnl 1.85
> --SQUID_CHECK_DBOPEN_NEEDS_LIBDB
> +if test "x$ac_cv_have_decl_dbopen" = "xyes"; then
> + dnl 1.85
> + SQUID_CHECK_DBOPEN_NEEDS_LIBDB
> @@ -35,6 +33,6 @@ index 57cd1ac..3827222 100644
> + # dynamic compile/link test.
> + ac_cv_dbopen_libdb="yes"
> +fi
> - if test "x$ac_cv_dbopen_libdb" = "xyes"; then
> - LIB_DB="-ldb"
> - fi
> + dnl System-specific library modifications
> + dnl
> + case "$host" in
> diff --git a/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch b/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch
> index 6a3352548..dd83b62e6 100644
> --- a/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch
> +++ b/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch
> @@ -1,4 +1,4 @@
> -From a85311965707ba2fa78f7ce044e6f61e65e66fd0 Mon Sep 17 00:00:00 2001
> +From e4778299a3e49a634d2c7fe4fd9ac77777e829e3 Mon Sep 17 00:00:00 2001
> From: Jim Somerville <Jim.Somerville at windriver.com>
> Date: Tue, 14 Oct 2014 02:56:08 -0400
> Subject: [PATCH] Skip AC_RUN_IFELSE tests
> @@ -17,7 +17,7 @@ Signed-off-by: Jackie Huang <jackie.huang at windriver.com>
> 2 files changed, 15 insertions(+), 3 deletions(-)
>
> diff --git a/acinclude/krb5.m4 b/acinclude/krb5.m4
> -index 5c83d88..c264118 100644
> +index ad0ba60..4477446 100644
> --- a/acinclude/krb5.m4
> +++ b/acinclude/krb5.m4
> @@ -61,7 +61,15 @@ main(void)
> @@ -38,10 +38,10 @@ index 5c83d88..c264118 100644
> ])
> ]) dnl SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H
> diff --git a/acinclude/lib-checks.m4 b/acinclude/lib-checks.m4
> -index c4874da..ba72982 100644
> +index 7624b56..b449c5a 100644
> --- a/acinclude/lib-checks.m4
> +++ b/acinclude/lib-checks.m4
> -@@ -177,7 +177,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
> +@@ -217,7 +217,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
> [
> AC_MSG_RESULT([no])
> ],
> @@ -51,8 +51,8 @@ index c4874da..ba72982 100644
> + ])
>
> SQUID_STATE_ROLLBACK(check_const_SSL_METHOD)
> - ]
> -@@ -265,7 +267,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
> + ])
> +@@ -377,7 +379,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
> AC_MSG_RESULT([yes])
> AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1)
> ],
> diff --git a/meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch b/meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch
> index e990480a6..124e04490 100644
> --- a/meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch
> +++ b/meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch
> @@ -17,25 +17,25 @@ diff --git a/configure.ac b/configure.ac
> index 504a844..ff4688c 100644
> --- a/configure.ac
> +++ b/configure.ac
> -@@ -974,15 +974,15 @@ if test "x$squid_opt_use_esi" = "xyes" -a "x$with_libxml2" != "xno" ; then
> - dnl Find the main header and include path...
> - AC_CACHE_CHECK([location of libxml2 include files], [ac_cv_libxml2_include], [
> - AC_CHECK_HEADERS([libxml/parser.h], [], [
> -- AC_MSG_NOTICE([Testing in /usr/include/libxml2])
> -+ AC_MSG_NOTICE([Testing in $SYSROOT/usr/include/libxml2])
> - SAVED_CPPFLAGS="$CPPFLAGS"
> -- CPPFLAGS="-I/usr/include/libxml2 $CPPFLAGS"
> -+ CPPFLAGS="-I$SYSROOT/usr/include/libxml2 $CPPFLAGS"
> - unset ac_cv_header_libxml_parser_h
> -- AC_CHECK_HEADERS([libxml/parser.h], [ac_cv_libxml2_include="-I/usr/include/libxml2"], [
> -- AC_MSG_NOTICE([Testing in /usr/local/include/libxml2])
> -- CPPFLAGS="-I/usr/local/include/libxml2 $SAVED_CPPFLAGS"
> -+ AC_CHECK_HEADERS([libxml/parser.h], [ac_cv_libxml2_include="-I$SYSROOT/usr/include/libxml2"], [
> -+ AC_MSG_NOTICE([Testing in $SYSROOT/usr/local/include/libxml2])
> -+ CPPFLAGS="-I$SYSROOT/usr/local/include/libxml2 $SAVED_CPPFLAGS"
> +@@ -931,15 +931,15 @@ if test "x$squid_opt_use_esi" = "xyes" -a "x$with_libxml2" != "xno" ; then
> + dnl Find the main header and include path...
> + AC_CACHE_CHECK([location of libxml2 include files], [ac_cv_libxml2_include], [
> + AC_CHECK_HEADERS([libxml/parser.h], [], [
> +- AC_MSG_NOTICE([Testing in /usr/include/libxml2])
> ++ AC_MSG_NOTICE([Testing in $SYSROOT/usr/include/libxml2])
> + SAVED_CPPFLAGS="$CPPFLAGS"
> +- CPPFLAGS="-I/usr/include/libxml2 $CPPFLAGS"
> ++ CPPFLAGS="-I$SYSROOT/usr/include/libxml2 $CPPFLAGS"
> unset ac_cv_header_libxml_parser_h
> -- AC_CHECK_HEADERS([libxml/parser.h], [ac_cv_libxml2_include="-I/usr/local/include/libxml2"], [
> -+ AC_CHECK_HEADERS([libxml/parser.h], [ac_cv_libxml2_include="-I$SYSROOT/usr/local/include/libxml2"], [
> - AC_MSG_NOTICE([Failed to find libxml2 header file libxml/parser.h])
> +- AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I/usr/include/libxml2"], [
> +- AC_MSG_NOTICE([Testing in /usr/local/include/libxml2])
> +- CPPFLAGS="-I/usr/local/include/libxml2 $SAVED_CPPFLAGS"
> ++ AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I$SYSROOT/usr/include/libxml2"], [
> ++ AC_MSG_NOTICE([Testing in $SYSROOT/usr/local/include/libxml2])
> ++ CPPFLAGS="-I$SYSROOT/usr/local/include/libxml2 $SAVED_CPPFLAGS"
> + unset ac_cv_header_libxml_parser_h
> +- AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I/usr/local/include/libxml2"], [
> ++ AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I$SYSROOT/usr/local/include/libxml2"], [
> + AC_MSG_NOTICE([Failed to find libxml2 header file libxml/parser.h])
> + ])
> ])
> - ])
> diff --git a/meta-networking/recipes-daemons/squid/files/squid-use-serial-tests-config-needed-by-ptest.patch b/meta-networking/recipes-daemons/squid/files/squid-use-serial-tests-config-needed-by-ptest.patch
> index 9c75f17e7..732cf17f7 100644
> --- a/meta-networking/recipes-daemons/squid/files/squid-use-serial-tests-config-needed-by-ptest.patch
> +++ b/meta-networking/recipes-daemons/squid/files/squid-use-serial-tests-config-needed-by-ptest.patch
> @@ -1,4 +1,4 @@
> -From 9bcec221a2bb438d8a9ed59aed846ffe3be9cffa Mon Sep 17 00:00:00 2001
> +From 3d881c112bba765731d581194aae95651819b715 Mon Sep 17 00:00:00 2001
> From: Jackie Huang <jackie.huang at windriver.com>
> Date: Tue, 19 Jul 2016 01:56:23 -0400
> Subject: [PATCH] squid: use serial-tests config needed by ptest
> @@ -15,15 +15,15 @@ Signed-off-by: Jackie Huang <jackie.huang at windriver.com>
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/configure.ac b/configure.ac
> -index 3827222..504a844 100644
> +index c7ae568..5e1454e 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -10,7 +10,7 @@ AC_PREREQ(2.61)
> AC_CONFIG_HEADERS([include/autoconf.h])
> AC_CONFIG_AUX_DIR(cfgaux)
> AC_CONFIG_SRCDIR([src/main.cc])
> --AM_INIT_AUTOMAKE([tar-ustar nostdinc subdir-objects])
> -+AM_INIT_AUTOMAKE([tar-ustar nostdinc subdir-objects serial-tests])
> +-AM_INIT_AUTOMAKE([tar-ustar nostdinc subdir-objects dist-xz])
> ++AM_INIT_AUTOMAKE([tar-ustar nostdinc subdir-objects dist-xz serial-tests])
> AC_REVISION($Revision$)dnl
> AC_PREFIX_DEFAULT(/usr/local/squid)
> AM_MAINTAINER_MODE
> diff --git a/meta-networking/recipes-daemons/squid/squid_3.5.28.bb b/meta-networking/recipes-daemons/squid/squid_4.6.bb
> similarity index 87%
> rename from meta-networking/recipes-daemons/squid/squid_3.5.28.bb
> rename to meta-networking/recipes-daemons/squid/squid_4.6.bb
> index e33c1b7cc..56e4e0bab 100644
> --- a/meta-networking/recipes-daemons/squid/squid_3.5.28.bb
> +++ b/meta-networking/recipes-daemons/squid/squid_4.6.bb
> @@ -12,7 +12,7 @@ LICENSE = "GPLv2+"
> MAJ_VER = "${@oe.utils.trim_version("${PV}", 1)}"
> MIN_VER = "${@oe.utils.trim_version("${PV}", 2)}"
>
> -SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${MIN_VER}/${BPN}-${PV}.tar.bz2 \
> +SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.bz2 \
> file://Set-up-for-cross-compilation.patch \
> file://Skip-AC_RUN_IFELSE-tests.patch \
> file://Fix-flawed-dynamic-ldb-link-test-in-configure.patch \
> @@ -23,19 +23,18 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${MIN_VER}/${BPN}-${P
> file://squid-don-t-do-squid-conf-tests-at-build-time.patch \
> file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch \
> file://0001-tools.cc-fixed-unused-result-warning.patch \
> - file://0001-Bug-4843-pt1-ext_edirectory_userip_acl-refactoring-f.patch \
> - file://0002-smblib-fix-buffer-over-read.patch \
> + file://0001-splay.cc-fix-bind-is-not-a-member-of-std.patch \
> "
>
> SRC_URI_remove_toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch"
>
> -SRC_URI[md5sum] = "4ae3f6277b3aa6386cb5ad2d954179c2"
> -SRC_URI[sha256sum] = "11971bfe3c13f438e42569ea551206caf68ecaa968305c30f7b422b556ebc7ac"
> +SRC_URI[md5sum] = "6fb9f2be772b9bcaf2b3322d9e16ee1e"
> +SRC_URI[sha256sum] = "73c1970467618db194057f6c43c80019a4dc47847579fc404796ff2dcd215f05"
>
> -LIC_FILES_CHKSUM = "file://COPYING;md5=c492e2d6d32ec5c1aad0e0609a141ce9 \
> - file://errors/COPYRIGHT;md5=1c0781e2ecd3051c765d525572defbc7 \
> - "
> -DEPENDS = "libtool krb5 openldap db cyrus-sasl openssl expat libxml2"
> +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
> + file://errors/COPYRIGHT;md5=19cc4dd146f397e72f3ff6f9f58fbfbe \
> + "
> +DEPENDS = "libtool krb5 openldap db cyrus-sasl"
>
> inherit autotools pkgconfig useradd ptest perlnative
>
> @@ -51,6 +50,8 @@ PACKAGECONFIG[libnetfilter-conntrack] = "--with-netfilter-conntrack=${includedir
> PACKAGECONFIG[noatomics] = "squid_cv_gnu_atomics=no,squid_cv_gnu_atomics=yes,,"
> PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
> PACKAGECONFIG[werror] = "--enable-strict-error-checking,--disable-strict-error-checking,"
> +PACKAGECONFIG[esi] = "--enable-esi,--disable-esi,expat libxml2"
> +PACKAGECONFIG[ssl] = "--with-openssl=yes,--with-openssl=no,openssl"
>
> BASIC_AUTH = "DB SASL LDAP"
>
>
More information about the Openembedded-devel
mailing list