diff mbox series

[meta-networking,kirkstone,2/6] squid: patch CVE-2022-41317

Message ID 20251021183204.269102-2-skandigraun@gmail.com
State New
Headers show
Series [meta-networking,kirkstone,1/6] squid: patch CVE-2021-46784 | expand

Commit Message

Gyorgy Sarvari Oct. 21, 2025, 6:32 p.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-41317

Pick the v4 patch referenced in the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../squid/files/CVE-2022-41317.patch          | 26 +++++++++++++++++++
 .../recipes-daemons/squid/squid_4.15.bb       |  1 +
 2 files changed, 27 insertions(+)
 create mode 100644 meta-networking/recipes-daemons/squid/files/CVE-2022-41317.patch
diff mbox series

Patch

diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2022-41317.patch b/meta-networking/recipes-daemons/squid/files/CVE-2022-41317.patch
new file mode 100644
index 0000000000..a77f73aead
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2022-41317.patch
@@ -0,0 +1,26 @@ 
+From 745d5d5a6d10731656adfc2b1b4d16ef208dd073 Mon Sep 17 00:00:00 2001
+From: Amos Jeffries <yadij@users.noreply.github.com>
+Date: Wed, 17 Aug 2022 23:32:43 +0000
+Subject: [PATCH] Fix typo in manager ACL (#1113)
+
+CVE: CVE-2022-41317
+Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/2c5d2de9bdcd25d1127987f8f76c986ab5bfb6da]
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/cf.data.pre | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/cf.data.pre b/src/cf.data.pre
+index 4aef432..f15d56b 100644
+--- a/src/cf.data.pre
++++ b/src/cf.data.pre
+@@ -1001,7 +1001,7 @@ DEFAULT: ssl::certUntrusted ssl_error X509_V_ERR_INVALID_CA X509_V_ERR_SELF_SIGN
+ DEFAULT: ssl::certSelfSigned ssl_error X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
+ ENDIF
+ DEFAULT: all src all
+-DEFAULT: manager url_regex -i ^cache_object:// +i ^https?://[^/]+/squid-internal-mgr/
++DEFAULT: manager url_regex -i ^cache_object:// +i ^[^:]+://[^/]+/squid-internal-mgr/
+ DEFAULT: localhost src 127.0.0.1/32 ::1
+ DEFAULT: to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1/128 ::/128
+ DEFAULT_DOC: ACLs all, manager, localhost, and to_localhost are predefined.
diff --git a/meta-networking/recipes-daemons/squid/squid_4.15.bb b/meta-networking/recipes-daemons/squid/squid_4.15.bb
index b79f632508..4cb21187fc 100644
--- a/meta-networking/recipes-daemons/squid/squid_4.15.bb
+++ b/meta-networking/recipes-daemons/squid/squid_4.15.bb
@@ -34,6 +34,7 @@  SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.bz2
            file://CVE-2023-50269.patch \
            file://CVE-2023-5824.patch \
            file://CVE-2021-46784.patch \
+           file://CVE-2022-41317.patch \
            "
 
 SRC_URI:remove:toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch"