From patchwork Tue Oct 21 18:31:59 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gyorgy Sarvari <skandigraun@gmail.com>
X-Patchwork-Id: 72774
Return-Path: <skandigraun@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id CFB39CCD1B9
	for <webhook@archiver.kernel.org>; Tue, 21 Oct 2025 18:32:16 +0000 (UTC)
Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com
 [209.85.128.47])
 by mx.groups.io with SMTP id smtpd.web10.20638.1761071527566413951
 for <openembedded-devel@lists.openembedded.org>;
 Tue, 21 Oct 2025 11:32:07 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=fxmAc1/S;
 spf=pass (domain: gmail.com, ip: 209.85.128.47,
 mailfrom: skandigraun@gmail.com)
Received: by mail-wm1-f47.google.com with SMTP id
 5b1f17b1804b1-471066cfc2aso13319125e9.0
        for <openembedded-devel@lists.openembedded.org>;
 Tue, 21 Oct 2025 11:32:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1761071526; x=1761676326;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:to
         :from:from:to:cc:subject:date:message-id:reply-to;
        bh=CxHVn4UBABWYrVjTXDAeBRsTbdxVdhmRd9uVGM/Dmzc=;
        b=fxmAc1/SoIoLWeutLCvJiOlMd895g3pKkX9NwdAvnJp3dhnTyjJ2o1g2gmXw2i8cDL
         zGGuyyyCaiSsO874mk263RwTO9vp5XM3sADf48+oNNb41uJ/F7d9vTndbOVezRMWQtG3
         UtxKWQGkKQpI5gbzDBBQ2b0/qsQAQBoZX5FXf7UEWWWFiuvxV7AU+plSTgB/w+xjSI80
         QPdOR60eqhfHg58qyqhEVoaaLkaMQXVNgybXjjzLjW1QYYFyCuHeBaeu+63CvlfMRQSp
         KY95zfykN8V2UwkYnDhCyZkkNi/GwFzfws1sqB1U8cEcVrnEqV5nuDOXsVGaLS+0CvGw
         q/lw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1761071526; x=1761676326;
        h=content-transfer-encoding:mime-version:message-id:date:subject:to
         :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=CxHVn4UBABWYrVjTXDAeBRsTbdxVdhmRd9uVGM/Dmzc=;
        b=rKLHngbUzL2lJpYN8FUGhjsnfKQHWL229mAXJl/T/G8s4hlYnFikIQxG1Tjp55VTb8
         DeH1ZFb2lUG2N910dlScoaENz3/AcI5HNopWZDQ6cEB43C+mWuw1iWsXB4E1CmEUy5Fr
         e3CeZKrfMZhRx5ZLOzrrguQykRvftluaqmL1qQjQwK5MiOTF20fzLsnJ8H6DjIOUtZxm
         W9NKf0qD+VY6lqIOeH5UbFr54sC50+D7r1WjB9X5pIx7VfTKzSmuxQ6+qh1+aVEN2cSv
         QeyGD6+uwfzyd+fVsGWdyxWOSSjFaJ8L411JUiUWP2g6mL0CPl4qjC86igRFMQKC+DIe
         QOaA==
X-Gm-Message-State: AOJu0YwmGFOdufX6ZhMGhNnpxpf5eEUH8lcvSxz1eLzO+un2nJfDxZHr
	+OaZsVrA8EFtoAfxnujYvBBgxTRcvj1j+KGuOP6QVA5FGobKIRlciqaQuzpYiw==
X-Gm-Gg: ASbGncuOASieYCT9loGZH87p9/5sBU65ASFgXR3uvAK67m/Tso+NqfV82lBg0VWCR9c
	olCjFNSmZoxZmYro7xmk+rh1i08N9zniMXVJTKK3ji1aLviGwblKUF9REaPm2vxnlFzavEUyoZC
	vm6gBeCoc96E9s3MPFO7wjzHz36dpvn2aYR3nDOq1W26+JzYoYofgAgeo7beRA4VTYU1HCIUG3/
	hge5vyYFBi3Bz1geTD2LxjwAQsEfDsY6LXFleBErtciQD3Kczv31Tb9V07prazCk9b5cEpSX2Tw
	RrAE3cvxTxIX6USij9AhU2fjXn8nvLv83jbjD5EU5Dzs5YLIPlK4ypZhhwfiGkpoEXjWpq7lbAl
	PkJ82VOtlHQ2KJzOJ2M/O0kbu0MhVaZJ/DMv3G7pLqI4ggtZZMDAKdPI5tujgFbU6bIjyqO3+7E
	oq4mRXzy2QgEksGqarZcs=
X-Google-Smtp-Source: 
 AGHT+IH+0xw856IKRjQY8SL6tBDdd169R4WajRrDh80x/BJ5OGvCw0cNLlO7sjUinK+yPIziNaFcjA==
X-Received: by 2002:a05:600c:468b:b0:46e:4cd3:7d6e with SMTP id
 5b1f17b1804b1-47117876a24mr134838385e9.9.1761071525722;
        Tue, 21 Oct 2025 11:32:05 -0700 (PDT)
Received: from desktop ([51.154.145.205])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-47496cf3b45sm20984535e9.7.2025.10.21.11.32.05
        for <openembedded-devel@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 Oct 2025 11:32:05 -0700 (PDT)
From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-networking][kirkstone][PATCH 1/6] squid: patch CVE-2021-46784
Date: Tue, 21 Oct 2025 20:31:59 +0200
Message-ID: <20251021183204.269102-1-skandigraun@gmail.com>
X-Mailer: git-send-email 2.51.1
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 21 Oct 2025 18:32:16 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/120841

Details: https://nvd.nist.gov/vuln/detail/CVE-2021-46784

Pick the backported patch from v4 branch, that referenced the same PR[1]
that the patch[2] from the nvd report refers to.

[1]: https://github.com/squid-cache/squid/pull/1022
[2]: https://github.com/squid-cache/squid/commit/5e2ea2b13bd98f53e29964ca26bb0d602a8a12b9

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../squid/files/CVE-2021-46784.patch          | 133 ++++++++++++++++++
 .../recipes-daemons/squid/squid_4.15.bb       |   1 +
 2 files changed, 134 insertions(+)
 create mode 100644 meta-networking/recipes-daemons/squid/files/CVE-2021-46784.patch

diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2021-46784.patch b/meta-networking/recipes-daemons/squid/files/CVE-2021-46784.patch
new file mode 100644
index 0000000000..fd074f0b3c
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2021-46784.patch
@@ -0,0 +1,133 @@
+From 0cfe0d3efe438658ac3b1eeac44bdc07836a1649 Mon Sep 17 00:00:00 2001
+From: Joshua Rogers <MegaManSec@users.noreply.github.com>
+Date: Mon, 18 Apr 2022 13:42:36 +0000
+Subject: [PATCH] Improve handling of Gopher responses (#1022)
+
+CVE: CVE-2021-46784
+Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/780c4ea1b4c9d2fb41f6962aa6ed73ae57f74b2b]
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/gopher.cc | 45 ++++++++++++++++++++-------------------------
+ 1 file changed, 20 insertions(+), 25 deletions(-)
+
+diff --git a/src/gopher.cc b/src/gopher.cc
+index 169b0e1..6187da1 100644
+--- a/src/gopher.cc
++++ b/src/gopher.cc
+@@ -371,7 +371,6 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len)
+     char *lpos = NULL;
+     char *tline = NULL;
+     LOCAL_ARRAY(char, line, TEMP_BUF_SIZE);
+-    LOCAL_ARRAY(char, tmpbuf, TEMP_BUF_SIZE);
+     char *name = NULL;
+     char *selector = NULL;
+     char *host = NULL;
+@@ -381,7 +380,6 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len)
+     char gtype;
+     StoreEntry *entry = NULL;
+ 
+-    memset(tmpbuf, '\0', TEMP_BUF_SIZE);
+     memset(line, '\0', TEMP_BUF_SIZE);
+ 
+     entry = gopherState->entry;
+@@ -416,7 +414,7 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len)
+         return;
+     }
+ 
+-    String outbuf;
++    SBuf outbuf;
+ 
+     if (!gopherState->HTML_header_added) {
+         if (gopherState->conversion == GopherStateData::HTML_CSO_RESULT)
+@@ -583,34 +581,34 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len)
+                         break;
+                     }
+ 
+-                    memset(tmpbuf, '\0', TEMP_BUF_SIZE);
+-
+                     if ((gtype == GOPHER_TELNET) || (gtype == GOPHER_3270)) {
+                         if (strlen(escaped_selector) != 0)
+-                            snprintf(tmpbuf, TEMP_BUF_SIZE, "<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"telnet://%s@%s%s%s/\">%s</A>\n",
+-                                     icon_url, escaped_selector, rfc1738_escape_part(host),
+-                                     *port ? ":" : "", port, html_quote(name));
++                            outbuf.appendf("<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"telnet://%s@%s%s%s/\">%s</A>\n",
++                                           icon_url, escaped_selector, rfc1738_escape_part(host),
++                                           *port ? ":" : "", port, html_quote(name));
+                         else
+-                            snprintf(tmpbuf, TEMP_BUF_SIZE, "<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"telnet://%s%s%s/\">%s</A>\n",
+-                                     icon_url, rfc1738_escape_part(host), *port ? ":" : "",
+-                                     port, html_quote(name));
++                            outbuf.appendf("<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"telnet://%s%s%s/\">%s</A>\n",
++                                           icon_url, rfc1738_escape_part(host), *port ? ":" : "",
++                                           port, html_quote(name));
+ 
+                     } else if (gtype == GOPHER_INFO) {
+-                        snprintf(tmpbuf, TEMP_BUF_SIZE, "\t%s\n", html_quote(name));
++                        outbuf.appendf("\t%s\n", html_quote(name));
+                     } else {
+                         if (strncmp(selector, "GET /", 5) == 0) {
+                             /* WWW link */
+-                            snprintf(tmpbuf, TEMP_BUF_SIZE, "<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"http://%s/%s\">%s</A>\n",
+-                                     icon_url, host, rfc1738_escape_unescaped(selector + 5), html_quote(name));
++                            outbuf.appendf("<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"http://%s/%s\">%s</A>\n",
++                                           icon_url, host, rfc1738_escape_unescaped(selector + 5), html_quote(name));
++                        } else if (gtype == GOPHER_WWW) {
++                            outbuf.appendf("<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"gopher://%s/%c%s\">%s</A>\n",
++                                           icon_url, rfc1738_escape_unescaped(selector), html_quote(name));
+                         } else {
+                             /* Standard link */
+-                            snprintf(tmpbuf, TEMP_BUF_SIZE, "<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"gopher://%s/%c%s\">%s</A>\n",
+-                                     icon_url, host, gtype, escaped_selector, html_quote(name));
++                            outbuf.appendf("<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"gopher://%s/%c%s\">%s</A>\n",
++                                           icon_url, host, gtype, escaped_selector, html_quote(name));
+                         }
+                     }
+ 
+                     safe_free(escaped_selector);
+-                    outbuf.append(tmpbuf);
+                 } else {
+                     memset(line, '\0', TEMP_BUF_SIZE);
+                     continue;
+@@ -643,13 +641,12 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len)
+                     break;
+ 
+                 if (gopherState->cso_recno != recno) {
+-                    snprintf(tmpbuf, TEMP_BUF_SIZE, "</PRE><HR noshade size=\"1px\"><H2>Record# %d<br><i>%s</i></H2>\n<PRE>", recno, html_quote(result));
++                    outbuf.appendf("</PRE><HR noshade size=\"1px\"><H2>Record# %d<br><i>%s</i></H2>\n<PRE>", recno, html_quote(result));
+                     gopherState->cso_recno = recno;
+                 } else {
+-                    snprintf(tmpbuf, TEMP_BUF_SIZE, "%s\n", html_quote(result));
++                    outbuf.appendf("%s\n", html_quote(result));
+                 }
+ 
+-                outbuf.append(tmpbuf);
+                 break;
+             } else {
+                 int code;
+@@ -677,8 +674,7 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len)
+ 
+                 case 502: { /* Too Many Matches */
+                     /* Print the message the server returns */
+-                    snprintf(tmpbuf, TEMP_BUF_SIZE, "</PRE><HR noshade size=\"1px\"><H2>%s</H2>\n<PRE>", html_quote(result));
+-                    outbuf.append(tmpbuf);
++                    outbuf.appendf("</PRE><HR noshade size=\"1px\"><H2>%s</H2>\n<PRE>", html_quote(result));
+                     break;
+                 }
+ 
+@@ -694,13 +690,12 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len)
+ 
+     }               /* while loop */
+ 
+-    if (outbuf.size() > 0) {
+-        entry->append(outbuf.rawBuf(), outbuf.size());
++    if (outbuf.length() > 0) {
++        entry->append(outbuf.rawContent(), outbuf.length());
+         /* now let start sending stuff to client */
+         entry->flush();
+     }
+ 
+-    outbuf.clean();
+     return;
+ }
+ 
diff --git a/meta-networking/recipes-daemons/squid/squid_4.15.bb b/meta-networking/recipes-daemons/squid/squid_4.15.bb
index 6a4ef0a2b6..b79f632508 100644
--- a/meta-networking/recipes-daemons/squid/squid_4.15.bb
+++ b/meta-networking/recipes-daemons/squid/squid_4.15.bb
@@ -33,6 +33,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.bz2
            file://CVE-2023-49286.patch \
            file://CVE-2023-50269.patch \
            file://CVE-2023-5824.patch \
+           file://CVE-2021-46784.patch \
            "
 
 SRC_URI:remove:toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch"

From patchwork Tue Oct 21 18:32:00 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gyorgy Sarvari <skandigraun@gmail.com>
X-Patchwork-Id: 72775
Return-Path: <skandigraun@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C8BD4CCD1AF
	for <webhook@archiver.kernel.org>; Tue, 21 Oct 2025 18:32:16 +0000 (UTC)
Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com
 [209.85.128.43])
 by mx.groups.io with SMTP id smtpd.web10.20639.1761071528106939193
 for <openembedded-devel@lists.openembedded.org>;
 Tue, 21 Oct 2025 11:32:08 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=ipj+GtaM;
 spf=pass (domain: gmail.com, ip: 209.85.128.43,
 mailfrom: skandigraun@gmail.com)
Received: by mail-wm1-f43.google.com with SMTP id
 5b1f17b1804b1-4710665e7deso22727115e9.1
        for <openembedded-devel@lists.openembedded.org>;
 Tue, 21 Oct 2025 11:32:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1761071526; x=1761676326;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=HWRbH7wnnvhbOdUwWQIhqXmmMOp7hKMGzF4dK9xi7s8=;
        b=ipj+GtaMlX3uKWfnYkIYt1C/qiHkfJDbY2YvxcgRStubNV85Ih5mRDmJ5HWYo5PCaW
         q6N1X6yE+4XFSIKigNkAUiclu1SmppGtxkw3rDb/1hv8FelF3NdGlz4gQTN9KfgANLNN
         vQerxJREvKwJe6lRwC7N2LsoNFsbGDQlPTWPt0CgsQMS/W+DY45Av3IO6Ex3k1sW88ol
         RN3XezZv3t+rPfN8jf6uX++1Lmpu/278LvEG9TsQJtqluCDt2gtmFN1t0T1GRPS1DAq0
         47OCPocWD8WzJTVkuEuKKCKiWLEr6XgHWm/MUL4hbmdOfHxnuZvHCsnbXnDWCe3CfbDf
         1xIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1761071526; x=1761676326;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=HWRbH7wnnvhbOdUwWQIhqXmmMOp7hKMGzF4dK9xi7s8=;
        b=dtAM3qpO1moZf//rwLXZ0SmvawZKcHbUYFFqV9VQ3L1qbhIPvcaA0eNsytstRhXBMw
         spO8hHG3TBt6iqYE07mvVrWhdN1dSPx3Jn+laGqZ7Jx61eAnFd0795xqtjlnHDWVtZZE
         z+xN7hKmKrn0tkxnEuyWjq41o4tO3V2WCat/XBhME1AQaBxDWSyE8JXe7li/NHcoxF4i
         ksIM1t+xnk/RqV2HrUCCVpPZ4+7iBtzcrJSDoXFZjs8UqYQrED//CdSZIRKXEqXT9EQW
         AvRgnh+x2S2Sq7E757qxQj0VfsZU8g1EU6jkgZ4fT19htO5XiagnJrvXBrBOOmJoq6mw
         TXZg==
X-Gm-Message-State: AOJu0YySX9QZIti7h9jnYWCcYGqnwiDN4h6S7OED96cReBd1zxiDAp31
	GdKzot7ZCuokae2pbNALs5APwoCZcWoslyK54YI/s4VKhRmYkBrOv/OjYO7AeA==
X-Gm-Gg: ASbGnctYX8kvcMEQzLOvnDF8fHBljfrSNjwVF5fYrEFiObKOtkOKGLrG7EblS3KQ6xq
	eVY1LT96e8bDujdJrawuD8wHwCEVC7d/8rnaQszQYbkYXiZNnuKIJHgSLxg73BL9mXYW9nuZX10
	A+0k7Nd0KTA2cw863SsB4LNcgbsygX1LIxK/T6Wij9XrC+HJoUSO3LM6ZMukKmOITJZjF7gLbHC
	BtG5MBQFGpj3zpgy/sEREvcCfUJZuDEC3/DZlY5UCr7DW7SWPDX9xJWfLojZgOBbNnixeqcbpWn
	X9prS8l7mKLMxRKtphmUy9zwbP6nfVm/Bdm2ZiRUDDe46ehImiXGyuDgZ8nYrEabY6bic7jKre+
	dMFGfzVFG2CxzJisxT+5xy/MttI/q5dd3McFu0SBQImIKQv9RxdrVjWx0VAi9KttGOkAFJwnO5l
	dVZf9TW99W
X-Google-Smtp-Source: 
 AGHT+IHqNUX06YYkANz4XSaVxZjI6AULn0nv16QiIiWkTD/zIUWaK+WHcSy0qw0ZozmLpvdASK8dGw==
X-Received: by 2002:a05:600c:444d:b0:46e:396b:f5ae with SMTP id
 5b1f17b1804b1-471178ada32mr120859565e9.16.1761071526399;
        Tue, 21 Oct 2025 11:32:06 -0700 (PDT)
Received: from desktop ([51.154.145.205])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-47496cf3b45sm20984535e9.7.2025.10.21.11.32.05
        for <openembedded-devel@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 Oct 2025 11:32:06 -0700 (PDT)
From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-networking][kirkstone][PATCH 2/6] squid: patch CVE-2022-41317
Date: Tue, 21 Oct 2025 20:32:00 +0200
Message-ID: <20251021183204.269102-2-skandigraun@gmail.com>
X-Mailer: git-send-email 2.51.1
In-Reply-To: <20251021183204.269102-1-skandigraun@gmail.com>
References: <20251021183204.269102-1-skandigraun@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 21 Oct 2025 18:32:16 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/120842

Details: https://nvd.nist.gov/vuln/detail/CVE-2022-41317

Pick the v4 patch referenced in the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../squid/files/CVE-2022-41317.patch          | 26 +++++++++++++++++++
 .../recipes-daemons/squid/squid_4.15.bb       |  1 +
 2 files changed, 27 insertions(+)
 create mode 100644 meta-networking/recipes-daemons/squid/files/CVE-2022-41317.patch

diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2022-41317.patch b/meta-networking/recipes-daemons/squid/files/CVE-2022-41317.patch
new file mode 100644
index 0000000000..a77f73aead
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2022-41317.patch
@@ -0,0 +1,26 @@
+From 745d5d5a6d10731656adfc2b1b4d16ef208dd073 Mon Sep 17 00:00:00 2001
+From: Amos Jeffries <yadij@users.noreply.github.com>
+Date: Wed, 17 Aug 2022 23:32:43 +0000
+Subject: [PATCH] Fix typo in manager ACL (#1113)
+
+CVE: CVE-2022-41317
+Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/2c5d2de9bdcd25d1127987f8f76c986ab5bfb6da]
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/cf.data.pre | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/cf.data.pre b/src/cf.data.pre
+index 4aef432..f15d56b 100644
+--- a/src/cf.data.pre
++++ b/src/cf.data.pre
+@@ -1001,7 +1001,7 @@ DEFAULT: ssl::certUntrusted ssl_error X509_V_ERR_INVALID_CA X509_V_ERR_SELF_SIGN
+ DEFAULT: ssl::certSelfSigned ssl_error X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
+ ENDIF
+ DEFAULT: all src all
+-DEFAULT: manager url_regex -i ^cache_object:// +i ^https?://[^/]+/squid-internal-mgr/
++DEFAULT: manager url_regex -i ^cache_object:// +i ^[^:]+://[^/]+/squid-internal-mgr/
+ DEFAULT: localhost src 127.0.0.1/32 ::1
+ DEFAULT: to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1/128 ::/128
+ DEFAULT_DOC: ACLs all, manager, localhost, and to_localhost are predefined.
diff --git a/meta-networking/recipes-daemons/squid/squid_4.15.bb b/meta-networking/recipes-daemons/squid/squid_4.15.bb
index b79f632508..4cb21187fc 100644
--- a/meta-networking/recipes-daemons/squid/squid_4.15.bb
+++ b/meta-networking/recipes-daemons/squid/squid_4.15.bb
@@ -34,6 +34,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.bz2
            file://CVE-2023-50269.patch \
            file://CVE-2023-5824.patch \
            file://CVE-2021-46784.patch \
+           file://CVE-2022-41317.patch \
            "
 
 SRC_URI:remove:toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch"

From patchwork Tue Oct 21 18:32:01 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gyorgy Sarvari <skandigraun@gmail.com>
X-Patchwork-Id: 72777
Return-Path: <skandigraun@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DE539CCD1A5
	for <webhook@archiver.kernel.org>; Tue, 21 Oct 2025 18:32:16 +0000 (UTC)
Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com
 [209.85.128.49])
 by mx.groups.io with SMTP id smtpd.web10.20641.1761071528773881642
 for <openembedded-devel@lists.openembedded.org>;
 Tue, 21 Oct 2025 11:32:09 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=AKclfFPw;
 spf=pass (domain: gmail.com, ip: 209.85.128.49,
 mailfrom: skandigraun@gmail.com)
Received: by mail-wm1-f49.google.com with SMTP id
 5b1f17b1804b1-4710a1f9e4cso44092635e9.0
        for <openembedded-devel@lists.openembedded.org>;
 Tue, 21 Oct 2025 11:32:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1761071527; x=1761676327;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=QRWio3mQTZtrWhZCILwqmgGVreKA5VbxBk3FeiNPTJs=;
        b=AKclfFPwSgHQ59cuzU+uovD4SdIMFaBXTfV+n5babgXsQZ7mRtX8EQYqLy1cEBGxlV
         y+Duau+cb6Z1cVj76VZct3tyExlNei2u5J80JbHnmGXyIJEmGtCXo+z67qKRt1REdfA+
         hBkheNxeqYTnS7pieI8XSiw8Y1PKVugU8fQYLDTnvkQKABLLaw3sacz+7SbIVLpCyD33
         K8DfusB/oepe0tZsypNSPcvCCrQFB2KrnlXXcZKYw7Fyt8UpxcIS4X3kHptj4JWRrzw/
         TqxA2Xjix+vbiL6e4HTG0gowo8c8DscvoCZ5w1ooF5ClnmZxbfVdACEXevatQ0idnJ7t
         Cr7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1761071527; x=1761676327;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=QRWio3mQTZtrWhZCILwqmgGVreKA5VbxBk3FeiNPTJs=;
        b=IVF1w5YraKxtko1M2ZCp3PakXViP1jw+JyBSDsJYRoogBhLpfQxDuY1hcrAzJxsXzp
         YS+VtHSOmMm5Hf4xkezDXVvqABvqyjtP0Sv5RO70elOpwPFh36cEkLIE9jQ7mCH9/rlG
         XizEkaMLdd2yEyfQDK0EOTPLad4UZEjvId8mvt3LIQNCyUrYDB9+s9TO5VbNUrkCJQ/z
         43vyfh2q9CrvPVqXySS5OVuj7kqtmc19mgAcAtTCYz2Yk8IcpDHkSqnJu8AUjLXBzPVp
         +T1ZooyDhmVKzv7EmEY/Wvi2xmcb//69Q480cKQoYHS+REVrm+Qo9x0N1JxekffXooBL
         BuUA==
X-Gm-Message-State: AOJu0Ywo/9jxhz1Bfh0HjfMya8B3AXfU7+t84zoY9BBfdZBBcuI6g/E6
	OUcfzLV721cHF/f7ZQG7PERjtWFrFfJ1zNE0wZsbRT/dW5oFTvdSRSKyStyaPQ==
X-Gm-Gg: ASbGncsH36oUdbXapsKZFQQ6M2iVH+mNxx9eEjJYOZFmhkHATgHkTdLgVvZ26MyDG5N
	iF/oyDUwQlBDMukTeBP9upMByj9OZTemZb/0hCbGoKpJrVnAA7JK/vBPwtVQa7EiFQ8VCwy3Mx5
	Hhq6KsHnerCdWpL/8s49gIDyDAO19Ag7WB2yk89LmW+Wp/Lvzoqkrq5PAP1nwzKH+JimBdDJyho
	LoeTcEI3SNeD0xGs8YCeZY0ZKilHqxBq8WgZ+3JaGA4QbVbBeyGtkelntRLY+5BJBj2q9x24dKr
	99m7Z1EVi+aCVgS/uJovBjKwOQr1qjBKOfpH/EUODuYMH3sA4emuG7e0g1T+zDOHafZwzebIOx/
	LE8YhJGUQObqAdrt1vgzQ7cIKvQzCrK46lazLZQZ6b3LdFz2k2cPKfe/h+D870n9Uq8ku3as8Yh
	epp+BbYJMV
X-Google-Smtp-Source: 
 AGHT+IF0YDoiop0ueGh0R6KbOZ21AjHQ+mcd0QkFRKbkLITvoxIV9U0kpCRFWiNGlyZ3KDHYkB3p0A==
X-Received: by 2002:a05:600c:190b:b0:471:a24:497c with SMTP id
 5b1f17b1804b1-47117919b54mr139462585e9.33.1761071527038;
        Tue, 21 Oct 2025 11:32:07 -0700 (PDT)
Received: from desktop ([51.154.145.205])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-47496cf3b45sm20984535e9.7.2025.10.21.11.32.06
        for <openembedded-devel@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 Oct 2025 11:32:06 -0700 (PDT)
From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-networking][kirkstone][PATCH 3/6] squid: patch CVE-2022-41318
Date: Tue, 21 Oct 2025 20:32:01 +0200
Message-ID: <20251021183204.269102-3-skandigraun@gmail.com>
X-Mailer: git-send-email 2.51.1
In-Reply-To: <20251021183204.269102-1-skandigraun@gmail.com>
References: <20251021183204.269102-1-skandigraun@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 21 Oct 2025 18:32:16 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/120843

Details: https://nvd.nist.gov/vuln/detail/CVE-2022-41318

Pick the v4 patch referenced in the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../squid/files/CVE-2022-41318.patch          | 45 +++++++++++++++++++
 .../recipes-daemons/squid/squid_4.15.bb       |  1 +
 2 files changed, 46 insertions(+)
 create mode 100644 meta-networking/recipes-daemons/squid/files/CVE-2022-41318.patch

diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2022-41318.patch b/meta-networking/recipes-daemons/squid/files/CVE-2022-41318.patch
new file mode 100644
index 0000000000..c1cf699d05
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2022-41318.patch
@@ -0,0 +1,45 @@
+From 36a55f44abe5ee0387d83663397e7fe111e21fa4 Mon Sep 17 00:00:00 2001
+From: Amos Jeffries <yadij@users.noreply.github.com>
+Date: Tue, 9 Aug 2022 23:34:54 +0000
+Subject: [PATCH] Bug 3193 pt2: NTLM decoder truncating strings (#1114)
+
+The initial bug fix overlooked large 'offset' causing integer
+wrap to extract a too-short length string.
+
+Improve debugs and checks sequence to clarify cases and ensure
+that all are handled correctly.
+
+CVE: CVE-2022-41318
+Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/4031c6c2b004190fdffbc19dab7cd0305a2025b7]
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ lib/ntlmauth/ntlmauth.cc | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/lib/ntlmauth/ntlmauth.cc b/lib/ntlmauth/ntlmauth.cc
+index 5d96372..f00fd51 100644
+--- a/lib/ntlmauth/ntlmauth.cc
++++ b/lib/ntlmauth/ntlmauth.cc
+@@ -107,10 +107,19 @@ ntlm_fetch_string(const ntlmhdr *packet, const int32_t packet_size, const strhdr
+     int32_t o = le32toh(str->offset);
+     // debug("ntlm_fetch_string(plength=%d,l=%d,o=%d)\n",packet_size,l,o);
+ 
+-    if (l < 0 || l > NTLM_MAX_FIELD_LENGTH || o + l > packet_size || o == 0) {
+-        debug("ntlm_fetch_string: insane data (pkt-sz: %d, fetch len: %d, offset: %d)\n", packet_size,l,o);
++    if (l < 0 || l > NTLM_MAX_FIELD_LENGTH) {
++        debug("ntlm_fetch_string: insane string length (pkt-sz: %d, fetch len: %d, offset: %d)\n", packet_size,l,o);
+         return rv;
+     }
++    else if (o <= 0 || o > packet_size) {
++        debug("ntlm_fetch_string: insane string offset (pkt-sz: %d, fetch len: %d, offset: %d)\n", packet_size,l,o);
++        return rv;
++    }
++    else if (l > packet_size - o) {
++        debug("ntlm_fetch_string: truncated string data (pkt-sz: %d, fetch len: %d, offset: %d)\n", packet_size,l,o);
++        return rv;
++    }
++
+     rv.str = (char *)packet + o;
+     rv.l = 0;
+     if ((flags & NTLM_NEGOTIATE_ASCII) == 0) {
diff --git a/meta-networking/recipes-daemons/squid/squid_4.15.bb b/meta-networking/recipes-daemons/squid/squid_4.15.bb
index 4cb21187fc..9ac420d579 100644
--- a/meta-networking/recipes-daemons/squid/squid_4.15.bb
+++ b/meta-networking/recipes-daemons/squid/squid_4.15.bb
@@ -35,6 +35,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.bz2
            file://CVE-2023-5824.patch \
            file://CVE-2021-46784.patch \
            file://CVE-2022-41317.patch \
+           file://CVE-2022-41318.patch \
            "
 
 SRC_URI:remove:toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch"

From patchwork Tue Oct 21 18:32:02 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gyorgy Sarvari <skandigraun@gmail.com>
X-Patchwork-Id: 72778
Return-Path: <skandigraun@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E7FE1CCD1BB
	for <webhook@archiver.kernel.org>; Tue, 21 Oct 2025 18:32:16 +0000 (UTC)
Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com
 [209.85.128.54])
 by mx.groups.io with SMTP id smtpd.web10.20642.1761071529524669642
 for <openembedded-devel@lists.openembedded.org>;
 Tue, 21 Oct 2025 11:32:09 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=HhtWrmx3;
 spf=pass (domain: gmail.com, ip: 209.85.128.54,
 mailfrom: skandigraun@gmail.com)
Received: by mail-wm1-f54.google.com with SMTP id
 5b1f17b1804b1-47117f92e32so39458185e9.1
        for <openembedded-devel@lists.openembedded.org>;
 Tue, 21 Oct 2025 11:32:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1761071528; x=1761676328;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Zr2iLk/yeYniq8vrSxnrDzMjevUe3tjxK2DeLAAlO2Y=;
        b=HhtWrmx31J3VkMWozkRswpsIV/7erN8sG1X1OgSm0IgTFVZG8EI9JAOduI4jtEAjmO
         hT0OBNifFXr6n3Ft3cvIZGVi0oLGlrwMJgL0079K+CHhhVqEDFBQMVGV8P4oq5Y5+ICf
         42ch0xc92IknX2rIY9M6g1rOTORNGEyrRGY37gyJvg1SzQHV7sCiZr873WMi2Vn3jH5S
         2uJ7CU6Ez1+JAJUZeyk4QzwIukMgQM8IDJSk5DJcoPyxWMGPUJoXdSLxAucLrKYzhEDb
         tN3vs4/TOY1tFL/nqGXQA96STa1xZDNRo2zWYgTBSBae0Z4H3RvkbM9yaURGUTW2pKYG
         y+sQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1761071528; x=1761676328;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Zr2iLk/yeYniq8vrSxnrDzMjevUe3tjxK2DeLAAlO2Y=;
        b=pQd+2aKuxfakxxmAXxRvNmv9VjYFyz8A4fpFWFzeD0/0lVVJNRFgsAW8uV96Y7YwoJ
         Khtvzmq+4TTTqhLPew+ezXY3jJxeLpTbUgQu4Hz73NxW3dVHMUXvU+9FBfty5GjU1HA7
         4MTSfgzmWK/7s9J4rNErWO27QWx0umpeZuaa/nr8owVWji7WzR6Z7CESnm70FvgLr1RX
         fb/eXbM111mXYog5G5HjwQ+/n+yebVBRdpj/1GsEaoUh9zn2Q20momHDuONvTj9sp3T8
         nAzyXke1TNlwh3m5jiV9sGP3jOx/0oxOsw98q+6PA049P+JZGWoMCEM/1c+gBZCCQ3fG
         uI4w==
X-Gm-Message-State: AOJu0YxaMyyvcpDCq4pYvupRDu4HbWl0KQqnLDaEQx00kGDyQA0Srf0Q
	uxcmPPMIYRJEnr6V6xA6xpeaC7zLthCvQXTHP3qimEtm0taQsARx9fD12Av7ig==
X-Gm-Gg: ASbGncsjqQx9vBhX1dCW8/bZZZ7RLXy0mVnSrOOu6aPjunKCntuQodYiEVl6E/l4vlJ
	rphPjASDVJrH75yCLesD9C6+w2NpjHZkXiHVQuv8tJggVQBIeFkvX0Yi/u9dbbQ2tLfj3wPhE10
	tbkhjUOL5mYtrCCqV7U12M3pUvr7vBKBRinWw9bSO6geG8eWVOupaychLO+rnOBNeAquCqCPsht
	q/NuL0/ybZkR/0ab7L1I9Dcd1i0YL0+3AysBGlLwIQsZw/jtY264omkM+FVYSiD4yMRlYil0f0g
	GG2pmt2KmIx0YhmLJ+u6/5C4HjOdFf128Ra4eHRGb60ZaoCC5y8lONw10mFA5ECwGFOKkJDhf0p
	AlvBtIamOLrjWWtdEG1ASsjZ9AnrYsaB2PoLvp43+On6qUxUs7P34CLhG0MGMkMksAESkM8rJEw
	==
X-Google-Smtp-Source: 
 AGHT+IEbWIvDx37j4ifkrhyBj5PiIZzdBFbNGRZiKlCfDQEdB3KRPKjh0Hf7wqN9/GZaifz88n0cRw==
X-Received: by 2002:a05:600c:548a:b0:46f:b42e:edce with SMTP id
 5b1f17b1804b1-47117925db7mr121356125e9.39.1761071527794;
        Tue, 21 Oct 2025 11:32:07 -0700 (PDT)
Received: from desktop ([51.154.145.205])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-47496cf3b45sm20984535e9.7.2025.10.21.11.32.07
        for <openembedded-devel@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 Oct 2025 11:32:07 -0700 (PDT)
From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-networking][kirkstone][PATCH 4/6] squid: patch CVE-2023-46724
Date: Tue, 21 Oct 2025 20:32:02 +0200
Message-ID: <20251021183204.269102-4-skandigraun@gmail.com>
X-Mailer: git-send-email 2.51.1
In-Reply-To: <20251021183204.269102-1-skandigraun@gmail.com>
References: <20251021183204.269102-1-skandigraun@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 21 Oct 2025 18:32:16 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/120844

Details: https://nvd.nist.gov/vuln/detail/CVE-2023-46724

Pick the patch from the details of the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../squid/files/CVE-2023-46724.patch          | 41 +++++++++++++++++++
 .../recipes-daemons/squid/squid_4.15.bb       |  1 +
 2 files changed, 42 insertions(+)
 create mode 100644 meta-networking/recipes-daemons/squid/files/CVE-2023-46724.patch

diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-46724.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-46724.patch
new file mode 100644
index 0000000000..177e6e0c18
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-46724.patch
@@ -0,0 +1,41 @@
+From 7025a946c8795244f8b50a40a84640ca8ed9e321 Mon Sep 17 00:00:00 2001
+From: Andreas Weigel <andreas.weigel@securepoint.de>
+Date: Wed, 18 Oct 2023 04:14:31 +0000
+Subject: [PATCH] Fix validation of certificates with CN=* (#1523)
+
+The bug was discovered and detailed by Joshua Rogers at
+https://megamansec.github.io/Squid-Security-Audit/
+where it was filed as "Buffer UnderRead in SSL CN Parsing".
+
+CVE: CVE-2023-46724
+Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/792ef23e6e1c05780fe17f733859eef6eb8c8be3]
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/anyp/Uri.cc | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/anyp/Uri.cc b/src/anyp/Uri.cc
+index 54597f1..b0b60cf 100644
+--- a/src/anyp/Uri.cc
++++ b/src/anyp/Uri.cc
+@@ -173,6 +173,10 @@ urlInitialize(void)
+     assert(0 == matchDomainName("*.foo.com", ".foo.com", mdnHonorWildcards));
+     assert(0 != matchDomainName("*.foo.com", "foo.com", mdnHonorWildcards));
+ 
++    assert(0 != matchDomainName("foo.com", ""));
++    assert(0 != matchDomainName("foo.com", "", mdnHonorWildcards));
++    assert(0 != matchDomainName("foo.com", "", mdnRejectSubsubDomains));
++
+     /* more cases? */
+ }
+ 
+@@ -756,6 +760,8 @@ matchDomainName(const char *h, const char *d, uint8_t flags)
+         return -1;
+ 
+     dl = strlen(d);
++    if (dl == 0)
++        return 1;
+ 
+     /*
+      * Start at the ends of the two strings and work towards the
diff --git a/meta-networking/recipes-daemons/squid/squid_4.15.bb b/meta-networking/recipes-daemons/squid/squid_4.15.bb
index 9ac420d579..2c33d45bbf 100644
--- a/meta-networking/recipes-daemons/squid/squid_4.15.bb
+++ b/meta-networking/recipes-daemons/squid/squid_4.15.bb
@@ -36,6 +36,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.bz2
            file://CVE-2021-46784.patch \
            file://CVE-2022-41317.patch \
            file://CVE-2022-41318.patch \
+           file://CVE-2023-46724.patch \
            "
 
 SRC_URI:remove:toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch"

From patchwork Tue Oct 21 18:32:03 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gyorgy Sarvari <skandigraun@gmail.com>
X-Patchwork-Id: 72776
Return-Path: <skandigraun@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id F0859CCD1BF
	for <webhook@archiver.kernel.org>; Tue, 21 Oct 2025 18:32:16 +0000 (UTC)
Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com
 [209.85.128.46])
 by mx.groups.io with SMTP id smtpd.web10.20643.1761071530094912892
 for <openembedded-devel@lists.openembedded.org>;
 Tue, 21 Oct 2025 11:32:10 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=UniLQVlK;
 spf=pass (domain: gmail.com, ip: 209.85.128.46,
 mailfrom: skandigraun@gmail.com)
Received: by mail-wm1-f46.google.com with SMTP id
 5b1f17b1804b1-471076f819bso47161255e9.3
        for <openembedded-devel@lists.openembedded.org>;
 Tue, 21 Oct 2025 11:32:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1761071528; x=1761676328;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=TQ1F3pBH02p5Wxx9oHKTd5jMw/L3ObASinraFmnSya0=;
        b=UniLQVlKtoQujbjAepX1kqPnf+WmebXQjZLVlSHt/T52HdSLhQrXawrv/cnzcDNrnW
         BOGZi3uLGWpyf2RtrVMbl3O2NTdz/wvwC0up0HCM2APliHNSu5oksz48zemisP5C9fGh
         NAib8pK6yulJuEK0ZUJphXD4y5Tp32QhRxo62l4m72FRWw8Qlvn9czZPjXVG/D2OrBBi
         hOpEBMeuiMFpDYJdno7D2WzYsRH3g6K27MYLNrXO1g7XoD3NDtzj7fJROX90GbIfKY5T
         x62Vfw69IZQpUGRoGGiv5Eoriqki8k2COfQDc6vjHcHRiXkUDkmbyppwpJeGvvrgALWF
         p26g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1761071528; x=1761676328;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=TQ1F3pBH02p5Wxx9oHKTd5jMw/L3ObASinraFmnSya0=;
        b=MixOtRuJeQAyC1Kuk0xWOJrtmZuAwjLHAc/hha9KNZzyQ9c2B2IU3p6KE0OM5Ga+7I
         Z3qwEVzhQLpLIBsIYEWhOtV/CEjeN5pdOtcMAyU08/jNkyjQoPX6eGUapMfpyxyCr/Jt
         rj8J56TYvye1myo3zyXN/zdHxvtf9f1LIn4lcXjrCffdKs+FBCaTSnxX2cVpW1bWmIJD
         vu375L7XnPyp+JYSnyXHZq4ToThuZDApVQ0MB/ItSw175VU49w3jeteYMeJsjuTLIyPG
         bCc13zNdX4biFFmiOjU2lXFMghuHLiyhx2XP6erpLntz+T9/cZ5eBnoF95c5z8HoV+xs
         HukQ==
X-Gm-Message-State: AOJu0YwqezLjTvim2VNPSJIHur9kMCkHLIqj2b3nWRcczzyj8y2Sqjxe
	fEgmJ26YrZAuhNhYDJqZ6+zezegyJdXOZDzrGf/kwgkq4O8dW4clQOKtHyzhlg==
X-Gm-Gg: ASbGncvYGRIwsIfLwCguf/X6OSzCYNjEuyPuXGO/6fQHYvVAMOl2z7hZKG3m/BbwrUO
	P3G+8qpF61mDG0tGF7yT0hhYNC7871eNr2qY1YDkgDaEHYxlddF6fHa1KVnq9ydqbAaNVUhKLPx
	L0+X490XRGpbiRAU293W5y82ZRBObz0PBHYAtrJ0P2JhhIEl+26R7JcZm8bRlPn1p2fUYa6skPs
	lIihbodU3rU6pXIZaz28utznjj9wfepZDPDuPMPjQsdRu3M2E3ksR1p0ENfBZnVGYuNYX3g1k9A
	D+A2QecBYlssBmQeF9Wf5o8BzL/J8E/VR2nVelK34tf7c9grbL9iguthAVg0m3I7Ip9xEFprTtd
	rTT2Zws1f6iyTRtFMjiiGcd6eP7tMjcBF+GAA8pZL0bPLAbsfEzimDagNLxUgcfzZJkSadjcPED
	eXnJD0uR67
X-Google-Smtp-Source: 
 AGHT+IEYbJthmxqjlfm/BkyyEcDFpSgKF6CP2IFCn0NMHdhrgvaxNvr0aA8VYBInDNYq3QNAPVlbBQ==
X-Received: by 2002:a05:600c:a4a:b0:471:145b:dd0d with SMTP id
 5b1f17b1804b1-4711790c334mr106759175e9.24.1761071528433;
        Tue, 21 Oct 2025 11:32:08 -0700 (PDT)
Received: from desktop ([51.154.145.205])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-47496cf3b45sm20984535e9.7.2025.10.21.11.32.07
        for <openembedded-devel@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 Oct 2025 11:32:08 -0700 (PDT)
From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-networking][kirkstone][PATCH 5/6] squid: patch CVE-2025-59362
Date: Tue, 21 Oct 2025 20:32:03 +0200
Message-ID: <20251021183204.269102-5-skandigraun@gmail.com>
X-Mailer: git-send-email 2.51.1
In-Reply-To: <20251021183204.269102-1-skandigraun@gmail.com>
References: <20251021183204.269102-1-skandigraun@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 21 Oct 2025 18:32:16 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/120845

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-59362

Pick the PR content that's referenced in the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../squid/files/CVE-2025-59362.patch          | 51 +++++++++++++++++++
 .../recipes-daemons/squid/squid_4.15.bb       |  1 +
 2 files changed, 52 insertions(+)
 create mode 100644 meta-networking/recipes-daemons/squid/files/CVE-2025-59362.patch

diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2025-59362.patch b/meta-networking/recipes-daemons/squid/files/CVE-2025-59362.patch
new file mode 100644
index 0000000000..1d50cb31e1
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2025-59362.patch
@@ -0,0 +1,51 @@
+From 4b9784928c87225605fd223b6fa0e5b42d039359 Mon Sep 17 00:00:00 2001
+From: Alex Rousskov <rousskov@measurement-factory.com>
+Date: Sat, 30 Aug 2025 06:49:36 +0000
+Subject: [PATCH] Fix ASN.1 encoding of long SNMP OIDs (#2149)
+
+CVE: CVE-2025-59362
+Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/0d89165ee6da10e6fa50c44998b3cd16d59400e9]
+---
+ lib/snmplib/asn1.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/lib/snmplib/asn1.c b/lib/snmplib/asn1.c
+index 8a4e471..0bb1f0b 100644
+--- a/lib/snmplib/asn1.c
++++ b/lib/snmplib/asn1.c
+@@ -771,6 +771,7 @@ asn_build_objid(u_char * data, int *datalength,
+      * lastbyte ::= 0 7bitvalue
+      */
+     u_char buf[MAX_OID_LEN];
++    u_char *bufEnd = buf + sizeof(buf);
+     u_char *bp = buf;
+     oid *op = objid;
+     int asnlength;
+@@ -789,6 +790,10 @@ asn_build_objid(u_char * data, int *datalength,
+     while (objidlength-- > 0) {
+         subid = *op++;
+         if (subid < 127) {  /* off by one? */
++            if (bp >= bufEnd) {
++                snmp_set_api_error(SNMPERR_ASN_ENCODE);
++                return (NULL);
++            }
+             *bp++ = subid;
+         } else {
+             mask = 0x7F;    /* handle subid == 0 case */
+@@ -806,8 +811,16 @@ asn_build_objid(u_char * data, int *datalength,
+                 /* fix a mask that got truncated above */
+                 if (mask == 0x1E00000)
+                     mask = 0xFE00000;
++                if (bp >= bufEnd) {
++                    snmp_set_api_error(SNMPERR_ASN_ENCODE);
++                    return (NULL);
++                }
+                 *bp++ = (u_char) (((subid & mask) >> bits) | ASN_BIT8);
+             }
++            if (bp >= bufEnd) {
++                snmp_set_api_error(SNMPERR_ASN_ENCODE);
++                return (NULL);
++            }
+             *bp++ = (u_char) (subid & mask);
+         }
+     }
diff --git a/meta-networking/recipes-daemons/squid/squid_4.15.bb b/meta-networking/recipes-daemons/squid/squid_4.15.bb
index 2c33d45bbf..ae3b66c7af 100644
--- a/meta-networking/recipes-daemons/squid/squid_4.15.bb
+++ b/meta-networking/recipes-daemons/squid/squid_4.15.bb
@@ -37,6 +37,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.bz2
            file://CVE-2022-41317.patch \
            file://CVE-2022-41318.patch \
            file://CVE-2023-46724.patch \
+           file://CVE-2025-59362.patch \
            "
 
 SRC_URI:remove:toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch"

From patchwork Tue Oct 21 18:32:04 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gyorgy Sarvari <skandigraun@gmail.com>
X-Patchwork-Id: 72779
Return-Path: <skandigraun@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 02C28CCD1BD
	for <webhook@archiver.kernel.org>; Tue, 21 Oct 2025 18:32:17 +0000 (UTC)
Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com
 [209.85.221.53])
 by mx.groups.io with SMTP id smtpd.web10.20644.1761071530716849294
 for <openembedded-devel@lists.openembedded.org>;
 Tue, 21 Oct 2025 11:32:11 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=YrL/4+2P;
 spf=pass (domain: gmail.com, ip: 209.85.221.53,
 mailfrom: skandigraun@gmail.com)
Received: by mail-wr1-f53.google.com with SMTP id
 ffacd0b85a97d-3ed20bdfdffso5460818f8f.2
        for <openembedded-devel@lists.openembedded.org>;
 Tue, 21 Oct 2025 11:32:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1761071529; x=1761676329;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=wtLHg0wCDLMYgiR+FQ8a1uPfkIOJUC42p9HauUnOOd0=;
        b=YrL/4+2PfQHJ/na5dPcbpdC8uVFPAqAEUVveXrQEnP0NUpn2XyhjRNfkRYqMDzD/Ad
         wsX8lcIjXl8wEx0FK+DsuUNT64+OarbWIDoHf8JIiu1MiBWhfPARoUmy5zQOJpeZwKvS
         udnK/RIZAZO5pYOD9DrnAiroAfvuSnX4RAULaUquEyOLaAonhjMK6T3qZOhHUu1MY/yX
         knnD5qBWsTMlQNcNShn0jdn78babTmKoBTlFMnvIYUKgM4B9Q9TLQhShQkDImuWieZc7
         hP7iHNllu529u1gjjs2fvL1lWh7lFsLV8Q7QWprYroFiY1hIWzH+tzUNblEWZ9B14i0s
         +WaQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1761071529; x=1761676329;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=wtLHg0wCDLMYgiR+FQ8a1uPfkIOJUC42p9HauUnOOd0=;
        b=ro7MDivBC6HMnnBg/QO9gScXDpWq4hwB/0VHriYzGn20QHeEq7IzedQhpVVCfpM3c+
         pF+ynJbzTdBlAMAaXBURJ6lnjPNfdZOeoj6uXrrYZkgv4nfldrjiC3dPjvmQ9EGVI6I+
         dDdtj5NpAMY6i6iedlodkADX1DCXJsqlifcATj8npZKCF8Lxm7Zyh5VBGtbTNwG/rMLy
         o0QlSfXSmFceOBNTGenW7x305bgLGADZH2qmEuj3BwvczTy/mRjIZ1h0PpGrP1MJRJZT
         tHRCQGWd0Yvz7IGODlQZu/cVwCU0BXfIqlQPEQorJydWeOuk6CVAu1gfh89btGN3cONB
         MqXw==
X-Gm-Message-State: AOJu0YyIFu+A5LAq2yR8bY7ySlk+8sowy6YNawnHOI1Epfh5ozXZ0j1/
	YhpkNeEBB6fCsljidW9bUu20yF/xI3Qb/vY6mKLLEGpUGxRIj7nXRuwlcd7PIg==
X-Gm-Gg: ASbGncubFNdVIhkTKjLHLYjIAONgkocd+JmxNNA3kjgiSmpsCDllgpjQfCignn64JMQ
	PeUNo52+THrr+XqCMI2T2ABhJhJLnDlp/efYAjgKX0laytYjsHJ+qLwHjLzbJV8AruLD7rmdSRK
	7QnJVqYDBLg1fax4fb3MSnz8Zw1b3VKQZ3ERJkM0rsJ/LKT9UjqZvw6MVy77LtDq9bX74cEhys/
	WnYnOoauf0dTR5rmZq85Qt72KodsHTQAWrTBUVrp3ngK2Hq1uqTPCRD1Aqwkd80zta/9iie7vFk
	cl0llO+Y4URiLQFtfmMAZPZ5v7Rxa5BGkfYH4TlAnQdFtAxGsVRpLKlRiBtAWraIGQr03qqAYf3
	WiYr66PrAE1vot6Z/R5lKWw+awrcAxGynjZdTPYjW2I78WRdqZZNkvG4zb2XX538NWWJAFYU/vV
	ps+q8QZIUo
X-Google-Smtp-Source: 
 AGHT+IFhHUrsqZi+O/SbavByrdG3n1Ixd1SCo6cOUYibOTBUdUAyNA7t6F2CcmFuoDh57wFFY/NAlQ==
X-Received: by 2002:a05:6000:402c:b0:428:1475:6a26 with SMTP id
 ffacd0b85a97d-42814756c20mr9494708f8f.56.1761071529064;
        Tue, 21 Oct 2025 11:32:09 -0700 (PDT)
Received: from desktop ([51.154.145.205])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-47496cf3b45sm20984535e9.7.2025.10.21.11.32.08
        for <openembedded-devel@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 Oct 2025 11:32:08 -0700 (PDT)
From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-networking][kirkstone][PATCH 6/6] squid: fix esi PACKAGECONFIG
Date: Tue, 21 Oct 2025 20:32:04 +0200
Message-ID: <20251021183204.269102-6-skandigraun@gmail.com>
X-Mailer: git-send-email 2.51.1
In-Reply-To: <20251021183204.269102-1-skandigraun@gmail.com>
References: <20251021183204.269102-1-skandigraun@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 21 Oct 2025 18:32:17 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/120846

libxml has derecated the "xmlSetFeature" call, and hid is behind a special
config flag (--with-legacy), which is not used by default in oe-core.

This makes compilation fail, when "esi" PACKAGECONFIG is enabled:

Libxml2Parser.cc:94:5: error: 'xmlSetFeature' was not declared in this scope; did you mean 'xmlHasFeature'?

This backported patch fixes this.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 ...ct-and-unnecessary-xmlSetFeature-cal.patch | 35 +++++++++++++++++++
 .../recipes-daemons/squid/squid_4.15.bb       |  1 +
 2 files changed, 36 insertions(+)
 create mode 100644 meta-networking/recipes-daemons/squid/files/0001-ESI-Drop-incorrect-and-unnecessary-xmlSetFeature-cal.patch

diff --git a/meta-networking/recipes-daemons/squid/files/0001-ESI-Drop-incorrect-and-unnecessary-xmlSetFeature-cal.patch b/meta-networking/recipes-daemons/squid/files/0001-ESI-Drop-incorrect-and-unnecessary-xmlSetFeature-cal.patch
new file mode 100644
index 0000000000..6f467258b9
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/0001-ESI-Drop-incorrect-and-unnecessary-xmlSetFeature-cal.patch
@@ -0,0 +1,35 @@
+From c312f7fa80371cc6db583590258381ebc7cd18f6 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sun, 20 Feb 2022 19:42:40 +0000
+Subject: [PATCH] ESI: Drop incorrect and unnecessary xmlSetFeature() call
+ (#988)
+
+xmlSetFeature() has been deprecated for 10+ years and will eventually be
+removed from libxml2. Squid calls xmlSetFeature() with the wrong
+argument: a nil `value` pointer instead of a pointer to a zero value.
+When called with a nil `value`, the function does nothing but returning
+an error. Squid does not check whether xmlSetFeature() call is
+successful, and the bug went unnoticed since libxml2 support was added
+in commit 964b44c.
+
+Since libxml2 does not substitute entities by default, the call can be
+removed to achieve the intended effect.
+
+Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/5db4df2c6f83b5c26357f4439d28b92ef7071cd5]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/esi/Libxml2Parser.cc | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/src/esi/Libxml2Parser.cc b/src/esi/Libxml2Parser.cc
+index 2b9ba0a..0301b77 100644
+--- a/src/esi/Libxml2Parser.cc
++++ b/src/esi/Libxml2Parser.cc
+@@ -91,7 +91,6 @@ ESILibxml2Parser::ESILibxml2Parser(ESIParserClient *aClient) : theClient (aClien
+ 
+     /* TODO: grab the document encoding from the headers */
+     parser = xmlCreatePushParserCtxt(&sax, static_cast<void *>(this), NULL, 0, NULL);
+-    xmlSetFeature(parser, "substitute entities", 0);
+ 
+     if (entity_doc == NULL)
+         entity_doc = htmlNewDoc(NULL, NULL);
diff --git a/meta-networking/recipes-daemons/squid/squid_4.15.bb b/meta-networking/recipes-daemons/squid/squid_4.15.bb
index ae3b66c7af..575ad76ad3 100644
--- a/meta-networking/recipes-daemons/squid/squid_4.15.bb
+++ b/meta-networking/recipes-daemons/squid/squid_4.15.bb
@@ -38,6 +38,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.bz2
            file://CVE-2022-41318.patch \
            file://CVE-2023-46724.patch \
            file://CVE-2025-59362.patch \
+           file://0001-ESI-Drop-incorrect-and-unnecessary-xmlSetFeature-cal.patch \
            "
 
 SRC_URI:remove:toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch"