squid: update from v5.7 to v6.5

Refresh patches and clean up ones that are no longer needed:

* dlopen test was removed in b65d2165c5c250242764ed7cdac4540fba813dec
* libxml2 variables were removed in
  866a092dad01e58986a6e9ecb84ac89037a63e9a
* squid-conf-tests no longer run at build time since
  cd3dc147bf8abc0225237ced865c6660fffcb63a

Fix squid-conf-tests to allow running on target device.

License change: Update year

The version update eliminates the following CVEs:

* CVE-2023-5824  (affected: <6.4)
* CVE-2023-46724 (affected: >=3.3.0.1, <6.4)
* CVE-2023-46728 (affected: <6.0.1)
* CVE-2023-46846 (affected: >=2.6, <6.4)
* CVE-2023-46847 (affected: >=3.2.0.1, <6.4)
* CVE-2023-46848 (affected: >=5.0.3, <6.4)

Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

meta-networking/recipes-daemons/squid/files/0001-configure-Check-for-Wno-error-format-truncation-comp.patch

@@ -1,4 +1,4 @@
-From c21adbb0b230ffba97cf5d059e2bd024e13a37df Mon Sep 17 00:00:00 2001
+From 38e7e90cc2075952c1b74f5fca826f9c6cadb2f0 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Sat, 22 Apr 2017 11:54:57 -0700
 Subject: [PATCH] configure: Check for -Wno-error=format-truncation compiler
@@ -13,8 +13,8 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
 ---
 Upstream-Status: Pending
 
- acinclude/ax_check_compile_flag.m4 | 74 ++++++++++++++++++++++++++++++++++++++
- configure.ac                       |  2 ++
+ acinclude/ax_check_compile_flag.m4 | 74 ++++++++++++++++++++++++++++++
+ configure.ac                       |  2 +
  2 files changed, 76 insertions(+)
  create mode 100644 acinclude/ax_check_compile_flag.m4
 
@@ -99,20 +99,20 @@ index 0000000..dcabb92
 +AS_VAR_POPDEF([CACHEVAR])dnl
 +])dnl AX_CHECK_COMPILE_FLAGS
 diff --git a/configure.ac b/configure.ac
-index ff4688c..9382fdf 100644
+index 2543676..4635474 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -26,6 +26,7 @@ m4_include([acinclude/pkg.m4])
+@@ -28,6 +28,7 @@ m4_include([acinclude/pkg.m4])
+ m4_include([acinclude/tdb.m4])
  m4_include([acinclude/lib-checks.m4])
- m4_include([acinclude/ax_cxx_compile_stdcxx_11.m4])
- m4_include([acinclude/ax_cxx_0x_types.m4])
+ m4_include([acinclude/ax_cxx_compile_stdcxx.m4])
 +m4_include([acinclude/ax_check_compile_flag.m4])
  
  HOSTCXX="$BUILD_CXX"
  PRESET_CFLAGS="$CFLAGS"
-@@ -44,6 +45,7 @@ AC_PROG_CXX
+@@ -59,6 +60,7 @@ AC_USE_SYSTEM_EXTENSIONS
+ 
  AC_LANG([C++])
- AC_CANONICAL_HOST
  
 +AX_CHECK_COMPILE_FLAG([-Werror=format-truncation],[CFLAGS="$CFLAGS -Wno-error=format-truncation" CXXFLAGS="$CXXFLAGS -Wno-error=format-truncation"])
  # Clang 3.2 on some CPUs requires -march-native to detect correctly.

meta-networking/recipes-daemons/squid/files/0002-squid-make-squid-conf-tests-run-on-target-device.patch

@@ -0,0 +1,74 @@
+From cd8bf8a4bf881f84c23a5fc1f48bb716efa51512 Mon Sep 17 00:00:00 2001
+From: Patrick Wicki <patrick.wicki@siemens.com>
+Date: Wed, 22 Nov 2023 15:35:44 +0100
+Subject: [PATCH] squid: make squid-conf-tests run on target device
+
+* Fix paths to allow tests to run outside the original builddir
+* Allow the tests to run on read-only root
+  * Don't overwrite tests with true on success
+  * Change logfile path to /var/log
+
+Upstream-Status: Inappropriate [cross compile specific]
+
+Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
+
+---
+ test-suite/Makefile.am        | 16 ++++++++--------
+ test-suite/test-squid-conf.sh |  2 +-
+ 2 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/test-suite/Makefile.am b/test-suite/Makefile.am
+index 8becdbc..eccd49c 100644
+--- a/test-suite/Makefile.am
++++ b/test-suite/Makefile.am
+@@ -21,7 +21,7 @@ LDADD = \
+ EXTRA_PROGRAMS = mem_node_test splay
+ 
+ EXTRA_DIST = \
+-	$(srcdir)/squidconf/* \
++	squidconf/* \
+ 	test-functionality.sh \
+ 	test-sources.sh \
+ 	test-squid-conf.sh \
+@@ -134,21 +134,21 @@ VirtualDeleteOperator_SOURCES = \
+ 
+ installcheck-local: squid-conf-tests
+ 
+-squid-conf-tests: $(srcdir)/test-squid-conf.sh $(top_builddir)/src/squid.conf.default $(srcdir)/squidconf/*
+-	@failed=0; cfglist="$(top_builddir)/src/squid.conf.default $(srcdir)/squidconf/*.conf"; rm -f $@ || $(TRUE); \
++squid-conf-tests: test-squid-conf.sh $(top_builddir)/src/squid.conf.default squidconf/*
++	@failed=0; cfglist="$(top_builddir)/src/squid.conf.default squidconf/*.conf"; rm -f $@ || $(TRUE); \
+ 	for cfg in $$cfglist ; do \
+-		$(srcdir)/test-squid-conf.sh $(top_builddir) $(sbindir) $$cfg || \
++		./test-squid-conf.sh $(top_builddir) $(sbindir) $$cfg || \
+ 			{ echo "FAIL: squid.conf test: $$cfg" | \
+ 				sed s%$(top_builddir)/src/%% | \
+-				sed s%$(srcdir)/squidconf/%% ; \
++				sed s%squidconf/%% ; \
+ 				failed=1; break; \
+ 			}; \
+ 		if test "$$failed" -eq 0; then \
+ 			echo "PASS: squid.conf test: $$cfg" | \
+ 				sed s%$(top_builddir)/src/%% | \
+-				sed s%$(srcdir)/squidconf/%% ; \
++				sed s%squidconf/%% ; \
+ 		else break; fi; \
+ 	done; \
+-	if test "$$failed" -eq 0; then cp $(TRUE) $@ ; else exit 1; fi
++	exit "$$failed"
+ 
+-CLEANFILES += squid-conf-tests squid-stderr.log
++CLEANFILES += squid-conf-tests /var/log/squid-stderr.log
+diff --git a/test-suite/test-squid-conf.sh b/test-suite/test-squid-conf.sh
+index 05fcaf3..a5a8a5a 100755
+--- a/test-suite/test-squid-conf.sh
++++ b/test-suite/test-squid-conf.sh
+@@ -111,7 +111,7 @@ then
+     done < $instructionsFile
+ fi
+ 
+-errorLog="squid-stderr.log"
++errorLog="/var/log/squid-stderr.log"
+ 
+ $sbindir/squid -k parse -f $configFile 2> $errorLog
+ result=$?

meta-networking/recipes-daemons/squid/files/Fix-flawed-dynamic-ldb-link-test-in-configure.patch

@@ -1,40 +0,0 @@
-From b73b802282bf95d214c86ba943c5765ba6930bc1 Mon Sep 17 00:00:00 2001
-From: Jim Somerville <Jim.Somerville@windriver.com>
-Date: Mon, 21 Oct 2013 12:50:44 -0400
-Subject: [PATCH] Fix flawed dynamic -ldb link test in configure
-
-The test uses dbopen, but just ignores the fact
-that this function may not exist in the db version
-used.  This leads to the dynamic link test failing
-and the configure script just making assumptions
-about why and setting the need for -ldb incorrectly.
-
-Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
-
----
-Upstream-Status: Pending
-
- configure.ac | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/configure.ac b/configure.ac
-index d2f7feb..c7ae568 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -3268,6 +3268,16 @@ case "$host" in
- 		;;
- esac
- 
-+if test "x$ac_cv_have_decl_dbopen" = "xyes"; then
-+  dnl 1.85
-+  SQUID_CHECK_DBOPEN_NEEDS_LIBDB
-+else
-+  # dbopen isn't there. So instead of running a compile/link test that
-+  # uses it and is thus guaranteed to fail, we just assume that we will
-+  # need to link in the db library, rather than fabricate some other
-+  # dynamic compile/link test.
-+  ac_cv_dbopen_libdb="yes"
-+fi
- dnl System-specific library modifications
- dnl
- case "$host" in

meta-networking/recipes-daemons/squid/files/Set-up-for-cross-compilation.patch

@@ -1,4 +1,4 @@
-From 995aaf30799fa972441354b6feb45f0621968929 Mon Sep 17 00:00:00 2001
+From c0be3192f608037682464bcb728e97f9d9b543aa Mon Sep 17 00:00:00 2001
 From: Jim Somerville <Jim.Somerville@windriver.com>
 Date: Wed, 16 Oct 2013 16:41:03 -0400
 Subject: [PATCH] Set up for cross compilation
@@ -17,12 +17,12 @@ Upstream-Status: Pending
  1 file changed, 1 insertion(+)
 
 diff --git a/configure.ac b/configure.ac
-index fe80ee0..57cd1ac 100644
+index ca0bc79..c222851 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -27,6 +27,7 @@ m4_include([acinclude/lib-checks.m4])
- m4_include([acinclude/ax_cxx_compile_stdcxx_11.m4])
- m4_include([acinclude/ax_cxx_0x_types.m4])
+@@ -29,6 +29,7 @@ m4_include([acinclude/tdb.m4])
+ m4_include([acinclude/lib-checks.m4])
+ m4_include([acinclude/ax_cxx_compile_stdcxx.m4])
  
 +HOSTCXX="$BUILD_CXX"
  PRESET_CFLAGS="$CFLAGS"

meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch

@@ -1,4 +1,4 @@
-From e4778299a3e49a634d2c7fe4fd9ac77777e829e3 Mon Sep 17 00:00:00 2001
+From 050f8ab275a7a5f3d94045da6b15a2b63dfbeb3f Mon Sep 17 00:00:00 2001
 From: Jim Somerville <Jim.Somerville@windriver.com>
 Date: Tue, 14 Oct 2014 02:56:08 -0400
 Subject: [PATCH] Skip AC_RUN_IFELSE tests
@@ -17,10 +17,10 @@ Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
  2 files changed, 15 insertions(+), 3 deletions(-)
 
 diff --git a/acinclude/krb5.m4 b/acinclude/krb5.m4
-index ad0ba60..4477446 100644
+index 2c4e340..64648e3 100644
 --- a/acinclude/krb5.m4
 +++ b/acinclude/krb5.m4
-@@ -61,7 +61,15 @@ main(void)
+@@ -57,7 +57,15 @@ main(void)
  
          return 0;
  }
@@ -35,13 +35,13 @@ index ad0ba60..4477446 100644
 +     dnl Can't test in cross compiled env - so assume good
 +     squid_cv_broken_heimdal_krb5_h=no
      ])
+     SQUID_STATE_ROLLBACK(squid_krb5_heimdal_test)
    ])
- ]) dnl SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H
 diff --git a/acinclude/lib-checks.m4 b/acinclude/lib-checks.m4
-index 1e9333527c..2d42787029 100644
+index 53847a8..850322a 100644
 --- a/acinclude/lib-checks.m4
 +++ b/acinclude/lib-checks.m4
-@@ -227,7 +227,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
+@@ -205,7 +205,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
    [
     AC_MSG_RESULT([no])
    ],
@@ -52,15 +52,14 @@ index 1e9333527c..2d42787029 100644
  
  SQUID_STATE_ROLLBACK(check_const_SSL_METHOD)
  ])
-@@ -386,8 +386,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
-   [
-    AC_MSG_RESULT([yes])
-    AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1)
--  ],
--[])
+@@ -347,7 +349,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
+   ],[
+     AC_MSG_RESULT([yes])
+     AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1)
+-  ],[])
 +  ],[
 +    AC_MSG_RESULT([skipped - can't test in cross-compiled env])
 +  ])
  
- SQUID_STATE_ROLLBACK(check_TXTDB)
+   SQUID_STATE_ROLLBACK(check_TXTDB)
  ])

meta-networking/recipes-daemons/squid/files/run-ptest

@@ -1,3 +1,4 @@
 #!/bin/sh
 #
+make -C test-suite -k squid-conf-tests
 make -C test-suite -k runtest-TESTS

meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch

@@ -1,41 +0,0 @@
-From 702bd881b66dc034e711c0ff47805f2da40b6e0d Mon Sep 17 00:00:00 2001
-From: Yue Tao <yue.tao@windriver.com>
-Date: Mon, 8 Aug 2016 16:04:33 +0800
-Subject: [PATCH] Set the SYSROOT for libxml2 header file to avoid host
- contamination.
-
-Upstream-Status: Inappropriate [embedded specific]
-
-Signed-off-by: Yue Tao <yue.tao@windriver.com>
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
-
----
- configure.ac | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 504a844..ff4688c 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -931,15 +931,15 @@ if test "x$squid_opt_use_esi" = "xyes" -a "x$with_libxml2" != "xno" ; then
-     dnl Find the main header and include path...
-     AC_CACHE_CHECK([location of libxml2 include files], [ac_cv_libxml2_include], [
-       AC_CHECK_HEADERS([libxml/parser.h], [], [
--        AC_MSG_NOTICE([Testing in /usr/include/libxml2])
-+        AC_MSG_NOTICE([Testing in $SYSROOT/usr/include/libxml2])
-         SAVED_CPPFLAGS="$CPPFLAGS"
--        CPPFLAGS="-I/usr/include/libxml2 $CPPFLAGS"
-+        CPPFLAGS="-I$SYSROOT/usr/include/libxml2 $CPPFLAGS"
-         unset ac_cv_header_libxml_parser_h
--        AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I/usr/include/libxml2"], [
--          AC_MSG_NOTICE([Testing in /usr/local/include/libxml2])
--          CPPFLAGS="-I/usr/local/include/libxml2 $SAVED_CPPFLAGS"
-+        AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I$SYSROOT/usr/include/libxml2"], [
-+          AC_MSG_NOTICE([Testing in $SYSROOT/usr/local/include/libxml2])
-+          CPPFLAGS="-I$SYSROOT/usr/local/include/libxml2 $SAVED_CPPFLAGS"
-           unset ac_cv_header_libxml_parser_h
--          AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I/usr/local/include/libxml2"], [
-+          AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I$SYSROOT/usr/local/include/libxml2"], [
-             AC_MSG_NOTICE([Failed to find libxml2 header file libxml/parser.h])
-           ])
-         ])

meta-networking/recipes-daemons/squid/files/squid-don-t-do-squid-conf-tests-at-build-time.patch

@@ -1,61 +0,0 @@
-From 8786b91488dae3f6dfeadd686e80d2ffc5c29320 Mon Sep 17 00:00:00 2001
-From: Jackie Huang <jackie.huang@windriver.com>
-Date: Thu, 25 Aug 2016 15:22:57 +0800
-Subject: [PATCH] squid: don't do squid-conf-tests at build time
-
-* squid-conf-tests is a test to run "squid -k parse -f"
-  to perse the config files, which should not be run
-  at build time since we are cross compiling, so remove
-  it but it will be added back for the runtime ptest.
-
-* Fix the directories of the conf files for squid-conf-tests
-  so that it can run on the target board.
-
-Upstream-Status: Inappropriate [cross compile specific]
-
-Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
-
----
- test-suite/Makefile.am | 15 +++++++--------
- 1 file changed, 7 insertions(+), 8 deletions(-)
-
-diff --git a/test-suite/Makefile.am b/test-suite/Makefile.am
-index 0233c0e..e0021b6 100644
---- a/test-suite/Makefile.am
-+++ b/test-suite/Makefile.am
-@@ -40,8 +40,7 @@ TESTS += debug \
- 	splay\
- 	mem_node_test\
- 	mem_hdr_test\
--	$(ESI_TESTS) \
--	squid-conf-tests
-+	$(ESI_TESTS)
- 
- ## Sort by alpha - any build failures are significant.
- check_PROGRAMS += debug \
-@@ -159,19 +158,19 @@ VirtualDeleteOperator_SOURCES = \
- ##$(TARGLIB): $(LIBOBJS)
- ##	$(AR_R) $(TARGLIB) $(LIBOBJS)
- 
--squid-conf-tests: $(top_builddir)/src/squid.conf.default $(srcdir)/squidconf/*
-+squid-conf-tests: $(sysconfdir)/squid.conf.default squidconf/*
- 	@failed=0; cfglist="$?"; rm -f $@ || $(TRUE); \
- 	for cfg in $$cfglist ; do \
--		$(top_builddir)/src/squid -k parse -f $$cfg || \
-+		squid -k parse -f $$cfg || \
- 			{ echo "FAIL: squid.conf test: $$cfg" | \
--				sed s%$(top_builddir)/src/%% | \
--				sed s%$(srcdir)/squidconf/%% ; \
-+				sed s%$(sysconfdir)/%% | \
-+				sed s%squidconf/%% ; \
- 				failed=1; break; \
- 			}; \
- 		if test "$$failed" -eq 0; then \
- 			echo "PASS: squid.conf test: $$cfg" | \
--				sed s%$(top_builddir)/src/%% | \
--				sed s%$(srcdir)/squidconf/%% ; \
-+				sed s%$(sysconfdir)/%% | \
-+				sed s%squidconf/%% ; \
- 		else break; fi; \
- 	done; \
- 	if test "$$failed" -eq 0; then cp $(TRUE) $@ ; fi

meta-networking/recipes-daemons/squid/squid_6.5.bb

@@ -15,21 +15,19 @@ MIN_VER = "${@oe.utils.trim_version("${PV}", 2)}"
 SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.bz2 \
            file://Set-up-for-cross-compilation.patch \
            file://Skip-AC_RUN_IFELSE-tests.patch \
-           file://Fix-flawed-dynamic-ldb-link-test-in-configure.patch \
            file://squid-use-serial-tests-config-needed-by-ptest.patch \
            file://run-ptest \
            file://volatiles.03_squid \
-           file://set_sysroot_patch.patch \
-           file://squid-don-t-do-squid-conf-tests-at-build-time.patch \
            file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch \
+           file://0002-squid-make-squid-conf-tests-run-on-target-device.patch \
            "
 
 SRC_URI:remove:toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch"
 
-SRC_URI[sha256sum] = "4c17e1eb324c4b7aa3c6889eba66eeca7ed98625d44076f7db7b027b2b093bd5"
+SRC_URI[sha256sum] = "99acd54ec9d68b2a9080d19fcc43eca1a245146cf162dbba689510d01e6d0f25"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
-                    file://errors/COPYRIGHT;md5=0a7deb73d8fb7a9849af7145987829a4 \
+                    file://errors/COPYRIGHT;md5=d324bc1f9447d1d1588d75b22a678dc4 \
                     "
 DEPENDS = "libtool krb5 openldap db cyrus-sasl"
 
@@ -81,23 +79,17 @@ do_install_ptest() {
     cp -rf ${B}/${TESTDIR} ${D}${PTEST_PATH}
     cp -rf ${S}/${TESTDIR} ${D}${PTEST_PATH}
 
-    # Needed to generate file squid.conf.default
-    oe_runmake DESTDIR=${D}${PTEST_PATH} -C src install-data-local
-    install -d ${D}${sysconfdir}/squid
-    install -m 0644 ${D}${PTEST_PATH}/${sysconfdir}/squid/squid.conf.default ${D}${sysconfdir}/squid
+    # Install default config
+    install -d ${D}${PTEST_PATH}/src
+    install -m 0644 ${B}/src/squid.conf.default ${D}${PTEST_PATH}/src
 
-    # Don't need these directories
-    rm -rf ${D}${PTEST_PATH}/${sysconfdir}
-    rm -rf ${D}${PTEST_PATH}/usr
-    rm -rf ${D}${PTEST_PATH}/var
+    # autoconf.h is needed during squid-conf-tests
+    install -d ${D}${PTEST_PATH}/include
+    install -m 0644 ${B}/include/autoconf.h ${D}${PTEST_PATH}/include
 
     # do NOT need to rebuild Makefile itself
     sed -i 's/^Makefile:.*$/Makefile:/' ${D}${PTEST_PATH}/${TESTDIR}/Makefile
 
-    # Add squid-conf-tests for runtime tests
-    sed -e 's/^\(runtest-TESTS:\)/\1 squid-conf-tests/' \
-        -i ${D}${PTEST_PATH}/${TESTDIR}/Makefile
-
     # Ensure the path for command true is correct
     sed -i 's:^TRUE = .*$:TRUE = /bin/true:' ${D}${PTEST_PATH}/${TESTDIR}/Makefile
 }
@@ -122,7 +114,6 @@ do_install:append() {
 FILES:${PN} += "${libdir} ${datadir}/errors ${datadir}/icons"
 FILES:${PN}-dbg += "/usr/src/debug"
 FILES:${PN}-doc += "${datadir}/*.txt"
-FILES:${PN}-ptest += "${sysconfdir}/squid/squid.conf.default"
 
 RDEPENDS:${PN} += "perl"
 RDEPENDS:${PN}-ptest += "perl make"