new file mode 100644
@@ -0,0 +1,35 @@
+From 77b3fb4df0f126784d5fd4967c28ed40eb8d521b Mon Sep 17 00:00:00 2001
+From: Alex Rousskov <rousskov@measurement-factory.com>
+Date: Wed, 25 Oct 2023 19:41:45 +0000
+Subject: [PATCH] RFC 1123: Fix date parsing (#1538)
+
+The bug was discovered and detailed by Joshua Rogers at
+https://megamansec.github.io/Squid-Security-Audit/datetime-overflow.html
+where it was filed as "1-Byte Buffer OverRead in RFC 1123 date/time
+Handling".
+
+Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b]
+CVE: CVE-2023-49285
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ lib/rfc1123.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/lib/rfc1123.c b/lib/rfc1123.c
+index e5bf9a4d705..cb484cc002b 100644
+--- a/lib/rfc1123.c
++++ b/lib/rfc1123.c
+@@ -50,7 +50,13 @@ make_month(const char *s)
+ char month[3];
+
+ month[0] = xtoupper(*s);
++ if (!month[0])
++ return -1; // protects *(s + 1) below
++
+ month[1] = xtolower(*(s + 1));
++ if (!month[1])
++ return -1; // protects *(s + 2) below
++
+ month[2] = xtolower(*(s + 2));
+
+ for (i = 0; i < 12; i++)
new file mode 100644
@@ -0,0 +1,87 @@
+From 6014c6648a2a54a4ecb7f952ea1163e0798f9264 Mon Sep 17 00:00:00 2001
+From: Alex Rousskov <rousskov@measurement-factory.com>
+Date: Fri, 27 Oct 2023 21:27:20 +0000
+Subject: [PATCH] Exit without asserting when helper process startup fails
+ (#1543)
+
+... to dup() after fork() and before execvp().
+
+Assertions are for handling program logic errors. Helper initialization
+code already handled system call errors correctly (i.e. by exiting the
+newly created helper process with an error), except for a couple of
+assert()s that could be triggered by dup(2) failures.
+
+This bug was discovered and detailed by Joshua Rogers at
+https://megamansec.github.io/Squid-Security-Audit/ipc-assert.html
+where it was filed as 'Assertion in Squid "Helper" Process Creator'.
+
+Origin: http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch
+
+Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264]
+CVE: CVE-2023-49286
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ src/ipc.cc | 33 +++++++++++++++++++++++++++------
+ 1 file changed, 27 insertions(+), 6 deletions(-)
+
+--- a/src/ipc.cc
++++ b/src/ipc.cc
+@@ -20,6 +20,12 @@
+ #include "SquidIpc.h"
+ #include "tools.h"
+
++#include <cstdlib>
++
++#if HAVE_UNISTD_H
++#include <unistd.h>
++#endif
++
+ static const char *hello_string = "hi there\n";
+ #ifndef HELLO_BUF_SZ
+ #define HELLO_BUF_SZ 32
+@@ -365,6 +371,22 @@
+ }
+
+ PutEnvironment();
++
++ // A dup(2) wrapper that reports and exits the process on errors. The
++ // exiting logic is only suitable for this child process context.
++ const auto dupOrExit = [prog,name](const int oldFd) {
++ const auto newFd = dup(oldFd);
++ if (newFd < 0) {
++ const auto savedErrno = errno;
++ debugs(54, DBG_CRITICAL, "ERROR: Helper process initialization failure: " << name);
++ debugs(54, DBG_CRITICAL, "helper (CHILD) PID: " << getpid());
++ debugs(54, DBG_CRITICAL, "helper program name: " << prog);
++ debugs(54, DBG_CRITICAL, "dup(2) system call error for FD " << oldFd << ": " << xstrerr(savedErrno));
++ _exit(1);
++ }
++ return newFd;
++ };
++
+ /*
+ * This double-dup stuff avoids problems when one of
+ * crfd, cwfd, or debug_log are in the rage 0-2.
+@@ -372,17 +394,16 @@
+
+ do {
+ /* First make sure 0-2 is occupied by something. Gets cleaned up later */
+- x = dup(crfd);
+- assert(x > -1);
+- } while (x < 3 && x > -1);
++ x = dupOrExit(crfd);
++ } while (x < 3);
+
+ close(x);
+
+- t1 = dup(crfd);
++ t1 = dupOrExit(crfd);
+
+- t2 = dup(cwfd);
++ t2 = dupOrExit(cwfd);
+
+- t3 = dup(fileno(debug_log));
++ t3 = dupOrExit(fileno(debug_log));
+
+ assert(t1 > 2 && t2 > 2 && t3 > 2);
+
@@ -28,6 +28,8 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.bz2
file://CVE-2023-46728.patch \
file://CVE-2023-46846-pre1.patch \
file://CVE-2023-46846.patch \
+ file://CVE-2023-49285.patch \
+ file://CVE-2023-49286.patch \
"
SRC_URI_remove_toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch"