diff options
author | Andreas Rammhold <andreas@rammhold.de> | 2018-02-07 11:09:42 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-02-07 11:09:42 +0000 |
commit | 90c0341ca59563864dbfea2d3d751c96ce518332 (patch) | |
tree | 10d36b3653769da41a1cc365a01ea12bd4af87fd | |
parent | 93cf06776e566246f7ca26d1252da89bdb4023b5 (diff) | |
parent | ea817d7b6fa0d0cf4644973d7cf89ad4e23d2f6a (diff) | |
download | nixlib-90c0341ca59563864dbfea2d3d751c96ce518332.tar nixlib-90c0341ca59563864dbfea2d3d751c96ce518332.tar.gz nixlib-90c0341ca59563864dbfea2d3d751c96ce518332.tar.bz2 nixlib-90c0341ca59563864dbfea2d3d751c96ce518332.tar.lz nixlib-90c0341ca59563864dbfea2d3d751c96ce518332.tar.xz nixlib-90c0341ca59563864dbfea2d3d751c96ce518332.tar.zst nixlib-90c0341ca59563864dbfea2d3d751c96ce518332.zip |
Merge pull request #34581 from andir/squid
Squid fix CVE-2018-1000024 & CVE-2018-1000027
-rw-r--r-- | pkgs/servers/squid/4.nix | 8 | ||||
-rw-r--r-- | pkgs/servers/squid/default.nix | 15 |
2 files changed, 20 insertions, 3 deletions
diff --git a/pkgs/servers/squid/4.nix b/pkgs/servers/squid/4.nix index f0429475be27..4a4502a69393 100644 --- a/pkgs/servers/squid/4.nix +++ b/pkgs/servers/squid/4.nix @@ -2,17 +2,21 @@ , expat, libxml2, openssl }: stdenv.mkDerivation rec { - name = "squid-4.0.21"; + name = "squid-4.0.23"; src = fetchurl { url = "http://www.squid-cache.org/Versions/v4/${name}.tar.xz"; - sha256 = "0cwfj3qpl72k5l1h2rvkv1xg0720rifk4wcvi49z216hznyqwk8m"; + sha256 = "0a8g0zs3xayfkxl8maq823b14lckvh9d5lf7ryh9rx303xh1mdqq"; }; buildInputs = [ perl openldap db cyrus_sasl expat libxml2 openssl ] ++ stdenv.lib.optionals stdenv.isLinux [ libcap pam ]; + prePatch = '' + substituteInPlace configure --replace "/usr/local/include/libxml2" "${libxml2.dev}/include/libxml2" + ''; + configureFlags = [ "--enable-ipv6" "--disable-strict-error-checking" diff --git a/pkgs/servers/squid/default.nix b/pkgs/servers/squid/default.nix index 7f1c97bd642b..95f4233df10e 100644 --- a/pkgs/servers/squid/default.nix +++ b/pkgs/servers/squid/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, perl, openldap, pam, db, cyrus_sasl, libcap +{ stdenv, fetchurl, fetchpatch, perl, openldap, pam, db, cyrus_sasl, libcap , expat, libxml2, openssl }: stdenv.mkDerivation rec { @@ -13,6 +13,19 @@ stdenv.mkDerivation rec { perl openldap db cyrus_sasl expat libxml2 openssl ] ++ stdenv.lib.optionals stdenv.isLinux [ libcap pam ]; + patches = [ + (fetchpatch { + name = "CVE-2018-1000024.patch"; + url = http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_1.patch; + sha256 = "0vzxr4rmybz0w4c1hi3szvqawbzl4r4b8wyvq9vgq1mzkk5invpg"; + }) + (fetchpatch { + name = "CVE-2018-1000027.patch"; + url = http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch; + sha256 = "1a8hwk9z7h1j0c57anfzp3bwjd4pjbyh8aks4ca79nwz4d0y6wf3"; + }) + ]; + configureFlags = [ "--enable-ipv6" "--disable-strict-error-checking" |