Merge pull request #34581 from andir/squid

Squid fix CVE-2018-1000024 & CVE-2018-1000027
author: Andreas Rammhold <andreas@rammhold.de> 2018-02-07 11:09:42 +0000
committer: GitHub <noreply@github.com> 2018-02-07 11:09:42 +0000
commit: 90c0341ca59563864dbfea2d3d751c96ce518332 (patch)
tree: 10d36b3653769da41a1cc365a01ea12bd4af87fd
parent: 93cf06776e566246f7ca26d1252da89bdb4023b5 (diff)
parent: ea817d7b6fa0d0cf4644973d7cf89ad4e23d2f6a (diff)
download: nixlib-90c0341ca59563864dbfea2d3d751c96ce518332.tar
nixlib-90c0341ca59563864dbfea2d3d751c96ce518332.tar.gz
nixlib-90c0341ca59563864dbfea2d3d751c96ce518332.tar.bz2
nixlib-90c0341ca59563864dbfea2d3d751c96ce518332.tar.lz
nixlib-90c0341ca59563864dbfea2d3d751c96ce518332.tar.xz
nixlib-90c0341ca59563864dbfea2d3d751c96ce518332.tar.zst
nixlib-90c0341ca59563864dbfea2d3d751c96ce518332.zip
2 files changed, 20 insertions, 3 deletions
diff --git a/pkgs/servers/squid/4.nix b/pkgs/servers/squid/4.nix
index f0429475be27..4a4502a69393 100644
--- a/pkgs/servers/squid/4.nix
+++ b/pkgs/servers/squid/4.nix
@@ -2,17 +2,21 @@
 , expat, libxml2, openssl }:
 
 stdenv.mkDerivation rec {
-  name = "squid-4.0.21";
+  name = "squid-4.0.23";
 
   src = fetchurl {
     url = "http://www.squid-cache.org/Versions/v4/${name}.tar.xz";
-    sha256 = "0cwfj3qpl72k5l1h2rvkv1xg0720rifk4wcvi49z216hznyqwk8m";
+    sha256 = "0a8g0zs3xayfkxl8maq823b14lckvh9d5lf7ryh9rx303xh1mdqq";
   };
 
   buildInputs = [
     perl openldap db cyrus_sasl expat libxml2 openssl
   ] ++ stdenv.lib.optionals stdenv.isLinux [ libcap pam ];
 
+  prePatch = ''
+    substituteInPlace configure --replace "/usr/local/include/libxml2" "${libxml2.dev}/include/libxml2"
+  '';
+
   configureFlags = [
     "--enable-ipv6"
     "--disable-strict-error-checking"
diff --git a/pkgs/servers/squid/default.nix b/pkgs/servers/squid/default.nix
index 7f1c97bd642b..95f4233df10e 100644
--- a/pkgs/servers/squid/default.nix
+++ b/pkgs/servers/squid/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, perl, openldap, pam, db, cyrus_sasl, libcap
+{ stdenv, fetchurl, fetchpatch, perl, openldap, pam, db, cyrus_sasl, libcap
 , expat, libxml2, openssl }:
 
 stdenv.mkDerivation rec {
@@ -13,6 +13,19 @@ stdenv.mkDerivation rec {
     perl openldap db cyrus_sasl expat libxml2 openssl
   ] ++ stdenv.lib.optionals stdenv.isLinux [ libcap pam ];
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2018-1000024.patch";
+      url = http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_1.patch;
+      sha256 = "0vzxr4rmybz0w4c1hi3szvqawbzl4r4b8wyvq9vgq1mzkk5invpg";
+    })
+    (fetchpatch {
+      name = "CVE-2018-1000027.patch";
+      url = http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch;
+      sha256 = "1a8hwk9z7h1j0c57anfzp3bwjd4pjbyh8aks4ca79nwz4d0y6wf3";
+    })
+  ];
+
   configureFlags = [
     "--enable-ipv6"
     "--disable-strict-error-checking"
author	Andreas Rammhold <andreas@rammhold.de>	2018-02-07 11:09:42 +0000
committer	GitHub <noreply@github.com>	2018-02-07 11:09:42 +0000
commit	90c0341ca59563864dbfea2d3d751c96ce518332 (patch)
tree	10d36b3653769da41a1cc365a01ea12bd4af87fd
parent	93cf06776e566246f7ca26d1252da89bdb4023b5 (diff)
parent	ea817d7b6fa0d0cf4644973d7cf89ad4e23d2f6a (diff)
download	nixlib-90c0341ca59563864dbfea2d3d751c96ce518332.tar nixlib-90c0341ca59563864dbfea2d3d751c96ce518332.tar.gz nixlib-90c0341ca59563864dbfea2d3d751c96ce518332.tar.bz2 nixlib-90c0341ca59563864dbfea2d3d751c96ce518332.tar.lz nixlib-90c0341ca59563864dbfea2d3d751c96ce518332.tar.xz nixlib-90c0341ca59563864dbfea2d3d751c96ce518332.tar.zst nixlib-90c0341ca59563864dbfea2d3d751c96ce518332.zip