diff options
-rw-r--r-- | pkgs/servers/squid/4.nix | 8 | ||||
-rw-r--r-- | pkgs/servers/squid/default.nix | 15 |
2 files changed, 20 insertions, 3 deletions
diff --git a/pkgs/servers/squid/4.nix b/pkgs/servers/squid/4.nix index f0429475be27..4a4502a69393 100644 --- a/pkgs/servers/squid/4.nix +++ b/pkgs/servers/squid/4.nix @@ -2,17 +2,21 @@ , expat, libxml2, openssl }: stdenv.mkDerivation rec { - name = "squid-4.0.21"; + name = "squid-4.0.23"; src = fetchurl { url = "http://www.squid-cache.org/Versions/v4/${name}.tar.xz"; - sha256 = "0cwfj3qpl72k5l1h2rvkv1xg0720rifk4wcvi49z216hznyqwk8m"; + sha256 = "0a8g0zs3xayfkxl8maq823b14lckvh9d5lf7ryh9rx303xh1mdqq"; }; buildInputs = [ perl openldap db cyrus_sasl expat libxml2 openssl ] ++ stdenv.lib.optionals stdenv.isLinux [ libcap pam ]; + prePatch = '' + substituteInPlace configure --replace "/usr/local/include/libxml2" "${libxml2.dev}/include/libxml2" + ''; + configureFlags = [ "--enable-ipv6" "--disable-strict-error-checking" diff --git a/pkgs/servers/squid/default.nix b/pkgs/servers/squid/default.nix index 7f1c97bd642b..95f4233df10e 100644 --- a/pkgs/servers/squid/default.nix +++ b/pkgs/servers/squid/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, perl, openldap, pam, db, cyrus_sasl, libcap +{ stdenv, fetchurl, fetchpatch, perl, openldap, pam, db, cyrus_sasl, libcap , expat, libxml2, openssl }: stdenv.mkDerivation rec { @@ -13,6 +13,19 @@ stdenv.mkDerivation rec { perl openldap db cyrus_sasl expat libxml2 openssl ] ++ stdenv.lib.optionals stdenv.isLinux [ libcap pam ]; + patches = [ + (fetchpatch { + name = "CVE-2018-1000024.patch"; + url = http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_1.patch; + sha256 = "0vzxr4rmybz0w4c1hi3szvqawbzl4r4b8wyvq9vgq1mzkk5invpg"; + }) + (fetchpatch { + name = "CVE-2018-1000027.patch"; + url = http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch; + sha256 = "1a8hwk9z7h1j0c57anfzp3bwjd4pjbyh8aks4ca79nwz4d0y6wf3"; + }) + ]; + configureFlags = [ "--enable-ipv6" "--disable-strict-error-checking" |