From 8872a08cde2aafa6913113f6b2dacc023a88a6e3 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sun, 14 Jul 2019 21:41:05 +0100 Subject: [PATCH 1/2] squid4: 4.7 -> 4.8 fixing CVE-2019-13345 --- pkgs/servers/squid/4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/squid/4.nix b/pkgs/servers/squid/4.nix index f4abc1f3208..69a46533ba5 100644 --- a/pkgs/servers/squid/4.nix +++ b/pkgs/servers/squid/4.nix @@ -2,11 +2,11 @@ , expat, libxml2, openssl }: stdenv.mkDerivation rec { - name = "squid-4.7"; + name = "squid-4.8"; src = fetchurl { url = "http://www.squid-cache.org/Versions/v4/${name}.tar.xz"; - sha256 = "0kimbvp2mzask9k58va4s829vv3m54fzxrj7ryqshw5bfxgzd752"; + sha256 = "0432m0ix046rkja7r7qpydgsm2kf1w393xym15nx6h9kv4jb7kbq"; }; buildInputs = [ From 5b0db58bc1671e4e601f130eff10e940ca0bce0a Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sun, 14 Jul 2019 21:41:26 +0100 Subject: [PATCH 2/2] squid: add patch fixing CVE-2019-13345 --- pkgs/servers/squid/default.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/pkgs/servers/squid/default.nix b/pkgs/servers/squid/default.nix index 2fdbc29caed..fde29dc7e80 100644 --- a/pkgs/servers/squid/default.nix +++ b/pkgs/servers/squid/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, perl, openldap, pam, db, cyrus_sasl, libcap -, expat, libxml2, openssl }: +, expat, libxml2, openssl, fetchpatch }: stdenv.mkDerivation rec { name = "squid-3.5.28"; @@ -9,6 +9,14 @@ stdenv.mkDerivation rec { sha256 = "1n4f55g56b11qz4fazrnvgzx5wp6b6637c4qkbd1lrjwwqibchgx"; }; + patches = [ + (fetchpatch { + name = "3.5-CVE-2019-13345.patch"; + url = "https://github.com/squid-cache/squid/commit/5730c2b5cb56e7639dc423dd62651c8736a54e35.patch"; + sha256 = "0955432g9a00vwxzcrwpjzx6vywspx1cxhr7bknr7jzbzam5sxi3"; + }) + ]; + buildInputs = [ perl openldap db cyrus_sasl expat libxml2 openssl ] ++ stdenv.lib.optionals stdenv.isLinux [ libcap pam ];