Merge pull request #34581 from andir/squid

Squid fix CVE-2018-1000024 & CVE-2018-1000027
2018-02-07 11:09:42 +00:00 · 2018-02-07 11:09:42 +00:00 · 90c0341ca5
parent 93cf06776e ea817d7b6f
commit 90c0341ca5
2 changed files with 20 additions and 3 deletions
--- a/pkgs/servers/squid/4.nix
+++ b/pkgs/servers/squid/4.nix
@ -2,17 +2,21 @@
 , expat, libxml2, openssl }:

 stdenv.mkDerivation rec {
-  name = "squid-4.0.21";
+  name = "squid-4.0.23";

  src = fetchurl {
    url = "http://www.squid-cache.org/Versions/v4/${name}.tar.xz";
-    sha256 = "0cwfj3qpl72k5l1h2rvkv1xg0720rifk4wcvi49z216hznyqwk8m";
+    sha256 = "0a8g0zs3xayfkxl8maq823b14lckvh9d5lf7ryh9rx303xh1mdqq";
  };

  buildInputs = [
    perl openldap db cyrus_sasl expat libxml2 openssl
  ] ++ stdenv.lib.optionals stdenv.isLinux [ libcap pam ];

+  prePatch = ''
+    substituteInPlace configure --replace "/usr/local/include/libxml2" "${libxml2.dev}/include/libxml2"
+  '';
+
  configureFlags = [
    "--enable-ipv6"
    "--disable-strict-error-checking"
--- a/pkgs/servers/squid/default.nix
+++ b/pkgs/servers/squid/default.nix
@ -1,4 +1,4 @@
-{ stdenv, fetchurl, perl, openldap, pam, db, cyrus_sasl, libcap
+{ stdenv, fetchurl, fetchpatch, perl, openldap, pam, db, cyrus_sasl, libcap
 , expat, libxml2, openssl }:

 stdenv.mkDerivation rec {
@ -13,6 +13,19 @@ stdenv.mkDerivation rec {
    perl openldap db cyrus_sasl expat libxml2 openssl
  ] ++ stdenv.lib.optionals stdenv.isLinux [ libcap pam ];

+  patches = [
+    (fetchpatch {
+      name = "CVE-2018-1000024.patch";
+      url = http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_1.patch;
+      sha256 = "0vzxr4rmybz0w4c1hi3szvqawbzl4r4b8wyvq9vgq1mzkk5invpg";
+    })
+    (fetchpatch {
+      name = "CVE-2018-1000027.patch";
+      url = http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch;
+      sha256 = "1a8hwk9z7h1j0c57anfzp3bwjd4pjbyh8aks4ca79nwz4d0y6wf3";
+    })
+  ];
+
  configureFlags = [
    "--enable-ipv6"
    "--disable-strict-error-checking"