squid: fix CVE-2018-1000024 & CVE-2018-1000027

This commit is contained in:
Andreas Rammhold 2018-02-04 09:29:08 +01:00
parent 291b05ee21
commit ea817d7b6f
No known key found for this signature in database
GPG Key ID: E432E410B5E48C86

View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl, perl, openldap, pam, db, cyrus_sasl, libcap { stdenv, fetchurl, fetchpatch, perl, openldap, pam, db, cyrus_sasl, libcap
, expat, libxml2, openssl }: , expat, libxml2, openssl }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
@ -13,6 +13,19 @@ stdenv.mkDerivation rec {
perl openldap db cyrus_sasl expat libxml2 openssl perl openldap db cyrus_sasl expat libxml2 openssl
] ++ stdenv.lib.optionals stdenv.isLinux [ libcap pam ]; ] ++ stdenv.lib.optionals stdenv.isLinux [ libcap pam ];
patches = [
(fetchpatch {
name = "CVE-2018-1000024.patch";
url = http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_1.patch;
sha256 = "0vzxr4rmybz0w4c1hi3szvqawbzl4r4b8wyvq9vgq1mzkk5invpg";
})
(fetchpatch {
name = "CVE-2018-1000027.patch";
url = http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch;
sha256 = "1a8hwk9z7h1j0c57anfzp3bwjd4pjbyh8aks4ca79nwz4d0y6wf3";
})
];
configureFlags = [ configureFlags = [
"--enable-ipv6" "--enable-ipv6"
"--disable-strict-error-checking" "--disable-strict-error-checking"