squid: fix CVE-2018-1000024 & CVE-2018-1000027

author: Andreas Rammhold <andreas@rammhold.de> 2018-02-04 09:29:08 +0100
committer: Andreas Rammhold <andreas@rammhold.de> 2018-02-07 11:40:46 +0100
commit: ea817d7b6fa0d0cf4644973d7cf89ad4e23d2f6a (patch)
tree: 22d2215aa5e67ba05466b7e56456d34f3237983c /pkgs/servers/squid/default.nix
parent: 291b05ee21a6b822e999566febf9e419e45936da (diff)
download: nixpkgs-ea817d7b6fa0d0cf4644973d7cf89ad4e23d2f6a.tar
nixpkgs-ea817d7b6fa0d0cf4644973d7cf89ad4e23d2f6a.tar.gz
nixpkgs-ea817d7b6fa0d0cf4644973d7cf89ad4e23d2f6a.tar.bz2
nixpkgs-ea817d7b6fa0d0cf4644973d7cf89ad4e23d2f6a.tar.lz
nixpkgs-ea817d7b6fa0d0cf4644973d7cf89ad4e23d2f6a.tar.xz
nixpkgs-ea817d7b6fa0d0cf4644973d7cf89ad4e23d2f6a.tar.zst
nixpkgs-ea817d7b6fa0d0cf4644973d7cf89ad4e23d2f6a.zip
1 files changed, 14 insertions, 1 deletions
diff --git a/pkgs/servers/squid/default.nix b/pkgs/servers/squid/default.nix
index 7f1c97bd642..95f4233df10 100644
--- a/pkgs/servers/squid/default.nix
+++ b/pkgs/servers/squid/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, perl, openldap, pam, db, cyrus_sasl, libcap
+{ stdenv, fetchurl, fetchpatch, perl, openldap, pam, db, cyrus_sasl, libcap
 , expat, libxml2, openssl }:
 
 stdenv.mkDerivation rec {
@@ -13,6 +13,19 @@ stdenv.mkDerivation rec {
     perl openldap db cyrus_sasl expat libxml2 openssl
   ] ++ stdenv.lib.optionals stdenv.isLinux [ libcap pam ];
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2018-1000024.patch";
+      url = http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_1.patch;
+      sha256 = "0vzxr4rmybz0w4c1hi3szvqawbzl4r4b8wyvq9vgq1mzkk5invpg";
+    })
+    (fetchpatch {
+      name = "CVE-2018-1000027.patch";
+      url = http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch;
+      sha256 = "1a8hwk9z7h1j0c57anfzp3bwjd4pjbyh8aks4ca79nwz4d0y6wf3";
+    })
+  ];
+
   configureFlags = [
     "--enable-ipv6"
     "--disable-strict-error-checking"
author	Andreas Rammhold <andreas@rammhold.de>	2018-02-04 09:29:08 +0100
committer	Andreas Rammhold <andreas@rammhold.de>	2018-02-07 11:40:46 +0100
commit	ea817d7b6fa0d0cf4644973d7cf89ad4e23d2f6a (patch)
tree	22d2215aa5e67ba05466b7e56456d34f3237983c /pkgs/servers/squid/default.nix
parent	291b05ee21a6b822e999566febf9e419e45936da (diff)
download	nixpkgs-ea817d7b6fa0d0cf4644973d7cf89ad4e23d2f6a.tar nixpkgs-ea817d7b6fa0d0cf4644973d7cf89ad4e23d2f6a.tar.gz nixpkgs-ea817d7b6fa0d0cf4644973d7cf89ad4e23d2f6a.tar.bz2 nixpkgs-ea817d7b6fa0d0cf4644973d7cf89ad4e23d2f6a.tar.lz nixpkgs-ea817d7b6fa0d0cf4644973d7cf89ad4e23d2f6a.tar.xz nixpkgs-ea817d7b6fa0d0cf4644973d7cf89ad4e23d2f6a.tar.zst nixpkgs-ea817d7b6fa0d0cf4644973d7cf89ad4e23d2f6a.zip