From 54a55e5737beafaf0ec4595eb027ab006da95a19 Mon Sep 17 00:00:00 2001
From: maxice8 <thinkabit.ukim@gmail.com>
Date: Tue, 2 Oct 2018 05:39:37 -0300
Subject: [PATCH] squid: disable processing of ESI responses

fixes:
    CVE-2018-1000027
    CVE-2018-1172
    CVE-2018-1000024
---
 srcpkgs/squid/INSTALL.msg |  5 +++++
 srcpkgs/squid/template    | 12 ++++++++----
 2 files changed, 13 insertions(+), 4 deletions(-)
 create mode 100644 srcpkgs/squid/INSTALL.msg

diff --git a/srcpkgs/squid/INSTALL.msg b/srcpkgs/squid/INSTALL.msg
new file mode 100644
index 00000000000..9d67ec95134
--- /dev/null
+++ b/srcpkgs/squid/INSTALL.msg
@@ -0,0 +1,5 @@
+Users updating should add
+
+log_uses_indirect_client off
+
+to their squid.conf to mitigate CVE-2018-1000027
diff --git a/srcpkgs/squid/template b/srcpkgs/squid/template
index 2bba1cce984..37610842203 100644
--- a/srcpkgs/squid/template
+++ b/srcpkgs/squid/template
@@ -1,7 +1,7 @@
 # Template file for 'squid'
 pkgname=squid
 version=3.5.27
-revision=3
+revision=4
 build_style=gnu-configure
 configure_args="
  --sbindir=/usr/bin
@@ -43,6 +43,7 @@ configure_args="
  --disable-strict-error-checking
  --enable-wccpv2
  --with-build-environment=default
+ --disable-esi # CVE-2018-1172 CVE-2018-1000024
  squid_cv_gnu_atomics=yes
  squid_opt_enable_large_files=yes
  BUILDCXX=g++
@@ -52,7 +53,6 @@ conf_files="/etc/squid/squid.conf
  /etc/squid/cachemgr.conf
  /etc/squid/mime.conf"
 system_accounts="squid"
-#example changelog="http://www.squid-cache.org/Versions/v3/3.5/changesets/"
 make_dirs="/var/log/squid 750 squid squid
  /var/cache/squid 750 squid squid"
 hostmakedepends="perl pkg-config"
@@ -60,9 +60,10 @@ makedepends="libldap-devel libnetfilter_conntrack-devel pam-devel
  libcap-devel libltdl-devel"
 depends="perl"
 short_desc="Caching proxy for the Web"
-maintainer="Toyam Cox <Vaelatern@gmail.com>"
-license="GPL-2"
+maintainer="Toyam Cox <Vaelatern@voidlinux.eu>"
+license="GPL-2.0-or-later"
 homepage="http://www.squid-cache.org/"
+#changelog="http://www.squid-cache.org/Versions/v3/3.5/changesets/"
 distfiles="ftp://ftp.fu-berlin.de/unix/www/${pkgname}/${pkgname}/${pkgname}-${version}.tar.xz"
 checksum=5ddb4367f2dc635921f9ca7a59d8b87edb0412fa203d1543393ac3c7f9fef0ec
 
@@ -73,4 +74,7 @@ post_install() {
 		${DESTDIR}/usr/libexec/squid/pinger
 	vsv squid
 	vinstall ${FILESDIR}/cron.daily 0744 etc/cron.daily squid
+
+	# CVE-2018-1000027
+	echo 'log_uses_indirect_client off' >> ${DESTDIR}/etc/squid/squid.conf
 }