moritzruth/void-packages
1
0
Fork 0
Code Releases Activity Actions 2

squid: disable processing of ESI responses

Browse source 
fixes:
    CVE-2018-1000027
    CVE-2018-1172
    CVE-2018-1000024
This commit is contained in:
maxice8 2018-10-02 05:39:37 -03:00 committed by Enno Boland
parent db41b7577d
commit 54a55e5737
2 changed files with 13 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

5
srcpkgs/squid/INSTALL.msg Normal file
View file

@ -0,0 +1,5 @@
Users updating should add
log_uses_indirect_client off
to their squid.conf to mitigate CVE-2018-1000027

12
srcpkgs/squid/template
View file

@ -1,7 +1,7 @@
# Template file for 'squid' # Template file for 'squid'
pkgname=squid pkgname=squid
version=3.5.27 version=3.5.27
revision=3 revision=4
build_style=gnu-configure build_style=gnu-configure
configure_args=" configure_args="
--sbindir=/usr/bin --sbindir=/usr/bin
@ -43,6 +43,7 @@ configure_args="
--disable-strict-error-checking --disable-strict-error-checking
--enable-wccpv2 --enable-wccpv2
--with-build-environment=default --with-build-environment=default
--disable-esi # CVE-2018-1172 CVE-2018-1000024
squid_cv_gnu_atomics=yes squid_cv_gnu_atomics=yes
squid_opt_enable_large_files=yes squid_opt_enable_large_files=yes
BUILDCXX=g++ BUILDCXX=g++
@ -52,7 +53,6 @@ conf_files="/etc/squid/squid.conf
/etc/squid/cachemgr.conf /etc/squid/cachemgr.conf
/etc/squid/mime.conf" /etc/squid/mime.conf"
system_accounts="squid" system_accounts="squid"
#example changelog="http://www.squid-cache.org/Versions/v3/3.5/changesets/"
make_dirs="/var/log/squid 750 squid squid make_dirs="/var/log/squid 750 squid squid
/var/cache/squid 750 squid squid" /var/cache/squid 750 squid squid"
hostmakedepends="perl pkg-config" hostmakedepends="perl pkg-config"
@ -60,9 +60,10 @@ makedepends="libldap-devel libnetfilter_conntrack-devel pam-devel
libcap-devel libltdl-devel" libcap-devel libltdl-devel"
depends="perl" depends="perl"
short_desc="Caching proxy for the Web" short_desc="Caching proxy for the Web"
maintainer="Toyam Cox <Vaelatern@gmail.com>" maintainer="Toyam Cox <Vaelatern@voidlinux.eu>"
license="GPL-2" license="GPL-2.0-or-later"
homepage="http://www.squid-cache.org/" homepage="http://www.squid-cache.org/"
#changelog="http://www.squid-cache.org/Versions/v3/3.5/changesets/"
distfiles="ftp://ftp.fu-berlin.de/unix/www/${pkgname}/${pkgname}/${pkgname}-${version}.tar.xz" distfiles="ftp://ftp.fu-berlin.de/unix/www/${pkgname}/${pkgname}/${pkgname}-${version}.tar.xz"
checksum=5ddb4367f2dc635921f9ca7a59d8b87edb0412fa203d1543393ac3c7f9fef0ec checksum=5ddb4367f2dc635921f9ca7a59d8b87edb0412fa203d1543393ac3c7f9fef0ec
@ -73,4 +74,7 @@ post_install() {
${DESTDIR}/usr/libexec/squid/pinger ${DESTDIR}/usr/libexec/squid/pinger
vsv squid vsv squid
vinstall ${FILESDIR}/cron.daily 0744 etc/cron.daily squid vinstall ${FILESDIR}/cron.daily 0744 etc/cron.daily squid
# CVE-2018-1000027
echo 'log_uses_indirect_client off' >> ${DESTDIR}/etc/squid/squid.conf
} }