diff --git a/pkgs/servers/squid/4.nix b/pkgs/servers/squid/4.nix index f4abc1f3208e..69a46533ba5d 100644 --- a/pkgs/servers/squid/4.nix +++ b/pkgs/servers/squid/4.nix @@ -2,11 +2,11 @@ , expat, libxml2, openssl }: stdenv.mkDerivation rec { - name = "squid-4.7"; + name = "squid-4.8"; src = fetchurl { url = "http://www.squid-cache.org/Versions/v4/${name}.tar.xz"; - sha256 = "0kimbvp2mzask9k58va4s829vv3m54fzxrj7ryqshw5bfxgzd752"; + sha256 = "0432m0ix046rkja7r7qpydgsm2kf1w393xym15nx6h9kv4jb7kbq"; }; buildInputs = [ diff --git a/pkgs/servers/squid/default.nix b/pkgs/servers/squid/default.nix index 2fdbc29caedf..fde29dc7e80c 100644 --- a/pkgs/servers/squid/default.nix +++ b/pkgs/servers/squid/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, perl, openldap, pam, db, cyrus_sasl, libcap -, expat, libxml2, openssl }: +, expat, libxml2, openssl, fetchpatch }: stdenv.mkDerivation rec { name = "squid-3.5.28"; @@ -9,6 +9,14 @@ stdenv.mkDerivation rec { sha256 = "1n4f55g56b11qz4fazrnvgzx5wp6b6637c4qkbd1lrjwwqibchgx"; }; + patches = [ + (fetchpatch { + name = "3.5-CVE-2019-13345.patch"; + url = "https://github.com/squid-cache/squid/commit/5730c2b5cb56e7639dc423dd62651c8736a54e35.patch"; + sha256 = "0955432g9a00vwxzcrwpjzx6vywspx1cxhr7bknr7jzbzam5sxi3"; + }) + ]; + buildInputs = [ perl openldap db cyrus_sasl expat libxml2 openssl ] ++ stdenv.lib.optionals stdenv.isLinux [ libcap pam ];