squid: disable processing of ESI responses
fixes: CVE-2018-1000027 CVE-2018-1172 CVE-2018-1000024
This commit is contained in:
parent
db41b7577d
commit
54a55e5737
|
@ -0,0 +1,5 @@
|
|||
Users updating should add
|
||||
|
||||
log_uses_indirect_client off
|
||||
|
||||
to their squid.conf to mitigate CVE-2018-1000027
|
|
@ -1,7 +1,7 @@
|
|||
# Template file for 'squid'
|
||||
pkgname=squid
|
||||
version=3.5.27
|
||||
revision=3
|
||||
revision=4
|
||||
build_style=gnu-configure
|
||||
configure_args="
|
||||
--sbindir=/usr/bin
|
||||
|
@ -43,6 +43,7 @@ configure_args="
|
|||
--disable-strict-error-checking
|
||||
--enable-wccpv2
|
||||
--with-build-environment=default
|
||||
--disable-esi # CVE-2018-1172 CVE-2018-1000024
|
||||
squid_cv_gnu_atomics=yes
|
||||
squid_opt_enable_large_files=yes
|
||||
BUILDCXX=g++
|
||||
|
@ -52,7 +53,6 @@ conf_files="/etc/squid/squid.conf
|
|||
/etc/squid/cachemgr.conf
|
||||
/etc/squid/mime.conf"
|
||||
system_accounts="squid"
|
||||
#example changelog="http://www.squid-cache.org/Versions/v3/3.5/changesets/"
|
||||
make_dirs="/var/log/squid 750 squid squid
|
||||
/var/cache/squid 750 squid squid"
|
||||
hostmakedepends="perl pkg-config"
|
||||
|
@ -60,9 +60,10 @@ makedepends="libldap-devel libnetfilter_conntrack-devel pam-devel
|
|||
libcap-devel libltdl-devel"
|
||||
depends="perl"
|
||||
short_desc="Caching proxy for the Web"
|
||||
maintainer="Toyam Cox <Vaelatern@gmail.com>"
|
||||
license="GPL-2"
|
||||
maintainer="Toyam Cox <Vaelatern@voidlinux.eu>"
|
||||
license="GPL-2.0-or-later"
|
||||
homepage="http://www.squid-cache.org/"
|
||||
#changelog="http://www.squid-cache.org/Versions/v3/3.5/changesets/"
|
||||
distfiles="ftp://ftp.fu-berlin.de/unix/www/${pkgname}/${pkgname}/${pkgname}-${version}.tar.xz"
|
||||
checksum=5ddb4367f2dc635921f9ca7a59d8b87edb0412fa203d1543393ac3c7f9fef0ec
|
||||
|
||||
|
@ -73,4 +74,7 @@ post_install() {
|
|||
${DESTDIR}/usr/libexec/squid/pinger
|
||||
vsv squid
|
||||
vinstall ${FILESDIR}/cron.daily 0744 etc/cron.daily squid
|
||||
|
||||
# CVE-2018-1000027
|
||||
echo 'log_uses_indirect_client off' >> ${DESTDIR}/etc/squid/squid.conf
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue