squid: disable processing of ESI responses

fixes:
    CVE-2018-1000027
    CVE-2018-1172
    CVE-2018-1000024
This commit is contained in:
maxice8 2018-10-02 05:39:37 -03:00 committed by Enno Boland
parent db41b7577d
commit 54a55e5737
2 changed files with 13 additions and 4 deletions

View File

@ -0,0 +1,5 @@
Users updating should add
log_uses_indirect_client off
to their squid.conf to mitigate CVE-2018-1000027

View File

@ -1,7 +1,7 @@
# Template file for 'squid'
pkgname=squid
version=3.5.27
revision=3
revision=4
build_style=gnu-configure
configure_args="
--sbindir=/usr/bin
@ -43,6 +43,7 @@ configure_args="
--disable-strict-error-checking
--enable-wccpv2
--with-build-environment=default
--disable-esi # CVE-2018-1172 CVE-2018-1000024
squid_cv_gnu_atomics=yes
squid_opt_enable_large_files=yes
BUILDCXX=g++
@ -52,7 +53,6 @@ conf_files="/etc/squid/squid.conf
/etc/squid/cachemgr.conf
/etc/squid/mime.conf"
system_accounts="squid"
#example changelog="http://www.squid-cache.org/Versions/v3/3.5/changesets/"
make_dirs="/var/log/squid 750 squid squid
/var/cache/squid 750 squid squid"
hostmakedepends="perl pkg-config"
@ -60,9 +60,10 @@ makedepends="libldap-devel libnetfilter_conntrack-devel pam-devel
libcap-devel libltdl-devel"
depends="perl"
short_desc="Caching proxy for the Web"
maintainer="Toyam Cox <Vaelatern@gmail.com>"
license="GPL-2"
maintainer="Toyam Cox <Vaelatern@voidlinux.eu>"
license="GPL-2.0-or-later"
homepage="http://www.squid-cache.org/"
#changelog="http://www.squid-cache.org/Versions/v3/3.5/changesets/"
distfiles="ftp://ftp.fu-berlin.de/unix/www/${pkgname}/${pkgname}/${pkgname}-${version}.tar.xz"
checksum=5ddb4367f2dc635921f9ca7a59d8b87edb0412fa203d1543393ac3c7f9fef0ec
@ -73,4 +74,7 @@ post_install() {
${DESTDIR}/usr/libexec/squid/pinger
vsv squid
vinstall ${FILESDIR}/cron.daily 0744 etc/cron.daily squid
# CVE-2018-1000027
echo 'log_uses_indirect_client off' >> ${DESTDIR}/etc/squid/squid.conf
}