[Buildroot] [git commit branch/2018.08.x] squid: add upstream security fix for SQUID-2018_5 / CVE-2018-19132

Peter Korsgaard peter at korsgaard.com
Mon Nov 26 08:31:44 UTC 2018


commit: https://git.buildroot.net/buildroot/commit/?id=a7e6c2a19642ab49decb93af2f056cf90155a42c
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2018.08.x

>From the advisory:

 Due to a memory leak in SNMP query rejection code, Squid is
 vulnerable to a denial of service attack.

http://www.squid-cache.org/Advisories/SQUID-2018_5.txt

Add the patch from the 3.5 branch fixing this issue.

Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
 package/squid/squid.hash | 1 +
 package/squid/squid.mk   | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/package/squid/squid.hash b/package/squid/squid.hash
index 6fd29b0dcc..74637ca063 100644
--- a/package/squid/squid.hash
+++ b/package/squid/squid.hash
@@ -3,4 +3,5 @@ md5 9367e0375ea53ba0e99f77054d4402c5 squid-3.5.28.tar.xz
 sha1 721241a270ec27d629d65ae17a50be56510e8441 squid-3.5.28.tar.xz
 # Locally calculated
 sha256 de5ea6fa5711aaa6d209de9e9e715c2702ff3597f009562ee1e571cc101670c7 squid-3.5-f1657a9decc820f748fa3aff68168d3145258031.patch
+sha256 8f2518b5e9840e119c493f6ed793e773675e2f768de2bf1bd637fced27e4d527 squid-3.5-bc9786119f058a76ddf0625424bc33d36460b9a2.patch
 sha256 58f5d05257af1fb964fde20e134d660fac9afa86b6fd8c70d63ead63068378fa COPYING
diff --git a/package/squid/squid.mk b/package/squid/squid.mk
index 09dc107e01..cc40922bee 100644
--- a/package/squid/squid.mk
+++ b/package/squid/squid.mk
@@ -9,7 +9,8 @@ SQUID_VERSION = $(SQUID_VERSION_MAJOR).28
 SQUID_SOURCE = squid-$(SQUID_VERSION).tar.xz
 SQUID_SITE = http://www.squid-cache.org/Versions/v3/$(SQUID_VERSION_MAJOR)
 SQUID_PATCH = \
-	http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-f1657a9decc820f748fa3aff68168d3145258031.patch
+	http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-f1657a9decc820f748fa3aff68168d3145258031.patch \
+	http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-bc9786119f058a76ddf0625424bc33d36460b9a2.patch
 SQUID_LICENSE = GPL-2.0+
 SQUID_LICENSE_FILES = COPYING
 # For 0001-assume-get-certificate-ok.patch


More information about the buildroot mailing list