Thursday, October 03, 2019

Re: varnish: update to 6.3.0 (DOS fix)

Yes, Jim is MIA years ago already.

OK gonzalo@

> On 2. Oct 2019, at 15:00, Klemens Nanni <kn@openbsd.org> wrote:
>
> https://varnish-cache.org/security/VSV00003-mitigation.html#vsv00003-mitigation
> was fixed in 6.2.1 a month ago, 6.3.0 includes lots of fixes, see
> https://github.com/varnishcache/varnish-cache/blob/6.3/doc/changes.rst
>
> Keeps working for me, but I'd like to get this in soon mostly because it
> mitigates above linked DOS attack via crafted HTTP/1 requests which
> cause the server to restart with a clean cache.
>
> That one patch was merged upstream (not by me); in the past Jim did not
> respond to my mails and I'm interested in keeping the port in good shape
> so swap his MAINAINER line for mine.
>
> Feedback? OK?
>
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/www/varnish/Makefile,v
> retrieving revision 1.48
> diff -u -p -r1.48 Makefile
> --- Makefile 12 Jul 2019 20:51:06 -0000 1.48
> +++ Makefile 2 Oct 2019 12:42:48 -0000
> @@ -2,8 +2,7 @@
>
> COMMENT = high-performance HTTP accelerator
>
> -DISTNAME = varnish-6.2.0
> -REVISION = 0
> +DISTNAME = varnish-6.3.0
>
> CATEGORIES = www
>
> @@ -11,7 +10,7 @@ SHARED_LIBS = varnishapi 2.0 #
>
> HOMEPAGE = https://www.varnish-cache.org/
>
> -MAINTAINER = Jim Razmus II <jim@openbsd.org> \
> +MAINTAINER = Klemens Nanni <kn@openbsd.org> \
> Gonzalo L. Rodriguez <gonzalo@openbsd.org>
>
> # BSD
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/www/varnish/distinfo,v
> retrieving revision 1.22
> diff -u -p -r1.22 distinfo
> --- distinfo 3 May 2019 11:06:26 -0000 1.22
> +++ distinfo 2 Oct 2019 12:42:55 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (varnish-6.2.0.tgz) = w3rzU6yiWoPSL5xc4K6AD+Qz5NAuFFfgKIalhJ+YjlM=
> -SIZE (varnish-6.2.0.tgz) = 3207400
> +SHA256 (varnish-6.3.0.tgz) = lczexfHcuotB0k5oWz8jefvGuXAdEGzHgBHU0JpzlH8=
> +SIZE (varnish-6.3.0.tgz) = 3308117
> Index: patches/patch-lib_libvmod_unix_cred_compat_h
> ===================================================================
> RCS file: patches/patch-lib_libvmod_unix_cred_compat_h
> diff -N patches/patch-lib_libvmod_unix_cred_compat_h
> --- patches/patch-lib_libvmod_unix_cred_compat_h 3 May 2019 11:06:26 -0000 1.3
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,14 +0,0 @@
> -$OpenBSD: patch-lib_libvmod_unix_cred_compat_h,v 1.3 2019/05/03 11:06:26 gonzalo Exp $
> -
> -Index: lib/libvmod_unix/cred_compat.h
> ---- lib/libvmod_unix/cred_compat.h.orig
> -+++ lib/libvmod_unix/cred_compat.h
> -@@ -69,7 +69,7 @@ get_ids(int fd, uid_t *uid, gid_t *gid)
> -
> - #if defined(SO_PEERCRED)
> -
> -- struct ucred ucred;
> -+ struct sockpeercred ucred;
> - socklen_t l = sizeof(ucred);
> -
> - errno = 0;
>

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)