Hello community, here is the log from the commit of package varnish for openSUSE:Leap:15.2 checked in at 2020-06-14 04:45:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/varnish (Old) and /work/SRC/openSUSE:Leap:15.2/.varnish.new.3606 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "varnish" Sun Jun 14 04:45:51 2020 rev:12 rq:814288 version:6.2.1 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/varnish/varnish.changes 2020-01-15 16:27:34.856724972 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.varnish.new.3606/varnish.changes 2020-06-14 04:45:52.482944886 +0200 @@ -1,0 +2,8 @@ +Tue Jun 9 19:37:49 UTC 2020 - Jan Engelhardt <[email protected]> + +- Add 0001-Clear-err_code-and-err_reason-at-start-of-request-ha.patch + [CVE-2019-20637, boo#1169040] +- Add 0001-Handle-badly-formatted-proxy-TLVs.patch + [CVE-2020-11653, boo#1169039] + +------------------------------------------------------------------- New: ---- 0001-Clear-err_code-and-err_reason-at-start-of-request-ha.patch 0001-Handle-badly-formatted-proxy-TLVs.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ varnish.spec ++++++ --- /var/tmp/diff_new_pack.hFs8jd/_old 2020-06-14 04:45:52.898946253 +0200 +++ /var/tmp/diff_new_pack.hFs8jd/_new 2020-06-14 04:45:52.902946265 +0200 @@ -41,6 +41,8 @@ Source8: varnishlog.service Patch1: varnish-5.1.2-add-fallthrough-comments.patch Patch2: uninit.patch +Patch3: 0001-Clear-err_code-and-err_reason-at-start-of-request-ha.patch +Patch4: 0001-Handle-badly-formatted-proxy-TLVs.patch BuildRequires: python3-docutils BuildRequires: python3-Sphinx BuildRequires: libxslt @@ -51,11 +53,8 @@ BuildRequires: systemd-rpm-macros BuildRequires: xz Requires: c_compiler -BuildRoot: %_tmppath/%name-%version-build Requires(pre): %_sbindir/useradd %_sbindir/groupadd -%if 0%{?suse_version} >= 1010 Recommends: logrotate -%endif %description Varnish is an HTTP accelerator. Often called Reverse Proxy, it is an @@ -168,7 +167,6 @@ %postun -n %library_name -p /sbin/ldconfig %files -%defattr(-,root,root) %_unitdir/*.service %config(noreplace) %_sysconfdir/logrotate.d/varnish %dir %attr(0750,root,varnish) %_sysconfdir/%name/ @@ -185,11 +183,9 @@ %_fillupdir/sysconfig.%name %files -n %library_name -%defattr(-,root,root,-) %_libdir/libvarnishapi.so.2* %files devel -%defattr(-,root,root,-) %_includedir/varnish/ %_datadir/aclocal/ %_libdir/pkgconfig/* ++++++ 0001-Clear-err_code-and-err_reason-at-start-of-request-ha.patch ++++++ >From 99da6e40df70824bb72854be96ea649659cd1920 Mon Sep 17 00:00:00 2001 From: Martin Blix Grydeland <[email protected]> Date: Tue, 1 Oct 2019 11:17:17 +0200 Subject: [PATCH] Clear err_code and err_reason at start of request handling req->err_code and req->err_reason are set when going to synthetic handling. From there the resp.reason HTTP field is set from req->err_reason if set, or the generic code based on req->err_code is used if it was NULL. This patch clears these members so that a value from the handling of a previous request doesn't linger. Fixes: VSV00004 --- bin/varnishd/cache/cache_req_fsm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/varnishd/cache/cache_req_fsm.c b/bin/varnishd/cache/cache_req_fsm.c index a8ee9c61b..c6f4e7f3e 100644 --- a/bin/varnishd/cache/cache_req_fsm.c +++ b/bin/varnishd/cache/cache_req_fsm.c @@ -807,6 +807,8 @@ cnt_recv_prep(struct req *req, const char *ci) req->is_hit = 0; req->is_hitmiss = 0; req->is_hitpass = 0; + req->err_code = 0; + req->err_reason = NULL; } /*-------------------------------------------------------------------- -- 2.26.2 ++++++ 0001-Handle-badly-formatted-proxy-TLVs.patch ++++++ >From d28b56d2638c7e12bd16fba4e2ccd00789bb84c8 Mon Sep 17 00:00:00 2001 From: Martin Blix Grydeland <[email protected]> Date: Thu, 12 Dec 2019 14:53:48 +0100 Subject: [PATCH] Handle badly formatted proxy TLVs Proxy TLVs claiming to have PP2_TYPE_SSL sub-TLVs without complete payload would cause a Varnish assert. This patch fixes the parsing of the TLVs. --- bin/varnishd/proxy/cache_proxy_proto.c | 9 +++++++-- diff --git a/bin/varnishd/proxy/cache_proxy_proto.c b/bin/varnishd/proxy/cache_proxy_proto.c index c6255b6e6..15b243491 100644 --- a/bin/varnishd/proxy/cache_proxy_proto.c +++ b/bin/varnishd/proxy/cache_proxy_proto.c @@ -276,8 +276,9 @@ vpx_tlv_itern(struct vpx_tlv_iter *vpi) return (1); } -#define VPX_TLV_FOREACH(ptr, len, itv) \ - for(vpx_tlv_iter0(itv, ptr, len); vpx_tlv_itern(itv);) +#define VPX_TLV_FOREACH(ptr, len, itv) \ + for (vpx_tlv_iter0(itv, ptr, len); \ + (vpi->e == NULL) && vpx_tlv_itern(itv);) int VPX_tlv(const struct req *req, int typ, void **dst, int *len) @@ -453,6 +454,10 @@ vpx_proto2(const struct worker *wrk, struct req *req) VPX_TLV_FOREACH(d, l, vpi) { if (vpi->t == PP2_TYPE_SSL) { + if (vpi->l < 5) { + vpi->e = "Length Error"; + break; + } VPX_TLV_FOREACH((char*)vpi->p + 5, vpi->l - 5, vpi2) { } vpi->e = vpi2->e; -- 2.26.2
