On 2017/11/22 11:47, Klemens Nanni wrote: > On Wed, Nov 15, 2017 at 05:14:11PM +0100, Klemens Nanni wrote: > > This is a security update[0] fixing a data leak: > > > > A wrong if statement in the varnishd source code means that > > synthetic objects in stevedores which over-allocate, may leak up > > to page size of data from a malloc(3) memory allocation. > > > > In a unpredictable percentage of the cases where this condition > > arises, a segmentation fault will happen instead. > > > > Tests continue to pass: > > > > # TOTAL: 636 > > # PASS: 630 > > # SKIP: 5 > > # XFAIL: 0 > > # FAIL: 1 > > # XPASS: 0 > > # ERROR: 0 > > > > FAIL tests/u00000.vtc (exit status: 2) > > > > Removed TEST_TARGET=check as it's default. I also replaced cp with > > ${INSTALL_DATA} post-install and pointed users to 5.2 docs. > > > > Since Varnish compiles .vsc files to C using python with 2.7 specific > > code (import StringIO), I added lang/python and explicity set > > MODPY_VERSION=2.7. > > > > Feedback? Does anyone want to commit this? > > > > 0: https://varnish-cache.org/releases/rel5.2.1.html#rel5-2-1 > > > > diff --git a/www/varnish/Makefile b/www/varnish/Makefile > > index b0fa5029ab4..5cf58670364 100644 > > --- a/www/varnish/Makefile > > +++ b/www/varnish/Makefile > > @@ -2,7 +2,7 @@ > > > > COMMENT = high-performance HTTP accelerator > > > > -DISTNAME = varnish-5.2.0 > > +DISTNAME = varnish-5.2.1 > > > > CATEGORIES = www > > > > @@ -16,12 +16,16 @@ MAINTAINER = Jim Razmus II > > <j...@openbsd.org> \ > > # BSD > > PERMIT_PACKAGE_CDROM = Yes > > > > -MASTER_SITES = https://varnish-cache.org/_downloads/ > > +MASTER_SITES = ${HOMEPAGE}_downloads/
We stopped doing that, it's annoying if you want to copy the URL from Makefile and open it in a browser. > > EXTRACT_SUFX = .tgz > > > > WANTLIB += c execinfo m ncursesw pcre pthread readline termcap > > > > +MODULES = lang/python > > + > > +MODPY_VERSION = 2.7 > > + > > BUILD_DEPENDS = ${MODGNU_AUTOCONF_DEPENDS} \ > > ${MODGNU_AUTOMAKE_DEPENDS} \ > > devel/libtool \ > > @@ -30,6 +34,8 @@ LIB_DEPENDS = devel/pcre > > # The internal backtrace implementation fails to build with -Werror on > > arm/hppa > > LIB_DEPENDS += devel/libexecinfo > > > > +MODPY_RUNDEP = No > > + > > WRKDIST = ${WRKDIR}/${DISTNAME} > > USE_GMAKE = Yes > > CONFIGURE_STYLE = gnu > > @@ -38,7 +44,7 @@ AUTOMAKE_VERSION = 1.15 > > CONFIGURE_ENV = CPPFLAGS="-I${LOCALBASE}/include" \ > > LDFLAGS="-L${LOCALBASE}/lib ${LDFLAGS}" > > > > -TEST_TARGET = check > > +MODPY_ADJ_FILES = lib/lib*/*.py > > > > post-patch: > > cd ${WRKSRC} && env AUTOCONF_VERSION=${AUTOCONF_VERSION} \ > > @@ -47,7 +53,7 @@ post-patch: > > post-install: > > ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/varnish > > ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/varnish > > - cp ${WRKDIST}${SYSCONFDIR}/{example,builtin}.vcl \ > > + ${INSTALL_DATA} ${WRKDIST}${SYSCONFDIR}/{example,builtin}.vcl \ > > ${PREFIX}/share/examples/varnish > > rm -f ${PREFIX}/lib/varnish/{vmods,}/*.{a,la} > > > > diff --git a/www/varnish/distinfo b/www/varnish/distinfo > > index f7dc351f783..cdba07a9889 100644 > > --- a/www/varnish/distinfo > > +++ b/www/varnish/distinfo > > @@ -1,2 +1,2 @@ > > -SHA256 (varnish-5.2.0.tgz) = zEgmoEgPSSaNOZYwnkt+RlFR6aUjzPjq1JnsV1FJ9H4= > > -SIZE (varnish-5.2.0.tgz) = 2828867 > > +SHA256 (varnish-5.2.1.tgz) = uEUsnXjBb3jIz9HBoeaWUjv2S3chwzAVDcwIUkWQFLM= > > +SIZE (varnish-5.2.1.tgz) = 2827676 > > diff --git a/www/varnish/pkg/MESSAGE b/www/varnish/pkg/MESSAGE > > index 5f50b1bbf2a..ce02efaef87 100644 > > --- a/www/varnish/pkg/MESSAGE > > +++ b/www/varnish/pkg/MESSAGE > > @@ -5,4 +5,4 @@ or the following link for more information: > > > > and for further information: > > > > - https://www.varnish-cache.org/docs/5.0/ > > + https://www.varnish-cache.org/docs/5.2/ > > MESSAGE doesn't really add anything. Better to just remove it IMHO. > One week bump, neither of the two maintainers have replied so far. > > I can take of the python 2.7 bits in another diff so the next > revision/release won't depend on 2.7 anymore. A word of advice: if you're trying to get what looks like it might be a relatively simple security update in quickly, don't make any unnecessary Makefile changes on top.