On [22/11/17] [11:47P], Klemens Nanni wrote: ; On Wed, Nov 15, 2017 at 05:14:11PM +0100, Klemens Nanni wrote: ; > This is a security update[0] fixing a data leak: ; > ; > A wrong if statement in the varnishd source code means that ; > synthetic objects in stevedores which over-allocate, may leak up ; > to page size of data from a malloc(3) memory allocation. ; > ; > In a unpredictable percentage of the cases where this condition ; > arises, a segmentation fault will happen instead. ; > ; > Tests continue to pass: ; > ; > # TOTAL: 636 ; > # PASS: 630 ; > # SKIP: 5 ; > # XFAIL: 0 ; > # FAIL: 1 ; > # XPASS: 0 ; > # ERROR: 0 ; > ; > FAIL tests/u00000.vtc (exit status: 2) ; > ; > Removed TEST_TARGET=check as it's default. I also replaced cp with ; > ${INSTALL_DATA} post-install and pointed users to 5.2 docs. ; > ; > Since Varnish compiles .vsc files to C using python with 2.7 specific ; > code (import StringIO), I added lang/python and explicity set ; > MODPY_VERSION=2.7. ; > ; > Feedback? Does anyone want to commit this? ; > ; > 0: https://varnish-cache.org/releases/rel5.2.1.html#rel5-2-1 ; > ; > diff --git a/www/varnish/Makefile b/www/varnish/Makefile ; > index b0fa5029ab4..5cf58670364 100644 ; > --- a/www/varnish/Makefile ; > +++ b/www/varnish/Makefile ; > @@ -2,7 +2,7 @@ ; > ; > COMMENT = high-performance HTTP accelerator ; > ; > -DISTNAME = varnish-5.2.0 ; > +DISTNAME = varnish-5.2.1 ; > ; > CATEGORIES = www ; > ; > @@ -16,12 +16,16 @@ MAINTAINER = Jim Razmus II <j...@openbsd.org> \ ; > # BSD ; > PERMIT_PACKAGE_CDROM = Yes ; > ; > -MASTER_SITES = https://varnish-cache.org/_downloads/ ; > +MASTER_SITES = ${HOMEPAGE}_downloads/ ; > ; > EXTRACT_SUFX = .tgz ; > ; > WANTLIB += c execinfo m ncursesw pcre pthread readline termcap ; > ; > +MODULES = lang/python ; > + ; > +MODPY_VERSION = 2.7 ; > + ; > BUILD_DEPENDS = ${MODGNU_AUTOCONF_DEPENDS} \ ; > ${MODGNU_AUTOMAKE_DEPENDS} \ ; > devel/libtool \ ; > @@ -30,6 +34,8 @@ LIB_DEPENDS = devel/pcre ; > # The internal backtrace implementation fails to build with -Werror on arm/hppa ; > LIB_DEPENDS += devel/libexecinfo ; > ; > +MODPY_RUNDEP = No ; > + ; > WRKDIST = ${WRKDIR}/${DISTNAME} ; > USE_GMAKE = Yes ; > CONFIGURE_STYLE = gnu ; > @@ -38,7 +44,7 @@ AUTOMAKE_VERSION = 1.15 ; > CONFIGURE_ENV = CPPFLAGS="-I${LOCALBASE}/include" \ ; > LDFLAGS="-L${LOCALBASE}/lib ${LDFLAGS}" ; > ; > -TEST_TARGET = check ; > +MODPY_ADJ_FILES = lib/lib*/*.py ; > ; > post-patch: ; > cd ${WRKSRC} && env AUTOCONF_VERSION=${AUTOCONF_VERSION} \ ; > @@ -47,7 +53,7 @@ post-patch: ; > post-install: ; > ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/varnish ; > ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/varnish ; > - cp ${WRKDIST}${SYSCONFDIR}/{example,builtin}.vcl \ ; > + ${INSTALL_DATA} ${WRKDIST}${SYSCONFDIR}/{example,builtin}.vcl \ ; > ${PREFIX}/share/examples/varnish ; > rm -f ${PREFIX}/lib/varnish/{vmods,}/*.{a,la} ; > ; > diff --git a/www/varnish/distinfo b/www/varnish/distinfo ; > index f7dc351f783..cdba07a9889 100644 ; > --- a/www/varnish/distinfo ; > +++ b/www/varnish/distinfo ; > @@ -1,2 +1,2 @@ ; > -SHA256 (varnish-5.2.0.tgz) = zEgmoEgPSSaNOZYwnkt+RlFR6aUjzPjq1JnsV1FJ9H4= ; > -SIZE (varnish-5.2.0.tgz) = 2828867 ; > +SHA256 (varnish-5.2.1.tgz) = uEUsnXjBb3jIz9HBoeaWUjv2S3chwzAVDcwIUkWQFLM= ; > +SIZE (varnish-5.2.1.tgz) = 2827676 ; > diff --git a/www/varnish/pkg/MESSAGE b/www/varnish/pkg/MESSAGE ; > index 5f50b1bbf2a..ce02efaef87 100644 ; > --- a/www/varnish/pkg/MESSAGE ; > +++ b/www/varnish/pkg/MESSAGE ; > @@ -5,4 +5,4 @@ or the following link for more information: ; > ; > and for further information: ; > ; > - https://www.varnish-cache.org/docs/5.0/ ; > + https://www.varnish-cache.org/docs/5.2/ ; > ; One week bump, neither of the two maintainers have replied so far. ; ; I can take of the python 2.7 bits in another diff so the next ; revision/release won't depend on 2.7 anymore. ;
A little bit busy right now, but I can test the diff in a couple days. Thanks. -- Sending from my toaster.