On [22/11/17] [11:47P], Klemens Nanni wrote:
; On Wed, Nov 15, 2017 at 05:14:11PM +0100, Klemens Nanni wrote:
; > This is a security update[0] fixing a data leak:
; >
; > A wrong if statement in the varnishd source code means that
; > synthetic objects in stevedores which over-allocate, may leak up
; > to page size of data from a malloc(3) memory allocation.
; >
; > In a unpredictable percentage of the cases where this condition
; > arises, a segmentation fault will happen instead.
; >
; > Tests continue to pass:
; >
; > # TOTAL: 636
; > # PASS: 630
; > # SKIP: 5
; > # XFAIL: 0
; > # FAIL: 1
; > # XPASS: 0
; > # ERROR: 0
; >
; > FAIL tests/u00000.vtc (exit status: 2)
; >
; > Removed TEST_TARGET=check as it's default. I also replaced cp with
; > ${INSTALL_DATA} post-install and pointed users to 5.2 docs.
; >
; > Since Varnish compiles .vsc files to C using python with 2.7 specific
; > code (import StringIO), I added lang/python and explicity set
; > MODPY_VERSION=2.7.
; >
; > Feedback? Does anyone want to commit this?
; >
; > 0: https://varnish-cache.org/releases/rel5.2.1.html#rel5-2-1
; >
; > diff --git a/www/varnish/Makefile b/www/varnish/Makefile
; > index b0fa5029ab4..5cf58670364 100644
; > --- a/www/varnish/Makefile
; > +++ b/www/varnish/Makefile
; > @@ -2,7 +2,7 @@
; >
; > COMMENT = high-performance HTTP accelerator
; >
; > -DISTNAME = varnish-5.2.0
; > +DISTNAME = varnish-5.2.1
; >
; > CATEGORIES = www
; >
; > @@ -16,12 +16,16 @@ MAINTAINER = Jim Razmus II
<j...@openbsd.org> \
; > # BSD
; > PERMIT_PACKAGE_CDROM = Yes
; >
; > -MASTER_SITES = https://varnish-cache.org/_downloads/
; > +MASTER_SITES = ${HOMEPAGE}_downloads/
; >
; > EXTRACT_SUFX = .tgz
; >
; > WANTLIB += c execinfo m ncursesw pcre pthread readline termcap
; >
; > +MODULES = lang/python
; > +
; > +MODPY_VERSION = 2.7
; > +
; > BUILD_DEPENDS = ${MODGNU_AUTOCONF_DEPENDS} \
; > ${MODGNU_AUTOMAKE_DEPENDS} \
; > devel/libtool \
; > @@ -30,6 +34,8 @@ LIB_DEPENDS = devel/pcre
; > # The internal backtrace implementation fails to build with -Werror on
arm/hppa
; > LIB_DEPENDS += devel/libexecinfo
; >
; > +MODPY_RUNDEP = No
; > +
; > WRKDIST = ${WRKDIR}/${DISTNAME}
; > USE_GMAKE = Yes
; > CONFIGURE_STYLE = gnu
; > @@ -38,7 +44,7 @@ AUTOMAKE_VERSION = 1.15
; > CONFIGURE_ENV = CPPFLAGS="-I${LOCALBASE}/include" \
; > LDFLAGS="-L${LOCALBASE}/lib ${LDFLAGS}"
; >
; > -TEST_TARGET = check
; > +MODPY_ADJ_FILES = lib/lib*/*.py
; >
; > post-patch:
; > cd ${WRKSRC} && env AUTOCONF_VERSION=${AUTOCONF_VERSION} \
; > @@ -47,7 +53,7 @@ post-patch:
; > post-install:
; > ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/varnish
; > ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/varnish
; > - cp ${WRKDIST}${SYSCONFDIR}/{example,builtin}.vcl \
; > + ${INSTALL_DATA} ${WRKDIST}${SYSCONFDIR}/{example,builtin}.vcl \
; > ${PREFIX}/share/examples/varnish
; > rm -f ${PREFIX}/lib/varnish/{vmods,}/*.{a,la}
; >
; > diff --git a/www/varnish/distinfo b/www/varnish/distinfo
; > index f7dc351f783..cdba07a9889 100644
; > --- a/www/varnish/distinfo
; > +++ b/www/varnish/distinfo
; > @@ -1,2 +1,2 @@
; > -SHA256 (varnish-5.2.0.tgz) = zEgmoEgPSSaNOZYwnkt+RlFR6aUjzPjq1JnsV1FJ9H4=
; > -SIZE (varnish-5.2.0.tgz) = 2828867
; > +SHA256 (varnish-5.2.1.tgz) = uEUsnXjBb3jIz9HBoeaWUjv2S3chwzAVDcwIUkWQFLM=
; > +SIZE (varnish-5.2.1.tgz) = 2827676
; > diff --git a/www/varnish/pkg/MESSAGE b/www/varnish/pkg/MESSAGE
; > index 5f50b1bbf2a..ce02efaef87 100644
; > --- a/www/varnish/pkg/MESSAGE
; > +++ b/www/varnish/pkg/MESSAGE
; > @@ -5,4 +5,4 @@ or the following link for more information:
; >
; > and for further information:
; >
; > - https://www.varnish-cache.org/docs/5.0/
; > + https://www.varnish-cache.org/docs/5.2/
; >
; One week bump, neither of the two maintainers have replied so far.
;
; I can take of the python 2.7 bits in another diff so the next
; revision/release won't depend on 2.7 anymore.
;
A little bit busy right now, but I can test the diff in a couple days.
Thanks.
--
Sending from my toaster.
