On Wed, Nov 22, 2017 at 11:03:51AM +0000, Stuart Henderson wrote:
> On 2017/11/22 11:47, Klemens Nanni wrote:
> > On Wed, Nov 15, 2017 at 05:14:11PM +0100, Klemens Nanni wrote:
> > > This is a security update[0] fixing a data leak:
> > >
> > > A wrong if statement in the varnishd source code means that
> > > synthetic objects in stevedores which over-allocate, may leak up
> > > to page size of data from a malloc(3) memory allocation.
> > >
> > > In a unpredictable percentage of the cases where this condition
> > > arises, a segmentation fault will happen instead.
> > >
> > > Tests continue to pass:
> > >
> > > # TOTAL: 636
> > > # PASS: 630
> > > # SKIP: 5
> > > # XFAIL: 0
> > > # FAIL: 1
> > > # XPASS: 0
> > > # ERROR: 0
> > >
> > > FAIL tests/u00000.vtc (exit status: 2)
> > >
> > > Removed TEST_TARGET=check as it's default. I also replaced cp with
> > > ${INSTALL_DATA} post-install and pointed users to 5.2 docs.
> > >
> > > Since Varnish compiles .vsc files to C using python with 2.7 specific
> > > code (import StringIO), I added lang/python and explicity set
> > > MODPY_VERSION=2.7.
> > >
> > > Feedback? Does anyone want to commit this?
> > >
> > > 0: https://varnish-cache.org/releases/rel5.2.1.html#rel5-2-1
> > >
> > > diff --git a/www/varnish/Makefile b/www/varnish/Makefile
> > > index b0fa5029ab4..5cf58670364 100644
> > > --- a/www/varnish/Makefile
> > > +++ b/www/varnish/Makefile
> > > @@ -2,7 +2,7 @@
> > >
> > > COMMENT = high-performance HTTP accelerator
> > >
> > > -DISTNAME = varnish-5.2.0
> > > +DISTNAME = varnish-5.2.1
> > >
> > > CATEGORIES = www
> > >
> > > @@ -16,12 +16,16 @@ MAINTAINER = Jim Razmus II
> > > <j...@openbsd.org> \
> > > # BSD
> > > PERMIT_PACKAGE_CDROM = Yes
> > >
> > > -MASTER_SITES = https://varnish-cache.org/_downloads/
> > > +MASTER_SITES = ${HOMEPAGE}_downloads/
>
> We stopped doing that, it's annoying if you want to copy the URL from
> Makefile and open it in a browser.
>
> > > EXTRACT_SUFX = .tgz
> > >
> > > WANTLIB += c execinfo m ncursesw pcre pthread readline termcap
> > >
> > > +MODULES = lang/python
> > > +
> > > +MODPY_VERSION = 2.7
> > > +
> > > BUILD_DEPENDS = ${MODGNU_AUTOCONF_DEPENDS} \
> > > ${MODGNU_AUTOMAKE_DEPENDS} \
> > > devel/libtool \
> > > @@ -30,6 +34,8 @@ LIB_DEPENDS = devel/pcre
> > > # The internal backtrace implementation fails to build with -Werror on
> > > arm/hppa
> > > LIB_DEPENDS += devel/libexecinfo
> > >
> > > +MODPY_RUNDEP = No
> > > +
> > > WRKDIST = ${WRKDIR}/${DISTNAME}
> > > USE_GMAKE = Yes
> > > CONFIGURE_STYLE = gnu
> > > @@ -38,7 +44,7 @@ AUTOMAKE_VERSION = 1.15
> > > CONFIGURE_ENV = CPPFLAGS="-I${LOCALBASE}/include" \
> > > LDFLAGS="-L${LOCALBASE}/lib ${LDFLAGS}"
> > >
> > > -TEST_TARGET = check
> > > +MODPY_ADJ_FILES = lib/lib*/*.py
> > >
> > > post-patch:
> > > cd ${WRKSRC} && env AUTOCONF_VERSION=${AUTOCONF_VERSION} \
> > > @@ -47,7 +53,7 @@ post-patch:
> > > post-install:
> > > ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/varnish
> > > ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/varnish
> > > - cp ${WRKDIST}${SYSCONFDIR}/{example,builtin}.vcl \
> > > + ${INSTALL_DATA} ${WRKDIST}${SYSCONFDIR}/{example,builtin}.vcl \
> > > ${PREFIX}/share/examples/varnish
> > > rm -f ${PREFIX}/lib/varnish/{vmods,}/*.{a,la}
> > >
> > > diff --git a/www/varnish/distinfo b/www/varnish/distinfo
> > > index f7dc351f783..cdba07a9889 100644
> > > --- a/www/varnish/distinfo
> > > +++ b/www/varnish/distinfo
> > > @@ -1,2 +1,2 @@
> > > -SHA256 (varnish-5.2.0.tgz) = zEgmoEgPSSaNOZYwnkt+RlFR6aUjzPjq1JnsV1FJ9H4=
> > > -SIZE (varnish-5.2.0.tgz) = 2828867
> > > +SHA256 (varnish-5.2.1.tgz) = uEUsnXjBb3jIz9HBoeaWUjv2S3chwzAVDcwIUkWQFLM=
> > > +SIZE (varnish-5.2.1.tgz) = 2827676
> > > diff --git a/www/varnish/pkg/MESSAGE b/www/varnish/pkg/MESSAGE
> > > index 5f50b1bbf2a..ce02efaef87 100644
> > > --- a/www/varnish/pkg/MESSAGE
> > > +++ b/www/varnish/pkg/MESSAGE
> > > @@ -5,4 +5,4 @@ or the following link for more information:
> > >
> > > and for further information:
> > >
> > > - https://www.varnish-cache.org/docs/5.0/
> > > + https://www.varnish-cache.org/docs/5.2/
> > >
>
> MESSAGE doesn't really add anything. Better to just remove it IMHO.
>
> > One week bump, neither of the two maintainers have replied so far.
> >
> > I can take of the python 2.7 bits in another diff so the next
> > revision/release won't depend on 2.7 anymore.
>
> A word of advice: if you're trying to get what looks like it might be
> a relatively simple security update in quickly, don't make any
> unnecessary Makefile changes on top.
Noted, cheers. Updated diff below.
diff --git a/www/varnish/Makefile b/www/varnish/Makefile
index b0fa5029ab4..7a0a974ebb0 100644
--- a/www/varnish/Makefile
+++ b/www/varnish/Makefile
@@ -2,7 +2,7 @@
COMMENT = high-performance HTTP accelerator
-DISTNAME = varnish-5.2.0
+DISTNAME = varnish-5.2.1
CATEGORIES = www
@@ -22,6 +22,10 @@ EXTRACT_SUFX = .tgz
WANTLIB += c execinfo m ncursesw pcre pthread readline termcap
+MODULES = lang/python
+
+MODPY_VERSION = 2.7
+
BUILD_DEPENDS = ${MODGNU_AUTOCONF_DEPENDS} \
${MODGNU_AUTOMAKE_DEPENDS} \
devel/libtool \
@@ -30,6 +34,8 @@ LIB_DEPENDS = devel/pcre
# The internal backtrace implementation fails to build with -Werror on arm/hppa
LIB_DEPENDS += devel/libexecinfo
+MODPY_RUNDEP = No
+
WRKDIST = ${WRKDIR}/${DISTNAME}
USE_GMAKE = Yes
CONFIGURE_STYLE = gnu
@@ -38,7 +44,7 @@ AUTOMAKE_VERSION = 1.15
CONFIGURE_ENV = CPPFLAGS="-I${LOCALBASE}/include" \
LDFLAGS="-L${LOCALBASE}/lib ${LDFLAGS}"
-TEST_TARGET = check
+MODPY_ADJ_FILES = lib/lib*/*.py
post-patch:
cd ${WRKSRC} && env AUTOCONF_VERSION=${AUTOCONF_VERSION} \
@@ -47,7 +53,7 @@ post-patch:
post-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/varnish
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/varnish
- cp ${WRKDIST}${SYSCONFDIR}/{example,builtin}.vcl \
+ ${INSTALL_DATA} ${WRKDIST}${SYSCONFDIR}/{example,builtin}.vcl \
${PREFIX}/share/examples/varnish
rm -f ${PREFIX}/lib/varnish/{vmods,}/*.{a,la}
diff --git a/www/varnish/distinfo b/www/varnish/distinfo
index f7dc351f783..cdba07a9889 100644
--- a/www/varnish/distinfo
+++ b/www/varnish/distinfo
@@ -1,2 +1,2 @@
-SHA256 (varnish-5.2.0.tgz) = zEgmoEgPSSaNOZYwnkt+RlFR6aUjzPjq1JnsV1FJ9H4=
-SIZE (varnish-5.2.0.tgz) = 2828867
+SHA256 (varnish-5.2.1.tgz) = uEUsnXjBb3jIz9HBoeaWUjv2S3chwzAVDcwIUkWQFLM=
+SIZE (varnish-5.2.1.tgz) = 2827676
diff --git a/www/varnish/pkg/MESSAGE b/www/varnish/pkg/MESSAGE
deleted file mode 100644
index 5f50b1bbf2a..00000000000
--- a/www/varnish/pkg/MESSAGE
+++ /dev/null
@@ -1,8 +0,0 @@
-Varnish has a default configuration built in, however see vcl(7)
-or the following link for more information:
-
- http://www.varnish-cache.org/wiki/VCLExamples
-
-and for further information:
-
- https://www.varnish-cache.org/docs/5.0/
