https://varnish-cache.org/security/VSV00003-mitigation.html#vsv00003-mitigation was fixed in 6.2.1 a month ago, 6.3.0 includes lots of fixes, see https://github.com/varnishcache/varnish-cache/blob/6.3/doc/changes.rst
Keeps working for me, but I'd like to get this in soon mostly because it mitigates above linked DOS attack via crafted HTTP/1 requests which cause the server to restart with a clean cache. That one patch was merged upstream (not by me); in the past Jim did not respond to my mails and I'm interested in keeping the port in good shape so swap his MAINAINER line for mine. Feedback? OK? Index: Makefile =================================================================== RCS file: /cvs/ports/www/varnish/Makefile,v retrieving revision 1.48 diff -u -p -r1.48 Makefile --- Makefile 12 Jul 2019 20:51:06 -0000 1.48 +++ Makefile 2 Oct 2019 12:42:48 -0000 @@ -2,8 +2,7 @@ COMMENT = high-performance HTTP accelerator -DISTNAME = varnish-6.2.0 -REVISION = 0 +DISTNAME = varnish-6.3.0 CATEGORIES = www @@ -11,7 +10,7 @@ SHARED_LIBS = varnishapi 2.0 # HOMEPAGE = https://www.varnish-cache.org/ -MAINTAINER = Jim Razmus II <j...@openbsd.org> \ +MAINTAINER = Klemens Nanni <k...@openbsd.org> \ Gonzalo L. Rodriguez <gonz...@openbsd.org> # BSD Index: distinfo =================================================================== RCS file: /cvs/ports/www/varnish/distinfo,v retrieving revision 1.22 diff -u -p -r1.22 distinfo --- distinfo 3 May 2019 11:06:26 -0000 1.22 +++ distinfo 2 Oct 2019 12:42:55 -0000 @@ -1,2 +1,2 @@ -SHA256 (varnish-6.2.0.tgz) = w3rzU6yiWoPSL5xc4K6AD+Qz5NAuFFfgKIalhJ+YjlM= -SIZE (varnish-6.2.0.tgz) = 3207400 +SHA256 (varnish-6.3.0.tgz) = lczexfHcuotB0k5oWz8jefvGuXAdEGzHgBHU0JpzlH8= +SIZE (varnish-6.3.0.tgz) = 3308117 Index: patches/patch-lib_libvmod_unix_cred_compat_h =================================================================== RCS file: patches/patch-lib_libvmod_unix_cred_compat_h diff -N patches/patch-lib_libvmod_unix_cred_compat_h --- patches/patch-lib_libvmod_unix_cred_compat_h 3 May 2019 11:06:26 -0000 1.3 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,14 +0,0 @@ -$OpenBSD: patch-lib_libvmod_unix_cred_compat_h,v 1.3 2019/05/03 11:06:26 gonzalo Exp $ - -Index: lib/libvmod_unix/cred_compat.h ---- lib/libvmod_unix/cred_compat.h.orig -+++ lib/libvmod_unix/cred_compat.h -@@ -69,7 +69,7 @@ get_ids(int fd, uid_t *uid, gid_t *gid) - - #if defined(SO_PEERCRED) - -- struct ucred ucred; -+ struct sockpeercred ucred; - socklen_t l = sizeof(ucred); - - errno = 0;
