aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/varnish/APKBUILD31
-rw-r--r--main/varnish/CVE-2017-12425.patch108
-rw-r--r--main/varnish/fix-stack-overflow.patch16
3 files changed, 22 insertions, 133 deletions
diff --git a/main/varnish/APKBUILD b/main/varnish/APKBUILD
index 853d94d01e..511753afbe 100644
--- a/main/varnish/APKBUILD
+++ b/main/varnish/APKBUILD
@@ -2,8 +2,8 @@
# Contributor: V.Krishn <vkrishn4@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=varnish
-pkgver=4.1.2
-pkgrel=2
+pkgver=4.1.9
+pkgrel=0
pkgdesc="High-performance HTTP accelerator"
url="http://www.varnish-cache.org/"
arch="all"
@@ -16,7 +16,7 @@ install="varnish.pre-install"
subpackages="$pkgname-dev $pkgname-doc $pkgname-libs $pkgname-geoip"
pkgusers="varnish"
pkggroups="varnish"
-source="http://repo.varnish-cache.org/source/varnish-$pkgver.tar.gz
+source="http://varnish-cache.org/_downloads/varnish-$pkgver.tgz
fix-compat-execinfo.patch
fix-stack-overflow.patch
musl-mode_t.patch
@@ -25,12 +25,13 @@ source="http://repo.varnish-cache.org/source/varnish-$pkgver.tar.gz
varnishd.confd
varnishd.logrotate
maxminddb.vcl
- CVE-2017-12425.patch
"
_builddir="$srcdir"/varnish-$pkgver
# secfixes:
+# 4.1.9-r0:
+# - CVE-2017-8807
# 4.1.2-r2:
# - CVE-2017-12425
@@ -42,7 +43,6 @@ prepare() {
*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
esac
done
- update_config_sub || return 1
}
build() {
@@ -90,30 +90,27 @@ geoip() {
install -m755 -D "$srcdir"/maxminddb.vcl "$subpkgdir"/usr/lib/varnish/plugins/maxminddb.vcl
}
-md5sums="51d446c0193dd773f5a881f7c0beb304 varnish-4.1.2.tar.gz
+md5sums="d537dd5a89ad6d6ac77d93f04b2374f8 varnish-4.1.9.tgz
2fec4f98c892e07d97d93a7bb8529fea fix-compat-execinfo.patch
-c942796a1359c9b7e0a5a53d16db476e fix-stack-overflow.patch
+e345a5241e68b4763de33f6c7db3350e fix-stack-overflow.patch
54d12d231c505c95ae3ae09487b5dde4 musl-mode_t.patch
a3d78275f93f59fd4ebad1d09fc41c9e varnishd.initd
1ed5a6de82e6204400229fa79a54d9a7 varnishd.confd
a6cb8a43c9465699cf956dc992998225 varnishd.logrotate
-2cbaa46b9da9f78ecf4c906730f7c5e3 maxminddb.vcl
-3a77f76b532623a42f549b55ca6b73e6 CVE-2017-12425.patch"
-sha256sums="9728da944d28eb5be90e7ab6799c2c4c831ef4df5e5154537eb7f2e5d5e348c4 varnish-4.1.2.tar.gz
+2cbaa46b9da9f78ecf4c906730f7c5e3 maxminddb.vcl"
+sha256sums="22d884aad87e585ce5f3b4a6d33442e3a855162f27e48358c7c93af1b5f2fc87 varnish-4.1.9.tgz
66a281c03bcf0c01bc8215fe39a3b6a593751fb2034824b471596d517554e183 fix-compat-execinfo.patch
-a58d9c5dd2c1a0e9883d58ddec684993bc9fe6e91132c99b00c82a1c4228e647 fix-stack-overflow.patch
+24eb8f4614be262ad9b4486ef61f1520b5259237eb2ec9034715aa7100d09ab4 fix-stack-overflow.patch
f96b6dab0e68e169cffceb63776e312d8585bc2a46dfcc5fa2b1ec5e953ad624 musl-mode_t.patch
fda5d424ecb2279195ab85bb9c834fe59999fa9b753cad61d5475520e98263dc varnishd.initd
c252697811103e9846069b4d4de750105d79960a289ea1f7fcf1e99f682fb5dc varnishd.confd
017173cb42bb60f853063b7fbc843120c547e501233ce2299e1066b5d81e4d5e varnishd.logrotate
-fd6c810a6099b1b0c2eb572aec239e3f51debc52a6c32fce715f265d7b1a1f85 maxminddb.vcl
-2bab06b7c45be181b1cee33d4564a89a52a4c8424c7afd78a30165859b55075d CVE-2017-12425.patch"
-sha512sums="28c4e5a3a74bf5294e6d1f7a48cd3ec64faffca89388b7ea9ed3de3cd58bede357383bcdd021ff783a411590c0a0a1cb747981507272352c1521b4fcac35e179 varnish-4.1.2.tar.gz
+fd6c810a6099b1b0c2eb572aec239e3f51debc52a6c32fce715f265d7b1a1f85 maxminddb.vcl"
+sha512sums="c51d75f65030b0cbfea48565a85af41b77597b29ae45388346796edf33bb15e5ab488c34f98497c5caf77fe594118e97bbaf5c397b4a7d16c31decfbc69eed60 varnish-4.1.9.tgz
e4c3b8fe85ccb3f37c69561b981f89c757acc5534379afec551b7eabc2fe8661e3566513f4bfea9192af8576fc587b34170008f5818038c17c412ac64b27cf51 fix-compat-execinfo.patch
-d07a187f5e17644d724b1b555506f65bd9e0a23084d0f4dbb836ec6cc1f1585b6e2d8b3818543823f60dcc3089a0466e08c627c9518ed178238580ec3996caef fix-stack-overflow.patch
+a5b9d6f25b2ed11656f961b6a17d173b2fc9f9ef4f2562a69b07ff1d180117eb7e8da0299bf23054f0044c9abd67d76d8e3e92fb2847638ab507562c1a4c577d fix-stack-overflow.patch
8758bef9039a2cca23b7302668bd49f1ea07f54835512a8a9558bb9ed5de1c0fca53f2085ccd298fe0c6579fc81c3b583a85f4f6b25b6ad85f89bf3be04afb70 musl-mode_t.patch
146387f493fb2323e7720fa495fca101ea7435ac8e4b57c8f7a02f2d9c7faedb1188465fb4a59a67600cf8b3c9cce9946cd52e31c1d348c2a5f042c1eeb21226 varnishd.initd
f2b4f88c1cea5d8576bf5c6ea82ee841c1fa9dd10daaef668c262669c2d3bc9d151f3c491f8678717047cf0d161c25b4104dd4d29bc8ddb44dd749b7f58c39e7 varnishd.confd
8fb1cba86ede5eff28a494f6b1da1a651d66383cdeb63922104407f28903dea0c643155b6d7ac8353b8c63d480a6c5b43a70c7252bc51ee73317c33a1844c52c varnishd.logrotate
-69f088819cff6d4441813be284f4117f232d08908515bd15d96bd5bb9d41ba7100657a52fd408d44c396d004366062ae22fbf08e2a983cd8023b554539ccf596 maxminddb.vcl
-ff2dab956cc58e2177776ec3e0c6067d1e1767f1b717e57f5ed4c47e019d4976f4e33099c066381ecd6ab5f0ca28a721d671ba70a6e675d0b5932d156764efab CVE-2017-12425.patch"
+69f088819cff6d4441813be284f4117f232d08908515bd15d96bd5bb9d41ba7100657a52fd408d44c396d004366062ae22fbf08e2a983cd8023b554539ccf596 maxminddb.vcl"
diff --git a/main/varnish/CVE-2017-12425.patch b/main/varnish/CVE-2017-12425.patch
deleted file mode 100644
index 0ff0d9f57a..0000000000
--- a/main/varnish/CVE-2017-12425.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From c37821ddd539a23845ae8e9a7a9cc958358c1541 Mon Sep 17 00:00:00 2001
-From: Martin Blix Grydeland <martin@varnish-software.com>
-Date: Thu, 27 Jul 2017 11:52:58 +0200
-Subject: [PATCH] Correctly handle bogusly large chunk sizes
-
-This fixes a denial of service attack vector where bogusly large chunk
-sizes in requests could be used to force restarts of the Varnish
-server.
-
-This is Varnish Security Vulnerability VSV00001
-
-For more information visit: https://varnish-cache.org/security/VSV00001
-
-Fixes: #2379
----
- bin/varnishd/http1/cache_http1_vfp.c | 2 +-
- bin/varnishtest/tests/f00001.vtc | 69 ++++++++++++++++++++++++++++++++++++
- 2 files changed, 70 insertions(+), 1 deletion(-)
- create mode 100644 bin/varnishtest/tests/f00001.vtc
-
-diff --git a/bin/varnishd/http1/cache_http1_vfp.c b/bin/varnishd/http1/cache_http1_vfp.c
-index b836cd3ca..ded1550bf 100644
---- a/bin/varnishd/http1/cache_http1_vfp.c
-+++ b/bin/varnishd/http1/cache_http1_vfp.c
-@@ -155,7 +155,7 @@ v1f_pull_chunked(struct vfp_ctx *vc, struct vfp_entry *vfe, void *ptr,
- if (q == NULL || *q != '\0')
- return (VFP_Error(vc, "chunked header number syntax"));
- cl = (ssize_t)cll;
-- if((uintmax_t)cl != cll)
-+ if (cl < 0 || (uintmax_t)cl != cll)
- return (VFP_Error(vc, "bogusly large chunk size"));
-
- vfe->priv2 = cl;
-diff --git a/bin/varnishtest/tests/f00001.vtc b/bin/varnishtest/tests/f00001.vtc
-new file mode 100644
-index 000000000..bfb559228
---- /dev/null
-+++ b/bin/varnishtest/tests/f00001.vtc
-@@ -0,0 +1,69 @@
-+varnishtest "Check that we handle bogusly large chunks correctly"
-+
-+# Check that the bug has been fixed
-+
-+server s1 {
-+ rxreq
-+ txresp
-+
-+ accept
-+ rxreq
-+ txresp
-+} -start
-+
-+varnish v1 -vcl+backend {
-+} -start
-+
-+client c1 {
-+ send "POST / HTTP/1.1\r\n"
-+ send "Transfer-Encoding: chunked\r\n\r\n"
-+ send "FFFFFFFFFFFFFFED\r\n"
-+ send "0\r\n\r\n"
-+
-+ rxresp
-+ expect resp.status == 503
-+} -run
-+
-+# Check that the published workaround does not cause harm
-+
-+varnish v1 -cliok "param.set vcc_allow_inline_c true"
-+
-+varnish v1 -vcl+backend {
-+ sub exploit_workaround {
-+ # This needs to be defined before your vcl_recv function
-+ # Make sure that the runtime parameter vcc_allow_inline_c is set to true
-+ if (req.http.transfer-encoding ~ "(?i)chunked") {
-+ C{
-+ struct dummy_req {
-+ unsigned magic;
-+ int step;
-+ int req_body_status;
-+ };
-+ ((struct dummy_req *)ctx->req)->req_body_status = 5;
-+ }C
-+
-+ return (synth(503, "Bad request"));
-+ }
-+ }
-+
-+ sub vcl_recv {
-+ # Call this early in your vcl_recv function
-+ call exploit_workaround;
-+ }
-+}
-+
-+client c1 {
-+ send "POST / HTTP/1.1\r\n"
-+ send "Transfer-Encoding: chunked\r\n\r\n"
-+ send "FFFFFFFFFFFFFFED\r\n"
-+
-+ expect_close
-+} -run
-+
-+# Make sure that varnish is still running
-+
-+client c1 {
-+ txreq
-+ rxresp
-+ expect resp.status == 200
-+} -run
diff --git a/main/varnish/fix-stack-overflow.patch b/main/varnish/fix-stack-overflow.patch
index 67677b3306..23fb7cc12c 100644
--- a/main/varnish/fix-stack-overflow.patch
+++ b/main/varnish/fix-stack-overflow.patch
@@ -1,6 +1,6 @@
-From bc0b56b8703e7e02af745af28bc6fff48ab806ba Mon Sep 17 00:00:00 2001
+From f88f2ead8cc5958262d333c46e94ddc8a3c9ae18 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
-Date: Wed, 2 Mar 2016 10:46:49 +0100
+Date: Tue, 21 Nov 2017 12:10:34 +0100
Subject: [PATCH] fix stack overflow in epoll waiter
musl libc has a default thread stack of 80k. avoid overflow the stack by
@@ -10,10 +10,10 @@ allocating the epol_event array on heap instead of stack.
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/bin/varnishd/waiter/cache_waiter_epoll.c b/bin/varnishd/waiter/cache_waiter_epoll.c
-index f50ae46..65719e5 100644
+index 71c426a..ccbc64c 100644
--- a/bin/varnishd/waiter/cache_waiter_epoll.c
+++ b/bin/varnishd/waiter/cache_waiter_epoll.c
-@@ -71,7 +71,7 @@ struct vwe {
+@@ -74,7 +74,7 @@ struct vwe {
static void *
vwe_thread(void *priv)
{
@@ -22,16 +22,16 @@ index f50ae46..65719e5 100644
struct waited *wp;
struct waiter *w;
double now, then;
-@@ -83,6 +83,8 @@ vwe_thread(void *priv)
- w = vwe->waiter;
+@@ -87,6 +87,8 @@ vwe_thread(void *priv)
CHECK_OBJ_NOTNULL(w, WAITER_MAGIC);
THR_SetName("cache-epoll");
+ THR_Init();
+ ev = malloc(NEEV * sizeof(struct epoll_event));
+ assert(ev != NULL);
now = VTIM_real();
while (1) {
-@@ -146,6 +148,7 @@ vwe_thread(void *priv)
+@@ -154,6 +156,7 @@ vwe_thread(void *priv)
AZ(close(vwe->pipe[0]));
AZ(close(vwe->pipe[1]));
AZ(close(vwe->epfd));
@@ -40,5 +40,5 @@ index f50ae46..65719e5 100644
}
--
-2.7.2
+2.13.5