On Sun, 30 Mar 2025 23:18:27 +0200, Jeremie Courreges-Anglas <j...@wxcvbn.org> wrote: > > On Sat, Mar 29, 2025 at 11:49:29PM +0100, Kirill A. Korinsky wrote: > > ports@, > > > > I'd like to update www/varnish to 7.7.0 > > > > It builds and passed trivial testing on -current/amd64. > > > > I also sucefully used to build it my custom vmod. > > > > Ok? > > Either this or an update to 7.6.2 would solve CVE-2025-30346 > https://varnish-cache.org/security/VSV00015.html#vsv00015 > The update to 7.6.2 seems safer at this point in the release cycle. >
Indeed. Here a diff for -current, and I will cook a diff for 7.6 soon. The good news 7.5 contains 7.4.2 which seems to be immune. Index: www/varnish/Makefile =================================================================== RCS file: /home/cvs/ports/www/varnish/Makefile,v diff -u -p -r1.83 Makefile --- www/varnish/Makefile 21 Dec 2024 11:39:15 -0000 1.83 +++ www/varnish/Makefile 30 Mar 2025 22:05:20 -0000 @@ -1,6 +1,6 @@ COMMENT = high-performance HTTP accelerator -DISTNAME = varnish-7.6.1 +DISTNAME = varnish-7.6.2 CATEGORIES = www Index: www/varnish/distinfo =================================================================== RCS file: /home/cvs/ports/www/varnish/distinfo,v diff -u -p -r1.38 distinfo --- www/varnish/distinfo 8 Nov 2024 20:03:18 -0000 1.38 +++ www/varnish/distinfo 30 Mar 2025 22:05:32 -0000 @@ -1,2 +1,2 @@ -SHA256 (varnish-7.6.1.tgz) = Wpu1oUn/J4Z7VKZs4W0qS5Pt/6VHPLh8nHH3aZz4Rbo= -SIZE (varnish-7.6.1.tgz) = 4254330 +SHA256 (varnish-7.6.2.tgz) = OFxhDsxj3P61PXb0fMRl6J6+J9osCSJvmGHE+o6dLJo= +SIZE (varnish-7.6.2.tgz) = 4259932 -- wbr, Kirill
