On Sat, Mar 29, 2025 at 11:49:29PM +0100, Kirill A. Korinsky wrote: > ports@, > > I'd like to update www/varnish to 7.7.0 > > It builds and passed trivial testing on -current/amd64. > > I also sucefully used to build it my custom vmod. > > Ok?
Either this or an update to 7.6.2 would solve CVE-2025-30346 https://varnish-cache.org/security/VSV00015.html#vsv00015 The update to 7.6.2 seems safer at this point in the release cycle. > Index: www/varnish/Makefile > =================================================================== > RCS file: /home/cvs/ports/www/varnish/Makefile,v > diff -u -p -r1.83 Makefile > --- www/varnish/Makefile 21 Dec 2024 11:39:15 -0000 1.83 > +++ www/varnish/Makefile 29 Mar 2025 22:39:36 -0000 > @@ -1,6 +1,6 @@ > COMMENT = high-performance HTTP accelerator > > -DISTNAME = varnish-7.6.1 > +DISTNAME = varnish-7.7.0 > > CATEGORIES = www > > Index: www/varnish/distinfo > =================================================================== > RCS file: /home/cvs/ports/www/varnish/distinfo,v > diff -u -p -r1.38 distinfo > --- www/varnish/distinfo 8 Nov 2024 20:03:18 -0000 1.38 > +++ www/varnish/distinfo 29 Mar 2025 22:40:07 -0000 > @@ -1,2 +1,2 @@ > -SHA256 (varnish-7.6.1.tgz) = Wpu1oUn/J4Z7VKZs4W0qS5Pt/6VHPLh8nHH3aZz4Rbo= > -SIZE (varnish-7.6.1.tgz) = 4254330 > +SHA256 (varnish-7.7.0.tgz) = aZSPIVEfgc548JqXFdmodQ6BEWGb1gVaPIYTFaIQtOQ= > +SIZE (varnish-7.7.0.tgz) = 4318349 > Index: www/varnish/patches/patch-bin_varnishd_acceptor_cache_acceptor_h > =================================================================== > RCS file: www/varnish/patches/patch-bin_varnishd_acceptor_cache_acceptor_h > diff -N www/varnish/patches/patch-bin_varnishd_acceptor_cache_acceptor_h > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ www/varnish/patches/patch-bin_varnishd_acceptor_cache_acceptor_h 29 Mar > 2025 22:44:28 -0000 > @@ -0,0 +1,14 @@ > +https://github.com/varnishcache/varnish-cache/pull/4231 > + > +Index: bin/varnishd/acceptor/cache_acceptor.h > +--- bin/varnishd/acceptor/cache_acceptor.h.orig > ++++ bin/varnishd/acceptor/cache_acceptor.h > +@@ -30,6 +30,8 @@ > + * > + */ > + > ++#include <pthread.h> > ++ > + /* cache_acceptor.c */ > + struct listen_sock; > + struct listen_arg; > Index: www/varnish/patches/patch-bin_varnishd_cache_cache_main_c > =================================================================== > RCS file: > /home/cvs/ports/www/varnish/patches/patch-bin_varnishd_cache_cache_main_c,v > diff -u -p -r1.1 patch-bin_varnishd_cache_cache_main_c > --- www/varnish/patches/patch-bin_varnishd_cache_cache_main_c 8 Nov 2024 > 20:03:18 -0000 1.1 > +++ www/varnish/patches/patch-bin_varnishd_cache_cache_main_c 29 Mar 2025 > 22:44:40 -0000 > @@ -1,22 +1,14 @@ > -https://github.com/varnishcache/varnish-cache/pull/4103 > +https://github.com/varnishcache/varnish-cache/pull/4231 > + > Index: bin/varnishd/cache/cache_main.c > --- bin/varnishd/cache/cache_main.c.orig > +++ bin/varnishd/cache/cache_main.c > -@@ -134,12 +134,14 @@ THR_SetName(const char *name) > - { > - > - PTOK(pthread_setspecific(name_key, name)); > --#if defined(__APPLE__) > -+#if defined(HAVE_PTHREAD_SETNAME_NP) > -+# if defined(__APPLE__) > - (void)pthread_setname_np(name); > --#elif defined(__NetBSD__) > -+# elif defined(__NetBSD__) > - (void)pthread_setname_np(pthread_self(), "%s", (char *)(uintptr_t)name); > --#else > -+# else > - (void)pthread_setname_np(pthread_self(), name); > -+# endif > +@@ -163,6 +163,8 @@ THR_SetName(const char *name) > + # else > + thr_setname_generic(name); > + # endif > ++#elif defined(HAVE_PTHREAD_SET_NAME_NP) > ++ (void)pthread_set_name_np(pthread_self(), name); > #endif > } > > Index: www/varnish/patches/patch-configure_ac > =================================================================== > RCS file: /home/cvs/ports/www/varnish/patches/patch-configure_ac,v > diff -u -p -r1.3 patch-configure_ac > --- www/varnish/patches/patch-configure_ac 8 Nov 2024 20:17:53 -0000 > 1.3 > +++ www/varnish/patches/patch-configure_ac 29 Mar 2025 22:44:34 -0000 > @@ -1,12 +1,13 @@ > -https://github.com/varnishcache/varnish-cache/pull/4103 > +https://github.com/varnishcache/varnish-cache/pull/4231 > + > Index: configure.ac > --- configure.ac.orig > +++ configure.ac > -@@ -227,6 +227,7 @@ AC_CHECK_FUNCS([fnmatch], [], [AC_MSG_ERROR([fnmatch(3 > - > +@@ -232,6 +232,7 @@ AC_CHECK_FUNCS([fnmatch], [], [AC_MSG_ERROR([fnmatch(3 > save_LIBS="${LIBS}" > LIBS="${PTHREAD_LIBS}" > -+AC_CHECK_FUNCS([pthread_setname_np]) > + AC_CHECK_FUNCS([pthread_setname_np]) > ++AC_CHECK_FUNCS([pthread_set_name_np]) > AC_CHECK_FUNCS([pthread_mutex_isowned_np]) > AC_CHECK_FUNCS([pthread_getattr_np]) > LIBS="${save_LIBS}" > Index: www/varnish/patches/patch-lib_libvarnish_vsha256_c > =================================================================== > RCS file: www/varnish/patches/patch-lib_libvarnish_vsha256_c > diff -N www/varnish/patches/patch-lib_libvarnish_vsha256_c > --- www/varnish/patches/patch-lib_libvarnish_vsha256_c 8 Nov 2024 > 20:17:53 -0000 1.1 > +++ /dev/null 1 Jan 1970 00:00:00 -0000 > @@ -1,23 +0,0 @@ > -https://github.com/varnishcache/varnish-cache/pull/4226 > -Index: lib/libvarnish/vsha256.c > ---- lib/libvarnish/vsha256.c.orig > -+++ lib/libvarnish/vsha256.c > -@@ -35,8 +35,16 @@ > - > - #ifndef __DARWIN_BYTE_ORDER > - # include <endian.h> > --# define VBYTE_ORDER __BYTE_ORDER > --# define VBIG_ENDIAN __BIG_ENDIAN > -+# ifdef _BYTE_ORDER > -+# define VBYTE_ORDER _BYTE_ORDER > -+# else > -+# define VBYTE_ORDER __BYTE_ORDER > -+# endif > -+# ifdef _BIG_ENDIAN > -+# define VBIG_ENDIAN _BIG_ENDIAN > -+# else > -+# define VBIG_ENDIAN __BIG_ENDIAN > -+# endif > - #else > - # define VBYTE_ORDER __DARWIN_BYTE_ORDER > - # define VBIG_ENDIAN __DARWIN_BIG_ENDIAN > -- jca
