On Mon, Mar 31, 2025 at 01:19:24AM +0200, Kirill A. Korinsky wrote:
> On Mon, 31 Mar 2025 00:23:35 +0200,
> Kirill A. Korinsky <kir...@korins.ky> wrote:
> >
> > On Mon, 31 Mar 2025 00:20:23 +0200,
> > Kirill A. Korinsky <kir...@korins.ky> wrote:
> > >
> > > The good news 7.5 contains 7.4.2 which seems to be immune.
> > >
> >
> > or not and they just used poor wording:
> >
> > Versions affected
> > - Varnish Cache release 7.5.0
> > - Varnish Cache release 7.6.0
> > - Varnish Cache release 7.6.1
> > - Older unsupported releases may also be vulnerable.
> > - Varnish Enterprise 6.0 series up to and including 6.0.13r9
> >
>
> Here the diff for 7.6:
Builds fine on -stable. I would have kept ${MODPY_FLAVOR} in
BUILD_DEPENDS, but since both py-docutils and py-sphinx only have a
python3 FLAVOR in 7.6, the result is the same. ok jca@ fwiw
> Index: www/varnish/Makefile
> ===================================================================
> RCS file: /home/cvs/ports/www/varnish/Makefile,v
> diff -u -p -r1.81 Makefile
> --- www/varnish/Makefile 6 May 2024 12:24:16 -0000 1.81
> +++ www/varnish/Makefile 30 Mar 2025 23:12:32 -0000
> @@ -1,7 +1,6 @@
> COMMENT = high-performance HTTP accelerator
>
> -DISTNAME = varnish-7.5.0
> -REVISION = 0
> +DISTNAME = varnish-7.6.2
>
> CATEGORIES = www
>
> @@ -24,13 +23,18 @@ MODULES = lang/python
> MODPY_RUNDEP = No
> MODPY_ADJ_FILES = lib/libvcc/vmodtool.py
>
> -BUILD_DEPENDS = textproc/py-docutils${MODPY_FLAVOR} \
> - textproc/py-sphinx${MODPY_FLAVOR}
> +BUILD_DEPENDS = textproc/py-docutils \
> + textproc/py-sphinx
> LIB_DEPENDS = devel/pcre2
>
> USE_GMAKE = Yes
> SEPARATE_BUILD = Yes
> -CONFIGURE_STYLE = gnu
> +
> +# requires to patch configure.ac
> +AUTOCONF_VERSION = 2.72
> +AUTOMAKE_VERSION= 1.16
> +CONFIGURE_STYLE = autoreconf
> +
> CONFIGURE_ENV = CPPFLAGS="-I${LOCALBASE}/include" \
> LDFLAGS="-L${LOCALBASE}/lib ${LDFLAGS}" \
> PYTHON="${MODPY_BIN}" \
> Index: www/varnish/distinfo
> ===================================================================
> RCS file: /home/cvs/ports/www/varnish/distinfo,v
> diff -u -p -r1.37 distinfo
> --- www/varnish/distinfo 2 May 2024 06:26:56 -0000 1.37
> +++ www/varnish/distinfo 30 Mar 2025 23:12:37 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (varnish-7.5.0.tgz) = /KYbmDE54arGHEVG0SoaOrmAfbsdgxRXHjFIyT/3K10=
> -SIZE (varnish-7.5.0.tgz) = 4033962
> +SHA256 (varnish-7.6.2.tgz) = OFxhDsxj3P61PXb0fMRl6J6+J9osCSJvmGHE+o6dLJo=
> +SIZE (varnish-7.6.2.tgz) = 4259932
> Index: www/varnish/patches/patch-bin_varnishd_cache_cache_main_c
> ===================================================================
> RCS file: www/varnish/patches/patch-bin_varnishd_cache_cache_main_c
> diff -N www/varnish/patches/patch-bin_varnishd_cache_cache_main_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ www/varnish/patches/patch-bin_varnishd_cache_cache_main_c 30 Mar 2025
> 23:18:46 -0000
> @@ -0,0 +1,22 @@
> +https://github.com/varnishcache/varnish-cache/pull/4103
> +Index: bin/varnishd/cache/cache_main.c
> +--- bin/varnishd/cache/cache_main.c.orig
> ++++ bin/varnishd/cache/cache_main.c
> +@@ -134,12 +134,14 @@ THR_SetName(const char *name)
> + {
> +
> + PTOK(pthread_setspecific(name_key, name));
> +-#if defined(__APPLE__)
> ++#if defined(HAVE_PTHREAD_SETNAME_NP)
> ++# if defined(__APPLE__)
> + (void)pthread_setname_np(name);
> +-#elif defined(__NetBSD__)
> ++# elif defined(__NetBSD__)
> + (void)pthread_setname_np(pthread_self(), "%s", (char *)(uintptr_t)name);
> +-#else
> ++# else
> + (void)pthread_setname_np(pthread_self(), name);
> ++# endif
> + #endif
> + }
> +
> Index: www/varnish/patches/patch-configure_ac
> ===================================================================
> RCS file: www/varnish/patches/patch-configure_ac
> diff -N www/varnish/patches/patch-configure_ac
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ www/varnish/patches/patch-configure_ac 30 Mar 2025 23:18:46 -0000
> @@ -0,0 +1,12 @@
> +https://github.com/varnishcache/varnish-cache/pull/4103
> +Index: configure.ac
> +--- configure.ac.orig
> ++++ configure.ac
> +@@ -227,6 +227,7 @@ AC_CHECK_FUNCS([fnmatch], [], [AC_MSG_ERROR([fnmatch(3
> +
> + save_LIBS="${LIBS}"
> + LIBS="${PTHREAD_LIBS}"
> ++AC_CHECK_FUNCS([pthread_setname_np])
> + AC_CHECK_FUNCS([pthread_mutex_isowned_np])
> + AC_CHECK_FUNCS([pthread_getattr_np])
> + LIBS="${save_LIBS}"
> Index: www/varnish/patches/patch-lib_libvarnish_vsha256_c
> ===================================================================
> RCS file: www/varnish/patches/patch-lib_libvarnish_vsha256_c
> diff -N www/varnish/patches/patch-lib_libvarnish_vsha256_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ www/varnish/patches/patch-lib_libvarnish_vsha256_c 30 Mar 2025
> 23:18:46 -0000
> @@ -0,0 +1,23 @@
> +https://github.com/varnishcache/varnish-cache/pull/4226
> +Index: lib/libvarnish/vsha256.c
> +--- lib/libvarnish/vsha256.c.orig
> ++++ lib/libvarnish/vsha256.c
> +@@ -35,8 +35,16 @@
> +
> + #ifndef __DARWIN_BYTE_ORDER
> + # include <endian.h>
> +-# define VBYTE_ORDER __BYTE_ORDER
> +-# define VBIG_ENDIAN __BIG_ENDIAN
> ++# ifdef _BYTE_ORDER
> ++# define VBYTE_ORDER _BYTE_ORDER
> ++# else
> ++# define VBYTE_ORDER __BYTE_ORDER
> ++# endif
> ++# ifdef _BIG_ENDIAN
> ++# define VBIG_ENDIAN _BIG_ENDIAN
> ++# else
> ++# define VBIG_ENDIAN __BIG_ENDIAN
> ++# endif
> + #else
> + # define VBYTE_ORDER __DARWIN_BYTE_ORDER
> + # define VBIG_ENDIAN __DARWIN_BIG_ENDIAN
>
--
jca
