Accepting request 212725 from home:danimo:branches:server:http

Updated varnish to 3.0.5. Removed no longer required patches, added mandatory readline dep. OBS-URL: https://build.opensuse.org/request/show/212725 OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=64
2014-01-03 11:24:06 +00:00 · 2014-01-03 11:24:06 +00:00 · c3601ed61b
commit c3601ed61b
parent 0fd5fc57ff
6 changed files with 13 additions and 172 deletions
--- a/0001-Make-up-our-mind-Any-req.-we-receive-from-the-client.patch
+++ b/0001-Make-up-our-mind-Any-req.-we-receive-from-the-client.patch
@ -1,136 +0,0 @@
-From 4bd5b7991bf602a6c46dd0d65fc04d4b8d9667a6 Mon Sep 17 00:00:00 2001
-From: Martin Blix Grydeland <martin@varnish-software.com>
-Date: Wed, 30 Oct 2013 13:48:20 +0100
-Subject: [PATCH] Make up our mind:  Any req.* we receive from the client with
- fundamental trouble gets failed back without VCL involvement.
-References: https://www.varnish-cache.org/trac/ticket/1367
-References: CVE-2013-4484
-References: https://bugzilla.novell.com/show_bug.cgi?id=848451
-
-Fixes	#1367
---
- bin/varnishd/cache_center.c      | 28 +++++++++++++++-------------
- bin/varnishd/cache_http.c        |  2 +-
- bin/varnishtest/tests/r01367.vtc | 30 ++++++++++++++++++++++++++++++
- 3 files changed, 46 insertions(+), 14 deletions(-)
- create mode 100644 bin/varnishtest/tests/r01367.vtc
-
-diff --git a/bin/varnishd/cache_center.c b/bin/varnishd/cache_center.c
-index 19eb2ce..fdf7cee 100644
--- a/bin/varnishd/cache_center.c
-+++ b/bin/varnishd/cache_center.c
-@@ -1474,9 +1474,12 @@ DOT start -> recv [style=bold,color=green]
- static int
- cnt_start(struct sess *sp)
- {
-	uint16_t done;
-+	uint16_t err_code;
- 	char *p;
-	const char *r = "HTTP/1.1 100 Continue\r\n\r\n";
-+	const char *r_100 = "HTTP/1.1 100 Continue\r\n\r\n";
-+	const char *r_400 = "HTTP/1.1 400 Bad Request\r\n\r\n";
-+	const char *r_413 = "HTTP/1.1 413 Request Entity Too Large\r\n\r\n";
-+	const char *r_417 = "HTTP/1.1 417 Expectation Failed\r\n\r\n";
- 
- 	CHECK_OBJ_NOTNULL(sp, SESS_MAGIC);
- 	AZ(sp->restarts);
-@@ -1499,10 +1502,14 @@ cnt_start(struct sess *sp)
- 	sp->wrk->vcl = NULL;
- 
- 	http_Setup(sp->http, sp->ws);
-	done = http_DissectRequest(sp);
-+	err_code = http_DissectRequest(sp);
- 
- 	/* If we could not even parse the request, just close */
-	if (done == 400) {
-+	if (err_code == 400)
-+		(void)write(sp->fd, r_400, strlen(r_400));
-+	else if (err_code == 413)
-+		(void)write(sp->fd, r_413, strlen(r_413));
-+	if (err_code != 0) {
- 		sp->step = STP_DONE;
- 		vca_close_session(sp, "junk");
- 		return (0);
-@@ -1514,12 +1521,6 @@ cnt_start(struct sess *sp)
- 	/* Catch original request, before modification */
- 	HTTP_Copy(sp->http0, sp->http);
- 
-	if (done != 0) {
-		sp->err_code = done;
-		sp->step = STP_ERROR;
-		return (0);
-	}
-
- 	sp->doclose = http_DoConnection(sp->http);
- 
- 	/* XXX: Handle TRACE & OPTIONS of Max-Forwards = 0 */
-@@ -1529,13 +1530,14 @@ cnt_start(struct sess *sp)
- 	 */
- 	if (http_GetHdr(sp->http, H_Expect, &p)) {
- 		if (strcasecmp(p, "100-continue")) {
-			sp->err_code = 417;
-			sp->step = STP_ERROR;
-+			(void)write(sp->fd, r_417, strlen(r_417));
-+			sp->step = STP_DONE;
-+			vca_close_session(sp, "junk");
- 			return (0);
- 		}
- 
- 		/* XXX: Don't bother with write failures for now */
-		(void)write(sp->fd, r, strlen(r));
-+		(void)write(sp->fd, r_100, strlen(r_100));
- 		/* XXX: When we do ESI includes, this is not removed
- 		 * XXX: because we use http0 as our basis.  Believed
- 		 * XXX: safe, but potentially confusing.
-diff --git a/bin/varnishd/cache_http.c b/bin/varnishd/cache_http.c
-index 8753acc..605975b 100644
--- a/bin/varnishd/cache_http.c
-+++ b/bin/varnishd/cache_http.c
-@@ -601,7 +601,7 @@ http_splitline(struct worker *w, int fd, struct http *hp,
- 	hp->hd[h2].e = p;
- 
- 	if (!Tlen(hp->hd[h2]))
-		return (413);
-+		return (400);
- 
- 	/* Skip SP */
- 	for (; vct_issp(*p); p++) {
-diff --git a/bin/varnishtest/tests/r01367.vtc b/bin/varnishtest/tests/r01367.vtc
-new file mode 100644
-index 0000000..e1de20a
--- /dev/null
-+++ b/bin/varnishtest/tests/r01367.vtc
-@@ -0,0 +1,30 @@
-+varnishtest "blank GET"
-+
-+server s1 {
-+	rxreq
-+	txresp
-+} -start
-+
-+varnish v1 -vcl+backend { 
-+	sub vcl_error {
-+		return (restart);
-+	}
-+} -start
-+
-+client c1 {
-+	send "GET    \nHost: example.com\n\n"
-+	rxresp
-+	expect resp.status == 400
-+} -run
-+
-+client c1 {
-+	txreq -hdr "Expect: Santa-Claus"
-+	rxresp
-+	expect resp.status == 417
-+} -run
-+
-+client c1 {
-+	txreq
-+	rxresp
-+	expect resp.status == 200
-+} -run
-- 
-1.8.2
-
--- a/varnish-3.0.3.tar.xz
+++ b/varnish-3.0.3.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e5ca91011229ca8d225aa1080dd827041b8121436d8dcddef507b95305533741
-size 1152008
--- a/varnish-3.0.5.tar.gz
+++ b/varnish-3.0.5.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:302fd6afc771524ca3912f5d945ab197a55762385c012b2054df7d86bf7ae2b7
+size 2116664
--- a/varnish-disable-pcrejit.diff
+++ b/varnish-disable-pcrejit.diff
@ -1,27 +0,0 @@
-From: Piotr Jankowski <piotr.jankowski@nsn.com>
-Date: 2013-09-10 10:55:57 CEST
-References: http://bugzilla.novell.com/show_bug.cgi?id=839358
-References: https://www.varnish-cache.org/trac/ticket/1191
-
-"The JIT compiler is broken on some versions of PCRE, at least on
-i386, so disable it by default."
-
---
- lib/libvarnish/vre.c |    3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-Index: varnish-3.0.3/lib/libvarnish/vre.c
-===================================================================
--- varnish-3.0.3.orig/lib/libvarnish/vre.c
-+++ varnish-3.0.3/lib/libvarnish/vre.c
-@@ -40,9 +40,8 @@ struct vre {
- 	pcre_extra		*re_extra;
- };
- 
-#ifndef PCRE_STUDY_JIT_COMPILE
-+#undef PCRE_STUDY_JIT_COMPILE
- #define PCRE_STUDY_JIT_COMPILE 0
-#endif
- 
- /*
-  * We don't want to spread or even expose the majority of PCRE options
--- a/varnish.changes
+++ b/varnish.changes
@ -1,4 +1,11 @@
 -------------------------------------------------------------------
+Fri Jan  3 10:57:19 UTC 2014 - danimo@owncloud.com
+
+- Updated to 3.0.5, contains fix for CVE-2013-4484 
+
+- removed patches:
+  * 0001-Make-up-our-mind-Any-req.-we-receive-from-the-client.patch
+-------------------------------------------------------------------
 Fri Nov  1 18:52:49 UTC 2013 - jengelh@inai.de

 - Add 0001-Make-up-our-mind-Any-req.-we-receive-from-the-client.patch
--- a/varnish.spec
+++ b/varnish.spec
@ -17,7 +17,7 @@

 Name:           varnish
 %define library_name libvarnishapi1
-Version:        3.0.3
+Version:        3.0.5
 Release:        0
 Summary:        Varnish is a high-performance HTTP accelerator
 License:        BSD-2-Clause
@ -27,7 +27,7 @@ URL:            http://varnish-cache.org/
 #Git-Clone:	git://git.varnish-cache.org/varnish-cache
 #Git-Web:	https://varnish-cache.org/trac/browser
 #DL-URL:	http://downloads.sf.net/varnish/%name-%version.tar.bz2
-Source:         %name-%version.tar.xz
+Source:         %name-%version.tar.gz
 Source2:    varnish.init
 Source3:    varnish.sysconfig
 Source4:	vcl.conf
@ -35,11 +35,9 @@ Source5:	varnish.logrotate
 Source6:    varnishlog.init
 Source7:	varnish.service
 Source8:	varnishlog.service
-Patch1:		varnish-disable-pcrejit.diff
-Patch2:         0001-Make-up-our-mind-Any-req.-we-receive-from-the-client.patch

 BuildRoot:      %_tmppath/%name-%version-build
-BuildRequires:  libxslt, ncurses-devel, pcre-devel
+BuildRequires:  libxslt, ncurses-devel, pcre-devel, readline-devel
 BuildRequires:  pkgconfig, xz
 Prereq(post):	%_sbindir/useradd %_sbindir/groupadd
 %if 0%{?suse_version} >= 1010
@ -99,7 +97,6 @@ This package holds the development files for varnish.

 %prep
 %setup -q
-%patch -P 1 -P 2 -p1

 %build
 export CFLAGS="%optflags -fstack-protector"