main/varnish: security upgrade to 4.1.9 (CVE-2017-8807)

fixes #8165
author: Natanael Copa <ncopa@alpinelinux.org> 2017-11-21 12:13:33 +0100
committer: Natanael Copa <ncopa@alpinelinux.org> 2017-11-21 12:18:12 +0100
commit: 6813958dd2f4a84778a0540695744cc722d5861e (patch)
tree: 8f2bdb55ccedccd74ed5e25a219646a21c51a392 /main
parent: d619e892571b2fbdee33aecc4951be3eef9bc425 (diff)
download: aports-6813958dd2f4a84778a0540695744cc722d5861e.tar.bz2
aports-6813958dd2f4a84778a0540695744cc722d5861e.tar.xz
3 files changed, 17 insertions, 154 deletions
diff --git a/main/varnish/APKBUILD b/main/varnish/APKBUILD
index b91ce8abab..5da8853fc9 100644
--- a/main/varnish/APKBUILD
+++ b/main/varnish/APKBUILD
@@ -2,8 +2,8 @@
 # Contributor: V.Krishn <vkrishn4@gmail.com>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=varnish
-pkgver=4.1.3
-pkgrel=1
+pkgver=4.1.9
+pkgrel=0
 pkgdesc="High-performance HTTP accelerator"
 url="http://www.varnish-cache.org/"
 arch="all"
@@ -16,7 +16,7 @@ install="varnish.pre-install"
 subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc $pkgname-libs $pkgname-geoip"
 pkgusers="varnish"
 pkggroups="varnish"
-source="http://repo.varnish-cache.org/source/varnish-$pkgver.tar.gz
+source="http://varnish-cache.org/_downloads/varnish-$pkgver.tgz
 	fix-compat-execinfo.patch
 	fix-stack-overflow.patch
 	musl-mode_t.patch
@@ -30,15 +30,15 @@ source="http://repo.varnish-cache.org/source/varnish-$pkgver.tar.gz
 	varnishncsa.confd
 	varnishd.logrotate
 	maxminddb.vcl
-	CVE-2017-12425.patch
 	"
 
 builddir="$srcdir"/varnish-$pkgver
 
 # secfixes:
+#   4.1.9-r0:
+#   - CVE-2017-8807
 #   4.1.3-r1:
-#     - CVE-2017-12425
-
+#   - CVE-2017-12425
 
 build() {
 	cd "$builddir"
@@ -90,37 +90,9 @@ geoip() {
 		"$subpkgdir"/usr/lib/varnish/plugins/maxminddb.vcl
 }
 
-md5sums="f9c761a54324ad02c4fe44ce1d291d70  varnish-4.1.3.tar.gz
-2fec4f98c892e07d97d93a7bb8529fea  fix-compat-execinfo.patch
-c942796a1359c9b7e0a5a53d16db476e  fix-stack-overflow.patch
-54d12d231c505c95ae3ae09487b5dde4  musl-mode_t.patch
-52f8e68d5a92c0fa69885aa01e13aa6c  varnish-4.1.3_fix_Werror_el6.patch
-698e7376fa224ebdf052acd7dd8c8a82  varnishd.initd
-73f89f154632bc21c9256ecca0ebf3d1  varnishd.confd
-fa0be78eca165a032bc975e809eac0c4  varnishlog.initd
-9e4ef776683286f6fe54385b577773a9  varnishlog.confd
-39138c65e88ed4f8efb659a39d98d6d8  varnishncsa.initd
-fbe42d5da63b4567a7cfa0ecb7df8d3c  varnishncsa.confd
-acd003fbcd1d8607508960e13c5ede85  varnishd.logrotate
-2cbaa46b9da9f78ecf4c906730f7c5e3  maxminddb.vcl
-3a77f76b532623a42f549b55ca6b73e6  CVE-2017-12425.patch"
-sha256sums="9f9469b9fda2a578da2a9d282c71c34eeb5c42eda7f8d8728284d92282108429  varnish-4.1.3.tar.gz
-66a281c03bcf0c01bc8215fe39a3b6a593751fb2034824b471596d517554e183  fix-compat-execinfo.patch
-a58d9c5dd2c1a0e9883d58ddec684993bc9fe6e91132c99b00c82a1c4228e647  fix-stack-overflow.patch
-f96b6dab0e68e169cffceb63776e312d8585bc2a46dfcc5fa2b1ec5e953ad624  musl-mode_t.patch
-05ca9db1a0199a293d9faddf03c19fc90db771fef885da1d678e604270897c0b  varnish-4.1.3_fix_Werror_el6.patch
-d8a2dffca49df2867824ef71f9aacb05ad4f2803da979621e67433df989d022d  varnishd.initd
-bc29e1a65f1712e414479323bfb88833e86ad277e03ac87c892a32d959917a4e  varnishd.confd
-553292b71e489a84058b84ff06f14cc6f6cce5c735b3566eb7ef4b7aa4241f61  varnishlog.initd
-e285fe31434addbeee40c6fae7745536574750a0fe658788318acb33943e38d3  varnishlog.confd
-ae6eff8b0a3a4c35f9227e244e7dc06f5a3fdf625d1fc524bbc6965e3f9aacfb  varnishncsa.initd
-60e03274b8d786abf7769be26a4ee6c671a155a761b16ee92d5c8b183491870e  varnishncsa.confd
-4c1b7abf23bfc32a65f65633c0be0d065fb9fee72e4b533feca35c596d9c5a2c  varnishd.logrotate
-fd6c810a6099b1b0c2eb572aec239e3f51debc52a6c32fce715f265d7b1a1f85  maxminddb.vcl
-2bab06b7c45be181b1cee33d4564a89a52a4c8424c7afd78a30165859b55075d  CVE-2017-12425.patch"
-sha512sums="9ba0b2490bfa6f068d6777b4e8f1afcd823a3d6bf8e18ad0274cc9aff7733cd65df0e2ed9f2c6a3d3261d19438cc3254c89b0e41508d2cac2f17bdfd8119e4f1  varnish-4.1.3.tar.gz
+sha512sums="c51d75f65030b0cbfea48565a85af41b77597b29ae45388346796edf33bb15e5ab488c34f98497c5caf77fe594118e97bbaf5c397b4a7d16c31decfbc69eed60  varnish-4.1.9.tgz
 e4c3b8fe85ccb3f37c69561b981f89c757acc5534379afec551b7eabc2fe8661e3566513f4bfea9192af8576fc587b34170008f5818038c17c412ac64b27cf51  fix-compat-execinfo.patch
-d07a187f5e17644d724b1b555506f65bd9e0a23084d0f4dbb836ec6cc1f1585b6e2d8b3818543823f60dcc3089a0466e08c627c9518ed178238580ec3996caef  fix-stack-overflow.patch
+a5b9d6f25b2ed11656f961b6a17d173b2fc9f9ef4f2562a69b07ff1d180117eb7e8da0299bf23054f0044c9abd67d76d8e3e92fb2847638ab507562c1a4c577d  fix-stack-overflow.patch
 8758bef9039a2cca23b7302668bd49f1ea07f54835512a8a9558bb9ed5de1c0fca53f2085ccd298fe0c6579fc81c3b583a85f4f6b25b6ad85f89bf3be04afb70  musl-mode_t.patch
 a7ceed7115c2ee6faf9afd40efb1742b250027274e5502a1aa9dc3486c9e0e84ba1e3e6b844bde70b00500d810c37a60494c8c8fbd5765f38323fc8a0798a6cf  varnish-4.1.3_fix_Werror_el6.patch
 5f9cd1da8a72e71d6317d9c9b625d4b2f4f46ff6c4f7aaf8fed5958ce141be572d7e4d2d207af51b1cf4201b19b9bc1574d3cfcf7616c043a309c04ce6ae949e  varnishd.initd
@@ -130,5 +102,4 @@ a7ceed7115c2ee6faf9afd40efb1742b250027274e5502a1aa9dc3486c9e0e84ba1e3e6b844bde70
 d620dd5ad8b81c561ff395fcf0307df9d4b49ef34b5d4322f461e570ffce58fea687365017b27cb6fde8c41b554750bb913fd1337764fdc16f1513429ee3d9fb  varnishncsa.initd
 a5426ff66b89d2afb6273f05e4117b3eec5ce0162a624d52c92b418960f72e58bd01224165613221af76ec241bd98e1eb985b2ef7b83a5b615e9ece67234dcc8  varnishncsa.confd
 51cc6d46ff7439de93977ab87dfb0af399458c1e446475696f73342ae7a0c1a8ca8fc6e79e593659f1af30716a5f8a1ee5e3b1f5e7b35df40b45d47e7b0f2ffd  varnishd.logrotate
-69f088819cff6d4441813be284f4117f232d08908515bd15d96bd5bb9d41ba7100657a52fd408d44c396d004366062ae22fbf08e2a983cd8023b554539ccf596  maxminddb.vcl
-ff2dab956cc58e2177776ec3e0c6067d1e1767f1b717e57f5ed4c47e019d4976f4e33099c066381ecd6ab5f0ca28a721d671ba70a6e675d0b5932d156764efab  CVE-2017-12425.patch"
+69f088819cff6d4441813be284f4117f232d08908515bd15d96bd5bb9d41ba7100657a52fd408d44c396d004366062ae22fbf08e2a983cd8023b554539ccf596  maxminddb.vcl"
diff --git a/main/varnish/CVE-2017-12425.patch b/main/varnish/CVE-2017-12425.patch
deleted file mode 100644
index 0ff0d9f57a..0000000000
--- a/main/varnish/CVE-2017-12425.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From c37821ddd539a23845ae8e9a7a9cc958358c1541 Mon Sep 17 00:00:00 2001
-From: Martin Blix Grydeland <martin@varnish-software.com>
-Date: Thu, 27 Jul 2017 11:52:58 +0200
-Subject: [PATCH] Correctly handle bogusly large chunk sizes
-
-This fixes a denial of service attack vector where bogusly large chunk
-sizes in requests could be used to force restarts of the Varnish
-server.
-
-This is Varnish Security Vulnerability VSV00001
-
-For more information visit: https://varnish-cache.org/security/VSV00001
-
-Fixes: #2379
----
- bin/varnishd/http1/cache_http1_vfp.c |  2 +-
- bin/varnishtest/tests/f00001.vtc     | 69 ++++++++++++++++++++++++++++++++++++
- 2 files changed, 70 insertions(+), 1 deletion(-)
- create mode 100644 bin/varnishtest/tests/f00001.vtc
-
-diff --git a/bin/varnishd/http1/cache_http1_vfp.c b/bin/varnishd/http1/cache_http1_vfp.c
-index b836cd3ca..ded1550bf 100644
---- a/bin/varnishd/http1/cache_http1_vfp.c
-+++ b/bin/varnishd/http1/cache_http1_vfp.c
-@@ -155,7 +155,7 @@ v1f_pull_chunked(struct vfp_ctx *vc, struct vfp_entry *vfe, void *ptr,
- 		if (q == NULL || *q != '\0')
- 			return (VFP_Error(vc, "chunked header number syntax"));
- 		cl = (ssize_t)cll;
--		if((uintmax_t)cl != cll)
-+		if (cl < 0 || (uintmax_t)cl != cll)
- 			return (VFP_Error(vc, "bogusly large chunk size"));
- 
- 		vfe->priv2 = cl;
-diff --git a/bin/varnishtest/tests/f00001.vtc b/bin/varnishtest/tests/f00001.vtc
-new file mode 100644
-index 000000000..bfb559228
---- /dev/null
-+++ b/bin/varnishtest/tests/f00001.vtc
-@@ -0,0 +1,69 @@
-+varnishtest "Check that we handle bogusly large chunks correctly"
-+
-+# Check that the bug has been fixed
-+
-+server s1 {
-+	rxreq
-+	txresp
-+
-+	accept
-+	rxreq
-+	txresp
-+} -start
-+
-+varnish v1 -vcl+backend {
-+} -start
-+
-+client c1 {
-+	send "POST / HTTP/1.1\r\n"
-+	send "Transfer-Encoding: chunked\r\n\r\n"
-+	send "FFFFFFFFFFFFFFED\r\n"
-+	send "0\r\n\r\n"
-+
-+	rxresp
-+	expect resp.status == 503
-+} -run
-+
-+# Check that the published workaround does not cause harm
-+
-+varnish v1 -cliok "param.set vcc_allow_inline_c true"
-+
-+varnish v1 -vcl+backend {
-+	sub exploit_workaround {
-+		# This needs to be defined before your vcl_recv function
-+		# Make sure that the runtime parameter vcc_allow_inline_c is set to true
-+		if (req.http.transfer-encoding ~ "(?i)chunked") {
-+			C{
-+			struct dummy_req {
-+				unsigned	magic;
-+				int		step;
-+				int		req_body_status;
-+			};
-+			((struct dummy_req *)ctx->req)->req_body_status = 5;
-+			}C
-+
-+			return (synth(503, "Bad request"));
-+		}
-+	}
-+
-+	sub vcl_recv {
-+		# Call this early in your vcl_recv function
-+		call exploit_workaround;
-+	}
-+}
-+
-+client c1 {
-+	send "POST / HTTP/1.1\r\n"
-+	send "Transfer-Encoding: chunked\r\n\r\n"
-+	send "FFFFFFFFFFFFFFED\r\n"
-+
-+	expect_close
-+} -run
-+
-+# Make sure that varnish is still running
-+
-+client c1 {
-+	txreq
-+	rxresp
-+	expect resp.status == 200
-+} -run
diff --git a/main/varnish/fix-stack-overflow.patch b/main/varnish/fix-stack-overflow.patch
index 67677b3306..23fb7cc12c 100644
--- a/main/varnish/fix-stack-overflow.patch
+++ b/main/varnish/fix-stack-overflow.patch
@@ -1,6 +1,6 @@
-From bc0b56b8703e7e02af745af28bc6fff48ab806ba Mon Sep 17 00:00:00 2001
+From f88f2ead8cc5958262d333c46e94ddc8a3c9ae18 Mon Sep 17 00:00:00 2001
 From: Natanael Copa <ncopa@alpinelinux.org>
-Date: Wed, 2 Mar 2016 10:46:49 +0100
+Date: Tue, 21 Nov 2017 12:10:34 +0100
 Subject: [PATCH] fix stack overflow in epoll waiter
 
 musl libc has a default thread stack of 80k. avoid overflow the stack by
@@ -10,10 +10,10 @@ allocating the epol_event array on heap instead of stack.
  1 file changed, 4 insertions(+), 1 deletion(-)
 
 diff --git a/bin/varnishd/waiter/cache_waiter_epoll.c b/bin/varnishd/waiter/cache_waiter_epoll.c
-index f50ae46..65719e5 100644
+index 71c426a..ccbc64c 100644
 --- a/bin/varnishd/waiter/cache_waiter_epoll.c
 +++ b/bin/varnishd/waiter/cache_waiter_epoll.c
-@@ -71,7 +71,7 @@ struct vwe {
+@@ -74,7 +74,7 @@ struct vwe {
  static void *
  vwe_thread(void *priv)
  {
@@ -22,16 +22,16 @@ index f50ae46..65719e5 100644
  	struct waited *wp;
  	struct waiter *w;
  	double now, then;
-@@ -83,6 +83,8 @@ vwe_thread(void *priv)
- 	w = vwe->waiter;
+@@ -87,6 +87,8 @@ vwe_thread(void *priv)
  	CHECK_OBJ_NOTNULL(w, WAITER_MAGIC);
  	THR_SetName("cache-epoll");
+ 	THR_Init();
 +	ev = malloc(NEEV * sizeof(struct epoll_event));
 +	assert(ev != NULL);
  
  	now = VTIM_real();
  	while (1) {
-@@ -146,6 +148,7 @@ vwe_thread(void *priv)
+@@ -154,6 +156,7 @@ vwe_thread(void *priv)
  	AZ(close(vwe->pipe[0]));
  	AZ(close(vwe->pipe[1]));
  	AZ(close(vwe->epfd));
@@ -40,5 +40,5 @@ index f50ae46..65719e5 100644
  }
  
 -- 
-2.7.2
+2.13.5
author	Natanael Copa <ncopa@alpinelinux.org>	2017-11-21 12:13:33 +0100
committer	Natanael Copa <ncopa@alpinelinux.org>	2017-11-21 12:18:12 +0100
commit	6813958dd2f4a84778a0540695744cc722d5861e (patch)
tree	8f2bdb55ccedccd74ed5e25a219646a21c51a392 /main
parent	d619e892571b2fbdee33aecc4951be3eef9bc425 (diff)
download	aports-6813958dd2f4a84778a0540695744cc722d5861e.tar.bz2 aports-6813958dd2f4a84778a0540695744cc722d5861e.tar.xz