import varnish-6.0.8-1.module+el8.5.0+14089+03a0c2cc.1

This commit is contained in:
CentOS Sources 2022-03-29 12:42:57 -04:00 committed by Stepan Oksanichenko
parent 233608bb8a
commit 2d0e2cd20b
2 changed files with 23 additions and 1 deletions

View File

@ -0,0 +1,13 @@
diff --git a/bin/varnishd/cache/cache_req_body.c b/bin/varnishd/cache/cache_req_body.c
index 463b75b..982bd73 100644
--- a/bin/varnishd/cache/cache_req_body.c
+++ b/bin/varnishd/cache/cache_req_body.c
@@ -254,6 +254,8 @@ VRB_Ignore(struct req *req)
if (req->req_body_status == REQ_BODY_WITH_LEN ||
req->req_body_status == REQ_BODY_WITHOUT_LEN)
(void)VRB_Iterate(req, httpq_req_body_discard, NULL);
+ if (req->req_body_status == REQ_BODY_FAIL)
+ req->doclose = SC_RX_BODY;
return(0);
}

View File

@ -19,7 +19,7 @@
Summary: High-performance HTTP accelerator Summary: High-performance HTTP accelerator
Name: varnish Name: varnish
Version: 6.0.8 Version: 6.0.8
Release: 1%{?dist} Release: 1%{?dist}.1
License: BSD License: BSD
Group: System Environment/Daemons Group: System Environment/Daemons
URL: https://www.varnish-cache.org/ URL: https://www.varnish-cache.org/
@ -32,6 +32,9 @@ Patch9: varnish-5.1.1.fix_python_version.patch
# https://github.com/varnishcache/varnish-cache/commit/5220c394232c25bb7a807a35e7394059ecefa821#diff-2279587378a4426edde05f42e1acca5e # https://github.com/varnishcache/varnish-cache/commit/5220c394232c25bb7a807a35e7394059ecefa821#diff-2279587378a4426edde05f42e1acca5e
Patch11: varnish-6.0.0.fix_el6_fortify_source.patch Patch11: varnish-6.0.0.fix_el6_fortify_source.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2045031
Patch100: varnish-6.0.8.CVE-2022-23959.patch
Obsoletes: varnish-libs Obsoletes: varnish-libs
%if %{with python3} %if %{with python3}
@ -140,6 +143,8 @@ sed -i '8 i\RPM_BUILD_ROOT=%{buildroot}' find-provides
%patch11 -p0 %patch11 -p0
%endif %endif
%patch100 -p1
%build %build
%if 0%{?rhel} == 6 %if 0%{?rhel} == 6
export CFLAGS="%{optflags} -fPIC" export CFLAGS="%{optflags} -fPIC"
@ -371,6 +376,10 @@ fi
%changelog %changelog
* Tue Feb 01 2022 Luboš Uhliarik <luhliari@redhat.com> - 6.0.8-1.1
- Resolves: #2047648 - CVE-2022-23959 varnish:6/varnish: Varnish HTTP/1 Request
Smuggling Vulnerability
* Thu Jul 22 2021 Luboš Uhliarik <luhliari@redhat.com> - 6.0.8-1 * Thu Jul 22 2021 Luboš Uhliarik <luhliari@redhat.com> - 6.0.8-1
- new version 6.0.8 - new version 6.0.8
- Resolves: #1982862 - CVE-2021-36740 varnish:6/varnish: HTTP/2 request - Resolves: #1982862 - CVE-2021-36740 varnish:6/varnish: HTTP/2 request