New upstream release. Some fixes for CVE-2009-2936.

2010-04-14 10:59:01 +00:00 · 2010-04-14 10:59:01 +00:00 · 2ecc71890e
commit 2ecc71890e
parent e76ad92515
5 changed files with 75 additions and 16 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -1 +1 @@
-varnish-2.0.6.tar.gz
+varnish-2.1.tar.gz
--- a/2
+++ b/2
@ -1 +1 @@
-d91dc21c636db61c69b5e8f061c5bb95  varnish-2.0.6.tar.gz
+91d92ea69f7dce470e55ef4721ef9b7d  varnish-2.1.tar.gz
--- a/varnish.S-option.patch
+++ b/varnish.S-option.patch
@ -0,0 +1,32 @@
 --- ../varnish-2.1.orig/man/vcl.7so
 +++ man/vcl.7so
@@ -126,7 +126,6 @@ it's saintmode list
 can be set to the maximum list size. Setting a value of 0 disables
 saintmode checking entirely for that backend. The value in the backend
 declaration overrides the parameter.
 -
 .Ss Directors
 Directors choose from different backends based on health status and a
 per-director algorithm.
 --- ../varnish-2.1.orig/bin/varnishd/varnishd.1
 +++ bin/varnishd/varnishd.1
@@ -173,6 +173,9 @@ to the specified
 See
 .Sx Run-Time Parameters
 for a list of parameters.
 +.It Fl S Ar file
 +Path to a file containing a secret used for authorizing access to the
 +management port.
 .It Fl s Ar type Ns Xo
 .Op , Ns Ar options
 .Xc
 --- ../varnish-2.1.orig/redhat/varnish.sysconfig
 +++ ./redhat/varnish.sysconfig
@@ -38,6 +38,7 @@
              -T localhost:6082 \
              -f /etc/varnish/default.vcl \
              -u varnish -g varnish \
 +             -S /etc/varnish/secret \
              -s file,/var/lib/varnish/varnish_storage.bin,1G"
--- a/varnish.floor.patch
+++ b/varnish.floor.patch
@ -0,0 +1,15 @@
 Patch by Robert Scheck <robert@fedoraproject.org> for varnish >= 2.1, which adds the
 missing (former implicit) linking to libm. And as implicit linking can be dangerous,
 this changed, see: http://fedoraproject.org/wiki/Features/ChangeInImplicitDSOLinking
 --- bin/varnishtest/Makefile.am		2010-03-24 10:44:13.000000000 +0100
 +++ bin/varnishtest/Makefile.am.libm	2010-04-07 22:57:03.000000000 +0200
@@ -25,7 +25,7 @@
 		$(top_builddir)/lib/libvarnish/libvarnish.la \
 		$(top_builddir)/lib/libvarnishcompat/libvarnishcompat.la \
 		$(top_builddir)/lib/libvarnishapi/libvarnishapi.la \
 -		${PTHREAD_LIBS}
 +		${LIBM} ${PTHREAD_LIBS}
 EXTRA_DIST = $(top_srcdir)/bin/varnishtest/tests/*.vtc \
 	$(top_srcdir)/bin/varnishtest/tests/README
--- a/varnish.spec
+++ b/varnish.spec
@ -1,23 +1,25 @@
 Summary: High-performance HTTP accelerator
 Name: varnish
-Version: 2.0.6
+Version: 2.1.0
-Release: 2%{?dist}
+Release: 1%{?dist}
 License: BSD
 Group: System Environment/Daemons
 URL: http://www.varnish-cache.org/
-Source0: http://downloads.sourceforge.net/varnish/varnish-%{version}.tar.gz
+#Source0: http://downloads.sourceforge.net/varnish/varnish-%{version}.tar.gz
-Patch0: varnish.varnishtest_debugflag.patch
+Source0: http://downloads.sourceforge.net/varnish/varnish-2.1.tar.gz
-Patch1: varnish.changes-2.0.6.patch
+patch0: varnish.S-option.patch
 patch1: varnish.floor.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 # The svn sources needs autoconf, automake and libtool to generate a suitable
 # configure script. Release tarballs would not need this
-#BuildRequires: automake autoconf libtool
+BuildRequires: automake autoconf libtool
-BuildRequires: ncurses-devel libxslt groff
+BuildRequires: ncurses-devel libxslt groff pcre-devel pkgconfig
 Requires: varnish-libs = %{version}-%{release}
 Requires: logrotate
 Requires: ncurses
 Requires: pcre
 Requires(pre): shadow-utils
-Requires(post): /sbin/chkconfig
+Requires(post): /sbin/chkconfig, /usr/bin/mkpasswd
 Requires(preun): /sbin/chkconfig
 Requires(preun): /sbin/service
 Requires(preun): initscripts
@ -62,7 +64,8 @@ Varnish is a high-performance HTTP accelerator
 #Varnish is a high-performance HTTP accelerator
 %prep
-%setup -q
+#%setup -q
 %setup -q -n varnish-2.1
 #%setup -q -n varnish-cache
 # The svn sources needs to generate a suitable configure script
@ -72,6 +75,9 @@ Varnish is a high-performance HTTP accelerator
 %patch0
 %patch1
 # Makefile.am was patched. Needs to rerun autoconf
 ./autogen.sh
 # Hack to get 32- and 64-bits tests run concurrently on the same build machine
 case `uname -m` in
 	ppc64 | s390x | x86_64 | sparc64 )
@ -129,11 +135,6 @@ tail -n +11 etc/default.vcl >> redhat/default.vcl
 	redhat/varnish.initrc redhat/varnishlog.initrc redhat/varnishncsa.initrc
 %endif
 # Fix for broken changes-2.0.6.html
 pushd doc
 %{__make} clean; %{__make}
 popd
 %check
 # rhel5 on ppc64 is just too strange
 %ifarch ppc64
@ -238,6 +239,7 @@ exit 0
 /sbin/chkconfig --add varnish
 /sbin/chkconfig --add varnishlog
 /sbin/chkconfig --add varnishncsa 
 test -f /etc/varnish/secret || (mkpasswd > /etc/varnish/secret && chmod 0600 /etc/varnish/secret)
 %preun
 if [ $1 -lt 1 ]; then
@ -254,6 +256,16 @@ fi
 %postun libs -p /sbin/ldconfig
 %changelog
 * Tue Apr 06 2010 Ingvar Hagelund <ingvar@linpro.no> - 2.1.0-1
 - New upstream release; note: Configuration changes, see the README
 - Removed unneeded patches 
 - CVE-2009-2936: Added a patch from Debian that adds the -S option 
  to the varnisdh(1) manpage and to the sysconfig defaults, thus
  password-protecting the admin interface port (#579536,#579533)
 - Generates that password in the post script, requires mkpasswd
 - Added a patch from Robert Scheck for explicit linking to libm
 - Requires pcre
 * Wed Dec 23 2009 Ingvar Hagelund <ingvar@linpro.no> - 2.0.6-2
 - Added a test that enables jemalloc on ppc if the kernel is
  not a rhel5 kernel (as on redhat builders)
`@ -1 +1 @@`
	`d91dc21c636db61c69b5e8f061c5bb95 varnish-2.0.6.tar.gz`	`91d92ea69f7dce470e55ef4721ef9b7d varnish-2.1.tar.gz`