diff --git a/varnish.spec b/varnish.spec index 7b203be..37c6747 100644 --- a/varnish.spec +++ b/varnish.spec @@ -23,11 +23,12 @@ Summary: High-performance HTTP accelerator Name: varnish Version: 6.6.2 -Release: 7%{?dist} +Release: 8%{?dist} License: BSD URL: https://www.varnish-cache.org/ Source0: http://varnish-cache.org/_downloads/%{name}-%{version}.tgz Source1: https://github.com/varnishcache/pkg-varnish-cache/archive/%{commit1}.tar.gz#/pkg-varnish-cache-%{shortcommit1}.tar.gz +Source2: varnish.tmpfiles # Patches: # Patch 001: Because of Fedora's libtool no-rpath requirement, it is still @@ -255,6 +256,10 @@ install -D -m 0644 redhat/varnish.service %{buildroot}%{_unitdir}/varnish.servic install -D -m 0644 redhat/varnishncsa.service %{buildroot}%{_unitdir}/varnishncsa.service install -D -m 0755 redhat/varnishreload %{buildroot}%{_sbindir}/varnishreload +# tmpfiles.d configuration +mkdir -p %{buildroot}%{_tmpfilesdir} +install -m 644 -p %{SOURCE2} %{buildroot}%{_tmpfilesdir}/varnish.conf + echo %{_libdir}/varnish > %{buildroot}%{_sysconfdir}/ld.so.conf.d/varnish-%{_arch}.conf # No idea why these ends up with mode 600 in the debug package @@ -281,6 +286,7 @@ chmod 644 lib/libvmod_*/*.h %config(noreplace) %{_sysconfdir}/varnish/default.vcl %config(noreplace) %{_sysconfdir}/logrotate.d/varnish %config %{_sysconfdir}/ld.so.conf.d/varnish-%{_arch}.conf +%{_tmpfilesdir}/varnish.conf %{_unitdir}/varnish.service @@ -324,6 +330,9 @@ test -f /etc/varnish/secret || (uuidgen > /etc/varnish/secret && chmod 0600 /etc %changelog +* Wed Nov 12 2025 Luboš Uhliarik - 6.6.2-8 +- Resolves: RHEL-121819 - Image mode: fix creation of /var files + * Tue Jun 03 2025 Luboš Uhliarik - 6.6.2-7 - Resolves: RHEL-89702 - varnish: request smuggling attacks (CVE-2025-47905) diff --git a/varnish.tmpfiles b/varnish.tmpfiles new file mode 100644 index 0000000..2717356 --- /dev/null +++ b/varnish.tmpfiles @@ -0,0 +1,2 @@ +d /var/lib/varnish 755 root root - +d /var/log/varnish 700 varnish varnish -