Bug#991122: unblock: varnish/6.5.2-1
Hi, On 05-08-2021 20:23, Salvatore Bonaccorso wrote: > Hi Stig, > > On Thu, Jul 29, 2021 at 07:33:39PM +0200, Paul Gevers wrote: >> Control: tags -1 moreinfo >> >> On 20-07-2021 21:46, Stig Sandbeck Mathisen wrote: >>> On Mon, Jul 19, 2021 at 10:06:37PM +0200, Graham Inggs wrote: On Mon, 19 Jul 2021 at 13:00, Stig Sandbeck Mathisen wrote: > Attached is the diff. Changes are the upstream bugfix, as well as two > commits in the packaging repository: Thanks. Please go ahead and upload to unstable, then remove the moreinfo tag once it has built. >>> >>> Hello Graham, >>> >>> Thanks, will do. >> >> Bug #991348 has been raised do this upload. What's the proposal out of >> the current situation? > > Though probably too late now for this? (I assume we will face the same > problem for varnish to be released either via bullseye-security or > bullseye-pu?) I think the question is, are the varnish-modules incompatible due to the CVE fixes, or due to other changes included in the upload. Paul OpenPGP_signature Description: OpenPGP digital signature
Bug#991122: unblock: varnish/6.5.2-1
Hi Stig, On Thu, Jul 29, 2021 at 07:33:39PM +0200, Paul Gevers wrote: > Control: tags -1 moreinfo > > On 20-07-2021 21:46, Stig Sandbeck Mathisen wrote: > > On Mon, Jul 19, 2021 at 10:06:37PM +0200, Graham Inggs wrote: > >> On Mon, 19 Jul 2021 at 13:00, Stig Sandbeck Mathisen > >> wrote: > >>> Attached is the diff. Changes are the upstream bugfix, as well as two > >>> commits in the packaging repository: > >> > >> Thanks. Please go ahead and upload to unstable, then remove the moreinfo > >> tag > >> once it has built. > > > > Hello Graham, > > > > Thanks, will do. > > Bug #991348 has been raised do this upload. What's the proposal out of > the current situation? Though probably too late now for this? (I assume we will face the same problem for varnish to be released either via bullseye-security or bullseye-pu?) Regards, Salvatore
Processed: Re: Bug#991122: unblock: varnish/6.5.2-1
Processing control commands: > tags -1 moreinfo Bug #991122 [release.debian.org] unblock: varnish/6.5.2-1 Added tag(s) moreinfo. -- 991122: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991122 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#991122: unblock: varnish/6.5.2-1
Control: tags -1 moreinfo On 20-07-2021 21:46, Stig Sandbeck Mathisen wrote: > On Mon, Jul 19, 2021 at 10:06:37PM +0200, Graham Inggs wrote: >> On Mon, 19 Jul 2021 at 13:00, Stig Sandbeck Mathisen wrote: >>> Attached is the diff. Changes are the upstream bugfix, as well as two >>> commits in the packaging repository: >> >> Thanks. Please go ahead and upload to unstable, then remove the moreinfo tag >> once it has built. > > Hello Graham, > > Thanks, will do. Bug #991348 has been raised do this upload. What's the proposal out of the current situation? Paul OpenPGP_signature Description: OpenPGP digital signature
Bug#991122: unblock: varnish/6.5.2-1
On Mon, Jul 19, 2021 at 10:06:37PM +0200, Graham Inggs wrote: > On Mon, 19 Jul 2021 at 13:00, Stig Sandbeck Mathisen wrote: > > Attached is the diff. Changes are the upstream bugfix, as well as two > > commits in the packaging repository: > > Thanks. Please go ahead and upload to unstable, then remove the moreinfo tag > once it has built. Hello Graham, Thanks, will do. -- Stig Sandbeck Mathisen
Bug#991122: unblock: varnish/6.5.2-1
Control: tags -1 + confirmed Hi Stig On Mon, 19 Jul 2021 at 13:00, Stig Sandbeck Mathisen wrote: > Attached is the diff. Changes are the upstream bugfix, as well as two commits > in the packaging repository: Thanks. Please go ahead and upload to unstable, then remove the moreinfo tag once it has built. Regards Graham
Bug#991122: unblock: varnish/6.5.2-1
On Sun, Jul 18, 2021 at 10:14:46AM +0200, Graham Inggs wrote:
> Control: tags -1 + moreinfo
>
> Hi Stig
>
> Please attach a filtered debdiff to this bug. Something like:
>
> filterdiff -x '*/build-aux/*' -x '*/doc/html/*'
> varnish-6.5.1-1--6.5.2-1.debdiff >filtered.debdiff
>
> Please also show the command that you end up using, so we can see
> which parts were excluded.
Hello,
I used the command
filterdiff -x '*/build-aux/*' -x '*/doc/html/*'
varnish-6.5.1-1--6.5.2-1.debdiff > varnish-6.5.1-1--6.5.2-1.filtered.debdiff
Attached is the diff. Changes are the upstream bugfix, as well as two commits
in the packaging repository:
https://salsa.debian.org/varnish-team/varnish/-/commit/b38fddf5fb3a7acf5c88d6a0f9906cb0967f16bb
(lint: debian/*.install, paths should not begin with /)
https://salsa.debian.org/varnish-team/varnish/-/commit/46da54a751ae85afae8403fbf8ca360f322c349c
(Declare compliance with Debian Policy 4.5.0)
diff -Nru varnish-6.5.1/Makefile.in varnish-6.5.2/Makefile.in
--- varnish-6.5.1/Makefile.in 2020-09-25 11:44:45.0 +0200
+++ varnish-6.5.2/Makefile.in 2021-07-02 13:57:15.0 +0200
@@ -207,7 +207,8 @@
$(top_srcdir)/build-aux/ltmain.sh \
$(top_srcdir)/build-aux/missing ChangeLog INSTALL \
build-aux/compile build-aux/config.guess build-aux/config.sub \
- build-aux/install-sh build-aux/ltmain.sh build-aux/missing
+ build-aux/depcomp build-aux/install-sh build-aux/ltmain.sh \
+ build-aux/missing build-aux/ylwrap
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
diff -Nru varnish-6.5.1/bin/varnishd/http2/cache_http2.h
varnish-6.5.2/bin/varnishd/http2/cache_http2.h
--- varnish-6.5.1/bin/varnishd/http2/cache_http2.h 2020-09-25
11:14:30.0 +0200
+++ varnish-6.5.2/bin/varnishd/http2/cache_http2.h 2021-07-02
13:57:09.0 +0200
@@ -134,6 +134,8 @@
/* Where to wake this stream up */
struct worker *wrk;
+ ssize_t reqbody_bytes;
+
VTAILQ_ENTRY(h2_req)tx_list;
h2_errorerror;
};
diff -Nru varnish-6.5.1/bin/varnishd/http2/cache_http2_proto.c
varnish-6.5.2/bin/varnishd/http2/cache_http2_proto.c
--- varnish-6.5.1/bin/varnishd/http2/cache_http2_proto.c2020-09-25
11:14:30.0 +0200
+++ varnish-6.5.2/bin/varnishd/http2/cache_http2_proto.c2021-07-02
13:57:09.0 +0200
@@ -554,6 +554,7 @@
struct req *req, struct h2_req *r2)
{
h2_error h2e;
+ ssize_t cl;
ASSERT_RXTHR(h2);
assert(r2->state == H2_S_OPEN);
@@ -574,16 +575,24 @@
// XXX: Have I mentioned H/2 Is hodge-podge ?
http_CollectHdrSep(req->http, H_Cookie, "; "); // rfc7540,l,3114,3120
+ cl = http_GetContentLength(req->http);
+ assert(cl >= -2);
+ if (cl == -2) {
+ VSLb(h2->vsl, SLT_Debug, "Non-parseable Content-Length");
+ return (H2SE_PROTOCOL_ERROR);
+ }
+
if (req->req_body_status == NULL) {
- if (!http_GetHdr(req->http, H_Content_Length, NULL))
+ if (cl == -1)
req->req_body_status = BS_EOF;
else
req->req_body_status = BS_LENGTH;
+ req->htc->content_length = cl;
} else {
/* A HEADER frame contained END_STREAM */
assert (req->req_body_status == BS_NONE);
r2->state = H2_S_CLOS_REM;
- if (http_GetContentLength(req->http) > 0)
+ if (cl > 0)
return (H2CE_PROTOCOL_ERROR); //rfc7540,l,1838,1840
}
@@ -737,6 +746,7 @@
int w1 = 0, w2 = 0;
char buf[4];
unsigned wi;
+ ssize_t cl;
CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC);
ASSERT_RXTHR(h2);
@@ -755,6 +765,23 @@
Lck_Unlock(>sess->mtx);
return (h2->error ? h2->error : r2->error);
}
+
+ r2->reqbody_bytes += h2->rxf_len;
+ if (h2->rxf_flags & H2FF_DATA_END_STREAM)
+ r2->state = H2_S_CLOS_REM;
+ cl = r2->req->htc->content_length;
+ if (cl >= 0 && (r2->reqbody_bytes > cl ||
+ (r2->state >= H2_S_CLOS_REM && r2->reqbody_bytes != cl))) {
+ VSLb(h2->vsl, SLT_Debug,
+ "H2: stream %u: Received data and Content-Length"
+ " mismatch", h2->rxf_stream);
+ r2->error = H2SE_PROTOCOL_ERROR; // rfc7540,l,3150,3163
+ if (r2->cond)
+ AZ(pthread_cond_signal(r2->cond));
+ Lck_Unlock(>sess->mtx);
+ return (H2SE_PROTOCOL_ERROR);
+ }
+
AZ(h2->mailcall);
h2->mailcall = r2;
h2->req0->r_window -= h2->rxf_len;
@@ -773,6 +800,8 @@
r2->r_window += wi;
w2 = 1;
}
+
+
Bug#991122: unblock: varnish/6.5.2-1
Control: tags -1 + moreinfo Hi Stig Please attach a filtered debdiff to this bug. Something like: filterdiff -x '*/build-aux/*' -x '*/doc/html/*' varnish-6.5.1-1--6.5.2-1.debdiff >filtered.debdiff Please also show the command that you end up using, so we can see which parts were excluded. Regards Graham
