From 2d4a8dd3682f6c5169686a4a97836d613c031f3f Mon Sep 17 00:00:00 2001 From: tnn Date: Mon, 19 Jul 2021 12:47:31 +0000 Subject: varnish: update to 6.6.1 CVE-2021-36740: request smuggling attack can be performed on Varnish Cache and Varnish Cache Plus servers that have the HTTP/2 protocol enabled. The smuggled requests do not go through normal VCL processing, and any authorization steps implemented in VCL would be bypassed. --- www/varnish/Makefile | 4 ++-- www/varnish/distinfo | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) (limited to 'www') diff --git a/www/varnish/Makefile b/www/varnish/Makefile index 3485a9cc667..c40ab85e57f 100644 --- a/www/varnish/Makefile +++ b/www/varnish/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.31 2021/06/25 12:21:08 tnn Exp $ +# $NetBSD: Makefile,v 1.32 2021/07/19 12:47:31 tnn Exp $ -DISTNAME= varnish-6.6.0 +DISTNAME= varnish-6.6.1 CATEGORIES= www MASTER_SITES= https://varnish-cache.org/_downloads/ EXTRACT_SUFX= .tgz diff --git a/www/varnish/distinfo b/www/varnish/distinfo index ff973c87738..5ee4ce744cd 100644 --- a/www/varnish/distinfo +++ b/www/varnish/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.15 2021/06/25 12:21:08 tnn Exp $ +$NetBSD: distinfo,v 1.16 2021/07/19 12:47:31 tnn Exp $ -SHA1 (varnish-6.6.0.tgz) = c330a3cbdbb13586338d1419ef8913efbd3816ae -RMD160 (varnish-6.6.0.tgz) = 550dfcf68597dc2937c7eafa7dd03ff805c3cdfa -SHA512 (varnish-6.6.0.tgz) = 0f52e94dd866a7cf141f9333a9169b396627f169907acb2d64f18dcac3188f9d9f1e72ea9eb9f2c0c19a5f53df0c90446041eb2b1e52f4756ea257efb329d0d1 -Size (varnish-6.6.0.tgz) = 3519048 bytes +SHA1 (varnish-6.6.1.tgz) = b5036538ea05cc57afbfabeabdb2f284349c648d +RMD160 (varnish-6.6.1.tgz) = 8541fa91dbfde9840b2d9495654833d9a3e99fd6 +SHA512 (varnish-6.6.1.tgz) = af3ee1743af2ede2d3efbb73e5aa9b42c7bbd5f86163ec338c8afd1989c3e51ff3e1b40bed6b72224b5d339a74f22d6e5f3c3faf2fedee8ab4715307ed5d871b +Size (varnish-6.6.1.tgz) = 3518308 bytes SHA1 (patch-bin_varnishd_cache_cache__panic.c) = cf2b9c1f2c3ba15c7e20baca3c9af607a3e1fa82 SHA1 (patch-etc_Makefile.in) = f4407cad5f9f6c6402ab3b7fce0e1577d70b36be SHA1 (patch-include_tbl_params.h) = 7a52ef6a98ec29409c7284876adffdb5c53facff -- cgit v1.2.3