Bug#1101775: bookworm-pu: package varnish/7.1.1-1.1+deb12u1
Package: release.debian.org
Severity: normal
Tags: bookworm moreinfo
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: security@debian.org, Varnish Package Maintainers <team+varnish-team@tracker.debian.org>
* CVE-2025-30346: HTTP/1 client-side desync vulnerability
Tagged moreinfo, as question to the security team whether they want
this in pu or as DSA.
diffstat for varnish-7.1.1 varnish-7.1.1
changelog | 7 +
patches/0001-req_fsm-Close-the-connection-on-a-malformed-request.patch | 53 ++++++++++
patches/series | 1
3 files changed, 61 insertions(+)
diff -Nru varnish-7.1.1/debian/changelog varnish-7.1.1/debian/changelog
--- varnish-7.1.1/debian/changelog 2023-01-09 23:09:31.000000000 +0200
+++ varnish-7.1.1/debian/changelog 2025-03-31 16:06:56.000000000 +0300
@@ -1,3 +1,10 @@
+varnish (7.1.1-1.1+deb12u1) bookworm; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2025-30346: HTTP/1 client-side desync vulnerability
+
+ -- Adrian Bunk <bunk@debian.org> Mon, 31 Mar 2025 16:06:56 +0300
+
varnish (7.1.1-1.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru varnish-7.1.1/debian/patches/0001-req_fsm-Close-the-connection-on-a-malformed-request.patch varnish-7.1.1/debian/patches/0001-req_fsm-Close-the-connection-on-a-malformed-request.patch
--- varnish-7.1.1/debian/patches/0001-req_fsm-Close-the-connection-on-a-malformed-request.patch 1970-01-01 02:00:00.000000000 +0200
+++ varnish-7.1.1/debian/patches/0001-req_fsm-Close-the-connection-on-a-malformed-request.patch 2025-03-31 16:06:35.000000000 +0300
@@ -0,0 +1,53 @@
+From 07c5b24e265b2b852c23ec492fe425b575fd43cb Mon Sep 17 00:00:00 2001
+From: Dag Haavi Finstad <daghf@varnish-software.com>
+Date: Fri, 10 Jan 2025 13:07:54 +0100
+Subject: req_fsm: Close the connection on a malformed request
+
+---
+ bin/varnishd/cache/cache_req_fsm.c | 2 ++
+ bin/varnishtest/tests/b00037.vtc | 2 ++
+ 2 files changed, 4 insertions(+)
+
+diff --git a/bin/varnishd/cache/cache_req_fsm.c b/bin/varnishd/cache/cache_req_fsm.c
+index 81217159f..a0b344960 100644
+--- a/bin/varnishd/cache/cache_req_fsm.c
++++ b/bin/varnishd/cache/cache_req_fsm.c
+@@ -940,6 +940,7 @@ cnt_recv(struct worker *wrk, struct req *req)
+ if (http_CountHdr(req->http0, H_Host) > 1) {
+ VSLb(req->vsl, SLT_BogoHeader, "Multiple Host: headers");
+ wrk->stats->client_req_400++;
++ req->doclose = SC_RX_BAD;
+ (void)req->transport->minimal_response(req, 400);
+ return (REQ_FSM_DONE);
+ }
+@@ -947,6 +948,7 @@ cnt_recv(struct worker *wrk, struct req *req)
+ if (http_CountHdr(req->http0, H_Content_Length) > 1) {
+ VSLb(req->vsl, SLT_BogoHeader, "Multiple Content-Length: headers");
+ wrk->stats->client_req_400++;
++ req->doclose = SC_RX_BAD;
+ (void)req->transport->minimal_response(req, 400);
+ return (REQ_FSM_DONE);
+ }
+diff --git a/bin/varnishtest/tests/b00037.vtc b/bin/varnishtest/tests/b00037.vtc
+index 63d8014dc..cb758cdbd 100644
+--- a/bin/varnishtest/tests/b00037.vtc
++++ b/bin/varnishtest/tests/b00037.vtc
+@@ -11,6 +11,7 @@ client c1 {
+
+ varnish v1 -vsl_catchup
+ varnish v1 -expect client_req_400 == 1
++varnish v1 -expect sc_rx_bad == 1
+
+ client c1 {
+ txreq -method POST -hdr "Content-Length: 12" -bodylen 12
+@@ -20,6 +21,7 @@ client c1 {
+
+ varnish v1 -vsl_catchup
+ varnish v1 -expect client_req_400 == 2
++varnish v1 -expect sc_rx_bad == 2
+
+ varnish v1 -cliok "param.set feature +http2"
+
+--
+2.30.2
+
diff -Nru varnish-7.1.1/debian/patches/series varnish-7.1.1/debian/patches/series
--- varnish-7.1.1/debian/patches/series 2023-01-09 23:06:58.000000000 +0200
+++ varnish-7.1.1/debian/patches/series 2025-03-31 16:06:56.000000000 +0300
@@ -1,2 +1,3 @@
Add-all-well-known-headers-to-the-perfect-hash-looku.patch
hpack-fix-pseudo-headers-handling.patch
+0001-req_fsm-Close-the-connection-on-a-malformed-request.patch
Reply to: