!92 [sync] PR-83: Update to 7.4.3 for fix CVE-2024-30156

From: @openeuler-sync-bot 
Reviewed-by: @wang--ge 
Signed-off-by: @wang--ge

CVE-2022-23959.patch

@@ -1,28 +0,0 @@
-From fceaefd4d59a3b5d5a4903a3f420e35eb430d0d4 Mon Sep 17 00:00:00 2001
-From: Martin Blix Grydeland <martin@varnish-software.com>
-Date: Fri, 17 Dec 2021 22:10:16 +0100
-Subject: [PATCH] Mark req doclose when failing to ignore req body
-
-Previously we would ignore errors to iterate the request body into
-oblivion in VRB_Ignore(), keeping the connection open. This opens an
-out-of-sync vulnerability on H/1 connections.
-
-This patch tests the status of the request body in VRB_Ignore(), marking
-the request failed and that it should be closed on errors.
----
- bin/varnishd/cache/cache_req_body.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/bin/varnishd/cache/cache_req_body.c b/bin/varnishd/cache/cache_req_body.c
-index 6391f928d6..5ffd08b77d 100644
---- a/bin/varnishd/cache/cache_req_body.c
-+++ b/bin/varnishd/cache/cache_req_body.c
-@@ -254,6 +254,8 @@ VRB_Ignore(struct req *req)
- 	if (req->req_body_status->avail > 0)
- 		(void)VRB_Iterate(req->wrk, req->vsl, req,
- 		    httpq_req_body_discard, NULL);
-+	if (req->req_body_status == BS_ERROR)
-+		req->doclose = SC_RX_BODY;
- 	return (0);
- }
- 

fix-varnish-devel-installation-failure.patch

@@ -63,16 +63,6 @@ index 0eb77c5..6b3af4d 100755
  #
  # Copyright (c) 2010-2016 Varnish Software
  # All rights reserved.
-diff --git a/lib/libvcc/vsctool.py b/lib/libvcc/vsctool.py
-index 9df1dc4..82c8f33 100755
---- a/lib/libvcc/vsctool.py
-+++ b/lib/libvcc/vsctool.py
-@@ -1,4 +1,4 @@
--#!/usr/bin/env python3
-+#!/usr/bin/python3
- # -*- encoding: utf-8 -*-
- #
- # Copyright (c) 2017 Varnish Software AS
 diff --git a/wflags.py b/wflags.py
 index 9e9e4e9..90605a2 100644
 --- a/wflags.py

varnish.spec

@@ -1,7 +1,9 @@
+%global vendor %{?_vendor:%{_vendor}}%{!?_vendor:openEuler}
+
 Name:             varnish
 Summary:          A web application accelerator
-Version:          7.0.1
-Release:          3
+Version:          7.4.3
+Release:          1
 License:          BSD-2-Clause
 URL:              https://www.varnish-cache.org/
 Source0:          http://varnish-cache.org/_downloads/varnish-%{version}.tgz
@@ -10,12 +12,10 @@ Source0:          http://varnish-cache.org/_downloads/varnish-%{version}.tgz
 Source1:          https://github.com/varnishcache/pkg-varnish-cache/archive/0ad2f22629c4a368959c423a19e352c9c6c79682/pkg-varnish-cache-0ad2f22.tar.gz
 Patch0001:        fix-varnish-devel-installation-failure.patch
 Patch0002:        fix-varnish.service-reload-failed.patch
-##https://github.com/varnishcache/varnish-cache/commit/fceaefd4d59a3b5d5a4903a3f420e35eb430d0d4
-Patch0003:        CVE-2022-23959.patch
 
 BuildRequires:    python3-sphinx python3-docutils pkgconfig make graphviz nghttp2 systemd-units
 BuildRequires:    ncurses-devel pcre2-devel libedit-devel gcc
-Requires:         logrotate ncurses pcre2 jemalloc openEuler-rpm-config gcc
+Requires:         logrotate ncurses pcre2 jemalloc %{vendor}-rpm-config gcc
 Requires(pre):    shadow-utils
 Requires(post):   /usr/bin/uuidgen systemd-units systemd-sysv
 Requires(preun):  systemd-units
@@ -160,6 +160,21 @@ test -f /etc/varnish/secret || (uuidgen > /etc/varnish/secret && chmod 0600 /etc
 %{_mandir}/man7/*.7*
 
 %changelog
+* Mon Mar 25 2024 zhangxingrong <zhangxingrong@uniontech.com> - 7.4.3-1
+- Update to 7.4.3 for fix CVE-2024-30156
+
+* Sat Feb 17 2024 wangkai <13474090681@163.com> - 7.4.2-1
+- Update to 7.4.2 for fix CVE-2023-44487
+
+* Tue Oct 10 2023 xu_ping <707078654@qq.com> - 7.4.1-1
+- Upgrade version to 7.4.1
+
+* Tue Nov 22 2022 jiangpeng <jiangpeng01@ncti-gba.cn> - 7.0.1-5
+- Fix CVE-2022-45060
+
+* Tue Aug 23 2022 jiangpeng <jiangpeng01@ncti-gba.cn> - 7.0.1-4
+- Fix CVE-2022-38150
+
 * Tue May 10 2022 yaoxin <yaoxin30@h-partners.com> - 7.0.1-3
 - License compliance rectification