Bump versions

emgag · Dec 28, 2023 · 58466ae · 58466ae
1 parent 0106756
commit 58466ae
Show file tree

Hide file tree

Showing 9 changed files with 47 additions and 39 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -15,30 +15,30 @@ jobs:
   build:
     strategy:
       matrix:
-        version: ["6.0", "7.2", "7.3"]
+        version: ["6.0", "7.3", "7.4"]
         include:
           - version: "6.0"
-            tag: "6.0.11-1"
-          - version: "7.2"
-            tag: "7.2.1-1"
+            tag: "6.0.12"
           - version: "7.3"
-            tag: "7.3.0-1"
+            tag: "7.3.1"
+          - version: "7.4"
+            tag: "7.4.2"
 
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       # https://github.com/docker/setup-qemu-action
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
 
       # https://github.com/docker/setup-buildx-action
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
 
-      - name: Login to github docker registry
-        uses: docker/login-action@v2
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}

diff --git a/.idea/misc.xml b/.idea/misc.xml
diff --git a/6.0/Dockerfile b/6.0/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:bullseye-slim
+FROM debian:bookworm-slim
 LABEL org.opencontainers.image.source = "https://github.com/emgag/docker-varnish"
 
 #
@@ -19,7 +19,7 @@ RUN apt-get update \
         libpcre3-dev \
         libtool \
         pkg-config \
-        python \
+        python-is-python3 \
         python3 \
         python3-docutils \
         python3-sphinx \
@@ -30,8 +30,8 @@ RUN apt-get update \
 #
 # install varnish
 #
-ENV VARNISH_VERSION=6.0.11
-ENV VARNISH_SHA256SUM=515900dbeb47ffd30eb39065cae033167983ecf9bd03a9435a273607e1d128db
+ENV VARNISH_VERSION=6.0.12
+ENV VARNISH_SHA256SUM=387cebd3abb34373065ac0e26e6f2bda2140c410a8b5203e115f5a672b2bd6a5
 
 RUN mkdir -p /usr/local/src && \
     cd /usr/local/src && \
@@ -47,11 +47,11 @@ RUN mkdir -p /usr/local/src && \
 #
 # install stock varnish module library
 #
-ENV VARNISHMODULES_BRANCH=6.0
-ENV VARNISHMODULES_COMMIT=059497cbddd7faeff529c1b9038715e5ba6891ee
+ENV VARNISHMODULES_BRANCH=6.0-lts
+ENV VARNISHMODULES_COMMIT=d472c29300ffa1ea5d0916125d449ba43a64f1bd
 
 RUN cd /usr/local/src/ && \
-    git clone -b ${VARNISHMODULES_BRANCH} https://github.com/nigoroll/varnish-modules.git && \
+    git clone -b ${VARNISHMODULES_BRANCH} https://github.com/varnish/varnish-modules.git && \
     cd varnish-modules && \
     git reset --hard ${VARNISHMODULES_COMMIT} && \
     ./bootstrap && \

diff --git a/7.3/Dockerfile b/7.3/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:experimental
-FROM debian:bullseye-slim
+FROM debian:bookworm-slim
 LABEL org.opencontainers.image.source = "https://github.com/emgag/docker-varnish"
 
 #
@@ -35,8 +35,8 @@ RUN apt-get update \
 #
 # install varnish
 #
-ENV VARNISH_VERSION=7.3.0
-ENV VARNISH_SHA256SUM=e2dbbb0ec270a90647c386866e6e226993aed46e48de751a72bb819737f14ae7
+ENV VARNISH_VERSION=7.3.1
+ENV VARNISH_SHA256SUM=a3dec46e6a8a4f472bb33da99be5068279d6924c475cce8ce7e03615ec0b972b
 ENV VARNISHSRC=/usr/local/src/varnish-${VARNISH_VERSION}
 
 RUN mkdir -p /usr/local/src && \

diff --git a/7.2/Dockerfile → 7.4/Dockerfile b/7.2/Dockerfile → 7.4/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:experimental
-FROM debian:bullseye-slim
+FROM debian:bookworm-slim
 LABEL org.opencontainers.image.source = "https://github.com/emgag/docker-varnish"
 
 #
@@ -35,8 +35,9 @@ RUN apt-get update \
 #
 # install varnish
 #
-ENV VARNISH_VERSION=7.2.1
-ENV VARNISH_SHA256SUM=4d937d1720a8ec19c533f972d9303a1c9889b7bfca7437893ae5c27cf204a940
+ENV VARNISH_VERSION=7.4.2
+ENV VARNISH_SHA256SUM=6d3d03c67514e6bb4e8584e40a381f51e708607d39337a63dc4ae42061d9a46f
+ENV VARNISHSRC=/usr/local/src/varnish-${VARNISH_VERSION}
 
 RUN mkdir -p /usr/local/src && \
     cd /usr/local/src && \
@@ -52,8 +53,8 @@ RUN mkdir -p /usr/local/src && \
 #
 # install stock varnish module library
 #
-ENV VARNISHMODULES_VERSION=0.21.0
-ENV VARNISHMODULES_SHA256SUM=d2c69323c6d4ee9ee6023c9a93739ff3828dca1017eb86030511cdb5be3cd70b
+ENV VARNISHMODULES_VERSION=0.23.0
+ENV VARNISHMODULES_SHA256SUM=dadefece55282f11865d221415afe1e2cdd2a1f479bc13a8f5c0832580e0ae76
 
 RUN cd /usr/local/src/ && \
     curl -sfLO https://github.com/varnish/varnish-modules/archive/${VARNISHMODULES_VERSION}.tar.gz && \
@@ -72,7 +73,7 @@ RUN cd /usr/local/src/ && \
 # install libvmod-dynamic
 #
 ENV LIBVMOD_DYNAMIC_BRANCH=master
-ENV LIBVMOD_DYNAMIC_COMMIT=025e9918f6cba33135e16e0fb0d86b4c34b6dd5a
+ENV LIBVMOD_DYNAMIC_COMMIT=32c331e79dba857b0309ba0d527ba17bf64ff2c7
 
 RUN cd /usr/local/src/ && \
     git clone -b ${LIBVMOD_DYNAMIC_BRANCH} https://github.com/nigoroll/libvmod-dynamic.git && \

diff --git a/7.2/init.sh → 7.4/init.sh b/7.2/init.sh → 7.4/init.sh
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 2023-12-28
+
+* Add [7.4](https://varnish-cache.org/releases/rel7.4.0.html#rel7-4-0) release.
+* Update to 6.0.12, 7.3.1 and 7.4.2 to address [VSV00013 Varnish HTTP/2 Rapid Reset Attack](https://varnish-cache.org/security/VSV00013.html#vsv00013).
+* Switch base images to debian:bookworm-slim.
+* EOL'd version 7.2. 
+
 ## 2023-08-18
 
 * Update [vmod-digest](https://github.com/varnish/libvmod-digest) to address [VSV00012 Base64 decoding vulnerability in vmod-digest](https://varnish-cache.org/security/VSV00012.html), updated images are 7.3.0-1, 7.2.1-1 and 6.0.11-1.

diff --git a/README.md b/README.md
@@ -5,7 +5,7 @@
 
 **WARNING:** Dockerhub images are no longer maintained. Please use ghcr.io! 
 
-[Varnish](http://varnish-cache.org/) container image used within EMGAG environments. Originally based on [newsdev/docker-varnish](https://github.com/newsdev) (not available anymore), but updated to recent varnish versions (6.0, 7.1 and 7.2), shipped with some additional [vmods](http://varnish-cache.org/vmods/#vmods), better support for custom configuration and built for multiple architectures.
+[Varnish](http://varnish-cache.org/) container image used within EMGAG environments. Originally based on [newsdev/docker-varnish](https://github.com/newsdev) (not available anymore), but updated to recent varnish versions (6.0, 7.3 and 7.4), shipped with some additional [vmods](http://varnish-cache.org/vmods/#vmods), better support for custom configuration and built for multiple architectures.
 
 Shipped VMODs:
 * [libvmod-digest](https://github.com/varnish/libvmod-digest): HMAC, hash and base64 functions
@@ -20,22 +20,19 @@ Shipped VMODs:
 
 ## Supported tags and respective `Dockerfile` links
 
-* [`7.3.0-1` (*7.3.0-1/Dockerfile*)](https://github.com/emgag/docker-varnish/blob/master/7.3/Dockerfile), based on debian:bullseye-slim.
+* [`7.4.2` (*7.4.2/Dockerfile*)](https://github.com/emgag/docker-varnish/blob/master/7.4/Dockerfile), based on debian:bookworm-slim.
   * linux/amd64
-  * linux/arm64 (see notes)
-* [`7.2.1-1` (*7.2.1-1/Dockerfile*)](https://github.com/emgag/docker-varnish/blob/master/7.2/Dockerfile), based on debian:bullseye-slim.
+  * linux/arm64
+* [`7.3.1` (*7.3.1/Dockerfile*)](https://github.com/emgag/docker-varnish/blob/master/7.3/Dockerfile), based on debian:bookworm-slim.
   * linux/amd64
-  * linux/arm64 (see notes)
-* [`6.0.11-1` (*6.0.11-1/Dockerfile*)](https://github.com/emgag/docker-varnish/blob/master/6.0/Dockerfile), based on debian:bullseye-slim.
+  * linux/arm64
+* [`6.0.12` (*6.0.11-1/Dockerfile*)](https://github.com/emgag/docker-varnish/blob/master/6.0/Dockerfile), based on debian:bookworm-slim.
   * linux/amd64
-  * linux/arm64 (see notes)
+  * linux/arm64
 
 **Notes:** 
-* While the container images are built for Linux amd64 and arm64, **only amd64 is tested and used in production**, the others may or may not work.  
 * This repository does **not contain shorthand tags** (e.g. latest, 6, 6.1, etc.), just fully qualified versions corresponding to shipped varnish version and occasionally an additional package version (e.g. 6.0.3-1) if something in the image changed within a varnish release. This is because it might happen that a specific vmod stopped being supported for whatever reason and removing it will break future releases, which is outside of our control (e.g. old releases contained libvmod-geoip, which isn't supported anymore).
-* **Only 7.3, 7.2 and 6.0** are [versions supported by varnish](https://varnish-cache.org/releases/index.html), maintained in this repo and available for download from github container registry and dockerhub.
-* The most recent of the **unsupported** legacy versions, 4.1.11, 5.0.0. 5.1.3 and 5.2.1 are available from dockerhub as well. 
-* For docs and code for versions 4.x and 5.x see [branch 4.1](https://github.com/emgag/docker-varnish/tree/4.1).  
+* **Only 7.4, 7.3 and 6.0** are [versions supported by varnish](https://varnish-cache.org/releases/index.html), maintained in this repo.
 
 ## Varnish
 
@@ -46,7 +43,7 @@ From [varnish-cache.org](https://varnish-cache.org/intro/index.html): _Varnish C
 By default, varnish reads `/etc/varnish/default.vcl` on startup. Either copy your VCL file in your Dockerfile  
 
 ```
-FROM ghcr.io/emgag/varnish:7.3.0-1
+FROM ghcr.io/emgag/varnish:7.4.2
 COPY default.vcl /etc/varnish/default.vcl
 ```
 
@@ -56,7 +53,7 @@ or mount a volume containing the varnish configuration to `/etc/varnish`, e.g wi
 version: '3'
 services:
   varnish:
-    image: ghcr.io/emgag/varnish:7.3.0-1
+    image: ghcr.io/emgag/varnish:7.4.2
     volumes:
       - ./varnish:/etc/varnish
     ports:

diff --git a/test/7.2.vcl → test/7.4.vcl b/test/7.2.vcl → test/7.4.vcl