34 changed files with 1391 additions and 334 deletions
--- a/.fmf/version
+++ b/.fmf/version
@ -0,0 +1 @@
 1
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,64 @@
-SOURCES/pkg-varnish-cache-0ad2f22.tar.gz
+varnish-2.0.6.tar.gz
-SOURCES/varnish-6.0.8.tgz
+varnish-2.1.2.tar.gz
 varnish-2.1.3.tar.gz
 /varnish-2.1.4.tar.gz
 /varnish-2.1.5.tar.gz
 /varnish-3.0.2.tar.gz
 /varnish-3.0.3.tar.gz
 /varnish-3.0.4.tar.gz
 /varnish-3.0.5.tar.gz
 /varnish-4.0.0.tar.gz
 /varnish-4.0.1.tar.gz
 /varnish-4.0.2.tar.gz
 /varnish-4.0.3.tar.gz
 /varnish-4.1.0.tar.gz
 /varnish-cache-redhat-f3dbcce.tar.gz
 /pkg-varnish-cache-105f20b.tar.gz
 /varnish-4.1.1.tar.gz
 /varnish-4.1.2.tar.gz
 /varnish-4.1.2_fix_python24.el5.patch
 /pkg-varnish-cache-eff850c.tar.gz
 /varnish-4.1.3.tar.gz
 /pkg-varnish-cache-4e27994.tar.gz
 /varnish-5.0.0.tar.gz
 /pkg-varnish-cache-502fcc0.tar.gz
 /varnish-5.1.1.tar.gz
 /pkg-varnish-cache-92373fe.tar.gz
 /pkg-varnish-cache-5b97619.tar.gz
 /varnish-5.1.2.tar.gz
 /varnish-5.1.3.tar.gz
 /varnish-5.2.0.tgz
 /varnish-5.2.1.tgz
 /pkg-varnish-cache-0ad2f22.tar.gz
 /varnish-6.0.0.tgz
 /varnish-6.0.1.tgz
 /varnish-6.1.0.tgz
 /varnish-6.1.1.tgz
 /varnish-6.2.0.tgz
 /pkg-varnish-cache-114fcdd.tar.gz
 /varnish-6.2.1.tgz
 /varnish-6.3.0.tgz
 /varnish-6.3.1.tgz
 /pkg-varnish-cache-ec7ad9e.tar.gz
 /varnish-6.3.2.tgz
 /varnish-6.4.0.tgz
 /varnish-6.5.0.tgz
 /varnish-6.5.1.tgz
 /varnish-6.6.0.tgz
 /varnish-6.6.1.tgz
 /pkg-varnish-cache-d3e6a3f.tar.gz
 /varnish-7.0.0.tgz
 /varnish-7.0.1.tgz
 /varnish-7.0.2.tgz
 /pkg-varnish-cache-3ba24a8.tar.gz
 /varnish-7.1.0.tgz
 /varnish-7.1.1.tgz
 /pkg-varnish-cache-ffc59a3.tar.gz
 /varnish-7.2.0.tgz
 /varnish-7.2.1.tgz
 /pkg-varnish-cache-7126673.tar.gz
 /varnish-7.3.0.tgz
 /pkg-varnish-cache-cfa8cb3.tar.gz
 /varnish-7.4.0.tgz
 /varnish-7.4.1.tgz
 /varnish-7.4.2.tgz
--- a/.varnish.metadata
+++ b/.varnish.metadata
@ -1,2 +0,0 @@
 db2cd6c296e7f19d65c09e642b7011338d9d0e04 SOURCES/pkg-varnish-cache-0ad2f22.tar.gz
 7c5e50eabcd3c0ddb6c463ba4645678a2f71233a SOURCES/varnish-6.0.8.tgz
--- a/SOURCES/varnish-6.0.8-CVE-2022-45060.patch
+++ b/SOURCES/varnish-6.0.8-CVE-2022-45060.patch
@ -1,85 +0,0 @@
 diff --git a/bin/varnishd/http2/cache_http2_hpack.c b/bin/varnishd/http2/cache_http2_hpack.c
 index d432629..b0dacb9 100644
 --- a/bin/varnishd/http2/cache_http2_hpack.c
 +++ b/bin/varnishd/http2/cache_http2_hpack.c
@@ -93,18 +93,25 @@ static h2_error
 h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
 {
 	/* XXX: This might belong in cache/cache_http.c */
 +	const char *b0;
 	unsigned n;
 +	int disallow_empty;
 +	char *p;
 +	int i;
 	CHECK_OBJ_NOTNULL(hp, HTTP_MAGIC);
 	AN(b);
 	assert(namelen >= 2);	/* 2 chars from the ': ' that we added */
 	assert(namelen <= len);
 +	
 +	disallow_empty = 0;
 	if (len > UINT_MAX) {	/* XXX: cache_param max header size */
 		VSLb(hp->vsl, SLT_BogoHeader, "Header too large: %.20s", b);
 		return (H2SE_ENHANCE_YOUR_CALM);
 	}
 +	b0 = b;
 	if (b[0] == ':') {
 		/* Match H/2 pseudo headers */
 		/* XXX: Should probably have some include tbl for
@@ -113,10 +120,24 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
 			b += namelen;
 			len -= namelen;
 			n = HTTP_HDR_METHOD;
 +			disallow_empty = 1;
 +
 +			/* First field cannot contain SP or CTL */
 +			for (p = b, i = 0; i < len; p++, i++) {
 +				if (vct_issp(*p) || vct_isctl(*p))
 +					return (H2SE_PROTOCOL_ERROR);
 +			}
 		} else if (!strncmp(b, ":path: ", namelen)) {
 			b += namelen;
 			len -= namelen;
 			n = HTTP_HDR_URL;
 +			disallow_empty = 1;
 +
 +			/* Second field cannot contain LWS or CTL */
 +			for (p = b, i = 0; i < len; p++, i++) {
 +				if (vct_islws(*p) || vct_isctl(*p))
 +					return (H2SE_PROTOCOL_ERROR);
 +			}
 		} else if (!strncmp(b, ":scheme: ", namelen)) {
 			/* XXX: What to do about this one? (typically
 			   "http" or "https"). For now set it as a normal
@@ -124,6 +145,15 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
 			b++;
 			len-=1;
 			n = hp->nhd;
 +
 +			for (p = b + namelen, i = 0; i < len-namelen;
 +			    p++, i++) {
 +				if (vct_issp(*p) || vct_isctl(*p))
 +					return (H2SE_PROTOCOL_ERROR);
 +			}
 +
 +			if (!i)
 +				return (H2SE_PROTOCOL_ERROR);
 		} else if (!strncmp(b, ":authority: ", namelen)) {
 			b+=6;
 			len-=6;
@@ -160,6 +190,13 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
 	hp->hd[n].b = b;
 	hp->hd[n].e = b + len;
 +	if (disallow_empty && !Tlen(hp->hd[n])) {
 +		VSLb(hp->vsl, SLT_BogoHeader,
 +		    "Empty pseudo-header %.*s",
 +		    (int)namelen, b0);
 +		return (H2SE_PROTOCOL_ERROR);
 +	}
 +
 	return (0);
 }
--- a/SOURCES/varnish-6.0.8.CVE-2022-23959.patch
+++ b/SOURCES/varnish-6.0.8.CVE-2022-23959.patch
@ -1,13 +0,0 @@
 diff --git a/bin/varnishd/cache/cache_req_body.c b/bin/varnishd/cache/cache_req_body.c
 index 463b75b..982bd73 100644
 --- a/bin/varnishd/cache/cache_req_body.c
 +++ b/bin/varnishd/cache/cache_req_body.c
@@ -254,6 +254,8 @@ VRB_Ignore(struct req *req)
 	if (req->req_body_status == REQ_BODY_WITH_LEN ||
 	    req->req_body_status == REQ_BODY_WITHOUT_LEN)
 		(void)VRB_Iterate(req, httpq_req_body_discard, NULL);
 +	if (req->req_body_status == REQ_BODY_FAIL)
 +		req->doclose = SC_RX_BODY;
 	return(0);
 }
--- a/ci.fmf
+++ b/ci.fmf
@ -0,0 +1 @@
 resultsdb-testcase: separate
--- a/gating.yaml
+++ b/gating.yaml
@ -0,0 +1,7 @@
 #gating rhel
 --- !Policy
 product_versions:
  - rhel-*
 decision_context: osci_compose_gate
 rules:
  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-internal.functional}
--- a/plans/tier1-internal.fmf
+++ b/plans/tier1-internal.fmf
@ -0,0 +1,10 @@
 summary: Internal Tier1 beakerlib tests
 discover:
    how: fmf
    url: https://gitlab.com/redhat/rhel/tests/varnish
    filter: "tier:1&component:varnish"
 execute:
    how: tmt
 adjust:
    enabled: false
    when: distro == centos-stream-10
--- a/rpminspect.yaml
+++ b/rpminspect.yaml
@ -0,0 +1,5 @@
 ---
 inspections:
  # varnish binaries & libraries are deliberately built unstripped
  # https://github.com/varnishcache/varnish-cache/issues/2269
  debuginfo: off
--- a/2
+++ b/2
@ -0,0 +1,2 @@
 SHA512 (varnish-7.4.2.tgz) = acd61a852ac7d66b268ab831d3a771d7a063a6a257b5e7c25c5a2ec9bccefa845279b9bd5fc85dd0b4f1d56da59164a13149355d1e6187e71ad76463687f7971
 SHA512 (pkg-varnish-cache-cfa8cb3.tar.gz) = 058e689186d1b01bb4a256ff3a5a373337e380a0a87128d4b2adbcff41210189e7f4b3d56e8451f06120449c04aaa4ddc61f934a1fda9c5336dfe2020c66a569
--- a/SOURCES/varnish-4.0.3_fix_varnish4_selinux.el6.patch
+++ b/SOURCES/varnish-4.0.3_fix_varnish4_selinux.el6.patch
--- a/varnish-4.1.0.fix_find-provides.patch
+++ b/varnish-4.1.0.fix_find-provides.patch
@ -0,0 +1,11 @@
 --- redhat/find-provides.orig	2015-10-04 16:55:34.057574682 +0200
 +++ redhat/find-provides	2015-10-04 16:56:04.120280796 +0200
@@ -9,8 +9,6 @@
     /usr/lib/rpm/find-provides "$@"
 fi
 -# We don't install vcs_version.h, so we can't use RPM_BUILD_ROOT directly.
 -cd /builddir/build/BUILD/varnish* || true
 cd ${RPM_BUILD_ROOT}/../../BUILD/varnish* || true
 printf '#include "vcs_version.h"\nVCS_Version\n' \
--- a/varnish-5.1.1.fix_ld_library_path_in_doc_build.patch
+++ b/varnish-5.1.1.fix_ld_library_path_in_doc_build.patch
@ -0,0 +1,41 @@
 --- doc/sphinx/Makefile.in.orig	2017-03-16 16:01:18.440999286 +0100
 +++ doc/sphinx/Makefile.in	2017-03-16 16:02:38.557728852 +0100
@@ -626,28 +626,38 @@
 # XXX add varnishstat here when it's been _opt2rst'ed
 include/varnishncsa_options.rst: $(top_builddir)/bin/varnishncsa/varnishncsa
 +	LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
 	$(top_builddir)/bin/varnishncsa/varnishncsa --options > $@
 include/varnishncsa_synopsis.rst: $(top_builddir)/bin/varnishncsa/varnishncsa
 +	LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
 	$(top_builddir)/bin/varnishncsa/varnishncsa --synopsis > $@
 include/varnishlog_options.rst: $(top_builddir)/bin/varnishlog/varnishlog
 +	LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
 	$(top_builddir)/bin/varnishlog/varnishlog --options > $@
 include/varnishlog_synopsis.rst: $(top_builddir)/bin/varnishlog/varnishlog
 +	LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
 	$(top_builddir)/bin/varnishlog/varnishlog --synopsis > $@
 include/varnishtop_options.rst: $(top_builddir)/bin/varnishtop/varnishtop
 +	LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
 	$(top_builddir)/bin/varnishtop/varnishtop --options > $@
 include/varnishtop_synopsis.rst: $(top_builddir)/bin/varnishtop/varnishtop
 +	LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
 	$(top_builddir)/bin/varnishtop/varnishtop --synopsis > $@
 include/varnishhist_options.rst: $(top_builddir)/bin/varnishhist/varnishhist
 +	LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
 	$(top_builddir)/bin/varnishhist/varnishhist --options > $@
 include/varnishhist_synopsis.rst: $(top_builddir)/bin/varnishhist/varnishhist
 +	LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
 	$(top_builddir)/bin/varnishhist/varnishhist --synopsis > $@
 include/varnishstat_options.rst: $(top_builddir)/bin/varnishstat/varnishstat
 +	LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
 	$(top_builddir)/bin/varnishstat/varnishstat --options > $@
 include/varnishstat_synopsis.rst: $(top_builddir)/bin/varnishstat/varnishstat
 +	LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
 	$(top_builddir)/bin/varnishstat/varnishstat --synopsis > $@
 include/vsl-tags.rst: $(top_builddir)/lib/libvarnishapi/vsl2rst
--- a/SOURCES/varnish-5.1.1.fix_python_version.patch
+++ b/SOURCES/varnish-5.1.1.fix_python_version.patch
--- a/varnish-5.2.1-python3.patch
+++ b/varnish-5.2.1-python3.patch
@ -0,0 +1,66 @@
 From 17c92e43fda114bf5341e51d752e882238b8fe8c Mon Sep 17 00:00:00 2001
 From: Nils Goroll <nils.goroll@uplex.de>
 Date: Thu, 5 Oct 2017 13:39:23 +0200
 Subject: [PATCH] hack up vsctool to work with python 2 and 3
 StringIO does not exist any more in python3, yet requiring 2.7 would
 not pave the path forward, so try to be compatible with both.
 Works for me on Python 2.7.9 and Python 3.4
 I would appreciate if someone more fluent in serpentinous programming
 language reviewed and/or rewrote this.
 ---
 lib/libvcc/vsctool.py | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)
 diff --git a/lib/libvcc/vsctool.py b/lib/libvcc/vsctool.py
 index 854968e3b..829c6e518 100644
 --- a/lib/libvcc/vsctool.py
 +++ b/lib/libvcc/vsctool.py
@@ -37,7 +37,10 @@
 import json
 import sys
 import gzip
 -import StringIO
 +try:
 +    import StringIO
 +except ImportError:
 +    import io
 import collections
 import struct
@@ -54,9 +57,22 @@
 	"format":	[ "integer", FORMATS],
 }
 +# http://python3porting.com/problems.html#bytes-strings-and-unicode
 +if sys.version_info < (3,):
 +    def b(x):
 +        return x
 +else:
 +    import codecs
 +    def b(x):
 +        return codecs.latin_1_encode(x)[0]
 +
 def gzip_str(s):
 -	out = StringIO.StringIO()
 -	gzip.GzipFile(fileobj=out, mode="w").write(s)
 +	try:
 +		out = StringIO.StringIO()
 +	except NameError:
 +		out = io.BytesIO()
 +
 +	gzip.GzipFile(fileobj=out, mode="w").write(b(s))
 	out.seek(4)
 	out.write(struct.pack("<L", 0x12bfd58))
 	return out.getvalue()
@@ -285,7 +301,7 @@ class rst_vsc(directive):
 	def __init__(self, s):
 		super(rst_vsc, self).__init__(s)
 -		for i,v in PARAMS.iteritems():
 +		for i,v in PARAMS.items():
 			if v is not True:
 				self.do_default(i, v[0], v[1])
--- a/SOURCES/varnish-6.0.0.fix_el6_fortify_source.patch
+++ b/SOURCES/varnish-6.0.0.fix_el6_fortify_source.patch
--- a/varnish-6.0.1_fix_bug2668.patch
+++ b/varnish-6.0.1_fix_bug2668.patch
@ -0,0 +1,96 @@
 Based on fix for upstream bug #2668, see
 https://github.com/varnishcache/varnish-cache/commit/9bdc5f75d661a1659c4df60799612a7524a6caa7
 diff -Naur ../varnish-6.0.1.orig/bin/varnishtest/gensequences ./bin/varnishtest/gensequences
 --- ../varnish-6.0.1.orig/bin/varnishtest/gensequences	2018-08-29 11:48:32.000000000 +0200
 +++ ./bin/varnishtest/gensequences	2018-09-27 12:18:20.946853383 +0200
@@ -149,6 +149,7 @@
 	if (l_prefix_name[p] != "teken_state_init") {
 		print "";
 +		print "\tt->t_last = 0;";
 		print "\tteken_state_switch(t, teken_state_init);";
 	}
 	print "}";
 diff -Naur ../varnish-6.0.1.orig/bin/varnishtest/sequences ./bin/varnishtest/sequences
 --- ../varnish-6.0.1.orig/bin/varnishtest/sequences	2018-08-29 11:48:32.000000000 +0200
 +++ ./bin/varnishtest/sequences	2018-09-27 12:18:50.193581932 +0200
@@ -113,3 +113,6 @@
 # VT52 compatibility
 #DECID	VT52 DECID				^[ Z
 +
 +# ECMA-48
 +REP	Repeat last graphic char		^[ [ b		n
 diff -Naur ../varnish-6.0.1.orig/bin/varnishtest/teken.h ./bin/varnishtest/teken.h
 --- ../varnish-6.0.1.orig/bin/varnishtest/teken.h	2018-08-29 11:48:32.000000000 +0200
 +++ ./bin/varnishtest/teken.h	2018-09-27 12:18:20.947853442 +0200
@@ -153,6 +153,7 @@
 	unsigned int	 t_utf8_left;
 	teken_char_t	 t_utf8_partial;
 +	teken_char_t	 t_last;
 	unsigned int	 t_curscs;
 	teken_scs_t	*t_saved_curscs;
 diff -Naur ../varnish-6.0.1.orig/bin/varnishtest/teken_subr.h ./bin/varnishtest/teken_subr.h
 --- ../varnish-6.0.1.orig/bin/varnishtest/teken_subr.h	2018-08-29 11:48:32.000000000 +0200
 +++ ./bin/varnishtest/teken_subr.h	2018-09-27 12:18:20.947853442 +0200
@@ -777,10 +777,11 @@
 }
 static void
 -teken_subr_do_putchar(const teken_t *t, const teken_pos_t *tp, teken_char_t c,
 +teken_subr_do_putchar(teken_t *t, const teken_pos_t *tp, teken_char_t c,
     int width)
 {
 +	t->t_last = c;
 	if (t->t_stateflags & TS_INSERT &&
 	    tp->tp_col < t->t_winsize.tp_col - width) {
 		teken_rect_t ctr;
@@ -1313,3 +1314,12 @@
 	t->t_stateflags &= ~TS_WRAPPED;
 	teken_funcs_cursor(t);
 }
 +
 +static void
 +teken_subr_repeat_last_graphic_char(teken_t *t, unsigned int rpts)
 +{
 +
 +	for (; t->t_last != 0 && rpts > 0; rpts--)
 +		teken_subr_regular_character(t, t->t_last);
 +}
 +
 diff -Naur ../varnish-6.0.1.orig/bin/varnishtest/tests/a00001.vtc ./bin/varnishtest/tests/a00001.vtc
 --- ../varnish-6.0.1.orig/bin/varnishtest/tests/a00001.vtc	2018-08-29 11:48:32.000000000 +0200
 +++ ./bin/varnishtest/tests/a00001.vtc	2018-09-27 12:18:20.948853501 +0200
@@ -204,6 +204,27 @@
 process p4 -expect-text 21 11 "Enter choice number (0 - 12):"
 process p4 -screen_dump
 +# 11. Test non-VT100 (e.g., VT220, XTERM) terminals
 +process p4 -writehex "31 31 0d"
 +process p4 -expect-text 0 0 "Menu 11: Non-VT100 Tests"
 +
 +process p4 -writehex "37 0d"
 +process p4 -expect-text 0 0 "Menu 11.7: Miscellaneous ISO-6429 (ECMA-48) Tests"
 +
 +process p4 -writehex "32 0d"
 +process p4 -expect-text 0 0 "Push <RETURN>"
 +process p4 -screen_dump
 +process p4 -expect-text 20 1 "Test Repeat (REP)"
 +process p4 -expect-text 1 1 " ++ "
 +process p4 -expect-text 2 2 " ++ "
 +process p4 -expect-text 17 17 " ++ "
 +process p4 -expect-text 18 18 "*++*"
 +process p4 -writehex "0d"
 +process p4 -expect-text 0 0 "Menu 11.7: Miscellaneous ISO-6429 (ECMA-48) Tests"
 +process p4 -writehex "30 0d"
 +process p4 -expect-text 0 0 "Menu 11: Non-VT100 Tests"
 +process p4 -writehex "30 0d"
 +
 # 0. Exit
 process p4 -writehex "30 0d"
 process p4 -expect-text 12 30 "That's all, folks!"
--- a/varnish-6.1.0_fix_ld_library_path_in_doc_build.patch
+++ b/varnish-6.1.0_fix_ld_library_path_in_doc_build.patch
@ -0,0 +1,53 @@
 --- doc/sphinx/Makefile.in.orig	2018-11-02 14:53:14.812956915 +0100
 +++ doc/sphinx/Makefile.in	2018-11-02 14:54:31.575517733 +0100
@@ -642,9 +642,11 @@
 	rm -rf $(BUILDDIR)
 include/cli.rst: $(top_builddir)/bin/varnishd/varnishd
 +	LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
 	$(top_builddir)/bin/varnishd/varnishd -x cli > $@
 include/params.rst: $(top_builddir)/bin/varnishd/varnishd
 +	LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
 	$(top_builddir)/bin/varnishd/varnishd -x parameter > $@
 include/counters.rst: $(top_srcdir)/lib/libvcc/vsctool.py $(COUNTERS)
@@ -656,28 +658,38 @@
 # XXX add varnishstat here when it's been _opt2rst'ed
 include/varnishncsa_options.rst: $(top_builddir)/bin/varnishncsa/varnishncsa
 +	LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
 	$(top_builddir)/bin/varnishncsa/varnishncsa --options > $@
 include/varnishncsa_synopsis.rst: $(top_builddir)/bin/varnishncsa/varnishncsa
 +	LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
 	$(top_builddir)/bin/varnishncsa/varnishncsa --synopsis > $@
 include/varnishlog_options.rst: $(top_builddir)/bin/varnishlog/varnishlog
 +	LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
 	$(top_builddir)/bin/varnishlog/varnishlog --options > $@
 include/varnishlog_synopsis.rst: $(top_builddir)/bin/varnishlog/varnishlog
 +	LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
 	$(top_builddir)/bin/varnishlog/varnishlog --synopsis > $@
 include/varnishtop_options.rst: $(top_builddir)/bin/varnishtop/varnishtop
 +	LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
 	$(top_builddir)/bin/varnishtop/varnishtop --options > $@
 include/varnishtop_synopsis.rst: $(top_builddir)/bin/varnishtop/varnishtop
 +	LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
 	$(top_builddir)/bin/varnishtop/varnishtop --synopsis > $@
 include/varnishhist_options.rst: $(top_builddir)/bin/varnishhist/varnishhist
 +	LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
 	$(top_builddir)/bin/varnishhist/varnishhist --options > $@
 include/varnishhist_synopsis.rst: $(top_builddir)/bin/varnishhist/varnishhist
 +	LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
 	$(top_builddir)/bin/varnishhist/varnishhist --synopsis > $@
 include/varnishstat_options.rst: $(top_builddir)/bin/varnishstat/varnishstat
 +	LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
 	$(top_builddir)/bin/varnishstat/varnishstat --options > $@
 include/varnishstat_synopsis.rst: $(top_builddir)/bin/varnishstat/varnishstat
 +	LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
 	$(top_builddir)/bin/varnishstat/varnishstat --synopsis > $@
 include/vsl-tags.rst: $(top_builddir)/lib/libvarnishapi/vsl2rst
--- a/varnish-6.1.0_fix_testu00008.patch
+++ b/varnish-6.1.0_fix_testu00008.patch
@ -0,0 +1,13 @@
 --- bin/varnishtest/tests/u00008.vtc.orig	2018-11-02 16:06:40.731680282 +0100
 +++ bin/varnishtest/tests/u00008.vtc	2018-11-02 16:07:21.587092836 +0100
@@ -38,8 +38,8 @@
 process p1 -screen_dump
 process p1 -winsz 25 132
 -process p1 -expect-text 4 124 "AVG_1000"
 -process p1 -expect-text 22 108 "UNSEEN  DIAG"
 +process p1 -expect-text 4 0 "AVG_1000"
 +process p1 -expect-text 22 0 "UNSEEN  DIAG"
 process p1 -screen_dump -write {q} -wait
--- a/varnish-6.1.1_fix_issue_2912.patch
+++ b/varnish-6.1.1_fix_issue_2912.patch
@ -0,0 +1,115 @@
 This patch is a fix for memory issues with
 pcre-jit, see upstream bug report at
 https://github.com/varnishcache/varnish-cache/issues/2817
 The patch is based on upstream commits
 a3129a5340566d17192de8058a9c1dbb051a7039
 683b7cbe8cde1dde8f9e516a354b82430f1d318e
 1226e77f9501c56976635c714c99d84f417aa5d2
 diff -Naur a/bin/varnishd/cache/cache_panic.c b/bin/varnishd/cache/cache_panic.c
 --- a/bin/varnishd/cache/cache_panic.c	2018-10-24 11:29:10.000000000 +0200
 +++ b/bin/varnishd/cache/cache_panic.c	2019-03-07 16:27:16.592441674 +0100
@@ -601,6 +601,33 @@
 	VSB_indent(vsb, -2);
 }
 +#ifdef HAVE_PTHREAD_GETATTR_NP
 +static void
 +pan_threadattr(struct vsb *vsb)
 +{
 +	pthread_attr_t attr[1];
 +	size_t sz;
 +	void *addr;
 +
 +	if (pthread_getattr_np(pthread_self(), attr) != 0)
 +		return;
 +
 +	VSB_cat(vsb, "pthread.attr = {\n");
 +	VSB_indent(vsb, 2);
 +
 +	if (pthread_attr_getguardsize(attr, &sz) == 0)
 +		VSB_printf(vsb, "guard = %zu,\n", sz);
 +	if (pthread_attr_getstack(attr, &addr, &sz) == 0) {
 +		VSB_printf(vsb, "stack_bottom = %p,\n", addr);
 +		VSB_printf(vsb, "stack_top = %p,\n", (char *)addr + sz);
 +		VSB_printf(vsb, "stack_size = %zu,\n", sz);
 +	}
 +	VSB_indent(vsb, -2);
 +	VSB_cat(vsb, "}\n");
 +	(void) pthread_attr_destroy(attr);
 +}
 +#endif
 +
 /*--------------------------------------------------------------------*/
 static void __attribute__((__noreturn__))
@@ -673,6 +700,10 @@
 	if (q != NULL)
 		VSB_printf(pan_vsb, "thread = (%s)\n", q);
 +#ifdef HAVE_PTHREAD_GETATTR_NP
 +	pan_threadattr(pan_vsb);
 +#endif
 +
 	if (!FEATURE(FEATURE_SHORT_PANIC)) {
 		req = THR_GetRequest();
 		VSB_cat(pan_vsb, "thr.");
 diff -Naur a/bin/varnishd/mgt/mgt_param.c b/bin/varnishd/mgt/mgt_param.c
 --- a/bin/varnishd/mgt/mgt_param.c	2018-10-24 11:29:10.000000000 +0200
 +++ b/bin/varnishd/mgt/mgt_param.c	2019-03-07 16:27:16.594441699 +0100
@@ -494,6 +494,8 @@
 	MCF_TcpParams();
 +	def = 56 * 1024;
 +
 	if (sizeof(void *) < 8) {		/*lint !e506 !e774  */
 		/*
 		 * Adjust default parameters for 32 bit systems to conserve
@@ -505,20 +507,16 @@
 		MCF_ParamConf(MCF_DEFAULT, "http_req_size", "12k");
 		MCF_ParamConf(MCF_DEFAULT, "gzip_buffer", "4k");
 		MCF_ParamConf(MCF_MAXIMUM, "vsl_space", "1G");
 +		def = 48 * 1024;
 	}
 -#if !defined(HAVE_ACCEPT_FILTERS) || defined(__linux)
 -	MCF_ParamConf(MCF_DEFAULT, "accept_filter", "off");
 -#endif
 -
 	low = sysconf(_SC_THREAD_STACK_MIN);
 	MCF_ParamConf(MCF_MINIMUM, "thread_pool_stack", "%jdb", (intmax_t)low);
 #if defined(__SANITIZER) || __has_feature(address_sanitizer)
 	def = 92 * 1024;
 -#else
 -	def = 48 * 1024;
 #endif
 +
 	if (def < low)
 		def = low;
 	MCF_ParamConf(MCF_DEFAULT, "thread_pool_stack", "%jdb", (intmax_t)def);
@@ -529,6 +527,10 @@
 	MCF_ParamConf(MCF_MAXIMUM, "thread_pools", "%d", MAX_THREAD_POOLS);
 +#if !defined(HAVE_ACCEPT_FILTERS) || defined(__linux)
 +	MCF_ParamConf(MCF_DEFAULT, "accept_filter", "off");
 +#endif
 +
 	VCLS_AddFunc(mgt_cls, MCF_AUTH, cli_params);
 	vsb = VSB_new_auto();
 diff -Naur a/configure.ac b/configure.ac
 --- a/configure.ac	2018-10-26 13:22:45.000000000 +0200
 +++ b/configure.ac	2019-03-07 16:27:16.592441674 +0100
@@ -239,6 +239,7 @@
 AC_CHECK_FUNCS([pthread_set_name_np])
 AC_CHECK_FUNCS([pthread_setname_np])
 AC_CHECK_FUNCS([pthread_mutex_isowned_np])
 +AC_CHECK_FUNCS([pthread_getattr_np])
 LIBS="${save_LIBS}"
 # Support for visibility attribute
--- a/SOURCES/varnish-5.1.1.fix_ld_library_path_in_doc_build.patch
+++ b/SOURCES/varnish-5.1.1.fix_ld_library_path_in_doc_build.patch
@ -1,8 +1,19 @@
-diff --git a/doc/sphinx/Makefile.in b/doc/sphinx/Makefile.in
+--- doc/sphinx/Makefile.in.orig	2018-11-06 16:46:59.403632379 +0100
-index 0819064..11e4ba2 100644
+++ doc/sphinx/Makefile.in	2018-11-06 16:48:28.011784013 +0100
--- a/doc/sphinx/Makefile.in
+@@ -643,10 +643,12 @@
-+++ b/doc/sphinx/Makefile.in
+ 	rm -rf $(BUILDDIR)
-@@ -659,37 +659,47 @@ include/counters.rst: $(top_srcdir)/lib/libvcc/vsctool.py $(COUNTERS)
+ 
 include/cli.rst: $(top_builddir)/bin/varnishd/varnishd
 +	LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
 	$(top_builddir)/bin/varnishd/varnishd -x cli > ${@}_
 	mv ${@}_ ${@}
 include/params.rst: $(top_builddir)/bin/varnishd/varnishd
 +	LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
 	$(top_builddir)/bin/varnishd/varnishd -x parameter > ${@}_
 	mv ${@}_ ${@}
@@ -660,41 +662,52 @@
 # XXX add varnishstat here when it's been _opt2rst'ed
 include/varnishncsa_options.rst: $(top_builddir)/bin/varnishncsa/varnishncsa
@ -50,3 +61,8 @@ index 0819064..11e4ba2 100644
 	$(top_builddir)/bin/varnishstat/varnishstat --synopsis > ${@}_
 	mv ${@}_ ${@}
 include/vsl-tags.rst: $(top_builddir)/lib/libvarnishapi/vsl2rst
 +	LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
 	$(top_builddir)/lib/libvarnishapi/vsl2rst > ${@}_
 	mv ${@}_ ${@}
 include/vtc-syntax.rst: vtc-syntax.py $(VTCSYN_SRC)
--- a/varnish-6.1.1_fix_upstrbug_2879.patch
+++ b/varnish-6.1.1_fix_upstrbug_2879.patch
@ -0,0 +1,39 @@
 commit 7119d790b590e7fb560ad602cedfda5185c7e841
 Author: Poul-Henning Kamp <phk@FreeBSD.org>
 Date:   Fri Jan 11 10:26:44 2019 +0000
    Avoid printing %s,NULL in case of errors we do not expect.
    Fixes #2879
 diff --git a/lib/libvarnish/vnum.c b/lib/libvarnish/vnum.c
 index b619199c6..59e804ec8 100644
 --- a/lib/libvarnish/vnum.c
 +++ b/lib/libvarnish/vnum.c
@@ -349,15 +349,17 @@ main(int argc, char *argv[])
 	for (tc = test_cases; tc->str; ++tc) {
 		e = VNUM_2bytes(tc->str, &val, tc->rel);
 -		if (e != tc->err) {
 -			printf("%s: VNUM_2bytes(\"%s\", %ju) (%s) != (%s)\n",
 -			    *argv, tc->str, tc->rel, tc->err, e);
 -			++ec;
 -		} else if (e == NULL && val != tc->val) {
 -			printf("%s: VNUM_2bytes(\"%s\", %ju) %ju != %ju (%s)\n",
 -			    *argv, tc->str, tc->rel, val, tc->val, e);
 -			++ec;
 -		}
 +		if (e != NULL)
 +			val = 0;
 +		if (e == tc->err && val == tc->val)
 +			continue;
 +		++ec;
 +		printf("%s: VNUM_2bytes(\"%s\", %ju)\n",
 +		   *argv, tc->str, tc->rel);
 +		printf("\tExpected:\tstatus %s - value %ju\n",
 +		    tc->err ? tc->err : "Success", tc->val);
 +		printf("\tGot:\t\tstatus %s - value %ju\n",
 +		    e ? e : "Success", val);
 	}
 	if (!isnan(VNUM_duration(NULL))) {
 		printf("%s: VNUM_Duration(NULL) fail\n", *argv);
--- a/varnish-6.2.0_el6_fix_warning_from_old_gcc.patch
+++ b/varnish-6.2.0_el6_fix_warning_from_old_gcc.patch
@ -0,0 +1,73 @@
 --- bin/varnishtest/vtc_main.c.orig	2019-03-15 12:31:56.999877378 +0100
 +++ bin/varnishtest/vtc_main.c	2019-03-15 12:33:07.679889311 +0100
@@ -228,7 +228,7 @@
 	assert(cleaner_pid >= 0);
 	if (cleaner_pid == 0) {
 		closefd(&p[1]);
 -		(void)nice(1);		/* Not important */
 +		if (nice(1)) 1;		/* Not important */
 		setbuf(stdin, NULL);
 		AZ(dup2(p[0], STDIN_FILENO));
 		while (fgets(buf, sizeof buf, stdin)) {
 --- lib/libvarnishapi/vsm.c.orig	2019-03-18 13:24:01.377237092 +0100
 +++ lib/libvarnishapi/vsm.c	2019-03-18 13:24:42.765783845 +0100
@@ -682,18 +682,18 @@
 		VSM_ResetError(vd);
 		if (u & VSM_MGT_RUNNING) {
 			if (progress >= 0 && n > 4)
 -				(void)write(progress, "\n", 1);
 +				if (write(progress, "\n", 1)) 1;
 			vd->attached = 1;
 			return (0);
 		}
 		if (t0 < VTIM_mono()) {
 			if (progress >= 0 && n > 4)
 -				(void)write(progress, "\n", 1);
 +				if (write(progress, "\n", 1)) 1;
 			return (vsm_diag(vd,
 			    "Could not get hold of varnishd, is it running?"));
 		}
 		if (progress >= 0 && !(++n % 4))
 -			(void)write(progress, ".", 1);
 +			if (write(progress, ".", 1)) 1;
 		VTIM_sleep(.25);
 	}
 	return (vsm_diag(vd, "Attach interrupted"));
 --- bin/varnishd/http1/cache_http1_deliver.c.orig	2019-03-18 13:30:43.262546105 +0100
 +++ bin/varnishd/http1/cache_http1_deliver.c	2019-03-18 14:12:48.980850397 +0100
@@ -74,7 +74,7 @@
 	VSLb(req->vsl, SLT_RespReason, "Internal Server Error");
 	req->wrk->stats->client_resp_500++;
 -	(void)write(req->sp->fd, r_500, sizeof r_500 - 1);
 +	if (write(req->sp->fd, r_500, sizeof r_500 - 1)) 0;
 	req->doclose = SC_TX_EOF;
 }
 --- ./bin/varnishd/mgt/mgt_param.c.orig	2019-03-18 14:48:56.084720420 +0100
 +++ ./bin/varnishd/mgt/mgt_param.c	2019-03-18 14:51:25.867836687 +0100
@@ -802,11 +802,11 @@
 				t2 = strchr(t1 + 1, '\t');
 				AN(t2);
 				printf("\n\t*");
 -				(void)fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout);
 +				if (fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout)) 1;
 				printf("*\n\t\t");
 				p = t2 + 1;
 			}
 -			(void)fwrite(p, q - p, 1, stdout);
 +			if (fwrite(p, q - p, 1, stdout)) 1;
 			p = q;
 			if (*p == '\n') {
 				printf("\n");
 --- ./bin/varnishd/proxy/cache_proxy_proto.c.orig	2019-03-18 14:54:18.257283901 +0100
 +++ ./bin/varnishd/proxy/cache_proxy_proto.c	2019-03-18 14:54:47.119693630 +0100
@@ -669,7 +669,7 @@
 		WRONG("Wrong proxy version");
 	AZ(VSB_finish(vsb));
 -	(void)write(fd, VSB_data(vsb), VSB_len(vsb));
 +	if (write(fd, VSB_data(vsb), VSB_len(vsb))) 1;
 	if (!DO_DEBUG(DBG_PROTOCOL)) {
 		VSB_delete(vsb);
 		return;
--- a/varnish-6.2.0_fix_ppc64_for_test_c00057.patch
+++ b/varnish-6.2.0_fix_ppc64_for_test_c00057.patch
@ -0,0 +1,40 @@
 commit 88948d982bcd165e05967d2a9c8684eb9f9cbd01
 Author: Nils Goroll <nils.goroll@uplex.de>
 Date:   Wed Mar 20 11:24:33 2019 +0100
    Change the stack overflow test to 128kb stacksize
    on ppc64 fedora, the thread_pool_stack minimum is 128kb due to
    sysconf(_SC_THREAD_STACK_MIN) = 131072
    It does not harm the test to use a larger stacksize, so we adjust it to
    this requirement for consistency and simplicity
 diff --git a/bin/varnishtest/tests/c00057.vtc b/bin/varnishtest/tests/c00057.vtc
 index 5118c79a0..be6569d24 100644
 --- a/bin/varnishtest/tests/c00057.vtc
 +++ b/bin/varnishtest/tests/c00057.vtc
@@ -12,7 +12,7 @@ server s1 {
 varnish v1 \
 	-arg "-p feature=+no_coredump" \
 	-arg "-p vcc_allow_inline_c=true" \
 -	-arg "-p thread_pool_stack=48k" \
 +	-arg "-p thread_pool_stack=128k" \
 	-vcl+backend {
 	C{
 #include <signal.h>
@@ -27,11 +27,12 @@ void (*accessor)(volatile char *p) = _accessor;
 }C
 	sub vcl_recv { C{
 +	    const int stkkb = 128;
 	    int i;
 -	    volatile char overflow[48*1024];
 +	    volatile char overflow[stkkb * 1024];
 	    /* for downwards stack, take care to hit a single guard page */
 -	    for (i = 47*1024; i >= 0; i -= 1024)
 +	    for (i = (stkkb - 1) * 1024; i >= 0; i -= 1024)
 		accessor(overflow + i);
 	    /* NOTREACHED */
 	    sleep(2);
--- a/varnish-6.3.0_el6_fix_warning_from_old_gcc.patch
+++ b/varnish-6.3.0_el6_fix_warning_from_old_gcc.patch
@ -0,0 +1,79 @@
 diff -Naur varnish-6.3.0.orig/bin/varnishd/http1/cache_http1_deliver.c varnish-6.3.0/bin/varnishd/http1/cache_http1_deliver.c
 --- varnish-6.3.0.orig/bin/varnishd/http1/cache_http1_deliver.c	2019-09-16 10:24:15.000000000 +0200
 +++ varnish-6.3.0/bin/varnishd/http1/cache_http1_deliver.c	2019-09-20 08:59:52.609482627 +0200
@@ -74,7 +74,7 @@
 	VSLb(req->vsl, SLT_RespReason, "Internal Server Error");
 	req->wrk->stats->client_resp_500++;
 -	(void)write(req->sp->fd, r_500, sizeof r_500 - 1);
 +	if (write(req->sp->fd, r_500, sizeof r_500 - 1)) 0;
 	req->doclose = SC_TX_EOF;
 }
 diff -Naur varnish-6.3.0.orig/bin/varnishd/mgt/mgt_param.c varnish-6.3.0/bin/varnishd/mgt/mgt_param.c
 --- varnish-6.3.0.orig/bin/varnishd/mgt/mgt_param.c	2019-09-16 10:24:15.000000000 +0200
 +++ varnish-6.3.0/bin/varnishd/mgt/mgt_param.c	2019-09-20 09:01:38.866609297 +0200
@@ -805,11 +805,11 @@
 				t2 = strchr(t1 + 1, '\t');
 				AN(t2);
 				printf("\n\t*");
 -				(void)fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout);
 +				if (fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout)) 1;
 				printf("*\n\t\t");
 				p = t2 + 1;
 			}
 -			(void)fwrite(p, q - p, 1, stdout);
 +			if(fwrite(p, q - p, 1, stdout)) 1;
 			p = q;
 			if (*p == '\n') {
 				printf("\n");
 diff -Naur varnish-6.3.0.orig/bin/varnishd/proxy/cache_proxy_proto.c varnish-6.3.0/bin/varnishd/proxy/cache_proxy_proto.c
 --- varnish-6.3.0.orig/bin/varnishd/proxy/cache_proxy_proto.c	2019-09-16 10:24:15.000000000 +0200
 +++ varnish-6.3.0/bin/varnishd/proxy/cache_proxy_proto.c	2019-09-20 09:02:55.762424644 +0200
@@ -645,7 +645,7 @@
 		WRONG("Wrong proxy version");
 	AZ(VSB_finish(vsb));
 -	(void)VSB_tofile(fd, vsb);	// XXX: Error handling ?
 +	if (VSB_tofile(fd, vsb)) 1;	// XXX: Error handling ?
 	if (!DO_DEBUG(DBG_PROTOCOL)) {
 		VSB_delete(vsb);
 		return;
 diff -Naur varnish-6.3.0.orig/bin/varnishtest/vtc_main.c varnish-6.3.0/bin/varnishtest/vtc_main.c
 --- varnish-6.3.0.orig/bin/varnishtest/vtc_main.c	2019-09-16 10:24:15.000000000 +0200
 +++ varnish-6.3.0/bin/varnishtest/vtc_main.c	2019-09-20 08:56:45.639506046 +0200
@@ -230,7 +230,7 @@
 	assert(cleaner_pid >= 0);
 	if (cleaner_pid == 0) {
 		closefd(&p[1]);
 -		(void)nice(1);		/* Not important */
 +		if (nice(1)) 1;
 		setbuf(stdin, NULL);
 		AZ(dup2(p[0], STDIN_FILENO));
 		while (fgets(buf, sizeof buf, stdin)) {
 diff -Naur varnish-6.3.0.orig/lib/libvarnishapi/vsm.c varnish-6.3.0/lib/libvarnishapi/vsm.c
 --- varnish-6.3.0.orig/lib/libvarnishapi/vsm.c	2019-09-16 10:24:19.000000000 +0200
 +++ varnish-6.3.0/lib/libvarnishapi/vsm.c	2019-09-20 10:36:02.434763755 +0200
@@ -763,18 +763,18 @@
 		VSM_ResetError(vd);
 		if (u & VSM_MGT_RUNNING) {
 			if (progress >= 0 && n > 4)
 -				(void)write(progress, "\n", 1);
 +			  if (!write(progress, "\n", 1)) return (vsm_diag(vd, "Unable to write progress"));
 			vd->attached = 1;
 			return (0);
 		}
 		if (t0 < VTIM_mono()) {
 			if (progress >= 0 && n > 4)
 -				(void)write(progress, "\n", 1);
 +				if (!write(progress, "\n", 1)) return (vsm_diag(vd, "Unable to write progress"));
 			return (vsm_diag(vd,
 			    "Could not get hold of varnishd, is it running?"));
 		}
 		if (progress >= 0 && !(++n % 4))
 -			(void)write(progress, ".", 1);
 +			if (!write(progress, ".", 1)) return (vsm_diag(vd, "Unable to write progress"));
 		VTIM_sleep(.25);
 	}
 	return (vsm_diag(vd, "Attach interrupted"));
--- a/varnish-6.3.2_fix_s390x.patch
+++ b/varnish-6.3.2_fix_s390x.patch
@ -0,0 +1,19 @@
 commit b0af060fb688b8fc2ff3817ea99430432668b291
 Author: Ingvar Hagelund <ingvar@redpill-linpro.com>
 Date:   Tue Feb 11 12:56:54 2020 +0100
    simple fix for fedora/gcc-10.0.1: -Werror=format-overflow, by some reason hit on s390x
 diff --git a/bin/varnishtest/vtc_varnish.c b/bin/varnishtest/vtc_varnish.c
 index 1ec748cb6..09e49d258 100644
 --- a/bin/varnishtest/vtc_varnish.c
 +++ b/bin/varnishtest/vtc_varnish.c
@@ -121,7 +121,7 @@ varnish_ask_cli(const struct varnish *v, const char *cmd, char **repl)
 	i = VCLI_ReadResult(v->cli_fd, &retval, &r, vtc_maxdur);
 	if (i != 0 && !vtc_stop)
 		vtc_fatal(v->vl, "CLI failed (%s) = %d %u %s",
 -		    cmd, i, retval, r);
 +		    cmd != NULL ? cmd : "NULL", i, retval, r);
 	vtc_log(v->vl, 3, "CLI RX  %u", retval);
 	vtc_dump(v->vl, 4, "CLI RX", r, -1);
 	if (repl != NULL)
--- a/varnish-6.4.0_el6_fix_warning_from_old_gcc.patch
+++ b/varnish-6.4.0_el6_fix_warning_from_old_gcc.patch
@ -0,0 +1,67 @@
 diff -Naur varnish-6.3.0.orig/bin/varnishd/http1/cache_http1_deliver.c varnish-6.3.0/bin/varnishd/http1/cache_http1_deliver.c
 --- varnish-6.3.0.orig/bin/varnishd/http1/cache_http1_deliver.c	2019-09-16 10:24:15.000000000 +0200
 +++ varnish-6.3.0/bin/varnishd/http1/cache_http1_deliver.c	2019-09-20 08:59:52.609482627 +0200
@@ -74,7 +74,7 @@
 	VSLb(req->vsl, SLT_RespReason, "Internal Server Error");
 	req->wrk->stats->client_resp_500++;
 -	(void)write(req->sp->fd, r_500, sizeof r_500 - 1);
 +	if (write(req->sp->fd, r_500, sizeof r_500 - 1)) 0;
 	req->doclose = SC_TX_EOF;
 }
 diff -Naur varnish-6.3.0.orig/bin/varnishd/mgt/mgt_param.c varnish-6.3.0/bin/varnishd/mgt/mgt_param.c
 --- varnish-6.3.0.orig/bin/varnishd/mgt/mgt_param.c	2019-09-16 10:24:15.000000000 +0200
 +++ varnish-6.3.0/bin/varnishd/mgt/mgt_param.c	2019-09-20 09:01:38.866609297 +0200
@@ -805,11 +805,11 @@
 				t2 = strchr(t1 + 1, '\t');
 				AN(t2);
 				printf("\n\t*");
 -				(void)fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout);
 +				if (fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout)) 1;
 				printf("*\n\t\t");
 				p = t2 + 1;
 			}
 -			(void)fwrite(p, q - p, 1, stdout);
 +			if(fwrite(p, q - p, 1, stdout)) 1;
 			p = q;
 			if (*p == '\n') {
 				printf("\n");
 diff -Naur varnish-6.3.0.orig/bin/varnishtest/vtc_main.c varnish-6.3.0/bin/varnishtest/vtc_main.c
 --- varnish-6.3.0.orig/bin/varnishtest/vtc_main.c	2019-09-16 10:24:15.000000000 +0200
 +++ varnish-6.3.0/bin/varnishtest/vtc_main.c	2019-09-20 08:56:45.639506046 +0200
@@ -230,7 +230,7 @@
 	assert(cleaner_pid >= 0);
 	if (cleaner_pid == 0) {
 		closefd(&p[1]);
 -		(void)nice(1);		/* Not important */
 +		if (nice(1)) 1;
 		setbuf(stdin, NULL);
 		AZ(dup2(p[0], STDIN_FILENO));
 		while (fgets(buf, sizeof buf, stdin)) {
 diff -Naur varnish-6.3.0.orig/lib/libvarnishapi/vsm.c varnish-6.3.0/lib/libvarnishapi/vsm.c
 --- varnish-6.3.0.orig/lib/libvarnishapi/vsm.c	2019-09-16 10:24:19.000000000 +0200
 +++ varnish-6.3.0/lib/libvarnishapi/vsm.c	2019-09-20 10:36:02.434763755 +0200
@@ -763,18 +763,18 @@
 		VSM_ResetError(vd);
 		if (u & VSM_MGT_RUNNING) {
 			if (progress >= 0 && n > 4)
 -				(void)write(progress, "\n", 1);
 +			  if (!write(progress, "\n", 1)) return (vsm_diag(vd, "Unable to write progress"));
 			vd->attached = 1;
 			return (0);
 		}
 		if (t0 < VTIM_mono()) {
 			if (progress >= 0 && n > 4)
 -				(void)write(progress, "\n", 1);
 +				if (!write(progress, "\n", 1)) return (vsm_diag(vd, "Unable to write progress"));
 			return (vsm_diag(vd,
 			    "Could not get hold of varnishd, is it running?"));
 		}
 		if (progress >= 0 && !(++n % 4))
 -			(void)write(progress, ".", 1);
 +			if (!write(progress, ".", 1)) return (vsm_diag(vd, "Unable to write progress"));
 		VTIM_sleep(.25);
 	}
 	return (vsm_diag(vd, "Attach interrupted"));
--- a/varnish-6.5.0_el6_fix_warning_from_old_gcc.patch
+++ b/varnish-6.5.0_el6_fix_warning_from_old_gcc.patch
@ -0,0 +1,78 @@
 diff -Naur ../varnish-6.5.0.orig/bin/varnishd/http1/cache_http1_deliver.c ./bin/varnishd/http1/cache_http1_deliver.c
 --- ../varnish-6.5.0.orig/bin/varnishd/http1/cache_http1_deliver.c	2020-09-15 17:06:03.000000000 +0200
 +++ ./bin/varnishd/http1/cache_http1_deliver.c	2020-09-16 11:45:28.663086943 +0200
@@ -76,7 +76,7 @@
 	VSLb(req->vsl, SLT_RespReason, "Internal Server Error");
 	req->wrk->stats->client_resp_500++;
 -	(void)write(req->sp->fd, r_500, sizeof r_500 - 1);
 +	if (write(req->sp->fd, r_500, sizeof r_500 - 1)) 0;
 	req->doclose = SC_TX_EOF;
 }
 diff -Naur ../varnish-6.5.0.orig/bin/varnishd/mgt/mgt_main.c ./bin/varnishd/mgt/mgt_main.c
 --- ../varnish-6.5.0.orig/bin/varnishd/mgt/mgt_main.c	2020-09-15 17:06:03.000000000 +0200
 +++ ./bin/varnishd/mgt/mgt_main.c	2020-09-16 11:46:21.323667133 +0200
@@ -252,7 +252,7 @@
 		return;
 	VJ_rmdir("vmod_cache");
 	VJ_unlink("_.pid");
 -	(void)chdir("/");
 +	if (chdir("/")) 0;
 	VJ_rmdir(workdir);
 }
 diff -Naur ../varnish-6.5.0.orig/bin/varnishd/mgt/mgt_param.c ./bin/varnishd/mgt/mgt_param.c
 --- ../varnish-6.5.0.orig/bin/varnishd/mgt/mgt_param.c	2020-09-15 17:06:03.000000000 +0200
 +++ ./bin/varnishd/mgt/mgt_param.c	2020-09-16 11:45:28.771086082 +0200
@@ -829,11 +829,11 @@
 				t2 = strchr(t1 + 1, '\t');
 				AN(t2);
 				printf("\n\t*");
 -				(void)fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout);
 +				if (fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout)) 1;
 				printf("*\n\t\t");
 				p = t2 + 1;
 			}
 -			(void)fwrite(p, q - p, 1, stdout);
 +			if(fwrite(p, q - p, 1, stdout)) 1;
 			p = q;
 			if (*p == '\n') {
 				printf("\n");
 diff -Naur ../varnish-6.5.0.orig/bin/varnishtest/vtc_main.c ./bin/varnishtest/vtc_main.c
 --- ../varnish-6.5.0.orig/bin/varnishtest/vtc_main.c	2020-09-15 17:06:03.000000000 +0200
 +++ ./bin/varnishtest/vtc_main.c	2020-09-16 11:45:28.771086082 +0200
@@ -233,7 +233,7 @@
 	assert(cleaner_pid >= 0);
 	if (cleaner_pid == 0) {
 		closefd(&p[1]);
 -		(void)nice(1);		/* Not important */
 +		if (nice(1)) 1;
 		setbuf(stdin, NULL);
 		AZ(dup2(p[0], STDIN_FILENO));
 		while (fgets(buf, sizeof buf, stdin)) {
 diff -Naur ../varnish-6.5.0.orig/lib/libvarnishapi/vsm.c ./lib/libvarnishapi/vsm.c
 --- ../varnish-6.5.0.orig/lib/libvarnishapi/vsm.c	2020-09-15 17:06:03.000000000 +0200
 +++ ./lib/libvarnishapi/vsm.c	2020-09-16 11:45:28.772086074 +0200
@@ -764,18 +764,18 @@
 		VSM_ResetError(vd);
 		if (u & VSM_MGT_RUNNING) {
 			if (progress >= 0 && n > 4)
 -				(void)write(progress, "\n", 1);
 +			  if (!write(progress, "\n", 1)) return (vsm_diag(vd, "Unable to write progress"));
 			vd->attached = 1;
 			return (0);
 		}
 		if (t0 < VTIM_mono()) {
 			if (progress >= 0 && n > 4)
 -				(void)write(progress, "\n", 1);
 +				if (!write(progress, "\n", 1)) return (vsm_diag(vd, "Unable to write progress"));
 			return (vsm_diag(vd,
 			    "Could not get hold of varnishd, is it running?"));
 		}
 		if (progress >= 0 && !(++n % 4))
 -			(void)write(progress, ".", 1);
 +			if (!write(progress, ".", 1)) return (vsm_diag(vd, "Unable to write progress"));
 		VTIM_sleep(.25);
 	}
 	return (vsm_diag(vd, "Attach interrupted"));
--- a/varnish.params
+++ b/varnish.params
@ -0,0 +1,40 @@
 # Varnish environment configuration description. This was derived from
 # the old style sysconfig/defaults settings
 # Set this to 1 to make systemd reload try to switch vcl without restart. 
 RELOAD_VCL=1
 # Main configuration file. You probably want to change it.
 VARNISH_VCL_CONF=/etc/varnish/default.vcl 
 # Default address and port to bind to. Blank address means all IPv4
 # and IPv6 interfaces, otherwise specify a host name, an IPv4 dotted
 # quad, or an IPv6 address in brackets.
 # VARNISH_LISTEN_ADDRESS=192.168.1.5
 VARNISH_LISTEN_PORT=6081                  
 # Admin interface listen address and port
 VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1    
 VARNISH_ADMIN_LISTEN_PORT=6082            
 # Shared secret file for admin interface
 VARNISH_SECRET_FILE=/etc/varnish/secret   
 # The minimum and maximum number of worker threads to start
 VARNISH_MIN_THREADS=5                     
 VARNISH_MAX_THREADS=1000                  
 # Idle timeout for worker threads
 VARNISH_THREAD_TIMEOUT=120                
 # Backend storage specification, see Storage Types in the varnishd(5)
 # man page for details.
 VARNISH_STORAGE="file,/var/lib/varnish/varnish_storage.bin,1G"
 # Default TTL used when the backend does not specify one
 VARNISH_TTL=120                           
 # User and group for the varnishd worker processes
 VARNISH_USER=varnish                      
 VARNISH_GROUP=varnish                     
--- a/varnish.service
+++ b/varnish.service
@ -0,0 +1,47 @@
 [Unit]
 Description=Varnish a high-perfomance HTTP accelerator
 After=syslog.target network.target
 [Service]
 #
 # If you want to make changes to this file, please copy it to 
 # /etc/systemd/system/varnish.service and make your changes there.
 # This will override the file kept at /lib/systemd/system/varnish.service
 #
 # Enviroment variables may be found in /etc/varnish/varnish.params
 #
 # Maximum number of open files (for ulimit -n)
 LimitNOFILE=131072
 # Locked shared memory (for ulimit -l)
 # Default log size is 82MB + header
 LimitMEMLOCK=82000
 # Maximum size of the corefile. 
 LimitCORE=infinity
 EnvironmentFile=/etc/varnish/varnish.params
 Type=forking
 PIDFile=/var/run/varnish.pid
 PrivateTmp=true
 ExecStart=/usr/sbin/varnishd \
 	-P /var/run/varnish.pid \
 	-f $VARNISH_VCL_CONF \
 	-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \
 	-T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \
 	-t $VARNISH_TTL \
 	-w ${VARNISH_MIN_THREADS},${VARNISH_MAX_THREADS},${VARNISH_THREAD_TIMEOUT} \
 	-u $VARNISH_USER \
 	-g $VARNISH_GROUP \
 	-S $VARNISH_SECRET_FILE \
 	-s $VARNISH_STORAGE \
 	$DAEMON_OPTS
 ExecReload=/usr/sbin/varnish_reload_vcl
 [Install]
 WantedBy=multi-user.target
--- a/SPECS/varnish.spec
+++ b/SPECS/varnish.spec
@ -1,89 +1,108 @@
-%global _hardened_build 1
+%global _hardened_build 0
 %global debug_package %{nil}
 # https://github.com/varnishcache/varnish-cache/issues/2269
 %global debug_package %{nil}
 %if 0%{?rhel} == 7
 %global _use_internal_dependency_generator 0
 %global __find_provides %{_builddir}/%{name}-%{version}/find-provides %__find_provides
 %global __python /usr/bin/python3.4
 %else
 %global __python %{__python3}
 %endif
 %global __provides_exclude_from ^%{_libdir}/varnish/vmods
 %global abi cd1d10ab53a6f6115b2b4f3b2a1da94c1f749f80
 %global vrt 18.0
 # Package scripts are now external
 # https://github.com/varnishcache/pkg-varnish-cache
-%global commit1 0ad2f22629c4a368959c423a19e352c9c6c79682
+%global commit1 cfa8cb3724e4ca6398f60b09157715bcb99d189d
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
-%bcond_without python2
+# Default: Use jemalloc, as adviced by upstream project
-%bcond_with python3
+# Change to 1 to use system allocator (ie. glibc)
 %if 0%{?rhel}
 %bcond_without system_allocator
 %else
 %bcond_with system_allocator
 %endif
-%if %{with python2} == %{with python3}
+%if %{with system_allocator}
-%error Pick exactly one Python version
+# use _lto_cflags if present
 %else
 %global _lto_cflags %{nil}
 %endif
 Summary: High-performance HTTP accelerator
 Name: varnish
-Version: 6.0.8
+Version: 7.4.2
-Release: 2%{?dist}.1
+Release: 5%{?dist}
-License: BSD
+License: BSD-2-Clause AND (BSD-2-Clause-FreeBSD AND BSD-3-Clause AND LicenseRef-Fedora-Public-Domain AND Zlib)
 Group: System Environment/Daemons
 URL: https://www.varnish-cache.org/
-Source0: http://varnish-cache.org/_downloads/%{name}-%{version}%{?vd_rc}.tgz
+Source0: http://varnish-cache.org/_downloads/%{name}-%{version}.tgz
 Source1: https://github.com/varnishcache/pkg-varnish-cache/archive/%{commit1}.tar.gz#/pkg-varnish-cache-%{shortcommit1}.tar.gz
 Patch1:  varnish-5.1.1.fix_ld_library_path_in_doc_build.patch
 Patch4:  varnish-4.0.3_fix_varnish4_selinux.el6.patch
 Patch9:  varnish-5.1.1.fix_python_version.patch
-# https://github.com/varnishcache/varnish-cache/commit/5220c394232c25bb7a807a35e7394059ecefa821#diff-2279587378a4426edde05f42e1acca5e
+%if 0%{?fedora} > 29 || 0%{?rhel} > 7
-Patch11: varnish-6.0.0.fix_el6_fortify_source.patch
+Provides: varnish%{_isa} = %{version}-%{release}
 Provides: varnishd(abi)%{_isa} = %{abi}
 Provides: varnishd(vrt)%{_isa} = %{vrt}
-# https://bugzilla.redhat.com/show_bug.cgi?id=2045031
+Provides: vmod(blob)%{_isa} = %{version}-%{release}
-Patch100: varnish-6.0.8.CVE-2022-23959.patch
+Provides: vmod(cookie)%{_isa} = %{version}-%{release}
 Provides: vmod(debug)%{_isa} = %{version}-%{release}
 Provides: vmod(directors)%{_isa} = %{version}-%{release}
 Provides: vmod(h2)%{_isa} = %{version}-%{release}
 Provides: vmod(proxy)%{_isa} = %{version}-%{release}
 Provides: vmod(purge)%{_isa} = %{version}-%{release}
 Provides: vmod(std)%{_isa} = %{version}-%{release}
 Provides: vmod(unix)%{_isa} = %{version}-%{release}
 Provides: vmod(vtc)%{_isa} = %{version}-%{release}
 %endif
 # https://bugzilla.redhat.com/show_bug.cgi?id=2141844
 Patch101: varnish-6.0.8-CVE-2022-45060.patch
-Obsoletes: varnish-libs
+%if 0%{?rhel} == 7
-
+BuildRequires: python34 python34-sphinx python34-docutils
 %if %{with python3}
 BuildRequires: python3, python3-sphinx, python3-docutils
 %else
-%if 0%{?rhel} >= 6
+BuildRequires: python3, python3-sphinx, python3-docutils
 BuildRequires: python-sphinx
 %endif
 BuildRequires: python-docutils
 %endif
 BuildRequires: libedit-devel
 BuildRequires: ncurses-devel
 BuildRequires: pcre-devel
 BuildRequires: pkgconfig
 BuildRequires: gcc
 BuildRequires: libedit-devel
 BuildRequires: make
-BuildRequires: graphviz
+BuildRequires: ncurses-devel
 BuildRequires: pcre2-devel
 BuildRequires: pkgconfig
 BuildRequires: systemd-units
 %if %{with system_allocator}
 # use glibc
 %else
 BuildRequires: jemalloc-devel
 %endif
 # Extra requirements for the build suite
 #   needs haproxy2
 %if 0%{?fedora} > 30 || 0%{?rhel} > 8
 BuildRequires: haproxy
 %endif
 BuildRequires: nghttp2
 %if 0%{?rhel} == 6
 BuildRequires: selinux-policy
 %endif
 Requires: logrotate
 Requires: ncurses
-Requires: pcre
+Requires: pcre2
 Requires: redhat-rpm-config
 Requires(pre): shadow-utils
 Requires(post): /usr/bin/uuidgen
 # Varnish actually needs gcc installed to work. It uses the C compiler 
 # at runtime to compile the VCL configuration files. This is by design.
 Requires: gcc
 %if 0%{?fedora} >= 17 || 0%{?rhel} >= 7
 Requires(post): systemd-units
 Requires(post): systemd-sysv
 Requires(preun): systemd-units
 Requires(postun): systemd-units
-BuildRequires: systemd-units
+%if %{with system_allocator}
-%endif
+# use glibc
-%if 0%{?rhel} == 6
+%else
-Requires: %{name}-selinux
+Requires: jemalloc
 Requires(post): policycoreutils, 
 Requires(preun): policycoreutils
 Requires(postun): policycoreutils
 Requires(post): /sbin/chkconfig
 Requires(preun): /sbin/chkconfig
 Requires(preun): /sbin/service
 %endif
 %description
@ -99,14 +118,12 @@ available on: https://www.varnish-cache.org/
 %package devel
 Summary: Development files for %{name}
-Group: Development/Libraries
+#BuildRequires: ncurses-devel
-BuildRequires: ncurses-devel
+Provides: varnish-libs-devel%{?isa} = %{version}-%{release}
 Provides: varnish-libs-devel = %{version}-%{release}
-Obsoletes: varnish-libs-devel
+Obsoletes: varnish-libs-devel < %{version}-%{release}
 %if %{with python2}
 Requires: python
 %endif
 Requires: %{name} = %{version}-%{release}
 Requires: python3
 %description devel
 Development files for %{name}
@ -114,109 +131,98 @@ Varnish Cache is a high-performance HTTP accelerator
 %package docs
 Summary: Documentation files for %name
 Group: Documentation
 %description docs
 Documentation files for %name
 %if 0%{?rhel} == 6
 %package selinux
 Summary: Minimal selinux policy for running varnish
 Group:   System Environment/Daemons
 %description selinux
 Minimal selinux policy for running varnish4
 %endif
 %prep
-%setup -q -n varnish-%{version}%{?vd_rc}
+%setup -q
 tar xzf %SOURCE1
 ln -s pkg-varnish-cache-%{commit1}/redhat redhat
 ln -s pkg-varnish-cache-%{commit1}/debian debian
 cp redhat/find-provides .
-%if 0%{?rhel} == 6
+sed -i 's,rst2man-3.6,rst2man-3.4,g; s,rst2html-3.6,rst2html-3.4,g; s,phinx-build-3.6,phinx-build-3.4,g' configure
 cp pkg-varnish-cache-%{commit1}/sysv/redhat/* redhat/
 sed -i '8 i\RPM_BUILD_ROOT=%{buildroot}' find-provides
 %endif
 %patch1 -p1
 %if 0%{?rhel} == 6
 %patch4 -p0
 %patch9 -p0
 %patch11 -p0
 %endif
 %patch100 -p1
 %patch101 -p1
 %build
-%if 0%{?rhel} == 6
+%if %{with system_allocator}
-export CFLAGS="%{optflags} -fPIC"
+export CFLAGS="%{optflags}"
-export LDFLAGS=" -pie"
+%else
 # nilled _lto_cflags above because they remove the deps on jemalloc.
 # On the fedoras, _lto_cflags is -flto=auto and -ffat-lto-objects. The latter is OK.
 export CFLAGS="%{optflags} -ffat-lto-objects"
 %endif
 # https://gcc.gnu.org/wiki/FAQ#PR323
 %ifarch %ix86
 %if 0%{?fedora} > 21
-export CFLAGS="%{optflags} -ffloat-store -fexcess-precision=standard"
+export CFLAGS="$CFLAGS -ffloat-store -fexcess-precision=standard"
 %endif
 %if 0%{?rhel} >= 6
 export CFLAGS="%{optflags} -fPIC -ffloat-store"
 %endif
 %endif
 %ifarch s390x
 export CFLAGS="$CFLAGS -Wno-error=free-nonheap-object"
 %endif
 # What gcc version is this?
 gcc --version
 # What is the page size
 getconf PAGESIZE
 # Man pages are prebuilt. No need to regenerate them.
 export RST2MAN=/bin/true
 # Explicit python, please
 export PYTHON=%{__python}
-%configure --disable-static \
+%configure LT_SYS_LIBRARY_PATH=%_libdir \
-  --with-jemalloc=no \
+ --disable-static \
  --localstatedir=/var/lib  \
-  --docdir=%{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
+  --with-contrib \
-#ifarch x86_64 #arm
+  --docdir=%{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}} \
-#  --disable-pcre-jit \
+%ifarch %ix86
-#endif
+%if 0%{?fedora} <= 37
-
+  --enable-pcre2-jit=no \
-# We have to remove rpath - not allowed in Fedora
+%endif
-# (This problem only visible on 64 bit arches)
+%endif
-sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g;
+%if %{with system_allocator}
-        s|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
+  --with-jemalloc=no \
 # I'll never understand libtool
 mkdir lib/libvarnishapi/.libs
 pushd lib/libvarnishapi/.libs
 ln -s libvarnishapi.so libvarnishapi.so.1
 popd
 # Upstream github issue #2265
 %if 0%{?rhel} == 6 
 sed -i 's/-Werror$//g;' bin/varnishd/Makefile
 sed -i 's/-Werror$//g;' lib/libvarnishapi/Makefile
 %endif
-make %{?_smp_mflags} V=1 
+%make_build
 # One varnish user is enough
 sed -i 's,User=varnishlog,User=varnish,g;' redhat/varnishncsa.service
 # Explicit python, please
 %if %{with python2}
 sed -i 's/env python3/python2/g;' lib/libvcc/vmodtool.py lib/libvcc/vsctool.py
 %else
 sed -i 's/env python3/python3/g;' lib/libvcc/vmodtool.py lib/libvcc/vsctool.py
 %endif
 # Clean up the html documentation
 rm -rf doc/html/_sources
 %check
-%ifarch ppc64 ppc64le aarch64
+
-sed -i 's/48/128/g;' bin/varnishtest/tests/c00057.vtc
+# Remove these for now. Hard to get the size and timing right
 %ifarch s390 s390x aarch64
 rm bin/varnishtest/tests/o00005.vtc
 %endif
-#make %{?_smp_mflags} check LD_LIBRARY_PATH="%{buildroot}%{_libdir}:%{buildroot}%{_libdir}/%{name}" VERBOSE=1
+%ifarch armv7hl
 rm bin/varnishtest/tests/b00046.vtc
 %endif
 %ifarch s390x
 rm bin/varnishtest/tests/r02310.vtc
 %endif
 # failing on all arches
 rm bin/varnishtest/tests/h00004.vtc
 %make_build check
 %install
 rm -rf %{buildroot}
-make install DESTDIR=%{buildroot} INSTALL="install -p"
+
 # mock el7 defaults to LANG=C, which makes python3 fail when parsing utf8 text
 %if 0%{?rhel} == 7
 export LANG=en_US.UTF-8
 %endif
 %{make_install}
 # None of these for fedora
 find %{buildroot}/%{_libdir}/ -name '*.la' -exec rm -f {} ';'
@ -230,38 +236,24 @@ install -D -m 0644 redhat/varnish.logrotate %{buildroot}%{_sysconfdir}/logrotate
 install -D -m 0644 include/vcs_version.h %{buildroot}%{_includedir}/varnish
 install -D -m 0644 include/vrt.h %{buildroot}%{_includedir}/varnish
 # systemd support
 %if 0%{?fedora} >= 17 || 0%{?rhel} >= 7
 mkdir -p %{buildroot}%{_unitdir}
 install -D -m 0644 redhat/varnish.service %{buildroot}%{_unitdir}/varnish.service
 install -D -m 0644 redhat/varnishncsa.service %{buildroot}%{_unitdir}/varnishncsa.service
 # default is standard sysvinit
 %else
 install -D -m 0644 redhat/varnish.sysconfig %{buildroot}%{_sysconfdir}/sysconfig/varnish
 install -D -m 0755 redhat/varnish.initrc %{buildroot}%{_initrddir}/varnish
 install -D -m 0755 redhat/varnishncsa.initrc %{buildroot}%{_initrddir}/varnishncsa
 %endif
 install -D -m 0755 redhat/varnishreload %{buildroot}%{_sbindir}/varnishreload
-echo %{_libdir}/varnish > %{buildroot}%{_sysconfdir}/ld.so.conf.d/varnish-%{_arch}.conf
+echo %{_libdir}/varnish > %{buildroot}%{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf
 # No idea why these ends up with mode 600 in the debug package
 %if 0%{debug_package}
 chmod 644 lib/libvmod_*/*.c
 chmod 644 lib/libvmod_*/*.h
 # selinux module for el6
 %if 0%{?rhel} == 6
 cd selinux
 make -f %{_datadir}/selinux/devel/Makefile
 install -p -m 644 -D varnish4.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/varnish4.pp
 %endif
 %files
 %{_sbindir}/*
 %{_bindir}/*
 %{_libdir}/*.so.*
-%{_libdir}/varnish
+%{_libdir}/%{name}
 %{_var}/lib/varnish
 %attr(0700,varnish,varnish) %dir %{_var}/log/varnish
 %{_mandir}/man1/*.1*
@ -273,21 +265,12 @@ install -p -m 644 -D varnish4.pp %{buildroot}%{_datadir}/selinux/packages/%{name
 %dir %{_sysconfdir}/varnish/
 %config(noreplace) %{_sysconfdir}/varnish/default.vcl
 %config(noreplace) %{_sysconfdir}/logrotate.d/varnish
-%config %{_sysconfdir}/ld.so.conf.d/varnish-%{_arch}.conf
+%config %{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf
 # systemd from fedora 17 and rhel 7
 %if 0%{?fedora} >= 17 || 0%{?rhel} >= 7
 %{_unitdir}/varnish.service
 %{_unitdir}/varnishncsa.service
 # default is standard sysvinit
 %else
 %config(noreplace) %{_sysconfdir}/sysconfig/varnish
 %{_initrddir}/varnish
 %{_initrddir}/varnishncsa
 %endif
 %files devel
 %license LICENSE
 %doc README.rst
@ -302,10 +285,6 @@ install -p -m 644 -D varnish4.pp %{buildroot}%{_datadir}/selinux/packages/%{name
 %doc doc/html
 %doc doc/changes*.html
 %if 0%{?rhel} == 6
 %files selinux
 %{_datadir}/selinux/packages/%{name}/varnish4.pp
 %endif
 %pre
 getent group varnish >/dev/null || groupadd -r varnish
@ -314,98 +293,262 @@ getent passwd varnish >/dev/null || \
               -c "Varnish Cache" varnish
 exit 0
 %post
-%if 0%{?fedora} >= 17 || 0%{?rhel} >= 7
+%systemd_post varnish varnishncsa
 %systemd_post varnish.service
 # Other distros: Use chkconfig
 %else
 /sbin/chkconfig --add varnish
 /sbin/chkconfig --add varnishncsa 
 %endif
 /sbin/ldconfig
 # Previous versions had varnishlog and varnishncsa running as root
 chown varnish:varnish /var/log/varnish/varnishncsa.log 2>/dev/null || true
 test -f /etc/varnish/secret || (uuidgen > /etc/varnish/secret && chmod 0600 /etc/varnish/secret)
 # selinux module for el6
 %if 0%{?rhel} == 6
 %post selinux
 if [ "$1" -le "1" ] ; then # First install
 semodule -i %{_datadir}/selinux/packages/%{name}/varnish4.pp 2>/dev/null || :
 fi
 %preun selinux
 if [ "$1" -lt "1" ] ; then # Final removal
 semodule -r varnish4 2>/dev/null || :
 fi
 %postun
-%if 0%{?fedora} >= 18 || 0%{?rhel} >= 7
+%systemd_postun_with_restart varnish varnishncsa
 %systemd_postun_with_restart varnish.service
 %endif
 /sbin/ldconfig
 %postun selinux
 if [ "$1" -ge "1" ] ; then # Upgrade
 semodule -i %{_datadir}/selinux/packages/%{name}/varnish4.pp 2>/dev/null || :
 fi
 %endif
 %preun
-
+%systemd_preun varnish varnishncsa
 %if 0%{?fedora} >= 18 || 0%{?rhel} >= 7
 %systemd_preun varnish.service
 %else
 if [ $1 -lt 1 ]; then
  # Package removal, not upgrade
  %if 0%{?fedora} >= 17 || 0%{?rhel} >= 7
  /bin/systemctl --no-reload disable varnish.service > /dev/null 2>&1 || :
  /bin/systemctl stop varnish.service > /dev/null 2>&1 || :
  /bin/systemctl stop varnishncsa.service > /dev/null 2>&1 || :
  %else
  /sbin/service varnish stop > /dev/null 2>&1
  /sbin/service varnishncsa stop > /dev/null 2>%1
  /sbin/chkconfig --del varnish
  /sbin/chkconfig --del varnishncsa 
  %endif
 fi
 %endif
 %changelog
-* Mon Nov 14 2022 Luboš Uhliarik <luhliari@redhat.com> - 6.0.8-2.1
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 7.4.2-5
- Resolves: #2142092 - CVE-2022-45060 varnish:6/varnish: Request Forgery
+- Bump release for October 2024 mass rebuild:
-  Vulnerability
+  Resolves: RHEL-64018
-* Tue Feb 01 2022 Luboš Uhliarik <luhliari@redhat.com> - 6.0.8-2
+* Tue Jul 16 2024 Joe Orton <jorton@redhat.com> - 7.4.2-4
- Resolves: #2047650 - CVE-2022-23959 varnish:6/varnish: Varnish HTTP/1 Request
+- rebuild
  Smuggling Vulnerability
-* Thu Jul 22 2021 Luboš Uhliarik <luhliari@redhat.com> - 6.0.8-1
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 7.4.2-3
- new version 6.0.8
+- Bump release for June 2024 mass rebuild
 - Resolves: #1982862 - CVE-2021-36740 varnish:6/varnish: HTTP/2 request
  smuggling attack via a large Content-Length header for a POST request
-* Tue Apr 14 2020 Lubos Uhliarik <luhliari@redhat.com> - 6.0.6-2
+* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 7.4.2-2
- new version 6.0.6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 - Resolves: #1795673 - RFE: rebase varnish:6 to latest 6.0.x LTS
 - Resolves: #1790907 - CVE-2019-20637 varnish: not clearing pointer between two
  client requests leads to information disclosure
 - Resolves: #1763958 - CVE-2019-15892 varnish:6/varnish: denial of service 
  handling certain crafted HTTP/1 requests 
-* Mon Oct 08 2018 Lubos Uhliarik <luhliari@redhat.com> - 6.0.2-1
+* Wed Nov 08 2023 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.4.2-1
- new version 6.0.2 (#1633338)
+- New upstream release. A security release
 - Includes fix for CVE-2023-44487 aka VSV00013, rhbz#2243328, HTTP/2 Rapid Reset Attack
-* Wed Aug 01 2018 Luboš Uhliarik <luhliari@redhat.com> - 6.0.0-3
+* Thu Oct 12 2023 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.4.1-1
- Resolves: #1591765 - varnish: Remove dependency on jemalloc
+- New upstream release. A bugfix release
 * Wed Oct 11 2023 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.4.0-0
 - New upstream release
 * Thu Sep 14 2023 Luboš Uhliarik <luhliari@redhat.com> - 7.3.0-5
 - SPDX migration
 * Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 7.3.0-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
 * Fri Jun 23 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 7.3.0-3
 - Enable system_allocator in RHEL/ELN builds
 * Mon Mar 20 2023 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.3.0-2
 - Switched from bcond to bcond_with for compatibility with el8 and el9
 - haproxy builddep on systems with haproxy2
 - Disable pcre2-jit only for fedora <= 37 on 32bit x86
 * Thu Mar 16 2023 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.3.0-1
 - New upstream release
 - Added a bcond system_allocator for skipping jemalloc, bz#1917697
 - nil _lto_cflags macro to link to jemalloc again
 - disable pcre2-jit on 32bit x86 for now
 * Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 7.2.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 * Wed Nov 09 2022 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.2.1-1
 - New upstream release: A security release
 - Includes fix for VSV00011
 * Fri Sep 16 2022 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.2.0-1
 - New upstream release. The regular bi-annual "fresh" release
 - Removed list of patches from comments
 - Cosmetical changes to specfile from upstream
 - Now build with --with-contrib
 * Fri Aug 12 2022 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.1.1-1
 - New upstream release. A security release
 - Includes fix for VSV00009 aka CVE-2022-38150
 * Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 7.1.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
 * Tue Mar 29 2022 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.1.0-1
 - New upstream release
 - Includes updated snapshot of pkg-varnish
 * Mon Feb 21 2022 Luboš Uhliarik <luhliari@redhat.com> - 7.0.2-2
 - Fix Provides directive for varnish-devel package
 * Wed Jan 26 2022 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.0.2-1
 - New upstream release. A security release
 - Includes fix for CVE-2022-23959 aka VSV00008, rhbz#2045033
 * Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 7.0.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
 * Thu Jan 13 2022 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.0.1-2
 - Update ABI string
 * Thu Jan 13 2022 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.0.1-1
 - New upstream release. A maintenance and stability release
 * Tue Nov 02 2021 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.0.0-2
 - upstream switched to pcre2 a while ago
 * Thu Sep 16 2021 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.0.0-1
 - New upstream release
 - Updated pkg-varnish checkout from the 7.0 branch
 * Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 6.6.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
 * Sat Jul 17 2021 Ingvar Hagelund <ingvar@redpill-linpro.com> 6.6.1-2
 - Bumped abi and vrt versions
 * Sat Jul 17 2021 Ingvar Hagelund <ingvar@redpill-linpro.com> 6.6.1-1
 - New upstream release
 - Includes fix for CVE-2021-36740 aka VSV00007, bz#1982413
 * Tue May 18 2021 Timm Bäder <tbaeder@redhat.com> - 6.6.0-2
 - Use make macros
 * Mon Mar 15 2021 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.6.0-1
 - New upstream release
 - Now provides vmod_purge
 - Uses haproxy in the test suite on el8
 - Skipped obsoleting varnish-libs. That was many years ago now.
 * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 6.5.1-4
 - Rebuilt for updated systemd-rpm-macros
  See https://pagure.io/fesco/issue/2583.
 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 6.5.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 * Thu Jan 21 2021 Ingvar Hagelund <ingvar@redpill-linpro.com> 6.5.1-2
 - Pulled support for el6
 - Pulled support for sysvinit
 - aarch64 builds now with jemalloc again on el7
 * Fri Sep 25 2020 Ingvar Hagelund <ingvar@redpill-linpro.com> 6.5.1-1
 - New upstream release varnish-6.5.1
 * Wed Sep 16 2020 Ingvar Hagelund <ingvar@redpill-linpro.com> 6.5.0-1
 - New upstream release varnish-6.5.0
 - Respun silly patch to get rid of compiler warnings on el6
 * Tue Aug 04 2020 Ingvar Hagelund <ingvar@redpill-linpro.com> 6.4.0-4
 - Added -Wno-error=free-nonheap-object to CFLAGS to build on s390x
 * Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 6.4.0-3
 - Second attempt - Rebuilt for
  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 6.4.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Mon Mar 16 2020 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.4.0-1
 - New upstream release
 - Respin patches for 6.4.0
 - Removed patches merged upstream
 - Deactivated a test on s390*. Too hard to get size and timing right
 * Wed Feb 12 2020 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.3.2-3
 - Got corrected compilation fix patch from upstream
 * Tue Feb 11 2020 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.3.2-2
 - Added simple compilation fix for gcc-10.0.1/s390x
 * Tue Feb 11 2020 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.3.2-1
 - New upstream release, a security release. Includes fix for VSV00005
 - Added new checkout of pkg-varnish
 - Temporarily disable haproxy unit tests, as haproxy seems broken in rawhide
 * Mon Feb 10 2020 Joe Orton <jorton@redhat.com> - 6.3.1-3
 - drop buildreq on (retired) vttest (#1800232)
 * Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 6.3.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Tue Oct 22 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.3.1-1
 - New upstream release. A security release. Includes fix for VSV00004
 * Fri Sep 20 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.3.0-2
 - Respin patch for el6
 * Mon Sep 16 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.3.0-1
 - New upstream release
 * Wed Sep 04 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.2.1-4
 - New upstream release. A security release. Includes fix for CVE-2019-15892
 * Thu Aug 08 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.2.0-4
 - Pull in extra requirements to the build requirements to run more
  tests (on fedora: haproxy, vttest)
 * Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 6.2.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Thu Apr 04 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.2.0-2
 - Run configure with LT_SYS_LIBRARY_PATH, removing the need for
  killing RPATH in libtool with sed and scattering LD_LIBRARY_PATH around
  with patches
 - Some explicit python version fixes needed for el7 python34 vs python36
 - aarch64 now builds with jemalloc again on fedora
 * Fri Mar 15 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.2.0-1
 - New upstream release varnish-6.2
 - Removed patches merged upstream
 - Remove misc sed hacks for bugs that are fixed upstream
 - Added a patch for gcc-4.4 -Werror support on el6
 - Added a patch from upstream to fix too small thread pool stack in a test
 - Override macro __python to make brp-python-bytecompile choose python3
 - Explicitly use python-3.4
 - Switch to make_install macro
 - Better documentation of patches
 - Updated checkout of pkg-varnish-cache
 * Thu Mar 07 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.1.1-5
 - Adding a patch based on upstream commits, fixing pcre-jit, see 
  upstream bug 2912
 * Thu Feb 14 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.1.1-4
 - Adding a patch from upstream fixing a simple formatting bug on gcc-9
 * Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 6.1.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Wed Nov 07 2018 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.1.1-2
 - Respun ld_library_path patch for varnish-6.1.1
 * Wed Nov 07 2018 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.1.1-1
 - New upstream release
 * Tue Nov 06 2018 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.1.0-3
 - Dropped the depricated external dependency generator in Fedora
 - Hard coded vmod, abi and vrt provides
 * Fri Nov 02 2018 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.1.0-2
 - Added a patch to fix a failing test in the testsuite
 * Fri Nov 02 2018 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.1.0-1
 - New upstream release
 - Respin patches for 6.1.0
 - Disable pcre-jit for now, ref upstream bug #2817
 * Tue Oct 09 2018 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.0.1-3
 - Explicitly using utf8 under install on el6 and el7 for python quirks
 * Tue Oct 09 2018 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.0.1-2
 - Explicitly using python3 on all targets
 * Thu Sep 27 2018 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.0.1-1
 - New upstream release
 - Removed graphciz from BuildRequires. It is not used
 - Removed patch for fortify_source on el6. It is merged upstream
 - Small workaround for test suite problem with old readline/curses on el6
 - Supports bcond_with python3, for simpler future deprication of python2
 - Added -fno-exceptions to CFLAGS on el6, see upstream issue #2793
 * Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 6.0.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--- a/varnishlog.service
+++ b/varnishlog.service
@ -0,0 +1,11 @@
 [Unit]
 Description=Varnish HTTP accelerator logging daemon
 After=network.target
 [Service]
 Type=forking
 PIDFile=/run/varnishlog.pid
 ExecStart=/usr/bin/varnishlog -a -w /var/log/varnish/varnish.log -D -P /run/varnishlog.pid
 [Install]
 WantedBy=multi-user.target
--- a/varnishncsa.service
+++ b/varnishncsa.service
@ -0,0 +1,11 @@
 [Unit]
 Description=Varnish NCSA logging
 After=network.target
 [Service]
 Type=forking
 PIDFile=/run/varnishncsa.pid
 ExecStart=/usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log -D -P /run/varnishncsa.pid
 [Install]
 WantedBy=multi-user.target
--- a/vsv00002_test.patch
+++ b/vsv00002_test.patch
@ -0,0 +1,11 @@
 --- bin/varnishtest/tests/r02429.vtc.orig	2017-11-16 11:08:04.718822949 +0100
 +++ bin/varnishtest/tests/r02429.vtc	2017-11-16 11:08:12.411275341 +0100
@@ -4,7 +4,7 @@
 	accept
 } -start
 -varnish v1 -arg "-s Transient=file,${tmpdir}/_.file,1m" -vcl+backend {
 +varnish v1 -arg "-s Transient=file,${tmpdir}/_.file,10m" -vcl+backend {
 	sub vcl_backend_error {
 		synthetic("foo");
 		return (deliver);
		`@ -1,2 +0,0 @@`
			`db2cd6c296e7f19d65c09e642b7011338d9d0e04 SOURCES/pkg-varnish-cache-0ad2f22.tar.gz`
			`7c5e50eabcd3c0ddb6c463ba4645678a2f71233a SOURCES/varnish-6.0.8.tgz`
		`@ -0,0 +1,2 @@`
							`SHA512 (varnish-7.4.2.tgz) = acd61a852ac7d66b268ab831d3a771d7a063a6a257b5e7c25c5a2ec9bccefa845279b9bd5fc85dd0b4f1d56da59164a13149355d1e6187e71ad76463687f7971`
							`SHA512 (pkg-varnish-cache-cfa8cb3.tar.gz) = 058e689186d1b01bb4a256ff3a5a373337e380a0a87128d4b2adbcff41210189e7f4b3d56e8451f06120449c04aaa4ddc61f934a1fda9c5336dfe2020c66a569`