Compare commits

...

No commits in common. "c8-stream-6" and "c9s" have entirely different histories.

32 changed files with 2985 additions and 255 deletions

50
.gitignore vendored
View File

@ -1,2 +1,48 @@
SOURCES/pkg-varnish-cache-0ad2f22.tar.gz
SOURCES/varnish-6.0.8.tgz
varnish-2.0.6.tar.gz
varnish-2.1.2.tar.gz
varnish-2.1.3.tar.gz
/varnish-2.1.4.tar.gz
/varnish-2.1.5.tar.gz
/varnish-3.0.2.tar.gz
/varnish-3.0.3.tar.gz
/varnish-3.0.4.tar.gz
/varnish-3.0.5.tar.gz
/varnish-4.0.0.tar.gz
/varnish-4.0.1.tar.gz
/varnish-4.0.2.tar.gz
/varnish-4.0.3.tar.gz
/varnish-4.1.0.tar.gz
/varnish-cache-redhat-f3dbcce.tar.gz
/pkg-varnish-cache-105f20b.tar.gz
/varnish-4.1.1.tar.gz
/varnish-4.1.2.tar.gz
/varnish-4.1.2_fix_python24.el5.patch
/pkg-varnish-cache-eff850c.tar.gz
/varnish-4.1.3.tar.gz
/pkg-varnish-cache-4e27994.tar.gz
/varnish-5.0.0.tar.gz
/pkg-varnish-cache-502fcc0.tar.gz
/varnish-5.1.1.tar.gz
/pkg-varnish-cache-92373fe.tar.gz
/pkg-varnish-cache-5b97619.tar.gz
/varnish-5.1.2.tar.gz
/varnish-5.1.3.tar.gz
/varnish-5.2.0.tgz
/varnish-5.2.1.tgz
/pkg-varnish-cache-0ad2f22.tar.gz
/varnish-6.0.0.tgz
/varnish-6.0.1.tgz
/varnish-6.1.0.tgz
/varnish-6.1.1.tgz
/varnish-6.2.0.tgz
/pkg-varnish-cache-114fcdd.tar.gz
/varnish-6.2.1.tgz
/varnish-6.3.0.tgz
/varnish-6.3.1.tgz
/pkg-varnish-cache-ec7ad9e.tar.gz
/varnish-6.3.2.tgz
/varnish-6.4.0.tgz
/varnish-6.5.0.tgz
/varnish-6.5.1.tgz
/varnish-6.5.2.tgz
/varnish-6.6.2.tgz

View File

@ -1,2 +0,0 @@
db2cd6c296e7f19d65c09e642b7011338d9d0e04 SOURCES/pkg-varnish-cache-0ad2f22.tar.gz
7c5e50eabcd3c0ddb6c463ba4645678a2f71233a SOURCES/varnish-6.0.8.tgz

View File

@ -1,13 +0,0 @@
diff --git a/bin/varnishd/cache/cache_req_body.c b/bin/varnishd/cache/cache_req_body.c
index 463b75b..982bd73 100644
--- a/bin/varnishd/cache/cache_req_body.c
+++ b/bin/varnishd/cache/cache_req_body.c
@@ -254,6 +254,8 @@ VRB_Ignore(struct req *req)
if (req->req_body_status == REQ_BODY_WITH_LEN ||
req->req_body_status == REQ_BODY_WITHOUT_LEN)
(void)VRB_Iterate(req, httpq_req_body_discard, NULL);
+ if (req->req_body_status == REQ_BODY_FAIL)
+ req->doclose = SC_RX_BODY;
return(0);
}

9
gating.yaml Normal file
View File

@ -0,0 +1,9 @@
--- !Policy
product_versions:
- rhel-9
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier2.functional}
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier3.functional}
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.acceptance-tier.functional}

2
sources Normal file
View File

@ -0,0 +1,2 @@
SHA512 (varnish-6.6.2.tgz) = 8fa163678e2e454fcc959ba24f349de00e6c00357df55f37f12f0d3acbcb2799b2f376385cef2d40c14a4cc44a5eea1b5a3fbf6245961611d4fc3ea30699035d
SHA512 (pkg-varnish-cache-ec7ad9e.tar.gz) = 146aacec76b2ca641bb8bc9dda49e82d28740dbcba034e73a8d39387696f10fa3108ab124a078e900865388217352d112f63f6fe9ef7b23e20bc699441aab4f2

View File

@ -0,0 +1,11 @@
--- redhat/find-provides.orig 2015-10-04 16:55:34.057574682 +0200
+++ redhat/find-provides 2015-10-04 16:56:04.120280796 +0200
@@ -9,8 +9,6 @@
/usr/lib/rpm/find-provides "$@"
fi
-# We don't install vcs_version.h, so we can't use RPM_BUILD_ROOT directly.
-cd /builddir/build/BUILD/varnish* || true
cd ${RPM_BUILD_ROOT}/../../BUILD/varnish* || true
printf '#include "vcs_version.h"\nVCS_Version\n' \

View File

@ -0,0 +1,41 @@
--- doc/sphinx/Makefile.in.orig 2017-03-16 16:01:18.440999286 +0100
+++ doc/sphinx/Makefile.in 2017-03-16 16:02:38.557728852 +0100
@@ -626,28 +626,38 @@
# XXX add varnishstat here when it's been _opt2rst'ed
include/varnishncsa_options.rst: $(top_builddir)/bin/varnishncsa/varnishncsa
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishncsa/varnishncsa --options > $@
include/varnishncsa_synopsis.rst: $(top_builddir)/bin/varnishncsa/varnishncsa
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishncsa/varnishncsa --synopsis > $@
include/varnishlog_options.rst: $(top_builddir)/bin/varnishlog/varnishlog
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishlog/varnishlog --options > $@
include/varnishlog_synopsis.rst: $(top_builddir)/bin/varnishlog/varnishlog
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishlog/varnishlog --synopsis > $@
include/varnishtop_options.rst: $(top_builddir)/bin/varnishtop/varnishtop
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishtop/varnishtop --options > $@
include/varnishtop_synopsis.rst: $(top_builddir)/bin/varnishtop/varnishtop
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishtop/varnishtop --synopsis > $@
include/varnishhist_options.rst: $(top_builddir)/bin/varnishhist/varnishhist
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishhist/varnishhist --options > $@
include/varnishhist_synopsis.rst: $(top_builddir)/bin/varnishhist/varnishhist
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishhist/varnishhist --synopsis > $@
include/varnishstat_options.rst: $(top_builddir)/bin/varnishstat/varnishstat
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishstat/varnishstat --options > $@
include/varnishstat_synopsis.rst: $(top_builddir)/bin/varnishstat/varnishstat
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishstat/varnishstat --synopsis > $@
include/vsl-tags.rst: $(top_builddir)/lib/libvarnishapi/vsl2rst

View File

@ -0,0 +1,66 @@
From 17c92e43fda114bf5341e51d752e882238b8fe8c Mon Sep 17 00:00:00 2001
From: Nils Goroll <nils.goroll@uplex.de>
Date: Thu, 5 Oct 2017 13:39:23 +0200
Subject: [PATCH] hack up vsctool to work with python 2 and 3
StringIO does not exist any more in python3, yet requiring 2.7 would
not pave the path forward, so try to be compatible with both.
Works for me on Python 2.7.9 and Python 3.4
I would appreciate if someone more fluent in serpentinous programming
language reviewed and/or rewrote this.
---
lib/libvcc/vsctool.py | 24 ++++++++++++++++++++----
1 file changed, 20 insertions(+), 4 deletions(-)
diff --git a/lib/libvcc/vsctool.py b/lib/libvcc/vsctool.py
index 854968e3b..829c6e518 100644
--- a/lib/libvcc/vsctool.py
+++ b/lib/libvcc/vsctool.py
@@ -37,7 +37,10 @@
import json
import sys
import gzip
-import StringIO
+try:
+ import StringIO
+except ImportError:
+ import io
import collections
import struct
@@ -54,9 +57,22 @@
"format": [ "integer", FORMATS],
}
+# http://python3porting.com/problems.html#bytes-strings-and-unicode
+if sys.version_info < (3,):
+ def b(x):
+ return x
+else:
+ import codecs
+ def b(x):
+ return codecs.latin_1_encode(x)[0]
+
def gzip_str(s):
- out = StringIO.StringIO()
- gzip.GzipFile(fileobj=out, mode="w").write(s)
+ try:
+ out = StringIO.StringIO()
+ except NameError:
+ out = io.BytesIO()
+
+ gzip.GzipFile(fileobj=out, mode="w").write(b(s))
out.seek(4)
out.write(struct.pack("<L", 0x12bfd58))
return out.getvalue()
@@ -285,7 +301,7 @@ class rst_vsc(directive):
def __init__(self, s):
super(rst_vsc, self).__init__(s)
- for i,v in PARAMS.iteritems():
+ for i,v in PARAMS.items():
if v is not True:
self.do_default(i, v[0], v[1])

View File

@ -0,0 +1,96 @@
Based on fix for upstream bug #2668, see
https://github.com/varnishcache/varnish-cache/commit/9bdc5f75d661a1659c4df60799612a7524a6caa7
diff -Naur ../varnish-6.0.1.orig/bin/varnishtest/gensequences ./bin/varnishtest/gensequences
--- ../varnish-6.0.1.orig/bin/varnishtest/gensequences 2018-08-29 11:48:32.000000000 +0200
+++ ./bin/varnishtest/gensequences 2018-09-27 12:18:20.946853383 +0200
@@ -149,6 +149,7 @@
if (l_prefix_name[p] != "teken_state_init") {
print "";
+ print "\tt->t_last = 0;";
print "\tteken_state_switch(t, teken_state_init);";
}
print "}";
diff -Naur ../varnish-6.0.1.orig/bin/varnishtest/sequences ./bin/varnishtest/sequences
--- ../varnish-6.0.1.orig/bin/varnishtest/sequences 2018-08-29 11:48:32.000000000 +0200
+++ ./bin/varnishtest/sequences 2018-09-27 12:18:50.193581932 +0200
@@ -113,3 +113,6 @@
# VT52 compatibility
#DECID VT52 DECID ^[ Z
+
+# ECMA-48
+REP Repeat last graphic char ^[ [ b n
diff -Naur ../varnish-6.0.1.orig/bin/varnishtest/teken.h ./bin/varnishtest/teken.h
--- ../varnish-6.0.1.orig/bin/varnishtest/teken.h 2018-08-29 11:48:32.000000000 +0200
+++ ./bin/varnishtest/teken.h 2018-09-27 12:18:20.947853442 +0200
@@ -153,6 +153,7 @@
unsigned int t_utf8_left;
teken_char_t t_utf8_partial;
+ teken_char_t t_last;
unsigned int t_curscs;
teken_scs_t *t_saved_curscs;
diff -Naur ../varnish-6.0.1.orig/bin/varnishtest/teken_subr.h ./bin/varnishtest/teken_subr.h
--- ../varnish-6.0.1.orig/bin/varnishtest/teken_subr.h 2018-08-29 11:48:32.000000000 +0200
+++ ./bin/varnishtest/teken_subr.h 2018-09-27 12:18:20.947853442 +0200
@@ -777,10 +777,11 @@
}
static void
-teken_subr_do_putchar(const teken_t *t, const teken_pos_t *tp, teken_char_t c,
+teken_subr_do_putchar(teken_t *t, const teken_pos_t *tp, teken_char_t c,
int width)
{
+ t->t_last = c;
if (t->t_stateflags & TS_INSERT &&
tp->tp_col < t->t_winsize.tp_col - width) {
teken_rect_t ctr;
@@ -1313,3 +1314,12 @@
t->t_stateflags &= ~TS_WRAPPED;
teken_funcs_cursor(t);
}
+
+static void
+teken_subr_repeat_last_graphic_char(teken_t *t, unsigned int rpts)
+{
+
+ for (; t->t_last != 0 && rpts > 0; rpts--)
+ teken_subr_regular_character(t, t->t_last);
+}
+
diff -Naur ../varnish-6.0.1.orig/bin/varnishtest/tests/a00001.vtc ./bin/varnishtest/tests/a00001.vtc
--- ../varnish-6.0.1.orig/bin/varnishtest/tests/a00001.vtc 2018-08-29 11:48:32.000000000 +0200
+++ ./bin/varnishtest/tests/a00001.vtc 2018-09-27 12:18:20.948853501 +0200
@@ -204,6 +204,27 @@
process p4 -expect-text 21 11 "Enter choice number (0 - 12):"
process p4 -screen_dump
+# 11. Test non-VT100 (e.g., VT220, XTERM) terminals
+process p4 -writehex "31 31 0d"
+process p4 -expect-text 0 0 "Menu 11: Non-VT100 Tests"
+
+process p4 -writehex "37 0d"
+process p4 -expect-text 0 0 "Menu 11.7: Miscellaneous ISO-6429 (ECMA-48) Tests"
+
+process p4 -writehex "32 0d"
+process p4 -expect-text 0 0 "Push <RETURN>"
+process p4 -screen_dump
+process p4 -expect-text 20 1 "Test Repeat (REP)"
+process p4 -expect-text 1 1 " ++ "
+process p4 -expect-text 2 2 " ++ "
+process p4 -expect-text 17 17 " ++ "
+process p4 -expect-text 18 18 "*++*"
+process p4 -writehex "0d"
+process p4 -expect-text 0 0 "Menu 11.7: Miscellaneous ISO-6429 (ECMA-48) Tests"
+process p4 -writehex "30 0d"
+process p4 -expect-text 0 0 "Menu 11: Non-VT100 Tests"
+process p4 -writehex "30 0d"
+
# 0. Exit
process p4 -writehex "30 0d"
process p4 -expect-text 12 30 "That's all, folks!"

View File

@ -0,0 +1,53 @@
--- doc/sphinx/Makefile.in.orig 2018-11-02 14:53:14.812956915 +0100
+++ doc/sphinx/Makefile.in 2018-11-02 14:54:31.575517733 +0100
@@ -642,9 +642,11 @@
rm -rf $(BUILDDIR)
include/cli.rst: $(top_builddir)/bin/varnishd/varnishd
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishd/varnishd -x cli > $@
include/params.rst: $(top_builddir)/bin/varnishd/varnishd
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishd/varnishd -x parameter > $@
include/counters.rst: $(top_srcdir)/lib/libvcc/vsctool.py $(COUNTERS)
@@ -656,28 +658,38 @@
# XXX add varnishstat here when it's been _opt2rst'ed
include/varnishncsa_options.rst: $(top_builddir)/bin/varnishncsa/varnishncsa
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishncsa/varnishncsa --options > $@
include/varnishncsa_synopsis.rst: $(top_builddir)/bin/varnishncsa/varnishncsa
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishncsa/varnishncsa --synopsis > $@
include/varnishlog_options.rst: $(top_builddir)/bin/varnishlog/varnishlog
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishlog/varnishlog --options > $@
include/varnishlog_synopsis.rst: $(top_builddir)/bin/varnishlog/varnishlog
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishlog/varnishlog --synopsis > $@
include/varnishtop_options.rst: $(top_builddir)/bin/varnishtop/varnishtop
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishtop/varnishtop --options > $@
include/varnishtop_synopsis.rst: $(top_builddir)/bin/varnishtop/varnishtop
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishtop/varnishtop --synopsis > $@
include/varnishhist_options.rst: $(top_builddir)/bin/varnishhist/varnishhist
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishhist/varnishhist --options > $@
include/varnishhist_synopsis.rst: $(top_builddir)/bin/varnishhist/varnishhist
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishhist/varnishhist --synopsis > $@
include/varnishstat_options.rst: $(top_builddir)/bin/varnishstat/varnishstat
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishstat/varnishstat --options > $@
include/varnishstat_synopsis.rst: $(top_builddir)/bin/varnishstat/varnishstat
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishstat/varnishstat --synopsis > $@
include/vsl-tags.rst: $(top_builddir)/lib/libvarnishapi/vsl2rst

View File

@ -0,0 +1,13 @@
--- bin/varnishtest/tests/u00008.vtc.orig 2018-11-02 16:06:40.731680282 +0100
+++ bin/varnishtest/tests/u00008.vtc 2018-11-02 16:07:21.587092836 +0100
@@ -38,8 +38,8 @@
process p1 -screen_dump
process p1 -winsz 25 132
-process p1 -expect-text 4 124 "AVG_1000"
-process p1 -expect-text 22 108 "UNSEEN DIAG"
+process p1 -expect-text 4 0 "AVG_1000"
+process p1 -expect-text 22 0 "UNSEEN DIAG"
process p1 -screen_dump -write {q} -wait

View File

@ -0,0 +1,115 @@
This patch is a fix for memory issues with
pcre-jit, see upstream bug report at
https://github.com/varnishcache/varnish-cache/issues/2817
The patch is based on upstream commits
a3129a5340566d17192de8058a9c1dbb051a7039
683b7cbe8cde1dde8f9e516a354b82430f1d318e
1226e77f9501c56976635c714c99d84f417aa5d2
diff -Naur a/bin/varnishd/cache/cache_panic.c b/bin/varnishd/cache/cache_panic.c
--- a/bin/varnishd/cache/cache_panic.c 2018-10-24 11:29:10.000000000 +0200
+++ b/bin/varnishd/cache/cache_panic.c 2019-03-07 16:27:16.592441674 +0100
@@ -601,6 +601,33 @@
VSB_indent(vsb, -2);
}
+#ifdef HAVE_PTHREAD_GETATTR_NP
+static void
+pan_threadattr(struct vsb *vsb)
+{
+ pthread_attr_t attr[1];
+ size_t sz;
+ void *addr;
+
+ if (pthread_getattr_np(pthread_self(), attr) != 0)
+ return;
+
+ VSB_cat(vsb, "pthread.attr = {\n");
+ VSB_indent(vsb, 2);
+
+ if (pthread_attr_getguardsize(attr, &sz) == 0)
+ VSB_printf(vsb, "guard = %zu,\n", sz);
+ if (pthread_attr_getstack(attr, &addr, &sz) == 0) {
+ VSB_printf(vsb, "stack_bottom = %p,\n", addr);
+ VSB_printf(vsb, "stack_top = %p,\n", (char *)addr + sz);
+ VSB_printf(vsb, "stack_size = %zu,\n", sz);
+ }
+ VSB_indent(vsb, -2);
+ VSB_cat(vsb, "}\n");
+ (void) pthread_attr_destroy(attr);
+}
+#endif
+
/*--------------------------------------------------------------------*/
static void __attribute__((__noreturn__))
@@ -673,6 +700,10 @@
if (q != NULL)
VSB_printf(pan_vsb, "thread = (%s)\n", q);
+#ifdef HAVE_PTHREAD_GETATTR_NP
+ pan_threadattr(pan_vsb);
+#endif
+
if (!FEATURE(FEATURE_SHORT_PANIC)) {
req = THR_GetRequest();
VSB_cat(pan_vsb, "thr.");
diff -Naur a/bin/varnishd/mgt/mgt_param.c b/bin/varnishd/mgt/mgt_param.c
--- a/bin/varnishd/mgt/mgt_param.c 2018-10-24 11:29:10.000000000 +0200
+++ b/bin/varnishd/mgt/mgt_param.c 2019-03-07 16:27:16.594441699 +0100
@@ -494,6 +494,8 @@
MCF_TcpParams();
+ def = 56 * 1024;
+
if (sizeof(void *) < 8) { /*lint !e506 !e774 */
/*
* Adjust default parameters for 32 bit systems to conserve
@@ -505,20 +507,16 @@
MCF_ParamConf(MCF_DEFAULT, "http_req_size", "12k");
MCF_ParamConf(MCF_DEFAULT, "gzip_buffer", "4k");
MCF_ParamConf(MCF_MAXIMUM, "vsl_space", "1G");
+ def = 48 * 1024;
}
-#if !defined(HAVE_ACCEPT_FILTERS) || defined(__linux)
- MCF_ParamConf(MCF_DEFAULT, "accept_filter", "off");
-#endif
-
low = sysconf(_SC_THREAD_STACK_MIN);
MCF_ParamConf(MCF_MINIMUM, "thread_pool_stack", "%jdb", (intmax_t)low);
#if defined(__SANITIZER) || __has_feature(address_sanitizer)
def = 92 * 1024;
-#else
- def = 48 * 1024;
#endif
+
if (def < low)
def = low;
MCF_ParamConf(MCF_DEFAULT, "thread_pool_stack", "%jdb", (intmax_t)def);
@@ -529,6 +527,10 @@
MCF_ParamConf(MCF_MAXIMUM, "thread_pools", "%d", MAX_THREAD_POOLS);
+#if !defined(HAVE_ACCEPT_FILTERS) || defined(__linux)
+ MCF_ParamConf(MCF_DEFAULT, "accept_filter", "off");
+#endif
+
VCLS_AddFunc(mgt_cls, MCF_AUTH, cli_params);
vsb = VSB_new_auto();
diff -Naur a/configure.ac b/configure.ac
--- a/configure.ac 2018-10-26 13:22:45.000000000 +0200
+++ b/configure.ac 2019-03-07 16:27:16.592441674 +0100
@@ -239,6 +239,7 @@
AC_CHECK_FUNCS([pthread_set_name_np])
AC_CHECK_FUNCS([pthread_setname_np])
AC_CHECK_FUNCS([pthread_mutex_isowned_np])
+AC_CHECK_FUNCS([pthread_getattr_np])
LIBS="${save_LIBS}"
# Support for visibility attribute

View File

@ -1,8 +1,19 @@
diff --git a/doc/sphinx/Makefile.in b/doc/sphinx/Makefile.in
index 0819064..11e4ba2 100644
--- a/doc/sphinx/Makefile.in
+++ b/doc/sphinx/Makefile.in
@@ -659,37 +659,47 @@ include/counters.rst: $(top_srcdir)/lib/libvcc/vsctool.py $(COUNTERS)
--- doc/sphinx/Makefile.in.orig 2018-11-06 16:46:59.403632379 +0100
+++ doc/sphinx/Makefile.in 2018-11-06 16:48:28.011784013 +0100
@@ -643,10 +643,12 @@
rm -rf $(BUILDDIR)
include/cli.rst: $(top_builddir)/bin/varnishd/varnishd
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishd/varnishd -x cli > ${@}_
mv ${@}_ ${@}
include/params.rst: $(top_builddir)/bin/varnishd/varnishd
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishd/varnishd -x parameter > ${@}_
mv ${@}_ ${@}
@@ -660,41 +662,52 @@
# XXX add varnishstat here when it's been _opt2rst'ed
include/varnishncsa_options.rst: $(top_builddir)/bin/varnishncsa/varnishncsa
@ -50,3 +61,8 @@ index 0819064..11e4ba2 100644
$(top_builddir)/bin/varnishstat/varnishstat --synopsis > ${@}_
mv ${@}_ ${@}
include/vsl-tags.rst: $(top_builddir)/lib/libvarnishapi/vsl2rst
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/lib/libvarnishapi/vsl2rst > ${@}_
mv ${@}_ ${@}
include/vtc-syntax.rst: vtc-syntax.py $(VTCSYN_SRC)

View File

@ -0,0 +1,39 @@
commit 7119d790b590e7fb560ad602cedfda5185c7e841
Author: Poul-Henning Kamp <phk@FreeBSD.org>
Date: Fri Jan 11 10:26:44 2019 +0000
Avoid printing %s,NULL in case of errors we do not expect.
Fixes #2879
diff --git a/lib/libvarnish/vnum.c b/lib/libvarnish/vnum.c
index b619199c6..59e804ec8 100644
--- a/lib/libvarnish/vnum.c
+++ b/lib/libvarnish/vnum.c
@@ -349,15 +349,17 @@ main(int argc, char *argv[])
for (tc = test_cases; tc->str; ++tc) {
e = VNUM_2bytes(tc->str, &val, tc->rel);
- if (e != tc->err) {
- printf("%s: VNUM_2bytes(\"%s\", %ju) (%s) != (%s)\n",
- *argv, tc->str, tc->rel, tc->err, e);
- ++ec;
- } else if (e == NULL && val != tc->val) {
- printf("%s: VNUM_2bytes(\"%s\", %ju) %ju != %ju (%s)\n",
- *argv, tc->str, tc->rel, val, tc->val, e);
- ++ec;
- }
+ if (e != NULL)
+ val = 0;
+ if (e == tc->err && val == tc->val)
+ continue;
+ ++ec;
+ printf("%s: VNUM_2bytes(\"%s\", %ju)\n",
+ *argv, tc->str, tc->rel);
+ printf("\tExpected:\tstatus %s - value %ju\n",
+ tc->err ? tc->err : "Success", tc->val);
+ printf("\tGot:\t\tstatus %s - value %ju\n",
+ e ? e : "Success", val);
}
if (!isnan(VNUM_duration(NULL))) {
printf("%s: VNUM_Duration(NULL) fail\n", *argv);

View File

@ -0,0 +1,73 @@
--- bin/varnishtest/vtc_main.c.orig 2019-03-15 12:31:56.999877378 +0100
+++ bin/varnishtest/vtc_main.c 2019-03-15 12:33:07.679889311 +0100
@@ -228,7 +228,7 @@
assert(cleaner_pid >= 0);
if (cleaner_pid == 0) {
closefd(&p[1]);
- (void)nice(1); /* Not important */
+ if (nice(1)) 1; /* Not important */
setbuf(stdin, NULL);
AZ(dup2(p[0], STDIN_FILENO));
while (fgets(buf, sizeof buf, stdin)) {
--- lib/libvarnishapi/vsm.c.orig 2019-03-18 13:24:01.377237092 +0100
+++ lib/libvarnishapi/vsm.c 2019-03-18 13:24:42.765783845 +0100
@@ -682,18 +682,18 @@
VSM_ResetError(vd);
if (u & VSM_MGT_RUNNING) {
if (progress >= 0 && n > 4)
- (void)write(progress, "\n", 1);
+ if (write(progress, "\n", 1)) 1;
vd->attached = 1;
return (0);
}
if (t0 < VTIM_mono()) {
if (progress >= 0 && n > 4)
- (void)write(progress, "\n", 1);
+ if (write(progress, "\n", 1)) 1;
return (vsm_diag(vd,
"Could not get hold of varnishd, is it running?"));
}
if (progress >= 0 && !(++n % 4))
- (void)write(progress, ".", 1);
+ if (write(progress, ".", 1)) 1;
VTIM_sleep(.25);
}
return (vsm_diag(vd, "Attach interrupted"));
--- bin/varnishd/http1/cache_http1_deliver.c.orig 2019-03-18 13:30:43.262546105 +0100
+++ bin/varnishd/http1/cache_http1_deliver.c 2019-03-18 14:12:48.980850397 +0100
@@ -74,7 +74,7 @@
VSLb(req->vsl, SLT_RespReason, "Internal Server Error");
req->wrk->stats->client_resp_500++;
- (void)write(req->sp->fd, r_500, sizeof r_500 - 1);
+ if (write(req->sp->fd, r_500, sizeof r_500 - 1)) 0;
req->doclose = SC_TX_EOF;
}
--- ./bin/varnishd/mgt/mgt_param.c.orig 2019-03-18 14:48:56.084720420 +0100
+++ ./bin/varnishd/mgt/mgt_param.c 2019-03-18 14:51:25.867836687 +0100
@@ -802,11 +802,11 @@
t2 = strchr(t1 + 1, '\t');
AN(t2);
printf("\n\t*");
- (void)fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout);
+ if (fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout)) 1;
printf("*\n\t\t");
p = t2 + 1;
}
- (void)fwrite(p, q - p, 1, stdout);
+ if (fwrite(p, q - p, 1, stdout)) 1;
p = q;
if (*p == '\n') {
printf("\n");
--- ./bin/varnishd/proxy/cache_proxy_proto.c.orig 2019-03-18 14:54:18.257283901 +0100
+++ ./bin/varnishd/proxy/cache_proxy_proto.c 2019-03-18 14:54:47.119693630 +0100
@@ -669,7 +669,7 @@
WRONG("Wrong proxy version");
AZ(VSB_finish(vsb));
- (void)write(fd, VSB_data(vsb), VSB_len(vsb));
+ if (write(fd, VSB_data(vsb), VSB_len(vsb))) 1;
if (!DO_DEBUG(DBG_PROTOCOL)) {
VSB_delete(vsb);
return;

View File

@ -0,0 +1,40 @@
commit 88948d982bcd165e05967d2a9c8684eb9f9cbd01
Author: Nils Goroll <nils.goroll@uplex.de>
Date: Wed Mar 20 11:24:33 2019 +0100
Change the stack overflow test to 128kb stacksize
on ppc64 fedora, the thread_pool_stack minimum is 128kb due to
sysconf(_SC_THREAD_STACK_MIN) = 131072
It does not harm the test to use a larger stacksize, so we adjust it to
this requirement for consistency and simplicity
diff --git a/bin/varnishtest/tests/c00057.vtc b/bin/varnishtest/tests/c00057.vtc
index 5118c79a0..be6569d24 100644
--- a/bin/varnishtest/tests/c00057.vtc
+++ b/bin/varnishtest/tests/c00057.vtc
@@ -12,7 +12,7 @@ server s1 {
varnish v1 \
-arg "-p feature=+no_coredump" \
-arg "-p vcc_allow_inline_c=true" \
- -arg "-p thread_pool_stack=48k" \
+ -arg "-p thread_pool_stack=128k" \
-vcl+backend {
C{
#include <signal.h>
@@ -27,11 +27,12 @@ void (*accessor)(volatile char *p) = _accessor;
}C
sub vcl_recv { C{
+ const int stkkb = 128;
int i;
- volatile char overflow[48*1024];
+ volatile char overflow[stkkb * 1024];
/* for downwards stack, take care to hit a single guard page */
- for (i = 47*1024; i >= 0; i -= 1024)
+ for (i = (stkkb - 1) * 1024; i >= 0; i -= 1024)
accessor(overflow + i);
/* NOTREACHED */
sleep(2);

View File

@ -0,0 +1,79 @@
diff -Naur varnish-6.3.0.orig/bin/varnishd/http1/cache_http1_deliver.c varnish-6.3.0/bin/varnishd/http1/cache_http1_deliver.c
--- varnish-6.3.0.orig/bin/varnishd/http1/cache_http1_deliver.c 2019-09-16 10:24:15.000000000 +0200
+++ varnish-6.3.0/bin/varnishd/http1/cache_http1_deliver.c 2019-09-20 08:59:52.609482627 +0200
@@ -74,7 +74,7 @@
VSLb(req->vsl, SLT_RespReason, "Internal Server Error");
req->wrk->stats->client_resp_500++;
- (void)write(req->sp->fd, r_500, sizeof r_500 - 1);
+ if (write(req->sp->fd, r_500, sizeof r_500 - 1)) 0;
req->doclose = SC_TX_EOF;
}
diff -Naur varnish-6.3.0.orig/bin/varnishd/mgt/mgt_param.c varnish-6.3.0/bin/varnishd/mgt/mgt_param.c
--- varnish-6.3.0.orig/bin/varnishd/mgt/mgt_param.c 2019-09-16 10:24:15.000000000 +0200
+++ varnish-6.3.0/bin/varnishd/mgt/mgt_param.c 2019-09-20 09:01:38.866609297 +0200
@@ -805,11 +805,11 @@
t2 = strchr(t1 + 1, '\t');
AN(t2);
printf("\n\t*");
- (void)fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout);
+ if (fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout)) 1;
printf("*\n\t\t");
p = t2 + 1;
}
- (void)fwrite(p, q - p, 1, stdout);
+ if(fwrite(p, q - p, 1, stdout)) 1;
p = q;
if (*p == '\n') {
printf("\n");
diff -Naur varnish-6.3.0.orig/bin/varnishd/proxy/cache_proxy_proto.c varnish-6.3.0/bin/varnishd/proxy/cache_proxy_proto.c
--- varnish-6.3.0.orig/bin/varnishd/proxy/cache_proxy_proto.c 2019-09-16 10:24:15.000000000 +0200
+++ varnish-6.3.0/bin/varnishd/proxy/cache_proxy_proto.c 2019-09-20 09:02:55.762424644 +0200
@@ -645,7 +645,7 @@
WRONG("Wrong proxy version");
AZ(VSB_finish(vsb));
- (void)VSB_tofile(fd, vsb); // XXX: Error handling ?
+ if (VSB_tofile(fd, vsb)) 1; // XXX: Error handling ?
if (!DO_DEBUG(DBG_PROTOCOL)) {
VSB_delete(vsb);
return;
diff -Naur varnish-6.3.0.orig/bin/varnishtest/vtc_main.c varnish-6.3.0/bin/varnishtest/vtc_main.c
--- varnish-6.3.0.orig/bin/varnishtest/vtc_main.c 2019-09-16 10:24:15.000000000 +0200
+++ varnish-6.3.0/bin/varnishtest/vtc_main.c 2019-09-20 08:56:45.639506046 +0200
@@ -230,7 +230,7 @@
assert(cleaner_pid >= 0);
if (cleaner_pid == 0) {
closefd(&p[1]);
- (void)nice(1); /* Not important */
+ if (nice(1)) 1;
setbuf(stdin, NULL);
AZ(dup2(p[0], STDIN_FILENO));
while (fgets(buf, sizeof buf, stdin)) {
diff -Naur varnish-6.3.0.orig/lib/libvarnishapi/vsm.c varnish-6.3.0/lib/libvarnishapi/vsm.c
--- varnish-6.3.0.orig/lib/libvarnishapi/vsm.c 2019-09-16 10:24:19.000000000 +0200
+++ varnish-6.3.0/lib/libvarnishapi/vsm.c 2019-09-20 10:36:02.434763755 +0200
@@ -763,18 +763,18 @@
VSM_ResetError(vd);
if (u & VSM_MGT_RUNNING) {
if (progress >= 0 && n > 4)
- (void)write(progress, "\n", 1);
+ if (!write(progress, "\n", 1)) return (vsm_diag(vd, "Unable to write progress"));
vd->attached = 1;
return (0);
}
if (t0 < VTIM_mono()) {
if (progress >= 0 && n > 4)
- (void)write(progress, "\n", 1);
+ if (!write(progress, "\n", 1)) return (vsm_diag(vd, "Unable to write progress"));
return (vsm_diag(vd,
"Could not get hold of varnishd, is it running?"));
}
if (progress >= 0 && !(++n % 4))
- (void)write(progress, ".", 1);
+ if (!write(progress, ".", 1)) return (vsm_diag(vd, "Unable to write progress"));
VTIM_sleep(.25);
}
return (vsm_diag(vd, "Attach interrupted"));

View File

@ -0,0 +1,19 @@
commit b0af060fb688b8fc2ff3817ea99430432668b291
Author: Ingvar Hagelund <ingvar@redpill-linpro.com>
Date: Tue Feb 11 12:56:54 2020 +0100
simple fix for fedora/gcc-10.0.1: -Werror=format-overflow, by some reason hit on s390x
diff --git a/bin/varnishtest/vtc_varnish.c b/bin/varnishtest/vtc_varnish.c
index 1ec748cb6..09e49d258 100644
--- a/bin/varnishtest/vtc_varnish.c
+++ b/bin/varnishtest/vtc_varnish.c
@@ -121,7 +121,7 @@ varnish_ask_cli(const struct varnish *v, const char *cmd, char **repl)
i = VCLI_ReadResult(v->cli_fd, &retval, &r, vtc_maxdur);
if (i != 0 && !vtc_stop)
vtc_fatal(v->vl, "CLI failed (%s) = %d %u %s",
- cmd, i, retval, r);
+ cmd != NULL ? cmd : "NULL", i, retval, r);
vtc_log(v->vl, 3, "CLI RX %u", retval);
vtc_dump(v->vl, 4, "CLI RX", r, -1);
if (repl != NULL)

View File

@ -0,0 +1,67 @@
diff -Naur varnish-6.3.0.orig/bin/varnishd/http1/cache_http1_deliver.c varnish-6.3.0/bin/varnishd/http1/cache_http1_deliver.c
--- varnish-6.3.0.orig/bin/varnishd/http1/cache_http1_deliver.c 2019-09-16 10:24:15.000000000 +0200
+++ varnish-6.3.0/bin/varnishd/http1/cache_http1_deliver.c 2019-09-20 08:59:52.609482627 +0200
@@ -74,7 +74,7 @@
VSLb(req->vsl, SLT_RespReason, "Internal Server Error");
req->wrk->stats->client_resp_500++;
- (void)write(req->sp->fd, r_500, sizeof r_500 - 1);
+ if (write(req->sp->fd, r_500, sizeof r_500 - 1)) 0;
req->doclose = SC_TX_EOF;
}
diff -Naur varnish-6.3.0.orig/bin/varnishd/mgt/mgt_param.c varnish-6.3.0/bin/varnishd/mgt/mgt_param.c
--- varnish-6.3.0.orig/bin/varnishd/mgt/mgt_param.c 2019-09-16 10:24:15.000000000 +0200
+++ varnish-6.3.0/bin/varnishd/mgt/mgt_param.c 2019-09-20 09:01:38.866609297 +0200
@@ -805,11 +805,11 @@
t2 = strchr(t1 + 1, '\t');
AN(t2);
printf("\n\t*");
- (void)fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout);
+ if (fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout)) 1;
printf("*\n\t\t");
p = t2 + 1;
}
- (void)fwrite(p, q - p, 1, stdout);
+ if(fwrite(p, q - p, 1, stdout)) 1;
p = q;
if (*p == '\n') {
printf("\n");
diff -Naur varnish-6.3.0.orig/bin/varnishtest/vtc_main.c varnish-6.3.0/bin/varnishtest/vtc_main.c
--- varnish-6.3.0.orig/bin/varnishtest/vtc_main.c 2019-09-16 10:24:15.000000000 +0200
+++ varnish-6.3.0/bin/varnishtest/vtc_main.c 2019-09-20 08:56:45.639506046 +0200
@@ -230,7 +230,7 @@
assert(cleaner_pid >= 0);
if (cleaner_pid == 0) {
closefd(&p[1]);
- (void)nice(1); /* Not important */
+ if (nice(1)) 1;
setbuf(stdin, NULL);
AZ(dup2(p[0], STDIN_FILENO));
while (fgets(buf, sizeof buf, stdin)) {
diff -Naur varnish-6.3.0.orig/lib/libvarnishapi/vsm.c varnish-6.3.0/lib/libvarnishapi/vsm.c
--- varnish-6.3.0.orig/lib/libvarnishapi/vsm.c 2019-09-16 10:24:19.000000000 +0200
+++ varnish-6.3.0/lib/libvarnishapi/vsm.c 2019-09-20 10:36:02.434763755 +0200
@@ -763,18 +763,18 @@
VSM_ResetError(vd);
if (u & VSM_MGT_RUNNING) {
if (progress >= 0 && n > 4)
- (void)write(progress, "\n", 1);
+ if (!write(progress, "\n", 1)) return (vsm_diag(vd, "Unable to write progress"));
vd->attached = 1;
return (0);
}
if (t0 < VTIM_mono()) {
if (progress >= 0 && n > 4)
- (void)write(progress, "\n", 1);
+ if (!write(progress, "\n", 1)) return (vsm_diag(vd, "Unable to write progress"));
return (vsm_diag(vd,
"Could not get hold of varnishd, is it running?"));
}
if (progress >= 0 && !(++n % 4))
- (void)write(progress, ".", 1);
+ if (!write(progress, ".", 1)) return (vsm_diag(vd, "Unable to write progress"));
VTIM_sleep(.25);
}
return (vsm_diag(vd, "Attach interrupted"));

View File

@ -0,0 +1,78 @@
diff -Naur ../varnish-6.5.0.orig/bin/varnishd/http1/cache_http1_deliver.c ./bin/varnishd/http1/cache_http1_deliver.c
--- ../varnish-6.5.0.orig/bin/varnishd/http1/cache_http1_deliver.c 2020-09-15 17:06:03.000000000 +0200
+++ ./bin/varnishd/http1/cache_http1_deliver.c 2020-09-16 11:45:28.663086943 +0200
@@ -76,7 +76,7 @@
VSLb(req->vsl, SLT_RespReason, "Internal Server Error");
req->wrk->stats->client_resp_500++;
- (void)write(req->sp->fd, r_500, sizeof r_500 - 1);
+ if (write(req->sp->fd, r_500, sizeof r_500 - 1)) 0;
req->doclose = SC_TX_EOF;
}
diff -Naur ../varnish-6.5.0.orig/bin/varnishd/mgt/mgt_main.c ./bin/varnishd/mgt/mgt_main.c
--- ../varnish-6.5.0.orig/bin/varnishd/mgt/mgt_main.c 2020-09-15 17:06:03.000000000 +0200
+++ ./bin/varnishd/mgt/mgt_main.c 2020-09-16 11:46:21.323667133 +0200
@@ -252,7 +252,7 @@
return;
VJ_rmdir("vmod_cache");
VJ_unlink("_.pid");
- (void)chdir("/");
+ if (chdir("/")) 0;
VJ_rmdir(workdir);
}
diff -Naur ../varnish-6.5.0.orig/bin/varnishd/mgt/mgt_param.c ./bin/varnishd/mgt/mgt_param.c
--- ../varnish-6.5.0.orig/bin/varnishd/mgt/mgt_param.c 2020-09-15 17:06:03.000000000 +0200
+++ ./bin/varnishd/mgt/mgt_param.c 2020-09-16 11:45:28.771086082 +0200
@@ -829,11 +829,11 @@
t2 = strchr(t1 + 1, '\t');
AN(t2);
printf("\n\t*");
- (void)fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout);
+ if (fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout)) 1;
printf("*\n\t\t");
p = t2 + 1;
}
- (void)fwrite(p, q - p, 1, stdout);
+ if(fwrite(p, q - p, 1, stdout)) 1;
p = q;
if (*p == '\n') {
printf("\n");
diff -Naur ../varnish-6.5.0.orig/bin/varnishtest/vtc_main.c ./bin/varnishtest/vtc_main.c
--- ../varnish-6.5.0.orig/bin/varnishtest/vtc_main.c 2020-09-15 17:06:03.000000000 +0200
+++ ./bin/varnishtest/vtc_main.c 2020-09-16 11:45:28.771086082 +0200
@@ -233,7 +233,7 @@
assert(cleaner_pid >= 0);
if (cleaner_pid == 0) {
closefd(&p[1]);
- (void)nice(1); /* Not important */
+ if (nice(1)) 1;
setbuf(stdin, NULL);
AZ(dup2(p[0], STDIN_FILENO));
while (fgets(buf, sizeof buf, stdin)) {
diff -Naur ../varnish-6.5.0.orig/lib/libvarnishapi/vsm.c ./lib/libvarnishapi/vsm.c
--- ../varnish-6.5.0.orig/lib/libvarnishapi/vsm.c 2020-09-15 17:06:03.000000000 +0200
+++ ./lib/libvarnishapi/vsm.c 2020-09-16 11:45:28.772086074 +0200
@@ -764,18 +764,18 @@
VSM_ResetError(vd);
if (u & VSM_MGT_RUNNING) {
if (progress >= 0 && n > 4)
- (void)write(progress, "\n", 1);
+ if (!write(progress, "\n", 1)) return (vsm_diag(vd, "Unable to write progress"));
vd->attached = 1;
return (0);
}
if (t0 < VTIM_mono()) {
if (progress >= 0 && n > 4)
- (void)write(progress, "\n", 1);
+ if (!write(progress, "\n", 1)) return (vsm_diag(vd, "Unable to write progress"));
return (vsm_diag(vd,
"Could not get hold of varnishd, is it running?"));
}
if (progress >= 0 && !(++n % 4))
- (void)write(progress, ".", 1);
+ if (!write(progress, ".", 1)) return (vsm_diag(vd, "Unable to write progress"));
VTIM_sleep(.25);
}
return (vsm_diag(vd, "Attach interrupted"));

View File

@ -1,12 +1,10 @@
diff --git a/bin/varnishd/http2/cache_http2_hpack.c b/bin/varnishd/http2/cache_http2_hpack.c
index d432629..b0dacb9 100644
index 6bc062e..570b871 100644
--- a/bin/varnishd/http2/cache_http2_hpack.c
+++ b/bin/varnishd/http2/cache_http2_hpack.c
@@ -93,18 +93,25 @@ static h2_error
h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
{
@@ -97,11 +97,16 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
/* XXX: This might belong in cache/cache_http.c */
+ const char *b0;
const char *b0;
unsigned n;
+ int disallow_empty;
+ char *p;
@ -21,14 +19,7 @@ index d432629..b0dacb9 100644
if (len > UINT_MAX) { /* XXX: cache_param max header size */
VSLb(hp->vsl, SLT_BogoHeader, "Header too large: %.20s", b);
return (H2SE_ENHANCE_YOUR_CALM);
}
+ b0 = b;
if (b[0] == ':') {
/* Match H/2 pseudo headers */
/* XXX: Should probably have some include tbl for
@@ -113,10 +120,24 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
@@ -117,10 +122,24 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
b += namelen;
len -= namelen;
n = HTTP_HDR_METHOD;
@ -53,7 +44,7 @@ index d432629..b0dacb9 100644
} else if (!strncmp(b, ":scheme: ", namelen)) {
/* XXX: What to do about this one? (typically
"http" or "https"). For now set it as a normal
@@ -124,6 +145,15 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
@@ -128,6 +147,15 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
b++;
len-=1;
n = hp->nhd;
@ -69,7 +60,7 @@ index d432629..b0dacb9 100644
} else if (!strncmp(b, ":authority: ", namelen)) {
b+=6;
len-=6;
@@ -160,6 +190,13 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
@@ -164,6 +192,13 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
hp->hd[n].b = b;
hp->hd[n].e = b + len;

View File

@ -0,0 +1,319 @@
commit bb3f607590a102321a15a8a17474d87da8bec32c
Author: Tomas Korbar <tkorbar@redhat.com>
Date: Tue Oct 17 16:52:32 2023 +0200
Upstream #3997 PR
Fix CVE-2023-44487
diff --git a/bin/varnishd/VSC_main.vsc b/bin/varnishd/VSC_main.vsc
index 7b32584..d55b9df 100644
--- a/bin/varnishd/VSC_main.vsc
+++ b/bin/varnishd/VSC_main.vsc
@@ -631,6 +631,14 @@
Number of session closes with Error VCL_FAILURE (VCL failure)
+.. varnish_vsc:: sc_rapid_reset
+ :level: diag
+ :oneliner: Session Err RAPID_RESET
+
+ Number of times we failed an http/2 session because it hit its
+ configured limits for the number of permitted rapid stream
+ resets.
+
.. varnish_vsc:: client_resp_500
:level: diag
:group: wrk
diff --git a/bin/varnishd/http2/cache_http2.h b/bin/varnishd/http2/cache_http2.h
index ea5eb52..9088e21 100644
--- a/bin/varnishd/http2/cache_http2.h
+++ b/bin/varnishd/http2/cache_http2.h
@@ -184,6 +184,8 @@ struct h2_sess {
VTAILQ_HEAD(,h2_req) txqueue;
h2_error error;
+ double rst_budget;
+ vtim_real last_rst;
};
#define ASSERT_RXTHR(h2) do {assert(h2->rxthr == pthread_self());} while(0)
diff --git a/bin/varnishd/http2/cache_http2_proto.c b/bin/varnishd/http2/cache_http2_proto.c
index 3597ec1..408acad 100644
--- a/bin/varnishd/http2/cache_http2_proto.c
+++ b/bin/varnishd/http2/cache_http2_proto.c
@@ -45,6 +45,7 @@
#include "vtcp.h"
#include "vtim.h"
+#define H2_CUSTOM_ERRORS
#define H2EC1(U,v,r,d) const struct h2_error_s H2CE_##U[1] = {{#U,d,v,0,1,r}};
#define H2EC2(U,v,r,d) const struct h2_error_s H2SE_##U[1] = {{#U,d,v,1,0,r}};
#define H2EC3(U,v,r,d) H2EC1(U,v,r,d) H2EC2(U,v,r,d)
@@ -304,9 +305,46 @@ h2_rx_push_promise(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2)
/**********************************************************************
*/
+static h2_error
+h2_rapid_reset(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2)
+{
+ vtim_real now;
+ vtim_dur d;
+
+ CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC);
+ ASSERT_RXTHR(h2);
+ CHECK_OBJ_NOTNULL(r2, H2_REQ_MAGIC);
+
+ if (cache_param->h2_rapid_reset_limit == 0)
+ return (0);
+
+ now = VTIM_real();
+ CHECK_OBJ_NOTNULL(r2->req, REQ_MAGIC);
+ AN(r2->req->t_first);
+ if (now - r2->req->t_first > cache_param->h2_rapid_reset)
+ return (0);
+
+ d = now - h2->last_rst;
+ h2->rst_budget += cache_param->h2_rapid_reset_limit * d /
+ cache_param->h2_rapid_reset_period;
+ h2->rst_budget = vmin_t(double, h2->rst_budget,
+ cache_param->h2_rapid_reset_limit);
+ h2->last_rst = now;
+
+ if (h2->rst_budget < 1.0) {
+ Lck_Lock(&h2->sess->mtx);
+ VSLb(h2->vsl, SLT_Error, "H2: Hit RST limit. Closing session.");
+ Lck_Unlock(&h2->sess->mtx);
+ return (H2CE_RAPID_RESET);
+ }
+ h2->rst_budget -= 1.0;
+ return (0);
+}
+
static h2_error v_matchproto_(h2_rxframe_f)
h2_rx_rst_stream(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2)
{
+ h2_error h2e;
CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC);
ASSERT_RXTHR(h2);
@@ -316,8 +354,9 @@ h2_rx_rst_stream(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2)
return (H2CE_FRAME_SIZE_ERROR);
if (r2 == NULL)
return (0);
+ h2e = h2_rapid_reset(wrk, h2, r2);
h2_kill_req(wrk, h2, r2, h2_streamerror(vbe32dec(h2->rxf_data)));
- return (0);
+ return (h2e);
}
/**********************************************************************
diff --git a/bin/varnishd/http2/cache_http2_session.c b/bin/varnishd/http2/cache_http2_session.c
index 36d4a1c..f81c94a 100644
--- a/bin/varnishd/http2/cache_http2_session.c
+++ b/bin/varnishd/http2/cache_http2_session.c
@@ -128,6 +128,9 @@ h2_init_sess(const struct worker *wrk, struct sess *sp,
h2_local_settings(&h2->local_settings);
h2->remote_settings = H2_proto_settings;
h2->decode = decode;
+ h2->rst_budget = cache_param->h2_rapid_reset_limit;
+ h2->last_rst = sp->t_open;
+ AZ(isnan(h2->last_rst));
AZ(VHT_Init(h2->dectbl, h2->local_settings.header_table_size));
diff --git a/bin/varnishtest/tests/r03996.vtc b/bin/varnishtest/tests/r03996.vtc
new file mode 100644
index 0000000..3fee370
--- /dev/null
+++ b/bin/varnishtest/tests/r03996.vtc
@@ -0,0 +1,51 @@
+varnishtest "h2 rapid reset"
+
+barrier b1 sock 5
+
+server s1 {
+ rxreq
+ txresp
+} -start
+
+varnish v1 -cliok "param.set feature +http2"
+varnish v1 -cliok "param.set debug +syncvsl"
+varnish v1 -cliok "param.set h2_rapid_reset_limit 3"
+varnish v1 -cliok "param.set h2_rapid_reset 5"
+
+varnish v1 -vcl+backend {
+ import vtc;
+
+ sub vcl_recv {
+ vtc.barrier_sync("${b1_sock}");
+ }
+
+} -start
+
+client c1 {
+ stream 0 {
+ rxgoaway
+ expect goaway.err == ENHANCE_YOUR_CALM
+ } -start
+
+ stream 1 {
+ txreq
+ txrst
+ } -run
+ stream 3 {
+ txreq
+ txrst
+ } -run
+ stream 5 {
+ txreq
+ txrst
+ } -run
+ stream 7 {
+ txreq
+ txrst
+ } -run
+
+ barrier b1 sync
+ stream 0 -wait
+} -run
+
+varnish v1 -expect sc_rapid_reset == 1
diff --git a/include/tbl/h2_error.h b/include/tbl/h2_error.h
index e8104f8..11051de 100644
--- a/include/tbl/h2_error.h
+++ b/include/tbl/h2_error.h
@@ -147,5 +147,17 @@ H2_ERROR(
/* descr */ "Use HTTP/1.1 for the request"
)
+#ifdef H2_CUSTOM_ERRORS
+H2_ERROR(
+ /* name */ RAPID_RESET,
+ /* val */ 11, /* ENHANCE_YOUR_CALM */
+ /* types */ 1,
+ /* reason */ SC_RAPID_RESET,
+ /* descr */ "http/2 rapid reset detected"
+)
+
+# undef H2_CUSTOM_ERRORS
+#endif
+
#undef H2_ERROR
/*lint -restore */
diff --git a/include/tbl/params.h b/include/tbl/params.h
index cca420c..4014dd6 100644
--- a/include/tbl/params.h
+++ b/include/tbl/params.h
@@ -1217,6 +1217,47 @@ PARAM_SIMPLE(
"HTTP2 maximum size of an uncompressed header list."
)
+PARAM_SIMPLE(
+ /* name */ h2_rapid_reset,
+ /* typ */ timeout,
+ /* min */ "0.000",
+ /* max */ NULL,
+ /* def */ "1.000",
+ /* units */ "seconds",
+ /* descr */
+ "The upper threshold for how rapid an http/2 RST has to come for "
+ "it to be treated as suspect and subjected to the rate limits "
+ "specified by h2_rapid_reset_limit and h2_rapid_reset_period.",
+ /* flags */ EXPERIMENTAL,
+)
+
+PARAM_SIMPLE(
+ /* name */ h2_rapid_reset_limit,
+ /* typ */ uint,
+ /* min */ "0",
+ /* max */ NULL,
+ /* def */ "3600",
+ /* units */ NULL,
+ /* descr */
+ "HTTP2 RST Allowance.\n"
+ "Specifies the maximum number of allowed stream resets issued by\n"
+ "a client over a time period before the connection is closed.\n"
+ "Setting this parameter to 0 disables the limit.",
+ /* flags */ EXPERIMENTAL,
+)
+
+PARAM_SIMPLE(
+ /* name */ h2_rapid_reset_period,
+ /* typ */ timeout,
+ /* min */ "1.000",
+ /* max */ NULL,
+ /* def */ "60.000",
+ /* units */ "seconds",
+ /* descr */
+ "HTTP2 sliding window duration for h2_rapid_reset_limit.",
+ /* flags */ EXPERIMENTAL|WIZARD,
+)
+
/*--------------------------------------------------------------------
* Memory pool parameters
*/
diff --git a/include/tbl/sess_close.h b/include/tbl/sess_close.h
index 9748314..6d2f635 100644
--- a/include/tbl/sess_close.h
+++ b/include/tbl/sess_close.h
@@ -50,6 +50,7 @@ SESS_CLOSE(PIPE_OVERFLOW, pipe_overflow,1, "Session pipe overflow")
SESS_CLOSE(RANGE_SHORT, range_short, 1, "Insufficient data for range")
SESS_CLOSE(REQ_HTTP20, req_http20, 1, "HTTP2 not accepted")
SESS_CLOSE(VCL_FAILURE, vcl_failure, 1, "VCL failure")
+SESS_CLOSE(RAPID_RESET, rapid_reset, 1, "HTTP2 rapid reset")
#undef SESS_CLOSE
/*lint -restore */
diff --git a/include/vdef.h b/include/vdef.h
index a9111fe..c85bea8 100644
--- a/include/vdef.h
+++ b/include/vdef.h
@@ -106,6 +106,47 @@
# define v_dont_optimize
#endif
+/**********************************************************************
+ * Find the minimum or maximum values.
+ * Only evaluate the expression once and perform type checking.
+ */
+
+/* ref: https://stackoverflow.com/a/17624752 */
+
+#define VINDIRECT(a, b, c) a ## b ## c
+#define VCOMBINE(a, b, c) VINDIRECT(a, b, c)
+
+#if defined(__COUNTER__)
+# define VUNIQ_NAME(base) VCOMBINE(base, __LINE__, __COUNTER__)
+#else
+# define VUNIQ_NAME(base) VCOMBINE(base, __LINE__, 0)
+#endif
+
+#ifdef _lint
+#define typeof(x) __typeof__(x)
+#endif
+
+/* ref: https://gcc.gnu.org/onlinedocs/gcc/Typeof.html */
+
+#define _vtake(op, ta, tb, a, b, _va, _vb) \
+ ({ \
+ ta _va = (a); \
+ tb _vb = (b); \
+ (void)(&_va == &_vb); \
+ _va op _vb ? _va : _vb; \
+})
+
+#define opmin <
+#define opmax >
+#define vtake(n, ta, tb, a, b) _vtake(op ## n, ta, tb, a, b, \
+ VUNIQ_NAME(_v ## n ## A), VUNIQ_NAME(_v ## n ## B))
+
+#define vmin(a, b) vtake(min, typeof(a), typeof(b), a, b)
+#define vmax(a, b) vtake(max, typeof(a), typeof(b), a, b)
+
+#define vmin_t(type, a, b) vtake(min, type, type, a, b)
+#define vmax_t(type, a, b) vtake(max, type, type, a, b)
+
/*********************************************************************
* Pointer alignment magic
*/

View File

@ -0,0 +1,328 @@
commit bb44b34d5e9078ede3769ef519badb65d340351a
Author: Tomas Korbar <tkorbar@redhat.com>
Date: Wed Oct 18 12:32:24 2023 +0200
vcl_vrt: Skip VCL execution if the client is gone
Upstream PR #3998
and 4991d9f6e40f381d058a83fc21ceed90e34a822e for r03996.vtc
diff --git a/bin/varnishd/VSC_main.vsc b/bin/varnishd/VSC_main.vsc
index d55b9df..0978c2f 100644
--- a/bin/varnishd/VSC_main.vsc
+++ b/bin/varnishd/VSC_main.vsc
@@ -342,6 +342,15 @@
Number of times an HTTP/2 stream was refused because the queue was
too long already. See also parameter thread_queue_limit.
+.. varnish_vsc:: req_reset
+ :group: wrk
+ :oneliner: Requests reset
+
+ Number of times a client left before the VCL processing of its
+ requests completed. For HTTP/2 sessions, either the stream was
+ reset by an RST_STREAM frame from the client, or a stream or
+ connection error occurred.
+
.. varnish_vsc:: n_object
:type: gauge
:group: wrk
diff --git a/bin/varnishd/cache/cache_transport.h b/bin/varnishd/cache/cache_transport.h
index 3650291..be396b9 100644
--- a/bin/varnishd/cache/cache_transport.h
+++ b/bin/varnishd/cache/cache_transport.h
@@ -44,6 +44,7 @@ typedef void vtr_sess_panic_f (struct vsb *, const struct sess *);
typedef void vtr_req_panic_f (struct vsb *, const struct req *);
typedef void vtr_req_fail_f (struct req *, enum sess_close);
typedef void vtr_reembark_f (struct worker *, struct req *);
+typedef int vtr_poll_f (struct req *);
typedef int vtr_minimal_response_f (struct req *, uint16_t status);
struct transport {
@@ -64,6 +65,7 @@ struct transport {
vtr_sess_panic_f *sess_panic;
vtr_req_panic_f *req_panic;
vtr_reembark_f *reembark;
+ vtr_poll_f *poll;
vtr_minimal_response_f *minimal_response;
VTAILQ_ENTRY(transport) list;
diff --git a/bin/varnishd/cache/cache_vrt_vcl.c b/bin/varnishd/cache/cache_vrt_vcl.c
index 023ba00..2fbaff6 100644
--- a/bin/varnishd/cache/cache_vrt_vcl.c
+++ b/bin/varnishd/cache/cache_vrt_vcl.c
@@ -42,6 +42,7 @@
#include "vbm.h"
#include "cache_director.h"
+#include "cache_transport.h"
#include "cache_vcl.h"
#include "vcc_interface.h"
@@ -437,6 +438,40 @@ VRT_VCL_Allow_Discard(struct vclref **refp)
FREE_OBJ(ref);
}
+/*--------------------------------------------------------------------
+ */
+
+static int
+req_poll(struct worker *wrk, struct req *req)
+{
+ struct req *top;
+
+ /* NB: Since a fail transition leads to vcl_synth, the request may be
+ * short-circuited twice.
+ */
+ if (req->req_reset) {
+ wrk->handling = VCL_RET_FAIL;
+ return (-1);
+ }
+
+ top = req->top->topreq;
+ CHECK_OBJ_NOTNULL(top, REQ_MAGIC);
+ CHECK_OBJ_NOTNULL(top->transport, TRANSPORT_MAGIC);
+
+ if (!FEATURE(FEATURE_VCL_REQ_RESET))
+ return (0);
+ if (top->transport->poll == NULL)
+ return (0);
+ if (top->transport->poll(top) >= 0)
+ return (0);
+
+ VSLb_ts_req(req, "Reset", W_TIM_real(wrk));
+ wrk->stats->req_reset++;
+ wrk->handling = VCL_RET_FAIL;
+ req->req_reset = 1;
+ return (-1);
+}
+
/*--------------------------------------------------------------------
* Method functions to call into VCL programs.
*
@@ -468,6 +503,8 @@ vcl_call_method(struct worker *wrk, struct req *req, struct busyobj *bo,
CHECK_OBJ_NOTNULL(req->sp, SESS_MAGIC);
CHECK_OBJ_NOTNULL(req->vcl, VCL_MAGIC);
CHECK_OBJ_NOTNULL(req->top, REQTOP_MAGIC);
+ if (req_poll(wrk, req))
+ return;
VCL_Req2Ctx(&ctx, req);
}
assert(ctx.now != 0);
diff --git a/bin/varnishd/http2/cache_http2_session.c b/bin/varnishd/http2/cache_http2_session.c
index f81c94a..f978763 100644
--- a/bin/varnishd/http2/cache_http2_session.c
+++ b/bin/varnishd/http2/cache_http2_session.c
@@ -439,6 +439,16 @@ h2_new_session(struct worker *wrk, void *arg)
h2_del_sess(wrk, h2, h2->error->reason);
}
+static int v_matchproto_(vtr_poll_f)
+h2_poll(struct req *req)
+{
+ struct h2_req *r2;
+
+ CHECK_OBJ_NOTNULL(req, REQ_MAGIC);
+ CAST_OBJ_NOTNULL(r2, req->transport_priv, H2_REQ_MAGIC);
+ return (r2->error ? -1 : 1);
+}
+
struct transport H2_transport = {
.name = "H2",
.magic = TRANSPORT_MAGIC,
@@ -448,4 +458,5 @@ struct transport H2_transport = {
.req_body = h2_req_body,
.req_fail = h2_req_fail,
.sess_panic = h2_sess_panic,
+ .poll = h2_poll,
};
diff --git a/bin/varnishd/mgt/mgt_param_bits.c b/bin/varnishd/mgt/mgt_param_bits.c
index d6a9c3f..6d9b32a 100644
--- a/bin/varnishd/mgt/mgt_param_bits.c
+++ b/bin/varnishd/mgt/mgt_param_bits.c
@@ -276,7 +276,7 @@ struct parspec VSL_parspec[] = {
#undef DEBUG_BIT
},
{ "feature", tweak_feature, NULL,
- NULL, NULL, "default",
+ NULL, NULL, "+validate_headers +vcl_req_reset",
NULL,
"Enable/Disable various minor features.\n"
"\tdefault\tSet default value\n"
diff --git a/bin/varnishtest/tests/r03996.vtc b/bin/varnishtest/tests/r03996.vtc
index 3fee370..7faf783 100644
--- a/bin/varnishtest/tests/r03996.vtc
+++ b/bin/varnishtest/tests/r03996.vtc
@@ -1,6 +1,7 @@
varnishtest "h2 rapid reset"
-barrier b1 sock 5
+barrier b1 sock 2 -cyclic
+barrier b2 sock 5 -cyclic
server s1 {
rxreq
@@ -16,7 +17,10 @@ varnish v1 -vcl+backend {
import vtc;
sub vcl_recv {
- vtc.barrier_sync("${b1_sock}");
+ if (req.http.barrier) {
+ vtc.barrier_sync(req.http.barrier);
+ }
+ vtc.barrier_sync("${b2_sock}");
}
} -start
@@ -27,6 +31,41 @@ client c1 {
expect goaway.err == ENHANCE_YOUR_CALM
} -start
+ stream 1 {
+ txreq -hdr barrier ${b1_sock}
+ barrier b1 sync
+ txrst
+ } -run
+ stream 3 {
+ txreq -hdr barrier ${b1_sock}
+ barrier b1 sync
+ txrst
+ } -run
+ stream 5 {
+ txreq -hdr barrier ${b1_sock}
+ barrier b1 sync
+ txrst
+ } -run
+ stream 7 {
+ txreq -hdr barrier ${b1_sock}
+ barrier b1 sync
+ txrst
+ } -run
+
+ barrier b2 sync
+ stream 0 -wait
+} -run
+
+varnish v1 -expect sc_rapid_reset == 1
+
+varnish v1 -cliok "param.set feature -vcl_req_reset"
+
+client c2 {
+ stream 0 {
+ rxgoaway
+ expect goaway.err == ENHANCE_YOUR_CALM
+ } -start
+
stream 1 {
txreq
txrst
@@ -44,8 +83,8 @@ client c1 {
txrst
} -run
- barrier b1 sync
+ barrier b2 sync
stream 0 -wait
} -run
-varnish v1 -expect sc_rapid_reset == 1
+varnish v1 -expect sc_rapid_reset == 2
diff --git a/bin/varnishtest/tests/t02025.vtc b/bin/varnishtest/tests/t02025.vtc
new file mode 100644
index 0000000..3b7e90e
--- /dev/null
+++ b/bin/varnishtest/tests/t02025.vtc
@@ -0,0 +1,49 @@
+varnishtest "h2 reset interrupt"
+
+barrier b1 sock 2
+barrier b2 sock 2
+
+varnish v1 -cliok "param.set feature +http2"
+varnish v1 -cliok "param.set debug +syncvsl"
+varnish v1 -vcl {
+ import vtc;
+
+ backend be none;
+
+ sub vcl_recv {
+ vtc.barrier_sync("${b1_sock}");
+ vtc.barrier_sync("${b2_sock}");
+ }
+
+ sub vcl_miss {
+ vtc.panic("unreachable");
+ }
+} -start
+
+logexpect l1 -v v1 -g raw -i Debug {
+ expect * * Debug "^H2RXF RST_STREAM"
+} -start
+
+client c1 {
+ stream 1 {
+ txreq
+ barrier b1 sync
+ txrst
+ } -run
+} -start
+
+logexpect l1 -wait
+barrier b2 sync
+
+varnish v1 -vsl_catchup
+varnish v1 -expect req_reset == 1
+
+# NB: The varnishncsa command below shows a minimal pattern to collect
+# "rapid reset" suspects per session, with the IP address. Here rapid
+# is interpreted as before a second elapsed. Session VXIDs showing up
+# numerous times become increasingly more suspicious. The format can of
+# course be extended to add anything else useful for data mining.
+shell -expect "1000 ${localhost}" {
+ varnishncsa -n ${v1_name} -d \
+ -q 'Timestamp:Reset[2] < 1.0' -F '%{VSL:Begin[2]}x %h'
+}
diff --git a/doc/sphinx/reference/vsl.rst b/doc/sphinx/reference/vsl.rst
index cf63089..f1ed987 100644
--- a/doc/sphinx/reference/vsl.rst
+++ b/doc/sphinx/reference/vsl.rst
@@ -76,6 +76,11 @@ Resp
Restart
Client request is being restarted.
+Reset
+ The client closed its connection, reset its stream or caused
+ a stream error that forced Varnish to reset the stream. Request
+ processing is interrupted and considered failed.
+
Pipe handling timestamps
~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/include/tbl/feature_bits.h b/include/tbl/feature_bits.h
index d51b22c..3d6ac35 100644
--- a/include/tbl/feature_bits.h
+++ b/include/tbl/feature_bits.h
@@ -82,6 +82,11 @@ FEATURE_BIT(BUSY_STATS_RATE, busy_stats_rate,
"Make busy workers comply with thread_stats_rate."
)
+FEATURE_BIT(VCL_REQ_RESET, vcl_req_reset,
+ "Stop processing client VCL once the client is gone. "
+ "When this happens MAIN.req_reset is incremented."
+)
+
#undef FEATURE_BIT
/*lint -restore */
diff --git a/include/tbl/req_flags.h b/include/tbl/req_flags.h
index 2e82660..9e72312 100644
--- a/include/tbl/req_flags.h
+++ b/include/tbl/req_flags.h
@@ -41,6 +41,7 @@ REQ_FLAG(is_hitpass, 1, 0, "")
REQ_FLAG(waitinglist, 0, 0, "")
REQ_FLAG(want100cont, 0, 0, "")
REQ_FLAG(late100cont, 0, 0, "")
+REQ_FLAG(req_reset, 0, 0, "")
#undef REQ_FLAG
/*lint -restore */

File diff suppressed because it is too large Load Diff

40
varnish.params Normal file
View File

@ -0,0 +1,40 @@
# Varnish environment configuration description. This was derived from
# the old style sysconfig/defaults settings
# Set this to 1 to make systemd reload try to switch vcl without restart.
RELOAD_VCL=1
# Main configuration file. You probably want to change it.
VARNISH_VCL_CONF=/etc/varnish/default.vcl
# Default address and port to bind to. Blank address means all IPv4
# and IPv6 interfaces, otherwise specify a host name, an IPv4 dotted
# quad, or an IPv6 address in brackets.
# VARNISH_LISTEN_ADDRESS=192.168.1.5
VARNISH_LISTEN_PORT=6081
# Admin interface listen address and port
VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
VARNISH_ADMIN_LISTEN_PORT=6082
# Shared secret file for admin interface
VARNISH_SECRET_FILE=/etc/varnish/secret
# The minimum and maximum number of worker threads to start
VARNISH_MIN_THREADS=5
VARNISH_MAX_THREADS=1000
# Idle timeout for worker threads
VARNISH_THREAD_TIMEOUT=120
# Backend storage specification, see Storage Types in the varnishd(5)
# man page for details.
VARNISH_STORAGE="file,/var/lib/varnish/varnish_storage.bin,1G"
# Default TTL used when the backend does not specify one
VARNISH_TTL=120
# User and group for the varnishd worker processes
VARNISH_USER=varnish
VARNISH_GROUP=varnish

47
varnish.service Normal file
View File

@ -0,0 +1,47 @@
[Unit]
Description=Varnish a high-perfomance HTTP accelerator
After=syslog.target network.target
[Service]
#
# If you want to make changes to this file, please copy it to
# /etc/systemd/system/varnish.service and make your changes there.
# This will override the file kept at /lib/systemd/system/varnish.service
#
# Enviroment variables may be found in /etc/varnish/varnish.params
#
# Maximum number of open files (for ulimit -n)
LimitNOFILE=131072
# Locked shared memory (for ulimit -l)
# Default log size is 82MB + header
LimitMEMLOCK=82000
# Maximum size of the corefile.
LimitCORE=infinity
EnvironmentFile=/etc/varnish/varnish.params
Type=forking
PIDFile=/var/run/varnish.pid
PrivateTmp=true
ExecStart=/usr/sbin/varnishd \
-P /var/run/varnish.pid \
-f $VARNISH_VCL_CONF \
-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \
-T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \
-t $VARNISH_TTL \
-w ${VARNISH_MIN_THREADS},${VARNISH_MAX_THREADS},${VARNISH_THREAD_TIMEOUT} \
-u $VARNISH_USER \
-g $VARNISH_GROUP \
-S $VARNISH_SECRET_FILE \
-s $VARNISH_STORAGE \
$DAEMON_OPTS
ExecReload=/usr/sbin/varnish_reload_vcl
[Install]
WantedBy=multi-user.target

View File

@ -1,90 +1,135 @@
%global _hardened_build 1
%global debug_package %{nil}
%global _hardened_build 0
# https://github.com/varnishcache/varnish-cache/issues/2269
%global debug_package %{nil}
%if 0%{?rhel} == 7
%global _use_internal_dependency_generator 0
%global __find_provides %{_builddir}/%{name}-%{version}/find-provides %__find_provides
%global __python /usr/bin/python3.4
%else
%global __python %{__python3}
%endif
%global __provides_exclude_from ^%{_libdir}/varnish/vmods
%global abi 17c51b08e037fc8533fb3687a042a867235fc72f
%global vrt 13.0
# Package scripts are now external
# https://github.com/varnishcache/pkg-varnish-cache
%global commit1 0ad2f22629c4a368959c423a19e352c9c6c79682
%global commit1 ec7ad9e6c6dd7c9b4f4ba60c5b223376908c3ca6
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%bcond_without python2
%bcond_with python3
%if %{with python2} == %{with python3}
%error Pick exactly one Python version
%endif
Summary: High-performance HTTP accelerator
Name: varnish
Version: 6.0.8
Release: 2%{?dist}.1
Version: 6.6.2
Release: 6%{?dist}
License: BSD
Group: System Environment/Daemons
URL: https://www.varnish-cache.org/
Source0: http://varnish-cache.org/_downloads/%{name}-%{version}%{?vd_rc}.tgz
Source0: http://varnish-cache.org/_downloads/%{name}-%{version}.tgz
Source1: https://github.com/varnishcache/pkg-varnish-cache/archive/%{commit1}.tar.gz#/pkg-varnish-cache-%{shortcommit1}.tar.gz
Patch1: varnish-5.1.1.fix_ld_library_path_in_doc_build.patch
Patch4: varnish-4.0.3_fix_varnish4_selinux.el6.patch
Patch9: varnish-5.1.1.fix_python_version.patch
# https://github.com/varnishcache/varnish-cache/commit/5220c394232c25bb7a807a35e7394059ecefa821#diff-2279587378a4426edde05f42e1acca5e
Patch11: varnish-6.0.0.fix_el6_fortify_source.patch
# Patches:
# Patch 001: Because of Fedora's libtool no-rpath requirement, it is still
# necessary to add LD_LIBRARY_PATH when building the documentation
# (Fixed by using LT_SYS_LIBRARY_PATH)
#Patch1: varnish-6.1.1_fix_ld_library_path_in_doc_build.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2045031
Patch100: varnish-6.0.8.CVE-2022-23959.patch
# Patch 004: varnish selinux support for el6
#Patch4: varnish-4.0.3_fix_varnish4_selinux.el6.patch
# Patch 009: Hard code older python support in configure for older el releases
#Patch9: varnish-5.1.1.fix_python_version.patch
# Patch 012: Fix test for variants of ncurses, based on upstream commit 9bdc5f75, upstream issue #2668
#Patch12: varnish-6.0.1_fix_bug2668.patch
# Patch 013: Just a simple format error
#Patch13: varnish-6.1.0_fix_testu00008.patch
# Patch 014: Another formatting error fixed upstream, issue 2879
#Patch14: varnish-6.1.1_fix_upstrbug_2879.patch
# Patch 015: pcre-jit fixed upstream, issue #2912
#Patch15: varnish-6.1.1_fix_issue_2912.patch
# Patch 016: Fix some warnings that prohibited clean -Werror compilation
# on el6. Will not be fixed upstream. Patch grows more stupid
# for each iteration :-(
#Patch16: varnish-6.5.0_el6_fix_warning_from_old_gcc.patch
# Patch 017: Fix stack size on ppc64 in test c_00057, upstream commit 88948d9
#Patch17: varnish-6.2.0_fix_ppc64_for_test_c00057.patch
# Patch 018: gcc-10.0.1/s390x compilation fix, upstream commit b0af060
#Patch18: varnish-6.3.2_fix_s390x.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2141844
Patch101: varnish-6.0.8-CVE-2022-45060.patch
Patch100: varnish-6.6.2-CVE-2022-45060.patch
Obsoletes: varnish-libs
# https://issues.redhat.com/browse/RHEL-12818
Patch101: varnish-6.6.2-CVE-2023-44487-rate_limit.patch
%if %{with python3}
BuildRequires: python3, python3-sphinx, python3-docutils
# https://issues.redhat.com/browse/RHEL-12818
Patch102: varnish-6.6.2-CVE-2023-44487-vcl_vrt.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2271486
Patch103: varnish-6.6.2-CVE-2024-30156.patch
%if 0%{?fedora} > 29
Provides: varnish%{_isa} = %{version}-%{release}
Provides: varnishd(abi)%{_isa} = %{abi}
Provides: varnishd(vrt)%{_isa} = %{vrt}
Provides: vmod(blob)%{_isa} = %{version}-%{release}
Provides: vmod(directors)%{_isa} = %{version}-%{release}
Provides: vmod(proxy)%{_isa} = %{version}-%{release}
Provides: vmod(purge)%{_isa} = %{version}-%{release}
Provides: vmod(std)%{_isa} = %{version}-%{release}
Provides: vmod(unix)%{_isa} = %{version}-%{release}
Provides: vmod(vtc)%{_isa} = %{version}-%{release}
%endif
Obsoletes: varnish-libs < %{version}-%{release}
%if 0%{?rhel} == 7
BuildRequires: python34 python34-sphinx python34-docutils
%else
%if 0%{?rhel} >= 6
BuildRequires: python-sphinx
%endif
BuildRequires: python-docutils
BuildRequires: python3, python3-sphinx, python3-docutils
%endif
# Drop jemalloc dependency in RHEL-9
# BuildRequires: jemalloc-devel
BuildRequires: libedit-devel
BuildRequires: ncurses-devel
BuildRequires: pcre-devel
BuildRequires: pkgconfig
BuildRequires: gcc
BuildRequires: make
BuildRequires: graphviz
# Extra requirements for the build suite
BuildRequires: nghttp2
%if 0%{?rhel} == 6
BuildRequires: selinux-policy
%endif
# haproxy is broken in rawhide now
#if 0#{?fedora} || 0#{?rhel} >= 8
#BuildRequires: haproxy
#endif
Requires: logrotate
Requires: ncurses
Requires: pcre
# Drop jemalloc dependency in RHEL-9
# Requires: jemalloc
Requires: redhat-rpm-config
Requires(pre): shadow-utils
Requires(post): /usr/bin/uuidgen
# Varnish actually needs gcc installed to work. It uses the C compiler
# at runtime to compile the VCL configuration files. This is by design.
Requires: gcc
%if 0%{?fedora} >= 17 || 0%{?rhel} >= 7
Requires(post): systemd-units
Requires(post): systemd-sysv
Requires(preun): systemd-units
Requires(postun): systemd-units
BuildRequires: systemd-units
%endif
%if 0%{?rhel} == 6
Requires: %{name}-selinux
Requires(post): policycoreutils,
Requires(preun): policycoreutils
Requires(postun): policycoreutils
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig
Requires(preun): /sbin/service
%endif
%description
This is Varnish Cache, a high-performance HTTP accelerator.
@ -99,124 +144,95 @@ available on: https://www.varnish-cache.org/
%package devel
Summary: Development files for %{name}
Group: Development/Libraries
BuildRequires: ncurses-devel
#BuildRequires: ncurses-devel
Provides: varnish-libs-devel%{?isa} = %{version}-%{release}
Provides: varnish-libs-devel = %{version}-%{release}
Obsoletes: varnish-libs-devel
%if %{with python2}
Requires: python
%endif
Obsoletes: varnish-libs-devel < %{version}-%{release}
Requires: %{name} = %{version}-%{release}
Requires: python3
%description devel
Development files for %{name}
Varnish Cache is a high-performance HTTP accelerator
%package docs
Summary: Documentation files for %name
Group: Documentation
%description docs
Documentation files for %name
%if 0%{?rhel} == 6
%package selinux
Summary: Minimal selinux policy for running varnish
Group: System Environment/Daemons
%description selinux
Minimal selinux policy for running varnish4
%endif
%prep
%setup -q -n varnish-%{version}%{?vd_rc}
%setup -q
tar xzf %SOURCE1
ln -s pkg-varnish-cache-%{commit1}/redhat redhat
ln -s pkg-varnish-cache-%{commit1}/debian debian
cp redhat/find-provides .
%if 0%{?rhel} == 6
cp pkg-varnish-cache-%{commit1}/sysv/redhat/* redhat/
sed -i '8 i\RPM_BUILD_ROOT=%{buildroot}' find-provides
%endif
sed -i 's,rst2man-3.6,rst2man-3.4,g; s,rst2html-3.6,rst2html-3.4,g; s,phinx-build-3.6,phinx-build-3.4,g' configure
%patch1 -p1
%if 0%{?rhel} == 6
%patch4 -p0
%patch9 -p0
%patch11 -p0
%endif
%patch100 -p1
%patch101 -p1
%patch100 -p1 -b .CVE-2022-45060
%patch101 -p1 -b .CVE-2023-44487
%patch102 -p1 -b .CVE-2023-44487-vcl
%patch103 -p1 -b .CVE-2024-30156
%build
%if 0%{?rhel} == 6
export CFLAGS="%{optflags} -fPIC"
export LDFLAGS=" -pie"
%endif
# https://gcc.gnu.org/wiki/FAQ#PR323
%ifarch %ix86
%if 0%{?fedora} > 21
export CFLAGS="%{optflags} -ffloat-store -fexcess-precision=standard"
%endif
%if 0%{?rhel} >= 6
export CFLAGS="%{optflags} -fPIC -ffloat-store"
%endif
%ifarch s390x
export CFLAGS="%{optflags} -Wno-error=free-nonheap-object"
%endif
# What gcc version is this?
gcc --version
# What is the page size
getconf PAGESIZE
# Man pages are prebuilt. No need to regenerate them.
export RST2MAN=/bin/true
# Explicit python, please
export PYTHON=%{__python}
%configure --disable-static \
--with-jemalloc=no \
%configure LT_SYS_LIBRARY_PATH=%_libdir \
--disable-static \
--localstatedir=/var/lib \
--docdir=%{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
#ifarch x86_64 #arm
--docdir=%{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}} \
--without-jemalloc \
# --disable-pcre-jit \
#endif
# We have to remove rpath - not allowed in Fedora
# (This problem only visible on 64 bit arches)
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g;
s|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
# I'll never understand libtool
mkdir lib/libvarnishapi/.libs
pushd lib/libvarnishapi/.libs
ln -s libvarnishapi.so libvarnishapi.so.1
popd
# Upstream github issue #2265
%if 0%{?rhel} == 6
sed -i 's/-Werror$//g;' bin/varnishd/Makefile
sed -i 's/-Werror$//g;' lib/libvarnishapi/Makefile
%endif
make %{?_smp_mflags} V=1
# One varnish user is enough
sed -i 's,User=varnishlog,User=varnish,g;' redhat/varnishncsa.service
# Explicit python, please
%if %{with python2}
sed -i 's/env python3/python2/g;' lib/libvcc/vmodtool.py lib/libvcc/vsctool.py
%else
sed -i 's/env python3/python3/g;' lib/libvcc/vmodtool.py lib/libvcc/vsctool.py
%endif
# Clean up the html documentation
rm -rf doc/html/_sources
%check
%ifarch ppc64 ppc64le aarch64
sed -i 's/48/128/g;' bin/varnishtest/tests/c00057.vtc
# Remove this for now. Hard to get the size and timing right
%ifarch s390 s390x aarch64
rm bin/varnishtest/tests/o00005.vtc
%endif
#make %{?_smp_mflags} check LD_LIBRARY_PATH="%{buildroot}%{_libdir}:%{buildroot}%{_libdir}/%{name}" VERBOSE=1
# disable test because of CVE-2023-44487 fix
# https://github.com/varnishcache/varnish-cache/pull/3998#issuecomment-1764649216
rm bin/varnishtest/tests/t02014.vtc
make %{?_smp_mflags} check VERBOSE=1
%install
rm -rf %{buildroot}
make install DESTDIR=%{buildroot} INSTALL="install -p"
# mock el7 defaults to LANG=C, which makes python3 fail when parsing utf8 text
%if 0%{?rhel} == 7
export LANG=en_US.UTF-8
%endif
%{make_install}
# None of these for fedora
find %{buildroot}/%{_libdir}/ -name '*.la' -exec rm -f {} ';'
@ -230,33 +246,20 @@ install -D -m 0644 redhat/varnish.logrotate %{buildroot}%{_sysconfdir}/logrotate
install -D -m 0644 include/vcs_version.h %{buildroot}%{_includedir}/varnish
install -D -m 0644 include/vrt.h %{buildroot}%{_includedir}/varnish
# systemd support
%if 0%{?fedora} >= 17 || 0%{?rhel} >= 7
mkdir -p %{buildroot}%{_unitdir}
install -D -m 0644 redhat/varnish.service %{buildroot}%{_unitdir}/varnish.service
install -D -m 0644 redhat/varnishncsa.service %{buildroot}%{_unitdir}/varnishncsa.service
# default is standard sysvinit
%else
install -D -m 0644 redhat/varnish.sysconfig %{buildroot}%{_sysconfdir}/sysconfig/varnish
install -D -m 0755 redhat/varnish.initrc %{buildroot}%{_initrddir}/varnish
install -D -m 0755 redhat/varnishncsa.initrc %{buildroot}%{_initrddir}/varnishncsa
%endif
install -D -m 0755 redhat/varnishreload %{buildroot}%{_sbindir}/varnishreload
echo %{_libdir}/varnish > %{buildroot}%{_sysconfdir}/ld.so.conf.d/varnish-%{_arch}.conf
# No idea why these ends up with mode 600 in the debug package
%if 0%{debug_package}
chmod 644 lib/libvmod_*/*.c
chmod 644 lib/libvmod_*/*.h
# selinux module for el6
%if 0%{?rhel} == 6
cd selinux
make -f %{_datadir}/selinux/devel/Makefile
install -p -m 644 -D varnish4.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/varnish4.pp
%endif
%files
%{_sbindir}/*
%{_bindir}/*
@ -276,18 +279,9 @@ install -p -m 644 -D varnish4.pp %{buildroot}%{_datadir}/selinux/packages/%{name
%config %{_sysconfdir}/ld.so.conf.d/varnish-%{_arch}.conf
# systemd from fedora 17 and rhel 7
%if 0%{?fedora} >= 17 || 0%{?rhel} >= 7
%{_unitdir}/varnish.service
%{_unitdir}/varnishncsa.service
# default is standard sysvinit
%else
%config(noreplace) %{_sysconfdir}/sysconfig/varnish
%{_initrddir}/varnish
%{_initrddir}/varnishncsa
%endif
%files devel
%license LICENSE
%doc README.rst
@ -302,10 +296,6 @@ install -p -m 644 -D varnish4.pp %{buildroot}%{_datadir}/selinux/packages/%{name
%doc doc/html
%doc doc/changes*.html
%if 0%{?rhel} == 6
%files selinux
%{_datadir}/selinux/packages/%{name}/varnish4.pp
%endif
%pre
getent group varnish >/dev/null || groupadd -r varnish
@ -314,98 +304,180 @@ getent passwd varnish >/dev/null || \
-c "Varnish Cache" varnish
exit 0
%post
%if 0%{?fedora} >= 17 || 0%{?rhel} >= 7
%systemd_post varnish.service
# Other distros: Use chkconfig
%else
/sbin/chkconfig --add varnish
/sbin/chkconfig --add varnishncsa
%endif
%systemd_post varnish varnishncsa
/sbin/ldconfig
# Previous versions had varnishlog and varnishncsa running as root
chown varnish:varnish /var/log/varnish/varnishncsa.log 2>/dev/null || true
test -f /etc/varnish/secret || (uuidgen > /etc/varnish/secret && chmod 0600 /etc/varnish/secret)
# selinux module for el6
%if 0%{?rhel} == 6
%post selinux
if [ "$1" -le "1" ] ; then # First install
semodule -i %{_datadir}/selinux/packages/%{name}/varnish4.pp 2>/dev/null || :
fi
%preun selinux
if [ "$1" -lt "1" ] ; then # Final removal
semodule -r varnish4 2>/dev/null || :
fi
%postun
%if 0%{?fedora} >= 18 || 0%{?rhel} >= 7
%systemd_postun_with_restart varnish.service
%endif
%systemd_postun_with_restart varnish varnishncsa
/sbin/ldconfig
%postun selinux
if [ "$1" -ge "1" ] ; then # Upgrade
semodule -i %{_datadir}/selinux/packages/%{name}/varnish4.pp 2>/dev/null || :
fi
%endif
%preun
%if 0%{?fedora} >= 18 || 0%{?rhel} >= 7
%systemd_preun varnish.service
%else
if [ $1 -lt 1 ]; then
# Package removal, not upgrade
%if 0%{?fedora} >= 17 || 0%{?rhel} >= 7
/bin/systemctl --no-reload disable varnish.service > /dev/null 2>&1 || :
/bin/systemctl stop varnish.service > /dev/null 2>&1 || :
/bin/systemctl stop varnishncsa.service > /dev/null 2>&1 || :
%else
/sbin/service varnish stop > /dev/null 2>&1
/sbin/service varnishncsa stop > /dev/null 2>%1
/sbin/chkconfig --del varnish
/sbin/chkconfig --del varnishncsa
%endif
fi
%endif
%systemd_preun varnish varnishncsa
%changelog
* Mon Nov 14 2022 Luboš Uhliarik <luhliari@redhat.com> - 6.0.8-2.1
- Resolves: #2142092 - CVE-2022-45060 varnish:6/varnish: Request Forgery
Vulnerability
* Tue Apr 16 2024 Luboš Uhliarik <luhliari@redhat.com> - 6.6.2-6
- Resolves: RHEL-30337 - varnish: HTTP/2 Broken Window Attack may result
in denial of service (CVE-2024-30156)
* Tue Feb 01 2022 Luboš Uhliarik <luhliari@redhat.com> - 6.0.8-2
- Resolves: #2047650 - CVE-2022-23959 varnish:6/varnish: Varnish HTTP/1 Request
Smuggling Vulnerability
* Fri Oct 20 2023 Tomas Korbar <tkorbar@redhat.com> - 6.6.2-5
- Add parameters h2_rst_allowance and h2_rst_allowance_period to mitigate CVE-2023-44487
- Resolves: RHEL-12818
* Thu Jul 22 2021 Luboš Uhliarik <luhliari@redhat.com> - 6.0.8-1
- new version 6.0.8
- Resolves: #1982862 - CVE-2021-36740 varnish:6/varnish: HTTP/2 request
smuggling attack via a large Content-Length header for a POST request
* Mon Dec 05 2022 Luboš Uhliarik <luhliari@redhat.com> - 6.6.2-3
- Resolves: #2142096 - CVE-2022-45060 varnish: Request Forgery Vulnerability
* Tue Apr 14 2020 Lubos Uhliarik <luhliari@redhat.com> - 6.0.6-2
- new version 6.0.6
- Resolves: #1795673 - RFE: rebase varnish:6 to latest 6.0.x LTS
- Resolves: #1790907 - CVE-2019-20637 varnish: not clearing pointer between two
client requests leads to information disclosure
- Resolves: #1763958 - CVE-2019-15892 varnish:6/varnish: denial of service
handling certain crafted HTTP/1 requests
* Thu Feb 17 2022 Luboš Uhliarik <luhliari@redhat.com> - 6.6.2-2
- new version 6.6.2
- Resolves: #2007641 - rebase Varnish to 6.6.2
* Mon Oct 08 2018 Lubos Uhliarik <luhliari@redhat.com> - 6.0.2-1
- new version 6.0.2 (#1633338)
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 6.5.2-2
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Aug 01 2018 Luboš Uhliarik <luhliari@redhat.com> - 6.0.0-3
- Resolves: #1591765 - varnish: Remove dependency on jemalloc
* Wed Jul 21 2021 Luboš Uhliarik <luhliari@redhat.com> - 6.5.2-1
- new version 6.5.2
- Resolves: #1984185 - Rebase varnish to 6.5.2
- Resolves: #1982858 - CVE-2021-36740 varnish: HTTP/2 request smuggling attack
via a large Content-Length header for a POST request
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 6.5.1-5
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Wed Feb 24 2021 Lubos Uhliarik <luhliari@redhat.com> - 6.5.1-4
- Resolves: #1918406 - Drop jemalloc dependency in RHEL 9
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 6.5.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Thu Jan 21 2021 Ingvar Hagelund <ingvar@redpill-linpro.com> 6.5.1-2
- Pulled support for el6
- Pulled support for sysvinit
- aarch64 builds now with jemalloc again on el7
* Fri Sep 25 2020 Ingvar Hagelund <ingvar@redpill-linpro.com> 6.5.1-1
- New upstream release varnish-6.5.1
* Wed Sep 16 2020 Ingvar Hagelund <ingvar@redpill-linpro.com> 6.5.0-1
- New upstream release varnish-6.5.0
- Respun silly patch to get rid of compiler warnings on el6
* Tue Aug 04 2020 Ingvar Hagelund <ingvar@redpill-linpro.com> 6.4.0-4
- Added -Wno-error=free-nonheap-object to CFLAGS to build on s390x
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 6.4.0-3
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 6.4.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Mar 16 2020 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.4.0-1
- New upstream release
- Respin patches for 6.4.0
- Removed patches merged upstream
- Deactivated a test on s390*. Too hard to get size and timing right
* Wed Feb 12 2020 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.3.2-3
- Got corrected compilation fix patch from upstream
* Tue Feb 11 2020 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.3.2-2
- Added simple compilation fix for gcc-10.0.1/s390x
* Tue Feb 11 2020 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.3.2-1
- New upstream release, a security release. Includes fix for VSV00005
- Added new checkout of pkg-varnish
- Temporarily disable haproxy unit tests, as haproxy seems broken in rawhide
* Mon Feb 10 2020 Joe Orton <jorton@redhat.com> - 6.3.1-3
- drop buildreq on (retired) vttest (#1800232)
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 6.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Tue Oct 22 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.3.1-1
- New upstream release. A security release. Includes fix for VSV00004
* Fri Sep 20 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.3.0-2
- Respin patch for el6
* Mon Sep 16 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.3.0-1
- New upstream release
* Wed Sep 04 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.2.1-4
- New upstream release. A security release. Includes fix for CVE-2019-15892
* Thu Aug 08 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.2.0-4
- Pull in extra requirements to the build requirements to run more
tests (on fedora: haproxy, vttest)
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 6.2.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Apr 04 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.2.0-2
- Run configure with LT_SYS_LIBRARY_PATH, removing the need for
killing RPATH in libtool with sed and scattering LD_LIBRARY_PATH around
with patches
- Some explicit python version fixes needed for el7 python34 vs python36
- aarch64 now builds with jemalloc again on fedora
* Fri Mar 15 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.2.0-1
- New upstream release varnish-6.2
- Removed patches merged upstream
- Remove misc sed hacks for bugs that are fixed upstream
- Added a patch for gcc-4.4 -Werror support on el6
- Added a patch from upstream to fix too small thread pool stack in a test
- Override macro __python to make brp-python-bytecompile choose python3
- Explicitly use python-3.4
- Switch to make_install macro
- Better documentation of patches
- Updated checkout of pkg-varnish-cache
* Thu Mar 07 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.1.1-5
- Adding a patch based on upstream commits, fixing pcre-jit, see
upstream bug 2912
* Thu Feb 14 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.1.1-4
- Adding a patch from upstream fixing a simple formatting bug on gcc-9
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 6.1.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Nov 07 2018 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.1.1-2
- Respun ld_library_path patch for varnish-6.1.1
* Wed Nov 07 2018 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.1.1-1
- New upstream release
* Tue Nov 06 2018 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.1.0-3
- Dropped the depricated external dependency generator in Fedora
- Hard coded vmod, abi and vrt provides
* Fri Nov 02 2018 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.1.0-2
- Added a patch to fix a failing test in the testsuite
* Fri Nov 02 2018 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.1.0-1
- New upstream release
- Respin patches for 6.1.0
- Disable pcre-jit for now, ref upstream bug #2817
* Tue Oct 09 2018 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.0.1-3
- Explicitly using utf8 under install on el6 and el7 for python quirks
* Tue Oct 09 2018 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.0.1-2
- Explicitly using python3 on all targets
* Thu Sep 27 2018 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.0.1-1
- New upstream release
- Removed graphciz from BuildRequires. It is not used
- Removed patch for fortify_source on el6. It is merged upstream
- Small workaround for test suite problem with old readline/curses on el6
- Supports bcond_with python3, for simpler future deprication of python2
- Added -fno-exceptions to CFLAGS on el6, see upstream issue #2793
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 6.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

11
varnishlog.service Normal file
View File

@ -0,0 +1,11 @@
[Unit]
Description=Varnish HTTP accelerator logging daemon
After=network.target
[Service]
Type=forking
PIDFile=/run/varnishlog.pid
ExecStart=/usr/bin/varnishlog -a -w /var/log/varnish/varnish.log -D -P /run/varnishlog.pid
[Install]
WantedBy=multi-user.target

11
varnishncsa.service Normal file
View File

@ -0,0 +1,11 @@
[Unit]
Description=Varnish NCSA logging
After=network.target
[Service]
Type=forking
PIDFile=/run/varnishncsa.pid
ExecStart=/usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log -D -P /run/varnishncsa.pid
[Install]
WantedBy=multi-user.target