Compare commits
No commits in common. "c8-stream-6" and "c9s" have entirely different histories.
c8-stream-
...
c9s
50
.gitignore
vendored
50
.gitignore
vendored
@ -1,2 +1,48 @@
|
||||
SOURCES/pkg-varnish-cache-0ad2f22.tar.gz
|
||||
SOURCES/varnish-6.0.8.tgz
|
||||
varnish-2.0.6.tar.gz
|
||||
varnish-2.1.2.tar.gz
|
||||
varnish-2.1.3.tar.gz
|
||||
/varnish-2.1.4.tar.gz
|
||||
/varnish-2.1.5.tar.gz
|
||||
/varnish-3.0.2.tar.gz
|
||||
/varnish-3.0.3.tar.gz
|
||||
/varnish-3.0.4.tar.gz
|
||||
/varnish-3.0.5.tar.gz
|
||||
/varnish-4.0.0.tar.gz
|
||||
/varnish-4.0.1.tar.gz
|
||||
/varnish-4.0.2.tar.gz
|
||||
/varnish-4.0.3.tar.gz
|
||||
/varnish-4.1.0.tar.gz
|
||||
/varnish-cache-redhat-f3dbcce.tar.gz
|
||||
/pkg-varnish-cache-105f20b.tar.gz
|
||||
/varnish-4.1.1.tar.gz
|
||||
/varnish-4.1.2.tar.gz
|
||||
/varnish-4.1.2_fix_python24.el5.patch
|
||||
/pkg-varnish-cache-eff850c.tar.gz
|
||||
/varnish-4.1.3.tar.gz
|
||||
/pkg-varnish-cache-4e27994.tar.gz
|
||||
/varnish-5.0.0.tar.gz
|
||||
/pkg-varnish-cache-502fcc0.tar.gz
|
||||
/varnish-5.1.1.tar.gz
|
||||
/pkg-varnish-cache-92373fe.tar.gz
|
||||
/pkg-varnish-cache-5b97619.tar.gz
|
||||
/varnish-5.1.2.tar.gz
|
||||
/varnish-5.1.3.tar.gz
|
||||
/varnish-5.2.0.tgz
|
||||
/varnish-5.2.1.tgz
|
||||
/pkg-varnish-cache-0ad2f22.tar.gz
|
||||
/varnish-6.0.0.tgz
|
||||
/varnish-6.0.1.tgz
|
||||
/varnish-6.1.0.tgz
|
||||
/varnish-6.1.1.tgz
|
||||
/varnish-6.2.0.tgz
|
||||
/pkg-varnish-cache-114fcdd.tar.gz
|
||||
/varnish-6.2.1.tgz
|
||||
/varnish-6.3.0.tgz
|
||||
/varnish-6.3.1.tgz
|
||||
/pkg-varnish-cache-ec7ad9e.tar.gz
|
||||
/varnish-6.3.2.tgz
|
||||
/varnish-6.4.0.tgz
|
||||
/varnish-6.5.0.tgz
|
||||
/varnish-6.5.1.tgz
|
||||
/varnish-6.5.2.tgz
|
||||
/varnish-6.6.2.tgz
|
||||
|
@ -1,2 +0,0 @@
|
||||
db2cd6c296e7f19d65c09e642b7011338d9d0e04 SOURCES/pkg-varnish-cache-0ad2f22.tar.gz
|
||||
7c5e50eabcd3c0ddb6c463ba4645678a2f71233a SOURCES/varnish-6.0.8.tgz
|
@ -1,13 +0,0 @@
|
||||
diff --git a/bin/varnishd/cache/cache_req_body.c b/bin/varnishd/cache/cache_req_body.c
|
||||
index 463b75b..982bd73 100644
|
||||
--- a/bin/varnishd/cache/cache_req_body.c
|
||||
+++ b/bin/varnishd/cache/cache_req_body.c
|
||||
@@ -254,6 +254,8 @@ VRB_Ignore(struct req *req)
|
||||
if (req->req_body_status == REQ_BODY_WITH_LEN ||
|
||||
req->req_body_status == REQ_BODY_WITHOUT_LEN)
|
||||
(void)VRB_Iterate(req, httpq_req_body_discard, NULL);
|
||||
+ if (req->req_body_status == REQ_BODY_FAIL)
|
||||
+ req->doclose = SC_RX_BODY;
|
||||
return(0);
|
||||
}
|
||||
|
9
gating.yaml
Normal file
9
gating.yaml
Normal file
@ -0,0 +1,9 @@
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-9
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier2.functional}
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier3.functional}
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.acceptance-tier.functional}
|
2
sources
Normal file
2
sources
Normal file
@ -0,0 +1,2 @@
|
||||
SHA512 (varnish-6.6.2.tgz) = 8fa163678e2e454fcc959ba24f349de00e6c00357df55f37f12f0d3acbcb2799b2f376385cef2d40c14a4cc44a5eea1b5a3fbf6245961611d4fc3ea30699035d
|
||||
SHA512 (pkg-varnish-cache-ec7ad9e.tar.gz) = 146aacec76b2ca641bb8bc9dda49e82d28740dbcba034e73a8d39387696f10fa3108ab124a078e900865388217352d112f63f6fe9ef7b23e20bc699441aab4f2
|
11
varnish-4.1.0.fix_find-provides.patch
Normal file
11
varnish-4.1.0.fix_find-provides.patch
Normal file
@ -0,0 +1,11 @@
|
||||
--- redhat/find-provides.orig 2015-10-04 16:55:34.057574682 +0200
|
||||
+++ redhat/find-provides 2015-10-04 16:56:04.120280796 +0200
|
||||
@@ -9,8 +9,6 @@
|
||||
/usr/lib/rpm/find-provides "$@"
|
||||
fi
|
||||
|
||||
-# We don't install vcs_version.h, so we can't use RPM_BUILD_ROOT directly.
|
||||
-cd /builddir/build/BUILD/varnish* || true
|
||||
cd ${RPM_BUILD_ROOT}/../../BUILD/varnish* || true
|
||||
|
||||
printf '#include "vcs_version.h"\nVCS_Version\n' \
|
41
varnish-5.1.1.fix_ld_library_path_in_doc_build.patch
Normal file
41
varnish-5.1.1.fix_ld_library_path_in_doc_build.patch
Normal file
@ -0,0 +1,41 @@
|
||||
--- doc/sphinx/Makefile.in.orig 2017-03-16 16:01:18.440999286 +0100
|
||||
+++ doc/sphinx/Makefile.in 2017-03-16 16:02:38.557728852 +0100
|
||||
@@ -626,28 +626,38 @@
|
||||
# XXX add varnishstat here when it's been _opt2rst'ed
|
||||
|
||||
include/varnishncsa_options.rst: $(top_builddir)/bin/varnishncsa/varnishncsa
|
||||
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
|
||||
$(top_builddir)/bin/varnishncsa/varnishncsa --options > $@
|
||||
include/varnishncsa_synopsis.rst: $(top_builddir)/bin/varnishncsa/varnishncsa
|
||||
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
|
||||
$(top_builddir)/bin/varnishncsa/varnishncsa --synopsis > $@
|
||||
|
||||
include/varnishlog_options.rst: $(top_builddir)/bin/varnishlog/varnishlog
|
||||
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
|
||||
$(top_builddir)/bin/varnishlog/varnishlog --options > $@
|
||||
include/varnishlog_synopsis.rst: $(top_builddir)/bin/varnishlog/varnishlog
|
||||
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
|
||||
$(top_builddir)/bin/varnishlog/varnishlog --synopsis > $@
|
||||
|
||||
include/varnishtop_options.rst: $(top_builddir)/bin/varnishtop/varnishtop
|
||||
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
|
||||
$(top_builddir)/bin/varnishtop/varnishtop --options > $@
|
||||
include/varnishtop_synopsis.rst: $(top_builddir)/bin/varnishtop/varnishtop
|
||||
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
|
||||
$(top_builddir)/bin/varnishtop/varnishtop --synopsis > $@
|
||||
|
||||
include/varnishhist_options.rst: $(top_builddir)/bin/varnishhist/varnishhist
|
||||
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
|
||||
$(top_builddir)/bin/varnishhist/varnishhist --options > $@
|
||||
include/varnishhist_synopsis.rst: $(top_builddir)/bin/varnishhist/varnishhist
|
||||
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
|
||||
$(top_builddir)/bin/varnishhist/varnishhist --synopsis > $@
|
||||
|
||||
include/varnishstat_options.rst: $(top_builddir)/bin/varnishstat/varnishstat
|
||||
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
|
||||
$(top_builddir)/bin/varnishstat/varnishstat --options > $@
|
||||
include/varnishstat_synopsis.rst: $(top_builddir)/bin/varnishstat/varnishstat
|
||||
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
|
||||
$(top_builddir)/bin/varnishstat/varnishstat --synopsis > $@
|
||||
|
||||
include/vsl-tags.rst: $(top_builddir)/lib/libvarnishapi/vsl2rst
|
66
varnish-5.2.1-python3.patch
Normal file
66
varnish-5.2.1-python3.patch
Normal file
@ -0,0 +1,66 @@
|
||||
From 17c92e43fda114bf5341e51d752e882238b8fe8c Mon Sep 17 00:00:00 2001
|
||||
From: Nils Goroll <nils.goroll@uplex.de>
|
||||
Date: Thu, 5 Oct 2017 13:39:23 +0200
|
||||
Subject: [PATCH] hack up vsctool to work with python 2 and 3
|
||||
|
||||
StringIO does not exist any more in python3, yet requiring 2.7 would
|
||||
not pave the path forward, so try to be compatible with both.
|
||||
|
||||
Works for me on Python 2.7.9 and Python 3.4
|
||||
|
||||
I would appreciate if someone more fluent in serpentinous programming
|
||||
language reviewed and/or rewrote this.
|
||||
---
|
||||
lib/libvcc/vsctool.py | 24 ++++++++++++++++++++----
|
||||
1 file changed, 20 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/lib/libvcc/vsctool.py b/lib/libvcc/vsctool.py
|
||||
index 854968e3b..829c6e518 100644
|
||||
--- a/lib/libvcc/vsctool.py
|
||||
+++ b/lib/libvcc/vsctool.py
|
||||
@@ -37,7 +37,10 @@
|
||||
import json
|
||||
import sys
|
||||
import gzip
|
||||
-import StringIO
|
||||
+try:
|
||||
+ import StringIO
|
||||
+except ImportError:
|
||||
+ import io
|
||||
import collections
|
||||
import struct
|
||||
|
||||
@@ -54,9 +57,22 @@
|
||||
"format": [ "integer", FORMATS],
|
||||
}
|
||||
|
||||
+# http://python3porting.com/problems.html#bytes-strings-and-unicode
|
||||
+if sys.version_info < (3,):
|
||||
+ def b(x):
|
||||
+ return x
|
||||
+else:
|
||||
+ import codecs
|
||||
+ def b(x):
|
||||
+ return codecs.latin_1_encode(x)[0]
|
||||
+
|
||||
def gzip_str(s):
|
||||
- out = StringIO.StringIO()
|
||||
- gzip.GzipFile(fileobj=out, mode="w").write(s)
|
||||
+ try:
|
||||
+ out = StringIO.StringIO()
|
||||
+ except NameError:
|
||||
+ out = io.BytesIO()
|
||||
+
|
||||
+ gzip.GzipFile(fileobj=out, mode="w").write(b(s))
|
||||
out.seek(4)
|
||||
out.write(struct.pack("<L", 0x12bfd58))
|
||||
return out.getvalue()
|
||||
@@ -285,7 +301,7 @@ class rst_vsc(directive):
|
||||
def __init__(self, s):
|
||||
super(rst_vsc, self).__init__(s)
|
||||
|
||||
- for i,v in PARAMS.iteritems():
|
||||
+ for i,v in PARAMS.items():
|
||||
if v is not True:
|
||||
self.do_default(i, v[0], v[1])
|
||||
|
96
varnish-6.0.1_fix_bug2668.patch
Normal file
96
varnish-6.0.1_fix_bug2668.patch
Normal file
@ -0,0 +1,96 @@
|
||||
Based on fix for upstream bug #2668, see
|
||||
https://github.com/varnishcache/varnish-cache/commit/9bdc5f75d661a1659c4df60799612a7524a6caa7
|
||||
|
||||
|
||||
diff -Naur ../varnish-6.0.1.orig/bin/varnishtest/gensequences ./bin/varnishtest/gensequences
|
||||
--- ../varnish-6.0.1.orig/bin/varnishtest/gensequences 2018-08-29 11:48:32.000000000 +0200
|
||||
+++ ./bin/varnishtest/gensequences 2018-09-27 12:18:20.946853383 +0200
|
||||
@@ -149,6 +149,7 @@
|
||||
|
||||
if (l_prefix_name[p] != "teken_state_init") {
|
||||
print "";
|
||||
+ print "\tt->t_last = 0;";
|
||||
print "\tteken_state_switch(t, teken_state_init);";
|
||||
}
|
||||
print "}";
|
||||
diff -Naur ../varnish-6.0.1.orig/bin/varnishtest/sequences ./bin/varnishtest/sequences
|
||||
--- ../varnish-6.0.1.orig/bin/varnishtest/sequences 2018-08-29 11:48:32.000000000 +0200
|
||||
+++ ./bin/varnishtest/sequences 2018-09-27 12:18:50.193581932 +0200
|
||||
@@ -113,3 +113,6 @@
|
||||
|
||||
# VT52 compatibility
|
||||
#DECID VT52 DECID ^[ Z
|
||||
+
|
||||
+# ECMA-48
|
||||
+REP Repeat last graphic char ^[ [ b n
|
||||
diff -Naur ../varnish-6.0.1.orig/bin/varnishtest/teken.h ./bin/varnishtest/teken.h
|
||||
--- ../varnish-6.0.1.orig/bin/varnishtest/teken.h 2018-08-29 11:48:32.000000000 +0200
|
||||
+++ ./bin/varnishtest/teken.h 2018-09-27 12:18:20.947853442 +0200
|
||||
@@ -153,6 +153,7 @@
|
||||
|
||||
unsigned int t_utf8_left;
|
||||
teken_char_t t_utf8_partial;
|
||||
+ teken_char_t t_last;
|
||||
|
||||
unsigned int t_curscs;
|
||||
teken_scs_t *t_saved_curscs;
|
||||
diff -Naur ../varnish-6.0.1.orig/bin/varnishtest/teken_subr.h ./bin/varnishtest/teken_subr.h
|
||||
--- ../varnish-6.0.1.orig/bin/varnishtest/teken_subr.h 2018-08-29 11:48:32.000000000 +0200
|
||||
+++ ./bin/varnishtest/teken_subr.h 2018-09-27 12:18:20.947853442 +0200
|
||||
@@ -777,10 +777,11 @@
|
||||
}
|
||||
|
||||
static void
|
||||
-teken_subr_do_putchar(const teken_t *t, const teken_pos_t *tp, teken_char_t c,
|
||||
+teken_subr_do_putchar(teken_t *t, const teken_pos_t *tp, teken_char_t c,
|
||||
int width)
|
||||
{
|
||||
|
||||
+ t->t_last = c;
|
||||
if (t->t_stateflags & TS_INSERT &&
|
||||
tp->tp_col < t->t_winsize.tp_col - width) {
|
||||
teken_rect_t ctr;
|
||||
@@ -1313,3 +1314,12 @@
|
||||
t->t_stateflags &= ~TS_WRAPPED;
|
||||
teken_funcs_cursor(t);
|
||||
}
|
||||
+
|
||||
+static void
|
||||
+teken_subr_repeat_last_graphic_char(teken_t *t, unsigned int rpts)
|
||||
+{
|
||||
+
|
||||
+ for (; t->t_last != 0 && rpts > 0; rpts--)
|
||||
+ teken_subr_regular_character(t, t->t_last);
|
||||
+}
|
||||
+
|
||||
diff -Naur ../varnish-6.0.1.orig/bin/varnishtest/tests/a00001.vtc ./bin/varnishtest/tests/a00001.vtc
|
||||
--- ../varnish-6.0.1.orig/bin/varnishtest/tests/a00001.vtc 2018-08-29 11:48:32.000000000 +0200
|
||||
+++ ./bin/varnishtest/tests/a00001.vtc 2018-09-27 12:18:20.948853501 +0200
|
||||
@@ -204,6 +204,27 @@
|
||||
process p4 -expect-text 21 11 "Enter choice number (0 - 12):"
|
||||
process p4 -screen_dump
|
||||
|
||||
+# 11. Test non-VT100 (e.g., VT220, XTERM) terminals
|
||||
+process p4 -writehex "31 31 0d"
|
||||
+process p4 -expect-text 0 0 "Menu 11: Non-VT100 Tests"
|
||||
+
|
||||
+process p4 -writehex "37 0d"
|
||||
+process p4 -expect-text 0 0 "Menu 11.7: Miscellaneous ISO-6429 (ECMA-48) Tests"
|
||||
+
|
||||
+process p4 -writehex "32 0d"
|
||||
+process p4 -expect-text 0 0 "Push <RETURN>"
|
||||
+process p4 -screen_dump
|
||||
+process p4 -expect-text 20 1 "Test Repeat (REP)"
|
||||
+process p4 -expect-text 1 1 " ++ "
|
||||
+process p4 -expect-text 2 2 " ++ "
|
||||
+process p4 -expect-text 17 17 " ++ "
|
||||
+process p4 -expect-text 18 18 "*++*"
|
||||
+process p4 -writehex "0d"
|
||||
+process p4 -expect-text 0 0 "Menu 11.7: Miscellaneous ISO-6429 (ECMA-48) Tests"
|
||||
+process p4 -writehex "30 0d"
|
||||
+process p4 -expect-text 0 0 "Menu 11: Non-VT100 Tests"
|
||||
+process p4 -writehex "30 0d"
|
||||
+
|
||||
# 0. Exit
|
||||
process p4 -writehex "30 0d"
|
||||
process p4 -expect-text 12 30 "That's all, folks!"
|
53
varnish-6.1.0_fix_ld_library_path_in_doc_build.patch
Normal file
53
varnish-6.1.0_fix_ld_library_path_in_doc_build.patch
Normal file
@ -0,0 +1,53 @@
|
||||
--- doc/sphinx/Makefile.in.orig 2018-11-02 14:53:14.812956915 +0100
|
||||
+++ doc/sphinx/Makefile.in 2018-11-02 14:54:31.575517733 +0100
|
||||
@@ -642,9 +642,11 @@
|
||||
rm -rf $(BUILDDIR)
|
||||
|
||||
include/cli.rst: $(top_builddir)/bin/varnishd/varnishd
|
||||
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
|
||||
$(top_builddir)/bin/varnishd/varnishd -x cli > $@
|
||||
|
||||
include/params.rst: $(top_builddir)/bin/varnishd/varnishd
|
||||
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
|
||||
$(top_builddir)/bin/varnishd/varnishd -x parameter > $@
|
||||
|
||||
include/counters.rst: $(top_srcdir)/lib/libvcc/vsctool.py $(COUNTERS)
|
||||
@@ -656,28 +658,38 @@
|
||||
# XXX add varnishstat here when it's been _opt2rst'ed
|
||||
|
||||
include/varnishncsa_options.rst: $(top_builddir)/bin/varnishncsa/varnishncsa
|
||||
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
|
||||
$(top_builddir)/bin/varnishncsa/varnishncsa --options > $@
|
||||
include/varnishncsa_synopsis.rst: $(top_builddir)/bin/varnishncsa/varnishncsa
|
||||
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
|
||||
$(top_builddir)/bin/varnishncsa/varnishncsa --synopsis > $@
|
||||
|
||||
include/varnishlog_options.rst: $(top_builddir)/bin/varnishlog/varnishlog
|
||||
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
|
||||
$(top_builddir)/bin/varnishlog/varnishlog --options > $@
|
||||
include/varnishlog_synopsis.rst: $(top_builddir)/bin/varnishlog/varnishlog
|
||||
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
|
||||
$(top_builddir)/bin/varnishlog/varnishlog --synopsis > $@
|
||||
|
||||
include/varnishtop_options.rst: $(top_builddir)/bin/varnishtop/varnishtop
|
||||
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
|
||||
$(top_builddir)/bin/varnishtop/varnishtop --options > $@
|
||||
include/varnishtop_synopsis.rst: $(top_builddir)/bin/varnishtop/varnishtop
|
||||
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
|
||||
$(top_builddir)/bin/varnishtop/varnishtop --synopsis > $@
|
||||
|
||||
include/varnishhist_options.rst: $(top_builddir)/bin/varnishhist/varnishhist
|
||||
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
|
||||
$(top_builddir)/bin/varnishhist/varnishhist --options > $@
|
||||
include/varnishhist_synopsis.rst: $(top_builddir)/bin/varnishhist/varnishhist
|
||||
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
|
||||
$(top_builddir)/bin/varnishhist/varnishhist --synopsis > $@
|
||||
|
||||
include/varnishstat_options.rst: $(top_builddir)/bin/varnishstat/varnishstat
|
||||
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
|
||||
$(top_builddir)/bin/varnishstat/varnishstat --options > $@
|
||||
include/varnishstat_synopsis.rst: $(top_builddir)/bin/varnishstat/varnishstat
|
||||
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
|
||||
$(top_builddir)/bin/varnishstat/varnishstat --synopsis > $@
|
||||
|
||||
include/vsl-tags.rst: $(top_builddir)/lib/libvarnishapi/vsl2rst
|
13
varnish-6.1.0_fix_testu00008.patch
Normal file
13
varnish-6.1.0_fix_testu00008.patch
Normal file
@ -0,0 +1,13 @@
|
||||
--- bin/varnishtest/tests/u00008.vtc.orig 2018-11-02 16:06:40.731680282 +0100
|
||||
+++ bin/varnishtest/tests/u00008.vtc 2018-11-02 16:07:21.587092836 +0100
|
||||
@@ -38,8 +38,8 @@
|
||||
process p1 -screen_dump
|
||||
|
||||
process p1 -winsz 25 132
|
||||
-process p1 -expect-text 4 124 "AVG_1000"
|
||||
-process p1 -expect-text 22 108 "UNSEEN DIAG"
|
||||
+process p1 -expect-text 4 0 "AVG_1000"
|
||||
+process p1 -expect-text 22 0 "UNSEEN DIAG"
|
||||
|
||||
process p1 -screen_dump -write {q} -wait
|
||||
|
115
varnish-6.1.1_fix_issue_2912.patch
Normal file
115
varnish-6.1.1_fix_issue_2912.patch
Normal file
@ -0,0 +1,115 @@
|
||||
This patch is a fix for memory issues with
|
||||
pcre-jit, see upstream bug report at
|
||||
https://github.com/varnishcache/varnish-cache/issues/2817
|
||||
|
||||
The patch is based on upstream commits
|
||||
a3129a5340566d17192de8058a9c1dbb051a7039
|
||||
683b7cbe8cde1dde8f9e516a354b82430f1d318e
|
||||
1226e77f9501c56976635c714c99d84f417aa5d2
|
||||
|
||||
|
||||
diff -Naur a/bin/varnishd/cache/cache_panic.c b/bin/varnishd/cache/cache_panic.c
|
||||
--- a/bin/varnishd/cache/cache_panic.c 2018-10-24 11:29:10.000000000 +0200
|
||||
+++ b/bin/varnishd/cache/cache_panic.c 2019-03-07 16:27:16.592441674 +0100
|
||||
@@ -601,6 +601,33 @@
|
||||
VSB_indent(vsb, -2);
|
||||
}
|
||||
|
||||
+#ifdef HAVE_PTHREAD_GETATTR_NP
|
||||
+static void
|
||||
+pan_threadattr(struct vsb *vsb)
|
||||
+{
|
||||
+ pthread_attr_t attr[1];
|
||||
+ size_t sz;
|
||||
+ void *addr;
|
||||
+
|
||||
+ if (pthread_getattr_np(pthread_self(), attr) != 0)
|
||||
+ return;
|
||||
+
|
||||
+ VSB_cat(vsb, "pthread.attr = {\n");
|
||||
+ VSB_indent(vsb, 2);
|
||||
+
|
||||
+ if (pthread_attr_getguardsize(attr, &sz) == 0)
|
||||
+ VSB_printf(vsb, "guard = %zu,\n", sz);
|
||||
+ if (pthread_attr_getstack(attr, &addr, &sz) == 0) {
|
||||
+ VSB_printf(vsb, "stack_bottom = %p,\n", addr);
|
||||
+ VSB_printf(vsb, "stack_top = %p,\n", (char *)addr + sz);
|
||||
+ VSB_printf(vsb, "stack_size = %zu,\n", sz);
|
||||
+ }
|
||||
+ VSB_indent(vsb, -2);
|
||||
+ VSB_cat(vsb, "}\n");
|
||||
+ (void) pthread_attr_destroy(attr);
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
/*--------------------------------------------------------------------*/
|
||||
|
||||
static void __attribute__((__noreturn__))
|
||||
@@ -673,6 +700,10 @@
|
||||
if (q != NULL)
|
||||
VSB_printf(pan_vsb, "thread = (%s)\n", q);
|
||||
|
||||
+#ifdef HAVE_PTHREAD_GETATTR_NP
|
||||
+ pan_threadattr(pan_vsb);
|
||||
+#endif
|
||||
+
|
||||
if (!FEATURE(FEATURE_SHORT_PANIC)) {
|
||||
req = THR_GetRequest();
|
||||
VSB_cat(pan_vsb, "thr.");
|
||||
diff -Naur a/bin/varnishd/mgt/mgt_param.c b/bin/varnishd/mgt/mgt_param.c
|
||||
--- a/bin/varnishd/mgt/mgt_param.c 2018-10-24 11:29:10.000000000 +0200
|
||||
+++ b/bin/varnishd/mgt/mgt_param.c 2019-03-07 16:27:16.594441699 +0100
|
||||
@@ -494,6 +494,8 @@
|
||||
|
||||
MCF_TcpParams();
|
||||
|
||||
+ def = 56 * 1024;
|
||||
+
|
||||
if (sizeof(void *) < 8) { /*lint !e506 !e774 */
|
||||
/*
|
||||
* Adjust default parameters for 32 bit systems to conserve
|
||||
@@ -505,20 +507,16 @@
|
||||
MCF_ParamConf(MCF_DEFAULT, "http_req_size", "12k");
|
||||
MCF_ParamConf(MCF_DEFAULT, "gzip_buffer", "4k");
|
||||
MCF_ParamConf(MCF_MAXIMUM, "vsl_space", "1G");
|
||||
+ def = 48 * 1024;
|
||||
}
|
||||
|
||||
-#if !defined(HAVE_ACCEPT_FILTERS) || defined(__linux)
|
||||
- MCF_ParamConf(MCF_DEFAULT, "accept_filter", "off");
|
||||
-#endif
|
||||
-
|
||||
low = sysconf(_SC_THREAD_STACK_MIN);
|
||||
MCF_ParamConf(MCF_MINIMUM, "thread_pool_stack", "%jdb", (intmax_t)low);
|
||||
|
||||
#if defined(__SANITIZER) || __has_feature(address_sanitizer)
|
||||
def = 92 * 1024;
|
||||
-#else
|
||||
- def = 48 * 1024;
|
||||
#endif
|
||||
+
|
||||
if (def < low)
|
||||
def = low;
|
||||
MCF_ParamConf(MCF_DEFAULT, "thread_pool_stack", "%jdb", (intmax_t)def);
|
||||
@@ -529,6 +527,10 @@
|
||||
|
||||
MCF_ParamConf(MCF_MAXIMUM, "thread_pools", "%d", MAX_THREAD_POOLS);
|
||||
|
||||
+#if !defined(HAVE_ACCEPT_FILTERS) || defined(__linux)
|
||||
+ MCF_ParamConf(MCF_DEFAULT, "accept_filter", "off");
|
||||
+#endif
|
||||
+
|
||||
VCLS_AddFunc(mgt_cls, MCF_AUTH, cli_params);
|
||||
|
||||
vsb = VSB_new_auto();
|
||||
diff -Naur a/configure.ac b/configure.ac
|
||||
--- a/configure.ac 2018-10-26 13:22:45.000000000 +0200
|
||||
+++ b/configure.ac 2019-03-07 16:27:16.592441674 +0100
|
||||
@@ -239,6 +239,7 @@
|
||||
AC_CHECK_FUNCS([pthread_set_name_np])
|
||||
AC_CHECK_FUNCS([pthread_setname_np])
|
||||
AC_CHECK_FUNCS([pthread_mutex_isowned_np])
|
||||
+AC_CHECK_FUNCS([pthread_getattr_np])
|
||||
LIBS="${save_LIBS}"
|
||||
|
||||
# Support for visibility attribute
|
@ -1,8 +1,19 @@
|
||||
diff --git a/doc/sphinx/Makefile.in b/doc/sphinx/Makefile.in
|
||||
index 0819064..11e4ba2 100644
|
||||
--- a/doc/sphinx/Makefile.in
|
||||
+++ b/doc/sphinx/Makefile.in
|
||||
@@ -659,37 +659,47 @@ include/counters.rst: $(top_srcdir)/lib/libvcc/vsctool.py $(COUNTERS)
|
||||
--- doc/sphinx/Makefile.in.orig 2018-11-06 16:46:59.403632379 +0100
|
||||
+++ doc/sphinx/Makefile.in 2018-11-06 16:48:28.011784013 +0100
|
||||
@@ -643,10 +643,12 @@
|
||||
rm -rf $(BUILDDIR)
|
||||
|
||||
include/cli.rst: $(top_builddir)/bin/varnishd/varnishd
|
||||
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
|
||||
$(top_builddir)/bin/varnishd/varnishd -x cli > ${@}_
|
||||
mv ${@}_ ${@}
|
||||
|
||||
include/params.rst: $(top_builddir)/bin/varnishd/varnishd
|
||||
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
|
||||
$(top_builddir)/bin/varnishd/varnishd -x parameter > ${@}_
|
||||
mv ${@}_ ${@}
|
||||
|
||||
@@ -660,41 +662,52 @@
|
||||
# XXX add varnishstat here when it's been _opt2rst'ed
|
||||
|
||||
include/varnishncsa_options.rst: $(top_builddir)/bin/varnishncsa/varnishncsa
|
||||
@ -50,3 +61,8 @@ index 0819064..11e4ba2 100644
|
||||
$(top_builddir)/bin/varnishstat/varnishstat --synopsis > ${@}_
|
||||
mv ${@}_ ${@}
|
||||
|
||||
include/vsl-tags.rst: $(top_builddir)/lib/libvarnishapi/vsl2rst
|
||||
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
|
||||
$(top_builddir)/lib/libvarnishapi/vsl2rst > ${@}_
|
||||
mv ${@}_ ${@}
|
||||
include/vtc-syntax.rst: vtc-syntax.py $(VTCSYN_SRC)
|
39
varnish-6.1.1_fix_upstrbug_2879.patch
Normal file
39
varnish-6.1.1_fix_upstrbug_2879.patch
Normal file
@ -0,0 +1,39 @@
|
||||
commit 7119d790b590e7fb560ad602cedfda5185c7e841
|
||||
Author: Poul-Henning Kamp <phk@FreeBSD.org>
|
||||
Date: Fri Jan 11 10:26:44 2019 +0000
|
||||
|
||||
Avoid printing %s,NULL in case of errors we do not expect.
|
||||
|
||||
Fixes #2879
|
||||
|
||||
diff --git a/lib/libvarnish/vnum.c b/lib/libvarnish/vnum.c
|
||||
index b619199c6..59e804ec8 100644
|
||||
--- a/lib/libvarnish/vnum.c
|
||||
+++ b/lib/libvarnish/vnum.c
|
||||
@@ -349,15 +349,17 @@ main(int argc, char *argv[])
|
||||
|
||||
for (tc = test_cases; tc->str; ++tc) {
|
||||
e = VNUM_2bytes(tc->str, &val, tc->rel);
|
||||
- if (e != tc->err) {
|
||||
- printf("%s: VNUM_2bytes(\"%s\", %ju) (%s) != (%s)\n",
|
||||
- *argv, tc->str, tc->rel, tc->err, e);
|
||||
- ++ec;
|
||||
- } else if (e == NULL && val != tc->val) {
|
||||
- printf("%s: VNUM_2bytes(\"%s\", %ju) %ju != %ju (%s)\n",
|
||||
- *argv, tc->str, tc->rel, val, tc->val, e);
|
||||
- ++ec;
|
||||
- }
|
||||
+ if (e != NULL)
|
||||
+ val = 0;
|
||||
+ if (e == tc->err && val == tc->val)
|
||||
+ continue;
|
||||
+ ++ec;
|
||||
+ printf("%s: VNUM_2bytes(\"%s\", %ju)\n",
|
||||
+ *argv, tc->str, tc->rel);
|
||||
+ printf("\tExpected:\tstatus %s - value %ju\n",
|
||||
+ tc->err ? tc->err : "Success", tc->val);
|
||||
+ printf("\tGot:\t\tstatus %s - value %ju\n",
|
||||
+ e ? e : "Success", val);
|
||||
}
|
||||
if (!isnan(VNUM_duration(NULL))) {
|
||||
printf("%s: VNUM_Duration(NULL) fail\n", *argv);
|
73
varnish-6.2.0_el6_fix_warning_from_old_gcc.patch
Normal file
73
varnish-6.2.0_el6_fix_warning_from_old_gcc.patch
Normal file
@ -0,0 +1,73 @@
|
||||
--- bin/varnishtest/vtc_main.c.orig 2019-03-15 12:31:56.999877378 +0100
|
||||
+++ bin/varnishtest/vtc_main.c 2019-03-15 12:33:07.679889311 +0100
|
||||
@@ -228,7 +228,7 @@
|
||||
assert(cleaner_pid >= 0);
|
||||
if (cleaner_pid == 0) {
|
||||
closefd(&p[1]);
|
||||
- (void)nice(1); /* Not important */
|
||||
+ if (nice(1)) 1; /* Not important */
|
||||
setbuf(stdin, NULL);
|
||||
AZ(dup2(p[0], STDIN_FILENO));
|
||||
while (fgets(buf, sizeof buf, stdin)) {
|
||||
--- lib/libvarnishapi/vsm.c.orig 2019-03-18 13:24:01.377237092 +0100
|
||||
+++ lib/libvarnishapi/vsm.c 2019-03-18 13:24:42.765783845 +0100
|
||||
@@ -682,18 +682,18 @@
|
||||
VSM_ResetError(vd);
|
||||
if (u & VSM_MGT_RUNNING) {
|
||||
if (progress >= 0 && n > 4)
|
||||
- (void)write(progress, "\n", 1);
|
||||
+ if (write(progress, "\n", 1)) 1;
|
||||
vd->attached = 1;
|
||||
return (0);
|
||||
}
|
||||
if (t0 < VTIM_mono()) {
|
||||
if (progress >= 0 && n > 4)
|
||||
- (void)write(progress, "\n", 1);
|
||||
+ if (write(progress, "\n", 1)) 1;
|
||||
return (vsm_diag(vd,
|
||||
"Could not get hold of varnishd, is it running?"));
|
||||
}
|
||||
if (progress >= 0 && !(++n % 4))
|
||||
- (void)write(progress, ".", 1);
|
||||
+ if (write(progress, ".", 1)) 1;
|
||||
VTIM_sleep(.25);
|
||||
}
|
||||
return (vsm_diag(vd, "Attach interrupted"));
|
||||
--- bin/varnishd/http1/cache_http1_deliver.c.orig 2019-03-18 13:30:43.262546105 +0100
|
||||
+++ bin/varnishd/http1/cache_http1_deliver.c 2019-03-18 14:12:48.980850397 +0100
|
||||
@@ -74,7 +74,7 @@
|
||||
VSLb(req->vsl, SLT_RespReason, "Internal Server Error");
|
||||
|
||||
req->wrk->stats->client_resp_500++;
|
||||
- (void)write(req->sp->fd, r_500, sizeof r_500 - 1);
|
||||
+ if (write(req->sp->fd, r_500, sizeof r_500 - 1)) 0;
|
||||
req->doclose = SC_TX_EOF;
|
||||
}
|
||||
|
||||
--- ./bin/varnishd/mgt/mgt_param.c.orig 2019-03-18 14:48:56.084720420 +0100
|
||||
+++ ./bin/varnishd/mgt/mgt_param.c 2019-03-18 14:51:25.867836687 +0100
|
||||
@@ -802,11 +802,11 @@
|
||||
t2 = strchr(t1 + 1, '\t');
|
||||
AN(t2);
|
||||
printf("\n\t*");
|
||||
- (void)fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout);
|
||||
+ if (fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout)) 1;
|
||||
printf("*\n\t\t");
|
||||
p = t2 + 1;
|
||||
}
|
||||
- (void)fwrite(p, q - p, 1, stdout);
|
||||
+ if (fwrite(p, q - p, 1, stdout)) 1;
|
||||
p = q;
|
||||
if (*p == '\n') {
|
||||
printf("\n");
|
||||
--- ./bin/varnishd/proxy/cache_proxy_proto.c.orig 2019-03-18 14:54:18.257283901 +0100
|
||||
+++ ./bin/varnishd/proxy/cache_proxy_proto.c 2019-03-18 14:54:47.119693630 +0100
|
||||
@@ -669,7 +669,7 @@
|
||||
WRONG("Wrong proxy version");
|
||||
|
||||
AZ(VSB_finish(vsb));
|
||||
- (void)write(fd, VSB_data(vsb), VSB_len(vsb));
|
||||
+ if (write(fd, VSB_data(vsb), VSB_len(vsb))) 1;
|
||||
if (!DO_DEBUG(DBG_PROTOCOL)) {
|
||||
VSB_delete(vsb);
|
||||
return;
|
40
varnish-6.2.0_fix_ppc64_for_test_c00057.patch
Normal file
40
varnish-6.2.0_fix_ppc64_for_test_c00057.patch
Normal file
@ -0,0 +1,40 @@
|
||||
commit 88948d982bcd165e05967d2a9c8684eb9f9cbd01
|
||||
Author: Nils Goroll <nils.goroll@uplex.de>
|
||||
Date: Wed Mar 20 11:24:33 2019 +0100
|
||||
|
||||
Change the stack overflow test to 128kb stacksize
|
||||
|
||||
on ppc64 fedora, the thread_pool_stack minimum is 128kb due to
|
||||
sysconf(_SC_THREAD_STACK_MIN) = 131072
|
||||
|
||||
It does not harm the test to use a larger stacksize, so we adjust it to
|
||||
this requirement for consistency and simplicity
|
||||
|
||||
diff --git a/bin/varnishtest/tests/c00057.vtc b/bin/varnishtest/tests/c00057.vtc
|
||||
index 5118c79a0..be6569d24 100644
|
||||
--- a/bin/varnishtest/tests/c00057.vtc
|
||||
+++ b/bin/varnishtest/tests/c00057.vtc
|
||||
@@ -12,7 +12,7 @@ server s1 {
|
||||
varnish v1 \
|
||||
-arg "-p feature=+no_coredump" \
|
||||
-arg "-p vcc_allow_inline_c=true" \
|
||||
- -arg "-p thread_pool_stack=48k" \
|
||||
+ -arg "-p thread_pool_stack=128k" \
|
||||
-vcl+backend {
|
||||
C{
|
||||
#include <signal.h>
|
||||
@@ -27,11 +27,12 @@ void (*accessor)(volatile char *p) = _accessor;
|
||||
|
||||
}C
|
||||
sub vcl_recv { C{
|
||||
+ const int stkkb = 128;
|
||||
int i;
|
||||
- volatile char overflow[48*1024];
|
||||
+ volatile char overflow[stkkb * 1024];
|
||||
|
||||
/* for downwards stack, take care to hit a single guard page */
|
||||
- for (i = 47*1024; i >= 0; i -= 1024)
|
||||
+ for (i = (stkkb - 1) * 1024; i >= 0; i -= 1024)
|
||||
accessor(overflow + i);
|
||||
/* NOTREACHED */
|
||||
sleep(2);
|
79
varnish-6.3.0_el6_fix_warning_from_old_gcc.patch
Normal file
79
varnish-6.3.0_el6_fix_warning_from_old_gcc.patch
Normal file
@ -0,0 +1,79 @@
|
||||
diff -Naur varnish-6.3.0.orig/bin/varnishd/http1/cache_http1_deliver.c varnish-6.3.0/bin/varnishd/http1/cache_http1_deliver.c
|
||||
--- varnish-6.3.0.orig/bin/varnishd/http1/cache_http1_deliver.c 2019-09-16 10:24:15.000000000 +0200
|
||||
+++ varnish-6.3.0/bin/varnishd/http1/cache_http1_deliver.c 2019-09-20 08:59:52.609482627 +0200
|
||||
@@ -74,7 +74,7 @@
|
||||
VSLb(req->vsl, SLT_RespReason, "Internal Server Error");
|
||||
|
||||
req->wrk->stats->client_resp_500++;
|
||||
- (void)write(req->sp->fd, r_500, sizeof r_500 - 1);
|
||||
+ if (write(req->sp->fd, r_500, sizeof r_500 - 1)) 0;
|
||||
req->doclose = SC_TX_EOF;
|
||||
}
|
||||
|
||||
diff -Naur varnish-6.3.0.orig/bin/varnishd/mgt/mgt_param.c varnish-6.3.0/bin/varnishd/mgt/mgt_param.c
|
||||
--- varnish-6.3.0.orig/bin/varnishd/mgt/mgt_param.c 2019-09-16 10:24:15.000000000 +0200
|
||||
+++ varnish-6.3.0/bin/varnishd/mgt/mgt_param.c 2019-09-20 09:01:38.866609297 +0200
|
||||
@@ -805,11 +805,11 @@
|
||||
t2 = strchr(t1 + 1, '\t');
|
||||
AN(t2);
|
||||
printf("\n\t*");
|
||||
- (void)fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout);
|
||||
+ if (fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout)) 1;
|
||||
printf("*\n\t\t");
|
||||
p = t2 + 1;
|
||||
}
|
||||
- (void)fwrite(p, q - p, 1, stdout);
|
||||
+ if(fwrite(p, q - p, 1, stdout)) 1;
|
||||
p = q;
|
||||
if (*p == '\n') {
|
||||
printf("\n");
|
||||
diff -Naur varnish-6.3.0.orig/bin/varnishd/proxy/cache_proxy_proto.c varnish-6.3.0/bin/varnishd/proxy/cache_proxy_proto.c
|
||||
--- varnish-6.3.0.orig/bin/varnishd/proxy/cache_proxy_proto.c 2019-09-16 10:24:15.000000000 +0200
|
||||
+++ varnish-6.3.0/bin/varnishd/proxy/cache_proxy_proto.c 2019-09-20 09:02:55.762424644 +0200
|
||||
@@ -645,7 +645,7 @@
|
||||
WRONG("Wrong proxy version");
|
||||
|
||||
AZ(VSB_finish(vsb));
|
||||
- (void)VSB_tofile(fd, vsb); // XXX: Error handling ?
|
||||
+ if (VSB_tofile(fd, vsb)) 1; // XXX: Error handling ?
|
||||
if (!DO_DEBUG(DBG_PROTOCOL)) {
|
||||
VSB_delete(vsb);
|
||||
return;
|
||||
diff -Naur varnish-6.3.0.orig/bin/varnishtest/vtc_main.c varnish-6.3.0/bin/varnishtest/vtc_main.c
|
||||
--- varnish-6.3.0.orig/bin/varnishtest/vtc_main.c 2019-09-16 10:24:15.000000000 +0200
|
||||
+++ varnish-6.3.0/bin/varnishtest/vtc_main.c 2019-09-20 08:56:45.639506046 +0200
|
||||
@@ -230,7 +230,7 @@
|
||||
assert(cleaner_pid >= 0);
|
||||
if (cleaner_pid == 0) {
|
||||
closefd(&p[1]);
|
||||
- (void)nice(1); /* Not important */
|
||||
+ if (nice(1)) 1;
|
||||
setbuf(stdin, NULL);
|
||||
AZ(dup2(p[0], STDIN_FILENO));
|
||||
while (fgets(buf, sizeof buf, stdin)) {
|
||||
diff -Naur varnish-6.3.0.orig/lib/libvarnishapi/vsm.c varnish-6.3.0/lib/libvarnishapi/vsm.c
|
||||
--- varnish-6.3.0.orig/lib/libvarnishapi/vsm.c 2019-09-16 10:24:19.000000000 +0200
|
||||
+++ varnish-6.3.0/lib/libvarnishapi/vsm.c 2019-09-20 10:36:02.434763755 +0200
|
||||
@@ -763,18 +763,18 @@
|
||||
VSM_ResetError(vd);
|
||||
if (u & VSM_MGT_RUNNING) {
|
||||
if (progress >= 0 && n > 4)
|
||||
- (void)write(progress, "\n", 1);
|
||||
+ if (!write(progress, "\n", 1)) return (vsm_diag(vd, "Unable to write progress"));
|
||||
vd->attached = 1;
|
||||
return (0);
|
||||
}
|
||||
if (t0 < VTIM_mono()) {
|
||||
if (progress >= 0 && n > 4)
|
||||
- (void)write(progress, "\n", 1);
|
||||
+ if (!write(progress, "\n", 1)) return (vsm_diag(vd, "Unable to write progress"));
|
||||
return (vsm_diag(vd,
|
||||
"Could not get hold of varnishd, is it running?"));
|
||||
}
|
||||
if (progress >= 0 && !(++n % 4))
|
||||
- (void)write(progress, ".", 1);
|
||||
+ if (!write(progress, ".", 1)) return (vsm_diag(vd, "Unable to write progress"));
|
||||
VTIM_sleep(.25);
|
||||
}
|
||||
return (vsm_diag(vd, "Attach interrupted"));
|
||||
|
19
varnish-6.3.2_fix_s390x.patch
Normal file
19
varnish-6.3.2_fix_s390x.patch
Normal file
@ -0,0 +1,19 @@
|
||||
commit b0af060fb688b8fc2ff3817ea99430432668b291
|
||||
Author: Ingvar Hagelund <ingvar@redpill-linpro.com>
|
||||
Date: Tue Feb 11 12:56:54 2020 +0100
|
||||
|
||||
simple fix for fedora/gcc-10.0.1: -Werror=format-overflow, by some reason hit on s390x
|
||||
|
||||
diff --git a/bin/varnishtest/vtc_varnish.c b/bin/varnishtest/vtc_varnish.c
|
||||
index 1ec748cb6..09e49d258 100644
|
||||
--- a/bin/varnishtest/vtc_varnish.c
|
||||
+++ b/bin/varnishtest/vtc_varnish.c
|
||||
@@ -121,7 +121,7 @@ varnish_ask_cli(const struct varnish *v, const char *cmd, char **repl)
|
||||
i = VCLI_ReadResult(v->cli_fd, &retval, &r, vtc_maxdur);
|
||||
if (i != 0 && !vtc_stop)
|
||||
vtc_fatal(v->vl, "CLI failed (%s) = %d %u %s",
|
||||
- cmd, i, retval, r);
|
||||
+ cmd != NULL ? cmd : "NULL", i, retval, r);
|
||||
vtc_log(v->vl, 3, "CLI RX %u", retval);
|
||||
vtc_dump(v->vl, 4, "CLI RX", r, -1);
|
||||
if (repl != NULL)
|
67
varnish-6.4.0_el6_fix_warning_from_old_gcc.patch
Normal file
67
varnish-6.4.0_el6_fix_warning_from_old_gcc.patch
Normal file
@ -0,0 +1,67 @@
|
||||
diff -Naur varnish-6.3.0.orig/bin/varnishd/http1/cache_http1_deliver.c varnish-6.3.0/bin/varnishd/http1/cache_http1_deliver.c
|
||||
--- varnish-6.3.0.orig/bin/varnishd/http1/cache_http1_deliver.c 2019-09-16 10:24:15.000000000 +0200
|
||||
+++ varnish-6.3.0/bin/varnishd/http1/cache_http1_deliver.c 2019-09-20 08:59:52.609482627 +0200
|
||||
@@ -74,7 +74,7 @@
|
||||
VSLb(req->vsl, SLT_RespReason, "Internal Server Error");
|
||||
|
||||
req->wrk->stats->client_resp_500++;
|
||||
- (void)write(req->sp->fd, r_500, sizeof r_500 - 1);
|
||||
+ if (write(req->sp->fd, r_500, sizeof r_500 - 1)) 0;
|
||||
req->doclose = SC_TX_EOF;
|
||||
}
|
||||
|
||||
diff -Naur varnish-6.3.0.orig/bin/varnishd/mgt/mgt_param.c varnish-6.3.0/bin/varnishd/mgt/mgt_param.c
|
||||
--- varnish-6.3.0.orig/bin/varnishd/mgt/mgt_param.c 2019-09-16 10:24:15.000000000 +0200
|
||||
+++ varnish-6.3.0/bin/varnishd/mgt/mgt_param.c 2019-09-20 09:01:38.866609297 +0200
|
||||
@@ -805,11 +805,11 @@
|
||||
t2 = strchr(t1 + 1, '\t');
|
||||
AN(t2);
|
||||
printf("\n\t*");
|
||||
- (void)fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout);
|
||||
+ if (fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout)) 1;
|
||||
printf("*\n\t\t");
|
||||
p = t2 + 1;
|
||||
}
|
||||
- (void)fwrite(p, q - p, 1, stdout);
|
||||
+ if(fwrite(p, q - p, 1, stdout)) 1;
|
||||
p = q;
|
||||
if (*p == '\n') {
|
||||
printf("\n");
|
||||
diff -Naur varnish-6.3.0.orig/bin/varnishtest/vtc_main.c varnish-6.3.0/bin/varnishtest/vtc_main.c
|
||||
--- varnish-6.3.0.orig/bin/varnishtest/vtc_main.c 2019-09-16 10:24:15.000000000 +0200
|
||||
+++ varnish-6.3.0/bin/varnishtest/vtc_main.c 2019-09-20 08:56:45.639506046 +0200
|
||||
@@ -230,7 +230,7 @@
|
||||
assert(cleaner_pid >= 0);
|
||||
if (cleaner_pid == 0) {
|
||||
closefd(&p[1]);
|
||||
- (void)nice(1); /* Not important */
|
||||
+ if (nice(1)) 1;
|
||||
setbuf(stdin, NULL);
|
||||
AZ(dup2(p[0], STDIN_FILENO));
|
||||
while (fgets(buf, sizeof buf, stdin)) {
|
||||
diff -Naur varnish-6.3.0.orig/lib/libvarnishapi/vsm.c varnish-6.3.0/lib/libvarnishapi/vsm.c
|
||||
--- varnish-6.3.0.orig/lib/libvarnishapi/vsm.c 2019-09-16 10:24:19.000000000 +0200
|
||||
+++ varnish-6.3.0/lib/libvarnishapi/vsm.c 2019-09-20 10:36:02.434763755 +0200
|
||||
@@ -763,18 +763,18 @@
|
||||
VSM_ResetError(vd);
|
||||
if (u & VSM_MGT_RUNNING) {
|
||||
if (progress >= 0 && n > 4)
|
||||
- (void)write(progress, "\n", 1);
|
||||
+ if (!write(progress, "\n", 1)) return (vsm_diag(vd, "Unable to write progress"));
|
||||
vd->attached = 1;
|
||||
return (0);
|
||||
}
|
||||
if (t0 < VTIM_mono()) {
|
||||
if (progress >= 0 && n > 4)
|
||||
- (void)write(progress, "\n", 1);
|
||||
+ if (!write(progress, "\n", 1)) return (vsm_diag(vd, "Unable to write progress"));
|
||||
return (vsm_diag(vd,
|
||||
"Could not get hold of varnishd, is it running?"));
|
||||
}
|
||||
if (progress >= 0 && !(++n % 4))
|
||||
- (void)write(progress, ".", 1);
|
||||
+ if (!write(progress, ".", 1)) return (vsm_diag(vd, "Unable to write progress"));
|
||||
VTIM_sleep(.25);
|
||||
}
|
||||
return (vsm_diag(vd, "Attach interrupted"));
|
||||
|
78
varnish-6.5.0_el6_fix_warning_from_old_gcc.patch
Normal file
78
varnish-6.5.0_el6_fix_warning_from_old_gcc.patch
Normal file
@ -0,0 +1,78 @@
|
||||
diff -Naur ../varnish-6.5.0.orig/bin/varnishd/http1/cache_http1_deliver.c ./bin/varnishd/http1/cache_http1_deliver.c
|
||||
--- ../varnish-6.5.0.orig/bin/varnishd/http1/cache_http1_deliver.c 2020-09-15 17:06:03.000000000 +0200
|
||||
+++ ./bin/varnishd/http1/cache_http1_deliver.c 2020-09-16 11:45:28.663086943 +0200
|
||||
@@ -76,7 +76,7 @@
|
||||
VSLb(req->vsl, SLT_RespReason, "Internal Server Error");
|
||||
|
||||
req->wrk->stats->client_resp_500++;
|
||||
- (void)write(req->sp->fd, r_500, sizeof r_500 - 1);
|
||||
+ if (write(req->sp->fd, r_500, sizeof r_500 - 1)) 0;
|
||||
req->doclose = SC_TX_EOF;
|
||||
}
|
||||
|
||||
diff -Naur ../varnish-6.5.0.orig/bin/varnishd/mgt/mgt_main.c ./bin/varnishd/mgt/mgt_main.c
|
||||
--- ../varnish-6.5.0.orig/bin/varnishd/mgt/mgt_main.c 2020-09-15 17:06:03.000000000 +0200
|
||||
+++ ./bin/varnishd/mgt/mgt_main.c 2020-09-16 11:46:21.323667133 +0200
|
||||
@@ -252,7 +252,7 @@
|
||||
return;
|
||||
VJ_rmdir("vmod_cache");
|
||||
VJ_unlink("_.pid");
|
||||
- (void)chdir("/");
|
||||
+ if (chdir("/")) 0;
|
||||
VJ_rmdir(workdir);
|
||||
}
|
||||
|
||||
diff -Naur ../varnish-6.5.0.orig/bin/varnishd/mgt/mgt_param.c ./bin/varnishd/mgt/mgt_param.c
|
||||
--- ../varnish-6.5.0.orig/bin/varnishd/mgt/mgt_param.c 2020-09-15 17:06:03.000000000 +0200
|
||||
+++ ./bin/varnishd/mgt/mgt_param.c 2020-09-16 11:45:28.771086082 +0200
|
||||
@@ -829,11 +829,11 @@
|
||||
t2 = strchr(t1 + 1, '\t');
|
||||
AN(t2);
|
||||
printf("\n\t*");
|
||||
- (void)fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout);
|
||||
+ if (fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout)) 1;
|
||||
printf("*\n\t\t");
|
||||
p = t2 + 1;
|
||||
}
|
||||
- (void)fwrite(p, q - p, 1, stdout);
|
||||
+ if(fwrite(p, q - p, 1, stdout)) 1;
|
||||
p = q;
|
||||
if (*p == '\n') {
|
||||
printf("\n");
|
||||
diff -Naur ../varnish-6.5.0.orig/bin/varnishtest/vtc_main.c ./bin/varnishtest/vtc_main.c
|
||||
--- ../varnish-6.5.0.orig/bin/varnishtest/vtc_main.c 2020-09-15 17:06:03.000000000 +0200
|
||||
+++ ./bin/varnishtest/vtc_main.c 2020-09-16 11:45:28.771086082 +0200
|
||||
@@ -233,7 +233,7 @@
|
||||
assert(cleaner_pid >= 0);
|
||||
if (cleaner_pid == 0) {
|
||||
closefd(&p[1]);
|
||||
- (void)nice(1); /* Not important */
|
||||
+ if (nice(1)) 1;
|
||||
setbuf(stdin, NULL);
|
||||
AZ(dup2(p[0], STDIN_FILENO));
|
||||
while (fgets(buf, sizeof buf, stdin)) {
|
||||
diff -Naur ../varnish-6.5.0.orig/lib/libvarnishapi/vsm.c ./lib/libvarnishapi/vsm.c
|
||||
--- ../varnish-6.5.0.orig/lib/libvarnishapi/vsm.c 2020-09-15 17:06:03.000000000 +0200
|
||||
+++ ./lib/libvarnishapi/vsm.c 2020-09-16 11:45:28.772086074 +0200
|
||||
@@ -764,18 +764,18 @@
|
||||
VSM_ResetError(vd);
|
||||
if (u & VSM_MGT_RUNNING) {
|
||||
if (progress >= 0 && n > 4)
|
||||
- (void)write(progress, "\n", 1);
|
||||
+ if (!write(progress, "\n", 1)) return (vsm_diag(vd, "Unable to write progress"));
|
||||
vd->attached = 1;
|
||||
return (0);
|
||||
}
|
||||
if (t0 < VTIM_mono()) {
|
||||
if (progress >= 0 && n > 4)
|
||||
- (void)write(progress, "\n", 1);
|
||||
+ if (!write(progress, "\n", 1)) return (vsm_diag(vd, "Unable to write progress"));
|
||||
return (vsm_diag(vd,
|
||||
"Could not get hold of varnishd, is it running?"));
|
||||
}
|
||||
if (progress >= 0 && !(++n % 4))
|
||||
- (void)write(progress, ".", 1);
|
||||
+ if (!write(progress, ".", 1)) return (vsm_diag(vd, "Unable to write progress"));
|
||||
VTIM_sleep(.25);
|
||||
}
|
||||
return (vsm_diag(vd, "Attach interrupted"));
|
@ -1,12 +1,10 @@
|
||||
diff --git a/bin/varnishd/http2/cache_http2_hpack.c b/bin/varnishd/http2/cache_http2_hpack.c
|
||||
index d432629..b0dacb9 100644
|
||||
index 6bc062e..570b871 100644
|
||||
--- a/bin/varnishd/http2/cache_http2_hpack.c
|
||||
+++ b/bin/varnishd/http2/cache_http2_hpack.c
|
||||
@@ -93,18 +93,25 @@ static h2_error
|
||||
h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
|
||||
{
|
||||
@@ -97,11 +97,16 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
|
||||
/* XXX: This might belong in cache/cache_http.c */
|
||||
+ const char *b0;
|
||||
const char *b0;
|
||||
unsigned n;
|
||||
+ int disallow_empty;
|
||||
+ char *p;
|
||||
@ -21,14 +19,7 @@ index d432629..b0dacb9 100644
|
||||
|
||||
if (len > UINT_MAX) { /* XXX: cache_param max header size */
|
||||
VSLb(hp->vsl, SLT_BogoHeader, "Header too large: %.20s", b);
|
||||
return (H2SE_ENHANCE_YOUR_CALM);
|
||||
}
|
||||
|
||||
+ b0 = b;
|
||||
if (b[0] == ':') {
|
||||
/* Match H/2 pseudo headers */
|
||||
/* XXX: Should probably have some include tbl for
|
||||
@@ -113,10 +120,24 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
|
||||
@@ -117,10 +122,24 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
|
||||
b += namelen;
|
||||
len -= namelen;
|
||||
n = HTTP_HDR_METHOD;
|
||||
@ -53,7 +44,7 @@ index d432629..b0dacb9 100644
|
||||
} else if (!strncmp(b, ":scheme: ", namelen)) {
|
||||
/* XXX: What to do about this one? (typically
|
||||
"http" or "https"). For now set it as a normal
|
||||
@@ -124,6 +145,15 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
|
||||
@@ -128,6 +147,15 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
|
||||
b++;
|
||||
len-=1;
|
||||
n = hp->nhd;
|
||||
@ -69,7 +60,7 @@ index d432629..b0dacb9 100644
|
||||
} else if (!strncmp(b, ":authority: ", namelen)) {
|
||||
b+=6;
|
||||
len-=6;
|
||||
@@ -160,6 +190,13 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
|
||||
@@ -164,6 +192,13 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
|
||||
hp->hd[n].b = b;
|
||||
hp->hd[n].e = b + len;
|
||||
|
319
varnish-6.6.2-CVE-2023-44487-rate_limit.patch
Normal file
319
varnish-6.6.2-CVE-2023-44487-rate_limit.patch
Normal file
@ -0,0 +1,319 @@
|
||||
commit bb3f607590a102321a15a8a17474d87da8bec32c
|
||||
Author: Tomas Korbar <tkorbar@redhat.com>
|
||||
Date: Tue Oct 17 16:52:32 2023 +0200
|
||||
|
||||
Upstream #3997 PR
|
||||
|
||||
Fix CVE-2023-44487
|
||||
|
||||
diff --git a/bin/varnishd/VSC_main.vsc b/bin/varnishd/VSC_main.vsc
|
||||
index 7b32584..d55b9df 100644
|
||||
--- a/bin/varnishd/VSC_main.vsc
|
||||
+++ b/bin/varnishd/VSC_main.vsc
|
||||
@@ -631,6 +631,14 @@
|
||||
|
||||
Number of session closes with Error VCL_FAILURE (VCL failure)
|
||||
|
||||
+.. varnish_vsc:: sc_rapid_reset
|
||||
+ :level: diag
|
||||
+ :oneliner: Session Err RAPID_RESET
|
||||
+
|
||||
+ Number of times we failed an http/2 session because it hit its
|
||||
+ configured limits for the number of permitted rapid stream
|
||||
+ resets.
|
||||
+
|
||||
.. varnish_vsc:: client_resp_500
|
||||
:level: diag
|
||||
:group: wrk
|
||||
diff --git a/bin/varnishd/http2/cache_http2.h b/bin/varnishd/http2/cache_http2.h
|
||||
index ea5eb52..9088e21 100644
|
||||
--- a/bin/varnishd/http2/cache_http2.h
|
||||
+++ b/bin/varnishd/http2/cache_http2.h
|
||||
@@ -184,6 +184,8 @@ struct h2_sess {
|
||||
VTAILQ_HEAD(,h2_req) txqueue;
|
||||
|
||||
h2_error error;
|
||||
+ double rst_budget;
|
||||
+ vtim_real last_rst;
|
||||
};
|
||||
|
||||
#define ASSERT_RXTHR(h2) do {assert(h2->rxthr == pthread_self());} while(0)
|
||||
diff --git a/bin/varnishd/http2/cache_http2_proto.c b/bin/varnishd/http2/cache_http2_proto.c
|
||||
index 3597ec1..408acad 100644
|
||||
--- a/bin/varnishd/http2/cache_http2_proto.c
|
||||
+++ b/bin/varnishd/http2/cache_http2_proto.c
|
||||
@@ -45,6 +45,7 @@
|
||||
#include "vtcp.h"
|
||||
#include "vtim.h"
|
||||
|
||||
+#define H2_CUSTOM_ERRORS
|
||||
#define H2EC1(U,v,r,d) const struct h2_error_s H2CE_##U[1] = {{#U,d,v,0,1,r}};
|
||||
#define H2EC2(U,v,r,d) const struct h2_error_s H2SE_##U[1] = {{#U,d,v,1,0,r}};
|
||||
#define H2EC3(U,v,r,d) H2EC1(U,v,r,d) H2EC2(U,v,r,d)
|
||||
@@ -304,9 +305,46 @@ h2_rx_push_promise(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2)
|
||||
/**********************************************************************
|
||||
*/
|
||||
|
||||
+static h2_error
|
||||
+h2_rapid_reset(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2)
|
||||
+{
|
||||
+ vtim_real now;
|
||||
+ vtim_dur d;
|
||||
+
|
||||
+ CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC);
|
||||
+ ASSERT_RXTHR(h2);
|
||||
+ CHECK_OBJ_NOTNULL(r2, H2_REQ_MAGIC);
|
||||
+
|
||||
+ if (cache_param->h2_rapid_reset_limit == 0)
|
||||
+ return (0);
|
||||
+
|
||||
+ now = VTIM_real();
|
||||
+ CHECK_OBJ_NOTNULL(r2->req, REQ_MAGIC);
|
||||
+ AN(r2->req->t_first);
|
||||
+ if (now - r2->req->t_first > cache_param->h2_rapid_reset)
|
||||
+ return (0);
|
||||
+
|
||||
+ d = now - h2->last_rst;
|
||||
+ h2->rst_budget += cache_param->h2_rapid_reset_limit * d /
|
||||
+ cache_param->h2_rapid_reset_period;
|
||||
+ h2->rst_budget = vmin_t(double, h2->rst_budget,
|
||||
+ cache_param->h2_rapid_reset_limit);
|
||||
+ h2->last_rst = now;
|
||||
+
|
||||
+ if (h2->rst_budget < 1.0) {
|
||||
+ Lck_Lock(&h2->sess->mtx);
|
||||
+ VSLb(h2->vsl, SLT_Error, "H2: Hit RST limit. Closing session.");
|
||||
+ Lck_Unlock(&h2->sess->mtx);
|
||||
+ return (H2CE_RAPID_RESET);
|
||||
+ }
|
||||
+ h2->rst_budget -= 1.0;
|
||||
+ return (0);
|
||||
+}
|
||||
+
|
||||
static h2_error v_matchproto_(h2_rxframe_f)
|
||||
h2_rx_rst_stream(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2)
|
||||
{
|
||||
+ h2_error h2e;
|
||||
|
||||
CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC);
|
||||
ASSERT_RXTHR(h2);
|
||||
@@ -316,8 +354,9 @@ h2_rx_rst_stream(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2)
|
||||
return (H2CE_FRAME_SIZE_ERROR);
|
||||
if (r2 == NULL)
|
||||
return (0);
|
||||
+ h2e = h2_rapid_reset(wrk, h2, r2);
|
||||
h2_kill_req(wrk, h2, r2, h2_streamerror(vbe32dec(h2->rxf_data)));
|
||||
- return (0);
|
||||
+ return (h2e);
|
||||
}
|
||||
|
||||
/**********************************************************************
|
||||
diff --git a/bin/varnishd/http2/cache_http2_session.c b/bin/varnishd/http2/cache_http2_session.c
|
||||
index 36d4a1c..f81c94a 100644
|
||||
--- a/bin/varnishd/http2/cache_http2_session.c
|
||||
+++ b/bin/varnishd/http2/cache_http2_session.c
|
||||
@@ -128,6 +128,9 @@ h2_init_sess(const struct worker *wrk, struct sess *sp,
|
||||
h2_local_settings(&h2->local_settings);
|
||||
h2->remote_settings = H2_proto_settings;
|
||||
h2->decode = decode;
|
||||
+ h2->rst_budget = cache_param->h2_rapid_reset_limit;
|
||||
+ h2->last_rst = sp->t_open;
|
||||
+ AZ(isnan(h2->last_rst));
|
||||
|
||||
AZ(VHT_Init(h2->dectbl, h2->local_settings.header_table_size));
|
||||
|
||||
diff --git a/bin/varnishtest/tests/r03996.vtc b/bin/varnishtest/tests/r03996.vtc
|
||||
new file mode 100644
|
||||
index 0000000..3fee370
|
||||
--- /dev/null
|
||||
+++ b/bin/varnishtest/tests/r03996.vtc
|
||||
@@ -0,0 +1,51 @@
|
||||
+varnishtest "h2 rapid reset"
|
||||
+
|
||||
+barrier b1 sock 5
|
||||
+
|
||||
+server s1 {
|
||||
+ rxreq
|
||||
+ txresp
|
||||
+} -start
|
||||
+
|
||||
+varnish v1 -cliok "param.set feature +http2"
|
||||
+varnish v1 -cliok "param.set debug +syncvsl"
|
||||
+varnish v1 -cliok "param.set h2_rapid_reset_limit 3"
|
||||
+varnish v1 -cliok "param.set h2_rapid_reset 5"
|
||||
+
|
||||
+varnish v1 -vcl+backend {
|
||||
+ import vtc;
|
||||
+
|
||||
+ sub vcl_recv {
|
||||
+ vtc.barrier_sync("${b1_sock}");
|
||||
+ }
|
||||
+
|
||||
+} -start
|
||||
+
|
||||
+client c1 {
|
||||
+ stream 0 {
|
||||
+ rxgoaway
|
||||
+ expect goaway.err == ENHANCE_YOUR_CALM
|
||||
+ } -start
|
||||
+
|
||||
+ stream 1 {
|
||||
+ txreq
|
||||
+ txrst
|
||||
+ } -run
|
||||
+ stream 3 {
|
||||
+ txreq
|
||||
+ txrst
|
||||
+ } -run
|
||||
+ stream 5 {
|
||||
+ txreq
|
||||
+ txrst
|
||||
+ } -run
|
||||
+ stream 7 {
|
||||
+ txreq
|
||||
+ txrst
|
||||
+ } -run
|
||||
+
|
||||
+ barrier b1 sync
|
||||
+ stream 0 -wait
|
||||
+} -run
|
||||
+
|
||||
+varnish v1 -expect sc_rapid_reset == 1
|
||||
diff --git a/include/tbl/h2_error.h b/include/tbl/h2_error.h
|
||||
index e8104f8..11051de 100644
|
||||
--- a/include/tbl/h2_error.h
|
||||
+++ b/include/tbl/h2_error.h
|
||||
@@ -147,5 +147,17 @@ H2_ERROR(
|
||||
/* descr */ "Use HTTP/1.1 for the request"
|
||||
)
|
||||
|
||||
+#ifdef H2_CUSTOM_ERRORS
|
||||
+H2_ERROR(
|
||||
+ /* name */ RAPID_RESET,
|
||||
+ /* val */ 11, /* ENHANCE_YOUR_CALM */
|
||||
+ /* types */ 1,
|
||||
+ /* reason */ SC_RAPID_RESET,
|
||||
+ /* descr */ "http/2 rapid reset detected"
|
||||
+)
|
||||
+
|
||||
+# undef H2_CUSTOM_ERRORS
|
||||
+#endif
|
||||
+
|
||||
#undef H2_ERROR
|
||||
/*lint -restore */
|
||||
diff --git a/include/tbl/params.h b/include/tbl/params.h
|
||||
index cca420c..4014dd6 100644
|
||||
--- a/include/tbl/params.h
|
||||
+++ b/include/tbl/params.h
|
||||
@@ -1217,6 +1217,47 @@ PARAM_SIMPLE(
|
||||
"HTTP2 maximum size of an uncompressed header list."
|
||||
)
|
||||
|
||||
+PARAM_SIMPLE(
|
||||
+ /* name */ h2_rapid_reset,
|
||||
+ /* typ */ timeout,
|
||||
+ /* min */ "0.000",
|
||||
+ /* max */ NULL,
|
||||
+ /* def */ "1.000",
|
||||
+ /* units */ "seconds",
|
||||
+ /* descr */
|
||||
+ "The upper threshold for how rapid an http/2 RST has to come for "
|
||||
+ "it to be treated as suspect and subjected to the rate limits "
|
||||
+ "specified by h2_rapid_reset_limit and h2_rapid_reset_period.",
|
||||
+ /* flags */ EXPERIMENTAL,
|
||||
+)
|
||||
+
|
||||
+PARAM_SIMPLE(
|
||||
+ /* name */ h2_rapid_reset_limit,
|
||||
+ /* typ */ uint,
|
||||
+ /* min */ "0",
|
||||
+ /* max */ NULL,
|
||||
+ /* def */ "3600",
|
||||
+ /* units */ NULL,
|
||||
+ /* descr */
|
||||
+ "HTTP2 RST Allowance.\n"
|
||||
+ "Specifies the maximum number of allowed stream resets issued by\n"
|
||||
+ "a client over a time period before the connection is closed.\n"
|
||||
+ "Setting this parameter to 0 disables the limit.",
|
||||
+ /* flags */ EXPERIMENTAL,
|
||||
+)
|
||||
+
|
||||
+PARAM_SIMPLE(
|
||||
+ /* name */ h2_rapid_reset_period,
|
||||
+ /* typ */ timeout,
|
||||
+ /* min */ "1.000",
|
||||
+ /* max */ NULL,
|
||||
+ /* def */ "60.000",
|
||||
+ /* units */ "seconds",
|
||||
+ /* descr */
|
||||
+ "HTTP2 sliding window duration for h2_rapid_reset_limit.",
|
||||
+ /* flags */ EXPERIMENTAL|WIZARD,
|
||||
+)
|
||||
+
|
||||
/*--------------------------------------------------------------------
|
||||
* Memory pool parameters
|
||||
*/
|
||||
diff --git a/include/tbl/sess_close.h b/include/tbl/sess_close.h
|
||||
index 9748314..6d2f635 100644
|
||||
--- a/include/tbl/sess_close.h
|
||||
+++ b/include/tbl/sess_close.h
|
||||
@@ -50,6 +50,7 @@ SESS_CLOSE(PIPE_OVERFLOW, pipe_overflow,1, "Session pipe overflow")
|
||||
SESS_CLOSE(RANGE_SHORT, range_short, 1, "Insufficient data for range")
|
||||
SESS_CLOSE(REQ_HTTP20, req_http20, 1, "HTTP2 not accepted")
|
||||
SESS_CLOSE(VCL_FAILURE, vcl_failure, 1, "VCL failure")
|
||||
+SESS_CLOSE(RAPID_RESET, rapid_reset, 1, "HTTP2 rapid reset")
|
||||
#undef SESS_CLOSE
|
||||
|
||||
/*lint -restore */
|
||||
diff --git a/include/vdef.h b/include/vdef.h
|
||||
index a9111fe..c85bea8 100644
|
||||
--- a/include/vdef.h
|
||||
+++ b/include/vdef.h
|
||||
@@ -106,6 +106,47 @@
|
||||
# define v_dont_optimize
|
||||
#endif
|
||||
|
||||
+/**********************************************************************
|
||||
+ * Find the minimum or maximum values.
|
||||
+ * Only evaluate the expression once and perform type checking.
|
||||
+ */
|
||||
+
|
||||
+/* ref: https://stackoverflow.com/a/17624752 */
|
||||
+
|
||||
+#define VINDIRECT(a, b, c) a ## b ## c
|
||||
+#define VCOMBINE(a, b, c) VINDIRECT(a, b, c)
|
||||
+
|
||||
+#if defined(__COUNTER__)
|
||||
+# define VUNIQ_NAME(base) VCOMBINE(base, __LINE__, __COUNTER__)
|
||||
+#else
|
||||
+# define VUNIQ_NAME(base) VCOMBINE(base, __LINE__, 0)
|
||||
+#endif
|
||||
+
|
||||
+#ifdef _lint
|
||||
+#define typeof(x) __typeof__(x)
|
||||
+#endif
|
||||
+
|
||||
+/* ref: https://gcc.gnu.org/onlinedocs/gcc/Typeof.html */
|
||||
+
|
||||
+#define _vtake(op, ta, tb, a, b, _va, _vb) \
|
||||
+ ({ \
|
||||
+ ta _va = (a); \
|
||||
+ tb _vb = (b); \
|
||||
+ (void)(&_va == &_vb); \
|
||||
+ _va op _vb ? _va : _vb; \
|
||||
+})
|
||||
+
|
||||
+#define opmin <
|
||||
+#define opmax >
|
||||
+#define vtake(n, ta, tb, a, b) _vtake(op ## n, ta, tb, a, b, \
|
||||
+ VUNIQ_NAME(_v ## n ## A), VUNIQ_NAME(_v ## n ## B))
|
||||
+
|
||||
+#define vmin(a, b) vtake(min, typeof(a), typeof(b), a, b)
|
||||
+#define vmax(a, b) vtake(max, typeof(a), typeof(b), a, b)
|
||||
+
|
||||
+#define vmin_t(type, a, b) vtake(min, type, type, a, b)
|
||||
+#define vmax_t(type, a, b) vtake(max, type, type, a, b)
|
||||
+
|
||||
/*********************************************************************
|
||||
* Pointer alignment magic
|
||||
*/
|
328
varnish-6.6.2-CVE-2023-44487-vcl_vrt.patch
Normal file
328
varnish-6.6.2-CVE-2023-44487-vcl_vrt.patch
Normal file
@ -0,0 +1,328 @@
|
||||
commit bb44b34d5e9078ede3769ef519badb65d340351a
|
||||
Author: Tomas Korbar <tkorbar@redhat.com>
|
||||
Date: Wed Oct 18 12:32:24 2023 +0200
|
||||
|
||||
vcl_vrt: Skip VCL execution if the client is gone
|
||||
|
||||
Upstream PR #3998
|
||||
and 4991d9f6e40f381d058a83fc21ceed90e34a822e for r03996.vtc
|
||||
|
||||
diff --git a/bin/varnishd/VSC_main.vsc b/bin/varnishd/VSC_main.vsc
|
||||
index d55b9df..0978c2f 100644
|
||||
--- a/bin/varnishd/VSC_main.vsc
|
||||
+++ b/bin/varnishd/VSC_main.vsc
|
||||
@@ -342,6 +342,15 @@
|
||||
Number of times an HTTP/2 stream was refused because the queue was
|
||||
too long already. See also parameter thread_queue_limit.
|
||||
|
||||
+.. varnish_vsc:: req_reset
|
||||
+ :group: wrk
|
||||
+ :oneliner: Requests reset
|
||||
+
|
||||
+ Number of times a client left before the VCL processing of its
|
||||
+ requests completed. For HTTP/2 sessions, either the stream was
|
||||
+ reset by an RST_STREAM frame from the client, or a stream or
|
||||
+ connection error occurred.
|
||||
+
|
||||
.. varnish_vsc:: n_object
|
||||
:type: gauge
|
||||
:group: wrk
|
||||
diff --git a/bin/varnishd/cache/cache_transport.h b/bin/varnishd/cache/cache_transport.h
|
||||
index 3650291..be396b9 100644
|
||||
--- a/bin/varnishd/cache/cache_transport.h
|
||||
+++ b/bin/varnishd/cache/cache_transport.h
|
||||
@@ -44,6 +44,7 @@ typedef void vtr_sess_panic_f (struct vsb *, const struct sess *);
|
||||
typedef void vtr_req_panic_f (struct vsb *, const struct req *);
|
||||
typedef void vtr_req_fail_f (struct req *, enum sess_close);
|
||||
typedef void vtr_reembark_f (struct worker *, struct req *);
|
||||
+typedef int vtr_poll_f (struct req *);
|
||||
typedef int vtr_minimal_response_f (struct req *, uint16_t status);
|
||||
|
||||
struct transport {
|
||||
@@ -64,6 +65,7 @@ struct transport {
|
||||
vtr_sess_panic_f *sess_panic;
|
||||
vtr_req_panic_f *req_panic;
|
||||
vtr_reembark_f *reembark;
|
||||
+ vtr_poll_f *poll;
|
||||
vtr_minimal_response_f *minimal_response;
|
||||
|
||||
VTAILQ_ENTRY(transport) list;
|
||||
diff --git a/bin/varnishd/cache/cache_vrt_vcl.c b/bin/varnishd/cache/cache_vrt_vcl.c
|
||||
index 023ba00..2fbaff6 100644
|
||||
--- a/bin/varnishd/cache/cache_vrt_vcl.c
|
||||
+++ b/bin/varnishd/cache/cache_vrt_vcl.c
|
||||
@@ -42,6 +42,7 @@
|
||||
#include "vbm.h"
|
||||
|
||||
#include "cache_director.h"
|
||||
+#include "cache_transport.h"
|
||||
#include "cache_vcl.h"
|
||||
#include "vcc_interface.h"
|
||||
|
||||
@@ -437,6 +438,40 @@ VRT_VCL_Allow_Discard(struct vclref **refp)
|
||||
FREE_OBJ(ref);
|
||||
}
|
||||
|
||||
+/*--------------------------------------------------------------------
|
||||
+ */
|
||||
+
|
||||
+static int
|
||||
+req_poll(struct worker *wrk, struct req *req)
|
||||
+{
|
||||
+ struct req *top;
|
||||
+
|
||||
+ /* NB: Since a fail transition leads to vcl_synth, the request may be
|
||||
+ * short-circuited twice.
|
||||
+ */
|
||||
+ if (req->req_reset) {
|
||||
+ wrk->handling = VCL_RET_FAIL;
|
||||
+ return (-1);
|
||||
+ }
|
||||
+
|
||||
+ top = req->top->topreq;
|
||||
+ CHECK_OBJ_NOTNULL(top, REQ_MAGIC);
|
||||
+ CHECK_OBJ_NOTNULL(top->transport, TRANSPORT_MAGIC);
|
||||
+
|
||||
+ if (!FEATURE(FEATURE_VCL_REQ_RESET))
|
||||
+ return (0);
|
||||
+ if (top->transport->poll == NULL)
|
||||
+ return (0);
|
||||
+ if (top->transport->poll(top) >= 0)
|
||||
+ return (0);
|
||||
+
|
||||
+ VSLb_ts_req(req, "Reset", W_TIM_real(wrk));
|
||||
+ wrk->stats->req_reset++;
|
||||
+ wrk->handling = VCL_RET_FAIL;
|
||||
+ req->req_reset = 1;
|
||||
+ return (-1);
|
||||
+}
|
||||
+
|
||||
/*--------------------------------------------------------------------
|
||||
* Method functions to call into VCL programs.
|
||||
*
|
||||
@@ -468,6 +503,8 @@ vcl_call_method(struct worker *wrk, struct req *req, struct busyobj *bo,
|
||||
CHECK_OBJ_NOTNULL(req->sp, SESS_MAGIC);
|
||||
CHECK_OBJ_NOTNULL(req->vcl, VCL_MAGIC);
|
||||
CHECK_OBJ_NOTNULL(req->top, REQTOP_MAGIC);
|
||||
+ if (req_poll(wrk, req))
|
||||
+ return;
|
||||
VCL_Req2Ctx(&ctx, req);
|
||||
}
|
||||
assert(ctx.now != 0);
|
||||
diff --git a/bin/varnishd/http2/cache_http2_session.c b/bin/varnishd/http2/cache_http2_session.c
|
||||
index f81c94a..f978763 100644
|
||||
--- a/bin/varnishd/http2/cache_http2_session.c
|
||||
+++ b/bin/varnishd/http2/cache_http2_session.c
|
||||
@@ -439,6 +439,16 @@ h2_new_session(struct worker *wrk, void *arg)
|
||||
h2_del_sess(wrk, h2, h2->error->reason);
|
||||
}
|
||||
|
||||
+static int v_matchproto_(vtr_poll_f)
|
||||
+h2_poll(struct req *req)
|
||||
+{
|
||||
+ struct h2_req *r2;
|
||||
+
|
||||
+ CHECK_OBJ_NOTNULL(req, REQ_MAGIC);
|
||||
+ CAST_OBJ_NOTNULL(r2, req->transport_priv, H2_REQ_MAGIC);
|
||||
+ return (r2->error ? -1 : 1);
|
||||
+}
|
||||
+
|
||||
struct transport H2_transport = {
|
||||
.name = "H2",
|
||||
.magic = TRANSPORT_MAGIC,
|
||||
@@ -448,4 +458,5 @@ struct transport H2_transport = {
|
||||
.req_body = h2_req_body,
|
||||
.req_fail = h2_req_fail,
|
||||
.sess_panic = h2_sess_panic,
|
||||
+ .poll = h2_poll,
|
||||
};
|
||||
diff --git a/bin/varnishd/mgt/mgt_param_bits.c b/bin/varnishd/mgt/mgt_param_bits.c
|
||||
index d6a9c3f..6d9b32a 100644
|
||||
--- a/bin/varnishd/mgt/mgt_param_bits.c
|
||||
+++ b/bin/varnishd/mgt/mgt_param_bits.c
|
||||
@@ -276,7 +276,7 @@ struct parspec VSL_parspec[] = {
|
||||
#undef DEBUG_BIT
|
||||
},
|
||||
{ "feature", tweak_feature, NULL,
|
||||
- NULL, NULL, "default",
|
||||
+ NULL, NULL, "+validate_headers +vcl_req_reset",
|
||||
NULL,
|
||||
"Enable/Disable various minor features.\n"
|
||||
"\tdefault\tSet default value\n"
|
||||
diff --git a/bin/varnishtest/tests/r03996.vtc b/bin/varnishtest/tests/r03996.vtc
|
||||
index 3fee370..7faf783 100644
|
||||
--- a/bin/varnishtest/tests/r03996.vtc
|
||||
+++ b/bin/varnishtest/tests/r03996.vtc
|
||||
@@ -1,6 +1,7 @@
|
||||
varnishtest "h2 rapid reset"
|
||||
|
||||
-barrier b1 sock 5
|
||||
+barrier b1 sock 2 -cyclic
|
||||
+barrier b2 sock 5 -cyclic
|
||||
|
||||
server s1 {
|
||||
rxreq
|
||||
@@ -16,7 +17,10 @@ varnish v1 -vcl+backend {
|
||||
import vtc;
|
||||
|
||||
sub vcl_recv {
|
||||
- vtc.barrier_sync("${b1_sock}");
|
||||
+ if (req.http.barrier) {
|
||||
+ vtc.barrier_sync(req.http.barrier);
|
||||
+ }
|
||||
+ vtc.barrier_sync("${b2_sock}");
|
||||
}
|
||||
|
||||
} -start
|
||||
@@ -27,6 +31,41 @@ client c1 {
|
||||
expect goaway.err == ENHANCE_YOUR_CALM
|
||||
} -start
|
||||
|
||||
+ stream 1 {
|
||||
+ txreq -hdr barrier ${b1_sock}
|
||||
+ barrier b1 sync
|
||||
+ txrst
|
||||
+ } -run
|
||||
+ stream 3 {
|
||||
+ txreq -hdr barrier ${b1_sock}
|
||||
+ barrier b1 sync
|
||||
+ txrst
|
||||
+ } -run
|
||||
+ stream 5 {
|
||||
+ txreq -hdr barrier ${b1_sock}
|
||||
+ barrier b1 sync
|
||||
+ txrst
|
||||
+ } -run
|
||||
+ stream 7 {
|
||||
+ txreq -hdr barrier ${b1_sock}
|
||||
+ barrier b1 sync
|
||||
+ txrst
|
||||
+ } -run
|
||||
+
|
||||
+ barrier b2 sync
|
||||
+ stream 0 -wait
|
||||
+} -run
|
||||
+
|
||||
+varnish v1 -expect sc_rapid_reset == 1
|
||||
+
|
||||
+varnish v1 -cliok "param.set feature -vcl_req_reset"
|
||||
+
|
||||
+client c2 {
|
||||
+ stream 0 {
|
||||
+ rxgoaway
|
||||
+ expect goaway.err == ENHANCE_YOUR_CALM
|
||||
+ } -start
|
||||
+
|
||||
stream 1 {
|
||||
txreq
|
||||
txrst
|
||||
@@ -44,8 +83,8 @@ client c1 {
|
||||
txrst
|
||||
} -run
|
||||
|
||||
- barrier b1 sync
|
||||
+ barrier b2 sync
|
||||
stream 0 -wait
|
||||
} -run
|
||||
|
||||
-varnish v1 -expect sc_rapid_reset == 1
|
||||
+varnish v1 -expect sc_rapid_reset == 2
|
||||
diff --git a/bin/varnishtest/tests/t02025.vtc b/bin/varnishtest/tests/t02025.vtc
|
||||
new file mode 100644
|
||||
index 0000000..3b7e90e
|
||||
--- /dev/null
|
||||
+++ b/bin/varnishtest/tests/t02025.vtc
|
||||
@@ -0,0 +1,49 @@
|
||||
+varnishtest "h2 reset interrupt"
|
||||
+
|
||||
+barrier b1 sock 2
|
||||
+barrier b2 sock 2
|
||||
+
|
||||
+varnish v1 -cliok "param.set feature +http2"
|
||||
+varnish v1 -cliok "param.set debug +syncvsl"
|
||||
+varnish v1 -vcl {
|
||||
+ import vtc;
|
||||
+
|
||||
+ backend be none;
|
||||
+
|
||||
+ sub vcl_recv {
|
||||
+ vtc.barrier_sync("${b1_sock}");
|
||||
+ vtc.barrier_sync("${b2_sock}");
|
||||
+ }
|
||||
+
|
||||
+ sub vcl_miss {
|
||||
+ vtc.panic("unreachable");
|
||||
+ }
|
||||
+} -start
|
||||
+
|
||||
+logexpect l1 -v v1 -g raw -i Debug {
|
||||
+ expect * * Debug "^H2RXF RST_STREAM"
|
||||
+} -start
|
||||
+
|
||||
+client c1 {
|
||||
+ stream 1 {
|
||||
+ txreq
|
||||
+ barrier b1 sync
|
||||
+ txrst
|
||||
+ } -run
|
||||
+} -start
|
||||
+
|
||||
+logexpect l1 -wait
|
||||
+barrier b2 sync
|
||||
+
|
||||
+varnish v1 -vsl_catchup
|
||||
+varnish v1 -expect req_reset == 1
|
||||
+
|
||||
+# NB: The varnishncsa command below shows a minimal pattern to collect
|
||||
+# "rapid reset" suspects per session, with the IP address. Here rapid
|
||||
+# is interpreted as before a second elapsed. Session VXIDs showing up
|
||||
+# numerous times become increasingly more suspicious. The format can of
|
||||
+# course be extended to add anything else useful for data mining.
|
||||
+shell -expect "1000 ${localhost}" {
|
||||
+ varnishncsa -n ${v1_name} -d \
|
||||
+ -q 'Timestamp:Reset[2] < 1.0' -F '%{VSL:Begin[2]}x %h'
|
||||
+}
|
||||
diff --git a/doc/sphinx/reference/vsl.rst b/doc/sphinx/reference/vsl.rst
|
||||
index cf63089..f1ed987 100644
|
||||
--- a/doc/sphinx/reference/vsl.rst
|
||||
+++ b/doc/sphinx/reference/vsl.rst
|
||||
@@ -76,6 +76,11 @@ Resp
|
||||
Restart
|
||||
Client request is being restarted.
|
||||
|
||||
+Reset
|
||||
+ The client closed its connection, reset its stream or caused
|
||||
+ a stream error that forced Varnish to reset the stream. Request
|
||||
+ processing is interrupted and considered failed.
|
||||
+
|
||||
Pipe handling timestamps
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
diff --git a/include/tbl/feature_bits.h b/include/tbl/feature_bits.h
|
||||
index d51b22c..3d6ac35 100644
|
||||
--- a/include/tbl/feature_bits.h
|
||||
+++ b/include/tbl/feature_bits.h
|
||||
@@ -82,6 +82,11 @@ FEATURE_BIT(BUSY_STATS_RATE, busy_stats_rate,
|
||||
"Make busy workers comply with thread_stats_rate."
|
||||
)
|
||||
|
||||
+FEATURE_BIT(VCL_REQ_RESET, vcl_req_reset,
|
||||
+ "Stop processing client VCL once the client is gone. "
|
||||
+ "When this happens MAIN.req_reset is incremented."
|
||||
+)
|
||||
+
|
||||
#undef FEATURE_BIT
|
||||
|
||||
/*lint -restore */
|
||||
diff --git a/include/tbl/req_flags.h b/include/tbl/req_flags.h
|
||||
index 2e82660..9e72312 100644
|
||||
--- a/include/tbl/req_flags.h
|
||||
+++ b/include/tbl/req_flags.h
|
||||
@@ -41,6 +41,7 @@ REQ_FLAG(is_hitpass, 1, 0, "")
|
||||
REQ_FLAG(waitinglist, 0, 0, "")
|
||||
REQ_FLAG(want100cont, 0, 0, "")
|
||||
REQ_FLAG(late100cont, 0, 0, "")
|
||||
+REQ_FLAG(req_reset, 0, 0, "")
|
||||
#undef REQ_FLAG
|
||||
|
||||
/*lint -restore */
|
1063
varnish-6.6.2-CVE-2024-30156.patch
Normal file
1063
varnish-6.6.2-CVE-2024-30156.patch
Normal file
File diff suppressed because it is too large
Load Diff
40
varnish.params
Normal file
40
varnish.params
Normal file
@ -0,0 +1,40 @@
|
||||
# Varnish environment configuration description. This was derived from
|
||||
# the old style sysconfig/defaults settings
|
||||
|
||||
# Set this to 1 to make systemd reload try to switch vcl without restart.
|
||||
RELOAD_VCL=1
|
||||
|
||||
# Main configuration file. You probably want to change it.
|
||||
VARNISH_VCL_CONF=/etc/varnish/default.vcl
|
||||
|
||||
# Default address and port to bind to. Blank address means all IPv4
|
||||
# and IPv6 interfaces, otherwise specify a host name, an IPv4 dotted
|
||||
# quad, or an IPv6 address in brackets.
|
||||
# VARNISH_LISTEN_ADDRESS=192.168.1.5
|
||||
VARNISH_LISTEN_PORT=6081
|
||||
|
||||
# Admin interface listen address and port
|
||||
VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
|
||||
VARNISH_ADMIN_LISTEN_PORT=6082
|
||||
|
||||
# Shared secret file for admin interface
|
||||
VARNISH_SECRET_FILE=/etc/varnish/secret
|
||||
|
||||
# The minimum and maximum number of worker threads to start
|
||||
VARNISH_MIN_THREADS=5
|
||||
VARNISH_MAX_THREADS=1000
|
||||
|
||||
# Idle timeout for worker threads
|
||||
VARNISH_THREAD_TIMEOUT=120
|
||||
|
||||
# Backend storage specification, see Storage Types in the varnishd(5)
|
||||
# man page for details.
|
||||
VARNISH_STORAGE="file,/var/lib/varnish/varnish_storage.bin,1G"
|
||||
|
||||
# Default TTL used when the backend does not specify one
|
||||
VARNISH_TTL=120
|
||||
|
||||
# User and group for the varnishd worker processes
|
||||
VARNISH_USER=varnish
|
||||
VARNISH_GROUP=varnish
|
||||
|
47
varnish.service
Normal file
47
varnish.service
Normal file
@ -0,0 +1,47 @@
|
||||
[Unit]
|
||||
Description=Varnish a high-perfomance HTTP accelerator
|
||||
After=syslog.target network.target
|
||||
|
||||
[Service]
|
||||
|
||||
#
|
||||
# If you want to make changes to this file, please copy it to
|
||||
# /etc/systemd/system/varnish.service and make your changes there.
|
||||
# This will override the file kept at /lib/systemd/system/varnish.service
|
||||
#
|
||||
# Enviroment variables may be found in /etc/varnish/varnish.params
|
||||
#
|
||||
|
||||
# Maximum number of open files (for ulimit -n)
|
||||
LimitNOFILE=131072
|
||||
|
||||
# Locked shared memory (for ulimit -l)
|
||||
# Default log size is 82MB + header
|
||||
LimitMEMLOCK=82000
|
||||
|
||||
# Maximum size of the corefile.
|
||||
LimitCORE=infinity
|
||||
|
||||
EnvironmentFile=/etc/varnish/varnish.params
|
||||
|
||||
Type=forking
|
||||
PIDFile=/var/run/varnish.pid
|
||||
PrivateTmp=true
|
||||
ExecStart=/usr/sbin/varnishd \
|
||||
-P /var/run/varnish.pid \
|
||||
-f $VARNISH_VCL_CONF \
|
||||
-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \
|
||||
-T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \
|
||||
-t $VARNISH_TTL \
|
||||
-w ${VARNISH_MIN_THREADS},${VARNISH_MAX_THREADS},${VARNISH_THREAD_TIMEOUT} \
|
||||
-u $VARNISH_USER \
|
||||
-g $VARNISH_GROUP \
|
||||
-S $VARNISH_SECRET_FILE \
|
||||
-s $VARNISH_STORAGE \
|
||||
$DAEMON_OPTS
|
||||
|
||||
ExecReload=/usr/sbin/varnish_reload_vcl
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
@ -1,90 +1,135 @@
|
||||
%global _hardened_build 1
|
||||
%global debug_package %{nil}
|
||||
%global _hardened_build 0
|
||||
# https://github.com/varnishcache/varnish-cache/issues/2269
|
||||
%global debug_package %{nil}
|
||||
|
||||
%if 0%{?rhel} == 7
|
||||
%global _use_internal_dependency_generator 0
|
||||
%global __find_provides %{_builddir}/%{name}-%{version}/find-provides %__find_provides
|
||||
%global __python /usr/bin/python3.4
|
||||
%else
|
||||
%global __python %{__python3}
|
||||
%endif
|
||||
|
||||
%global __provides_exclude_from ^%{_libdir}/varnish/vmods
|
||||
|
||||
%global abi 17c51b08e037fc8533fb3687a042a867235fc72f
|
||||
%global vrt 13.0
|
||||
|
||||
# Package scripts are now external
|
||||
# https://github.com/varnishcache/pkg-varnish-cache
|
||||
%global commit1 0ad2f22629c4a368959c423a19e352c9c6c79682
|
||||
%global commit1 ec7ad9e6c6dd7c9b4f4ba60c5b223376908c3ca6
|
||||
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
||||
|
||||
%bcond_without python2
|
||||
%bcond_with python3
|
||||
|
||||
%if %{with python2} == %{with python3}
|
||||
%error Pick exactly one Python version
|
||||
%endif
|
||||
|
||||
Summary: High-performance HTTP accelerator
|
||||
Name: varnish
|
||||
Version: 6.0.8
|
||||
Release: 2%{?dist}.1
|
||||
Version: 6.6.2
|
||||
Release: 6%{?dist}
|
||||
License: BSD
|
||||
Group: System Environment/Daemons
|
||||
URL: https://www.varnish-cache.org/
|
||||
Source0: http://varnish-cache.org/_downloads/%{name}-%{version}%{?vd_rc}.tgz
|
||||
Source0: http://varnish-cache.org/_downloads/%{name}-%{version}.tgz
|
||||
Source1: https://github.com/varnishcache/pkg-varnish-cache/archive/%{commit1}.tar.gz#/pkg-varnish-cache-%{shortcommit1}.tar.gz
|
||||
Patch1: varnish-5.1.1.fix_ld_library_path_in_doc_build.patch
|
||||
Patch4: varnish-4.0.3_fix_varnish4_selinux.el6.patch
|
||||
Patch9: varnish-5.1.1.fix_python_version.patch
|
||||
|
||||
# https://github.com/varnishcache/varnish-cache/commit/5220c394232c25bb7a807a35e7394059ecefa821#diff-2279587378a4426edde05f42e1acca5e
|
||||
Patch11: varnish-6.0.0.fix_el6_fortify_source.patch
|
||||
# Patches:
|
||||
# Patch 001: Because of Fedora's libtool no-rpath requirement, it is still
|
||||
# necessary to add LD_LIBRARY_PATH when building the documentation
|
||||
# (Fixed by using LT_SYS_LIBRARY_PATH)
|
||||
#Patch1: varnish-6.1.1_fix_ld_library_path_in_doc_build.patch
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2045031
|
||||
Patch100: varnish-6.0.8.CVE-2022-23959.patch
|
||||
# Patch 004: varnish selinux support for el6
|
||||
#Patch4: varnish-4.0.3_fix_varnish4_selinux.el6.patch
|
||||
|
||||
# Patch 009: Hard code older python support in configure for older el releases
|
||||
#Patch9: varnish-5.1.1.fix_python_version.patch
|
||||
|
||||
# Patch 012: Fix test for variants of ncurses, based on upstream commit 9bdc5f75, upstream issue #2668
|
||||
#Patch12: varnish-6.0.1_fix_bug2668.patch
|
||||
|
||||
# Patch 013: Just a simple format error
|
||||
#Patch13: varnish-6.1.0_fix_testu00008.patch
|
||||
|
||||
# Patch 014: Another formatting error fixed upstream, issue 2879
|
||||
#Patch14: varnish-6.1.1_fix_upstrbug_2879.patch
|
||||
|
||||
# Patch 015: pcre-jit fixed upstream, issue #2912
|
||||
#Patch15: varnish-6.1.1_fix_issue_2912.patch
|
||||
|
||||
# Patch 016: Fix some warnings that prohibited clean -Werror compilation
|
||||
# on el6. Will not be fixed upstream. Patch grows more stupid
|
||||
# for each iteration :-(
|
||||
#Patch16: varnish-6.5.0_el6_fix_warning_from_old_gcc.patch
|
||||
|
||||
# Patch 017: Fix stack size on ppc64 in test c_00057, upstream commit 88948d9
|
||||
#Patch17: varnish-6.2.0_fix_ppc64_for_test_c00057.patch
|
||||
|
||||
# Patch 018: gcc-10.0.1/s390x compilation fix, upstream commit b0af060
|
||||
#Patch18: varnish-6.3.2_fix_s390x.patch
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2141844
|
||||
Patch101: varnish-6.0.8-CVE-2022-45060.patch
|
||||
Patch100: varnish-6.6.2-CVE-2022-45060.patch
|
||||
|
||||
Obsoletes: varnish-libs
|
||||
# https://issues.redhat.com/browse/RHEL-12818
|
||||
Patch101: varnish-6.6.2-CVE-2023-44487-rate_limit.patch
|
||||
|
||||
%if %{with python3}
|
||||
BuildRequires: python3, python3-sphinx, python3-docutils
|
||||
# https://issues.redhat.com/browse/RHEL-12818
|
||||
Patch102: varnish-6.6.2-CVE-2023-44487-vcl_vrt.patch
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2271486
|
||||
Patch103: varnish-6.6.2-CVE-2024-30156.patch
|
||||
|
||||
%if 0%{?fedora} > 29
|
||||
Provides: varnish%{_isa} = %{version}-%{release}
|
||||
Provides: varnishd(abi)%{_isa} = %{abi}
|
||||
Provides: varnishd(vrt)%{_isa} = %{vrt}
|
||||
|
||||
Provides: vmod(blob)%{_isa} = %{version}-%{release}
|
||||
Provides: vmod(directors)%{_isa} = %{version}-%{release}
|
||||
Provides: vmod(proxy)%{_isa} = %{version}-%{release}
|
||||
Provides: vmod(purge)%{_isa} = %{version}-%{release}
|
||||
Provides: vmod(std)%{_isa} = %{version}-%{release}
|
||||
Provides: vmod(unix)%{_isa} = %{version}-%{release}
|
||||
Provides: vmod(vtc)%{_isa} = %{version}-%{release}
|
||||
%endif
|
||||
|
||||
Obsoletes: varnish-libs < %{version}-%{release}
|
||||
|
||||
%if 0%{?rhel} == 7
|
||||
BuildRequires: python34 python34-sphinx python34-docutils
|
||||
%else
|
||||
%if 0%{?rhel} >= 6
|
||||
BuildRequires: python-sphinx
|
||||
%endif
|
||||
BuildRequires: python-docutils
|
||||
BuildRequires: python3, python3-sphinx, python3-docutils
|
||||
%endif
|
||||
# Drop jemalloc dependency in RHEL-9
|
||||
# BuildRequires: jemalloc-devel
|
||||
BuildRequires: libedit-devel
|
||||
BuildRequires: ncurses-devel
|
||||
BuildRequires: pcre-devel
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: gcc
|
||||
BuildRequires: make
|
||||
BuildRequires: graphviz
|
||||
|
||||
# Extra requirements for the build suite
|
||||
BuildRequires: nghttp2
|
||||
|
||||
%if 0%{?rhel} == 6
|
||||
BuildRequires: selinux-policy
|
||||
%endif
|
||||
# haproxy is broken in rawhide now
|
||||
#if 0#{?fedora} || 0#{?rhel} >= 8
|
||||
#BuildRequires: haproxy
|
||||
#endif
|
||||
|
||||
Requires: logrotate
|
||||
Requires: ncurses
|
||||
Requires: pcre
|
||||
# Drop jemalloc dependency in RHEL-9
|
||||
# Requires: jemalloc
|
||||
Requires: redhat-rpm-config
|
||||
Requires(pre): shadow-utils
|
||||
Requires(post): /usr/bin/uuidgen
|
||||
# Varnish actually needs gcc installed to work. It uses the C compiler
|
||||
# at runtime to compile the VCL configuration files. This is by design.
|
||||
Requires: gcc
|
||||
%if 0%{?fedora} >= 17 || 0%{?rhel} >= 7
|
||||
Requires(post): systemd-units
|
||||
Requires(post): systemd-sysv
|
||||
Requires(preun): systemd-units
|
||||
Requires(postun): systemd-units
|
||||
BuildRequires: systemd-units
|
||||
%endif
|
||||
%if 0%{?rhel} == 6
|
||||
Requires: %{name}-selinux
|
||||
Requires(post): policycoreutils,
|
||||
Requires(preun): policycoreutils
|
||||
Requires(postun): policycoreutils
|
||||
Requires(post): /sbin/chkconfig
|
||||
Requires(preun): /sbin/chkconfig
|
||||
Requires(preun): /sbin/service
|
||||
%endif
|
||||
|
||||
%description
|
||||
This is Varnish Cache, a high-performance HTTP accelerator.
|
||||
@ -99,124 +144,95 @@ available on: https://www.varnish-cache.org/
|
||||
|
||||
%package devel
|
||||
Summary: Development files for %{name}
|
||||
Group: Development/Libraries
|
||||
BuildRequires: ncurses-devel
|
||||
#BuildRequires: ncurses-devel
|
||||
Provides: varnish-libs-devel%{?isa} = %{version}-%{release}
|
||||
Provides: varnish-libs-devel = %{version}-%{release}
|
||||
Obsoletes: varnish-libs-devel
|
||||
%if %{with python2}
|
||||
Requires: python
|
||||
%endif
|
||||
Obsoletes: varnish-libs-devel < %{version}-%{release}
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
Requires: python3
|
||||
|
||||
%description devel
|
||||
Development files for %{name}
|
||||
Varnish Cache is a high-performance HTTP accelerator
|
||||
|
||||
%package docs
|
||||
Summary: Documentation files for %name
|
||||
Group: Documentation
|
||||
|
||||
%description docs
|
||||
Documentation files for %name
|
||||
|
||||
%if 0%{?rhel} == 6
|
||||
%package selinux
|
||||
Summary: Minimal selinux policy for running varnish
|
||||
Group: System Environment/Daemons
|
||||
|
||||
%description selinux
|
||||
Minimal selinux policy for running varnish4
|
||||
%endif
|
||||
|
||||
%prep
|
||||
%setup -q -n varnish-%{version}%{?vd_rc}
|
||||
%setup -q
|
||||
tar xzf %SOURCE1
|
||||
ln -s pkg-varnish-cache-%{commit1}/redhat redhat
|
||||
ln -s pkg-varnish-cache-%{commit1}/debian debian
|
||||
cp redhat/find-provides .
|
||||
%if 0%{?rhel} == 6
|
||||
cp pkg-varnish-cache-%{commit1}/sysv/redhat/* redhat/
|
||||
sed -i '8 i\RPM_BUILD_ROOT=%{buildroot}' find-provides
|
||||
%endif
|
||||
sed -i 's,rst2man-3.6,rst2man-3.4,g; s,rst2html-3.6,rst2html-3.4,g; s,phinx-build-3.6,phinx-build-3.4,g' configure
|
||||
|
||||
%patch1 -p1
|
||||
%if 0%{?rhel} == 6
|
||||
%patch4 -p0
|
||||
%patch9 -p0
|
||||
%patch11 -p0
|
||||
%endif
|
||||
|
||||
%patch100 -p1
|
||||
%patch101 -p1
|
||||
%patch100 -p1 -b .CVE-2022-45060
|
||||
%patch101 -p1 -b .CVE-2023-44487
|
||||
%patch102 -p1 -b .CVE-2023-44487-vcl
|
||||
%patch103 -p1 -b .CVE-2024-30156
|
||||
|
||||
%build
|
||||
%if 0%{?rhel} == 6
|
||||
export CFLAGS="%{optflags} -fPIC"
|
||||
export LDFLAGS=" -pie"
|
||||
%endif
|
||||
|
||||
# https://gcc.gnu.org/wiki/FAQ#PR323
|
||||
%ifarch %ix86
|
||||
%if 0%{?fedora} > 21
|
||||
export CFLAGS="%{optflags} -ffloat-store -fexcess-precision=standard"
|
||||
%endif
|
||||
%if 0%{?rhel} >= 6
|
||||
export CFLAGS="%{optflags} -fPIC -ffloat-store"
|
||||
%endif
|
||||
|
||||
%ifarch s390x
|
||||
export CFLAGS="%{optflags} -Wno-error=free-nonheap-object"
|
||||
%endif
|
||||
|
||||
# What gcc version is this?
|
||||
gcc --version
|
||||
|
||||
# What is the page size
|
||||
getconf PAGESIZE
|
||||
|
||||
# Man pages are prebuilt. No need to regenerate them.
|
||||
export RST2MAN=/bin/true
|
||||
# Explicit python, please
|
||||
export PYTHON=%{__python}
|
||||
|
||||
%configure --disable-static \
|
||||
--with-jemalloc=no \
|
||||
%configure LT_SYS_LIBRARY_PATH=%_libdir \
|
||||
--disable-static \
|
||||
--localstatedir=/var/lib \
|
||||
--docdir=%{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
|
||||
#ifarch x86_64 #arm
|
||||
--docdir=%{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}} \
|
||||
--without-jemalloc \
|
||||
# --disable-pcre-jit \
|
||||
#endif
|
||||
|
||||
# We have to remove rpath - not allowed in Fedora
|
||||
# (This problem only visible on 64 bit arches)
|
||||
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g;
|
||||
s|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
|
||||
|
||||
# I'll never understand libtool
|
||||
mkdir lib/libvarnishapi/.libs
|
||||
pushd lib/libvarnishapi/.libs
|
||||
ln -s libvarnishapi.so libvarnishapi.so.1
|
||||
popd
|
||||
|
||||
# Upstream github issue #2265
|
||||
%if 0%{?rhel} == 6
|
||||
sed -i 's/-Werror$//g;' bin/varnishd/Makefile
|
||||
sed -i 's/-Werror$//g;' lib/libvarnishapi/Makefile
|
||||
%endif
|
||||
|
||||
make %{?_smp_mflags} V=1
|
||||
|
||||
# One varnish user is enough
|
||||
sed -i 's,User=varnishlog,User=varnish,g;' redhat/varnishncsa.service
|
||||
|
||||
# Explicit python, please
|
||||
%if %{with python2}
|
||||
sed -i 's/env python3/python2/g;' lib/libvcc/vmodtool.py lib/libvcc/vsctool.py
|
||||
%else
|
||||
sed -i 's/env python3/python3/g;' lib/libvcc/vmodtool.py lib/libvcc/vsctool.py
|
||||
%endif
|
||||
|
||||
# Clean up the html documentation
|
||||
rm -rf doc/html/_sources
|
||||
|
||||
%check
|
||||
%ifarch ppc64 ppc64le aarch64
|
||||
sed -i 's/48/128/g;' bin/varnishtest/tests/c00057.vtc
|
||||
|
||||
# Remove this for now. Hard to get the size and timing right
|
||||
%ifarch s390 s390x aarch64
|
||||
rm bin/varnishtest/tests/o00005.vtc
|
||||
%endif
|
||||
#make %{?_smp_mflags} check LD_LIBRARY_PATH="%{buildroot}%{_libdir}:%{buildroot}%{_libdir}/%{name}" VERBOSE=1
|
||||
# disable test because of CVE-2023-44487 fix
|
||||
# https://github.com/varnishcache/varnish-cache/pull/3998#issuecomment-1764649216
|
||||
rm bin/varnishtest/tests/t02014.vtc
|
||||
|
||||
make %{?_smp_mflags} check VERBOSE=1
|
||||
|
||||
|
||||
%install
|
||||
rm -rf %{buildroot}
|
||||
make install DESTDIR=%{buildroot} INSTALL="install -p"
|
||||
|
||||
# mock el7 defaults to LANG=C, which makes python3 fail when parsing utf8 text
|
||||
%if 0%{?rhel} == 7
|
||||
export LANG=en_US.UTF-8
|
||||
%endif
|
||||
|
||||
%{make_install}
|
||||
|
||||
# None of these for fedora
|
||||
find %{buildroot}/%{_libdir}/ -name '*.la' -exec rm -f {} ';'
|
||||
@ -230,33 +246,20 @@ install -D -m 0644 redhat/varnish.logrotate %{buildroot}%{_sysconfdir}/logrotate
|
||||
install -D -m 0644 include/vcs_version.h %{buildroot}%{_includedir}/varnish
|
||||
install -D -m 0644 include/vrt.h %{buildroot}%{_includedir}/varnish
|
||||
|
||||
# systemd support
|
||||
%if 0%{?fedora} >= 17 || 0%{?rhel} >= 7
|
||||
mkdir -p %{buildroot}%{_unitdir}
|
||||
install -D -m 0644 redhat/varnish.service %{buildroot}%{_unitdir}/varnish.service
|
||||
install -D -m 0644 redhat/varnishncsa.service %{buildroot}%{_unitdir}/varnishncsa.service
|
||||
|
||||
# default is standard sysvinit
|
||||
%else
|
||||
install -D -m 0644 redhat/varnish.sysconfig %{buildroot}%{_sysconfdir}/sysconfig/varnish
|
||||
install -D -m 0755 redhat/varnish.initrc %{buildroot}%{_initrddir}/varnish
|
||||
install -D -m 0755 redhat/varnishncsa.initrc %{buildroot}%{_initrddir}/varnishncsa
|
||||
%endif
|
||||
install -D -m 0755 redhat/varnishreload %{buildroot}%{_sbindir}/varnishreload
|
||||
|
||||
echo %{_libdir}/varnish > %{buildroot}%{_sysconfdir}/ld.so.conf.d/varnish-%{_arch}.conf
|
||||
|
||||
# No idea why these ends up with mode 600 in the debug package
|
||||
%if 0%{debug_package}
|
||||
chmod 644 lib/libvmod_*/*.c
|
||||
chmod 644 lib/libvmod_*/*.h
|
||||
|
||||
# selinux module for el6
|
||||
%if 0%{?rhel} == 6
|
||||
cd selinux
|
||||
make -f %{_datadir}/selinux/devel/Makefile
|
||||
install -p -m 644 -D varnish4.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/varnish4.pp
|
||||
%endif
|
||||
|
||||
|
||||
%files
|
||||
%{_sbindir}/*
|
||||
%{_bindir}/*
|
||||
@ -276,18 +279,9 @@ install -p -m 644 -D varnish4.pp %{buildroot}%{_datadir}/selinux/packages/%{name
|
||||
%config %{_sysconfdir}/ld.so.conf.d/varnish-%{_arch}.conf
|
||||
|
||||
|
||||
# systemd from fedora 17 and rhel 7
|
||||
%if 0%{?fedora} >= 17 || 0%{?rhel} >= 7
|
||||
%{_unitdir}/varnish.service
|
||||
%{_unitdir}/varnishncsa.service
|
||||
|
||||
# default is standard sysvinit
|
||||
%else
|
||||
%config(noreplace) %{_sysconfdir}/sysconfig/varnish
|
||||
%{_initrddir}/varnish
|
||||
%{_initrddir}/varnishncsa
|
||||
%endif
|
||||
|
||||
%files devel
|
||||
%license LICENSE
|
||||
%doc README.rst
|
||||
@ -302,10 +296,6 @@ install -p -m 644 -D varnish4.pp %{buildroot}%{_datadir}/selinux/packages/%{name
|
||||
%doc doc/html
|
||||
%doc doc/changes*.html
|
||||
|
||||
%if 0%{?rhel} == 6
|
||||
%files selinux
|
||||
%{_datadir}/selinux/packages/%{name}/varnish4.pp
|
||||
%endif
|
||||
|
||||
%pre
|
||||
getent group varnish >/dev/null || groupadd -r varnish
|
||||
@ -314,98 +304,180 @@ getent passwd varnish >/dev/null || \
|
||||
-c "Varnish Cache" varnish
|
||||
exit 0
|
||||
|
||||
|
||||
%post
|
||||
%if 0%{?fedora} >= 17 || 0%{?rhel} >= 7
|
||||
%systemd_post varnish.service
|
||||
|
||||
# Other distros: Use chkconfig
|
||||
%else
|
||||
/sbin/chkconfig --add varnish
|
||||
/sbin/chkconfig --add varnishncsa
|
||||
%endif
|
||||
|
||||
%systemd_post varnish varnishncsa
|
||||
/sbin/ldconfig
|
||||
|
||||
# Previous versions had varnishlog and varnishncsa running as root
|
||||
chown varnish:varnish /var/log/varnish/varnishncsa.log 2>/dev/null || true
|
||||
|
||||
test -f /etc/varnish/secret || (uuidgen > /etc/varnish/secret && chmod 0600 /etc/varnish/secret)
|
||||
|
||||
# selinux module for el6
|
||||
%if 0%{?rhel} == 6
|
||||
%post selinux
|
||||
if [ "$1" -le "1" ] ; then # First install
|
||||
semodule -i %{_datadir}/selinux/packages/%{name}/varnish4.pp 2>/dev/null || :
|
||||
fi
|
||||
|
||||
%preun selinux
|
||||
if [ "$1" -lt "1" ] ; then # Final removal
|
||||
semodule -r varnish4 2>/dev/null || :
|
||||
fi
|
||||
|
||||
%postun
|
||||
%if 0%{?fedora} >= 18 || 0%{?rhel} >= 7
|
||||
%systemd_postun_with_restart varnish.service
|
||||
%endif
|
||||
%systemd_postun_with_restart varnish varnishncsa
|
||||
/sbin/ldconfig
|
||||
|
||||
|
||||
%postun selinux
|
||||
if [ "$1" -ge "1" ] ; then # Upgrade
|
||||
semodule -i %{_datadir}/selinux/packages/%{name}/varnish4.pp 2>/dev/null || :
|
||||
fi
|
||||
|
||||
%endif
|
||||
|
||||
%preun
|
||||
|
||||
%if 0%{?fedora} >= 18 || 0%{?rhel} >= 7
|
||||
%systemd_preun varnish.service
|
||||
%else
|
||||
|
||||
if [ $1 -lt 1 ]; then
|
||||
# Package removal, not upgrade
|
||||
%if 0%{?fedora} >= 17 || 0%{?rhel} >= 7
|
||||
/bin/systemctl --no-reload disable varnish.service > /dev/null 2>&1 || :
|
||||
/bin/systemctl stop varnish.service > /dev/null 2>&1 || :
|
||||
/bin/systemctl stop varnishncsa.service > /dev/null 2>&1 || :
|
||||
%else
|
||||
/sbin/service varnish stop > /dev/null 2>&1
|
||||
/sbin/service varnishncsa stop > /dev/null 2>%1
|
||||
/sbin/chkconfig --del varnish
|
||||
/sbin/chkconfig --del varnishncsa
|
||||
%endif
|
||||
fi
|
||||
%endif
|
||||
%systemd_preun varnish varnishncsa
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Nov 14 2022 Luboš Uhliarik <luhliari@redhat.com> - 6.0.8-2.1
|
||||
- Resolves: #2142092 - CVE-2022-45060 varnish:6/varnish: Request Forgery
|
||||
Vulnerability
|
||||
* Tue Apr 16 2024 Luboš Uhliarik <luhliari@redhat.com> - 6.6.2-6
|
||||
- Resolves: RHEL-30337 - varnish: HTTP/2 Broken Window Attack may result
|
||||
in denial of service (CVE-2024-30156)
|
||||
|
||||
* Tue Feb 01 2022 Luboš Uhliarik <luhliari@redhat.com> - 6.0.8-2
|
||||
- Resolves: #2047650 - CVE-2022-23959 varnish:6/varnish: Varnish HTTP/1 Request
|
||||
Smuggling Vulnerability
|
||||
* Fri Oct 20 2023 Tomas Korbar <tkorbar@redhat.com> - 6.6.2-5
|
||||
- Add parameters h2_rst_allowance and h2_rst_allowance_period to mitigate CVE-2023-44487
|
||||
- Resolves: RHEL-12818
|
||||
|
||||
* Thu Jul 22 2021 Luboš Uhliarik <luhliari@redhat.com> - 6.0.8-1
|
||||
- new version 6.0.8
|
||||
- Resolves: #1982862 - CVE-2021-36740 varnish:6/varnish: HTTP/2 request
|
||||
smuggling attack via a large Content-Length header for a POST request
|
||||
* Mon Dec 05 2022 Luboš Uhliarik <luhliari@redhat.com> - 6.6.2-3
|
||||
- Resolves: #2142096 - CVE-2022-45060 varnish: Request Forgery Vulnerability
|
||||
|
||||
* Tue Apr 14 2020 Lubos Uhliarik <luhliari@redhat.com> - 6.0.6-2
|
||||
- new version 6.0.6
|
||||
- Resolves: #1795673 - RFE: rebase varnish:6 to latest 6.0.x LTS
|
||||
- Resolves: #1790907 - CVE-2019-20637 varnish: not clearing pointer between two
|
||||
client requests leads to information disclosure
|
||||
- Resolves: #1763958 - CVE-2019-15892 varnish:6/varnish: denial of service
|
||||
handling certain crafted HTTP/1 requests
|
||||
* Thu Feb 17 2022 Luboš Uhliarik <luhliari@redhat.com> - 6.6.2-2
|
||||
- new version 6.6.2
|
||||
- Resolves: #2007641 - rebase Varnish to 6.6.2
|
||||
|
||||
* Mon Oct 08 2018 Lubos Uhliarik <luhliari@redhat.com> - 6.0.2-1
|
||||
- new version 6.0.2 (#1633338)
|
||||
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 6.5.2-2
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
||||
* Wed Aug 01 2018 Luboš Uhliarik <luhliari@redhat.com> - 6.0.0-3
|
||||
- Resolves: #1591765 - varnish: Remove dependency on jemalloc
|
||||
* Wed Jul 21 2021 Luboš Uhliarik <luhliari@redhat.com> - 6.5.2-1
|
||||
- new version 6.5.2
|
||||
- Resolves: #1984185 - Rebase varnish to 6.5.2
|
||||
- Resolves: #1982858 - CVE-2021-36740 varnish: HTTP/2 request smuggling attack
|
||||
via a large Content-Length header for a POST request
|
||||
|
||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 6.5.1-5
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
|
||||
* Wed Feb 24 2021 Lubos Uhliarik <luhliari@redhat.com> - 6.5.1-4
|
||||
- Resolves: #1918406 - Drop jemalloc dependency in RHEL 9
|
||||
|
||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 6.5.1-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Thu Jan 21 2021 Ingvar Hagelund <ingvar@redpill-linpro.com> 6.5.1-2
|
||||
- Pulled support for el6
|
||||
- Pulled support for sysvinit
|
||||
- aarch64 builds now with jemalloc again on el7
|
||||
|
||||
* Fri Sep 25 2020 Ingvar Hagelund <ingvar@redpill-linpro.com> 6.5.1-1
|
||||
- New upstream release varnish-6.5.1
|
||||
|
||||
* Wed Sep 16 2020 Ingvar Hagelund <ingvar@redpill-linpro.com> 6.5.0-1
|
||||
- New upstream release varnish-6.5.0
|
||||
- Respun silly patch to get rid of compiler warnings on el6
|
||||
|
||||
* Tue Aug 04 2020 Ingvar Hagelund <ingvar@redpill-linpro.com> 6.4.0-4
|
||||
- Added -Wno-error=free-nonheap-object to CFLAGS to build on s390x
|
||||
|
||||
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 6.4.0-3
|
||||
- Second attempt - Rebuilt for
|
||||
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 6.4.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Mon Mar 16 2020 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.4.0-1
|
||||
- New upstream release
|
||||
- Respin patches for 6.4.0
|
||||
- Removed patches merged upstream
|
||||
- Deactivated a test on s390*. Too hard to get size and timing right
|
||||
|
||||
* Wed Feb 12 2020 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.3.2-3
|
||||
- Got corrected compilation fix patch from upstream
|
||||
|
||||
* Tue Feb 11 2020 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.3.2-2
|
||||
- Added simple compilation fix for gcc-10.0.1/s390x
|
||||
|
||||
* Tue Feb 11 2020 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.3.2-1
|
||||
- New upstream release, a security release. Includes fix for VSV00005
|
||||
- Added new checkout of pkg-varnish
|
||||
- Temporarily disable haproxy unit tests, as haproxy seems broken in rawhide
|
||||
|
||||
* Mon Feb 10 2020 Joe Orton <jorton@redhat.com> - 6.3.1-3
|
||||
- drop buildreq on (retired) vttest (#1800232)
|
||||
|
||||
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 6.3.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Tue Oct 22 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.3.1-1
|
||||
- New upstream release. A security release. Includes fix for VSV00004
|
||||
|
||||
* Fri Sep 20 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.3.0-2
|
||||
- Respin patch for el6
|
||||
|
||||
* Mon Sep 16 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.3.0-1
|
||||
- New upstream release
|
||||
|
||||
* Wed Sep 04 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.2.1-4
|
||||
- New upstream release. A security release. Includes fix for CVE-2019-15892
|
||||
|
||||
* Thu Aug 08 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.2.0-4
|
||||
- Pull in extra requirements to the build requirements to run more
|
||||
tests (on fedora: haproxy, vttest)
|
||||
|
||||
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 6.2.0-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Thu Apr 04 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.2.0-2
|
||||
- Run configure with LT_SYS_LIBRARY_PATH, removing the need for
|
||||
killing RPATH in libtool with sed and scattering LD_LIBRARY_PATH around
|
||||
with patches
|
||||
- Some explicit python version fixes needed for el7 python34 vs python36
|
||||
- aarch64 now builds with jemalloc again on fedora
|
||||
|
||||
* Fri Mar 15 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.2.0-1
|
||||
- New upstream release varnish-6.2
|
||||
- Removed patches merged upstream
|
||||
- Remove misc sed hacks for bugs that are fixed upstream
|
||||
- Added a patch for gcc-4.4 -Werror support on el6
|
||||
- Added a patch from upstream to fix too small thread pool stack in a test
|
||||
- Override macro __python to make brp-python-bytecompile choose python3
|
||||
- Explicitly use python-3.4
|
||||
- Switch to make_install macro
|
||||
- Better documentation of patches
|
||||
- Updated checkout of pkg-varnish-cache
|
||||
|
||||
* Thu Mar 07 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.1.1-5
|
||||
- Adding a patch based on upstream commits, fixing pcre-jit, see
|
||||
upstream bug 2912
|
||||
|
||||
* Thu Feb 14 2019 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.1.1-4
|
||||
- Adding a patch from upstream fixing a simple formatting bug on gcc-9
|
||||
|
||||
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 6.1.1-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Wed Nov 07 2018 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.1.1-2
|
||||
- Respun ld_library_path patch for varnish-6.1.1
|
||||
|
||||
* Wed Nov 07 2018 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.1.1-1
|
||||
- New upstream release
|
||||
|
||||
* Tue Nov 06 2018 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.1.0-3
|
||||
- Dropped the depricated external dependency generator in Fedora
|
||||
- Hard coded vmod, abi and vrt provides
|
||||
|
||||
* Fri Nov 02 2018 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.1.0-2
|
||||
- Added a patch to fix a failing test in the testsuite
|
||||
|
||||
* Fri Nov 02 2018 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.1.0-1
|
||||
- New upstream release
|
||||
- Respin patches for 6.1.0
|
||||
- Disable pcre-jit for now, ref upstream bug #2817
|
||||
|
||||
* Tue Oct 09 2018 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.0.1-3
|
||||
- Explicitly using utf8 under install on el6 and el7 for python quirks
|
||||
|
||||
* Tue Oct 09 2018 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.0.1-2
|
||||
- Explicitly using python3 on all targets
|
||||
|
||||
* Thu Sep 27 2018 Ingvar Hagelund <ingvar@redpill-linpro.com> - 6.0.1-1
|
||||
- New upstream release
|
||||
- Removed graphciz from BuildRequires. It is not used
|
||||
- Removed patch for fortify_source on el6. It is merged upstream
|
||||
- Small workaround for test suite problem with old readline/curses on el6
|
||||
- Supports bcond_with python3, for simpler future deprication of python2
|
||||
- Added -fno-exceptions to CFLAGS on el6, see upstream issue #2793
|
||||
|
||||
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 6.0.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
11
varnishlog.service
Normal file
11
varnishlog.service
Normal file
@ -0,0 +1,11 @@
|
||||
[Unit]
|
||||
Description=Varnish HTTP accelerator logging daemon
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
PIDFile=/run/varnishlog.pid
|
||||
ExecStart=/usr/bin/varnishlog -a -w /var/log/varnish/varnish.log -D -P /run/varnishlog.pid
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
11
varnishncsa.service
Normal file
11
varnishncsa.service
Normal file
@ -0,0 +1,11 @@
|
||||
[Unit]
|
||||
Description=Varnish NCSA logging
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
PIDFile=/run/varnishncsa.pid
|
||||
ExecStart=/usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log -D -P /run/varnishncsa.pid
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in New Issue
Block a user