Compare commits

...

No commits in common. "c8-stream-6" and "stream-varnish-6-rhel-8.10.0" have entirely different histories.

30 changed files with 970 additions and 115 deletions

3
.gitignore vendored
View File

@ -1,2 +1,5 @@
SOURCES/pkg-varnish-cache-0ad2f22.tar.gz
SOURCES/varnish-6.0.8.tgz
/pkg-varnish-cache-0ad2f22.tar.gz
/varnish-6.0.8.tgz
/varnish-6.0.13.tgz

View File

@ -1,2 +0,0 @@
db2cd6c296e7f19d65c09e642b7011338d9d0e04 SOURCES/pkg-varnish-cache-0ad2f22.tar.gz
7c5e50eabcd3c0ddb6c463ba4645678a2f71233a SOURCES/varnish-6.0.8.tgz

View File

@ -1,85 +0,0 @@
diff --git a/bin/varnishd/http2/cache_http2_hpack.c b/bin/varnishd/http2/cache_http2_hpack.c
index d432629..b0dacb9 100644
--- a/bin/varnishd/http2/cache_http2_hpack.c
+++ b/bin/varnishd/http2/cache_http2_hpack.c
@@ -93,18 +93,25 @@ static h2_error
h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
{
/* XXX: This might belong in cache/cache_http.c */
+ const char *b0;
unsigned n;
+ int disallow_empty;
+ char *p;
+ int i;
CHECK_OBJ_NOTNULL(hp, HTTP_MAGIC);
AN(b);
assert(namelen >= 2); /* 2 chars from the ': ' that we added */
assert(namelen <= len);
+
+ disallow_empty = 0;
if (len > UINT_MAX) { /* XXX: cache_param max header size */
VSLb(hp->vsl, SLT_BogoHeader, "Header too large: %.20s", b);
return (H2SE_ENHANCE_YOUR_CALM);
}
+ b0 = b;
if (b[0] == ':') {
/* Match H/2 pseudo headers */
/* XXX: Should probably have some include tbl for
@@ -113,10 +120,24 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
b += namelen;
len -= namelen;
n = HTTP_HDR_METHOD;
+ disallow_empty = 1;
+
+ /* First field cannot contain SP or CTL */
+ for (p = b, i = 0; i < len; p++, i++) {
+ if (vct_issp(*p) || vct_isctl(*p))
+ return (H2SE_PROTOCOL_ERROR);
+ }
} else if (!strncmp(b, ":path: ", namelen)) {
b += namelen;
len -= namelen;
n = HTTP_HDR_URL;
+ disallow_empty = 1;
+
+ /* Second field cannot contain LWS or CTL */
+ for (p = b, i = 0; i < len; p++, i++) {
+ if (vct_islws(*p) || vct_isctl(*p))
+ return (H2SE_PROTOCOL_ERROR);
+ }
} else if (!strncmp(b, ":scheme: ", namelen)) {
/* XXX: What to do about this one? (typically
"http" or "https"). For now set it as a normal
@@ -124,6 +145,15 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
b++;
len-=1;
n = hp->nhd;
+
+ for (p = b + namelen, i = 0; i < len-namelen;
+ p++, i++) {
+ if (vct_issp(*p) || vct_isctl(*p))
+ return (H2SE_PROTOCOL_ERROR);
+ }
+
+ if (!i)
+ return (H2SE_PROTOCOL_ERROR);
} else if (!strncmp(b, ":authority: ", namelen)) {
b+=6;
len-=6;
@@ -160,6 +190,13 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
hp->hd[n].b = b;
hp->hd[n].e = b + len;
+ if (disallow_empty && !Tlen(hp->hd[n])) {
+ VSLb(hp->vsl, SLT_BogoHeader,
+ "Empty pseudo-header %.*s",
+ (int)namelen, b0);
+ return (H2SE_PROTOCOL_ERROR);
+ }
+
return (0);
}

View File

@ -1,13 +0,0 @@
diff --git a/bin/varnishd/cache/cache_req_body.c b/bin/varnishd/cache/cache_req_body.c
index 463b75b..982bd73 100644
--- a/bin/varnishd/cache/cache_req_body.c
+++ b/bin/varnishd/cache/cache_req_body.c
@@ -254,6 +254,8 @@ VRB_Ignore(struct req *req)
if (req->req_body_status == REQ_BODY_WITH_LEN ||
req->req_body_status == REQ_BODY_WITHOUT_LEN)
(void)VRB_Iterate(req, httpq_req_body_discard, NULL);
+ if (req->req_body_status == REQ_BODY_FAIL)
+ req->doclose = SC_RX_BODY;
return(0);
}

9
gating.yaml Normal file
View File

@ -0,0 +1,9 @@
--- !Policy
product_versions:
- rhel-9
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier2.functional}
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier3.functional}
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.acceptance-tier.functional}

2
sources Normal file
View File

@ -0,0 +1,2 @@
SHA512 (varnish-6.0.13.tgz) = 3bdb4f04bdb22789ebe04a1e57dc814a7d7e642456cce2696f7e05fe557a277f18d5dc4a2df22a27fa9445447af3356ebdb3c5d63c01bb32d9bff7881aa8a703
SHA512 (pkg-varnish-cache-0ad2f22.tar.gz) = b66c05f74f9bd62ddf16ab3e7904f4e74993bd1406aaebf20d4dca840198430da9f5e746af22778f1a73063113ac19b6f8127d77ff71c30c246fd5fab5ed78da

View File

@ -0,0 +1,11 @@
--- redhat/find-provides.orig 2015-10-04 16:55:34.057574682 +0200
+++ redhat/find-provides 2015-10-04 16:56:04.120280796 +0200
@@ -9,8 +9,6 @@
/usr/lib/rpm/find-provides "$@"
fi
-# We don't install vcs_version.h, so we can't use RPM_BUILD_ROOT directly.
-cd /builddir/build/BUILD/varnish* || true
cd ${RPM_BUILD_ROOT}/../../BUILD/varnish* || true
printf '#include "vcs_version.h"\nVCS_Version\n' \

View File

@ -0,0 +1,66 @@
From 17c92e43fda114bf5341e51d752e882238b8fe8c Mon Sep 17 00:00:00 2001
From: Nils Goroll <nils.goroll@uplex.de>
Date: Thu, 5 Oct 2017 13:39:23 +0200
Subject: [PATCH] hack up vsctool to work with python 2 and 3
StringIO does not exist any more in python3, yet requiring 2.7 would
not pave the path forward, so try to be compatible with both.
Works for me on Python 2.7.9 and Python 3.4
I would appreciate if someone more fluent in serpentinous programming
language reviewed and/or rewrote this.
---
lib/libvcc/vsctool.py | 24 ++++++++++++++++++++----
1 file changed, 20 insertions(+), 4 deletions(-)
diff --git a/lib/libvcc/vsctool.py b/lib/libvcc/vsctool.py
index 854968e3b..829c6e518 100644
--- a/lib/libvcc/vsctool.py
+++ b/lib/libvcc/vsctool.py
@@ -37,7 +37,10 @@
import json
import sys
import gzip
-import StringIO
+try:
+ import StringIO
+except ImportError:
+ import io
import collections
import struct
@@ -54,9 +57,22 @@
"format": [ "integer", FORMATS],
}
+# http://python3porting.com/problems.html#bytes-strings-and-unicode
+if sys.version_info < (3,):
+ def b(x):
+ return x
+else:
+ import codecs
+ def b(x):
+ return codecs.latin_1_encode(x)[0]
+
def gzip_str(s):
- out = StringIO.StringIO()
- gzip.GzipFile(fileobj=out, mode="w").write(s)
+ try:
+ out = StringIO.StringIO()
+ except NameError:
+ out = io.BytesIO()
+
+ gzip.GzipFile(fileobj=out, mode="w").write(b(s))
out.seek(4)
out.write(struct.pack("<L", 0x12bfd58))
return out.getvalue()
@@ -285,7 +301,7 @@ class rst_vsc(directive):
def __init__(self, s):
super(rst_vsc, self).__init__(s)
- for i,v in PARAMS.iteritems():
+ for i,v in PARAMS.items():
if v is not True:
self.do_default(i, v[0], v[1])

View File

@ -0,0 +1,96 @@
Based on fix for upstream bug #2668, see
https://github.com/varnishcache/varnish-cache/commit/9bdc5f75d661a1659c4df60799612a7524a6caa7
diff -Naur ../varnish-6.0.1.orig/bin/varnishtest/gensequences ./bin/varnishtest/gensequences
--- ../varnish-6.0.1.orig/bin/varnishtest/gensequences 2018-08-29 11:48:32.000000000 +0200
+++ ./bin/varnishtest/gensequences 2018-09-27 12:18:20.946853383 +0200
@@ -149,6 +149,7 @@
if (l_prefix_name[p] != "teken_state_init") {
print "";
+ print "\tt->t_last = 0;";
print "\tteken_state_switch(t, teken_state_init);";
}
print "}";
diff -Naur ../varnish-6.0.1.orig/bin/varnishtest/sequences ./bin/varnishtest/sequences
--- ../varnish-6.0.1.orig/bin/varnishtest/sequences 2018-08-29 11:48:32.000000000 +0200
+++ ./bin/varnishtest/sequences 2018-09-27 12:18:50.193581932 +0200
@@ -113,3 +113,6 @@
# VT52 compatibility
#DECID VT52 DECID ^[ Z
+
+# ECMA-48
+REP Repeat last graphic char ^[ [ b n
diff -Naur ../varnish-6.0.1.orig/bin/varnishtest/teken.h ./bin/varnishtest/teken.h
--- ../varnish-6.0.1.orig/bin/varnishtest/teken.h 2018-08-29 11:48:32.000000000 +0200
+++ ./bin/varnishtest/teken.h 2018-09-27 12:18:20.947853442 +0200
@@ -153,6 +153,7 @@
unsigned int t_utf8_left;
teken_char_t t_utf8_partial;
+ teken_char_t t_last;
unsigned int t_curscs;
teken_scs_t *t_saved_curscs;
diff -Naur ../varnish-6.0.1.orig/bin/varnishtest/teken_subr.h ./bin/varnishtest/teken_subr.h
--- ../varnish-6.0.1.orig/bin/varnishtest/teken_subr.h 2018-08-29 11:48:32.000000000 +0200
+++ ./bin/varnishtest/teken_subr.h 2018-09-27 12:18:20.947853442 +0200
@@ -777,10 +777,11 @@
}
static void
-teken_subr_do_putchar(const teken_t *t, const teken_pos_t *tp, teken_char_t c,
+teken_subr_do_putchar(teken_t *t, const teken_pos_t *tp, teken_char_t c,
int width)
{
+ t->t_last = c;
if (t->t_stateflags & TS_INSERT &&
tp->tp_col < t->t_winsize.tp_col - width) {
teken_rect_t ctr;
@@ -1313,3 +1314,12 @@
t->t_stateflags &= ~TS_WRAPPED;
teken_funcs_cursor(t);
}
+
+static void
+teken_subr_repeat_last_graphic_char(teken_t *t, unsigned int rpts)
+{
+
+ for (; t->t_last != 0 && rpts > 0; rpts--)
+ teken_subr_regular_character(t, t->t_last);
+}
+
diff -Naur ../varnish-6.0.1.orig/bin/varnishtest/tests/a00001.vtc ./bin/varnishtest/tests/a00001.vtc
--- ../varnish-6.0.1.orig/bin/varnishtest/tests/a00001.vtc 2018-08-29 11:48:32.000000000 +0200
+++ ./bin/varnishtest/tests/a00001.vtc 2018-09-27 12:18:20.948853501 +0200
@@ -204,6 +204,27 @@
process p4 -expect-text 21 11 "Enter choice number (0 - 12):"
process p4 -screen_dump
+# 11. Test non-VT100 (e.g., VT220, XTERM) terminals
+process p4 -writehex "31 31 0d"
+process p4 -expect-text 0 0 "Menu 11: Non-VT100 Tests"
+
+process p4 -writehex "37 0d"
+process p4 -expect-text 0 0 "Menu 11.7: Miscellaneous ISO-6429 (ECMA-48) Tests"
+
+process p4 -writehex "32 0d"
+process p4 -expect-text 0 0 "Push <RETURN>"
+process p4 -screen_dump
+process p4 -expect-text 20 1 "Test Repeat (REP)"
+process p4 -expect-text 1 1 " ++ "
+process p4 -expect-text 2 2 " ++ "
+process p4 -expect-text 17 17 " ++ "
+process p4 -expect-text 18 18 "*++*"
+process p4 -writehex "0d"
+process p4 -expect-text 0 0 "Menu 11.7: Miscellaneous ISO-6429 (ECMA-48) Tests"
+process p4 -writehex "30 0d"
+process p4 -expect-text 0 0 "Menu 11: Non-VT100 Tests"
+process p4 -writehex "30 0d"
+
# 0. Exit
process p4 -writehex "30 0d"
process p4 -expect-text 12 30 "That's all, folks!"

View File

@ -0,0 +1,53 @@
--- doc/sphinx/Makefile.in.orig 2018-11-02 14:53:14.812956915 +0100
+++ doc/sphinx/Makefile.in 2018-11-02 14:54:31.575517733 +0100
@@ -642,9 +642,11 @@
rm -rf $(BUILDDIR)
include/cli.rst: $(top_builddir)/bin/varnishd/varnishd
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishd/varnishd -x cli > $@
include/params.rst: $(top_builddir)/bin/varnishd/varnishd
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishd/varnishd -x parameter > $@
include/counters.rst: $(top_srcdir)/lib/libvcc/vsctool.py $(COUNTERS)
@@ -656,28 +658,38 @@
# XXX add varnishstat here when it's been _opt2rst'ed
include/varnishncsa_options.rst: $(top_builddir)/bin/varnishncsa/varnishncsa
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishncsa/varnishncsa --options > $@
include/varnishncsa_synopsis.rst: $(top_builddir)/bin/varnishncsa/varnishncsa
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishncsa/varnishncsa --synopsis > $@
include/varnishlog_options.rst: $(top_builddir)/bin/varnishlog/varnishlog
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishlog/varnishlog --options > $@
include/varnishlog_synopsis.rst: $(top_builddir)/bin/varnishlog/varnishlog
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishlog/varnishlog --synopsis > $@
include/varnishtop_options.rst: $(top_builddir)/bin/varnishtop/varnishtop
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishtop/varnishtop --options > $@
include/varnishtop_synopsis.rst: $(top_builddir)/bin/varnishtop/varnishtop
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishtop/varnishtop --synopsis > $@
include/varnishhist_options.rst: $(top_builddir)/bin/varnishhist/varnishhist
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishhist/varnishhist --options > $@
include/varnishhist_synopsis.rst: $(top_builddir)/bin/varnishhist/varnishhist
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishhist/varnishhist --synopsis > $@
include/varnishstat_options.rst: $(top_builddir)/bin/varnishstat/varnishstat
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishstat/varnishstat --options > $@
include/varnishstat_synopsis.rst: $(top_builddir)/bin/varnishstat/varnishstat
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishstat/varnishstat --synopsis > $@
include/vsl-tags.rst: $(top_builddir)/lib/libvarnishapi/vsl2rst

View File

@ -0,0 +1,13 @@
--- bin/varnishtest/tests/u00008.vtc.orig 2018-11-02 16:06:40.731680282 +0100
+++ bin/varnishtest/tests/u00008.vtc 2018-11-02 16:07:21.587092836 +0100
@@ -38,8 +38,8 @@
process p1 -screen_dump
process p1 -winsz 25 132
-process p1 -expect-text 4 124 "AVG_1000"
-process p1 -expect-text 22 108 "UNSEEN DIAG"
+process p1 -expect-text 4 0 "AVG_1000"
+process p1 -expect-text 22 0 "UNSEEN DIAG"
process p1 -screen_dump -write {q} -wait

View File

@ -0,0 +1,115 @@
This patch is a fix for memory issues with
pcre-jit, see upstream bug report at
https://github.com/varnishcache/varnish-cache/issues/2817
The patch is based on upstream commits
a3129a5340566d17192de8058a9c1dbb051a7039
683b7cbe8cde1dde8f9e516a354b82430f1d318e
1226e77f9501c56976635c714c99d84f417aa5d2
diff -Naur a/bin/varnishd/cache/cache_panic.c b/bin/varnishd/cache/cache_panic.c
--- a/bin/varnishd/cache/cache_panic.c 2018-10-24 11:29:10.000000000 +0200
+++ b/bin/varnishd/cache/cache_panic.c 2019-03-07 16:27:16.592441674 +0100
@@ -601,6 +601,33 @@
VSB_indent(vsb, -2);
}
+#ifdef HAVE_PTHREAD_GETATTR_NP
+static void
+pan_threadattr(struct vsb *vsb)
+{
+ pthread_attr_t attr[1];
+ size_t sz;
+ void *addr;
+
+ if (pthread_getattr_np(pthread_self(), attr) != 0)
+ return;
+
+ VSB_cat(vsb, "pthread.attr = {\n");
+ VSB_indent(vsb, 2);
+
+ if (pthread_attr_getguardsize(attr, &sz) == 0)
+ VSB_printf(vsb, "guard = %zu,\n", sz);
+ if (pthread_attr_getstack(attr, &addr, &sz) == 0) {
+ VSB_printf(vsb, "stack_bottom = %p,\n", addr);
+ VSB_printf(vsb, "stack_top = %p,\n", (char *)addr + sz);
+ VSB_printf(vsb, "stack_size = %zu,\n", sz);
+ }
+ VSB_indent(vsb, -2);
+ VSB_cat(vsb, "}\n");
+ (void) pthread_attr_destroy(attr);
+}
+#endif
+
/*--------------------------------------------------------------------*/
static void __attribute__((__noreturn__))
@@ -673,6 +700,10 @@
if (q != NULL)
VSB_printf(pan_vsb, "thread = (%s)\n", q);
+#ifdef HAVE_PTHREAD_GETATTR_NP
+ pan_threadattr(pan_vsb);
+#endif
+
if (!FEATURE(FEATURE_SHORT_PANIC)) {
req = THR_GetRequest();
VSB_cat(pan_vsb, "thr.");
diff -Naur a/bin/varnishd/mgt/mgt_param.c b/bin/varnishd/mgt/mgt_param.c
--- a/bin/varnishd/mgt/mgt_param.c 2018-10-24 11:29:10.000000000 +0200
+++ b/bin/varnishd/mgt/mgt_param.c 2019-03-07 16:27:16.594441699 +0100
@@ -494,6 +494,8 @@
MCF_TcpParams();
+ def = 56 * 1024;
+
if (sizeof(void *) < 8) { /*lint !e506 !e774 */
/*
* Adjust default parameters for 32 bit systems to conserve
@@ -505,20 +507,16 @@
MCF_ParamConf(MCF_DEFAULT, "http_req_size", "12k");
MCF_ParamConf(MCF_DEFAULT, "gzip_buffer", "4k");
MCF_ParamConf(MCF_MAXIMUM, "vsl_space", "1G");
+ def = 48 * 1024;
}
-#if !defined(HAVE_ACCEPT_FILTERS) || defined(__linux)
- MCF_ParamConf(MCF_DEFAULT, "accept_filter", "off");
-#endif
-
low = sysconf(_SC_THREAD_STACK_MIN);
MCF_ParamConf(MCF_MINIMUM, "thread_pool_stack", "%jdb", (intmax_t)low);
#if defined(__SANITIZER) || __has_feature(address_sanitizer)
def = 92 * 1024;
-#else
- def = 48 * 1024;
#endif
+
if (def < low)
def = low;
MCF_ParamConf(MCF_DEFAULT, "thread_pool_stack", "%jdb", (intmax_t)def);
@@ -529,6 +527,10 @@
MCF_ParamConf(MCF_MAXIMUM, "thread_pools", "%d", MAX_THREAD_POOLS);
+#if !defined(HAVE_ACCEPT_FILTERS) || defined(__linux)
+ MCF_ParamConf(MCF_DEFAULT, "accept_filter", "off");
+#endif
+
VCLS_AddFunc(mgt_cls, MCF_AUTH, cli_params);
vsb = VSB_new_auto();
diff -Naur a/configure.ac b/configure.ac
--- a/configure.ac 2018-10-26 13:22:45.000000000 +0200
+++ b/configure.ac 2019-03-07 16:27:16.592441674 +0100
@@ -239,6 +239,7 @@
AC_CHECK_FUNCS([pthread_set_name_np])
AC_CHECK_FUNCS([pthread_setname_np])
AC_CHECK_FUNCS([pthread_mutex_isowned_np])
+AC_CHECK_FUNCS([pthread_getattr_np])
LIBS="${save_LIBS}"
# Support for visibility attribute

View File

@ -0,0 +1,68 @@
--- doc/sphinx/Makefile.in.orig 2018-11-06 16:46:59.403632379 +0100
+++ doc/sphinx/Makefile.in 2018-11-06 16:48:28.011784013 +0100
@@ -643,10 +643,12 @@
rm -rf $(BUILDDIR)
include/cli.rst: $(top_builddir)/bin/varnishd/varnishd
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishd/varnishd -x cli > ${@}_
mv ${@}_ ${@}
include/params.rst: $(top_builddir)/bin/varnishd/varnishd
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishd/varnishd -x parameter > ${@}_
mv ${@}_ ${@}
@@ -660,41 +662,52 @@
# XXX add varnishstat here when it's been _opt2rst'ed
include/varnishncsa_options.rst: $(top_builddir)/bin/varnishncsa/varnishncsa
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishncsa/varnishncsa --options > ${@}_
mv ${@}_ ${@}
include/varnishncsa_synopsis.rst: $(top_builddir)/bin/varnishncsa/varnishncsa
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishncsa/varnishncsa --synopsis > ${@}_
mv ${@}_ ${@}
include/varnishlog_options.rst: $(top_builddir)/bin/varnishlog/varnishlog
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishlog/varnishlog --options > ${@}_
mv ${@}_ ${@}
include/varnishlog_synopsis.rst: $(top_builddir)/bin/varnishlog/varnishlog
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishlog/varnishlog --synopsis > ${@}_
mv ${@}_ ${@}
include/varnishtop_options.rst: $(top_builddir)/bin/varnishtop/varnishtop
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishtop/varnishtop --options > ${@}_
mv ${@}_ ${@}
include/varnishtop_synopsis.rst: $(top_builddir)/bin/varnishtop/varnishtop
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishtop/varnishtop --synopsis > ${@}_
mv ${@}_ ${@}
include/varnishhist_options.rst: $(top_builddir)/bin/varnishhist/varnishhist
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishhist/varnishhist --options > ${@}_
mv ${@}_ ${@}
include/varnishhist_synopsis.rst: $(top_builddir)/bin/varnishhist/varnishhist
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishhist/varnishhist --synopsis > ${@}_
mv ${@}_ ${@}
include/varnishstat_options.rst: $(top_builddir)/bin/varnishstat/varnishstat
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishstat/varnishstat --options > ${@}_
mv ${@}_ ${@}
include/varnishstat_synopsis.rst: $(top_builddir)/bin/varnishstat/varnishstat
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/bin/varnishstat/varnishstat --synopsis > ${@}_
mv ${@}_ ${@}
include/vsl-tags.rst: $(top_builddir)/lib/libvarnishapi/vsl2rst
+ LD_LIBRARY_PATH=$(top_builddir)/lib/libvarnishapi/.libs \
$(top_builddir)/lib/libvarnishapi/vsl2rst > ${@}_
mv ${@}_ ${@}
include/vtc-syntax.rst: vtc-syntax.py $(VTCSYN_SRC)

View File

@ -0,0 +1,39 @@
commit 7119d790b590e7fb560ad602cedfda5185c7e841
Author: Poul-Henning Kamp <phk@FreeBSD.org>
Date: Fri Jan 11 10:26:44 2019 +0000
Avoid printing %s,NULL in case of errors we do not expect.
Fixes #2879
diff --git a/lib/libvarnish/vnum.c b/lib/libvarnish/vnum.c
index b619199c6..59e804ec8 100644
--- a/lib/libvarnish/vnum.c
+++ b/lib/libvarnish/vnum.c
@@ -349,15 +349,17 @@ main(int argc, char *argv[])
for (tc = test_cases; tc->str; ++tc) {
e = VNUM_2bytes(tc->str, &val, tc->rel);
- if (e != tc->err) {
- printf("%s: VNUM_2bytes(\"%s\", %ju) (%s) != (%s)\n",
- *argv, tc->str, tc->rel, tc->err, e);
- ++ec;
- } else if (e == NULL && val != tc->val) {
- printf("%s: VNUM_2bytes(\"%s\", %ju) %ju != %ju (%s)\n",
- *argv, tc->str, tc->rel, val, tc->val, e);
- ++ec;
- }
+ if (e != NULL)
+ val = 0;
+ if (e == tc->err && val == tc->val)
+ continue;
+ ++ec;
+ printf("%s: VNUM_2bytes(\"%s\", %ju)\n",
+ *argv, tc->str, tc->rel);
+ printf("\tExpected:\tstatus %s - value %ju\n",
+ tc->err ? tc->err : "Success", tc->val);
+ printf("\tGot:\t\tstatus %s - value %ju\n",
+ e ? e : "Success", val);
}
if (!isnan(VNUM_duration(NULL))) {
printf("%s: VNUM_Duration(NULL) fail\n", *argv);

View File

@ -0,0 +1,73 @@
--- bin/varnishtest/vtc_main.c.orig 2019-03-15 12:31:56.999877378 +0100
+++ bin/varnishtest/vtc_main.c 2019-03-15 12:33:07.679889311 +0100
@@ -228,7 +228,7 @@
assert(cleaner_pid >= 0);
if (cleaner_pid == 0) {
closefd(&p[1]);
- (void)nice(1); /* Not important */
+ if (nice(1)) 1; /* Not important */
setbuf(stdin, NULL);
AZ(dup2(p[0], STDIN_FILENO));
while (fgets(buf, sizeof buf, stdin)) {
--- lib/libvarnishapi/vsm.c.orig 2019-03-18 13:24:01.377237092 +0100
+++ lib/libvarnishapi/vsm.c 2019-03-18 13:24:42.765783845 +0100
@@ -682,18 +682,18 @@
VSM_ResetError(vd);
if (u & VSM_MGT_RUNNING) {
if (progress >= 0 && n > 4)
- (void)write(progress, "\n", 1);
+ if (write(progress, "\n", 1)) 1;
vd->attached = 1;
return (0);
}
if (t0 < VTIM_mono()) {
if (progress >= 0 && n > 4)
- (void)write(progress, "\n", 1);
+ if (write(progress, "\n", 1)) 1;
return (vsm_diag(vd,
"Could not get hold of varnishd, is it running?"));
}
if (progress >= 0 && !(++n % 4))
- (void)write(progress, ".", 1);
+ if (write(progress, ".", 1)) 1;
VTIM_sleep(.25);
}
return (vsm_diag(vd, "Attach interrupted"));
--- bin/varnishd/http1/cache_http1_deliver.c.orig 2019-03-18 13:30:43.262546105 +0100
+++ bin/varnishd/http1/cache_http1_deliver.c 2019-03-18 14:12:48.980850397 +0100
@@ -74,7 +74,7 @@
VSLb(req->vsl, SLT_RespReason, "Internal Server Error");
req->wrk->stats->client_resp_500++;
- (void)write(req->sp->fd, r_500, sizeof r_500 - 1);
+ if (write(req->sp->fd, r_500, sizeof r_500 - 1)) 0;
req->doclose = SC_TX_EOF;
}
--- ./bin/varnishd/mgt/mgt_param.c.orig 2019-03-18 14:48:56.084720420 +0100
+++ ./bin/varnishd/mgt/mgt_param.c 2019-03-18 14:51:25.867836687 +0100
@@ -802,11 +802,11 @@
t2 = strchr(t1 + 1, '\t');
AN(t2);
printf("\n\t*");
- (void)fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout);
+ if (fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout)) 1;
printf("*\n\t\t");
p = t2 + 1;
}
- (void)fwrite(p, q - p, 1, stdout);
+ if (fwrite(p, q - p, 1, stdout)) 1;
p = q;
if (*p == '\n') {
printf("\n");
--- ./bin/varnishd/proxy/cache_proxy_proto.c.orig 2019-03-18 14:54:18.257283901 +0100
+++ ./bin/varnishd/proxy/cache_proxy_proto.c 2019-03-18 14:54:47.119693630 +0100
@@ -669,7 +669,7 @@
WRONG("Wrong proxy version");
AZ(VSB_finish(vsb));
- (void)write(fd, VSB_data(vsb), VSB_len(vsb));
+ if (write(fd, VSB_data(vsb), VSB_len(vsb))) 1;
if (!DO_DEBUG(DBG_PROTOCOL)) {
VSB_delete(vsb);
return;

View File

@ -0,0 +1,40 @@
commit 88948d982bcd165e05967d2a9c8684eb9f9cbd01
Author: Nils Goroll <nils.goroll@uplex.de>
Date: Wed Mar 20 11:24:33 2019 +0100
Change the stack overflow test to 128kb stacksize
on ppc64 fedora, the thread_pool_stack minimum is 128kb due to
sysconf(_SC_THREAD_STACK_MIN) = 131072
It does not harm the test to use a larger stacksize, so we adjust it to
this requirement for consistency and simplicity
diff --git a/bin/varnishtest/tests/c00057.vtc b/bin/varnishtest/tests/c00057.vtc
index 5118c79a0..be6569d24 100644
--- a/bin/varnishtest/tests/c00057.vtc
+++ b/bin/varnishtest/tests/c00057.vtc
@@ -12,7 +12,7 @@ server s1 {
varnish v1 \
-arg "-p feature=+no_coredump" \
-arg "-p vcc_allow_inline_c=true" \
- -arg "-p thread_pool_stack=48k" \
+ -arg "-p thread_pool_stack=128k" \
-vcl+backend {
C{
#include <signal.h>
@@ -27,11 +27,12 @@ void (*accessor)(volatile char *p) = _accessor;
}C
sub vcl_recv { C{
+ const int stkkb = 128;
int i;
- volatile char overflow[48*1024];
+ volatile char overflow[stkkb * 1024];
/* for downwards stack, take care to hit a single guard page */
- for (i = 47*1024; i >= 0; i -= 1024)
+ for (i = (stkkb - 1) * 1024; i >= 0; i -= 1024)
accessor(overflow + i);
/* NOTREACHED */
sleep(2);

View File

@ -0,0 +1,79 @@
diff -Naur varnish-6.3.0.orig/bin/varnishd/http1/cache_http1_deliver.c varnish-6.3.0/bin/varnishd/http1/cache_http1_deliver.c
--- varnish-6.3.0.orig/bin/varnishd/http1/cache_http1_deliver.c 2019-09-16 10:24:15.000000000 +0200
+++ varnish-6.3.0/bin/varnishd/http1/cache_http1_deliver.c 2019-09-20 08:59:52.609482627 +0200
@@ -74,7 +74,7 @@
VSLb(req->vsl, SLT_RespReason, "Internal Server Error");
req->wrk->stats->client_resp_500++;
- (void)write(req->sp->fd, r_500, sizeof r_500 - 1);
+ if (write(req->sp->fd, r_500, sizeof r_500 - 1)) 0;
req->doclose = SC_TX_EOF;
}
diff -Naur varnish-6.3.0.orig/bin/varnishd/mgt/mgt_param.c varnish-6.3.0/bin/varnishd/mgt/mgt_param.c
--- varnish-6.3.0.orig/bin/varnishd/mgt/mgt_param.c 2019-09-16 10:24:15.000000000 +0200
+++ varnish-6.3.0/bin/varnishd/mgt/mgt_param.c 2019-09-20 09:01:38.866609297 +0200
@@ -805,11 +805,11 @@
t2 = strchr(t1 + 1, '\t');
AN(t2);
printf("\n\t*");
- (void)fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout);
+ if (fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout)) 1;
printf("*\n\t\t");
p = t2 + 1;
}
- (void)fwrite(p, q - p, 1, stdout);
+ if(fwrite(p, q - p, 1, stdout)) 1;
p = q;
if (*p == '\n') {
printf("\n");
diff -Naur varnish-6.3.0.orig/bin/varnishd/proxy/cache_proxy_proto.c varnish-6.3.0/bin/varnishd/proxy/cache_proxy_proto.c
--- varnish-6.3.0.orig/bin/varnishd/proxy/cache_proxy_proto.c 2019-09-16 10:24:15.000000000 +0200
+++ varnish-6.3.0/bin/varnishd/proxy/cache_proxy_proto.c 2019-09-20 09:02:55.762424644 +0200
@@ -645,7 +645,7 @@
WRONG("Wrong proxy version");
AZ(VSB_finish(vsb));
- (void)VSB_tofile(fd, vsb); // XXX: Error handling ?
+ if (VSB_tofile(fd, vsb)) 1; // XXX: Error handling ?
if (!DO_DEBUG(DBG_PROTOCOL)) {
VSB_delete(vsb);
return;
diff -Naur varnish-6.3.0.orig/bin/varnishtest/vtc_main.c varnish-6.3.0/bin/varnishtest/vtc_main.c
--- varnish-6.3.0.orig/bin/varnishtest/vtc_main.c 2019-09-16 10:24:15.000000000 +0200
+++ varnish-6.3.0/bin/varnishtest/vtc_main.c 2019-09-20 08:56:45.639506046 +0200
@@ -230,7 +230,7 @@
assert(cleaner_pid >= 0);
if (cleaner_pid == 0) {
closefd(&p[1]);
- (void)nice(1); /* Not important */
+ if (nice(1)) 1;
setbuf(stdin, NULL);
AZ(dup2(p[0], STDIN_FILENO));
while (fgets(buf, sizeof buf, stdin)) {
diff -Naur varnish-6.3.0.orig/lib/libvarnishapi/vsm.c varnish-6.3.0/lib/libvarnishapi/vsm.c
--- varnish-6.3.0.orig/lib/libvarnishapi/vsm.c 2019-09-16 10:24:19.000000000 +0200
+++ varnish-6.3.0/lib/libvarnishapi/vsm.c 2019-09-20 10:36:02.434763755 +0200
@@ -763,18 +763,18 @@
VSM_ResetError(vd);
if (u & VSM_MGT_RUNNING) {
if (progress >= 0 && n > 4)
- (void)write(progress, "\n", 1);
+ if (!write(progress, "\n", 1)) return (vsm_diag(vd, "Unable to write progress"));
vd->attached = 1;
return (0);
}
if (t0 < VTIM_mono()) {
if (progress >= 0 && n > 4)
- (void)write(progress, "\n", 1);
+ if (!write(progress, "\n", 1)) return (vsm_diag(vd, "Unable to write progress"));
return (vsm_diag(vd,
"Could not get hold of varnishd, is it running?"));
}
if (progress >= 0 && !(++n % 4))
- (void)write(progress, ".", 1);
+ if (!write(progress, ".", 1)) return (vsm_diag(vd, "Unable to write progress"));
VTIM_sleep(.25);
}
return (vsm_diag(vd, "Attach interrupted"));

View File

@ -0,0 +1,19 @@
commit b0af060fb688b8fc2ff3817ea99430432668b291
Author: Ingvar Hagelund <ingvar@redpill-linpro.com>
Date: Tue Feb 11 12:56:54 2020 +0100
simple fix for fedora/gcc-10.0.1: -Werror=format-overflow, by some reason hit on s390x
diff --git a/bin/varnishtest/vtc_varnish.c b/bin/varnishtest/vtc_varnish.c
index 1ec748cb6..09e49d258 100644
--- a/bin/varnishtest/vtc_varnish.c
+++ b/bin/varnishtest/vtc_varnish.c
@@ -121,7 +121,7 @@ varnish_ask_cli(const struct varnish *v, const char *cmd, char **repl)
i = VCLI_ReadResult(v->cli_fd, &retval, &r, vtc_maxdur);
if (i != 0 && !vtc_stop)
vtc_fatal(v->vl, "CLI failed (%s) = %d %u %s",
- cmd, i, retval, r);
+ cmd != NULL ? cmd : "NULL", i, retval, r);
vtc_log(v->vl, 3, "CLI RX %u", retval);
vtc_dump(v->vl, 4, "CLI RX", r, -1);
if (repl != NULL)

View File

@ -0,0 +1,67 @@
diff -Naur varnish-6.3.0.orig/bin/varnishd/http1/cache_http1_deliver.c varnish-6.3.0/bin/varnishd/http1/cache_http1_deliver.c
--- varnish-6.3.0.orig/bin/varnishd/http1/cache_http1_deliver.c 2019-09-16 10:24:15.000000000 +0200
+++ varnish-6.3.0/bin/varnishd/http1/cache_http1_deliver.c 2019-09-20 08:59:52.609482627 +0200
@@ -74,7 +74,7 @@
VSLb(req->vsl, SLT_RespReason, "Internal Server Error");
req->wrk->stats->client_resp_500++;
- (void)write(req->sp->fd, r_500, sizeof r_500 - 1);
+ if (write(req->sp->fd, r_500, sizeof r_500 - 1)) 0;
req->doclose = SC_TX_EOF;
}
diff -Naur varnish-6.3.0.orig/bin/varnishd/mgt/mgt_param.c varnish-6.3.0/bin/varnishd/mgt/mgt_param.c
--- varnish-6.3.0.orig/bin/varnishd/mgt/mgt_param.c 2019-09-16 10:24:15.000000000 +0200
+++ varnish-6.3.0/bin/varnishd/mgt/mgt_param.c 2019-09-20 09:01:38.866609297 +0200
@@ -805,11 +805,11 @@
t2 = strchr(t1 + 1, '\t');
AN(t2);
printf("\n\t*");
- (void)fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout);
+ if (fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout)) 1;
printf("*\n\t\t");
p = t2 + 1;
}
- (void)fwrite(p, q - p, 1, stdout);
+ if(fwrite(p, q - p, 1, stdout)) 1;
p = q;
if (*p == '\n') {
printf("\n");
diff -Naur varnish-6.3.0.orig/bin/varnishtest/vtc_main.c varnish-6.3.0/bin/varnishtest/vtc_main.c
--- varnish-6.3.0.orig/bin/varnishtest/vtc_main.c 2019-09-16 10:24:15.000000000 +0200
+++ varnish-6.3.0/bin/varnishtest/vtc_main.c 2019-09-20 08:56:45.639506046 +0200
@@ -230,7 +230,7 @@
assert(cleaner_pid >= 0);
if (cleaner_pid == 0) {
closefd(&p[1]);
- (void)nice(1); /* Not important */
+ if (nice(1)) 1;
setbuf(stdin, NULL);
AZ(dup2(p[0], STDIN_FILENO));
while (fgets(buf, sizeof buf, stdin)) {
diff -Naur varnish-6.3.0.orig/lib/libvarnishapi/vsm.c varnish-6.3.0/lib/libvarnishapi/vsm.c
--- varnish-6.3.0.orig/lib/libvarnishapi/vsm.c 2019-09-16 10:24:19.000000000 +0200
+++ varnish-6.3.0/lib/libvarnishapi/vsm.c 2019-09-20 10:36:02.434763755 +0200
@@ -763,18 +763,18 @@
VSM_ResetError(vd);
if (u & VSM_MGT_RUNNING) {
if (progress >= 0 && n > 4)
- (void)write(progress, "\n", 1);
+ if (!write(progress, "\n", 1)) return (vsm_diag(vd, "Unable to write progress"));
vd->attached = 1;
return (0);
}
if (t0 < VTIM_mono()) {
if (progress >= 0 && n > 4)
- (void)write(progress, "\n", 1);
+ if (!write(progress, "\n", 1)) return (vsm_diag(vd, "Unable to write progress"));
return (vsm_diag(vd,
"Could not get hold of varnishd, is it running?"));
}
if (progress >= 0 && !(++n % 4))
- (void)write(progress, ".", 1);
+ if (!write(progress, ".", 1)) return (vsm_diag(vd, "Unable to write progress"));
VTIM_sleep(.25);
}
return (vsm_diag(vd, "Attach interrupted"));

View File

@ -0,0 +1,78 @@
diff -Naur ../varnish-6.5.0.orig/bin/varnishd/http1/cache_http1_deliver.c ./bin/varnishd/http1/cache_http1_deliver.c
--- ../varnish-6.5.0.orig/bin/varnishd/http1/cache_http1_deliver.c 2020-09-15 17:06:03.000000000 +0200
+++ ./bin/varnishd/http1/cache_http1_deliver.c 2020-09-16 11:45:28.663086943 +0200
@@ -76,7 +76,7 @@
VSLb(req->vsl, SLT_RespReason, "Internal Server Error");
req->wrk->stats->client_resp_500++;
- (void)write(req->sp->fd, r_500, sizeof r_500 - 1);
+ if (write(req->sp->fd, r_500, sizeof r_500 - 1)) 0;
req->doclose = SC_TX_EOF;
}
diff -Naur ../varnish-6.5.0.orig/bin/varnishd/mgt/mgt_main.c ./bin/varnishd/mgt/mgt_main.c
--- ../varnish-6.5.0.orig/bin/varnishd/mgt/mgt_main.c 2020-09-15 17:06:03.000000000 +0200
+++ ./bin/varnishd/mgt/mgt_main.c 2020-09-16 11:46:21.323667133 +0200
@@ -252,7 +252,7 @@
return;
VJ_rmdir("vmod_cache");
VJ_unlink("_.pid");
- (void)chdir("/");
+ if (chdir("/")) 0;
VJ_rmdir(workdir);
}
diff -Naur ../varnish-6.5.0.orig/bin/varnishd/mgt/mgt_param.c ./bin/varnishd/mgt/mgt_param.c
--- ../varnish-6.5.0.orig/bin/varnishd/mgt/mgt_param.c 2020-09-15 17:06:03.000000000 +0200
+++ ./bin/varnishd/mgt/mgt_param.c 2020-09-16 11:45:28.771086082 +0200
@@ -829,11 +829,11 @@
t2 = strchr(t1 + 1, '\t');
AN(t2);
printf("\n\t*");
- (void)fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout);
+ if (fwrite(t1 + 1, (t2 - 1) - t1, 1, stdout)) 1;
printf("*\n\t\t");
p = t2 + 1;
}
- (void)fwrite(p, q - p, 1, stdout);
+ if(fwrite(p, q - p, 1, stdout)) 1;
p = q;
if (*p == '\n') {
printf("\n");
diff -Naur ../varnish-6.5.0.orig/bin/varnishtest/vtc_main.c ./bin/varnishtest/vtc_main.c
--- ../varnish-6.5.0.orig/bin/varnishtest/vtc_main.c 2020-09-15 17:06:03.000000000 +0200
+++ ./bin/varnishtest/vtc_main.c 2020-09-16 11:45:28.771086082 +0200
@@ -233,7 +233,7 @@
assert(cleaner_pid >= 0);
if (cleaner_pid == 0) {
closefd(&p[1]);
- (void)nice(1); /* Not important */
+ if (nice(1)) 1;
setbuf(stdin, NULL);
AZ(dup2(p[0], STDIN_FILENO));
while (fgets(buf, sizeof buf, stdin)) {
diff -Naur ../varnish-6.5.0.orig/lib/libvarnishapi/vsm.c ./lib/libvarnishapi/vsm.c
--- ../varnish-6.5.0.orig/lib/libvarnishapi/vsm.c 2020-09-15 17:06:03.000000000 +0200
+++ ./lib/libvarnishapi/vsm.c 2020-09-16 11:45:28.772086074 +0200
@@ -764,18 +764,18 @@
VSM_ResetError(vd);
if (u & VSM_MGT_RUNNING) {
if (progress >= 0 && n > 4)
- (void)write(progress, "\n", 1);
+ if (!write(progress, "\n", 1)) return (vsm_diag(vd, "Unable to write progress"));
vd->attached = 1;
return (0);
}
if (t0 < VTIM_mono()) {
if (progress >= 0 && n > 4)
- (void)write(progress, "\n", 1);
+ if (!write(progress, "\n", 1)) return (vsm_diag(vd, "Unable to write progress"));
return (vsm_diag(vd,
"Could not get hold of varnishd, is it running?"));
}
if (progress >= 0 && !(++n % 4))
- (void)write(progress, ".", 1);
+ if (!write(progress, ".", 1)) return (vsm_diag(vd, "Unable to write progress"));
VTIM_sleep(.25);
}
return (vsm_diag(vd, "Attach interrupted"));

40
varnish.params Normal file
View File

@ -0,0 +1,40 @@
# Varnish environment configuration description. This was derived from
# the old style sysconfig/defaults settings
# Set this to 1 to make systemd reload try to switch vcl without restart.
RELOAD_VCL=1
# Main configuration file. You probably want to change it.
VARNISH_VCL_CONF=/etc/varnish/default.vcl
# Default address and port to bind to. Blank address means all IPv4
# and IPv6 interfaces, otherwise specify a host name, an IPv4 dotted
# quad, or an IPv6 address in brackets.
# VARNISH_LISTEN_ADDRESS=192.168.1.5
VARNISH_LISTEN_PORT=6081
# Admin interface listen address and port
VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
VARNISH_ADMIN_LISTEN_PORT=6082
# Shared secret file for admin interface
VARNISH_SECRET_FILE=/etc/varnish/secret
# The minimum and maximum number of worker threads to start
VARNISH_MIN_THREADS=5
VARNISH_MAX_THREADS=1000
# Idle timeout for worker threads
VARNISH_THREAD_TIMEOUT=120
# Backend storage specification, see Storage Types in the varnishd(5)
# man page for details.
VARNISH_STORAGE="file,/var/lib/varnish/varnish_storage.bin,1G"
# Default TTL used when the backend does not specify one
VARNISH_TTL=120
# User and group for the varnishd worker processes
VARNISH_USER=varnish
VARNISH_GROUP=varnish

47
varnish.service Normal file
View File

@ -0,0 +1,47 @@
[Unit]
Description=Varnish a high-perfomance HTTP accelerator
After=syslog.target network.target
[Service]
#
# If you want to make changes to this file, please copy it to
# /etc/systemd/system/varnish.service and make your changes there.
# This will override the file kept at /lib/systemd/system/varnish.service
#
# Enviroment variables may be found in /etc/varnish/varnish.params
#
# Maximum number of open files (for ulimit -n)
LimitNOFILE=131072
# Locked shared memory (for ulimit -l)
# Default log size is 82MB + header
LimitMEMLOCK=82000
# Maximum size of the corefile.
LimitCORE=infinity
EnvironmentFile=/etc/varnish/varnish.params
Type=forking
PIDFile=/var/run/varnish.pid
PrivateTmp=true
ExecStart=/usr/sbin/varnishd \
-P /var/run/varnish.pid \
-f $VARNISH_VCL_CONF \
-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \
-T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \
-t $VARNISH_TTL \
-w ${VARNISH_MIN_THREADS},${VARNISH_MAX_THREADS},${VARNISH_THREAD_TIMEOUT} \
-u $VARNISH_USER \
-g $VARNISH_GROUP \
-S $VARNISH_SECRET_FILE \
-s $VARNISH_STORAGE \
$DAEMON_OPTS
ExecReload=/usr/sbin/varnish_reload_vcl
[Install]
WantedBy=multi-user.target

View File

@ -18,8 +18,8 @@
Summary: High-performance HTTP accelerator
Name: varnish
Version: 6.0.8
Release: 2%{?dist}.1
Version: 6.0.13
Release: 1%{?dist}
License: BSD
Group: System Environment/Daemons
URL: https://www.varnish-cache.org/
@ -32,11 +32,8 @@ Patch9: varnish-5.1.1.fix_python_version.patch
# https://github.com/varnishcache/varnish-cache/commit/5220c394232c25bb7a807a35e7394059ecefa821#diff-2279587378a4426edde05f42e1acca5e
Patch11: varnish-6.0.0.fix_el6_fortify_source.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2045031
Patch100: varnish-6.0.8.CVE-2022-23959.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2141844
Patch101: varnish-6.0.8-CVE-2022-45060.patch
# Security patches ...
# Patch100: varnish-6.0.13.CVE-.....patch
Obsoletes: varnish-libs
@ -146,9 +143,6 @@ sed -i '8 i\RPM_BUILD_ROOT=%{buildroot}' find-provides
%patch11 -p0
%endif
%patch100 -p1
%patch101 -p1
%build
%if 0%{?rhel} == 6
export CFLAGS="%{optflags} -fPIC"
@ -214,6 +208,10 @@ sed -i 's/48/128/g;' bin/varnishtest/tests/c00057.vtc
%endif
#make %{?_smp_mflags} check LD_LIBRARY_PATH="%{buildroot}%{_libdir}:%{buildroot}%{_libdir}/%{name}" VERBOSE=1
# disable test because of CVE-2023-44487 fix
# https://github.com/varnishcache/varnish-cache/pull/3998#issuecomment-1764649216
rm bin/varnishtest/tests/t02014.vtc
%install
rm -rf %{buildroot}
make install DESTDIR=%{buildroot} INSTALL="install -p"
@ -380,12 +378,18 @@ fi
%changelog
* Mon Nov 14 2022 Luboš Uhliarik <luhliari@redhat.com> - 6.0.8-2.1
- Resolves: #2142092 - CVE-2022-45060 varnish:6/varnish: Request Forgery
Vulnerability
* Thu Mar 28 2024 Luboš Uhliarik <luhliari@redhat.com> - 6.0.13-1
- new version 6.0.13
- Resolves: RHEL-30379 - varnish:6/varnish: HTTP/2 Broken Window Attack may
result in denial of service (CVE-2024-30156)
* Tue Feb 01 2022 Luboš Uhliarik <luhliari@redhat.com> - 6.0.8-2
- Resolves: #2047650 - CVE-2022-23959 varnish:6/varnish: Varnish HTTP/1 Request
* Mon Oct 23 2023 Tomas Korbar <tkorbar@redhat.com> - 6.0.8-4
- Add parameters h2_rst_allowance and h2_rst_allowance_period to mitigate CVE-2023-44487
- CVE-2022-45060 varnish:6/varnish: Request Forgery
- Resolves: RHEL-12814
* Tue Feb 01 2022 Luboš Uhliarik <luhliari@redhat.com> - 6.0.8-1.1
- Resolves: #2047648 - CVE-2022-23959 varnish:6/varnish: Varnish HTTP/1 Request
Smuggling Vulnerability
* Thu Jul 22 2021 Luboš Uhliarik <luhliari@redhat.com> - 6.0.8-1

11
varnishlog.service Normal file
View File

@ -0,0 +1,11 @@
[Unit]
Description=Varnish HTTP accelerator logging daemon
After=network.target
[Service]
Type=forking
PIDFile=/run/varnishlog.pid
ExecStart=/usr/bin/varnishlog -a -w /var/log/varnish/varnish.log -D -P /run/varnishlog.pid
[Install]
WantedBy=multi-user.target

11
varnishncsa.service Normal file
View File

@ -0,0 +1,11 @@
[Unit]
Description=Varnish NCSA logging
After=network.target
[Service]
Type=forking
PIDFile=/run/varnishncsa.pid
ExecStart=/usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log -D -P /run/varnishncsa.pid
[Install]
WantedBy=multi-user.target

11
vsv00002_test.patch Normal file
View File

@ -0,0 +1,11 @@
--- bin/varnishtest/tests/r02429.vtc.orig 2017-11-16 11:08:04.718822949 +0100
+++ bin/varnishtest/tests/r02429.vtc 2017-11-16 11:08:12.411275341 +0100
@@ -4,7 +4,7 @@
accept
} -start
-varnish v1 -arg "-s Transient=file,${tmpdir}/_.file,1m" -vcl+backend {
+varnish v1 -arg "-s Transient=file,${tmpdir}/_.file,10m" -vcl+backend {
sub vcl_backend_error {
synthetic("foo");
return (deliver);