From 85e87699b930b562a72d784c6a1ecf737bfd2e7334c5313e13106a942e932419 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 16 Feb 2016 12:38:34 +0000 Subject: [PATCH] Accepting request 359612 from home:evshmarnev:branches:server:http - Update to new upstream release 4.1.1 * Improved security features (jails). * Support for PROXY protocol. * Warm and cold VCL states. * Backends defined through VMODs. * A lot of bugs were fixed. - Delete 0001-Fail-fetch-on-malformed-Content-Length-header.patch, this issue was fixed in upstream. - Add 'su varnish varnish' line to varnish.logrotate file. - Cleanup with spec-cleaner. OBS-URL: https://build.opensuse.org/request/show/359612 OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=71 --- ...h-on-malformed-Content-Length-header.patch | 290 ------------------ varnish-4.0.3.tar.gz | 3 - varnish-4.1.1.tar.gz | 3 + varnish.changes | 14 + varnish.logrotate | 1 + varnish.spec | 129 ++++---- 6 files changed, 80 insertions(+), 360 deletions(-) delete mode 100644 0001-Fail-fetch-on-malformed-Content-Length-header.patch delete mode 100644 varnish-4.0.3.tar.gz create mode 100644 varnish-4.1.1.tar.gz diff --git a/0001-Fail-fetch-on-malformed-Content-Length-header.patch b/0001-Fail-fetch-on-malformed-Content-Length-header.patch deleted file mode 100644 index 23e4a9f..0000000 --- a/0001-Fail-fetch-on-malformed-Content-Length-header.patch +++ /dev/null @@ -1,290 +0,0 @@ -From 9d61ea4d722549a984d912603902fccfac473824 Mon Sep 17 00:00:00 2001 -From: Martin Blix Grydeland -Date: Fri, 13 Mar 2015 15:23:15 +0100 -Subject: [PATCH] Fail fetch on malformed Content-Length header - -Add a common content length parser that is being used by both client -and backend side. - -Original patch by: fgs - -Fixes: #1691 ---- - bin/varnishd/cache/cache.h | 7 ++++--- - bin/varnishd/cache/cache_http.c | 29 +++++++++++++++++++++++++++++ - bin/varnishd/cache/cache_http1_fetch.c | 32 +++++--------------------------- - bin/varnishd/cache/cache_http1_fsm.c | 20 ++++++++++---------- - bin/varnishd/cache/cache_http1_proto.c | 5 +++-- - bin/varnishd/cache/cache_rfc2616.c | 18 +++++++++++++++--- - bin/varnishtest/tests/r01691.vtc | 21 +++++++++++++++++++++ - 7 files changed, 87 insertions(+), 45 deletions(-) - create mode 100644 bin/varnishtest/tests/r01691.vtc - -Index: varnish-4.0.3/bin/varnishd/cache/cache.h -=================================================================== ---- varnish-4.0.3.orig/bin/varnishd/cache/cache.h -+++ varnish-4.0.3/bin/varnishd/cache/cache.h -@@ -208,7 +208,7 @@ struct http { - * - */ - --typedef ssize_t htc_read(struct http_conn *, void *, size_t); -+typedef ssize_t htc_read(struct http_conn *, void *, ssize_t); - - struct http_conn { - unsigned magic; -@@ -560,7 +560,7 @@ struct busyobj { - - struct pool_task fetch_task; - -- char *h_content_length; -+ ssize_t content_length; - - #define BO_FLAG(l, r, w, d) unsigned l:1; - #include "tbl/bo_flags.h" -@@ -1014,6 +1014,7 @@ int http_GetHdrData(const struct http *h - int http_GetHdrField(const struct http *hp, const char *hdr, - const char *field, char **ptr); - double http_GetHdrQ(const struct http *hp, const char *hdr, const char *field); -+ssize_t http_GetContentLength(const struct http *hp); - uint16_t http_GetStatus(const struct http *hp); - void http_SetStatus(struct http *to, uint16_t status); - const char *http_GetReq(const struct http *hp); -@@ -1040,7 +1041,7 @@ void HTTP1_Init(struct http_conn *htc, s - unsigned maxbytes, unsigned maxhdr); - enum htc_status_e HTTP1_Reinit(struct http_conn *htc); - enum htc_status_e HTTP1_Rx(struct http_conn *htc); --ssize_t HTTP1_Read(struct http_conn *htc, void *d, size_t len); -+ssize_t HTTP1_Read(struct http_conn *htc, void *d, ssize_t len); - enum htc_status_e HTTP1_Complete(struct http_conn *htc); - uint16_t HTTP1_DissectRequest(struct req *); - uint16_t HTTP1_DissectResponse(struct http *sp, const struct http_conn *htc); -Index: varnish-4.0.3/bin/varnishd/cache/cache_http.c -=================================================================== ---- varnish-4.0.3.orig/bin/varnishd/cache/cache_http.c -+++ varnish-4.0.3/bin/varnishd/cache/cache_http.c -@@ -488,6 +488,35 @@ http_GetHdrField(const struct http *hp, - return (i); - } - -+/*--------------------------------------------------------------------*/ -+ -+ssize_t -+http_GetContentLength(const struct http *hp) -+{ -+ ssize_t cl, cll; -+ char *b; -+ -+ CHECK_OBJ_NOTNULL(hp, HTTP_MAGIC); -+ -+ if (!http_GetHdr(hp, H_Content_Length, &b)) -+ return (-1); -+ cl = 0; -+ if (!vct_isdigit(*b)) -+ return (-2); -+ for (;vct_isdigit(*b); b++) { -+ cll = cl; -+ cl *= 10; -+ cl += *b - '0'; -+ if (cll != cl / 10) -+ return (-2); -+ } -+ while (vct_islws(*b)) -+ b++; -+ if (*b != '\0') -+ return (-2); -+ return (cl); -+} -+ - /*-------------------------------------------------------------------- - * XXX: redo with http_GetHdrField() ? - */ -Index: varnish-4.0.3/bin/varnishd/cache/cache_http1_fetch.c -=================================================================== ---- varnish-4.0.3.orig/bin/varnishd/cache/cache_http1_fetch.c -+++ varnish-4.0.3/bin/varnishd/cache/cache_http1_fetch.c -@@ -43,29 +43,6 @@ - #include "vtcp.h" - #include "vtim.h" - --/*-------------------------------------------------------------------- -- * Convert a string to a size_t safely -- */ -- --static ssize_t --vbf_fetch_number(const char *nbr, int radix) --{ -- uintmax_t cll; -- ssize_t cl; -- char *q; -- -- if (*nbr == '\0') -- return (-1); -- cll = strtoumax(nbr, &q, radix); -- if (q == NULL || *q != '\0') -- return (-1); -- -- cl = (ssize_t)cll; -- if((uintmax_t)cl != cll) /* Protect against bogusly large values */ -- return (-1); -- return (cl); --} -- - /*--------------------------------------------------------------------*/ - - static enum vfp_status __match_proto__(vfp_pull_f) -@@ -167,7 +144,6 @@ ssize_t - V1F_Setup_Fetch(struct busyobj *bo) - { - struct http_conn *htc; -- ssize_t cl; - - CHECK_OBJ_NOTNULL(bo, BUSYOBJ_MAGIC); - htc = &bo->htc; -@@ -176,13 +152,15 @@ V1F_Setup_Fetch(struct busyobj *bo) - - switch(htc->body_status) { - case BS_EOF: -+ assert(bo->content_length == -1); - VFP_Push(bo, v1f_pull_eof, 0); - return(-1); - case BS_LENGTH: -- cl = vbf_fetch_number(bo->h_content_length, 10); -- VFP_Push(bo, v1f_pull_straight, cl); -- return (cl); -+ assert(bo->content_length > 0); -+ VFP_Push(bo, v1f_pull_straight, bo->content_length); -+ return (bo->content_length); - case BS_CHUNKED: -+ assert(bo->content_length == -1); - VFP_Push(bo, v1f_pull_chunked, -1); - return (-1); - default: -Index: varnish-4.0.3/bin/varnishd/cache/cache_http1_fsm.c -=================================================================== ---- varnish-4.0.3.orig/bin/varnishd/cache/cache_http1_fsm.c -+++ varnish-4.0.3/bin/varnishd/cache/cache_http1_fsm.c -@@ -262,22 +262,22 @@ http1_cleanup(struct sess *sp, struct wo - static enum req_body_state_e - http1_req_body_status(struct req *req) - { -- char *ptr, *endp; -+ ssize_t cl; - - CHECK_OBJ_NOTNULL(req, REQ_MAGIC); - -- if (http_GetHdr(req->http, H_Content_Length, &ptr)) { -- AN(ptr); -- if (*ptr == '\0') -- return (REQ_BODY_FAIL); -- req->req_bodybytes = strtoul(ptr, &endp, 10); -- if (*endp != '\0' && !vct_islws(*endp)) -- return (REQ_BODY_FAIL); -- if (req->req_bodybytes == 0) -- return (REQ_BODY_NONE); -+ req->req_bodybytes = 0; -+ cl = http_GetContentLength(req->http); -+ if (cl == -2) -+ return (REQ_BODY_FAIL); -+ else if (cl == 0) -+ return (REQ_BODY_NONE); -+ else if (cl > 0) { -+ req->req_bodybytes = cl; - req->h1.bytes_yet = req->req_bodybytes - req->h1.bytes_done; - return (REQ_BODY_PRESENT); - } -+ assert(cl == -1); /* No Content-Length header */ - if (http_HdrIs(req->http, H_Transfer_Encoding, "chunked")) { - req->chunk_ctr = -1; - return (REQ_BODY_CHUNKED); -Index: varnish-4.0.3/bin/varnishd/cache/cache_http1_proto.c -=================================================================== ---- varnish-4.0.3.orig/bin/varnishd/cache/cache_http1_proto.c -+++ varnish-4.0.3/bin/varnishd/cache/cache_http1_proto.c -@@ -191,14 +191,15 @@ HTTP1_Rx(struct http_conn *htc) - * Read up to len bytes, returning pipelined data first. - */ - --ssize_t --HTTP1_Read(struct http_conn *htc, void *d, size_t len) -+ssize_t __match_proto__(htc_read) -+HTTP1_Read(struct http_conn *htc, void *d, ssize_t len) - { - size_t l; - unsigned char *p; - ssize_t i = 0; - - CHECK_OBJ_NOTNULL(htc, HTTP_CONN_MAGIC); -+ assert(len > 0); - l = 0; - p = d; - if (htc->pipeline.b) { -Index: varnish-4.0.3/bin/varnishd/cache/cache_rfc2616.c -=================================================================== ---- varnish-4.0.3.orig/bin/varnishd/cache/cache_rfc2616.c -+++ varnish-4.0.3/bin/varnishd/cache/cache_rfc2616.c -@@ -188,6 +188,7 @@ enum body_status - RFC2616_Body(struct busyobj *bo, struct dstat *stats) - { - struct http *hp; -+ ssize_t cl; - char *b; - - hp = bo->beresp; -@@ -199,6 +200,8 @@ RFC2616_Body(struct busyobj *bo, struct - else - bo->should_close = 0; - -+ bo->content_length = -1; -+ - if (!strcasecmp(http_GetReq(bo->bereq), "head")) { - /* - * A HEAD request can never have a body in the reply, -@@ -246,9 +249,18 @@ RFC2616_Body(struct busyobj *bo, struct - return (BS_ERROR); - } - -- if (http_GetHdr(hp, H_Content_Length, &bo->h_content_length)) { -- stats->fetch_length++; -- return (BS_LENGTH); -+ cl = http_GetContentLength(hp); -+ if (cl == -2) -+ return (BS_ERROR); -+ if (cl >= 0) { -+ bo->content_length = cl; -+ if (cl == 0) { -+ stats->fetch_zero++; -+ return (BS_NONE); -+ } else { -+ stats->fetch_length++; -+ return (BS_LENGTH); -+ } - } - - if (http_HdrIs(hp, H_Connection, "keep-alive")) { -Index: varnish-4.0.3/bin/varnishtest/tests/r01691.vtc -=================================================================== ---- /dev/null -+++ varnish-4.0.3/bin/varnishtest/tests/r01691.vtc -@@ -0,0 +1,21 @@ -+varnishtest "Test bogus Content-Length header" -+ -+server s1 { -+ rxreq -+ txresp -nolen -hdr "Content-Length: bogus" -+} -start -+ -+varnish v1 -vcl+backend { -+ -+} -start -+ -+logexpect l1 -v v1 { -+ expect * 1002 VCL_Error "Body cannot be fetched" -+} -start -+ -+client c1 { -+ txreq -+ rxresp -+} -run -+ -+logexpect l1 -wait diff --git a/varnish-4.0.3.tar.gz b/varnish-4.0.3.tar.gz deleted file mode 100644 index beee88e..0000000 --- a/varnish-4.0.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:94b9a174097f47db2286acd2c35f235e49a2b7a9ddfdbd6eb7aa4da9ae8f8206 -size 1866760 diff --git a/varnish-4.1.1.tar.gz b/varnish-4.1.1.tar.gz new file mode 100644 index 0000000..14d267e --- /dev/null +++ b/varnish-4.1.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1230ac1b87248b5a3f3fdfddc66cf080c7c4d80a97fcb44efa6286e5ccf8354f +size 2009042 diff --git a/varnish.changes b/varnish.changes index 151c1ed..3d88952 100644 --- a/varnish.changes +++ b/varnish.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Tue Feb 16 12:16:47 UTC 2016 - eshmarnev@suse.com + +- Update to new upstream release 4.1.1 +* Improved security features (jails). +* Support for PROXY protocol. +* Warm and cold VCL states. +* Backends defined through VMODs. +* A lot of bugs were fixed. +- Delete 0001-Fail-fetch-on-malformed-Content-Length-header.patch, + this issue was fixed in upstream. +- Add 'su varnish varnish' line to varnish.logrotate file. +- Cleanup with spec-cleaner. + ------------------------------------------------------------------- Fri Mar 27 10:34:15 UTC 2015 - jengelh@inai.de diff --git a/varnish.logrotate b/varnish.logrotate index 1164a24..d17902d 100644 --- a/varnish.logrotate +++ b/varnish.logrotate @@ -1,4 +1,5 @@ /var/log/varnish/*.log { + su varnish varnish missingok notifempty sharedscripts diff --git a/varnish.spec b/varnish.spec index d083459..2845217 100644 --- a/varnish.spec +++ b/varnish.spec @@ -1,7 +1,7 @@ # # spec file for package varnish # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,41 +16,38 @@ # -Name: varnish %define library_name libvarnishapi1 -Version: 4.0.3 +%define pkg_home %{_localstatedir}/lib/%{name} +%define pkg_logdir %{_localstatedir}/log/%{name} +%define pkg_cachedir %{_localstatedir}/cache/%{name} +Name: varnish +Version: 4.1.1 Release: 0 -Summary: Varnish is a high-performance HTTP accelerator +Summary: High-performance HTTP accelerator License: BSD-2-Clause Group: Productivity/Networking/Web/Proxy Url: http://varnish-cache.org/ - #Git-Clone: git://git.varnish-cache.org/varnish-cache #Git-Web: https://varnish-cache.org/trac/browser -Source: https://repo.varnish-cache.org/source/%name-%version.tar.gz +Source: https://repo.varnish-cache.org/source/%{name}-%{version}.tar.gz Source3: varnish.sysconfig Source5: varnish.logrotate Source7: varnish.service Source8: varnishlog.service -Patch1: 0001-Fail-fetch-on-malformed-Content-Length-header.patch - -BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: libxslt BuildRequires: ncurses-devel BuildRequires: pcre-devel BuildRequires: pkgconfig -BuildRequires: readline-devel BuildRequires: python-docutils +BuildRequires: readline-devel +BuildRequires: systemd-rpm-macros BuildRequires: xz -Prereq(post): %_sbindir/useradd %_sbindir/groupadd +Requires: c_compiler +BuildRoot: %{_tmppath}/%{name}-%{version}-build +Prereq(post): %{_sbindir}/useradd %{_sbindir}/groupadd %if 0%{?suse_version} >= 1010 Recommends: logrotate %endif -BuildRequires: systemd-rpm-macros -%define pkg_home %_localstatedir/lib/%name -%define pkg_logdir %_localstatedir/log/%name -%define pkg_cachedir %_localstatedir/cache/%name -Requires: c_compiler %description Varnish is an HTTP accelerator. An HTTP accelerator (often called Reverse @@ -62,11 +59,11 @@ given the cached document, or a "fresh" document requested from a backend server. The purpose of this is to minimize the requests going to the backend server(s) by serving the same document to potentially many users. -%package -n %library_name +%package -n %{library_name} Summary: Shared libraries for Varnish Group: Productivity/Networking/Web/Proxy -%description -n %library_name +%description -n %{library_name} Varnish is an HTTP accelerator. An HTTP accelerator (often called Reverse Proxy) is an application that stores (caches) documents that have been requested over the HTTP protocol. @@ -79,9 +76,9 @@ server(s) by serving the same document to potentially many users. This package holds the shared libraries for varnish. %package devel -Requires: %name = %version Summary: Development files for Varnish Group: Development/Libraries/C and C++ +Requires: %{name} = %{version} %description devel Varnish is an HTTP accelerator. An HTTP accelerator (often called Reverse @@ -97,48 +94,47 @@ This package holds the development files for varnish. %prep %setup -q -%patch -P 1 -p1 %build -export CFLAGS="%optflags -fstack-protector" -%configure --disable-static --docdir="%_docdir/%name" \ - --localstatedir=%_localstatedir/cache/ \ +export CFLAGS="%{optflags} -fstack-protector" +%configure --disable-static --docdir="%{_docdir}/%{name}" \ + --localstatedir=%{_localstatedir}/cache/ \ --enable-developer-warnings make %{?_smp_mflags} %install -b="%buildroot"; +b="%{buildroot}"; %make_install # There is no use for them to normal users -mv "$b/%_bindir"/* "$b/%_sbindir/"; +mv "$b/%{_bindir}"/* "$b/%{_sbindir}/"; # ##missing directories -install -dm 0755 "$b"/{%pkg_logdir,%pkg_home}; -install -Dpm 0644 "%{S:5}" "$b/%_sysconfdir/logrotate.d/varnish"; +install -dm 0755 "$b"/{%{pkg_logdir},%{pkg_home}}; +install -Dpm 0644 "%{SOURCE5}" "$b/%{_sysconfdir}/logrotate.d/varnish"; # ##init scripts -install -Dpm 0644 "%{S:3}" "$b/var/adm/fillup-templates/sysconfig.%name"; -install -Dpm 0644 "%{S:7}" "$b/%_unitdir/varnish.service"; -install -Dpm 0644 "%{S:8}" "$b/%_unitdir/varnishlog.service"; -mkdir -p "$b/%_sbindir"; -ln -s service "$b/%_sbindir/rcvarnish"; -ln -s service "$b/%_sbindir/rcvarnishlog"; +install -Dpm 0644 "%{SOURCE3}" "$b%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}"; +install -Dpm 0644 "%{SOURCE7}" "$b/%{_unitdir}/varnish.service"; +install -Dpm 0644 "%{SOURCE8}" "$b/%{_unitdir}/varnishlog.service"; +mkdir -p "$b/%{_sbindir}"; +ln -s service "$b/%{_sbindir}/rcvarnish"; +ln -s service "$b/%{_sbindir}/rcvarnishlog"; # ##config files -mkdir -p "$b/%_sysconfdir/%name" -cp "$b/%_docdir/%name/example.vcl" "$b/%_sysconfdir/%name/vcl.conf" +mkdir -p "$b/%{_sysconfdir}/%{name}" +cp "$b/%{_docdir}/%{name}/example.vcl" "$b/%{_sysconfdir}/%{name}/vcl.conf" -find "$b" -type f -name "*.la" -delete -mkdir -p "$b/%pkg_logdir" -mkdir -p "$b/%_docdir/%name" -cp -a ChangeLog LICENSE README "$b/%_docdir/%name/" +find %{buildroot} -type f -name "*.la" -delete -print +mkdir -p "$b/%{pkg_logdir}" +mkdir -p "$b/%{_docdir}/%{name}" +cp -a ChangeLog LICENSE README "$b/%{_docdir}/%{name}/" %pre -%_bindir/getent group varnish >/dev/null || \ - %_sbindir/groupadd -r varnish || : -%_bindir/getent passwd varnish >/dev/null || \ - %_sbindir/useradd -g varnish -s /bin/false -r -c "user for Varnish" \ - -d %pkg_home varnish || : +%{_bindir}/getent group varnish >/dev/null || \ + %{_sbindir}/groupadd -r varnish || : +%{_bindir}/getent passwd varnish >/dev/null || \ + %{_sbindir}/useradd -g varnish -s /bin/false -r -c "user for Varnish" \ + -d %{pkg_home} varnish || : %service_add_pre varnish.service %service_add_pre varnishlog.service @@ -154,35 +150,34 @@ cp -a ChangeLog LICENSE README "$b/%_docdir/%name/" %service_del_postun varnish.service %service_del_postun varnishlog.service -%post -n %library_name -p /sbin/ldconfig -%postun -n %library_name -p /sbin/ldconfig - +%post -n %{library_name} -p /sbin/ldconfig +%postun -n %{library_name} -p /sbin/ldconfig %files %defattr(-,root,root) -%_unitdir/*.service -%config(noreplace) %_sysconfdir/logrotate.d/varnish -%dir %attr(0750,root,varnish) %_sysconfdir/%name/ -%config(noreplace) %attr(0640,root,varnish) %_sysconfdir/%name/vcl.conf -%_libdir/varnish -%_sbindir/varnish* -%_sbindir/rcvarnish* -%_mandir/man*/* -%_docdir/%name/ -%_datadir/%name/ -%dir %attr(0750,varnish,varnish) %pkg_home -%dir %attr(0750,varnish,varnish) %pkg_cachedir -%dir %attr(0750,varnish,varnish) %pkg_logdir -%_localstatedir/adm/fillup-templates/sysconfig.%name +%{_unitdir}/*.service +%config(noreplace) %{_sysconfdir}/logrotate.d/varnish +%dir %attr(0750,root,varnish) %{_sysconfdir}/%{name}/ +%config(noreplace) %attr(0640,root,varnish) %{_sysconfdir}/%{name}/vcl.conf +%{_libdir}/varnish +%{_sbindir}/varnish* +%{_sbindir}/rcvarnish* +%{_mandir}/man*/* +%{_docdir}/%{name}/ +%{_datadir}/%{name}/ +%dir %attr(0750,varnish,varnish) %{pkg_home} +%dir %attr(0750,varnish,varnish) %{pkg_cachedir} +%dir %attr(0750,varnish,varnish) %{pkg_logdir} +%{_localstatedir}/adm/fillup-templates/sysconfig.%{name} -%files -n %library_name +%files -n %{library_name} %defattr(-,root,root,-) -%_libdir/libvarnishapi.so.1* +%{_libdir}/libvarnishapi.so.1* %files devel %defattr(-,root,root,-) -%_includedir/varnish -%_datadir/aclocal/ -%_libdir/pkgconfig/* -%_libdir/libvarnishapi.so +%{_includedir}/varnish +%{_datadir}/aclocal/ +%{_libdir}/pkgconfig/* +%{_libdir}/libvarnishapi.so %changelog