diff --git a/0001-Fail-fetch-on-malformed-Content-Length-header.patch b/0001-Fail-fetch-on-malformed-Content-Length-header.patch deleted file mode 100644 index 23e4a9f..0000000 --- a/0001-Fail-fetch-on-malformed-Content-Length-header.patch +++ /dev/null @@ -1,290 +0,0 @@ -From 9d61ea4d722549a984d912603902fccfac473824 Mon Sep 17 00:00:00 2001 -From: Martin Blix Grydeland -Date: Fri, 13 Mar 2015 15:23:15 +0100 -Subject: [PATCH] Fail fetch on malformed Content-Length header - -Add a common content length parser that is being used by both client -and backend side. - -Original patch by: fgs - -Fixes: #1691 ---- - bin/varnishd/cache/cache.h | 7 ++++--- - bin/varnishd/cache/cache_http.c | 29 +++++++++++++++++++++++++++++ - bin/varnishd/cache/cache_http1_fetch.c | 32 +++++--------------------------- - bin/varnishd/cache/cache_http1_fsm.c | 20 ++++++++++---------- - bin/varnishd/cache/cache_http1_proto.c | 5 +++-- - bin/varnishd/cache/cache_rfc2616.c | 18 +++++++++++++++--- - bin/varnishtest/tests/r01691.vtc | 21 +++++++++++++++++++++ - 7 files changed, 87 insertions(+), 45 deletions(-) - create mode 100644 bin/varnishtest/tests/r01691.vtc - -Index: varnish-4.0.3/bin/varnishd/cache/cache.h -=================================================================== ---- varnish-4.0.3.orig/bin/varnishd/cache/cache.h -+++ varnish-4.0.3/bin/varnishd/cache/cache.h -@@ -208,7 +208,7 @@ struct http { - * - */ - --typedef ssize_t htc_read(struct http_conn *, void *, size_t); -+typedef ssize_t htc_read(struct http_conn *, void *, ssize_t); - - struct http_conn { - unsigned magic; -@@ -560,7 +560,7 @@ struct busyobj { - - struct pool_task fetch_task; - -- char *h_content_length; -+ ssize_t content_length; - - #define BO_FLAG(l, r, w, d) unsigned l:1; - #include "tbl/bo_flags.h" -@@ -1014,6 +1014,7 @@ int http_GetHdrData(const struct http *h - int http_GetHdrField(const struct http *hp, const char *hdr, - const char *field, char **ptr); - double http_GetHdrQ(const struct http *hp, const char *hdr, const char *field); -+ssize_t http_GetContentLength(const struct http *hp); - uint16_t http_GetStatus(const struct http *hp); - void http_SetStatus(struct http *to, uint16_t status); - const char *http_GetReq(const struct http *hp); -@@ -1040,7 +1041,7 @@ void HTTP1_Init(struct http_conn *htc, s - unsigned maxbytes, unsigned maxhdr); - enum htc_status_e HTTP1_Reinit(struct http_conn *htc); - enum htc_status_e HTTP1_Rx(struct http_conn *htc); --ssize_t HTTP1_Read(struct http_conn *htc, void *d, size_t len); -+ssize_t HTTP1_Read(struct http_conn *htc, void *d, ssize_t len); - enum htc_status_e HTTP1_Complete(struct http_conn *htc); - uint16_t HTTP1_DissectRequest(struct req *); - uint16_t HTTP1_DissectResponse(struct http *sp, const struct http_conn *htc); -Index: varnish-4.0.3/bin/varnishd/cache/cache_http.c -=================================================================== ---- varnish-4.0.3.orig/bin/varnishd/cache/cache_http.c -+++ varnish-4.0.3/bin/varnishd/cache/cache_http.c -@@ -488,6 +488,35 @@ http_GetHdrField(const struct http *hp, - return (i); - } - -+/*--------------------------------------------------------------------*/ -+ -+ssize_t -+http_GetContentLength(const struct http *hp) -+{ -+ ssize_t cl, cll; -+ char *b; -+ -+ CHECK_OBJ_NOTNULL(hp, HTTP_MAGIC); -+ -+ if (!http_GetHdr(hp, H_Content_Length, &b)) -+ return (-1); -+ cl = 0; -+ if (!vct_isdigit(*b)) -+ return (-2); -+ for (;vct_isdigit(*b); b++) { -+ cll = cl; -+ cl *= 10; -+ cl += *b - '0'; -+ if (cll != cl / 10) -+ return (-2); -+ } -+ while (vct_islws(*b)) -+ b++; -+ if (*b != '\0') -+ return (-2); -+ return (cl); -+} -+ - /*-------------------------------------------------------------------- - * XXX: redo with http_GetHdrField() ? - */ -Index: varnish-4.0.3/bin/varnishd/cache/cache_http1_fetch.c -=================================================================== ---- varnish-4.0.3.orig/bin/varnishd/cache/cache_http1_fetch.c -+++ varnish-4.0.3/bin/varnishd/cache/cache_http1_fetch.c -@@ -43,29 +43,6 @@ - #include "vtcp.h" - #include "vtim.h" - --/*-------------------------------------------------------------------- -- * Convert a string to a size_t safely -- */ -- --static ssize_t --vbf_fetch_number(const char *nbr, int radix) --{ -- uintmax_t cll; -- ssize_t cl; -- char *q; -- -- if (*nbr == '\0') -- return (-1); -- cll = strtoumax(nbr, &q, radix); -- if (q == NULL || *q != '\0') -- return (-1); -- -- cl = (ssize_t)cll; -- if((uintmax_t)cl != cll) /* Protect against bogusly large values */ -- return (-1); -- return (cl); --} -- - /*--------------------------------------------------------------------*/ - - static enum vfp_status __match_proto__(vfp_pull_f) -@@ -167,7 +144,6 @@ ssize_t - V1F_Setup_Fetch(struct busyobj *bo) - { - struct http_conn *htc; -- ssize_t cl; - - CHECK_OBJ_NOTNULL(bo, BUSYOBJ_MAGIC); - htc = &bo->htc; -@@ -176,13 +152,15 @@ V1F_Setup_Fetch(struct busyobj *bo) - - switch(htc->body_status) { - case BS_EOF: -+ assert(bo->content_length == -1); - VFP_Push(bo, v1f_pull_eof, 0); - return(-1); - case BS_LENGTH: -- cl = vbf_fetch_number(bo->h_content_length, 10); -- VFP_Push(bo, v1f_pull_straight, cl); -- return (cl); -+ assert(bo->content_length > 0); -+ VFP_Push(bo, v1f_pull_straight, bo->content_length); -+ return (bo->content_length); - case BS_CHUNKED: -+ assert(bo->content_length == -1); - VFP_Push(bo, v1f_pull_chunked, -1); - return (-1); - default: -Index: varnish-4.0.3/bin/varnishd/cache/cache_http1_fsm.c -=================================================================== ---- varnish-4.0.3.orig/bin/varnishd/cache/cache_http1_fsm.c -+++ varnish-4.0.3/bin/varnishd/cache/cache_http1_fsm.c -@@ -262,22 +262,22 @@ http1_cleanup(struct sess *sp, struct wo - static enum req_body_state_e - http1_req_body_status(struct req *req) - { -- char *ptr, *endp; -+ ssize_t cl; - - CHECK_OBJ_NOTNULL(req, REQ_MAGIC); - -- if (http_GetHdr(req->http, H_Content_Length, &ptr)) { -- AN(ptr); -- if (*ptr == '\0') -- return (REQ_BODY_FAIL); -- req->req_bodybytes = strtoul(ptr, &endp, 10); -- if (*endp != '\0' && !vct_islws(*endp)) -- return (REQ_BODY_FAIL); -- if (req->req_bodybytes == 0) -- return (REQ_BODY_NONE); -+ req->req_bodybytes = 0; -+ cl = http_GetContentLength(req->http); -+ if (cl == -2) -+ return (REQ_BODY_FAIL); -+ else if (cl == 0) -+ return (REQ_BODY_NONE); -+ else if (cl > 0) { -+ req->req_bodybytes = cl; - req->h1.bytes_yet = req->req_bodybytes - req->h1.bytes_done; - return (REQ_BODY_PRESENT); - } -+ assert(cl == -1); /* No Content-Length header */ - if (http_HdrIs(req->http, H_Transfer_Encoding, "chunked")) { - req->chunk_ctr = -1; - return (REQ_BODY_CHUNKED); -Index: varnish-4.0.3/bin/varnishd/cache/cache_http1_proto.c -=================================================================== ---- varnish-4.0.3.orig/bin/varnishd/cache/cache_http1_proto.c -+++ varnish-4.0.3/bin/varnishd/cache/cache_http1_proto.c -@@ -191,14 +191,15 @@ HTTP1_Rx(struct http_conn *htc) - * Read up to len bytes, returning pipelined data first. - */ - --ssize_t --HTTP1_Read(struct http_conn *htc, void *d, size_t len) -+ssize_t __match_proto__(htc_read) -+HTTP1_Read(struct http_conn *htc, void *d, ssize_t len) - { - size_t l; - unsigned char *p; - ssize_t i = 0; - - CHECK_OBJ_NOTNULL(htc, HTTP_CONN_MAGIC); -+ assert(len > 0); - l = 0; - p = d; - if (htc->pipeline.b) { -Index: varnish-4.0.3/bin/varnishd/cache/cache_rfc2616.c -=================================================================== ---- varnish-4.0.3.orig/bin/varnishd/cache/cache_rfc2616.c -+++ varnish-4.0.3/bin/varnishd/cache/cache_rfc2616.c -@@ -188,6 +188,7 @@ enum body_status - RFC2616_Body(struct busyobj *bo, struct dstat *stats) - { - struct http *hp; -+ ssize_t cl; - char *b; - - hp = bo->beresp; -@@ -199,6 +200,8 @@ RFC2616_Body(struct busyobj *bo, struct - else - bo->should_close = 0; - -+ bo->content_length = -1; -+ - if (!strcasecmp(http_GetReq(bo->bereq), "head")) { - /* - * A HEAD request can never have a body in the reply, -@@ -246,9 +249,18 @@ RFC2616_Body(struct busyobj *bo, struct - return (BS_ERROR); - } - -- if (http_GetHdr(hp, H_Content_Length, &bo->h_content_length)) { -- stats->fetch_length++; -- return (BS_LENGTH); -+ cl = http_GetContentLength(hp); -+ if (cl == -2) -+ return (BS_ERROR); -+ if (cl >= 0) { -+ bo->content_length = cl; -+ if (cl == 0) { -+ stats->fetch_zero++; -+ return (BS_NONE); -+ } else { -+ stats->fetch_length++; -+ return (BS_LENGTH); -+ } - } - - if (http_HdrIs(hp, H_Connection, "keep-alive")) { -Index: varnish-4.0.3/bin/varnishtest/tests/r01691.vtc -=================================================================== ---- /dev/null -+++ varnish-4.0.3/bin/varnishtest/tests/r01691.vtc -@@ -0,0 +1,21 @@ -+varnishtest "Test bogus Content-Length header" -+ -+server s1 { -+ rxreq -+ txresp -nolen -hdr "Content-Length: bogus" -+} -start -+ -+varnish v1 -vcl+backend { -+ -+} -start -+ -+logexpect l1 -v v1 { -+ expect * 1002 VCL_Error "Body cannot be fetched" -+} -start -+ -+client c1 { -+ txreq -+ rxresp -+} -run -+ -+logexpect l1 -wait diff --git a/varnish-4.0.3.tar.gz b/varnish-4.0.3.tar.gz deleted file mode 100644 index beee88e..0000000 --- a/varnish-4.0.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:94b9a174097f47db2286acd2c35f235e49a2b7a9ddfdbd6eb7aa4da9ae8f8206 -size 1866760 diff --git a/varnish-4.1.1.tar.gz b/varnish-4.1.1.tar.gz new file mode 100644 index 0000000..14d267e --- /dev/null +++ b/varnish-4.1.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1230ac1b87248b5a3f3fdfddc66cf080c7c4d80a97fcb44efa6286e5ccf8354f +size 2009042 diff --git a/varnish.changes b/varnish.changes index 151c1ed..0ead931 100644 --- a/varnish.changes +++ b/varnish.changes @@ -1,3 +1,23 @@ +------------------------------------------------------------------- +Tue Feb 16 12:52:51 UTC 2016 - eshmarnev@suse.com + +- disable silent rules in spec file. +- enable testsuite for varnish. + +------------------------------------------------------------------- +Tue Feb 16 12:16:47 UTC 2016 - eshmarnev@suse.com + +- Update to new upstream release 4.1.1 +* Improved security features (jails). +* Support for PROXY protocol. +* Warm and cold VCL states. +* Backends defined through VMODs. +* A lot of bugs were fixed. +- Delete 0001-Fail-fetch-on-malformed-Content-Length-header.patch, + this issue was fixed in upstream. +- Add 'su varnish varnish' line to varnish.logrotate file. +- Cleanup with spec-cleaner. + ------------------------------------------------------------------- Fri Mar 27 10:34:15 UTC 2015 - jengelh@inai.de diff --git a/varnish.logrotate b/varnish.logrotate index 1164a24..d17902d 100644 --- a/varnish.logrotate +++ b/varnish.logrotate @@ -1,4 +1,5 @@ /var/log/varnish/*.log { + su varnish varnish missingok notifempty sharedscripts diff --git a/varnish.spec b/varnish.spec index d083459..725dba1 100644 --- a/varnish.spec +++ b/varnish.spec @@ -1,7 +1,7 @@ # # spec file for package varnish # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,41 +16,38 @@ # -Name: varnish %define library_name libvarnishapi1 -Version: 4.0.3 +%define pkg_home %_localstatedir/lib/%name +%define pkg_logdir %_localstatedir/log/%name +%define pkg_cachedir %_localstatedir/cache/%name +Name: varnish +Version: 4.1.1 Release: 0 -Summary: Varnish is a high-performance HTTP accelerator +Summary: High-performance HTTP accelerator License: BSD-2-Clause Group: Productivity/Networking/Web/Proxy -Url: http://varnish-cache.org/ - +URL: http://varnish-cache.org/ #Git-Clone: git://git.varnish-cache.org/varnish-cache #Git-Web: https://varnish-cache.org/trac/browser -Source: https://repo.varnish-cache.org/source/%name-%version.tar.gz +Source: https://repo.varnish-cache.org/source/%name-%version.tar.gz Source3: varnish.sysconfig Source5: varnish.logrotate Source7: varnish.service Source8: varnishlog.service -Patch1: 0001-Fail-fetch-on-malformed-Content-Length-header.patch - -BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: libxslt BuildRequires: ncurses-devel BuildRequires: pcre-devel BuildRequires: pkgconfig -BuildRequires: readline-devel BuildRequires: python-docutils +BuildRequires: readline-devel +BuildRequires: systemd-rpm-macros BuildRequires: xz +Requires: c_compiler +BuildRoot: %_tmppath/%name-%version-build Prereq(post): %_sbindir/useradd %_sbindir/groupadd %if 0%{?suse_version} >= 1010 Recommends: logrotate %endif -BuildRequires: systemd-rpm-macros -%define pkg_home %_localstatedir/lib/%name -%define pkg_logdir %_localstatedir/log/%name -%define pkg_cachedir %_localstatedir/cache/%name -Requires: c_compiler %description Varnish is an HTTP accelerator. An HTTP accelerator (often called Reverse @@ -79,9 +76,9 @@ server(s) by serving the same document to potentially many users. This package holds the shared libraries for varnish. %package devel -Requires: %name = %version Summary: Development files for Varnish Group: Development/Libraries/C and C++ +Requires: %name = %version %description devel Varnish is an HTTP accelerator. An HTTP accelerator (often called Reverse @@ -97,12 +94,12 @@ This package holds the development files for varnish. %prep %setup -q -%patch -P 1 -p1 %build export CFLAGS="%optflags -fstack-protector" %configure --disable-static --docdir="%_docdir/%name" \ - --localstatedir=%_localstatedir/cache/ \ + --localstatedir="%_localstatedir/cache/" \ + --disable-silent-rules \ --enable-developer-warnings make %{?_smp_mflags} @@ -117,7 +114,7 @@ install -dm 0755 "$b"/{%pkg_logdir,%pkg_home}; install -Dpm 0644 "%{S:5}" "$b/%_sysconfdir/logrotate.d/varnish"; # ##init scripts -install -Dpm 0644 "%{S:3}" "$b/var/adm/fillup-templates/sysconfig.%name"; +install -Dpm 0644 "%{S:3}" "$b%_localstatedir/adm/fillup-templates/sysconfig.%name"; install -Dpm 0644 "%{S:7}" "$b/%_unitdir/varnish.service"; install -Dpm 0644 "%{S:8}" "$b/%_unitdir/varnishlog.service"; mkdir -p "$b/%_sbindir"; @@ -128,11 +125,14 @@ ln -s service "$b/%_sbindir/rcvarnishlog"; mkdir -p "$b/%_sysconfdir/%name" cp "$b/%_docdir/%name/example.vcl" "$b/%_sysconfdir/%name/vcl.conf" -find "$b" -type f -name "*.la" -delete +find "$b" -type f -name "*.la" -delete -print mkdir -p "$b/%pkg_logdir" mkdir -p "$b/%_docdir/%name" cp -a ChangeLog LICENSE README "$b/%_docdir/%name/" +%check +make %{?_smp_mflags} check + %pre %_bindir/getent group varnish >/dev/null || \ %_sbindir/groupadd -r varnish || :