debian/0000775000000000000000000000000013142736133007173 5ustar debian/varnish.logrotate0000664000000000000000000000052212314113646012564 0ustar /var/log/varnish/varnish.log /var/log/varnish/varnishncsa.log { daily rotate 7 missingok compress delaycompress missingok postrotate for service in varnishlog varnishncsa; do if /usr/bin/pgrep -P 1 $service >/dev/null; then /usr/sbin/invoke-rc.d $service reload > /dev/null fi done endscript } debian/varnish-doc.doc-base0000664000000000000000000000131112314113646013001 0ustar Document: varnish-doc Title: Varnish Cache documentation Author: Anders Berg, Bjørn Ruberg, Kristian Lyngstøl, Martin Blix Grydeland, Per Andreas Buer, Poul-Henning Kamp, Tollef Fog Heen Abstract: The Varnish Cache documentation contains extensive information about the Varnish Cache software and project. It contains, among other things, a tutorial, information about installation, usage and troubleshooting, a section on the Varnish Command Language, and a large section of rants from the lead programmer and architect. Section: Web Development Format: HTML Index: /usr/share/doc/varnish-doc/html/index.html Files: /usr/share/doc/varnish-doc/html/*.html /usr/share/doc/varnish-doc/html/*/*.html debian/varnish.varnishncsa.init0000664000000000000000000000434712314113646014056 0ustar #! /bin/sh ### BEGIN INIT INFO # Provides: varnishncsa # Required-Start: $local_fs $remote_fs $network # Required-Stop: $local_fs $remote_fs $network # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start HTTP accelerator log daemon # Description: This script provides logging for varnish ### END INIT INFO # Source function library . /lib/lsb/init-functions NAME=varnishncsa DESC="HTTP accelerator log deamon" PATH=/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/bin/$NAME PIDFILE=/var/run/$NAME/$NAME.pid LOGFILE=/var/log/varnish/varnishncsa.log USER=varnishlog DAEMON_OPTS="-a -w ${LOGFILE} -D -P ${PIDFILE}" # Include defaults if available if [ -f /etc/default/$NAME ] ; then . /etc/default/$NAME fi # If unset, or set to "0" or "no", exit if [ -z "${VARNISHNCSA_ENABLED}" ] || \ [ "${VARNISHNCSA_ENABLED}" = "0" ] || \ [ "${VARNISHNCSA_ENABLED}" = "no" ]; then exit 0; fi test -x $DAEMON || exit 0 start_varnishncsa() { output=$(/bin/tempfile -s.varnish) log_daemon_msg "Starting $DESC" "$NAME" create_pid_directory if start-stop-daemon --start --quiet --pidfile ${PIDFILE} \ --chuid $USER --exec ${DAEMON} -- ${DAEMON_OPTS} \ > ${output} 2>&1; then log_end_msg 0 else log_end_msg 1 cat $output exit 1 fi rm $output } stop_varnishncsa(){ log_daemon_msg "Stopping $DESC" "$NAME" if start-stop-daemon --stop --quiet --pidfile $PIDFILE \ --retry 10 --exec $DAEMON; then log_end_msg 0 else log_end_msg 1 fi } reload_varnishncsa(){ log_daemon_msg "Reloading $DESC" "$NAME" if kill -HUP $(cat $PIDFILE) >/dev/null 2>&1; then log_end_msg 0 else log_end_msg 1 exit 1 fi } status_varnishncsa(){ status_of_proc -p "${PIDFILE}" "${DAEMON}" "${NAME}" exit $? } create_pid_directory() { install -o $USER -g $USER -d $(dirname $PIDFILE) } case "$1" in start) start_varnishncsa ;; stop) stop_varnishncsa ;; reload) reload_varnishncsa ;; status) status_varnishncsa ;; restart|force-reload) $0 stop $0 start ;; *) log_success_msg "Usage: $0 {start|stop|restart|force-reload|reload}" exit 1 ;; esac exit 0 debian/varnish.init0000664000000000000000000000627712314113646011544 0ustar #! /bin/sh ### BEGIN INIT INFO # Provides: varnish # Required-Start: $local_fs $remote_fs $network # Required-Stop: $local_fs $remote_fs $network # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start HTTP accelerator # Description: This script provides a server-side cache # to be run in front of a httpd and should # listen on port 80 on a properly configured # system ### END INIT INFO # Source function library . /lib/lsb/init-functions NAME=varnishd DESC="HTTP accelerator" PATH=/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/sbin/varnishd PIDFILE=/var/run/$NAME.pid test -x $DAEMON || exit 0 # Include varnish defaults if available if [ -f /etc/default/varnish ] ; then . /etc/default/varnish fi # Open files (usually 1024, which is way too small for varnish) ulimit -n ${NFILES:-131072} # Maxiumum locked memory size for shared memory log ulimit -l ${MEMLOCK:-82000} # If $DAEMON_OPTS is not set at all in /etc/default/varnish, use minimal useful # defaults (Backend at localhost:8080, a common place to put a locally # installed application server.) DAEMON_OPTS=${DAEMON_OPTS:--b localhost} # Ensure we have a PATH export PATH="${PATH:+$PATH:}/usr/sbin:/usr/bin:/sbin:/bin" start_varnishd() { log_daemon_msg "Starting $DESC" "$NAME" output=$(/bin/tempfile -s.varnish) if start-stop-daemon \ --start --quiet --pidfile ${PIDFILE} --exec ${DAEMON} -- \ -P ${PIDFILE} ${DAEMON_OPTS} > ${output} 2>&1; then log_end_msg 0 else log_end_msg 1 cat $output exit 1 fi rm $output } disabled_varnishd() { log_daemon_msg "Not starting $DESC" "$NAME" log_progress_msg "disabled in /etc/default/varnish" log_end_msg 0 } stop_varnishd() { log_daemon_msg "Stopping $DESC" "$NAME" if start-stop-daemon \ --stop --quiet --pidfile $PIDFILE --retry 10 \ --exec $DAEMON; then log_end_msg 0 else log_end_msg 1 fi if test -r $PIDFILE; then read -r PID < $PIDFILE if test ! -d /proc/$PID ; then # stale pidfile unset PID rm -f $PIDFILE fi fi } reload_varnishd() { log_daemon_msg "Reloading $DESC" "$NAME" if /usr/share/varnish/reload-vcl -q; then log_end_msg 0 else log_end_msg 1 fi } status_varnishd() { start-stop-daemon \ --status --quiet --pidfile $PIDFILE \ --exec $DAEMON exit $? } configtest() { $DAEMON ${DAEMON_OPTS} -C -n /tmp > /dev/null && echo "Syntax ok" } case "$1" in start) case "${START:-}" in [Yy]es|[Yy]|1|[Tt]|[Tt]rue) start_varnishd ;; *) disabled_varnishd ;; esac ;; stop) stop_varnishd ;; reload) reload_varnishd ;; status) status_varnishd ;; restart|force-reload) $0 stop $0 start ;; configtest) configtest ;; *) log_success_msg "Usage: $0 {start|stop|restart|reload|force-reload|configtest}" exit 1 ;; esac exit 0 debian/tests/0000775000000000000000000000000012314113646010333 5ustar debian/tests/03.varnishncsa.t0000664000000000000000000000144112314113646013260 0ustar #!/bin/sh test_description="varnishncsa service" . ./sharness.sh test_expect_success "enable" " sed -i -e 's/# VARNISHNCSA_ENABLED=1/VARNISHNCSA_ENABLED=1/g' /etc/default/varnishncsa " test_expect_success "start" " service varnishncsa start " test_expect_success "status (after start)" " service varnishncsa status " test_expect_success "restart" " service varnishncsa restart " test_expect_success "status (after restart)" " service varnishncsa status " test_expect_success "reload" " service varnishncsa reload " test_expect_success "status (after reload)" " service varnishncsa status " test_expect_success "stop" " service varnishncsa stop " test_expect_success "status (after stop)" " if service varnishncsa status then false else true fi " test_done debian/tests/sharness.sh0000664000000000000000000004411112314113646012516 0ustar #!/bin/sh # # Copyright (c) 2011-2012 Mathias Lafeldt # Copyright (c) 2005-2012 Git project # Copyright (c) 2005-2012 Junio C Hamano # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see http://www.gnu.org/licenses/ . # Public: Current version of Sharness. SHARNESS_VERSION="0.3.0" export SHARNESS_VERSION # Public: The file extension for tests. By default, it is set to "t". : ${SHARNESS_TEST_EXTENSION:=t} export SHARNESS_TEST_EXTENSION # Keep the original TERM for say_color ORIGINAL_TERM=$TERM # For repeatability, reset the environment to a known state. LANG=C LC_ALL=C PAGER=cat TZ=UTC TERM=dumb EDITOR=: export LANG LC_ALL PAGER TZ TERM EDITOR unset VISUAL CDPATH GREP_OPTIONS # Line feed LF=' ' [ "x$ORIGINAL_TERM" != "xdumb" ] && ( TERM=$ORIGINAL_TERM && export TERM && [ -t 1 ] && tput bold >/dev/null 2>&1 && tput setaf 1 >/dev/null 2>&1 && tput sgr0 >/dev/null 2>&1 ) && color=t while test "$#" -ne 0; do case "$1" in -d|--d|--de|--deb|--debu|--debug) debug=t; shift ;; -i|--i|--im|--imm|--imme|--immed|--immedi|--immedia|--immediat|--immediate) immediate=t; shift ;; -l|--l|--lo|--lon|--long|--long-|--long-t|--long-te|--long-tes|--long-test|--long-tests) TEST_LONG=t; export TEST_LONG; shift ;; -h|--h|--he|--hel|--help) help=t; shift ;; -v|--v|--ve|--ver|--verb|--verbo|--verbos|--verbose) verbose=t; shift ;; -q|--q|--qu|--qui|--quie|--quiet) # Ignore --quiet under a TAP::Harness. Saying how many tests # passed without the ok/not ok details is always an error. test -z "$HARNESS_ACTIVE" && quiet=t; shift ;; --no-color) color=; shift ;; --root=*) root=$(expr "z$1" : 'z[^=]*=\(.*\)') shift ;; *) echo "error: unknown test option '$1'" >&2; exit 1 ;; esac done if test -n "$color"; then say_color() { ( TERM=$ORIGINAL_TERM export TERM case "$1" in error) tput bold; tput setaf 1;; # bold red skip) tput setaf 4;; # blue warn) tput setaf 3;; # brown/yellow pass) tput setaf 2;; # green info) tput setaf 6;; # cyan *) test -n "$quiet" && return;; esac shift printf "%s" "$*" tput sgr0 echo ) } else say_color() { test -z "$1" && test -n "$quiet" && return shift printf "%s\n" "$*" } fi error() { say_color error "error: $*" EXIT_OK=t exit 1 } say() { say_color info "$*" } test -n "$test_description" || error "Test script did not set test_description." if test "$help" = "t"; then echo "$test_description" exit 0 fi exec 5>&1 exec 6<&0 if test "$verbose" = "t"; then exec 4>&2 3>&1 else exec 4>/dev/null 3>/dev/null fi test_failure=0 test_count=0 test_fixed=0 test_broken=0 test_success=0 die() { code=$? if test -n "$EXIT_OK"; then exit $code else echo >&5 "FATAL: Unexpected exit with code $code" exit 1 fi } EXIT_OK= trap 'die' EXIT # Public: Define that a test prerequisite is available. # # The prerequisite can later be checked explicitly using test_have_prereq or # implicitly by specifying the prerequisite name in calls to test_expect_success # or test_expect_failure. # # $1 - Name of prerequiste (a simple word, in all capital letters by convention) # # Examples # # # Set PYTHON prerequisite if interpreter is available. # command -v python >/dev/null && test_set_prereq PYTHON # # # Set prerequisite depending on some variable. # test -z "$NO_GETTEXT" && test_set_prereq GETTEXT # # Returns nothing. test_set_prereq() { satisfied_prereq="$satisfied_prereq$1 " } satisfied_prereq=" " # Public: Check if one or more test prerequisites are defined. # # The prerequisites must have previously been set with test_set_prereq. # The most common use of this is to skip all the tests if some essential # prerequisite is missing. # # $1 - Comma-separated list of test prerequisites. # # Examples # # # Skip all remaining tests if prerequisite is not set. # if ! test_have_prereq PERL; then # skip_all='skipping perl interface tests, perl not available' # test_done # fi # # Returns 0 if all prerequisites are defined or 1 otherwise. test_have_prereq() { # prerequisites can be concatenated with ',' save_IFS=$IFS IFS=, set -- $* IFS=$save_IFS total_prereq=0 ok_prereq=0 missing_prereq= for prerequisite; do case "$prerequisite" in !*) negative_prereq=t prerequisite=${prerequisite#!} ;; *) negative_prereq= esac total_prereq=$(($total_prereq + 1)) case "$satisfied_prereq" in *" $prerequisite "*) satisfied_this_prereq=t ;; *) satisfied_this_prereq= esac case "$satisfied_this_prereq,$negative_prereq" in t,|,t) ok_prereq=$(($ok_prereq + 1)) ;; *) # Keep a list of missing prerequisites; restore # the negative marker if necessary. prerequisite=${negative_prereq:+!}$prerequisite if test -z "$missing_prereq"; then missing_prereq=$prerequisite else missing_prereq="$prerequisite,$missing_prereq" fi esac done test $total_prereq = $ok_prereq } # You are not expected to call test_ok_ and test_failure_ directly, use # the text_expect_* functions instead. test_ok_() { test_success=$(($test_success + 1)) say_color "" "ok $test_count - $@" } test_failure_() { test_failure=$(($test_failure + 1)) say_color error "not ok $test_count - $1" shift echo "$@" | sed -e 's/^/# /' test "$immediate" = "" || { EXIT_OK=t; exit 1; } } test_known_broken_ok_() { test_fixed=$(($test_fixed + 1)) say_color error "ok $test_count - $@ # TODO known breakage vanished" } test_known_broken_failure_() { test_broken=$(($test_broken + 1)) say_color warn "not ok $test_count - $@ # TODO known breakage" } # Public: Execute commands in debug mode. # # Takes a single argument and evaluates it only when the test script is started # with --debug. This is primarily meant for use during the development of test # scripts. # # $1 - Commands to be executed. # # Examples # # test_debug "cat some_log_file" # # Returns the exit code of the last command executed in debug mode or 0 # otherwise. test_debug() { test "$debug" = "" || eval "$1" } test_eval_() { # This is a separate function because some tests use # "return" to end a test_expect_success block early. eval &3 2>&4 "$*" } test_run_() { test_cleanup=: expecting_failure=$2 test_eval_ "$1" eval_ret=$? if test -z "$immediate" || test $eval_ret = 0 || test -n "$expecting_failure"; then test_eval_ "$test_cleanup" fi if test "$verbose" = "t" && test -n "$HARNESS_ACTIVE"; then echo "" fi return "$eval_ret" } test_skip_() { test_count=$(($test_count + 1)) to_skip= for skp in $SKIP_TESTS; do case $this_test.$test_count in $skp) to_skip=t break esac done if test -z "$to_skip" && test -n "$test_prereq" && ! test_have_prereq "$test_prereq"; then to_skip=t fi case "$to_skip" in t) of_prereq= if test "$missing_prereq" != "$test_prereq"; then of_prereq=" of $test_prereq" fi say_color skip >&3 "skipping test: $@" say_color skip "ok $test_count # skip $1 (missing $missing_prereq${of_prereq})" : true ;; *) false ;; esac } # Public: Run test commands and expect them to succeed. # # When the test passed, an "ok" message is printed and the number of successful # tests is incremented. When it failed, a "not ok" message is printed and the # number of failed tests is incremented. # # With --immediate, exit test immediately upon the first failed test. # # Usually takes two arguments: # $1 - Test description # $2 - Commands to be executed. # # With three arguments, the first will be taken to be a prerequisite: # $1 - Comma-separated list of test prerequisites. The test will be skipped if # not all of the given prerequisites are set. To negate a prerequisite, # put a "!" in front of it. # $2 - Test description # $3 - Commands to be executed. # # Examples # # test_expect_success \ # 'git-write-tree should be able to write an empty tree.' \ # 'tree=$(git-write-tree)' # # # Test depending on one prerequisite. # test_expect_success TTY 'git --paginate rev-list uses a pager' \ # ' ... ' # # # Multiple prerequisites are separated by a comma. # test_expect_success PERL,PYTHON 'yo dawg' \ # ' test $(perl -E 'print eval "1 +" . qx[python -c "print 2"]') == "4" ' # # Returns nothing. test_expect_success() { test "$#" = 3 && { test_prereq=$1; shift; } || test_prereq= test "$#" = 2 || error "bug in the test script: not 2 or 3 parameters to test_expect_success" export test_prereq if ! test_skip_ "$@"; then say >&3 "expecting success: $2" if test_run_ "$2"; then test_ok_ "$1" else test_failure_ "$@" fi fi echo >&3 "" } # Public: Run test commands and expect them to fail. Used to demonstrate a known # breakage. # # This is NOT the opposite of test_expect_success, but rather used to mark a # test that demonstrates a known breakage. # # When the test passed, an "ok" message is printed and the number of fixed tests # is incremented. When it failed, a "not ok" message is printed and the number # of tests still broken is incremented. # # Failures from these tests won't cause --immediate to stop. # # Usually takes two arguments: # $1 - Test description # $2 - Commands to be executed. # # With three arguments, the first will be taken to be a prerequisite: # $1 - Comma-separated list of test prerequisites. The test will be skipped if # not all of the given prerequisites are set. To negate a prerequisite, # put a "!" in front of it. # $2 - Test description # $3 - Commands to be executed. # # Returns nothing. test_expect_failure() { test "$#" = 3 && { test_prereq=$1; shift; } || test_prereq= test "$#" = 2 || error "bug in the test script: not 2 or 3 parameters to test_expect_failure" export test_prereq if ! test_skip_ "$@"; then say >&3 "checking known breakage: $2" if test_run_ "$2" expecting_failure; then test_known_broken_ok_ "$1" else test_known_broken_failure_ "$1" fi fi echo >&3 "" } # Public: Run command and ensure that it fails in a controlled way. # # Use it instead of "! ". For example, when dies due to a # segfault, test_must_fail diagnoses it as an error, while "! " would # mistakenly be treated as just another expected failure. # # This is one of the prefix functions to be used inside test_expect_success or # test_expect_failure. # # $1.. - Command to be executed. # # Examples # # test_expect_success 'complain and die' ' # do something && # do something else && # test_must_fail git checkout ../outerspace # ' # # Returns 1 if the command succeeded (exit code 0). # Returns 1 if the command died by signal (exit codes 130-192) # Returns 1 if the command could not be found (exit code 127). # Returns 0 otherwise. test_must_fail() { "$@" exit_code=$? if test $exit_code = 0; then echo >&2 "test_must_fail: command succeeded: $*" return 1 elif test $exit_code -gt 129 -a $exit_code -le 192; then echo >&2 "test_must_fail: died by signal: $*" return 1 elif test $exit_code = 127; then echo >&2 "test_must_fail: command not found: $*" return 1 fi return 0 } # Public: Run command and ensure that it succeeds or fails in a controlled way. # # Similar to test_must_fail, but tolerates success too. Use it instead of # " || :" to catch failures caused by a segfault, for instance. # # This is one of the prefix functions to be used inside test_expect_success or # test_expect_failure. # # $1.. - Command to be executed. # # Examples # # test_expect_success 'some command works without configuration' ' # test_might_fail git config --unset all.configuration && # do something # ' # # Returns 1 if the command died by signal (exit codes 130-192) # Returns 1 if the command could not be found (exit code 127). # Returns 0 otherwise. test_might_fail() { "$@" exit_code=$? if test $exit_code -gt 129 -a $exit_code -le 192; then echo >&2 "test_might_fail: died by signal: $*" return 1 elif test $exit_code = 127; then echo >&2 "test_might_fail: command not found: $*" return 1 fi return 0 } # Public: Run command and ensure it exits with a given exit code. # # This is one of the prefix functions to be used inside test_expect_success or # test_expect_failure. # # $1 - Expected exit code. # $2.. - Command to be executed. # # Examples # # test_expect_success 'Merge with d/f conflicts' ' # test_expect_code 1 git merge "merge msg" B master # ' # # Returns 0 if the expected exit code is returned or 1 otherwise. test_expect_code() { want_code=$1 shift "$@" exit_code=$? if test $exit_code = $want_code; then return 0 fi echo >&2 "test_expect_code: command exited with $exit_code, we wanted $want_code $*" return 1 } # Public: Compare two files to see if expected output matches actual output. # # The TEST_CMP variable defines the command used for the comparision; it # defaults to "diff -u". Only when the test script was started with --verbose, # will the command's output, the diff, be printed to the standard output. # # This is one of the prefix functions to be used inside test_expect_success or # test_expect_failure. # # $1 - Path to file with expected output. # $2 - Path to file with actual output. # # Examples # # test_expect_success 'foo works' ' # echo expected >expected && # foo >actual && # test_cmp expected actual # ' # # Returns the exit code of the command set by TEST_CMP. test_cmp() { ${TEST_CMP:-diff -u} "$@" } # Public: Schedule cleanup commands to be run unconditionally at the end of a # test. # # If some cleanup command fails, the test will not pass. With --immediate, no # cleanup is done to help diagnose what went wrong. # # This is one of the prefix functions to be used inside test_expect_success or # test_expect_failure. # # $1.. - Commands to prepend to the list of cleanup commands. # # Examples # # test_expect_success 'test core.capslock' ' # git config core.capslock true && # test_when_finished "git config --unset core.capslock" && # do_something # ' # # Returns the exit code of the last cleanup command executed. test_when_finished() { test_cleanup="{ $* } && (exit \"\$eval_ret\"); eval_ret=\$?; $test_cleanup" } # Public: Summarize test results and exit with an appropriate error code. # # Must be called at the end of each test script. # # Can also be used to stop tests early and skip all remaining tests. For this, # set skip_all to a string explaining why the tests were skipped before calling # test_done. # # Examples # # # Each test script must call test_done at the end. # test_done # # # Skip all remaining tests if prerequisite is not set. # if ! test_have_prereq PERL; then # skip_all='skipping perl interface tests, perl not available' # test_done # fi # # Returns 0 if all tests passed or 1 if there was a failure. test_done() { EXIT_OK=t if test -z "$HARNESS_ACTIVE"; then test_results_dir="$SHARNESS_TEST_DIRECTORY/test-results" mkdir -p "$test_results_dir" test_results_path="$test_results_dir/${SHARNESS_TEST_FILE%.$SHARNESS_TEST_EXTENSION}.$$.counts" cat >>"$test_results_path" <<-EOF total $test_count success $test_success fixed $test_fixed broken $test_broken failed $test_failure EOF fi if test "$test_fixed" != 0; then say_color error "# $test_fixed known breakage(s) vanished; please update test(s)" fi if test "$test_broken" != 0; then say_color warn "# still have $test_broken known breakage(s)" fi if test "$test_broken" != 0 || test "$test_fixed" != 0; then test_remaining=$(( $test_count - $test_broken - $test_fixed )) msg="remaining $test_remaining test(s)" else test_remaining=$test_count msg="$test_count test(s)" fi case "$test_failure" in 0) # Maybe print SKIP message if test -n "$skip_all" && test $test_count -gt 0; then error "Can't use skip_all after running some tests" fi [ -z "$skip_all" ] || skip_all=" # SKIP $skip_all" if test $test_remaining -gt 0; then say_color pass "# passed all $msg" fi say "1..$test_count$skip_all" test -d "$remove_trash" && cd "$(dirname "$remove_trash")" && rm -rf "$(basename "$remove_trash")" exit 0 ;; *) say_color error "# failed $test_failure among $msg" say "1..$test_count" exit 1 ;; esac } # Public: Root directory containing tests. Tests can override this variable, # e.g. for testing Sharness itself. : ${SHARNESS_TEST_DIRECTORY:=$(pwd)} export SHARNESS_TEST_DIRECTORY # Public: Build directory that will be added to PATH. By default, it is set to # the parent directory of SHARNESS_TEST_DIRECTORY. : ${SHARNESS_BUILD_DIRECTORY:="$SHARNESS_TEST_DIRECTORY/.."} PATH="$SHARNESS_BUILD_DIRECTORY:$PATH" export PATH SHARNESS_BUILD_DIRECTORY # Public: Path to test script currently executed. SHARNESS_TEST_FILE="$0" export SHARNESS_TEST_FILE # Prepare test area. test_dir="trash directory.$(basename "$SHARNESS_TEST_FILE" ".$SHARNESS_TEST_EXTENSION")" test -n "$root" && test_dir="$root/$test_dir" case "$test_dir" in /*) SHARNESS_TRASH_DIRECTORY="$test_dir" ;; *) SHARNESS_TRASH_DIRECTORY="$SHARNESS_TEST_DIRECTORY/$test_dir" ;; esac test "$debug" = "t" || remove_trash="$SHARNESS_TRASH_DIRECTORY" rm -rf "$test_dir" || { EXIT_OK=t echo >&5 "FATAL: Cannot prepare test area" exit 1 } # Public: Empty trash directory, the test area, provided for each test. The HOME # variable is set to that directory too. export SHARNESS_TRASH_DIRECTORY HOME="$SHARNESS_TRASH_DIRECTORY" export HOME mkdir -p "$test_dir" || exit 1 # Use -P to resolve symlinks in our working directory so that the cwd # in subprocesses like git equals our $PWD (for pathname comparisons). cd -P "$test_dir" || exit 1 this_test=${SHARNESS_TEST_FILE##*/} this_test=${this_test%.$SHARNESS_TEST_EXTENSION} for skp in $SKIP_TESTS; do case "$this_test" in $skp) say_color info >&3 "skipping test $this_test altogether" skip_all="skip all tests in $this_test" test_done esac done # vi: set ts=4 sw=4 noet : debian/tests/02.varnishlog.t0000664000000000000000000000142512314113646013116 0ustar #!/bin/sh test_description="varnishlog service" . ./sharness.sh test_expect_success "enable" " sed -i -e 's/# VARNISHLOG_ENABLED=1/VARNISHLOG_ENABLED=1/g' /etc/default/varnishlog " test_expect_success "start" " service varnishlog start " test_expect_success "status (after start)" " service varnishlog status " test_expect_success "reload" " service varnishlog reload " test_expect_success "status (after reload)" " service varnishlog status " test_expect_success "restart" " service varnishlog restart " test_expect_success "status (after restart)" " service varnishlog status " test_expect_success "stop" " service varnishlog stop " test_expect_success "status (after stop)" " if service varnishlog status then false else true fi " test_done debian/tests/01.varnish.t0000664000000000000000000000112012314113646012403 0ustar #!/bin/sh test_description="varnishd service" . ./sharness.sh test_expect_success "status (started by default)" " service varnish status " test_expect_success "restart" " service varnish restart " test_expect_success "status (after restart)" " service varnish status " test_expect_success "reload" " service varnish reload " test_expect_success "status (after reload)" " service varnish status " test_expect_success "stop" " service varnish stop " test_expect_success "status (after stop)" " if service varnish status then false else true fi " test_done debian/tests/run-tests0000775000000000000000000000017512314113646012230 0ustar #!/bin/sh cd "$(dirname $0)" if [ -z "${ADTTMP:-}" ]; then tempdir="$(mktemp -d --suffix=.autopkgtest)" fi prove -v *.t debian/tests/control0000664000000000000000000000007212314113646011735 0ustar Tests: run-tests Depends: @,perl Restrictions: needs-root debian/libvarnishapi1.symbols0000664000000000000000000000374612314113646013531 0ustar libvarnishapi.so.1 libvarnishapi1 #MINVER# LIBVARNISHAPI_1.0@LIBVARNISHAPI_1.0 3.0.0 LIBVARNISHAPI_1.1@LIBVARNISHAPI_1.1 3.0.3 VCLI_AuthResponse@LIBVARNISHAPI_1.0 3.0.0 VCLI_ReadResult@LIBVARNISHAPI_1.0 3.0.0 VCLI_WriteResult@LIBVARNISHAPI_1.0 3.0.0 #MISSING: 3.0.0# VRE_compile@Base 2.1.4 #MISSING: 3.0.0# VRE_exec@Base 2.1.4 #MISSING: 3.0.0# VRE_free@Base 2.1.4 VSC_Arg@LIBVARNISHAPI_1.0 3.0.0 VSC_Iter@LIBVARNISHAPI_1.0 3.0.0 VSC_Main@LIBVARNISHAPI_1.0 3.0.0 VSC_Open@LIBVARNISHAPI_1.0 3.0.0 VSC_Setup@LIBVARNISHAPI_1.0 3.0.0 #MISSING: 3.0.0# VSL_Arg@Base 2.0~rc1 VSL_Arg@LIBVARNISHAPI_1.0 3.0.0 #MISSING: 3.0.0# VSL_Close@Base 2.1.0 #MISSING: 3.0.0# VSL_Dispatch@Base 2.0~rc1 VSL_Dispatch@LIBVARNISHAPI_1.0 3.0.0 #MISSING: 3.0.0# VSL_H_Print@Base 2.0~rc1 VSL_H_Print@LIBVARNISHAPI_1.0 3.0.0 VSL_Matched@LIBVARNISHAPI_1.0 3.0.0 VSL_Name2Tag@LIBVARNISHAPI_1.1 3.0.3 #MISSING: 3.0.0# VSL_Name@Base 2.0~rc1 #MISSING: 3.0.0# VSL_New@Base 2.0~rc1 #MISSING: 3.0.0# VSL_NextLog@Base 2.0~rc1 VSL_NextLog@LIBVARNISHAPI_1.0 3.0.0 #MISSING: 3.0.0# VSL_NonBlocking@Base 2.0~rc1 VSL_NonBlocking@LIBVARNISHAPI_1.0 3.0.0 VSL_Open@LIBVARNISHAPI_1.0 3.0.0 #MISSING: 3.0.0# VSL_OpenLog@Base 2.0~rc1 #MISSING: 3.0.0# VSL_OpenStats@Base 2.0~rc1 #MISSING: 3.0.0# VSL_Select@Base 2.0~rc1 VSL_Select@LIBVARNISHAPI_1.0 3.0.0 VSL_Setup@LIBVARNISHAPI_1.0 3.0.0 #MISSING: 3.0.0# VSL_tags@Base 2.0~rc1 VSL_tags@LIBVARNISHAPI_1.0 3.0.0 VSM_Close@LIBVARNISHAPI_1.0 3.0.0 VSM_Delete@LIBVARNISHAPI_1.0 3.0.0 VSM_Diag@LIBVARNISHAPI_1.0 3.0.0 VSM_Find_Chunk@LIBVARNISHAPI_1.0 3.0.0 VSM_Head@LIBVARNISHAPI_1.0 3.0.0 VSM_Name@LIBVARNISHAPI_1.0 3.0.0 VSM_New@LIBVARNISHAPI_1.0 3.0.0 VSM_Open@LIBVARNISHAPI_1.0 3.0.0 VSM_ReOpen@LIBVARNISHAPI_1.0 3.0.0 VSM_Seq@LIBVARNISHAPI_1.0 3.0.0 VSM_iter0@LIBVARNISHAPI_1.0 3.0.0 VSM_n_Arg@LIBVARNISHAPI_1.0 3.0.0 #MISSING: 3.0.0# base64_decode@Base 2.0~rc1 #MISSING: 3.0.0# base64_init@Base 2.0~rc1 #MISSING: 3.0.0# lbv_assert@Base 2.1.4 #MISSING: 3.0.0# varnish_instance@Base 2.0~rc1 debian/libvarnishapi1.install0000664000000000000000000000002512314113646013472 0ustar /usr/lib/*/lib*.so.* debian/varnish-doc.doc-base.changes0000664000000000000000000000043412314113646014415 0ustar Document: varnish-changes Title: Varnish Cache changes Author: Tollef Fog Heen Abstract: This document lists significant changes in the Varnish Cache. Section: Web Development Format: HTML Index: /usr/share/doc/varnish-doc/changes.html Files: /usr/share/doc/varnish-doc/changes.css debian/varnish.postrm0000664000000000000000000000144412314113646012114 0ustar #!/bin/sh set -e case "$1" in upgrade) ;; remove|failed-upgrade|abort-install|abort-upgrade|disappear) if test -e /var/log/varnish ; then rm -r /var/log/varnish > /dev/null 2>&1 || exit 78 fi if test -e /var/lib/varnish; then rm -r /var/lib/varnish > /dev/null 2>&1 || exit 78 fi ;; purge) if test -e /var/log/varnish; then rm -r /var/log/varnish > /dev/null 2>&1 || exit 78 fi if test -e /var/lib/varnish; then rm -r /var/lib/varnish > /dev/null 2>&1 || exit 78 fi rm -f /etc/varnish/secret ;; *) echo "postrm called with unknown argument \`$1'" >&2 exit 64 esac #DEBHELPER# exit 0 debian/README.source0000664000000000000000000000040012314113646011342 0ustar Changes to the upstream source should be committed to the git tree as a branch rebased against the upstream/$version tag. Build the package with "gitpkg", using the quilt-patches-deb-export-hook hook to automatically create quilt patches when packaging. debian/varnish.varnishncsa.default0000664000000000000000000000143712314113646014534 0ustar # Configuration file for varnishncsa # # This shell script fragment is sourced by /etc/init.d/varnishncsa # # Note: If systemd is installed, this file is obsolete and ignored. You will # need to copy /lib/systemd/system/varnishncsa.service to /etc/systemd/system/ # and edit that file. # # Uncomment this to enable logging for varnish. Please make sure you have # enough disk space for significant amounts of log data. To disable logging, # set the variable to "0", "no", or leave it unset. # # NCSA log format, to be used by HTTP log analyzers # VARNISHNCSA_ENABLED=1 # # If you want to add more arguments to varnishncsa, such as providing # a different log format, you can override the DAEMON_OPTS variable # from /etc/init.d/varnishncsa here. # DAEMON_OPTS="-a -w ${LOGFILE} -D -P ${PIDFILE}" debian/varnish.manpages0000664000000000000000000000046012314113646012360 0ustar bin/varnishtest/varnishtest.1 bin/varnishncsa/varnishncsa.1 bin/varnishhist/varnishhist.1 bin/varnishstat/varnishstat.1 bin/varnishreplay/varnishreplay.1 bin/varnishadm/varnishadm.1 bin/varnishlog/varnishlog.1 bin/varnishtop/varnishtop.1 bin/varnishd/varnishd.1 man/vcl.7 bin/varnishsizes/varnishsizes.1 debian/varnish.NEWS0000664000000000000000000000201312314113646011335 0ustar varnish (2.1.3-2) lucid; urgency=low Varnish will no longer start by default when installed. Edit /etc/default/varnish, and set START=yes to enable varnishd at boot. This may also affect you after upgrading if you never have changed /etc/default/varnish, or if you accepted changes to /etc/default/varnish during upgrade. -- Stig Sandbeck Mathisen Thu, 29 Jul 2010 01:02:21 +0200 varnish (2.1.0-2) unstable; urgency=low Varnish 2.1.0 provides authentication for the management port. The packaging defaults now use this functionality. The secret is used by "varnishd" and "varnishadm", and is stored in the file /etc/varnish/secret by default. This file has been created for you by the post installation script. If you use varnishadm manually to manage your varnish instance, or have changed /etc/default/varnish, you will need to add the option "-S /etc/varnish/secret" to "varnishd" and "varnishadm". -- Stig Sandbeck Mathisen Fri, 26 Mar 2010 10:38:21 +0100 debian/varnish.varnishlog.default0000664000000000000000000000100212314113646014355 0ustar # Configuration file for varnishlog # # Note: If systemd is installed, this file is obsolete and ignored. You will # need to copy /lib/systemd/system/varnishlog.service to /etc/systemd/system/ # and edit that file. # # Uncomment this to enable logging for varnish. Please make sure you have # enough disk space for significant amounts of log data. To disable logging, # set the variable to "0", "no", or leave it unset. # # Varnish log format, to be used by "varnishlog" or "varnishncsa" # VARNISHLOG_ENABLED=1 debian/watch0000664000000000000000000000016012314113646010217 0ustar version=3 opts="uversionmangle=s/-(beta|rc)/~$1/" http://repo.varnish-cache.org/source/varnish-(\d.*)\.tar\.gz debian/varnish.install0000664000000000000000000000016312314113646012233 0ustar etc/varnish/default.vcl usr/bin/* usr/sbin/* /usr/lib/*/varnish usr/share/man debian/*.service lib/systemd/system/ debian/varnish.preinst0000664000000000000000000000176212314113646012257 0ustar #!/bin/sh set -e # Undo mangling of /etc/default/varnish that happened during lenny->squeeze # upgrades. unmangle_defaults() { export defaultsfile='/etc/default/varnish' if ! [ -f "$defaultsfile" ]; then return fi # The checksums in the package that introduced the bug md5_before_change='af3fd9c9e3dd6976367638113373f6f7' md5_after_change='708e91b32d1ae5eed7f82d772c2fd421' # The checksum in the current package md5_in_package=$(dpkg-query -f '${Conffiles}' -W varnish \ | awk '$1 == ENVIRON["defaultsfile"] {print $2}') # The checksum in the file system md5_in_filesystem=$(md5sum "$defaultsfile" | awk '{print $1}') if [ "$md5_in_package" = "$md5_before_change" -a "$md5_in_filesystem" = "$md5_after_change" ]; then sed -i '/^START=/s/yes/no/g' "$defaultsfile" fi } case "$1" in install|upgrade) if dpkg --compare-versions "$2" "lt-nl" "3.0.3-1~"; then unmangle_defaults fi ;; esac #DEBHELPER# debian/libvarnishapi-dev.install0000664000000000000000000000010212314113646014161 0ustar usr/include /usr/lib/*/libvarnishapi.so /usr/lib/*/pkgconfig/*.pc debian/varnishncsa.service0000664000000000000000000000027612314113646013077 0ustar [Unit] Description=Varnish HTTP accelerator log daemon [Service] User=varnishlog ExecStart=/usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log [Install] WantedBy=multi-user.target debian/varnish.service0000664000000000000000000000056212314113646012230 0ustar [Unit] Description=Varnish HTTP accelerator [Service] Type=forking LimitNOFILE=131072 LimitMEMLOCK=82000 ExecStartPre=/usr/sbin/varnishd -C -f /etc/varnish/default.vcl ExecStart=/usr/sbin/varnishd -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m ExecReload=/usr/share/varnish/reload-vcl [Install] WantedBy=multi-user.target debian/compat0000664000000000000000000000000212314113646010367 0ustar 9 debian/rules0000775000000000000000000000456012314113646010256 0ustar #!/usr/bin/make -f DH_VERBOSE=1 # List of architectures that lack the *_2POW definitions in varnish, # which is needed by jemalloc DISABLE_JEMALLOC_ARCH_LIST := hppa s390 sparc m68k # Explicitly initialize a variable to select architecture, unless it has been # defined before. This is compared against the DISABLE_*_LIST variables later # in this makefile DEB_HOST_ARCH ?= $(shell dpkg-architecture -qDEB_HOST_ARCH) # Set local state dir for FHS LOCAL_CONFIGURE_FLAGS = --localstatedir=/var/lib ifneq ($(filter $(DEB_HOST_ARCH),$(DISABLE_JEMALLOC_ARCH_LIST)),) LOCAL_CONFIGURE_FLAGS += --disable-jemalloc endif # Main build rule, leave everything to debhelper %: dh $@ --parallel --with=systemd,autoreconf ifeq (,$(filter test,$(LOCAL_BUILD_OPTIONS))) # Disable automated build tests override_dh_auto_test: endif # Override to add local configure flags override_dh_auto_configure: dh_auto_configure -- $(LOCAL_CONFIGURE_FLAGS) override_dh_auto_install: dh_auto_install -a @ # Activate the default backend sed -i '/backend default {/,/}/ s/^#[[:space:]]//' \ $(CURDIR)/debian/tmp/etc/varnish/default.vcl @ # Remove .la files @ # (See http://wiki.debian.org/ReleaseGoals/LAFileRemoval) find $(CURDIR)/debian/ -name \*.la -delete @ # Nuke the static libs too find $(CURDIR)/debian -name \*.a -delete override_dh_install: dh_install -a --fail-missing @ # Override to add the "reload-vcl" script install -o root -g root -m 755 \ $(CURDIR)/debian/reload-vcl \ $(CURDIR)/debian/varnish/usr/share/varnish/reload-vcl override_dh_installdocs: dh_installdocs @ # Use the packaged javascript libraries if [ -d $(CURDIR)/debian/varnish-doc ]; then \ rm -f $(CURDIR)/debian/varnish-doc/usr/share/doc/varnish-doc/html/_static/jquery.js; \ ln -s /usr/share/javascript/jquery/jquery.js \ $(CURDIR)/debian/varnish-doc/usr/share/doc/varnish-doc/html/_static/jquery.js; \ rm -f $(CURDIR)/debian/varnish-doc/usr/share/doc/varnish-doc/html/_static/underscore.js; \ ln -s /usr/share/javascript/underscore/underscore.js \ $(CURDIR)/debian/varnish-doc/usr/share/doc/varnish-doc/html/_static/underscore.js; \ fi # Override to add several init scripts override_dh_installinit: dh_installinit -a dh_installinit --name=varnishlog dh_installinit --name=varnishncsa override_dh_compress: dh_compress -X/usr/share/doc/varnish-doc/html override_dh_strip: dh_strip --dbg-package=varnish-dbg debian/changelog0000664000000000000000000004114413142736052011051 0ustar varnish (3.0.5-2ubuntu0.1) trusty-security; urgency=medium * SECURITY UPDATE: HTTP Smuggling issues: Double Content Length and bad EOL (LP: #1709153). - fix-HTTP-Smuggling-CVE-2015-8852.patch - CVE-2015-8852 * SECURITY UPDATE: Correctly handle bogusly large chunk sizes (LP: #1709153). - Correctly-handle-bogusly-large-chunk-sizes-CVE-2017-12425.patch - CVE-2017-12425 -- Simon Quigley Mon, 07 Aug 2017 13:57:07 -0500 varnish (3.0.5-2) unstable; urgency=medium [ Mattia Rizzolo ] * debian/varnish.init: Add a configtest action. Thanks to Samuele Giovanni Tonon (Closes: #740002) (LP: #1284095) [ Stig Sandbeck Mathisen ] * debian/varnish.service: Test configuration before starting, add reload [ Jonathan Davies ] * debian/varnish.init: Use start-stop-daemon for status * debian/varnish.init: Remove PID file on stop (Closes: #661602) [ Martin Pitt ] * Add missing "needs-root" test restriction to fix autopkgtest -- Stig Sandbeck Mathisen Mon, 24 Mar 2014 21:37:23 +0100 varnish (3.0.5-1) unstable; urgency=low * Imported upstream version 3.0.5 -- Stig Sandbeck Mathisen Mon, 02 Dec 2013 15:06:11 +0100 varnish (3.0.4-2) unstable; urgency=low * Build against the packaged libjemalloc * use dh-autoreconf * Update autopkgtests * Bump Standards-Version (no changes) * remove unnecessary versions from dependencies * Break and sort dependencies (no changes) -- Stig Sandbeck Mathisen Sun, 24 Nov 2013 18:55:59 +0100 varnish (3.0.4-1) unstable; urgency=low [ Stig Sandbeck Mathisen ] * New upstream release * Add dep8 tests. Thanks to Yolanda Robla (Closes: #710001) * Advertise "reload" in the init script help (Closes: #710525) [ Michael Stapelberg ] * use dh-systemd for proper systemd-related maintscripts -- Stig Sandbeck Mathisen Sat, 29 Jun 2013 16:20:51 +0200 varnish (3.0.3-1) unstable; urgency=low [ Stig Sandbeck Mathisen ] * New upstream release [ Tollef Fog Heen ] * Make varnishlog's and varnishncsa's init script exit with the exit status of status_of_proc to make them useful. Fixes upstream trac #1226. [ Stig Sandbeck Mathisen ] * Do not rewrite /etc/default/varnish on upgrade. Thanks to Andreas Beckmann (Closes: 698577) * Undo mangling of /etc/default/varnish that happened during lenny->squeeze upgrade. Thanks to Andreas Beckmann (Closes: 698577) -- Stig Sandbeck Mathisen Sun, 05 May 2013 15:53:14 +0200 varnish (3.0.2-2) unstable; urgency=low [ Knut Arne Bjørndal ] * Fix exit code from reload-vcl (Closes: #664857) [ Stig Sandbeck Mathisen ] * Do not run build tests by default (Closes: #663667) * Use debhelper compat level 9 (Closes: #663064) This gives us multiarch and hardening flags * Remove /etc/varnish/secret on purge (Closes: #656220) * Bump standards-version (no changes) * Add systemd services * Remove vcs_version.h patch -- Stig Sandbeck Mathisen Tue, 01 May 2012 16:20:31 +0200 varnish (3.0.2-1) unstable; urgency=low * New upstream release * Build from upstream tarball instead of git tag * debian/watch: more specific regular expression -- Stig Sandbeck Mathisen Sat, 29 Oct 2011 15:23:24 +0200 varnish (3.0.1-2) unstable; urgency=low [ Tollef Fog Heen ] * Make it possible to override DAEMON_OPTS for varnishlog and varnishncsa. * Make /etc/init.d/varnish status exit with a sensible status code rather than always being 0 (Closes: #637110) * Add missing options to reload-vcl to allow -C, -i, -M. -- Stig Sandbeck Mathisen Sat, 24 Sep 2011 13:22:56 +0200 varnish (3.0.1-1) unstable; urgency=low * New upstrem release * Do not run autogen.sh unless we need to * Enable build tests on presumably sane architectures and buildbot hosts -- Stig Sandbeck Mathisen Fri, 02 Sep 2011 21:27:03 +0200 varnish (3.0.0-5) unstable; urgency=low [ Tollef Fog Heen ] * Drop build-dep on tcl, it's no longer needed. * Change automake build-dep to automake rather than forcing 1.9. * Remove .la files rather than neutering them. * Remove .a files, they are not supported upstream. * Move /usr/lib/varnish/lib*.so to varnish package, add Replaces * Add --fail-missing to dh_install call and fix up varnish.install. [ Stig Sandbeck Mathisen ] * Update lintian-overrides * Use packaged javascript libraries -- Stig Sandbeck Mathisen Wed, 24 Aug 2011 13:36:26 +0200 varnish (3.0.0-4) unstable; urgency=low * Add package with detached debugging symbols for varnish (Thanks, Jean-Baptiste Quenot) -- Stig Sandbeck Mathisen Mon, 18 Jul 2011 12:25:02 +0200 varnish (3.0.0-3) unstable; urgency=low * Disable build tests (Closes: #632320) -- Stig Sandbeck Mathisen Sun, 17 Jul 2011 12:08:19 +0200 varnish (3.0.0-2) unstable; urgency=low [ Daniel Baumann ] * Conditionally replace jquery.js in dh_installdocs override in order to not fail when building arch any packages only (Closes: #631895). -- Stig Sandbeck Mathisen Tue, 28 Jun 2011 06:53:35 +0200 varnish (3.0.0-1) unstable; urgency=low * New upstream release * Add a varnish-log package * Rename the library packages, to reflect library name * Add new upstream URI to debian/watch -- Stig Sandbeck Mathisen Thu, 23 Jun 2011 10:49:45 +0200 varnish (2.1.5-2) unstable; urgency=low * Release for unstable -- Stig Sandbeck Mathisen Mon, 21 Mar 2011 10:16:07 +0100 varnish (2.1.5-1) experimental; urgency=low * New upstream release * Change default storage method to malloc, 256 MB * Start varnishd by default, since the new storage method has less system impact * Update symbols file for 2.1.5 -- Stig Sandbeck Mathisen Wed, 02 Feb 2011 13:33:53 +0100 varnish (2.1.4-1) experimental; urgency=low * New upstream version * Update symbols file for 2.1.4 * Cherry-pick fix for upstream bug #801. Remove duplicate Content- Length header -- Stig Sandbeck Mathisen Wed, 03 Nov 2010 16:44:08 +0100 varnish (2.1.3-8) unstable; urgency=high * Fix random secret creation on non-Linux kernels (Closes: #596373) * Urgency "high" due to FTBFS RC bug during squeeze freeze -- Stig Sandbeck Mathisen Fri, 24 Sep 2010 17:51:20 +0200 varnish (2.1.3-7) unstable; urgency=high [ Faidon Liambotis ] * Fix FTBFS race condition in tests/v00014.vtc (Closes: #594777) [ Stig Sandbeck Mathisen ] * Urgency "high" due to FTBFS RC bug during squeeze freeze -- Stig Sandbeck Mathisen Thu, 09 Sep 2010 21:03:24 +0200 varnish (2.1.3-6) unstable; urgency=low * Install only libvarnishapi.so (Closes: #592244) -- Stig Sandbeck Mathisen Sat, 28 Aug 2010 00:43:50 +0200 varnish (2.1.3-5) unstable; urgency=low * Ensure a PATH is set (Closes: #592906) * debian/rules: Rewrite to do arch tests better, do not test on mipsel (Closes: #593979) * Disable build tests on sh4 (Closes: #594302) -- Stig Sandbeck Mathisen Wed, 25 Aug 2010 10:47:26 +0200 varnish (2.1.3-4) unstable; urgency=low * Make sure we do not run the build tests on "armel" (by specifying "arm" instead of "armel") -- Stig Sandbeck Mathisen Fri, 06 Aug 2010 01:59:40 +0200 varnish (2.1.3-3) unstable; urgency=low * Disable build tests for some architectures (Closes: #591256) -- Stig Sandbeck Mathisen Mon, 02 Aug 2010 00:00:30 +0200 varnish (2.1.3-2) unstable; urgency=low * Install all the needed library symlinks (Closes: #585128) (LP: #488258) * Use a different user for the varnish log daemons (LP: #461593) * Do not start automatically when installed (LP: #569060) * Clean up rules file, use debhelper v7 -- Stig Sandbeck Mathisen Thu, 29 Jul 2010 23:36:35 +0200 varnish (2.1.3-1) unstable; urgency=low * New upstream version -- Stig Sandbeck Mathisen Wed, 28 Jul 2010 18:21:30 +0200 varnish (2.1.2-1) unstable; urgency=low * New upstream version -- Stig Sandbeck Mathisen Fri, 21 May 2010 09:26:49 +0200 varnish (2.1.1-1) unstable; urgency=low * New upstream version * Fix issue with "/etc/init.d/varnish reload" not working more than a few times when /bin/sh is provided by "dash" -- Stig Sandbeck Mathisen Tue, 27 Apr 2010 13:10:08 +0200 varnish (2.1.0-2) unstable; urgency=low * Enable access control for the varnishd management port (CVE-2009-2936) * Fix varnishd.1 man page, document -S option used for access control -- Stig Sandbeck Mathisen Mon, 29 Mar 2010 21:11:49 +0000 varnish (2.1.0-1) unstable; urgency=low * New upstream version * Fix small error in man/vcl.7so -- Stig Sandbeck Mathisen Wed, 24 Mar 2010 13:26:08 +0000 varnish (2.0.6-2) unstable; urgency=low * Set the mailing list address as maintainer, and the members as uploaders * Fix "Varnish 2.0.6 incompatible with libvarnish1 2.0.5" by adding a versioned dependency on libvarnish1 (Closes: #566756) -- Stig Sandbeck Mathisen Mon, 25 Jan 2010 07:07:54 +0000 varnish (2.0.6-1) unstable; urgency=low * New upstream version (Closes: #561506) * debian/patches/vcl.7.patch: Remove patch, no longer needed * debian/libvarnish1.symbols: Removed some symbols for libvarnishcompat.so.1 * init scripts: Add "status" argument (Closes: #561538) -- Stig Sandbeck Mathisen Tue, 22 Dec 2009 15:38:53 +0000 varnish (2.0.5-1) unstable; urgency=low * New upstream release * Add README.source with information about quilt * Convert to source format 3.0 (quilt) * Add patch for vcl(7) * Remove patch for varnishd(1) -- Stig Sandbeck Mathisen Mon, 09 Nov 2009 11:52:34 +0000 varnish (2.0.4-5) unstable; urgency=low * Add s390 to list of architectures not using jemalloc -- Stig Sandbeck Mathisen Mon, 27 Jul 2009 21:49:42 +0000 varnish (2.0.4-4) unstable; urgency=low * Remove s390 jemalloc patch * Add patch for varnishd(1) -- Stig Sandbeck Mathisen Fri, 24 Jul 2009 13:02:38 +0000 varnish (2.0.4-3) unstable; urgency=low * Actually check for s390 in the jemalloc patch. -- Stig Sandbeck Mathisen Tue, 21 Jul 2009 20:29:29 +0000 varnish (2.0.4-2) unstable; urgency=low * Change Vcs-Browser and Vcs-Svn to reflect the packaging move to alioth * Add support for VCL reload via /etc/init.d/varnishd reload * Added a symbols file for libvarnish1 * Add patch from Ingvar Hagelund to define *_2POW on s390, we should then be able to use jemalloc * Add build dependency on quilt -- Stig Sandbeck Mathisen Wed, 10 Jun 2009 17:11:03 +0000 varnish (2.0.4-1) unstable; urgency=low * New upstream version -- Stig Sandbeck Mathisen Mon, 27 Apr 2009 08:12:28 +0000 varnish (2.0.3-2) UNRELEASED; urgency=low * Add /usr/lib/pkgconfig/varnishapi.pc to the libvarnish-dev package -- Stig Sandbeck Mathisen Thu, 19 Feb 2009 07:22:14 +0100 varnish (2.0.3-1) unstable; urgency=low * New upstream version -- Stig Sandbeck Mathisen Wed, 18 Feb 2009 09:04:17 +0000 varnish (2.0.2-1) unstable; urgency=low * New upstream version * Change defaults to use configuration file /etc/varnish/default.vcl when starting varnishd -- Stig Sandbeck Mathisen Mon, 17 Nov 2008 07:31:05 +0100 varnish (2.0.1-2) unstable; urgency=low [ Kees Cook ] * debian/rules: disable jemalloc on architectures that lack *_2POW definitions (Closes: #503381). [ Stig Sandbeck Mathisen ] * Add a man page for varnishtest * Disable jemalloc on m64k as well -- Stig Sandbeck Mathisen Thu, 30 Oct 2008 08:00:56 +0100 varnish (2.0.1-1) unstable; urgency=low * New upstream version * Fix synopsis on binary packages (Closes: #502118) -- Stig Sandbeck Mathisen Fri, 17 Oct 2008 21:03:16 +0200 varnish (2.0-1) unstable; urgency=low * New upstream version * Add varnishncsa init script, defaults and log rotation (Closes: #501454) * Add dependency on libc6.1-dev (Closes: #481067) -- Stig Sandbeck Mathisen Thu, 16 Oct 2008 14:04:42 +0200 varnish (2.0~rc1-1) unstable; urgency=low * New upstream version * Fix syntax error in varnishlog init script -- Stig Sandbeck Mathisen Wed, 08 Oct 2008 13:45:40 +0200 varnish (2.0~beta1-1) UNRELEASED; urgency=low [ Stig Sandbeck Mathisen ] * New upstream release [ Tollef Fog Heen ] * Fix up clean rule so as to work correctly on fresh sources too. * Fix up Makefile.am to get rid of files we don't ship. * Fix XSIsm in debian/varnish.varnishlog.init (-o in a test). * Rename libvarnish0-dev to libvarnish-dev again, bump soname to libvarnish1. -- Stig Sandbeck Mathisen Mon, 01 Sep 2008 09:05:44 +0000 varnish (1.2-0) unstable; urgency=low [ Stig Sandbeck Mathisen ] * New upstream release. * Check if varnishlog is running before attempting reload from logrotate postscript. (Closes: #462029) [ Fabio Tranchitella ] * debian/varnish.dirs: removed unused lintian overrides dir. * debian/rules: backup and restore of config.sub and config.guess to not include them into the diff.gz in case of multiple builds from the same working directory. [ Tollef Fog Heen ] * Remove TODO from Makefile.am to make make dist happier. * Run make distclean if Makefile exists. -- Tollef Fog Heen Mon, 23 Jun 2008 16:04:38 +0200 varnish (1.1.2) unstable; urgency=low * New upstream release * Renamed library and development packages to reflect sonames -- Stig Sandbeck Mathisen Wed, 12 Sep 2007 16:05:22 +0200 varnish (1.1.1-1) unstable; urgency=low [Lars Bahner] * New upstream release * User and Group id added to default DAEMON_OPTS * Added user and group creation to postinst * Added missing man pages [Stig Sandbeck Mathisen] * Set statedir to /var/lib * Removed -n switch from varnish defaults file and varnishlog init script. Use the default instance name instead. -- Stig Sandbeck Mathisen Tue, 04 Sep 2007 12:27:09 +0200 varnish (1.1-1) unstable; urgency=low * New upstream release * Split package into varnish, libvarnish and libvarnish-dev -- Stig Sandbeck Mathisen Fri, 20 Jul 2007 14:37:36 +0200 varnish (1.0.4-1) unstable; urgency=low * New upstream version (Closes: #424560) * Use the upstream default configuration file, renamed to default.vcl. Default template in /etc/default/varnish does not use this, but a commented-out alternative does. * Changed init script. Use lsb init library functions, move more defaults to /etc/default/varnish, to make init script simpler. * Changed postrm, /var/lib/varnish disappeared on upgrade, making varnish non-startable. * Added example vcl for zope and plone. -- ssm Wed, 16 May 2007 13:50:08 +0200 varnish (1.0.3-2) unstable; urgency=low * Added postrm to partially solve 400384 -- Lars Bahner Tue, 27 Feb 2007 20:41:10 +0100 varnish (1.0.3-1) unstable; urgency=low * new upstream release * set VARNISH_MAX_WORKER_THREADS to 2048 instead of INF. (closes: #412004) -- Lars Bahner Tue, 27 Feb 2007 20:16:38 +0100 varnish (1.0.2-2) unstable; urgency=low * Preliminary LSB compliabnce in init-script * Lintian override -- Lars Bahner Mon, 23 Oct 2006 14:20:22 +0200 varnish (1.0.2-1) unstable; urgency=low * New upstream release -- Lars Bahner Thu, 19 Oct 2006 15:51:37 +0200 varnish (1.0.2-1~svn20061012) unstable; urgency=low * Added README for Debian * svn-based source * Added target to create configure to build from pristine source * Added init-script and defaults * Moved backend storage to /var/lib/varnish/ -- Lars Bahner Fri, 13 Oct 2006 09:58:13 +0200 varnish (1.0.1-3) unstable; urgency=low * Bumped automake dependency to automake1.9 -- Lars Bahner Tue, 10 Oct 2006 15:00:39 +0200 varnish (1.0.1-2) unstable; urgency=low * Removed wrong upstream author. * Added dependency on gcc-4.1 needed by varnish at runtime. -- Lars Bahner Fri, 6 Oct 2006 17:54:53 +0200 varnish (1.0.1-1) unstable; urgency=low * Initial release (Closes: #382451) -- Lars Bahner Fri, 6 Oct 2006 16:26:57 +0200 debian/varnish.postinst0000664000000000000000000000321412314113646012450 0ustar #!/bin/sh # Postinst script for varnish. # Stig Sandbeck Mathisen set -e set -u # Settings daemon_user="varnish" log_user="varnishlog" daemon_dir=/var/lib/varnish/$(uname -n) log_dir="/var/log/varnish" secret_file=/etc/varnish/secret varnish_setup_user() { if ! getent passwd $1 2>&1 >/dev/null; then adduser --quiet --system --no-create-home --group $1 fi } varnish_create_storagedir() { if ! [ -d "$daemon_dir" ]; then install -o $daemon_user -g $daemon_user -d $daemon_dir fi } varnish_setup_logdir() { if ! dpkg-statoverride --list $log_dir >/dev/null; then dpkg-statoverride --update --add $log_user $log_user 0750 $log_dir fi } varnish_create_secret() { if ! [ -f "${secret_file}" ]; then if [ -f /proc/sys/kernel/random/uuid ]; then install -m 0600 /proc/sys/kernel/random/uuid "${secret_file}" else install -m 0600 /dev/null "${secret_file}" dd if=/dev/urandom count=1 bs=128 2>/dev/null \ | tr -dc "A-Za-z0-9" > "${secret_file}" fi fi } # varnish version 2.1.3-1 and older ran the log demons as root, we # need to change the owner of the old logs for upgrading clients upgrade_change_log_permissions() { chown -Rhf ${log_user}: ${log_dir} } case ${1:-} in configure) varnish_setup_user $daemon_user varnish_setup_user $log_user varnish_create_storagedir varnish_setup_logdir varnish_create_secret if dpkg --compare-versions "2.1.3-2" "gt-nl" "${2:-}" ; then upgrade_change_log_permissions fi ;; esac #DEBHELPER# debian/varnish-doc.docs0000664000000000000000000000005412314113646012257 0ustar doc/sphinx/=build/html doc/*.html doc/*.css debian/varnishlog.service0000664000000000000000000000027112314113646012727 0ustar [Unit] Description=Varnish HTTP accelerator log daemon [Service] User=varnishlog ExecStart=/usr/bin/varnishlog -a -w /var/log/varnish/varnish.log [Install] WantedBy=multi-user.target debian/reload-vcl0000664000000000000000000000740612314113646011153 0ustar #!/bin/sh # reload-varnish: Script to reload varnishd from VCL defined in # /etc/default/varnish. # # Stig Sandbeck Mathisen # Settings defaults=/etc/default/varnish secret=/etc/varnish/secret # Paths varnishadm=/usr/bin/varnishadm date=/bin/date tempfile=/bin/tempfile # Messages # msg_no_varnishadm: varnishadm msg_no_varnishadm="Error: Cannot execute %s\n" msg_no_management="Management port disabled. \$DAEMON_OPTS must contain '-T hostname:port'\n" # msg_defaults_not_readable: defaults msg_defaults_not_readable="Error: %s is not readable\n" # msg_defaults_not_there: defaults msg_defaults_not_there="Error: %s does not exist\n" msg_no_vcl="Error: No VCL file used, nothing to reload\n" msg_usage="Usage: $0 [-h][-c][-q]\n\t-h\tdisplay help\n\t-q\tquiet\n\t-c\tcompile only, do not reload\n" # msg_compile_only: varnishadm, mgmt_interface, vcl_label msg_compile_only="To activate, run:\n\t%s -T %s \\\\\n\tvcl.use %s\n" # msg_compile_failed: vcl_label, vcl_file msg_compile_failed="Error: vcl.load %s %s failed" # msg_use_ok: vcl_label msg_use_ok="VCL reloaded, active label is %s\n" # msg_use_failed: vcl_label msg_use_failed="Error: vcl.use %s failed\n" # msg_secret_not_readable: secret msg_secret_not_readable="Error: Secret file %s is not readable\n" # msg_secret_not_there: secret msg_secret_not_there="Error: Secret file %s does not exist\n" # Generate a label, prefixed with the caller's username, from the # kernel random uuid generator, fallback to timestamp if [ -f /proc/sys/kernel/random/uuid ] then uuid=$(cat /proc/sys/kernel/random/uuid) vcl_label="${LOGNAME}${LOGNAME:+:}${uuid}" else vcl_label="$($date +${LOGNAME}${LOGNAME:+:}%s.%N)" fi # Load defaults file if [ -f "$defaults" ] then if [ -r "$defaults" ] then . "$defaults" else printf >&2 "$msg_defaults_not_readable" $defaults exit 1 fi else printf >&2 "$msg_defaults_not_there" $defaults exit 1 fi # parse command line arguments while getopts hcq flag do case $flag in h) printf >&2 "$msg_usage" exit 0 ;; c) compile_only=1 ;; q) quiet=1 ;; *) printf >&2 "$msg_usage\n" exit 1 ;; esac done # Parse $DAEMON_OPTS (options must be kept in sync with varnishd). # Extract the -f and the -T option, and (try to) ensure that the # management interface is on the form hostname:address. OPTIND=1 while getopts a:b:CdFf:g:h:i:l:M:n:P:p:S:s:T:t:u:Vw: flag $DAEMON_OPTS do case $flag in f) if [ -f "$OPTARG" ]; then vcl_file="$OPTARG" fi ;; T) if [ -n "$OPTARG" -a "$OPTARG" != "${OPTARG%%:*}" ] then mgmt_interface="$OPTARG" fi ;; S) secret="$OPTARG" ;; esac done # Sanity checks if [ ! -x "$varnishadm" ] then printf >&2 "$msg_no_varnishadm" $varnishadm exit 1 fi if [ -z "$mgmt_interface" ] then printf >&2 "$msg_no_management" exit 1 fi if [ -z "$vcl_file" ] then printf >&2 "$msg_no_vcl" exit 1 fi # Check secret file if [ -f "$secret" ] then if [ ! -r "$secret" ] then printf >&2 "$msg_secret_not_readable" $secret exit 1 fi else printf >&2 "$msg_secret_not_there" $secret exit 1 fi logfile=$($tempfile -n /tmp/$vcl_label) # Compile and maybe reload if $varnishadm -T $mgmt_interface -S ${secret} vcl.load $vcl_label $vcl_file then if [ -n "$compile_only" ] then printf "$msg_compile_only" $varnishadm $mgmt_interface $vcl_label else if $varnishadm -T $mgmt_interface -S ${secret} vcl.use $vcl_label then printf "$msg_use_ok" $vcl_label else printf "$msg_use_failed" $vcl_label exitstatus=1 fi fi else printf "$msg_compile_failed" $vcl_label $vcl_file exitstatus=1 fi > $logfile # Blather if [ -z "${quiet}" -o -n "$exitstatus" ] then grep -v '^$' >&2 $logfile fi # Cleanup rm -f $logfile exit $exitstatus debian/varnish.default0000664000000000000000000000727012314113646012217 0ustar # Configuration file for varnish # # /etc/init.d/varnish expects the variables $DAEMON_OPTS, $NFILES and $MEMLOCK # to be set from this shell script fragment. # # Note: If systemd is installed, this file is obsolete and ignored. You will # need to copy /lib/systemd/system/varnish.service to /etc/systemd/system/ and # edit that file. # Should we start varnishd at boot? Set to "no" to disable. START=yes # Maximum number of open files (for ulimit -n) NFILES=131072 # Maximum locked memory size (for ulimit -l) # Used for locking the shared memory log in memory. If you increase log size, # you need to increase this number as well MEMLOCK=82000 # Default varnish instance name is the local nodename. Can be overridden with # the -n switch, to have more instances on a single server. # You may need to uncomment this variable for alternatives 1 and 3 below. # INSTANCE=$(uname -n) # This file contains 4 alternatives, please use only one. ## Alternative 1, Minimal configuration, no VCL # # Listen on port 6081, administration on localhost:6082, and forward to # content server on localhost:8080. Use a 1GB fixed-size cache file. # # This example uses the INSTANCE variable above, which you need to uncomment. # # DAEMON_OPTS="-a :6081 \ # -T localhost:6082 \ # -b localhost:8080 \ # -u varnish -g varnish \ # -S /etc/varnish/secret \ # -s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G" ## Alternative 2, Configuration with VCL # # Listen on port 6081, administration on localhost:6082, and forward to # one content server selected by the vcl file, based on the request. # DAEMON_OPTS="-a :6081 \ -T localhost:6082 \ -f /etc/varnish/default.vcl \ -S /etc/varnish/secret \ -s malloc,256m" ## Alternative 3, Advanced configuration # # This example uses the INSTANCE variable above, which you need to uncomment. # # See varnishd(1) for more information. # # # Main configuration file. You probably want to change it :) # VARNISH_VCL_CONF=/etc/varnish/default.vcl # # # Default address and port to bind to # # Blank address means all IPv4 and IPv6 interfaces, otherwise specify # # a host name, an IPv4 dotted quad, or an IPv6 address in brackets. # VARNISH_LISTEN_ADDRESS= # VARNISH_LISTEN_PORT=6081 # # # Telnet admin interface listen address and port # VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1 # VARNISH_ADMIN_LISTEN_PORT=6082 # # # The minimum number of worker threads to start # VARNISH_MIN_THREADS=1 # # # The Maximum number of worker threads to start # VARNISH_MAX_THREADS=1000 # # # Idle timeout for worker threads # VARNISH_THREAD_TIMEOUT=120 # # # Cache file location # VARNISH_STORAGE_FILE=/var/lib/varnish/$INSTANCE/varnish_storage.bin # # # Cache file size: in bytes, optionally using k / M / G / T suffix, # # or in percentage of available disk space using the % suffix. # VARNISH_STORAGE_SIZE=1G # # # File containing administration secret # VARNISH_SECRET_FILE=/etc/varnish/secret # # # Backend storage specification # VARNISH_STORAGE="file,${VARNISH_STORAGE_FILE},${VARNISH_STORAGE_SIZE}" # # # Default TTL used when the backend does not specify one # VARNISH_TTL=120 # # # DAEMON_OPTS is used by the init script. If you add or remove options, make # # sure you update this section, too. # DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \ # -f ${VARNISH_VCL_CONF} \ # -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \ # -t ${VARNISH_TTL} \ # -w ${VARNISH_MIN_THREADS},${VARNISH_MAX_THREADS},${VARNISH_THREAD_TIMEOUT} \ # -S ${VARNISH_SECRET_FILE} \ # -s ${VARNISH_STORAGE}" # ## Alternative 4, Do It Yourself # # DAEMON_OPTS="" debian/varnish.docs0000664000000000000000000000002712314113646011514 0ustar README doc/changes.rst debian/varnish.varnishlog.init0000664000000000000000000000432412314113646013706 0ustar #! /bin/sh ### BEGIN INIT INFO # Provides: varnishlog # Required-Start: $local_fs $remote_fs $network # Required-Stop: $local_fs $remote_fs $network # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start HTTP accelerator log daemon # Description: This script provides logging for varnish ### END INIT INFO # Source function library . /lib/lsb/init-functions NAME=varnishlog DESC="HTTP accelerator log deamon" PATH=/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/bin/$NAME PIDFILE=/var/run/$NAME/$NAME.pid LOGFILE=/var/log/varnish/varnish.log USER=varnishlog DAEMON_OPTS="-a -w ${LOGFILE} -D -P $PIDFILE" # Include defaults if available if [ -f /etc/default/$NAME ] ; then . /etc/default/$NAME fi # If unset, or set to "0" or "no", exit if [ -z "${VARNISHLOG_ENABLED}" ] || \ [ "${VARNISHLOG_ENABLED}" = "0" ] || \ [ "${VARNISHLOG_ENABLED}" = "no" ]; then exit 0; fi test -x $DAEMON || exit 0 start_varnishlog() { output=$(/bin/tempfile -s.varnish) log_daemon_msg "Starting $DESC" "$NAME" create_pid_directory if start-stop-daemon --start --quiet --pidfile ${PIDFILE} \ --chuid $USER --exec ${DAEMON} -- ${DAEMON_OPTS} \ > ${output} 2>&1; then log_end_msg 0 else log_end_msg 1 cat $output exit 1 fi rm $output } stop_varnishlog(){ log_daemon_msg "Stopping $DESC" "$NAME" if start-stop-daemon --stop --quiet --pidfile $PIDFILE \ --retry 10 --exec $DAEMON; then log_end_msg 0 else log_end_msg 1 fi } reload_varnishlog(){ log_daemon_msg "Reloading $DESC" "$NAME" if kill -HUP $(cat $PIDFILE) >/dev/null 2>&1; then log_end_msg 0 else log_end_msg 1 exit 1 fi } status_varnishlog(){ status_of_proc -p "${PIDFILE}" "${DAEMON}" "${NAME}" exit $? } create_pid_directory() { install -o $USER -g $USER -d $(dirname $PIDFILE) } case "$1" in start) start_varnishlog ;; stop) stop_varnishlog ;; reload) reload_varnishlog ;; status) status_varnishlog ;; restart|force-reload) $0 stop $0 start ;; *) log_success_msg "Usage: $0 {start|stop|restart|force-reload|reload}" exit 1 ;; esac exit 0 debian/Makefile.am0000664000000000000000000000073112314113646011226 0ustar # $Id: Makefile.am 2173 2007-10-28 18:43:24Z des $ EXTRA_DIST = \ README.Debian \ changelog \ compat \ control \ copyright \ libvarnish0-dev.dirs \ libvarnish0-dev.install \ libvarnish0.dirs \ libvarnish0.install \ lintian-override \ rules \ varnish.default \ varnish.dirs \ varnish.examples \ varnish.init \ varnish.install \ varnish.logrotate \ varnish.manpages \ varnish.postinst \ varnish.postrm \ varnish.varnishlog.init \ watch debian/source/0000775000000000000000000000000012314113646010471 5ustar debian/source/format0000664000000000000000000000001412314113646011677 0ustar 3.0 (quilt) debian/varnish.lintian-overrides0000664000000000000000000000007412314113646014224 0ustar varnish: embedded-library usr/lib/*/varnish/libvgz.so: zlib debian/copyright0000664000000000000000000000375112314113646011132 0ustar This package was debianized by Lars Bahner on Fri, 6 Oct 2006 16:26:57 +0200. It was pulled from the Subversion repository at http://varnish-cache.org/svn/trunk Debianizations are an integral part of the main source for varnish, so the change for Debian are made before publication of releases, and are as such checked. Files are downloadable from the following URL http://sourceforge.net/project/showfiles.php?group_id=155816 Copyright: 2006 Verdens Gang AS 2006 Linpro AS All rights reserved. License: Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The Debian packaging is copyright © 2006, Lars Bahner © 2006-2009 Stig Sandbeck Mathisen and is licensed under the GPL version 2. The full text of which can be found in the file /usr/share/common-licenses/GPL-2 on this system. debian/control0000664000000000000000000000537213142736052010605 0ustar Source: varnish Section: web Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Varnish Package Maintainers Uploaders: Jan Wagner , Lars Bahner , Stig Sandbeck Mathisen , Tollef Fog Heen , Build-Depends: autoconf, automake, autotools-dev, debhelper (>= 9), dh-autoreconf, dh-systemd, groff-base, libedit-dev, libjemalloc-dev, libncurses-dev, libpcre3-dev, libtool, pkg-config, python-docutils, xsltproc, Vcs-Browser: http://git.debian.org/?p=pkg-varnish/pkg-varnish.git;a=summary Vcs-Git: git://git.debian.org/pkg-varnish/pkg-varnish.git Homepage: http://varnish-cache.org/ Standards-Version: 3.9.4 XS-Testsuite: autopkgtest Package: varnish Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, adduser, gcc, libc6-dev | libc6.1-dev | libc-dev, Suggests: varnish-doc Replaces: libvarnishapi1 (<< 3.0.0-5) Description: state of the art, high-performance web accelerator Varnish Cache is a state of the art web accelerator written with performance and flexibility in mind. . Varnish Cache stores web pages in memory so web servers don't have to create the same web page over and over again. Varnish serves pages much faster than any application server; giving the website a significant speed up. . Some of the features include: * A modern design * VCL - a very flexible configuration language * Load balancing with health checking of backends * Partial support for ESI - Edge Side Includes * URL rewriting * Graceful handling of "dead" backends Package: varnish-doc Architecture: all Section: doc Depends: ${misc:Depends}, libjs-jquery, libjs-underscore Description: documentation for Varnish Cache This package contains HTML documentation for Varnish Cache. Package: libvarnishapi1 Section: libs Architecture: any Provides: libvarnish1 Conflicts: libvarnish1 Pre-Depends: multiarch-support Depends: ${shlibs:Depends}, ${misc:Depends} Description: shared libraries for Varnish Shared libraries for the Varnish HTTP accelerator. Package: libvarnishapi-dev Section: libdevel Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libvarnishapi1 (= ${binary:Version}) Provides: libvarnish-dev Conflicts: libvarnish-dev Description: development files for Varnish Development files for the Varnish HTTP accelerator. Package: varnish-dbg Section: debug Priority: extra Architecture: any Depends: varnish (= ${binary:Version}), ${misc:Depends} Description: debugging symbols for varnish This package contains the detached debugging symbols for varnish. . Varnish Cache is a state of the art web accelerator written with performance and flexibility in mind. debian/patches/0000775000000000000000000000000013142736052010622 5ustar debian/patches/fix-HTTP-Smuggling-CVE-2015-8852.patch0000664000000000000000000001356513142736052016556 0ustar Description: HTTP Smuggling issues: Double Content Length and bad EOL Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request. . This fixes CVE-2015-8852. Author: Martin Blix Grydeland Origin: upstream Bug-Ubuntu: https://pad.lv/1709153 Applied-Upstream: 85e8468, 29870c8 Last-Update: 2017-08-07 --- a/bin/varnishd/cache_http.c +++ b/bin/varnishd/cache_http.c @@ -502,7 +502,7 @@ http_dissect_hdrs(struct worker *w, stru /* Find end of next header */ q = r = p; while (r < t.e) { - if (!vct_iscrlf(*r)) { + if (!vct_iscrlf(r)) { r++; continue; } @@ -611,8 +611,8 @@ http_splitline(struct worker *w, int fd, /* Third field is optional and cannot contain CTL */ q = p; - if (!vct_iscrlf(*p)) { - for (; !vct_iscrlf(*p); p++) + if (!vct_iscrlf(p)) { + for (; !vct_iscrlf(p); p++) if (!vct_issep(*p) && vct_isctl(*p)) return (400); } @@ -639,10 +639,12 @@ http_splitline(struct worker *w, int fd, /*--------------------------------------------------------------------*/ static int -htc_request_check_host_hdr(struct http *hp) +htc_request_check_hdrs(struct sess *sp, struct http *hp) { int u; int seen_host = 0; + int seen_cl = 0; + for (u = HTTP_HDR_FIRST; u < hp->nhd; u++) { if (hp->hd[u].b == NULL) continue; @@ -650,10 +652,19 @@ htc_request_check_host_hdr(struct http * AN(hp->hd[u].e); if (http_IsHdr(&hp->hd[u], H_Host)) { if (seen_host) { + WSP(sp, SLT_Error, "Duplicated Host header"); return (400); } seen_host = 1; } + if (http_IsHdr(&hp->hd[u], H_Content_Length)) { + if (seen_cl) { + WSP(sp, SLT_Error, + "Duplicated Content-Length header"); + return (400); + } + seen_cl = 1; + } } return (0); } @@ -698,11 +709,7 @@ http_DissectRequest(struct sess *sp) } http_ProtoVer(hp); - retval = htc_request_check_host_hdr(hp); - if (retval != 0) { - WSP(sp, SLT_Error, "Duplicated Host header"); - return (retval); - } + retval = htc_request_check_hdrs(sp, hp); return (retval); } --- /dev/null +++ b/bin/varnishtest/tests/b00040.vtc @@ -0,0 +1,24 @@ +varnishtest "Do not consider CR as a valid line separator" + +server s1 { + rxreq + txresp +} -start + +varnish v1 -vcl+backend { + sub vcl_deliver { + if (req.http.foo) { + set resp.http.Foo = req.http.foo; + } + if (req.http.bar) { + set resp.http.Bar = req.http.bar; + } + } +} -start + +client c1 { + send "GET / HTTP/1.1\r\nFoo: foo\rBar: bar\r\n\r\n" + rxresp + expect resp.http.foo == "foo\rBar: bar" + expect resp.http.bar == "" +} -run --- a/bin/varnishtest/vtc_http.c +++ b/bin/varnishtest/vtc_http.c @@ -283,17 +283,17 @@ http_splitheader(struct http *hp, int re hh[n++] = p; while (!vct_islws(*p)) p++; - assert(!vct_iscrlf(*p)); + assert(!vct_iscrlf(p)); *p++ = '\0'; /* URL/STATUS */ while (vct_issp(*p)) /* XXX: H space only */ p++; - assert(!vct_iscrlf(*p)); + assert(!vct_iscrlf(p)); hh[n++] = p; while (!vct_islws(*p)) p++; - if (vct_iscrlf(*p)) { + if (vct_iscrlf(p)) { hh[n++] = NULL; q = p; p += vct_skipcrlf(p); @@ -304,7 +304,7 @@ http_splitheader(struct http *hp, int re while (vct_issp(*p)) /* XXX: H space only */ p++; hh[n++] = p; - while (!vct_iscrlf(*p)) + while (!vct_iscrlf(p)) p++; q = p; p += vct_skipcrlf(p); @@ -314,10 +314,10 @@ http_splitheader(struct http *hp, int re while (*p != '\0') { assert(n < MAX_HDR); - if (vct_iscrlf(*p)) + if (vct_iscrlf(p)) break; hh[n++] = p++; - while (*p != '\0' && !vct_iscrlf(*p)) + while (*p != '\0' && !vct_iscrlf(p)) p++; q = p; p += vct_skipcrlf(p); @@ -408,11 +408,11 @@ http_rxchunk(struct http *hp) } l = hp->prxbuf; (void)http_rxchar(hp, 2, 0); - if(!vct_iscrlf(hp->rxbuf[l])) + if(!vct_iscrlf(&hp->rxbuf[l])) vtc_log(hp->vl, hp->fatal, "Wrong chunk tail[0] = %02x", hp->rxbuf[l] & 0xff); - if(!vct_iscrlf(hp->rxbuf[l + 1])) + if(!vct_iscrlf(&hp->rxbuf[l + 1])) vtc_log(hp->vl, hp->fatal, "Wrong chunk tail[1] = %02x", hp->rxbuf[l + 1] & 0xff); --- a/include/vct.h +++ b/include/vct.h @@ -54,7 +54,6 @@ vct_is(unsigned char x, uint16_t y) #define vct_issp(x) vct_is(x, VCT_SP) #define vct_ishex(x) vct_is(x, VCT_HEX) -#define vct_iscrlf(x) vct_is(x, VCT_CRLF) #define vct_islws(x) vct_is(x, VCT_LWS) #define vct_isctl(x) vct_is(x, VCT_CTL) #define vct_isdigit(x) vct_is(x, VCT_DIGIT) @@ -64,5 +63,7 @@ vct_is(unsigned char x, uint16_t y) #define vct_isxmlnamestart(x) vct_is(x, VCT_XMLNAMESTART) #define vct_isxmlname(x) vct_is(x, VCT_XMLNAMESTART | VCT_XMLNAME) +#define vct_iscrlf(p) (((p)[0] == '\r' && (p)[1] == '\n') || (p)[0] == '\n') + /* NB: VCT always operate in ASCII, don't replace 0x0d with \r etc. */ #define vct_skipcrlf(p) (p[0] == 0x0d && p[1] == 0x0a ? 2 : 1) --- /dev/null +++ b/bin/varnishtest/tests/b00041.vtc @@ -0,0 +1,23 @@ +varnishtest "Fail request on duplicate Content-Length headers in requests" + +server s1 { + rxreq + txresp +} -start + +varnish v1 -vcl+backend { + sub vcl_deliver { + if (req.http.foo) { + set resp.http.Foo = req.http.foo; + } + if (req.http.bar) { + set resp.http.Bar = req.http.bar; + } + } +} -start + +client c1 { + txreq -req POST -hdr "Content-Length: 5" -body "12345" + rxresp + expect resp.status == 400 +} -run --- a/bin/varnishtest/tests/r00102.vtc +++ b/bin/varnishtest/tests/r00102.vtc @@ -17,14 +17,12 @@ varnish v1 -vcl+backend { client c1 { txreq -req POST -url "/" \ - -hdr "Content-Length: 10" \ -body "123456789\n" rxresp expect resp.status == 200 expect resp.http.X-Varnish == "1001" txreq -req POST -url "/" \ - -hdr "Content-Length: 10" \ -body "123456789\n" rxresp expect resp.status == 200 debian/patches/Correctly-handle-bogusly-large-chunk-sizes-CVE-2017-12425.patch0000664000000000000000000000320513142736052023532 0ustar Description: Correctly handle bogusly large chunk sizes. This fixes a denial of service attack vector where bogusly large chunk sizes in requests could be used to force restarts of the Varnish server. . This is Varnish Security Vulnerability VSV00001 . This fixes CVE-2017-12425. Author: Martin Blix Grydeland Origin: backport Bug: https://varnish-cache.org/security/VSV00001 Bug-Ubuntu: https://pad.lv/1709153 Reviewed-By: Simon Quigley Last-Update: 2017-08-08 --- a/bin/varnishd/cache_fetch.c +++ b/bin/varnishd/cache_fetch.c @@ -254,7 +254,7 @@ fetch_number(const char *nbr, int radix) return (-1); cl = (ssize_t)cll; - if((uintmax_t)cl != cll) /* Protect against bogusly large values */ + if (cl < 0 || (uintmax_t)cl != cll) /* Protect against bogusly large values */ return (-1); return (cl); } --- /dev/null +++ b/bin/varnishtest/tests/f00001.vtc @@ -0,0 +1,40 @@ +varnishtest "Check that we handle bogusly large chunks correctly" + +# Check that the bug has been fixed + +server s1 { + rxreq + txresp +} -start + +varnish v1 -vcl+backend { +} -start + +client c1 { + send "POST / HTTP/1.1\r\n" + send "Transfer-Encoding: chunked\r\n\r\n" + send "FFFFFFFFFFFFFFED\r\n" + send "0\r\n\r\n" + + rxresp + expect resp.status == 503 +} -run + +# Check that the published workaround does not cause harm + +varnish v1 -vcl+backend { + sub vcl_recv { + if (req.http.transfer-encoding ~ "(?i)chunked") { + return (fail); + } + } +} + +client c1 { + send "POST / HTTP/1.1\r\n" + send "Transfer-Encoding: chunked\r\n\r\n" + send "FFFFFFFFFFFFFFED\r\n" + + rxresp + expect resp.status == 503 +} -run debian/patches/series0000664000000000000000000000014713142736052012041 0ustar fix-HTTP-Smuggling-CVE-2015-8852.patch Correctly-handle-bogusly-large-chunk-sizes-CVE-2017-12425.patch debian/varnish.examples0000664000000000000000000000005412314113646012402 0ustar etc/zope-plone.vcl bin/varnishd/default.vcl debian/varnish.dirs0000664000000000000000000000004212314113646011522 0ustar usr/share/varnish var/log/varnish