From b7d40ede76a6483861922ac5d6d576ca24719028 Mon Sep 17 00:00:00 2001
From: MSVSphere Packaging Team <packager@msvsphere-os.ru>
Date: Wed, 4 Dec 2024 09:46:58 +0300
Subject: [PATCH] import varnish-7.6.0-3.el10

---
 .gitignore         |  4 +--
 .varnish.metadata  |  4 +--
 SPECS/varnish.spec | 69 ++++++++++++++++++++++++++--------------------
 3 files changed, 43 insertions(+), 34 deletions(-)

diff --git a/.gitignore b/.gitignore
index a1d599b..0b40a6a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-SOURCES/pkg-varnish-cache-cfa8cb3.tar.gz
-SOURCES/varnish-7.4.2.tgz
+SOURCES/pkg-varnish-cache-7d90347.tar.gz
+SOURCES/varnish-7.6.0.tgz
diff --git a/.varnish.metadata b/.varnish.metadata
index efb3ff1..5263226 100644
--- a/.varnish.metadata
+++ b/.varnish.metadata
@@ -1,2 +1,2 @@
-b9498e9d57801e422cede9a21ecf8f3295e104b2 SOURCES/pkg-varnish-cache-cfa8cb3.tar.gz
-3e00b014f57f1528c0e29e9f00d9d60ea214f6bb SOURCES/varnish-7.4.2.tgz
+64bc4417a97c4c14b7b665884059b53ec940c14c SOURCES/pkg-varnish-cache-7d90347.tar.gz
+9d614ab035e752c26f617ab8c1b75bd888af551e SOURCES/varnish-7.6.0.tgz
diff --git a/SPECS/varnish.spec b/SPECS/varnish.spec
index eabfe13..d394f95 100644
--- a/SPECS/varnish.spec
+++ b/SPECS/varnish.spec
@@ -12,12 +12,12 @@
 
 %global __provides_exclude_from ^%{_libdir}/varnish/vmods
 
-%global abi cd1d10ab53a6f6115b2b4f3b2a1da94c1f749f80
-%global vrt 18.0
+%global abi ed1243ca162a7b1d975bc0332f0d66d33f0bc78e
+%global vrt 20.0
 
 # Package scripts are now external
 # https://github.com/varnishcache/pkg-varnish-cache
-%global commit1 cfa8cb3724e4ca6398f60b09157715bcb99d189d
+%global commit1 7d90347be31891b338dededb318594cebb668ba7
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 # Default: Use jemalloc, as adviced by upstream project
@@ -36,8 +36,8 @@
 
 Summary: High-performance HTTP accelerator
 Name: varnish
-Version: 7.4.2
-Release: 5%{?dist}
+Version: 7.6.0
+Release: 3%{?dist}
 License: BSD-2-Clause AND (BSD-2-Clause-FreeBSD AND BSD-3-Clause AND LicenseRef-Fedora-Public-Domain AND Zlib)
 URL: https://www.varnish-cache.org/
 Source0: http://varnish-cache.org/_downloads/%{name}-%{version}.tgz
@@ -67,17 +67,20 @@ BuildRequires: python34 python34-sphinx python34-docutils
 BuildRequires: python3, python3-sphinx, python3-docutils
 %endif
 BuildRequires: gcc
+%if %{with system_allocator}
+# use glibc
+%else
+%ifnarch aarch64
+BuildRequires: jemalloc-devel
+%endif
+%endif
+
 BuildRequires: libedit-devel
 BuildRequires: make
 BuildRequires: ncurses-devel
 BuildRequires: pcre2-devel
 BuildRequires: pkgconfig
 BuildRequires: systemd-units
-%if %{with system_allocator}
-# use glibc
-%else
-BuildRequires: jemalloc-devel
-%endif
 
 # Extra requirements for the build suite
 #   needs haproxy2
@@ -86,15 +89,15 @@ BuildRequires: haproxy
 %endif
 BuildRequires: nghttp2
 
+# Varnish actually needs gcc installed to work. It uses the C compiler
+# at runtime to compile the VCL configuration files. This is by design.
+Requires: gcc
 Requires: logrotate
 Requires: ncurses
 Requires: pcre2
 Requires: redhat-rpm-config
 Requires(pre): shadow-utils
 Requires(post): /usr/bin/uuidgen
-# Varnish actually needs gcc installed to work. It uses the C compiler 
-# at runtime to compile the VCL configuration files. This is by design.
-Requires: gcc
 Requires(post): systemd-units
 Requires(post): systemd-sysv
 Requires(preun): systemd-units
@@ -163,6 +166,8 @@ export CFLAGS="$CFLAGS -ffloat-store -fexcess-precision=standard"
 export CFLAGS="$CFLAGS -Wno-error=free-nonheap-object"
 %endif
 
+# What platform is this
+uname -a
 
 # What gcc version is this?
 gcc --version
@@ -199,20 +204,18 @@ rm -rf doc/html/_sources
 
 %check
 
-# Remove these for now. Hard to get the size and timing right
-%ifarch s390 s390x aarch64
-rm bin/varnishtest/tests/o00005.vtc
-%endif
-%ifarch armv7hl
-rm bin/varnishtest/tests/b00046.vtc
-%endif
-%ifarch s390x
-rm bin/varnishtest/tests/r02310.vtc
-%endif
-# failing on all arches
-rm bin/varnishtest/tests/h00004.vtc
+# Up the stack size in tests, necessary on secondary arches
+sed -i 's/thread_pool_stack 80k/thread_pool_stack 128k/g;' bin/varnishtest/tests/*.vtc
+sed -i 's/file,2M/file,8M/' bin/varnishtest/tests/r04036.vtc
 
-%make_build check
+# Just a hack to avoid too high load on secondary arch builders
+%ifarch s390x ppc64le
+# This works when ran alone, but not in the whole suite. Load and/or timing issues
+rm bin/varnishtest/tests/t02014.vtc
+make -j2 check
+%else
+#make_build check
+%endif
 
 %install
 rm -rf %{buildroot}
@@ -287,10 +290,11 @@ chmod 644 lib/libvmod_*/*.h
 
 
 %pre
-getent group varnish >/dev/null || groupadd -r varnish
-getent passwd varnish >/dev/null || \
-       useradd -r -g varnish -d /var/lib/varnish -s /sbin/nologin \
-               -c "Varnish Cache" varnish
+getent group varnish >/dev/null ||
+groupadd -r varnish
+getent passwd varnish >/dev/null ||
+useradd -r -g varnish -d /var/lib/varnish -s /sbin/nologin \
+	-c "Varnish Cache" varnish
 exit 0
 
 
@@ -309,6 +313,11 @@ test -f /etc/varnish/secret || (uuidgen > /etc/varnish/secret && chmod 0600 /etc
 
 
 %changelog
+* Tue Nov 19 2024 Luboš Uhliarik <luhliari@redhat.com> - 7.6.0-3
+- Resolves: RHEL-59267 - varnish rebase to 7.6.0
+- Resolves: RHEL-30333 CVE-2024-30156 varnish: HTTP/2 Broken Window
+  Attack may result in denial of service
+
 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 7.4.2-5
 - Bump release for October 2024 mass rebuild:
   Resolves: RHEL-64018