Version in base suite: 7.7.0-3 Base version: varnish_7.7.0-3 Target version: varnish_7.7.0-3+deb13u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/v/varnish/varnish_7.7.0-3.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/v/varnish/varnish_7.7.0-3+deb13u1.dsc changelog | 11 +++ control | 6 - patches/fix_vsv17_1 | 76 ++++++++++++++++++++++++ patches/fix_vsv17_2 | 138 ++++++++++++++++++++++++++++++++++++++++++++ patches/fix_vsv17_3 | 103 ++++++++++++++++++++++++++++++++ patches/fix_vsv17_4 | 20 ++++++ patches/fix_vsv17_5 | 29 +++++++++ patches/fix_vsv19 | 135 +++++++++++++++++++++++++++++++++++++++++++ patches/series | 6 + varnish.varnishncsa.service | 8 +- watch | 4 - 11 files changed, 529 insertions(+), 7 deletions(-) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpi9aukxhz/varnish_7.7.0-3.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpi9aukxhz/varnish_7.7.0-3+deb13u1.dsc: no acceptable signature found diff -Nru varnish-7.7.0/debian/changelog varnish-7.7.0/debian/changelog --- varnish-7.7.0/debian/changelog 2025-06-08 11:43:35.000000000 +0000 +++ varnish-7.7.0/debian/changelog 2026-05-24 22:57:57.000000000 +0000 @@ -1,3 +1,14 @@ +varnish (7.7.0-3+deb13u1) trixie-security; urgency=medium + + * Backport the fix for the VSV00019 request smuggling vulnerability. + * Backport the fix for the VSV00017 denial of service vulnerability + (CVE-2025-8671). + * Use Type=forking again for varnishncsa.service, or else a reload + would kill the program. (See: #1118046) + * Update debian/watch and debian/control for Vinyl Cache. + + -- Marco d'Itri Mon, 25 May 2026 00:57:57 +0200 + varnish (7.7.0-3) unstable; urgency=medium * Depend on binutils because triplet-gcc calls the plain as(1) due to diff -Nru varnish-7.7.0/debian/control varnish-7.7.0/debian/control --- varnish-7.7.0/debian/control 2025-06-08 11:43:35.000000000 +0000 +++ varnish-7.7.0/debian/control 2026-05-24 22:57:57.000000000 +0000 @@ -20,9 +20,9 @@ xsltproc, Rules-Requires-Root: no Standards-Version: 4.7.2.0 -Vcs-Browser: https://salsa.debian.org/varnish-team/varnish -Vcs-Git: https://salsa.debian.org/varnish-team/varnish.git -Homepage: https://www.varnish-cache.org/ +Vcs-Browser: https://salsa.debian.org/varnish-team/vinyl-cache +Vcs-Git: https://salsa.debian.org/varnish-team/vinyl-cache.git -b debian/trixie +Homepage: https://vinyl-cache.org/ Package: varnish Architecture: any diff -Nru varnish-7.7.0/debian/patches/fix_vsv17_1 varnish-7.7.0/debian/patches/fix_vsv17_1 --- varnish-7.7.0/debian/patches/fix_vsv17_1 1970-01-01 00:00:00.000000000 +0000 +++ varnish-7.7.0/debian/patches/fix_vsv17_1 2026-05-24 22:57:57.000000000 +0000 @@ -0,0 +1,76 @@ +From 1aa6e49201acc64ec40b55a5482d1b26e939ff1c Mon Sep 17 00:00:00 2001 +From: Martin Blix Grydeland +Date: Tue, 1 Jul 2025 14:57:56 +0200 +Subject: H2: Add a H2_Send_GOAWAY method + +This method sends a goaway frame. Change h2_tx_goaway() so that it uses this method. + +diff --git a/bin/varnishd/http2/cache_http2.h b/bin/varnishd/http2/cache_http2.h +index ba036b84d6..ea25e89bd6 100644 +--- a/bin/varnishd/http2/cache_http2.h ++++ b/bin/varnishd/http2/cache_http2.h +@@ -259,6 +259,8 @@ void H2_Send_Frame(struct worker *, struct h2_sess *, + + void H2_Send_RST(struct worker *wrk, struct h2_sess *h2, + const struct h2_req *r2, uint32_t stream, h2_error h2e); ++void H2_Send_GOAWAY(struct worker *wrk, struct h2_sess *h2, ++ const struct h2_req *r2, h2_error h2e); + + void H2_Send(struct worker *, struct h2_req *, h2_frame type, uint8_t flags, + uint32_t len, const void *, uint64_t *acct); +diff --git a/bin/varnishd/http2/cache_http2_proto.c b/bin/varnishd/http2/cache_http2_proto.c +index 254275ebd3..884ed33e90 100644 +--- a/bin/varnishd/http2/cache_http2_proto.c ++++ b/bin/varnishd/http2/cache_http2_proto.c +@@ -414,19 +414,14 @@ h2_rx_goaway(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2) + static void + h2_tx_goaway(struct worker *wrk, struct h2_sess *h2, h2_error h2e) + { +- char b[8]; +- + ASSERT_RXTHR(h2); + AN(h2e); + + if (h2->goaway || !h2e->send_goaway) + return; + +- h2->goaway = 1; +- vbe32enc(b, h2->highest_stream); +- vbe32enc(b + 4, h2e->val); + H2_Send_Get(wrk, h2, h2->req0); +- H2_Send_Frame(wrk, h2, H2_F_GOAWAY, 0, 8, 0, b); ++ H2_Send_GOAWAY(wrk, h2, h2->req0, h2e); + H2_Send_Rel(h2, h2->req0); + } + +diff --git a/bin/varnishd/http2/cache_http2_send.c b/bin/varnishd/http2/cache_http2_send.c +index d4e66aab8c..5f7a11d352 100644 +--- a/bin/varnishd/http2/cache_http2_send.c ++++ b/bin/varnishd/http2/cache_http2_send.c +@@ -427,6 +427,26 @@ H2_Send_RST(struct worker *wrk, struct h2_sess *h2, const struct h2_req *r2, + H2_Send_Frame(wrk, h2, H2_F_RST_STREAM, 0, sizeof b, stream, b); + } + ++void ++H2_Send_GOAWAY(struct worker *wrk, struct h2_sess *h2, const struct h2_req *r2, ++ h2_error h2e) ++{ ++ char b[8]; ++ ++ CHECK_OBJ_NOTNULL(h2, H2_SESS_MAGIC); ++ CHECK_OBJ_NOTNULL(r2, H2_REQ_MAGIC); ++ AN(H2_SEND_HELD(h2, r2)); ++ AN(h2e); ++ ++ if (h2->goaway) ++ return; ++ ++ vbe32enc(b, h2->highest_stream); ++ vbe32enc(b + 4, h2e->val); ++ H2_Send_Frame(wrk, h2, H2_F_GOAWAY, 0, 8, 0, b); ++ h2->goaway = 1; ++} ++ + void + H2_Send(struct worker *wrk, struct h2_req *r2, h2_frame ftyp, uint8_t flags, + uint32_t len, const void *ptr, uint64_t *counter) diff -Nru varnish-7.7.0/debian/patches/fix_vsv17_2 varnish-7.7.0/debian/patches/fix_vsv17_2 --- varnish-7.7.0/debian/patches/fix_vsv17_2 1970-01-01 00:00:00.000000000 +0000 +++ varnish-7.7.0/debian/patches/fix_vsv17_2 2026-05-24 22:57:57.000000000 +0000 @@ -0,0 +1,138 @@ +From f960bccb5c3558ad9c49d7d01ac689c1c614f741 Mon Sep 17 00:00:00 2001 +From: Martin Blix Grydeland +Date: Tue, 1 Jul 2025 15:32:25 +0200 +Subject: H2: Make rapid reset handling be calleable from any context + +This patch splits the rapid reset handling into a check and a charge +step. The check determines if this was a benign reset, that is whether it +should be charged against the budgest or not. + +The charge step subtracts from the budget, and handles raises an error +when exceeded. On error it will send a GOAWAY frame on the session +immediately. To allow an error to be sent from this function, and to give +protection to the rapid reset state variables, it is required that the +caller holds the send mutex when calling. + +diff --git a/bin/varnishd/http2/cache_http2.h b/bin/varnishd/http2/cache_http2.h +index ea25e89bd6..4cfa718660 100644 +--- a/bin/varnishd/http2/cache_http2.h ++++ b/bin/varnishd/http2/cache_http2.h +@@ -250,6 +250,7 @@ h2_error h2h_decode_bytes(struct h2_sess *h2, const uint8_t *ptr, + size_t len); + + /* cache_http2_send.c */ ++#define H2_SEND_HELD(h2, r2) (VTAILQ_FIRST(&(h2)->txqueue) == (r2)) + void H2_Send_Get(struct worker *, struct h2_sess *, struct h2_req *); + void H2_Send_Rel(struct h2_sess *, const struct h2_req *); + +@@ -273,6 +274,10 @@ void h2_kill_req(struct worker *, struct h2_sess *, struct h2_req *, h2_error); + int h2_rxframe(struct worker *, struct h2_sess *); + h2_error h2_set_setting(struct h2_sess *, const uint8_t *); + void h2_req_body(struct req*); ++int h2_rapid_reset_check(struct worker *wrk, struct h2_sess *h2, ++ const struct h2_req *r2); ++h2_error h2_rapid_reset_charge(struct worker *wrk, struct h2_sess *h2, ++ const struct h2_req *r2); + task_func_t h2_do_req; + #ifdef TRANSPORT_MAGIC + vtr_req_fail_f h2_req_fail; +diff --git a/bin/varnishd/http2/cache_http2_proto.c b/bin/varnishd/http2/cache_http2_proto.c +index 884ed33e90..b8c3535a33 100644 +--- a/bin/varnishd/http2/cache_http2_proto.c ++++ b/bin/varnishd/http2/cache_http2_proto.c +@@ -338,14 +338,14 @@ h2_rx_push_promise(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2) + /********************************************************************** + */ + +-static h2_error +-h2_rapid_reset(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2) ++int ++h2_rapid_reset_check(struct worker *wrk, struct h2_sess *h2, ++ const struct h2_req *r2) + { + vtim_real now; +- vtim_dur d; + + CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC); +- ASSERT_RXTHR(h2); ++ CHECK_OBJ_NOTNULL(h2, H2_SESS_MAGIC); + CHECK_OBJ_NOTNULL(r2, H2_REQ_MAGIC); + + if (h2->rapid_reset_limit == 0) +@@ -357,6 +357,23 @@ h2_rapid_reset(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2) + if (now - r2->req->t_first > h2->rapid_reset) + return (0); + ++ return (1); ++} ++ ++h2_error ++h2_rapid_reset_charge(struct worker *wrk, struct h2_sess *h2, ++ const struct h2_req *r2) ++{ ++ vtim_real now; ++ vtim_dur d; ++ h2_error h2e = NULL; ++ ++ CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC); ++ AN(H2_SEND_HELD(h2, r2)); ++ CHECK_OBJ_NOTNULL(r2, H2_REQ_MAGIC); ++ ++ now = VTIM_real(); ++ + d = now - h2->last_rst; + h2->rst_budget += h2->rapid_reset_limit * d / + h2->rapid_reset_period; +@@ -364,18 +381,21 @@ h2_rapid_reset(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2) + h2->rapid_reset_limit); + h2->last_rst = now; + +- if (h2->rst_budget < 1.0) { ++ h2->rst_budget -= 1.0; ++ ++ if (h2->rst_budget < 0) { + H2S_Lock_VSLb(h2, SLT_SessError, "H2: Hit RST limit. Closing session."); +- return (H2CE_RAPID_RESET); ++ h2e = H2CE_RAPID_RESET; ++ H2_Send_GOAWAY(wrk, h2, r2, h2e); + } +- h2->rst_budget -= 1.0; +- return (0); ++ ++ return (h2e); + } + + static h2_error v_matchproto_(h2_rxframe_f) + h2_rx_rst_stream(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2) + { +- h2_error h2e; ++ h2_error h2e = NULL; + + CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC); + ASSERT_RXTHR(h2); +@@ -387,7 +407,11 @@ h2_rx_rst_stream(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2) + } + if (r2 == NULL) + return (0); +- h2e = h2_rapid_reset(wrk, h2, r2); ++ if (h2_rapid_reset_check(wrk, h2, r2)) { ++ H2_Send_Get(wrk, h2, r2); ++ h2e = h2_rapid_reset_charge(wrk, h2, r2); ++ H2_Send_Rel(h2, r2); ++ } + h2_kill_req(wrk, h2, r2, h2_streamerror(vbe32dec(h2->rxf_data))); + return (h2e); + } +diff --git a/bin/varnishd/http2/cache_http2_send.c b/bin/varnishd/http2/cache_http2_send.c +index 5f7a11d352..41c45961b3 100644 +--- a/bin/varnishd/http2/cache_http2_send.c ++++ b/bin/varnishd/http2/cache_http2_send.c +@@ -41,8 +41,6 @@ + #include "vend.h" + #include "vtim.h" + +-#define H2_SEND_HELD(h2, r2) (VTAILQ_FIRST(&(h2)->txqueue) == (r2)) +- + static h2_error + h2_errcheck(const struct h2_req *r2, const struct h2_sess *h2) + { diff -Nru varnish-7.7.0/debian/patches/fix_vsv17_3 varnish-7.7.0/debian/patches/fix_vsv17_3 --- varnish-7.7.0/debian/patches/fix_vsv17_3 1970-01-01 00:00:00.000000000 +0000 +++ varnish-7.7.0/debian/patches/fix_vsv17_3 2026-05-24 22:57:57.000000000 +0000 @@ -0,0 +1,103 @@ +From 7710a5da9958d1b63720e4f6565dd1d87619d4c6 Mon Sep 17 00:00:00 2001 +From: Martin Blix Grydeland +Date: Tue, 1 Jul 2025 15:50:10 +0200 +Subject: H2: Check rapid reset whenever we send a RST frame for a stream + +This checks and charges the rapid reset budget whenever we send a RST +frame, causing a session error if the budget is exhausted. + +This fixes the reverse rapid reset vulnerability. + +diff --git a/bin/varnishd/http2/cache_http2_send.c b/bin/varnishd/http2/cache_http2_send.c +index 41c45961b3..3461bdb380 100644 +--- a/bin/varnishd/http2/cache_http2_send.c ++++ b/bin/varnishd/http2/cache_http2_send.c +@@ -413,6 +413,7 @@ H2_Send_RST(struct worker *wrk, struct h2_sess *h2, const struct h2_req *r2, + uint32_t stream, h2_error h2e) + { + char b[4]; ++ h2_error h2e_rr = NULL; + + CHECK_OBJ_NOTNULL(h2, H2_SESS_MAGIC); + CHECK_OBJ_NOTNULL(r2, H2_REQ_MAGIC); +@@ -423,6 +424,11 @@ H2_Send_RST(struct worker *wrk, struct h2_sess *h2, const struct h2_req *r2, + vbe32enc(b, h2e->val); + + H2_Send_Frame(wrk, h2, H2_F_RST_STREAM, 0, sizeof b, stream, b); ++ ++ if (h2_rapid_reset_check(wrk, h2, r2)) ++ h2e_rr = h2_rapid_reset_charge(wrk, h2, r2); ++ if (h2e_rr != NULL) ++ h2->error = h2e_rr; + } + + void +diff --git a/bin/varnishtest/tests/f00017a.vtc b/bin/varnishtest/tests/f00017a.vtc +new file mode 100644 +index 0000000000..6370652bef +--- /dev/null ++++ b/bin/varnishtest/tests/f00017a.vtc +@@ -0,0 +1,63 @@ ++varnishtest "h2 reverse rapid reset" ++ ++barrier b1 sock 2 -cyclic ++barrier b2 sock 5 -cyclic ++ ++server s1 { ++ rxreq ++ txresp ++} -start ++ ++varnish v1 -cliok "param.set feature +http2" ++varnish v1 -cliok "param.set debug +syncvsl" ++varnish v1 -cliok "param.set h2_rapid_reset_limit 3" ++varnish v1 -cliok "param.set h2_rapid_reset 5" ++ ++varnish v1 -vcl+backend { ++ import vtc; ++ ++ sub vcl_recv { ++ if (req.http.barrier) { ++ vtc.barrier_sync(req.http.barrier); ++ } ++ vtc.barrier_sync("${b2_sock}"); ++ } ++ ++} -start ++ ++client c1 { ++ stream 0 { ++ rxgoaway ++ expect goaway.err == ENHANCE_YOUR_CALM ++ } -start ++ ++ stream 1 { ++ txreq -hdr barrier ${b1_sock} ++ barrier b1 sync ++ txwinup -size 0 ++ rxrst ++ } -run ++ stream 3 { ++ txreq -hdr barrier ${b1_sock} ++ barrier b1 sync ++ txwinup -size 0 ++ rxrst ++ } -run ++ stream 5 { ++ txreq -hdr barrier ${b1_sock} ++ barrier b1 sync ++ txwinup -size 0 ++ rxrst ++ } -run ++ stream 7 { ++ txreq -hdr barrier ${b1_sock} ++ barrier b1 sync ++ txwinup -size 0 ++ rxrst ++ } -run ++ ++ barrier b2 sync ++ stream 0 -wait ++} -run ++ ++varnish v1 -expect sc_rapid_reset == 1 diff -Nru varnish-7.7.0/debian/patches/fix_vsv17_4 varnish-7.7.0/debian/patches/fix_vsv17_4 --- varnish-7.7.0/debian/patches/fix_vsv17_4 1970-01-01 00:00:00.000000000 +0000 +++ varnish-7.7.0/debian/patches/fix_vsv17_4 2026-05-24 22:57:57.000000000 +0000 @@ -0,0 +1,20 @@ +From 9f95c0229c827ee867f265318899e347df2004ad Mon Sep 17 00:00:00 2001 +From: Martin Blix Grydeland +Date: Wed, 20 Aug 2025 13:21:34 +0200 +Subject: H2: Add sanity assertions to h2_send_get_locked() + +These assertions guard against double-registering on the send queue. + +diff --git a/bin/varnishd/http2/cache_http2_send.c b/bin/varnishd/http2/cache_http2_send.c +index 3461bdb380..6208633853 100644 +--- a/bin/varnishd/http2/cache_http2_send.c ++++ b/bin/varnishd/http2/cache_http2_send.c +@@ -107,6 +107,8 @@ h2_send_get_locked(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2) + Lck_AssertHeld(&h2->sess->mtx); + if (&wrk->cond == h2->cond) + ASSERT_RXTHR(h2); ++ AZ(H2_SEND_HELD(h2, r2)); ++ AZ(r2->wrk); + r2->wrk = wrk; + VTAILQ_INSERT_TAIL(&h2->txqueue, r2, tx_list); + while (!H2_SEND_HELD(h2, r2)) diff -Nru varnish-7.7.0/debian/patches/fix_vsv17_5 varnish-7.7.0/debian/patches/fix_vsv17_5 --- varnish-7.7.0/debian/patches/fix_vsv17_5 1970-01-01 00:00:00.000000000 +0000 +++ varnish-7.7.0/debian/patches/fix_vsv17_5 2026-05-24 22:57:57.000000000 +0000 @@ -0,0 +1,29 @@ +From cfee49ee9054a238bda686666ac6e471fbbfca10 Mon Sep 17 00:00:00 2001 +From: Martin Blix Grydeland +Date: Wed, 20 Aug 2025 13:22:15 +0200 +Subject: H2: Use the correct queue context when sending rapid reset goaway + +When queing for send during rapid reset handling on incoming frame, it is +`h2->req0` that should be used for queueing, not the `struct h2_req` of +the stream for which we are handling the incoming frame. This error would +lead to the queue structure becoming corrupted. + +Fixes: #4380 + +diff --git a/bin/varnishd/http2/cache_http2_proto.c b/bin/varnishd/http2/cache_http2_proto.c +index b8c3535a33..4265da7df4 100644 +--- a/bin/varnishd/http2/cache_http2_proto.c ++++ b/bin/varnishd/http2/cache_http2_proto.c +@@ -408,9 +408,9 @@ h2_rx_rst_stream(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2) + if (r2 == NULL) + return (0); + if (h2_rapid_reset_check(wrk, h2, r2)) { +- H2_Send_Get(wrk, h2, r2); +- h2e = h2_rapid_reset_charge(wrk, h2, r2); +- H2_Send_Rel(h2, r2); ++ H2_Send_Get(wrk, h2, h2->req0); ++ h2e = h2_rapid_reset_charge(wrk, h2, h2->req0); ++ H2_Send_Rel(h2, h2->req0); + } + h2_kill_req(wrk, h2, r2, h2_streamerror(vbe32dec(h2->rxf_data))); + return (h2e); diff -Nru varnish-7.7.0/debian/patches/fix_vsv19 varnish-7.7.0/debian/patches/fix_vsv19 --- varnish-7.7.0/debian/patches/fix_vsv19 1970-01-01 00:00:00.000000000 +0000 +++ varnish-7.7.0/debian/patches/fix_vsv19 2026-05-24 22:57:57.000000000 +0000 @@ -0,0 +1,135 @@ +--- a/bin/varnishd/http2/cache_http2_hpack.c ++++ b/bin/varnishd/http2/cache_http2_hpack.c +@@ -171,7 +171,7 @@ h2h_addhdr(struct http *hp, struct h2h_d + + /* Match H/2 pseudo headers */ + /* XXX: Should probably have some include tbl for pseudo-headers */ +- if (!Tstrcmp(nm, ":method")) { ++ if (Tstreq(nm, ":method")) { + hdr.b = val.b; + n = HTTP_HDR_METHOD; + disallow_empty = 1; +@@ -181,13 +181,13 @@ h2h_addhdr(struct http *hp, struct h2h_d + if (!vct_istchar(*p)) + return (H2SE_PROTOCOL_ERROR); + } +- } else if (!Tstrcmp(nm, ":path")) { ++ } else if (Tstreq(nm, ":path")) { + hdr.b = val.b; + n = HTTP_HDR_URL; + disallow_empty = 1; + + // rfc9113,l,2693,2705 +- if (Tlen(val) > 0 && val.b[0] != '/' && Tstrcmp(val, "*")) { ++ if (Tlen(val) > 0 && val.b[0] != '/' && !Tstreq(val, "*")) { + VSLb(hp->vsl, SLT_BogoHeader, + "Illegal :path pseudo-header %.*s", + (int)Tlen(val), val.b); +@@ -199,7 +199,7 @@ h2h_addhdr(struct http *hp, struct h2h_d + if (vct_islws(*p) || vct_isctl(*p)) + return (H2SE_PROTOCOL_ERROR); + } +- } else if (!Tstrcmp(nm, ":scheme")) { ++ } else if (Tstreq(nm, ":scheme")) { + /* XXX: What to do about this one? (typically + "http" or "https"). For now set it as a normal + header, stripping the first ':'. */ +@@ -213,7 +213,7 @@ h2h_addhdr(struct http *hp, struct h2h_d + if (!vct_istchar(*p)) + return (H2SE_PROTOCOL_ERROR); + } +- } else if (!Tstrcmp(nm, ":authority")) { ++ } else if (Tstreq(nm, ":authority")) { + /* NB: we inject "host" in place of "rity" for + * the ":authority" pseudo-header. + */ +--- a/include/vdef.h ++++ b/include/vdef.h +@@ -276,9 +276,25 @@ typedef struct { + #define Tcheck(t) do { (void)pdiff((t).b, (t).e); } while (0) + #define Tlen(t) (pdiff((t).b, (t).e)) + #define Tstr(s) (/*lint -e(446)*/ (txt){(s), (s) + strlen(s)}) +-#define Tstrcmp(t, s) (strncmp((t).b, (s), Tlen(t))) ++#define Tstreq(t, s) (Tlen(t) == strlen(s) && !vmemcmp((t).b, (s), Tlen(t))) + #define Tforeach(c, t) for ((c) = (t).b; (c) < (t).e; (c)++) + + /* #3020 dummy definitions until PR is merged*/ + #define LIKELY(x) (x) + #define UNLIKELY(x) (x) ++ ++/********************************************************************** ++ * various optinal built-ins ++ * ++ * https://clang.llvm.org/docs/LanguageExtensions.html#builtin-functions ++ * ++ */ ++#ifndef __has_builtin ++# define __has_builtin(x) 0 ++#endif ++ ++#if __has_builtin(__builtin_memcmp) ++# define vmemcmp(s1, s2, n) __builtin_memcmp(s1, s2, n) ++#else ++# define vmemcmp(s1, s2, n) memcmp(s1, s2, n) ++#endif +--- a/bin/varnishtest/tests/h00007.vtc ++++ b/bin/varnishtest/tests/h00007.vtc +@@ -9,6 +9,7 @@ feature cmd {haproxy --version 2>&1 | gr + server s1 { + rxreq + txresp -body "s1 >>> Hello world!" ++ shutdown + } -start + + varnish v1 -proto "PROXY" -vcl+backend {} -start +@@ -28,7 +29,7 @@ haproxy h1 -D -conf { + varnish v1 -vcl+backend { + import std; + +- acl localhost { ++ acl localhost -fold { + "localhost"; + "127.0.0.1"; + "::1"; +@@ -58,3 +59,7 @@ client c1 -connect ${h1_fe1_sock} { + expect resp.http.notstdip == false + expect resp.body == "s1 >>> Hello world!" + } -run ++ ++varnish v1 -vsl_catchup ++ ++haproxy h1 -wait +--- /dev/null ++++ b/bin/varnishtest/tests/f00019.vtc +@@ -0,0 +1,31 @@ ++vtest "Verify pseudo-header parsing" ++ ++varnish v1 -cliok "param.set feature +http2" ++varnish v1 -vcl { ++ backend default none; ++ sub vcl_recv { ++ return (synth(200)); ++ } ++} -start ++ ++client c1 { ++ stream 1 { ++ txreq -noadd \ ++ -hdr ":authority" "foo.com" \ ++ -hdr ":path" "/foobar" \ ++ -hdr ":scheme" "http" \ ++ -hdr ":method" "GET" ++ rxresp ++ expect resp.status == 200 ++ } -run ++ ++ stream 3 { ++ txreq -noadd \ ++ -hdr ":a" "foo.com" \ ++ -hdr ":p" "/foobar" \ ++ -hdr ":s" "http" \ ++ -hdr ":m" "GET" ++ rxrst ++ expect rst.err == PROTOCOL_ERROR ++ } -run ++} -run diff -Nru varnish-7.7.0/debian/patches/series varnish-7.7.0/debian/patches/series --- varnish-7.7.0/debian/patches/series 2025-06-08 11:43:35.000000000 +0000 +++ varnish-7.7.0/debian/patches/series 2026-05-24 22:57:57.000000000 +0000 @@ -1,3 +1,9 @@ set_vcs_version skip_tests fix_vsv16 +fix_vsv17_1 +fix_vsv17_2 +fix_vsv17_3 +fix_vsv17_4 +fix_vsv17_5 +fix_vsv19 diff -Nru varnish-7.7.0/debian/varnish.varnishncsa.service varnish-7.7.0/debian/varnish.varnishncsa.service --- varnish-7.7.0/debian/varnish.varnishncsa.service 2025-06-08 11:43:35.000000000 +0000 +++ varnish-7.7.0/debian/varnish.varnishncsa.service 2026-05-24 22:57:57.000000000 +0000 @@ -4,12 +4,14 @@ After=varnish.service [Service] -Type=exec +Type=forking User=varnishlog Group=varnish -ExecStart=/usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log +ExecStart=/usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log -D -P /run/varnishncsa/varnishncsa.pid +PIDFile=/run/varnishncsa/varnishncsa.pid ExecReload=/bin/kill -HUP $MAINPID -Restart=on-failure +Restart=on-abnormal +RuntimeDirectory=varnishncsa LogsDirectory=varnish LogsDirectoryMode=0750 PrivateDevices=true diff -Nru varnish-7.7.0/debian/watch varnish-7.7.0/debian/watch --- varnish-7.7.0/debian/watch 2025-06-08 11:43:35.000000000 +0000 +++ varnish-7.7.0/debian/watch 2026-05-24 22:57:57.000000000 +0000 @@ -1,3 +1,5 @@ version=4 -https://varnish-cache.org/releases/ /downloads/@PACKAGE@-@ANY_VERSION@.tgz +opts="searchmode=plain" \ + https://code.vinyl-cache.org/api/v1/repos/vinyl-cache/vinyl-cache/tags \ + /archive/varnish@ANY_VERSION@\.tar\.gz