| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: varnish-devel | Distribution: openSUSE Tumbleweed |
| Version: 7.5.0 | Vendor: openSUSE |
| Release: 1.1 | Build date: Tue Mar 26 19:27:32 2024 |
| Group: Development/Libraries/C and C++ | Build host: reproducible |
| Size: 477444 | Source RPM: varnish-7.5.0-1.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: https://varnish-cache.org/ | |
| Summary: Development files for Varnish | |
Varnish is an HTTP accelerator. Often called Reverse Proxy, it is an application that stores (caches) documents that have been requested over the HTTP protocol. This package holds the development files for varnish.
BSD-2-Clause
* Tue Mar 26 2024 Jan Engelhardt <jengelh@inai.de>
- Update to release 7.5.0
* Resolved CVE-2023-44487, CVE-2024-30156 [boo#1221942]
* The default value of cli_limit has been increased from 48KB
to 64KB.
* A new ``pipe_task_deadline`` directive specifies the maximum
duration of a pipe transaction.
* All the timeout parameters that can be disabled accept the
"never" value.
* Added parameters to control the HTTP/2 Rapid Reset attach.
* Tue Feb 06 2024 Arjen de Korte <suse+build@de-korte.org>
- Use sysuser-tools to generate varnish user
* Fri Dec 01 2023 Dirk Müller <dmueller@suse.com>
- update to 7.4.2 (bsc#1216123, CVE-2023-44487):
* The ``vcl_req_reset`` feature (controllable through the ``feature``
parameter, see `varnishd(1)`) has been added and enabled by default
to terminate client side VCL processing early when the client is
gone.
* req_reset* events trigger a VCL failure and are reported to
`vsl(7)` as ``Timestamp: Reset`` and accounted to ``main.req_reset``
in `vsc` as visible through ``varnishstat(1)``.
In particular, this feature is used to reduce resource consumption
of HTTP/2 "rapid reset" attacks (see below).
Note that *req_reset* events may lead to client tasks for which no
VCL is called ever. Presumably, this is thus the first time that
valid `vcl(7)` client transactions may not contain any ``VCL_call``
records.
* Added mitigation options and visibility for HTTP/2 "rapid reset"
attacks
Global rate limit controls have been added as parameters, which can
be overridden per HTTP/2 session from VCL using the new vmod ``h2``:
* The ``h2_rapid_reset`` parameter and ``h2.rapid_reset()`` function
define a threshold duration for an ``RST_STREAM`` to be classified
as "rapid": If an ``RST_STREAM`` frame is parsed sooner than this
duration after a ``HEADERS`` frame, it is accounted against the
rate limit described below.
* The ``h2_rapid_reset_limit`` parameter and
``h2.rapid_reset_limit()`` function define how many "rapid" resets
may be received during the time span defined by the
``h2_rapid_reset_period`` parameter / ``h2.rapid_reset_period()``
function before the HTTP/2 connection is forcibly closed with a
``GOAWAY`` and all ongoing VCL client tasks of the connection are
aborted.
The defaults are 100 and 60 seconds, corresponding to an allowance
of 100 "rapid" resets per minute.
* The ``h2.rapid_reset_budget()`` function can be used to query the
number of currently allowed "rapid" resets.
* Sessions closed due to rapid reset rate limiting are reported as
``SessClose RAPID_RESET`` in `vsl(7)` and accounted to
``main.sc_rapid_reset`` in `vsc` as visible through
``varnishstat(1)``.
* The ``cli_limit`` parameter default has been increased from 48KB to
64KB.
* ``VSUB_closefrom()`` now falls back to the base implementation not
only if ``close_range()`` was determined to be unusable at compile
time, but also at run time. That is to say, even if
``close_range()`` is compiled in, the fallback to the naive
implementation remains.
* Thu Sep 21 2023 Jan Engelhardt <jengelh@inai.de>
- Update to release 7.4.1
* Response status codes other than 200 and 204 are now considered
errors for ESI fragments.
* Support for abstract AF_LOCAL sockets.
* HTTP/2 header field validation is now more strict with respect
to allowed characters.
* VCL tracing now needs to be explicitly activated by setting the
req.trace or bereq.trace VCL variables.
* Wed Nov 09 2022 Jan Engelhardt <jengelh@inai.de>
- Update to release 7.2.1
* Attempts to mark well-known headers like Content-Length and
Host hop-by-hop through a Connection-header will now cause a
400 "Bad request" response.
(VSV00010, CVE-2022-45059, boo#1205243)
* Apply the same character set rules to HTTP/2 pseudo-headers
as is done on the corresponding HTTP/1 request-line field
parsing. (VSV00011, CVE-2022-45060, boo#1205242)
* Sat Oct 29 2022 Dirk Müller <dmueller@suse.com>
- update to 7.2.0:
* Functions ``VRT_AddVDP()``, ``VRT_AddVFP()``,
``VRT_RemoveVDP()`` and ``VRT_RemoveVFP()`` are deprecated.
* Cookie headers generated by vmod_cookie no longer have a
spurious trailing semicolon at the end of the string. This
could break VCL relying on the previous incorrect behavior.
* The ``SessClose`` and ``BackendClose`` reason ``rx_body``,
which previously output ``Failure receiving req.body``, has
been rewritten to ``Failure receiving body``.
* Prototypical Varnish Extensions (VEXT). Similar to VMODs, a
VEXT is loaded by the cache process. Unlike VMODs that have
the combined lifetime of all the VCLs that reference them, a
VEXT has the lifetime of the cache process itself. There are
no built-in extensions so far.
* Duration parameters can optionally take a unit, with the same
syntax as duration units in VCL.
* Calls to ``VRT_CacheReqBody()`` and ``std.cache_req_body``
from outside client vcl subs now fail properly instead of
triggering an assertion failure.
* New "B" string for the package branch in ``VCS_String()``.
For the 7.2.0 version, it would yield the 7.2 branch.
* The new ``vcc_feature`` bits parameter replaces previous
``vcc_*`` boolean parameters. The latter still exist as
deprecated aliases.
* The ``-k`` option from ``varnishlog`` is now supported by
``varnishncsa``.
* New functions ``std.now()`` and ``std.timed_call()`` in
vmod_std.
* New ``MAIN.shm_bytes`` counter.
* A ``req.http.via`` header is set before entering
``vcl_recv``. Via headers are generated using the
``server.identity`` value. It defaults to the host name and
can be turned into a pseudonym with the ``varnishd -i``
option. Via headers are appended in both directions, to work
with other hops that may advertise themselves.
* A ``resp.http.via`` header is no longer overwritten by
varnish, but rather appended to.
* The ``server.identity`` syntax is now limited to a "token" as
defined in the HTTP grammar to be suitable for Via headers.
* In ``varnishtest`` a Varnish instance will use its VTC
instance name as its instance name (``varnishd -i``) by
default for predictable Via headers in test cases.
* VMOD and VEXT authors can use functions from ``vnum.h``.
* Do not filter pseudo-headers as regular headers.
* The termination rules for ``WRK_BgThread()`` were relaxed to
allow VMODs to use it.
* ``(struct worker).handling`` has been moved to the newly
introduced ``struct wrk_vpi`` and replaced by a pointer to
it, as well as ``(struct vrt_ctx).handling`` has been
replaced by that pointer. ``struct wrk_vpi`` is for state at
the interface between VRT and VGC and, in particular, is not
const as ``struct vrt_ctx`` aka ``VRT_CTX``.
* Panics now contain information about VCL source files and
lines.
* The ``Begin`` log record has a 4th field for subtasks like
ESI sub-requests.
* The ``-E`` option for log utilities now works as documented,
with any type of sub-task based on the ``Begin[4]`` field.
This covers ESI like before, and sub-tasks spawned by VMODs
(provided that they log the new field).
* No more ``req.http.transfer-encoding`` for ESI sub-requests.
* The thread pool reserve is now limited to tasks that can be
queued. A backend background fetch is no longer eligible for
queueing. It would otherwise slow a grace hit down
significantly when thread pools are saturated.
* The unused ``fetch_no_thread`` counter was renamed to
``bgfetch_no_thread`` because regular backend fetch tasks are
always scheduled.
* The macros ``FEATURE()``, ``EXPERIMENT()``, ``DO_DEBUG()``,
``MGT_FEATURE()``, ``MGT_EXPERIMENT()``, ``MGT_DO_DEBUG()``
and ``MGT_VCC_FEATURE()`` now return a boolean value (``0``
or ``1``) instead of the (private) flag value.
* A regression in the transport code led MAIN.client_req to be
incremented for requests coming back from the waiting list,
it was fixed.
- Delete varnish-5.1.2-add-fallthrough-comments.patch
* Wed Sep 21 2022 Bernhard Wiedemann <bwiedemann@suse.com>
- Make reload fail nicely on vcl syntax error
- Set TasksMax=16384 because default thread_pool_max is 5000
* Mon Sep 19 2022 Bernhard Wiedemann <bwiedemann@suse.com>
- Fix varnish.service stop
* Sun Sep 18 2022 Bernhard Wiedemann <bwiedemann@suse.com>
- Fix logrotate
- Add service reload
* Fri Aug 12 2022 Jan Engelhardt <jengelh@inai.de>
- Update to release 7.1.1 [boo#1202350] [CVE-2022-38150]
* Resolve a denial of service attack involving reason phrases.
* Mon May 16 2022 Jan Engelhardt <jengelh@inai.de>
- Update to release 7.1.0 [boo#1195188] [CVE-2022-23959]
* VCL: It is now possible to assign a BLOB value to a BODY
variable, in addition to STRING as before.
* VMOD: New STRING strftime(TIME time, STRING format) function
for UTC formatting.
* Wed Dec 01 2021 Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Modified:
* varnish.service
* varnishlog.service
* Fri Aug 06 2021 Jan Engelhardt <jengelh@inai.de>
- Update to release 6.6.1
* Fix an HTTP/2.0 request smuggling vulnerability. [bnc#1188470]
* Sun Jul 04 2021 Dirk Müller <dmueller@suse.com>
- update to 6.6.0:
* The ban_cutoff parameter now refers to the overall length of
the ban list, including completed bans, where before only
non-completed (“active”) bans were counted towards ban_cutoff.
* Body bytes accounting has been fixed to always represent the
number of body bytes moved on the wire, exclusive of
protocol-specific overhead like HTTP/1 chunked encoding or
HTTP/2 framing.
* The connection close reason has been fixed to properly report
SC_RESP_CLOSE where previously only SC_REQ_CLOSE was reported.
* Unless the new validate_headers feature is disabled, all newly
set headers are now validated to contain only characters
allowed by RFC7230.
* The filter_re, keep_re and get_re functions from the bundled
cookie vmod have been changed to take the VCL_REGEX type. This
implies that their regular expression arguments now need to be
literal, not e.g. string.
* The interface for private pointers in VMODs has been changed,
the VRT backend interface has been changed, many filter
(VDP/VFP) related signatures have been changed, and the
stevedore API has been changed. (Details thereto, see online
changelog.)
/usr/include/varnish /usr/include/varnish/cache /usr/include/varnish/cache/cache.h /usr/include/varnish/cache/cache_backend.h /usr/include/varnish/cache/cache_director.h /usr/include/varnish/cache/cache_filter.h /usr/include/varnish/cache/cache_varnishd.h /usr/include/varnish/common /usr/include/varnish/common/common_param.h /usr/include/varnish/miniobj.h /usr/include/varnish/tbl /usr/include/varnish/tbl/acct_fields_bereq.h /usr/include/varnish/tbl/acct_fields_req.h /usr/include/varnish/tbl/backend_poll.h /usr/include/varnish/tbl/ban_arg_oper.h /usr/include/varnish/tbl/ban_oper.h /usr/include/varnish/tbl/ban_vars.h /usr/include/varnish/tbl/bereq_flags.h /usr/include/varnish/tbl/beresp_flags.h /usr/include/varnish/tbl/boc_state.h /usr/include/varnish/tbl/body_status.h /usr/include/varnish/tbl/cli_cmds.h /usr/include/varnish/tbl/debug_bits.h /usr/include/varnish/tbl/experimental_bits.h /usr/include/varnish/tbl/feature_bits.h /usr/include/varnish/tbl/h2_error.h /usr/include/varnish/tbl/h2_frames.h /usr/include/varnish/tbl/h2_settings.h /usr/include/varnish/tbl/h2_stream.h /usr/include/varnish/tbl/htc.h /usr/include/varnish/tbl/http_headers.h /usr/include/varnish/tbl/http_response.h /usr/include/varnish/tbl/locks.h /usr/include/varnish/tbl/obj_attr.h /usr/include/varnish/tbl/oc_exp_flags.h /usr/include/varnish/tbl/oc_flags.h /usr/include/varnish/tbl/params.h /usr/include/varnish/tbl/req_bereq_flags.h /usr/include/varnish/tbl/req_flags.h /usr/include/varnish/tbl/sess_attr.h /usr/include/varnish/tbl/sess_close.h /usr/include/varnish/tbl/symbol_kind.h /usr/include/varnish/tbl/vcc_feature_bits.h /usr/include/varnish/tbl/vcl_context.h /usr/include/varnish/tbl/vcl_returns.h /usr/include/varnish/tbl/vcl_states.h /usr/include/varnish/tbl/vhd_fsm.h /usr/include/varnish/tbl/vhd_fsm_funcs.h /usr/include/varnish/tbl/vhd_return.h /usr/include/varnish/tbl/vhp_huffman.h /usr/include/varnish/tbl/vhp_static.h /usr/include/varnish/tbl/vrt_stv_var.h /usr/include/varnish/tbl/vsc_levels.h /usr/include/varnish/tbl/vsig_list.h /usr/include/varnish/tbl/vsl_tags.h /usr/include/varnish/tbl/vsl_tags_http.h /usr/include/varnish/tbl/waiters.h /usr/include/varnish/vapi /usr/include/varnish/vapi/vapi_options.h /usr/include/varnish/vapi/voptget.h /usr/include/varnish/vapi/vsc.h /usr/include/varnish/vapi/vsig.h /usr/include/varnish/vapi/vsl.h /usr/include/varnish/vapi/vsl_int.h /usr/include/varnish/vapi/vsm.h /usr/include/varnish/vas.h /usr/include/varnish/vav.h /usr/include/varnish/vbh.h /usr/include/varnish/vbm.h /usr/include/varnish/vcl.h /usr/include/varnish/vcli.h /usr/include/varnish/vcs.h /usr/include/varnish/vdef.h /usr/include/varnish/vmod_abi.h /usr/include/varnish/vnum.h /usr/include/varnish/vqueue.h /usr/include/varnish/vre.h /usr/include/varnish/vre_pcre2.h /usr/include/varnish/vrnd.h /usr/include/varnish/vrt.h /usr/include/varnish/vrt_obj.h /usr/include/varnish/vsa.h /usr/include/varnish/vsb.h /usr/include/varnish/vsha256.h /usr/include/varnish/vtcp.h /usr/include/varnish/vte.h /usr/include/varnish/vtim.h /usr/include/varnish/vtree.h /usr/include/varnish/vut.h /usr/include/varnish/vut_options.h /usr/include/varnish/waiter /usr/include/varnish/waiter/waiter.h /usr/lib64/libvarnishapi.so /usr/lib64/pkgconfig/varnishapi.pc /usr/share/aclocal /usr/share/aclocal/varnish-legacy.m4 /usr/share/aclocal/varnish.m4
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu Oct 3 01:35:07 2024