Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

varnish-7.6.0-lp160.1.2 RPM for x86_64

From OpenSuSE Leap 16.0 for x86_64

Name: varnish Distribution: openSUSE Leap 16.0
Version: 7.6.0 Vendor: openSUSE
Release: lp160.1.2 Build date: Sat Oct 5 17:23:58 2024
Group: Productivity/Networking/Web/Proxy Build host: reproducible
Size: 3281163 Source RPM: varnish-7.6.0-lp160.1.2.src.rpm
Packager: https://bugs.opensuse.org
Url: https://varnish-cache.org/
Summary: Accelerator for HTTP services
Varnish is an HTTP accelerator. Often called Reverse Proxy, it is an
application that stores (caches) documents that have been requested
over the HTTP protocol.

Based on certain criteria, the next client requesting the document is either
given the cached document, or a "fresh" document requested from a backend
server. The purpose of this is to minimize the requests going to the backend
server(s) by serving the same document to potentially many users.

Provides

Requires

License

BSD-2-Clause

Changelog

* Sat Oct 05 2024 Andrea Manzini <[email protected]>
  - Update to release 7.6.0
    * The Varnish Delivery Processor (VDP) filter API has
      been generalized to also accommodate future use for
      backend request bodies.
    * VDPs with no vdp_bytes_f function are now supported if
      the vdp_init_f returns a value greater than zero to
      signify that the filter is not to be added to the
      chain. This is useful to support VDPs which only need
      to work on headers.
    * The epoll and kqueue waiters have been improved to
      correctly report WAITER_REMCLOSE, which increases the
      WAITER.*.remclose counter.
    * varnishtest now supports the shutdown command
      corresponding to the shutdown(2) standard C library
      call.
    * VSC counters for waiters have been added:
    * conns to count waits on idle connections
    * remclose to count idle connections closed by the peer
    * timeout to count idle connections which timed out in the waiter
    * action to count idle connections which resulted in a read
    * The port of a listen_endpoint given with the -a
      argument to varnishd can now also be a numerical port
      range like "80-89".
    * The warning "mlock() of VSM failed" message is now
      emitted when locking of shared memory segments (via
      mlock(2)) fails.
    * A bug has been fixed where string comparisons in VCL
      could fail with the nonsensical error message
      "Comparison of different types: STRING '==' STRING".
    * An issue has been addressed in the builtin.vcl where
      backend responses would fail if they contained a
      Content-Range header when no range was requested.
    * Additional SessError VSL events are now generated for
      various HTTP/2 protocol errors.
    * A new Linux jail has been added which is now the
      default on Linux. For now, it is almost identical to
      the Unix jail with one addition:
    * When the new Linux jail is used, the working directory
      not mounted on tmpfs partition.
    * A race condition with VCL temperature transitions has
      been addressed.
    * Internal management of probes has been reworked to
      address race conditions.
    * Backend tasks can now be instructed to queue if the
      backend has reached its max_connections.
    * The size of the buffer to hold panic messages is now
      tunable through the new panic_buffer parameter.
    * The Varnish Shared Memory (VSM) and Varnish Shared
      Counters (VSC) consumer implementation in libvarnishapi
      have been improved for stability and performance.
    * An issue has been fixed where Varnish Shared Log (VSL)
      queries (for example using ``varnishlog -q``) with
      numerical values would fail in unexpected ways due to
      truncation.
    * The ``ObjWaitExtend()`` Object API function gained a
      statep argument to optionally return the busy object
      state consistent with the current extension. A NULL
      value may be passed if the caller does not require it.
    * For backends using the ``.via`` attribute to connect
      through a proxy, the connect_timeout,
      ``first_byte_timeout`` and ``between_bytes_timeout``
      attributes are now inherited from proxy unless
      explicitly given.
    * varnishd now creates a worker_tmpdir which can be used
      by VMODs for temporary files. The VMOD developer
      documentation has details.
    * The environment variable VARNISH_DEFAULT_N now provides
      the default "varnish name" / "workdir" as otherwise
      specified by the ``-n`` argument to varnishd and
      varnish* utilities except varnishtest.
    * A glitch with TTL comparisons has been fixed which
      could, for example, lead to unexpected behavior with
      purge.soft().
* Tue Mar 26 2024 Jan Engelhardt <[email protected]>
  - Update to release 7.5.0
    * Resolved CVE-2023-44487, CVE-2024-30156 [boo#1221942]
    * The default value of cli_limit has been increased from 48KB
      to 64KB.
    * A new ``pipe_task_deadline`` directive specifies the maximum
      duration of a pipe transaction.
    * All the timeout parameters that can be disabled accept the
      "never" value.
    * Added parameters to control the HTTP/2 Rapid Reset attach.
* Tue Feb 06 2024 Arjen de Korte <[email protected]>
  - Use sysuser-tools to generate varnish user
* Fri Dec 01 2023 Dirk Müller <[email protected]>
  - update to 7.4.2 (bsc#1216123, CVE-2023-44487):
    * The ``vcl_req_reset`` feature (controllable through the ``feature``
      parameter, see `varnishd(1)`) has been added and enabled by default
      to terminate client side VCL processing early when the client is
      gone.
    * req_reset* events trigger a VCL failure and are reported to
      `vsl(7)` as ``Timestamp: Reset`` and accounted to ``main.req_reset``
      in `vsc` as visible through ``varnishstat(1)``.
      In particular, this feature is used to reduce resource consumption
      of HTTP/2 "rapid reset" attacks (see below).
      Note that *req_reset* events may lead to client tasks for which no
      VCL is called ever. Presumably, this is thus the first time that
      valid `vcl(7)` client transactions may not contain any ``VCL_call``
      records.
    * Added mitigation options and visibility for HTTP/2 "rapid reset"
      attacks
      Global rate limit controls have been added as parameters, which can
      be overridden per HTTP/2 session from VCL using the new vmod ``h2``:
    * The ``h2_rapid_reset`` parameter and ``h2.rapid_reset()`` function
      define a threshold duration for an ``RST_STREAM`` to be classified
      as "rapid": If an ``RST_STREAM`` frame is parsed sooner than this
      duration after a ``HEADERS`` frame, it is accounted against the
      rate limit described below.
    * The ``h2_rapid_reset_limit`` parameter and
      ``h2.rapid_reset_limit()`` function define how many "rapid" resets
      may be received during the time span defined by the
      ``h2_rapid_reset_period`` parameter / ``h2.rapid_reset_period()``
      function before the HTTP/2 connection is forcibly closed with a
      ``GOAWAY`` and all ongoing VCL client tasks of the connection are
      aborted.
      The defaults are 100 and 60 seconds, corresponding to an allowance
      of 100 "rapid" resets per minute.
    * The ``h2.rapid_reset_budget()`` function can be used to query the
      number of currently allowed "rapid" resets.
    * Sessions closed due to rapid reset rate limiting are reported as
      ``SessClose RAPID_RESET`` in `vsl(7)` and accounted to
      ``main.sc_rapid_reset`` in `vsc` as visible through
      ``varnishstat(1)``.
    * The ``cli_limit`` parameter default has been increased from 48KB to
      64KB.
    * ``VSUB_closefrom()`` now falls back to the base implementation not
      only if ``close_range()`` was determined to be unusable at compile
      time, but also at run time. That is to say, even if
      ``close_range()`` is compiled in, the fallback to the naive
      implementation remains.
* Thu Sep 21 2023 Jan Engelhardt <[email protected]>
  - Update to release 7.4.1
    * Response status codes other than 200 and 204 are now considered
      errors for ESI fragments.
    * Support for abstract AF_LOCAL sockets.
    * HTTP/2 header field validation is now more strict with respect
      to allowed characters.
    * VCL tracing now needs to be explicitly activated by setting the
      req.trace or bereq.trace VCL variables.
* Wed Nov 09 2022 Jan Engelhardt <[email protected]>
  - Update to release 7.2.1
    * Attempts to mark well-known headers like Content-Length and
      Host hop-by-hop through a Connection-header will now cause a
      400 "Bad request" response.
      (VSV00010, CVE-2022-45059, boo#1205243)
    * Apply the same character set rules to HTTP/2 pseudo-headers
      as is done on the corresponding HTTP/1 request-line field
      parsing. (VSV00011, CVE-2022-45060, boo#1205242)
* Sat Oct 29 2022 Dirk Müller <[email protected]>
  - update to 7.2.0:
    * Functions ``VRT_AddVDP()``, ``VRT_AddVFP()``,
      ``VRT_RemoveVDP()`` and ``VRT_RemoveVFP()`` are deprecated.
    * Cookie headers generated by vmod_cookie no longer have a
      spurious trailing semicolon at the end of the string. This
      could break VCL relying on the previous incorrect behavior.
    * The ``SessClose`` and ``BackendClose`` reason ``rx_body``,
      which previously output ``Failure receiving req.body``, has
      been rewritten to ``Failure receiving body``.
    * Prototypical Varnish Extensions (VEXT). Similar to VMODs, a
      VEXT is loaded by the cache process. Unlike VMODs that have
      the combined lifetime of all the VCLs that reference them, a
      VEXT has the lifetime of the cache process itself. There are
      no built-in extensions so far.
    * Duration parameters can optionally take a unit, with the same
      syntax as duration units in VCL.
    * Calls to ``VRT_CacheReqBody()`` and ``std.cache_req_body``
      from outside client vcl subs now fail properly instead of
      triggering an assertion failure.
    * New "B" string for the package branch in ``VCS_String()``.
      For the 7.2.0 version, it would yield the 7.2 branch.
    * The new ``vcc_feature`` bits parameter replaces previous
      ``vcc_*`` boolean parameters. The latter still exist as
      deprecated aliases.
    * The ``-k`` option from ``varnishlog`` is now supported by
      ``varnishncsa``.
    * New functions ``std.now()`` and ``std.timed_call()`` in
      vmod_std.
    * New ``MAIN.shm_bytes`` counter.
    * A ``req.http.via`` header is set before entering
      ``vcl_recv``. Via headers are generated using the
      ``server.identity`` value. It defaults to the host name and
      can be turned into a pseudonym with the ``varnishd -i``
      option. Via headers are appended in both directions, to work
      with other hops that may advertise themselves.
    * A ``resp.http.via`` header is no longer overwritten by
      varnish, but rather appended to.
    * The ``server.identity`` syntax is now limited to a "token" as
      defined in the HTTP grammar to be suitable for Via headers.
    * In ``varnishtest`` a Varnish instance will use its VTC
      instance name as its instance name (``varnishd -i``) by
      default for predictable Via headers in test cases.
    * VMOD and VEXT authors can use functions from ``vnum.h``.
    * Do not filter pseudo-headers as regular headers.
    * The termination rules for ``WRK_BgThread()`` were relaxed to
      allow VMODs to use it.
    * ``(struct worker).handling`` has been moved to the newly
      introduced ``struct wrk_vpi`` and replaced by a pointer to
      it, as well as ``(struct vrt_ctx).handling`` has been
      replaced by that pointer. ``struct wrk_vpi`` is for state at
      the interface between VRT and VGC and, in particular, is not
      const as ``struct vrt_ctx`` aka ``VRT_CTX``.
    * Panics now contain information about VCL source files and
      lines.
    * The ``Begin`` log record has a 4th field for subtasks like
      ESI sub-requests.
    * The ``-E`` option for log utilities now works as documented,
      with any type of sub-task based on the ``Begin[4]`` field.
      This covers ESI like before, and sub-tasks spawned by VMODs
      (provided that they log the new field).
    * No more ``req.http.transfer-encoding`` for ESI sub-requests.
    * The thread pool reserve is now limited to tasks that can be
      queued. A backend background fetch is no longer eligible for
      queueing. It would otherwise slow a grace hit down
      significantly when thread pools are saturated.
    * The unused ``fetch_no_thread`` counter was renamed to
      ``bgfetch_no_thread`` because regular backend fetch tasks are
      always scheduled.
    * The macros ``FEATURE()``, ``EXPERIMENT()``, ``DO_DEBUG()``,
      ``MGT_FEATURE()``, ``MGT_EXPERIMENT()``, ``MGT_DO_DEBUG()``
      and ``MGT_VCC_FEATURE()`` now return a boolean value (``0``
      or ``1``) instead of the (private) flag value.
    * A regression in the transport code led MAIN.client_req to be
      incremented for requests coming back from the waiting list,
      it was fixed.
  - Delete varnish-5.1.2-add-fallthrough-comments.patch
* Wed Sep 21 2022 Bernhard Wiedemann <[email protected]>
  - Make reload fail nicely on vcl syntax error
  - Set TasksMax=16384 because default thread_pool_max is 5000
* Mon Sep 19 2022 Bernhard Wiedemann <[email protected]>
  - Fix varnish.service stop
* Sun Sep 18 2022 Bernhard Wiedemann <[email protected]>
  - Fix logrotate
  - Add service reload
* Fri Aug 12 2022 Jan Engelhardt <[email protected]>
  - Update to release 7.1.1 [boo#1202350] [CVE-2022-38150]
    * Resolve a denial of service attack involving reason phrases.
* Mon May 16 2022 Jan Engelhardt <[email protected]>
  - Update to release 7.1.0 [boo#1195188] [CVE-2022-23959]
    * VCL: It is now possible to assign a BLOB value to a BODY
      variable, in addition to STRING as before.
    * VMOD: New STRING strftime(TIME time, STRING format) function
      for UTC formatting.
* Wed Dec 01 2021 Johannes Segitz <[email protected]>
  - Added hardening to systemd service(s) (bsc#1181400). Modified:
    * varnish.service
    * varnishlog.service
* Fri Aug 06 2021 Jan Engelhardt <[email protected]>
  - Update to release 6.6.1
    * Fix an HTTP/2.0 request smuggling vulnerability. [bnc#1188470]
* Sun Jul 04 2021 Dirk Müller <[email protected]>
  - update to 6.6.0:
    * The ban_cutoff parameter now refers to the overall length of
      the ban list, including completed bans, where before only
      non-completed (“active”) bans were counted towards ban_cutoff.
    * Body bytes accounting has been fixed to always represent the
      number of body bytes moved on the wire, exclusive of
      protocol-specific overhead like HTTP/1 chunked encoding or
      HTTP/2 framing.
    * The connection close reason has been fixed to properly report
      SC_RESP_CLOSE where previously only SC_REQ_CLOSE was reported.
    * Unless the new validate_headers feature is disabled, all newly
      set headers are now validated to contain only characters
      allowed by RFC7230.
    * The filter_re, keep_re and get_re functions from the bundled
      cookie vmod have been changed to take the VCL_REGEX type. This
      implies that their regular expression arguments now need to be
      literal, not e.g. string.
    * The interface for private pointers in VMODs has been changed,
      the VRT backend interface has been changed, many filter
      (VDP/VFP) related signatures have been changed, and the
      stevedore API has been changed. (Details thereto, see online
      changelog.)
* Fri Oct 02 2020 Jan Engelhardt <[email protected]>
  - Update to release 6.5.1
    * Bump the VRT_MAJOR_VERSION number defined in the vrt.h
* Thu Sep 17 2020 Jan Engelhardt <[email protected]>
  - Update to release 6.5.0
    * `PRIV_TOP` is now thread-safe to support parallel ESI
      implementations.
    * varnishstat's JSON output format (-j option) has been changed.
    * Behavior for 304-type responses was changed not to update the
      Content-Encoding response header of the stored object.
* Tue Jun 23 2020 Jan Engelhardt <[email protected]>
  - Disable LTO, this randomly fails during link stage.
* Tue Jun 09 2020 Jan Engelhardt <[email protected]>
  - Update Git-Web repository link
  - Set CFLAGS+=-fcommon.
* Tue Mar 17 2020 Jan Engelhardt <[email protected]>
  - Update to release 6.4.0
    * The MAIN.sess_drop counter is gone.
    * backend "none" was added for "no backend".
    * The hash algorithm of the hash director was changed, so
      backend selection will change once only when upgrading.
    * It is now possible for VMOD authors to customize the
      connection pooling of a dynamic backend.
    * For more, see changes.rst.
* Tue Feb 25 2020 Jan Engelhardt <[email protected]>
  - Update to release 6.3.2
    * Fix a denial of service vulnerability when using the proxy
      protocol version 2.
* Tue Sep 17 2019 Jan Engelhardt <[email protected]>
  - Update to release 6.3.0
    * The Host: header is folded to lower-case in the builtin_vcl.
    * Improved performance of shared memory statistics counters.
    * Synthetic objects created from vcl_backend_error {} now
      replace existing stale objects as ordinary backend fetches
      would (for details see changes.rst)
* Wed Sep 04 2019 Jan Engelhardt <[email protected]>
  - Update to release 6.2.1
    * Bugfix for CVE-2019-15892 [boo#1149382]
* Mon Aug 26 2019 Jan Engelhardt <[email protected]>
  - Add uninit.patch.
* Wed Mar 27 2019 Samu Voutilainen <[email protected]>
  - Updated to 6.2.0
    * Added a thread pool watchdog which will restart the worker
      process if scheduling tasks onto worker threads appears
      stuck. The new parameter "thread_pool_watchdog" configures
      it.
  - Disabled error for clobbering, which caused bogus
    error in varnishtest
* Wed May 02 2018 [email protected]
  - Put %fillup back into %post
* Mon Mar 19 2018 [email protected]
  - Update to new upstream release 6.0.0
    * Added support for Unix Domain Sockets, both for clients and
      for backend servers. This brings a new level of the VCL
      language, version 4.1.
    * Always use HTTP/1.1 on backend connections for pass fetch.
* Thu Nov 23 2017 [email protected]
  - Replace references to /var/adm/fillup-templates with new
    %_fillupdir macro (boo#1069468)
* Fri Jun 23 2017 [email protected]
  - Update to version 5.1.2:
    * Fix an endless loop in Backend Polling (#2295)
    * Fix a Chunked bug in tight workspaces (#2207, #2275)
    * Fix a bug relating to req.body when on waitinglist (#2266)
    * Handle EPIPE on broken TCP connections (#2267)
    * Work around the x86 arch's turbo-double FP format in parameter
      setup code. (#1875)
    * Fix race related to backend probe with proxy header (#2278)
    * Keep VCL temperature consistent between mgt/worker also when
      worker protests.
    * A lot of HTTP/2 fixes.
  - Changes introduced by version 5.1.1:
    * Fix bug introduced by stubborn old bugger right before release
      5.1.0 was cut.
  - Changes introduced by version 5.1.0:
    * Added varnishd command-line options -I, -x and -?, and
      tightened restrictions on permitted combinations of options.
    * More progress on support for HTTP/2.
    * Add ``return(fail)`` to almost all VCL subroutines.
    * Restored the old hit-for-pass, invoked with
      ``return(pass(DURATION))`` from
      ``vcl_backend_response``. hit-for-miss remains the default.
      Added the cache_hitmiss stat, and cache_hitpass only counts the
      new/old hit-for-pass cases. Restored HitPass to the Varnish
      log, and added HitMiss. Added the HFP prefix to TTL log entries
      to log a hit-for-pass duration.
    * Rolled back the fix for #1206. Client delivery decides solely
      whether to send a 304 client response, based on client request
      and response headers.
    * Added vtest.sh.
    * Added vxid as a lefthand side for VSL queries.
    * Added the setenv and write_body commands for Varnish test cases
      (VTCs). err_shell is deprecated. Also added the operators
    - cliexpect, -match and -hdrlen, and -reason replaces -msg.
      Added the ${bad_backend} macro.
    * varnishtest can be stopped with the TERM, INT and KILL signals,
      but not with HUP.
    * The fallback director has now an extra, optional parameter to
      keep using the current backend until it falls sick.
    * VMOD shared libraries are now copied to the workdir, to avoid
      problems when VMODs are updated via packaging systems.
    * Bump the VRT version to 6.0.
    * Export more symbols from libvarnishapi.so.
    * The size of the VSL log is limited to 4G-1b, placing upper
      bounds on the -l option and the vsl_space and vsm_space
      parameters.
    * Added parameters clock_step, thread_pool_reserve and
      ban_cutoff.
    * Parameters vcl_dir and vmod_dir are deprecated, use vcl_path
      and vmod_path instead.
    * All parameters are defined, even on platforms that don't
      support them. An unsupported parameter is documented as such in
      param.show. Setting such a parameter is not an error, but has
      no effect.
    * Clarified the interpretations of the + and - operators in VCL
      with operands of the various data types.
    * DURATION types may be used in boolean contexts.
    * INT, DURATION and REAL values can now be negative.
    * Response codes 1000 or greater may now be set in VCL
      internally. resp.status is delivered modulo 1000 in client
      responses.
    * IP addresses can be compared for equality in VCL.
    * Introduce the STEVEDORE data type, and the objects
      storage.SNAME in VCL. Added req.storage and beresp.storage;
      beresp.storage_hint is deprecated.
    * Retired the umem stevedore.
    * req.ttl is deprecated.
    * Added std.getenv() and std.late_100_continue().
    * The fetch_failed stat is incremented for any kind of fetch
      failure.
    * Added the stats n_test_gunzip and
      bans_lurker_obj_killed_cutoff.
    * Clarified the meanings of the %r, %{X}i and %{X}o formatters in
      varnishncsa.
  - Add varnish-5.1.2-add-fallthrough-comments.patch to fix build
    with GCC 7 (boo#1041259).
* Tue May 16 2017 [email protected]
  - BuildRequire python3-docutils instead of python-docutils.
* Sun Sep 25 2016 [email protected]
  - Update to new upstream release 5.0.0
  - The varnishd "-u NNN" option, which may be remaining in
    /etc/sysconfig/varnish, has been replaced with "-j unix,user=NNN".
    * Varnish 5.0 changes some (mostly) internal APIs and adds some
    major new features over Varnish 4.1.
    * 5.0 supports jumping from the active VCL's vcl_recv{} to another
    VCL via a VCL label.
    * Very Experimental HTTP/2 support
    * We have added to the "directors" VMOD — an overhauled version of
    a director which was available as an out-of-tree VMOD under the
    name VSLP for a couple of years. It is basically a better hash
    director which uses consistent hashing to provide improved
    stability of backend node selection when the configuration and/or
    health state of backends changes.
    * Hit-For-Pass is now actually Hit-For-Miss
    * We have made the ban lurker even more efficient by example of
    some real live situations with tens of thousands of bans using
    inefficient regular expressions.
    * The waitinglist logic for ESI subrequests now uses condition
    variables to trigger immediate continuation of ESI processing
    when an object being waited for becomes available.
    * Backend PROXY protocol requests are now supported through the
    .proxy_header attribute of the backend definition.
    * VCL files are now also being searched for in
    /usr/share/varnish/vcl if not found in /etc/varnish.
    * The basic device detection vcl is now bundled with varnish.
* Thu Aug 18 2016 [email protected]
  - Add "-ffloat-store -fexcess-precision=standard" to CFLAGS when
    building for ix86, working around bug gcc#323. See also
    gh#varnish/Varnish-Cache#88.
* Fri Apr 22 2016 [email protected]
  - Update to new upstream release 4.1.2
    * vmods: Passing VCL ACL to a vmod is now possible.
    * vmods: VRT_MINOR_VERSION increase due to new function:
    VRT_acl_match()
    * Be stricter when parsing a HTTP request to avoid potential HTTP
    smuggling attacks against vulnerable backends.
* Tue Mar 08 2016 [email protected]
  - Report testsuite failure to build log and make testsuite nonfatal
    as there seems to be one swaying test, tests/r01478.vtc.
* Tue Feb 16 2016 [email protected]
  - disable silent rules in spec file.
  - enable testsuite for varnish.
* Tue Feb 16 2016 [email protected]
  - Update to new upstream release 4.1.1
    * Improved security features (jails).
    * Support for PROXY protocol.
    * Warm and cold VCL states.
    * Backends defined through VMODs.
    * A lot of bugs were fixed.
  - Delete 0001-Fail-fetch-on-malformed-Content-Length-header.patch,
      this issue was fixed in upstream.
  - Add 'su varnish varnish' line to varnish.logrotate file.
  - Cleanup with spec-cleaner.
* Fri Mar 27 2015 [email protected]
  - Update to new upstream release 4.0.3
    * Full support for streaming objects through from the backend on a
    cache miss. Bytes will be sent to 1..n requesting clients as they
    come in from the backend server.
    * Background (re)fetch of expired objects. On a cache miss where a
    stale copy is available, serve the client the stale copy while
    fetching an updated copy from the backend in the background.
    * New varnishlog query language, allowing automatic grouping of
    requests when debugging ESI or a failed backend request.
    * Comprehensive request timestamp and byte counters.
  - Add 0001-Fail-fetch-on-malformed-Content-Length-header.patch
    [bnc#921316]
* Fri Jan 03 2014 [email protected]
  - Updated to 3.0.5, contains fix for CVE-2013-4484
    * A bad interaction between -b, -c and -m in the varnishlog tool
    has been fixed.
    * A malformed request could in some configurations lead to Varnish
    crashing has been corrected. (CVE-2013-4484)
    * Duplicate Content-Length headers were in some cases sent to
    clients when streaming is enabled, this has been fixed.
    * ESI parse errors are no longer printed to standard output.
    * Stop segfaulting if the first part of a synthetic page is NULL.
  - Remove 0001-Make-up-our-mind-Any-req.-we-receive-from-the-client.patch
    and varnish-disable-pcrejit.diff (merged upstream)
* Fri Nov 01 2013 [email protected]
  - Add 0001-Make-up-our-mind-Any-req.-we-receive-from-the-client.patch
    (CVE-2013-4484, bnc#48451)
* Fri Oct 04 2013 [email protected]
  - Deactivate libpcre JIT (bnc#839358), add varnish-disable-pcrejit.diff
* Sun Sep 23 2012 [email protected]
  - Update to version 3.0.3
    * Fixed excessive session workspace allocations.
    * Fixed some crashes in the case of out of memory
    * Fixed an infinite loop in the regex parser.
    * DNS director now uses port 80 by default if not specified.
    * Introduce idle_send_timeout and increase default value for
    send_timeout to 600s. This allows a long send timeout for slow
    clients while still being able to disconnect idle clients.
    * Fixed a crash when passing with streaming on.
    * Fixed a crash in the idle session timeout code.
    * Fixed an issue where the poll waiter did not timeout clients if
    all clients were idle.
    * Log regex errors instead of crashing.
    * Introduce pcre_match_limit, and pcre_match_limit_recursion
    parameters.
    * Add CLI commands to manually control health state of a
    backend.
* Wed Feb 08 2012 [email protected]
  - Update to new upstream release 3.0.2
    * Add support for ESI and gzip
    * Handle objects larger than 2G
    * HTTP Range support is now enabled by default
    * "307 Temporary redirect" is now considered cacheable
    * see ChangeLog (packaged) or
    http://varnish-cache.org/trac/browser/doc/changes.rst
    for details
  - Note that the -s file,/var/cache/varnish,524288 argument (check
    /etc/sysconfig/varnish) needs at least "1M" instead of 524288
    or the daemon will not start anymore.
  - Add systemd unit files
* Thu Dec 08 2011 [email protected]
  - fix license to be in spdx.org format
* Tue May 10 2011 [email protected]
  - Varnish Requires a C compiler, the vcl scripts are compiled
    and loaded as DSO.
* Sat Apr 16 2011 [email protected]
  - remove configure option --enable-debugging-symbols
    it overrides buildsystem optimization levels.
* Sat Apr 16 2011 [email protected]
  - Update to version 2.1.5
    * Two bugs relating to Content-Length and possible duplication
      of Content-Length headers have been resolved.
    * Fixed an issue with re-using connections after Chunked-Encoding.
    * Use the time of cache-insertion for "If-Modified-Since" requests
      if a "Last-Modified" header isn't provided by the backend.
    * Merge multi-line Vary and Cache-Control headers from clients,
      which Google Chromium seem to split up.
* Fri Apr 15 2011 [email protected]
  - use pkgconfig instead of pkg-config on SLES 9
* Sun Apr 03 2011 [email protected]
  - Fix security-problematic ownership of /etc/varnish files
    (bnc#678811)
  - Run spec-beautifier over it
  - Replace default shipped vcl.conf by something working
  - Run as varnish user
  - Start varnishlog together with varnishd
  - Properly use PID files in init script
* Sat Oct 09 2010 [email protected]
  - Create and package /var/log/varnish
* Thu Aug 05 2010 [email protected]
  - Update to new upstream release: 2.1.3
    * fixed an off-by-one error in the ESI handling causing includes to
    fail a large part of the time.
    * Avoid triggering an assert if the other end closes the connection
    while we are lingering and waiting for another request from them.
    * Make it possible to specify the per-thread stack size. This might
    be useful on 32 bit systems with their limited address space.
    * Persistent storage is now experimentally supported using the
    persistent stevedore. It has the same command line arguments as
    the file stevedore.
    * The regular expression engine is now PCRE instead of POSIX
    regular expressions.
    * Add a new hashing method called critbit. This autoscales and
    should work better on large object workloads than the classic
    hash. Critbit has been made the default hash algorithm.
    * Add support for authenticating CLI connections.
    * Add hash director that chooses which backend to use depending on
    req.hash.
    * Add client director that chooses which backend to use depending
    on the client's IP address. Note that this ignores the
    X-Forwarded-For header.
    * Add a timestamp to bans, so you can know how old they are.
    * Varnish can now connect its CLI to a remote instance when
    starting up, rather than just being connected to.
    * It is no longer needed to specify the maximum number of HTTP
    headers to allow from backends. This is now a run-time parameter.
    * HEAD requests would be converted to GET requests too early, which
    affected pass and pipe. This has been fixed.
    * Add experimental support for the Range header. This has to be
    enabled using the parameter http_range_support.
  - Add PreReqs for %post
  - Run %setup quietly
  - Remove unneeded .la files from installation - libraries are in
    a standard directory already
  - Avoid use of bash-specific &>/dev/null during %post
  - Refine file lists
  - Remove old changelog from .spec - changelog is in .changes
* Tue Dec 15 2009 [email protected]
  - update 2.0.5
* Fri Apr 03 2009 [email protected]
  - update to 2.0.4
* Tue Mar 10 2009 [email protected]
  - update to 2.0.3
* Wed Jul 25 2007 [email protected]
  - updated to 1.1
* Tue Feb 20 2007 [email protected]
  - update to version 1.0.3
    Consistency issues with statistics and backend parameters were
    fixed. Parsing of -w command-line options was fixed. A
    short-lived DNS cache was added to avoid thrashing DNS servers
    when the backend fails.
* Sat Dec 02 2006 [email protected]
  - fixing build on sles9
  - added files from the official rh4 rpm:
    o init scripts for non suse distros
    o the default configs for all distros
  - added init/sysconfig script for suse.
  - we create a user now. Remaining TODO item: how to run varnish as
    non root user on port 80?
* Sun Nov 19 2006 [email protected]
  - update to 1.0.2

Files

/etc/logrotate.d/varnish
/etc/varnish
/etc/varnish/vcl.conf
/usr/lib/systemd/system/varnish.service
/usr/lib/systemd/system/varnishlog.service
/usr/lib/sysusers.d/system-user-varnish.conf
/usr/lib64/varnish
/usr/lib64/varnish/vmods
/usr/lib64/varnish/vmods/libvmod_blob.so
/usr/lib64/varnish/vmods/libvmod_cookie.so
/usr/lib64/varnish/vmods/libvmod_debug.so
/usr/lib64/varnish/vmods/libvmod_directors.so
/usr/lib64/varnish/vmods/libvmod_h2.so
/usr/lib64/varnish/vmods/libvmod_proxy.so
/usr/lib64/varnish/vmods/libvmod_purge.so
/usr/lib64/varnish/vmods/libvmod_std.so
/usr/lib64/varnish/vmods/libvmod_unix.so
/usr/lib64/varnish/vmods/libvmod_vtc.so
/usr/sbin/rcvarnish
/usr/sbin/rcvarnishlog
/usr/sbin/varnish_reload_vcl
/usr/sbin/varnishadm
/usr/sbin/varnishd
/usr/sbin/varnishhist
/usr/sbin/varnishlog
/usr/sbin/varnishncsa
/usr/sbin/varnishstat
/usr/sbin/varnishstat_help_gen
/usr/sbin/varnishtest
/usr/sbin/varnishtop
/usr/share/doc/packages/varnish
/usr/share/doc/packages/varnish/LICENSE
/usr/share/doc/packages/varnish/README.rst
/usr/share/doc/packages/varnish/builtin.vcl
/usr/share/doc/packages/varnish/changes.rst
/usr/share/doc/packages/varnish/example.vcl
/usr/share/fillup-templates/sysconfig.varnish
/usr/share/man/man1/varnishadm.1.gz
/usr/share/man/man1/varnishd.1.gz
/usr/share/man/man1/varnishhist.1.gz
/usr/share/man/man1/varnishlog.1.gz
/usr/share/man/man1/varnishncsa.1.gz
/usr/share/man/man1/varnishstat.1.gz
/usr/share/man/man1/varnishtest.1.gz
/usr/share/man/man1/varnishtop.1.gz
/usr/share/man/man3/vmod_blob.3.gz
/usr/share/man/man3/vmod_cookie.3.gz
/usr/share/man/man3/vmod_directors.3.gz
/usr/share/man/man3/vmod_h2.3.gz
/usr/share/man/man3/vmod_proxy.3.gz
/usr/share/man/man3/vmod_purge.3.gz
/usr/share/man/man3/vmod_std.3.gz
/usr/share/man/man3/vmod_unix.3.gz
/usr/share/man/man3/vmod_vtc.3.gz
/usr/share/man/man7/varnish-cli.7.gz
/usr/share/man/man7/varnish-counters.7.gz
/usr/share/man/man7/vcl-backend.7.gz
/usr/share/man/man7/vcl-probe.7.gz
/usr/share/man/man7/vcl-step.7.gz
/usr/share/man/man7/vcl-var.7.gz
/usr/share/man/man7/vcl.7.gz
/usr/share/man/man7/vsl-query.7.gz
/usr/share/man/man7/vsl.7.gz
/usr/share/man/man7/vtc.7.gz
/usr/share/varnish
/usr/share/varnish/vcc
/usr/share/varnish/vcc/vmod_blob.vcc
/usr/share/varnish/vcc/vmod_cookie.vcc
/usr/share/varnish/vcc/vmod_directors.vcc
/usr/share/varnish/vcc/vmod_h2.vcc
/usr/share/varnish/vcc/vmod_proxy.vcc
/usr/share/varnish/vcc/vmod_purge.vcc
/usr/share/varnish/vcc/vmod_std.vcc
/usr/share/varnish/vcc/vmod_unix.vcc
/usr/share/varnish/vcc/vmod_vtc.vcc
/usr/share/varnish/vcl
/usr/share/varnish/vcl/devicedetect.vcl
/usr/share/varnish/vmodtool.py
/usr/share/varnish/vsctool.py
/var/cache/varnish
/var/lib/varnish
/var/log/varnish


Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Dec 20 23:34:21 2024