- Update to release 7.2.1

OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=121
2022-11-09 17:25:08 +00:00 · 2022-11-09 17:25:08 +00:00 · 669e7343be
commit 669e7343be
parent 1400e623ef
4 changed files with 16 additions and 4 deletions
--- a/varnish-7.2.0.tgz
+++ b/varnish-7.2.0.tgz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1da8a97ed5f7b7d4d5e04fc5c96fc9a85cb3a20d076eba2b18951f4b306c9686
-size 4018697
--- a/varnish-7.2.1.tgz
+++ b/varnish-7.2.1.tgz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4d937d1720a8ec19c533f972d9303a1c9889b7bfca7437893ae5c27cf204a940
+size 4019119
--- a/varnish.changes
+++ b/varnish.changes
@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Wed Nov  9 17:16:51 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 7.2.1
+  * Attempts to mark well-known headers like Content-Length and
+    Host hop-by-hop through a Connection-header will now cause a
+    400 "Bad request" response.
+    (VSV00010, CVE-2022-45059, boo#1205243)
+  * Apply the same character set rules to HTTP/2 pseudo-headers
+    as is done on the corresponding HTTP/1 request-line field
+    parsing. (VSV00011, CVE-2022-45060, boo#1205242)
+
 -------------------------------------------------------------------
 Sat Oct 29 13:43:46 UTC 2022 - Dirk Müller <dmueller@suse.com>

--- a/varnish.spec
+++ b/varnish.spec
@ -25,7 +25,7 @@
 %define _fillupdir %_localstatedir/adm/fillup-templates
 %endif
 Name:           varnish
-Version:        7.2.0
+Version:        7.2.1
 Release:        0
 Summary:        Accelerator for HTTP services
 License:        BSD-2-Clause