------------------------------------------------------------------- Tue Mar 17 12:59:44 UTC 2020 - Jan Engelhardt - Update to release 6.4.0 * The MAIN.sess_drop counter is gone. * backend "none" was added for "no backend". * The hash algorithm of the hash director was changed, so backend selection will change once only when upgrading. * It is now possible for VMOD authors to customize the connection pooling of a dynamic backend. * For more, see changes.rst. ------------------------------------------------------------------- Tue Feb 25 08:39:21 UTC 2020 - Jan Engelhardt - Update to release 6.3.2 * Fix a denial of service vulnerability when using the proxy protocol version 2. ------------------------------------------------------------------- Tue Sep 17 11:23:27 UTC 2019 - Jan Engelhardt - Update to release 6.3.0 * The Host: header is folded to lower-case in the builtin_vcl. * Improved performance of shared memory statistics counters. * Synthetic objects created from vcl_backend_error {} now replace existing stale objects as ordinary backend fetches would (for details see changes.rst) ------------------------------------------------------------------- Wed Sep 4 10:27:37 UTC 2019 - Jan Engelhardt - Update to release 6.2.1 * Bugfix for CVE-2019-15892 [boo#1149382] ------------------------------------------------------------------- Mon Aug 26 10:52:05 UTC 2019 - Jan Engelhardt - Add uninit.patch. ------------------------------------------------------------------- Wed Mar 27 10:01:08 UTC 2019 - Samu Voutilainen - Updated to 6.2.0 * Added a thread pool watchdog which will restart the worker process if scheduling tasks onto worker threads appears stuck. The new parameter "thread_pool_watchdog" configures it. - Disabled error for clobbering, which caused bogus error in varnishtest ------------------------------------------------------------------- Wed May 2 06:47:32 UTC 2018 - jengelh@inai.de - Put %fillup back into %post ------------------------------------------------------------------- Mon Mar 19 22:22:35 UTC 2018 - jengelh@inai.de - Update to new upstream release 6.0.0 * Added support for Unix Domain Sockets, both for clients and for backend servers. This brings a new level of the VCL language, version 4.1. * Always use HTTP/1.1 on backend connections for pass fetch. ------------------------------------------------------------------- Thu Nov 23 13:50:41 UTC 2017 - rbrown@suse.com - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) ------------------------------------------------------------------- Fri Jun 23 19:42:07 UTC 2017 - antoine.belvire@opensuse.org - Update to version 5.1.2: * Fix an endless loop in Backend Polling (#2295) * Fix a Chunked bug in tight workspaces (#2207, #2275) * Fix a bug relating to req.body when on waitinglist (#2266) * Handle EPIPE on broken TCP connections (#2267) * Work around the x86 arch's turbo-double FP format in parameter setup code. (#1875) * Fix race related to backend probe with proxy header (#2278) * Keep VCL temperature consistent between mgt/worker also when worker protests. * A lot of HTTP/2 fixes. - Changes introduced by version 5.1.1: * Fix bug introduced by stubborn old bugger right before release 5.1.0 was cut. - Changes introduced by version 5.1.0: * Added varnishd command-line options -I, -x and -?, and tightened restrictions on permitted combinations of options. * More progress on support for HTTP/2. * Add ``return(fail)`` to almost all VCL subroutines. * Restored the old hit-for-pass, invoked with ``return(pass(DURATION))`` from ``vcl_backend_response``. hit-for-miss remains the default. Added the cache_hitmiss stat, and cache_hitpass only counts the new/old hit-for-pass cases. Restored HitPass to the Varnish log, and added HitMiss. Added the HFP prefix to TTL log entries to log a hit-for-pass duration. * Rolled back the fix for #1206. Client delivery decides solely whether to send a 304 client response, based on client request and response headers. * Added vtest.sh. * Added vxid as a lefthand side for VSL queries. * Added the setenv and write_body commands for Varnish test cases (VTCs). err_shell is deprecated. Also added the operators -cliexpect, -match and -hdrlen, and -reason replaces -msg. Added the ${bad_backend} macro. * varnishtest can be stopped with the TERM, INT and KILL signals, but not with HUP. * The fallback director has now an extra, optional parameter to keep using the current backend until it falls sick. * VMOD shared libraries are now copied to the workdir, to avoid problems when VMODs are updated via packaging systems. * Bump the VRT version to 6.0. * Export more symbols from libvarnishapi.so. * The size of the VSL log is limited to 4G-1b, placing upper bounds on the -l option and the vsl_space and vsm_space parameters. * Added parameters clock_step, thread_pool_reserve and ban_cutoff. * Parameters vcl_dir and vmod_dir are deprecated, use vcl_path and vmod_path instead. * All parameters are defined, even on platforms that don't support them. An unsupported parameter is documented as such in param.show. Setting such a parameter is not an error, but has no effect. * Clarified the interpretations of the + and - operators in VCL with operands of the various data types. * DURATION types may be used in boolean contexts. * INT, DURATION and REAL values can now be negative. * Response codes 1000 or greater may now be set in VCL internally. resp.status is delivered modulo 1000 in client responses. * IP addresses can be compared for equality in VCL. * Introduce the STEVEDORE data type, and the objects storage.SNAME in VCL. Added req.storage and beresp.storage; beresp.storage_hint is deprecated. * Retired the umem stevedore. * req.ttl is deprecated. * Added std.getenv() and std.late_100_continue(). * The fetch_failed stat is incremented for any kind of fetch failure. * Added the stats n_test_gunzip and bans_lurker_obj_killed_cutoff. * Clarified the meanings of the %r, %{X}i and %{X}o formatters in varnishncsa. - Add varnish-5.1.2-add-fallthrough-comments.patch to fix build with GCC 7 (boo#1041259). ------------------------------------------------------------------- Tue May 16 20:14:01 UTC 2017 - dimstar@opensuse.org - BuildRequire python3-docutils instead of python-docutils. ------------------------------------------------------------------- Sun Sep 25 13:44:37 UTC 2016 - jengelh@inai.de - Update to new upstream release 5.0.0 - The varnishd "-u NNN" option, which may be remaining in /etc/sysconfig/varnish, has been replaced with "-j unix,user=NNN". * Varnish 5.0 changes some (mostly) internal APIs and adds some major new features over Varnish 4.1. * 5.0 supports jumping from the active VCL's vcl_recv{} to another VCL via a VCL label. * Very Experimental HTTP/2 support * We have added to the "directors" VMOD — an overhauled version of a director which was available as an out-of-tree VMOD under the name VSLP for a couple of years. It is basically a better hash director which uses consistent hashing to provide improved stability of backend node selection when the configuration and/or health state of backends changes. * Hit-For-Pass is now actually Hit-For-Miss * We have made the ban lurker even more efficient by example of some real live situations with tens of thousands of bans using inefficient regular expressions. * The waitinglist logic for ESI subrequests now uses condition variables to trigger immediate continuation of ESI processing when an object being waited for becomes available. * Backend PROXY protocol requests are now supported through the .proxy_header attribute of the backend definition. * VCL files are now also being searched for in /usr/share/varnish/vcl if not found in /etc/varnish. * The basic device detection vcl is now bundled with varnish. ------------------------------------------------------------------- Thu Aug 18 07:08:52 UTC 2016 - dimstar@opensuse.org - Add "-ffloat-store -fexcess-precision=standard" to CFLAGS when building for ix86, working around bug gcc#323. See also gh#varnish/Varnish-Cache#88. ------------------------------------------------------------------- Fri Apr 22 14:15:43 UTC 2016 - jengelh@inai.de - Update to new upstream release 4.1.2 * vmods: Passing VCL ACL to a vmod is now possible. * vmods: VRT_MINOR_VERSION increase due to new function: VRT_acl_match() * Be stricter when parsing a HTTP request to avoid potential HTTP smuggling attacks against vulnerable backends. ------------------------------------------------------------------- Tue Mar 8 08:47:30 UTC 2016 - jengelh@inai.de - Report testsuite failure to build log and make testsuite nonfatal as there seems to be one swaying test, tests/r01478.vtc. ------------------------------------------------------------------- Tue Feb 16 12:52:51 UTC 2016 - eshmarnev@suse.com - disable silent rules in spec file. - enable testsuite for varnish. ------------------------------------------------------------------- Tue Feb 16 12:16:47 UTC 2016 - eshmarnev@suse.com - Update to new upstream release 4.1.1 * Improved security features (jails). * Support for PROXY protocol. * Warm and cold VCL states. * Backends defined through VMODs. * A lot of bugs were fixed. - Delete 0001-Fail-fetch-on-malformed-Content-Length-header.patch, this issue was fixed in upstream. - Add 'su varnish varnish' line to varnish.logrotate file. - Cleanup with spec-cleaner. ------------------------------------------------------------------- Fri Mar 27 10:34:15 UTC 2015 - jengelh@inai.de - Update to new upstream release 4.0.3 * Full support for streaming objects through from the backend on a cache miss. Bytes will be sent to 1..n requesting clients as they come in from the backend server. * Background (re)fetch of expired objects. On a cache miss where a stale copy is available, serve the client the stale copy while fetching an updated copy from the backend in the background. * New varnishlog query language, allowing automatic grouping of requests when debugging ESI or a failed backend request. * Comprehensive request timestamp and byte counters. - Add 0001-Fail-fetch-on-malformed-Content-Length-header.patch [bnc#921316] ------------------------------------------------------------------- Fri Jan 3 10:57:19 UTC 2014 - danimo@owncloud.com - Updated to 3.0.5, contains fix for CVE-2013-4484 * A bad interaction between -b, -c and -m in the varnishlog tool has been fixed. * A malformed request could in some configurations lead to Varnish crashing has been corrected. (CVE-2013-4484) * Duplicate Content-Length headers were in some cases sent to clients when streaming is enabled, this has been fixed. * ESI parse errors are no longer printed to standard output. * Stop segfaulting if the first part of a synthetic page is NULL. - Remove 0001-Make-up-our-mind-Any-req.-we-receive-from-the-client.patch and varnish-disable-pcrejit.diff (merged upstream) ------------------------------------------------------------------- Fri Nov 1 18:52:49 UTC 2013 - jengelh@inai.de - Add 0001-Make-up-our-mind-Any-req.-we-receive-from-the-client.patch (CVE-2013-4484, bnc#48451) ------------------------------------------------------------------- Fri Oct 4 21:48:01 UTC 2013 - jengelh@inai.de - Deactivate libpcre JIT (bnc#839358), add varnish-disable-pcrejit.diff ------------------------------------------------------------------- Sun Sep 23 21:30:35 UTC 2012 - nmo.marques@gmail.com - Update to version 3.0.3 * Fixed excessive session workspace allocations. * Fixed some crashes in the case of out of memory * Fixed an infinite loop in the regex parser. * DNS director now uses port 80 by default if not specified. * Introduce idle_send_timeout and increase default value for send_timeout to 600s. This allows a long send timeout for slow clients while still being able to disconnect idle clients. * Fixed a crash when passing with streaming on. * Fixed a crash in the idle session timeout code. * Fixed an issue where the poll waiter did not timeout clients if all clients were idle. * Log regex errors instead of crashing. * Introduce pcre_match_limit, and pcre_match_limit_recursion parameters. * Add CLI commands to manually control health state of a backend. ------------------------------------------------------------------- Wed Feb 8 23:26:10 UTC 2012 - jengelh@medozas.de - Update to new upstream release 3.0.2 * Add support for ESI and gzip * Handle objects larger than 2G * HTTP Range support is now enabled by default * "307 Temporary redirect" is now considered cacheable * see ChangeLog (packaged) or http://varnish-cache.org/trac/browser/doc/changes.rst for details - Note that the -s file,/var/cache/varnish,524288 argument (check /etc/sysconfig/varnish) needs at least "1M" instead of 524288 or the daemon will not start anymore. - Add systemd unit files ------------------------------------------------------------------- Thu Dec 8 13:51:14 UTC 2011 - coolo@suse.com - fix license to be in spdx.org format ------------------------------------------------------------------- Tue May 10 14:01:13 UTC 2011 - crrodriguez@opensuse.org - Varnish Requires a C compiler, the vcl scripts are compiled and loaded as DSO. ------------------------------------------------------------------- Sat Apr 16 17:26:10 UTC 2011 - crrodriguez@opensuse.org - remove configure option --enable-debugging-symbols it overrides buildsystem optimization levels. ------------------------------------------------------------------- Sat Apr 16 17:12:11 UTC 2011 - crrodriguez@opensuse.org - Update to version 2.1.5 * Two bugs relating to Content-Length and possible duplication of Content-Length headers have been resolved. * Fixed an issue with re-using connections after Chunked-Encoding. * Use the time of cache-insertion for "If-Modified-Since" requests if a "Last-Modified" header isn't provided by the backend. * Merge multi-line Vary and Cache-Control headers from clients, which Google Chromium seem to split up. ------------------------------------------------------------------- Fri Apr 15 22:36:02 UTC 2011 - mrueckert@suse.de - use pkgconfig instead of pkg-config on SLES 9 ------------------------------------------------------------------- Sun Apr 3 23:38:24 UTC 2011 - jengelh@medozas.de - Fix security-problematic ownership of /etc/varnish files (bnc#678811) - Run spec-beautifier over it - Replace default shipped vcl.conf by something working - Run as varnish user - Start varnishlog together with varnishd - Properly use PID files in init script ------------------------------------------------------------------- Sat Oct 9 04:31:06 UTC 2010 - jengelh@medozas.de - Create and package /var/log/varnish ------------------------------------------------------------------- Thu Aug 5 22:11:24 UTC 2010 - jengelh@medozas.de - Update to new upstream release: 2.1.3 * fixed an off-by-one error in the ESI handling causing includes to fail a large part of the time. * Avoid triggering an assert if the other end closes the connection while we are lingering and waiting for another request from them. * Make it possible to specify the per-thread stack size. This might be useful on 32 bit systems with their limited address space. * Persistent storage is now experimentally supported using the persistent stevedore. It has the same command line arguments as the file stevedore. * The regular expression engine is now PCRE instead of POSIX regular expressions. * Add a new hashing method called critbit. This autoscales and should work better on large object workloads than the classic hash. Critbit has been made the default hash algorithm. * Add support for authenticating CLI connections. * Add hash director that chooses which backend to use depending on req.hash. * Add client director that chooses which backend to use depending on the client's IP address. Note that this ignores the X-Forwarded-For header. * Add a timestamp to bans, so you can know how old they are. * Varnish can now connect its CLI to a remote instance when starting up, rather than just being connected to. * It is no longer needed to specify the maximum number of HTTP headers to allow from backends. This is now a run-time parameter. * HEAD requests would be converted to GET requests too early, which affected pass and pipe. This has been fixed. * Add experimental support for the Range header. This has to be enabled using the parameter http_range_support. - Add PreReqs for %post - Run %setup quietly - Remove unneeded .la files from installation - libraries are in a standard directory already - Avoid use of bash-specific &>/dev/null during %post - Refine file lists - Remove old changelog from .spec - changelog is in .changes ------------------------------------------------------------------- Tue Dec 15 15:03.01 CEST 2009 - jg@internetx.de - update 2.0.5 ------------------------------------------------------------------- Fri Apr 3 13:48:01 CEST 2009 - mrueckert@suse.de - update to 2.0.4 ------------------------------------------------------------------- Tue Mar 10 17:47:23 CET 2009 - mrueckert@suse.de - update to 2.0.3 ------------------------------------------------------------------- Wed Jul 25 22:16:29 CEST 2007 - mrueckert@suse.de - updated to 1.1 ------------------------------------------------------------------- Tue Feb 20 18:28:29 CET 2007 - mrueckert@suse.de - update to version 1.0.3 Consistency issues with statistics and backend parameters were fixed. Parsing of -w command-line options was fixed. A short-lived DNS cache was added to avoid thrashing DNS servers when the backend fails. ------------------------------------------------------------------- Sat Dec 2 17:14:16 CET 2006 - mrueckert@suse.de - fixing build on sles9 - added files from the official rh4 rpm: o init scripts for non suse distros o the default configs for all distros - added init/sysconfig script for suse. - we create a user now. Remaining TODO item: how to run varnish as non root user on port 80? ------------------------------------------------------------------- Sun Nov 19 03:37:50 CET 2006 - mrueckert@suse.de - update to 1.0.2