Commit Graph

124 Commits

Author SHA256 Message Date
Ana Guerrero
43c2c09295 Accepting request 1162360 from server:http
- Update to release 7.5.0

OBS-URL: https://build.opensuse.org/request/show/1162360
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/varnish?expand=0&rev=46
2024-03-27 19:42:24 +00:00
14c6098d7e - Update to release 7.5.0
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=131
2024-03-26 19:03:20 +00:00
Ana Guerrero
63a905a041 Accepting request 1144754 from server:http
- Use sysuser-tools to generate varnish user

OBS-URL: https://build.opensuse.org/request/show/1144754
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/varnish?expand=0&rev=45
2024-02-07 17:49:17 +00:00
090382cbf5 OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=129 2024-02-06 22:11:08 +00:00
afb54fef80 use sysusers fragment from solanum
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=128
2024-02-06 22:10:52 +00:00
e0f1d84375 Accepting request 1144719 from home:adkorte:branches:server:http
- Use sysuser-tools to generate varnish user

OBS-URL: https://build.opensuse.org/request/show/1144719
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=127
2024-02-06 21:17:42 +00:00
Ana Guerrero
4368f0cf74 Accepting request 1130193 from server:http
- update to 7.4.2 (bsc#1216123, CVE-2023-44487):
  * The ``vcl_req_reset`` feature (controllable through the ``feature``
    parameter, see `varnishd(1)`) has been added and enabled by default
    to terminate client side VCL processing early when the client is
    gone.
    *req_reset* events trigger a VCL failure and are reported to
    `vsl(7)` as ``Timestamp: Reset`` and accounted to ``main.req_reset``
    in `vsc` as visible through ``varnishstat(1)``.
    In particular, this feature is used to reduce resource consumption
    of HTTP/2 "rapid reset" attacks (see below).
    Note that *req_reset* events may lead to client tasks for which no
    VCL is called ever. Presumably, this is thus the first time that
    valid `vcl(7)` client transactions may not contain any ``VCL_call``
    records.
  * Added mitigation options and visibility for HTTP/2 "rapid reset"
    attacks
    Global rate limit controls have been added as parameters, which can
    be overridden per HTTP/2 session from VCL using the new vmod ``h2``:
    * The ``h2_rapid_reset`` parameter and ``h2.rapid_reset()`` function
      define a threshold duration for an ``RST_STREAM`` to be classified
      as "rapid": If an ``RST_STREAM`` frame is parsed sooner than this
      duration after a ``HEADERS`` frame, it is accounted against the
      rate limit described below.
    * The ``h2_rapid_reset_limit`` parameter and
      ``h2.rapid_reset_limit()`` function define how many "rapid" resets
      may be received during the time span defined by the
      ``h2_rapid_reset_period`` parameter / ``h2.rapid_reset_period()``
      function before the HTTP/2 connection is forcibly closed with a
      ``GOAWAY`` and all ongoing VCL client tasks of the connection are
      aborted. (forwarded request 1130176 from dirkmueller)

OBS-URL: https://build.opensuse.org/request/show/1130193
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/varnish?expand=0&rev=44
2023-12-01 20:26:34 +00:00
89fe4afca9 Accepting request 1130176 from home:dirkmueller:Factory
- update to 7.4.2 (bsc#1216123, CVE-2023-44487):
  * The ``vcl_req_reset`` feature (controllable through the ``feature``
    parameter, see `varnishd(1)`) has been added and enabled by default
    to terminate client side VCL processing early when the client is
    gone.
    *req_reset* events trigger a VCL failure and are reported to
    `vsl(7)` as ``Timestamp: Reset`` and accounted to ``main.req_reset``
    in `vsc` as visible through ``varnishstat(1)``.
    In particular, this feature is used to reduce resource consumption
    of HTTP/2 "rapid reset" attacks (see below).
    Note that *req_reset* events may lead to client tasks for which no
    VCL is called ever. Presumably, this is thus the first time that
    valid `vcl(7)` client transactions may not contain any ``VCL_call``
    records.
  * Added mitigation options and visibility for HTTP/2 "rapid reset"
    attacks
    Global rate limit controls have been added as parameters, which can
    be overridden per HTTP/2 session from VCL using the new vmod ``h2``:
    * The ``h2_rapid_reset`` parameter and ``h2.rapid_reset()`` function
      define a threshold duration for an ``RST_STREAM`` to be classified
      as "rapid": If an ``RST_STREAM`` frame is parsed sooner than this
      duration after a ``HEADERS`` frame, it is accounted against the
      rate limit described below.
    * The ``h2_rapid_reset_limit`` parameter and
      ``h2.rapid_reset_limit()`` function define how many "rapid" resets
      may be received during the time span defined by the
      ``h2_rapid_reset_period`` parameter / ``h2.rapid_reset_period()``
      function before the HTTP/2 connection is forcibly closed with a
      ``GOAWAY`` and all ongoing VCL client tasks of the connection are
      aborted.

OBS-URL: https://build.opensuse.org/request/show/1130176
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=125
2023-12-01 10:53:55 +00:00
Ana Guerrero
60f8492851 Accepting request 1112701 from server:http
- Update to release 7.4.1

OBS-URL: https://build.opensuse.org/request/show/1112701
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/varnish?expand=0&rev=43
2023-09-21 20:22:50 +00:00
55077aa5c7 - Update to release 7.4.1
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=123
2023-09-21 05:39:19 +00:00
Dominique Leuenberger
4795ad8d64 Accepting request 1034895 from server:http
- Update to release 7.2.1

OBS-URL: https://build.opensuse.org/request/show/1034895
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/varnish?expand=0&rev=42
2022-11-10 13:22:54 +00:00
669e7343be - Update to release 7.2.1
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=121
2022-11-09 17:25:08 +00:00
Dominique Leuenberger
6c4ff67be0 Accepting request 1032578 from server:http
- update to 7.2.0:

OBS-URL: https://build.opensuse.org/request/show/1032578
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/varnish?expand=0&rev=41
2022-11-01 12:43:10 +00:00
1400e623ef - Delete varnish-5.1.2-add-fallthrough-comments.patch
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=120
2022-10-31 20:52:26 +00:00
bc21f1ddce wrap lines at the very obvious dashed line
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=119
2022-10-31 11:22:34 +00:00
e540b355c4 curate changelog for the user
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=118
2022-10-30 22:32:15 +00:00
b28be5bc0b Accepting request 1032206 from home:dirkmueller:Factory
- update to 7.2.0:
  * Functions ``VRT_AddVDP()``, ``VRT_AddVFP()``, ``VRT_RemoveVDP()`` and
    ``VRT_RemoveVFP()`` are deprecated.
  * Cookie headers generated by vmod_cookie no longer have a spurious trailing
    semi-colon (``';'``) at the end of the string. This could break VCL relying
    on the previous incorrect behavior.
  * The ``SessClose`` and ``BackendClose`` reason ``rx_body``, which
    previously output ``Failure receiving req.body``, has been rewritten
    to ``Failure receiving body``.
  * Prototypical Varnish Extensions (VEXT). Similar to VMODs, a VEXT is loaded
    by the cache process. Unlike VMODs that have the combined lifetime of all
    the VCLs that reference them, a VEXT has the lifetime of the cache process
    itself. There are no built-in extensions so far.
  * The VCC (compilation) process no longer loads VMODs with ``dlopen(3)`` to
    collect their metadata.
  * Stevedore initialization via the ``.init()`` callback has been moved
    to the worker process.
  * The parameter ``tcp_keepalive_time`` is supported on MacOS.
  * Duration parameters can optionally take a unit, with the same syntax as
    duration units in VCL. Example: ``param.set default_grace 1h``.
  * Calls to ``VRT_CacheReqBody()`` and ``std.cache_req_body`` from outside
    client vcl subs now fail properly instead of triggering an
    assertion failure (3846_).
  * New ``"B"`` string for the package branch in ``VCS_String()``. For the 7.2.0
    version, it would yield the 7.2 branch.
  * The Varnish version and branch are available in ``varnishtest`` through the
    ``${pkg_version}`` and ``${pkg_branch}`` macros.
  * New ``${topsrc}`` macro in ``varnishtest -i`` mode.
  * New ``process pNAME -match-text`` command in ``varnishtest`` to expect
    text matching a regular expression on screen.

OBS-URL: https://build.opensuse.org/request/show/1032206
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=117
2022-10-30 20:01:40 +00:00
Dominique Leuenberger
8f86817197 Accepting request 1005885 from server:http
OBS-URL: https://build.opensuse.org/request/show/1005885
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/varnish?expand=0&rev=40
2022-09-26 16:47:56 +00:00
e3091c8697 Accepting request 1005874 from home:bmwiedemann:branches:server:http
- Make reload fail nicely on vcl syntax error
- Set TasksMax=16384 because default thread_pool_max is 5000 so systemd killed varnish on high load

OBS-URL: https://build.opensuse.org/request/show/1005874
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=116
2022-09-25 13:07:01 +00:00
Dominique Leuenberger
3fa739ef1f Accepting request 1004579 from server:http
OBS-URL: https://build.opensuse.org/request/show/1004579
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/varnish?expand=0&rev=39
2022-09-19 14:03:15 +00:00
c765a642a6 Accepting request 1004526 from home:bmwiedemann:branches:server:http
Fix varnish.service stop

OBS-URL: https://build.opensuse.org/request/show/1004526
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=115
2022-09-19 07:18:07 +00:00
e21e452795 Accepting request 1004422 from home:bmwiedemann:branches:server:http
- Fix logrotate
- Add service reload

There is still trouble with systemctl stop varnish that takes too long.

OBS-URL: https://build.opensuse.org/request/show/1004422
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=114
2022-09-18 21:03:45 +00:00
Dominique Leuenberger
ee1781d47d Accepting request 994770 from server:http
- Update to release 7.1.1 [boo#1202350] [CVE-2022-38150]

OBS-URL: https://build.opensuse.org/request/show/994770
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/varnish?expand=0&rev=38
2022-08-12 14:07:07 +00:00
294631b11c - Update to release 7.1.1 [boo#1202350] [CVE-2022-38150]
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=113
2022-08-12 10:34:06 +00:00
Dominique Leuenberger
fddfe5ec29 Accepting request 977601 from server:http
- Update to release 7.1.0 [boo#1195188] [CVE-2022-23959]

OBS-URL: https://build.opensuse.org/request/show/977601
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/varnish?expand=0&rev=37
2022-05-17 15:24:29 +00:00
b3552e1294 - Update to release 7.1.0 [boo#1195188] [CVE-2022-23959]
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=112
2022-05-16 20:30:08 +00:00
fac46bdf5b enable verbose
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=111
2022-05-16 20:23:07 +00:00
4d5fced114 disable this stupid -Werror crap
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=110
2022-05-16 20:19:45 +00:00
538836357a - Update to release 7.1.0 [boo#1195188]
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=109
2022-05-16 20:11:26 +00:00
Dominique Leuenberger
e1d99d851b Accepting request 935002 from server:http
OBS-URL: https://build.opensuse.org/request/show/935002
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/varnish?expand=0&rev=36
2021-12-01 19:47:32 +00:00
68ffb942c8 Accepting request 934999 from home:jsegitz:branches:systemdhardening:server:http
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/934999
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=108
2021-12-01 14:16:09 +00:00
Dominique Leuenberger
0556c53759 Accepting request 910486 from server:http
- Update to release 6.6.1
  * Fix an HTTP/2.0 request smuggling vulnerability. [bnc#1188470]

OBS-URL: https://build.opensuse.org/request/show/910486
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/varnish?expand=0&rev=35
2021-08-06 20:45:02 +00:00
2959c7610e - Update to release 6.6.1
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=107
2021-08-06 10:27:56 +00:00
Dominique Leuenberger
9cc2de56d5 Accepting request 905813 from server:http
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/905813
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/varnish?expand=0&rev=34
2021-07-12 19:40:28 +00:00
c2469d457f fix mediocre changelog
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=106
2021-07-05 09:19:26 +00:00
666942b975 Accepting request 903989 from home:dirkmueller:Factory
- update to 6.6.0:
  * very long list of changes, see included changes.rst

OBS-URL: https://build.opensuse.org/request/show/903989
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=105
2021-07-05 09:10:42 +00:00
Dominique Leuenberger
ddcee58629 Accepting request 839157 from server:http
- Update to release 6.5.1

OBS-URL: https://build.opensuse.org/request/show/839157
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/varnish?expand=0&rev=33
2020-10-02 15:43:58 +00:00
21bf8cc46c - Update to release 6.5.1
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=104
2020-10-02 12:44:38 +00:00
Dominique Leuenberger
1c60446ca1 Accepting request 835135 from server:http
- Update to release 6.5.0

OBS-URL: https://build.opensuse.org/request/show/835135
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/varnish?expand=0&rev=32
2020-09-17 13:03:42 +00:00
d2a8f649fc - Update to release 6.5.0
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=103
2020-09-17 08:41:58 +00:00
Dominique Leuenberger
aa25c1095a Accepting request 816511 from server:http
- Disable LTO, this randomly fails during link stage.

- Update Git-Web repository link
- Set CFLAGS+=-fcommon.

OBS-URL: https://build.opensuse.org/request/show/816511
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/varnish?expand=0&rev=31
2020-06-23 19:06:17 +00:00
c88194dd38 - Disable LTO, this randomly fails during link stage.
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=102
2020-06-23 07:35:26 +00:00
3c0f3a9fe4 OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=101 2020-06-09 19:34:14 +00:00
Dominique Leuenberger
7418cb19e0 Accepting request 785931 from server:http
- Update to release 6.4.0

OBS-URL: https://build.opensuse.org/request/show/785931
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/varnish?expand=0&rev=30
2020-03-18 11:39:49 +00:00
687df1b6bf - Update to release 6.4.0
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=100
2020-03-17 13:01:39 +00:00
Dominique Leuenberger
ea61606c88 Accepting request 781116 from server:http
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/781116
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/varnish?expand=0&rev=29
2020-03-04 08:39:41 +00:00
052e8a9f7d - Update to release 6.3.2
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=99
2020-02-25 08:53:34 +00:00
Yuchen Lin
26d4323c7f Accepting request 731529 from server:http
- Update to release 6.3.0

OBS-URL: https://build.opensuse.org/request/show/731529
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/varnish?expand=0&rev=28
2019-09-18 11:12:50 +00:00
03ec8e673a - Update to release 6.3.0
OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=98
2019-09-17 11:29:58 +00:00
Dominique Leuenberger
8d2d4126e4 Accepting request 728299 from server:http
- Update to release 6.2.1
  * Bugfix for CVE-2019-15892 [boo#1149382]

OBS-URL: https://build.opensuse.org/request/show/728299
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/varnish?expand=0&rev=27
2019-09-05 10:46:25 +00:00