varnish/varnish.changes

521 lines
21 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

-------------------------------------------------------------------
Mon May 16 20:10:21 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
- Update to release 7.1.0 [boo#1195188] [CVE-2022-23959]
* VCL: It is now possible to assign a BLOB value to a BODY
variable, in addition to STRING as before.
* VMOD: New STRING strftime(TIME time, STRING format) function
for UTC formatting.
-------------------------------------------------------------------
Wed Dec 1 10:27:19 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Modified:
* varnish.service
* varnishlog.service
-------------------------------------------------------------------
Fri Aug 6 10:02:27 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
- Update to release 6.6.1
* Fix an HTTP/2.0 request smuggling vulnerability. [bnc#1188470]
-------------------------------------------------------------------
Sun Jul 4 20:13:29 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 6.6.0:
* The ban_cutoff parameter now refers to the overall length of
the ban list, including completed bans, where before only
non-completed (“active”) bans were counted towards ban_cutoff.
* Body bytes accounting has been fixed to always represent the
number of body bytes moved on the wire, exclusive of
protocol-specific overhead like HTTP/1 chunked encoding or
HTTP/2 framing.
* The connection close reason has been fixed to properly report
SC_RESP_CLOSE where previously only SC_REQ_CLOSE was reported.
* Unless the new validate_headers feature is disabled, all newly
set headers are now validated to contain only characters
allowed by RFC7230.
* The filter_re, keep_re and get_re functions from the bundled
cookie vmod have been changed to take the VCL_REGEX type. This
implies that their regular expression arguments now need to be
literal, not e.g. string.
* The interface for private pointers in VMODs has been changed,
the VRT backend interface has been changed, many filter
(VDP/VFP) related signatures have been changed, and the
stevedore API has been changed. (Details thereto, see online
changelog.)
-------------------------------------------------------------------
Fri Oct 2 12:27:56 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
- Update to release 6.5.1
* Bump the VRT_MAJOR_VERSION number defined in the vrt.h
-------------------------------------------------------------------
Thu Sep 17 08:34:30 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
- Update to release 6.5.0
* `PRIV_TOP` is now thread-safe to support parallel ESI
implementations.
* varnishstat's JSON output format (-j option) has been changed.
* Behavior for 304-type responses was changed not to update the
Content-Encoding response header of the stored object.
-------------------------------------------------------------------
Tue Jun 23 07:35:15 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
- Disable LTO, this randomly fails during link stage.
-------------------------------------------------------------------
Tue Jun 9 19:33:32 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
- Update Git-Web repository link
- Set CFLAGS+=-fcommon.
-------------------------------------------------------------------
Tue Mar 17 12:59:44 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
- Update to release 6.4.0
* The MAIN.sess_drop counter is gone.
* backend "none" was added for "no backend".
* The hash algorithm of the hash director was changed, so
backend selection will change once only when upgrading.
* It is now possible for VMOD authors to customize the
connection pooling of a dynamic backend.
* For more, see changes.rst.
-------------------------------------------------------------------
Tue Feb 25 08:39:21 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
- Update to release 6.3.2
* Fix a denial of service vulnerability when using the proxy
protocol version 2.
-------------------------------------------------------------------
Tue Sep 17 11:23:27 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Update to release 6.3.0
* The Host: header is folded to lower-case in the builtin_vcl.
* Improved performance of shared memory statistics counters.
* Synthetic objects created from vcl_backend_error {} now
replace existing stale objects as ordinary backend fetches
would (for details see changes.rst)
-------------------------------------------------------------------
Wed Sep 4 10:27:37 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Update to release 6.2.1
* Bugfix for CVE-2019-15892 [boo#1149382]
-------------------------------------------------------------------
Mon Aug 26 10:52:05 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Add uninit.patch.
-------------------------------------------------------------------
Wed Mar 27 10:01:08 UTC 2019 - Samu Voutilainen <smar@smar.fi>
- Updated to 6.2.0
* Added a thread pool watchdog which will restart the worker
process if scheduling tasks onto worker threads appears
stuck. The new parameter "thread_pool_watchdog" configures
it.
- Disabled error for clobbering, which caused bogus
error in varnishtest
-------------------------------------------------------------------
Wed May 2 06:47:32 UTC 2018 - jengelh@inai.de
- Put %fillup back into %post
-------------------------------------------------------------------
Mon Mar 19 22:22:35 UTC 2018 - jengelh@inai.de
- Update to new upstream release 6.0.0
* Added support for Unix Domain Sockets, both for clients and
for backend servers. This brings a new level of the VCL
language, version 4.1.
* Always use HTTP/1.1 on backend connections for pass fetch.
-------------------------------------------------------------------
Thu Nov 23 13:50:41 UTC 2017 - rbrown@suse.com
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
-------------------------------------------------------------------
Fri Jun 23 19:42:07 UTC 2017 - antoine.belvire@opensuse.org
- Update to version 5.1.2:
* Fix an endless loop in Backend Polling (#2295)
* Fix a Chunked bug in tight workspaces (#2207, #2275)
* Fix a bug relating to req.body when on waitinglist (#2266)
* Handle EPIPE on broken TCP connections (#2267)
* Work around the x86 arch's turbo-double FP format in parameter
setup code. (#1875)
* Fix race related to backend probe with proxy header (#2278)
* Keep VCL temperature consistent between mgt/worker also when
worker protests.
* A lot of HTTP/2 fixes.
- Changes introduced by version 5.1.1:
* Fix bug introduced by stubborn old bugger right before release
5.1.0 was cut.
- Changes introduced by version 5.1.0:
* Added varnishd command-line options -I, -x and -?, and
tightened restrictions on permitted combinations of options.
* More progress on support for HTTP/2.
* Add ``return(fail)`` to almost all VCL subroutines.
* Restored the old hit-for-pass, invoked with
``return(pass(DURATION))`` from
``vcl_backend_response``. hit-for-miss remains the default.
Added the cache_hitmiss stat, and cache_hitpass only counts the
new/old hit-for-pass cases. Restored HitPass to the Varnish
log, and added HitMiss. Added the HFP prefix to TTL log entries
to log a hit-for-pass duration.
* Rolled back the fix for #1206. Client delivery decides solely
whether to send a 304 client response, based on client request
and response headers.
* Added vtest.sh.
* Added vxid as a lefthand side for VSL queries.
* Added the setenv and write_body commands for Varnish test cases
(VTCs). err_shell is deprecated. Also added the operators
-cliexpect, -match and -hdrlen, and -reason replaces -msg.
Added the ${bad_backend} macro.
* varnishtest can be stopped with the TERM, INT and KILL signals,
but not with HUP.
* The fallback director has now an extra, optional parameter to
keep using the current backend until it falls sick.
* VMOD shared libraries are now copied to the workdir, to avoid
problems when VMODs are updated via packaging systems.
* Bump the VRT version to 6.0.
* Export more symbols from libvarnishapi.so.
* The size of the VSL log is limited to 4G-1b, placing upper
bounds on the -l option and the vsl_space and vsm_space
parameters.
* Added parameters clock_step, thread_pool_reserve and
ban_cutoff.
* Parameters vcl_dir and vmod_dir are deprecated, use vcl_path
and vmod_path instead.
* All parameters are defined, even on platforms that don't
support them. An unsupported parameter is documented as such in
param.show. Setting such a parameter is not an error, but has
no effect.
* Clarified the interpretations of the + and - operators in VCL
with operands of the various data types.
* DURATION types may be used in boolean contexts.
* INT, DURATION and REAL values can now be negative.
* Response codes 1000 or greater may now be set in VCL
internally. resp.status is delivered modulo 1000 in client
responses.
* IP addresses can be compared for equality in VCL.
* Introduce the STEVEDORE data type, and the objects
storage.SNAME in VCL. Added req.storage and beresp.storage;
beresp.storage_hint is deprecated.
* Retired the umem stevedore.
* req.ttl is deprecated.
* Added std.getenv() and std.late_100_continue().
* The fetch_failed stat is incremented for any kind of fetch
failure.
* Added the stats n_test_gunzip and
bans_lurker_obj_killed_cutoff.
* Clarified the meanings of the %r, %{X}i and %{X}o formatters in
varnishncsa.
- Add varnish-5.1.2-add-fallthrough-comments.patch to fix build
with GCC 7 (boo#1041259).
-------------------------------------------------------------------
Tue May 16 20:14:01 UTC 2017 - dimstar@opensuse.org
- BuildRequire python3-docutils instead of python-docutils.
-------------------------------------------------------------------
Sun Sep 25 13:44:37 UTC 2016 - jengelh@inai.de
- Update to new upstream release 5.0.0
- The varnishd "-u NNN" option, which may be remaining in
/etc/sysconfig/varnish, has been replaced with "-j unix,user=NNN".
* Varnish 5.0 changes some (mostly) internal APIs and adds some
major new features over Varnish 4.1.
* 5.0 supports jumping from the active VCL's vcl_recv{} to another
VCL via a VCL label.
* Very Experimental HTTP/2 support
* We have added to the "directors" VMOD — an overhauled version of
a director which was available as an out-of-tree VMOD under the
name VSLP for a couple of years. It is basically a better hash
director which uses consistent hashing to provide improved
stability of backend node selection when the configuration and/or
health state of backends changes.
* Hit-For-Pass is now actually Hit-For-Miss
* We have made the ban lurker even more efficient by example of
some real live situations with tens of thousands of bans using
inefficient regular expressions.
* The waitinglist logic for ESI subrequests now uses condition
variables to trigger immediate continuation of ESI processing
when an object being waited for becomes available.
* Backend PROXY protocol requests are now supported through the
.proxy_header attribute of the backend definition.
* VCL files are now also being searched for in
/usr/share/varnish/vcl if not found in /etc/varnish.
* The basic device detection vcl is now bundled with varnish.
-------------------------------------------------------------------
Thu Aug 18 07:08:52 UTC 2016 - dimstar@opensuse.org
- Add "-ffloat-store -fexcess-precision=standard" to CFLAGS when
building for ix86, working around bug gcc#323. See also
gh#varnish/Varnish-Cache#88.
-------------------------------------------------------------------
Fri Apr 22 14:15:43 UTC 2016 - jengelh@inai.de
- Update to new upstream release 4.1.2
* vmods: Passing VCL ACL to a vmod is now possible.
* vmods: VRT_MINOR_VERSION increase due to new function:
VRT_acl_match()
* Be stricter when parsing a HTTP request to avoid potential HTTP
smuggling attacks against vulnerable backends.
-------------------------------------------------------------------
Tue Mar 8 08:47:30 UTC 2016 - jengelh@inai.de
- Report testsuite failure to build log and make testsuite nonfatal
as there seems to be one swaying test, tests/r01478.vtc.
-------------------------------------------------------------------
Tue Feb 16 12:52:51 UTC 2016 - eshmarnev@suse.com
- disable silent rules in spec file.
- enable testsuite for varnish.
-------------------------------------------------------------------
Tue Feb 16 12:16:47 UTC 2016 - eshmarnev@suse.com
- Update to new upstream release 4.1.1
* Improved security features (jails).
* Support for PROXY protocol.
* Warm and cold VCL states.
* Backends defined through VMODs.
* A lot of bugs were fixed.
- Delete 0001-Fail-fetch-on-malformed-Content-Length-header.patch,
this issue was fixed in upstream.
- Add 'su varnish varnish' line to varnish.logrotate file.
- Cleanup with spec-cleaner.
-------------------------------------------------------------------
Fri Mar 27 10:34:15 UTC 2015 - jengelh@inai.de
- Update to new upstream release 4.0.3
* Full support for streaming objects through from the backend on a
cache miss. Bytes will be sent to 1..n requesting clients as they
come in from the backend server.
* Background (re)fetch of expired objects. On a cache miss where a
stale copy is available, serve the client the stale copy while
fetching an updated copy from the backend in the background.
* New varnishlog query language, allowing automatic grouping of
requests when debugging ESI or a failed backend request.
* Comprehensive request timestamp and byte counters.
- Add 0001-Fail-fetch-on-malformed-Content-Length-header.patch
[bnc#921316]
-------------------------------------------------------------------
Fri Jan 3 10:57:19 UTC 2014 - danimo@owncloud.com
- Updated to 3.0.5, contains fix for CVE-2013-4484
* A bad interaction between -b, -c and -m in the varnishlog tool
has been fixed.
* A malformed request could in some configurations lead to Varnish
crashing has been corrected. (CVE-2013-4484)
* Duplicate Content-Length headers were in some cases sent to
clients when streaming is enabled, this has been fixed.
* ESI parse errors are no longer printed to standard output.
* Stop segfaulting if the first part of a synthetic page is NULL.
- Remove 0001-Make-up-our-mind-Any-req.-we-receive-from-the-client.patch
and varnish-disable-pcrejit.diff (merged upstream)
-------------------------------------------------------------------
Fri Nov 1 18:52:49 UTC 2013 - jengelh@inai.de
- Add 0001-Make-up-our-mind-Any-req.-we-receive-from-the-client.patch
(CVE-2013-4484, bnc#48451)
-------------------------------------------------------------------
Fri Oct 4 21:48:01 UTC 2013 - jengelh@inai.de
- Deactivate libpcre JIT (bnc#839358), add varnish-disable-pcrejit.diff
-------------------------------------------------------------------
Sun Sep 23 21:30:35 UTC 2012 - nmo.marques@gmail.com
- Update to version 3.0.3
* Fixed excessive session workspace allocations.
* Fixed some crashes in the case of out of memory
* Fixed an infinite loop in the regex parser.
* DNS director now uses port 80 by default if not specified.
* Introduce idle_send_timeout and increase default value for
send_timeout to 600s. This allows a long send timeout for slow
clients while still being able to disconnect idle clients.
* Fixed a crash when passing with streaming on.
* Fixed a crash in the idle session timeout code.
* Fixed an issue where the poll waiter did not timeout clients if
all clients were idle.
* Log regex errors instead of crashing.
* Introduce pcre_match_limit, and pcre_match_limit_recursion
parameters.
* Add CLI commands to manually control health state of a
backend.
-------------------------------------------------------------------
Wed Feb 8 23:26:10 UTC 2012 - jengelh@medozas.de
- Update to new upstream release 3.0.2
* Add support for ESI and gzip
* Handle objects larger than 2G
* HTTP Range support is now enabled by default
* "307 Temporary redirect" is now considered cacheable
* see ChangeLog (packaged) or
http://varnish-cache.org/trac/browser/doc/changes.rst
for details
- Note that the -s file,/var/cache/varnish,524288 argument (check
/etc/sysconfig/varnish) needs at least "1M" instead of 524288
or the daemon will not start anymore.
- Add systemd unit files
-------------------------------------------------------------------
Thu Dec 8 13:51:14 UTC 2011 - coolo@suse.com
- fix license to be in spdx.org format
-------------------------------------------------------------------
Tue May 10 14:01:13 UTC 2011 - crrodriguez@opensuse.org
- Varnish Requires a C compiler, the vcl scripts are compiled
and loaded as DSO.
-------------------------------------------------------------------
Sat Apr 16 17:26:10 UTC 2011 - crrodriguez@opensuse.org
- remove configure option --enable-debugging-symbols
it overrides buildsystem optimization levels.
-------------------------------------------------------------------
Sat Apr 16 17:12:11 UTC 2011 - crrodriguez@opensuse.org
- Update to version 2.1.5
* Two bugs relating to Content-Length and possible duplication
of Content-Length headers have been resolved.
* Fixed an issue with re-using connections after Chunked-Encoding.
* Use the time of cache-insertion for "If-Modified-Since" requests
if a "Last-Modified" header isn't provided by the backend.
* Merge multi-line Vary and Cache-Control headers from clients,
which Google Chromium seem to split up.
-------------------------------------------------------------------
Fri Apr 15 22:36:02 UTC 2011 - mrueckert@suse.de
- use pkgconfig instead of pkg-config on SLES 9
-------------------------------------------------------------------
Sun Apr 3 23:38:24 UTC 2011 - jengelh@medozas.de
- Fix security-problematic ownership of /etc/varnish files
(bnc#678811)
- Run spec-beautifier over it
- Replace default shipped vcl.conf by something working
- Run as varnish user
- Start varnishlog together with varnishd
- Properly use PID files in init script
-------------------------------------------------------------------
Sat Oct 9 04:31:06 UTC 2010 - jengelh@medozas.de
- Create and package /var/log/varnish
-------------------------------------------------------------------
Thu Aug 5 22:11:24 UTC 2010 - jengelh@medozas.de
- Update to new upstream release: 2.1.3
* fixed an off-by-one error in the ESI handling causing includes to
fail a large part of the time.
* Avoid triggering an assert if the other end closes the connection
while we are lingering and waiting for another request from them.
* Make it possible to specify the per-thread stack size. This might
be useful on 32 bit systems with their limited address space.
* Persistent storage is now experimentally supported using the
persistent stevedore. It has the same command line arguments as
the file stevedore.
* The regular expression engine is now PCRE instead of POSIX
regular expressions.
* Add a new hashing method called critbit. This autoscales and
should work better on large object workloads than the classic
hash. Critbit has been made the default hash algorithm.
* Add support for authenticating CLI connections.
* Add hash director that chooses which backend to use depending on
req.hash.
* Add client director that chooses which backend to use depending
on the client's IP address. Note that this ignores the
X-Forwarded-For header.
* Add a timestamp to bans, so you can know how old they are.
* Varnish can now connect its CLI to a remote instance when
starting up, rather than just being connected to.
* It is no longer needed to specify the maximum number of HTTP
headers to allow from backends. This is now a run-time parameter.
* HEAD requests would be converted to GET requests too early, which
affected pass and pipe. This has been fixed.
* Add experimental support for the Range header. This has to be
enabled using the parameter http_range_support.
- Add PreReqs for %post
- Run %setup quietly
- Remove unneeded .la files from installation - libraries are in
a standard directory already
- Avoid use of bash-specific &>/dev/null during %post
- Refine file lists
- Remove old changelog from .spec - changelog is in .changes
-------------------------------------------------------------------
Tue Dec 15 15:03.01 CEST 2009 - jg@internetx.de
- update 2.0.5
-------------------------------------------------------------------
Fri Apr 3 13:48:01 CEST 2009 - mrueckert@suse.de
- update to 2.0.4
-------------------------------------------------------------------
Tue Mar 10 17:47:23 CET 2009 - mrueckert@suse.de
- update to 2.0.3
-------------------------------------------------------------------
Wed Jul 25 22:16:29 CEST 2007 - mrueckert@suse.de
- updated to 1.1
-------------------------------------------------------------------
Tue Feb 20 18:28:29 CET 2007 - mrueckert@suse.de
- update to version 1.0.3
Consistency issues with statistics and backend parameters were
fixed. Parsing of -w command-line options was fixed. A
short-lived DNS cache was added to avoid thrashing DNS servers
when the backend fails.
-------------------------------------------------------------------
Sat Dec 2 17:14:16 CET 2006 - mrueckert@suse.de
- fixing build on sles9
- added files from the official rh4 rpm:
o init scripts for non suse distros
o the default configs for all distros
- added init/sysconfig script for suse.
- we create a user now. Remaining TODO item: how to run varnish as
non root user on port 80?
-------------------------------------------------------------------
Sun Nov 19 03:37:50 CET 2006 - mrueckert@suse.de
- update to 1.0.2