File varnish.changes of Package varnish

Overview Repositories Revisions Requests Users Attributes Meta

File varnish.changes of Package varnish

-------------------------------------------------------------------
Sat Oct  5 15:23:58 UTC 2024 - Andrea Manzini <andrea.manzini@suse.com>

- Update to release 7.6.0
  * The Varnish Delivery Processor (VDP) filter API has
    been generalized to also accommodate future use for
    backend request bodies.
  * VDPs with no vdp_bytes_f function are now supported if
    the vdp_init_f returns a value greater than zero to
    signify that the filter is not to be added to the
    chain. This is useful to support VDPs which only need
    to work on headers.
  * The epoll and kqueue waiters have been improved to
    correctly report WAITER_REMCLOSE, which increases the
    WAITER.*.remclose counter.
  * varnishtest now supports the shutdown command
    corresponding to the shutdown(2) standard C library
    call.
  * VSC counters for waiters have been added:
     * conns to count waits on idle connections
     * remclose to count idle connections closed by the peer
     * timeout to count idle connections which timed out in the waiter
     * action to count idle connections which resulted in a read
  * The port of a listen_endpoint given with the -a
    argument to varnishd can now also be a numerical port
    range like "80-89".
  * The warning "mlock() of VSM failed" message is now
    emitted when locking of shared memory segments (via
    mlock(2)) fails.
  * A bug has been fixed where string comparisons in VCL
    could fail with the nonsensical error message
    "Comparison of different types: STRING '==' STRING".
  * An issue has been addressed in the builtin.vcl where
    backend responses would fail if they contained a
    Content-Range header when no range was requested.
  * Additional SessError VSL events are now generated for
    various HTTP/2 protocol errors.
  * A new Linux jail has been added which is now the
    default on Linux. For now, it is almost identical to
    the Unix jail with one addition:
  * When the new Linux jail is used, the working directory
    not mounted on tmpfs partition.
  * A race condition with VCL temperature transitions has
    been addressed.
  * Internal management of probes has been reworked to
    address race conditions.
  * Backend tasks can now be instructed to queue if the
    backend has reached its max_connections.
  * The size of the buffer to hold panic messages is now
    tunable through the new panic_buffer parameter.
  * The Varnish Shared Memory (VSM) and Varnish Shared
    Counters (VSC) consumer implementation in libvarnishapi
    have been improved for stability and performance.
  * An issue has been fixed where Varnish Shared Log (VSL)
    queries (for example using ``varnishlog -q``) with
    numerical values would fail in unexpected ways due to
    truncation.
  * The ``ObjWaitExtend()`` Object API function gained a
    statep argument to optionally return the busy object
    state consistent with the current extension. A NULL
    value may be passed if the caller does not require it.
  * For backends using the ``.via`` attribute to connect
    through a proxy, the connect_timeout,
    ``first_byte_timeout`` and ``between_bytes_timeout``
    attributes are now inherited from proxy unless
    explicitly given.
  * varnishd now creates a worker_tmpdir which can be used
    by VMODs for temporary files. The VMOD developer
    documentation has details.
  * The environment variable VARNISH_DEFAULT_N now provides
    the default "varnish name" / "workdir" as otherwise
    specified by the ``-n`` argument to varnishd and
    varnish* utilities except varnishtest.
  * A glitch with TTL comparisons has been fixed which
    could, for example, lead to unexpected behavior with
    purge.soft().

-------------------------------------------------------------------
Tue Mar 26 18:27:32 UTC 2024 - Jan Engelhardt <jengelh@inai.de>

- Update to release 7.5.0
  * Resolved CVE-2023-44487, CVE-2024-30156 [boo#1221942]
  * The default value of cli_limit has been increased from 48KB
    to 64KB.
  * A new ``pipe_task_deadline`` directive specifies the maximum
    duration of a pipe transaction.
  * All the timeout parameters that can be disabled accept the
    "never" value.
  * Added parameters to control the HTTP/2 Rapid Reset attach.

-------------------------------------------------------------------
Tue Feb  6 19:45:13 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>

- Use sysuser-tools to generate varnish user

-------------------------------------------------------------------
Fri Dec  1 09:34:39 UTC 2023 - Dirk Müller <dmueller@suse.com>

- update to 7.4.2 (bsc#1216123, CVE-2023-44487):
  * The ``vcl_req_reset`` feature (controllable through the ``feature``
    parameter, see `varnishd(1)`) has been added and enabled by default
    to terminate client side VCL processing early when the client is
    gone.
    *req_reset* events trigger a VCL failure and are reported to
    `vsl(7)` as ``Timestamp: Reset`` and accounted to ``main.req_reset``
    in `vsc` as visible through ``varnishstat(1)``.
    In particular, this feature is used to reduce resource consumption
    of HTTP/2 "rapid reset" attacks (see below).
    Note that *req_reset* events may lead to client tasks for which no
    VCL is called ever. Presumably, this is thus the first time that
    valid `vcl(7)` client transactions may not contain any ``VCL_call``
    records.
  * Added mitigation options and visibility for HTTP/2 "rapid reset"
    attacks
    Global rate limit controls have been added as parameters, which can
    be overridden per HTTP/2 session from VCL using the new vmod ``h2``:
    * The ``h2_rapid_reset`` parameter and ``h2.rapid_reset()`` function
      define a threshold duration for an ``RST_STREAM`` to be classified
      as "rapid": If an ``RST_STREAM`` frame is parsed sooner than this
      duration after a ``HEADERS`` frame, it is accounted against the
      rate limit described below.
    * The ``h2_rapid_reset_limit`` parameter and
      ``h2.rapid_reset_limit()`` function define how many "rapid" resets
      may be received during the time span defined by the
      ``h2_rapid_reset_period`` parameter / ``h2.rapid_reset_period()``
      function before the HTTP/2 connection is forcibly closed with a
      ``GOAWAY`` and all ongoing VCL client tasks of the connection are
      aborted.
      The defaults are 100 and 60 seconds, corresponding to an allowance
      of 100 "rapid" resets per minute.
    * The ``h2.rapid_reset_budget()`` function can be used to query the
      number of currently allowed "rapid" resets.
    * Sessions closed due to rapid reset rate limiting are reported as
      ``SessClose RAPID_RESET`` in `vsl(7)` and accounted to
      ``main.sc_rapid_reset`` in `vsc` as visible through
      ``varnishstat(1)``.
  * The ``cli_limit`` parameter default has been increased from 48KB to
    64KB.
  * ``VSUB_closefrom()`` now falls back to the base implementation not
    only if ``close_range()`` was determined to be unusable at compile
    time, but also at run time. That is to say, even if
    ``close_range()`` is compiled in, the fallback to the naive
    implementation remains.

-------------------------------------------------------------------
Thu Sep 21 02:13:28 UTC 2023 - Jan Engelhardt <jengelh@inai.de>

- Update to release 7.4.1
  * Response status codes other than 200 and 204 are now considered
    errors for ESI fragments.
  * Support for abstract AF_LOCAL sockets.
  * HTTP/2 header field validation is now more strict with respect
    to allowed characters.
  * VCL tracing now needs to be explicitly activated by setting the
    req.trace or bereq.trace VCL variables.

-------------------------------------------------------------------
Wed Nov  9 17:16:51 UTC 2022 - Jan Engelhardt <jengelh@inai.de>

- Update to release 7.2.1
  * Attempts to mark well-known headers like Content-Length and
    Host hop-by-hop through a Connection-header will now cause a
    400 "Bad request" response.
    (VSV00010, CVE-2022-45059, boo#1205243)
  * Apply the same character set rules to HTTP/2 pseudo-headers
    as is done on the corresponding HTTP/1 request-line field
    parsing. (VSV00011, CVE-2022-45060, boo#1205242)

-------------------------------------------------------------------
Sat Oct 29 13:43:46 UTC 2022 - Dirk Müller <dmueller@suse.com>

- update to 7.2.0:
  * Functions ``VRT_AddVDP()``, ``VRT_AddVFP()``,
    ``VRT_RemoveVDP()`` and ``VRT_RemoveVFP()`` are deprecated.
  * Cookie headers generated by vmod_cookie no longer have a
    spurious trailing semicolon at the end of the string. This
    could break VCL relying on the previous incorrect behavior.
  * The ``SessClose`` and ``BackendClose`` reason ``rx_body``,
    which previously output ``Failure receiving req.body``, has
    been rewritten to ``Failure receiving body``.
  * Prototypical Varnish Extensions (VEXT). Similar to VMODs, a
    VEXT is loaded by the cache process. Unlike VMODs that have
    the combined lifetime of all the VCLs that reference them, a
    VEXT has the lifetime of the cache process itself. There are
    no built-in extensions so far.
  * Duration parameters can optionally take a unit, with the same
    syntax as duration units in VCL.
  * Calls to ``VRT_CacheReqBody()`` and ``std.cache_req_body``
    from outside client vcl subs now fail properly instead of
    triggering an assertion failure.
  * New "B" string for the package branch in ``VCS_String()``.
    For the 7.2.0 version, it would yield the 7.2 branch.
  * The new ``vcc_feature`` bits parameter replaces previous
    ``vcc_*`` boolean parameters. The latter still exist as
    deprecated aliases.
  * The ``-k`` option from ``varnishlog`` is now supported by
    ``varnishncsa``.
  * New functions ``std.now()`` and ``std.timed_call()`` in
    vmod_std.
  * New ``MAIN.shm_bytes`` counter.
  * A ``req.http.via`` header is set before entering
    ``vcl_recv``. Via headers are generated using the
    ``server.identity`` value. It defaults to the host name and
    can be turned into a pseudonym with the ``varnishd -i``
    option. Via headers are appended in both directions, to work
    with other hops that may advertise themselves.
  * A ``resp.http.via`` header is no longer overwritten by
    varnish, but rather appended to.
  * The ``server.identity`` syntax is now limited to a "token" as
    defined in the HTTP grammar to be suitable for Via headers.
  * In ``varnishtest`` a Varnish instance will use its VTC
    instance name as its instance name (``varnishd -i``) by
    default for predictable Via headers in test cases.
  * VMOD and VEXT authors can use functions from ``vnum.h``.
  * Do not filter pseudo-headers as regular headers.
  * The termination rules for ``WRK_BgThread()`` were relaxed to
    allow VMODs to use it.
  * ``(struct worker).handling`` has been moved to the newly
    introduced ``struct wrk_vpi`` and replaced by a pointer to
    it, as well as ``(struct vrt_ctx).handling`` has been
    replaced by that pointer. ``struct wrk_vpi`` is for state at
    the interface between VRT and VGC and, in particular, is not
    const as ``struct vrt_ctx`` aka ``VRT_CTX``.
  * Panics now contain information about VCL source files and
    lines.
  * The ``Begin`` log record has a 4th field for subtasks like
    ESI sub-requests.
  * The ``-E`` option for log utilities now works as documented,
    with any type of sub-task based on the ``Begin[4]`` field.
    This covers ESI like before, and sub-tasks spawned by VMODs
    (provided that they log the new field).
  * No more ``req.http.transfer-encoding`` for ESI sub-requests.
  * The thread pool reserve is now limited to tasks that can be
    queued. A backend background fetch is no longer eligible for
    queueing. It would otherwise slow a grace hit down
    significantly when thread pools are saturated.
  * The unused ``fetch_no_thread`` counter was renamed to
    ``bgfetch_no_thread`` because regular backend fetch tasks are
    always scheduled.
  * The macros ``FEATURE()``, ``EXPERIMENT()``, ``DO_DEBUG()``,
    ``MGT_FEATURE()``, ``MGT_EXPERIMENT()``, ``MGT_DO_DEBUG()``
    and ``MGT_VCC_FEATURE()`` now return a boolean value (``0``
    or ``1``) instead of the (private) flag value.
  * A regression in the transport code led MAIN.client_req to be
    incremented for requests coming back from the waiting list,
    it was fixed.
- Delete varnish-5.1.2-add-fallthrough-comments.patch

-------------------------------------------------------------------
Wed Sep 21 08:10:13 UTC 2022 - Bernhard Wiedemann <bwiedemann@suse.com>

- Make reload fail nicely on vcl syntax error
- Set TasksMax=16384 because default thread_pool_max is 5000

-------------------------------------------------------------------
Mon Sep 19 02:44:04 UTC 2022 - Bernhard Wiedemann <bwiedemann@suse.com>

- Fix varnish.service stop

-------------------------------------------------------------------
Sun Sep 18 03:26:45 UTC 2022 - Bernhard Wiedemann <bwiedemann@suse.com>

- Fix logrotate
- Add service reload

-------------------------------------------------------------------
Fri Aug 12 10:32:58 UTC 2022 - Jan Engelhardt <jengelh@inai.de>

- Update to release 7.1.1 [boo#1202350] [CVE-2022-38150]
  * Resolve a denial of service attack involving reason phrases.

-------------------------------------------------------------------
Mon May 16 20:10:21 UTC 2022 - Jan Engelhardt <jengelh@inai.de>

- Update to release 7.1.0 [boo#1195188] [CVE-2022-23959]
  * VCL: It is now possible to assign a BLOB value to a BODY
    variable, in addition to STRING as before.
  * VMOD: New STRING strftime(TIME time, STRING format) function
    for UTC formatting.

-------------------------------------------------------------------
Wed Dec  1 10:27:19 UTC 2021 - Johannes Segitz <jsegitz@suse.com>

- Added hardening to systemd service(s) (bsc#1181400). Modified:
  * varnish.service
  * varnishlog.service

-------------------------------------------------------------------
Fri Aug  6 10:02:27 UTC 2021 - Jan Engelhardt <jengelh@inai.de>

- Update to release 6.6.1
  * Fix an HTTP/2.0 request smuggling vulnerability. [bnc#1188470]

-------------------------------------------------------------------
Sun Jul  4 20:13:29 UTC 2021 - Dirk Müller <dmueller@suse.com>

- update to 6.6.0:
  * The ban_cutoff parameter now refers to the overall length of
    the ban list, including completed bans, where before only
    non-completed (“active”) bans were counted towards ban_cutoff.
  * Body bytes accounting has been fixed to always represent the
    number of body bytes moved on the wire, exclusive of
    protocol-specific overhead like HTTP/1 chunked encoding or
    HTTP/2 framing.
  * The connection close reason has been fixed to properly report
    SC_RESP_CLOSE where previously only SC_REQ_CLOSE was reported.
  * Unless the new validate_headers feature is disabled, all newly
    set headers are now validated to contain only characters
    allowed by RFC7230.
  * The filter_re, keep_re and get_re functions from the bundled
    cookie vmod have been changed to take the VCL_REGEX type. This
    implies that their regular expression arguments now need to be
    literal, not e.g. string.
  * The interface for private pointers in VMODs has been changed,
    the VRT backend interface has been changed, many filter
    (VDP/VFP) related signatures have been changed, and the
    stevedore API has been changed. (Details thereto, see online
    changelog.)

-------------------------------------------------------------------
Fri Oct  2 12:27:56 UTC 2020 - Jan Engelhardt <jengelh@inai.de>

- Update to release 6.5.1
  * Bump the VRT_MAJOR_VERSION number defined in the vrt.h

-------------------------------------------------------------------
Thu Sep 17 08:34:30 UTC 2020 - Jan Engelhardt <jengelh@inai.de>

- Update to release 6.5.0
  * `PRIV_TOP` is now thread-safe to support parallel ESI
    implementations.
  * varnishstat's JSON output format (-j option) has been changed.
  * Behavior for 304-type responses was changed not to update the
    Content-Encoding response header of the stored object.

-------------------------------------------------------------------
Tue Jun 23 07:35:15 UTC 2020 - Jan Engelhardt <jengelh@inai.de>

- Disable LTO, this randomly fails during link stage.

-------------------------------------------------------------------
Tue Jun  9 19:33:32 UTC 2020 - Jan Engelhardt <jengelh@inai.de>

- Update Git-Web repository link
- Set CFLAGS+=-fcommon.

-------------------------------------------------------------------
Tue Mar 17 12:59:44 UTC 2020 - Jan Engelhardt <jengelh@inai.de>

- Update to release 6.4.0
  * The MAIN.sess_drop counter is gone.
  * backend "none" was added for "no backend".
  * The hash algorithm of the hash director was changed, so
    backend selection will change once only when upgrading.
  * It is now possible for VMOD authors to customize the
    connection pooling of a dynamic backend.
  * For more, see changes.rst.

-------------------------------------------------------------------
Tue Feb 25 08:39:21 UTC 2020 - Jan Engelhardt <jengelh@inai.de>

- Update to release 6.3.2
  * Fix a denial of service vulnerability when using the proxy
    protocol version 2.

-------------------------------------------------------------------
Tue Sep 17 11:23:27 UTC 2019 - Jan Engelhardt <jengelh@inai.de>

- Update to release 6.3.0
  * The Host: header is folded to lower-case in the builtin_vcl.
  * Improved performance of shared memory statistics counters.
  * Synthetic objects created from vcl_backend_error {} now
    replace existing stale objects as ordinary backend fetches
    would (for details see changes.rst)

-------------------------------------------------------------------
Wed Sep  4 10:27:37 UTC 2019 - Jan Engelhardt <jengelh@inai.de>

- Update to release 6.2.1
  * Bugfix for CVE-2019-15892 [boo#1149382]

-------------------------------------------------------------------
Mon Aug 26 10:52:05 UTC 2019 - Jan Engelhardt <jengelh@inai.de>

- Add uninit.patch.

-------------------------------------------------------------------
Wed Mar 27 10:01:08 UTC 2019 - Samu Voutilainen <smar@smar.fi>

- Updated to 6.2.0
  * Added a thread pool watchdog which will restart the worker
    process if scheduling tasks onto worker threads appears
    stuck. The new parameter "thread_pool_watchdog" configures
    it.
- Disabled error for clobbering, which caused bogus
  error in varnishtest

-------------------------------------------------------------------
Wed May  2 06:47:32 UTC 2018 - jengelh@inai.de

- Put %fillup back into %post

-------------------------------------------------------------------
Mon Mar 19 22:22:35 UTC 2018 - jengelh@inai.de

- Update to new upstream release 6.0.0
  * Added support for Unix Domain Sockets, both for clients and
    for backend servers. This brings a new level of the VCL
    language, version 4.1.
  * Always use HTTP/1.1 on backend connections for pass fetch.

-------------------------------------------------------------------
Thu Nov 23 13:50:41 UTC 2017 - rbrown@suse.com

- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)

-------------------------------------------------------------------
Fri Jun 23 19:42:07 UTC 2017 - antoine.belvire@opensuse.org

- Update to version 5.1.2:
  * Fix an endless loop in Backend Polling (#2295)
  * Fix a Chunked bug in tight workspaces (#2207, #2275)
  * Fix a bug relating to req.body when on waitinglist (#2266)
  * Handle EPIPE on broken TCP connections (#2267)
  * Work around the x86 arch's turbo-double FP format in parameter
    setup code. (#1875)
  * Fix race related to backend probe with proxy header (#2278)
  * Keep VCL temperature consistent between mgt/worker also when
    worker protests.
  * A lot of HTTP/2 fixes.
- Changes introduced by version 5.1.1:
  * Fix bug introduced by stubborn old bugger right before release
    5.1.0 was cut.
- Changes introduced by version 5.1.0:
  * Added varnishd command-line options -I, -x and -?, and
    tightened restrictions on permitted combinations of options.
  * More progress on support for HTTP/2.
  * Add ``return(fail)`` to almost all VCL subroutines.
  * Restored the old hit-for-pass, invoked with
    ``return(pass(DURATION))`` from
    ``vcl_backend_response``. hit-for-miss remains the default.
    Added the cache_hitmiss stat, and cache_hitpass only counts the
    new/old hit-for-pass cases. Restored HitPass to the Varnish
    log, and added HitMiss. Added the HFP prefix to TTL log entries
    to log a hit-for-pass duration.
  * Rolled back the fix for #1206. Client delivery decides solely
    whether to send a 304 client response, based on client request
    and response headers.
  * Added vtest.sh.
  * Added vxid as a lefthand side for VSL queries.
  * Added the setenv and write_body commands for Varnish test cases
    (VTCs). err_shell is deprecated. Also added the operators
    -cliexpect, -match and -hdrlen, and -reason replaces -msg.
    Added the ${bad_backend} macro.
  * varnishtest can be stopped with the TERM, INT and KILL signals,
    but not with HUP.
  * The fallback director has now an extra, optional parameter to
    keep using the current backend until it falls sick.
  * VMOD shared libraries are now copied to the workdir, to avoid
    problems when VMODs are updated via packaging systems.
  * Bump the VRT version to 6.0.
  * Export more symbols from libvarnishapi.so.
  * The size of the VSL log is limited to 4G-1b, placing upper
    bounds on the -l option and the vsl_space and vsm_space
    parameters.
  * Added parameters clock_step, thread_pool_reserve and
    ban_cutoff.
  * Parameters vcl_dir and vmod_dir are deprecated, use vcl_path
    and vmod_path instead.
  * All parameters are defined, even on platforms that don't
    support them. An unsupported parameter is documented as such in
    param.show. Setting such a parameter is not an error, but has
    no effect.
  * Clarified the interpretations of the + and - operators in VCL
    with operands of the various data types.
  * DURATION types may be used in boolean contexts.
  * INT, DURATION and REAL values can now be negative.
  * Response codes 1000 or greater may now be set in VCL
    internally. resp.status is delivered modulo 1000 in client
    responses.
  * IP addresses can be compared for equality in VCL.
  * Introduce the STEVEDORE data type, and the objects
    storage.SNAME in VCL. Added req.storage and beresp.storage;
    beresp.storage_hint is deprecated.
  * Retired the umem stevedore.
  * req.ttl is deprecated.
  * Added std.getenv() and std.late_100_continue().
  * The fetch_failed stat is incremented for any kind of fetch
    failure.
  * Added the stats n_test_gunzip and
    bans_lurker_obj_killed_cutoff.
  * Clarified the meanings of the %r, %{X}i and %{X}o formatters in
    varnishncsa.
- Add varnish-5.1.2-add-fallthrough-comments.patch to fix build
  with GCC 7 (boo#1041259).

-------------------------------------------------------------------
Tue May 16 20:14:01 UTC 2017 - dimstar@opensuse.org

- BuildRequire python3-docutils instead of python-docutils.

-------------------------------------------------------------------
Sun Sep 25 13:44:37 UTC 2016 - jengelh@inai.de

- Update to new upstream release 5.0.0
- The varnishd "-u NNN" option, which may be remaining in
  /etc/sysconfig/varnish, has been replaced with "-j unix,user=NNN".
* Varnish 5.0 changes some (mostly) internal APIs and adds some
  major new features over Varnish 4.1.
* 5.0 supports jumping from the active VCL's vcl_recv{} to another
  VCL via a VCL label.
* Very Experimental HTTP/2 support
* We have added to the "directors" VMOD — an overhauled version of
  a director which was available as an out-of-tree VMOD under the
  name VSLP for a couple of years. It is basically a better hash
  director which uses consistent hashing to provide improved
  stability of backend node selection when the configuration and/or
  health state of backends changes.
* Hit-For-Pass is now actually Hit-For-Miss
* We have made the ban lurker even more efficient by example of
  some real live situations with tens of thousands of bans using
  inefficient regular expressions.
* The waitinglist logic for ESI subrequests now uses condition
  variables to trigger immediate continuation of ESI processing
  when an object being waited for becomes available.
* Backend PROXY protocol requests are now supported through the
  .proxy_header attribute of the backend definition.
* VCL files are now also being searched for in
  /usr/share/varnish/vcl if not found in /etc/varnish.
* The basic device detection vcl is now bundled with varnish.

-------------------------------------------------------------------
Thu Aug 18 07:08:52 UTC 2016 - dimstar@opensuse.org

- Add "-ffloat-store -fexcess-precision=standard" to CFLAGS when
  building for ix86, working around bug gcc#323. See also
  gh#varnish/Varnish-Cache#88.

-------------------------------------------------------------------
Fri Apr 22 14:15:43 UTC 2016 - jengelh@inai.de

- Update to new upstream release 4.1.2
* vmods: Passing VCL ACL to a vmod is now possible.
* vmods: VRT_MINOR_VERSION increase due to new function:
  VRT_acl_match()
* Be stricter when parsing a HTTP request to avoid potential HTTP
  smuggling attacks against vulnerable backends.

-------------------------------------------------------------------
Tue Mar  8 08:47:30 UTC 2016 - jengelh@inai.de

- Report testsuite failure to build log and make testsuite nonfatal
  as there seems to be one swaying test, tests/r01478.vtc.

-------------------------------------------------------------------
Tue Feb 16 12:52:51 UTC 2016 - eshmarnev@suse.com

- disable silent rules in spec file.
- enable testsuite for varnish.

-------------------------------------------------------------------
Tue Feb 16 12:16:47 UTC 2016 - eshmarnev@suse.com

- Update to new upstream release 4.1.1
* Improved security features (jails).
* Support for PROXY protocol.
* Warm and cold VCL states.
* Backends defined through VMODs.
* A lot of bugs were fixed.
- Delete 0001-Fail-fetch-on-malformed-Content-Length-header.patch,
    this issue was fixed in upstream.
- Add 'su varnish varnish' line to varnish.logrotate file.
- Cleanup with spec-cleaner.

-------------------------------------------------------------------
Fri Mar 27 10:34:15 UTC 2015 - jengelh@inai.de

- Update to new upstream release 4.0.3
* Full support for streaming objects through from the backend on a
  cache miss. Bytes will be sent to 1..n requesting clients as they
  come in from the backend server.
* Background (re)fetch of expired objects. On a cache miss where a
  stale copy is available, serve the client the stale copy while
  fetching an updated copy from the backend in the background.
* New varnishlog query language, allowing automatic grouping of
  requests when debugging ESI or a failed backend request.
* Comprehensive request timestamp and byte counters.
- Add 0001-Fail-fetch-on-malformed-Content-Length-header.patch
  [bnc#921316]

-------------------------------------------------------------------
Fri Jan  3 10:57:19 UTC 2014 - danimo@owncloud.com

- Updated to 3.0.5, contains fix for CVE-2013-4484
* A bad interaction between -b, -c and -m in the varnishlog tool
  has been fixed.
* A malformed request could in some configurations lead to Varnish
  crashing has been corrected. (CVE-2013-4484)
* Duplicate Content-Length headers were in some cases sent to
  clients when streaming is enabled, this has been fixed.
* ESI parse errors are no longer printed to standard output.
* Stop segfaulting if the first part of a synthetic page is NULL.
- Remove 0001-Make-up-our-mind-Any-req.-we-receive-from-the-client.patch
  and varnish-disable-pcrejit.diff (merged upstream)

-------------------------------------------------------------------
Fri Nov  1 18:52:49 UTC 2013 - jengelh@inai.de

- Add 0001-Make-up-our-mind-Any-req.-we-receive-from-the-client.patch
  (CVE-2013-4484, bnc#48451)

-------------------------------------------------------------------
Fri Oct  4 21:48:01 UTC 2013 - jengelh@inai.de

- Deactivate libpcre JIT (bnc#839358), add varnish-disable-pcrejit.diff

-------------------------------------------------------------------
Sun Sep 23 21:30:35 UTC 2012 - nmo.marques@gmail.com

- Update to version 3.0.3
* Fixed excessive session workspace allocations.
* Fixed some crashes in the case of out of memory
* Fixed an infinite loop in the regex parser.
* DNS director now uses port 80 by default if not specified.
* Introduce idle_send_timeout and increase default value for
  send_timeout to 600s. This allows a long send timeout for slow
  clients while still being able to disconnect idle clients.
* Fixed a crash when passing with streaming on.
* Fixed a crash in the idle session timeout code.
* Fixed an issue where the poll waiter did not timeout clients if
  all clients were idle.
* Log regex errors instead of crashing.
* Introduce pcre_match_limit, and pcre_match_limit_recursion
  parameters.
* Add CLI commands to manually control health state of a
  backend.

-------------------------------------------------------------------
Wed Feb  8 23:26:10 UTC 2012 - jengelh@medozas.de

- Update to new upstream release 3.0.2
* Add support for ESI and gzip
* Handle objects larger than 2G
* HTTP Range support is now enabled by default
* "307 Temporary redirect" is now considered cacheable
* see ChangeLog (packaged) or
  http://varnish-cache.org/trac/browser/doc/changes.rst
  for details
- Note that the -s file,/var/cache/varnish,524288 argument (check
  /etc/sysconfig/varnish) needs at least "1M" instead of 524288
  or the daemon will not start anymore.
- Add systemd unit files

-------------------------------------------------------------------
Thu Dec  8 13:51:14 UTC 2011 - coolo@suse.com

- fix license to be in spdx.org format

-------------------------------------------------------------------
Tue May 10 14:01:13 UTC 2011 - crrodriguez@opensuse.org

- Varnish Requires a C compiler, the vcl scripts are compiled
  and loaded as DSO.

-------------------------------------------------------------------
Sat Apr 16 17:26:10 UTC 2011 - crrodriguez@opensuse.org

- remove configure option --enable-debugging-symbols
  it overrides buildsystem optimization levels.

-------------------------------------------------------------------
Sat Apr 16 17:12:11 UTC 2011 - crrodriguez@opensuse.org

- Update to version 2.1.5
   * Two bugs relating to Content-Length and possible duplication
    of Content-Length headers have been resolved.
   * Fixed an issue with re-using connections after Chunked-Encoding.
   * Use the time of cache-insertion for "If-Modified-Since" requests
     if a "Last-Modified" header isn't provided by the backend.
   * Merge multi-line Vary and Cache-Control headers from clients,
     which Google Chromium seem to split up.

-------------------------------------------------------------------
Fri Apr 15 22:36:02 UTC 2011 - mrueckert@suse.de

- use pkgconfig instead of pkg-config on SLES 9

-------------------------------------------------------------------
Sun Apr  3 23:38:24 UTC 2011 - jengelh@medozas.de

- Fix security-problematic ownership of /etc/varnish files
  (bnc#678811)
- Run spec-beautifier over it
- Replace default shipped vcl.conf by something working
- Run as varnish user
- Start varnishlog together with varnishd
- Properly use PID files in init script

-------------------------------------------------------------------
Sat Oct  9 04:31:06 UTC 2010 - jengelh@medozas.de

- Create and package /var/log/varnish

-------------------------------------------------------------------
Thu Aug  5 22:11:24 UTC 2010 - jengelh@medozas.de

- Update to new upstream release: 2.1.3
* fixed an off-by-one error in the ESI handling causing includes to
  fail a large part of the time.
* Avoid triggering an assert if the other end closes the connection
  while we are lingering and waiting for another request from them.
* Make it possible to specify the per-thread stack size. This might
  be useful on 32 bit systems with their limited address space.
* Persistent storage is now experimentally supported using the
  persistent stevedore. It has the same command line arguments as
  the file stevedore.
* The regular expression engine is now PCRE instead of POSIX
  regular expressions.
* Add a new hashing method called critbit. This autoscales and
  should work better on large object workloads than the classic
  hash. Critbit has been made the default hash algorithm.
* Add support for authenticating CLI connections.
* Add hash director that chooses which backend to use depending on
  req.hash.
* Add client director that chooses which backend to use depending
  on the client's IP address. Note that this ignores the
  X-Forwarded-For header.
* Add a timestamp to bans, so you can know how old they are.
* Varnish can now connect its CLI to a remote instance when
  starting up, rather than just being connected to.
* It is no longer needed to specify the maximum number of HTTP
  headers to allow from backends. This is now a run-time parameter.
* HEAD requests would be converted to GET requests too early, which
  affected pass and pipe. This has been fixed.
* Add experimental support for the Range header. This has to be
  enabled using the parameter http_range_support.
- Add PreReqs for %post
- Run %setup quietly
- Remove unneeded .la files from installation - libraries are in
  a standard directory already
- Avoid use of bash-specific &>/dev/null during %post
- Refine file lists
- Remove old changelog from .spec - changelog is in .changes

-------------------------------------------------------------------
Tue Dec 15 15:03.01 CEST 2009 - jg@internetx.de

- update 2.0.5

-------------------------------------------------------------------
Fri Apr  3 13:48:01 CEST 2009 - mrueckert@suse.de

- update to 2.0.4

-------------------------------------------------------------------
Tue Mar 10 17:47:23 CET 2009 - mrueckert@suse.de

- update to 2.0.3

-------------------------------------------------------------------
Wed Jul 25 22:16:29 CEST 2007 - mrueckert@suse.de

- updated to 1.1

-------------------------------------------------------------------
Tue Feb 20 18:28:29 CET 2007 - mrueckert@suse.de

- update to version 1.0.3
  Consistency issues with statistics and backend parameters were
  fixed. Parsing of -w command-line options was fixed. A
  short-lived DNS cache was added to avoid thrashing DNS servers
  when the backend fails.

-------------------------------------------------------------------
Sat Dec  2 17:14:16 CET 2006 - mrueckert@suse.de

- fixing build on sles9
- added files from the official rh4 rpm:
  o init scripts for non suse distros
  o the default configs for all distros
- added init/sysconfig script for suse.
- we create a user now. Remaining TODO item: how to run varnish as
  non root user on port 80?

-------------------------------------------------------------------
Sun Nov 19 03:37:50 CET 2006 - mrueckert@suse.de

- update to 1.0.2

Places

File varnish.changes of Package varnish

Places