Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libvarnishapi3-7.6.0-1.1 RPM for i586

From OpenSuSE Ports Tumbleweed for i586

Name: libvarnishapi3 Distribution: openSUSE Tumbleweed
Version: 7.6.0 Vendor: openSUSE
Release: 1.1 Build date: Sat Oct 5 17:23:58 2024
Group: Productivity/Networking/Web/Proxy Build host: reproducible
Size: 263902 Source RPM: varnish-7.6.0-1.1.src.rpm
Packager: http://bugs.opensuse.org
Url: https://varnish-cache.org/
Summary: Shared libraries for Varnish
Varnish is an HTTP accelerator. Often called Reverse Proxy, it is an
application that stores (caches) documents that have been requested
over the HTTP protocol.

Based on certain criteria, the next client requesting the document is either
given the cached document, or a "fresh" document requested from a backend
server. The purpose of this is to minimize the requests going to the backend
server(s) by serving the same document to potentially many users.

This package holds the shared libraries for varnish.

Provides

Requires

License

BSD-2-Clause

Changelog

* Sat Oct 05 2024 Andrea Manzini <andrea.manzini@suse.com>
  - Update to release 7.6.0
    * The Varnish Delivery Processor (VDP) filter API has
      been generalized to also accommodate future use for
      backend request bodies.
    * VDPs with no vdp_bytes_f function are now supported if
      the vdp_init_f returns a value greater than zero to
      signify that the filter is not to be added to the
      chain. This is useful to support VDPs which only need
      to work on headers.
    * The epoll and kqueue waiters have been improved to
      correctly report WAITER_REMCLOSE, which increases the
      WAITER.*.remclose counter.
    * varnishtest now supports the shutdown command
      corresponding to the shutdown(2) standard C library
      call.
    * VSC counters for waiters have been added:
    * conns to count waits on idle connections
    * remclose to count idle connections closed by the peer
    * timeout to count idle connections which timed out in the waiter
    * action to count idle connections which resulted in a read
    * The port of a listen_endpoint given with the -a
      argument to varnishd can now also be a numerical port
      range like "80-89".
    * The warning "mlock() of VSM failed" message is now
      emitted when locking of shared memory segments (via
      mlock(2)) fails.
    * A bug has been fixed where string comparisons in VCL
      could fail with the nonsensical error message
      "Comparison of different types: STRING '==' STRING".
    * An issue has been addressed in the builtin.vcl where
      backend responses would fail if they contained a
      Content-Range header when no range was requested.
    * Additional SessError VSL events are now generated for
      various HTTP/2 protocol errors.
    * A new Linux jail has been added which is now the
      default on Linux. For now, it is almost identical to
      the Unix jail with one addition:
    * When the new Linux jail is used, the working directory
      not mounted on tmpfs partition.
    * A race condition with VCL temperature transitions has
      been addressed.
    * Internal management of probes has been reworked to
      address race conditions.
    * Backend tasks can now be instructed to queue if the
      backend has reached its max_connections.
    * The size of the buffer to hold panic messages is now
      tunable through the new panic_buffer parameter.
    * The Varnish Shared Memory (VSM) and Varnish Shared
      Counters (VSC) consumer implementation in libvarnishapi
      have been improved for stability and performance.
    * An issue has been fixed where Varnish Shared Log (VSL)
      queries (for example using ``varnishlog -q``) with
      numerical values would fail in unexpected ways due to
      truncation.
    * The ``ObjWaitExtend()`` Object API function gained a
      statep argument to optionally return the busy object
      state consistent with the current extension. A NULL
      value may be passed if the caller does not require it.
    * For backends using the ``.via`` attribute to connect
      through a proxy, the connect_timeout,
      ``first_byte_timeout`` and ``between_bytes_timeout``
      attributes are now inherited from proxy unless
      explicitly given.
    * varnishd now creates a worker_tmpdir which can be used
      by VMODs for temporary files. The VMOD developer
      documentation has details.
    * The environment variable VARNISH_DEFAULT_N now provides
      the default "varnish name" / "workdir" as otherwise
      specified by the ``-n`` argument to varnishd and
      varnish* utilities except varnishtest.
    * A glitch with TTL comparisons has been fixed which
      could, for example, lead to unexpected behavior with
      purge.soft().
* Tue Mar 26 2024 Jan Engelhardt <jengelh@inai.de>
  - Update to release 7.5.0
    * Resolved CVE-2023-44487, CVE-2024-30156 [boo#1221942]
    * The default value of cli_limit has been increased from 48KB
      to 64KB.
    * A new ``pipe_task_deadline`` directive specifies the maximum
      duration of a pipe transaction.
    * All the timeout parameters that can be disabled accept the
      "never" value.
    * Added parameters to control the HTTP/2 Rapid Reset attach.
* Tue Feb 06 2024 Arjen de Korte <suse+build@de-korte.org>
  - Use sysuser-tools to generate varnish user
* Fri Dec 01 2023 Dirk Müller <dmueller@suse.com>
  - update to 7.4.2 (bsc#1216123, CVE-2023-44487):
    * The ``vcl_req_reset`` feature (controllable through the ``feature``
      parameter, see `varnishd(1)`) has been added and enabled by default
      to terminate client side VCL processing early when the client is
      gone.
    * req_reset* events trigger a VCL failure and are reported to
      `vsl(7)` as ``Timestamp: Reset`` and accounted to ``main.req_reset``
      in `vsc` as visible through ``varnishstat(1)``.
      In particular, this feature is used to reduce resource consumption
      of HTTP/2 "rapid reset" attacks (see below).
      Note that *req_reset* events may lead to client tasks for which no
      VCL is called ever. Presumably, this is thus the first time that
      valid `vcl(7)` client transactions may not contain any ``VCL_call``
      records.
    * Added mitigation options and visibility for HTTP/2 "rapid reset"
      attacks
      Global rate limit controls have been added as parameters, which can
      be overridden per HTTP/2 session from VCL using the new vmod ``h2``:
    * The ``h2_rapid_reset`` parameter and ``h2.rapid_reset()`` function
      define a threshold duration for an ``RST_STREAM`` to be classified
      as "rapid": If an ``RST_STREAM`` frame is parsed sooner than this
      duration after a ``HEADERS`` frame, it is accounted against the
      rate limit described below.
    * The ``h2_rapid_reset_limit`` parameter and
      ``h2.rapid_reset_limit()`` function define how many "rapid" resets
      may be received during the time span defined by the
      ``h2_rapid_reset_period`` parameter / ``h2.rapid_reset_period()``
      function before the HTTP/2 connection is forcibly closed with a
      ``GOAWAY`` and all ongoing VCL client tasks of the connection are
      aborted.
      The defaults are 100 and 60 seconds, corresponding to an allowance
      of 100 "rapid" resets per minute.
    * The ``h2.rapid_reset_budget()`` function can be used to query the
      number of currently allowed "rapid" resets.
    * Sessions closed due to rapid reset rate limiting are reported as
      ``SessClose RAPID_RESET`` in `vsl(7)` and accounted to
      ``main.sc_rapid_reset`` in `vsc` as visible through
      ``varnishstat(1)``.
    * The ``cli_limit`` parameter default has been increased from 48KB to
      64KB.
    * ``VSUB_closefrom()`` now falls back to the base implementation not
      only if ``close_range()`` was determined to be unusable at compile
      time, but also at run time. That is to say, even if
      ``close_range()`` is compiled in, the fallback to the naive
      implementation remains.
* Thu Sep 21 2023 Jan Engelhardt <jengelh@inai.de>
  - Update to release 7.4.1
    * Response status codes other than 200 and 204 are now considered
      errors for ESI fragments.
    * Support for abstract AF_LOCAL sockets.
    * HTTP/2 header field validation is now more strict with respect
      to allowed characters.
    * VCL tracing now needs to be explicitly activated by setting the
      req.trace or bereq.trace VCL variables.
* Wed Nov 09 2022 Jan Engelhardt <jengelh@inai.de>
  - Update to release 7.2.1
    * Attempts to mark well-known headers like Content-Length and
      Host hop-by-hop through a Connection-header will now cause a
      400 "Bad request" response.
      (VSV00010, CVE-2022-45059, boo#1205243)
    * Apply the same character set rules to HTTP/2 pseudo-headers
      as is done on the corresponding HTTP/1 request-line field
      parsing. (VSV00011, CVE-2022-45060, boo#1205242)
* Sat Oct 29 2022 Dirk Müller <dmueller@suse.com>
  - update to 7.2.0:
    * Functions ``VRT_AddVDP()``, ``VRT_AddVFP()``,
      ``VRT_RemoveVDP()`` and ``VRT_RemoveVFP()`` are deprecated.
    * Cookie headers generated by vmod_cookie no longer have a
      spurious trailing semicolon at the end of the string. This
      could break VCL relying on the previous incorrect behavior.
    * The ``SessClose`` and ``BackendClose`` reason ``rx_body``,
      which previously output ``Failure receiving req.body``, has
      been rewritten to ``Failure receiving body``.
    * Prototypical Varnish Extensions (VEXT). Similar to VMODs, a
      VEXT is loaded by the cache process. Unlike VMODs that have
      the combined lifetime of all the VCLs that reference them, a
      VEXT has the lifetime of the cache process itself. There are
      no built-in extensions so far.
    * Duration parameters can optionally take a unit, with the same
      syntax as duration units in VCL.
    * Calls to ``VRT_CacheReqBody()`` and ``std.cache_req_body``
      from outside client vcl subs now fail properly instead of
      triggering an assertion failure.
    * New "B" string for the package branch in ``VCS_String()``.
      For the 7.2.0 version, it would yield the 7.2 branch.
    * The new ``vcc_feature`` bits parameter replaces previous
      ``vcc_*`` boolean parameters. The latter still exist as
      deprecated aliases.
    * The ``-k`` option from ``varnishlog`` is now supported by
      ``varnishncsa``.
    * New functions ``std.now()`` and ``std.timed_call()`` in
      vmod_std.
    * New ``MAIN.shm_bytes`` counter.
    * A ``req.http.via`` header is set before entering
      ``vcl_recv``. Via headers are generated using the
      ``server.identity`` value. It defaults to the host name and
      can be turned into a pseudonym with the ``varnishd -i``
      option. Via headers are appended in both directions, to work
      with other hops that may advertise themselves.
    * A ``resp.http.via`` header is no longer overwritten by
      varnish, but rather appended to.
    * The ``server.identity`` syntax is now limited to a "token" as
      defined in the HTTP grammar to be suitable for Via headers.
    * In ``varnishtest`` a Varnish instance will use its VTC
      instance name as its instance name (``varnishd -i``) by
      default for predictable Via headers in test cases.
    * VMOD and VEXT authors can use functions from ``vnum.h``.
    * Do not filter pseudo-headers as regular headers.
    * The termination rules for ``WRK_BgThread()`` were relaxed to
      allow VMODs to use it.
    * ``(struct worker).handling`` has been moved to the newly
      introduced ``struct wrk_vpi`` and replaced by a pointer to
      it, as well as ``(struct vrt_ctx).handling`` has been
      replaced by that pointer. ``struct wrk_vpi`` is for state at
      the interface between VRT and VGC and, in particular, is not
      const as ``struct vrt_ctx`` aka ``VRT_CTX``.
    * Panics now contain information about VCL source files and
      lines.
    * The ``Begin`` log record has a 4th field for subtasks like
      ESI sub-requests.
    * The ``-E`` option for log utilities now works as documented,
      with any type of sub-task based on the ``Begin[4]`` field.
      This covers ESI like before, and sub-tasks spawned by VMODs
      (provided that they log the new field).
    * No more ``req.http.transfer-encoding`` for ESI sub-requests.
    * The thread pool reserve is now limited to tasks that can be
      queued. A backend background fetch is no longer eligible for
      queueing. It would otherwise slow a grace hit down
      significantly when thread pools are saturated.
    * The unused ``fetch_no_thread`` counter was renamed to
      ``bgfetch_no_thread`` because regular backend fetch tasks are
      always scheduled.
    * The macros ``FEATURE()``, ``EXPERIMENT()``, ``DO_DEBUG()``,
      ``MGT_FEATURE()``, ``MGT_EXPERIMENT()``, ``MGT_DO_DEBUG()``
      and ``MGT_VCC_FEATURE()`` now return a boolean value (``0``
      or ``1``) instead of the (private) flag value.
    * A regression in the transport code led MAIN.client_req to be
      incremented for requests coming back from the waiting list,
      it was fixed.
  - Delete varnish-5.1.2-add-fallthrough-comments.patch
* Wed Sep 21 2022 Bernhard Wiedemann <bwiedemann@suse.com>
  - Make reload fail nicely on vcl syntax error
  - Set TasksMax=16384 because default thread_pool_max is 5000
* Mon Sep 19 2022 Bernhard Wiedemann <bwiedemann@suse.com>
  - Fix varnish.service stop
* Sun Sep 18 2022 Bernhard Wiedemann <bwiedemann@suse.com>
  - Fix logrotate
  - Add service reload
* Fri Aug 12 2022 Jan Engelhardt <jengelh@inai.de>
  - Update to release 7.1.1 [boo#1202350] [CVE-2022-38150]
    * Resolve a denial of service attack involving reason phrases.
* Mon May 16 2022 Jan Engelhardt <jengelh@inai.de>
  - Update to release 7.1.0 [boo#1195188] [CVE-2022-23959]
    * VCL: It is now possible to assign a BLOB value to a BODY
      variable, in addition to STRING as before.
    * VMOD: New STRING strftime(TIME time, STRING format) function
      for UTC formatting.
* Wed Dec 01 2021 Johannes Segitz <jsegitz@suse.com>
  - Added hardening to systemd service(s) (bsc#1181400). Modified:
    * varnish.service
    * varnishlog.service
* Fri Aug 06 2021 Jan Engelhardt <jengelh@inai.de>
  - Update to release 6.6.1
    * Fix an HTTP/2.0 request smuggling vulnerability. [bnc#1188470]
* Sun Jul 04 2021 Dirk Müller <dmueller@suse.com>
  - update to 6.6.0:
    * The ban_cutoff parameter now refers to the overall length of
      the ban list, including completed bans, where before only
      non-completed (“active”) bans were counted towards ban_cutoff.
    * Body bytes accounting has been fixed to always represent the
      number of body bytes moved on the wire, exclusive of
      protocol-specific overhead like HTTP/1 chunked encoding or
      HTTP/2 framing.
    * The connection close reason has been fixed to properly report
      SC_RESP_CLOSE where previously only SC_REQ_CLOSE was reported.
    * Unless the new validate_headers feature is disabled, all newly
      set headers are now validated to contain only characters
      allowed by RFC7230.
    * The filter_re, keep_re and get_re functions from the bundled
      cookie vmod have been changed to take the VCL_REGEX type. This
      implies that their regular expression arguments now need to be
      literal, not e.g. string.
    * The interface for private pointers in VMODs has been changed,
      the VRT backend interface has been changed, many filter
      (VDP/VFP) related signatures have been changed, and the
      stevedore API has been changed. (Details thereto, see online
      changelog.)

Files

/usr/lib/libvarnishapi.so.3
/usr/lib/libvarnishapi.so.3.1.0


Generated by rpm2html 1.8.1

Fabrice Bellet, Sun Nov 17 00:14:11 2024