| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: varnish | Distribution: openSUSE Tumbleweed |
| Version: 8.0.0 | Vendor: openSUSE |
| Release: 1.1 | Build date: Tue Sep 16 09:14:55 2025 |
| Group: Productivity/Networking/Web/Proxy | Build host: reproducible |
| Size: 3892178 | Source RPM: varnish-8.0.0-1.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: https://varnish-cache.org/ | |
| Summary: Accelerator for HTTP services | |
Varnish is an HTTP accelerator. Often called Reverse Proxy, it is an application that stores (caches) documents that have been requested over the HTTP protocol. Based on certain criteria, the next client requesting the document is either given the cached document, or a "fresh" document requested from a backend server. The purpose of this is to minimize the requests going to the backend server(s) by serving the same document to potentially many users.
BSD-2-Clause
* Tue Sep 16 2025 Jan Engelhardt <jengelh@inai.de>
- Update to release 8.0.0
* Read only parameter can no longer be set through an alias.
* A new parameter `uncacheable_ttl` defines the TTL of objects
marked as uncacheable (or hit-for-miss) by the built-in VCL.
* The `http_req_overflow_status` parameter can now also be set to
500.
* The default value for `ban_any_variant` is now 0.
* `builtin.vcl` has been updated to return a synthetic 501
response and close the connection when receiving requests with
an unknown/unsupported http method instead of piping them.
* The VMOD functions `std.real2integer()`, `std.real2time()`,
`std.time2integer()` and `std.time2real()` have been removed.
* For more, see
<https://varnish-cache.org/docs/8.0/whats-new/changes-8.0.html>
* Thu May 15 2025 Jan Engelhardt <jengelh@inai.de>
- Update to release 7.7.1
* VSV-16: Resolve request smuggling attack
* Sun Apr 13 2025 Jan Engelhardt <jengelh@inai.de>
- Update to release 7.7.0
* The `linux` jail gained control of transparent huge pages
settings.
* An issue has been fixed which could cause a crash when varnishd
receives an invalid Content-Range header from a backend.
* Timestamping for HTTP/2 requests (when idle period begins) has
been switched to be more in line with HTTP/1.
* VSV-15: The client connection is now always closed when a
malformed request is received. [CVE-2025-30346, boo#1239892]
* Sat Oct 05 2024 Andrea Manzini <andrea.manzini@suse.com>
- Update to release 7.6.0
* The Varnish Delivery Processor (VDP) filter API has
been generalized to also accommodate future use for
backend request bodies.
* VDPs with no vdp_bytes_f function are now supported if
the vdp_init_f returns a value greater than zero to
signify that the filter is not to be added to the
chain. This is useful to support VDPs which only need
to work on headers.
* The epoll and kqueue waiters have been improved to
correctly report WAITER_REMCLOSE, which increases the
WAITER.*.remclose counter.
* varnishtest now supports the shutdown command
corresponding to the shutdown(2) standard C library
call.
* VSC counters for waiters have been added:
* conns to count waits on idle connections
* remclose to count idle connections closed by the peer
* timeout to count idle connections which timed out in the waiter
* action to count idle connections which resulted in a read
* The port of a listen_endpoint given with the -a
argument to varnishd can now also be a numerical port
range like "80-89".
* The warning "mlock() of VSM failed" message is now
emitted when locking of shared memory segments (via
mlock(2)) fails.
* A bug has been fixed where string comparisons in VCL
could fail with the nonsensical error message
"Comparison of different types: STRING '==' STRING".
* An issue has been addressed in the builtin.vcl where
backend responses would fail if they contained a
Content-Range header when no range was requested.
* Additional SessError VSL events are now generated for
various HTTP/2 protocol errors.
* A new Linux jail has been added which is now the
default on Linux. For now, it is almost identical to
the Unix jail with one addition:
* When the new Linux jail is used, the working directory
not mounted on tmpfs partition.
* A race condition with VCL temperature transitions has
been addressed.
* Internal management of probes has been reworked to
address race conditions.
* Backend tasks can now be instructed to queue if the
backend has reached its max_connections.
* The size of the buffer to hold panic messages is now
tunable through the new panic_buffer parameter.
* The Varnish Shared Memory (VSM) and Varnish Shared
Counters (VSC) consumer implementation in libvarnishapi
have been improved for stability and performance.
* An issue has been fixed where Varnish Shared Log (VSL)
queries (for example using ``varnishlog -q``) with
numerical values would fail in unexpected ways due to
truncation.
* The ``ObjWaitExtend()`` Object API function gained a
statep argument to optionally return the busy object
state consistent with the current extension. A NULL
value may be passed if the caller does not require it.
* For backends using the ``.via`` attribute to connect
through a proxy, the connect_timeout,
``first_byte_timeout`` and ``between_bytes_timeout``
attributes are now inherited from proxy unless
explicitly given.
* varnishd now creates a worker_tmpdir which can be used
by VMODs for temporary files. The VMOD developer
documentation has details.
* The environment variable VARNISH_DEFAULT_N now provides
the default "varnish name" / "workdir" as otherwise
specified by the ``-n`` argument to varnishd and
varnish* utilities except varnishtest.
* A glitch with TTL comparisons has been fixed which
could, for example, lead to unexpected behavior with
purge.soft().
* Tue Mar 26 2024 Jan Engelhardt <jengelh@inai.de>
- Update to release 7.5.0
* Resolved CVE-2023-44487, CVE-2024-30156 [boo#1221942]
* The default value of cli_limit has been increased from 48KB
to 64KB.
* A new ``pipe_task_deadline`` directive specifies the maximum
duration of a pipe transaction.
* All the timeout parameters that can be disabled accept the
"never" value.
* Added parameters to control the HTTP/2 Rapid Reset attach.
* Tue Feb 06 2024 Arjen de Korte <suse+build@de-korte.org>
- Use sysuser-tools to generate varnish user
* Fri Dec 01 2023 Dirk Müller <dmueller@suse.com>
- update to 7.4.2 (bsc#1216123, CVE-2023-44487):
* The ``vcl_req_reset`` feature (controllable through the ``feature``
parameter, see `varnishd(1)`) has been added and enabled by default
to terminate client side VCL processing early when the client is
gone.
* req_reset* events trigger a VCL failure and are reported to
`vsl(7)` as ``Timestamp: Reset`` and accounted to ``main.req_reset``
in `vsc` as visible through ``varnishstat(1)``.
In particular, this feature is used to reduce resource consumption
of HTTP/2 "rapid reset" attacks (see below).
Note that *req_reset* events may lead to client tasks for which no
VCL is called ever. Presumably, this is thus the first time that
valid `vcl(7)` client transactions may not contain any ``VCL_call``
records.
* Added mitigation options and visibility for HTTP/2 "rapid reset"
attacks
Global rate limit controls have been added as parameters, which can
be overridden per HTTP/2 session from VCL using the new vmod ``h2``:
* The ``h2_rapid_reset`` parameter and ``h2.rapid_reset()`` function
define a threshold duration for an ``RST_STREAM`` to be classified
as "rapid": If an ``RST_STREAM`` frame is parsed sooner than this
duration after a ``HEADERS`` frame, it is accounted against the
rate limit described below.
* The ``h2_rapid_reset_limit`` parameter and
``h2.rapid_reset_limit()`` function define how many "rapid" resets
may be received during the time span defined by the
``h2_rapid_reset_period`` parameter / ``h2.rapid_reset_period()``
function before the HTTP/2 connection is forcibly closed with a
``GOAWAY`` and all ongoing VCL client tasks of the connection are
aborted.
The defaults are 100 and 60 seconds, corresponding to an allowance
of 100 "rapid" resets per minute.
* The ``h2.rapid_reset_budget()`` function can be used to query the
number of currently allowed "rapid" resets.
* Sessions closed due to rapid reset rate limiting are reported as
``SessClose RAPID_RESET`` in `vsl(7)` and accounted to
``main.sc_rapid_reset`` in `vsc` as visible through
``varnishstat(1)``.
* The ``cli_limit`` parameter default has been increased from 48KB to
64KB.
* ``VSUB_closefrom()`` now falls back to the base implementation not
only if ``close_range()`` was determined to be unusable at compile
time, but also at run time. That is to say, even if
``close_range()`` is compiled in, the fallback to the naive
implementation remains.
* Thu Sep 21 2023 Jan Engelhardt <jengelh@inai.de>
- Update to release 7.4.1
* Response status codes other than 200 and 204 are now considered
errors for ESI fragments.
* Support for abstract AF_LOCAL sockets.
* HTTP/2 header field validation is now more strict with respect
to allowed characters.
* VCL tracing now needs to be explicitly activated by setting the
req.trace or bereq.trace VCL variables.
* Wed Nov 09 2022 Jan Engelhardt <jengelh@inai.de>
- Update to release 7.2.1
* Attempts to mark well-known headers like Content-Length and
Host hop-by-hop through a Connection-header will now cause a
400 "Bad request" response.
(VSV00010, CVE-2022-45059, boo#1205243)
* Apply the same character set rules to HTTP/2 pseudo-headers
as is done on the corresponding HTTP/1 request-line field
parsing. (VSV00011, CVE-2022-45060, boo#1205242)
* Sat Oct 29 2022 Dirk Müller <dmueller@suse.com>
- update to 7.2.0:
* Functions ``VRT_AddVDP()``, ``VRT_AddVFP()``,
``VRT_RemoveVDP()`` and ``VRT_RemoveVFP()`` are deprecated.
* Cookie headers generated by vmod_cookie no longer have a
spurious trailing semicolon at the end of the string. This
could break VCL relying on the previous incorrect behavior.
* The ``SessClose`` and ``BackendClose`` reason ``rx_body``,
which previously output ``Failure receiving req.body``, has
been rewritten to ``Failure receiving body``.
* Prototypical Varnish Extensions (VEXT). Similar to VMODs, a
VEXT is loaded by the cache process. Unlike VMODs that have
the combined lifetime of all the VCLs that reference them, a
VEXT has the lifetime of the cache process itself. There are
no built-in extensions so far.
* Duration parameters can optionally take a unit, with the same
syntax as duration units in VCL.
* Calls to ``VRT_CacheReqBody()`` and ``std.cache_req_body``
from outside client vcl subs now fail properly instead of
triggering an assertion failure.
* New "B" string for the package branch in ``VCS_String()``.
For the 7.2.0 version, it would yield the 7.2 branch.
* The new ``vcc_feature`` bits parameter replaces previous
``vcc_*`` boolean parameters. The latter still exist as
deprecated aliases.
* The ``-k`` option from ``varnishlog`` is now supported by
``varnishncsa``.
* New functions ``std.now()`` and ``std.timed_call()`` in
vmod_std.
* New ``MAIN.shm_bytes`` counter.
* A ``req.http.via`` header is set before entering
``vcl_recv``. Via headers are generated using the
``server.identity`` value. It defaults to the host name and
can be turned into a pseudonym with the ``varnishd -i``
option. Via headers are appended in both directions, to work
with other hops that may advertise themselves.
* A ``resp.http.via`` header is no longer overwritten by
varnish, but rather appended to.
* The ``server.identity`` syntax is now limited to a "token" as
defined in the HTTP grammar to be suitable for Via headers.
* In ``varnishtest`` a Varnish instance will use its VTC
instance name as its instance name (``varnishd -i``) by
default for predictable Via headers in test cases.
* VMOD and VEXT authors can use functions from ``vnum.h``.
* Do not filter pseudo-headers as regular headers.
* The termination rules for ``WRK_BgThread()`` were relaxed to
allow VMODs to use it.
* ``(struct worker).handling`` has been moved to the newly
introduced ``struct wrk_vpi`` and replaced by a pointer to
it, as well as ``(struct vrt_ctx).handling`` has been
replaced by that pointer. ``struct wrk_vpi`` is for state at
the interface between VRT and VGC and, in particular, is not
const as ``struct vrt_ctx`` aka ``VRT_CTX``.
* Panics now contain information about VCL source files and
lines.
* The ``Begin`` log record has a 4th field for subtasks like
ESI sub-requests.
* The ``-E`` option for log utilities now works as documented,
with any type of sub-task based on the ``Begin[4]`` field.
This covers ESI like before, and sub-tasks spawned by VMODs
(provided that they log the new field).
* No more ``req.http.transfer-encoding`` for ESI sub-requests.
* The thread pool reserve is now limited to tasks that can be
queued. A backend background fetch is no longer eligible for
queueing. It would otherwise slow a grace hit down
significantly when thread pools are saturated.
* The unused ``fetch_no_thread`` counter was renamed to
``bgfetch_no_thread`` because regular backend fetch tasks are
always scheduled.
* The macros ``FEATURE()``, ``EXPERIMENT()``, ``DO_DEBUG()``,
``MGT_FEATURE()``, ``MGT_EXPERIMENT()``, ``MGT_DO_DEBUG()``
and ``MGT_VCC_FEATURE()`` now return a boolean value (``0``
or ``1``) instead of the (private) flag value.
* A regression in the transport code led MAIN.client_req to be
incremented for requests coming back from the waiting list,
it was fixed.
- Delete varnish-5.1.2-add-fallthrough-comments.patch
* Wed Sep 21 2022 Bernhard Wiedemann <bwiedemann@suse.com>
- Make reload fail nicely on vcl syntax error
- Set TasksMax=16384 because default thread_pool_max is 5000
* Mon Sep 19 2022 Bernhard Wiedemann <bwiedemann@suse.com>
- Fix varnish.service stop
* Sun Sep 18 2022 Bernhard Wiedemann <bwiedemann@suse.com>
- Fix logrotate
- Add service reload
* Fri Aug 12 2022 Jan Engelhardt <jengelh@inai.de>
- Update to release 7.1.1 [boo#1202350] [CVE-2022-38150]
* Resolve a denial of service attack involving reason phrases.
* Mon May 16 2022 Jan Engelhardt <jengelh@inai.de>
- Update to release 7.1.0 [boo#1195188] [CVE-2022-23959]
* VCL: It is now possible to assign a BLOB value to a BODY
variable, in addition to STRING as before.
* VMOD: New STRING strftime(TIME time, STRING format) function
for UTC formatting.
/etc/logrotate.d/varnish /etc/varnish /etc/varnish/vcl.conf /usr/lib/systemd/system/varnish.service /usr/lib/systemd/system/varnishlog.service /usr/lib/sysusers.d/system-user-varnish.conf /usr/lib64/varnish /usr/lib64/varnish/vmods /usr/lib64/varnish/vmods/libvmod_blob.so /usr/lib64/varnish/vmods/libvmod_cookie.so /usr/lib64/varnish/vmods/libvmod_directors.so /usr/lib64/varnish/vmods/libvmod_h2.so /usr/lib64/varnish/vmods/libvmod_proxy.so /usr/lib64/varnish/vmods/libvmod_purge.so /usr/lib64/varnish/vmods/libvmod_std.so /usr/lib64/varnish/vmods/libvmod_unix.so /usr/lib64/varnish/vmods/libvmod_vtc.so /usr/sbin/varnish_reload_vcl /usr/sbin/varnishadm /usr/sbin/varnishd /usr/sbin/varnishhist /usr/sbin/varnishlog /usr/sbin/varnishncsa /usr/sbin/varnishstat /usr/sbin/varnishstat_help_gen /usr/sbin/varnishtest /usr/sbin/varnishtop /usr/sbin/vtest /usr/share/doc/packages/varnish /usr/share/doc/packages/varnish/LICENSE /usr/share/doc/packages/varnish/README.rst /usr/share/doc/packages/varnish/builtin.vcl /usr/share/doc/packages/varnish/changes.rst /usr/share/doc/packages/varnish/example.vcl /usr/share/fillup-templates/sysconfig.varnish /usr/share/man/man1/varnishadm.1.gz /usr/share/man/man1/varnishd.1.gz /usr/share/man/man1/varnishhist.1.gz /usr/share/man/man1/varnishlog.1.gz /usr/share/man/man1/varnishncsa.1.gz /usr/share/man/man1/varnishstat.1.gz /usr/share/man/man1/varnishtest.1.gz /usr/share/man/man1/varnishtop.1.gz /usr/share/man/man3/vmod_blob.3.gz /usr/share/man/man3/vmod_cookie.3.gz /usr/share/man/man3/vmod_directors.3.gz /usr/share/man/man3/vmod_h2.3.gz /usr/share/man/man3/vmod_proxy.3.gz /usr/share/man/man3/vmod_purge.3.gz /usr/share/man/man3/vmod_std.3.gz /usr/share/man/man3/vmod_unix.3.gz /usr/share/man/man3/vmod_vtc.3.gz /usr/share/man/man7/varnish-cli.7.gz /usr/share/man/man7/varnish-counters.7.gz /usr/share/man/man7/vcl-backend.7.gz /usr/share/man/man7/vcl-probe.7.gz /usr/share/man/man7/vcl-step.7.gz /usr/share/man/man7/vcl-var.7.gz /usr/share/man/man7/vcl.7.gz /usr/share/man/man7/vsl-query.7.gz /usr/share/man/man7/vsl.7.gz /usr/share/man/man7/vtc.7.gz /usr/share/varnish /usr/share/varnish/vcc /usr/share/varnish/vcc/vmod_blob.vcc /usr/share/varnish/vcc/vmod_cookie.vcc /usr/share/varnish/vcc/vmod_directors.vcc /usr/share/varnish/vcc/vmod_h2.vcc /usr/share/varnish/vcc/vmod_proxy.vcc /usr/share/varnish/vcc/vmod_purge.vcc /usr/share/varnish/vcc/vmod_std.vcc /usr/share/varnish/vcc/vmod_unix.vcc /usr/share/varnish/vcc/vmod_vtc.vcc /usr/share/varnish/vcl /usr/share/varnish/vcl/devicedetect.vcl /usr/share/varnish/vmodtool.py /usr/share/varnish/vsctool.py /var/cache/varnish /var/lib/varnish /var/log/varnish
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu Oct 23 23:06:42 2025