Overview Repositories Revisions Requests Users Attributes Meta

Revisions of varnish

Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1162360 from Jan Engelhardt's avatar Jan Engelhardt (jengelh) (revision 46) 
- Update to release 7.5.0
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1144754 from Jan Engelhardt's avatar Jan Engelhardt (jengelh) (revision 45) 
- Use sysuser-tools to generate varnish user
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1130193 from Jan Engelhardt's avatar Jan Engelhardt (jengelh) (revision 44) 
- update to 7.4.2 (bsc#1216123, CVE-2023-44487):
  * The ``vcl_req_reset`` feature (controllable through the ``feature``
    parameter, see `varnishd(1)`) has been added and enabled by default
    to terminate client side VCL processing early when the client is
    gone.
    *req_reset* events trigger a VCL failure and are reported to
    `vsl(7)` as ``Timestamp: Reset`` and accounted to ``main.req_reset``
    in `vsc` as visible through ``varnishstat(1)``.
    In particular, this feature is used to reduce resource consumption
    of HTTP/2 "rapid reset" attacks (see below).
    Note that *req_reset* events may lead to client tasks for which no
    VCL is called ever. Presumably, this is thus the first time that
    valid `vcl(7)` client transactions may not contain any ``VCL_call``
    records.
  * Added mitigation options and visibility for HTTP/2 "rapid reset"
    attacks
    Global rate limit controls have been added as parameters, which can
    be overridden per HTTP/2 session from VCL using the new vmod ``h2``:
    * The ``h2_rapid_reset`` parameter and ``h2.rapid_reset()`` function
      define a threshold duration for an ``RST_STREAM`` to be classified
      as "rapid": If an ``RST_STREAM`` frame is parsed sooner than this
      duration after a ``HEADERS`` frame, it is accounted against the
      rate limit described below.
    * The ``h2_rapid_reset_limit`` parameter and
      ``h2.rapid_reset_limit()`` function define how many "rapid" resets
      may be received during the time span defined by the
      ``h2_rapid_reset_period`` parameter / ``h2.rapid_reset_period()``
      function before the HTTP/2 connection is forcibly closed with a
      ``GOAWAY`` and all ongoing VCL client tasks of the connection are
      aborted. (forwarded request 1130176 from dirkmueller)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1112701 from Jan Engelhardt's avatar Jan Engelhardt (jengelh) (revision 43) 
- Update to release 7.4.1
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1034895 from Jan Engelhardt's avatar Jan Engelhardt (jengelh) (revision 42) 
- Update to release 7.2.1
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 994770 from Jan Engelhardt's avatar Jan Engelhardt (jengelh) (revision 38) 
- Update to release 7.1.1 [boo#1202350] [CVE-2022-38150]
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 977601 from Jan Engelhardt's avatar Jan Engelhardt (jengelh) (revision 37) 
- Update to release 7.1.0 [boo#1195188] [CVE-2022-23959]
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 910486 from Jan Engelhardt's avatar Jan Engelhardt (jengelh) (revision 35) 
- Update to release 6.6.1
  * Fix an HTTP/2.0 request smuggling vulnerability. [bnc#1188470]
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 905813 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 34) 
Automatic submission by obs-autosubmit
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 839157 from Jan Engelhardt's avatar Jan Engelhardt (jengelh) (revision 33) 
- Update to release 6.5.1
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 835135 from Jan Engelhardt's avatar Jan Engelhardt (jengelh) (revision 32) 
- Update to release 6.5.0
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 816511 from Jan Engelhardt's avatar Jan Engelhardt (jengelh) (revision 31) 
- Disable LTO, this randomly fails during link stage.

- Update Git-Web repository link
- Set CFLAGS+=-fcommon.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 785931 from Jan Engelhardt's avatar Jan Engelhardt (jengelh) (revision 30) 
- Update to release 6.4.0
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 781116 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 29) 
Automatic submission by obs-autosubmit
Yuchen Lin's avatar Yuchen Lin (maxlin_factory) accepted request 731529 from Jan Engelhardt's avatar Jan Engelhardt (jengelh) (revision 28) 
- Update to release 6.3.0
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 728299 from Jan Engelhardt's avatar Jan Engelhardt (jengelh) (revision 27) 
- Update to release 6.2.1
  * Bugfix for CVE-2019-15892 [boo#1149382]
Displaying revisions 1 - 20 of 46
openSUSE Build Service is sponsored by
Places