Package Release Info


Update Info: Base Release
Available in Package Hub : 15 SP4





Change Logs

* Wed Dec 01 2021 Johannes Segitz <>
- Added hardening to systemd service(s) (bsc#1181400). Modified:
  * varnish.service
  * varnishlog.service
* Fri Aug 06 2021 Jan Engelhardt <>
- Update to release 6.6.1
  * Fix an HTTP/2.0 request smuggling vulnerability. [bnc#1188470]
* Sun Jul 04 2021 Dirk Müller <>
- update to 6.6.0:
  * The ban_cutoff parameter now refers to the overall length of
    the ban list, including completed bans, where before only
    non-completed (“active”) bans were counted towards ban_cutoff.
  * Body bytes accounting has been fixed to always represent the
    number of body bytes moved on the wire, exclusive of
    protocol-specific overhead like HTTP/1 chunked encoding or
    HTTP/2 framing.
  * The connection close reason has been fixed to properly report
    SC_RESP_CLOSE where previously only SC_REQ_CLOSE was reported.
  * Unless the new validate_headers feature is disabled, all newly
    set headers are now validated to contain only characters
    allowed by RFC7230.
  * The filter_re, keep_re and get_re functions from the bundled
    cookie vmod have been changed to take the VCL_REGEX type. This
    implies that their regular expression arguments now need to be
    literal, not e.g. string.
  * The interface for private pointers in VMODs has been changed,
    the VRT backend interface has been changed, many filter
    (VDP/VFP) related signatures have been changed, and the
    stevedore API has been changed. (Details thereto, see online
* Fri Oct 02 2020 Jan Engelhardt <>
- Update to release 6.5.1
  * Bump the VRT_MAJOR_VERSION number defined in the vrt.h
* Thu Sep 17 2020 Jan Engelhardt <>
- Update to release 6.5.0
  * `PRIV_TOP` is now thread-safe to support parallel ESI
  * varnishstat's JSON output format (-j option) has been changed.
  * Behavior for 304-type responses was changed not to update the
    Content-Encoding response header of the stored object.
* Tue Jun 23 2020 Jan Engelhardt <>
- Disable LTO, this randomly fails during link stage.
* Tue Mar 17 2020 Jan Engelhardt <>
- Update to release 6.4.0
  * The MAIN.sess_drop counter is gone.
  * backend "none" was added for "no backend".
  * The hash algorithm of the hash director was changed, so
    backend selection will change once only when upgrading.
  * It is now possible for VMOD authors to customize the
    connection pooling of a dynamic backend.
  * For more, see changes.rst.
* Tue Feb 25 2020 Jan Engelhardt <>
- Update to release 6.3.2
  * Fix a denial of service vulnerability when using the proxy
    protocol version 2.
* Tue Sep 17 2019 Jan Engelhardt <>
- Update to release 6.3.0
  * The Host: header is folded to lower-case in the builtin_vcl.
  * Improved performance of shared memory statistics counters.
  * Synthetic objects created from vcl_backend_error {} now
    replace existing stale objects as ordinary backend fetches
    would (for details see changes.rst)
Version: 6.2.1-bp151.4.6.1
* Tue Jun 09 2020 Jan Engelhardt <>
- Update Git-Web repository link
- Set CFLAGS+=-fcommon.
Version: 6.2.1-bp150.3.3.1
* Wed Sep 04 2019 Jan Engelhardt <>
- Update to release 6.2.1
  * Bugfix for CVE-2019-15892 [boo#1149382]
* Mon Aug 26 2019 Jan Engelhardt <>
- Add uninit.patch.
* Wed Mar 27 2019 Samu Voutilainen <>
- Updated to 6.2.0
  * Added a thread pool watchdog which will restart the worker
    process if scheduling tasks onto worker threads appears
    stuck. The new parameter "thread_pool_watchdog" configures
- Disabled error for clobbering, which caused bogus
  error in varnishtest
* Wed May 02 2018
- Put %fillup back into %post
* Mon Mar 19 2018
- Update to new upstream release 6.0.0
  * Added support for Unix Domain Sockets, both for clients and
    for backend servers. This brings a new level of the VCL
    language, version 4.1.
  * Always use HTTP/1.1 on backend connections for pass fetch.
Version: 5.1.2-bp150.2.8
* Thu Nov 23 2017
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
* Fri Jun 23 2017
- Update to version 5.1.2:
  * Fix an endless loop in Backend Polling (#2295)
  * Fix a Chunked bug in tight workspaces (#2207, #2275)
  * Fix a bug relating to req.body when on waitinglist (#2266)
  * Handle EPIPE on broken TCP connections (#2267)
  * Work around the x86 arch's turbo-double FP format in parameter
    setup code. (#1875)
  * Fix race related to backend probe with proxy header (#2278)
  * Keep VCL temperature consistent between mgt/worker also when
    worker protests.
  * A lot of HTTP/2 fixes.
- Changes introduced by version 5.1.1:
  * Fix bug introduced by stubborn old bugger right before release
    5.1.0 was cut.
- Changes introduced by version 5.1.0:
  * Added varnishd command-line options -I, -x and -?, and
    tightened restrictions on permitted combinations of options.
  * More progress on support for HTTP/2.
  * Add ``return(fail)`` to almost all VCL subroutines.
  * Restored the old hit-for-pass, invoked with
    ``return(pass(DURATION))`` from
    ``vcl_backend_response``. hit-for-miss remains the default.
    Added the cache_hitmiss stat, and cache_hitpass only counts the
    new/old hit-for-pass cases. Restored HitPass to the Varnish
    log, and added HitMiss. Added the HFP prefix to TTL log entries
    to log a hit-for-pass duration.
  * Rolled back the fix for #1206. Client delivery decides solely
    whether to send a 304 client response, based on client request
    and response headers.
  * Added
  * Added vxid as a lefthand side for VSL queries.
  * Added the setenv and write_body commands for Varnish test cases
    (VTCs). err_shell is deprecated. Also added the operators
  - cliexpect, -match and -hdrlen, and -reason replaces -msg.
    Added the ${bad_backend} macro.
  * varnishtest can be stopped with the TERM, INT and KILL signals,
    but not with HUP.
  * The fallback director has now an extra, optional parameter to
    keep using the current backend until it falls sick.
  * VMOD shared libraries are now copied to the workdir, to avoid
    problems when VMODs are updated via packaging systems.
  * Bump the VRT version to 6.0.
  * Export more symbols from
  * The size of the VSL log is limited to 4G-1b, placing upper
    bounds on the -l option and the vsl_space and vsm_space
  * Added parameters clock_step, thread_pool_reserve and
  * Parameters vcl_dir and vmod_dir are deprecated, use vcl_path
    and vmod_path instead.
  * All parameters are defined, even on platforms that don't
    support them. An unsupported parameter is documented as such in Setting such a parameter is not an error, but has
    no effect.
  * Clarified the interpretations of the + and - operators in VCL
    with operands of the various data types.
  * DURATION types may be used in boolean contexts.
  * INT, DURATION and REAL values can now be negative.
  * Response codes 1000 or greater may now be set in VCL
    internally. resp.status is delivered modulo 1000 in client
  * IP addresses can be compared for equality in VCL.
  * Introduce the STEVEDORE data type, and the objects
    storage.SNAME in VCL. Added and;
    beresp.storage_hint is deprecated.
  * Retired the umem stevedore.
  * req.ttl is deprecated.
  * Added std.getenv() and std.late_100_continue().
  * The fetch_failed stat is incremented for any kind of fetch
  * Added the stats n_test_gunzip and
  * Clarified the meanings of the %r, %{X}i and %{X}o formatters in
- Add varnish-5.1.2-add-fallthrough-comments.patch to fix build
  with GCC 7 (boo#1041259).
* Tue May 16 2017
- BuildRequire python3-docutils instead of python-docutils.
* Sun Sep 25 2016
- Update to new upstream release 5.0.0
- The varnishd "-u NNN" option, which may be remaining in
  /etc/sysconfig/varnish, has been replaced with "-j unix,user=NNN".
  * Varnish 5.0 changes some (mostly) internal APIs and adds some
  major new features over Varnish 4.1.
  * 5.0 supports jumping from the active VCL's vcl_recv{} to another
  VCL via a VCL label.
  * Very Experimental HTTP/2 support
  * We have added to the "directors" VMOD? an overhauled version of
  a director which was available as an out-of-tree VMOD under the
  name VSLP for a couple of years. It is basically a better hash
  director which uses consistent hashing to provide improved
  stability of backend node selection when the configuration and/or
  health state of backends changes.
  * Hit-For-Pass is now actually Hit-For-Miss
  * We have made the ban lurker even more efficient by example of
  some real live situations with tens of thousands of bans using
  inefficient regular expressions.
  * The waitinglist logic for ESI subrequests now uses condition
  variables to trigger immediate continuation of ESI processing
  when an object being waited for becomes available.
  * Backend PROXY protocol requests are now supported through the
  .proxy_header attribute of the backend definition.
  * VCL files are now also being searched for in
  /usr/share/varnish/vcl if not found in /etc/varnish.
  * The basic device detection vcl is now bundled with varnish.
* Thu Aug 18 2016
- Add "-ffloat-store -fexcess-precision=standard" to CFLAGS when
  building for ix86, working around bug gcc#323. See also
* Fri Apr 22 2016
- Update to new upstream release 4.1.2
  * vmods: Passing VCL ACL to a vmod is now possible.
  * vmods: VRT_MINOR_VERSION increase due to new function:
  * Be stricter when parsing a HTTP request to avoid potential HTTP
  smuggling attacks against vulnerable backends.
* Tue Mar 08 2016
- Report testsuite failure to build log and make testsuite nonfatal
  as there seems to be one swaying test, tests/r01478.vtc.
* Tue Feb 16 2016
- disable silent rules in spec file.
- enable testsuite for varnish.
* Tue Feb 16 2016
- Update to new upstream release 4.1.1
  * Improved security features (jails).
  * Support for PROXY protocol.
  * Warm and cold VCL states.
  * Backends defined through VMODs.
  * A lot of bugs were fixed.
- Delete 0001-Fail-fetch-on-malformed-Content-Length-header.patch,
    this issue was fixed in upstream.
- Add 'su varnish varnish' line to varnish.logrotate file.
- Cleanup with spec-cleaner.
* Fri Mar 27 2015
- Update to new upstream release 4.0.3
  * Full support for streaming objects through from the backend on a
  cache miss. Bytes will be sent to 1..n requesting clients as they
  come in from the backend server.
  * Background (re)fetch of expired objects. On a cache miss where a
  stale copy is available, serve the client the stale copy while
  fetching an updated copy from the backend in the background.
  * New varnishlog query language, allowing automatic grouping of
  requests when debugging ESI or a failed backend request.
  * Comprehensive request timestamp and byte counters.
- Add 0001-Fail-fetch-on-malformed-Content-Length-header.patch
* Fri Jan 03 2014
- Updated to 3.0.5, contains fix for CVE-2013-4484
  * A bad interaction between -b, -c and -m in the varnishlog tool
  has been fixed.
  * A malformed request could in some configurations lead to Varnish
  crashing has been corrected. (CVE-2013-4484)
  * Duplicate Content-Length headers were in some cases sent to
  clients when streaming is enabled, this has been fixed.
  * ESI parse errors are no longer printed to standard output.
  * Stop segfaulting if the first part of a synthetic page is NULL.
- Remove 0001-Make-up-our-mind-Any-req.-we-receive-from-the-client.patch
  and varnish-disable-pcrejit.diff (merged upstream)
* Fri Nov 01 2013
- Add 0001-Make-up-our-mind-Any-req.-we-receive-from-the-client.patch
  (CVE-2013-4484, bnc#48451)
* Fri Oct 04 2013
- Deactivate libpcre JIT (bnc#839358), add varnish-disable-pcrejit.diff
* Sun Sep 23 2012
- Update to version 3.0.3
  * Fixed excessive session workspace allocations.
  * Fixed some crashes in the case of out of memory
  * Fixed an infinite loop in the regex parser.
  * DNS director now uses port 80 by default if not specified.
  * Introduce idle_send_timeout and increase default value for
  send_timeout to 600s. This allows a long send timeout for slow
  clients while still being able to disconnect idle clients.
  * Fixed a crash when passing with streaming on.
  * Fixed a crash in the idle session timeout code.
  * Fixed an issue where the poll waiter did not timeout clients if
  all clients were idle.
  * Log regex errors instead of crashing.
  * Introduce pcre_match_limit, and pcre_match_limit_recursion
  * Add CLI commands to manually control health state of a
* Wed Feb 08 2012
- Update to new upstream release 3.0.2
  * Add support for ESI and gzip
  * Handle objects larger than 2G
  * HTTP Range support is now enabled by default
  * "307 Temporary redirect" is now considered cacheable
  * see ChangeLog (packaged) or
  for details
- Note that the -s file,/var/cache/varnish,524288 argument (check
  /etc/sysconfig/varnish) needs at least "1M" instead of 524288
  or the daemon will not start anymore.
- Add systemd unit files
* Thu Dec 08 2011
- fix license to be in format
* Tue May 10 2011
- Varnish Requires a C compiler, the vcl scripts are compiled
  and loaded as DSO.
* Sat Apr 16 2011
- remove configure option --enable-debugging-symbols
  it overrides buildsystem optimization levels.
* Sat Apr 16 2011
- Update to version 2.1.5
  * Two bugs relating to Content-Length and possible duplication
    of Content-Length headers have been resolved.
  * Fixed an issue with re-using connections after Chunked-Encoding.
  * Use the time of cache-insertion for "If-Modified-Since" requests
    if a "Last-Modified" header isn't provided by the backend.
  * Merge multi-line Vary and Cache-Control headers from clients,
    which Google Chromium seem to split up.
* Fri Apr 15 2011
- use pkgconfig instead of pkg-config on SLES 9