Debian Patches
Status for varnish/7.7.0-3+deb13u1
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| set_vcs_version | no | |||||
| skip_tests | no | |||||
| fix_vsv16 | Until now, we read the (CR)?LF at the end of a chunk as part of the next chunk header (see: /* Skip leading whitespace */). For a follow up commit, we are going to want to know if the next chunk header is available for read, so we now consume the chunk end as part of the chunk itself. This also fixes a corner case: We previously accepted chunks with a missing end-of-chunk (see fix of r01729.vtc). |
Nils Goroll <nils.goroll@uplex.de> | no | |||
| fix_vsv17_1 | H2: Add a H2_Send_GOAWAY method This method sends a goaway frame. Change h2_tx_goaway() so that it uses this method. diff --git a/bin/varnishd/http2/cache_http2.h b/bin/varnishd/http2/cache_http2.h index ba036b84d6..ea25e89bd6 100644 |
Martin Blix Grydeland <martin@varnish-software.com> | no | 2025-07-01 | ||
| fix_vsv17_2 | H2: Make rapid reset handling be calleable from any context This patch splits the rapid reset handling into a check and a charge step. The check determines if this was a benign reset, that is whether it should be charged against the budgest or not. The charge step subtracts from the budget, and handles raises an error when exceeded. On error it will send a GOAWAY frame on the session immediately. To allow an error to be sent from this function, and to give protection to the rapid reset state variables, it is required that the caller holds the send mutex when calling. diff --git a/bin/varnishd/http2/cache_http2.h b/bin/varnishd/http2/cache_http2.h index ea25e89bd6..4cfa718660 100644 |
Martin Blix Grydeland <martin@varnish-software.com> | no | 2025-07-01 | ||
| fix_vsv17_3 | H2: Check rapid reset whenever we send a RST frame for a stream This checks and charges the rapid reset budget whenever we send a RST frame, causing a session error if the budget is exhausted. This fixes the reverse rapid reset vulnerability. diff --git a/bin/varnishd/http2/cache_http2_send.c b/bin/varnishd/http2/cache_http2_send.c index 41c45961b3..3461bdb380 100644 |
Martin Blix Grydeland <martin@varnish-software.com> | no | 2025-07-01 | ||
| fix_vsv17_4 | H2: Add sanity assertions to h2_send_get_locked() These assertions guard against double-registering on the send queue. diff --git a/bin/varnishd/http2/cache_http2_send.c b/bin/varnishd/http2/cache_http2_send.c index 3461bdb380..6208633853 100644 |
Martin Blix Grydeland <martin@varnish-software.com> | no | 2025-08-20 | ||
| fix_vsv17_5 | H2: Use the correct queue context when sending rapid reset goaway When queing for send during rapid reset handling on incoming frame, it is `h2->req0` that should be used for queueing, not the `struct h2_req` of the stream for which we are handling the incoming frame. This error would lead to the queue structure becoming corrupted. diff --git a/bin/varnishd/http2/cache_http2_proto.c b/bin/varnishd/http2/cache_http2_proto.c index b8c3535a33..4265da7df4 100644 |
Martin Blix Grydeland <martin@varnish-software.com> | no | 2025-08-20 | ||
| fix_vsv19 | no |
All known versions for source package 'varnish'
- 7.7.3-3 (sid, forky)
- 7.7.0-3+deb13u1 (trixie-proposed-updates, trixie-security)
- 7.7.0-3 (trixie)
- 7.1.1-2+deb12u1 (bookworm-security, bookworm)