varnish-cache:7.1

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

b399e1f... by Martin Blix Grydeland <email address hidden> on 2022-10-10

Prepare for 7.1.2

e8ba310... by Martin Blix Grydeland <email address hidden> on 2022-10-10

Add VSV00011 to the changelog

d0b7402... by Martin Blix Grydeland <email address hidden> on 2022-10-10

Add VSV00010 to the changelog

31a157c... by Asad Sajjad Ahmed <email address hidden> on 2022-10-03

h2: add vtc for VSV00011

Check for correct handling of missing pseudo-headers, and invalid
characters.

Signed-off-by: Asad Sajjad Ahmed <email address hidden>

515a93d... by Asad Sajjad Ahmed <email address hidden> on 2022-09-30

hpack: fix pseudo-headers handling

We should apply the same restrictions on the list of allowed characters inside
H/2 pseudo-headers as we do for H/1. This error is translated into the
headers we send to a backend over H/1.

Failure to do so could permit various exploits against a backend not handling
malformed H/1 requests.

Signed-off-by: Asad Sajjad Ahmed <email address hidden>

fcf5722... by Martin Blix Grydeland <email address hidden> on 2022-09-29

Add all well-known headers to the perfect hash lookup table

This expands the perfect hash lookup table to be able to match any entry
in the list of well-known headers from tbl/http_headers.h.

Previously only the headers that had a non-zero filter flag section was
kept in the fast match table.

Fixes: VSV00010

4770658... by Martin Blix Grydeland <email address hidden> on 2022-09-30

Limit cifuzz.yml to the `varnishcache` github org

Limit the fuzzer runs to PRs on `varnishcache`'s repositories. The build
scripts won't work correctly from anywhere else anyways.

7cee1c5... by Martin Blix Grydeland <email address hidden> on 2022-08-04

Prepare for 7.1.1

137d981... by Martin Blix Grydeland <email address hidden> on 2022-08-04

Add #3830 to the changelog

0fb3baf... by Martin Blix Grydeland <email address hidden> on 2022-08-04

Clean up assertions in http_hdr_flags()

The input argument assertions and checks in http_hdr_flags() were
misleading and lacking. With this patch it returns (NULL) on either input
being NULL, and also when called with an empty string instead of
asserting.