./www/pound, Reverse proxy, load balancer and HTTPS front-end

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.7fnb1, Package name: pound-2.7fnb1, Maintainer: pkgsrc-users

The Pound program is a reverse proxy, load balancer and HTTPS front-end
for Web server(s). Pound was developed to enable distributing the
load among several Web-servers and to allow for a convenient SSL wrapper
for those Web servers that do not offer it natively. Pound is a very
small program, easily audited for security problems. It can run as
setuid/setgid and/or in a chroot jail. Pound does not access the
hard-disk at all (except for reading the certificate file on start,
if required) and should thus pose no security threat to any machine.


Required to run:
[devel/pcre]

Master sites:

SHA1: 022572475b7fb4fab538c65bba10d79133669213
RMD160: ade4b08f94cac7caf541e7f57e3aa0bad843126c
Filesize: 182.343 KB

Version history: (Expand)


CVS history: (Expand)


   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) | Package updated
Log message:
Bump PKGREVISION for security/openssl ABI bump.
   2016-02-02 14:33:13 by Makoto Fujiwara | Files touched by this commit (3) | Package updated
Log message:
Update 2.6 to 2.7f
------------------------------------------------------------------------
r80 | roseg | 2014-12-29 11:47:54 +0100 (Mon, 29 Dec 2014) | 10 lines

Release 2.7f

Enhancements:
    - compile-time parameter for DH bits (workaround for OpenSSL limitation)

Bug fixes:
    - allow '-' and '=' again in URLs (redirect)
    - fixed lh_retrieve warning
    - fixed "Disable" regex typo

------------------------------------------------------------------------
r79 | roseg | 2014-12-08 14:39:00 +0100 (Mon, 08 Dec 2014) | 12 lines

Release 2.7e

Enhancements:
    - added support for elliptical curve encryption
    - added support for larger DH keys
    - added protocol version in X-SSL-cipher (Tom Fitzhenry)

Bug fixes:
    - fixed potential memory leak on client certificates
    - fixed alt names problem (Joe Gooch)
    - removed debugging messages

------------------------------------------------------------------------
r78 | roseg | 2014-10-18 12:36:28 +0200 (Sat, 18 Oct 2014) | 10 lines

Release 2.7d

Enhancements:
    - added "Disable PROTO" directives (fix for Poodle vulnerability)
    - added Cert, Disable and Cipher directives for HTTPS back-ends. The
      directive HTTPS "cert" no longer supported.

Bug fixes:
    - fixed address comparison for RewriteLocation (IPv4/IPv6 problem - \ 
Christopher Bartz)

------------------------------------------------------------------------
r77 | roseg | 2014-04-21 13:16:07 +0200 (Mon, 21 Apr 2014) | 9 lines

Release 2.7c

Enhancements:
    - added filtering of "Expect: 100-continue" headers

Bug fixes:
    - re-patched the redirect patch (Frank Schmierler)
    - fixed RPC handling (Frank Schmierler)

------------------------------------------------------------------------
r76 | roseg | 2013-09-26 14:33:21 +0200 (Thu, 26 Sep 2013) | 12 lines

Release 2.7b

Enhancements:
    - Add support for PATCH HTTP method

Bug fixes:
    - sanitize URLs for redirection (prevent CSRF)
    - SSL disable empty fragments
    - SSL disable compression (CRIME attack prevention)
    - fixed bug in configuration of DISABLED directive
    - changed the log level from WARNING to NOTICE if the thread arg is NULL

------------------------------------------------------------------------
r75 | roseg | 2012-04-09 15:37:26 +0200 (Mon, 09 Apr 2012) | 12 lines

Release 2.7a

Enhancements:
    - Anonymise configuration option - show last client address byte as 0 (based \ 
on an idea by Christian Doering)
    - SSLAllowClientRenegotiation (based on a patch from Joe Gooch)
    - SSLHonorCipherOrder (based on a patch from Joe Gooch)
    - Certificate alternate names support (based on a patch from Jonas Pasche)
    - poundctl shows the length of the request queue (based on a request from Leo)

Bug fixes:
    - fixed testing of gcc options

------------------------------------------------------------------------
r74 | roseg | 2011-12-28 14:57:45 +0100 (Wed, 28 Dec 2011) | 10 lines
   2015-11-04 03:47:43 by Alistair G. Crooks | Files touched by this commit (758)
Log message:
Add SHA512 digests for distfiles for www category

Problems found locating distfiles:
	Package haskell-cgi: missing distfile haskell-cgi-20001206.tar.gz
	Package nginx: missing distfile array-var-nginx-module-0.04.tar.gz
	Package nginx: missing distfile encrypted-session-nginx-module-0.04.tar.gz
	Package nginx: missing distfile headers-more-nginx-module-0.261.tar.gz
	Package nginx: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package nginx-devel: missing distfile echo-nginx-module-0.58.tar.gz
	Package nginx-devel: missing distfile form-input-nginx-module-0.11.tar.gz
	Package nginx-devel: missing distfile lua-nginx-module-0.9.16.tar.gz
	Package nginx-devel: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx-devel: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package php-owncloud: missing distfile owncloud-8.2.0.tar.bz2

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2014-03-11 15:05:19 by Jonathan Perkin | Files touched by this commit (350)
Log message:
Remove example rc.d scripts from PLISTs.

These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or
ignored otherwise.
   2014-02-13 00:18:57 by Matthias Scheler | Files touched by this commit (1568)
Log message:
Recursive PKGREVISION bump for OpenSSL API version bump.
   2013-02-07 00:24:19 by Jonathan Perkin | Files touched by this commit (1351) | Package updated
Log message:
PKGREVISION bumps for the security/openssl 1.0.1d update.
   2012-10-28 12:17:34 by Sergey Svishchev | Files touched by this commit (2) | Package updated
Log message:
Update to 2.6.  Notable changes:

Enhancements:
- support for include directive
- added support for HTTPS backends
- support for SNI via multiple Cert directives (thanks to Joe Gooch)

Bug fixes:
- fixed problem with long input lines in http.c
- keep sessions for disabled back-ends, continue using them until the time-out
- fixed memory leak in session removal
- fix for possible request smuggling by using multiple headers
- changed long to long long for support of requests larger than 2GB
   2012-10-28 07:31:10 by Aleksej Saushev | Files touched by this commit (600)
Log message:
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.