./www/pound, Reverse proxy, load balancer and HTTPS front-end

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.8nb2, Package name: pound-2.8nb2, Maintainer: pkgsrc-users

The Pound program is a reverse proxy, load balancer and HTTPS front-end
for Web server(s). Pound was developed to enable distributing the
load among several Web-servers and to allow for a convenient SSL wrapper
for those Web servers that do not offer it natively. Pound is a very
small program, easily audited for security problems. It can run as
setuid/setgid and/or in a chroot jail. Pound does not access the
hard-disk at all (except for reading the certificate file on start,
if required) and should thus pose no security threat to any machine.

Required to run:
[security/openssl] [devel/pcre]

Required to build:

Master sites:

SHA1: a3371b596d86cedea1678fd329ee6dc8a307c907
RMD160: 71b2c4c633ef5dd0b566e30b2f511d618483b74f
Filesize: 181.762 KB

Version history: (Expand)

CVS history: (Expand)

   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2019-12-24 21:22:17 by Amitai Schleier | Files touched by this commit (1) | Package updated
Log message:
   2019-09-09 11:08:08 by Nia Alarie | Files touched by this commit (7) | Package updated
Log message:
pound: Fix build with OpenSSL 1.1.

While here, silence some pkglint warnings and convert a patch into
a do-install target.

   2018-08-27 00:35:45 by Amitai Schleier | Files touched by this commit (2) | Package updated
Log message:
Update to 2.8. From the changelog:

    - removed DynScale flag and support
    - removed support for multi-line headers (both input and output)

Bug fixes:
    - fixed potential request smuggling via fudged headers
   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) | Package updated
Log message:
Bump PKGREVISION for security/openssl ABI bump.
   2016-02-02 14:33:13 by Makoto Fujiwara | Files touched by this commit (3) | Package updated
Log message:
Update 2.6 to 2.7f
r80 | roseg | 2014-12-29 11:47:54 +0100 (Mon, 29 Dec 2014) | 10 lines

Release 2.7f

    - compile-time parameter for DH bits (workaround for OpenSSL limitation)

Bug fixes:
    - allow '-' and '=' again in URLs (redirect)
    - fixed lh_retrieve warning
    - fixed "Disable" regex typo

r79 | roseg | 2014-12-08 14:39:00 +0100 (Mon, 08 Dec 2014) | 12 lines

Release 2.7e

    - added support for elliptical curve encryption
    - added support for larger DH keys
    - added protocol version in X-SSL-cipher (Tom Fitzhenry)

Bug fixes:
    - fixed potential memory leak on client certificates
    - fixed alt names problem (Joe Gooch)
    - removed debugging messages

r78 | roseg | 2014-10-18 12:36:28 +0200 (Sat, 18 Oct 2014) | 10 lines

Release 2.7d

    - added "Disable PROTO" directives (fix for Poodle vulnerability)
    - added Cert, Disable and Cipher directives for HTTPS back-ends. The
      directive HTTPS "cert" no longer supported.

Bug fixes:
    - fixed address comparison for RewriteLocation (IPv4/IPv6 problem - \ 
Christopher Bartz)

r77 | roseg | 2014-04-21 13:16:07 +0200 (Mon, 21 Apr 2014) | 9 lines

Release 2.7c

    - added filtering of "Expect: 100-continue" headers

Bug fixes:
    - re-patched the redirect patch (Frank Schmierler)
    - fixed RPC handling (Frank Schmierler)

r76 | roseg | 2013-09-26 14:33:21 +0200 (Thu, 26 Sep 2013) | 12 lines

Release 2.7b

    - Add support for PATCH HTTP method

Bug fixes:
    - sanitize URLs for redirection (prevent CSRF)
    - SSL disable empty fragments
    - SSL disable compression (CRIME attack prevention)
    - fixed bug in configuration of DISABLED directive
    - changed the log level from WARNING to NOTICE if the thread arg is NULL

r75 | roseg | 2012-04-09 15:37:26 +0200 (Mon, 09 Apr 2012) | 12 lines

Release 2.7a

    - Anonymise configuration option - show last client address byte as 0 (based \ 
on an idea by Christian Doering)
    - SSLAllowClientRenegotiation (based on a patch from Joe Gooch)
    - SSLHonorCipherOrder (based on a patch from Joe Gooch)
    - Certificate alternate names support (based on a patch from Jonas Pasche)
    - poundctl shows the length of the request queue (based on a request from Leo)

Bug fixes:
    - fixed testing of gcc options

r74 | roseg | 2011-12-28 14:57:45 +0100 (Wed, 28 Dec 2011) | 10 lines
   2015-11-04 03:47:43 by Alistair G. Crooks | Files touched by this commit (758)
Log message:
Add SHA512 digests for distfiles for www category

Problems found locating distfiles:
	Package haskell-cgi: missing distfile haskell-cgi-20001206.tar.gz
	Package nginx: missing distfile array-var-nginx-module-0.04.tar.gz
	Package nginx: missing distfile encrypted-session-nginx-module-0.04.tar.gz
	Package nginx: missing distfile headers-more-nginx-module-0.261.tar.gz
	Package nginx: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package nginx-devel: missing distfile echo-nginx-module-0.58.tar.gz
	Package nginx-devel: missing distfile form-input-nginx-module-0.11.tar.gz
	Package nginx-devel: missing distfile lua-nginx-module-0.9.16.tar.gz
	Package nginx-devel: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx-devel: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package php-owncloud: missing distfile owncloud-8.2.0.tar.bz2

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2014-03-11 15:05:19 by Jonathan Perkin | Files touched by this commit (350)
Log message:
Remove example rc.d scripts from PLISTs.

These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or
ignored otherwise.