./www/pound, Reverse proxy, load balancer and HTTPS front-end

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.8nb2, Package name: pound-2.8nb2, Maintainer: pkgsrc-users

The Pound program is a reverse proxy, load balancer and HTTPS front-end
for Web server(s). Pound was developed to enable distributing the
load among several Web-servers and to allow for a convenient SSL wrapper
for those Web servers that do not offer it natively. Pound is a very
small program, easily audited for security problems. It can run as
setuid/setgid and/or in a chroot jail. Pound does not access the
hard-disk at all (except for reading the certificate file on start,
if required) and should thus pose no security threat to any machine.


Required to run:
[security/openssl] [devel/pcre]

Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 181.762 KB

Version history: (Expand)


CVS history: (Expand)


   2021-10-26 13:31:15 by Nia Alarie | Files touched by this commit (1030)
Log message:
www: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Not committed (merge conflicts):
www/nghttp2/distinfo

Unfetchable distfiles (almost certainly fetched conditionally...):
./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx-devel/distinfo naxsi-1.3.tar.gz
./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx-devel/distinfo njs-0.5.0.tar.gz
./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz
./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx/distinfo naxsi-1.3.tar.gz
./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx/distinfo njs-0.5.0.tar.gz
./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz
   2021-10-07 17:09:00 by Nia Alarie | Files touched by this commit (1033)
Log message:
www: Remove SHA1 hashes for distfiles
   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2019-12-24 21:22:17 by Amitai Schleier | Files touched by this commit (1) | Package updated
Log message:
Update HOMEPAGE.
   2019-09-09 11:08:08 by Nia Alarie | Files touched by this commit (7) | Package updated
Log message:
pound: Fix build with OpenSSL 1.1.

While here, silence some pkglint warnings and convert a patch into
a do-install target.

Bump PKGREVISION.
   2018-08-27 00:35:45 by Amitai Schleier | Files touched by this commit (2) | Package updated
Log message:
Update to 2.8. From the changelog:

Enhancements:
    - removed DynScale flag and support
    - removed support for multi-line headers (both input and output)

Bug fixes:
    - fixed potential request smuggling via fudged headers
   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) | Package updated
Log message:
Bump PKGREVISION for security/openssl ABI bump.
   2016-02-02 14:33:13 by Makoto Fujiwara | Files touched by this commit (3) | Package updated
Log message:
Update 2.6 to 2.7f
------------------------------------------------------------------------
r80 | roseg | 2014-12-29 11:47:54 +0100 (Mon, 29 Dec 2014) | 10 lines

Release 2.7f

Enhancements:
    - compile-time parameter for DH bits (workaround for OpenSSL limitation)

Bug fixes:
    - allow '-' and '=' again in URLs (redirect)
    - fixed lh_retrieve warning
    - fixed "Disable" regex typo

------------------------------------------------------------------------
r79 | roseg | 2014-12-08 14:39:00 +0100 (Mon, 08 Dec 2014) | 12 lines

Release 2.7e

Enhancements:
    - added support for elliptical curve encryption
    - added support for larger DH keys
    - added protocol version in X-SSL-cipher (Tom Fitzhenry)

Bug fixes:
    - fixed potential memory leak on client certificates
    - fixed alt names problem (Joe Gooch)
    - removed debugging messages

------------------------------------------------------------------------
r78 | roseg | 2014-10-18 12:36:28 +0200 (Sat, 18 Oct 2014) | 10 lines

Release 2.7d

Enhancements:
    - added "Disable PROTO" directives (fix for Poodle vulnerability)
    - added Cert, Disable and Cipher directives for HTTPS back-ends. The
      directive HTTPS "cert" no longer supported.

Bug fixes:
    - fixed address comparison for RewriteLocation (IPv4/IPv6 problem - \ 
Christopher Bartz)

------------------------------------------------------------------------
r77 | roseg | 2014-04-21 13:16:07 +0200 (Mon, 21 Apr 2014) | 9 lines

Release 2.7c

Enhancements:
    - added filtering of "Expect: 100-continue" headers

Bug fixes:
    - re-patched the redirect patch (Frank Schmierler)
    - fixed RPC handling (Frank Schmierler)

------------------------------------------------------------------------
r76 | roseg | 2013-09-26 14:33:21 +0200 (Thu, 26 Sep 2013) | 12 lines

Release 2.7b

Enhancements:
    - Add support for PATCH HTTP method

Bug fixes:
    - sanitize URLs for redirection (prevent CSRF)
    - SSL disable empty fragments
    - SSL disable compression (CRIME attack prevention)
    - fixed bug in configuration of DISABLED directive
    - changed the log level from WARNING to NOTICE if the thread arg is NULL

------------------------------------------------------------------------
r75 | roseg | 2012-04-09 15:37:26 +0200 (Mon, 09 Apr 2012) | 12 lines

Release 2.7a

Enhancements:
    - Anonymise configuration option - show last client address byte as 0 (based \ 
on an idea by Christian Doering)
    - SSLAllowClientRenegotiation (based on a patch from Joe Gooch)
    - SSLHonorCipherOrder (based on a patch from Joe Gooch)
    - Certificate alternate names support (based on a patch from Jonas Pasche)
    - poundctl shows the length of the request queue (based on a request from Leo)

Bug fixes:
    - fixed testing of gcc options

------------------------------------------------------------------------
r74 | roseg | 2011-12-28 14:57:45 +0100 (Wed, 28 Dec 2011) | 10 lines