head 1.22; access; symbols pkgsrc-2023Q4:1.22.0.2 pkgsrc-2023Q4-base:1.22 pkgsrc-2023Q3:1.21.0.2 pkgsrc-2023Q3-base:1.21 pkgsrc-2023Q2:1.20.0.2 pkgsrc-2023Q2-base:1.20 pkgsrc-2023Q1:1.19.0.10 pkgsrc-2023Q1-base:1.19 pkgsrc-2022Q4:1.19.0.8 pkgsrc-2022Q4-base:1.19 pkgsrc-2022Q3:1.19.0.6 pkgsrc-2022Q3-base:1.19 pkgsrc-2022Q2:1.19.0.4 pkgsrc-2022Q2-base:1.19 pkgsrc-2022Q1:1.19.0.2 pkgsrc-2022Q1-base:1.19 pkgsrc-2021Q4:1.18.0.4 pkgsrc-2021Q4-base:1.18 pkgsrc-2021Q3:1.18.0.2 pkgsrc-2021Q3-base:1.18 pkgsrc-2021Q2:1.17.0.8 pkgsrc-2021Q2-base:1.17 pkgsrc-2021Q1:1.17.0.6 pkgsrc-2021Q1-base:1.17 pkgsrc-2020Q4:1.17.0.4 pkgsrc-2020Q4-base:1.17 pkgsrc-2020Q3:1.17.0.2 pkgsrc-2020Q3-base:1.17 pkgsrc-2020Q2:1.16.0.2 pkgsrc-2020Q2-base:1.16 pkgsrc-2020Q1:1.12.0.2 pkgsrc-2020Q1-base:1.12 pkgsrc-2019Q4:1.11.0.4 pkgsrc-2019Q4-base:1.11 pkgsrc-2019Q3:1.10.0.4 pkgsrc-2019Q3-base:1.10 pkgsrc-2019Q2:1.10.0.2 pkgsrc-2019Q2-base:1.10 pkgsrc-2019Q1:1.9.0.2 pkgsrc-2019Q1-base:1.9 pkgsrc-2018Q4:1.8.0.2 pkgsrc-2018Q4-base:1.8 pkgsrc-2018Q3:1.7.0.2 pkgsrc-2018Q3-base:1.7 pkgsrc-2018Q2:1.6.0.12 pkgsrc-2018Q2-base:1.6 pkgsrc-2018Q1:1.6.0.10 pkgsrc-2018Q1-base:1.6 pkgsrc-2017Q4:1.6.0.8 pkgsrc-2017Q4-base:1.6 pkgsrc-2017Q3:1.6.0.6 pkgsrc-2017Q3-base:1.6 pkgsrc-2017Q2:1.6.0.2 pkgsrc-2017Q2-base:1.6 pkgsrc-2017Q1:1.5.0.2 pkgsrc-2017Q1-base:1.5 pkgsrc-2016Q4:1.4.0.2 pkgsrc-2016Q4-base:1.4 pkgsrc-2016Q3:1.3.0.2 pkgsrc-2016Q3-base:1.3 pkgsrc-2016Q2:1.1.0.2 pkgsrc-2016Q2-base:1.1; locks; strict; comment @# @; 1.22 date 2023.10.24.22.10.48; author wiz; state Exp; branches; next 1.21; commitid MTsrqKm6aGrQAVJE; 1.21 date 2023.08.14.05.25.09; author wiz; state Exp; branches; next 1.20; commitid LOSB79OLVxvXjIAE; 1.20 date 2023.04.04.21.51.07; author tpaul; state Exp; branches; next 1.19; commitid I5VX8IdS5FfK1QjE; 1.19 date 2022.03.11.21.36.01; author tnn; state Exp; branches; next 1.18; commitid 3CyfCMk68LBWrQvD; 1.18 date 2021.06.27.10.12.10; author tnn; state Exp; branches; next 1.17; commitid uBNGZe6E61RgVKYC; 1.17 date 2020.08.15.02.16.18; author tnn; state Exp; branches; next 1.16; commitid 5wwAdKIZsJRUr6kC; 1.16 date 2020.05.31.16.26.36; author tnn; state Exp; branches; next 1.15; commitid bIhtWS6Klds7BpaC; 1.15 date 2020.05.31.14.54.10; author rillig; state Exp; branches; next 1.14; commitid FT13eRXN1geu5paC; 1.14 date 2020.05.27.19.37.41; author wiz; state Exp; branches; next 1.13; commitid anuppwIr6jQDMU9C; 1.13 date 2020.05.17.15.01.41; author nia; state Exp; branches; next 1.12; commitid Wl5TtpgexDPUzB8C; 1.12 date 2020.01.18.21.50.38; author jperkin; state Exp; branches; next 1.11; commitid JW4hJgY8ZdoTFdTB; 1.11 date 2019.11.04.21.12.53; author rillig; state Exp; branches; next 1.10; commitid G51T39p39YNQTzJB; 1.10 date 2019.04.25.07.33.15; author maya; state Exp; branches; next 1.9; commitid 1FEMQBEPb9uTxHkB; 1.9 date 2019.03.04.13.56.19; author tnn; state Exp; branches; next 1.8; commitid EyL3QOnDq9wSl3eB; 1.8 date 2018.12.15.21.12.22; author wiz; state Exp; branches; next 1.7; commitid MNezDhBeO99pjW3B; 1.7 date 2018.09.07.13.54.45; author fhajny; state Exp; branches; next 1.6; commitid 5xtA27R0C7xx4bRA; 1.6 date 2017.06.14.13.28.57; author fhajny; state Exp; branches; next 1.5; commitid CtHok1uXuXQtolVz; 1.5 date 2017.01.09.13.02.20; author fhajny; state Exp; branches; next 1.4; commitid 7yHiVmZ1ZJwegiBz; 1.4 date 2016.10.02.09.19.35; author fhajny; state Exp; branches; next 1.3; commitid r1so85OA62o7dyoz; 1.3 date 2016.09.19.09.33.57; author fhajny; state Exp; branches; next 1.2; commitid sKqWKSDeiGkSHSmz; 1.2 date 2016.08.22.09.34.40; author fhajny; state Exp; branches; next 1.1; commitid DsEgpQTvGS7ZBhjz; 1.1 date 2016.05.25.20.15.35; author fhajny; state Exp; branches; next ; commitid gIgcF8UkyenFZT7z; desc @@ 1.22 log @*: bump for openssl 3 @ text @# $NetBSD: Makefile,v 1.21 2023/08/14 05:25:09 wiz Exp $ DISTNAME= hitch-1.7.3 PKGREVISION= 2 CATEGORIES= security MASTER_SITES= https://hitch-tls.org/source/ MAINTAINER= pkgsrc-users@@NetBSD.org HOMEPAGE= https://hitch-tls.org/ COMMENT= High performance SSL/TLS proxy LICENSE= 2-clause-bsd GNU_CONFIGURE= yes USE_TOOLS+= pkg-config .include "../../mk/bsd.prefs.mk" CHECK_PORTABILITY_SKIP+= src/tests/* CPPFLAGS.SunOS+= -D__EXTENSIONS__ LIBS.SunOS+= -lnsl -lsocket BUILD_DEFS+= HITCH_USER HITCH_GROUP HITCH_CERTS VARBASE HITCH_USER?= hitch HITCH_GROUP?= hitch HITCH_CERTS?= ${PKG_SYSCONFDIR}/certs.pem HITCH_OCSP?= ${VARBASE}/db/hitch PKG_GROUPS+= ${HITCH_GROUP} PKG_USERS+= ${HITCH_USER}:${HITCH_GROUP} PKG_GECOS.${HITCH_USER}= hitch daemon user RCD_SCRIPTS= hitch MESSAGE_SUBST+= HITCH_CERTS=${HITCH_CERTS} SUBST_CLASSES+= dir SUBST_STAGE.dir= pre-configure SUBST_FILES.dir= hitch.conf.example src/configuration.c SUBST_VARS.dir= HITCH_USER HITCH_GROUP HITCH_CERTS HITCH_OCSP SUBST_MESSAGE.dir= Setting default configuration values PKG_SYSCONFSUBDIR= hitch CONF_FILES+= share/examples/hitch/hitch.conf.example \ ${PKG_SYSCONFDIR}/hitch.conf INSTALLATION_DIRS+= share/examples/hitch OWN_DIRS_PERMS+= ${HITCH_OCSP} ${HITCH_USER} ${HITCH_GROUP} 0755 post-install: ${MV} ${DESTDIR}${PREFIX}/share/doc/hitch/hitch.conf.example \ ${DESTDIR}${PREFIX}/share/examples/hitch PYTHON_FOR_BUILD_ONLY= yes .include "../../lang/python/pyversion.mk" .include "../../devel/libev/buildlink3.mk" .include "../../security/openssl/buildlink3.mk" .include "../../mk/bsd.pkg.mk" @ 1.21 log @*: recursive bump for Python 3.11 as new default @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.20 2023/04/04 21:51:07 tpaul Exp $ d4 1 a4 1 PKGREVISION= 1 @ 1.20 log @security/hitch: Update to 1.7.3 Add patches to fix build on Illumos. Upstream release notes: - Fixes build for OpenSSL 3.0. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.19 2022/03/11 21:36:01 tnn Exp $ d4 1 @ 1.19 log @hitch: update to 1.7.2 Minor bugfixes and build fixes. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.18 2021/06/27 10:12:10 tnn Exp $ d3 1 a3 1 DISTNAME= hitch-1.7.2 @ 1.18 log @hitch: update to 1.7.0 2020-10-27: Hitch 1.7.0 released. This introduces support for PROXYv2 in --proxy-proxy mode, adds new command line switches for various settings, and fixes a bug relating to an imbalance in worker process load distribution, among other things. See the changelog for more information. 2020-08-31: Hitch 1.6.1 released. Fixes an issue in the PROXYv2 handling where we sometimes would transmit the wrong 'verify' status for client certificate verification. (changelog) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.17 2020/08/15 02:16:18 tnn Exp $ d3 1 a3 1 DISTNAME= hitch-1.7.0 @ 1.17 log @hitch: update to 1.6.0 Introduces support for client certificate authentication along with various other fixes and improvements. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.16 2020/05/31 16:26:36 tnn Exp $ d3 1 a3 1 DISTNAME= hitch-1.6.0 @ 1.16 log @hitch: drop unused build dependency for py-docutils @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.15 2020/05/31 14:54:10 rillig Exp $ d3 1 a3 1 DISTNAME= hitch-1.5.2 d22 1 a22 1 BUILD_DEFS+= HITCH_USER HITCH_GROUP HITCH_CERTS @ 1.15 log @security/hitch: remove unknown configure option @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.14 2020/05/27 19:37:41 wiz Exp $ a11 2 BUILD_DEPENDS+= ${PYPKGPREFIX}-docutils-[0-9]*:../../textproc/py-docutils @ 1.14 log @*: reset MAINTAINER for fhajny on his request @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.13 2020/05/17 15:01:41 nia Exp $ a20 2 CONFIGURE_ARGS+= --with-rst2man=${PREFIX}/bin/rst2man.py${PYVERSSUFFIX} @ 1.13 log @hitch: Update to 1.5.2 hitch-1.5.2 (2019-11-27) ------------------------ * Fix a problem introduced in the previous release that prevented us from running as a non-privileged user (Issue: 322_). .. _322: https://github.com/varnish/hitch/issues/322 hitch-1.5.1 (2019-11-26) ------------------------ * Support for TCP Fast Open. Is is disabled by default (Issue: 185_) * Various code cleanups and minor bug fixes. .. _185: https://github.com/varnish/hitch/issues/185 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.12 2020/01/18 21:50:38 jperkin Exp $ d7 1 a7 1 MAINTAINER= fhajny@@NetBSD.org @ 1.12 log @*: Recursive revision bump for openssl 1.1.1. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.11 2019/11/04 21:12:53 rillig Exp $ d3 1 a3 2 DISTNAME= hitch-1.5.0 PKGREVISION= 2 @ 1.11 log @security: align variable assignments pkglint -Wall -F --only aligned --only indent -r No manual corrections. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.10 2019/04/25 07:33:15 maya Exp $ d4 1 a4 1 PKGREVISION= 1 @ 1.10 log @PKGREVISION bump for anything using python without a PYPKGPREFIX. This is a semi-manual PKGREVISION bump. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.9 2019/03/04 13:56:19 tnn Exp $ d36 1 a36 1 PKG_GECOS.${HITCH_USER}=hitch daemon user @ 1.9 log @hitch-1.5.0 (2018-12-17) Support for UNIX domain socket connections. New configuration file settings pem-dir and pem-dir-glob. Support for TLS 1.3. Fixed a bug that would cause a crash on reload if ocsp-dir was changed. Add log-level. This supersedes the previous quiet setting. Add proxy-tlv. This enables extra reporting of cipher and protocol. Drop TLSv1.1 from the default TLS protocols list. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.8 2018/12/15 21:12:22 wiz Exp $ d4 1 @ 1.8 log @*: update email for fhajny @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.7 2018/09/07 13:54:45 fhajny Exp $ d3 1 a3 1 DISTNAME= hitch-1.4.8 @ 1.7 log @security/hitch: Update to 1.4.8. hitch-1.4.8 (2018-04-19) ------------------------ - Reworked the dynamic backend bits. - Update docs to recommend running Hitch as a separate non-privileged user. hitch-1.4.7 (2018-01-11) ------------------------ - Massive test suite refactor and update. - Fix OpenBSD/FreeBSD/POSIX portability issues: restrict fstat(1) to OpenBSD, bring sockstat(1) support back, drop pathchk(1) usage in the test suite, switch from sockstat(1) to fstat(1) - Add an OCSP refresh timeout parameter - Autotools polish - Random usage of config section if reduntant - Support for separate key files - Fix logging to syslog even when set to syslog = off - Making log-filename, recv-bufsize and send-bufsize parameters available though command line and config file. - Fix: global backaddr is assumed to be static - Add support for session-cache in config file and as cmdline option - Plug file descriptor leak: killing worker processes would leave the pipe's write end open, leaking one file descriptor per worker upon reload @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.6 2017/06/14 13:28:57 fhajny Exp $ d7 1 a7 1 MAINTAINER= filip@@joyent.com @ 1.6 log @Update security/hitch to 1.4.6. Update security/hitch to 1.4.6. hitch-1.4.6 (2017-06-06) - Fix a problem that broke mock-based builds for el6/el7 hitch-1.4.5 (2017-05-31) - Set SSL_OP_SINGLE_ECDH_USE to force a fresh ECDH key pair per handshake - Fix a bug where we ended up leaking a zombie process on reload - Fix a bug where the management process could not find its configuration files after a reload when chroot was configured - Output the offending line on a configuration file parsing error - Fix build for non-C99/C11 compilers - Fix the shared cache code to make it work also with OpenSSL 1.1.0 - Fix an unchecked loop situation that could occur when running with shared cache enabled - Various autotools configuration fixes - A few minor doc fixes @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.5 2017/01/09 13:02:20 fhajny Exp $ d3 1 a3 1 DISTNAME= hitch-1.4.6 @ 1.5 log @Update security/hitch to 1.4.4. hitch-1.4.4 (2016-12-22) ------------------------ - OpenSSL 1.1.0 compatibility fixes. OpenSSL 1.1.0 is now fully supported with Hitch. - Fix a bug in the OCSP refresh code that could make it loop with immediate refreshes flooding an OCSP responder. - Force the SSL_OP_SINGLE_DH_USE setting. This protects against an OpenSSL vulnerability where a remote attacker could discover private DH exponents (CVE-2016-0701). hitch-1.4.3 (2016-11-14) ------------------------ - OCSP stapling is now enabled by default. Users should create ocsp-dir (default: /var/lib/hitch/) and make it writable for the hitch user. - Build error due to man page generation on FreeBSD (most likely non-Linux) has been fixed. hitch-1.4.2 (2016-11-08) ------------------------ - Example configuration file hitch.conf.example has been shortened and defaults moved into Hitch itself. Default cipher string is now what we believe to be secure. Users are recommended to use the built-in default from now on, unless they have special requirements. - hitch.conf(5) manual has been added. - Hitch will now send a TLS Close notification during connection teardown. This fixes an incomplete read with a GnuTLS client when the backend (thttpd) used EOF to signal end of data, leaving some octets discarded by gnutls client-side. (Issue 127_) - Autotools will now detect SO_REUSEPORT availability. (Issue 122_) - Improved error handling on memory allocation failure. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.4 2016/10/02 09:19:35 fhajny Exp $ d3 1 a3 1 DISTNAME= hitch-1.4.4 @ 1.4 log @Update security/hitch to 1.4.1. - Add a new tls-protos configuration option for specifying the permitted TLS/SSL protocols. This new option supersedes settings ssl and tls which are now deprecated and will be kept for backwards compatibility. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.3 2016/09/19 09:33:57 fhajny Exp $ d3 1 a3 1 DISTNAME= hitch-1.4.1 d19 2 d31 1 d43 2 a44 2 SUBST_FILES.dir= hitch.conf.example SUBST_VARS.dir= HITCH_USER HITCH_GROUP HITCH_CERTS d53 2 @ 1.3 log @Update security/hitch to 1.4.0. hitch-1.4.0 (2016-09-12) - Fix a bug in the OCSP request code where it broke if the OCSP responder required a Host header. (#113) - Add support for ECC certificates (#116). hitch-1.4.0-beta1 (2016-08-26) - NPN/ALPN support for negotiating a protocol in the SSL handshake. This lets you use Hitch for terminating TLS in front of an HTTP/2 capable backend. For ALPN, OpenSSL 1.0.2 is needed, while NPN requires OpenSSL 1.0.1. - Expanded PROXY protocol support for communicating an ALPN/NPN negotiated protocol to the backend. Hitch will now include the ALPN/NPN protocol that was selected during the handshake as part of the PROXYv2 header. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.2 2016/08/22 09:34:40 fhajny Exp $ d3 1 a3 1 DISTNAME= hitch-1.4.0 @ 1.2 log @Update security/hitch to 1.3.1. hitch-1.3.1 (2016-08-16) - Fixes a bug in the autotools configuration which led to man pages not being built. hitch-1.3.0 (2016-08-16) - Fix a bug where we crashed in the OCSP handling if there was no default SSLCTX configured. - Minor documentation fix. hitch-1.3.0-beta3 (2016-07-26) - Fully automated retrieval and refreshes of OCSP responses (see configuration.md for details). - New parameters ocsp-dir, ocsp-resp-tmo and ocsp-connect-tmo. - Cleanup of various log messages. - Verification of OCSP staples. Enabled by setting ocsp-verify-staple = on. - Make rst2man an optional requirement (#93). Thanks to Barry Allard. - Avoid stapling expired OCSP responses - A few fixes to the shared cache updating code. Thanks to Piyush Dewnani hitch-1.3.0-beta2 (2016-05-31) - Options given on the command line now take presedence over configuration file settings. I.e. there is no longer a need to specify --config first to get this behavior. - Config file regression: "yes" and "no" are now accepted by the config file parser as boolean values. - Documentation improvements and spelling fixes. - Various minor autotools build fixes. hitch-1.3.0-beta1 (2016-05-11) - Support for OCSP stapling (see configuration.md for details) - Initialize OpenSSL locking callback if an engine is loaded. Some SSL accelerator cards have their custom SSL engine running in a multithreaded context. For these to work correctly, Hitch needs to initialize a set of mutexes utilized by the OpenSSL library. - #82: A mistake in the SNI lookup code caused us to inspect the wrong list when looking for wildcard certificate matches. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.1 2016/05/25 20:15:35 fhajny Exp $ d3 1 a3 1 DISTNAME= hitch-1.3.1 d22 1 a22 1 LIBS.SunOS+= -lsocket @ 1.1 log @Import hitch-1.2.0 as security/hitch (based on wip/hitch). Hitch is a libev-based high performance SSL/TLS proxy by Varnish Software. @ text @d1 1 a1 1 # $NetBSD$ d3 1 a3 1 DISTNAME= hitch-1.2.0 d40 1 a40 1 SUBST_FILES.dir= hitch.conf.ex d45 1 a45 1 CONF_FILES+= share/examples/hitch/hitch.conf.ex \ d51 1 a51 1 ${MV} ${DESTDIR}${PREFIX}/share/doc/hitch/hitch.conf.ex \ @