head 1.2; access; symbols pkgsrc-2015Q2:1.1.0.10 pkgsrc-2015Q2-base:1.1 pkgsrc-2015Q1:1.1.0.8 pkgsrc-2015Q1-base:1.1 pkgsrc-2014Q4:1.1.0.6 pkgsrc-2014Q4-base:1.1 pkgsrc-2014Q3:1.1.0.4 pkgsrc-2014Q3-base:1.1 pkgsrc-2014Q2:1.1.0.2; locks; strict; comment @# @; 1.2 date 2015.07.04.13.13.53; author morr; state dead; branches; next 1.1; commitid IWhANRJrpR0j9Yry; 1.1 date 2014.07.14.15.30.10; author fhajny; state Exp; branches 1.1.2.1 1.1.10.1; next ; commitid VPY5JUg8gtaUhmIx; 1.1.2.1 date 2014.07.14.15.30.10; author tron; state dead; branches; next 1.1.2.2; commitid PNjOp9bTF301hdQx; 1.1.2.2 date 2014.09.13.18.13.24; author tron; state Exp; branches; next ; commitid PNjOp9bTF301hdQx; 1.1.10.1 date 2015.07.26.15.41.36; author bsiegert; state dead; branches; next ; commitid Zyuq2LJEXiBbhOuy; desc @@ 1.2 log @Security update to newest version. Changes: Released version 1.5.14 with the following main changes : - BUILD/MINOR: tools: rename popcount to my_popcountl - BUG/MAJOR: buffers: make the buffer_slow_realign() function respect output data Released version 1.5.13 with the following main changes : - BUG/MINOR: check: fix tcpcheck error message - CLEANUP: deinit: remove codes for cleaning p->block_rules - DOC: Update doc about weight, act and bck fields in the statistics - MINOR: ssl: add a destructor to free allocated SSL ressources - BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten - MEDIUM: ssl: replace standards DH groups with custom ones - BUG/MINOR: debug: display (null) in place of "meth" - BUG/MINOR: cfgparse: fix typo in 'option httplog' error message - BUG/MEDIUM: cfgparse: segfault when userlist is misused - BUG/MEDIUM: stats: properly initialize the scope before dumping stats - BUG/MEDIUM: http: don't forward client shutdown without NOLINGER except for tunnels - CLEANUP: checks: fix double usage of cur / current_step in tcp-checks - BUG/MEDIUM: checks: do not dereference head of a tcp-check at the end - CLEANUP: checks: simplify the loop processing of tcp-checks - BUG/MAJOR: checks: always check for end of list before proceeding - BUG/MEDIUM: checks: do not dereference a list as a tcpcheck struct - BUG/MEDIUM: peers: apply a random reconnection timeout - BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id - MEDIUM: init: don't stop proxies in parent process when exiting - MINOR: peers: store the pointer to the signal handler - MEDIUM: peers: unregister peers that were never started - MEDIUM: config: propagate the table's process list to the peers sections - MEDIUM: init: stop any peers section not bound to the correct process - MEDIUM: config: validate that peers sections are bound to exactly one process - MAJOR: peers: allow peers section to be used with nbproc > 1 - DOC: relax the peers restriction to single-process - CLEANUP: config: fix misleading information in error message. - MINOR: config: report the number of processes using a peers section in the error case - BUG/MEDIUM: config: properly compute the default number of processes for a proxy pkgsrc changes: Thanks to "rename popcount to my_popcountl" one of patches can be removed. @ text @$NetBSD: patch-standard_h,v 1.1 2014/07/14 15:30:10 fhajny Exp $ Remove local version of popcount(3), conflicts w/ libc. --- include/common/standard.h.orig 2014-07-12 14:40:52.000000000 +0000 +++ include/common/standard.h @@@@ -24,6 +24,7 @@@@ #include #include +#include #include #include #include @@@@ -565,6 +566,7 @@@@ static inline unsigned int div64_32(unsi return result; } +#if !defined(__NetBSD__) /* Simple popcount implementation. It returns the number of ones in a word */ static inline unsigned int popcount(unsigned long a) { @@@@ -575,6 +577,7 @@@@ static inline unsigned int popcount(unsi } return cnt; } +#endif /* Build a word with the lower bits set (reverse of popcount) */ static inline unsigned long nbits(int bits) @ 1.1 log @Update haproxy to 1.5.2. Introduce support for OpenSSL, PCRE and Zlib. 1.5.2 ----- Two extra important issues were discovered since 1.5.1 which were fixed in 1.5.2. The first one can cause some sample fetch combinations to fail together in a same expression, and one artificial case (but totally useless) may even crash the process. The second one is an incomplete fix in 1.5-dev23 for the request body forwarding. Hash-based balancing algorithms and http-send-name-header may fail if a request contains a body which starts to be forwarded before the contents are used. A few other bugs were fixed, and the max syslog line length is now configurable per logger. 1.5.1 ----- Version 1.5.1 fixes a few bugs from 1.5.0 among which a really annoying one which can cause some file descriptor leak when dealing with clients which disappear from the net, resulting in the impossibility to accept new connections after some time. 1.5.0 ----- 1.5 expands 1.4 with many new features and performance improvements, including native SSL support on both sides with SNI/NPN/ALPN and OCSP stapling, IPv6 and UNIX sockets are supported everywhere, full HTTP keep-alive for better support of NTLM and improved efficiency in static farms, HTTP/1.1 compression (deflate, gzip) to save bandwidth, PROXY protocol versions 1 and 2 on both sides, data sampling on everything in request or response, including payload, ACLs can use any matching method with any input sample maps and dynamic ACLs updatable from the CLI stick-tables support counters to track activity on any input sample custom format for logs, unique-id, header rewriting, and redirects, improved health checks (SSL, scripted TCP, check agent, ...), much more scalable configuration supports hundreds of thousands of backends and certificates without sweating. Full changelog for the 1.5 branch: http://www.haproxy.org/download/1.5/src/CHANGELOG @ text @d1 1 a1 1 $NetBSD$ @ 1.1.10.1 log @Pullup ticket #4759 - requested by morr net/haproxy: security fix Revisions pulled up: - net/haproxy/Makefile 1.21 - net/haproxy/distinfo 1.16 - net/haproxy/patches/patch-standard_h deleted --- Module Name: pkgsrc Committed By: morr Date: Sat Jul 4 13:13:53 UTC 2015 Modified Files: pkgsrc/net/haproxy: Makefile distinfo Removed Files: pkgsrc/net/haproxy/patches: patch-standard_h Log Message: Security update to newest version. Changes: Released version 1.5.14 with the following main changes : - BUILD/MINOR: tools: rename popcount to my_popcountl - BUG/MAJOR: buffers: make the buffer_slow_realign() function respect output data Released version 1.5.13 with the following main changes : - BUG/MINOR: check: fix tcpcheck error message - CLEANUP: deinit: remove codes for cleaning p->block_rules - DOC: Update doc about weight, act and bck fields in the statistics - MINOR: ssl: add a destructor to free allocated SSL ressources - BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten - MEDIUM: ssl: replace standards DH groups with custom ones - BUG/MINOR: debug: display (null) in place of "meth" - BUG/MINOR: cfgparse: fix typo in 'option httplog' error message - BUG/MEDIUM: cfgparse: segfault when userlist is misused - BUG/MEDIUM: stats: properly initialize the scope before dumping stats - BUG/MEDIUM: http: don't forward client shutdown without NOLINGER except for tunnels - CLEANUP: checks: fix double usage of cur / current_step in tcp-checks - BUG/MEDIUM: checks: do not dereference head of a tcp-check at the end - CLEANUP: checks: simplify the loop processing of tcp-checks - BUG/MAJOR: checks: always check for end of list before proceeding - BUG/MEDIUM: checks: do not dereference a list as a tcpcheck struct - BUG/MEDIUM: peers: apply a random reconnection timeout - BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id - MEDIUM: init: don't stop proxies in parent process when exiting - MINOR: peers: store the pointer to the signal handler - MEDIUM: peers: unregister peers that were never started - MEDIUM: config: propagate the table's process list to the peers sections - MEDIUM: init: stop any peers section not bound to the correct process - MEDIUM: config: validate that peers sections are bound to exactly one process - MAJOR: peers: allow peers section to be used with nbproc > 1 - DOC: relax the peers restriction to single-process - CLEANUP: config: fix misleading information in error message. - MINOR: config: report the number of processes using a peers section in the error case - BUG/MEDIUM: config: properly compute the default number of processes for a proxy pkgsrc changes: Thanks to "rename popcount to my_popcountl" one of patches can be removed. @ text @d1 1 a1 1 $NetBSD: patch-standard_h,v 1.1 2014/07/14 15:30:10 fhajny Exp $ @ 1.1.2.1 log @file patch-standard_h was added on branch pkgsrc-2014Q2 on 2014-09-13 18:13:24 +0000 @ text @d1 30 @ 1.1.2.2 log @Pullup ticket #4499 - requested by morr net/haproxy: security update Revisions pulled up: - net/haproxy/Makefile 1.13-1.15 - net/haproxy/PLIST 1.5 - net/haproxy/distinfo 1.9-1.11 - net/haproxy/options.mk 1.1 - net/haproxy/patches/patch-aa 1.5 - net/haproxy/patches/patch-ab deleted - net/haproxy/patches/patch-standard_h 1.1 --- Module Name: pkgsrc Committed By: fhajny Date: Mon Jul 14 15:30:10 UTC 2014 Modified Files: pkgsrc/net/haproxy: Makefile PLIST distinfo pkgsrc/net/haproxy/patches: patch-aa Added Files: pkgsrc/net/haproxy: options.mk pkgsrc/net/haproxy/patches: patch-standard_h Removed Files: pkgsrc/net/haproxy/patches: patch-ab Log Message: Update haproxy to 1.5.2. Introduce support for OpenSSL, PCRE and Zlib. 1.5.2 ----- Two extra important issues were discovered since 1.5.1 which were fixed in 1.5.2. The first one can cause some sample fetch combinations to fail together in a same expression, and one artificial case (but totally useless) may even crash the process. The second one is an incomplete fix in 1.5-dev23 for the request body forwarding. Hash-based balancing algorithms and http-send-name-header may fail if a request contains a body which starts to be forwarded before the contents are used. A few other bugs were fixed, and the max syslog line length is now configurable per logger. 1.5.1 ----- Version 1.5.1 fixes a few bugs from 1.5.0 among which a really annoying one which can cause some file descriptor leak when dealing with clients which disappear from the net, resulting in the impossibility to accept new connections after some time. 1.5.0 ----- 1.5 expands 1.4 with many new features and performance improvements, including native SSL support on both sides with SNI/NPN/ALPN and OCSP stapling, IPv6 and UNIX sockets are supported everywhere, full HTTP keep-alive for better support of NTLM and improved efficiency in static farms, HTTP/1.1 compression (deflate, gzip) to save bandwidth, PROXY protocol versions 1 and 2 on both sides, data sampling on everything in request or response, including payload, ACLs can use any matching method with any input sample maps and dynamic ACLs updatable from the CLI stick-tables support counters to track activity on any input sample custom format for logs, unique-id, header rewriting, and redirects, improved health checks (SSL, scripted TCP, check agent, ...), much more scalable configuration supports hundreds of thousands of backends and certificates without sweating. Full changelog for the 1.5 branch: http://www.haproxy.org/download/1.5/src/CHANGELOG --- Module Name: pkgsrc Committed By: fhajny Date: Sun Jul 27 16:33:36 UTC 2014 Modified Files: pkgsrc/net/haproxy: Makefile distinfo Log Message: Update haproxy to 1.5.3. 2014/07/25 : 1.5.3 - DOC: fix typo in Unix Socket commands - BUG/MEDIUM: connection: fix memory corruption when building a proxy v2 header - BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange - DOC: mention that Squid correctly responds 400 to PPv2 header - BUG/MINOR: http: base32+src should use the big endian version of base32 - BUG/MEDIUM: connection: fix proxy v2 header again! --- Module Name: pkgsrc Committed By: morr Date: Fri Sep 12 21:37:38 UTC 2014 Modified Files: pkgsrc/net/haproxy: Makefile distinfo Log Message: Update to version 1.5.4. Changes: - BUG: config: error in http-response replace-header number of arguments - BUG/MINOR: Fix search for -p argument in systemd wrapper. - BUG/MEDIUM: auth: fix segfault with http-auth and a configuration with an unknown encryption algorithm - BUG/MEDIUM: config: userlists should ensure that encrypted passwords are supported - MEDIUM: connection: add new bit in Proxy Protocol V2 - BUG/MINOR: server: move the directive #endif to the end of file - BUG/MEDIUM: http: tarpit timeout is reset - BUG/MAJOR: tcp: fix a possible busy spinning loop in content track-sc* - BUG/MEDIUM: http: fix inverted condition in pat_match_meth() - BUG/MEDIUM: http: fix improper parsing of HTTP methods for use with ACLs - BUG/MINOR: pattern: remove useless allocation of unused trash in pat_parse_reg() - BUG/MEDIUM: acl: correctly compute the output type when a converter is used - CLEANUP: acl: cleanup some of the redundancy and spaghetti after last fix - BUG/CRITICAL: http: don't update msg->sov once data start to leave the buffer @ text @a0 30 $NetBSD$ Remove local version of popcount(3), conflicts w/ libc. --- include/common/standard.h.orig 2014-07-12 14:40:52.000000000 +0000 +++ include/common/standard.h @@@@ -24,6 +24,7 @@@@ #include #include +#include #include #include #include @@@@ -565,6 +566,7 @@@@ static inline unsigned int div64_32(unsi return result; } +#if !defined(__NetBSD__) /* Simple popcount implementation. It returns the number of ones in a word */ static inline unsigned int popcount(unsigned long a) { @@@@ -575,6 +577,7 @@@@ static inline unsigned int popcount(unsi } return cnt; } +#endif /* Build a word with the lower bits set (reverse of popcount) */ static inline unsigned long nbits(int bits) @