pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/hitch
Module Name: pkgsrc
Committed By: fhajny
Date: Mon Jan 9 13:02:21 UTC 2017
Modified Files:
pkgsrc/security/hitch: Makefile PLIST distinfo
pkgsrc/security/hitch/patches: patch-hitch.conf.example
patch-src_hitch.c
Added Files:
pkgsrc/security/hitch/patches: patch-src_configuration.c
Log Message:
Update security/hitch to 1.4.4.
hitch-1.4.4 (2016-12-22)
------------------------
- OpenSSL 1.1.0 compatibility fixes. OpenSSL 1.1.0 is now fully
supported with Hitch.
- Fix a bug in the OCSP refresh code that could make it loop with
immediate refreshes flooding an OCSP responder.
- Force the SSL_OP_SINGLE_DH_USE setting. This protects against an
OpenSSL vulnerability where a remote attacker could discover private
DH exponents (CVE-2016-0701).
hitch-1.4.3 (2016-11-14)
------------------------
- OCSP stapling is now enabled by default.
Users should create ocsp-dir (default: /var/lib/hitch/) and make it
writable for the hitch user.
- Build error due to man page generation on FreeBSD (most likely non-Linux)
has been fixed.
hitch-1.4.2 (2016-11-08)
------------------------
- Example configuration file hitch.conf.example has been shortened and
defaults moved into Hitch itself. Default cipher string is now what we
believe to be secure. Users are recommended to use the built-in default
from now on, unless they have special requirements.
- hitch.conf(5) manual has been added.
- Hitch will now send a TLS Close notification during connection teardown.
This fixes an incomplete read with a GnuTLS client when the backend
(thttpd) used EOF to signal end of data, leaving some octets discarded
by gnutls client-side. (Issue 127_)
- Autotools will now detect SO_REUSEPORT availability. (Issue 122_)
- Improved error handling on memory allocation failure.
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/security/hitch/Makefile \
pkgsrc/security/hitch/distinfo
cvs rdiff -u -r1.2 -r1.3 pkgsrc/security/hitch/PLIST
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/security/hitch/patches/patch-hitch.conf.example \
pkgsrc/security/hitch/patches/patch-src_hitch.c
cvs rdiff -u -r0 -r1.1 \
pkgsrc/security/hitch/patches/patch-src_configuration.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/hitch/Makefile
diff -u pkgsrc/security/hitch/Makefile:1.4 pkgsrc/security/hitch/Makefile:1.5
--- pkgsrc/security/hitch/Makefile:1.4 Sun Oct 2 09:19:35 2016
+++ pkgsrc/security/hitch/Makefile Mon Jan 9 13:02:20 2017
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.4 2016/10/02 09:19:35 fhajny Exp $
+# $NetBSD: Makefile,v 1.5 2017/01/09 13:02:20 fhajny Exp $
-DISTNAME= hitch-1.4.1
+DISTNAME= hitch-1.4.4
CATEGORIES= security
MASTER_SITES= https://hitch-tls.org/source/
@@ -16,6 +16,8 @@ USE_TOOLS+= pkg-config
.include "../../mk/bsd.prefs.mk"
+CHECK_PORTABILITY_SKIP+= src/tests/*
+
CONFIGURE_ARGS+= --with-rst2man=${PREFIX}/bin/rst2man.py${PYVERSSUFFIX}
CPPFLAGS.SunOS+= -D__EXTENSIONS__
@@ -26,6 +28,7 @@ BUILD_DEFS+= HITCH_USER HITCH_GROUP HIT
HITCH_USER?= hitch
HITCH_GROUP?= hitch
HITCH_CERTS?= ${PKG_SYSCONFDIR}/certs.pem
+HITCH_OCSP?= ${VARBASE}/db/hitch
PKG_GROUPS+= ${HITCH_GROUP}
PKG_USERS+= ${HITCH_USER}:${HITCH_GROUP}
@@ -37,8 +40,8 @@ MESSAGE_SUBST+= HITCH_CERTS=${HITCH_CER
SUBST_CLASSES+= dir
SUBST_STAGE.dir= pre-configure
-SUBST_FILES.dir= hitch.conf.example
-SUBST_VARS.dir= HITCH_USER HITCH_GROUP HITCH_CERTS
+SUBST_FILES.dir= hitch.conf.example src/configuration.c
+SUBST_VARS.dir= HITCH_USER HITCH_GROUP HITCH_CERTS HITCH_OCSP
SUBST_MESSAGE.dir= Setting default configuration values
PKG_SYSCONFSUBDIR= hitch
@@ -47,6 +50,8 @@ CONF_FILES+= share/examples/hitch/hitch
INSTALLATION_DIRS+= share/examples/hitch
+OWN_DIRS_PERMS+= ${HITCH_OCSP} ${HITCH_USER} ${HITCH_GROUP} 0755
+
post-install:
${MV} ${DESTDIR}${PREFIX}/share/doc/hitch/hitch.conf.example \
${DESTDIR}${PREFIX}/share/examples/hitch
Index: pkgsrc/security/hitch/distinfo
diff -u pkgsrc/security/hitch/distinfo:1.4 pkgsrc/security/hitch/distinfo:1.5
--- pkgsrc/security/hitch/distinfo:1.4 Sun Oct 2 09:19:35 2016
+++ pkgsrc/security/hitch/distinfo Mon Jan 9 13:02:20 2017
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.4 2016/10/02 09:19:35 fhajny Exp $
+$NetBSD: distinfo,v 1.5 2017/01/09 13:02:20 fhajny Exp $
-SHA1 (hitch-1.4.1.tar.gz) = 5af72612306dbd48d363f816494b8cf8ec4e0c19
-RMD160 (hitch-1.4.1.tar.gz) = cd187994b558f1c43eef069e388add6c658fbd5d
-SHA512 (hitch-1.4.1.tar.gz) = e2e788e6239d68371de606f088d39923f1d661fd41d1124cfc269297b328faf51df5c5450460dd61ed4b0dc33e198d9354ebf95ea4c57a4a231cbf444e5d628c
-Size (hitch-1.4.1.tar.gz) = 272769 bytes
-SHA1 (patch-hitch.conf.example) = 3200fedcc6528476f9b5eca599f156def3e743e0
-SHA1 (patch-src_hitch.c) = f16c5010a704291fd1c986b73bb987fd92148616
+SHA1 (hitch-1.4.4.tar.gz) = 6c836d24fce74892dc97217eb733dffa7c91109c
+RMD160 (hitch-1.4.4.tar.gz) = fe48092f9e5ba674db2ac04228fccd3c108aeaba
+SHA512 (hitch-1.4.4.tar.gz) = 33037c6ba2882575d9d4a63adcbef7db9a0294e8fdc2eee5a5cc8a45656d9c9620952e49f71abbfbc94c6d1781911ad1b76237a058d3dda3eaaf2f220d15cd18
+Size (hitch-1.4.4.tar.gz) = 300494 bytes
+SHA1 (patch-hitch.conf.example) = 1c922c2e294362ef009ff60bfe43f746de596087
+SHA1 (patch-src_configuration.c) = ba89c7c987159f66b1694435613aa89a6f9574de
+SHA1 (patch-src_hitch.c) = 7d92f2d83b302e3ca8a2acebc6c4697c1da184b2
Index: pkgsrc/security/hitch/PLIST
diff -u pkgsrc/security/hitch/PLIST:1.2 pkgsrc/security/hitch/PLIST:1.3
--- pkgsrc/security/hitch/PLIST:1.2 Mon Aug 22 09:34:40 2016
+++ pkgsrc/security/hitch/PLIST Mon Jan 9 13:02:20 2017
@@ -1,4 +1,5 @@
-@comment $NetBSD: PLIST,v 1.2 2016/08/22 09:34:40 fhajny Exp $
+@comment $NetBSD: PLIST,v 1.3 2017/01/09 13:02:20 fhajny Exp $
+man/man5/hitch.conf.5
man/man8/hitch.8
sbin/hitch
share/doc/hitch/CHANGES.rst
Index: pkgsrc/security/hitch/patches/patch-hitch.conf.example
diff -u pkgsrc/security/hitch/patches/patch-hitch.conf.example:1.1 pkgsrc/security/hitch/patches/patch-hitch.conf.example:1.2
--- pkgsrc/security/hitch/patches/patch-hitch.conf.example:1.1 Mon Aug 22 09:34:40 2016
+++ pkgsrc/security/hitch/patches/patch-hitch.conf.example Mon Jan 9 13:02:20 2017
@@ -1,48 +1,33 @@
-$NetBSD: patch-hitch.conf.example,v 1.1 2016/08/22 09:34:40 fhajny Exp $
+$NetBSD: patch-hitch.conf.example,v 1.2 2017/01/09 13:02:20 fhajny Exp $
Sane default options.
---- hitch.conf.example.orig 2016-08-15 13:51:51.000000000 +0000
+--- hitch.conf.example.orig 2016-11-14 13:13:10.000000000 +0000
+++ hitch.conf.example
-@@ -43,7 +43,7 @@ backend = "[127.0.0.1]:6081"
- # only available for a specific listen endpoint.
- #
- # type: string
--pem-file = ""
-+pem-file = "@HITCH_CERTS@"
+@@ -2,15 +2,15 @@
- # OCSP settings
- #
-@@ -120,12 +120,12 @@ chroot = ""
- # Set uid after binding a socket
- #
- # type: string
--user = ""
-+user = "@HITCH_USER@"
- # Set gid after binding a socket
- #
- # type: string
--group = ""
-+group = "@HITCH_GROUP@"
+ frontend = {
+- host = "*"
++ host = "127.0.0.1"
+ port = "443"
+ }
+ backend = "[127.0.0.1]:6086" # 6086 is the default Varnish PROXY port.
+ workers = 4 # number of CPU cores
- # Quiet execution, report only error messages
- #
-@@ -135,7 +135,7 @@ quiet = off
- # Use syslog for logging
- #
- # type: boolean
--syslog = off
-+syslog = on
+ daemon = on
+-user = "nobody"
+-group = "nogroup"
++user = "@HITCH_USER@"
++group = "@HITCH_GROUP@"
- # Syslog facility to use
- #
-@@ -145,7 +145,7 @@ syslog-facility = "daemon"
- # Run as daemon
- #
- # type: boolean
--daemon = off
-+daemon = on
+ # Enable to let clients negotiate HTTP/2 with ALPN. (default off)
+ # alpn-protos = "http/2, http/1.1"
+@@ -18,4 +18,6 @@ group = "nogroup"
+ # run Varnish as backend over PROXY; varnishd -a :80 -a localhost:6086,PROXY ..
+ write-proxy-v2 = on # Write PROXY header
- # Report client address by writing IP before sending data
- #
+-
++pem-file = {
++ cert = "@HITCH_CERTS@"
++}
Index: pkgsrc/security/hitch/patches/patch-src_hitch.c
diff -u pkgsrc/security/hitch/patches/patch-src_hitch.c:1.1 pkgsrc/security/hitch/patches/patch-src_hitch.c:1.2
--- pkgsrc/security/hitch/patches/patch-src_hitch.c:1.1 Wed May 25 20:15:35 2016
+++ pkgsrc/security/hitch/patches/patch-src_hitch.c Mon Jan 9 13:02:20 2017
@@ -1,10 +1,10 @@
-$NetBSD: patch-src_hitch.c,v 1.1 2016/05/25 20:15:35 fhajny Exp $
+$NetBSD: patch-src_hitch.c,v 1.2 2017/01/09 13:02:20 fhajny Exp $
Need sys/filio on SunOS for FIONBIO.
---- src/hitch.c.orig 2016-01-26 14:58:56.000000000 +0000
+--- src/hitch.c.orig 2016-11-11 13:10:38.000000000 +0000
+++ src/hitch.c
-@@ -77,6 +77,10 @@
+@@ -62,6 +62,10 @@
#include <sys/prctl.h>
#endif
@@ -12,6 +12,6 @@ Need sys/filio on SunOS for FIONBIO.
+#include <sys/filio.h>
+#endif
+
- #include "uthash.h"
- #include "ringbuffer.h"
- #include "miniobj.h"
+ #include "config.h"
+ #include "configuration.h"
+ #include "hitch.h"
Added files:
Index: pkgsrc/security/hitch/patches/patch-src_configuration.c
diff -u /dev/null pkgsrc/security/hitch/patches/patch-src_configuration.c:1.1
--- /dev/null Mon Jan 9 13:02:21 2017
+++ pkgsrc/security/hitch/patches/patch-src_configuration.c Mon Jan 9 13:02:20 2017
@@ -0,0 +1,15 @@
+$NetBSD: patch-src_configuration.c,v 1.1 2017/01/09 13:02:20 fhajny Exp $
+
+Sane default options.
+
+--- src/configuration.c.orig 2016-12-15 10:34:22.000000000 +0000
++++ src/configuration.c
+@@ -193,7 +193,7 @@ config_new(void)
+ fa->pspec = strdup("default");
+ HASH_ADD_KEYPTR(hh, r->LISTEN_ARGS, fa->pspec, strlen(fa->pspec), fa);
+ r->LISTEN_DEFAULT = fa;
+- r->OCSP_DIR = strdup("/var/lib/hitch/");
++ r->OCSP_DIR = strdup("@HITCH_OCSP@/");
+ r->OCSP_VFY = 0;
+ r->OCSP_RESP_TMO = 10.0;
+ r->OCSP_CONN_TMO = 4.0;
Home |
Main Index |
Thread Index |
Old Index