File: changelog

package info (click to toggle)
pound 2.8-2
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 1,404 kB
  • sloc: ansic: 14,587; sh: 2,683; python: 830; makefile: 43
file content (368 lines) | stat: -rw-r--r-- 12,242 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
pound (2.8-2) unstable; urgency=low

  * Upstream fixed CVE-2016-10711 in version 2.8a (Closes: #888786).
  * Instead of following Rick O'Sullivan's fork, keep changes to a
    minimum.
  * Support for OpenSSL 1.1 from Sergey Poznyakoff (Closes: #859557).
  * Version 2.8 made single line headers the default (Closes: #897042).
  * Update to standards version 4.4.0.
  * Update FAQ about virtual hosting with HTTPS (Closes: #697064).
  * Fix wrong use of fallback SCSV. Thanks to Frank Schmirler.

 -- Carsten Leonhardt <leo@debian.org>  Thu, 11 Jul 2019 00:13:59 +0200

pound (2.8-1+patrodyne20190113) experimental; urgency=medium

  * New maintainer.
  * New upstream version.
  * Reintroduce package after it got removed from testing (Closes: #921076).
  * Add upstream signing key and let uscan check it.
  * Converted some of the packages' history to git on salsa.
  * Follow Rick O'Sullivan's fork at https://github.com/patrodyne/pound
  * Add Gitlab CI tests
  * Raise debhelper compat level to 12
  * Updated to standards version 4.3.0

 -- Carsten Leonhardt <leo@debian.org>  Wed, 13 Feb 2019 14:03:54 +0100

pound (2.7-1.3) unstable; urgency=medium

  * Non-maintainer upload.
  * Build it with libssl1.0-dev for Jessie (Closes: #828511).

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Sun, 19 Feb 2017 15:13:02 +0100

pound (2.7-1.2) unstable; urgency=medium

  * Include .orig.tar.gz in upload.

 -- Brett Parker <iDunno@sommitrealweird.co.uk>  Sun, 31 Jul 2016 10:40:17 +0100

pound (2.7-1.1) unstable; urgency=medium

  * Fix failed binary only upload.

 -- Brett Parker <iDunno@sommitrealweird.co.uk>  Sun, 31 Jul 2016 10:32:40 +0100

pound (2.7-1) unstable; urgency=medium

  * New upstream release

 -- Brett Parker <iDunno@sommitrealweird.co.uk>  Sat, 30 Jul 2016 20:07:36 +0100

pound (2.6-6.1) unstable; urgency=medium

  [ Thijs Kinkhorst ]
  * Non-maintainer upload by the security team with maintainer approval.
  * Add missing part of anti_beast patch to fix disabling of client
    renegotiation. (Closes: #765649)

  [ Brett Parker ]
  * 2.7-1

 -- Thijs Kinkhorst <thijs@debian.org>  Tue, 05 May 2015 13:27:06 +0000

pound (2.6-6) unstable; urgency=low

  * Add options to disable SSLv2 and SSLv3.

 -- Brett Parker <iDunno@sommitrealweird.co.uk>  Mon, 20 Oct 2014 00:48:13 +0100

pound (2.6-5) unstable; urgency=low

  * Add MKCALENDAR support (Closes: #742488)
  * Check config file is valid for restart/force-restart (Closes: #747517)
  * Up max http size to 8k (Closes: #691941)

 -- Brett Parker <iDunno@sommitrealweird.co.uk>  Sun, 19 Oct 2014 22:31:00 +0100

pound (2.6-4) unstable; urgency=low

  * Add HTTP PATCH support
  * Add semaphore wait support (Closes: #737853)

 -- Brett Parker <iDunno@sommitrealweird.co.uk>  Mon, 03 Mar 2014 15:22:11 +0000

pound (2.6-3) unstable; urgency=low

  * New maintainer: Brett Parker <iDunno@sommitrealweird.co.uk>
  * Update xss_redirect_patch
    - Allow = character in urls (Closes: #723731)
  * Add patch from Joe Gooch <mrwizard@k12system.com> for CRIME vulnerability
    - tls_compression_disable.patch (Closes: #727197)

 -- Brett Parker <iDunno@sommitrealweird.co.uk>  Sun, 26 Jan 2014 12:40:27 +0000

pound (2.6-2) unstable; urgency=low

  * Update anti_beast patch
     - Actually authored by Joe Gooch <mrwizard@k12system.com>
     - Fix segfault on some systems
  * Added patch to fix XSS redirect vulnerability
    - Patch from Joe Gooch <mrwizard@k12system.com>
  * Switched to dpkg-buildflags (Closes: #654833)
     - Patch from Moritz Muehlenhoff <jmm@debian.org>

 -- Martin Meredith <mez@debian.org>  Fri, 03 Feb 2012 09:40:45 +0000

pound (2.6-1) unstable; urgency=low

  * New upstream release
  * Patch from Michal Jirku <box@wejn.org> to add config
    options that prevent BEAST/renegotiation attacks

 -- Martin Meredith <mez@debian.org>  Mon, 30 Jan 2012 10:21:52 +0000

pound (2.5-1.1) unstable; urgency=low

  * NMU
  * Apply patch to work with new openssl. Thanks to Ilya Barygin
    <barygin@gmail.com> for the patch. Closes: #622041
  * Add simple initial build-arch and build-indep rules as suggested by
    lintian

 -- Steve McIntyre <steve.mcintyre@linaro.org>  Thu, 12 Dec 2011 15:29:12 +0000

pound (2.5-1) unstable; urgency=low

  * New upstream release
  * Switch to dpkg-source 3.0 (quilt) format
  * Removed previous patch from #517359 - incorporated upstream
  * Added ${misc:Depends}
  * Added openssl as a B-D (New functionality to connect to SSL backends)

 -- Martin Meredith <mez@debian.org>  Wed, 10 Mar 2010 21:44:12 +0000

pound (2.4.5-3) unstable; urgency=low

  * Added functionality to init script to allow optional
    arguments (Closes: #449430)

 -- Martin Meredith <mez@debian.org>  Fri, 02 Oct 2009 13:30:36 +0100

pound (2.4.5-2) unstable; urgency=low

  * Fixed small typo in init script (Closes: #537602)

 -- Martin Meredith <mez@debian.org>  Mon, 27 Jul 2009 21:04:07 +0100

pound (2.4.5-1) unstable; urgency=low

  * New upstream release
  * Hijacked Package: New Maintainer (due to MIA)
  * Changed init script to create /var/run/pound
  * Upstream has fixed RewriteLocation Port issues (Closes: #525733)
  * Added patch to fix truncation issues (Closes: #517359)
  * Updated to standards version 3.8.2
  * Updated to debhelper 7
  * Added dpatch as B-D

 -- Martin Meredith <mez@debian.org>  Sun, 05 Jul 2009 16:11:36 +0100

pound (2.4.3-1) unstable; urgency=medium

  [Michael Mende]
  * New upstream release.

 -- Michael Mende <debian@menole.net>  Wed,  4 May 2008 13:11:21 +0200

pound (2.4.2-1) unstable; urgency=medium

  [Michael Mende]
  * New upstream release.
  * Added FAQ and CHANGELOG. (Closes: #472453)
  * debian/watch
    + Fixed regex.

 -- Michael Mende <debian@menole.net>  Tue, 28 Apr 2008 14:33:11 +0200

pound (2.4-2) unstable; urgency=medium

  [Michael Mende]
  * debian/control:
    + Removed libgoogle-perftools-dev from build-dependencies because
      libgoogle-perftools does not seem to enter testing soon.
  * debian/rules:
    + Syntax error in LDFLAGS on some architectures. (Closes: #469823)
    + CFLAGS on ARM without '-fstack-protector' due to segmentation faults.
    + Added 'noexecstack' to LDFLAGS.

 -- Michael Mende <debian@menole.net>  Wed,  7 Mar 2008 11:20:11 +0100

pound (2.4-1) unstable; urgency=medium

  [Michael Mende]
  * New upstream version (Closes: #432784).
  * Has now support for IPv6 (Closes: #360158).
  * debian/copyright
    + Moved license to GPLv3 (changed in upstream version 2.4d).
  * debian/rules:
    + '[ ! -f Makefile ] || $(MAKE) clean' instead of '-$(MAKE) distclean'
      (Closes: #424308).
    + Remove Makefile after make clean.
    + Added security hardening features.
  * debian/control:
    + Removed Sam Johnston from Maintainer: and Jörg Wendland from Uploaders:
      field (Closes: #465968).
    + Set myself as maintainer.
    + Bumped Standards-Version to 3.7.3.
    + Use debhelper 6 now.
    + Added Homepage field.
    + Added libgoogle-perftools-dev to build-dependencies for amd64, i386, ia64
      and powerpc.
    + Added libpcre3-dev to build-dependencies.
  * debian/dirs:
    + Added /var/run/pound for poundctl control socket.
  * debian/pound.cfg:
    + Added global option 'Control' to enable poundctl usage.
  * Addes watch file debian/watch.

 -- Michael Mende <debian@menole.net>  Wed, 27 Feb 2008 11:31:12 +0100

pound (2.2.7-2) unstable; urgency=high

  * Urgency high: This supersedes 2.2.7-1 which closed #360842. That was a
    grave bug, as it rendered pound unusable, I just had not realized how bad
    it was.
  * Also fix init script: restart did not work (first start, then stop),
    status bailed if daemon not running

 -- Michael Piefel <piefel@debian.org>  Thu, 29 Mar 2007 13:43:55 +0200

pound (2.2.7-1) unstable; urgency=low

  * New upstream version (closes: #407183)
    - also this time the fix that was supposed to be included in the last
      upload is now in the upstream source (closes: #360842)
  * Update syntax of example config file (closes: #356466)
  * Make pound really use the specified CFLAGS (closes: #342080)
  * Update init.d script to be LSB-compliant
  * Bumped Standards-Version to 3.7.2
  * Use debhelper 5 now

 -- Michael Piefel <piefel@debian.org>  Wed, 28 Mar 2007 11:12:25 +0200

pound (2.0-1.1) unstable; urgency=low

  * Non-maintainer upload
  * apply patch fixsegfaults.patch to fix segmentation fault
    in worker (closes: #360842)

 -- Arthur de Jong <adejong@debian.org>  Mon, 25 Sep 2006 12:42:57 +0200

pound (2.0-1) unstable; urgency=low

  * New upstream release
  * New configuration file syntax
  * Listener-specific backends to eliminate need for multiple instances
  * New redirector backend
  * Secondary proarties (error messages, timeouts, etc.) now private to
    listeners.
  * HAport accepts an optional address
  * Added -V flag for version
  * Session tracking on a specific header

 -- Sam Johnston <samj@aos.net.au>  Thu,  2 Feb 2006 05:29:09 +1100

pound (1.9.4-1) unstable; urgency=low

  * New upstream release
  * Added LogFacility config file directive
  * HTTP Request Smuggling fix: first of Content-Length and
    Transfer-Encoding takes precedence

 -- Sam Johnston <samj@aos.net.au>  Fri, 21 Oct 2005 03:14:24 +1000

pound (1.9.3-1) unstable; urgency=low

  * New upstream release. Closes #326941, #331604, #333559, #320220, #263578.

 -- Sam Johnston <samj@aos.net.au>  Sun, 16 Oct 2005 08:02:40 +1000

pound (1.9-1) unstable; urgency=low

  * New upstream version, closes: #310646, #311548, #306649
  * Ack security NMU, the fix is included upstream, closes: #307852
  * Add myself to uploaders with ok from Sam.
  * Clean up debian/:
    - remove rules.old
    - remove bogus comments and commands from rules
    - remove config, debconf is not used
  * debian/init.d:
    - use pid file
    - remove commented lines

 -- Joerg Wendland <joergland@debian.org>  Mon, 11 Jul 2005 09:16:30 +0200

pound (1.8.2-1.1) unstable; urgency=high

  * Non-maintainer upload (tnx djpig).
  * CAN-2005-1391: Fix possible buffer overflow in the add_port
    function which could be triggered by a long Host: header
    from a remote host (Closes: #307852)

 -- Joey Hess <joeyh@debian.org>  Mon, 27 Jun 2005 14:13:42 -0400

pound (1.8.2-1) unstable; urgency=low

  * New upstream version, closes: #285357
    - This supposedly also fixes some SSL issues and closes 263578
  * Added myself to uploaders, I will try to look after the package as
    long as Sam is too busy.
  * Increased MAXBUF, closes: #293915

 -- Michael Piefel <piefel@debian.org>  Tue, 22 Mar 2005 09:45:58 +0100

pound (1.7-1) unstable; urgency=high

  * New upstream *SECURITY* release
  * Resolves bugtraq id 10267 (Input Validation Error)

 -- Sam Johnston <samj@aos.net.au>  Wed, 19 May 2004 09:09:39 +1000

pound (1.5-2) unstable; urgency=medium

  * Removed --pidfile argument to start-stop-daemon in init script.
    Closes: #222885.

 -- Sam Johnston <samj@aos.net.au>  Thu,  5 Feb 2004 01:50:07 +1100

pound (1.5-1) unstable; urgency=low

  * New upstream release
  * Changing priority from optional to extra.

 -- Sam Johnston <samj@aos.net.au>  Fri, 24 Oct 2003 17:13:59 +1000

pound (1.4-3) unstable; urgency=low

  * Changing priority back to optional while waiting for override update.

 -- Sam Johnston <samj@aos.net.au>  Mon, 13 Oct 2003 18:07:22 +1000

pound (1.4-2) unstable; urgency=low

  * New maintainer
  * Changing priority from optional to extra.

 -- Sam Johnston <samj@aos.net.au>  Mon, 13 Oct 2003 16:51:57 +1000

pound (1.4-1.1) unstable; urgency=low

  * Non-maintainer upload
  * Removes templates file as debconf is not used. Closes: #208064, #208392.
  * Adds init.d script. Closes: #207689.
  * Added version (0.9.7) for libssl-dev to resolve engine related compile
    errors.
  * Sets default config file location to /etc/pound/pound.cfg
  * Includes minimal example pound.cfg (courtesy gentoo-portage)
  * Fixed broken paths in manpage.
  * Adds /etc/default/pound file to prevent unconfigured startup.

 -- Sam Johnston <samj@aos.net.au>  Sat, 11 Oct 2003 14:12:13 +1000

pound (1.4-1) unstable; urgency=low

  * Initial release.

 -- Norbert Tretkowski <nobse@debian.org>  Sun, 03 Aug 2003 12:20:27 +0200